Malware Analysis Report

2024-10-16 07:50

Sample ID 240530-kn1dqscb9z
Target 3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe
SHA256 460c5981839e93af1f08d752777b3722d0cbf0c5081ddb80df470d70986c47d5
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

460c5981839e93af1f08d752777b3722d0cbf0c5081ddb80df470d70986c47d5

Threat Level: Known bad

The file 3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

xmrig

KPOT Core Executable

Kpot family

XMRig Miner payload

Xmrig family

KPOT

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 08:45

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 08:45

Reported

2024-05-30 08:48

Platform

win7-20240221-en

Max time kernel

126s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\NwYnSMj.exe N/A
N/A N/A C:\Windows\System\SfmbJxL.exe N/A
N/A N/A C:\Windows\System\PkjYiJa.exe N/A
N/A N/A C:\Windows\System\DYjiljZ.exe N/A
N/A N/A C:\Windows\System\ElJAleR.exe N/A
N/A N/A C:\Windows\System\OkUFnZO.exe N/A
N/A N/A C:\Windows\System\bQTnVem.exe N/A
N/A N/A C:\Windows\System\qEcZZoJ.exe N/A
N/A N/A C:\Windows\System\OyylEZu.exe N/A
N/A N/A C:\Windows\System\FPIfIkJ.exe N/A
N/A N/A C:\Windows\System\fYgnnNI.exe N/A
N/A N/A C:\Windows\System\cEmSRkE.exe N/A
N/A N/A C:\Windows\System\ifOHkSQ.exe N/A
N/A N/A C:\Windows\System\kbfWMMJ.exe N/A
N/A N/A C:\Windows\System\tGdakWW.exe N/A
N/A N/A C:\Windows\System\gGyVQZW.exe N/A
N/A N/A C:\Windows\System\FLXFVBQ.exe N/A
N/A N/A C:\Windows\System\NYoASCz.exe N/A
N/A N/A C:\Windows\System\uSUPOHM.exe N/A
N/A N/A C:\Windows\System\YJlCbRr.exe N/A
N/A N/A C:\Windows\System\BQQLlYQ.exe N/A
N/A N/A C:\Windows\System\oxTboSb.exe N/A
N/A N/A C:\Windows\System\zPtoBCM.exe N/A
N/A N/A C:\Windows\System\xOwCYGv.exe N/A
N/A N/A C:\Windows\System\sixjYUi.exe N/A
N/A N/A C:\Windows\System\qZwAtzi.exe N/A
N/A N/A C:\Windows\System\gkNybvs.exe N/A
N/A N/A C:\Windows\System\kSIIuGf.exe N/A
N/A N/A C:\Windows\System\ksMjcJh.exe N/A
N/A N/A C:\Windows\System\rKwBsRa.exe N/A
N/A N/A C:\Windows\System\BYdiwcn.exe N/A
N/A N/A C:\Windows\System\zcpkCLM.exe N/A
N/A N/A C:\Windows\System\UixhETR.exe N/A
N/A N/A C:\Windows\System\wCeTdgM.exe N/A
N/A N/A C:\Windows\System\rcNvGGN.exe N/A
N/A N/A C:\Windows\System\jQmvZDR.exe N/A
N/A N/A C:\Windows\System\pwIqhzF.exe N/A
N/A N/A C:\Windows\System\YEMjvsc.exe N/A
N/A N/A C:\Windows\System\VfGCLva.exe N/A
N/A N/A C:\Windows\System\mxrLdsd.exe N/A
N/A N/A C:\Windows\System\RcjqZAK.exe N/A
N/A N/A C:\Windows\System\fGNwpyh.exe N/A
N/A N/A C:\Windows\System\gKeVyGy.exe N/A
N/A N/A C:\Windows\System\oSsfDdh.exe N/A
N/A N/A C:\Windows\System\RGlwwdc.exe N/A
N/A N/A C:\Windows\System\eguFOUx.exe N/A
N/A N/A C:\Windows\System\yMYqhsv.exe N/A
N/A N/A C:\Windows\System\AZKtNRT.exe N/A
N/A N/A C:\Windows\System\bSeOPVI.exe N/A
N/A N/A C:\Windows\System\ajFlPmx.exe N/A
N/A N/A C:\Windows\System\tSAFZMd.exe N/A
N/A N/A C:\Windows\System\bMVGQqV.exe N/A
N/A N/A C:\Windows\System\wwsCYiS.exe N/A
N/A N/A C:\Windows\System\tRgKbsN.exe N/A
N/A N/A C:\Windows\System\frIUUrB.exe N/A
N/A N/A C:\Windows\System\uaEBmjM.exe N/A
N/A N/A C:\Windows\System\RaCsfyT.exe N/A
N/A N/A C:\Windows\System\mZjkGKg.exe N/A
N/A N/A C:\Windows\System\bCFkBsm.exe N/A
N/A N/A C:\Windows\System\XJNuXem.exe N/A
N/A N/A C:\Windows\System\pLeadfn.exe N/A
N/A N/A C:\Windows\System\wORPCYa.exe N/A
N/A N/A C:\Windows\System\QwGECrs.exe N/A
N/A N/A C:\Windows\System\eIucvTV.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JQYaZaz.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BapozNI.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dVODzBv.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuQvrbh.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEmmgVu.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUNvkWz.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGujdTO.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OLmaEhQ.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJlCbRr.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\juSdvvv.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqNSklG.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACgExXX.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VkTZfCK.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwMhBFR.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsgSpnA.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgpusYa.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzyDtnG.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKUfqzq.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHcxTgm.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGUimqj.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UAlBaZU.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVbUUUU.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjByeVd.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbOPhhR.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hsUPAXY.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXhwvsw.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymQHmyg.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHbWwIa.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNpmnHK.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozlUhxA.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMFrPhk.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gGyVQZW.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MAULZiV.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICHAVWu.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tQSaMlG.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WrGIMCA.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZDipbY.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\omjrgPC.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\slaprNl.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCeTdgM.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RGlwwdc.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCFkBsm.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsswHzg.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cqTXPzL.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKnhVhR.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNgMCec.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnlwCru.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbOosMF.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaEBmjM.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRoslPh.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tRgKbsN.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgSLSWL.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUWUcPJ.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGdakWW.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LaDVlhS.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcIiGTS.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeSLJyX.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLXFVBQ.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQQLlYQ.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQtMoTs.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EhsrTej.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yNcgFnL.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbDLMOo.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\APbUCiU.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3048 wrote to memory of 476 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NwYnSMj.exe
PID 3048 wrote to memory of 476 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NwYnSMj.exe
PID 3048 wrote to memory of 476 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NwYnSMj.exe
PID 3048 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\SfmbJxL.exe
PID 3048 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\SfmbJxL.exe
PID 3048 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\SfmbJxL.exe
PID 3048 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\PkjYiJa.exe
PID 3048 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\PkjYiJa.exe
PID 3048 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\PkjYiJa.exe
PID 3048 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\DYjiljZ.exe
PID 3048 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\DYjiljZ.exe
PID 3048 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\DYjiljZ.exe
PID 3048 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ElJAleR.exe
PID 3048 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ElJAleR.exe
PID 3048 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ElJAleR.exe
PID 3048 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OkUFnZO.exe
PID 3048 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OkUFnZO.exe
PID 3048 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OkUFnZO.exe
PID 3048 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\bQTnVem.exe
PID 3048 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\bQTnVem.exe
PID 3048 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\bQTnVem.exe
PID 3048 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\qEcZZoJ.exe
PID 3048 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\qEcZZoJ.exe
PID 3048 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\qEcZZoJ.exe
PID 3048 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OyylEZu.exe
PID 3048 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OyylEZu.exe
PID 3048 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\OyylEZu.exe
PID 3048 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FPIfIkJ.exe
PID 3048 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FPIfIkJ.exe
PID 3048 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FPIfIkJ.exe
PID 3048 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\fYgnnNI.exe
PID 3048 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\fYgnnNI.exe
PID 3048 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\fYgnnNI.exe
PID 3048 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\cEmSRkE.exe
PID 3048 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\cEmSRkE.exe
PID 3048 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\cEmSRkE.exe
PID 3048 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ifOHkSQ.exe
PID 3048 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ifOHkSQ.exe
PID 3048 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ifOHkSQ.exe
PID 3048 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\kbfWMMJ.exe
PID 3048 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\kbfWMMJ.exe
PID 3048 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\kbfWMMJ.exe
PID 3048 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\tGdakWW.exe
PID 3048 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\tGdakWW.exe
PID 3048 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\tGdakWW.exe
PID 3048 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\gGyVQZW.exe
PID 3048 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\gGyVQZW.exe
PID 3048 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\gGyVQZW.exe
PID 3048 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FLXFVBQ.exe
PID 3048 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FLXFVBQ.exe
PID 3048 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FLXFVBQ.exe
PID 3048 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NYoASCz.exe
PID 3048 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NYoASCz.exe
PID 3048 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NYoASCz.exe
PID 3048 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\uSUPOHM.exe
PID 3048 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\uSUPOHM.exe
PID 3048 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\uSUPOHM.exe
PID 3048 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\YJlCbRr.exe
PID 3048 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\YJlCbRr.exe
PID 3048 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\YJlCbRr.exe
PID 3048 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\BQQLlYQ.exe
PID 3048 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\BQQLlYQ.exe
PID 3048 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\BQQLlYQ.exe
PID 3048 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\oxTboSb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe"

C:\Windows\System\NwYnSMj.exe

C:\Windows\System\NwYnSMj.exe

C:\Windows\System\SfmbJxL.exe

C:\Windows\System\SfmbJxL.exe

C:\Windows\System\PkjYiJa.exe

C:\Windows\System\PkjYiJa.exe

C:\Windows\System\DYjiljZ.exe

C:\Windows\System\DYjiljZ.exe

C:\Windows\System\ElJAleR.exe

C:\Windows\System\ElJAleR.exe

C:\Windows\System\OkUFnZO.exe

C:\Windows\System\OkUFnZO.exe

C:\Windows\System\bQTnVem.exe

C:\Windows\System\bQTnVem.exe

C:\Windows\System\qEcZZoJ.exe

C:\Windows\System\qEcZZoJ.exe

C:\Windows\System\OyylEZu.exe

C:\Windows\System\OyylEZu.exe

C:\Windows\System\FPIfIkJ.exe

C:\Windows\System\FPIfIkJ.exe

C:\Windows\System\fYgnnNI.exe

C:\Windows\System\fYgnnNI.exe

C:\Windows\System\cEmSRkE.exe

C:\Windows\System\cEmSRkE.exe

C:\Windows\System\ifOHkSQ.exe

C:\Windows\System\ifOHkSQ.exe

C:\Windows\System\kbfWMMJ.exe

C:\Windows\System\kbfWMMJ.exe

C:\Windows\System\tGdakWW.exe

C:\Windows\System\tGdakWW.exe

C:\Windows\System\gGyVQZW.exe

C:\Windows\System\gGyVQZW.exe

C:\Windows\System\FLXFVBQ.exe

C:\Windows\System\FLXFVBQ.exe

C:\Windows\System\NYoASCz.exe

C:\Windows\System\NYoASCz.exe

C:\Windows\System\uSUPOHM.exe

C:\Windows\System\uSUPOHM.exe

C:\Windows\System\YJlCbRr.exe

C:\Windows\System\YJlCbRr.exe

C:\Windows\System\BQQLlYQ.exe

C:\Windows\System\BQQLlYQ.exe

C:\Windows\System\oxTboSb.exe

C:\Windows\System\oxTboSb.exe

C:\Windows\System\zPtoBCM.exe

C:\Windows\System\zPtoBCM.exe

C:\Windows\System\xOwCYGv.exe

C:\Windows\System\xOwCYGv.exe

C:\Windows\System\sixjYUi.exe

C:\Windows\System\sixjYUi.exe

C:\Windows\System\kSIIuGf.exe

C:\Windows\System\kSIIuGf.exe

C:\Windows\System\qZwAtzi.exe

C:\Windows\System\qZwAtzi.exe

C:\Windows\System\ksMjcJh.exe

C:\Windows\System\ksMjcJh.exe

C:\Windows\System\gkNybvs.exe

C:\Windows\System\gkNybvs.exe

C:\Windows\System\rKwBsRa.exe

C:\Windows\System\rKwBsRa.exe

C:\Windows\System\BYdiwcn.exe

C:\Windows\System\BYdiwcn.exe

C:\Windows\System\zcpkCLM.exe

C:\Windows\System\zcpkCLM.exe

C:\Windows\System\UixhETR.exe

C:\Windows\System\UixhETR.exe

C:\Windows\System\wCeTdgM.exe

C:\Windows\System\wCeTdgM.exe

C:\Windows\System\rcNvGGN.exe

C:\Windows\System\rcNvGGN.exe

C:\Windows\System\jQmvZDR.exe

C:\Windows\System\jQmvZDR.exe

C:\Windows\System\pwIqhzF.exe

C:\Windows\System\pwIqhzF.exe

C:\Windows\System\YEMjvsc.exe

C:\Windows\System\YEMjvsc.exe

C:\Windows\System\VfGCLva.exe

C:\Windows\System\VfGCLva.exe

C:\Windows\System\gKeVyGy.exe

C:\Windows\System\gKeVyGy.exe

C:\Windows\System\mxrLdsd.exe

C:\Windows\System\mxrLdsd.exe

C:\Windows\System\RGlwwdc.exe

C:\Windows\System\RGlwwdc.exe

C:\Windows\System\RcjqZAK.exe

C:\Windows\System\RcjqZAK.exe

C:\Windows\System\eguFOUx.exe

C:\Windows\System\eguFOUx.exe

C:\Windows\System\fGNwpyh.exe

C:\Windows\System\fGNwpyh.exe

C:\Windows\System\yMYqhsv.exe

C:\Windows\System\yMYqhsv.exe

C:\Windows\System\oSsfDdh.exe

C:\Windows\System\oSsfDdh.exe

C:\Windows\System\AZKtNRT.exe

C:\Windows\System\AZKtNRT.exe

C:\Windows\System\bSeOPVI.exe

C:\Windows\System\bSeOPVI.exe

C:\Windows\System\bMVGQqV.exe

C:\Windows\System\bMVGQqV.exe

C:\Windows\System\ajFlPmx.exe

C:\Windows\System\ajFlPmx.exe

C:\Windows\System\frIUUrB.exe

C:\Windows\System\frIUUrB.exe

C:\Windows\System\tSAFZMd.exe

C:\Windows\System\tSAFZMd.exe

C:\Windows\System\RaCsfyT.exe

C:\Windows\System\RaCsfyT.exe

C:\Windows\System\wwsCYiS.exe

C:\Windows\System\wwsCYiS.exe

C:\Windows\System\mZjkGKg.exe

C:\Windows\System\mZjkGKg.exe

C:\Windows\System\tRgKbsN.exe

C:\Windows\System\tRgKbsN.exe

C:\Windows\System\bCFkBsm.exe

C:\Windows\System\bCFkBsm.exe

C:\Windows\System\uaEBmjM.exe

C:\Windows\System\uaEBmjM.exe

C:\Windows\System\XJNuXem.exe

C:\Windows\System\XJNuXem.exe

C:\Windows\System\pLeadfn.exe

C:\Windows\System\pLeadfn.exe

C:\Windows\System\wORPCYa.exe

C:\Windows\System\wORPCYa.exe

C:\Windows\System\QwGECrs.exe

C:\Windows\System\QwGECrs.exe

C:\Windows\System\eIucvTV.exe

C:\Windows\System\eIucvTV.exe

C:\Windows\System\WPELzlE.exe

C:\Windows\System\WPELzlE.exe

C:\Windows\System\awuotyk.exe

C:\Windows\System\awuotyk.exe

C:\Windows\System\jqwAkdE.exe

C:\Windows\System\jqwAkdE.exe

C:\Windows\System\oKnhVhR.exe

C:\Windows\System\oKnhVhR.exe

C:\Windows\System\xdjhPWj.exe

C:\Windows\System\xdjhPWj.exe

C:\Windows\System\FWfxjZq.exe

C:\Windows\System\FWfxjZq.exe

C:\Windows\System\LaDVlhS.exe

C:\Windows\System\LaDVlhS.exe

C:\Windows\System\AUmIpdg.exe

C:\Windows\System\AUmIpdg.exe

C:\Windows\System\VycvHWC.exe

C:\Windows\System\VycvHWC.exe

C:\Windows\System\nVvEomw.exe

C:\Windows\System\nVvEomw.exe

C:\Windows\System\JNjRIIT.exe

C:\Windows\System\JNjRIIT.exe

C:\Windows\System\upYgXJd.exe

C:\Windows\System\upYgXJd.exe

C:\Windows\System\kcJchwq.exe

C:\Windows\System\kcJchwq.exe

C:\Windows\System\jdEvJXH.exe

C:\Windows\System\jdEvJXH.exe

C:\Windows\System\IqGQYYS.exe

C:\Windows\System\IqGQYYS.exe

C:\Windows\System\WrUQVSE.exe

C:\Windows\System\WrUQVSE.exe

C:\Windows\System\dVODzBv.exe

C:\Windows\System\dVODzBv.exe

C:\Windows\System\XQCAWzd.exe

C:\Windows\System\XQCAWzd.exe

C:\Windows\System\lJNDReY.exe

C:\Windows\System\lJNDReY.exe

C:\Windows\System\ihyNjVD.exe

C:\Windows\System\ihyNjVD.exe

C:\Windows\System\TCWBmHm.exe

C:\Windows\System\TCWBmHm.exe

C:\Windows\System\jOtRhFN.exe

C:\Windows\System\jOtRhFN.exe

C:\Windows\System\MABOouy.exe

C:\Windows\System\MABOouy.exe

C:\Windows\System\sOkcogq.exe

C:\Windows\System\sOkcogq.exe

C:\Windows\System\KNgMCec.exe

C:\Windows\System\KNgMCec.exe

C:\Windows\System\aAChvkr.exe

C:\Windows\System\aAChvkr.exe

C:\Windows\System\juSdvvv.exe

C:\Windows\System\juSdvvv.exe

C:\Windows\System\ikjgQeu.exe

C:\Windows\System\ikjgQeu.exe

C:\Windows\System\ELuyPlD.exe

C:\Windows\System\ELuyPlD.exe

C:\Windows\System\vQGVYJj.exe

C:\Windows\System\vQGVYJj.exe

C:\Windows\System\IbOPhhR.exe

C:\Windows\System\IbOPhhR.exe

C:\Windows\System\pbcNSch.exe

C:\Windows\System\pbcNSch.exe

C:\Windows\System\xZtTWVg.exe

C:\Windows\System\xZtTWVg.exe

C:\Windows\System\hsUPAXY.exe

C:\Windows\System\hsUPAXY.exe

C:\Windows\System\MrUOyod.exe

C:\Windows\System\MrUOyod.exe

C:\Windows\System\wzewxui.exe

C:\Windows\System\wzewxui.exe

C:\Windows\System\pXhwvsw.exe

C:\Windows\System\pXhwvsw.exe

C:\Windows\System\EHcxTgm.exe

C:\Windows\System\EHcxTgm.exe

C:\Windows\System\TmZFGpB.exe

C:\Windows\System\TmZFGpB.exe

C:\Windows\System\PbxUIZj.exe

C:\Windows\System\PbxUIZj.exe

C:\Windows\System\qyVtfkZ.exe

C:\Windows\System\qyVtfkZ.exe

C:\Windows\System\XbDLMOo.exe

C:\Windows\System\XbDLMOo.exe

C:\Windows\System\CHmYSKm.exe

C:\Windows\System\CHmYSKm.exe

C:\Windows\System\WiUXrXi.exe

C:\Windows\System\WiUXrXi.exe

C:\Windows\System\ibSxTpP.exe

C:\Windows\System\ibSxTpP.exe

C:\Windows\System\MAULZiV.exe

C:\Windows\System\MAULZiV.exe

C:\Windows\System\MSdhIPC.exe

C:\Windows\System\MSdhIPC.exe

C:\Windows\System\hcIiGTS.exe

C:\Windows\System\hcIiGTS.exe

C:\Windows\System\jEtPiCN.exe

C:\Windows\System\jEtPiCN.exe

C:\Windows\System\xJRditZ.exe

C:\Windows\System\xJRditZ.exe

C:\Windows\System\bEUhNeg.exe

C:\Windows\System\bEUhNeg.exe

C:\Windows\System\JuxNgnf.exe

C:\Windows\System\JuxNgnf.exe

C:\Windows\System\KmuNeXX.exe

C:\Windows\System\KmuNeXX.exe

C:\Windows\System\UfRBJlD.exe

C:\Windows\System\UfRBJlD.exe

C:\Windows\System\ujixJRU.exe

C:\Windows\System\ujixJRU.exe

C:\Windows\System\iqNSklG.exe

C:\Windows\System\iqNSklG.exe

C:\Windows\System\VCGXUFo.exe

C:\Windows\System\VCGXUFo.exe

C:\Windows\System\zDqKuCT.exe

C:\Windows\System\zDqKuCT.exe

C:\Windows\System\VSybcDp.exe

C:\Windows\System\VSybcDp.exe

C:\Windows\System\jzHYuOv.exe

C:\Windows\System\jzHYuOv.exe

C:\Windows\System\Zowevnw.exe

C:\Windows\System\Zowevnw.exe

C:\Windows\System\iClIdOz.exe

C:\Windows\System\iClIdOz.exe

C:\Windows\System\CvfvJlH.exe

C:\Windows\System\CvfvJlH.exe

C:\Windows\System\nqZDTHf.exe

C:\Windows\System\nqZDTHf.exe

C:\Windows\System\TRoslPh.exe

C:\Windows\System\TRoslPh.exe

C:\Windows\System\AOqUNzW.exe

C:\Windows\System\AOqUNzW.exe

C:\Windows\System\NGUimqj.exe

C:\Windows\System\NGUimqj.exe

C:\Windows\System\VdHwmWw.exe

C:\Windows\System\VdHwmWw.exe

C:\Windows\System\ACgExXX.exe

C:\Windows\System\ACgExXX.exe

C:\Windows\System\VBHukyO.exe

C:\Windows\System\VBHukyO.exe

C:\Windows\System\wbwxHeU.exe

C:\Windows\System\wbwxHeU.exe

C:\Windows\System\kafbdmQ.exe

C:\Windows\System\kafbdmQ.exe

C:\Windows\System\nwMhBFR.exe

C:\Windows\System\nwMhBFR.exe

C:\Windows\System\wQtMoTs.exe

C:\Windows\System\wQtMoTs.exe

C:\Windows\System\hzpYiLw.exe

C:\Windows\System\hzpYiLw.exe

C:\Windows\System\IMYnjDm.exe

C:\Windows\System\IMYnjDm.exe

C:\Windows\System\ICHAVWu.exe

C:\Windows\System\ICHAVWu.exe

C:\Windows\System\naDxAIx.exe

C:\Windows\System\naDxAIx.exe

C:\Windows\System\cxxsGLB.exe

C:\Windows\System\cxxsGLB.exe

C:\Windows\System\eNZvfYL.exe

C:\Windows\System\eNZvfYL.exe

C:\Windows\System\VrWaHzZ.exe

C:\Windows\System\VrWaHzZ.exe

C:\Windows\System\OKfGfnb.exe

C:\Windows\System\OKfGfnb.exe

C:\Windows\System\zXBaiER.exe

C:\Windows\System\zXBaiER.exe

C:\Windows\System\cgkoYWl.exe

C:\Windows\System\cgkoYWl.exe

C:\Windows\System\WuQvrbh.exe

C:\Windows\System\WuQvrbh.exe

C:\Windows\System\FEdkYKz.exe

C:\Windows\System\FEdkYKz.exe

C:\Windows\System\MRrFIXT.exe

C:\Windows\System\MRrFIXT.exe

C:\Windows\System\tQSaMlG.exe

C:\Windows\System\tQSaMlG.exe

C:\Windows\System\JMpSWRu.exe

C:\Windows\System\JMpSWRu.exe

C:\Windows\System\VIngYKR.exe

C:\Windows\System\VIngYKR.exe

C:\Windows\System\JBXQSzE.exe

C:\Windows\System\JBXQSzE.exe

C:\Windows\System\vECqahV.exe

C:\Windows\System\vECqahV.exe

C:\Windows\System\plKdUWL.exe

C:\Windows\System\plKdUWL.exe

C:\Windows\System\XpdKRez.exe

C:\Windows\System\XpdKRez.exe

C:\Windows\System\XxPFZrO.exe

C:\Windows\System\XxPFZrO.exe

C:\Windows\System\JnqFuYY.exe

C:\Windows\System\JnqFuYY.exe

C:\Windows\System\fjeOZwS.exe

C:\Windows\System\fjeOZwS.exe

C:\Windows\System\YjQSeFR.exe

C:\Windows\System\YjQSeFR.exe

C:\Windows\System\bgSLSWL.exe

C:\Windows\System\bgSLSWL.exe

C:\Windows\System\BBveEPS.exe

C:\Windows\System\BBveEPS.exe

C:\Windows\System\XjGptwI.exe

C:\Windows\System\XjGptwI.exe

C:\Windows\System\YJhYeSw.exe

C:\Windows\System\YJhYeSw.exe

C:\Windows\System\tRMxXcn.exe

C:\Windows\System\tRMxXcn.exe

C:\Windows\System\rukCLox.exe

C:\Windows\System\rukCLox.exe

C:\Windows\System\TSTUTSL.exe

C:\Windows\System\TSTUTSL.exe

C:\Windows\System\rJYUQPB.exe

C:\Windows\System\rJYUQPB.exe

C:\Windows\System\lMABXBz.exe

C:\Windows\System\lMABXBz.exe

C:\Windows\System\qkKSuAL.exe

C:\Windows\System\qkKSuAL.exe

C:\Windows\System\XCWZmtx.exe

C:\Windows\System\XCWZmtx.exe

C:\Windows\System\qfdNLhK.exe

C:\Windows\System\qfdNLhK.exe

C:\Windows\System\cpcOrDL.exe

C:\Windows\System\cpcOrDL.exe

C:\Windows\System\AZceQYd.exe

C:\Windows\System\AZceQYd.exe

C:\Windows\System\YVmkDFM.exe

C:\Windows\System\YVmkDFM.exe

C:\Windows\System\iIfrYTD.exe

C:\Windows\System\iIfrYTD.exe

C:\Windows\System\tOZLTDM.exe

C:\Windows\System\tOZLTDM.exe

C:\Windows\System\bRoLuCT.exe

C:\Windows\System\bRoLuCT.exe

C:\Windows\System\EhsrTej.exe

C:\Windows\System\EhsrTej.exe

C:\Windows\System\rQZCBjC.exe

C:\Windows\System\rQZCBjC.exe

C:\Windows\System\FyGMpoZ.exe

C:\Windows\System\FyGMpoZ.exe

C:\Windows\System\oMVDPEh.exe

C:\Windows\System\oMVDPEh.exe

C:\Windows\System\SCtBPnR.exe

C:\Windows\System\SCtBPnR.exe

C:\Windows\System\GBzrUot.exe

C:\Windows\System\GBzrUot.exe

C:\Windows\System\PvewTyQ.exe

C:\Windows\System\PvewTyQ.exe

C:\Windows\System\TFpugfW.exe

C:\Windows\System\TFpugfW.exe

C:\Windows\System\wGuYNqP.exe

C:\Windows\System\wGuYNqP.exe

C:\Windows\System\gFexVWT.exe

C:\Windows\System\gFexVWT.exe

C:\Windows\System\dBxHiMC.exe

C:\Windows\System\dBxHiMC.exe

C:\Windows\System\jCOMYLa.exe

C:\Windows\System\jCOMYLa.exe

C:\Windows\System\xLmtegc.exe

C:\Windows\System\xLmtegc.exe

C:\Windows\System\xPESuze.exe

C:\Windows\System\xPESuze.exe

C:\Windows\System\JQYaZaz.exe

C:\Windows\System\JQYaZaz.exe

C:\Windows\System\mzdEqLO.exe

C:\Windows\System\mzdEqLO.exe

C:\Windows\System\ZZoygfj.exe

C:\Windows\System\ZZoygfj.exe

C:\Windows\System\xbBjURd.exe

C:\Windows\System\xbBjURd.exe

C:\Windows\System\cMuZbcW.exe

C:\Windows\System\cMuZbcW.exe

C:\Windows\System\iKzYVLx.exe

C:\Windows\System\iKzYVLx.exe

C:\Windows\System\WrGIMCA.exe

C:\Windows\System\WrGIMCA.exe

C:\Windows\System\HBKnswZ.exe

C:\Windows\System\HBKnswZ.exe

C:\Windows\System\ELirrJJ.exe

C:\Windows\System\ELirrJJ.exe

C:\Windows\System\WIVGsrb.exe

C:\Windows\System\WIVGsrb.exe

C:\Windows\System\aVNDxDT.exe

C:\Windows\System\aVNDxDT.exe

C:\Windows\System\YPnXtiV.exe

C:\Windows\System\YPnXtiV.exe

C:\Windows\System\EsswHzg.exe

C:\Windows\System\EsswHzg.exe

C:\Windows\System\PgVDYhk.exe

C:\Windows\System\PgVDYhk.exe

C:\Windows\System\OQbNKvW.exe

C:\Windows\System\OQbNKvW.exe

C:\Windows\System\cqTXPzL.exe

C:\Windows\System\cqTXPzL.exe

C:\Windows\System\ymQHmyg.exe

C:\Windows\System\ymQHmyg.exe

C:\Windows\System\OCzALGn.exe

C:\Windows\System\OCzALGn.exe

C:\Windows\System\Abhesal.exe

C:\Windows\System\Abhesal.exe

C:\Windows\System\YxavFck.exe

C:\Windows\System\YxavFck.exe

C:\Windows\System\BapozNI.exe

C:\Windows\System\BapozNI.exe

C:\Windows\System\kDMxwOz.exe

C:\Windows\System\kDMxwOz.exe

C:\Windows\System\sCSErGX.exe

C:\Windows\System\sCSErGX.exe

C:\Windows\System\GZCSJkD.exe

C:\Windows\System\GZCSJkD.exe

C:\Windows\System\OxreIuD.exe

C:\Windows\System\OxreIuD.exe

C:\Windows\System\VEEortU.exe

C:\Windows\System\VEEortU.exe

C:\Windows\System\ZItOIDQ.exe

C:\Windows\System\ZItOIDQ.exe

C:\Windows\System\jWBXdMH.exe

C:\Windows\System\jWBXdMH.exe

C:\Windows\System\tnaPwMa.exe

C:\Windows\System\tnaPwMa.exe

C:\Windows\System\YBzXjoj.exe

C:\Windows\System\YBzXjoj.exe

C:\Windows\System\gJMCTNP.exe

C:\Windows\System\gJMCTNP.exe

C:\Windows\System\yNcgFnL.exe

C:\Windows\System\yNcgFnL.exe

C:\Windows\System\UmanCYK.exe

C:\Windows\System\UmanCYK.exe

C:\Windows\System\miWcZCa.exe

C:\Windows\System\miWcZCa.exe

C:\Windows\System\HUWUcPJ.exe

C:\Windows\System\HUWUcPJ.exe

C:\Windows\System\APbUCiU.exe

C:\Windows\System\APbUCiU.exe

C:\Windows\System\UAlBaZU.exe

C:\Windows\System\UAlBaZU.exe

C:\Windows\System\yHyCxTl.exe

C:\Windows\System\yHyCxTl.exe

C:\Windows\System\kKnneOt.exe

C:\Windows\System\kKnneOt.exe

C:\Windows\System\VUlAUAq.exe

C:\Windows\System\VUlAUAq.exe

C:\Windows\System\qrFFlnB.exe

C:\Windows\System\qrFFlnB.exe

C:\Windows\System\CNpmnHK.exe

C:\Windows\System\CNpmnHK.exe

C:\Windows\System\iDUHwcJ.exe

C:\Windows\System\iDUHwcJ.exe

C:\Windows\System\wmIPQiO.exe

C:\Windows\System\wmIPQiO.exe

C:\Windows\System\kgoMxor.exe

C:\Windows\System\kgoMxor.exe

C:\Windows\System\lTEURxu.exe

C:\Windows\System\lTEURxu.exe

C:\Windows\System\EanifVn.exe

C:\Windows\System\EanifVn.exe

C:\Windows\System\NNlLfNJ.exe

C:\Windows\System\NNlLfNJ.exe

C:\Windows\System\SGmwlCt.exe

C:\Windows\System\SGmwlCt.exe

C:\Windows\System\VkTZfCK.exe

C:\Windows\System\VkTZfCK.exe

C:\Windows\System\JJMYpZL.exe

C:\Windows\System\JJMYpZL.exe

C:\Windows\System\GtmQrKd.exe

C:\Windows\System\GtmQrKd.exe

C:\Windows\System\kVrLjmB.exe

C:\Windows\System\kVrLjmB.exe

C:\Windows\System\JsgSpnA.exe

C:\Windows\System\JsgSpnA.exe

C:\Windows\System\HTdDYLC.exe

C:\Windows\System\HTdDYLC.exe

C:\Windows\System\aWOatiM.exe

C:\Windows\System\aWOatiM.exe

C:\Windows\System\jeSLJyX.exe

C:\Windows\System\jeSLJyX.exe

C:\Windows\System\zqNZfeg.exe

C:\Windows\System\zqNZfeg.exe

C:\Windows\System\tmyIIxL.exe

C:\Windows\System\tmyIIxL.exe

C:\Windows\System\WgpusYa.exe

C:\Windows\System\WgpusYa.exe

C:\Windows\System\ozlUhxA.exe

C:\Windows\System\ozlUhxA.exe

C:\Windows\System\omjrgPC.exe

C:\Windows\System\omjrgPC.exe

C:\Windows\System\KBNHBqr.exe

C:\Windows\System\KBNHBqr.exe

C:\Windows\System\jBVHfWW.exe

C:\Windows\System\jBVHfWW.exe

C:\Windows\System\gfKGvaw.exe

C:\Windows\System\gfKGvaw.exe

C:\Windows\System\IkEVArL.exe

C:\Windows\System\IkEVArL.exe

C:\Windows\System\JpTHuuF.exe

C:\Windows\System\JpTHuuF.exe

C:\Windows\System\BYDJZNM.exe

C:\Windows\System\BYDJZNM.exe

C:\Windows\System\NkxqNcf.exe

C:\Windows\System\NkxqNcf.exe

C:\Windows\System\OsDEKIn.exe

C:\Windows\System\OsDEKIn.exe

C:\Windows\System\xNMUNZV.exe

C:\Windows\System\xNMUNZV.exe

C:\Windows\System\oPOkUsU.exe

C:\Windows\System\oPOkUsU.exe

C:\Windows\System\cEbkZnU.exe

C:\Windows\System\cEbkZnU.exe

C:\Windows\System\UHbWwIa.exe

C:\Windows\System\UHbWwIa.exe

C:\Windows\System\LnlwCru.exe

C:\Windows\System\LnlwCru.exe

C:\Windows\System\cAMCAaB.exe

C:\Windows\System\cAMCAaB.exe

C:\Windows\System\EPRYWSV.exe

C:\Windows\System\EPRYWSV.exe

C:\Windows\System\UaVPqmZ.exe

C:\Windows\System\UaVPqmZ.exe

C:\Windows\System\rxtpmIP.exe

C:\Windows\System\rxtpmIP.exe

C:\Windows\System\goiDYnY.exe

C:\Windows\System\goiDYnY.exe

C:\Windows\System\gHOMuoz.exe

C:\Windows\System\gHOMuoz.exe

C:\Windows\System\NVYhtbE.exe

C:\Windows\System\NVYhtbE.exe

C:\Windows\System\cutVZQe.exe

C:\Windows\System\cutVZQe.exe

C:\Windows\System\zproYQI.exe

C:\Windows\System\zproYQI.exe

C:\Windows\System\OSpwcWb.exe

C:\Windows\System\OSpwcWb.exe

C:\Windows\System\SAdcJmh.exe

C:\Windows\System\SAdcJmh.exe

C:\Windows\System\aMFrPhk.exe

C:\Windows\System\aMFrPhk.exe

C:\Windows\System\CYVXXRv.exe

C:\Windows\System\CYVXXRv.exe

C:\Windows\System\JiTDztT.exe

C:\Windows\System\JiTDztT.exe

C:\Windows\System\QzyDtnG.exe

C:\Windows\System\QzyDtnG.exe

C:\Windows\System\LFvSBEP.exe

C:\Windows\System\LFvSBEP.exe

C:\Windows\System\nHCJONF.exe

C:\Windows\System\nHCJONF.exe

C:\Windows\System\kEmmgVu.exe

C:\Windows\System\kEmmgVu.exe

C:\Windows\System\EVbUUUU.exe

C:\Windows\System\EVbUUUU.exe

C:\Windows\System\mrkiTUw.exe

C:\Windows\System\mrkiTUw.exe

C:\Windows\System\pfnQPge.exe

C:\Windows\System\pfnQPge.exe

C:\Windows\System\obaaemS.exe

C:\Windows\System\obaaemS.exe

C:\Windows\System\MEBXEmt.exe

C:\Windows\System\MEBXEmt.exe

C:\Windows\System\aTgWOLs.exe

C:\Windows\System\aTgWOLs.exe

C:\Windows\System\gIKwFro.exe

C:\Windows\System\gIKwFro.exe

C:\Windows\System\nCHmoQV.exe

C:\Windows\System\nCHmoQV.exe

C:\Windows\System\slaprNl.exe

C:\Windows\System\slaprNl.exe

C:\Windows\System\BKUfqzq.exe

C:\Windows\System\BKUfqzq.exe

C:\Windows\System\hVFehAF.exe

C:\Windows\System\hVFehAF.exe

C:\Windows\System\SjljmZZ.exe

C:\Windows\System\SjljmZZ.exe

C:\Windows\System\aaiSiPN.exe

C:\Windows\System\aaiSiPN.exe

C:\Windows\System\kdmfPiy.exe

C:\Windows\System\kdmfPiy.exe

C:\Windows\System\aNfWulO.exe

C:\Windows\System\aNfWulO.exe

C:\Windows\System\YGujdTO.exe

C:\Windows\System\YGujdTO.exe

C:\Windows\System\cULMvKM.exe

C:\Windows\System\cULMvKM.exe

C:\Windows\System\dbOosMF.exe

C:\Windows\System\dbOosMF.exe

C:\Windows\System\OXqeuSI.exe

C:\Windows\System\OXqeuSI.exe

C:\Windows\System\JUNvkWz.exe

C:\Windows\System\JUNvkWz.exe

C:\Windows\System\MScEJkp.exe

C:\Windows\System\MScEJkp.exe

C:\Windows\System\EGEAGnB.exe

C:\Windows\System\EGEAGnB.exe

C:\Windows\System\FdFWTjW.exe

C:\Windows\System\FdFWTjW.exe

C:\Windows\System\eHlsuds.exe

C:\Windows\System\eHlsuds.exe

C:\Windows\System\YCvXbBd.exe

C:\Windows\System\YCvXbBd.exe

C:\Windows\System\XCSDbxJ.exe

C:\Windows\System\XCSDbxJ.exe

C:\Windows\System\xHwAfbc.exe

C:\Windows\System\xHwAfbc.exe

C:\Windows\System\titFgYQ.exe

C:\Windows\System\titFgYQ.exe

C:\Windows\System\vPGYpfi.exe

C:\Windows\System\vPGYpfi.exe

C:\Windows\System\IsOkTfA.exe

C:\Windows\System\IsOkTfA.exe

C:\Windows\System\FXFhxfc.exe

C:\Windows\System\FXFhxfc.exe

C:\Windows\System\jwRJjkg.exe

C:\Windows\System\jwRJjkg.exe

C:\Windows\System\MZDipbY.exe

C:\Windows\System\MZDipbY.exe

C:\Windows\System\sjByeVd.exe

C:\Windows\System\sjByeVd.exe

C:\Windows\System\UwaPTCM.exe

C:\Windows\System\UwaPTCM.exe

C:\Windows\System\QAfchNj.exe

C:\Windows\System\QAfchNj.exe

C:\Windows\System\NpwKMMP.exe

C:\Windows\System\NpwKMMP.exe

C:\Windows\System\OLmaEhQ.exe

C:\Windows\System\OLmaEhQ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3048-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/3048-1-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\system\NwYnSMj.exe

MD5 48aacfd4206543f389c6e051193ec431
SHA1 a626b6570ed03a6d7a81267217c18f370bd484d2
SHA256 d914277fd2277929d1d72f99d7ea30877c1b282bbb89eee31960fb8b7fe1c6d5
SHA512 00bb7949433466dbfcdfaa281ff78e9e94c547649f3f8ff497209c4e9068fefed2901e29c6e12b9673ccb13791cd0776fbf2bb73f0139eb5a8437a65a39ed18c

C:\Windows\system\SfmbJxL.exe

MD5 63c679010fbd2207b3fe008eacc4a62c
SHA1 3af1d3dc45700020ebfe93f5e4ba82f87fb358d6
SHA256 7bd15847017d2b4903021084fff70cfe7530026cf11369478d3e1b01153d1077
SHA512 f19ad503ef1f6fa864e39327a46291751123eb4cf66df7421413b1a2abdf1eab83cab621ffac1e27052f4b12765ccc4f68c6402b181a064589317e3aede82a7b

C:\Windows\system\PkjYiJa.exe

MD5 792e33008529180605da4c050b75e2e0
SHA1 6c89881991439bc6d558d36541135bcb9bffb174
SHA256 db50b9b3caf93402034ebd502bb97e53c06762261cde23a5717762c6ba94998f
SHA512 0365dfb70d42836c643256b8afb824e21c1e948defb8bf8facc2919584954c519fd8772fb1f5b0aa5c0f1166614f5997fb978bd61f3fc82b2cd4be20eb26c07f

C:\Windows\system\ElJAleR.exe

MD5 0830c8acd833b234c1b52a070f86ee2c
SHA1 bb1458402d7408b3b3820b5bf8d99c345aba4862
SHA256 806736330d2f19aa91ab6927070497026b0cd4601f2811e08d029bc52c5983ab
SHA512 8d2de54b36149fd585b506beab838a2453a57ce0c649dbf44d02d98fbe41dfc3650e9381ecbd351db095816f60ae9061ed5b350beb690f359ee70c572bc0056d

C:\Windows\system\DYjiljZ.exe

MD5 eda64b2241068fe48f850ed73408ef80
SHA1 5c5d2d4c34205cde0e28a3729b8a519919af9ae7
SHA256 419c57d0d8318aaca30bf2733021fe926484af381611f4deecfcaad1b4f696cc
SHA512 1a697602021327d9f03f50ff9294bf2e9192013943cd835db67038b3d8a11aa56981ba39d364daa9e4ff2784d73ab1ae91f74df3c66f1ab36fda099999860948

C:\Windows\system\OkUFnZO.exe

MD5 33365a88218a4d229a574d709f53c2ba
SHA1 a9f345f33e4adb92ec4858340605aadb739cec95
SHA256 71b58f4bb3b976ba4744c7e4427b667db16f17e4da2662b232f89cab71e1fd45
SHA512 3a23f016508c3bc3f214aa410e1e77f6262909d14dbcd6ec7b513ce3a94ac6ab766d646986e62dae525d3110da2f7d637f719358cd1de248eacda6a205fe7d07

C:\Windows\system\qEcZZoJ.exe

MD5 962c671eb4e8a86e84aa2592c9824441
SHA1 005d3603f1aa32b7a90f819b0783eab7ff3b129d
SHA256 0755c1c1a116e545e1d0f50256d632bfa66f3c1908338806069da3fe851975d8
SHA512 fc910799bb1607db48dd3f4bf1b99e2844a292b14251c97cb06357798c8783bdd9d732cc7d9fe51c4b46676de389a90cb740990fc7b65170ddb6d47bf7a8d8a1

C:\Windows\system\OyylEZu.exe

MD5 335527369993645a2df7e0d9d046e289
SHA1 bb930ea2c38ba6f3bf946e8e4c62e53cea79d25b
SHA256 3627a87d7ae4ae295b2c21afb4b752f4fee5e73fc25bae4f2b054df316133537
SHA512 08f3fa789ccd56f6e0aea918dea52794fb7e073589cd88fce81f29b1cd1fde69e9185b8012a9e324ae3983abcc96dcab5d2beac0467725767d7e5ba54ff8e24c

C:\Windows\system\FPIfIkJ.exe

MD5 2b2d10c79d9c1f965b7eb4ed05d468a0
SHA1 addd183b3308881dde7775f97ef6b8c769c96528
SHA256 db1f9030a9fdec2d341cc10c5723935df594cb22abf1e27d17555e5ec00b4ec0
SHA512 f23e03c81362b3cf1c86533609dc458b417c32adbe6ba6dfe19aeb007b97ad0e3d451a56158556415c8212dbb1d659f1d7b58345a347f906a935105e1c1b942c

C:\Windows\system\cEmSRkE.exe

MD5 14923f4fa39ab3f6e643f77d7dfec7a7
SHA1 dddf34b66ae85985f6f01116a10d2c472fea2c36
SHA256 55a8bc5dd51bf433686ffd28b1f561425bd50aab637184eb1ef238fe39baf4f9
SHA512 9cfcb67d7b72a8de2f853edde4f72f947527cf92d0387cfbc070f1da97c2a32d70aac38986c67dca6ff3b4995e54aaa44ce698c7bb92694f7fb87b33f62cec07

C:\Windows\system\BQQLlYQ.exe

MD5 18d1a039e52b8b0b2ee38d37940b082b
SHA1 3a4bbdeee05a2163b17c98ab47a2851ac1986f21
SHA256 30395ed1c28bacfc23889e85537a4a02032f88e2e6648ea8b583f137c6d6a31c
SHA512 8ea7ae372f8c8b0426aa181a203439948fa440d47968ca5a0a604992c86fdbcf82b8e3ff36b688e315f88a534e522a6589741fffe05c07cf7ea5bbb477fa3e27

C:\Windows\system\xOwCYGv.exe

MD5 8c2467b1471e001d8f1e18c0f027f10b
SHA1 1696c07671f9ea298b0251dcb84a1ae65e0c898f
SHA256 7572e193f79a0199097320e2b259716fac4d1267c7f9da3dee413fcedf79736d
SHA512 d652998f3499c96fe265dd2c0b2aa1b664e15802223e7bddad2da99075a1b6c29dfa63789a2a07e6eacebb636af827694801e2017890686a24d8f533026c9713

\Windows\system\kSIIuGf.exe

MD5 53cf55d288ca8ed3ca8d3554ab467a46
SHA1 02ac8e542613245f3e62d52f3a8ea06da0e02a46
SHA256 c5aa4be7c76e49738d38f884b22f0ca2ed91ff5d29782077c1b7e2486b0f70db
SHA512 0eef0fe4bc9db28b27789912a4a6f1952e07973472822869ba5a1163be1ce584987ce000ab36555be125011e2b49ff4bec479d0aa74c5f7ddd1a1650da99dc10

memory/3048-339-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/3048-386-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/2504-408-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/3048-407-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2992-406-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/3048-404-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2696-403-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/3048-402-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/1872-401-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/3048-400-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/552-399-0x000000013F020000-0x000000013F374000-memory.dmp

memory/3048-398-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2592-397-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/3048-396-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/3012-395-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/3048-394-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2856-393-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/3048-392-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2800-391-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/3048-390-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2876-389-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/3048-388-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1716-387-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/1364-385-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/3048-384-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/868-383-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/476-337-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/3048-382-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/3048-317-0x0000000001F00000-0x0000000002254000-memory.dmp

C:\Windows\system\zcpkCLM.exe

MD5 4e7c434c5c7dd7860cd5cb234332ac01
SHA1 bef5d9f198d07513fa03eff545c48c6e7b0119c2
SHA256 0b66c1359c75866f940773833caaa40c1d697ac44bd33d489051a4df53bd6ece
SHA512 9d8650dd38c5f679bf3a4a6c99ad8918d7eed2bdac14c4fe4ef4ab9d64763c456583831d71970fe24a880bf2276fcd025b80d17a311da63058179b0e1fc84654

C:\Windows\system\BYdiwcn.exe

MD5 36b62e93468aaa24aa77a149c4392806
SHA1 7c833c26e4ed3c79784c19f9a456fc239ea58149
SHA256 d56c64f39804d378b968ce5332bfd2cbe0012ee60ebe2ccf137896e12664ad4d
SHA512 31e2e4dee1655bf2509588f71fd677784000a9693f3a4e061610e5811b953f7ee6704b97137e156cbfb6bad9cbfe624b0867a2af53f8233ce6ace24932a8c10e

C:\Windows\system\rKwBsRa.exe

MD5 054d7074184a74136fbdd238f38d6c7b
SHA1 c94e7aa365e704768cd19a6ec8cb23ac6439df3c
SHA256 d6e6b1aa0125d408fbff322be311fc7a59b4d0f82ad0e486d8101312a9de0dbe
SHA512 7bf71d813335a20a0d294e2c0dc8dfc319c55976370f3f366eb14c3ed833fdd089f2e1de52c88b694d0a9639a29e487b4456951333e159f6d99a2b26ccd72c4c

\Windows\system\ksMjcJh.exe

MD5 2d087ee166b1c72920286c1c4b4f56aa
SHA1 32bb902f676fb8252afd33186c0a1e1573fee54a
SHA256 5043e0cb4b005e7b3478ef0300bc4086c628be088bec5ab16fc421ad2aa64af4
SHA512 438c31c90f4e5204c6b84771ffbb08b22c20c8e835e773ce2c153a5df71128d0956a6ea52befe8e3be49b25f8d787b57245d7a23655b7500a5c352795c55ee92

C:\Windows\system\gkNybvs.exe

MD5 b573285baf8079dd449ae9832261fd40
SHA1 4f7850ad1a96589f33fec6fc4b31208cabf17157
SHA256 9540250e76bb1a6cb97974a2af5721203a5565e11e4001766251fa9d3e7c7d02
SHA512 3e600571a110840afb91987ce7392cf17dc7eb426b923a8b4bdba6da6e77e589fcd0d8582b5ad59cd31bf8a3530dc61dd5de921e25a655ac4d9c4046fed45bd2

C:\Windows\system\qZwAtzi.exe

MD5 97a598a86ad53b559f7d9b13b03881d1
SHA1 1e74d12fd58aafe74d656a4684ecb73981143b68
SHA256 8705555e218b46f83c9ca4b42b346df7bab1cffcf3001994810fd0c1d453d973
SHA512 d3addc8a0949d87197e6646fb335adefe6711358a395e15554a9a2ca79a5ea86457885bb3f05197af37464a3e430eada27a72c600eb56db5b53190b97e4e8593

C:\Windows\system\oxTboSb.exe

MD5 0c8cf2244423373d9a7486cb6cba46bc
SHA1 0f9a23454da9c681d010a58e2e8c4c7a300f4ac1
SHA256 e694d87ec14b1d1c3f42097129b585b6da15b11af67ae12235a9eac2eb209251
SHA512 c7a6293146fc9a9acdecf24a58b291569d1d44f56e1e333d16bbb9f4a602f8fa9467f924b6b3d47b9702b6cdc1b7938e8f1b22f62e4cfa616395aca6ea1346f8

C:\Windows\system\sixjYUi.exe

MD5 731ba8706016bc237d3ae267213a0aee
SHA1 f22480accefeb6966a51f6802c12aa7c9c3f71c4
SHA256 aba358e0263015f0f18e9923de1306e51d7cf9fa79be2d720aad2f18b7d8f8c2
SHA512 0aae827c8879817afbb6fff7c17c7d63eaa24e5979ee4b5ae9b6d5323ff9ac110251a94bcf3f1ca48913d2d68401ffcfce720684a5a362447b5583439b7fef0f

C:\Windows\system\zPtoBCM.exe

MD5 5d0b4a8e0bfe00e421d1f9e7c5a43b6d
SHA1 cab8ea9b20ab6aae367361d5fcf3454d3c5badab
SHA256 62a74900583171eeb045afd3fbdd602eba11930e0ca9c778534ef311a7f7e832
SHA512 33672ba6a77f5cef8aef4ad5ca58335591ed1aaf7aa38bc2eb3dc53966f20fa586765700efdc37e2e09c439499184cdc69af7068864f5dba9eb587dd205d9813

C:\Windows\system\YJlCbRr.exe

MD5 44e030ab5ec058a00a85d900ae52200f
SHA1 3a5075c5a2e3226a87a67f996186a63a1daaed7f
SHA256 09c1a308356207b2c68472a699e4aa18243f62423d0401f9facdc8b507f3c25c
SHA512 c23b33aff49318d7df16cefaf90f430e2888cca866bebe5390975b2cab9cdf5b10494730ed22699ad14c0c91da93c6c6572b1dbb0c1401a168a46a81105cad47

C:\Windows\system\uSUPOHM.exe

MD5 fa73fdeb56c7c2560e044217bc208a4b
SHA1 4ea28bbbdc4c850cad88bfa2b59e42d664f75e99
SHA256 3025004bdfa5d2e1f24f5033aa3088467f4996cd361ee26cf972b15cabee00fc
SHA512 efc2d581665dffaff2f2cc1c8ee3ba0d217e48a59e479770d76f123f5c4d85e75a21d04ab7bd1d4ce1f1bff8679605fdbff84bff44417f5541cab11338368f69

C:\Windows\system\NYoASCz.exe

MD5 c21e8cc556a793e45bc85a5a1f69c172
SHA1 00eb659280bbfb095d9557edc86f2c9804af0ca2
SHA256 f5d283ecb19c05d72c4f176a5ef6a0e3b40aa94371f2779654f35798be3a86b0
SHA512 1b55a544654b8e714aacd5491ac447109d0bc4c99704f74a653a90aec42555cdf13874e94b4973d140e5e75ac9e328decd432b0a8097ebd5fcf585a900a895db

C:\Windows\system\FLXFVBQ.exe

MD5 22d015dd2b5e7f7f45a137288a94b768
SHA1 275b6f53219dab618cdd8b1e1ff721ab1f18d537
SHA256 be6432791199b569eeb092c6d33712bde8a3a52f024af8493a7e48770d60ea63
SHA512 87a1145935a32a41904743b3784f6a72e16e497ed645f963a9a8cfdecf41ba67782d229251984b6c1f77bbbbf0db66df8e7b22067d6e1adee8d183d8ea9278df

C:\Windows\system\gGyVQZW.exe

MD5 3e196b9629ec7cf2c1748ae5d1332ad8
SHA1 d69d804ff25c1b403a3e4f7e1238acdb36ea5cc1
SHA256 52cd63abc8f5d950e26aefee3be1737b27f4f004f2b758361fa0125568a78615
SHA512 1741d1dd3c5f38acb5feff4825d02e94b609f419c95116fcde1d80a3d0827bf5f0f9c35348be3a3fc4c09ddb49809f234fd4ef3720ccebfa97195fb4018e2ba5

C:\Windows\system\tGdakWW.exe

MD5 1a6f04ba00b431ea72bf749d9d5581da
SHA1 3c49d03509a88edc09f7a4078b9d74fede6586c7
SHA256 747e93900530351f99c4cc79b9fdc414eaee2cfa4969c6aac92b1e5d35d02120
SHA512 5b2deeb1fe0e1ff0ee57dda10e9b60c2de1d830ca002b1ee388e58bd8cdd7423b31fcd44fb8f40932d5a4528cbf9f9123f67869469edff6148eae0fd6ad54374

C:\Windows\system\kbfWMMJ.exe

MD5 144369a21aeaf3768155bb8c3e2a285b
SHA1 89b733b06aa788fe8c18bf693f75f3ee5afb7bb4
SHA256 a7f61234809b4331537150657cc88631549f41faee52eabed36fca4abef60422
SHA512 c62fa945007d376013f1effc386c5883665df28fd8000ac92ae6da09c12ffafe9afbe7dbaa6feec030f9ee9d2b70700c1808579beb05d2acce9ab733ac202049

C:\Windows\system\ifOHkSQ.exe

MD5 304baaabf48e26639d2c862428b0b722
SHA1 0404385588503c59426998397fc2ba5602fd5009
SHA256 6857c0205c550b88df1442dc28281c38ec3e648f7fdffbc55095e6cfd66e9f06
SHA512 ef50c234259399b6fa3cfda46d9a2e670b2e29bff7fffdc8c518ef942aabb6ac9d5461ce84eb5185646de2d2263b46886297cdada39953be8c2e26c7f1eec18c

C:\Windows\system\fYgnnNI.exe

MD5 4c679495011eeaf39002c6908bed4e3d
SHA1 8f871000fc49f2891bb321c11bc18b54d9418008
SHA256 029b850c26edd221eff402cf6b0f543697b0effde06f1f37acc85404fcffe08e
SHA512 7eec338f298712e598cec654157709a3f003244bea0d5cc9895309e83d5523e2617c6c2a15374ef29dac8686eaead0a12cac474c736a0733c21cf1c75f2767fe

C:\Windows\system\bQTnVem.exe

MD5 7e503d6aba189509fd6f78db86d7563c
SHA1 18c455100be75a19cbf58d54f207e9abf82e5451
SHA256 842cecb7b7398edfb237ba17502fe7a51a1658dd790796f0951a5574b9477d0e
SHA512 c164d7a9ec6b253fd107856bd515b1f7790d73c423e94cc5fdd8f5c5c5acfc7044c80cf67e242d9ae294682586a366088c729b34788103b3197e5b31bff3357a

memory/3048-1069-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/3048-1070-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/3048-1071-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/3048-1072-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/3048-1073-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/3048-1074-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/3048-1075-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/3048-1076-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/3048-1077-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/476-1078-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2696-1084-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/3012-1082-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/1716-1081-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/1364-1086-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/2992-1091-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/1872-1090-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2592-1089-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2856-1088-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2876-1087-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2504-1085-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/868-1080-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2800-1079-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/552-1083-0x000000013F020000-0x000000013F374000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 08:45

Reported

2024-05-30 08:48

Platform

win10v2004-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GjcdhKy.exe N/A
N/A N/A C:\Windows\System\dNzbFfh.exe N/A
N/A N/A C:\Windows\System\xAZOAgT.exe N/A
N/A N/A C:\Windows\System\vQUFvXu.exe N/A
N/A N/A C:\Windows\System\QbPKDXU.exe N/A
N/A N/A C:\Windows\System\BJLdDKp.exe N/A
N/A N/A C:\Windows\System\HCZSlGc.exe N/A
N/A N/A C:\Windows\System\FpyhXbK.exe N/A
N/A N/A C:\Windows\System\SmGHshy.exe N/A
N/A N/A C:\Windows\System\ZGZOpcD.exe N/A
N/A N/A C:\Windows\System\ntTqNfS.exe N/A
N/A N/A C:\Windows\System\kEutxUm.exe N/A
N/A N/A C:\Windows\System\VOaboHk.exe N/A
N/A N/A C:\Windows\System\fQMNAKY.exe N/A
N/A N/A C:\Windows\System\vCHftBK.exe N/A
N/A N/A C:\Windows\System\ODVFuOZ.exe N/A
N/A N/A C:\Windows\System\YKDfdKx.exe N/A
N/A N/A C:\Windows\System\TfesCFg.exe N/A
N/A N/A C:\Windows\System\PKUqZWd.exe N/A
N/A N/A C:\Windows\System\edAZdCj.exe N/A
N/A N/A C:\Windows\System\IRhkMZy.exe N/A
N/A N/A C:\Windows\System\vsXMsJn.exe N/A
N/A N/A C:\Windows\System\sUzKvEj.exe N/A
N/A N/A C:\Windows\System\RMkDJwM.exe N/A
N/A N/A C:\Windows\System\ugWuiYp.exe N/A
N/A N/A C:\Windows\System\rrUWnhL.exe N/A
N/A N/A C:\Windows\System\siGBWnP.exe N/A
N/A N/A C:\Windows\System\FOkkXLQ.exe N/A
N/A N/A C:\Windows\System\TeCcAzT.exe N/A
N/A N/A C:\Windows\System\xsDgdsn.exe N/A
N/A N/A C:\Windows\System\NVCvKgD.exe N/A
N/A N/A C:\Windows\System\UAxWGcs.exe N/A
N/A N/A C:\Windows\System\rWHZMpt.exe N/A
N/A N/A C:\Windows\System\aomFmsC.exe N/A
N/A N/A C:\Windows\System\yCXjDIB.exe N/A
N/A N/A C:\Windows\System\SVDLfGs.exe N/A
N/A N/A C:\Windows\System\HvIjgZQ.exe N/A
N/A N/A C:\Windows\System\AGJCgCm.exe N/A
N/A N/A C:\Windows\System\BxKlxag.exe N/A
N/A N/A C:\Windows\System\qkOWMir.exe N/A
N/A N/A C:\Windows\System\GjWwbwc.exe N/A
N/A N/A C:\Windows\System\SBPlHus.exe N/A
N/A N/A C:\Windows\System\klQIonr.exe N/A
N/A N/A C:\Windows\System\isNQJkG.exe N/A
N/A N/A C:\Windows\System\MVYCBNR.exe N/A
N/A N/A C:\Windows\System\QwrsUXQ.exe N/A
N/A N/A C:\Windows\System\FDUNUnc.exe N/A
N/A N/A C:\Windows\System\oZNAIRe.exe N/A
N/A N/A C:\Windows\System\inmHlQx.exe N/A
N/A N/A C:\Windows\System\sCOizPv.exe N/A
N/A N/A C:\Windows\System\dxccsNT.exe N/A
N/A N/A C:\Windows\System\ikeRjTp.exe N/A
N/A N/A C:\Windows\System\eSiYebZ.exe N/A
N/A N/A C:\Windows\System\YIrsNsg.exe N/A
N/A N/A C:\Windows\System\bPkGRTF.exe N/A
N/A N/A C:\Windows\System\AiVbThG.exe N/A
N/A N/A C:\Windows\System\gruBWfq.exe N/A
N/A N/A C:\Windows\System\TiplmyR.exe N/A
N/A N/A C:\Windows\System\IuuEjJd.exe N/A
N/A N/A C:\Windows\System\aHNnSww.exe N/A
N/A N/A C:\Windows\System\eIibgmW.exe N/A
N/A N/A C:\Windows\System\bAXVfXB.exe N/A
N/A N/A C:\Windows\System\JsuFgWC.exe N/A
N/A N/A C:\Windows\System\lnernXr.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FdpDRIU.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\epAlVbt.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ytcEPNz.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcDwghe.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MXBoVvV.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsKbZGF.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qiGVgfS.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfxviqH.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEKusKi.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgardqD.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgfGikD.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yipeWBn.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StAvCTA.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niFJdCp.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtqxpzO.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsuFgWC.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tMMWiyK.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYUncyh.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLRRisx.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntQtgWS.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVDLfGs.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZNAIRe.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGmXRmF.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjQcuxi.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVKFRrw.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUsWaqY.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJvIEOS.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSpKjxX.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MofHOel.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIuneCz.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvIjgZQ.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDNDmOM.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfZpwPP.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOiUzAO.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDHTmme.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BJLdDKp.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MEWBlSj.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErQKJqh.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmGfQnr.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jEuBjFr.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AiVbThG.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VusuSAh.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oooGjOD.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KsUwlgA.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfNUPwO.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CnubPRq.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgUZDtk.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jGbzgWz.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\klQIonr.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeYirkX.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qViHmDu.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsZqegb.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCZSlGc.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyLlXJd.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALJbmch.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRSPUDd.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFfkPqY.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HsTRGeG.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hezkWTf.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKwEQBO.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcqUCPU.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hXqfskk.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQWFELN.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfuPUyF.exe C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2728 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\GjcdhKy.exe
PID 2728 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\GjcdhKy.exe
PID 2728 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\dNzbFfh.exe
PID 2728 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\dNzbFfh.exe
PID 2728 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\xAZOAgT.exe
PID 2728 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\xAZOAgT.exe
PID 2728 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vQUFvXu.exe
PID 2728 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vQUFvXu.exe
PID 2728 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\QbPKDXU.exe
PID 2728 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\QbPKDXU.exe
PID 2728 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\BJLdDKp.exe
PID 2728 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\BJLdDKp.exe
PID 2728 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\HCZSlGc.exe
PID 2728 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\HCZSlGc.exe
PID 2728 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FpyhXbK.exe
PID 2728 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FpyhXbK.exe
PID 2728 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\SmGHshy.exe
PID 2728 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\SmGHshy.exe
PID 2728 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ZGZOpcD.exe
PID 2728 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ZGZOpcD.exe
PID 2728 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ntTqNfS.exe
PID 2728 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ntTqNfS.exe
PID 2728 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\kEutxUm.exe
PID 2728 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\kEutxUm.exe
PID 2728 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\VOaboHk.exe
PID 2728 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\VOaboHk.exe
PID 2728 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\fQMNAKY.exe
PID 2728 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\fQMNAKY.exe
PID 2728 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vCHftBK.exe
PID 2728 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vCHftBK.exe
PID 2728 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ODVFuOZ.exe
PID 2728 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ODVFuOZ.exe
PID 2728 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\YKDfdKx.exe
PID 2728 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\YKDfdKx.exe
PID 2728 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\TfesCFg.exe
PID 2728 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\TfesCFg.exe
PID 2728 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\PKUqZWd.exe
PID 2728 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\PKUqZWd.exe
PID 2728 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ugWuiYp.exe
PID 2728 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\ugWuiYp.exe
PID 2728 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\edAZdCj.exe
PID 2728 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\edAZdCj.exe
PID 2728 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\IRhkMZy.exe
PID 2728 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\IRhkMZy.exe
PID 2728 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vsXMsJn.exe
PID 2728 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\vsXMsJn.exe
PID 2728 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\sUzKvEj.exe
PID 2728 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\sUzKvEj.exe
PID 2728 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\RMkDJwM.exe
PID 2728 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\RMkDJwM.exe
PID 2728 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\rrUWnhL.exe
PID 2728 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\rrUWnhL.exe
PID 2728 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\siGBWnP.exe
PID 2728 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\siGBWnP.exe
PID 2728 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FOkkXLQ.exe
PID 2728 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\FOkkXLQ.exe
PID 2728 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\TeCcAzT.exe
PID 2728 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\TeCcAzT.exe
PID 2728 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\xsDgdsn.exe
PID 2728 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\xsDgdsn.exe
PID 2728 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NVCvKgD.exe
PID 2728 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\NVCvKgD.exe
PID 2728 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\UAxWGcs.exe
PID 2728 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe C:\Windows\System\UAxWGcs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3cddc087ba269a0a94304b8f1d1014e0_NeikiAnalytics.exe"

C:\Windows\System\GjcdhKy.exe

C:\Windows\System\GjcdhKy.exe

C:\Windows\System\dNzbFfh.exe

C:\Windows\System\dNzbFfh.exe

C:\Windows\System\xAZOAgT.exe

C:\Windows\System\xAZOAgT.exe

C:\Windows\System\vQUFvXu.exe

C:\Windows\System\vQUFvXu.exe

C:\Windows\System\QbPKDXU.exe

C:\Windows\System\QbPKDXU.exe

C:\Windows\System\BJLdDKp.exe

C:\Windows\System\BJLdDKp.exe

C:\Windows\System\HCZSlGc.exe

C:\Windows\System\HCZSlGc.exe

C:\Windows\System\FpyhXbK.exe

C:\Windows\System\FpyhXbK.exe

C:\Windows\System\SmGHshy.exe

C:\Windows\System\SmGHshy.exe

C:\Windows\System\ZGZOpcD.exe

C:\Windows\System\ZGZOpcD.exe

C:\Windows\System\ntTqNfS.exe

C:\Windows\System\ntTqNfS.exe

C:\Windows\System\kEutxUm.exe

C:\Windows\System\kEutxUm.exe

C:\Windows\System\VOaboHk.exe

C:\Windows\System\VOaboHk.exe

C:\Windows\System\fQMNAKY.exe

C:\Windows\System\fQMNAKY.exe

C:\Windows\System\vCHftBK.exe

C:\Windows\System\vCHftBK.exe

C:\Windows\System\ODVFuOZ.exe

C:\Windows\System\ODVFuOZ.exe

C:\Windows\System\YKDfdKx.exe

C:\Windows\System\YKDfdKx.exe

C:\Windows\System\TfesCFg.exe

C:\Windows\System\TfesCFg.exe

C:\Windows\System\PKUqZWd.exe

C:\Windows\System\PKUqZWd.exe

C:\Windows\System\ugWuiYp.exe

C:\Windows\System\ugWuiYp.exe

C:\Windows\System\edAZdCj.exe

C:\Windows\System\edAZdCj.exe

C:\Windows\System\IRhkMZy.exe

C:\Windows\System\IRhkMZy.exe

C:\Windows\System\vsXMsJn.exe

C:\Windows\System\vsXMsJn.exe

C:\Windows\System\sUzKvEj.exe

C:\Windows\System\sUzKvEj.exe

C:\Windows\System\RMkDJwM.exe

C:\Windows\System\RMkDJwM.exe

C:\Windows\System\rrUWnhL.exe

C:\Windows\System\rrUWnhL.exe

C:\Windows\System\siGBWnP.exe

C:\Windows\System\siGBWnP.exe

C:\Windows\System\FOkkXLQ.exe

C:\Windows\System\FOkkXLQ.exe

C:\Windows\System\TeCcAzT.exe

C:\Windows\System\TeCcAzT.exe

C:\Windows\System\xsDgdsn.exe

C:\Windows\System\xsDgdsn.exe

C:\Windows\System\NVCvKgD.exe

C:\Windows\System\NVCvKgD.exe

C:\Windows\System\UAxWGcs.exe

C:\Windows\System\UAxWGcs.exe

C:\Windows\System\rWHZMpt.exe

C:\Windows\System\rWHZMpt.exe

C:\Windows\System\aomFmsC.exe

C:\Windows\System\aomFmsC.exe

C:\Windows\System\yCXjDIB.exe

C:\Windows\System\yCXjDIB.exe

C:\Windows\System\SVDLfGs.exe

C:\Windows\System\SVDLfGs.exe

C:\Windows\System\HvIjgZQ.exe

C:\Windows\System\HvIjgZQ.exe

C:\Windows\System\AGJCgCm.exe

C:\Windows\System\AGJCgCm.exe

C:\Windows\System\BxKlxag.exe

C:\Windows\System\BxKlxag.exe

C:\Windows\System\qkOWMir.exe

C:\Windows\System\qkOWMir.exe

C:\Windows\System\GjWwbwc.exe

C:\Windows\System\GjWwbwc.exe

C:\Windows\System\SBPlHus.exe

C:\Windows\System\SBPlHus.exe

C:\Windows\System\klQIonr.exe

C:\Windows\System\klQIonr.exe

C:\Windows\System\isNQJkG.exe

C:\Windows\System\isNQJkG.exe

C:\Windows\System\MVYCBNR.exe

C:\Windows\System\MVYCBNR.exe

C:\Windows\System\QwrsUXQ.exe

C:\Windows\System\QwrsUXQ.exe

C:\Windows\System\FDUNUnc.exe

C:\Windows\System\FDUNUnc.exe

C:\Windows\System\oZNAIRe.exe

C:\Windows\System\oZNAIRe.exe

C:\Windows\System\inmHlQx.exe

C:\Windows\System\inmHlQx.exe

C:\Windows\System\sCOizPv.exe

C:\Windows\System\sCOizPv.exe

C:\Windows\System\dxccsNT.exe

C:\Windows\System\dxccsNT.exe

C:\Windows\System\ikeRjTp.exe

C:\Windows\System\ikeRjTp.exe

C:\Windows\System\eSiYebZ.exe

C:\Windows\System\eSiYebZ.exe

C:\Windows\System\YIrsNsg.exe

C:\Windows\System\YIrsNsg.exe

C:\Windows\System\bPkGRTF.exe

C:\Windows\System\bPkGRTF.exe

C:\Windows\System\AiVbThG.exe

C:\Windows\System\AiVbThG.exe

C:\Windows\System\gruBWfq.exe

C:\Windows\System\gruBWfq.exe

C:\Windows\System\TiplmyR.exe

C:\Windows\System\TiplmyR.exe

C:\Windows\System\IuuEjJd.exe

C:\Windows\System\IuuEjJd.exe

C:\Windows\System\aHNnSww.exe

C:\Windows\System\aHNnSww.exe

C:\Windows\System\eIibgmW.exe

C:\Windows\System\eIibgmW.exe

C:\Windows\System\bAXVfXB.exe

C:\Windows\System\bAXVfXB.exe

C:\Windows\System\JsuFgWC.exe

C:\Windows\System\JsuFgWC.exe

C:\Windows\System\lnernXr.exe

C:\Windows\System\lnernXr.exe

C:\Windows\System\DqDHYzD.exe

C:\Windows\System\DqDHYzD.exe

C:\Windows\System\pDcvoyZ.exe

C:\Windows\System\pDcvoyZ.exe

C:\Windows\System\ZAQGqmm.exe

C:\Windows\System\ZAQGqmm.exe

C:\Windows\System\PyLlXJd.exe

C:\Windows\System\PyLlXJd.exe

C:\Windows\System\zfwwZud.exe

C:\Windows\System\zfwwZud.exe

C:\Windows\System\ewFPrNn.exe

C:\Windows\System\ewFPrNn.exe

C:\Windows\System\iObRqqX.exe

C:\Windows\System\iObRqqX.exe

C:\Windows\System\VusuSAh.exe

C:\Windows\System\VusuSAh.exe

C:\Windows\System\psYoUvv.exe

C:\Windows\System\psYoUvv.exe

C:\Windows\System\llaqZeE.exe

C:\Windows\System\llaqZeE.exe

C:\Windows\System\HUzTiSR.exe

C:\Windows\System\HUzTiSR.exe

C:\Windows\System\pKEqeop.exe

C:\Windows\System\pKEqeop.exe

C:\Windows\System\ggqKdvZ.exe

C:\Windows\System\ggqKdvZ.exe

C:\Windows\System\tpoZfNg.exe

C:\Windows\System\tpoZfNg.exe

C:\Windows\System\VarbdXn.exe

C:\Windows\System\VarbdXn.exe

C:\Windows\System\REZKCFO.exe

C:\Windows\System\REZKCFO.exe

C:\Windows\System\xeYirkX.exe

C:\Windows\System\xeYirkX.exe

C:\Windows\System\lqrfSFn.exe

C:\Windows\System\lqrfSFn.exe

C:\Windows\System\vKeyJvN.exe

C:\Windows\System\vKeyJvN.exe

C:\Windows\System\QEpOHBv.exe

C:\Windows\System\QEpOHBv.exe

C:\Windows\System\fxZczqS.exe

C:\Windows\System\fxZczqS.exe

C:\Windows\System\EdNbhpU.exe

C:\Windows\System\EdNbhpU.exe

C:\Windows\System\XJQxdaH.exe

C:\Windows\System\XJQxdaH.exe

C:\Windows\System\GxOeTeY.exe

C:\Windows\System\GxOeTeY.exe

C:\Windows\System\lgUrIpf.exe

C:\Windows\System\lgUrIpf.exe

C:\Windows\System\rhqpAWJ.exe

C:\Windows\System\rhqpAWJ.exe

C:\Windows\System\TDyOJYO.exe

C:\Windows\System\TDyOJYO.exe

C:\Windows\System\DNJQzuR.exe

C:\Windows\System\DNJQzuR.exe

C:\Windows\System\BdvVGQa.exe

C:\Windows\System\BdvVGQa.exe

C:\Windows\System\DfuPUyF.exe

C:\Windows\System\DfuPUyF.exe

C:\Windows\System\XCXNYER.exe

C:\Windows\System\XCXNYER.exe

C:\Windows\System\QSBsjAD.exe

C:\Windows\System\QSBsjAD.exe

C:\Windows\System\WtotCeN.exe

C:\Windows\System\WtotCeN.exe

C:\Windows\System\YahLGky.exe

C:\Windows\System\YahLGky.exe

C:\Windows\System\MHtOogI.exe

C:\Windows\System\MHtOogI.exe

C:\Windows\System\rWAthgu.exe

C:\Windows\System\rWAthgu.exe

C:\Windows\System\oxnagUD.exe

C:\Windows\System\oxnagUD.exe

C:\Windows\System\yBWFepv.exe

C:\Windows\System\yBWFepv.exe

C:\Windows\System\HJxcLQs.exe

C:\Windows\System\HJxcLQs.exe

C:\Windows\System\ZNwCeUK.exe

C:\Windows\System\ZNwCeUK.exe

C:\Windows\System\wOgiPMq.exe

C:\Windows\System\wOgiPMq.exe

C:\Windows\System\znNCooL.exe

C:\Windows\System\znNCooL.exe

C:\Windows\System\JKAijho.exe

C:\Windows\System\JKAijho.exe

C:\Windows\System\vLbJqHC.exe

C:\Windows\System\vLbJqHC.exe

C:\Windows\System\yDTzxiO.exe

C:\Windows\System\yDTzxiO.exe

C:\Windows\System\xKwEQBO.exe

C:\Windows\System\xKwEQBO.exe

C:\Windows\System\hDNDmOM.exe

C:\Windows\System\hDNDmOM.exe

C:\Windows\System\UIySOkF.exe

C:\Windows\System\UIySOkF.exe

C:\Windows\System\kallMbS.exe

C:\Windows\System\kallMbS.exe

C:\Windows\System\tpOXDRm.exe

C:\Windows\System\tpOXDRm.exe

C:\Windows\System\gtivIsq.exe

C:\Windows\System\gtivIsq.exe

C:\Windows\System\aHbuSMi.exe

C:\Windows\System\aHbuSMi.exe

C:\Windows\System\DhgsaLy.exe

C:\Windows\System\DhgsaLy.exe

C:\Windows\System\qDKhFhK.exe

C:\Windows\System\qDKhFhK.exe

C:\Windows\System\qViHmDu.exe

C:\Windows\System\qViHmDu.exe

C:\Windows\System\eMvuCsM.exe

C:\Windows\System\eMvuCsM.exe

C:\Windows\System\HsTRGeG.exe

C:\Windows\System\HsTRGeG.exe

C:\Windows\System\niFJdCp.exe

C:\Windows\System\niFJdCp.exe

C:\Windows\System\syvWgmm.exe

C:\Windows\System\syvWgmm.exe

C:\Windows\System\wcyvCVp.exe

C:\Windows\System\wcyvCVp.exe

C:\Windows\System\qvRjhZf.exe

C:\Windows\System\qvRjhZf.exe

C:\Windows\System\hcqUCPU.exe

C:\Windows\System\hcqUCPU.exe

C:\Windows\System\MEWBlSj.exe

C:\Windows\System\MEWBlSj.exe

C:\Windows\System\OHCqJqE.exe

C:\Windows\System\OHCqJqE.exe

C:\Windows\System\rsOgsBy.exe

C:\Windows\System\rsOgsBy.exe

C:\Windows\System\GeSlXrN.exe

C:\Windows\System\GeSlXrN.exe

C:\Windows\System\BdSfuOo.exe

C:\Windows\System\BdSfuOo.exe

C:\Windows\System\qiGVgfS.exe

C:\Windows\System\qiGVgfS.exe

C:\Windows\System\QjQcuxi.exe

C:\Windows\System\QjQcuxi.exe

C:\Windows\System\ytcEPNz.exe

C:\Windows\System\ytcEPNz.exe

C:\Windows\System\DkWTwJg.exe

C:\Windows\System\DkWTwJg.exe

C:\Windows\System\vfZpwPP.exe

C:\Windows\System\vfZpwPP.exe

C:\Windows\System\HtqxpzO.exe

C:\Windows\System\HtqxpzO.exe

C:\Windows\System\POZkYbJ.exe

C:\Windows\System\POZkYbJ.exe

C:\Windows\System\rjcqvsg.exe

C:\Windows\System\rjcqvsg.exe

C:\Windows\System\CnubPRq.exe

C:\Windows\System\CnubPRq.exe

C:\Windows\System\AGUulli.exe

C:\Windows\System\AGUulli.exe

C:\Windows\System\JtthfmD.exe

C:\Windows\System\JtthfmD.exe

C:\Windows\System\GReOifW.exe

C:\Windows\System\GReOifW.exe

C:\Windows\System\hezkWTf.exe

C:\Windows\System\hezkWTf.exe

C:\Windows\System\RENOlnS.exe

C:\Windows\System\RENOlnS.exe

C:\Windows\System\gTuLiYa.exe

C:\Windows\System\gTuLiYa.exe

C:\Windows\System\oaHLAkk.exe

C:\Windows\System\oaHLAkk.exe

C:\Windows\System\gLIVYub.exe

C:\Windows\System\gLIVYub.exe

C:\Windows\System\JVseVxl.exe

C:\Windows\System\JVseVxl.exe

C:\Windows\System\gveesOZ.exe

C:\Windows\System\gveesOZ.exe

C:\Windows\System\hRiaWsu.exe

C:\Windows\System\hRiaWsu.exe

C:\Windows\System\ujQUZTl.exe

C:\Windows\System\ujQUZTl.exe

C:\Windows\System\nbxHlOE.exe

C:\Windows\System\nbxHlOE.exe

C:\Windows\System\cfCKFpa.exe

C:\Windows\System\cfCKFpa.exe

C:\Windows\System\fdxYXJd.exe

C:\Windows\System\fdxYXJd.exe

C:\Windows\System\oIRXQlb.exe

C:\Windows\System\oIRXQlb.exe

C:\Windows\System\HQxgfAn.exe

C:\Windows\System\HQxgfAn.exe

C:\Windows\System\kEmhYwC.exe

C:\Windows\System\kEmhYwC.exe

C:\Windows\System\kGNfncc.exe

C:\Windows\System\kGNfncc.exe

C:\Windows\System\pPfMmPy.exe

C:\Windows\System\pPfMmPy.exe

C:\Windows\System\kihoIwX.exe

C:\Windows\System\kihoIwX.exe

C:\Windows\System\AWTwgKS.exe

C:\Windows\System\AWTwgKS.exe

C:\Windows\System\DEKusKi.exe

C:\Windows\System\DEKusKi.exe

C:\Windows\System\stpiRue.exe

C:\Windows\System\stpiRue.exe

C:\Windows\System\dArqLRq.exe

C:\Windows\System\dArqLRq.exe

C:\Windows\System\kxPAaVi.exe

C:\Windows\System\kxPAaVi.exe

C:\Windows\System\tMMWiyK.exe

C:\Windows\System\tMMWiyK.exe

C:\Windows\System\NCAwMQs.exe

C:\Windows\System\NCAwMQs.exe

C:\Windows\System\RgardqD.exe

C:\Windows\System\RgardqD.exe

C:\Windows\System\BGlkZsz.exe

C:\Windows\System\BGlkZsz.exe

C:\Windows\System\KkiOtCh.exe

C:\Windows\System\KkiOtCh.exe

C:\Windows\System\uZMJcqE.exe

C:\Windows\System\uZMJcqE.exe

C:\Windows\System\wRcKhmb.exe

C:\Windows\System\wRcKhmb.exe

C:\Windows\System\VbgrBLK.exe

C:\Windows\System\VbgrBLK.exe

C:\Windows\System\wJfFWRW.exe

C:\Windows\System\wJfFWRW.exe

C:\Windows\System\MkdVjhA.exe

C:\Windows\System\MkdVjhA.exe

C:\Windows\System\aUsWaqY.exe

C:\Windows\System\aUsWaqY.exe

C:\Windows\System\uOguWtF.exe

C:\Windows\System\uOguWtF.exe

C:\Windows\System\TpFTzee.exe

C:\Windows\System\TpFTzee.exe

C:\Windows\System\clBjmWx.exe

C:\Windows\System\clBjmWx.exe

C:\Windows\System\ebwesFb.exe

C:\Windows\System\ebwesFb.exe

C:\Windows\System\rxNKSGt.exe

C:\Windows\System\rxNKSGt.exe

C:\Windows\System\UyIEczW.exe

C:\Windows\System\UyIEczW.exe

C:\Windows\System\ErQKJqh.exe

C:\Windows\System\ErQKJqh.exe

C:\Windows\System\RgUZDtk.exe

C:\Windows\System\RgUZDtk.exe

C:\Windows\System\hXqfskk.exe

C:\Windows\System\hXqfskk.exe

C:\Windows\System\ZOzlLun.exe

C:\Windows\System\ZOzlLun.exe

C:\Windows\System\AUTqgCp.exe

C:\Windows\System\AUTqgCp.exe

C:\Windows\System\zHrAKWz.exe

C:\Windows\System\zHrAKWz.exe

C:\Windows\System\GniXusm.exe

C:\Windows\System\GniXusm.exe

C:\Windows\System\DDtpnmi.exe

C:\Windows\System\DDtpnmi.exe

C:\Windows\System\ALJbmch.exe

C:\Windows\System\ALJbmch.exe

C:\Windows\System\DQNZaMb.exe

C:\Windows\System\DQNZaMb.exe

C:\Windows\System\bCbMZSV.exe

C:\Windows\System\bCbMZSV.exe

C:\Windows\System\LPWCaKe.exe

C:\Windows\System\LPWCaKe.exe

C:\Windows\System\UwaUXSK.exe

C:\Windows\System\UwaUXSK.exe

C:\Windows\System\mUuZXSX.exe

C:\Windows\System\mUuZXSX.exe

C:\Windows\System\xBbIZWB.exe

C:\Windows\System\xBbIZWB.exe

C:\Windows\System\YEJIMyD.exe

C:\Windows\System\YEJIMyD.exe

C:\Windows\System\qEYehQx.exe

C:\Windows\System\qEYehQx.exe

C:\Windows\System\oooGjOD.exe

C:\Windows\System\oooGjOD.exe

C:\Windows\System\CfxviqH.exe

C:\Windows\System\CfxviqH.exe

C:\Windows\System\VgfGikD.exe

C:\Windows\System\VgfGikD.exe

C:\Windows\System\tWfvmqN.exe

C:\Windows\System\tWfvmqN.exe

C:\Windows\System\KNkUACD.exe

C:\Windows\System\KNkUACD.exe

C:\Windows\System\JjCUFuc.exe

C:\Windows\System\JjCUFuc.exe

C:\Windows\System\iPauxuA.exe

C:\Windows\System\iPauxuA.exe

C:\Windows\System\KsUwlgA.exe

C:\Windows\System\KsUwlgA.exe

C:\Windows\System\kVKFRrw.exe

C:\Windows\System\kVKFRrw.exe

C:\Windows\System\ongQMhJ.exe

C:\Windows\System\ongQMhJ.exe

C:\Windows\System\OXNjDno.exe

C:\Windows\System\OXNjDno.exe

C:\Windows\System\lYkcHsV.exe

C:\Windows\System\lYkcHsV.exe

C:\Windows\System\MXBoVvV.exe

C:\Windows\System\MXBoVvV.exe

C:\Windows\System\nYnkkgP.exe

C:\Windows\System\nYnkkgP.exe

C:\Windows\System\GPojdrG.exe

C:\Windows\System\GPojdrG.exe

C:\Windows\System\jGbzgWz.exe

C:\Windows\System\jGbzgWz.exe

C:\Windows\System\dQSfiMW.exe

C:\Windows\System\dQSfiMW.exe

C:\Windows\System\OiAddjn.exe

C:\Windows\System\OiAddjn.exe

C:\Windows\System\coKEoUx.exe

C:\Windows\System\coKEoUx.exe

C:\Windows\System\ERmryFr.exe

C:\Windows\System\ERmryFr.exe

C:\Windows\System\LAqUbnX.exe

C:\Windows\System\LAqUbnX.exe

C:\Windows\System\BsGQprQ.exe

C:\Windows\System\BsGQprQ.exe

C:\Windows\System\AcDwghe.exe

C:\Windows\System\AcDwghe.exe

C:\Windows\System\HanSRRG.exe

C:\Windows\System\HanSRRG.exe

C:\Windows\System\hmGfQnr.exe

C:\Windows\System\hmGfQnr.exe

C:\Windows\System\UmPCRLm.exe

C:\Windows\System\UmPCRLm.exe

C:\Windows\System\jilDMCd.exe

C:\Windows\System\jilDMCd.exe

C:\Windows\System\EjHXStN.exe

C:\Windows\System\EjHXStN.exe

C:\Windows\System\fXmUFGe.exe

C:\Windows\System\fXmUFGe.exe

C:\Windows\System\RVsyeab.exe

C:\Windows\System\RVsyeab.exe

C:\Windows\System\NGXXqxW.exe

C:\Windows\System\NGXXqxW.exe

C:\Windows\System\uoekFHr.exe

C:\Windows\System\uoekFHr.exe

C:\Windows\System\mtoHQQV.exe

C:\Windows\System\mtoHQQV.exe

C:\Windows\System\JJvIEOS.exe

C:\Windows\System\JJvIEOS.exe

C:\Windows\System\JjnvGmH.exe

C:\Windows\System\JjnvGmH.exe

C:\Windows\System\VZyVDeA.exe

C:\Windows\System\VZyVDeA.exe

C:\Windows\System\sEUjXkh.exe

C:\Windows\System\sEUjXkh.exe

C:\Windows\System\Zftmjjg.exe

C:\Windows\System\Zftmjjg.exe

C:\Windows\System\qSpKjxX.exe

C:\Windows\System\qSpKjxX.exe

C:\Windows\System\iRTKIdn.exe

C:\Windows\System\iRTKIdn.exe

C:\Windows\System\mYUncyh.exe

C:\Windows\System\mYUncyh.exe

C:\Windows\System\djJyEAt.exe

C:\Windows\System\djJyEAt.exe

C:\Windows\System\AueSdSl.exe

C:\Windows\System\AueSdSl.exe

C:\Windows\System\WOiUzAO.exe

C:\Windows\System\WOiUzAO.exe

C:\Windows\System\hPbRaKZ.exe

C:\Windows\System\hPbRaKZ.exe

C:\Windows\System\oBoSBEn.exe

C:\Windows\System\oBoSBEn.exe

C:\Windows\System\JRSEMMY.exe

C:\Windows\System\JRSEMMY.exe

C:\Windows\System\gSaoaHL.exe

C:\Windows\System\gSaoaHL.exe

C:\Windows\System\PrBxRFw.exe

C:\Windows\System\PrBxRFw.exe

C:\Windows\System\rJFTFmo.exe

C:\Windows\System\rJFTFmo.exe

C:\Windows\System\PLRRisx.exe

C:\Windows\System\PLRRisx.exe

C:\Windows\System\EaLtSgO.exe

C:\Windows\System\EaLtSgO.exe

C:\Windows\System\NTTbJez.exe

C:\Windows\System\NTTbJez.exe

C:\Windows\System\eUSVbpF.exe

C:\Windows\System\eUSVbpF.exe

C:\Windows\System\UJpkWgy.exe

C:\Windows\System\UJpkWgy.exe

C:\Windows\System\jEuBjFr.exe

C:\Windows\System\jEuBjFr.exe

C:\Windows\System\RTICwTb.exe

C:\Windows\System\RTICwTb.exe

C:\Windows\System\HuuVKRl.exe

C:\Windows\System\HuuVKRl.exe

C:\Windows\System\dxsapcx.exe

C:\Windows\System\dxsapcx.exe

C:\Windows\System\yipeWBn.exe

C:\Windows\System\yipeWBn.exe

C:\Windows\System\hWNsKlB.exe

C:\Windows\System\hWNsKlB.exe

C:\Windows\System\XQWFELN.exe

C:\Windows\System\XQWFELN.exe

C:\Windows\System\crAuILQ.exe

C:\Windows\System\crAuILQ.exe

C:\Windows\System\dWhwmBw.exe

C:\Windows\System\dWhwmBw.exe

C:\Windows\System\wnmyXvL.exe

C:\Windows\System\wnmyXvL.exe

C:\Windows\System\SkkrroQ.exe

C:\Windows\System\SkkrroQ.exe

C:\Windows\System\hVlcAbz.exe

C:\Windows\System\hVlcAbz.exe

C:\Windows\System\okRnSBK.exe

C:\Windows\System\okRnSBK.exe

C:\Windows\System\UAvDmKE.exe

C:\Windows\System\UAvDmKE.exe

C:\Windows\System\wILPwIT.exe

C:\Windows\System\wILPwIT.exe

C:\Windows\System\GPeVUnP.exe

C:\Windows\System\GPeVUnP.exe

C:\Windows\System\onWSLol.exe

C:\Windows\System\onWSLol.exe

C:\Windows\System\StAvCTA.exe

C:\Windows\System\StAvCTA.exe

C:\Windows\System\xNPAOxA.exe

C:\Windows\System\xNPAOxA.exe

C:\Windows\System\BspMEEf.exe

C:\Windows\System\BspMEEf.exe

C:\Windows\System\MofHOel.exe

C:\Windows\System\MofHOel.exe

C:\Windows\System\FcFdULg.exe

C:\Windows\System\FcFdULg.exe

C:\Windows\System\ZXIvFGY.exe

C:\Windows\System\ZXIvFGY.exe

C:\Windows\System\zsKbZGF.exe

C:\Windows\System\zsKbZGF.exe

C:\Windows\System\FdpDRIU.exe

C:\Windows\System\FdpDRIU.exe

C:\Windows\System\uADKJaL.exe

C:\Windows\System\uADKJaL.exe

C:\Windows\System\deFBcsh.exe

C:\Windows\System\deFBcsh.exe

C:\Windows\System\PzZxxmA.exe

C:\Windows\System\PzZxxmA.exe

C:\Windows\System\YYrBBZO.exe

C:\Windows\System\YYrBBZO.exe

C:\Windows\System\LsZqegb.exe

C:\Windows\System\LsZqegb.exe

C:\Windows\System\ZLeWGjp.exe

C:\Windows\System\ZLeWGjp.exe

C:\Windows\System\vZtFamG.exe

C:\Windows\System\vZtFamG.exe

C:\Windows\System\vZVFvNl.exe

C:\Windows\System\vZVFvNl.exe

C:\Windows\System\pArxJWV.exe

C:\Windows\System\pArxJWV.exe

C:\Windows\System\SmFJWzG.exe

C:\Windows\System\SmFJWzG.exe

C:\Windows\System\VIuneCz.exe

C:\Windows\System\VIuneCz.exe

C:\Windows\System\LgFnURx.exe

C:\Windows\System\LgFnURx.exe

C:\Windows\System\nnDYKlZ.exe

C:\Windows\System\nnDYKlZ.exe

C:\Windows\System\sfNUPwO.exe

C:\Windows\System\sfNUPwO.exe

C:\Windows\System\InqcvYl.exe

C:\Windows\System\InqcvYl.exe

C:\Windows\System\oSmNVNl.exe

C:\Windows\System\oSmNVNl.exe

C:\Windows\System\KRSPUDd.exe

C:\Windows\System\KRSPUDd.exe

C:\Windows\System\JlvNzMe.exe

C:\Windows\System\JlvNzMe.exe

C:\Windows\System\dWJiGAs.exe

C:\Windows\System\dWJiGAs.exe

C:\Windows\System\ntQtgWS.exe

C:\Windows\System\ntQtgWS.exe

C:\Windows\System\hQpBBhG.exe

C:\Windows\System\hQpBBhG.exe

C:\Windows\System\TJGNKCY.exe

C:\Windows\System\TJGNKCY.exe

C:\Windows\System\HGmXRmF.exe

C:\Windows\System\HGmXRmF.exe

C:\Windows\System\carpbEz.exe

C:\Windows\System\carpbEz.exe

C:\Windows\System\yHPDfXU.exe

C:\Windows\System\yHPDfXU.exe

C:\Windows\System\FNLouNs.exe

C:\Windows\System\FNLouNs.exe

C:\Windows\System\lsGZSxh.exe

C:\Windows\System\lsGZSxh.exe

C:\Windows\System\epAlVbt.exe

C:\Windows\System\epAlVbt.exe

C:\Windows\System\uDPabub.exe

C:\Windows\System\uDPabub.exe

C:\Windows\System\jQfisri.exe

C:\Windows\System\jQfisri.exe

C:\Windows\System\ljgkMps.exe

C:\Windows\System\ljgkMps.exe

C:\Windows\System\AFfkPqY.exe

C:\Windows\System\AFfkPqY.exe

C:\Windows\System\XIWUkyi.exe

C:\Windows\System\XIWUkyi.exe

C:\Windows\System\vTXoumH.exe

C:\Windows\System\vTXoumH.exe

C:\Windows\System\SINXgla.exe

C:\Windows\System\SINXgla.exe

C:\Windows\System\rnccWTe.exe

C:\Windows\System\rnccWTe.exe

C:\Windows\System\kcBIExL.exe

C:\Windows\System\kcBIExL.exe

C:\Windows\System\hYqKGPP.exe

C:\Windows\System\hYqKGPP.exe

C:\Windows\System\RJhXKtl.exe

C:\Windows\System\RJhXKtl.exe

C:\Windows\System\PJqVqYw.exe

C:\Windows\System\PJqVqYw.exe

C:\Windows\System\PRnisGQ.exe

C:\Windows\System\PRnisGQ.exe

C:\Windows\System\DDHTmme.exe

C:\Windows\System\DDHTmme.exe

C:\Windows\System\ZsERXUM.exe

C:\Windows\System\ZsERXUM.exe

C:\Windows\System\qFVBPtb.exe

C:\Windows\System\qFVBPtb.exe

C:\Windows\System\ZIPtZgH.exe

C:\Windows\System\ZIPtZgH.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2728-0-0x00007FF6CCBC0000-0x00007FF6CCF14000-memory.dmp

memory/2728-1-0x000002A55B100000-0x000002A55B110000-memory.dmp

C:\Windows\System\GjcdhKy.exe

MD5 399d7950ade0f96d616810ba846be89d
SHA1 d4f1e1fcd1a5ec494809d7b67316da60f052a149
SHA256 3f4483e8436c44cf0555a6204557f293f118892ea99cbf77dc201523c6f0ef1e
SHA512 8ead594ef5b5ef903e175164ea45a27517fcf2edfa13356e4a8b5e8989a14182b853f497a8db83d460d4f62e657b31a9e4c17abfd9c167d4cb345ffbe64d29e9

C:\Windows\System\xAZOAgT.exe

MD5 e5db590d98883e7cec81e738d4b0f8e9
SHA1 0bf699c067b5f0cc73405dc8171a03a6aa10d146
SHA256 76fb4ab03ea47cb2c5e034f81e4df68df4ee1ecb81fc9f690cc79061ddfa4071
SHA512 6e8f531614ef7cfc7e151b0e3f8abe715088099c594abc3490719bc1855107e52316909e44eec852fdd81e1b30b401313ae818c911379de4692398e137e945ef

C:\Windows\System\dNzbFfh.exe

MD5 8b7090a1d25fc92cc7cbc32f2c002cd5
SHA1 2098a951233ab13a48b7d112239d6e11cfadcc65
SHA256 ab76f2251ee584b262ac3d6e773e08961847531c310e6d6eecd9eda24c0c0434
SHA512 32e30c1b468a739fb4645ba1250bf1a020ffa85ddd85b19a3562a9cc9572ba79753f9f2da538c3bb0366dab669cddb51a4b1f378b71c3a5f5624f204d007bd17

C:\Windows\System\vQUFvXu.exe

MD5 4fccf80ace647ec5e1fe3a25c0ea92ca
SHA1 56251742a738ebfa64536c28f9c003ee454075f3
SHA256 7925b65b4afa813a749a451aa494ebcecbde91f61d93f3b30b0e56f1e9d3f220
SHA512 2e162ec43e784fd4a0663f918ab0771d80554b149362e19411e02c5aa663935b1830d4868bb6ebf7fcaa6448b7cb65c01e555d6342ba836da1210e5c01f82afa

C:\Windows\System\BJLdDKp.exe

MD5 1c9b916d8b2d7a4ad698d335054ea09c
SHA1 1ecd74e6b8d7a9d6408c8e0fdaad8ee178c29081
SHA256 9411fa55542546f4653ea8ceb746e2692fabd6fa13baa24d5eee31fc7ac00c5f
SHA512 45a3ad16994410cd5bfc3d7dfaff102e8e73576e7f29da466c151e91d78135e8d02a1ba008730c82fe77c760b8ebd84226e826e452ea8b3b7b8b5205430fdfff

C:\Windows\System\VOaboHk.exe

MD5 8481fb69bd5c81a5fe0024e3207b596b
SHA1 3d2cc4fae9e08ac572a956959681c455daef1ccb
SHA256 885411666a9726e2b85f219822dffc4f33d29090a0dd2f4730e1f43fb2069d56
SHA512 e1bb93e59b778b0e8ef5e6bfc7d185922c87a82d4bbf33053d68e8cb6bfa72b11f98bd44f9998bda3be2b99c0c54c349dd5ba70f4825add8d2c8d615234fee6d

C:\Windows\System\ODVFuOZ.exe

MD5 915d9ab6484a46477183a6881ee3599a
SHA1 b7e8c1dcdbc72d299449d91b1020861e9cff5f14
SHA256 a15eaf8c41d6200622ef2da809ceb4e738370d5119f66438beba986065517da7
SHA512 677cc2294e496c728b2250370027fa073c4e73e5486cfcf91a3ce4a23f79e5945accc2c27f1bffe7fd651928ae1cf3fbbb31730457841739752c7be22c9824db

C:\Windows\System\PKUqZWd.exe

MD5 b0f6b10d95adba96d59f1df9c287923d
SHA1 dc6e2e378d5770a6abf310f26c4cb4e8fc5ad910
SHA256 8bff8d138261453a77e927fb4abd0df23c903a047adebc4304a33ce9900745b9
SHA512 f9f97714d6ce26048c5767c8a2a065de39db226c4fd94064cf7c3e16d536cc452436e574dd18832391160fd04638e42cca0900ff70062e71b24a1f05cc6e1a92

C:\Windows\System\vsXMsJn.exe

MD5 837a1ae1372107ddc206c646ee7831bd
SHA1 f549e4656eec533aa5ce1cbd469dd535d678fecf
SHA256 ec65b90f46eef98c3bbced7b8f5d55821f755f61003a49b923737cbef37299a7
SHA512 e34229e2fa2b40c0c96bfccd8fea6afdde9d7b6f60633b07297d9d09f0fee6f08a267d90565978c7b17507b83d30f3a5fd9e5080254bcb18ebd2dec8f4905380

C:\Windows\System\siGBWnP.exe

MD5 17714a28b9290909176e8f9c1e32d2fc
SHA1 fc16e28fa4807c17f7506fc1cd3eab1b2ba7d0b5
SHA256 7cd1a9f73c7aed0e7023c55e8aa537bac6d758bea8911e4a3536ed32441e2b30
SHA512 33f797489db517cc148cbb6699312730733c190760c8af690056911960a1bcd866ead003138bb8e872bbd38a3304cf20bd5fbafbde1af2f20e507349c6e79dd8

C:\Windows\System\UAxWGcs.exe

MD5 cc5e0152d09ee1558078989737be26bb
SHA1 5344fd5150212dcbe32b0ef1492e0513cb93563c
SHA256 8523c340464d59042e2ff56f37539036bdf42c4e80f2b411696eb5e5436ca48b
SHA512 06280eeca2f18e52d31aabe5717451f70f0139959f94014ee77e0c2dfd6fb11b8ea54c35b8fd4944216759c9558986a5c693e50f3669a23ff958fc47d7fb0302

memory/1512-178-0x00007FF711CE0000-0x00007FF712034000-memory.dmp

memory/5016-186-0x00007FF69BC70000-0x00007FF69BFC4000-memory.dmp

memory/3260-192-0x00007FF6A9640000-0x00007FF6A9994000-memory.dmp

memory/5092-197-0x00007FF6EA500000-0x00007FF6EA854000-memory.dmp

memory/4220-196-0x00007FF74F180000-0x00007FF74F4D4000-memory.dmp

memory/4860-195-0x00007FF7D5760000-0x00007FF7D5AB4000-memory.dmp

memory/1452-194-0x00007FF75B8C0000-0x00007FF75BC14000-memory.dmp

memory/2120-193-0x00007FF62CCA0000-0x00007FF62CFF4000-memory.dmp

memory/2508-191-0x00007FF65E4E0000-0x00007FF65E834000-memory.dmp

memory/1088-190-0x00007FF6BF390000-0x00007FF6BF6E4000-memory.dmp

memory/1156-189-0x00007FF685100000-0x00007FF685454000-memory.dmp

memory/3148-188-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp

memory/3264-187-0x00007FF6022A0000-0x00007FF6025F4000-memory.dmp

memory/4812-185-0x00007FF74BE70000-0x00007FF74C1C4000-memory.dmp

memory/4820-184-0x00007FF611820000-0x00007FF611B74000-memory.dmp

memory/4396-183-0x00007FF74B4B0000-0x00007FF74B804000-memory.dmp

memory/4704-182-0x00007FF77B380000-0x00007FF77B6D4000-memory.dmp

memory/1688-181-0x00007FF70CA60000-0x00007FF70CDB4000-memory.dmp

memory/4080-177-0x00007FF697A60000-0x00007FF697DB4000-memory.dmp

C:\Windows\System\xsDgdsn.exe

MD5 55a240e296a3f927e43579d518868d83
SHA1 253830fc1394e7a0dff24cadd80f77d739a182f6
SHA256 10f2022431fda56c642b882aca465ef13a6cac79d73bba4cc2e242bec6fe458d
SHA512 5bee1e34a5007bc81d0b6ffcd30f8ffcfc5278871d0fbf0be69d3a702d0dc26e1cbf1216c63624aae84ae0ec82a4156d337b6ffdd39532223eb297d42b49efc5

C:\Windows\System\TeCcAzT.exe

MD5 1892b644065f1478069c46e7a1cd968f
SHA1 fa0762db3b75929fa3d6c6a43f566c027bae60f0
SHA256 559eefe05c4ab5db3ea066984bb49709359ae7e411cf7eece2390676d7c99df5
SHA512 7f290753b255db940fd03ada025c35815915d562a345764b4058572422badff4857178abc135a0c0ac0ce7947b88ab156ba430b64e8a4c45a86d6a947638a507

C:\Windows\System\FOkkXLQ.exe

MD5 76d59343b64df78c423d5938e17b7397
SHA1 5e81c32d3d63dd9137436ebdd0b41f0313c8b3e3
SHA256 6d580411f0213b20be2275c08827c41b4325b5106dd82f4420b9d29e61473eb7
SHA512 75fcd1dd55634d6419b053512b3c9ac9c2ff3c8071668bc5a7a0564e99578c690378a35629b906adfac289123e74f91ce2da47e482c27af4a55d61b6af10147f

memory/4824-168-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp

C:\Windows\System\aomFmsC.exe

MD5 1f016567f3f200dddff384cefa553fb7
SHA1 e341aeb316c7b5064885c2d90ee5c3a29aa58813
SHA256 e16603e35b9ed522c90c785e24667f0c2ae7249848f0d50762587b1a2476ad64
SHA512 18faf33e540118ba0349dff10452455ffe7c2fe4f33ff80e0c944a7a37b52a0b5556b63c416e26692261ade05f1229928b0a6ca4d043cb4763218d2d3007e20e

C:\Windows\System\rWHZMpt.exe

MD5 0bf9abfbc8fa914c31f80e4df7888bf0
SHA1 e3c213ff5fbb426093ee217529a23d7cfa195148
SHA256 32dba019abea2a3b70d10184d6b84aa617606ff8ec3a3f5dbf33b99ad9426e1a
SHA512 a9b6d2c4f321c91593017edd495a10ae9190589081fb7d657a00c44530126ddd1f0c0085a77babceed42bde01e26c1dba5759802329ff7b7fde562cced4fc14b

C:\Windows\System\NVCvKgD.exe

MD5 3be6978fee6c8a96172b02e3a2eee268
SHA1 8f70b24044c00b027b86dfd8d83f5baa38e98eec
SHA256 a3124049a7ddcfc43168e10aade9d1adef62386d927f0da96dc7f70b592634ed
SHA512 aa8c396f64f99af8b8e726ce9805b22bd5d74ed7ff1a4a3c55313e808347432a51a60b0451bd47f8b7f5e4ae76ead1bb4b8f399da77106ff994d43f66eb96eb1

memory/5084-161-0x00007FF674610000-0x00007FF674964000-memory.dmp

C:\Windows\System\rrUWnhL.exe

MD5 c930e4a38697d3134ad2f061dee92099
SHA1 1a1bc52b991c417142026807cd5f6e18f713e032
SHA256 78ebd62714a8cc81325247ecd77b449505ebb7607d85825637cb82de708cb1a5
SHA512 7ab5131b54ad2514ec86dcecb3b76bddab8efd4473963e56079e4c14c7fec0e77982c463be5ce757b333c6ecb5e89cef0c1709a6429df2b7edeb9eefd4301cef

C:\Windows\System\ugWuiYp.exe

MD5 dda8bd787bd72c17eeabbe5aaad11bbc
SHA1 2974c1bcc559d1e7854099b78567cf1b3db6c925
SHA256 31f595cde6fdb8b57cc29a90352c08d9c25f20ca4baa70359365112e53030b82
SHA512 f470f05830c548f302eb4046647c0faef39a25c64cb31662f06565ba1abf79ee3ad045129efa471dc416604a0eb5f9048dfe50f126882dfb791ced894feab3f9

C:\Windows\System\RMkDJwM.exe

MD5 b3c01b85b3df07a80a75b4d481f3fc99
SHA1 f42f00f04dad2ca6c2f7eee4feccdb2530eb100d
SHA256 66b86a888573399850ca0b4494020751f013b4c63ae8c354c6ba49f2d37ae988
SHA512 f0184f1fe2a9f819289cf842e662c68aee364c49f99d14e0c4e755b86d08484cf560290a3a81860a0cf4d86e4d74959f586d514d8116a2d5eda8197a5ef73767

C:\Windows\System\sUzKvEj.exe

MD5 4ea683bd3119ef602d734e5293b3acc2
SHA1 bb486d72ac3bd58302b67a2123e60083152eab47
SHA256 81f0694a08d6f8783fd53e8bcdc1d8be2dcb67b2ebf6c7f7a572a4707155d0ee
SHA512 3de243be6a8e311e629438a0202cb0732224a7b2fafd26914e3594fb414830779ad9883216efbac00742c4c8c605c23bc48a202a712660eef83b428d42541ace

C:\Windows\System\IRhkMZy.exe

MD5 f561b05ef619d311993281d73dfbd256
SHA1 e8f5953aaad4b5d8e50f9e4346383c2ebe4460d8
SHA256 89ea2b35858c104387f8af49c25dee340dc41144cf11f611e4efa68e918c8b08
SHA512 f49b884c2e9ba3e3d436f0880dbede131e2559d5fa5abfd2e5ef81d2eca6b98c14f1b7528b8343dadf0638ea35afcf4091abd2a895b4027c07b52d9fa6cce46f

C:\Windows\System\edAZdCj.exe

MD5 e0d4519577a06c756a7d4acc4194d63b
SHA1 092d44c086fdc21bf2eb4a09ba28063a9707ddfa
SHA256 b6a308ccafc63a0262d8c33f834ea8ed9cca68e2fc3109b34ec7d8908159ca36
SHA512 0440691f35aa22d440d00ba9b1ccacf9bff6033ec417fd8e6c14b0b97a42e0671cf971c25a6e7510995cf6b2077b9c0f3179c804f7c7bb59423543c3854f6cab

C:\Windows\System\TfesCFg.exe

MD5 3016a987b6329f4fce67227c562d8f19
SHA1 9a98754eea7d1b1cd44e57d0b944715b678555fe
SHA256 d080c0296c4ebbc3e7010e548df1de0d825be9971fbf7cf57a71fb6065ba2da5
SHA512 33edf0ac258fb8732de284590d6b56993dcb5dc0c846b52a75e0907c73603d617f97fb7c72844532d30d6fbe0fc84316800756564350f7cd3a994c829a5fa324

C:\Windows\System\vCHftBK.exe

MD5 7bf9ed84e3ff2fd06cb8caf7c2d7bf63
SHA1 43406281e05b4c1dae0fcc796762e19f59ecab1f
SHA256 8f83fe54713770da4eb2c73d508ce7b48fd238fab203bba780823a659e0779ca
SHA512 2dd4b7eacba3e3deb8873c1946ea7524ec69908a770416b2abbe200c315aad3d30218720ce08236649a38bcec774616bfb41397925e774cd25653300a48d2376

C:\Windows\System\ZGZOpcD.exe

MD5 9d440c9c6483606a9f4f62a909a895bc
SHA1 4a5c6e17dd4cd22650326be7e54bc71aa9260461
SHA256 8a49e5af453e3b9406407c6bc13a9ec39bded61f13ad4fd0e798e46d5f670362
SHA512 6c9e2ce845d06c57f243ec6f01c9e20c814eb3a6dd36ae386fb5e071ecc9992a766d5b5e3bb111f692c5e79cb783fbcac3ad8a18d44f7e4f991d1ec38cea136f

C:\Windows\System\kEutxUm.exe

MD5 8b694c764f3164d9b758373fd880a376
SHA1 79d21d09b1b31b7e8a961e11b4ebf090a8095ec5
SHA256 2db8b0a2fb4c8a5b4873030d8a5cfa70b695c617cec042857720abe504245ba4
SHA512 fe66843b5ed1447a9628005e167fe30efa2d149aded8178505540c584066211b241a60ef4557f510b195c9c4fd0442cb81d23f39df29596c64952b0fee7802e8

C:\Windows\System\ntTqNfS.exe

MD5 68bdc0bac3632e82308c6f5b8492afaa
SHA1 ab6cc190826004e3bcc580fd228518d859a32cc6
SHA256 8ed9e1e8aca11f39e7bd2871f47fe7c6a60d16b76f6a5db395baa25be229c4fb
SHA512 318b708546fa8d0469a9415ad851de6e9c723b2c57dd90c30c92ddf7a0c0055bcd9c373c83a95ad14281457cef6314630792fafeefa377fa86f9a38780830b1a

C:\Windows\System\fQMNAKY.exe

MD5 db57a8b5e044c2dc9975b6f3712c5778
SHA1 71fd3aec94d264dbbb2f2d9d94301fa9caa767dd
SHA256 9e104246cb2dafc59466a17f5d15eae612a9ada8ac8555e2e642265f322273b1
SHA512 33a046d3008f6d2f420879ed9cf286aa6be984fd5292a5fe7e2c691593a39fe647e7bd08633c1b463734b2257d9ec580b8457ff34e268aa2f4749b4b3a4553bb

C:\Windows\System\YKDfdKx.exe

MD5 082ae44ffc5e444a462ad183dac689cd
SHA1 4b0367d999dd930d91e3de0fa52c35ff7735f164
SHA256 40a2724e36fd1f4993d559d974412a1348b84404ca72b7c400d6960e8ebc66c9
SHA512 04abb450b662f2e135f7329b3d89b433b96608c7792766960aecf56039d6b58d3f90c5a63cc35cf4f12b616744640887f1500926548ec61670b1926eea1a37d9

C:\Windows\System\FpyhXbK.exe

MD5 a0387ca34bbe570d430b0dec11ed4203
SHA1 50e0b5db7d1029083ff51639898b252568adb05e
SHA256 ef1dda3663f211aa4bb5fabb110d73162c8838bc57940933f840cbc926bb3576
SHA512 0c4fbefcbd68b2bd7e22c7baf73dc63d6a67bad3dbac3b9999c1d6c13834c032c983e78d4aebbe3b60338d67c5aa379687c2d2444de7dd6e66df2f82b3fd7a61

memory/4872-80-0x00007FF7A0800000-0x00007FF7A0B54000-memory.dmp

C:\Windows\System\SmGHshy.exe

MD5 8e408423c2f233eb5d74f9b15bc232b8
SHA1 107564eec0c17de6b313cf4865a4daaddc9b9a26
SHA256 46a8c2cce1cb5dc5bf913c6e44776e217a0720a1faa5daaee96c2d6ed81904ec
SHA512 b48d9e443f5fa6ce1b2e107fd1a4055ce04f70a9597aa591335a8cc5e37b0590bdafecf5e43b9ffdf01a939008a3ad7f8fc00b74e3ff21d2565cee2fb26e8d58

C:\Windows\System\HCZSlGc.exe

MD5 110bc3def15e052ef399667d95de8e46
SHA1 a32f25278a0688b919c572924a699c1bf2c2e18f
SHA256 fcd552a0e438904f93f852af3df40b5428204c01054342e31a7d78e4c184dc9e
SHA512 a389c4f503e97828583c5e5b43207f50abcb9ec622ce4e406cc801a1c59e18712f9ea26fe1572201658a5904dcbf587fb3ac43aa55c9a951e065b1cd4b847c00

memory/4652-63-0x00007FF66DEE0000-0x00007FF66E234000-memory.dmp

memory/1464-60-0x00007FF7CABD0000-0x00007FF7CAF24000-memory.dmp

memory/4844-46-0x00007FF7BF6E0000-0x00007FF7BFA34000-memory.dmp

C:\Windows\System\QbPKDXU.exe

MD5 896222ce81a8a185290046a60081afd5
SHA1 2e03d77ae2436d329f979a8cb1d91f8370dc630e
SHA256 677a32d0117ca9fd0e862384b682b33ecf8d0e7b9cc5c400564762f0e3c3feda
SHA512 e3cb4861a3217597e148dfe5ce56c9b1292c910387d4adcbef70ae9e49b376f61cac965156a8ced06de1d6fa687f0c13fd3da7e86d8f8122b14c8141e52d237b

memory/3216-36-0x00007FF7CCC70000-0x00007FF7CCFC4000-memory.dmp

memory/1848-33-0x00007FF797A10000-0x00007FF797D64000-memory.dmp

memory/3284-25-0x00007FF71C4A0000-0x00007FF71C7F4000-memory.dmp

memory/1424-10-0x00007FF7BFA90000-0x00007FF7BFDE4000-memory.dmp

memory/2728-1070-0x00007FF6CCBC0000-0x00007FF6CCF14000-memory.dmp

memory/1848-1071-0x00007FF797A10000-0x00007FF797D64000-memory.dmp

memory/1464-1072-0x00007FF7CABD0000-0x00007FF7CAF24000-memory.dmp

memory/4652-1073-0x00007FF66DEE0000-0x00007FF66E234000-memory.dmp

memory/4872-1074-0x00007FF7A0800000-0x00007FF7A0B54000-memory.dmp

memory/5084-1075-0x00007FF674610000-0x00007FF674964000-memory.dmp

memory/4844-1076-0x00007FF7BF6E0000-0x00007FF7BFA34000-memory.dmp

memory/1424-1077-0x00007FF7BFA90000-0x00007FF7BFDE4000-memory.dmp

memory/3284-1078-0x00007FF71C4A0000-0x00007FF71C7F4000-memory.dmp

memory/3216-1079-0x00007FF7CCC70000-0x00007FF7CCFC4000-memory.dmp

memory/1848-1080-0x00007FF797A10000-0x00007FF797D64000-memory.dmp

memory/4844-1081-0x00007FF7BF6E0000-0x00007FF7BFA34000-memory.dmp

memory/2508-1082-0x00007FF65E4E0000-0x00007FF65E834000-memory.dmp

memory/3260-1083-0x00007FF6A9640000-0x00007FF6A9994000-memory.dmp

memory/4824-1084-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp

memory/1452-1088-0x00007FF75B8C0000-0x00007FF75BC14000-memory.dmp

memory/5084-1089-0x00007FF674610000-0x00007FF674964000-memory.dmp

memory/4872-1090-0x00007FF7A0800000-0x00007FF7A0B54000-memory.dmp

memory/4860-1091-0x00007FF7D5760000-0x00007FF7D5AB4000-memory.dmp

memory/2120-1087-0x00007FF62CCA0000-0x00007FF62CFF4000-memory.dmp

memory/1464-1086-0x00007FF7CABD0000-0x00007FF7CAF24000-memory.dmp

memory/4220-1085-0x00007FF74F180000-0x00007FF74F4D4000-memory.dmp

memory/4396-1097-0x00007FF74B4B0000-0x00007FF74B804000-memory.dmp

memory/1512-1104-0x00007FF711CE0000-0x00007FF712034000-memory.dmp

memory/1688-1105-0x00007FF70CA60000-0x00007FF70CDB4000-memory.dmp

memory/4704-1103-0x00007FF77B380000-0x00007FF77B6D4000-memory.dmp

memory/3264-1102-0x00007FF6022A0000-0x00007FF6025F4000-memory.dmp

memory/1156-1101-0x00007FF685100000-0x00007FF685454000-memory.dmp

memory/5092-1099-0x00007FF6EA500000-0x00007FF6EA854000-memory.dmp

memory/4652-1098-0x00007FF66DEE0000-0x00007FF66E234000-memory.dmp

memory/4812-1096-0x00007FF74BE70000-0x00007FF74C1C4000-memory.dmp

memory/4820-1095-0x00007FF611820000-0x00007FF611B74000-memory.dmp

memory/3148-1094-0x00007FF75E260000-0x00007FF75E5B4000-memory.dmp

memory/5016-1093-0x00007FF69BC70000-0x00007FF69BFC4000-memory.dmp

memory/1088-1100-0x00007FF6BF390000-0x00007FF6BF6E4000-memory.dmp

memory/4080-1092-0x00007FF697A60000-0x00007FF697DB4000-memory.dmp