Malware Analysis Report

2024-10-16 07:36

Sample ID 240601-f49vwsbd5z
Target 8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe
SHA256 9382988ece712442cb8e606af10d60bc8a9aeb6ca44bb0b6db3ddcf89e1c32c4
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9382988ece712442cb8e606af10d60bc8a9aeb6ca44bb0b6db3ddcf89e1c32c4

Threat Level: Known bad

The file 8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

KPOT Core Executable

Xmrig family

xmrig

XMRig Miner payload

Kpot family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:26

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:26

Reported

2024-06-01 05:29

Platform

win7-20240220-en

Max time kernel

141s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cYEKgvR.exe N/A
N/A N/A C:\Windows\System\jaWvpIY.exe N/A
N/A N/A C:\Windows\System\hJhaPrt.exe N/A
N/A N/A C:\Windows\System\VdeXRcG.exe N/A
N/A N/A C:\Windows\System\jzcfUJm.exe N/A
N/A N/A C:\Windows\System\ztrNtuu.exe N/A
N/A N/A C:\Windows\System\LFwPsen.exe N/A
N/A N/A C:\Windows\System\UTEuUTw.exe N/A
N/A N/A C:\Windows\System\IiyJtTB.exe N/A
N/A N/A C:\Windows\System\JQXUyDy.exe N/A
N/A N/A C:\Windows\System\MFnSHYH.exe N/A
N/A N/A C:\Windows\System\TllQTFT.exe N/A
N/A N/A C:\Windows\System\tboKjwM.exe N/A
N/A N/A C:\Windows\System\Ldpzhov.exe N/A
N/A N/A C:\Windows\System\JKeEsKp.exe N/A
N/A N/A C:\Windows\System\jDraTRq.exe N/A
N/A N/A C:\Windows\System\OgYHCNc.exe N/A
N/A N/A C:\Windows\System\UoJvNhx.exe N/A
N/A N/A C:\Windows\System\CqviUNd.exe N/A
N/A N/A C:\Windows\System\VYNFPRo.exe N/A
N/A N/A C:\Windows\System\SDlIgbY.exe N/A
N/A N/A C:\Windows\System\GLLCFRh.exe N/A
N/A N/A C:\Windows\System\sFgPuZQ.exe N/A
N/A N/A C:\Windows\System\vouZsrb.exe N/A
N/A N/A C:\Windows\System\YChWLhs.exe N/A
N/A N/A C:\Windows\System\SbmShMv.exe N/A
N/A N/A C:\Windows\System\ORfNRSK.exe N/A
N/A N/A C:\Windows\System\LqpwdCn.exe N/A
N/A N/A C:\Windows\System\DXGqTAH.exe N/A
N/A N/A C:\Windows\System\diauYzd.exe N/A
N/A N/A C:\Windows\System\azpycvN.exe N/A
N/A N/A C:\Windows\System\bzTPpId.exe N/A
N/A N/A C:\Windows\System\CULiuCB.exe N/A
N/A N/A C:\Windows\System\bGpiwtS.exe N/A
N/A N/A C:\Windows\System\gksRopT.exe N/A
N/A N/A C:\Windows\System\QPcDMid.exe N/A
N/A N/A C:\Windows\System\QwhEDBM.exe N/A
N/A N/A C:\Windows\System\MkcDkiS.exe N/A
N/A N/A C:\Windows\System\JiQJNqt.exe N/A
N/A N/A C:\Windows\System\EPGcBKa.exe N/A
N/A N/A C:\Windows\System\qVtATeM.exe N/A
N/A N/A C:\Windows\System\WMZCrvn.exe N/A
N/A N/A C:\Windows\System\bLboddV.exe N/A
N/A N/A C:\Windows\System\DYLbecT.exe N/A
N/A N/A C:\Windows\System\HKPREmm.exe N/A
N/A N/A C:\Windows\System\SlNdXAS.exe N/A
N/A N/A C:\Windows\System\oGSQpYW.exe N/A
N/A N/A C:\Windows\System\BrAMyGi.exe N/A
N/A N/A C:\Windows\System\rIuSGAu.exe N/A
N/A N/A C:\Windows\System\TnTEKwz.exe N/A
N/A N/A C:\Windows\System\OufYlER.exe N/A
N/A N/A C:\Windows\System\fBoUuok.exe N/A
N/A N/A C:\Windows\System\dYwXwDR.exe N/A
N/A N/A C:\Windows\System\Gktrfxe.exe N/A
N/A N/A C:\Windows\System\GcvlJgc.exe N/A
N/A N/A C:\Windows\System\krYtjsb.exe N/A
N/A N/A C:\Windows\System\ljtLSvl.exe N/A
N/A N/A C:\Windows\System\AsSYeTm.exe N/A
N/A N/A C:\Windows\System\WSwweYW.exe N/A
N/A N/A C:\Windows\System\FKlREmo.exe N/A
N/A N/A C:\Windows\System\ZiNnSbi.exe N/A
N/A N/A C:\Windows\System\oBZyVfn.exe N/A
N/A N/A C:\Windows\System\bOcAEBj.exe N/A
N/A N/A C:\Windows\System\fVNajhn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cPUuSEa.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEJIqJa.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bRnsheq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPDOpWn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiHHJRn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IchGjGl.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaxZLDn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XcEyIOp.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjJGeNH.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DydGJXz.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQcoxkp.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqviUNd.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGSQpYW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OUbukjG.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOgMQVP.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WbHsHrz.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eoePDWg.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hFDHkMW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQuznDt.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RODvtwy.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBZyVfn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KsDhmaU.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVWPuKW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrPOFjE.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oziotLI.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzAINVZ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UTEuUTw.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMZCrvn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMZGBAc.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHZHpYH.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPGcBKa.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLboddV.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgBTaYG.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEChMsQ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QYctrrr.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbLniqZ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgYHCNc.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOuSOfT.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lhHIUOY.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\STcAMgl.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cURkiyQ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vrEWEXO.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSGVfmq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYYCqbp.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VdeXRcG.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OufYlER.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEKkpom.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TiefkBW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvaCesC.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFPBMvc.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IiyJtTB.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDraTRq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwhEDBM.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iSFfKuG.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OreWOnR.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gksRopT.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMSNmKR.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSkVDjK.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYEKgvR.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AEzyTxi.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFigVsp.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsDQItT.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjkzTTQ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFgPuZQ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\cYEKgvR.exe
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\cYEKgvR.exe
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\cYEKgvR.exe
PID 1684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jaWvpIY.exe
PID 1684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jaWvpIY.exe
PID 1684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jaWvpIY.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\hJhaPrt.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\hJhaPrt.exe
PID 1684 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\hJhaPrt.exe
PID 1684 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VdeXRcG.exe
PID 1684 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VdeXRcG.exe
PID 1684 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VdeXRcG.exe
PID 1684 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jzcfUJm.exe
PID 1684 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jzcfUJm.exe
PID 1684 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jzcfUJm.exe
PID 1684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\ztrNtuu.exe
PID 1684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\ztrNtuu.exe
PID 1684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\ztrNtuu.exe
PID 1684 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UTEuUTw.exe
PID 1684 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UTEuUTw.exe
PID 1684 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UTEuUTw.exe
PID 1684 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\LFwPsen.exe
PID 1684 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\LFwPsen.exe
PID 1684 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\LFwPsen.exe
PID 1684 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\IiyJtTB.exe
PID 1684 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\IiyJtTB.exe
PID 1684 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\IiyJtTB.exe
PID 1684 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JQXUyDy.exe
PID 1684 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JQXUyDy.exe
PID 1684 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JQXUyDy.exe
PID 1684 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\MFnSHYH.exe
PID 1684 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\MFnSHYH.exe
PID 1684 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\MFnSHYH.exe
PID 1684 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TllQTFT.exe
PID 1684 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TllQTFT.exe
PID 1684 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TllQTFT.exe
PID 1684 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\tboKjwM.exe
PID 1684 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\tboKjwM.exe
PID 1684 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\tboKjwM.exe
PID 1684 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\Ldpzhov.exe
PID 1684 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\Ldpzhov.exe
PID 1684 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\Ldpzhov.exe
PID 1684 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JKeEsKp.exe
PID 1684 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JKeEsKp.exe
PID 1684 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\JKeEsKp.exe
PID 1684 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jDraTRq.exe
PID 1684 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jDraTRq.exe
PID 1684 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jDraTRq.exe
PID 1684 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\OgYHCNc.exe
PID 1684 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\OgYHCNc.exe
PID 1684 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\OgYHCNc.exe
PID 1684 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UoJvNhx.exe
PID 1684 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UoJvNhx.exe
PID 1684 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\UoJvNhx.exe
PID 1684 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CqviUNd.exe
PID 1684 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CqviUNd.exe
PID 1684 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CqviUNd.exe
PID 1684 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VYNFPRo.exe
PID 1684 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VYNFPRo.exe
PID 1684 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\VYNFPRo.exe
PID 1684 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\SDlIgbY.exe
PID 1684 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\SDlIgbY.exe
PID 1684 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\SDlIgbY.exe
PID 1684 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\GLLCFRh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe"

C:\Windows\System\cYEKgvR.exe

C:\Windows\System\cYEKgvR.exe

C:\Windows\System\jaWvpIY.exe

C:\Windows\System\jaWvpIY.exe

C:\Windows\System\hJhaPrt.exe

C:\Windows\System\hJhaPrt.exe

C:\Windows\System\VdeXRcG.exe

C:\Windows\System\VdeXRcG.exe

C:\Windows\System\jzcfUJm.exe

C:\Windows\System\jzcfUJm.exe

C:\Windows\System\ztrNtuu.exe

C:\Windows\System\ztrNtuu.exe

C:\Windows\System\UTEuUTw.exe

C:\Windows\System\UTEuUTw.exe

C:\Windows\System\LFwPsen.exe

C:\Windows\System\LFwPsen.exe

C:\Windows\System\IiyJtTB.exe

C:\Windows\System\IiyJtTB.exe

C:\Windows\System\JQXUyDy.exe

C:\Windows\System\JQXUyDy.exe

C:\Windows\System\MFnSHYH.exe

C:\Windows\System\MFnSHYH.exe

C:\Windows\System\TllQTFT.exe

C:\Windows\System\TllQTFT.exe

C:\Windows\System\tboKjwM.exe

C:\Windows\System\tboKjwM.exe

C:\Windows\System\Ldpzhov.exe

C:\Windows\System\Ldpzhov.exe

C:\Windows\System\JKeEsKp.exe

C:\Windows\System\JKeEsKp.exe

C:\Windows\System\jDraTRq.exe

C:\Windows\System\jDraTRq.exe

C:\Windows\System\OgYHCNc.exe

C:\Windows\System\OgYHCNc.exe

C:\Windows\System\UoJvNhx.exe

C:\Windows\System\UoJvNhx.exe

C:\Windows\System\CqviUNd.exe

C:\Windows\System\CqviUNd.exe

C:\Windows\System\VYNFPRo.exe

C:\Windows\System\VYNFPRo.exe

C:\Windows\System\SDlIgbY.exe

C:\Windows\System\SDlIgbY.exe

C:\Windows\System\GLLCFRh.exe

C:\Windows\System\GLLCFRh.exe

C:\Windows\System\sFgPuZQ.exe

C:\Windows\System\sFgPuZQ.exe

C:\Windows\System\vouZsrb.exe

C:\Windows\System\vouZsrb.exe

C:\Windows\System\YChWLhs.exe

C:\Windows\System\YChWLhs.exe

C:\Windows\System\SbmShMv.exe

C:\Windows\System\SbmShMv.exe

C:\Windows\System\ORfNRSK.exe

C:\Windows\System\ORfNRSK.exe

C:\Windows\System\LqpwdCn.exe

C:\Windows\System\LqpwdCn.exe

C:\Windows\System\DXGqTAH.exe

C:\Windows\System\DXGqTAH.exe

C:\Windows\System\diauYzd.exe

C:\Windows\System\diauYzd.exe

C:\Windows\System\azpycvN.exe

C:\Windows\System\azpycvN.exe

C:\Windows\System\bzTPpId.exe

C:\Windows\System\bzTPpId.exe

C:\Windows\System\bGpiwtS.exe

C:\Windows\System\bGpiwtS.exe

C:\Windows\System\CULiuCB.exe

C:\Windows\System\CULiuCB.exe

C:\Windows\System\gksRopT.exe

C:\Windows\System\gksRopT.exe

C:\Windows\System\QPcDMid.exe

C:\Windows\System\QPcDMid.exe

C:\Windows\System\QwhEDBM.exe

C:\Windows\System\QwhEDBM.exe

C:\Windows\System\MkcDkiS.exe

C:\Windows\System\MkcDkiS.exe

C:\Windows\System\JiQJNqt.exe

C:\Windows\System\JiQJNqt.exe

C:\Windows\System\EPGcBKa.exe

C:\Windows\System\EPGcBKa.exe

C:\Windows\System\qVtATeM.exe

C:\Windows\System\qVtATeM.exe

C:\Windows\System\WMZCrvn.exe

C:\Windows\System\WMZCrvn.exe

C:\Windows\System\bLboddV.exe

C:\Windows\System\bLboddV.exe

C:\Windows\System\DYLbecT.exe

C:\Windows\System\DYLbecT.exe

C:\Windows\System\HKPREmm.exe

C:\Windows\System\HKPREmm.exe

C:\Windows\System\SlNdXAS.exe

C:\Windows\System\SlNdXAS.exe

C:\Windows\System\oGSQpYW.exe

C:\Windows\System\oGSQpYW.exe

C:\Windows\System\BrAMyGi.exe

C:\Windows\System\BrAMyGi.exe

C:\Windows\System\rIuSGAu.exe

C:\Windows\System\rIuSGAu.exe

C:\Windows\System\TnTEKwz.exe

C:\Windows\System\TnTEKwz.exe

C:\Windows\System\OufYlER.exe

C:\Windows\System\OufYlER.exe

C:\Windows\System\fBoUuok.exe

C:\Windows\System\fBoUuok.exe

C:\Windows\System\dYwXwDR.exe

C:\Windows\System\dYwXwDR.exe

C:\Windows\System\Gktrfxe.exe

C:\Windows\System\Gktrfxe.exe

C:\Windows\System\GcvlJgc.exe

C:\Windows\System\GcvlJgc.exe

C:\Windows\System\krYtjsb.exe

C:\Windows\System\krYtjsb.exe

C:\Windows\System\ljtLSvl.exe

C:\Windows\System\ljtLSvl.exe

C:\Windows\System\AsSYeTm.exe

C:\Windows\System\AsSYeTm.exe

C:\Windows\System\WSwweYW.exe

C:\Windows\System\WSwweYW.exe

C:\Windows\System\FKlREmo.exe

C:\Windows\System\FKlREmo.exe

C:\Windows\System\ZiNnSbi.exe

C:\Windows\System\ZiNnSbi.exe

C:\Windows\System\oBZyVfn.exe

C:\Windows\System\oBZyVfn.exe

C:\Windows\System\bOcAEBj.exe

C:\Windows\System\bOcAEBj.exe

C:\Windows\System\fVNajhn.exe

C:\Windows\System\fVNajhn.exe

C:\Windows\System\jNpgFom.exe

C:\Windows\System\jNpgFom.exe

C:\Windows\System\KwSdGkl.exe

C:\Windows\System\KwSdGkl.exe

C:\Windows\System\UTEMDWA.exe

C:\Windows\System\UTEMDWA.exe

C:\Windows\System\zyDYjGB.exe

C:\Windows\System\zyDYjGB.exe

C:\Windows\System\etPdjeR.exe

C:\Windows\System\etPdjeR.exe

C:\Windows\System\npfIMil.exe

C:\Windows\System\npfIMil.exe

C:\Windows\System\DPBdlFM.exe

C:\Windows\System\DPBdlFM.exe

C:\Windows\System\UlIohfW.exe

C:\Windows\System\UlIohfW.exe

C:\Windows\System\OUbukjG.exe

C:\Windows\System\OUbukjG.exe

C:\Windows\System\mRHinOs.exe

C:\Windows\System\mRHinOs.exe

C:\Windows\System\HNYuItR.exe

C:\Windows\System\HNYuItR.exe

C:\Windows\System\iPfEQZk.exe

C:\Windows\System\iPfEQZk.exe

C:\Windows\System\KaxZLDn.exe

C:\Windows\System\KaxZLDn.exe

C:\Windows\System\ShkFECh.exe

C:\Windows\System\ShkFECh.exe

C:\Windows\System\ZedYBRz.exe

C:\Windows\System\ZedYBRz.exe

C:\Windows\System\hcscIfN.exe

C:\Windows\System\hcscIfN.exe

C:\Windows\System\uskRtUt.exe

C:\Windows\System\uskRtUt.exe

C:\Windows\System\ZoJDpxv.exe

C:\Windows\System\ZoJDpxv.exe

C:\Windows\System\mwYsIde.exe

C:\Windows\System\mwYsIde.exe

C:\Windows\System\PybrASF.exe

C:\Windows\System\PybrASF.exe

C:\Windows\System\vCrbOUJ.exe

C:\Windows\System\vCrbOUJ.exe

C:\Windows\System\chGtBkP.exe

C:\Windows\System\chGtBkP.exe

C:\Windows\System\GedrStA.exe

C:\Windows\System\GedrStA.exe

C:\Windows\System\jWOpwYL.exe

C:\Windows\System\jWOpwYL.exe

C:\Windows\System\BEKkpom.exe

C:\Windows\System\BEKkpom.exe

C:\Windows\System\yhneipi.exe

C:\Windows\System\yhneipi.exe

C:\Windows\System\EolYlNR.exe

C:\Windows\System\EolYlNR.exe

C:\Windows\System\FIzVpUE.exe

C:\Windows\System\FIzVpUE.exe

C:\Windows\System\vgBTaYG.exe

C:\Windows\System\vgBTaYG.exe

C:\Windows\System\DGpUisH.exe

C:\Windows\System\DGpUisH.exe

C:\Windows\System\YOuSOfT.exe

C:\Windows\System\YOuSOfT.exe

C:\Windows\System\LAqiLYU.exe

C:\Windows\System\LAqiLYU.exe

C:\Windows\System\fSCYzQk.exe

C:\Windows\System\fSCYzQk.exe

C:\Windows\System\YncGbcR.exe

C:\Windows\System\YncGbcR.exe

C:\Windows\System\dXoIXdl.exe

C:\Windows\System\dXoIXdl.exe

C:\Windows\System\ngsskuU.exe

C:\Windows\System\ngsskuU.exe

C:\Windows\System\gZTKgCz.exe

C:\Windows\System\gZTKgCz.exe

C:\Windows\System\STcAMgl.exe

C:\Windows\System\STcAMgl.exe

C:\Windows\System\vpCveLU.exe

C:\Windows\System\vpCveLU.exe

C:\Windows\System\zhTXJFA.exe

C:\Windows\System\zhTXJFA.exe

C:\Windows\System\gJYYyKs.exe

C:\Windows\System\gJYYyKs.exe

C:\Windows\System\MnJDmSy.exe

C:\Windows\System\MnJDmSy.exe

C:\Windows\System\WbHsHrz.exe

C:\Windows\System\WbHsHrz.exe

C:\Windows\System\VQEGrPW.exe

C:\Windows\System\VQEGrPW.exe

C:\Windows\System\vDIinLM.exe

C:\Windows\System\vDIinLM.exe

C:\Windows\System\EnyNKWL.exe

C:\Windows\System\EnyNKWL.exe

C:\Windows\System\eOclcUZ.exe

C:\Windows\System\eOclcUZ.exe

C:\Windows\System\vWzBAop.exe

C:\Windows\System\vWzBAop.exe

C:\Windows\System\kQaEjkf.exe

C:\Windows\System\kQaEjkf.exe

C:\Windows\System\PPDOpWn.exe

C:\Windows\System\PPDOpWn.exe

C:\Windows\System\UdlAonB.exe

C:\Windows\System\UdlAonB.exe

C:\Windows\System\ycBPKDR.exe

C:\Windows\System\ycBPKDR.exe

C:\Windows\System\uCpNvEW.exe

C:\Windows\System\uCpNvEW.exe

C:\Windows\System\hCwvuZB.exe

C:\Windows\System\hCwvuZB.exe

C:\Windows\System\LHZHpYH.exe

C:\Windows\System\LHZHpYH.exe

C:\Windows\System\impKOHB.exe

C:\Windows\System\impKOHB.exe

C:\Windows\System\FPozgBF.exe

C:\Windows\System\FPozgBF.exe

C:\Windows\System\BGWUcYZ.exe

C:\Windows\System\BGWUcYZ.exe

C:\Windows\System\gEdXEKs.exe

C:\Windows\System\gEdXEKs.exe

C:\Windows\System\OOVcwYc.exe

C:\Windows\System\OOVcwYc.exe

C:\Windows\System\MYqCFts.exe

C:\Windows\System\MYqCFts.exe

C:\Windows\System\xrmrQTR.exe

C:\Windows\System\xrmrQTR.exe

C:\Windows\System\mtChSOB.exe

C:\Windows\System\mtChSOB.exe

C:\Windows\System\btDMTee.exe

C:\Windows\System\btDMTee.exe

C:\Windows\System\gtxbXMJ.exe

C:\Windows\System\gtxbXMJ.exe

C:\Windows\System\aDIjGAn.exe

C:\Windows\System\aDIjGAn.exe

C:\Windows\System\EMZGBAc.exe

C:\Windows\System\EMZGBAc.exe

C:\Windows\System\QQzXNel.exe

C:\Windows\System\QQzXNel.exe

C:\Windows\System\mFgXCIH.exe

C:\Windows\System\mFgXCIH.exe

C:\Windows\System\BMSNmKR.exe

C:\Windows\System\BMSNmKR.exe

C:\Windows\System\QExGaxh.exe

C:\Windows\System\QExGaxh.exe

C:\Windows\System\SrbZYwG.exe

C:\Windows\System\SrbZYwG.exe

C:\Windows\System\LuQBziV.exe

C:\Windows\System\LuQBziV.exe

C:\Windows\System\YryCHqj.exe

C:\Windows\System\YryCHqj.exe

C:\Windows\System\ioTqkXn.exe

C:\Windows\System\ioTqkXn.exe

C:\Windows\System\IyNxeIa.exe

C:\Windows\System\IyNxeIa.exe

C:\Windows\System\BwToqvj.exe

C:\Windows\System\BwToqvj.exe

C:\Windows\System\zYLxHjh.exe

C:\Windows\System\zYLxHjh.exe

C:\Windows\System\MKLaOKv.exe

C:\Windows\System\MKLaOKv.exe

C:\Windows\System\MmKVrpV.exe

C:\Windows\System\MmKVrpV.exe

C:\Windows\System\BMzrRGH.exe

C:\Windows\System\BMzrRGH.exe

C:\Windows\System\wZWroxU.exe

C:\Windows\System\wZWroxU.exe

C:\Windows\System\iwWOzNI.exe

C:\Windows\System\iwWOzNI.exe

C:\Windows\System\vZwnrmG.exe

C:\Windows\System\vZwnrmG.exe

C:\Windows\System\wDqJicC.exe

C:\Windows\System\wDqJicC.exe

C:\Windows\System\gjtpSYX.exe

C:\Windows\System\gjtpSYX.exe

C:\Windows\System\ifRbCsu.exe

C:\Windows\System\ifRbCsu.exe

C:\Windows\System\XiLTOJa.exe

C:\Windows\System\XiLTOJa.exe

C:\Windows\System\FubPvRi.exe

C:\Windows\System\FubPvRi.exe

C:\Windows\System\DSuySxJ.exe

C:\Windows\System\DSuySxJ.exe

C:\Windows\System\qdgHRAU.exe

C:\Windows\System\qdgHRAU.exe

C:\Windows\System\hLlyqBP.exe

C:\Windows\System\hLlyqBP.exe

C:\Windows\System\rHjTvHO.exe

C:\Windows\System\rHjTvHO.exe

C:\Windows\System\HVoMJjs.exe

C:\Windows\System\HVoMJjs.exe

C:\Windows\System\EBTbyhe.exe

C:\Windows\System\EBTbyhe.exe

C:\Windows\System\TiefkBW.exe

C:\Windows\System\TiefkBW.exe

C:\Windows\System\eHKcTJf.exe

C:\Windows\System\eHKcTJf.exe

C:\Windows\System\KsDhmaU.exe

C:\Windows\System\KsDhmaU.exe

C:\Windows\System\oBOcgiO.exe

C:\Windows\System\oBOcgiO.exe

C:\Windows\System\peMTUDR.exe

C:\Windows\System\peMTUDR.exe

C:\Windows\System\YJHnMPN.exe

C:\Windows\System\YJHnMPN.exe

C:\Windows\System\uTfdSUn.exe

C:\Windows\System\uTfdSUn.exe

C:\Windows\System\YIIeDnw.exe

C:\Windows\System\YIIeDnw.exe

C:\Windows\System\vMXFAMp.exe

C:\Windows\System\vMXFAMp.exe

C:\Windows\System\MJHJaPC.exe

C:\Windows\System\MJHJaPC.exe

C:\Windows\System\eoePDWg.exe

C:\Windows\System\eoePDWg.exe

C:\Windows\System\ysRMUJo.exe

C:\Windows\System\ysRMUJo.exe

C:\Windows\System\ehniNgv.exe

C:\Windows\System\ehniNgv.exe

C:\Windows\System\IFvuaxR.exe

C:\Windows\System\IFvuaxR.exe

C:\Windows\System\oVWPuKW.exe

C:\Windows\System\oVWPuKW.exe

C:\Windows\System\GOifUOK.exe

C:\Windows\System\GOifUOK.exe

C:\Windows\System\XcEyIOp.exe

C:\Windows\System\XcEyIOp.exe

C:\Windows\System\VwtmpbS.exe

C:\Windows\System\VwtmpbS.exe

C:\Windows\System\TFJbrcy.exe

C:\Windows\System\TFJbrcy.exe

C:\Windows\System\zGQXmpo.exe

C:\Windows\System\zGQXmpo.exe

C:\Windows\System\LmGjvsw.exe

C:\Windows\System\LmGjvsw.exe

C:\Windows\System\gqPzUQP.exe

C:\Windows\System\gqPzUQP.exe

C:\Windows\System\ypioFal.exe

C:\Windows\System\ypioFal.exe

C:\Windows\System\amfniGw.exe

C:\Windows\System\amfniGw.exe

C:\Windows\System\gXUSUCW.exe

C:\Windows\System\gXUSUCW.exe

C:\Windows\System\obaELdz.exe

C:\Windows\System\obaELdz.exe

C:\Windows\System\qeUfFxE.exe

C:\Windows\System\qeUfFxE.exe

C:\Windows\System\DgjxABX.exe

C:\Windows\System\DgjxABX.exe

C:\Windows\System\aHFYdwl.exe

C:\Windows\System\aHFYdwl.exe

C:\Windows\System\qkkjWfN.exe

C:\Windows\System\qkkjWfN.exe

C:\Windows\System\kNzFzCA.exe

C:\Windows\System\kNzFzCA.exe

C:\Windows\System\AEzyTxi.exe

C:\Windows\System\AEzyTxi.exe

C:\Windows\System\rrPOFjE.exe

C:\Windows\System\rrPOFjE.exe

C:\Windows\System\EiRjhXl.exe

C:\Windows\System\EiRjhXl.exe

C:\Windows\System\XRMgUMs.exe

C:\Windows\System\XRMgUMs.exe

C:\Windows\System\NGcCNzn.exe

C:\Windows\System\NGcCNzn.exe

C:\Windows\System\XCTyAdz.exe

C:\Windows\System\XCTyAdz.exe

C:\Windows\System\rcvHLFR.exe

C:\Windows\System\rcvHLFR.exe

C:\Windows\System\nvijqPf.exe

C:\Windows\System\nvijqPf.exe

C:\Windows\System\kRwHQYA.exe

C:\Windows\System\kRwHQYA.exe

C:\Windows\System\kozhzUl.exe

C:\Windows\System\kozhzUl.exe

C:\Windows\System\TksUzWu.exe

C:\Windows\System\TksUzWu.exe

C:\Windows\System\ibaKWKV.exe

C:\Windows\System\ibaKWKV.exe

C:\Windows\System\yocZuQM.exe

C:\Windows\System\yocZuQM.exe

C:\Windows\System\wAvAMoG.exe

C:\Windows\System\wAvAMoG.exe

C:\Windows\System\wrGxfrq.exe

C:\Windows\System\wrGxfrq.exe

C:\Windows\System\DcldjGq.exe

C:\Windows\System\DcldjGq.exe

C:\Windows\System\CitlIBp.exe

C:\Windows\System\CitlIBp.exe

C:\Windows\System\oziotLI.exe

C:\Windows\System\oziotLI.exe

C:\Windows\System\XrymdKG.exe

C:\Windows\System\XrymdKG.exe

C:\Windows\System\SJFuBlZ.exe

C:\Windows\System\SJFuBlZ.exe

C:\Windows\System\zyiuguV.exe

C:\Windows\System\zyiuguV.exe

C:\Windows\System\KsNYiQO.exe

C:\Windows\System\KsNYiQO.exe

C:\Windows\System\CiHHJRn.exe

C:\Windows\System\CiHHJRn.exe

C:\Windows\System\rqHKkPs.exe

C:\Windows\System\rqHKkPs.exe

C:\Windows\System\IkIhLBB.exe

C:\Windows\System\IkIhLBB.exe

C:\Windows\System\zIHNjyF.exe

C:\Windows\System\zIHNjyF.exe

C:\Windows\System\rIbmykb.exe

C:\Windows\System\rIbmykb.exe

C:\Windows\System\lhHIUOY.exe

C:\Windows\System\lhHIUOY.exe

C:\Windows\System\RsxMjGe.exe

C:\Windows\System\RsxMjGe.exe

C:\Windows\System\kVXlTsP.exe

C:\Windows\System\kVXlTsP.exe

C:\Windows\System\EQuznDt.exe

C:\Windows\System\EQuznDt.exe

C:\Windows\System\VFigVsp.exe

C:\Windows\System\VFigVsp.exe

C:\Windows\System\TJglKCj.exe

C:\Windows\System\TJglKCj.exe

C:\Windows\System\MslEzvs.exe

C:\Windows\System\MslEzvs.exe

C:\Windows\System\TEChMsQ.exe

C:\Windows\System\TEChMsQ.exe

C:\Windows\System\FbLIUQz.exe

C:\Windows\System\FbLIUQz.exe

C:\Windows\System\fwFSIiH.exe

C:\Windows\System\fwFSIiH.exe

C:\Windows\System\mYYbenI.exe

C:\Windows\System\mYYbenI.exe

C:\Windows\System\trRTSpP.exe

C:\Windows\System\trRTSpP.exe

C:\Windows\System\oaCEnaJ.exe

C:\Windows\System\oaCEnaJ.exe

C:\Windows\System\vvaCesC.exe

C:\Windows\System\vvaCesC.exe

C:\Windows\System\IyzDBGG.exe

C:\Windows\System\IyzDBGG.exe

C:\Windows\System\bJxPOjV.exe

C:\Windows\System\bJxPOjV.exe

C:\Windows\System\IchGjGl.exe

C:\Windows\System\IchGjGl.exe

C:\Windows\System\mwYuQuh.exe

C:\Windows\System\mwYuQuh.exe

C:\Windows\System\hFDHkMW.exe

C:\Windows\System\hFDHkMW.exe

C:\Windows\System\RSkVDjK.exe

C:\Windows\System\RSkVDjK.exe

C:\Windows\System\farOjjO.exe

C:\Windows\System\farOjjO.exe

C:\Windows\System\ISkTMCs.exe

C:\Windows\System\ISkTMCs.exe

C:\Windows\System\rXLdwsw.exe

C:\Windows\System\rXLdwsw.exe

C:\Windows\System\vrEWEXO.exe

C:\Windows\System\vrEWEXO.exe

C:\Windows\System\QmNvLHJ.exe

C:\Windows\System\QmNvLHJ.exe

C:\Windows\System\mtpYzku.exe

C:\Windows\System\mtpYzku.exe

C:\Windows\System\AFPBMvc.exe

C:\Windows\System\AFPBMvc.exe

C:\Windows\System\GsDQItT.exe

C:\Windows\System\GsDQItT.exe

C:\Windows\System\DTgONmj.exe

C:\Windows\System\DTgONmj.exe

C:\Windows\System\wdcbPaq.exe

C:\Windows\System\wdcbPaq.exe

C:\Windows\System\vWIREVX.exe

C:\Windows\System\vWIREVX.exe

C:\Windows\System\RfUGmrf.exe

C:\Windows\System\RfUGmrf.exe

C:\Windows\System\wYzNoKm.exe

C:\Windows\System\wYzNoKm.exe

C:\Windows\System\aSLivgN.exe

C:\Windows\System\aSLivgN.exe

C:\Windows\System\oPghPaA.exe

C:\Windows\System\oPghPaA.exe

C:\Windows\System\SzAINVZ.exe

C:\Windows\System\SzAINVZ.exe

C:\Windows\System\Kijlfeg.exe

C:\Windows\System\Kijlfeg.exe

C:\Windows\System\wTDVinn.exe

C:\Windows\System\wTDVinn.exe

C:\Windows\System\cPUuSEa.exe

C:\Windows\System\cPUuSEa.exe

C:\Windows\System\bHhkIfX.exe

C:\Windows\System\bHhkIfX.exe

C:\Windows\System\AuFkVcF.exe

C:\Windows\System\AuFkVcF.exe

C:\Windows\System\OncaVtt.exe

C:\Windows\System\OncaVtt.exe

C:\Windows\System\NwzHwFH.exe

C:\Windows\System\NwzHwFH.exe

C:\Windows\System\odDrara.exe

C:\Windows\System\odDrara.exe

C:\Windows\System\XPgumSi.exe

C:\Windows\System\XPgumSi.exe

C:\Windows\System\KewuXkV.exe

C:\Windows\System\KewuXkV.exe

C:\Windows\System\HOgMQVP.exe

C:\Windows\System\HOgMQVP.exe

C:\Windows\System\VGwVkpE.exe

C:\Windows\System\VGwVkpE.exe

C:\Windows\System\FmrNfCu.exe

C:\Windows\System\FmrNfCu.exe

C:\Windows\System\fDaTfiR.exe

C:\Windows\System\fDaTfiR.exe

C:\Windows\System\jjkzTTQ.exe

C:\Windows\System\jjkzTTQ.exe

C:\Windows\System\jJXSQDQ.exe

C:\Windows\System\jJXSQDQ.exe

C:\Windows\System\hUnzYSJ.exe

C:\Windows\System\hUnzYSJ.exe

C:\Windows\System\yqixzuA.exe

C:\Windows\System\yqixzuA.exe

C:\Windows\System\MtHQVBL.exe

C:\Windows\System\MtHQVBL.exe

C:\Windows\System\jrBzirj.exe

C:\Windows\System\jrBzirj.exe

C:\Windows\System\JSNIxhC.exe

C:\Windows\System\JSNIxhC.exe

C:\Windows\System\cSEmsHx.exe

C:\Windows\System\cSEmsHx.exe

C:\Windows\System\QjJGeNH.exe

C:\Windows\System\QjJGeNH.exe

C:\Windows\System\gXufGtb.exe

C:\Windows\System\gXufGtb.exe

C:\Windows\System\lUIdWkv.exe

C:\Windows\System\lUIdWkv.exe

C:\Windows\System\pNrUlwT.exe

C:\Windows\System\pNrUlwT.exe

C:\Windows\System\QYctrrr.exe

C:\Windows\System\QYctrrr.exe

C:\Windows\System\kbLniqZ.exe

C:\Windows\System\kbLniqZ.exe

C:\Windows\System\DydGJXz.exe

C:\Windows\System\DydGJXz.exe

C:\Windows\System\ZuERHZb.exe

C:\Windows\System\ZuERHZb.exe

C:\Windows\System\eQsdBup.exe

C:\Windows\System\eQsdBup.exe

C:\Windows\System\mrGxOnr.exe

C:\Windows\System\mrGxOnr.exe

C:\Windows\System\mxAWxzd.exe

C:\Windows\System\mxAWxzd.exe

C:\Windows\System\lEJIqJa.exe

C:\Windows\System\lEJIqJa.exe

C:\Windows\System\VLEwVYW.exe

C:\Windows\System\VLEwVYW.exe

C:\Windows\System\jRSSJOH.exe

C:\Windows\System\jRSSJOH.exe

C:\Windows\System\IMNysLq.exe

C:\Windows\System\IMNysLq.exe

C:\Windows\System\WKefnLr.exe

C:\Windows\System\WKefnLr.exe

C:\Windows\System\hywFMsk.exe

C:\Windows\System\hywFMsk.exe

C:\Windows\System\TrQXzbM.exe

C:\Windows\System\TrQXzbM.exe

C:\Windows\System\iSFfKuG.exe

C:\Windows\System\iSFfKuG.exe

C:\Windows\System\RODvtwy.exe

C:\Windows\System\RODvtwy.exe

C:\Windows\System\VumftZK.exe

C:\Windows\System\VumftZK.exe

C:\Windows\System\QKbeTNO.exe

C:\Windows\System\QKbeTNO.exe

C:\Windows\System\UGJJVmT.exe

C:\Windows\System\UGJJVmT.exe

C:\Windows\System\betTeIC.exe

C:\Windows\System\betTeIC.exe

C:\Windows\System\gSGVfmq.exe

C:\Windows\System\gSGVfmq.exe

C:\Windows\System\nhOImFW.exe

C:\Windows\System\nhOImFW.exe

C:\Windows\System\RYeOwLE.exe

C:\Windows\System\RYeOwLE.exe

C:\Windows\System\OOhQpgo.exe

C:\Windows\System\OOhQpgo.exe

C:\Windows\System\bRnsheq.exe

C:\Windows\System\bRnsheq.exe

C:\Windows\System\dTGwvyM.exe

C:\Windows\System\dTGwvyM.exe

C:\Windows\System\KtuDOFj.exe

C:\Windows\System\KtuDOFj.exe

C:\Windows\System\iOQyaSh.exe

C:\Windows\System\iOQyaSh.exe

C:\Windows\System\CkzPXUS.exe

C:\Windows\System\CkzPXUS.exe

C:\Windows\System\cURkiyQ.exe

C:\Windows\System\cURkiyQ.exe

C:\Windows\System\CWltykn.exe

C:\Windows\System\CWltykn.exe

C:\Windows\System\QUBwRwC.exe

C:\Windows\System\QUBwRwC.exe

C:\Windows\System\azmTPcD.exe

C:\Windows\System\azmTPcD.exe

C:\Windows\System\OreWOnR.exe

C:\Windows\System\OreWOnR.exe

C:\Windows\System\CYYCqbp.exe

C:\Windows\System\CYYCqbp.exe

C:\Windows\System\WfQmBzy.exe

C:\Windows\System\WfQmBzy.exe

C:\Windows\System\VAbDWbJ.exe

C:\Windows\System\VAbDWbJ.exe

C:\Windows\System\OTdlfri.exe

C:\Windows\System\OTdlfri.exe

C:\Windows\System\jUGlDcL.exe

C:\Windows\System\jUGlDcL.exe

C:\Windows\System\LzspEXn.exe

C:\Windows\System\LzspEXn.exe

C:\Windows\System\KqHhFqc.exe

C:\Windows\System\KqHhFqc.exe

C:\Windows\System\MYEvPlu.exe

C:\Windows\System\MYEvPlu.exe

C:\Windows\System\JQcoxkp.exe

C:\Windows\System\JQcoxkp.exe

C:\Windows\System\ceKJDcw.exe

C:\Windows\System\ceKJDcw.exe

C:\Windows\System\liOVcUc.exe

C:\Windows\System\liOVcUc.exe

C:\Windows\System\WcNyoFn.exe

C:\Windows\System\WcNyoFn.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1684-0-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\cYEKgvR.exe

MD5 44b8ba018c22a8213e0d7c67efca778b
SHA1 1c08a5418fa7641aeada0ab3d7366d782883c388
SHA256 63a40891da77331353d70a7ae5d90a8e3b9507af3211b272bd4b10411e859779
SHA512 f9577ddeee7504690726b8a75e178a80d1381295610962d5bdb8e9104a47de872175b1fe0f5298712d1dd7df0eeec4fcd15f507bdbc309cd58ce42993a399ecd

\Windows\system\jaWvpIY.exe

MD5 26addbe1e100d469702230e1b826b58a
SHA1 02a7f9a02915694065444f486aacbc8981f06915
SHA256 d63cc2486fc9475cb4dd584fbda097ed60f7c12405e6b7bc650bdf4bdc201fb1
SHA512 ff6034819f52dc021b3582677d1eabbbf33e5f862d9ff5e28248279aaf63ce39f710835bfd37ca3c1e41b4f5a633219e85c9ade863ef9d554f6d750f381a93aa

memory/2744-15-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2332-13-0x000000013F450000-0x000000013F7A4000-memory.dmp

C:\Windows\system\hJhaPrt.exe

MD5 1decbf2f71a4b8f190b486642b06607d
SHA1 a22ffa99a67526eb904a7f399306a7dbb8e1f314
SHA256 78e0286252f913af0ec692c6c714d7cc4cbc40229b10c0c9a5ef68ee4da7f102
SHA512 dee4335e50f6f372ea3ac64facb271e73346b0503633ec040c49004c1c9b12a9c0aa9ea4e569eb27b050dc8d69d403cd583c728c6f46bf4ce97959c6ec80d9e4

\Windows\system\VdeXRcG.exe

MD5 3a400d9c85c4062cf0835db3d9a4e8b9
SHA1 a347eda72925b0e6cb79419358c0e88b5a34421f
SHA256 e80fbef6ba7554a703dc2e5380ba5f65710088e8281f66c15ce4a75ba925073c
SHA512 f61d9ad49bd6f92084bcaa00c391c09926330566f39ce359f62b1888180b629ebce4533e7246f0f4212244a32c7e3dd867953f407946d8e0c400ec1c4d21c102

memory/1684-39-0x000000013F570000-0x000000013F8C4000-memory.dmp

\Windows\system\IiyJtTB.exe

MD5 3f3898232ce1b12b2b90539ef2491437
SHA1 707434ad63bcbcfe20e15942548749b358d2f725
SHA256 cdf5c8cce11f62499e72b8d5db0836d27893ef6f8963ac7331200417588fce36
SHA512 c417dc7ff269f5cacf45361bcfd9a7cfe22084dee2e17367dbdc3a93ba4a6f3992f5e325185b8d9ff2a7549ad5fff5c4533709fb2a38138c4925ac8dd4715db1

memory/1684-51-0x000000013F3C0000-0x000000013F714000-memory.dmp

C:\Windows\system\LFwPsen.exe

MD5 7d5345909b7c4c1b6d608d0dd7e75fc5
SHA1 9e768b697a05a633e7ffee09bac92d621ae9df93
SHA256 f41ce9846e69154b17e306217309c6b1d78de095a41a199a4f49cd998ac7958e
SHA512 b2b241a790677629cc051e59c0bd33f932346e804bf7bdf876bdde82982c206a2a31ddf6a9ffc65cb6571e770b90165c82b79f172e15788fb6034d00854a7b64

memory/2712-63-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2820-62-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2716-60-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/1684-58-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/1684-57-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2668-56-0x000000013FB20000-0x000000013FE74000-memory.dmp

C:\Windows\system\UTEuUTw.exe

MD5 c8e0ee1654d34f5415b9e596356c7eda
SHA1 75a6dac44e340ebe59b7131a870d46fc9b91f0b3
SHA256 e95f02e377509ea1abeb2dd3b284b453384b9193ab5d3d91d0dc227961d3dea3
SHA512 710cd850ada9b73f161f84654a659a60c2f965b8b4faa0fab69597dea1628ca7c8c4cade061be000264ec533e14ab0826b66df65ee8372602081c1ac68bb42a8

memory/2660-52-0x000000013F460000-0x000000013F7B4000-memory.dmp

C:\Windows\system\JQXUyDy.exe

MD5 d151dccfa72f3aea6758d770203b6e97
SHA1 29802d9d5d0a4276cb7fd86bee4db8bd535915b6
SHA256 be332be295628f66e5d44508a552ed1ea0524fd01271e7f311db0995deceb71d
SHA512 5b7d4fe851034d7d88ad4a270c5ed3796fe447d35f27310cf504e3752782e542bd421d161c84bf4bfa25032e5f8a01334ebbad4877a1fb16f98123cad2ecce7b

memory/2404-70-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/1684-69-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/1684-49-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/1684-44-0x0000000002050000-0x00000000023A4000-memory.dmp

C:\Windows\system\ztrNtuu.exe

MD5 bfae5947e59abdd4e032163eff011d31
SHA1 ead33276cb62bc0eda9d74ae13464121de850cf4
SHA256 95879fc0e1b8d8e9f1e382fd223f37003e0a87c99333535d34cd80f8a6e69410
SHA512 4feebc50039b69b9febc54588f3124852078741c0ea3af545432776e73df07d2ef5856f9f6d2845cf31f87b79476482a2926620df61b31d0252a7b415e8c1a83

memory/2540-28-0x000000013F7B0000-0x000000013FB04000-memory.dmp

C:\Windows\system\jzcfUJm.exe

MD5 e68c8896ca417712dc812798e26e8397
SHA1 9d49979871c3f196caa3a39339aee50024a78102
SHA256 cb3a7f306750253480b1d350dc9da802de1523bc7d80fa29aae82a1d15e9eeed
SHA512 80434414e96b0eb693628e254af79ea84f7ea609c61fdcd43db16b91f5a337aa5d39f221e7d61e20cbe0b2c7862907d6e0b2157122a68f1a5391f4daee9819d2

memory/3048-32-0x000000013F570000-0x000000013F8C4000-memory.dmp

\Windows\system\MFnSHYH.exe

MD5 ee21b0f65c3bc99ac21dd542b4c8e8ef
SHA1 c33cdb1bb4ac62d33f6e96e428cd4348e5a87614
SHA256 3864302f578c7b04c4cdaf60955a8f5d7548f8d8044dbf5da0ab15f7ca76618b
SHA512 1883aafbd62b922f67b6dc4f7db25348cc97968152a45d26b07f3ef063f6cb13eedbeee2065b341c19900895654f6df267684a9ce25d12f9beecb46b880ae567

memory/1684-81-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2476-83-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2452-84-0x000000013F200000-0x000000013F554000-memory.dmp

C:\Windows\system\TllQTFT.exe

MD5 ae57d391e79b9cafbe912856e28a3028
SHA1 662a9ce269d046062a5bf9719acbdb84c276e5f0
SHA256 fea8d0af0fccb8a5432bd5220c08bec1e2e861d78d7b103c885262d37df46b7f
SHA512 a1df52e817432a301119bbbba39502626d0d482918e1a54e41e67d8d302bd6a64fcda2bee578d6122bc4ccf997f0124e45f8d2c93e3a95636bfb305412bd3d43

C:\Windows\system\Ldpzhov.exe

MD5 1263191c6dfcefff836d812ff5384c1b
SHA1 4f5522cf2d3dd0cd037fe40b09cd25da01e22936
SHA256 e01328cb65ba7653511e09c8113ca2e4dc439e4590de0354669b8038a07eeae6
SHA512 d4bde8058e926b23895ffd8f1de75790a2ccc16ce19d2e12702cafe66b9371cb2cf769a6fe271a1a3da8967beb0815e5d82367f03544146f9beb50f7760a9039

memory/1684-94-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2932-99-0x000000013F020000-0x000000013F374000-memory.dmp

memory/3048-93-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/824-90-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/1684-89-0x000000013F570000-0x000000013F8C4000-memory.dmp

C:\Windows\system\tboKjwM.exe

MD5 c59625348023a88bb5a0025af3f27e12
SHA1 dfc3c266f0bf5d9915ee925fba66d02caeb472d6
SHA256 2c62bf1b33db0a0c27bea3639d5f1b1acd8946968ea37bca2773ab9604b965d1
SHA512 5d73849c00824a6e60cdfa92259ea52f2d9b4da871f68affe64c571e71362b7da94cfec6b25cbf85fc7900d3ccdd043369d4c1da690f8fdba799f741f62a370d

memory/1684-74-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1684-11-0x000000013F450000-0x000000013F7A4000-memory.dmp

\Windows\system\jDraTRq.exe

MD5 fa3683cd8e0b0204c60877dbd8f4ae8f
SHA1 bf121dc23bee8b0c7ae2a5f38b51080d28ad98a1
SHA256 2e6f9b44ca19646bb537ac2324dc722f2d61a9e83eebf97fd7086c43e9af73ad
SHA512 0bd8b0cdeb7f5f8fcae287ce426d62a0012e01a86a53f15e7c87639f8a38a1882569a762522138ae9beff44a0d3059d41248ec49cbede5a4ba62ae14e490ca7d

\Windows\system\OgYHCNc.exe

MD5 5ba54a9392c138c205389896d347f0bf
SHA1 1de82af9d71f863edde99f6ff478ade723913f0b
SHA256 fb229a62a7ce2867af4b74554f424923b8c6b6008fb40cf2c74acddf2b0a1ab9
SHA512 2f0fa37d3d6a6b47bee1bab3c33e8b2b9b9c3e42cb446e603a0fe56fe39e58f6e6d65d31d56bfa5fafd015758825b3e65d5de2fabdf00433066190077122100f

C:\Windows\system\sFgPuZQ.exe

MD5 c02f8f12d263d29e96db637039985c14
SHA1 24349ac3b0223f895e4aa40c9221e03f76dfae2e
SHA256 7e4a601c9e867aba74aa0bd66577b9e5ffe48939b7a8bcaf4d5ee7bec0f40292
SHA512 13d27816329f29ee060cde1b20cd52f76f7d20a1b075dfc5f1a9f26baf491193b7fe2b81985cd96be24c2d7caa6ea2cbc29a9a55fb1fba1002f00dcf3b473130

C:\Windows\system\azpycvN.exe

MD5 e27748905b29a91821cabc1ffa51f603
SHA1 6b32ac412ac8be58bf8468e1e79d7bfe74f8c21a
SHA256 ac2369dc6d4a7ceba4414017907129bf8fe63cc1f2c5ded84a2fb6a9a117193c
SHA512 eefe962648308d716dfc411f5f563319099da0a5143d97bb7195f275c5d585fb0f9e9df8f18f3e1f2f51a44cf9e9141ad58540a432eb93daf0081a817740bf36

memory/1684-1068-0x0000000002050000-0x00000000023A4000-memory.dmp

C:\Windows\system\bzTPpId.exe

MD5 830dea1aad2c176c8c70e30df7a0ff61
SHA1 5e0244fb175ef34d0b01f06f2b01966d0a1e9832
SHA256 b047b5e5e5df9cf19bfd74f12de2a00d35e5be90dd5b334a48daa8fb500341fc
SHA512 db011fa7107fbf83bae6e2dcc833a67e9b4bf889f47a6646bafa64b9f3826c40127368515aebac6807ec1a4a7f0200afa9c27498ae9f18d4dfbb19f0e948269e

\Windows\system\bzTPpId.exe

MD5 fb778e5ee088c0dc02bba2d19d313516
SHA1 8f59b61624148c2cdacfaf4b191dd39fab5f1be8
SHA256 354c9f9998184ca8cf0827d0fbe12994bafd494f58ea2e141d1ed813e932929b
SHA512 823590498286d682d22eef3a0ceac9859517808b71c4a6fb594c7978e2149f869e063ff6bebb930bd4275b3d4cf2aaaf0fb6dc19ccdbf95efa28162b8dea354d

C:\Windows\system\diauYzd.exe

MD5 4acc7ea4affcfcdef883e0411c187040
SHA1 0801b124f5f158ce9c858f56fa981c9a6b10d5b8
SHA256 c95f2923bcd01cc896ce5f0c56bdbabb51a5b2a9029960ac7c034fd55d315250
SHA512 8fbc329e2153e8ab1840d44b6b0c7b85d551d0b15738da3f1df95125b53e65eefd317d976da0655a0d493e6cbbf5c736a9ee43538901f3938bc26ad2e15f7843

C:\Windows\system\DXGqTAH.exe

MD5 a67938028a760df313a9f9359241f16d
SHA1 053b49a205ff2a129f7790534168d733bcf55f8c
SHA256 1fd00a236cee2d510ada2f8c1d081b8591af036402db96f9c09da056aea8b4d5
SHA512 c438bc4f72cd703e41b708cef075e87f496a6c2f725017521631ca52dfb0648ccd13f388440f0a60ca6ef2c29eb96a932e391a8c4a01e44a478a263a53b84e42

C:\Windows\system\LqpwdCn.exe

MD5 161f4bc66449503da34fbf075da9b711
SHA1 1a4f09363344d9764a3dd0cf324893b48099862f
SHA256 c032657fb448ec822bd94b1acde1b5146f2d3edb96f84d6253de998a567c7dad
SHA512 158369253522e19f373fca6e7726764c65530ba661ae5ed8a49a9255c3c28712f653abac6d9c4248d80a1352f9923c5fe3d09b47b93a2210c8016de84eaf2848

C:\Windows\system\ORfNRSK.exe

MD5 dd18c228d5c8abb496bb71f8706f1ae3
SHA1 1af28c10ea0273a5e46a91ac678425d3e0a611ac
SHA256 50eb88f77522efc5b50282752e2310e4ffa072fab87c3a33c8a538a386116215
SHA512 c42bfcafdec22e20046fd15bec42779eef88e0728debbb6c000425e55095df06a4047a2cf1070e65983d66f1d8fed212bb94c118741aa1e260260b57036eb3a6

C:\Windows\system\SbmShMv.exe

MD5 b5466b4bc243e6a8b03045bb86aa3f65
SHA1 17b563eae9387b94e1565adb3c8f4ce01c335b00
SHA256 cbfc45673b19eb18e9924b55484f3f35dfb5fdba24a3b1175b69f9fa3258039a
SHA512 d4c82c154a76fbf790810f1d65bd166dec411da7211b61b751fe7afbdf88746355bb89d040f0b1b8da4d94ad6b39d835393e97e78df22e2ded385e26067d83b0

C:\Windows\system\YChWLhs.exe

MD5 03c1a49ff15a3f8f144fba7160b9d4a4
SHA1 d92a90d446a40e96f866b5643606892fde79e203
SHA256 cbc2ed41fd67439bbfba997b0441c927969406c8f6adae7f5982187d06f85d93
SHA512 0aa2f371e941dc04bad9b4b4d2e9a5ca67057db1c003c6023d7f1a639a02ca70e6e976ab4b2c287b7afe7293d477bd9af3f450f6491197221917faae9450b96f

\Windows\system\YChWLhs.exe

MD5 f433193c11ce64dd1e2517991ec9f29e
SHA1 90df4ad6b9554cfc4930b90a45a738194a3db176
SHA256 f94467274ab855ba3835a7d10b49f5f7294208a0d29ff6c345c0fcf704b3760b
SHA512 b87f740ee2ac66060e7efdc6112815058b67b35f1de212a3a4d997632bbd7e09b1748996f2e8cf2f857b13b70653ffff44c9aeebc43f2fffbecf6ce6d1e6afae

C:\Windows\system\vouZsrb.exe

MD5 c8009bb3e4b2cac677360c42a11652df
SHA1 d3dc1b09d69fd60390ff11899100222cee5d5c8d
SHA256 0b65f39f0dc855fafe6c137c4fb3be3c3b061bc09485b0296c36572e6c34ce6c
SHA512 b3a03f4a6996083d9ec9a46598676b8aa4b602302113eaf5f8ff11a9de3d7faf362cf77ddde62d045fc3d836764cdb0f65731408a3b4d9dcd7b77673280a6a25

C:\Windows\system\GLLCFRh.exe

MD5 c4b272f893be1189697dd6634e98f877
SHA1 c569ddbb8c9fc68494ee7bc06f89483a0b5eae75
SHA256 f0002fea76a3bd0e7f09be944c66cdc68c6a8429551821f674abf898b15c4ce1
SHA512 72ee850c6686922d7c6c5b3d21dee93ea0d034b6b40ccd49e11e54781e0f7ef52dfc576166c3013495bfae91110dc7a15c0a91936ac80f7478f00c28a1aa796b

C:\Windows\system\SDlIgbY.exe

MD5 82b5399be077402d01417d76c6f07f30
SHA1 8e3b8bca00eeb7f63f8ea138401f41587f0822a3
SHA256 a694ee9a42276022fa58e408319375438d6056cb09e63ec8885447934dd71f0c
SHA512 801b42aa561f0d1c6ed585e8639028518dc0aebf70feb856e7246c9d9335665ebf4f7a77868cfc2c4d438273be7fb9866f3bea73efa6032dad369aa03dbe0fe4

C:\Windows\system\VYNFPRo.exe

MD5 05a462b96270cacad39c9c3f54c90b00
SHA1 4962c6825fd5dc76ab06faff32612011764e2d72
SHA256 ea0e303c0999edcf1993c2a5025f513d76662fb6f8c10cc251d1b3abdc64b15d
SHA512 852a6e5cb5fd24622dfbcea529ff51983d3fbe10ac76c7e04191f41ec18a48ae04badbd6c63caa8edc5246e950081640f26702158d4dad4183fc5d3fd1ece8e7

C:\Windows\system\CqviUNd.exe

MD5 0081eb336016faf50c49da0e393ca0c4
SHA1 fe0897ba98b7aad83da2094f4428821b417556ce
SHA256 b44522ff7f2d89ac1027585f6b208328a77750be1f6ff4f3fdd7493c59e328ab
SHA512 febba89b824be8d3ca4456c18226b8a44dd4e7edef3164fce84cf7ae2002a786cc026bcf06eba34efc0e823ad99b1dea3488cd4944d015171787005d7da51233

C:\Windows\system\UoJvNhx.exe

MD5 6af49fd359b44a109084fd10d7ad0ea6
SHA1 f31c0a3167b1e0feb364e032cade98bb721f788b
SHA256 743171ec1d5635e31a6f5ca180709a698f4a5a28f399465d654df3f9f15a8bd7
SHA512 6a476f2ab08c6f1517f5a644579e02a6d220b027940257aca9257724d44d085c5685935003ee3ab6c508b428500fce6507fd5142534320f0a7c6b87a152c6f55

memory/1684-105-0x000000013F8B0000-0x000000013FC04000-memory.dmp

C:\Windows\system\JKeEsKp.exe

MD5 497ab984bdbb55ea8408cc3360fe0185
SHA1 8888f663fb2d57f2c950a40d2ad38fad26514706
SHA256 10081e2e04f35e36717523c2f5dde83e4583349bda246589d798d8702a73af62
SHA512 6b1cad656592f899b9826ddd46964fcefd6a5b0399967a5ca4ba47715b564b034cb3d7b949253dcbb95cfe9a152f42eee0899b1499acf850717e8842065ab1b6

memory/824-1070-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/1684-1069-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/1684-1071-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1684-1072-0x000000013F8B0000-0x000000013FC04000-memory.dmp

memory/2332-1073-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2744-1074-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2540-1075-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/3048-1076-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2660-1077-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2716-1079-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2668-1078-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2820-1080-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2712-1081-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2404-1082-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2476-1083-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2452-1084-0x000000013F200000-0x000000013F554000-memory.dmp

memory/824-1085-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2932-1086-0x000000013F020000-0x000000013F374000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:26

Reported

2024-06-01 05:29

Platform

win10v2004-20240426-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ZokXOUZ.exe N/A
N/A N/A C:\Windows\System\Wjdvmhj.exe N/A
N/A N/A C:\Windows\System\yRGvyhq.exe N/A
N/A N/A C:\Windows\System\vdAFwAV.exe N/A
N/A N/A C:\Windows\System\SYfkyjj.exe N/A
N/A N/A C:\Windows\System\wcMZfMi.exe N/A
N/A N/A C:\Windows\System\KqHKcln.exe N/A
N/A N/A C:\Windows\System\sxLTvUR.exe N/A
N/A N/A C:\Windows\System\GyzuNBz.exe N/A
N/A N/A C:\Windows\System\pqNMpzV.exe N/A
N/A N/A C:\Windows\System\qtHBUdM.exe N/A
N/A N/A C:\Windows\System\TLpZffl.exe N/A
N/A N/A C:\Windows\System\mSQyOqS.exe N/A
N/A N/A C:\Windows\System\jYjUSJg.exe N/A
N/A N/A C:\Windows\System\KdtGxwF.exe N/A
N/A N/A C:\Windows\System\aYDWMiv.exe N/A
N/A N/A C:\Windows\System\xgSQYsx.exe N/A
N/A N/A C:\Windows\System\XsevFQr.exe N/A
N/A N/A C:\Windows\System\RQvWWuE.exe N/A
N/A N/A C:\Windows\System\GnfbSUk.exe N/A
N/A N/A C:\Windows\System\HKdlZQz.exe N/A
N/A N/A C:\Windows\System\QZwcvZx.exe N/A
N/A N/A C:\Windows\System\qMVFpgh.exe N/A
N/A N/A C:\Windows\System\PvVzAMv.exe N/A
N/A N/A C:\Windows\System\PsWkdrE.exe N/A
N/A N/A C:\Windows\System\vNodIWL.exe N/A
N/A N/A C:\Windows\System\TAKnxMb.exe N/A
N/A N/A C:\Windows\System\AbfBWLB.exe N/A
N/A N/A C:\Windows\System\xuAFncu.exe N/A
N/A N/A C:\Windows\System\CZaJviJ.exe N/A
N/A N/A C:\Windows\System\CqBMnxd.exe N/A
N/A N/A C:\Windows\System\qpXinQt.exe N/A
N/A N/A C:\Windows\System\jwUEAiC.exe N/A
N/A N/A C:\Windows\System\NnpAZmA.exe N/A
N/A N/A C:\Windows\System\NBolJQN.exe N/A
N/A N/A C:\Windows\System\ZNgOtGq.exe N/A
N/A N/A C:\Windows\System\wWhBLrw.exe N/A
N/A N/A C:\Windows\System\eNObGkw.exe N/A
N/A N/A C:\Windows\System\JDuhDGb.exe N/A
N/A N/A C:\Windows\System\aOFXokh.exe N/A
N/A N/A C:\Windows\System\tfTWxDV.exe N/A
N/A N/A C:\Windows\System\llryHXE.exe N/A
N/A N/A C:\Windows\System\ezvhbGY.exe N/A
N/A N/A C:\Windows\System\uSzyKpI.exe N/A
N/A N/A C:\Windows\System\AlfJDfX.exe N/A
N/A N/A C:\Windows\System\AHXiquz.exe N/A
N/A N/A C:\Windows\System\PUgdyay.exe N/A
N/A N/A C:\Windows\System\znxLabJ.exe N/A
N/A N/A C:\Windows\System\uWygrBp.exe N/A
N/A N/A C:\Windows\System\KEhWxJm.exe N/A
N/A N/A C:\Windows\System\qwRpvSC.exe N/A
N/A N/A C:\Windows\System\cXzkczA.exe N/A
N/A N/A C:\Windows\System\wYVkyho.exe N/A
N/A N/A C:\Windows\System\fBSrWup.exe N/A
N/A N/A C:\Windows\System\WhvnbVZ.exe N/A
N/A N/A C:\Windows\System\ownKqaK.exe N/A
N/A N/A C:\Windows\System\JAWcPSv.exe N/A
N/A N/A C:\Windows\System\WeSdwSX.exe N/A
N/A N/A C:\Windows\System\dYrBgCa.exe N/A
N/A N/A C:\Windows\System\hfLrBVt.exe N/A
N/A N/A C:\Windows\System\MhlFUba.exe N/A
N/A N/A C:\Windows\System\EugfnBX.exe N/A
N/A N/A C:\Windows\System\xQeFUys.exe N/A
N/A N/A C:\Windows\System\flbiBjY.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DjLJYON.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyzuNBz.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jGQGBCw.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugDLLXC.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsVtYiH.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEMVmni.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOFXokh.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBCeJma.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dIKztMZ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfIzFaW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiTntmJ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EugfnBX.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHEWnHd.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTSkhYV.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPgsfLI.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuNvLZq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lajrttB.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmUvcIL.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpwQgDq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQkMBCF.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIHdZGu.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQJibBK.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvVEEDE.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMVFpgh.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uSzyKpI.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsxTwqo.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuwUWuI.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjDHvBl.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUptjwN.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EAVMDvm.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBZgmhn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUZvRnW.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdOVAFN.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRgdjSg.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DeknFHq.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSDjEUG.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEhWxJm.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkwOJiB.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmqtEOF.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvqhwCj.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\silUCub.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbfBWLB.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfLrBVt.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uiZSCnj.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkLVzTe.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SysuZqe.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEfBfoV.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucjfZhi.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BAUZCzL.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZlXfWn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwMnYmi.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yyMrmLS.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqNMpzV.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QZwcvZx.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqBMnxd.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xQeFUys.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HReVFjn.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXgnoID.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtLybSI.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJtvFFH.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzjhHjK.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcnURhj.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uKUsVns.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvabBJJ.exe C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3184 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\ZokXOUZ.exe
PID 3184 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\ZokXOUZ.exe
PID 3184 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\Wjdvmhj.exe
PID 3184 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\Wjdvmhj.exe
PID 3184 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\yRGvyhq.exe
PID 3184 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\yRGvyhq.exe
PID 3184 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\vdAFwAV.exe
PID 3184 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\vdAFwAV.exe
PID 3184 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\SYfkyjj.exe
PID 3184 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\SYfkyjj.exe
PID 3184 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\wcMZfMi.exe
PID 3184 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\wcMZfMi.exe
PID 3184 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\KqHKcln.exe
PID 3184 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\KqHKcln.exe
PID 3184 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\sxLTvUR.exe
PID 3184 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\sxLTvUR.exe
PID 3184 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\GyzuNBz.exe
PID 3184 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\GyzuNBz.exe
PID 3184 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\pqNMpzV.exe
PID 3184 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\pqNMpzV.exe
PID 3184 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qtHBUdM.exe
PID 3184 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qtHBUdM.exe
PID 3184 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TLpZffl.exe
PID 3184 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TLpZffl.exe
PID 3184 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\mSQyOqS.exe
PID 3184 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\mSQyOqS.exe
PID 3184 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jYjUSJg.exe
PID 3184 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\jYjUSJg.exe
PID 3184 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\KdtGxwF.exe
PID 3184 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\KdtGxwF.exe
PID 3184 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\aYDWMiv.exe
PID 3184 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\aYDWMiv.exe
PID 3184 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\xgSQYsx.exe
PID 3184 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\xgSQYsx.exe
PID 3184 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\XsevFQr.exe
PID 3184 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\XsevFQr.exe
PID 3184 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\RQvWWuE.exe
PID 3184 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\RQvWWuE.exe
PID 3184 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\GnfbSUk.exe
PID 3184 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\GnfbSUk.exe
PID 3184 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\HKdlZQz.exe
PID 3184 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\HKdlZQz.exe
PID 3184 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\QZwcvZx.exe
PID 3184 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\QZwcvZx.exe
PID 3184 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qMVFpgh.exe
PID 3184 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qMVFpgh.exe
PID 3184 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\PvVzAMv.exe
PID 3184 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\PvVzAMv.exe
PID 3184 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\PsWkdrE.exe
PID 3184 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\PsWkdrE.exe
PID 3184 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\vNodIWL.exe
PID 3184 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\vNodIWL.exe
PID 3184 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TAKnxMb.exe
PID 3184 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\TAKnxMb.exe
PID 3184 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\AbfBWLB.exe
PID 3184 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\AbfBWLB.exe
PID 3184 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\xuAFncu.exe
PID 3184 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\xuAFncu.exe
PID 3184 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CZaJviJ.exe
PID 3184 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CZaJviJ.exe
PID 3184 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CqBMnxd.exe
PID 3184 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\CqBMnxd.exe
PID 3184 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qpXinQt.exe
PID 3184 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe C:\Windows\System\qpXinQt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8f2b60f59278c638ff6ce0ea355de1c0_NeikiAnalytics.exe"

C:\Windows\System\ZokXOUZ.exe

C:\Windows\System\ZokXOUZ.exe

C:\Windows\System\Wjdvmhj.exe

C:\Windows\System\Wjdvmhj.exe

C:\Windows\System\yRGvyhq.exe

C:\Windows\System\yRGvyhq.exe

C:\Windows\System\vdAFwAV.exe

C:\Windows\System\vdAFwAV.exe

C:\Windows\System\SYfkyjj.exe

C:\Windows\System\SYfkyjj.exe

C:\Windows\System\wcMZfMi.exe

C:\Windows\System\wcMZfMi.exe

C:\Windows\System\KqHKcln.exe

C:\Windows\System\KqHKcln.exe

C:\Windows\System\sxLTvUR.exe

C:\Windows\System\sxLTvUR.exe

C:\Windows\System\GyzuNBz.exe

C:\Windows\System\GyzuNBz.exe

C:\Windows\System\pqNMpzV.exe

C:\Windows\System\pqNMpzV.exe

C:\Windows\System\qtHBUdM.exe

C:\Windows\System\qtHBUdM.exe

C:\Windows\System\TLpZffl.exe

C:\Windows\System\TLpZffl.exe

C:\Windows\System\mSQyOqS.exe

C:\Windows\System\mSQyOqS.exe

C:\Windows\System\jYjUSJg.exe

C:\Windows\System\jYjUSJg.exe

C:\Windows\System\KdtGxwF.exe

C:\Windows\System\KdtGxwF.exe

C:\Windows\System\aYDWMiv.exe

C:\Windows\System\aYDWMiv.exe

C:\Windows\System\xgSQYsx.exe

C:\Windows\System\xgSQYsx.exe

C:\Windows\System\XsevFQr.exe

C:\Windows\System\XsevFQr.exe

C:\Windows\System\RQvWWuE.exe

C:\Windows\System\RQvWWuE.exe

C:\Windows\System\GnfbSUk.exe

C:\Windows\System\GnfbSUk.exe

C:\Windows\System\HKdlZQz.exe

C:\Windows\System\HKdlZQz.exe

C:\Windows\System\QZwcvZx.exe

C:\Windows\System\QZwcvZx.exe

C:\Windows\System\qMVFpgh.exe

C:\Windows\System\qMVFpgh.exe

C:\Windows\System\PvVzAMv.exe

C:\Windows\System\PvVzAMv.exe

C:\Windows\System\PsWkdrE.exe

C:\Windows\System\PsWkdrE.exe

C:\Windows\System\vNodIWL.exe

C:\Windows\System\vNodIWL.exe

C:\Windows\System\TAKnxMb.exe

C:\Windows\System\TAKnxMb.exe

C:\Windows\System\AbfBWLB.exe

C:\Windows\System\AbfBWLB.exe

C:\Windows\System\xuAFncu.exe

C:\Windows\System\xuAFncu.exe

C:\Windows\System\CZaJviJ.exe

C:\Windows\System\CZaJviJ.exe

C:\Windows\System\CqBMnxd.exe

C:\Windows\System\CqBMnxd.exe

C:\Windows\System\qpXinQt.exe

C:\Windows\System\qpXinQt.exe

C:\Windows\System\jwUEAiC.exe

C:\Windows\System\jwUEAiC.exe

C:\Windows\System\NnpAZmA.exe

C:\Windows\System\NnpAZmA.exe

C:\Windows\System\NBolJQN.exe

C:\Windows\System\NBolJQN.exe

C:\Windows\System\ZNgOtGq.exe

C:\Windows\System\ZNgOtGq.exe

C:\Windows\System\wWhBLrw.exe

C:\Windows\System\wWhBLrw.exe

C:\Windows\System\AlfJDfX.exe

C:\Windows\System\AlfJDfX.exe

C:\Windows\System\eNObGkw.exe

C:\Windows\System\eNObGkw.exe

C:\Windows\System\JDuhDGb.exe

C:\Windows\System\JDuhDGb.exe

C:\Windows\System\aOFXokh.exe

C:\Windows\System\aOFXokh.exe

C:\Windows\System\tfTWxDV.exe

C:\Windows\System\tfTWxDV.exe

C:\Windows\System\llryHXE.exe

C:\Windows\System\llryHXE.exe

C:\Windows\System\ezvhbGY.exe

C:\Windows\System\ezvhbGY.exe

C:\Windows\System\uSzyKpI.exe

C:\Windows\System\uSzyKpI.exe

C:\Windows\System\AHXiquz.exe

C:\Windows\System\AHXiquz.exe

C:\Windows\System\PUgdyay.exe

C:\Windows\System\PUgdyay.exe

C:\Windows\System\znxLabJ.exe

C:\Windows\System\znxLabJ.exe

C:\Windows\System\uWygrBp.exe

C:\Windows\System\uWygrBp.exe

C:\Windows\System\KEhWxJm.exe

C:\Windows\System\KEhWxJm.exe

C:\Windows\System\qwRpvSC.exe

C:\Windows\System\qwRpvSC.exe

C:\Windows\System\cXzkczA.exe

C:\Windows\System\cXzkczA.exe

C:\Windows\System\wYVkyho.exe

C:\Windows\System\wYVkyho.exe

C:\Windows\System\fBSrWup.exe

C:\Windows\System\fBSrWup.exe

C:\Windows\System\WhvnbVZ.exe

C:\Windows\System\WhvnbVZ.exe

C:\Windows\System\ownKqaK.exe

C:\Windows\System\ownKqaK.exe

C:\Windows\System\JAWcPSv.exe

C:\Windows\System\JAWcPSv.exe

C:\Windows\System\WeSdwSX.exe

C:\Windows\System\WeSdwSX.exe

C:\Windows\System\dYrBgCa.exe

C:\Windows\System\dYrBgCa.exe

C:\Windows\System\hfLrBVt.exe

C:\Windows\System\hfLrBVt.exe

C:\Windows\System\MhlFUba.exe

C:\Windows\System\MhlFUba.exe

C:\Windows\System\EugfnBX.exe

C:\Windows\System\EugfnBX.exe

C:\Windows\System\xQeFUys.exe

C:\Windows\System\xQeFUys.exe

C:\Windows\System\flbiBjY.exe

C:\Windows\System\flbiBjY.exe

C:\Windows\System\wakEswh.exe

C:\Windows\System\wakEswh.exe

C:\Windows\System\NzjhHjK.exe

C:\Windows\System\NzjhHjK.exe

C:\Windows\System\PUptjwN.exe

C:\Windows\System\PUptjwN.exe

C:\Windows\System\rsPaOQp.exe

C:\Windows\System\rsPaOQp.exe

C:\Windows\System\xqwPSqr.exe

C:\Windows\System\xqwPSqr.exe

C:\Windows\System\DxAvMZj.exe

C:\Windows\System\DxAvMZj.exe

C:\Windows\System\kjnFoFO.exe

C:\Windows\System\kjnFoFO.exe

C:\Windows\System\BymHZqT.exe

C:\Windows\System\BymHZqT.exe

C:\Windows\System\vnznqwz.exe

C:\Windows\System\vnznqwz.exe

C:\Windows\System\TZXEGlX.exe

C:\Windows\System\TZXEGlX.exe

C:\Windows\System\xRcwZYu.exe

C:\Windows\System\xRcwZYu.exe

C:\Windows\System\kazNQLQ.exe

C:\Windows\System\kazNQLQ.exe

C:\Windows\System\jcnURhj.exe

C:\Windows\System\jcnURhj.exe

C:\Windows\System\SnGqpYQ.exe

C:\Windows\System\SnGqpYQ.exe

C:\Windows\System\gwvEiRK.exe

C:\Windows\System\gwvEiRK.exe

C:\Windows\System\jeycYCs.exe

C:\Windows\System\jeycYCs.exe

C:\Windows\System\EWLktEg.exe

C:\Windows\System\EWLktEg.exe

C:\Windows\System\cBHtnAA.exe

C:\Windows\System\cBHtnAA.exe

C:\Windows\System\raHuiMz.exe

C:\Windows\System\raHuiMz.exe

C:\Windows\System\kkwOJiB.exe

C:\Windows\System\kkwOJiB.exe

C:\Windows\System\brwTVHz.exe

C:\Windows\System\brwTVHz.exe

C:\Windows\System\jGQGBCw.exe

C:\Windows\System\jGQGBCw.exe

C:\Windows\System\pfKEQGE.exe

C:\Windows\System\pfKEQGE.exe

C:\Windows\System\ugDLLXC.exe

C:\Windows\System\ugDLLXC.exe

C:\Windows\System\oOAaSTj.exe

C:\Windows\System\oOAaSTj.exe

C:\Windows\System\dupjHdr.exe

C:\Windows\System\dupjHdr.exe

C:\Windows\System\WtbvoCb.exe

C:\Windows\System\WtbvoCb.exe

C:\Windows\System\ufiIOkQ.exe

C:\Windows\System\ufiIOkQ.exe

C:\Windows\System\TpCizfw.exe

C:\Windows\System\TpCizfw.exe

C:\Windows\System\PFGvlms.exe

C:\Windows\System\PFGvlms.exe

C:\Windows\System\cgzUGqt.exe

C:\Windows\System\cgzUGqt.exe

C:\Windows\System\gzgXTpb.exe

C:\Windows\System\gzgXTpb.exe

C:\Windows\System\ngzlpVW.exe

C:\Windows\System\ngzlpVW.exe

C:\Windows\System\TafEaFM.exe

C:\Windows\System\TafEaFM.exe

C:\Windows\System\affESvW.exe

C:\Windows\System\affESvW.exe

C:\Windows\System\LWdRGMW.exe

C:\Windows\System\LWdRGMW.exe

C:\Windows\System\bNwvdYy.exe

C:\Windows\System\bNwvdYy.exe

C:\Windows\System\lQVAaGU.exe

C:\Windows\System\lQVAaGU.exe

C:\Windows\System\MfOcGRt.exe

C:\Windows\System\MfOcGRt.exe

C:\Windows\System\EStOqYN.exe

C:\Windows\System\EStOqYN.exe

C:\Windows\System\bneamYf.exe

C:\Windows\System\bneamYf.exe

C:\Windows\System\EPSuwfJ.exe

C:\Windows\System\EPSuwfJ.exe

C:\Windows\System\ayOTucA.exe

C:\Windows\System\ayOTucA.exe

C:\Windows\System\LihzNDg.exe

C:\Windows\System\LihzNDg.exe

C:\Windows\System\lqFNgIl.exe

C:\Windows\System\lqFNgIl.exe

C:\Windows\System\sKqCCFD.exe

C:\Windows\System\sKqCCFD.exe

C:\Windows\System\SkQWZui.exe

C:\Windows\System\SkQWZui.exe

C:\Windows\System\xmqtEOF.exe

C:\Windows\System\xmqtEOF.exe

C:\Windows\System\PbatuAM.exe

C:\Windows\System\PbatuAM.exe

C:\Windows\System\jfylvQP.exe

C:\Windows\System\jfylvQP.exe

C:\Windows\System\bxoLLTC.exe

C:\Windows\System\bxoLLTC.exe

C:\Windows\System\ciqgdTp.exe

C:\Windows\System\ciqgdTp.exe

C:\Windows\System\NvqhwCj.exe

C:\Windows\System\NvqhwCj.exe

C:\Windows\System\osspsWE.exe

C:\Windows\System\osspsWE.exe

C:\Windows\System\EAVMDvm.exe

C:\Windows\System\EAVMDvm.exe

C:\Windows\System\Kbdbtka.exe

C:\Windows\System\Kbdbtka.exe

C:\Windows\System\uKUsVns.exe

C:\Windows\System\uKUsVns.exe

C:\Windows\System\UwhutYC.exe

C:\Windows\System\UwhutYC.exe

C:\Windows\System\VuCMBCV.exe

C:\Windows\System\VuCMBCV.exe

C:\Windows\System\vDqNWcZ.exe

C:\Windows\System\vDqNWcZ.exe

C:\Windows\System\uGWAUqN.exe

C:\Windows\System\uGWAUqN.exe

C:\Windows\System\silUCub.exe

C:\Windows\System\silUCub.exe

C:\Windows\System\RTTCGiP.exe

C:\Windows\System\RTTCGiP.exe

C:\Windows\System\OcWGoRQ.exe

C:\Windows\System\OcWGoRQ.exe

C:\Windows\System\OdOVAFN.exe

C:\Windows\System\OdOVAFN.exe

C:\Windows\System\DlxWkWm.exe

C:\Windows\System\DlxWkWm.exe

C:\Windows\System\CBCeJma.exe

C:\Windows\System\CBCeJma.exe

C:\Windows\System\WTvBKNF.exe

C:\Windows\System\WTvBKNF.exe

C:\Windows\System\uWdFaVF.exe

C:\Windows\System\uWdFaVF.exe

C:\Windows\System\uiZSCnj.exe

C:\Windows\System\uiZSCnj.exe

C:\Windows\System\tMkNRjR.exe

C:\Windows\System\tMkNRjR.exe

C:\Windows\System\bXYKEoN.exe

C:\Windows\System\bXYKEoN.exe

C:\Windows\System\rsJJpEq.exe

C:\Windows\System\rsJJpEq.exe

C:\Windows\System\HioovuN.exe

C:\Windows\System\HioovuN.exe

C:\Windows\System\nGRdqrB.exe

C:\Windows\System\nGRdqrB.exe

C:\Windows\System\JlGNutK.exe

C:\Windows\System\JlGNutK.exe

C:\Windows\System\tcdlcDc.exe

C:\Windows\System\tcdlcDc.exe

C:\Windows\System\SlGpxYO.exe

C:\Windows\System\SlGpxYO.exe

C:\Windows\System\FCKuYQG.exe

C:\Windows\System\FCKuYQG.exe

C:\Windows\System\OvBpRrf.exe

C:\Windows\System\OvBpRrf.exe

C:\Windows\System\vsVtYiH.exe

C:\Windows\System\vsVtYiH.exe

C:\Windows\System\ADIxtHp.exe

C:\Windows\System\ADIxtHp.exe

C:\Windows\System\KBZgmhn.exe

C:\Windows\System\KBZgmhn.exe

C:\Windows\System\xpmeNyF.exe

C:\Windows\System\xpmeNyF.exe

C:\Windows\System\pvabBJJ.exe

C:\Windows\System\pvabBJJ.exe

C:\Windows\System\ufxICFf.exe

C:\Windows\System\ufxICFf.exe

C:\Windows\System\ABQMJdL.exe

C:\Windows\System\ABQMJdL.exe

C:\Windows\System\bWkuvWq.exe

C:\Windows\System\bWkuvWq.exe

C:\Windows\System\ucjfZhi.exe

C:\Windows\System\ucjfZhi.exe

C:\Windows\System\lEGniRs.exe

C:\Windows\System\lEGniRs.exe

C:\Windows\System\fjTgPjg.exe

C:\Windows\System\fjTgPjg.exe

C:\Windows\System\ImLlpvS.exe

C:\Windows\System\ImLlpvS.exe

C:\Windows\System\wADzfWb.exe

C:\Windows\System\wADzfWb.exe

C:\Windows\System\sZLxJwT.exe

C:\Windows\System\sZLxJwT.exe

C:\Windows\System\hCONbeT.exe

C:\Windows\System\hCONbeT.exe

C:\Windows\System\JXdfctN.exe

C:\Windows\System\JXdfctN.exe

C:\Windows\System\kgMLpJi.exe

C:\Windows\System\kgMLpJi.exe

C:\Windows\System\YHEWnHd.exe

C:\Windows\System\YHEWnHd.exe

C:\Windows\System\cjkXXFD.exe

C:\Windows\System\cjkXXFD.exe

C:\Windows\System\lajrttB.exe

C:\Windows\System\lajrttB.exe

C:\Windows\System\xWWsrAa.exe

C:\Windows\System\xWWsrAa.exe

C:\Windows\System\anArLvc.exe

C:\Windows\System\anArLvc.exe

C:\Windows\System\BgEqJYi.exe

C:\Windows\System\BgEqJYi.exe

C:\Windows\System\KujHARM.exe

C:\Windows\System\KujHARM.exe

C:\Windows\System\LIgufBT.exe

C:\Windows\System\LIgufBT.exe

C:\Windows\System\NNotHGf.exe

C:\Windows\System\NNotHGf.exe

C:\Windows\System\hEMsFJF.exe

C:\Windows\System\hEMsFJF.exe

C:\Windows\System\gBpdAxo.exe

C:\Windows\System\gBpdAxo.exe

C:\Windows\System\qNDfbmc.exe

C:\Windows\System\qNDfbmc.exe

C:\Windows\System\EpueLDr.exe

C:\Windows\System\EpueLDr.exe

C:\Windows\System\qYFBjzp.exe

C:\Windows\System\qYFBjzp.exe

C:\Windows\System\lLbxWsa.exe

C:\Windows\System\lLbxWsa.exe

C:\Windows\System\wzaJABC.exe

C:\Windows\System\wzaJABC.exe

C:\Windows\System\dIKztMZ.exe

C:\Windows\System\dIKztMZ.exe

C:\Windows\System\mbCXYZX.exe

C:\Windows\System\mbCXYZX.exe

C:\Windows\System\IAnAVyp.exe

C:\Windows\System\IAnAVyp.exe

C:\Windows\System\srOwGiT.exe

C:\Windows\System\srOwGiT.exe

C:\Windows\System\dXgnoID.exe

C:\Windows\System\dXgnoID.exe

C:\Windows\System\DeknFHq.exe

C:\Windows\System\DeknFHq.exe

C:\Windows\System\KUZvRnW.exe

C:\Windows\System\KUZvRnW.exe

C:\Windows\System\sQkMBCF.exe

C:\Windows\System\sQkMBCF.exe

C:\Windows\System\ZPPZrRa.exe

C:\Windows\System\ZPPZrRa.exe

C:\Windows\System\LpMVbdN.exe

C:\Windows\System\LpMVbdN.exe

C:\Windows\System\NOTwZER.exe

C:\Windows\System\NOTwZER.exe

C:\Windows\System\ShjyUVE.exe

C:\Windows\System\ShjyUVE.exe

C:\Windows\System\xdWwLIb.exe

C:\Windows\System\xdWwLIb.exe

C:\Windows\System\IfxTSkt.exe

C:\Windows\System\IfxTSkt.exe

C:\Windows\System\sEMVmni.exe

C:\Windows\System\sEMVmni.exe

C:\Windows\System\lPFDjRo.exe

C:\Windows\System\lPFDjRo.exe

C:\Windows\System\ipBdFwo.exe

C:\Windows\System\ipBdFwo.exe

C:\Windows\System\rgbmOQd.exe

C:\Windows\System\rgbmOQd.exe

C:\Windows\System\SBrcVYb.exe

C:\Windows\System\SBrcVYb.exe

C:\Windows\System\BAUZCzL.exe

C:\Windows\System\BAUZCzL.exe

C:\Windows\System\NfzSOnq.exe

C:\Windows\System\NfzSOnq.exe

C:\Windows\System\HReVFjn.exe

C:\Windows\System\HReVFjn.exe

C:\Windows\System\oLlkjtl.exe

C:\Windows\System\oLlkjtl.exe

C:\Windows\System\cEjTLus.exe

C:\Windows\System\cEjTLus.exe

C:\Windows\System\FQUSVPp.exe

C:\Windows\System\FQUSVPp.exe

C:\Windows\System\HVEhLeJ.exe

C:\Windows\System\HVEhLeJ.exe

C:\Windows\System\iLeyjov.exe

C:\Windows\System\iLeyjov.exe

C:\Windows\System\VNagLQE.exe

C:\Windows\System\VNagLQE.exe

C:\Windows\System\SMWcUuQ.exe

C:\Windows\System\SMWcUuQ.exe

C:\Windows\System\nTSkhYV.exe

C:\Windows\System\nTSkhYV.exe

C:\Windows\System\LIHdZGu.exe

C:\Windows\System\LIHdZGu.exe

C:\Windows\System\muQikit.exe

C:\Windows\System\muQikit.exe

C:\Windows\System\uDLQAyY.exe

C:\Windows\System\uDLQAyY.exe

C:\Windows\System\gqLiPOV.exe

C:\Windows\System\gqLiPOV.exe

C:\Windows\System\zZBiYfI.exe

C:\Windows\System\zZBiYfI.exe

C:\Windows\System\ecsixXb.exe

C:\Windows\System\ecsixXb.exe

C:\Windows\System\ZzojdRm.exe

C:\Windows\System\ZzojdRm.exe

C:\Windows\System\PeIMwyB.exe

C:\Windows\System\PeIMwyB.exe

C:\Windows\System\uOgnXYf.exe

C:\Windows\System\uOgnXYf.exe

C:\Windows\System\opbauRA.exe

C:\Windows\System\opbauRA.exe

C:\Windows\System\OIJReom.exe

C:\Windows\System\OIJReom.exe

C:\Windows\System\CkLVzTe.exe

C:\Windows\System\CkLVzTe.exe

C:\Windows\System\KysmtcX.exe

C:\Windows\System\KysmtcX.exe

C:\Windows\System\bqTyXRs.exe

C:\Windows\System\bqTyXRs.exe

C:\Windows\System\IMhZbLM.exe

C:\Windows\System\IMhZbLM.exe

C:\Windows\System\XHqXGrh.exe

C:\Windows\System\XHqXGrh.exe

C:\Windows\System\zIJtMJd.exe

C:\Windows\System\zIJtMJd.exe

C:\Windows\System\xoZROfE.exe

C:\Windows\System\xoZROfE.exe

C:\Windows\System\qOAXAdv.exe

C:\Windows\System\qOAXAdv.exe

C:\Windows\System\IQsENXq.exe

C:\Windows\System\IQsENXq.exe

C:\Windows\System\vurvamf.exe

C:\Windows\System\vurvamf.exe

C:\Windows\System\JwvXlkH.exe

C:\Windows\System\JwvXlkH.exe

C:\Windows\System\bZlXfWn.exe

C:\Windows\System\bZlXfWn.exe

C:\Windows\System\nUSNdAd.exe

C:\Windows\System\nUSNdAd.exe

C:\Windows\System\GtLybSI.exe

C:\Windows\System\GtLybSI.exe

C:\Windows\System\YBXDhkj.exe

C:\Windows\System\YBXDhkj.exe

C:\Windows\System\YwmGbNV.exe

C:\Windows\System\YwmGbNV.exe

C:\Windows\System\WsxTwqo.exe

C:\Windows\System\WsxTwqo.exe

C:\Windows\System\RHiZOpn.exe

C:\Windows\System\RHiZOpn.exe

C:\Windows\System\axnnunE.exe

C:\Windows\System\axnnunE.exe

C:\Windows\System\UbbAbFb.exe

C:\Windows\System\UbbAbFb.exe

C:\Windows\System\hPgsfLI.exe

C:\Windows\System\hPgsfLI.exe

C:\Windows\System\LWScRiw.exe

C:\Windows\System\LWScRiw.exe

C:\Windows\System\FmUvcIL.exe

C:\Windows\System\FmUvcIL.exe

C:\Windows\System\yTZPYeB.exe

C:\Windows\System\yTZPYeB.exe

C:\Windows\System\DjLJYON.exe

C:\Windows\System\DjLJYON.exe

C:\Windows\System\wuwUWuI.exe

C:\Windows\System\wuwUWuI.exe

C:\Windows\System\SVkeFmA.exe

C:\Windows\System\SVkeFmA.exe

C:\Windows\System\yBdHKjk.exe

C:\Windows\System\yBdHKjk.exe

C:\Windows\System\mbUxaFC.exe

C:\Windows\System\mbUxaFC.exe

C:\Windows\System\krBCxFg.exe

C:\Windows\System\krBCxFg.exe

C:\Windows\System\VRgdjSg.exe

C:\Windows\System\VRgdjSg.exe

C:\Windows\System\IwMnYmi.exe

C:\Windows\System\IwMnYmi.exe

C:\Windows\System\UnolEDZ.exe

C:\Windows\System\UnolEDZ.exe

C:\Windows\System\nhFrfBr.exe

C:\Windows\System\nhFrfBr.exe

C:\Windows\System\gpKSoLt.exe

C:\Windows\System\gpKSoLt.exe

C:\Windows\System\SYtCeRW.exe

C:\Windows\System\SYtCeRW.exe

C:\Windows\System\ICchcEr.exe

C:\Windows\System\ICchcEr.exe

C:\Windows\System\ACWzlZU.exe

C:\Windows\System\ACWzlZU.exe

C:\Windows\System\AQJibBK.exe

C:\Windows\System\AQJibBK.exe

C:\Windows\System\HuNvLZq.exe

C:\Windows\System\HuNvLZq.exe

C:\Windows\System\vwbkkyQ.exe

C:\Windows\System\vwbkkyQ.exe

C:\Windows\System\irRIZcZ.exe

C:\Windows\System\irRIZcZ.exe

C:\Windows\System\aTfgmIy.exe

C:\Windows\System\aTfgmIy.exe

C:\Windows\System\MLqSBRJ.exe

C:\Windows\System\MLqSBRJ.exe

C:\Windows\System\NiBerYs.exe

C:\Windows\System\NiBerYs.exe

C:\Windows\System\PEaIiSq.exe

C:\Windows\System\PEaIiSq.exe

C:\Windows\System\UtjKOWZ.exe

C:\Windows\System\UtjKOWZ.exe

C:\Windows\System\uxHmqwS.exe

C:\Windows\System\uxHmqwS.exe

C:\Windows\System\ptjPtdG.exe

C:\Windows\System\ptjPtdG.exe

C:\Windows\System\TxfMetI.exe

C:\Windows\System\TxfMetI.exe

C:\Windows\System\oMGaiqw.exe

C:\Windows\System\oMGaiqw.exe

C:\Windows\System\SxQjAGw.exe

C:\Windows\System\SxQjAGw.exe

C:\Windows\System\RUPvYeT.exe

C:\Windows\System\RUPvYeT.exe

C:\Windows\System\WwIvyCn.exe

C:\Windows\System\WwIvyCn.exe

C:\Windows\System\BMIkMPC.exe

C:\Windows\System\BMIkMPC.exe

C:\Windows\System\OBaGOIY.exe

C:\Windows\System\OBaGOIY.exe

C:\Windows\System\IdwmTLr.exe

C:\Windows\System\IdwmTLr.exe

C:\Windows\System\pxNTlOX.exe

C:\Windows\System\pxNTlOX.exe

C:\Windows\System\YLwnhNH.exe

C:\Windows\System\YLwnhNH.exe

C:\Windows\System\ULzOmfv.exe

C:\Windows\System\ULzOmfv.exe

C:\Windows\System\mwcNKsl.exe

C:\Windows\System\mwcNKsl.exe

C:\Windows\System\kjDHvBl.exe

C:\Windows\System\kjDHvBl.exe

C:\Windows\System\tugxFmV.exe

C:\Windows\System\tugxFmV.exe

C:\Windows\System\yyMrmLS.exe

C:\Windows\System\yyMrmLS.exe

C:\Windows\System\cClsGAW.exe

C:\Windows\System\cClsGAW.exe

C:\Windows\System\IZPYjnX.exe

C:\Windows\System\IZPYjnX.exe

C:\Windows\System\MlSnDbx.exe

C:\Windows\System\MlSnDbx.exe

C:\Windows\System\FzkkToQ.exe

C:\Windows\System\FzkkToQ.exe

C:\Windows\System\NkISnRG.exe

C:\Windows\System\NkISnRG.exe

C:\Windows\System\QrXWBYX.exe

C:\Windows\System\QrXWBYX.exe

C:\Windows\System\KvwAaPq.exe

C:\Windows\System\KvwAaPq.exe

C:\Windows\System\SysuZqe.exe

C:\Windows\System\SysuZqe.exe

C:\Windows\System\nboPrli.exe

C:\Windows\System\nboPrli.exe

C:\Windows\System\hiTntmJ.exe

C:\Windows\System\hiTntmJ.exe

C:\Windows\System\DEfBfoV.exe

C:\Windows\System\DEfBfoV.exe

C:\Windows\System\oHGkxft.exe

C:\Windows\System\oHGkxft.exe

C:\Windows\System\BdyQAag.exe

C:\Windows\System\BdyQAag.exe

C:\Windows\System\YkrnmvK.exe

C:\Windows\System\YkrnmvK.exe

C:\Windows\System\RFzwmtm.exe

C:\Windows\System\RFzwmtm.exe

C:\Windows\System\eNiefwx.exe

C:\Windows\System\eNiefwx.exe

C:\Windows\System\hFCpkaQ.exe

C:\Windows\System\hFCpkaQ.exe

C:\Windows\System\ixbEePx.exe

C:\Windows\System\ixbEePx.exe

C:\Windows\System\QaLPBwE.exe

C:\Windows\System\QaLPBwE.exe

C:\Windows\System\ssSKIqJ.exe

C:\Windows\System\ssSKIqJ.exe

C:\Windows\System\FSDjEUG.exe

C:\Windows\System\FSDjEUG.exe

C:\Windows\System\cCdGcbk.exe

C:\Windows\System\cCdGcbk.exe

C:\Windows\System\KGLZOIM.exe

C:\Windows\System\KGLZOIM.exe

C:\Windows\System\FojeSdF.exe

C:\Windows\System\FojeSdF.exe

C:\Windows\System\WEQjNGY.exe

C:\Windows\System\WEQjNGY.exe

C:\Windows\System\QwLFGUu.exe

C:\Windows\System\QwLFGUu.exe

C:\Windows\System\ttSXTFy.exe

C:\Windows\System\ttSXTFy.exe

C:\Windows\System\rTDCOot.exe

C:\Windows\System\rTDCOot.exe

C:\Windows\System\tMVpwgY.exe

C:\Windows\System\tMVpwgY.exe

C:\Windows\System\lfIzFaW.exe

C:\Windows\System\lfIzFaW.exe

C:\Windows\System\nqCiToH.exe

C:\Windows\System\nqCiToH.exe

C:\Windows\System\BihwyCE.exe

C:\Windows\System\BihwyCE.exe

C:\Windows\System\mJtvFFH.exe

C:\Windows\System\mJtvFFH.exe

C:\Windows\System\xMNfuZl.exe

C:\Windows\System\xMNfuZl.exe

C:\Windows\System\cTtxUZn.exe

C:\Windows\System\cTtxUZn.exe

C:\Windows\System\XvVEEDE.exe

C:\Windows\System\XvVEEDE.exe

C:\Windows\System\cJzwoCL.exe

C:\Windows\System\cJzwoCL.exe

C:\Windows\System\qmabgSs.exe

C:\Windows\System\qmabgSs.exe

C:\Windows\System\XpuNaEs.exe

C:\Windows\System\XpuNaEs.exe

C:\Windows\System\fpwQgDq.exe

C:\Windows\System\fpwQgDq.exe

C:\Windows\System\gaXVCgk.exe

C:\Windows\System\gaXVCgk.exe

C:\Windows\System\aQEUzDm.exe

C:\Windows\System\aQEUzDm.exe

C:\Windows\System\BAghvej.exe

C:\Windows\System\BAghvej.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3184-0-0x00007FF776990000-0x00007FF776CE4000-memory.dmp

memory/3184-1-0x000001CC3FD60000-0x000001CC3FD70000-memory.dmp

C:\Windows\System\yRGvyhq.exe

MD5 36cf39964d3f1c28b3866b3f9ead43b1
SHA1 95eaf5b207764f574524dce3ac5b4e66c5865a7e
SHA256 b45cca1d18046f5b2ba2f500961557a575ce9a883dcdcfbbe98b88ae6ebaabcc
SHA512 dd3fa94f5ffecd2d99cb7c850ca11f8eab1a54a1f62a196d47f6460a3619377fd93110de7d5a7cb88e73bc7be21564786af2dc3206f76813558e7e3e734b850b

C:\Windows\System\vdAFwAV.exe

MD5 84f4560d46d47a5bd2414881f55869c0
SHA1 fba87e97d6801da85703f0df74ebfb894413afbe
SHA256 c09d49315c1fb6800de44ebe6667aa3ad1531a2739c26b28489d3a7754c191ad
SHA512 a71ba70d24b366e0d9d19399969f408243d5336a2e7e8f2f63115ea05cf4588a9e05f2866182504d00bd7a3efd5049cbbac60f9cabd4ab909b200a83570abbb3

C:\Windows\System\KqHKcln.exe

MD5 9e38611bfe9f7a2286fdda5fff4c7b11
SHA1 1c76e0d02a5bdf2933e6704092f75cf24327fb63
SHA256 7a4b6ca4948a15b7b3d233d3680cff55e39301627f045e735ca461a67b5ed7cf
SHA512 95ee78569132048f647f2f00774fbb3c9825e3346147ab6951d815d0b9e8e7a9235ec3e11e1b234319cef9554f6470b8afb9cac64e131e7cfc9e0c227f5c2cdf

C:\Windows\System\RQvWWuE.exe

MD5 286e263ec195e0fc6d12ea79e5c1ef36
SHA1 96d305dcf365592a516daccf743e7e4704b795e0
SHA256 075ea535251564db2eb7f36c4e8da16a2873b066e86d4d171374994052b1906c
SHA512 b2355a32700941bf01147707a8baa0a2c3eeff682810da41fe5c469b0fcfb0ff809506628526b7609ddfb085d29d3fa3fd72b3a59d732686d27e156b439b1a9e

C:\Windows\System\KdtGxwF.exe

MD5 cf50c643bff864dbbe225f1d45927725
SHA1 96915137f3db46b0f95aff6cb9e9f7041e9109d3
SHA256 4eb7d66b3689f258c8e1835950f6788898ba27653c126241258cea3b61d2a9ac
SHA512 f98d5fda8a60ee1d713c10e9aef28d140edd63db0bf3f9baf3bf99b20029382b61ea13ea62e2568e573070fcf80a4ed9168da58c90be1f80acf93779616585cc

C:\Windows\System\QZwcvZx.exe

MD5 8123629072cf3c36fadf9984382417a3
SHA1 5ad2da62754d806d0e9cf674c6b56686558c529f
SHA256 57885ef631ca0253abb4eb0ce56b7fc496d6bb3b786e1e4995bec19aaa2a47b2
SHA512 7fe4aa8ffafac02fca753d533c0a087ca921a786db5a4f9e4902c577566035288f1e0e66a3cc48ad082b9456eb30d1e472d4791540b4d4d7197374243fee0509

memory/4940-161-0x00007FF753DE0000-0x00007FF754134000-memory.dmp

memory/1964-175-0x00007FF6057B0000-0x00007FF605B04000-memory.dmp

memory/4092-183-0x00007FF6EDFC0000-0x00007FF6EE314000-memory.dmp

memory/3388-191-0x00007FF6E63E0000-0x00007FF6E6734000-memory.dmp

memory/4040-190-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp

memory/4376-189-0x00007FF69F680000-0x00007FF69F9D4000-memory.dmp

memory/1808-188-0x00007FF6EA9F0000-0x00007FF6EAD44000-memory.dmp

memory/3672-187-0x00007FF71D2F0000-0x00007FF71D644000-memory.dmp

memory/4532-186-0x00007FF6EF1E0000-0x00007FF6EF534000-memory.dmp

memory/2900-185-0x00007FF7FAB00000-0x00007FF7FAE54000-memory.dmp

memory/380-184-0x00007FF6E06E0000-0x00007FF6E0A34000-memory.dmp

memory/4968-182-0x00007FF644250000-0x00007FF6445A4000-memory.dmp

memory/2072-181-0x00007FF625130000-0x00007FF625484000-memory.dmp

memory/1580-180-0x00007FF7D1850000-0x00007FF7D1BA4000-memory.dmp

memory/2236-179-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp

C:\Windows\System\qpXinQt.exe

MD5 4edd61fe1a50df2e9c999a64a6d37406
SHA1 d4a41ed75c8cd6817c40fb1e4fb1b010a715bc9e
SHA256 fdbb73403e02c6e83f6c1895bc9ac8e6f55124dfeffb710fcffe1a3b8d0f377a
SHA512 e00f65974f9a8d190bdc652a142e939087711e0679d4e72d130a805077db44df6bc155489aaf65d2ab99fc7491dd886add2da3398a33169a53ac5139674e7c4f

memory/4728-176-0x00007FF687C20000-0x00007FF687F74000-memory.dmp

C:\Windows\System\CqBMnxd.exe

MD5 6348b027c1d469d0f09b2eafcc1f812f
SHA1 37b53034865b03798032aa7e6e78cfc4e92830f2
SHA256 9a4ef01ce3af3176e48395226db5cadc28b528eecee92631f5580c8dbb601183
SHA512 4c2a1b307facf4089b69db3292ec8a53ece03e1b79de9982be1774ced501839c899e1accbcf0e6bbd110e88fe7f891accd3ae8d8a04e64fd48888ca75c92331b

C:\Windows\System\CZaJviJ.exe

MD5 a590d1617554d9b5f89d3c9758d7b09f
SHA1 3ff69852bb82b58d88811dbc954303e5cceb44b5
SHA256 54ecddec78e0c58a6d3a380df5ed93a14f63077073187f8bbffa3a5f9f564305
SHA512 5b96b069eeebb960a0148007603877301fe44ba73d2137386c807325d0d4c46497048a5249b02b8233cc2a4cbb061ffa9bc3310b5d191f132c6f04fc34824df2

memory/3032-170-0x00007FF6DCD70000-0x00007FF6DD0C4000-memory.dmp

memory/2908-169-0x00007FF7A7B10000-0x00007FF7A7E64000-memory.dmp

C:\Windows\System\TAKnxMb.exe

MD5 16091fa6d51b2c9a3bc6c8d78fbe9e1a
SHA1 936149ce656b731a9b5118b79a36f714f8ad198a
SHA256 547a8f3f88707667b0f4fb020761140e2d114cbeb4e613c6585a854bfa06cf9d
SHA512 16ff8bcc946e9cbe85d60f9fcc62c697745fac286715e265f526814c4f794f8db5aa74c8b9b2f090d425704e71d976c4b26e6d756f24326615970d42d29ac32f

C:\Windows\System\xuAFncu.exe

MD5 271696a34e2cd0f04b6757e2b97d94aa
SHA1 37bffacfc77da5970b1cc8b34e4c9c770a3a455e
SHA256 43ecd432d34fd1d535de5799cd967503140ec4d986f6e0445d29a20e48eabb28
SHA512 46d8e6957aae5c10b628fd791a0e2b134474ca307842fc582f8815cfd53baae06f498c0c267a079cfc1a0f80fe838517c389172f9386f8fce0b945f14a4e4862

C:\Windows\System\AbfBWLB.exe

MD5 e369f9bf798edfb80f9df92e0ad58a5e
SHA1 5e40aa56b12be542325e28bfdd0a115c36f5f4da
SHA256 c6f4eec4692602124f70123d092dd0914186988c62db827a4871f357d8465a85
SHA512 3b02e695e2206ce4f98cb2b457442540fc7c2222a71300dedf747e303809c7c550052200e42f35ccc7cb5ce559ee580390ed0a71f2339ce4e0b29a566168baf0

C:\Windows\System\vNodIWL.exe

MD5 81a52717732fd2655fad85f5a9077acd
SHA1 770c11dae8a74b892d00a0f706e7ed0c0190507e
SHA256 71734910572de7bfd7159aeb8da40b30764f30cfaf429dadea75ca7c1067b38c
SHA512 efc45481aabcf2a51256d7866ad59e1000af8d9e41cdd899c81a262608c00baa4e9cc30af1a36e9984f682236f9625465fb3bdb58c0aa0fbf9b613fc1c689518

memory/2888-153-0x00007FF72A830000-0x00007FF72AB84000-memory.dmp

memory/4620-150-0x00007FF7814C0000-0x00007FF781814000-memory.dmp

C:\Windows\System\PvVzAMv.exe

MD5 96e0bf5b076cb8bb7bb2a180ff8bb73b
SHA1 0e5c58326d85985fc21297508e4caa5352930779
SHA256 3c2b752c577aa1545daefdaba03a1bf42b60ba2ad41bc91000bdc0ae140996c5
SHA512 2149dc819301a1dcd22fdffe49d9b45725343381cbbeea6405ec61b879457720b1dc6c7d8e6fdb9e2c1d413ca9bdfe885f687db4928706af140b16df27dd92bb

C:\Windows\System\qMVFpgh.exe

MD5 0ab2c161ca8b286319aae60ef87ae9f6
SHA1 9b65685534f632ff7ec18eb75623025674daee9d
SHA256 90b5dcd50cc138c5594825fde125be4326a05bc6f821e42c0066677632d91757
SHA512 4389790eb86e34262baa39f309ac639885b55cb7c2c23ac584217c5a3ce34b505b18b591ef59b76bfdb6928b9a62565a0448261fa2d431d58489b9f632f16a9e

C:\Windows\System\HKdlZQz.exe

MD5 17db5e4fc666e35b4bf7ae07e27a5340
SHA1 e3befff71dd69e814d9b4b840d5eafaab57a281e
SHA256 dc2f1f5b71d7efc03f0e6238767b5c78420af767b39ffe0b7ffc951bb0e96961
SHA512 57877e0e2c6e87c3fc9228d95dee1c865a27f3372429b8935991165c5bd8e493e4e016e2efc1bbd408fd4de84c753545efca9485e9583789eb5d6dfee66e5142

C:\Windows\System\GnfbSUk.exe

MD5 e93589ee385cc851744a0bb51afb9db8
SHA1 63546abd2198ee40ff5f5747a3a9a7ee78860397
SHA256 86b40cf99615f93bb5871d3145bf909e026f7b9bbea2ac062399fb80212ca0a5
SHA512 9c993612581acb90bac510cde6d3467924e909b68ff65ae60576bda8b777c7cd4d897d4b56d7523ade638176b6a01a0e5c2697af5b448d0d79e41907c4a2c610

C:\Windows\System\XsevFQr.exe

MD5 5f8e86f278eaa84879ac3538d3678218
SHA1 44c2f509ea973ad47c18950bf65cbb59b0ee7420
SHA256 cc91ef5433c1c8da8afdfaa1c9cda9078225e5a1955c77f0b4b7c30ce305023d
SHA512 8eea7286e3269805c984d64bdb2c8fe7a9a5d472c93eba4c62c97b947e6197933cf3a6abeb5dc1bea1ccc7f2d800537255e197b5790c223560eb36955badb76c

memory/4712-132-0x00007FF64CBD0000-0x00007FF64CF24000-memory.dmp

memory/4760-131-0x00007FF6AD5F0000-0x00007FF6AD944000-memory.dmp

C:\Windows\System\jYjUSJg.exe

MD5 9e5073f1f327e82485f288224bc9058b
SHA1 dec89c0130df24aa68584d36bfd370fe70b51246
SHA256 2361073dd341760af196d03d6b1c58137ca2ce4d656d0e47d45c48a5e3965fbd
SHA512 2f09112235bc403d9d2dff9209d55cf29deda7d3b04123e275c7875339cd0e829a0665f2718cfefaf96e11b5ac72d22ede177c4969c9b2ec3317dd39d9735e89

C:\Windows\System\PsWkdrE.exe

MD5 94e670bb86a9a130f28f5a9ba488d639
SHA1 0f42f5b820b4991a7463c2b0ed210c12a68b58d7
SHA256 a2f0ac9db396717c1bb1131de29be033d4b8652292f9f926613e480d02e57fbd
SHA512 9a16aae494ed85e0473d6c8f958ec591f5e27b218d6f5462e5e5456d445d9222918f69c7d0a2c70e9fafe39c6e5a20fd7bbd261f5af28ac0fb7be09dd5781920

memory/4832-116-0x00007FF7E55A0000-0x00007FF7E58F4000-memory.dmp

C:\Windows\System\mSQyOqS.exe

MD5 9dea2985eb69b678cc4580181fcc2609
SHA1 6ee81aab3191856d9f6da96841ed5ab4d8661c79
SHA256 1e4005511bbabd967fa215341f7da906f224ad7b94a306e8cd732965a3a65009
SHA512 86099095b98f45d590d9468b7fd9b8e65b9dde051417c0edf854edf052415bcb31d2e54dffac41b030029a231e20f23d16b0f42779b47734e37493452f9fffbb

C:\Windows\System\TLpZffl.exe

MD5 41f4f2e4a81081eab6fe6e93a3f86727
SHA1 e634a1df4aa6f24e72561855a4bd72258ab7d9e1
SHA256 f045fb8d896a9ad132463084aa82f80bc9536a50989114b12d60a1d7afa4e199
SHA512 0fad453dda82fda749e83b3e9786bf0f6972b9e53dea65cb1cb8c72234831bbb96172c4720e0d32045ca8039440263c84d6aaf0d6953329ec38541a37719ef3a

C:\Windows\System\pqNMpzV.exe

MD5 c518bb4462528c56bb6f129a23280d2d
SHA1 7b48351755d26fce17959c2dcce6e0620be005b7
SHA256 cd0acf636297cb3671c1a0267ec2b3148d781cad98079a63d7a95a8d30ea0021
SHA512 d2447e85b30d44084d3ea7c23d5eec20b762b2a9cb8c6d97e4c8f09a17483422ec9f2e98c335681e18030d1b9c17ed67e925995c1cbe861186b9f3b1a08cbfdf

C:\Windows\System\GyzuNBz.exe

MD5 855e6fbe30e80f78024e2e5de99fa461
SHA1 174ddbbd3e91b0422a7904aa2ef85ffe48593e94
SHA256 ec442dacb952d62be868739ee1b1c6057512c220a6530b058e23fdf8d67fb5d6
SHA512 29790754d1a30f2d504ca08be8a01bf4a2457b9b94f59991c4cb89e644a62e79f69024d1af877dd3d9e5b2fa97d3be99fc46a34a033e670925bda7919391927c

memory/1696-90-0x00007FF7FE350000-0x00007FF7FE6A4000-memory.dmp

C:\Windows\System\xgSQYsx.exe

MD5 7db9077b46b488a8a634ff8a464e7805
SHA1 876a68356a3e923f93116c07dfd9ee83ca0d99cc
SHA256 bc7342258d7df5bc233062bbf84eb5c8d2bf525a8a6ea5e0619019987b9a0ff6
SHA512 515d6500278ededc46b2ad20175460566e082eeaee16e9b9c1312597b5d2b7e28a68ab887c96639788145b6e7b8298a76736a81fc38f48f251e6315cc52433dd

C:\Windows\System\sxLTvUR.exe

MD5 4230563765d936122d6e5b587cae2581
SHA1 7e032f693cd23adf999c61b000ee06121e10d4d2
SHA256 25d6b2d353edaf0c2a7092d8422185b8d25b68a9e2b01281da5f6f647f1704ba
SHA512 1252557ae59b554d89531c98ae97340e938f38ccce50edc5531dc6f178081b707ce83b6a9ee712a5b725ffec4c92dcb920a2c55865f47aa94ac26853521d979d

C:\Windows\System\aYDWMiv.exe

MD5 303b44ad30259e8c5e105f0f91dca59a
SHA1 1070a38950aa296c260117ec09bb44fa1dddbe7a
SHA256 b7031b67cf1a3539ef2096c8bccea57df7bc4de9aa35303e0c301ef7fef4ae4d
SHA512 3c4b18803341e41dc4cb8d434c0e5917e8afafdb877369216e1a278e41a036e2ed1e790529665ff6b34ef3f0c394435a6135f3333abee11784805bb74a5f0e1a

memory/4892-96-0x00007FF7C3D30000-0x00007FF7C4084000-memory.dmp

memory/740-63-0x00007FF6C1B60000-0x00007FF6C1EB4000-memory.dmp

C:\Windows\System\qtHBUdM.exe

MD5 12422e72396ce12dae3abc511db47976
SHA1 d50dd478c2b63802258034ee8500657ef6d47672
SHA256 458658653164b187cdbfab98ee86da7ae026184a9a3fbb80186c01a35af2ff6a
SHA512 9bb902915e080af16c370c1aa00d22bf68ff8863ea0bee56e6b0f64756d902c7c27ab2a1688357d12eba29c718676c6b8366dbba7f335b699824a4b569acdb0b

C:\Windows\System\SYfkyjj.exe

MD5 66ec29c2373593882bab0eec439523c9
SHA1 a068536aeb1de3d854dc4ff4f8af53dc804b377a
SHA256 3718504ff34f1f60ca2dc446900f6a1f54f71afca66f7deb9c5e65467af549ab
SHA512 6b62369fd64d592c3ea02c128707828ccdacd97d44b589b8520be55cc6d5cae3248a58c2afe180e2c442a6a9118a6c90978e7450806bc59832242f10dbf4703a

memory/3728-30-0x00007FF6172A0000-0x00007FF6175F4000-memory.dmp

C:\Windows\System\wcMZfMi.exe

MD5 408fce6635737e02663c9593651886f7
SHA1 9abe34b3846f3540603c4ff533955d57d4aee066
SHA256 e5a0277e7c62502e4a576d35fb3ce456f4f54a956298056ad4f7462d0d4ba455
SHA512 852b676b946207cc49fb4f3f48d40dd5d1ed1b1a2b2f201c06238a23b133fd1e0abaaf2723857b27370d1c8284420cc07be6ea9549075952c5ce630c925a2971

memory/4788-23-0x00007FF6E4C20000-0x00007FF6E4F74000-memory.dmp

C:\Windows\System\Wjdvmhj.exe

MD5 63b2987cf74394c610d12e8f21b4e796
SHA1 db8a5135dd6d165f357c246123d064197b308897
SHA256 bcd30ba62e78908eab511fd0b6fae7d96b46ea6d054c56ad46d9f1f16d7c8da8
SHA512 ae3ca65cf3772c8b2c1f7ec26519fa0e0c6e3f7008335d1adb55c903715235a30fdc9e442fcfd045796e33690ccda515d32a49786d2c4b9934724f6bcdb396fa

C:\Windows\System\ZokXOUZ.exe

MD5 99bb0405b061f8d29e47165b1f9d98cd
SHA1 a6d7d633492a76feec0eb81a78236d2126714323
SHA256 f134cbbef1466a244744e1060804cc52a81d3600370f8c2b13e67b0152947efd
SHA512 fdd5abe79e07c876a51edcb3343b0a63041d4c3a6754ddb524956f57122b6b90f16030ca19955eb7116c935c1dbb531a6e670e64928e7992a2271a1c9954a90b

memory/3904-8-0x00007FF6FD8B0000-0x00007FF6FDC04000-memory.dmp

memory/3184-1070-0x00007FF776990000-0x00007FF776CE4000-memory.dmp

memory/3904-1071-0x00007FF6FD8B0000-0x00007FF6FDC04000-memory.dmp

memory/4788-1072-0x00007FF6E4C20000-0x00007FF6E4F74000-memory.dmp

memory/3728-1073-0x00007FF6172A0000-0x00007FF6175F4000-memory.dmp

memory/740-1074-0x00007FF6C1B60000-0x00007FF6C1EB4000-memory.dmp

memory/1696-1075-0x00007FF7FE350000-0x00007FF7FE6A4000-memory.dmp

memory/4832-1076-0x00007FF7E55A0000-0x00007FF7E58F4000-memory.dmp

memory/3904-1077-0x00007FF6FD8B0000-0x00007FF6FDC04000-memory.dmp

memory/4788-1078-0x00007FF6E4C20000-0x00007FF6E4F74000-memory.dmp

memory/4532-1079-0x00007FF6EF1E0000-0x00007FF6EF534000-memory.dmp

memory/3728-1080-0x00007FF6172A0000-0x00007FF6175F4000-memory.dmp

memory/740-1081-0x00007FF6C1B60000-0x00007FF6C1EB4000-memory.dmp

memory/2900-1082-0x00007FF7FAB00000-0x00007FF7FAE54000-memory.dmp

memory/4760-1083-0x00007FF6AD5F0000-0x00007FF6AD944000-memory.dmp

memory/3672-1084-0x00007FF71D2F0000-0x00007FF71D644000-memory.dmp

memory/4940-1085-0x00007FF753DE0000-0x00007FF754134000-memory.dmp

memory/4892-1087-0x00007FF7C3D30000-0x00007FF7C4084000-memory.dmp

memory/2908-1086-0x00007FF7A7B10000-0x00007FF7A7E64000-memory.dmp

memory/4968-1092-0x00007FF644250000-0x00007FF6445A4000-memory.dmp

memory/3032-1095-0x00007FF6DCD70000-0x00007FF6DD0C4000-memory.dmp

memory/1580-1099-0x00007FF7D1850000-0x00007FF7D1BA4000-memory.dmp

memory/1964-1098-0x00007FF6057B0000-0x00007FF605B04000-memory.dmp

memory/4376-1097-0x00007FF69F680000-0x00007FF69F9D4000-memory.dmp

memory/4728-1096-0x00007FF687C20000-0x00007FF687F74000-memory.dmp

memory/2236-1100-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp

memory/380-1102-0x00007FF6E06E0000-0x00007FF6E0A34000-memory.dmp

memory/2072-1105-0x00007FF625130000-0x00007FF625484000-memory.dmp

memory/4040-1104-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp

memory/3388-1103-0x00007FF6E63E0000-0x00007FF6E6734000-memory.dmp

memory/4092-1101-0x00007FF6EDFC0000-0x00007FF6EE314000-memory.dmp

memory/2888-1094-0x00007FF72A830000-0x00007FF72AB84000-memory.dmp

memory/1808-1093-0x00007FF6EA9F0000-0x00007FF6EAD44000-memory.dmp

memory/4832-1090-0x00007FF7E55A0000-0x00007FF7E58F4000-memory.dmp

memory/4712-1089-0x00007FF64CBD0000-0x00007FF64CF24000-memory.dmp

memory/4620-1088-0x00007FF7814C0000-0x00007FF781814000-memory.dmp

memory/1696-1091-0x00007FF7FE350000-0x00007FF7FE6A4000-memory.dmp