Malware Analysis Report

2024-10-16 07:25

Sample ID 240601-242eeaag65
Target 08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe
SHA256 03bc4575187902517a058904a5be5809999da629f702c2d6baf8afa16320ce3c
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

03bc4575187902517a058904a5be5809999da629f702c2d6baf8afa16320ce3c

Threat Level: Known bad

The file 08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

XMRig Miner payload

Xmrig family

KPOT

xmrig

KPOT Core Executable

Kpot family

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 23:08

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 23:08

Reported

2024-06-01 23:11

Platform

win7-20240508-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mZYghDv.exe N/A
N/A N/A C:\Windows\System\jbRQTpg.exe N/A
N/A N/A C:\Windows\System\gfnXZzT.exe N/A
N/A N/A C:\Windows\System\xouzVQr.exe N/A
N/A N/A C:\Windows\System\IgWyFhg.exe N/A
N/A N/A C:\Windows\System\IaAZXLL.exe N/A
N/A N/A C:\Windows\System\qrTUWzo.exe N/A
N/A N/A C:\Windows\System\CcaKLqY.exe N/A
N/A N/A C:\Windows\System\cBLisLj.exe N/A
N/A N/A C:\Windows\System\VQwSKON.exe N/A
N/A N/A C:\Windows\System\GISLfpR.exe N/A
N/A N/A C:\Windows\System\VwembSE.exe N/A
N/A N/A C:\Windows\System\CyBewno.exe N/A
N/A N/A C:\Windows\System\qmUBPfP.exe N/A
N/A N/A C:\Windows\System\LyRUhAq.exe N/A
N/A N/A C:\Windows\System\emMOxLb.exe N/A
N/A N/A C:\Windows\System\aPGyYdo.exe N/A
N/A N/A C:\Windows\System\zURkJAR.exe N/A
N/A N/A C:\Windows\System\yTlbEDX.exe N/A
N/A N/A C:\Windows\System\HbJGLRQ.exe N/A
N/A N/A C:\Windows\System\turpukG.exe N/A
N/A N/A C:\Windows\System\lJVxYfp.exe N/A
N/A N/A C:\Windows\System\VZeRMrH.exe N/A
N/A N/A C:\Windows\System\oQOxlFo.exe N/A
N/A N/A C:\Windows\System\PxJkiMz.exe N/A
N/A N/A C:\Windows\System\BbVEvqc.exe N/A
N/A N/A C:\Windows\System\ZgGfTpp.exe N/A
N/A N/A C:\Windows\System\BAJJLWl.exe N/A
N/A N/A C:\Windows\System\rSxRwFY.exe N/A
N/A N/A C:\Windows\System\zzxwzuz.exe N/A
N/A N/A C:\Windows\System\IBDypWj.exe N/A
N/A N/A C:\Windows\System\wEbMYjb.exe N/A
N/A N/A C:\Windows\System\YhQJAJU.exe N/A
N/A N/A C:\Windows\System\UEerBna.exe N/A
N/A N/A C:\Windows\System\FeKAnOF.exe N/A
N/A N/A C:\Windows\System\lyAMUAl.exe N/A
N/A N/A C:\Windows\System\LxwEutI.exe N/A
N/A N/A C:\Windows\System\LGfVIOE.exe N/A
N/A N/A C:\Windows\System\fTFnpqr.exe N/A
N/A N/A C:\Windows\System\tWslakw.exe N/A
N/A N/A C:\Windows\System\ZSoKolM.exe N/A
N/A N/A C:\Windows\System\pMeWEKz.exe N/A
N/A N/A C:\Windows\System\SHFiBeE.exe N/A
N/A N/A C:\Windows\System\OfHApqQ.exe N/A
N/A N/A C:\Windows\System\ynlZyKg.exe N/A
N/A N/A C:\Windows\System\wYMnLXX.exe N/A
N/A N/A C:\Windows\System\QCxalPv.exe N/A
N/A N/A C:\Windows\System\RTAQqqa.exe N/A
N/A N/A C:\Windows\System\JyTKuff.exe N/A
N/A N/A C:\Windows\System\wfBpiKT.exe N/A
N/A N/A C:\Windows\System\prNVAsY.exe N/A
N/A N/A C:\Windows\System\LNwFirp.exe N/A
N/A N/A C:\Windows\System\XLUzvpO.exe N/A
N/A N/A C:\Windows\System\qUmJGBv.exe N/A
N/A N/A C:\Windows\System\uUffwuM.exe N/A
N/A N/A C:\Windows\System\Obkorfr.exe N/A
N/A N/A C:\Windows\System\eIxybGY.exe N/A
N/A N/A C:\Windows\System\aefaCwD.exe N/A
N/A N/A C:\Windows\System\pbOEmNx.exe N/A
N/A N/A C:\Windows\System\AIwVnXW.exe N/A
N/A N/A C:\Windows\System\WxKaigG.exe N/A
N/A N/A C:\Windows\System\KnkDXic.exe N/A
N/A N/A C:\Windows\System\gmEusMZ.exe N/A
N/A N/A C:\Windows\System\tHduHBJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\IBDypWj.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BkOwPGR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZhRLdE.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\muPPLWi.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLaKaIt.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFAnFMV.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gehAfze.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOGZZaV.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aefaCwD.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqXxRLR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFLMHxJ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGtAlNQ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\liCQHxU.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahWWNJw.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpHEIUt.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHCCSgW.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uEDVbDG.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxwEutI.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHEULLU.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qeCcfId.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\civFATb.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcaKLqY.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkoVNAn.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jlaiZfo.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTrDPgR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLtlDUa.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qrTUWzo.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgGfTpp.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WTkAkcB.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNahdgN.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDoGzTS.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCGwSCm.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fYBxqys.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bJMTmqm.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CagtAMi.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PJonyqv.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVgZwXQ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvQgjSp.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\udAhJTH.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWBoaVs.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUpxMzQ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpWCJlI.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROIbfne.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrOVNBB.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHFiBeE.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOouHOp.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIiWEGh.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBhHSgA.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hidFlZE.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgWyFhg.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnEwmOY.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBQCCrO.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\slTfthr.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkUinLL.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbRQTpg.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxfaMHR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzwDYzd.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEerBna.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOzywRZ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKySSTV.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDKwhBR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVQKdlC.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MThQHOd.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbvawsH.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2848 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\gfnXZzT.exe
PID 2848 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\gfnXZzT.exe
PID 2848 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\gfnXZzT.exe
PID 2848 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\mZYghDv.exe
PID 2848 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\mZYghDv.exe
PID 2848 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\mZYghDv.exe
PID 2848 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IgWyFhg.exe
PID 2848 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IgWyFhg.exe
PID 2848 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IgWyFhg.exe
PID 2848 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\jbRQTpg.exe
PID 2848 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\jbRQTpg.exe
PID 2848 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\jbRQTpg.exe
PID 2848 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IaAZXLL.exe
PID 2848 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IaAZXLL.exe
PID 2848 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IaAZXLL.exe
PID 2848 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\xouzVQr.exe
PID 2848 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\xouzVQr.exe
PID 2848 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\xouzVQr.exe
PID 2848 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CcaKLqY.exe
PID 2848 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CcaKLqY.exe
PID 2848 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CcaKLqY.exe
PID 2848 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qrTUWzo.exe
PID 2848 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qrTUWzo.exe
PID 2848 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qrTUWzo.exe
PID 2848 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\cBLisLj.exe
PID 2848 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\cBLisLj.exe
PID 2848 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\cBLisLj.exe
PID 2848 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VQwSKON.exe
PID 2848 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VQwSKON.exe
PID 2848 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VQwSKON.exe
PID 2848 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\GISLfpR.exe
PID 2848 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\GISLfpR.exe
PID 2848 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\GISLfpR.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VwembSE.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VwembSE.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VwembSE.exe
PID 2848 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CyBewno.exe
PID 2848 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CyBewno.exe
PID 2848 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\CyBewno.exe
PID 2848 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qmUBPfP.exe
PID 2848 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qmUBPfP.exe
PID 2848 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qmUBPfP.exe
PID 2848 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\LyRUhAq.exe
PID 2848 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\LyRUhAq.exe
PID 2848 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\LyRUhAq.exe
PID 2848 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\emMOxLb.exe
PID 2848 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\emMOxLb.exe
PID 2848 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\emMOxLb.exe
PID 2848 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\aPGyYdo.exe
PID 2848 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\aPGyYdo.exe
PID 2848 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\aPGyYdo.exe
PID 2848 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\zURkJAR.exe
PID 2848 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\zURkJAR.exe
PID 2848 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\zURkJAR.exe
PID 2848 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\yTlbEDX.exe
PID 2848 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\yTlbEDX.exe
PID 2848 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\yTlbEDX.exe
PID 2848 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\HbJGLRQ.exe
PID 2848 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\HbJGLRQ.exe
PID 2848 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\HbJGLRQ.exe
PID 2848 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\turpukG.exe
PID 2848 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\turpukG.exe
PID 2848 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\turpukG.exe
PID 2848 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\lJVxYfp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe"

C:\Windows\System\gfnXZzT.exe

C:\Windows\System\gfnXZzT.exe

C:\Windows\System\mZYghDv.exe

C:\Windows\System\mZYghDv.exe

C:\Windows\System\IgWyFhg.exe

C:\Windows\System\IgWyFhg.exe

C:\Windows\System\jbRQTpg.exe

C:\Windows\System\jbRQTpg.exe

C:\Windows\System\IaAZXLL.exe

C:\Windows\System\IaAZXLL.exe

C:\Windows\System\xouzVQr.exe

C:\Windows\System\xouzVQr.exe

C:\Windows\System\CcaKLqY.exe

C:\Windows\System\CcaKLqY.exe

C:\Windows\System\qrTUWzo.exe

C:\Windows\System\qrTUWzo.exe

C:\Windows\System\cBLisLj.exe

C:\Windows\System\cBLisLj.exe

C:\Windows\System\VQwSKON.exe

C:\Windows\System\VQwSKON.exe

C:\Windows\System\GISLfpR.exe

C:\Windows\System\GISLfpR.exe

C:\Windows\System\VwembSE.exe

C:\Windows\System\VwembSE.exe

C:\Windows\System\CyBewno.exe

C:\Windows\System\CyBewno.exe

C:\Windows\System\qmUBPfP.exe

C:\Windows\System\qmUBPfP.exe

C:\Windows\System\LyRUhAq.exe

C:\Windows\System\LyRUhAq.exe

C:\Windows\System\emMOxLb.exe

C:\Windows\System\emMOxLb.exe

C:\Windows\System\aPGyYdo.exe

C:\Windows\System\aPGyYdo.exe

C:\Windows\System\zURkJAR.exe

C:\Windows\System\zURkJAR.exe

C:\Windows\System\yTlbEDX.exe

C:\Windows\System\yTlbEDX.exe

C:\Windows\System\HbJGLRQ.exe

C:\Windows\System\HbJGLRQ.exe

C:\Windows\System\turpukG.exe

C:\Windows\System\turpukG.exe

C:\Windows\System\lJVxYfp.exe

C:\Windows\System\lJVxYfp.exe

C:\Windows\System\VZeRMrH.exe

C:\Windows\System\VZeRMrH.exe

C:\Windows\System\oQOxlFo.exe

C:\Windows\System\oQOxlFo.exe

C:\Windows\System\PxJkiMz.exe

C:\Windows\System\PxJkiMz.exe

C:\Windows\System\BbVEvqc.exe

C:\Windows\System\BbVEvqc.exe

C:\Windows\System\ZgGfTpp.exe

C:\Windows\System\ZgGfTpp.exe

C:\Windows\System\BAJJLWl.exe

C:\Windows\System\BAJJLWl.exe

C:\Windows\System\rSxRwFY.exe

C:\Windows\System\rSxRwFY.exe

C:\Windows\System\zzxwzuz.exe

C:\Windows\System\zzxwzuz.exe

C:\Windows\System\IBDypWj.exe

C:\Windows\System\IBDypWj.exe

C:\Windows\System\wEbMYjb.exe

C:\Windows\System\wEbMYjb.exe

C:\Windows\System\YhQJAJU.exe

C:\Windows\System\YhQJAJU.exe

C:\Windows\System\UEerBna.exe

C:\Windows\System\UEerBna.exe

C:\Windows\System\FeKAnOF.exe

C:\Windows\System\FeKAnOF.exe

C:\Windows\System\lyAMUAl.exe

C:\Windows\System\lyAMUAl.exe

C:\Windows\System\LxwEutI.exe

C:\Windows\System\LxwEutI.exe

C:\Windows\System\LGfVIOE.exe

C:\Windows\System\LGfVIOE.exe

C:\Windows\System\fTFnpqr.exe

C:\Windows\System\fTFnpqr.exe

C:\Windows\System\tWslakw.exe

C:\Windows\System\tWslakw.exe

C:\Windows\System\ZSoKolM.exe

C:\Windows\System\ZSoKolM.exe

C:\Windows\System\pMeWEKz.exe

C:\Windows\System\pMeWEKz.exe

C:\Windows\System\SHFiBeE.exe

C:\Windows\System\SHFiBeE.exe

C:\Windows\System\OfHApqQ.exe

C:\Windows\System\OfHApqQ.exe

C:\Windows\System\ynlZyKg.exe

C:\Windows\System\ynlZyKg.exe

C:\Windows\System\wYMnLXX.exe

C:\Windows\System\wYMnLXX.exe

C:\Windows\System\QCxalPv.exe

C:\Windows\System\QCxalPv.exe

C:\Windows\System\RTAQqqa.exe

C:\Windows\System\RTAQqqa.exe

C:\Windows\System\JyTKuff.exe

C:\Windows\System\JyTKuff.exe

C:\Windows\System\wfBpiKT.exe

C:\Windows\System\wfBpiKT.exe

C:\Windows\System\LNwFirp.exe

C:\Windows\System\LNwFirp.exe

C:\Windows\System\prNVAsY.exe

C:\Windows\System\prNVAsY.exe

C:\Windows\System\XLUzvpO.exe

C:\Windows\System\XLUzvpO.exe

C:\Windows\System\qUmJGBv.exe

C:\Windows\System\qUmJGBv.exe

C:\Windows\System\uUffwuM.exe

C:\Windows\System\uUffwuM.exe

C:\Windows\System\Obkorfr.exe

C:\Windows\System\Obkorfr.exe

C:\Windows\System\eIxybGY.exe

C:\Windows\System\eIxybGY.exe

C:\Windows\System\aefaCwD.exe

C:\Windows\System\aefaCwD.exe

C:\Windows\System\pbOEmNx.exe

C:\Windows\System\pbOEmNx.exe

C:\Windows\System\AIwVnXW.exe

C:\Windows\System\AIwVnXW.exe

C:\Windows\System\KnkDXic.exe

C:\Windows\System\KnkDXic.exe

C:\Windows\System\WxKaigG.exe

C:\Windows\System\WxKaigG.exe

C:\Windows\System\gmEusMZ.exe

C:\Windows\System\gmEusMZ.exe

C:\Windows\System\tHduHBJ.exe

C:\Windows\System\tHduHBJ.exe

C:\Windows\System\bJMTmqm.exe

C:\Windows\System\bJMTmqm.exe

C:\Windows\System\yLUkWfw.exe

C:\Windows\System\yLUkWfw.exe

C:\Windows\System\hnjfXTi.exe

C:\Windows\System\hnjfXTi.exe

C:\Windows\System\roVsTuw.exe

C:\Windows\System\roVsTuw.exe

C:\Windows\System\xsjfeWb.exe

C:\Windows\System\xsjfeWb.exe

C:\Windows\System\RLakase.exe

C:\Windows\System\RLakase.exe

C:\Windows\System\jJGEAWd.exe

C:\Windows\System\jJGEAWd.exe

C:\Windows\System\tLsOqme.exe

C:\Windows\System\tLsOqme.exe

C:\Windows\System\HOIHIPm.exe

C:\Windows\System\HOIHIPm.exe

C:\Windows\System\VgBXZSd.exe

C:\Windows\System\VgBXZSd.exe

C:\Windows\System\TBYlEvV.exe

C:\Windows\System\TBYlEvV.exe

C:\Windows\System\iBVRWWc.exe

C:\Windows\System\iBVRWWc.exe

C:\Windows\System\mhvCwao.exe

C:\Windows\System\mhvCwao.exe

C:\Windows\System\ErHKGUZ.exe

C:\Windows\System\ErHKGUZ.exe

C:\Windows\System\rLimTPq.exe

C:\Windows\System\rLimTPq.exe

C:\Windows\System\XGSFxdl.exe

C:\Windows\System\XGSFxdl.exe

C:\Windows\System\CyyfxNd.exe

C:\Windows\System\CyyfxNd.exe

C:\Windows\System\ajUxbKX.exe

C:\Windows\System\ajUxbKX.exe

C:\Windows\System\BwHhvYA.exe

C:\Windows\System\BwHhvYA.exe

C:\Windows\System\ahWWNJw.exe

C:\Windows\System\ahWWNJw.exe

C:\Windows\System\pYjjyPO.exe

C:\Windows\System\pYjjyPO.exe

C:\Windows\System\Nhczhkx.exe

C:\Windows\System\Nhczhkx.exe

C:\Windows\System\QuvKRVf.exe

C:\Windows\System\QuvKRVf.exe

C:\Windows\System\TVIxTBH.exe

C:\Windows\System\TVIxTBH.exe

C:\Windows\System\BkOwPGR.exe

C:\Windows\System\BkOwPGR.exe

C:\Windows\System\NkNElwF.exe

C:\Windows\System\NkNElwF.exe

C:\Windows\System\muPPLWi.exe

C:\Windows\System\muPPLWi.exe

C:\Windows\System\MBTqXAc.exe

C:\Windows\System\MBTqXAc.exe

C:\Windows\System\fiNXypR.exe

C:\Windows\System\fiNXypR.exe

C:\Windows\System\wGMkTIE.exe

C:\Windows\System\wGMkTIE.exe

C:\Windows\System\kOouHOp.exe

C:\Windows\System\kOouHOp.exe

C:\Windows\System\kIOcKWU.exe

C:\Windows\System\kIOcKWU.exe

C:\Windows\System\fZKCTLk.exe

C:\Windows\System\fZKCTLk.exe

C:\Windows\System\CagtAMi.exe

C:\Windows\System\CagtAMi.exe

C:\Windows\System\InWMpQn.exe

C:\Windows\System\InWMpQn.exe

C:\Windows\System\uAsUxAP.exe

C:\Windows\System\uAsUxAP.exe

C:\Windows\System\RhneJOZ.exe

C:\Windows\System\RhneJOZ.exe

C:\Windows\System\DMwnumt.exe

C:\Windows\System\DMwnumt.exe

C:\Windows\System\OkoVNAn.exe

C:\Windows\System\OkoVNAn.exe

C:\Windows\System\iViNcvG.exe

C:\Windows\System\iViNcvG.exe

C:\Windows\System\XTfKAqj.exe

C:\Windows\System\XTfKAqj.exe

C:\Windows\System\kdvbAIj.exe

C:\Windows\System\kdvbAIj.exe

C:\Windows\System\OhnrLfF.exe

C:\Windows\System\OhnrLfF.exe

C:\Windows\System\hwgeEXU.exe

C:\Windows\System\hwgeEXU.exe

C:\Windows\System\gaNrwFY.exe

C:\Windows\System\gaNrwFY.exe

C:\Windows\System\BeZvVtK.exe

C:\Windows\System\BeZvVtK.exe

C:\Windows\System\ExgJZBE.exe

C:\Windows\System\ExgJZBE.exe

C:\Windows\System\pdKnKuV.exe

C:\Windows\System\pdKnKuV.exe

C:\Windows\System\hDlARGd.exe

C:\Windows\System\hDlARGd.exe

C:\Windows\System\NZOdMMc.exe

C:\Windows\System\NZOdMMc.exe

C:\Windows\System\cRwBQEF.exe

C:\Windows\System\cRwBQEF.exe

C:\Windows\System\uEDVbDG.exe

C:\Windows\System\uEDVbDG.exe

C:\Windows\System\LiUyTqC.exe

C:\Windows\System\LiUyTqC.exe

C:\Windows\System\zOTUwBu.exe

C:\Windows\System\zOTUwBu.exe

C:\Windows\System\vlSLWNM.exe

C:\Windows\System\vlSLWNM.exe

C:\Windows\System\rHAxkLd.exe

C:\Windows\System\rHAxkLd.exe

C:\Windows\System\CmtNARX.exe

C:\Windows\System\CmtNARX.exe

C:\Windows\System\aIkOBUh.exe

C:\Windows\System\aIkOBUh.exe

C:\Windows\System\ePXfzMI.exe

C:\Windows\System\ePXfzMI.exe

C:\Windows\System\peOBiul.exe

C:\Windows\System\peOBiul.exe

C:\Windows\System\HqKvgWw.exe

C:\Windows\System\HqKvgWw.exe

C:\Windows\System\udAhJTH.exe

C:\Windows\System\udAhJTH.exe

C:\Windows\System\hxfaMHR.exe

C:\Windows\System\hxfaMHR.exe

C:\Windows\System\wcIpRlP.exe

C:\Windows\System\wcIpRlP.exe

C:\Windows\System\PRDUnMw.exe

C:\Windows\System\PRDUnMw.exe

C:\Windows\System\tYxLzoI.exe

C:\Windows\System\tYxLzoI.exe

C:\Windows\System\hQFBniT.exe

C:\Windows\System\hQFBniT.exe

C:\Windows\System\JAWhOOk.exe

C:\Windows\System\JAWhOOk.exe

C:\Windows\System\KIOsxBZ.exe

C:\Windows\System\KIOsxBZ.exe

C:\Windows\System\xQsmJTZ.exe

C:\Windows\System\xQsmJTZ.exe

C:\Windows\System\ttkUAkS.exe

C:\Windows\System\ttkUAkS.exe

C:\Windows\System\PJonyqv.exe

C:\Windows\System\PJonyqv.exe

C:\Windows\System\LIiWEGh.exe

C:\Windows\System\LIiWEGh.exe

C:\Windows\System\TCThxzf.exe

C:\Windows\System\TCThxzf.exe

C:\Windows\System\XUmNaTT.exe

C:\Windows\System\XUmNaTT.exe

C:\Windows\System\zipicAd.exe

C:\Windows\System\zipicAd.exe

C:\Windows\System\wbVahZv.exe

C:\Windows\System\wbVahZv.exe

C:\Windows\System\cVgZwXQ.exe

C:\Windows\System\cVgZwXQ.exe

C:\Windows\System\DVemppB.exe

C:\Windows\System\DVemppB.exe

C:\Windows\System\WVZLikZ.exe

C:\Windows\System\WVZLikZ.exe

C:\Windows\System\HhsSJwp.exe

C:\Windows\System\HhsSJwp.exe

C:\Windows\System\VxLLjsf.exe

C:\Windows\System\VxLLjsf.exe

C:\Windows\System\kQcffCH.exe

C:\Windows\System\kQcffCH.exe

C:\Windows\System\XIxqGbw.exe

C:\Windows\System\XIxqGbw.exe

C:\Windows\System\MILOjvf.exe

C:\Windows\System\MILOjvf.exe

C:\Windows\System\bduLEcq.exe

C:\Windows\System\bduLEcq.exe

C:\Windows\System\gkNluVb.exe

C:\Windows\System\gkNluVb.exe

C:\Windows\System\tUGLeiA.exe

C:\Windows\System\tUGLeiA.exe

C:\Windows\System\DzBdkrE.exe

C:\Windows\System\DzBdkrE.exe

C:\Windows\System\AceMNjs.exe

C:\Windows\System\AceMNjs.exe

C:\Windows\System\esImVsi.exe

C:\Windows\System\esImVsi.exe

C:\Windows\System\zIglWoP.exe

C:\Windows\System\zIglWoP.exe

C:\Windows\System\NdNROaE.exe

C:\Windows\System\NdNROaE.exe

C:\Windows\System\CxCtVRG.exe

C:\Windows\System\CxCtVRG.exe

C:\Windows\System\WwXLUkm.exe

C:\Windows\System\WwXLUkm.exe

C:\Windows\System\enifkkc.exe

C:\Windows\System\enifkkc.exe

C:\Windows\System\DDKwhBR.exe

C:\Windows\System\DDKwhBR.exe

C:\Windows\System\eOzywRZ.exe

C:\Windows\System\eOzywRZ.exe

C:\Windows\System\qnFvHzi.exe

C:\Windows\System\qnFvHzi.exe

C:\Windows\System\wLaKaIt.exe

C:\Windows\System\wLaKaIt.exe

C:\Windows\System\peCbtMo.exe

C:\Windows\System\peCbtMo.exe

C:\Windows\System\jrjGvQm.exe

C:\Windows\System\jrjGvQm.exe

C:\Windows\System\vtJoxLQ.exe

C:\Windows\System\vtJoxLQ.exe

C:\Windows\System\KzwDYzd.exe

C:\Windows\System\KzwDYzd.exe

C:\Windows\System\ZmZAoPa.exe

C:\Windows\System\ZmZAoPa.exe

C:\Windows\System\qARUVzq.exe

C:\Windows\System\qARUVzq.exe

C:\Windows\System\JWBoaVs.exe

C:\Windows\System\JWBoaVs.exe

C:\Windows\System\FBYpOfd.exe

C:\Windows\System\FBYpOfd.exe

C:\Windows\System\YQqNwZB.exe

C:\Windows\System\YQqNwZB.exe

C:\Windows\System\sZhRLdE.exe

C:\Windows\System\sZhRLdE.exe

C:\Windows\System\INkhlem.exe

C:\Windows\System\INkhlem.exe

C:\Windows\System\sqhlUHS.exe

C:\Windows\System\sqhlUHS.exe

C:\Windows\System\fBhHSgA.exe

C:\Windows\System\fBhHSgA.exe

C:\Windows\System\hKHQCbL.exe

C:\Windows\System\hKHQCbL.exe

C:\Windows\System\gUkEzaD.exe

C:\Windows\System\gUkEzaD.exe

C:\Windows\System\DVzXudg.exe

C:\Windows\System\DVzXudg.exe

C:\Windows\System\WTkAkcB.exe

C:\Windows\System\WTkAkcB.exe

C:\Windows\System\JNahdgN.exe

C:\Windows\System\JNahdgN.exe

C:\Windows\System\OnEwmOY.exe

C:\Windows\System\OnEwmOY.exe

C:\Windows\System\WlhKJBJ.exe

C:\Windows\System\WlhKJBJ.exe

C:\Windows\System\jqXxRLR.exe

C:\Windows\System\jqXxRLR.exe

C:\Windows\System\FVQKdlC.exe

C:\Windows\System\FVQKdlC.exe

C:\Windows\System\yFAnFMV.exe

C:\Windows\System\yFAnFMV.exe

C:\Windows\System\jlaiZfo.exe

C:\Windows\System\jlaiZfo.exe

C:\Windows\System\gBQCCrO.exe

C:\Windows\System\gBQCCrO.exe

C:\Windows\System\eEhhwBB.exe

C:\Windows\System\eEhhwBB.exe

C:\Windows\System\TFLMHxJ.exe

C:\Windows\System\TFLMHxJ.exe

C:\Windows\System\eIbwPur.exe

C:\Windows\System\eIbwPur.exe

C:\Windows\System\YUUUeBL.exe

C:\Windows\System\YUUUeBL.exe

C:\Windows\System\fMOGSmq.exe

C:\Windows\System\fMOGSmq.exe

C:\Windows\System\JjDuJJW.exe

C:\Windows\System\JjDuJJW.exe

C:\Windows\System\AGtAlNQ.exe

C:\Windows\System\AGtAlNQ.exe

C:\Windows\System\OzdeOxp.exe

C:\Windows\System\OzdeOxp.exe

C:\Windows\System\GhBrYQg.exe

C:\Windows\System\GhBrYQg.exe

C:\Windows\System\sLQmvxf.exe

C:\Windows\System\sLQmvxf.exe

C:\Windows\System\ZqsromZ.exe

C:\Windows\System\ZqsromZ.exe

C:\Windows\System\hTrDPgR.exe

C:\Windows\System\hTrDPgR.exe

C:\Windows\System\FLtlDUa.exe

C:\Windows\System\FLtlDUa.exe

C:\Windows\System\tyEqGfI.exe

C:\Windows\System\tyEqGfI.exe

C:\Windows\System\qPcsCBx.exe

C:\Windows\System\qPcsCBx.exe

C:\Windows\System\WgLlXRj.exe

C:\Windows\System\WgLlXRj.exe

C:\Windows\System\pYmymcj.exe

C:\Windows\System\pYmymcj.exe

C:\Windows\System\sHUDNhd.exe

C:\Windows\System\sHUDNhd.exe

C:\Windows\System\xfTtUfv.exe

C:\Windows\System\xfTtUfv.exe

C:\Windows\System\hJVHMxe.exe

C:\Windows\System\hJVHMxe.exe

C:\Windows\System\HNukAfZ.exe

C:\Windows\System\HNukAfZ.exe

C:\Windows\System\RSKwpkF.exe

C:\Windows\System\RSKwpkF.exe

C:\Windows\System\JXWxagI.exe

C:\Windows\System\JXWxagI.exe

C:\Windows\System\rHHYhXH.exe

C:\Windows\System\rHHYhXH.exe

C:\Windows\System\iSyduCn.exe

C:\Windows\System\iSyduCn.exe

C:\Windows\System\tXqtWEr.exe

C:\Windows\System\tXqtWEr.exe

C:\Windows\System\WmkeqDX.exe

C:\Windows\System\WmkeqDX.exe

C:\Windows\System\rbKonWS.exe

C:\Windows\System\rbKonWS.exe

C:\Windows\System\jmyEOKB.exe

C:\Windows\System\jmyEOKB.exe

C:\Windows\System\SrZFPOE.exe

C:\Windows\System\SrZFPOE.exe

C:\Windows\System\civFATb.exe

C:\Windows\System\civFATb.exe

C:\Windows\System\LKySSTV.exe

C:\Windows\System\LKySSTV.exe

C:\Windows\System\OdJkkwA.exe

C:\Windows\System\OdJkkwA.exe

C:\Windows\System\hidFlZE.exe

C:\Windows\System\hidFlZE.exe

C:\Windows\System\LAZlTkZ.exe

C:\Windows\System\LAZlTkZ.exe

C:\Windows\System\FlsMGVF.exe

C:\Windows\System\FlsMGVF.exe

C:\Windows\System\eRuvdMq.exe

C:\Windows\System\eRuvdMq.exe

C:\Windows\System\DKBSvbs.exe

C:\Windows\System\DKBSvbs.exe

C:\Windows\System\rvzaehP.exe

C:\Windows\System\rvzaehP.exe

C:\Windows\System\MThQHOd.exe

C:\Windows\System\MThQHOd.exe

C:\Windows\System\uepXPZr.exe

C:\Windows\System\uepXPZr.exe

C:\Windows\System\wvQgjSp.exe

C:\Windows\System\wvQgjSp.exe

C:\Windows\System\xbvawsH.exe

C:\Windows\System\xbvawsH.exe

C:\Windows\System\FIhvmCR.exe

C:\Windows\System\FIhvmCR.exe

C:\Windows\System\TmeMPHv.exe

C:\Windows\System\TmeMPHv.exe

C:\Windows\System\DRHgiMZ.exe

C:\Windows\System\DRHgiMZ.exe

C:\Windows\System\qDdmjCJ.exe

C:\Windows\System\qDdmjCJ.exe

C:\Windows\System\fwKaINp.exe

C:\Windows\System\fwKaINp.exe

C:\Windows\System\DgTMYcf.exe

C:\Windows\System\DgTMYcf.exe

C:\Windows\System\SGvbHWP.exe

C:\Windows\System\SGvbHWP.exe

C:\Windows\System\OQzaWYl.exe

C:\Windows\System\OQzaWYl.exe

C:\Windows\System\CzyxrFO.exe

C:\Windows\System\CzyxrFO.exe

C:\Windows\System\NefudaV.exe

C:\Windows\System\NefudaV.exe

C:\Windows\System\ruAPKtE.exe

C:\Windows\System\ruAPKtE.exe

C:\Windows\System\CbVyAxO.exe

C:\Windows\System\CbVyAxO.exe

C:\Windows\System\EDoGzTS.exe

C:\Windows\System\EDoGzTS.exe

C:\Windows\System\MdjfZBc.exe

C:\Windows\System\MdjfZBc.exe

C:\Windows\System\mCcvFKU.exe

C:\Windows\System\mCcvFKU.exe

C:\Windows\System\RqVWsuT.exe

C:\Windows\System\RqVWsuT.exe

C:\Windows\System\xePrUsj.exe

C:\Windows\System\xePrUsj.exe

C:\Windows\System\HBNmGPA.exe

C:\Windows\System\HBNmGPA.exe

C:\Windows\System\tmtuodw.exe

C:\Windows\System\tmtuodw.exe

C:\Windows\System\TkUinLL.exe

C:\Windows\System\TkUinLL.exe

C:\Windows\System\PpSBFsS.exe

C:\Windows\System\PpSBFsS.exe

C:\Windows\System\slTfthr.exe

C:\Windows\System\slTfthr.exe

C:\Windows\System\fWdnVls.exe

C:\Windows\System\fWdnVls.exe

C:\Windows\System\rrXTvIq.exe

C:\Windows\System\rrXTvIq.exe

C:\Windows\System\WpHEIUt.exe

C:\Windows\System\WpHEIUt.exe

C:\Windows\System\caLxdRK.exe

C:\Windows\System\caLxdRK.exe

C:\Windows\System\EVNzbJa.exe

C:\Windows\System\EVNzbJa.exe

C:\Windows\System\PMXxyGw.exe

C:\Windows\System\PMXxyGw.exe

C:\Windows\System\QlBCQKA.exe

C:\Windows\System\QlBCQKA.exe

C:\Windows\System\xrvNaYD.exe

C:\Windows\System\xrvNaYD.exe

C:\Windows\System\YpWCJlI.exe

C:\Windows\System\YpWCJlI.exe

C:\Windows\System\ROIbfne.exe

C:\Windows\System\ROIbfne.exe

C:\Windows\System\XCKpRQg.exe

C:\Windows\System\XCKpRQg.exe

C:\Windows\System\WOGaRyo.exe

C:\Windows\System\WOGaRyo.exe

C:\Windows\System\XHCCSgW.exe

C:\Windows\System\XHCCSgW.exe

C:\Windows\System\JmkviVh.exe

C:\Windows\System\JmkviVh.exe

C:\Windows\System\ffKwPZq.exe

C:\Windows\System\ffKwPZq.exe

C:\Windows\System\vYcQqhe.exe

C:\Windows\System\vYcQqhe.exe

C:\Windows\System\vyXGREp.exe

C:\Windows\System\vyXGREp.exe

C:\Windows\System\fXyOzzL.exe

C:\Windows\System\fXyOzzL.exe

C:\Windows\System\lCkNmNe.exe

C:\Windows\System\lCkNmNe.exe

C:\Windows\System\TUYsCvu.exe

C:\Windows\System\TUYsCvu.exe

C:\Windows\System\uHEULLU.exe

C:\Windows\System\uHEULLU.exe

C:\Windows\System\MThxyIs.exe

C:\Windows\System\MThxyIs.exe

C:\Windows\System\FosyUgt.exe

C:\Windows\System\FosyUgt.exe

C:\Windows\System\OQAEInN.exe

C:\Windows\System\OQAEInN.exe

C:\Windows\System\EOpzhKH.exe

C:\Windows\System\EOpzhKH.exe

C:\Windows\System\PungPlM.exe

C:\Windows\System\PungPlM.exe

C:\Windows\System\TfBNmkp.exe

C:\Windows\System\TfBNmkp.exe

C:\Windows\System\sXvXgqJ.exe

C:\Windows\System\sXvXgqJ.exe

C:\Windows\System\liCQHxU.exe

C:\Windows\System\liCQHxU.exe

C:\Windows\System\qqZnJEC.exe

C:\Windows\System\qqZnJEC.exe

C:\Windows\System\gqiDYwk.exe

C:\Windows\System\gqiDYwk.exe

C:\Windows\System\qenhBmS.exe

C:\Windows\System\qenhBmS.exe

C:\Windows\System\dNEKIRW.exe

C:\Windows\System\dNEKIRW.exe

C:\Windows\System\QYZMUox.exe

C:\Windows\System\QYZMUox.exe

C:\Windows\System\DQZtSzi.exe

C:\Windows\System\DQZtSzi.exe

C:\Windows\System\MnNzvmp.exe

C:\Windows\System\MnNzvmp.exe

C:\Windows\System\zUpxMzQ.exe

C:\Windows\System\zUpxMzQ.exe

C:\Windows\System\YTKAViC.exe

C:\Windows\System\YTKAViC.exe

C:\Windows\System\jmoZJJk.exe

C:\Windows\System\jmoZJJk.exe

C:\Windows\System\BGkaXwc.exe

C:\Windows\System\BGkaXwc.exe

C:\Windows\System\XlOexrK.exe

C:\Windows\System\XlOexrK.exe

C:\Windows\System\ryhAFdi.exe

C:\Windows\System\ryhAFdi.exe

C:\Windows\System\ewLIAvx.exe

C:\Windows\System\ewLIAvx.exe

C:\Windows\System\sCMVuXS.exe

C:\Windows\System\sCMVuXS.exe

C:\Windows\System\hYZnHPh.exe

C:\Windows\System\hYZnHPh.exe

C:\Windows\System\gehAfze.exe

C:\Windows\System\gehAfze.exe

C:\Windows\System\CarraqL.exe

C:\Windows\System\CarraqL.exe

C:\Windows\System\IoXugOe.exe

C:\Windows\System\IoXugOe.exe

C:\Windows\System\pPQzMER.exe

C:\Windows\System\pPQzMER.exe

C:\Windows\System\DCGwSCm.exe

C:\Windows\System\DCGwSCm.exe

C:\Windows\System\qeCcfId.exe

C:\Windows\System\qeCcfId.exe

C:\Windows\System\fYBxqys.exe

C:\Windows\System\fYBxqys.exe

C:\Windows\System\ZGodcEy.exe

C:\Windows\System\ZGodcEy.exe

C:\Windows\System\tNRjsAY.exe

C:\Windows\System\tNRjsAY.exe

C:\Windows\System\NGNMvCt.exe

C:\Windows\System\NGNMvCt.exe

C:\Windows\System\VlSXAdY.exe

C:\Windows\System\VlSXAdY.exe

C:\Windows\System\bSWIAlI.exe

C:\Windows\System\bSWIAlI.exe

C:\Windows\System\LCtWXtI.exe

C:\Windows\System\LCtWXtI.exe

C:\Windows\System\BPVSOPy.exe

C:\Windows\System\BPVSOPy.exe

C:\Windows\System\QrOVNBB.exe

C:\Windows\System\QrOVNBB.exe

C:\Windows\System\oOGZZaV.exe

C:\Windows\System\oOGZZaV.exe

C:\Windows\System\HUYDQan.exe

C:\Windows\System\HUYDQan.exe

C:\Windows\System\xBZspeI.exe

C:\Windows\System\xBZspeI.exe

C:\Windows\System\rCEyuNN.exe

C:\Windows\System\rCEyuNN.exe

C:\Windows\System\rDuIuww.exe

C:\Windows\System\rDuIuww.exe

C:\Windows\System\vYrFgyn.exe

C:\Windows\System\vYrFgyn.exe

C:\Windows\System\dqJHWKs.exe

C:\Windows\System\dqJHWKs.exe

C:\Windows\System\IPUHecI.exe

C:\Windows\System\IPUHecI.exe

C:\Windows\System\yurHetO.exe

C:\Windows\System\yurHetO.exe

C:\Windows\System\gqzbbOY.exe

C:\Windows\System\gqzbbOY.exe

C:\Windows\System\vhwDHHY.exe

C:\Windows\System\vhwDHHY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2848-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/2848-2-0x000000013F140000-0x000000013F494000-memory.dmp

\Windows\system\gfnXZzT.exe

MD5 ff6604ceca7208192bc916ec7722b29e
SHA1 df8484ec1c89fa9414df77bbcecff7a47e613441
SHA256 686b2adf47423e3ffaa49b8707961b4f5c868af54023298209ccb8246af2e540
SHA512 1d87e5df21fea00a8fe7e14687b1f1569cc482bfbe7ef0a3363ca5c9e73bebc3ba7425320b5e6a5958167b1cae643f0e35b525bc4e0567c32343cbced4d96563

memory/2848-8-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2848-35-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/3036-46-0x000000013F5D0000-0x000000013F924000-memory.dmp

\Windows\system\qrTUWzo.exe

MD5 52cb44abe88f7c65efccaa23020a6e81
SHA1 f1df269996340898e864508dcfff32568f24a542
SHA256 d501f5724e211bdda61d975f54cab2ac25f189357ac47a41d24c01f4b0453567
SHA512 92aabb9656f4ff40265d794280b7ebf18cf30ca896520a6ad414c92abbafcf31b149035588f63793b504d753c867a2e2941697e27b99db9e32fadf3df91ce35a

memory/1956-36-0x000000013F030000-0x000000013F384000-memory.dmp

memory/3048-33-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\cBLisLj.exe

MD5 1359e0ba8e7dfdef9af6fc69c20e9aa9
SHA1 7c03d0f92e8f30ed087a629aec8decb012143a93
SHA256 18ce4093c7aa934d58d0df8fa6d468ae183adb6e51fb629fe02dfd6592f8021c
SHA512 1403329fe8e46d131c7e4554d428007595c9dac1594cd20febb8b8746067df81d0cefece35257fe6fcec4a55f2ca340c8ac17f50eb34eb1661a8c29a5ef659d8

C:\Windows\system\qmUBPfP.exe

MD5 438ee16e8f7d70e0080e3a4127fda8ef
SHA1 70f451e59c5990bf3c805ede918eb9b9f1bc77fd
SHA256 ef060efef4e740851ec03a542b567a8d09d7ceef84e19ad99ace4e4547eb4fda
SHA512 5c28e01c8595445c2c0ecf66316d2b9220e4b7981bef75a948f2891b36f5d1033abee2563332ca49791bd89fce260011610ddfc004ba0d5de8fc1c3f0b6fc233

\Windows\system\emMOxLb.exe

MD5 1315ac984f39da2badbb55ef3f868b67
SHA1 d9efb0a0bd080414071977b7238cbe693c6a4fa0
SHA256 a2b317cc4a2db3aed1a1d6d2cffb62029f64ae3c56ecd0246c73c2d8d9ea5531
SHA512 5f2c78c9f7f4116716cc34e074fa024eabb3ddef729f81784028f393b422df0ca6d11a8fa09e8fd7fa3206f620f4cbf01912d7c168ce405344f89098c0e59df2

C:\Windows\system\lJVxYfp.exe

MD5 af6fa06c62970c8b520f69591a5dedf6
SHA1 882d7f0a7f27f68a80bdbbc43460e27041ff38ac
SHA256 391cfbb466e0bbe1fe771449cdfef743df54ac6890750c3beb766cb3a162d74c
SHA512 fc6bf64d162978eacc45ddbdadea259eb928dbbaabd6b7433b8e35017778ea1401f3b8868434d822cdf7b2072cf71496266403f51f7c29a32a19a3bd512f87cc

C:\Windows\system\PxJkiMz.exe

MD5 825b17a45125b22d30e3035dba63b6e2
SHA1 eaf261c8399956134ca27e5d67f56c2df73db843
SHA256 8b71399e28c67d36ee65f1200ac545cacc34cf182be72171dd4d67ad9b8135fe
SHA512 52a1b7b769ff22ffde09845785fd2ea49f83e5c460b141860daa97ac15bba52582bd43b76c0170f07af1b857a52dec3ee302ac697913c02619201b4649a64bf8

memory/2808-621-0x000000013F4E0000-0x000000013F834000-memory.dmp

C:\Windows\system\wEbMYjb.exe

MD5 097cb63ac5cff44c391226cc1bb20ca3
SHA1 baad7f5306e9ef72e7baf7ad23389de4095e3b39
SHA256 6b6b2922b77063cdd4eec25f0965304b949353befdb064344e36037f5744b516
SHA512 152faf400b77f1b068a48590f23f7df4b8e4a57ccd25663fe077cfa0e0a8a8a73ed63a25ecc36786198dd73ad9b7ebbe94965abdb01eea747240f4ac51751d75

C:\Windows\system\IBDypWj.exe

MD5 eac42fa0609ec8bdc9f130a706eaff50
SHA1 f933bc808f68a2881e03ce42d5c99f4db46aaae3
SHA256 6ce68d9a57bfc8c73aa7f211c7ace39791006b3f65d6ee703914cedca7f3c444
SHA512 7b44236f40acaa3397c0164568cb2608416139df71df6791f9625db24bbb47aa8bde99cb47a6f48a2d754cb3e2bed8171e3947a8687ad54811e6ea29eef51816

C:\Windows\system\zzxwzuz.exe

MD5 6a89a5778a090483664fbc5d1893268f
SHA1 70af1dc8f3c448efffdc1063a127cb8860d26cd4
SHA256 0e3283701e32b9f4087a341bc2f9f4d4a23e7908ef1d9fdaf9504d06de387d4e
SHA512 8ab861f815031944aecfeba716a97d60ffc609b1d9ac085c0b63787cebd97edb014da8fe4ae885695046d031dcb6c01a1a59920b872efefeb17f21baf6cbe721

C:\Windows\system\rSxRwFY.exe

MD5 4f57c297fe55e6f3f52c5d0657e137ac
SHA1 70709ec44f9ed7bf44787a1c53c488c1e893914f
SHA256 fa1a1200d4f31fed7b0d7a10037914d5af43bc7a525a15452cad6ba7856ad7a1
SHA512 812e24ebb4e14169d6ea5ae1c227eb29669fb1eb1132364384c70a97fb8ddbea38c19d827ad2bbc5991c07584130c4b5087d6cbd4776c8a601e15c521369533a

C:\Windows\system\BAJJLWl.exe

MD5 e3474af2d0b5eeece9f095bfbcf0a1e5
SHA1 d763cfd7726e28dc694cb7a3bbb9ca89089a3a86
SHA256 ac6b2fbd7f9ee1d5fc6c1e54252f97edc50db90046a6f5e80a213074f3585552
SHA512 b5f63968e8ec8084b9637da4041bbb441cb223fdd809e12e3cedcff8a495c1db1b38ce17bd6629edab0bded077a45d8bee4e026d473cb20e4a60e28ab8046c34

C:\Windows\system\ZgGfTpp.exe

MD5 bd81762d760263f745021b5004e321aa
SHA1 faa6668cd34fbb14c20e4e254954b8a7cb6d26ba
SHA256 3cbdac2bbbc33a7c2461f3b9d1ebbe6c6eb6f905982160dde36c41605bb11480
SHA512 46fb89e0938b5ef60b0fe2207ca9b27cc03ef06e0799031c5dc341a77dcdb6c714130e2cdc9040e2a4478e19158ccf3222594c4aa26a05de4f585135f17d2d7f

C:\Windows\system\BbVEvqc.exe

MD5 0d43499c1220be6c9bf4f5cbdd202e72
SHA1 a29a018c0cd29984e2da0d601b67b0c47dbe9796
SHA256 da9572fa8df128d212365a3815c19d73ee725d325e72bafd757195197d19569d
SHA512 f5ada00831eb5811df2684d79d1efa27d5b8a3fe0dcfbd0ad6c03435c806d168c6e8408f246dbcd98c34a3e6804e42212874985e47de4abb06407ade6813f43f

C:\Windows\system\oQOxlFo.exe

MD5 1cacc795f017e1492bfeef26abdb42be
SHA1 2a4ed13fc5122af6c94c5273f939a7dfe75f9f65
SHA256 3964d382787815761bb8ec3c1ae3ebccdea21ad43896e8abc427f18ba0e199a6
SHA512 d36397c12f92d72bcf33731477279bc7691b44884dee3b145fa3de710f129b76001a1a1fccab143af6d259509f9b1d281697ef64e0d1de045f3f1a1f28ddb417

C:\Windows\system\VZeRMrH.exe

MD5 b5fb8a6a65c496b120001438120bdba4
SHA1 99895f67c43c5a399f998911b671e4fc53a8d769
SHA256 b783c825a8f43faa69e9e84dee2ed6f7ebffff687dbf3fb3c4d0a8ab8b1b8350
SHA512 64ee96b4a4133e8df5e8b793d2ff49eeeda8d789a8a7258d9521ff650250923479d50e1f376120c686b7660f7f81526983de271749da05e5046637ac54f3c656

C:\Windows\system\turpukG.exe

MD5 a0b3f0c6b1a5ceb7d37a837479bfb923
SHA1 073ae647fcb89d6b6f599c9da431352cff0faae2
SHA256 56564a88a18fae3cb54ee1fb4da46956074a7b3b973ad22647ee72bea5d80a80
SHA512 db48cb1543e71cba122d6f23416648db41dce119bf3254e13c033d5d7d59fa0c750e2d9169a56294b8e7f0e576898430926e9234948c828cd53a02372e94dbec

C:\Windows\system\yTlbEDX.exe

MD5 cd5bc2bc5f0556ec45e4f55dc3558f89
SHA1 0b274891d8ed4dc8813006ab70d4fbcbb265b888
SHA256 ba02fee31ce65858dcbdc9ce1cc32fb3d6a76e2ed0b0011bf1310dce2d5ebdb1
SHA512 70bf8c865d6f808919a85a3abcda02d5ddef9149327a9dd900b632eae1ed68e2eecb7a2c585c342438ae8c060ccd09af81b912d7282eea26b914d1493c8a15d5

C:\Windows\system\HbJGLRQ.exe

MD5 29750367cd5fb87c50d531779fbc6f1d
SHA1 dd46556b933d37452ca7c1298d733a919bfdbd11
SHA256 00656429ee7c2d6ad90dc4bb9f37b14bd92a1ee7458f65d125d72a0d1f635980
SHA512 f09706be9a16320cc0515594005494979ff9c3fe253bcb2176dfff06dbb06c2d816007a92e6aeeed1b9960eb0a055e82089fae37db7ad4ce1578bbe8a4b1f3d1

C:\Windows\system\zURkJAR.exe

MD5 a18e2208dde80e50b714e31febf76c8f
SHA1 97cab5e262ac456b455ff1a1a8912caa146ea42d
SHA256 1b363974d359ab5dadc3560cda63f3cc9f5aedfac8aaab491b6b6038b351575b
SHA512 e9790f68b9770923fc691af9635ecf5567b4e8ffe4e59a6ddd77fa443695c92272fc2db8acf32d76e59634d29b1c381a9807ea85b39258f9ccf30b62f7029e11

C:\Windows\system\aPGyYdo.exe

MD5 69261980686a482f981fd86fcf74ffd5
SHA1 866bc7ea8d1724d53639e1c880baddf9d3f32479
SHA256 2d7ba9b9b482195bd773983ca977c6027bfa14b847b628ae3f8aba9187950e2c
SHA512 a1288eed8c0de91ddf7cd5636c582b8813b76e5342f26bd48fac504f99b27d3c38e3bb8e37b814ee9efad4d0aee9d6146bbc380f039e6abc159173117fbaec83

C:\Windows\system\LyRUhAq.exe

MD5 f2009b96a0cd3c28818bb16e5697e8b0
SHA1 07ba35fd35a6fdff582590d16a867f8aae8a5625
SHA256 197c18ce3d253cef0366c1c169a5a6019bc1415a65f5537d5eb852a43f3b2abf
SHA512 6199343a99299084515d65938d6c9daf0f4a445234f73219ff845929ce98b73485e011ca64aac9ad4b238cd8b97597a8af4ce296fc867e3a4c8a43f51ea662f8

memory/2848-92-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2152-91-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/2500-86-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\CyBewno.exe

MD5 c471e273c2dd473cf7167323612e2450
SHA1 ad92dbece4251d844d31f1be8ba44c453c119c93
SHA256 9997e3c0ab6393edb3a850b92f7734a21f4bb15213c3c91f55c0b91feef226a5
SHA512 5aae1d123c1c2718943440a956b2e6ac1dcdc95e33c4cac894e40697dea16845138d491a71e6539cba580d86a4a2dc7c415db56fe8e90cb67621cfca0f753b08

memory/2980-77-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2848-76-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2848-75-0x000000013F140000-0x000000013F494000-memory.dmp

C:\Windows\system\VwembSE.exe

MD5 e4b795653c24ad734029a2b6409d112a
SHA1 6e52a585f1849d3604c975dbfc015ec86b99ce36
SHA256 81aec75377b59dcfe6a519236fc746d61a2aa25b74291d160a5446cd2766558a
SHA512 8a254ffbc713cd820ab042daea25e583bef2d46bf26307801bd3ebc4216b8f83821e7c961e061db1295a2c0e864d44aa4d89320945fabf9ef5f931b46c726bb0

memory/2588-71-0x000000013F960000-0x000000013FCB4000-memory.dmp

C:\Windows\system\GISLfpR.exe

MD5 75f5fdf844ade7f19b0e7a4ec09b11e3
SHA1 c352aabf275755c6dd9e2064dcbf9d1b50cd4dd2
SHA256 a932a9a2febb4a536eb0feff9cfe5c28bcec6ac80151bf5c49dbf5a36db6bb83
SHA512 3e665a2957fef3f4ecfd8ae3b4ea521ec2b7b24647e40748520185c28e58bd1dc7b25fceeadab3a810b4e281bcd710d694cec94bf8025e9319563e83cb13b262

memory/2528-66-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2848-65-0x000000013F8E0000-0x000000013FC34000-memory.dmp

C:\Windows\system\VQwSKON.exe

MD5 dd58839f9894dc04105111833a9598b2
SHA1 65625e979aff4ea8d508411b665ae1d1d8cc6677
SHA256 0816244f36225b8adc695aa90b2dcd54068599c0e4396f89cfd98607ca9b4904
SHA512 eab0ef1325ff73e15c9c7e8a910d909f6af6190e62130e372116942dbbcb38954970020e47dd1b1c4109dacec06a97c3c882ef55aae1e9656e37cfe23d070a8a

memory/2652-60-0x000000013F3C0000-0x000000013F714000-memory.dmp

C:\Windows\system\CcaKLqY.exe

MD5 9b15abfe37945d6f48a953c15baa1cc8
SHA1 94bc8caf43abf1f297d414faa259f29990a76bc4
SHA256 c8415ce9054c049fbf96e6d3b87e58957859970dd2953a5c78ef5d2a3e35af90
SHA512 187f5c8fd20a25abfeabc4b19aeab7123ac56e12f5f628b4329a453297fe4de51100fd48f93e86eb4b70192a409d915353090c010b0edd6646cc2fbf0b42287a

memory/2848-55-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/2848-54-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2848-53-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/2808-52-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2676-51-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/2748-50-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2848-49-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/2848-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\IaAZXLL.exe

MD5 00db21c7cd16b0d3d9369772428c97f6
SHA1 50c1ba70d0365b69d18690d6b00d8b3298657aed
SHA256 688f017815d247acf9fbee13dd2a9df54da361109723e644d13da457626cb172
SHA512 5ced44d29e905949e0fe879518ba7690d07d144e98f157b7c7e71ee328debdc8fc45af80d9613ab0222c4f81d18b3309527a699092b5b97c9b5fd7a491b263da

memory/2848-23-0x0000000002170000-0x00000000024C4000-memory.dmp

C:\Windows\system\IgWyFhg.exe

MD5 4ca9c52ec94ae240fb7d1cf527b3e7d0
SHA1 32d184a6edcb90eec95a7f1acedd751970f05ed9
SHA256 03bf58d6d50211093bc4c8c164c7bbe4f1416ada2bae5e09c7e8e05a89a4ff26
SHA512 a3667727ad829e4f22520243685c9a5b9db18963c83f11a2879664d3a37d57e6366d9e58225b91f385d85462d19ae8cccf67144845458034f3f9e29b7a0be22b

C:\Windows\system\xouzVQr.exe

MD5 c4e826e4322a18a1418536a3c39a76bc
SHA1 58ae716c28616831a473f0d3e9f02d9d11d53e9c
SHA256 16402c543690f045860f5a044c168c5f4ad26d3ba4ee61390a9a755cc5568ddf
SHA512 65ac4853e6ad045b8d42c2fab7d0a78438fd9834f11c46008caf4ae3de624d0479dd13e85292204162943fe5a258e8b5287eca3d45bd763a767fcb4fb4c0d4d0

memory/2152-29-0x000000013F730000-0x000000013FA84000-memory.dmp

C:\Windows\system\jbRQTpg.exe

MD5 34586b2ff31ea18a09c72b9f9d59caef
SHA1 5b2114917268c55c394fe09d056bfaa62c91497a
SHA256 55d3945bf400330d6e6c87abfa8686aec79b12f0234463d0407511209574dcca
SHA512 89cfe516e80a1ee070a8d5f076600d01741272c8a58ec5aa02e07804a7a4d6e5a11fe8905acd040a72d022efe7b7e0bd6e41efaff6b42c9c268c037a065c6733

C:\Windows\system\mZYghDv.exe

MD5 93c2234ca1f25a37c1d5027bdab55154
SHA1 faecece65e79dece33c579f33f8baba4c74d0707
SHA256 c7516b28770ac958cbd5e6d5e5be6260def3c6519457fe35df5a1277e6aad4ef
SHA512 69ed51ba6fb3a6117c3c36fac5b972f78215bccc99007ae6f828727b8888ef4f90bb805ab166683fa88c82d1a203bec355fda5429d9e2150ecb399a9795213c7

memory/2848-1066-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/2848-1067-0x0000000002170000-0x00000000024C4000-memory.dmp

memory/2652-1068-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2708-1069-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2528-1070-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2588-1071-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2980-1072-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/1644-1073-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2500-1074-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2848-1075-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/3036-1076-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2152-1077-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/3048-1078-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2748-1079-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/1956-1080-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2676-1081-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/2500-1085-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2528-1083-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2808-1082-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2588-1088-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/1644-1089-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2708-1087-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2652-1086-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2980-1084-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 23:08

Reported

2024-06-01 23:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kPHCkZM.exe N/A
N/A N/A C:\Windows\System\GIRokek.exe N/A
N/A N/A C:\Windows\System\qYFdWrj.exe N/A
N/A N/A C:\Windows\System\RbvaoRS.exe N/A
N/A N/A C:\Windows\System\YBxUskG.exe N/A
N/A N/A C:\Windows\System\AxZnjxD.exe N/A
N/A N/A C:\Windows\System\MFXuvfi.exe N/A
N/A N/A C:\Windows\System\IGNQTJK.exe N/A
N/A N/A C:\Windows\System\elDxYll.exe N/A
N/A N/A C:\Windows\System\hzFbTTq.exe N/A
N/A N/A C:\Windows\System\VWSVPAn.exe N/A
N/A N/A C:\Windows\System\IGZpQsa.exe N/A
N/A N/A C:\Windows\System\SzafVLl.exe N/A
N/A N/A C:\Windows\System\dcycScM.exe N/A
N/A N/A C:\Windows\System\KWCScPS.exe N/A
N/A N/A C:\Windows\System\rYTpCzT.exe N/A
N/A N/A C:\Windows\System\wRwkRRe.exe N/A
N/A N/A C:\Windows\System\jtlovWo.exe N/A
N/A N/A C:\Windows\System\OLrkINV.exe N/A
N/A N/A C:\Windows\System\wozLBvX.exe N/A
N/A N/A C:\Windows\System\nRsSMve.exe N/A
N/A N/A C:\Windows\System\bCkWjgh.exe N/A
N/A N/A C:\Windows\System\XKqbQkq.exe N/A
N/A N/A C:\Windows\System\MKmXecU.exe N/A
N/A N/A C:\Windows\System\ZIMWPCo.exe N/A
N/A N/A C:\Windows\System\YoLtUhL.exe N/A
N/A N/A C:\Windows\System\UxcEewQ.exe N/A
N/A N/A C:\Windows\System\UPbFRNP.exe N/A
N/A N/A C:\Windows\System\pvCCjll.exe N/A
N/A N/A C:\Windows\System\aAqgkLK.exe N/A
N/A N/A C:\Windows\System\YCzkeUb.exe N/A
N/A N/A C:\Windows\System\iWXtabL.exe N/A
N/A N/A C:\Windows\System\Iqlfxck.exe N/A
N/A N/A C:\Windows\System\JlAZeDj.exe N/A
N/A N/A C:\Windows\System\fUFoLfL.exe N/A
N/A N/A C:\Windows\System\TAvAncY.exe N/A
N/A N/A C:\Windows\System\YYwHnKY.exe N/A
N/A N/A C:\Windows\System\XFkQpJz.exe N/A
N/A N/A C:\Windows\System\SgHVwEo.exe N/A
N/A N/A C:\Windows\System\ojwpYnE.exe N/A
N/A N/A C:\Windows\System\pZdvTfq.exe N/A
N/A N/A C:\Windows\System\TkkCzBR.exe N/A
N/A N/A C:\Windows\System\IZpZXlN.exe N/A
N/A N/A C:\Windows\System\mwYnsEL.exe N/A
N/A N/A C:\Windows\System\MgCtszK.exe N/A
N/A N/A C:\Windows\System\VCCprmi.exe N/A
N/A N/A C:\Windows\System\hfjFlNb.exe N/A
N/A N/A C:\Windows\System\TXvROUq.exe N/A
N/A N/A C:\Windows\System\GsPnKdc.exe N/A
N/A N/A C:\Windows\System\NOfXvxg.exe N/A
N/A N/A C:\Windows\System\kKLgYdE.exe N/A
N/A N/A C:\Windows\System\kVCwSiA.exe N/A
N/A N/A C:\Windows\System\NKDmsLq.exe N/A
N/A N/A C:\Windows\System\JDOJPwl.exe N/A
N/A N/A C:\Windows\System\eGedeyP.exe N/A
N/A N/A C:\Windows\System\LWNPdxJ.exe N/A
N/A N/A C:\Windows\System\HzMherO.exe N/A
N/A N/A C:\Windows\System\EsndkxJ.exe N/A
N/A N/A C:\Windows\System\iNTyrit.exe N/A
N/A N/A C:\Windows\System\YnOvpwR.exe N/A
N/A N/A C:\Windows\System\QpEkWjs.exe N/A
N/A N/A C:\Windows\System\RkKxdPQ.exe N/A
N/A N/A C:\Windows\System\lrPnpzY.exe N/A
N/A N/A C:\Windows\System\OwQvsjq.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dcycScM.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZyqtVo.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CybvSoY.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqSfwYJ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThkcIqM.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiVpAfa.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvAzxtz.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTiYHmk.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJREBAC.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\drSLxly.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbmSnpV.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBmqpQZ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbeIdUT.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkKxdPQ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKzDsrW.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdclzKS.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzafVLl.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYTpCzT.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtpFByq.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvEJMPB.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVNbriX.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIqUuki.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zohAkHP.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRaMXzD.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\npUbRKd.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPbFRNP.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGedeyP.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EltZVzq.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUPUFWp.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJgmBFN.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKcigRS.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWDEpJx.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVqPtQT.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XROQRBD.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvemUEb.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\evZGEkc.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWSVPAn.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHbsNHa.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsndkxJ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmXHWDf.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JzQsXCq.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZQhYFl.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWCScPS.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\swjgMHJ.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFXuvfi.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnOvpwR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjmAjUY.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsSLhwb.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PNXpAQL.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQEmDDq.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGNQTJK.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\khbmRsp.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRGHLBE.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLYDPoB.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRsSMve.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUFoLfL.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaqIGQx.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMxqPyb.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GwPVjIe.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCkWjgh.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYwHnKY.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojwpYnE.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fnkCFkR.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRVwRhj.exe C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3592 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\kPHCkZM.exe
PID 3592 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\kPHCkZM.exe
PID 3592 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\GIRokek.exe
PID 3592 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\GIRokek.exe
PID 3592 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qYFdWrj.exe
PID 3592 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\qYFdWrj.exe
PID 3592 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\RbvaoRS.exe
PID 3592 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\RbvaoRS.exe
PID 3592 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YBxUskG.exe
PID 3592 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YBxUskG.exe
PID 3592 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\AxZnjxD.exe
PID 3592 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\AxZnjxD.exe
PID 3592 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\MFXuvfi.exe
PID 3592 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\MFXuvfi.exe
PID 3592 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IGNQTJK.exe
PID 3592 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IGNQTJK.exe
PID 3592 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\elDxYll.exe
PID 3592 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\elDxYll.exe
PID 3592 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\hzFbTTq.exe
PID 3592 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\hzFbTTq.exe
PID 3592 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\dcycScM.exe
PID 3592 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\dcycScM.exe
PID 3592 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VWSVPAn.exe
PID 3592 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\VWSVPAn.exe
PID 3592 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IGZpQsa.exe
PID 3592 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\IGZpQsa.exe
PID 3592 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\SzafVLl.exe
PID 3592 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\SzafVLl.exe
PID 3592 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\KWCScPS.exe
PID 3592 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\KWCScPS.exe
PID 3592 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\nRsSMve.exe
PID 3592 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\nRsSMve.exe
PID 3592 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\rYTpCzT.exe
PID 3592 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\rYTpCzT.exe
PID 3592 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\wRwkRRe.exe
PID 3592 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\wRwkRRe.exe
PID 3592 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\jtlovWo.exe
PID 3592 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\jtlovWo.exe
PID 3592 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\OLrkINV.exe
PID 3592 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\OLrkINV.exe
PID 3592 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\wozLBvX.exe
PID 3592 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\wozLBvX.exe
PID 3592 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\bCkWjgh.exe
PID 3592 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\bCkWjgh.exe
PID 3592 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\XKqbQkq.exe
PID 3592 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\XKqbQkq.exe
PID 3592 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\MKmXecU.exe
PID 3592 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\MKmXecU.exe
PID 3592 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\ZIMWPCo.exe
PID 3592 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\ZIMWPCo.exe
PID 3592 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YoLtUhL.exe
PID 3592 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YoLtUhL.exe
PID 3592 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\UxcEewQ.exe
PID 3592 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\UxcEewQ.exe
PID 3592 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\UPbFRNP.exe
PID 3592 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\UPbFRNP.exe
PID 3592 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\pvCCjll.exe
PID 3592 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\pvCCjll.exe
PID 3592 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\aAqgkLK.exe
PID 3592 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\aAqgkLK.exe
PID 3592 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YCzkeUb.exe
PID 3592 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\YCzkeUb.exe
PID 3592 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\iWXtabL.exe
PID 3592 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe C:\Windows\System\iWXtabL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\08356aff5baee8b134ab47fbee04e8e0_NeikiAnalytics.exe"

C:\Windows\System\kPHCkZM.exe

C:\Windows\System\kPHCkZM.exe

C:\Windows\System\GIRokek.exe

C:\Windows\System\GIRokek.exe

C:\Windows\System\qYFdWrj.exe

C:\Windows\System\qYFdWrj.exe

C:\Windows\System\RbvaoRS.exe

C:\Windows\System\RbvaoRS.exe

C:\Windows\System\YBxUskG.exe

C:\Windows\System\YBxUskG.exe

C:\Windows\System\AxZnjxD.exe

C:\Windows\System\AxZnjxD.exe

C:\Windows\System\MFXuvfi.exe

C:\Windows\System\MFXuvfi.exe

C:\Windows\System\IGNQTJK.exe

C:\Windows\System\IGNQTJK.exe

C:\Windows\System\elDxYll.exe

C:\Windows\System\elDxYll.exe

C:\Windows\System\hzFbTTq.exe

C:\Windows\System\hzFbTTq.exe

C:\Windows\System\dcycScM.exe

C:\Windows\System\dcycScM.exe

C:\Windows\System\VWSVPAn.exe

C:\Windows\System\VWSVPAn.exe

C:\Windows\System\IGZpQsa.exe

C:\Windows\System\IGZpQsa.exe

C:\Windows\System\SzafVLl.exe

C:\Windows\System\SzafVLl.exe

C:\Windows\System\KWCScPS.exe

C:\Windows\System\KWCScPS.exe

C:\Windows\System\nRsSMve.exe

C:\Windows\System\nRsSMve.exe

C:\Windows\System\rYTpCzT.exe

C:\Windows\System\rYTpCzT.exe

C:\Windows\System\wRwkRRe.exe

C:\Windows\System\wRwkRRe.exe

C:\Windows\System\jtlovWo.exe

C:\Windows\System\jtlovWo.exe

C:\Windows\System\OLrkINV.exe

C:\Windows\System\OLrkINV.exe

C:\Windows\System\wozLBvX.exe

C:\Windows\System\wozLBvX.exe

C:\Windows\System\bCkWjgh.exe

C:\Windows\System\bCkWjgh.exe

C:\Windows\System\XKqbQkq.exe

C:\Windows\System\XKqbQkq.exe

C:\Windows\System\MKmXecU.exe

C:\Windows\System\MKmXecU.exe

C:\Windows\System\ZIMWPCo.exe

C:\Windows\System\ZIMWPCo.exe

C:\Windows\System\YoLtUhL.exe

C:\Windows\System\YoLtUhL.exe

C:\Windows\System\UxcEewQ.exe

C:\Windows\System\UxcEewQ.exe

C:\Windows\System\UPbFRNP.exe

C:\Windows\System\UPbFRNP.exe

C:\Windows\System\pvCCjll.exe

C:\Windows\System\pvCCjll.exe

C:\Windows\System\aAqgkLK.exe

C:\Windows\System\aAqgkLK.exe

C:\Windows\System\YCzkeUb.exe

C:\Windows\System\YCzkeUb.exe

C:\Windows\System\iWXtabL.exe

C:\Windows\System\iWXtabL.exe

C:\Windows\System\Iqlfxck.exe

C:\Windows\System\Iqlfxck.exe

C:\Windows\System\JlAZeDj.exe

C:\Windows\System\JlAZeDj.exe

C:\Windows\System\fUFoLfL.exe

C:\Windows\System\fUFoLfL.exe

C:\Windows\System\TAvAncY.exe

C:\Windows\System\TAvAncY.exe

C:\Windows\System\YYwHnKY.exe

C:\Windows\System\YYwHnKY.exe

C:\Windows\System\XFkQpJz.exe

C:\Windows\System\XFkQpJz.exe

C:\Windows\System\SgHVwEo.exe

C:\Windows\System\SgHVwEo.exe

C:\Windows\System\ojwpYnE.exe

C:\Windows\System\ojwpYnE.exe

C:\Windows\System\pZdvTfq.exe

C:\Windows\System\pZdvTfq.exe

C:\Windows\System\TkkCzBR.exe

C:\Windows\System\TkkCzBR.exe

C:\Windows\System\IZpZXlN.exe

C:\Windows\System\IZpZXlN.exe

C:\Windows\System\mwYnsEL.exe

C:\Windows\System\mwYnsEL.exe

C:\Windows\System\MgCtszK.exe

C:\Windows\System\MgCtszK.exe

C:\Windows\System\VCCprmi.exe

C:\Windows\System\VCCprmi.exe

C:\Windows\System\hfjFlNb.exe

C:\Windows\System\hfjFlNb.exe

C:\Windows\System\TXvROUq.exe

C:\Windows\System\TXvROUq.exe

C:\Windows\System\GsPnKdc.exe

C:\Windows\System\GsPnKdc.exe

C:\Windows\System\NOfXvxg.exe

C:\Windows\System\NOfXvxg.exe

C:\Windows\System\kKLgYdE.exe

C:\Windows\System\kKLgYdE.exe

C:\Windows\System\kVCwSiA.exe

C:\Windows\System\kVCwSiA.exe

C:\Windows\System\NKDmsLq.exe

C:\Windows\System\NKDmsLq.exe

C:\Windows\System\JDOJPwl.exe

C:\Windows\System\JDOJPwl.exe

C:\Windows\System\eGedeyP.exe

C:\Windows\System\eGedeyP.exe

C:\Windows\System\LWNPdxJ.exe

C:\Windows\System\LWNPdxJ.exe

C:\Windows\System\HzMherO.exe

C:\Windows\System\HzMherO.exe

C:\Windows\System\EsndkxJ.exe

C:\Windows\System\EsndkxJ.exe

C:\Windows\System\iNTyrit.exe

C:\Windows\System\iNTyrit.exe

C:\Windows\System\YnOvpwR.exe

C:\Windows\System\YnOvpwR.exe

C:\Windows\System\QpEkWjs.exe

C:\Windows\System\QpEkWjs.exe

C:\Windows\System\HFDBXCO.exe

C:\Windows\System\HFDBXCO.exe

C:\Windows\System\RkKxdPQ.exe

C:\Windows\System\RkKxdPQ.exe

C:\Windows\System\lrPnpzY.exe

C:\Windows\System\lrPnpzY.exe

C:\Windows\System\OwQvsjq.exe

C:\Windows\System\OwQvsjq.exe

C:\Windows\System\uIEgcgg.exe

C:\Windows\System\uIEgcgg.exe

C:\Windows\System\mlzGrlV.exe

C:\Windows\System\mlzGrlV.exe

C:\Windows\System\AuBqwlQ.exe

C:\Windows\System\AuBqwlQ.exe

C:\Windows\System\WvutDKI.exe

C:\Windows\System\WvutDKI.exe

C:\Windows\System\IDNxZug.exe

C:\Windows\System\IDNxZug.exe

C:\Windows\System\CpTdyNj.exe

C:\Windows\System\CpTdyNj.exe

C:\Windows\System\MyOvFji.exe

C:\Windows\System\MyOvFji.exe

C:\Windows\System\bvcPuDm.exe

C:\Windows\System\bvcPuDm.exe

C:\Windows\System\oXmBywH.exe

C:\Windows\System\oXmBywH.exe

C:\Windows\System\UxUjvQA.exe

C:\Windows\System\UxUjvQA.exe

C:\Windows\System\gqBQXcx.exe

C:\Windows\System\gqBQXcx.exe

C:\Windows\System\NfEHywt.exe

C:\Windows\System\NfEHywt.exe

C:\Windows\System\EltZVzq.exe

C:\Windows\System\EltZVzq.exe

C:\Windows\System\ktQHmPn.exe

C:\Windows\System\ktQHmPn.exe

C:\Windows\System\VvTMgOG.exe

C:\Windows\System\VvTMgOG.exe

C:\Windows\System\sUPUFWp.exe

C:\Windows\System\sUPUFWp.exe

C:\Windows\System\PWVIdHS.exe

C:\Windows\System\PWVIdHS.exe

C:\Windows\System\ESYgepg.exe

C:\Windows\System\ESYgepg.exe

C:\Windows\System\OvAzxtz.exe

C:\Windows\System\OvAzxtz.exe

C:\Windows\System\BjmAjUY.exe

C:\Windows\System\BjmAjUY.exe

C:\Windows\System\GHSugSY.exe

C:\Windows\System\GHSugSY.exe

C:\Windows\System\guNxbJa.exe

C:\Windows\System\guNxbJa.exe

C:\Windows\System\QDSaECP.exe

C:\Windows\System\QDSaECP.exe

C:\Windows\System\NaQGmbU.exe

C:\Windows\System\NaQGmbU.exe

C:\Windows\System\jXLANIw.exe

C:\Windows\System\jXLANIw.exe

C:\Windows\System\UqZsAqZ.exe

C:\Windows\System\UqZsAqZ.exe

C:\Windows\System\fnkCFkR.exe

C:\Windows\System\fnkCFkR.exe

C:\Windows\System\GZNIhZb.exe

C:\Windows\System\GZNIhZb.exe

C:\Windows\System\kGoJQOT.exe

C:\Windows\System\kGoJQOT.exe

C:\Windows\System\hwjzIDP.exe

C:\Windows\System\hwjzIDP.exe

C:\Windows\System\OJgmBFN.exe

C:\Windows\System\OJgmBFN.exe

C:\Windows\System\WTNhdHy.exe

C:\Windows\System\WTNhdHy.exe

C:\Windows\System\GnVvBjn.exe

C:\Windows\System\GnVvBjn.exe

C:\Windows\System\MffQmyC.exe

C:\Windows\System\MffQmyC.exe

C:\Windows\System\WLzwkqN.exe

C:\Windows\System\WLzwkqN.exe

C:\Windows\System\VtKlNAZ.exe

C:\Windows\System\VtKlNAZ.exe

C:\Windows\System\bPDfoDS.exe

C:\Windows\System\bPDfoDS.exe

C:\Windows\System\yCcftmO.exe

C:\Windows\System\yCcftmO.exe

C:\Windows\System\dcJWwcs.exe

C:\Windows\System\dcJWwcs.exe

C:\Windows\System\UpaQMcw.exe

C:\Windows\System\UpaQMcw.exe

C:\Windows\System\sAmkinY.exe

C:\Windows\System\sAmkinY.exe

C:\Windows\System\KCoQYuE.exe

C:\Windows\System\KCoQYuE.exe

C:\Windows\System\reDljcK.exe

C:\Windows\System\reDljcK.exe

C:\Windows\System\qnJUDJq.exe

C:\Windows\System\qnJUDJq.exe

C:\Windows\System\NzqGeJR.exe

C:\Windows\System\NzqGeJR.exe

C:\Windows\System\XbsXkcv.exe

C:\Windows\System\XbsXkcv.exe

C:\Windows\System\vVTvGUF.exe

C:\Windows\System\vVTvGUF.exe

C:\Windows\System\DstTFyF.exe

C:\Windows\System\DstTFyF.exe

C:\Windows\System\tJTGxSA.exe

C:\Windows\System\tJTGxSA.exe

C:\Windows\System\VxtxsXE.exe

C:\Windows\System\VxtxsXE.exe

C:\Windows\System\HxOEIni.exe

C:\Windows\System\HxOEIni.exe

C:\Windows\System\khbmRsp.exe

C:\Windows\System\khbmRsp.exe

C:\Windows\System\sYWaqDr.exe

C:\Windows\System\sYWaqDr.exe

C:\Windows\System\usWGPyh.exe

C:\Windows\System\usWGPyh.exe

C:\Windows\System\PSFoFaE.exe

C:\Windows\System\PSFoFaE.exe

C:\Windows\System\FrMULXj.exe

C:\Windows\System\FrMULXj.exe

C:\Windows\System\GTYpkUw.exe

C:\Windows\System\GTYpkUw.exe

C:\Windows\System\pZyqtVo.exe

C:\Windows\System\pZyqtVo.exe

C:\Windows\System\IitPIqn.exe

C:\Windows\System\IitPIqn.exe

C:\Windows\System\ZRVwRhj.exe

C:\Windows\System\ZRVwRhj.exe

C:\Windows\System\yluwXtp.exe

C:\Windows\System\yluwXtp.exe

C:\Windows\System\CWFxQnD.exe

C:\Windows\System\CWFxQnD.exe

C:\Windows\System\IupwwqU.exe

C:\Windows\System\IupwwqU.exe

C:\Windows\System\hhuaJTr.exe

C:\Windows\System\hhuaJTr.exe

C:\Windows\System\QqJZUaJ.exe

C:\Windows\System\QqJZUaJ.exe

C:\Windows\System\jaccfvU.exe

C:\Windows\System\jaccfvU.exe

C:\Windows\System\CybvSoY.exe

C:\Windows\System\CybvSoY.exe

C:\Windows\System\CsSLhwb.exe

C:\Windows\System\CsSLhwb.exe

C:\Windows\System\EuehthH.exe

C:\Windows\System\EuehthH.exe

C:\Windows\System\PtpFByq.exe

C:\Windows\System\PtpFByq.exe

C:\Windows\System\GlrBTGn.exe

C:\Windows\System\GlrBTGn.exe

C:\Windows\System\gKyOGkF.exe

C:\Windows\System\gKyOGkF.exe

C:\Windows\System\kDlvJvA.exe

C:\Windows\System\kDlvJvA.exe

C:\Windows\System\SCojUGx.exe

C:\Windows\System\SCojUGx.exe

C:\Windows\System\GvEJMPB.exe

C:\Windows\System\GvEJMPB.exe

C:\Windows\System\EvLdvJt.exe

C:\Windows\System\EvLdvJt.exe

C:\Windows\System\RItZGqr.exe

C:\Windows\System\RItZGqr.exe

C:\Windows\System\Klnafbr.exe

C:\Windows\System\Klnafbr.exe

C:\Windows\System\VNpqIiP.exe

C:\Windows\System\VNpqIiP.exe

C:\Windows\System\GAXYuco.exe

C:\Windows\System\GAXYuco.exe

C:\Windows\System\ITZEeaC.exe

C:\Windows\System\ITZEeaC.exe

C:\Windows\System\PSaMsic.exe

C:\Windows\System\PSaMsic.exe

C:\Windows\System\VsPAkPx.exe

C:\Windows\System\VsPAkPx.exe

C:\Windows\System\TYboQNh.exe

C:\Windows\System\TYboQNh.exe

C:\Windows\System\NhqkcDi.exe

C:\Windows\System\NhqkcDi.exe

C:\Windows\System\WGWAnlK.exe

C:\Windows\System\WGWAnlK.exe

C:\Windows\System\oghsxVk.exe

C:\Windows\System\oghsxVk.exe

C:\Windows\System\OStMGTD.exe

C:\Windows\System\OStMGTD.exe

C:\Windows\System\bqSfwYJ.exe

C:\Windows\System\bqSfwYJ.exe

C:\Windows\System\qlVMORW.exe

C:\Windows\System\qlVMORW.exe

C:\Windows\System\hgzyXuN.exe

C:\Windows\System\hgzyXuN.exe

C:\Windows\System\IrtteKq.exe

C:\Windows\System\IrtteKq.exe

C:\Windows\System\RmXHWDf.exe

C:\Windows\System\RmXHWDf.exe

C:\Windows\System\lncYroF.exe

C:\Windows\System\lncYroF.exe

C:\Windows\System\ozjfstl.exe

C:\Windows\System\ozjfstl.exe

C:\Windows\System\xeRFTBW.exe

C:\Windows\System\xeRFTBW.exe

C:\Windows\System\QryBvlZ.exe

C:\Windows\System\QryBvlZ.exe

C:\Windows\System\CFjAQkt.exe

C:\Windows\System\CFjAQkt.exe

C:\Windows\System\tPDeCSR.exe

C:\Windows\System\tPDeCSR.exe

C:\Windows\System\ISnWHbT.exe

C:\Windows\System\ISnWHbT.exe

C:\Windows\System\DWWtBow.exe

C:\Windows\System\DWWtBow.exe

C:\Windows\System\ZVNbriX.exe

C:\Windows\System\ZVNbriX.exe

C:\Windows\System\DRkCXlG.exe

C:\Windows\System\DRkCXlG.exe

C:\Windows\System\aesOrdI.exe

C:\Windows\System\aesOrdI.exe

C:\Windows\System\HbHqQHr.exe

C:\Windows\System\HbHqQHr.exe

C:\Windows\System\aSOHhVb.exe

C:\Windows\System\aSOHhVb.exe

C:\Windows\System\DpWtTGc.exe

C:\Windows\System\DpWtTGc.exe

C:\Windows\System\hIqUuki.exe

C:\Windows\System\hIqUuki.exe

C:\Windows\System\UFKCmsj.exe

C:\Windows\System\UFKCmsj.exe

C:\Windows\System\YDNMdtO.exe

C:\Windows\System\YDNMdtO.exe

C:\Windows\System\mGKtOcg.exe

C:\Windows\System\mGKtOcg.exe

C:\Windows\System\ExHkHNY.exe

C:\Windows\System\ExHkHNY.exe

C:\Windows\System\XHGszjk.exe

C:\Windows\System\XHGszjk.exe

C:\Windows\System\tHywFjc.exe

C:\Windows\System\tHywFjc.exe

C:\Windows\System\HPSGcPn.exe

C:\Windows\System\HPSGcPn.exe

C:\Windows\System\JSeDGLF.exe

C:\Windows\System\JSeDGLF.exe

C:\Windows\System\ffcZuyo.exe

C:\Windows\System\ffcZuyo.exe

C:\Windows\System\loHwONV.exe

C:\Windows\System\loHwONV.exe

C:\Windows\System\swjgMHJ.exe

C:\Windows\System\swjgMHJ.exe

C:\Windows\System\fBFpSmE.exe

C:\Windows\System\fBFpSmE.exe

C:\Windows\System\NkVQzRg.exe

C:\Windows\System\NkVQzRg.exe

C:\Windows\System\qwPPnln.exe

C:\Windows\System\qwPPnln.exe

C:\Windows\System\odMKVYB.exe

C:\Windows\System\odMKVYB.exe

C:\Windows\System\EwRoEJW.exe

C:\Windows\System\EwRoEJW.exe

C:\Windows\System\RoBqjuS.exe

C:\Windows\System\RoBqjuS.exe

C:\Windows\System\CeVrJCp.exe

C:\Windows\System\CeVrJCp.exe

C:\Windows\System\VDehiiO.exe

C:\Windows\System\VDehiiO.exe

C:\Windows\System\zohAkHP.exe

C:\Windows\System\zohAkHP.exe

C:\Windows\System\ToYRYuC.exe

C:\Windows\System\ToYRYuC.exe

C:\Windows\System\mKECIrg.exe

C:\Windows\System\mKECIrg.exe

C:\Windows\System\NHVWRKo.exe

C:\Windows\System\NHVWRKo.exe

C:\Windows\System\DcwMWEv.exe

C:\Windows\System\DcwMWEv.exe

C:\Windows\System\gqsIzkU.exe

C:\Windows\System\gqsIzkU.exe

C:\Windows\System\MTiYHmk.exe

C:\Windows\System\MTiYHmk.exe

C:\Windows\System\VTGoMOZ.exe

C:\Windows\System\VTGoMOZ.exe

C:\Windows\System\YyAEDAT.exe

C:\Windows\System\YyAEDAT.exe

C:\Windows\System\hWrdEXO.exe

C:\Windows\System\hWrdEXO.exe

C:\Windows\System\lKcigRS.exe

C:\Windows\System\lKcigRS.exe

C:\Windows\System\MEstfBA.exe

C:\Windows\System\MEstfBA.exe

C:\Windows\System\FKzDsrW.exe

C:\Windows\System\FKzDsrW.exe

C:\Windows\System\SpBHKoB.exe

C:\Windows\System\SpBHKoB.exe

C:\Windows\System\zWDEpJx.exe

C:\Windows\System\zWDEpJx.exe

C:\Windows\System\aVuwobJ.exe

C:\Windows\System\aVuwobJ.exe

C:\Windows\System\aGDDEZj.exe

C:\Windows\System\aGDDEZj.exe

C:\Windows\System\fTfNBKa.exe

C:\Windows\System\fTfNBKa.exe

C:\Windows\System\jaqIGQx.exe

C:\Windows\System\jaqIGQx.exe

C:\Windows\System\UqhflJV.exe

C:\Windows\System\UqhflJV.exe

C:\Windows\System\PNXpAQL.exe

C:\Windows\System\PNXpAQL.exe

C:\Windows\System\AJREBAC.exe

C:\Windows\System\AJREBAC.exe

C:\Windows\System\vcrWdPr.exe

C:\Windows\System\vcrWdPr.exe

C:\Windows\System\ToLDCdx.exe

C:\Windows\System\ToLDCdx.exe

C:\Windows\System\uuKBsyt.exe

C:\Windows\System\uuKBsyt.exe

C:\Windows\System\FLwvEln.exe

C:\Windows\System\FLwvEln.exe

C:\Windows\System\pAMpHJD.exe

C:\Windows\System\pAMpHJD.exe

C:\Windows\System\LGiEajL.exe

C:\Windows\System\LGiEajL.exe

C:\Windows\System\okZTjFW.exe

C:\Windows\System\okZTjFW.exe

C:\Windows\System\aWLseld.exe

C:\Windows\System\aWLseld.exe

C:\Windows\System\drSLxly.exe

C:\Windows\System\drSLxly.exe

C:\Windows\System\XkBoGVo.exe

C:\Windows\System\XkBoGVo.exe

C:\Windows\System\atWbDiS.exe

C:\Windows\System\atWbDiS.exe

C:\Windows\System\AnxoxzC.exe

C:\Windows\System\AnxoxzC.exe

C:\Windows\System\ZrOoqmJ.exe

C:\Windows\System\ZrOoqmJ.exe

C:\Windows\System\jZgHiqA.exe

C:\Windows\System\jZgHiqA.exe

C:\Windows\System\wNvMoTt.exe

C:\Windows\System\wNvMoTt.exe

C:\Windows\System\PfGEYcN.exe

C:\Windows\System\PfGEYcN.exe

C:\Windows\System\EVYVcCO.exe

C:\Windows\System\EVYVcCO.exe

C:\Windows\System\HhbfWgE.exe

C:\Windows\System\HhbfWgE.exe

C:\Windows\System\IRGHLBE.exe

C:\Windows\System\IRGHLBE.exe

C:\Windows\System\vRaMXzD.exe

C:\Windows\System\vRaMXzD.exe

C:\Windows\System\UVqPtQT.exe

C:\Windows\System\UVqPtQT.exe

C:\Windows\System\GtzUxQk.exe

C:\Windows\System\GtzUxQk.exe

C:\Windows\System\XROQRBD.exe

C:\Windows\System\XROQRBD.exe

C:\Windows\System\PgbboyS.exe

C:\Windows\System\PgbboyS.exe

C:\Windows\System\tJrCoNA.exe

C:\Windows\System\tJrCoNA.exe

C:\Windows\System\tSsjJis.exe

C:\Windows\System\tSsjJis.exe

C:\Windows\System\lEiQSUS.exe

C:\Windows\System\lEiQSUS.exe

C:\Windows\System\npUbRKd.exe

C:\Windows\System\npUbRKd.exe

C:\Windows\System\aEletPl.exe

C:\Windows\System\aEletPl.exe

C:\Windows\System\xmoWqyi.exe

C:\Windows\System\xmoWqyi.exe

C:\Windows\System\saHjKal.exe

C:\Windows\System\saHjKal.exe

C:\Windows\System\ZvemUEb.exe

C:\Windows\System\ZvemUEb.exe

C:\Windows\System\vEkZvYI.exe

C:\Windows\System\vEkZvYI.exe

C:\Windows\System\kdclzKS.exe

C:\Windows\System\kdclzKS.exe

C:\Windows\System\tsDUXRq.exe

C:\Windows\System\tsDUXRq.exe

C:\Windows\System\ulrTenM.exe

C:\Windows\System\ulrTenM.exe

C:\Windows\System\ASPjgGj.exe

C:\Windows\System\ASPjgGj.exe

C:\Windows\System\USvXPkU.exe

C:\Windows\System\USvXPkU.exe

C:\Windows\System\JzQsXCq.exe

C:\Windows\System\JzQsXCq.exe

C:\Windows\System\kvJOBDB.exe

C:\Windows\System\kvJOBDB.exe

C:\Windows\System\SvFbbUp.exe

C:\Windows\System\SvFbbUp.exe

C:\Windows\System\bEVOUvw.exe

C:\Windows\System\bEVOUvw.exe

C:\Windows\System\wgoHpFG.exe

C:\Windows\System\wgoHpFG.exe

C:\Windows\System\UhDuoUZ.exe

C:\Windows\System\UhDuoUZ.exe

C:\Windows\System\fMWpEEE.exe

C:\Windows\System\fMWpEEE.exe

C:\Windows\System\uJFwNje.exe

C:\Windows\System\uJFwNje.exe

C:\Windows\System\evZGEkc.exe

C:\Windows\System\evZGEkc.exe

C:\Windows\System\IvmxSak.exe

C:\Windows\System\IvmxSak.exe

C:\Windows\System\NlZaqqt.exe

C:\Windows\System\NlZaqqt.exe

C:\Windows\System\JZXfNrD.exe

C:\Windows\System\JZXfNrD.exe

C:\Windows\System\YPXAmjD.exe

C:\Windows\System\YPXAmjD.exe

C:\Windows\System\hDzAGwQ.exe

C:\Windows\System\hDzAGwQ.exe

C:\Windows\System\VZtNElh.exe

C:\Windows\System\VZtNElh.exe

C:\Windows\System\SXpqYDp.exe

C:\Windows\System\SXpqYDp.exe

C:\Windows\System\bVbxomL.exe

C:\Windows\System\bVbxomL.exe

C:\Windows\System\TuygOtq.exe

C:\Windows\System\TuygOtq.exe

C:\Windows\System\UUrHsTO.exe

C:\Windows\System\UUrHsTO.exe

C:\Windows\System\UMxqPyb.exe

C:\Windows\System\UMxqPyb.exe

C:\Windows\System\ThkcIqM.exe

C:\Windows\System\ThkcIqM.exe

C:\Windows\System\HlEulUg.exe

C:\Windows\System\HlEulUg.exe

C:\Windows\System\FwVUkHa.exe

C:\Windows\System\FwVUkHa.exe

C:\Windows\System\nOdkrGb.exe

C:\Windows\System\nOdkrGb.exe

C:\Windows\System\MtqqsEW.exe

C:\Windows\System\MtqqsEW.exe

C:\Windows\System\fZSbzrN.exe

C:\Windows\System\fZSbzrN.exe

C:\Windows\System\PXEFIVo.exe

C:\Windows\System\PXEFIVo.exe

C:\Windows\System\DbLSLbS.exe

C:\Windows\System\DbLSLbS.exe

C:\Windows\System\KLYDPoB.exe

C:\Windows\System\KLYDPoB.exe

C:\Windows\System\FQEmDDq.exe

C:\Windows\System\FQEmDDq.exe

C:\Windows\System\iiVpAfa.exe

C:\Windows\System\iiVpAfa.exe

C:\Windows\System\MZCkkLU.exe

C:\Windows\System\MZCkkLU.exe

C:\Windows\System\GwPVjIe.exe

C:\Windows\System\GwPVjIe.exe

C:\Windows\System\XcDbfFW.exe

C:\Windows\System\XcDbfFW.exe

C:\Windows\System\thFAMIp.exe

C:\Windows\System\thFAMIp.exe

C:\Windows\System\UsGtgvw.exe

C:\Windows\System\UsGtgvw.exe

C:\Windows\System\clvLAyr.exe

C:\Windows\System\clvLAyr.exe

C:\Windows\System\CBiDWHJ.exe

C:\Windows\System\CBiDWHJ.exe

C:\Windows\System\jDfMQZZ.exe

C:\Windows\System\jDfMQZZ.exe

C:\Windows\System\YbmSnpV.exe

C:\Windows\System\YbmSnpV.exe

C:\Windows\System\ygZulEU.exe

C:\Windows\System\ygZulEU.exe

C:\Windows\System\mRjWsUp.exe

C:\Windows\System\mRjWsUp.exe

C:\Windows\System\uPSJqNc.exe

C:\Windows\System\uPSJqNc.exe

C:\Windows\System\wHbsNHa.exe

C:\Windows\System\wHbsNHa.exe

C:\Windows\System\eBmqpQZ.exe

C:\Windows\System\eBmqpQZ.exe

C:\Windows\System\hvnzlNg.exe

C:\Windows\System\hvnzlNg.exe

C:\Windows\System\bERSBxb.exe

C:\Windows\System\bERSBxb.exe

C:\Windows\System\WzMJgVf.exe

C:\Windows\System\WzMJgVf.exe

C:\Windows\System\hhtkLqd.exe

C:\Windows\System\hhtkLqd.exe

C:\Windows\System\pMkyUbR.exe

C:\Windows\System\pMkyUbR.exe

C:\Windows\System\yLufxRA.exe

C:\Windows\System\yLufxRA.exe

C:\Windows\System\vZQhYFl.exe

C:\Windows\System\vZQhYFl.exe

C:\Windows\System\BrGqLye.exe

C:\Windows\System\BrGqLye.exe

C:\Windows\System\kdUWuaW.exe

C:\Windows\System\kdUWuaW.exe

C:\Windows\System\lYvkgRH.exe

C:\Windows\System\lYvkgRH.exe

C:\Windows\System\gCFsRJw.exe

C:\Windows\System\gCFsRJw.exe

C:\Windows\System\oiLYKvK.exe

C:\Windows\System\oiLYKvK.exe

C:\Windows\System\gwJOrZS.exe

C:\Windows\System\gwJOrZS.exe

C:\Windows\System\yauHNBe.exe

C:\Windows\System\yauHNBe.exe

C:\Windows\System\BWYqaug.exe

C:\Windows\System\BWYqaug.exe

C:\Windows\System\bQpNJPQ.exe

C:\Windows\System\bQpNJPQ.exe

C:\Windows\System\RhxbNSl.exe

C:\Windows\System\RhxbNSl.exe

C:\Windows\System\XbeIdUT.exe

C:\Windows\System\XbeIdUT.exe

C:\Windows\System\nInbzcT.exe

C:\Windows\System\nInbzcT.exe

C:\Windows\System\rJCYBwD.exe

C:\Windows\System\rJCYBwD.exe

C:\Windows\System\LjpgtuU.exe

C:\Windows\System\LjpgtuU.exe

C:\Windows\System\atmCDRY.exe

C:\Windows\System\atmCDRY.exe

C:\Windows\System\XcYLGVW.exe

C:\Windows\System\XcYLGVW.exe

C:\Windows\System\RZToLrD.exe

C:\Windows\System\RZToLrD.exe

C:\Windows\System\uiIfvCH.exe

C:\Windows\System\uiIfvCH.exe

C:\Windows\System\tyenfqZ.exe

C:\Windows\System\tyenfqZ.exe

C:\Windows\System\kIRcwXO.exe

C:\Windows\System\kIRcwXO.exe

C:\Windows\System\HJdUBqd.exe

C:\Windows\System\HJdUBqd.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3592-0-0x00007FF7B9FD0000-0x00007FF7BA324000-memory.dmp

memory/3592-1-0x000001E8C2040000-0x000001E8C2050000-memory.dmp

C:\Windows\System\kPHCkZM.exe

MD5 cec0c396f10ce53e6941a8a98138d467
SHA1 57c48f144df735f2179e58b8aa9492945c5d7ef6
SHA256 697681671682ba2f731489c9fb0fd44e72d34aefb935277ac8c1d63b668e3b11
SHA512 f0acb1af1d0c4fb107def3c4f0c6095a79eddcaf2910e26ace8ac5b50781689cc701dc7983384cfc2964a5500d09975b825422bbb4c9aceba094c9d6ffb805e0

C:\Windows\System\qYFdWrj.exe

MD5 43b2eb2366221edbd291fd4f29c2223f
SHA1 6c6c32292f9e9e98092c06396f3182cae2301fc6
SHA256 c1ae1041196c67a97773e72c0b91406873efc64981835ccd25427518b44b1974
SHA512 cf1e9ea66aea78d88e4d991caab805b7ab9f420933f687aaae94e252170dadaad863a0a0d48bfc95d3dc2e6834c97994a2ef61a091f0c6b64739f71a51dcee71

C:\Windows\System\SzafVLl.exe

MD5 73bc2e40db70eac9c005891048b1fc22
SHA1 924ba3f750d026ede0fd15bf4e55322dc472b4b0
SHA256 c94ffa83df646381b52e5220b1f4325ecdd7a9fde29a2cf670c8cf69c0131bdd
SHA512 cba9bc87fa655c4ab3df6d5407bcfc07139363c3c746f602a0957ced403d1c2baac11617b6e37e3edf59ab0133de904d2b3c7e5a3367031e5d69945479ed8123

C:\Windows\System\aAqgkLK.exe

MD5 580f76018af49e34e510c238c9a936fe
SHA1 379d75ad02adf40e943945cc097322899e4d4b62
SHA256 fbd532832036823b4f5403b822e6dc57a1530d23de35f812b8bea1ab90d6b51c
SHA512 2a4ccf7921357e2e0cd7ce7c4a93032bc3b12bac7940898148a14159e377e94a90f15b995f993c9a8d97e0529fcc3d40b0e1c86b035b1b3f92c2075415113773

C:\Windows\System\JlAZeDj.exe

MD5 b51240267d0bc8acde5cb8e67bb19d3a
SHA1 6e32ee53447d9f6fda75fc335447653e879059e1
SHA256 1cdaf5286fbde5582167e0c3ccf469be0d5b5823d3ae75d8f18a45f917f44e7c
SHA512 723eec487c9a439b4092d5a144481b8c95d0635a30844068b9b19b2452984542a75b27101f331f0ecda6752d4baead2d68b80c40e60429f0b63ea1a572be5103

memory/3164-295-0x00007FF6EB740000-0x00007FF6EBA94000-memory.dmp

memory/4208-315-0x00007FF6E7E80000-0x00007FF6E81D4000-memory.dmp

memory/3892-322-0x00007FF749A90000-0x00007FF749DE4000-memory.dmp

memory/4280-325-0x00007FF653830000-0x00007FF653B84000-memory.dmp

memory/2064-324-0x00007FF7BB120000-0x00007FF7BB474000-memory.dmp

memory/3420-323-0x00007FF7111C0000-0x00007FF711514000-memory.dmp

memory/4768-321-0x00007FF735CC0000-0x00007FF736014000-memory.dmp

memory/516-320-0x00007FF729E60000-0x00007FF72A1B4000-memory.dmp

memory/4504-319-0x00007FF6DD410000-0x00007FF6DD764000-memory.dmp

memory/3628-318-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp

memory/452-317-0x00007FF61D780000-0x00007FF61DAD4000-memory.dmp

memory/5028-316-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp

memory/2964-314-0x00007FF6C2BD0000-0x00007FF6C2F24000-memory.dmp

memory/4896-313-0x00007FF78FA70000-0x00007FF78FDC4000-memory.dmp

memory/2476-312-0x00007FF6A7C80000-0x00007FF6A7FD4000-memory.dmp

memory/3656-310-0x00007FF7F60F0000-0x00007FF7F6444000-memory.dmp

memory/2264-290-0x00007FF7DA7B0000-0x00007FF7DAB04000-memory.dmp

memory/2768-286-0x00007FF6D3410000-0x00007FF6D3764000-memory.dmp

memory/400-229-0x00007FF7EB580000-0x00007FF7EB8D4000-memory.dmp

memory/4732-228-0x00007FF77F890000-0x00007FF77FBE4000-memory.dmp

memory/1028-225-0x00007FF744F10000-0x00007FF745264000-memory.dmp

memory/5112-221-0x00007FF688270000-0x00007FF6885C4000-memory.dmp

C:\Windows\System\TAvAncY.exe

MD5 1456061a179b5a742a2ad6c5b5ed2c11
SHA1 ee76b3e1501450242591e57a7be1a90f682e6a4d
SHA256 4294de34289dfef63207c5415a6eabef467de9f73ca346ae1edff0ea01e30587
SHA512 a325f2c4bb3fb95f2eb7fab3e4670ae83d6bded58920789086aa6c3788acb817094df33054b44015cca29dba1fcb6ee3866e834ae2034178b0116c8c6baf51ec

C:\Windows\System\XKqbQkq.exe

MD5 6b84ad502f3388b5c65d9625e3b1fe3a
SHA1 dccc87a3a0a7eb500c4e79a35551ac8ef76151a4
SHA256 39e9c311aee8a7f52057011f6ceeec0fabc1977c2f01c3ef47f1333e815fb477
SHA512 ffc0313844541f629afca853c5d99b93883cdb9eb1c2ca4c79399394b2f979639f613787b0ac8b2657f6634f538a01de429253564c4c091541a645b586ef0cab

C:\Windows\System\fUFoLfL.exe

MD5 e100bf837b36c76ba484fc88931773e8
SHA1 72d90e899dc6c110d23d5090a73803c7604dd9ba
SHA256 5a1562737acdd812dcd42fa174ad95f371b4f35d2f03423368e04f3c37133c74
SHA512 7b3dd054e3fae731bd42ffda616e036eb2fd4da6e179e9a2435faec21bb6af0b6d127adf3edbf0fd20f37fef50f469030b2cc4e777aed2c86c6f47c34569f3d5

C:\Windows\System\nRsSMve.exe

MD5 902e77bdf6021812a17916daeebac952
SHA1 3306744e8351d2db7444d7d1bf061183cee253c7
SHA256 b192c79549d1c4c82a50936e45eb0f5a497907eb79d338a45cfc2611581de2c7
SHA512 e47ee472926b206a8e0a968e6dfa34f9c04d53714a9337a9a171c7ec0698498aebafcafa9f0fd84d58967ef9fc1d5f83f5ca3595b2d732fd790e139636f03143

C:\Windows\System\pvCCjll.exe

MD5 89cf17ae6423d835c43ee4d41aec2929
SHA1 19579eb826e2dc7c8a03991806c2aebe759c2167
SHA256 d1f0a60b008c6dd1b9d1da8464d60f55427d0a2efdfab67fa67bdf2386a9893e
SHA512 7e4382e04e6fa384082f98ba5aa14ea2d203f6c0edba266cf2a34525209942b9e3db4a13ff01803899ce9d4b660aeba05320d20173437ac7b8b27542a4eae022

memory/3464-171-0x00007FF6EFDC0000-0x00007FF6F0114000-memory.dmp

C:\Windows\System\Iqlfxck.exe

MD5 109e02c431533c4f64358631410bdfee
SHA1 53916f223c528f0e98655942cf379d1bf773872f
SHA256 d2e219cae70487b6621cc0979a6da5790d9bc9eed8d28c49aa99713f0d67b4b4
SHA512 301387d65214b24157f88187b44dfc3a535f02158163ba84516134d0f72d51bd21dac6e7147585395b92f21f026f937b367bd478feab4ed10373bc48d33ce7dd

C:\Windows\System\OLrkINV.exe

MD5 3f7526d7d4461a580fb7fb0f205a730a
SHA1 dd2f79307e8b6b0b97a656def0c24a86d6bbe974
SHA256 06debe1d61ff34b0d8b4969cef4bfd1a8543bb79fbef8f721cfcda28f8f08dbd
SHA512 d871c0a25f6b128978ca3945dc30afd822064f6656b1065d025688e460ba4b6ae7fad75ed01f2d270fc9e0ec4d50e6848bf4ac6e5c8d3aa474ca5ab0ac8837c6

C:\Windows\System\jtlovWo.exe

MD5 b612ee3d1002104f79f055f75f1aa252
SHA1 b959b2d5ac20afd6af18a5e55a698760f4fdebc8
SHA256 95b5f7350c75995fc86315d370aeaffc2b20d8c87dc9aa88e56101ee02af015a
SHA512 ee8dfee2b4dc682b05ee4d98f3988ab45d909e1552eb9cd63d24dc7341f972c2af8553a0d6cce67a67d1911bb185a5cb9c2a566333c6b0ff2eb84005ef904470

C:\Windows\System\wRwkRRe.exe

MD5 b3300c5935246349a683a8ab0462c209
SHA1 272b6ed68342fff359cf60cb00d61e787952b97b
SHA256 70699732e7468e5912b1eb54c0d77c29fdb6f1cd67217ce640c8aa3502ca05a2
SHA512 09dcaca815dcf3679cc461de37877b13315d8a87acb53bc780ce384f914842f2dc05963e8b0b76b452b2558d65ea01396234ff48b6521f4fd10b7eb6737d3116

C:\Windows\System\MKmXecU.exe

MD5 29308c4743749acacb5a45cb23433b0e
SHA1 a3600276b94990f7053f1864ff092975f9e0249f
SHA256 424c17a97dddb3fb3706293ac63e928e7e4a97778a9f7890fd06edd80e0eca1c
SHA512 6801e182ee3ee23caa2986c18c8efe072344a82c87206a7ac7a852fa541f98ab6f8894fc5966265dbeaae4f0e34399cb2b32569f2bc846b4f1ed0965161a88ac

C:\Windows\System\iWXtabL.exe

MD5 4778edc1458d619c5ad876cb465a9abf
SHA1 20c4a3fa80b2b75ce8f43f1a031cc12759ce93b4
SHA256 037fe3a11458703b248bac51b8d583cad1c01410298e9e1147cf9106d61e0ea3
SHA512 b3ff6192659cc895e4f64e44a9316890d5c59cee90fad7559d4cec27bbdca2c9c9b986c41666a9cdca8df27fbe933516b7e7684fb2181a3ac93714ed7a4c6dab

C:\Windows\System\YCzkeUb.exe

MD5 154e8c7b58021a22742e31849dc5a1b4
SHA1 5bb9545ed7163db69a686a62dd9740a5b24269a7
SHA256 1e7f6f247191558d0dc18d561c77a9928282185812101869065d7ea5a28d98be
SHA512 eb7998db7df67afb19182cd535d67ae418b531d5e84254ecd087b8f076951e6e0fb0c6b01bf96eebbeeaf1e8b225ecb380f409211eb740ea0fd99e75ef9f62b8

C:\Windows\System\bCkWjgh.exe

MD5 b5263ba450a5ce87927aaf6a0aaad12a
SHA1 263044b7179084e3f3347781041f126125daa01d
SHA256 cd27badb352ec73c559edc7cf2d29b3088695bf2f686c9bea64b1f4174e733d3
SHA512 01d915b77019950632917f51254e217fb0953fcb70f0d53ac046fc825bfc887b48efbc75d55657fa47a4e543c29f72e26a7df6d0d71efc97efbdee02893749b0

C:\Windows\System\rYTpCzT.exe

MD5 4b6808842d3b04456f7f5987a07e012a
SHA1 91fa71353696b306f79d7ce3e6a858bad98593ea
SHA256 c2d64c5da5565682f9b588ee83f9e9bac33a0ff566c760eb75d0baa6a843dc75
SHA512 517ec837fa9ca40754a6ddca2db510fea358baa6a36c54cd00dcf04f2ccebedd3cd0ecd15accbf93b810bca82b256844a5e4c19f4f5dba056c75cd1b6e4ae483

memory/4904-131-0x00007FF7B2FE0000-0x00007FF7B3334000-memory.dmp

C:\Windows\System\UPbFRNP.exe

MD5 275516aaae0438a7f66dc7ab3555c9fa
SHA1 f4ead550f4d0a5e71b1a69acb0fd1726ca4671a5
SHA256 eb64972e4bfd42ba844ac1f1429bd7327004f710cd909e23a07ba259983a559b
SHA512 fe99035e3fac80a341ec1f3963fa337f513694f12c871cd9bc21b744c8f384e726989a9a912c817420f1475e9aa02f8b742013fed7138dc6832ea3861e021b61

C:\Windows\System\UxcEewQ.exe

MD5 dc9e8f28c81662e707500bcd9aa0e671
SHA1 9582debaddfcec264fa4eb0291f67440b87c0d3e
SHA256 c7345fdb39aa52e79cc345bc54b4d08b96935419847613654c4f01ad5ee56430
SHA512 f8b4d37438b0c04b58f018f8cdf1fa079752b2139c02aeedbc42fa1f55a983a8bfe2aaee75f0b1d511bee78b5bd4afb1e6f337bb527983b6e91887c8aeaf00c5

C:\Windows\System\wozLBvX.exe

MD5 5d8e986a9f27f4a687a8df95c3f43d70
SHA1 a3fbf067d7cb4daa5c75b64f6ccfbbda049192ae
SHA256 0b747c6d8d4181b2b3bc9680741b93a8230f631212a8cb4d13f6e82274e60774
SHA512 d6d605721b9d6fdc76f4eee742fa015ca4fd943afcaf41257abc582184c042df71a4a0c5308a2b22d5975954cc268a22af84d733652ac7769515b5d0a2bdbf6c

C:\Windows\System\YoLtUhL.exe

MD5 8e5722d65ae4cf871335c189b81ea515
SHA1 e57071ecd6d4042aad0f8a84ff0758d2256842e7
SHA256 db5b7480d6493fa93135db269c6c004d98512db90c1e88765a88566cc0fed0a1
SHA512 b3604cf9ab28f1d0774092b2a5128e9562e9292323c97774591c0eb97cdc7500530e82bb7107f90d9d3610536cd484dbfab404bc82f5d19dd04c4d8bd6169682

C:\Windows\System\ZIMWPCo.exe

MD5 0deaef5113741c3be02ff57289a5e062
SHA1 0d0422fd6763b8ffd23dc7e7cbb864fe53d82e1e
SHA256 2944fbc82c9b15990a4330c01f8f2a35ac9af2213e8d38d08407fa645c26e4e7
SHA512 1ac544e8bb82b2c4bea2bbbfea7bbb3304ecceb5a06dea82a311be7fe7028f09995b3b2a1c1e2afbc4826ee7798d75c0177024a91c2d8f893abf4b08af704df6

C:\Windows\System\hzFbTTq.exe

MD5 1de4e2273c96113cf16b6058f49d4421
SHA1 fc22e20be3d9ea54f51024ba3cf4bd6d8efb8dbf
SHA256 1562922572c816b59e0f33786f8d8a9a7f728a8445e20520a456a1af66f28344
SHA512 166be77b22271711598f0e060dd50fc8b7a0d9a6290a2ecfce3cb9f915d5ba4235741e242e3c6ac777e00136e5277e97ddf0ca1933489b165d1171bdcbdc7d35

memory/4136-100-0x00007FF6ECD20000-0x00007FF6ED074000-memory.dmp

C:\Windows\System\GIRokek.exe

MD5 9d3203bdfff819ab2fff58f4839b5c8d
SHA1 4a31422b2e10294fa9956e6395b000ef506fc727
SHA256 867b6588b9f639895688894f52feaaede93fc98a4e55e1692b1320f4f5071d95
SHA512 319661fdf4360cfdfcf2d2c4de1cd65cb3fcc616fbbbeb1de439850ec551785bd008183c5907b8535a959288b45fd29f1b3c5e14c31346263a78942bfbc6208d

C:\Windows\System\elDxYll.exe

MD5 978f3eb979ffe5f758dcd4273c6a3077
SHA1 b730271a64926e1d85337cc1524ae2e5f4fc67d6
SHA256 2a9f4e87668174528d27f8f687864109873afcd61c83b66c2b4f0998e5530e57
SHA512 99fae24d18915af4eb8078d3536d337e498df78311d5625d25474b83120e8d2eb383e03e5fb6fe4e667ba79108f6548ce812342f744bb1f616d864606c95e92e

C:\Windows\System\KWCScPS.exe

MD5 07310e60221c7f119f7fde399a52c463
SHA1 5dc96750fe74ab95ff850443268b8a3ca55f90f5
SHA256 68d52123ac3ab06479bfe1782fa5e6c934a995ec984b8e64fb3e24973b9875d1
SHA512 2e836a3b287fad648e881d40aa0687f0ee6d5be9feb982f0c8446f576c7bf7450b09b3cb18fd018742106f28101f56829a39ec0342215ed6962bd59bf0ec6098

C:\Windows\System\dcycScM.exe

MD5 b606e37d8f57aee32904748512d4d3a4
SHA1 eb4acd36aa1d024d23fab8d5358b7eb66a9b3f80
SHA256 1e26bd8b586f5fe2aef4f74a798197101b3996e073c92483260d8ede5c7c75ce
SHA512 8324d99969b493c0250ef8d7b4fa68bb5480fa7768bbcf0ac446435c508738c1dc2e5bf79395e44d9b3738caab11f042777213301e6fb645c577785c8f8377ad

C:\Windows\System\IGZpQsa.exe

MD5 0bb8977203bac7de18ad6cfa7cf18af7
SHA1 f9880cd21ee143c16bdf6aee4909e32d4491c914
SHA256 498e8d12b3b78f210e6ac214e4566f812ac4318ed36220c771361be0cff28d69
SHA512 a1c31185e0cc22d8f127a0f8ce50fa82437f6870d05fc4ed4c8d633578500797dfab636b0ddf5d6805200c46832eef21652ef9bc08e8152d9d9f97781b8e3380

C:\Windows\System\IGNQTJK.exe

MD5 376fc779ac495f1bb6b6e0af20e9be59
SHA1 045b3f4a5543d2ba6264f2903634a6c4345b3543
SHA256 c38ca59a936b5756720ba17ad68f5853a86177f568a0d36e3f23b1674f0eac7c
SHA512 43ee792afac22715c05edfa4470e8167408b2a396d1bb4dea2219aea7d8728678940164dec9079ba359f6ae88f38f91ce6cf6ddf995bad006fc1d8ba1feca3d6

memory/4856-73-0x00007FF788630000-0x00007FF788984000-memory.dmp

C:\Windows\System\AxZnjxD.exe

MD5 ebfbe31134cc5bafe0e5277d48457833
SHA1 c91129100047660a662de14d4bddc3cc4dc8d317
SHA256 70b84dd3855a89a46cd2f4cc4b138e68c6678b8dcae39893f212de3b28179d59
SHA512 34456e6ca2976f175c4fb3bcd0451f2d8eaf1c71c69dac05e2d46580cc27897860552f6b3f85c2318bea114cbada8dd30a22c0a1186f35f5df1cffa5bfa7b7dd

C:\Windows\System\VWSVPAn.exe

MD5 872ea4f93654407970d0f6633b30a577
SHA1 bbaa95eeb6e8b0604531cc322f94acf4ac6d282f
SHA256 ce8c8bacb114d7392a727cc615c0020a2db7b458c6c93e247e4b83f9b983802f
SHA512 c8d85b6510ee2adbebe6a31bcb0cc071c70abbf1afe6a48121ebd6852c9d4bb684224f677cb904403e8486c04bd36dd07bd34f09885231def69970ef33905c10

C:\Windows\System\YBxUskG.exe

MD5 59c7e06fac31189b8281d44f34ee870e
SHA1 a6203e2a5c5252b3ecad9e68ee53da755fb8db46
SHA256 f6ac47b8ad9d9fd4c9a174b29f02d1e070a92e795f04a37156bca598c8fc3289
SHA512 1bd3e7728aa18c6d66957a083059bca2cac42a51006157f618807b032e2a5e699a3e45933285477aee2264f9bca8df898e9039a2292d96ce498a88adf92a13fa

memory/1668-42-0x00007FF63A240000-0x00007FF63A594000-memory.dmp

C:\Windows\System\MFXuvfi.exe

MD5 95815e7ec186023983c094ddde10c013
SHA1 1bb6d65885bb2364eac44788186948bf83cb275a
SHA256 bd7d3e9db5110841c98b3abe8f9e2d7650021b3a6c4204026f14f09d58eb14b5
SHA512 a4be5cbe7939024b34e977c0c7013c15f58afa9ce3cf08286c2c9208ac3dfdf48a8e7a9622e27ec7d27c37fa2131a3beaefa55d2c8800a34fb3a40b655dd7794

C:\Windows\System\RbvaoRS.exe

MD5 80c2a5f1a645a8442d4424986a8d7e67
SHA1 9a10e752b93eac0e1290570341180e409be87b9e
SHA256 465c931bb90414a0951e432083c1e20cc2cb3dc62aa33ec4a8d8e11a4a9dd981
SHA512 c8c6504bd8f9ca3f1339ab1662ddd8b8e8c0d634b89bac30bb2cc2b3cbfd58ab700302b3b954018f154664d6fe7d139ccfc24c32bc3a95f18fbba45b5378de8e

memory/2776-21-0x00007FF7885E0000-0x00007FF788934000-memory.dmp

memory/3896-25-0x00007FF7748B0000-0x00007FF774C04000-memory.dmp

memory/3592-1069-0x00007FF7B9FD0000-0x00007FF7BA324000-memory.dmp

memory/2776-1070-0x00007FF7885E0000-0x00007FF788934000-memory.dmp

memory/3896-1071-0x00007FF7748B0000-0x00007FF774C04000-memory.dmp

memory/4904-1073-0x00007FF7B2FE0000-0x00007FF7B3334000-memory.dmp

memory/4856-1072-0x00007FF788630000-0x00007FF788984000-memory.dmp

memory/2776-1074-0x00007FF7885E0000-0x00007FF788934000-memory.dmp

memory/1668-1075-0x00007FF63A240000-0x00007FF63A594000-memory.dmp

memory/4136-1076-0x00007FF6ECD20000-0x00007FF6ED074000-memory.dmp

memory/3896-1077-0x00007FF7748B0000-0x00007FF774C04000-memory.dmp

memory/4856-1078-0x00007FF788630000-0x00007FF788984000-memory.dmp

memory/400-1079-0x00007FF7EB580000-0x00007FF7EB8D4000-memory.dmp

memory/516-1081-0x00007FF729E60000-0x00007FF72A1B4000-memory.dmp

memory/4732-1082-0x00007FF77F890000-0x00007FF77FBE4000-memory.dmp

memory/5112-1080-0x00007FF688270000-0x00007FF6885C4000-memory.dmp

memory/3892-1088-0x00007FF749A90000-0x00007FF749DE4000-memory.dmp

memory/3420-1098-0x00007FF7111C0000-0x00007FF711514000-memory.dmp

memory/3656-1102-0x00007FF7F60F0000-0x00007FF7F6444000-memory.dmp

memory/4904-1101-0x00007FF7B2FE0000-0x00007FF7B3334000-memory.dmp

memory/4768-1100-0x00007FF735CC0000-0x00007FF736014000-memory.dmp

memory/4504-1099-0x00007FF6DD410000-0x00007FF6DD764000-memory.dmp

memory/2476-1097-0x00007FF6A7C80000-0x00007FF6A7FD4000-memory.dmp

memory/3164-1096-0x00007FF6EB740000-0x00007FF6EBA94000-memory.dmp

memory/4280-1095-0x00007FF653830000-0x00007FF653B84000-memory.dmp

memory/5028-1094-0x00007FF7E5150000-0x00007FF7E54A4000-memory.dmp

memory/2064-1093-0x00007FF7BB120000-0x00007FF7BB474000-memory.dmp

memory/2768-1092-0x00007FF6D3410000-0x00007FF6D3764000-memory.dmp

memory/3628-1091-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp

memory/1028-1090-0x00007FF744F10000-0x00007FF745264000-memory.dmp

memory/4896-1086-0x00007FF78FA70000-0x00007FF78FDC4000-memory.dmp

memory/2964-1085-0x00007FF6C2BD0000-0x00007FF6C2F24000-memory.dmp

memory/4208-1084-0x00007FF6E7E80000-0x00007FF6E81D4000-memory.dmp

memory/452-1083-0x00007FF61D780000-0x00007FF61DAD4000-memory.dmp

memory/3464-1089-0x00007FF6EFDC0000-0x00007FF6F0114000-memory.dmp

memory/2264-1087-0x00007FF7DA7B0000-0x00007FF7DAB04000-memory.dmp