Malware Analysis Report

2024-10-16 07:52

Sample ID 240601-esh3csab24
Target 8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe
SHA256 ff58122607dc413f609e63c76dbfe42fb7e5cdc45dc224e171d6e09ddbf9d3ac
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ff58122607dc413f609e63c76dbfe42fb7e5cdc45dc224e171d6e09ddbf9d3ac

Threat Level: Known bad

The file 8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

xmrig

XMRig Miner payload

KPOT Core Executable

Kpot family

Xmrig family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 04:12

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 04:12

Reported

2024-06-01 04:14

Platform

win7-20240508-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xWzfBer.exe N/A
N/A N/A C:\Windows\System\hzgAdwh.exe N/A
N/A N/A C:\Windows\System\ZecXcPN.exe N/A
N/A N/A C:\Windows\System\DhnHwDU.exe N/A
N/A N/A C:\Windows\System\YzqTjzG.exe N/A
N/A N/A C:\Windows\System\FISTpVp.exe N/A
N/A N/A C:\Windows\System\kJjlRuq.exe N/A
N/A N/A C:\Windows\System\pMkYari.exe N/A
N/A N/A C:\Windows\System\ciRjBeu.exe N/A
N/A N/A C:\Windows\System\OfMIama.exe N/A
N/A N/A C:\Windows\System\YKmdGws.exe N/A
N/A N/A C:\Windows\System\AeVlRiw.exe N/A
N/A N/A C:\Windows\System\wSMpCNQ.exe N/A
N/A N/A C:\Windows\System\SPPVwmw.exe N/A
N/A N/A C:\Windows\System\nuZVzco.exe N/A
N/A N/A C:\Windows\System\jOnSkoP.exe N/A
N/A N/A C:\Windows\System\yaIwfRj.exe N/A
N/A N/A C:\Windows\System\kVYjOsZ.exe N/A
N/A N/A C:\Windows\System\pGNocKo.exe N/A
N/A N/A C:\Windows\System\KkKuhLc.exe N/A
N/A N/A C:\Windows\System\EzIeBbE.exe N/A
N/A N/A C:\Windows\System\jXjsxmO.exe N/A
N/A N/A C:\Windows\System\lWhyuwA.exe N/A
N/A N/A C:\Windows\System\Drfeofx.exe N/A
N/A N/A C:\Windows\System\iZcNwpd.exe N/A
N/A N/A C:\Windows\System\CqgkmVH.exe N/A
N/A N/A C:\Windows\System\kskOJbx.exe N/A
N/A N/A C:\Windows\System\gPoNVAn.exe N/A
N/A N/A C:\Windows\System\ydLeqMY.exe N/A
N/A N/A C:\Windows\System\RfZAFWy.exe N/A
N/A N/A C:\Windows\System\WYdDfFN.exe N/A
N/A N/A C:\Windows\System\bzZMBHJ.exe N/A
N/A N/A C:\Windows\System\ZtMBOQu.exe N/A
N/A N/A C:\Windows\System\BkPdtxN.exe N/A
N/A N/A C:\Windows\System\mCyERKv.exe N/A
N/A N/A C:\Windows\System\ysXgzCe.exe N/A
N/A N/A C:\Windows\System\PXRXwDj.exe N/A
N/A N/A C:\Windows\System\OvStNXc.exe N/A
N/A N/A C:\Windows\System\kLUzZcX.exe N/A
N/A N/A C:\Windows\System\tAQJQdI.exe N/A
N/A N/A C:\Windows\System\UayOHmI.exe N/A
N/A N/A C:\Windows\System\maCbOid.exe N/A
N/A N/A C:\Windows\System\XeOVQeY.exe N/A
N/A N/A C:\Windows\System\ZCuwlaB.exe N/A
N/A N/A C:\Windows\System\yGxoVON.exe N/A
N/A N/A C:\Windows\System\sKSHGtX.exe N/A
N/A N/A C:\Windows\System\UXiStKS.exe N/A
N/A N/A C:\Windows\System\SPzrcul.exe N/A
N/A N/A C:\Windows\System\FqwEFcF.exe N/A
N/A N/A C:\Windows\System\sFrpJrc.exe N/A
N/A N/A C:\Windows\System\oEvDghT.exe N/A
N/A N/A C:\Windows\System\xhiKRAr.exe N/A
N/A N/A C:\Windows\System\uFsEyBC.exe N/A
N/A N/A C:\Windows\System\TKTANCs.exe N/A
N/A N/A C:\Windows\System\ppAztgY.exe N/A
N/A N/A C:\Windows\System\zYCwBPi.exe N/A
N/A N/A C:\Windows\System\UPWlYFX.exe N/A
N/A N/A C:\Windows\System\LByTJya.exe N/A
N/A N/A C:\Windows\System\UrZqyaq.exe N/A
N/A N/A C:\Windows\System\kqoljXQ.exe N/A
N/A N/A C:\Windows\System\ZioOftQ.exe N/A
N/A N/A C:\Windows\System\BneEOMs.exe N/A
N/A N/A C:\Windows\System\mJxTysv.exe N/A
N/A N/A C:\Windows\System\BBhSJvQ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\KCPbGOE.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pybghgA.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ETkKnHv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ciRjBeu.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EORJCLc.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxLVzQG.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXkVafi.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVupFxF.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTrHeil.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iLdwblN.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSMpCNQ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBsAQAZ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\acdKIod.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ustwnrl.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCuwlaB.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCFWcNI.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KyMobRZ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mzBvGls.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJCUEXI.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFBcoWw.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpENKWI.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UveQicz.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyrlmnJ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVjrtCm.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmTaFjm.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqrdyzT.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\roBiOrC.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHvGvaJ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WQoqTio.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ioyxoll.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\byISPXp.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxCbWjv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbMfWpG.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMlstDP.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYeBHoL.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CoeSBxb.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTbzSpN.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGxvyMg.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCAuDYN.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHIXOpk.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzqTjzG.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhiKRAr.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCsbnJk.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVjliQh.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvQLijv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYeQCGw.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFrpJrc.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UrZqyaq.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBcbYKp.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KkKuhLc.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVzGQvU.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckYVcVn.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZYeHNx.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVwcsqd.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmywQMf.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mApsKRA.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzmzDho.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXiStKS.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LByTJya.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYdDfFN.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppAztgY.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bsQAUve.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHaaqRO.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNAHKTo.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\xWzfBer.exe
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\xWzfBer.exe
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\xWzfBer.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\hzgAdwh.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\hzgAdwh.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\hzgAdwh.exe
PID 1736 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ZecXcPN.exe
PID 1736 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ZecXcPN.exe
PID 1736 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ZecXcPN.exe
PID 1736 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\DhnHwDU.exe
PID 1736 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\DhnHwDU.exe
PID 1736 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\DhnHwDU.exe
PID 1736 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YzqTjzG.exe
PID 1736 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YzqTjzG.exe
PID 1736 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YzqTjzG.exe
PID 1736 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FISTpVp.exe
PID 1736 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FISTpVp.exe
PID 1736 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FISTpVp.exe
PID 1736 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kJjlRuq.exe
PID 1736 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kJjlRuq.exe
PID 1736 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kJjlRuq.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pMkYari.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pMkYari.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pMkYari.exe
PID 1736 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ciRjBeu.exe
PID 1736 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ciRjBeu.exe
PID 1736 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ciRjBeu.exe
PID 1736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\OfMIama.exe
PID 1736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\OfMIama.exe
PID 1736 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\OfMIama.exe
PID 1736 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YKmdGws.exe
PID 1736 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YKmdGws.exe
PID 1736 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YKmdGws.exe
PID 1736 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AeVlRiw.exe
PID 1736 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AeVlRiw.exe
PID 1736 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AeVlRiw.exe
PID 1736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wSMpCNQ.exe
PID 1736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wSMpCNQ.exe
PID 1736 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wSMpCNQ.exe
PID 1736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SPPVwmw.exe
PID 1736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SPPVwmw.exe
PID 1736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SPPVwmw.exe
PID 1736 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nuZVzco.exe
PID 1736 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nuZVzco.exe
PID 1736 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nuZVzco.exe
PID 1736 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jOnSkoP.exe
PID 1736 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jOnSkoP.exe
PID 1736 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jOnSkoP.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\yaIwfRj.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\yaIwfRj.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\yaIwfRj.exe
PID 1736 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kVYjOsZ.exe
PID 1736 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kVYjOsZ.exe
PID 1736 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kVYjOsZ.exe
PID 1736 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pGNocKo.exe
PID 1736 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pGNocKo.exe
PID 1736 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\pGNocKo.exe
PID 1736 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KkKuhLc.exe
PID 1736 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KkKuhLc.exe
PID 1736 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KkKuhLc.exe
PID 1736 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\EzIeBbE.exe
PID 1736 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\EzIeBbE.exe
PID 1736 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\EzIeBbE.exe
PID 1736 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jXjsxmO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe"

C:\Windows\System\xWzfBer.exe

C:\Windows\System\xWzfBer.exe

C:\Windows\System\hzgAdwh.exe

C:\Windows\System\hzgAdwh.exe

C:\Windows\System\ZecXcPN.exe

C:\Windows\System\ZecXcPN.exe

C:\Windows\System\DhnHwDU.exe

C:\Windows\System\DhnHwDU.exe

C:\Windows\System\YzqTjzG.exe

C:\Windows\System\YzqTjzG.exe

C:\Windows\System\FISTpVp.exe

C:\Windows\System\FISTpVp.exe

C:\Windows\System\kJjlRuq.exe

C:\Windows\System\kJjlRuq.exe

C:\Windows\System\pMkYari.exe

C:\Windows\System\pMkYari.exe

C:\Windows\System\ciRjBeu.exe

C:\Windows\System\ciRjBeu.exe

C:\Windows\System\OfMIama.exe

C:\Windows\System\OfMIama.exe

C:\Windows\System\YKmdGws.exe

C:\Windows\System\YKmdGws.exe

C:\Windows\System\AeVlRiw.exe

C:\Windows\System\AeVlRiw.exe

C:\Windows\System\wSMpCNQ.exe

C:\Windows\System\wSMpCNQ.exe

C:\Windows\System\SPPVwmw.exe

C:\Windows\System\SPPVwmw.exe

C:\Windows\System\nuZVzco.exe

C:\Windows\System\nuZVzco.exe

C:\Windows\System\jOnSkoP.exe

C:\Windows\System\jOnSkoP.exe

C:\Windows\System\yaIwfRj.exe

C:\Windows\System\yaIwfRj.exe

C:\Windows\System\kVYjOsZ.exe

C:\Windows\System\kVYjOsZ.exe

C:\Windows\System\pGNocKo.exe

C:\Windows\System\pGNocKo.exe

C:\Windows\System\KkKuhLc.exe

C:\Windows\System\KkKuhLc.exe

C:\Windows\System\EzIeBbE.exe

C:\Windows\System\EzIeBbE.exe

C:\Windows\System\jXjsxmO.exe

C:\Windows\System\jXjsxmO.exe

C:\Windows\System\lWhyuwA.exe

C:\Windows\System\lWhyuwA.exe

C:\Windows\System\Drfeofx.exe

C:\Windows\System\Drfeofx.exe

C:\Windows\System\iZcNwpd.exe

C:\Windows\System\iZcNwpd.exe

C:\Windows\System\CqgkmVH.exe

C:\Windows\System\CqgkmVH.exe

C:\Windows\System\kskOJbx.exe

C:\Windows\System\kskOJbx.exe

C:\Windows\System\gPoNVAn.exe

C:\Windows\System\gPoNVAn.exe

C:\Windows\System\ydLeqMY.exe

C:\Windows\System\ydLeqMY.exe

C:\Windows\System\RfZAFWy.exe

C:\Windows\System\RfZAFWy.exe

C:\Windows\System\WYdDfFN.exe

C:\Windows\System\WYdDfFN.exe

C:\Windows\System\bzZMBHJ.exe

C:\Windows\System\bzZMBHJ.exe

C:\Windows\System\ZtMBOQu.exe

C:\Windows\System\ZtMBOQu.exe

C:\Windows\System\BkPdtxN.exe

C:\Windows\System\BkPdtxN.exe

C:\Windows\System\mCyERKv.exe

C:\Windows\System\mCyERKv.exe

C:\Windows\System\ysXgzCe.exe

C:\Windows\System\ysXgzCe.exe

C:\Windows\System\PXRXwDj.exe

C:\Windows\System\PXRXwDj.exe

C:\Windows\System\OvStNXc.exe

C:\Windows\System\OvStNXc.exe

C:\Windows\System\kLUzZcX.exe

C:\Windows\System\kLUzZcX.exe

C:\Windows\System\tAQJQdI.exe

C:\Windows\System\tAQJQdI.exe

C:\Windows\System\UayOHmI.exe

C:\Windows\System\UayOHmI.exe

C:\Windows\System\maCbOid.exe

C:\Windows\System\maCbOid.exe

C:\Windows\System\XeOVQeY.exe

C:\Windows\System\XeOVQeY.exe

C:\Windows\System\ZCuwlaB.exe

C:\Windows\System\ZCuwlaB.exe

C:\Windows\System\yGxoVON.exe

C:\Windows\System\yGxoVON.exe

C:\Windows\System\sKSHGtX.exe

C:\Windows\System\sKSHGtX.exe

C:\Windows\System\UXiStKS.exe

C:\Windows\System\UXiStKS.exe

C:\Windows\System\SPzrcul.exe

C:\Windows\System\SPzrcul.exe

C:\Windows\System\FqwEFcF.exe

C:\Windows\System\FqwEFcF.exe

C:\Windows\System\sFrpJrc.exe

C:\Windows\System\sFrpJrc.exe

C:\Windows\System\oEvDghT.exe

C:\Windows\System\oEvDghT.exe

C:\Windows\System\xhiKRAr.exe

C:\Windows\System\xhiKRAr.exe

C:\Windows\System\uFsEyBC.exe

C:\Windows\System\uFsEyBC.exe

C:\Windows\System\TKTANCs.exe

C:\Windows\System\TKTANCs.exe

C:\Windows\System\ppAztgY.exe

C:\Windows\System\ppAztgY.exe

C:\Windows\System\zYCwBPi.exe

C:\Windows\System\zYCwBPi.exe

C:\Windows\System\UPWlYFX.exe

C:\Windows\System\UPWlYFX.exe

C:\Windows\System\LByTJya.exe

C:\Windows\System\LByTJya.exe

C:\Windows\System\UrZqyaq.exe

C:\Windows\System\UrZqyaq.exe

C:\Windows\System\kqoljXQ.exe

C:\Windows\System\kqoljXQ.exe

C:\Windows\System\ZioOftQ.exe

C:\Windows\System\ZioOftQ.exe

C:\Windows\System\BneEOMs.exe

C:\Windows\System\BneEOMs.exe

C:\Windows\System\mJxTysv.exe

C:\Windows\System\mJxTysv.exe

C:\Windows\System\BBhSJvQ.exe

C:\Windows\System\BBhSJvQ.exe

C:\Windows\System\bpENKWI.exe

C:\Windows\System\bpENKWI.exe

C:\Windows\System\HqmjMQZ.exe

C:\Windows\System\HqmjMQZ.exe

C:\Windows\System\RBsAQAZ.exe

C:\Windows\System\RBsAQAZ.exe

C:\Windows\System\ImeboNQ.exe

C:\Windows\System\ImeboNQ.exe

C:\Windows\System\UveQicz.exe

C:\Windows\System\UveQicz.exe

C:\Windows\System\CrmLDJT.exe

C:\Windows\System\CrmLDJT.exe

C:\Windows\System\UxEGiFE.exe

C:\Windows\System\UxEGiFE.exe

C:\Windows\System\EORJCLc.exe

C:\Windows\System\EORJCLc.exe

C:\Windows\System\WMlstDP.exe

C:\Windows\System\WMlstDP.exe

C:\Windows\System\lbVAmCB.exe

C:\Windows\System\lbVAmCB.exe

C:\Windows\System\cUqUoKk.exe

C:\Windows\System\cUqUoKk.exe

C:\Windows\System\nORfgwN.exe

C:\Windows\System\nORfgwN.exe

C:\Windows\System\HuvfTWS.exe

C:\Windows\System\HuvfTWS.exe

C:\Windows\System\aUdLzds.exe

C:\Windows\System\aUdLzds.exe

C:\Windows\System\uYHPINX.exe

C:\Windows\System\uYHPINX.exe

C:\Windows\System\oVzGQvU.exe

C:\Windows\System\oVzGQvU.exe

C:\Windows\System\vkqsUuJ.exe

C:\Windows\System\vkqsUuJ.exe

C:\Windows\System\pmTaFjm.exe

C:\Windows\System\pmTaFjm.exe

C:\Windows\System\zjvUitP.exe

C:\Windows\System\zjvUitP.exe

C:\Windows\System\kazKefb.exe

C:\Windows\System\kazKefb.exe

C:\Windows\System\bsQAUve.exe

C:\Windows\System\bsQAUve.exe

C:\Windows\System\XlIbKnw.exe

C:\Windows\System\XlIbKnw.exe

C:\Windows\System\JCsbnJk.exe

C:\Windows\System\JCsbnJk.exe

C:\Windows\System\xJpLYiI.exe

C:\Windows\System\xJpLYiI.exe

C:\Windows\System\AiFNlcU.exe

C:\Windows\System\AiFNlcU.exe

C:\Windows\System\KILqLeF.exe

C:\Windows\System\KILqLeF.exe

C:\Windows\System\AwTrcJE.exe

C:\Windows\System\AwTrcJE.exe

C:\Windows\System\zuZXRTi.exe

C:\Windows\System\zuZXRTi.exe

C:\Windows\System\wWbdbWG.exe

C:\Windows\System\wWbdbWG.exe

C:\Windows\System\iMkahko.exe

C:\Windows\System\iMkahko.exe

C:\Windows\System\sQkcMrp.exe

C:\Windows\System\sQkcMrp.exe

C:\Windows\System\zWAsMwG.exe

C:\Windows\System\zWAsMwG.exe

C:\Windows\System\DXzHhEf.exe

C:\Windows\System\DXzHhEf.exe

C:\Windows\System\jYokqFW.exe

C:\Windows\System\jYokqFW.exe

C:\Windows\System\uYeBHoL.exe

C:\Windows\System\uYeBHoL.exe

C:\Windows\System\ooIjPUS.exe

C:\Windows\System\ooIjPUS.exe

C:\Windows\System\quqPnkP.exe

C:\Windows\System\quqPnkP.exe

C:\Windows\System\cJNwHLl.exe

C:\Windows\System\cJNwHLl.exe

C:\Windows\System\CoeSBxb.exe

C:\Windows\System\CoeSBxb.exe

C:\Windows\System\RFliGeC.exe

C:\Windows\System\RFliGeC.exe

C:\Windows\System\QxLVzQG.exe

C:\Windows\System\QxLVzQG.exe

C:\Windows\System\ZRxaGKn.exe

C:\Windows\System\ZRxaGKn.exe

C:\Windows\System\yutWrLM.exe

C:\Windows\System\yutWrLM.exe

C:\Windows\System\KuavslY.exe

C:\Windows\System\KuavslY.exe

C:\Windows\System\yNZisdD.exe

C:\Windows\System\yNZisdD.exe

C:\Windows\System\jBcbYKp.exe

C:\Windows\System\jBcbYKp.exe

C:\Windows\System\vQvjkft.exe

C:\Windows\System\vQvjkft.exe

C:\Windows\System\asYyhUY.exe

C:\Windows\System\asYyhUY.exe

C:\Windows\System\WKAkXOD.exe

C:\Windows\System\WKAkXOD.exe

C:\Windows\System\reZRanW.exe

C:\Windows\System\reZRanW.exe

C:\Windows\System\GduLtlX.exe

C:\Windows\System\GduLtlX.exe

C:\Windows\System\AKOuoFa.exe

C:\Windows\System\AKOuoFa.exe

C:\Windows\System\IwRweMj.exe

C:\Windows\System\IwRweMj.exe

C:\Windows\System\ATWqDLq.exe

C:\Windows\System\ATWqDLq.exe

C:\Windows\System\gCwZdXx.exe

C:\Windows\System\gCwZdXx.exe

C:\Windows\System\nLUXnEO.exe

C:\Windows\System\nLUXnEO.exe

C:\Windows\System\ZyUfwdw.exe

C:\Windows\System\ZyUfwdw.exe

C:\Windows\System\jqrdyzT.exe

C:\Windows\System\jqrdyzT.exe

C:\Windows\System\QlxhKcs.exe

C:\Windows\System\QlxhKcs.exe

C:\Windows\System\BmNMGRU.exe

C:\Windows\System\BmNMGRU.exe

C:\Windows\System\ETkKnHv.exe

C:\Windows\System\ETkKnHv.exe

C:\Windows\System\otqcRvD.exe

C:\Windows\System\otqcRvD.exe

C:\Windows\System\IQPPcqb.exe

C:\Windows\System\IQPPcqb.exe

C:\Windows\System\QGuKRbr.exe

C:\Windows\System\QGuKRbr.exe

C:\Windows\System\CjSCuDB.exe

C:\Windows\System\CjSCuDB.exe

C:\Windows\System\WTfyEFz.exe

C:\Windows\System\WTfyEFz.exe

C:\Windows\System\rLoqNHi.exe

C:\Windows\System\rLoqNHi.exe

C:\Windows\System\dROhtSQ.exe

C:\Windows\System\dROhtSQ.exe

C:\Windows\System\DgSWDEm.exe

C:\Windows\System\DgSWDEm.exe

C:\Windows\System\Ehbfutb.exe

C:\Windows\System\Ehbfutb.exe

C:\Windows\System\BYbKBQy.exe

C:\Windows\System\BYbKBQy.exe

C:\Windows\System\avqqfdr.exe

C:\Windows\System\avqqfdr.exe

C:\Windows\System\RdGEgDv.exe

C:\Windows\System\RdGEgDv.exe

C:\Windows\System\QHaaqRO.exe

C:\Windows\System\QHaaqRO.exe

C:\Windows\System\WyCoPaz.exe

C:\Windows\System\WyCoPaz.exe

C:\Windows\System\WDxwiiZ.exe

C:\Windows\System\WDxwiiZ.exe

C:\Windows\System\AFWWAiF.exe

C:\Windows\System\AFWWAiF.exe

C:\Windows\System\ckYVcVn.exe

C:\Windows\System\ckYVcVn.exe

C:\Windows\System\tHbggmy.exe

C:\Windows\System\tHbggmy.exe

C:\Windows\System\QNSktsK.exe

C:\Windows\System\QNSktsK.exe

C:\Windows\System\pMEUzIf.exe

C:\Windows\System\pMEUzIf.exe

C:\Windows\System\BHtbtQp.exe

C:\Windows\System\BHtbtQp.exe

C:\Windows\System\GtyVxug.exe

C:\Windows\System\GtyVxug.exe

C:\Windows\System\fdOBaAG.exe

C:\Windows\System\fdOBaAG.exe

C:\Windows\System\gZYeHNx.exe

C:\Windows\System\gZYeHNx.exe

C:\Windows\System\llVhxpK.exe

C:\Windows\System\llVhxpK.exe

C:\Windows\System\WQoqTio.exe

C:\Windows\System\WQoqTio.exe

C:\Windows\System\vszyRAM.exe

C:\Windows\System\vszyRAM.exe

C:\Windows\System\LeUpEeq.exe

C:\Windows\System\LeUpEeq.exe

C:\Windows\System\lCFWcNI.exe

C:\Windows\System\lCFWcNI.exe

C:\Windows\System\DoZRgah.exe

C:\Windows\System\DoZRgah.exe

C:\Windows\System\DfzosPQ.exe

C:\Windows\System\DfzosPQ.exe

C:\Windows\System\ZXXpQJn.exe

C:\Windows\System\ZXXpQJn.exe

C:\Windows\System\rntzTNp.exe

C:\Windows\System\rntzTNp.exe

C:\Windows\System\KyMobRZ.exe

C:\Windows\System\KyMobRZ.exe

C:\Windows\System\KlHSkMt.exe

C:\Windows\System\KlHSkMt.exe

C:\Windows\System\mzBvGls.exe

C:\Windows\System\mzBvGls.exe

C:\Windows\System\cJCUEXI.exe

C:\Windows\System\cJCUEXI.exe

C:\Windows\System\qStwyYC.exe

C:\Windows\System\qStwyYC.exe

C:\Windows\System\NHvNuhy.exe

C:\Windows\System\NHvNuhy.exe

C:\Windows\System\YVwcsqd.exe

C:\Windows\System\YVwcsqd.exe

C:\Windows\System\uqhDMHC.exe

C:\Windows\System\uqhDMHC.exe

C:\Windows\System\BEyzXWn.exe

C:\Windows\System\BEyzXWn.exe

C:\Windows\System\AHhxFpS.exe

C:\Windows\System\AHhxFpS.exe

C:\Windows\System\BnJmkvo.exe

C:\Windows\System\BnJmkvo.exe

C:\Windows\System\CPYHWwj.exe

C:\Windows\System\CPYHWwj.exe

C:\Windows\System\wyrlmnJ.exe

C:\Windows\System\wyrlmnJ.exe

C:\Windows\System\kBnKNBS.exe

C:\Windows\System\kBnKNBS.exe

C:\Windows\System\xVIGouH.exe

C:\Windows\System\xVIGouH.exe

C:\Windows\System\HxNqwIR.exe

C:\Windows\System\HxNqwIR.exe

C:\Windows\System\GiBMlkw.exe

C:\Windows\System\GiBMlkw.exe

C:\Windows\System\eWVmKoi.exe

C:\Windows\System\eWVmKoi.exe

C:\Windows\System\AZePcfN.exe

C:\Windows\System\AZePcfN.exe

C:\Windows\System\XbTuIFW.exe

C:\Windows\System\XbTuIFW.exe

C:\Windows\System\PfEBinM.exe

C:\Windows\System\PfEBinM.exe

C:\Windows\System\aUbdBuM.exe

C:\Windows\System\aUbdBuM.exe

C:\Windows\System\ELrVFGR.exe

C:\Windows\System\ELrVFGR.exe

C:\Windows\System\hmywQMf.exe

C:\Windows\System\hmywQMf.exe

C:\Windows\System\nxpmZuv.exe

C:\Windows\System\nxpmZuv.exe

C:\Windows\System\alhCayz.exe

C:\Windows\System\alhCayz.exe

C:\Windows\System\KbLEyOf.exe

C:\Windows\System\KbLEyOf.exe

C:\Windows\System\pmPTwxt.exe

C:\Windows\System\pmPTwxt.exe

C:\Windows\System\SglWCMf.exe

C:\Windows\System\SglWCMf.exe

C:\Windows\System\vooacip.exe

C:\Windows\System\vooacip.exe

C:\Windows\System\fMMurfN.exe

C:\Windows\System\fMMurfN.exe

C:\Windows\System\kVfLyby.exe

C:\Windows\System\kVfLyby.exe

C:\Windows\System\mtSCZkT.exe

C:\Windows\System\mtSCZkT.exe

C:\Windows\System\qgfWxCF.exe

C:\Windows\System\qgfWxCF.exe

C:\Windows\System\pqDWBzu.exe

C:\Windows\System\pqDWBzu.exe

C:\Windows\System\tXYCQoC.exe

C:\Windows\System\tXYCQoC.exe

C:\Windows\System\UVjliQh.exe

C:\Windows\System\UVjliQh.exe

C:\Windows\System\wyEfGML.exe

C:\Windows\System\wyEfGML.exe

C:\Windows\System\UCxJvqL.exe

C:\Windows\System\UCxJvqL.exe

C:\Windows\System\noWFpyg.exe

C:\Windows\System\noWFpyg.exe

C:\Windows\System\Sdcxvrz.exe

C:\Windows\System\Sdcxvrz.exe

C:\Windows\System\DJmlIhQ.exe

C:\Windows\System\DJmlIhQ.exe

C:\Windows\System\gfNnpsS.exe

C:\Windows\System\gfNnpsS.exe

C:\Windows\System\NUmljOh.exe

C:\Windows\System\NUmljOh.exe

C:\Windows\System\PpaxDgS.exe

C:\Windows\System\PpaxDgS.exe

C:\Windows\System\KXkVafi.exe

C:\Windows\System\KXkVafi.exe

C:\Windows\System\URBaSQB.exe

C:\Windows\System\URBaSQB.exe

C:\Windows\System\GddJsUt.exe

C:\Windows\System\GddJsUt.exe

C:\Windows\System\AtdMyUt.exe

C:\Windows\System\AtdMyUt.exe

C:\Windows\System\roBiOrC.exe

C:\Windows\System\roBiOrC.exe

C:\Windows\System\XyVvWpN.exe

C:\Windows\System\XyVvWpN.exe

C:\Windows\System\TQLoROy.exe

C:\Windows\System\TQLoROy.exe

C:\Windows\System\VGUsIgW.exe

C:\Windows\System\VGUsIgW.exe

C:\Windows\System\WfKokpg.exe

C:\Windows\System\WfKokpg.exe

C:\Windows\System\AaXSzuW.exe

C:\Windows\System\AaXSzuW.exe

C:\Windows\System\WLRiDSD.exe

C:\Windows\System\WLRiDSD.exe

C:\Windows\System\roeJavn.exe

C:\Windows\System\roeJavn.exe

C:\Windows\System\zvQLijv.exe

C:\Windows\System\zvQLijv.exe

C:\Windows\System\mApsKRA.exe

C:\Windows\System\mApsKRA.exe

C:\Windows\System\zZUsizN.exe

C:\Windows\System\zZUsizN.exe

C:\Windows\System\YsPswdH.exe

C:\Windows\System\YsPswdH.exe

C:\Windows\System\LTbMpTy.exe

C:\Windows\System\LTbMpTy.exe

C:\Windows\System\dHvGvaJ.exe

C:\Windows\System\dHvGvaJ.exe

C:\Windows\System\BcIHrbF.exe

C:\Windows\System\BcIHrbF.exe

C:\Windows\System\omiexvd.exe

C:\Windows\System\omiexvd.exe

C:\Windows\System\vVupFxF.exe

C:\Windows\System\vVupFxF.exe

C:\Windows\System\FGMmuuI.exe

C:\Windows\System\FGMmuuI.exe

C:\Windows\System\kVmlmYE.exe

C:\Windows\System\kVmlmYE.exe

C:\Windows\System\gZkbxTN.exe

C:\Windows\System\gZkbxTN.exe

C:\Windows\System\EHYjQId.exe

C:\Windows\System\EHYjQId.exe

C:\Windows\System\RdtplTQ.exe

C:\Windows\System\RdtplTQ.exe

C:\Windows\System\FsPpgIG.exe

C:\Windows\System\FsPpgIG.exe

C:\Windows\System\tqDfwre.exe

C:\Windows\System\tqDfwre.exe

C:\Windows\System\KFBcoWw.exe

C:\Windows\System\KFBcoWw.exe

C:\Windows\System\HKtrhqO.exe

C:\Windows\System\HKtrhqO.exe

C:\Windows\System\LZCIEQZ.exe

C:\Windows\System\LZCIEQZ.exe

C:\Windows\System\QqQYpQf.exe

C:\Windows\System\QqQYpQf.exe

C:\Windows\System\uKHYJNM.exe

C:\Windows\System\uKHYJNM.exe

C:\Windows\System\SlimkNA.exe

C:\Windows\System\SlimkNA.exe

C:\Windows\System\DQGwIuq.exe

C:\Windows\System\DQGwIuq.exe

C:\Windows\System\mXufhpL.exe

C:\Windows\System\mXufhpL.exe

C:\Windows\System\YYKUXOU.exe

C:\Windows\System\YYKUXOU.exe

C:\Windows\System\yKlKQlK.exe

C:\Windows\System\yKlKQlK.exe

C:\Windows\System\HAlRfJc.exe

C:\Windows\System\HAlRfJc.exe

C:\Windows\System\rAOonXH.exe

C:\Windows\System\rAOonXH.exe

C:\Windows\System\SpfLgvP.exe

C:\Windows\System\SpfLgvP.exe

C:\Windows\System\jTbzSpN.exe

C:\Windows\System\jTbzSpN.exe

C:\Windows\System\sfxYXex.exe

C:\Windows\System\sfxYXex.exe

C:\Windows\System\SyPiCtg.exe

C:\Windows\System\SyPiCtg.exe

C:\Windows\System\nMWLGPP.exe

C:\Windows\System\nMWLGPP.exe

C:\Windows\System\USpBwrL.exe

C:\Windows\System\USpBwrL.exe

C:\Windows\System\yTrHeil.exe

C:\Windows\System\yTrHeil.exe

C:\Windows\System\zqVoXNo.exe

C:\Windows\System\zqVoXNo.exe

C:\Windows\System\qAhchwl.exe

C:\Windows\System\qAhchwl.exe

C:\Windows\System\cVIwciD.exe

C:\Windows\System\cVIwciD.exe

C:\Windows\System\kTGxyOU.exe

C:\Windows\System\kTGxyOU.exe

C:\Windows\System\ZByscHi.exe

C:\Windows\System\ZByscHi.exe

C:\Windows\System\rNAHKTo.exe

C:\Windows\System\rNAHKTo.exe

C:\Windows\System\cMgdyou.exe

C:\Windows\System\cMgdyou.exe

C:\Windows\System\OvZoAGb.exe

C:\Windows\System\OvZoAGb.exe

C:\Windows\System\bgmGAEW.exe

C:\Windows\System\bgmGAEW.exe

C:\Windows\System\WdrgVvr.exe

C:\Windows\System\WdrgVvr.exe

C:\Windows\System\zfjhdCF.exe

C:\Windows\System\zfjhdCF.exe

C:\Windows\System\KCPbGOE.exe

C:\Windows\System\KCPbGOE.exe

C:\Windows\System\ErKTruM.exe

C:\Windows\System\ErKTruM.exe

C:\Windows\System\WfCpqYC.exe

C:\Windows\System\WfCpqYC.exe

C:\Windows\System\AguGVVa.exe

C:\Windows\System\AguGVVa.exe

C:\Windows\System\Ioyxoll.exe

C:\Windows\System\Ioyxoll.exe

C:\Windows\System\yzmzDho.exe

C:\Windows\System\yzmzDho.exe

C:\Windows\System\LRgkmRx.exe

C:\Windows\System\LRgkmRx.exe

C:\Windows\System\bBDLhQD.exe

C:\Windows\System\bBDLhQD.exe

C:\Windows\System\UxkhnUY.exe

C:\Windows\System\UxkhnUY.exe

C:\Windows\System\cFAHDFb.exe

C:\Windows\System\cFAHDFb.exe

C:\Windows\System\EcoStwM.exe

C:\Windows\System\EcoStwM.exe

C:\Windows\System\KGjhHnG.exe

C:\Windows\System\KGjhHnG.exe

C:\Windows\System\kGxvyMg.exe

C:\Windows\System\kGxvyMg.exe

C:\Windows\System\WUFXwxa.exe

C:\Windows\System\WUFXwxa.exe

C:\Windows\System\CjoRpyv.exe

C:\Windows\System\CjoRpyv.exe

C:\Windows\System\acdKIod.exe

C:\Windows\System\acdKIod.exe

C:\Windows\System\NDeqwvc.exe

C:\Windows\System\NDeqwvc.exe

C:\Windows\System\BLxTjsu.exe

C:\Windows\System\BLxTjsu.exe

C:\Windows\System\aWVMANH.exe

C:\Windows\System\aWVMANH.exe

C:\Windows\System\SgDObwB.exe

C:\Windows\System\SgDObwB.exe

C:\Windows\System\bPRCBmA.exe

C:\Windows\System\bPRCBmA.exe

C:\Windows\System\spoFKWv.exe

C:\Windows\System\spoFKWv.exe

C:\Windows\System\jAsrBnU.exe

C:\Windows\System\jAsrBnU.exe

C:\Windows\System\AVqZqeM.exe

C:\Windows\System\AVqZqeM.exe

C:\Windows\System\YLcjKVx.exe

C:\Windows\System\YLcjKVx.exe

C:\Windows\System\IYeQCGw.exe

C:\Windows\System\IYeQCGw.exe

C:\Windows\System\zZRdilz.exe

C:\Windows\System\zZRdilz.exe

C:\Windows\System\pnwdkDs.exe

C:\Windows\System\pnwdkDs.exe

C:\Windows\System\CVjrtCm.exe

C:\Windows\System\CVjrtCm.exe

C:\Windows\System\wDbcNzu.exe

C:\Windows\System\wDbcNzu.exe

C:\Windows\System\vpSvVis.exe

C:\Windows\System\vpSvVis.exe

C:\Windows\System\Ustwnrl.exe

C:\Windows\System\Ustwnrl.exe

C:\Windows\System\JpyWqsW.exe

C:\Windows\System\JpyWqsW.exe

C:\Windows\System\lGqrEkJ.exe

C:\Windows\System\lGqrEkJ.exe

C:\Windows\System\bbxoEmL.exe

C:\Windows\System\bbxoEmL.exe

C:\Windows\System\VsPnYdH.exe

C:\Windows\System\VsPnYdH.exe

C:\Windows\System\mgDvlWw.exe

C:\Windows\System\mgDvlWw.exe

C:\Windows\System\yXmBSLY.exe

C:\Windows\System\yXmBSLY.exe

C:\Windows\System\hhrNYxS.exe

C:\Windows\System\hhrNYxS.exe

C:\Windows\System\DZVgFqr.exe

C:\Windows\System\DZVgFqr.exe

C:\Windows\System\MYelxfS.exe

C:\Windows\System\MYelxfS.exe

C:\Windows\System\byISPXp.exe

C:\Windows\System\byISPXp.exe

C:\Windows\System\gJqaayZ.exe

C:\Windows\System\gJqaayZ.exe

C:\Windows\System\xxCbWjv.exe

C:\Windows\System\xxCbWjv.exe

C:\Windows\System\ZGykmHD.exe

C:\Windows\System\ZGykmHD.exe

C:\Windows\System\pybghgA.exe

C:\Windows\System\pybghgA.exe

C:\Windows\System\SUbIOgo.exe

C:\Windows\System\SUbIOgo.exe

C:\Windows\System\hCAuyPW.exe

C:\Windows\System\hCAuyPW.exe

C:\Windows\System\WipQRPh.exe

C:\Windows\System\WipQRPh.exe

C:\Windows\System\LCAuDYN.exe

C:\Windows\System\LCAuDYN.exe

C:\Windows\System\YrTxqKr.exe

C:\Windows\System\YrTxqKr.exe

C:\Windows\System\unYEjwq.exe

C:\Windows\System\unYEjwq.exe

C:\Windows\System\OzyMhQL.exe

C:\Windows\System\OzyMhQL.exe

C:\Windows\System\qUELkNH.exe

C:\Windows\System\qUELkNH.exe

C:\Windows\System\JvDBAKI.exe

C:\Windows\System\JvDBAKI.exe

C:\Windows\System\UOjYFvY.exe

C:\Windows\System\UOjYFvY.exe

C:\Windows\System\RrDmYOS.exe

C:\Windows\System\RrDmYOS.exe

C:\Windows\System\RWlyudB.exe

C:\Windows\System\RWlyudB.exe

C:\Windows\System\CzcSMpJ.exe

C:\Windows\System\CzcSMpJ.exe

C:\Windows\System\UbMfWpG.exe

C:\Windows\System\UbMfWpG.exe

C:\Windows\System\iDdvFBZ.exe

C:\Windows\System\iDdvFBZ.exe

C:\Windows\System\RHIXOpk.exe

C:\Windows\System\RHIXOpk.exe

C:\Windows\System\iLdwblN.exe

C:\Windows\System\iLdwblN.exe

C:\Windows\System\egKHzcB.exe

C:\Windows\System\egKHzcB.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1736-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/1736-2-0x000000013F820000-0x000000013FB74000-memory.dmp

\Windows\system\xWzfBer.exe

MD5 23808ea9a3ec9c03b38439bc8625a1ba
SHA1 adcb577a1a57736db4c625efa55ddbd19b60346f
SHA256 a13913d1ad8dc91bb415a08e31adec5a647f6120c510aaff93dd54f201b2986c
SHA512 d8f70d0632747687b94134052f49196cce330187fb839baaef24235c4298b6757cef00be5a7ff57ba593a4aca7cac8bfd7e2a0d5fed7055618bbd35fcb9f049f

memory/2340-9-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/1736-7-0x000000013F490000-0x000000013F7E4000-memory.dmp

\Windows\system\hzgAdwh.exe

MD5 03575927b8894ae239c212cd51d11cdd
SHA1 9e67d82d8ab7b2505400e98d87ffc6c9cd1a0084
SHA256 21337480135bf3cdca01749f440522e22bab6e56cf630984904efb752b0cf8a6
SHA512 790ea924708e9d76f90ee60350372674aef280ed4ed1adc7d78b8e063893cad91c5defe22c4e623787aa3ce2295530ddf051a2f4358c442ffd2b347c42799d4a

memory/2600-14-0x000000013FFD0000-0x0000000140324000-memory.dmp

\Windows\system\ZecXcPN.exe

MD5 fa9bdda2e575083720a99b69542659d2
SHA1 4013c32b0357e6f3dc916497eebaab9e11ba71b0
SHA256 70d0710d9f4c3d080cb5a9c5b95261ce31a9b7d5315d1f2b5233679f811abb8b
SHA512 649742e8b66744877e600e00ab2a726f64513a1c9d96f07d58e71a2f7169b98f71e63906afed4d792ba7b8e95827c1dfac6c76217d6f5ea7584971879f5341bf

C:\Windows\system\DhnHwDU.exe

MD5 58f93c142670b17f4bb4f23ddebce6f2
SHA1 bdf7b79ca18040a8467edb8c81726e91db4578f3
SHA256 58016d96823d008114a81ed0eefe01b3ee54e1611bd80d3df19a5809f0d830ca
SHA512 5c02eea33065baa2f2b3404501613b2413d004444134f4296659905b4f32a26d8946f63b062e39e3505ae69a5a7c5fbed8d75391b9d072cbd12e87991e239486

memory/2204-28-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2664-42-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2104-34-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2896-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/3068-57-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2808-64-0x000000013FD30000-0x0000000140084000-memory.dmp

C:\Windows\system\OfMIama.exe

MD5 72f040fbb3dfb5c20934cd258ad75891
SHA1 cd386b30c1ac0d54c6f730803d7e1aa8d92d40fd
SHA256 a0a8ef5dada09fe408a5681a4a9d9cd545618a0b2f53f1ac1eeaf879f6431cf8
SHA512 4d0486a216d9a0fd6fd0a839af61f81cf0bc60bfe168da9450a1017ff3b72ab61308b4f40b587c15d03daa8de0698fbc2c8eb8470cffb89b289a47fe95e1e16e

memory/2240-84-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2204-92-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2352-100-0x000000013FE10000-0x0000000140164000-memory.dmp

C:\Windows\system\kVYjOsZ.exe

MD5 b7de2fb40ce13825a1b046133ca83bc4
SHA1 25962181b13775ddc7ede4fd8d6ff9c076614e1b
SHA256 c4a264ab3a13d5275ee4f043682a9f7c6495cd49ac0c3eb3a53b827452ef0486
SHA512 9bf984656b0cca75189e1f7130dc9a93aca9ec1284cab571a1eec45961d21bfd51dd58c9cac300a8f594325537ba9f33f26846959a9bf26faa9f90a1d1deb7db

C:\Windows\system\iZcNwpd.exe

MD5 18465f386cc153debfe03846d615777c
SHA1 7f531dd8c6a5b67a47c2ac2bb0f33b608979e1a0
SHA256 6c0338b67973180897f58bcd75b973ed5e072238200b059ee5f11cd8ecbbcb3f
SHA512 2fc1ac27ee58804608b226e5957c9c10e53bc94afe428bce66d88b50d763d3b7cb833c181083e25ed89833ff25aaae48a3256966ba15d3237bfe61065cedcb59

C:\Windows\system\RfZAFWy.exe

MD5 7d02dd811bd8c3958848c828848af930
SHA1 4562f5995b0460a6828e05ff6c79a938948938bc
SHA256 6375f8112e12fa175c587c4285e329ee4db367d3087a3b82f0efa3f08d104e86
SHA512 686db6cdb43cd1340b2e9e1a3a79791f70d76842a509d46cc62d4e7ca98d10e656bf2234043a7ad2e81172685f5f3a38ef5005087a49db12fcdf4dcadf2a0d3a

memory/2896-720-0x000000013F7D0000-0x000000013FB24000-memory.dmp

C:\Windows\system\bzZMBHJ.exe

MD5 d9ce78315b3615cba1b99b466479f9b3
SHA1 8455cbcb82c597fcffc29a3b0c3dbe395702becd
SHA256 508fe9d63285a768bb1efdc8d3636fbf855679f71185fb8d776c071a6f72d1d5
SHA512 7dc5b8473ab25f177cbf93a45e868415eb68d4c980227fbdf0076799822b7366bdbb06f6144f22786bda84d7ee344787bde91d4565eac493956c8a17112d801c

C:\Windows\system\WYdDfFN.exe

MD5 e78dfce8b3c99bf77f34a44c6a67dcd4
SHA1 9a6123a494c964ee3cf7633530eb6f2ee0739296
SHA256 094cb451d9f08000bd4dca6381997b150193e7875bbd8c1883a6987c6b036af6
SHA512 2d307a6b4a99e2b3b71ef60390332e72859090a4f75a6e3fe61d39f7d8ac9c164ca50db56fec411abda2e72360b3e0250301cf3264178f654a7ad6a43eebb0f0

C:\Windows\system\ydLeqMY.exe

MD5 f2f9ce1376b38f6e855a277d8db3988a
SHA1 5c86effc87c571d799b29e38fc5fd2acd8622852
SHA256 f3124907a9ff74ded9088aadff7209f764a19d921405e49294e38a2e8be9704f
SHA512 9b02312f71e6935e4445d76b32494a7182bbd3e74ae7bf5430e33db04327fa4c70d3b4d228874dc125da0af5874ea2734021aa3739b9c2a8a62a258c7c8552b7

C:\Windows\system\gPoNVAn.exe

MD5 ec56fb576df53bc1f81b503f807cfc71
SHA1 4351851a60779139c7c0da00d10bfaf58a251015
SHA256 d0eca328e7ebd32fd046196b72afb0a730930f042bb582d28b91f524d358847f
SHA512 db55685147df9a0028c4b0ffc023e965a7d748fd0134b9d3ee3e636374cf7fed37f2297ba340412c2d041034f212414a30381d67aa8bcdd85f4aeac39706ff5c

C:\Windows\system\kskOJbx.exe

MD5 dad46e2cc5bab14fcbe9bb2b62eafed0
SHA1 798c32c25315d28c38d25f1c5552e3c126eb9bd0
SHA256 17bfc4795a3410efab1c5133e227a74d0666a6dc512e3faa9affe3d02c6ab09f
SHA512 b60462b8cc48e57300bb9c213bed7ec356bd54cac32716912635a8834b9ba82451919aade755538b04c0a2d61de0c086d3baccce3e4fb2c88720a1dc0be4bf7d

C:\Windows\system\CqgkmVH.exe

MD5 7a090d3bac11e01085e0e596b8df6902
SHA1 5b91852b21b80a9a28298bff2c060c7ee27b1859
SHA256 0af3309b6260d9836ac1876a7d74ed97ad25664fc9aa23bcd0129684a419248d
SHA512 2312f51a74978f4f291569ba0ac0e288d49d050e7fd22bb77386d2742a18d4343a74c4c528e4532b0b8a30064ea7a747aa9a604850547b6c9120db62d4cdb7f5

C:\Windows\system\Drfeofx.exe

MD5 4eef491f793647d30b9482f3bc0ba0aa
SHA1 f8e3227f3b980fbd9a3cbcf860f451267c3e2a10
SHA256 57beeb774d7fd74ccaf780c967df00346ab2ff6b419a20e6db8de192d9de71dd
SHA512 32f41ac090bc02e05a09d8bab01da0967180045be2522d6c517dea4b31188db421649911e3441d395dbd6ae40961f62151fed51c45b93d260fd481dcddca7609

C:\Windows\system\lWhyuwA.exe

MD5 bb759e6a86676f37902dddd0d2ea8e71
SHA1 d636df44505871bf3e913d7734b441c84ff63218
SHA256 145ba3c080091549da722540afb223e3dcf7c0f19a7711a773b0d90e113dd800
SHA512 3ed3e3d9976e9f9c70aeca468f382656c8a937a37984180cb65c1a3f3959ed356361041a0e154193720458ad41f6371701f65b5d6f184668b7628bc7f8f591b0

C:\Windows\system\jXjsxmO.exe

MD5 4a7775ea14872e7dcacf85c0afcdc457
SHA1 2f935b27c9da7aa2038ac35ff302958cf67b8295
SHA256 dfc85f49a9db926dd84bca57f47bc152e3db36be974f17b39fbb359665777812
SHA512 75c218f23ed7a304f2a36a605aaaecb2fe65f913e1dbcd3b7f65321d4e44068694a7f18d389d05c4746bb3fc883bbdd8887fcfca56c5378e9ee06bc8bb535c3a

C:\Windows\system\EzIeBbE.exe

MD5 df0d7e462b526a767db550ba4dd3ffb1
SHA1 ecdea1e93b6bf562f4d8ae44dd6a0a8a6b5ebf90
SHA256 943a68f727272e3961c3f1b0a5a71b5361834dc55e59fce31ba445fdddff9c8b
SHA512 3abe97e73b7cf39d95b03ab25880039a965958d01ea192a01471085f483a4e090c1531de9154754f55c255d807ef276d781eb7940b15cc5d054e48aedd40d96c

C:\Windows\system\pGNocKo.exe

MD5 88e918b29df6337e2c27182f7f228dc6
SHA1 a49ee211a669928d63cc75b8d27b2cd63891c635
SHA256 f13412ccaec5b0560dd5adde29c07b9a320c7548702c8b17a6b7bb81c11907ac
SHA512 346004c2b7a3b9d1c90045862b8ca8e95d34b13343585d0a733fff2965d6374456b5513b5c6cef046f28f3e8d2d2c86a1f9d01c5128dd76675dc6f8321a088ed

C:\Windows\system\KkKuhLc.exe

MD5 5e241d7a0230e99b959bc689c7272094
SHA1 b7a713f6ef5bbc7a5579cc73d5965f7cef45346c
SHA256 3759ecd48fe8601b988c96d92bcc95b8db57c86838e2ae825146fab831b1679a
SHA512 28e388f914d3cc0adc57878655e79630ccfaf341ab7ee7a8a0ca6d4b9eac8ca28d60d8336deaed21e0abe9f3ae42107d13af1bff66f78897459734d443f3e510

C:\Windows\system\yaIwfRj.exe

MD5 a9c5c63511481e383c781ddcc9234c59
SHA1 4d1b5868f42bb3f95afce4f4bd0a516506a28e07
SHA256 6b1fcfb4cd8afe7fc0a79a16a9835d70524194c6bd8578c281025643158076c7
SHA512 5e35ce7aaa9da0a8e9fbd89a9f89e0f29916ba83fb86e46627dde111d64b87e871952bd3e67c04ca66218dfed33259092ecdf6af5f8c320de22e6eb21f9226cd

C:\Windows\system\jOnSkoP.exe

MD5 aa5d7b5a092369cc023bfe8d04317f68
SHA1 d4c624091ec7c35111b63a3a22b5c0930ef7622d
SHA256 b4e35f8991524693941d03f24a89927340e8de8cccf2740f9453ce4de968f196
SHA512 a8d8ab44dd046cc1e6e8b0be34df915afe35e6ae383bdfd05a2763abe9bb78fc81370057e94a6599335121b545782db7142277a98b6e3733b7dd472ffa1c1c6d

memory/1736-107-0x000000013FC70000-0x000000013FFC4000-memory.dmp

C:\Windows\system\nuZVzco.exe

MD5 815cfec5291e288f513bef9c1786fcda
SHA1 c36cc8b945268b7e68f80ef5f10cb5692e3fcfb3
SHA256 9af136f2e3917bb3940900ef297f645b4697fc3e910b8e35c5b840680d308c08
SHA512 0cb71c0a31a20516f659b5dcf98fc0e1c8c7d689dda615960dbfd96c45be309fe43e15ba809a46a7a6ab8af43e6e413e75ac67afe8d9ca38478bda140af78863

memory/1736-99-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2104-98-0x000000013FDA0000-0x00000001400F4000-memory.dmp

C:\Windows\system\SPPVwmw.exe

MD5 ca32e7bb54a075e519b1dc38894a6801
SHA1 e5884516c60d987c2029a8d60b35054ecf1e5995
SHA256 383d010133b6d8d6106ac514f3a6783331511cfb9441ed068fc7f91401b13dd1
SHA512 898f10667b77b55310ea88132625681962987cb00dd71f8c6c538a68420a185a480902529a0742e08701e0950285d46b9751614b959e57cf81c9a209b6b07d7b

memory/2968-94-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/1736-93-0x000000013FDD0000-0x0000000140124000-memory.dmp

C:\Windows\system\wSMpCNQ.exe

MD5 d3a567882fde17c35213f3455f6d3ff0
SHA1 eed8d5447bc0ac0b8d577b404654e46ef7c2f2fe
SHA256 0cc5ef1bf6076bf4a12731f235bb1971c5d73bcef3ed9910f3722642e3248917
SHA512 256dfc0394c4837eaaa6c766118d539802b25e25afcb6a4582d46052e7a38f7854bb4de803b94a42e0174dd695a2f3d8375b3212fc3bd632628bf8beaeabd45f

memory/1736-83-0x0000000001EB0000-0x0000000002204000-memory.dmp

C:\Windows\system\AeVlRiw.exe

MD5 cd097033ca426db77a050a3cae068022
SHA1 46fe2fde19f2be27ef3d07074dcacd832d53e0bd
SHA256 4fed62d7ce6f1e36d50b7261cb09460714b3c3a7827261e4d79462634731738e
SHA512 1951e6871fd6b9c78c1939f99109b9e0d4124b51bb946f552bf9ef81bf271639cc120bc9bb59a82c5278a41f3784db5610d6d782cf5c96dc2f08ea099afad38c

memory/2628-79-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/1732-78-0x000000013FC90000-0x000000013FFE4000-memory.dmp

C:\Windows\system\YKmdGws.exe

MD5 6e871e7853dfa6aa6ed2c73ee39352ff
SHA1 c1b0017d655979af8138b3201da2ac1a322e5f51
SHA256 08828415717d00698000d3c3f1b0a6e2659537a5d8d6a9481291228cce39daed
SHA512 8771e40b98b51b9741a1679aa7d31a78ea7075c21e671eee36af7583dbe3008f4875c14e6b6dbe9057e7d92d30bea2465788cff7391c36466305eeb819b2e29f

memory/1736-73-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/2544-72-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2600-71-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/1736-65-0x0000000001EB0000-0x0000000002204000-memory.dmp

C:\Windows\system\ciRjBeu.exe

MD5 b1576b0704cd3055b066b57050d0efd3
SHA1 c4d411e3e19ec718ae3c68e532321b4fc6317cc0
SHA256 3c72c86bbdec3f55c635124b58feb5892f7e7d2a717807dceb291e0ff5c71df3
SHA512 9568f15e73db2b5b406f3825c10766b03cc4cb6a9b55b043b4650a483134dcb7f1020b602cc91fd42ae74f5aa531cb86e835d8654dce1747095f21686aa13b49

C:\Windows\system\pMkYari.exe

MD5 2146457c7ea1cb102930ee2ff5ca2889
SHA1 42816e5c55e8dd8def9dedad04f10461b615144b
SHA256 588651ac27e906d0463db1f3a9a33389fd7d8ae336bb9360d2ade381ec529d5f
SHA512 f27b9b6ac690320a6498d5c39a0a17160827512357007168c70f74c6f81adea47a1e699fde095719c68bf10d12ec80a116fd83f6114ffaa6d23cd02c207e08d6

memory/1736-49-0x000000013F820000-0x000000013FB74000-memory.dmp

C:\Windows\system\kJjlRuq.exe

MD5 6855fed03be9f38a685f11a622dfb48c
SHA1 f2182ca21839aafbad4d7845c7f95d47c53c0d8f
SHA256 31001d927b5d7ab74536af703952692a252cadc3203ca2ff77d89c9086e395af
SHA512 64e788c0fa4a950eb2c74d84ac44886c8fdfb607b013bd2e94edb0987e84ddb67dfe0ce62b1f193f444769dfb982158d2ad8552ecf7772a54b4642f746d22045

memory/1736-46-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1736-33-0x000000013FDA0000-0x00000001400F4000-memory.dmp

C:\Windows\system\YzqTjzG.exe

MD5 be32519b8b1687f11080ac392101d1fe
SHA1 f27cf8a7ea415534fd11f1f069585e64ccec2c8a
SHA256 0c64f2e1a3da33872c6204d324983e0f079245b479be504c79407e84cafbbd27
SHA512 f472fa5f03eb9eba03dd77df31e9205956d5a4b621160e1117024c2811406a50b5d6e75db95fe6e129f8c7ddefca6e1017e7b45282783f700ab11daf35d2ae30

memory/1736-41-0x0000000001EB0000-0x0000000002204000-memory.dmp

C:\Windows\system\FISTpVp.exe

MD5 900a319890fc11937da3bbe818dc70a2
SHA1 4c06976341e8d62aea4dfdefc8dcf38878409a7a
SHA256 61810d4fcef32246d892b32419bea67d83c1884966c283c59469acdb2abf7906
SHA512 ccbe0fb0216b5c88c2f273e06c555db824a7ac5e9893734276347522fd54f923cdca637889233ce66aee44a7cfbcaa4fa0e37848365abebed4fb3045cdc69028

memory/1736-26-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1732-25-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/1736-23-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/1736-1072-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1736-1073-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1736-1074-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/2240-1075-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1736-1076-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/1736-1077-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2352-1078-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/1736-1079-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2340-1080-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2600-1081-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/1732-1082-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2204-1083-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2664-1084-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2104-1085-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2896-1086-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/3068-1087-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2808-1088-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2544-1089-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2628-1090-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2240-1091-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2968-1092-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2352-1093-0x000000013FE10000-0x0000000140164000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 04:12

Reported

2024-06-01 04:14

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\HTPdwGU.exe N/A
N/A N/A C:\Windows\System\jzNIkqA.exe N/A
N/A N/A C:\Windows\System\SGOMcuf.exe N/A
N/A N/A C:\Windows\System\loYvHik.exe N/A
N/A N/A C:\Windows\System\VkhDnny.exe N/A
N/A N/A C:\Windows\System\UAGjnSi.exe N/A
N/A N/A C:\Windows\System\GISqtzJ.exe N/A
N/A N/A C:\Windows\System\tqAUaGC.exe N/A
N/A N/A C:\Windows\System\afAlCws.exe N/A
N/A N/A C:\Windows\System\FPEpCyA.exe N/A
N/A N/A C:\Windows\System\nCerbRd.exe N/A
N/A N/A C:\Windows\System\AFJIQZD.exe N/A
N/A N/A C:\Windows\System\HrIYSli.exe N/A
N/A N/A C:\Windows\System\yngJObD.exe N/A
N/A N/A C:\Windows\System\kfgOtMb.exe N/A
N/A N/A C:\Windows\System\SpxeOiQ.exe N/A
N/A N/A C:\Windows\System\wdhFAdZ.exe N/A
N/A N/A C:\Windows\System\cKFqvHy.exe N/A
N/A N/A C:\Windows\System\xvFSIPw.exe N/A
N/A N/A C:\Windows\System\wxIfPAj.exe N/A
N/A N/A C:\Windows\System\ngYnQAK.exe N/A
N/A N/A C:\Windows\System\FolJjYj.exe N/A
N/A N/A C:\Windows\System\rlPlIiI.exe N/A
N/A N/A C:\Windows\System\YfAEKEp.exe N/A
N/A N/A C:\Windows\System\KFtnuDn.exe N/A
N/A N/A C:\Windows\System\KeLKScK.exe N/A
N/A N/A C:\Windows\System\mBwmrCs.exe N/A
N/A N/A C:\Windows\System\nRiIYpp.exe N/A
N/A N/A C:\Windows\System\JMbkwpK.exe N/A
N/A N/A C:\Windows\System\myLGxMx.exe N/A
N/A N/A C:\Windows\System\icsdxzh.exe N/A
N/A N/A C:\Windows\System\AkUPqZU.exe N/A
N/A N/A C:\Windows\System\vWXfCFa.exe N/A
N/A N/A C:\Windows\System\LglhOJg.exe N/A
N/A N/A C:\Windows\System\FSkDjgU.exe N/A
N/A N/A C:\Windows\System\GxBxEbp.exe N/A
N/A N/A C:\Windows\System\RzQapCh.exe N/A
N/A N/A C:\Windows\System\rjSUIQU.exe N/A
N/A N/A C:\Windows\System\yGTquDO.exe N/A
N/A N/A C:\Windows\System\WmrEAFN.exe N/A
N/A N/A C:\Windows\System\YvIGpkn.exe N/A
N/A N/A C:\Windows\System\OMebxAf.exe N/A
N/A N/A C:\Windows\System\tvalPyS.exe N/A
N/A N/A C:\Windows\System\mOAXlXm.exe N/A
N/A N/A C:\Windows\System\mjLKDoH.exe N/A
N/A N/A C:\Windows\System\zwpHAUG.exe N/A
N/A N/A C:\Windows\System\dfrPcyv.exe N/A
N/A N/A C:\Windows\System\XbqlGRr.exe N/A
N/A N/A C:\Windows\System\nPUpzfV.exe N/A
N/A N/A C:\Windows\System\sqcveFP.exe N/A
N/A N/A C:\Windows\System\RnnnltM.exe N/A
N/A N/A C:\Windows\System\wKJxVNf.exe N/A
N/A N/A C:\Windows\System\zMtgrAj.exe N/A
N/A N/A C:\Windows\System\nSNAoCT.exe N/A
N/A N/A C:\Windows\System\vJHuoHo.exe N/A
N/A N/A C:\Windows\System\ZKCgaTh.exe N/A
N/A N/A C:\Windows\System\JYXcXvj.exe N/A
N/A N/A C:\Windows\System\yjWNGuB.exe N/A
N/A N/A C:\Windows\System\yRhZyON.exe N/A
N/A N/A C:\Windows\System\yOGKzeB.exe N/A
N/A N/A C:\Windows\System\wnwvano.exe N/A
N/A N/A C:\Windows\System\GAQZTri.exe N/A
N/A N/A C:\Windows\System\eMPVFQU.exe N/A
N/A N/A C:\Windows\System\lykpHhJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nSNAoCT.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yixcDzb.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMebxAf.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZkcJYX.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtnZKpA.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nyEgpqL.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMWFCNz.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIeQBzg.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEdqvtP.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKzQSMv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxBxEbp.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAJuqAW.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwZqTiB.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oJeFhbv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucmnNUX.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CzEvbDP.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYYoTgD.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWXfCFa.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JYXcXvj.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvQrJoz.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsOFNfE.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVHnyKP.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTPdwGU.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lykpHhJ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzvWnkh.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgiFRPx.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdFhWNr.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDYqlQA.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUkdxld.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhdafXM.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TtkmNLn.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUqtpiv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOAXlXm.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPUpzfV.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOGKzeB.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fjlIpZl.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fXctuho.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJnBpIy.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HjfsjDS.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqDAqah.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtVEMsA.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdhFAdZ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfrPcyv.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GAQZTri.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMPVFQU.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKMZaFK.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahvgBJO.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSreOrd.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFoeDZH.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjwmLsb.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HRpouYM.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfFjHOh.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkfsOKX.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSrKIyV.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVxHiox.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VkhDnny.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\icsdxzh.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwpHAUG.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHVdoEf.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUBMZGc.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYMpPEm.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeLKScK.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVOvHzJ.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KThugSH.exe C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1924 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\HTPdwGU.exe
PID 1924 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\HTPdwGU.exe
PID 1924 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jzNIkqA.exe
PID 1924 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\jzNIkqA.exe
PID 1924 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SGOMcuf.exe
PID 1924 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SGOMcuf.exe
PID 1924 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\loYvHik.exe
PID 1924 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\loYvHik.exe
PID 1924 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\VkhDnny.exe
PID 1924 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\VkhDnny.exe
PID 1924 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\UAGjnSi.exe
PID 1924 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\UAGjnSi.exe
PID 1924 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\GISqtzJ.exe
PID 1924 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\GISqtzJ.exe
PID 1924 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\tqAUaGC.exe
PID 1924 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\tqAUaGC.exe
PID 1924 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\afAlCws.exe
PID 1924 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\afAlCws.exe
PID 1924 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FPEpCyA.exe
PID 1924 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FPEpCyA.exe
PID 1924 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nCerbRd.exe
PID 1924 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nCerbRd.exe
PID 1924 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AFJIQZD.exe
PID 1924 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AFJIQZD.exe
PID 1924 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\HrIYSli.exe
PID 1924 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\HrIYSli.exe
PID 1924 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\yngJObD.exe
PID 1924 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\yngJObD.exe
PID 1924 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kfgOtMb.exe
PID 1924 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\kfgOtMb.exe
PID 1924 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SpxeOiQ.exe
PID 1924 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\SpxeOiQ.exe
PID 1924 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wdhFAdZ.exe
PID 1924 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wdhFAdZ.exe
PID 1924 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\cKFqvHy.exe
PID 1924 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\cKFqvHy.exe
PID 1924 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\xvFSIPw.exe
PID 1924 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\xvFSIPw.exe
PID 1924 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wxIfPAj.exe
PID 1924 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\wxIfPAj.exe
PID 1924 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ngYnQAK.exe
PID 1924 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\ngYnQAK.exe
PID 1924 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FolJjYj.exe
PID 1924 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\FolJjYj.exe
PID 1924 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\rlPlIiI.exe
PID 1924 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\rlPlIiI.exe
PID 1924 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YfAEKEp.exe
PID 1924 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\YfAEKEp.exe
PID 1924 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KFtnuDn.exe
PID 1924 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KFtnuDn.exe
PID 1924 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KeLKScK.exe
PID 1924 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\KeLKScK.exe
PID 1924 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\mBwmrCs.exe
PID 1924 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\mBwmrCs.exe
PID 1924 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nRiIYpp.exe
PID 1924 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\nRiIYpp.exe
PID 1924 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\JMbkwpK.exe
PID 1924 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\JMbkwpK.exe
PID 1924 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\myLGxMx.exe
PID 1924 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\myLGxMx.exe
PID 1924 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\icsdxzh.exe
PID 1924 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\icsdxzh.exe
PID 1924 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AkUPqZU.exe
PID 1924 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe C:\Windows\System\AkUPqZU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8d0b6c5e4d7822ba91241914530a84f0_NeikiAnalytics.exe"

C:\Windows\System\HTPdwGU.exe

C:\Windows\System\HTPdwGU.exe

C:\Windows\System\jzNIkqA.exe

C:\Windows\System\jzNIkqA.exe

C:\Windows\System\SGOMcuf.exe

C:\Windows\System\SGOMcuf.exe

C:\Windows\System\loYvHik.exe

C:\Windows\System\loYvHik.exe

C:\Windows\System\VkhDnny.exe

C:\Windows\System\VkhDnny.exe

C:\Windows\System\UAGjnSi.exe

C:\Windows\System\UAGjnSi.exe

C:\Windows\System\GISqtzJ.exe

C:\Windows\System\GISqtzJ.exe

C:\Windows\System\tqAUaGC.exe

C:\Windows\System\tqAUaGC.exe

C:\Windows\System\afAlCws.exe

C:\Windows\System\afAlCws.exe

C:\Windows\System\FPEpCyA.exe

C:\Windows\System\FPEpCyA.exe

C:\Windows\System\nCerbRd.exe

C:\Windows\System\nCerbRd.exe

C:\Windows\System\AFJIQZD.exe

C:\Windows\System\AFJIQZD.exe

C:\Windows\System\HrIYSli.exe

C:\Windows\System\HrIYSli.exe

C:\Windows\System\yngJObD.exe

C:\Windows\System\yngJObD.exe

C:\Windows\System\kfgOtMb.exe

C:\Windows\System\kfgOtMb.exe

C:\Windows\System\SpxeOiQ.exe

C:\Windows\System\SpxeOiQ.exe

C:\Windows\System\wdhFAdZ.exe

C:\Windows\System\wdhFAdZ.exe

C:\Windows\System\cKFqvHy.exe

C:\Windows\System\cKFqvHy.exe

C:\Windows\System\xvFSIPw.exe

C:\Windows\System\xvFSIPw.exe

C:\Windows\System\wxIfPAj.exe

C:\Windows\System\wxIfPAj.exe

C:\Windows\System\ngYnQAK.exe

C:\Windows\System\ngYnQAK.exe

C:\Windows\System\FolJjYj.exe

C:\Windows\System\FolJjYj.exe

C:\Windows\System\rlPlIiI.exe

C:\Windows\System\rlPlIiI.exe

C:\Windows\System\YfAEKEp.exe

C:\Windows\System\YfAEKEp.exe

C:\Windows\System\KFtnuDn.exe

C:\Windows\System\KFtnuDn.exe

C:\Windows\System\KeLKScK.exe

C:\Windows\System\KeLKScK.exe

C:\Windows\System\mBwmrCs.exe

C:\Windows\System\mBwmrCs.exe

C:\Windows\System\nRiIYpp.exe

C:\Windows\System\nRiIYpp.exe

C:\Windows\System\JMbkwpK.exe

C:\Windows\System\JMbkwpK.exe

C:\Windows\System\myLGxMx.exe

C:\Windows\System\myLGxMx.exe

C:\Windows\System\icsdxzh.exe

C:\Windows\System\icsdxzh.exe

C:\Windows\System\AkUPqZU.exe

C:\Windows\System\AkUPqZU.exe

C:\Windows\System\vWXfCFa.exe

C:\Windows\System\vWXfCFa.exe

C:\Windows\System\LglhOJg.exe

C:\Windows\System\LglhOJg.exe

C:\Windows\System\FSkDjgU.exe

C:\Windows\System\FSkDjgU.exe

C:\Windows\System\GxBxEbp.exe

C:\Windows\System\GxBxEbp.exe

C:\Windows\System\RzQapCh.exe

C:\Windows\System\RzQapCh.exe

C:\Windows\System\rjSUIQU.exe

C:\Windows\System\rjSUIQU.exe

C:\Windows\System\yGTquDO.exe

C:\Windows\System\yGTquDO.exe

C:\Windows\System\WmrEAFN.exe

C:\Windows\System\WmrEAFN.exe

C:\Windows\System\YvIGpkn.exe

C:\Windows\System\YvIGpkn.exe

C:\Windows\System\OMebxAf.exe

C:\Windows\System\OMebxAf.exe

C:\Windows\System\tvalPyS.exe

C:\Windows\System\tvalPyS.exe

C:\Windows\System\mOAXlXm.exe

C:\Windows\System\mOAXlXm.exe

C:\Windows\System\mjLKDoH.exe

C:\Windows\System\mjLKDoH.exe

C:\Windows\System\zwpHAUG.exe

C:\Windows\System\zwpHAUG.exe

C:\Windows\System\dfrPcyv.exe

C:\Windows\System\dfrPcyv.exe

C:\Windows\System\XbqlGRr.exe

C:\Windows\System\XbqlGRr.exe

C:\Windows\System\nPUpzfV.exe

C:\Windows\System\nPUpzfV.exe

C:\Windows\System\sqcveFP.exe

C:\Windows\System\sqcveFP.exe

C:\Windows\System\RnnnltM.exe

C:\Windows\System\RnnnltM.exe

C:\Windows\System\wKJxVNf.exe

C:\Windows\System\wKJxVNf.exe

C:\Windows\System\zMtgrAj.exe

C:\Windows\System\zMtgrAj.exe

C:\Windows\System\nSNAoCT.exe

C:\Windows\System\nSNAoCT.exe

C:\Windows\System\vJHuoHo.exe

C:\Windows\System\vJHuoHo.exe

C:\Windows\System\ZKCgaTh.exe

C:\Windows\System\ZKCgaTh.exe

C:\Windows\System\JYXcXvj.exe

C:\Windows\System\JYXcXvj.exe

C:\Windows\System\yjWNGuB.exe

C:\Windows\System\yjWNGuB.exe

C:\Windows\System\yRhZyON.exe

C:\Windows\System\yRhZyON.exe

C:\Windows\System\yOGKzeB.exe

C:\Windows\System\yOGKzeB.exe

C:\Windows\System\wnwvano.exe

C:\Windows\System\wnwvano.exe

C:\Windows\System\GAQZTri.exe

C:\Windows\System\GAQZTri.exe

C:\Windows\System\eMPVFQU.exe

C:\Windows\System\eMPVFQU.exe

C:\Windows\System\lykpHhJ.exe

C:\Windows\System\lykpHhJ.exe

C:\Windows\System\ZAJuqAW.exe

C:\Windows\System\ZAJuqAW.exe

C:\Windows\System\xgoYQJU.exe

C:\Windows\System\xgoYQJU.exe

C:\Windows\System\gxoVmSe.exe

C:\Windows\System\gxoVmSe.exe

C:\Windows\System\yFmVGbP.exe

C:\Windows\System\yFmVGbP.exe

C:\Windows\System\qwcHqkX.exe

C:\Windows\System\qwcHqkX.exe

C:\Windows\System\VRqHCWg.exe

C:\Windows\System\VRqHCWg.exe

C:\Windows\System\Rqtbiow.exe

C:\Windows\System\Rqtbiow.exe

C:\Windows\System\ubqEhee.exe

C:\Windows\System\ubqEhee.exe

C:\Windows\System\WzRySJd.exe

C:\Windows\System\WzRySJd.exe

C:\Windows\System\GuTAaoP.exe

C:\Windows\System\GuTAaoP.exe

C:\Windows\System\gKWIxVS.exe

C:\Windows\System\gKWIxVS.exe

C:\Windows\System\qaRMaXV.exe

C:\Windows\System\qaRMaXV.exe

C:\Windows\System\mfQCQuo.exe

C:\Windows\System\mfQCQuo.exe

C:\Windows\System\RCPxrSj.exe

C:\Windows\System\RCPxrSj.exe

C:\Windows\System\bdFhWNr.exe

C:\Windows\System\bdFhWNr.exe

C:\Windows\System\sxvcTkY.exe

C:\Windows\System\sxvcTkY.exe

C:\Windows\System\aFEtcTu.exe

C:\Windows\System\aFEtcTu.exe

C:\Windows\System\YHfGTaP.exe

C:\Windows\System\YHfGTaP.exe

C:\Windows\System\sFwQZBG.exe

C:\Windows\System\sFwQZBG.exe

C:\Windows\System\iQneykn.exe

C:\Windows\System\iQneykn.exe

C:\Windows\System\aIQhzRA.exe

C:\Windows\System\aIQhzRA.exe

C:\Windows\System\vxeERdI.exe

C:\Windows\System\vxeERdI.exe

C:\Windows\System\PsnWIQO.exe

C:\Windows\System\PsnWIQO.exe

C:\Windows\System\gRVfedi.exe

C:\Windows\System\gRVfedi.exe

C:\Windows\System\vFctClU.exe

C:\Windows\System\vFctClU.exe

C:\Windows\System\HHVdoEf.exe

C:\Windows\System\HHVdoEf.exe

C:\Windows\System\yixcDzb.exe

C:\Windows\System\yixcDzb.exe

C:\Windows\System\pvQrJoz.exe

C:\Windows\System\pvQrJoz.exe

C:\Windows\System\TwZqTiB.exe

C:\Windows\System\TwZqTiB.exe

C:\Windows\System\NxgGaAY.exe

C:\Windows\System\NxgGaAY.exe

C:\Windows\System\hXVcWBQ.exe

C:\Windows\System\hXVcWBQ.exe

C:\Windows\System\LwtYnHd.exe

C:\Windows\System\LwtYnHd.exe

C:\Windows\System\fpHMLqM.exe

C:\Windows\System\fpHMLqM.exe

C:\Windows\System\oDYqlQA.exe

C:\Windows\System\oDYqlQA.exe

C:\Windows\System\GsOFNfE.exe

C:\Windows\System\GsOFNfE.exe

C:\Windows\System\cktHBXw.exe

C:\Windows\System\cktHBXw.exe

C:\Windows\System\woIBylA.exe

C:\Windows\System\woIBylA.exe

C:\Windows\System\WaZgict.exe

C:\Windows\System\WaZgict.exe

C:\Windows\System\xjuObIT.exe

C:\Windows\System\xjuObIT.exe

C:\Windows\System\CbFREQO.exe

C:\Windows\System\CbFREQO.exe

C:\Windows\System\QCneaaC.exe

C:\Windows\System\QCneaaC.exe

C:\Windows\System\wcWlTYE.exe

C:\Windows\System\wcWlTYE.exe

C:\Windows\System\nUglnDJ.exe

C:\Windows\System\nUglnDJ.exe

C:\Windows\System\wzhJXGt.exe

C:\Windows\System\wzhJXGt.exe

C:\Windows\System\syTCNwW.exe

C:\Windows\System\syTCNwW.exe

C:\Windows\System\KTJtizE.exe

C:\Windows\System\KTJtizE.exe

C:\Windows\System\uIXbIyT.exe

C:\Windows\System\uIXbIyT.exe

C:\Windows\System\uEqXddW.exe

C:\Windows\System\uEqXddW.exe

C:\Windows\System\rlJhiZS.exe

C:\Windows\System\rlJhiZS.exe

C:\Windows\System\kZZArUh.exe

C:\Windows\System\kZZArUh.exe

C:\Windows\System\uMlmjqL.exe

C:\Windows\System\uMlmjqL.exe

C:\Windows\System\FivEjQy.exe

C:\Windows\System\FivEjQy.exe

C:\Windows\System\oJeFhbv.exe

C:\Windows\System\oJeFhbv.exe

C:\Windows\System\PNgQBSo.exe

C:\Windows\System\PNgQBSo.exe

C:\Windows\System\rXAKuOs.exe

C:\Windows\System\rXAKuOs.exe

C:\Windows\System\QzqlqLj.exe

C:\Windows\System\QzqlqLj.exe

C:\Windows\System\qNjrdKq.exe

C:\Windows\System\qNjrdKq.exe

C:\Windows\System\jMREyAU.exe

C:\Windows\System\jMREyAU.exe

C:\Windows\System\EPTqBKT.exe

C:\Windows\System\EPTqBKT.exe

C:\Windows\System\IUBMZGc.exe

C:\Windows\System\IUBMZGc.exe

C:\Windows\System\FmjGVYI.exe

C:\Windows\System\FmjGVYI.exe

C:\Windows\System\ucmnNUX.exe

C:\Windows\System\ucmnNUX.exe

C:\Windows\System\LgHoExm.exe

C:\Windows\System\LgHoExm.exe

C:\Windows\System\CHqlOFY.exe

C:\Windows\System\CHqlOFY.exe

C:\Windows\System\nZkcJYX.exe

C:\Windows\System\nZkcJYX.exe

C:\Windows\System\pVOvHzJ.exe

C:\Windows\System\pVOvHzJ.exe

C:\Windows\System\FqNMxEW.exe

C:\Windows\System\FqNMxEW.exe

C:\Windows\System\CJcXDia.exe

C:\Windows\System\CJcXDia.exe

C:\Windows\System\fjlIpZl.exe

C:\Windows\System\fjlIpZl.exe

C:\Windows\System\jKAQIsZ.exe

C:\Windows\System\jKAQIsZ.exe

C:\Windows\System\YXOhVyK.exe

C:\Windows\System\YXOhVyK.exe

C:\Windows\System\GLzjgRk.exe

C:\Windows\System\GLzjgRk.exe

C:\Windows\System\aasgBoV.exe

C:\Windows\System\aasgBoV.exe

C:\Windows\System\VKMZaFK.exe

C:\Windows\System\VKMZaFK.exe

C:\Windows\System\PwSkwgs.exe

C:\Windows\System\PwSkwgs.exe

C:\Windows\System\ryjklju.exe

C:\Windows\System\ryjklju.exe

C:\Windows\System\IVHnyKP.exe

C:\Windows\System\IVHnyKP.exe

C:\Windows\System\vEotOKH.exe

C:\Windows\System\vEotOKH.exe

C:\Windows\System\VnvyCMS.exe

C:\Windows\System\VnvyCMS.exe

C:\Windows\System\LnBhUCh.exe

C:\Windows\System\LnBhUCh.exe

C:\Windows\System\sSreOrd.exe

C:\Windows\System\sSreOrd.exe

C:\Windows\System\XdsQsNN.exe

C:\Windows\System\XdsQsNN.exe

C:\Windows\System\plqZrCi.exe

C:\Windows\System\plqZrCi.exe

C:\Windows\System\QiIeLZS.exe

C:\Windows\System\QiIeLZS.exe

C:\Windows\System\IGEWLBn.exe

C:\Windows\System\IGEWLBn.exe

C:\Windows\System\oyHMAMT.exe

C:\Windows\System\oyHMAMT.exe

C:\Windows\System\jmFkGkE.exe

C:\Windows\System\jmFkGkE.exe

C:\Windows\System\pldeXxZ.exe

C:\Windows\System\pldeXxZ.exe

C:\Windows\System\riEjUJg.exe

C:\Windows\System\riEjUJg.exe

C:\Windows\System\FteLWPI.exe

C:\Windows\System\FteLWPI.exe

C:\Windows\System\sFUsTZo.exe

C:\Windows\System\sFUsTZo.exe

C:\Windows\System\sALLLRI.exe

C:\Windows\System\sALLLRI.exe

C:\Windows\System\DyPyWQy.exe

C:\Windows\System\DyPyWQy.exe

C:\Windows\System\kUOqNiL.exe

C:\Windows\System\kUOqNiL.exe

C:\Windows\System\MhUbkke.exe

C:\Windows\System\MhUbkke.exe

C:\Windows\System\pNMDAdb.exe

C:\Windows\System\pNMDAdb.exe

C:\Windows\System\bjxmBls.exe

C:\Windows\System\bjxmBls.exe

C:\Windows\System\nryuBmy.exe

C:\Windows\System\nryuBmy.exe

C:\Windows\System\RMWSYWp.exe

C:\Windows\System\RMWSYWp.exe

C:\Windows\System\TSmlJFK.exe

C:\Windows\System\TSmlJFK.exe

C:\Windows\System\tzvWnkh.exe

C:\Windows\System\tzvWnkh.exe

C:\Windows\System\CplNedS.exe

C:\Windows\System\CplNedS.exe

C:\Windows\System\glDOzXf.exe

C:\Windows\System\glDOzXf.exe

C:\Windows\System\JRFBvHA.exe

C:\Windows\System\JRFBvHA.exe

C:\Windows\System\EaWeemX.exe

C:\Windows\System\EaWeemX.exe

C:\Windows\System\IltNJjm.exe

C:\Windows\System\IltNJjm.exe

C:\Windows\System\nWVsfkK.exe

C:\Windows\System\nWVsfkK.exe

C:\Windows\System\VAjYjmY.exe

C:\Windows\System\VAjYjmY.exe

C:\Windows\System\pzukzMR.exe

C:\Windows\System\pzukzMR.exe

C:\Windows\System\MZuoiso.exe

C:\Windows\System\MZuoiso.exe

C:\Windows\System\CEcAzkO.exe

C:\Windows\System\CEcAzkO.exe

C:\Windows\System\DTyDkBa.exe

C:\Windows\System\DTyDkBa.exe

C:\Windows\System\XXqPnUh.exe

C:\Windows\System\XXqPnUh.exe

C:\Windows\System\BSSUPns.exe

C:\Windows\System\BSSUPns.exe

C:\Windows\System\vimkRUT.exe

C:\Windows\System\vimkRUT.exe

C:\Windows\System\lfinrUp.exe

C:\Windows\System\lfinrUp.exe

C:\Windows\System\SHflCFU.exe

C:\Windows\System\SHflCFU.exe

C:\Windows\System\DPMoYPP.exe

C:\Windows\System\DPMoYPP.exe

C:\Windows\System\DFiCViv.exe

C:\Windows\System\DFiCViv.exe

C:\Windows\System\ZKpRjTr.exe

C:\Windows\System\ZKpRjTr.exe

C:\Windows\System\HIbYMjH.exe

C:\Windows\System\HIbYMjH.exe

C:\Windows\System\fXctuho.exe

C:\Windows\System\fXctuho.exe

C:\Windows\System\HvoRrpa.exe

C:\Windows\System\HvoRrpa.exe

C:\Windows\System\TBxGhwy.exe

C:\Windows\System\TBxGhwy.exe

C:\Windows\System\IPQEwRl.exe

C:\Windows\System\IPQEwRl.exe

C:\Windows\System\xfwuNqw.exe

C:\Windows\System\xfwuNqw.exe

C:\Windows\System\DQYAVPb.exe

C:\Windows\System\DQYAVPb.exe

C:\Windows\System\YJnrthU.exe

C:\Windows\System\YJnrthU.exe

C:\Windows\System\JFoeDZH.exe

C:\Windows\System\JFoeDZH.exe

C:\Windows\System\vNEUzkP.exe

C:\Windows\System\vNEUzkP.exe

C:\Windows\System\vhdafXM.exe

C:\Windows\System\vhdafXM.exe

C:\Windows\System\TtkmNLn.exe

C:\Windows\System\TtkmNLn.exe

C:\Windows\System\xqCRVJl.exe

C:\Windows\System\xqCRVJl.exe

C:\Windows\System\MWmxLMx.exe

C:\Windows\System\MWmxLMx.exe

C:\Windows\System\zkfsOKX.exe

C:\Windows\System\zkfsOKX.exe

C:\Windows\System\zsbcMwO.exe

C:\Windows\System\zsbcMwO.exe

C:\Windows\System\OFwjyIJ.exe

C:\Windows\System\OFwjyIJ.exe

C:\Windows\System\mBxNuOn.exe

C:\Windows\System\mBxNuOn.exe

C:\Windows\System\ontauzj.exe

C:\Windows\System\ontauzj.exe

C:\Windows\System\JzyhKgy.exe

C:\Windows\System\JzyhKgy.exe

C:\Windows\System\UMKjkyw.exe

C:\Windows\System\UMKjkyw.exe

C:\Windows\System\qidNwbN.exe

C:\Windows\System\qidNwbN.exe

C:\Windows\System\UleWktl.exe

C:\Windows\System\UleWktl.exe

C:\Windows\System\ZTVIVoA.exe

C:\Windows\System\ZTVIVoA.exe

C:\Windows\System\uqLHHVs.exe

C:\Windows\System\uqLHHVs.exe

C:\Windows\System\fZkhVUt.exe

C:\Windows\System\fZkhVUt.exe

C:\Windows\System\QevVIXP.exe

C:\Windows\System\QevVIXP.exe

C:\Windows\System\LkmCzgE.exe

C:\Windows\System\LkmCzgE.exe

C:\Windows\System\LtCZiSq.exe

C:\Windows\System\LtCZiSq.exe

C:\Windows\System\aaWNeMm.exe

C:\Windows\System\aaWNeMm.exe

C:\Windows\System\fMnjLVp.exe

C:\Windows\System\fMnjLVp.exe

C:\Windows\System\xvcjLBN.exe

C:\Windows\System\xvcjLBN.exe

C:\Windows\System\MxpmYnb.exe

C:\Windows\System\MxpmYnb.exe

C:\Windows\System\OgbYFSX.exe

C:\Windows\System\OgbYFSX.exe

C:\Windows\System\ZSrKIyV.exe

C:\Windows\System\ZSrKIyV.exe

C:\Windows\System\LmXIQfT.exe

C:\Windows\System\LmXIQfT.exe

C:\Windows\System\NqZJtdv.exe

C:\Windows\System\NqZJtdv.exe

C:\Windows\System\wrFXZdh.exe

C:\Windows\System\wrFXZdh.exe

C:\Windows\System\mGvLYlb.exe

C:\Windows\System\mGvLYlb.exe

C:\Windows\System\YgiFRPx.exe

C:\Windows\System\YgiFRPx.exe

C:\Windows\System\jtnZKpA.exe

C:\Windows\System\jtnZKpA.exe

C:\Windows\System\cRLBlnp.exe

C:\Windows\System\cRLBlnp.exe

C:\Windows\System\vSmZrAL.exe

C:\Windows\System\vSmZrAL.exe

C:\Windows\System\dkEcjRb.exe

C:\Windows\System\dkEcjRb.exe

C:\Windows\System\VUqtpiv.exe

C:\Windows\System\VUqtpiv.exe

C:\Windows\System\KvPzNLW.exe

C:\Windows\System\KvPzNLW.exe

C:\Windows\System\ASZzhLB.exe

C:\Windows\System\ASZzhLB.exe

C:\Windows\System\ZlBsHWn.exe

C:\Windows\System\ZlBsHWn.exe

C:\Windows\System\AsajUfY.exe

C:\Windows\System\AsajUfY.exe

C:\Windows\System\yRvAbCN.exe

C:\Windows\System\yRvAbCN.exe

C:\Windows\System\GKRJYVU.exe

C:\Windows\System\GKRJYVU.exe

C:\Windows\System\zoTfOMF.exe

C:\Windows\System\zoTfOMF.exe

C:\Windows\System\AFwIJAq.exe

C:\Windows\System\AFwIJAq.exe

C:\Windows\System\nPkvEfM.exe

C:\Windows\System\nPkvEfM.exe

C:\Windows\System\HvxRcgQ.exe

C:\Windows\System\HvxRcgQ.exe

C:\Windows\System\yjwmLsb.exe

C:\Windows\System\yjwmLsb.exe

C:\Windows\System\HRpouYM.exe

C:\Windows\System\HRpouYM.exe

C:\Windows\System\JpKCsqA.exe

C:\Windows\System\JpKCsqA.exe

C:\Windows\System\tWHhWdo.exe

C:\Windows\System\tWHhWdo.exe

C:\Windows\System\WWboCGf.exe

C:\Windows\System\WWboCGf.exe

C:\Windows\System\HjfsjDS.exe

C:\Windows\System\HjfsjDS.exe

C:\Windows\System\WhydQem.exe

C:\Windows\System\WhydQem.exe

C:\Windows\System\DDxTPoq.exe

C:\Windows\System\DDxTPoq.exe

C:\Windows\System\cSkDbLv.exe

C:\Windows\System\cSkDbLv.exe

C:\Windows\System\QINlNWY.exe

C:\Windows\System\QINlNWY.exe

C:\Windows\System\VQmwiRO.exe

C:\Windows\System\VQmwiRO.exe

C:\Windows\System\hhkXqwC.exe

C:\Windows\System\hhkXqwC.exe

C:\Windows\System\mGJxfLU.exe

C:\Windows\System\mGJxfLU.exe

C:\Windows\System\mGlUsKv.exe

C:\Windows\System\mGlUsKv.exe

C:\Windows\System\diTNXSA.exe

C:\Windows\System\diTNXSA.exe

C:\Windows\System\oIeQBzg.exe

C:\Windows\System\oIeQBzg.exe

C:\Windows\System\ZJnBpIy.exe

C:\Windows\System\ZJnBpIy.exe

C:\Windows\System\nlKtbwX.exe

C:\Windows\System\nlKtbwX.exe

C:\Windows\System\rCsQXOj.exe

C:\Windows\System\rCsQXOj.exe

C:\Windows\System\wGNbqxy.exe

C:\Windows\System\wGNbqxy.exe

C:\Windows\System\TVwVXGo.exe

C:\Windows\System\TVwVXGo.exe

C:\Windows\System\hIOAAtt.exe

C:\Windows\System\hIOAAtt.exe

C:\Windows\System\yOmPUSk.exe

C:\Windows\System\yOmPUSk.exe

C:\Windows\System\ehBfVXM.exe

C:\Windows\System\ehBfVXM.exe

C:\Windows\System\zDmADiS.exe

C:\Windows\System\zDmADiS.exe

C:\Windows\System\KThugSH.exe

C:\Windows\System\KThugSH.exe

C:\Windows\System\pJUHGvZ.exe

C:\Windows\System\pJUHGvZ.exe

C:\Windows\System\jsTSNyT.exe

C:\Windows\System\jsTSNyT.exe

C:\Windows\System\HaCOGHV.exe

C:\Windows\System\HaCOGHV.exe

C:\Windows\System\NlLFeSV.exe

C:\Windows\System\NlLFeSV.exe

C:\Windows\System\YUIrXzS.exe

C:\Windows\System\YUIrXzS.exe

C:\Windows\System\HaGMozG.exe

C:\Windows\System\HaGMozG.exe

C:\Windows\System\ZEdqvtP.exe

C:\Windows\System\ZEdqvtP.exe

C:\Windows\System\RiVpVFC.exe

C:\Windows\System\RiVpVFC.exe

C:\Windows\System\GqDAqah.exe

C:\Windows\System\GqDAqah.exe

C:\Windows\System\NYvPKUI.exe

C:\Windows\System\NYvPKUI.exe

C:\Windows\System\WBdWElp.exe

C:\Windows\System\WBdWElp.exe

C:\Windows\System\NyQuuZD.exe

C:\Windows\System\NyQuuZD.exe

C:\Windows\System\wmWyGKM.exe

C:\Windows\System\wmWyGKM.exe

C:\Windows\System\TujCNUF.exe

C:\Windows\System\TujCNUF.exe

C:\Windows\System\TiqWopa.exe

C:\Windows\System\TiqWopa.exe

C:\Windows\System\hhjdKHm.exe

C:\Windows\System\hhjdKHm.exe

C:\Windows\System\ECyfbYv.exe

C:\Windows\System\ECyfbYv.exe

C:\Windows\System\kQAsFKU.exe

C:\Windows\System\kQAsFKU.exe

C:\Windows\System\yKcGMQW.exe

C:\Windows\System\yKcGMQW.exe

C:\Windows\System\qnBLYNu.exe

C:\Windows\System\qnBLYNu.exe

C:\Windows\System\UGQIwSb.exe

C:\Windows\System\UGQIwSb.exe

C:\Windows\System\WYYoTgD.exe

C:\Windows\System\WYYoTgD.exe

C:\Windows\System\OpMSbAh.exe

C:\Windows\System\OpMSbAh.exe

C:\Windows\System\LzTgdHb.exe

C:\Windows\System\LzTgdHb.exe

C:\Windows\System\PdfKFMd.exe

C:\Windows\System\PdfKFMd.exe

C:\Windows\System\zNxfSKO.exe

C:\Windows\System\zNxfSKO.exe

C:\Windows\System\wNrwXCH.exe

C:\Windows\System\wNrwXCH.exe

C:\Windows\System\WKzQSMv.exe

C:\Windows\System\WKzQSMv.exe

C:\Windows\System\ictttLJ.exe

C:\Windows\System\ictttLJ.exe

C:\Windows\System\nyEgpqL.exe

C:\Windows\System\nyEgpqL.exe

C:\Windows\System\cCfBaZD.exe

C:\Windows\System\cCfBaZD.exe

C:\Windows\System\MysckmE.exe

C:\Windows\System\MysckmE.exe

C:\Windows\System\HRoqKIC.exe

C:\Windows\System\HRoqKIC.exe

C:\Windows\System\aQFhtSH.exe

C:\Windows\System\aQFhtSH.exe

C:\Windows\System\JjnujMG.exe

C:\Windows\System\JjnujMG.exe

C:\Windows\System\dtVEMsA.exe

C:\Windows\System\dtVEMsA.exe

C:\Windows\System\CQQyVjv.exe

C:\Windows\System\CQQyVjv.exe

C:\Windows\System\AnsLLZg.exe

C:\Windows\System\AnsLLZg.exe

C:\Windows\System\fRdjHPt.exe

C:\Windows\System\fRdjHPt.exe

C:\Windows\System\vfFjHOh.exe

C:\Windows\System\vfFjHOh.exe

C:\Windows\System\nVxHiox.exe

C:\Windows\System\nVxHiox.exe

C:\Windows\System\ZsqJMSb.exe

C:\Windows\System\ZsqJMSb.exe

C:\Windows\System\euktbxI.exe

C:\Windows\System\euktbxI.exe

C:\Windows\System\ahvgBJO.exe

C:\Windows\System\ahvgBJO.exe

C:\Windows\System\CzEvbDP.exe

C:\Windows\System\CzEvbDP.exe

C:\Windows\System\bhlBGcb.exe

C:\Windows\System\bhlBGcb.exe

C:\Windows\System\lINEMeV.exe

C:\Windows\System\lINEMeV.exe

C:\Windows\System\drwjUuc.exe

C:\Windows\System\drwjUuc.exe

C:\Windows\System\YeHfTWI.exe

C:\Windows\System\YeHfTWI.exe

C:\Windows\System\JIIkouv.exe

C:\Windows\System\JIIkouv.exe

C:\Windows\System\tKvVnYk.exe

C:\Windows\System\tKvVnYk.exe

C:\Windows\System\lehffCz.exe

C:\Windows\System\lehffCz.exe

C:\Windows\System\QYMpPEm.exe

C:\Windows\System\QYMpPEm.exe

C:\Windows\System\SrFNbpY.exe

C:\Windows\System\SrFNbpY.exe

C:\Windows\System\bSWlkXM.exe

C:\Windows\System\bSWlkXM.exe

C:\Windows\System\eUkdxld.exe

C:\Windows\System\eUkdxld.exe

C:\Windows\System\lQkOLzH.exe

C:\Windows\System\lQkOLzH.exe

C:\Windows\System\vUXWhWK.exe

C:\Windows\System\vUXWhWK.exe

C:\Windows\System\IMWFCNz.exe

C:\Windows\System\IMWFCNz.exe

C:\Windows\System\nLNFYNz.exe

C:\Windows\System\nLNFYNz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 udp

Files

memory/1924-0-0x00007FF638550000-0x00007FF6388A4000-memory.dmp

memory/1924-1-0x000001C2D8680000-0x000001C2D8690000-memory.dmp

C:\Windows\System\HTPdwGU.exe

MD5 f98a9913b93c0a18434021d26c9f5c6f
SHA1 444fa96432182d9857e87f5126959582c3f6c0a0
SHA256 e1f5bfb6499c2f8feb888199211f7022a780e17f521ff78a9a3247dd5d87153a
SHA512 b78f8a99f76c82a72a11c5339861d68d40f254d849ed750f97f85fac757b675805098d57b1dd853a3a87075c93bdcc8bcf40abbe9bd7c23d951078f971a458c9

memory/3136-16-0x00007FF70F230000-0x00007FF70F584000-memory.dmp

C:\Windows\System\loYvHik.exe

MD5 2440e521da4f5ffc64337eb84d35c51f
SHA1 4b4f3167d20d7f99daa04f8cbe2cad5a184e338f
SHA256 f9e16787e01e3c46984da1b00448b93b4ddcd33cdeef799ecfdd38b7f5f206c6
SHA512 29a3dff4da4e8710ebbf4d18722eb2a93892a572345a6f00d743420271df342b9b4e2721111367498a25b857ea68bdd84454d70c40a1e73d1b081e9a7b80fc7b

C:\Windows\System\SGOMcuf.exe

MD5 51a88ec943769593ce086f4066df7284
SHA1 dd2a266c1ea2a21feabea917f52997bb7bdaaab1
SHA256 9152a51c6b0515711f30e6ad32f94bc32a211aee15e3d09af5f9a0e6b9a47e80
SHA512 2594c2815512d2d1635315f5b3ae51b4ecc0c8886f197d36cd3519ec3e7145859ed870236b290e0735b43f1109d37b07280bf96137ef8144a3d78b3cc082dc46

C:\Windows\System\VkhDnny.exe

MD5 c8a5105b4f3e523a68e88de7cb8cb110
SHA1 a91cc0e1d169541f14bc63c6d2407a0e1503122e
SHA256 77c8757a909868276901384875e991643532fd7ad56a718f19932c04a6355003
SHA512 462546584352f02e8f0842b80c9824df21d9ed2aa3d547ba272dea6c250afe31aa08af975045c42563fd491e0dfb361033630079ff1a9876a52060205286f757

C:\Windows\System\GISqtzJ.exe

MD5 3b9524c510ad72a5a1f6ea4153ea89b1
SHA1 bfe3e9abe326d895520ced48c4110c3f787b29c3
SHA256 b88e059354a9db2fc1887d831a6f7c9451d78a254622b7271d1ade77dcdcc466
SHA512 895b179a49be2e56dac2af0166745ff049d5dd8161202d271f8d879bc7cba52e02440d6ed6418b968b6398d0863f39d78df20803fe1e12f9a186329f6d4f71dc

C:\Windows\System\yngJObD.exe

MD5 32cfa63d46ba546d6d7322e172f1eebe
SHA1 369f899a69d642fca3a7bab0f3a97af0ee0e93df
SHA256 5232827f82dd7ff0a4d11839c6413d3fdf14ac3aa1da99c4846dba6764acd808
SHA512 4c833dcc6115d4afaa4f369db955a32ad5404e486a35a61f9e3a5ef14eb4cd5fafee7dc5d8ffd1a6de8340f1840c50dbf6785d06e5d2bba59e5ab5a6e29e8841

C:\Windows\System\cKFqvHy.exe

MD5 eda90b1822f9512c77881ff43a1c5ed4
SHA1 56fd635f7cd25b08c3a20158fd3914e813a10bff
SHA256 3c4b6a6591537aa90ed9a0cd1fca38e5a97b0724fc106e3d1879e83e3335b068
SHA512 338d458085748896e601b31fe2398c286f870bcb70f78190aeb72e434e09ba8e31849aab2a4e3a528cb0ed4b833c1700c2ea0228c3f21ca837b8e15e152ae28d

C:\Windows\System\KeLKScK.exe

MD5 cb08c0fc5aaa47dacc67a546fae88277
SHA1 c957ffd556121a61bc8f07cbc8c924cb758711f9
SHA256 1e2a85d412326697658f3937d50b611b2f682c3ae736536d3a6133fdf872669b
SHA512 74db8c0610c29b2e0970753120c918bcd2d1b186743cc02aac364c7edf87d302c576793eac577e47ed9994679ec1ae854223a9b503e31d1285470eec20edc740

C:\Windows\System\JMbkwpK.exe

MD5 b14589933b2810c486cb7b8e7c37bf7e
SHA1 511764c45a1a738c6e00fdfedf3358148e316338
SHA256 d88d9e28011886e829a7e8867cd6499cb343311f3f3475f7b0213c503e955fb8
SHA512 9f0cca8c2a6811286cfb0f1ed10892b2f94ac97718d2267a5ae316e6846be77e199f94a1bdcef9bdf5ad00a7612e3f65a349551538cccf2015e5429dacd91c62

memory/2604-693-0x00007FF6DBD40000-0x00007FF6DC094000-memory.dmp

C:\Windows\System\vWXfCFa.exe

MD5 d9268945902a670cc2170b6b7b601739
SHA1 ff63155531987d58dc4d2a7e057e367bddb94f9c
SHA256 08ce378efe1961245ca3e2dda731001947d2b2002b5ed647c8443b76b4ef321a
SHA512 164edea8b69fb746cc97206ad7a0a7ea62322bc545d1fc196d9f31bf7df627a2b847dbe744bde2be079c8715be57c9c701b3a874d3f2f166e7ce49e093ba0d98

C:\Windows\System\icsdxzh.exe

MD5 887693f32f2d3f28defe7f6f211f5db0
SHA1 7ec950e35b074c699040e4c605353314125a3791
SHA256 fe124ab2cb8ef14bff5066bc67dde80e8c4c0096c87f5f5824d00016c681b0df
SHA512 47a21a482f2fd1b72b9fea9b27dcde0d3c6cc1b40e07e05ed190be54289bc94af21f2ec6c0ad6387c27b7b7ed1e85d8aa76a3077987f6b5f92a57e0bf23125a0

C:\Windows\System\AkUPqZU.exe

MD5 f96b29b2997ff9edad32c1310d6a5cf6
SHA1 9952ea907654425a8f3678337a20b8e7e8c2eb2c
SHA256 e961b7e350a5ab93257f8f7822aed03f63a650ea6841cdc9cb6a663081f5a968
SHA512 32c0718f2f66e9bea915e76b4bc6f5cbd387930256a89bcebd774bd57cd5300e870086aaba28fd946653d9c26e7a4b909f08633af18a30d5c92fdfee9413c02f

C:\Windows\System\myLGxMx.exe

MD5 a46802f4516c3786550f5632cfc286db
SHA1 3b0023e81b003b2c973b22efab93957ae156f3b4
SHA256 bacd6bf8439add0c14453d9e032753e407feb8be48635ba94af5079606ccff74
SHA512 dcb327893f55c794ff56e87549caa05c23518949c07ccdd46b91a15893de230046b0d7bbd5fbaa61c0b3dccf38f027d5c330f9ca8bf0d4a8b94773d1d4943ce8

C:\Windows\System\nRiIYpp.exe

MD5 d3b585dc96127460b875ba6c023564f1
SHA1 d77fae8611c82c12ef08bcf1c75812394b613c06
SHA256 5b6362bdcef5e5759c0335dd76ae6cec80e828513ebf6c8656415fb40e36a129
SHA512 a655877ded7ffa0dbc7ea9f762ed7f9ca4edb4aaf00adc208d878eae7f4c9d79abfade8b7a05a02f7d807ff056bec18ca597ed167b1ad388fd35ceb955b58707

C:\Windows\System\mBwmrCs.exe

MD5 7a945c2d5adc8bbf61261f60747ed242
SHA1 10aa13b47e5e7afae3041ea099a3984caa093da6
SHA256 69c9601c88f3c037c55cbe8ea30815e4c356731cab126f8d0f13d6238bb2479f
SHA512 5fc1171353e5a18ef7f99e6ea442f850c75ddc03fefdfc170adf5af7e4ac275112d988cb5b4a47727120ef8d95194408e66a20dbfc83873cb875342dd33aa95b

C:\Windows\System\KFtnuDn.exe

MD5 aeb79ae853d568223e64c6ff9b78de16
SHA1 60e38ced8df6bff5bc42a2d861cbca255eaa3e99
SHA256 804ebaaa199fce9f1d393546f749101a2537a2a76e3b0b9d924192aee5f232e3
SHA512 418f6fdc004c547a33623af738171961487ab3ae2f63ced47dcf0cdb8fb05f211731cc82416f27824b793a0e24a963e638e8faf1f024b3cbc34d31ff0ae364b4

C:\Windows\System\YfAEKEp.exe

MD5 cae35038932c7345391067a3b689fd6c
SHA1 6dc3a6b27a3f9863d56a21cfc9e637d54fc00f42
SHA256 1c230d505ada52d5fa4409575381f0b2bd99edce69db817f50fbca7112e5a5a8
SHA512 08ab2986cc2e0dfcab29fdd1d8bc2cde9ebe3a9317da8317b3c412555058d332cdc31f1b4812aeb6a5005c60767ba6caba75130a71c4133ba9d6346fa8695e83

C:\Windows\System\rlPlIiI.exe

MD5 dcd85a97db34277e0f55f64436d82f3a
SHA1 3d115069e496413eba05f0bebdf0d410fe2fe6bf
SHA256 3131d094280618500b3de1cb6b71ef751ca8835fbc00232d2c11123a57678b1e
SHA512 c1f8f9d4b77bc62e155fb5d04bcb415c0228b7829135209b7f79c9c3baa90399c1294bec0625c98d85083feee5a2e7c9e6d2d8e55a0667a7f3158f4592854075

C:\Windows\System\FolJjYj.exe

MD5 a141f916957427cf963272f6f43b4553
SHA1 1dcd3613deda09e74b4935934aeb6ab7459ae4cf
SHA256 e14ffff893d8dd826b3f9d6baf6e8536a627deaf0fa9fd6c5d125eb7f8b68090
SHA512 1ee9080c7a7f47aefc6cf39b79d983453dd434725c357d9bccf7a8cc9dd8005fa88e38c28f81a458a0feeca7d596b5ec806e2c3b1fdc030c3a33de2848aef209

C:\Windows\System\ngYnQAK.exe

MD5 89dd2ad5d4290b73b9aeff398ece80ac
SHA1 2d76c77a9f972e0a51620f7172c9fc465bb57a9d
SHA256 263e093f36fc4d82c3ab992125e40ec6f8262efdf9cef7b68b4c998a78e2079e
SHA512 92eb7c1c413809f9cae10da8f130db985a7ea4997b479e8625a3db823b0b5084ea3f047352340f7724c6af80300f51561978278880afa518601e3458417b78a7

C:\Windows\System\wxIfPAj.exe

MD5 4ed4d86f890d02e723b14cf1456dfc79
SHA1 a64d33ab9c6195c7254f9c0d1803e21ddf5a8992
SHA256 47b247620d329e6e50b36dedeb1fb97a0f432713c1129488802965d6990dd20d
SHA512 508618a7702109fc69ac8aaee7227956e76a8eac0464cfef5cd6dfd1e9496fbbba9f5e526e84fbd6c1f6740c0f8d9000da5c6936dd6cae31e388ed3b8870ee41

C:\Windows\System\xvFSIPw.exe

MD5 5bc970bc78edb32e5981614d10d9ae0e
SHA1 101b5e8bd49b5e6ff6c38781c41c4dc4f0007135
SHA256 488c7c57ed76ed3f2a1434fb75778b29cf2a1cb66a1e7822d3e77b372dad5c30
SHA512 51606684439e81dd3a6dce96f4b996d4ca8435991177d19da390e63da009fd4b9bd0a5c6331bb6ad7ea39962f76b43b046ccb250a831b534d1575979d1bb30af

C:\Windows\System\wdhFAdZ.exe

MD5 ecf72438ec0ccb757f6b604632d84998
SHA1 8e2d6cb8c52df21d9500beec05b3711d872de222
SHA256 faab181d9e0ec560f99e8027d30fbe2a7fab38952ead1e020b8801be7754e877
SHA512 e9b83d31b5ecfa21e325f3a29a111265ddc7ef3913b6836ec469204652af27230052d1f2da3ac94faca5b6a1033601b848082f02b9c63354f4975a2f4ebb8b73

C:\Windows\System\SpxeOiQ.exe

MD5 186fa5b02055113e70e4daa9eab0ff77
SHA1 b6a8ea85ece2034db1a6d1b62c71ef2e0f45f9a2
SHA256 2c4934bb0a1e651af4195cf02c5548898c027561a707ea733661b5b854c0bc75
SHA512 388e6836b2f7149ef8b4ddd8a9d26e1f52a808768f7dffc067d779fef28964e021f51fdb9760f4bfbbde11c84a3248fbf5bb2a266f3fb17cbba060d9295b37d6

C:\Windows\System\kfgOtMb.exe

MD5 def4c6db2d4b5b75653658caaba81f50
SHA1 bbff9787f8e120ad14b70032144469251a191b4d
SHA256 6835ca8ebddfbe8e5c8bc1da1e8710d2fb0714fad78cc736d9a2904c934e4a13
SHA512 e46c38e167b2d19c5dfff1c044162f3ac7e33753f0e78d5bf6f979a37ac246eb533dbbc808f420ff4176748589d20b34cd4a70daf4ad2933e85fbe6a3f469707

C:\Windows\System\HrIYSli.exe

MD5 c4878f83f38f3ab8ea19b9f9699c4522
SHA1 990cbff3803fff1aae5fcdd38f5f6bbd3488a386
SHA256 a403837d3762ce9b9f3d7747b2a637b862aa655e6c3ab63bc1be01d62775a4cc
SHA512 c3d7c5d6ca5e9d50005bd70bbc311df404cbf23e1f2d127398360abdd5c9c4fbd0c451de211eeb93d9624706426a1980a781bdff08aa00c1c2c9faf2b592d14c

C:\Windows\System\AFJIQZD.exe

MD5 150da87282a9dd2d77730a177be96906
SHA1 abcc6bdf6744ec02cacf6e813c8582838d762460
SHA256 44b71fc986f042d24511dafaa6273deabc7af546d871ec64ef93503c9b35f543
SHA512 4e535c3e6debbfd8fb7f87c78b52d231c23219ce67cc8742f8ef322f5185c69dbb4abac578c1168f6956e543ad7d2bb447d44636c1a2ba4dd52efdbfe39c6a06

C:\Windows\System\nCerbRd.exe

MD5 b70cfe9e6c5fdbbe4f6203bd3de3781b
SHA1 8d91fb9e9f72142c23052c8f18dbcd6eb4dc4c26
SHA256 dc73ddccc3991b69495a74845beec60e5b45adf594f0858106a352c83fc7571e
SHA512 f411359e0a3dbbb945695a21557c26d9b90dfdd67302633534731e2f20cb40eb6c528b59bf931accf90eeb1136d6de5cf6c583feb223117007bcdea40ccf8812

C:\Windows\System\FPEpCyA.exe

MD5 9ff061dbd4e920a41219435282502883
SHA1 325a94a7d23645534e072f208b64b52d6f611dce
SHA256 4d2761bf3b5915a2be7e6ca8d0023c58d31ddf30aced56d52b0bc86f8a1b3fef
SHA512 31391dffe7933c26ca679b1c0a1ae08f1099b5301013a9b1328ef62949764a68b908b837e67c4d8653aaa207d2abe8763a1b03150ad4922b945cddf8509995b7

C:\Windows\System\afAlCws.exe

MD5 f57f56640ccc73a6d1e21aca6aed0399
SHA1 bc55f476e390721df85d074e54f037df549449c6
SHA256 807e45e4ce13ff7bcc6a96779c2db4ea4dbe68627e43c895997c90268996d3a9
SHA512 7ff390a05a3ffa06e1dbc8d4b0a3dbc1009108a90f6cf9310ad232cbae0523d7341e9da41f50000c688b79b743edb1d754ac49dbe4178c97c0ff37b1dcb3c3cb

C:\Windows\System\tqAUaGC.exe

MD5 b0ec1bb2081b12f34bebdf85dbbdeb98
SHA1 71d9b0f4049040eae644a22c3fe7ebe3123410e1
SHA256 389f64fae7ce608aab3d6a5a68e2f1d22ad8e63c56efa708dd7f1716c1ac6fcf
SHA512 1c97560a706375625149ea90cd4767b779841ad0bf213495c3e61c091613ca5e6aca24404c6bf0fa54740cb2de9423e82fb933e2825141ad9aeb2a167157e333

C:\Windows\System\UAGjnSi.exe

MD5 ac7edbf5f80d9bd5080085aefa1960bc
SHA1 54fa200bcae7e062eca3a55c95fc57959256f77b
SHA256 16f5e89667e87fefdea49e370ad88c26945039c9e96a1cf4c033302478f00021
SHA512 bd58db468b1801b132d5a080db7d03d0405abe0cef2ad58e2f373ae9e7a15c1874f6a73d39afd509175f37c1812d2debf207ebad7b573d28c12b8c284417a1c9

memory/2120-37-0x00007FF7D6440000-0x00007FF7D6794000-memory.dmp

memory/1360-30-0x00007FF6D5C00000-0x00007FF6D5F54000-memory.dmp

memory/3076-25-0x00007FF79D310000-0x00007FF79D664000-memory.dmp

C:\Windows\System\jzNIkqA.exe

MD5 78b2415abae3c6dcba205437f60a3054
SHA1 a1eb1e071470fb4549f800dc6ce35baef5d5af61
SHA256 d6d28edccaeedfa8033ac137f4d8eb6a9ec5bd64a4bc8a7e8ab2a38ccfcef33a
SHA512 5a496983e17c690141987ef9626b193b203c1600a59fdb47cfb0fa59bbce677eea71d0e59b2f26228610897d821e48b014705c4be50246ca41a271ee3827f19a

memory/4260-694-0x00007FF6C7580000-0x00007FF6C78D4000-memory.dmp

memory/4124-695-0x00007FF606300000-0x00007FF606654000-memory.dmp

memory/4048-696-0x00007FF793380000-0x00007FF7936D4000-memory.dmp

memory/1568-697-0x00007FF618600000-0x00007FF618954000-memory.dmp

memory/2012-698-0x00007FF65C550000-0x00007FF65C8A4000-memory.dmp

memory/5112-699-0x00007FF7F9690000-0x00007FF7F99E4000-memory.dmp

memory/3616-700-0x00007FF712FC0000-0x00007FF713314000-memory.dmp

memory/1872-707-0x00007FF718210000-0x00007FF718564000-memory.dmp

memory/220-712-0x00007FF6E5930000-0x00007FF6E5C84000-memory.dmp

memory/4556-720-0x00007FF6DDF30000-0x00007FF6DE284000-memory.dmp

memory/2092-718-0x00007FF7E1B50000-0x00007FF7E1EA4000-memory.dmp

memory/1504-733-0x00007FF73E770000-0x00007FF73EAC4000-memory.dmp

memory/1380-739-0x00007FF7D0D10000-0x00007FF7D1064000-memory.dmp

memory/1904-751-0x00007FF731BA0000-0x00007FF731EF4000-memory.dmp

memory/5032-755-0x00007FF7DF4C0000-0x00007FF7DF814000-memory.dmp

memory/748-768-0x00007FF64C2E0000-0x00007FF64C634000-memory.dmp

memory/1752-770-0x00007FF686DC0000-0x00007FF687114000-memory.dmp

memory/3316-775-0x00007FF65CBC0000-0x00007FF65CF14000-memory.dmp

memory/4868-778-0x00007FF68A670000-0x00007FF68A9C4000-memory.dmp

memory/4080-771-0x00007FF749950000-0x00007FF749CA4000-memory.dmp

memory/324-765-0x00007FF64A0C0000-0x00007FF64A414000-memory.dmp

memory/2936-761-0x00007FF79BE10000-0x00007FF79C164000-memory.dmp

memory/60-743-0x00007FF79EA10000-0x00007FF79ED64000-memory.dmp

memory/4604-726-0x00007FF706FF0000-0x00007FF707344000-memory.dmp

memory/1924-1069-0x00007FF638550000-0x00007FF6388A4000-memory.dmp

memory/3076-1070-0x00007FF79D310000-0x00007FF79D664000-memory.dmp

memory/1360-1071-0x00007FF6D5C00000-0x00007FF6D5F54000-memory.dmp

memory/3136-1072-0x00007FF70F230000-0x00007FF70F584000-memory.dmp

memory/2120-1073-0x00007FF7D6440000-0x00007FF7D6794000-memory.dmp

memory/3076-1074-0x00007FF79D310000-0x00007FF79D664000-memory.dmp

memory/1360-1078-0x00007FF6D5C00000-0x00007FF6D5F54000-memory.dmp

memory/4048-1079-0x00007FF793380000-0x00007FF7936D4000-memory.dmp

memory/4260-1077-0x00007FF6C7580000-0x00007FF6C78D4000-memory.dmp

memory/1568-1080-0x00007FF618600000-0x00007FF618954000-memory.dmp

memory/4868-1076-0x00007FF68A670000-0x00007FF68A9C4000-memory.dmp

memory/4124-1075-0x00007FF606300000-0x00007FF606654000-memory.dmp

memory/3316-1082-0x00007FF65CBC0000-0x00007FF65CF14000-memory.dmp

memory/2604-1081-0x00007FF6DBD40000-0x00007FF6DC094000-memory.dmp

memory/2936-1092-0x00007FF79BE10000-0x00007FF79C164000-memory.dmp

memory/1752-1100-0x00007FF686DC0000-0x00007FF687114000-memory.dmp

memory/1904-1099-0x00007FF731BA0000-0x00007FF731EF4000-memory.dmp

memory/60-1098-0x00007FF79EA10000-0x00007FF79ED64000-memory.dmp

memory/1380-1097-0x00007FF7D0D10000-0x00007FF7D1064000-memory.dmp

memory/1504-1096-0x00007FF73E770000-0x00007FF73EAC4000-memory.dmp

memory/4556-1095-0x00007FF6DDF30000-0x00007FF6DE284000-memory.dmp

memory/2092-1094-0x00007FF7E1B50000-0x00007FF7E1EA4000-memory.dmp

memory/5032-1091-0x00007FF7DF4C0000-0x00007FF7DF814000-memory.dmp

memory/4604-1090-0x00007FF706FF0000-0x00007FF707344000-memory.dmp

memory/1872-1089-0x00007FF718210000-0x00007FF718564000-memory.dmp

memory/220-1088-0x00007FF6E5930000-0x00007FF6E5C84000-memory.dmp

memory/3616-1087-0x00007FF712FC0000-0x00007FF713314000-memory.dmp

memory/4080-1086-0x00007FF749950000-0x00007FF749CA4000-memory.dmp

memory/2012-1085-0x00007FF65C550000-0x00007FF65C8A4000-memory.dmp

memory/324-1084-0x00007FF64A0C0000-0x00007FF64A414000-memory.dmp

memory/748-1093-0x00007FF64C2E0000-0x00007FF64C634000-memory.dmp

memory/5112-1083-0x00007FF7F9690000-0x00007FF7F99E4000-memory.dmp