Malware Analysis Report

2024-10-16 07:50

Sample ID 240531-b1t8tabd82
Target 71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe
SHA256 5be4fa61cac6c206eaeec4b373c60ce9703482010b11c457e22872609caccae2
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5be4fa61cac6c206eaeec4b373c60ce9703482010b11c457e22872609caccae2

Threat Level: Known bad

The file 71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Xmrig family

XMRig Miner payload

xmrig

KPOT

Kpot family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 01:37

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 01:37

Reported

2024-05-31 01:39

Platform

win7-20240508-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nlYWyYS.exe N/A
N/A N/A C:\Windows\System\nAeJRJv.exe N/A
N/A N/A C:\Windows\System\vmtYycX.exe N/A
N/A N/A C:\Windows\System\wuGfGdD.exe N/A
N/A N/A C:\Windows\System\ztJlQVc.exe N/A
N/A N/A C:\Windows\System\EIwzyea.exe N/A
N/A N/A C:\Windows\System\rIgSwqE.exe N/A
N/A N/A C:\Windows\System\lWLRxfI.exe N/A
N/A N/A C:\Windows\System\VTNZOmJ.exe N/A
N/A N/A C:\Windows\System\EXVhCRw.exe N/A
N/A N/A C:\Windows\System\rnpdaCs.exe N/A
N/A N/A C:\Windows\System\JMmWggY.exe N/A
N/A N/A C:\Windows\System\hpGsNhF.exe N/A
N/A N/A C:\Windows\System\FKLnHfQ.exe N/A
N/A N/A C:\Windows\System\hRqQTwd.exe N/A
N/A N/A C:\Windows\System\tVASVPW.exe N/A
N/A N/A C:\Windows\System\fTurchv.exe N/A
N/A N/A C:\Windows\System\EQgdUFQ.exe N/A
N/A N/A C:\Windows\System\IjIjJDd.exe N/A
N/A N/A C:\Windows\System\wPMsnJl.exe N/A
N/A N/A C:\Windows\System\pLnVqZH.exe N/A
N/A N/A C:\Windows\System\OrboMDo.exe N/A
N/A N/A C:\Windows\System\hBxFTyG.exe N/A
N/A N/A C:\Windows\System\NwUHiAg.exe N/A
N/A N/A C:\Windows\System\ZAkyOHM.exe N/A
N/A N/A C:\Windows\System\dYYiuze.exe N/A
N/A N/A C:\Windows\System\hFRfWPp.exe N/A
N/A N/A C:\Windows\System\TVaWDaI.exe N/A
N/A N/A C:\Windows\System\FOuVFHg.exe N/A
N/A N/A C:\Windows\System\jeoKhEY.exe N/A
N/A N/A C:\Windows\System\aIQoFNb.exe N/A
N/A N/A C:\Windows\System\EDPKUbO.exe N/A
N/A N/A C:\Windows\System\GdZkcfK.exe N/A
N/A N/A C:\Windows\System\OLgEpCk.exe N/A
N/A N/A C:\Windows\System\kSIrBUK.exe N/A
N/A N/A C:\Windows\System\DjbpJAK.exe N/A
N/A N/A C:\Windows\System\CGKQlKd.exe N/A
N/A N/A C:\Windows\System\TYNPcWa.exe N/A
N/A N/A C:\Windows\System\HTixhXo.exe N/A
N/A N/A C:\Windows\System\JQegbOL.exe N/A
N/A N/A C:\Windows\System\KdnkRjG.exe N/A
N/A N/A C:\Windows\System\VIfmNvA.exe N/A
N/A N/A C:\Windows\System\tSagUtJ.exe N/A
N/A N/A C:\Windows\System\DOIQwom.exe N/A
N/A N/A C:\Windows\System\IirfpSj.exe N/A
N/A N/A C:\Windows\System\lhwzHES.exe N/A
N/A N/A C:\Windows\System\yHmwESk.exe N/A
N/A N/A C:\Windows\System\EfaaNmc.exe N/A
N/A N/A C:\Windows\System\VndUcCa.exe N/A
N/A N/A C:\Windows\System\mSRuEQJ.exe N/A
N/A N/A C:\Windows\System\FUDnmQY.exe N/A
N/A N/A C:\Windows\System\oNjTmSl.exe N/A
N/A N/A C:\Windows\System\rxzdskj.exe N/A
N/A N/A C:\Windows\System\AnpMekR.exe N/A
N/A N/A C:\Windows\System\cWlAktq.exe N/A
N/A N/A C:\Windows\System\deaASLW.exe N/A
N/A N/A C:\Windows\System\cmTePQo.exe N/A
N/A N/A C:\Windows\System\cOhKZmL.exe N/A
N/A N/A C:\Windows\System\BFEOtKw.exe N/A
N/A N/A C:\Windows\System\dbQqhaY.exe N/A
N/A N/A C:\Windows\System\QvHIncG.exe N/A
N/A N/A C:\Windows\System\nUCCGwq.exe N/A
N/A N/A C:\Windows\System\CiZVXLK.exe N/A
N/A N/A C:\Windows\System\ajYqJgT.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DcNSuWQ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQYzTfs.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hACGIDN.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOuVFHg.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FUDnmQY.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUCCGwq.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CvAMDXD.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFZkMbG.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PTVBVSN.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDPKUbO.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDtYFzK.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VndUcCa.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcqKVoR.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSheeft.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztyLVgl.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvYaRYf.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\REFdwPE.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lhwzHES.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxzrAmn.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MASKmpo.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJROidG.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VzkCqgJ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMaGGVo.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIrLjal.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UAWYKkc.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZPpgXV.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PHgdBbk.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vJSFqfW.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJjETlZ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MoHJZqI.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTqpkXZ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhYPngM.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rUiqFTA.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLPGxUu.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLvYxRn.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOIUEYT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRZgScT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vmtYycX.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eyApGgN.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZWXTos.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgZUqbF.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlQILoS.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYJIxvH.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBGoNTr.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjHezVp.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdWTxUQ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIAbhhc.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAkyOHM.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojXCjZR.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrFJaiH.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDtvyLq.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZQRoRy.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PlsblaL.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CFworBe.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hpGsNhF.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIERsUD.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfRFYFk.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\thBfXlF.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HomGDCQ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXWagUO.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOOQYPe.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gylkwGF.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hFRfWPp.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIQoFNb.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1964 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nAeJRJv.exe
PID 1964 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nAeJRJv.exe
PID 1964 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nAeJRJv.exe
PID 1964 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nlYWyYS.exe
PID 1964 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nlYWyYS.exe
PID 1964 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nlYWyYS.exe
PID 1964 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wuGfGdD.exe
PID 1964 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wuGfGdD.exe
PID 1964 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wuGfGdD.exe
PID 1964 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\vmtYycX.exe
PID 1964 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\vmtYycX.exe
PID 1964 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\vmtYycX.exe
PID 1964 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ztJlQVc.exe
PID 1964 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ztJlQVc.exe
PID 1964 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ztJlQVc.exe
PID 1964 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EIwzyea.exe
PID 1964 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EIwzyea.exe
PID 1964 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EIwzyea.exe
PID 1964 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rIgSwqE.exe
PID 1964 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rIgSwqE.exe
PID 1964 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rIgSwqE.exe
PID 1964 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lWLRxfI.exe
PID 1964 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lWLRxfI.exe
PID 1964 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lWLRxfI.exe
PID 1964 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\VTNZOmJ.exe
PID 1964 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\VTNZOmJ.exe
PID 1964 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\VTNZOmJ.exe
PID 1964 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EXVhCRw.exe
PID 1964 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EXVhCRw.exe
PID 1964 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EXVhCRw.exe
PID 1964 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rnpdaCs.exe
PID 1964 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rnpdaCs.exe
PID 1964 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\rnpdaCs.exe
PID 1964 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\JMmWggY.exe
PID 1964 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\JMmWggY.exe
PID 1964 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\JMmWggY.exe
PID 1964 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hpGsNhF.exe
PID 1964 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hpGsNhF.exe
PID 1964 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hpGsNhF.exe
PID 1964 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\FKLnHfQ.exe
PID 1964 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\FKLnHfQ.exe
PID 1964 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\FKLnHfQ.exe
PID 1964 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hRqQTwd.exe
PID 1964 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hRqQTwd.exe
PID 1964 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hRqQTwd.exe
PID 1964 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\tVASVPW.exe
PID 1964 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\tVASVPW.exe
PID 1964 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\tVASVPW.exe
PID 1964 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\fTurchv.exe
PID 1964 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\fTurchv.exe
PID 1964 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\fTurchv.exe
PID 1964 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EQgdUFQ.exe
PID 1964 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EQgdUFQ.exe
PID 1964 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EQgdUFQ.exe
PID 1964 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\IjIjJDd.exe
PID 1964 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\IjIjJDd.exe
PID 1964 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\IjIjJDd.exe
PID 1964 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wPMsnJl.exe
PID 1964 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wPMsnJl.exe
PID 1964 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\wPMsnJl.exe
PID 1964 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pLnVqZH.exe
PID 1964 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pLnVqZH.exe
PID 1964 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pLnVqZH.exe
PID 1964 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\OrboMDo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe"

C:\Windows\System\nAeJRJv.exe

C:\Windows\System\nAeJRJv.exe

C:\Windows\System\nlYWyYS.exe

C:\Windows\System\nlYWyYS.exe

C:\Windows\System\wuGfGdD.exe

C:\Windows\System\wuGfGdD.exe

C:\Windows\System\vmtYycX.exe

C:\Windows\System\vmtYycX.exe

C:\Windows\System\ztJlQVc.exe

C:\Windows\System\ztJlQVc.exe

C:\Windows\System\EIwzyea.exe

C:\Windows\System\EIwzyea.exe

C:\Windows\System\rIgSwqE.exe

C:\Windows\System\rIgSwqE.exe

C:\Windows\System\lWLRxfI.exe

C:\Windows\System\lWLRxfI.exe

C:\Windows\System\VTNZOmJ.exe

C:\Windows\System\VTNZOmJ.exe

C:\Windows\System\EXVhCRw.exe

C:\Windows\System\EXVhCRw.exe

C:\Windows\System\rnpdaCs.exe

C:\Windows\System\rnpdaCs.exe

C:\Windows\System\JMmWggY.exe

C:\Windows\System\JMmWggY.exe

C:\Windows\System\hpGsNhF.exe

C:\Windows\System\hpGsNhF.exe

C:\Windows\System\FKLnHfQ.exe

C:\Windows\System\FKLnHfQ.exe

C:\Windows\System\hRqQTwd.exe

C:\Windows\System\hRqQTwd.exe

C:\Windows\System\tVASVPW.exe

C:\Windows\System\tVASVPW.exe

C:\Windows\System\fTurchv.exe

C:\Windows\System\fTurchv.exe

C:\Windows\System\EQgdUFQ.exe

C:\Windows\System\EQgdUFQ.exe

C:\Windows\System\IjIjJDd.exe

C:\Windows\System\IjIjJDd.exe

C:\Windows\System\wPMsnJl.exe

C:\Windows\System\wPMsnJl.exe

C:\Windows\System\pLnVqZH.exe

C:\Windows\System\pLnVqZH.exe

C:\Windows\System\OrboMDo.exe

C:\Windows\System\OrboMDo.exe

C:\Windows\System\hBxFTyG.exe

C:\Windows\System\hBxFTyG.exe

C:\Windows\System\NwUHiAg.exe

C:\Windows\System\NwUHiAg.exe

C:\Windows\System\ZAkyOHM.exe

C:\Windows\System\ZAkyOHM.exe

C:\Windows\System\dYYiuze.exe

C:\Windows\System\dYYiuze.exe

C:\Windows\System\hFRfWPp.exe

C:\Windows\System\hFRfWPp.exe

C:\Windows\System\TVaWDaI.exe

C:\Windows\System\TVaWDaI.exe

C:\Windows\System\FOuVFHg.exe

C:\Windows\System\FOuVFHg.exe

C:\Windows\System\jeoKhEY.exe

C:\Windows\System\jeoKhEY.exe

C:\Windows\System\aIQoFNb.exe

C:\Windows\System\aIQoFNb.exe

C:\Windows\System\EDPKUbO.exe

C:\Windows\System\EDPKUbO.exe

C:\Windows\System\GdZkcfK.exe

C:\Windows\System\GdZkcfK.exe

C:\Windows\System\OLgEpCk.exe

C:\Windows\System\OLgEpCk.exe

C:\Windows\System\kSIrBUK.exe

C:\Windows\System\kSIrBUK.exe

C:\Windows\System\DjbpJAK.exe

C:\Windows\System\DjbpJAK.exe

C:\Windows\System\CGKQlKd.exe

C:\Windows\System\CGKQlKd.exe

C:\Windows\System\TYNPcWa.exe

C:\Windows\System\TYNPcWa.exe

C:\Windows\System\HTixhXo.exe

C:\Windows\System\HTixhXo.exe

C:\Windows\System\JQegbOL.exe

C:\Windows\System\JQegbOL.exe

C:\Windows\System\KdnkRjG.exe

C:\Windows\System\KdnkRjG.exe

C:\Windows\System\VIfmNvA.exe

C:\Windows\System\VIfmNvA.exe

C:\Windows\System\tSagUtJ.exe

C:\Windows\System\tSagUtJ.exe

C:\Windows\System\DOIQwom.exe

C:\Windows\System\DOIQwom.exe

C:\Windows\System\IirfpSj.exe

C:\Windows\System\IirfpSj.exe

C:\Windows\System\lhwzHES.exe

C:\Windows\System\lhwzHES.exe

C:\Windows\System\yHmwESk.exe

C:\Windows\System\yHmwESk.exe

C:\Windows\System\EfaaNmc.exe

C:\Windows\System\EfaaNmc.exe

C:\Windows\System\VndUcCa.exe

C:\Windows\System\VndUcCa.exe

C:\Windows\System\mSRuEQJ.exe

C:\Windows\System\mSRuEQJ.exe

C:\Windows\System\FUDnmQY.exe

C:\Windows\System\FUDnmQY.exe

C:\Windows\System\oNjTmSl.exe

C:\Windows\System\oNjTmSl.exe

C:\Windows\System\rxzdskj.exe

C:\Windows\System\rxzdskj.exe

C:\Windows\System\AnpMekR.exe

C:\Windows\System\AnpMekR.exe

C:\Windows\System\cWlAktq.exe

C:\Windows\System\cWlAktq.exe

C:\Windows\System\deaASLW.exe

C:\Windows\System\deaASLW.exe

C:\Windows\System\cmTePQo.exe

C:\Windows\System\cmTePQo.exe

C:\Windows\System\cOhKZmL.exe

C:\Windows\System\cOhKZmL.exe

C:\Windows\System\BFEOtKw.exe

C:\Windows\System\BFEOtKw.exe

C:\Windows\System\dbQqhaY.exe

C:\Windows\System\dbQqhaY.exe

C:\Windows\System\QvHIncG.exe

C:\Windows\System\QvHIncG.exe

C:\Windows\System\nUCCGwq.exe

C:\Windows\System\nUCCGwq.exe

C:\Windows\System\CiZVXLK.exe

C:\Windows\System\CiZVXLK.exe

C:\Windows\System\ajYqJgT.exe

C:\Windows\System\ajYqJgT.exe

C:\Windows\System\AdqzVxD.exe

C:\Windows\System\AdqzVxD.exe

C:\Windows\System\VRqSeeF.exe

C:\Windows\System\VRqSeeF.exe

C:\Windows\System\ZfICneZ.exe

C:\Windows\System\ZfICneZ.exe

C:\Windows\System\GwSGQdj.exe

C:\Windows\System\GwSGQdj.exe

C:\Windows\System\ZcqKVoR.exe

C:\Windows\System\ZcqKVoR.exe

C:\Windows\System\gFBCmAv.exe

C:\Windows\System\gFBCmAv.exe

C:\Windows\System\pdnGGYn.exe

C:\Windows\System\pdnGGYn.exe

C:\Windows\System\ctvwMUY.exe

C:\Windows\System\ctvwMUY.exe

C:\Windows\System\vQCLCKW.exe

C:\Windows\System\vQCLCKW.exe

C:\Windows\System\AXzfRLw.exe

C:\Windows\System\AXzfRLw.exe

C:\Windows\System\iNLKWAN.exe

C:\Windows\System\iNLKWAN.exe

C:\Windows\System\CvAMDXD.exe

C:\Windows\System\CvAMDXD.exe

C:\Windows\System\UwWHpww.exe

C:\Windows\System\UwWHpww.exe

C:\Windows\System\pShPEIS.exe

C:\Windows\System\pShPEIS.exe

C:\Windows\System\zEIRxnL.exe

C:\Windows\System\zEIRxnL.exe

C:\Windows\System\tHmWGUc.exe

C:\Windows\System\tHmWGUc.exe

C:\Windows\System\nSheeft.exe

C:\Windows\System\nSheeft.exe

C:\Windows\System\TjxOsOg.exe

C:\Windows\System\TjxOsOg.exe

C:\Windows\System\IMGJUgp.exe

C:\Windows\System\IMGJUgp.exe

C:\Windows\System\NxnctmR.exe

C:\Windows\System\NxnctmR.exe

C:\Windows\System\fatLTFE.exe

C:\Windows\System\fatLTFE.exe

C:\Windows\System\SlnPCTI.exe

C:\Windows\System\SlnPCTI.exe

C:\Windows\System\zEsHUTk.exe

C:\Windows\System\zEsHUTk.exe

C:\Windows\System\ztyLVgl.exe

C:\Windows\System\ztyLVgl.exe

C:\Windows\System\MoHJZqI.exe

C:\Windows\System\MoHJZqI.exe

C:\Windows\System\EreGfRX.exe

C:\Windows\System\EreGfRX.exe

C:\Windows\System\DSCWYJI.exe

C:\Windows\System\DSCWYJI.exe

C:\Windows\System\snpOiYX.exe

C:\Windows\System\snpOiYX.exe

C:\Windows\System\eyApGgN.exe

C:\Windows\System\eyApGgN.exe

C:\Windows\System\UAWYKkc.exe

C:\Windows\System\UAWYKkc.exe

C:\Windows\System\XoStdqn.exe

C:\Windows\System\XoStdqn.exe

C:\Windows\System\VaOBcFD.exe

C:\Windows\System\VaOBcFD.exe

C:\Windows\System\ojXCjZR.exe

C:\Windows\System\ojXCjZR.exe

C:\Windows\System\Fpdwjwv.exe

C:\Windows\System\Fpdwjwv.exe

C:\Windows\System\bIERsUD.exe

C:\Windows\System\bIERsUD.exe

C:\Windows\System\MBFTMfk.exe

C:\Windows\System\MBFTMfk.exe

C:\Windows\System\vxzrAmn.exe

C:\Windows\System\vxzrAmn.exe

C:\Windows\System\wCPgZau.exe

C:\Windows\System\wCPgZau.exe

C:\Windows\System\YDQCrhz.exe

C:\Windows\System\YDQCrhz.exe

C:\Windows\System\PlsblaL.exe

C:\Windows\System\PlsblaL.exe

C:\Windows\System\HVZDdfc.exe

C:\Windows\System\HVZDdfc.exe

C:\Windows\System\Jwmdyih.exe

C:\Windows\System\Jwmdyih.exe

C:\Windows\System\UcEwmEo.exe

C:\Windows\System\UcEwmEo.exe

C:\Windows\System\PQGMbCa.exe

C:\Windows\System\PQGMbCa.exe

C:\Windows\System\FreqIgi.exe

C:\Windows\System\FreqIgi.exe

C:\Windows\System\xfRFYFk.exe

C:\Windows\System\xfRFYFk.exe

C:\Windows\System\gaiUZPV.exe

C:\Windows\System\gaiUZPV.exe

C:\Windows\System\UstoWMU.exe

C:\Windows\System\UstoWMU.exe

C:\Windows\System\GXOmUGz.exe

C:\Windows\System\GXOmUGz.exe

C:\Windows\System\sPwvnvJ.exe

C:\Windows\System\sPwvnvJ.exe

C:\Windows\System\rffhksf.exe

C:\Windows\System\rffhksf.exe

C:\Windows\System\PvUjaNP.exe

C:\Windows\System\PvUjaNP.exe

C:\Windows\System\FdNluFS.exe

C:\Windows\System\FdNluFS.exe

C:\Windows\System\pWPrShz.exe

C:\Windows\System\pWPrShz.exe

C:\Windows\System\WoUWlWp.exe

C:\Windows\System\WoUWlWp.exe

C:\Windows\System\BcqFEBz.exe

C:\Windows\System\BcqFEBz.exe

C:\Windows\System\FJxvyjt.exe

C:\Windows\System\FJxvyjt.exe

C:\Windows\System\ghksbFy.exe

C:\Windows\System\ghksbFy.exe

C:\Windows\System\neZMLhs.exe

C:\Windows\System\neZMLhs.exe

C:\Windows\System\ezGfYnc.exe

C:\Windows\System\ezGfYnc.exe

C:\Windows\System\zxcguAi.exe

C:\Windows\System\zxcguAi.exe

C:\Windows\System\jswtyzL.exe

C:\Windows\System\jswtyzL.exe

C:\Windows\System\kaZhluV.exe

C:\Windows\System\kaZhluV.exe

C:\Windows\System\bJsgiLe.exe

C:\Windows\System\bJsgiLe.exe

C:\Windows\System\CpOwKpA.exe

C:\Windows\System\CpOwKpA.exe

C:\Windows\System\TKBeYrg.exe

C:\Windows\System\TKBeYrg.exe

C:\Windows\System\NvmdhkR.exe

C:\Windows\System\NvmdhkR.exe

C:\Windows\System\QInPZuz.exe

C:\Windows\System\QInPZuz.exe

C:\Windows\System\OWMUZQZ.exe

C:\Windows\System\OWMUZQZ.exe

C:\Windows\System\zntzyhG.exe

C:\Windows\System\zntzyhG.exe

C:\Windows\System\JcsUEhn.exe

C:\Windows\System\JcsUEhn.exe

C:\Windows\System\EvYcsDX.exe

C:\Windows\System\EvYcsDX.exe

C:\Windows\System\XvzzFdc.exe

C:\Windows\System\XvzzFdc.exe

C:\Windows\System\dfDlnDv.exe

C:\Windows\System\dfDlnDv.exe

C:\Windows\System\tDFYktB.exe

C:\Windows\System\tDFYktB.exe

C:\Windows\System\BMiiLZM.exe

C:\Windows\System\BMiiLZM.exe

C:\Windows\System\vCTyfdf.exe

C:\Windows\System\vCTyfdf.exe

C:\Windows\System\oXyeagc.exe

C:\Windows\System\oXyeagc.exe

C:\Windows\System\CfxQLCK.exe

C:\Windows\System\CfxQLCK.exe

C:\Windows\System\JkZOAut.exe

C:\Windows\System\JkZOAut.exe

C:\Windows\System\hmIcxsB.exe

C:\Windows\System\hmIcxsB.exe

C:\Windows\System\PZWXTos.exe

C:\Windows\System\PZWXTos.exe

C:\Windows\System\tAczhHk.exe

C:\Windows\System\tAczhHk.exe

C:\Windows\System\lgZUqbF.exe

C:\Windows\System\lgZUqbF.exe

C:\Windows\System\ldIomDQ.exe

C:\Windows\System\ldIomDQ.exe

C:\Windows\System\wZPpgXV.exe

C:\Windows\System\wZPpgXV.exe

C:\Windows\System\AJzDQDE.exe

C:\Windows\System\AJzDQDE.exe

C:\Windows\System\thBfXlF.exe

C:\Windows\System\thBfXlF.exe

C:\Windows\System\gtkbHwu.exe

C:\Windows\System\gtkbHwu.exe

C:\Windows\System\EmhWWJM.exe

C:\Windows\System\EmhWWJM.exe

C:\Windows\System\xzUXjYa.exe

C:\Windows\System\xzUXjYa.exe

C:\Windows\System\DurdABf.exe

C:\Windows\System\DurdABf.exe

C:\Windows\System\vDXlovl.exe

C:\Windows\System\vDXlovl.exe

C:\Windows\System\XfAJrjC.exe

C:\Windows\System\XfAJrjC.exe

C:\Windows\System\OZDlSPY.exe

C:\Windows\System\OZDlSPY.exe

C:\Windows\System\OMaGGVo.exe

C:\Windows\System\OMaGGVo.exe

C:\Windows\System\LzDbKOh.exe

C:\Windows\System\LzDbKOh.exe

C:\Windows\System\tTqpkXZ.exe

C:\Windows\System\tTqpkXZ.exe

C:\Windows\System\hrFJaiH.exe

C:\Windows\System\hrFJaiH.exe

C:\Windows\System\PSbfgCr.exe

C:\Windows\System\PSbfgCr.exe

C:\Windows\System\RTRbUKR.exe

C:\Windows\System\RTRbUKR.exe

C:\Windows\System\cNNtrlv.exe

C:\Windows\System\cNNtrlv.exe

C:\Windows\System\TgVpMaY.exe

C:\Windows\System\TgVpMaY.exe

C:\Windows\System\AVTfNLV.exe

C:\Windows\System\AVTfNLV.exe

C:\Windows\System\meZUwOC.exe

C:\Windows\System\meZUwOC.exe

C:\Windows\System\WwfhxnS.exe

C:\Windows\System\WwfhxnS.exe

C:\Windows\System\nuLcxZR.exe

C:\Windows\System\nuLcxZR.exe

C:\Windows\System\FTDGTkj.exe

C:\Windows\System\FTDGTkj.exe

C:\Windows\System\xDxKtnE.exe

C:\Windows\System\xDxKtnE.exe

C:\Windows\System\TziBGhr.exe

C:\Windows\System\TziBGhr.exe

C:\Windows\System\RnIHdgy.exe

C:\Windows\System\RnIHdgy.exe

C:\Windows\System\cOsSmzG.exe

C:\Windows\System\cOsSmzG.exe

C:\Windows\System\BMnbxaB.exe

C:\Windows\System\BMnbxaB.exe

C:\Windows\System\RGfJQld.exe

C:\Windows\System\RGfJQld.exe

C:\Windows\System\OlEIkWq.exe

C:\Windows\System\OlEIkWq.exe

C:\Windows\System\rvYaRYf.exe

C:\Windows\System\rvYaRYf.exe

C:\Windows\System\AcVRebz.exe

C:\Windows\System\AcVRebz.exe

C:\Windows\System\MvVUyDS.exe

C:\Windows\System\MvVUyDS.exe

C:\Windows\System\xnpDiKV.exe

C:\Windows\System\xnpDiKV.exe

C:\Windows\System\NycKtdb.exe

C:\Windows\System\NycKtdb.exe

C:\Windows\System\RgGqpBD.exe

C:\Windows\System\RgGqpBD.exe

C:\Windows\System\cDvanxN.exe

C:\Windows\System\cDvanxN.exe

C:\Windows\System\heYzUdg.exe

C:\Windows\System\heYzUdg.exe

C:\Windows\System\IhYPngM.exe

C:\Windows\System\IhYPngM.exe

C:\Windows\System\BLyRcWF.exe

C:\Windows\System\BLyRcWF.exe

C:\Windows\System\dGFDvWm.exe

C:\Windows\System\dGFDvWm.exe

C:\Windows\System\AUXxoZZ.exe

C:\Windows\System\AUXxoZZ.exe

C:\Windows\System\sLtPJHx.exe

C:\Windows\System\sLtPJHx.exe

C:\Windows\System\TlQILoS.exe

C:\Windows\System\TlQILoS.exe

C:\Windows\System\ZVFsQwm.exe

C:\Windows\System\ZVFsQwm.exe

C:\Windows\System\KgmZKFp.exe

C:\Windows\System\KgmZKFp.exe

C:\Windows\System\opKunPg.exe

C:\Windows\System\opKunPg.exe

C:\Windows\System\MASKmpo.exe

C:\Windows\System\MASKmpo.exe

C:\Windows\System\fnUHWry.exe

C:\Windows\System\fnUHWry.exe

C:\Windows\System\jUsRRuh.exe

C:\Windows\System\jUsRRuh.exe

C:\Windows\System\YFZkMbG.exe

C:\Windows\System\YFZkMbG.exe

C:\Windows\System\NnDydYL.exe

C:\Windows\System\NnDydYL.exe

C:\Windows\System\hrEPvpN.exe

C:\Windows\System\hrEPvpN.exe

C:\Windows\System\MdVHMWU.exe

C:\Windows\System\MdVHMWU.exe

C:\Windows\System\GGaunTi.exe

C:\Windows\System\GGaunTi.exe

C:\Windows\System\dUdWXDh.exe

C:\Windows\System\dUdWXDh.exe

C:\Windows\System\JJVUMsg.exe

C:\Windows\System\JJVUMsg.exe

C:\Windows\System\MJROidG.exe

C:\Windows\System\MJROidG.exe

C:\Windows\System\hJSvFiR.exe

C:\Windows\System\hJSvFiR.exe

C:\Windows\System\llqsImB.exe

C:\Windows\System\llqsImB.exe

C:\Windows\System\fLMWLdD.exe

C:\Windows\System\fLMWLdD.exe

C:\Windows\System\iRkyAsK.exe

C:\Windows\System\iRkyAsK.exe

C:\Windows\System\qJzqQYD.exe

C:\Windows\System\qJzqQYD.exe

C:\Windows\System\EgYDPmf.exe

C:\Windows\System\EgYDPmf.exe

C:\Windows\System\ETGZGmX.exe

C:\Windows\System\ETGZGmX.exe

C:\Windows\System\PHgdBbk.exe

C:\Windows\System\PHgdBbk.exe

C:\Windows\System\SdZFmcA.exe

C:\Windows\System\SdZFmcA.exe

C:\Windows\System\fzFkOWA.exe

C:\Windows\System\fzFkOWA.exe

C:\Windows\System\HomGDCQ.exe

C:\Windows\System\HomGDCQ.exe

C:\Windows\System\nLvYxRn.exe

C:\Windows\System\nLvYxRn.exe

C:\Windows\System\BqJKDGU.exe

C:\Windows\System\BqJKDGU.exe

C:\Windows\System\XDQTJrL.exe

C:\Windows\System\XDQTJrL.exe

C:\Windows\System\RYFJHOl.exe

C:\Windows\System\RYFJHOl.exe

C:\Windows\System\cgjoecn.exe

C:\Windows\System\cgjoecn.exe

C:\Windows\System\fGIHemg.exe

C:\Windows\System\fGIHemg.exe

C:\Windows\System\BMbCFsF.exe

C:\Windows\System\BMbCFsF.exe

C:\Windows\System\pdBSjor.exe

C:\Windows\System\pdBSjor.exe

C:\Windows\System\clTZadW.exe

C:\Windows\System\clTZadW.exe

C:\Windows\System\gMsZzJH.exe

C:\Windows\System\gMsZzJH.exe

C:\Windows\System\CFworBe.exe

C:\Windows\System\CFworBe.exe

C:\Windows\System\ZimMqVt.exe

C:\Windows\System\ZimMqVt.exe

C:\Windows\System\ZDtvyLq.exe

C:\Windows\System\ZDtvyLq.exe

C:\Windows\System\iNfDnOz.exe

C:\Windows\System\iNfDnOz.exe

C:\Windows\System\bZQRoRy.exe

C:\Windows\System\bZQRoRy.exe

C:\Windows\System\TfYKmOe.exe

C:\Windows\System\TfYKmOe.exe

C:\Windows\System\egkZSEW.exe

C:\Windows\System\egkZSEW.exe

C:\Windows\System\xIrLjal.exe

C:\Windows\System\xIrLjal.exe

C:\Windows\System\qXWagUO.exe

C:\Windows\System\qXWagUO.exe

C:\Windows\System\vRNEwxj.exe

C:\Windows\System\vRNEwxj.exe

C:\Windows\System\ctigWVh.exe

C:\Windows\System\ctigWVh.exe

C:\Windows\System\IjBeQzE.exe

C:\Windows\System\IjBeQzE.exe

C:\Windows\System\GzzHXpI.exe

C:\Windows\System\GzzHXpI.exe

C:\Windows\System\LOIUEYT.exe

C:\Windows\System\LOIUEYT.exe

C:\Windows\System\dTvzGpk.exe

C:\Windows\System\dTvzGpk.exe

C:\Windows\System\apuLNjX.exe

C:\Windows\System\apuLNjX.exe

C:\Windows\System\SKlGRro.exe

C:\Windows\System\SKlGRro.exe

C:\Windows\System\xRZgScT.exe

C:\Windows\System\xRZgScT.exe

C:\Windows\System\rxOHDea.exe

C:\Windows\System\rxOHDea.exe

C:\Windows\System\tIfXQzl.exe

C:\Windows\System\tIfXQzl.exe

C:\Windows\System\GOOQYPe.exe

C:\Windows\System\GOOQYPe.exe

C:\Windows\System\nNgZyXK.exe

C:\Windows\System\nNgZyXK.exe

C:\Windows\System\HfEeXXm.exe

C:\Windows\System\HfEeXXm.exe

C:\Windows\System\pNBGqlO.exe

C:\Windows\System\pNBGqlO.exe

C:\Windows\System\INJObVH.exe

C:\Windows\System\INJObVH.exe

C:\Windows\System\yOSQoFJ.exe

C:\Windows\System\yOSQoFJ.exe

C:\Windows\System\CktDScG.exe

C:\Windows\System\CktDScG.exe

C:\Windows\System\BtzOitK.exe

C:\Windows\System\BtzOitK.exe

C:\Windows\System\JcBPEcy.exe

C:\Windows\System\JcBPEcy.exe

C:\Windows\System\TpmJWYj.exe

C:\Windows\System\TpmJWYj.exe

C:\Windows\System\rUiqFTA.exe

C:\Windows\System\rUiqFTA.exe

C:\Windows\System\nYJIxvH.exe

C:\Windows\System\nYJIxvH.exe

C:\Windows\System\JKKxqxD.exe

C:\Windows\System\JKKxqxD.exe

C:\Windows\System\ixWJODv.exe

C:\Windows\System\ixWJODv.exe

C:\Windows\System\cdkAHfD.exe

C:\Windows\System\cdkAHfD.exe

C:\Windows\System\cXstJlv.exe

C:\Windows\System\cXstJlv.exe

C:\Windows\System\JBGoNTr.exe

C:\Windows\System\JBGoNTr.exe

C:\Windows\System\aOuyVxL.exe

C:\Windows\System\aOuyVxL.exe

C:\Windows\System\ramXGCr.exe

C:\Windows\System\ramXGCr.exe

C:\Windows\System\dauEfFR.exe

C:\Windows\System\dauEfFR.exe

C:\Windows\System\AKIjxPi.exe

C:\Windows\System\AKIjxPi.exe

C:\Windows\System\UFMdazd.exe

C:\Windows\System\UFMdazd.exe

C:\Windows\System\UIgrpkv.exe

C:\Windows\System\UIgrpkv.exe

C:\Windows\System\ZafdTjE.exe

C:\Windows\System\ZafdTjE.exe

C:\Windows\System\rwbHEXf.exe

C:\Windows\System\rwbHEXf.exe

C:\Windows\System\zUglKOV.exe

C:\Windows\System\zUglKOV.exe

C:\Windows\System\DcNSuWQ.exe

C:\Windows\System\DcNSuWQ.exe

C:\Windows\System\CLPGxUu.exe

C:\Windows\System\CLPGxUu.exe

C:\Windows\System\XrVSePF.exe

C:\Windows\System\XrVSePF.exe

C:\Windows\System\yeBctcC.exe

C:\Windows\System\yeBctcC.exe

C:\Windows\System\zrEieDi.exe

C:\Windows\System\zrEieDi.exe

C:\Windows\System\wEiysAu.exe

C:\Windows\System\wEiysAu.exe

C:\Windows\System\kwVPNEz.exe

C:\Windows\System\kwVPNEz.exe

C:\Windows\System\LCroLFv.exe

C:\Windows\System\LCroLFv.exe

C:\Windows\System\xgThVAb.exe

C:\Windows\System\xgThVAb.exe

C:\Windows\System\RNhnqKu.exe

C:\Windows\System\RNhnqKu.exe

C:\Windows\System\gylkwGF.exe

C:\Windows\System\gylkwGF.exe

C:\Windows\System\hrwTkMx.exe

C:\Windows\System\hrwTkMx.exe

C:\Windows\System\bZmdjwW.exe

C:\Windows\System\bZmdjwW.exe

C:\Windows\System\AgyRktv.exe

C:\Windows\System\AgyRktv.exe

C:\Windows\System\wQynZcD.exe

C:\Windows\System\wQynZcD.exe

C:\Windows\System\dehlEyc.exe

C:\Windows\System\dehlEyc.exe

C:\Windows\System\jjKGAOZ.exe

C:\Windows\System\jjKGAOZ.exe

C:\Windows\System\HQYzTfs.exe

C:\Windows\System\HQYzTfs.exe

C:\Windows\System\kGEpwdm.exe

C:\Windows\System\kGEpwdm.exe

C:\Windows\System\hACGIDN.exe

C:\Windows\System\hACGIDN.exe

C:\Windows\System\gHhAwTM.exe

C:\Windows\System\gHhAwTM.exe

C:\Windows\System\wkhUsPk.exe

C:\Windows\System\wkhUsPk.exe

C:\Windows\System\jmHgYfv.exe

C:\Windows\System\jmHgYfv.exe

C:\Windows\System\UivoJSl.exe

C:\Windows\System\UivoJSl.exe

C:\Windows\System\lURfxoe.exe

C:\Windows\System\lURfxoe.exe

C:\Windows\System\jTWjfzl.exe

C:\Windows\System\jTWjfzl.exe

C:\Windows\System\PqEoNfr.exe

C:\Windows\System\PqEoNfr.exe

C:\Windows\System\VzkCqgJ.exe

C:\Windows\System\VzkCqgJ.exe

C:\Windows\System\NJjETlZ.exe

C:\Windows\System\NJjETlZ.exe

C:\Windows\System\AjHezVp.exe

C:\Windows\System\AjHezVp.exe

C:\Windows\System\REFdwPE.exe

C:\Windows\System\REFdwPE.exe

C:\Windows\System\OdWTxUQ.exe

C:\Windows\System\OdWTxUQ.exe

C:\Windows\System\gVyjLCN.exe

C:\Windows\System\gVyjLCN.exe

C:\Windows\System\rIAbhhc.exe

C:\Windows\System\rIAbhhc.exe

C:\Windows\System\dhHHJBU.exe

C:\Windows\System\dhHHJBU.exe

C:\Windows\System\otNqOwN.exe

C:\Windows\System\otNqOwN.exe

C:\Windows\System\bQmCkxM.exe

C:\Windows\System\bQmCkxM.exe

C:\Windows\System\RBCCAeT.exe

C:\Windows\System\RBCCAeT.exe

C:\Windows\System\qxRkXYy.exe

C:\Windows\System\qxRkXYy.exe

C:\Windows\System\rzqFDTb.exe

C:\Windows\System\rzqFDTb.exe

C:\Windows\System\JqZyoHg.exe

C:\Windows\System\JqZyoHg.exe

C:\Windows\System\kyRgJRg.exe

C:\Windows\System\kyRgJRg.exe

C:\Windows\System\PTVBVSN.exe

C:\Windows\System\PTVBVSN.exe

C:\Windows\System\xDtYFzK.exe

C:\Windows\System\xDtYFzK.exe

C:\Windows\System\qZJzhWI.exe

C:\Windows\System\qZJzhWI.exe

C:\Windows\System\njuWNRv.exe

C:\Windows\System\njuWNRv.exe

C:\Windows\System\aoSMCKq.exe

C:\Windows\System\aoSMCKq.exe

C:\Windows\System\hsBsGBg.exe

C:\Windows\System\hsBsGBg.exe

C:\Windows\System\AbAjaCt.exe

C:\Windows\System\AbAjaCt.exe

C:\Windows\System\vJSFqfW.exe

C:\Windows\System\vJSFqfW.exe

C:\Windows\System\jnbZYOo.exe

C:\Windows\System\jnbZYOo.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1964-0-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/1964-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\nAeJRJv.exe

MD5 7370ffd69cc277f02dfee00d195601f3
SHA1 5d02108669c8e56e3384128f02384da691980f36
SHA256 a329095e730ac796c8a399e72f44a6e3bbc383aad7ed91a8c82ae111d7081985
SHA512 59cdb0594e8950347992743ca8f5eb8c9d0236be55edd2e22bca581bfaa66a2eb0a96edb3a92f5621398691c9988fabb42f321c00bdd0560eb4e3c88288cd3dc

C:\Windows\system\nlYWyYS.exe

MD5 c5ad8c81f34573c692f8214ee42a0e05
SHA1 5ee69a867ca1170f776c4b447ea42b8f0679e42b
SHA256 8e80cc3b176e9b1540b9e1078f9138224d3a06b74d42b6816ac32b0e0eb40745
SHA512 215769907282be79005efaea4c86d942d7bacb79fe3c516d2ccc7551366e4f8aed244c0a1bb6c21ca5c414e5e2097a275ff66da8987fbd77172610e7c4303508

\Windows\system\wuGfGdD.exe

MD5 91c1df3d7c3c100865d63ca8fd42ac6f
SHA1 90a6dc8b731114d847d4999b8d876ef7b90d8f61
SHA256 83086e3e6185537108e357418df9af25bfe821e3eeb1b25c10609a1c37903f35
SHA512 cd4c766f6164bc322ea2c61fed8d50086a747befad94b5dcc40edc40e3c79fba6a9c7d2a0279c4819b1444b90cd8572c987eabce5a0492d92666ad7175686075

\Windows\system\ztJlQVc.exe

MD5 87f07f60e524a6eca6bfdc558520b2df
SHA1 92c5b482107d53afcfac2b278f3fb9776d521ce6
SHA256 122a9234a39575646f6b7a1cb03be082f544ea8d5229a1f060affbf386f0fdef
SHA512 c8668661098fb6752d980140c276c320e7106811fca55efc24803a66023a0f245a6540477f4aaa44ddc5fe6639a419bb8b9376078de1d72b84bdd0b648ad21e1

C:\Windows\system\vmtYycX.exe

MD5 836a7c26233e9905181255d040caf3a9
SHA1 55b8a71e6f41d6815eb29390a68a89f17bb6ed74
SHA256 61c0cab9d5ce92d2909a7b7b38426b1359d154cba2f1fe0f0cbd69f5f7423f9d
SHA512 7630526a6ac5b5da129931c54846b287e9b75a93a2ce5e3a338568747074c2ff8737a7897cec78fe9964a0065181fb24edf211ce41ec38b0a0762fa39f5e6d5a

memory/1964-33-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1964-35-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2692-37-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2716-39-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2636-38-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1964-36-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2304-34-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1964-32-0x000000013F770000-0x000000013FAC4000-memory.dmp

C:\Windows\system\EIwzyea.exe

MD5 730e9742fe3419b0ddce96709f885adb
SHA1 5bf888a857fd67ae11e4b55a7e5ee1214a69cac6
SHA256 6ce35a6c5a112b7cbd9ddc149edb868f4a587c8f7f9311ae0a4cebb90cda44f4
SHA512 4fb768993d5f8f04052d3d0a1ddc3db3d77bc8ad78a7327c9e87cec37881180ac8f8c3a73239d3eb6fdeafa9fae7b6476c12ea13b7a6482d776bfcbff9eea031

memory/2980-28-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/1964-20-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2912-14-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/1964-9-0x0000000002000000-0x0000000002354000-memory.dmp

\Windows\system\lWLRxfI.exe

MD5 b2201e5eab76104007120a0ba5c3cd36
SHA1 e006d0f2651fd074498fcfecfd0d9306e460ca55
SHA256 2d60fe9d67429b868a54887fd15cba24ace0ecc75acff6669b030d884313a605
SHA512 8eac615712e78aa033c86b05574ae8453a1638cd578240a88e2796f1c1ca9c12f538061a59e07e40c694e1e46caa4cda6688fccb0d4570d1adb7da1746ec8ad5

memory/1964-52-0x000000013F800000-0x000000013FB54000-memory.dmp

C:\Windows\system\EXVhCRw.exe

MD5 1d0e4f3809aaa835c6b307e8f17243c3
SHA1 13f7acd0c23956413aa4b82567e3ca39c1a18f5d
SHA256 402bed0b42f4f9752e73a264776636c9c3f514819d6bb13889118e0b5a704c46
SHA512 0762db3fd67060da0bb4b94c8c513446200edf749b59b7a12a2eb382524fc9161e2d9774df03ecd3c50460e5470c028ed3797e8660f79b5725205a4ebd1fb0ea

memory/1560-70-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2920-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2912-86-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2676-87-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/1236-78-0x000000013F410000-0x000000013F764000-memory.dmp

memory/1964-89-0x0000000002000000-0x0000000002354000-memory.dmp

memory/1528-92-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/2304-91-0x000000013F6B0000-0x000000013FA04000-memory.dmp

C:\Windows\system\hpGsNhF.exe

MD5 0d8f7b85195f8c1c0d5a174583e7479a
SHA1 66db3a46bf43bc1c42ef613c17a1d0e363556f8c
SHA256 cbb0622f099bfa413bdcc07e5788a2236cde0722e84df63ed02bbaea8981ddb9
SHA512 4f60dfc96ca8317f712d20c1c782bbf4e297b7c5159e696fd0c26c1ceefd0335ff31cbd3a828591aaab8df2a3091c8707859a9a22f7bff0ff99206c0b9e9e4fd

memory/1964-77-0x000000013F290000-0x000000013F5E4000-memory.dmp

C:\Windows\system\rnpdaCs.exe

MD5 4bb29e37c33ce4e359144dc692e97b64
SHA1 8ce6e69f2ea56cbb57b48af4bc049fb2edb137b5
SHA256 121c22ab4dabc92e5ba6523be64b9040474b252e1f3f35a4d7a89cf3685c9fab
SHA512 c46c1e37c0f825d49c78bc9420ebd82aa1136e8d48663e59645f84b493fa14b3df0721bfd8f5208bd2be77a561c60178e2aa7440455c9b0df0666602e70429ca

memory/1964-85-0x0000000002000000-0x0000000002354000-memory.dmp

C:\Windows\system\JMmWggY.exe

MD5 e9e5c84097afd98261c9618d55eca78f
SHA1 6245b34756c4238f27e2147f49d688708210a687
SHA256 698afac8432ef73e98942136c2a14c80fbcd291aa7f63dba00a8e2accf915176
SHA512 bc3e55cece891712f7544be4ad225ecec5193062100f83436d57d19dd8249685744c5a24b79bd41bec252110c04d35334aa4c349cc3503c443279cf0ecf2ddd6

memory/1964-63-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\VTNZOmJ.exe

MD5 7c20566c39dc4e2dc1b37def6656f7f1
SHA1 d4d49c70a37208ceea70da45a77045515d905ce1
SHA256 9b294198d7645dfd462d13ae76f8e154c542cf7e44086d38a2840e6939704e43
SHA512 cbf377bdb97b1e3391da5f15f01dad78aec45b6cb3b8fffc36cfede52c2d56524038b5b9072b2210b6798cac1b1936d0c6328fe4ab9c12a71c480be4da95efff

C:\Windows\system\rIgSwqE.exe

MD5 e73acd3262205f35443ee1467e908cfc
SHA1 92e14339e7a241c5e9c13c3f8c9919dc2e3d8528
SHA256 cb896533be8a05645d144ebe630a24628913ba13c66048bfeff18fba7be79cb7
SHA512 218f0dc1340d420ad7f8f776cc8e1997437c23a681dec808991c7ffd16edcc8ff3ce5f5c6c77b8a44183ff05044934ec9393bb82af4d2bceeeb422512b6a2271

memory/1964-69-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2536-56-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1964-46-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2412-51-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2716-96-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2636-95-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2692-94-0x000000013FBE0000-0x000000013FF34000-memory.dmp

C:\Windows\system\FKLnHfQ.exe

MD5 02a07789043a29c21d3fc438489683c8
SHA1 b80c3ad5f4178bf8f77be7b15ea9c88230536683
SHA256 1bbde893e941d4b9c187ae44d7ee83d52400c8360fcd50857d0c031c079892f8
SHA512 8cb4aa364d18091b3585f3783955b82601bd436009a1a7faf15eee4dfa66752f81feeafb8b62618522f1298196b8d8c9a71d44b0940a96e93c48736626d76c59

memory/1964-104-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/756-105-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2412-106-0x000000013FD50000-0x00000001400A4000-memory.dmp

\Windows\system\hRqQTwd.exe

MD5 13ce9bbdc38bb25db560b625f82ee713
SHA1 98b2a57f9adfe2e116fcec422d724cfe3818a0e6
SHA256 3e280cc9499a2f7dbfdccb78f9dadf52a8ccfe878fa22c4911798fe615cb6cbc
SHA512 c400d26c54125b742a06cf67dce6590f9b99f9847e7e188b74b9a184bec7def4e6bb2f7c8c38fd6bcdeeb47ece64532bf1bdec9a704051d7453ff15f266b23b3

memory/2536-110-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1964-112-0x0000000002000000-0x0000000002354000-memory.dmp

C:\Windows\system\tVASVPW.exe

MD5 9ce7435b4ff8cad5150d21a7a7e868df
SHA1 fa377b7cb16f102023de757583a2175fca99c48a
SHA256 9ea1bbea9ec1a71b783e9e9b20afce76f898704ea129d29e31655536c1046f03
SHA512 c837e8e6fed5900e8a9e602f40499ed607ba4caa493edc44246538cf5676cb1b3c9b206b06e874ed8cb2e88c2892adb6b41c5527774207f49027d7d29e1b37cf

\Windows\system\fTurchv.exe

MD5 b5d4c9fc009dd16eb6e8183f0030e69b
SHA1 00d5ea80cdcde67c7d401fc23717dfb4a6d49bf6
SHA256 4396d7c766a973781847d78473764bcc341853c2f688eb0d6391ea49e7d6b5e1
SHA512 490c58d8dc6d3f1d60734a2212125e7582c295eaff8851429e9c4496073b071972f68372da823266ec9c11f65ff239ceb789bc5db3ac79b44e681370e04e424f

\Windows\system\EQgdUFQ.exe

MD5 10aa862186e35259177f74ae55b759b9
SHA1 c7d3590638cf0a9a7eb643d99c5fb5b370cb4de6
SHA256 1f645f14b8b5f8d503ab9686e0ca609720d61ae042a590890731c722fd0c4b3f
SHA512 7c484ff6d2de754fa8257c0c9d219c071dc8ac09b7b23086fdf5d25e3de06beef13401c3dac98363f1d3d573f5a861912a1dbea10b5d057022a52f855aa45bc7

C:\Windows\system\IjIjJDd.exe

MD5 25a024ff39e6fbac9bf4595f2952ca5d
SHA1 33cf150635be21f04a01c9e726d29631e42270ad
SHA256 e62907ac88e25f7437a8ae61a8aed83792488f4aef329e2d931412da46048988
SHA512 03afab8e9eb6f366c2b0ba1e92ba959ff3a3fea0730ef6d577b0512b023410aec07250b623af2dd4c364e0f1e9b063dab98c110a6d5a3072c3d214152e133a20

C:\Windows\system\wPMsnJl.exe

MD5 cf12cac03185447ddf205b138250224d
SHA1 a7e4375526b0163356a62051b9d3d180c51278fa
SHA256 3e47480bafcb843a7b90fab0ebb4bdd8f894cd20a90fc53be017bc8b0951c4e8
SHA512 dcd8b4af47c2f24945fe9d394f81278f0633e0dab41702cbe14c6bbb478cdf68a80585c0e7df32652e835d14ebb903476f727a8ebde0e6734a724ad20602c94a

\Windows\system\OrboMDo.exe

MD5 31022a3e714d85cece4bf0466521b1c1
SHA1 0eb18a4b63f065ec9942cd3cb67cfce0e7eec56a
SHA256 bafc5fe1184d2042f8784e9843cc0da18606b1fe90cb30cc623b227e6399c180
SHA512 6ad2a67de5bebb390086f8e0f88c031fda3bff9d4e8f8400cdad6fe2006a4e3ab82b77378e52ee32c4a4b6800425a52e50dcfd30f5549ae8f922e88616f0f366

C:\Windows\system\hBxFTyG.exe

MD5 15d06c50f639013d34baede9a801b870
SHA1 5ab8c5b2f739d113f248187ea51dee2da64c33d9
SHA256 90d4d1a2cb2e8a228f795efc81929e6788820b37c57600a542f15f08b9076130
SHA512 0d114a06244126fed1abca03ca073f892aa117c6c18d03dc286688b67936285f77fff8103c617149d1bb459547176f5de4fafeb5aa947cb33c6331de02e065dd

C:\Windows\system\NwUHiAg.exe

MD5 8038170d7c882b6fd9ea2b86a62353c1
SHA1 af1e639aa56288e018e00e46210b70f2d9206fc0
SHA256 16a86e0f30293bc817cb5ea3d072181f9790b9fcead1acd7b01208f19a82f233
SHA512 2eda6bff93aaf4d573fa6c721cfa335ae44dac1b53bcbdeff7ab0723bba2599f6d2d6f3a55c545bcee8f1d1eb17373d008d9cf219c1ecfb6a138760bdb20bad1

C:\Windows\system\dYYiuze.exe

MD5 e8efe0410de1dcc63dca5b2f106d3fa2
SHA1 01d7558af7a98c081b182689af382fa377aa3402
SHA256 11ee59e18875d94878511aa20bd5db82737289c369d47996d9774ebf7cdb80f9
SHA512 e175a7690fa83d8700b70cd5fd171a33d54bace91ee58fec825295440e80a1632520cc4b0a1abd4653183f0806cce8ed7ad19feba051aaf6ae601de45d81ab89

C:\Windows\system\hFRfWPp.exe

MD5 13f61d4ebbdbbc87d7cbf64de7136851
SHA1 72800d4ab56ca174ef4415a1376e342a34716a37
SHA256 4e96790b33d88a3ffc9b65e417980054d0452d0959d5f062e98cc4a630f726dd
SHA512 c2ec5e1e3d63b42d57012b69248370c1ceaa3fc16af1177b29d7ed56504a202d4b8f40809b3723553a2e4ef8fee597a252b66f00f14cc4341e75bef3d5b1b646

C:\Windows\system\aIQoFNb.exe

MD5 2eb6eb206938adb0f1cf12f930919e0c
SHA1 410749cedf655e5bd9985c272f1d6fe20171416b
SHA256 56d32c724e98cf1390691fcc31d08e3a6f73172b2509b187ee5b6f268d8ea4f1
SHA512 c810e178b93dd56e419207fb5450d1af0845769f3a20f1d6530a515e0c6cd8bbd1ddcbd5afcc077933f8ab332ce80240c045d3f63e9ae87c09e228001c1771af

memory/2920-244-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\EDPKUbO.exe

MD5 140ab0c17c315f30080a064982f99a44
SHA1 607be425a3ce84cf8a660e11482e17cd06d02dfd
SHA256 48b111da72937c2b2d2c3c20aae8f41bf04c94e4e2fe2b778f590abb27459059
SHA512 cacf2f4660bc7be10d468cce00d77348b8b3aaca7c19d40d38213bb24007f4a8c2a131bed8739b211686118af59e8228e3a948cbd9b534bd57060f828b9ce39f

C:\Windows\system\jeoKhEY.exe

MD5 ce94d15f41c2868467aca8f6ee927224
SHA1 4134f528ff60a7f8deae52dbd5abac66caf07b56
SHA256 82bc28fc23fd3332aa08eaa61cb306d787ef0e55640669dd1997055ac5e5c806
SHA512 23f991ae4202ca4c10a6e0accd28d0246d8fd767801c0b9e319d8a15dc5e2d51932e3cb196b038411ad15040f78031a2617d465ead0b46a6f5a9aac322b05a04

C:\Windows\system\FOuVFHg.exe

MD5 5912cab29c4a0e5b5f778b943e99ac92
SHA1 8e1e26f18b0f422fc52fe2ee107ffd4946d1bbf0
SHA256 8fcb807f79f2811a0aa0a6f69eb2bc0d03f23b4fdfdfa1152b0ca6fda2f8bb40
SHA512 a82b1e3909a1d9bc00436c52b759f08b6ded5a03f3b114d46b544498dceebb3a57b5fde010ac1871bf728fd311304969f8efee0c853d47bf3a077abdebf57da6

C:\Windows\system\TVaWDaI.exe

MD5 ae8ab9700e1fd758fb2e771b54d72e92
SHA1 e90c0c9945c9e8cb5ef3c44c709197fdb55daf11
SHA256 b7b92d659ee484ace9ed93cb737322cf136221cc5e2cc91ee9749d72e5d00dbf
SHA512 fd7d081255c99d88d85f51c2c8e513e661b624b51c8d21626c1eb7b3979ff40b9039c054a463156b417e7814b2ccb4289eb543eff6bec8324407d2621ded96e1

C:\Windows\system\ZAkyOHM.exe

MD5 7a46404b02c42112a23c137b91c425e9
SHA1 58315b9c37b74c213c08b045923509c3f5412273
SHA256 f67f472cb11776f0a7fd51a07ee6c657a18810ce46bd1812fe1cb5401b86a45b
SHA512 5889351e6019f2c8a247a6ce56fc617a381c81411c9e32f81dd615160698cf40753357b224654f7b8ef6211f8d0d900e46f775f1a377c3ff884c22223555e968

C:\Windows\system\pLnVqZH.exe

MD5 5cbe2b72b0c077a2e9590e5178886bda
SHA1 056ca038b766dd9c3d8d578b1eede07138898ecc
SHA256 b2bf9b8a11f8d30e5d1ad262a71d9e92c73d2498a322307cc98e0d4d19753bae
SHA512 9dc8ddd7cf332d57e252f103f7165c86267aa038ae4b5cd525471fb935b42d2aaf14114d7e88917a12873b6fdddce45b694fffbe3e2bdd8218b855d3e69edaff

memory/1560-1077-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/1964-1078-0x0000000002000000-0x0000000002354000-memory.dmp

memory/1236-1079-0x000000013F410000-0x000000013F764000-memory.dmp

memory/1964-1080-0x0000000002000000-0x0000000002354000-memory.dmp

memory/1964-1081-0x0000000002000000-0x0000000002354000-memory.dmp

memory/1528-1082-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/1964-1083-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2980-1084-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/2912-1085-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2636-1086-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2716-1088-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2692-1087-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2304-1089-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2536-1090-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1560-1092-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2412-1091-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/1236-1093-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2676-1094-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2920-1095-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/1528-1096-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/756-1097-0x000000013F650000-0x000000013F9A4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 01:37

Reported

2024-05-31 01:39

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xxvHMdY.exe N/A
N/A N/A C:\Windows\System\pmFeFSt.exe N/A
N/A N/A C:\Windows\System\pVsUxIN.exe N/A
N/A N/A C:\Windows\System\ltnMJHo.exe N/A
N/A N/A C:\Windows\System\EmAWcCU.exe N/A
N/A N/A C:\Windows\System\LAjPwTK.exe N/A
N/A N/A C:\Windows\System\VHYPZDY.exe N/A
N/A N/A C:\Windows\System\pAbNwBc.exe N/A
N/A N/A C:\Windows\System\TQvbPwH.exe N/A
N/A N/A C:\Windows\System\DHMPddf.exe N/A
N/A N/A C:\Windows\System\GfhjvXd.exe N/A
N/A N/A C:\Windows\System\JeZlgXg.exe N/A
N/A N/A C:\Windows\System\BOCbdyW.exe N/A
N/A N/A C:\Windows\System\lqcbZMQ.exe N/A
N/A N/A C:\Windows\System\eCoBMnZ.exe N/A
N/A N/A C:\Windows\System\cwSnzJW.exe N/A
N/A N/A C:\Windows\System\ddTAxAl.exe N/A
N/A N/A C:\Windows\System\vONkBTp.exe N/A
N/A N/A C:\Windows\System\XXAVwHk.exe N/A
N/A N/A C:\Windows\System\hcKdVyA.exe N/A
N/A N/A C:\Windows\System\XrDeFGO.exe N/A
N/A N/A C:\Windows\System\lIUFzxJ.exe N/A
N/A N/A C:\Windows\System\nIfshkO.exe N/A
N/A N/A C:\Windows\System\ikpgEag.exe N/A
N/A N/A C:\Windows\System\KhJYDVW.exe N/A
N/A N/A C:\Windows\System\tMDJiHp.exe N/A
N/A N/A C:\Windows\System\bOcDEqk.exe N/A
N/A N/A C:\Windows\System\RPUQGPL.exe N/A
N/A N/A C:\Windows\System\RwKbTjK.exe N/A
N/A N/A C:\Windows\System\ExaYhCW.exe N/A
N/A N/A C:\Windows\System\coLFRtS.exe N/A
N/A N/A C:\Windows\System\mVnNYPv.exe N/A
N/A N/A C:\Windows\System\cykORcz.exe N/A
N/A N/A C:\Windows\System\YOvHJPv.exe N/A
N/A N/A C:\Windows\System\DauqTqk.exe N/A
N/A N/A C:\Windows\System\DnNGOZV.exe N/A
N/A N/A C:\Windows\System\EiBTXKb.exe N/A
N/A N/A C:\Windows\System\EMFqXYK.exe N/A
N/A N/A C:\Windows\System\OOhnCxn.exe N/A
N/A N/A C:\Windows\System\uuFaUpR.exe N/A
N/A N/A C:\Windows\System\Hyxbqhm.exe N/A
N/A N/A C:\Windows\System\ymGdwNC.exe N/A
N/A N/A C:\Windows\System\PjlwbMu.exe N/A
N/A N/A C:\Windows\System\QaGsDlX.exe N/A
N/A N/A C:\Windows\System\wMxBXjd.exe N/A
N/A N/A C:\Windows\System\kTUztoB.exe N/A
N/A N/A C:\Windows\System\GQotnGN.exe N/A
N/A N/A C:\Windows\System\SjaUrJj.exe N/A
N/A N/A C:\Windows\System\DMJMVNi.exe N/A
N/A N/A C:\Windows\System\eECAZeo.exe N/A
N/A N/A C:\Windows\System\iDvXqbR.exe N/A
N/A N/A C:\Windows\System\nyCGqfi.exe N/A
N/A N/A C:\Windows\System\oEsFljQ.exe N/A
N/A N/A C:\Windows\System\cniVFcs.exe N/A
N/A N/A C:\Windows\System\iqsvYMG.exe N/A
N/A N/A C:\Windows\System\MQikzHW.exe N/A
N/A N/A C:\Windows\System\JvUVPOA.exe N/A
N/A N/A C:\Windows\System\XDxEOim.exe N/A
N/A N/A C:\Windows\System\YfUFtyT.exe N/A
N/A N/A C:\Windows\System\rAiPphJ.exe N/A
N/A N/A C:\Windows\System\ozYoZVe.exe N/A
N/A N/A C:\Windows\System\mlsPdjj.exe N/A
N/A N/A C:\Windows\System\LgbUHSN.exe N/A
N/A N/A C:\Windows\System\xowhBjJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aHMsymb.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUYFtSp.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spmINjT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhuSItq.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQvJYTF.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ikpgEag.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNtkDrv.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YfUFtyT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CaEQkFq.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jQWnKmk.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qmfwEdK.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlNituL.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozYoZVe.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBeINTy.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyejYby.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLtJzlI.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\maxJXGw.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDvXqbR.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KnnnnMl.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIvUCHT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PlmWHmG.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zrmuYmJ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoEdLWA.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ChyFDog.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dncMSuQ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fafKdiJ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxFdksc.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\phaiiDU.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpgTKSE.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMkbclr.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrNvMVw.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zVaEobP.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWRCJAS.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibpyiFt.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\muQdmRA.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExaYhCW.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbKMxju.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTUztoB.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgbUHSN.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqsvYMG.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQPxfXg.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNWsAyH.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOVhQzs.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOsQdDS.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUVqJhn.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\czxIjNJ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xowhBjJ.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRlUiMm.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MoObPyE.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhgFXTz.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eALwOny.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWVXTKM.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuFaUpR.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjlwbMu.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifgiZso.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJuydHT.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HaAMMgX.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SotcZQY.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECoxeyy.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjQdLvh.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TQvbPwH.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiBTXKb.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cniVFcs.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRwXrDg.exe C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2136 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\xxvHMdY.exe
PID 2136 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\xxvHMdY.exe
PID 2136 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pmFeFSt.exe
PID 2136 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pmFeFSt.exe
PID 2136 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pVsUxIN.exe
PID 2136 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pVsUxIN.exe
PID 2136 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ltnMJHo.exe
PID 2136 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ltnMJHo.exe
PID 2136 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EmAWcCU.exe
PID 2136 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\EmAWcCU.exe
PID 2136 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\LAjPwTK.exe
PID 2136 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\LAjPwTK.exe
PID 2136 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\VHYPZDY.exe
PID 2136 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\VHYPZDY.exe
PID 2136 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pAbNwBc.exe
PID 2136 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\pAbNwBc.exe
PID 2136 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\TQvbPwH.exe
PID 2136 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\TQvbPwH.exe
PID 2136 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\DHMPddf.exe
PID 2136 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\DHMPddf.exe
PID 2136 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\GfhjvXd.exe
PID 2136 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\GfhjvXd.exe
PID 2136 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\JeZlgXg.exe
PID 2136 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\JeZlgXg.exe
PID 2136 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\BOCbdyW.exe
PID 2136 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\BOCbdyW.exe
PID 2136 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lqcbZMQ.exe
PID 2136 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lqcbZMQ.exe
PID 2136 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\eCoBMnZ.exe
PID 2136 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\eCoBMnZ.exe
PID 2136 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\cwSnzJW.exe
PID 2136 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\cwSnzJW.exe
PID 2136 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ddTAxAl.exe
PID 2136 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ddTAxAl.exe
PID 2136 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\vONkBTp.exe
PID 2136 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\vONkBTp.exe
PID 2136 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\XXAVwHk.exe
PID 2136 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\XXAVwHk.exe
PID 2136 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hcKdVyA.exe
PID 2136 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\hcKdVyA.exe
PID 2136 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\XrDeFGO.exe
PID 2136 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\XrDeFGO.exe
PID 2136 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lIUFzxJ.exe
PID 2136 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\lIUFzxJ.exe
PID 2136 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nIfshkO.exe
PID 2136 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\nIfshkO.exe
PID 2136 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ikpgEag.exe
PID 2136 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ikpgEag.exe
PID 2136 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\KhJYDVW.exe
PID 2136 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\KhJYDVW.exe
PID 2136 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\tMDJiHp.exe
PID 2136 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\tMDJiHp.exe
PID 2136 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\bOcDEqk.exe
PID 2136 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\bOcDEqk.exe
PID 2136 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\RPUQGPL.exe
PID 2136 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\RPUQGPL.exe
PID 2136 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\RwKbTjK.exe
PID 2136 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\RwKbTjK.exe
PID 2136 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ExaYhCW.exe
PID 2136 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\ExaYhCW.exe
PID 2136 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\mVnNYPv.exe
PID 2136 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\mVnNYPv.exe
PID 2136 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\coLFRtS.exe
PID 2136 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe C:\Windows\System\coLFRtS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71ab83b91dd430611c6d98f86911b4a0_NeikiAnalytics.exe"

C:\Windows\System\xxvHMdY.exe

C:\Windows\System\xxvHMdY.exe

C:\Windows\System\pmFeFSt.exe

C:\Windows\System\pmFeFSt.exe

C:\Windows\System\pVsUxIN.exe

C:\Windows\System\pVsUxIN.exe

C:\Windows\System\ltnMJHo.exe

C:\Windows\System\ltnMJHo.exe

C:\Windows\System\EmAWcCU.exe

C:\Windows\System\EmAWcCU.exe

C:\Windows\System\LAjPwTK.exe

C:\Windows\System\LAjPwTK.exe

C:\Windows\System\VHYPZDY.exe

C:\Windows\System\VHYPZDY.exe

C:\Windows\System\pAbNwBc.exe

C:\Windows\System\pAbNwBc.exe

C:\Windows\System\TQvbPwH.exe

C:\Windows\System\TQvbPwH.exe

C:\Windows\System\DHMPddf.exe

C:\Windows\System\DHMPddf.exe

C:\Windows\System\GfhjvXd.exe

C:\Windows\System\GfhjvXd.exe

C:\Windows\System\JeZlgXg.exe

C:\Windows\System\JeZlgXg.exe

C:\Windows\System\BOCbdyW.exe

C:\Windows\System\BOCbdyW.exe

C:\Windows\System\lqcbZMQ.exe

C:\Windows\System\lqcbZMQ.exe

C:\Windows\System\eCoBMnZ.exe

C:\Windows\System\eCoBMnZ.exe

C:\Windows\System\cwSnzJW.exe

C:\Windows\System\cwSnzJW.exe

C:\Windows\System\ddTAxAl.exe

C:\Windows\System\ddTAxAl.exe

C:\Windows\System\vONkBTp.exe

C:\Windows\System\vONkBTp.exe

C:\Windows\System\XXAVwHk.exe

C:\Windows\System\XXAVwHk.exe

C:\Windows\System\hcKdVyA.exe

C:\Windows\System\hcKdVyA.exe

C:\Windows\System\XrDeFGO.exe

C:\Windows\System\XrDeFGO.exe

C:\Windows\System\lIUFzxJ.exe

C:\Windows\System\lIUFzxJ.exe

C:\Windows\System\nIfshkO.exe

C:\Windows\System\nIfshkO.exe

C:\Windows\System\ikpgEag.exe

C:\Windows\System\ikpgEag.exe

C:\Windows\System\KhJYDVW.exe

C:\Windows\System\KhJYDVW.exe

C:\Windows\System\tMDJiHp.exe

C:\Windows\System\tMDJiHp.exe

C:\Windows\System\bOcDEqk.exe

C:\Windows\System\bOcDEqk.exe

C:\Windows\System\RPUQGPL.exe

C:\Windows\System\RPUQGPL.exe

C:\Windows\System\RwKbTjK.exe

C:\Windows\System\RwKbTjK.exe

C:\Windows\System\ExaYhCW.exe

C:\Windows\System\ExaYhCW.exe

C:\Windows\System\mVnNYPv.exe

C:\Windows\System\mVnNYPv.exe

C:\Windows\System\coLFRtS.exe

C:\Windows\System\coLFRtS.exe

C:\Windows\System\cykORcz.exe

C:\Windows\System\cykORcz.exe

C:\Windows\System\YOvHJPv.exe

C:\Windows\System\YOvHJPv.exe

C:\Windows\System\DauqTqk.exe

C:\Windows\System\DauqTqk.exe

C:\Windows\System\DnNGOZV.exe

C:\Windows\System\DnNGOZV.exe

C:\Windows\System\EiBTXKb.exe

C:\Windows\System\EiBTXKb.exe

C:\Windows\System\EMFqXYK.exe

C:\Windows\System\EMFqXYK.exe

C:\Windows\System\OOhnCxn.exe

C:\Windows\System\OOhnCxn.exe

C:\Windows\System\uuFaUpR.exe

C:\Windows\System\uuFaUpR.exe

C:\Windows\System\Hyxbqhm.exe

C:\Windows\System\Hyxbqhm.exe

C:\Windows\System\ymGdwNC.exe

C:\Windows\System\ymGdwNC.exe

C:\Windows\System\PjlwbMu.exe

C:\Windows\System\PjlwbMu.exe

C:\Windows\System\QaGsDlX.exe

C:\Windows\System\QaGsDlX.exe

C:\Windows\System\wMxBXjd.exe

C:\Windows\System\wMxBXjd.exe

C:\Windows\System\kTUztoB.exe

C:\Windows\System\kTUztoB.exe

C:\Windows\System\GQotnGN.exe

C:\Windows\System\GQotnGN.exe

C:\Windows\System\SjaUrJj.exe

C:\Windows\System\SjaUrJj.exe

C:\Windows\System\DMJMVNi.exe

C:\Windows\System\DMJMVNi.exe

C:\Windows\System\eECAZeo.exe

C:\Windows\System\eECAZeo.exe

C:\Windows\System\iDvXqbR.exe

C:\Windows\System\iDvXqbR.exe

C:\Windows\System\nyCGqfi.exe

C:\Windows\System\nyCGqfi.exe

C:\Windows\System\oEsFljQ.exe

C:\Windows\System\oEsFljQ.exe

C:\Windows\System\cniVFcs.exe

C:\Windows\System\cniVFcs.exe

C:\Windows\System\iqsvYMG.exe

C:\Windows\System\iqsvYMG.exe

C:\Windows\System\MQikzHW.exe

C:\Windows\System\MQikzHW.exe

C:\Windows\System\JvUVPOA.exe

C:\Windows\System\JvUVPOA.exe

C:\Windows\System\XDxEOim.exe

C:\Windows\System\XDxEOim.exe

C:\Windows\System\YfUFtyT.exe

C:\Windows\System\YfUFtyT.exe

C:\Windows\System\rAiPphJ.exe

C:\Windows\System\rAiPphJ.exe

C:\Windows\System\ozYoZVe.exe

C:\Windows\System\ozYoZVe.exe

C:\Windows\System\sppWLTg.exe

C:\Windows\System\sppWLTg.exe

C:\Windows\System\mlsPdjj.exe

C:\Windows\System\mlsPdjj.exe

C:\Windows\System\LgbUHSN.exe

C:\Windows\System\LgbUHSN.exe

C:\Windows\System\xowhBjJ.exe

C:\Windows\System\xowhBjJ.exe

C:\Windows\System\LHsHiYs.exe

C:\Windows\System\LHsHiYs.exe

C:\Windows\System\pTvXJne.exe

C:\Windows\System\pTvXJne.exe

C:\Windows\System\wHiAisi.exe

C:\Windows\System\wHiAisi.exe

C:\Windows\System\vdwJdEx.exe

C:\Windows\System\vdwJdEx.exe

C:\Windows\System\rXFpeNB.exe

C:\Windows\System\rXFpeNB.exe

C:\Windows\System\mdcjGHo.exe

C:\Windows\System\mdcjGHo.exe

C:\Windows\System\aHMsymb.exe

C:\Windows\System\aHMsymb.exe

C:\Windows\System\uCbZbQc.exe

C:\Windows\System\uCbZbQc.exe

C:\Windows\System\VyEeFxS.exe

C:\Windows\System\VyEeFxS.exe

C:\Windows\System\mDrzfLu.exe

C:\Windows\System\mDrzfLu.exe

C:\Windows\System\FPBtxGU.exe

C:\Windows\System\FPBtxGU.exe

C:\Windows\System\AhzemMT.exe

C:\Windows\System\AhzemMT.exe

C:\Windows\System\gzTBxwK.exe

C:\Windows\System\gzTBxwK.exe

C:\Windows\System\gJFcDnf.exe

C:\Windows\System\gJFcDnf.exe

C:\Windows\System\wjisQJg.exe

C:\Windows\System\wjisQJg.exe

C:\Windows\System\KnnnnMl.exe

C:\Windows\System\KnnnnMl.exe

C:\Windows\System\CMIlzFJ.exe

C:\Windows\System\CMIlzFJ.exe

C:\Windows\System\ChyFDog.exe

C:\Windows\System\ChyFDog.exe

C:\Windows\System\LnbwMrU.exe

C:\Windows\System\LnbwMrU.exe

C:\Windows\System\eqtkzja.exe

C:\Windows\System\eqtkzja.exe

C:\Windows\System\pyJsJRU.exe

C:\Windows\System\pyJsJRU.exe

C:\Windows\System\FCoCoaX.exe

C:\Windows\System\FCoCoaX.exe

C:\Windows\System\ZAeebaL.exe

C:\Windows\System\ZAeebaL.exe

C:\Windows\System\GDdppzJ.exe

C:\Windows\System\GDdppzJ.exe

C:\Windows\System\AqotJrx.exe

C:\Windows\System\AqotJrx.exe

C:\Windows\System\BEXPzzf.exe

C:\Windows\System\BEXPzzf.exe

C:\Windows\System\ifgiZso.exe

C:\Windows\System\ifgiZso.exe

C:\Windows\System\JZHCqlI.exe

C:\Windows\System\JZHCqlI.exe

C:\Windows\System\zlSEDsN.exe

C:\Windows\System\zlSEDsN.exe

C:\Windows\System\EvDtfAO.exe

C:\Windows\System\EvDtfAO.exe

C:\Windows\System\YryhDQb.exe

C:\Windows\System\YryhDQb.exe

C:\Windows\System\HBeINTy.exe

C:\Windows\System\HBeINTy.exe

C:\Windows\System\KTNCeHa.exe

C:\Windows\System\KTNCeHa.exe

C:\Windows\System\mdwWzLw.exe

C:\Windows\System\mdwWzLw.exe

C:\Windows\System\txqqyjO.exe

C:\Windows\System\txqqyjO.exe

C:\Windows\System\BjQdLvh.exe

C:\Windows\System\BjQdLvh.exe

C:\Windows\System\rLcRBjC.exe

C:\Windows\System\rLcRBjC.exe

C:\Windows\System\UygyRrr.exe

C:\Windows\System\UygyRrr.exe

C:\Windows\System\sGLCjMf.exe

C:\Windows\System\sGLCjMf.exe

C:\Windows\System\HaAMMgX.exe

C:\Windows\System\HaAMMgX.exe

C:\Windows\System\hzTvToy.exe

C:\Windows\System\hzTvToy.exe

C:\Windows\System\JujLiwt.exe

C:\Windows\System\JujLiwt.exe

C:\Windows\System\sUViGWD.exe

C:\Windows\System\sUViGWD.exe

C:\Windows\System\zcYKdrB.exe

C:\Windows\System\zcYKdrB.exe

C:\Windows\System\XyyXiCz.exe

C:\Windows\System\XyyXiCz.exe

C:\Windows\System\fbKMxju.exe

C:\Windows\System\fbKMxju.exe

C:\Windows\System\gELMLVR.exe

C:\Windows\System\gELMLVR.exe

C:\Windows\System\ayXjnRO.exe

C:\Windows\System\ayXjnRO.exe

C:\Windows\System\lKEfLdM.exe

C:\Windows\System\lKEfLdM.exe

C:\Windows\System\oVWIapU.exe

C:\Windows\System\oVWIapU.exe

C:\Windows\System\UUttVYo.exe

C:\Windows\System\UUttVYo.exe

C:\Windows\System\lpamxTm.exe

C:\Windows\System\lpamxTm.exe

C:\Windows\System\EIhRQop.exe

C:\Windows\System\EIhRQop.exe

C:\Windows\System\ZRYHBNb.exe

C:\Windows\System\ZRYHBNb.exe

C:\Windows\System\eRNTAJU.exe

C:\Windows\System\eRNTAJU.exe

C:\Windows\System\eXDPXPv.exe

C:\Windows\System\eXDPXPv.exe

C:\Windows\System\gLKbbGz.exe

C:\Windows\System\gLKbbGz.exe

C:\Windows\System\bIvUCHT.exe

C:\Windows\System\bIvUCHT.exe

C:\Windows\System\liufqdj.exe

C:\Windows\System\liufqdj.exe

C:\Windows\System\zQbckRv.exe

C:\Windows\System\zQbckRv.exe

C:\Windows\System\pbsEvYY.exe

C:\Windows\System\pbsEvYY.exe

C:\Windows\System\nqZHNBg.exe

C:\Windows\System\nqZHNBg.exe

C:\Windows\System\NKozfoL.exe

C:\Windows\System\NKozfoL.exe

C:\Windows\System\wffPaCe.exe

C:\Windows\System\wffPaCe.exe

C:\Windows\System\lMkbclr.exe

C:\Windows\System\lMkbclr.exe

C:\Windows\System\cbDHRiF.exe

C:\Windows\System\cbDHRiF.exe

C:\Windows\System\pABEiKJ.exe

C:\Windows\System\pABEiKJ.exe

C:\Windows\System\qYnOLlQ.exe

C:\Windows\System\qYnOLlQ.exe

C:\Windows\System\dYRcDpD.exe

C:\Windows\System\dYRcDpD.exe

C:\Windows\System\YTXrXPA.exe

C:\Windows\System\YTXrXPA.exe

C:\Windows\System\jDgcmqQ.exe

C:\Windows\System\jDgcmqQ.exe

C:\Windows\System\gslbbGC.exe

C:\Windows\System\gslbbGC.exe

C:\Windows\System\aipkWsr.exe

C:\Windows\System\aipkWsr.exe

C:\Windows\System\etNUQzC.exe

C:\Windows\System\etNUQzC.exe

C:\Windows\System\OyTVOah.exe

C:\Windows\System\OyTVOah.exe

C:\Windows\System\CaEQkFq.exe

C:\Windows\System\CaEQkFq.exe

C:\Windows\System\IrNvMVw.exe

C:\Windows\System\IrNvMVw.exe

C:\Windows\System\fMQaiUe.exe

C:\Windows\System\fMQaiUe.exe

C:\Windows\System\ELIMjEH.exe

C:\Windows\System\ELIMjEH.exe

C:\Windows\System\csvmMkH.exe

C:\Windows\System\csvmMkH.exe

C:\Windows\System\dncMSuQ.exe

C:\Windows\System\dncMSuQ.exe

C:\Windows\System\jsUDbQm.exe

C:\Windows\System\jsUDbQm.exe

C:\Windows\System\WlbwcAZ.exe

C:\Windows\System\WlbwcAZ.exe

C:\Windows\System\NKwgprF.exe

C:\Windows\System\NKwgprF.exe

C:\Windows\System\AeBUkuf.exe

C:\Windows\System\AeBUkuf.exe

C:\Windows\System\NfIxDFM.exe

C:\Windows\System\NfIxDFM.exe

C:\Windows\System\fafKdiJ.exe

C:\Windows\System\fafKdiJ.exe

C:\Windows\System\VwUVPbk.exe

C:\Windows\System\VwUVPbk.exe

C:\Windows\System\XcGKRKM.exe

C:\Windows\System\XcGKRKM.exe

C:\Windows\System\nQPxfXg.exe

C:\Windows\System\nQPxfXg.exe

C:\Windows\System\kPDAMDW.exe

C:\Windows\System\kPDAMDW.exe

C:\Windows\System\geQvuCv.exe

C:\Windows\System\geQvuCv.exe

C:\Windows\System\RFUAlDZ.exe

C:\Windows\System\RFUAlDZ.exe

C:\Windows\System\YIKZbiV.exe

C:\Windows\System\YIKZbiV.exe

C:\Windows\System\swfrOeW.exe

C:\Windows\System\swfrOeW.exe

C:\Windows\System\sbHKGOi.exe

C:\Windows\System\sbHKGOi.exe

C:\Windows\System\EKnPhdP.exe

C:\Windows\System\EKnPhdP.exe

C:\Windows\System\RlifAfv.exe

C:\Windows\System\RlifAfv.exe

C:\Windows\System\VdKvuaD.exe

C:\Windows\System\VdKvuaD.exe

C:\Windows\System\mxQVYEW.exe

C:\Windows\System\mxQVYEW.exe

C:\Windows\System\jERLKHM.exe

C:\Windows\System\jERLKHM.exe

C:\Windows\System\zVaEobP.exe

C:\Windows\System\zVaEobP.exe

C:\Windows\System\RXzbDeD.exe

C:\Windows\System\RXzbDeD.exe

C:\Windows\System\xRlUiMm.exe

C:\Windows\System\xRlUiMm.exe

C:\Windows\System\cSIojTV.exe

C:\Windows\System\cSIojTV.exe

C:\Windows\System\WSpjqXL.exe

C:\Windows\System\WSpjqXL.exe

C:\Windows\System\qRzUxdp.exe

C:\Windows\System\qRzUxdp.exe

C:\Windows\System\phjowGP.exe

C:\Windows\System\phjowGP.exe

C:\Windows\System\YbPHsRO.exe

C:\Windows\System\YbPHsRO.exe

C:\Windows\System\NJrvkgQ.exe

C:\Windows\System\NJrvkgQ.exe

C:\Windows\System\BTVjMMy.exe

C:\Windows\System\BTVjMMy.exe

C:\Windows\System\YCzaION.exe

C:\Windows\System\YCzaION.exe

C:\Windows\System\vyejYby.exe

C:\Windows\System\vyejYby.exe

C:\Windows\System\tpnrTDp.exe

C:\Windows\System\tpnrTDp.exe

C:\Windows\System\CNWsAyH.exe

C:\Windows\System\CNWsAyH.exe

C:\Windows\System\OYRhbaC.exe

C:\Windows\System\OYRhbaC.exe

C:\Windows\System\ZYiFyGK.exe

C:\Windows\System\ZYiFyGK.exe

C:\Windows\System\FwjUeyV.exe

C:\Windows\System\FwjUeyV.exe

C:\Windows\System\MXkYuGa.exe

C:\Windows\System\MXkYuGa.exe

C:\Windows\System\GGVKCWf.exe

C:\Windows\System\GGVKCWf.exe

C:\Windows\System\RxIsmhI.exe

C:\Windows\System\RxIsmhI.exe

C:\Windows\System\XuTuBHa.exe

C:\Windows\System\XuTuBHa.exe

C:\Windows\System\gDgvruO.exe

C:\Windows\System\gDgvruO.exe

C:\Windows\System\fHCapHW.exe

C:\Windows\System\fHCapHW.exe

C:\Windows\System\jQWnKmk.exe

C:\Windows\System\jQWnKmk.exe

C:\Windows\System\RrdukMi.exe

C:\Windows\System\RrdukMi.exe

C:\Windows\System\axAkNmM.exe

C:\Windows\System\axAkNmM.exe

C:\Windows\System\vABRWXY.exe

C:\Windows\System\vABRWXY.exe

C:\Windows\System\aLtJzlI.exe

C:\Windows\System\aLtJzlI.exe

C:\Windows\System\mzoOILb.exe

C:\Windows\System\mzoOILb.exe

C:\Windows\System\LkyBmGI.exe

C:\Windows\System\LkyBmGI.exe

C:\Windows\System\ppgSEJO.exe

C:\Windows\System\ppgSEJO.exe

C:\Windows\System\NVkzsFP.exe

C:\Windows\System\NVkzsFP.exe

C:\Windows\System\IjwMsNN.exe

C:\Windows\System\IjwMsNN.exe

C:\Windows\System\MoObPyE.exe

C:\Windows\System\MoObPyE.exe

C:\Windows\System\mMmuuoB.exe

C:\Windows\System\mMmuuoB.exe

C:\Windows\System\HYPrGhL.exe

C:\Windows\System\HYPrGhL.exe

C:\Windows\System\dbwkEpd.exe

C:\Windows\System\dbwkEpd.exe

C:\Windows\System\FhgFXTz.exe

C:\Windows\System\FhgFXTz.exe

C:\Windows\System\dQlfhdc.exe

C:\Windows\System\dQlfhdc.exe

C:\Windows\System\tOVhQzs.exe

C:\Windows\System\tOVhQzs.exe

C:\Windows\System\gBSRMDy.exe

C:\Windows\System\gBSRMDy.exe

C:\Windows\System\HgmNLnO.exe

C:\Windows\System\HgmNLnO.exe

C:\Windows\System\IUYFtSp.exe

C:\Windows\System\IUYFtSp.exe

C:\Windows\System\sTtOPay.exe

C:\Windows\System\sTtOPay.exe

C:\Windows\System\dwLcBjC.exe

C:\Windows\System\dwLcBjC.exe

C:\Windows\System\fGaDfPa.exe

C:\Windows\System\fGaDfPa.exe

C:\Windows\System\PzLSGKH.exe

C:\Windows\System\PzLSGKH.exe

C:\Windows\System\AqMEigG.exe

C:\Windows\System\AqMEigG.exe

C:\Windows\System\CfhDmBe.exe

C:\Windows\System\CfhDmBe.exe

C:\Windows\System\QckdPtS.exe

C:\Windows\System\QckdPtS.exe

C:\Windows\System\FxFdksc.exe

C:\Windows\System\FxFdksc.exe

C:\Windows\System\WwtmaVS.exe

C:\Windows\System\WwtmaVS.exe

C:\Windows\System\glXqImB.exe

C:\Windows\System\glXqImB.exe

C:\Windows\System\tJNHXSp.exe

C:\Windows\System\tJNHXSp.exe

C:\Windows\System\PlmWHmG.exe

C:\Windows\System\PlmWHmG.exe

C:\Windows\System\LoBYyIN.exe

C:\Windows\System\LoBYyIN.exe

C:\Windows\System\SAvMySd.exe

C:\Windows\System\SAvMySd.exe

C:\Windows\System\PRwXrDg.exe

C:\Windows\System\PRwXrDg.exe

C:\Windows\System\eALwOny.exe

C:\Windows\System\eALwOny.exe

C:\Windows\System\phaiiDU.exe

C:\Windows\System\phaiiDU.exe

C:\Windows\System\jWVXTKM.exe

C:\Windows\System\jWVXTKM.exe

C:\Windows\System\GpgTKSE.exe

C:\Windows\System\GpgTKSE.exe

C:\Windows\System\GwtsnHR.exe

C:\Windows\System\GwtsnHR.exe

C:\Windows\System\eceWWYJ.exe

C:\Windows\System\eceWWYJ.exe

C:\Windows\System\oePPrfV.exe

C:\Windows\System\oePPrfV.exe

C:\Windows\System\xtfTGWj.exe

C:\Windows\System\xtfTGWj.exe

C:\Windows\System\czxIjNJ.exe

C:\Windows\System\czxIjNJ.exe

C:\Windows\System\GWRCJAS.exe

C:\Windows\System\GWRCJAS.exe

C:\Windows\System\TzlSBJL.exe

C:\Windows\System\TzlSBJL.exe

C:\Windows\System\CmDKoZf.exe

C:\Windows\System\CmDKoZf.exe

C:\Windows\System\YrbpFHw.exe

C:\Windows\System\YrbpFHw.exe

C:\Windows\System\eQrvlaG.exe

C:\Windows\System\eQrvlaG.exe

C:\Windows\System\pKuSSLm.exe

C:\Windows\System\pKuSSLm.exe

C:\Windows\System\qmfwEdK.exe

C:\Windows\System\qmfwEdK.exe

C:\Windows\System\HyCmBcS.exe

C:\Windows\System\HyCmBcS.exe

C:\Windows\System\ODZNKNr.exe

C:\Windows\System\ODZNKNr.exe

C:\Windows\System\fpospoZ.exe

C:\Windows\System\fpospoZ.exe

C:\Windows\System\Veyojun.exe

C:\Windows\System\Veyojun.exe

C:\Windows\System\ibpyiFt.exe

C:\Windows\System\ibpyiFt.exe

C:\Windows\System\UTalDcQ.exe

C:\Windows\System\UTalDcQ.exe

C:\Windows\System\UKwsXZs.exe

C:\Windows\System\UKwsXZs.exe

C:\Windows\System\hOsQdDS.exe

C:\Windows\System\hOsQdDS.exe

C:\Windows\System\CEmAhtr.exe

C:\Windows\System\CEmAhtr.exe

C:\Windows\System\SLTHCHv.exe

C:\Windows\System\SLTHCHv.exe

C:\Windows\System\idTVhGI.exe

C:\Windows\System\idTVhGI.exe

C:\Windows\System\mTdjoIx.exe

C:\Windows\System\mTdjoIx.exe

C:\Windows\System\SqemrxA.exe

C:\Windows\System\SqemrxA.exe

C:\Windows\System\icehNJx.exe

C:\Windows\System\icehNJx.exe

C:\Windows\System\JrQarcE.exe

C:\Windows\System\JrQarcE.exe

C:\Windows\System\spmINjT.exe

C:\Windows\System\spmINjT.exe

C:\Windows\System\cBefhkb.exe

C:\Windows\System\cBefhkb.exe

C:\Windows\System\woOltgr.exe

C:\Windows\System\woOltgr.exe

C:\Windows\System\MtBTwMU.exe

C:\Windows\System\MtBTwMU.exe

C:\Windows\System\kYFxqOM.exe

C:\Windows\System\kYFxqOM.exe

C:\Windows\System\rnxPNgj.exe

C:\Windows\System\rnxPNgj.exe

C:\Windows\System\WJuydHT.exe

C:\Windows\System\WJuydHT.exe

C:\Windows\System\CLcNlID.exe

C:\Windows\System\CLcNlID.exe

C:\Windows\System\EvcEOET.exe

C:\Windows\System\EvcEOET.exe

C:\Windows\System\SotcZQY.exe

C:\Windows\System\SotcZQY.exe

C:\Windows\System\PiZJnGq.exe

C:\Windows\System\PiZJnGq.exe

C:\Windows\System\cbMyZTX.exe

C:\Windows\System\cbMyZTX.exe

C:\Windows\System\ZjIizup.exe

C:\Windows\System\ZjIizup.exe

C:\Windows\System\muQdmRA.exe

C:\Windows\System\muQdmRA.exe

C:\Windows\System\YcknKeY.exe

C:\Windows\System\YcknKeY.exe

C:\Windows\System\zWmwZWj.exe

C:\Windows\System\zWmwZWj.exe

C:\Windows\System\uCcBNoH.exe

C:\Windows\System\uCcBNoH.exe

C:\Windows\System\yYNQSgb.exe

C:\Windows\System\yYNQSgb.exe

C:\Windows\System\WEmpCde.exe

C:\Windows\System\WEmpCde.exe

C:\Windows\System\mhuSItq.exe

C:\Windows\System\mhuSItq.exe

C:\Windows\System\VmLLFPx.exe

C:\Windows\System\VmLLFPx.exe

C:\Windows\System\CNHCIAg.exe

C:\Windows\System\CNHCIAg.exe

C:\Windows\System\hNtkDrv.exe

C:\Windows\System\hNtkDrv.exe

C:\Windows\System\RbqSBet.exe

C:\Windows\System\RbqSBet.exe

C:\Windows\System\yQvJYTF.exe

C:\Windows\System\yQvJYTF.exe

C:\Windows\System\GwBexOk.exe

C:\Windows\System\GwBexOk.exe

C:\Windows\System\wpYQlrq.exe

C:\Windows\System\wpYQlrq.exe

C:\Windows\System\pHgMQhA.exe

C:\Windows\System\pHgMQhA.exe

C:\Windows\System\ffRtBnE.exe

C:\Windows\System\ffRtBnE.exe

C:\Windows\System\ORwXepn.exe

C:\Windows\System\ORwXepn.exe

C:\Windows\System\celkeJa.exe

C:\Windows\System\celkeJa.exe

C:\Windows\System\hYYAAfe.exe

C:\Windows\System\hYYAAfe.exe

C:\Windows\System\OEuGdId.exe

C:\Windows\System\OEuGdId.exe

C:\Windows\System\SUVqJhn.exe

C:\Windows\System\SUVqJhn.exe

C:\Windows\System\qudvYAL.exe

C:\Windows\System\qudvYAL.exe

C:\Windows\System\dshJEYs.exe

C:\Windows\System\dshJEYs.exe

C:\Windows\System\RwxsWHH.exe

C:\Windows\System\RwxsWHH.exe

C:\Windows\System\mZKJbyo.exe

C:\Windows\System\mZKJbyo.exe

C:\Windows\System\OoEdLWA.exe

C:\Windows\System\OoEdLWA.exe

C:\Windows\System\iAuihZX.exe

C:\Windows\System\iAuihZX.exe

C:\Windows\System\xLPpOud.exe

C:\Windows\System\xLPpOud.exe

C:\Windows\System\Zkkdcwk.exe

C:\Windows\System\Zkkdcwk.exe

C:\Windows\System\oTgjZxq.exe

C:\Windows\System\oTgjZxq.exe

C:\Windows\System\MNlLYvF.exe

C:\Windows\System\MNlLYvF.exe

C:\Windows\System\LVSRqOZ.exe

C:\Windows\System\LVSRqOZ.exe

C:\Windows\System\pKwLMgs.exe

C:\Windows\System\pKwLMgs.exe

C:\Windows\System\KrVQNku.exe

C:\Windows\System\KrVQNku.exe

C:\Windows\System\uycxPfR.exe

C:\Windows\System\uycxPfR.exe

C:\Windows\System\zrmuYmJ.exe

C:\Windows\System\zrmuYmJ.exe

C:\Windows\System\PlQdpvr.exe

C:\Windows\System\PlQdpvr.exe

C:\Windows\System\TlNituL.exe

C:\Windows\System\TlNituL.exe

C:\Windows\System\QPOMpog.exe

C:\Windows\System\QPOMpog.exe

C:\Windows\System\DaRMtyn.exe

C:\Windows\System\DaRMtyn.exe

C:\Windows\System\WMCtDuL.exe

C:\Windows\System\WMCtDuL.exe

C:\Windows\System\UKdVZkv.exe

C:\Windows\System\UKdVZkv.exe

C:\Windows\System\svYJnBj.exe

C:\Windows\System\svYJnBj.exe

C:\Windows\System\maxJXGw.exe

C:\Windows\System\maxJXGw.exe

C:\Windows\System\ZtpPIWj.exe

C:\Windows\System\ZtpPIWj.exe

C:\Windows\System\CerYogg.exe

C:\Windows\System\CerYogg.exe

C:\Windows\System\cecOswU.exe

C:\Windows\System\cecOswU.exe

C:\Windows\System\UWJswfI.exe

C:\Windows\System\UWJswfI.exe

C:\Windows\System\gjTIDaw.exe

C:\Windows\System\gjTIDaw.exe

C:\Windows\System\okubvpe.exe

C:\Windows\System\okubvpe.exe

C:\Windows\System\rueONhf.exe

C:\Windows\System\rueONhf.exe

C:\Windows\System\ECoxeyy.exe

C:\Windows\System\ECoxeyy.exe

C:\Windows\System\joyJdyO.exe

C:\Windows\System\joyJdyO.exe

C:\Windows\System\kxALMyO.exe

C:\Windows\System\kxALMyO.exe

C:\Windows\System\eoPitjU.exe

C:\Windows\System\eoPitjU.exe

C:\Windows\System\dKMOJQI.exe

C:\Windows\System\dKMOJQI.exe

C:\Windows\System\tSeXxyv.exe

C:\Windows\System\tSeXxyv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

memory/2136-0-0x00007FF6CA790000-0x00007FF6CAAE4000-memory.dmp

memory/2136-1-0x000001D5659E0000-0x000001D5659F0000-memory.dmp

C:\Windows\System\xxvHMdY.exe

MD5 4a7da3298bc6d9c919de8e7c38d46df4
SHA1 3711029bd42319fcfe78be60b4934a4e17fafbaa
SHA256 7e65788efa2d11b151fd5e8d93d6ada1d8e1436e4a7b6994ec665e8808f58fa4
SHA512 925985a5a83735876da832558a311ccc6097d81f55cc446845b841f621cb9191014e7d0c13b0a9605728d2f03ae337379cc742053608d7954e0a58471e9f347d

memory/1692-8-0x00007FF6831E0000-0x00007FF683534000-memory.dmp

C:\Windows\System\pmFeFSt.exe

MD5 00b5bb920bd5f89490b8ab7c77e0d068
SHA1 3479c7082751a62b63cddfd103ef97c2c2111b58
SHA256 a185b1143836f4a4c2720972617b8b4da779be16e2af981b003547ac17fa3e39
SHA512 2dd9140f8c7e5b2b84b57f92f6487e322e57dd4fa7932c1548dd8b45f522b3c50187bd4fbdb9d820b21e93ab6b77a24075e8bfd2ff53519d1914fbcf8712db35

C:\Windows\System\ltnMJHo.exe

MD5 4939eac5f35f7f9810ed83965e1286a5
SHA1 17653cba6e5983e73c63f12112093fbd460760b3
SHA256 08a35907f76e534b25a2f60cb83c2f73e933bb418e4ea53afcb270bf316f328b
SHA512 9c86ad204e3f9a83c18c1faf1e80432a289ee2ae0e2f8216d09a3ceadde4715a843bff23304b553fb38a4b86c889e7ef6f8d4eb2dd19c0c045526efd43f80bb2

C:\Windows\System\LAjPwTK.exe

MD5 40ab35e7b12d6d48ace6ac43173f95bf
SHA1 1e47257c3837d4bcc329b3e8fe0feb0e6b9d7680
SHA256 ed796a4eed4561e9bf09dbc41d530f9151d5767a303cfd94c43ce58b7233a0ed
SHA512 e55081110810111af5250fb1bc5689ac25f17da3ca65259a8f8824b2af496001aeaed8ba04510c916d14893c8b6cd23a194e09b78cc344c0052bc7d7262e3edd

C:\Windows\System\TQvbPwH.exe

MD5 1ed32ad0ec2f83d653f1704a5dc02118
SHA1 71d3af16dc93cd7b5e6d85eb3199d339eb80bd10
SHA256 91414ae7d2b771b859b6e869d493bfb063a0ecf9f60e50445c09d1658c3469fc
SHA512 136c9632917e2ad9ad80062f4d9f328f126c18079f2de054490cb6ee5668515d9bc4c28283258a52e5927904250b278d149504d57f03775b826795287f3855a6

C:\Windows\System\JeZlgXg.exe

MD5 18ddbff1b0feced48c81a5be45b92ce3
SHA1 29fee80fe908bea7ed622433dd2d784b60d1de6c
SHA256 a543fe52b87d2d8ca101124e9e48a203960cfdd7a34024bee0b36b34e6e1a07b
SHA512 e3aac8ce2ee77527658e5433dc1cd1cf2360fa9bc9a867fc5b10e2cdfec26071605148a214eeaaa34a3bdae9a6f3f8f4b3521ddcc4f46f4ce7b7ac8ec7c447d5

C:\Windows\System\lqcbZMQ.exe

MD5 1c70e5a7558429c85740b9b8507e6746
SHA1 a28f87bf21db76bd343675489243e63309e102cc
SHA256 827c03e08e8e400e1f56b99de25cd9ebc766d835ee08a9dabb9c94d10c8c65fd
SHA512 d35838ac4574ae2242031c2f82253d120e4b37fc5df232eaecf603c3efa64518039d2a660e167dc150e20ded938219d8778ef6ed6d557ccbb2057e409c2259ee

C:\Windows\System\ddTAxAl.exe

MD5 5c87183836d165c807fd0b512eb5f282
SHA1 c91acfdf0aad4729212e7fc3af45d25c6f74d482
SHA256 de11dc05f687a76bde901df1106c91daa3805e0a979cbeda46167c550bdd3c03
SHA512 8926629f10d84d2d4d2f8976ced4616e3c92998517cefa635ed6ac21138944cec7e499c5c02ce0c919bc1ea76d5eef7a8aa55137154400a3946e45152bf96c5c

C:\Windows\System\XXAVwHk.exe

MD5 9003445a86efa684a4ef2668a3cfa6ab
SHA1 09b223ccce1cb54cdcec9f248083cc3d33aed0c0
SHA256 14bf1e0458796450f92458584cefc3bee67f905d50b0189722d89216d2470794
SHA512 c28ad4960ff4c854e827445d3daeea0c66f857a8779f97c500a10cc8bc01881e95749fdba2bb1a2fd3766af35f1797184d8093e70aaf4c9371aaaa2ab10c7b35

memory/468-137-0x00007FF76DB60000-0x00007FF76DEB4000-memory.dmp

memory/4608-142-0x00007FF7B0980000-0x00007FF7B0CD4000-memory.dmp

memory/5052-145-0x00007FF7B54A0000-0x00007FF7B57F4000-memory.dmp

memory/3264-144-0x00007FF6AD9D0000-0x00007FF6ADD24000-memory.dmp

memory/1384-143-0x00007FF64B470000-0x00007FF64B7C4000-memory.dmp

memory/712-141-0x00007FF7F39E0000-0x00007FF7F3D34000-memory.dmp

memory/4416-140-0x00007FF620DA0000-0x00007FF6210F4000-memory.dmp

memory/1976-139-0x00007FF6A20B0000-0x00007FF6A2404000-memory.dmp

memory/4252-138-0x00007FF727EC0000-0x00007FF728214000-memory.dmp

memory/4108-136-0x00007FF67BF30000-0x00007FF67C284000-memory.dmp

C:\Windows\System\ikpgEag.exe

MD5 3aebcfde9d0dca1c70cb57515ab7f30a
SHA1 4bb49eaa1d410d2d89d56a900f4c11adb0a35594
SHA256 077a4cc31cf7d761b9c0bca1248a3e3c5c9b2bd7a3a08d03c69414807613b41b
SHA512 1847f8488aeebe44a032f396a47530ba4a187bebf61a369735201b778b5ede034e6b7d4968984c8568eb193cb0e014885da0e72b6d7de4e485e1768c8c4458ad

memory/544-133-0x00007FF797BF0000-0x00007FF797F44000-memory.dmp

C:\Windows\System\nIfshkO.exe

MD5 9237ac7e417d396c45fcb15797259639
SHA1 3404c3dd61fe06ac5b8aff2d8e7d146dd089e0b4
SHA256 46601dfe694b81d1f99255ac9b268ef95a2c0b4cab1e884110ad6f33abd8cdd7
SHA512 99884ba4b0c70b45d26999fa16ac073f10729c603263fe26b9025cf4ae9282fbbaf6de545cc78223ca1f7820ad611b3db0d4e44cb483f22615d8d97fb4128a3a

C:\Windows\System\lIUFzxJ.exe

MD5 3536935f61036c66ffcec837c4f1b407
SHA1 847ad618987656ba13ac5603422c4291cff04bc5
SHA256 52b855940ae56314258f6e87f28883cacb2d1e3eb60e654c065dd140ec8f7b00
SHA512 da64dbfe91524711bdbc31654ff5bc36375642e131e85c082b03514a00b301e74a5179f8a794ddd7d10aa46b652c4fdd550fba31f2c3d3b61accf47c4ad0f9c6

C:\Windows\System\XrDeFGO.exe

MD5 dc626ab0b8e65ab4afdd0af9d7e925e1
SHA1 44eaaab5b9e34d007c697b1b032dc2bf52c3c4bb
SHA256 c2ace5bac202fcb0ca60e0de6849da6bab590bf637957b8cfb02a59c39c5bf63
SHA512 56d46f806872ddc446989dc7e144c9a32feab559447f4f8a98167cc9605a415992a161da85318480d5fcebdafc202f85b45da50872f6eaa43190dd8177645874

C:\Windows\System\hcKdVyA.exe

MD5 9f0aafa7060f0a8e474ab226e9febd05
SHA1 3a93099d8bcc5197ab7e3794d330956d7dab58b8
SHA256 57a17356e699c0a0de303ede778d98cb07e7d93269e9b9222186cf92aae1b78c
SHA512 7eecf8e0ae965cc0862066205bad4e25b5ee3c0262b6f1fc2fc5a120ce0e50e1df983891d534e1f33dbf1bd05297f06e70000f4a6fd2077169fcc0a0926cf582

memory/2840-122-0x00007FF660370000-0x00007FF6606C4000-memory.dmp

memory/3580-120-0x00007FF793860000-0x00007FF793BB4000-memory.dmp

C:\Windows\System\vONkBTp.exe

MD5 38f34dad672ecb4a271221656ed78039
SHA1 b4898e8bd384a0751b9cd21b1a40fd338e164fc7
SHA256 c4478dd9def613540587ed8ae93324fa3a75d5d76348e610359bf920d4c5962e
SHA512 a13c94507887f734914f9b55a5e03ed8b2b17c80fbaa362d8244588b24ecc000bc934d6c6f363c8b66d75c57c82e9776b0c4d85777ecd7777d3815fd88a2cfcd

C:\Windows\System\cwSnzJW.exe

MD5 ff8cd32de407fbdb7a513b7b1cb26f1e
SHA1 b463da0124763f15307e6e3a498224bd482139bf
SHA256 af5c3f3e1420d0d7b41705bfe2887521edf9ad411cc1e1c1c3ea8b86e09ee405
SHA512 6f269ec6eb5c90cea97647c08308d0cab4e49e8d569902b45ef3a8c0cd8e35db9cbf955a8cb131c1b219a47c8e467974de060b3a84596416d6209226d5dd51a9

memory/3756-107-0x00007FF68A520000-0x00007FF68A874000-memory.dmp

memory/3344-100-0x00007FF607B50000-0x00007FF607EA4000-memory.dmp

C:\Windows\System\eCoBMnZ.exe

MD5 32fc0e3bfee9ba6e44b76d5a3dcd0eda
SHA1 3db474ec7765aeeb54ccffe460bb7c4552a5f5cc
SHA256 f897fb54d6909d2fdc404634ae1d28c9eff95ee4308e50c55ddff54dadc8f965
SHA512 8be8dafd4c369c823832eec8f778a0ac4eb5448a3f2560179d5627b403d80b046219e01bfe7c48278d6df8e82978e53842fb916382a39f9f3e1b7872a3c8bec5

C:\Windows\System\BOCbdyW.exe

MD5 69a0f0b359fec0303527e312efe1b978
SHA1 edf28b559765d13741fe5aa73b7fca03876bf25a
SHA256 f30b40c651b7ecd261e501c20c144f75736de79225891e14774662c34a12a06c
SHA512 b78d2d6f26b655eb90a8c57d56fcf2e4f285df5b809f563068787ecbb19bfc42098040f08d6f2f2afa14d865ba12d7d4d222d496f8d68738129f88723792530c

memory/2904-89-0x00007FF74E200000-0x00007FF74E554000-memory.dmp

memory/4520-80-0x00007FF61D1D0000-0x00007FF61D524000-memory.dmp

C:\Windows\System\GfhjvXd.exe

MD5 c458a1e2722c7414cfe04d58326b7c4e
SHA1 845faec4a3da89ccd8e343117259a110e7251d1c
SHA256 ebdb907d7c2821db9da25c858be0f017c867ad2e27b37fcccf815d78187287df
SHA512 b565a8fcfacfc4e2e70eae2bb46ab30d79ca75ff7c9d364a530d73c3f6896f6d164f241a02c47bd121f84684875895203d9b7fc6c184e3c9f451f2b0f062fc34

C:\Windows\System\DHMPddf.exe

MD5 b9b1ef85f5af4eeaffe0307dc39a4529
SHA1 e908815901b4e8bbd4b83b790bd72f357108ace0
SHA256 e84c563a41c87e86ca983085726fc7ee4f7c6d36f78c2d5d08de48b6fad774ef
SHA512 fae6e5141248de7d09e9dbdbee93052075d75e8fb3c9d1bcfd5c05f68724420df9d4258d65130dcafa7bfd10ca52e3bfdb215ab0241ece47bf7a3b51c7f82e58

C:\Windows\System\pAbNwBc.exe

MD5 898a84fc233ca90a19b5853b453ccc49
SHA1 3a97cee72c16e6a9150ab79b9724fe072554b293
SHA256 171b5e55dca8cfeb35e80e6a7b54915026cefdcc969ad5ea47ee8bd5e5933c45
SHA512 38eb81d3f52b4a3f299df7d63dc64c69bc8902ecbe81ae83704e3eaf2099146426f694a5cad8709dd920d0a1d85e32d5e83ab1086597a1ce094b242dbf234044

memory/3488-62-0x00007FF625640000-0x00007FF625994000-memory.dmp

memory/4036-51-0x00007FF650AF0000-0x00007FF650E44000-memory.dmp

C:\Windows\System\VHYPZDY.exe

MD5 1ed18f08cd901d9a92843f620065ca2f
SHA1 59d7ed9d05368811898e502de8fc06b62d57d953
SHA256 ef8504a981d1810efb1b93cd4440df0a246ff59405c9d8b9918167f6bf4a796f
SHA512 cc13edf6950fa8ebbef7dd38dd6b2e7317f36aa2fca9a446e4b11988bdf347a38f05fc7b140e377738d317047052316d1d183ed394a0b5fff080f902e7f92e68

C:\Windows\System\EmAWcCU.exe

MD5 fed16dc10ba32a84da4fb1abb5c2074f
SHA1 a8222b7733f3276b64d8a3c7feeadc50e317cf53
SHA256 3ac6d09f201ef08410a359657b4a7061f38c5d8e30f338242d43c5abbb7963a6
SHA512 0de2a230994686ba489fbc1fb9ee68850bdc4d9c7c3b04ffeb5b61196caad445487856c9bddf0938d818c0907b1784bc14a2b001a6c881e4b61d6802e9205f5e

memory/3800-39-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp

memory/3728-38-0x00007FF6B21D0000-0x00007FF6B2524000-memory.dmp

memory/1988-25-0x00007FF6FD480000-0x00007FF6FD7D4000-memory.dmp

C:\Windows\System\pVsUxIN.exe

MD5 0b6cae50c7b4362ce9d9039e65f26816
SHA1 696262c3875935be07c0e948aadae57be8126717
SHA256 3b08e07d68bd5f8c38ddc66f358dbe3515788b93b7006b5b3a06cf0e9f859891
SHA512 33620b20531e0cd5a48a0b9487829b4a5464f05a44c4348463365a30b099bd37e15d0ae1aa62f3698cbf212a3aa1f404feea622185fbd7969ef14c8567d2a9fe

memory/4212-14-0x00007FF6DAF60000-0x00007FF6DB2B4000-memory.dmp

C:\Windows\System\KhJYDVW.exe

MD5 205a0a560079d1bdc03c6bd8f3cc2d00
SHA1 68568e7461287690f2c34677802320f9991224ca
SHA256 5bae87e5d6398f111c55eb67367f01bf07c31bb85d90788a154ba542b6254896
SHA512 d4ec27bc51a1e9c89eee03ceda24b820c376f6928cd44fd849d65763ca814a0bfb528477d69a88ecfc6808e1a01dc98fd186ebfb9761a21c2b0562c7b254c6e6

C:\Windows\System\tMDJiHp.exe

MD5 2b518d775c5b9db7b379880e77fe6846
SHA1 7099469fe443afbb20a7e6767611b5be9ba45d4f
SHA256 1df684918a90296e2716b2f5043472fff87466e50dd1d29f823cf24901609804
SHA512 47d18bdbb0b1eb309e370c7fec756213ff13012e494a9f1ff6c2b263ab369393e048968deeb1a0b3ea3dd9459663f76d34dd1ed6de83f4caaef34e1d62915ea1

C:\Windows\System\RPUQGPL.exe

MD5 fe8592068386f7d07eb56d9fe8fe0e77
SHA1 d603d4f2c5666bab1cad5112f793cad7af8b11b0
SHA256 5e4a4b236d44767f8a21009bd5ed14f1f8ce912f17cc9999fdc9b2a356a951f6
SHA512 b9aeaa6816863c32d18c56ec0e1f795c0504612fd3be08b09cf9e551399ae7883075458840078a40d5fcce100d96b665916eda311c6340f3ef0a5dbb1b96a1ae

C:\Windows\System\mVnNYPv.exe

MD5 3deb673a258b4ba28705d87bd44cee08
SHA1 628e4313db979207b9499e5fe1e9e70765efea09
SHA256 88985b11aed71053be73565b48d910024c544be370d17c7d5eecd558b139e25b
SHA512 5b8c3d8cc76cad7324809a257548e5f0f10bbd5b8d26f95e1c437f288db7aa64fedb43d8e6ea242bcc6b89b3aa6a19f03b9b80c683cdb452c33b491f0be9c8e1

C:\Windows\System\DauqTqk.exe

MD5 ef2eae32936e007768d2e06925ceb156
SHA1 96ebedb73031709bb8d10d7fe9f67fde3d530a29
SHA256 82f2c15d117598702582ffe71b858892a0620b338dc8825070ef656e8d906c6e
SHA512 ce70b83e60a179e11065ca0ad98e7fdfae4358f73969dd552dc83ecc0d58acfbe97e59c904f95bbe2e8a1b3a68c43f11a98f2e5487eaa3e6ac6c36c415ebf954

memory/384-206-0x00007FF6BCC80000-0x00007FF6BCFD4000-memory.dmp

memory/2956-194-0x00007FF71C570000-0x00007FF71C8C4000-memory.dmp

C:\Windows\System\cykORcz.exe

MD5 907e7d7c001798c27baf10c0a6d66949
SHA1 ed6224ac896f9a980a4a80e93eb453c03fc9ad36
SHA256 17f0bddee1da804d98596493b5aa3b8d26ca1415262dfccf6ce2a01a40173b8a
SHA512 1a05967161bc31214fc65a1117a0cf227c731633db6b9d68890d815e7a6263316dabbc12942b5bb06569e01da81fd9a315f73b666697a6ce9cd065ea5be990d1

C:\Windows\System\coLFRtS.exe

MD5 cf24eda41ede9d9f5d17a0cb4d672755
SHA1 28d903c999558dea6e68acd2065967b683126ce1
SHA256 a6c4c7675db3453df4cfedd43b8c9c486cbcacc135a501f808256360790944a8
SHA512 f10ead024ea6132ab9c75ea5e1c4b483701ddc40fa2fbbae7368dfae8341241ebae5085bc8f7ec366d75df44b74a795ac030225bb9c31f5b0147bacc7e48c384

C:\Windows\System\YOvHJPv.exe

MD5 b29344452f9effac8ace7fe4f6e054ce
SHA1 2bc7e08b6ba9d774d65b733f94fc7f7b22babf0d
SHA256 09ba89a324119e6363622e020fd6d65ef3793337df4567d8c555678547a0b12c
SHA512 e66a91376687f591db71a6569a448a2b2c64391ecef4196a8ee37781849c8322451b9f1e1ad36f86101a568fc84801902ce84fc95e437fa8c5e61213c464719f

memory/4628-182-0x00007FF7A22B0000-0x00007FF7A2604000-memory.dmp

C:\Windows\System\bOcDEqk.exe

MD5 87e48fc9b8bf710066d7c6b66aea8155
SHA1 d3321c3b184b87f1a8b3037e12f765dd98880896
SHA256 3e68d29067edb4ee8fe0a06f64f6d8da20cb6dde96aed368492a0cd562a4c2b8
SHA512 7749ace6ab2e3fca3c7aaea9070a3caf7dd1b452b2ecc6541e4e6801bdb61073c0261b16dbd2c13e726983c4aa096b79682e0544eb3236c438fcf9d36fc9aeaa

memory/4536-176-0x00007FF6C3B90000-0x00007FF6C3EE4000-memory.dmp

C:\Windows\System\ExaYhCW.exe

MD5 2be2802fa7ba9b651a849117b3759b3f
SHA1 cab56bb688a42f6219273764d6bc93d202b7c043
SHA256 1184fe98ab481beb48d0c5ad37916177f8045db66c53f05b21f7182d74fb980f
SHA512 ac809a3632a780efd67682cf6952d6b113a8f60bf2f4a6f673b6fd203da262c8f14c48870915fe3e6d2a53eef248b3696f4f4a972a2e549fdd6d87cc2ae6765a

memory/4260-170-0x00007FF72DFF0000-0x00007FF72E344000-memory.dmp

C:\Windows\System\RwKbTjK.exe

MD5 33ae2efa1e575e950cdd777b69eb1498
SHA1 513c7868ed9401ce22c26681c1ad72990b5f2bba
SHA256 7ff967f45e00a650e40856cf55f76ca64245954fccbf8f0ea9a677610efc7a22
SHA512 49802b51e68c0cee5750bebc5fe2354a36ec485c84d864f8c4ae11b6d46c7e3c960ace70d986042d74758160c7a6b0a3c125e6c7ae8aed83c8d7df7eeb006547

memory/2136-1070-0x00007FF6CA790000-0x00007FF6CAAE4000-memory.dmp

memory/1692-1071-0x00007FF6831E0000-0x00007FF683534000-memory.dmp

memory/3728-1072-0x00007FF6B21D0000-0x00007FF6B2524000-memory.dmp

memory/1988-1073-0x00007FF6FD480000-0x00007FF6FD7D4000-memory.dmp

memory/3800-1074-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp

memory/4520-1076-0x00007FF61D1D0000-0x00007FF61D524000-memory.dmp

memory/3488-1075-0x00007FF625640000-0x00007FF625994000-memory.dmp

memory/4036-1077-0x00007FF650AF0000-0x00007FF650E44000-memory.dmp

memory/4260-1078-0x00007FF72DFF0000-0x00007FF72E344000-memory.dmp

memory/4536-1079-0x00007FF6C3B90000-0x00007FF6C3EE4000-memory.dmp

memory/4628-1080-0x00007FF7A22B0000-0x00007FF7A2604000-memory.dmp

memory/1692-1081-0x00007FF6831E0000-0x00007FF683534000-memory.dmp

memory/4212-1082-0x00007FF6DAF60000-0x00007FF6DB2B4000-memory.dmp

memory/1988-1083-0x00007FF6FD480000-0x00007FF6FD7D4000-memory.dmp

memory/3728-1085-0x00007FF6B21D0000-0x00007FF6B2524000-memory.dmp

memory/4416-1084-0x00007FF620DA0000-0x00007FF6210F4000-memory.dmp

memory/4036-1086-0x00007FF650AF0000-0x00007FF650E44000-memory.dmp

memory/4520-1089-0x00007FF61D1D0000-0x00007FF61D524000-memory.dmp

memory/3488-1088-0x00007FF625640000-0x00007FF625994000-memory.dmp

memory/2904-1087-0x00007FF74E200000-0x00007FF74E554000-memory.dmp

memory/3800-1090-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp

memory/4252-1102-0x00007FF727EC0000-0x00007FF728214000-memory.dmp

memory/4108-1103-0x00007FF67BF30000-0x00007FF67C284000-memory.dmp

memory/468-1101-0x00007FF76DB60000-0x00007FF76DEB4000-memory.dmp

memory/1976-1100-0x00007FF6A20B0000-0x00007FF6A2404000-memory.dmp

memory/5052-1099-0x00007FF7B54A0000-0x00007FF7B57F4000-memory.dmp

memory/712-1098-0x00007FF7F39E0000-0x00007FF7F3D34000-memory.dmp

memory/3344-1097-0x00007FF607B50000-0x00007FF607EA4000-memory.dmp

memory/4608-1096-0x00007FF7B0980000-0x00007FF7B0CD4000-memory.dmp

memory/3756-1095-0x00007FF68A520000-0x00007FF68A874000-memory.dmp

memory/3580-1094-0x00007FF793860000-0x00007FF793BB4000-memory.dmp

memory/1384-1093-0x00007FF64B470000-0x00007FF64B7C4000-memory.dmp

memory/2840-1092-0x00007FF660370000-0x00007FF6606C4000-memory.dmp

memory/544-1091-0x00007FF797BF0000-0x00007FF797F44000-memory.dmp

memory/3264-1104-0x00007FF6AD9D0000-0x00007FF6ADD24000-memory.dmp

memory/4260-1105-0x00007FF72DFF0000-0x00007FF72E344000-memory.dmp

memory/2956-1106-0x00007FF71C570000-0x00007FF71C8C4000-memory.dmp

memory/4536-1107-0x00007FF6C3B90000-0x00007FF6C3EE4000-memory.dmp

memory/384-1108-0x00007FF6BCC80000-0x00007FF6BCFD4000-memory.dmp

memory/4628-1109-0x00007FF7A22B0000-0x00007FF7A2604000-memory.dmp