Malware Analysis Report

2024-10-16 07:50

Sample ID 240530-g2ms1shb41
Target 67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe
SHA256 cd0ecf27df3727eb3868ad2e7c7eb383928cbadbe7eadffe509dd4a51e2b6f2c
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd0ecf27df3727eb3868ad2e7c7eb383928cbadbe7eadffe509dd4a51e2b6f2c

Threat Level: Known bad

The file 67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

xmrig

Kpot family

KPOT

KPOT Core Executable

Xmrig family

XMRig Miner payload

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 06:18

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 06:18

Reported

2024-05-30 06:20

Platform

win7-20240221-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lxDOtHF.exe N/A
N/A N/A C:\Windows\System\yqAiIRl.exe N/A
N/A N/A C:\Windows\System\xQidtiK.exe N/A
N/A N/A C:\Windows\System\MLYUtcu.exe N/A
N/A N/A C:\Windows\System\AAEgPtM.exe N/A
N/A N/A C:\Windows\System\hmrEMyH.exe N/A
N/A N/A C:\Windows\System\ifoXrFb.exe N/A
N/A N/A C:\Windows\System\HUepOgo.exe N/A
N/A N/A C:\Windows\System\UxCpiVi.exe N/A
N/A N/A C:\Windows\System\DnjAIJO.exe N/A
N/A N/A C:\Windows\System\oChgYAd.exe N/A
N/A N/A C:\Windows\System\tvPgzfE.exe N/A
N/A N/A C:\Windows\System\fphlBkS.exe N/A
N/A N/A C:\Windows\System\hrVIFPo.exe N/A
N/A N/A C:\Windows\System\zgeCeLw.exe N/A
N/A N/A C:\Windows\System\DOyddZA.exe N/A
N/A N/A C:\Windows\System\rxmRtSn.exe N/A
N/A N/A C:\Windows\System\frNDWaL.exe N/A
N/A N/A C:\Windows\System\iIjNVqQ.exe N/A
N/A N/A C:\Windows\System\sxxZPiq.exe N/A
N/A N/A C:\Windows\System\muqycDM.exe N/A
N/A N/A C:\Windows\System\UYBnApg.exe N/A
N/A N/A C:\Windows\System\QWskKqO.exe N/A
N/A N/A C:\Windows\System\BOhJVbx.exe N/A
N/A N/A C:\Windows\System\eNPIzwW.exe N/A
N/A N/A C:\Windows\System\woWvpOK.exe N/A
N/A N/A C:\Windows\System\TAOErIt.exe N/A
N/A N/A C:\Windows\System\GvnlRkQ.exe N/A
N/A N/A C:\Windows\System\odJXiKB.exe N/A
N/A N/A C:\Windows\System\RGMrjcx.exe N/A
N/A N/A C:\Windows\System\YHspFae.exe N/A
N/A N/A C:\Windows\System\QuRFrnL.exe N/A
N/A N/A C:\Windows\System\dIBgZzd.exe N/A
N/A N/A C:\Windows\System\vUsHQho.exe N/A
N/A N/A C:\Windows\System\nVDdjSu.exe N/A
N/A N/A C:\Windows\System\sdhnulq.exe N/A
N/A N/A C:\Windows\System\VFXWumS.exe N/A
N/A N/A C:\Windows\System\XyvRvsz.exe N/A
N/A N/A C:\Windows\System\nirONTx.exe N/A
N/A N/A C:\Windows\System\jRfDwvR.exe N/A
N/A N/A C:\Windows\System\ahOxxyc.exe N/A
N/A N/A C:\Windows\System\TICqIjX.exe N/A
N/A N/A C:\Windows\System\JXMBzQy.exe N/A
N/A N/A C:\Windows\System\UokfEVa.exe N/A
N/A N/A C:\Windows\System\QdSbBlQ.exe N/A
N/A N/A C:\Windows\System\auXOCGH.exe N/A
N/A N/A C:\Windows\System\JjRpRGT.exe N/A
N/A N/A C:\Windows\System\kuMgXFz.exe N/A
N/A N/A C:\Windows\System\eQQRwup.exe N/A
N/A N/A C:\Windows\System\MMFSyie.exe N/A
N/A N/A C:\Windows\System\ZpSteCD.exe N/A
N/A N/A C:\Windows\System\SRCrqee.exe N/A
N/A N/A C:\Windows\System\hzQSRIC.exe N/A
N/A N/A C:\Windows\System\HsLdyLc.exe N/A
N/A N/A C:\Windows\System\qBwVeON.exe N/A
N/A N/A C:\Windows\System\lHazGtP.exe N/A
N/A N/A C:\Windows\System\MJJXPiG.exe N/A
N/A N/A C:\Windows\System\ZIAFKmD.exe N/A
N/A N/A C:\Windows\System\bNyWJWL.exe N/A
N/A N/A C:\Windows\System\KUGFhIZ.exe N/A
N/A N/A C:\Windows\System\ufpqnHq.exe N/A
N/A N/A C:\Windows\System\WOPafin.exe N/A
N/A N/A C:\Windows\System\BsgPmCn.exe N/A
N/A N/A C:\Windows\System\FxbkyRI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iIjNVqQ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJStjbi.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oChgYAd.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bxShTLW.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbmdfEf.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMaRgcd.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPHvLrC.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqIapMu.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHmihtj.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PEBiKUZ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZfPMwfA.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVQSgKx.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLLfhfE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeRDwpI.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWYSdWv.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgeCeLw.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pJeMXFG.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKUopQx.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuzlzZJ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pYlMjvh.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zOfYHvc.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AktgydW.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPNhvCt.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvPgzfE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVDdjSu.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUEgIep.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAPPtEy.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqHtKsL.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ospddtw.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MeARIYe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\koOgMsv.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPdRyJn.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpRsTnV.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\saxsInV.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqolesL.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KoxWvoE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VCbDAQM.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrVIFPo.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdSbBlQ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWNAguM.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYidCZt.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWQmoxE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTZgMKK.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPfXMTE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOyddZA.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoUHTGR.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxyPleG.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSvZYVY.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKiWIQk.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\woWvpOK.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufpqnHq.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMEUraL.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\okXTVSS.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogtEUnP.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYyAAqx.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpSteCD.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRCrqee.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnHrNdW.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwnJudP.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svOeAHk.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpoGDNS.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vblArrx.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHWWwlm.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nbHHJMk.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\lxDOtHF.exe
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\lxDOtHF.exe
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\lxDOtHF.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\yqAiIRl.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\yqAiIRl.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\yqAiIRl.exe
PID 2456 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\xQidtiK.exe
PID 2456 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\xQidtiK.exe
PID 2456 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\xQidtiK.exe
PID 2456 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\AAEgPtM.exe
PID 2456 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\AAEgPtM.exe
PID 2456 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\AAEgPtM.exe
PID 2456 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\MLYUtcu.exe
PID 2456 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\MLYUtcu.exe
PID 2456 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\MLYUtcu.exe
PID 2456 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hmrEMyH.exe
PID 2456 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hmrEMyH.exe
PID 2456 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hmrEMyH.exe
PID 2456 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ifoXrFb.exe
PID 2456 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ifoXrFb.exe
PID 2456 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ifoXrFb.exe
PID 2456 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\UxCpiVi.exe
PID 2456 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\UxCpiVi.exe
PID 2456 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\UxCpiVi.exe
PID 2456 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\HUepOgo.exe
PID 2456 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\HUepOgo.exe
PID 2456 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\HUepOgo.exe
PID 2456 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DnjAIJO.exe
PID 2456 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DnjAIJO.exe
PID 2456 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DnjAIJO.exe
PID 2456 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oChgYAd.exe
PID 2456 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oChgYAd.exe
PID 2456 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oChgYAd.exe
PID 2456 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\fphlBkS.exe
PID 2456 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\fphlBkS.exe
PID 2456 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\fphlBkS.exe
PID 2456 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\tvPgzfE.exe
PID 2456 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\tvPgzfE.exe
PID 2456 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\tvPgzfE.exe
PID 2456 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hrVIFPo.exe
PID 2456 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hrVIFPo.exe
PID 2456 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\hrVIFPo.exe
PID 2456 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\zgeCeLw.exe
PID 2456 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\zgeCeLw.exe
PID 2456 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\zgeCeLw.exe
PID 2456 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\QWskKqO.exe
PID 2456 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\QWskKqO.exe
PID 2456 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\QWskKqO.exe
PID 2456 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DOyddZA.exe
PID 2456 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DOyddZA.exe
PID 2456 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DOyddZA.exe
PID 2456 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\BOhJVbx.exe
PID 2456 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\BOhJVbx.exe
PID 2456 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\BOhJVbx.exe
PID 2456 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\rxmRtSn.exe
PID 2456 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\rxmRtSn.exe
PID 2456 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\rxmRtSn.exe
PID 2456 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\eNPIzwW.exe
PID 2456 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\eNPIzwW.exe
PID 2456 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\eNPIzwW.exe
PID 2456 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\frNDWaL.exe
PID 2456 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\frNDWaL.exe
PID 2456 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\frNDWaL.exe
PID 2456 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\woWvpOK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe"

C:\Windows\System\lxDOtHF.exe

C:\Windows\System\lxDOtHF.exe

C:\Windows\System\yqAiIRl.exe

C:\Windows\System\yqAiIRl.exe

C:\Windows\System\xQidtiK.exe

C:\Windows\System\xQidtiK.exe

C:\Windows\System\AAEgPtM.exe

C:\Windows\System\AAEgPtM.exe

C:\Windows\System\MLYUtcu.exe

C:\Windows\System\MLYUtcu.exe

C:\Windows\System\hmrEMyH.exe

C:\Windows\System\hmrEMyH.exe

C:\Windows\System\ifoXrFb.exe

C:\Windows\System\ifoXrFb.exe

C:\Windows\System\UxCpiVi.exe

C:\Windows\System\UxCpiVi.exe

C:\Windows\System\HUepOgo.exe

C:\Windows\System\HUepOgo.exe

C:\Windows\System\DnjAIJO.exe

C:\Windows\System\DnjAIJO.exe

C:\Windows\System\oChgYAd.exe

C:\Windows\System\oChgYAd.exe

C:\Windows\System\fphlBkS.exe

C:\Windows\System\fphlBkS.exe

C:\Windows\System\tvPgzfE.exe

C:\Windows\System\tvPgzfE.exe

C:\Windows\System\hrVIFPo.exe

C:\Windows\System\hrVIFPo.exe

C:\Windows\System\zgeCeLw.exe

C:\Windows\System\zgeCeLw.exe

C:\Windows\System\QWskKqO.exe

C:\Windows\System\QWskKqO.exe

C:\Windows\System\DOyddZA.exe

C:\Windows\System\DOyddZA.exe

C:\Windows\System\BOhJVbx.exe

C:\Windows\System\BOhJVbx.exe

C:\Windows\System\rxmRtSn.exe

C:\Windows\System\rxmRtSn.exe

C:\Windows\System\eNPIzwW.exe

C:\Windows\System\eNPIzwW.exe

C:\Windows\System\frNDWaL.exe

C:\Windows\System\frNDWaL.exe

C:\Windows\System\woWvpOK.exe

C:\Windows\System\woWvpOK.exe

C:\Windows\System\iIjNVqQ.exe

C:\Windows\System\iIjNVqQ.exe

C:\Windows\System\TAOErIt.exe

C:\Windows\System\TAOErIt.exe

C:\Windows\System\sxxZPiq.exe

C:\Windows\System\sxxZPiq.exe

C:\Windows\System\GvnlRkQ.exe

C:\Windows\System\GvnlRkQ.exe

C:\Windows\System\muqycDM.exe

C:\Windows\System\muqycDM.exe

C:\Windows\System\odJXiKB.exe

C:\Windows\System\odJXiKB.exe

C:\Windows\System\UYBnApg.exe

C:\Windows\System\UYBnApg.exe

C:\Windows\System\RGMrjcx.exe

C:\Windows\System\RGMrjcx.exe

C:\Windows\System\YHspFae.exe

C:\Windows\System\YHspFae.exe

C:\Windows\System\QuRFrnL.exe

C:\Windows\System\QuRFrnL.exe

C:\Windows\System\dIBgZzd.exe

C:\Windows\System\dIBgZzd.exe

C:\Windows\System\vUsHQho.exe

C:\Windows\System\vUsHQho.exe

C:\Windows\System\nVDdjSu.exe

C:\Windows\System\nVDdjSu.exe

C:\Windows\System\sdhnulq.exe

C:\Windows\System\sdhnulq.exe

C:\Windows\System\VFXWumS.exe

C:\Windows\System\VFXWumS.exe

C:\Windows\System\XyvRvsz.exe

C:\Windows\System\XyvRvsz.exe

C:\Windows\System\nirONTx.exe

C:\Windows\System\nirONTx.exe

C:\Windows\System\jRfDwvR.exe

C:\Windows\System\jRfDwvR.exe

C:\Windows\System\ahOxxyc.exe

C:\Windows\System\ahOxxyc.exe

C:\Windows\System\TICqIjX.exe

C:\Windows\System\TICqIjX.exe

C:\Windows\System\JXMBzQy.exe

C:\Windows\System\JXMBzQy.exe

C:\Windows\System\UokfEVa.exe

C:\Windows\System\UokfEVa.exe

C:\Windows\System\QdSbBlQ.exe

C:\Windows\System\QdSbBlQ.exe

C:\Windows\System\auXOCGH.exe

C:\Windows\System\auXOCGH.exe

C:\Windows\System\JjRpRGT.exe

C:\Windows\System\JjRpRGT.exe

C:\Windows\System\kuMgXFz.exe

C:\Windows\System\kuMgXFz.exe

C:\Windows\System\eQQRwup.exe

C:\Windows\System\eQQRwup.exe

C:\Windows\System\ZpSteCD.exe

C:\Windows\System\ZpSteCD.exe

C:\Windows\System\MMFSyie.exe

C:\Windows\System\MMFSyie.exe

C:\Windows\System\SRCrqee.exe

C:\Windows\System\SRCrqee.exe

C:\Windows\System\hzQSRIC.exe

C:\Windows\System\hzQSRIC.exe

C:\Windows\System\lHazGtP.exe

C:\Windows\System\lHazGtP.exe

C:\Windows\System\HsLdyLc.exe

C:\Windows\System\HsLdyLc.exe

C:\Windows\System\ZIAFKmD.exe

C:\Windows\System\ZIAFKmD.exe

C:\Windows\System\qBwVeON.exe

C:\Windows\System\qBwVeON.exe

C:\Windows\System\bNyWJWL.exe

C:\Windows\System\bNyWJWL.exe

C:\Windows\System\MJJXPiG.exe

C:\Windows\System\MJJXPiG.exe

C:\Windows\System\KUGFhIZ.exe

C:\Windows\System\KUGFhIZ.exe

C:\Windows\System\ufpqnHq.exe

C:\Windows\System\ufpqnHq.exe

C:\Windows\System\WOPafin.exe

C:\Windows\System\WOPafin.exe

C:\Windows\System\BsgPmCn.exe

C:\Windows\System\BsgPmCn.exe

C:\Windows\System\utmpUeP.exe

C:\Windows\System\utmpUeP.exe

C:\Windows\System\FxbkyRI.exe

C:\Windows\System\FxbkyRI.exe

C:\Windows\System\GWYccEO.exe

C:\Windows\System\GWYccEO.exe

C:\Windows\System\WBYlJxA.exe

C:\Windows\System\WBYlJxA.exe

C:\Windows\System\YnARigr.exe

C:\Windows\System\YnARigr.exe

C:\Windows\System\qoUHTGR.exe

C:\Windows\System\qoUHTGR.exe

C:\Windows\System\RccNzeL.exe

C:\Windows\System\RccNzeL.exe

C:\Windows\System\GyfzMvK.exe

C:\Windows\System\GyfzMvK.exe

C:\Windows\System\KkxbgbN.exe

C:\Windows\System\KkxbgbN.exe

C:\Windows\System\KoxWvoE.exe

C:\Windows\System\KoxWvoE.exe

C:\Windows\System\qZbJOBE.exe

C:\Windows\System\qZbJOBE.exe

C:\Windows\System\rzvlCSR.exe

C:\Windows\System\rzvlCSR.exe

C:\Windows\System\HdnjjPN.exe

C:\Windows\System\HdnjjPN.exe

C:\Windows\System\weZfryS.exe

C:\Windows\System\weZfryS.exe

C:\Windows\System\HpIsuIH.exe

C:\Windows\System\HpIsuIH.exe

C:\Windows\System\FKpGJNJ.exe

C:\Windows\System\FKpGJNJ.exe

C:\Windows\System\bzMQlkw.exe

C:\Windows\System\bzMQlkw.exe

C:\Windows\System\GhtnCbA.exe

C:\Windows\System\GhtnCbA.exe

C:\Windows\System\wxyPleG.exe

C:\Windows\System\wxyPleG.exe

C:\Windows\System\wEbYUQb.exe

C:\Windows\System\wEbYUQb.exe

C:\Windows\System\kVcgIUA.exe

C:\Windows\System\kVcgIUA.exe

C:\Windows\System\XiFqpnA.exe

C:\Windows\System\XiFqpnA.exe

C:\Windows\System\sapNrBD.exe

C:\Windows\System\sapNrBD.exe

C:\Windows\System\PEBiKUZ.exe

C:\Windows\System\PEBiKUZ.exe

C:\Windows\System\sqCaLac.exe

C:\Windows\System\sqCaLac.exe

C:\Windows\System\likXfDM.exe

C:\Windows\System\likXfDM.exe

C:\Windows\System\RKFbxeI.exe

C:\Windows\System\RKFbxeI.exe

C:\Windows\System\tLapzVY.exe

C:\Windows\System\tLapzVY.exe

C:\Windows\System\cZTbgRu.exe

C:\Windows\System\cZTbgRu.exe

C:\Windows\System\DToDdBe.exe

C:\Windows\System\DToDdBe.exe

C:\Windows\System\hPfLISz.exe

C:\Windows\System\hPfLISz.exe

C:\Windows\System\KYemaYg.exe

C:\Windows\System\KYemaYg.exe

C:\Windows\System\EyBJBsI.exe

C:\Windows\System\EyBJBsI.exe

C:\Windows\System\LIoxqGg.exe

C:\Windows\System\LIoxqGg.exe

C:\Windows\System\XScMkrf.exe

C:\Windows\System\XScMkrf.exe

C:\Windows\System\brptXES.exe

C:\Windows\System\brptXES.exe

C:\Windows\System\PDMDNhF.exe

C:\Windows\System\PDMDNhF.exe

C:\Windows\System\FUQXwks.exe

C:\Windows\System\FUQXwks.exe

C:\Windows\System\SwnJudP.exe

C:\Windows\System\SwnJudP.exe

C:\Windows\System\DIHScIO.exe

C:\Windows\System\DIHScIO.exe

C:\Windows\System\BpRsTnV.exe

C:\Windows\System\BpRsTnV.exe

C:\Windows\System\WvmHbSZ.exe

C:\Windows\System\WvmHbSZ.exe

C:\Windows\System\saxsInV.exe

C:\Windows\System\saxsInV.exe

C:\Windows\System\WUEgIep.exe

C:\Windows\System\WUEgIep.exe

C:\Windows\System\bzQlTXf.exe

C:\Windows\System\bzQlTXf.exe

C:\Windows\System\rmtipDL.exe

C:\Windows\System\rmtipDL.exe

C:\Windows\System\xWwiRPQ.exe

C:\Windows\System\xWwiRPQ.exe

C:\Windows\System\xdQZwOU.exe

C:\Windows\System\xdQZwOU.exe

C:\Windows\System\svOeAHk.exe

C:\Windows\System\svOeAHk.exe

C:\Windows\System\ALdHTot.exe

C:\Windows\System\ALdHTot.exe

C:\Windows\System\omHfnEl.exe

C:\Windows\System\omHfnEl.exe

C:\Windows\System\tYiBdms.exe

C:\Windows\System\tYiBdms.exe

C:\Windows\System\LllyCEQ.exe

C:\Windows\System\LllyCEQ.exe

C:\Windows\System\HRyreqy.exe

C:\Windows\System\HRyreqy.exe

C:\Windows\System\MwdUXOB.exe

C:\Windows\System\MwdUXOB.exe

C:\Windows\System\AeuzBJH.exe

C:\Windows\System\AeuzBJH.exe

C:\Windows\System\OMEUraL.exe

C:\Windows\System\OMEUraL.exe

C:\Windows\System\nMoswWV.exe

C:\Windows\System\nMoswWV.exe

C:\Windows\System\oAjrkIK.exe

C:\Windows\System\oAjrkIK.exe

C:\Windows\System\txboJBS.exe

C:\Windows\System\txboJBS.exe

C:\Windows\System\zqOBZXg.exe

C:\Windows\System\zqOBZXg.exe

C:\Windows\System\oIhqNcK.exe

C:\Windows\System\oIhqNcK.exe

C:\Windows\System\yiHHNLy.exe

C:\Windows\System\yiHHNLy.exe

C:\Windows\System\NedzPFp.exe

C:\Windows\System\NedzPFp.exe

C:\Windows\System\EgEjqsX.exe

C:\Windows\System\EgEjqsX.exe

C:\Windows\System\ROCkvNM.exe

C:\Windows\System\ROCkvNM.exe

C:\Windows\System\usgRwAG.exe

C:\Windows\System\usgRwAG.exe

C:\Windows\System\dYidCZt.exe

C:\Windows\System\dYidCZt.exe

C:\Windows\System\xWucNha.exe

C:\Windows\System\xWucNha.exe

C:\Windows\System\AakKnZV.exe

C:\Windows\System\AakKnZV.exe

C:\Windows\System\ezIUCsT.exe

C:\Windows\System\ezIUCsT.exe

C:\Windows\System\DGfwRDZ.exe

C:\Windows\System\DGfwRDZ.exe

C:\Windows\System\oWcsMRu.exe

C:\Windows\System\oWcsMRu.exe

C:\Windows\System\vpSRbvA.exe

C:\Windows\System\vpSRbvA.exe

C:\Windows\System\lejNgul.exe

C:\Windows\System\lejNgul.exe

C:\Windows\System\VCZOloa.exe

C:\Windows\System\VCZOloa.exe

C:\Windows\System\nWQmoxE.exe

C:\Windows\System\nWQmoxE.exe

C:\Windows\System\bcURDeT.exe

C:\Windows\System\bcURDeT.exe

C:\Windows\System\zbmdfEf.exe

C:\Windows\System\zbmdfEf.exe

C:\Windows\System\nJStjbi.exe

C:\Windows\System\nJStjbi.exe

C:\Windows\System\QWNAguM.exe

C:\Windows\System\QWNAguM.exe

C:\Windows\System\HxZUBDg.exe

C:\Windows\System\HxZUBDg.exe

C:\Windows\System\nLTJrCx.exe

C:\Windows\System\nLTJrCx.exe

C:\Windows\System\VRcjcmV.exe

C:\Windows\System\VRcjcmV.exe

C:\Windows\System\bxShTLW.exe

C:\Windows\System\bxShTLW.exe

C:\Windows\System\Ospddtw.exe

C:\Windows\System\Ospddtw.exe

C:\Windows\System\ZfPMwfA.exe

C:\Windows\System\ZfPMwfA.exe

C:\Windows\System\lYxNquG.exe

C:\Windows\System\lYxNquG.exe

C:\Windows\System\AMaRgcd.exe

C:\Windows\System\AMaRgcd.exe

C:\Windows\System\vblArrx.exe

C:\Windows\System\vblArrx.exe

C:\Windows\System\MfzxqIV.exe

C:\Windows\System\MfzxqIV.exe

C:\Windows\System\XLifpJH.exe

C:\Windows\System\XLifpJH.exe

C:\Windows\System\ufvzNsq.exe

C:\Windows\System\ufvzNsq.exe

C:\Windows\System\MpoGDNS.exe

C:\Windows\System\MpoGDNS.exe

C:\Windows\System\mVQSgKx.exe

C:\Windows\System\mVQSgKx.exe

C:\Windows\System\pJeMXFG.exe

C:\Windows\System\pJeMXFG.exe

C:\Windows\System\QIuhRZr.exe

C:\Windows\System\QIuhRZr.exe

C:\Windows\System\zlZPqjo.exe

C:\Windows\System\zlZPqjo.exe

C:\Windows\System\PlYhRdf.exe

C:\Windows\System\PlYhRdf.exe

C:\Windows\System\isflRic.exe

C:\Windows\System\isflRic.exe

C:\Windows\System\GbWhfwI.exe

C:\Windows\System\GbWhfwI.exe

C:\Windows\System\jmGkyfo.exe

C:\Windows\System\jmGkyfo.exe

C:\Windows\System\xzGbEBH.exe

C:\Windows\System\xzGbEBH.exe

C:\Windows\System\xqolesL.exe

C:\Windows\System\xqolesL.exe

C:\Windows\System\aksxnIU.exe

C:\Windows\System\aksxnIU.exe

C:\Windows\System\LzBTVET.exe

C:\Windows\System\LzBTVET.exe

C:\Windows\System\VyDemsV.exe

C:\Windows\System\VyDemsV.exe

C:\Windows\System\CqIapMu.exe

C:\Windows\System\CqIapMu.exe

C:\Windows\System\EeBqisE.exe

C:\Windows\System\EeBqisE.exe

C:\Windows\System\dxPReFx.exe

C:\Windows\System\dxPReFx.exe

C:\Windows\System\OqaMHmm.exe

C:\Windows\System\OqaMHmm.exe

C:\Windows\System\fcgahkR.exe

C:\Windows\System\fcgahkR.exe

C:\Windows\System\Eqtomlw.exe

C:\Windows\System\Eqtomlw.exe

C:\Windows\System\kodevuy.exe

C:\Windows\System\kodevuy.exe

C:\Windows\System\mRtZlOx.exe

C:\Windows\System\mRtZlOx.exe

C:\Windows\System\NmULuOT.exe

C:\Windows\System\NmULuOT.exe

C:\Windows\System\NRLOhcO.exe

C:\Windows\System\NRLOhcO.exe

C:\Windows\System\jKUopQx.exe

C:\Windows\System\jKUopQx.exe

C:\Windows\System\cHWWwlm.exe

C:\Windows\System\cHWWwlm.exe

C:\Windows\System\DRnTziC.exe

C:\Windows\System\DRnTziC.exe

C:\Windows\System\hSMFFah.exe

C:\Windows\System\hSMFFah.exe

C:\Windows\System\dfSxOBp.exe

C:\Windows\System\dfSxOBp.exe

C:\Windows\System\wNbbwyS.exe

C:\Windows\System\wNbbwyS.exe

C:\Windows\System\EVFkNpD.exe

C:\Windows\System\EVFkNpD.exe

C:\Windows\System\hCPaQUe.exe

C:\Windows\System\hCPaQUe.exe

C:\Windows\System\xaNdYHL.exe

C:\Windows\System\xaNdYHL.exe

C:\Windows\System\sCxXbTW.exe

C:\Windows\System\sCxXbTW.exe

C:\Windows\System\XfQlMDL.exe

C:\Windows\System\XfQlMDL.exe

C:\Windows\System\hSvZYVY.exe

C:\Windows\System\hSvZYVY.exe

C:\Windows\System\vryGXAj.exe

C:\Windows\System\vryGXAj.exe

C:\Windows\System\VlhBypP.exe

C:\Windows\System\VlhBypP.exe

C:\Windows\System\AeZAsNU.exe

C:\Windows\System\AeZAsNU.exe

C:\Windows\System\TuzlzZJ.exe

C:\Windows\System\TuzlzZJ.exe

C:\Windows\System\ssgdgQc.exe

C:\Windows\System\ssgdgQc.exe

C:\Windows\System\AaRxftc.exe

C:\Windows\System\AaRxftc.exe

C:\Windows\System\ZTeLZmw.exe

C:\Windows\System\ZTeLZmw.exe

C:\Windows\System\ESKxtLe.exe

C:\Windows\System\ESKxtLe.exe

C:\Windows\System\kPdRyJn.exe

C:\Windows\System\kPdRyJn.exe

C:\Windows\System\reshwzA.exe

C:\Windows\System\reshwzA.exe

C:\Windows\System\bEHeUjX.exe

C:\Windows\System\bEHeUjX.exe

C:\Windows\System\UnHrNdW.exe

C:\Windows\System\UnHrNdW.exe

C:\Windows\System\BVXkxPq.exe

C:\Windows\System\BVXkxPq.exe

C:\Windows\System\cRVnfvK.exe

C:\Windows\System\cRVnfvK.exe

C:\Windows\System\jceNzeX.exe

C:\Windows\System\jceNzeX.exe

C:\Windows\System\KdOgdlr.exe

C:\Windows\System\KdOgdlr.exe

C:\Windows\System\xqgmEdR.exe

C:\Windows\System\xqgmEdR.exe

C:\Windows\System\ksACyXm.exe

C:\Windows\System\ksACyXm.exe

C:\Windows\System\IBxJewK.exe

C:\Windows\System\IBxJewK.exe

C:\Windows\System\viHgeNY.exe

C:\Windows\System\viHgeNY.exe

C:\Windows\System\EQlvLPt.exe

C:\Windows\System\EQlvLPt.exe

C:\Windows\System\MeARIYe.exe

C:\Windows\System\MeARIYe.exe

C:\Windows\System\BdDNWtq.exe

C:\Windows\System\BdDNWtq.exe

C:\Windows\System\AjGiyHs.exe

C:\Windows\System\AjGiyHs.exe

C:\Windows\System\WREiFVb.exe

C:\Windows\System\WREiFVb.exe

C:\Windows\System\eIertax.exe

C:\Windows\System\eIertax.exe

C:\Windows\System\QuqSLdL.exe

C:\Windows\System\QuqSLdL.exe

C:\Windows\System\hYxqVEz.exe

C:\Windows\System\hYxqVEz.exe

C:\Windows\System\JxYRyiU.exe

C:\Windows\System\JxYRyiU.exe

C:\Windows\System\wULaTqy.exe

C:\Windows\System\wULaTqy.exe

C:\Windows\System\dQspOcN.exe

C:\Windows\System\dQspOcN.exe

C:\Windows\System\fRHYKok.exe

C:\Windows\System\fRHYKok.exe

C:\Windows\System\HToECYz.exe

C:\Windows\System\HToECYz.exe

C:\Windows\System\xMdSfcu.exe

C:\Windows\System\xMdSfcu.exe

C:\Windows\System\YHyYXgE.exe

C:\Windows\System\YHyYXgE.exe

C:\Windows\System\mDFYgJb.exe

C:\Windows\System\mDFYgJb.exe

C:\Windows\System\pLtUenK.exe

C:\Windows\System\pLtUenK.exe

C:\Windows\System\KLLfhfE.exe

C:\Windows\System\KLLfhfE.exe

C:\Windows\System\ndgMoWs.exe

C:\Windows\System\ndgMoWs.exe

C:\Windows\System\eRjaBJs.exe

C:\Windows\System\eRjaBJs.exe

C:\Windows\System\BfBMlZF.exe

C:\Windows\System\BfBMlZF.exe

C:\Windows\System\MxGwEGb.exe

C:\Windows\System\MxGwEGb.exe

C:\Windows\System\pYlMjvh.exe

C:\Windows\System\pYlMjvh.exe

C:\Windows\System\uKJTAkg.exe

C:\Windows\System\uKJTAkg.exe

C:\Windows\System\DHebRcN.exe

C:\Windows\System\DHebRcN.exe

C:\Windows\System\nbHHJMk.exe

C:\Windows\System\nbHHJMk.exe

C:\Windows\System\VjvxyJC.exe

C:\Windows\System\VjvxyJC.exe

C:\Windows\System\CDXFWpV.exe

C:\Windows\System\CDXFWpV.exe

C:\Windows\System\okXTVSS.exe

C:\Windows\System\okXTVSS.exe

C:\Windows\System\HHmihtj.exe

C:\Windows\System\HHmihtj.exe

C:\Windows\System\ArZFgDV.exe

C:\Windows\System\ArZFgDV.exe

C:\Windows\System\zOfYHvc.exe

C:\Windows\System\zOfYHvc.exe

C:\Windows\System\bSuItnd.exe

C:\Windows\System\bSuItnd.exe

C:\Windows\System\JVBKsPE.exe

C:\Windows\System\JVBKsPE.exe

C:\Windows\System\HYSoAJB.exe

C:\Windows\System\HYSoAJB.exe

C:\Windows\System\EvwPHPB.exe

C:\Windows\System\EvwPHPB.exe

C:\Windows\System\QYaQuHZ.exe

C:\Windows\System\QYaQuHZ.exe

C:\Windows\System\UAsWZBh.exe

C:\Windows\System\UAsWZBh.exe

C:\Windows\System\rjnESxz.exe

C:\Windows\System\rjnESxz.exe

C:\Windows\System\geyWxEF.exe

C:\Windows\System\geyWxEF.exe

C:\Windows\System\NANobKm.exe

C:\Windows\System\NANobKm.exe

C:\Windows\System\fLZccaq.exe

C:\Windows\System\fLZccaq.exe

C:\Windows\System\Sadkzka.exe

C:\Windows\System\Sadkzka.exe

C:\Windows\System\lKiWIQk.exe

C:\Windows\System\lKiWIQk.exe

C:\Windows\System\GtYtamH.exe

C:\Windows\System\GtYtamH.exe

C:\Windows\System\XpxGoGn.exe

C:\Windows\System\XpxGoGn.exe

C:\Windows\System\OPHvLrC.exe

C:\Windows\System\OPHvLrC.exe

C:\Windows\System\yCNTYIc.exe

C:\Windows\System\yCNTYIc.exe

C:\Windows\System\zAUXzUp.exe

C:\Windows\System\zAUXzUp.exe

C:\Windows\System\jeRDwpI.exe

C:\Windows\System\jeRDwpI.exe

C:\Windows\System\koOgMsv.exe

C:\Windows\System\koOgMsv.exe

C:\Windows\System\ElBVHHz.exe

C:\Windows\System\ElBVHHz.exe

C:\Windows\System\TOrsUtH.exe

C:\Windows\System\TOrsUtH.exe

C:\Windows\System\AktgydW.exe

C:\Windows\System\AktgydW.exe

C:\Windows\System\jRluFGt.exe

C:\Windows\System\jRluFGt.exe

C:\Windows\System\qOkeYEF.exe

C:\Windows\System\qOkeYEF.exe

C:\Windows\System\WkeZhgL.exe

C:\Windows\System\WkeZhgL.exe

C:\Windows\System\SAPPtEy.exe

C:\Windows\System\SAPPtEy.exe

C:\Windows\System\ovYWzNk.exe

C:\Windows\System\ovYWzNk.exe

C:\Windows\System\SqiPvJf.exe

C:\Windows\System\SqiPvJf.exe

C:\Windows\System\MjhJJHS.exe

C:\Windows\System\MjhJJHS.exe

C:\Windows\System\VHSTatF.exe

C:\Windows\System\VHSTatF.exe

C:\Windows\System\DbTvEMN.exe

C:\Windows\System\DbTvEMN.exe

C:\Windows\System\NvCpDib.exe

C:\Windows\System\NvCpDib.exe

C:\Windows\System\JjxxFeI.exe

C:\Windows\System\JjxxFeI.exe

C:\Windows\System\XRqcnXA.exe

C:\Windows\System\XRqcnXA.exe

C:\Windows\System\VCbDAQM.exe

C:\Windows\System\VCbDAQM.exe

C:\Windows\System\OKqchTZ.exe

C:\Windows\System\OKqchTZ.exe

C:\Windows\System\iPNhvCt.exe

C:\Windows\System\iPNhvCt.exe

C:\Windows\System\bTZgMKK.exe

C:\Windows\System\bTZgMKK.exe

C:\Windows\System\BUODGxi.exe

C:\Windows\System\BUODGxi.exe

C:\Windows\System\gDuGYgo.exe

C:\Windows\System\gDuGYgo.exe

C:\Windows\System\dgAEbLR.exe

C:\Windows\System\dgAEbLR.exe

C:\Windows\System\QocgmMg.exe

C:\Windows\System\QocgmMg.exe

C:\Windows\System\mWYSdWv.exe

C:\Windows\System\mWYSdWv.exe

C:\Windows\System\RJzjtOf.exe

C:\Windows\System\RJzjtOf.exe

C:\Windows\System\ABiCQTT.exe

C:\Windows\System\ABiCQTT.exe

C:\Windows\System\uNZmOQq.exe

C:\Windows\System\uNZmOQq.exe

C:\Windows\System\KdQXLAu.exe

C:\Windows\System\KdQXLAu.exe

C:\Windows\System\wvixtpa.exe

C:\Windows\System\wvixtpa.exe

C:\Windows\System\enjkXjS.exe

C:\Windows\System\enjkXjS.exe

C:\Windows\System\ITNgBgJ.exe

C:\Windows\System\ITNgBgJ.exe

C:\Windows\System\nFlmMwN.exe

C:\Windows\System\nFlmMwN.exe

C:\Windows\System\pFeOPGv.exe

C:\Windows\System\pFeOPGv.exe

C:\Windows\System\xXvnJhj.exe

C:\Windows\System\xXvnJhj.exe

C:\Windows\System\XjwlAlH.exe

C:\Windows\System\XjwlAlH.exe

C:\Windows\System\jcdubPC.exe

C:\Windows\System\jcdubPC.exe

C:\Windows\System\ZurjRum.exe

C:\Windows\System\ZurjRum.exe

C:\Windows\System\ogtEUnP.exe

C:\Windows\System\ogtEUnP.exe

C:\Windows\System\SxqcVEK.exe

C:\Windows\System\SxqcVEK.exe

C:\Windows\System\tPkBZVg.exe

C:\Windows\System\tPkBZVg.exe

C:\Windows\System\krKGKhp.exe

C:\Windows\System\krKGKhp.exe

C:\Windows\System\aqHtKsL.exe

C:\Windows\System\aqHtKsL.exe

C:\Windows\System\HkgnZpc.exe

C:\Windows\System\HkgnZpc.exe

C:\Windows\System\ibjfHpZ.exe

C:\Windows\System\ibjfHpZ.exe

C:\Windows\System\PwNHMdz.exe

C:\Windows\System\PwNHMdz.exe

C:\Windows\System\iYIkqeg.exe

C:\Windows\System\iYIkqeg.exe

C:\Windows\System\rFiDzIB.exe

C:\Windows\System\rFiDzIB.exe

C:\Windows\System\IPfXMTE.exe

C:\Windows\System\IPfXMTE.exe

C:\Windows\System\aLoEvRL.exe

C:\Windows\System\aLoEvRL.exe

C:\Windows\System\JwkgFzF.exe

C:\Windows\System\JwkgFzF.exe

C:\Windows\System\uzVdTgt.exe

C:\Windows\System\uzVdTgt.exe

C:\Windows\System\xYyAAqx.exe

C:\Windows\System\xYyAAqx.exe

C:\Windows\System\BmATabE.exe

C:\Windows\System\BmATabE.exe

C:\Windows\System\dcZqExA.exe

C:\Windows\System\dcZqExA.exe

C:\Windows\System\DZPSEvS.exe

C:\Windows\System\DZPSEvS.exe

C:\Windows\System\RlEBhTY.exe

C:\Windows\System\RlEBhTY.exe

C:\Windows\System\FNQvVnO.exe

C:\Windows\System\FNQvVnO.exe

C:\Windows\System\yEpWcWH.exe

C:\Windows\System\yEpWcWH.exe

C:\Windows\System\oTSyEUJ.exe

C:\Windows\System\oTSyEUJ.exe

C:\Windows\System\fKiufsB.exe

C:\Windows\System\fKiufsB.exe

C:\Windows\System\yzqnINc.exe

C:\Windows\System\yzqnINc.exe

C:\Windows\System\iHogGIM.exe

C:\Windows\System\iHogGIM.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2456-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2456-1-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\system\lxDOtHF.exe

MD5 2c26f56ce67db3f05190abfc29790b7f
SHA1 338c9258d5b2be1919ab46a31123ff7a359d13f7
SHA256 eb858b6d0cd219357ce2b7b9c644392893ba0320381b83995d1fe1ca32b81003
SHA512 279b6874c4267602b49f6c21ca29312cf447948835293f44c921d501c5ed0533a92eba12485187153969eb1909ae79a98d06f579389617e7b1e2e15027bec8e6

C:\Windows\system\yqAiIRl.exe

MD5 876678ebb20086d82986b0482219d241
SHA1 fcc4f2f32fc1efce0220d340b6e5b053b9c40b15
SHA256 8e5123993ba7ac9d3ad4d764316bd1697a5c2e820329a90d3036bf9bdf80ee8d
SHA512 028ca88465d562ac0a7ae227cf91d24bb90aab07ed665d2f23171d316d33a0175c6a5dcabeae72137019301a570dd5b9f72694595ddd0a769e5f79db6dde7be3

C:\Windows\system\xQidtiK.exe

MD5 75bd807f2282ba1966cb30d494b7ba0b
SHA1 af6faf73f9d17dfae66449215950735fae75ef4c
SHA256 b3c49bcd6db209b2d8dac5cc8d194166a43b38376676d13fec6b86f6982b6098
SHA512 a90086f6fd5c5f1ca28e1b6dfba7fdaf2e608e567d6c4a0f98f0bc1d25ac722fd8e3c59b44243e5967129954dfdbdd218895789fe49ffaadde981f6667d4811a

memory/2892-36-0x000000013F730000-0x000000013FA84000-memory.dmp

C:\Windows\system\ifoXrFb.exe

MD5 68ede7816ba6aeb7e1f10c299585e7c1
SHA1 15d3bf62414d532687554a48520a051ce3b2fb02
SHA256 745b1ef6351325c83d59ad315b0ac64e5b3524c01662e3a89d041a5dae3ff89b
SHA512 2f8b6ec3ab23060c1b72998ad2325b7ea694b036932142fbb1bc8f253f1bf87be40e1527c4bd1e50245c4ccb0ccb786a5c1a0bae33fa4b42642f81cd751ff33b

memory/2456-57-0x000000013F200000-0x000000013F554000-memory.dmp

\Windows\system\UxCpiVi.exe

MD5 5a52e7d1b199493ccf7c0676c4576364
SHA1 c011d39fb8fe053996215f2e6db65b185b39bcd0
SHA256 379c0b1011794590fc4b70d63b7fadfc60624f23641c397dea1ebc84629e18c9
SHA512 7dee4cb6810ba8e5f622a0cb94410ce4cbb5b4af6a1761a5f9315e34817484cfe72bc4cb3c1e4bbb3f622a712fc746fe8dd6e1f662cc51b41db13819c52df47f

C:\Windows\system\DnjAIJO.exe

MD5 31cd5945337588cb5f04d5d9af325b3e
SHA1 2846415bffb7c4318de3b899ef8df0996b6244ce
SHA256 4e9a689a9b9bffca31c9e82ae71466ffdb1600d5b732119ee64f9751f98d33f9
SHA512 dfb06245b7a4e6735f3d627d34554d194e844b61fcb3b70eaaf21192c004893f4e97a54c7a5ea5b2a8278629acff9028e6071bb22458b90caddfedb52b031d17

C:\Windows\system\woWvpOK.exe

MD5 847308080407286aba0908593584ca5b
SHA1 a01137dc280690b4020943ad6e3e35387fd60e95
SHA256 9bb4b55c68881a0e1d81830138155d4a5df933a866da5916e74ee5c46c0a9c3c
SHA512 f21592dc713173fb12b2a9af9ec72498df671009e74433485264c9b777d11d5822a7d7ba73d8f438f7bd0bc366535f636baed305ce34a89e97a21620060a7021

memory/2572-1066-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2456-1067-0x0000000001ED0000-0x0000000002224000-memory.dmp

memory/2436-1068-0x000000013F190000-0x000000013F4E4000-memory.dmp

C:\Windows\system\QuRFrnL.exe

MD5 e9ff8718638d3bb9a0392f4a91df1bfa
SHA1 58917f4cc0a2346b1e4bfb17d555b6d792d28f92
SHA256 f131e556926f4dcc45cef19fab09bacc2431f2b69474bd3211dc120540dfa4ac
SHA512 e2db42b795fba9d2080bcf7aaf991b3ce9f52b7e4beb2b346940a7f8d845b381e721035149a74fced98a6e308254bdabda0f55fb084d60be6a6b2aecade5c5e1

C:\Windows\system\RGMrjcx.exe

MD5 c9b854fe03b4bb43b35a437f0edad983
SHA1 749be95af71b9ca105b11235e65be787f8f5b4b2
SHA256 6c570abc001f5da37bc45cfde4ae5d6409675e618cff9c7fa95af8f9a9eac355
SHA512 a95db15076dba7f28dd3e476fbe4f8592f0e3795c8bec571b8ede803ff89c199e4f75456bdb14b4e129134e63b7c93ae4f3e6c8691bc83c00b28ad4ae104748c

C:\Windows\system\odJXiKB.exe

MD5 e0405c584832c470fc5fad70ed140985
SHA1 15def4f0404dffd607a7309d916b9a69e4692d19
SHA256 56b0e0b5155c5c12ea5ff32c0351b0f239ede608abda7941fbdf6a49cd0c93bf
SHA512 e918d863ddcdd9a1d8d7c7936f6973d97adc772cf0c46fa9f4d0132fbba91ecd206846509a430cb83a849875d29ec625828b94659402f4a41a6ba04f61af345f

C:\Windows\system\GvnlRkQ.exe

MD5 d2b53fde504e7ced813e2d9235f48d5b
SHA1 009786767b4161e3c3a12f6c8212bb38a72ddb2f
SHA256 7fcdc603cefcbef7e60b5727684b2af92e7053edb10499b0928700d3256eb56a
SHA512 b97a0f7d7189489fd5a25168f57130e7a1ba3b995b7152e49a0496eae3c128faae52c48bb6e6b2c29476bdff359243a6b03ee332d857d396ec8e745664f9d79c

C:\Windows\system\TAOErIt.exe

MD5 0c0a2bfaf5ca281fbaedb0e22b3fa42d
SHA1 3df46d268d3c95c1a620cfeca9f2f497a6cfeba8
SHA256 7299f6f4caa60be67ee4d127e2e95214896893cc6169fe03f2756addbfda5f49
SHA512 771ac0ebf27271bf9b6a88be7af8def5daee2c12360e60d14fb525474ac6b0cb31b598419fa6fa68ca87ff15af2bb802b9a49d8416ed32416968cd5c06d6934b

C:\Windows\system\sxxZPiq.exe

MD5 5d951b69e7ebf8e4eb4f15a7f379c25d
SHA1 248b758e1aee931e053ff5ce5e033b8e833d64b0
SHA256 6a3b3e08111e434d5eeefb04e86269a1f5f470d714400b15c6b9bacf0e6007bb
SHA512 6790ead6e08ab4be536f97ff53f7787326465cafc1d030443275954d12f690496c57e892fbe1c36ded81a39346b17ebe6f3540d9323825f58d6d80be92859f0f

C:\Windows\system\YHspFae.exe

MD5 1f6007fc10bffcaf7335818997435f50
SHA1 e78edafe73397594a08f2eded024d12684161562
SHA256 3c8562c7792feca0059048488b946f0b7027972f1e0aa69479399f42e18d8e4f
SHA512 620af890b492e5a79cbd7fb3244c4f7dc8fabb4b1a3bb05a8a07af76a0811d8c98ac6523a55c0a47eda4269a835f88763f481885ab221a4b6c8ea74ae3b9d11e

C:\Windows\system\iIjNVqQ.exe

MD5 211a801adfd766cb1e61d235749728f5
SHA1 6159bc35c3b0ba6912f6c2da20b98c1eebbd37d7
SHA256 8ff17f8a903dfebeb835c5b8bbde9e3d8859906248b60b68790f3f888f8221d5
SHA512 14e4e8248bff4cd88c16b523b426cd721ad1140a8d6b963c0fd748a329adb760aac0e744f8eb407b38cffa7acfe02b1d9e16c1f7957b6197772a504f1d421346

C:\Windows\system\rxmRtSn.exe

MD5 d8cd61ee4d895535e1ed68faa244801a
SHA1 a6bb638c7d627ff62b2f3e10aab73ca14b8175e9
SHA256 cf8191598cf93ff4f4e8e48d8863c99a79566fcc422fd9308fa5f6ef070199b5
SHA512 ed123ed4cf8e2e226f0f2701a3dc757a9d71c1d5a18dee7e8a1db9fec11a47d4169d100be5d06558d447d043d55c9e0a59682889e9de8fbdf526dcfec23dda54

\Windows\system\eNPIzwW.exe

MD5 a69ae3ae60186ddd715eb3d7c555ae89
SHA1 0ac48cd2fdb93a7b8e4a868646f32583564ce9d8
SHA256 2c48462c2585d81a6d0af1672d7c75c26fe25333c1fc725a28f36159f399770a
SHA512 8ee5fed1aa5b762ca28d3c36e0e6e7f416936f51aaa6ec4960ff9b97ee96329dc5288f74f9ece2f448bcc20cb62fc4fc7a00c361eaf21bda7ef1720641f4841e

memory/344-102-0x000000013F080000-0x000000013F3D4000-memory.dmp

\Windows\system\BOhJVbx.exe

MD5 7b9763c1beaa0597b7a4856f7b549da7
SHA1 024d7256a54abc2d6eacaff124111ea237ae8067
SHA256 e1d790466cacf4faa5851effd014704fb1d56ecd9eda5daa040061ea9ded3c3a
SHA512 5ea54106e5683df0e8327908d335aecbaa5a40e1948c02fb65e26c7ac96c012f3c91ff6f2f92074ba763a8047bf8bd4c7650d66cd6407eb9e80a3d14b3c36a10

C:\Windows\system\zgeCeLw.exe

MD5 a5f0010b781791320e2db7bf66882cb4
SHA1 7d7bdb6c13c447f7d690cda2e4578da537578d00
SHA256 458fe345388dc715c60107d553a8f05ada277a1d7c568901a4d88fd07bc65977
SHA512 a7cb3decc0caf20a838ecc28bbcade1cc4ce9881df6d6c16c86c3a33b8213bfb5fac47c88ca00a153a4602c91eb511e3beaa8c7c0be920586763b06dc1ae4eac

\Windows\system\QWskKqO.exe

MD5 d937d3fed5481ba40e4a5d20eb433678
SHA1 d5ef1648e2b11fd25f9e804469eea63b9f395282
SHA256 025c94bf124963fec16f0a4b794df38c6313618ddcb15e66d1914630a0d27075
SHA512 9d362a1fe9269ce10a577ba69180bfc836d44e2b719f165d52787de36fa744e90a22881c2134d08cc937ae602f9394e046040c8b3e84572f973689538366fb64

C:\Windows\system\hrVIFPo.exe

MD5 4a22c1ce5857b4a12962443a3fa0cc46
SHA1 f6e439c7afff70587857ded63d1f0cd9727a3e15
SHA256 0849d2b2a2a40e1f3b619bf587f2b55fde2af72a02391e9caaa8edce2a0ef9b6
SHA512 60539b83a957af71e1d9b27232528e591a42906a6344411d35aa64675a3df49ffe2fbd1b4b161b68d87c4fab82c70e89d83da103ee7eb455a3d75f1d52c8509d

C:\Windows\system\UYBnApg.exe

MD5 388515afab6b90a2aaf1062e22da2156
SHA1 741c9263161aa618e8ae7d76b708faa780dfd0ed
SHA256 7d6aa733c049400859cf3cf7c81b43a543652ea6a494a9c5897e9b7af5706958
SHA512 048071bf77357a4ba25f0e0179806354fea639edaae4ce1223478bd42d526d091aacb7fef9f3a70b986ca8812d149e2732e63452e078044a027e356007dbfeb0

C:\Windows\system\fphlBkS.exe

MD5 e8abfae94f62fc67819684125a337ebe
SHA1 10909a05bc453fab46d5a2a0837675afb6134936
SHA256 ef36ec82f872e835054e88157fe8228163fb1d9f4a80160ddfe0930d979ef571
SHA512 4109e4d9c6c6162810f451a2c2d7371b628e63464672f0121e3f98f9b8ed09c0d026d89296c1e61f5876716232e388638cac6872308a5ccef95e5485416afccc

memory/2832-73-0x000000013FFE0000-0x0000000140334000-memory.dmp

C:\Windows\system\muqycDM.exe

MD5 ca722f3975f5e0d8bff2a3d73ebb77a0
SHA1 08e3151c552869284489c204cd628deb4c39653a
SHA256 68666b68b069d17900d1ab2171e4e269fe652f440599429df8802485e112fb03
SHA512 0d88658776c3ee4e9e4a56be495ecebf89b0006a2a2492b87a132384be640636f624d8e543012b39e0f2a311ebf99f6446a5dcfff129008b9015c04854462b5d

memory/2456-128-0x000000013F6E0000-0x000000013FA34000-memory.dmp

C:\Windows\system\frNDWaL.exe

MD5 67c2582e3f705552cb941dd33fd50988
SHA1 07aab57065ce1e4898aa739893cd06e7d4dde467
SHA256 c1f75a3f127feb074bc098315d0d5c0aa275e6fa8ccebe9962f524830af9c6a0
SHA512 6e9f96dddd335e22a7c525adda35f638d06e22b052506a8b29f6bda036622ad988a52e48e52ac8780acb9d07cc17ebc38b0aeae4a968e10a116b18e790b47c8f

memory/1744-112-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\DOyddZA.exe

MD5 45bbec9c03800ec7ccc29e8910d73287
SHA1 04d49cf5bf9c1fd4863baf4a858b9f500598750f
SHA256 5aec9d95dfb91d0cd2f8c3aa1e0007d68174b246ad465b4843f13cb8f9a5522a
SHA512 69cadad5d64d8f2a2e6da768d69710157da5491cfb3488689194f36bad7cddeab91e9ff348f4b9749e56f5e938202e7893201ddae020f8e04c1130a498c8372c

memory/2456-82-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2456-81-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/1072-80-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2456-79-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/880-78-0x000000013F9D0000-0x000000013FD24000-memory.dmp

C:\Windows\system\tvPgzfE.exe

MD5 40fcfc76248232580aaaf81b02c5d1ae
SHA1 5faf2342167d8a6d290868827f0f44d0c6bf81f5
SHA256 c520fb6dd5a478ebfa4c4153afcfff2621dd83560014cf06af45e2f04ab466a8
SHA512 d2d8ed446121e8621e175250a99d000e901307bae928bf2e8e691fd1bbf111ca243b8bc49947860810738bf5e8bde2934aa6ea7a2f8479157af62bfd70dd8f0b

C:\Windows\system\oChgYAd.exe

MD5 c9fd692869508abb1794f927e1501aa1
SHA1 e266a4dd6e917dc4d9ae7f533b3894d6b580c4fc
SHA256 5da433fd560e8cae5d26cb46bcf3970adb9bcf4613dce463fb65151059f82d65
SHA512 6d375518a037420f35d287594530bca8f037d479a726c61c087cebd258cb4bf894389cf6b641aecb97a3804e6cf0b02e7b4009bf8c5181daeb5d043dd24e0889

memory/2384-61-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2384-1069-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2436-59-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2456-58-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2456-1070-0x0000000001ED0000-0x0000000002224000-memory.dmp

memory/2832-1071-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2572-42-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2600-56-0x000000013FEA0000-0x00000001401F4000-memory.dmp

C:\Windows\system\HUepOgo.exe

MD5 c1f03d0393b4b5025ed396bebd0400aa
SHA1 d8a1fb72d868960db214fc7220665e00a797a168
SHA256 b37053fa947c00eb4d203275fa5805e349443a077ce549ab69c88de2fe61d038
SHA512 4911a9a2aa96ab0e74caf70bcd0f5289119adde9a3cd4a113c03c290075937c932962457c58b1577e8f4ded72d8198181dad3942aa9ac6abbddd0c05f6fca47f

C:\Windows\system\hmrEMyH.exe

MD5 d44e2d9f5b0fc31c07ae0bfb02dd4a7b
SHA1 cf93a1497b97fa182b8e25017903f11a5cab398f
SHA256 2965038f1398f225b7349fe9a9089ac6c6aa683eced672a7e2dcbb5d44f69198
SHA512 fc3f1d3844f741c6168267dd6b77e7f70355b2962f5e2d936ed49afefbcd57240bd07d6a4bd69559c431dec11cdbde6deb0018088b4ec9b9adf20f2067406ce7

memory/2456-39-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2456-35-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/2456-34-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2752-33-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2456-32-0x0000000001ED0000-0x0000000002224000-memory.dmp

memory/2764-31-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2456-30-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2504-29-0x000000013F260000-0x000000013F5B4000-memory.dmp

C:\Windows\system\AAEgPtM.exe

MD5 97dbae70cdb7247587da0184ed598ef7
SHA1 63e8cb36cc78ad9d2ee56f830e6d97ad7fa69035
SHA256 d027a319f012bb1695b6e7e599996f9fb64392df038e8b5d396a9c6e1cb57628
SHA512 4613428bf57b08576096c38958eac5d0049dfdbcb0c69790bd9bbd9c8e9813c791d1729dfb7aeec92dc3556b826da0e04e42e2a4996d4facac1524fa715b9e03

C:\Windows\system\MLYUtcu.exe

MD5 39a0e49ba71ee6e2371d5a42b5dae4e7
SHA1 dd28e332b2cf0b4396953c15bf6b1fc74b47984a
SHA256 7f475c0b5d82d3a5a1e988db3d43a9b3aa81d91eeec32aa48c4566fbd308eb69
SHA512 26e38a74cdbb5572010b47c149e6b6502ad550f821cf9ade5c4842a87d99887a485e10d2ab5fa09a59c13b49ff084181d468f28ebc2b224b68daf9214ae50a3b

memory/2124-24-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2456-1072-0x0000000001ED0000-0x0000000002224000-memory.dmp

memory/880-1073-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1072-1074-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2456-1075-0x000000013F400000-0x000000013F754000-memory.dmp

memory/1744-1078-0x000000013F610000-0x000000013F964000-memory.dmp

memory/344-1077-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2456-1076-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2456-1079-0x000000013F6E0000-0x000000013FA34000-memory.dmp

memory/2124-1080-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2764-1082-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2504-1081-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2892-1083-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/2752-1084-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2572-1085-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2600-1086-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/1072-1089-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2436-1088-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/880-1087-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/2384-1090-0x000000013F200000-0x000000013F554000-memory.dmp

memory/344-1092-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2832-1093-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/1744-1091-0x000000013F610000-0x000000013F964000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 06:18

Reported

2024-05-30 06:20

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fkHEQGU.exe N/A
N/A N/A C:\Windows\System\JYNaEGH.exe N/A
N/A N/A C:\Windows\System\ngYTTND.exe N/A
N/A N/A C:\Windows\System\stwDhph.exe N/A
N/A N/A C:\Windows\System\gBmeCVx.exe N/A
N/A N/A C:\Windows\System\ULickri.exe N/A
N/A N/A C:\Windows\System\PRuDHhR.exe N/A
N/A N/A C:\Windows\System\jbgxfJj.exe N/A
N/A N/A C:\Windows\System\DHvCuwk.exe N/A
N/A N/A C:\Windows\System\XdAbqAI.exe N/A
N/A N/A C:\Windows\System\neVrySn.exe N/A
N/A N/A C:\Windows\System\oopMpUB.exe N/A
N/A N/A C:\Windows\System\geaADMg.exe N/A
N/A N/A C:\Windows\System\chKztFD.exe N/A
N/A N/A C:\Windows\System\JcIHgqk.exe N/A
N/A N/A C:\Windows\System\ySXUofQ.exe N/A
N/A N/A C:\Windows\System\dNeDmbp.exe N/A
N/A N/A C:\Windows\System\HVfBEle.exe N/A
N/A N/A C:\Windows\System\NqtsEZw.exe N/A
N/A N/A C:\Windows\System\IkzAODM.exe N/A
N/A N/A C:\Windows\System\IExRGEW.exe N/A
N/A N/A C:\Windows\System\QRjEMVZ.exe N/A
N/A N/A C:\Windows\System\eeMtLEr.exe N/A
N/A N/A C:\Windows\System\XNSMOOh.exe N/A
N/A N/A C:\Windows\System\ackszDV.exe N/A
N/A N/A C:\Windows\System\MUyHKTp.exe N/A
N/A N/A C:\Windows\System\oCzzFit.exe N/A
N/A N/A C:\Windows\System\ByhgdUd.exe N/A
N/A N/A C:\Windows\System\PSqZZtG.exe N/A
N/A N/A C:\Windows\System\XwSVUDT.exe N/A
N/A N/A C:\Windows\System\cERJbeu.exe N/A
N/A N/A C:\Windows\System\lTRivEs.exe N/A
N/A N/A C:\Windows\System\BwLYgUE.exe N/A
N/A N/A C:\Windows\System\SGAlRse.exe N/A
N/A N/A C:\Windows\System\uvNJgVa.exe N/A
N/A N/A C:\Windows\System\TZqLIoR.exe N/A
N/A N/A C:\Windows\System\oEXPBEl.exe N/A
N/A N/A C:\Windows\System\zIskhuB.exe N/A
N/A N/A C:\Windows\System\MIvFzzD.exe N/A
N/A N/A C:\Windows\System\trHEJfL.exe N/A
N/A N/A C:\Windows\System\uTtjvCb.exe N/A
N/A N/A C:\Windows\System\UDheTAn.exe N/A
N/A N/A C:\Windows\System\dglcPDe.exe N/A
N/A N/A C:\Windows\System\XADyztk.exe N/A
N/A N/A C:\Windows\System\psdZUII.exe N/A
N/A N/A C:\Windows\System\kmqQxlc.exe N/A
N/A N/A C:\Windows\System\SMuXbQO.exe N/A
N/A N/A C:\Windows\System\YmPmaEK.exe N/A
N/A N/A C:\Windows\System\lkgKRpe.exe N/A
N/A N/A C:\Windows\System\yfLVNbl.exe N/A
N/A N/A C:\Windows\System\HacQiKA.exe N/A
N/A N/A C:\Windows\System\WJYgFGS.exe N/A
N/A N/A C:\Windows\System\SsydVYy.exe N/A
N/A N/A C:\Windows\System\kqHrnod.exe N/A
N/A N/A C:\Windows\System\mLDhjwP.exe N/A
N/A N/A C:\Windows\System\oRmoXBV.exe N/A
N/A N/A C:\Windows\System\lbKEZBr.exe N/A
N/A N/A C:\Windows\System\TliYuTr.exe N/A
N/A N/A C:\Windows\System\bdyaMzX.exe N/A
N/A N/A C:\Windows\System\NSGFcSj.exe N/A
N/A N/A C:\Windows\System\jkBrrNa.exe N/A
N/A N/A C:\Windows\System\BAVgPZN.exe N/A
N/A N/A C:\Windows\System\uwUQQoG.exe N/A
N/A N/A C:\Windows\System\BgVMNil.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\KaiIFTR.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rojQLHc.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\piMSIlr.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPOmKuo.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QRjEMVZ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkBrrNa.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccjeWPF.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnqZrxT.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Asubjtg.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsaPefL.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dglcPDe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwUQQoG.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qobYuzd.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUsecEJ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLDhjwP.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfFqTHg.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMjDFRf.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmZRWNe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GuvhHox.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYbKaqh.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFHqeUK.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HacQiKA.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsydVYy.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oRmoXBV.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGMDxZr.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxdPJSb.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpaoKYe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdnJpOi.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OlkkzHR.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fciOTjM.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUkROju.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ndIjjDF.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqPSfcA.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdAbqAI.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNSMOOh.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUyHKTp.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgzfuTg.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OiDYSmM.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWkraeJ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCGjVHe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PSqZZtG.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cERJbeu.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VORUHde.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsSpgAt.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHCvHOk.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VBcVDil.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkcpZjk.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMeCZqb.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBmeCVx.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySXUofQ.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEXPBEl.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdKVOhT.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvJwZKX.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDyLRBO.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEuwOct.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOsvaNe.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niChKww.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymMkhPs.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBmwMNW.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gxngRzO.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofoXRKD.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwLYgUE.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBYClOO.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvMfxNL.exe C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3708 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\fkHEQGU.exe
PID 3708 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\fkHEQGU.exe
PID 3708 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\JYNaEGH.exe
PID 3708 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\JYNaEGH.exe
PID 3708 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ngYTTND.exe
PID 3708 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ngYTTND.exe
PID 3708 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\stwDhph.exe
PID 3708 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\stwDhph.exe
PID 3708 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\gBmeCVx.exe
PID 3708 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\gBmeCVx.exe
PID 3708 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ULickri.exe
PID 3708 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ULickri.exe
PID 3708 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\PRuDHhR.exe
PID 3708 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\PRuDHhR.exe
PID 3708 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\jbgxfJj.exe
PID 3708 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\jbgxfJj.exe
PID 3708 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DHvCuwk.exe
PID 3708 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\DHvCuwk.exe
PID 3708 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XdAbqAI.exe
PID 3708 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XdAbqAI.exe
PID 3708 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\neVrySn.exe
PID 3708 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\neVrySn.exe
PID 3708 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oopMpUB.exe
PID 3708 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oopMpUB.exe
PID 3708 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\geaADMg.exe
PID 3708 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\geaADMg.exe
PID 3708 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\chKztFD.exe
PID 3708 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\chKztFD.exe
PID 3708 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\JcIHgqk.exe
PID 3708 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\JcIHgqk.exe
PID 3708 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ySXUofQ.exe
PID 3708 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ySXUofQ.exe
PID 3708 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\dNeDmbp.exe
PID 3708 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\dNeDmbp.exe
PID 3708 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\HVfBEle.exe
PID 3708 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\HVfBEle.exe
PID 3708 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\NqtsEZw.exe
PID 3708 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\NqtsEZw.exe
PID 3708 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\IkzAODM.exe
PID 3708 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\IkzAODM.exe
PID 3708 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\IExRGEW.exe
PID 3708 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\IExRGEW.exe
PID 3708 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\QRjEMVZ.exe
PID 3708 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\QRjEMVZ.exe
PID 3708 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\eeMtLEr.exe
PID 3708 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\eeMtLEr.exe
PID 3708 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XNSMOOh.exe
PID 3708 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XNSMOOh.exe
PID 3708 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ackszDV.exe
PID 3708 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ackszDV.exe
PID 3708 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\MUyHKTp.exe
PID 3708 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\MUyHKTp.exe
PID 3708 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oCzzFit.exe
PID 3708 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\oCzzFit.exe
PID 3708 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ByhgdUd.exe
PID 3708 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\ByhgdUd.exe
PID 3708 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\PSqZZtG.exe
PID 3708 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\PSqZZtG.exe
PID 3708 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XwSVUDT.exe
PID 3708 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\XwSVUDT.exe
PID 3708 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\cERJbeu.exe
PID 3708 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\cERJbeu.exe
PID 3708 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\lTRivEs.exe
PID 3708 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe C:\Windows\System\lTRivEs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67ee33d96b36122bbcc402a2ed6ecae0_NeikiAnalytics.exe"

C:\Windows\System\fkHEQGU.exe

C:\Windows\System\fkHEQGU.exe

C:\Windows\System\JYNaEGH.exe

C:\Windows\System\JYNaEGH.exe

C:\Windows\System\ngYTTND.exe

C:\Windows\System\ngYTTND.exe

C:\Windows\System\stwDhph.exe

C:\Windows\System\stwDhph.exe

C:\Windows\System\gBmeCVx.exe

C:\Windows\System\gBmeCVx.exe

C:\Windows\System\ULickri.exe

C:\Windows\System\ULickri.exe

C:\Windows\System\PRuDHhR.exe

C:\Windows\System\PRuDHhR.exe

C:\Windows\System\jbgxfJj.exe

C:\Windows\System\jbgxfJj.exe

C:\Windows\System\DHvCuwk.exe

C:\Windows\System\DHvCuwk.exe

C:\Windows\System\XdAbqAI.exe

C:\Windows\System\XdAbqAI.exe

C:\Windows\System\neVrySn.exe

C:\Windows\System\neVrySn.exe

C:\Windows\System\oopMpUB.exe

C:\Windows\System\oopMpUB.exe

C:\Windows\System\geaADMg.exe

C:\Windows\System\geaADMg.exe

C:\Windows\System\chKztFD.exe

C:\Windows\System\chKztFD.exe

C:\Windows\System\JcIHgqk.exe

C:\Windows\System\JcIHgqk.exe

C:\Windows\System\ySXUofQ.exe

C:\Windows\System\ySXUofQ.exe

C:\Windows\System\dNeDmbp.exe

C:\Windows\System\dNeDmbp.exe

C:\Windows\System\HVfBEle.exe

C:\Windows\System\HVfBEle.exe

C:\Windows\System\NqtsEZw.exe

C:\Windows\System\NqtsEZw.exe

C:\Windows\System\IkzAODM.exe

C:\Windows\System\IkzAODM.exe

C:\Windows\System\IExRGEW.exe

C:\Windows\System\IExRGEW.exe

C:\Windows\System\QRjEMVZ.exe

C:\Windows\System\QRjEMVZ.exe

C:\Windows\System\eeMtLEr.exe

C:\Windows\System\eeMtLEr.exe

C:\Windows\System\XNSMOOh.exe

C:\Windows\System\XNSMOOh.exe

C:\Windows\System\ackszDV.exe

C:\Windows\System\ackszDV.exe

C:\Windows\System\MUyHKTp.exe

C:\Windows\System\MUyHKTp.exe

C:\Windows\System\oCzzFit.exe

C:\Windows\System\oCzzFit.exe

C:\Windows\System\ByhgdUd.exe

C:\Windows\System\ByhgdUd.exe

C:\Windows\System\PSqZZtG.exe

C:\Windows\System\PSqZZtG.exe

C:\Windows\System\XwSVUDT.exe

C:\Windows\System\XwSVUDT.exe

C:\Windows\System\cERJbeu.exe

C:\Windows\System\cERJbeu.exe

C:\Windows\System\lTRivEs.exe

C:\Windows\System\lTRivEs.exe

C:\Windows\System\BwLYgUE.exe

C:\Windows\System\BwLYgUE.exe

C:\Windows\System\SGAlRse.exe

C:\Windows\System\SGAlRse.exe

C:\Windows\System\uvNJgVa.exe

C:\Windows\System\uvNJgVa.exe

C:\Windows\System\TZqLIoR.exe

C:\Windows\System\TZqLIoR.exe

C:\Windows\System\oEXPBEl.exe

C:\Windows\System\oEXPBEl.exe

C:\Windows\System\zIskhuB.exe

C:\Windows\System\zIskhuB.exe

C:\Windows\System\MIvFzzD.exe

C:\Windows\System\MIvFzzD.exe

C:\Windows\System\trHEJfL.exe

C:\Windows\System\trHEJfL.exe

C:\Windows\System\uTtjvCb.exe

C:\Windows\System\uTtjvCb.exe

C:\Windows\System\UDheTAn.exe

C:\Windows\System\UDheTAn.exe

C:\Windows\System\dglcPDe.exe

C:\Windows\System\dglcPDe.exe

C:\Windows\System\XADyztk.exe

C:\Windows\System\XADyztk.exe

C:\Windows\System\psdZUII.exe

C:\Windows\System\psdZUII.exe

C:\Windows\System\kmqQxlc.exe

C:\Windows\System\kmqQxlc.exe

C:\Windows\System\SMuXbQO.exe

C:\Windows\System\SMuXbQO.exe

C:\Windows\System\YmPmaEK.exe

C:\Windows\System\YmPmaEK.exe

C:\Windows\System\lkgKRpe.exe

C:\Windows\System\lkgKRpe.exe

C:\Windows\System\yfLVNbl.exe

C:\Windows\System\yfLVNbl.exe

C:\Windows\System\HacQiKA.exe

C:\Windows\System\HacQiKA.exe

C:\Windows\System\WJYgFGS.exe

C:\Windows\System\WJYgFGS.exe

C:\Windows\System\SsydVYy.exe

C:\Windows\System\SsydVYy.exe

C:\Windows\System\kqHrnod.exe

C:\Windows\System\kqHrnod.exe

C:\Windows\System\mLDhjwP.exe

C:\Windows\System\mLDhjwP.exe

C:\Windows\System\oRmoXBV.exe

C:\Windows\System\oRmoXBV.exe

C:\Windows\System\lbKEZBr.exe

C:\Windows\System\lbKEZBr.exe

C:\Windows\System\TliYuTr.exe

C:\Windows\System\TliYuTr.exe

C:\Windows\System\bdyaMzX.exe

C:\Windows\System\bdyaMzX.exe

C:\Windows\System\NSGFcSj.exe

C:\Windows\System\NSGFcSj.exe

C:\Windows\System\jkBrrNa.exe

C:\Windows\System\jkBrrNa.exe

C:\Windows\System\BAVgPZN.exe

C:\Windows\System\BAVgPZN.exe

C:\Windows\System\uwUQQoG.exe

C:\Windows\System\uwUQQoG.exe

C:\Windows\System\BgVMNil.exe

C:\Windows\System\BgVMNil.exe

C:\Windows\System\mYagggH.exe

C:\Windows\System\mYagggH.exe

C:\Windows\System\NVFjfMv.exe

C:\Windows\System\NVFjfMv.exe

C:\Windows\System\LLsrOFa.exe

C:\Windows\System\LLsrOFa.exe

C:\Windows\System\ziYWlHL.exe

C:\Windows\System\ziYWlHL.exe

C:\Windows\System\tqifdeK.exe

C:\Windows\System\tqifdeK.exe

C:\Windows\System\ptLfASH.exe

C:\Windows\System\ptLfASH.exe

C:\Windows\System\UmDuJDP.exe

C:\Windows\System\UmDuJDP.exe

C:\Windows\System\gKDMJpO.exe

C:\Windows\System\gKDMJpO.exe

C:\Windows\System\ejAPPVx.exe

C:\Windows\System\ejAPPVx.exe

C:\Windows\System\pqGuHtN.exe

C:\Windows\System\pqGuHtN.exe

C:\Windows\System\oGLokcG.exe

C:\Windows\System\oGLokcG.exe

C:\Windows\System\KGTtquQ.exe

C:\Windows\System\KGTtquQ.exe

C:\Windows\System\tjOMvFB.exe

C:\Windows\System\tjOMvFB.exe

C:\Windows\System\JBsNRzZ.exe

C:\Windows\System\JBsNRzZ.exe

C:\Windows\System\RmZRWNe.exe

C:\Windows\System\RmZRWNe.exe

C:\Windows\System\WMSCKXN.exe

C:\Windows\System\WMSCKXN.exe

C:\Windows\System\aqDTBKU.exe

C:\Windows\System\aqDTBKU.exe

C:\Windows\System\KPnChkY.exe

C:\Windows\System\KPnChkY.exe

C:\Windows\System\yEsbMZQ.exe

C:\Windows\System\yEsbMZQ.exe

C:\Windows\System\SsSpgAt.exe

C:\Windows\System\SsSpgAt.exe

C:\Windows\System\jVzRDWo.exe

C:\Windows\System\jVzRDWo.exe

C:\Windows\System\GgJXrtK.exe

C:\Windows\System\GgJXrtK.exe

C:\Windows\System\aFYRrtq.exe

C:\Windows\System\aFYRrtq.exe

C:\Windows\System\zZhcpYK.exe

C:\Windows\System\zZhcpYK.exe

C:\Windows\System\DBYClOO.exe

C:\Windows\System\DBYClOO.exe

C:\Windows\System\jztkvPZ.exe

C:\Windows\System\jztkvPZ.exe

C:\Windows\System\dMGaNrs.exe

C:\Windows\System\dMGaNrs.exe

C:\Windows\System\yKtKPpR.exe

C:\Windows\System\yKtKPpR.exe

C:\Windows\System\AkpiUgt.exe

C:\Windows\System\AkpiUgt.exe

C:\Windows\System\yWTNEPV.exe

C:\Windows\System\yWTNEPV.exe

C:\Windows\System\ZHojZDg.exe

C:\Windows\System\ZHojZDg.exe

C:\Windows\System\fpaoKYe.exe

C:\Windows\System\fpaoKYe.exe

C:\Windows\System\ccjeWPF.exe

C:\Windows\System\ccjeWPF.exe

C:\Windows\System\XsqIqDN.exe

C:\Windows\System\XsqIqDN.exe

C:\Windows\System\TPPlOvo.exe

C:\Windows\System\TPPlOvo.exe

C:\Windows\System\KaiIFTR.exe

C:\Windows\System\KaiIFTR.exe

C:\Windows\System\EvWBpMz.exe

C:\Windows\System\EvWBpMz.exe

C:\Windows\System\EqiRNmY.exe

C:\Windows\System\EqiRNmY.exe

C:\Windows\System\sffhZcF.exe

C:\Windows\System\sffhZcF.exe

C:\Windows\System\TbQapiw.exe

C:\Windows\System\TbQapiw.exe

C:\Windows\System\UMFEEuz.exe

C:\Windows\System\UMFEEuz.exe

C:\Windows\System\dmPjdUt.exe

C:\Windows\System\dmPjdUt.exe

C:\Windows\System\dXSqZBq.exe

C:\Windows\System\dXSqZBq.exe

C:\Windows\System\IkXXTHz.exe

C:\Windows\System\IkXXTHz.exe

C:\Windows\System\PNukTvT.exe

C:\Windows\System\PNukTvT.exe

C:\Windows\System\iYXTIqJ.exe

C:\Windows\System\iYXTIqJ.exe

C:\Windows\System\KOsvaNe.exe

C:\Windows\System\KOsvaNe.exe

C:\Windows\System\fTFOIXX.exe

C:\Windows\System\fTFOIXX.exe

C:\Windows\System\BhdVyNy.exe

C:\Windows\System\BhdVyNy.exe

C:\Windows\System\jSFZIcy.exe

C:\Windows\System\jSFZIcy.exe

C:\Windows\System\yVwPYAu.exe

C:\Windows\System\yVwPYAu.exe

C:\Windows\System\cxPXncU.exe

C:\Windows\System\cxPXncU.exe

C:\Windows\System\AMkOaeZ.exe

C:\Windows\System\AMkOaeZ.exe

C:\Windows\System\iUWATJA.exe

C:\Windows\System\iUWATJA.exe

C:\Windows\System\wQtKeDh.exe

C:\Windows\System\wQtKeDh.exe

C:\Windows\System\JimvJpR.exe

C:\Windows\System\JimvJpR.exe

C:\Windows\System\ZCBfbDn.exe

C:\Windows\System\ZCBfbDn.exe

C:\Windows\System\cfFqTHg.exe

C:\Windows\System\cfFqTHg.exe

C:\Windows\System\PdhiNkO.exe

C:\Windows\System\PdhiNkO.exe

C:\Windows\System\McEQhea.exe

C:\Windows\System\McEQhea.exe

C:\Windows\System\FHCvHOk.exe

C:\Windows\System\FHCvHOk.exe

C:\Windows\System\xQMUnMb.exe

C:\Windows\System\xQMUnMb.exe

C:\Windows\System\XfTxrmR.exe

C:\Windows\System\XfTxrmR.exe

C:\Windows\System\fxqXYSw.exe

C:\Windows\System\fxqXYSw.exe

C:\Windows\System\qobYuzd.exe

C:\Windows\System\qobYuzd.exe

C:\Windows\System\zIBqFkE.exe

C:\Windows\System\zIBqFkE.exe

C:\Windows\System\RDoaKxz.exe

C:\Windows\System\RDoaKxz.exe

C:\Windows\System\KTlBHrF.exe

C:\Windows\System\KTlBHrF.exe

C:\Windows\System\IIUaczY.exe

C:\Windows\System\IIUaczY.exe

C:\Windows\System\PzVehHv.exe

C:\Windows\System\PzVehHv.exe

C:\Windows\System\KHFSGbc.exe

C:\Windows\System\KHFSGbc.exe

C:\Windows\System\ziWOXtC.exe

C:\Windows\System\ziWOXtC.exe

C:\Windows\System\GuvhHox.exe

C:\Windows\System\GuvhHox.exe

C:\Windows\System\EcPcRCD.exe

C:\Windows\System\EcPcRCD.exe

C:\Windows\System\fvMfxNL.exe

C:\Windows\System\fvMfxNL.exe

C:\Windows\System\hwmbVTP.exe

C:\Windows\System\hwmbVTP.exe

C:\Windows\System\chhLUuO.exe

C:\Windows\System\chhLUuO.exe

C:\Windows\System\VBcVDil.exe

C:\Windows\System\VBcVDil.exe

C:\Windows\System\RkAPCCD.exe

C:\Windows\System\RkAPCCD.exe

C:\Windows\System\UnniYig.exe

C:\Windows\System\UnniYig.exe

C:\Windows\System\KLRQXza.exe

C:\Windows\System\KLRQXza.exe

C:\Windows\System\MLjNmnv.exe

C:\Windows\System\MLjNmnv.exe

C:\Windows\System\SciMvRo.exe

C:\Windows\System\SciMvRo.exe

C:\Windows\System\fciOTjM.exe

C:\Windows\System\fciOTjM.exe

C:\Windows\System\BURUHQA.exe

C:\Windows\System\BURUHQA.exe

C:\Windows\System\IXRGIca.exe

C:\Windows\System\IXRGIca.exe

C:\Windows\System\OgoiEPg.exe

C:\Windows\System\OgoiEPg.exe

C:\Windows\System\KnXStKA.exe

C:\Windows\System\KnXStKA.exe

C:\Windows\System\Zqthyoz.exe

C:\Windows\System\Zqthyoz.exe

C:\Windows\System\TDPbfne.exe

C:\Windows\System\TDPbfne.exe

C:\Windows\System\tgzfuTg.exe

C:\Windows\System\tgzfuTg.exe

C:\Windows\System\niChKww.exe

C:\Windows\System\niChKww.exe

C:\Windows\System\eUkROju.exe

C:\Windows\System\eUkROju.exe

C:\Windows\System\AkZpndz.exe

C:\Windows\System\AkZpndz.exe

C:\Windows\System\CSbmlyd.exe

C:\Windows\System\CSbmlyd.exe

C:\Windows\System\wljwJQZ.exe

C:\Windows\System\wljwJQZ.exe

C:\Windows\System\EkcpZjk.exe

C:\Windows\System\EkcpZjk.exe

C:\Windows\System\qYbKaqh.exe

C:\Windows\System\qYbKaqh.exe

C:\Windows\System\KQgTzNz.exe

C:\Windows\System\KQgTzNz.exe

C:\Windows\System\FTQlkbU.exe

C:\Windows\System\FTQlkbU.exe

C:\Windows\System\hwslQBO.exe

C:\Windows\System\hwslQBO.exe

C:\Windows\System\JggDsEu.exe

C:\Windows\System\JggDsEu.exe

C:\Windows\System\wdnJpOi.exe

C:\Windows\System\wdnJpOi.exe

C:\Windows\System\DAIAxjO.exe

C:\Windows\System\DAIAxjO.exe

C:\Windows\System\KFHqeUK.exe

C:\Windows\System\KFHqeUK.exe

C:\Windows\System\gvYmvVT.exe

C:\Windows\System\gvYmvVT.exe

C:\Windows\System\bOrnSOc.exe

C:\Windows\System\bOrnSOc.exe

C:\Windows\System\RTEhRqx.exe

C:\Windows\System\RTEhRqx.exe

C:\Windows\System\DMeCZqb.exe

C:\Windows\System\DMeCZqb.exe

C:\Windows\System\tmdqxQm.exe

C:\Windows\System\tmdqxQm.exe

C:\Windows\System\rojQLHc.exe

C:\Windows\System\rojQLHc.exe

C:\Windows\System\YBuXyuS.exe

C:\Windows\System\YBuXyuS.exe

C:\Windows\System\murQZnC.exe

C:\Windows\System\murQZnC.exe

C:\Windows\System\GXucbpA.exe

C:\Windows\System\GXucbpA.exe

C:\Windows\System\uNAURyd.exe

C:\Windows\System\uNAURyd.exe

C:\Windows\System\FtgnYws.exe

C:\Windows\System\FtgnYws.exe

C:\Windows\System\JNZaGrp.exe

C:\Windows\System\JNZaGrp.exe

C:\Windows\System\knSeFJd.exe

C:\Windows\System\knSeFJd.exe

C:\Windows\System\KIoLukz.exe

C:\Windows\System\KIoLukz.exe

C:\Windows\System\xEGNzMh.exe

C:\Windows\System\xEGNzMh.exe

C:\Windows\System\lRtWCHz.exe

C:\Windows\System\lRtWCHz.exe

C:\Windows\System\PiaHMuB.exe

C:\Windows\System\PiaHMuB.exe

C:\Windows\System\OwaZGkb.exe

C:\Windows\System\OwaZGkb.exe

C:\Windows\System\OZsXPrp.exe

C:\Windows\System\OZsXPrp.exe

C:\Windows\System\AbSFUnD.exe

C:\Windows\System\AbSFUnD.exe

C:\Windows\System\ScAFApo.exe

C:\Windows\System\ScAFApo.exe

C:\Windows\System\piMSIlr.exe

C:\Windows\System\piMSIlr.exe

C:\Windows\System\qkqwneg.exe

C:\Windows\System\qkqwneg.exe

C:\Windows\System\twRmTgi.exe

C:\Windows\System\twRmTgi.exe

C:\Windows\System\AgEndJy.exe

C:\Windows\System\AgEndJy.exe

C:\Windows\System\ClXctps.exe

C:\Windows\System\ClXctps.exe

C:\Windows\System\AzntfXN.exe

C:\Windows\System\AzntfXN.exe

C:\Windows\System\FnuDYDI.exe

C:\Windows\System\FnuDYDI.exe

C:\Windows\System\ABkWlyz.exe

C:\Windows\System\ABkWlyz.exe

C:\Windows\System\cLtvJId.exe

C:\Windows\System\cLtvJId.exe

C:\Windows\System\MMjDFRf.exe

C:\Windows\System\MMjDFRf.exe

C:\Windows\System\CNEPdNr.exe

C:\Windows\System\CNEPdNr.exe

C:\Windows\System\mIoxnCi.exe

C:\Windows\System\mIoxnCi.exe

C:\Windows\System\taMtDKR.exe

C:\Windows\System\taMtDKR.exe

C:\Windows\System\rBRpGdJ.exe

C:\Windows\System\rBRpGdJ.exe

C:\Windows\System\kECAIPZ.exe

C:\Windows\System\kECAIPZ.exe

C:\Windows\System\OlkkzHR.exe

C:\Windows\System\OlkkzHR.exe

C:\Windows\System\WGMDxZr.exe

C:\Windows\System\WGMDxZr.exe

C:\Windows\System\EwURqkP.exe

C:\Windows\System\EwURqkP.exe

C:\Windows\System\TvYlTaq.exe

C:\Windows\System\TvYlTaq.exe

C:\Windows\System\whNvvNk.exe

C:\Windows\System\whNvvNk.exe

C:\Windows\System\fdCtvlS.exe

C:\Windows\System\fdCtvlS.exe

C:\Windows\System\SEkIRzG.exe

C:\Windows\System\SEkIRzG.exe

C:\Windows\System\QENNndd.exe

C:\Windows\System\QENNndd.exe

C:\Windows\System\bxNOncB.exe

C:\Windows\System\bxNOncB.exe

C:\Windows\System\GSuIsXp.exe

C:\Windows\System\GSuIsXp.exe

C:\Windows\System\ymMkhPs.exe

C:\Windows\System\ymMkhPs.exe

C:\Windows\System\HfEAwTa.exe

C:\Windows\System\HfEAwTa.exe

C:\Windows\System\tRcJMiZ.exe

C:\Windows\System\tRcJMiZ.exe

C:\Windows\System\ndIjjDF.exe

C:\Windows\System\ndIjjDF.exe

C:\Windows\System\XdgscQW.exe

C:\Windows\System\XdgscQW.exe

C:\Windows\System\DxdPJSb.exe

C:\Windows\System\DxdPJSb.exe

C:\Windows\System\XqPSfcA.exe

C:\Windows\System\XqPSfcA.exe

C:\Windows\System\jFMVzyQ.exe

C:\Windows\System\jFMVzyQ.exe

C:\Windows\System\GqvLtQG.exe

C:\Windows\System\GqvLtQG.exe

C:\Windows\System\HnqZrxT.exe

C:\Windows\System\HnqZrxT.exe

C:\Windows\System\MdHvAAV.exe

C:\Windows\System\MdHvAAV.exe

C:\Windows\System\fvJwZKX.exe

C:\Windows\System\fvJwZKX.exe

C:\Windows\System\EDyLRBO.exe

C:\Windows\System\EDyLRBO.exe

C:\Windows\System\VORUHde.exe

C:\Windows\System\VORUHde.exe

C:\Windows\System\TRkJIYL.exe

C:\Windows\System\TRkJIYL.exe

C:\Windows\System\gkRqDuu.exe

C:\Windows\System\gkRqDuu.exe

C:\Windows\System\ZzPPJpy.exe

C:\Windows\System\ZzPPJpy.exe

C:\Windows\System\wOCgXjg.exe

C:\Windows\System\wOCgXjg.exe

C:\Windows\System\BmHEpNv.exe

C:\Windows\System\BmHEpNv.exe

C:\Windows\System\QITDEuu.exe

C:\Windows\System\QITDEuu.exe

C:\Windows\System\NeSDRzW.exe

C:\Windows\System\NeSDRzW.exe

C:\Windows\System\NJVussl.exe

C:\Windows\System\NJVussl.exe

C:\Windows\System\QUsecEJ.exe

C:\Windows\System\QUsecEJ.exe

C:\Windows\System\bWvujSi.exe

C:\Windows\System\bWvujSi.exe

C:\Windows\System\HBmwMNW.exe

C:\Windows\System\HBmwMNW.exe

C:\Windows\System\OiDYSmM.exe

C:\Windows\System\OiDYSmM.exe

C:\Windows\System\XdKVOhT.exe

C:\Windows\System\XdKVOhT.exe

C:\Windows\System\hXSbXLO.exe

C:\Windows\System\hXSbXLO.exe

C:\Windows\System\Asubjtg.exe

C:\Windows\System\Asubjtg.exe

C:\Windows\System\zYJtfYz.exe

C:\Windows\System\zYJtfYz.exe

C:\Windows\System\rlDMCSG.exe

C:\Windows\System\rlDMCSG.exe

C:\Windows\System\oUtZVbX.exe

C:\Windows\System\oUtZVbX.exe

C:\Windows\System\adhmtcL.exe

C:\Windows\System\adhmtcL.exe

C:\Windows\System\RwqJoJT.exe

C:\Windows\System\RwqJoJT.exe

C:\Windows\System\lnjPtxI.exe

C:\Windows\System\lnjPtxI.exe

C:\Windows\System\XYmKrrZ.exe

C:\Windows\System\XYmKrrZ.exe

C:\Windows\System\lOxqkGf.exe

C:\Windows\System\lOxqkGf.exe

C:\Windows\System\iZZHlra.exe

C:\Windows\System\iZZHlra.exe

C:\Windows\System\nzuCUrV.exe

C:\Windows\System\nzuCUrV.exe

C:\Windows\System\qsZIoSZ.exe

C:\Windows\System\qsZIoSZ.exe

C:\Windows\System\YclYCyh.exe

C:\Windows\System\YclYCyh.exe

C:\Windows\System\NLUgVPq.exe

C:\Windows\System\NLUgVPq.exe

C:\Windows\System\mqNTcBC.exe

C:\Windows\System\mqNTcBC.exe

C:\Windows\System\UhxQFsD.exe

C:\Windows\System\UhxQFsD.exe

C:\Windows\System\oHyVmSN.exe

C:\Windows\System\oHyVmSN.exe

C:\Windows\System\ghOIPLl.exe

C:\Windows\System\ghOIPLl.exe

C:\Windows\System\NWkraeJ.exe

C:\Windows\System\NWkraeJ.exe

C:\Windows\System\HDRkHbg.exe

C:\Windows\System\HDRkHbg.exe

C:\Windows\System\TQgOjsJ.exe

C:\Windows\System\TQgOjsJ.exe

C:\Windows\System\SnROdPF.exe

C:\Windows\System\SnROdPF.exe

C:\Windows\System\eFPwVZS.exe

C:\Windows\System\eFPwVZS.exe

C:\Windows\System\oiDehvY.exe

C:\Windows\System\oiDehvY.exe

C:\Windows\System\SqSntwp.exe

C:\Windows\System\SqSntwp.exe

C:\Windows\System\gxngRzO.exe

C:\Windows\System\gxngRzO.exe

C:\Windows\System\mIOVpeR.exe

C:\Windows\System\mIOVpeR.exe

C:\Windows\System\iDlTyie.exe

C:\Windows\System\iDlTyie.exe

C:\Windows\System\mLkTQLr.exe

C:\Windows\System\mLkTQLr.exe

C:\Windows\System\ofoXRKD.exe

C:\Windows\System\ofoXRKD.exe

C:\Windows\System\mgzQIvq.exe

C:\Windows\System\mgzQIvq.exe

C:\Windows\System\fEuwOct.exe

C:\Windows\System\fEuwOct.exe

C:\Windows\System\UPKXZlP.exe

C:\Windows\System\UPKXZlP.exe

C:\Windows\System\mRAFAaL.exe

C:\Windows\System\mRAFAaL.exe

C:\Windows\System\xzPrVWH.exe

C:\Windows\System\xzPrVWH.exe

C:\Windows\System\OkFiGsh.exe

C:\Windows\System\OkFiGsh.exe

C:\Windows\System\BftDxhM.exe

C:\Windows\System\BftDxhM.exe

C:\Windows\System\BDLIpvV.exe

C:\Windows\System\BDLIpvV.exe

C:\Windows\System\CZAKRko.exe

C:\Windows\System\CZAKRko.exe

C:\Windows\System\PcUxMqP.exe

C:\Windows\System\PcUxMqP.exe

C:\Windows\System\ocnwoKE.exe

C:\Windows\System\ocnwoKE.exe

C:\Windows\System\VTWcEwd.exe

C:\Windows\System\VTWcEwd.exe

C:\Windows\System\CrvAeiP.exe

C:\Windows\System\CrvAeiP.exe

C:\Windows\System\xrfmPoH.exe

C:\Windows\System\xrfmPoH.exe

C:\Windows\System\HNlUMHw.exe

C:\Windows\System\HNlUMHw.exe

C:\Windows\System\DKhRyVt.exe

C:\Windows\System\DKhRyVt.exe

C:\Windows\System\XTqfVaL.exe

C:\Windows\System\XTqfVaL.exe

C:\Windows\System\zLkkDHc.exe

C:\Windows\System\zLkkDHc.exe

C:\Windows\System\vXmOIUf.exe

C:\Windows\System\vXmOIUf.exe

C:\Windows\System\sGNuTBs.exe

C:\Windows\System\sGNuTBs.exe

C:\Windows\System\UyRwTlj.exe

C:\Windows\System\UyRwTlj.exe

C:\Windows\System\IqcjTMd.exe

C:\Windows\System\IqcjTMd.exe

C:\Windows\System\unqmtyv.exe

C:\Windows\System\unqmtyv.exe

C:\Windows\System\GWtfvkW.exe

C:\Windows\System\GWtfvkW.exe

C:\Windows\System\AymUTwY.exe

C:\Windows\System\AymUTwY.exe

C:\Windows\System\CPBluzO.exe

C:\Windows\System\CPBluzO.exe

C:\Windows\System\mNaSHtr.exe

C:\Windows\System\mNaSHtr.exe

C:\Windows\System\lTwSzmg.exe

C:\Windows\System\lTwSzmg.exe

C:\Windows\System\KlRLlWc.exe

C:\Windows\System\KlRLlWc.exe

C:\Windows\System\bXVoNoP.exe

C:\Windows\System\bXVoNoP.exe

C:\Windows\System\lyqjrTb.exe

C:\Windows\System\lyqjrTb.exe

C:\Windows\System\nOAIxLS.exe

C:\Windows\System\nOAIxLS.exe

C:\Windows\System\GhJpZsL.exe

C:\Windows\System\GhJpZsL.exe

C:\Windows\System\KzbKpQH.exe

C:\Windows\System\KzbKpQH.exe

C:\Windows\System\iTloQUL.exe

C:\Windows\System\iTloQUL.exe

C:\Windows\System\YUUKLlF.exe

C:\Windows\System\YUUKLlF.exe

C:\Windows\System\VzJXYQO.exe

C:\Windows\System\VzJXYQO.exe

C:\Windows\System\OsaPefL.exe

C:\Windows\System\OsaPefL.exe

C:\Windows\System\COgRjyG.exe

C:\Windows\System\COgRjyG.exe

C:\Windows\System\JuoyPBd.exe

C:\Windows\System\JuoyPBd.exe

C:\Windows\System\lKvRisY.exe

C:\Windows\System\lKvRisY.exe

C:\Windows\System\WySSADH.exe

C:\Windows\System\WySSADH.exe

C:\Windows\System\wKeWPPA.exe

C:\Windows\System\wKeWPPA.exe

C:\Windows\System\xUDPiPL.exe

C:\Windows\System\xUDPiPL.exe

C:\Windows\System\XSAwGfE.exe

C:\Windows\System\XSAwGfE.exe

C:\Windows\System\AGcWJdV.exe

C:\Windows\System\AGcWJdV.exe

C:\Windows\System\QxDjWln.exe

C:\Windows\System\QxDjWln.exe

C:\Windows\System\VmcGqHu.exe

C:\Windows\System\VmcGqHu.exe

C:\Windows\System\XhyCPES.exe

C:\Windows\System\XhyCPES.exe

C:\Windows\System\oCGjVHe.exe

C:\Windows\System\oCGjVHe.exe

C:\Windows\System\bPOmKuo.exe

C:\Windows\System\bPOmKuo.exe

C:\Windows\System\tDazTHL.exe

C:\Windows\System\tDazTHL.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 216.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

memory/3708-0-0x00007FF67B720000-0x00007FF67BA74000-memory.dmp

memory/3708-1-0x000001FB7C130000-0x000001FB7C140000-memory.dmp

C:\Windows\System\fkHEQGU.exe

MD5 4d46faa3cc9e722334b7ab08d6fbaba7
SHA1 18eb65e4b6526cb468d7cace1716f249ba8accd7
SHA256 222732a56c4015e015c81a96535f1b7e7ce512f6c0d803093c41ea2a771aaa06
SHA512 9811f637ea930dcc13f10388a681dcb5488b518dea11e74ccb77fac2c709bdf1eed217bfb754c489722d1cc4fa4695e1a2b4d3d0e3703e8fe72a2688da6343a3

C:\Windows\System\ngYTTND.exe

MD5 7ea90396217dbf22c50034e4f161c98c
SHA1 1e0cffe3b11437afbb715a18c398ae76643078d8
SHA256 dace4ce7662db6280469e103e81d7c636b1be259634cb8e322f15ed9e606c1db
SHA512 ce049c605ebfc24a2bffae1b10305b58c170e0bb41a52591ab248a31e9acc0d1b8c954279bc06745ee6692a9a3800459879778f91b42cfd08281111fe5be2c79

C:\Windows\System\JYNaEGH.exe

MD5 2b260661bf462b4660e443b23675e279
SHA1 1807ecde0aa9ea897dd260c4b12e421f52510689
SHA256 6bbc931a3c54f01f2081f242639b9720774a5ac51b5c6c658214f3f72b44a11a
SHA512 4606270b30e3a0a115ee29339c5db31ac0260e53f8b3827cbb14da2796740cd6e9230724d251d091dff8003c63e95dbab4b2f5e8862d5392b7ffdc7bb9192cd5

C:\Windows\System\ULickri.exe

MD5 15375d97d4bba3cf19136a21cf7876e1
SHA1 f42aaba9a457d576b61cbb1afd2aebd944f67d3d
SHA256 6e2ca99fc2ee61206c234be2cfd167156cd1a91bccc1e155e841e6d091aed99d
SHA512 8d45bed83726d7839194a471bf24c2dd6e2fa41657ab66d13826cfb7762d5d61062a08baec478e3fd4f99c389403e9128395b8009ea9a77af575efd267ed209b

C:\Windows\System\PRuDHhR.exe

MD5 b650a7832c8ded04aad07dfa8d052f4f
SHA1 29bd276783b647b8c6fc55e6e8419ea58c908118
SHA256 50b809d5f6d0d85fe4bed97876fcfc72ca1aef428ef26afc003635813932d661
SHA512 cb63094132dafcfb3a5c6959ce50e9f9c35809227cfdfdf2c4e81fe4bab8815ae75571e6152709ffabf6d193245bf39f599d3d985d6312c59f063edac723e0dc

C:\Windows\System\jbgxfJj.exe

MD5 499060aa9a1ed36714fa3f29cbff3d81
SHA1 b203d728186f912b430a7fa5ed3709387f7de7e0
SHA256 470c7c3511a19a6383b2141ce84754fcd4d395d9c66bd69b4d2b85536e33e450
SHA512 fc4d772a529fe09049335fe50b4d6d161bc268367738bafbc26b2c2b7a17b09a9f0d948c8b036b38cccbc6216d9d6cbcdf43dfc1c8955581e091476efafcaf51

C:\Windows\System\DHvCuwk.exe

MD5 f8ebefa47709eabd22e8d0c5cc487c93
SHA1 f0a014face8d58553295ff2d3ef64985929e20e9
SHA256 a53f31ecca88da842567826f0fffa4d43930e65b559f60facd2ae4cfa2793f20
SHA512 60d06097c04412620830a7ae162571837bd628fa91099e11f1c715b2236cf2a0f314ca406ac165d5ac9ea183e988bcaea06d7db0da980a6203aa873cc2cce557

C:\Windows\System\oopMpUB.exe

MD5 f7258ed7e0e6f9ac5e0a2127a859b03d
SHA1 8526e2df16df04f8508d97d5b1e2e31e0b5a56a9
SHA256 9434b9c32e0dc71456c1eaa2be7eb66a6849ed8233c22d5e8d5fa062df018119
SHA512 f5ef1b68b4563eb0b6299bb2a275adc57c6f9f40a6aba7dca87ab2579ccc9bad3a001b6623d1722a3afb32f5c61c3d32c936634f9f3b14563dc5fcd0b95be40a

C:\Windows\System\JcIHgqk.exe

MD5 56fa0abede18ce442b7676526ed81a0c
SHA1 1793ffebf09554602dd47e3b370884e3ad195ccd
SHA256 0a2e52726068d0854c1fdd2af62c4648166a218a75a700fdbad0361357f9bbe6
SHA512 c68b2bf845f611a57a15765cdc5382db94828b9bc31ca02b8bac22ba96c660d23beb2f13cca0795e0fe82aca21e84269e1b6ccdb26c55994ffbf145a96d3f591

C:\Windows\System\HVfBEle.exe

MD5 b0c057ae48d51b17c872926f2ced1de2
SHA1 e10f685c48764c19442641aa0515de8e1e56e6b3
SHA256 4a075e236521ab0e0f056037ca9e430bc8a437fc97b4020e48654bc29d58cd8b
SHA512 a379abfd101f8edd499e2bb7e731d568e5259bde0df70107780af53cac91eec84f79cf995ce0ed17944168b2bf652846078f2c317bb07fb24cb46bd2b5e5246c

memory/1176-771-0x00007FF75C760000-0x00007FF75CAB4000-memory.dmp

memory/1332-772-0x00007FF77E130000-0x00007FF77E484000-memory.dmp

memory/968-783-0x00007FF64EA60000-0x00007FF64EDB4000-memory.dmp

memory/2136-787-0x00007FF7476F0000-0x00007FF747A44000-memory.dmp

memory/5028-806-0x00007FF6D11C0000-0x00007FF6D1514000-memory.dmp

memory/3276-817-0x00007FF63B2B0000-0x00007FF63B604000-memory.dmp

memory/4896-845-0x00007FF7C3C10000-0x00007FF7C3F64000-memory.dmp

memory/3364-850-0x00007FF67EDE0000-0x00007FF67F134000-memory.dmp

memory/2032-842-0x00007FF636620000-0x00007FF636974000-memory.dmp

memory/4740-840-0x00007FF731610000-0x00007FF731964000-memory.dmp

memory/1284-834-0x00007FF6284B0000-0x00007FF628804000-memory.dmp

memory/4996-828-0x00007FF651150000-0x00007FF6514A4000-memory.dmp

memory/1832-860-0x00007FF6AE340000-0x00007FF6AE694000-memory.dmp

memory/2644-947-0x00007FF62F940000-0x00007FF62FC94000-memory.dmp

memory/4848-951-0x00007FF6C03D0000-0x00007FF6C0724000-memory.dmp

memory/1628-858-0x00007FF76F950000-0x00007FF76FCA4000-memory.dmp

memory/220-856-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp

memory/3040-800-0x00007FF669F60000-0x00007FF66A2B4000-memory.dmp

memory/184-781-0x00007FF698B00000-0x00007FF698E54000-memory.dmp

C:\Windows\System\BwLYgUE.exe

MD5 0fa1ea1b0c1ebaf96716e184d870c97f
SHA1 1aa6f40b6f180d4d86f78740a1e2439100debfc6
SHA256 131ce58e36511d8626e4b95dcd0a4675dd5c164c19a47297272fde5c10648790
SHA512 6a5dc9c02d0c481593de032e1ee4976e13dbf471f71ada50478de12a5ef6699f65aaa160a3bcfb58a20be221f7957034a1629167379047711f0661919573d29b

C:\Windows\System\cERJbeu.exe

MD5 eb48968c05f1499d96af2e3f12fe3e84
SHA1 e7d5ad259894aa0b8b1ce2848d13ff45b12e982e
SHA256 62912ec9b24d11280cb5078db26b97f673f0a1cae628697905b1b7909bf527ed
SHA512 e6cf8ed8666177b2fb7ebf53d347d3509998127f4c65a96af61447a9e2f77e8171d318b1ab4e253ab1b284c874396c717755d6ff3d21e83d0e44c1a5d58a2f41

C:\Windows\System\lTRivEs.exe

MD5 0056b294b778dd1458752ea81d0d2390
SHA1 f581f28709a2328a7cbef0daa5031a5ea2cbd289
SHA256 c2d449aa230d528cf98336ebcef218d83faea126c190f3b3cf115cddde65f2d8
SHA512 4e828fa2b8a615165556e42052008685503752b30efe7ad253a992391c00b26f74a1c2171244ad3f14642fa771e9e9b881768f0b6140f135c842f88311c433fa

C:\Windows\System\XwSVUDT.exe

MD5 c53967c1b28d8e5a46f72ec3433ec721
SHA1 170f4ccad7a513e9d7f09eaca82f7f6e26e3a2dc
SHA256 60fc125e0542a701fa9caaedf573768edb616c0ea0a28aab3799f21b34b46606
SHA512 da4fef1865e906977a4cdf1572cba6f71c39d81d400700fc1009959f5440f6a5034725bce7ab19bd449d4a1a22fdadb75bba285cce2ff20c59d05836177a7783

C:\Windows\System\PSqZZtG.exe

MD5 ce3e67f42a370491ee5a8be282b9a3d5
SHA1 f842da7a08fb0849e5d5471918a320b1bc2ed136
SHA256 2bec4701e36fa60b043b75072d2bc12b079d49cc4e05709b363114e55db64668
SHA512 61cbd4ae14d9132914ceeaba0e7174ef3b7bc2924c8b2923ba6cfe6fbc245ae069ab2185a89bf9592f55ccddf637ed49d26c73b1c70a848b75ba3c97ffce533c

C:\Windows\System\ByhgdUd.exe

MD5 e22cfbfc15bca8161db9bb4278d626c8
SHA1 7c647c50385e335d6c8b25ca59ddc28813b6ebeb
SHA256 ec8f77c5da49d4006751ff4d0ad18941e1d0bfc8054d9cf66ebd33b6d361b4d5
SHA512 e8d0402f518c2ca28ace3267501e290286f0fe5da6d534718e629c1bbea47780c4ea5b30d34aef3a8192df35905d9f3f58197b5f356094356e7f13c39cd46328

C:\Windows\System\oCzzFit.exe

MD5 8067276ab8d48dc4fc36413c26b89f31
SHA1 efaed8a9cf0c6fd60b910dddb8be88b3ba5285ba
SHA256 b188093889bea266fc89772e8495801ae0081318b4f1c07712af6249223a8e84
SHA512 f954be071017aa03aca4b40b1b1d4c68b338e6577af4b68f6470005b8df13a4c3ed1f1571642cfc5c62acbe712fa8034f3fc68e343211d84eb570e1f1605d8c2

C:\Windows\System\MUyHKTp.exe

MD5 15d61177dee279f7e8e479db5a5bc178
SHA1 fee2d6554fb2890dbf6e91e74c84bc2c1dc86b8f
SHA256 b39c44e32ed73d6eebbdb09b2c0f4b519634feb56cbe6e7eb37bd451de48f89e
SHA512 afd067aa370bd27bae79b0e6737f9acfa765d80ed725df574e67d3474787573851fd877d82c91e10db3d93d8daa6b4d90f8dceda37c67e95fdf6cf64bc1743c9

C:\Windows\System\ackszDV.exe

MD5 26de32985e13110fc78ff7cd3142bf84
SHA1 237ea0cc0aa9e21824b6587f5487561dd352ac86
SHA256 82b8f201b288e718c1754fc595ee9fe724c0420b2c481a6766d73c24be3ace06
SHA512 18b8350642587ed57d4786a8e18af74b6f4dde77832f3dc5c239c16a551648f673f389f1e07740a3089c5405f3cd46e8d27a715bf11f71e858aa54151c8415e6

C:\Windows\System\XNSMOOh.exe

MD5 753a5f81a17cad88b1a177600f76005f
SHA1 a7c69e3c58571aaf8968ad475c24eed220f9bb11
SHA256 a9d693cea6c2a4ac91ac38920d7f40f2529c7f41a288f4a8b7f23b77330e56bb
SHA512 7c55d138bf801b9dd6a6f0e5729339a9b4f5ba019f621d2fb64cad1dd05a49c6da8410b38311e0000753797b46adfe6ff90ad7277a190b6bafb2261eefae7197

C:\Windows\System\eeMtLEr.exe

MD5 0a8411f3ccf42a4ca44653b64f9d33b9
SHA1 997ed4ee0e9673bb0a321ce2e7ef6b4e8502a4b7
SHA256 0f0bfd6bcea6df01b6e71f7dee600c11eef10e6e8e8c4430db25e26ce5043331
SHA512 187d6d48cedcd13b93ce2f38002dcd3e9995078987e2368f825dcc1f24e5f9f8b49dc3e7766d009f552692f92dc7c5b7b724ee7fcb811c2201e4407cfbfc4830

C:\Windows\System\QRjEMVZ.exe

MD5 ae27a667abcebf008da3e5577d0e6e48
SHA1 b8dc6090f5dd401ec81f425ddbe5bc12bf1e0cd6
SHA256 33c6f55d09fafb921ca767dfe31e259f5c97f362a177653008ce3238bfcb5bea
SHA512 e3b9d539a0164e27cd0f7f5de1b44bf1440d24bb7559488e1824877a8a77f74136e390eb2c3de23369f3d88216de375ebbed8b230ea345aeddb8415c5c2c2061

C:\Windows\System\IExRGEW.exe

MD5 3e745f7dddd462e3590b8272cfd669a2
SHA1 e1efb93afcda702ce20b2f779d947b8be152754d
SHA256 6e924e43578b729592d41e1573d27b48c212b769ba3a4fd92a9729d8ac0bf933
SHA512 8531c8630838049cccf12d1b859bb65135624defe1007cee217ebaf50c1b8a96e0a3130eac811ed87ced5502ab2d56e3bb86d325d97827e77bfbdbc23c1c2889

C:\Windows\System\IkzAODM.exe

MD5 90cc39620d7e35d6098f380d1462d9d6
SHA1 980dd1a924ce73f6b2490ace4a97de13ee69b314
SHA256 3d8da9e24d40570b59ce7bf51c8c476191d484dc0c735c3442b0bc19117e087c
SHA512 620fc563547097fed131b9b569d6ab1860db65b6f7c5d150748d74c06cf934c0dca7872c62a6cb38c1656c9f965ba0186f0ada2232ad4feba330d2eb0bcb3aa3

C:\Windows\System\NqtsEZw.exe

MD5 a5aeaadb89af330173b3d20effb3d246
SHA1 d1cbd69d6570d14befe92468d3a6024a138d8eec
SHA256 e43f309e83db776fc6808754db4a4dd9b99498d52483e8db9b7547de60ad94f6
SHA512 85cafedb4df6896d3a74a265bd392248b358e18d8d9930aae87c506c684e58d57c4c26ca013d1f308743f5053b1d931da78c1bb538459cceff588bcfa03da5ef

C:\Windows\System\dNeDmbp.exe

MD5 be6adc1c02ce1cf69c734513e25e1582
SHA1 3ac95e737cd887ea422028f2edc15e295453b0c8
SHA256 cc48028ef2a63a1a06dc4c1d6eac5248c354f8708fcc5943f4d1630e97d7ce79
SHA512 1e205254d218532e3b66a247453bf87ff911933dbe678e7a8b0e692ff4e66f2855b0c0868bf1dee5c9b8da7f9a3cb14515fd2a0d669f9f5ff6f1af210aaf2cca

C:\Windows\System\ySXUofQ.exe

MD5 928b2a21d357b8f970f2963b9fe14377
SHA1 3decc813d18d72cd8298789047f3261b785ac285
SHA256 484f2f55a8ce407b06a63a150830d76b89b9049afbf31fd27f1f4226d5d89922
SHA512 280947e04bd89ef2f768a7265881e03097eae6a0b8523a2b4bfb36378226dfb189c3d34955d78fca405a580f1df615ea52f08f4b2cf05614cfcc21ac6a5b0d7a

C:\Windows\System\chKztFD.exe

MD5 d60f14f30c03eb37fef10371b8c369fb
SHA1 6fe9fbf7fe4b16f12ea3410c7463fd496e11c038
SHA256 59820d178541bcfbcc5831c468b462995c740827e9a106fc54ff71697af8b4cf
SHA512 fa119d6075fe05e2cb75fcd69de0179963c7154246983350ef3ebc78eb012a3adef549402ef89c9e92f3087f7c94665fbd362f9671730759c40fe9997e04ca8c

C:\Windows\System\geaADMg.exe

MD5 0134e9e35522f62adc3aa3ed7ed63d8c
SHA1 6cf385857ef2024b5e8e868416eef24842953404
SHA256 ad053742762fab3605811436560b5f603c78baf5198e1686508bdca6810f4b8a
SHA512 2251c4dc26c88983ea2812648409a5324406167d4548f82b125f1fba60d3086d984b76377d3a5aac1f8f8cff63bd742b5dc3ef63dd6ffdb39fc05c69ee943d20

C:\Windows\System\neVrySn.exe

MD5 a4ac7f85648ac0db95dfb48e463dca97
SHA1 46b659da7f8ef052a1285bead65edeb7e78c1c0d
SHA256 4bb9f516175485db5ddd6525706741888091eb09813f181a4822c83b43504a09
SHA512 b05e6750c8920c388950df04176e866d4e0a218cd4c87fb2673ae8a0e273595aeecb62b6bae344c172fa8c50a0c95838295f0bc96c5f55dd864e73a41bb5e36e

memory/1220-62-0x00007FF61B7C0000-0x00007FF61BB14000-memory.dmp

C:\Windows\System\XdAbqAI.exe

MD5 8f668d4cba3011bd3fea796dc3a8fd9e
SHA1 08fdd7820a4ac50a2735d0a09e436e39fe1cf82e
SHA256 07df9f7ed328af1f8eeda35af6688a298a242104307c4d2ba1eb4ee2e4aeeda2
SHA512 dac567915e1df6582ebcd1c26b0b7f776d6f9634a67461f5db7af148574cd3a05bfddb4a66f64d4d22d928dce12f986d36e0ccd1c8d4ee5a15126401370e039b

memory/4936-59-0x00007FF63C450000-0x00007FF63C7A4000-memory.dmp

memory/4168-56-0x00007FF6BEE10000-0x00007FF6BF164000-memory.dmp

memory/2244-50-0x00007FF7669A0000-0x00007FF766CF4000-memory.dmp

memory/640-41-0x00007FF689430000-0x00007FF689784000-memory.dmp

memory/3572-40-0x00007FF779910000-0x00007FF779C64000-memory.dmp

memory/4404-36-0x00007FF6F52A0000-0x00007FF6F55F4000-memory.dmp

memory/5000-35-0x00007FF7E6B70000-0x00007FF7E6EC4000-memory.dmp

C:\Windows\System\gBmeCVx.exe

MD5 a09fc3df2a0c0120a3eaf3b0900b8352
SHA1 991bb18e55ede4c4eb7acb8634126694d4e149d7
SHA256 a88ec6c6ed724c146ec0f8b4a66f78d0c32f9787e9e31523f5cf8f2c5e10a4f0
SHA512 5ade4a6f0a1b5c9731a7fa6546fc33a8a0a267dc4e404f896faa978705129013955b8b5c795e7678432c775186350e7ab77ac9b4c5c6fc1f2aa91f7536348e74

C:\Windows\System\stwDhph.exe

MD5 c32a7f32bb9050787517e0374353aee4
SHA1 a19faa4b767cd662d95fd7ce2f9ed4b7dcf485e9
SHA256 6cbeb375816aa11ed73f483fe34517acee16b646297939a4f23d5c15b93d54b3
SHA512 72b5b353c73e3af093e5b85f36dd270c8cd94b265329394772835cfe8e2a755712d56a8b63cf05739731049afea64ebf8b98c3c6f1b3317dfb7407f53e5d51dc

memory/624-14-0x00007FF730C80000-0x00007FF730FD4000-memory.dmp

memory/2940-8-0x00007FF616360000-0x00007FF6166B4000-memory.dmp

memory/3708-1070-0x00007FF67B720000-0x00007FF67BA74000-memory.dmp

memory/2940-1071-0x00007FF616360000-0x00007FF6166B4000-memory.dmp

memory/624-1072-0x00007FF730C80000-0x00007FF730FD4000-memory.dmp

memory/640-1073-0x00007FF689430000-0x00007FF689784000-memory.dmp

memory/2244-1074-0x00007FF7669A0000-0x00007FF766CF4000-memory.dmp

memory/4168-1075-0x00007FF6BEE10000-0x00007FF6BF164000-memory.dmp

memory/4936-1076-0x00007FF63C450000-0x00007FF63C7A4000-memory.dmp

memory/1220-1077-0x00007FF61B7C0000-0x00007FF61BB14000-memory.dmp

memory/2940-1078-0x00007FF616360000-0x00007FF6166B4000-memory.dmp

memory/624-1079-0x00007FF730C80000-0x00007FF730FD4000-memory.dmp

memory/5000-1081-0x00007FF7E6B70000-0x00007FF7E6EC4000-memory.dmp

memory/4404-1080-0x00007FF6F52A0000-0x00007FF6F55F4000-memory.dmp

memory/3572-1082-0x00007FF779910000-0x00007FF779C64000-memory.dmp

memory/1220-1086-0x00007FF61B7C0000-0x00007FF61BB14000-memory.dmp

memory/640-1085-0x00007FF689430000-0x00007FF689784000-memory.dmp

memory/1176-1087-0x00007FF75C760000-0x00007FF75CAB4000-memory.dmp

memory/2244-1084-0x00007FF7669A0000-0x00007FF766CF4000-memory.dmp

memory/4168-1083-0x00007FF6BEE10000-0x00007FF6BF164000-memory.dmp

memory/4996-1105-0x00007FF651150000-0x00007FF6514A4000-memory.dmp

memory/3040-1104-0x00007FF669F60000-0x00007FF66A2B4000-memory.dmp

memory/1284-1103-0x00007FF6284B0000-0x00007FF628804000-memory.dmp

memory/4740-1102-0x00007FF731610000-0x00007FF731964000-memory.dmp

memory/4896-1101-0x00007FF7C3C10000-0x00007FF7C3F64000-memory.dmp

memory/2032-1100-0x00007FF636620000-0x00007FF636974000-memory.dmp

memory/220-1099-0x00007FF73A920000-0x00007FF73AC74000-memory.dmp

memory/3364-1098-0x00007FF67EDE0000-0x00007FF67F134000-memory.dmp

memory/1832-1097-0x00007FF6AE340000-0x00007FF6AE694000-memory.dmp

memory/1628-1096-0x00007FF76F950000-0x00007FF76FCA4000-memory.dmp

memory/2644-1095-0x00007FF62F940000-0x00007FF62FC94000-memory.dmp

memory/4848-1094-0x00007FF6C03D0000-0x00007FF6C0724000-memory.dmp

memory/1332-1093-0x00007FF77E130000-0x00007FF77E484000-memory.dmp

memory/184-1092-0x00007FF698B00000-0x00007FF698E54000-memory.dmp

memory/968-1091-0x00007FF64EA60000-0x00007FF64EDB4000-memory.dmp

memory/2136-1090-0x00007FF7476F0000-0x00007FF747A44000-memory.dmp

memory/5028-1089-0x00007FF6D11C0000-0x00007FF6D1514000-memory.dmp

memory/4936-1088-0x00007FF63C450000-0x00007FF63C7A4000-memory.dmp

memory/3276-1106-0x00007FF63B2B0000-0x00007FF63B604000-memory.dmp