Malware Analysis Report

2024-10-16 07:52

Sample ID 240530-f96enagc7w
Target 669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe
SHA256 552721acf71364aa6084362cb21b0f024c2ce4e40c200a7947dd32f52651a6d7
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

552721acf71364aa6084362cb21b0f024c2ce4e40c200a7947dd32f52651a6d7

Threat Level: Known bad

The file 669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

KPOT Core Executable

Kpot family

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 05:35

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 05:35

Reported

2024-05-30 05:37

Platform

win7-20240215-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cBjRjyf.exe N/A
N/A N/A C:\Windows\System\upCIcZZ.exe N/A
N/A N/A C:\Windows\System\cstLjwe.exe N/A
N/A N/A C:\Windows\System\tdZSozo.exe N/A
N/A N/A C:\Windows\System\SVgPryi.exe N/A
N/A N/A C:\Windows\System\UpZGCTV.exe N/A
N/A N/A C:\Windows\System\ShzXZGq.exe N/A
N/A N/A C:\Windows\System\ZGjILsT.exe N/A
N/A N/A C:\Windows\System\Qetuzul.exe N/A
N/A N/A C:\Windows\System\ijVcNxs.exe N/A
N/A N/A C:\Windows\System\qhGfZZv.exe N/A
N/A N/A C:\Windows\System\jtvzYTh.exe N/A
N/A N/A C:\Windows\System\Jjizhvk.exe N/A
N/A N/A C:\Windows\System\SwNugqh.exe N/A
N/A N/A C:\Windows\System\aqYbZAN.exe N/A
N/A N/A C:\Windows\System\KmVUeWp.exe N/A
N/A N/A C:\Windows\System\qsKXiBw.exe N/A
N/A N/A C:\Windows\System\MHooJtN.exe N/A
N/A N/A C:\Windows\System\OyLojRk.exe N/A
N/A N/A C:\Windows\System\fmTGGAj.exe N/A
N/A N/A C:\Windows\System\RicwSTF.exe N/A
N/A N/A C:\Windows\System\BLIxhyo.exe N/A
N/A N/A C:\Windows\System\hykjXld.exe N/A
N/A N/A C:\Windows\System\KumcumC.exe N/A
N/A N/A C:\Windows\System\CdghwET.exe N/A
N/A N/A C:\Windows\System\LAhOqzj.exe N/A
N/A N/A C:\Windows\System\NPaiaDk.exe N/A
N/A N/A C:\Windows\System\EuiSfUp.exe N/A
N/A N/A C:\Windows\System\NtnyyaZ.exe N/A
N/A N/A C:\Windows\System\WVxufff.exe N/A
N/A N/A C:\Windows\System\ddbTavc.exe N/A
N/A N/A C:\Windows\System\ntdNQIb.exe N/A
N/A N/A C:\Windows\System\LsXekQz.exe N/A
N/A N/A C:\Windows\System\AytLLZs.exe N/A
N/A N/A C:\Windows\System\HjKIviW.exe N/A
N/A N/A C:\Windows\System\UpuITBN.exe N/A
N/A N/A C:\Windows\System\pRrvyFt.exe N/A
N/A N/A C:\Windows\System\jPzLGfe.exe N/A
N/A N/A C:\Windows\System\lzGfDgL.exe N/A
N/A N/A C:\Windows\System\WooPAnd.exe N/A
N/A N/A C:\Windows\System\GjdAFmV.exe N/A
N/A N/A C:\Windows\System\eYYRFqp.exe N/A
N/A N/A C:\Windows\System\omNSZxx.exe N/A
N/A N/A C:\Windows\System\RRbIYZi.exe N/A
N/A N/A C:\Windows\System\ZBrJBql.exe N/A
N/A N/A C:\Windows\System\vpOnZwU.exe N/A
N/A N/A C:\Windows\System\uTagtaR.exe N/A
N/A N/A C:\Windows\System\kwjyYwP.exe N/A
N/A N/A C:\Windows\System\YsoRMIE.exe N/A
N/A N/A C:\Windows\System\sJacVDr.exe N/A
N/A N/A C:\Windows\System\ApPrlPc.exe N/A
N/A N/A C:\Windows\System\BaYjBPN.exe N/A
N/A N/A C:\Windows\System\QAVdJAD.exe N/A
N/A N/A C:\Windows\System\fxaJhDt.exe N/A
N/A N/A C:\Windows\System\lkXOXIC.exe N/A
N/A N/A C:\Windows\System\DwjYZaB.exe N/A
N/A N/A C:\Windows\System\arizTfx.exe N/A
N/A N/A C:\Windows\System\rnlbELK.exe N/A
N/A N/A C:\Windows\System\TfaNlLT.exe N/A
N/A N/A C:\Windows\System\CFowGfI.exe N/A
N/A N/A C:\Windows\System\HNkaRWK.exe N/A
N/A N/A C:\Windows\System\bCMuihG.exe N/A
N/A N/A C:\Windows\System\ADezFkx.exe N/A
N/A N/A C:\Windows\System\SLihXpc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\INMhzKV.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmDMugA.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qetuzul.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NPaiaDk.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddbTavc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogZHDFn.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktApgdJ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tyaQrLB.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBjRjyf.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhGfZZv.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPUnIdG.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvPjytu.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVkJLry.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\kiCWxRv.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVDxjry.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAFsTum.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOqiFCg.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZmimMj.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\awEpJaB.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCDHCJG.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\upCIcZZ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DwjYZaB.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwVudQC.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\IklGXrj.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\xkCCpDD.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WcwkqBj.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECnnbba.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSVbrAw.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\Istuxwc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkDyGIj.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\iajPkZc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\EuiSfUp.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPzLGfe.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sJacVDr.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApPrlPc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLihXpc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDYhrwN.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\xVDkUqW.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtvzYTh.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RicwSTF.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RtjGokW.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnMjUPo.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxMCtat.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHpMdWv.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYYRFqp.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUBhrBY.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\gePuqvR.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfPhRTn.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBIiMdr.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\KpRdATo.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVSuQPx.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\juIxPBj.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdZSozo.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntdNQIb.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ortCNbV.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKkttqB.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXegFyN.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVboxCl.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFKKyEa.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ioBGlev.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDpNXRn.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOhVfmb.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExKoDAH.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\FGaBWQM.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2832 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cBjRjyf.exe
PID 2832 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cBjRjyf.exe
PID 2832 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cBjRjyf.exe
PID 2832 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\upCIcZZ.exe
PID 2832 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\upCIcZZ.exe
PID 2832 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\upCIcZZ.exe
PID 2832 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cstLjwe.exe
PID 2832 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cstLjwe.exe
PID 2832 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cstLjwe.exe
PID 2832 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\tdZSozo.exe
PID 2832 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\tdZSozo.exe
PID 2832 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\tdZSozo.exe
PID 2832 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SVgPryi.exe
PID 2832 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SVgPryi.exe
PID 2832 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SVgPryi.exe
PID 2832 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\UpZGCTV.exe
PID 2832 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\UpZGCTV.exe
PID 2832 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\UpZGCTV.exe
PID 2832 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ShzXZGq.exe
PID 2832 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ShzXZGq.exe
PID 2832 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ShzXZGq.exe
PID 2832 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ZGjILsT.exe
PID 2832 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ZGjILsT.exe
PID 2832 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ZGjILsT.exe
PID 2832 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Qetuzul.exe
PID 2832 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Qetuzul.exe
PID 2832 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Qetuzul.exe
PID 2832 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ijVcNxs.exe
PID 2832 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ijVcNxs.exe
PID 2832 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ijVcNxs.exe
PID 2832 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qhGfZZv.exe
PID 2832 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qhGfZZv.exe
PID 2832 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qhGfZZv.exe
PID 2832 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Jjizhvk.exe
PID 2832 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Jjizhvk.exe
PID 2832 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\Jjizhvk.exe
PID 2832 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jtvzYTh.exe
PID 2832 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jtvzYTh.exe
PID 2832 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jtvzYTh.exe
PID 2832 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SwNugqh.exe
PID 2832 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SwNugqh.exe
PID 2832 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SwNugqh.exe
PID 2832 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qsKXiBw.exe
PID 2832 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qsKXiBw.exe
PID 2832 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qsKXiBw.exe
PID 2832 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aqYbZAN.exe
PID 2832 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aqYbZAN.exe
PID 2832 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aqYbZAN.exe
PID 2832 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\MHooJtN.exe
PID 2832 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\MHooJtN.exe
PID 2832 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\MHooJtN.exe
PID 2832 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KmVUeWp.exe
PID 2832 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KmVUeWp.exe
PID 2832 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KmVUeWp.exe
PID 2832 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\OyLojRk.exe
PID 2832 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\OyLojRk.exe
PID 2832 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\OyLojRk.exe
PID 2832 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\fmTGGAj.exe
PID 2832 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\fmTGGAj.exe
PID 2832 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\fmTGGAj.exe
PID 2832 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\RicwSTF.exe
PID 2832 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\RicwSTF.exe
PID 2832 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\RicwSTF.exe
PID 2832 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\BLIxhyo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe"

C:\Windows\System\cBjRjyf.exe

C:\Windows\System\cBjRjyf.exe

C:\Windows\System\upCIcZZ.exe

C:\Windows\System\upCIcZZ.exe

C:\Windows\System\cstLjwe.exe

C:\Windows\System\cstLjwe.exe

C:\Windows\System\tdZSozo.exe

C:\Windows\System\tdZSozo.exe

C:\Windows\System\SVgPryi.exe

C:\Windows\System\SVgPryi.exe

C:\Windows\System\UpZGCTV.exe

C:\Windows\System\UpZGCTV.exe

C:\Windows\System\ShzXZGq.exe

C:\Windows\System\ShzXZGq.exe

C:\Windows\System\ZGjILsT.exe

C:\Windows\System\ZGjILsT.exe

C:\Windows\System\Qetuzul.exe

C:\Windows\System\Qetuzul.exe

C:\Windows\System\ijVcNxs.exe

C:\Windows\System\ijVcNxs.exe

C:\Windows\System\qhGfZZv.exe

C:\Windows\System\qhGfZZv.exe

C:\Windows\System\Jjizhvk.exe

C:\Windows\System\Jjizhvk.exe

C:\Windows\System\jtvzYTh.exe

C:\Windows\System\jtvzYTh.exe

C:\Windows\System\SwNugqh.exe

C:\Windows\System\SwNugqh.exe

C:\Windows\System\qsKXiBw.exe

C:\Windows\System\qsKXiBw.exe

C:\Windows\System\aqYbZAN.exe

C:\Windows\System\aqYbZAN.exe

C:\Windows\System\MHooJtN.exe

C:\Windows\System\MHooJtN.exe

C:\Windows\System\KmVUeWp.exe

C:\Windows\System\KmVUeWp.exe

C:\Windows\System\OyLojRk.exe

C:\Windows\System\OyLojRk.exe

C:\Windows\System\fmTGGAj.exe

C:\Windows\System\fmTGGAj.exe

C:\Windows\System\RicwSTF.exe

C:\Windows\System\RicwSTF.exe

C:\Windows\System\BLIxhyo.exe

C:\Windows\System\BLIxhyo.exe

C:\Windows\System\hykjXld.exe

C:\Windows\System\hykjXld.exe

C:\Windows\System\KumcumC.exe

C:\Windows\System\KumcumC.exe

C:\Windows\System\CdghwET.exe

C:\Windows\System\CdghwET.exe

C:\Windows\System\LAhOqzj.exe

C:\Windows\System\LAhOqzj.exe

C:\Windows\System\NPaiaDk.exe

C:\Windows\System\NPaiaDk.exe

C:\Windows\System\EuiSfUp.exe

C:\Windows\System\EuiSfUp.exe

C:\Windows\System\NtnyyaZ.exe

C:\Windows\System\NtnyyaZ.exe

C:\Windows\System\WVxufff.exe

C:\Windows\System\WVxufff.exe

C:\Windows\System\ddbTavc.exe

C:\Windows\System\ddbTavc.exe

C:\Windows\System\ntdNQIb.exe

C:\Windows\System\ntdNQIb.exe

C:\Windows\System\HjKIviW.exe

C:\Windows\System\HjKIviW.exe

C:\Windows\System\LsXekQz.exe

C:\Windows\System\LsXekQz.exe

C:\Windows\System\pRrvyFt.exe

C:\Windows\System\pRrvyFt.exe

C:\Windows\System\AytLLZs.exe

C:\Windows\System\AytLLZs.exe

C:\Windows\System\jPzLGfe.exe

C:\Windows\System\jPzLGfe.exe

C:\Windows\System\UpuITBN.exe

C:\Windows\System\UpuITBN.exe

C:\Windows\System\lzGfDgL.exe

C:\Windows\System\lzGfDgL.exe

C:\Windows\System\WooPAnd.exe

C:\Windows\System\WooPAnd.exe

C:\Windows\System\GjdAFmV.exe

C:\Windows\System\GjdAFmV.exe

C:\Windows\System\eYYRFqp.exe

C:\Windows\System\eYYRFqp.exe

C:\Windows\System\omNSZxx.exe

C:\Windows\System\omNSZxx.exe

C:\Windows\System\RRbIYZi.exe

C:\Windows\System\RRbIYZi.exe

C:\Windows\System\ZBrJBql.exe

C:\Windows\System\ZBrJBql.exe

C:\Windows\System\vpOnZwU.exe

C:\Windows\System\vpOnZwU.exe

C:\Windows\System\uTagtaR.exe

C:\Windows\System\uTagtaR.exe

C:\Windows\System\kwjyYwP.exe

C:\Windows\System\kwjyYwP.exe

C:\Windows\System\YsoRMIE.exe

C:\Windows\System\YsoRMIE.exe

C:\Windows\System\sJacVDr.exe

C:\Windows\System\sJacVDr.exe

C:\Windows\System\ApPrlPc.exe

C:\Windows\System\ApPrlPc.exe

C:\Windows\System\BaYjBPN.exe

C:\Windows\System\BaYjBPN.exe

C:\Windows\System\QAVdJAD.exe

C:\Windows\System\QAVdJAD.exe

C:\Windows\System\fxaJhDt.exe

C:\Windows\System\fxaJhDt.exe

C:\Windows\System\lkXOXIC.exe

C:\Windows\System\lkXOXIC.exe

C:\Windows\System\DwjYZaB.exe

C:\Windows\System\DwjYZaB.exe

C:\Windows\System\arizTfx.exe

C:\Windows\System\arizTfx.exe

C:\Windows\System\rnlbELK.exe

C:\Windows\System\rnlbELK.exe

C:\Windows\System\TfaNlLT.exe

C:\Windows\System\TfaNlLT.exe

C:\Windows\System\CFowGfI.exe

C:\Windows\System\CFowGfI.exe

C:\Windows\System\HNkaRWK.exe

C:\Windows\System\HNkaRWK.exe

C:\Windows\System\bCMuihG.exe

C:\Windows\System\bCMuihG.exe

C:\Windows\System\ADezFkx.exe

C:\Windows\System\ADezFkx.exe

C:\Windows\System\SLihXpc.exe

C:\Windows\System\SLihXpc.exe

C:\Windows\System\Gfblzhf.exe

C:\Windows\System\Gfblzhf.exe

C:\Windows\System\mBGFmPY.exe

C:\Windows\System\mBGFmPY.exe

C:\Windows\System\XsXzasS.exe

C:\Windows\System\XsXzasS.exe

C:\Windows\System\sZmimMj.exe

C:\Windows\System\sZmimMj.exe

C:\Windows\System\JBTHaZU.exe

C:\Windows\System\JBTHaZU.exe

C:\Windows\System\BKSElbQ.exe

C:\Windows\System\BKSElbQ.exe

C:\Windows\System\sXegFyN.exe

C:\Windows\System\sXegFyN.exe

C:\Windows\System\vRUglvb.exe

C:\Windows\System\vRUglvb.exe

C:\Windows\System\GaJplzZ.exe

C:\Windows\System\GaJplzZ.exe

C:\Windows\System\MqzkXvf.exe

C:\Windows\System\MqzkXvf.exe

C:\Windows\System\FHCJakw.exe

C:\Windows\System\FHCJakw.exe

C:\Windows\System\QgtSnqN.exe

C:\Windows\System\QgtSnqN.exe

C:\Windows\System\wpOsAAo.exe

C:\Windows\System\wpOsAAo.exe

C:\Windows\System\FqxvLXc.exe

C:\Windows\System\FqxvLXc.exe

C:\Windows\System\heldaam.exe

C:\Windows\System\heldaam.exe

C:\Windows\System\VBNbCsp.exe

C:\Windows\System\VBNbCsp.exe

C:\Windows\System\TwHfTys.exe

C:\Windows\System\TwHfTys.exe

C:\Windows\System\ogZHDFn.exe

C:\Windows\System\ogZHDFn.exe

C:\Windows\System\hyrMGvG.exe

C:\Windows\System\hyrMGvG.exe

C:\Windows\System\aLtYEsk.exe

C:\Windows\System\aLtYEsk.exe

C:\Windows\System\ZHJAnJW.exe

C:\Windows\System\ZHJAnJW.exe

C:\Windows\System\rLfGlPb.exe

C:\Windows\System\rLfGlPb.exe

C:\Windows\System\mZcEeAN.exe

C:\Windows\System\mZcEeAN.exe

C:\Windows\System\VurxSRX.exe

C:\Windows\System\VurxSRX.exe

C:\Windows\System\OFRgiho.exe

C:\Windows\System\OFRgiho.exe

C:\Windows\System\fublzyv.exe

C:\Windows\System\fublzyv.exe

C:\Windows\System\nADjCnq.exe

C:\Windows\System\nADjCnq.exe

C:\Windows\System\uDpNXRn.exe

C:\Windows\System\uDpNXRn.exe

C:\Windows\System\gcqtZHA.exe

C:\Windows\System\gcqtZHA.exe

C:\Windows\System\TvMflTC.exe

C:\Windows\System\TvMflTC.exe

C:\Windows\System\DaMlEhN.exe

C:\Windows\System\DaMlEhN.exe

C:\Windows\System\ToYRLAu.exe

C:\Windows\System\ToYRLAu.exe

C:\Windows\System\GhGgduj.exe

C:\Windows\System\GhGgduj.exe

C:\Windows\System\lmMdJFr.exe

C:\Windows\System\lmMdJFr.exe

C:\Windows\System\GSqYQiG.exe

C:\Windows\System\GSqYQiG.exe

C:\Windows\System\wKqXTrQ.exe

C:\Windows\System\wKqXTrQ.exe

C:\Windows\System\COIbXew.exe

C:\Windows\System\COIbXew.exe

C:\Windows\System\KefTUtV.exe

C:\Windows\System\KefTUtV.exe

C:\Windows\System\fLsuPPx.exe

C:\Windows\System\fLsuPPx.exe

C:\Windows\System\CQSRdQL.exe

C:\Windows\System\CQSRdQL.exe

C:\Windows\System\bcsdzHd.exe

C:\Windows\System\bcsdzHd.exe

C:\Windows\System\gGsdQAU.exe

C:\Windows\System\gGsdQAU.exe

C:\Windows\System\mXNzHVS.exe

C:\Windows\System\mXNzHVS.exe

C:\Windows\System\wsoheHG.exe

C:\Windows\System\wsoheHG.exe

C:\Windows\System\MPUnIdG.exe

C:\Windows\System\MPUnIdG.exe

C:\Windows\System\RtjGokW.exe

C:\Windows\System\RtjGokW.exe

C:\Windows\System\fQLHrQv.exe

C:\Windows\System\fQLHrQv.exe

C:\Windows\System\nWPKuIL.exe

C:\Windows\System\nWPKuIL.exe

C:\Windows\System\hVboxCl.exe

C:\Windows\System\hVboxCl.exe

C:\Windows\System\QkXxEPv.exe

C:\Windows\System\QkXxEPv.exe

C:\Windows\System\BdEEgXD.exe

C:\Windows\System\BdEEgXD.exe

C:\Windows\System\BziMaYK.exe

C:\Windows\System\BziMaYK.exe

C:\Windows\System\gDZVbyg.exe

C:\Windows\System\gDZVbyg.exe

C:\Windows\System\miNrhVQ.exe

C:\Windows\System\miNrhVQ.exe

C:\Windows\System\lUBhrBY.exe

C:\Windows\System\lUBhrBY.exe

C:\Windows\System\dpRnxLj.exe

C:\Windows\System\dpRnxLj.exe

C:\Windows\System\awEpJaB.exe

C:\Windows\System\awEpJaB.exe

C:\Windows\System\QAaSPGW.exe

C:\Windows\System\QAaSPGW.exe

C:\Windows\System\gePuqvR.exe

C:\Windows\System\gePuqvR.exe

C:\Windows\System\LDYhrwN.exe

C:\Windows\System\LDYhrwN.exe

C:\Windows\System\BRcOHBf.exe

C:\Windows\System\BRcOHBf.exe

C:\Windows\System\QGZuFYg.exe

C:\Windows\System\QGZuFYg.exe

C:\Windows\System\WfPhRTn.exe

C:\Windows\System\WfPhRTn.exe

C:\Windows\System\LNkWrMb.exe

C:\Windows\System\LNkWrMb.exe

C:\Windows\System\nJTlRLl.exe

C:\Windows\System\nJTlRLl.exe

C:\Windows\System\KzRmKZi.exe

C:\Windows\System\KzRmKZi.exe

C:\Windows\System\OyEyQME.exe

C:\Windows\System\OyEyQME.exe

C:\Windows\System\phrnhrI.exe

C:\Windows\System\phrnhrI.exe

C:\Windows\System\AzbqYQm.exe

C:\Windows\System\AzbqYQm.exe

C:\Windows\System\YcSPYol.exe

C:\Windows\System\YcSPYol.exe

C:\Windows\System\NFKKyEa.exe

C:\Windows\System\NFKKyEa.exe

C:\Windows\System\ViXHJKn.exe

C:\Windows\System\ViXHJKn.exe

C:\Windows\System\KpRdATo.exe

C:\Windows\System\KpRdATo.exe

C:\Windows\System\mDpLDhx.exe

C:\Windows\System\mDpLDhx.exe

C:\Windows\System\ortCNbV.exe

C:\Windows\System\ortCNbV.exe

C:\Windows\System\ihsixPI.exe

C:\Windows\System\ihsixPI.exe

C:\Windows\System\WcwkqBj.exe

C:\Windows\System\WcwkqBj.exe

C:\Windows\System\HMcocCA.exe

C:\Windows\System\HMcocCA.exe

C:\Windows\System\oHmhvIZ.exe

C:\Windows\System\oHmhvIZ.exe

C:\Windows\System\whYiOJh.exe

C:\Windows\System\whYiOJh.exe

C:\Windows\System\uReKSdq.exe

C:\Windows\System\uReKSdq.exe

C:\Windows\System\PrDRujR.exe

C:\Windows\System\PrDRujR.exe

C:\Windows\System\xjZbZAK.exe

C:\Windows\System\xjZbZAK.exe

C:\Windows\System\mcXibuC.exe

C:\Windows\System\mcXibuC.exe

C:\Windows\System\SVkYeDm.exe

C:\Windows\System\SVkYeDm.exe

C:\Windows\System\EsqZfCD.exe

C:\Windows\System\EsqZfCD.exe

C:\Windows\System\pDEKqcT.exe

C:\Windows\System\pDEKqcT.exe

C:\Windows\System\SwVudQC.exe

C:\Windows\System\SwVudQC.exe

C:\Windows\System\xQtAYrr.exe

C:\Windows\System\xQtAYrr.exe

C:\Windows\System\RdyOHpS.exe

C:\Windows\System\RdyOHpS.exe

C:\Windows\System\RWaPVHQ.exe

C:\Windows\System\RWaPVHQ.exe

C:\Windows\System\DYHpNwi.exe

C:\Windows\System\DYHpNwi.exe

C:\Windows\System\gkDyGIj.exe

C:\Windows\System\gkDyGIj.exe

C:\Windows\System\kBzNtIL.exe

C:\Windows\System\kBzNtIL.exe

C:\Windows\System\PCMrPBQ.exe

C:\Windows\System\PCMrPBQ.exe

C:\Windows\System\rVSuQPx.exe

C:\Windows\System\rVSuQPx.exe

C:\Windows\System\ILGdZga.exe

C:\Windows\System\ILGdZga.exe

C:\Windows\System\QlMvpBH.exe

C:\Windows\System\QlMvpBH.exe

C:\Windows\System\gdEttwW.exe

C:\Windows\System\gdEttwW.exe

C:\Windows\System\WPPZcTu.exe

C:\Windows\System\WPPZcTu.exe

C:\Windows\System\ifQFyty.exe

C:\Windows\System\ifQFyty.exe

C:\Windows\System\jkDSykz.exe

C:\Windows\System\jkDSykz.exe

C:\Windows\System\botnUgZ.exe

C:\Windows\System\botnUgZ.exe

C:\Windows\System\DGJlpFY.exe

C:\Windows\System\DGJlpFY.exe

C:\Windows\System\PRufzma.exe

C:\Windows\System\PRufzma.exe

C:\Windows\System\KyCYWiL.exe

C:\Windows\System\KyCYWiL.exe

C:\Windows\System\tWWEXIH.exe

C:\Windows\System\tWWEXIH.exe

C:\Windows\System\xnMjUPo.exe

C:\Windows\System\xnMjUPo.exe

C:\Windows\System\YDCRikv.exe

C:\Windows\System\YDCRikv.exe

C:\Windows\System\HxMCtat.exe

C:\Windows\System\HxMCtat.exe

C:\Windows\System\bypbOff.exe

C:\Windows\System\bypbOff.exe

C:\Windows\System\juIxPBj.exe

C:\Windows\System\juIxPBj.exe

C:\Windows\System\NOhVfmb.exe

C:\Windows\System\NOhVfmb.exe

C:\Windows\System\RRWITAf.exe

C:\Windows\System\RRWITAf.exe

C:\Windows\System\jImwRvW.exe

C:\Windows\System\jImwRvW.exe

C:\Windows\System\fNcvrva.exe

C:\Windows\System\fNcvrva.exe

C:\Windows\System\ZBXYAIc.exe

C:\Windows\System\ZBXYAIc.exe

C:\Windows\System\cTbnsBW.exe

C:\Windows\System\cTbnsBW.exe

C:\Windows\System\cVuakRM.exe

C:\Windows\System\cVuakRM.exe

C:\Windows\System\AkUCPxp.exe

C:\Windows\System\AkUCPxp.exe

C:\Windows\System\ExKoDAH.exe

C:\Windows\System\ExKoDAH.exe

C:\Windows\System\SmATIet.exe

C:\Windows\System\SmATIet.exe

C:\Windows\System\LskBKYP.exe

C:\Windows\System\LskBKYP.exe

C:\Windows\System\vHpMdWv.exe

C:\Windows\System\vHpMdWv.exe

C:\Windows\System\LeyxgoY.exe

C:\Windows\System\LeyxgoY.exe

C:\Windows\System\kiCWxRv.exe

C:\Windows\System\kiCWxRv.exe

C:\Windows\System\UAwMPsr.exe

C:\Windows\System\UAwMPsr.exe

C:\Windows\System\EFcNiAW.exe

C:\Windows\System\EFcNiAW.exe

C:\Windows\System\OLbrKzt.exe

C:\Windows\System\OLbrKzt.exe

C:\Windows\System\HkdVNET.exe

C:\Windows\System\HkdVNET.exe

C:\Windows\System\WOGMkQz.exe

C:\Windows\System\WOGMkQz.exe

C:\Windows\System\xSgltEO.exe

C:\Windows\System\xSgltEO.exe

C:\Windows\System\UPCUZzr.exe

C:\Windows\System\UPCUZzr.exe

C:\Windows\System\SKJokAD.exe

C:\Windows\System\SKJokAD.exe

C:\Windows\System\gLtNXIN.exe

C:\Windows\System\gLtNXIN.exe

C:\Windows\System\oBIiMdr.exe

C:\Windows\System\oBIiMdr.exe

C:\Windows\System\xtluTCM.exe

C:\Windows\System\xtluTCM.exe

C:\Windows\System\FGaBWQM.exe

C:\Windows\System\FGaBWQM.exe

C:\Windows\System\jJZWDiS.exe

C:\Windows\System\jJZWDiS.exe

C:\Windows\System\PCyzIeU.exe

C:\Windows\System\PCyzIeU.exe

C:\Windows\System\ECnnbba.exe

C:\Windows\System\ECnnbba.exe

C:\Windows\System\oSDncDi.exe

C:\Windows\System\oSDncDi.exe

C:\Windows\System\ZRgZUsu.exe

C:\Windows\System\ZRgZUsu.exe

C:\Windows\System\ktApgdJ.exe

C:\Windows\System\ktApgdJ.exe

C:\Windows\System\bndjeOt.exe

C:\Windows\System\bndjeOt.exe

C:\Windows\System\yxWSvye.exe

C:\Windows\System\yxWSvye.exe

C:\Windows\System\tPsgiuz.exe

C:\Windows\System\tPsgiuz.exe

C:\Windows\System\eVkJLry.exe

C:\Windows\System\eVkJLry.exe

C:\Windows\System\TetnMRe.exe

C:\Windows\System\TetnMRe.exe

C:\Windows\System\MFRJtbZ.exe

C:\Windows\System\MFRJtbZ.exe

C:\Windows\System\MVDxjry.exe

C:\Windows\System\MVDxjry.exe

C:\Windows\System\vllKOAW.exe

C:\Windows\System\vllKOAW.exe

C:\Windows\System\LwJBmwg.exe

C:\Windows\System\LwJBmwg.exe

C:\Windows\System\HvPjytu.exe

C:\Windows\System\HvPjytu.exe

C:\Windows\System\zLWyOYC.exe

C:\Windows\System\zLWyOYC.exe

C:\Windows\System\GVBefeX.exe

C:\Windows\System\GVBefeX.exe

C:\Windows\System\ZDSHJWx.exe

C:\Windows\System\ZDSHJWx.exe

C:\Windows\System\XgCcNMN.exe

C:\Windows\System\XgCcNMN.exe

C:\Windows\System\dPdrLLA.exe

C:\Windows\System\dPdrLLA.exe

C:\Windows\System\lZQxcPs.exe

C:\Windows\System\lZQxcPs.exe

C:\Windows\System\ZRFXpty.exe

C:\Windows\System\ZRFXpty.exe

C:\Windows\System\zrscTCb.exe

C:\Windows\System\zrscTCb.exe

C:\Windows\System\aSrkIaf.exe

C:\Windows\System\aSrkIaf.exe

C:\Windows\System\PbnLOxJ.exe

C:\Windows\System\PbnLOxJ.exe

C:\Windows\System\TzRnQoT.exe

C:\Windows\System\TzRnQoT.exe

C:\Windows\System\uOqQsRC.exe

C:\Windows\System\uOqQsRC.exe

C:\Windows\System\FYKYCPC.exe

C:\Windows\System\FYKYCPC.exe

C:\Windows\System\wmqJDqG.exe

C:\Windows\System\wmqJDqG.exe

C:\Windows\System\FbffSHt.exe

C:\Windows\System\FbffSHt.exe

C:\Windows\System\KENVeZd.exe

C:\Windows\System\KENVeZd.exe

C:\Windows\System\pMRQmbP.exe

C:\Windows\System\pMRQmbP.exe

C:\Windows\System\NmMfvxL.exe

C:\Windows\System\NmMfvxL.exe

C:\Windows\System\ZRieeoD.exe

C:\Windows\System\ZRieeoD.exe

C:\Windows\System\mCdYaWC.exe

C:\Windows\System\mCdYaWC.exe

C:\Windows\System\lUKYyEd.exe

C:\Windows\System\lUKYyEd.exe

C:\Windows\System\UoMvzeO.exe

C:\Windows\System\UoMvzeO.exe

C:\Windows\System\XHUexUH.exe

C:\Windows\System\XHUexUH.exe

C:\Windows\System\WgqHsZO.exe

C:\Windows\System\WgqHsZO.exe

C:\Windows\System\ycjEVPU.exe

C:\Windows\System\ycjEVPU.exe

C:\Windows\System\TGRzFlS.exe

C:\Windows\System\TGRzFlS.exe

C:\Windows\System\PwufjSQ.exe

C:\Windows\System\PwufjSQ.exe

C:\Windows\System\psmDRfI.exe

C:\Windows\System\psmDRfI.exe

C:\Windows\System\xVDkUqW.exe

C:\Windows\System\xVDkUqW.exe

C:\Windows\System\bOQPwqK.exe

C:\Windows\System\bOQPwqK.exe

C:\Windows\System\djocaLy.exe

C:\Windows\System\djocaLy.exe

C:\Windows\System\IDjwcFo.exe

C:\Windows\System\IDjwcFo.exe

C:\Windows\System\CDrgNUI.exe

C:\Windows\System\CDrgNUI.exe

C:\Windows\System\OGdUPjy.exe

C:\Windows\System\OGdUPjy.exe

C:\Windows\System\iyZITcE.exe

C:\Windows\System\iyZITcE.exe

C:\Windows\System\yKDARLs.exe

C:\Windows\System\yKDARLs.exe

C:\Windows\System\IlAAMjU.exe

C:\Windows\System\IlAAMjU.exe

C:\Windows\System\xQGoLMY.exe

C:\Windows\System\xQGoLMY.exe

C:\Windows\System\sOyxMAy.exe

C:\Windows\System\sOyxMAy.exe

C:\Windows\System\tyaQrLB.exe

C:\Windows\System\tyaQrLB.exe

C:\Windows\System\PwSxeoV.exe

C:\Windows\System\PwSxeoV.exe

C:\Windows\System\rSAIpTC.exe

C:\Windows\System\rSAIpTC.exe

C:\Windows\System\FSVlsWI.exe

C:\Windows\System\FSVlsWI.exe

C:\Windows\System\ioBGlev.exe

C:\Windows\System\ioBGlev.exe

C:\Windows\System\GKkttqB.exe

C:\Windows\System\GKkttqB.exe

C:\Windows\System\jWWHRdG.exe

C:\Windows\System\jWWHRdG.exe

C:\Windows\System\LAFsTum.exe

C:\Windows\System\LAFsTum.exe

C:\Windows\System\oPQHMmy.exe

C:\Windows\System\oPQHMmy.exe

C:\Windows\System\jGvFfWG.exe

C:\Windows\System\jGvFfWG.exe

C:\Windows\System\nDUFXzL.exe

C:\Windows\System\nDUFXzL.exe

C:\Windows\System\TZAJbAU.exe

C:\Windows\System\TZAJbAU.exe

C:\Windows\System\jcVrmax.exe

C:\Windows\System\jcVrmax.exe

C:\Windows\System\IzRzGLt.exe

C:\Windows\System\IzRzGLt.exe

C:\Windows\System\VOqiFCg.exe

C:\Windows\System\VOqiFCg.exe

C:\Windows\System\bQXFGRC.exe

C:\Windows\System\bQXFGRC.exe

C:\Windows\System\iajPkZc.exe

C:\Windows\System\iajPkZc.exe

C:\Windows\System\OFmdVNL.exe

C:\Windows\System\OFmdVNL.exe

C:\Windows\System\sXRBbGv.exe

C:\Windows\System\sXRBbGv.exe

C:\Windows\System\FlnFRza.exe

C:\Windows\System\FlnFRza.exe

C:\Windows\System\yiTSEWs.exe

C:\Windows\System\yiTSEWs.exe

C:\Windows\System\QQdeIbq.exe

C:\Windows\System\QQdeIbq.exe

C:\Windows\System\MYmZKTd.exe

C:\Windows\System\MYmZKTd.exe

C:\Windows\System\jjMMSrW.exe

C:\Windows\System\jjMMSrW.exe

C:\Windows\System\RSVbrAw.exe

C:\Windows\System\RSVbrAw.exe

C:\Windows\System\OGcwCsP.exe

C:\Windows\System\OGcwCsP.exe

C:\Windows\System\UWPtRyF.exe

C:\Windows\System\UWPtRyF.exe

C:\Windows\System\yoGXEXf.exe

C:\Windows\System\yoGXEXf.exe

C:\Windows\System\JWRthat.exe

C:\Windows\System\JWRthat.exe

C:\Windows\System\zYdcTPb.exe

C:\Windows\System\zYdcTPb.exe

C:\Windows\System\nHJbLKu.exe

C:\Windows\System\nHJbLKu.exe

C:\Windows\System\Istuxwc.exe

C:\Windows\System\Istuxwc.exe

C:\Windows\System\nKLYQji.exe

C:\Windows\System\nKLYQji.exe

C:\Windows\System\RCDHCJG.exe

C:\Windows\System\RCDHCJG.exe

C:\Windows\System\PgvXNRK.exe

C:\Windows\System\PgvXNRK.exe

C:\Windows\System\soDjYPj.exe

C:\Windows\System\soDjYPj.exe

C:\Windows\System\IklGXrj.exe

C:\Windows\System\IklGXrj.exe

C:\Windows\System\vtrLRQR.exe

C:\Windows\System\vtrLRQR.exe

C:\Windows\System\uUNsXsj.exe

C:\Windows\System\uUNsXsj.exe

C:\Windows\System\GNhADOq.exe

C:\Windows\System\GNhADOq.exe

C:\Windows\System\xkCCpDD.exe

C:\Windows\System\xkCCpDD.exe

C:\Windows\System\drGLkjX.exe

C:\Windows\System\drGLkjX.exe

C:\Windows\System\MVEvnlI.exe

C:\Windows\System\MVEvnlI.exe

C:\Windows\System\fFsFFjD.exe

C:\Windows\System\fFsFFjD.exe

C:\Windows\System\pSpyYMc.exe

C:\Windows\System\pSpyYMc.exe

C:\Windows\System\uSXGuwN.exe

C:\Windows\System\uSXGuwN.exe

C:\Windows\System\hVsoZKK.exe

C:\Windows\System\hVsoZKK.exe

C:\Windows\System\cZuNDhx.exe

C:\Windows\System\cZuNDhx.exe

C:\Windows\System\INMhzKV.exe

C:\Windows\System\INMhzKV.exe

C:\Windows\System\ljJKkbK.exe

C:\Windows\System\ljJKkbK.exe

C:\Windows\System\PIagclh.exe

C:\Windows\System\PIagclh.exe

C:\Windows\System\BmDMugA.exe

C:\Windows\System\BmDMugA.exe

C:\Windows\System\ZVEoqsk.exe

C:\Windows\System\ZVEoqsk.exe

C:\Windows\System\pmLreGy.exe

C:\Windows\System\pmLreGy.exe

C:\Windows\System\PqDoXsn.exe

C:\Windows\System\PqDoXsn.exe

C:\Windows\System\VdhNdNX.exe

C:\Windows\System\VdhNdNX.exe

C:\Windows\System\nZFTTlH.exe

C:\Windows\System\nZFTTlH.exe

C:\Windows\System\VNkySsp.exe

C:\Windows\System\VNkySsp.exe

C:\Windows\System\YFINqGw.exe

C:\Windows\System\YFINqGw.exe

C:\Windows\System\pMSOszk.exe

C:\Windows\System\pMSOszk.exe

C:\Windows\System\DDzjCkX.exe

C:\Windows\System\DDzjCkX.exe

C:\Windows\System\WxviPwr.exe

C:\Windows\System\WxviPwr.exe

C:\Windows\System\UttKbLa.exe

C:\Windows\System\UttKbLa.exe

C:\Windows\System\FQhFDQB.exe

C:\Windows\System\FQhFDQB.exe

C:\Windows\System\vPGWTaW.exe

C:\Windows\System\vPGWTaW.exe

C:\Windows\System\MwzOggT.exe

C:\Windows\System\MwzOggT.exe

C:\Windows\System\wjYsekI.exe

C:\Windows\System\wjYsekI.exe

C:\Windows\System\OaLdVmp.exe

C:\Windows\System\OaLdVmp.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2832-0-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2832-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\cBjRjyf.exe

MD5 90bf1bdd4d6938da36a2b3215f38c390
SHA1 0ef2613849b843c9df4de0d141b8d977012fc86e
SHA256 48c534cdc54c061f349896cb19b3e95874ebc5eafee9aa835e69a24eba363a77
SHA512 d37e3099a861c9a0033361fb2124b0736ad648517de57ab17cfdacd16e6376e53b335d5fafd8e8fdf633e9519aab7836812d84d49fdc9ce74eeb769a1da51600

C:\Windows\system\upCIcZZ.exe

MD5 1cef1978f837e98aa6465e1de9eeeb79
SHA1 3869b1c4b9a0a0438d5ca83a963680f9923f3b69
SHA256 4d21672a167bfa3f99cc5bbfe9dd225656395ec3e7de4b86a792294a94d00e81
SHA512 cfa50072b517b7b031d5943a79de50a1b49b4b892475d1cc4327bddf4f7fd543d8684099195c5f026f09b071ca15e807e59ac07ab6f7fc05e66a8fc226f48105

memory/1996-15-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2832-13-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2212-11-0x000000013FDE0000-0x0000000140134000-memory.dmp

\Windows\system\cstLjwe.exe

MD5 2c31b6498e922e93828b99a27d3d4c46
SHA1 63ad6a1f799baf8bc85d05490329252cc6fd3cca
SHA256 cc59debc09559248576a7d3ae67e51618b9f64b7977e4777aab8a5f9cf7ca2c7
SHA512 c8bd500a4d9461b1e73dbbbb22e1b7bdc85ba2ac2c24b0f468770da85b595843199a118f13acc82cc4451ac8e7526e3ae1acee58d2b000ea0d0757d3a270b8af

memory/2312-22-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2832-21-0x000000013F4F0000-0x000000013F844000-memory.dmp

C:\Windows\system\tdZSozo.exe

MD5 965a0ffb0ed8b760047a44c507a3591a
SHA1 fe60832981bbd9d62acca67f8962958d2ad7be2c
SHA256 022c4ac40705f10cdcac21f93cfe633890ae38bf63b2bc6b5fef3b7a153e0cda
SHA512 b559db5ebeb13a82a76aca9ac180f5ea245d5554d2d7eedae3a513d8b8e27293d58f06238c54f79153d6807d1d23a379024d04f26b8b571b0397caa974e142e1

memory/2832-32-0x000000013F940000-0x000000013FC94000-memory.dmp

C:\Windows\system\SVgPryi.exe

MD5 1a98a7538486a9562239a30ebc96e273
SHA1 1a27280892755e918675195d5e9aa56309765869
SHA256 84e4a9afe30fbe08a77aeeb3ec7bf39f43bf8756cbf10ddfc68c4198e86f8907
SHA512 6eb3f2dd3e15752bfecc9ea7ce6d227e795cc182f1ae13a645f9eec7707b2adf480c02e385115eb746fa65788637c642558da543e8de2f9f1b892b62c11296a0

C:\Windows\system\UpZGCTV.exe

MD5 0b93397ebc608445086f5cd4380ddf96
SHA1 eeb6d0076c1bfa946b79856e5ea20d59eb4c980a
SHA256 23f545f38d1e27b983b27b5e4f1cbf444752283c81f5051f87845bde32ae40b0
SHA512 ca740575eb831e41309e550044fd065515bf986f11e2cf5b689b726b89088974e593d3cde66a0c393e176eb222e98edc650e6219d8140404e3a6f6b5f3cbc8c5

memory/2832-42-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2604-43-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2832-41-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2516-39-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2500-37-0x000000013F940000-0x000000013FC94000-memory.dmp

C:\Windows\system\ZGjILsT.exe

MD5 32e601d46f2265fa74a4c435ee31822d
SHA1 f5f482738365862740ec49bed07c67a6593d1ac5
SHA256 9a8e976efdd738b8267add949a55c5fbff51d0f77d9ca9baed768a6145ef83e6
SHA512 2fac0ee2f197965088db91d26ce31e4be03784aee6a409cbbc442d33196b3579b308ab8146438635762bd897fa08fcf3b656c57467a83fa2a73da1467df9b0a0

memory/1560-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp

\Windows\system\ShzXZGq.exe

MD5 98496c0147413067bea0943343c56c1f
SHA1 55b5c3b813218ad4a213d72cbb31e7aa6a6f63f4
SHA256 02d9d0775ce31c41b3cfd25adc27e702ec4c06ded63e82e0a06e18f370f50cfa
SHA512 8c03548b1c67f23b5001d83e8cf78eeaa0cda36caaa0a4e5a60636a40c59ea72f84c1592a97c63ec6e60198d9d7ff6afb46f768a2ede05759b360d5bd394a92d

memory/2832-61-0x000000013FEF0000-0x0000000140244000-memory.dmp

C:\Windows\system\Qetuzul.exe

MD5 4b1daea93ee8802611a55e37f680476a
SHA1 3ef21227b859d6ff2350729e080ebb7d4d2e7f9b
SHA256 bacdb004dabf28e388c39c1bfd6df9eccf8b558f8c08eb64b709022f1a7fa9f2
SHA512 bfbb7778a27f2597f83616ef9432d3e463702b7ec0512751a49bd44c82894aac736ce85eb2f196ca70816def2bf26362eb51d6beacaf4a69418ee5faf798c501

memory/2452-62-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2720-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2832-48-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2832-55-0x000000013FAC0000-0x000000013FE14000-memory.dmp

C:\Windows\system\ijVcNxs.exe

MD5 5c852ef2d5f2294218adb1e4acca131f
SHA1 b71076a6f813dec1948b68419281e55d2ec41282
SHA256 25060bc556151adc8ee2e9c850e32471939776c5f6c356cd6b5199dc689f14db
SHA512 99062bae98f4d520452a215e387f6528a31e85509b63f4bbec592c32ba80906d13cdd2673ae405c6fc40f95a6bca9b8ee9587eb1e0ea2b67fb013fac5cd0e9b1

C:\Windows\system\Jjizhvk.exe

MD5 3e1f7feec6f71e3f93d26eb22b0a07d1
SHA1 b8b2f403dd2578ac73b5df5d51709b35c3c39375
SHA256 3f06f919653b62f21b09635b46af3ce9beaabb033323d41c73e84832c4ed35b2
SHA512 5acebc121838987a5c5a0d8717f8f6aca8cb64ec71c5c7ad612422fbd8160cced6edfe1356fc3f3f827142822ad2d090cab35b606d189221d2cdf9b7afe65762

\Windows\system\aqYbZAN.exe

MD5 5246aa3ca0fcc6bfb26f2a3c99820bae
SHA1 cd22ded4d3b76fd2b49a000d2375a28abcc90575
SHA256 9052299ed8d7d508b21b6986fd9e7bebb01e1d0fac6579fe687086afaf97808b
SHA512 35749b754c81a81079d2f20848dc3572b0d7edfdfaf9f2564271877ac9c6bb0b8bc82590cb6ea5c5af187832f0161f1c7c47f91a50ebccdb3a9eb3643d143a20

\Windows\system\KmVUeWp.exe

MD5 b0ec968c6bae0c77831c7477937be634
SHA1 a85c854ad56dbf745259e10f46c424b7856b2590
SHA256 2b4b32b9810d95f9d214a634f3e5faae6fb5c67d689c7036590dd1270f627a1f
SHA512 a7647dd018b85b82e762bd3e079b77b7ab0746493acdeaa89153215e4c7622898787dab445c8a2b1b2cbd796c9591ca84fe107607f76372b604e9b046752554f

C:\Windows\system\qsKXiBw.exe

MD5 76a2e0b8e28b64146e55423e38ffa293
SHA1 ad7d0c634c00278e91eca0db6bd9b5920b042a1a
SHA256 1091f42c0f00c490c8d2aab51f3a5b92425e71b7e1f2d3bfffe51bd9a487202c
SHA512 c849a8253f3bbd8472c029493e8cb0144cfada25d3247c2dfd105edb68bc77ebd80f6122eb51aaf0bbfb2e48c05dd8f16ca0b2b463c03ec08a6d339c2d070800

memory/2832-99-0x000000013F1B0000-0x000000013F504000-memory.dmp

C:\Windows\system\BLIxhyo.exe

MD5 137b5d890b09267a7968c1bb3d792475
SHA1 b90e0f35322844db10833fd7254075327c1aa289
SHA256 6e395d1ba2c0bf18d7f3180b7a3b742992c2260f1dc2a3c965b75dacd875e7c4
SHA512 c0f43eb1b63a56988ba08dd9d9a11577bf7d4b062ac47f72c45a3a6966c08fcf75ecb931f63fd1db8310f476dbbd4e9c216d8da02d29415af38bd8106bc10f55

C:\Windows\system\KumcumC.exe

MD5 aa6552db3e43ae62353507f3b54d4f90
SHA1 ac75bdaeaa6e48407c206796b8af5cbb5b7ff269
SHA256 0ca23f31321f66c20d0173b9a560fac37e4c213b4ff4aaeefa53cc398742a6f6
SHA512 74631c0a276e1b3cc3786c940deff4f6f9a66f6442096c21f801fc3a1ca83303f539d370c7d795b015bb398e59b01520fb8cb9ff8a44928a44f212130c0b6854

C:\Windows\system\WVxufff.exe

MD5 bc610d4c208a551714e59a45022da82e
SHA1 2e7ed16e28ab89b832be4f33907edff0762769f0
SHA256 153345a2ceea42c1c86db6aaa5ceb87c635bbd73423ac8bed31ce1bc7b5d50a3
SHA512 08920b411d7e8b4e3c3df9ca98a89f7818abca641df411ca69e763c8cbd99539507dc53dfef66200356902048f5a860a3499d9f81ad091f2057631879d88beac

C:\Windows\system\ddbTavc.exe

MD5 fa8210905032194a886530c0c55a9a33
SHA1 1483774d0fb013822fe45a1ffbd9d96aa23177d5
SHA256 fa77eedc5eeed2b154be5ad11c3b93115a9afe9a44497dbdbc389cd6f9856573
SHA512 6d6611e1a1d5bf54dd6bad7c7da70878338d749c0ec44075e4b16db00f14793c83ab50797c1191dd276149ac5183e905d65ac567d9e8301db9065fe5689b7b15

memory/2832-400-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1996-1067-0x000000013F790000-0x000000013FAE4000-memory.dmp

C:\Windows\system\NtnyyaZ.exe

MD5 7a195b8a112c64a6cf35709a91683856
SHA1 1d1febb3f5abaf73f44e3494c2bed9a3e45c794a
SHA256 9a1377de6ae3d498e2c1227c8828922af8c9ba866a5ad18a1d3ca3bab71de785
SHA512 ddd485444561c351d34db5a819a4397df023cf1d22a2b830c31b9bd5bea9b86a3d9f989137ca2246bbcc18a96f89da59f27dec3826b3ac0968a7c6e403d4c863

C:\Windows\system\NPaiaDk.exe

MD5 8c365bc6bc435ded576528894dc7bada
SHA1 be314947f7179f2b415885bec79668df77c9f6a2
SHA256 0993446291030d71c9b6c598572eaf2fc93eb0997768a7f7db17638f46074c7f
SHA512 6385ec1617842b1f33c2555deb8d1f22a17cf5972fe0247e35705630cb344ce58ca0a11a3df0fc5d1e5a1b0fdf84a90a325e00230f46a083530377c8e8242ba9

C:\Windows\system\ntdNQIb.exe

MD5 d03ce91a9fe2a5f2e9b79914ac8833fc
SHA1 e45acb17a296975a7b35ca2d5ece3505cb71445a
SHA256 a8b986c9429f8075a607b3bbd6358478f2c13bc16910c879afe84eccd567893e
SHA512 d7389d5ff16356aec11a1325d652f7d77eeda7c9327093c3a2916483bf36f0c0c63948fed843544b77270e952790012232c2bc7e25ac98d6419f0fb8b6df15c5

C:\Windows\system\EuiSfUp.exe

MD5 fc12086857167ed51b0a88fdd27b358b
SHA1 51f8a8a7ef13a25570db29b886f2ca17b12fadf8
SHA256 653a27948b70fe750ba440e95759eae5ef697778e1877f4f5c1541b03bda19c5
SHA512 c9d69ea0148990d9dd232bcff0674994a631e331044702707fdfd366dad393de4590593e5d2a89361ed6ead46513afa0c6522c3d05bb5a7d19c9979153411607

C:\Windows\system\CdghwET.exe

MD5 a19b32f61ad16b27ea5f97daa4f5dc7c
SHA1 7789442d5a945be19b8e773026a9c2b911f3f7d2
SHA256 36ac422ae8ab6715836ebc251941a73ab2bdacc2eee3ff6fdadd3a870dfd9621
SHA512 d7f42faecafb1088065abd1cfc3f4b8907589ee019c1cb318448ef02390e7b30818a4128b906c95e94f81f20d45078f689f28b2da4b12241a3895546e41e0440

C:\Windows\system\LAhOqzj.exe

MD5 6577f5b27393cca8cffb062eec8aadce
SHA1 e0bba28e65a4a4008b22c75e760683f500aba0dd
SHA256 b520695a85b387ae8384a08fddb90dea264369e92e0c6d6cad673f9b1c80456f
SHA512 401bfe07e8974bd17a54e63ddab572201345cdc5d37361a3012e0462ae014430e5087f47698e53eaf69209fe4655b416982c6477fb41e4df116f8f71ce3d739f

C:\Windows\system\hykjXld.exe

MD5 beab8c08199a88ab741e48c747d613f9
SHA1 1b672acaa09f90031d25292f9e1e3c8df32efbd6
SHA256 3a6bc3c5ef086f8d7a6661780b8105bc7798f89fff6c2a4af3a3394e2952ba14
SHA512 255f45d2337509541d3ceed4fd2af0ff587c7a147cb6c73438cde8c0198705d6a6d5324df684c3282bf8958bf6abef39e174363f0ae40462fdf8c273339cb255

C:\Windows\system\RicwSTF.exe

MD5 a717c54d9d54fb1379a199d698b957cc
SHA1 6f7be043f0ede2e86fe7a097df69e7824c161cae
SHA256 17b6b23a5e83da2464603602e06e0edb7e82d1d2bb46607010eb185b05cb6139
SHA512 7cdfe529368633e626539483c536b567efc9fcc0ea66e1f6a17631135f9dc6d223d8bc184b73f81a781527030a37a2d2132c7ba302e0398cc8e199d2489d2415

C:\Windows\system\OyLojRk.exe

MD5 17447d491bc8778a6cfa622b87da3387
SHA1 9eb8aae4116772fe480b5feaf47a234bb3ca97bb
SHA256 95b50ba747784d9352511e14fe7922bf599b878a3509f10724d68d4c829998ba
SHA512 881af779b327f55e74acfa4a1bc410e7cfd1d52b5569e6e362677162f68c400a70bd0cd10357008631fd7af8b28b41c0126eb5395df6772cb0182d3a25855aac

C:\Windows\system\MHooJtN.exe

MD5 5f402969acbf3bcab271f99aa29713cf
SHA1 95fde76ea269780e387a72388d9cd782c15f0d00
SHA256 c0be0a4229de96a37aa2cde0e11534c8933c80ea91ee5a1d5cb96c4db4146f40
SHA512 952cdfd05b1b1c493c9fa649cc584363ff9b428498720c505526ec31fe53d7e86ea677378317278065a7ab6d6dcfecd705967c26d3f9673385e1c0cac29d6a20

C:\Windows\system\fmTGGAj.exe

MD5 6992ebcf98da9eb10514200eda205fa4
SHA1 d460e4206cd10863597224a63da98babf0d27647
SHA256 1a31597640c6291dcf003f695e039d42423747ca49163f846e0a3a577bc3e0ac
SHA512 6779ac5ad4c9ab994c11e8c9dd38327fa7f420b145870e5de5b27227d01264390aa82fe89debc14f2f26c0b6486ec90c1d79b40857f9d551f8b2d3b01b2354b6

memory/1908-108-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2832-105-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2864-97-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/1964-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2528-95-0x000000013FE40000-0x0000000140194000-memory.dmp

C:\Windows\system\SwNugqh.exe

MD5 b7573a8dc67371bcdaa06bf636373290
SHA1 c7fd777b69cc7ea894bf7789069119d941d7c5ba
SHA256 d804bfa0f78d0a33a77262be856d92a3aa4ac0d89a70f48dcc2f87d4b6a6a59b
SHA512 c9a14461ae25d6c171292e41a36c74a8d50bb9ca8f8f7d07ce3b207726f9d76d7a3dc0ae86e6f2901c11f5e863bde8edd78748af22f1c642b914d70818ae7cff

memory/2420-93-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2832-84-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2212-69-0x000000013FDE0000-0x0000000140134000-memory.dmp

C:\Windows\system\jtvzYTh.exe

MD5 1d4cef6253730f16b69c43afde8a8d4b
SHA1 a0eb2512681da33b7137703ea682a1266c09e2f5
SHA256 476fb004c5c639c4f8452444988d628e4f53b6351195dd8f18a601d648ca175f
SHA512 8fc6b3c20058b95f69ed47d3dea4e2faed4bcc6247cbedc1c644dc78caefd19b6345f16cf30b965117043d8c45da61a078a7770d89421a8f56b3a57406d137e3

C:\Windows\system\qhGfZZv.exe

MD5 d36c639a807f4e2f78eda2eb33020571
SHA1 e5dacf5473a2c1de3bc42fff8c397b791b2e1903
SHA256 7208bdb72728302c93b6ac9e62315b8d582d465e960b2477757696456c0ebf88
SHA512 6694049c5dd89d91c9a31fdb7f9c47f816d78152c4519e74c9998c2f01a3208f032de797a0d3340875d764503da338d6eab5c70014e96f6a16c92484c29f14b7

memory/2720-1068-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1560-1069-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2832-1070-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2452-1071-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2832-1072-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2832-1073-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2212-1074-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/1996-1075-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2312-1076-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2516-1077-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2500-1078-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2604-1079-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2720-1080-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1560-1081-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2452-1082-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2528-1083-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2420-1084-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2864-1085-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/1964-1086-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1908-1087-0x000000013FB20000-0x000000013FE74000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 05:35

Reported

2024-05-30 05:38

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wvYNbud.exe N/A
N/A N/A C:\Windows\System\xyPQpMT.exe N/A
N/A N/A C:\Windows\System\NmQxSPF.exe N/A
N/A N/A C:\Windows\System\KkElKRV.exe N/A
N/A N/A C:\Windows\System\SrGdHTS.exe N/A
N/A N/A C:\Windows\System\qRBlqFq.exe N/A
N/A N/A C:\Windows\System\RWaZVgd.exe N/A
N/A N/A C:\Windows\System\MYKxsVo.exe N/A
N/A N/A C:\Windows\System\hNPsKdI.exe N/A
N/A N/A C:\Windows\System\aDNsIWB.exe N/A
N/A N/A C:\Windows\System\cRqHPfR.exe N/A
N/A N/A C:\Windows\System\AcIehls.exe N/A
N/A N/A C:\Windows\System\NjDZFAQ.exe N/A
N/A N/A C:\Windows\System\YsCWYNn.exe N/A
N/A N/A C:\Windows\System\TFPBddf.exe N/A
N/A N/A C:\Windows\System\kArIgwN.exe N/A
N/A N/A C:\Windows\System\IbmOAZA.exe N/A
N/A N/A C:\Windows\System\BYpbjzn.exe N/A
N/A N/A C:\Windows\System\lcEMChz.exe N/A
N/A N/A C:\Windows\System\KMOVdmE.exe N/A
N/A N/A C:\Windows\System\aEPOwRS.exe N/A
N/A N/A C:\Windows\System\ttLeNee.exe N/A
N/A N/A C:\Windows\System\tVBAGKt.exe N/A
N/A N/A C:\Windows\System\IddTmdu.exe N/A
N/A N/A C:\Windows\System\OqNaron.exe N/A
N/A N/A C:\Windows\System\jVjQDFx.exe N/A
N/A N/A C:\Windows\System\IhxXyFZ.exe N/A
N/A N/A C:\Windows\System\ApVHkxv.exe N/A
N/A N/A C:\Windows\System\jKLDTXp.exe N/A
N/A N/A C:\Windows\System\TOdPXTT.exe N/A
N/A N/A C:\Windows\System\JuMTTrQ.exe N/A
N/A N/A C:\Windows\System\kPcLLBq.exe N/A
N/A N/A C:\Windows\System\GZYXPUz.exe N/A
N/A N/A C:\Windows\System\grAdhid.exe N/A
N/A N/A C:\Windows\System\HAKAVQW.exe N/A
N/A N/A C:\Windows\System\nSyZtOi.exe N/A
N/A N/A C:\Windows\System\SyWuqwr.exe N/A
N/A N/A C:\Windows\System\hZnSKnx.exe N/A
N/A N/A C:\Windows\System\PpDVsht.exe N/A
N/A N/A C:\Windows\System\lMyEdqo.exe N/A
N/A N/A C:\Windows\System\zhpjMbg.exe N/A
N/A N/A C:\Windows\System\rfbAfju.exe N/A
N/A N/A C:\Windows\System\gUkymsb.exe N/A
N/A N/A C:\Windows\System\GifLfEE.exe N/A
N/A N/A C:\Windows\System\tIDBChS.exe N/A
N/A N/A C:\Windows\System\BNIoEGC.exe N/A
N/A N/A C:\Windows\System\TcdjBLX.exe N/A
N/A N/A C:\Windows\System\EEamfqj.exe N/A
N/A N/A C:\Windows\System\oqzvIWc.exe N/A
N/A N/A C:\Windows\System\jgFhSfJ.exe N/A
N/A N/A C:\Windows\System\yYGCflP.exe N/A
N/A N/A C:\Windows\System\roKIApx.exe N/A
N/A N/A C:\Windows\System\TNGpvxQ.exe N/A
N/A N/A C:\Windows\System\bxNTsEw.exe N/A
N/A N/A C:\Windows\System\wYBEzCq.exe N/A
N/A N/A C:\Windows\System\LUrHgZs.exe N/A
N/A N/A C:\Windows\System\oRlpabN.exe N/A
N/A N/A C:\Windows\System\ZDYPqDT.exe N/A
N/A N/A C:\Windows\System\TWGotvU.exe N/A
N/A N/A C:\Windows\System\tCYuete.exe N/A
N/A N/A C:\Windows\System\uPJnHKP.exe N/A
N/A N/A C:\Windows\System\msmctsn.exe N/A
N/A N/A C:\Windows\System\UsGwTgC.exe N/A
N/A N/A C:\Windows\System\wGoiKdH.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MpyzfHM.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJzysBC.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDDENrh.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjBpRnN.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVkXuwh.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDeNEao.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bSNuNqo.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPDPbJk.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbLJoDH.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlKOfsy.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcIehls.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcZAnAO.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\wFBOcHc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYGCflP.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtIIQBA.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvdhGTU.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\EgWZXKT.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DooDQbo.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYpbjzn.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAKAVQW.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcdjBLX.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWbDMAU.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\jsIGEjW.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqDwKkY.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohXWjFu.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfbAfju.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlYfQtY.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMzMiKA.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VfbokEV.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMROGSe.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdMJhVT.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmrzfby.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSVgrfx.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\VEiBdWJ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\udHpSTc.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDWFppg.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCSvdJb.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKgmLvL.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tStnkxF.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjcavXr.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\iORUHcm.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIJhqPM.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdQBaoQ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmTmqkh.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFSOcfC.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMEWaJE.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEdTBjQ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbmOAZA.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUrHgZs.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\lLQgVQR.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\DarsgpX.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYmWmxd.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\OaboVpv.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNGpvxQ.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\wGoiKdH.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\Nuincjn.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\vswEDjP.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\FIlOLlu.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\zmainbe.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwrvSOK.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEMvOKu.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDRGgrx.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\kphZRon.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGNiYor.exe C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3544 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\wvYNbud.exe
PID 3544 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\wvYNbud.exe
PID 3544 wrote to memory of 5280 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\xyPQpMT.exe
PID 3544 wrote to memory of 5280 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\xyPQpMT.exe
PID 3544 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\NmQxSPF.exe
PID 3544 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\NmQxSPF.exe
PID 3544 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KkElKRV.exe
PID 3544 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KkElKRV.exe
PID 3544 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SrGdHTS.exe
PID 3544 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\SrGdHTS.exe
PID 3544 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qRBlqFq.exe
PID 3544 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\qRBlqFq.exe
PID 3544 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\RWaZVgd.exe
PID 3544 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\RWaZVgd.exe
PID 3544 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\hNPsKdI.exe
PID 3544 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\hNPsKdI.exe
PID 3544 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\MYKxsVo.exe
PID 3544 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\MYKxsVo.exe
PID 3544 wrote to memory of 5452 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aDNsIWB.exe
PID 3544 wrote to memory of 5452 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aDNsIWB.exe
PID 3544 wrote to memory of 5632 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cRqHPfR.exe
PID 3544 wrote to memory of 5632 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\cRqHPfR.exe
PID 3544 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\AcIehls.exe
PID 3544 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\AcIehls.exe
PID 3544 wrote to memory of 5316 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\NjDZFAQ.exe
PID 3544 wrote to memory of 5316 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\NjDZFAQ.exe
PID 3544 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\YsCWYNn.exe
PID 3544 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\YsCWYNn.exe
PID 3544 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\TFPBddf.exe
PID 3544 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\TFPBddf.exe
PID 3544 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\kArIgwN.exe
PID 3544 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\kArIgwN.exe
PID 3544 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IbmOAZA.exe
PID 3544 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IbmOAZA.exe
PID 3544 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\BYpbjzn.exe
PID 3544 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\BYpbjzn.exe
PID 3544 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\lcEMChz.exe
PID 3544 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\lcEMChz.exe
PID 3544 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KMOVdmE.exe
PID 3544 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\KMOVdmE.exe
PID 3544 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aEPOwRS.exe
PID 3544 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\aEPOwRS.exe
PID 3544 wrote to memory of 5940 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ttLeNee.exe
PID 3544 wrote to memory of 5940 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ttLeNee.exe
PID 3544 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\tVBAGKt.exe
PID 3544 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\tVBAGKt.exe
PID 3544 wrote to memory of 5980 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IddTmdu.exe
PID 3544 wrote to memory of 5980 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IddTmdu.exe
PID 3544 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\OqNaron.exe
PID 3544 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\OqNaron.exe
PID 3544 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jVjQDFx.exe
PID 3544 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jVjQDFx.exe
PID 3544 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IhxXyFZ.exe
PID 3544 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\IhxXyFZ.exe
PID 3544 wrote to memory of 5520 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ApVHkxv.exe
PID 3544 wrote to memory of 5520 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\ApVHkxv.exe
PID 3544 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jKLDTXp.exe
PID 3544 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\jKLDTXp.exe
PID 3544 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\TOdPXTT.exe
PID 3544 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\TOdPXTT.exe
PID 3544 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\JuMTTrQ.exe
PID 3544 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\JuMTTrQ.exe
PID 3544 wrote to memory of 5492 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\kPcLLBq.exe
PID 3544 wrote to memory of 5492 N/A C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe C:\Windows\System\kPcLLBq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\669fc80a4b6a46627cdb3f43a45e9880_NeikiAnalytics.exe"

C:\Windows\System\wvYNbud.exe

C:\Windows\System\wvYNbud.exe

C:\Windows\System\xyPQpMT.exe

C:\Windows\System\xyPQpMT.exe

C:\Windows\System\NmQxSPF.exe

C:\Windows\System\NmQxSPF.exe

C:\Windows\System\KkElKRV.exe

C:\Windows\System\KkElKRV.exe

C:\Windows\System\SrGdHTS.exe

C:\Windows\System\SrGdHTS.exe

C:\Windows\System\qRBlqFq.exe

C:\Windows\System\qRBlqFq.exe

C:\Windows\System\RWaZVgd.exe

C:\Windows\System\RWaZVgd.exe

C:\Windows\System\hNPsKdI.exe

C:\Windows\System\hNPsKdI.exe

C:\Windows\System\MYKxsVo.exe

C:\Windows\System\MYKxsVo.exe

C:\Windows\System\aDNsIWB.exe

C:\Windows\System\aDNsIWB.exe

C:\Windows\System\cRqHPfR.exe

C:\Windows\System\cRqHPfR.exe

C:\Windows\System\AcIehls.exe

C:\Windows\System\AcIehls.exe

C:\Windows\System\NjDZFAQ.exe

C:\Windows\System\NjDZFAQ.exe

C:\Windows\System\YsCWYNn.exe

C:\Windows\System\YsCWYNn.exe

C:\Windows\System\TFPBddf.exe

C:\Windows\System\TFPBddf.exe

C:\Windows\System\kArIgwN.exe

C:\Windows\System\kArIgwN.exe

C:\Windows\System\IbmOAZA.exe

C:\Windows\System\IbmOAZA.exe

C:\Windows\System\BYpbjzn.exe

C:\Windows\System\BYpbjzn.exe

C:\Windows\System\lcEMChz.exe

C:\Windows\System\lcEMChz.exe

C:\Windows\System\KMOVdmE.exe

C:\Windows\System\KMOVdmE.exe

C:\Windows\System\aEPOwRS.exe

C:\Windows\System\aEPOwRS.exe

C:\Windows\System\ttLeNee.exe

C:\Windows\System\ttLeNee.exe

C:\Windows\System\tVBAGKt.exe

C:\Windows\System\tVBAGKt.exe

C:\Windows\System\IddTmdu.exe

C:\Windows\System\IddTmdu.exe

C:\Windows\System\OqNaron.exe

C:\Windows\System\OqNaron.exe

C:\Windows\System\jVjQDFx.exe

C:\Windows\System\jVjQDFx.exe

C:\Windows\System\IhxXyFZ.exe

C:\Windows\System\IhxXyFZ.exe

C:\Windows\System\ApVHkxv.exe

C:\Windows\System\ApVHkxv.exe

C:\Windows\System\jKLDTXp.exe

C:\Windows\System\jKLDTXp.exe

C:\Windows\System\TOdPXTT.exe

C:\Windows\System\TOdPXTT.exe

C:\Windows\System\JuMTTrQ.exe

C:\Windows\System\JuMTTrQ.exe

C:\Windows\System\kPcLLBq.exe

C:\Windows\System\kPcLLBq.exe

C:\Windows\System\GZYXPUz.exe

C:\Windows\System\GZYXPUz.exe

C:\Windows\System\grAdhid.exe

C:\Windows\System\grAdhid.exe

C:\Windows\System\SyWuqwr.exe

C:\Windows\System\SyWuqwr.exe

C:\Windows\System\HAKAVQW.exe

C:\Windows\System\HAKAVQW.exe

C:\Windows\System\nSyZtOi.exe

C:\Windows\System\nSyZtOi.exe

C:\Windows\System\hZnSKnx.exe

C:\Windows\System\hZnSKnx.exe

C:\Windows\System\PpDVsht.exe

C:\Windows\System\PpDVsht.exe

C:\Windows\System\lMyEdqo.exe

C:\Windows\System\lMyEdqo.exe

C:\Windows\System\zhpjMbg.exe

C:\Windows\System\zhpjMbg.exe

C:\Windows\System\rfbAfju.exe

C:\Windows\System\rfbAfju.exe

C:\Windows\System\gUkymsb.exe

C:\Windows\System\gUkymsb.exe

C:\Windows\System\GifLfEE.exe

C:\Windows\System\GifLfEE.exe

C:\Windows\System\tIDBChS.exe

C:\Windows\System\tIDBChS.exe

C:\Windows\System\BNIoEGC.exe

C:\Windows\System\BNIoEGC.exe

C:\Windows\System\TcdjBLX.exe

C:\Windows\System\TcdjBLX.exe

C:\Windows\System\EEamfqj.exe

C:\Windows\System\EEamfqj.exe

C:\Windows\System\oqzvIWc.exe

C:\Windows\System\oqzvIWc.exe

C:\Windows\System\jgFhSfJ.exe

C:\Windows\System\jgFhSfJ.exe

C:\Windows\System\yYGCflP.exe

C:\Windows\System\yYGCflP.exe

C:\Windows\System\roKIApx.exe

C:\Windows\System\roKIApx.exe

C:\Windows\System\TNGpvxQ.exe

C:\Windows\System\TNGpvxQ.exe

C:\Windows\System\bxNTsEw.exe

C:\Windows\System\bxNTsEw.exe

C:\Windows\System\wYBEzCq.exe

C:\Windows\System\wYBEzCq.exe

C:\Windows\System\LUrHgZs.exe

C:\Windows\System\LUrHgZs.exe

C:\Windows\System\oRlpabN.exe

C:\Windows\System\oRlpabN.exe

C:\Windows\System\ZDYPqDT.exe

C:\Windows\System\ZDYPqDT.exe

C:\Windows\System\TWGotvU.exe

C:\Windows\System\TWGotvU.exe

C:\Windows\System\tCYuete.exe

C:\Windows\System\tCYuete.exe

C:\Windows\System\uPJnHKP.exe

C:\Windows\System\uPJnHKP.exe

C:\Windows\System\msmctsn.exe

C:\Windows\System\msmctsn.exe

C:\Windows\System\UsGwTgC.exe

C:\Windows\System\UsGwTgC.exe

C:\Windows\System\wGoiKdH.exe

C:\Windows\System\wGoiKdH.exe

C:\Windows\System\CAezLpz.exe

C:\Windows\System\CAezLpz.exe

C:\Windows\System\SnTltBO.exe

C:\Windows\System\SnTltBO.exe

C:\Windows\System\udHpSTc.exe

C:\Windows\System\udHpSTc.exe

C:\Windows\System\PEKVXpq.exe

C:\Windows\System\PEKVXpq.exe

C:\Windows\System\BDWFppg.exe

C:\Windows\System\BDWFppg.exe

C:\Windows\System\fCSvdJb.exe

C:\Windows\System\fCSvdJb.exe

C:\Windows\System\lHJfNQG.exe

C:\Windows\System\lHJfNQG.exe

C:\Windows\System\itCXufh.exe

C:\Windows\System\itCXufh.exe

C:\Windows\System\NzXJjEu.exe

C:\Windows\System\NzXJjEu.exe

C:\Windows\System\BkBcqSO.exe

C:\Windows\System\BkBcqSO.exe

C:\Windows\System\NePtkOT.exe

C:\Windows\System\NePtkOT.exe

C:\Windows\System\OMmfSBe.exe

C:\Windows\System\OMmfSBe.exe

C:\Windows\System\HVMvmvh.exe

C:\Windows\System\HVMvmvh.exe

C:\Windows\System\uFdZEIL.exe

C:\Windows\System\uFdZEIL.exe

C:\Windows\System\vpnHCKi.exe

C:\Windows\System\vpnHCKi.exe

C:\Windows\System\kFxLPXx.exe

C:\Windows\System\kFxLPXx.exe

C:\Windows\System\VfbokEV.exe

C:\Windows\System\VfbokEV.exe

C:\Windows\System\yVwKPnB.exe

C:\Windows\System\yVwKPnB.exe

C:\Windows\System\UpsMhCv.exe

C:\Windows\System\UpsMhCv.exe

C:\Windows\System\drVMsBy.exe

C:\Windows\System\drVMsBy.exe

C:\Windows\System\YmBHqIG.exe

C:\Windows\System\YmBHqIG.exe

C:\Windows\System\tsXVsDy.exe

C:\Windows\System\tsXVsDy.exe

C:\Windows\System\yNUDTPe.exe

C:\Windows\System\yNUDTPe.exe

C:\Windows\System\eBDteHQ.exe

C:\Windows\System\eBDteHQ.exe

C:\Windows\System\wrRqPIp.exe

C:\Windows\System\wrRqPIp.exe

C:\Windows\System\YrDLHpu.exe

C:\Windows\System\YrDLHpu.exe

C:\Windows\System\qgKMwck.exe

C:\Windows\System\qgKMwck.exe

C:\Windows\System\iwXKPGe.exe

C:\Windows\System\iwXKPGe.exe

C:\Windows\System\iUvLBhx.exe

C:\Windows\System\iUvLBhx.exe

C:\Windows\System\WSDrgsf.exe

C:\Windows\System\WSDrgsf.exe

C:\Windows\System\ZvakQtO.exe

C:\Windows\System\ZvakQtO.exe

C:\Windows\System\aXJdVWo.exe

C:\Windows\System\aXJdVWo.exe

C:\Windows\System\tQWrmSx.exe

C:\Windows\System\tQWrmSx.exe

C:\Windows\System\DCgpAaB.exe

C:\Windows\System\DCgpAaB.exe

C:\Windows\System\VXKZlQj.exe

C:\Windows\System\VXKZlQj.exe

C:\Windows\System\JtMaAyg.exe

C:\Windows\System\JtMaAyg.exe

C:\Windows\System\OCAqApb.exe

C:\Windows\System\OCAqApb.exe

C:\Windows\System\zEMvOKu.exe

C:\Windows\System\zEMvOKu.exe

C:\Windows\System\VlYfQtY.exe

C:\Windows\System\VlYfQtY.exe

C:\Windows\System\QGNiYor.exe

C:\Windows\System\QGNiYor.exe

C:\Windows\System\bmvDLSU.exe

C:\Windows\System\bmvDLSU.exe

C:\Windows\System\jVyxqUu.exe

C:\Windows\System\jVyxqUu.exe

C:\Windows\System\QPflAEN.exe

C:\Windows\System\QPflAEN.exe

C:\Windows\System\KtSJowF.exe

C:\Windows\System\KtSJowF.exe

C:\Windows\System\JkIaGIA.exe

C:\Windows\System\JkIaGIA.exe

C:\Windows\System\KexrIWs.exe

C:\Windows\System\KexrIWs.exe

C:\Windows\System\cJYrwCK.exe

C:\Windows\System\cJYrwCK.exe

C:\Windows\System\bmrzfby.exe

C:\Windows\System\bmrzfby.exe

C:\Windows\System\XWjjSYW.exe

C:\Windows\System\XWjjSYW.exe

C:\Windows\System\ubgPtfR.exe

C:\Windows\System\ubgPtfR.exe

C:\Windows\System\eDeNEao.exe

C:\Windows\System\eDeNEao.exe

C:\Windows\System\DFogQuI.exe

C:\Windows\System\DFogQuI.exe

C:\Windows\System\sUHghaM.exe

C:\Windows\System\sUHghaM.exe

C:\Windows\System\YOhzcrE.exe

C:\Windows\System\YOhzcrE.exe

C:\Windows\System\HTJLQrF.exe

C:\Windows\System\HTJLQrF.exe

C:\Windows\System\qKRQwaS.exe

C:\Windows\System\qKRQwaS.exe

C:\Windows\System\QZSWOfq.exe

C:\Windows\System\QZSWOfq.exe

C:\Windows\System\RBbTGQX.exe

C:\Windows\System\RBbTGQX.exe

C:\Windows\System\RmOLgvL.exe

C:\Windows\System\RmOLgvL.exe

C:\Windows\System\RMHhUTc.exe

C:\Windows\System\RMHhUTc.exe

C:\Windows\System\CDRGgrx.exe

C:\Windows\System\CDRGgrx.exe

C:\Windows\System\bXRQqVN.exe

C:\Windows\System\bXRQqVN.exe

C:\Windows\System\lLQgVQR.exe

C:\Windows\System\lLQgVQR.exe

C:\Windows\System\aPbIlUo.exe

C:\Windows\System\aPbIlUo.exe

C:\Windows\System\SpvVvmd.exe

C:\Windows\System\SpvVvmd.exe

C:\Windows\System\vFrfSNv.exe

C:\Windows\System\vFrfSNv.exe

C:\Windows\System\yQnybzh.exe

C:\Windows\System\yQnybzh.exe

C:\Windows\System\ebTazPc.exe

C:\Windows\System\ebTazPc.exe

C:\Windows\System\MLXfpGc.exe

C:\Windows\System\MLXfpGc.exe

C:\Windows\System\hzHljno.exe

C:\Windows\System\hzHljno.exe

C:\Windows\System\zvTFlUA.exe

C:\Windows\System\zvTFlUA.exe

C:\Windows\System\nNpsEdR.exe

C:\Windows\System\nNpsEdR.exe

C:\Windows\System\Tsihqgp.exe

C:\Windows\System\Tsihqgp.exe

C:\Windows\System\pRNJOKp.exe

C:\Windows\System\pRNJOKp.exe

C:\Windows\System\KdQBaoQ.exe

C:\Windows\System\KdQBaoQ.exe

C:\Windows\System\IPfRDRy.exe

C:\Windows\System\IPfRDRy.exe

C:\Windows\System\dIKLuGF.exe

C:\Windows\System\dIKLuGF.exe

C:\Windows\System\uBPdAoo.exe

C:\Windows\System\uBPdAoo.exe

C:\Windows\System\lcZAnAO.exe

C:\Windows\System\lcZAnAO.exe

C:\Windows\System\nbFdXeb.exe

C:\Windows\System\nbFdXeb.exe

C:\Windows\System\tlveoEu.exe

C:\Windows\System\tlveoEu.exe

C:\Windows\System\zjzvBmV.exe

C:\Windows\System\zjzvBmV.exe

C:\Windows\System\WaJSVCW.exe

C:\Windows\System\WaJSVCW.exe

C:\Windows\System\JmTmqkh.exe

C:\Windows\System\JmTmqkh.exe

C:\Windows\System\ViEHtvZ.exe

C:\Windows\System\ViEHtvZ.exe

C:\Windows\System\LKWruwW.exe

C:\Windows\System\LKWruwW.exe

C:\Windows\System\QwVyQgr.exe

C:\Windows\System\QwVyQgr.exe

C:\Windows\System\GiVFpLT.exe

C:\Windows\System\GiVFpLT.exe

C:\Windows\System\KXUnvBY.exe

C:\Windows\System\KXUnvBY.exe

C:\Windows\System\ECwswsi.exe

C:\Windows\System\ECwswsi.exe

C:\Windows\System\wEIQENe.exe

C:\Windows\System\wEIQENe.exe

C:\Windows\System\ZOXkkAR.exe

C:\Windows\System\ZOXkkAR.exe

C:\Windows\System\vwoZQeM.exe

C:\Windows\System\vwoZQeM.exe

C:\Windows\System\eJovhFM.exe

C:\Windows\System\eJovhFM.exe

C:\Windows\System\aUjapfZ.exe

C:\Windows\System\aUjapfZ.exe

C:\Windows\System\AYjQwqN.exe

C:\Windows\System\AYjQwqN.exe

C:\Windows\System\mOGDggc.exe

C:\Windows\System\mOGDggc.exe

C:\Windows\System\lTEvkWv.exe

C:\Windows\System\lTEvkWv.exe

C:\Windows\System\rJKdtzx.exe

C:\Windows\System\rJKdtzx.exe

C:\Windows\System\ploUGOS.exe

C:\Windows\System\ploUGOS.exe

C:\Windows\System\QnzBFXH.exe

C:\Windows\System\QnzBFXH.exe

C:\Windows\System\ySDniao.exe

C:\Windows\System\ySDniao.exe

C:\Windows\System\lRvRYhA.exe

C:\Windows\System\lRvRYhA.exe

C:\Windows\System\bSNuNqo.exe

C:\Windows\System\bSNuNqo.exe

C:\Windows\System\crTXebB.exe

C:\Windows\System\crTXebB.exe

C:\Windows\System\ezAknBJ.exe

C:\Windows\System\ezAknBJ.exe

C:\Windows\System\VSnSDEJ.exe

C:\Windows\System\VSnSDEJ.exe

C:\Windows\System\UcELNtH.exe

C:\Windows\System\UcELNtH.exe

C:\Windows\System\BSKZxWQ.exe

C:\Windows\System\BSKZxWQ.exe

C:\Windows\System\RJTOYnn.exe

C:\Windows\System\RJTOYnn.exe

C:\Windows\System\bpyDjXG.exe

C:\Windows\System\bpyDjXG.exe

C:\Windows\System\iwVmQTT.exe

C:\Windows\System\iwVmQTT.exe

C:\Windows\System\HKGTQOH.exe

C:\Windows\System\HKGTQOH.exe

C:\Windows\System\QsTHpZX.exe

C:\Windows\System\QsTHpZX.exe

C:\Windows\System\mPDPbJk.exe

C:\Windows\System\mPDPbJk.exe

C:\Windows\System\kphZRon.exe

C:\Windows\System\kphZRon.exe

C:\Windows\System\CBIFtGi.exe

C:\Windows\System\CBIFtGi.exe

C:\Windows\System\DhvQArx.exe

C:\Windows\System\DhvQArx.exe

C:\Windows\System\smoyNtV.exe

C:\Windows\System\smoyNtV.exe

C:\Windows\System\xicfhun.exe

C:\Windows\System\xicfhun.exe

C:\Windows\System\qFqbdpL.exe

C:\Windows\System\qFqbdpL.exe

C:\Windows\System\xZaKFxj.exe

C:\Windows\System\xZaKFxj.exe

C:\Windows\System\yfikYmE.exe

C:\Windows\System\yfikYmE.exe

C:\Windows\System\spxXdFG.exe

C:\Windows\System\spxXdFG.exe

C:\Windows\System\CdyYyEF.exe

C:\Windows\System\CdyYyEF.exe

C:\Windows\System\CCkYaEA.exe

C:\Windows\System\CCkYaEA.exe

C:\Windows\System\DtIIQBA.exe

C:\Windows\System\DtIIQBA.exe

C:\Windows\System\UMzMiKA.exe

C:\Windows\System\UMzMiKA.exe

C:\Windows\System\MpyzfHM.exe

C:\Windows\System\MpyzfHM.exe

C:\Windows\System\LQwEhpC.exe

C:\Windows\System\LQwEhpC.exe

C:\Windows\System\aBDqXVI.exe

C:\Windows\System\aBDqXVI.exe

C:\Windows\System\rJzysBC.exe

C:\Windows\System\rJzysBC.exe

C:\Windows\System\alUsPmr.exe

C:\Windows\System\alUsPmr.exe

C:\Windows\System\RiqYclm.exe

C:\Windows\System\RiqYclm.exe

C:\Windows\System\mjIvRta.exe

C:\Windows\System\mjIvRta.exe

C:\Windows\System\YTlITOo.exe

C:\Windows\System\YTlITOo.exe

C:\Windows\System\wADlthA.exe

C:\Windows\System\wADlthA.exe

C:\Windows\System\LUDNAIY.exe

C:\Windows\System\LUDNAIY.exe

C:\Windows\System\ayaUmMs.exe

C:\Windows\System\ayaUmMs.exe

C:\Windows\System\NFSOcfC.exe

C:\Windows\System\NFSOcfC.exe

C:\Windows\System\vswEDjP.exe

C:\Windows\System\vswEDjP.exe

C:\Windows\System\PUvMkSN.exe

C:\Windows\System\PUvMkSN.exe

C:\Windows\System\Nuincjn.exe

C:\Windows\System\Nuincjn.exe

C:\Windows\System\uCpZlfE.exe

C:\Windows\System\uCpZlfE.exe

C:\Windows\System\OOBBAaM.exe

C:\Windows\System\OOBBAaM.exe

C:\Windows\System\XWbDMAU.exe

C:\Windows\System\XWbDMAU.exe

C:\Windows\System\kRCnjVj.exe

C:\Windows\System\kRCnjVj.exe

C:\Windows\System\HQncpRt.exe

C:\Windows\System\HQncpRt.exe

C:\Windows\System\qPUJmUb.exe

C:\Windows\System\qPUJmUb.exe

C:\Windows\System\TjcavXr.exe

C:\Windows\System\TjcavXr.exe

C:\Windows\System\nCOyNzu.exe

C:\Windows\System\nCOyNzu.exe

C:\Windows\System\jsIGEjW.exe

C:\Windows\System\jsIGEjW.exe

C:\Windows\System\LqJgOoj.exe

C:\Windows\System\LqJgOoj.exe

C:\Windows\System\cSVgrfx.exe

C:\Windows\System\cSVgrfx.exe

C:\Windows\System\tCSitWW.exe

C:\Windows\System\tCSitWW.exe

C:\Windows\System\yyCfinx.exe

C:\Windows\System\yyCfinx.exe

C:\Windows\System\JMROGSe.exe

C:\Windows\System\JMROGSe.exe

C:\Windows\System\EToAlQJ.exe

C:\Windows\System\EToAlQJ.exe

C:\Windows\System\RDDENrh.exe

C:\Windows\System\RDDENrh.exe

C:\Windows\System\yvtduqd.exe

C:\Windows\System\yvtduqd.exe

C:\Windows\System\gsYLNUr.exe

C:\Windows\System\gsYLNUr.exe

C:\Windows\System\rkpPRho.exe

C:\Windows\System\rkpPRho.exe

C:\Windows\System\wwugwxa.exe

C:\Windows\System\wwugwxa.exe

C:\Windows\System\OhPzsPE.exe

C:\Windows\System\OhPzsPE.exe

C:\Windows\System\ahLnXRl.exe

C:\Windows\System\ahLnXRl.exe

C:\Windows\System\DLikFXi.exe

C:\Windows\System\DLikFXi.exe

C:\Windows\System\bUJDgDF.exe

C:\Windows\System\bUJDgDF.exe

C:\Windows\System\aippvqo.exe

C:\Windows\System\aippvqo.exe

C:\Windows\System\HjeXAsO.exe

C:\Windows\System\HjeXAsO.exe

C:\Windows\System\tesxZxG.exe

C:\Windows\System\tesxZxG.exe

C:\Windows\System\VHTtTes.exe

C:\Windows\System\VHTtTes.exe

C:\Windows\System\PttcFoq.exe

C:\Windows\System\PttcFoq.exe

C:\Windows\System\wFBOcHc.exe

C:\Windows\System\wFBOcHc.exe

C:\Windows\System\FIlOLlu.exe

C:\Windows\System\FIlOLlu.exe

C:\Windows\System\LBavxdn.exe

C:\Windows\System\LBavxdn.exe

C:\Windows\System\dwbXjuT.exe

C:\Windows\System\dwbXjuT.exe

C:\Windows\System\hNbfFuS.exe

C:\Windows\System\hNbfFuS.exe

C:\Windows\System\iKgmLvL.exe

C:\Windows\System\iKgmLvL.exe

C:\Windows\System\CVVqwUr.exe

C:\Windows\System\CVVqwUr.exe

C:\Windows\System\TlRxpzy.exe

C:\Windows\System\TlRxpzy.exe

C:\Windows\System\DeCHTBb.exe

C:\Windows\System\DeCHTBb.exe

C:\Windows\System\rEoNnpC.exe

C:\Windows\System\rEoNnpC.exe

C:\Windows\System\KfSNBhG.exe

C:\Windows\System\KfSNBhG.exe

C:\Windows\System\DarsgpX.exe

C:\Windows\System\DarsgpX.exe

C:\Windows\System\NPswtUR.exe

C:\Windows\System\NPswtUR.exe

C:\Windows\System\JxaSdJt.exe

C:\Windows\System\JxaSdJt.exe

C:\Windows\System\DtmGqtj.exe

C:\Windows\System\DtmGqtj.exe

C:\Windows\System\HJZaKdQ.exe

C:\Windows\System\HJZaKdQ.exe

C:\Windows\System\JMYDzgo.exe

C:\Windows\System\JMYDzgo.exe

C:\Windows\System\bvdhGTU.exe

C:\Windows\System\bvdhGTU.exe

C:\Windows\System\eqDwKkY.exe

C:\Windows\System\eqDwKkY.exe

C:\Windows\System\WIXjUyz.exe

C:\Windows\System\WIXjUyz.exe

C:\Windows\System\XMEWaJE.exe

C:\Windows\System\XMEWaJE.exe

C:\Windows\System\rEdTBjQ.exe

C:\Windows\System\rEdTBjQ.exe

C:\Windows\System\OvMwEaS.exe

C:\Windows\System\OvMwEaS.exe

C:\Windows\System\tStnkxF.exe

C:\Windows\System\tStnkxF.exe

C:\Windows\System\cYmWmxd.exe

C:\Windows\System\cYmWmxd.exe

C:\Windows\System\DNvrGtA.exe

C:\Windows\System\DNvrGtA.exe

C:\Windows\System\ypTJIot.exe

C:\Windows\System\ypTJIot.exe

C:\Windows\System\oaidlGt.exe

C:\Windows\System\oaidlGt.exe

C:\Windows\System\dcfVboA.exe

C:\Windows\System\dcfVboA.exe

C:\Windows\System\SEQbvOQ.exe

C:\Windows\System\SEQbvOQ.exe

C:\Windows\System\FzBAzFS.exe

C:\Windows\System\FzBAzFS.exe

C:\Windows\System\XWEEUWz.exe

C:\Windows\System\XWEEUWz.exe

C:\Windows\System\klPoNov.exe

C:\Windows\System\klPoNov.exe

C:\Windows\System\iORUHcm.exe

C:\Windows\System\iORUHcm.exe

C:\Windows\System\SjdBcAM.exe

C:\Windows\System\SjdBcAM.exe

C:\Windows\System\EKdfBwv.exe

C:\Windows\System\EKdfBwv.exe

C:\Windows\System\wjuPbsD.exe

C:\Windows\System\wjuPbsD.exe

C:\Windows\System\bCoYUBe.exe

C:\Windows\System\bCoYUBe.exe

C:\Windows\System\pOQVyPT.exe

C:\Windows\System\pOQVyPT.exe

C:\Windows\System\fQCTGnt.exe

C:\Windows\System\fQCTGnt.exe

C:\Windows\System\fdMJhVT.exe

C:\Windows\System\fdMJhVT.exe

C:\Windows\System\QswZgzV.exe

C:\Windows\System\QswZgzV.exe

C:\Windows\System\AjBpRnN.exe

C:\Windows\System\AjBpRnN.exe

C:\Windows\System\HvUCeOH.exe

C:\Windows\System\HvUCeOH.exe

C:\Windows\System\VkZylLj.exe

C:\Windows\System\VkZylLj.exe

C:\Windows\System\nrrhkYv.exe

C:\Windows\System\nrrhkYv.exe

C:\Windows\System\pIJOsON.exe

C:\Windows\System\pIJOsON.exe

C:\Windows\System\wqjWnvS.exe

C:\Windows\System\wqjWnvS.exe

C:\Windows\System\OaboVpv.exe

C:\Windows\System\OaboVpv.exe

C:\Windows\System\zMCsFUz.exe

C:\Windows\System\zMCsFUz.exe

C:\Windows\System\SeBPBQx.exe

C:\Windows\System\SeBPBQx.exe

C:\Windows\System\XmrFpoL.exe

C:\Windows\System\XmrFpoL.exe

C:\Windows\System\IImIixD.exe

C:\Windows\System\IImIixD.exe

C:\Windows\System\NbLJoDH.exe

C:\Windows\System\NbLJoDH.exe

C:\Windows\System\ONvVEeB.exe

C:\Windows\System\ONvVEeB.exe

C:\Windows\System\RklZSNn.exe

C:\Windows\System\RklZSNn.exe

C:\Windows\System\ohXWjFu.exe

C:\Windows\System\ohXWjFu.exe

C:\Windows\System\VEiBdWJ.exe

C:\Windows\System\VEiBdWJ.exe

C:\Windows\System\zmainbe.exe

C:\Windows\System\zmainbe.exe

C:\Windows\System\EgWZXKT.exe

C:\Windows\System\EgWZXKT.exe

C:\Windows\System\nKvfSnl.exe

C:\Windows\System\nKvfSnl.exe

C:\Windows\System\XzgseUy.exe

C:\Windows\System\XzgseUy.exe

C:\Windows\System\gVkXuwh.exe

C:\Windows\System\gVkXuwh.exe

C:\Windows\System\QaoCJXt.exe

C:\Windows\System\QaoCJXt.exe

C:\Windows\System\fAkRKnO.exe

C:\Windows\System\fAkRKnO.exe

C:\Windows\System\TuNhaEq.exe

C:\Windows\System\TuNhaEq.exe

C:\Windows\System\BvBrnAE.exe

C:\Windows\System\BvBrnAE.exe

C:\Windows\System\XlKOfsy.exe

C:\Windows\System\XlKOfsy.exe

C:\Windows\System\gnHUqsN.exe

C:\Windows\System\gnHUqsN.exe

C:\Windows\System\cltKzQK.exe

C:\Windows\System\cltKzQK.exe

C:\Windows\System\NQnXuyM.exe

C:\Windows\System\NQnXuyM.exe

C:\Windows\System\vrzutMT.exe

C:\Windows\System\vrzutMT.exe

C:\Windows\System\nxlkjEb.exe

C:\Windows\System\nxlkjEb.exe

C:\Windows\System\tCkySTA.exe

C:\Windows\System\tCkySTA.exe

C:\Windows\System\WwaNdVj.exe

C:\Windows\System\WwaNdVj.exe

C:\Windows\System\pYrLIgt.exe

C:\Windows\System\pYrLIgt.exe

C:\Windows\System\eddNzIv.exe

C:\Windows\System\eddNzIv.exe

C:\Windows\System\ArOFqEK.exe

C:\Windows\System\ArOFqEK.exe

C:\Windows\System\QwrvSOK.exe

C:\Windows\System\QwrvSOK.exe

C:\Windows\System\ttkBfaz.exe

C:\Windows\System\ttkBfaz.exe

C:\Windows\System\QsOdBPu.exe

C:\Windows\System\QsOdBPu.exe

C:\Windows\System\tIJhqPM.exe

C:\Windows\System\tIJhqPM.exe

C:\Windows\System\YvkUcLt.exe

C:\Windows\System\YvkUcLt.exe

C:\Windows\System\DooDQbo.exe

C:\Windows\System\DooDQbo.exe

C:\Windows\System\YJlAFAw.exe

C:\Windows\System\YJlAFAw.exe

C:\Windows\System\ChTBfVt.exe

C:\Windows\System\ChTBfVt.exe

C:\Windows\System\VWlMTLb.exe

C:\Windows\System\VWlMTLb.exe

C:\Windows\System\xuCLXFY.exe

C:\Windows\System\xuCLXFY.exe

C:\Windows\System\icRbTHB.exe

C:\Windows\System\icRbTHB.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.187.202:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp

Files

memory/3544-0-0x00007FF6B2A20000-0x00007FF6B2D74000-memory.dmp

memory/3544-1-0x0000027513760000-0x0000027513770000-memory.dmp

C:\Windows\System\wvYNbud.exe

MD5 5e5ffc947c0c9b2c487708d2efa18bb5
SHA1 d004060af2f26194cd32dd0cede359f6907416da
SHA256 633ddfeeacffe28fa0a6ecca0ebd171517f6db826e5ef08abe901a970b2bf2ea
SHA512 118420f82461e4ececbcc3fdcc78e589145cf7ac095dcb8370f23ab114d0be248edafb5e96f87969877bd1fc531ad1c3ead1d47d639eae554f41c7a9e12cd8f4

C:\Windows\System\xyPQpMT.exe

MD5 b7f24577d0a5d0aa10be4dd17dab9a71
SHA1 d6bdbfad2a54dded81b3d71b87f3fab531ee26a7
SHA256 9b0fb3eb43a12b5598b2cc1cdbb1eb18c5d4ac92ef06c2ce8532e5e800a30ae0
SHA512 864e3ce79f1058ecb086038de8dce92e08c80d88d7356fa9a0a91af350941c5f4b679e85bc039ca082073b3077907ba2ac7319a225c5dce6dc387ed0947258b2

memory/3236-12-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp

C:\Windows\System\NmQxSPF.exe

MD5 9de90bd05718f2064c6968f8f9ba05b7
SHA1 6e14b3db41522eba815a75ec5e4ddce4332b6d3b
SHA256 08eaaae55760dc2c0d5cceaa4926fd1979167d8803339e8605312e1133112438
SHA512 5e89a0eb146543f1af7e63ed0c0d30ea9e691e12aad281dcce32fc824d5aca7d180552ddaed055ef9e1fcbc012959b9fe262ed16bf109d727935aaf50cc893bd

memory/5280-16-0x00007FF794AD0000-0x00007FF794E24000-memory.dmp

C:\Windows\System\KkElKRV.exe

MD5 b71caa512809184f76c013c98429ada9
SHA1 1518960afbf23598a74e5b34dd082ff940d93276
SHA256 db208157fd0b014a6f69e7cc18f4376aafd03a1fd1451574dbb75bb274ea9c01
SHA512 5bcd9224e08de7f8ace191244fa6120cea5a542215b23dfe4537482bb3dc69309c2499be57852476c89b42a34c26b69733c9868924353cbf11dcbbe7bd85226e

C:\Windows\System\SrGdHTS.exe

MD5 3840917183d19c78d12194d0efa8838b
SHA1 9b3c8a885e95038a0035fcd17d47dce71901d1f3
SHA256 f5921c35294f1a5c9ab073dda219e3692e03197515db73741740c4d955c02b5f
SHA512 d9cfb789d1c9df065fc0c11de0d4c218eb29ac5851c55abc2415f896911fbb756d4b8e1dd2e369733849449620325a39504ca0d00aba74d7ece9e77a0da66a0a

memory/1856-26-0x00007FF61BA70000-0x00007FF61BDC4000-memory.dmp

memory/2900-22-0x00007FF629CE0000-0x00007FF62A034000-memory.dmp

C:\Windows\System\qRBlqFq.exe

MD5 9ebd2293f812deecfc6166eecabd1918
SHA1 9a6f492a09a1e39a14173c28a9ff69a3d82b2c3a
SHA256 3e39126e939a61ddad01e002c17e468bcd45ff9a857c6ac9a89c7ff58b592381
SHA512 a74f35899c1ec1ce19c15cf2015d8d99270d37a6186bcb4b4304ddaacf001a1507f0d6341ff7bbabb1d844bbb95a866d235cdad949710947a1acc2b09bcf10ec

memory/924-38-0x00007FF77B320000-0x00007FF77B674000-memory.dmp

C:\Windows\System\RWaZVgd.exe

MD5 15c8acdd67ca9516b05f3526b05daa2f
SHA1 a4e377c0b3575785436198b809e846459185b706
SHA256 119bed4e06cfc56496050426b34d0e5e7d2d4838cdbf857b0016fe0fb240308d
SHA512 1c8e3e5a69d28140eea967a664510d172779387f735112778f9ae29fd7501c66e0b4d142721734037035c01611eef9f019dffee7a12dca31651d29d0d71bac93

memory/4548-46-0x00007FF708010000-0x00007FF708364000-memory.dmp

memory/5584-53-0x00007FF7C9A20000-0x00007FF7C9D74000-memory.dmp

C:\Windows\System\aDNsIWB.exe

MD5 2f098ca813b66fa556e927d20fcf31fb
SHA1 7bfc6ccb568c673439bbf78be03febdbddd690bb
SHA256 94c6128b88e8d879478cc9681c44da21654a76c8d785802f6bdeab0d2f9146bb
SHA512 16eef2a13fa590e8056cd4258bdbc9a41a19df57caffb7196f9b18ddf1b43c696d835befae6321a0b7b91737a69ef7da9e7c5521e25c36cffc6ee2c0802497ae

C:\Windows\System\hNPsKdI.exe

MD5 646026bafbf06f7f7582b580847929dc
SHA1 6558ed1c8435c9c5e7b8385e90e573b84d7f51ab
SHA256 0aabbf61b784214901404043caea9d7e065c0a5e3994e6b17861fe9efe5d2b79
SHA512 48f8c273f0d251201f29938395ec5adb07756a554ad26cdb4fdbab2d4ede1e94d238836c489ca4e5fca1782b950743742bb93f9582866060a3342394af3cd9f8

memory/772-59-0x00007FF6F5490000-0x00007FF6F57E4000-memory.dmp

memory/3236-64-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp

memory/5452-65-0x00007FF730710000-0x00007FF730A64000-memory.dmp

memory/3544-63-0x00007FF6B2A20000-0x00007FF6B2D74000-memory.dmp

C:\Windows\System\MYKxsVo.exe

MD5 4908eadc0de681c745f40f8eab7aac1c
SHA1 d65599381997495ccc773d39e0d21cda67f4b14a
SHA256 24efcaeafeaf80cd3cdee88e438920a3b15fc7f928896fbc35afe67262a6a4ae
SHA512 c7264f8ab76f14594b3ce556050e13547820b756a4680e4c30aaa7f65f95590700793d6247573dbcd17faa66963fa01698b497c699b4e74cffafbe2f9598b5f7

memory/2728-32-0x00007FF7741D0000-0x00007FF774524000-memory.dmp

C:\Windows\System\cRqHPfR.exe

MD5 9daf7e9df1b76e072047c0cfbcf1380d
SHA1 667910a0a4726ca19cd662759a5f30757ace9282
SHA256 e0495183f30cf5409f29dd648989f1ca2cc69019d6ce3cf6a00174b07fbca5a9
SHA512 856d9a9a67f912313f5b10129f58a27a8dd76f745731da8000230b4f263ed7714fa2072736ff56fdb3262dbaf52fd5bc86a8da2f4f9c2ee232a8c00ec9f0b883

C:\Windows\System\AcIehls.exe

MD5 b6e9ddb68efb4723a477d8126894dae2
SHA1 61867596c3f95bffa6dfddff07b2eff65c8c88cb
SHA256 7a86aff9e95c3d8550f23f2dd433baf48452b6d40316bd348b5c253fdb5370d4
SHA512 cdc35ec22e601084d30ad96b68d74496c50949c21553e57e3805d16f34d56aac4d14e0268d385368a908a69d8bd9ac7ab164570356bb293ac66b996a584e4b50

memory/5632-73-0x00007FF600F00000-0x00007FF601254000-memory.dmp

C:\Windows\System\YsCWYNn.exe

MD5 1725dfc8f40868f5f0d8187f98296240
SHA1 5a36857240a57624cbf7b3740a89bc7ed1e54f6b
SHA256 2c4d486321762c523ad05b7d9f6d827ec4bfa90cd49b05b3293f310e379887f0
SHA512 518cb5a6e4c29420083b31ff16f294d0d20474faf014da85f19c6bf59b5dfc77117153e753bd9afceb5883b6996ec6f03b51f337987b62339e6ac075739107df

C:\Windows\System\TFPBddf.exe

MD5 ee561d54756c64ca8117af91faaf1514
SHA1 d62990b95cb19558ae259637ed360760e2cb2112
SHA256 e57372d24d869e631229baf923b69056bcf0f43de6c0b613665daa37b1b4e524
SHA512 ec21d3b48bebebe85b1b8e87072afae6e65e2aa9c926a1f1f13b50a3183d75d76778a28606f42acd5bbeae1d9cec0bad4857215de90c2864561fe5d80e5d003f

C:\Windows\System\kArIgwN.exe

MD5 e19580149e98a8b5cdbe1ba26af6e205
SHA1 7cce4cce7c5348248145058d636b601800b5864d
SHA256 2a9a8ad49d693582021f98879e87fd501188221770aa90ad96c08b8aebdb867f
SHA512 c3fbc70f99844f8696c0567f23b82e4716e2ed6b2f3fd23d45acff6c6cd929b1478ef4b1b4aab38aa9af3a6d62d64ac9f4e0a567006c9aa7b751c53ec9b422d4

C:\Windows\System\NjDZFAQ.exe

MD5 9e434724234aa5c504cc2797678c6094
SHA1 d9abe55f2bbc53689979553474393932598e9349
SHA256 b078b0341f07f4b1a6d218128880290805dd86dced4a399e17f9346962390f41
SHA512 881d4c84ad2e3ab1f68010559451ed81eea25eeaf30f33cf4a1cccb23ef37033b854200b87d38b18cd703531dbdd612e8bb9134115fd3d5e7a9012a87ac5ee3d

C:\Windows\System\IbmOAZA.exe

MD5 cf868d9f4274aa7524d4ccedb10c4fb5
SHA1 6a3da1533e9ad3d876e9fa605bb7e69165d3d68f
SHA256 2e496da286492b8d0a82ab296fd83defc26b83cbbeec7828e810a67ebc8efd1e
SHA512 c85d985e8ba632b9cf948b677fc913c614d25bfafcaeebc2b777a15f75b8fe9b042c17ecb83cef8b8beeff0329a667f6130b8ec2719214a2e89a385215ae2583

C:\Windows\System\BYpbjzn.exe

MD5 41ec3b8d7f6c92fd3f562b87ca8eb171
SHA1 e46859a484fa0498af221857102adefcc9827960
SHA256 2aa732e40705b43000045bbd19eede2d03943f3277bc530bb346255308b0bf58
SHA512 98d0264281076b67aaac74cb33e7d3dbb2a391255ec71ced9c69215873dc13d0a8ff074e82306a5497ff4077184499f0eb7db227170b548f8e39b2fd07dff85d

C:\Windows\System\KMOVdmE.exe

MD5 f5f6b8c2c0b91c52612a59260e504928
SHA1 6d994e461be15af98f09f36d2a7631ad2c14ee6f
SHA256 d65a9be83eb52be7f684dc68ed83bf6974abc91f03da1e5ef6c76016cabf86f7
SHA512 f18b78f61904629be5c75e53e50cab0769d002d8262b366184fc0e3ff6a62c82bf6867eda3a05c27a002074071664bb9c6f14bdd6d2ea02b18ad96a06af56b55

C:\Windows\System\aEPOwRS.exe

MD5 d00575c99a7b89cf341fcf5c777487a8
SHA1 fb620159cfe19487d8de6f0958d682e1e3679b97
SHA256 8e5a93d07aa876a774cd8a2350c81f39c050aeb00a8ec5210577686f65bffb28
SHA512 f01f74a89d6a7faf98cdd6cd8aa789236374fdb1c60a4c4ca4d3a52ce14f168c3d522214c1994164dd243aeb5287694f261eba3789cda552027784c979068ce9

C:\Windows\System\ttLeNee.exe

MD5 e6631fc5c9abb8fcbd3c3ff282d59765
SHA1 77b4f95f907694d7398facfcc0f05e5cdcbd9d4b
SHA256 521732b62f86ee1fea88ea7272b5b5471c00155c6e83cfe918b1158d63ca5125
SHA512 820fb4215de4fc529ac4f5e39d67f4b9480bb2e2bedf2befaa7406959e9b98fbe6d831b925d386a150a94e7e41ef8ec003882d1e9d10f85e8d907ae1f1088fab

C:\Windows\System\tVBAGKt.exe

MD5 a2b4f9845d4aeecd91697cd359ee32ef
SHA1 ce7687a6dcd123e7848458ff1c71205ae05fc60a
SHA256 3526b6a324c50b1df751ed373780cf45768fd087572e499abf9f5786a38b209c
SHA512 25354e32aa6329a53204473968f5849ee451e19b2c2c2aab03f08022efb0db8133b69f604266955e8a5584ce844ecf2db1dc27431cf4847c235e32d41c60587b

C:\Windows\System\IddTmdu.exe

MD5 5312e60fce3a7dff9417a87aee80802c
SHA1 31466994315ef74462e88fe5fb75cf17832a2022
SHA256 ad55fd159ad82f31fa2f533842fdb5b2961c12960c85ca186d0161e76ae88c54
SHA512 39c2daded819d397125ee698c3b8588bb60a252462b9115a2ced0f3e1b867b5e167546f4c62f184e1713d76a7efa63bc17ae66fe60345440d5eb30a3e6a9e47b

C:\Windows\System\ApVHkxv.exe

MD5 a19004c0e8b2119455b8f7ea76952664
SHA1 3ed89c84487fb7c4c61b357ba20cf94e53f39cb1
SHA256 cfae84042edc6d322699e8d0a60c8a742cfc76cc91fccc4b6a4d904388480255
SHA512 c313a70b920010b9c009d4c2d463e52e6d654f58566c5c06982a2e7f70d48d547cb027288b9e515e6192626be288916a9dae757eb5ec0e2bd5db5963f42bbc0b

C:\Windows\System\JuMTTrQ.exe

MD5 f420dab52702c9962c7b4efcbb83c274
SHA1 fa9c034f6f8150aa314b548dd5e82ff424194170
SHA256 ab3ce2ba9994be5fc798fb8509eb055d3410fb06b9a3a9ed53ce0b486eda988c
SHA512 420fd917505d951fc5f0bdaf1ab58f5da537e70efd846ed1be8b27a3c31625b93f48ecc441d021bbb236ecc5d10f50eb4aaaf619718f418c839cdb8b2a9a0d59

C:\Windows\System\kPcLLBq.exe

MD5 0a79777647b027199b162a21ddb753c2
SHA1 200bb01fc017c91f770e15f190c6c414ba453427
SHA256 437afee72dc62c59c6048c773a43ad37a0a56a7d26a4ccf035018e2fc904204d
SHA512 5c01aab8ff910d2e8bb1220c00e90f0261c4166a41558c1bed0ccc15178fdfe161c6b5c1f5eee1527da6aa39ab6096d35650e25f71c136278c99eb99c9920952

memory/4532-188-0x00007FF78EFC0000-0x00007FF78F314000-memory.dmp

memory/4168-202-0x00007FF7313D0000-0x00007FF731724000-memory.dmp

memory/644-208-0x00007FF6F2DF0000-0x00007FF6F3144000-memory.dmp

memory/5880-217-0x00007FF771A00000-0x00007FF771D54000-memory.dmp

memory/3960-223-0x00007FF6D2A40000-0x00007FF6D2D94000-memory.dmp

memory/5316-224-0x00007FF7F7870000-0x00007FF7F7BC4000-memory.dmp

memory/5520-222-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp

memory/5500-221-0x00007FF754920000-0x00007FF754C74000-memory.dmp

memory/5828-220-0x00007FF623D30000-0x00007FF624084000-memory.dmp

memory/3592-219-0x00007FF626DD0000-0x00007FF627124000-memory.dmp

memory/5980-218-0x00007FF7AD020000-0x00007FF7AD374000-memory.dmp

memory/5940-216-0x00007FF6544B0000-0x00007FF654804000-memory.dmp

memory/5900-215-0x00007FF6CF070000-0x00007FF6CF3C4000-memory.dmp

memory/5924-214-0x00007FF6EA160000-0x00007FF6EA4B4000-memory.dmp

memory/4544-213-0x00007FF6FA3B0000-0x00007FF6FA704000-memory.dmp

memory/1796-207-0x00007FF728F50000-0x00007FF7292A4000-memory.dmp

memory/4476-197-0x00007FF616F70000-0x00007FF6172C4000-memory.dmp

C:\Windows\System\lcEMChz.exe

MD5 d59e2e4fb5ea6734bbaa7bd9ec228e95
SHA1 1fd2c1e4713529aaee56513b052d2ab44e60fa21
SHA256 7f9e18b03aec406d8f2b65b288abc00dc71b0ae99a5648b06de06aa5087b2186
SHA512 702864dc520b7649794f7a2eafa896a65095f4e3ff79a344eb6803b2f852e3ed484fff9cec30b9539dbd99c67335d11926aaffe7fff417f9689efecc5cf5fccf

C:\Windows\System\TOdPXTT.exe

MD5 5f9f9bcb033ec97eb0fcf89a3d61cd32
SHA1 2db4a078dbe1fe36c552b21205554e17c30d31a2
SHA256 82a9d82fe8272a28048baab48f1b2ffc4456d869fa75601692fcc3df5e800e4a
SHA512 9e70374227519003c060d089399e8b719f4772297e88d4c3197da2dc0867ca27ae62d0a83f29898476d13dfbf3c930f8911ab4a80d92375511314f8fba3c8dd9

memory/2852-167-0x00007FF6468C0000-0x00007FF646C14000-memory.dmp

C:\Windows\System\jKLDTXp.exe

MD5 db3e2012c2cbe303652170b71760dd4e
SHA1 84c2babd27407a8c23ace6d6d8f07e97b93a56fb
SHA256 76556e8e55da0afd4d3a430820e037c89fbcef8bac2a92c9a4ff1c015a80152b
SHA512 2573a88e26dde8193255834187ee6c74f75b7212a7a4681465247609bcc5193d2f573f9a37ce2878848c506abacd5c61867ad1fd6a6b38751d847ce06ab0249f

C:\Windows\System\grAdhid.exe

MD5 153f213bf3b9074445a607b0cb286056
SHA1 1e27c93cad5125a17929b01405b3df4af92e52fc
SHA256 2fac654029dd62908ac28e81033a1880ae968619d58d00180763c10f440443e5
SHA512 4155129ae555f8591d8ce7154b36dbc618f236c8e6c2f0d0615b1d8fb86edc19c08d145f538191be5092ae636816ea0185aa594d81ddab882c45b9367f555113

C:\Windows\System\GZYXPUz.exe

MD5 4a3ad5299f4f6a354c0927c2717c656b
SHA1 975120e9a2749e7d9d5f63305375835ba7e52276
SHA256 b6f303014f789bf5c634bc7c9252017784382814540ec985e87b4c7b01c188b8
SHA512 2006064f28dc96b634b58b19a5a9895fa89c375380b414506d59d48fc784e978c8c3b2e12146777d114ad45de88ad50da0dbb169539698433044a1285b6945b5

C:\Windows\System\jVjQDFx.exe

MD5 45ed093353095b9fed8fd159c91d72af
SHA1 2b2b2dcfebd75a64ebe3f0ef28bf570099c2ddcc
SHA256 116d5298d6658a393d50073c9f0a06d0f01b77055493c131f0e94c0abc671971
SHA512 6c536094ab1830e57c9de1c26a6fc61cec1fbc7db81e694d165a1665a15239f7be95fb1be3ca32243035157151fa2fceb0addd04f7ba7fd4dee8853f465e9fd2

C:\Windows\System\IhxXyFZ.exe

MD5 5c16b9aaa1355405b9b7eb3e2003b8cb
SHA1 935ab4546cd2e4d19cbe3e389694f03bc9bdfb0a
SHA256 c2de283360330604a1b56f56095144c5aad1eb11ad272547747dc0c8073d3e41
SHA512 822dbd711cb9f533d8890a6daab6188dc48a9a631906477d832f432dcdd9f41c8bd188dfa717a1c48f36185cfa840e3b9c4ef96093dbef29a497c7f6460eca08

C:\Windows\System\OqNaron.exe

MD5 2beff45bfc16988b772633651ace6a90
SHA1 efcd2c9876f693d8807b1e80c35c4d3b7a98774d
SHA256 5492f743c736f7f34865cf86439537d15af20a42baa42a27ee69c3d4d221c8bc
SHA512 3bf23d1ff24c0bafe61aaf4a15aaf8fbd1bcf54c68aba6988136e1bef7ac1618a892fa94eedcf8e81a06d862f5f4b9c946a62c73885d9fbc5d5d7eb498f211ed

memory/5280-143-0x00007FF794AD0000-0x00007FF794E24000-memory.dmp

memory/2728-1032-0x00007FF7741D0000-0x00007FF774524000-memory.dmp

memory/924-1036-0x00007FF77B320000-0x00007FF77B674000-memory.dmp

memory/4548-1075-0x00007FF708010000-0x00007FF708364000-memory.dmp

memory/5584-1076-0x00007FF7C9A20000-0x00007FF7C9D74000-memory.dmp

memory/772-1077-0x00007FF6F5490000-0x00007FF6F57E4000-memory.dmp

memory/5452-1078-0x00007FF730710000-0x00007FF730A64000-memory.dmp

memory/5632-1079-0x00007FF600F00000-0x00007FF601254000-memory.dmp

memory/3236-1080-0x00007FF7D30D0000-0x00007FF7D3424000-memory.dmp

memory/5280-1081-0x00007FF794AD0000-0x00007FF794E24000-memory.dmp

memory/2900-1082-0x00007FF629CE0000-0x00007FF62A034000-memory.dmp

memory/1856-1083-0x00007FF61BA70000-0x00007FF61BDC4000-memory.dmp

memory/2728-1084-0x00007FF7741D0000-0x00007FF774524000-memory.dmp

memory/924-1085-0x00007FF77B320000-0x00007FF77B674000-memory.dmp

memory/4548-1086-0x00007FF708010000-0x00007FF708364000-memory.dmp

memory/5584-1088-0x00007FF7C9A20000-0x00007FF7C9D74000-memory.dmp

memory/772-1087-0x00007FF6F5490000-0x00007FF6F57E4000-memory.dmp

memory/5452-1089-0x00007FF730710000-0x00007FF730A64000-memory.dmp

memory/5632-1090-0x00007FF600F00000-0x00007FF601254000-memory.dmp

memory/2852-1091-0x00007FF6468C0000-0x00007FF646C14000-memory.dmp

memory/5316-1092-0x00007FF7F7870000-0x00007FF7F7BC4000-memory.dmp

memory/4532-1093-0x00007FF78EFC0000-0x00007FF78F314000-memory.dmp

memory/4476-1094-0x00007FF616F70000-0x00007FF6172C4000-memory.dmp

memory/3592-1097-0x00007FF626DD0000-0x00007FF627124000-memory.dmp

memory/1796-1096-0x00007FF728F50000-0x00007FF7292A4000-memory.dmp

memory/5940-1095-0x00007FF6544B0000-0x00007FF654804000-memory.dmp

memory/5924-1098-0x00007FF6EA160000-0x00007FF6EA4B4000-memory.dmp

memory/5500-1099-0x00007FF754920000-0x00007FF754C74000-memory.dmp

memory/5828-1101-0x00007FF623D30000-0x00007FF624084000-memory.dmp

memory/3960-1100-0x00007FF6D2A40000-0x00007FF6D2D94000-memory.dmp

memory/5880-1103-0x00007FF771A00000-0x00007FF771D54000-memory.dmp

memory/5980-1102-0x00007FF7AD020000-0x00007FF7AD374000-memory.dmp

memory/4168-1104-0x00007FF7313D0000-0x00007FF731724000-memory.dmp

memory/5520-1105-0x00007FF73A3E0000-0x00007FF73A734000-memory.dmp

memory/4544-1107-0x00007FF6FA3B0000-0x00007FF6FA704000-memory.dmp

memory/5900-1106-0x00007FF6CF070000-0x00007FF6CF3C4000-memory.dmp

memory/644-1108-0x00007FF6F2DF0000-0x00007FF6F3144000-memory.dmp