Malware Analysis Report

2024-10-16 07:51

Sample ID 240531-xg45kahd4t
Target fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe
SHA256 e2b3379d09806e90ac4dbacc6fb06748e7c3688ed77778dc2d1bb98b20629b6f
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e2b3379d09806e90ac4dbacc6fb06748e7c3688ed77778dc2d1bb98b20629b6f

Threat Level: Known bad

The file fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

Xmrig family

xmrig

Kpot family

KPOT Core Executable

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 18:50

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 18:50

Reported

2024-05-31 18:53

Platform

win7-20240508-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\QcBMhsC.exe N/A
N/A N/A C:\Windows\System\hsitjwL.exe N/A
N/A N/A C:\Windows\System\EnVfipm.exe N/A
N/A N/A C:\Windows\System\LUixCSM.exe N/A
N/A N/A C:\Windows\System\lwFTJZA.exe N/A
N/A N/A C:\Windows\System\QXggbRI.exe N/A
N/A N/A C:\Windows\System\MLLBmhV.exe N/A
N/A N/A C:\Windows\System\dURXLVz.exe N/A
N/A N/A C:\Windows\System\hHFlVkw.exe N/A
N/A N/A C:\Windows\System\IMZwJYv.exe N/A
N/A N/A C:\Windows\System\KnHtoyB.exe N/A
N/A N/A C:\Windows\System\YvGSkAU.exe N/A
N/A N/A C:\Windows\System\wzFMjgA.exe N/A
N/A N/A C:\Windows\System\dVVmTFA.exe N/A
N/A N/A C:\Windows\System\ujepWpZ.exe N/A
N/A N/A C:\Windows\System\isUfAmW.exe N/A
N/A N/A C:\Windows\System\HzXwVOM.exe N/A
N/A N/A C:\Windows\System\fLXLlcY.exe N/A
N/A N/A C:\Windows\System\lTzeznH.exe N/A
N/A N/A C:\Windows\System\YkQLsxN.exe N/A
N/A N/A C:\Windows\System\nUhZsdC.exe N/A
N/A N/A C:\Windows\System\hborfsk.exe N/A
N/A N/A C:\Windows\System\MttghOW.exe N/A
N/A N/A C:\Windows\System\vAobORE.exe N/A
N/A N/A C:\Windows\System\EhoYGIF.exe N/A
N/A N/A C:\Windows\System\BPwboTP.exe N/A
N/A N/A C:\Windows\System\IGVyByq.exe N/A
N/A N/A C:\Windows\System\BpHjZHs.exe N/A
N/A N/A C:\Windows\System\LzSkIhr.exe N/A
N/A N/A C:\Windows\System\vHlJNNS.exe N/A
N/A N/A C:\Windows\System\MfVXLiY.exe N/A
N/A N/A C:\Windows\System\fvdFOrJ.exe N/A
N/A N/A C:\Windows\System\LTlYVEr.exe N/A
N/A N/A C:\Windows\System\xgLoYsx.exe N/A
N/A N/A C:\Windows\System\IQhJRkW.exe N/A
N/A N/A C:\Windows\System\kkzgmfT.exe N/A
N/A N/A C:\Windows\System\emGzPUP.exe N/A
N/A N/A C:\Windows\System\qydhLRI.exe N/A
N/A N/A C:\Windows\System\SpWyskU.exe N/A
N/A N/A C:\Windows\System\Byswmut.exe N/A
N/A N/A C:\Windows\System\GapFhpg.exe N/A
N/A N/A C:\Windows\System\qQuGYCB.exe N/A
N/A N/A C:\Windows\System\OMzUNJl.exe N/A
N/A N/A C:\Windows\System\xhCNSpy.exe N/A
N/A N/A C:\Windows\System\gYxxncq.exe N/A
N/A N/A C:\Windows\System\vzYHBqt.exe N/A
N/A N/A C:\Windows\System\dXjECiH.exe N/A
N/A N/A C:\Windows\System\aBkkXyv.exe N/A
N/A N/A C:\Windows\System\hdSfRvz.exe N/A
N/A N/A C:\Windows\System\yWOmHWU.exe N/A
N/A N/A C:\Windows\System\QwtJUTx.exe N/A
N/A N/A C:\Windows\System\CnbPYfL.exe N/A
N/A N/A C:\Windows\System\UZFotZU.exe N/A
N/A N/A C:\Windows\System\WxMGsVJ.exe N/A
N/A N/A C:\Windows\System\DfDAuYS.exe N/A
N/A N/A C:\Windows\System\epRTGLA.exe N/A
N/A N/A C:\Windows\System\mteqMPr.exe N/A
N/A N/A C:\Windows\System\cGMuSSu.exe N/A
N/A N/A C:\Windows\System\gBVgDqJ.exe N/A
N/A N/A C:\Windows\System\TANpKhf.exe N/A
N/A N/A C:\Windows\System\ZfrloiW.exe N/A
N/A N/A C:\Windows\System\EcIizpq.exe N/A
N/A N/A C:\Windows\System\sIvfVzF.exe N/A
N/A N/A C:\Windows\System\CDHcRcS.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wPPAfKl.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlKVJKB.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxeFdMn.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSpPNub.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\EbtoHsU.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTwlqgk.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOcbQjE.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ldAiLkf.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXggbRI.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvdFOrJ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\hdSfRvz.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\epRTGLA.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHaQoug.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEyqbbh.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQutxLP.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DjUDojM.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\jEWIUND.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDHypcY.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYZZoQa.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWDcugD.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\Sopibsr.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTlYVEr.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\RAEWByw.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbtWKFE.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQswvYR.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxiffyN.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\CuClptT.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\KZGyJUL.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJybARA.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBUZdXu.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYAOfVa.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\HVZcZOJ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwFTJZA.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\qydhLRI.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\yWOmHWU.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZfrloiW.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\stzZxah.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwYydCG.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoZdmrl.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\MfVXLiY.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPbNOJW.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZiwGrg.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DynxEsp.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQmvaxc.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubOlcxT.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkobXMB.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEwaspr.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzXwVOM.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQEEbDd.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYylWkE.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\bSyqKfM.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\nhMrTbp.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\JdkfYuT.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQeQkhe.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNrNJwR.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\HqWLejd.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqOSzGI.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRKEeRt.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmUMuPs.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfewvuJ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYDkfxL.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpkUIEC.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIXxuRS.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\Vsagogg.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QcBMhsC.exe
PID 2196 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QcBMhsC.exe
PID 2196 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QcBMhsC.exe
PID 2196 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hsitjwL.exe
PID 2196 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hsitjwL.exe
PID 2196 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hsitjwL.exe
PID 2196 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\EnVfipm.exe
PID 2196 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\EnVfipm.exe
PID 2196 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\EnVfipm.exe
PID 2196 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LUixCSM.exe
PID 2196 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LUixCSM.exe
PID 2196 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LUixCSM.exe
PID 2196 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lwFTJZA.exe
PID 2196 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lwFTJZA.exe
PID 2196 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lwFTJZA.exe
PID 2196 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QXggbRI.exe
PID 2196 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QXggbRI.exe
PID 2196 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QXggbRI.exe
PID 2196 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\MLLBmhV.exe
PID 2196 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\MLLBmhV.exe
PID 2196 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\MLLBmhV.exe
PID 2196 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dURXLVz.exe
PID 2196 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dURXLVz.exe
PID 2196 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dURXLVz.exe
PID 2196 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hHFlVkw.exe
PID 2196 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hHFlVkw.exe
PID 2196 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hHFlVkw.exe
PID 2196 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\KnHtoyB.exe
PID 2196 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\KnHtoyB.exe
PID 2196 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\KnHtoyB.exe
PID 2196 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\IMZwJYv.exe
PID 2196 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\IMZwJYv.exe
PID 2196 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\IMZwJYv.exe
PID 2196 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YvGSkAU.exe
PID 2196 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YvGSkAU.exe
PID 2196 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YvGSkAU.exe
PID 2196 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\wzFMjgA.exe
PID 2196 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\wzFMjgA.exe
PID 2196 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\wzFMjgA.exe
PID 2196 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dVVmTFA.exe
PID 2196 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dVVmTFA.exe
PID 2196 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\dVVmTFA.exe
PID 2196 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\ujepWpZ.exe
PID 2196 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\ujepWpZ.exe
PID 2196 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\ujepWpZ.exe
PID 2196 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\isUfAmW.exe
PID 2196 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\isUfAmW.exe
PID 2196 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\isUfAmW.exe
PID 2196 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\HzXwVOM.exe
PID 2196 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\HzXwVOM.exe
PID 2196 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\HzXwVOM.exe
PID 2196 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\fLXLlcY.exe
PID 2196 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\fLXLlcY.exe
PID 2196 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\fLXLlcY.exe
PID 2196 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lTzeznH.exe
PID 2196 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lTzeznH.exe
PID 2196 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\lTzeznH.exe
PID 2196 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YkQLsxN.exe
PID 2196 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YkQLsxN.exe
PID 2196 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\YkQLsxN.exe
PID 2196 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\nUhZsdC.exe
PID 2196 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\nUhZsdC.exe
PID 2196 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\nUhZsdC.exe
PID 2196 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hborfsk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe"

C:\Windows\System\QcBMhsC.exe

C:\Windows\System\QcBMhsC.exe

C:\Windows\System\hsitjwL.exe

C:\Windows\System\hsitjwL.exe

C:\Windows\System\EnVfipm.exe

C:\Windows\System\EnVfipm.exe

C:\Windows\System\LUixCSM.exe

C:\Windows\System\LUixCSM.exe

C:\Windows\System\lwFTJZA.exe

C:\Windows\System\lwFTJZA.exe

C:\Windows\System\QXggbRI.exe

C:\Windows\System\QXggbRI.exe

C:\Windows\System\MLLBmhV.exe

C:\Windows\System\MLLBmhV.exe

C:\Windows\System\dURXLVz.exe

C:\Windows\System\dURXLVz.exe

C:\Windows\System\hHFlVkw.exe

C:\Windows\System\hHFlVkw.exe

C:\Windows\System\KnHtoyB.exe

C:\Windows\System\KnHtoyB.exe

C:\Windows\System\IMZwJYv.exe

C:\Windows\System\IMZwJYv.exe

C:\Windows\System\YvGSkAU.exe

C:\Windows\System\YvGSkAU.exe

C:\Windows\System\wzFMjgA.exe

C:\Windows\System\wzFMjgA.exe

C:\Windows\System\dVVmTFA.exe

C:\Windows\System\dVVmTFA.exe

C:\Windows\System\ujepWpZ.exe

C:\Windows\System\ujepWpZ.exe

C:\Windows\System\isUfAmW.exe

C:\Windows\System\isUfAmW.exe

C:\Windows\System\HzXwVOM.exe

C:\Windows\System\HzXwVOM.exe

C:\Windows\System\fLXLlcY.exe

C:\Windows\System\fLXLlcY.exe

C:\Windows\System\lTzeznH.exe

C:\Windows\System\lTzeznH.exe

C:\Windows\System\YkQLsxN.exe

C:\Windows\System\YkQLsxN.exe

C:\Windows\System\nUhZsdC.exe

C:\Windows\System\nUhZsdC.exe

C:\Windows\System\hborfsk.exe

C:\Windows\System\hborfsk.exe

C:\Windows\System\MttghOW.exe

C:\Windows\System\MttghOW.exe

C:\Windows\System\vAobORE.exe

C:\Windows\System\vAobORE.exe

C:\Windows\System\EhoYGIF.exe

C:\Windows\System\EhoYGIF.exe

C:\Windows\System\BPwboTP.exe

C:\Windows\System\BPwboTP.exe

C:\Windows\System\IGVyByq.exe

C:\Windows\System\IGVyByq.exe

C:\Windows\System\BpHjZHs.exe

C:\Windows\System\BpHjZHs.exe

C:\Windows\System\LzSkIhr.exe

C:\Windows\System\LzSkIhr.exe

C:\Windows\System\vHlJNNS.exe

C:\Windows\System\vHlJNNS.exe

C:\Windows\System\MfVXLiY.exe

C:\Windows\System\MfVXLiY.exe

C:\Windows\System\fvdFOrJ.exe

C:\Windows\System\fvdFOrJ.exe

C:\Windows\System\LTlYVEr.exe

C:\Windows\System\LTlYVEr.exe

C:\Windows\System\xgLoYsx.exe

C:\Windows\System\xgLoYsx.exe

C:\Windows\System\IQhJRkW.exe

C:\Windows\System\IQhJRkW.exe

C:\Windows\System\kkzgmfT.exe

C:\Windows\System\kkzgmfT.exe

C:\Windows\System\emGzPUP.exe

C:\Windows\System\emGzPUP.exe

C:\Windows\System\qydhLRI.exe

C:\Windows\System\qydhLRI.exe

C:\Windows\System\SpWyskU.exe

C:\Windows\System\SpWyskU.exe

C:\Windows\System\Byswmut.exe

C:\Windows\System\Byswmut.exe

C:\Windows\System\GapFhpg.exe

C:\Windows\System\GapFhpg.exe

C:\Windows\System\qQuGYCB.exe

C:\Windows\System\qQuGYCB.exe

C:\Windows\System\OMzUNJl.exe

C:\Windows\System\OMzUNJl.exe

C:\Windows\System\xhCNSpy.exe

C:\Windows\System\xhCNSpy.exe

C:\Windows\System\gYxxncq.exe

C:\Windows\System\gYxxncq.exe

C:\Windows\System\vzYHBqt.exe

C:\Windows\System\vzYHBqt.exe

C:\Windows\System\dXjECiH.exe

C:\Windows\System\dXjECiH.exe

C:\Windows\System\hdSfRvz.exe

C:\Windows\System\hdSfRvz.exe

C:\Windows\System\aBkkXyv.exe

C:\Windows\System\aBkkXyv.exe

C:\Windows\System\yWOmHWU.exe

C:\Windows\System\yWOmHWU.exe

C:\Windows\System\QwtJUTx.exe

C:\Windows\System\QwtJUTx.exe

C:\Windows\System\CnbPYfL.exe

C:\Windows\System\CnbPYfL.exe

C:\Windows\System\UZFotZU.exe

C:\Windows\System\UZFotZU.exe

C:\Windows\System\DfDAuYS.exe

C:\Windows\System\DfDAuYS.exe

C:\Windows\System\WxMGsVJ.exe

C:\Windows\System\WxMGsVJ.exe

C:\Windows\System\epRTGLA.exe

C:\Windows\System\epRTGLA.exe

C:\Windows\System\mteqMPr.exe

C:\Windows\System\mteqMPr.exe

C:\Windows\System\cGMuSSu.exe

C:\Windows\System\cGMuSSu.exe

C:\Windows\System\gBVgDqJ.exe

C:\Windows\System\gBVgDqJ.exe

C:\Windows\System\TANpKhf.exe

C:\Windows\System\TANpKhf.exe

C:\Windows\System\ZfrloiW.exe

C:\Windows\System\ZfrloiW.exe

C:\Windows\System\EcIizpq.exe

C:\Windows\System\EcIizpq.exe

C:\Windows\System\sIvfVzF.exe

C:\Windows\System\sIvfVzF.exe

C:\Windows\System\CDHcRcS.exe

C:\Windows\System\CDHcRcS.exe

C:\Windows\System\ngVlvcF.exe

C:\Windows\System\ngVlvcF.exe

C:\Windows\System\EoTwlwk.exe

C:\Windows\System\EoTwlwk.exe

C:\Windows\System\CKxXDhx.exe

C:\Windows\System\CKxXDhx.exe

C:\Windows\System\nxqcZMm.exe

C:\Windows\System\nxqcZMm.exe

C:\Windows\System\RgyiXZC.exe

C:\Windows\System\RgyiXZC.exe

C:\Windows\System\ymOomZx.exe

C:\Windows\System\ymOomZx.exe

C:\Windows\System\SHAsnKd.exe

C:\Windows\System\SHAsnKd.exe

C:\Windows\System\SJarWcq.exe

C:\Windows\System\SJarWcq.exe

C:\Windows\System\OHaQoug.exe

C:\Windows\System\OHaQoug.exe

C:\Windows\System\xVCdwNT.exe

C:\Windows\System\xVCdwNT.exe

C:\Windows\System\VQEEbDd.exe

C:\Windows\System\VQEEbDd.exe

C:\Windows\System\gcRmJQC.exe

C:\Windows\System\gcRmJQC.exe

C:\Windows\System\RAEWByw.exe

C:\Windows\System\RAEWByw.exe

C:\Windows\System\wzLaZLW.exe

C:\Windows\System\wzLaZLW.exe

C:\Windows\System\cORDeWk.exe

C:\Windows\System\cORDeWk.exe

C:\Windows\System\jjCtZvS.exe

C:\Windows\System\jjCtZvS.exe

C:\Windows\System\pmXISzI.exe

C:\Windows\System\pmXISzI.exe

C:\Windows\System\ZESruwC.exe

C:\Windows\System\ZESruwC.exe

C:\Windows\System\ksiyjwx.exe

C:\Windows\System\ksiyjwx.exe

C:\Windows\System\oRnDhXb.exe

C:\Windows\System\oRnDhXb.exe

C:\Windows\System\NYylWkE.exe

C:\Windows\System\NYylWkE.exe

C:\Windows\System\SXfpKtK.exe

C:\Windows\System\SXfpKtK.exe

C:\Windows\System\WQbPPxp.exe

C:\Windows\System\WQbPPxp.exe

C:\Windows\System\wiawFcV.exe

C:\Windows\System\wiawFcV.exe

C:\Windows\System\KZGyJUL.exe

C:\Windows\System\KZGyJUL.exe

C:\Windows\System\IrIUBjE.exe

C:\Windows\System\IrIUBjE.exe

C:\Windows\System\ZgyEcaq.exe

C:\Windows\System\ZgyEcaq.exe

C:\Windows\System\UWzjvZn.exe

C:\Windows\System\UWzjvZn.exe

C:\Windows\System\EZiwGrg.exe

C:\Windows\System\EZiwGrg.exe

C:\Windows\System\CphtnVd.exe

C:\Windows\System\CphtnVd.exe

C:\Windows\System\VgosaId.exe

C:\Windows\System\VgosaId.exe

C:\Windows\System\Tfbfeau.exe

C:\Windows\System\Tfbfeau.exe

C:\Windows\System\uukFjEC.exe

C:\Windows\System\uukFjEC.exe

C:\Windows\System\JdkfYuT.exe

C:\Windows\System\JdkfYuT.exe

C:\Windows\System\jzpSRth.exe

C:\Windows\System\jzpSRth.exe

C:\Windows\System\kbNPqKV.exe

C:\Windows\System\kbNPqKV.exe

C:\Windows\System\ehdVKAw.exe

C:\Windows\System\ehdVKAw.exe

C:\Windows\System\wPPAfKl.exe

C:\Windows\System\wPPAfKl.exe

C:\Windows\System\qVAvVrC.exe

C:\Windows\System\qVAvVrC.exe

C:\Windows\System\MCVMDvN.exe

C:\Windows\System\MCVMDvN.exe

C:\Windows\System\OPbNOJW.exe

C:\Windows\System\OPbNOJW.exe

C:\Windows\System\sQeQkhe.exe

C:\Windows\System\sQeQkhe.exe

C:\Windows\System\hyMTDXR.exe

C:\Windows\System\hyMTDXR.exe

C:\Windows\System\rnyTCHF.exe

C:\Windows\System\rnyTCHF.exe

C:\Windows\System\KlUcnzf.exe

C:\Windows\System\KlUcnzf.exe

C:\Windows\System\BaXkSxA.exe

C:\Windows\System\BaXkSxA.exe

C:\Windows\System\HANmTDj.exe

C:\Windows\System\HANmTDj.exe

C:\Windows\System\RvqwSqu.exe

C:\Windows\System\RvqwSqu.exe

C:\Windows\System\kibwiPr.exe

C:\Windows\System\kibwiPr.exe

C:\Windows\System\lXMWjin.exe

C:\Windows\System\lXMWjin.exe

C:\Windows\System\FRwRqWM.exe

C:\Windows\System\FRwRqWM.exe

C:\Windows\System\rTwbuEY.exe

C:\Windows\System\rTwbuEY.exe

C:\Windows\System\isQjnDu.exe

C:\Windows\System\isQjnDu.exe

C:\Windows\System\YbtWKFE.exe

C:\Windows\System\YbtWKFE.exe

C:\Windows\System\CtieFqB.exe

C:\Windows\System\CtieFqB.exe

C:\Windows\System\cCbBbna.exe

C:\Windows\System\cCbBbna.exe

C:\Windows\System\WiVzXhL.exe

C:\Windows\System\WiVzXhL.exe

C:\Windows\System\vwrenGt.exe

C:\Windows\System\vwrenGt.exe

C:\Windows\System\QhfFihU.exe

C:\Windows\System\QhfFihU.exe

C:\Windows\System\VOGXTFs.exe

C:\Windows\System\VOGXTFs.exe

C:\Windows\System\UNrNJwR.exe

C:\Windows\System\UNrNJwR.exe

C:\Windows\System\piVcZzP.exe

C:\Windows\System\piVcZzP.exe

C:\Windows\System\lUWTCBF.exe

C:\Windows\System\lUWTCBF.exe

C:\Windows\System\VlKVJKB.exe

C:\Windows\System\VlKVJKB.exe

C:\Windows\System\DCKmDMU.exe

C:\Windows\System\DCKmDMU.exe

C:\Windows\System\NRwIKaW.exe

C:\Windows\System\NRwIKaW.exe

C:\Windows\System\HMdZhXm.exe

C:\Windows\System\HMdZhXm.exe

C:\Windows\System\LLobyjc.exe

C:\Windows\System\LLobyjc.exe

C:\Windows\System\cQswvYR.exe

C:\Windows\System\cQswvYR.exe

C:\Windows\System\keuCjOB.exe

C:\Windows\System\keuCjOB.exe

C:\Windows\System\UEyqbbh.exe

C:\Windows\System\UEyqbbh.exe

C:\Windows\System\upvnlaK.exe

C:\Windows\System\upvnlaK.exe

C:\Windows\System\cOAyMlU.exe

C:\Windows\System\cOAyMlU.exe

C:\Windows\System\PwwJUbb.exe

C:\Windows\System\PwwJUbb.exe

C:\Windows\System\gkGVact.exe

C:\Windows\System\gkGVact.exe

C:\Windows\System\ErhFhEj.exe

C:\Windows\System\ErhFhEj.exe

C:\Windows\System\hFTSQWm.exe

C:\Windows\System\hFTSQWm.exe

C:\Windows\System\wcDBioG.exe

C:\Windows\System\wcDBioG.exe

C:\Windows\System\LWmVUXv.exe

C:\Windows\System\LWmVUXv.exe

C:\Windows\System\PfTEnpr.exe

C:\Windows\System\PfTEnpr.exe

C:\Windows\System\kiAsqUf.exe

C:\Windows\System\kiAsqUf.exe

C:\Windows\System\WdskkGC.exe

C:\Windows\System\WdskkGC.exe

C:\Windows\System\XFYTvwx.exe

C:\Windows\System\XFYTvwx.exe

C:\Windows\System\qUjiwco.exe

C:\Windows\System\qUjiwco.exe

C:\Windows\System\DlDatBM.exe

C:\Windows\System\DlDatBM.exe

C:\Windows\System\XCkvOzP.exe

C:\Windows\System\XCkvOzP.exe

C:\Windows\System\hxqhrwu.exe

C:\Windows\System\hxqhrwu.exe

C:\Windows\System\bnEyQtz.exe

C:\Windows\System\bnEyQtz.exe

C:\Windows\System\gDWEydJ.exe

C:\Windows\System\gDWEydJ.exe

C:\Windows\System\notDPyK.exe

C:\Windows\System\notDPyK.exe

C:\Windows\System\oWmoALI.exe

C:\Windows\System\oWmoALI.exe

C:\Windows\System\RpdyDjG.exe

C:\Windows\System\RpdyDjG.exe

C:\Windows\System\sQutxLP.exe

C:\Windows\System\sQutxLP.exe

C:\Windows\System\ulPzBsv.exe

C:\Windows\System\ulPzBsv.exe

C:\Windows\System\nnykRGF.exe

C:\Windows\System\nnykRGF.exe

C:\Windows\System\GvVqXTw.exe

C:\Windows\System\GvVqXTw.exe

C:\Windows\System\GPwpBMF.exe

C:\Windows\System\GPwpBMF.exe

C:\Windows\System\vNxkoRu.exe

C:\Windows\System\vNxkoRu.exe

C:\Windows\System\dJgcRgC.exe

C:\Windows\System\dJgcRgC.exe

C:\Windows\System\BxeFdMn.exe

C:\Windows\System\BxeFdMn.exe

C:\Windows\System\ADkhepa.exe

C:\Windows\System\ADkhepa.exe

C:\Windows\System\GHyHpOK.exe

C:\Windows\System\GHyHpOK.exe

C:\Windows\System\HIDnYSA.exe

C:\Windows\System\HIDnYSA.exe

C:\Windows\System\liuVctC.exe

C:\Windows\System\liuVctC.exe

C:\Windows\System\ebmtyhX.exe

C:\Windows\System\ebmtyhX.exe

C:\Windows\System\poTThOp.exe

C:\Windows\System\poTThOp.exe

C:\Windows\System\zMIzmfj.exe

C:\Windows\System\zMIzmfj.exe

C:\Windows\System\OLSwRNT.exe

C:\Windows\System\OLSwRNT.exe

C:\Windows\System\DynxEsp.exe

C:\Windows\System\DynxEsp.exe

C:\Windows\System\fUQxWpS.exe

C:\Windows\System\fUQxWpS.exe

C:\Windows\System\eQdXWlq.exe

C:\Windows\System\eQdXWlq.exe

C:\Windows\System\ghKdcAa.exe

C:\Windows\System\ghKdcAa.exe

C:\Windows\System\INLHTQK.exe

C:\Windows\System\INLHTQK.exe

C:\Windows\System\vsCkvdY.exe

C:\Windows\System\vsCkvdY.exe

C:\Windows\System\NDbfZyA.exe

C:\Windows\System\NDbfZyA.exe

C:\Windows\System\tBTqzal.exe

C:\Windows\System\tBTqzal.exe

C:\Windows\System\DerLSLs.exe

C:\Windows\System\DerLSLs.exe

C:\Windows\System\yxAXoiN.exe

C:\Windows\System\yxAXoiN.exe

C:\Windows\System\zbTahPl.exe

C:\Windows\System\zbTahPl.exe

C:\Windows\System\pnhHphQ.exe

C:\Windows\System\pnhHphQ.exe

C:\Windows\System\GRBurju.exe

C:\Windows\System\GRBurju.exe

C:\Windows\System\getXFfW.exe

C:\Windows\System\getXFfW.exe

C:\Windows\System\nRRDiCd.exe

C:\Windows\System\nRRDiCd.exe

C:\Windows\System\oGcvDal.exe

C:\Windows\System\oGcvDal.exe

C:\Windows\System\cQmvaxc.exe

C:\Windows\System\cQmvaxc.exe

C:\Windows\System\nMPwSBT.exe

C:\Windows\System\nMPwSBT.exe

C:\Windows\System\HqWLejd.exe

C:\Windows\System\HqWLejd.exe

C:\Windows\System\DzGWiCC.exe

C:\Windows\System\DzGWiCC.exe

C:\Windows\System\vCBeOYe.exe

C:\Windows\System\vCBeOYe.exe

C:\Windows\System\dBFBZPm.exe

C:\Windows\System\dBFBZPm.exe

C:\Windows\System\SOcbQjE.exe

C:\Windows\System\SOcbQjE.exe

C:\Windows\System\swDxPJq.exe

C:\Windows\System\swDxPJq.exe

C:\Windows\System\ldAiLkf.exe

C:\Windows\System\ldAiLkf.exe

C:\Windows\System\bpQgWiC.exe

C:\Windows\System\bpQgWiC.exe

C:\Windows\System\PcScqkl.exe

C:\Windows\System\PcScqkl.exe

C:\Windows\System\stzZxah.exe

C:\Windows\System\stzZxah.exe

C:\Windows\System\DjUDojM.exe

C:\Windows\System\DjUDojM.exe

C:\Windows\System\bSyqKfM.exe

C:\Windows\System\bSyqKfM.exe

C:\Windows\System\VwIAtTW.exe

C:\Windows\System\VwIAtTW.exe

C:\Windows\System\YYDkfxL.exe

C:\Windows\System\YYDkfxL.exe

C:\Windows\System\sHazTZJ.exe

C:\Windows\System\sHazTZJ.exe

C:\Windows\System\cSpPNub.exe

C:\Windows\System\cSpPNub.exe

C:\Windows\System\mRVNJYS.exe

C:\Windows\System\mRVNJYS.exe

C:\Windows\System\VoVvlmf.exe

C:\Windows\System\VoVvlmf.exe

C:\Windows\System\vEwaspr.exe

C:\Windows\System\vEwaspr.exe

C:\Windows\System\xqOSzGI.exe

C:\Windows\System\xqOSzGI.exe

C:\Windows\System\IHTRMyu.exe

C:\Windows\System\IHTRMyu.exe

C:\Windows\System\clAxiSw.exe

C:\Windows\System\clAxiSw.exe

C:\Windows\System\DpkUIEC.exe

C:\Windows\System\DpkUIEC.exe

C:\Windows\System\pHKsCoA.exe

C:\Windows\System\pHKsCoA.exe

C:\Windows\System\EwHuWbQ.exe

C:\Windows\System\EwHuWbQ.exe

C:\Windows\System\ZYZZoQa.exe

C:\Windows\System\ZYZZoQa.exe

C:\Windows\System\uIXxuRS.exe

C:\Windows\System\uIXxuRS.exe

C:\Windows\System\cwYydCG.exe

C:\Windows\System\cwYydCG.exe

C:\Windows\System\WUuocfH.exe

C:\Windows\System\WUuocfH.exe

C:\Windows\System\ShsUfZE.exe

C:\Windows\System\ShsUfZE.exe

C:\Windows\System\eapMgJk.exe

C:\Windows\System\eapMgJk.exe

C:\Windows\System\CTGRtUa.exe

C:\Windows\System\CTGRtUa.exe

C:\Windows\System\uEtnpRt.exe

C:\Windows\System\uEtnpRt.exe

C:\Windows\System\fPKGUOr.exe

C:\Windows\System\fPKGUOr.exe

C:\Windows\System\uiWxpMX.exe

C:\Windows\System\uiWxpMX.exe

C:\Windows\System\oReOczL.exe

C:\Windows\System\oReOczL.exe

C:\Windows\System\uTovetR.exe

C:\Windows\System\uTovetR.exe

C:\Windows\System\iJYCHnZ.exe

C:\Windows\System\iJYCHnZ.exe

C:\Windows\System\wGDSGgT.exe

C:\Windows\System\wGDSGgT.exe

C:\Windows\System\yoqYmKi.exe

C:\Windows\System\yoqYmKi.exe

C:\Windows\System\EETFSJF.exe

C:\Windows\System\EETFSJF.exe

C:\Windows\System\UWvgXGx.exe

C:\Windows\System\UWvgXGx.exe

C:\Windows\System\fViQxqF.exe

C:\Windows\System\fViQxqF.exe

C:\Windows\System\ZpKjCBd.exe

C:\Windows\System\ZpKjCBd.exe

C:\Windows\System\geAYiJz.exe

C:\Windows\System\geAYiJz.exe

C:\Windows\System\phBgTHq.exe

C:\Windows\System\phBgTHq.exe

C:\Windows\System\rwlqWsd.exe

C:\Windows\System\rwlqWsd.exe

C:\Windows\System\FzDQYUV.exe

C:\Windows\System\FzDQYUV.exe

C:\Windows\System\ylqvBKo.exe

C:\Windows\System\ylqvBKo.exe

C:\Windows\System\WPljHgQ.exe

C:\Windows\System\WPljHgQ.exe

C:\Windows\System\LjdpahZ.exe

C:\Windows\System\LjdpahZ.exe

C:\Windows\System\IeHDcmm.exe

C:\Windows\System\IeHDcmm.exe

C:\Windows\System\fwtxExe.exe

C:\Windows\System\fwtxExe.exe

C:\Windows\System\XpXICUa.exe

C:\Windows\System\XpXICUa.exe

C:\Windows\System\SRKEeRt.exe

C:\Windows\System\SRKEeRt.exe

C:\Windows\System\xlFQkES.exe

C:\Windows\System\xlFQkES.exe

C:\Windows\System\EbtoHsU.exe

C:\Windows\System\EbtoHsU.exe

C:\Windows\System\kxiffyN.exe

C:\Windows\System\kxiffyN.exe

C:\Windows\System\PnjcPqZ.exe

C:\Windows\System\PnjcPqZ.exe

C:\Windows\System\RFLpInZ.exe

C:\Windows\System\RFLpInZ.exe

C:\Windows\System\JdrjOAX.exe

C:\Windows\System\JdrjOAX.exe

C:\Windows\System\jgQDuiB.exe

C:\Windows\System\jgQDuiB.exe

C:\Windows\System\ciSeoIS.exe

C:\Windows\System\ciSeoIS.exe

C:\Windows\System\CXzXhSD.exe

C:\Windows\System\CXzXhSD.exe

C:\Windows\System\qbQywqE.exe

C:\Windows\System\qbQywqE.exe

C:\Windows\System\QWxhEQg.exe

C:\Windows\System\QWxhEQg.exe

C:\Windows\System\QgWJzUw.exe

C:\Windows\System\QgWJzUw.exe

C:\Windows\System\DJybARA.exe

C:\Windows\System\DJybARA.exe

C:\Windows\System\sBzbHVL.exe

C:\Windows\System\sBzbHVL.exe

C:\Windows\System\iTwlqgk.exe

C:\Windows\System\iTwlqgk.exe

C:\Windows\System\hipRrvO.exe

C:\Windows\System\hipRrvO.exe

C:\Windows\System\DBUZdXu.exe

C:\Windows\System\DBUZdXu.exe

C:\Windows\System\PJLobJk.exe

C:\Windows\System\PJLobJk.exe

C:\Windows\System\hmUMuPs.exe

C:\Windows\System\hmUMuPs.exe

C:\Windows\System\eCpXepD.exe

C:\Windows\System\eCpXepD.exe

C:\Windows\System\aVUVPhE.exe

C:\Windows\System\aVUVPhE.exe

C:\Windows\System\Vsagogg.exe

C:\Windows\System\Vsagogg.exe

C:\Windows\System\ubOlcxT.exe

C:\Windows\System\ubOlcxT.exe

C:\Windows\System\ZYAOfVa.exe

C:\Windows\System\ZYAOfVa.exe

C:\Windows\System\NvFwnwz.exe

C:\Windows\System\NvFwnwz.exe

C:\Windows\System\aBhVZuU.exe

C:\Windows\System\aBhVZuU.exe

C:\Windows\System\jEWIUND.exe

C:\Windows\System\jEWIUND.exe

C:\Windows\System\HVZcZOJ.exe

C:\Windows\System\HVZcZOJ.exe

C:\Windows\System\HAjOekj.exe

C:\Windows\System\HAjOekj.exe

C:\Windows\System\DAAYKVB.exe

C:\Windows\System\DAAYKVB.exe

C:\Windows\System\nhMrTbp.exe

C:\Windows\System\nhMrTbp.exe

C:\Windows\System\NeAMAVZ.exe

C:\Windows\System\NeAMAVZ.exe

C:\Windows\System\gzyEsWh.exe

C:\Windows\System\gzyEsWh.exe

C:\Windows\System\opCeoex.exe

C:\Windows\System\opCeoex.exe

C:\Windows\System\qSvdtuk.exe

C:\Windows\System\qSvdtuk.exe

C:\Windows\System\CuClptT.exe

C:\Windows\System\CuClptT.exe

C:\Windows\System\HZUXANT.exe

C:\Windows\System\HZUXANT.exe

C:\Windows\System\bHtixts.exe

C:\Windows\System\bHtixts.exe

C:\Windows\System\fcMpMIC.exe

C:\Windows\System\fcMpMIC.exe

C:\Windows\System\WAorlFy.exe

C:\Windows\System\WAorlFy.exe

C:\Windows\System\fvfOvIk.exe

C:\Windows\System\fvfOvIk.exe

C:\Windows\System\lTSqJTY.exe

C:\Windows\System\lTSqJTY.exe

C:\Windows\System\STjjSQZ.exe

C:\Windows\System\STjjSQZ.exe

C:\Windows\System\MDlDAIN.exe

C:\Windows\System\MDlDAIN.exe

C:\Windows\System\gZeoOux.exe

C:\Windows\System\gZeoOux.exe

C:\Windows\System\lSeXAkG.exe

C:\Windows\System\lSeXAkG.exe

C:\Windows\System\YvUzrJm.exe

C:\Windows\System\YvUzrJm.exe

C:\Windows\System\jMZfbSg.exe

C:\Windows\System\jMZfbSg.exe

C:\Windows\System\OoZdmrl.exe

C:\Windows\System\OoZdmrl.exe

C:\Windows\System\qTBTSAS.exe

C:\Windows\System\qTBTSAS.exe

C:\Windows\System\rjTDSZy.exe

C:\Windows\System\rjTDSZy.exe

C:\Windows\System\gRNNWaO.exe

C:\Windows\System\gRNNWaO.exe

C:\Windows\System\DaWUtGT.exe

C:\Windows\System\DaWUtGT.exe

C:\Windows\System\gZfquZx.exe

C:\Windows\System\gZfquZx.exe

C:\Windows\System\kyVLXeU.exe

C:\Windows\System\kyVLXeU.exe

C:\Windows\System\hpHJstv.exe

C:\Windows\System\hpHJstv.exe

C:\Windows\System\JNLPCcO.exe

C:\Windows\System\JNLPCcO.exe

C:\Windows\System\CZlyWzi.exe

C:\Windows\System\CZlyWzi.exe

C:\Windows\System\vVvKuaQ.exe

C:\Windows\System\vVvKuaQ.exe

C:\Windows\System\oaVTliM.exe

C:\Windows\System\oaVTliM.exe

C:\Windows\System\PXNTViG.exe

C:\Windows\System\PXNTViG.exe

C:\Windows\System\YqyFAae.exe

C:\Windows\System\YqyFAae.exe

C:\Windows\System\KkRFctC.exe

C:\Windows\System\KkRFctC.exe

C:\Windows\System\EsMuepv.exe

C:\Windows\System\EsMuepv.exe

C:\Windows\System\koMLsFK.exe

C:\Windows\System\koMLsFK.exe

C:\Windows\System\yJseclv.exe

C:\Windows\System\yJseclv.exe

C:\Windows\System\KWDcugD.exe

C:\Windows\System\KWDcugD.exe

C:\Windows\System\RDHypcY.exe

C:\Windows\System\RDHypcY.exe

C:\Windows\System\goYRHxt.exe

C:\Windows\System\goYRHxt.exe

C:\Windows\System\hpFfElP.exe

C:\Windows\System\hpFfElP.exe

C:\Windows\System\LoNWvrV.exe

C:\Windows\System\LoNWvrV.exe

C:\Windows\System\eFQiuVF.exe

C:\Windows\System\eFQiuVF.exe

C:\Windows\System\Sopibsr.exe

C:\Windows\System\Sopibsr.exe

C:\Windows\System\ahXggYH.exe

C:\Windows\System\ahXggYH.exe

C:\Windows\System\jcboylE.exe

C:\Windows\System\jcboylE.exe

C:\Windows\System\lkobXMB.exe

C:\Windows\System\lkobXMB.exe

C:\Windows\System\IeyuLeD.exe

C:\Windows\System\IeyuLeD.exe

C:\Windows\System\hfewvuJ.exe

C:\Windows\System\hfewvuJ.exe

C:\Windows\System\wgbZDvp.exe

C:\Windows\System\wgbZDvp.exe

C:\Windows\System\YqVRxvq.exe

C:\Windows\System\YqVRxvq.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2196-0-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2196-1-0x0000000000090000-0x00000000000A0000-memory.dmp

\Windows\system\QcBMhsC.exe

MD5 cb19282a69aba96fd72e496a7bd150e9
SHA1 c5f8df5b0de332e6a75a73c028104c14b35219f8
SHA256 6887a7250180c1fb564b45a2bf1bf8777439940cf668f68b69eaac8f1e04cc26
SHA512 a674c734e8ec33d437bba49ca942711b5726caa2fbbdb16425565e7d396361e99afb73639fae6c7598ccfdbd4259ef159ce39a36a79d4635e47cdd65c5b01110

\Windows\system\hsitjwL.exe

MD5 43c09aa64096357008119257bff808e0
SHA1 9aa4a0d126aeff91b79eeb2786f02ff1cfb4c070
SHA256 b21234c9ed7d4968be0ec0fd19244a800dbbf8247ab489b1404f30ae48da7218
SHA512 d0f9a475958c24f0bae78cbe7397c926644f5ece65be8290316e8594afc9b547aed061d0e50dc5750a45bd5da8489a1a6a06df6c80e527a446cb46d876105a7b

memory/2196-13-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/3016-15-0x000000013F220000-0x000000013F574000-memory.dmp

memory/1228-14-0x000000013F8B0000-0x000000013FC04000-memory.dmp

\Windows\system\EnVfipm.exe

MD5 4bb6fad5579e777d25beff3edf660e19
SHA1 adc58d80c69d47f351dbbe70c1af6ac0f1cfc332
SHA256 fa46c30e43c175b9fa18772125c16093e7b56a9403b05731c44dedb2f5a92914
SHA512 bee2271f6e4a8dd4edc244ecfeb3e4385f63068ca0657c0f139548fafb9992fecf03f966cdcea201737142024cb7c7c5abbdc73b6281c4976d54dceb335c3b89

\Windows\system\lwFTJZA.exe

MD5 6c33e165ea95f53df93a6cc900da527b
SHA1 9be58c7a7188e8795655706225f0feddcd39e7e2
SHA256 902e8952242da72d539843af4c388fa1ce3ca97708ead7348ea3a73fb38f3c44
SHA512 04bfb4bf5b188905c141658054ffa820b09e1d0bb4b4205909de669567e1db3047a4e9f5b6e787374af5f49240a832d21d6c1c1f65f4c729fa2688f3753e8a97

memory/2196-31-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2644-29-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2196-27-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/3064-25-0x000000013F790000-0x000000013FAE4000-memory.dmp

C:\Windows\system\LUixCSM.exe

MD5 07fb154e3304d296e263374f677a2ffa
SHA1 3411ce2d946fc51d94d24fa881cc5ba1572d1697
SHA256 11e0277f3763c534bbbc18bea9679e8fa542f161cb8efeb1b82328bb0ee2eeb1
SHA512 30c0159ad359ec65b4625bfd6eb54f2903fb0a1868a670f54946212958fe8c0fc3b0fd4af5c75d04245d934ab65f3bd02260d26cbeccfd96d69b4ca69dd756cf

memory/2196-19-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2916-36-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2196-42-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/1544-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2196-52-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2196-73-0x000000013FB10000-0x000000013FE64000-memory.dmp

C:\Windows\system\YvGSkAU.exe

MD5 a4d3f6e581024ac50cda10d64b11317f
SHA1 82ebe3f68173bccc1bc488fc036ad7f237191aec
SHA256 c31f97c8329bd8f8a4284cec6e6dc17230e5b285cc023cd60e65a9edcf38bbe4
SHA512 64f40cb6804c2e5315d9dfb5350f7b978e2506119f90159d7f091083989e7b51fd19851bb6844cb16b938a682c953883b90d368a3ed064df9f79bb80cb2dbd30

memory/2644-85-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\ujepWpZ.exe

MD5 7410f5a4b239fa3de3be9ad14d8a20f8
SHA1 4d6c50e35e26facbc79530b8a9d67d2dde7e0caa
SHA256 de93dc4a60819b1b10b20dfc7d1c71ade316506c9cf03700f340de10a8391dcf
SHA512 f18e5c654bd5d1780cc856b494a9e404cd72df49b01ef66e394515b2fce91d557f2ec563b5f584972057f3e778ec810e3054c6c01d9794808690df9780cfa96a

C:\Windows\system\lTzeznH.exe

MD5 2e57990edcf29eef7ebc9a42771e5a7f
SHA1 52005858a661137bcf6191044b3bf52cc98ea257
SHA256 c2def5b211a52efda05d21e5cfe79a5a212ed1a2465291297ecbe6a5e0817c55
SHA512 261cab403a2fe68b379e55dc0e2aeb4a13c865783bfe73ca8c5662b2b2568dea7850cfe540a821ae0144bb74076d6465fe6f945fb9b763d1c0a5b9bec7e7687f

C:\Windows\system\fvdFOrJ.exe

MD5 44b9111ab60967dfb63b937ba7188feb
SHA1 1185a5af5c2a855c7d98f1f4d35c145364dd2659
SHA256 57b6cb56f8cb65e54a5205a80124ebb1925ae8e49f0bc9ab1fd03737a1867263
SHA512 92cefc2072a28b98489f41f113c6b7d29e58f51f909aa50aa371a293afe3e6a546a4c83f357305518c75a5fe9c13ba34d89d9f18a49f6f56c99937c311488c3b

C:\Windows\system\MfVXLiY.exe

MD5 822786da387246b768e947b229f7a6c6
SHA1 a3cb3a15383f54161e93d34ec009e070e04938cf
SHA256 fcb30badfbc9090d8ed6574e971c1bd89784e865f090cf1e34190aa933e245f9
SHA512 541720ef4bec1b300ae5c4435033a07ffabe03a113546106bb5ae6d86cc75c42947108d99e6954648a02bbcddb297d0a75f368ef0fe5f26ab617e6b8a51ea74a

C:\Windows\system\vHlJNNS.exe

MD5 695841a305a4f87e75c6d312283a1c4c
SHA1 979ff41d95af565b62ef0854701f2fa8b48b7b31
SHA256 8627ece7a1b0cbd0f322ee8f00d28b15520f1a95150e374aedd042d94457bf95
SHA512 6b45d4e778a2f3eea969a9f867d38e2f061476f34f97f1bdfa329fa3ac2862d9c617118da9452ab91d5326b11d25a9534ed3fb68ecd732f40b9691d551201fd7

C:\Windows\system\LzSkIhr.exe

MD5 89edb619743f204ee2ad2caffe13dc1d
SHA1 68b1bad0d61b8ff80fda3abe333fe6932f718395
SHA256 1db25c85398a9437c308c71888fba9a2af8bcd66b442222f9be54982a94f9eac
SHA512 f28c05082c250c98cca2844b16881787df86f2b6685ffcdccbc647c72e79d8311c7fe515f1516a1a0f71a24adc39a633208ae3d71157231918c8a4aaa906ef14

C:\Windows\system\BpHjZHs.exe

MD5 7c0b9cfd784cd8b65f007b72e16a7264
SHA1 c2d75b4893b326d6b0b122404efe9c72028f98ac
SHA256 43f7c342d6fe0984435e4fce72bf6e379b335a7cd89b23b4cc4e5007486021b6
SHA512 4b275bc4fd06ed9123d4a89737aa9adf6c71338f68a05abe4d5aafb94e154b16f7dfac550412c391fcec23cc0abe4d27c2c4d751bc03da1180792cc5967574f2

C:\Windows\system\IGVyByq.exe

MD5 eaa2591d52267884cb0c200202741384
SHA1 60b043bb32b2fc32cac9cbe990f5a722e2ec9160
SHA256 648fdef0f72562a28c876f646cc0263492ecd5dc4ec46304aae4eed541a2c46a
SHA512 183dd085efe321a3a054fbcaf94f5953d770658372cd0e6e2c44c6546e996b87ada3a1d354670bb05c5b33c259f1abd5d2e1874b3e8eefef16e7f85c61409123

C:\Windows\system\BPwboTP.exe

MD5 46bf9b10b40a8d10f5682f1e59101d58
SHA1 559914e8bbf2109a8f0b64cd380ac055264d82d8
SHA256 fb474c4103fb7b1c3d466dd1532236aa29507e9377e94557ec4641850121fb89
SHA512 0a761000190ce8878f69bca14c18f4bea0dab8895c47ec51fb329543495b5b5cefa5160e8edc540f31886eb99165d069b92850d8637ff8e3f2ca5662172de235

C:\Windows\system\EhoYGIF.exe

MD5 332856a1ec116359c7a98a799eddad78
SHA1 568dbea46775d8260421fdb5e48e0a652efd0918
SHA256 029434838a58017b2653cc4502eda2fe9c018a859274eaf38a4be39310eb0424
SHA512 84de50a053b8002d6d07d15f51215fb00b7356b123efdd1a0fdcb0f840c8a26334aa537a2a90694a1f8c603ba6f9b328df87eb3b66975604d186821a525755ea

C:\Windows\system\vAobORE.exe

MD5 c4450d0239fc8bcde2ead2c37df94946
SHA1 691c55bb504e0391633d17f7b08ba5dfad7f3c01
SHA256 c74af6e9da295d20bcff5e8779fe36335a351ee6b3ef0d47fa159b4cd4f7b44b
SHA512 351334bf37de912f2f9b5d36f94163d7c3a9c495ba659e03370c52cb6ea28bdfeaecb0a42a7a2a25a52c5aa7e99f7e0ba97a761fbebcf0715037e903508b9fc4

C:\Windows\system\MttghOW.exe

MD5 ddd4282dcc8738bbe42d517cb7419edc
SHA1 56905ea0d34ad68fec22eddc5a0a796e50384702
SHA256 c60571537a049060c5249f0c6f63e61b3fd410e34910af631162ffe276104a5c
SHA512 ec71dbcec1bbd22be74c9d166c331aef21af7cba2ba5d42323f62b94f39c4b50ef002500cfdf72c0abb0f0f3e54e9a5ab1458ffa7085398c68ff65328c8f94b6

C:\Windows\system\hborfsk.exe

MD5 25f41cf0c47b9ffef7f49625ec0515bb
SHA1 fcf57b6f0e31913ef6578da10dc9d06c5a60f00b
SHA256 53fabe51e397e931980d9679e075ef5cac4be665e206796c7368908ba2110f72
SHA512 a89869cd178e79d70e3921586088a01b54e35e2db8e4d6f2656f4ab7b336b8cf35763716a3529fd5f44cb606b42cf81454a48e7397e05b4ed687f2e7eebb4377

C:\Windows\system\nUhZsdC.exe

MD5 1c3ec8e114f1491b5d1a7c2e0b8fb619
SHA1 4fbaafc826b4995f042d3bea4d1b86503440c261
SHA256 4292179e5f35e13771ecaa8b73eef01d358c3af0ee299c22dd8ae0ebfaf22be9
SHA512 8906074c8ae4dfcb27c2c30c4c713947bdd76aa9e027672533bfb160ceae86b126842b311d0ab6b1c2342aa2ba4d9d3ad75f7d267b7d3b85d7aaeeacdcfb6db1

C:\Windows\system\YkQLsxN.exe

MD5 a53c0fa4c964d3cf7d01a380e090ded1
SHA1 1b930447044d1160523cae07c94d02d0082256bd
SHA256 ec1b7368d6554c69c069829b0167aa8dae42b6d32dea4964ef14260bcbf70e16
SHA512 8cb434c2356f37f842f88a1e4202538d82ec7ec2c14ff788b0c41f0fa50911a658eaac5dfad6d112a72af710ddeca1035b98529bd1066d499edb3011a8910a72

C:\Windows\system\fLXLlcY.exe

MD5 19fff023ac0f57198be0497d77cf664d
SHA1 6da728c93e75b0fa80ccc8a648b82c765a1df95a
SHA256 48ff14232e7d592328b963fe79071ac3c1bbafff200f596293cfb265aa8e4301
SHA512 9ae0d9a1992c72b09c898caf04bf81416690453a336a8c65ab2163f40289c725947346dd6b05a6df50a7f59861bdaf55a84f9f0a99f1028b3e673ac8aa0d4e44

C:\Windows\system\isUfAmW.exe

MD5 b567c8879be882a653ee004382495df8
SHA1 4b225b1f5e5efb449c85ea748091280a65cd5a89
SHA256 234cd9e116f7da49a2d16186d908b307917044ee9c81a33c9ef197ca56f8383d
SHA512 50c1645134a1c6bb8a7f3f0dc2ebe60be3f843fdfdfb6a1c6912e182b2fd6143552155bd029ef7c5df97858931fc6cbfeae82f43f92d89d01e80561d402a3db1

memory/2196-110-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2872-109-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2196-108-0x000000013F040000-0x000000013F394000-memory.dmp

C:\Windows\system\HzXwVOM.exe

MD5 72bf77ef18f936f784acb87f93adc631
SHA1 dc11adbf1cc93809063ff0f5b9791557b3d54206
SHA256 611d4443aef781ef71c1d7d4d8b505aa52d1d4b0dee949ac3e95dde97c513f10
SHA512 53ee37d73f3f7e1364fd0cc3387b1a7df7cb4ead34efe7d7b1b2033583dabf6cb85126ec3cf755462a5d8ef084b310f4e73fb39aff17ceb5963fbc35e27cd6eb

C:\Windows\system\dVVmTFA.exe

MD5 c293d0ffc3d743240a83718546ee9cd5
SHA1 797712011570a89c95d015881bd1fb2196c40bc6
SHA256 27b8f42fbbbdbfa0f5a7f27ae605d0be730767960bc686a7a21251f88cc781a1
SHA512 e16e060c394c6a7724f473a634741f70429b10d7c173e97e5c718d5ba94a7c593d4b0fdf3ad90faeb51ca6076e50f9a7cde95a79cb1cae104e6bbf1f565cb7b5

memory/2840-94-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2196-93-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1960-87-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2196-86-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/3064-84-0x000000013F790000-0x000000013FAE4000-memory.dmp

C:\Windows\system\wzFMjgA.exe

MD5 1d282b55578cc63b318b46fa401c89ab
SHA1 4d237dbb1c1fbb598691e6185c909ea3358cc687
SHA256 5a8e58a070a93ea62925aba4723d8ee5c8fdb86b56455d1d1b4ea9b2c9b03495
SHA512 eb5c9372988ddf143c35a3873d32836128782342abee40c9ddac9cb3ab0c11aef4e04baad28cd6d4c51175eaeb6bfa9c73c035d31151819da58f73000de78fe5

memory/2612-77-0x000000013FB10000-0x000000013FE64000-memory.dmp

\Windows\system\KnHtoyB.exe

MD5 8e3112f70022bdf3d7c05d779def514c
SHA1 f0ee0c8f20742cd8449f093b1b9068bcefd9e5dc
SHA256 6f26b7535c74ffe93bd2487171861500190c9795daa61b7b7d51eedb7c2f9a25
SHA512 55faf813fcaddb320070247547808dfef4231b5e6716b4e011144b00de37a2cc5610054840d9f49cf34e1154ffa297cf25676738fb3df85d88dad062b50d3694

memory/2984-75-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2196-74-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2712-57-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2548-72-0x000000013FCC0000-0x0000000140014000-memory.dmp

memory/2196-71-0x000000013FCC0000-0x0000000140014000-memory.dmp

C:\Windows\system\IMZwJYv.exe

MD5 dae7b9c564a335f113e03f84e0bcdd3d
SHA1 d2c397409797708ee794e051d78fe16b4c74ea6d
SHA256 0cf46efb5dd43f670c71e686c961e3fc1ffe7d652d91ccb42270b88a555d8da9
SHA512 ab0ae6dbc96ce4a092d6d5e7f0d9a4cca50fec3c9ea12ca35846486a3de355e38db78e02a2ef2c8a385f5ed202731a4835b2914d93ac3e16e377c63532287051

C:\Windows\system\hHFlVkw.exe

MD5 9c782fb0f0782f11aa17b20fe5529674
SHA1 e0db9ce1bcc71513f7e29f63b79b2a4b133f47f1
SHA256 5ec44626cbf9e5c0011a3116518dda621604ea3b40f42fbcd795e78068fe41cc
SHA512 4cd261c4538b5ca1075e90e39e1c4faea9d942db601a4977fa676f685c9d7b6eb002214244c82a87812a61c31b3c46fa92901ccbc5e5fabed3d48e552ad95b0c

C:\Windows\system\dURXLVz.exe

MD5 4a3e2203fc1c3a876c1138f68d126dc6
SHA1 0b7d6f1aca57e18db476740bf3337208f89498fc
SHA256 ef1e3d9c82325067e1497533a075144d74f7b7797809a6f8c20b265a0443f63d
SHA512 936324ab2fb2843208abf6191c2807d2b2fec928702cdb84a228de195ddf9f9c34bfdc28a8c283d58de0e280a67604c4458daf4833c56c3b40a9b1853a9a6a10

memory/2724-54-0x000000013F510000-0x000000013F864000-memory.dmp

C:\Windows\system\MLLBmhV.exe

MD5 0c0a9a7543df1e589d81b9ae5b649429
SHA1 0b95860486a4ae070d827f954dc8bdee2f6044f2
SHA256 ef647ccae585c5a614dba8c313d9a6a354b41c3fee96b9de5097ce60c5088cf8
SHA512 bb2a83d6e95cb694a98e6eb5c33bd7117190501360cd4983c10642d3c57044dbde01413cc860476954dd0268d1d648b8ccf7c136438dc7e097814e444b450512

memory/2196-47-0x0000000001E50000-0x00000000021A4000-memory.dmp

C:\Windows\system\QXggbRI.exe

MD5 536aaf5a8c2b905529bda72cf668720b
SHA1 16bc897ab456b2bffdd12a3806dbca4879df45fa
SHA256 3ac35a214e8678f3002bf422337d372e028303cf237f2ac09a305baeb4c19499
SHA512 a7a5505e4d4a701560d34d58b57c008306052700ec459f23af2a7393bb8f77c5b102cb626024e34477f2c5a1fbb3844301304452be2f264cb19cef79173b3e1e

memory/2196-1071-0x000000013FCC0000-0x0000000140014000-memory.dmp

memory/2612-1072-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2196-1073-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2196-1074-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2196-1075-0x000000013F040000-0x000000013F394000-memory.dmp

memory/3016-1076-0x000000013F220000-0x000000013F574000-memory.dmp

memory/1228-1077-0x000000013F8B0000-0x000000013FC04000-memory.dmp

memory/3064-1078-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2644-1079-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2916-1080-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/1544-1081-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2724-1082-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2712-1083-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2548-1084-0x000000013FCC0000-0x0000000140014000-memory.dmp

memory/2984-1085-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2612-1086-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/1960-1087-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2840-1088-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2872-1089-0x000000013F040000-0x000000013F394000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 18:50

Reported

2024-05-31 18:53

Platform

win10v2004-20240508-en

Max time kernel

126s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nzLnrPt.exe N/A
N/A N/A C:\Windows\System\xlpJHSm.exe N/A
N/A N/A C:\Windows\System\RacwhTQ.exe N/A
N/A N/A C:\Windows\System\CjzrkMe.exe N/A
N/A N/A C:\Windows\System\CBcjCcm.exe N/A
N/A N/A C:\Windows\System\oReHllx.exe N/A
N/A N/A C:\Windows\System\VeknbxK.exe N/A
N/A N/A C:\Windows\System\fdPvDeu.exe N/A
N/A N/A C:\Windows\System\LjhLGIR.exe N/A
N/A N/A C:\Windows\System\NiIKsjv.exe N/A
N/A N/A C:\Windows\System\RPppmRM.exe N/A
N/A N/A C:\Windows\System\QOcfQQS.exe N/A
N/A N/A C:\Windows\System\hGeykae.exe N/A
N/A N/A C:\Windows\System\LWPlSHV.exe N/A
N/A N/A C:\Windows\System\WcTIMXs.exe N/A
N/A N/A C:\Windows\System\BZTQXSZ.exe N/A
N/A N/A C:\Windows\System\UMjFiPf.exe N/A
N/A N/A C:\Windows\System\ctXZyec.exe N/A
N/A N/A C:\Windows\System\AWsPJWn.exe N/A
N/A N/A C:\Windows\System\PbcFeuo.exe N/A
N/A N/A C:\Windows\System\HvGqWRK.exe N/A
N/A N/A C:\Windows\System\RCtMEYf.exe N/A
N/A N/A C:\Windows\System\SAUHMnU.exe N/A
N/A N/A C:\Windows\System\SdDlqnc.exe N/A
N/A N/A C:\Windows\System\aEoLaaN.exe N/A
N/A N/A C:\Windows\System\EFwRbQM.exe N/A
N/A N/A C:\Windows\System\RAEbljj.exe N/A
N/A N/A C:\Windows\System\olvaQKU.exe N/A
N/A N/A C:\Windows\System\TBKOrSZ.exe N/A
N/A N/A C:\Windows\System\QFuQtcx.exe N/A
N/A N/A C:\Windows\System\yqOMlHO.exe N/A
N/A N/A C:\Windows\System\OjZlCbR.exe N/A
N/A N/A C:\Windows\System\CUVItCl.exe N/A
N/A N/A C:\Windows\System\MgIogsi.exe N/A
N/A N/A C:\Windows\System\HEScrak.exe N/A
N/A N/A C:\Windows\System\anTBPyk.exe N/A
N/A N/A C:\Windows\System\vPFQudk.exe N/A
N/A N/A C:\Windows\System\XZbWrHn.exe N/A
N/A N/A C:\Windows\System\bzWOozz.exe N/A
N/A N/A C:\Windows\System\LiHYECE.exe N/A
N/A N/A C:\Windows\System\PnqSLgN.exe N/A
N/A N/A C:\Windows\System\ZEElkeg.exe N/A
N/A N/A C:\Windows\System\wUFrhKZ.exe N/A
N/A N/A C:\Windows\System\DWXMTpP.exe N/A
N/A N/A C:\Windows\System\VghRhHJ.exe N/A
N/A N/A C:\Windows\System\TJRLNHd.exe N/A
N/A N/A C:\Windows\System\TZgnKSu.exe N/A
N/A N/A C:\Windows\System\KxNUxTk.exe N/A
N/A N/A C:\Windows\System\nsjriRY.exe N/A
N/A N/A C:\Windows\System\HUVYJtz.exe N/A
N/A N/A C:\Windows\System\mUzEEky.exe N/A
N/A N/A C:\Windows\System\ueBQpvf.exe N/A
N/A N/A C:\Windows\System\FuanUsJ.exe N/A
N/A N/A C:\Windows\System\SWaSOTS.exe N/A
N/A N/A C:\Windows\System\RXpuATA.exe N/A
N/A N/A C:\Windows\System\bAClGcQ.exe N/A
N/A N/A C:\Windows\System\cCwGWow.exe N/A
N/A N/A C:\Windows\System\ojAclLJ.exe N/A
N/A N/A C:\Windows\System\imGBQnq.exe N/A
N/A N/A C:\Windows\System\bUYNsUE.exe N/A
N/A N/A C:\Windows\System\aijgUWj.exe N/A
N/A N/A C:\Windows\System\zRjrsXf.exe N/A
N/A N/A C:\Windows\System\xwlfMGA.exe N/A
N/A N/A C:\Windows\System\gjsOmGM.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wyRZRMY.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\omcZylY.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSMTNtY.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZbWrHn.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzWOozz.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnqSLgN.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrMoUuX.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnYtmGi.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRYkzVw.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\kRXWGLL.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBXBaiD.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWsPJWn.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\olvaQKU.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJHKCwo.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\jJQLurS.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgbpYNl.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzLnrPt.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfHPqiB.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdCwPdX.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\matWblr.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiNWuiF.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPonaNZ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\xHzonKD.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlpdXTN.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyysQxH.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNBEeqp.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTCaTTl.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgiKDdU.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwYIXgh.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPFQudk.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJRLNHd.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmcQPmp.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\wMWpRTr.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\YWeljZh.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArdcEBH.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTmdAQv.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\hjmwJdt.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmGTLaM.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDechWi.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlTMIsa.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\oReHllx.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiKxgJX.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\LlghvbI.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\OEagNoZ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKoHDna.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQXHAfU.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMsdFbj.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\NVvDspP.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\imGBQnq.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\txqAtgH.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbkWGFn.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwdhhSV.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbfjXHd.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTaZnhg.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPUYrsn.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\UIhNNQK.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLtMFPt.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjfjfij.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzsmRkf.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqpPciJ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZTQXSZ.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgyERbL.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJGWfWm.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRLmlVS.exe C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2268 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\nzLnrPt.exe
PID 2268 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\nzLnrPt.exe
PID 2268 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\xlpJHSm.exe
PID 2268 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\xlpJHSm.exe
PID 2268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RacwhTQ.exe
PID 2268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RacwhTQ.exe
PID 2268 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\CjzrkMe.exe
PID 2268 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\CjzrkMe.exe
PID 2268 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\CBcjCcm.exe
PID 2268 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\CBcjCcm.exe
PID 2268 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\oReHllx.exe
PID 2268 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\oReHllx.exe
PID 2268 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\VeknbxK.exe
PID 2268 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\VeknbxK.exe
PID 2268 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LjhLGIR.exe
PID 2268 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LjhLGIR.exe
PID 2268 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\fdPvDeu.exe
PID 2268 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\fdPvDeu.exe
PID 2268 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\NiIKsjv.exe
PID 2268 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\NiIKsjv.exe
PID 2268 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RPppmRM.exe
PID 2268 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RPppmRM.exe
PID 2268 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QOcfQQS.exe
PID 2268 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QOcfQQS.exe
PID 2268 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hGeykae.exe
PID 2268 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\hGeykae.exe
PID 2268 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LWPlSHV.exe
PID 2268 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\LWPlSHV.exe
PID 2268 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\WcTIMXs.exe
PID 2268 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\WcTIMXs.exe
PID 2268 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\BZTQXSZ.exe
PID 2268 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\BZTQXSZ.exe
PID 2268 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\UMjFiPf.exe
PID 2268 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\UMjFiPf.exe
PID 2268 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\ctXZyec.exe
PID 2268 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\ctXZyec.exe
PID 2268 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\AWsPJWn.exe
PID 2268 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\AWsPJWn.exe
PID 2268 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RCtMEYf.exe
PID 2268 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RCtMEYf.exe
PID 2268 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\PbcFeuo.exe
PID 2268 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\PbcFeuo.exe
PID 2268 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\HvGqWRK.exe
PID 2268 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\HvGqWRK.exe
PID 2268 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\SAUHMnU.exe
PID 2268 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\SAUHMnU.exe
PID 2268 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\SdDlqnc.exe
PID 2268 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\SdDlqnc.exe
PID 2268 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\aEoLaaN.exe
PID 2268 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\aEoLaaN.exe
PID 2268 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\EFwRbQM.exe
PID 2268 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\EFwRbQM.exe
PID 2268 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\yqOMlHO.exe
PID 2268 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\yqOMlHO.exe
PID 2268 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RAEbljj.exe
PID 2268 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\RAEbljj.exe
PID 2268 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\olvaQKU.exe
PID 2268 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\olvaQKU.exe
PID 2268 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\TBKOrSZ.exe
PID 2268 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\TBKOrSZ.exe
PID 2268 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QFuQtcx.exe
PID 2268 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\QFuQtcx.exe
PID 2268 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\OjZlCbR.exe
PID 2268 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe C:\Windows\System\OjZlCbR.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fe9ff8404ca2dd900777e7ca1507c450_NeikiAnalytics.exe"

C:\Windows\System\nzLnrPt.exe

C:\Windows\System\nzLnrPt.exe

C:\Windows\System\xlpJHSm.exe

C:\Windows\System\xlpJHSm.exe

C:\Windows\System\RacwhTQ.exe

C:\Windows\System\RacwhTQ.exe

C:\Windows\System\CjzrkMe.exe

C:\Windows\System\CjzrkMe.exe

C:\Windows\System\CBcjCcm.exe

C:\Windows\System\CBcjCcm.exe

C:\Windows\System\oReHllx.exe

C:\Windows\System\oReHllx.exe

C:\Windows\System\VeknbxK.exe

C:\Windows\System\VeknbxK.exe

C:\Windows\System\LjhLGIR.exe

C:\Windows\System\LjhLGIR.exe

C:\Windows\System\fdPvDeu.exe

C:\Windows\System\fdPvDeu.exe

C:\Windows\System\NiIKsjv.exe

C:\Windows\System\NiIKsjv.exe

C:\Windows\System\RPppmRM.exe

C:\Windows\System\RPppmRM.exe

C:\Windows\System\QOcfQQS.exe

C:\Windows\System\QOcfQQS.exe

C:\Windows\System\hGeykae.exe

C:\Windows\System\hGeykae.exe

C:\Windows\System\LWPlSHV.exe

C:\Windows\System\LWPlSHV.exe

C:\Windows\System\WcTIMXs.exe

C:\Windows\System\WcTIMXs.exe

C:\Windows\System\BZTQXSZ.exe

C:\Windows\System\BZTQXSZ.exe

C:\Windows\System\UMjFiPf.exe

C:\Windows\System\UMjFiPf.exe

C:\Windows\System\ctXZyec.exe

C:\Windows\System\ctXZyec.exe

C:\Windows\System\AWsPJWn.exe

C:\Windows\System\AWsPJWn.exe

C:\Windows\System\RCtMEYf.exe

C:\Windows\System\RCtMEYf.exe

C:\Windows\System\PbcFeuo.exe

C:\Windows\System\PbcFeuo.exe

C:\Windows\System\HvGqWRK.exe

C:\Windows\System\HvGqWRK.exe

C:\Windows\System\SAUHMnU.exe

C:\Windows\System\SAUHMnU.exe

C:\Windows\System\SdDlqnc.exe

C:\Windows\System\SdDlqnc.exe

C:\Windows\System\aEoLaaN.exe

C:\Windows\System\aEoLaaN.exe

C:\Windows\System\EFwRbQM.exe

C:\Windows\System\EFwRbQM.exe

C:\Windows\System\yqOMlHO.exe

C:\Windows\System\yqOMlHO.exe

C:\Windows\System\RAEbljj.exe

C:\Windows\System\RAEbljj.exe

C:\Windows\System\olvaQKU.exe

C:\Windows\System\olvaQKU.exe

C:\Windows\System\TBKOrSZ.exe

C:\Windows\System\TBKOrSZ.exe

C:\Windows\System\QFuQtcx.exe

C:\Windows\System\QFuQtcx.exe

C:\Windows\System\OjZlCbR.exe

C:\Windows\System\OjZlCbR.exe

C:\Windows\System\CUVItCl.exe

C:\Windows\System\CUVItCl.exe

C:\Windows\System\HEScrak.exe

C:\Windows\System\HEScrak.exe

C:\Windows\System\MgIogsi.exe

C:\Windows\System\MgIogsi.exe

C:\Windows\System\anTBPyk.exe

C:\Windows\System\anTBPyk.exe

C:\Windows\System\vPFQudk.exe

C:\Windows\System\vPFQudk.exe

C:\Windows\System\XZbWrHn.exe

C:\Windows\System\XZbWrHn.exe

C:\Windows\System\bzWOozz.exe

C:\Windows\System\bzWOozz.exe

C:\Windows\System\LiHYECE.exe

C:\Windows\System\LiHYECE.exe

C:\Windows\System\PnqSLgN.exe

C:\Windows\System\PnqSLgN.exe

C:\Windows\System\ZEElkeg.exe

C:\Windows\System\ZEElkeg.exe

C:\Windows\System\wUFrhKZ.exe

C:\Windows\System\wUFrhKZ.exe

C:\Windows\System\DWXMTpP.exe

C:\Windows\System\DWXMTpP.exe

C:\Windows\System\VghRhHJ.exe

C:\Windows\System\VghRhHJ.exe

C:\Windows\System\TJRLNHd.exe

C:\Windows\System\TJRLNHd.exe

C:\Windows\System\TZgnKSu.exe

C:\Windows\System\TZgnKSu.exe

C:\Windows\System\KxNUxTk.exe

C:\Windows\System\KxNUxTk.exe

C:\Windows\System\nsjriRY.exe

C:\Windows\System\nsjriRY.exe

C:\Windows\System\HUVYJtz.exe

C:\Windows\System\HUVYJtz.exe

C:\Windows\System\mUzEEky.exe

C:\Windows\System\mUzEEky.exe

C:\Windows\System\ueBQpvf.exe

C:\Windows\System\ueBQpvf.exe

C:\Windows\System\FuanUsJ.exe

C:\Windows\System\FuanUsJ.exe

C:\Windows\System\SWaSOTS.exe

C:\Windows\System\SWaSOTS.exe

C:\Windows\System\RXpuATA.exe

C:\Windows\System\RXpuATA.exe

C:\Windows\System\bAClGcQ.exe

C:\Windows\System\bAClGcQ.exe

C:\Windows\System\cCwGWow.exe

C:\Windows\System\cCwGWow.exe

C:\Windows\System\ojAclLJ.exe

C:\Windows\System\ojAclLJ.exe

C:\Windows\System\imGBQnq.exe

C:\Windows\System\imGBQnq.exe

C:\Windows\System\bUYNsUE.exe

C:\Windows\System\bUYNsUE.exe

C:\Windows\System\aijgUWj.exe

C:\Windows\System\aijgUWj.exe

C:\Windows\System\zRjrsXf.exe

C:\Windows\System\zRjrsXf.exe

C:\Windows\System\xwlfMGA.exe

C:\Windows\System\xwlfMGA.exe

C:\Windows\System\gjsOmGM.exe

C:\Windows\System\gjsOmGM.exe

C:\Windows\System\WgckLkd.exe

C:\Windows\System\WgckLkd.exe

C:\Windows\System\hfHPqiB.exe

C:\Windows\System\hfHPqiB.exe

C:\Windows\System\flogOiu.exe

C:\Windows\System\flogOiu.exe

C:\Windows\System\biCOmgF.exe

C:\Windows\System\biCOmgF.exe

C:\Windows\System\jsVvEdn.exe

C:\Windows\System\jsVvEdn.exe

C:\Windows\System\LdCkVKJ.exe

C:\Windows\System\LdCkVKJ.exe

C:\Windows\System\WXsXlTU.exe

C:\Windows\System\WXsXlTU.exe

C:\Windows\System\ZgmPuKz.exe

C:\Windows\System\ZgmPuKz.exe

C:\Windows\System\qFIjYnB.exe

C:\Windows\System\qFIjYnB.exe

C:\Windows\System\VHoFEPY.exe

C:\Windows\System\VHoFEPY.exe

C:\Windows\System\nrMoUuX.exe

C:\Windows\System\nrMoUuX.exe

C:\Windows\System\bxyqppn.exe

C:\Windows\System\bxyqppn.exe

C:\Windows\System\FVMfqQC.exe

C:\Windows\System\FVMfqQC.exe

C:\Windows\System\cIeUhbX.exe

C:\Windows\System\cIeUhbX.exe

C:\Windows\System\kHBBZGO.exe

C:\Windows\System\kHBBZGO.exe

C:\Windows\System\xdnkWCv.exe

C:\Windows\System\xdnkWCv.exe

C:\Windows\System\hqIGjNE.exe

C:\Windows\System\hqIGjNE.exe

C:\Windows\System\YgyERbL.exe

C:\Windows\System\YgyERbL.exe

C:\Windows\System\KNAxjVK.exe

C:\Windows\System\KNAxjVK.exe

C:\Windows\System\XLtMFPt.exe

C:\Windows\System\XLtMFPt.exe

C:\Windows\System\gGtIaoz.exe

C:\Windows\System\gGtIaoz.exe

C:\Windows\System\FXNzQPI.exe

C:\Windows\System\FXNzQPI.exe

C:\Windows\System\GvltVzt.exe

C:\Windows\System\GvltVzt.exe

C:\Windows\System\tXxNBae.exe

C:\Windows\System\tXxNBae.exe

C:\Windows\System\MCJTNQO.exe

C:\Windows\System\MCJTNQO.exe

C:\Windows\System\Ocrqcmu.exe

C:\Windows\System\Ocrqcmu.exe

C:\Windows\System\CQHLcSa.exe

C:\Windows\System\CQHLcSa.exe

C:\Windows\System\ctyjNGS.exe

C:\Windows\System\ctyjNGS.exe

C:\Windows\System\hJmzRtw.exe

C:\Windows\System\hJmzRtw.exe

C:\Windows\System\AEIeYHV.exe

C:\Windows\System\AEIeYHV.exe

C:\Windows\System\gjyxvQw.exe

C:\Windows\System\gjyxvQw.exe

C:\Windows\System\NWWAfgZ.exe

C:\Windows\System\NWWAfgZ.exe

C:\Windows\System\YQCDCfe.exe

C:\Windows\System\YQCDCfe.exe

C:\Windows\System\XGAlPnh.exe

C:\Windows\System\XGAlPnh.exe

C:\Windows\System\CnZWqBZ.exe

C:\Windows\System\CnZWqBZ.exe

C:\Windows\System\aUqlJyb.exe

C:\Windows\System\aUqlJyb.exe

C:\Windows\System\uhkAzxc.exe

C:\Windows\System\uhkAzxc.exe

C:\Windows\System\JAucTAc.exe

C:\Windows\System\JAucTAc.exe

C:\Windows\System\JOUytHM.exe

C:\Windows\System\JOUytHM.exe

C:\Windows\System\NzsmRkf.exe

C:\Windows\System\NzsmRkf.exe

C:\Windows\System\LnYtmGi.exe

C:\Windows\System\LnYtmGi.exe

C:\Windows\System\LCbtAgA.exe

C:\Windows\System\LCbtAgA.exe

C:\Windows\System\IKXOSVL.exe

C:\Windows\System\IKXOSVL.exe

C:\Windows\System\YWzCiIu.exe

C:\Windows\System\YWzCiIu.exe

C:\Windows\System\RTDkshz.exe

C:\Windows\System\RTDkshz.exe

C:\Windows\System\xgthnAd.exe

C:\Windows\System\xgthnAd.exe

C:\Windows\System\YWeljZh.exe

C:\Windows\System\YWeljZh.exe

C:\Windows\System\ECcBzjR.exe

C:\Windows\System\ECcBzjR.exe

C:\Windows\System\EZjRjTv.exe

C:\Windows\System\EZjRjTv.exe

C:\Windows\System\wyRZRMY.exe

C:\Windows\System\wyRZRMY.exe

C:\Windows\System\jPUYrsn.exe

C:\Windows\System\jPUYrsn.exe

C:\Windows\System\XSFeSKy.exe

C:\Windows\System\XSFeSKy.exe

C:\Windows\System\UYxishM.exe

C:\Windows\System\UYxishM.exe

C:\Windows\System\vRYkzVw.exe

C:\Windows\System\vRYkzVw.exe

C:\Windows\System\WznDXJv.exe

C:\Windows\System\WznDXJv.exe

C:\Windows\System\OioLnYk.exe

C:\Windows\System\OioLnYk.exe

C:\Windows\System\XQKmnAU.exe

C:\Windows\System\XQKmnAU.exe

C:\Windows\System\UIhNNQK.exe

C:\Windows\System\UIhNNQK.exe

C:\Windows\System\MzGhSpt.exe

C:\Windows\System\MzGhSpt.exe

C:\Windows\System\viTlWhS.exe

C:\Windows\System\viTlWhS.exe

C:\Windows\System\mbzHSyV.exe

C:\Windows\System\mbzHSyV.exe

C:\Windows\System\xJGWfWm.exe

C:\Windows\System\xJGWfWm.exe

C:\Windows\System\MSxpSmV.exe

C:\Windows\System\MSxpSmV.exe

C:\Windows\System\xxrNqec.exe

C:\Windows\System\xxrNqec.exe

C:\Windows\System\ArdcEBH.exe

C:\Windows\System\ArdcEBH.exe

C:\Windows\System\VgqHnAs.exe

C:\Windows\System\VgqHnAs.exe

C:\Windows\System\txqAtgH.exe

C:\Windows\System\txqAtgH.exe

C:\Windows\System\uCVcUod.exe

C:\Windows\System\uCVcUod.exe

C:\Windows\System\gEzvvAC.exe

C:\Windows\System\gEzvvAC.exe

C:\Windows\System\JedUdje.exe

C:\Windows\System\JedUdje.exe

C:\Windows\System\kuUeYFX.exe

C:\Windows\System\kuUeYFX.exe

C:\Windows\System\CgQvIJp.exe

C:\Windows\System\CgQvIJp.exe

C:\Windows\System\GKfuFjB.exe

C:\Windows\System\GKfuFjB.exe

C:\Windows\System\iTeVrAo.exe

C:\Windows\System\iTeVrAo.exe

C:\Windows\System\FEgqgUZ.exe

C:\Windows\System\FEgqgUZ.exe

C:\Windows\System\lmcQPmp.exe

C:\Windows\System\lmcQPmp.exe

C:\Windows\System\xNfwhTO.exe

C:\Windows\System\xNfwhTO.exe

C:\Windows\System\YEnxReN.exe

C:\Windows\System\YEnxReN.exe

C:\Windows\System\XGidvBa.exe

C:\Windows\System\XGidvBa.exe

C:\Windows\System\EIJdfJb.exe

C:\Windows\System\EIJdfJb.exe

C:\Windows\System\pVvSxbj.exe

C:\Windows\System\pVvSxbj.exe

C:\Windows\System\CqLImqm.exe

C:\Windows\System\CqLImqm.exe

C:\Windows\System\TrFAEld.exe

C:\Windows\System\TrFAEld.exe

C:\Windows\System\KWxopOU.exe

C:\Windows\System\KWxopOU.exe

C:\Windows\System\NGnspDB.exe

C:\Windows\System\NGnspDB.exe

C:\Windows\System\JRLmlVS.exe

C:\Windows\System\JRLmlVS.exe

C:\Windows\System\wLIcKHK.exe

C:\Windows\System\wLIcKHK.exe

C:\Windows\System\LlghvbI.exe

C:\Windows\System\LlghvbI.exe

C:\Windows\System\DVobsWp.exe

C:\Windows\System\DVobsWp.exe

C:\Windows\System\tjfjfij.exe

C:\Windows\System\tjfjfij.exe

C:\Windows\System\eqpPciJ.exe

C:\Windows\System\eqpPciJ.exe

C:\Windows\System\VDTGksm.exe

C:\Windows\System\VDTGksm.exe

C:\Windows\System\CiKxgJX.exe

C:\Windows\System\CiKxgJX.exe

C:\Windows\System\DgZoqkO.exe

C:\Windows\System\DgZoqkO.exe

C:\Windows\System\OEagNoZ.exe

C:\Windows\System\OEagNoZ.exe

C:\Windows\System\ZKnMDDV.exe

C:\Windows\System\ZKnMDDV.exe

C:\Windows\System\dBuYmME.exe

C:\Windows\System\dBuYmME.exe

C:\Windows\System\DPonaNZ.exe

C:\Windows\System\DPonaNZ.exe

C:\Windows\System\AHQZjLo.exe

C:\Windows\System\AHQZjLo.exe

C:\Windows\System\YfZVjSb.exe

C:\Windows\System\YfZVjSb.exe

C:\Windows\System\RyFYybX.exe

C:\Windows\System\RyFYybX.exe

C:\Windows\System\yUtNYdB.exe

C:\Windows\System\yUtNYdB.exe

C:\Windows\System\oNBEeqp.exe

C:\Windows\System\oNBEeqp.exe

C:\Windows\System\uTmdAQv.exe

C:\Windows\System\uTmdAQv.exe

C:\Windows\System\sCmrZcZ.exe

C:\Windows\System\sCmrZcZ.exe

C:\Windows\System\ZJHKCwo.exe

C:\Windows\System\ZJHKCwo.exe

C:\Windows\System\kwdhhSV.exe

C:\Windows\System\kwdhhSV.exe

C:\Windows\System\ioJkWam.exe

C:\Windows\System\ioJkWam.exe

C:\Windows\System\xGnMZhA.exe

C:\Windows\System\xGnMZhA.exe

C:\Windows\System\REsucRi.exe

C:\Windows\System\REsucRi.exe

C:\Windows\System\uxGmcsl.exe

C:\Windows\System\uxGmcsl.exe

C:\Windows\System\ZAAaXoZ.exe

C:\Windows\System\ZAAaXoZ.exe

C:\Windows\System\jGDitRG.exe

C:\Windows\System\jGDitRG.exe

C:\Windows\System\tIzLPLw.exe

C:\Windows\System\tIzLPLw.exe

C:\Windows\System\dxxpxVf.exe

C:\Windows\System\dxxpxVf.exe

C:\Windows\System\CQkLHFF.exe

C:\Windows\System\CQkLHFF.exe

C:\Windows\System\TdetZzC.exe

C:\Windows\System\TdetZzC.exe

C:\Windows\System\CWWtMrW.exe

C:\Windows\System\CWWtMrW.exe

C:\Windows\System\lsIymqr.exe

C:\Windows\System\lsIymqr.exe

C:\Windows\System\JvsGCmP.exe

C:\Windows\System\JvsGCmP.exe

C:\Windows\System\osYRcAl.exe

C:\Windows\System\osYRcAl.exe

C:\Windows\System\cgYTPeq.exe

C:\Windows\System\cgYTPeq.exe

C:\Windows\System\SveVexk.exe

C:\Windows\System\SveVexk.exe

C:\Windows\System\ppWjItQ.exe

C:\Windows\System\ppWjItQ.exe

C:\Windows\System\zKoHDna.exe

C:\Windows\System\zKoHDna.exe

C:\Windows\System\lGZHjhp.exe

C:\Windows\System\lGZHjhp.exe

C:\Windows\System\aJkugGS.exe

C:\Windows\System\aJkugGS.exe

C:\Windows\System\TCfOJHD.exe

C:\Windows\System\TCfOJHD.exe

C:\Windows\System\Tzlbhuu.exe

C:\Windows\System\Tzlbhuu.exe

C:\Windows\System\NJrvzXi.exe

C:\Windows\System\NJrvzXi.exe

C:\Windows\System\scSVCeX.exe

C:\Windows\System\scSVCeX.exe

C:\Windows\System\roGgCEK.exe

C:\Windows\System\roGgCEK.exe

C:\Windows\System\hjmwJdt.exe

C:\Windows\System\hjmwJdt.exe

C:\Windows\System\AVfiinY.exe

C:\Windows\System\AVfiinY.exe

C:\Windows\System\xHzonKD.exe

C:\Windows\System\xHzonKD.exe

C:\Windows\System\YpqwVmd.exe

C:\Windows\System\YpqwVmd.exe

C:\Windows\System\sVvDBju.exe

C:\Windows\System\sVvDBju.exe

C:\Windows\System\KzZuoaD.exe

C:\Windows\System\KzZuoaD.exe

C:\Windows\System\DvZqLky.exe

C:\Windows\System\DvZqLky.exe

C:\Windows\System\kQoBdyv.exe

C:\Windows\System\kQoBdyv.exe

C:\Windows\System\QbfjXHd.exe

C:\Windows\System\QbfjXHd.exe

C:\Windows\System\htDpsdh.exe

C:\Windows\System\htDpsdh.exe

C:\Windows\System\pQGUsse.exe

C:\Windows\System\pQGUsse.exe

C:\Windows\System\PnkjKsv.exe

C:\Windows\System\PnkjKsv.exe

C:\Windows\System\bdCwPdX.exe

C:\Windows\System\bdCwPdX.exe

C:\Windows\System\nMNYJvz.exe

C:\Windows\System\nMNYJvz.exe

C:\Windows\System\RZAjfEe.exe

C:\Windows\System\RZAjfEe.exe

C:\Windows\System\YzHGOlE.exe

C:\Windows\System\YzHGOlE.exe

C:\Windows\System\qZTItAK.exe

C:\Windows\System\qZTItAK.exe

C:\Windows\System\PcokKiZ.exe

C:\Windows\System\PcokKiZ.exe

C:\Windows\System\ZpTXHmN.exe

C:\Windows\System\ZpTXHmN.exe

C:\Windows\System\SaQurZs.exe

C:\Windows\System\SaQurZs.exe

C:\Windows\System\xNXwbcw.exe

C:\Windows\System\xNXwbcw.exe

C:\Windows\System\TlktNPD.exe

C:\Windows\System\TlktNPD.exe

C:\Windows\System\nUlIzQj.exe

C:\Windows\System\nUlIzQj.exe

C:\Windows\System\kjPLAGX.exe

C:\Windows\System\kjPLAGX.exe

C:\Windows\System\jJQLurS.exe

C:\Windows\System\jJQLurS.exe

C:\Windows\System\wrCETEr.exe

C:\Windows\System\wrCETEr.exe

C:\Windows\System\etBywIb.exe

C:\Windows\System\etBywIb.exe

C:\Windows\System\wMWpRTr.exe

C:\Windows\System\wMWpRTr.exe

C:\Windows\System\XQCALIc.exe

C:\Windows\System\XQCALIc.exe

C:\Windows\System\vgdmmRd.exe

C:\Windows\System\vgdmmRd.exe

C:\Windows\System\nWMMVSd.exe

C:\Windows\System\nWMMVSd.exe

C:\Windows\System\YsaOhFx.exe

C:\Windows\System\YsaOhFx.exe

C:\Windows\System\ojLNvGB.exe

C:\Windows\System\ojLNvGB.exe

C:\Windows\System\UmzZQVk.exe

C:\Windows\System\UmzZQVk.exe

C:\Windows\System\iTaZnhg.exe

C:\Windows\System\iTaZnhg.exe

C:\Windows\System\AfhYqud.exe

C:\Windows\System\AfhYqud.exe

C:\Windows\System\jmGTLaM.exe

C:\Windows\System\jmGTLaM.exe

C:\Windows\System\kDkLGaX.exe

C:\Windows\System\kDkLGaX.exe

C:\Windows\System\VedlSRV.exe

C:\Windows\System\VedlSRV.exe

C:\Windows\System\HfDLqUE.exe

C:\Windows\System\HfDLqUE.exe

C:\Windows\System\EFIIkGQ.exe

C:\Windows\System\EFIIkGQ.exe

C:\Windows\System\kGSVaNA.exe

C:\Windows\System\kGSVaNA.exe

C:\Windows\System\HlKuqii.exe

C:\Windows\System\HlKuqii.exe

C:\Windows\System\LYtMVHd.exe

C:\Windows\System\LYtMVHd.exe

C:\Windows\System\MmVSKOn.exe

C:\Windows\System\MmVSKOn.exe

C:\Windows\System\matWblr.exe

C:\Windows\System\matWblr.exe

C:\Windows\System\SzIyFYi.exe

C:\Windows\System\SzIyFYi.exe

C:\Windows\System\SXqekji.exe

C:\Windows\System\SXqekji.exe

C:\Windows\System\uWkSZPP.exe

C:\Windows\System\uWkSZPP.exe

C:\Windows\System\LQDYKID.exe

C:\Windows\System\LQDYKID.exe

C:\Windows\System\anZwVvs.exe

C:\Windows\System\anZwVvs.exe

C:\Windows\System\gwQWONR.exe

C:\Windows\System\gwQWONR.exe

C:\Windows\System\DZcatXz.exe

C:\Windows\System\DZcatXz.exe

C:\Windows\System\FkfugWq.exe

C:\Windows\System\FkfugWq.exe

C:\Windows\System\YyIGcCl.exe

C:\Windows\System\YyIGcCl.exe

C:\Windows\System\VZnrSBc.exe

C:\Windows\System\VZnrSBc.exe

C:\Windows\System\oyOQlWi.exe

C:\Windows\System\oyOQlWi.exe

C:\Windows\System\XKXvfnp.exe

C:\Windows\System\XKXvfnp.exe

C:\Windows\System\ByvhzRx.exe

C:\Windows\System\ByvhzRx.exe

C:\Windows\System\RiNWuiF.exe

C:\Windows\System\RiNWuiF.exe

C:\Windows\System\VdAklWG.exe

C:\Windows\System\VdAklWG.exe

C:\Windows\System\BWsbUse.exe

C:\Windows\System\BWsbUse.exe

C:\Windows\System\SruPKDe.exe

C:\Windows\System\SruPKDe.exe

C:\Windows\System\GQXHAfU.exe

C:\Windows\System\GQXHAfU.exe

C:\Windows\System\SymFiDL.exe

C:\Windows\System\SymFiDL.exe

C:\Windows\System\ieFninY.exe

C:\Windows\System\ieFninY.exe

C:\Windows\System\wlpdXTN.exe

C:\Windows\System\wlpdXTN.exe

C:\Windows\System\esmmDxF.exe

C:\Windows\System\esmmDxF.exe

C:\Windows\System\xidLOCw.exe

C:\Windows\System\xidLOCw.exe

C:\Windows\System\PzFQfPq.exe

C:\Windows\System\PzFQfPq.exe

C:\Windows\System\pDfeDVu.exe

C:\Windows\System\pDfeDVu.exe

C:\Windows\System\ugLgGCX.exe

C:\Windows\System\ugLgGCX.exe

C:\Windows\System\kqglzeW.exe

C:\Windows\System\kqglzeW.exe

C:\Windows\System\lvXooLB.exe

C:\Windows\System\lvXooLB.exe

C:\Windows\System\JHNZVqU.exe

C:\Windows\System\JHNZVqU.exe

C:\Windows\System\PqHhgOi.exe

C:\Windows\System\PqHhgOi.exe

C:\Windows\System\LEoRQSs.exe

C:\Windows\System\LEoRQSs.exe

C:\Windows\System\omcZylY.exe

C:\Windows\System\omcZylY.exe

C:\Windows\System\qzfPLLP.exe

C:\Windows\System\qzfPLLP.exe

C:\Windows\System\AUtnkPW.exe

C:\Windows\System\AUtnkPW.exe

C:\Windows\System\vbXQwPv.exe

C:\Windows\System\vbXQwPv.exe

C:\Windows\System\PZtpEvC.exe

C:\Windows\System\PZtpEvC.exe

C:\Windows\System\bRxwYBI.exe

C:\Windows\System\bRxwYBI.exe

C:\Windows\System\ZnBkJlU.exe

C:\Windows\System\ZnBkJlU.exe

C:\Windows\System\mbtNeRt.exe

C:\Windows\System\mbtNeRt.exe

C:\Windows\System\iyysQxH.exe

C:\Windows\System\iyysQxH.exe

C:\Windows\System\HJBZgoo.exe

C:\Windows\System\HJBZgoo.exe

C:\Windows\System\VgCPAUi.exe

C:\Windows\System\VgCPAUi.exe

C:\Windows\System\UlySVjH.exe

C:\Windows\System\UlySVjH.exe

C:\Windows\System\DbZAFNC.exe

C:\Windows\System\DbZAFNC.exe

C:\Windows\System\VtzbuLO.exe

C:\Windows\System\VtzbuLO.exe

C:\Windows\System\AbyuIth.exe

C:\Windows\System\AbyuIth.exe

C:\Windows\System\cpsjUIw.exe

C:\Windows\System\cpsjUIw.exe

C:\Windows\System\vMsdFbj.exe

C:\Windows\System\vMsdFbj.exe

C:\Windows\System\SUMsFQK.exe

C:\Windows\System\SUMsFQK.exe

C:\Windows\System\iHmTHMr.exe

C:\Windows\System\iHmTHMr.exe

C:\Windows\System\DzWnOvi.exe

C:\Windows\System\DzWnOvi.exe

C:\Windows\System\NSMTNtY.exe

C:\Windows\System\NSMTNtY.exe

C:\Windows\System\KqpVhgw.exe

C:\Windows\System\KqpVhgw.exe

C:\Windows\System\qDechWi.exe

C:\Windows\System\qDechWi.exe

C:\Windows\System\NTCaTTl.exe

C:\Windows\System\NTCaTTl.exe

C:\Windows\System\SgbpYNl.exe

C:\Windows\System\SgbpYNl.exe

C:\Windows\System\djBhxNB.exe

C:\Windows\System\djBhxNB.exe

C:\Windows\System\eYkiumy.exe

C:\Windows\System\eYkiumy.exe

C:\Windows\System\NrBOZFY.exe

C:\Windows\System\NrBOZFY.exe

C:\Windows\System\NVvDspP.exe

C:\Windows\System\NVvDspP.exe

C:\Windows\System\SHAQzYJ.exe

C:\Windows\System\SHAQzYJ.exe

C:\Windows\System\kRXWGLL.exe

C:\Windows\System\kRXWGLL.exe

C:\Windows\System\DDewEjU.exe

C:\Windows\System\DDewEjU.exe

C:\Windows\System\oHMVRQh.exe

C:\Windows\System\oHMVRQh.exe

C:\Windows\System\EglhXJh.exe

C:\Windows\System\EglhXJh.exe

C:\Windows\System\dIfkRdE.exe

C:\Windows\System\dIfkRdE.exe

C:\Windows\System\ReknqFn.exe

C:\Windows\System\ReknqFn.exe

C:\Windows\System\OgiKDdU.exe

C:\Windows\System\OgiKDdU.exe

C:\Windows\System\uboAFQC.exe

C:\Windows\System\uboAFQC.exe

C:\Windows\System\bheKpei.exe

C:\Windows\System\bheKpei.exe

C:\Windows\System\IEguOWO.exe

C:\Windows\System\IEguOWO.exe

C:\Windows\System\BwYIXgh.exe

C:\Windows\System\BwYIXgh.exe

C:\Windows\System\TlTMIsa.exe

C:\Windows\System\TlTMIsa.exe

C:\Windows\System\MQEiEUx.exe

C:\Windows\System\MQEiEUx.exe

C:\Windows\System\xtplOKR.exe

C:\Windows\System\xtplOKR.exe

C:\Windows\System\UbkWGFn.exe

C:\Windows\System\UbkWGFn.exe

C:\Windows\System\CUwLBQk.exe

C:\Windows\System\CUwLBQk.exe

C:\Windows\System\ubDwFXC.exe

C:\Windows\System\ubDwFXC.exe

C:\Windows\System\sUuwOez.exe

C:\Windows\System\sUuwOez.exe

C:\Windows\System\COrFoHS.exe

C:\Windows\System\COrFoHS.exe

C:\Windows\System\dBvhrVc.exe

C:\Windows\System\dBvhrVc.exe

C:\Windows\System\IBXBaiD.exe

C:\Windows\System\IBXBaiD.exe

C:\Windows\System\LcIfgzz.exe

C:\Windows\System\LcIfgzz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp

Files

memory/2268-0-0x00007FF6EDEF0000-0x00007FF6EE244000-memory.dmp

memory/2268-1-0x000001E8725B0000-0x000001E8725C0000-memory.dmp

C:\Windows\System\nzLnrPt.exe

MD5 5f2520ff915a557bbff3487054df3103
SHA1 68dad9e9f271f9938317e94931b11184d0e71e75
SHA256 b043bf85247aa44573e866f3bcf9faed6985c837ac5d5418dd9a0e9692f4632e
SHA512 79cb9986876777ef2c6006474e9452a3827e1cf35694d7c4f44fc607f338760b6e9c0265ab1939665162114bf52ccf836ac76af2e7263ee226921d2a7dd86940

C:\Windows\System\RacwhTQ.exe

MD5 affc1fbc2593ee9ee3d51dd69d9eaf0f
SHA1 8be163869b58f02271e47b704f22334c2c66355a
SHA256 ff61a062f15f9d457544e077fe270eabfab11dc3e13315f1a71967f012058cb2
SHA512 791d0f36354e83d071efcf0bb1cfff303342f83fdc3a3c6ca4ec8f3ac3e54f05d890f1bfa1ce0e6a4cddb4604d1846998c231afd2fd2304c5123e1b65510aea1

C:\Windows\System\CBcjCcm.exe

MD5 4377c061f1eadf6e74786b0dcfb7b04c
SHA1 52e51eccdf3dba64982db72d6f011c33ad902b07
SHA256 11c031e08e11a0d4e3ed05b55f3cc4754abf6cbdea9c09a98fbce7f2dfff624e
SHA512 53e290d97e39e69983e0de5fe9805c3b3db4a2e9c22e21e3ec584768c9feffccff5db9a78ed5e2d86bf51918ea6bf78f8b3dcb852f66ae10db3eea5864ff5567

C:\Windows\System\oReHllx.exe

MD5 633ed3cc2445b9fb114d50a7d21211bf
SHA1 c50d44b9cbadcef3d2a9cdc807c9a4294864ccdc
SHA256 d6f0280dd520218f9b642935254a6919bf70be0a366c3d659423bcd721437abf
SHA512 6ddddf9082492e2469e3cf751f88a4b3c24aeec18cda8461924e49be2bf5f273bf5d863fc5f519f566ea272d055ab4983c10ced12d1a76bb2ae2e5956dc942c1

C:\Windows\System\fdPvDeu.exe

MD5 fcbe9d71018e46f228b3021214542b15
SHA1 86df5db2e3b5b053224ad54550562c07a831e9ff
SHA256 b4e7e7299ef7e5da885ce5f879c1966d7c5f850b54ee3b5e8639d1a05977f941
SHA512 085e57ad2e7eb9bd9713cad0ce8ebc57be62a06c06e9d0de6159f8a5c38e07702bf0e2381a958a770779c7a5bc224bc2b0c922b5b8f740d19eb855ff0f3745f6

C:\Windows\System\LWPlSHV.exe

MD5 0ac2dbc646d7ac782fbca7401526a503
SHA1 27bb0b1c47cdd1b40d654578545142eb9a80f61f
SHA256 12484cae192595f2476ca7f89f585616d2c36a0127810dc9c52e4a8564d0b9e7
SHA512 6f119abbcf29c46c53693075fc16ed0006837c905a4e6c4a92e4e9a6f631ea45190a26dd4318f397a79dba919b3656799a1888bf73ebf46424c7ced52c4f0c5a

C:\Windows\System\HvGqWRK.exe

MD5 aa5258c1cd37c8e4c3766afb9b0d9a74
SHA1 36a32e0ecacda5de2866d9f1f32b0f7181435279
SHA256 23499f2856decbafc68bf8ba2c69a588acd259a587e66173d2a06206c7369ef9
SHA512 dc8ea0d325da507ea4251433f981e51b29fc2fb963be14527574048b3650ecc4e4a025b17121fe3ceadb2aeaa441eef4424cf0ff5a11fd0862cb9d4f5986d71a

C:\Windows\System\BZTQXSZ.exe

MD5 985c1fcf2ab7190af03467267be5a60d
SHA1 c0ca315ffdc43a9a73992b949c28e63cb8414802
SHA256 5b5c25a2807b6f75d86c492505c4fd41e8431f2d7b5ba72762b8a0526442f852
SHA512 58dc68b9b9b3810efb48d10ecaca4b6ca3043d0f65e1869ffaf7c9345179f34b8f795aaa08479a4ea1007fb068137e55a097b003d41ad25625f7ecb0f9b27e3b

C:\Windows\System\EFwRbQM.exe

MD5 0481400454423afba74c98585824cf35
SHA1 3ebde54077d39a1c53d6e811a9e9d00ce13cf16c
SHA256 88f860a9c45a2208376b4ea4a5205d7de7e9810e2f4990921a8e4d7819dbe7b1
SHA512 e84e7cade2d598921a7d1fbf8ee48f7bd57afac1ee34d0c2f72da3b4bb7114b43f5979a960662e8e96d18cac9d87ad30509b0c8e52201be807c7726a6d058be6

C:\Windows\System\MgIogsi.exe

MD5 fb74531a3559631b20353c585c4bc31a
SHA1 6a3597668df0106021fad4be4524423d3aa32b68
SHA256 24be82232e76760aa8d96cbd25d35cf81f632c81b29a60b266db1152e60f882f
SHA512 77fc2ba6140e466c001e863bfe7187d1460ede36be4b159326adedc96b8952ce7b4a1738405b7224e292771f5233043532ca474fe7a2cddbba044309ff20b887

C:\Windows\System\TBKOrSZ.exe

MD5 9552c8f0a6d0bf326bf357e3002711f8
SHA1 8e69010fdb18f1e004b49ca0c62254c270157560
SHA256 879387f1b8ba07489c15fe398fa83311913c7dbd3ab70e1dfeb9382097bebd08
SHA512 8de29058b21cc3d8c0e7e34da5de2a57ec612d757a4dbfe2b2da0d6f8c4158e3565ac2f70ad65c0e840db171349c33b982ac569564c523ad3cc2da6d6c124b74

memory/4720-202-0x00007FF7D26A0000-0x00007FF7D29F4000-memory.dmp

memory/4924-207-0x00007FF775BD0000-0x00007FF775F24000-memory.dmp

memory/4640-213-0x00007FF609030000-0x00007FF609384000-memory.dmp

memory/3100-218-0x00007FF7ABC90000-0x00007FF7ABFE4000-memory.dmp

memory/3428-217-0x00007FF65F9D0000-0x00007FF65FD24000-memory.dmp

memory/3680-216-0x00007FF7C4B80000-0x00007FF7C4ED4000-memory.dmp

memory/1028-215-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp

memory/4320-214-0x00007FF79BC30000-0x00007FF79BF84000-memory.dmp

memory/1472-212-0x00007FF600E60000-0x00007FF6011B4000-memory.dmp

memory/1488-211-0x00007FF7EEF60000-0x00007FF7EF2B4000-memory.dmp

memory/3244-210-0x00007FF7FA740000-0x00007FF7FAA94000-memory.dmp

memory/2252-209-0x00007FF6581E0000-0x00007FF658534000-memory.dmp

memory/532-208-0x00007FF71B100000-0x00007FF71B454000-memory.dmp

memory/4636-206-0x00007FF7E8870000-0x00007FF7E8BC4000-memory.dmp

memory/1568-205-0x00007FF761C40000-0x00007FF761F94000-memory.dmp

memory/3204-204-0x00007FF720770000-0x00007FF720AC4000-memory.dmp

memory/3216-203-0x00007FF716310000-0x00007FF716664000-memory.dmp

memory/3664-200-0x00007FF78ECF0000-0x00007FF78F044000-memory.dmp

memory/1820-194-0x00007FF62C060000-0x00007FF62C3B4000-memory.dmp

C:\Windows\System\olvaQKU.exe

MD5 f945f32d394f030fb107a07a7850a7b5
SHA1 cdbbae73e3727c7bc45237df5993db60fa555c51
SHA256 74b5804d5c33b164cb1fdbfa61f9293f19b953c0c592029c9d33ff81f796deb8
SHA512 f0e22c14976f4baeba1729de4cdd47b1f8723df85f3f80a3b51894090aaf52661e2a3b901adbcf1c19e421119d51d8be6a1ace1b2cb9c9411964705848000102

C:\Windows\System\HEScrak.exe

MD5 9db9a9bdcfcf834ecff2a0fd545bc776
SHA1 eb3725cae0a4afb0e3b8a57c3c8e2e22a567078b
SHA256 8b017e7b6c34166702c43fb692597002f316e89c7433326525f9e88bc6686f94
SHA512 b0b711aa46701ea1db2ab0dda455c94c8d0590682ea7282a32e50a05e3f91a8f5b02da9cf5f5fb7e284da93e6eafc4f1071f61173532b374fedf0d32fb287803

memory/748-172-0x00007FF60C2B0000-0x00007FF60C604000-memory.dmp

C:\Windows\System\aEoLaaN.exe

MD5 dafe0fd02b63d0b61baab3cecc8d544c
SHA1 e9d1c26df098e10d3aae2fa0cf4ad65cd736e165
SHA256 ca3a6c07d0c3619969a69ce1a01242a1d7c2f48d5e7fa97f0686fda08f73eb5e
SHA512 88c0c599427e1d6222efb50ed52726392dd6cfe641f906b9cbb600c7e3a8f87ab5b93d0ffade20dda20eb780b10fe41c0b4f50f507d7cda27f062f0c5128775b

C:\Windows\System\RAEbljj.exe

MD5 e9d54a96059e4f076e7f9a2c75693edf
SHA1 9a3fb5e730f43f9301a9e64683461ceb806fb2f1
SHA256 9f76916b7b74b7ecbbb00218f4ac940f8a4f7bf4c9a2f64373282ccf784eb4b1
SHA512 2ebfb0e1b4ec8c42e42b01529bd05f58ee41b3c8d4f6bd968cdf79da02b39cbee07c827ee3f32b910aea3e6d06ef8c701fbfac3a386031edea710e026ff5ba55

memory/3824-164-0x00007FF78BEA0000-0x00007FF78C1F4000-memory.dmp

memory/4968-163-0x00007FF62E940000-0x00007FF62EC94000-memory.dmp

C:\Windows\System\CUVItCl.exe

MD5 ea2c14708287afe249098c8c35faa17e
SHA1 6b1bc3cda4c1566ac9c87c7fea3e27e40592f21f
SHA256 8825dbf8b89c87feb19638463e2f6d4e6757a14723f260866a313a2cdc2d574f
SHA512 34d8b1d317b4be56f16a1c05e9051affb247bfe1ef7a2f64257c3b5e29291beec91c8918b08a95c0a0102953e1daf388f6f44f5475eff355fbd7b88a26974398

C:\Windows\System\OjZlCbR.exe

MD5 077d1a94e5212978e9d9c59a4a0fe51a
SHA1 900494a2e2c66f16eee56c47733aae70ed43a35e
SHA256 47fcccd0c8915953dfcb555d9d529c9a8ab76608ccc4e4153d32f2c689c9cf00
SHA512 90cae6f5560b954389339e698221c123283b79153868f4b13eb84ec7a52b85d5fb2d12afa229b3f3157d6aaa4b3a2c4c858be4c825d5c24ca102d471323ff531

C:\Windows\System\yqOMlHO.exe

MD5 518d33547f77f87d501074a3d8a2bc1c
SHA1 bd59ea3181595a2b2650fc4a9dc5edf769e7b0c1
SHA256 ca4e3d8ab1c184c1cc9492af6fd3c0514429d21556f71806abc2d4d6a80bede1
SHA512 e18461ee28f0e03fe9f3beccd471e054eae3b50220fc9303fbfa479a86feeb04ecf46a60e82d9831aa233a0d1ad2bc7c2ca425dd341355a0e80528276fed5c3a

C:\Windows\System\QFuQtcx.exe

MD5 106754157892391b478e4384928c8ad2
SHA1 6ccd2b08fa20aa45f57463f8390ef7506ef70f04
SHA256 1901e4a58845c432cbb07cf697b2fbd6504ee0c7601256e7d5857b0d603341e8
SHA512 f2352460fcc2ea3e72a3e7117e09886a2304b807dbe9b391e35ec9a963d84ccc7f82c135e160303c41c416f6cbb3848873a73b34c6128bfb1b5d609ff64aeebc

C:\Windows\System\SdDlqnc.exe

MD5 77e1bbafa1b6450e9b057a4ea1f6a536
SHA1 3ddfb9d3f035156e2d23a6f07616e8d071f8d191
SHA256 93d794e5030e693ba1156e9232738771fff9ee39790159858cc52a18501c1fad
SHA512 9158dff796dc73f6af13e8cacd41cef9a07c411d989e043b7b292bd46386d79ccab9c400cf7297a0e2cb7df29bb02e2229c45a9993b14ab32018a1015519260d

C:\Windows\System\SAUHMnU.exe

MD5 cc9fa2d5a74b17b98a17a6ec33f4a9db
SHA1 6e3a4314829c827b2936caa4316e60801dd14bb1
SHA256 7aa29fbe7c0826aab41749b37cd93e2fc1e57fd00fc1f38fd2492254f287307c
SHA512 ec58557fd374a4ba5e5a0dc8f1919174e1c845cce3e4467de825f581a136d2decdd1d2c00a4c20d02aa1d25f7e0492bc347897a56ef04157fa911291d96e2de7

C:\Windows\System\RCtMEYf.exe

MD5 a5472fd66419edb325a70c89d6b193df
SHA1 80069c3913b39a1cae568cee494ac53b336e3727
SHA256 83a75b7458bf5387ef719c3862bea776170dc2d94eb399d83404408beab7d54d
SHA512 b38cf42377672729f6ae72427984b1afb036a6b867ebae6ed88769b7a0adc52472e162270e4fe76d702c0737e8848c600a30a1c7b7d0054f9227d69f623e73ad

C:\Windows\System\PbcFeuo.exe

MD5 5cbbfe654363032384522c21716da3fe
SHA1 17c9d81cf414561d320973e33bce9392c5ea911b
SHA256 1f4e7d320948e893d341c079a1a71a2436bff218c0faf96366cb1729f969e262
SHA512 d983d4ec57393cc8b217b4c739397f5d7cc77ba98660eb6cf2f18c308c27a056fbb198f136552624aa512c50d4dc6d9b935e522720b343ee0d388a8d8cd594ad

memory/1276-138-0x00007FF731070000-0x00007FF7313C4000-memory.dmp

C:\Windows\System\AWsPJWn.exe

MD5 be181c64241d8f245efebba913f7a7de
SHA1 8a138c3d48f03c709dbd7de055037b2ac184c05d
SHA256 b2e127d6f0096a8f627e87d50e24b3ec7e6430adb80521adf8c930e4d5b414e8
SHA512 6e89ba193303561e1b432d67d69d50ab42850779e6b5184533167ae07d4e55e4bca0c410b1181508419259e76616d68c805564ae71fb97b24b996f80a4dc67d9

C:\Windows\System\ctXZyec.exe

MD5 a3e827f35f355428d64e2deaba919997
SHA1 a1b8bc35d49c03cfcf2d387d662d5e3b6b9b5cb0
SHA256 b3cfcbfa571a34e4013a5cf79ba6c6e1bff557aae508a74b65bdd9e35e392e88
SHA512 d0727e565227dea8644635a4cfda8c2c201b37b71ea80dfa6accf8606246c98587f7b29713a44523d2e1987108f572c22d3b33f2d394eee760237124a52c9e79

C:\Windows\System\UMjFiPf.exe

MD5 9e4f449dbd90e077df6904ebd96548de
SHA1 c87a459dc5033fcb3af2479699f995ce6e43b502
SHA256 812fd118a748b6052d77cedfec0443b72f2905a5765a96be90fc93d7cadbbb1f
SHA512 89d29e8b4ee3c5ed3c0fb7a8531eb7b3504bccbed4d38ba796f87ef7563dca16c9c8d7b08330151ea13e5b503b6fa0de950ef2e1d3ca1270a4e5fdf17ca343cb

C:\Windows\System\WcTIMXs.exe

MD5 dbb9878501c03bee04c64138a8bde0a3
SHA1 109a64195069c9ef3914ffc395945f34ab0225d3
SHA256 a9d349a581c2d868b0656dbb65fa93245ff4569ff9a0eae862a0bae387abf9ad
SHA512 57f56bc9465d6bc9f083cb98784ce57dc0397726789d76df8c892d7a00b18b1874fbdb2a257980afda85a0c869f1c70fc48fb12e6cb9f3c7939bd17e2e489ae2

memory/2576-111-0x00007FF7B8910000-0x00007FF7B8C64000-memory.dmp

C:\Windows\System\LjhLGIR.exe

MD5 ed732361415959c80609275bdc8736a7
SHA1 acba56ba4a84bd7287f312afc93d5032fe1986c6
SHA256 8637ef4c5e1029ac0b35b7f08ce9b41e0e917c2d5390cc3677464ad431879356
SHA512 dec41515bd7cecb729f3a81654227b4d5af11607e01a90476203677280573e0f889c88f704bb2d552e4430b61d2a47e80c931fec3fbc1dd07ac1783ec4d666ff

C:\Windows\System\QOcfQQS.exe

MD5 dd68ec2f4d3a9f33223716142fc1d53b
SHA1 18cb63a871c7fe6c877e660cec81c8f9f20397c1
SHA256 c006295b4e2f96971668b2083d4ef106d3de5ac2db0d3b8f74c0cdfbba460963
SHA512 2311ddfc75d08c8465d516d99f96dc67b476b9c4d68f85147f22b6762693b2c36083b7cac864be303651ff38884d6ab1ba35fab6adee8cfbf8223d315e888882

C:\Windows\System\RPppmRM.exe

MD5 bc12e9e5af7a87dcd1cb300d752bc3ee
SHA1 24605e74525aa45b34e608f161c01aa7cb46c798
SHA256 38e35cc810936ff544f3bd44b74501a14496da5b57cf0117e7242d5be040a13a
SHA512 b3c19385f0904e37adf7e04e7f9e81508b82c2b4d8be8492a1e5030fd87a141eae18bac7dc632bdfe3c8c12392bc1d3b2853e1c9da11c237a3d28cc2a9e8687b

memory/4540-91-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp

C:\Windows\System\NiIKsjv.exe

MD5 0733c33b3c57d31c1bf99371f129e858
SHA1 3b4eb1bcccd8649ad40a44c8d879133b4a906554
SHA256 abfe6cd22252651f0d572104179c0f0edcb5701e8679a178bf7864e691b9862c
SHA512 c0763ccb79b7a58b9ce6bed7db26d588575974455d92ab7b449908ca48c96cfaaf5e52dc6c4440c3ed6feb50450950fb4da3300024320885e1a77a1f4117c80c

C:\Windows\System\hGeykae.exe

MD5 ac7daf3df6fc0317553db8d6606ccd4e
SHA1 01fd9944cad33fd34117cadf1f7704c0c7dd23f6
SHA256 7dcd9bd511b2f71301a3f0be258b770773a788537fa74cc44863b7c691b3f052
SHA512 e7ae12ba09eaabfa2ce4af83b69f953d6aa0694035ca7b99f0062e928a6c2e585dee12ff4d7533570ca8f631011912a01c1e624380b5e2d612534d30c84cd73b

memory/1168-70-0x00007FF622AF0000-0x00007FF622E44000-memory.dmp

C:\Windows\System\VeknbxK.exe

MD5 ff02aaa778503254ad4cff6ad1f7d8e8
SHA1 adc419b116cb6f18ed518d6d1094b2f6377ece6d
SHA256 cee60b062bc78569ceeb32ad30878e1ffe5f563758aeebc54423d8ac4afe7163
SHA512 b593b0461723de298bd845b1e714315b38b210846f0af4496795870ccfa7d228fc87ef72461e16d0575e3c8a829bb2954b6f4bb9699b5c55e19319ffc920b6b3

memory/1648-46-0x00007FF764430000-0x00007FF764784000-memory.dmp

memory/968-31-0x00007FF751310000-0x00007FF751664000-memory.dmp

C:\Windows\System\CjzrkMe.exe

MD5 14d8bc98c66c32ec7231ad2b92d56fa9
SHA1 7012fb143febfa7a793fb7c680abceb855b0e015
SHA256 a4fe847f2fbffe7a7611510715ec01225d8179dc0fb7c49dc4e986711b584a1c
SHA512 bb2b1bfb59943504c77bab3b679cbe02a6e4815df471ec95c4a678a4e5169dd0fb4c3878e616c5fb770981babb183376605a4d2041f64296040fd339522d572a

C:\Windows\System\xlpJHSm.exe

MD5 48213e07ec33071568fdec5be3d915b8
SHA1 e6f7a7ee9ebcbb19192b85d85bb80e1f86f2b06b
SHA256 eefa34ea05effafe2a56558b1f13e08438017dcbb00224fa9163ab10f3a3ba2a
SHA512 4423f3888118829072ad7c863fa456b07603c4085d8c473d83e0a75d9e62dc313e75e932a2d5c1b23d3d0201937105a91e134d33fca2a4d324f86941fd28f085

memory/5004-14-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp

memory/2268-1070-0x00007FF6EDEF0000-0x00007FF6EE244000-memory.dmp

memory/5004-1071-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp

memory/1648-1072-0x00007FF764430000-0x00007FF764784000-memory.dmp

memory/4540-1073-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp

memory/2576-1074-0x00007FF7B8910000-0x00007FF7B8C64000-memory.dmp

memory/1488-1075-0x00007FF7EEF60000-0x00007FF7EF2B4000-memory.dmp

memory/968-1076-0x00007FF751310000-0x00007FF751664000-memory.dmp

memory/1472-1077-0x00007FF600E60000-0x00007FF6011B4000-memory.dmp

memory/5004-1078-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp

memory/1168-1080-0x00007FF622AF0000-0x00007FF622E44000-memory.dmp

memory/1648-1079-0x00007FF764430000-0x00007FF764784000-memory.dmp

memory/4640-1081-0x00007FF609030000-0x00007FF609384000-memory.dmp

memory/4924-1084-0x00007FF775BD0000-0x00007FF775F24000-memory.dmp

memory/4968-1095-0x00007FF62E940000-0x00007FF62EC94000-memory.dmp

memory/3428-1100-0x00007FF65F9D0000-0x00007FF65FD24000-memory.dmp

memory/3100-1102-0x00007FF7ABC90000-0x00007FF7ABFE4000-memory.dmp

memory/2252-1101-0x00007FF6581E0000-0x00007FF658534000-memory.dmp

memory/2576-1099-0x00007FF7B8910000-0x00007FF7B8C64000-memory.dmp

memory/4720-1098-0x00007FF7D26A0000-0x00007FF7D29F4000-memory.dmp

memory/3680-1097-0x00007FF7C4B80000-0x00007FF7C4ED4000-memory.dmp

memory/532-1096-0x00007FF71B100000-0x00007FF71B454000-memory.dmp

memory/3204-1094-0x00007FF720770000-0x00007FF720AC4000-memory.dmp

memory/4540-1093-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp

memory/3824-1092-0x00007FF78BEA0000-0x00007FF78C1F4000-memory.dmp

memory/1028-1091-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp

memory/748-1090-0x00007FF60C2B0000-0x00007FF60C604000-memory.dmp

memory/1820-1089-0x00007FF62C060000-0x00007FF62C3B4000-memory.dmp

memory/3664-1087-0x00007FF78ECF0000-0x00007FF78F044000-memory.dmp

memory/4636-1086-0x00007FF7E8870000-0x00007FF7E8BC4000-memory.dmp

memory/4320-1085-0x00007FF79BC30000-0x00007FF79BF84000-memory.dmp

memory/1568-1088-0x00007FF761C40000-0x00007FF761F94000-memory.dmp

memory/3216-1083-0x00007FF716310000-0x00007FF716664000-memory.dmp

memory/1276-1082-0x00007FF731070000-0x00007FF7313C4000-memory.dmp

memory/3244-1103-0x00007FF7FA740000-0x00007FF7FAA94000-memory.dmp