Malware Analysis Report

2024-10-16 07:53

Sample ID 240601-neex8aba2t
Target 61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe
SHA256 32e662dd299c5e354b28803ed14b8824e012fab2008ea7abbb3d3b01653e33a4
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

32e662dd299c5e354b28803ed14b8824e012fab2008ea7abbb3d3b01653e33a4

Threat Level: Known bad

The file 61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

XMRig Miner payload

KPOT Core Executable

xmrig

Kpot family

Xmrig family

KPOT

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 11:18

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 11:18

Reported

2024-06-01 11:20

Platform

win7-20240508-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lkQHacC.exe N/A
N/A N/A C:\Windows\System\JDNDaJE.exe N/A
N/A N/A C:\Windows\System\ClfsiYD.exe N/A
N/A N/A C:\Windows\System\tnUdgbe.exe N/A
N/A N/A C:\Windows\System\PrgxlUb.exe N/A
N/A N/A C:\Windows\System\WsiEfoC.exe N/A
N/A N/A C:\Windows\System\ErMmoTO.exe N/A
N/A N/A C:\Windows\System\DjUgxcI.exe N/A
N/A N/A C:\Windows\System\mrfhjGX.exe N/A
N/A N/A C:\Windows\System\EgaHrNN.exe N/A
N/A N/A C:\Windows\System\ERYaseM.exe N/A
N/A N/A C:\Windows\System\afNakCS.exe N/A
N/A N/A C:\Windows\System\sYtALLn.exe N/A
N/A N/A C:\Windows\System\uVpmEDJ.exe N/A
N/A N/A C:\Windows\System\rRGDekp.exe N/A
N/A N/A C:\Windows\System\LYFuaBe.exe N/A
N/A N/A C:\Windows\System\eAWUduC.exe N/A
N/A N/A C:\Windows\System\wrdmhGj.exe N/A
N/A N/A C:\Windows\System\PZWUVKt.exe N/A
N/A N/A C:\Windows\System\ZxVFCLV.exe N/A
N/A N/A C:\Windows\System\jrybOBw.exe N/A
N/A N/A C:\Windows\System\GVhxrPj.exe N/A
N/A N/A C:\Windows\System\VYxnuli.exe N/A
N/A N/A C:\Windows\System\bjBFKKf.exe N/A
N/A N/A C:\Windows\System\nomUAlm.exe N/A
N/A N/A C:\Windows\System\Rrhcduq.exe N/A
N/A N/A C:\Windows\System\upSlaDm.exe N/A
N/A N/A C:\Windows\System\WQeCvTA.exe N/A
N/A N/A C:\Windows\System\iLySPuk.exe N/A
N/A N/A C:\Windows\System\rDafUyw.exe N/A
N/A N/A C:\Windows\System\qpbuAwD.exe N/A
N/A N/A C:\Windows\System\kwSOWyt.exe N/A
N/A N/A C:\Windows\System\yIbAuqf.exe N/A
N/A N/A C:\Windows\System\BfBrASa.exe N/A
N/A N/A C:\Windows\System\udZJDUZ.exe N/A
N/A N/A C:\Windows\System\WSZzBwc.exe N/A
N/A N/A C:\Windows\System\DSrhThD.exe N/A
N/A N/A C:\Windows\System\vtoUVzX.exe N/A
N/A N/A C:\Windows\System\ylMmSVZ.exe N/A
N/A N/A C:\Windows\System\SftLUZD.exe N/A
N/A N/A C:\Windows\System\SvHzODL.exe N/A
N/A N/A C:\Windows\System\IiWvOmw.exe N/A
N/A N/A C:\Windows\System\hxpjWqa.exe N/A
N/A N/A C:\Windows\System\LbLHGTv.exe N/A
N/A N/A C:\Windows\System\HEiDsOZ.exe N/A
N/A N/A C:\Windows\System\yksnVVJ.exe N/A
N/A N/A C:\Windows\System\yVFNbnK.exe N/A
N/A N/A C:\Windows\System\MxuWDEu.exe N/A
N/A N/A C:\Windows\System\daJPdZx.exe N/A
N/A N/A C:\Windows\System\dnHPEpl.exe N/A
N/A N/A C:\Windows\System\uaEzPic.exe N/A
N/A N/A C:\Windows\System\AbMZJOS.exe N/A
N/A N/A C:\Windows\System\UBDlIiL.exe N/A
N/A N/A C:\Windows\System\ZxBeeOq.exe N/A
N/A N/A C:\Windows\System\SbziOao.exe N/A
N/A N/A C:\Windows\System\bQxWpeS.exe N/A
N/A N/A C:\Windows\System\sqtXHXD.exe N/A
N/A N/A C:\Windows\System\JfWqCqP.exe N/A
N/A N/A C:\Windows\System\weIPSnG.exe N/A
N/A N/A C:\Windows\System\fPLOZtO.exe N/A
N/A N/A C:\Windows\System\CEJztDp.exe N/A
N/A N/A C:\Windows\System\pbjrjQf.exe N/A
N/A N/A C:\Windows\System\XDociPi.exe N/A
N/A N/A C:\Windows\System\CAoxuiQ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\bQxWpeS.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbzdMmk.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\EWIWVvF.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiCmaiU.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\BAovTod.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPvtPyJ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhqvVjZ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GGjpjHb.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZumZnH.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbQTxrK.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjBFKKf.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rDafUyw.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSZzBwc.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SftLUZD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvHzODL.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPpfjDT.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZIOacYC.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbHUnJD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSaKnKL.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSIMeEM.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClfsiYD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpgEfHc.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxUtXml.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUwOqjz.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WAjsjuu.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nomUAlm.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCpGzse.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgyhzvK.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVncaIm.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDVvlsy.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvOfqOv.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WQeCvTA.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KkNcqNs.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckJvMlx.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UqfmuVB.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNOQZTZ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJaxYam.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aONaSLu.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwSOWyt.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDociPi.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yVekiIc.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtZLXEt.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AIHHbCv.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NLPOXTC.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwGnMui.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBDlIiL.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNuAPkI.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\srplfBm.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PeWMqSL.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHyRExk.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcoWEBj.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYxiaZN.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhisOxR.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdONRpI.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvFjHUy.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gNoMFDW.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEgsjdA.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTCaHfI.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuCQbRN.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIySXXX.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\BazdFKO.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NoTBJmD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMWtDFi.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\mTloZkA.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\lkQHacC.exe
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\lkQHacC.exe
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\lkQHacC.exe
PID 1700 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\JDNDaJE.exe
PID 1700 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\JDNDaJE.exe
PID 1700 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\JDNDaJE.exe
PID 1700 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ClfsiYD.exe
PID 1700 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ClfsiYD.exe
PID 1700 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ClfsiYD.exe
PID 1700 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\tnUdgbe.exe
PID 1700 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\tnUdgbe.exe
PID 1700 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\tnUdgbe.exe
PID 1700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PrgxlUb.exe
PID 1700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PrgxlUb.exe
PID 1700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PrgxlUb.exe
PID 1700 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WsiEfoC.exe
PID 1700 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WsiEfoC.exe
PID 1700 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WsiEfoC.exe
PID 1700 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ErMmoTO.exe
PID 1700 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ErMmoTO.exe
PID 1700 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ErMmoTO.exe
PID 1700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\DjUgxcI.exe
PID 1700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\DjUgxcI.exe
PID 1700 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\DjUgxcI.exe
PID 1700 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\mrfhjGX.exe
PID 1700 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\mrfhjGX.exe
PID 1700 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\mrfhjGX.exe
PID 1700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\EgaHrNN.exe
PID 1700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\EgaHrNN.exe
PID 1700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\EgaHrNN.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ERYaseM.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ERYaseM.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ERYaseM.exe
PID 1700 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\afNakCS.exe
PID 1700 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\afNakCS.exe
PID 1700 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\afNakCS.exe
PID 1700 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\sYtALLn.exe
PID 1700 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\sYtALLn.exe
PID 1700 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\sYtALLn.exe
PID 1700 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\uVpmEDJ.exe
PID 1700 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\uVpmEDJ.exe
PID 1700 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\uVpmEDJ.exe
PID 1700 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\rRGDekp.exe
PID 1700 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\rRGDekp.exe
PID 1700 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\rRGDekp.exe
PID 1700 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\LYFuaBe.exe
PID 1700 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\LYFuaBe.exe
PID 1700 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\LYFuaBe.exe
PID 1700 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\eAWUduC.exe
PID 1700 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\eAWUduC.exe
PID 1700 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\eAWUduC.exe
PID 1700 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\wrdmhGj.exe
PID 1700 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\wrdmhGj.exe
PID 1700 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\wrdmhGj.exe
PID 1700 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PZWUVKt.exe
PID 1700 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PZWUVKt.exe
PID 1700 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\PZWUVKt.exe
PID 1700 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ZxVFCLV.exe
PID 1700 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ZxVFCLV.exe
PID 1700 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ZxVFCLV.exe
PID 1700 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\jrybOBw.exe
PID 1700 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\jrybOBw.exe
PID 1700 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\jrybOBw.exe
PID 1700 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\GVhxrPj.exe

Processes

C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe"

C:\Windows\System\lkQHacC.exe

C:\Windows\System\lkQHacC.exe

C:\Windows\System\JDNDaJE.exe

C:\Windows\System\JDNDaJE.exe

C:\Windows\System\ClfsiYD.exe

C:\Windows\System\ClfsiYD.exe

C:\Windows\System\tnUdgbe.exe

C:\Windows\System\tnUdgbe.exe

C:\Windows\System\PrgxlUb.exe

C:\Windows\System\PrgxlUb.exe

C:\Windows\System\WsiEfoC.exe

C:\Windows\System\WsiEfoC.exe

C:\Windows\System\ErMmoTO.exe

C:\Windows\System\ErMmoTO.exe

C:\Windows\System\DjUgxcI.exe

C:\Windows\System\DjUgxcI.exe

C:\Windows\System\mrfhjGX.exe

C:\Windows\System\mrfhjGX.exe

C:\Windows\System\EgaHrNN.exe

C:\Windows\System\EgaHrNN.exe

C:\Windows\System\ERYaseM.exe

C:\Windows\System\ERYaseM.exe

C:\Windows\System\afNakCS.exe

C:\Windows\System\afNakCS.exe

C:\Windows\System\sYtALLn.exe

C:\Windows\System\sYtALLn.exe

C:\Windows\System\uVpmEDJ.exe

C:\Windows\System\uVpmEDJ.exe

C:\Windows\System\rRGDekp.exe

C:\Windows\System\rRGDekp.exe

C:\Windows\System\LYFuaBe.exe

C:\Windows\System\LYFuaBe.exe

C:\Windows\System\eAWUduC.exe

C:\Windows\System\eAWUduC.exe

C:\Windows\System\wrdmhGj.exe

C:\Windows\System\wrdmhGj.exe

C:\Windows\System\PZWUVKt.exe

C:\Windows\System\PZWUVKt.exe

C:\Windows\System\ZxVFCLV.exe

C:\Windows\System\ZxVFCLV.exe

C:\Windows\System\jrybOBw.exe

C:\Windows\System\jrybOBw.exe

C:\Windows\System\GVhxrPj.exe

C:\Windows\System\GVhxrPj.exe

C:\Windows\System\VYxnuli.exe

C:\Windows\System\VYxnuli.exe

C:\Windows\System\bjBFKKf.exe

C:\Windows\System\bjBFKKf.exe

C:\Windows\System\nomUAlm.exe

C:\Windows\System\nomUAlm.exe

C:\Windows\System\Rrhcduq.exe

C:\Windows\System\Rrhcduq.exe

C:\Windows\System\upSlaDm.exe

C:\Windows\System\upSlaDm.exe

C:\Windows\System\WQeCvTA.exe

C:\Windows\System\WQeCvTA.exe

C:\Windows\System\iLySPuk.exe

C:\Windows\System\iLySPuk.exe

C:\Windows\System\rDafUyw.exe

C:\Windows\System\rDafUyw.exe

C:\Windows\System\qpbuAwD.exe

C:\Windows\System\qpbuAwD.exe

C:\Windows\System\kwSOWyt.exe

C:\Windows\System\kwSOWyt.exe

C:\Windows\System\yIbAuqf.exe

C:\Windows\System\yIbAuqf.exe

C:\Windows\System\BfBrASa.exe

C:\Windows\System\BfBrASa.exe

C:\Windows\System\udZJDUZ.exe

C:\Windows\System\udZJDUZ.exe

C:\Windows\System\WSZzBwc.exe

C:\Windows\System\WSZzBwc.exe

C:\Windows\System\DSrhThD.exe

C:\Windows\System\DSrhThD.exe

C:\Windows\System\vtoUVzX.exe

C:\Windows\System\vtoUVzX.exe

C:\Windows\System\ylMmSVZ.exe

C:\Windows\System\ylMmSVZ.exe

C:\Windows\System\SftLUZD.exe

C:\Windows\System\SftLUZD.exe

C:\Windows\System\SvHzODL.exe

C:\Windows\System\SvHzODL.exe

C:\Windows\System\IiWvOmw.exe

C:\Windows\System\IiWvOmw.exe

C:\Windows\System\hxpjWqa.exe

C:\Windows\System\hxpjWqa.exe

C:\Windows\System\LbLHGTv.exe

C:\Windows\System\LbLHGTv.exe

C:\Windows\System\HEiDsOZ.exe

C:\Windows\System\HEiDsOZ.exe

C:\Windows\System\yksnVVJ.exe

C:\Windows\System\yksnVVJ.exe

C:\Windows\System\yVFNbnK.exe

C:\Windows\System\yVFNbnK.exe

C:\Windows\System\MxuWDEu.exe

C:\Windows\System\MxuWDEu.exe

C:\Windows\System\daJPdZx.exe

C:\Windows\System\daJPdZx.exe

C:\Windows\System\dnHPEpl.exe

C:\Windows\System\dnHPEpl.exe

C:\Windows\System\uaEzPic.exe

C:\Windows\System\uaEzPic.exe

C:\Windows\System\AbMZJOS.exe

C:\Windows\System\AbMZJOS.exe

C:\Windows\System\UBDlIiL.exe

C:\Windows\System\UBDlIiL.exe

C:\Windows\System\ZxBeeOq.exe

C:\Windows\System\ZxBeeOq.exe

C:\Windows\System\SbziOao.exe

C:\Windows\System\SbziOao.exe

C:\Windows\System\bQxWpeS.exe

C:\Windows\System\bQxWpeS.exe

C:\Windows\System\sqtXHXD.exe

C:\Windows\System\sqtXHXD.exe

C:\Windows\System\JfWqCqP.exe

C:\Windows\System\JfWqCqP.exe

C:\Windows\System\weIPSnG.exe

C:\Windows\System\weIPSnG.exe

C:\Windows\System\fPLOZtO.exe

C:\Windows\System\fPLOZtO.exe

C:\Windows\System\CEJztDp.exe

C:\Windows\System\CEJztDp.exe

C:\Windows\System\pbjrjQf.exe

C:\Windows\System\pbjrjQf.exe

C:\Windows\System\XDociPi.exe

C:\Windows\System\XDociPi.exe

C:\Windows\System\CAoxuiQ.exe

C:\Windows\System\CAoxuiQ.exe

C:\Windows\System\IGltwmN.exe

C:\Windows\System\IGltwmN.exe

C:\Windows\System\chHGkdR.exe

C:\Windows\System\chHGkdR.exe

C:\Windows\System\WKpMOWs.exe

C:\Windows\System\WKpMOWs.exe

C:\Windows\System\caWAWrT.exe

C:\Windows\System\caWAWrT.exe

C:\Windows\System\JHTDGfe.exe

C:\Windows\System\JHTDGfe.exe

C:\Windows\System\CNSTBHe.exe

C:\Windows\System\CNSTBHe.exe

C:\Windows\System\oNuAPkI.exe

C:\Windows\System\oNuAPkI.exe

C:\Windows\System\Kjqcnup.exe

C:\Windows\System\Kjqcnup.exe

C:\Windows\System\UtLISXG.exe

C:\Windows\System\UtLISXG.exe

C:\Windows\System\AoJDzBQ.exe

C:\Windows\System\AoJDzBQ.exe

C:\Windows\System\WKupABb.exe

C:\Windows\System\WKupABb.exe

C:\Windows\System\TcWrDOg.exe

C:\Windows\System\TcWrDOg.exe

C:\Windows\System\iXoOIHb.exe

C:\Windows\System\iXoOIHb.exe

C:\Windows\System\QpgEfHc.exe

C:\Windows\System\QpgEfHc.exe

C:\Windows\System\sWZAVNe.exe

C:\Windows\System\sWZAVNe.exe

C:\Windows\System\ZaWSKvz.exe

C:\Windows\System\ZaWSKvz.exe

C:\Windows\System\bIySXXX.exe

C:\Windows\System\bIySXXX.exe

C:\Windows\System\DYxiaZN.exe

C:\Windows\System\DYxiaZN.exe

C:\Windows\System\anJfFBN.exe

C:\Windows\System\anJfFBN.exe

C:\Windows\System\vFZCeFb.exe

C:\Windows\System\vFZCeFb.exe

C:\Windows\System\QauHxXP.exe

C:\Windows\System\QauHxXP.exe

C:\Windows\System\IhisOxR.exe

C:\Windows\System\IhisOxR.exe

C:\Windows\System\AqoqfGk.exe

C:\Windows\System\AqoqfGk.exe

C:\Windows\System\yeqFikJ.exe

C:\Windows\System\yeqFikJ.exe

C:\Windows\System\QJXUxKt.exe

C:\Windows\System\QJXUxKt.exe

C:\Windows\System\fwXqQHL.exe

C:\Windows\System\fwXqQHL.exe

C:\Windows\System\iSMqaOj.exe

C:\Windows\System\iSMqaOj.exe

C:\Windows\System\ZNoZXHK.exe

C:\Windows\System\ZNoZXHK.exe

C:\Windows\System\sxUtXml.exe

C:\Windows\System\sxUtXml.exe

C:\Windows\System\LbuOMLT.exe

C:\Windows\System\LbuOMLT.exe

C:\Windows\System\QobyDcL.exe

C:\Windows\System\QobyDcL.exe

C:\Windows\System\RcYSjTS.exe

C:\Windows\System\RcYSjTS.exe

C:\Windows\System\zxJBWkM.exe

C:\Windows\System\zxJBWkM.exe

C:\Windows\System\KFyBmnv.exe

C:\Windows\System\KFyBmnv.exe

C:\Windows\System\CWvoKum.exe

C:\Windows\System\CWvoKum.exe

C:\Windows\System\KkNcqNs.exe

C:\Windows\System\KkNcqNs.exe

C:\Windows\System\dBLLWTR.exe

C:\Windows\System\dBLLWTR.exe

C:\Windows\System\BazdFKO.exe

C:\Windows\System\BazdFKO.exe

C:\Windows\System\ltiDecA.exe

C:\Windows\System\ltiDecA.exe

C:\Windows\System\oMeyZss.exe

C:\Windows\System\oMeyZss.exe

C:\Windows\System\bOvuymA.exe

C:\Windows\System\bOvuymA.exe

C:\Windows\System\lhyoWVx.exe

C:\Windows\System\lhyoWVx.exe

C:\Windows\System\wkcGvZT.exe

C:\Windows\System\wkcGvZT.exe

C:\Windows\System\uikZqie.exe

C:\Windows\System\uikZqie.exe

C:\Windows\System\YIrRNbt.exe

C:\Windows\System\YIrRNbt.exe

C:\Windows\System\nJUalMq.exe

C:\Windows\System\nJUalMq.exe

C:\Windows\System\NNyLdUi.exe

C:\Windows\System\NNyLdUi.exe

C:\Windows\System\vCcHsGF.exe

C:\Windows\System\vCcHsGF.exe

C:\Windows\System\cmvjpql.exe

C:\Windows\System\cmvjpql.exe

C:\Windows\System\KQXeIlL.exe

C:\Windows\System\KQXeIlL.exe

C:\Windows\System\IMNxTOQ.exe

C:\Windows\System\IMNxTOQ.exe

C:\Windows\System\wSTgosL.exe

C:\Windows\System\wSTgosL.exe

C:\Windows\System\NaAqMPJ.exe

C:\Windows\System\NaAqMPJ.exe

C:\Windows\System\xYwmngH.exe

C:\Windows\System\xYwmngH.exe

C:\Windows\System\srplfBm.exe

C:\Windows\System\srplfBm.exe

C:\Windows\System\dktshRo.exe

C:\Windows\System\dktshRo.exe

C:\Windows\System\sdyDUGn.exe

C:\Windows\System\sdyDUGn.exe

C:\Windows\System\PeWMqSL.exe

C:\Windows\System\PeWMqSL.exe

C:\Windows\System\YlnggqZ.exe

C:\Windows\System\YlnggqZ.exe

C:\Windows\System\yVekiIc.exe

C:\Windows\System\yVekiIc.exe

C:\Windows\System\gLthwlj.exe

C:\Windows\System\gLthwlj.exe

C:\Windows\System\RooXcWX.exe

C:\Windows\System\RooXcWX.exe

C:\Windows\System\PSRWkQN.exe

C:\Windows\System\PSRWkQN.exe

C:\Windows\System\EiQhRin.exe

C:\Windows\System\EiQhRin.exe

C:\Windows\System\eeBjDwC.exe

C:\Windows\System\eeBjDwC.exe

C:\Windows\System\fULLdLW.exe

C:\Windows\System\fULLdLW.exe

C:\Windows\System\ckJvMlx.exe

C:\Windows\System\ckJvMlx.exe

C:\Windows\System\JwkHVNP.exe

C:\Windows\System\JwkHVNP.exe

C:\Windows\System\owgVmZW.exe

C:\Windows\System\owgVmZW.exe

C:\Windows\System\NoTBJmD.exe

C:\Windows\System\NoTBJmD.exe

C:\Windows\System\XKAVzpt.exe

C:\Windows\System\XKAVzpt.exe

C:\Windows\System\iBahrXu.exe

C:\Windows\System\iBahrXu.exe

C:\Windows\System\NFnHjAg.exe

C:\Windows\System\NFnHjAg.exe

C:\Windows\System\iFaJZME.exe

C:\Windows\System\iFaJZME.exe

C:\Windows\System\NLPOXTC.exe

C:\Windows\System\NLPOXTC.exe

C:\Windows\System\mcYYXbI.exe

C:\Windows\System\mcYYXbI.exe

C:\Windows\System\tPMDkaL.exe

C:\Windows\System\tPMDkaL.exe

C:\Windows\System\BAovTod.exe

C:\Windows\System\BAovTod.exe

C:\Windows\System\gNoMFDW.exe

C:\Windows\System\gNoMFDW.exe

C:\Windows\System\lhkIdEQ.exe

C:\Windows\System\lhkIdEQ.exe

C:\Windows\System\rDeoKZC.exe

C:\Windows\System\rDeoKZC.exe

C:\Windows\System\XlMvqTD.exe

C:\Windows\System\XlMvqTD.exe

C:\Windows\System\yaiTQTd.exe

C:\Windows\System\yaiTQTd.exe

C:\Windows\System\gPpfjDT.exe

C:\Windows\System\gPpfjDT.exe

C:\Windows\System\jJVBvXb.exe

C:\Windows\System\jJVBvXb.exe

C:\Windows\System\pTLihEx.exe

C:\Windows\System\pTLihEx.exe

C:\Windows\System\WKDwQIY.exe

C:\Windows\System\WKDwQIY.exe

C:\Windows\System\CLtHBZn.exe

C:\Windows\System\CLtHBZn.exe

C:\Windows\System\jZMoWjK.exe

C:\Windows\System\jZMoWjK.exe

C:\Windows\System\yFchyuF.exe

C:\Windows\System\yFchyuF.exe

C:\Windows\System\CnEcsRg.exe

C:\Windows\System\CnEcsRg.exe

C:\Windows\System\LUrPNNp.exe

C:\Windows\System\LUrPNNp.exe

C:\Windows\System\kcLKxwa.exe

C:\Windows\System\kcLKxwa.exe

C:\Windows\System\LdniWzk.exe

C:\Windows\System\LdniWzk.exe

C:\Windows\System\OBmKDpl.exe

C:\Windows\System\OBmKDpl.exe

C:\Windows\System\oRgPMrb.exe

C:\Windows\System\oRgPMrb.exe

C:\Windows\System\asnknfI.exe

C:\Windows\System\asnknfI.exe

C:\Windows\System\UgaQSKY.exe

C:\Windows\System\UgaQSKY.exe

C:\Windows\System\WMqFUPE.exe

C:\Windows\System\WMqFUPE.exe

C:\Windows\System\FZOtXSz.exe

C:\Windows\System\FZOtXSz.exe

C:\Windows\System\ZIOacYC.exe

C:\Windows\System\ZIOacYC.exe

C:\Windows\System\yMWtDFi.exe

C:\Windows\System\yMWtDFi.exe

C:\Windows\System\kLMlnMW.exe

C:\Windows\System\kLMlnMW.exe

C:\Windows\System\yByaNOi.exe

C:\Windows\System\yByaNOi.exe

C:\Windows\System\cbHUnJD.exe

C:\Windows\System\cbHUnJD.exe

C:\Windows\System\XUwOqjz.exe

C:\Windows\System\XUwOqjz.exe

C:\Windows\System\Ykqofus.exe

C:\Windows\System\Ykqofus.exe

C:\Windows\System\ZSaKnKL.exe

C:\Windows\System\ZSaKnKL.exe

C:\Windows\System\iEbsEfq.exe

C:\Windows\System\iEbsEfq.exe

C:\Windows\System\AxwEGPY.exe

C:\Windows\System\AxwEGPY.exe

C:\Windows\System\mUcFbyB.exe

C:\Windows\System\mUcFbyB.exe

C:\Windows\System\XbzdMmk.exe

C:\Windows\System\XbzdMmk.exe

C:\Windows\System\lMCubgf.exe

C:\Windows\System\lMCubgf.exe

C:\Windows\System\wCpGzse.exe

C:\Windows\System\wCpGzse.exe

C:\Windows\System\mTloZkA.exe

C:\Windows\System\mTloZkA.exe

C:\Windows\System\HYNvbvG.exe

C:\Windows\System\HYNvbvG.exe

C:\Windows\System\MXYhoTa.exe

C:\Windows\System\MXYhoTa.exe

C:\Windows\System\HVjHhXG.exe

C:\Windows\System\HVjHhXG.exe

C:\Windows\System\OEUrVhs.exe

C:\Windows\System\OEUrVhs.exe

C:\Windows\System\AgyhzvK.exe

C:\Windows\System\AgyhzvK.exe

C:\Windows\System\TavijJO.exe

C:\Windows\System\TavijJO.exe

C:\Windows\System\nVncaIm.exe

C:\Windows\System\nVncaIm.exe

C:\Windows\System\JpAfYgE.exe

C:\Windows\System\JpAfYgE.exe

C:\Windows\System\XlQKQcF.exe

C:\Windows\System\XlQKQcF.exe

C:\Windows\System\mSIMeEM.exe

C:\Windows\System\mSIMeEM.exe

C:\Windows\System\xzZeeiR.exe

C:\Windows\System\xzZeeiR.exe

C:\Windows\System\GvPwTJO.exe

C:\Windows\System\GvPwTJO.exe

C:\Windows\System\jORPnBu.exe

C:\Windows\System\jORPnBu.exe

C:\Windows\System\TUdZuIY.exe

C:\Windows\System\TUdZuIY.exe

C:\Windows\System\UryRhcL.exe

C:\Windows\System\UryRhcL.exe

C:\Windows\System\bCceBkW.exe

C:\Windows\System\bCceBkW.exe

C:\Windows\System\NQaaoOl.exe

C:\Windows\System\NQaaoOl.exe

C:\Windows\System\UqfmuVB.exe

C:\Windows\System\UqfmuVB.exe

C:\Windows\System\smoQNmr.exe

C:\Windows\System\smoQNmr.exe

C:\Windows\System\VtmaFXr.exe

C:\Windows\System\VtmaFXr.exe

C:\Windows\System\gyosuCv.exe

C:\Windows\System\gyosuCv.exe

C:\Windows\System\NMHpwdM.exe

C:\Windows\System\NMHpwdM.exe

C:\Windows\System\NOhsGRn.exe

C:\Windows\System\NOhsGRn.exe

C:\Windows\System\dNOQZTZ.exe

C:\Windows\System\dNOQZTZ.exe

C:\Windows\System\tdRdgVq.exe

C:\Windows\System\tdRdgVq.exe

C:\Windows\System\uzfArHE.exe

C:\Windows\System\uzfArHE.exe

C:\Windows\System\lBotVpd.exe

C:\Windows\System\lBotVpd.exe

C:\Windows\System\fqAvDFz.exe

C:\Windows\System\fqAvDFz.exe

C:\Windows\System\CtZLXEt.exe

C:\Windows\System\CtZLXEt.exe

C:\Windows\System\mYOmqLY.exe

C:\Windows\System\mYOmqLY.exe

C:\Windows\System\UohiJXy.exe

C:\Windows\System\UohiJXy.exe

C:\Windows\System\fpAeqHO.exe

C:\Windows\System\fpAeqHO.exe

C:\Windows\System\IMGPJHZ.exe

C:\Windows\System\IMGPJHZ.exe

C:\Windows\System\yJaxYam.exe

C:\Windows\System\yJaxYam.exe

C:\Windows\System\BkcoGrD.exe

C:\Windows\System\BkcoGrD.exe

C:\Windows\System\TFOmvKW.exe

C:\Windows\System\TFOmvKW.exe

C:\Windows\System\UMhWTAK.exe

C:\Windows\System\UMhWTAK.exe

C:\Windows\System\KDVvlsy.exe

C:\Windows\System\KDVvlsy.exe

C:\Windows\System\OOXtHoG.exe

C:\Windows\System\OOXtHoG.exe

C:\Windows\System\kZmDmuB.exe

C:\Windows\System\kZmDmuB.exe

C:\Windows\System\NVhpPCn.exe

C:\Windows\System\NVhpPCn.exe

C:\Windows\System\lEgsjdA.exe

C:\Windows\System\lEgsjdA.exe

C:\Windows\System\CygoIpj.exe

C:\Windows\System\CygoIpj.exe

C:\Windows\System\bKuKlzp.exe

C:\Windows\System\bKuKlzp.exe

C:\Windows\System\gHyRExk.exe

C:\Windows\System\gHyRExk.exe

C:\Windows\System\dOSgtKy.exe

C:\Windows\System\dOSgtKy.exe

C:\Windows\System\bjDVOQy.exe

C:\Windows\System\bjDVOQy.exe

C:\Windows\System\jirHxrx.exe

C:\Windows\System\jirHxrx.exe

C:\Windows\System\LdONRpI.exe

C:\Windows\System\LdONRpI.exe

C:\Windows\System\eYSUNII.exe

C:\Windows\System\eYSUNII.exe

C:\Windows\System\OuppyiN.exe

C:\Windows\System\OuppyiN.exe

C:\Windows\System\KcyxZUZ.exe

C:\Windows\System\KcyxZUZ.exe

C:\Windows\System\arTzULD.exe

C:\Windows\System\arTzULD.exe

C:\Windows\System\zjXWuNQ.exe

C:\Windows\System\zjXWuNQ.exe

C:\Windows\System\uktOZss.exe

C:\Windows\System\uktOZss.exe

C:\Windows\System\okmPfqZ.exe

C:\Windows\System\okmPfqZ.exe

C:\Windows\System\vpPOoiW.exe

C:\Windows\System\vpPOoiW.exe

C:\Windows\System\RdhozGq.exe

C:\Windows\System\RdhozGq.exe

C:\Windows\System\jTcmcul.exe

C:\Windows\System\jTcmcul.exe

C:\Windows\System\PwVuztq.exe

C:\Windows\System\PwVuztq.exe

C:\Windows\System\QJxxYlT.exe

C:\Windows\System\QJxxYlT.exe

C:\Windows\System\GtQGGPg.exe

C:\Windows\System\GtQGGPg.exe

C:\Windows\System\UNdXSKk.exe

C:\Windows\System\UNdXSKk.exe

C:\Windows\System\aPvtPyJ.exe

C:\Windows\System\aPvtPyJ.exe

C:\Windows\System\wgfZQuY.exe

C:\Windows\System\wgfZQuY.exe

C:\Windows\System\BVOinJs.exe

C:\Windows\System\BVOinJs.exe

C:\Windows\System\BSOzErf.exe

C:\Windows\System\BSOzErf.exe

C:\Windows\System\vRvlNRP.exe

C:\Windows\System\vRvlNRP.exe

C:\Windows\System\QhqvVjZ.exe

C:\Windows\System\QhqvVjZ.exe

C:\Windows\System\duMpOlG.exe

C:\Windows\System\duMpOlG.exe

C:\Windows\System\TpnJRCu.exe

C:\Windows\System\TpnJRCu.exe

C:\Windows\System\vBzczUv.exe

C:\Windows\System\vBzczUv.exe

C:\Windows\System\koDLjEA.exe

C:\Windows\System\koDLjEA.exe

C:\Windows\System\aOUOAnl.exe

C:\Windows\System\aOUOAnl.exe

C:\Windows\System\HiZFNBh.exe

C:\Windows\System\HiZFNBh.exe

C:\Windows\System\sOEazfq.exe

C:\Windows\System\sOEazfq.exe

C:\Windows\System\EWIWVvF.exe

C:\Windows\System\EWIWVvF.exe

C:\Windows\System\YqdyfDt.exe

C:\Windows\System\YqdyfDt.exe

C:\Windows\System\eieltfA.exe

C:\Windows\System\eieltfA.exe

C:\Windows\System\nogcaZA.exe

C:\Windows\System\nogcaZA.exe

C:\Windows\System\xvhANhF.exe

C:\Windows\System\xvhANhF.exe

C:\Windows\System\dElgYAF.exe

C:\Windows\System\dElgYAF.exe

C:\Windows\System\lTCaHfI.exe

C:\Windows\System\lTCaHfI.exe

C:\Windows\System\XfojICY.exe

C:\Windows\System\XfojICY.exe

C:\Windows\System\mdxUFEB.exe

C:\Windows\System\mdxUFEB.exe

C:\Windows\System\ANLffvK.exe

C:\Windows\System\ANLffvK.exe

C:\Windows\System\kQbxnZv.exe

C:\Windows\System\kQbxnZv.exe

C:\Windows\System\ucboqid.exe

C:\Windows\System\ucboqid.exe

C:\Windows\System\GGjpjHb.exe

C:\Windows\System\GGjpjHb.exe

C:\Windows\System\AhkkRno.exe

C:\Windows\System\AhkkRno.exe

C:\Windows\System\wtEyHbr.exe

C:\Windows\System\wtEyHbr.exe

C:\Windows\System\BKUTpQb.exe

C:\Windows\System\BKUTpQb.exe

C:\Windows\System\DlgwQCe.exe

C:\Windows\System\DlgwQCe.exe

C:\Windows\System\AIHHbCv.exe

C:\Windows\System\AIHHbCv.exe

C:\Windows\System\qusWLaE.exe

C:\Windows\System\qusWLaE.exe

C:\Windows\System\WttZwdG.exe

C:\Windows\System\WttZwdG.exe

C:\Windows\System\fwGnMui.exe

C:\Windows\System\fwGnMui.exe

C:\Windows\System\vplqkoa.exe

C:\Windows\System\vplqkoa.exe

C:\Windows\System\cfiOAPT.exe

C:\Windows\System\cfiOAPT.exe

C:\Windows\System\AvFjHUy.exe

C:\Windows\System\AvFjHUy.exe

C:\Windows\System\btgLAdY.exe

C:\Windows\System\btgLAdY.exe

C:\Windows\System\sZumZnH.exe

C:\Windows\System\sZumZnH.exe

C:\Windows\System\fwkQbVY.exe

C:\Windows\System\fwkQbVY.exe

C:\Windows\System\WAjsjuu.exe

C:\Windows\System\WAjsjuu.exe

C:\Windows\System\ZRUOnBP.exe

C:\Windows\System\ZRUOnBP.exe

C:\Windows\System\TYgkwxN.exe

C:\Windows\System\TYgkwxN.exe

C:\Windows\System\MOdPArI.exe

C:\Windows\System\MOdPArI.exe

C:\Windows\System\vxClgJw.exe

C:\Windows\System\vxClgJw.exe

C:\Windows\System\dSbSzOZ.exe

C:\Windows\System\dSbSzOZ.exe

C:\Windows\System\HbQTxrK.exe

C:\Windows\System\HbQTxrK.exe

C:\Windows\System\gHLoxFv.exe

C:\Windows\System\gHLoxFv.exe

C:\Windows\System\yNSrVNz.exe

C:\Windows\System\yNSrVNz.exe

C:\Windows\System\ELbFtrn.exe

C:\Windows\System\ELbFtrn.exe

C:\Windows\System\UBleJed.exe

C:\Windows\System\UBleJed.exe

C:\Windows\System\NOJVjzN.exe

C:\Windows\System\NOJVjzN.exe

C:\Windows\System\zcoWEBj.exe

C:\Windows\System\zcoWEBj.exe

C:\Windows\System\XiCmaiU.exe

C:\Windows\System\XiCmaiU.exe

C:\Windows\System\SCnQtxP.exe

C:\Windows\System\SCnQtxP.exe

C:\Windows\System\DYfwDvG.exe

C:\Windows\System\DYfwDvG.exe

C:\Windows\System\GJoHSAP.exe

C:\Windows\System\GJoHSAP.exe

C:\Windows\System\VXxOvSQ.exe

C:\Windows\System\VXxOvSQ.exe

C:\Windows\System\SadTtLO.exe

C:\Windows\System\SadTtLO.exe

C:\Windows\System\aBkvzHH.exe

C:\Windows\System\aBkvzHH.exe

C:\Windows\System\KgfEokE.exe

C:\Windows\System\KgfEokE.exe

C:\Windows\System\vAxbTaT.exe

C:\Windows\System\vAxbTaT.exe

C:\Windows\System\loGlFiK.exe

C:\Windows\System\loGlFiK.exe

C:\Windows\System\dwPSEKO.exe

C:\Windows\System\dwPSEKO.exe

C:\Windows\System\LvPLgCp.exe

C:\Windows\System\LvPLgCp.exe

C:\Windows\System\ZvOfqOv.exe

C:\Windows\System\ZvOfqOv.exe

C:\Windows\System\mAyEpeq.exe

C:\Windows\System\mAyEpeq.exe

C:\Windows\System\icKLtLi.exe

C:\Windows\System\icKLtLi.exe

C:\Windows\System\CImexXw.exe

C:\Windows\System\CImexXw.exe

C:\Windows\System\NzYOCWX.exe

C:\Windows\System\NzYOCWX.exe

C:\Windows\System\eceobqh.exe

C:\Windows\System\eceobqh.exe

C:\Windows\System\pNhNnWV.exe

C:\Windows\System\pNhNnWV.exe

C:\Windows\System\aONaSLu.exe

C:\Windows\System\aONaSLu.exe

C:\Windows\System\IuCQbRN.exe

C:\Windows\System\IuCQbRN.exe

C:\Windows\System\mnbgEEn.exe

C:\Windows\System\mnbgEEn.exe

C:\Windows\System\RaXjBGj.exe

C:\Windows\System\RaXjBGj.exe

C:\Windows\System\mQefAJr.exe

C:\Windows\System\mQefAJr.exe

C:\Windows\System\xOiDdro.exe

C:\Windows\System\xOiDdro.exe

C:\Windows\System\nmabBIt.exe

C:\Windows\System\nmabBIt.exe

C:\Windows\System\pfRLTpW.exe

C:\Windows\System\pfRLTpW.exe

C:\Windows\System\AgbDJEi.exe

C:\Windows\System\AgbDJEi.exe

C:\Windows\System\rxTqwob.exe

C:\Windows\System\rxTqwob.exe

C:\Windows\System\AXJbidh.exe

C:\Windows\System\AXJbidh.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1700-0-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/1700-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\lkQHacC.exe

MD5 7bed83ca2e15d56bb6e099020458c392
SHA1 53a2c9a656990ec5b7ffe7f663b0fe4838f79a00
SHA256 3ecbd2fc458edb82b3afdeb8647df99694665914c09ae5a24fcaf3a603b58b5c
SHA512 a9d607fb2127fca321e2d4dd37c34562e3aff3d1ce63226b0eaeb7618a6a30b864297844d39607b6abae544228662b2568dfe8c853033cf40053cf5cbf6e22ee

memory/1700-6-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1944-9-0x000000013F2D0000-0x000000013F624000-memory.dmp

\Windows\system\JDNDaJE.exe

MD5 8c62a52af0dd3db415a2f1322231fb00
SHA1 39b4c23cc4f3cc5688ee6af837a42fb74d60f7b4
SHA256 ea2e60f39ea4ddd2cbb3b7a4cfeae91550bab3a3f16e36a77c46e1de1c0229a2
SHA512 a6364f7db3ebcfcd092401c6e1ad04342b3c972d134fcb0e79be4a9f6a8786159a19c9d2983d23e686371e465b993f2af0367e465c2b5cf14c31439069379cfd

\Windows\system\ClfsiYD.exe

MD5 b267a6324855e02b4871f889e499512f
SHA1 d837d0d8744763d2a7faddd08d2982a073f24147
SHA256 e093f5bb5802135a2205a9a2fc271f9a675d2cb3302737e11218c021c42690c5
SHA512 21eb7642739ab0b001bd87b7850ae486211eb2183bcda40596d8154c4a76edc86307f5aea06377e2c24df6dee83155dfc2d6b9e8df9916098d1f9f79351c60ff

C:\Windows\system\tnUdgbe.exe

MD5 8c06f7d0bb982200d08071a1672f73cd
SHA1 1a6ae9429eeb39c1d9aa98810cc89a11eabe2189
SHA256 3515a6c8c7ea7ee8716b1129eaa65a91bf005a55560abf9f319af40bce6b17a0
SHA512 89ca9da10c38fd2937b9f7cd0d1b36dd143a774ed25b1028545ef1791e17e65e0fcabd439be5a617c25984588ee4bf1c6ec80f4c6398da38d09260b05b50b699

memory/2472-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/1700-26-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/1700-24-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2468-23-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2576-19-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2640-35-0x000000013F390000-0x000000013F6E4000-memory.dmp

\Windows\system\WsiEfoC.exe

MD5 c0d5328668d3ce0f002e7cb1c4a8474e
SHA1 4c58850068b496e819fef36762ad899982c00f2c
SHA256 5368b9523e841b9a23f0a7689f0a13793e069961c8de8dcac9dbe6ad91bee6da
SHA512 81ec8ad2f939480db8d0e4666c0d7d6971989795481996dc98bd33c754fb4814f758dd7b8dc84605b00f097544ca6f8eaed0a4a686167f81d0358fd6aeb16ab2

memory/1700-34-0x0000000002010000-0x0000000002364000-memory.dmp

C:\Windows\system\PrgxlUb.exe

MD5 3c7b446ac37affe8bb7037aa97e9257f
SHA1 b9860f1b1465d96fb8d9f5c1f02d1456650cbcd6
SHA256 1d473643d9c4bdf5ee0309cdf41ebaa29dc852da25316b061a8205bd62c2e6c8
SHA512 8e94885701a0824bf1ff2c372855ed3fbb20b7afd696eabd85d16af993e85ecaeca6759268c41d59314c28dfbbe20a3b968eacb812a99e09f68d79323d8762e8

memory/1700-38-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2644-43-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/1944-53-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2404-50-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2600-58-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2576-57-0x000000013F450000-0x000000013F7A4000-memory.dmp

C:\Windows\system\ErMmoTO.exe

MD5 a77fd6140e52aa992c183047dcd37fce
SHA1 d1e716340f360f6ae304f5addbbcc321ccb883e9
SHA256 1eb7a2b2c7ee73c60ae9e5ffc971b42c803559f1cf4956fd06712b9294c6ec8f
SHA512 1a3a9e147f23c120e650d122ddf336529d757ab1d1616f5d955c34c71c45590e3d4de01081380d14c8fe0016c8fabb731a18c738adfdecb11ee590e936c81136

memory/1700-46-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1700-45-0x000000013F360000-0x000000013F6B4000-memory.dmp

C:\Windows\system\DjUgxcI.exe

MD5 3fa0c68d9e12ee90d3af867d2f5d0cf9
SHA1 9159e132532fc03df7d43f183e54680956e52238
SHA256 646b799119b6a1ddadea79b3c84b7601bedb1a8d75d587b35d0650640dba29a4
SHA512 b30f387bc879428c66b7569d2af833a38e885b0d74ed062a5c4e01311c476f9e43ab3ce5d16e994e8619cc95de6dfeecfbbcc1767d2025fa23d72440d23a10d3

\Windows\system\mrfhjGX.exe

MD5 6c506e9d2a09f270b7da9d8b10cec6cc
SHA1 d12914c7676dc8ec9c9b71097238ec1eaf90c44e
SHA256 0a1db0d843c6945cb113edd7e5e7291ddc490f37a142b87234de7ee713eb684a
SHA512 210460fd6091ddea79ce313929015f1f98580905fadcaf67b6778879d7791e8447d2adf767d5f33f8aa853aa6e0219076d9079f58a7a1160549fcaf598103d97

\Windows\system\EgaHrNN.exe

MD5 d749053162fe8b55b5d793336a0bc7a7
SHA1 ef66c643435340128b7acf9e5fc46e48d7b7bbd1
SHA256 2013ad8a87100d821aeb9e950e1514fdcb564ad7652b393a740ba2b060b41a35
SHA512 9694bec07338185486db833325301ab2fc85e982451850655f00acf5b786d1be13581a47038c5773712cf1de7e35464fc07db2429a36c8d11021dbefc842d543

memory/2416-72-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2840-74-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/1700-73-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1700-71-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2468-67-0x000000013FC10000-0x000000013FF64000-memory.dmp

\Windows\system\ERYaseM.exe

MD5 9acaed3d9f0af960fb8040bac4735344
SHA1 a19618d567c1497a58275af271b450d63a2dbd90
SHA256 abc8c8856cd1654b1931194345b02dd7a2f8655517969c88af9a22187f3b1a06
SHA512 e298aaa76688113ed7cf834dbc5e5385ba6e3db809c16b90290d21849b640cafcdd44c28d3b7e6a6e19ce3637bfa16c38de54ff1f151b61bfc19bcface0373a6

memory/2472-78-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2640-82-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2848-83-0x000000013F3E0000-0x000000013F734000-memory.dmp

memory/1700-81-0x0000000002010000-0x0000000002364000-memory.dmp

C:\Windows\system\afNakCS.exe

MD5 efbc5179c3f919c2ec70903c36fb7800
SHA1 5e400cb9605200918dd18a99c6a1c34689d169d6
SHA256 2e2b76268755721a7ef07288ec67d0f39ef55581a992e4e6826f38bb4abaf0c5
SHA512 fbd7281603dab37eac519579655ac0029501d0c75e408143b744ca1ef53cad89899df94516dac83103e89a5fe6347a27eeb14f51304c35d603651f77f8f4b38c

memory/1468-90-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

memory/1700-89-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

memory/1700-94-0x000000013F700000-0x000000013FA54000-memory.dmp

\Windows\system\sYtALLn.exe

MD5 9306c7b30521419c66e240bb622b23b6
SHA1 a5df217f472552a43d8e3584800ef6ed1dfe859a
SHA256 2b441a34426a1712339d2161c5b564d862d9ba41cfcdffe5ffb7ddbc53c18c32
SHA512 3453f610493c3cc283f38997bd87d160ed4a389275c4976dc17002a7d2597bbfa7d36078275e49d2c5060e2050c539be48d94f96fa8fa65f692e6629a99b6750

memory/1328-97-0x000000013F700000-0x000000013FA54000-memory.dmp

C:\Windows\system\uVpmEDJ.exe

MD5 1c53ce8bf9645bed35e9011cb7285efa
SHA1 3c505d9354af97e9005e080a6d1d9c769a5f2be3
SHA256 c66e8d3e876679d2633866bd9e5f47441298250644b9cd5152ef848a8021f8a0
SHA512 e82628965f8814e82cf592414b8281f1e5417b05b2e3db232d30d257579baa2adec71a1e2f64339d57df5dcec4117aeaf9dfae63b948d2fd5efe8327fa8acdab

memory/2620-105-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/1700-104-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2404-101-0x000000013F250000-0x000000013F5A4000-memory.dmp

\Windows\system\rRGDekp.exe

MD5 936592f560cca12290d6a6dc431a81f6
SHA1 3f80f48fbd955b9d4e1d3511c664f826d674b1bd
SHA256 679ab20e68b5ca081b3804d3724e4dcb86d606c5b4415450805fd1e084d684d6
SHA512 132e41baf48671af7ef309f965ce5f7a57c9cb351312e649f8901eeba9ec50e4229db81d64d07d3c8a87aa8c8a587f6eaa5002793c36c3fc5c12f9acd058d99e

memory/1700-109-0x0000000002010000-0x0000000002364000-memory.dmp

\Windows\system\LYFuaBe.exe

MD5 66961ab32c749c65edcd3d415691a0a3
SHA1 e8239cc8bfebd552ad842ea812d93f6dc07715cc
SHA256 ce20c8fc9bd7ed5c655fe65815ca87b73d52676a7f5b24445af152bb2a5e5e6d
SHA512 af8d4d35cb4e829a4bc868f91ae09bbfe29a4760b47aeb303b7cae02a93a38db2a2e969614b3583a13f6bda90611d45af5c0c8d18b72a50460001b6c71060496

\Windows\system\PZWUVKt.exe

MD5 eca12861ee17d49c0a43b65241aaef8c
SHA1 a247623b4dc7844315e2c9b040bf4678d47cde0b
SHA256 d7cc987ad4e8a8fac8b0ddada57a4f736ae9e4dd8242bd5753d1951470617d8c
SHA512 1bc6935e55ce09d8a89e26c13bc761768b5612ca0f428985ab2e4ddb298fa0b5c8b31f18c07e6ecb99449888f2ae4e6d1ff51fd390164d873049b1c525d4d179

C:\Windows\system\ZxVFCLV.exe

MD5 ad6e0b7e007513f89dc25f307619fc5b
SHA1 28d220e4ba25f7d2cb100c55c051bd073698369c
SHA256 954edf035b387d2d3d73c376ec780d6a09237339f9da8c341a6dd628aae99320
SHA512 a09445daacadd9d7c8db7c61551b7cf8ebfd5131ebc931456d6f2ab166b0fa33ca4bae8fae68f3e4169e2caa54887328ec19b4f6618700b421d34aeaade8d689

C:\Windows\system\jrybOBw.exe

MD5 865c3ae760e03c3147d29d1e395fa612
SHA1 f94a25b9700653b43fa34f07a8a5bec1e5e010ad
SHA256 26a722dc9dfea8f464902b6af49da3677f3ce153aa7a99836f20b36aeb3ae8fe
SHA512 092f969f7f69d336b8c696ad9bb41d9f456bcf743fd454ae57259ddd11766c1648b4e40a0486fedcc5e60afa5ab1ebcf602b012152f6ce9d5a0e4edabfd4a8fe

C:\Windows\system\GVhxrPj.exe

MD5 7c113f66f5245d69b9b369f8a5869e87
SHA1 0753181284f21ed78743b6c033e057a20bbc11c2
SHA256 7b6c4dceb44132529a03643c8e6ab6ba337ef5b10d0b6e0757afc0b28d4ede8d
SHA512 ca0ec2c1c5ef308f583c0616c43ed6a35bff1cb13927e63c1a8a13c3d0a59533eec90ed48cb1671f0e61a5e246637262a96709c807f37739b8952c64cfc40186

\Windows\system\bjBFKKf.exe

MD5 4fd9368d966c827f9eb3826632578d1b
SHA1 2dc0a282d4ccea43646a2613538c800224b27762
SHA256 4ef073b8931d42cb36f5a50d453e3886fff11d65411f212933229201bbce9f1a
SHA512 b35d8d25f034d3a753b68702ec6ea452abd49de80faafe5177f4b11ca4f90efaee46a8abfc27db2a51f579f7b71f0267151514ce668f0f770272b85f800f0b9e

C:\Windows\system\Rrhcduq.exe

MD5 a7042d03d4d43f683fd77bfc6f0eadcb
SHA1 db2b55a775a47204ad47aa34c996362fa7ffe932
SHA256 4eb20ea28e385bb96506165919e23f70bf20a6dc4fd7920e935dd8917b59d2b0
SHA512 432f0495f7012c760140e545fde02a274e092fd9ccbf703856d9719859ca4248a48fed2edafbf4f37820fbd202705895b66ce0de63827670c20d87c90895d3cb

C:\Windows\system\WQeCvTA.exe

MD5 248147f72101617bb5bb0b1d4570279b
SHA1 7dc3699461e17408c2d62204d144b26605579e85
SHA256 42ff56bc83e149636991801e489144a8acab0bdb5a37b43aef14b11463c89a02
SHA512 fcfe8c3fcfd8cfa81bb5bab5bbe21e0cfc0422fe36ecf00aab7bfcd45316d5de73dae23dabc7a07e284864a6bde4a23f1ff5daabb4aefbe4d61b7b5e03136ad3

C:\Windows\system\kwSOWyt.exe

MD5 1998e448104b2fd1732741bc161e524a
SHA1 cba7f8c74c2a78e32739d70c14a1601aa5f777cc
SHA256 9acd14811fa3dd317d774c277121c9933825a2d00d62458de5983df58c09a63a
SHA512 05492956bb802694ea730dbec22c4be3438e7e15548005de3e706d02120a4a8413d40855d56e7b68ba220398e7efa6d13c4de148e03922fa7b17948d559dd8fb

memory/2600-259-0x000000013F770000-0x000000013FAC4000-memory.dmp

C:\Windows\system\qpbuAwD.exe

MD5 7d0cf479666bca579d9167c3148995db
SHA1 b56f72d1b2418cdd6e70f7a36e7b98145f084788
SHA256 f5bb0b08b022ca5b15e5f120b8e63e72afef5a6a6358edd6a4d49e65c4b6746d
SHA512 1d6914e708894193ceb2f027f0f0e2598083f725e6db29f83d79799e7c08a21a4fc80b0964de687c41512d759d7bf1aceb63b4d273324b328956559e097b1168

C:\Windows\system\rDafUyw.exe

MD5 6de98194fed351206e40a1420c7274ca
SHA1 9bc2804c2c6d283ce7694d4365d43a8abcfc4c4b
SHA256 d1c7b1538845cef7975f99abc106ac70118f3c0dd07c06749e589e78556e06d9
SHA512 4649ffe81f1dec1257ce9fa470542245cd56ee9a7fc5d4428f91150fa16f3cdf1188310fd464b73f0f17d456eaa385801b4cad2af13b8d51a6fd46081c96c44d

C:\Windows\system\iLySPuk.exe

MD5 a44cd406fb242855ee15313dd6e39709
SHA1 f01295f8e290e5a28d2294b3585ef451960344a4
SHA256 ed1efa3fce3fca80b035a5c633127d9a40e286f7c8b2eccde1ad1b50a9878831
SHA512 09ce4246df1863aff06a9740bb69f23d750f291d445df9264a9c0ac5f50ff5b8a2755c0077e6e079972a9b13b80a5efe90deaed224eb24acbabbed3bc3dcadae

C:\Windows\system\upSlaDm.exe

MD5 b54c999a5fbd60cdb78b03dff8ca549e
SHA1 45036a693edf703078abe05df72a426d90dbe414
SHA256 bdb46848b085bc99341603bf45b6795096b9e685d02c756fb04650ec9746b86e
SHA512 f70eb9f1dca6cf4d46a8d780ae902be03613e23c273e9328ca0d2d9c1325ac17fa520ac739391f681ea8ada4bb32f2113c6b97c42b8b567aaeb09ab8c5d4c78a

C:\Windows\system\nomUAlm.exe

MD5 53700516c6aae7188731406a914014be
SHA1 94155ea3c73a0eded7356e7ee0ad643379b6165a
SHA256 fb63c3473be540fcf752b7f32be6fabdbf8b70f28b658c0301af0c308fa11c33
SHA512 0eb8d324df04fb987da64d89d2dec34f182c6dd07b77f0edafe92b49dc166a4012ae9d8defad886a4ee541af1b95c13cc400e3c13ca1d9cacb2b225c76dfcb1f

C:\Windows\system\VYxnuli.exe

MD5 b0572564958a80b7871381c16980aa3f
SHA1 d2aaa15d78bb1bfdc5494a65c4082d0346ce2542
SHA256 dca64b070a50fc3b0212c48d8a1301fad2055b33fba79405c6c9e291075d6b86
SHA512 1b0d451924a1becc7e399342d0998dc3c328cb7778847344b83e4b7f338198cba4193c44134f0a1ad920f5b16ef4cc32abc53c9568ae6b7390cd903e728d9793

C:\Windows\system\wrdmhGj.exe

MD5 6c2a47d0ed090a439d6e21ced92ea842
SHA1 b101bf4c281230478dea0f3f58c84d61ab8eb7ad
SHA256 acd254f25463d40aa3e8f18d6ab3bc711902fe8bf9799bcfe5eb3455f0b593c8
SHA512 ab2ef8c7b758483403424a2722cf0bb683dba1c514977c193ed181541487a51f49755c6b5e53520c51527cc43973f6c489443b83d7f2d9cda5e16cdc19ff3041

C:\Windows\system\eAWUduC.exe

MD5 7cffd528e163e0c9621e940b01409d0d
SHA1 b7949804a4ed37d1ce4fd5d6c29fda234995bd57
SHA256 3f8423d1f4ad9c3940be37564bb536267db9836fba039139b4da4d676c32fe53
SHA512 bb5e55708693da3044fefb1b39f2ff40ae95d65c2b01297e32b0d2813bc34931d75731dea459d348a24a3f7569fbfe2ca99a54d8d34514401acf43a13f4737e8

memory/1700-1076-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1700-1077-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1700-1078-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1700-1079-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

memory/1700-1080-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/1328-1081-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/1700-1082-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/1700-1083-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1944-1084-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2468-1085-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2576-1086-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2472-1087-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2640-1088-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2644-1089-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2404-1090-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2600-1091-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2416-1092-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2840-1093-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/2848-1094-0x000000013F3E0000-0x000000013F734000-memory.dmp

memory/1468-1095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

memory/1328-1096-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2620-1097-0x000000013FFB0000-0x0000000140304000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 11:18

Reported

2024-06-01 11:20

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oVlmtDv.exe N/A
N/A N/A C:\Windows\System\emGDctt.exe N/A
N/A N/A C:\Windows\System\ddOXsjG.exe N/A
N/A N/A C:\Windows\System\UnGnBCP.exe N/A
N/A N/A C:\Windows\System\nadsGBW.exe N/A
N/A N/A C:\Windows\System\YJMrtWP.exe N/A
N/A N/A C:\Windows\System\NbKWgBX.exe N/A
N/A N/A C:\Windows\System\WqNcCed.exe N/A
N/A N/A C:\Windows\System\QOrPASq.exe N/A
N/A N/A C:\Windows\System\ayJQQkB.exe N/A
N/A N/A C:\Windows\System\ocWEPgZ.exe N/A
N/A N/A C:\Windows\System\ygJMnRZ.exe N/A
N/A N/A C:\Windows\System\WiuQKiX.exe N/A
N/A N/A C:\Windows\System\alErfRH.exe N/A
N/A N/A C:\Windows\System\qxqBhzZ.exe N/A
N/A N/A C:\Windows\System\vBbDHQp.exe N/A
N/A N/A C:\Windows\System\tvzmpex.exe N/A
N/A N/A C:\Windows\System\BzXhMdK.exe N/A
N/A N/A C:\Windows\System\UvmHhkZ.exe N/A
N/A N/A C:\Windows\System\ohDjzIa.exe N/A
N/A N/A C:\Windows\System\ulFqVEN.exe N/A
N/A N/A C:\Windows\System\wHxWJQT.exe N/A
N/A N/A C:\Windows\System\XJJxzmQ.exe N/A
N/A N/A C:\Windows\System\zkafDiL.exe N/A
N/A N/A C:\Windows\System\xzpPibT.exe N/A
N/A N/A C:\Windows\System\oFfZCla.exe N/A
N/A N/A C:\Windows\System\yHnDlJV.exe N/A
N/A N/A C:\Windows\System\inoyBRe.exe N/A
N/A N/A C:\Windows\System\oowDDSw.exe N/A
N/A N/A C:\Windows\System\SMSPxPH.exe N/A
N/A N/A C:\Windows\System\OqPnouv.exe N/A
N/A N/A C:\Windows\System\dGWEXqd.exe N/A
N/A N/A C:\Windows\System\rSoeiBn.exe N/A
N/A N/A C:\Windows\System\qMXgeqb.exe N/A
N/A N/A C:\Windows\System\NLVoasf.exe N/A
N/A N/A C:\Windows\System\FTVnUQW.exe N/A
N/A N/A C:\Windows\System\PtrkUyU.exe N/A
N/A N/A C:\Windows\System\IsmGCua.exe N/A
N/A N/A C:\Windows\System\lyOUZbW.exe N/A
N/A N/A C:\Windows\System\NsxHKcK.exe N/A
N/A N/A C:\Windows\System\iKncuFq.exe N/A
N/A N/A C:\Windows\System\lHkbIdO.exe N/A
N/A N/A C:\Windows\System\XXYZsxk.exe N/A
N/A N/A C:\Windows\System\jAbCBhq.exe N/A
N/A N/A C:\Windows\System\UxGXnCD.exe N/A
N/A N/A C:\Windows\System\PWjqucV.exe N/A
N/A N/A C:\Windows\System\QHrASdq.exe N/A
N/A N/A C:\Windows\System\OBpXjbL.exe N/A
N/A N/A C:\Windows\System\aMxssfC.exe N/A
N/A N/A C:\Windows\System\uOlxIcy.exe N/A
N/A N/A C:\Windows\System\TXSZxUr.exe N/A
N/A N/A C:\Windows\System\vxBIcwC.exe N/A
N/A N/A C:\Windows\System\JAmfFwn.exe N/A
N/A N/A C:\Windows\System\AgdenRn.exe N/A
N/A N/A C:\Windows\System\COyhvey.exe N/A
N/A N/A C:\Windows\System\YLiEjwj.exe N/A
N/A N/A C:\Windows\System\UZIGKHl.exe N/A
N/A N/A C:\Windows\System\vlelkrd.exe N/A
N/A N/A C:\Windows\System\pYFKYAt.exe N/A
N/A N/A C:\Windows\System\DmlvcSJ.exe N/A
N/A N/A C:\Windows\System\IGdZrEx.exe N/A
N/A N/A C:\Windows\System\aikSRmo.exe N/A
N/A N/A C:\Windows\System\ACuYTah.exe N/A
N/A N/A C:\Windows\System\ukbqcgf.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tJFGJDR.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgLLJfP.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdeakkI.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OboXuMX.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYLeKmS.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsxHKcK.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdpcbDL.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGdZrEx.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUnuUnT.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmkpZDp.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHuzldE.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JdrVqVX.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\srqxGvs.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddOXsjG.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJMrtWP.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ETEOCfD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkPwVPs.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\neKczAJ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gwmlgpb.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nspVJeR.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\eAHoFsU.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXUgUEX.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEXYmzq.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\tozdrUT.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\COyhvey.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOSjUip.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRlkcid.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPqWkUq.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVlIypD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPdqQyZ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vNBbTlS.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MXHYUuU.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lNPzygx.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVxJUHQ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKncuFq.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHkbIdO.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxhvpwE.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGUPbXX.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocWEPgZ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWWDERl.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\trKOGSK.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFstxXB.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFZcDqU.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggkgOMQ.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCbiRMD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrMggfa.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzKanua.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgIzAFf.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnQYibc.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yiZnehA.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGwjkXN.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aikSRmo.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\sbdlrSD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTieKVt.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmHtAPA.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyAhhfb.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgdenRn.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UYlIzFc.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\kvzeHdj.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXsKsgi.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEIHZfI.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpTeFWD.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktbTKCr.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRarhaG.exe C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2536 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oVlmtDv.exe
PID 2536 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oVlmtDv.exe
PID 2536 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\emGDctt.exe
PID 2536 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\emGDctt.exe
PID 2536 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ddOXsjG.exe
PID 2536 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ddOXsjG.exe
PID 2536 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\UnGnBCP.exe
PID 2536 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\UnGnBCP.exe
PID 2536 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\nadsGBW.exe
PID 2536 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\nadsGBW.exe
PID 2536 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\YJMrtWP.exe
PID 2536 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\YJMrtWP.exe
PID 2536 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\NbKWgBX.exe
PID 2536 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\NbKWgBX.exe
PID 2536 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WqNcCed.exe
PID 2536 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WqNcCed.exe
PID 2536 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ocWEPgZ.exe
PID 2536 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ocWEPgZ.exe
PID 2536 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\QOrPASq.exe
PID 2536 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\QOrPASq.exe
PID 2536 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\alErfRH.exe
PID 2536 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\alErfRH.exe
PID 2536 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ayJQQkB.exe
PID 2536 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ayJQQkB.exe
PID 2536 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ygJMnRZ.exe
PID 2536 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ygJMnRZ.exe
PID 2536 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WiuQKiX.exe
PID 2536 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\WiuQKiX.exe
PID 2536 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\qxqBhzZ.exe
PID 2536 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\qxqBhzZ.exe
PID 2536 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\UvmHhkZ.exe
PID 2536 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\UvmHhkZ.exe
PID 2536 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\vBbDHQp.exe
PID 2536 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\vBbDHQp.exe
PID 2536 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\tvzmpex.exe
PID 2536 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\tvzmpex.exe
PID 2536 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\BzXhMdK.exe
PID 2536 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\BzXhMdK.exe
PID 2536 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ohDjzIa.exe
PID 2536 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ohDjzIa.exe
PID 2536 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ulFqVEN.exe
PID 2536 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\ulFqVEN.exe
PID 2536 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\wHxWJQT.exe
PID 2536 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\wHxWJQT.exe
PID 2536 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\XJJxzmQ.exe
PID 2536 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\XJJxzmQ.exe
PID 2536 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\zkafDiL.exe
PID 2536 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\zkafDiL.exe
PID 2536 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\xzpPibT.exe
PID 2536 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\xzpPibT.exe
PID 2536 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oFfZCla.exe
PID 2536 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oFfZCla.exe
PID 2536 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\yHnDlJV.exe
PID 2536 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\yHnDlJV.exe
PID 2536 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\inoyBRe.exe
PID 2536 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\inoyBRe.exe
PID 2536 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oowDDSw.exe
PID 2536 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\oowDDSw.exe
PID 2536 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\SMSPxPH.exe
PID 2536 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\SMSPxPH.exe
PID 2536 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\OqPnouv.exe
PID 2536 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\OqPnouv.exe
PID 2536 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\dGWEXqd.exe
PID 2536 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe C:\Windows\System\dGWEXqd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61d99e14f0e2a34daae99fa2b54e6b00_NeikiAnalytics.exe"

C:\Windows\System\oVlmtDv.exe

C:\Windows\System\oVlmtDv.exe

C:\Windows\System\emGDctt.exe

C:\Windows\System\emGDctt.exe

C:\Windows\System\ddOXsjG.exe

C:\Windows\System\ddOXsjG.exe

C:\Windows\System\UnGnBCP.exe

C:\Windows\System\UnGnBCP.exe

C:\Windows\System\nadsGBW.exe

C:\Windows\System\nadsGBW.exe

C:\Windows\System\YJMrtWP.exe

C:\Windows\System\YJMrtWP.exe

C:\Windows\System\NbKWgBX.exe

C:\Windows\System\NbKWgBX.exe

C:\Windows\System\WqNcCed.exe

C:\Windows\System\WqNcCed.exe

C:\Windows\System\ocWEPgZ.exe

C:\Windows\System\ocWEPgZ.exe

C:\Windows\System\QOrPASq.exe

C:\Windows\System\QOrPASq.exe

C:\Windows\System\alErfRH.exe

C:\Windows\System\alErfRH.exe

C:\Windows\System\ayJQQkB.exe

C:\Windows\System\ayJQQkB.exe

C:\Windows\System\ygJMnRZ.exe

C:\Windows\System\ygJMnRZ.exe

C:\Windows\System\WiuQKiX.exe

C:\Windows\System\WiuQKiX.exe

C:\Windows\System\qxqBhzZ.exe

C:\Windows\System\qxqBhzZ.exe

C:\Windows\System\UvmHhkZ.exe

C:\Windows\System\UvmHhkZ.exe

C:\Windows\System\vBbDHQp.exe

C:\Windows\System\vBbDHQp.exe

C:\Windows\System\tvzmpex.exe

C:\Windows\System\tvzmpex.exe

C:\Windows\System\BzXhMdK.exe

C:\Windows\System\BzXhMdK.exe

C:\Windows\System\ohDjzIa.exe

C:\Windows\System\ohDjzIa.exe

C:\Windows\System\ulFqVEN.exe

C:\Windows\System\ulFqVEN.exe

C:\Windows\System\wHxWJQT.exe

C:\Windows\System\wHxWJQT.exe

C:\Windows\System\XJJxzmQ.exe

C:\Windows\System\XJJxzmQ.exe

C:\Windows\System\zkafDiL.exe

C:\Windows\System\zkafDiL.exe

C:\Windows\System\xzpPibT.exe

C:\Windows\System\xzpPibT.exe

C:\Windows\System\oFfZCla.exe

C:\Windows\System\oFfZCla.exe

C:\Windows\System\yHnDlJV.exe

C:\Windows\System\yHnDlJV.exe

C:\Windows\System\inoyBRe.exe

C:\Windows\System\inoyBRe.exe

C:\Windows\System\oowDDSw.exe

C:\Windows\System\oowDDSw.exe

C:\Windows\System\SMSPxPH.exe

C:\Windows\System\SMSPxPH.exe

C:\Windows\System\OqPnouv.exe

C:\Windows\System\OqPnouv.exe

C:\Windows\System\dGWEXqd.exe

C:\Windows\System\dGWEXqd.exe

C:\Windows\System\rSoeiBn.exe

C:\Windows\System\rSoeiBn.exe

C:\Windows\System\qMXgeqb.exe

C:\Windows\System\qMXgeqb.exe

C:\Windows\System\NLVoasf.exe

C:\Windows\System\NLVoasf.exe

C:\Windows\System\FTVnUQW.exe

C:\Windows\System\FTVnUQW.exe

C:\Windows\System\PtrkUyU.exe

C:\Windows\System\PtrkUyU.exe

C:\Windows\System\IsmGCua.exe

C:\Windows\System\IsmGCua.exe

C:\Windows\System\lyOUZbW.exe

C:\Windows\System\lyOUZbW.exe

C:\Windows\System\NsxHKcK.exe

C:\Windows\System\NsxHKcK.exe

C:\Windows\System\iKncuFq.exe

C:\Windows\System\iKncuFq.exe

C:\Windows\System\lHkbIdO.exe

C:\Windows\System\lHkbIdO.exe

C:\Windows\System\XXYZsxk.exe

C:\Windows\System\XXYZsxk.exe

C:\Windows\System\jAbCBhq.exe

C:\Windows\System\jAbCBhq.exe

C:\Windows\System\UxGXnCD.exe

C:\Windows\System\UxGXnCD.exe

C:\Windows\System\PWjqucV.exe

C:\Windows\System\PWjqucV.exe

C:\Windows\System\QHrASdq.exe

C:\Windows\System\QHrASdq.exe

C:\Windows\System\OBpXjbL.exe

C:\Windows\System\OBpXjbL.exe

C:\Windows\System\aMxssfC.exe

C:\Windows\System\aMxssfC.exe

C:\Windows\System\uOlxIcy.exe

C:\Windows\System\uOlxIcy.exe

C:\Windows\System\TXSZxUr.exe

C:\Windows\System\TXSZxUr.exe

C:\Windows\System\vxBIcwC.exe

C:\Windows\System\vxBIcwC.exe

C:\Windows\System\JAmfFwn.exe

C:\Windows\System\JAmfFwn.exe

C:\Windows\System\AgdenRn.exe

C:\Windows\System\AgdenRn.exe

C:\Windows\System\COyhvey.exe

C:\Windows\System\COyhvey.exe

C:\Windows\System\YLiEjwj.exe

C:\Windows\System\YLiEjwj.exe

C:\Windows\System\UZIGKHl.exe

C:\Windows\System\UZIGKHl.exe

C:\Windows\System\vlelkrd.exe

C:\Windows\System\vlelkrd.exe

C:\Windows\System\pYFKYAt.exe

C:\Windows\System\pYFKYAt.exe

C:\Windows\System\DmlvcSJ.exe

C:\Windows\System\DmlvcSJ.exe

C:\Windows\System\IGdZrEx.exe

C:\Windows\System\IGdZrEx.exe

C:\Windows\System\aikSRmo.exe

C:\Windows\System\aikSRmo.exe

C:\Windows\System\ACuYTah.exe

C:\Windows\System\ACuYTah.exe

C:\Windows\System\ukbqcgf.exe

C:\Windows\System\ukbqcgf.exe

C:\Windows\System\nspVJeR.exe

C:\Windows\System\nspVJeR.exe

C:\Windows\System\YeqDrds.exe

C:\Windows\System\YeqDrds.exe

C:\Windows\System\UJFfpnf.exe

C:\Windows\System\UJFfpnf.exe

C:\Windows\System\khKyrin.exe

C:\Windows\System\khKyrin.exe

C:\Windows\System\hKmRXTE.exe

C:\Windows\System\hKmRXTE.exe

C:\Windows\System\mExgBJf.exe

C:\Windows\System\mExgBJf.exe

C:\Windows\System\yBIYNcG.exe

C:\Windows\System\yBIYNcG.exe

C:\Windows\System\efNJujs.exe

C:\Windows\System\efNJujs.exe

C:\Windows\System\oanQMCO.exe

C:\Windows\System\oanQMCO.exe

C:\Windows\System\bgtggfm.exe

C:\Windows\System\bgtggfm.exe

C:\Windows\System\XGqojWG.exe

C:\Windows\System\XGqojWG.exe

C:\Windows\System\RJDqEVA.exe

C:\Windows\System\RJDqEVA.exe

C:\Windows\System\KVxUJmg.exe

C:\Windows\System\KVxUJmg.exe

C:\Windows\System\PjKTCut.exe

C:\Windows\System\PjKTCut.exe

C:\Windows\System\mDHUwNc.exe

C:\Windows\System\mDHUwNc.exe

C:\Windows\System\YPPStYU.exe

C:\Windows\System\YPPStYU.exe

C:\Windows\System\ZeWGXgj.exe

C:\Windows\System\ZeWGXgj.exe

C:\Windows\System\sTyscWI.exe

C:\Windows\System\sTyscWI.exe

C:\Windows\System\dRaeoas.exe

C:\Windows\System\dRaeoas.exe

C:\Windows\System\iTEXOpf.exe

C:\Windows\System\iTEXOpf.exe

C:\Windows\System\kkxQqcR.exe

C:\Windows\System\kkxQqcR.exe

C:\Windows\System\tzYnNXr.exe

C:\Windows\System\tzYnNXr.exe

C:\Windows\System\ZhHUouX.exe

C:\Windows\System\ZhHUouX.exe

C:\Windows\System\vNBbTlS.exe

C:\Windows\System\vNBbTlS.exe

C:\Windows\System\dAhfTeo.exe

C:\Windows\System\dAhfTeo.exe

C:\Windows\System\sbdlrSD.exe

C:\Windows\System\sbdlrSD.exe

C:\Windows\System\QNWTXaZ.exe

C:\Windows\System\QNWTXaZ.exe

C:\Windows\System\lqFlGzy.exe

C:\Windows\System\lqFlGzy.exe

C:\Windows\System\UpTeFWD.exe

C:\Windows\System\UpTeFWD.exe

C:\Windows\System\zbewKQa.exe

C:\Windows\System\zbewKQa.exe

C:\Windows\System\NWWDERl.exe

C:\Windows\System\NWWDERl.exe

C:\Windows\System\EdpcbDL.exe

C:\Windows\System\EdpcbDL.exe

C:\Windows\System\rrMggfa.exe

C:\Windows\System\rrMggfa.exe

C:\Windows\System\OSwDnKI.exe

C:\Windows\System\OSwDnKI.exe

C:\Windows\System\FOEkPcB.exe

C:\Windows\System\FOEkPcB.exe

C:\Windows\System\uvcEUui.exe

C:\Windows\System\uvcEUui.exe

C:\Windows\System\iOiahFR.exe

C:\Windows\System\iOiahFR.exe

C:\Windows\System\idGdsjn.exe

C:\Windows\System\idGdsjn.exe

C:\Windows\System\VDWWCOj.exe

C:\Windows\System\VDWWCOj.exe

C:\Windows\System\jTxHsZf.exe

C:\Windows\System\jTxHsZf.exe

C:\Windows\System\hjhzKYN.exe

C:\Windows\System\hjhzKYN.exe

C:\Windows\System\txpoMIm.exe

C:\Windows\System\txpoMIm.exe

C:\Windows\System\sEVfIoS.exe

C:\Windows\System\sEVfIoS.exe

C:\Windows\System\MXHYUuU.exe

C:\Windows\System\MXHYUuU.exe

C:\Windows\System\qUnuUnT.exe

C:\Windows\System\qUnuUnT.exe

C:\Windows\System\recducp.exe

C:\Windows\System\recducp.exe

C:\Windows\System\YzKanua.exe

C:\Windows\System\YzKanua.exe

C:\Windows\System\CulPoYq.exe

C:\Windows\System\CulPoYq.exe

C:\Windows\System\xbvCeaF.exe

C:\Windows\System\xbvCeaF.exe

C:\Windows\System\qscHtzj.exe

C:\Windows\System\qscHtzj.exe

C:\Windows\System\BsLlEhP.exe

C:\Windows\System\BsLlEhP.exe

C:\Windows\System\KMWPVcf.exe

C:\Windows\System\KMWPVcf.exe

C:\Windows\System\nhHeLZv.exe

C:\Windows\System\nhHeLZv.exe

C:\Windows\System\iiAAprE.exe

C:\Windows\System\iiAAprE.exe

C:\Windows\System\rytgRez.exe

C:\Windows\System\rytgRez.exe

C:\Windows\System\BuxaCfP.exe

C:\Windows\System\BuxaCfP.exe

C:\Windows\System\DiSKfLI.exe

C:\Windows\System\DiSKfLI.exe

C:\Windows\System\voKmZSa.exe

C:\Windows\System\voKmZSa.exe

C:\Windows\System\qvOjayw.exe

C:\Windows\System\qvOjayw.exe

C:\Windows\System\RgIzAFf.exe

C:\Windows\System\RgIzAFf.exe

C:\Windows\System\xlFiZoV.exe

C:\Windows\System\xlFiZoV.exe

C:\Windows\System\WxhvpwE.exe

C:\Windows\System\WxhvpwE.exe

C:\Windows\System\kjACovA.exe

C:\Windows\System\kjACovA.exe

C:\Windows\System\QAxnwnA.exe

C:\Windows\System\QAxnwnA.exe

C:\Windows\System\wmkpZDp.exe

C:\Windows\System\wmkpZDp.exe

C:\Windows\System\DeXYyxX.exe

C:\Windows\System\DeXYyxX.exe

C:\Windows\System\eCgWEzq.exe

C:\Windows\System\eCgWEzq.exe

C:\Windows\System\uupVYmE.exe

C:\Windows\System\uupVYmE.exe

C:\Windows\System\ggkgOMQ.exe

C:\Windows\System\ggkgOMQ.exe

C:\Windows\System\dSNwtJl.exe

C:\Windows\System\dSNwtJl.exe

C:\Windows\System\tJFGJDR.exe

C:\Windows\System\tJFGJDR.exe

C:\Windows\System\ZVdwLfu.exe

C:\Windows\System\ZVdwLfu.exe

C:\Windows\System\hHuzldE.exe

C:\Windows\System\hHuzldE.exe

C:\Windows\System\yGkXlIZ.exe

C:\Windows\System\yGkXlIZ.exe

C:\Windows\System\ItRjQGo.exe

C:\Windows\System\ItRjQGo.exe

C:\Windows\System\lonAHqY.exe

C:\Windows\System\lonAHqY.exe

C:\Windows\System\trKOGSK.exe

C:\Windows\System\trKOGSK.exe

C:\Windows\System\qutDdHw.exe

C:\Windows\System\qutDdHw.exe

C:\Windows\System\nVyAvpL.exe

C:\Windows\System\nVyAvpL.exe

C:\Windows\System\jZtnLKy.exe

C:\Windows\System\jZtnLKy.exe

C:\Windows\System\xWImvFC.exe

C:\Windows\System\xWImvFC.exe

C:\Windows\System\SHipkIa.exe

C:\Windows\System\SHipkIa.exe

C:\Windows\System\ecfJdzq.exe

C:\Windows\System\ecfJdzq.exe

C:\Windows\System\eAHoFsU.exe

C:\Windows\System\eAHoFsU.exe

C:\Windows\System\xRlkcid.exe

C:\Windows\System\xRlkcid.exe

C:\Windows\System\bXHPFgg.exe

C:\Windows\System\bXHPFgg.exe

C:\Windows\System\MgLLJfP.exe

C:\Windows\System\MgLLJfP.exe

C:\Windows\System\yXUgUEX.exe

C:\Windows\System\yXUgUEX.exe

C:\Windows\System\urEPlKK.exe

C:\Windows\System\urEPlKK.exe

C:\Windows\System\YTQshbW.exe

C:\Windows\System\YTQshbW.exe

C:\Windows\System\NZRCtiT.exe

C:\Windows\System\NZRCtiT.exe

C:\Windows\System\lsJUOKn.exe

C:\Windows\System\lsJUOKn.exe

C:\Windows\System\XjrfWhM.exe

C:\Windows\System\XjrfWhM.exe

C:\Windows\System\aaJwWuJ.exe

C:\Windows\System\aaJwWuJ.exe

C:\Windows\System\ltrXaBE.exe

C:\Windows\System\ltrXaBE.exe

C:\Windows\System\yVhHMzj.exe

C:\Windows\System\yVhHMzj.exe

C:\Windows\System\UTuBZfG.exe

C:\Windows\System\UTuBZfG.exe

C:\Windows\System\GJYcSmQ.exe

C:\Windows\System\GJYcSmQ.exe

C:\Windows\System\iWLJcAO.exe

C:\Windows\System\iWLJcAO.exe

C:\Windows\System\JdrVqVX.exe

C:\Windows\System\JdrVqVX.exe

C:\Windows\System\AEzWxnp.exe

C:\Windows\System\AEzWxnp.exe

C:\Windows\System\SsBfJet.exe

C:\Windows\System\SsBfJet.exe

C:\Windows\System\PnQYibc.exe

C:\Windows\System\PnQYibc.exe

C:\Windows\System\kTlYMIK.exe

C:\Windows\System\kTlYMIK.exe

C:\Windows\System\dcZjjXd.exe

C:\Windows\System\dcZjjXd.exe

C:\Windows\System\wnmkmrA.exe

C:\Windows\System\wnmkmrA.exe

C:\Windows\System\hgDHvtb.exe

C:\Windows\System\hgDHvtb.exe

C:\Windows\System\PygOrtK.exe

C:\Windows\System\PygOrtK.exe

C:\Windows\System\sxUzLje.exe

C:\Windows\System\sxUzLje.exe

C:\Windows\System\kdQoheu.exe

C:\Windows\System\kdQoheu.exe

C:\Windows\System\CJFkMNV.exe

C:\Windows\System\CJFkMNV.exe

C:\Windows\System\RsdlyIz.exe

C:\Windows\System\RsdlyIz.exe

C:\Windows\System\KJUfQGD.exe

C:\Windows\System\KJUfQGD.exe

C:\Windows\System\mAoaFBC.exe

C:\Windows\System\mAoaFBC.exe

C:\Windows\System\zGzootR.exe

C:\Windows\System\zGzootR.exe

C:\Windows\System\CKgeKpV.exe

C:\Windows\System\CKgeKpV.exe

C:\Windows\System\AeakBBe.exe

C:\Windows\System\AeakBBe.exe

C:\Windows\System\dftHyig.exe

C:\Windows\System\dftHyig.exe

C:\Windows\System\lNPzygx.exe

C:\Windows\System\lNPzygx.exe

C:\Windows\System\WjBDCCK.exe

C:\Windows\System\WjBDCCK.exe

C:\Windows\System\PdeakkI.exe

C:\Windows\System\PdeakkI.exe

C:\Windows\System\DksqogQ.exe

C:\Windows\System\DksqogQ.exe

C:\Windows\System\AfQPxMO.exe

C:\Windows\System\AfQPxMO.exe

C:\Windows\System\dVBmUMZ.exe

C:\Windows\System\dVBmUMZ.exe

C:\Windows\System\KOJygOU.exe

C:\Windows\System\KOJygOU.exe

C:\Windows\System\kjBnRbi.exe

C:\Windows\System\kjBnRbi.exe

C:\Windows\System\xURcUOD.exe

C:\Windows\System\xURcUOD.exe

C:\Windows\System\iJTHGpQ.exe

C:\Windows\System\iJTHGpQ.exe

C:\Windows\System\uwqFBOd.exe

C:\Windows\System\uwqFBOd.exe

C:\Windows\System\JTQcwsQ.exe

C:\Windows\System\JTQcwsQ.exe

C:\Windows\System\EccvASh.exe

C:\Windows\System\EccvASh.exe

C:\Windows\System\SSCwcLJ.exe

C:\Windows\System\SSCwcLJ.exe

C:\Windows\System\SSzcubH.exe

C:\Windows\System\SSzcubH.exe

C:\Windows\System\SvfZpOf.exe

C:\Windows\System\SvfZpOf.exe

C:\Windows\System\xBEERMF.exe

C:\Windows\System\xBEERMF.exe

C:\Windows\System\cbCpKev.exe

C:\Windows\System\cbCpKev.exe

C:\Windows\System\ErQqlxG.exe

C:\Windows\System\ErQqlxG.exe

C:\Windows\System\pZokPUa.exe

C:\Windows\System\pZokPUa.exe

C:\Windows\System\UYlIzFc.exe

C:\Windows\System\UYlIzFc.exe

C:\Windows\System\HTieKVt.exe

C:\Windows\System\HTieKVt.exe

C:\Windows\System\deMSLhi.exe

C:\Windows\System\deMSLhi.exe

C:\Windows\System\ORCCkJE.exe

C:\Windows\System\ORCCkJE.exe

C:\Windows\System\mFjweaU.exe

C:\Windows\System\mFjweaU.exe

C:\Windows\System\ejAWqAP.exe

C:\Windows\System\ejAWqAP.exe

C:\Windows\System\XWoqinl.exe

C:\Windows\System\XWoqinl.exe

C:\Windows\System\ktbTKCr.exe

C:\Windows\System\ktbTKCr.exe

C:\Windows\System\qxgiImG.exe

C:\Windows\System\qxgiImG.exe

C:\Windows\System\TXRFUsn.exe

C:\Windows\System\TXRFUsn.exe

C:\Windows\System\OPqWkUq.exe

C:\Windows\System\OPqWkUq.exe

C:\Windows\System\TavQMpR.exe

C:\Windows\System\TavQMpR.exe

C:\Windows\System\NLOOKVX.exe

C:\Windows\System\NLOOKVX.exe

C:\Windows\System\RGIvfZk.exe

C:\Windows\System\RGIvfZk.exe

C:\Windows\System\NWVIqUY.exe

C:\Windows\System\NWVIqUY.exe

C:\Windows\System\kfUkxPk.exe

C:\Windows\System\kfUkxPk.exe

C:\Windows\System\yiZnehA.exe

C:\Windows\System\yiZnehA.exe

C:\Windows\System\vtUnqbY.exe

C:\Windows\System\vtUnqbY.exe

C:\Windows\System\OmHtAPA.exe

C:\Windows\System\OmHtAPA.exe

C:\Windows\System\XrawKWM.exe

C:\Windows\System\XrawKWM.exe

C:\Windows\System\XLcXxKj.exe

C:\Windows\System\XLcXxKj.exe

C:\Windows\System\sraUrjz.exe

C:\Windows\System\sraUrjz.exe

C:\Windows\System\HenvzYS.exe

C:\Windows\System\HenvzYS.exe

C:\Windows\System\qxOHiEK.exe

C:\Windows\System\qxOHiEK.exe

C:\Windows\System\GGMVsCG.exe

C:\Windows\System\GGMVsCG.exe

C:\Windows\System\CHnuVxk.exe

C:\Windows\System\CHnuVxk.exe

C:\Windows\System\OboXuMX.exe

C:\Windows\System\OboXuMX.exe

C:\Windows\System\kvzeHdj.exe

C:\Windows\System\kvzeHdj.exe

C:\Windows\System\KDFnRMy.exe

C:\Windows\System\KDFnRMy.exe

C:\Windows\System\kFzEuzA.exe

C:\Windows\System\kFzEuzA.exe

C:\Windows\System\CAwqbMC.exe

C:\Windows\System\CAwqbMC.exe

C:\Windows\System\WPoGhkJ.exe

C:\Windows\System\WPoGhkJ.exe

C:\Windows\System\FwVyruT.exe

C:\Windows\System\FwVyruT.exe

C:\Windows\System\MflwCwy.exe

C:\Windows\System\MflwCwy.exe

C:\Windows\System\IylfHuE.exe

C:\Windows\System\IylfHuE.exe

C:\Windows\System\vTjAsYY.exe

C:\Windows\System\vTjAsYY.exe

C:\Windows\System\iHZehsa.exe

C:\Windows\System\iHZehsa.exe

C:\Windows\System\wKqGDvT.exe

C:\Windows\System\wKqGDvT.exe

C:\Windows\System\pyAhhfb.exe

C:\Windows\System\pyAhhfb.exe

C:\Windows\System\mYREFms.exe

C:\Windows\System\mYREFms.exe

C:\Windows\System\JZZIqMr.exe

C:\Windows\System\JZZIqMr.exe

C:\Windows\System\srqxGvs.exe

C:\Windows\System\srqxGvs.exe

C:\Windows\System\oshLqQD.exe

C:\Windows\System\oshLqQD.exe

C:\Windows\System\GkJyzue.exe

C:\Windows\System\GkJyzue.exe

C:\Windows\System\ETEOCfD.exe

C:\Windows\System\ETEOCfD.exe

C:\Windows\System\aVxJUHQ.exe

C:\Windows\System\aVxJUHQ.exe

C:\Windows\System\hIBTRKF.exe

C:\Windows\System\hIBTRKF.exe

C:\Windows\System\PRarhaG.exe

C:\Windows\System\PRarhaG.exe

C:\Windows\System\JpWZjxi.exe

C:\Windows\System\JpWZjxi.exe

C:\Windows\System\eWeBMdJ.exe

C:\Windows\System\eWeBMdJ.exe

C:\Windows\System\LgKEZwR.exe

C:\Windows\System\LgKEZwR.exe

C:\Windows\System\zkPwVPs.exe

C:\Windows\System\zkPwVPs.exe

C:\Windows\System\gfgOFNm.exe

C:\Windows\System\gfgOFNm.exe

C:\Windows\System\gryRCaD.exe

C:\Windows\System\gryRCaD.exe

C:\Windows\System\yhKBMpy.exe

C:\Windows\System\yhKBMpy.exe

C:\Windows\System\WqWivqX.exe

C:\Windows\System\WqWivqX.exe

C:\Windows\System\OghRDUW.exe

C:\Windows\System\OghRDUW.exe

C:\Windows\System\ktOzdCm.exe

C:\Windows\System\ktOzdCm.exe

C:\Windows\System\jOSjUip.exe

C:\Windows\System\jOSjUip.exe

C:\Windows\System\wXsKsgi.exe

C:\Windows\System\wXsKsgi.exe

C:\Windows\System\LciHgGJ.exe

C:\Windows\System\LciHgGJ.exe

C:\Windows\System\efDYnIa.exe

C:\Windows\System\efDYnIa.exe

C:\Windows\System\AaYqAOp.exe

C:\Windows\System\AaYqAOp.exe

C:\Windows\System\vGUPbXX.exe

C:\Windows\System\vGUPbXX.exe

C:\Windows\System\stSrcon.exe

C:\Windows\System\stSrcon.exe

C:\Windows\System\Wsolgpj.exe

C:\Windows\System\Wsolgpj.exe

C:\Windows\System\neKczAJ.exe

C:\Windows\System\neKczAJ.exe

C:\Windows\System\MPaWfoM.exe

C:\Windows\System\MPaWfoM.exe

C:\Windows\System\agnUQgI.exe

C:\Windows\System\agnUQgI.exe

C:\Windows\System\tafYfBu.exe

C:\Windows\System\tafYfBu.exe

C:\Windows\System\qgzexfd.exe

C:\Windows\System\qgzexfd.exe

C:\Windows\System\dEXYmzq.exe

C:\Windows\System\dEXYmzq.exe

C:\Windows\System\haCZVZM.exe

C:\Windows\System\haCZVZM.exe

C:\Windows\System\GqCaGsR.exe

C:\Windows\System\GqCaGsR.exe

C:\Windows\System\LCbiRMD.exe

C:\Windows\System\LCbiRMD.exe

C:\Windows\System\tozdrUT.exe

C:\Windows\System\tozdrUT.exe

C:\Windows\System\LMUqign.exe

C:\Windows\System\LMUqign.exe

C:\Windows\System\HixxoSe.exe

C:\Windows\System\HixxoSe.exe

C:\Windows\System\iFZcDqU.exe

C:\Windows\System\iFZcDqU.exe

C:\Windows\System\rpAfziF.exe

C:\Windows\System\rpAfziF.exe

C:\Windows\System\LsCRkbI.exe

C:\Windows\System\LsCRkbI.exe

C:\Windows\System\vByTNIp.exe

C:\Windows\System\vByTNIp.exe

C:\Windows\System\BfVuIIH.exe

C:\Windows\System\BfVuIIH.exe

C:\Windows\System\tMtJeKU.exe

C:\Windows\System\tMtJeKU.exe

C:\Windows\System\LQubrAP.exe

C:\Windows\System\LQubrAP.exe

C:\Windows\System\imAzLVR.exe

C:\Windows\System\imAzLVR.exe

C:\Windows\System\gwmlgpb.exe

C:\Windows\System\gwmlgpb.exe

C:\Windows\System\WWYsYaH.exe

C:\Windows\System\WWYsYaH.exe

C:\Windows\System\ZEIHZfI.exe

C:\Windows\System\ZEIHZfI.exe

C:\Windows\System\ETvXLGO.exe

C:\Windows\System\ETvXLGO.exe

C:\Windows\System\jnVzdRN.exe

C:\Windows\System\jnVzdRN.exe

C:\Windows\System\HZHJvWi.exe

C:\Windows\System\HZHJvWi.exe

C:\Windows\System\WFstxXB.exe

C:\Windows\System\WFstxXB.exe

C:\Windows\System\drwWpEM.exe

C:\Windows\System\drwWpEM.exe

C:\Windows\System\RzWyiRz.exe

C:\Windows\System\RzWyiRz.exe

C:\Windows\System\sYGjutc.exe

C:\Windows\System\sYGjutc.exe

C:\Windows\System\BpgmMiJ.exe

C:\Windows\System\BpgmMiJ.exe

C:\Windows\System\KscXwpJ.exe

C:\Windows\System\KscXwpJ.exe

C:\Windows\System\phgMdMg.exe

C:\Windows\System\phgMdMg.exe

C:\Windows\System\AhwImUC.exe

C:\Windows\System\AhwImUC.exe

C:\Windows\System\TkJkZwf.exe

C:\Windows\System\TkJkZwf.exe

C:\Windows\System\uWIMgdZ.exe

C:\Windows\System\uWIMgdZ.exe

C:\Windows\System\FCCHeZD.exe

C:\Windows\System\FCCHeZD.exe

C:\Windows\System\iBirAnA.exe

C:\Windows\System\iBirAnA.exe

C:\Windows\System\XNPSlOy.exe

C:\Windows\System\XNPSlOy.exe

C:\Windows\System\UkCoOXT.exe

C:\Windows\System\UkCoOXT.exe

C:\Windows\System\VcwYEXH.exe

C:\Windows\System\VcwYEXH.exe

C:\Windows\System\BfABcHc.exe

C:\Windows\System\BfABcHc.exe

C:\Windows\System\ZYLeKmS.exe

C:\Windows\System\ZYLeKmS.exe

C:\Windows\System\vUCqMgE.exe

C:\Windows\System\vUCqMgE.exe

C:\Windows\System\NdGkWpr.exe

C:\Windows\System\NdGkWpr.exe

C:\Windows\System\qDQTfuy.exe

C:\Windows\System\qDQTfuy.exe

C:\Windows\System\SbdRWFt.exe

C:\Windows\System\SbdRWFt.exe

C:\Windows\System\oiQoDTl.exe

C:\Windows\System\oiQoDTl.exe

C:\Windows\System\gnDUQVh.exe

C:\Windows\System\gnDUQVh.exe

C:\Windows\System\kIAQBoq.exe

C:\Windows\System\kIAQBoq.exe

C:\Windows\System\VOOYIeT.exe

C:\Windows\System\VOOYIeT.exe

C:\Windows\System\aSOJDWY.exe

C:\Windows\System\aSOJDWY.exe

C:\Windows\System\cVlIypD.exe

C:\Windows\System\cVlIypD.exe

C:\Windows\System\UGwjkXN.exe

C:\Windows\System\UGwjkXN.exe

C:\Windows\System\vkOiKBt.exe

C:\Windows\System\vkOiKBt.exe

C:\Windows\System\DPdqQyZ.exe

C:\Windows\System\DPdqQyZ.exe

C:\Windows\System\VzqscEe.exe

C:\Windows\System\VzqscEe.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2536-0-0x00007FF70F660000-0x00007FF70F9B4000-memory.dmp

memory/2536-1-0x000001C899E10000-0x000001C899E20000-memory.dmp

C:\Windows\System\oVlmtDv.exe

MD5 7ca0995a451886fbac787623df23d7a5
SHA1 50e527c4c278b9b6c639b10e2669786fbc748d2f
SHA256 93f1a63b509cc1bf0382e36e706380e78a7bd48cee345e05e9459593e1d0a347
SHA512 2de35798dc11433a37b10aeccad7950dacf28c5a67ff3170314e61e3a7b249664184bd1c237027d41784b10c5643a219fbf5fae631d130b4b6c5b858948af749

memory/2212-10-0x00007FF7106B0000-0x00007FF710A04000-memory.dmp

C:\Windows\System\YJMrtWP.exe

MD5 c9daf6164f3ab63e8453450b23253b48
SHA1 3626c10ca3c53707272ad329e662c6da64732d47
SHA256 4bd91aa977d66faa4b0b981069b77d64d1cfab90f6a8d94e0d666e1467db2845
SHA512 c352da1a7f658b85408432f098d387f3727466803c0ad38b0bffcb75e3ee8640abd54d9637c7396a4144e5d3b1d60bffb1e5eb5bf2c1d5084b2d847ae41be360

C:\Windows\System\ayJQQkB.exe

MD5 16a4d797c391fe874c59a1c35cafa157
SHA1 bc9b0c2df24186604476b09f5239251a85c42470
SHA256 aa72cccf4f0ba4dbc7d24726cfbcd10a7b0e34e2ef8fee781ced7f4684f86fd9
SHA512 04b508ac5f7b3802135b0c519966f19bcf2b026051d181a6bdfd9cedd888ae0f04052e23f1441ef885ba83e247e49920e43e511db6c0929037f1e3eb52773b65

C:\Windows\System\vBbDHQp.exe

MD5 860592ed1a9fffdd553c370a726e6b9a
SHA1 406c2bfb1366cbdf1e8caa08474e93978d09ad0c
SHA256 a535ccabf4df902ccb27daaa23aa5d0eb3b06fcbb359dcb11918249e4b1aab50
SHA512 ea4a8efa4ec26a0126b6ef6e7bf5230264e076c64426d1c6e66e67ff0cd01ab414005cf404b7f6abbf9e7a67c189326e7b8aa787a7b9131ea7c70154acff9032

C:\Windows\System\ulFqVEN.exe

MD5 7e083e3ca38a7122722841837765f751
SHA1 de5e0ddb311b371fb40fa5356c1e56c5a244e26f
SHA256 13fcb800aa63334ca6bc72667691d1e1cb7c6f77c97298bcb69ff6e2a55922f0
SHA512 54f17c4dc8f55b973845072f165d976977745f9039dc822aa8d1c03b8e70df9db6efeacdc57d1248ecaf7492025d3e86575eb39d983bc6fabcdc1da619a9044d

C:\Windows\System\xzpPibT.exe

MD5 7419424507098d6b9462820212571673
SHA1 90d18d4591645336af0f1ad6aecb9385dee6ff47
SHA256 cbe16dff026e03f46837a4257c7a5110a1fcade6cb169be3fae3ecc63ae2a0e8
SHA512 07e187250c608c5d0664607b100c7d35430807ecd70b40da2f4f4ce5ab777e2de019b835f7181a9a9a48cdaf09d8017ef3a39efb40a1dc2ea9ce0940b975781b

memory/2724-144-0x00007FF6250B0000-0x00007FF625404000-memory.dmp

C:\Windows\System\yHnDlJV.exe

MD5 0bd049e351f38aa58c9d3a57c115a004
SHA1 4333ff45bfc9fa7ecf85a00de9831bb08eb105bf
SHA256 411551de0b6c6bd835a6392525e2874e7f5942da514b5b29214b373cbcf6ab60
SHA512 8ae1fe8add3828f97d36f493106b6cfa953b907cc18dbf3a833cf2e6f79d0c336e99e60aa828d21982193d14408dcf8c4d3275881e1df75bd312dab395b210bd

memory/2748-177-0x00007FF6A9E50000-0x00007FF6AA1A4000-memory.dmp

memory/4864-183-0x00007FF79F1D0000-0x00007FF79F524000-memory.dmp

memory/1132-190-0x00007FF710FA0000-0x00007FF7112F4000-memory.dmp

memory/1372-191-0x00007FF7B1AB0000-0x00007FF7B1E04000-memory.dmp

memory/2052-189-0x00007FF6B6330000-0x00007FF6B6684000-memory.dmp

memory/3232-188-0x00007FF690D40000-0x00007FF691094000-memory.dmp

memory/3248-187-0x00007FF6D9A80000-0x00007FF6D9DD4000-memory.dmp

memory/3092-186-0x00007FF6B2BE0000-0x00007FF6B2F34000-memory.dmp

memory/3276-185-0x00007FF6448E0000-0x00007FF644C34000-memory.dmp

memory/980-184-0x00007FF7380E0000-0x00007FF738434000-memory.dmp

memory/3444-182-0x00007FF776950000-0x00007FF776CA4000-memory.dmp

memory/4792-181-0x00007FF6F24F0000-0x00007FF6F2844000-memory.dmp

memory/2796-180-0x00007FF767EA0000-0x00007FF7681F4000-memory.dmp

memory/3752-179-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp

memory/4008-178-0x00007FF773310000-0x00007FF773664000-memory.dmp

C:\Windows\System\dGWEXqd.exe

MD5 c63a7f7e4a551fb3ee22c46dc259ba35
SHA1 457c946b128e4887e5a9de364381d059110b9fa5
SHA256 53d1b74f8b56683ea437fe43a290a7c28ac80cd64e1282cf0f297181b43e7e34
SHA512 6f41d1ae6033d551ce0fff651db263571a4462a58a9bcf7bf43c77897484f47a4b0018a56962834e164541a22e557f379280201c607da89ad8dfe7fa1d125dd1

C:\Windows\System\OqPnouv.exe

MD5 f84f24866f195f5ba0afe1c8554afa52
SHA1 7edf270ae2a7df9bbe126f610d7eca14ac121d29
SHA256 10b88f43ff653708531cb67484f43698b03fd5587ccd3655cc11205c9cf9f630
SHA512 ea32e3723f53a481825d3edda6a50d9bdbe3a81cc4de35da93292560093d7283e03fa156ccefd81d4c1b4b16c0cc5da7620b8ccde783d4231af0549718f8d993

memory/3676-172-0x00007FF77DB70000-0x00007FF77DEC4000-memory.dmp

C:\Windows\System\oowDDSw.exe

MD5 711faa0123ee5ba3f57f06a0e3391c53
SHA1 545c91ffa3ff2b3afe72f5e5cca6694144c03164
SHA256 30721041e39e316de910b6109fc798420d7211977759723e8b741ae4617a196f
SHA512 7be89a4a976e40b22896b869ed19efee59179d1417fb69cd5360de020053e985f503a66d84177f70a7e3b4e931c40e7fe82de72ba6d6e7359945a5ce58be355e

C:\Windows\System\inoyBRe.exe

MD5 49846efe9af67d6b3e7cac139a88564e
SHA1 794b0920c1b281749c99f8c60219b9395fd20065
SHA256 4b4d75d4737abceae5763dfcdfd01adf5974e9c8c519d26d4fa4ce71e310cebb
SHA512 0f66cbb515637cbe8fa962c0c859f14d3c90f9832c34b9e738bfbe288fc48b93b112230d32a1b821a3aa796b62071fbcd40353ed94a7d00f9f50fa7977f9b1d1

memory/3328-167-0x00007FF6E68E0000-0x00007FF6E6C34000-memory.dmp

memory/5104-166-0x00007FF61DFF0000-0x00007FF61E344000-memory.dmp

C:\Windows\System\SMSPxPH.exe

MD5 82b3ce40170aa2e273d7377d215dc3a3
SHA1 e0178d069bfc97d569c7d03aad9f64426ca18e78
SHA256 b58f93f7f83ac823c3d807edf12bb227d0638fc96cd6e2b4bb8f838a262305a1
SHA512 73ba94aace31def70092e130af47f34c544d7614e083bc2a3958e51440df2b618fee6b227d3c1e03e79b7c057d008e08468ebbf8f6361dfdb01be7fe6e411528

C:\Windows\System\zkafDiL.exe

MD5 3922962b594e61bcc0578ec027fe347c
SHA1 fad44faed756d3702f472e4996aa2388825eb67a
SHA256 22cb35fb5f06ee736139bca9a59c57e18949a97ceb00c725519d3f73fa66ef50
SHA512 cd846697d8068dfa63ac381ffd7613392b2de8b7e11b1207de03442e0867f258b161af5f81d789536bb20f0709bf01058af703675269f39f88345f97902a5d53

C:\Windows\System\oFfZCla.exe

MD5 bc5813c2bb211bccee5a73f582ae7ee1
SHA1 4f3ddd2a4618cd0485bee5035d09d2b417593b06
SHA256 a748923d61727f998b4b1f76d3dc00058e1688a941ac8952f0e3d9e699465653
SHA512 0bbeded7c57148011db8187dac229fc989c72d6d4a3b42f7714595a7801770209d0906b9ee80ba03d46174ef82f153073aa77f0804bab6b9f82c1f2c56812165

C:\Windows\System\XJJxzmQ.exe

MD5 627a40a9c5fe6c29c753ce2daf584ea1
SHA1 039e43e1b3f6a3606ceb2ff60b35a4e678ad7b35
SHA256 e729fe0ef4594d809cf1af9b9a8b1fad445a92e7f8cd52b50c6539bb6a922cc0
SHA512 0781619af86cea476adef28d16c2080c3a69028cffc4ffec793240717b588dd4ef9eeba4b4d90c8767de7813a8a88696dfa6b4ba4df7903eb99e7721b658bf7a

memory/2112-151-0x00007FF6BA850000-0x00007FF6BABA4000-memory.dmp

memory/1300-150-0x00007FF6A7E50000-0x00007FF6A81A4000-memory.dmp

C:\Windows\System\ohDjzIa.exe

MD5 41f441d3df51767ffdfc394b6ec1e1bd
SHA1 27095100765733128dfcf6aa84d1170781c37297
SHA256 64ea4681ff1fa7526e14e185f8383fd24e7b442e7e6721f77d9c4a63b815996a
SHA512 a33dd02beb4e7de82ebe4ce3c918b7b70f07852079cd2ec386754c08689c6b4923dbd962fb8bc6d8b4b2e77645bba4b25afeea3530f1d6b61dc0d75c648a278c

C:\Windows\System\UvmHhkZ.exe

MD5 9d460f5bd09079c2d8203f6a59523961
SHA1 99c6587525ae64e133900c4a3e6562c66d771c80
SHA256 da90965aafe54a2e009228998c43a332faed1388f8fb88d2116bf68d71a6178a
SHA512 9fa53c5a01add0fc55b79dcdbef7235fffd4b9413b99e527258130c1dad22558b7aad7ff055af73cbeac752b6aadc40f2bf0636e2e0bf2085ade4cc4c9654a79

C:\Windows\System\BzXhMdK.exe

MD5 cc08432c6edbb4ce9fbdf9eac6e1d7d3
SHA1 01e55fde216f5bb92e3d15ef30be228d815e22e0
SHA256 b9449d471de03bb8804f54932325e06df2b1003a2060d040193e8a032bba059c
SHA512 fa08634ad498a77121dedda70c9c4a33563a95926fe91b8dba27f675848f6d4adea7eb3018c257132719ae51e95b6e369357b01728e7e6d84f491a32e0dd46b7

C:\Windows\System\tvzmpex.exe

MD5 88a892563e99548022896d20f1451126
SHA1 8803f86f865bda9e26e2c62c8a2e1c3c2ce71053
SHA256 7ffe988f9d326bcf6ed7b61fa6873191019ad5149a02d2be78d2a4a598bab0dd
SHA512 c2f74e8138a011c4ac9b54b995fe53b78db9350d6d482ea7422d496e2b4cfb6f2c0ba7cad1ab6fa5a5587437df945c3d963a9c6f4ea75bf4ddd88feab14b3c30

C:\Windows\System\ocWEPgZ.exe

MD5 9c1f494c4db39464e05d74e22ce84c73
SHA1 734a1f1db6a7f2139210b2f0625f186704ed5678
SHA256 8284238ff2df22be6332de23923483301dbb8c8ede0a42511b4aa4cfdbf74009
SHA512 61a437d3c2f91e29ce23af5909dd5cb7081e355ce5c4cd92a60741648d00c0ed01ed49a892b7742102c33968ff13415062dc6ac20d94ba25a3fedbea28834804

memory/1216-121-0x00007FF62D0D0000-0x00007FF62D424000-memory.dmp

C:\Windows\System\alErfRH.exe

MD5 07680313f476ed058856f7c7dbd32659
SHA1 ea08a9fbb6a03815b73513c7caf80e2e2e59fc58
SHA256 951622ed1c97a901dfc151ef798a00f365802b3ccd12e2ae7ab697549d488869
SHA512 1b0ec727384c63c8016fdaea4ac62ff1eaf83c0601db4f4e4f0b023b264a8c1b4d07053c5a08ac18e4be8a1eba6c525a93bf74244337a45fe82592c9158c1e69

C:\Windows\System\WiuQKiX.exe

MD5 6acb4f9bf1def2142fd92d0951b33244
SHA1 0bdce0a861cce92e88038a1bf143a46e95339d7c
SHA256 47403bc5dca4a5c85483abbd4b30f2e5d4ba61a3711a80eb3367d8f8fecc6d78
SHA512 cd10d7b25fee07867efd8c4076f668db94d8f9a6035867c61c367f7c7ffa3e0066bc953165136b1c3b8426f244ea7ad651a0e4ab2549b0ad3fa703c06f31059f

C:\Windows\System\wHxWJQT.exe

MD5 38a52816a25c257b9f7836437af4ab14
SHA1 700884a68b7ff36b566a2f36a96baac27e3cd73d
SHA256 9dadad04914314cf08b3b76e128bbd388be443a08ed13c62397560ee62374009
SHA512 69014ce4d8ae5f5e22870d7fe857f1dcb35e4418220336ba24db2506e4bb5a8aa9e9546f4d5521661f2116e96204f58481ad2493d9d2e5a39a84188cc1089832

C:\Windows\System\ygJMnRZ.exe

MD5 7adde461bc40635d9c8070da2757a112
SHA1 0e60e70d42ab97ab16d48ef712062dd4d4fa5819
SHA256 3b8e4e51631ee040fa0a94a3229f33211b517e7c4475f4f0b607840d8440e687
SHA512 d1d30969f2b4bd6dfeeeb162664e87fa734c9e7de1754f904488b04c08a6b2ebf43df0fbd8878a5503d6b81cea104217c88fc425dec45b02dab041b48a83e745

memory/1516-101-0x00007FF70BF80000-0x00007FF70C2D4000-memory.dmp

memory/4588-97-0x00007FF6F3A40000-0x00007FF6F3D94000-memory.dmp

C:\Windows\System\QOrPASq.exe

MD5 9fcae5bedecba257f86576490ba3070c
SHA1 2b653dc8e3fb8f0f39e46027b6d92bb951b752c6
SHA256 0c25505be861ffb6cad556964efb950b3bd44c37adc84d5f1a7540c61ec8d91d
SHA512 042cdc55dcdda620301f10af65d6892dc849a7e40627a7f71ac4a2adecb59e3d3ab2fb46d01760cf6f20c8b4666591b540a08171117924888bc9177fa6f78f59

C:\Windows\System\NbKWgBX.exe

MD5 bfbba4f342e809f21a5f8b3ddeae486a
SHA1 8178cadb50d60e861d78d2b994b55bee73fca436
SHA256 42f9e88a7b76fa2a898efff279e0f6568be6d0bfb2c90d665d22b2ca0af3dbb4
SHA512 775e24a8e9e76fdd9d50aa56c7ec5afffeee4e60787abaaa4cb487882c091a3df899d304d65804eec78c40c3aa366d11624265b048c7991816ee173891e3817e

memory/380-81-0x00007FF718E20000-0x00007FF719174000-memory.dmp

C:\Windows\System\qxqBhzZ.exe

MD5 5364b14eb6c834918f926101d35c1cb2
SHA1 609b2adeeade0b8de163f663fc184cb7d88de559
SHA256 1199746e88405a6737baa725d9fcb946c2fbe4d45932492ffb7977cf115de1af
SHA512 b83389c4b318af8357b68136e17579e242e140c507c13c744bd03b9937c243078582de2446ccaa90ed71edb6006ad5b048339ea308916fd29b6e61b5834ff552

memory/5004-55-0x00007FF6943D0000-0x00007FF694724000-memory.dmp

C:\Windows\System\WqNcCed.exe

MD5 062b6b65c61dd7d6e4d6e3dc4955b21f
SHA1 228347cefcacbd90e54528d272de6f4530733a40
SHA256 5f35c4cbc9ed1599d29d835e3ef00a5363bc5829e48af856946f08b4f09327aa
SHA512 34415d80487cc77a935601249abc676a57551ad22ac9f7c054541630a89ca225b43c8a6a6b96f9cdf660424198e5b98ad30b3da7fdb54c89ab9a143f92229310

memory/2364-49-0x00007FF731680000-0x00007FF7319D4000-memory.dmp

C:\Windows\System\ddOXsjG.exe

MD5 971fea98005d8818d749639615e91be0
SHA1 f1c8f7b8145218161cb5633f6caf0d71f53895c8
SHA256 5dcbf6ed6048fb72160fa5d55a4f85b81e3834db74c619c2d85dc1b8d058ae39
SHA512 f31193c8c3de7e9a4b7ec2927216e5da0d1573a6c55d0f804b50c61b0cb3538494d2f9d4736624d4b0e3a456558e009b09e60fc5d7613f01ef83ee0cca74a333

C:\Windows\System\nadsGBW.exe

MD5 b66f0e0ce33be9c92d6a885792135771
SHA1 c9d6d138c4ff0bc3644133c721003ad87823a488
SHA256 109fa0ae8679b1089143a595746a3671548f33c0d401c38644dbc0c1d77d5a20
SHA512 f883671a8fe3159a1a892ba708a1cbbb9b7526614741c284ccc6018f803f09ecaf0a6bed8071efefe9d9d92a3c441a0eae5099cb399022478e3783a1e7e60d2c

C:\Windows\System\UnGnBCP.exe

MD5 c50d175625b4c02fcd19883a5d77d0ca
SHA1 f73c25a04f05befd71d656517f2da1d1113300c0
SHA256 b0833e86c49d634f39de07d1b6970199815e1e2f1b4bc4ac9fc7bf9b972523a2
SHA512 c5dc04477ab15a54f7f9bd722fb7ce78b945e43541128914ba1cf25511fcb0592d5723f53ed57601ed3c372c9ecc10a28c7763f60477804bed89684e57a14e12

memory/3116-33-0x00007FF789D30000-0x00007FF78A084000-memory.dmp

C:\Windows\System\emGDctt.exe

MD5 e46b961a74acebf7ffcb3e9a612c8914
SHA1 4d5d33703b9cc31e066f2503e4971355aab07e2b
SHA256 4515ee1ce2e73e69fd8522acef60ace18821ae38d1b939a78ef3f24b0d9ce0f3
SHA512 aad77d1bbde9aa9255e8295c3768c71f56a022e85c251f1d380d1896915e10268e9c1e19fa32abaa7f69f6d03243e9349002e10a24d09700d18aaf9cf4f7e6f5

memory/2536-1070-0x00007FF70F660000-0x00007FF70F9B4000-memory.dmp

memory/3116-1071-0x00007FF789D30000-0x00007FF78A084000-memory.dmp

memory/2364-1072-0x00007FF731680000-0x00007FF7319D4000-memory.dmp

memory/380-1074-0x00007FF718E20000-0x00007FF719174000-memory.dmp

memory/5004-1073-0x00007FF6943D0000-0x00007FF694724000-memory.dmp

memory/4588-1075-0x00007FF6F3A40000-0x00007FF6F3D94000-memory.dmp

memory/1516-1076-0x00007FF70BF80000-0x00007FF70C2D4000-memory.dmp

memory/1216-1077-0x00007FF62D0D0000-0x00007FF62D424000-memory.dmp

memory/2212-1078-0x00007FF7106B0000-0x00007FF710A04000-memory.dmp

memory/3116-1079-0x00007FF789D30000-0x00007FF78A084000-memory.dmp

memory/2364-1080-0x00007FF731680000-0x00007FF7319D4000-memory.dmp

memory/5004-1081-0x00007FF6943D0000-0x00007FF694724000-memory.dmp

memory/3092-1082-0x00007FF6B2BE0000-0x00007FF6B2F34000-memory.dmp

memory/980-1083-0x00007FF7380E0000-0x00007FF738434000-memory.dmp

memory/3276-1084-0x00007FF6448E0000-0x00007FF644C34000-memory.dmp

memory/3328-1085-0x00007FF6E68E0000-0x00007FF6E6C34000-memory.dmp

memory/2724-1099-0x00007FF6250B0000-0x00007FF625404000-memory.dmp

memory/4008-1101-0x00007FF773310000-0x00007FF773664000-memory.dmp

memory/2796-1104-0x00007FF767EA0000-0x00007FF7681F4000-memory.dmp

memory/4864-1106-0x00007FF79F1D0000-0x00007FF79F524000-memory.dmp

memory/3444-1105-0x00007FF776950000-0x00007FF776CA4000-memory.dmp

memory/4792-1103-0x00007FF6F24F0000-0x00007FF6F2844000-memory.dmp

memory/3752-1102-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp

memory/1372-1100-0x00007FF7B1AB0000-0x00007FF7B1E04000-memory.dmp

memory/4588-1098-0x00007FF6F3A40000-0x00007FF6F3D94000-memory.dmp

memory/1216-1097-0x00007FF62D0D0000-0x00007FF62D424000-memory.dmp

memory/1300-1096-0x00007FF6A7E50000-0x00007FF6A81A4000-memory.dmp

memory/2052-1095-0x00007FF6B6330000-0x00007FF6B6684000-memory.dmp

memory/2112-1094-0x00007FF6BA850000-0x00007FF6BABA4000-memory.dmp

memory/3232-1093-0x00007FF690D40000-0x00007FF691094000-memory.dmp

memory/3248-1092-0x00007FF6D9A80000-0x00007FF6D9DD4000-memory.dmp

memory/380-1091-0x00007FF718E20000-0x00007FF719174000-memory.dmp

memory/1516-1089-0x00007FF70BF80000-0x00007FF70C2D4000-memory.dmp

memory/5104-1087-0x00007FF61DFF0000-0x00007FF61E344000-memory.dmp

memory/2748-1086-0x00007FF6A9E50000-0x00007FF6AA1A4000-memory.dmp

memory/1132-1090-0x00007FF710FA0000-0x00007FF7112F4000-memory.dmp

memory/3676-1088-0x00007FF77DB70000-0x00007FF77DEC4000-memory.dmp