Malware Analysis Report

2024-10-16 07:37

Sample ID 240601-lgl37shf37
Target 96592eeafca31456df85a438b3934490_NeikiAnalytics.exe
SHA256 541e2dba83e7a898bdafcd17937ca7f40ec4a26f5dd5cfb225d3aa36cd294f49
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

541e2dba83e7a898bdafcd17937ca7f40ec4a26f5dd5cfb225d3aa36cd294f49

Threat Level: Known bad

The file 96592eeafca31456df85a438b3934490_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

XMRig Miner payload

Xmrig family

KPOT Core Executable

xmrig

KPOT

Kpot family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 09:30

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 09:30

Reported

2024-06-01 09:32

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GweAgax.exe N/A
N/A N/A C:\Windows\System\dnWHyXL.exe N/A
N/A N/A C:\Windows\System\FhAPOZI.exe N/A
N/A N/A C:\Windows\System\TIjmtLE.exe N/A
N/A N/A C:\Windows\System\guiwMiS.exe N/A
N/A N/A C:\Windows\System\NTROdzj.exe N/A
N/A N/A C:\Windows\System\xirIzIL.exe N/A
N/A N/A C:\Windows\System\pWzEDkS.exe N/A
N/A N/A C:\Windows\System\uXBlndw.exe N/A
N/A N/A C:\Windows\System\IuvBkEt.exe N/A
N/A N/A C:\Windows\System\fyFWDoZ.exe N/A
N/A N/A C:\Windows\System\plUcswB.exe N/A
N/A N/A C:\Windows\System\UzVGwOJ.exe N/A
N/A N/A C:\Windows\System\tXHwqmv.exe N/A
N/A N/A C:\Windows\System\udksywg.exe N/A
N/A N/A C:\Windows\System\DdLMUZZ.exe N/A
N/A N/A C:\Windows\System\eomMIlA.exe N/A
N/A N/A C:\Windows\System\piPxWPs.exe N/A
N/A N/A C:\Windows\System\WoseCGN.exe N/A
N/A N/A C:\Windows\System\KGJVqKb.exe N/A
N/A N/A C:\Windows\System\afDqOPZ.exe N/A
N/A N/A C:\Windows\System\aAKONom.exe N/A
N/A N/A C:\Windows\System\VzgmyRu.exe N/A
N/A N/A C:\Windows\System\VCwqbsG.exe N/A
N/A N/A C:\Windows\System\QrHAMlT.exe N/A
N/A N/A C:\Windows\System\wWZpKjf.exe N/A
N/A N/A C:\Windows\System\JqvEayP.exe N/A
N/A N/A C:\Windows\System\MUeVloB.exe N/A
N/A N/A C:\Windows\System\eNuHNtQ.exe N/A
N/A N/A C:\Windows\System\cjmEHkG.exe N/A
N/A N/A C:\Windows\System\tIFNsdM.exe N/A
N/A N/A C:\Windows\System\lVLWvSZ.exe N/A
N/A N/A C:\Windows\System\IMAuPYe.exe N/A
N/A N/A C:\Windows\System\XBPSvav.exe N/A
N/A N/A C:\Windows\System\MnyQGVk.exe N/A
N/A N/A C:\Windows\System\iuHhcOK.exe N/A
N/A N/A C:\Windows\System\FGyYoTA.exe N/A
N/A N/A C:\Windows\System\jADCboA.exe N/A
N/A N/A C:\Windows\System\DOltAUK.exe N/A
N/A N/A C:\Windows\System\HcMeIYA.exe N/A
N/A N/A C:\Windows\System\ZclYiSK.exe N/A
N/A N/A C:\Windows\System\OQlvTDZ.exe N/A
N/A N/A C:\Windows\System\AuQwyjQ.exe N/A
N/A N/A C:\Windows\System\yzddwJo.exe N/A
N/A N/A C:\Windows\System\LkawcUX.exe N/A
N/A N/A C:\Windows\System\mwHopzL.exe N/A
N/A N/A C:\Windows\System\DrVPaCH.exe N/A
N/A N/A C:\Windows\System\lqfQYNP.exe N/A
N/A N/A C:\Windows\System\qgYvXAR.exe N/A
N/A N/A C:\Windows\System\mWMzpIo.exe N/A
N/A N/A C:\Windows\System\usPhdyy.exe N/A
N/A N/A C:\Windows\System\DRmikAe.exe N/A
N/A N/A C:\Windows\System\kcJsCiW.exe N/A
N/A N/A C:\Windows\System\iZEKXHz.exe N/A
N/A N/A C:\Windows\System\aDccFLo.exe N/A
N/A N/A C:\Windows\System\ztultXg.exe N/A
N/A N/A C:\Windows\System\hKeFkNm.exe N/A
N/A N/A C:\Windows\System\ekMtjgT.exe N/A
N/A N/A C:\Windows\System\neGcAKi.exe N/A
N/A N/A C:\Windows\System\DJDASxw.exe N/A
N/A N/A C:\Windows\System\swAIrqH.exe N/A
N/A N/A C:\Windows\System\UlWQxGx.exe N/A
N/A N/A C:\Windows\System\TLSYvUi.exe N/A
N/A N/A C:\Windows\System\EnUdLsS.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\eomMIlA.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFVpLDM.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCvQiPY.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\jHIRdYy.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHwKZqI.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqLGCzn.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\QoGLQbZ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymfDmiN.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYklyuW.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHaFdSP.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJmakdW.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYYHMTU.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDrcHUB.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlwIcWo.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\CwPZJUV.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhfUETI.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKSFNzD.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAKONom.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ekMtjgT.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtuvVDe.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrRRHwF.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDlNquc.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\VorAHCy.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\iInbAmJ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxPweFO.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxXyLJT.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\EljvpTP.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNweCsy.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lToWwLW.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzowbMR.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wxcroos.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIFNkee.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zfuSBKL.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyFWDoZ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqfQYNP.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkibAcP.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzkUoAl.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lNkiCQK.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWzEDkS.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZaExzpd.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GElBpDi.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSpvWjJ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSmhiYf.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDKEuHJ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\neARUss.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdUcyjl.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\XGyQVIa.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMXsXXa.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtGeKoL.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRbaGpj.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuHhcOK.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\KIQVNEi.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyLEjSD.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEzgnYY.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zQXBxEs.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\dANYHbC.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzddwJo.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\piPxWPs.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrHAMlT.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBPSvav.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztultXg.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBvAKBZ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\akrMWCH.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\aXpawzN.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1412 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\GweAgax.exe
PID 1412 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\GweAgax.exe
PID 1412 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\dnWHyXL.exe
PID 1412 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\dnWHyXL.exe
PID 1412 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\FhAPOZI.exe
PID 1412 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\FhAPOZI.exe
PID 1412 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\TIjmtLE.exe
PID 1412 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\TIjmtLE.exe
PID 1412 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\guiwMiS.exe
PID 1412 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\guiwMiS.exe
PID 1412 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\NTROdzj.exe
PID 1412 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\NTROdzj.exe
PID 1412 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\xirIzIL.exe
PID 1412 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\xirIzIL.exe
PID 1412 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\pWzEDkS.exe
PID 1412 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\pWzEDkS.exe
PID 1412 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\uXBlndw.exe
PID 1412 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\uXBlndw.exe
PID 1412 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\IuvBkEt.exe
PID 1412 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\IuvBkEt.exe
PID 1412 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\fyFWDoZ.exe
PID 1412 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\fyFWDoZ.exe
PID 1412 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\plUcswB.exe
PID 1412 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\plUcswB.exe
PID 1412 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\UzVGwOJ.exe
PID 1412 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\UzVGwOJ.exe
PID 1412 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\tXHwqmv.exe
PID 1412 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\tXHwqmv.exe
PID 1412 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\udksywg.exe
PID 1412 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\udksywg.exe
PID 1412 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DdLMUZZ.exe
PID 1412 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DdLMUZZ.exe
PID 1412 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\eomMIlA.exe
PID 1412 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\eomMIlA.exe
PID 1412 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\piPxWPs.exe
PID 1412 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\piPxWPs.exe
PID 1412 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\WoseCGN.exe
PID 1412 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\WoseCGN.exe
PID 1412 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\KGJVqKb.exe
PID 1412 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\KGJVqKb.exe
PID 1412 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\afDqOPZ.exe
PID 1412 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\afDqOPZ.exe
PID 1412 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\aAKONom.exe
PID 1412 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\aAKONom.exe
PID 1412 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\VzgmyRu.exe
PID 1412 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\VzgmyRu.exe
PID 1412 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\VCwqbsG.exe
PID 1412 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\VCwqbsG.exe
PID 1412 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\QrHAMlT.exe
PID 1412 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\QrHAMlT.exe
PID 1412 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wWZpKjf.exe
PID 1412 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wWZpKjf.exe
PID 1412 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\JqvEayP.exe
PID 1412 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\JqvEayP.exe
PID 1412 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\MUeVloB.exe
PID 1412 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\MUeVloB.exe
PID 1412 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\eNuHNtQ.exe
PID 1412 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\eNuHNtQ.exe
PID 1412 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\cjmEHkG.exe
PID 1412 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\cjmEHkG.exe
PID 1412 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\tIFNsdM.exe
PID 1412 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\tIFNsdM.exe
PID 1412 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lVLWvSZ.exe
PID 1412 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lVLWvSZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe"

C:\Windows\System\GweAgax.exe

C:\Windows\System\GweAgax.exe

C:\Windows\System\dnWHyXL.exe

C:\Windows\System\dnWHyXL.exe

C:\Windows\System\FhAPOZI.exe

C:\Windows\System\FhAPOZI.exe

C:\Windows\System\TIjmtLE.exe

C:\Windows\System\TIjmtLE.exe

C:\Windows\System\guiwMiS.exe

C:\Windows\System\guiwMiS.exe

C:\Windows\System\NTROdzj.exe

C:\Windows\System\NTROdzj.exe

C:\Windows\System\xirIzIL.exe

C:\Windows\System\xirIzIL.exe

C:\Windows\System\pWzEDkS.exe

C:\Windows\System\pWzEDkS.exe

C:\Windows\System\uXBlndw.exe

C:\Windows\System\uXBlndw.exe

C:\Windows\System\IuvBkEt.exe

C:\Windows\System\IuvBkEt.exe

C:\Windows\System\fyFWDoZ.exe

C:\Windows\System\fyFWDoZ.exe

C:\Windows\System\plUcswB.exe

C:\Windows\System\plUcswB.exe

C:\Windows\System\UzVGwOJ.exe

C:\Windows\System\UzVGwOJ.exe

C:\Windows\System\tXHwqmv.exe

C:\Windows\System\tXHwqmv.exe

C:\Windows\System\udksywg.exe

C:\Windows\System\udksywg.exe

C:\Windows\System\DdLMUZZ.exe

C:\Windows\System\DdLMUZZ.exe

C:\Windows\System\eomMIlA.exe

C:\Windows\System\eomMIlA.exe

C:\Windows\System\piPxWPs.exe

C:\Windows\System\piPxWPs.exe

C:\Windows\System\WoseCGN.exe

C:\Windows\System\WoseCGN.exe

C:\Windows\System\KGJVqKb.exe

C:\Windows\System\KGJVqKb.exe

C:\Windows\System\afDqOPZ.exe

C:\Windows\System\afDqOPZ.exe

C:\Windows\System\aAKONom.exe

C:\Windows\System\aAKONom.exe

C:\Windows\System\VzgmyRu.exe

C:\Windows\System\VzgmyRu.exe

C:\Windows\System\VCwqbsG.exe

C:\Windows\System\VCwqbsG.exe

C:\Windows\System\QrHAMlT.exe

C:\Windows\System\QrHAMlT.exe

C:\Windows\System\wWZpKjf.exe

C:\Windows\System\wWZpKjf.exe

C:\Windows\System\JqvEayP.exe

C:\Windows\System\JqvEayP.exe

C:\Windows\System\MUeVloB.exe

C:\Windows\System\MUeVloB.exe

C:\Windows\System\eNuHNtQ.exe

C:\Windows\System\eNuHNtQ.exe

C:\Windows\System\cjmEHkG.exe

C:\Windows\System\cjmEHkG.exe

C:\Windows\System\tIFNsdM.exe

C:\Windows\System\tIFNsdM.exe

C:\Windows\System\lVLWvSZ.exe

C:\Windows\System\lVLWvSZ.exe

C:\Windows\System\IMAuPYe.exe

C:\Windows\System\IMAuPYe.exe

C:\Windows\System\XBPSvav.exe

C:\Windows\System\XBPSvav.exe

C:\Windows\System\MnyQGVk.exe

C:\Windows\System\MnyQGVk.exe

C:\Windows\System\iuHhcOK.exe

C:\Windows\System\iuHhcOK.exe

C:\Windows\System\FGyYoTA.exe

C:\Windows\System\FGyYoTA.exe

C:\Windows\System\jADCboA.exe

C:\Windows\System\jADCboA.exe

C:\Windows\System\DOltAUK.exe

C:\Windows\System\DOltAUK.exe

C:\Windows\System\HcMeIYA.exe

C:\Windows\System\HcMeIYA.exe

C:\Windows\System\ZclYiSK.exe

C:\Windows\System\ZclYiSK.exe

C:\Windows\System\OQlvTDZ.exe

C:\Windows\System\OQlvTDZ.exe

C:\Windows\System\AuQwyjQ.exe

C:\Windows\System\AuQwyjQ.exe

C:\Windows\System\yzddwJo.exe

C:\Windows\System\yzddwJo.exe

C:\Windows\System\LkawcUX.exe

C:\Windows\System\LkawcUX.exe

C:\Windows\System\mwHopzL.exe

C:\Windows\System\mwHopzL.exe

C:\Windows\System\DrVPaCH.exe

C:\Windows\System\DrVPaCH.exe

C:\Windows\System\lqfQYNP.exe

C:\Windows\System\lqfQYNP.exe

C:\Windows\System\qgYvXAR.exe

C:\Windows\System\qgYvXAR.exe

C:\Windows\System\mWMzpIo.exe

C:\Windows\System\mWMzpIo.exe

C:\Windows\System\usPhdyy.exe

C:\Windows\System\usPhdyy.exe

C:\Windows\System\DRmikAe.exe

C:\Windows\System\DRmikAe.exe

C:\Windows\System\kcJsCiW.exe

C:\Windows\System\kcJsCiW.exe

C:\Windows\System\iZEKXHz.exe

C:\Windows\System\iZEKXHz.exe

C:\Windows\System\aDccFLo.exe

C:\Windows\System\aDccFLo.exe

C:\Windows\System\ztultXg.exe

C:\Windows\System\ztultXg.exe

C:\Windows\System\hKeFkNm.exe

C:\Windows\System\hKeFkNm.exe

C:\Windows\System\ekMtjgT.exe

C:\Windows\System\ekMtjgT.exe

C:\Windows\System\neGcAKi.exe

C:\Windows\System\neGcAKi.exe

C:\Windows\System\DJDASxw.exe

C:\Windows\System\DJDASxw.exe

C:\Windows\System\swAIrqH.exe

C:\Windows\System\swAIrqH.exe

C:\Windows\System\UlWQxGx.exe

C:\Windows\System\UlWQxGx.exe

C:\Windows\System\TLSYvUi.exe

C:\Windows\System\TLSYvUi.exe

C:\Windows\System\EnUdLsS.exe

C:\Windows\System\EnUdLsS.exe

C:\Windows\System\GRWnehH.exe

C:\Windows\System\GRWnehH.exe

C:\Windows\System\ZsFNJPZ.exe

C:\Windows\System\ZsFNJPZ.exe

C:\Windows\System\oENuTnZ.exe

C:\Windows\System\oENuTnZ.exe

C:\Windows\System\oNweCsy.exe

C:\Windows\System\oNweCsy.exe

C:\Windows\System\ohHqkNP.exe

C:\Windows\System\ohHqkNP.exe

C:\Windows\System\dCmrhti.exe

C:\Windows\System\dCmrhti.exe

C:\Windows\System\jtuvVDe.exe

C:\Windows\System\jtuvVDe.exe

C:\Windows\System\grpbHIi.exe

C:\Windows\System\grpbHIi.exe

C:\Windows\System\BDehfsG.exe

C:\Windows\System\BDehfsG.exe

C:\Windows\System\VHmfslH.exe

C:\Windows\System\VHmfslH.exe

C:\Windows\System\NpLRpPn.exe

C:\Windows\System\NpLRpPn.exe

C:\Windows\System\mdCZctc.exe

C:\Windows\System\mdCZctc.exe

C:\Windows\System\WRyiNoI.exe

C:\Windows\System\WRyiNoI.exe

C:\Windows\System\LTuGKDm.exe

C:\Windows\System\LTuGKDm.exe

C:\Windows\System\lIMuzVl.exe

C:\Windows\System\lIMuzVl.exe

C:\Windows\System\EbBpLoZ.exe

C:\Windows\System\EbBpLoZ.exe

C:\Windows\System\rrRRHwF.exe

C:\Windows\System\rrRRHwF.exe

C:\Windows\System\ungzfGU.exe

C:\Windows\System\ungzfGU.exe

C:\Windows\System\wyBAqlS.exe

C:\Windows\System\wyBAqlS.exe

C:\Windows\System\ebOiJaU.exe

C:\Windows\System\ebOiJaU.exe

C:\Windows\System\jBlwsIp.exe

C:\Windows\System\jBlwsIp.exe

C:\Windows\System\vFVpLDM.exe

C:\Windows\System\vFVpLDM.exe

C:\Windows\System\NFqsiRg.exe

C:\Windows\System\NFqsiRg.exe

C:\Windows\System\aXpawzN.exe

C:\Windows\System\aXpawzN.exe

C:\Windows\System\suKzWRl.exe

C:\Windows\System\suKzWRl.exe

C:\Windows\System\LEbAoNp.exe

C:\Windows\System\LEbAoNp.exe

C:\Windows\System\ZaExzpd.exe

C:\Windows\System\ZaExzpd.exe

C:\Windows\System\HTPtbTn.exe

C:\Windows\System\HTPtbTn.exe

C:\Windows\System\JkFMnbi.exe

C:\Windows\System\JkFMnbi.exe

C:\Windows\System\HDlNquc.exe

C:\Windows\System\HDlNquc.exe

C:\Windows\System\xSQxGre.exe

C:\Windows\System\xSQxGre.exe

C:\Windows\System\JTurfrz.exe

C:\Windows\System\JTurfrz.exe

C:\Windows\System\XfmMpyb.exe

C:\Windows\System\XfmMpyb.exe

C:\Windows\System\nhdnEeo.exe

C:\Windows\System\nhdnEeo.exe

C:\Windows\System\wBxbQrU.exe

C:\Windows\System\wBxbQrU.exe

C:\Windows\System\uKpAJef.exe

C:\Windows\System\uKpAJef.exe

C:\Windows\System\jHovUoU.exe

C:\Windows\System\jHovUoU.exe

C:\Windows\System\zJmakdW.exe

C:\Windows\System\zJmakdW.exe

C:\Windows\System\KIQVNEi.exe

C:\Windows\System\KIQVNEi.exe

C:\Windows\System\boaxVpA.exe

C:\Windows\System\boaxVpA.exe

C:\Windows\System\WbBkQqR.exe

C:\Windows\System\WbBkQqR.exe

C:\Windows\System\VSpLKrg.exe

C:\Windows\System\VSpLKrg.exe

C:\Windows\System\BqSAHMY.exe

C:\Windows\System\BqSAHMY.exe

C:\Windows\System\FXLqCHw.exe

C:\Windows\System\FXLqCHw.exe

C:\Windows\System\VxXMaLC.exe

C:\Windows\System\VxXMaLC.exe

C:\Windows\System\lFWaZpn.exe

C:\Windows\System\lFWaZpn.exe

C:\Windows\System\VorAHCy.exe

C:\Windows\System\VorAHCy.exe

C:\Windows\System\AdGfbuR.exe

C:\Windows\System\AdGfbuR.exe

C:\Windows\System\KxRHWSY.exe

C:\Windows\System\KxRHWSY.exe

C:\Windows\System\neARUss.exe

C:\Windows\System\neARUss.exe

C:\Windows\System\gBzOnNX.exe

C:\Windows\System\gBzOnNX.exe

C:\Windows\System\GElBpDi.exe

C:\Windows\System\GElBpDi.exe

C:\Windows\System\fMkQPBn.exe

C:\Windows\System\fMkQPBn.exe

C:\Windows\System\qUJURsI.exe

C:\Windows\System\qUJURsI.exe

C:\Windows\System\TkibAcP.exe

C:\Windows\System\TkibAcP.exe

C:\Windows\System\IBCAwGz.exe

C:\Windows\System\IBCAwGz.exe

C:\Windows\System\jhRBXns.exe

C:\Windows\System\jhRBXns.exe

C:\Windows\System\MzXfwTa.exe

C:\Windows\System\MzXfwTa.exe

C:\Windows\System\lToWwLW.exe

C:\Windows\System\lToWwLW.exe

C:\Windows\System\fjwgqJL.exe

C:\Windows\System\fjwgqJL.exe

C:\Windows\System\UBiluYA.exe

C:\Windows\System\UBiluYA.exe

C:\Windows\System\FkYhGtj.exe

C:\Windows\System\FkYhGtj.exe

C:\Windows\System\quHfGoE.exe

C:\Windows\System\quHfGoE.exe

C:\Windows\System\OSpvWjJ.exe

C:\Windows\System\OSpvWjJ.exe

C:\Windows\System\UFPnUCf.exe

C:\Windows\System\UFPnUCf.exe

C:\Windows\System\djOmMLJ.exe

C:\Windows\System\djOmMLJ.exe

C:\Windows\System\YBvAKBZ.exe

C:\Windows\System\YBvAKBZ.exe

C:\Windows\System\nzowbMR.exe

C:\Windows\System\nzowbMR.exe

C:\Windows\System\azVDQQR.exe

C:\Windows\System\azVDQQR.exe

C:\Windows\System\UxumWhr.exe

C:\Windows\System\UxumWhr.exe

C:\Windows\System\EjFznoe.exe

C:\Windows\System\EjFznoe.exe

C:\Windows\System\EeOJtZi.exe

C:\Windows\System\EeOJtZi.exe

C:\Windows\System\vmOeqcy.exe

C:\Windows\System\vmOeqcy.exe

C:\Windows\System\KCvQiPY.exe

C:\Windows\System\KCvQiPY.exe

C:\Windows\System\LWyXhhZ.exe

C:\Windows\System\LWyXhhZ.exe

C:\Windows\System\Wxcroos.exe

C:\Windows\System\Wxcroos.exe

C:\Windows\System\ZxlCgTi.exe

C:\Windows\System\ZxlCgTi.exe

C:\Windows\System\YIFNkee.exe

C:\Windows\System\YIFNkee.exe

C:\Windows\System\noZFZcX.exe

C:\Windows\System\noZFZcX.exe

C:\Windows\System\hcllkvc.exe

C:\Windows\System\hcllkvc.exe

C:\Windows\System\GyLEjSD.exe

C:\Windows\System\GyLEjSD.exe

C:\Windows\System\HPAVztb.exe

C:\Windows\System\HPAVztb.exe

C:\Windows\System\zasaOwP.exe

C:\Windows\System\zasaOwP.exe

C:\Windows\System\oJGPGIQ.exe

C:\Windows\System\oJGPGIQ.exe

C:\Windows\System\oOdxfRA.exe

C:\Windows\System\oOdxfRA.exe

C:\Windows\System\mHrbdzA.exe

C:\Windows\System\mHrbdzA.exe

C:\Windows\System\DSoDfYP.exe

C:\Windows\System\DSoDfYP.exe

C:\Windows\System\XzECAbn.exe

C:\Windows\System\XzECAbn.exe

C:\Windows\System\kYYHMTU.exe

C:\Windows\System\kYYHMTU.exe

C:\Windows\System\TVrTwCt.exe

C:\Windows\System\TVrTwCt.exe

C:\Windows\System\KlndmYv.exe

C:\Windows\System\KlndmYv.exe

C:\Windows\System\AicyhbX.exe

C:\Windows\System\AicyhbX.exe

C:\Windows\System\JUXlEQj.exe

C:\Windows\System\JUXlEQj.exe

C:\Windows\System\eqLGCzn.exe

C:\Windows\System\eqLGCzn.exe

C:\Windows\System\zfuSBKL.exe

C:\Windows\System\zfuSBKL.exe

C:\Windows\System\TEjrJwM.exe

C:\Windows\System\TEjrJwM.exe

C:\Windows\System\NBkSEKN.exe

C:\Windows\System\NBkSEKN.exe

C:\Windows\System\XrwAQeh.exe

C:\Windows\System\XrwAQeh.exe

C:\Windows\System\YBOtxJg.exe

C:\Windows\System\YBOtxJg.exe

C:\Windows\System\gNcECdI.exe

C:\Windows\System\gNcECdI.exe

C:\Windows\System\XxXyLJT.exe

C:\Windows\System\XxXyLJT.exe

C:\Windows\System\FeUkFRu.exe

C:\Windows\System\FeUkFRu.exe

C:\Windows\System\AvmxNyT.exe

C:\Windows\System\AvmxNyT.exe

C:\Windows\System\cWlTENQ.exe

C:\Windows\System\cWlTENQ.exe

C:\Windows\System\NnkKOkS.exe

C:\Windows\System\NnkKOkS.exe

C:\Windows\System\VSjuHOy.exe

C:\Windows\System\VSjuHOy.exe

C:\Windows\System\xEzgnYY.exe

C:\Windows\System\xEzgnYY.exe

C:\Windows\System\yjpAJXR.exe

C:\Windows\System\yjpAJXR.exe

C:\Windows\System\locUXaM.exe

C:\Windows\System\locUXaM.exe

C:\Windows\System\ASVtwNg.exe

C:\Windows\System\ASVtwNg.exe

C:\Windows\System\GSmhiYf.exe

C:\Windows\System\GSmhiYf.exe

C:\Windows\System\nnLlvnC.exe

C:\Windows\System\nnLlvnC.exe

C:\Windows\System\EdUcyjl.exe

C:\Windows\System\EdUcyjl.exe

C:\Windows\System\htKrprz.exe

C:\Windows\System\htKrprz.exe

C:\Windows\System\HMInrUg.exe

C:\Windows\System\HMInrUg.exe

C:\Windows\System\zQXBxEs.exe

C:\Windows\System\zQXBxEs.exe

C:\Windows\System\WqEWCts.exe

C:\Windows\System\WqEWCts.exe

C:\Windows\System\dkYsfQH.exe

C:\Windows\System\dkYsfQH.exe

C:\Windows\System\DGQSfoL.exe

C:\Windows\System\DGQSfoL.exe

C:\Windows\System\OkUnpeK.exe

C:\Windows\System\OkUnpeK.exe

C:\Windows\System\jfUWcOx.exe

C:\Windows\System\jfUWcOx.exe

C:\Windows\System\OZQTMLV.exe

C:\Windows\System\OZQTMLV.exe

C:\Windows\System\QzggWka.exe

C:\Windows\System\QzggWka.exe

C:\Windows\System\KCFayeA.exe

C:\Windows\System\KCFayeA.exe

C:\Windows\System\IYmGxtx.exe

C:\Windows\System\IYmGxtx.exe

C:\Windows\System\tABoYLM.exe

C:\Windows\System\tABoYLM.exe

C:\Windows\System\EljvpTP.exe

C:\Windows\System\EljvpTP.exe

C:\Windows\System\iLvBfGA.exe

C:\Windows\System\iLvBfGA.exe

C:\Windows\System\eOOwgZB.exe

C:\Windows\System\eOOwgZB.exe

C:\Windows\System\GMsexgK.exe

C:\Windows\System\GMsexgK.exe

C:\Windows\System\ANTiVAF.exe

C:\Windows\System\ANTiVAF.exe

C:\Windows\System\ppVatlh.exe

C:\Windows\System\ppVatlh.exe

C:\Windows\System\zOlotjO.exe

C:\Windows\System\zOlotjO.exe

C:\Windows\System\ShWWkLe.exe

C:\Windows\System\ShWWkLe.exe

C:\Windows\System\jKcYHbc.exe

C:\Windows\System\jKcYHbc.exe

C:\Windows\System\xTAPGKJ.exe

C:\Windows\System\xTAPGKJ.exe

C:\Windows\System\PSRkzfU.exe

C:\Windows\System\PSRkzfU.exe

C:\Windows\System\gjpAaYI.exe

C:\Windows\System\gjpAaYI.exe

C:\Windows\System\PJfcRoD.exe

C:\Windows\System\PJfcRoD.exe

C:\Windows\System\pxBGUlG.exe

C:\Windows\System\pxBGUlG.exe

C:\Windows\System\UvFNmib.exe

C:\Windows\System\UvFNmib.exe

C:\Windows\System\IFTQiIw.exe

C:\Windows\System\IFTQiIw.exe

C:\Windows\System\bLBxsBf.exe

C:\Windows\System\bLBxsBf.exe

C:\Windows\System\yrroQLX.exe

C:\Windows\System\yrroQLX.exe

C:\Windows\System\oAlfrxD.exe

C:\Windows\System\oAlfrxD.exe

C:\Windows\System\BAEeGNT.exe

C:\Windows\System\BAEeGNT.exe

C:\Windows\System\ykoCPkE.exe

C:\Windows\System\ykoCPkE.exe

C:\Windows\System\YWDufRV.exe

C:\Windows\System\YWDufRV.exe

C:\Windows\System\uZWFqzr.exe

C:\Windows\System\uZWFqzr.exe

C:\Windows\System\sQdpEml.exe

C:\Windows\System\sQdpEml.exe

C:\Windows\System\gAZcQQB.exe

C:\Windows\System\gAZcQQB.exe

C:\Windows\System\dANYHbC.exe

C:\Windows\System\dANYHbC.exe

C:\Windows\System\WDrcHUB.exe

C:\Windows\System\WDrcHUB.exe

C:\Windows\System\jrdlkka.exe

C:\Windows\System\jrdlkka.exe

C:\Windows\System\rhfUETI.exe

C:\Windows\System\rhfUETI.exe

C:\Windows\System\QlwIcWo.exe

C:\Windows\System\QlwIcWo.exe

C:\Windows\System\SuucseL.exe

C:\Windows\System\SuucseL.exe

C:\Windows\System\zegGOad.exe

C:\Windows\System\zegGOad.exe

C:\Windows\System\sRwVxDB.exe

C:\Windows\System\sRwVxDB.exe

C:\Windows\System\gSeKZOJ.exe

C:\Windows\System\gSeKZOJ.exe

C:\Windows\System\yQaurQu.exe

C:\Windows\System\yQaurQu.exe

C:\Windows\System\VDKEuHJ.exe

C:\Windows\System\VDKEuHJ.exe

C:\Windows\System\cIlupco.exe

C:\Windows\System\cIlupco.exe

C:\Windows\System\WtOFUNU.exe

C:\Windows\System\WtOFUNU.exe

C:\Windows\System\TqsUgqK.exe

C:\Windows\System\TqsUgqK.exe

C:\Windows\System\GMZunaI.exe

C:\Windows\System\GMZunaI.exe

C:\Windows\System\VFJrfCF.exe

C:\Windows\System\VFJrfCF.exe

C:\Windows\System\hiesPOX.exe

C:\Windows\System\hiesPOX.exe

C:\Windows\System\CzkIZMo.exe

C:\Windows\System\CzkIZMo.exe

C:\Windows\System\FQKrvel.exe

C:\Windows\System\FQKrvel.exe

C:\Windows\System\TolziaD.exe

C:\Windows\System\TolziaD.exe

C:\Windows\System\SXOgUpg.exe

C:\Windows\System\SXOgUpg.exe

C:\Windows\System\IZoyOtt.exe

C:\Windows\System\IZoyOtt.exe

C:\Windows\System\IjYGlbH.exe

C:\Windows\System\IjYGlbH.exe

C:\Windows\System\KzkUoAl.exe

C:\Windows\System\KzkUoAl.exe

C:\Windows\System\PTVpzVH.exe

C:\Windows\System\PTVpzVH.exe

C:\Windows\System\RyMePBg.exe

C:\Windows\System\RyMePBg.exe

C:\Windows\System\rhujJKu.exe

C:\Windows\System\rhujJKu.exe

C:\Windows\System\bxzbyTw.exe

C:\Windows\System\bxzbyTw.exe

C:\Windows\System\fMtLLns.exe

C:\Windows\System\fMtLLns.exe

C:\Windows\System\DGzILMF.exe

C:\Windows\System\DGzILMF.exe

C:\Windows\System\SDEpWij.exe

C:\Windows\System\SDEpWij.exe

C:\Windows\System\RMNPLNh.exe

C:\Windows\System\RMNPLNh.exe

C:\Windows\System\QBfRBuE.exe

C:\Windows\System\QBfRBuE.exe

C:\Windows\System\XGyQVIa.exe

C:\Windows\System\XGyQVIa.exe

C:\Windows\System\YEXjXmL.exe

C:\Windows\System\YEXjXmL.exe

C:\Windows\System\XApQTJp.exe

C:\Windows\System\XApQTJp.exe

C:\Windows\System\fNtAkau.exe

C:\Windows\System\fNtAkau.exe

C:\Windows\System\peYRJDh.exe

C:\Windows\System\peYRJDh.exe

C:\Windows\System\kMXsXXa.exe

C:\Windows\System\kMXsXXa.exe

C:\Windows\System\YBDQtDQ.exe

C:\Windows\System\YBDQtDQ.exe

C:\Windows\System\KTOtHmT.exe

C:\Windows\System\KTOtHmT.exe

C:\Windows\System\tnCmjaQ.exe

C:\Windows\System\tnCmjaQ.exe

C:\Windows\System\jHIRdYy.exe

C:\Windows\System\jHIRdYy.exe

C:\Windows\System\pHwKZqI.exe

C:\Windows\System\pHwKZqI.exe

C:\Windows\System\qCZGgVv.exe

C:\Windows\System\qCZGgVv.exe

C:\Windows\System\awTbiSW.exe

C:\Windows\System\awTbiSW.exe

C:\Windows\System\OUaragn.exe

C:\Windows\System\OUaragn.exe

C:\Windows\System\NtGeKoL.exe

C:\Windows\System\NtGeKoL.exe

C:\Windows\System\ayHzuTU.exe

C:\Windows\System\ayHzuTU.exe

C:\Windows\System\GKczMBT.exe

C:\Windows\System\GKczMBT.exe

C:\Windows\System\XWNUheg.exe

C:\Windows\System\XWNUheg.exe

C:\Windows\System\eiyoSoE.exe

C:\Windows\System\eiyoSoE.exe

C:\Windows\System\CBDmOsu.exe

C:\Windows\System\CBDmOsu.exe

C:\Windows\System\xnzbjVV.exe

C:\Windows\System\xnzbjVV.exe

C:\Windows\System\GKSFNzD.exe

C:\Windows\System\GKSFNzD.exe

C:\Windows\System\KXJebww.exe

C:\Windows\System\KXJebww.exe

C:\Windows\System\RLmTDOy.exe

C:\Windows\System\RLmTDOy.exe

C:\Windows\System\QoGLQbZ.exe

C:\Windows\System\QoGLQbZ.exe

C:\Windows\System\sQDeLEK.exe

C:\Windows\System\sQDeLEK.exe

C:\Windows\System\igJRALQ.exe

C:\Windows\System\igJRALQ.exe

C:\Windows\System\bIuixvf.exe

C:\Windows\System\bIuixvf.exe

C:\Windows\System\EKGILge.exe

C:\Windows\System\EKGILge.exe

C:\Windows\System\lxSsPrw.exe

C:\Windows\System\lxSsPrw.exe

C:\Windows\System\DiqtWbb.exe

C:\Windows\System\DiqtWbb.exe

C:\Windows\System\LYnpgfo.exe

C:\Windows\System\LYnpgfo.exe

C:\Windows\System\iaBHayw.exe

C:\Windows\System\iaBHayw.exe

C:\Windows\System\kchnWGu.exe

C:\Windows\System\kchnWGu.exe

C:\Windows\System\hINWsSp.exe

C:\Windows\System\hINWsSp.exe

C:\Windows\System\rMQDYrH.exe

C:\Windows\System\rMQDYrH.exe

C:\Windows\System\rXuTuBz.exe

C:\Windows\System\rXuTuBz.exe

C:\Windows\System\vrZuHaI.exe

C:\Windows\System\vrZuHaI.exe

C:\Windows\System\gmSIZXZ.exe

C:\Windows\System\gmSIZXZ.exe

C:\Windows\System\fSfgpPO.exe

C:\Windows\System\fSfgpPO.exe

C:\Windows\System\RrrXUkQ.exe

C:\Windows\System\RrrXUkQ.exe

C:\Windows\System\OOkDXXg.exe

C:\Windows\System\OOkDXXg.exe

C:\Windows\System\lhFqvGP.exe

C:\Windows\System\lhFqvGP.exe

C:\Windows\System\eJQTbAp.exe

C:\Windows\System\eJQTbAp.exe

C:\Windows\System\HMzlrPE.exe

C:\Windows\System\HMzlrPE.exe

C:\Windows\System\ZRbaGpj.exe

C:\Windows\System\ZRbaGpj.exe

C:\Windows\System\UoPadUB.exe

C:\Windows\System\UoPadUB.exe

C:\Windows\System\qgosAvt.exe

C:\Windows\System\qgosAvt.exe

C:\Windows\System\CTPcACc.exe

C:\Windows\System\CTPcACc.exe

C:\Windows\System\akrMWCH.exe

C:\Windows\System\akrMWCH.exe

C:\Windows\System\ZKAQLjW.exe

C:\Windows\System\ZKAQLjW.exe

C:\Windows\System\wPvonyE.exe

C:\Windows\System\wPvonyE.exe

C:\Windows\System\dUxEUom.exe

C:\Windows\System\dUxEUom.exe

C:\Windows\System\owOLmnv.exe

C:\Windows\System\owOLmnv.exe

C:\Windows\System\EtBHcGK.exe

C:\Windows\System\EtBHcGK.exe

C:\Windows\System\HhNhULX.exe

C:\Windows\System\HhNhULX.exe

C:\Windows\System\NEPxkCM.exe

C:\Windows\System\NEPxkCM.exe

C:\Windows\System\iInbAmJ.exe

C:\Windows\System\iInbAmJ.exe

C:\Windows\System\kdDasTI.exe

C:\Windows\System\kdDasTI.exe

C:\Windows\System\CwPZJUV.exe

C:\Windows\System\CwPZJUV.exe

C:\Windows\System\rAzZIDl.exe

C:\Windows\System\rAzZIDl.exe

C:\Windows\System\ymfDmiN.exe

C:\Windows\System\ymfDmiN.exe

C:\Windows\System\OieJvNI.exe

C:\Windows\System\OieJvNI.exe

C:\Windows\System\rHUusiZ.exe

C:\Windows\System\rHUusiZ.exe

C:\Windows\System\lNkiCQK.exe

C:\Windows\System\lNkiCQK.exe

C:\Windows\System\fqDpECt.exe

C:\Windows\System\fqDpECt.exe

C:\Windows\System\IccYvqY.exe

C:\Windows\System\IccYvqY.exe

C:\Windows\System\nppcVIC.exe

C:\Windows\System\nppcVIC.exe

C:\Windows\System\PaMfNCV.exe

C:\Windows\System\PaMfNCV.exe

C:\Windows\System\BxPweFO.exe

C:\Windows\System\BxPweFO.exe

C:\Windows\System\jQKCiCq.exe

C:\Windows\System\jQKCiCq.exe

C:\Windows\System\XYklyuW.exe

C:\Windows\System\XYklyuW.exe

C:\Windows\System\cdZpolx.exe

C:\Windows\System\cdZpolx.exe

C:\Windows\System\yYWwHxl.exe

C:\Windows\System\yYWwHxl.exe

C:\Windows\System\aTrOhoX.exe

C:\Windows\System\aTrOhoX.exe

C:\Windows\System\BMUaDjL.exe

C:\Windows\System\BMUaDjL.exe

C:\Windows\System\AHaFdSP.exe

C:\Windows\System\AHaFdSP.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

memory/1412-0-0x00007FF751250000-0x00007FF7515A4000-memory.dmp

memory/1412-1-0x0000025138910000-0x0000025138920000-memory.dmp

C:\Windows\System\GweAgax.exe

MD5 2adac51037a2687f6905222cc5845b0a
SHA1 8b2f3e6e3fbe5cdc80f4b3783eeb7c928756dcfb
SHA256 99112018eb11b29b81249bfae28c3d3650ed135eb4a9374c40f1c7bc5bdf30d3
SHA512 b4838e6e6bdfbb8aebd0d04c88baee520232ebf544789ee73e9684be0b8ecd02a667a4960aaee5b117fb1f27a596976594cdebe037ba29cc17e8100705a2d7d5

C:\Windows\System\dnWHyXL.exe

MD5 1f50609563b0e2446174de4a03fdf69f
SHA1 63c3cea3f586bde79b1a0e8bae4e593698b53caa
SHA256 f18e258d6d7017ffa8237462c8c9189a7b836a4986a3fb051211686133142f92
SHA512 f934938906ea5edf8458c2f8c4899ae8be26d443e568afdf59d3c2b12fe98518115be9cfe25da4fca6132c9a1897121a4f3bc0522448b7a72eb3699ba0b1fb31

C:\Windows\System\TIjmtLE.exe

MD5 e4dda63fac918e8f14f98e0af928a993
SHA1 d09ea8e702e86bbea1020b8d70b609252a51b52a
SHA256 ee6427448df90dfeee4028fd18d1d3bbb0f47a9429746c1b6b041b7bf668b3f5
SHA512 c8616bf828c83cb36b2c2cf4d5fbb74e395b347315d3012312f8f120204cbbc16eaeeff93eec655d17a5dd3035a03bcf410e95e9beae51dbc4368cde25210a5a

memory/216-21-0x00007FF63B9C0000-0x00007FF63BD14000-memory.dmp

C:\Windows\System\guiwMiS.exe

MD5 59d8251979ce8c7693659480aa40d8a4
SHA1 0995885a5c572ad0f6a05675ad643a5eb5301171
SHA256 00f93fdce6081b45935d843294b5b9e362a3530dbb8af9a6838fe004b90bc2bd
SHA512 b7211229448902688841d8e8da2572e06e9a019731ed7a5f49de672f91d9c0c5482809e2b8186fb9ab16dee787b69bb0f30783558bc463e862c5e6449888337e

C:\Windows\System\pWzEDkS.exe

MD5 1839dd6dd66ada3f9baf2b2b28d06b96
SHA1 29c835adb019616843a3ad21abd12d41f091d166
SHA256 7ba63f43b1a20e0780109c55e6e46f91a144282cd304bd23f810e28fe2a51296
SHA512 ffcc3211eaec607383dd649bee9c82aa1ed1aba4d1682dee96999923c29a9c6607617f2586475cff63c916f0edecae734e8f59ac723d782943689524146642ba

C:\Windows\System\IuvBkEt.exe

MD5 6925a91d1d27551895418f037487cfa1
SHA1 83d7e3af5ddb2863d1865449992bb6468f412d2e
SHA256 7ccb45a69d5492b17be1ffe062ea72763bccdf671fe0b7cd9a025af577f5dfbc
SHA512 812c2cbfb53ac5e6f4ee4355abf481ea4fe5944cc8f85e1a98aa3eebba2fdf40e968c2f2365cf67d70822151e9fefa601691b1a1385e47d47acbcf370a144cae

C:\Windows\System\uXBlndw.exe

MD5 73ae9e1c81a3ed401400c6ff96124e96
SHA1 2ec29f5bf377075b657fc600157211411c46f949
SHA256 14c58fdea019d8ae1836dfd0761c7271efde890cbb852adb3779bcc5eb8545a6
SHA512 d0736657b7a7c5eee4793803470500d4f7bcadd943dbcea0b17c3fab31c66d06488f19f06ad15921d8dc1d8295c34a38228a7539207f23bd1f05c314473d4ec5

memory/2736-61-0x00007FF6CBA90000-0x00007FF6CBDE4000-memory.dmp

C:\Windows\System\fyFWDoZ.exe

MD5 3a5f21660a9efcf4a9bd316911b71831
SHA1 f5872dfd42a02b1da805b3f0727c110b3ececd96
SHA256 a01e2e8e30d4dfa0d42ed6a1430376b0d6e8d4d67396e68b23c4aaa5998cda5c
SHA512 6a97e5a5d548cdc9a59b13fbf0ee53268d51e867fde30aacc4b8f12382b3d2eba6c1fe9eda3a28b0ad25ceb7bca48c5d81f9f1ab014b72219415e4177a801078

C:\Windows\System\tXHwqmv.exe

MD5 dd160850934dc412a0db0471c33d99d0
SHA1 a9aab4c096094266503f69fd9a1f17c114814f25
SHA256 0a3e96e2d031c2afc90bdf67e68465bb8852ef06b44f508690f1163b1ea08f24
SHA512 6069aff39fb1f80741bd2ce8d191c78ac9890ec18f3b1c2b49bc839f31f8980707f79bdc196ba3abf7edd4e1be4be6785275cae5b07825d60807c7bf7ce782a9

C:\Windows\System\afDqOPZ.exe

MD5 5c68bcc3b2c1b7fb79264514048cb90f
SHA1 343fe3bd13a7ec6d77137afc08eb85a3067da8f9
SHA256 e3a51b445587a3612cfb112e0bfff890156da2e58a7407af3a3fda7c89b8ab15
SHA512 ccc94feb9b50449c1416b4cbbc731c95933a50639d3068e1daf3a77cd6a8e9f3f088386770734d8c9fe8c34c9929f7df3e391f3f4b49cd7cbbc7abf55cca8bfd

C:\Windows\System\JqvEayP.exe

MD5 8d10cff3c160eb7a89035f3f11f89cdb
SHA1 0f493f2e9dede5ca62cd77a09303abddb2f71153
SHA256 cca10b4c4dde92ef80edc373f6a1a433daf416e71899aa5976a70ac80267a6f7
SHA512 dbc0950104147502045e4f5c4d49322995e7df95cb4faae8950d9e4dd14c4c2996e5662cf0128dd9e111db9dd31942f057ba3567ce113cac7c47588cd42bad34

C:\Windows\System\cjmEHkG.exe

MD5 1838bb85f122608873b1165e373d37b3
SHA1 3ff9b2e161ccabda95d038122bd38225623f2a1d
SHA256 810cfff4408457e30c8a39d1b3b891d5cc2abc181dbc6835842c090203c9dc46
SHA512 ff3d0ff5d100b505adf769cf7a614498fab5769c34d63267b37be91bb14a6b901a1089012cafe0b72085f88f0b10927dff05f6757d47e3661e4e91fc092d5d12

C:\Windows\System\IMAuPYe.exe

MD5 3de7c1e3a744fa911a184708163fdf12
SHA1 90e71a53fe19594cd0a0d355dd679c99bcafad65
SHA256 f17858ef5914ad0c8f2f9072236503b60c467b3bcff9901f2081478599826d6c
SHA512 639dcbf0875b792a5c94118ac17adfca2a41c00e2758f2407126f9df596d3c68ffa58460a1b538d4f373e1baabe6a3187ca2f689307a6fe404109126fe951398

memory/3200-494-0x00007FF682E20000-0x00007FF683174000-memory.dmp

memory/4004-495-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp

memory/2140-497-0x00007FF635E40000-0x00007FF636194000-memory.dmp

memory/4056-508-0x00007FF7DAAA0000-0x00007FF7DADF4000-memory.dmp

memory/2128-517-0x00007FF7478F0000-0x00007FF747C44000-memory.dmp

memory/1776-520-0x00007FF7CC850000-0x00007FF7CCBA4000-memory.dmp

memory/1448-525-0x00007FF765FB0000-0x00007FF766304000-memory.dmp

memory/3648-515-0x00007FF7BC010000-0x00007FF7BC364000-memory.dmp

memory/4648-512-0x00007FF73D8B0000-0x00007FF73DC04000-memory.dmp

memory/1524-500-0x00007FF757940000-0x00007FF757C94000-memory.dmp

C:\Windows\System\tIFNsdM.exe

MD5 cf41bda6b0036fb8407185925ad7e21b
SHA1 4b21b70f3971e8b1f57bea5584c99b5257a4c78b
SHA256 2eacd8ab3e201e9cd04abad73b5deaa20b95443f86f29b2d8558267300b643eb
SHA512 834a7a3b489472f3148429b300bbbf635d77ea0d3b836fb47b6d67bb57be52e6b7a58f2af8a0f0feec8cfbdd14160412fcf2bc56db2cac34e4ee50d35681d881

C:\Windows\System\lVLWvSZ.exe

MD5 09618855d3ca9a979c74a81989bde776
SHA1 af5d13f061489db322846fdd67291c6a69ed60fa
SHA256 9d377a1df7f2b7bf477a37aef8a62defd7bfd765efa07f83a4a2768521bc6052
SHA512 cf916f713a69913e2dd2a1584a8dd31c3b910e8181ff8dbeb9c2770a0e939fff05e5e352c3119a48800ddc19b21bbe55b3870516b0edc5826a860013fdc25909

C:\Windows\System\eNuHNtQ.exe

MD5 6a9514e48a75b378e814549003d189d4
SHA1 65c497eda193b01668cfc0750b1d8ecd3bf4895a
SHA256 8336b25ef9f26ec0f24baced30e482a49290660d56c030526322925d26487c5b
SHA512 198258c1f66e7218f43f03bf84d55269f681ff529a26e7e87806231c6a80d1a28b28aa1d212f61e759b05b8e3fb7337e6c30c15d37d7948f8e935698ddffcc47

C:\Windows\System\MUeVloB.exe

MD5 43a6c8d7e638fd35599107dcf9ef5804
SHA1 4d536e6ecf403be46b5e0063bf5aa1882950762f
SHA256 8d32231618b0e963b127c7421fb76c8ae7fe32804eb45284be55586a477650bc
SHA512 e569e318b455734293eddd29e647eb9841bbc1c4229990830e1046f3db33f2bebb076b79d559e80a5efe9e2cbbe41b5333c8c210a8ced4c6eeba047e8fdf0c83

C:\Windows\System\wWZpKjf.exe

MD5 7ba5396b2fd7c181214c210c4285856a
SHA1 8721de5c61027e315d2d748cbb8bb9d2eb59a1f5
SHA256 bbb6f0a6076b640a85e8c0d0eabc4b32f11e8f891378b06d30c29aaa15cea9f9
SHA512 ac3ebe9a94400903af96bc0a1f85fe5e68e21def127af9a9bea33e04439affbf883f3d892fd014dc4fa8c0b6d45aaf34b8fe89f9010a77bf0fb62fc4933b2d61

C:\Windows\System\QrHAMlT.exe

MD5 f9625bbb0fe4a8e31eb1b01c2a489b1a
SHA1 1ca9da5ce2d4b50268a3bd17830f9a20c9a024bd
SHA256 c942d2881afcf44b07dd93d0715cc388e24d051d7816c5104400478b40dd9537
SHA512 185b90deab2dcb085efac62628c647d0505583c5a58ba63ec9c299dd55c47d5c21ecfce5afc20f2e4fde03384c493eb5d7c14defa8c5c3d3c261abdd780d51e1

C:\Windows\System\VCwqbsG.exe

MD5 605a1562e6ed0b44c200f2bdd71b6e63
SHA1 42bc3af37a529e12f3b0c48451319e47cea46162
SHA256 a165e450cb9942e99f8d1f421532b9af8f71abc258b795b7f5e29f7a98338624
SHA512 e611fc120fbb318d5c0d7a27fe8baed3ab16be31067185783813cc75d6b1b54bdecdfe077959106aa89db96f4f0b74800dbb4a5b9d73788526212ec44986a9f1

C:\Windows\System\VzgmyRu.exe

MD5 64b8a853453401f116aca9850ff0c7fa
SHA1 519b93d56e8c29f803890c65e5a0870498fda9b5
SHA256 1cb0d55af22d50836f880d51c4e8087e6344639fa374e79488b1ada032d9ed1c
SHA512 771360dd8050dfa86eef3384143d788c23fa02c7e730f6e401315c291e324a1c82f27d22d64674cdc0582cbbeb404ea2f2680a944fb45b5589c00e7a4a107df0

C:\Windows\System\aAKONom.exe

MD5 eed9d81383735d0181549484eac17828
SHA1 4eb5a244e4c1504078e5bd60b2514a1e88980edb
SHA256 259a72f489dbda31610fb233f2578341c2edf7e56832718c1efb40d5eb2c8011
SHA512 db3675f4d0c232db18b8b73fe510a35ccbff39f888765745acd0b6df296b54a90eeb1b8657cf93a29f17b2e4532a98f3ca302d069320ea048c7b168d2f462aee

C:\Windows\System\KGJVqKb.exe

MD5 ddea5c15ec43ec8acce46f275ad9913f
SHA1 1ccf14df079c230592682ef4cc9cdafedc6db6e5
SHA256 3ab128c5791a02f12b3b9e1104d42a7a994753aa17e412cba5a7447071208d08
SHA512 9922b1ebd4c54f7cb6f629437f7e9dadeae8d1630f8376498970f52daa2a7622187e0ea38e77d8a4e783920ed322733c6341294ef6735e097adfcb57353eba8a

C:\Windows\System\WoseCGN.exe

MD5 b057fed4ad9a71fad2bf79003d26bf5d
SHA1 6c0999639b10a78cd17cd5d27c732c8f0b375a6c
SHA256 0e35e1d668b3c5aeaf15e1f3141f37c6bb5733cfab353881fe5c5a7f9490395f
SHA512 74db8c7b8035a1864464dacc11295e86e52131fe1f20e74b9d68b115c93b44899b8ae48fddfca4c4bd6e9dc737b03fe892d858992ab614a05ec66a83cf4f6f09

C:\Windows\System\piPxWPs.exe

MD5 9147bd54a011356b57feb5b3ba5eeac7
SHA1 779af8b705a443a7b88cadba9d900f205bd8d945
SHA256 352f578d0b8ee9c97675362ca50dc60cfc6d41551ec07f312e2703de51354904
SHA512 71969b2265b53d80250d237c36ac6bd61df823dc06b72caa8fd029d9c5d6abd2f2d3a659fcd7a8c73c6cd08d9ad48a148efdaee26e6cbb368219fe24d4d0c466

C:\Windows\System\eomMIlA.exe

MD5 4c195fe930678a9f213880f5677b09b6
SHA1 ee898eb2b60ce17e56ad544db67ab52dee981754
SHA256 b2c7848d18fa10cf6287293e121471fe81628989ce11fb3e3eab7a36b1f6d3d7
SHA512 31d3df3a97d6a4403abff0145617d7add7bcfc2bdac6f620d9fc1860ce732c17d2d1725468bd0426e929f8bdaf9c068950f5449b1a44214a97afa7f2602ad81a

C:\Windows\System\DdLMUZZ.exe

MD5 5082133bd4a6361f1243abea1d983fb8
SHA1 8eb8b3c8ea7df801d12bc27b351ac59ec0aea5b8
SHA256 b4be027fbb1c02f401e641075b385f6dec88bfb22171216b25db90667afeac2a
SHA512 396cf04737e9a4671700ecdea80a484415d1adc91cf5ad69d7eb914526c5655e3cf2be01fc391bf6eb6380668ce10f58f1f1ac9c8341eb8f95fc7481129745a2

C:\Windows\System\udksywg.exe

MD5 e9b3062995f82ca6a808ca182fc89ff9
SHA1 90bb9ac6ec0e1f12c67811e2c7f48c1264348a40
SHA256 906e20434c409a2089da389752e3282faa2beca15005e8b68e341ddc4de9a9a7
SHA512 71dbbbf93728e76fb56432f73cc4dbb466d9c7d968c5b3a79cda629802d20a885a9dd33ff928e9dbe0244473a8581ec4b42523e377d333213e4d7f7d04002752

memory/2080-528-0x00007FF6FE0F0000-0x00007FF6FE444000-memory.dmp

C:\Windows\System\UzVGwOJ.exe

MD5 296c2cae5cac38e2ef18d3c1980953cb
SHA1 1d9031fc685499b68d2735dc169aabf3a0c218e6
SHA256 3f3416beae7c3c6dba63c0803786c7504a20fcb6c4e723de7a83eedff477117a
SHA512 50d87f4adfdd22576ca8a75ff950f4d1353a20d6a5723086a6cb9b80f3f1fc90290b25d4304e4ba88dd960a284f2d288943f9381dcd689e24aba760b24a68390

C:\Windows\System\plUcswB.exe

MD5 3b0e187be14bac4bc2e97c17b8955745
SHA1 f643a339b1f3eb86ece39522b122349c7c16e5b1
SHA256 dab2f4259ee86c3d0208399ec2f4e91c5199dab39e4f53b9ad65291719281603
SHA512 f3be855ab46282310ba32ff2ef02cd5e1a0a66158e89b64dd3269c51419d94d63c1c42b01dc8e9e878b7d03aca4153cb51d7e64919dd27d7fbf66e13be34dab8

memory/1684-535-0x00007FF600000000-0x00007FF600354000-memory.dmp

memory/4476-545-0x00007FF737DB0000-0x00007FF738104000-memory.dmp

memory/1208-549-0x00007FF76FC70000-0x00007FF76FFC4000-memory.dmp

memory/2576-551-0x00007FF75F570000-0x00007FF75F8C4000-memory.dmp

memory/1572-562-0x00007FF60DA00000-0x00007FF60DD54000-memory.dmp

memory/4320-568-0x00007FF77CAF0000-0x00007FF77CE44000-memory.dmp

memory/2952-566-0x00007FF7C35B0000-0x00007FF7C3904000-memory.dmp

memory/4720-561-0x00007FF630320000-0x00007FF630674000-memory.dmp

memory/1996-56-0x00007FF6CD6F0000-0x00007FF6CDA44000-memory.dmp

memory/1168-53-0x00007FF6A6F10000-0x00007FF6A7264000-memory.dmp

C:\Windows\System\xirIzIL.exe

MD5 da784f4d24cea45811740917cf328af7
SHA1 9b04e9fe7cd6a4cf1672cd7238c5309e2b7d9c30
SHA256 ab409f688f3f2d099c2d51dffe05ff1cb1098479a59980379b42c8dc28230658
SHA512 d8ef3dd6a908fb2606b3b7194e38ce54c44b677e9a0fc7a96fe83762baa8748a2e9214c729770abf826ae2036f60f6d6f17ebdfa0d93842c3f9925d0a7bec977

memory/4204-47-0x00007FF71A2E0000-0x00007FF71A634000-memory.dmp

memory/3964-44-0x00007FF68E540000-0x00007FF68E894000-memory.dmp

C:\Windows\System\NTROdzj.exe

MD5 d7b60d66121f3288e62d044fd378381b
SHA1 3c412ebbd8e486cce651aeca7cb6e640feef3455
SHA256 13ccb94586a6ddfa4f7a7b934aae352cedf9bf555f5d4451dd3a70f37094bc44
SHA512 c8822423e129a1e4ca28ccebd698ab8af812c962577adad5efe13f146d48298429e444deb17eb387eb25a74688603bd550e9a7f6979fefa7348d00fb7e0ff8d8

memory/1172-36-0x00007FF600340000-0x00007FF600694000-memory.dmp

memory/2116-29-0x00007FF7346B0000-0x00007FF734A04000-memory.dmp

C:\Windows\System\FhAPOZI.exe

MD5 147e38c2c3b759da5b93e83d9cb8f19a
SHA1 56c93a8ea3599a5ef0e9e9186bda68a527a28791
SHA256 a644604dc1af5e19b1acdcab62f779afd00de1b2c3c2713c20166f4d11b915eb
SHA512 bb754b1628330e602dc989e6221137a4bb00e7138838d871bd6c598a39ec2ba61ef2bef9d68711af367e82c5ae5a52fc7b23c8eb46beea57ba1b9b49b207a240

memory/3664-15-0x00007FF6E51E0000-0x00007FF6E5534000-memory.dmp

memory/2924-8-0x00007FF765EF0000-0x00007FF766244000-memory.dmp

memory/1412-1070-0x00007FF751250000-0x00007FF7515A4000-memory.dmp

memory/3664-1071-0x00007FF6E51E0000-0x00007FF6E5534000-memory.dmp

memory/216-1072-0x00007FF63B9C0000-0x00007FF63BD14000-memory.dmp

memory/2116-1073-0x00007FF7346B0000-0x00007FF734A04000-memory.dmp

memory/1172-1074-0x00007FF600340000-0x00007FF600694000-memory.dmp

memory/3964-1075-0x00007FF68E540000-0x00007FF68E894000-memory.dmp

memory/1168-1076-0x00007FF6A6F10000-0x00007FF6A7264000-memory.dmp

memory/1996-1077-0x00007FF6CD6F0000-0x00007FF6CDA44000-memory.dmp

memory/2924-1078-0x00007FF765EF0000-0x00007FF766244000-memory.dmp

memory/3664-1079-0x00007FF6E51E0000-0x00007FF6E5534000-memory.dmp

memory/216-1080-0x00007FF63B9C0000-0x00007FF63BD14000-memory.dmp

memory/2116-1081-0x00007FF7346B0000-0x00007FF734A04000-memory.dmp

memory/4204-1084-0x00007FF71A2E0000-0x00007FF71A634000-memory.dmp

memory/2736-1086-0x00007FF6CBA90000-0x00007FF6CBDE4000-memory.dmp

memory/1996-1087-0x00007FF6CD6F0000-0x00007FF6CDA44000-memory.dmp

memory/1172-1085-0x00007FF600340000-0x00007FF600694000-memory.dmp

memory/1168-1083-0x00007FF6A6F10000-0x00007FF6A7264000-memory.dmp

memory/3964-1082-0x00007FF68E540000-0x00007FF68E894000-memory.dmp

memory/3200-1088-0x00007FF682E20000-0x00007FF683174000-memory.dmp

memory/2576-1101-0x00007FF75F570000-0x00007FF75F8C4000-memory.dmp

memory/1572-1104-0x00007FF60DA00000-0x00007FF60DD54000-memory.dmp

memory/2952-1105-0x00007FF7C35B0000-0x00007FF7C3904000-memory.dmp

memory/4720-1103-0x00007FF630320000-0x00007FF630674000-memory.dmp

memory/2140-1102-0x00007FF635E40000-0x00007FF636194000-memory.dmp

memory/1208-1100-0x00007FF76FC70000-0x00007FF76FFC4000-memory.dmp

memory/4476-1099-0x00007FF737DB0000-0x00007FF738104000-memory.dmp

memory/1684-1098-0x00007FF600000000-0x00007FF600354000-memory.dmp

memory/2080-1097-0x00007FF6FE0F0000-0x00007FF6FE444000-memory.dmp

memory/1448-1096-0x00007FF765FB0000-0x00007FF766304000-memory.dmp

memory/1776-1095-0x00007FF7CC850000-0x00007FF7CCBA4000-memory.dmp

memory/2128-1094-0x00007FF7478F0000-0x00007FF747C44000-memory.dmp

memory/3648-1093-0x00007FF7BC010000-0x00007FF7BC364000-memory.dmp

memory/1524-1092-0x00007FF757940000-0x00007FF757C94000-memory.dmp

memory/4648-1091-0x00007FF73D8B0000-0x00007FF73DC04000-memory.dmp

memory/4056-1090-0x00007FF7DAAA0000-0x00007FF7DADF4000-memory.dmp

memory/4004-1089-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp

memory/4320-1106-0x00007FF77CAF0000-0x00007FF77CE44000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 09:30

Reported

2024-06-01 09:32

Platform

win7-20240221-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zbipDZM.exe N/A
N/A N/A C:\Windows\System\wNjztEh.exe N/A
N/A N/A C:\Windows\System\nxyFoEC.exe N/A
N/A N/A C:\Windows\System\LATRLzZ.exe N/A
N/A N/A C:\Windows\System\AsImtkK.exe N/A
N/A N/A C:\Windows\System\DHcEJQT.exe N/A
N/A N/A C:\Windows\System\ctMbSwo.exe N/A
N/A N/A C:\Windows\System\plcwgfk.exe N/A
N/A N/A C:\Windows\System\AkoGVbU.exe N/A
N/A N/A C:\Windows\System\lUxwPlB.exe N/A
N/A N/A C:\Windows\System\qLKHbls.exe N/A
N/A N/A C:\Windows\System\nStgdGj.exe N/A
N/A N/A C:\Windows\System\HroiADd.exe N/A
N/A N/A C:\Windows\System\wEwndkL.exe N/A
N/A N/A C:\Windows\System\lZqExOb.exe N/A
N/A N/A C:\Windows\System\vpNxFRY.exe N/A
N/A N/A C:\Windows\System\EZWxAbV.exe N/A
N/A N/A C:\Windows\System\xnTuImp.exe N/A
N/A N/A C:\Windows\System\rhAFNVf.exe N/A
N/A N/A C:\Windows\System\odtWxSR.exe N/A
N/A N/A C:\Windows\System\DsnEHuk.exe N/A
N/A N/A C:\Windows\System\udgWlvJ.exe N/A
N/A N/A C:\Windows\System\RdJKpYd.exe N/A
N/A N/A C:\Windows\System\YHzrypm.exe N/A
N/A N/A C:\Windows\System\xWtUFNq.exe N/A
N/A N/A C:\Windows\System\DDsDLTE.exe N/A
N/A N/A C:\Windows\System\LyEFEdE.exe N/A
N/A N/A C:\Windows\System\ZqCehyc.exe N/A
N/A N/A C:\Windows\System\RIjlmxz.exe N/A
N/A N/A C:\Windows\System\iRtisCb.exe N/A
N/A N/A C:\Windows\System\xyeZGhk.exe N/A
N/A N/A C:\Windows\System\GuLIsjG.exe N/A
N/A N/A C:\Windows\System\fASnXuF.exe N/A
N/A N/A C:\Windows\System\BnWEwll.exe N/A
N/A N/A C:\Windows\System\UNAFMYQ.exe N/A
N/A N/A C:\Windows\System\RrPFhRe.exe N/A
N/A N/A C:\Windows\System\PGzRvsT.exe N/A
N/A N/A C:\Windows\System\LLINEqC.exe N/A
N/A N/A C:\Windows\System\cgodmIQ.exe N/A
N/A N/A C:\Windows\System\RCxfNIu.exe N/A
N/A N/A C:\Windows\System\tOPRoWJ.exe N/A
N/A N/A C:\Windows\System\OTQkeco.exe N/A
N/A N/A C:\Windows\System\UDwXOWw.exe N/A
N/A N/A C:\Windows\System\CLonrhy.exe N/A
N/A N/A C:\Windows\System\krlBwrH.exe N/A
N/A N/A C:\Windows\System\EoSqkeg.exe N/A
N/A N/A C:\Windows\System\MUFxrNC.exe N/A
N/A N/A C:\Windows\System\hqiXbUa.exe N/A
N/A N/A C:\Windows\System\wBogsvO.exe N/A
N/A N/A C:\Windows\System\EMFbYiO.exe N/A
N/A N/A C:\Windows\System\pymfGZU.exe N/A
N/A N/A C:\Windows\System\zJIXIcS.exe N/A
N/A N/A C:\Windows\System\UVzLHyS.exe N/A
N/A N/A C:\Windows\System\oIuJEJN.exe N/A
N/A N/A C:\Windows\System\NWVfzwb.exe N/A
N/A N/A C:\Windows\System\OKgTGmy.exe N/A
N/A N/A C:\Windows\System\cksxnAP.exe N/A
N/A N/A C:\Windows\System\OQEvUlz.exe N/A
N/A N/A C:\Windows\System\Byvnxbz.exe N/A
N/A N/A C:\Windows\System\GHLANHG.exe N/A
N/A N/A C:\Windows\System\asMJuxr.exe N/A
N/A N/A C:\Windows\System\zXcWhxX.exe N/A
N/A N/A C:\Windows\System\MOGZZHt.exe N/A
N/A N/A C:\Windows\System\LSDrvEn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\XuJiarl.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GNzPTMb.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwDSqGG.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNjztEh.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsnEHuk.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\DwofFrd.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlzlSji.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyIdAht.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzuRztb.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEfMVNv.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\uknWSDC.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAhfITM.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rBbEDrC.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\OARibof.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\VysifxA.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhTySMj.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeBVOpK.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdiYuXI.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lyPQcHB.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\LknVVMh.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZsilSh.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQcgpBA.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUxwPlB.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrPFhRe.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwHbsji.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\gGWvSpG.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuwqnDi.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhAFNVf.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsWiLwy.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\LzEjaGN.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLLyXXd.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\QPxfcCD.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGAQlmB.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\hECrdSL.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSoAMZi.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFFgfDA.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\pymfGZU.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzcxHgY.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzhuVHH.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYTxDRQ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDsDLTE.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\GuLIsjG.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\amoYEui.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcwZPfk.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpwesDP.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\Byvnxbz.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRgWEDJ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHyLXIg.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\MossICh.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\qdusWLW.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJlZKcw.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWRYQAf.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCddLNY.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZqExOb.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRtisCb.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtrhYHJ.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUldgYM.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbipDZM.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWtUFNq.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADplqVX.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\fOYYmjf.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsJJbct.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\HroiADd.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHpvpQC.exe C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1652 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\zbipDZM.exe
PID 1652 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\zbipDZM.exe
PID 1652 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\zbipDZM.exe
PID 1652 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wNjztEh.exe
PID 1652 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wNjztEh.exe
PID 1652 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wNjztEh.exe
PID 1652 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nxyFoEC.exe
PID 1652 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nxyFoEC.exe
PID 1652 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nxyFoEC.exe
PID 1652 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\LATRLzZ.exe
PID 1652 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\LATRLzZ.exe
PID 1652 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\LATRLzZ.exe
PID 1652 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AkoGVbU.exe
PID 1652 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AkoGVbU.exe
PID 1652 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AkoGVbU.exe
PID 1652 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AsImtkK.exe
PID 1652 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AsImtkK.exe
PID 1652 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\AsImtkK.exe
PID 1652 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lUxwPlB.exe
PID 1652 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lUxwPlB.exe
PID 1652 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lUxwPlB.exe
PID 1652 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DHcEJQT.exe
PID 1652 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DHcEJQT.exe
PID 1652 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DHcEJQT.exe
PID 1652 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\qLKHbls.exe
PID 1652 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\qLKHbls.exe
PID 1652 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\qLKHbls.exe
PID 1652 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\ctMbSwo.exe
PID 1652 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\ctMbSwo.exe
PID 1652 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\ctMbSwo.exe
PID 1652 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nStgdGj.exe
PID 1652 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nStgdGj.exe
PID 1652 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\nStgdGj.exe
PID 1652 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\plcwgfk.exe
PID 1652 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\plcwgfk.exe
PID 1652 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\plcwgfk.exe
PID 1652 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\HroiADd.exe
PID 1652 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\HroiADd.exe
PID 1652 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\HroiADd.exe
PID 1652 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wEwndkL.exe
PID 1652 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wEwndkL.exe
PID 1652 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\wEwndkL.exe
PID 1652 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\EZWxAbV.exe
PID 1652 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\EZWxAbV.exe
PID 1652 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\EZWxAbV.exe
PID 1652 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lZqExOb.exe
PID 1652 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lZqExOb.exe
PID 1652 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\lZqExOb.exe
PID 1652 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\xnTuImp.exe
PID 1652 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\xnTuImp.exe
PID 1652 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\xnTuImp.exe
PID 1652 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\vpNxFRY.exe
PID 1652 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\vpNxFRY.exe
PID 1652 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\vpNxFRY.exe
PID 1652 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\rhAFNVf.exe
PID 1652 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\rhAFNVf.exe
PID 1652 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\rhAFNVf.exe
PID 1652 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\odtWxSR.exe
PID 1652 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\odtWxSR.exe
PID 1652 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\odtWxSR.exe
PID 1652 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DsnEHuk.exe
PID 1652 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DsnEHuk.exe
PID 1652 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\DsnEHuk.exe
PID 1652 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe C:\Windows\System\udgWlvJ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\96592eeafca31456df85a438b3934490_NeikiAnalytics.exe"

C:\Windows\System\zbipDZM.exe

C:\Windows\System\zbipDZM.exe

C:\Windows\System\wNjztEh.exe

C:\Windows\System\wNjztEh.exe

C:\Windows\System\nxyFoEC.exe

C:\Windows\System\nxyFoEC.exe

C:\Windows\System\LATRLzZ.exe

C:\Windows\System\LATRLzZ.exe

C:\Windows\System\AkoGVbU.exe

C:\Windows\System\AkoGVbU.exe

C:\Windows\System\AsImtkK.exe

C:\Windows\System\AsImtkK.exe

C:\Windows\System\lUxwPlB.exe

C:\Windows\System\lUxwPlB.exe

C:\Windows\System\DHcEJQT.exe

C:\Windows\System\DHcEJQT.exe

C:\Windows\System\qLKHbls.exe

C:\Windows\System\qLKHbls.exe

C:\Windows\System\ctMbSwo.exe

C:\Windows\System\ctMbSwo.exe

C:\Windows\System\nStgdGj.exe

C:\Windows\System\nStgdGj.exe

C:\Windows\System\plcwgfk.exe

C:\Windows\System\plcwgfk.exe

C:\Windows\System\HroiADd.exe

C:\Windows\System\HroiADd.exe

C:\Windows\System\wEwndkL.exe

C:\Windows\System\wEwndkL.exe

C:\Windows\System\EZWxAbV.exe

C:\Windows\System\EZWxAbV.exe

C:\Windows\System\lZqExOb.exe

C:\Windows\System\lZqExOb.exe

C:\Windows\System\xnTuImp.exe

C:\Windows\System\xnTuImp.exe

C:\Windows\System\vpNxFRY.exe

C:\Windows\System\vpNxFRY.exe

C:\Windows\System\rhAFNVf.exe

C:\Windows\System\rhAFNVf.exe

C:\Windows\System\odtWxSR.exe

C:\Windows\System\odtWxSR.exe

C:\Windows\System\DsnEHuk.exe

C:\Windows\System\DsnEHuk.exe

C:\Windows\System\udgWlvJ.exe

C:\Windows\System\udgWlvJ.exe

C:\Windows\System\RdJKpYd.exe

C:\Windows\System\RdJKpYd.exe

C:\Windows\System\YHzrypm.exe

C:\Windows\System\YHzrypm.exe

C:\Windows\System\xWtUFNq.exe

C:\Windows\System\xWtUFNq.exe

C:\Windows\System\DDsDLTE.exe

C:\Windows\System\DDsDLTE.exe

C:\Windows\System\LyEFEdE.exe

C:\Windows\System\LyEFEdE.exe

C:\Windows\System\ZqCehyc.exe

C:\Windows\System\ZqCehyc.exe

C:\Windows\System\RIjlmxz.exe

C:\Windows\System\RIjlmxz.exe

C:\Windows\System\iRtisCb.exe

C:\Windows\System\iRtisCb.exe

C:\Windows\System\xyeZGhk.exe

C:\Windows\System\xyeZGhk.exe

C:\Windows\System\GuLIsjG.exe

C:\Windows\System\GuLIsjG.exe

C:\Windows\System\fASnXuF.exe

C:\Windows\System\fASnXuF.exe

C:\Windows\System\BnWEwll.exe

C:\Windows\System\BnWEwll.exe

C:\Windows\System\UNAFMYQ.exe

C:\Windows\System\UNAFMYQ.exe

C:\Windows\System\RrPFhRe.exe

C:\Windows\System\RrPFhRe.exe

C:\Windows\System\PGzRvsT.exe

C:\Windows\System\PGzRvsT.exe

C:\Windows\System\LLINEqC.exe

C:\Windows\System\LLINEqC.exe

C:\Windows\System\cgodmIQ.exe

C:\Windows\System\cgodmIQ.exe

C:\Windows\System\RCxfNIu.exe

C:\Windows\System\RCxfNIu.exe

C:\Windows\System\tOPRoWJ.exe

C:\Windows\System\tOPRoWJ.exe

C:\Windows\System\OTQkeco.exe

C:\Windows\System\OTQkeco.exe

C:\Windows\System\UDwXOWw.exe

C:\Windows\System\UDwXOWw.exe

C:\Windows\System\CLonrhy.exe

C:\Windows\System\CLonrhy.exe

C:\Windows\System\krlBwrH.exe

C:\Windows\System\krlBwrH.exe

C:\Windows\System\EoSqkeg.exe

C:\Windows\System\EoSqkeg.exe

C:\Windows\System\MUFxrNC.exe

C:\Windows\System\MUFxrNC.exe

C:\Windows\System\hqiXbUa.exe

C:\Windows\System\hqiXbUa.exe

C:\Windows\System\wBogsvO.exe

C:\Windows\System\wBogsvO.exe

C:\Windows\System\EMFbYiO.exe

C:\Windows\System\EMFbYiO.exe

C:\Windows\System\pymfGZU.exe

C:\Windows\System\pymfGZU.exe

C:\Windows\System\zJIXIcS.exe

C:\Windows\System\zJIXIcS.exe

C:\Windows\System\UVzLHyS.exe

C:\Windows\System\UVzLHyS.exe

C:\Windows\System\oIuJEJN.exe

C:\Windows\System\oIuJEJN.exe

C:\Windows\System\NWVfzwb.exe

C:\Windows\System\NWVfzwb.exe

C:\Windows\System\OKgTGmy.exe

C:\Windows\System\OKgTGmy.exe

C:\Windows\System\cksxnAP.exe

C:\Windows\System\cksxnAP.exe

C:\Windows\System\OQEvUlz.exe

C:\Windows\System\OQEvUlz.exe

C:\Windows\System\Byvnxbz.exe

C:\Windows\System\Byvnxbz.exe

C:\Windows\System\GHLANHG.exe

C:\Windows\System\GHLANHG.exe

C:\Windows\System\asMJuxr.exe

C:\Windows\System\asMJuxr.exe

C:\Windows\System\zXcWhxX.exe

C:\Windows\System\zXcWhxX.exe

C:\Windows\System\MOGZZHt.exe

C:\Windows\System\MOGZZHt.exe

C:\Windows\System\LSDrvEn.exe

C:\Windows\System\LSDrvEn.exe

C:\Windows\System\nsWiLwy.exe

C:\Windows\System\nsWiLwy.exe

C:\Windows\System\gzmUFOF.exe

C:\Windows\System\gzmUFOF.exe

C:\Windows\System\dGhAYvH.exe

C:\Windows\System\dGhAYvH.exe

C:\Windows\System\PIciETK.exe

C:\Windows\System\PIciETK.exe

C:\Windows\System\rbUOCtJ.exe

C:\Windows\System\rbUOCtJ.exe

C:\Windows\System\CUURhif.exe

C:\Windows\System\CUURhif.exe

C:\Windows\System\FhTySMj.exe

C:\Windows\System\FhTySMj.exe

C:\Windows\System\CIoNkfb.exe

C:\Windows\System\CIoNkfb.exe

C:\Windows\System\VpZazZH.exe

C:\Windows\System\VpZazZH.exe

C:\Windows\System\bXRQleP.exe

C:\Windows\System\bXRQleP.exe

C:\Windows\System\KvbTPZd.exe

C:\Windows\System\KvbTPZd.exe

C:\Windows\System\qGhjiYn.exe

C:\Windows\System\qGhjiYn.exe

C:\Windows\System\SdeQRnq.exe

C:\Windows\System\SdeQRnq.exe

C:\Windows\System\MgechuL.exe

C:\Windows\System\MgechuL.exe

C:\Windows\System\ytxwFdG.exe

C:\Windows\System\ytxwFdG.exe

C:\Windows\System\zwHbsji.exe

C:\Windows\System\zwHbsji.exe

C:\Windows\System\KzcxHgY.exe

C:\Windows\System\KzcxHgY.exe

C:\Windows\System\IFWebMm.exe

C:\Windows\System\IFWebMm.exe

C:\Windows\System\yySDiDz.exe

C:\Windows\System\yySDiDz.exe

C:\Windows\System\LzEjaGN.exe

C:\Windows\System\LzEjaGN.exe

C:\Windows\System\DwofFrd.exe

C:\Windows\System\DwofFrd.exe

C:\Windows\System\JMpzLnT.exe

C:\Windows\System\JMpzLnT.exe

C:\Windows\System\XONbXyp.exe

C:\Windows\System\XONbXyp.exe

C:\Windows\System\oyUcbxv.exe

C:\Windows\System\oyUcbxv.exe

C:\Windows\System\LVqeccg.exe

C:\Windows\System\LVqeccg.exe

C:\Windows\System\clPJlqG.exe

C:\Windows\System\clPJlqG.exe

C:\Windows\System\JbkqNKw.exe

C:\Windows\System\JbkqNKw.exe

C:\Windows\System\cEhcSqK.exe

C:\Windows\System\cEhcSqK.exe

C:\Windows\System\OBGjeGx.exe

C:\Windows\System\OBGjeGx.exe

C:\Windows\System\YKZGujG.exe

C:\Windows\System\YKZGujG.exe

C:\Windows\System\MBavFVe.exe

C:\Windows\System\MBavFVe.exe

C:\Windows\System\kKTWvPV.exe

C:\Windows\System\kKTWvPV.exe

C:\Windows\System\wzhuVHH.exe

C:\Windows\System\wzhuVHH.exe

C:\Windows\System\mIqjKjW.exe

C:\Windows\System\mIqjKjW.exe

C:\Windows\System\oRXbPbq.exe

C:\Windows\System\oRXbPbq.exe

C:\Windows\System\phTxAQr.exe

C:\Windows\System\phTxAQr.exe

C:\Windows\System\iatZNQT.exe

C:\Windows\System\iatZNQT.exe

C:\Windows\System\lDYiDmf.exe

C:\Windows\System\lDYiDmf.exe

C:\Windows\System\zforKgZ.exe

C:\Windows\System\zforKgZ.exe

C:\Windows\System\lZZXijb.exe

C:\Windows\System\lZZXijb.exe

C:\Windows\System\TsUZsaj.exe

C:\Windows\System\TsUZsaj.exe

C:\Windows\System\FeIBeQD.exe

C:\Windows\System\FeIBeQD.exe

C:\Windows\System\QtYKYia.exe

C:\Windows\System\QtYKYia.exe

C:\Windows\System\lISbtzQ.exe

C:\Windows\System\lISbtzQ.exe

C:\Windows\System\lRgWEDJ.exe

C:\Windows\System\lRgWEDJ.exe

C:\Windows\System\WHyLXIg.exe

C:\Windows\System\WHyLXIg.exe

C:\Windows\System\qabWmBI.exe

C:\Windows\System\qabWmBI.exe

C:\Windows\System\mBxPaCE.exe

C:\Windows\System\mBxPaCE.exe

C:\Windows\System\LLQVszd.exe

C:\Windows\System\LLQVszd.exe

C:\Windows\System\bKyLpQF.exe

C:\Windows\System\bKyLpQF.exe

C:\Windows\System\lqFUhaZ.exe

C:\Windows\System\lqFUhaZ.exe

C:\Windows\System\WZPaabm.exe

C:\Windows\System\WZPaabm.exe

C:\Windows\System\gGWvSpG.exe

C:\Windows\System\gGWvSpG.exe

C:\Windows\System\MsCAVoH.exe

C:\Windows\System\MsCAVoH.exe

C:\Windows\System\HWidVOh.exe

C:\Windows\System\HWidVOh.exe

C:\Windows\System\EYlcONF.exe

C:\Windows\System\EYlcONF.exe

C:\Windows\System\VXevCUL.exe

C:\Windows\System\VXevCUL.exe

C:\Windows\System\znlefSp.exe

C:\Windows\System\znlefSp.exe

C:\Windows\System\HzuRztb.exe

C:\Windows\System\HzuRztb.exe

C:\Windows\System\sNfvqQG.exe

C:\Windows\System\sNfvqQG.exe

C:\Windows\System\lADrpJa.exe

C:\Windows\System\lADrpJa.exe

C:\Windows\System\ELdufuM.exe

C:\Windows\System\ELdufuM.exe

C:\Windows\System\ADplqVX.exe

C:\Windows\System\ADplqVX.exe

C:\Windows\System\pjajEKq.exe

C:\Windows\System\pjajEKq.exe

C:\Windows\System\tgoacwx.exe

C:\Windows\System\tgoacwx.exe

C:\Windows\System\iyiLdvI.exe

C:\Windows\System\iyiLdvI.exe

C:\Windows\System\LZBGbSe.exe

C:\Windows\System\LZBGbSe.exe

C:\Windows\System\IEfMVNv.exe

C:\Windows\System\IEfMVNv.exe

C:\Windows\System\igxTMqU.exe

C:\Windows\System\igxTMqU.exe

C:\Windows\System\xqPwBwc.exe

C:\Windows\System\xqPwBwc.exe

C:\Windows\System\LknVVMh.exe

C:\Windows\System\LknVVMh.exe

C:\Windows\System\QqIgEBp.exe

C:\Windows\System\QqIgEBp.exe

C:\Windows\System\OrjuXWD.exe

C:\Windows\System\OrjuXWD.exe

C:\Windows\System\dzbfSXp.exe

C:\Windows\System\dzbfSXp.exe

C:\Windows\System\VGtguHK.exe

C:\Windows\System\VGtguHK.exe

C:\Windows\System\QPxfcCD.exe

C:\Windows\System\QPxfcCD.exe

C:\Windows\System\ZBxowjV.exe

C:\Windows\System\ZBxowjV.exe

C:\Windows\System\ubvxIAl.exe

C:\Windows\System\ubvxIAl.exe

C:\Windows\System\RPPktws.exe

C:\Windows\System\RPPktws.exe

C:\Windows\System\ktMbbrv.exe

C:\Windows\System\ktMbbrv.exe

C:\Windows\System\BLDANGE.exe

C:\Windows\System\BLDANGE.exe

C:\Windows\System\gPXaCea.exe

C:\Windows\System\gPXaCea.exe

C:\Windows\System\wdxLgci.exe

C:\Windows\System\wdxLgci.exe

C:\Windows\System\AoWxygF.exe

C:\Windows\System\AoWxygF.exe

C:\Windows\System\TyFgJoF.exe

C:\Windows\System\TyFgJoF.exe

C:\Windows\System\VysUxwh.exe

C:\Windows\System\VysUxwh.exe

C:\Windows\System\YafZllq.exe

C:\Windows\System\YafZllq.exe

C:\Windows\System\gaJwOJT.exe

C:\Windows\System\gaJwOJT.exe

C:\Windows\System\OnpxTQW.exe

C:\Windows\System\OnpxTQW.exe

C:\Windows\System\aBHplhD.exe

C:\Windows\System\aBHplhD.exe

C:\Windows\System\nFNcsqT.exe

C:\Windows\System\nFNcsqT.exe

C:\Windows\System\tdifXXc.exe

C:\Windows\System\tdifXXc.exe

C:\Windows\System\bzKwPvK.exe

C:\Windows\System\bzKwPvK.exe

C:\Windows\System\sFMmIRq.exe

C:\Windows\System\sFMmIRq.exe

C:\Windows\System\MossICh.exe

C:\Windows\System\MossICh.exe

C:\Windows\System\yggyBnv.exe

C:\Windows\System\yggyBnv.exe

C:\Windows\System\SAfsfKK.exe

C:\Windows\System\SAfsfKK.exe

C:\Windows\System\zlzlSji.exe

C:\Windows\System\zlzlSji.exe

C:\Windows\System\AaPcYpD.exe

C:\Windows\System\AaPcYpD.exe

C:\Windows\System\YGWIHPU.exe

C:\Windows\System\YGWIHPU.exe

C:\Windows\System\VHJzUnB.exe

C:\Windows\System\VHJzUnB.exe

C:\Windows\System\RTCLtUh.exe

C:\Windows\System\RTCLtUh.exe

C:\Windows\System\rimWgMy.exe

C:\Windows\System\rimWgMy.exe

C:\Windows\System\xeBVOpK.exe

C:\Windows\System\xeBVOpK.exe

C:\Windows\System\DtrhYHJ.exe

C:\Windows\System\DtrhYHJ.exe

C:\Windows\System\fPDBQrE.exe

C:\Windows\System\fPDBQrE.exe

C:\Windows\System\XUZtJaF.exe

C:\Windows\System\XUZtJaF.exe

C:\Windows\System\CYrrzNK.exe

C:\Windows\System\CYrrzNK.exe

C:\Windows\System\CDrFSLi.exe

C:\Windows\System\CDrFSLi.exe

C:\Windows\System\fOYYmjf.exe

C:\Windows\System\fOYYmjf.exe

C:\Windows\System\amoYEui.exe

C:\Windows\System\amoYEui.exe

C:\Windows\System\HGEcHEZ.exe

C:\Windows\System\HGEcHEZ.exe

C:\Windows\System\GkjOUUp.exe

C:\Windows\System\GkjOUUp.exe

C:\Windows\System\BGLufRC.exe

C:\Windows\System\BGLufRC.exe

C:\Windows\System\pnoDWvy.exe

C:\Windows\System\pnoDWvy.exe

C:\Windows\System\AkkahYX.exe

C:\Windows\System\AkkahYX.exe

C:\Windows\System\wsJJbct.exe

C:\Windows\System\wsJJbct.exe

C:\Windows\System\lQVAxny.exe

C:\Windows\System\lQVAxny.exe

C:\Windows\System\SySKTqI.exe

C:\Windows\System\SySKTqI.exe

C:\Windows\System\dOOvjQS.exe

C:\Windows\System\dOOvjQS.exe

C:\Windows\System\rJvuYUP.exe

C:\Windows\System\rJvuYUP.exe

C:\Windows\System\gvHAczN.exe

C:\Windows\System\gvHAczN.exe

C:\Windows\System\ZaBUPfx.exe

C:\Windows\System\ZaBUPfx.exe

C:\Windows\System\zZiWqBL.exe

C:\Windows\System\zZiWqBL.exe

C:\Windows\System\LZsilSh.exe

C:\Windows\System\LZsilSh.exe

C:\Windows\System\biFWxhe.exe

C:\Windows\System\biFWxhe.exe

C:\Windows\System\VnXkmBv.exe

C:\Windows\System\VnXkmBv.exe

C:\Windows\System\rdiYuXI.exe

C:\Windows\System\rdiYuXI.exe

C:\Windows\System\kTpbbxs.exe

C:\Windows\System\kTpbbxs.exe

C:\Windows\System\lyPQcHB.exe

C:\Windows\System\lyPQcHB.exe

C:\Windows\System\tUZJWjc.exe

C:\Windows\System\tUZJWjc.exe

C:\Windows\System\XuJiarl.exe

C:\Windows\System\XuJiarl.exe

C:\Windows\System\MKzOdWC.exe

C:\Windows\System\MKzOdWC.exe

C:\Windows\System\SHpvpQC.exe

C:\Windows\System\SHpvpQC.exe

C:\Windows\System\nCrHrxJ.exe

C:\Windows\System\nCrHrxJ.exe

C:\Windows\System\FNYVaPK.exe

C:\Windows\System\FNYVaPK.exe

C:\Windows\System\hPrpWkY.exe

C:\Windows\System\hPrpWkY.exe

C:\Windows\System\bNdQYbq.exe

C:\Windows\System\bNdQYbq.exe

C:\Windows\System\gecrAIx.exe

C:\Windows\System\gecrAIx.exe

C:\Windows\System\ESMDOlA.exe

C:\Windows\System\ESMDOlA.exe

C:\Windows\System\EmdexiT.exe

C:\Windows\System\EmdexiT.exe

C:\Windows\System\tZqOuUD.exe

C:\Windows\System\tZqOuUD.exe

C:\Windows\System\OijnpEy.exe

C:\Windows\System\OijnpEy.exe

C:\Windows\System\tKxidKv.exe

C:\Windows\System\tKxidKv.exe

C:\Windows\System\KGdeztk.exe

C:\Windows\System\KGdeztk.exe

C:\Windows\System\NxRXDvZ.exe

C:\Windows\System\NxRXDvZ.exe

C:\Windows\System\NUldgYM.exe

C:\Windows\System\NUldgYM.exe

C:\Windows\System\uknWSDC.exe

C:\Windows\System\uknWSDC.exe

C:\Windows\System\GNzPTMb.exe

C:\Windows\System\GNzPTMb.exe

C:\Windows\System\HjqmrqQ.exe

C:\Windows\System\HjqmrqQ.exe

C:\Windows\System\thYeuBz.exe

C:\Windows\System\thYeuBz.exe

C:\Windows\System\cvTZqjC.exe

C:\Windows\System\cvTZqjC.exe

C:\Windows\System\zZrvxRA.exe

C:\Windows\System\zZrvxRA.exe

C:\Windows\System\rBbEDrC.exe

C:\Windows\System\rBbEDrC.exe

C:\Windows\System\FQytctB.exe

C:\Windows\System\FQytctB.exe

C:\Windows\System\zyeKjiL.exe

C:\Windows\System\zyeKjiL.exe

C:\Windows\System\DuraKOS.exe

C:\Windows\System\DuraKOS.exe

C:\Windows\System\aAlySEe.exe

C:\Windows\System\aAlySEe.exe

C:\Windows\System\rGZBiZF.exe

C:\Windows\System\rGZBiZF.exe

C:\Windows\System\IySEHqY.exe

C:\Windows\System\IySEHqY.exe

C:\Windows\System\ytTPhpW.exe

C:\Windows\System\ytTPhpW.exe

C:\Windows\System\rcwZPfk.exe

C:\Windows\System\rcwZPfk.exe

C:\Windows\System\jwDSqGG.exe

C:\Windows\System\jwDSqGG.exe

C:\Windows\System\nuzsNNH.exe

C:\Windows\System\nuzsNNH.exe

C:\Windows\System\zBRUJgm.exe

C:\Windows\System\zBRUJgm.exe

C:\Windows\System\XSzZPSP.exe

C:\Windows\System\XSzZPSP.exe

C:\Windows\System\NEuNmaH.exe

C:\Windows\System\NEuNmaH.exe

C:\Windows\System\UPKiOud.exe

C:\Windows\System\UPKiOud.exe

C:\Windows\System\whkcLWQ.exe

C:\Windows\System\whkcLWQ.exe

C:\Windows\System\tEUsfkE.exe

C:\Windows\System\tEUsfkE.exe

C:\Windows\System\uYTxDRQ.exe

C:\Windows\System\uYTxDRQ.exe

C:\Windows\System\ljXHkMV.exe

C:\Windows\System\ljXHkMV.exe

C:\Windows\System\SjnSpBR.exe

C:\Windows\System\SjnSpBR.exe

C:\Windows\System\ljJdETg.exe

C:\Windows\System\ljJdETg.exe

C:\Windows\System\QmcRaJR.exe

C:\Windows\System\QmcRaJR.exe

C:\Windows\System\MQcgpBA.exe

C:\Windows\System\MQcgpBA.exe

C:\Windows\System\swsbMea.exe

C:\Windows\System\swsbMea.exe

C:\Windows\System\HMKerye.exe

C:\Windows\System\HMKerye.exe

C:\Windows\System\Jljwpjp.exe

C:\Windows\System\Jljwpjp.exe

C:\Windows\System\fqIOflw.exe

C:\Windows\System\fqIOflw.exe

C:\Windows\System\TMNtxFT.exe

C:\Windows\System\TMNtxFT.exe

C:\Windows\System\ATGjgcl.exe

C:\Windows\System\ATGjgcl.exe

C:\Windows\System\yIoIofE.exe

C:\Windows\System\yIoIofE.exe

C:\Windows\System\viQnmOW.exe

C:\Windows\System\viQnmOW.exe

C:\Windows\System\feOJOKU.exe

C:\Windows\System\feOJOKU.exe

C:\Windows\System\psGbjjv.exe

C:\Windows\System\psGbjjv.exe

C:\Windows\System\DpwesDP.exe

C:\Windows\System\DpwesDP.exe

C:\Windows\System\kqrVWcc.exe

C:\Windows\System\kqrVWcc.exe

C:\Windows\System\SLlkLlV.exe

C:\Windows\System\SLlkLlV.exe

C:\Windows\System\rAzSGox.exe

C:\Windows\System\rAzSGox.exe

C:\Windows\System\ELzgimX.exe

C:\Windows\System\ELzgimX.exe

C:\Windows\System\EkaDCcI.exe

C:\Windows\System\EkaDCcI.exe

C:\Windows\System\BFFgfDA.exe

C:\Windows\System\BFFgfDA.exe

C:\Windows\System\zAhfITM.exe

C:\Windows\System\zAhfITM.exe

C:\Windows\System\mYmfTsJ.exe

C:\Windows\System\mYmfTsJ.exe

C:\Windows\System\YIJPBfY.exe

C:\Windows\System\YIJPBfY.exe

C:\Windows\System\ycNMGKS.exe

C:\Windows\System\ycNMGKS.exe

C:\Windows\System\sMtfFdo.exe

C:\Windows\System\sMtfFdo.exe

C:\Windows\System\cAJqFXw.exe

C:\Windows\System\cAJqFXw.exe

C:\Windows\System\qdusWLW.exe

C:\Windows\System\qdusWLW.exe

C:\Windows\System\xjCdWXR.exe

C:\Windows\System\xjCdWXR.exe

C:\Windows\System\BrkbEad.exe

C:\Windows\System\BrkbEad.exe

C:\Windows\System\rHIZucj.exe

C:\Windows\System\rHIZucj.exe

C:\Windows\System\WdtDjle.exe

C:\Windows\System\WdtDjle.exe

C:\Windows\System\OARibof.exe

C:\Windows\System\OARibof.exe

C:\Windows\System\SSYTIhW.exe

C:\Windows\System\SSYTIhW.exe

C:\Windows\System\EfWjZRq.exe

C:\Windows\System\EfWjZRq.exe

C:\Windows\System\lYoXYQK.exe

C:\Windows\System\lYoXYQK.exe

C:\Windows\System\scNSYeB.exe

C:\Windows\System\scNSYeB.exe

C:\Windows\System\RpkbBHu.exe

C:\Windows\System\RpkbBHu.exe

C:\Windows\System\LJlZKcw.exe

C:\Windows\System\LJlZKcw.exe

C:\Windows\System\acuIayU.exe

C:\Windows\System\acuIayU.exe

C:\Windows\System\hBRQGbY.exe

C:\Windows\System\hBRQGbY.exe

C:\Windows\System\LfrzohE.exe

C:\Windows\System\LfrzohE.exe

C:\Windows\System\pIUYTLF.exe

C:\Windows\System\pIUYTLF.exe

C:\Windows\System\zuqRoAb.exe

C:\Windows\System\zuqRoAb.exe

C:\Windows\System\CFzaTsY.exe

C:\Windows\System\CFzaTsY.exe

C:\Windows\System\UiIZbhg.exe

C:\Windows\System\UiIZbhg.exe

C:\Windows\System\nZUYyLe.exe

C:\Windows\System\nZUYyLe.exe

C:\Windows\System\zlJundP.exe

C:\Windows\System\zlJundP.exe

C:\Windows\System\jKQrXdM.exe

C:\Windows\System\jKQrXdM.exe

C:\Windows\System\hutOzor.exe

C:\Windows\System\hutOzor.exe

C:\Windows\System\qzZbTol.exe

C:\Windows\System\qzZbTol.exe

C:\Windows\System\VWRYQAf.exe

C:\Windows\System\VWRYQAf.exe

C:\Windows\System\UBrmKeq.exe

C:\Windows\System\UBrmKeq.exe

C:\Windows\System\rUCoeqJ.exe

C:\Windows\System\rUCoeqJ.exe

C:\Windows\System\bHZDuOw.exe

C:\Windows\System\bHZDuOw.exe

C:\Windows\System\dlTkrnt.exe

C:\Windows\System\dlTkrnt.exe

C:\Windows\System\Vgdvope.exe

C:\Windows\System\Vgdvope.exe

C:\Windows\System\mweyQuJ.exe

C:\Windows\System\mweyQuJ.exe

C:\Windows\System\pZFQkdR.exe

C:\Windows\System\pZFQkdR.exe

C:\Windows\System\vGAQlmB.exe

C:\Windows\System\vGAQlmB.exe

C:\Windows\System\LRMMmGP.exe

C:\Windows\System\LRMMmGP.exe

C:\Windows\System\DzhwwNf.exe

C:\Windows\System\DzhwwNf.exe

C:\Windows\System\syZHWKh.exe

C:\Windows\System\syZHWKh.exe

C:\Windows\System\KZmPdxJ.exe

C:\Windows\System\KZmPdxJ.exe

C:\Windows\System\azzZGfv.exe

C:\Windows\System\azzZGfv.exe

C:\Windows\System\gsoCCFN.exe

C:\Windows\System\gsoCCFN.exe

C:\Windows\System\nsuvIZs.exe

C:\Windows\System\nsuvIZs.exe

C:\Windows\System\InkKBxS.exe

C:\Windows\System\InkKBxS.exe

C:\Windows\System\bkIMXNb.exe

C:\Windows\System\bkIMXNb.exe

C:\Windows\System\ZyIdAht.exe

C:\Windows\System\ZyIdAht.exe

C:\Windows\System\MAwESur.exe

C:\Windows\System\MAwESur.exe

C:\Windows\System\ULuGVLa.exe

C:\Windows\System\ULuGVLa.exe

C:\Windows\System\hECrdSL.exe

C:\Windows\System\hECrdSL.exe

C:\Windows\System\VZGWMqZ.exe

C:\Windows\System\VZGWMqZ.exe

C:\Windows\System\VKZCNZQ.exe

C:\Windows\System\VKZCNZQ.exe

C:\Windows\System\LLLyXXd.exe

C:\Windows\System\LLLyXXd.exe

C:\Windows\System\kSoAMZi.exe

C:\Windows\System\kSoAMZi.exe

C:\Windows\System\eCddLNY.exe

C:\Windows\System\eCddLNY.exe

C:\Windows\System\YuwqnDi.exe

C:\Windows\System\YuwqnDi.exe

C:\Windows\System\jNMgKEy.exe

C:\Windows\System\jNMgKEy.exe

C:\Windows\System\sSyLyLh.exe

C:\Windows\System\sSyLyLh.exe

C:\Windows\System\VysifxA.exe

C:\Windows\System\VysifxA.exe

C:\Windows\System\ZliXJMn.exe

C:\Windows\System\ZliXJMn.exe

C:\Windows\System\aQWYzjC.exe

C:\Windows\System\aQWYzjC.exe

C:\Windows\System\zLMaKek.exe

C:\Windows\System\zLMaKek.exe

C:\Windows\System\gmvAahD.exe

C:\Windows\System\gmvAahD.exe

C:\Windows\System\jKQvWwI.exe

C:\Windows\System\jKQvWwI.exe

C:\Windows\System\edlRFIX.exe

C:\Windows\System\edlRFIX.exe

C:\Windows\System\LEEYyIN.exe

C:\Windows\System\LEEYyIN.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1652-0-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/1652-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\zbipDZM.exe

MD5 291124fe2178798768677ce0853c0b97
SHA1 a1eaca0ef68be47854bf91f9e3e2c8838e3ec86d
SHA256 f08dc4ead455a453f0c7172767147b7ad06e853c0ed4279bfbf85f28abf87be5
SHA512 8924f6f1ce1bdc7770de118aa6eff2e3b0ab15c8108934477c7816d2fa49c9302380de7a8251e7bb88fa7db26a62ef4a079216a0c4cd4f1c9b852d7e228f111f

memory/1652-6-0x000000013F7E0000-0x000000013FB34000-memory.dmp

\Windows\system\wNjztEh.exe

MD5 51dbcc732c71b068d30c1a1bff632238
SHA1 7edfedf87ee4cc6a215fc250bbd74005c7d45f8f
SHA256 284f8b32ccc51652f9da3e9356d5bebbb83222e22410591df06d4e2166b5417b
SHA512 260a3bd68cc06d4b8217064d11a91ca0e856ea7ab739ae13d6024cc008d0e42b3ea663320e73501b336d77073453e0b462cc8845b3ca35e1e5fb1ba5c6e9f343

memory/1652-56-0x000000013FBB0000-0x000000013FF04000-memory.dmp

\Windows\system\EZWxAbV.exe

MD5 1aaab7641518abb15ce4574bea86aefd
SHA1 b9462deba0a189211d883bbda7a83982816eed8b
SHA256 41a7cf188013916834c65496abf737074b8d97918e1fcb2e32d257287375a3dd
SHA512 8390471c4e20f16aabfbb5fa478dda2ccf9f2de4004ebfb942318bb19fa0575d21ed016dcb1c892da80f4a9508f89b79a692e9eea1cf73da1ad0dc44c208abeb

\Windows\system\vpNxFRY.exe

MD5 2c209bba8a4985197493d71dc799b7dc
SHA1 a973e7558290fe941572f059369fa9a0cb178b83
SHA256 ad18301b3c35baca1f17d530babf3bb4b7595024243f7a40be7669cbb1372b79
SHA512 d6342c2cb0ea7c7c9d4e769d250e51853f02662b204876d412ff7888f180af1cdfa4fa07f1ac3475a02b76034b8ef688c9e41b4c3358a002623c57ce38965c5d

C:\Windows\system\lUxwPlB.exe

MD5 55980a6deeaf14d55013dca6e2b97593
SHA1 7e38cf543aae35f5906c6f5b049a3607eeb2ad82
SHA256 f42659fa8cfa9b318fba83d423d792557bce8bcdccdf8de110855c7702a9ba83
SHA512 375fe2a90b6835fdb242b95d196b8f007d5487a15ee0ae9f9f151451e69a1ce020679948dbd630816a9113d2b5bf702e6754e546f5ad5262e175052902daa44b

\Windows\system\odtWxSR.exe

MD5 5207b69f712455e42ec8aa6fc5a00a79
SHA1 cd2382857808abb5e36bbe7f22ad0788e72567cd
SHA256 4236559eedfc0c50f2d9431bb4f2372430357aa817f89e6af33658565d6e7d98
SHA512 f0a7956429a3da7fd77907b0513f3d63d794cca4b7be2a5a83584c7bbe090bfe8014132949b9ded8197f4630c03ea0f1c35f55d438bb379dd9920e83c8a7aa23

memory/1652-1066-0x000000013F3D0000-0x000000013F724000-memory.dmp

C:\Windows\system\GuLIsjG.exe

MD5 46bf67d90fa23a8f22de3d6e7a589371
SHA1 036ae04fba968297757495c0aea42ed0e858fb4d
SHA256 67f2f03c5a81c22ac853cd989e0ed6b5699e66fd50571f3f34a91006425192da
SHA512 412a037a89302d617980fcb1b24c2faebfe855b883869286fac796a2b3f1df6b3210670efb84d84263b49261e7270322e07ba6e2a89d8d6db8b1c608a390dfba

C:\Windows\system\xyeZGhk.exe

MD5 bfdac24135c1f3178bf3e7d2cac7ac54
SHA1 c66e7f24d8f3b4890be3c2c59fec88454e403089
SHA256 f24948f7696517e6267296c8d6d0ba6934f7b12158660be615382adb5b8c0421
SHA512 5396e609b69627a6beba8d212138bbf77f51b082127a170e4ca6253d957a9c7511ffb56d82412b16e89ec9418664f3cf73b3bdca5093e03d3184344588ffff06

C:\Windows\system\iRtisCb.exe

MD5 c974aed3ff1294480f7f33af1d125252
SHA1 dc672cc459ce5083ff4b22b238d05c61b25a25f6
SHA256 3a57aa2b8dfad174e9de43d053b52ac10c572b2a6c734b85b6dbde40ce1f0d63
SHA512 b8b88f6d87f6060404ac06f8ea7316a12d3ab4d466abc6fbfc653d1206e2272bd02d655ef6545b76a204b051b1389b21be6732c51712bde5284b2c6738ae3997

C:\Windows\system\RIjlmxz.exe

MD5 bdd1c0ec7fc2f372a8247b2cb3e2dca6
SHA1 438bf958f476e949bbbd2ec1ec916acbdf876738
SHA256 a502fa4080cfdf2b1cacd0b65553f998dc8f17f4e2831fcc0382acca77d09160
SHA512 0f6370bc215e30c6fcdfe387c00bf09717b7947441d5ee77edcf2e55982273425cd4159ba0b611848bc88b6fa07aa0a4abfd44da461f97e0d6d1d474b62b9840

C:\Windows\system\ZqCehyc.exe

MD5 ec8299e4cdf6e886e6244f9df61c004c
SHA1 441d3d464514986622e6abef18e5ece2b4e9a196
SHA256 ba26820cae4d95d09b6591b0d32b0b58526d6ede9562b7435db62c541da10397
SHA512 fb9012c8361072c8e6c5b77150d8a958e9cbbbea08ced453b20332938bc872c9a52f324aa64678c0158f240f2dd4a03a530708e6d1c43de6f9d0f27b33d414c3

C:\Windows\system\LyEFEdE.exe

MD5 baed7e44c3287fb4225f4b441db20846
SHA1 4aad458c3419408e45dae58555822227319320b1
SHA256 5b4bbf5eee3a8c41d6da9871f1026325401fb366366a8881ca57931e29234b53
SHA512 1d5959853d9ddfc0d42f8aeed0bb15b26497ed6be0710c52e8d91916b7760913bc113389b598c843edef1743351af3098433d998451e7ac85e4f124841d04f51

C:\Windows\system\DDsDLTE.exe

MD5 f5b703bfd92aa61b44a73488254e226f
SHA1 c68d55a48d23424d835d7473475bdc754b33c955
SHA256 4dfc6deb62425364af1163948d43b835976600ad9134a613db758dd5f9f0ed03
SHA512 8592ed940faf297edd97f1bfbe683c8267a17c55670c3b93c722019bcf659babaeca9b2b5b0a86e8a225b2cd22f9938814ec3b4046a1d8062d0edcb58d20375c

C:\Windows\system\xWtUFNq.exe

MD5 09944a721e7211836d59f7064fbbf43e
SHA1 0079f8c4cf7ea5f23d275416a5e91cb6209a81a3
SHA256 3357a5e0e1eacaa9e3a648b97f3ed5816beccc5e1b51409504df0f2062353b40
SHA512 c9fee2b074fddce06479a0fe8fd3fe32ea7a211c3080d06d4785f3e9c9dbfedebfff37452837b0ce4725e323a56827e19b492c9c6ba38cc6088848431d3f364b

C:\Windows\system\RdJKpYd.exe

MD5 0773f84fe5d611a547548e1bd11153a8
SHA1 b767d2a96cd978c27ed93b9b16bac5681c6dec58
SHA256 0a43f53bbc5969c7955b540952abe8eda8a14d6663e7a77ada5193dce6026e7c
SHA512 e44ab4470ec4174c00eb8b020ec45e02fa484c93684a678c60d9cdc42269fd7eaa9de890717e853d5c7133fb8895f006293ed2af0cfb3bb5c500bb50fe798968

C:\Windows\system\YHzrypm.exe

MD5 742ce6de8f4fd3796eb9fd891c8142ff
SHA1 e78829e5d5183f5b58d39cd1acd8993b1764505a
SHA256 9d40e433c8d2fb8062686195b484e8ccfc500801c6863caf04de2398d61096e0
SHA512 41a2ecf1bdfb1a6de3524a10ff9cf20eafd6873102d506fb83cfdc8941b0c7203a65deb615c7cea1c70429f59c080c8ffc85ddc954e8f05125b16296656651f9

C:\Windows\system\udgWlvJ.exe

MD5 016d555e49afdaad35266f3d3c127eeb
SHA1 fe6acf2504c938f28d7b776372e5d20128419e40
SHA256 690ee588b55d747786c3723d59e75398d8ff35842b224b5ba6023da63e9f793c
SHA512 cfef2a8cb049dc645fd892b7d3e6898d70b6bf45161529bba82b02769f6b704a36a72691ec8f80714edb8bb1a760c69c7b0986efee938b59a2c0fac5959c2f21

C:\Windows\system\DsnEHuk.exe

MD5 24713145884143f8294414c369f9178e
SHA1 37e59639c2c93dba194e170f1f1eba37680e807b
SHA256 d2e99fa3224d4f8a987e7c6d71b9dd8876c68f9679416b48e952d8c3e06b3d2f
SHA512 fb2b9942c90e9fb95be79a442574ff96fdaba1e5c368ed896be7d948ca1f0c6ad1bd04d7d5cf555c2339ed5585746ac6ddd6d904b1b9a6f7007c2cce7f2c27bd

C:\Windows\system\rhAFNVf.exe

MD5 4ab0712b0076984e21549c280feb6ab6
SHA1 bbd4f2499c967a18ba00464a68d033ff7cc70580
SHA256 87a27b33895f53feea5d402d435eef3633914ff5cab9dd281f5db02e14516392
SHA512 e2aa67fb715745a8f983a4d23e6db54f34785e88f32e6236ae0e80031e7fcfa3a5303bfd5237bc3e7117a2051ec6e050b645c01996b096383d2d9529903412fb

C:\Windows\system\xnTuImp.exe

MD5 7de201191cbef1ec7192d685bf502b00
SHA1 9f2ce325f78c0bd4d947fdad12c205f8300203e1
SHA256 b0a4585d6bba73c536a6f03843c16f8064d7ec960366182fd18e33daa3235e96
SHA512 f85a0a04da2fc3946c7ccfe30ca0d514ee7080962d114ff830db74c83891275bc4b32a7b0e04aa4cf87954a08a400067e6685bd58203d4b8e1438eb38a16859b

memory/1652-119-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/2656-116-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1652-115-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/1652-114-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2556-110-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/1652-109-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\lZqExOb.exe

MD5 b6a4c7d6b7417d8459271fd7b5cd8e20
SHA1 43a3bdfb93f73accacad8a94dfda75c96959261c
SHA256 8339ebd23f8d25fcc2d0c20a435c16b9bf54446628045032b13327abba768222
SHA512 fd23996e50b5bb89ecc25c31dc83899f94ef43f8f2481bbd8e22a20f809605473534e8e89f184c111c690567eb78bb71757faf066ec03f839b566e6fdbfc0232

C:\Windows\system\wEwndkL.exe

MD5 952709ef57b2bb6b4af3dbfa1c89c7ef
SHA1 b8a5608d47f7d57e64ef3a42df9f221716b07534
SHA256 89154b2de29c34d9e6be1cc1a37135bebfc23f024eb04ecc7a19507b86d38f8d
SHA512 ca3d4b28ab32e276bab54c747090f5e0b0a13f1855f2e4c98e2439dea8fa142917d3b177c59e1d234b7ebe34edb64735ed267339fbeab419761cac0082b040c8

memory/1652-105-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1652-104-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/1652-103-0x000000013F760000-0x000000013FAB4000-memory.dmp

C:\Windows\system\HroiADd.exe

MD5 c3547a3143126489a7a796be834a3f25
SHA1 b968726bd3bde966094c6b68300a03a82ed2ee52
SHA256 5ad138a0d9ccf89539b9fd578df65d8349810755fceb1c1744b2c3e530debd53
SHA512 7bbaf9ac7b4239eed9d545394c2a5dab51e8e03d453d63e7b8b4eb3c354b34094fb4cf4d702c960e89564d0c6fa98a15ffc47133f2b777519d71575f130ccaf7

memory/2596-100-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/1652-99-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\nStgdGj.exe

MD5 b9663015f36e5439a20295463fcf2d32
SHA1 8b353c7768ac9deffe7167a950db86edd0059915
SHA256 89f306fe4cf87da3cc85ad0f8c2180d154a7e3bfc82f21e4f85e9e6c7c7a6994
SHA512 50fb9a0aedc0f1b82e3458aea63a1a4324e84e09d26a7fab6f8016fd92e780eb40ed792c7275ee877935f4eec0de542fe5458dceeec7c8a3e13e6ae43e06383e

memory/2492-96-0x000000013F440000-0x000000013F794000-memory.dmp

memory/2712-95-0x000000013F140000-0x000000013F494000-memory.dmp

C:\Windows\system\qLKHbls.exe

MD5 da4f52b63cbef29e81a67023efd80cc2
SHA1 2a1747a52201f1ce79d649f89940ba235611d5c1
SHA256 bce7df9197a66a014786d995df843f7e5e3e3bcd94f345ac81f70a222ff9311c
SHA512 a51b1de8552119505389f1f2e4a3592ad6b7152030e03a6173130cf7b40a9be47a9a5fd9059934116cb6a74f3b99a79f8da94da016675adea882d8fa1f829ae1

memory/2452-92-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2704-91-0x000000013F340000-0x000000013F694000-memory.dmp

memory/1652-80-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\AkoGVbU.exe

MD5 573489e127215063a7a27babdf855cf1
SHA1 2fef3df890f0a12ec5ec9d2090ac7b139cbb2f3c
SHA256 2cea3151d4c2d58d2dc19432843d6c6990653d15aed9d3abaa177331093faffe
SHA512 2eaf9602201e951eae9f75c21990eae1400430add40a6d40ddf21713a5f7974394eb74b88402e42d6f80c922c4f317dd9986576f23fe438c990bfd2435fc0669

C:\Windows\system\plcwgfk.exe

MD5 8198338310fe8333d6d2a1e6a6455e07
SHA1 799d01ac9370ab1dc00bdba6f9154ce381e53c23
SHA256 96d198e5e14db5c6f485709f5f50a274f98585af48d0efb591bf8261812c6982
SHA512 534f506a6a5c7b99b5940c1f48da23ec14734497ec30f7e38e0f872f57a42cf2c20929da64bd2186ca1ccd4a7e0829c133b0cc4cf38a8af150bbc7a26b1a0909

C:\Windows\system\ctMbSwo.exe

MD5 c94be2fcad83f523034bddd137c311c4
SHA1 f98422050743655378312f9f0a68ac014f431bdf
SHA256 11978e03fb305dfe4edd65f42f16390c39ae26acf74119949c4613c73e3d2b31
SHA512 18e7e932ebaf564a191c97d5318014377e3dab86e55d82633338c44141cb4a2c9c87858157746dfbe08cf102ca0d405263613178ae5f9725ee3bdb9505fe68b8

C:\Windows\system\DHcEJQT.exe

MD5 945a1d9b932daeb2d91d3e95d77e66e4
SHA1 1b61c48153c5c0afe79e2e054e077aa495a6fa53
SHA256 9effe0361a82d7445144509c31942e123d91f46d36e968dfbe4620871b33280b
SHA512 7b11acda76776c5d9cadc8a41bcf391ff59837d094e760d7cdfaa89a7f134d59ad9757a052373728581ab6a9fecccee5e00441de7e2fdd5ff7b0eddc90fd291b

C:\Windows\system\AsImtkK.exe

MD5 039d70929a4bb49d956d4c23b4e6d6e1
SHA1 27154003f2896f267045be0b090b44dcb530361f
SHA256 4157c691c6287905691a38843ae2527a40e811e9b4d997ab8cd2a2b6a6e1be94
SHA512 f48ab074d48ea4ed7511ba7349c0b62e4bddbc4770e177d0285d2397a36cc20e46cc31e251a9c5e6928d83af70b98bbbc5f69d4f44f3a3ae049dc76733c5365c

memory/1652-65-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\LATRLzZ.exe

MD5 4c93f79ab28677f6bf79beb6dbe49c73
SHA1 aa79542383fd3fe8509c67fa4918279786c98a9c
SHA256 734f7cdf8101d30b22b9102eefe907c00a469d696a511145ba41f1438116b244
SHA512 a359dc7b735f2d5a0f83dfca46c860e2ee10b9f68e4543b5e9a377fd3377c19742f1b2126363a3ecc1c882aa6fc9dc2c464a86ddabcc239c5787bdc537dabead

memory/1652-52-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/1652-48-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1652-42-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2540-36-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/1652-30-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/3056-25-0x000000013FC40000-0x000000013FF94000-memory.dmp

C:\Windows\system\nxyFoEC.exe

MD5 5616958fb441a617d3cf81c6bb290abd
SHA1 5d5a6b2e1a7c94155345b6611b8ad2e16d625588
SHA256 038ed540dcd5a5c3cfca8312c48a99f0a79bb0141c04605c02009771cf5786e0
SHA512 5adc86192fe38c8b3b7a0bf8c7ced26510d1eae7e9d9a9ee072db83f890cfe54fb1c9d0d534214581a6645ea72ac1db99ce83db7a2a7807299cdac3ce00fe4e9

memory/1652-12-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2024-1067-0x000000013F7E0000-0x000000013FB34000-memory.dmp

memory/1652-1069-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/3056-1068-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1652-1070-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1652-1071-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/2024-1072-0x000000013F7E0000-0x000000013FB34000-memory.dmp

memory/3056-1073-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2540-1074-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2712-1076-0x000000013F140000-0x000000013F494000-memory.dmp

memory/2492-1079-0x000000013F440000-0x000000013F794000-memory.dmp

memory/2704-1078-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2556-1077-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/2452-1075-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2656-1080-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2596-1081-0x000000013F950000-0x000000013FCA4000-memory.dmp