Malware Analysis Report

2024-10-16 07:51

Sample ID 240531-z1fx7ade2t
Target 7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe
SHA256 78a207efc7313368b423224154a78599c7d3c52c06fcd337cf9bb6e55fc05eaf
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

78a207efc7313368b423224154a78599c7d3c52c06fcd337cf9bb6e55fc05eaf

Threat Level: Known bad

The file 7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Xmrig family

xmrig

XMRig Miner payload

KPOT

Kpot family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 21:10

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 21:10

Reported

2024-05-31 21:13

Platform

win7-20240221-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OfqnZSJ.exe N/A
N/A N/A C:\Windows\System\nPZcXid.exe N/A
N/A N/A C:\Windows\System\mejaEpz.exe N/A
N/A N/A C:\Windows\System\SgPYbUL.exe N/A
N/A N/A C:\Windows\System\DPTLfrF.exe N/A
N/A N/A C:\Windows\System\WgHTCHR.exe N/A
N/A N/A C:\Windows\System\IRFGCba.exe N/A
N/A N/A C:\Windows\System\whtshSK.exe N/A
N/A N/A C:\Windows\System\ebzbBCf.exe N/A
N/A N/A C:\Windows\System\qBfjRPA.exe N/A
N/A N/A C:\Windows\System\tVCGOva.exe N/A
N/A N/A C:\Windows\System\HYfviGT.exe N/A
N/A N/A C:\Windows\System\SxnSfvS.exe N/A
N/A N/A C:\Windows\System\NgIzFgs.exe N/A
N/A N/A C:\Windows\System\KkfeeZu.exe N/A
N/A N/A C:\Windows\System\kDThNJx.exe N/A
N/A N/A C:\Windows\System\MlaNOUx.exe N/A
N/A N/A C:\Windows\System\ArIeehc.exe N/A
N/A N/A C:\Windows\System\qitHbnw.exe N/A
N/A N/A C:\Windows\System\DHsdcRo.exe N/A
N/A N/A C:\Windows\System\GrmQehP.exe N/A
N/A N/A C:\Windows\System\cznQUhB.exe N/A
N/A N/A C:\Windows\System\OcHUfye.exe N/A
N/A N/A C:\Windows\System\mhYeacY.exe N/A
N/A N/A C:\Windows\System\nSHdYay.exe N/A
N/A N/A C:\Windows\System\EMkzXPZ.exe N/A
N/A N/A C:\Windows\System\OLArFvO.exe N/A
N/A N/A C:\Windows\System\PWYvumt.exe N/A
N/A N/A C:\Windows\System\VGYlfeb.exe N/A
N/A N/A C:\Windows\System\ivIJoIg.exe N/A
N/A N/A C:\Windows\System\vpLakzr.exe N/A
N/A N/A C:\Windows\System\JkclLJd.exe N/A
N/A N/A C:\Windows\System\njfOXfC.exe N/A
N/A N/A C:\Windows\System\pcypGgn.exe N/A
N/A N/A C:\Windows\System\MCmJcUF.exe N/A
N/A N/A C:\Windows\System\QZcFHzL.exe N/A
N/A N/A C:\Windows\System\XklMsqs.exe N/A
N/A N/A C:\Windows\System\vaqPEsE.exe N/A
N/A N/A C:\Windows\System\jfwjKlu.exe N/A
N/A N/A C:\Windows\System\cJMcJpt.exe N/A
N/A N/A C:\Windows\System\ivhhXFB.exe N/A
N/A N/A C:\Windows\System\ABJvZDF.exe N/A
N/A N/A C:\Windows\System\YrNvUMY.exe N/A
N/A N/A C:\Windows\System\kdpVstD.exe N/A
N/A N/A C:\Windows\System\cdmdJoh.exe N/A
N/A N/A C:\Windows\System\zcntZbm.exe N/A
N/A N/A C:\Windows\System\ycrBoRw.exe N/A
N/A N/A C:\Windows\System\jZMufmu.exe N/A
N/A N/A C:\Windows\System\Meaikjo.exe N/A
N/A N/A C:\Windows\System\SaRcOqs.exe N/A
N/A N/A C:\Windows\System\JoxUZJy.exe N/A
N/A N/A C:\Windows\System\RvvovbO.exe N/A
N/A N/A C:\Windows\System\cezVgkl.exe N/A
N/A N/A C:\Windows\System\TCHjqTH.exe N/A
N/A N/A C:\Windows\System\oeSrcsK.exe N/A
N/A N/A C:\Windows\System\tGnWjhf.exe N/A
N/A N/A C:\Windows\System\QrnfEYn.exe N/A
N/A N/A C:\Windows\System\ReSBVqO.exe N/A
N/A N/A C:\Windows\System\RKEoamw.exe N/A
N/A N/A C:\Windows\System\ZMJIbOG.exe N/A
N/A N/A C:\Windows\System\qeyRZdP.exe N/A
N/A N/A C:\Windows\System\FGEcXso.exe N/A
N/A N/A C:\Windows\System\aeIgbnK.exe N/A
N/A N/A C:\Windows\System\EWqUyie.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HVGSHDK.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bbrbwoy.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tkRpreP.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uJBCcDp.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\POVHbPK.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCmJcUF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjiATgC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LrTYgTk.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uJbglyk.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDuscQn.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJJkkao.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDGgGIT.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwcFxkg.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvwBmZE.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArHuvfu.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivhhXFB.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuuQEED.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpEUCJw.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\addDvyU.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUbnBUg.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qitHbnw.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlTdeTZ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJkPMEI.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVfubmX.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvySAdU.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooEkzge.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMWzhRV.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPZcXid.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFfqTmT.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKwVdOf.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYVpqBG.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUkkqNC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DjmgwEx.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxaUnbB.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OclzhMd.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhYeacY.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJMJpbH.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nuYweOs.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKDVABY.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\swESgMe.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rKIuSeV.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlOpyPV.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tezcLpv.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdNWvuE.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPTLfrF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwHiuWp.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTonRsg.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KojJJwJ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGnWjhf.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EABygLZ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwOuOOi.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ueGGMoj.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOVDBjB.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pcypGgn.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfwjKlu.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILfbQYy.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYauhyi.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PffpXHY.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoxUZJy.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IczhLyU.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMTzoGT.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBjoUSJ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbqXHQd.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyTYVwV.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1712 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\OfqnZSJ.exe
PID 1712 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\OfqnZSJ.exe
PID 1712 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\OfqnZSJ.exe
PID 1712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\nPZcXid.exe
PID 1712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\nPZcXid.exe
PID 1712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\nPZcXid.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\mejaEpz.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\mejaEpz.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\mejaEpz.exe
PID 1712 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SgPYbUL.exe
PID 1712 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SgPYbUL.exe
PID 1712 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SgPYbUL.exe
PID 1712 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DPTLfrF.exe
PID 1712 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DPTLfrF.exe
PID 1712 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DPTLfrF.exe
PID 1712 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\WgHTCHR.exe
PID 1712 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\WgHTCHR.exe
PID 1712 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\WgHTCHR.exe
PID 1712 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\IRFGCba.exe
PID 1712 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\IRFGCba.exe
PID 1712 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\IRFGCba.exe
PID 1712 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\whtshSK.exe
PID 1712 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\whtshSK.exe
PID 1712 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\whtshSK.exe
PID 1712 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ebzbBCf.exe
PID 1712 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ebzbBCf.exe
PID 1712 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ebzbBCf.exe
PID 1712 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\tVCGOva.exe
PID 1712 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\tVCGOva.exe
PID 1712 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\tVCGOva.exe
PID 1712 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qBfjRPA.exe
PID 1712 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qBfjRPA.exe
PID 1712 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qBfjRPA.exe
PID 1712 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HYfviGT.exe
PID 1712 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HYfviGT.exe
PID 1712 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HYfviGT.exe
PID 1712 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SxnSfvS.exe
PID 1712 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SxnSfvS.exe
PID 1712 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\SxnSfvS.exe
PID 1712 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\NgIzFgs.exe
PID 1712 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\NgIzFgs.exe
PID 1712 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\NgIzFgs.exe
PID 1712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\KkfeeZu.exe
PID 1712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\KkfeeZu.exe
PID 1712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\KkfeeZu.exe
PID 1712 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\kDThNJx.exe
PID 1712 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\kDThNJx.exe
PID 1712 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\kDThNJx.exe
PID 1712 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\MlaNOUx.exe
PID 1712 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\MlaNOUx.exe
PID 1712 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\MlaNOUx.exe
PID 1712 wrote to memory of 356 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ArIeehc.exe
PID 1712 wrote to memory of 356 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ArIeehc.exe
PID 1712 wrote to memory of 356 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ArIeehc.exe
PID 1712 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qitHbnw.exe
PID 1712 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qitHbnw.exe
PID 1712 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\qitHbnw.exe
PID 1712 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DHsdcRo.exe
PID 1712 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DHsdcRo.exe
PID 1712 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\DHsdcRo.exe
PID 1712 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\GrmQehP.exe
PID 1712 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\GrmQehP.exe
PID 1712 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\GrmQehP.exe
PID 1712 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\cznQUhB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe"

C:\Windows\System\OfqnZSJ.exe

C:\Windows\System\OfqnZSJ.exe

C:\Windows\System\nPZcXid.exe

C:\Windows\System\nPZcXid.exe

C:\Windows\System\mejaEpz.exe

C:\Windows\System\mejaEpz.exe

C:\Windows\System\SgPYbUL.exe

C:\Windows\System\SgPYbUL.exe

C:\Windows\System\DPTLfrF.exe

C:\Windows\System\DPTLfrF.exe

C:\Windows\System\WgHTCHR.exe

C:\Windows\System\WgHTCHR.exe

C:\Windows\System\IRFGCba.exe

C:\Windows\System\IRFGCba.exe

C:\Windows\System\whtshSK.exe

C:\Windows\System\whtshSK.exe

C:\Windows\System\ebzbBCf.exe

C:\Windows\System\ebzbBCf.exe

C:\Windows\System\tVCGOva.exe

C:\Windows\System\tVCGOva.exe

C:\Windows\System\qBfjRPA.exe

C:\Windows\System\qBfjRPA.exe

C:\Windows\System\HYfviGT.exe

C:\Windows\System\HYfviGT.exe

C:\Windows\System\SxnSfvS.exe

C:\Windows\System\SxnSfvS.exe

C:\Windows\System\NgIzFgs.exe

C:\Windows\System\NgIzFgs.exe

C:\Windows\System\KkfeeZu.exe

C:\Windows\System\KkfeeZu.exe

C:\Windows\System\kDThNJx.exe

C:\Windows\System\kDThNJx.exe

C:\Windows\System\MlaNOUx.exe

C:\Windows\System\MlaNOUx.exe

C:\Windows\System\ArIeehc.exe

C:\Windows\System\ArIeehc.exe

C:\Windows\System\qitHbnw.exe

C:\Windows\System\qitHbnw.exe

C:\Windows\System\DHsdcRo.exe

C:\Windows\System\DHsdcRo.exe

C:\Windows\System\GrmQehP.exe

C:\Windows\System\GrmQehP.exe

C:\Windows\System\cznQUhB.exe

C:\Windows\System\cznQUhB.exe

C:\Windows\System\OcHUfye.exe

C:\Windows\System\OcHUfye.exe

C:\Windows\System\mhYeacY.exe

C:\Windows\System\mhYeacY.exe

C:\Windows\System\nSHdYay.exe

C:\Windows\System\nSHdYay.exe

C:\Windows\System\EMkzXPZ.exe

C:\Windows\System\EMkzXPZ.exe

C:\Windows\System\OLArFvO.exe

C:\Windows\System\OLArFvO.exe

C:\Windows\System\PWYvumt.exe

C:\Windows\System\PWYvumt.exe

C:\Windows\System\VGYlfeb.exe

C:\Windows\System\VGYlfeb.exe

C:\Windows\System\ivIJoIg.exe

C:\Windows\System\ivIJoIg.exe

C:\Windows\System\vpLakzr.exe

C:\Windows\System\vpLakzr.exe

C:\Windows\System\JkclLJd.exe

C:\Windows\System\JkclLJd.exe

C:\Windows\System\njfOXfC.exe

C:\Windows\System\njfOXfC.exe

C:\Windows\System\pcypGgn.exe

C:\Windows\System\pcypGgn.exe

C:\Windows\System\MCmJcUF.exe

C:\Windows\System\MCmJcUF.exe

C:\Windows\System\QZcFHzL.exe

C:\Windows\System\QZcFHzL.exe

C:\Windows\System\XklMsqs.exe

C:\Windows\System\XklMsqs.exe

C:\Windows\System\vaqPEsE.exe

C:\Windows\System\vaqPEsE.exe

C:\Windows\System\jfwjKlu.exe

C:\Windows\System\jfwjKlu.exe

C:\Windows\System\cJMcJpt.exe

C:\Windows\System\cJMcJpt.exe

C:\Windows\System\ivhhXFB.exe

C:\Windows\System\ivhhXFB.exe

C:\Windows\System\ABJvZDF.exe

C:\Windows\System\ABJvZDF.exe

C:\Windows\System\YrNvUMY.exe

C:\Windows\System\YrNvUMY.exe

C:\Windows\System\cdmdJoh.exe

C:\Windows\System\cdmdJoh.exe

C:\Windows\System\kdpVstD.exe

C:\Windows\System\kdpVstD.exe

C:\Windows\System\ycrBoRw.exe

C:\Windows\System\ycrBoRw.exe

C:\Windows\System\zcntZbm.exe

C:\Windows\System\zcntZbm.exe

C:\Windows\System\Meaikjo.exe

C:\Windows\System\Meaikjo.exe

C:\Windows\System\jZMufmu.exe

C:\Windows\System\jZMufmu.exe

C:\Windows\System\SaRcOqs.exe

C:\Windows\System\SaRcOqs.exe

C:\Windows\System\JoxUZJy.exe

C:\Windows\System\JoxUZJy.exe

C:\Windows\System\cezVgkl.exe

C:\Windows\System\cezVgkl.exe

C:\Windows\System\RvvovbO.exe

C:\Windows\System\RvvovbO.exe

C:\Windows\System\TCHjqTH.exe

C:\Windows\System\TCHjqTH.exe

C:\Windows\System\oeSrcsK.exe

C:\Windows\System\oeSrcsK.exe

C:\Windows\System\tGnWjhf.exe

C:\Windows\System\tGnWjhf.exe

C:\Windows\System\QrnfEYn.exe

C:\Windows\System\QrnfEYn.exe

C:\Windows\System\ReSBVqO.exe

C:\Windows\System\ReSBVqO.exe

C:\Windows\System\RKEoamw.exe

C:\Windows\System\RKEoamw.exe

C:\Windows\System\ZMJIbOG.exe

C:\Windows\System\ZMJIbOG.exe

C:\Windows\System\qeyRZdP.exe

C:\Windows\System\qeyRZdP.exe

C:\Windows\System\FGEcXso.exe

C:\Windows\System\FGEcXso.exe

C:\Windows\System\aeIgbnK.exe

C:\Windows\System\aeIgbnK.exe

C:\Windows\System\EWqUyie.exe

C:\Windows\System\EWqUyie.exe

C:\Windows\System\ZuuQEED.exe

C:\Windows\System\ZuuQEED.exe

C:\Windows\System\kKMuEnb.exe

C:\Windows\System\kKMuEnb.exe

C:\Windows\System\HVGSHDK.exe

C:\Windows\System\HVGSHDK.exe

C:\Windows\System\INfITjY.exe

C:\Windows\System\INfITjY.exe

C:\Windows\System\CAewqkC.exe

C:\Windows\System\CAewqkC.exe

C:\Windows\System\NwryDda.exe

C:\Windows\System\NwryDda.exe

C:\Windows\System\nwHiuWp.exe

C:\Windows\System\nwHiuWp.exe

C:\Windows\System\VImIByC.exe

C:\Windows\System\VImIByC.exe

C:\Windows\System\iTlsmll.exe

C:\Windows\System\iTlsmll.exe

C:\Windows\System\MlubDSk.exe

C:\Windows\System\MlubDSk.exe

C:\Windows\System\VjiATgC.exe

C:\Windows\System\VjiATgC.exe

C:\Windows\System\JAkRjFv.exe

C:\Windows\System\JAkRjFv.exe

C:\Windows\System\GosPIqm.exe

C:\Windows\System\GosPIqm.exe

C:\Windows\System\EABygLZ.exe

C:\Windows\System\EABygLZ.exe

C:\Windows\System\weYsqUr.exe

C:\Windows\System\weYsqUr.exe

C:\Windows\System\xeGrXOm.exe

C:\Windows\System\xeGrXOm.exe

C:\Windows\System\lMSJqCJ.exe

C:\Windows\System\lMSJqCJ.exe

C:\Windows\System\qilcTIF.exe

C:\Windows\System\qilcTIF.exe

C:\Windows\System\CYwSTcd.exe

C:\Windows\System\CYwSTcd.exe

C:\Windows\System\NWNumEk.exe

C:\Windows\System\NWNumEk.exe

C:\Windows\System\tkRpreP.exe

C:\Windows\System\tkRpreP.exe

C:\Windows\System\WrSTOgQ.exe

C:\Windows\System\WrSTOgQ.exe

C:\Windows\System\AJMJpbH.exe

C:\Windows\System\AJMJpbH.exe

C:\Windows\System\cIGpORU.exe

C:\Windows\System\cIGpORU.exe

C:\Windows\System\OPsCXEc.exe

C:\Windows\System\OPsCXEc.exe

C:\Windows\System\NKDVABY.exe

C:\Windows\System\NKDVABY.exe

C:\Windows\System\GnptPCd.exe

C:\Windows\System\GnptPCd.exe

C:\Windows\System\NTsuhuE.exe

C:\Windows\System\NTsuhuE.exe

C:\Windows\System\qFfqTmT.exe

C:\Windows\System\qFfqTmT.exe

C:\Windows\System\dwcFxkg.exe

C:\Windows\System\dwcFxkg.exe

C:\Windows\System\DPfJlKt.exe

C:\Windows\System\DPfJlKt.exe

C:\Windows\System\yjfaXfV.exe

C:\Windows\System\yjfaXfV.exe

C:\Windows\System\dwLUmhl.exe

C:\Windows\System\dwLUmhl.exe

C:\Windows\System\yTDSUfj.exe

C:\Windows\System\yTDSUfj.exe

C:\Windows\System\BlOnYSa.exe

C:\Windows\System\BlOnYSa.exe

C:\Windows\System\hdMuqDF.exe

C:\Windows\System\hdMuqDF.exe

C:\Windows\System\cmWnqiN.exe

C:\Windows\System\cmWnqiN.exe

C:\Windows\System\BJasxxm.exe

C:\Windows\System\BJasxxm.exe

C:\Windows\System\CMTzoGT.exe

C:\Windows\System\CMTzoGT.exe

C:\Windows\System\FwOuOOi.exe

C:\Windows\System\FwOuOOi.exe

C:\Windows\System\rrgSCOH.exe

C:\Windows\System\rrgSCOH.exe

C:\Windows\System\FaMkRmy.exe

C:\Windows\System\FaMkRmy.exe

C:\Windows\System\tyXgJHC.exe

C:\Windows\System\tyXgJHC.exe

C:\Windows\System\zJkPMEI.exe

C:\Windows\System\zJkPMEI.exe

C:\Windows\System\IvwBmZE.exe

C:\Windows\System\IvwBmZE.exe

C:\Windows\System\CkBrlBr.exe

C:\Windows\System\CkBrlBr.exe

C:\Windows\System\cKwVdOf.exe

C:\Windows\System\cKwVdOf.exe

C:\Windows\System\LGHsNnE.exe

C:\Windows\System\LGHsNnE.exe

C:\Windows\System\jjDEfBS.exe

C:\Windows\System\jjDEfBS.exe

C:\Windows\System\ARHdcar.exe

C:\Windows\System\ARHdcar.exe

C:\Windows\System\BewtOjc.exe

C:\Windows\System\BewtOjc.exe

C:\Windows\System\ZknUbCl.exe

C:\Windows\System\ZknUbCl.exe

C:\Windows\System\uJBCcDp.exe

C:\Windows\System\uJBCcDp.exe

C:\Windows\System\oNOLEGn.exe

C:\Windows\System\oNOLEGn.exe

C:\Windows\System\foGzAPN.exe

C:\Windows\System\foGzAPN.exe

C:\Windows\System\fRGMAXD.exe

C:\Windows\System\fRGMAXD.exe

C:\Windows\System\dhOYBXj.exe

C:\Windows\System\dhOYBXj.exe

C:\Windows\System\xBrbhTw.exe

C:\Windows\System\xBrbhTw.exe

C:\Windows\System\swESgMe.exe

C:\Windows\System\swESgMe.exe

C:\Windows\System\jyDrwQo.exe

C:\Windows\System\jyDrwQo.exe

C:\Windows\System\PFaYbqn.exe

C:\Windows\System\PFaYbqn.exe

C:\Windows\System\VAqriaa.exe

C:\Windows\System\VAqriaa.exe

C:\Windows\System\NscEMyY.exe

C:\Windows\System\NscEMyY.exe

C:\Windows\System\uXflRup.exe

C:\Windows\System\uXflRup.exe

C:\Windows\System\emSvTVn.exe

C:\Windows\System\emSvTVn.exe

C:\Windows\System\hIRxPnc.exe

C:\Windows\System\hIRxPnc.exe

C:\Windows\System\kkKgIKA.exe

C:\Windows\System\kkKgIKA.exe

C:\Windows\System\LcHnOay.exe

C:\Windows\System\LcHnOay.exe

C:\Windows\System\xYODbry.exe

C:\Windows\System\xYODbry.exe

C:\Windows\System\vBjoUSJ.exe

C:\Windows\System\vBjoUSJ.exe

C:\Windows\System\XNsptBc.exe

C:\Windows\System\XNsptBc.exe

C:\Windows\System\TJcQIcY.exe

C:\Windows\System\TJcQIcY.exe

C:\Windows\System\joqDDQB.exe

C:\Windows\System\joqDDQB.exe

C:\Windows\System\QlQxObk.exe

C:\Windows\System\QlQxObk.exe

C:\Windows\System\kVfubmX.exe

C:\Windows\System\kVfubmX.exe

C:\Windows\System\ZJJGMzx.exe

C:\Windows\System\ZJJGMzx.exe

C:\Windows\System\qGrdjLM.exe

C:\Windows\System\qGrdjLM.exe

C:\Windows\System\elpYWof.exe

C:\Windows\System\elpYWof.exe

C:\Windows\System\rKIuSeV.exe

C:\Windows\System\rKIuSeV.exe

C:\Windows\System\GYVpqBG.exe

C:\Windows\System\GYVpqBG.exe

C:\Windows\System\lUkkqNC.exe

C:\Windows\System\lUkkqNC.exe

C:\Windows\System\senXmpW.exe

C:\Windows\System\senXmpW.exe

C:\Windows\System\adLdqLl.exe

C:\Windows\System\adLdqLl.exe

C:\Windows\System\RzKrJyh.exe

C:\Windows\System\RzKrJyh.exe

C:\Windows\System\oYNznlf.exe

C:\Windows\System\oYNznlf.exe

C:\Windows\System\OJJkkao.exe

C:\Windows\System\OJJkkao.exe

C:\Windows\System\wDhJXkx.exe

C:\Windows\System\wDhJXkx.exe

C:\Windows\System\SndikAS.exe

C:\Windows\System\SndikAS.exe

C:\Windows\System\QmlrWMy.exe

C:\Windows\System\QmlrWMy.exe

C:\Windows\System\DjmgwEx.exe

C:\Windows\System\DjmgwEx.exe

C:\Windows\System\Qawksfr.exe

C:\Windows\System\Qawksfr.exe

C:\Windows\System\xZBTMaw.exe

C:\Windows\System\xZBTMaw.exe

C:\Windows\System\HYzwWIF.exe

C:\Windows\System\HYzwWIF.exe

C:\Windows\System\iTonRsg.exe

C:\Windows\System\iTonRsg.exe

C:\Windows\System\lwWSWFc.exe

C:\Windows\System\lwWSWFc.exe

C:\Windows\System\XSDnFaX.exe

C:\Windows\System\XSDnFaX.exe

C:\Windows\System\oXvtdup.exe

C:\Windows\System\oXvtdup.exe

C:\Windows\System\PBkXpzJ.exe

C:\Windows\System\PBkXpzJ.exe

C:\Windows\System\vXznqHO.exe

C:\Windows\System\vXznqHO.exe

C:\Windows\System\DiDSqaH.exe

C:\Windows\System\DiDSqaH.exe

C:\Windows\System\WURRKnB.exe

C:\Windows\System\WURRKnB.exe

C:\Windows\System\mxaUnbB.exe

C:\Windows\System\mxaUnbB.exe

C:\Windows\System\QlOpyPV.exe

C:\Windows\System\QlOpyPV.exe

C:\Windows\System\qlMsOcP.exe

C:\Windows\System\qlMsOcP.exe

C:\Windows\System\WlTdeTZ.exe

C:\Windows\System\WlTdeTZ.exe

C:\Windows\System\jwEujxK.exe

C:\Windows\System\jwEujxK.exe

C:\Windows\System\ueGGMoj.exe

C:\Windows\System\ueGGMoj.exe

C:\Windows\System\kbqXHQd.exe

C:\Windows\System\kbqXHQd.exe

C:\Windows\System\IczhLyU.exe

C:\Windows\System\IczhLyU.exe

C:\Windows\System\QKTQZhU.exe

C:\Windows\System\QKTQZhU.exe

C:\Windows\System\GgEoJwC.exe

C:\Windows\System\GgEoJwC.exe

C:\Windows\System\uXlDbwr.exe

C:\Windows\System\uXlDbwr.exe

C:\Windows\System\yHxAvDA.exe

C:\Windows\System\yHxAvDA.exe

C:\Windows\System\qAWmkDm.exe

C:\Windows\System\qAWmkDm.exe

C:\Windows\System\pDFKCSK.exe

C:\Windows\System\pDFKCSK.exe

C:\Windows\System\pwbOxcH.exe

C:\Windows\System\pwbOxcH.exe

C:\Windows\System\sXUsmBI.exe

C:\Windows\System\sXUsmBI.exe

C:\Windows\System\HVwWmoP.exe

C:\Windows\System\HVwWmoP.exe

C:\Windows\System\kromkWK.exe

C:\Windows\System\kromkWK.exe

C:\Windows\System\RcVXTDf.exe

C:\Windows\System\RcVXTDf.exe

C:\Windows\System\fpEUCJw.exe

C:\Windows\System\fpEUCJw.exe

C:\Windows\System\QcJmAZp.exe

C:\Windows\System\QcJmAZp.exe

C:\Windows\System\YtJRngg.exe

C:\Windows\System\YtJRngg.exe

C:\Windows\System\IlNfNpi.exe

C:\Windows\System\IlNfNpi.exe

C:\Windows\System\hcbACFD.exe

C:\Windows\System\hcbACFD.exe

C:\Windows\System\DoXRoUx.exe

C:\Windows\System\DoXRoUx.exe

C:\Windows\System\WfruFBo.exe

C:\Windows\System\WfruFBo.exe

C:\Windows\System\WDGgGIT.exe

C:\Windows\System\WDGgGIT.exe

C:\Windows\System\ZQplevj.exe

C:\Windows\System\ZQplevj.exe

C:\Windows\System\WyTYVwV.exe

C:\Windows\System\WyTYVwV.exe

C:\Windows\System\peQRXji.exe

C:\Windows\System\peQRXji.exe

C:\Windows\System\xQyYqJp.exe

C:\Windows\System\xQyYqJp.exe

C:\Windows\System\psPafDS.exe

C:\Windows\System\psPafDS.exe

C:\Windows\System\GEqdeXt.exe

C:\Windows\System\GEqdeXt.exe

C:\Windows\System\OclzhMd.exe

C:\Windows\System\OclzhMd.exe

C:\Windows\System\MDDdxrW.exe

C:\Windows\System\MDDdxrW.exe

C:\Windows\System\rjqGlay.exe

C:\Windows\System\rjqGlay.exe

C:\Windows\System\PkiTnRE.exe

C:\Windows\System\PkiTnRE.exe

C:\Windows\System\nuYweOs.exe

C:\Windows\System\nuYweOs.exe

C:\Windows\System\MAUNqMg.exe

C:\Windows\System\MAUNqMg.exe

C:\Windows\System\qjjzZlm.exe

C:\Windows\System\qjjzZlm.exe

C:\Windows\System\RwwIFuu.exe

C:\Windows\System\RwwIFuu.exe

C:\Windows\System\pAQGSIp.exe

C:\Windows\System\pAQGSIp.exe

C:\Windows\System\jmyJUNV.exe

C:\Windows\System\jmyJUNV.exe

C:\Windows\System\ayyBWrY.exe

C:\Windows\System\ayyBWrY.exe

C:\Windows\System\HciOroC.exe

C:\Windows\System\HciOroC.exe

C:\Windows\System\TDAJCMs.exe

C:\Windows\System\TDAJCMs.exe

C:\Windows\System\sKtWnEL.exe

C:\Windows\System\sKtWnEL.exe

C:\Windows\System\kHvBdmB.exe

C:\Windows\System\kHvBdmB.exe

C:\Windows\System\wsvFfIp.exe

C:\Windows\System\wsvFfIp.exe

C:\Windows\System\uXWztAo.exe

C:\Windows\System\uXWztAo.exe

C:\Windows\System\QdpHFxg.exe

C:\Windows\System\QdpHFxg.exe

C:\Windows\System\felWpdl.exe

C:\Windows\System\felWpdl.exe

C:\Windows\System\AkjvBFW.exe

C:\Windows\System\AkjvBFW.exe

C:\Windows\System\pJzniuR.exe

C:\Windows\System\pJzniuR.exe

C:\Windows\System\yporYed.exe

C:\Windows\System\yporYed.exe

C:\Windows\System\YikSrsC.exe

C:\Windows\System\YikSrsC.exe

C:\Windows\System\NTfcuPZ.exe

C:\Windows\System\NTfcuPZ.exe

C:\Windows\System\FyZaDYt.exe

C:\Windows\System\FyZaDYt.exe

C:\Windows\System\MsAKJWV.exe

C:\Windows\System\MsAKJWV.exe

C:\Windows\System\CUBoEju.exe

C:\Windows\System\CUBoEju.exe

C:\Windows\System\tezcLpv.exe

C:\Windows\System\tezcLpv.exe

C:\Windows\System\YdJLbMR.exe

C:\Windows\System\YdJLbMR.exe

C:\Windows\System\UZCpicf.exe

C:\Windows\System\UZCpicf.exe

C:\Windows\System\rClJJyA.exe

C:\Windows\System\rClJJyA.exe

C:\Windows\System\gmsqwIx.exe

C:\Windows\System\gmsqwIx.exe

C:\Windows\System\cREqMbk.exe

C:\Windows\System\cREqMbk.exe

C:\Windows\System\ILfbQYy.exe

C:\Windows\System\ILfbQYy.exe

C:\Windows\System\LxUixnR.exe

C:\Windows\System\LxUixnR.exe

C:\Windows\System\wwpcXzO.exe

C:\Windows\System\wwpcXzO.exe

C:\Windows\System\TsKgFbX.exe

C:\Windows\System\TsKgFbX.exe

C:\Windows\System\ArHuvfu.exe

C:\Windows\System\ArHuvfu.exe

C:\Windows\System\dukZRZX.exe

C:\Windows\System\dukZRZX.exe

C:\Windows\System\RCHECoZ.exe

C:\Windows\System\RCHECoZ.exe

C:\Windows\System\PFvBeli.exe

C:\Windows\System\PFvBeli.exe

C:\Windows\System\ZfUbcvm.exe

C:\Windows\System\ZfUbcvm.exe

C:\Windows\System\KALXHJu.exe

C:\Windows\System\KALXHJu.exe

C:\Windows\System\dWSgeXv.exe

C:\Windows\System\dWSgeXv.exe

C:\Windows\System\SgmxYLT.exe

C:\Windows\System\SgmxYLT.exe

C:\Windows\System\StGKYtG.exe

C:\Windows\System\StGKYtG.exe

C:\Windows\System\xUAGTFO.exe

C:\Windows\System\xUAGTFO.exe

C:\Windows\System\JoREBSB.exe

C:\Windows\System\JoREBSB.exe

C:\Windows\System\HQOLgMr.exe

C:\Windows\System\HQOLgMr.exe

C:\Windows\System\LCCWAEu.exe

C:\Windows\System\LCCWAEu.exe

C:\Windows\System\ISKuwnK.exe

C:\Windows\System\ISKuwnK.exe

C:\Windows\System\gPkuMxh.exe

C:\Windows\System\gPkuMxh.exe

C:\Windows\System\nOjphZt.exe

C:\Windows\System\nOjphZt.exe

C:\Windows\System\POVHbPK.exe

C:\Windows\System\POVHbPK.exe

C:\Windows\System\mGghdZG.exe

C:\Windows\System\mGghdZG.exe

C:\Windows\System\ABnpHpB.exe

C:\Windows\System\ABnpHpB.exe

C:\Windows\System\NUATyLN.exe

C:\Windows\System\NUATyLN.exe

C:\Windows\System\JTZSuQE.exe

C:\Windows\System\JTZSuQE.exe

C:\Windows\System\KojJJwJ.exe

C:\Windows\System\KojJJwJ.exe

C:\Windows\System\LrTYgTk.exe

C:\Windows\System\LrTYgTk.exe

C:\Windows\System\HIrgxWm.exe

C:\Windows\System\HIrgxWm.exe

C:\Windows\System\hSPcxUl.exe

C:\Windows\System\hSPcxUl.exe

C:\Windows\System\NvySAdU.exe

C:\Windows\System\NvySAdU.exe

C:\Windows\System\ooEkzge.exe

C:\Windows\System\ooEkzge.exe

C:\Windows\System\CkgPqOX.exe

C:\Windows\System\CkgPqOX.exe

C:\Windows\System\ZkHHYQH.exe

C:\Windows\System\ZkHHYQH.exe

C:\Windows\System\hDdviks.exe

C:\Windows\System\hDdviks.exe

C:\Windows\System\LeWGSRv.exe

C:\Windows\System\LeWGSRv.exe

C:\Windows\System\fevfGIv.exe

C:\Windows\System\fevfGIv.exe

C:\Windows\System\IAfwnJE.exe

C:\Windows\System\IAfwnJE.exe

C:\Windows\System\rsZqAdj.exe

C:\Windows\System\rsZqAdj.exe

C:\Windows\System\TImbcnq.exe

C:\Windows\System\TImbcnq.exe

C:\Windows\System\lPqFLhV.exe

C:\Windows\System\lPqFLhV.exe

C:\Windows\System\UssNAzz.exe

C:\Windows\System\UssNAzz.exe

C:\Windows\System\SyjtWlb.exe

C:\Windows\System\SyjtWlb.exe

C:\Windows\System\xzDvGsl.exe

C:\Windows\System\xzDvGsl.exe

C:\Windows\System\jYauhyi.exe

C:\Windows\System\jYauhyi.exe

C:\Windows\System\MCEDSJf.exe

C:\Windows\System\MCEDSJf.exe

C:\Windows\System\YTNQFIm.exe

C:\Windows\System\YTNQFIm.exe

C:\Windows\System\otkghKv.exe

C:\Windows\System\otkghKv.exe

C:\Windows\System\XJFInEc.exe

C:\Windows\System\XJFInEc.exe

C:\Windows\System\PffpXHY.exe

C:\Windows\System\PffpXHY.exe

C:\Windows\System\hcAcRRO.exe

C:\Windows\System\hcAcRRO.exe

C:\Windows\System\WpdHZYe.exe

C:\Windows\System\WpdHZYe.exe

C:\Windows\System\KbkLbqh.exe

C:\Windows\System\KbkLbqh.exe

C:\Windows\System\mrGCrJA.exe

C:\Windows\System\mrGCrJA.exe

C:\Windows\System\eMvpyFX.exe

C:\Windows\System\eMvpyFX.exe

C:\Windows\System\addDvyU.exe

C:\Windows\System\addDvyU.exe

C:\Windows\System\juakNui.exe

C:\Windows\System\juakNui.exe

C:\Windows\System\hiSNgFm.exe

C:\Windows\System\hiSNgFm.exe

C:\Windows\System\uOHNvIQ.exe

C:\Windows\System\uOHNvIQ.exe

C:\Windows\System\CgbzopA.exe

C:\Windows\System\CgbzopA.exe

C:\Windows\System\afcMZQj.exe

C:\Windows\System\afcMZQj.exe

C:\Windows\System\fSzipjD.exe

C:\Windows\System\fSzipjD.exe

C:\Windows\System\dTSpVny.exe

C:\Windows\System\dTSpVny.exe

C:\Windows\System\ViyWShT.exe

C:\Windows\System\ViyWShT.exe

C:\Windows\System\BiJhurN.exe

C:\Windows\System\BiJhurN.exe

C:\Windows\System\lYIjUCs.exe

C:\Windows\System\lYIjUCs.exe

C:\Windows\System\KOVDBjB.exe

C:\Windows\System\KOVDBjB.exe

C:\Windows\System\uJbglyk.exe

C:\Windows\System\uJbglyk.exe

C:\Windows\System\Bbrbwoy.exe

C:\Windows\System\Bbrbwoy.exe

C:\Windows\System\FMDDOqF.exe

C:\Windows\System\FMDDOqF.exe

C:\Windows\System\NDKjaSt.exe

C:\Windows\System\NDKjaSt.exe

C:\Windows\System\kDHOHXU.exe

C:\Windows\System\kDHOHXU.exe

C:\Windows\System\yHNBmnu.exe

C:\Windows\System\yHNBmnu.exe

C:\Windows\System\cPVzzQr.exe

C:\Windows\System\cPVzzQr.exe

C:\Windows\System\ZWPAkDa.exe

C:\Windows\System\ZWPAkDa.exe

C:\Windows\System\nBHCGok.exe

C:\Windows\System\nBHCGok.exe

C:\Windows\System\SNNQDCX.exe

C:\Windows\System\SNNQDCX.exe

C:\Windows\System\RcVhCXO.exe

C:\Windows\System\RcVhCXO.exe

C:\Windows\System\reJJiOP.exe

C:\Windows\System\reJJiOP.exe

C:\Windows\System\wDuscQn.exe

C:\Windows\System\wDuscQn.exe

C:\Windows\System\EnfTsmK.exe

C:\Windows\System\EnfTsmK.exe

C:\Windows\System\yQQWAnl.exe

C:\Windows\System\yQQWAnl.exe

C:\Windows\System\aMWzhRV.exe

C:\Windows\System\aMWzhRV.exe

C:\Windows\System\PdNWvuE.exe

C:\Windows\System\PdNWvuE.exe

C:\Windows\System\KGHFVkB.exe

C:\Windows\System\KGHFVkB.exe

C:\Windows\System\goNRoAH.exe

C:\Windows\System\goNRoAH.exe

C:\Windows\System\sUbnBUg.exe

C:\Windows\System\sUbnBUg.exe

C:\Windows\System\GnPcuuG.exe

C:\Windows\System\GnPcuuG.exe

C:\Windows\System\mPxTERv.exe

C:\Windows\System\mPxTERv.exe

C:\Windows\System\cLiSrJF.exe

C:\Windows\System\cLiSrJF.exe

C:\Windows\System\pBYUNoA.exe

C:\Windows\System\pBYUNoA.exe

C:\Windows\System\pELcCTH.exe

C:\Windows\System\pELcCTH.exe

C:\Windows\System\tGfTIWG.exe

C:\Windows\System\tGfTIWG.exe

C:\Windows\System\jWYaZSq.exe

C:\Windows\System\jWYaZSq.exe

C:\Windows\System\BOhegFO.exe

C:\Windows\System\BOhegFO.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1712-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\OfqnZSJ.exe

MD5 388b2c61476d02e39c0b191e88dd8bd0
SHA1 931a83136bc3477954cd8301068f011b32e0d09e
SHA256 319dad9674c85d1f23c7a4b72c7fe068e5641383dd7fd55ff5c14f1c81c1c0d6
SHA512 e1eb61d8fe442a201ec2495913990c884567d8074e474b2d153c04bd3e1b80b0e49461999278a13f39a2a2d0dffe272629a44135294e629ff1b3c5d1b4a5c02e

memory/1712-6-0x000000013F630000-0x000000013F984000-memory.dmp

\Windows\system\nPZcXid.exe

MD5 c34929cb1f13dd6f8237b347393f560a
SHA1 b0280a58ee8a6b8a7609e3ac3af6e54bac5c1003
SHA256 f46b11f44f30f31e44fdf3d1d2c497374f96b0ba3ad7b1b72ea6f88d38d568bc
SHA512 ba91aec991e0bdf5331b60efa59103d7dd90f205af66821bd755d2db56dd8e7597df1b5eacc8b55ed135eac7e868b1da584d8144e820ef98f7bff5379a9981d5

memory/1712-14-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2012-12-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2680-15-0x000000013FF00000-0x0000000140254000-memory.dmp

C:\Windows\system\mejaEpz.exe

MD5 b64a19ff5b601c190f279cc5ae8f5f17
SHA1 7fe06163f8ee5f7ed82b2bc74434b83d50a17f7a
SHA256 d3d146e4b0df762128f141be9db7a7525e7eba265be59f3965fcf22c9a42dbf2
SHA512 14e283ef8362df61204df759fd343f323d72196403a8d970ba3b12d7d84ba5d32f2ef68e06a0693d5c3dad4a66c8031177d7e11efa1beb8de6911fc2e9115f18

memory/2632-22-0x000000013F940000-0x000000013FC94000-memory.dmp

C:\Windows\system\SgPYbUL.exe

MD5 858bcac58a5489f83c8444d40b4860f7
SHA1 60f06d1b60f5b12c30d419da55b991c16459d1ae
SHA256 a199aa95949be20d820aedf4f7ae05c7baf5cd4b05c541a819267c6257bc3ee5
SHA512 5c0fe5fc0f7da35ab62b6ee3be6da82a8900631559f070f02f71461e60bf3a193b254a1a9ac9f5fad6652d0fae1ebfe13875dd84a79de5782f6e88cfa9120536

memory/1712-20-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\WgHTCHR.exe

MD5 144ba8f4aef797be77298a4dd5a2262d
SHA1 5787e695b13483b2a37f0adf0df280af5272af9a
SHA256 c70490c461ff6afe2e422c249cd3f1e70ceb6dcc2d9eb7316e6cdbcfb2082223
SHA512 c0d80ae45a86f26cb40bcd934ec33f07be6393dd4fc92085e917a7c99ca4c9ea8982617c483127a3c111bb3ca603657d6bc55678df29a96c6a547c97f2a09356

memory/2600-36-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2744-29-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1712-27-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1712-34-0x000000013F0D0000-0x000000013F424000-memory.dmp

C:\Windows\system\DPTLfrF.exe

MD5 05fb42a83e95c945768b3b494de25c87
SHA1 b29906c01559769767a0dae7be9d349a16c6304d
SHA256 1df872a70cfb448fbdb11d0a64da53ad18045645cb13b3d6a9528da81f2c603e
SHA512 dac39e615ad81c887534a596fe96ff28f6bf44142abb3f721c681af9e70bd7ac3fa8dffbd3e9ad9fb47cf941c128eb3a808e2d391da49c743419fe6cb4981d59

memory/2684-41-0x000000013FA70000-0x000000013FDC4000-memory.dmp

C:\Windows\system\whtshSK.exe

MD5 1c26ee9e485c4e24c32c50f05103f3f9
SHA1 6143852678280d25a044566c4bd5dde11c50eca6
SHA256 ca586159905730b06c0e2f06542d02da3bf43e29d5b5222287ffbc9e0399cc4d
SHA512 7546e583d8dc647f2dfa4541ba864d903c8019f1bde6fe99c1e52e0dd94cbd79fb61cee0962dee24f17dd5173a57bc5cb17cf4f7c5716c3e0a2c1f55e73bf70b

C:\Windows\system\HYfviGT.exe

MD5 9be395cb0189eeccd35067349310daa3
SHA1 c4e36ecdc24f481677308d22bcad6ed44071c0e7
SHA256 7d8b66019a32b09ff154c55f8ff03efe77aff271a5c2a70ee5bdbcf112305af9
SHA512 7bcd22322d9740e24fbd34cef81c97a09ba7b4a3d358772d331324f1053fc4691a2a051dfb6340d779cf159c98b8e57ad5de7919cd790147e79344c932634e9a

C:\Windows\system\KkfeeZu.exe

MD5 30409ec89204e3a53bd9d2bb02acf50f
SHA1 a2250f25ce2f5639634edb1ea4f1d05d928a89ea
SHA256 2c35de88b42e4569c96bb2a84e1bf84e88125b08e0d2aae4c527f379174d7bc6
SHA512 42a3a56f4fda3a2a1fcae7cc2a39f7322d9304dfa3b5572c6993addaacf7b7ba69ab426fb929f3f59f8b29495335fbdd496c68718dfd3ca965bd567f8c217ca6

memory/2744-105-0x000000013F120000-0x000000013F474000-memory.dmp

C:\Windows\system\cznQUhB.exe

MD5 fd44b1cf5387e9ed742c7b6570bd1110
SHA1 583383035a34865fe39510e42eb941c3f7df10a1
SHA256 09510a0fef3a341b6fbdc63667b94704db578d9d8a223fab655a43d2ec2ee8d8
SHA512 a801ed272b335cb38f4eea8c652ff4ca46145218bc60f8d5e77f35ed6d116bd05e19f52581a21087037a9859622077346c15d2ab63e41bb6a9fc672ea70a2390

C:\Windows\system\ivIJoIg.exe

MD5 9145d11d5fb2c37e75a6e2f977c74198
SHA1 24222989242d185bdc6a66fa88bab266002b9b43
SHA256 aa405615baa49b58b39f1fcd565a9819d897eaed54424621840fa46b48b41a68
SHA512 ca16999425a5bc8a9645f0b9a52c8a2a94c4feed9a9330ad01fdefac08001ddbddfe389d12a57a9e8c4208732b871977864018bf153c23fcfd878a30151c2404

C:\Windows\system\JkclLJd.exe

MD5 9e74914bacf8a761d007a693e12461b3
SHA1 021018c2f8bc60513b6eeb2f28c506d88e4fef55
SHA256 f5708273a3f7c76be1fee8facca81a15eb8e9e24a19f589240e7e750d9ced6a2
SHA512 5915d9a2adc0355b2b166b0399468629dc69c4029ebcbda9b59f68e69382a29de0f0bbb59ef498cee80829090c4c4728a63a36c43b5c2f15f32b63e9ad546d8c

memory/2600-741-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2684-1067-0x000000013FA70000-0x000000013FDC4000-memory.dmp

C:\Windows\system\vpLakzr.exe

MD5 98b744b53d440a90ddf4d113b59ed57d
SHA1 5eaa677b2165a8e8711dbc87513ee4a9d65f684e
SHA256 f3c4562a1e5c0e219a6b955434f5b622f551dda85ae074ed03c47ec7fb3eded1
SHA512 f49b08ec18eda666d38cffbe50be25ad05e8ebba246a564c5ff83c0f5ad4be8d426f3a3a1cccb346161398e2f5546b8b8595ca126ef6ce47530ebc334560ff41

C:\Windows\system\VGYlfeb.exe

MD5 39e70b22dc0ea0f07b485ebe8656b74b
SHA1 38c8937f61b596d5583ea1cc37691d80df6808c6
SHA256 45e898fb46ddf564ba066eac3bc12c332d83dc6ca1d680712bfd5f75b03487a5
SHA512 858dee6ecf992cef06c5f31d20c4aa9d1737c770723cb184759e5efd61dbe021d920b637decb6c0298ec280179fd882719ebf4945ac8f852feba9f874d057dd1

C:\Windows\system\PWYvumt.exe

MD5 fc015436ff51718f8826589ad7b4e72f
SHA1 d4f8b21964da9b7decd99d62c9380c5e2175acf3
SHA256 2c170fb15f61809c4460786ef81980a00d37795e35c535f349147a2b1b770d6d
SHA512 59cf5a25d1a195f7ae11222e9bcc1305470b2be32b78eeca31135f1b1b8f07fbf969d752336a98c8c2870d11a306a9975228fd0587cf3cc1501dfba0db0cab34

C:\Windows\system\EMkzXPZ.exe

MD5 e28f434856331a42770feca3cebd8640
SHA1 9a1edbeaa250ba8a78ec03a2994e4456f6514d00
SHA256 0617102baabee92ac8797f95e4bfa010771f3db398e94c9ff5fc6c69199b8081
SHA512 742f5fd0fdeeb380fa219ddeff775a1b5985a818a4a34ac5b14e11fae6c6a4594c3a777bf2f2643d2437efb70eaaaeee7313a30e0d9f56db9d8703552ed0b4f8

C:\Windows\system\mhYeacY.exe

MD5 a78b7cd1c2be2a6c27dd346b85434c5f
SHA1 30052991087cd2d4541d64e5858cbc51a1a64158
SHA256 9734295e00f1bd9b8b82b1f2e79bccbe7967c4e2d2d053b9631ac85290f708d0
SHA512 a788fdb693e9db227115faef0bae292c1b9b2e487b795d0c093710a5a9e3a5119958671e2872e7d074c75924f64732843361eeb336a96c3487ce768262204ace

C:\Windows\system\OLArFvO.exe

MD5 00a97f443834f9e5011296d8f9eb5493
SHA1 a3822ce3203175bd26e03dd189ce36efea4214cd
SHA256 92e357a2074a5a5043c656c2f5308f2fadc8ba01d2c18519adb643365f0ceb4a
SHA512 d5eda1bb3be4292ea73f67e222c18489f3c8e99aaa75799dd408cee8c687b140a879bc573eddbf73fc24d79ea92913aa02a7ae1cce44ee022fa3b5f0c78efc3f

C:\Windows\system\nSHdYay.exe

MD5 ac459c9fd226a593b1d2e964b34a9912
SHA1 c9ad55865e4505d783a0677bd88a53715cf6c8d3
SHA256 dc0429ac02134ac9dcd6df1fa192ad15aa7302a5d05d597db1625f0a7689295a
SHA512 177e13ba096c6d1e506f27461195eeb95252398eba6cfaeadfae052b11aa0a79da115f8c0a9c60132c3a72bfe9979e442a5407c8a274b9b24fbab3a51a009ff4

C:\Windows\system\OcHUfye.exe

MD5 ca174d0571f1281fa229646dd6824d0c
SHA1 d9826795ba6e3aead58e55317f07c2e25567faf5
SHA256 75d63bd95a35b1926c5a38ce1e76bfbab3df4b23965290b6c36329960c013667
SHA512 4d82baba67cb7be8dfae9431db07046e9a39f8d84302ca005ab0f351e94a4fd9c12ebd399349283f00d2f6ea186da1f46a77b08234cc6a4944246b569067ccfa

C:\Windows\system\DHsdcRo.exe

MD5 9b2089b6f520835fd666725f7ea18f2f
SHA1 b9b8738a7494dcc007f655005a8e54d437004e41
SHA256 662b4d45717cb73f3bf63c9094a2f0a3307d03cf91a4780de5299f4bce60226f
SHA512 e96d92ea9fa60c374ac29d9023a1907b78e1d8c0035aa299f073985c4efc75ba34f0108fa003bcfd44d7ae14c8d23e21bbaca9f1e4a0a0160d3a545b8ff6328c

C:\Windows\system\GrmQehP.exe

MD5 8e81e0d6582899b19c46c5670568aab9
SHA1 aa9437c1ef30c4262449ea692161a68f5ac2c098
SHA256 37e3a5149cc4e42fac91bc03024b8082ee6d599e596772349e77c032e357077d
SHA512 7ff62b598e2dc90073f792278e99540a77b56c4d395d133abdd9ffc7e68268854701117032f580c33734b2f9c7a4031797a5d85bcdf15945ec2e9cfd655324e0

C:\Windows\system\ArIeehc.exe

MD5 a607c102139665aef4ede39169b156cc
SHA1 c06d675adfa3e63bbabae0c85aa72dca8e242522
SHA256 af6e2a0c9cd29688201932cba8f0492fbe924a94c4a645f5d2f6ddd46dc5136a
SHA512 d40fd236f447ba55c03b9af600750fb07a225b0ff383c0ccfcc9e5ed6ec22a4736be7c6c4756e48aa3e350a1f5a33bca9b11cbbaa6ba8320e730f56c24a2f7de

C:\Windows\system\qitHbnw.exe

MD5 cf42a854c6f0e345c044f2eb682c609f
SHA1 be36c31101c84c519683594117ecbf8e513e9cd2
SHA256 a6a35f786d40d68b454f17bc292ab118724b8645649c8f02a81b2b6f07883af5
SHA512 5c6d426ea45b76188a30fca87176901bd5c7e3d3386dd16a4c9d2c0676a25b2cd5add694f04ef2a6d597b20e58310bb6780ead5800495813699412a67217689f

C:\Windows\system\MlaNOUx.exe

MD5 fa1fe8d35aa70465b2d9b1724996e088
SHA1 14cb9985875a420c1daef3f67ee29a67829b6318
SHA256 39fa4be5588c0b4c2a3e25bc4fa7d4080e4d74b111ddda9d0962cf3bb7c57b34
SHA512 191949c129c87da3df5724b458d4a13564467d95dc0734cd66a0ee37af66a2271dce6f0171bd337935b658aa5ee81afd5a4b2cddd79f71fc04eadd8e417a887b

C:\Windows\system\kDThNJx.exe

MD5 113a74df30da50c299a46908f7a7948b
SHA1 d2b38bb5abba18e44112d854462a78838ce6b9f0
SHA256 4ff407b79290b460b626e46f5c439863dfdd4d0bd91e70f4dc86c28d7c7ed33e
SHA512 7bdda9a1b679c0b5a818e31a86d72b88666e085992e86edfdf34091720418d2a760c658094dd96ff8bd8c9abd783c65cdaa829c185c458b970213ea991fd0673

memory/1712-106-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/2836-96-0x000000013F720000-0x000000013FA74000-memory.dmp

C:\Windows\system\NgIzFgs.exe

MD5 43f046d8d1eb1a479075b15535e09c90
SHA1 ec8db06c06e4da9d4e09cdeb5ad1210e3bd7c6aa
SHA256 73d1a8e0a11435e25cfb1444d7d3cc960f24f01e334ca2224a5b5b0ce0364d2b
SHA512 dd2b8e48d241ec90ee4ea772c9cb88853b440721648cee793b7924eebe7ea8ba6ad4a064829e3b98900b97f9828f981c67cb09629944adf58f32877a4c82def1

memory/1712-91-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1712-90-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2800-89-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1712-88-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2000-79-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1712-78-0x000000013F630000-0x000000013F984000-memory.dmp

C:\Windows\system\SxnSfvS.exe

MD5 2e72ab7c6c27f966b84984fd10b38bf4
SHA1 1bb4085dc067b43ee8ab30264d34a311ec3832a3
SHA256 0082a2e12f482329889e8ee68665d5286809ddea8e1b210bef4f98cdbfbafccf
SHA512 965da7fe02a775ab9cfef1f773eb34ea6fdc4d9f4f8de03dfca74ef868f297cd3f7c3b64aac8461a0d536750747e08981f09d4db11f189311e1133a5520facaa

memory/2760-57-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2548-73-0x000000013F650000-0x000000013F9A4000-memory.dmp

\Windows\system\tVCGOva.exe

MD5 ac57c45753955c2b272c35a663935b6f
SHA1 ee80ad3ec70a4e850961e54f113b776f0fbe9e39
SHA256 7057cb52a07c7926279eeb71db3119212ea63d6925d9ef94f6700610fb54fdea
SHA512 fa666719b199e1d0d6f88f42db3e9f305a592342b838d112968c389a9f5fa84423e08538474501f8bab2174f8edc64527ad523aeba46ef62f54b663a79725b37

memory/2664-71-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1712-70-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2508-67-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/1712-65-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/2808-64-0x000000013F200000-0x000000013F554000-memory.dmp

C:\Windows\system\qBfjRPA.exe

MD5 0dd5438cc625be04c5c7aa1973aeff89
SHA1 ce663870bb6648ddb321c849dcde3ebd8e4d8d5f
SHA256 850921b44d98fdb4324092781822c972da84b99e3bbe58ee27cb366baf99546a
SHA512 6b2360eaff6cd88c5eb27b7bd14638843ffc080e9c1c22e2f01b64436ff87ca86901f855c3176deb0bcfcb82f39e0fbaac75502676e905c80509276237d1f71a

C:\Windows\system\ebzbBCf.exe

MD5 0dea86c2fab155ca2a66347106f10ee2
SHA1 de604467f567b2b58e2961e11e746d2797771294
SHA256 8c570c487b840cd2ea4579b42e3a804dfdf086bcea3590e903cbc86371ca5577
SHA512 360863488548d9bf2f3e58a5655236ee99cc092aa5b9a5e83679f3f9b807693c64cee1f1ef2b1abf89fdbdabbd7aeb79a811322ea34d9afb90937502d4a4b290

C:\Windows\system\IRFGCba.exe

MD5 feb01aea7c0fb975136cf0ce41b0021f
SHA1 a4e90f250abceaac342b652a88fea5f1076531d8
SHA256 1ef75ae130760b19907c139c79b68e106ad1a53eae88f6361cb9faafbd4a4a0a
SHA512 13a329b2071e432e743981a973acfab1e06172c47379aa7c078220c860cab260c9aa8eca1049efafd82462745da27da2717e4d4edce8242a85c8be692345debf

memory/2808-1068-0x000000013F200000-0x000000013F554000-memory.dmp

memory/1712-1069-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/1712-1070-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1712-1071-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2548-1072-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2000-1073-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1712-1074-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1712-1075-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1712-1076-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/2012-1077-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2680-1078-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2632-1079-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2744-1080-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2600-1081-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2760-1082-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2684-1083-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2508-1084-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/2664-1085-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2808-1086-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2548-1087-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2800-1089-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2000-1088-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2836-1090-0x000000013F720000-0x000000013FA74000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 21:10

Reported

2024-05-31 21:13

Platform

win10v2004-20240426-en

Max time kernel

143s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YdGdVme.exe N/A
N/A N/A C:\Windows\System\oQFkdbw.exe N/A
N/A N/A C:\Windows\System\eGUPvVQ.exe N/A
N/A N/A C:\Windows\System\AoIMmHc.exe N/A
N/A N/A C:\Windows\System\HIKvrYx.exe N/A
N/A N/A C:\Windows\System\lYuiADC.exe N/A
N/A N/A C:\Windows\System\mIxDeou.exe N/A
N/A N/A C:\Windows\System\ALJgghe.exe N/A
N/A N/A C:\Windows\System\cYicuMc.exe N/A
N/A N/A C:\Windows\System\tFCoiHJ.exe N/A
N/A N/A C:\Windows\System\FtXynkk.exe N/A
N/A N/A C:\Windows\System\zrSKixa.exe N/A
N/A N/A C:\Windows\System\dXrJvMk.exe N/A
N/A N/A C:\Windows\System\uEgngWr.exe N/A
N/A N/A C:\Windows\System\zUlOYJq.exe N/A
N/A N/A C:\Windows\System\TmlBrDy.exe N/A
N/A N/A C:\Windows\System\KvAWcfv.exe N/A
N/A N/A C:\Windows\System\sgwdLwB.exe N/A
N/A N/A C:\Windows\System\xXmtGrD.exe N/A
N/A N/A C:\Windows\System\wcpOSHv.exe N/A
N/A N/A C:\Windows\System\ogBZtOW.exe N/A
N/A N/A C:\Windows\System\yQggGTW.exe N/A
N/A N/A C:\Windows\System\UjpHtkm.exe N/A
N/A N/A C:\Windows\System\HVuvwCQ.exe N/A
N/A N/A C:\Windows\System\XyXDNoQ.exe N/A
N/A N/A C:\Windows\System\UBPaEOc.exe N/A
N/A N/A C:\Windows\System\PMLInWJ.exe N/A
N/A N/A C:\Windows\System\NPRpxbw.exe N/A
N/A N/A C:\Windows\System\goorlGF.exe N/A
N/A N/A C:\Windows\System\LOCPpGf.exe N/A
N/A N/A C:\Windows\System\HBaALBL.exe N/A
N/A N/A C:\Windows\System\hVggIch.exe N/A
N/A N/A C:\Windows\System\IEiALUq.exe N/A
N/A N/A C:\Windows\System\AYVtbty.exe N/A
N/A N/A C:\Windows\System\YeHVMZW.exe N/A
N/A N/A C:\Windows\System\XSgIDqe.exe N/A
N/A N/A C:\Windows\System\ZLkXdhq.exe N/A
N/A N/A C:\Windows\System\fPqrAlw.exe N/A
N/A N/A C:\Windows\System\yauafLl.exe N/A
N/A N/A C:\Windows\System\NvoWtRz.exe N/A
N/A N/A C:\Windows\System\fQrhFvZ.exe N/A
N/A N/A C:\Windows\System\dfluIeH.exe N/A
N/A N/A C:\Windows\System\uIYLafJ.exe N/A
N/A N/A C:\Windows\System\xpjFIdS.exe N/A
N/A N/A C:\Windows\System\YGvrSSx.exe N/A
N/A N/A C:\Windows\System\FOWuaAm.exe N/A
N/A N/A C:\Windows\System\QlpyzYP.exe N/A
N/A N/A C:\Windows\System\SiacOGu.exe N/A
N/A N/A C:\Windows\System\ZqknZxC.exe N/A
N/A N/A C:\Windows\System\SLCbjEf.exe N/A
N/A N/A C:\Windows\System\efxweUr.exe N/A
N/A N/A C:\Windows\System\bPRIbxh.exe N/A
N/A N/A C:\Windows\System\WBoQoZu.exe N/A
N/A N/A C:\Windows\System\oKIsRMj.exe N/A
N/A N/A C:\Windows\System\tyhmPLa.exe N/A
N/A N/A C:\Windows\System\TlvOQke.exe N/A
N/A N/A C:\Windows\System\xAoeDWA.exe N/A
N/A N/A C:\Windows\System\ELivSmw.exe N/A
N/A N/A C:\Windows\System\wkUXaab.exe N/A
N/A N/A C:\Windows\System\ukbirVr.exe N/A
N/A N/A C:\Windows\System\OjGxUXn.exe N/A
N/A N/A C:\Windows\System\LcqxdYf.exe N/A
N/A N/A C:\Windows\System\KhSbhLi.exe N/A
N/A N/A C:\Windows\System\wUtqocQ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xioOHXE.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlwylaT.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtXynkk.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOCPpGf.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKundVP.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\azPjHgW.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AzJWXAm.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qdUnhnX.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fOLJUuO.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuqitmc.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpsAlLF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccJXmEV.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQNpZzC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGUPvVQ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiacOGu.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aCYNChF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJKkQOA.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRajTKS.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DKmGfOj.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VSQavxh.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgwdLwB.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPRIbxh.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzjvPRC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwIbeQC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mCkNxmk.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JxosDjv.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfblpdp.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHAjGLY.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjGxUXn.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHIFKil.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FrrKnmy.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nySJmbx.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQFkdbw.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mIxDeou.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\goorlGF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGuNhEq.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImrUBGM.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOzkZFB.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bXIQghE.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBaALBL.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QQZBCqw.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBPaEOc.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzYtCNk.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WamleJj.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qWsIqMh.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJGVpux.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtiNENn.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOTaQTS.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzmMlnC.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVvwsHJ.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYVtbty.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNysfJS.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmGVAuK.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptqjSon.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AoIMmHc.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zrSKixa.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMlyVgE.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjmCezn.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JumqFyT.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGzljhe.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSZIVlN.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOpnqNF.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtkcEpU.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUlOYJq.exe C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4280 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\YdGdVme.exe
PID 4280 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\YdGdVme.exe
PID 4280 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\oQFkdbw.exe
PID 4280 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\oQFkdbw.exe
PID 4280 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\eGUPvVQ.exe
PID 4280 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\eGUPvVQ.exe
PID 4280 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\AoIMmHc.exe
PID 4280 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\AoIMmHc.exe
PID 4280 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HIKvrYx.exe
PID 4280 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HIKvrYx.exe
PID 4280 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\lYuiADC.exe
PID 4280 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\lYuiADC.exe
PID 4280 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\mIxDeou.exe
PID 4280 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\mIxDeou.exe
PID 4280 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ALJgghe.exe
PID 4280 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ALJgghe.exe
PID 4280 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\cYicuMc.exe
PID 4280 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\cYicuMc.exe
PID 4280 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\tFCoiHJ.exe
PID 4280 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\tFCoiHJ.exe
PID 4280 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\FtXynkk.exe
PID 4280 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\FtXynkk.exe
PID 4280 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\zrSKixa.exe
PID 4280 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\zrSKixa.exe
PID 4280 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\dXrJvMk.exe
PID 4280 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\dXrJvMk.exe
PID 4280 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\uEgngWr.exe
PID 4280 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\uEgngWr.exe
PID 4280 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\zUlOYJq.exe
PID 4280 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\zUlOYJq.exe
PID 4280 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\TmlBrDy.exe
PID 4280 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\TmlBrDy.exe
PID 4280 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\KvAWcfv.exe
PID 4280 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\KvAWcfv.exe
PID 4280 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\sgwdLwB.exe
PID 4280 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\sgwdLwB.exe
PID 4280 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\xXmtGrD.exe
PID 4280 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\xXmtGrD.exe
PID 4280 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\wcpOSHv.exe
PID 4280 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\wcpOSHv.exe
PID 4280 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ogBZtOW.exe
PID 4280 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\ogBZtOW.exe
PID 4280 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\yQggGTW.exe
PID 4280 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\yQggGTW.exe
PID 4280 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\UjpHtkm.exe
PID 4280 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\UjpHtkm.exe
PID 4280 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HVuvwCQ.exe
PID 4280 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HVuvwCQ.exe
PID 4280 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\XyXDNoQ.exe
PID 4280 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\XyXDNoQ.exe
PID 4280 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\UBPaEOc.exe
PID 4280 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\UBPaEOc.exe
PID 4280 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\PMLInWJ.exe
PID 4280 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\PMLInWJ.exe
PID 4280 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\NPRpxbw.exe
PID 4280 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\NPRpxbw.exe
PID 4280 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\goorlGF.exe
PID 4280 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\goorlGF.exe
PID 4280 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\LOCPpGf.exe
PID 4280 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\LOCPpGf.exe
PID 4280 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HBaALBL.exe
PID 4280 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\HBaALBL.exe
PID 4280 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\hVggIch.exe
PID 4280 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe C:\Windows\System\hVggIch.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7fe3c327c3e645ff901af9e494efeac0_NeikiAnalytics.exe"

C:\Windows\System\YdGdVme.exe

C:\Windows\System\YdGdVme.exe

C:\Windows\System\oQFkdbw.exe

C:\Windows\System\oQFkdbw.exe

C:\Windows\System\eGUPvVQ.exe

C:\Windows\System\eGUPvVQ.exe

C:\Windows\System\AoIMmHc.exe

C:\Windows\System\AoIMmHc.exe

C:\Windows\System\HIKvrYx.exe

C:\Windows\System\HIKvrYx.exe

C:\Windows\System\lYuiADC.exe

C:\Windows\System\lYuiADC.exe

C:\Windows\System\mIxDeou.exe

C:\Windows\System\mIxDeou.exe

C:\Windows\System\ALJgghe.exe

C:\Windows\System\ALJgghe.exe

C:\Windows\System\cYicuMc.exe

C:\Windows\System\cYicuMc.exe

C:\Windows\System\tFCoiHJ.exe

C:\Windows\System\tFCoiHJ.exe

C:\Windows\System\FtXynkk.exe

C:\Windows\System\FtXynkk.exe

C:\Windows\System\zrSKixa.exe

C:\Windows\System\zrSKixa.exe

C:\Windows\System\dXrJvMk.exe

C:\Windows\System\dXrJvMk.exe

C:\Windows\System\uEgngWr.exe

C:\Windows\System\uEgngWr.exe

C:\Windows\System\zUlOYJq.exe

C:\Windows\System\zUlOYJq.exe

C:\Windows\System\TmlBrDy.exe

C:\Windows\System\TmlBrDy.exe

C:\Windows\System\KvAWcfv.exe

C:\Windows\System\KvAWcfv.exe

C:\Windows\System\sgwdLwB.exe

C:\Windows\System\sgwdLwB.exe

C:\Windows\System\xXmtGrD.exe

C:\Windows\System\xXmtGrD.exe

C:\Windows\System\wcpOSHv.exe

C:\Windows\System\wcpOSHv.exe

C:\Windows\System\ogBZtOW.exe

C:\Windows\System\ogBZtOW.exe

C:\Windows\System\yQggGTW.exe

C:\Windows\System\yQggGTW.exe

C:\Windows\System\UjpHtkm.exe

C:\Windows\System\UjpHtkm.exe

C:\Windows\System\HVuvwCQ.exe

C:\Windows\System\HVuvwCQ.exe

C:\Windows\System\XyXDNoQ.exe

C:\Windows\System\XyXDNoQ.exe

C:\Windows\System\UBPaEOc.exe

C:\Windows\System\UBPaEOc.exe

C:\Windows\System\PMLInWJ.exe

C:\Windows\System\PMLInWJ.exe

C:\Windows\System\NPRpxbw.exe

C:\Windows\System\NPRpxbw.exe

C:\Windows\System\goorlGF.exe

C:\Windows\System\goorlGF.exe

C:\Windows\System\LOCPpGf.exe

C:\Windows\System\LOCPpGf.exe

C:\Windows\System\HBaALBL.exe

C:\Windows\System\HBaALBL.exe

C:\Windows\System\hVggIch.exe

C:\Windows\System\hVggIch.exe

C:\Windows\System\IEiALUq.exe

C:\Windows\System\IEiALUq.exe

C:\Windows\System\AYVtbty.exe

C:\Windows\System\AYVtbty.exe

C:\Windows\System\XSgIDqe.exe

C:\Windows\System\XSgIDqe.exe

C:\Windows\System\YeHVMZW.exe

C:\Windows\System\YeHVMZW.exe

C:\Windows\System\ZLkXdhq.exe

C:\Windows\System\ZLkXdhq.exe

C:\Windows\System\fPqrAlw.exe

C:\Windows\System\fPqrAlw.exe

C:\Windows\System\yauafLl.exe

C:\Windows\System\yauafLl.exe

C:\Windows\System\NvoWtRz.exe

C:\Windows\System\NvoWtRz.exe

C:\Windows\System\fQrhFvZ.exe

C:\Windows\System\fQrhFvZ.exe

C:\Windows\System\dfluIeH.exe

C:\Windows\System\dfluIeH.exe

C:\Windows\System\uIYLafJ.exe

C:\Windows\System\uIYLafJ.exe

C:\Windows\System\xpjFIdS.exe

C:\Windows\System\xpjFIdS.exe

C:\Windows\System\YGvrSSx.exe

C:\Windows\System\YGvrSSx.exe

C:\Windows\System\FOWuaAm.exe

C:\Windows\System\FOWuaAm.exe

C:\Windows\System\QlpyzYP.exe

C:\Windows\System\QlpyzYP.exe

C:\Windows\System\SiacOGu.exe

C:\Windows\System\SiacOGu.exe

C:\Windows\System\ZqknZxC.exe

C:\Windows\System\ZqknZxC.exe

C:\Windows\System\SLCbjEf.exe

C:\Windows\System\SLCbjEf.exe

C:\Windows\System\efxweUr.exe

C:\Windows\System\efxweUr.exe

C:\Windows\System\bPRIbxh.exe

C:\Windows\System\bPRIbxh.exe

C:\Windows\System\WBoQoZu.exe

C:\Windows\System\WBoQoZu.exe

C:\Windows\System\oKIsRMj.exe

C:\Windows\System\oKIsRMj.exe

C:\Windows\System\tyhmPLa.exe

C:\Windows\System\tyhmPLa.exe

C:\Windows\System\TlvOQke.exe

C:\Windows\System\TlvOQke.exe

C:\Windows\System\xAoeDWA.exe

C:\Windows\System\xAoeDWA.exe

C:\Windows\System\ELivSmw.exe

C:\Windows\System\ELivSmw.exe

C:\Windows\System\wkUXaab.exe

C:\Windows\System\wkUXaab.exe

C:\Windows\System\ukbirVr.exe

C:\Windows\System\ukbirVr.exe

C:\Windows\System\OjGxUXn.exe

C:\Windows\System\OjGxUXn.exe

C:\Windows\System\LcqxdYf.exe

C:\Windows\System\LcqxdYf.exe

C:\Windows\System\KhSbhLi.exe

C:\Windows\System\KhSbhLi.exe

C:\Windows\System\wUtqocQ.exe

C:\Windows\System\wUtqocQ.exe

C:\Windows\System\fFsxkqJ.exe

C:\Windows\System\fFsxkqJ.exe

C:\Windows\System\azPjHgW.exe

C:\Windows\System\azPjHgW.exe

C:\Windows\System\OKundVP.exe

C:\Windows\System\OKundVP.exe

C:\Windows\System\xZnClyf.exe

C:\Windows\System\xZnClyf.exe

C:\Windows\System\YBcvxsi.exe

C:\Windows\System\YBcvxsi.exe

C:\Windows\System\YWouvqg.exe

C:\Windows\System\YWouvqg.exe

C:\Windows\System\jpFLCFh.exe

C:\Windows\System\jpFLCFh.exe

C:\Windows\System\TVDDoRE.exe

C:\Windows\System\TVDDoRE.exe

C:\Windows\System\pFSGLrs.exe

C:\Windows\System\pFSGLrs.exe

C:\Windows\System\hEzbrDx.exe

C:\Windows\System\hEzbrDx.exe

C:\Windows\System\hRPpUrj.exe

C:\Windows\System\hRPpUrj.exe

C:\Windows\System\EMlyVgE.exe

C:\Windows\System\EMlyVgE.exe

C:\Windows\System\mZVnFOI.exe

C:\Windows\System\mZVnFOI.exe

C:\Windows\System\vhnkYzR.exe

C:\Windows\System\vhnkYzR.exe

C:\Windows\System\dkVLEMM.exe

C:\Windows\System\dkVLEMM.exe

C:\Windows\System\AGuNhEq.exe

C:\Windows\System\AGuNhEq.exe

C:\Windows\System\QhgKzbB.exe

C:\Windows\System\QhgKzbB.exe

C:\Windows\System\RDxIhAi.exe

C:\Windows\System\RDxIhAi.exe

C:\Windows\System\vtwOCkc.exe

C:\Windows\System\vtwOCkc.exe

C:\Windows\System\TMBOGIv.exe

C:\Windows\System\TMBOGIv.exe

C:\Windows\System\AzJWXAm.exe

C:\Windows\System\AzJWXAm.exe

C:\Windows\System\BLowNeb.exe

C:\Windows\System\BLowNeb.exe

C:\Windows\System\GHIFKil.exe

C:\Windows\System\GHIFKil.exe

C:\Windows\System\CImJUUu.exe

C:\Windows\System\CImJUUu.exe

C:\Windows\System\JmWioNc.exe

C:\Windows\System\JmWioNc.exe

C:\Windows\System\KJNIeax.exe

C:\Windows\System\KJNIeax.exe

C:\Windows\System\EhTmqtA.exe

C:\Windows\System\EhTmqtA.exe

C:\Windows\System\LTjWZPe.exe

C:\Windows\System\LTjWZPe.exe

C:\Windows\System\MflDMzV.exe

C:\Windows\System\MflDMzV.exe

C:\Windows\System\IhYtqAY.exe

C:\Windows\System\IhYtqAY.exe

C:\Windows\System\sWRRnMT.exe

C:\Windows\System\sWRRnMT.exe

C:\Windows\System\JBXFyqk.exe

C:\Windows\System\JBXFyqk.exe

C:\Windows\System\EOTaQTS.exe

C:\Windows\System\EOTaQTS.exe

C:\Windows\System\DxmYQqN.exe

C:\Windows\System\DxmYQqN.exe

C:\Windows\System\FNysfJS.exe

C:\Windows\System\FNysfJS.exe

C:\Windows\System\NQxRlHi.exe

C:\Windows\System\NQxRlHi.exe

C:\Windows\System\iYoQArH.exe

C:\Windows\System\iYoQArH.exe

C:\Windows\System\nankZOC.exe

C:\Windows\System\nankZOC.exe

C:\Windows\System\yzjvPRC.exe

C:\Windows\System\yzjvPRC.exe

C:\Windows\System\iRhcMsu.exe

C:\Windows\System\iRhcMsu.exe

C:\Windows\System\jwIbeQC.exe

C:\Windows\System\jwIbeQC.exe

C:\Windows\System\letCesH.exe

C:\Windows\System\letCesH.exe

C:\Windows\System\iQKvFzz.exe

C:\Windows\System\iQKvFzz.exe

C:\Windows\System\kGzljhe.exe

C:\Windows\System\kGzljhe.exe

C:\Windows\System\CgqUPkW.exe

C:\Windows\System\CgqUPkW.exe

C:\Windows\System\cCiKvqG.exe

C:\Windows\System\cCiKvqG.exe

C:\Windows\System\aCYNChF.exe

C:\Windows\System\aCYNChF.exe

C:\Windows\System\fSZRJEB.exe

C:\Windows\System\fSZRJEB.exe

C:\Windows\System\EKLBqLp.exe

C:\Windows\System\EKLBqLp.exe

C:\Windows\System\tNHUBHu.exe

C:\Windows\System\tNHUBHu.exe

C:\Windows\System\pNocwoR.exe

C:\Windows\System\pNocwoR.exe

C:\Windows\System\fRUeWVK.exe

C:\Windows\System\fRUeWVK.exe

C:\Windows\System\aOODXRB.exe

C:\Windows\System\aOODXRB.exe

C:\Windows\System\DzYtCNk.exe

C:\Windows\System\DzYtCNk.exe

C:\Windows\System\qJKkQOA.exe

C:\Windows\System\qJKkQOA.exe

C:\Windows\System\HGcaDeR.exe

C:\Windows\System\HGcaDeR.exe

C:\Windows\System\CwVsivd.exe

C:\Windows\System\CwVsivd.exe

C:\Windows\System\pYSChUw.exe

C:\Windows\System\pYSChUw.exe

C:\Windows\System\haZjXmx.exe

C:\Windows\System\haZjXmx.exe

C:\Windows\System\qgrqOFv.exe

C:\Windows\System\qgrqOFv.exe

C:\Windows\System\QZYURPs.exe

C:\Windows\System\QZYURPs.exe

C:\Windows\System\bjmCezn.exe

C:\Windows\System\bjmCezn.exe

C:\Windows\System\QIUdoFj.exe

C:\Windows\System\QIUdoFj.exe

C:\Windows\System\gYbFOYW.exe

C:\Windows\System\gYbFOYW.exe

C:\Windows\System\PccNijJ.exe

C:\Windows\System\PccNijJ.exe

C:\Windows\System\zLItThf.exe

C:\Windows\System\zLItThf.exe

C:\Windows\System\yXcCsIo.exe

C:\Windows\System\yXcCsIo.exe

C:\Windows\System\kVVkXiI.exe

C:\Windows\System\kVVkXiI.exe

C:\Windows\System\haqpGMx.exe

C:\Windows\System\haqpGMx.exe

C:\Windows\System\ZmIaZRH.exe

C:\Windows\System\ZmIaZRH.exe

C:\Windows\System\mFXMNjp.exe

C:\Windows\System\mFXMNjp.exe

C:\Windows\System\yZlJJPR.exe

C:\Windows\System\yZlJJPR.exe

C:\Windows\System\klcfZAc.exe

C:\Windows\System\klcfZAc.exe

C:\Windows\System\NoCwyXg.exe

C:\Windows\System\NoCwyXg.exe

C:\Windows\System\VKmyIAZ.exe

C:\Windows\System\VKmyIAZ.exe

C:\Windows\System\uwCCHAS.exe

C:\Windows\System\uwCCHAS.exe

C:\Windows\System\qdUnhnX.exe

C:\Windows\System\qdUnhnX.exe

C:\Windows\System\xFEwJmz.exe

C:\Windows\System\xFEwJmz.exe

C:\Windows\System\UqcEowq.exe

C:\Windows\System\UqcEowq.exe

C:\Windows\System\BrEnRLd.exe

C:\Windows\System\BrEnRLd.exe

C:\Windows\System\oiXuFxA.exe

C:\Windows\System\oiXuFxA.exe

C:\Windows\System\OzmMlnC.exe

C:\Windows\System\OzmMlnC.exe

C:\Windows\System\JVDZkUv.exe

C:\Windows\System\JVDZkUv.exe

C:\Windows\System\DEMTuPB.exe

C:\Windows\System\DEMTuPB.exe

C:\Windows\System\QEtqrhc.exe

C:\Windows\System\QEtqrhc.exe

C:\Windows\System\SOvYwyx.exe

C:\Windows\System\SOvYwyx.exe

C:\Windows\System\JayvKmN.exe

C:\Windows\System\JayvKmN.exe

C:\Windows\System\MgHNqye.exe

C:\Windows\System\MgHNqye.exe

C:\Windows\System\wpUlezo.exe

C:\Windows\System\wpUlezo.exe

C:\Windows\System\WSLUqGF.exe

C:\Windows\System\WSLUqGF.exe

C:\Windows\System\FrrKnmy.exe

C:\Windows\System\FrrKnmy.exe

C:\Windows\System\muMzYko.exe

C:\Windows\System\muMzYko.exe

C:\Windows\System\kzjNcPY.exe

C:\Windows\System\kzjNcPY.exe

C:\Windows\System\bsIWMUD.exe

C:\Windows\System\bsIWMUD.exe

C:\Windows\System\ufmNfQh.exe

C:\Windows\System\ufmNfQh.exe

C:\Windows\System\BBHZVrF.exe

C:\Windows\System\BBHZVrF.exe

C:\Windows\System\dHqcguq.exe

C:\Windows\System\dHqcguq.exe

C:\Windows\System\arhxmOH.exe

C:\Windows\System\arhxmOH.exe

C:\Windows\System\eJcJREB.exe

C:\Windows\System\eJcJREB.exe

C:\Windows\System\JumqFyT.exe

C:\Windows\System\JumqFyT.exe

C:\Windows\System\rqRLOZO.exe

C:\Windows\System\rqRLOZO.exe

C:\Windows\System\toeeFwR.exe

C:\Windows\System\toeeFwR.exe

C:\Windows\System\vaLEaQN.exe

C:\Windows\System\vaLEaQN.exe

C:\Windows\System\ynspEvw.exe

C:\Windows\System\ynspEvw.exe

C:\Windows\System\ZYfUPJI.exe

C:\Windows\System\ZYfUPJI.exe

C:\Windows\System\pSZIVlN.exe

C:\Windows\System\pSZIVlN.exe

C:\Windows\System\mCkNxmk.exe

C:\Windows\System\mCkNxmk.exe

C:\Windows\System\WamleJj.exe

C:\Windows\System\WamleJj.exe

C:\Windows\System\AGdDWRf.exe

C:\Windows\System\AGdDWRf.exe

C:\Windows\System\WusOLRr.exe

C:\Windows\System\WusOLRr.exe

C:\Windows\System\CCekYoT.exe

C:\Windows\System\CCekYoT.exe

C:\Windows\System\TcNTCBj.exe

C:\Windows\System\TcNTCBj.exe

C:\Windows\System\VxKzOjU.exe

C:\Windows\System\VxKzOjU.exe

C:\Windows\System\MrUMsmI.exe

C:\Windows\System\MrUMsmI.exe

C:\Windows\System\VHnulzR.exe

C:\Windows\System\VHnulzR.exe

C:\Windows\System\rGahoCk.exe

C:\Windows\System\rGahoCk.exe

C:\Windows\System\GbQIjAL.exe

C:\Windows\System\GbQIjAL.exe

C:\Windows\System\czCHujz.exe

C:\Windows\System\czCHujz.exe

C:\Windows\System\AAhuYSS.exe

C:\Windows\System\AAhuYSS.exe

C:\Windows\System\YBVlcXX.exe

C:\Windows\System\YBVlcXX.exe

C:\Windows\System\cOUnQeY.exe

C:\Windows\System\cOUnQeY.exe

C:\Windows\System\OWWMyAc.exe

C:\Windows\System\OWWMyAc.exe

C:\Windows\System\NJEEUJb.exe

C:\Windows\System\NJEEUJb.exe

C:\Windows\System\gGNLKDs.exe

C:\Windows\System\gGNLKDs.exe

C:\Windows\System\CXfJQrc.exe

C:\Windows\System\CXfJQrc.exe

C:\Windows\System\JxosDjv.exe

C:\Windows\System\JxosDjv.exe

C:\Windows\System\nCxkBgx.exe

C:\Windows\System\nCxkBgx.exe

C:\Windows\System\EhNJKnj.exe

C:\Windows\System\EhNJKnj.exe

C:\Windows\System\tfblpdp.exe

C:\Windows\System\tfblpdp.exe

C:\Windows\System\YoHpEsq.exe

C:\Windows\System\YoHpEsq.exe

C:\Windows\System\RySGNqU.exe

C:\Windows\System\RySGNqU.exe

C:\Windows\System\UMlfpII.exe

C:\Windows\System\UMlfpII.exe

C:\Windows\System\ShdqwWs.exe

C:\Windows\System\ShdqwWs.exe

C:\Windows\System\gmGVAuK.exe

C:\Windows\System\gmGVAuK.exe

C:\Windows\System\ukwuIeJ.exe

C:\Windows\System\ukwuIeJ.exe

C:\Windows\System\ImrUBGM.exe

C:\Windows\System\ImrUBGM.exe

C:\Windows\System\QQZBCqw.exe

C:\Windows\System\QQZBCqw.exe

C:\Windows\System\wRsDyRK.exe

C:\Windows\System\wRsDyRK.exe

C:\Windows\System\NkzZVZB.exe

C:\Windows\System\NkzZVZB.exe

C:\Windows\System\STaZaVF.exe

C:\Windows\System\STaZaVF.exe

C:\Windows\System\qWsIqMh.exe

C:\Windows\System\qWsIqMh.exe

C:\Windows\System\BtvVJBO.exe

C:\Windows\System\BtvVJBO.exe

C:\Windows\System\JkRRwhh.exe

C:\Windows\System\JkRRwhh.exe

C:\Windows\System\SRajTKS.exe

C:\Windows\System\SRajTKS.exe

C:\Windows\System\xioOHXE.exe

C:\Windows\System\xioOHXE.exe

C:\Windows\System\TtHHvtx.exe

C:\Windows\System\TtHHvtx.exe

C:\Windows\System\OajmDDk.exe

C:\Windows\System\OajmDDk.exe

C:\Windows\System\gHUjCvj.exe

C:\Windows\System\gHUjCvj.exe

C:\Windows\System\wSaIUKd.exe

C:\Windows\System\wSaIUKd.exe

C:\Windows\System\AHAjGLY.exe

C:\Windows\System\AHAjGLY.exe

C:\Windows\System\iwfZmai.exe

C:\Windows\System\iwfZmai.exe

C:\Windows\System\OdBfiPF.exe

C:\Windows\System\OdBfiPF.exe

C:\Windows\System\FblQDzN.exe

C:\Windows\System\FblQDzN.exe

C:\Windows\System\HsiTYYg.exe

C:\Windows\System\HsiTYYg.exe

C:\Windows\System\paTFuPf.exe

C:\Windows\System\paTFuPf.exe

C:\Windows\System\qIsnrir.exe

C:\Windows\System\qIsnrir.exe

C:\Windows\System\IJGVpux.exe

C:\Windows\System\IJGVpux.exe

C:\Windows\System\AicskJt.exe

C:\Windows\System\AicskJt.exe

C:\Windows\System\DKmGfOj.exe

C:\Windows\System\DKmGfOj.exe

C:\Windows\System\oDwSOgN.exe

C:\Windows\System\oDwSOgN.exe

C:\Windows\System\gHkiMXm.exe

C:\Windows\System\gHkiMXm.exe

C:\Windows\System\tbXsKFg.exe

C:\Windows\System\tbXsKFg.exe

C:\Windows\System\fOLJUuO.exe

C:\Windows\System\fOLJUuO.exe

C:\Windows\System\uuqitmc.exe

C:\Windows\System\uuqitmc.exe

C:\Windows\System\vtiNENn.exe

C:\Windows\System\vtiNENn.exe

C:\Windows\System\lpsAlLF.exe

C:\Windows\System\lpsAlLF.exe

C:\Windows\System\jliBFwH.exe

C:\Windows\System\jliBFwH.exe

C:\Windows\System\Wjfrigp.exe

C:\Windows\System\Wjfrigp.exe

C:\Windows\System\MXCaskb.exe

C:\Windows\System\MXCaskb.exe

C:\Windows\System\sobUvlD.exe

C:\Windows\System\sobUvlD.exe

C:\Windows\System\BMLZwZL.exe

C:\Windows\System\BMLZwZL.exe

C:\Windows\System\xUTsAfg.exe

C:\Windows\System\xUTsAfg.exe

C:\Windows\System\KOpnqNF.exe

C:\Windows\System\KOpnqNF.exe

C:\Windows\System\AJlDzZw.exe

C:\Windows\System\AJlDzZw.exe

C:\Windows\System\cVznZcm.exe

C:\Windows\System\cVznZcm.exe

C:\Windows\System\AjGlYas.exe

C:\Windows\System\AjGlYas.exe

C:\Windows\System\THOtmow.exe

C:\Windows\System\THOtmow.exe

C:\Windows\System\fLiRkMc.exe

C:\Windows\System\fLiRkMc.exe

C:\Windows\System\MCfqHSI.exe

C:\Windows\System\MCfqHSI.exe

C:\Windows\System\WaKfmEe.exe

C:\Windows\System\WaKfmEe.exe

C:\Windows\System\NlwylaT.exe

C:\Windows\System\NlwylaT.exe

C:\Windows\System\nySJmbx.exe

C:\Windows\System\nySJmbx.exe

C:\Windows\System\sVvwsHJ.exe

C:\Windows\System\sVvwsHJ.exe

C:\Windows\System\AIPOWIb.exe

C:\Windows\System\AIPOWIb.exe

C:\Windows\System\DIieFSP.exe

C:\Windows\System\DIieFSP.exe

C:\Windows\System\KMgbQYJ.exe

C:\Windows\System\KMgbQYJ.exe

C:\Windows\System\OEHYsPP.exe

C:\Windows\System\OEHYsPP.exe

C:\Windows\System\EUqcRmt.exe

C:\Windows\System\EUqcRmt.exe

C:\Windows\System\DjKFsBy.exe

C:\Windows\System\DjKFsBy.exe

C:\Windows\System\sPAFgth.exe

C:\Windows\System\sPAFgth.exe

C:\Windows\System\dTYrXML.exe

C:\Windows\System\dTYrXML.exe

C:\Windows\System\rPMMYFO.exe

C:\Windows\System\rPMMYFO.exe

C:\Windows\System\dNMRuwm.exe

C:\Windows\System\dNMRuwm.exe

C:\Windows\System\oymILjs.exe

C:\Windows\System\oymILjs.exe

C:\Windows\System\kiKBnPH.exe

C:\Windows\System\kiKBnPH.exe

C:\Windows\System\eSMRrnq.exe

C:\Windows\System\eSMRrnq.exe

C:\Windows\System\uYkkXUJ.exe

C:\Windows\System\uYkkXUJ.exe

C:\Windows\System\cBbZGsK.exe

C:\Windows\System\cBbZGsK.exe

C:\Windows\System\cagbbjP.exe

C:\Windows\System\cagbbjP.exe

C:\Windows\System\CIjSdbe.exe

C:\Windows\System\CIjSdbe.exe

C:\Windows\System\qrRjuha.exe

C:\Windows\System\qrRjuha.exe

C:\Windows\System\rzsQkbb.exe

C:\Windows\System\rzsQkbb.exe

C:\Windows\System\QfcyQZb.exe

C:\Windows\System\QfcyQZb.exe

C:\Windows\System\EJtZHzc.exe

C:\Windows\System\EJtZHzc.exe

C:\Windows\System\dUgkpXB.exe

C:\Windows\System\dUgkpXB.exe

C:\Windows\System\XfKlMSl.exe

C:\Windows\System\XfKlMSl.exe

C:\Windows\System\QlxKvbA.exe

C:\Windows\System\QlxKvbA.exe

C:\Windows\System\qVhluwC.exe

C:\Windows\System\qVhluwC.exe

C:\Windows\System\giUClDY.exe

C:\Windows\System\giUClDY.exe

C:\Windows\System\UjJzzGn.exe

C:\Windows\System\UjJzzGn.exe

C:\Windows\System\TcQtwVQ.exe

C:\Windows\System\TcQtwVQ.exe

C:\Windows\System\ndAIiEh.exe

C:\Windows\System\ndAIiEh.exe

C:\Windows\System\DpAAjtN.exe

C:\Windows\System\DpAAjtN.exe

C:\Windows\System\XcUnsZf.exe

C:\Windows\System\XcUnsZf.exe

C:\Windows\System\ptqjSon.exe

C:\Windows\System\ptqjSon.exe

C:\Windows\System\QrAzLjr.exe

C:\Windows\System\QrAzLjr.exe

C:\Windows\System\DUgrBby.exe

C:\Windows\System\DUgrBby.exe

C:\Windows\System\HbKkzCh.exe

C:\Windows\System\HbKkzCh.exe

C:\Windows\System\CDxyWWG.exe

C:\Windows\System\CDxyWWG.exe

C:\Windows\System\ABiIClC.exe

C:\Windows\System\ABiIClC.exe

C:\Windows\System\MfFUpgF.exe

C:\Windows\System\MfFUpgF.exe

C:\Windows\System\WQSVhvx.exe

C:\Windows\System\WQSVhvx.exe

C:\Windows\System\ptUHeVp.exe

C:\Windows\System\ptUHeVp.exe

C:\Windows\System\vFFCZTU.exe

C:\Windows\System\vFFCZTU.exe

C:\Windows\System\QbVYgEH.exe

C:\Windows\System\QbVYgEH.exe

C:\Windows\System\PoXRArj.exe

C:\Windows\System\PoXRArj.exe

C:\Windows\System\UpyXeaC.exe

C:\Windows\System\UpyXeaC.exe

C:\Windows\System\gyQjsDa.exe

C:\Windows\System\gyQjsDa.exe

C:\Windows\System\fmXItII.exe

C:\Windows\System\fmXItII.exe

C:\Windows\System\uNtudAF.exe

C:\Windows\System\uNtudAF.exe

C:\Windows\System\EbXXfxP.exe

C:\Windows\System\EbXXfxP.exe

C:\Windows\System\mzqEypk.exe

C:\Windows\System\mzqEypk.exe

C:\Windows\System\BNGsErz.exe

C:\Windows\System\BNGsErz.exe

C:\Windows\System\PmMbJci.exe

C:\Windows\System\PmMbJci.exe

C:\Windows\System\cUKPXmZ.exe

C:\Windows\System\cUKPXmZ.exe

C:\Windows\System\hOzkZFB.exe

C:\Windows\System\hOzkZFB.exe

C:\Windows\System\nWKOYUv.exe

C:\Windows\System\nWKOYUv.exe

C:\Windows\System\RntcmbF.exe

C:\Windows\System\RntcmbF.exe

C:\Windows\System\Xwyuiom.exe

C:\Windows\System\Xwyuiom.exe

C:\Windows\System\bXIQghE.exe

C:\Windows\System\bXIQghE.exe

C:\Windows\System\XESIdiM.exe

C:\Windows\System\XESIdiM.exe

C:\Windows\System\BQxRKNf.exe

C:\Windows\System\BQxRKNf.exe

C:\Windows\System\CHcsioy.exe

C:\Windows\System\CHcsioy.exe

C:\Windows\System\mulSPoh.exe

C:\Windows\System\mulSPoh.exe

C:\Windows\System\kJvvdzG.exe

C:\Windows\System\kJvvdzG.exe

C:\Windows\System\ccJXmEV.exe

C:\Windows\System\ccJXmEV.exe

C:\Windows\System\VSQavxh.exe

C:\Windows\System\VSQavxh.exe

C:\Windows\System\LhKeOPO.exe

C:\Windows\System\LhKeOPO.exe

C:\Windows\System\BIuVSPH.exe

C:\Windows\System\BIuVSPH.exe

C:\Windows\System\SQNpZzC.exe

C:\Windows\System\SQNpZzC.exe

C:\Windows\System\dBKeZQp.exe

C:\Windows\System\dBKeZQp.exe

C:\Windows\System\QEFljFj.exe

C:\Windows\System\QEFljFj.exe

C:\Windows\System\BkZubbH.exe

C:\Windows\System\BkZubbH.exe

C:\Windows\System\xUQfkja.exe

C:\Windows\System\xUQfkja.exe

C:\Windows\System\njSqkdS.exe

C:\Windows\System\njSqkdS.exe

C:\Windows\System\umckIqQ.exe

C:\Windows\System\umckIqQ.exe

C:\Windows\System\GBwSokP.exe

C:\Windows\System\GBwSokP.exe

C:\Windows\System\sJKwIQo.exe

C:\Windows\System\sJKwIQo.exe

C:\Windows\System\XTBSbMg.exe

C:\Windows\System\XTBSbMg.exe

C:\Windows\System\JXSkACU.exe

C:\Windows\System\JXSkACU.exe

C:\Windows\System\KtkcEpU.exe

C:\Windows\System\KtkcEpU.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4280-0-0x00007FF7C5E30000-0x00007FF7C6184000-memory.dmp

memory/4280-1-0x0000017D842E0000-0x0000017D842F0000-memory.dmp

C:\Windows\System\YdGdVme.exe

MD5 6317f8aca8e5328decc3f03680f16b29
SHA1 db701d13af8ecd5396cbef08a9076efb1685afd8
SHA256 667505b8a4a7c4cf5f243cd004305f233aa9ba26c0427b7fbc96b84a12f08514
SHA512 917433cf27df0f4e6ebc10b4601effae6ecb5dcf8e5963d77cddcfdf8846d708b559ab9c58ae88cfde01b0fd7db6859d99af87dba3f6861642af7ec9a80b2b42

C:\Windows\System\oQFkdbw.exe

MD5 9b5321fd7cfb18aa5d0a7df36ce9e09a
SHA1 f277526587985e30f6140f319939482e27bcedb0
SHA256 9a89a64dde25f20d2a468097e3def43a09bc121bfa9ea6629a72aeb18e968d0b
SHA512 15a31ea024fe86c6142d9c650eabf96c211f4dbf330a6c833d2833ede2cf1d4284ecac41949e3a3e9af270500193cf95e38fb4f9c2b6f7f23c7fa2b67a3920e5

memory/3984-13-0x00007FF6A6B80000-0x00007FF6A6ED4000-memory.dmp

memory/1500-21-0x00007FF6FC800000-0x00007FF6FCB54000-memory.dmp

memory/4024-46-0x00007FF66C620000-0x00007FF66C974000-memory.dmp

C:\Windows\System\mIxDeou.exe

MD5 34e2e7c88d4917e7a17629bc2c8e1d87
SHA1 40f7c50798541a2c2f8712d83eb139a8421d6e14
SHA256 c005554ec44f17f3b2c952a793e5572b141e8c7e2993acad8fe2be0403a6b364
SHA512 65c02195c4e207ca3f8d737ac40ee368a3ca608f57a001526e6858820dd73a2b7d60d097d125563795f4c2157f4d892b0d458d3396a1cddefa83c2b01b805d9e

C:\Windows\System\FtXynkk.exe

MD5 5124075945e7eb9fa1d9202574a4f11a
SHA1 dc35256677ca2a3751c55e1a38ddb09b421131e6
SHA256 765f2d743ca94a53089d04b05f1bca018065d6dc8a19635657f6ecbc9f67cbe4
SHA512 5bfb942e8649e17debf73b6c08a004300d68858d9a4ddca87f0302ea2175de2ee952bc0d15ee6ce69389ef6b823b0a950a8fae9af2e9ff1947efa4939f4165a2

C:\Windows\System\tFCoiHJ.exe

MD5 e1cc314f30aaea02bac398af9eb3eb8b
SHA1 0a4c198d801fe9cb59475299e4d05239d05fdda4
SHA256 0f92ee2ab16a084afe473b619c71f9f03525408387adf86eaebc0d47219f8ca3
SHA512 3a4df9f25984981f717ab0d0328e0144a7e949725883a15a432d8f8ca7a62ac7c0a2c2b692f244ecfc1aed6f80ac3eaea4939699512170c5921ac961a2e161dc

C:\Windows\System\TmlBrDy.exe

MD5 177b998b7f4f17abc46681938d402d41
SHA1 b9b89ec54d1ff5290b01e9852d8cb24a7ab16c5b
SHA256 81f80a49d6ed05285753c93abe84f23e9f0ffaaa3ab273d35dd63a817e6296d3
SHA512 57297a72455c9be0f799b32131b6c5d5200bc851db1bac18693f17071207c56394171555df5cae13e2ba30145af03e1486bf4675aca568dcca43b5350c281674

C:\Windows\System\zUlOYJq.exe

MD5 ee10d4ce9ca5274b3a0f4edb36e69654
SHA1 cf66a6e7c3e1b63329237374f03f3eea7cc02804
SHA256 f090e01cb5695afd9898177c7d3d4e7dc847f4d6b89b8c33477ba116ea31a2c5
SHA512 4fb947376217fb3f178925646f8f2bd2a2564af9b3003c353e34537f023e07695ec9c9316a0d3852f28d9eec796adaf53d22470fed98cffa924cf234315c293a

C:\Windows\System\yQggGTW.exe

MD5 935391fcc02cf726280f50797a35b4f7
SHA1 14a07fc1d70391e89631ec54129c3ee5d692592c
SHA256 9ebb5c97819e423249ab4d887bb547efc5787b89302335f045ef651000394c54
SHA512 f1286b687a9f261b475000da3a502ad05171ee437e03bd48de21c01a544c238d4941ed19505c8233603f8246a8824b5921050ba17fbdfd67c445c1d19e9d5a56

memory/4092-125-0x00007FF6D9D00000-0x00007FF6DA054000-memory.dmp

memory/3896-136-0x00007FF67CDB0000-0x00007FF67D104000-memory.dmp

memory/2296-142-0x00007FF613E30000-0x00007FF614184000-memory.dmp

memory/1952-147-0x00007FF68AA70000-0x00007FF68ADC4000-memory.dmp

memory/3656-152-0x00007FF7CB940000-0x00007FF7CBC94000-memory.dmp

C:\Windows\System\UBPaEOc.exe

MD5 e9f4badd6d4e1afd9fb33c04cd64f984
SHA1 81b540b92953a99851c5040c56e9d20a6f12f058
SHA256 59eeeebe2d68ce63f27b99c699e9287ac00be70d26cd773c22cd9c593463bf9c
SHA512 e09e71bf80dcd704dfe23b62c24942689686e4a336c75dfebc055825ae1f434a78f4cfe843bcbd7137f0fbe8ee8454eeaec9db3411b6ca5dea7e3de4c000a29d

memory/4492-156-0x00007FF6A62C0000-0x00007FF6A6614000-memory.dmp

memory/4716-155-0x00007FF7DC590000-0x00007FF7DC8E4000-memory.dmp

memory/3516-154-0x00007FF650DF0000-0x00007FF651144000-memory.dmp

memory/4484-153-0x00007FF6DC3B0000-0x00007FF6DC704000-memory.dmp

memory/2968-151-0x00007FF6CCCA0000-0x00007FF6CCFF4000-memory.dmp

C:\Windows\System\XyXDNoQ.exe

MD5 b7665883fcf0e9c44c86650c9f7067db
SHA1 e34ef5f430e524d5ddf5c08c8477d31473f7badb
SHA256 673ea0450ba13f26155bc87b98a06794be56968803fb59877b543b098ec47d32
SHA512 7be7be338c8fb7205f4dfacc89b3ae143565fcdb444817bc20e2de10cfade346a51ef61f8a11882e39707a17b7983d10e421683fa05b6d5a8320e54a4d76df72

memory/2000-148-0x00007FF6FF640000-0x00007FF6FF994000-memory.dmp

C:\Windows\System\HVuvwCQ.exe

MD5 576da3702dfbd0a82d0ef7c736c66e3a
SHA1 de96d6793d20e0d3ae1897e5e397239d4598fb9d
SHA256 ba35a72c6393a13576eba0a5cece768c19078020d82faaa309ee62cb617eda6b
SHA512 5d761fe7b2b675c68e4f677a0d6f164aa7196d62cb5065b33fa02961c54c65c473bd19cfc5eb40b79feb2e3ed51791af5f6fa8c906b7bc52ef7f88c0486a8b99

C:\Windows\System\UjpHtkm.exe

MD5 d7362fe26529b370e5198ff096ecddea
SHA1 57baa9cd4a1a57c74f977628f94e43e6a1f3a9e5
SHA256 4fbcbfba91fbddfad02aefcb984391924da0814246394587a6c6e1712404926d
SHA512 98ae2a458fcabb5b70c98243f277c30e00c92651d1b933c5aaa7fec3110ef76f314b7eba766121fcb17fd8fd3993c721a55815634e01b145911245bf8c861e91

memory/3336-137-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp

C:\Windows\System\ogBZtOW.exe

MD5 d8954301d07e7bf552405f97f7f4ea03
SHA1 d23b96c70a3db4f7ca9e9712ea78e379d21851f4
SHA256 1d684906c48be74a1d7dda7251556f8c6b626fef06c473ae59b4904b99e57393
SHA512 4f5f222c4260a83c8cf6a68793b0af7e2e778505565d1d626369e9ee6f4199413403d1213cd23577fc01a8381a8b7a0c4fd615dab3962ab2e1985c2e7ae54b81

memory/1040-126-0x00007FF7ABE00000-0x00007FF7AC154000-memory.dmp

C:\Windows\System\KvAWcfv.exe

MD5 f4d1fd62d5e0de4ebfe7cc4d5c56efe3
SHA1 72a6c901679866cbe6036941f2abd06d28b5503d
SHA256 7a4bb31fc963dd724e60ef8684d0ee727a009153ed4ba2b8ef20caf47259589b
SHA512 5c2969c835981088268292f90c5cf492b805240550c49b0e4ca5323ec885ed6ff818c8158ccf9acc29fbb39b320e8882d9ed4233a297427f990f184320789acd

C:\Windows\System\xXmtGrD.exe

MD5 255341306e3fe462dbead9ffae630c1f
SHA1 723f4eeedc1c22931a1f5d0fb5fd7ae7fb036972
SHA256 090d5bc4a17ace79ea70f71e96cc2a7ec88a124878f5b9cc03c507f453a4bca1
SHA512 c9bedcb254cc0171592a434a156f2121bb2819d0ffc655c61b8d6eac864d07c22e8bbea13bc3a9329ba8a5652036a4c49f4876abb333fdf158ea797e365cb816

C:\Windows\System\wcpOSHv.exe

MD5 2ab073d33ab2d342c04f881bcab56bc0
SHA1 2971c18d307a5cdbf6bd99cad7cc603d1e4a4704
SHA256 b3ec37e6fd9b228a8b27ee4b0b345f84e641860427d150e311993fa2a1443d3b
SHA512 2633369882bad05d38857082830ec2bb7e80f902b66a3b4d78c001b0c63772341490de4f35ce049cdcc4a06ca9872f37de4602897f6cf229ceb63ee9c3085d3a

memory/2500-116-0x00007FF660AB0000-0x00007FF660E04000-memory.dmp

memory/4608-108-0x00007FF759C80000-0x00007FF759FD4000-memory.dmp

C:\Windows\System\sgwdLwB.exe

MD5 c821c040b000a95a42d754276ffc8d66
SHA1 c4d85c8d1c9f154aa3320644e214e400b9ce3f5c
SHA256 6d5bb25c08392a67c3003f43675b44652607f08eb8da46e67123fc5da5ce3483
SHA512 e77a26f3a8c4cbd892d53097207f0e2c1f3771bdfce29399c89ba003bd6a0e42360a893c274478ffa85dcf790eb28b079155de92b9a285560559f4e454d61e73

C:\Windows\System\uEgngWr.exe

MD5 886719bc26aa920e8693d7e979ad1f99
SHA1 0881e2e3fc52d9827711595c6b5ab561ae8abf2d
SHA256 ba83c287b0c8df78756a4207003a1b53aa650f527461ac80eb8a3c8c6b724847
SHA512 c9e9988c78b2a8c6c397313da41cead6d1c907fdcc55140a82f81d8fb73629c6140f580fc68c02ddd15c8228394d6b4964c713eae36fa407fff496b18d8cfdbc

C:\Windows\System\dXrJvMk.exe

MD5 844bfa54361bc3a86c851be74c8e1312
SHA1 04819dabe03b02d27946d1da7ab4f1dc9b70015e
SHA256 7cf3d786ef149dfccd89a19f993a95c701c7fec0aaa2a9b185417becd43b877d
SHA512 cbef6d58e04811a5b0262ea17a29e2a88a71a4fc52ba0d2e665cdda6675896c5bb979d78bee5e9bc1bc6a3094ac1330ccb24582573d55e4432989e60981d5931

C:\Windows\System\zrSKixa.exe

MD5 3f160d0fd878c6148c5e07c2a23019e7
SHA1 b45e2dddb58cd09edbbba9ec6b74d97f8c5058f9
SHA256 f703a8a1f653ef75f6a892b8aa9e2dfa6ea18ca228e325145cd9b454e2160a94
SHA512 f21d88e4e551cc21781c01572e3ab97e48b59ffd1703db25804c1291901deb40bb2fc0a0162e48ce1836b39868b04c215483d22faea888ce4568c28461a972a8

memory/2492-72-0x00007FF690E40000-0x00007FF691194000-memory.dmp

memory/2016-68-0x00007FF772470000-0x00007FF7727C4000-memory.dmp

memory/3672-65-0x00007FF7A8510000-0x00007FF7A8864000-memory.dmp

memory/3340-59-0x00007FF6733D0000-0x00007FF673724000-memory.dmp

memory/1528-56-0x00007FF66E0D0000-0x00007FF66E424000-memory.dmp

C:\Windows\System\cYicuMc.exe

MD5 c808fc0011f5fbcdcec74695d302d047
SHA1 0bf9fed73ca855b1881ece6ff9c055c9e14d5923
SHA256 d026170c8c8f55c24cdd5750756da4087c87be003d5770f133484ec13f0464ef
SHA512 3b21a406c46bfe3e92d1856b348eb537d5a1054f9ed76467bc617ba18b5c2739560db49b52aa758567bacf20d9f58a0c9d6d4ab6a85e4a5d4da64d975a5261dd

C:\Windows\System\ALJgghe.exe

MD5 d001be05e9ee9710ae0072fba10f2735
SHA1 b657fc32f1f16e6dcba29046f0daefc4057ffa63
SHA256 5d6e3524f498f0121299086207fe9fe8dff51fb1afb5835fb121da18604d9b68
SHA512 42cf584678aeb3e2b1b7bc6cd7302395b86c6bbb2255904851752d15c452a4f5cc1963231cf38e3584c2b2ae92a5da68e51b038aefe81a9ec86ee03925704f29

memory/3824-178-0x00007FF72A900000-0x00007FF72AC54000-memory.dmp

C:\Windows\System\hVggIch.exe

MD5 724dad76ca2003774ed073388b0bfc5c
SHA1 7eeb640b238d85edb78bc46865a91879ab0b7fa8
SHA256 11bd24852319b946d08e66ba20104ae46f4ceaf32bdcc6e5bedc619b8ce6842a
SHA512 9fce24b0a81b020081e4f2fc005b8356cc710a961438c9ab9b99e64c3cf9b1ba15eb63b659c1fc0fcf96d3df22c03f0e37c1d067ecc07599ee489aa2bd498574

C:\Windows\System\AYVtbty.exe

MD5 a609bced84eee5fd21058abb20db535b
SHA1 1cb7975d55b6e07b109ae25ba57fb2a2e2bab68a
SHA256 c3534a0f98841793998222608e8ee142aaf93e06f7c434d3825de45ebbc9ba17
SHA512 65d7eff1c42959498bc6fa275cf98f04c0567c913bc8053075b58ba551896e0a06f19ddff70412751e9fb92e97dd6b335e05fefe690909f710b2c3fdef7462b7

memory/2668-924-0x00007FF641D10000-0x00007FF642064000-memory.dmp

memory/4280-571-0x00007FF7C5E30000-0x00007FF7C6184000-memory.dmp

C:\Windows\System\IEiALUq.exe

MD5 a86b84c68beacc3bb59b2022b30af713
SHA1 bd9457cdbb8dc213129c0b75c00e442e8b3a99f3
SHA256 9cec7efadb467368b19e0fd5e1cdcf385cdb4a4cf8b2d0bd1bf1c4ae41db3c2f
SHA512 9205df6e69b08d6b3a7c1d3605ae7b7e7f462d5b72f3c113f1dc81a7502d4c77cb9ec75f7dcd54d302ef30a725ebe9983773301189ee3f366efbf8aeef8151de

C:\Windows\System\LOCPpGf.exe

MD5 f4bc1d44c6e16326e9e81642defd3ebb
SHA1 2269bbfb9aa2206546a4304c34e3e3bf2a2e0d79
SHA256 aead3fd8643b8227581b723394220886ae5aa1cd4fc451633d30921a83487bc6
SHA512 78fa45ff4921d2e2e80f0b137d356f7a55cf50fdaf0371d2a5a76455433f11a822f7500561f0688d478f44f9ab1460deea366d07a91d7855ddc98a5c5cac3813

memory/4224-187-0x00007FF70FB00000-0x00007FF70FE54000-memory.dmp

C:\Windows\System\HBaALBL.exe

MD5 919135ac835beced52fcd2f6e8c7463a
SHA1 d082628d9e2524b70dddfb52893c79c9638cb247
SHA256 70b856c8e23797c43eefa09d93a5bc8e91d3a10873a8ce3625d9dfb9a5f88979
SHA512 6866198f304fbaa248068734cd155f6d0f9b24b1621c1e3f34da2c8c807ef95aee83414587bb69c113ddb0851e2c9737085785aa3e1958b3bfe2e48676545588

C:\Windows\System\goorlGF.exe

MD5 d23fb63f98411b1367730e078aa1690d
SHA1 cf4a626696b92fc0546eea3996792fb667be4f01
SHA256 1480256f337a2472a8f771340ee1f01c52c29fef6a808ddf1c97b46c211fa1b0
SHA512 7c3948ca71f5e17d3f631b385c81fb93e1f3399680c0634686c2a85366a0da3697a795376f08653b1dfc75deb773f5f00152343e4237bb55d85dc1bb93a6d70a

C:\Windows\System\NPRpxbw.exe

MD5 e1743138ede81d3c9aba780b220d74cf
SHA1 b061afe98f10028501d58d30506348869fa59086
SHA256 4db9000b80c85c4d256d192b77102aa9702cba4f4cac6d15e0f2ee6db1fa5f0d
SHA512 3890b9f0529eda8703c04d6b30da66c098062ca8f0236c0e86aa391ae0a99a483ad0b916cf6b8749cf591b683b60fa372f974a7a059bdc118053b351555eb321

memory/4216-167-0x00007FF64D140000-0x00007FF64D494000-memory.dmp

C:\Windows\System\PMLInWJ.exe

MD5 acd60a28bb90f73e65789bf850a14db4
SHA1 b00647ff3d946c60cc1ccd6ec7791feff376fb22
SHA256 3ba3d8764c03bcbe46192ff18361f3c68fc652e41b8bdcf765c1d8b2b619a6b0
SHA512 87458dc215cbea3c0f2c4fb3b84fd364db2c10fbaf771fa6f2deff8c2b36cb37325eac8b66ce4d7bafc44df66589f46f4d76d20d71a511b5bf6e1236d5fc7c2e

C:\Windows\System\lYuiADC.exe

MD5 d5f8361b6af1e714e4084441988377ef
SHA1 579af88b39d475a8598ad395933318a4aeba1115
SHA256 2e3d3ef0371f8f67cdc75d7e26ffef05dc8de2c3abd94c800ecc0d2294235de0
SHA512 00581c8167dd3fd76db0fbad7cc6c3760d45d19eaea0119d4f0a7d3d1fc5b38dd4e8406c119275790eaef669ae7bc7c275fe75e60ec86cc009c00dd5bfdfc140

memory/4336-40-0x00007FF6523C0000-0x00007FF652714000-memory.dmp

memory/988-36-0x00007FF6A2B70000-0x00007FF6A2EC4000-memory.dmp

C:\Windows\System\HIKvrYx.exe

MD5 828a17aa0a207197a827900e784196a2
SHA1 edd6f67755ac03c4148d218c408709b21ee4ab7e
SHA256 ea65ee7b2558278594a5c746dfddf43f7cb6b49d8c74b33e605aca948463ee08
SHA512 a0160b14188011f27085f2738cdc8cbd26bdf045c411d2b795b4ed400422d18483c5f6e386351139592045798b2b09b95b22dfeba1a9c5c4068931bcb3245502

C:\Windows\System\AoIMmHc.exe

MD5 cbc016d251202a676b2ed616a1db8c3b
SHA1 e75cbd1405a692bb64d529a73ef52f33f338ebb6
SHA256 3a12a37ae60e5863d992b055f895a3eae387656f40d3efb31cb43714ccdde42d
SHA512 36b046a1f28c20115693781075d94f36e50ad1b537393446d11ed727d04a996abb4f79cd99190b0ce2b6ac5ac64978284c5ae8b08f2546dd27190d032375525c

memory/2668-26-0x00007FF641D10000-0x00007FF642064000-memory.dmp

C:\Windows\System\eGUPvVQ.exe

MD5 9956fe3e44bd0efc295835b72e06222b
SHA1 a0b2acce8dae785b5adb0f94cfe624cd58fcfbf7
SHA256 65c178bae28a0628f9a7a55bb1aa7bdbc80ad50dcec1d4b714468b2155774ed0
SHA512 c819a0a94208b9557033b24387c8ec9ee66a0f082cf1b967c160ff652278e00c9ec27aad00d4b7ae933f3e33842615ea3760c30d8b9569011e0377235998131c

memory/4024-1071-0x00007FF66C620000-0x00007FF66C974000-memory.dmp

memory/1528-1072-0x00007FF66E0D0000-0x00007FF66E424000-memory.dmp

memory/2016-1073-0x00007FF772470000-0x00007FF7727C4000-memory.dmp

memory/2492-1074-0x00007FF690E40000-0x00007FF691194000-memory.dmp

memory/4492-1075-0x00007FF6A62C0000-0x00007FF6A6614000-memory.dmp

memory/3824-1076-0x00007FF72A900000-0x00007FF72AC54000-memory.dmp

memory/3984-1077-0x00007FF6A6B80000-0x00007FF6A6ED4000-memory.dmp

memory/1500-1078-0x00007FF6FC800000-0x00007FF6FCB54000-memory.dmp

memory/988-1079-0x00007FF6A2B70000-0x00007FF6A2EC4000-memory.dmp

memory/4336-1080-0x00007FF6523C0000-0x00007FF652714000-memory.dmp

memory/2668-1081-0x00007FF641D10000-0x00007FF642064000-memory.dmp

memory/3340-1082-0x00007FF6733D0000-0x00007FF673724000-memory.dmp

memory/1528-1084-0x00007FF66E0D0000-0x00007FF66E424000-memory.dmp

memory/3672-1083-0x00007FF7A8510000-0x00007FF7A8864000-memory.dmp

memory/2492-1086-0x00007FF690E40000-0x00007FF691194000-memory.dmp

memory/4608-1090-0x00007FF759C80000-0x00007FF759FD4000-memory.dmp

memory/3336-1092-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp

memory/4092-1091-0x00007FF6D9D00000-0x00007FF6DA054000-memory.dmp

memory/2016-1089-0x00007FF772470000-0x00007FF7727C4000-memory.dmp

memory/2968-1088-0x00007FF6CCCA0000-0x00007FF6CCFF4000-memory.dmp

memory/2500-1087-0x00007FF660AB0000-0x00007FF660E04000-memory.dmp

memory/4024-1085-0x00007FF66C620000-0x00007FF66C974000-memory.dmp

memory/2000-1096-0x00007FF6FF640000-0x00007FF6FF994000-memory.dmp

memory/2296-1098-0x00007FF613E30000-0x00007FF614184000-memory.dmp

memory/1952-1097-0x00007FF68AA70000-0x00007FF68ADC4000-memory.dmp

memory/3656-1095-0x00007FF7CB940000-0x00007FF7CBC94000-memory.dmp

memory/3896-1094-0x00007FF67CDB0000-0x00007FF67D104000-memory.dmp

memory/1040-1093-0x00007FF7ABE00000-0x00007FF7AC154000-memory.dmp

memory/4484-1099-0x00007FF6DC3B0000-0x00007FF6DC704000-memory.dmp

memory/4716-1101-0x00007FF7DC590000-0x00007FF7DC8E4000-memory.dmp

memory/3516-1100-0x00007FF650DF0000-0x00007FF651144000-memory.dmp

memory/4492-1102-0x00007FF6A62C0000-0x00007FF6A6614000-memory.dmp

memory/4216-1103-0x00007FF64D140000-0x00007FF64D494000-memory.dmp

memory/4224-1104-0x00007FF70FB00000-0x00007FF70FE54000-memory.dmp

memory/3824-1105-0x00007FF72A900000-0x00007FF72AC54000-memory.dmp