Malware Analysis Report

2024-10-16 07:51

Sample ID 240530-s55nsaee65
Target 6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe
SHA256 328f28c944db7531d6bac0fe83b368a6e85c5e80fa18254ef7cccfcd1d5075c1
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

328f28c944db7531d6bac0fe83b368a6e85c5e80fa18254ef7cccfcd1d5075c1

Threat Level: Known bad

The file 6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Kpot family

xmrig

XMRig Miner payload

Xmrig family

KPOT

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 15:43

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 15:43

Reported

2024-05-30 15:46

Platform

win7-20240419-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mDVeMRW.exe N/A
N/A N/A C:\Windows\System\ZGzTsTA.exe N/A
N/A N/A C:\Windows\System\TtGtwmU.exe N/A
N/A N/A C:\Windows\System\MObmKuE.exe N/A
N/A N/A C:\Windows\System\ECNYstt.exe N/A
N/A N/A C:\Windows\System\EKMPqmR.exe N/A
N/A N/A C:\Windows\System\ACCgklb.exe N/A
N/A N/A C:\Windows\System\hPUXwOu.exe N/A
N/A N/A C:\Windows\System\hvvlMOw.exe N/A
N/A N/A C:\Windows\System\qdSHkqM.exe N/A
N/A N/A C:\Windows\System\sfKYlYA.exe N/A
N/A N/A C:\Windows\System\CigfYas.exe N/A
N/A N/A C:\Windows\System\QaiAAop.exe N/A
N/A N/A C:\Windows\System\gCKMarO.exe N/A
N/A N/A C:\Windows\System\yavvpQd.exe N/A
N/A N/A C:\Windows\System\gffAYmD.exe N/A
N/A N/A C:\Windows\System\bhEBgie.exe N/A
N/A N/A C:\Windows\System\OcuaWTC.exe N/A
N/A N/A C:\Windows\System\whCsnOu.exe N/A
N/A N/A C:\Windows\System\adRkozc.exe N/A
N/A N/A C:\Windows\System\OXZbctn.exe N/A
N/A N/A C:\Windows\System\sCOtGOX.exe N/A
N/A N/A C:\Windows\System\pctjULk.exe N/A
N/A N/A C:\Windows\System\YnABJFI.exe N/A
N/A N/A C:\Windows\System\recyhdk.exe N/A
N/A N/A C:\Windows\System\ielUGuS.exe N/A
N/A N/A C:\Windows\System\xHrrssI.exe N/A
N/A N/A C:\Windows\System\oIgZpsT.exe N/A
N/A N/A C:\Windows\System\GDEHcHz.exe N/A
N/A N/A C:\Windows\System\qDiBZjr.exe N/A
N/A N/A C:\Windows\System\TRcbZjB.exe N/A
N/A N/A C:\Windows\System\ofOlqwQ.exe N/A
N/A N/A C:\Windows\System\WZGrKUN.exe N/A
N/A N/A C:\Windows\System\YAYoBkr.exe N/A
N/A N/A C:\Windows\System\pWfJWlH.exe N/A
N/A N/A C:\Windows\System\IYVGIaU.exe N/A
N/A N/A C:\Windows\System\yjIAyuQ.exe N/A
N/A N/A C:\Windows\System\mSWroTR.exe N/A
N/A N/A C:\Windows\System\pSdnZvS.exe N/A
N/A N/A C:\Windows\System\EvoynDz.exe N/A
N/A N/A C:\Windows\System\BpIvPRW.exe N/A
N/A N/A C:\Windows\System\QpSXXCr.exe N/A
N/A N/A C:\Windows\System\BWSPZwD.exe N/A
N/A N/A C:\Windows\System\LdEVQae.exe N/A
N/A N/A C:\Windows\System\DJgdXMl.exe N/A
N/A N/A C:\Windows\System\gUWDqty.exe N/A
N/A N/A C:\Windows\System\dgrrhPS.exe N/A
N/A N/A C:\Windows\System\HHefPpK.exe N/A
N/A N/A C:\Windows\System\mGsIhYg.exe N/A
N/A N/A C:\Windows\System\yTaYFTQ.exe N/A
N/A N/A C:\Windows\System\ULJnocb.exe N/A
N/A N/A C:\Windows\System\nbOxHGt.exe N/A
N/A N/A C:\Windows\System\wdKYLRR.exe N/A
N/A N/A C:\Windows\System\IsECOsY.exe N/A
N/A N/A C:\Windows\System\CLMCKrR.exe N/A
N/A N/A C:\Windows\System\tYcZTrz.exe N/A
N/A N/A C:\Windows\System\WhHqHYu.exe N/A
N/A N/A C:\Windows\System\HetfZEw.exe N/A
N/A N/A C:\Windows\System\xinhfQV.exe N/A
N/A N/A C:\Windows\System\IsSZsjS.exe N/A
N/A N/A C:\Windows\System\YIaQpfe.exe N/A
N/A N/A C:\Windows\System\ePGcNgk.exe N/A
N/A N/A C:\Windows\System\AdKSzfS.exe N/A
N/A N/A C:\Windows\System\nMfHIcG.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gffAYmD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ActUoAG.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KexmBYE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDtAgqD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aeycWTZ.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofOlqwQ.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkbxJeT.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhKDPCg.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEXnTZj.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhPSNia.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnegaWo.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KAWjfoO.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvDbYNw.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRcbZjB.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJgdXMl.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBNimFs.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKxYTCb.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqBjnoM.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqHmocB.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YanXdAT.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfEfRiO.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwSHdVK.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IztfSmk.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPUXwOu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtxbsCw.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBJrLvH.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmPsMhh.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\COruGzn.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhqJanR.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEVjZao.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdHNfmy.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmIxjFN.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QyKYPcD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnSTehH.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsECOsY.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdKSzfS.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzWMRRE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYYKkUc.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYtIkyS.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kBbCRFG.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pikJlAt.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBAGzLB.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPEZCYl.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpIvPRW.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtUqGUf.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdpXqQu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FnlbDcc.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLJgyuM.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HniQESE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClbvYNk.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDiBZjr.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMfHIcG.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkOKUFk.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbqZJvv.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLImkJj.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QaiAAop.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhEBgie.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNsPfgA.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMBwgsE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvSSLRs.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ielUGuS.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYVGIaU.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBeyFdN.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VmYYBEp.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ZGzTsTA.exe
PID 2420 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ZGzTsTA.exe
PID 2420 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ZGzTsTA.exe
PID 2420 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\mDVeMRW.exe
PID 2420 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\mDVeMRW.exe
PID 2420 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\mDVeMRW.exe
PID 2420 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ECNYstt.exe
PID 2420 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ECNYstt.exe
PID 2420 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ECNYstt.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TtGtwmU.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TtGtwmU.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TtGtwmU.exe
PID 2420 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\EKMPqmR.exe
PID 2420 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\EKMPqmR.exe
PID 2420 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\EKMPqmR.exe
PID 2420 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\MObmKuE.exe
PID 2420 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\MObmKuE.exe
PID 2420 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\MObmKuE.exe
PID 2420 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ACCgklb.exe
PID 2420 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ACCgklb.exe
PID 2420 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ACCgklb.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hPUXwOu.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hPUXwOu.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hPUXwOu.exe
PID 2420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hvvlMOw.exe
PID 2420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hvvlMOw.exe
PID 2420 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hvvlMOw.exe
PID 2420 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qdSHkqM.exe
PID 2420 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qdSHkqM.exe
PID 2420 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qdSHkqM.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sfKYlYA.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sfKYlYA.exe
PID 2420 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sfKYlYA.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\CigfYas.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\CigfYas.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\CigfYas.exe
PID 2420 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\QaiAAop.exe
PID 2420 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\QaiAAop.exe
PID 2420 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\QaiAAop.exe
PID 2420 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gCKMarO.exe
PID 2420 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gCKMarO.exe
PID 2420 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gCKMarO.exe
PID 2420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\yavvpQd.exe
PID 2420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\yavvpQd.exe
PID 2420 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\yavvpQd.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gffAYmD.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gffAYmD.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gffAYmD.exe
PID 2420 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\bhEBgie.exe
PID 2420 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\bhEBgie.exe
PID 2420 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\bhEBgie.exe
PID 2420 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OcuaWTC.exe
PID 2420 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OcuaWTC.exe
PID 2420 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OcuaWTC.exe
PID 2420 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\whCsnOu.exe
PID 2420 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\whCsnOu.exe
PID 2420 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\whCsnOu.exe
PID 2420 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\adRkozc.exe
PID 2420 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\adRkozc.exe
PID 2420 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\adRkozc.exe
PID 2420 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OXZbctn.exe
PID 2420 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OXZbctn.exe
PID 2420 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OXZbctn.exe
PID 2420 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sCOtGOX.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe"

C:\Windows\System\ZGzTsTA.exe

C:\Windows\System\ZGzTsTA.exe

C:\Windows\System\mDVeMRW.exe

C:\Windows\System\mDVeMRW.exe

C:\Windows\System\ECNYstt.exe

C:\Windows\System\ECNYstt.exe

C:\Windows\System\TtGtwmU.exe

C:\Windows\System\TtGtwmU.exe

C:\Windows\System\EKMPqmR.exe

C:\Windows\System\EKMPqmR.exe

C:\Windows\System\MObmKuE.exe

C:\Windows\System\MObmKuE.exe

C:\Windows\System\ACCgklb.exe

C:\Windows\System\ACCgklb.exe

C:\Windows\System\hPUXwOu.exe

C:\Windows\System\hPUXwOu.exe

C:\Windows\System\hvvlMOw.exe

C:\Windows\System\hvvlMOw.exe

C:\Windows\System\qdSHkqM.exe

C:\Windows\System\qdSHkqM.exe

C:\Windows\System\sfKYlYA.exe

C:\Windows\System\sfKYlYA.exe

C:\Windows\System\CigfYas.exe

C:\Windows\System\CigfYas.exe

C:\Windows\System\QaiAAop.exe

C:\Windows\System\QaiAAop.exe

C:\Windows\System\gCKMarO.exe

C:\Windows\System\gCKMarO.exe

C:\Windows\System\yavvpQd.exe

C:\Windows\System\yavvpQd.exe

C:\Windows\System\gffAYmD.exe

C:\Windows\System\gffAYmD.exe

C:\Windows\System\bhEBgie.exe

C:\Windows\System\bhEBgie.exe

C:\Windows\System\OcuaWTC.exe

C:\Windows\System\OcuaWTC.exe

C:\Windows\System\whCsnOu.exe

C:\Windows\System\whCsnOu.exe

C:\Windows\System\adRkozc.exe

C:\Windows\System\adRkozc.exe

C:\Windows\System\OXZbctn.exe

C:\Windows\System\OXZbctn.exe

C:\Windows\System\sCOtGOX.exe

C:\Windows\System\sCOtGOX.exe

C:\Windows\System\pctjULk.exe

C:\Windows\System\pctjULk.exe

C:\Windows\System\YnABJFI.exe

C:\Windows\System\YnABJFI.exe

C:\Windows\System\recyhdk.exe

C:\Windows\System\recyhdk.exe

C:\Windows\System\ielUGuS.exe

C:\Windows\System\ielUGuS.exe

C:\Windows\System\xHrrssI.exe

C:\Windows\System\xHrrssI.exe

C:\Windows\System\oIgZpsT.exe

C:\Windows\System\oIgZpsT.exe

C:\Windows\System\GDEHcHz.exe

C:\Windows\System\GDEHcHz.exe

C:\Windows\System\qDiBZjr.exe

C:\Windows\System\qDiBZjr.exe

C:\Windows\System\TRcbZjB.exe

C:\Windows\System\TRcbZjB.exe

C:\Windows\System\ofOlqwQ.exe

C:\Windows\System\ofOlqwQ.exe

C:\Windows\System\WZGrKUN.exe

C:\Windows\System\WZGrKUN.exe

C:\Windows\System\YAYoBkr.exe

C:\Windows\System\YAYoBkr.exe

C:\Windows\System\pWfJWlH.exe

C:\Windows\System\pWfJWlH.exe

C:\Windows\System\IYVGIaU.exe

C:\Windows\System\IYVGIaU.exe

C:\Windows\System\yjIAyuQ.exe

C:\Windows\System\yjIAyuQ.exe

C:\Windows\System\mSWroTR.exe

C:\Windows\System\mSWroTR.exe

C:\Windows\System\pSdnZvS.exe

C:\Windows\System\pSdnZvS.exe

C:\Windows\System\EvoynDz.exe

C:\Windows\System\EvoynDz.exe

C:\Windows\System\BpIvPRW.exe

C:\Windows\System\BpIvPRW.exe

C:\Windows\System\QpSXXCr.exe

C:\Windows\System\QpSXXCr.exe

C:\Windows\System\BWSPZwD.exe

C:\Windows\System\BWSPZwD.exe

C:\Windows\System\LdEVQae.exe

C:\Windows\System\LdEVQae.exe

C:\Windows\System\DJgdXMl.exe

C:\Windows\System\DJgdXMl.exe

C:\Windows\System\gUWDqty.exe

C:\Windows\System\gUWDqty.exe

C:\Windows\System\dgrrhPS.exe

C:\Windows\System\dgrrhPS.exe

C:\Windows\System\HHefPpK.exe

C:\Windows\System\HHefPpK.exe

C:\Windows\System\mGsIhYg.exe

C:\Windows\System\mGsIhYg.exe

C:\Windows\System\yTaYFTQ.exe

C:\Windows\System\yTaYFTQ.exe

C:\Windows\System\ULJnocb.exe

C:\Windows\System\ULJnocb.exe

C:\Windows\System\nbOxHGt.exe

C:\Windows\System\nbOxHGt.exe

C:\Windows\System\wdKYLRR.exe

C:\Windows\System\wdKYLRR.exe

C:\Windows\System\IsECOsY.exe

C:\Windows\System\IsECOsY.exe

C:\Windows\System\CLMCKrR.exe

C:\Windows\System\CLMCKrR.exe

C:\Windows\System\tYcZTrz.exe

C:\Windows\System\tYcZTrz.exe

C:\Windows\System\WhHqHYu.exe

C:\Windows\System\WhHqHYu.exe

C:\Windows\System\HetfZEw.exe

C:\Windows\System\HetfZEw.exe

C:\Windows\System\xinhfQV.exe

C:\Windows\System\xinhfQV.exe

C:\Windows\System\IsSZsjS.exe

C:\Windows\System\IsSZsjS.exe

C:\Windows\System\YIaQpfe.exe

C:\Windows\System\YIaQpfe.exe

C:\Windows\System\ePGcNgk.exe

C:\Windows\System\ePGcNgk.exe

C:\Windows\System\AdKSzfS.exe

C:\Windows\System\AdKSzfS.exe

C:\Windows\System\nMfHIcG.exe

C:\Windows\System\nMfHIcG.exe

C:\Windows\System\HtUqGUf.exe

C:\Windows\System\HtUqGUf.exe

C:\Windows\System\DtxbsCw.exe

C:\Windows\System\DtxbsCw.exe

C:\Windows\System\jtKBmTu.exe

C:\Windows\System\jtKBmTu.exe

C:\Windows\System\DdEOJSV.exe

C:\Windows\System\DdEOJSV.exe

C:\Windows\System\JzXZfAv.exe

C:\Windows\System\JzXZfAv.exe

C:\Windows\System\dburjDs.exe

C:\Windows\System\dburjDs.exe

C:\Windows\System\ZLzpzIR.exe

C:\Windows\System\ZLzpzIR.exe

C:\Windows\System\CIICnNX.exe

C:\Windows\System\CIICnNX.exe

C:\Windows\System\kBbCRFG.exe

C:\Windows\System\kBbCRFG.exe

C:\Windows\System\tZMzxtV.exe

C:\Windows\System\tZMzxtV.exe

C:\Windows\System\iceMHOP.exe

C:\Windows\System\iceMHOP.exe

C:\Windows\System\tonyVcE.exe

C:\Windows\System\tonyVcE.exe

C:\Windows\System\QYyojuy.exe

C:\Windows\System\QYyojuy.exe

C:\Windows\System\iUnuQRv.exe

C:\Windows\System\iUnuQRv.exe

C:\Windows\System\LJGwonW.exe

C:\Windows\System\LJGwonW.exe

C:\Windows\System\mQEktwf.exe

C:\Windows\System\mQEktwf.exe

C:\Windows\System\TOmVdow.exe

C:\Windows\System\TOmVdow.exe

C:\Windows\System\ZTAGUEu.exe

C:\Windows\System\ZTAGUEu.exe

C:\Windows\System\jfyjaNn.exe

C:\Windows\System\jfyjaNn.exe

C:\Windows\System\mtGQxKh.exe

C:\Windows\System\mtGQxKh.exe

C:\Windows\System\pswvaJt.exe

C:\Windows\System\pswvaJt.exe

C:\Windows\System\zJnvSjI.exe

C:\Windows\System\zJnvSjI.exe

C:\Windows\System\hhgKHcU.exe

C:\Windows\System\hhgKHcU.exe

C:\Windows\System\LBJrLvH.exe

C:\Windows\System\LBJrLvH.exe

C:\Windows\System\BzWMRRE.exe

C:\Windows\System\BzWMRRE.exe

C:\Windows\System\ActUoAG.exe

C:\Windows\System\ActUoAG.exe

C:\Windows\System\bhVXSPd.exe

C:\Windows\System\bhVXSPd.exe

C:\Windows\System\CWtlxwW.exe

C:\Windows\System\CWtlxwW.exe

C:\Windows\System\IqiKOTL.exe

C:\Windows\System\IqiKOTL.exe

C:\Windows\System\fhqJanR.exe

C:\Windows\System\fhqJanR.exe

C:\Windows\System\FiHNzzP.exe

C:\Windows\System\FiHNzzP.exe

C:\Windows\System\rgsncUx.exe

C:\Windows\System\rgsncUx.exe

C:\Windows\System\NvXxPAS.exe

C:\Windows\System\NvXxPAS.exe

C:\Windows\System\LuxsYeT.exe

C:\Windows\System\LuxsYeT.exe

C:\Windows\System\fElnQXi.exe

C:\Windows\System\fElnQXi.exe

C:\Windows\System\OHbSgWK.exe

C:\Windows\System\OHbSgWK.exe

C:\Windows\System\kWZsZft.exe

C:\Windows\System\kWZsZft.exe

C:\Windows\System\lpmwfPG.exe

C:\Windows\System\lpmwfPG.exe

C:\Windows\System\CxxhdcX.exe

C:\Windows\System\CxxhdcX.exe

C:\Windows\System\LoyaiOD.exe

C:\Windows\System\LoyaiOD.exe

C:\Windows\System\lkbxJeT.exe

C:\Windows\System\lkbxJeT.exe

C:\Windows\System\zeHlXPx.exe

C:\Windows\System\zeHlXPx.exe

C:\Windows\System\sFaSpCi.exe

C:\Windows\System\sFaSpCi.exe

C:\Windows\System\KsFBSVp.exe

C:\Windows\System\KsFBSVp.exe

C:\Windows\System\KaaliGV.exe

C:\Windows\System\KaaliGV.exe

C:\Windows\System\pLqSphx.exe

C:\Windows\System\pLqSphx.exe

C:\Windows\System\fhKDPCg.exe

C:\Windows\System\fhKDPCg.exe

C:\Windows\System\yaHVKuL.exe

C:\Windows\System\yaHVKuL.exe

C:\Windows\System\beSvUBi.exe

C:\Windows\System\beSvUBi.exe

C:\Windows\System\IZoUjYe.exe

C:\Windows\System\IZoUjYe.exe

C:\Windows\System\qpDeDnm.exe

C:\Windows\System\qpDeDnm.exe

C:\Windows\System\QSMMDYn.exe

C:\Windows\System\QSMMDYn.exe

C:\Windows\System\QYYKkUc.exe

C:\Windows\System\QYYKkUc.exe

C:\Windows\System\dWQfclj.exe

C:\Windows\System\dWQfclj.exe

C:\Windows\System\GBNimFs.exe

C:\Windows\System\GBNimFs.exe

C:\Windows\System\TmPsMhh.exe

C:\Windows\System\TmPsMhh.exe

C:\Windows\System\sPIZXyd.exe

C:\Windows\System\sPIZXyd.exe

C:\Windows\System\xdUZQeN.exe

C:\Windows\System\xdUZQeN.exe

C:\Windows\System\zKxYTCb.exe

C:\Windows\System\zKxYTCb.exe

C:\Windows\System\KexmBYE.exe

C:\Windows\System\KexmBYE.exe

C:\Windows\System\sqBjnoM.exe

C:\Windows\System\sqBjnoM.exe

C:\Windows\System\rucVgVC.exe

C:\Windows\System\rucVgVC.exe

C:\Windows\System\MUNvQWx.exe

C:\Windows\System\MUNvQWx.exe

C:\Windows\System\jbcQdGk.exe

C:\Windows\System\jbcQdGk.exe

C:\Windows\System\gdpXqQu.exe

C:\Windows\System\gdpXqQu.exe

C:\Windows\System\NKXozEa.exe

C:\Windows\System\NKXozEa.exe

C:\Windows\System\wDdbgio.exe

C:\Windows\System\wDdbgio.exe

C:\Windows\System\WyCeYJg.exe

C:\Windows\System\WyCeYJg.exe

C:\Windows\System\kocXQHd.exe

C:\Windows\System\kocXQHd.exe

C:\Windows\System\eNOXVrO.exe

C:\Windows\System\eNOXVrO.exe

C:\Windows\System\SmFwkuM.exe

C:\Windows\System\SmFwkuM.exe

C:\Windows\System\YBeyFdN.exe

C:\Windows\System\YBeyFdN.exe

C:\Windows\System\HNMZvvm.exe

C:\Windows\System\HNMZvvm.exe

C:\Windows\System\ZEXnTZj.exe

C:\Windows\System\ZEXnTZj.exe

C:\Windows\System\uYtIkyS.exe

C:\Windows\System\uYtIkyS.exe

C:\Windows\System\TMeDzBi.exe

C:\Windows\System\TMeDzBi.exe

C:\Windows\System\hhdrPkx.exe

C:\Windows\System\hhdrPkx.exe

C:\Windows\System\rsVrYCt.exe

C:\Windows\System\rsVrYCt.exe

C:\Windows\System\vZRnNyd.exe

C:\Windows\System\vZRnNyd.exe

C:\Windows\System\phjVNLs.exe

C:\Windows\System\phjVNLs.exe

C:\Windows\System\WVgarNE.exe

C:\Windows\System\WVgarNE.exe

C:\Windows\System\eFEmyVC.exe

C:\Windows\System\eFEmyVC.exe

C:\Windows\System\hAGVcSZ.exe

C:\Windows\System\hAGVcSZ.exe

C:\Windows\System\xmEKYAU.exe

C:\Windows\System\xmEKYAU.exe

C:\Windows\System\lEVjZao.exe

C:\Windows\System\lEVjZao.exe

C:\Windows\System\BNsPfgA.exe

C:\Windows\System\BNsPfgA.exe

C:\Windows\System\VLsWfcK.exe

C:\Windows\System\VLsWfcK.exe

C:\Windows\System\sXyOQuf.exe

C:\Windows\System\sXyOQuf.exe

C:\Windows\System\rGxcGxu.exe

C:\Windows\System\rGxcGxu.exe

C:\Windows\System\ntjgNZs.exe

C:\Windows\System\ntjgNZs.exe

C:\Windows\System\WzzTDXr.exe

C:\Windows\System\WzzTDXr.exe

C:\Windows\System\Ipykrin.exe

C:\Windows\System\Ipykrin.exe

C:\Windows\System\UErsUhs.exe

C:\Windows\System\UErsUhs.exe

C:\Windows\System\TACThxj.exe

C:\Windows\System\TACThxj.exe

C:\Windows\System\TAkhSOg.exe

C:\Windows\System\TAkhSOg.exe

C:\Windows\System\QBcpOVr.exe

C:\Windows\System\QBcpOVr.exe

C:\Windows\System\AuItCcK.exe

C:\Windows\System\AuItCcK.exe

C:\Windows\System\QGxdTVb.exe

C:\Windows\System\QGxdTVb.exe

C:\Windows\System\WiuJiHa.exe

C:\Windows\System\WiuJiHa.exe

C:\Windows\System\riaVVtD.exe

C:\Windows\System\riaVVtD.exe

C:\Windows\System\MMBwgsE.exe

C:\Windows\System\MMBwgsE.exe

C:\Windows\System\viiStGu.exe

C:\Windows\System\viiStGu.exe

C:\Windows\System\OEJSnXe.exe

C:\Windows\System\OEJSnXe.exe

C:\Windows\System\oBdyILP.exe

C:\Windows\System\oBdyILP.exe

C:\Windows\System\wMeJUBq.exe

C:\Windows\System\wMeJUBq.exe

C:\Windows\System\QnegaWo.exe

C:\Windows\System\QnegaWo.exe

C:\Windows\System\VmYYBEp.exe

C:\Windows\System\VmYYBEp.exe

C:\Windows\System\ZAfstgv.exe

C:\Windows\System\ZAfstgv.exe

C:\Windows\System\WbCMxRS.exe

C:\Windows\System\WbCMxRS.exe

C:\Windows\System\OfyoZDv.exe

C:\Windows\System\OfyoZDv.exe

C:\Windows\System\lUuVeQh.exe

C:\Windows\System\lUuVeQh.exe

C:\Windows\System\HEWrULU.exe

C:\Windows\System\HEWrULU.exe

C:\Windows\System\QHczOub.exe

C:\Windows\System\QHczOub.exe

C:\Windows\System\PLFsRjl.exe

C:\Windows\System\PLFsRjl.exe

C:\Windows\System\CxnNqkm.exe

C:\Windows\System\CxnNqkm.exe

C:\Windows\System\BuOdlCv.exe

C:\Windows\System\BuOdlCv.exe

C:\Windows\System\EiJMgXb.exe

C:\Windows\System\EiJMgXb.exe

C:\Windows\System\lkOKUFk.exe

C:\Windows\System\lkOKUFk.exe

C:\Windows\System\ZHbETzy.exe

C:\Windows\System\ZHbETzy.exe

C:\Windows\System\GsZamxP.exe

C:\Windows\System\GsZamxP.exe

C:\Windows\System\OGRCGcb.exe

C:\Windows\System\OGRCGcb.exe

C:\Windows\System\KAWjfoO.exe

C:\Windows\System\KAWjfoO.exe

C:\Windows\System\gNmyqgl.exe

C:\Windows\System\gNmyqgl.exe

C:\Windows\System\TBVGzZc.exe

C:\Windows\System\TBVGzZc.exe

C:\Windows\System\joPqNrb.exe

C:\Windows\System\joPqNrb.exe

C:\Windows\System\PFjsHlb.exe

C:\Windows\System\PFjsHlb.exe

C:\Windows\System\ctCmCNo.exe

C:\Windows\System\ctCmCNo.exe

C:\Windows\System\RZYsleT.exe

C:\Windows\System\RZYsleT.exe

C:\Windows\System\BHrKkjj.exe

C:\Windows\System\BHrKkjj.exe

C:\Windows\System\pikJlAt.exe

C:\Windows\System\pikJlAt.exe

C:\Windows\System\qZPIaaK.exe

C:\Windows\System\qZPIaaK.exe

C:\Windows\System\lcuXAMe.exe

C:\Windows\System\lcuXAMe.exe

C:\Windows\System\QQjVEzn.exe

C:\Windows\System\QQjVEzn.exe

C:\Windows\System\KYXlGaK.exe

C:\Windows\System\KYXlGaK.exe

C:\Windows\System\COruGzn.exe

C:\Windows\System\COruGzn.exe

C:\Windows\System\MBrJjez.exe

C:\Windows\System\MBrJjez.exe

C:\Windows\System\mBFGXMI.exe

C:\Windows\System\mBFGXMI.exe

C:\Windows\System\qjaPfCi.exe

C:\Windows\System\qjaPfCi.exe

C:\Windows\System\cziBuDJ.exe

C:\Windows\System\cziBuDJ.exe

C:\Windows\System\qUWOzZI.exe

C:\Windows\System\qUWOzZI.exe

C:\Windows\System\YNXDGQc.exe

C:\Windows\System\YNXDGQc.exe

C:\Windows\System\wxsqlKP.exe

C:\Windows\System\wxsqlKP.exe

C:\Windows\System\bapJHvT.exe

C:\Windows\System\bapJHvT.exe

C:\Windows\System\XYWJxPa.exe

C:\Windows\System\XYWJxPa.exe

C:\Windows\System\lZTRkdq.exe

C:\Windows\System\lZTRkdq.exe

C:\Windows\System\YOuuDcv.exe

C:\Windows\System\YOuuDcv.exe

C:\Windows\System\PQQsTHT.exe

C:\Windows\System\PQQsTHT.exe

C:\Windows\System\wUGSFVK.exe

C:\Windows\System\wUGSFVK.exe

C:\Windows\System\awZLnMM.exe

C:\Windows\System\awZLnMM.exe

C:\Windows\System\vXiylUS.exe

C:\Windows\System\vXiylUS.exe

C:\Windows\System\YuMxVvD.exe

C:\Windows\System\YuMxVvD.exe

C:\Windows\System\CcxtlSs.exe

C:\Windows\System\CcxtlSs.exe

C:\Windows\System\tawnBdk.exe

C:\Windows\System\tawnBdk.exe

C:\Windows\System\ItMIOmx.exe

C:\Windows\System\ItMIOmx.exe

C:\Windows\System\IgPkQFy.exe

C:\Windows\System\IgPkQFy.exe

C:\Windows\System\JchFCEL.exe

C:\Windows\System\JchFCEL.exe

C:\Windows\System\xpajmMt.exe

C:\Windows\System\xpajmMt.exe

C:\Windows\System\ywzcOPT.exe

C:\Windows\System\ywzcOPT.exe

C:\Windows\System\FnlbDcc.exe

C:\Windows\System\FnlbDcc.exe

C:\Windows\System\fInEYEe.exe

C:\Windows\System\fInEYEe.exe

C:\Windows\System\DKKKXPc.exe

C:\Windows\System\DKKKXPc.exe

C:\Windows\System\XuHaFZB.exe

C:\Windows\System\XuHaFZB.exe

C:\Windows\System\TTyufXT.exe

C:\Windows\System\TTyufXT.exe

C:\Windows\System\AbqZJvv.exe

C:\Windows\System\AbqZJvv.exe

C:\Windows\System\VygUmOz.exe

C:\Windows\System\VygUmOz.exe

C:\Windows\System\pvDbYNw.exe

C:\Windows\System\pvDbYNw.exe

C:\Windows\System\CdBQKug.exe

C:\Windows\System\CdBQKug.exe

C:\Windows\System\zUUROhv.exe

C:\Windows\System\zUUROhv.exe

C:\Windows\System\ahhHIMY.exe

C:\Windows\System\ahhHIMY.exe

C:\Windows\System\DLImkJj.exe

C:\Windows\System\DLImkJj.exe

C:\Windows\System\AfdWAkd.exe

C:\Windows\System\AfdWAkd.exe

C:\Windows\System\rJNUNRE.exe

C:\Windows\System\rJNUNRE.exe

C:\Windows\System\PDtAgqD.exe

C:\Windows\System\PDtAgqD.exe

C:\Windows\System\vBEsbJg.exe

C:\Windows\System\vBEsbJg.exe

C:\Windows\System\bvSSLRs.exe

C:\Windows\System\bvSSLRs.exe

C:\Windows\System\VhPSNia.exe

C:\Windows\System\VhPSNia.exe

C:\Windows\System\dOcVBVL.exe

C:\Windows\System\dOcVBVL.exe

C:\Windows\System\cLJgyuM.exe

C:\Windows\System\cLJgyuM.exe

C:\Windows\System\clDnwez.exe

C:\Windows\System\clDnwez.exe

C:\Windows\System\mKRtcDr.exe

C:\Windows\System\mKRtcDr.exe

C:\Windows\System\DPkuEsX.exe

C:\Windows\System\DPkuEsX.exe

C:\Windows\System\BsUfuUM.exe

C:\Windows\System\BsUfuUM.exe

C:\Windows\System\wnmwtXq.exe

C:\Windows\System\wnmwtXq.exe

C:\Windows\System\rEJBKuy.exe

C:\Windows\System\rEJBKuy.exe

C:\Windows\System\IWKyCAg.exe

C:\Windows\System\IWKyCAg.exe

C:\Windows\System\UpSGNsd.exe

C:\Windows\System\UpSGNsd.exe

C:\Windows\System\efdcZEM.exe

C:\Windows\System\efdcZEM.exe

C:\Windows\System\QyKYPcD.exe

C:\Windows\System\QyKYPcD.exe

C:\Windows\System\XdHNfmy.exe

C:\Windows\System\XdHNfmy.exe

C:\Windows\System\mKeyNAK.exe

C:\Windows\System\mKeyNAK.exe

C:\Windows\System\bjXLdnh.exe

C:\Windows\System\bjXLdnh.exe

C:\Windows\System\FCmxQXK.exe

C:\Windows\System\FCmxQXK.exe

C:\Windows\System\iqCLDui.exe

C:\Windows\System\iqCLDui.exe

C:\Windows\System\CqHmocB.exe

C:\Windows\System\CqHmocB.exe

C:\Windows\System\OBAGzLB.exe

C:\Windows\System\OBAGzLB.exe

C:\Windows\System\MnSTehH.exe

C:\Windows\System\MnSTehH.exe

C:\Windows\System\aqdgMYv.exe

C:\Windows\System\aqdgMYv.exe

C:\Windows\System\mIotvMG.exe

C:\Windows\System\mIotvMG.exe

C:\Windows\System\SHmJOIM.exe

C:\Windows\System\SHmJOIM.exe

C:\Windows\System\RNHtJYm.exe

C:\Windows\System\RNHtJYm.exe

C:\Windows\System\IjLVIhx.exe

C:\Windows\System\IjLVIhx.exe

C:\Windows\System\eUzUAAa.exe

C:\Windows\System\eUzUAAa.exe

C:\Windows\System\MhOdWJp.exe

C:\Windows\System\MhOdWJp.exe

C:\Windows\System\QSDIkQc.exe

C:\Windows\System\QSDIkQc.exe

C:\Windows\System\chzXgRz.exe

C:\Windows\System\chzXgRz.exe

C:\Windows\System\kbcXkxf.exe

C:\Windows\System\kbcXkxf.exe

C:\Windows\System\Kghknwo.exe

C:\Windows\System\Kghknwo.exe

C:\Windows\System\BPzGMIo.exe

C:\Windows\System\BPzGMIo.exe

C:\Windows\System\YanXdAT.exe

C:\Windows\System\YanXdAT.exe

C:\Windows\System\kynuxAd.exe

C:\Windows\System\kynuxAd.exe

C:\Windows\System\sfEfRiO.exe

C:\Windows\System\sfEfRiO.exe

C:\Windows\System\HwRNjWS.exe

C:\Windows\System\HwRNjWS.exe

C:\Windows\System\iDMopHB.exe

C:\Windows\System\iDMopHB.exe

C:\Windows\System\BhkGWmT.exe

C:\Windows\System\BhkGWmT.exe

C:\Windows\System\avxGQFD.exe

C:\Windows\System\avxGQFD.exe

C:\Windows\System\eMWIyAF.exe

C:\Windows\System\eMWIyAF.exe

C:\Windows\System\WDAEezv.exe

C:\Windows\System\WDAEezv.exe

C:\Windows\System\DMQweoY.exe

C:\Windows\System\DMQweoY.exe

C:\Windows\System\LENoZDF.exe

C:\Windows\System\LENoZDF.exe

C:\Windows\System\ClMjnJW.exe

C:\Windows\System\ClMjnJW.exe

C:\Windows\System\YGsuQBr.exe

C:\Windows\System\YGsuQBr.exe

C:\Windows\System\GRBqQMl.exe

C:\Windows\System\GRBqQMl.exe

C:\Windows\System\vwSHdVK.exe

C:\Windows\System\vwSHdVK.exe

C:\Windows\System\jLtjlLR.exe

C:\Windows\System\jLtjlLR.exe

C:\Windows\System\ZvVTpsZ.exe

C:\Windows\System\ZvVTpsZ.exe

C:\Windows\System\jdMEsuS.exe

C:\Windows\System\jdMEsuS.exe

C:\Windows\System\CHgAMJg.exe

C:\Windows\System\CHgAMJg.exe

C:\Windows\System\lYuQhYZ.exe

C:\Windows\System\lYuQhYZ.exe

C:\Windows\System\raSMLye.exe

C:\Windows\System\raSMLye.exe

C:\Windows\System\zuJiAKt.exe

C:\Windows\System\zuJiAKt.exe

C:\Windows\System\uerdvsY.exe

C:\Windows\System\uerdvsY.exe

C:\Windows\System\LzVhALA.exe

C:\Windows\System\LzVhALA.exe

C:\Windows\System\IztfSmk.exe

C:\Windows\System\IztfSmk.exe

C:\Windows\System\DmYkDCC.exe

C:\Windows\System\DmYkDCC.exe

C:\Windows\System\kPEZCYl.exe

C:\Windows\System\kPEZCYl.exe

C:\Windows\System\FToOYOz.exe

C:\Windows\System\FToOYOz.exe

C:\Windows\System\aeycWTZ.exe

C:\Windows\System\aeycWTZ.exe

C:\Windows\System\Trtqjxv.exe

C:\Windows\System\Trtqjxv.exe

C:\Windows\System\sgWEeZC.exe

C:\Windows\System\sgWEeZC.exe

C:\Windows\System\gmIxjFN.exe

C:\Windows\System\gmIxjFN.exe

C:\Windows\System\VNUaxAC.exe

C:\Windows\System\VNUaxAC.exe

C:\Windows\System\zHUMXPw.exe

C:\Windows\System\zHUMXPw.exe

C:\Windows\System\zIcqGJY.exe

C:\Windows\System\zIcqGJY.exe

C:\Windows\System\DEgWyXA.exe

C:\Windows\System\DEgWyXA.exe

C:\Windows\System\HniQESE.exe

C:\Windows\System\HniQESE.exe

C:\Windows\System\MFmXpOu.exe

C:\Windows\System\MFmXpOu.exe

C:\Windows\System\vYqumji.exe

C:\Windows\System\vYqumji.exe

C:\Windows\System\mEYETMl.exe

C:\Windows\System\mEYETMl.exe

C:\Windows\System\hTBgDMP.exe

C:\Windows\System\hTBgDMP.exe

C:\Windows\System\HWpswRX.exe

C:\Windows\System\HWpswRX.exe

C:\Windows\System\ClbvYNk.exe

C:\Windows\System\ClbvYNk.exe

C:\Windows\System\hnTIdjx.exe

C:\Windows\System\hnTIdjx.exe

C:\Windows\System\soLMwfq.exe

C:\Windows\System\soLMwfq.exe

C:\Windows\System\poqFsnw.exe

C:\Windows\System\poqFsnw.exe

C:\Windows\System\HyRWOYQ.exe

C:\Windows\System\HyRWOYQ.exe

C:\Windows\System\OureLZx.exe

C:\Windows\System\OureLZx.exe

C:\Windows\System\StNGYHR.exe

C:\Windows\System\StNGYHR.exe

C:\Windows\System\ZsVDluR.exe

C:\Windows\System\ZsVDluR.exe

C:\Windows\System\IRIEfBY.exe

C:\Windows\System\IRIEfBY.exe

C:\Windows\System\yLSlCWn.exe

C:\Windows\System\yLSlCWn.exe

C:\Windows\System\lgGGTGD.exe

C:\Windows\System\lgGGTGD.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2420-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

memory/2420-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\ZGzTsTA.exe

MD5 ad32e274c33792c0973f0df9cdac97e5
SHA1 7fc5233d42787e3614b52678b304a8827792e64b
SHA256 8fe2ef249fc2638abacbd7267dbcfa2c23099640580c8fd57126e928a09e02da
SHA512 2b6eb453e056164d468fb1ee1fc310a1501be9cc81fe6c7edf5afcacb31a7372077970f9d813b06fe49a9cbebbd2f5a5524541c9c45c47380d8ee0133c288b17

C:\Windows\system\mDVeMRW.exe

MD5 8f32aac908b91f76fe3dc8624388f28b
SHA1 4ca384d236a960c3c493c190c815f44f0e25fce3
SHA256 15c4cf35ebf651f07f1458e563e51c32c3d799016da59adab5198e8a7fa660e7
SHA512 0fd075840d370d76d4f3ba4265322cede7061e0d7e4e8a3f47c3cc65ebda4af60c71ee7ab9c50ed40e7cb98cf7db55c73b9cd511dbfb5e5dff66c9126c40f95f

C:\Windows\system\MObmKuE.exe

MD5 ed789a0f6d959fb820879251b4febf52
SHA1 340a130be55b0e5d236695769aa2f1664b89a9a4
SHA256 da120704b4968597235c7141c3278ad378cce665ec3b13da1792678d4b015bfb
SHA512 9a54467531eae6e6df20d21b90dda132a32df537837e83a2977f0d7ba1b06fc8dddf347f40417d42a174e439920df24569e9e0281769657d27562166860376b9

\Windows\system\ACCgklb.exe

MD5 bcda47341e659d052c3586f8e15a492e
SHA1 3f0221946d205116ff069cbb4f464cd2ee83d710
SHA256 0b7d201d3c163d2df34bea33dd509e281f87fce707e9f76af6237bbb60dd69c3
SHA512 bfd9450588ed2dda3c538aca2d5a9e154faa1ba176847179e49c4abb5804c1d7f396988e4f85addaa30a9ec7b499b9a18d7aa8ee1b9d1db584aabd306e91f9ac

memory/2420-46-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/2724-50-0x000000013FBD0000-0x000000013FF24000-memory.dmp

\Windows\system\hPUXwOu.exe

MD5 d582f11f56787834be120611e5ff3b4b
SHA1 ef95f4dcfa134eac1b823f9d0dbfc9895ca62b74
SHA256 6d4824e7097b03ae43ac90f39477898c90906fca6f386c349a7424b9415e03bb
SHA512 9cfa84dcc47908f5cc8be2948fdc6a86879a1fdddcbeaf6c32880d12f795f398473cfdc42648f06bdbc6cd3b4cf4b8f53f1e8dc9d8068af67f748178fae275c3

memory/2420-52-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2420-29-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2600-51-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2708-49-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2468-47-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\EKMPqmR.exe

MD5 49205207e0a5b3a8b616c18c64d91fb5
SHA1 aea2d32c2de879d54583e58f2878a77a9a6e63c8
SHA256 327e0fce5145507d49fe761e41b39aec69209718ca660914420c146e98afc039
SHA512 2291400018e6fd032c5364d5c07db70a01e3ba8d640ae49233791a3229e7b614fc3067b9fc420d655cf31bf3cc492696bc3456ff5b531b5b76c5a0e0f53842c3

memory/2420-42-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2420-69-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/2508-63-0x000000013FA10000-0x000000013FD64000-memory.dmp

memory/2420-83-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

C:\Windows\system\gCKMarO.exe

MD5 d77a7275d013905ff404bcb6ee8b91ec
SHA1 53269fd61ede57511e79b9f7fd44cb5048b2f8b9
SHA256 2495ded8cdbd6494408d95dbc004f859cb1e25b2acf1c4fb0d7e8bf68ad0e57f
SHA512 612af01ad51df80733fc9bcb08e1e6e7f7aa01ee2bb094f77f8f8f4af2a29fceee2bcb98889cd9a045bd0436541771c9f4338eb5809c103b5ae34f75d2e691d1

C:\Windows\system\pctjULk.exe

MD5 cf29c525115b7a02d2353eae0c4b0b33
SHA1 6798d61ea69592ba2c9b0e44489f6b08e0e79fd4
SHA256 d32318b2c9457911c7299a021be096297a4bff29f5bff4cc29e933c89f97df2d
SHA512 ffd3c68c78720a904826305640de527da1fd90f9a813f2bcfefd746c9aabd77a8c97a26750454844c2d09bb6cc041e3acf0146f393504a30b203948bea8319b4

C:\Windows\system\qDiBZjr.exe

MD5 aca6063219d7e9fad1a3bbe794d9a0c8
SHA1 bfa3fa291f2b3aa4266ece01313cb9ec20a06079
SHA256 e4baf05a521f2eb80d08a8012cf0f55191a06136054d2233081b61a722d907a9
SHA512 7d83b19b39a7446a48104b1e53cd47b981911f2b0c28a411e25906554bfd5bda0b86c0a195feb4159d04f3b483115025641d5f0745f53e1d993db1f511b134d0

C:\Windows\system\ofOlqwQ.exe

MD5 e7e28d38db8e600193d146b1fb960503
SHA1 576704abc86074ecc66abb0dbfcdbac8b2cd1b98
SHA256 780dcaea30a37316bd906e7f511da773d0815b785cfdc1e4f12e2e6d49a3cb2e
SHA512 822e3e186f254da859d4ac7a5827af974a3921247f0fd18c2ba869fba492e2334ecdff78dfc07dbbe82beb6c4bde091b3b64652e59705950f698aebd00e7414f

C:\Windows\system\TRcbZjB.exe

MD5 0a74aa22e9f9647bacf42e963af95f1b
SHA1 1e41028e4072662238b63046bd0ca9bac3997a17
SHA256 c881756451a1696af268f084c5219914759bdf3d75c13814d6dca4359e51d660
SHA512 38e756db488dddb1d063bb311ba16235ccc1d98b44682353390a81774c6f3f1064c29569774106a88cca76212ebcbb62a705732c6aecf61f6fa0c72f7483f8e7

C:\Windows\system\GDEHcHz.exe

MD5 d6bb1e3d9ccc7d173da6e940b055fe8c
SHA1 ef7054de347c7b259e04cee489fa1d35d689cdcc
SHA256 8dbb6b411394599f309dc57c753c210ebc491a0feea1c487ed1dd036801fcc4c
SHA512 e5a3e18c3c889f638e2c59d1a1f7a3414d1ca62b456e34a224b8d15fe23d8de4c933d67961a5cbf01d4dfd3f00cee7895d2b02fee79c98b011860e16c387795d

C:\Windows\system\oIgZpsT.exe

MD5 694a374d68735b3a6cb4e74946cbc373
SHA1 c1bb6a2636ff892b78b9b760013b6bd7d9d20af0
SHA256 4483e3152f913f7f2dea26d1d157b7c268fb6023897cfb9a0e01c3fdee807d24
SHA512 8ce5fefe124df7e8421568d00b3a3aabe6def80608281e54b7ba55474f2225395bb698ea246254d2bcaef71876d55b6808f94caa9b0aa7e117e7d8df43c6b27b

C:\Windows\system\xHrrssI.exe

MD5 e989178a149186515c723f16f791ec8c
SHA1 6da0689113602b410054114f3e3639a2f5d41562
SHA256 6795cf2520190ef377abeb9dfdf4547a13c9d5dc1a5a805c9dcbcbbb0edb79e9
SHA512 37fb5f531133b7c0c8e7277f2f61d5d131da4e67124195c3d689331b40f91d1ebc8f627b1d8b3a77bc22b8fa01e49c206f822b67a9f41ed8e7578e0284563ff7

C:\Windows\system\ielUGuS.exe

MD5 da5d3df76fc4719ee2817c1b33719605
SHA1 9265dd589af3682daf171d590ea8d52a5c1753e7
SHA256 e0c1776b0e9ba4cdade491e382b1bb2cb6ebbdd3bb1a1eb2b1a98184c48f5d8d
SHA512 46d7400f79a4029fd86e66944f1846c84f65e850e1315e725f58df4c5eced3bb765ee12cb58532b182a2153cbaaeefe71d5629d4b2b96ac6c4cf00654c7c2fb9

C:\Windows\system\recyhdk.exe

MD5 b0f8222b7fbbab99907269c934c763fa
SHA1 f8ac0c0a63ef815dd4ddf3d36a2843780d753ea6
SHA256 7bad583c367d917ff25c6a7236a1bfb60b94747610f5e560194648f0282eb7bc
SHA512 3745fd3bf228dfd13ec93e8a9060773264baf3788c2d8af92257c2f505db94d47aa4163f4c3fcd83e3bb8fba61115b4f1484718388f8ccf3284eadbddc6ea323

C:\Windows\system\YnABJFI.exe

MD5 936b04c7028b7115cf7608d94b9cc590
SHA1 2aaae5d6f6ded72c0394482bff801639876d31b2
SHA256 bee02946a0a74ef11b28dd46997cd8acf53b2e6ae67514c0585af433455fa327
SHA512 754787f263d6f54eb7fa75aa7a1600f8f2b4c7e342c8d354524e2be60f10200ea049b35292ea711a8ba1846f2ab21347634caaa490d00941926ed42730b4807e

C:\Windows\system\sCOtGOX.exe

MD5 b058827769d3544bba6b78226780c6a9
SHA1 636f6e11dd4dae2d40852a63bfec686b37ad7cb8
SHA256 c8553b18046dd105cc1b4e15daec5bc94ef0df4c0f5b007404ff39c3bf24a167
SHA512 7c7a4ddad3d142650b08b9cb7db2b1d25ce70b6afef464e65b1e54743e633252642e224af8c7e4450cc7cc9ae8cd5b250f9cde9b2fb73921677dd9914dc66923

C:\Windows\system\OXZbctn.exe

MD5 9d6560eb9b7472e31400353a2162527d
SHA1 b444cf79a6b86399c02b0edf4ccabbde8030954c
SHA256 ddd73b6d9fa18147a9aa30a21670f3b796aa4eae232d2a9d609cfc1db2e6c5a1
SHA512 c4976e049fac7292b647b411f601825343ac22423405a989d863a353aba1d33d154529b1ab00f57758a20d30fccf47f8d1e0778a731633a445654dfa1e49f842

C:\Windows\system\adRkozc.exe

MD5 fd8eeeec95477f62137ad63ca94d1300
SHA1 5c312391dae6d856fef3c277f7b89348df4eb873
SHA256 f2c9f1dc44ba9669b2aac1551442534611bf53f2b2f6560b3f9868415640ef4e
SHA512 e5e1fa74543f7730495376d8df7d9cadd8af7e4de1255c73f5751173c3b782770cd5c4904980af63dea906d38fb237e1afd21174eae58fcde70ac81090bde142

C:\Windows\system\whCsnOu.exe

MD5 7b39ef8f67d0685ebeefe9696c09e957
SHA1 4cab6be450739aa55672d7c336756e3a0c325ed6
SHA256 bc412333297580c21f977aa7ad9d1c19aed361a8a8413ad83a49340374637a4b
SHA512 6f901ed266dbded0c8dfa63f736ba967e78a85426a4fa56c05ac4e1dd2b6b40d7422f97ee505eff54cc65c90bb7167c399e7d51dedd74fe86167b03d387dd551

C:\Windows\system\OcuaWTC.exe

MD5 5775d60c062ef81cdbff88f30be63397
SHA1 df3f80698f6981ff69956599fbf16fd98975a953
SHA256 5aef0efac1b89ce7fec87fc0b25d5dfd6f437be6cf9bf673ce7f4c3dd76bfb68
SHA512 dbd8459b7980c3df7806e89919cf4b92d8ec2b40c58e28961aee558b992c156ec5ad367a333dbcaf9408e1f1e4c495a9a6d5385a69ddbdbbd10e1d61ad499ad0

C:\Windows\system\bhEBgie.exe

MD5 70643c8cfe42f45c0f57d496935a9447
SHA1 bbe8be71c3e62f97a5a5d5b100e0b11d96f2f6a9
SHA256 084b82784a7925d4c9f409af7eab7347fe873e9cb589bb151d9b4233e2a8b0e7
SHA512 a86353c4d0c033bdf03e0e97fca5f7a6d18263a39ca40584ca00e323ebaf721ba76f46c0ce35f8d9bfe8eb8ba3ff10c1bc982d5f247c607dc9d0e35bd74b74da

C:\Windows\system\yavvpQd.exe

MD5 7ca96d42628121e60ce41d3891717887
SHA1 b4eccb301614d85461dc87a073a163644c8e07bc
SHA256 6df3cf07e7470574270f3aa897a6b3763bb21347ef46b71c02a0c8c75d281d81
SHA512 2fbb6f23a04ce409b002453e024593209c0cf119627e28965dd6ce2b81a68534969164c59ce893fa4ba4c309f00341b5d175d1364298283bb57fe5fb1c3f3a16

memory/2420-104-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2808-103-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2420-102-0x000000013FFD0000-0x0000000140324000-memory.dmp

C:\Windows\system\gffAYmD.exe

MD5 2edea88175a6a3b44203f9f3d9542fd6
SHA1 4f7e47bc6cf4057dc83c976c49ff0b707a6bcec0
SHA256 6b31a42c26f33a76952fb97d93480f009a26fe2b1a27e16360bb9c03c3ffea29
SHA512 c3204b5e02208009e189717300fede1a4d6b60232fe1d34fc0bf1a8aa7f29e0a2be95308a1449fdd74990a72e9800ea24f5fac30fceb757b3955b037d42243fb

memory/1252-93-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2420-92-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/2420-91-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2444-90-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

C:\Windows\system\QaiAAop.exe

MD5 fe62c194381e4696d5453030671f96e7
SHA1 560ca25ca422c677d7dc7d5e4b9582958980e37e
SHA256 d42f1e4c43339eca2be1d3c1c58c908bb4e0634939f0f848e0e1885acb365aa8
SHA512 bbd686a282ba681ede6bcc67a7c46699e89b8bdc973428a92c10e55f246b9d19577ad8e6de6b395b341137fc8949c3de0f2d8773751fae4fa2772465dc104b39

memory/3024-77-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2420-76-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/2164-84-0x000000013FFA0000-0x00000001402F4000-memory.dmp

C:\Windows\system\CigfYas.exe

MD5 6b2532a2c7e337642f657295269ca738
SHA1 2c03d451c6edb4a9b73b6957cb7f9aa1cf7d8e8a
SHA256 cf9ece31cdd4bd73731ce6464bbc5a768f27c232bcab9615d151fa1746ff630b
SHA512 07e50e42dbbb9b52469682dbd44d437bc4ec7c917501121f31520307b1a02c76b0f9e0aaa5e7b9da3c013df41e56cfaeb31f0d20dfc3c71f4a3cd665dc9ad901

C:\Windows\system\sfKYlYA.exe

MD5 e2109828ec2977646cf8ea7ddc3b7a99
SHA1 361af63083d8525089fd5174f0f9e18f4a983be4
SHA256 98bd9a9517becce7bcec4b07a5b2cd846481e2c3a241895dfb01bb0baa0a6e98
SHA512 39265573f6afe43e0547fb2b12b7a6cd8b737b7b8bef3d05013ac6e150d3b2fb19f88032c2c4cb1229da5a4951f16e7d2b525e8c7a03a66ad3f4f81c05645fd1

memory/2420-62-0x000000013FA10000-0x000000013FD64000-memory.dmp

C:\Windows\system\hvvlMOw.exe

MD5 c07aca277f8412d74930918559d4c032
SHA1 26679cde1825f73cdf4842978f828532b52616ba
SHA256 8a37a73035d4528aeb0e6c06ac0b38ce0297fef6ef8f724aa9961541cabb55c6
SHA512 999db81597f2bfa674da24c4777e3ba8eee9a25ad984e0f81792319c43211fa93c8dcf26a3b31b566df9ae76df91e7ae8ad8adccc511cac178cb20d748dbeec5

memory/2580-70-0x000000013F4E0000-0x000000013F834000-memory.dmp

C:\Windows\system\qdSHkqM.exe

MD5 446a635ca37aa85a4754de371ef936e0
SHA1 ba2507a0d7259a05ec1ddfb5e1e8ade477e8b73c
SHA256 70d368a8222262fb79befa34712c311a145b3778518037f7994b48336a20877c
SHA512 20e27a442cf0a835e10692fed7fa0faed90afa78702bb0b2ddac1ef2bcffc667b5357007ed334f761a73af1b1bf899b9a4ec2a0f8c69612718cdc32e78347813

memory/2860-56-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2080-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/3060-40-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2420-39-0x000000013FBD0000-0x000000013FF24000-memory.dmp

memory/2420-38-0x000000013FE10000-0x0000000140164000-memory.dmp

C:\Windows\system\ECNYstt.exe

MD5 706fabb399266058893390721da60168
SHA1 a40f141ad6a5ad11b9f2276bc66d0b2f839defec
SHA256 b4977b6da98404997f8bda798174a5b45e214522ea7f437fc96816103059fa67
SHA512 50180f4ddf475fc05b6f3aff2c6d3dccbaa9caa8cc7eafb94d8eb31bd40eaa7fa4a51703ed5f14423fe101f37c92ac1c4e3c0c66eb3e8fa581c686bceb9da7e4

C:\Windows\system\TtGtwmU.exe

MD5 9887e5f8b3c2c04f3a85cefa2e76e3e1
SHA1 12fc3dbcc2bf7d96b50c29dd8de786a6f81d43bb
SHA256 52dc4e20c1838949a1d912b14d2433c221fcca651cca02d14455fd4cff647f97
SHA512 91119d4d4a7c2cfccd9696fe2ab07485062b286ba920d4d54db69a4a4a039bb4dbd4d81b59eab077add60b7b0c9f5c6d892ea97b2e8f555e20270f7cbdc24e62

memory/2444-22-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2420-8-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2860-1071-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2508-1072-0x000000013FA10000-0x000000013FD64000-memory.dmp

memory/2420-1073-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/2580-1074-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/3024-1075-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2164-1076-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2420-1077-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/1252-1078-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2420-1079-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2420-1080-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2444-1081-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2468-1083-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/3060-1082-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2600-1086-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2708-1085-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2724-1084-0x000000013FBD0000-0x000000013FF24000-memory.dmp

memory/2080-1087-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2860-1088-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2508-1089-0x000000013FA10000-0x000000013FD64000-memory.dmp

memory/2580-1090-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/3024-1091-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2164-1092-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1252-1093-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2808-1094-0x000000013FFD0000-0x0000000140324000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 15:43

Reported

2024-05-30 15:46

Platform

win10v2004-20240426-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ZGzTsTA.exe N/A
N/A N/A C:\Windows\System\mDVeMRW.exe N/A
N/A N/A C:\Windows\System\ECNYstt.exe N/A
N/A N/A C:\Windows\System\TtGtwmU.exe N/A
N/A N/A C:\Windows\System\MObmKuE.exe N/A
N/A N/A C:\Windows\System\EKMPqmR.exe N/A
N/A N/A C:\Windows\System\hPUXwOu.exe N/A
N/A N/A C:\Windows\System\hvvlMOw.exe N/A
N/A N/A C:\Windows\System\ACCgklb.exe N/A
N/A N/A C:\Windows\System\qdSHkqM.exe N/A
N/A N/A C:\Windows\System\sfKYlYA.exe N/A
N/A N/A C:\Windows\System\CigfYas.exe N/A
N/A N/A C:\Windows\System\QaiAAop.exe N/A
N/A N/A C:\Windows\System\gCKMarO.exe N/A
N/A N/A C:\Windows\System\yavvpQd.exe N/A
N/A N/A C:\Windows\System\gffAYmD.exe N/A
N/A N/A C:\Windows\System\bhEBgie.exe N/A
N/A N/A C:\Windows\System\OcuaWTC.exe N/A
N/A N/A C:\Windows\System\whCsnOu.exe N/A
N/A N/A C:\Windows\System\adRkozc.exe N/A
N/A N/A C:\Windows\System\OXZbctn.exe N/A
N/A N/A C:\Windows\System\sCOtGOX.exe N/A
N/A N/A C:\Windows\System\pctjULk.exe N/A
N/A N/A C:\Windows\System\YnABJFI.exe N/A
N/A N/A C:\Windows\System\recyhdk.exe N/A
N/A N/A C:\Windows\System\ielUGuS.exe N/A
N/A N/A C:\Windows\System\xHrrssI.exe N/A
N/A N/A C:\Windows\System\oIgZpsT.exe N/A
N/A N/A C:\Windows\System\GDEHcHz.exe N/A
N/A N/A C:\Windows\System\qDiBZjr.exe N/A
N/A N/A C:\Windows\System\TRcbZjB.exe N/A
N/A N/A C:\Windows\System\ofOlqwQ.exe N/A
N/A N/A C:\Windows\System\WZGrKUN.exe N/A
N/A N/A C:\Windows\System\YAYoBkr.exe N/A
N/A N/A C:\Windows\System\pWfJWlH.exe N/A
N/A N/A C:\Windows\System\IYVGIaU.exe N/A
N/A N/A C:\Windows\System\yjIAyuQ.exe N/A
N/A N/A C:\Windows\System\mSWroTR.exe N/A
N/A N/A C:\Windows\System\pSdnZvS.exe N/A
N/A N/A C:\Windows\System\EvoynDz.exe N/A
N/A N/A C:\Windows\System\BpIvPRW.exe N/A
N/A N/A C:\Windows\System\QpSXXCr.exe N/A
N/A N/A C:\Windows\System\BWSPZwD.exe N/A
N/A N/A C:\Windows\System\LdEVQae.exe N/A
N/A N/A C:\Windows\System\DJgdXMl.exe N/A
N/A N/A C:\Windows\System\gUWDqty.exe N/A
N/A N/A C:\Windows\System\dgrrhPS.exe N/A
N/A N/A C:\Windows\System\HHefPpK.exe N/A
N/A N/A C:\Windows\System\mGsIhYg.exe N/A
N/A N/A C:\Windows\System\yTaYFTQ.exe N/A
N/A N/A C:\Windows\System\ULJnocb.exe N/A
N/A N/A C:\Windows\System\nbOxHGt.exe N/A
N/A N/A C:\Windows\System\wdKYLRR.exe N/A
N/A N/A C:\Windows\System\IsECOsY.exe N/A
N/A N/A C:\Windows\System\CLMCKrR.exe N/A
N/A N/A C:\Windows\System\tYcZTrz.exe N/A
N/A N/A C:\Windows\System\WhHqHYu.exe N/A
N/A N/A C:\Windows\System\HetfZEw.exe N/A
N/A N/A C:\Windows\System\xinhfQV.exe N/A
N/A N/A C:\Windows\System\IsSZsjS.exe N/A
N/A N/A C:\Windows\System\YIaQpfe.exe N/A
N/A N/A C:\Windows\System\ePGcNgk.exe N/A
N/A N/A C:\Windows\System\AdKSzfS.exe N/A
N/A N/A C:\Windows\System\nMfHIcG.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\viiStGu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbcXkxf.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdEVQae.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhHqHYu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhqJanR.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLsWfcK.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TAkhSOg.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ActUoAG.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXiylUS.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSDIkQc.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QaiAAop.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HetfZEw.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdpXqQu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGxcGxu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRcbZjB.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfyjaNn.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzWMRRE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfyoZDv.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpSXXCr.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePGcNgk.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKxYTCb.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKXozEa.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VmYYBEp.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fElnQXi.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDAEezv.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LzVhALA.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTBgDMP.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJNUNRE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLMCKrR.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dburjDs.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WiuJiHa.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUuVeQh.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tawnBdk.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMBwgsE.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\COruGzn.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNHtJYm.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcuaWTC.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxxhdcX.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pLqSphx.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmEKYAU.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\riaVVtD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\avxGQFD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iceMHOP.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvDbYNw.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvSSLRs.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wnmwtXq.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjXLdnh.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSWroTR.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWZsZft.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KsFBSVp.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEgWyXA.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsECOsY.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdKSzfS.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IqiKOTL.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNOXVrO.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLtjlLR.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgPkQFy.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFmXpOu.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoyaiOD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaHVKuL.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xdUZQeN.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHczOub.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuMxVvD.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FiHNzzP.exe C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2956 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ZGzTsTA.exe
PID 2956 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ZGzTsTA.exe
PID 2956 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\mDVeMRW.exe
PID 2956 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\mDVeMRW.exe
PID 2956 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ECNYstt.exe
PID 2956 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ECNYstt.exe
PID 2956 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TtGtwmU.exe
PID 2956 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TtGtwmU.exe
PID 2956 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\EKMPqmR.exe
PID 2956 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\EKMPqmR.exe
PID 2956 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\MObmKuE.exe
PID 2956 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\MObmKuE.exe
PID 2956 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ACCgklb.exe
PID 2956 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ACCgklb.exe
PID 2956 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hPUXwOu.exe
PID 2956 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hPUXwOu.exe
PID 2956 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hvvlMOw.exe
PID 2956 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\hvvlMOw.exe
PID 2956 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qdSHkqM.exe
PID 2956 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qdSHkqM.exe
PID 2956 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sfKYlYA.exe
PID 2956 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sfKYlYA.exe
PID 2956 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\CigfYas.exe
PID 2956 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\CigfYas.exe
PID 2956 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\QaiAAop.exe
PID 2956 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\QaiAAop.exe
PID 2956 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gCKMarO.exe
PID 2956 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gCKMarO.exe
PID 2956 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\yavvpQd.exe
PID 2956 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\yavvpQd.exe
PID 2956 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gffAYmD.exe
PID 2956 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\gffAYmD.exe
PID 2956 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\bhEBgie.exe
PID 2956 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\bhEBgie.exe
PID 2956 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OcuaWTC.exe
PID 2956 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OcuaWTC.exe
PID 2956 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\whCsnOu.exe
PID 2956 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\whCsnOu.exe
PID 2956 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\adRkozc.exe
PID 2956 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\adRkozc.exe
PID 2956 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OXZbctn.exe
PID 2956 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\OXZbctn.exe
PID 2956 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sCOtGOX.exe
PID 2956 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\sCOtGOX.exe
PID 2956 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\pctjULk.exe
PID 2956 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\pctjULk.exe
PID 2956 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\YnABJFI.exe
PID 2956 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\YnABJFI.exe
PID 2956 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\recyhdk.exe
PID 2956 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\recyhdk.exe
PID 2956 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ielUGuS.exe
PID 2956 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ielUGuS.exe
PID 2956 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\xHrrssI.exe
PID 2956 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\xHrrssI.exe
PID 2956 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\oIgZpsT.exe
PID 2956 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\oIgZpsT.exe
PID 2956 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\GDEHcHz.exe
PID 2956 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\GDEHcHz.exe
PID 2956 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qDiBZjr.exe
PID 2956 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\qDiBZjr.exe
PID 2956 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TRcbZjB.exe
PID 2956 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\TRcbZjB.exe
PID 2956 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ofOlqwQ.exe
PID 2956 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe C:\Windows\System\ofOlqwQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6705d83cb90f0ee2919de17f13fcb0a0_NeikiAnalytics.exe"

C:\Windows\System\ZGzTsTA.exe

C:\Windows\System\ZGzTsTA.exe

C:\Windows\System\mDVeMRW.exe

C:\Windows\System\mDVeMRW.exe

C:\Windows\System\ECNYstt.exe

C:\Windows\System\ECNYstt.exe

C:\Windows\System\TtGtwmU.exe

C:\Windows\System\TtGtwmU.exe

C:\Windows\System\EKMPqmR.exe

C:\Windows\System\EKMPqmR.exe

C:\Windows\System\MObmKuE.exe

C:\Windows\System\MObmKuE.exe

C:\Windows\System\ACCgklb.exe

C:\Windows\System\ACCgklb.exe

C:\Windows\System\hPUXwOu.exe

C:\Windows\System\hPUXwOu.exe

C:\Windows\System\hvvlMOw.exe

C:\Windows\System\hvvlMOw.exe

C:\Windows\System\qdSHkqM.exe

C:\Windows\System\qdSHkqM.exe

C:\Windows\System\sfKYlYA.exe

C:\Windows\System\sfKYlYA.exe

C:\Windows\System\CigfYas.exe

C:\Windows\System\CigfYas.exe

C:\Windows\System\QaiAAop.exe

C:\Windows\System\QaiAAop.exe

C:\Windows\System\gCKMarO.exe

C:\Windows\System\gCKMarO.exe

C:\Windows\System\yavvpQd.exe

C:\Windows\System\yavvpQd.exe

C:\Windows\System\gffAYmD.exe

C:\Windows\System\gffAYmD.exe

C:\Windows\System\bhEBgie.exe

C:\Windows\System\bhEBgie.exe

C:\Windows\System\OcuaWTC.exe

C:\Windows\System\OcuaWTC.exe

C:\Windows\System\whCsnOu.exe

C:\Windows\System\whCsnOu.exe

C:\Windows\System\adRkozc.exe

C:\Windows\System\adRkozc.exe

C:\Windows\System\OXZbctn.exe

C:\Windows\System\OXZbctn.exe

C:\Windows\System\sCOtGOX.exe

C:\Windows\System\sCOtGOX.exe

C:\Windows\System\pctjULk.exe

C:\Windows\System\pctjULk.exe

C:\Windows\System\YnABJFI.exe

C:\Windows\System\YnABJFI.exe

C:\Windows\System\recyhdk.exe

C:\Windows\System\recyhdk.exe

C:\Windows\System\ielUGuS.exe

C:\Windows\System\ielUGuS.exe

C:\Windows\System\xHrrssI.exe

C:\Windows\System\xHrrssI.exe

C:\Windows\System\oIgZpsT.exe

C:\Windows\System\oIgZpsT.exe

C:\Windows\System\GDEHcHz.exe

C:\Windows\System\GDEHcHz.exe

C:\Windows\System\qDiBZjr.exe

C:\Windows\System\qDiBZjr.exe

C:\Windows\System\TRcbZjB.exe

C:\Windows\System\TRcbZjB.exe

C:\Windows\system32\BackgroundTaskHost.exe

"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

C:\Windows\System\ofOlqwQ.exe

C:\Windows\System\ofOlqwQ.exe

C:\Windows\System\WZGrKUN.exe

C:\Windows\System\WZGrKUN.exe

C:\Windows\System\YAYoBkr.exe

C:\Windows\System\YAYoBkr.exe

C:\Windows\System\pWfJWlH.exe

C:\Windows\System\pWfJWlH.exe

C:\Windows\System\IYVGIaU.exe

C:\Windows\System\IYVGIaU.exe

C:\Windows\System\yjIAyuQ.exe

C:\Windows\System\yjIAyuQ.exe

C:\Windows\System\mSWroTR.exe

C:\Windows\System\mSWroTR.exe

C:\Windows\System\pSdnZvS.exe

C:\Windows\System\pSdnZvS.exe

C:\Windows\System\EvoynDz.exe

C:\Windows\System\EvoynDz.exe

C:\Windows\System\BpIvPRW.exe

C:\Windows\System\BpIvPRW.exe

C:\Windows\System\QpSXXCr.exe

C:\Windows\System\QpSXXCr.exe

C:\Windows\System\BWSPZwD.exe

C:\Windows\System\BWSPZwD.exe

C:\Windows\System\LdEVQae.exe

C:\Windows\System\LdEVQae.exe

C:\Windows\System\DJgdXMl.exe

C:\Windows\System\DJgdXMl.exe

C:\Windows\System\gUWDqty.exe

C:\Windows\System\gUWDqty.exe

C:\Windows\System\dgrrhPS.exe

C:\Windows\System\dgrrhPS.exe

C:\Windows\System\HHefPpK.exe

C:\Windows\System\HHefPpK.exe

C:\Windows\System\mGsIhYg.exe

C:\Windows\System\mGsIhYg.exe

C:\Windows\System\yTaYFTQ.exe

C:\Windows\System\yTaYFTQ.exe

C:\Windows\System\ULJnocb.exe

C:\Windows\System\ULJnocb.exe

C:\Windows\System\nbOxHGt.exe

C:\Windows\System\nbOxHGt.exe

C:\Windows\System\wdKYLRR.exe

C:\Windows\System\wdKYLRR.exe

C:\Windows\System\IsECOsY.exe

C:\Windows\System\IsECOsY.exe

C:\Windows\System\CLMCKrR.exe

C:\Windows\System\CLMCKrR.exe

C:\Windows\System\tYcZTrz.exe

C:\Windows\System\tYcZTrz.exe

C:\Windows\System\WhHqHYu.exe

C:\Windows\System\WhHqHYu.exe

C:\Windows\System\HetfZEw.exe

C:\Windows\System\HetfZEw.exe

C:\Windows\System\xinhfQV.exe

C:\Windows\System\xinhfQV.exe

C:\Windows\System\IsSZsjS.exe

C:\Windows\System\IsSZsjS.exe

C:\Windows\System\YIaQpfe.exe

C:\Windows\System\YIaQpfe.exe

C:\Windows\System\ePGcNgk.exe

C:\Windows\System\ePGcNgk.exe

C:\Windows\System\AdKSzfS.exe

C:\Windows\System\AdKSzfS.exe

C:\Windows\System\nMfHIcG.exe

C:\Windows\System\nMfHIcG.exe

C:\Windows\System\HtUqGUf.exe

C:\Windows\System\HtUqGUf.exe

C:\Windows\System\DtxbsCw.exe

C:\Windows\System\DtxbsCw.exe

C:\Windows\System\jtKBmTu.exe

C:\Windows\System\jtKBmTu.exe

C:\Windows\System\DdEOJSV.exe

C:\Windows\System\DdEOJSV.exe

C:\Windows\System\JzXZfAv.exe

C:\Windows\System\JzXZfAv.exe

C:\Windows\System\dburjDs.exe

C:\Windows\System\dburjDs.exe

C:\Windows\System\ZLzpzIR.exe

C:\Windows\System\ZLzpzIR.exe

C:\Windows\System\CIICnNX.exe

C:\Windows\System\CIICnNX.exe

C:\Windows\System\kBbCRFG.exe

C:\Windows\System\kBbCRFG.exe

C:\Windows\System\tZMzxtV.exe

C:\Windows\System\tZMzxtV.exe

C:\Windows\System\iceMHOP.exe

C:\Windows\System\iceMHOP.exe

C:\Windows\System\tonyVcE.exe

C:\Windows\System\tonyVcE.exe

C:\Windows\System\QYyojuy.exe

C:\Windows\System\QYyojuy.exe

C:\Windows\System\iUnuQRv.exe

C:\Windows\System\iUnuQRv.exe

C:\Windows\System\LJGwonW.exe

C:\Windows\System\LJGwonW.exe

C:\Windows\System\mQEktwf.exe

C:\Windows\System\mQEktwf.exe

C:\Windows\System\TOmVdow.exe

C:\Windows\System\TOmVdow.exe

C:\Windows\System\ZTAGUEu.exe

C:\Windows\System\ZTAGUEu.exe

C:\Windows\System\jfyjaNn.exe

C:\Windows\System\jfyjaNn.exe

C:\Windows\System\mtGQxKh.exe

C:\Windows\System\mtGQxKh.exe

C:\Windows\System\pswvaJt.exe

C:\Windows\System\pswvaJt.exe

C:\Windows\System\zJnvSjI.exe

C:\Windows\System\zJnvSjI.exe

C:\Windows\System\hhgKHcU.exe

C:\Windows\System\hhgKHcU.exe

C:\Windows\System\LBJrLvH.exe

C:\Windows\System\LBJrLvH.exe

C:\Windows\System\BzWMRRE.exe

C:\Windows\System\BzWMRRE.exe

C:\Windows\System\ActUoAG.exe

C:\Windows\System\ActUoAG.exe

C:\Windows\System\bhVXSPd.exe

C:\Windows\System\bhVXSPd.exe

C:\Windows\System\CWtlxwW.exe

C:\Windows\System\CWtlxwW.exe

C:\Windows\System\IqiKOTL.exe

C:\Windows\System\IqiKOTL.exe

C:\Windows\System\fhqJanR.exe

C:\Windows\System\fhqJanR.exe

C:\Windows\System\FiHNzzP.exe

C:\Windows\System\FiHNzzP.exe

C:\Windows\System\rgsncUx.exe

C:\Windows\System\rgsncUx.exe

C:\Windows\System\NvXxPAS.exe

C:\Windows\System\NvXxPAS.exe

C:\Windows\System\LuxsYeT.exe

C:\Windows\System\LuxsYeT.exe

C:\Windows\System\fElnQXi.exe

C:\Windows\System\fElnQXi.exe

C:\Windows\System\OHbSgWK.exe

C:\Windows\System\OHbSgWK.exe

C:\Windows\System\kWZsZft.exe

C:\Windows\System\kWZsZft.exe

C:\Windows\System\lpmwfPG.exe

C:\Windows\System\lpmwfPG.exe

C:\Windows\System\CxxhdcX.exe

C:\Windows\System\CxxhdcX.exe

C:\Windows\System\LoyaiOD.exe

C:\Windows\System\LoyaiOD.exe

C:\Windows\System\lkbxJeT.exe

C:\Windows\System\lkbxJeT.exe

C:\Windows\System\zeHlXPx.exe

C:\Windows\System\zeHlXPx.exe

C:\Windows\System\sFaSpCi.exe

C:\Windows\System\sFaSpCi.exe

C:\Windows\System\KsFBSVp.exe

C:\Windows\System\KsFBSVp.exe

C:\Windows\System\KaaliGV.exe

C:\Windows\System\KaaliGV.exe

C:\Windows\System\pLqSphx.exe

C:\Windows\System\pLqSphx.exe

C:\Windows\System\fhKDPCg.exe

C:\Windows\System\fhKDPCg.exe

C:\Windows\System\yaHVKuL.exe

C:\Windows\System\yaHVKuL.exe

C:\Windows\System\beSvUBi.exe

C:\Windows\System\beSvUBi.exe

C:\Windows\System\IZoUjYe.exe

C:\Windows\System\IZoUjYe.exe

C:\Windows\System\qpDeDnm.exe

C:\Windows\System\qpDeDnm.exe

C:\Windows\System\QSMMDYn.exe

C:\Windows\System\QSMMDYn.exe

C:\Windows\System\QYYKkUc.exe

C:\Windows\System\QYYKkUc.exe

C:\Windows\System\dWQfclj.exe

C:\Windows\System\dWQfclj.exe

C:\Windows\System\GBNimFs.exe

C:\Windows\System\GBNimFs.exe

C:\Windows\System\TmPsMhh.exe

C:\Windows\System\TmPsMhh.exe

C:\Windows\System\sPIZXyd.exe

C:\Windows\System\sPIZXyd.exe

C:\Windows\System\xdUZQeN.exe

C:\Windows\System\xdUZQeN.exe

C:\Windows\System\zKxYTCb.exe

C:\Windows\System\zKxYTCb.exe

C:\Windows\System\KexmBYE.exe

C:\Windows\System\KexmBYE.exe

C:\Windows\System\sqBjnoM.exe

C:\Windows\System\sqBjnoM.exe

C:\Windows\System\rucVgVC.exe

C:\Windows\System\rucVgVC.exe

C:\Windows\System\MUNvQWx.exe

C:\Windows\System\MUNvQWx.exe

C:\Windows\System\jbcQdGk.exe

C:\Windows\System\jbcQdGk.exe

C:\Windows\System\gdpXqQu.exe

C:\Windows\System\gdpXqQu.exe

C:\Windows\System\NKXozEa.exe

C:\Windows\System\NKXozEa.exe

C:\Windows\System\wDdbgio.exe

C:\Windows\System\wDdbgio.exe

C:\Windows\System\WyCeYJg.exe

C:\Windows\System\WyCeYJg.exe

C:\Windows\System\kocXQHd.exe

C:\Windows\System\kocXQHd.exe

C:\Windows\System\eNOXVrO.exe

C:\Windows\System\eNOXVrO.exe

C:\Windows\System\SmFwkuM.exe

C:\Windows\System\SmFwkuM.exe

C:\Windows\System\YBeyFdN.exe

C:\Windows\System\YBeyFdN.exe

C:\Windows\System\HNMZvvm.exe

C:\Windows\System\HNMZvvm.exe

C:\Windows\System\ZEXnTZj.exe

C:\Windows\System\ZEXnTZj.exe

C:\Windows\System\uYtIkyS.exe

C:\Windows\System\uYtIkyS.exe

C:\Windows\System\TMeDzBi.exe

C:\Windows\System\TMeDzBi.exe

C:\Windows\System\hhdrPkx.exe

C:\Windows\System\hhdrPkx.exe

C:\Windows\System\rsVrYCt.exe

C:\Windows\System\rsVrYCt.exe

C:\Windows\System\vZRnNyd.exe

C:\Windows\System\vZRnNyd.exe

C:\Windows\System\phjVNLs.exe

C:\Windows\System\phjVNLs.exe

C:\Windows\System\WVgarNE.exe

C:\Windows\System\WVgarNE.exe

C:\Windows\System\eFEmyVC.exe

C:\Windows\System\eFEmyVC.exe

C:\Windows\System\hAGVcSZ.exe

C:\Windows\System\hAGVcSZ.exe

C:\Windows\System\xmEKYAU.exe

C:\Windows\System\xmEKYAU.exe

C:\Windows\System\lEVjZao.exe

C:\Windows\System\lEVjZao.exe

C:\Windows\System\BNsPfgA.exe

C:\Windows\System\BNsPfgA.exe

C:\Windows\System\VLsWfcK.exe

C:\Windows\System\VLsWfcK.exe

C:\Windows\System\sXyOQuf.exe

C:\Windows\System\sXyOQuf.exe

C:\Windows\System\rGxcGxu.exe

C:\Windows\System\rGxcGxu.exe

C:\Windows\System\ntjgNZs.exe

C:\Windows\System\ntjgNZs.exe

C:\Windows\System\WzzTDXr.exe

C:\Windows\System\WzzTDXr.exe

C:\Windows\System\Ipykrin.exe

C:\Windows\System\Ipykrin.exe

C:\Windows\System\UErsUhs.exe

C:\Windows\System\UErsUhs.exe

C:\Windows\System\TACThxj.exe

C:\Windows\System\TACThxj.exe

C:\Windows\System\TAkhSOg.exe

C:\Windows\System\TAkhSOg.exe

C:\Windows\System\QBcpOVr.exe

C:\Windows\System\QBcpOVr.exe

C:\Windows\System\AuItCcK.exe

C:\Windows\System\AuItCcK.exe

C:\Windows\System\QGxdTVb.exe

C:\Windows\System\QGxdTVb.exe

C:\Windows\System\WiuJiHa.exe

C:\Windows\System\WiuJiHa.exe

C:\Windows\System\riaVVtD.exe

C:\Windows\System\riaVVtD.exe

C:\Windows\System\MMBwgsE.exe

C:\Windows\System\MMBwgsE.exe

C:\Windows\System\viiStGu.exe

C:\Windows\System\viiStGu.exe

C:\Windows\System\OEJSnXe.exe

C:\Windows\System\OEJSnXe.exe

C:\Windows\System\oBdyILP.exe

C:\Windows\System\oBdyILP.exe

C:\Windows\System\wMeJUBq.exe

C:\Windows\System\wMeJUBq.exe

C:\Windows\System\QnegaWo.exe

C:\Windows\System\QnegaWo.exe

C:\Windows\System\VmYYBEp.exe

C:\Windows\System\VmYYBEp.exe

C:\Windows\System\ZAfstgv.exe

C:\Windows\System\ZAfstgv.exe

C:\Windows\System\WbCMxRS.exe

C:\Windows\System\WbCMxRS.exe

C:\Windows\System\OfyoZDv.exe

C:\Windows\System\OfyoZDv.exe

C:\Windows\System\lUuVeQh.exe

C:\Windows\System\lUuVeQh.exe

C:\Windows\System\HEWrULU.exe

C:\Windows\System\HEWrULU.exe

C:\Windows\System\QHczOub.exe

C:\Windows\System\QHczOub.exe

C:\Windows\System\PLFsRjl.exe

C:\Windows\System\PLFsRjl.exe

C:\Windows\System\CxnNqkm.exe

C:\Windows\System\CxnNqkm.exe

C:\Windows\System\BuOdlCv.exe

C:\Windows\System\BuOdlCv.exe

C:\Windows\System\EiJMgXb.exe

C:\Windows\System\EiJMgXb.exe

C:\Windows\System\lkOKUFk.exe

C:\Windows\System\lkOKUFk.exe

C:\Windows\System\ZHbETzy.exe

C:\Windows\System\ZHbETzy.exe

C:\Windows\System\GsZamxP.exe

C:\Windows\System\GsZamxP.exe

C:\Windows\System\OGRCGcb.exe

C:\Windows\System\OGRCGcb.exe

C:\Windows\System\KAWjfoO.exe

C:\Windows\System\KAWjfoO.exe

C:\Windows\System\gNmyqgl.exe

C:\Windows\System\gNmyqgl.exe

C:\Windows\System\TBVGzZc.exe

C:\Windows\System\TBVGzZc.exe

C:\Windows\System\joPqNrb.exe

C:\Windows\System\joPqNrb.exe

C:\Windows\System\PFjsHlb.exe

C:\Windows\System\PFjsHlb.exe

C:\Windows\System\ctCmCNo.exe

C:\Windows\System\ctCmCNo.exe

C:\Windows\System\RZYsleT.exe

C:\Windows\System\RZYsleT.exe

C:\Windows\System\BHrKkjj.exe

C:\Windows\System\BHrKkjj.exe

C:\Windows\System\pikJlAt.exe

C:\Windows\System\pikJlAt.exe

C:\Windows\System\qZPIaaK.exe

C:\Windows\System\qZPIaaK.exe

C:\Windows\System\lcuXAMe.exe

C:\Windows\System\lcuXAMe.exe

C:\Windows\System\QQjVEzn.exe

C:\Windows\System\QQjVEzn.exe

C:\Windows\System\KYXlGaK.exe

C:\Windows\System\KYXlGaK.exe

C:\Windows\System\COruGzn.exe

C:\Windows\System\COruGzn.exe

C:\Windows\System\MBrJjez.exe

C:\Windows\System\MBrJjez.exe

C:\Windows\System\mBFGXMI.exe

C:\Windows\System\mBFGXMI.exe

C:\Windows\System\qjaPfCi.exe

C:\Windows\System\qjaPfCi.exe

C:\Windows\System\cziBuDJ.exe

C:\Windows\System\cziBuDJ.exe

C:\Windows\System\qUWOzZI.exe

C:\Windows\System\qUWOzZI.exe

C:\Windows\System\YNXDGQc.exe

C:\Windows\System\YNXDGQc.exe

C:\Windows\System\wxsqlKP.exe

C:\Windows\System\wxsqlKP.exe

C:\Windows\System\bapJHvT.exe

C:\Windows\System\bapJHvT.exe

C:\Windows\System\XYWJxPa.exe

C:\Windows\System\XYWJxPa.exe

C:\Windows\System\lZTRkdq.exe

C:\Windows\System\lZTRkdq.exe

C:\Windows\System\YOuuDcv.exe

C:\Windows\System\YOuuDcv.exe

C:\Windows\System\PQQsTHT.exe

C:\Windows\System\PQQsTHT.exe

C:\Windows\System\wUGSFVK.exe

C:\Windows\System\wUGSFVK.exe

C:\Windows\System\awZLnMM.exe

C:\Windows\System\awZLnMM.exe

C:\Windows\System\vXiylUS.exe

C:\Windows\System\vXiylUS.exe

C:\Windows\System\YuMxVvD.exe

C:\Windows\System\YuMxVvD.exe

C:\Windows\System\CcxtlSs.exe

C:\Windows\System\CcxtlSs.exe

C:\Windows\System\tawnBdk.exe

C:\Windows\System\tawnBdk.exe

C:\Windows\System\ItMIOmx.exe

C:\Windows\System\ItMIOmx.exe

C:\Windows\System\IgPkQFy.exe

C:\Windows\System\IgPkQFy.exe

C:\Windows\System\JchFCEL.exe

C:\Windows\System\JchFCEL.exe

C:\Windows\System\xpajmMt.exe

C:\Windows\System\xpajmMt.exe

C:\Windows\System\ywzcOPT.exe

C:\Windows\System\ywzcOPT.exe

C:\Windows\System\FnlbDcc.exe

C:\Windows\System\FnlbDcc.exe

C:\Windows\System\fInEYEe.exe

C:\Windows\System\fInEYEe.exe

C:\Windows\System\DKKKXPc.exe

C:\Windows\System\DKKKXPc.exe

C:\Windows\System\XuHaFZB.exe

C:\Windows\System\XuHaFZB.exe

C:\Windows\System\TTyufXT.exe

C:\Windows\System\TTyufXT.exe

C:\Windows\System\AbqZJvv.exe

C:\Windows\System\AbqZJvv.exe

C:\Windows\System\VygUmOz.exe

C:\Windows\System\VygUmOz.exe

C:\Windows\System\pvDbYNw.exe

C:\Windows\System\pvDbYNw.exe

C:\Windows\System\CdBQKug.exe

C:\Windows\System\CdBQKug.exe

C:\Windows\System\zUUROhv.exe

C:\Windows\System\zUUROhv.exe

C:\Windows\System\ahhHIMY.exe

C:\Windows\System\ahhHIMY.exe

C:\Windows\System\DLImkJj.exe

C:\Windows\System\DLImkJj.exe

C:\Windows\System\AfdWAkd.exe

C:\Windows\System\AfdWAkd.exe

C:\Windows\System\rJNUNRE.exe

C:\Windows\System\rJNUNRE.exe

C:\Windows\System\PDtAgqD.exe

C:\Windows\System\PDtAgqD.exe

C:\Windows\System\vBEsbJg.exe

C:\Windows\System\vBEsbJg.exe

C:\Windows\System\bvSSLRs.exe

C:\Windows\System\bvSSLRs.exe

C:\Windows\System\VhPSNia.exe

C:\Windows\System\VhPSNia.exe

C:\Windows\System\dOcVBVL.exe

C:\Windows\System\dOcVBVL.exe

C:\Windows\System\cLJgyuM.exe

C:\Windows\System\cLJgyuM.exe

C:\Windows\System\clDnwez.exe

C:\Windows\System\clDnwez.exe

C:\Windows\System\mKRtcDr.exe

C:\Windows\System\mKRtcDr.exe

C:\Windows\System\DPkuEsX.exe

C:\Windows\System\DPkuEsX.exe

C:\Windows\System\BsUfuUM.exe

C:\Windows\System\BsUfuUM.exe

C:\Windows\System\wnmwtXq.exe

C:\Windows\System\wnmwtXq.exe

C:\Windows\System\rEJBKuy.exe

C:\Windows\System\rEJBKuy.exe

C:\Windows\System\IWKyCAg.exe

C:\Windows\System\IWKyCAg.exe

C:\Windows\System\UpSGNsd.exe

C:\Windows\System\UpSGNsd.exe

C:\Windows\System\efdcZEM.exe

C:\Windows\System\efdcZEM.exe

C:\Windows\System\QyKYPcD.exe

C:\Windows\System\QyKYPcD.exe

C:\Windows\System\XdHNfmy.exe

C:\Windows\System\XdHNfmy.exe

C:\Windows\System\mKeyNAK.exe

C:\Windows\System\mKeyNAK.exe

C:\Windows\System\bjXLdnh.exe

C:\Windows\System\bjXLdnh.exe

C:\Windows\System\FCmxQXK.exe

C:\Windows\System\FCmxQXK.exe

C:\Windows\System\iqCLDui.exe

C:\Windows\System\iqCLDui.exe

C:\Windows\System\CqHmocB.exe

C:\Windows\System\CqHmocB.exe

C:\Windows\System\OBAGzLB.exe

C:\Windows\System\OBAGzLB.exe

C:\Windows\System\MnSTehH.exe

C:\Windows\System\MnSTehH.exe

C:\Windows\System\aqdgMYv.exe

C:\Windows\System\aqdgMYv.exe

C:\Windows\System\mIotvMG.exe

C:\Windows\System\mIotvMG.exe

C:\Windows\System\SHmJOIM.exe

C:\Windows\System\SHmJOIM.exe

C:\Windows\System\RNHtJYm.exe

C:\Windows\System\RNHtJYm.exe

C:\Windows\System\IjLVIhx.exe

C:\Windows\System\IjLVIhx.exe

C:\Windows\System\eUzUAAa.exe

C:\Windows\System\eUzUAAa.exe

C:\Windows\System\MhOdWJp.exe

C:\Windows\System\MhOdWJp.exe

C:\Windows\System\QSDIkQc.exe

C:\Windows\System\QSDIkQc.exe

C:\Windows\System\chzXgRz.exe

C:\Windows\System\chzXgRz.exe

C:\Windows\System\kbcXkxf.exe

C:\Windows\System\kbcXkxf.exe

C:\Windows\System\Kghknwo.exe

C:\Windows\System\Kghknwo.exe

C:\Windows\System\BPzGMIo.exe

C:\Windows\System\BPzGMIo.exe

C:\Windows\System\YanXdAT.exe

C:\Windows\System\YanXdAT.exe

C:\Windows\System\kynuxAd.exe

C:\Windows\System\kynuxAd.exe

C:\Windows\System\sfEfRiO.exe

C:\Windows\System\sfEfRiO.exe

C:\Windows\System\HwRNjWS.exe

C:\Windows\System\HwRNjWS.exe

C:\Windows\System\iDMopHB.exe

C:\Windows\System\iDMopHB.exe

C:\Windows\System\BhkGWmT.exe

C:\Windows\System\BhkGWmT.exe

C:\Windows\System\avxGQFD.exe

C:\Windows\System\avxGQFD.exe

C:\Windows\System\eMWIyAF.exe

C:\Windows\System\eMWIyAF.exe

C:\Windows\System\WDAEezv.exe

C:\Windows\System\WDAEezv.exe

C:\Windows\System\DMQweoY.exe

C:\Windows\System\DMQweoY.exe

C:\Windows\System\LENoZDF.exe

C:\Windows\System\LENoZDF.exe

C:\Windows\System\ClMjnJW.exe

C:\Windows\System\ClMjnJW.exe

C:\Windows\System\YGsuQBr.exe

C:\Windows\System\YGsuQBr.exe

C:\Windows\System\GRBqQMl.exe

C:\Windows\System\GRBqQMl.exe

C:\Windows\System\vwSHdVK.exe

C:\Windows\System\vwSHdVK.exe

C:\Windows\System\jLtjlLR.exe

C:\Windows\System\jLtjlLR.exe

C:\Windows\System\ZvVTpsZ.exe

C:\Windows\System\ZvVTpsZ.exe

C:\Windows\System\jdMEsuS.exe

C:\Windows\System\jdMEsuS.exe

C:\Windows\System\CHgAMJg.exe

C:\Windows\System\CHgAMJg.exe

C:\Windows\System\lYuQhYZ.exe

C:\Windows\System\lYuQhYZ.exe

C:\Windows\System\raSMLye.exe

C:\Windows\System\raSMLye.exe

C:\Windows\System\zuJiAKt.exe

C:\Windows\System\zuJiAKt.exe

C:\Windows\System\uerdvsY.exe

C:\Windows\System\uerdvsY.exe

C:\Windows\System\LzVhALA.exe

C:\Windows\System\LzVhALA.exe

C:\Windows\System\IztfSmk.exe

C:\Windows\System\IztfSmk.exe

C:\Windows\System\DmYkDCC.exe

C:\Windows\System\DmYkDCC.exe

C:\Windows\System\kPEZCYl.exe

C:\Windows\System\kPEZCYl.exe

C:\Windows\System\FToOYOz.exe

C:\Windows\System\FToOYOz.exe

C:\Windows\System\aeycWTZ.exe

C:\Windows\System\aeycWTZ.exe

C:\Windows\System\Trtqjxv.exe

C:\Windows\System\Trtqjxv.exe

C:\Windows\System\sgWEeZC.exe

C:\Windows\System\sgWEeZC.exe

C:\Windows\System\gmIxjFN.exe

C:\Windows\System\gmIxjFN.exe

C:\Windows\System\VNUaxAC.exe

C:\Windows\System\VNUaxAC.exe

C:\Windows\System\zHUMXPw.exe

C:\Windows\System\zHUMXPw.exe

C:\Windows\System\zIcqGJY.exe

C:\Windows\System\zIcqGJY.exe

C:\Windows\System\DEgWyXA.exe

C:\Windows\System\DEgWyXA.exe

C:\Windows\System\HniQESE.exe

C:\Windows\System\HniQESE.exe

C:\Windows\System\MFmXpOu.exe

C:\Windows\System\MFmXpOu.exe

C:\Windows\System\vYqumji.exe

C:\Windows\System\vYqumji.exe

C:\Windows\System\mEYETMl.exe

C:\Windows\System\mEYETMl.exe

C:\Windows\System\hTBgDMP.exe

C:\Windows\System\hTBgDMP.exe

C:\Windows\System\HWpswRX.exe

C:\Windows\System\HWpswRX.exe

C:\Windows\System\ClbvYNk.exe

C:\Windows\System\ClbvYNk.exe

C:\Windows\System\hnTIdjx.exe

C:\Windows\System\hnTIdjx.exe

C:\Windows\System\soLMwfq.exe

C:\Windows\System\soLMwfq.exe

C:\Windows\System\poqFsnw.exe

C:\Windows\System\poqFsnw.exe

C:\Windows\System\HyRWOYQ.exe

C:\Windows\System\HyRWOYQ.exe

C:\Windows\System\OureLZx.exe

C:\Windows\System\OureLZx.exe

C:\Windows\System\StNGYHR.exe

C:\Windows\System\StNGYHR.exe

C:\Windows\System\ZsVDluR.exe

C:\Windows\System\ZsVDluR.exe

C:\Windows\System\IRIEfBY.exe

C:\Windows\System\IRIEfBY.exe

C:\Windows\System\yLSlCWn.exe

C:\Windows\System\yLSlCWn.exe

C:\Windows\System\lgGGTGD.exe

C:\Windows\System\lgGGTGD.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2956-1-0x000001ABB8D30000-0x000001ABB8D40000-memory.dmp

memory/2956-0-0x00007FF6D4610000-0x00007FF6D4964000-memory.dmp

C:\Windows\System\ECNYstt.exe

MD5 706fabb399266058893390721da60168
SHA1 a40f141ad6a5ad11b9f2276bc66d0b2f839defec
SHA256 b4977b6da98404997f8bda798174a5b45e214522ea7f437fc96816103059fa67
SHA512 50180f4ddf475fc05b6f3aff2c6d3dccbaa9caa8cc7eafb94d8eb31bd40eaa7fa4a51703ed5f14423fe101f37c92ac1c4e3c0c66eb3e8fa581c686bceb9da7e4

C:\Windows\System\TtGtwmU.exe

MD5 9887e5f8b3c2c04f3a85cefa2e76e3e1
SHA1 12fc3dbcc2bf7d96b50c29dd8de786a6f81d43bb
SHA256 52dc4e20c1838949a1d912b14d2433c221fcca651cca02d14455fd4cff647f97
SHA512 91119d4d4a7c2cfccd9696fe2ab07485062b286ba920d4d54db69a4a4a039bb4dbd4d81b59eab077add60b7b0c9f5c6d892ea97b2e8f555e20270f7cbdc24e62

memory/1360-25-0x00007FF62A760000-0x00007FF62AAB4000-memory.dmp

C:\Windows\System\EKMPqmR.exe

MD5 49205207e0a5b3a8b616c18c64d91fb5
SHA1 aea2d32c2de879d54583e58f2878a77a9a6e63c8
SHA256 327e0fce5145507d49fe761e41b39aec69209718ca660914420c146e98afc039
SHA512 2291400018e6fd032c5364d5c07db70a01e3ba8d640ae49233791a3229e7b614fc3067b9fc420d655cf31bf3cc492696bc3456ff5b531b5b76c5a0e0f53842c3

C:\Windows\System\MObmKuE.exe

MD5 ed789a0f6d959fb820879251b4febf52
SHA1 340a130be55b0e5d236695769aa2f1664b89a9a4
SHA256 da120704b4968597235c7141c3278ad378cce665ec3b13da1792678d4b015bfb
SHA512 9a54467531eae6e6df20d21b90dda132a32df537837e83a2977f0d7ba1b06fc8dddf347f40417d42a174e439920df24569e9e0281769657d27562166860376b9

C:\Windows\System\CigfYas.exe

MD5 6b2532a2c7e337642f657295269ca738
SHA1 2c03d451c6edb4a9b73b6957cb7f9aa1cf7d8e8a
SHA256 cf9ece31cdd4bd73731ce6464bbc5a768f27c232bcab9615d151fa1746ff630b
SHA512 07e50e42dbbb9b52469682dbd44d437bc4ec7c917501121f31520307b1a02c76b0f9e0aaa5e7b9da3c013df41e56cfaeb31f0d20dfc3c71f4a3cd665dc9ad901

C:\Windows\System\gCKMarO.exe

MD5 d77a7275d013905ff404bcb6ee8b91ec
SHA1 53269fd61ede57511e79b9f7fd44cb5048b2f8b9
SHA256 2495ded8cdbd6494408d95dbc004f859cb1e25b2acf1c4fb0d7e8bf68ad0e57f
SHA512 612af01ad51df80733fc9bcb08e1e6e7f7aa01ee2bb094f77f8f8f4af2a29fceee2bcb98889cd9a045bd0436541771c9f4338eb5809c103b5ae34f75d2e691d1

C:\Windows\System\sfKYlYA.exe

MD5 e2109828ec2977646cf8ea7ddc3b7a99
SHA1 361af63083d8525089fd5174f0f9e18f4a983be4
SHA256 98bd9a9517becce7bcec4b07a5b2cd846481e2c3a241895dfb01bb0baa0a6e98
SHA512 39265573f6afe43e0547fb2b12b7a6cd8b737b7b8bef3d05013ac6e150d3b2fb19f88032c2c4cb1229da5a4951f16e7d2b525e8c7a03a66ad3f4f81c05645fd1

C:\Windows\System\adRkozc.exe

MD5 fd8eeeec95477f62137ad63ca94d1300
SHA1 5c312391dae6d856fef3c277f7b89348df4eb873
SHA256 f2c9f1dc44ba9669b2aac1551442534611bf53f2b2f6560b3f9868415640ef4e
SHA512 e5e1fa74543f7730495376d8df7d9cadd8af7e4de1255c73f5751173c3b782770cd5c4904980af63dea906d38fb237e1afd21174eae58fcde70ac81090bde142

memory/2228-133-0x00007FF72C240000-0x00007FF72C594000-memory.dmp

memory/2092-145-0x00007FF605BE0000-0x00007FF605F34000-memory.dmp

memory/5024-162-0x00007FF6BEE40000-0x00007FF6BF194000-memory.dmp

memory/3920-167-0x00007FF76EDA0000-0x00007FF76F0F4000-memory.dmp

memory/3060-172-0x00007FF704A70000-0x00007FF704DC4000-memory.dmp

memory/3928-175-0x00007FF674A90000-0x00007FF674DE4000-memory.dmp

memory/3772-174-0x00007FF7C9080000-0x00007FF7C93D4000-memory.dmp

memory/2028-173-0x00007FF6EE2D0000-0x00007FF6EE624000-memory.dmp

memory/1084-171-0x00007FF643920000-0x00007FF643C74000-memory.dmp

memory/2240-170-0x00007FF7A21E0000-0x00007FF7A2534000-memory.dmp

memory/4476-169-0x00007FF6F9890000-0x00007FF6F9BE4000-memory.dmp

memory/2368-168-0x00007FF73A270000-0x00007FF73A5C4000-memory.dmp

memory/3236-166-0x00007FF7A0800000-0x00007FF7A0B54000-memory.dmp

memory/4880-165-0x00007FF7DBE10000-0x00007FF7DC164000-memory.dmp

memory/2796-164-0x00007FF672F00000-0x00007FF673254000-memory.dmp

memory/1848-163-0x00007FF642620000-0x00007FF642974000-memory.dmp

memory/2248-161-0x00007FF7C8AC0000-0x00007FF7C8E14000-memory.dmp

C:\Windows\System\GDEHcHz.exe

MD5 d6bb1e3d9ccc7d173da6e940b055fe8c
SHA1 ef7054de347c7b259e04cee489fa1d35d689cdcc
SHA256 8dbb6b411394599f309dc57c753c210ebc491a0feea1c487ed1dd036801fcc4c
SHA512 e5a3e18c3c889f638e2c59d1a1f7a3414d1ca62b456e34a224b8d15fe23d8de4c933d67961a5cbf01d4dfd3f00cee7895d2b02fee79c98b011860e16c387795d

C:\Windows\System\oIgZpsT.exe

MD5 694a374d68735b3a6cb4e74946cbc373
SHA1 c1bb6a2636ff892b78b9b760013b6bd7d9d20af0
SHA256 4483e3152f913f7f2dea26d1d157b7c268fb6023897cfb9a0e01c3fdee807d24
SHA512 8ce5fefe124df7e8421568d00b3a3aabe6def80608281e54b7ba55474f2225395bb698ea246254d2bcaef71876d55b6808f94caa9b0aa7e117e7d8df43c6b27b

C:\Windows\System\xHrrssI.exe

MD5 e989178a149186515c723f16f791ec8c
SHA1 6da0689113602b410054114f3e3639a2f5d41562
SHA256 6795cf2520190ef377abeb9dfdf4547a13c9d5dc1a5a805c9dcbcbbb0edb79e9
SHA512 37fb5f531133b7c0c8e7277f2f61d5d131da4e67124195c3d689331b40f91d1ebc8f627b1d8b3a77bc22b8fa01e49c206f822b67a9f41ed8e7578e0284563ff7

C:\Windows\System\ielUGuS.exe

MD5 da5d3df76fc4719ee2817c1b33719605
SHA1 9265dd589af3682daf171d590ea8d52a5c1753e7
SHA256 e0c1776b0e9ba4cdade491e382b1bb2cb6ebbdd3bb1a1eb2b1a98184c48f5d8d
SHA512 46d7400f79a4029fd86e66944f1846c84f65e850e1315e725f58df4c5eced3bb765ee12cb58532b182a2153cbaaeefe71d5629d4b2b96ac6c4cf00654c7c2fb9

C:\Windows\System\recyhdk.exe

MD5 b0f8222b7fbbab99907269c934c763fa
SHA1 f8ac0c0a63ef815dd4ddf3d36a2843780d753ea6
SHA256 7bad583c367d917ff25c6a7236a1bfb60b94747610f5e560194648f0282eb7bc
SHA512 3745fd3bf228dfd13ec93e8a9060773264baf3788c2d8af92257c2f505db94d47aa4163f4c3fcd83e3bb8fba61115b4f1484718388f8ccf3284eadbddc6ea323

C:\Windows\System\YnABJFI.exe

MD5 936b04c7028b7115cf7608d94b9cc590
SHA1 2aaae5d6f6ded72c0394482bff801639876d31b2
SHA256 bee02946a0a74ef11b28dd46997cd8acf53b2e6ae67514c0585af433455fa327
SHA512 754787f263d6f54eb7fa75aa7a1600f8f2b4c7e342c8d354524e2be60f10200ea049b35292ea711a8ba1846f2ab21347634caaa490d00941926ed42730b4807e

C:\Windows\System\pctjULk.exe

MD5 cf29c525115b7a02d2353eae0c4b0b33
SHA1 6798d61ea69592ba2c9b0e44489f6b08e0e79fd4
SHA256 d32318b2c9457911c7299a021be096297a4bff29f5bff4cc29e933c89f97df2d
SHA512 ffd3c68c78720a904826305640de527da1fd90f9a813f2bcfefd746c9aabd77a8c97a26750454844c2d09bb6cc041e3acf0146f393504a30b203948bea8319b4

memory/3972-146-0x00007FF712EF0000-0x00007FF713244000-memory.dmp

C:\Windows\System\sCOtGOX.exe

MD5 b058827769d3544bba6b78226780c6a9
SHA1 636f6e11dd4dae2d40852a63bfec686b37ad7cb8
SHA256 c8553b18046dd105cc1b4e15daec5bc94ef0df4c0f5b007404ff39c3bf24a167
SHA512 7c7a4ddad3d142650b08b9cb7db2b1d25ce70b6afef464e65b1e54743e633252642e224af8c7e4450cc7cc9ae8cd5b250f9cde9b2fb73921677dd9914dc66923

C:\Windows\System\OXZbctn.exe

MD5 9d6560eb9b7472e31400353a2162527d
SHA1 b444cf79a6b86399c02b0edf4ccabbde8030954c
SHA256 ddd73b6d9fa18147a9aa30a21670f3b796aa4eae232d2a9d609cfc1db2e6c5a1
SHA512 c4976e049fac7292b647b411f601825343ac22423405a989d863a353aba1d33d154529b1ab00f57758a20d30fccf47f8d1e0778a731633a445654dfa1e49f842

C:\Windows\System\whCsnOu.exe

MD5 7b39ef8f67d0685ebeefe9696c09e957
SHA1 4cab6be450739aa55672d7c336756e3a0c325ed6
SHA256 bc412333297580c21f977aa7ad9d1c19aed361a8a8413ad83a49340374637a4b
SHA512 6f901ed266dbded0c8dfa63f736ba967e78a85426a4fa56c05ac4e1dd2b6b40d7422f97ee505eff54cc65c90bb7167c399e7d51dedd74fe86167b03d387dd551

C:\Windows\System\OcuaWTC.exe

MD5 5775d60c062ef81cdbff88f30be63397
SHA1 df3f80698f6981ff69956599fbf16fd98975a953
SHA256 5aef0efac1b89ce7fec87fc0b25d5dfd6f437be6cf9bf673ce7f4c3dd76bfb68
SHA512 dbd8459b7980c3df7806e89919cf4b92d8ec2b40c58e28961aee558b992c156ec5ad367a333dbcaf9408e1f1e4c495a9a6d5385a69ddbdbbd10e1d61ad499ad0

memory/3216-134-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp

C:\Windows\System\bhEBgie.exe

MD5 70643c8cfe42f45c0f57d496935a9447
SHA1 bbe8be71c3e62f97a5a5d5b100e0b11d96f2f6a9
SHA256 084b82784a7925d4c9f409af7eab7347fe873e9cb589bb151d9b4233e2a8b0e7
SHA512 a86353c4d0c033bdf03e0e97fca5f7a6d18263a39ca40584ca00e323ebaf721ba76f46c0ce35f8d9bfe8eb8ba3ff10c1bc982d5f247c607dc9d0e35bd74b74da

C:\Windows\System\gffAYmD.exe

MD5 2edea88175a6a3b44203f9f3d9542fd6
SHA1 4f7e47bc6cf4057dc83c976c49ff0b707a6bcec0
SHA256 6b31a42c26f33a76952fb97d93480f009a26fe2b1a27e16360bb9c03c3ffea29
SHA512 c3204b5e02208009e189717300fede1a4d6b60232fe1d34fc0bf1a8aa7f29e0a2be95308a1449fdd74990a72e9800ea24f5fac30fceb757b3955b037d42243fb

memory/920-115-0x00007FF749A20000-0x00007FF749D74000-memory.dmp

C:\Windows\System\yavvpQd.exe

MD5 7ca96d42628121e60ce41d3891717887
SHA1 b4eccb301614d85461dc87a073a163644c8e07bc
SHA256 6df3cf07e7470574270f3aa897a6b3763bb21347ef46b71c02a0c8c75d281d81
SHA512 2fbb6f23a04ce409b002453e024593209c0cf119627e28965dd6ce2b81a68534969164c59ce893fa4ba4c309f00341b5d175d1364298283bb57fe5fb1c3f3a16

memory/2564-94-0x00007FF6313F0000-0x00007FF631744000-memory.dmp

memory/2080-90-0x00007FF787240000-0x00007FF787594000-memory.dmp

C:\Windows\System\QaiAAop.exe

MD5 fe62c194381e4696d5453030671f96e7
SHA1 560ca25ca422c677d7dc7d5e4b9582958980e37e
SHA256 d42f1e4c43339eca2be1d3c1c58c908bb4e0634939f0f848e0e1885acb365aa8
SHA512 bbd686a282ba681ede6bcc67a7c46699e89b8bdc973428a92c10e55f246b9d19577ad8e6de6b395b341137fc8949c3de0f2d8773751fae4fa2772465dc104b39

C:\Windows\System\qDiBZjr.exe

MD5 aca6063219d7e9fad1a3bbe794d9a0c8
SHA1 bfa3fa291f2b3aa4266ece01313cb9ec20a06079
SHA256 e4baf05a521f2eb80d08a8012cf0f55191a06136054d2233081b61a722d907a9
SHA512 7d83b19b39a7446a48104b1e53cd47b981911f2b0c28a411e25906554bfd5bda0b86c0a195feb4159d04f3b483115025641d5f0745f53e1d993db1f511b134d0

C:\Windows\System\TRcbZjB.exe

MD5 0a74aa22e9f9647bacf42e963af95f1b
SHA1 1e41028e4072662238b63046bd0ca9bac3997a17
SHA256 c881756451a1696af268f084c5219914759bdf3d75c13814d6dca4359e51d660
SHA512 38e756db488dddb1d063bb311ba16235ccc1d98b44682353390a81774c6f3f1064c29569774106a88cca76212ebcbb62a705732c6aecf61f6fa0c72f7483f8e7

C:\Windows\System\ofOlqwQ.exe

MD5 e7e28d38db8e600193d146b1fb960503
SHA1 576704abc86074ecc66abb0dbfcdbac8b2cd1b98
SHA256 780dcaea30a37316bd906e7f511da773d0815b785cfdc1e4f12e2e6d49a3cb2e
SHA512 822e3e186f254da859d4ac7a5827af974a3921247f0fd18c2ba869fba492e2334ecdff78dfc07dbbe82beb6c4bde091b3b64652e59705950f698aebd00e7414f

memory/3076-71-0x00007FF63DFC0000-0x00007FF63E314000-memory.dmp

C:\Windows\System\qdSHkqM.exe

MD5 446a635ca37aa85a4754de371ef936e0
SHA1 ba2507a0d7259a05ec1ddfb5e1e8ade477e8b73c
SHA256 70d368a8222262fb79befa34712c311a145b3778518037f7994b48336a20877c
SHA512 20e27a442cf0a835e10692fed7fa0faed90afa78702bb0b2ddac1ef2bcffc667b5357007ed334f761a73af1b1bf899b9a4ec2a0f8c69612718cdc32e78347813

C:\Windows\System\hvvlMOw.exe

MD5 c07aca277f8412d74930918559d4c032
SHA1 26679cde1825f73cdf4842978f828532b52616ba
SHA256 8a37a73035d4528aeb0e6c06ac0b38ce0297fef6ef8f724aa9961541cabb55c6
SHA512 999db81597f2bfa674da24c4777e3ba8eee9a25ad984e0f81792319c43211fa93c8dcf26a3b31b566df9ae76df91e7ae8ad8adccc511cac178cb20d748dbeec5

memory/1516-61-0x00007FF79BA60000-0x00007FF79BDB4000-memory.dmp

C:\Windows\System\hPUXwOu.exe

MD5 d582f11f56787834be120611e5ff3b4b
SHA1 ef95f4dcfa134eac1b823f9d0dbfc9895ca62b74
SHA256 6d4824e7097b03ae43ac90f39477898c90906fca6f386c349a7424b9415e03bb
SHA512 9cfa84dcc47908f5cc8be2948fdc6a86879a1fdddcbeaf6c32880d12f795f398473cfdc42648f06bdbc6cd3b4cf4b8f53f1e8dc9d8068af67f748178fae275c3

C:\Windows\System\ACCgklb.exe

MD5 bcda47341e659d052c3586f8e15a492e
SHA1 3f0221946d205116ff069cbb4f464cd2ee83d710
SHA256 0b7d201d3c163d2df34bea33dd509e281f87fce707e9f76af6237bbb60dd69c3
SHA512 bfd9450588ed2dda3c538aca2d5a9e154faa1ba176847179e49c4abb5804c1d7f396988e4f85addaa30a9ec7b499b9a18d7aa8ee1b9d1db584aabd306e91f9ac

memory/3184-49-0x00007FF7A6520000-0x00007FF7A6874000-memory.dmp

memory/1464-38-0x00007FF623C50000-0x00007FF623FA4000-memory.dmp

C:\Windows\System\mDVeMRW.exe

MD5 8f32aac908b91f76fe3dc8624388f28b
SHA1 4ca384d236a960c3c493c190c815f44f0e25fce3
SHA256 15c4cf35ebf651f07f1458e563e51c32c3d799016da59adab5198e8a7fa660e7
SHA512 0fd075840d370d76d4f3ba4265322cede7061e0d7e4e8a3f47c3cc65ebda4af60c71ee7ab9c50ed40e7cb98cf7db55c73b9cd511dbfb5e5dff66c9126c40f95f

memory/4956-14-0x00007FF7B2F70000-0x00007FF7B32C4000-memory.dmp

memory/5116-11-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp

C:\Windows\System\ZGzTsTA.exe

MD5 ad32e274c33792c0973f0df9cdac97e5
SHA1 7fc5233d42787e3614b52678b304a8827792e64b
SHA256 8fe2ef249fc2638abacbd7267dbcfa2c23099640580c8fd57126e928a09e02da
SHA512 2b6eb453e056164d468fb1ee1fc310a1501be9cc81fe6c7edf5afcacb31a7372077970f9d813b06fe49a9cbebbd2f5a5524541c9c45c47380d8ee0133c288b17

memory/2956-1070-0x00007FF6D4610000-0x00007FF6D4964000-memory.dmp

memory/4956-1071-0x00007FF7B2F70000-0x00007FF7B32C4000-memory.dmp

memory/1360-1072-0x00007FF62A760000-0x00007FF62AAB4000-memory.dmp

memory/1464-1073-0x00007FF623C50000-0x00007FF623FA4000-memory.dmp

memory/3184-1074-0x00007FF7A6520000-0x00007FF7A6874000-memory.dmp

memory/920-1075-0x00007FF749A20000-0x00007FF749D74000-memory.dmp

memory/5116-1076-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp

memory/4956-1077-0x00007FF7B2F70000-0x00007FF7B32C4000-memory.dmp

memory/1360-1078-0x00007FF62A760000-0x00007FF62AAB4000-memory.dmp

memory/1464-1079-0x00007FF623C50000-0x00007FF623FA4000-memory.dmp

memory/1516-1080-0x00007FF79BA60000-0x00007FF79BDB4000-memory.dmp

memory/3184-1081-0x00007FF7A6520000-0x00007FF7A6874000-memory.dmp

memory/3076-1085-0x00007FF63DFC0000-0x00007FF63E314000-memory.dmp

memory/2240-1083-0x00007FF7A21E0000-0x00007FF7A2534000-memory.dmp

memory/1084-1082-0x00007FF643920000-0x00007FF643C74000-memory.dmp

memory/2080-1084-0x00007FF787240000-0x00007FF787594000-memory.dmp

memory/2564-1087-0x00007FF6313F0000-0x00007FF631744000-memory.dmp

memory/3060-1086-0x00007FF704A70000-0x00007FF704DC4000-memory.dmp

memory/3216-1088-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp

memory/5024-1090-0x00007FF6BEE40000-0x00007FF6BF194000-memory.dmp

memory/2248-1091-0x00007FF7C8AC0000-0x00007FF7C8E14000-memory.dmp

memory/1848-1097-0x00007FF642620000-0x00007FF642974000-memory.dmp

memory/4880-1101-0x00007FF7DBE10000-0x00007FF7DC164000-memory.dmp

memory/2368-1103-0x00007FF73A270000-0x00007FF73A5C4000-memory.dmp

memory/4476-1102-0x00007FF6F9890000-0x00007FF6F9BE4000-memory.dmp

memory/3236-1100-0x00007FF7A0800000-0x00007FF7A0B54000-memory.dmp

memory/2028-1099-0x00007FF6EE2D0000-0x00007FF6EE624000-memory.dmp

memory/920-1098-0x00007FF749A20000-0x00007FF749D74000-memory.dmp

memory/2092-1096-0x00007FF605BE0000-0x00007FF605F34000-memory.dmp

memory/3928-1095-0x00007FF674A90000-0x00007FF674DE4000-memory.dmp

memory/3972-1092-0x00007FF712EF0000-0x00007FF713244000-memory.dmp

memory/2796-1094-0x00007FF672F00000-0x00007FF673254000-memory.dmp

memory/3772-1093-0x00007FF7C9080000-0x00007FF7C93D4000-memory.dmp

memory/2228-1089-0x00007FF72C240000-0x00007FF72C594000-memory.dmp

memory/3920-1104-0x00007FF76EDA0000-0x00007FF76F0F4000-memory.dmp