Malware Analysis Report

2024-10-16 07:50

Sample ID 240530-31m82sgb35
Target 6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe
SHA256 2f3f8889f9ef0c0773eb1563efe27662c8e2a95cf41037b6c632f0158d8fe935
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f3f8889f9ef0c0773eb1563efe27662c8e2a95cf41037b6c632f0158d8fe935

Threat Level: Known bad

The file 6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

XMRig Miner payload

Xmrig family

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 23:58

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 23:58

Reported

2024-05-31 00:01

Platform

win7-20240221-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wLBGAZr.exe N/A
N/A N/A C:\Windows\System\nAxeTlP.exe N/A
N/A N/A C:\Windows\System\ucCBwXb.exe N/A
N/A N/A C:\Windows\System\xqkrAUV.exe N/A
N/A N/A C:\Windows\System\JZuWLyq.exe N/A
N/A N/A C:\Windows\System\eyJVzSb.exe N/A
N/A N/A C:\Windows\System\BnDOxzS.exe N/A
N/A N/A C:\Windows\System\EKmKkqp.exe N/A
N/A N/A C:\Windows\System\AAIsZuS.exe N/A
N/A N/A C:\Windows\System\JTKcDhe.exe N/A
N/A N/A C:\Windows\System\DiRIbdz.exe N/A
N/A N/A C:\Windows\System\DNOtina.exe N/A
N/A N/A C:\Windows\System\CsPrhEy.exe N/A
N/A N/A C:\Windows\System\WXHFJLI.exe N/A
N/A N/A C:\Windows\System\hLPznHY.exe N/A
N/A N/A C:\Windows\System\wMmpsND.exe N/A
N/A N/A C:\Windows\System\ewOcxuy.exe N/A
N/A N/A C:\Windows\System\XCrlxnu.exe N/A
N/A N/A C:\Windows\System\UvnQDml.exe N/A
N/A N/A C:\Windows\System\uEtnbin.exe N/A
N/A N/A C:\Windows\System\gylFrVH.exe N/A
N/A N/A C:\Windows\System\GsMlRJI.exe N/A
N/A N/A C:\Windows\System\ViBqjww.exe N/A
N/A N/A C:\Windows\System\dxhUbon.exe N/A
N/A N/A C:\Windows\System\cOZFBDI.exe N/A
N/A N/A C:\Windows\System\cioAUcN.exe N/A
N/A N/A C:\Windows\System\oCkaVcy.exe N/A
N/A N/A C:\Windows\System\GWbgWQQ.exe N/A
N/A N/A C:\Windows\System\vhFANJP.exe N/A
N/A N/A C:\Windows\System\Yypogrp.exe N/A
N/A N/A C:\Windows\System\bqWpwwX.exe N/A
N/A N/A C:\Windows\System\dwaKGea.exe N/A
N/A N/A C:\Windows\System\gbTqsXD.exe N/A
N/A N/A C:\Windows\System\RMnupfL.exe N/A
N/A N/A C:\Windows\System\jUWAArR.exe N/A
N/A N/A C:\Windows\System\rzZbZRI.exe N/A
N/A N/A C:\Windows\System\BJSRpex.exe N/A
N/A N/A C:\Windows\System\eOtFduK.exe N/A
N/A N/A C:\Windows\System\sZHUjvk.exe N/A
N/A N/A C:\Windows\System\xxRewSb.exe N/A
N/A N/A C:\Windows\System\BgXHPob.exe N/A
N/A N/A C:\Windows\System\ZPRMpVO.exe N/A
N/A N/A C:\Windows\System\pvYeXcn.exe N/A
N/A N/A C:\Windows\System\irjYNyL.exe N/A
N/A N/A C:\Windows\System\MiBOJfU.exe N/A
N/A N/A C:\Windows\System\eicsCyu.exe N/A
N/A N/A C:\Windows\System\XfRWpcx.exe N/A
N/A N/A C:\Windows\System\wFZBhMo.exe N/A
N/A N/A C:\Windows\System\itwCaMc.exe N/A
N/A N/A C:\Windows\System\xqKDYci.exe N/A
N/A N/A C:\Windows\System\tTrvZvh.exe N/A
N/A N/A C:\Windows\System\ZvxtCJw.exe N/A
N/A N/A C:\Windows\System\eAqZtGk.exe N/A
N/A N/A C:\Windows\System\vsUycsF.exe N/A
N/A N/A C:\Windows\System\KwbdMja.exe N/A
N/A N/A C:\Windows\System\zMWKQak.exe N/A
N/A N/A C:\Windows\System\eFPMwPY.exe N/A
N/A N/A C:\Windows\System\zAdATYi.exe N/A
N/A N/A C:\Windows\System\DAiNqkH.exe N/A
N/A N/A C:\Windows\System\drlrSAf.exe N/A
N/A N/A C:\Windows\System\JyIyGnx.exe N/A
N/A N/A C:\Windows\System\umpwQCH.exe N/A
N/A N/A C:\Windows\System\RejFFFZ.exe N/A
N/A N/A C:\Windows\System\HwRUoDA.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fYnTRai.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTWDUXl.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLBdBGx.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVEXsWe.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZFopgW.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLBGAZr.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\eojAOYC.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\akoDjed.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\elFovOz.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrKduHD.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLyLshT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGXVlLP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\iLQgaUM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lObCgPK.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcPQVjT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\mzbhnxz.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAxeTlP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbBghKu.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\EIxwaXn.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkONUCM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\CASJhyl.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ISSbmhz.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryZwrAv.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\URQTYzF.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\xkTuWzR.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgFCvyz.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsPrhEy.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\WPJWqQQ.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpLNrjT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\Mqskjqe.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\DjFMxFx.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRPByQb.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\WXuyTKU.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJhQSXs.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAdATYi.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUhKqIE.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVkHXnn.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\GoauyMD.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTKcDhe.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\irjYNyL.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lLOhYma.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDTqnqr.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHikwGP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLDhSZV.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\jUWAArR.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLXMWrK.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPcVWMM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFvoyFP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOpssXB.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhpwqog.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\poGJLGa.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\EhhKIIs.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwSRACk.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRqxYwP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyGEOqR.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAzquMS.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gxiulri.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\eAqZtGk.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySbKQiD.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdIzAcM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\SomPytd.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\itwCaMc.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsijtUI.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfTRCgM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wLBGAZr.exe
PID 1676 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wLBGAZr.exe
PID 1676 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wLBGAZr.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\nAxeTlP.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\nAxeTlP.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\nAxeTlP.exe
PID 1676 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ucCBwXb.exe
PID 1676 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ucCBwXb.exe
PID 1676 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ucCBwXb.exe
PID 1676 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JZuWLyq.exe
PID 1676 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JZuWLyq.exe
PID 1676 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JZuWLyq.exe
PID 1676 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\xqkrAUV.exe
PID 1676 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\xqkrAUV.exe
PID 1676 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\xqkrAUV.exe
PID 1676 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\eyJVzSb.exe
PID 1676 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\eyJVzSb.exe
PID 1676 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\eyJVzSb.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\BnDOxzS.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\BnDOxzS.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\BnDOxzS.exe
PID 1676 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\EKmKkqp.exe
PID 1676 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\EKmKkqp.exe
PID 1676 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\EKmKkqp.exe
PID 1676 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\AAIsZuS.exe
PID 1676 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\AAIsZuS.exe
PID 1676 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\AAIsZuS.exe
PID 1676 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JTKcDhe.exe
PID 1676 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JTKcDhe.exe
PID 1676 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JTKcDhe.exe
PID 1676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DiRIbdz.exe
PID 1676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DiRIbdz.exe
PID 1676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DiRIbdz.exe
PID 1676 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DNOtina.exe
PID 1676 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DNOtina.exe
PID 1676 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DNOtina.exe
PID 1676 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\CsPrhEy.exe
PID 1676 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\CsPrhEy.exe
PID 1676 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\CsPrhEy.exe
PID 1676 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\WXHFJLI.exe
PID 1676 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\WXHFJLI.exe
PID 1676 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\WXHFJLI.exe
PID 1676 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\hLPznHY.exe
PID 1676 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\hLPznHY.exe
PID 1676 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\hLPznHY.exe
PID 1676 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wMmpsND.exe
PID 1676 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wMmpsND.exe
PID 1676 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wMmpsND.exe
PID 1676 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ewOcxuy.exe
PID 1676 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ewOcxuy.exe
PID 1676 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ewOcxuy.exe
PID 1676 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\XCrlxnu.exe
PID 1676 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\XCrlxnu.exe
PID 1676 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\XCrlxnu.exe
PID 1676 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\UvnQDml.exe
PID 1676 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\UvnQDml.exe
PID 1676 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\UvnQDml.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\uEtnbin.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\uEtnbin.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\uEtnbin.exe
PID 1676 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\gylFrVH.exe
PID 1676 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\gylFrVH.exe
PID 1676 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\gylFrVH.exe
PID 1676 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\GsMlRJI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe"

C:\Windows\System\wLBGAZr.exe

C:\Windows\System\wLBGAZr.exe

C:\Windows\System\nAxeTlP.exe

C:\Windows\System\nAxeTlP.exe

C:\Windows\System\ucCBwXb.exe

C:\Windows\System\ucCBwXb.exe

C:\Windows\System\JZuWLyq.exe

C:\Windows\System\JZuWLyq.exe

C:\Windows\System\xqkrAUV.exe

C:\Windows\System\xqkrAUV.exe

C:\Windows\System\eyJVzSb.exe

C:\Windows\System\eyJVzSb.exe

C:\Windows\System\BnDOxzS.exe

C:\Windows\System\BnDOxzS.exe

C:\Windows\System\EKmKkqp.exe

C:\Windows\System\EKmKkqp.exe

C:\Windows\System\AAIsZuS.exe

C:\Windows\System\AAIsZuS.exe

C:\Windows\System\JTKcDhe.exe

C:\Windows\System\JTKcDhe.exe

C:\Windows\System\DiRIbdz.exe

C:\Windows\System\DiRIbdz.exe

C:\Windows\System\DNOtina.exe

C:\Windows\System\DNOtina.exe

C:\Windows\System\CsPrhEy.exe

C:\Windows\System\CsPrhEy.exe

C:\Windows\System\WXHFJLI.exe

C:\Windows\System\WXHFJLI.exe

C:\Windows\System\hLPznHY.exe

C:\Windows\System\hLPznHY.exe

C:\Windows\System\wMmpsND.exe

C:\Windows\System\wMmpsND.exe

C:\Windows\System\ewOcxuy.exe

C:\Windows\System\ewOcxuy.exe

C:\Windows\System\XCrlxnu.exe

C:\Windows\System\XCrlxnu.exe

C:\Windows\System\UvnQDml.exe

C:\Windows\System\UvnQDml.exe

C:\Windows\System\uEtnbin.exe

C:\Windows\System\uEtnbin.exe

C:\Windows\System\gylFrVH.exe

C:\Windows\System\gylFrVH.exe

C:\Windows\System\GsMlRJI.exe

C:\Windows\System\GsMlRJI.exe

C:\Windows\System\ViBqjww.exe

C:\Windows\System\ViBqjww.exe

C:\Windows\System\dxhUbon.exe

C:\Windows\System\dxhUbon.exe

C:\Windows\System\cOZFBDI.exe

C:\Windows\System\cOZFBDI.exe

C:\Windows\System\cioAUcN.exe

C:\Windows\System\cioAUcN.exe

C:\Windows\System\oCkaVcy.exe

C:\Windows\System\oCkaVcy.exe

C:\Windows\System\GWbgWQQ.exe

C:\Windows\System\GWbgWQQ.exe

C:\Windows\System\vhFANJP.exe

C:\Windows\System\vhFANJP.exe

C:\Windows\System\Yypogrp.exe

C:\Windows\System\Yypogrp.exe

C:\Windows\System\bqWpwwX.exe

C:\Windows\System\bqWpwwX.exe

C:\Windows\System\dwaKGea.exe

C:\Windows\System\dwaKGea.exe

C:\Windows\System\gbTqsXD.exe

C:\Windows\System\gbTqsXD.exe

C:\Windows\System\RMnupfL.exe

C:\Windows\System\RMnupfL.exe

C:\Windows\System\jUWAArR.exe

C:\Windows\System\jUWAArR.exe

C:\Windows\System\rzZbZRI.exe

C:\Windows\System\rzZbZRI.exe

C:\Windows\System\BJSRpex.exe

C:\Windows\System\BJSRpex.exe

C:\Windows\System\eOtFduK.exe

C:\Windows\System\eOtFduK.exe

C:\Windows\System\sZHUjvk.exe

C:\Windows\System\sZHUjvk.exe

C:\Windows\System\xxRewSb.exe

C:\Windows\System\xxRewSb.exe

C:\Windows\System\BgXHPob.exe

C:\Windows\System\BgXHPob.exe

C:\Windows\System\ZPRMpVO.exe

C:\Windows\System\ZPRMpVO.exe

C:\Windows\System\pvYeXcn.exe

C:\Windows\System\pvYeXcn.exe

C:\Windows\System\irjYNyL.exe

C:\Windows\System\irjYNyL.exe

C:\Windows\System\MiBOJfU.exe

C:\Windows\System\MiBOJfU.exe

C:\Windows\System\eicsCyu.exe

C:\Windows\System\eicsCyu.exe

C:\Windows\System\XfRWpcx.exe

C:\Windows\System\XfRWpcx.exe

C:\Windows\System\wFZBhMo.exe

C:\Windows\System\wFZBhMo.exe

C:\Windows\System\itwCaMc.exe

C:\Windows\System\itwCaMc.exe

C:\Windows\System\xqKDYci.exe

C:\Windows\System\xqKDYci.exe

C:\Windows\System\tTrvZvh.exe

C:\Windows\System\tTrvZvh.exe

C:\Windows\System\ZvxtCJw.exe

C:\Windows\System\ZvxtCJw.exe

C:\Windows\System\eAqZtGk.exe

C:\Windows\System\eAqZtGk.exe

C:\Windows\System\vsUycsF.exe

C:\Windows\System\vsUycsF.exe

C:\Windows\System\KwbdMja.exe

C:\Windows\System\KwbdMja.exe

C:\Windows\System\zMWKQak.exe

C:\Windows\System\zMWKQak.exe

C:\Windows\System\eFPMwPY.exe

C:\Windows\System\eFPMwPY.exe

C:\Windows\System\zAdATYi.exe

C:\Windows\System\zAdATYi.exe

C:\Windows\System\DAiNqkH.exe

C:\Windows\System\DAiNqkH.exe

C:\Windows\System\drlrSAf.exe

C:\Windows\System\drlrSAf.exe

C:\Windows\System\JyIyGnx.exe

C:\Windows\System\JyIyGnx.exe

C:\Windows\System\umpwQCH.exe

C:\Windows\System\umpwQCH.exe

C:\Windows\System\RejFFFZ.exe

C:\Windows\System\RejFFFZ.exe

C:\Windows\System\HwRUoDA.exe

C:\Windows\System\HwRUoDA.exe

C:\Windows\System\tRxqmmf.exe

C:\Windows\System\tRxqmmf.exe

C:\Windows\System\sstHKsw.exe

C:\Windows\System\sstHKsw.exe

C:\Windows\System\xkTuWzR.exe

C:\Windows\System\xkTuWzR.exe

C:\Windows\System\yGIewPz.exe

C:\Windows\System\yGIewPz.exe

C:\Windows\System\WXLvSiA.exe

C:\Windows\System\WXLvSiA.exe

C:\Windows\System\IbBghKu.exe

C:\Windows\System\IbBghKu.exe

C:\Windows\System\HMtAVqV.exe

C:\Windows\System\HMtAVqV.exe

C:\Windows\System\ySbKQiD.exe

C:\Windows\System\ySbKQiD.exe

C:\Windows\System\kfmYYvh.exe

C:\Windows\System\kfmYYvh.exe

C:\Windows\System\WUhKqIE.exe

C:\Windows\System\WUhKqIE.exe

C:\Windows\System\HSzmQUY.exe

C:\Windows\System\HSzmQUY.exe

C:\Windows\System\dGXVlLP.exe

C:\Windows\System\dGXVlLP.exe

C:\Windows\System\HQGbXQv.exe

C:\Windows\System\HQGbXQv.exe

C:\Windows\System\fYnTRai.exe

C:\Windows\System\fYnTRai.exe

C:\Windows\System\QmFHGnI.exe

C:\Windows\System\QmFHGnI.exe

C:\Windows\System\eGKDIyq.exe

C:\Windows\System\eGKDIyq.exe

C:\Windows\System\JAgdGkE.exe

C:\Windows\System\JAgdGkE.exe

C:\Windows\System\OEwEKZF.exe

C:\Windows\System\OEwEKZF.exe

C:\Windows\System\DawmXDA.exe

C:\Windows\System\DawmXDA.exe

C:\Windows\System\blWxNKT.exe

C:\Windows\System\blWxNKT.exe

C:\Windows\System\uTpjLeH.exe

C:\Windows\System\uTpjLeH.exe

C:\Windows\System\DjFMxFx.exe

C:\Windows\System\DjFMxFx.exe

C:\Windows\System\FRqpXot.exe

C:\Windows\System\FRqpXot.exe

C:\Windows\System\SeUqefv.exe

C:\Windows\System\SeUqefv.exe

C:\Windows\System\TgFCvyz.exe

C:\Windows\System\TgFCvyz.exe

C:\Windows\System\clxyLKL.exe

C:\Windows\System\clxyLKL.exe

C:\Windows\System\EIxwaXn.exe

C:\Windows\System\EIxwaXn.exe

C:\Windows\System\XPviESE.exe

C:\Windows\System\XPviESE.exe

C:\Windows\System\rtxTuxf.exe

C:\Windows\System\rtxTuxf.exe

C:\Windows\System\YKQjQQa.exe

C:\Windows\System\YKQjQQa.exe

C:\Windows\System\QkZxxVR.exe

C:\Windows\System\QkZxxVR.exe

C:\Windows\System\ZeYCTFS.exe

C:\Windows\System\ZeYCTFS.exe

C:\Windows\System\zgrlikp.exe

C:\Windows\System\zgrlikp.exe

C:\Windows\System\VEbrMfi.exe

C:\Windows\System\VEbrMfi.exe

C:\Windows\System\okUmToC.exe

C:\Windows\System\okUmToC.exe

C:\Windows\System\RKIupJO.exe

C:\Windows\System\RKIupJO.exe

C:\Windows\System\XEQrcfA.exe

C:\Windows\System\XEQrcfA.exe

C:\Windows\System\LNJSKJD.exe

C:\Windows\System\LNJSKJD.exe

C:\Windows\System\FuXzsrS.exe

C:\Windows\System\FuXzsrS.exe

C:\Windows\System\jVAJMzK.exe

C:\Windows\System\jVAJMzK.exe

C:\Windows\System\poGJLGa.exe

C:\Windows\System\poGJLGa.exe

C:\Windows\System\ymLUyCh.exe

C:\Windows\System\ymLUyCh.exe

C:\Windows\System\mASCNex.exe

C:\Windows\System\mASCNex.exe

C:\Windows\System\MhOlAXn.exe

C:\Windows\System\MhOlAXn.exe

C:\Windows\System\EhhKIIs.exe

C:\Windows\System\EhhKIIs.exe

C:\Windows\System\fPnzLiv.exe

C:\Windows\System\fPnzLiv.exe

C:\Windows\System\IRPByQb.exe

C:\Windows\System\IRPByQb.exe

C:\Windows\System\WcxBazP.exe

C:\Windows\System\WcxBazP.exe

C:\Windows\System\qsGRFZn.exe

C:\Windows\System\qsGRFZn.exe

C:\Windows\System\bTRetKL.exe

C:\Windows\System\bTRetKL.exe

C:\Windows\System\PCxVEFZ.exe

C:\Windows\System\PCxVEFZ.exe

C:\Windows\System\TaGDHwJ.exe

C:\Windows\System\TaGDHwJ.exe

C:\Windows\System\hSVtnBs.exe

C:\Windows\System\hSVtnBs.exe

C:\Windows\System\xhpwqog.exe

C:\Windows\System\xhpwqog.exe

C:\Windows\System\uolKtNr.exe

C:\Windows\System\uolKtNr.exe

C:\Windows\System\DITAuSu.exe

C:\Windows\System\DITAuSu.exe

C:\Windows\System\NEdjWsJ.exe

C:\Windows\System\NEdjWsJ.exe

C:\Windows\System\JkONUCM.exe

C:\Windows\System\JkONUCM.exe

C:\Windows\System\vwSRACk.exe

C:\Windows\System\vwSRACk.exe

C:\Windows\System\GRqxYwP.exe

C:\Windows\System\GRqxYwP.exe

C:\Windows\System\IyJtTjb.exe

C:\Windows\System\IyJtTjb.exe

C:\Windows\System\ZKecsAf.exe

C:\Windows\System\ZKecsAf.exe

C:\Windows\System\MaqZpGV.exe

C:\Windows\System\MaqZpGV.exe

C:\Windows\System\fXSGfJY.exe

C:\Windows\System\fXSGfJY.exe

C:\Windows\System\tMWMLNi.exe

C:\Windows\System\tMWMLNi.exe

C:\Windows\System\nUzsAoJ.exe

C:\Windows\System\nUzsAoJ.exe

C:\Windows\System\BsijtUI.exe

C:\Windows\System\BsijtUI.exe

C:\Windows\System\GogpfqW.exe

C:\Windows\System\GogpfqW.exe

C:\Windows\System\skMbkak.exe

C:\Windows\System\skMbkak.exe

C:\Windows\System\qIOsQow.exe

C:\Windows\System\qIOsQow.exe

C:\Windows\System\AhMIsTb.exe

C:\Windows\System\AhMIsTb.exe

C:\Windows\System\qhflkTl.exe

C:\Windows\System\qhflkTl.exe

C:\Windows\System\sXAmwPI.exe

C:\Windows\System\sXAmwPI.exe

C:\Windows\System\tcPQVjT.exe

C:\Windows\System\tcPQVjT.exe

C:\Windows\System\BhYEYEe.exe

C:\Windows\System\BhYEYEe.exe

C:\Windows\System\TApbtqP.exe

C:\Windows\System\TApbtqP.exe

C:\Windows\System\qbcjiyd.exe

C:\Windows\System\qbcjiyd.exe

C:\Windows\System\YVkHXnn.exe

C:\Windows\System\YVkHXnn.exe

C:\Windows\System\DqzFSbw.exe

C:\Windows\System\DqzFSbw.exe

C:\Windows\System\pTNOrcu.exe

C:\Windows\System\pTNOrcu.exe

C:\Windows\System\buujoNl.exe

C:\Windows\System\buujoNl.exe

C:\Windows\System\fcIxswA.exe

C:\Windows\System\fcIxswA.exe

C:\Windows\System\HUswaea.exe

C:\Windows\System\HUswaea.exe

C:\Windows\System\zbdSocm.exe

C:\Windows\System\zbdSocm.exe

C:\Windows\System\yfTRCgM.exe

C:\Windows\System\yfTRCgM.exe

C:\Windows\System\OObGfYZ.exe

C:\Windows\System\OObGfYZ.exe

C:\Windows\System\NCjblDW.exe

C:\Windows\System\NCjblDW.exe

C:\Windows\System\NeyhIIj.exe

C:\Windows\System\NeyhIIj.exe

C:\Windows\System\WPJWqQQ.exe

C:\Windows\System\WPJWqQQ.exe

C:\Windows\System\iyGEOqR.exe

C:\Windows\System\iyGEOqR.exe

C:\Windows\System\RhZSuYs.exe

C:\Windows\System\RhZSuYs.exe

C:\Windows\System\LpLNrjT.exe

C:\Windows\System\LpLNrjT.exe

C:\Windows\System\cFwyAWT.exe

C:\Windows\System\cFwyAWT.exe

C:\Windows\System\rPjQZrl.exe

C:\Windows\System\rPjQZrl.exe

C:\Windows\System\Mqskjqe.exe

C:\Windows\System\Mqskjqe.exe

C:\Windows\System\WqPCESe.exe

C:\Windows\System\WqPCESe.exe

C:\Windows\System\BWQLNrp.exe

C:\Windows\System\BWQLNrp.exe

C:\Windows\System\eojAOYC.exe

C:\Windows\System\eojAOYC.exe

C:\Windows\System\HDJDFOX.exe

C:\Windows\System\HDJDFOX.exe

C:\Windows\System\IHLraEm.exe

C:\Windows\System\IHLraEm.exe

C:\Windows\System\eiUxUts.exe

C:\Windows\System\eiUxUts.exe

C:\Windows\System\iNjGTTS.exe

C:\Windows\System\iNjGTTS.exe

C:\Windows\System\OUgADuf.exe

C:\Windows\System\OUgADuf.exe

C:\Windows\System\VXZxDwj.exe

C:\Windows\System\VXZxDwj.exe

C:\Windows\System\hxrcUgg.exe

C:\Windows\System\hxrcUgg.exe

C:\Windows\System\iLQgaUM.exe

C:\Windows\System\iLQgaUM.exe

C:\Windows\System\ARyfXsj.exe

C:\Windows\System\ARyfXsj.exe

C:\Windows\System\xQGTZkb.exe

C:\Windows\System\xQGTZkb.exe

C:\Windows\System\eggSqGA.exe

C:\Windows\System\eggSqGA.exe

C:\Windows\System\DNLXuJz.exe

C:\Windows\System\DNLXuJz.exe

C:\Windows\System\QbRqZAP.exe

C:\Windows\System\QbRqZAP.exe

C:\Windows\System\bGHFjEW.exe

C:\Windows\System\bGHFjEW.exe

C:\Windows\System\akoDjed.exe

C:\Windows\System\akoDjed.exe

C:\Windows\System\bjWriSM.exe

C:\Windows\System\bjWriSM.exe

C:\Windows\System\XshbTou.exe

C:\Windows\System\XshbTou.exe

C:\Windows\System\ertjkyt.exe

C:\Windows\System\ertjkyt.exe

C:\Windows\System\CASJhyl.exe

C:\Windows\System\CASJhyl.exe

C:\Windows\System\rrQtLjB.exe

C:\Windows\System\rrQtLjB.exe

C:\Windows\System\elFovOz.exe

C:\Windows\System\elFovOz.exe

C:\Windows\System\gTWDUXl.exe

C:\Windows\System\gTWDUXl.exe

C:\Windows\System\YwsAPXO.exe

C:\Windows\System\YwsAPXO.exe

C:\Windows\System\TvhlJIm.exe

C:\Windows\System\TvhlJIm.exe

C:\Windows\System\BKphCNx.exe

C:\Windows\System\BKphCNx.exe

C:\Windows\System\aLBdBGx.exe

C:\Windows\System\aLBdBGx.exe

C:\Windows\System\oqCIkNu.exe

C:\Windows\System\oqCIkNu.exe

C:\Windows\System\BzwPOZO.exe

C:\Windows\System\BzwPOZO.exe

C:\Windows\System\WXuyTKU.exe

C:\Windows\System\WXuyTKU.exe

C:\Windows\System\tJpgOod.exe

C:\Windows\System\tJpgOod.exe

C:\Windows\System\lYTERUU.exe

C:\Windows\System\lYTERUU.exe

C:\Windows\System\vbYtGpv.exe

C:\Windows\System\vbYtGpv.exe

C:\Windows\System\feJBLiH.exe

C:\Windows\System\feJBLiH.exe

C:\Windows\System\mzbhnxz.exe

C:\Windows\System\mzbhnxz.exe

C:\Windows\System\lHsYpec.exe

C:\Windows\System\lHsYpec.exe

C:\Windows\System\MfzjoON.exe

C:\Windows\System\MfzjoON.exe

C:\Windows\System\hrICYcT.exe

C:\Windows\System\hrICYcT.exe

C:\Windows\System\IbKEXik.exe

C:\Windows\System\IbKEXik.exe

C:\Windows\System\opXymaF.exe

C:\Windows\System\opXymaF.exe

C:\Windows\System\pDHHDUv.exe

C:\Windows\System\pDHHDUv.exe

C:\Windows\System\AcbSQGY.exe

C:\Windows\System\AcbSQGY.exe

C:\Windows\System\sMnTCRK.exe

C:\Windows\System\sMnTCRK.exe

C:\Windows\System\zdIzAcM.exe

C:\Windows\System\zdIzAcM.exe

C:\Windows\System\kkOZDkm.exe

C:\Windows\System\kkOZDkm.exe

C:\Windows\System\lLOhYma.exe

C:\Windows\System\lLOhYma.exe

C:\Windows\System\fLXMWrK.exe

C:\Windows\System\fLXMWrK.exe

C:\Windows\System\RhUQdQI.exe

C:\Windows\System\RhUQdQI.exe

C:\Windows\System\mwiJRJA.exe

C:\Windows\System\mwiJRJA.exe

C:\Windows\System\CyqvlWW.exe

C:\Windows\System\CyqvlWW.exe

C:\Windows\System\rrYBJxr.exe

C:\Windows\System\rrYBJxr.exe

C:\Windows\System\UWvAOLV.exe

C:\Windows\System\UWvAOLV.exe

C:\Windows\System\yrKduHD.exe

C:\Windows\System\yrKduHD.exe

C:\Windows\System\xbwGQGl.exe

C:\Windows\System\xbwGQGl.exe

C:\Windows\System\RpajmJQ.exe

C:\Windows\System\RpajmJQ.exe

C:\Windows\System\RAeAPBc.exe

C:\Windows\System\RAeAPBc.exe

C:\Windows\System\xLlXMXg.exe

C:\Windows\System\xLlXMXg.exe

C:\Windows\System\IBbUJuV.exe

C:\Windows\System\IBbUJuV.exe

C:\Windows\System\jHQaoTg.exe

C:\Windows\System\jHQaoTg.exe

C:\Windows\System\QEeBBMM.exe

C:\Windows\System\QEeBBMM.exe

C:\Windows\System\KMjoAdf.exe

C:\Windows\System\KMjoAdf.exe

C:\Windows\System\RuIQIWq.exe

C:\Windows\System\RuIQIWq.exe

C:\Windows\System\ASGuhzo.exe

C:\Windows\System\ASGuhzo.exe

C:\Windows\System\PZmqyyk.exe

C:\Windows\System\PZmqyyk.exe

C:\Windows\System\lutVsxC.exe

C:\Windows\System\lutVsxC.exe

C:\Windows\System\wpxdTNM.exe

C:\Windows\System\wpxdTNM.exe

C:\Windows\System\OpPbmSh.exe

C:\Windows\System\OpPbmSh.exe

C:\Windows\System\EfUkXdQ.exe

C:\Windows\System\EfUkXdQ.exe

C:\Windows\System\iqEozss.exe

C:\Windows\System\iqEozss.exe

C:\Windows\System\PLyLshT.exe

C:\Windows\System\PLyLshT.exe

C:\Windows\System\aJhQSXs.exe

C:\Windows\System\aJhQSXs.exe

C:\Windows\System\lPcVWMM.exe

C:\Windows\System\lPcVWMM.exe

C:\Windows\System\XgwBarY.exe

C:\Windows\System\XgwBarY.exe

C:\Windows\System\FhxjlUK.exe

C:\Windows\System\FhxjlUK.exe

C:\Windows\System\WUvMsAB.exe

C:\Windows\System\WUvMsAB.exe

C:\Windows\System\uOJWTxl.exe

C:\Windows\System\uOJWTxl.exe

C:\Windows\System\PAzquMS.exe

C:\Windows\System\PAzquMS.exe

C:\Windows\System\hfIWeGz.exe

C:\Windows\System\hfIWeGz.exe

C:\Windows\System\Zogtnan.exe

C:\Windows\System\Zogtnan.exe

C:\Windows\System\uZbripR.exe

C:\Windows\System\uZbripR.exe

C:\Windows\System\gmuXnrj.exe

C:\Windows\System\gmuXnrj.exe

C:\Windows\System\clBKmks.exe

C:\Windows\System\clBKmks.exe

C:\Windows\System\LZcJUXD.exe

C:\Windows\System\LZcJUXD.exe

C:\Windows\System\YxiOivD.exe

C:\Windows\System\YxiOivD.exe

C:\Windows\System\cnzrUFp.exe

C:\Windows\System\cnzrUFp.exe

C:\Windows\System\qDdNTuR.exe

C:\Windows\System\qDdNTuR.exe

C:\Windows\System\zCbRGNU.exe

C:\Windows\System\zCbRGNU.exe

C:\Windows\System\qtDyhdF.exe

C:\Windows\System\qtDyhdF.exe

C:\Windows\System\sCYphnG.exe

C:\Windows\System\sCYphnG.exe

C:\Windows\System\RQKqwtP.exe

C:\Windows\System\RQKqwtP.exe

C:\Windows\System\iGEwjAZ.exe

C:\Windows\System\iGEwjAZ.exe

C:\Windows\System\SkBDtXh.exe

C:\Windows\System\SkBDtXh.exe

C:\Windows\System\ISSbmhz.exe

C:\Windows\System\ISSbmhz.exe

C:\Windows\System\oVemmJR.exe

C:\Windows\System\oVemmJR.exe

C:\Windows\System\sCOSVce.exe

C:\Windows\System\sCOSVce.exe

C:\Windows\System\VCtHoXg.exe

C:\Windows\System\VCtHoXg.exe

C:\Windows\System\NtvPUYS.exe

C:\Windows\System\NtvPUYS.exe

C:\Windows\System\nkqONCH.exe

C:\Windows\System\nkqONCH.exe

C:\Windows\System\ugAIZnr.exe

C:\Windows\System\ugAIZnr.exe

C:\Windows\System\nuboCcd.exe

C:\Windows\System\nuboCcd.exe

C:\Windows\System\pjpZjqM.exe

C:\Windows\System\pjpZjqM.exe

C:\Windows\System\lPMCxsX.exe

C:\Windows\System\lPMCxsX.exe

C:\Windows\System\bFvoyFP.exe

C:\Windows\System\bFvoyFP.exe

C:\Windows\System\AbGoNcV.exe

C:\Windows\System\AbGoNcV.exe

C:\Windows\System\XVqdxRr.exe

C:\Windows\System\XVqdxRr.exe

C:\Windows\System\txpVTQY.exe

C:\Windows\System\txpVTQY.exe

C:\Windows\System\RNetuiP.exe

C:\Windows\System\RNetuiP.exe

C:\Windows\System\uOHHtoD.exe

C:\Windows\System\uOHHtoD.exe

C:\Windows\System\srlNUsU.exe

C:\Windows\System\srlNUsU.exe

C:\Windows\System\ryZwrAv.exe

C:\Windows\System\ryZwrAv.exe

C:\Windows\System\lObCgPK.exe

C:\Windows\System\lObCgPK.exe

C:\Windows\System\agwPCPa.exe

C:\Windows\System\agwPCPa.exe

C:\Windows\System\KDEVlSB.exe

C:\Windows\System\KDEVlSB.exe

C:\Windows\System\ayipviS.exe

C:\Windows\System\ayipviS.exe

C:\Windows\System\TDTqnqr.exe

C:\Windows\System\TDTqnqr.exe

C:\Windows\System\TFHmwbf.exe

C:\Windows\System\TFHmwbf.exe

C:\Windows\System\xFdLekg.exe

C:\Windows\System\xFdLekg.exe

C:\Windows\System\EiWkNvb.exe

C:\Windows\System\EiWkNvb.exe

C:\Windows\System\XzVqEcN.exe

C:\Windows\System\XzVqEcN.exe

C:\Windows\System\LKXYmdy.exe

C:\Windows\System\LKXYmdy.exe

C:\Windows\System\HvqJWBT.exe

C:\Windows\System\HvqJWBT.exe

C:\Windows\System\UczrNow.exe

C:\Windows\System\UczrNow.exe

C:\Windows\System\DwtyLqQ.exe

C:\Windows\System\DwtyLqQ.exe

C:\Windows\System\YaqptfZ.exe

C:\Windows\System\YaqptfZ.exe

C:\Windows\System\BHYlBbc.exe

C:\Windows\System\BHYlBbc.exe

C:\Windows\System\luxDuAU.exe

C:\Windows\System\luxDuAU.exe

C:\Windows\System\YxDztuV.exe

C:\Windows\System\YxDztuV.exe

C:\Windows\System\URQTYzF.exe

C:\Windows\System\URQTYzF.exe

C:\Windows\System\GoauyMD.exe

C:\Windows\System\GoauyMD.exe

C:\Windows\System\XLTqsdW.exe

C:\Windows\System\XLTqsdW.exe

C:\Windows\System\LsIICPL.exe

C:\Windows\System\LsIICPL.exe

C:\Windows\System\yTWCulK.exe

C:\Windows\System\yTWCulK.exe

C:\Windows\System\FFPEUsN.exe

C:\Windows\System\FFPEUsN.exe

C:\Windows\System\LnswWSq.exe

C:\Windows\System\LnswWSq.exe

C:\Windows\System\kqkgZbd.exe

C:\Windows\System\kqkgZbd.exe

C:\Windows\System\EpOQTYf.exe

C:\Windows\System\EpOQTYf.exe

C:\Windows\System\dISpSfF.exe

C:\Windows\System\dISpSfF.exe

C:\Windows\System\SomPytd.exe

C:\Windows\System\SomPytd.exe

C:\Windows\System\zOpssXB.exe

C:\Windows\System\zOpssXB.exe

C:\Windows\System\fDVGNKi.exe

C:\Windows\System\fDVGNKi.exe

C:\Windows\System\vRYsYRX.exe

C:\Windows\System\vRYsYRX.exe

C:\Windows\System\gMcbkcd.exe

C:\Windows\System\gMcbkcd.exe

C:\Windows\System\MRkSAIg.exe

C:\Windows\System\MRkSAIg.exe

C:\Windows\System\qfOtTzF.exe

C:\Windows\System\qfOtTzF.exe

C:\Windows\System\nVEXsWe.exe

C:\Windows\System\nVEXsWe.exe

C:\Windows\System\PFyZBdq.exe

C:\Windows\System\PFyZBdq.exe

C:\Windows\System\dZchtjR.exe

C:\Windows\System\dZchtjR.exe

C:\Windows\System\RNlGGil.exe

C:\Windows\System\RNlGGil.exe

C:\Windows\System\pHikwGP.exe

C:\Windows\System\pHikwGP.exe

C:\Windows\System\dXNgxBK.exe

C:\Windows\System\dXNgxBK.exe

C:\Windows\System\EkjUAlE.exe

C:\Windows\System\EkjUAlE.exe

C:\Windows\System\srnDQHH.exe

C:\Windows\System\srnDQHH.exe

C:\Windows\System\KfhqoYl.exe

C:\Windows\System\KfhqoYl.exe

C:\Windows\System\Gxiulri.exe

C:\Windows\System\Gxiulri.exe

C:\Windows\System\SLDhSZV.exe

C:\Windows\System\SLDhSZV.exe

C:\Windows\System\KqbSpng.exe

C:\Windows\System\KqbSpng.exe

C:\Windows\System\yFZuwwT.exe

C:\Windows\System\yFZuwwT.exe

C:\Windows\System\WcPcjDc.exe

C:\Windows\System\WcPcjDc.exe

C:\Windows\System\pSjhDNl.exe

C:\Windows\System\pSjhDNl.exe

C:\Windows\System\YBQvFET.exe

C:\Windows\System\YBQvFET.exe

C:\Windows\System\wWhIxbt.exe

C:\Windows\System\wWhIxbt.exe

C:\Windows\System\odZUqXj.exe

C:\Windows\System\odZUqXj.exe

C:\Windows\System\lZFopgW.exe

C:\Windows\System\lZFopgW.exe

C:\Windows\System\aEwNifm.exe

C:\Windows\System\aEwNifm.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1676-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/1676-1-0x000000013F6F0000-0x000000013FA44000-memory.dmp

C:\Windows\system\wLBGAZr.exe

MD5 74a47b5753ee9bdaa563b4a9d7a0d944
SHA1 2f552e60336c4f458f3a12be7a95da9ad8e4f3f1
SHA256 351bcda604be237119c6975dc145d1f1ecfde4b4dfb76cd039845cf71baa0ea2
SHA512 99e6a2a44dfc3085ed1088a76dc1620d244f12cb54d04eef50aabddc0f0401b6913cfd0e0fefab089ba0663c57f6d7feaf8a25d0ffb24bf2bc5268807408a9e8

\Windows\system\xqkrAUV.exe

MD5 761f8a98b14c0920fa7671e21f69afe9
SHA1 ec5b1e360689710fc7382b835f4fb9624fc775b1
SHA256 845dd88f59be01283a35fcd950f9385262eb610604734e9dc6d117c04cf96012
SHA512 f947cf63a977446767db4a15bd02209f98deeb72e6a9ffea51779a7491a20d0f18385165f806a5d770933bedf755226adf07cd3652cf3771ba372fc254897cfb

C:\Windows\system\JZuWLyq.exe

MD5 0c89da92e37c9d438c7404696c9f0dae
SHA1 4b491dbb4e7d2cff3cf98d4de8084c87d8036476
SHA256 c34937e998b5e8c0215d096d93a19a01330decd2f4d89b1aa1c47b8595581752
SHA512 8302ac39d2f07eb131e6ecedb4227a16b689750578f1a66e498809c36031ab700b9a4c0bd5051d3f2fa7bfcadc2c9fa6c7ed8a62be63172012b24983289a61c6

C:\Windows\system\eyJVzSb.exe

MD5 d9fad808608d62ce8a9c119e37b7f478
SHA1 637c741122977d5df8c06679fe6e5b5f4038a137
SHA256 b493116537e10efabb6894f96b1c5676cb605e4796bb087784aa43c4f60ec8a3
SHA512 199abfb66dd21437a57901857484d97eb3a1220d1c3450cb10e9ae12fe31dbde4cb2eb300e654f2d412284c8dbb04c39c68248b19cfc58e3206ff4c9acceff2d

memory/3060-42-0x000000013F260000-0x000000013F5B4000-memory.dmp

C:\Windows\system\BnDOxzS.exe

MD5 9cc36a72d42303fea60d22e636cc1341
SHA1 74f18197efc40cce9ae2efac7be86127341102cd
SHA256 3efdbf4fa536c7fee42ade833550d5ca3272fe80a9536bae2ee9eff9605eb92f
SHA512 78860227e8e940216f6c220982f99412cce1299bee7d508f56cbe0d5ac8f321e3a9a3cdc3fdb3eca259e6e5e329a2708162ee6c585e5b201f712609622913f6e

memory/2700-49-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2776-55-0x000000013FB40000-0x000000013FE94000-memory.dmp

C:\Windows\system\DNOtina.exe

MD5 ff5f21c207b748bf616fa219403e5617
SHA1 41c0a84a00c10854d4e7d5c4c71f2f944d71e23e
SHA256 8211cc06c4b44c127105ea23d03f257c0e5eac2f5ba97ba8b449a9bf9dc00960
SHA512 6635872ff170ca4d3954ccfff06d685126bd6c643fa12c4a39af39c5971107b7bf40d7ccde9785d366388a12f250e53db5f3c899ff2913e735e14fa3010f66af

memory/1676-75-0x000000013F6F0000-0x000000013FA44000-memory.dmp

C:\Windows\system\hLPznHY.exe

MD5 db17e9dc32eeb31a69f817f792e5260f
SHA1 5943bf1244c4edebe7b19b5f0406ed74c4f2a646
SHA256 d7ac84a0a58442b4ea563d02ae2a885c7409ef14115d8d82a28141255b8e547b
SHA512 359ed3f541dbc3d3a8e6a506db1e7bf746fdad73d51f9b6de2370d7ec4d5b7352290a0a9f8785953e92dd25e84b192cf9d613eb4ec5f12c5fca2173caf5eebd9

C:\Windows\system\uEtnbin.exe

MD5 c7c578e1fc35f80fc6868a56e0a93cba
SHA1 14c98a3026ee5868491943421f7f4444af913073
SHA256 bcbcf60ec443ce0b9f7720869615b0fe26a437bda32f5d7178d909adfe2ab303
SHA512 6ca5fcb4b1e2420b009898beec31871f2e7a2c8d56cf86e516c1606162b701d4a5c80b3ed21e87b5c77768b1cd0fd71ee38c0cf078df9fbd5262d3f66cb883b5

C:\Windows\system\cioAUcN.exe

MD5 4087e2ca1c405b6654d652dcb10a15b6
SHA1 1d02628d9d7f149a6efdb4ae469a0778edc174bc
SHA256 fef6104ea3fbd91352e078bbe9e90e2c59b6b5182adaad9d69873008932d86ee
SHA512 ccbb316cf4e1423da17996e8b8b31a56c6cab59cbf39a2c9957880c8cc3905e9f26fa159392cb94bb080ad7aaf36cfb8c6efeeb88e8d74b7904f0abcc2d53997

C:\Windows\system\GWbgWQQ.exe

MD5 50002bb2d187e9208d7bf299d55b2553
SHA1 b14bb5ac64843d633ab9155f190bd5b39ea8c690
SHA256 6723010334beb338f0ad60e2b20f0659286368726c4d3a101e0eb1d53c860225
SHA512 5db9c9e013c2b3056b4fa12bf4be6c8589b0dd63f7ed112c6299d469584b25338776745dc9bb15688184d98eea328cd686b63598c37f122bcd59eb8b4519b010

C:\Windows\system\bqWpwwX.exe

MD5 bd54464e6b620fee9fd796d71e7ecb20
SHA1 a8c376b6c56dbb9f1860958248637c5968299886
SHA256 c705da820dcc90fa6642a7ae17c629d00ab7cd98d3eeb1795532ccea1f7fa4db
SHA512 c6fba161951e5fd232cbcb4f53f91fd9c2a967d9b0ecc3485a4f4377e1dd3da5fef5a120d202517ae6c4255a5fd454f37dcf64f8d9ebc14b5db859e8397efa06

memory/1676-1070-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1676-500-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1676-1071-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2664-1072-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2456-1074-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/1676-1073-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/3060-285-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2380-1075-0x000000013F0E0000-0x000000013F434000-memory.dmp

C:\Windows\system\dwaKGea.exe

MD5 2b9f7c17f260db4293cfdf123317babe
SHA1 5b5aa0ae7fc404bfc3819cb57f624f99144af4f2
SHA256 c0d29ab9899fbb55e66d3262ad014c9a808af0915a645c5c54e847a26605e243
SHA512 bdddc857a8ebed5a36837452216cac61e60ad35bda5c13e7b740a5825b4ca50428e32c67051802f40096959130f782efbbfc43b40d73110b4d44ef1f0d1976d0

C:\Windows\system\Yypogrp.exe

MD5 5e44188df59725732b0a2d29636e3da3
SHA1 08ad4d8f9867ddcd321fe0b585a076d41556b096
SHA256 711276b0c41ccf0b2b9720a79e197c045c24dcf28fc70ff488645c457702f565
SHA512 05a2926acbe485e8abe95bc53f05bc627993d39180a9f0c6cbd6be0902f5af4a1a79d5b047289ff395871f020755966d41505e1f6951748223eb5f5210a7d381

C:\Windows\system\vhFANJP.exe

MD5 e8ea8b2b7ba6556c17356f3dad3ea482
SHA1 080a1b46dfbd6074ec2d1536758e0a75d2cb9679
SHA256 ca0fd9c9fbcd9e0bf7978d0ba74d2e8fb470b689c3c1c9e844acbd49d73a9d04
SHA512 e626f7e82dd6ae6378e867b65db2ca9c1d0b659cb653958a2712990d5040657407179354bdda585724f033dc968e04e466a83d2f061c29918237a899c358a12c

C:\Windows\system\oCkaVcy.exe

MD5 a53350b0a1de463add77c115d6223bc7
SHA1 5ff2d839e5f39f08f8346ec4cd41ec678734fef6
SHA256 f6ab4a1a3cf57b6750c4c4a33efcc2726be4fbe3254a0a2b05a92f779fd80499
SHA512 a91da1e667118777ab51d8e3ab2d9497bb79a3476525119e4e0219ac52a5cccbd21f58ef91c62f048ef5b4dd1367ced8339b5afb1d35cf548ef35489b98b70e8

C:\Windows\system\cOZFBDI.exe

MD5 ba37642b1e5e6e6a0a33c378f9e28662
SHA1 258e688143e6fb96e77d4f921d781d8207a7dc7e
SHA256 649cb4f18129631f2c19d311d7feb527c317b9cfd06e249643597fea4887820e
SHA512 1b65e88315e919d60acc64ae7c77057d1ca603740a0d7cac4618e96ee420e5b4144e143749d67880ba69710183db7efda8f191438a6c17b919766201004199e0

C:\Windows\system\dxhUbon.exe

MD5 cf47855b6c2850b770e969189742a04b
SHA1 1fa87dbcd681f20f56ce9c983f604bc1d6964fe4
SHA256 c880b43b6f0d1bed5e4a10f5d60dfc60e6e0b9a7498fdbb772251b8dad3fd022
SHA512 f396ff2ec0c9f48502abc68a7c510ba24998de190ed46774d54b719bbb3e872951111a9cd48e5b6dd5da08287140622daa9180e26d3a1eb66217a071a2dd10a0

C:\Windows\system\ViBqjww.exe

MD5 b14fdb72d8b5e66d475b5bb7416eca3e
SHA1 38c7d28028b967f0b8ff04819f2dde92a0ac24ca
SHA256 38072b9e7b293f9dc67ab436c6d79f299cc665f310c3b4f0a131b09e4935d32a
SHA512 71bf6f79f835470c6d8dada9fcbe353e9385d1e77c8a646aa0bb6d064e09d0efd97c2d4d83449c37920425dbaabf1fb9bd6ae7e51652ddf7f8aa71ecd66e7e26

memory/1800-1077-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1676-1076-0x000000013F390000-0x000000013F6E4000-memory.dmp

C:\Windows\system\GsMlRJI.exe

MD5 08b6883ba8757cb763e75c21b280b165
SHA1 766dd3f80cbbe420ffd1d90ab65346069c3ef524
SHA256 7e30b716f46342e67915971cc2ab075a1a84d4f824d27bc191090005cbb5f6e9
SHA512 ffa97b2933855b170bde249455f8d5bdbec37a0bdfb7bac21f9cdfbcf54935bd699c13ba212a3fba40b90332554be16a07f71c309707da6460441785d9a3c04f

C:\Windows\system\gylFrVH.exe

MD5 60e911297a6294688833343098503903
SHA1 ea276dd4cc2c712379e9c6a7a9af5ced57dff09e
SHA256 52856c94e6c7c06ddb58741f2d6ff02cb04c45722d343d819e2c03f70cef55ee
SHA512 2447f339463fa868b55d4fc41ddac4cb9c48caeaa674b355ecf09d362430e8ef5eeaa66665bec2a84f5dd6a334dc18eba6d5c0a6100b6190cf7c837572663bc2

C:\Windows\system\UvnQDml.exe

MD5 f84d6dfafa3bb3d355b0fab11d1959ee
SHA1 f007578e468a7a7d2c6cd0938c86753a7b88e51a
SHA256 55c9989730d3a7ba1b83a7c227708c17ae8e22cea0973622511b7a6c14434690
SHA512 508806a4d79cd2e748a18346cff0698a60463163e92bfbf8efa6ea1dc2ea82c10ca87250736470320f46d958f9e8bf6eba25eca9dc44c79009f9018ff59771ae

C:\Windows\system\ewOcxuy.exe

MD5 c626e4cfa52345d28e3e6fe613a93eaa
SHA1 9fb110d581daff5ab47a699598a745a83be4a26d
SHA256 7f892517150ad28f57ed8349e6b4742341c2a0f1bf4f229a50215912f7f58712
SHA512 575d5f5796a10d4d5485f9d6a328c39c6c09fff3815d27f1741bfbb4fe68a9b66dd754b5e7a706f85ee4c3c0a6f4c0167dfb9bc2ce4421084da2dd511fe4dbed

memory/1676-94-0x000000013F390000-0x000000013F6E4000-memory.dmp

C:\Windows\system\XCrlxnu.exe

MD5 61c9a6963d76dcde9b45aff146ff7979
SHA1 3ddfc66d0e8ed9e3af8b5c0d3482d260a922befa
SHA256 a87adf1c27b0ea8ef790b27788c99816f10c2067d90d2c76df8b9b8b04feb07c
SHA512 44f297a442b329a5e512fc4df1be931b2584b1f734de481da7d417fef4048e2f1375a5cc8b5345a832d3db7ecccb34a1c34c6ac51f87679f907182f9a62194e6

C:\Windows\system\wMmpsND.exe

MD5 36fb044a7410a135146512962e56863f
SHA1 1b773554421572963408958c71ba4f23f2ec2bfb
SHA256 1864b760cf130798e6d3576de5692c47ebd74aa185640a7524b3fb81381b0082
SHA512 f7c6e23bb20d10c176d2c28b83e550453b17d2a80b48eea74c3bba1caecefe53c35790f30e4f7d1538cefe0f93bd1afdd86afa10d97368b4ee3d6d856e08de93

memory/2636-93-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1488-88-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/1676-87-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1800-82-0x000000013F390000-0x000000013F6E4000-memory.dmp

C:\Windows\system\WXHFJLI.exe

MD5 bc38964c29d7707317b77e45a72f292b
SHA1 6bf14039d416b82fa63b24196c039a2ee62760f8
SHA256 d994bc626e00a1e1606fa80305802f7e715b88ddf836ca77288184475000addc
SHA512 fbf2fd74df12a174b723059cd31e2e8bc5f35fa5afe0bf0ca010bc6934c37202797ecca51e68ca054cf72fdad9b4368b9e70663d2d5f34af562f179c356e6b0b

C:\Windows\system\CsPrhEy.exe

MD5 d78c04ffe5f0817a0cab2f75d2820a46
SHA1 0c336db63b1a3c657c8787975107224887c9bea8
SHA256 14c988e4f45e438364176d1a64ba5bc1bd7c79e90cf27b4f2082dbacff030952
SHA512 a66286c250f8e2c3afb6d448950ce162152ee04d4952af2a3c77f1d51a7c3f815a252d84fd8bf39b094150dd9a31c8f4c2750650cd5fe0cf0629b2eaf57c3249

memory/2380-77-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/1676-76-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2456-69-0x000000013F990000-0x000000013FCE4000-memory.dmp

C:\Windows\system\DiRIbdz.exe

MD5 ca22d53799504bc848003a8fdcc471e0
SHA1 52d186128c38f2183bda487ee7a6fa5439c5e649
SHA256 1c3d78737596d71c87e1c071b4852316ad542ed1c0f872ad3be4d9e5105eb181
SHA512 3a68445d3f2bc8e5bd2cacf583c535e855a785941439dfc5d13194eaa3d5b04f45f4debe3b80ab60d43d1ba45518c49bd8eac3b115db5a393301e419427578ba

memory/2664-65-0x000000013F840000-0x000000013FB94000-memory.dmp

C:\Windows\system\JTKcDhe.exe

MD5 4d9043d947526c00ee5b76d0a77b122c
SHA1 d7ed0bb03bf6e7cf24347cfddc2855e003534c73
SHA256 07854895559982ffd7726d4d607df90c5254e97bf65716a017d9ef9661c68b94
SHA512 0db6f76ec4163462b6f97141451200e00a524cfaf29ed51ef3077fbfb8c06991eb3cd29a4167546bb86edacaa1a9307770ff80422a8ce158f6c3f3dea131c8dc

memory/2588-60-0x000000013F910000-0x000000013FC64000-memory.dmp

C:\Windows\system\AAIsZuS.exe

MD5 5ff2d92d927f03f1ba17f886bdfb8368
SHA1 26195ecb71cca73923456a772b0ca1db7654d192
SHA256 4d6c9951fac427b215b6f4c9680b54deee35e2506bdb9dcf43e079f640df8d6a
SHA512 e292bd4b2cc5dcc8879c9692087b44770600981244b2b10f67fccdf9ae0792a54e92cbdb0afedc9e58e2f68729d9755875bfb2601606bc311ed081d4fbfd0dba

memory/1676-54-0x000000013FB40000-0x000000013FE94000-memory.dmp

C:\Windows\system\EKmKkqp.exe

MD5 f9f925a93e2feaa08ddc6f02f0962977
SHA1 e678bd77bd7b1e03335677ea1a629867c35f60bd
SHA256 b72fdf9e85d7d3e6a03a58904e12dd153afb532a79e34f5f055e155b3f57cef8
SHA512 0df2afd9dca5fd8bf1fdd45a3fd7ac30f51f36a5942dbc072264c38059bdc60b5673d2072aa50ab53bf8e957d4a7cd4b64e6b720a4e54635f8ff30bd582f418f

memory/1676-48-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2692-43-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2636-38-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1488-1079-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/1676-1078-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1676-35-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1676-34-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/1676-33-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1676-32-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2712-31-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/1676-30-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2176-28-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/1924-22-0x000000013FD00000-0x0000000140054000-memory.dmp

C:\Windows\system\ucCBwXb.exe

MD5 afda778ba7fa2e2d47e05dcbef1235a4
SHA1 9ef1140470a867e61d322e9970c2f4d94f0b6247
SHA256 1dfd973db85fbb5b3c423887abfb05c75f5963ef2839aa4500c33f1c5db09f9a
SHA512 7bbbe14f0cac407d9265ff2ebdefe31d6e9563bc33279ab5b06343f716fdb73aefea483776eb1ee35be333cfbec1a4a5d75cf055d9cfa285c450b07f1e06a803

memory/1676-14-0x000000013FD00000-0x0000000140054000-memory.dmp

C:\Windows\system\nAxeTlP.exe

MD5 de0b3e91ae26c8484ad1cfbd8b395a8d
SHA1 caf899c4feb91b29a06114db02d436b7e4225625
SHA256 44dfabbd489a5a1f8b531a0e4f647e6aeb00e24ad6e8b3d29df7bf8e2e176c2b
SHA512 16a421df29d87f122bd9b856531ba4fef6ac11dfee2b0b38b177a453da8829c057f9b17052ed530091c4d2faee0c52b0b721719bbec64cd36e14db160795d1de

memory/1676-1080-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1924-1081-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2176-1082-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2712-1083-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2692-1085-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2636-1084-0x000000013F020000-0x000000013F374000-memory.dmp

memory/3060-1089-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/1488-1088-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2776-1087-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2664-1086-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2700-1090-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2456-1092-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2588-1094-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/1800-1093-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2380-1091-0x000000013F0E0000-0x000000013F434000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 23:58

Reported

2024-05-31 00:01

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wLBGAZr.exe N/A
N/A N/A C:\Windows\System\nAxeTlP.exe N/A
N/A N/A C:\Windows\System\ucCBwXb.exe N/A
N/A N/A C:\Windows\System\JZuWLyq.exe N/A
N/A N/A C:\Windows\System\xqkrAUV.exe N/A
N/A N/A C:\Windows\System\eyJVzSb.exe N/A
N/A N/A C:\Windows\System\BnDOxzS.exe N/A
N/A N/A C:\Windows\System\EKmKkqp.exe N/A
N/A N/A C:\Windows\System\AAIsZuS.exe N/A
N/A N/A C:\Windows\System\JTKcDhe.exe N/A
N/A N/A C:\Windows\System\DiRIbdz.exe N/A
N/A N/A C:\Windows\System\DNOtina.exe N/A
N/A N/A C:\Windows\System\CsPrhEy.exe N/A
N/A N/A C:\Windows\System\WXHFJLI.exe N/A
N/A N/A C:\Windows\System\hLPznHY.exe N/A
N/A N/A C:\Windows\System\wMmpsND.exe N/A
N/A N/A C:\Windows\System\ewOcxuy.exe N/A
N/A N/A C:\Windows\System\XCrlxnu.exe N/A
N/A N/A C:\Windows\System\UvnQDml.exe N/A
N/A N/A C:\Windows\System\uEtnbin.exe N/A
N/A N/A C:\Windows\System\gylFrVH.exe N/A
N/A N/A C:\Windows\System\GsMlRJI.exe N/A
N/A N/A C:\Windows\System\ViBqjww.exe N/A
N/A N/A C:\Windows\System\dxhUbon.exe N/A
N/A N/A C:\Windows\System\cOZFBDI.exe N/A
N/A N/A C:\Windows\System\cioAUcN.exe N/A
N/A N/A C:\Windows\System\oCkaVcy.exe N/A
N/A N/A C:\Windows\System\GWbgWQQ.exe N/A
N/A N/A C:\Windows\System\vhFANJP.exe N/A
N/A N/A C:\Windows\System\Yypogrp.exe N/A
N/A N/A C:\Windows\System\bqWpwwX.exe N/A
N/A N/A C:\Windows\System\dwaKGea.exe N/A
N/A N/A C:\Windows\System\gbTqsXD.exe N/A
N/A N/A C:\Windows\System\RMnupfL.exe N/A
N/A N/A C:\Windows\System\jUWAArR.exe N/A
N/A N/A C:\Windows\System\rzZbZRI.exe N/A
N/A N/A C:\Windows\System\BJSRpex.exe N/A
N/A N/A C:\Windows\System\eOtFduK.exe N/A
N/A N/A C:\Windows\System\sZHUjvk.exe N/A
N/A N/A C:\Windows\System\xxRewSb.exe N/A
N/A N/A C:\Windows\System\BgXHPob.exe N/A
N/A N/A C:\Windows\System\ZPRMpVO.exe N/A
N/A N/A C:\Windows\System\pvYeXcn.exe N/A
N/A N/A C:\Windows\System\irjYNyL.exe N/A
N/A N/A C:\Windows\System\MiBOJfU.exe N/A
N/A N/A C:\Windows\System\eicsCyu.exe N/A
N/A N/A C:\Windows\System\XfRWpcx.exe N/A
N/A N/A C:\Windows\System\wFZBhMo.exe N/A
N/A N/A C:\Windows\System\itwCaMc.exe N/A
N/A N/A C:\Windows\System\tTrvZvh.exe N/A
N/A N/A C:\Windows\System\ZvxtCJw.exe N/A
N/A N/A C:\Windows\System\eAqZtGk.exe N/A
N/A N/A C:\Windows\System\vsUycsF.exe N/A
N/A N/A C:\Windows\System\KwbdMja.exe N/A
N/A N/A C:\Windows\System\xqKDYci.exe N/A
N/A N/A C:\Windows\System\zMWKQak.exe N/A
N/A N/A C:\Windows\System\eFPMwPY.exe N/A
N/A N/A C:\Windows\System\zAdATYi.exe N/A
N/A N/A C:\Windows\System\DAiNqkH.exe N/A
N/A N/A C:\Windows\System\drlrSAf.exe N/A
N/A N/A C:\Windows\System\JyIyGnx.exe N/A
N/A N/A C:\Windows\System\umpwQCH.exe N/A
N/A N/A C:\Windows\System\RejFFFZ.exe N/A
N/A N/A C:\Windows\System\HwRUoDA.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TgFCvyz.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgwBarY.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfhqoYl.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFZuwwT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOZFBDI.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\drlrSAf.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtxTuxf.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\akoDjed.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmuXnrj.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVEXsWe.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLBGAZr.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvxtCJw.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymLUyCh.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\TApbtqP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCOSVce.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\YxDztuV.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqbSpng.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhFANJP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\tRxqmmf.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\eojAOYC.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\jHQaoTg.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDEVlSB.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewOcxuy.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcPQVjT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbRqZAP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLBdBGx.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\WXuyTKU.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\vbYtGpv.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEeBBMM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLyLshT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTpjLeH.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiUxUts.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLXMWrK.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPMCxsX.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOHHtoD.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvqJWBT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCrlxnu.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\blWxNKT.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPjQZrl.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBbUJuV.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFdLekg.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSjhDNl.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqWpwwX.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\MaqZpGV.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNjGTTS.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkBDtXh.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNetuiP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSzmQUY.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIOsQow.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\RAeAPBc.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpxdTNM.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJhQSXs.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\SeUqefv.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\tMWMLNi.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRqxYwP.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcIxswA.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUswaea.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyGEOqR.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\lLOhYma.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpajmJQ.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\Yypogrp.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQGbXQv.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVqdxRr.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVAJMzK.exe C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wLBGAZr.exe
PID 4144 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wLBGAZr.exe
PID 4144 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\nAxeTlP.exe
PID 4144 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\nAxeTlP.exe
PID 4144 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ucCBwXb.exe
PID 4144 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ucCBwXb.exe
PID 4144 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JZuWLyq.exe
PID 4144 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JZuWLyq.exe
PID 4144 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\xqkrAUV.exe
PID 4144 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\xqkrAUV.exe
PID 4144 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\eyJVzSb.exe
PID 4144 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\eyJVzSb.exe
PID 4144 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\BnDOxzS.exe
PID 4144 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\BnDOxzS.exe
PID 4144 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\EKmKkqp.exe
PID 4144 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\EKmKkqp.exe
PID 4144 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\AAIsZuS.exe
PID 4144 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\AAIsZuS.exe
PID 4144 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JTKcDhe.exe
PID 4144 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\JTKcDhe.exe
PID 4144 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DiRIbdz.exe
PID 4144 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DiRIbdz.exe
PID 4144 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DNOtina.exe
PID 4144 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\DNOtina.exe
PID 4144 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\CsPrhEy.exe
PID 4144 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\CsPrhEy.exe
PID 4144 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\WXHFJLI.exe
PID 4144 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\WXHFJLI.exe
PID 4144 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\hLPznHY.exe
PID 4144 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\hLPznHY.exe
PID 4144 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wMmpsND.exe
PID 4144 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\wMmpsND.exe
PID 4144 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ewOcxuy.exe
PID 4144 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ewOcxuy.exe
PID 4144 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\XCrlxnu.exe
PID 4144 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\XCrlxnu.exe
PID 4144 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\UvnQDml.exe
PID 4144 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\UvnQDml.exe
PID 4144 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\uEtnbin.exe
PID 4144 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\uEtnbin.exe
PID 4144 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\gylFrVH.exe
PID 4144 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\gylFrVH.exe
PID 4144 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\GsMlRJI.exe
PID 4144 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\GsMlRJI.exe
PID 4144 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ViBqjww.exe
PID 4144 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\ViBqjww.exe
PID 4144 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\dxhUbon.exe
PID 4144 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\dxhUbon.exe
PID 4144 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\cOZFBDI.exe
PID 4144 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\cOZFBDI.exe
PID 4144 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\cioAUcN.exe
PID 4144 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\cioAUcN.exe
PID 4144 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\oCkaVcy.exe
PID 4144 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\oCkaVcy.exe
PID 4144 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\GWbgWQQ.exe
PID 4144 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\GWbgWQQ.exe
PID 4144 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\vhFANJP.exe
PID 4144 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\vhFANJP.exe
PID 4144 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\Yypogrp.exe
PID 4144 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\Yypogrp.exe
PID 4144 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\bqWpwwX.exe
PID 4144 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\bqWpwwX.exe
PID 4144 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\dwaKGea.exe
PID 4144 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe C:\Windows\System\dwaKGea.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e009f7bf708fb74e2a4c93f074bf300_NeikiAnalytics.exe"

C:\Windows\System\wLBGAZr.exe

C:\Windows\System\wLBGAZr.exe

C:\Windows\System\nAxeTlP.exe

C:\Windows\System\nAxeTlP.exe

C:\Windows\System\ucCBwXb.exe

C:\Windows\System\ucCBwXb.exe

C:\Windows\System\JZuWLyq.exe

C:\Windows\System\JZuWLyq.exe

C:\Windows\System\xqkrAUV.exe

C:\Windows\System\xqkrAUV.exe

C:\Windows\System\eyJVzSb.exe

C:\Windows\System\eyJVzSb.exe

C:\Windows\System\BnDOxzS.exe

C:\Windows\System\BnDOxzS.exe

C:\Windows\System\EKmKkqp.exe

C:\Windows\System\EKmKkqp.exe

C:\Windows\System\AAIsZuS.exe

C:\Windows\System\AAIsZuS.exe

C:\Windows\System\JTKcDhe.exe

C:\Windows\System\JTKcDhe.exe

C:\Windows\System\DiRIbdz.exe

C:\Windows\System\DiRIbdz.exe

C:\Windows\System\DNOtina.exe

C:\Windows\System\DNOtina.exe

C:\Windows\System\CsPrhEy.exe

C:\Windows\System\CsPrhEy.exe

C:\Windows\System\WXHFJLI.exe

C:\Windows\System\WXHFJLI.exe

C:\Windows\System\hLPznHY.exe

C:\Windows\System\hLPznHY.exe

C:\Windows\System\wMmpsND.exe

C:\Windows\System\wMmpsND.exe

C:\Windows\System\ewOcxuy.exe

C:\Windows\System\ewOcxuy.exe

C:\Windows\System\XCrlxnu.exe

C:\Windows\System\XCrlxnu.exe

C:\Windows\System\UvnQDml.exe

C:\Windows\System\UvnQDml.exe

C:\Windows\System\uEtnbin.exe

C:\Windows\System\uEtnbin.exe

C:\Windows\System\gylFrVH.exe

C:\Windows\System\gylFrVH.exe

C:\Windows\System\GsMlRJI.exe

C:\Windows\System\GsMlRJI.exe

C:\Windows\System\ViBqjww.exe

C:\Windows\System\ViBqjww.exe

C:\Windows\System\dxhUbon.exe

C:\Windows\System\dxhUbon.exe

C:\Windows\System\cOZFBDI.exe

C:\Windows\System\cOZFBDI.exe

C:\Windows\System\cioAUcN.exe

C:\Windows\System\cioAUcN.exe

C:\Windows\System\oCkaVcy.exe

C:\Windows\System\oCkaVcy.exe

C:\Windows\System\GWbgWQQ.exe

C:\Windows\System\GWbgWQQ.exe

C:\Windows\System\vhFANJP.exe

C:\Windows\System\vhFANJP.exe

C:\Windows\System\Yypogrp.exe

C:\Windows\System\Yypogrp.exe

C:\Windows\System\bqWpwwX.exe

C:\Windows\System\bqWpwwX.exe

C:\Windows\System\dwaKGea.exe

C:\Windows\System\dwaKGea.exe

C:\Windows\System\gbTqsXD.exe

C:\Windows\System\gbTqsXD.exe

C:\Windows\System\RMnupfL.exe

C:\Windows\System\RMnupfL.exe

C:\Windows\System\jUWAArR.exe

C:\Windows\System\jUWAArR.exe

C:\Windows\System\rzZbZRI.exe

C:\Windows\System\rzZbZRI.exe

C:\Windows\System\BJSRpex.exe

C:\Windows\System\BJSRpex.exe

C:\Windows\System\eOtFduK.exe

C:\Windows\System\eOtFduK.exe

C:\Windows\System\sZHUjvk.exe

C:\Windows\System\sZHUjvk.exe

C:\Windows\System\xxRewSb.exe

C:\Windows\System\xxRewSb.exe

C:\Windows\System\BgXHPob.exe

C:\Windows\System\BgXHPob.exe

C:\Windows\System\ZPRMpVO.exe

C:\Windows\System\ZPRMpVO.exe

C:\Windows\System\pvYeXcn.exe

C:\Windows\System\pvYeXcn.exe

C:\Windows\System\irjYNyL.exe

C:\Windows\System\irjYNyL.exe

C:\Windows\System\MiBOJfU.exe

C:\Windows\System\MiBOJfU.exe

C:\Windows\System\eicsCyu.exe

C:\Windows\System\eicsCyu.exe

C:\Windows\System\XfRWpcx.exe

C:\Windows\System\XfRWpcx.exe

C:\Windows\System\wFZBhMo.exe

C:\Windows\System\wFZBhMo.exe

C:\Windows\System\itwCaMc.exe

C:\Windows\System\itwCaMc.exe

C:\Windows\System\xqKDYci.exe

C:\Windows\System\xqKDYci.exe

C:\Windows\System\tTrvZvh.exe

C:\Windows\System\tTrvZvh.exe

C:\Windows\System\ZvxtCJw.exe

C:\Windows\System\ZvxtCJw.exe

C:\Windows\System\eAqZtGk.exe

C:\Windows\System\eAqZtGk.exe

C:\Windows\System\vsUycsF.exe

C:\Windows\System\vsUycsF.exe

C:\Windows\System\KwbdMja.exe

C:\Windows\System\KwbdMja.exe

C:\Windows\System\zMWKQak.exe

C:\Windows\System\zMWKQak.exe

C:\Windows\System\eFPMwPY.exe

C:\Windows\System\eFPMwPY.exe

C:\Windows\System\zAdATYi.exe

C:\Windows\System\zAdATYi.exe

C:\Windows\System\DAiNqkH.exe

C:\Windows\System\DAiNqkH.exe

C:\Windows\System\drlrSAf.exe

C:\Windows\System\drlrSAf.exe

C:\Windows\System\JyIyGnx.exe

C:\Windows\System\JyIyGnx.exe

C:\Windows\System\umpwQCH.exe

C:\Windows\System\umpwQCH.exe

C:\Windows\System\RejFFFZ.exe

C:\Windows\System\RejFFFZ.exe

C:\Windows\System\HwRUoDA.exe

C:\Windows\System\HwRUoDA.exe

C:\Windows\System\tRxqmmf.exe

C:\Windows\System\tRxqmmf.exe

C:\Windows\System\sstHKsw.exe

C:\Windows\System\sstHKsw.exe

C:\Windows\System\xkTuWzR.exe

C:\Windows\System\xkTuWzR.exe

C:\Windows\System\yGIewPz.exe

C:\Windows\System\yGIewPz.exe

C:\Windows\System\WXLvSiA.exe

C:\Windows\System\WXLvSiA.exe

C:\Windows\System\IbBghKu.exe

C:\Windows\System\IbBghKu.exe

C:\Windows\System\HMtAVqV.exe

C:\Windows\System\HMtAVqV.exe

C:\Windows\System\ySbKQiD.exe

C:\Windows\System\ySbKQiD.exe

C:\Windows\System\kfmYYvh.exe

C:\Windows\System\kfmYYvh.exe

C:\Windows\System\WUhKqIE.exe

C:\Windows\System\WUhKqIE.exe

C:\Windows\System\HSzmQUY.exe

C:\Windows\System\HSzmQUY.exe

C:\Windows\System\dGXVlLP.exe

C:\Windows\System\dGXVlLP.exe

C:\Windows\System\HQGbXQv.exe

C:\Windows\System\HQGbXQv.exe

C:\Windows\System\fYnTRai.exe

C:\Windows\System\fYnTRai.exe

C:\Windows\System\QmFHGnI.exe

C:\Windows\System\QmFHGnI.exe

C:\Windows\System\eGKDIyq.exe

C:\Windows\System\eGKDIyq.exe

C:\Windows\System\JAgdGkE.exe

C:\Windows\System\JAgdGkE.exe

C:\Windows\System\OEwEKZF.exe

C:\Windows\System\OEwEKZF.exe

C:\Windows\System\DawmXDA.exe

C:\Windows\System\DawmXDA.exe

C:\Windows\System\blWxNKT.exe

C:\Windows\System\blWxNKT.exe

C:\Windows\System\uTpjLeH.exe

C:\Windows\System\uTpjLeH.exe

C:\Windows\System\DjFMxFx.exe

C:\Windows\System\DjFMxFx.exe

C:\Windows\System\FRqpXot.exe

C:\Windows\System\FRqpXot.exe

C:\Windows\System\SeUqefv.exe

C:\Windows\System\SeUqefv.exe

C:\Windows\System\TgFCvyz.exe

C:\Windows\System\TgFCvyz.exe

C:\Windows\System\clxyLKL.exe

C:\Windows\System\clxyLKL.exe

C:\Windows\System\EIxwaXn.exe

C:\Windows\System\EIxwaXn.exe

C:\Windows\System\XPviESE.exe

C:\Windows\System\XPviESE.exe

C:\Windows\System\rtxTuxf.exe

C:\Windows\System\rtxTuxf.exe

C:\Windows\System\YKQjQQa.exe

C:\Windows\System\YKQjQQa.exe

C:\Windows\System\QkZxxVR.exe

C:\Windows\System\QkZxxVR.exe

C:\Windows\System\ZeYCTFS.exe

C:\Windows\System\ZeYCTFS.exe

C:\Windows\System\zgrlikp.exe

C:\Windows\System\zgrlikp.exe

C:\Windows\System\VEbrMfi.exe

C:\Windows\System\VEbrMfi.exe

C:\Windows\System\okUmToC.exe

C:\Windows\System\okUmToC.exe

C:\Windows\System\RKIupJO.exe

C:\Windows\System\RKIupJO.exe

C:\Windows\System\XEQrcfA.exe

C:\Windows\System\XEQrcfA.exe

C:\Windows\System\LNJSKJD.exe

C:\Windows\System\LNJSKJD.exe

C:\Windows\System\FuXzsrS.exe

C:\Windows\System\FuXzsrS.exe

C:\Windows\System\jVAJMzK.exe

C:\Windows\System\jVAJMzK.exe

C:\Windows\System\poGJLGa.exe

C:\Windows\System\poGJLGa.exe

C:\Windows\System\ymLUyCh.exe

C:\Windows\System\ymLUyCh.exe

C:\Windows\System\mASCNex.exe

C:\Windows\System\mASCNex.exe

C:\Windows\System\MhOlAXn.exe

C:\Windows\System\MhOlAXn.exe

C:\Windows\System\EhhKIIs.exe

C:\Windows\System\EhhKIIs.exe

C:\Windows\System\fPnzLiv.exe

C:\Windows\System\fPnzLiv.exe

C:\Windows\System\IRPByQb.exe

C:\Windows\System\IRPByQb.exe

C:\Windows\System\WcxBazP.exe

C:\Windows\System\WcxBazP.exe

C:\Windows\System\qsGRFZn.exe

C:\Windows\System\qsGRFZn.exe

C:\Windows\System\bTRetKL.exe

C:\Windows\System\bTRetKL.exe

C:\Windows\System\PCxVEFZ.exe

C:\Windows\System\PCxVEFZ.exe

C:\Windows\System\TaGDHwJ.exe

C:\Windows\System\TaGDHwJ.exe

C:\Windows\System\hSVtnBs.exe

C:\Windows\System\hSVtnBs.exe

C:\Windows\System\xhpwqog.exe

C:\Windows\System\xhpwqog.exe

C:\Windows\System\uolKtNr.exe

C:\Windows\System\uolKtNr.exe

C:\Windows\System\DITAuSu.exe

C:\Windows\System\DITAuSu.exe

C:\Windows\System\NEdjWsJ.exe

C:\Windows\System\NEdjWsJ.exe

C:\Windows\System\JkONUCM.exe

C:\Windows\System\JkONUCM.exe

C:\Windows\System\vwSRACk.exe

C:\Windows\System\vwSRACk.exe

C:\Windows\System\GRqxYwP.exe

C:\Windows\System\GRqxYwP.exe

C:\Windows\System\IyJtTjb.exe

C:\Windows\System\IyJtTjb.exe

C:\Windows\System\ZKecsAf.exe

C:\Windows\System\ZKecsAf.exe

C:\Windows\System\MaqZpGV.exe

C:\Windows\System\MaqZpGV.exe

C:\Windows\System\fXSGfJY.exe

C:\Windows\System\fXSGfJY.exe

C:\Windows\System\tMWMLNi.exe

C:\Windows\System\tMWMLNi.exe

C:\Windows\System\nUzsAoJ.exe

C:\Windows\System\nUzsAoJ.exe

C:\Windows\System\BsijtUI.exe

C:\Windows\System\BsijtUI.exe

C:\Windows\System\GogpfqW.exe

C:\Windows\System\GogpfqW.exe

C:\Windows\System\skMbkak.exe

C:\Windows\System\skMbkak.exe

C:\Windows\System\qIOsQow.exe

C:\Windows\System\qIOsQow.exe

C:\Windows\System\AhMIsTb.exe

C:\Windows\System\AhMIsTb.exe

C:\Windows\System\qhflkTl.exe

C:\Windows\System\qhflkTl.exe

C:\Windows\System\sXAmwPI.exe

C:\Windows\System\sXAmwPI.exe

C:\Windows\System\tcPQVjT.exe

C:\Windows\System\tcPQVjT.exe

C:\Windows\System\BhYEYEe.exe

C:\Windows\System\BhYEYEe.exe

C:\Windows\System\TApbtqP.exe

C:\Windows\System\TApbtqP.exe

C:\Windows\System\qbcjiyd.exe

C:\Windows\System\qbcjiyd.exe

C:\Windows\System\YVkHXnn.exe

C:\Windows\System\YVkHXnn.exe

C:\Windows\System\DqzFSbw.exe

C:\Windows\System\DqzFSbw.exe

C:\Windows\System\pTNOrcu.exe

C:\Windows\System\pTNOrcu.exe

C:\Windows\System\buujoNl.exe

C:\Windows\System\buujoNl.exe

C:\Windows\System\fcIxswA.exe

C:\Windows\System\fcIxswA.exe

C:\Windows\System\HUswaea.exe

C:\Windows\System\HUswaea.exe

C:\Windows\System\zbdSocm.exe

C:\Windows\System\zbdSocm.exe

C:\Windows\System\yfTRCgM.exe

C:\Windows\System\yfTRCgM.exe

C:\Windows\System\OObGfYZ.exe

C:\Windows\System\OObGfYZ.exe

C:\Windows\System\NCjblDW.exe

C:\Windows\System\NCjblDW.exe

C:\Windows\System\NeyhIIj.exe

C:\Windows\System\NeyhIIj.exe

C:\Windows\System\WPJWqQQ.exe

C:\Windows\System\WPJWqQQ.exe

C:\Windows\System\iyGEOqR.exe

C:\Windows\System\iyGEOqR.exe

C:\Windows\System\RhZSuYs.exe

C:\Windows\System\RhZSuYs.exe

C:\Windows\System\LpLNrjT.exe

C:\Windows\System\LpLNrjT.exe

C:\Windows\System\cFwyAWT.exe

C:\Windows\System\cFwyAWT.exe

C:\Windows\System\rPjQZrl.exe

C:\Windows\System\rPjQZrl.exe

C:\Windows\System\Mqskjqe.exe

C:\Windows\System\Mqskjqe.exe

C:\Windows\System\WqPCESe.exe

C:\Windows\System\WqPCESe.exe

C:\Windows\System\BWQLNrp.exe

C:\Windows\System\BWQLNrp.exe

C:\Windows\System\eojAOYC.exe

C:\Windows\System\eojAOYC.exe

C:\Windows\System\HDJDFOX.exe

C:\Windows\System\HDJDFOX.exe

C:\Windows\System\IHLraEm.exe

C:\Windows\System\IHLraEm.exe

C:\Windows\System\eiUxUts.exe

C:\Windows\System\eiUxUts.exe

C:\Windows\System\iNjGTTS.exe

C:\Windows\System\iNjGTTS.exe

C:\Windows\System\OUgADuf.exe

C:\Windows\System\OUgADuf.exe

C:\Windows\System\VXZxDwj.exe

C:\Windows\System\VXZxDwj.exe

C:\Windows\System\hxrcUgg.exe

C:\Windows\System\hxrcUgg.exe

C:\Windows\System\iLQgaUM.exe

C:\Windows\System\iLQgaUM.exe

C:\Windows\System\ARyfXsj.exe

C:\Windows\System\ARyfXsj.exe

C:\Windows\System\xQGTZkb.exe

C:\Windows\System\xQGTZkb.exe

C:\Windows\System\eggSqGA.exe

C:\Windows\System\eggSqGA.exe

C:\Windows\System\DNLXuJz.exe

C:\Windows\System\DNLXuJz.exe

C:\Windows\System\QbRqZAP.exe

C:\Windows\System\QbRqZAP.exe

C:\Windows\System\bGHFjEW.exe

C:\Windows\System\bGHFjEW.exe

C:\Windows\System\akoDjed.exe

C:\Windows\System\akoDjed.exe

C:\Windows\System\bjWriSM.exe

C:\Windows\System\bjWriSM.exe

C:\Windows\System\XshbTou.exe

C:\Windows\System\XshbTou.exe

C:\Windows\System\ertjkyt.exe

C:\Windows\System\ertjkyt.exe

C:\Windows\System\CASJhyl.exe

C:\Windows\System\CASJhyl.exe

C:\Windows\System\rrQtLjB.exe

C:\Windows\System\rrQtLjB.exe

C:\Windows\System\elFovOz.exe

C:\Windows\System\elFovOz.exe

C:\Windows\System\gTWDUXl.exe

C:\Windows\System\gTWDUXl.exe

C:\Windows\System\YwsAPXO.exe

C:\Windows\System\YwsAPXO.exe

C:\Windows\System\TvhlJIm.exe

C:\Windows\System\TvhlJIm.exe

C:\Windows\System\BKphCNx.exe

C:\Windows\System\BKphCNx.exe

C:\Windows\System\aLBdBGx.exe

C:\Windows\System\aLBdBGx.exe

C:\Windows\System\oqCIkNu.exe

C:\Windows\System\oqCIkNu.exe

C:\Windows\System\BzwPOZO.exe

C:\Windows\System\BzwPOZO.exe

C:\Windows\System\WXuyTKU.exe

C:\Windows\System\WXuyTKU.exe

C:\Windows\System\tJpgOod.exe

C:\Windows\System\tJpgOod.exe

C:\Windows\System\lYTERUU.exe

C:\Windows\System\lYTERUU.exe

C:\Windows\System\vbYtGpv.exe

C:\Windows\System\vbYtGpv.exe

C:\Windows\System\feJBLiH.exe

C:\Windows\System\feJBLiH.exe

C:\Windows\System\mzbhnxz.exe

C:\Windows\System\mzbhnxz.exe

C:\Windows\System\lHsYpec.exe

C:\Windows\System\lHsYpec.exe

C:\Windows\System\MfzjoON.exe

C:\Windows\System\MfzjoON.exe

C:\Windows\System\hrICYcT.exe

C:\Windows\System\hrICYcT.exe

C:\Windows\System\IbKEXik.exe

C:\Windows\System\IbKEXik.exe

C:\Windows\System\opXymaF.exe

C:\Windows\System\opXymaF.exe

C:\Windows\System\pDHHDUv.exe

C:\Windows\System\pDHHDUv.exe

C:\Windows\System\AcbSQGY.exe

C:\Windows\System\AcbSQGY.exe

C:\Windows\System\sMnTCRK.exe

C:\Windows\System\sMnTCRK.exe

C:\Windows\System\zdIzAcM.exe

C:\Windows\System\zdIzAcM.exe

C:\Windows\System\kkOZDkm.exe

C:\Windows\System\kkOZDkm.exe

C:\Windows\System\lLOhYma.exe

C:\Windows\System\lLOhYma.exe

C:\Windows\System\fLXMWrK.exe

C:\Windows\System\fLXMWrK.exe

C:\Windows\System\RhUQdQI.exe

C:\Windows\System\RhUQdQI.exe

C:\Windows\System\mwiJRJA.exe

C:\Windows\System\mwiJRJA.exe

C:\Windows\System\CyqvlWW.exe

C:\Windows\System\CyqvlWW.exe

C:\Windows\System\rrYBJxr.exe

C:\Windows\System\rrYBJxr.exe

C:\Windows\System\UWvAOLV.exe

C:\Windows\System\UWvAOLV.exe

C:\Windows\System\yrKduHD.exe

C:\Windows\System\yrKduHD.exe

C:\Windows\System\xbwGQGl.exe

C:\Windows\System\xbwGQGl.exe

C:\Windows\System\RpajmJQ.exe

C:\Windows\System\RpajmJQ.exe

C:\Windows\System\RAeAPBc.exe

C:\Windows\System\RAeAPBc.exe

C:\Windows\System\xLlXMXg.exe

C:\Windows\System\xLlXMXg.exe

C:\Windows\System\IBbUJuV.exe

C:\Windows\System\IBbUJuV.exe

C:\Windows\System\jHQaoTg.exe

C:\Windows\System\jHQaoTg.exe

C:\Windows\System\QEeBBMM.exe

C:\Windows\System\QEeBBMM.exe

C:\Windows\System\KMjoAdf.exe

C:\Windows\System\KMjoAdf.exe

C:\Windows\System\RuIQIWq.exe

C:\Windows\System\RuIQIWq.exe

C:\Windows\System\ASGuhzo.exe

C:\Windows\System\ASGuhzo.exe

C:\Windows\System\PZmqyyk.exe

C:\Windows\System\PZmqyyk.exe

C:\Windows\System\lutVsxC.exe

C:\Windows\System\lutVsxC.exe

C:\Windows\System\wpxdTNM.exe

C:\Windows\System\wpxdTNM.exe

C:\Windows\System\OpPbmSh.exe

C:\Windows\System\OpPbmSh.exe

C:\Windows\System\EfUkXdQ.exe

C:\Windows\System\EfUkXdQ.exe

C:\Windows\System\iqEozss.exe

C:\Windows\System\iqEozss.exe

C:\Windows\System\PLyLshT.exe

C:\Windows\System\PLyLshT.exe

C:\Windows\System\aJhQSXs.exe

C:\Windows\System\aJhQSXs.exe

C:\Windows\System\lPcVWMM.exe

C:\Windows\System\lPcVWMM.exe

C:\Windows\System\XgwBarY.exe

C:\Windows\System\XgwBarY.exe

C:\Windows\System\FhxjlUK.exe

C:\Windows\System\FhxjlUK.exe

C:\Windows\System\WUvMsAB.exe

C:\Windows\System\WUvMsAB.exe

C:\Windows\System\uOJWTxl.exe

C:\Windows\System\uOJWTxl.exe

C:\Windows\System\PAzquMS.exe

C:\Windows\System\PAzquMS.exe

C:\Windows\System\hfIWeGz.exe

C:\Windows\System\hfIWeGz.exe

C:\Windows\System\Zogtnan.exe

C:\Windows\System\Zogtnan.exe

C:\Windows\System\uZbripR.exe

C:\Windows\System\uZbripR.exe

C:\Windows\System\gmuXnrj.exe

C:\Windows\System\gmuXnrj.exe

C:\Windows\System\clBKmks.exe

C:\Windows\System\clBKmks.exe

C:\Windows\System\LZcJUXD.exe

C:\Windows\System\LZcJUXD.exe

C:\Windows\System\YxiOivD.exe

C:\Windows\System\YxiOivD.exe

C:\Windows\System\cnzrUFp.exe

C:\Windows\System\cnzrUFp.exe

C:\Windows\System\qDdNTuR.exe

C:\Windows\System\qDdNTuR.exe

C:\Windows\System\zCbRGNU.exe

C:\Windows\System\zCbRGNU.exe

C:\Windows\System\qtDyhdF.exe

C:\Windows\System\qtDyhdF.exe

C:\Windows\System\sCYphnG.exe

C:\Windows\System\sCYphnG.exe

C:\Windows\System\RQKqwtP.exe

C:\Windows\System\RQKqwtP.exe

C:\Windows\System\iGEwjAZ.exe

C:\Windows\System\iGEwjAZ.exe

C:\Windows\System\SkBDtXh.exe

C:\Windows\System\SkBDtXh.exe

C:\Windows\System\ISSbmhz.exe

C:\Windows\System\ISSbmhz.exe

C:\Windows\System\oVemmJR.exe

C:\Windows\System\oVemmJR.exe

C:\Windows\System\sCOSVce.exe

C:\Windows\System\sCOSVce.exe

C:\Windows\System\VCtHoXg.exe

C:\Windows\System\VCtHoXg.exe

C:\Windows\System\NtvPUYS.exe

C:\Windows\System\NtvPUYS.exe

C:\Windows\System\nkqONCH.exe

C:\Windows\System\nkqONCH.exe

C:\Windows\System\ugAIZnr.exe

C:\Windows\System\ugAIZnr.exe

C:\Windows\System\nuboCcd.exe

C:\Windows\System\nuboCcd.exe

C:\Windows\System\pjpZjqM.exe

C:\Windows\System\pjpZjqM.exe

C:\Windows\System\lPMCxsX.exe

C:\Windows\System\lPMCxsX.exe

C:\Windows\System\bFvoyFP.exe

C:\Windows\System\bFvoyFP.exe

C:\Windows\System\AbGoNcV.exe

C:\Windows\System\AbGoNcV.exe

C:\Windows\System\XVqdxRr.exe

C:\Windows\System\XVqdxRr.exe

C:\Windows\System\txpVTQY.exe

C:\Windows\System\txpVTQY.exe

C:\Windows\System\RNetuiP.exe

C:\Windows\System\RNetuiP.exe

C:\Windows\System\uOHHtoD.exe

C:\Windows\System\uOHHtoD.exe

C:\Windows\System\srlNUsU.exe

C:\Windows\System\srlNUsU.exe

C:\Windows\System\ryZwrAv.exe

C:\Windows\System\ryZwrAv.exe

C:\Windows\System\lObCgPK.exe

C:\Windows\System\lObCgPK.exe

C:\Windows\System\agwPCPa.exe

C:\Windows\System\agwPCPa.exe

C:\Windows\System\KDEVlSB.exe

C:\Windows\System\KDEVlSB.exe

C:\Windows\System\ayipviS.exe

C:\Windows\System\ayipviS.exe

C:\Windows\System\TDTqnqr.exe

C:\Windows\System\TDTqnqr.exe

C:\Windows\System\TFHmwbf.exe

C:\Windows\System\TFHmwbf.exe

C:\Windows\System\xFdLekg.exe

C:\Windows\System\xFdLekg.exe

C:\Windows\System\EiWkNvb.exe

C:\Windows\System\EiWkNvb.exe

C:\Windows\System\XzVqEcN.exe

C:\Windows\System\XzVqEcN.exe

C:\Windows\System\LKXYmdy.exe

C:\Windows\System\LKXYmdy.exe

C:\Windows\System\HvqJWBT.exe

C:\Windows\System\HvqJWBT.exe

C:\Windows\System\UczrNow.exe

C:\Windows\System\UczrNow.exe

C:\Windows\System\DwtyLqQ.exe

C:\Windows\System\DwtyLqQ.exe

C:\Windows\System\YaqptfZ.exe

C:\Windows\System\YaqptfZ.exe

C:\Windows\System\BHYlBbc.exe

C:\Windows\System\BHYlBbc.exe

C:\Windows\System\luxDuAU.exe

C:\Windows\System\luxDuAU.exe

C:\Windows\System\YxDztuV.exe

C:\Windows\System\YxDztuV.exe

C:\Windows\System\URQTYzF.exe

C:\Windows\System\URQTYzF.exe

C:\Windows\System\GoauyMD.exe

C:\Windows\System\GoauyMD.exe

C:\Windows\System\XLTqsdW.exe

C:\Windows\System\XLTqsdW.exe

C:\Windows\System\LsIICPL.exe

C:\Windows\System\LsIICPL.exe

C:\Windows\System\yTWCulK.exe

C:\Windows\System\yTWCulK.exe

C:\Windows\System\FFPEUsN.exe

C:\Windows\System\FFPEUsN.exe

C:\Windows\System\LnswWSq.exe

C:\Windows\System\LnswWSq.exe

C:\Windows\System\kqkgZbd.exe

C:\Windows\System\kqkgZbd.exe

C:\Windows\System\EpOQTYf.exe

C:\Windows\System\EpOQTYf.exe

C:\Windows\System\dISpSfF.exe

C:\Windows\System\dISpSfF.exe

C:\Windows\System\SomPytd.exe

C:\Windows\System\SomPytd.exe

C:\Windows\System\zOpssXB.exe

C:\Windows\System\zOpssXB.exe

C:\Windows\System\fDVGNKi.exe

C:\Windows\System\fDVGNKi.exe

C:\Windows\System\vRYsYRX.exe

C:\Windows\System\vRYsYRX.exe

C:\Windows\System\gMcbkcd.exe

C:\Windows\System\gMcbkcd.exe

C:\Windows\System\MRkSAIg.exe

C:\Windows\System\MRkSAIg.exe

C:\Windows\System\qfOtTzF.exe

C:\Windows\System\qfOtTzF.exe

C:\Windows\System\nVEXsWe.exe

C:\Windows\System\nVEXsWe.exe

C:\Windows\System\PFyZBdq.exe

C:\Windows\System\PFyZBdq.exe

C:\Windows\System\dZchtjR.exe

C:\Windows\System\dZchtjR.exe

C:\Windows\System\RNlGGil.exe

C:\Windows\System\RNlGGil.exe

C:\Windows\System\pHikwGP.exe

C:\Windows\System\pHikwGP.exe

C:\Windows\System\dXNgxBK.exe

C:\Windows\System\dXNgxBK.exe

C:\Windows\System\EkjUAlE.exe

C:\Windows\System\EkjUAlE.exe

C:\Windows\System\srnDQHH.exe

C:\Windows\System\srnDQHH.exe

C:\Windows\System\KfhqoYl.exe

C:\Windows\System\KfhqoYl.exe

C:\Windows\System\Gxiulri.exe

C:\Windows\System\Gxiulri.exe

C:\Windows\System\SLDhSZV.exe

C:\Windows\System\SLDhSZV.exe

C:\Windows\System\KqbSpng.exe

C:\Windows\System\KqbSpng.exe

C:\Windows\System\yFZuwwT.exe

C:\Windows\System\yFZuwwT.exe

C:\Windows\System\WcPcjDc.exe

C:\Windows\System\WcPcjDc.exe

C:\Windows\System\pSjhDNl.exe

C:\Windows\System\pSjhDNl.exe

C:\Windows\System\YBQvFET.exe

C:\Windows\System\YBQvFET.exe

C:\Windows\System\wWhIxbt.exe

C:\Windows\System\wWhIxbt.exe

C:\Windows\System\odZUqXj.exe

C:\Windows\System\odZUqXj.exe

C:\Windows\System\lZFopgW.exe

C:\Windows\System\lZFopgW.exe

C:\Windows\System\aEwNifm.exe

C:\Windows\System\aEwNifm.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 udp

Files

memory/4144-0-0x00007FF670370000-0x00007FF6706C4000-memory.dmp

memory/4144-1-0x000001A288000000-0x000001A288010000-memory.dmp

C:\Windows\System\ucCBwXb.exe

MD5 afda778ba7fa2e2d47e05dcbef1235a4
SHA1 9ef1140470a867e61d322e9970c2f4d94f0b6247
SHA256 1dfd973db85fbb5b3c423887abfb05c75f5963ef2839aa4500c33f1c5db09f9a
SHA512 7bbbe14f0cac407d9265ff2ebdefe31d6e9563bc33279ab5b06343f716fdb73aefea483776eb1ee35be333cfbec1a4a5d75cf055d9cfa285c450b07f1e06a803

C:\Windows\System\wLBGAZr.exe

MD5 74a47b5753ee9bdaa563b4a9d7a0d944
SHA1 2f552e60336c4f458f3a12be7a95da9ad8e4f3f1
SHA256 351bcda604be237119c6975dc145d1f1ecfde4b4dfb76cd039845cf71baa0ea2
SHA512 99e6a2a44dfc3085ed1088a76dc1620d244f12cb54d04eef50aabddc0f0401b6913cfd0e0fefab089ba0663c57f6d7feaf8a25d0ffb24bf2bc5268807408a9e8

C:\Windows\System\DNOtina.exe

MD5 ff5f21c207b748bf616fa219403e5617
SHA1 41c0a84a00c10854d4e7d5c4c71f2f944d71e23e
SHA256 8211cc06c4b44c127105ea23d03f257c0e5eac2f5ba97ba8b449a9bf9dc00960
SHA512 6635872ff170ca4d3954ccfff06d685126bd6c643fa12c4a39af39c5971107b7bf40d7ccde9785d366388a12f250e53db5f3c899ff2913e735e14fa3010f66af

C:\Windows\System\DiRIbdz.exe

MD5 ca22d53799504bc848003a8fdcc471e0
SHA1 52d186128c38f2183bda487ee7a6fa5439c5e649
SHA256 1c3d78737596d71c87e1c071b4852316ad542ed1c0f872ad3be4d9e5105eb181
SHA512 3a68445d3f2bc8e5bd2cacf583c535e855a785941439dfc5d13194eaa3d5b04f45f4debe3b80ab60d43d1ba45518c49bd8eac3b115db5a393301e419427578ba

C:\Windows\System\wMmpsND.exe

MD5 36fb044a7410a135146512962e56863f
SHA1 1b773554421572963408958c71ba4f23f2ec2bfb
SHA256 1864b760cf130798e6d3576de5692c47ebd74aa185640a7524b3fb81381b0082
SHA512 f7c6e23bb20d10c176d2c28b83e550453b17d2a80b48eea74c3bba1caecefe53c35790f30e4f7d1538cefe0f93bd1afdd86afa10d97368b4ee3d6d856e08de93

memory/3164-118-0x00007FF783910000-0x00007FF783C64000-memory.dmp

memory/5064-122-0x00007FF655C30000-0x00007FF655F84000-memory.dmp

memory/4796-126-0x00007FF74D490000-0x00007FF74D7E4000-memory.dmp

memory/2556-128-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp

memory/3100-127-0x00007FF784700000-0x00007FF784A54000-memory.dmp

memory/4824-125-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp

memory/3964-124-0x00007FF79F1E0000-0x00007FF79F534000-memory.dmp

memory/3020-123-0x00007FF74F6C0000-0x00007FF74FA14000-memory.dmp

memory/3396-121-0x00007FF6F1460000-0x00007FF6F17B4000-memory.dmp

C:\Windows\System\gylFrVH.exe

MD5 60e911297a6294688833343098503903
SHA1 ea276dd4cc2c712379e9c6a7a9af5ced57dff09e
SHA256 52856c94e6c7c06ddb58741f2d6ff02cb04c45722d343d819e2c03f70cef55ee
SHA512 2447f339463fa868b55d4fc41ddac4cb9c48caeaa674b355ecf09d362430e8ef5eeaa66665bec2a84f5dd6a334dc18eba6d5c0a6100b6190cf7c837572663bc2

C:\Windows\System\uEtnbin.exe

MD5 c7c578e1fc35f80fc6868a56e0a93cba
SHA1 14c98a3026ee5868491943421f7f4444af913073
SHA256 bcbcf60ec443ce0b9f7720869615b0fe26a437bda32f5d7178d909adfe2ab303
SHA512 6ca5fcb4b1e2420b009898beec31871f2e7a2c8d56cf86e516c1606162b701d4a5c80b3ed21e87b5c77768b1cd0fd71ee38c0cf078df9fbd5262d3f66cb883b5

C:\Windows\System\UvnQDml.exe

MD5 f84d6dfafa3bb3d355b0fab11d1959ee
SHA1 f007578e468a7a7d2c6cd0938c86753a7b88e51a
SHA256 55c9989730d3a7ba1b83a7c227708c17ae8e22cea0973622511b7a6c14434690
SHA512 508806a4d79cd2e748a18346cff0698a60463163e92bfbf8efa6ea1dc2ea82c10ca87250736470320f46d958f9e8bf6eba25eca9dc44c79009f9018ff59771ae

C:\Windows\System\XCrlxnu.exe

MD5 61c9a6963d76dcde9b45aff146ff7979
SHA1 3ddfc66d0e8ed9e3af8b5c0d3482d260a922befa
SHA256 a87adf1c27b0ea8ef790b27788c99816f10c2067d90d2c76df8b9b8b04feb07c
SHA512 44f297a442b329a5e512fc4df1be931b2584b1f734de481da7d417fef4048e2f1375a5cc8b5345a832d3db7ecccb34a1c34c6ac51f87679f907182f9a62194e6

C:\Windows\System\ewOcxuy.exe

MD5 c626e4cfa52345d28e3e6fe613a93eaa
SHA1 9fb110d581daff5ab47a699598a745a83be4a26d
SHA256 7f892517150ad28f57ed8349e6b4742341c2a0f1bf4f229a50215912f7f58712
SHA512 575d5f5796a10d4d5485f9d6a328c39c6c09fff3815d27f1741bfbb4fe68a9b66dd754b5e7a706f85ee4c3c0a6f4c0167dfb9bc2ce4421084da2dd511fe4dbed

memory/3568-109-0x00007FF69C5C0000-0x00007FF69C914000-memory.dmp

memory/4436-108-0x00007FF6D1800000-0x00007FF6D1B54000-memory.dmp

C:\Windows\System\hLPznHY.exe

MD5 db17e9dc32eeb31a69f817f792e5260f
SHA1 5943bf1244c4edebe7b19b5f0406ed74c4f2a646
SHA256 d7ac84a0a58442b4ea563d02ae2a885c7409ef14115d8d82a28141255b8e547b
SHA512 359ed3f541dbc3d3a8e6a506db1e7bf746fdad73d51f9b6de2370d7ec4d5b7352290a0a9f8785953e92dd25e84b192cf9d613eb4ec5f12c5fca2173caf5eebd9

memory/2876-102-0x00007FF700400000-0x00007FF700754000-memory.dmp

C:\Windows\System\CsPrhEy.exe

MD5 d78c04ffe5f0817a0cab2f75d2820a46
SHA1 0c336db63b1a3c657c8787975107224887c9bea8
SHA256 14c988e4f45e438364176d1a64ba5bc1bd7c79e90cf27b4f2082dbacff030952
SHA512 a66286c250f8e2c3afb6d448950ce162152ee04d4952af2a3c77f1d51a7c3f815a252d84fd8bf39b094150dd9a31c8f4c2750650cd5fe0cf0629b2eaf57c3249

memory/3284-90-0x00007FF7CAD00000-0x00007FF7CB054000-memory.dmp

C:\Windows\System\WXHFJLI.exe

MD5 bc38964c29d7707317b77e45a72f292b
SHA1 6bf14039d416b82fa63b24196c039a2ee62760f8
SHA256 d994bc626e00a1e1606fa80305802f7e715b88ddf836ca77288184475000addc
SHA512 fbf2fd74df12a174b723059cd31e2e8bc5f35fa5afe0bf0ca010bc6934c37202797ecca51e68ca054cf72fdad9b4368b9e70663d2d5f34af562f179c356e6b0b

memory/3836-82-0x00007FF735DC0000-0x00007FF736114000-memory.dmp

C:\Windows\System\AAIsZuS.exe

MD5 5ff2d92d927f03f1ba17f886bdfb8368
SHA1 26195ecb71cca73923456a772b0ca1db7654d192
SHA256 4d6c9951fac427b215b6f4c9680b54deee35e2506bdb9dcf43e079f640df8d6a
SHA512 e292bd4b2cc5dcc8879c9692087b44770600981244b2b10f67fccdf9ae0792a54e92cbdb0afedc9e58e2f68729d9755875bfb2601606bc311ed081d4fbfd0dba

C:\Windows\System\JTKcDhe.exe

MD5 4d9043d947526c00ee5b76d0a77b122c
SHA1 d7ed0bb03bf6e7cf24347cfddc2855e003534c73
SHA256 07854895559982ffd7726d4d607df90c5254e97bf65716a017d9ef9661c68b94
SHA512 0db6f76ec4163462b6f97141451200e00a524cfaf29ed51ef3077fbfb8c06991eb3cd29a4167546bb86edacaa1a9307770ff80422a8ce158f6c3f3dea131c8dc

C:\Windows\System\eyJVzSb.exe

MD5 d9fad808608d62ce8a9c119e37b7f478
SHA1 637c741122977d5df8c06679fe6e5b5f4038a137
SHA256 b493116537e10efabb6894f96b1c5676cb605e4796bb087784aa43c4f60ec8a3
SHA512 199abfb66dd21437a57901857484d97eb3a1220d1c3450cb10e9ae12fe31dbde4cb2eb300e654f2d412284c8dbb04c39c68248b19cfc58e3206ff4c9acceff2d

C:\Windows\System\EKmKkqp.exe

MD5 f9f925a93e2feaa08ddc6f02f0962977
SHA1 e678bd77bd7b1e03335677ea1a629867c35f60bd
SHA256 b72fdf9e85d7d3e6a03a58904e12dd153afb532a79e34f5f055e155b3f57cef8
SHA512 0df2afd9dca5fd8bf1fdd45a3fd7ac30f51f36a5942dbc072264c38059bdc60b5673d2072aa50ab53bf8e957d4a7cd4b64e6b720a4e54635f8ff30bd582f418f

memory/2588-56-0x00007FF6066B0000-0x00007FF606A04000-memory.dmp

memory/1676-52-0x00007FF7FF430000-0x00007FF7FF784000-memory.dmp

memory/4124-49-0x00007FF6E3E00000-0x00007FF6E4154000-memory.dmp

C:\Windows\System\xqkrAUV.exe

MD5 761f8a98b14c0920fa7671e21f69afe9
SHA1 ec5b1e360689710fc7382b835f4fb9624fc775b1
SHA256 845dd88f59be01283a35fcd950f9385262eb610604734e9dc6d117c04cf96012
SHA512 f947cf63a977446767db4a15bd02209f98deeb72e6a9ffea51779a7491a20d0f18385165f806a5d770933bedf755226adf07cd3652cf3771ba372fc254897cfb

memory/4980-157-0x00007FF63D1B0000-0x00007FF63D504000-memory.dmp

memory/4828-196-0x00007FF7E3C10000-0x00007FF7E3F64000-memory.dmp

C:\Windows\System\bqWpwwX.exe

MD5 bd54464e6b620fee9fd796d71e7ecb20
SHA1 a8c376b6c56dbb9f1860958248637c5968299886
SHA256 c705da820dcc90fa6642a7ae17c629d00ab7cd98d3eeb1795532ccea1f7fa4db
SHA512 c6fba161951e5fd232cbcb4f53f91fd9c2a967d9b0ecc3485a4f4377e1dd3da5fef5a120d202517ae6c4255a5fd454f37dcf64f8d9ebc14b5db859e8397efa06

C:\Windows\System\gbTqsXD.exe

MD5 64f1f2306f29baf8d2bf706d73b8f8c9
SHA1 50f794db4b082475dcbaabd94cc807f6e85f2e8e
SHA256 a4745965e8ee89e973c60ca7af7261bd200cdb6e5b8bccaedab32f558188239c
SHA512 7c06d5d3b4f197283046317425651bcbd7ac854800cec276017ebae39591f94640eb4ea3c7d814ccf41d679842b434f8f26d0684ee024a6f9a5fd422c73dcba4

C:\Windows\System\Yypogrp.exe

MD5 5e44188df59725732b0a2d29636e3da3
SHA1 08ad4d8f9867ddcd321fe0b585a076d41556b096
SHA256 711276b0c41ccf0b2b9720a79e197c045c24dcf28fc70ff488645c457702f565
SHA512 05a2926acbe485e8abe95bc53f05bc627993d39180a9f0c6cbd6be0902f5af4a1a79d5b047289ff395871f020755966d41505e1f6951748223eb5f5210a7d381

C:\Windows\System\vhFANJP.exe

MD5 e8ea8b2b7ba6556c17356f3dad3ea482
SHA1 080a1b46dfbd6074ec2d1536758e0a75d2cb9679
SHA256 ca0fd9c9fbcd9e0bf7978d0ba74d2e8fb470b689c3c1c9e844acbd49d73a9d04
SHA512 e626f7e82dd6ae6378e867b65db2ca9c1d0b659cb653958a2712990d5040657407179354bdda585724f033dc968e04e466a83d2f061c29918237a899c358a12c

memory/452-184-0x00007FF6184D0000-0x00007FF618824000-memory.dmp

C:\Windows\System\oCkaVcy.exe

MD5 a53350b0a1de463add77c115d6223bc7
SHA1 5ff2d839e5f39f08f8346ec4cd41ec678734fef6
SHA256 f6ab4a1a3cf57b6750c4c4a33efcc2726be4fbe3254a0a2b05a92f779fd80499
SHA512 a91da1e667118777ab51d8e3ab2d9497bb79a3476525119e4e0219ac52a5cccbd21f58ef91c62f048ef5b4dd1367ced8339b5afb1d35cf548ef35489b98b70e8

memory/2904-178-0x00007FF7AEB80000-0x00007FF7AEED4000-memory.dmp

memory/4144-981-0x00007FF670370000-0x00007FF6706C4000-memory.dmp

memory/3356-990-0x00007FF6E0B10000-0x00007FF6E0E64000-memory.dmp

memory/3836-1073-0x00007FF735DC0000-0x00007FF736114000-memory.dmp

memory/2588-1072-0x00007FF6066B0000-0x00007FF606A04000-memory.dmp

memory/4124-1071-0x00007FF6E3E00000-0x00007FF6E4154000-memory.dmp

memory/4436-1074-0x00007FF6D1800000-0x00007FF6D1B54000-memory.dmp

memory/3164-1078-0x00007FF783910000-0x00007FF783C64000-memory.dmp

memory/3568-1077-0x00007FF69C5C0000-0x00007FF69C914000-memory.dmp

memory/2876-1076-0x00007FF700400000-0x00007FF700754000-memory.dmp

memory/1676-1075-0x00007FF7FF430000-0x00007FF7FF784000-memory.dmp

C:\Windows\System\dwaKGea.exe

MD5 2b9f7c17f260db4293cfdf123317babe
SHA1 5b5aa0ae7fc404bfc3819cb57f624f99144af4f2
SHA256 c0d29ab9899fbb55e66d3262ad014c9a808af0915a645c5c54e847a26605e243
SHA512 bdddc857a8ebed5a36837452216cac61e60ad35bda5c13e7b740a5825b4ca50428e32c67051802f40096959130f782efbbfc43b40d73110b4d44ef1f0d1976d0

memory/544-168-0x00007FF61CD60000-0x00007FF61D0B4000-memory.dmp

C:\Windows\System\GWbgWQQ.exe

MD5 50002bb2d187e9208d7bf299d55b2553
SHA1 b14bb5ac64843d633ab9155f190bd5b39ea8c690
SHA256 6723010334beb338f0ad60e2b20f0659286368726c4d3a101e0eb1d53c860225
SHA512 5db9c9e013c2b3056b4fa12bf4be6c8589b0dd63f7ed112c6299d469584b25338776745dc9bb15688184d98eea328cd686b63598c37f122bcd59eb8b4519b010

C:\Windows\System\cOZFBDI.exe

MD5 ba37642b1e5e6e6a0a33c378f9e28662
SHA1 258e688143e6fb96e77d4f921d781d8207a7dc7e
SHA256 649cb4f18129631f2c19d311d7feb527c317b9cfd06e249643597fea4887820e
SHA512 1b65e88315e919d60acc64ae7c77057d1ca603740a0d7cac4618e96ee420e5b4144e143749d67880ba69710183db7efda8f191438a6c17b919766201004199e0

C:\Windows\System\cioAUcN.exe

MD5 4087e2ca1c405b6654d652dcb10a15b6
SHA1 1d02628d9d7f149a6efdb4ae469a0778edc174bc
SHA256 fef6104ea3fbd91352e078bbe9e90e2c59b6b5182adaad9d69873008932d86ee
SHA512 ccbb316cf4e1423da17996e8b8b31a56c6cab59cbf39a2c9957880c8cc3905e9f26fa159392cb94bb080ad7aaf36cfb8c6efeeb88e8d74b7904f0abcc2d53997

C:\Windows\System\dxhUbon.exe

MD5 cf47855b6c2850b770e969189742a04b
SHA1 1fa87dbcd681f20f56ce9c983f604bc1d6964fe4
SHA256 c880b43b6f0d1bed5e4a10f5d60dfc60e6e0b9a7498fdbb772251b8dad3fd022
SHA512 f396ff2ec0c9f48502abc68a7c510ba24998de190ed46774d54b719bbb3e872951111a9cd48e5b6dd5da08287140622daa9180e26d3a1eb66217a071a2dd10a0

memory/2060-146-0x00007FF6345F0000-0x00007FF634944000-memory.dmp

memory/4508-147-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp

C:\Windows\System\ViBqjww.exe

MD5 b14fdb72d8b5e66d475b5bb7416eca3e
SHA1 38c7d28028b967f0b8ff04819f2dde92a0ac24ca
SHA256 38072b9e7b293f9dc67ab436c6d79f299cc665f310c3b4f0a131b09e4935d32a
SHA512 71bf6f79f835470c6d8dada9fcbe353e9385d1e77c8a646aa0bb6d064e09d0efd97c2d4d83449c37920425dbaabf1fb9bd6ae7e51652ddf7f8aa71ecd66e7e26

memory/2936-134-0x00007FF611390000-0x00007FF6116E4000-memory.dmp

C:\Windows\System\GsMlRJI.exe

MD5 08b6883ba8757cb763e75c21b280b165
SHA1 766dd3f80cbbe420ffd1d90ab65346069c3ef524
SHA256 7e30b716f46342e67915971cc2ab075a1a84d4f824d27bc191090005cbb5f6e9
SHA512 ffa97b2933855b170bde249455f8d5bdbec37a0bdfb7bac21f9cdfbcf54935bd699c13ba212a3fba40b90332554be16a07f71c309707da6460441785d9a3c04f

C:\Windows\System\BnDOxzS.exe

MD5 9cc36a72d42303fea60d22e636cc1341
SHA1 74f18197efc40cce9ae2efac7be86127341102cd
SHA256 3efdbf4fa536c7fee42ade833550d5ca3272fe80a9536bae2ee9eff9605eb92f
SHA512 78860227e8e940216f6c220982f99412cce1299bee7d508f56cbe0d5ac8f321e3a9a3cdc3fdb3eca259e6e5e329a2708162ee6c585e5b201f712609622913f6e

memory/3768-41-0x00007FF7E0430000-0x00007FF7E0784000-memory.dmp

memory/2248-37-0x00007FF71B630000-0x00007FF71B984000-memory.dmp

C:\Windows\System\JZuWLyq.exe

MD5 0c89da92e37c9d438c7404696c9f0dae
SHA1 4b491dbb4e7d2cff3cf98d4de8084c87d8036476
SHA256 c34937e998b5e8c0215d096d93a19a01330decd2f4d89b1aa1c47b8595581752
SHA512 8302ac39d2f07eb131e6ecedb4227a16b689750578f1a66e498809c36031ab700b9a4c0bd5051d3f2fa7bfcadc2c9fa6c7ed8a62be63172012b24983289a61c6

memory/3356-23-0x00007FF6E0B10000-0x00007FF6E0E64000-memory.dmp

memory/4052-18-0x00007FF6CE020000-0x00007FF6CE374000-memory.dmp

C:\Windows\System\nAxeTlP.exe

MD5 de0b3e91ae26c8484ad1cfbd8b395a8d
SHA1 caf899c4feb91b29a06114db02d436b7e4225625
SHA256 44dfabbd489a5a1f8b531a0e4f647e6aeb00e24ad6e8b3d29df7bf8e2e176c2b
SHA512 16a421df29d87f122bd9b856531ba4fef6ac11dfee2b0b38b177a453da8829c057f9b17052ed530091c4d2faee0c52b0b721719bbec64cd36e14db160795d1de

memory/2060-1079-0x00007FF6345F0000-0x00007FF634944000-memory.dmp

memory/4508-1080-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp

memory/2904-1081-0x00007FF7AEB80000-0x00007FF7AEED4000-memory.dmp

memory/452-1082-0x00007FF6184D0000-0x00007FF618824000-memory.dmp

memory/4828-1083-0x00007FF7E3C10000-0x00007FF7E3F64000-memory.dmp

memory/4052-1084-0x00007FF6CE020000-0x00007FF6CE374000-memory.dmp

memory/2248-1085-0x00007FF71B630000-0x00007FF71B984000-memory.dmp

memory/3356-1086-0x00007FF6E0B10000-0x00007FF6E0E64000-memory.dmp

memory/3768-1087-0x00007FF7E0430000-0x00007FF7E0784000-memory.dmp

memory/3020-1088-0x00007FF74F6C0000-0x00007FF74FA14000-memory.dmp

memory/5064-1089-0x00007FF655C30000-0x00007FF655F84000-memory.dmp

memory/3836-1090-0x00007FF735DC0000-0x00007FF736114000-memory.dmp

memory/3964-1091-0x00007FF79F1E0000-0x00007FF79F534000-memory.dmp

memory/2588-1092-0x00007FF6066B0000-0x00007FF606A04000-memory.dmp

memory/1676-1093-0x00007FF7FF430000-0x00007FF7FF784000-memory.dmp

memory/4824-1095-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp

memory/3284-1096-0x00007FF7CAD00000-0x00007FF7CB054000-memory.dmp

memory/4124-1094-0x00007FF6E3E00000-0x00007FF6E4154000-memory.dmp

memory/3100-1103-0x00007FF784700000-0x00007FF784A54000-memory.dmp

memory/2876-1102-0x00007FF700400000-0x00007FF700754000-memory.dmp

memory/4796-1101-0x00007FF74D490000-0x00007FF74D7E4000-memory.dmp

memory/4436-1100-0x00007FF6D1800000-0x00007FF6D1B54000-memory.dmp

memory/3396-1099-0x00007FF6F1460000-0x00007FF6F17B4000-memory.dmp

memory/3164-1098-0x00007FF783910000-0x00007FF783C64000-memory.dmp

memory/3568-1097-0x00007FF69C5C0000-0x00007FF69C914000-memory.dmp

memory/2556-1104-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp

memory/2936-1105-0x00007FF611390000-0x00007FF6116E4000-memory.dmp

memory/2060-1106-0x00007FF6345F0000-0x00007FF634944000-memory.dmp

memory/4980-1107-0x00007FF63D1B0000-0x00007FF63D504000-memory.dmp

memory/544-1108-0x00007FF61CD60000-0x00007FF61D0B4000-memory.dmp

memory/4508-1109-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp

memory/2904-1110-0x00007FF7AEB80000-0x00007FF7AEED4000-memory.dmp

memory/452-1111-0x00007FF6184D0000-0x00007FF618824000-memory.dmp

memory/4828-1112-0x00007FF7E3C10000-0x00007FF7E3F64000-memory.dmp