Malware Analysis Report

2024-10-16 07:51

Sample ID 240531-h92gtabh47
Target 7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe
SHA256 9936566b71c673789ab230f36995acc0c5f6b620e5d5161fe6700a584108a732
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9936566b71c673789ab230f36995acc0c5f6b620e5d5161fe6700a584108a732

Threat Level: Known bad

The file 7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

xmrig

KPOT

KPOT Core Executable

XMRig Miner payload

Kpot family

Xmrig family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 07:26

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 07:26

Reported

2024-05-31 07:29

Platform

win10v2004-20240426-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\efeHLnj.exe N/A
N/A N/A C:\Windows\System\xnilIjU.exe N/A
N/A N/A C:\Windows\System\mAIXgYG.exe N/A
N/A N/A C:\Windows\System\alNatdv.exe N/A
N/A N/A C:\Windows\System\BarrVWX.exe N/A
N/A N/A C:\Windows\System\xPbJZRt.exe N/A
N/A N/A C:\Windows\System\cLNANbC.exe N/A
N/A N/A C:\Windows\System\jUNsxrh.exe N/A
N/A N/A C:\Windows\System\NKapjOZ.exe N/A
N/A N/A C:\Windows\System\jjXmLwt.exe N/A
N/A N/A C:\Windows\System\YbSnHhL.exe N/A
N/A N/A C:\Windows\System\LWvWPXz.exe N/A
N/A N/A C:\Windows\System\iIceXCW.exe N/A
N/A N/A C:\Windows\System\ROiIMAM.exe N/A
N/A N/A C:\Windows\System\OALjueG.exe N/A
N/A N/A C:\Windows\System\AAaFYCN.exe N/A
N/A N/A C:\Windows\System\obxkMPD.exe N/A
N/A N/A C:\Windows\System\hrMXiJM.exe N/A
N/A N/A C:\Windows\System\WcYUPdx.exe N/A
N/A N/A C:\Windows\System\xpLaPxp.exe N/A
N/A N/A C:\Windows\System\QcZzevG.exe N/A
N/A N/A C:\Windows\System\LjkYrLF.exe N/A
N/A N/A C:\Windows\System\mDERIaj.exe N/A
N/A N/A C:\Windows\System\BdhuUXw.exe N/A
N/A N/A C:\Windows\System\cpOJCcs.exe N/A
N/A N/A C:\Windows\System\ExkGLMw.exe N/A
N/A N/A C:\Windows\System\iMrOklb.exe N/A
N/A N/A C:\Windows\System\KyHLkMb.exe N/A
N/A N/A C:\Windows\System\wiIOepu.exe N/A
N/A N/A C:\Windows\System\vuIiWKp.exe N/A
N/A N/A C:\Windows\System\PWoEISL.exe N/A
N/A N/A C:\Windows\System\wxcZRdo.exe N/A
N/A N/A C:\Windows\System\iyRpLjW.exe N/A
N/A N/A C:\Windows\System\DClpKTt.exe N/A
N/A N/A C:\Windows\System\LWyQnaR.exe N/A
N/A N/A C:\Windows\System\KHxxeXl.exe N/A
N/A N/A C:\Windows\System\MywhHZA.exe N/A
N/A N/A C:\Windows\System\nokKenQ.exe N/A
N/A N/A C:\Windows\System\wwQxreS.exe N/A
N/A N/A C:\Windows\System\SATsvnf.exe N/A
N/A N/A C:\Windows\System\nrxaPhC.exe N/A
N/A N/A C:\Windows\System\kmJIKMQ.exe N/A
N/A N/A C:\Windows\System\pRDtjeF.exe N/A
N/A N/A C:\Windows\System\gttOKsI.exe N/A
N/A N/A C:\Windows\System\JwSnARc.exe N/A
N/A N/A C:\Windows\System\RKChnnV.exe N/A
N/A N/A C:\Windows\System\XgQtADi.exe N/A
N/A N/A C:\Windows\System\icrasvX.exe N/A
N/A N/A C:\Windows\System\jaBXQHD.exe N/A
N/A N/A C:\Windows\System\PbkKwRJ.exe N/A
N/A N/A C:\Windows\System\rMXSsdJ.exe N/A
N/A N/A C:\Windows\System\lsuPaYE.exe N/A
N/A N/A C:\Windows\System\XmyhwUv.exe N/A
N/A N/A C:\Windows\System\AkZmQJB.exe N/A
N/A N/A C:\Windows\System\aqsWiEH.exe N/A
N/A N/A C:\Windows\System\RgvBTHr.exe N/A
N/A N/A C:\Windows\System\jihrjEE.exe N/A
N/A N/A C:\Windows\System\AARneMt.exe N/A
N/A N/A C:\Windows\System\uyHELnm.exe N/A
N/A N/A C:\Windows\System\xykAWlP.exe N/A
N/A N/A C:\Windows\System\fOWjcUg.exe N/A
N/A N/A C:\Windows\System\itiPyoH.exe N/A
N/A N/A C:\Windows\System\HGyHrDa.exe N/A
N/A N/A C:\Windows\System\KmJzFjV.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rIdCCXl.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrPPAGD.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fOWjcUg.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECDqkil.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwZFQmL.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBOqYOx.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAMcXwV.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QQpfMgN.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsfxRII.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwSnARc.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xiESXnw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NitacSV.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylRqeKB.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsPaqib.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xPbJZRt.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vuIiWKp.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpfbBpf.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCrpQxe.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgawSDg.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXEHGHa.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHfAzIi.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dedtnIT.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHnVghh.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcBsarX.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xpLaPxp.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnbHWjc.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxCBpIF.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwLzUtG.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHWQDCU.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsHGDYe.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExkGLMw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MywhHZA.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxJBgVN.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCStNIe.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoKWZMa.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNurxdw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAIXgYG.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOzmelg.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuveAcz.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbOcAOa.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xlSVOxs.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VcrGDQi.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ytdKSGX.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXhhacq.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZhONsr.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\obxkMPD.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqsWiEH.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GAmqpnO.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRKobog.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujycVSF.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJPqfhF.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYBmaZw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BUDFMBK.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wshIcnC.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWkXmtW.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXXZEPB.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJnuRoy.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKLvkWx.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\icrasvX.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoNsXgM.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ouxSHsE.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MEiQvgw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FifsiGU.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyxjHhQ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1668 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\efeHLnj.exe
PID 1668 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\efeHLnj.exe
PID 1668 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xnilIjU.exe
PID 1668 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xnilIjU.exe
PID 1668 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mAIXgYG.exe
PID 1668 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mAIXgYG.exe
PID 1668 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\alNatdv.exe
PID 1668 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\alNatdv.exe
PID 1668 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\BarrVWX.exe
PID 1668 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\BarrVWX.exe
PID 1668 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xPbJZRt.exe
PID 1668 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xPbJZRt.exe
PID 1668 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\cLNANbC.exe
PID 1668 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\cLNANbC.exe
PID 1668 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\jUNsxrh.exe
PID 1668 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\jUNsxrh.exe
PID 1668 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\NKapjOZ.exe
PID 1668 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\NKapjOZ.exe
PID 1668 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\jjXmLwt.exe
PID 1668 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\jjXmLwt.exe
PID 1668 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\YbSnHhL.exe
PID 1668 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\YbSnHhL.exe
PID 1668 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LWvWPXz.exe
PID 1668 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LWvWPXz.exe
PID 1668 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\iIceXCW.exe
PID 1668 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\iIceXCW.exe
PID 1668 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ROiIMAM.exe
PID 1668 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ROiIMAM.exe
PID 1668 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\OALjueG.exe
PID 1668 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\OALjueG.exe
PID 1668 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\AAaFYCN.exe
PID 1668 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\AAaFYCN.exe
PID 1668 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\obxkMPD.exe
PID 1668 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\obxkMPD.exe
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\hrMXiJM.exe
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\hrMXiJM.exe
PID 1668 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\WcYUPdx.exe
PID 1668 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\WcYUPdx.exe
PID 1668 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xpLaPxp.exe
PID 1668 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xpLaPxp.exe
PID 1668 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\QcZzevG.exe
PID 1668 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\QcZzevG.exe
PID 1668 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LjkYrLF.exe
PID 1668 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LjkYrLF.exe
PID 1668 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mDERIaj.exe
PID 1668 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mDERIaj.exe
PID 1668 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\BdhuUXw.exe
PID 1668 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\BdhuUXw.exe
PID 1668 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\cpOJCcs.exe
PID 1668 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\cpOJCcs.exe
PID 1668 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ExkGLMw.exe
PID 1668 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ExkGLMw.exe
PID 1668 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\iMrOklb.exe
PID 1668 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\iMrOklb.exe
PID 1668 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\KyHLkMb.exe
PID 1668 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\KyHLkMb.exe
PID 1668 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\wiIOepu.exe
PID 1668 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\wiIOepu.exe
PID 1668 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\vuIiWKp.exe
PID 1668 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\vuIiWKp.exe
PID 1668 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\PWoEISL.exe
PID 1668 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\PWoEISL.exe
PID 1668 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\wxcZRdo.exe
PID 1668 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\wxcZRdo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe"

C:\Windows\System\efeHLnj.exe

C:\Windows\System\efeHLnj.exe

C:\Windows\System\xnilIjU.exe

C:\Windows\System\xnilIjU.exe

C:\Windows\System\mAIXgYG.exe

C:\Windows\System\mAIXgYG.exe

C:\Windows\System\alNatdv.exe

C:\Windows\System\alNatdv.exe

C:\Windows\System\BarrVWX.exe

C:\Windows\System\BarrVWX.exe

C:\Windows\System\xPbJZRt.exe

C:\Windows\System\xPbJZRt.exe

C:\Windows\System\cLNANbC.exe

C:\Windows\System\cLNANbC.exe

C:\Windows\System\jUNsxrh.exe

C:\Windows\System\jUNsxrh.exe

C:\Windows\System\NKapjOZ.exe

C:\Windows\System\NKapjOZ.exe

C:\Windows\System\jjXmLwt.exe

C:\Windows\System\jjXmLwt.exe

C:\Windows\System\YbSnHhL.exe

C:\Windows\System\YbSnHhL.exe

C:\Windows\System\LWvWPXz.exe

C:\Windows\System\LWvWPXz.exe

C:\Windows\System\iIceXCW.exe

C:\Windows\System\iIceXCW.exe

C:\Windows\System\ROiIMAM.exe

C:\Windows\System\ROiIMAM.exe

C:\Windows\System\OALjueG.exe

C:\Windows\System\OALjueG.exe

C:\Windows\System\AAaFYCN.exe

C:\Windows\System\AAaFYCN.exe

C:\Windows\System\obxkMPD.exe

C:\Windows\System\obxkMPD.exe

C:\Windows\System\hrMXiJM.exe

C:\Windows\System\hrMXiJM.exe

C:\Windows\System\WcYUPdx.exe

C:\Windows\System\WcYUPdx.exe

C:\Windows\System\xpLaPxp.exe

C:\Windows\System\xpLaPxp.exe

C:\Windows\System\QcZzevG.exe

C:\Windows\System\QcZzevG.exe

C:\Windows\System\LjkYrLF.exe

C:\Windows\System\LjkYrLF.exe

C:\Windows\System\mDERIaj.exe

C:\Windows\System\mDERIaj.exe

C:\Windows\System\BdhuUXw.exe

C:\Windows\System\BdhuUXw.exe

C:\Windows\System\cpOJCcs.exe

C:\Windows\System\cpOJCcs.exe

C:\Windows\System\ExkGLMw.exe

C:\Windows\System\ExkGLMw.exe

C:\Windows\System\iMrOklb.exe

C:\Windows\System\iMrOklb.exe

C:\Windows\System\KyHLkMb.exe

C:\Windows\System\KyHLkMb.exe

C:\Windows\System\wiIOepu.exe

C:\Windows\System\wiIOepu.exe

C:\Windows\System\vuIiWKp.exe

C:\Windows\System\vuIiWKp.exe

C:\Windows\System\PWoEISL.exe

C:\Windows\System\PWoEISL.exe

C:\Windows\System\wxcZRdo.exe

C:\Windows\System\wxcZRdo.exe

C:\Windows\System\iyRpLjW.exe

C:\Windows\System\iyRpLjW.exe

C:\Windows\System\DClpKTt.exe

C:\Windows\System\DClpKTt.exe

C:\Windows\System\LWyQnaR.exe

C:\Windows\System\LWyQnaR.exe

C:\Windows\System\KHxxeXl.exe

C:\Windows\System\KHxxeXl.exe

C:\Windows\System\MywhHZA.exe

C:\Windows\System\MywhHZA.exe

C:\Windows\System\nokKenQ.exe

C:\Windows\System\nokKenQ.exe

C:\Windows\System\wwQxreS.exe

C:\Windows\System\wwQxreS.exe

C:\Windows\System\SATsvnf.exe

C:\Windows\System\SATsvnf.exe

C:\Windows\System\nrxaPhC.exe

C:\Windows\System\nrxaPhC.exe

C:\Windows\System\kmJIKMQ.exe

C:\Windows\System\kmJIKMQ.exe

C:\Windows\System\pRDtjeF.exe

C:\Windows\System\pRDtjeF.exe

C:\Windows\System\gttOKsI.exe

C:\Windows\System\gttOKsI.exe

C:\Windows\System\JwSnARc.exe

C:\Windows\System\JwSnARc.exe

C:\Windows\System\RKChnnV.exe

C:\Windows\System\RKChnnV.exe

C:\Windows\System\XgQtADi.exe

C:\Windows\System\XgQtADi.exe

C:\Windows\System\icrasvX.exe

C:\Windows\System\icrasvX.exe

C:\Windows\System\jaBXQHD.exe

C:\Windows\System\jaBXQHD.exe

C:\Windows\System\PbkKwRJ.exe

C:\Windows\System\PbkKwRJ.exe

C:\Windows\System\rMXSsdJ.exe

C:\Windows\System\rMXSsdJ.exe

C:\Windows\System\lsuPaYE.exe

C:\Windows\System\lsuPaYE.exe

C:\Windows\System\XmyhwUv.exe

C:\Windows\System\XmyhwUv.exe

C:\Windows\System\AkZmQJB.exe

C:\Windows\System\AkZmQJB.exe

C:\Windows\System\aqsWiEH.exe

C:\Windows\System\aqsWiEH.exe

C:\Windows\System\RgvBTHr.exe

C:\Windows\System\RgvBTHr.exe

C:\Windows\System\jihrjEE.exe

C:\Windows\System\jihrjEE.exe

C:\Windows\System\AARneMt.exe

C:\Windows\System\AARneMt.exe

C:\Windows\System\uyHELnm.exe

C:\Windows\System\uyHELnm.exe

C:\Windows\System\xykAWlP.exe

C:\Windows\System\xykAWlP.exe

C:\Windows\System\fOWjcUg.exe

C:\Windows\System\fOWjcUg.exe

C:\Windows\System\itiPyoH.exe

C:\Windows\System\itiPyoH.exe

C:\Windows\System\HGyHrDa.exe

C:\Windows\System\HGyHrDa.exe

C:\Windows\System\KmJzFjV.exe

C:\Windows\System\KmJzFjV.exe

C:\Windows\System\ctXqdwg.exe

C:\Windows\System\ctXqdwg.exe

C:\Windows\System\SLjwDxq.exe

C:\Windows\System\SLjwDxq.exe

C:\Windows\System\QOaKZWQ.exe

C:\Windows\System\QOaKZWQ.exe

C:\Windows\System\QmJLluB.exe

C:\Windows\System\QmJLluB.exe

C:\Windows\System\HxJBgVN.exe

C:\Windows\System\HxJBgVN.exe

C:\Windows\System\ECDqkil.exe

C:\Windows\System\ECDqkil.exe

C:\Windows\System\rpwdUhG.exe

C:\Windows\System\rpwdUhG.exe

C:\Windows\System\xiESXnw.exe

C:\Windows\System\xiESXnw.exe

C:\Windows\System\wshIcnC.exe

C:\Windows\System\wshIcnC.exe

C:\Windows\System\HbBPKyc.exe

C:\Windows\System\HbBPKyc.exe

C:\Windows\System\HKMVkct.exe

C:\Windows\System\HKMVkct.exe

C:\Windows\System\XEwUBFu.exe

C:\Windows\System\XEwUBFu.exe

C:\Windows\System\VwZFQmL.exe

C:\Windows\System\VwZFQmL.exe

C:\Windows\System\hYqDAYt.exe

C:\Windows\System\hYqDAYt.exe

C:\Windows\System\gDaVZyx.exe

C:\Windows\System\gDaVZyx.exe

C:\Windows\System\SRnwIOC.exe

C:\Windows\System\SRnwIOC.exe

C:\Windows\System\dbOcAOa.exe

C:\Windows\System\dbOcAOa.exe

C:\Windows\System\IpfbBpf.exe

C:\Windows\System\IpfbBpf.exe

C:\Windows\System\ImanXke.exe

C:\Windows\System\ImanXke.exe

C:\Windows\System\RBRqfmD.exe

C:\Windows\System\RBRqfmD.exe

C:\Windows\System\TNEJAsc.exe

C:\Windows\System\TNEJAsc.exe

C:\Windows\System\twUmgGU.exe

C:\Windows\System\twUmgGU.exe

C:\Windows\System\tXEHGHa.exe

C:\Windows\System\tXEHGHa.exe

C:\Windows\System\xlSVOxs.exe

C:\Windows\System\xlSVOxs.exe

C:\Windows\System\DWNBJsx.exe

C:\Windows\System\DWNBJsx.exe

C:\Windows\System\zfpIXlJ.exe

C:\Windows\System\zfpIXlJ.exe

C:\Windows\System\QqVbnMS.exe

C:\Windows\System\QqVbnMS.exe

C:\Windows\System\DzxuxIR.exe

C:\Windows\System\DzxuxIR.exe

C:\Windows\System\FsTDPvv.exe

C:\Windows\System\FsTDPvv.exe

C:\Windows\System\fHVDxhx.exe

C:\Windows\System\fHVDxhx.exe

C:\Windows\System\FOzmelg.exe

C:\Windows\System\FOzmelg.exe

C:\Windows\System\gzKYYqF.exe

C:\Windows\System\gzKYYqF.exe

C:\Windows\System\AJXMLGW.exe

C:\Windows\System\AJXMLGW.exe

C:\Windows\System\OoNsXgM.exe

C:\Windows\System\OoNsXgM.exe

C:\Windows\System\eKLQjfT.exe

C:\Windows\System\eKLQjfT.exe

C:\Windows\System\KxftldG.exe

C:\Windows\System\KxftldG.exe

C:\Windows\System\mJeNrBg.exe

C:\Windows\System\mJeNrBg.exe

C:\Windows\System\rhpPryP.exe

C:\Windows\System\rhpPryP.exe

C:\Windows\System\uVaHtxD.exe

C:\Windows\System\uVaHtxD.exe

C:\Windows\System\jHQKkqa.exe

C:\Windows\System\jHQKkqa.exe

C:\Windows\System\xgYOzeh.exe

C:\Windows\System\xgYOzeh.exe

C:\Windows\System\UJzaWCt.exe

C:\Windows\System\UJzaWCt.exe

C:\Windows\System\xUSRlDc.exe

C:\Windows\System\xUSRlDc.exe

C:\Windows\System\jiWxBRQ.exe

C:\Windows\System\jiWxBRQ.exe

C:\Windows\System\qFlMcQt.exe

C:\Windows\System\qFlMcQt.exe

C:\Windows\System\MXiKIjS.exe

C:\Windows\System\MXiKIjS.exe

C:\Windows\System\vYBmaZw.exe

C:\Windows\System\vYBmaZw.exe

C:\Windows\System\dkdPkfJ.exe

C:\Windows\System\dkdPkfJ.exe

C:\Windows\System\sHUbCEY.exe

C:\Windows\System\sHUbCEY.exe

C:\Windows\System\ouxSHsE.exe

C:\Windows\System\ouxSHsE.exe

C:\Windows\System\PvkdLOV.exe

C:\Windows\System\PvkdLOV.exe

C:\Windows\System\yBOqYOx.exe

C:\Windows\System\yBOqYOx.exe

C:\Windows\System\auVqjCG.exe

C:\Windows\System\auVqjCG.exe

C:\Windows\System\IefwziO.exe

C:\Windows\System\IefwziO.exe

C:\Windows\System\wlEdAtL.exe

C:\Windows\System\wlEdAtL.exe

C:\Windows\System\bCStNIe.exe

C:\Windows\System\bCStNIe.exe

C:\Windows\System\ZloNDgm.exe

C:\Windows\System\ZloNDgm.exe

C:\Windows\System\KSmQbSo.exe

C:\Windows\System\KSmQbSo.exe

C:\Windows\System\FwOLXnL.exe

C:\Windows\System\FwOLXnL.exe

C:\Windows\System\MJSdHxl.exe

C:\Windows\System\MJSdHxl.exe

C:\Windows\System\vlYFwRZ.exe

C:\Windows\System\vlYFwRZ.exe

C:\Windows\System\Bpzdlaz.exe

C:\Windows\System\Bpzdlaz.exe

C:\Windows\System\mbuFeDC.exe

C:\Windows\System\mbuFeDC.exe

C:\Windows\System\WYcAlRr.exe

C:\Windows\System\WYcAlRr.exe

C:\Windows\System\bhjAmdW.exe

C:\Windows\System\bhjAmdW.exe

C:\Windows\System\LmJkHks.exe

C:\Windows\System\LmJkHks.exe

C:\Windows\System\FrSPdKZ.exe

C:\Windows\System\FrSPdKZ.exe

C:\Windows\System\ZEArdCI.exe

C:\Windows\System\ZEArdCI.exe

C:\Windows\System\RFjIYOW.exe

C:\Windows\System\RFjIYOW.exe

C:\Windows\System\NcanbuP.exe

C:\Windows\System\NcanbuP.exe

C:\Windows\System\MEiQvgw.exe

C:\Windows\System\MEiQvgw.exe

C:\Windows\System\sHfAzIi.exe

C:\Windows\System\sHfAzIi.exe

C:\Windows\System\dceRNTx.exe

C:\Windows\System\dceRNTx.exe

C:\Windows\System\mWkXmtW.exe

C:\Windows\System\mWkXmtW.exe

C:\Windows\System\jRAEARC.exe

C:\Windows\System\jRAEARC.exe

C:\Windows\System\ZkxoEGd.exe

C:\Windows\System\ZkxoEGd.exe

C:\Windows\System\VcrGDQi.exe

C:\Windows\System\VcrGDQi.exe

C:\Windows\System\GAmqpnO.exe

C:\Windows\System\GAmqpnO.exe

C:\Windows\System\JsQdBXx.exe

C:\Windows\System\JsQdBXx.exe

C:\Windows\System\ltZzJHN.exe

C:\Windows\System\ltZzJHN.exe

C:\Windows\System\UlevIJy.exe

C:\Windows\System\UlevIJy.exe

C:\Windows\System\TqPUOCi.exe

C:\Windows\System\TqPUOCi.exe

C:\Windows\System\hoKWZMa.exe

C:\Windows\System\hoKWZMa.exe

C:\Windows\System\PUucsaj.exe

C:\Windows\System\PUucsaj.exe

C:\Windows\System\XhQgkCJ.exe

C:\Windows\System\XhQgkCJ.exe

C:\Windows\System\arXXFcs.exe

C:\Windows\System\arXXFcs.exe

C:\Windows\System\XFHoURe.exe

C:\Windows\System\XFHoURe.exe

C:\Windows\System\KMgZbZf.exe

C:\Windows\System\KMgZbZf.exe

C:\Windows\System\FAQsNvb.exe

C:\Windows\System\FAQsNvb.exe

C:\Windows\System\pFbnRrZ.exe

C:\Windows\System\pFbnRrZ.exe

C:\Windows\System\rAMcXwV.exe

C:\Windows\System\rAMcXwV.exe

C:\Windows\System\VRKobog.exe

C:\Windows\System\VRKobog.exe

C:\Windows\System\LBwUjXU.exe

C:\Windows\System\LBwUjXU.exe

C:\Windows\System\JBKfRnC.exe

C:\Windows\System\JBKfRnC.exe

C:\Windows\System\JFJTXre.exe

C:\Windows\System\JFJTXre.exe

C:\Windows\System\gZqEVgp.exe

C:\Windows\System\gZqEVgp.exe

C:\Windows\System\dedtnIT.exe

C:\Windows\System\dedtnIT.exe

C:\Windows\System\VRtQfuh.exe

C:\Windows\System\VRtQfuh.exe

C:\Windows\System\eaZlSiI.exe

C:\Windows\System\eaZlSiI.exe

C:\Windows\System\QkMcXTM.exe

C:\Windows\System\QkMcXTM.exe

C:\Windows\System\NQZOATD.exe

C:\Windows\System\NQZOATD.exe

C:\Windows\System\aHGqQIs.exe

C:\Windows\System\aHGqQIs.exe

C:\Windows\System\WDEAgHc.exe

C:\Windows\System\WDEAgHc.exe

C:\Windows\System\ACaljqU.exe

C:\Windows\System\ACaljqU.exe

C:\Windows\System\VGpFMig.exe

C:\Windows\System\VGpFMig.exe

C:\Windows\System\DwGeMGc.exe

C:\Windows\System\DwGeMGc.exe

C:\Windows\System\demrJlH.exe

C:\Windows\System\demrJlH.exe

C:\Windows\System\AheGciM.exe

C:\Windows\System\AheGciM.exe

C:\Windows\System\cvawKcY.exe

C:\Windows\System\cvawKcY.exe

C:\Windows\System\NitacSV.exe

C:\Windows\System\NitacSV.exe

C:\Windows\System\kqsSnDK.exe

C:\Windows\System\kqsSnDK.exe

C:\Windows\System\AxMtqhD.exe

C:\Windows\System\AxMtqhD.exe

C:\Windows\System\dplZUxP.exe

C:\Windows\System\dplZUxP.exe

C:\Windows\System\dFIfvQO.exe

C:\Windows\System\dFIfvQO.exe

C:\Windows\System\bHnVghh.exe

C:\Windows\System\bHnVghh.exe

C:\Windows\System\doEQfYj.exe

C:\Windows\System\doEQfYj.exe

C:\Windows\System\dSJDUpV.exe

C:\Windows\System\dSJDUpV.exe

C:\Windows\System\NKLMeSN.exe

C:\Windows\System\NKLMeSN.exe

C:\Windows\System\FifsiGU.exe

C:\Windows\System\FifsiGU.exe

C:\Windows\System\iXXZEPB.exe

C:\Windows\System\iXXZEPB.exe

C:\Windows\System\iOOFDXB.exe

C:\Windows\System\iOOFDXB.exe

C:\Windows\System\lolVCxJ.exe

C:\Windows\System\lolVCxJ.exe

C:\Windows\System\AaVmgAg.exe

C:\Windows\System\AaVmgAg.exe

C:\Windows\System\CGToBJN.exe

C:\Windows\System\CGToBJN.exe

C:\Windows\System\qsberct.exe

C:\Windows\System\qsberct.exe

C:\Windows\System\vGLLJgR.exe

C:\Windows\System\vGLLJgR.exe

C:\Windows\System\TGyJGbT.exe

C:\Windows\System\TGyJGbT.exe

C:\Windows\System\etEeDQt.exe

C:\Windows\System\etEeDQt.exe

C:\Windows\System\BzqlQJV.exe

C:\Windows\System\BzqlQJV.exe

C:\Windows\System\UJoUOlR.exe

C:\Windows\System\UJoUOlR.exe

C:\Windows\System\TZikvXO.exe

C:\Windows\System\TZikvXO.exe

C:\Windows\System\IlTNixt.exe

C:\Windows\System\IlTNixt.exe

C:\Windows\System\IwffXNK.exe

C:\Windows\System\IwffXNK.exe

C:\Windows\System\FLxVmLe.exe

C:\Windows\System\FLxVmLe.exe

C:\Windows\System\ftwmhqG.exe

C:\Windows\System\ftwmhqG.exe

C:\Windows\System\rUwEVcr.exe

C:\Windows\System\rUwEVcr.exe

C:\Windows\System\EtbZBfC.exe

C:\Windows\System\EtbZBfC.exe

C:\Windows\System\egotRev.exe

C:\Windows\System\egotRev.exe

C:\Windows\System\HQlspkH.exe

C:\Windows\System\HQlspkH.exe

C:\Windows\System\ZZwzPHC.exe

C:\Windows\System\ZZwzPHC.exe

C:\Windows\System\VnaroHR.exe

C:\Windows\System\VnaroHR.exe

C:\Windows\System\ylRqeKB.exe

C:\Windows\System\ylRqeKB.exe

C:\Windows\System\ImxsgCC.exe

C:\Windows\System\ImxsgCC.exe

C:\Windows\System\hOoXtCA.exe

C:\Windows\System\hOoXtCA.exe

C:\Windows\System\JcFxMPQ.exe

C:\Windows\System\JcFxMPQ.exe

C:\Windows\System\KbItuuY.exe

C:\Windows\System\KbItuuY.exe

C:\Windows\System\PFPOhNi.exe

C:\Windows\System\PFPOhNi.exe

C:\Windows\System\MTXJlBX.exe

C:\Windows\System\MTXJlBX.exe

C:\Windows\System\OdBTuuV.exe

C:\Windows\System\OdBTuuV.exe

C:\Windows\System\BvBjuqp.exe

C:\Windows\System\BvBjuqp.exe

C:\Windows\System\SQOgFKc.exe

C:\Windows\System\SQOgFKc.exe

C:\Windows\System\LXTlxzm.exe

C:\Windows\System\LXTlxzm.exe

C:\Windows\System\UnqRVaD.exe

C:\Windows\System\UnqRVaD.exe

C:\Windows\System\YnbHWjc.exe

C:\Windows\System\YnbHWjc.exe

C:\Windows\System\ytdKSGX.exe

C:\Windows\System\ytdKSGX.exe

C:\Windows\System\WsfxRII.exe

C:\Windows\System\WsfxRII.exe

C:\Windows\System\ZutXgps.exe

C:\Windows\System\ZutXgps.exe

C:\Windows\System\mhWVBhA.exe

C:\Windows\System\mhWVBhA.exe

C:\Windows\System\vQdXpUB.exe

C:\Windows\System\vQdXpUB.exe

C:\Windows\System\cWKIoZv.exe

C:\Windows\System\cWKIoZv.exe

C:\Windows\System\jhiFrjk.exe

C:\Windows\System\jhiFrjk.exe

C:\Windows\System\ABbUpRa.exe

C:\Windows\System\ABbUpRa.exe

C:\Windows\System\KdwaPmA.exe

C:\Windows\System\KdwaPmA.exe

C:\Windows\System\MCEeCNX.exe

C:\Windows\System\MCEeCNX.exe

C:\Windows\System\jvBUgvR.exe

C:\Windows\System\jvBUgvR.exe

C:\Windows\System\ujycVSF.exe

C:\Windows\System\ujycVSF.exe

C:\Windows\System\tLhvfRX.exe

C:\Windows\System\tLhvfRX.exe

C:\Windows\System\RBNogpF.exe

C:\Windows\System\RBNogpF.exe

C:\Windows\System\zexGhKh.exe

C:\Windows\System\zexGhKh.exe

C:\Windows\System\HuveAcz.exe

C:\Windows\System\HuveAcz.exe

C:\Windows\System\VRkBvcd.exe

C:\Windows\System\VRkBvcd.exe

C:\Windows\System\TFRaHPl.exe

C:\Windows\System\TFRaHPl.exe

C:\Windows\System\OsPaqib.exe

C:\Windows\System\OsPaqib.exe

C:\Windows\System\ACwcplY.exe

C:\Windows\System\ACwcplY.exe

C:\Windows\System\YFfsBdW.exe

C:\Windows\System\YFfsBdW.exe

C:\Windows\System\fcjrjlT.exe

C:\Windows\System\fcjrjlT.exe

C:\Windows\System\nRCWCZT.exe

C:\Windows\System\nRCWCZT.exe

C:\Windows\System\yvMxuuL.exe

C:\Windows\System\yvMxuuL.exe

C:\Windows\System\qaGlHxI.exe

C:\Windows\System\qaGlHxI.exe

C:\Windows\System\fBqsJFr.exe

C:\Windows\System\fBqsJFr.exe

C:\Windows\System\hunFQKL.exe

C:\Windows\System\hunFQKL.exe

C:\Windows\System\yjLbJes.exe

C:\Windows\System\yjLbJes.exe

C:\Windows\System\TIJQPLa.exe

C:\Windows\System\TIJQPLa.exe

C:\Windows\System\RXhhacq.exe

C:\Windows\System\RXhhacq.exe

C:\Windows\System\UYTMbSJ.exe

C:\Windows\System\UYTMbSJ.exe

C:\Windows\System\XNlToum.exe

C:\Windows\System\XNlToum.exe

C:\Windows\System\DPanIPv.exe

C:\Windows\System\DPanIPv.exe

C:\Windows\System\hcOuLll.exe

C:\Windows\System\hcOuLll.exe

C:\Windows\System\mbLhnxg.exe

C:\Windows\System\mbLhnxg.exe

C:\Windows\System\OgOfROP.exe

C:\Windows\System\OgOfROP.exe

C:\Windows\System\GzggZHR.exe

C:\Windows\System\GzggZHR.exe

C:\Windows\System\LCNtXFp.exe

C:\Windows\System\LCNtXFp.exe

C:\Windows\System\UDolnFl.exe

C:\Windows\System\UDolnFl.exe

C:\Windows\System\ZPsNPbK.exe

C:\Windows\System\ZPsNPbK.exe

C:\Windows\System\RmkdiyS.exe

C:\Windows\System\RmkdiyS.exe

C:\Windows\System\mLUejxK.exe

C:\Windows\System\mLUejxK.exe

C:\Windows\System\magjvVG.exe

C:\Windows\System\magjvVG.exe

C:\Windows\System\mMCvRWu.exe

C:\Windows\System\mMCvRWu.exe

C:\Windows\System\QQpfMgN.exe

C:\Windows\System\QQpfMgN.exe

C:\Windows\System\elWXFNo.exe

C:\Windows\System\elWXFNo.exe

C:\Windows\System\pIHTeDT.exe

C:\Windows\System\pIHTeDT.exe

C:\Windows\System\uOFjmYM.exe

C:\Windows\System\uOFjmYM.exe

C:\Windows\System\XCrpQxe.exe

C:\Windows\System\XCrpQxe.exe

C:\Windows\System\rELkOPQ.exe

C:\Windows\System\rELkOPQ.exe

C:\Windows\System\QOadLMc.exe

C:\Windows\System\QOadLMc.exe

C:\Windows\System\lJPqfhF.exe

C:\Windows\System\lJPqfhF.exe

C:\Windows\System\VqmKIeB.exe

C:\Windows\System\VqmKIeB.exe

C:\Windows\System\olFcuGH.exe

C:\Windows\System\olFcuGH.exe

C:\Windows\System\BUDFMBK.exe

C:\Windows\System\BUDFMBK.exe

C:\Windows\System\BXfrfOJ.exe

C:\Windows\System\BXfrfOJ.exe

C:\Windows\System\hyxjHhQ.exe

C:\Windows\System\hyxjHhQ.exe

C:\Windows\System\XxCBpIF.exe

C:\Windows\System\XxCBpIF.exe

C:\Windows\System\idrgGkx.exe

C:\Windows\System\idrgGkx.exe

C:\Windows\System\mFudjMX.exe

C:\Windows\System\mFudjMX.exe

C:\Windows\System\YZDGTaO.exe

C:\Windows\System\YZDGTaO.exe

C:\Windows\System\YFfOqaj.exe

C:\Windows\System\YFfOqaj.exe

C:\Windows\System\ywyyJVr.exe

C:\Windows\System\ywyyJVr.exe

C:\Windows\System\nwLzUtG.exe

C:\Windows\System\nwLzUtG.exe

C:\Windows\System\CHWQDCU.exe

C:\Windows\System\CHWQDCU.exe

C:\Windows\System\sOigbod.exe

C:\Windows\System\sOigbod.exe

C:\Windows\System\XPMSoEP.exe

C:\Windows\System\XPMSoEP.exe

C:\Windows\System\dvAGdKn.exe

C:\Windows\System\dvAGdKn.exe

C:\Windows\System\oOWpPiy.exe

C:\Windows\System\oOWpPiy.exe

C:\Windows\System\ByQFBzZ.exe

C:\Windows\System\ByQFBzZ.exe

C:\Windows\System\YZCgLsP.exe

C:\Windows\System\YZCgLsP.exe

C:\Windows\System\XOaKJDd.exe

C:\Windows\System\XOaKJDd.exe

C:\Windows\System\JcBsarX.exe

C:\Windows\System\JcBsarX.exe

C:\Windows\System\eUTGxWz.exe

C:\Windows\System\eUTGxWz.exe

C:\Windows\System\yxbyOIi.exe

C:\Windows\System\yxbyOIi.exe

C:\Windows\System\dRFJCMz.exe

C:\Windows\System\dRFJCMz.exe

C:\Windows\System\JIOZGGz.exe

C:\Windows\System\JIOZGGz.exe

C:\Windows\System\SDykrsB.exe

C:\Windows\System\SDykrsB.exe

C:\Windows\System\rEhOeCz.exe

C:\Windows\System\rEhOeCz.exe

C:\Windows\System\rIdCCXl.exe

C:\Windows\System\rIdCCXl.exe

C:\Windows\System\tfaEcZK.exe

C:\Windows\System\tfaEcZK.exe

C:\Windows\System\YHrFygU.exe

C:\Windows\System\YHrFygU.exe

C:\Windows\System\wISMMug.exe

C:\Windows\System\wISMMug.exe

C:\Windows\System\xYpVazw.exe

C:\Windows\System\xYpVazw.exe

C:\Windows\System\KaNhOKr.exe

C:\Windows\System\KaNhOKr.exe

C:\Windows\System\zkcuqGj.exe

C:\Windows\System\zkcuqGj.exe

C:\Windows\System\bGhRZtF.exe

C:\Windows\System\bGhRZtF.exe

C:\Windows\System\fhJDiGU.exe

C:\Windows\System\fhJDiGU.exe

C:\Windows\System\yJnuRoy.exe

C:\Windows\System\yJnuRoy.exe

C:\Windows\System\nrPPAGD.exe

C:\Windows\System\nrPPAGD.exe

C:\Windows\System\NNurxdw.exe

C:\Windows\System\NNurxdw.exe

C:\Windows\System\MKFUVZJ.exe

C:\Windows\System\MKFUVZJ.exe

C:\Windows\System\cMOMBUl.exe

C:\Windows\System\cMOMBUl.exe

C:\Windows\System\ssXnyiv.exe

C:\Windows\System\ssXnyiv.exe

C:\Windows\System\tsHGDYe.exe

C:\Windows\System\tsHGDYe.exe

C:\Windows\System\SWeavNp.exe

C:\Windows\System\SWeavNp.exe

C:\Windows\System\SUIzWIC.exe

C:\Windows\System\SUIzWIC.exe

C:\Windows\System\XZhONsr.exe

C:\Windows\System\XZhONsr.exe

C:\Windows\System\uuwQWXL.exe

C:\Windows\System\uuwQWXL.exe

C:\Windows\System\ENclNHD.exe

C:\Windows\System\ENclNHD.exe

C:\Windows\System\AJaGdGY.exe

C:\Windows\System\AJaGdGY.exe

C:\Windows\System\rafASQZ.exe

C:\Windows\System\rafASQZ.exe

C:\Windows\System\ikqfVhT.exe

C:\Windows\System\ikqfVhT.exe

C:\Windows\System\ypZirvl.exe

C:\Windows\System\ypZirvl.exe

C:\Windows\System\zKLvkWx.exe

C:\Windows\System\zKLvkWx.exe

C:\Windows\System\BexqccV.exe

C:\Windows\System\BexqccV.exe

C:\Windows\System\ZgawSDg.exe

C:\Windows\System\ZgawSDg.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1668-0-0x00007FF65D990000-0x00007FF65DCE4000-memory.dmp

memory/1668-1-0x000001E8911C0000-0x000001E8911D0000-memory.dmp

C:\Windows\System\efeHLnj.exe

MD5 e3267e5ab4d12a5861897700cbb29dc0
SHA1 8ce56558364c18325fd551893d9ca0f7e1f1a15c
SHA256 1ec55fa361eeb6bae27382132c5487713bbf0fb891f2df34c4c8b40bab423b60
SHA512 aafe672be816a71117a4bf86dc3c2d6acaf9d477310120cbc6c68b51d0371c688e7c057a9c18aa15b71312ad52052f783b46327e978d890dd36ad5b09fbe827f

C:\Windows\System\mAIXgYG.exe

MD5 5fddf09a5912f13d758729b7f8b4f0b4
SHA1 52459810e16ef4aab866594bc60f82ae67e9883b
SHA256 45de8abe7a5e2477d6514bee2c4e1321f38bd29ae721d93eb590221ba6b93531
SHA512 8df569bd95d3e777fc2821271a1560d96e8b5bc84280380b7b2a9187516c072b4d6e09e1aabd3174ed361d31b39e4b0095ea5a60e3e928c694d2142c4aae91f4

C:\Windows\System\alNatdv.exe

MD5 9e2513a1f2b2135b2df186a762cea95b
SHA1 7fde4d290cb36d9afde8adecd0b70a1d471ecaf0
SHA256 12137c703f2e67edffc34c7bbfab9f13acabff6d8c58e094a1e3dc4c772a6b45
SHA512 4bc0e75731c08bad3f83233e48ae29f95251bbfea26a9fe09feef7e57598b360727fdb6c35191daf9433c9d77e421bb62881ae439206cb6d1833a506b73749e2

C:\Windows\System\jUNsxrh.exe

MD5 d1cae4e1c8f5a8d00efaf1c3ebf89f16
SHA1 9e16baf32001870af8d7da7454813c056f11fef0
SHA256 b6264229d0241ae245c173c31a870137a21ae92c7d52f6ee457e1f17ba422007
SHA512 915c838370c3caf71b4c26a060325d5c39f624e345a07a615ae82de7221523250ce16b878d50bfe0d22b8a1043e1add90ed2ffbf03ec8bc2a26acde14f47e7e6

C:\Windows\System\jjXmLwt.exe

MD5 f135c4d8d113d2b3e9f82b2992612f8d
SHA1 86e2e39dd6929ed841b15b48136933322925390b
SHA256 4813f42084621fd4bde093ff5199e6821f3270f50528235f4c7b1ca3bf7ad4b8
SHA512 59155c929e7b3e4cce31f4262437a77cee32045cf193f8b488e1bced1e58d4fab8c419abe08197657b348626b95cd994b447f7285fdd9c9351f33f616ad37afc

C:\Windows\System\YbSnHhL.exe

MD5 48d097835f6858d743f704406ec5b992
SHA1 4de25a7ec96a085e5de2cc9aec2cee22c302d458
SHA256 6191e201e05e435521df9be3635361472357907b54b11ebb76853e769889b8d8
SHA512 998f1cd379b8003716edc1e9db530318042058d14694088215b75e30e718e005f4fbdd57afdb477d10aa4a549c152855abb0a93feb0caa7dbf8780e48b9345af

C:\Windows\System\iIceXCW.exe

MD5 37d7672bcc2762d5e0064b71d7a06acc
SHA1 564d15a8c16106700f6a88a0fe7f37838596a998
SHA256 7a1b8ec3e61a1c39e13f6d6fa8a5b5f13a3345fd94738f1d0d9a879c9a057bcc
SHA512 d32fd798600a35edfd47fe0b6100e20c932075b8fa3161fb7e95025fd410fda468bee62e9199d31f678ba90b21a97808b76c2085061cc8304c1f134e50f0b966

C:\Windows\System\LjkYrLF.exe

MD5 5652c209097a4157ddf846ae952fe361
SHA1 ca33745dc911abb3525a667db27417b0ddf0f7a2
SHA256 d44e50a805b64778eba0045ade162728443c82e52a70bcdb32437bf6b2d6216a
SHA512 b11b4eba5f5686b6b0ac320afd9111de004dac89d981f4566c5616ec4a6cd70e2550d3ac40a4baf08953d1bfb2a1aefdceee35378a1519bd62e60ac2181d7138

C:\Windows\System\ExkGLMw.exe

MD5 934898524b69d29c7c10785a84e6a77f
SHA1 da9b86d9ce08ba47d9ea3e076c27fbfeedc1b3a4
SHA256 a3e3dc9eba536a28c04cb7cf0d76d0f56cbb2d4782c4f65f347f87cba719d97e
SHA512 655d7f8bc6cdea66e4ce31bccec3e1a9e8f8fc951e737f3b08a23d5d5029a36c047bbd88d4ac74903cdbd1ea8a1ecdb2574f880902fc1f3732e520d3fee695c8

C:\Windows\System\vuIiWKp.exe

MD5 1138c40df6ece6fe6c33b2542eaf4196
SHA1 46371e05c9c9504708ad13d0f8970ad0eebb23de
SHA256 229970f195cd5b6d923e2cd3c95f445cba10db11d559167f14cd5994fa0990cf
SHA512 7ac8c5ebd1f737ebb0afde3847f1f11da8c8b71a8da94c72c49cd049becd26bcdfeea398b84b85065c22ee878c55e7fbdafe23d7eb7bb768c1e0276e567b1db6

memory/3360-514-0x00007FF6B7000000-0x00007FF6B7354000-memory.dmp

memory/4236-524-0x00007FF72CC70000-0x00007FF72CFC4000-memory.dmp

memory/1008-525-0x00007FF7A1BD0000-0x00007FF7A1F24000-memory.dmp

memory/2124-530-0x00007FF711F20000-0x00007FF712274000-memory.dmp

memory/3660-532-0x00007FF705190000-0x00007FF7054E4000-memory.dmp

memory/4092-533-0x00007FF6E0260000-0x00007FF6E05B4000-memory.dmp

memory/1848-535-0x00007FF7A5B80000-0x00007FF7A5ED4000-memory.dmp

memory/3128-536-0x00007FF6D76B0000-0x00007FF6D7A04000-memory.dmp

memory/4444-534-0x00007FF7364D0000-0x00007FF736824000-memory.dmp

memory/3380-531-0x00007FF6E50E0000-0x00007FF6E5434000-memory.dmp

memory/2616-527-0x00007FF78F700000-0x00007FF78FA54000-memory.dmp

memory/4088-523-0x00007FF67BB60000-0x00007FF67BEB4000-memory.dmp

memory/3296-520-0x00007FF6992B0000-0x00007FF699604000-memory.dmp

memory/1932-518-0x00007FF7EF990000-0x00007FF7EFCE4000-memory.dmp

memory/2852-537-0x00007FF761010000-0x00007FF761364000-memory.dmp

memory/528-538-0x00007FF666CE0000-0x00007FF667034000-memory.dmp

memory/2372-539-0x00007FF74DEE0000-0x00007FF74E234000-memory.dmp

memory/532-541-0x00007FF75F6E0000-0x00007FF75FA34000-memory.dmp

memory/2008-540-0x00007FF683300000-0x00007FF683654000-memory.dmp

memory/3936-542-0x00007FF768380000-0x00007FF7686D4000-memory.dmp

memory/1284-543-0x00007FF62D8C0000-0x00007FF62DC14000-memory.dmp

C:\Windows\System\wxcZRdo.exe

MD5 7bc7b259fb87790aac3000c63b61a231
SHA1 bb22086c87f8b219845e5d16e84f32f7f42c989a
SHA256 2b45add3cfd991532dbf905e770029d60174b08bf33f1f0c62fece5a6ab81650
SHA512 358803aed0460453b8719191693ae470bc01718afa7a62e31a7635494be4ef630b01fb5e99d57337aebba40812ae78808a79b4b7fd978a1b7b322d21070aaba8

C:\Windows\System\PWoEISL.exe

MD5 1285e65b81ac1d0025c50d97946cb401
SHA1 ff13088037a1b19e9f84d6ceffac536d5073f496
SHA256 a4ffd31f743fac1aa4be308954d24f6f11374f02ec0096e4aed014261b4cd6ab
SHA512 42204dcdc81c68120a41a208efa5dbac48c9618864db0413769b04606b395fd901c81ae643ea2bffefd238a4ac6a8698a4f2818a300dc18c04240507f0925f14

C:\Windows\System\wiIOepu.exe

MD5 0ea45c9bdf65a6568748a692fd726792
SHA1 5ee24464049b37dafa2add376d688253a3b9b213
SHA256 63b62a518dec24f500fde1bbc6ecb4788ddff39a41c15ade5d3c369633c3061f
SHA512 cf6946a878b094d33a58636de35b665e3c1df21b7bf82b94a5eb99dce111fe0638ac71b56477b9adae28c225d47d0968da0f229c79b703c587c25b0493ca1c53

C:\Windows\System\KyHLkMb.exe

MD5 6a9facc3baf15182c935adcd8056bd48
SHA1 e43402ba588a9aaadb2c85cd4c3199f97f2b4fc9
SHA256 cc285137d324e19f4807e37ece0b5a377431c8f1f139cf47ed69f33449972594
SHA512 2b7c4aef65ba4ff318cc3756e97e40e141d451100db14d313507bc0e2fd0bc0355940d156e4c295e061aec7a0b4f8b6709a2092d28fa3d9fa72dc0e54684ba7a

C:\Windows\System\iMrOklb.exe

MD5 eda50634178cc1133cc279b7285a8969
SHA1 6f7044e6dd24773e848a88e836e429376b0dc3ae
SHA256 04bf1d295464aba0242f26cbe2f043029c642c6e61e291c1fb58ab0c714aff3e
SHA512 40cd5dac74185322044b49c3636a4fcf3fc02f954296c486ebf73f8e86b8a9d425d59fed120ea0e0c36aca2953a7ffae94828442e905291894740071d1e3abd2

C:\Windows\System\cpOJCcs.exe

MD5 7b61933fbbb6729a0d190dfb29422841
SHA1 51e5a80af524db1f0e85d7c0eb1f53f1cb87ad16
SHA256 e478ec6db877c30673de141800cbdc59ccd38032a73a1d5ad69285a67572ce1f
SHA512 9ea242fb39ae4c2c6748b00ee00108ee1876933cb5750bbcd4db7e5aa78bc78fd649dd25fcc6ab78442323956fc807f8e3e96d274529ad9431c1685c91077888

C:\Windows\System\BdhuUXw.exe

MD5 7a9db1b4cef1f827ebd4653ac9bb55b3
SHA1 9220e5e3ec32c60cc93bb0139c8656af5585d2e8
SHA256 f8cbe105886d21fbbe246662fb4101ff5f4ed09430ce40ffb02ae97541ec5814
SHA512 544e485a3f1fc6a4ba5a7080e443ff9ea5ec9d823bfece9995d1b77e36695a24f255ea2f1cabfa6a2b970563ccacd46c615cf2586c6faf2bae1f1cc035fc0429

C:\Windows\System\mDERIaj.exe

MD5 537698d65d2d1aade94957c7e4b3c7e4
SHA1 874d5fdd28f0d4bbbd35d24e41c7fc697863d939
SHA256 7a333f603a22fb3e28c6933d05fbe301026d68f3654a6125ae4989ca5848314b
SHA512 956fa987d5a29893902d830517aad53a7ce88ce139243331cf458348f9965026e9a5770359856407f2f1ef9f5a02c3ddb3653ac3139320470d06b287ba6d8509

C:\Windows\System\QcZzevG.exe

MD5 34506c8394b9abd236f45a8ddbb22c7e
SHA1 4f7adaab7c3d67c22a3bc27ade96ea1da008a4a7
SHA256 ddd6e9816a497afc2c6211d46ca1b1c1f448dd678edac84b2d315fe34bfae973
SHA512 df4f1417d9f7670cfc2850330c87b4d210efc52119e558ebc5c3cbcaf1d162a6a59f1923ee4955789996e16317d290485730ba75933f5852ba26dce131593043

C:\Windows\System\xpLaPxp.exe

MD5 9d2f564d0cea04ab7274c6a01bd1a253
SHA1 7969a94f4639792862d63715cdb1843a1dddc632
SHA256 2205818e519d09a5f895bc601ef74c3f04fb0b3b4e412bfa7aa5930cb0852425
SHA512 58b1e5a5b49b11e6b097bac2956ab5e5141c8a1f88865aa66d8846309c54207382b9fa70fdf723d76dc0cd1b962867a1fa6f9c18d04d2013ed550581ad7737e1

C:\Windows\System\WcYUPdx.exe

MD5 92b26880c3705102bb8f02d32acf859a
SHA1 844345d84c0a43f949216ef125ab32ba616fdb20
SHA256 477eb27468aec1df78ea3f293fc8f944aec8d8d155bb2792015819d316aadac6
SHA512 1eef0b2544c8e7799494c86353235ac6a555372820d4d6ae5b9499fda5a7c36dc4d7fa70a069e8d7410b6e6d240502e995bcdbd8dec5b5063a69ebf583e647dc

C:\Windows\System\hrMXiJM.exe

MD5 6bb0351aae3b5a524dca6be1c3923a74
SHA1 6969dad03ad20db0f4bb5401cd741212a45fc343
SHA256 cadf22a38f76a778c5a68d80ef0bc5b5ba8cdca9d96cb6b2bf4a6024d52805f5
SHA512 592c6f463b682b3f39c0d5a377bd6313b96eedb3c0788c7f0d0a76976a185ccc5697e2159daa7376d32f81e22ccf4e0c4cdcb5797d529a871bdf9fe1d52fcfc5

C:\Windows\System\obxkMPD.exe

MD5 f216dc1c7d17ff139f6f44232a5b41b2
SHA1 f7673ded87ebbf528899de2de55c91805ef6770d
SHA256 1749f409cfc20eb1fe564441b885f2074e0114860ebeb1828bc4a88c6b6549d5
SHA512 4f489aa42bfa03224176fd4af400a6df46dd8184799ab1958d733bf4a05b121d8fcac18114b7c957b82311caa0e597eaf424f18b7aa72688fcc789a80e3e070c

C:\Windows\System\AAaFYCN.exe

MD5 e55fc712b5fc422d3390cd70c7d1822e
SHA1 581dd797ee4ff98050a246e7c23bd4382a17ac63
SHA256 df2650f93440a47d14d54f5926fbb780688f99f4605b82d2ae9f0bd63c30a109
SHA512 23e4f54855f6c14c23e44bac6064670afd57ef88bce3908a0a4e0f0b50695875b3c300af072bd33ed2bf391883bad6ede090f9f5568eab10421f82634bb77db5

C:\Windows\System\OALjueG.exe

MD5 ded9d4d79d9c39eb50c74be5afe65212
SHA1 b97481ba80cc610718bbefad242ee4e9ba7fae35
SHA256 9effbf0199a78f4c37f6e8edf42fc6f9c79d0bf6ef5c65a6e14dce301113198d
SHA512 642c952dab7be61fd5b4907143d46d2e39f8cd244d632cae4bec424b10050d0329cb0276ccaabe530f3b878034d3581e832bb75416000a94bca92c413b241984

C:\Windows\System\ROiIMAM.exe

MD5 4c18241161ba4e8ebb53e8d9ded6498d
SHA1 7a1f626ec916c9c8e1d8b0e871ab8be23559414b
SHA256 94538a6d37e674749a13b880dfb4dc224e843a3aedcd915d1015d1b51be1d329
SHA512 2389a3b29136046be91f2c378eb25749fb89965906f2793be5548a5227ab0f9db8eb96c42e1a4ed1a9ac57e4867a5b6a290b3d737cb732f1352f471d866083f6

C:\Windows\System\LWvWPXz.exe

MD5 ef7699aaca003233d4656d8173a9dd0c
SHA1 d6ca31c4648957929ed6276e5e8c411418dca55f
SHA256 a1a5a48541d1856698783b561aa4b765d0e0cbc1a9eddc10e438a035c0aacd3c
SHA512 4ee73f19e1c440b958bd571571d534042e4398e7dddbd6699ad1a141f6c3bce633fe3a9166357e3e9e1afd393becb1c95b1a13da86ccd5dbf07f476b036996a8

memory/1420-62-0x00007FF75E780000-0x00007FF75EAD4000-memory.dmp

C:\Windows\System\NKapjOZ.exe

MD5 42f9ae1b016ae3c42725c87e894bbe1b
SHA1 2e56f368064b2d7cca708431a3c84d13b2492f23
SHA256 6981a18b65db257794d6215406d8fb6aaf8198fdf26327875168aed17e71305b
SHA512 783601db82ee94b45f23134e45c30a2dbcaaa94f3a1b7c9eaecc99579c1f77c8bf714b88d98f1969ad7ca62ef8122bd19dc82a4acdf9aac75e619e429c47aed7

memory/3600-57-0x00007FF6FC910000-0x00007FF6FCC64000-memory.dmp

memory/4952-56-0x00007FF64B260000-0x00007FF64B5B4000-memory.dmp

memory/3524-52-0x00007FF7EBFA0000-0x00007FF7EC2F4000-memory.dmp

C:\Windows\System\cLNANbC.exe

MD5 315951fd299f55041ca27f24742f13e3
SHA1 9b76488e6a5ec0fc5b3d1993e259b4fd59fbdca8
SHA256 d9f157f07ccc65df53d0f95ed9f930cc98b7b86c13fbe61889c574c8d14421af
SHA512 2bcd47484f58a675c5b95038261b55075a5a292209b5ce313352c443a0ed100c818709114e8b666a03743657feef56f5ea44979b845c27a2b1d7e7db49ac2f2c

C:\Windows\System\xPbJZRt.exe

MD5 ff8bec0c81acd708c58fae6b39a6a30f
SHA1 3cd4b549d713e562e50e2e47eb99e94e1b1ff24a
SHA256 6dba3ada7b028d561f88602a998b021732142ad222e393da10185058bae797c8
SHA512 a8d4d0ebf64b732393b37a6e0d503812e47fbf801f63c78d0df551f2be50d82535ed6c002c9a5fe0c1a9aed2def1dcb2b98ac32fb0e307c4b35e80a81e5d3a0e

memory/3496-39-0x00007FF7782D0000-0x00007FF778624000-memory.dmp

memory/1892-35-0x00007FF729270000-0x00007FF7295C4000-memory.dmp

C:\Windows\System\BarrVWX.exe

MD5 136a7d67885bd8a5e4c28178a1fc69dc
SHA1 069f5e9cf58caa38d7ae81515da090242e85f9e2
SHA256 469479c9b85b7be2ad2df12071eafefa5ff52847a1c9315b15d8f237aab7aae3
SHA512 976f93ff47d8ba8b8d0e33c668b46621c1e1d60138874097145a7d393c61cb75cc236af3a957c22facb1cbae5e957b78503c706045e61303cd88383b6881e97e

memory/4752-24-0x00007FF7A6F20000-0x00007FF7A7274000-memory.dmp

memory/4340-20-0x00007FF6C38E0000-0x00007FF6C3C34000-memory.dmp

C:\Windows\System\xnilIjU.exe

MD5 498075be636ee9c95ee54440c3dcac25
SHA1 d168aebad1cf7c1f8c075934e52629c6ab370800
SHA256 9f951c5181de1d4ff1249b569409093d760fdbaf4df2e8de09ca2af565975dfb
SHA512 8b158f66c66d88e3aaa8c391dbb4df290f74ffb1bef56fb1b116c13423479684d3d8c6aa54e4bd6a5af05b467c83bab39d6a09af637ee98218be3e04fe84c95c

memory/1668-1070-0x00007FF65D990000-0x00007FF65DCE4000-memory.dmp

memory/4340-1071-0x00007FF6C38E0000-0x00007FF6C3C34000-memory.dmp

memory/4952-1072-0x00007FF64B260000-0x00007FF64B5B4000-memory.dmp

memory/4340-1073-0x00007FF6C38E0000-0x00007FF6C3C34000-memory.dmp

memory/4752-1075-0x00007FF7A6F20000-0x00007FF7A7274000-memory.dmp

memory/1892-1074-0x00007FF729270000-0x00007FF7295C4000-memory.dmp

memory/3524-1076-0x00007FF7EBFA0000-0x00007FF7EC2F4000-memory.dmp

memory/3496-1077-0x00007FF7782D0000-0x00007FF778624000-memory.dmp

memory/1420-1078-0x00007FF75E780000-0x00007FF75EAD4000-memory.dmp

memory/3600-1079-0x00007FF6FC910000-0x00007FF6FCC64000-memory.dmp

memory/3360-1080-0x00007FF6B7000000-0x00007FF6B7354000-memory.dmp

memory/4952-1081-0x00007FF64B260000-0x00007FF64B5B4000-memory.dmp

memory/1932-1082-0x00007FF7EF990000-0x00007FF7EFCE4000-memory.dmp

memory/3936-1084-0x00007FF768380000-0x00007FF7686D4000-memory.dmp

memory/1284-1083-0x00007FF62D8C0000-0x00007FF62DC14000-memory.dmp

memory/4236-1089-0x00007FF72CC70000-0x00007FF72CFC4000-memory.dmp

memory/2124-1090-0x00007FF711F20000-0x00007FF712274000-memory.dmp

memory/1008-1088-0x00007FF7A1BD0000-0x00007FF7A1F24000-memory.dmp

memory/2616-1087-0x00007FF78F700000-0x00007FF78FA54000-memory.dmp

memory/3296-1086-0x00007FF6992B0000-0x00007FF699604000-memory.dmp

memory/4088-1085-0x00007FF67BB60000-0x00007FF67BEB4000-memory.dmp

memory/3660-1092-0x00007FF705190000-0x00007FF7054E4000-memory.dmp

memory/4092-1093-0x00007FF6E0260000-0x00007FF6E05B4000-memory.dmp

memory/3380-1091-0x00007FF6E50E0000-0x00007FF6E5434000-memory.dmp

memory/1848-1099-0x00007FF7A5B80000-0x00007FF7A5ED4000-memory.dmp

memory/4444-1100-0x00007FF7364D0000-0x00007FF736824000-memory.dmp

memory/3128-1098-0x00007FF6D76B0000-0x00007FF6D7A04000-memory.dmp

memory/2852-1097-0x00007FF761010000-0x00007FF761364000-memory.dmp

memory/528-1096-0x00007FF666CE0000-0x00007FF667034000-memory.dmp

memory/2372-1095-0x00007FF74DEE0000-0x00007FF74E234000-memory.dmp

memory/2008-1094-0x00007FF683300000-0x00007FF683654000-memory.dmp

memory/532-1101-0x00007FF75F6E0000-0x00007FF75FA34000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 07:26

Reported

2024-05-31 07:29

Platform

win7-20240221-en

Max time kernel

125s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ocuFHPM.exe N/A
N/A N/A C:\Windows\System\zoOtPdv.exe N/A
N/A N/A C:\Windows\System\fbCMXDP.exe N/A
N/A N/A C:\Windows\System\IsyGDQL.exe N/A
N/A N/A C:\Windows\System\xTichCP.exe N/A
N/A N/A C:\Windows\System\LzPYXOd.exe N/A
N/A N/A C:\Windows\System\FKwxqoW.exe N/A
N/A N/A C:\Windows\System\uydgwFB.exe N/A
N/A N/A C:\Windows\System\THJikYW.exe N/A
N/A N/A C:\Windows\System\mTKtcKw.exe N/A
N/A N/A C:\Windows\System\thgNnbo.exe N/A
N/A N/A C:\Windows\System\DkSUwOC.exe N/A
N/A N/A C:\Windows\System\bTPUmJc.exe N/A
N/A N/A C:\Windows\System\elXBibs.exe N/A
N/A N/A C:\Windows\System\mRQGuhE.exe N/A
N/A N/A C:\Windows\System\LpilPOH.exe N/A
N/A N/A C:\Windows\System\qmyoeiM.exe N/A
N/A N/A C:\Windows\System\bbjaCwN.exe N/A
N/A N/A C:\Windows\System\ZhseGfl.exe N/A
N/A N/A C:\Windows\System\qCJMxmv.exe N/A
N/A N/A C:\Windows\System\yRpItUN.exe N/A
N/A N/A C:\Windows\System\sKmwWMi.exe N/A
N/A N/A C:\Windows\System\hAlpmxS.exe N/A
N/A N/A C:\Windows\System\MWmjzqC.exe N/A
N/A N/A C:\Windows\System\WRDMiwo.exe N/A
N/A N/A C:\Windows\System\bVDeSMV.exe N/A
N/A N/A C:\Windows\System\VmPgrTH.exe N/A
N/A N/A C:\Windows\System\IABFvAe.exe N/A
N/A N/A C:\Windows\System\HRYUkRY.exe N/A
N/A N/A C:\Windows\System\YNCoOAo.exe N/A
N/A N/A C:\Windows\System\biLdjUf.exe N/A
N/A N/A C:\Windows\System\ViYdGDs.exe N/A
N/A N/A C:\Windows\System\DTUSzYL.exe N/A
N/A N/A C:\Windows\System\NyIkmgE.exe N/A
N/A N/A C:\Windows\System\dmsQNoy.exe N/A
N/A N/A C:\Windows\System\REkNjww.exe N/A
N/A N/A C:\Windows\System\OZvrBZy.exe N/A
N/A N/A C:\Windows\System\PdklioI.exe N/A
N/A N/A C:\Windows\System\LrOwMMJ.exe N/A
N/A N/A C:\Windows\System\wmumnPl.exe N/A
N/A N/A C:\Windows\System\jMHSoYa.exe N/A
N/A N/A C:\Windows\System\MiOJpyq.exe N/A
N/A N/A C:\Windows\System\xZfKarX.exe N/A
N/A N/A C:\Windows\System\noSrjzL.exe N/A
N/A N/A C:\Windows\System\ZzZQKSL.exe N/A
N/A N/A C:\Windows\System\UvPCpoC.exe N/A
N/A N/A C:\Windows\System\NQkHteb.exe N/A
N/A N/A C:\Windows\System\BGrpKhu.exe N/A
N/A N/A C:\Windows\System\YwhiZWM.exe N/A
N/A N/A C:\Windows\System\wgrUVSd.exe N/A
N/A N/A C:\Windows\System\HMdQZfo.exe N/A
N/A N/A C:\Windows\System\cdNCdlA.exe N/A
N/A N/A C:\Windows\System\csqJpTb.exe N/A
N/A N/A C:\Windows\System\UkTvrJc.exe N/A
N/A N/A C:\Windows\System\fKHZefX.exe N/A
N/A N/A C:\Windows\System\rSDttCq.exe N/A
N/A N/A C:\Windows\System\QriijCJ.exe N/A
N/A N/A C:\Windows\System\miohaIc.exe N/A
N/A N/A C:\Windows\System\YYXvTjJ.exe N/A
N/A N/A C:\Windows\System\KOCZdsI.exe N/A
N/A N/A C:\Windows\System\DSmQOOM.exe N/A
N/A N/A C:\Windows\System\oGVcDTy.exe N/A
N/A N/A C:\Windows\System\rBQCxbH.exe N/A
N/A N/A C:\Windows\System\vkMdDdP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QriijCJ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NhcgNPn.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwAUMth.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnYHgKb.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsJPQIU.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKKDhKw.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dhAhTeD.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJHhAJe.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVPafre.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvjviRD.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDKCTMm.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\csqJpTb.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyxBfiO.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxOonSS.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwuAqAA.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YqpYPHQ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\etNNIhv.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNyVcWB.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qmyoeiM.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNCoOAo.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiOJpyq.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtjKKDF.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMOJWAO.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRADLvc.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsIprzy.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WcSkLwi.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAsKunb.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxKEoXs.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwvoYoG.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJyiTYM.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgqHuMH.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSDttCq.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIqEUQu.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ucklhcu.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vinAThW.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MofwwOK.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjbBEqz.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqxHIQA.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMWyczs.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwgkoWQ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtdoDEX.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoOtPdv.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYXvTjJ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cuGOxky.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXjlFHN.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyKBadI.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\clMoveh.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVkmouG.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUJzzWd.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HMsPtYo.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uydgwFB.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuZIEFH.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdrewTb.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJSCUCY.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfNOBtJ.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ytkgaKF.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuYIiOK.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HEoNbTH.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfYFVXt.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UflKYmt.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPwtAob.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkOcwdq.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AyAkoZK.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQukCYt.exe C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 856 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ocuFHPM.exe
PID 856 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ocuFHPM.exe
PID 856 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ocuFHPM.exe
PID 856 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\zoOtPdv.exe
PID 856 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\zoOtPdv.exe
PID 856 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\zoOtPdv.exe
PID 856 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\fbCMXDP.exe
PID 856 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\fbCMXDP.exe
PID 856 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\fbCMXDP.exe
PID 856 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\IsyGDQL.exe
PID 856 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\IsyGDQL.exe
PID 856 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\IsyGDQL.exe
PID 856 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xTichCP.exe
PID 856 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xTichCP.exe
PID 856 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\xTichCP.exe
PID 856 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LzPYXOd.exe
PID 856 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LzPYXOd.exe
PID 856 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LzPYXOd.exe
PID 856 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\FKwxqoW.exe
PID 856 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\FKwxqoW.exe
PID 856 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\FKwxqoW.exe
PID 856 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\uydgwFB.exe
PID 856 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\uydgwFB.exe
PID 856 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\uydgwFB.exe
PID 856 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\THJikYW.exe
PID 856 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\THJikYW.exe
PID 856 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\THJikYW.exe
PID 856 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bTPUmJc.exe
PID 856 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bTPUmJc.exe
PID 856 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bTPUmJc.exe
PID 856 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mTKtcKw.exe
PID 856 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mTKtcKw.exe
PID 856 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mTKtcKw.exe
PID 856 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LpilPOH.exe
PID 856 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LpilPOH.exe
PID 856 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\LpilPOH.exe
PID 856 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\thgNnbo.exe
PID 856 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\thgNnbo.exe
PID 856 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\thgNnbo.exe
PID 856 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qmyoeiM.exe
PID 856 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qmyoeiM.exe
PID 856 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qmyoeiM.exe
PID 856 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\DkSUwOC.exe
PID 856 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\DkSUwOC.exe
PID 856 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\DkSUwOC.exe
PID 856 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bbjaCwN.exe
PID 856 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bbjaCwN.exe
PID 856 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\bbjaCwN.exe
PID 856 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\elXBibs.exe
PID 856 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\elXBibs.exe
PID 856 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\elXBibs.exe
PID 856 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ZhseGfl.exe
PID 856 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ZhseGfl.exe
PID 856 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\ZhseGfl.exe
PID 856 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mRQGuhE.exe
PID 856 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mRQGuhE.exe
PID 856 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\mRQGuhE.exe
PID 856 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qCJMxmv.exe
PID 856 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qCJMxmv.exe
PID 856 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\qCJMxmv.exe
PID 856 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\yRpItUN.exe
PID 856 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\yRpItUN.exe
PID 856 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\yRpItUN.exe
PID 856 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe C:\Windows\System\hAlpmxS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7cb99f434dc681dfc4398f2609fef8d0_NeikiAnalytics.exe"

C:\Windows\System\ocuFHPM.exe

C:\Windows\System\ocuFHPM.exe

C:\Windows\System\zoOtPdv.exe

C:\Windows\System\zoOtPdv.exe

C:\Windows\System\fbCMXDP.exe

C:\Windows\System\fbCMXDP.exe

C:\Windows\System\IsyGDQL.exe

C:\Windows\System\IsyGDQL.exe

C:\Windows\System\xTichCP.exe

C:\Windows\System\xTichCP.exe

C:\Windows\System\LzPYXOd.exe

C:\Windows\System\LzPYXOd.exe

C:\Windows\System\FKwxqoW.exe

C:\Windows\System\FKwxqoW.exe

C:\Windows\System\uydgwFB.exe

C:\Windows\System\uydgwFB.exe

C:\Windows\System\THJikYW.exe

C:\Windows\System\THJikYW.exe

C:\Windows\System\bTPUmJc.exe

C:\Windows\System\bTPUmJc.exe

C:\Windows\System\mTKtcKw.exe

C:\Windows\System\mTKtcKw.exe

C:\Windows\System\LpilPOH.exe

C:\Windows\System\LpilPOH.exe

C:\Windows\System\thgNnbo.exe

C:\Windows\System\thgNnbo.exe

C:\Windows\System\qmyoeiM.exe

C:\Windows\System\qmyoeiM.exe

C:\Windows\System\DkSUwOC.exe

C:\Windows\System\DkSUwOC.exe

C:\Windows\System\bbjaCwN.exe

C:\Windows\System\bbjaCwN.exe

C:\Windows\System\elXBibs.exe

C:\Windows\System\elXBibs.exe

C:\Windows\System\ZhseGfl.exe

C:\Windows\System\ZhseGfl.exe

C:\Windows\System\mRQGuhE.exe

C:\Windows\System\mRQGuhE.exe

C:\Windows\System\qCJMxmv.exe

C:\Windows\System\qCJMxmv.exe

C:\Windows\System\yRpItUN.exe

C:\Windows\System\yRpItUN.exe

C:\Windows\System\hAlpmxS.exe

C:\Windows\System\hAlpmxS.exe

C:\Windows\System\sKmwWMi.exe

C:\Windows\System\sKmwWMi.exe

C:\Windows\System\WRDMiwo.exe

C:\Windows\System\WRDMiwo.exe

C:\Windows\System\MWmjzqC.exe

C:\Windows\System\MWmjzqC.exe

C:\Windows\System\VmPgrTH.exe

C:\Windows\System\VmPgrTH.exe

C:\Windows\System\bVDeSMV.exe

C:\Windows\System\bVDeSMV.exe

C:\Windows\System\IABFvAe.exe

C:\Windows\System\IABFvAe.exe

C:\Windows\System\HRYUkRY.exe

C:\Windows\System\HRYUkRY.exe

C:\Windows\System\YNCoOAo.exe

C:\Windows\System\YNCoOAo.exe

C:\Windows\System\biLdjUf.exe

C:\Windows\System\biLdjUf.exe

C:\Windows\System\ViYdGDs.exe

C:\Windows\System\ViYdGDs.exe

C:\Windows\System\DTUSzYL.exe

C:\Windows\System\DTUSzYL.exe

C:\Windows\System\NyIkmgE.exe

C:\Windows\System\NyIkmgE.exe

C:\Windows\System\dmsQNoy.exe

C:\Windows\System\dmsQNoy.exe

C:\Windows\System\REkNjww.exe

C:\Windows\System\REkNjww.exe

C:\Windows\System\OZvrBZy.exe

C:\Windows\System\OZvrBZy.exe

C:\Windows\System\PdklioI.exe

C:\Windows\System\PdklioI.exe

C:\Windows\System\LrOwMMJ.exe

C:\Windows\System\LrOwMMJ.exe

C:\Windows\System\wmumnPl.exe

C:\Windows\System\wmumnPl.exe

C:\Windows\System\jMHSoYa.exe

C:\Windows\System\jMHSoYa.exe

C:\Windows\System\NQkHteb.exe

C:\Windows\System\NQkHteb.exe

C:\Windows\System\MiOJpyq.exe

C:\Windows\System\MiOJpyq.exe

C:\Windows\System\BGrpKhu.exe

C:\Windows\System\BGrpKhu.exe

C:\Windows\System\xZfKarX.exe

C:\Windows\System\xZfKarX.exe

C:\Windows\System\YwhiZWM.exe

C:\Windows\System\YwhiZWM.exe

C:\Windows\System\noSrjzL.exe

C:\Windows\System\noSrjzL.exe

C:\Windows\System\wgrUVSd.exe

C:\Windows\System\wgrUVSd.exe

C:\Windows\System\ZzZQKSL.exe

C:\Windows\System\ZzZQKSL.exe

C:\Windows\System\HMdQZfo.exe

C:\Windows\System\HMdQZfo.exe

C:\Windows\System\UvPCpoC.exe

C:\Windows\System\UvPCpoC.exe

C:\Windows\System\cdNCdlA.exe

C:\Windows\System\cdNCdlA.exe

C:\Windows\System\csqJpTb.exe

C:\Windows\System\csqJpTb.exe

C:\Windows\System\UkTvrJc.exe

C:\Windows\System\UkTvrJc.exe

C:\Windows\System\fKHZefX.exe

C:\Windows\System\fKHZefX.exe

C:\Windows\System\rSDttCq.exe

C:\Windows\System\rSDttCq.exe

C:\Windows\System\QriijCJ.exe

C:\Windows\System\QriijCJ.exe

C:\Windows\System\miohaIc.exe

C:\Windows\System\miohaIc.exe

C:\Windows\System\YYXvTjJ.exe

C:\Windows\System\YYXvTjJ.exe

C:\Windows\System\KOCZdsI.exe

C:\Windows\System\KOCZdsI.exe

C:\Windows\System\DSmQOOM.exe

C:\Windows\System\DSmQOOM.exe

C:\Windows\System\oGVcDTy.exe

C:\Windows\System\oGVcDTy.exe

C:\Windows\System\rBQCxbH.exe

C:\Windows\System\rBQCxbH.exe

C:\Windows\System\vkMdDdP.exe

C:\Windows\System\vkMdDdP.exe

C:\Windows\System\ZwUXAam.exe

C:\Windows\System\ZwUXAam.exe

C:\Windows\System\IIlmGql.exe

C:\Windows\System\IIlmGql.exe

C:\Windows\System\YCOfvoV.exe

C:\Windows\System\YCOfvoV.exe

C:\Windows\System\yFRNDIB.exe

C:\Windows\System\yFRNDIB.exe

C:\Windows\System\dGGsvdl.exe

C:\Windows\System\dGGsvdl.exe

C:\Windows\System\PUImcvr.exe

C:\Windows\System\PUImcvr.exe

C:\Windows\System\fhtyUQH.exe

C:\Windows\System\fhtyUQH.exe

C:\Windows\System\vwUNJFz.exe

C:\Windows\System\vwUNJFz.exe

C:\Windows\System\EfNOBtJ.exe

C:\Windows\System\EfNOBtJ.exe

C:\Windows\System\cuGOxky.exe

C:\Windows\System\cuGOxky.exe

C:\Windows\System\LAsKunb.exe

C:\Windows\System\LAsKunb.exe

C:\Windows\System\SQxAvoC.exe

C:\Windows\System\SQxAvoC.exe

C:\Windows\System\BqCdNKh.exe

C:\Windows\System\BqCdNKh.exe

C:\Windows\System\XFkxtNt.exe

C:\Windows\System\XFkxtNt.exe

C:\Windows\System\OIXonzR.exe

C:\Windows\System\OIXonzR.exe

C:\Windows\System\WtjKKDF.exe

C:\Windows\System\WtjKKDF.exe

C:\Windows\System\AwUlInK.exe

C:\Windows\System\AwUlInK.exe

C:\Windows\System\rSyGHgQ.exe

C:\Windows\System\rSyGHgQ.exe

C:\Windows\System\tIbjGjV.exe

C:\Windows\System\tIbjGjV.exe

C:\Windows\System\XsFCzqO.exe

C:\Windows\System\XsFCzqO.exe

C:\Windows\System\SVEjfOr.exe

C:\Windows\System\SVEjfOr.exe

C:\Windows\System\QIqYfEg.exe

C:\Windows\System\QIqYfEg.exe

C:\Windows\System\zNADbPM.exe

C:\Windows\System\zNADbPM.exe

C:\Windows\System\gkGxUsL.exe

C:\Windows\System\gkGxUsL.exe

C:\Windows\System\ytkgaKF.exe

C:\Windows\System\ytkgaKF.exe

C:\Windows\System\veHvBKj.exe

C:\Windows\System\veHvBKj.exe

C:\Windows\System\OdzUOCp.exe

C:\Windows\System\OdzUOCp.exe

C:\Windows\System\szoWpdq.exe

C:\Windows\System\szoWpdq.exe

C:\Windows\System\kSSQzIq.exe

C:\Windows\System\kSSQzIq.exe

C:\Windows\System\KsRjrxi.exe

C:\Windows\System\KsRjrxi.exe

C:\Windows\System\mVkmouG.exe

C:\Windows\System\mVkmouG.exe

C:\Windows\System\kRDEzBc.exe

C:\Windows\System\kRDEzBc.exe

C:\Windows\System\bbfRpAD.exe

C:\Windows\System\bbfRpAD.exe

C:\Windows\System\TSxySqq.exe

C:\Windows\System\TSxySqq.exe

C:\Windows\System\qeDVyeL.exe

C:\Windows\System\qeDVyeL.exe

C:\Windows\System\qsQRfhk.exe

C:\Windows\System\qsQRfhk.exe

C:\Windows\System\sDEzJDa.exe

C:\Windows\System\sDEzJDa.exe

C:\Windows\System\mqCHKGY.exe

C:\Windows\System\mqCHKGY.exe

C:\Windows\System\qIqEUQu.exe

C:\Windows\System\qIqEUQu.exe

C:\Windows\System\Ucklhcu.exe

C:\Windows\System\Ucklhcu.exe

C:\Windows\System\wlzfboU.exe

C:\Windows\System\wlzfboU.exe

C:\Windows\System\rNgtjJK.exe

C:\Windows\System\rNgtjJK.exe

C:\Windows\System\mlFgpva.exe

C:\Windows\System\mlFgpva.exe

C:\Windows\System\UflKYmt.exe

C:\Windows\System\UflKYmt.exe

C:\Windows\System\lqffxbL.exe

C:\Windows\System\lqffxbL.exe

C:\Windows\System\mpPdSgh.exe

C:\Windows\System\mpPdSgh.exe

C:\Windows\System\BQleGAd.exe

C:\Windows\System\BQleGAd.exe

C:\Windows\System\xwvoYoG.exe

C:\Windows\System\xwvoYoG.exe

C:\Windows\System\NhcgNPn.exe

C:\Windows\System\NhcgNPn.exe

C:\Windows\System\hyxBfiO.exe

C:\Windows\System\hyxBfiO.exe

C:\Windows\System\DeUMBTS.exe

C:\Windows\System\DeUMBTS.exe

C:\Windows\System\vinAThW.exe

C:\Windows\System\vinAThW.exe

C:\Windows\System\GHirmQS.exe

C:\Windows\System\GHirmQS.exe

C:\Windows\System\WQpWxpM.exe

C:\Windows\System\WQpWxpM.exe

C:\Windows\System\HPIWIsx.exe

C:\Windows\System\HPIWIsx.exe

C:\Windows\System\EqxHIQA.exe

C:\Windows\System\EqxHIQA.exe

C:\Windows\System\yzvhcMo.exe

C:\Windows\System\yzvhcMo.exe

C:\Windows\System\DpNzbTh.exe

C:\Windows\System\DpNzbTh.exe

C:\Windows\System\tSjTNNm.exe

C:\Windows\System\tSjTNNm.exe

C:\Windows\System\TrNcanB.exe

C:\Windows\System\TrNcanB.exe

C:\Windows\System\vFWBnrm.exe

C:\Windows\System\vFWBnrm.exe

C:\Windows\System\zXvpizM.exe

C:\Windows\System\zXvpizM.exe

C:\Windows\System\pzneGCN.exe

C:\Windows\System\pzneGCN.exe

C:\Windows\System\AZYciDY.exe

C:\Windows\System\AZYciDY.exe

C:\Windows\System\NYBTCqs.exe

C:\Windows\System\NYBTCqs.exe

C:\Windows\System\dhAhTeD.exe

C:\Windows\System\dhAhTeD.exe

C:\Windows\System\cXjlFHN.exe

C:\Windows\System\cXjlFHN.exe

C:\Windows\System\qxOonSS.exe

C:\Windows\System\qxOonSS.exe

C:\Windows\System\tHLDDjV.exe

C:\Windows\System\tHLDDjV.exe

C:\Windows\System\sNrYgCM.exe

C:\Windows\System\sNrYgCM.exe

C:\Windows\System\bDNoPOI.exe

C:\Windows\System\bDNoPOI.exe

C:\Windows\System\fPwtAob.exe

C:\Windows\System\fPwtAob.exe

C:\Windows\System\eZQtiwg.exe

C:\Windows\System\eZQtiwg.exe

C:\Windows\System\sZWWWhS.exe

C:\Windows\System\sZWWWhS.exe

C:\Windows\System\cGQIgYE.exe

C:\Windows\System\cGQIgYE.exe

C:\Windows\System\mfjcHHq.exe

C:\Windows\System\mfjcHHq.exe

C:\Windows\System\UrUXJst.exe

C:\Windows\System\UrUXJst.exe

C:\Windows\System\aUBObci.exe

C:\Windows\System\aUBObci.exe

C:\Windows\System\mgknXpa.exe

C:\Windows\System\mgknXpa.exe

C:\Windows\System\hMHxsJk.exe

C:\Windows\System\hMHxsJk.exe

C:\Windows\System\YyIFXBF.exe

C:\Windows\System\YyIFXBF.exe

C:\Windows\System\pMOJWAO.exe

C:\Windows\System\pMOJWAO.exe

C:\Windows\System\YfCabMc.exe

C:\Windows\System\YfCabMc.exe

C:\Windows\System\BZwEeyC.exe

C:\Windows\System\BZwEeyC.exe

C:\Windows\System\yOEXnqH.exe

C:\Windows\System\yOEXnqH.exe

C:\Windows\System\ewJKIAC.exe

C:\Windows\System\ewJKIAC.exe

C:\Windows\System\kbQiHLv.exe

C:\Windows\System\kbQiHLv.exe

C:\Windows\System\FxKEoXs.exe

C:\Windows\System\FxKEoXs.exe

C:\Windows\System\lvzmUaS.exe

C:\Windows\System\lvzmUaS.exe

C:\Windows\System\JwAUMth.exe

C:\Windows\System\JwAUMth.exe

C:\Windows\System\hRADLvc.exe

C:\Windows\System\hRADLvc.exe

C:\Windows\System\KmWLnqX.exe

C:\Windows\System\KmWLnqX.exe

C:\Windows\System\plgeoef.exe

C:\Windows\System\plgeoef.exe

C:\Windows\System\LbeWLHh.exe

C:\Windows\System\LbeWLHh.exe

C:\Windows\System\LnYHgKb.exe

C:\Windows\System\LnYHgKb.exe

C:\Windows\System\LAuplyX.exe

C:\Windows\System\LAuplyX.exe

C:\Windows\System\JGZciIU.exe

C:\Windows\System\JGZciIU.exe

C:\Windows\System\nzqqcAX.exe

C:\Windows\System\nzqqcAX.exe

C:\Windows\System\FTuHsfv.exe

C:\Windows\System\FTuHsfv.exe

C:\Windows\System\VwvAmrY.exe

C:\Windows\System\VwvAmrY.exe

C:\Windows\System\iuZIEFH.exe

C:\Windows\System\iuZIEFH.exe

C:\Windows\System\hyKBadI.exe

C:\Windows\System\hyKBadI.exe

C:\Windows\System\CsJPQIU.exe

C:\Windows\System\CsJPQIU.exe

C:\Windows\System\QMypZJC.exe

C:\Windows\System\QMypZJC.exe

C:\Windows\System\ftJwGZQ.exe

C:\Windows\System\ftJwGZQ.exe

C:\Windows\System\Rakkymf.exe

C:\Windows\System\Rakkymf.exe

C:\Windows\System\NCRyDjI.exe

C:\Windows\System\NCRyDjI.exe

C:\Windows\System\mfaUyca.exe

C:\Windows\System\mfaUyca.exe

C:\Windows\System\UgMaNvj.exe

C:\Windows\System\UgMaNvj.exe

C:\Windows\System\KKTgOCr.exe

C:\Windows\System\KKTgOCr.exe

C:\Windows\System\oLTGBvc.exe

C:\Windows\System\oLTGBvc.exe

C:\Windows\System\ZCwRRmv.exe

C:\Windows\System\ZCwRRmv.exe

C:\Windows\System\AfxQnlb.exe

C:\Windows\System\AfxQnlb.exe

C:\Windows\System\HoHFKzk.exe

C:\Windows\System\HoHFKzk.exe

C:\Windows\System\GLVEPOg.exe

C:\Windows\System\GLVEPOg.exe

C:\Windows\System\gzLbWqM.exe

C:\Windows\System\gzLbWqM.exe

C:\Windows\System\sWGTJoY.exe

C:\Windows\System\sWGTJoY.exe

C:\Windows\System\bnZxmNw.exe

C:\Windows\System\bnZxmNw.exe

C:\Windows\System\VigIWDU.exe

C:\Windows\System\VigIWDU.exe

C:\Windows\System\hvfnNkA.exe

C:\Windows\System\hvfnNkA.exe

C:\Windows\System\eneZQsd.exe

C:\Windows\System\eneZQsd.exe

C:\Windows\System\ahynAhE.exe

C:\Windows\System\ahynAhE.exe

C:\Windows\System\qpQiNdi.exe

C:\Windows\System\qpQiNdi.exe

C:\Windows\System\abbUFXW.exe

C:\Windows\System\abbUFXW.exe

C:\Windows\System\MofwwOK.exe

C:\Windows\System\MofwwOK.exe

C:\Windows\System\IIcmYwX.exe

C:\Windows\System\IIcmYwX.exe

C:\Windows\System\ldEHKGc.exe

C:\Windows\System\ldEHKGc.exe

C:\Windows\System\MfLAHvI.exe

C:\Windows\System\MfLAHvI.exe

C:\Windows\System\VGcubjb.exe

C:\Windows\System\VGcubjb.exe

C:\Windows\System\VzbmqZf.exe

C:\Windows\System\VzbmqZf.exe

C:\Windows\System\vscYsdt.exe

C:\Windows\System\vscYsdt.exe

C:\Windows\System\fgGUiwM.exe

C:\Windows\System\fgGUiwM.exe

C:\Windows\System\lllvwYk.exe

C:\Windows\System\lllvwYk.exe

C:\Windows\System\etNNIhv.exe

C:\Windows\System\etNNIhv.exe

C:\Windows\System\EJHhAJe.exe

C:\Windows\System\EJHhAJe.exe

C:\Windows\System\fEluYyi.exe

C:\Windows\System\fEluYyi.exe

C:\Windows\System\lbKUKvs.exe

C:\Windows\System\lbKUKvs.exe

C:\Windows\System\LNyVcWB.exe

C:\Windows\System\LNyVcWB.exe

C:\Windows\System\hOMVgvP.exe

C:\Windows\System\hOMVgvP.exe

C:\Windows\System\gBDDzHT.exe

C:\Windows\System\gBDDzHT.exe

C:\Windows\System\UiiAGpM.exe

C:\Windows\System\UiiAGpM.exe

C:\Windows\System\qqRDiSN.exe

C:\Windows\System\qqRDiSN.exe

C:\Windows\System\cezDKUu.exe

C:\Windows\System\cezDKUu.exe

C:\Windows\System\PsIprzy.exe

C:\Windows\System\PsIprzy.exe

C:\Windows\System\hMvBxvE.exe

C:\Windows\System\hMvBxvE.exe

C:\Windows\System\WrhlGzT.exe

C:\Windows\System\WrhlGzT.exe

C:\Windows\System\KcqrqFa.exe

C:\Windows\System\KcqrqFa.exe

C:\Windows\System\BQyXAsv.exe

C:\Windows\System\BQyXAsv.exe

C:\Windows\System\awoilay.exe

C:\Windows\System\awoilay.exe

C:\Windows\System\FKGNNlY.exe

C:\Windows\System\FKGNNlY.exe

C:\Windows\System\GgPGqse.exe

C:\Windows\System\GgPGqse.exe

C:\Windows\System\JefJSQM.exe

C:\Windows\System\JefJSQM.exe

C:\Windows\System\ukqLrwe.exe

C:\Windows\System\ukqLrwe.exe

C:\Windows\System\nCifsCe.exe

C:\Windows\System\nCifsCe.exe

C:\Windows\System\rTFcdcl.exe

C:\Windows\System\rTFcdcl.exe

C:\Windows\System\NLbttVV.exe

C:\Windows\System\NLbttVV.exe

C:\Windows\System\RVPafre.exe

C:\Windows\System\RVPafre.exe

C:\Windows\System\gxSlrjU.exe

C:\Windows\System\gxSlrjU.exe

C:\Windows\System\llqEQKA.exe

C:\Windows\System\llqEQKA.exe

C:\Windows\System\FYyYtqo.exe

C:\Windows\System\FYyYtqo.exe

C:\Windows\System\NUJzzWd.exe

C:\Windows\System\NUJzzWd.exe

C:\Windows\System\AyAkoZK.exe

C:\Windows\System\AyAkoZK.exe

C:\Windows\System\RWyYJTy.exe

C:\Windows\System\RWyYJTy.exe

C:\Windows\System\lfsQNWU.exe

C:\Windows\System\lfsQNWU.exe

C:\Windows\System\vmyYkJw.exe

C:\Windows\System\vmyYkJw.exe

C:\Windows\System\zmqmCVV.exe

C:\Windows\System\zmqmCVV.exe

C:\Windows\System\AmDPQlC.exe

C:\Windows\System\AmDPQlC.exe

C:\Windows\System\gZNEyow.exe

C:\Windows\System\gZNEyow.exe

C:\Windows\System\AMWyczs.exe

C:\Windows\System\AMWyczs.exe

C:\Windows\System\vlgVXOo.exe

C:\Windows\System\vlgVXOo.exe

C:\Windows\System\DtlumiR.exe

C:\Windows\System\DtlumiR.exe

C:\Windows\System\YjdZLGW.exe

C:\Windows\System\YjdZLGW.exe

C:\Windows\System\DEdwXWJ.exe

C:\Windows\System\DEdwXWJ.exe

C:\Windows\System\jKibeWu.exe

C:\Windows\System\jKibeWu.exe

C:\Windows\System\tdrewTb.exe

C:\Windows\System\tdrewTb.exe

C:\Windows\System\OgNBXPa.exe

C:\Windows\System\OgNBXPa.exe

C:\Windows\System\vQFshMd.exe

C:\Windows\System\vQFshMd.exe

C:\Windows\System\Aklqzjs.exe

C:\Windows\System\Aklqzjs.exe

C:\Windows\System\sEzfrEp.exe

C:\Windows\System\sEzfrEp.exe

C:\Windows\System\bquVXIH.exe

C:\Windows\System\bquVXIH.exe

C:\Windows\System\xLjxhgQ.exe

C:\Windows\System\xLjxhgQ.exe

C:\Windows\System\clMoveh.exe

C:\Windows\System\clMoveh.exe

C:\Windows\System\ENqBkGs.exe

C:\Windows\System\ENqBkGs.exe

C:\Windows\System\FduRogX.exe

C:\Windows\System\FduRogX.exe

C:\Windows\System\QOrwswO.exe

C:\Windows\System\QOrwswO.exe

C:\Windows\System\uLgJseO.exe

C:\Windows\System\uLgJseO.exe

C:\Windows\System\eGxWTxJ.exe

C:\Windows\System\eGxWTxJ.exe

C:\Windows\System\earPJIU.exe

C:\Windows\System\earPJIU.exe

C:\Windows\System\wEgFDZQ.exe

C:\Windows\System\wEgFDZQ.exe

C:\Windows\System\HvjviRD.exe

C:\Windows\System\HvjviRD.exe

C:\Windows\System\OyMEyzP.exe

C:\Windows\System\OyMEyzP.exe

C:\Windows\System\tyAmCvz.exe

C:\Windows\System\tyAmCvz.exe

C:\Windows\System\ocStQNO.exe

C:\Windows\System\ocStQNO.exe

C:\Windows\System\uWTxmrJ.exe

C:\Windows\System\uWTxmrJ.exe

C:\Windows\System\uLDyRrm.exe

C:\Windows\System\uLDyRrm.exe

C:\Windows\System\jDRTcIP.exe

C:\Windows\System\jDRTcIP.exe

C:\Windows\System\UDKCTMm.exe

C:\Windows\System\UDKCTMm.exe

C:\Windows\System\SQZjYaa.exe

C:\Windows\System\SQZjYaa.exe

C:\Windows\System\iFgrqBN.exe

C:\Windows\System\iFgrqBN.exe

C:\Windows\System\GJyiTYM.exe

C:\Windows\System\GJyiTYM.exe

C:\Windows\System\HwuAqAA.exe

C:\Windows\System\HwuAqAA.exe

C:\Windows\System\jjbBEqz.exe

C:\Windows\System\jjbBEqz.exe

C:\Windows\System\IuYIiOK.exe

C:\Windows\System\IuYIiOK.exe

C:\Windows\System\nNhOiFo.exe

C:\Windows\System\nNhOiFo.exe

C:\Windows\System\DyiWBFt.exe

C:\Windows\System\DyiWBFt.exe

C:\Windows\System\gXfAPMA.exe

C:\Windows\System\gXfAPMA.exe

C:\Windows\System\HMsPtYo.exe

C:\Windows\System\HMsPtYo.exe

C:\Windows\System\JOCAwDK.exe

C:\Windows\System\JOCAwDK.exe

C:\Windows\System\HEoNbTH.exe

C:\Windows\System\HEoNbTH.exe

C:\Windows\System\XPewYlK.exe

C:\Windows\System\XPewYlK.exe

C:\Windows\System\YCmbWEq.exe

C:\Windows\System\YCmbWEq.exe

C:\Windows\System\yQyGFDI.exe

C:\Windows\System\yQyGFDI.exe

C:\Windows\System\VzeQsVX.exe

C:\Windows\System\VzeQsVX.exe

C:\Windows\System\VomcubP.exe

C:\Windows\System\VomcubP.exe

C:\Windows\System\qIpiqCa.exe

C:\Windows\System\qIpiqCa.exe

C:\Windows\System\RZAYeCC.exe

C:\Windows\System\RZAYeCC.exe

C:\Windows\System\NxfNkfc.exe

C:\Windows\System\NxfNkfc.exe

C:\Windows\System\YiscvXJ.exe

C:\Windows\System\YiscvXJ.exe

C:\Windows\System\tiiDyjl.exe

C:\Windows\System\tiiDyjl.exe

C:\Windows\System\yYSumQo.exe

C:\Windows\System\yYSumQo.exe

C:\Windows\System\NaWwXnw.exe

C:\Windows\System\NaWwXnw.exe

C:\Windows\System\YqpYPHQ.exe

C:\Windows\System\YqpYPHQ.exe

C:\Windows\System\uNQNgIN.exe

C:\Windows\System\uNQNgIN.exe

C:\Windows\System\PODtmNI.exe

C:\Windows\System\PODtmNI.exe

C:\Windows\System\ulQrExz.exe

C:\Windows\System\ulQrExz.exe

C:\Windows\System\jWecVNU.exe

C:\Windows\System\jWecVNU.exe

C:\Windows\System\EdXveCr.exe

C:\Windows\System\EdXveCr.exe

C:\Windows\System\fAsHrqO.exe

C:\Windows\System\fAsHrqO.exe

C:\Windows\System\sQhRtdj.exe

C:\Windows\System\sQhRtdj.exe

C:\Windows\System\KwzgFfm.exe

C:\Windows\System\KwzgFfm.exe

C:\Windows\System\LJbOrMB.exe

C:\Windows\System\LJbOrMB.exe

C:\Windows\System\TfYFVXt.exe

C:\Windows\System\TfYFVXt.exe

C:\Windows\System\iKKDhKw.exe

C:\Windows\System\iKKDhKw.exe

C:\Windows\System\EtOxSCj.exe

C:\Windows\System\EtOxSCj.exe

C:\Windows\System\VQukCYt.exe

C:\Windows\System\VQukCYt.exe

C:\Windows\System\BJfeJuQ.exe

C:\Windows\System\BJfeJuQ.exe

C:\Windows\System\WcSkLwi.exe

C:\Windows\System\WcSkLwi.exe

C:\Windows\System\mIbiGvh.exe

C:\Windows\System\mIbiGvh.exe

C:\Windows\System\jOGaLMi.exe

C:\Windows\System\jOGaLMi.exe

C:\Windows\System\yAHLXXD.exe

C:\Windows\System\yAHLXXD.exe

C:\Windows\System\hokZSYr.exe

C:\Windows\System\hokZSYr.exe

C:\Windows\System\lxzaefO.exe

C:\Windows\System\lxzaefO.exe

C:\Windows\System\ivCXwZZ.exe

C:\Windows\System\ivCXwZZ.exe

C:\Windows\System\zJfsNQW.exe

C:\Windows\System\zJfsNQW.exe

C:\Windows\System\GsgdrOn.exe

C:\Windows\System\GsgdrOn.exe

C:\Windows\System\AbVrfNr.exe

C:\Windows\System\AbVrfNr.exe

C:\Windows\System\trzbxfI.exe

C:\Windows\System\trzbxfI.exe

C:\Windows\System\FJSCUCY.exe

C:\Windows\System\FJSCUCY.exe

C:\Windows\System\cwgkoWQ.exe

C:\Windows\System\cwgkoWQ.exe

C:\Windows\System\dBmthSn.exe

C:\Windows\System\dBmthSn.exe

C:\Windows\System\lPMQSwi.exe

C:\Windows\System\lPMQSwi.exe

C:\Windows\System\HoRiAGT.exe

C:\Windows\System\HoRiAGT.exe

C:\Windows\System\LKuYEem.exe

C:\Windows\System\LKuYEem.exe

C:\Windows\System\DtdoDEX.exe

C:\Windows\System\DtdoDEX.exe

C:\Windows\System\BeuVJRv.exe

C:\Windows\System\BeuVJRv.exe

C:\Windows\System\ICZaiyk.exe

C:\Windows\System\ICZaiyk.exe

C:\Windows\System\rkOcwdq.exe

C:\Windows\System\rkOcwdq.exe

C:\Windows\System\BCguwtT.exe

C:\Windows\System\BCguwtT.exe

C:\Windows\System\dPauEMX.exe

C:\Windows\System\dPauEMX.exe

C:\Windows\System\bgqHuMH.exe

C:\Windows\System\bgqHuMH.exe

C:\Windows\System\jLduron.exe

C:\Windows\System\jLduron.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/856-0-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/856-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\ocuFHPM.exe

MD5 c4dbcad363c5686c3a39f1f8460034d7
SHA1 cdedce33caf7dcdcb5503a2c86c042c7bf82aa5d
SHA256 1d7aed9f8bf3a3c825be4bb8b5153da583e2c4838a3518fdb27bba17c8053af0
SHA512 2b4f019b85cd8ab453ccb8ec6b5a11162510fa0199f22046457878101a9c9be96e9e0445b112fa882a505b30531089a2ccd8e52dc029bf1c0caef6547d27043b

\Windows\system\zoOtPdv.exe

MD5 7840815139b79f7f66d174797198622d
SHA1 2e3768cbde197d5de077da814b8e8a6e89b27035
SHA256 3eae5c76d423545c3d3b9e6c8ffacf4e4b218d4a1846575b1e31caf70f3df1cb
SHA512 ff4b398b7f3a207e1779c5a64a13130481388420a153cfb963788f143cabc3934f2bebb6d1c5230850add19f3db164c2f1ebd17be4baa857bcaf352e876344ce

memory/856-10-0x0000000001F00000-0x0000000002254000-memory.dmp

C:\Windows\system\fbCMXDP.exe

MD5 eeae65dc4e5b532dbbd11aa65cc20557
SHA1 f26e206f663635bcb137e812828e7ed8a55139ae
SHA256 a4fbc5e571492ef6b5be920ba090394d3ff88b66f06a48c9976bb2cf6ec0a6b5
SHA512 ef89a43bec37b8a70e82df41f27679153b7a8990c19942379a87063917463c9d26b6445ea81b92fcb025a8c626864e46c844c73481e19ec20d2170ba7bbe88ee

C:\Windows\system\IsyGDQL.exe

MD5 5c966d94715f5707bc7c9370d2832d7f
SHA1 e6af3fbb53410c5c15164bb4d12ab330945f8154
SHA256 3ab20f77c35fae6cd56af55bb63affaba8da4f7efc8ed4e24a2b82e5670b89d5
SHA512 5046c3d0b71a481fe7bd0800b7acc82c23403bf1ed522124e6d6cd810aee4e03ac5180942332090fe30bc36309fe538d33b6151b6bb47128a941eaa93bd3950f

C:\Windows\system\xTichCP.exe

MD5 cb5c267853330682dd8bb71e294d1a16
SHA1 3aa7f3238f04fad8555cee14a79d50b4e135ad96
SHA256 7a5e835ba3aa73616bf79364eb07bb283f618da46912704950f144682ee3205f
SHA512 48513993f96d8dd61e1e53bb5c95b13340fe71f9bbd6a554ef2921b98eebd4103aedc1b1f564ce79448647035197b17afc8560fc152dde3c12c7a7b9765d9f50

C:\Windows\system\LzPYXOd.exe

MD5 2f208d2f9a2400a40df64ca25da2ff6b
SHA1 1cb3b3857d4bd3707428a6ddc1dfcfd657d0ccfe
SHA256 1167503d254a724c42a0a956d3aa000b31ddf1fa4685f510f4c4be6b2853debd
SHA512 797ad97fe161639249ce77b513fcf9e1b6ca382f811671443a94fa26e6446e849ee63e939dbefb948a87de8f7d7fdd7a116f38ab0e0d9d492f607947871da110

memory/856-57-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/856-106-0x000000013F2F0000-0x000000013F644000-memory.dmp

C:\Windows\system\bTPUmJc.exe

MD5 0ce4bd6b0f7c8ccf2528686c13ddf376
SHA1 9ae3fd79934a4abec421ef9d0ec5abaa7c5d5d26
SHA256 b2bdb7cae0116e8b40f7a5624d1055fe21215bcfe02492cbdcd980f7a9f395ab
SHA512 ba791df0fb458ae020a8f25eebf4ad9c4e2b2d8d100e36b1381d6530ce9d7a8ca69fe053edb387f19a6ec1ffe43a73345c2c5a3d680362cf8c06f53544b2ec1b

C:\Windows\system\IABFvAe.exe

MD5 9d496e6cbc7cabd1cc121cc979aaa7b0
SHA1 ec7fa69a64e82e0a1e2b5b451a64c790e11ea861
SHA256 127b33fc9776726f3c8074bba4fa3492f62bbb05f2ad069fcac16e41ed551bde
SHA512 2ba2b06c3ff12cd316850da14bc4ebf1a0f0fd5878edbca422706798c0a2278c3af300346f095ebe48be09ef78b0e3628483f2b272757025a7ce34ab374cdd29

C:\Windows\system\ViYdGDs.exe

MD5 0d71dff55487281e0f59c84308d8705e
SHA1 4a7d98e5e31df16cc1d79ad667f08451fe841076
SHA256 0488ab5b7c4af4749089db23e332e5860e9cfcac966748a5dab9b398f13b56f2
SHA512 e0a990d415e6f4c597e66dbaab57b69ebfcd355d1a93361096c564dd3a02dd258eeb292338dbbc5e84f83c736753b09a797248d272df7afe9ef53b60a16cdd43

C:\Windows\system\YNCoOAo.exe

MD5 1fccc62c68fb3ff52942b395004f15d0
SHA1 97b438fa0716f711bd745a07064f95f5e1530ef9
SHA256 d17a71e096e56548c041545011211912107f25f01a9d1441e958e7ef21fb89b8
SHA512 f21b79a677ff4ecaf380de6d4372f6f20473ccbedaa98c033e1025025f1770332215f1ad66cb77515e5f4b5e406315ff591515e4b723f1391370ff83dda2cf74

C:\Windows\system\biLdjUf.exe

MD5 2ba63c760347955f1228fbfc51d7b76e
SHA1 9d62d493d693b94b1b4d0991b58d1b98f8919ec5
SHA256 63088e951f794f520d5cf335857f079ab7e27028fd7028762246cec856ef0f09
SHA512 3e3b19102f26d4c74ec7ce88db8071d320cf7b850b493eb4ca480ec2bd11de9e1dfd445db7cebb92edde669c18f91acef3d90963a683bef300afde4c1284a9a5

C:\Windows\system\HRYUkRY.exe

MD5 655ecef7dcd34d74bcacf0f37d9a2093
SHA1 867e232c720712ca4c2f1c3464a7c681f4e7e0f0
SHA256 fa05c0f122f4faa7ba41bb1c4390d798cf204733fd965c2f114ab63dcf88fcb2
SHA512 628fdc0e4048f1b7231b76ee2ab9568d59021241e1e1857f557e47c724ae2b2c097fb76778d29b228d94415cecdfcffe6bfaaa3b5e6b8f1ab660d2a6bbcfa91a

C:\Windows\system\WRDMiwo.exe

MD5 dabe5037951579477aff758bcff39770
SHA1 a55551e07314ce9e31c5774b002aecc133eca5a6
SHA256 eab24b928f9462919e8abe6e44dff3c9dee4f838db616df503d8deddb3f671e2
SHA512 3d559c101b87e98f9a83516e6d1c5316185cd40546a601dfccaf2db5fd1cddac6ef5552d971e85581ae1f5b67c7b6dea6d5f1be027ea9e92487abfa7a6c77ec8

\Windows\system\VmPgrTH.exe

MD5 50c4f8785c233cf1cf769ced87fe7676
SHA1 3846d9194f18c4a6f2e0af5107d1bd3f1331f3f4
SHA256 68c4d175bbbc180fd46862bcbe7a76d93e66af17bb9e1e356206669e8b25a0e9
SHA512 a18800df8d6e14a806979a675cd5cb2ef7485e6f42ea4a24ec396810ea4a2056cfad7ee4311a470e4acdd204fc28792a22eb4500108ea41817ae1c2e17506bf6

C:\Windows\system\hAlpmxS.exe

MD5 3add43c6a58fbd9a09ff38d7cf9eda80
SHA1 593cc63489d35fc23a9dd4e0faa9cd4415662c33
SHA256 7e00beecaca0d9efd71ae1bce337110c9cc9bb7ed6334fb5485b5d1d38da50b0
SHA512 9727b19b98e0d7d5a18690ac971f4b219f437ba597b5cd5a8ffd3d256582244a5be53f2ba014e0279e759759736f3dc4166cc8c782720c2d731d43e575c7a5ed

C:\Windows\system\bVDeSMV.exe

MD5 7b1c99bc1f4e63b09f9c6d90624ad408
SHA1 0a003741c3fba98af58157b0f6a64df0b65ba44e
SHA256 548125f153683e6a5d4462619f06c1adb3cf43f7d4deabb5d3c1ba17c838fe9e
SHA512 60f6c47423615205208d8547d8920e389e51cc69d702c4bb07c4469e46825037705de3ebbf72ea39064c7d4a2c0e8baa6ea4272c47e2ad1f2756ca47f3436417

C:\Windows\system\MWmjzqC.exe

MD5 d4ad1a39644f0adbe4df9e4ae2e6fb6d
SHA1 7ef6f93da3d80be2c4fd2f4f147007e7136430d4
SHA256 453e31b3962114140657321e1987cc28fc0662ecb2e063e57e4241c7dd1fe099
SHA512 dbe8d6a5c9b55181905e09a45d2c626c2f243db42b35414fb5a094afff84c29d81e6bd774caf6843ec938e005646875503f3cd108c8de7276c0c686fe8f140c2

C:\Windows\system\sKmwWMi.exe

MD5 bbf11df8f2dad0f65b04bfcd429269da
SHA1 0dbed62f22839a44ec3fef8c41039c75a9a2cd21
SHA256 a65a1c778e5de13876b7643b8ec2e08bbfa93445b16934d172d3174430ee7042
SHA512 21c836c6270af50909c5d60455a4a3a347a8fe5c4ba6ae9d814081661b743135edf346804285a4b98fc64987e7b43ad95d36e60fbc7b3f3327d9a8ff712c7def

C:\Windows\system\qCJMxmv.exe

MD5 4a1f6388bb7b5840ab136b24c86d728b
SHA1 5029a5024d5b67f373dff75de64ef0fa962c09f0
SHA256 01663c1f8b27085052d57399029a306dd3fc819bad22d59b76825bff0814a5e8
SHA512 bb36bbdd0c95fb1f2e248b9c0ce12d7dd67701c177d2cad82e472770148cbf14a123196cb2a069ffcd45a5d28bf39053d210b801310f4e1b9f5d53720e220948

C:\Windows\system\ZhseGfl.exe

MD5 4fcfff380e6bf7f85ca0e5510f8afb6e
SHA1 eadb21993b60d2afc366d66fdf259ce02a10cc6b
SHA256 9eb3e9f17842ced320b2af656f1cbae44450ac1f608cdbb23525b21b37052fb6
SHA512 ee30fec5a558286e1c16e9d7f1f90b4ce276d3ae5a5f14441bb795937bd89ecce95eca7d32072d4206b8f658f5bbc1896fc5ea6c527652e2000ded410c870ed7

C:\Windows\system\DkSUwOC.exe

MD5 2cf5b710733e65af3bb18f0b8c005a27
SHA1 671b272da9818dc7176d93a0d9c11456c9d2c557
SHA256 577897a976b78facef8ca412e4aad2b3b642dd15a499282b792952105aa0e620
SHA512 cc662c886c48f9f869eb9c8151227f6a47f143c2cd711f59f17f085c49c4ea02005f45b553f0d8a3faaf46c3f9e7fb88ce88881acbdc326046c86e24e9c953f5

\Windows\system\bbjaCwN.exe

MD5 42546891e4f7b13bfde562060b12fa0c
SHA1 76d8fa6d87273bf0846f04d4b89f72c63072bb87
SHA256 eb9a92aa7ccac7bf269c96d7dc6974fb66e31d3ffa1908262af692c59070b951
SHA512 d820e4d50bfdc091447a71abe261628246c7e8a3ec9e5d72ed1025e6eb8d5da7a31702ac61350a728cd31a4d0fa322e972f415e2eb8d1eaa234a1edf94f4d043

\Windows\system\qmyoeiM.exe

MD5 cc2859892af35c21b25e697724782aee
SHA1 453db6f177580a0952bf6584df1e65bb3930f249
SHA256 c483692aedcb6704255e563d694cac87c0cfa6f726515ca2a9e2ff135c357a69
SHA512 d97233ea877a88f27242367e862dd445d40ca4dfed420b5042c70d8e6df88a6f751a5a8a00fab93ec57868f34eb4a778f01b3844a6a00ce4c37cb65856289617

\Windows\system\LpilPOH.exe

MD5 e58b252b367e3a35e5fd57cdcea38718
SHA1 f734d9a3a845326c837d44dc6f2630f8f2ee21f0
SHA256 bfc1ee636918f4d60fc8c1fbcd360454e26fe7fb2b343dfb90c80506c9fd6b8d
SHA512 dca204cebe75d6181c959544f82f141c0de21f143bac0ce1498a7aa734497a8c1a70b7eb71cdc895f90d247058e9b718d6d422ef53732cd49133f275ac36428d

C:\Windows\system\yRpItUN.exe

MD5 f803652f3cfc73dac98953ed8e97c7b7
SHA1 5d3fec0c502423ae5fce9a1b66d507750eec321a
SHA256 f413f4cb2b28abb9a1a4f02620798b5309dcddadea2c17fe88f71edd30121d0e
SHA512 5c95b968d29c8943fa08f4d165961126ceeb0300634aa98b6a4d5871988fbf61cb3a554fde328e1efe83fd5663bbe0a25eac98190c3b19fde8049c34fdf65671

C:\Windows\system\mRQGuhE.exe

MD5 395ce36a9537355b33981e889165cf88
SHA1 4dbf0a43519ad1b7c5b54423b8ca321eb45746d5
SHA256 1c884be389937a75096697a0b2bddca940c826f8f6a76a5628152699ad2a192d
SHA512 f77afdbefae76d2b89ef9290d51af22de87409657095c4e0b787b7cdc9b456e5fc0262fd35b22c7e3a897b2fca33324c7d9ae1e8f9d6501a3951044b8b9e7c92

memory/856-105-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/856-104-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2700-103-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2116-102-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2724-101-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2104-99-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2068-98-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/856-97-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/856-96-0x000000013FD90000-0x00000001400E4000-memory.dmp

memory/2536-95-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/856-94-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/856-93-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2600-92-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/856-91-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2096-90-0x000000013F320000-0x000000013F674000-memory.dmp

memory/856-89-0x000000013F320000-0x000000013F674000-memory.dmp

memory/2936-88-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/856-87-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2760-86-0x000000013F530000-0x000000013F884000-memory.dmp

memory/856-85-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2764-84-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/856-83-0x000000013F290000-0x000000013F5E4000-memory.dmp

C:\Windows\system\elXBibs.exe

MD5 fcd272743d786e599d85feb39bc9b8d8
SHA1 43790af1f83285f970d7a46265b3d3db53cd5cbf
SHA256 b71049e20d36c692ca45b127dab1275d30fd6e75189f7fc6f15e0949f40f9f18
SHA512 d329ec8dd70ad411afc977cd4c42a308e3e00db0f26b8689e9b89a290e510dfcedeacf4191ba96617aa37f46550ea2a4d7538bf02faa70d010e2932f83a11462

memory/2636-81-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/856-80-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/2084-72-0x000000013FD70000-0x00000001400C4000-memory.dmp

C:\Windows\system\thgNnbo.exe

MD5 c63de0962e923c46c1576b12c16af6f3
SHA1 d89b5a74b6771f652cd164abc6d6c1fe7d5fb8be
SHA256 026abcf0d3892ebf3475179e2423be7dfd5d60033e01a957bd0835e66504eacf
SHA512 96bdedc3117f9408fb299f60577bc077439aaf77b041de4f583626c57e0504732a6b0aee7591c1cf2cfdade148154e8c753edb6ee3a228474b4908c6eb086816

memory/856-56-0x0000000001F00000-0x0000000002254000-memory.dmp

C:\Windows\system\mTKtcKw.exe

MD5 405657a770a1b7be8af7961b25a24fcf
SHA1 787960a9ea7da909d144008f89968260fe2c252f
SHA256 2217db09cda0f03f262aa2a7ab24b5ef25b40cae8217afec2ab641b2fd7088fc
SHA512 a8b2f5bf3f54a3b0e96bcaefa4387e7bb8e3ce53db4c1aa16ef61f6f3e15484699d46507cf7146788b93dffcb4682d3da2e7d74be605b1dcb13174c3f7c29622

C:\Windows\system\uydgwFB.exe

MD5 05d68c85e5657d2d01eeede0bf71648e
SHA1 11a543918863cdd025b17c6f1a34fe7fef25fa20
SHA256 05b92433bd6295a2157dc11e153f9a2a104e430c4c8ee275e988ae1a3df2fbf0
SHA512 8aa49b42d43ccd3c96d2168e9c12a6649b54759bc524d28e0a2c2c575396efd22b34e0caccaf640645d2330332001cd6582e521329fae0307afbc05b3b970ab0

C:\Windows\system\THJikYW.exe

MD5 a4a49f68d01cdd6c430cb29299afcf3f
SHA1 9aa083951cbe44a3517ece9d8762609b3b7d6839
SHA256 b61a770386615e54a97a1e91b353169bcbf36db61c8db0e57806ceecba0c6de8
SHA512 e6dc54e008110d775158c39201398a68c1d13ace6f85aaa3fcc04dcbba8538b225f94a4dc69fe0c9936824844c60967ef308b10c3d6bf33ba5cf28bea4eee728

C:\Windows\system\FKwxqoW.exe

MD5 b6147e4d515632641932b5bc22cb85d4
SHA1 5e1936df3cdd1fdcefdf206a78d69a3348a847a7
SHA256 043baf5a3083ac5d201b1cebc6234e393bf6a581885b2425a7c144beb73af9e2
SHA512 6ba04aed29551d84c60bf2045fb4e7e692cc0651fe4b02dfe7fa395da997805be2a897ed612338a306f523689f5e527b244550cf74dc40ec6ff8cd3d668a616b

memory/856-1070-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/856-1071-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/856-1072-0x0000000001F00000-0x0000000002254000-memory.dmp

memory/2104-1074-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2724-1075-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2068-1073-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/856-1076-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2116-1077-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2700-1079-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2084-1078-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2636-1081-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/2764-1080-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2760-1082-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2936-1083-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2600-1084-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2536-1085-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2096-1086-0x000000013F320000-0x000000013F674000-memory.dmp

memory/2104-1087-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2068-1088-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2724-1089-0x000000013F500000-0x000000013F854000-memory.dmp