Malware Analysis Report

2024-10-16 07:56

Sample ID 240601-q9b6xseh22
Target fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe
SHA256 fcea02282765152fadae8aa28d4d7a96d33b9bf4b42b7f089760f943fbb6bef3
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fcea02282765152fadae8aa28d4d7a96d33b9bf4b42b7f089760f943fbb6bef3

Threat Level: Known bad

The file fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Kpot family

KPOT Core Executable

xmrig

KPOT

Xmrig family

XMRig Miner payload

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 13:57

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 13:57

Reported

2024-06-01 13:59

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kMghhdA.exe N/A
N/A N/A C:\Windows\System\jAlBOSR.exe N/A
N/A N/A C:\Windows\System\mppKCZC.exe N/A
N/A N/A C:\Windows\System\MwIUaYI.exe N/A
N/A N/A C:\Windows\System\VOBZLNn.exe N/A
N/A N/A C:\Windows\System\eweVLGw.exe N/A
N/A N/A C:\Windows\System\hcKheac.exe N/A
N/A N/A C:\Windows\System\FAkRbyP.exe N/A
N/A N/A C:\Windows\System\RCSSlOY.exe N/A
N/A N/A C:\Windows\System\WmMDDyS.exe N/A
N/A N/A C:\Windows\System\FSJVPvQ.exe N/A
N/A N/A C:\Windows\System\PtmIULu.exe N/A
N/A N/A C:\Windows\System\zeOPdli.exe N/A
N/A N/A C:\Windows\System\alOVbns.exe N/A
N/A N/A C:\Windows\System\gjFmvmt.exe N/A
N/A N/A C:\Windows\System\bTgmzJI.exe N/A
N/A N/A C:\Windows\System\kAKKnTn.exe N/A
N/A N/A C:\Windows\System\IkNPxhf.exe N/A
N/A N/A C:\Windows\System\eNiTeGB.exe N/A
N/A N/A C:\Windows\System\UdagYue.exe N/A
N/A N/A C:\Windows\System\VCjBmKL.exe N/A
N/A N/A C:\Windows\System\vTBAbmP.exe N/A
N/A N/A C:\Windows\System\pPVqLvM.exe N/A
N/A N/A C:\Windows\System\vhZGdtA.exe N/A
N/A N/A C:\Windows\System\KcFcbQI.exe N/A
N/A N/A C:\Windows\System\ZbXVUOY.exe N/A
N/A N/A C:\Windows\System\fCnRCoX.exe N/A
N/A N/A C:\Windows\System\hjUCOGs.exe N/A
N/A N/A C:\Windows\System\nZMTurA.exe N/A
N/A N/A C:\Windows\System\bcQVgZP.exe N/A
N/A N/A C:\Windows\System\TsTSUqa.exe N/A
N/A N/A C:\Windows\System\YlxaqWT.exe N/A
N/A N/A C:\Windows\System\SzfJpyf.exe N/A
N/A N/A C:\Windows\System\eYpFPCu.exe N/A
N/A N/A C:\Windows\System\XQKuRYO.exe N/A
N/A N/A C:\Windows\System\vlBIoNS.exe N/A
N/A N/A C:\Windows\System\qfkgckm.exe N/A
N/A N/A C:\Windows\System\cIxpmaX.exe N/A
N/A N/A C:\Windows\System\JZEItMc.exe N/A
N/A N/A C:\Windows\System\wbeaopZ.exe N/A
N/A N/A C:\Windows\System\BeuDwLZ.exe N/A
N/A N/A C:\Windows\System\Lkdxgoh.exe N/A
N/A N/A C:\Windows\System\qtfGyMV.exe N/A
N/A N/A C:\Windows\System\EKqnyQw.exe N/A
N/A N/A C:\Windows\System\KbrHNjC.exe N/A
N/A N/A C:\Windows\System\aGPjXdB.exe N/A
N/A N/A C:\Windows\System\sGNgWOW.exe N/A
N/A N/A C:\Windows\System\anTduEd.exe N/A
N/A N/A C:\Windows\System\aaizlFg.exe N/A
N/A N/A C:\Windows\System\UdODuTz.exe N/A
N/A N/A C:\Windows\System\UKcIkLs.exe N/A
N/A N/A C:\Windows\System\LJnmANr.exe N/A
N/A N/A C:\Windows\System\RigxQsr.exe N/A
N/A N/A C:\Windows\System\wsPhvbk.exe N/A
N/A N/A C:\Windows\System\tdvNkFg.exe N/A
N/A N/A C:\Windows\System\OmqXQKY.exe N/A
N/A N/A C:\Windows\System\gKsLdvS.exe N/A
N/A N/A C:\Windows\System\HbCXoBu.exe N/A
N/A N/A C:\Windows\System\skqlchL.exe N/A
N/A N/A C:\Windows\System\oiTuvxM.exe N/A
N/A N/A C:\Windows\System\eEwSceJ.exe N/A
N/A N/A C:\Windows\System\vJipjoa.exe N/A
N/A N/A C:\Windows\System\DFCEFnc.exe N/A
N/A N/A C:\Windows\System\ocDJvMV.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EKqnyQw.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\skqlchL.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\CuwVGGW.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTTkebO.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzGENpw.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\eweVLGw.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\TsTSUqa.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlBIoNS.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEcqkZP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTbgGPH.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\NMnGoFX.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVEKvCJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\KnIjdtm.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmduRRV.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAkRbyP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjFmvmt.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZMTurA.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryktOWq.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTshJXC.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\okWgMVi.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UYsuqNp.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEYTkbD.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\zeOPdli.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNiTeGB.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\anTduEd.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEGVNoF.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOPyGLg.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\BeuDwLZ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADxjlwH.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkSgjGs.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTEVoiP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\aaizlFg.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\qbJJYRS.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwrvbGj.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVCvojt.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMuFcZC.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuzogAK.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhZGdtA.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdODuTz.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFCEFnc.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeXvchj.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVGnbeR.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\glGqgAx.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVdEGcP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQohBGv.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMXUFuy.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTgmzJI.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\mqGwwGT.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxCGfLJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfMeUlb.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPPQPSo.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSunZRl.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNuUkVd.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwDLbED.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYtXfCm.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHtGHEP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\DaevHNL.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcKheac.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbCXoBu.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\VvDJRvz.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmMDDyS.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvqNdIM.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gAmNKur.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZQqVBgL.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\kMghhdA.exe
PID 2428 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\kMghhdA.exe
PID 2428 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\jAlBOSR.exe
PID 2428 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\jAlBOSR.exe
PID 2428 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\mppKCZC.exe
PID 2428 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\mppKCZC.exe
PID 2428 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\MwIUaYI.exe
PID 2428 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\MwIUaYI.exe
PID 2428 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VOBZLNn.exe
PID 2428 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VOBZLNn.exe
PID 2428 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\eweVLGw.exe
PID 2428 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\eweVLGw.exe
PID 2428 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\hcKheac.exe
PID 2428 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\hcKheac.exe
PID 2428 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\FAkRbyP.exe
PID 2428 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\FAkRbyP.exe
PID 2428 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RCSSlOY.exe
PID 2428 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RCSSlOY.exe
PID 2428 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\WmMDDyS.exe
PID 2428 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\WmMDDyS.exe
PID 2428 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\FSJVPvQ.exe
PID 2428 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\FSJVPvQ.exe
PID 2428 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\PtmIULu.exe
PID 2428 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\PtmIULu.exe
PID 2428 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\zeOPdli.exe
PID 2428 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\zeOPdli.exe
PID 2428 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\alOVbns.exe
PID 2428 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\alOVbns.exe
PID 2428 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\gjFmvmt.exe
PID 2428 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\gjFmvmt.exe
PID 2428 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\bTgmzJI.exe
PID 2428 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\bTgmzJI.exe
PID 2428 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\kAKKnTn.exe
PID 2428 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\kAKKnTn.exe
PID 2428 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\IkNPxhf.exe
PID 2428 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\IkNPxhf.exe
PID 2428 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\eNiTeGB.exe
PID 2428 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\eNiTeGB.exe
PID 2428 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UdagYue.exe
PID 2428 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UdagYue.exe
PID 2428 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VCjBmKL.exe
PID 2428 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VCjBmKL.exe
PID 2428 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\vTBAbmP.exe
PID 2428 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\vTBAbmP.exe
PID 2428 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\pPVqLvM.exe
PID 2428 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\pPVqLvM.exe
PID 2428 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\vhZGdtA.exe
PID 2428 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\vhZGdtA.exe
PID 2428 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\KcFcbQI.exe
PID 2428 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\KcFcbQI.exe
PID 2428 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\fCnRCoX.exe
PID 2428 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\fCnRCoX.exe
PID 2428 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ZbXVUOY.exe
PID 2428 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ZbXVUOY.exe
PID 2428 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\hjUCOGs.exe
PID 2428 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\hjUCOGs.exe
PID 2428 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\nZMTurA.exe
PID 2428 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\nZMTurA.exe
PID 2428 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\bcQVgZP.exe
PID 2428 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\bcQVgZP.exe
PID 2428 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\TsTSUqa.exe
PID 2428 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\TsTSUqa.exe
PID 2428 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\YlxaqWT.exe
PID 2428 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\YlxaqWT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe"

C:\Windows\System\kMghhdA.exe

C:\Windows\System\kMghhdA.exe

C:\Windows\System\jAlBOSR.exe

C:\Windows\System\jAlBOSR.exe

C:\Windows\System\mppKCZC.exe

C:\Windows\System\mppKCZC.exe

C:\Windows\System\MwIUaYI.exe

C:\Windows\System\MwIUaYI.exe

C:\Windows\System\VOBZLNn.exe

C:\Windows\System\VOBZLNn.exe

C:\Windows\System\eweVLGw.exe

C:\Windows\System\eweVLGw.exe

C:\Windows\System\hcKheac.exe

C:\Windows\System\hcKheac.exe

C:\Windows\System\FAkRbyP.exe

C:\Windows\System\FAkRbyP.exe

C:\Windows\System\RCSSlOY.exe

C:\Windows\System\RCSSlOY.exe

C:\Windows\System\WmMDDyS.exe

C:\Windows\System\WmMDDyS.exe

C:\Windows\System\FSJVPvQ.exe

C:\Windows\System\FSJVPvQ.exe

C:\Windows\System\PtmIULu.exe

C:\Windows\System\PtmIULu.exe

C:\Windows\System\zeOPdli.exe

C:\Windows\System\zeOPdli.exe

C:\Windows\System\alOVbns.exe

C:\Windows\System\alOVbns.exe

C:\Windows\System\gjFmvmt.exe

C:\Windows\System\gjFmvmt.exe

C:\Windows\System\bTgmzJI.exe

C:\Windows\System\bTgmzJI.exe

C:\Windows\System\kAKKnTn.exe

C:\Windows\System\kAKKnTn.exe

C:\Windows\System\IkNPxhf.exe

C:\Windows\System\IkNPxhf.exe

C:\Windows\System\eNiTeGB.exe

C:\Windows\System\eNiTeGB.exe

C:\Windows\System\UdagYue.exe

C:\Windows\System\UdagYue.exe

C:\Windows\System\VCjBmKL.exe

C:\Windows\System\VCjBmKL.exe

C:\Windows\System\vTBAbmP.exe

C:\Windows\System\vTBAbmP.exe

C:\Windows\System\pPVqLvM.exe

C:\Windows\System\pPVqLvM.exe

C:\Windows\System\vhZGdtA.exe

C:\Windows\System\vhZGdtA.exe

C:\Windows\System\KcFcbQI.exe

C:\Windows\System\KcFcbQI.exe

C:\Windows\System\fCnRCoX.exe

C:\Windows\System\fCnRCoX.exe

C:\Windows\System\ZbXVUOY.exe

C:\Windows\System\ZbXVUOY.exe

C:\Windows\System\hjUCOGs.exe

C:\Windows\System\hjUCOGs.exe

C:\Windows\System\nZMTurA.exe

C:\Windows\System\nZMTurA.exe

C:\Windows\System\bcQVgZP.exe

C:\Windows\System\bcQVgZP.exe

C:\Windows\System\TsTSUqa.exe

C:\Windows\System\TsTSUqa.exe

C:\Windows\System\YlxaqWT.exe

C:\Windows\System\YlxaqWT.exe

C:\Windows\System\eYpFPCu.exe

C:\Windows\System\eYpFPCu.exe

C:\Windows\System\SzfJpyf.exe

C:\Windows\System\SzfJpyf.exe

C:\Windows\System\XQKuRYO.exe

C:\Windows\System\XQKuRYO.exe

C:\Windows\System\vlBIoNS.exe

C:\Windows\System\vlBIoNS.exe

C:\Windows\System\qfkgckm.exe

C:\Windows\System\qfkgckm.exe

C:\Windows\System\cIxpmaX.exe

C:\Windows\System\cIxpmaX.exe

C:\Windows\System\JZEItMc.exe

C:\Windows\System\JZEItMc.exe

C:\Windows\System\wbeaopZ.exe

C:\Windows\System\wbeaopZ.exe

C:\Windows\System\BeuDwLZ.exe

C:\Windows\System\BeuDwLZ.exe

C:\Windows\System\Lkdxgoh.exe

C:\Windows\System\Lkdxgoh.exe

C:\Windows\System\qtfGyMV.exe

C:\Windows\System\qtfGyMV.exe

C:\Windows\System\EKqnyQw.exe

C:\Windows\System\EKqnyQw.exe

C:\Windows\System\KbrHNjC.exe

C:\Windows\System\KbrHNjC.exe

C:\Windows\System\aGPjXdB.exe

C:\Windows\System\aGPjXdB.exe

C:\Windows\System\sGNgWOW.exe

C:\Windows\System\sGNgWOW.exe

C:\Windows\System\anTduEd.exe

C:\Windows\System\anTduEd.exe

C:\Windows\System\aaizlFg.exe

C:\Windows\System\aaizlFg.exe

C:\Windows\System\UdODuTz.exe

C:\Windows\System\UdODuTz.exe

C:\Windows\System\UKcIkLs.exe

C:\Windows\System\UKcIkLs.exe

C:\Windows\System\LJnmANr.exe

C:\Windows\System\LJnmANr.exe

C:\Windows\System\RigxQsr.exe

C:\Windows\System\RigxQsr.exe

C:\Windows\System\wsPhvbk.exe

C:\Windows\System\wsPhvbk.exe

C:\Windows\System\tdvNkFg.exe

C:\Windows\System\tdvNkFg.exe

C:\Windows\System\OmqXQKY.exe

C:\Windows\System\OmqXQKY.exe

C:\Windows\System\gKsLdvS.exe

C:\Windows\System\gKsLdvS.exe

C:\Windows\System\HbCXoBu.exe

C:\Windows\System\HbCXoBu.exe

C:\Windows\System\skqlchL.exe

C:\Windows\System\skqlchL.exe

C:\Windows\System\oiTuvxM.exe

C:\Windows\System\oiTuvxM.exe

C:\Windows\System\eEwSceJ.exe

C:\Windows\System\eEwSceJ.exe

C:\Windows\System\DFCEFnc.exe

C:\Windows\System\DFCEFnc.exe

C:\Windows\System\vJipjoa.exe

C:\Windows\System\vJipjoa.exe

C:\Windows\System\ocDJvMV.exe

C:\Windows\System\ocDJvMV.exe

C:\Windows\System\YoKVvTD.exe

C:\Windows\System\YoKVvTD.exe

C:\Windows\System\gNEpZaD.exe

C:\Windows\System\gNEpZaD.exe

C:\Windows\System\JgHqVWc.exe

C:\Windows\System\JgHqVWc.exe

C:\Windows\System\XaRbAWe.exe

C:\Windows\System\XaRbAWe.exe

C:\Windows\System\HTxGZrB.exe

C:\Windows\System\HTxGZrB.exe

C:\Windows\System\dEjJHeM.exe

C:\Windows\System\dEjJHeM.exe

C:\Windows\System\nlyxWRN.exe

C:\Windows\System\nlyxWRN.exe

C:\Windows\System\TIKdpLG.exe

C:\Windows\System\TIKdpLG.exe

C:\Windows\System\ryktOWq.exe

C:\Windows\System\ryktOWq.exe

C:\Windows\System\bReYDdn.exe

C:\Windows\System\bReYDdn.exe

C:\Windows\System\PnGsyEn.exe

C:\Windows\System\PnGsyEn.exe

C:\Windows\System\YGurqsb.exe

C:\Windows\System\YGurqsb.exe

C:\Windows\System\XcPaueO.exe

C:\Windows\System\XcPaueO.exe

C:\Windows\System\rgCWPcC.exe

C:\Windows\System\rgCWPcC.exe

C:\Windows\System\mnjfclA.exe

C:\Windows\System\mnjfclA.exe

C:\Windows\System\igvHHEM.exe

C:\Windows\System\igvHHEM.exe

C:\Windows\System\ZRBtEmm.exe

C:\Windows\System\ZRBtEmm.exe

C:\Windows\System\gTbgGPH.exe

C:\Windows\System\gTbgGPH.exe

C:\Windows\System\mqSONnr.exe

C:\Windows\System\mqSONnr.exe

C:\Windows\System\xTGqoHq.exe

C:\Windows\System\xTGqoHq.exe

C:\Windows\System\qbJJYRS.exe

C:\Windows\System\qbJJYRS.exe

C:\Windows\System\PMjAkrW.exe

C:\Windows\System\PMjAkrW.exe

C:\Windows\System\FTeEUdf.exe

C:\Windows\System\FTeEUdf.exe

C:\Windows\System\wbKswgK.exe

C:\Windows\System\wbKswgK.exe

C:\Windows\System\mqGwwGT.exe

C:\Windows\System\mqGwwGT.exe

C:\Windows\System\MDbYpae.exe

C:\Windows\System\MDbYpae.exe

C:\Windows\System\vqtmHJD.exe

C:\Windows\System\vqtmHJD.exe

C:\Windows\System\jeXvchj.exe

C:\Windows\System\jeXvchj.exe

C:\Windows\System\appSVBe.exe

C:\Windows\System\appSVBe.exe

C:\Windows\System\lZjgnkK.exe

C:\Windows\System\lZjgnkK.exe

C:\Windows\System\aGGbQXp.exe

C:\Windows\System\aGGbQXp.exe

C:\Windows\System\VXPzzCI.exe

C:\Windows\System\VXPzzCI.exe

C:\Windows\System\GHUDFda.exe

C:\Windows\System\GHUDFda.exe

C:\Windows\System\hhoIewT.exe

C:\Windows\System\hhoIewT.exe

C:\Windows\System\ujGSzGK.exe

C:\Windows\System\ujGSzGK.exe

C:\Windows\System\iDmNvDC.exe

C:\Windows\System\iDmNvDC.exe

C:\Windows\System\DOnPKCx.exe

C:\Windows\System\DOnPKCx.exe

C:\Windows\System\voGrfyI.exe

C:\Windows\System\voGrfyI.exe

C:\Windows\System\YRScICB.exe

C:\Windows\System\YRScICB.exe

C:\Windows\System\vAeaQQf.exe

C:\Windows\System\vAeaQQf.exe

C:\Windows\System\NMnGoFX.exe

C:\Windows\System\NMnGoFX.exe

C:\Windows\System\zWffUbe.exe

C:\Windows\System\zWffUbe.exe

C:\Windows\System\aZbKGkG.exe

C:\Windows\System\aZbKGkG.exe

C:\Windows\System\SxCGfLJ.exe

C:\Windows\System\SxCGfLJ.exe

C:\Windows\System\DaKkMNo.exe

C:\Windows\System\DaKkMNo.exe

C:\Windows\System\ZQqVBgL.exe

C:\Windows\System\ZQqVBgL.exe

C:\Windows\System\yTnvAqP.exe

C:\Windows\System\yTnvAqP.exe

C:\Windows\System\kHGDuau.exe

C:\Windows\System\kHGDuau.exe

C:\Windows\System\mCitzyA.exe

C:\Windows\System\mCitzyA.exe

C:\Windows\System\SwGXFjJ.exe

C:\Windows\System\SwGXFjJ.exe

C:\Windows\System\ldlaxWV.exe

C:\Windows\System\ldlaxWV.exe

C:\Windows\System\JmoWhzZ.exe

C:\Windows\System\JmoWhzZ.exe

C:\Windows\System\FRBbTjv.exe

C:\Windows\System\FRBbTjv.exe

C:\Windows\System\YNuUkVd.exe

C:\Windows\System\YNuUkVd.exe

C:\Windows\System\uSnfLGd.exe

C:\Windows\System\uSnfLGd.exe

C:\Windows\System\QhJgOPp.exe

C:\Windows\System\QhJgOPp.exe

C:\Windows\System\qSoftoJ.exe

C:\Windows\System\qSoftoJ.exe

C:\Windows\System\jnNcviP.exe

C:\Windows\System\jnNcviP.exe

C:\Windows\System\RqkLXAW.exe

C:\Windows\System\RqkLXAW.exe

C:\Windows\System\sDhvJzm.exe

C:\Windows\System\sDhvJzm.exe

C:\Windows\System\LcHodiC.exe

C:\Windows\System\LcHodiC.exe

C:\Windows\System\LwDLbED.exe

C:\Windows\System\LwDLbED.exe

C:\Windows\System\quytEiv.exe

C:\Windows\System\quytEiv.exe

C:\Windows\System\IxAXgPD.exe

C:\Windows\System\IxAXgPD.exe

C:\Windows\System\ILSZCrc.exe

C:\Windows\System\ILSZCrc.exe

C:\Windows\System\gVCvojt.exe

C:\Windows\System\gVCvojt.exe

C:\Windows\System\yTshJXC.exe

C:\Windows\System\yTshJXC.exe

C:\Windows\System\BIXSxxc.exe

C:\Windows\System\BIXSxxc.exe

C:\Windows\System\XtjmCdE.exe

C:\Windows\System\XtjmCdE.exe

C:\Windows\System\ZLNNCbj.exe

C:\Windows\System\ZLNNCbj.exe

C:\Windows\System\BnOWrvW.exe

C:\Windows\System\BnOWrvW.exe

C:\Windows\System\nTyJSID.exe

C:\Windows\System\nTyJSID.exe

C:\Windows\System\FrUMhfc.exe

C:\Windows\System\FrUMhfc.exe

C:\Windows\System\eRsIHHU.exe

C:\Windows\System\eRsIHHU.exe

C:\Windows\System\zyOyKYA.exe

C:\Windows\System\zyOyKYA.exe

C:\Windows\System\IeYPVKY.exe

C:\Windows\System\IeYPVKY.exe

C:\Windows\System\JwrvbGj.exe

C:\Windows\System\JwrvbGj.exe

C:\Windows\System\EIvkEKc.exe

C:\Windows\System\EIvkEKc.exe

C:\Windows\System\okWgMVi.exe

C:\Windows\System\okWgMVi.exe

C:\Windows\System\iYtXfCm.exe

C:\Windows\System\iYtXfCm.exe

C:\Windows\System\yJSKfjj.exe

C:\Windows\System\yJSKfjj.exe

C:\Windows\System\XkSgjGs.exe

C:\Windows\System\XkSgjGs.exe

C:\Windows\System\BhpEcgC.exe

C:\Windows\System\BhpEcgC.exe

C:\Windows\System\nzULjCN.exe

C:\Windows\System\nzULjCN.exe

C:\Windows\System\kZSBHYD.exe

C:\Windows\System\kZSBHYD.exe

C:\Windows\System\XYKcGmB.exe

C:\Windows\System\XYKcGmB.exe

C:\Windows\System\JWpiWgo.exe

C:\Windows\System\JWpiWgo.exe

C:\Windows\System\vzvosbl.exe

C:\Windows\System\vzvosbl.exe

C:\Windows\System\KQQsYFN.exe

C:\Windows\System\KQQsYFN.exe

C:\Windows\System\smdKEez.exe

C:\Windows\System\smdKEez.exe

C:\Windows\System\zvqNdIM.exe

C:\Windows\System\zvqNdIM.exe

C:\Windows\System\KhwsEmA.exe

C:\Windows\System\KhwsEmA.exe

C:\Windows\System\UiycwvZ.exe

C:\Windows\System\UiycwvZ.exe

C:\Windows\System\QnOPpYp.exe

C:\Windows\System\QnOPpYp.exe

C:\Windows\System\pXSprZX.exe

C:\Windows\System\pXSprZX.exe

C:\Windows\System\sfMeUlb.exe

C:\Windows\System\sfMeUlb.exe

C:\Windows\System\megSKRp.exe

C:\Windows\System\megSKRp.exe

C:\Windows\System\FVEKvCJ.exe

C:\Windows\System\FVEKvCJ.exe

C:\Windows\System\Qklsclv.exe

C:\Windows\System\Qklsclv.exe

C:\Windows\System\dFRjtzV.exe

C:\Windows\System\dFRjtzV.exe

C:\Windows\System\STxYbgE.exe

C:\Windows\System\STxYbgE.exe

C:\Windows\System\vnYqrdN.exe

C:\Windows\System\vnYqrdN.exe

C:\Windows\System\sEBGwWF.exe

C:\Windows\System\sEBGwWF.exe

C:\Windows\System\LvAFIfb.exe

C:\Windows\System\LvAFIfb.exe

C:\Windows\System\lCKNSdQ.exe

C:\Windows\System\lCKNSdQ.exe

C:\Windows\System\xpNFsgt.exe

C:\Windows\System\xpNFsgt.exe

C:\Windows\System\VvDJRvz.exe

C:\Windows\System\VvDJRvz.exe

C:\Windows\System\JTmyVUx.exe

C:\Windows\System\JTmyVUx.exe

C:\Windows\System\mngNXDf.exe

C:\Windows\System\mngNXDf.exe

C:\Windows\System\rRqQiJs.exe

C:\Windows\System\rRqQiJs.exe

C:\Windows\System\QvHDgHf.exe

C:\Windows\System\QvHDgHf.exe

C:\Windows\System\EFzcVYI.exe

C:\Windows\System\EFzcVYI.exe

C:\Windows\System\reIUQHj.exe

C:\Windows\System\reIUQHj.exe

C:\Windows\System\qGyCArF.exe

C:\Windows\System\qGyCArF.exe

C:\Windows\System\VNKDHQu.exe

C:\Windows\System\VNKDHQu.exe

C:\Windows\System\SviawXe.exe

C:\Windows\System\SviawXe.exe

C:\Windows\System\rvmrhiQ.exe

C:\Windows\System\rvmrhiQ.exe

C:\Windows\System\tZJCwlV.exe

C:\Windows\System\tZJCwlV.exe

C:\Windows\System\EfthkMm.exe

C:\Windows\System\EfthkMm.exe

C:\Windows\System\RlXXfTa.exe

C:\Windows\System\RlXXfTa.exe

C:\Windows\System\AGwzoib.exe

C:\Windows\System\AGwzoib.exe

C:\Windows\System\GxnvmDc.exe

C:\Windows\System\GxnvmDc.exe

C:\Windows\System\tGZQqOX.exe

C:\Windows\System\tGZQqOX.exe

C:\Windows\System\QTEVoiP.exe

C:\Windows\System\QTEVoiP.exe

C:\Windows\System\mTVWSmD.exe

C:\Windows\System\mTVWSmD.exe

C:\Windows\System\UsNGkEo.exe

C:\Windows\System\UsNGkEo.exe

C:\Windows\System\pMuFcZC.exe

C:\Windows\System\pMuFcZC.exe

C:\Windows\System\yIJosGe.exe

C:\Windows\System\yIJosGe.exe

C:\Windows\System\glGqgAx.exe

C:\Windows\System\glGqgAx.exe

C:\Windows\System\tRsNTzt.exe

C:\Windows\System\tRsNTzt.exe

C:\Windows\System\NxMrIji.exe

C:\Windows\System\NxMrIji.exe

C:\Windows\System\oeOScGM.exe

C:\Windows\System\oeOScGM.exe

C:\Windows\System\yxskEWZ.exe

C:\Windows\System\yxskEWZ.exe

C:\Windows\System\IugabbZ.exe

C:\Windows\System\IugabbZ.exe

C:\Windows\System\WUQLbWK.exe

C:\Windows\System\WUQLbWK.exe

C:\Windows\System\JPKrMUB.exe

C:\Windows\System\JPKrMUB.exe

C:\Windows\System\zmRTzlc.exe

C:\Windows\System\zmRTzlc.exe

C:\Windows\System\fHtGHEP.exe

C:\Windows\System\fHtGHEP.exe

C:\Windows\System\JyaCJPX.exe

C:\Windows\System\JyaCJPX.exe

C:\Windows\System\MPPQPSo.exe

C:\Windows\System\MPPQPSo.exe

C:\Windows\System\FqvTUhM.exe

C:\Windows\System\FqvTUhM.exe

C:\Windows\System\MHKPbJU.exe

C:\Windows\System\MHKPbJU.exe

C:\Windows\System\mMmvdcM.exe

C:\Windows\System\mMmvdcM.exe

C:\Windows\System\xMSyufs.exe

C:\Windows\System\xMSyufs.exe

C:\Windows\System\nAArIKo.exe

C:\Windows\System\nAArIKo.exe

C:\Windows\System\NybuNry.exe

C:\Windows\System\NybuNry.exe

C:\Windows\System\JuzogAK.exe

C:\Windows\System\JuzogAK.exe

C:\Windows\System\UMWCHiE.exe

C:\Windows\System\UMWCHiE.exe

C:\Windows\System\FxKLySA.exe

C:\Windows\System\FxKLySA.exe

C:\Windows\System\gAmNKur.exe

C:\Windows\System\gAmNKur.exe

C:\Windows\System\lNlUquo.exe

C:\Windows\System\lNlUquo.exe

C:\Windows\System\VwSGoZZ.exe

C:\Windows\System\VwSGoZZ.exe

C:\Windows\System\CuwVGGW.exe

C:\Windows\System\CuwVGGW.exe

C:\Windows\System\mHHuDbp.exe

C:\Windows\System\mHHuDbp.exe

C:\Windows\System\uaCTobF.exe

C:\Windows\System\uaCTobF.exe

C:\Windows\System\oLZyTER.exe

C:\Windows\System\oLZyTER.exe

C:\Windows\System\UFpZHMN.exe

C:\Windows\System\UFpZHMN.exe

C:\Windows\System\rQfLxOG.exe

C:\Windows\System\rQfLxOG.exe

C:\Windows\System\sIfYkRc.exe

C:\Windows\System\sIfYkRc.exe

C:\Windows\System\KwHpJDe.exe

C:\Windows\System\KwHpJDe.exe

C:\Windows\System\utVlhPA.exe

C:\Windows\System\utVlhPA.exe

C:\Windows\System\kOvfxgz.exe

C:\Windows\System\kOvfxgz.exe

C:\Windows\System\sWOZNHy.exe

C:\Windows\System\sWOZNHy.exe

C:\Windows\System\zWEBphn.exe

C:\Windows\System\zWEBphn.exe

C:\Windows\System\HSunZRl.exe

C:\Windows\System\HSunZRl.exe

C:\Windows\System\WJIhBVg.exe

C:\Windows\System\WJIhBVg.exe

C:\Windows\System\gOKPrIM.exe

C:\Windows\System\gOKPrIM.exe

C:\Windows\System\mgRGzdD.exe

C:\Windows\System\mgRGzdD.exe

C:\Windows\System\ysJiWXI.exe

C:\Windows\System\ysJiWXI.exe

C:\Windows\System\ZaFMAus.exe

C:\Windows\System\ZaFMAus.exe

C:\Windows\System\neiCZHG.exe

C:\Windows\System\neiCZHG.exe

C:\Windows\System\vhsPiTt.exe

C:\Windows\System\vhsPiTt.exe

C:\Windows\System\TVdEGcP.exe

C:\Windows\System\TVdEGcP.exe

C:\Windows\System\OqrvUHQ.exe

C:\Windows\System\OqrvUHQ.exe

C:\Windows\System\KTTkebO.exe

C:\Windows\System\KTTkebO.exe

C:\Windows\System\CJUAOtn.exe

C:\Windows\System\CJUAOtn.exe

C:\Windows\System\sBSnSbJ.exe

C:\Windows\System\sBSnSbJ.exe

C:\Windows\System\spYTYTW.exe

C:\Windows\System\spYTYTW.exe

C:\Windows\System\SypnYip.exe

C:\Windows\System\SypnYip.exe

C:\Windows\System\ADFrekS.exe

C:\Windows\System\ADFrekS.exe

C:\Windows\System\jaOyQYT.exe

C:\Windows\System\jaOyQYT.exe

C:\Windows\System\ZISGZax.exe

C:\Windows\System\ZISGZax.exe

C:\Windows\System\yIHcEUW.exe

C:\Windows\System\yIHcEUW.exe

C:\Windows\System\vHspZAx.exe

C:\Windows\System\vHspZAx.exe

C:\Windows\System\LCmQdCr.exe

C:\Windows\System\LCmQdCr.exe

C:\Windows\System\roFExLT.exe

C:\Windows\System\roFExLT.exe

C:\Windows\System\afUTQhp.exe

C:\Windows\System\afUTQhp.exe

C:\Windows\System\tjHbxnv.exe

C:\Windows\System\tjHbxnv.exe

C:\Windows\System\mDydftK.exe

C:\Windows\System\mDydftK.exe

C:\Windows\System\xeAKnRp.exe

C:\Windows\System\xeAKnRp.exe

C:\Windows\System\UYsuqNp.exe

C:\Windows\System\UYsuqNp.exe

C:\Windows\System\rUYICMf.exe

C:\Windows\System\rUYICMf.exe

C:\Windows\System\YIYYMbB.exe

C:\Windows\System\YIYYMbB.exe

C:\Windows\System\hwctraG.exe

C:\Windows\System\hwctraG.exe

C:\Windows\System\SEYTkbD.exe

C:\Windows\System\SEYTkbD.exe

C:\Windows\System\TzHHhNY.exe

C:\Windows\System\TzHHhNY.exe

C:\Windows\System\OaZhmHC.exe

C:\Windows\System\OaZhmHC.exe

C:\Windows\System\YJwTBni.exe

C:\Windows\System\YJwTBni.exe

C:\Windows\System\IwLWNyh.exe

C:\Windows\System\IwLWNyh.exe

C:\Windows\System\NMFHqUF.exe

C:\Windows\System\NMFHqUF.exe

C:\Windows\System\NeXAayE.exe

C:\Windows\System\NeXAayE.exe

C:\Windows\System\TDtLzBT.exe

C:\Windows\System\TDtLzBT.exe

C:\Windows\System\RkIxFuW.exe

C:\Windows\System\RkIxFuW.exe

C:\Windows\System\ZuvNPXL.exe

C:\Windows\System\ZuvNPXL.exe

C:\Windows\System\AtmhtYP.exe

C:\Windows\System\AtmhtYP.exe

C:\Windows\System\dOhaAfg.exe

C:\Windows\System\dOhaAfg.exe

C:\Windows\System\UsvOkUA.exe

C:\Windows\System\UsvOkUA.exe

C:\Windows\System\CbGDHpY.exe

C:\Windows\System\CbGDHpY.exe

C:\Windows\System\MvvRMeg.exe

C:\Windows\System\MvvRMeg.exe

C:\Windows\System\EyHDWRF.exe

C:\Windows\System\EyHDWRF.exe

C:\Windows\System\AZQbnkT.exe

C:\Windows\System\AZQbnkT.exe

C:\Windows\System\GEGVNoF.exe

C:\Windows\System\GEGVNoF.exe

C:\Windows\System\ADxjlwH.exe

C:\Windows\System\ADxjlwH.exe

C:\Windows\System\xXsPMhg.exe

C:\Windows\System\xXsPMhg.exe

C:\Windows\System\xzGENpw.exe

C:\Windows\System\xzGENpw.exe

C:\Windows\System\wvVcrLD.exe

C:\Windows\System\wvVcrLD.exe

C:\Windows\System\ugUOqdT.exe

C:\Windows\System\ugUOqdT.exe

C:\Windows\System\ZFMxWrV.exe

C:\Windows\System\ZFMxWrV.exe

C:\Windows\System\DaevHNL.exe

C:\Windows\System\DaevHNL.exe

C:\Windows\System\DErwLwF.exe

C:\Windows\System\DErwLwF.exe

C:\Windows\System\CKrweNC.exe

C:\Windows\System\CKrweNC.exe

C:\Windows\System\mkMMrGf.exe

C:\Windows\System\mkMMrGf.exe

C:\Windows\System\UVGnbeR.exe

C:\Windows\System\UVGnbeR.exe

C:\Windows\System\Jzmlqaz.exe

C:\Windows\System\Jzmlqaz.exe

C:\Windows\System\iPrlWfZ.exe

C:\Windows\System\iPrlWfZ.exe

C:\Windows\System\NptGmJT.exe

C:\Windows\System\NptGmJT.exe

C:\Windows\System\zCbBbFx.exe

C:\Windows\System\zCbBbFx.exe

C:\Windows\System\inpMLQw.exe

C:\Windows\System\inpMLQw.exe

C:\Windows\System\nWihPOo.exe

C:\Windows\System\nWihPOo.exe

C:\Windows\System\yQohBGv.exe

C:\Windows\System\yQohBGv.exe

C:\Windows\System\IpTiMYT.exe

C:\Windows\System\IpTiMYT.exe

C:\Windows\System\bSyObzJ.exe

C:\Windows\System\bSyObzJ.exe

C:\Windows\System\yJOSlqw.exe

C:\Windows\System\yJOSlqw.exe

C:\Windows\System\QBZvwPQ.exe

C:\Windows\System\QBZvwPQ.exe

C:\Windows\System\KnIjdtm.exe

C:\Windows\System\KnIjdtm.exe

C:\Windows\System\CbilpDj.exe

C:\Windows\System\CbilpDj.exe

C:\Windows\System\bmduRRV.exe

C:\Windows\System\bmduRRV.exe

C:\Windows\System\JilysPg.exe

C:\Windows\System\JilysPg.exe

C:\Windows\System\gLRBXTk.exe

C:\Windows\System\gLRBXTk.exe

C:\Windows\System\yanreiP.exe

C:\Windows\System\yanreiP.exe

C:\Windows\System\ycqHqwn.exe

C:\Windows\System\ycqHqwn.exe

C:\Windows\System\UVOrPGs.exe

C:\Windows\System\UVOrPGs.exe

C:\Windows\System\qtYhSkY.exe

C:\Windows\System\qtYhSkY.exe

C:\Windows\System\ijNICDV.exe

C:\Windows\System\ijNICDV.exe

C:\Windows\System\JmNkLeW.exe

C:\Windows\System\JmNkLeW.exe

C:\Windows\System\mEcqkZP.exe

C:\Windows\System\mEcqkZP.exe

C:\Windows\System\QMXUFuy.exe

C:\Windows\System\QMXUFuy.exe

C:\Windows\System\kjdCDbJ.exe

C:\Windows\System\kjdCDbJ.exe

C:\Windows\System\dlRCono.exe

C:\Windows\System\dlRCono.exe

C:\Windows\System\idJAADH.exe

C:\Windows\System\idJAADH.exe

C:\Windows\System\GbTpTqs.exe

C:\Windows\System\GbTpTqs.exe

C:\Windows\System\qXQBtyC.exe

C:\Windows\System\qXQBtyC.exe

C:\Windows\System\JYygAYO.exe

C:\Windows\System\JYygAYO.exe

C:\Windows\System\Kpgnori.exe

C:\Windows\System\Kpgnori.exe

C:\Windows\System\Dxrzujf.exe

C:\Windows\System\Dxrzujf.exe

C:\Windows\System\hlGWTWA.exe

C:\Windows\System\hlGWTWA.exe

C:\Windows\System\cOPyGLg.exe

C:\Windows\System\cOPyGLg.exe

C:\Windows\System\nYQQWFo.exe

C:\Windows\System\nYQQWFo.exe

C:\Windows\System\KRCyLHp.exe

C:\Windows\System\KRCyLHp.exe

C:\Windows\System\OrQpktH.exe

C:\Windows\System\OrQpktH.exe

C:\Windows\System\dZBkcAt.exe

C:\Windows\System\dZBkcAt.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/2428-0-0x00007FF753570000-0x00007FF7538C4000-memory.dmp

memory/2428-1-0x000002CAB36F0000-0x000002CAB3700000-memory.dmp

C:\Windows\System\kMghhdA.exe

MD5 4a6737ad2114b88537d61845a2d4396f
SHA1 328390fe302c85d30add4b796797bb120ef9244a
SHA256 3ad1f73762fb3dc75e7c0b9d634ce352a16e16c0383d0070291594725cc4579e
SHA512 7e42433882dbb36c76257148530d1ed946c91a50a431b11e75b12c1f65ae981461387db9b4319e3c546bb8529fb387152410965670e76e75d39ec6ffa434ba34

memory/3912-7-0x00007FF63B500000-0x00007FF63B854000-memory.dmp

C:\Windows\System\mppKCZC.exe

MD5 728a75f1880cae1a71c92759ba99ddc2
SHA1 5a095584072c9f79507544b9ab9e83d6767ef908
SHA256 3b0ad3fd050c5ec90bef72d670d5b7737513f67436631704e15e4b3f34036309
SHA512 f7963f4d3f206b5b144a6e6efa4a72171dde3d6add7cebfde2614ff7097ca1cd8fbcc5ddcf7cc80b10b96d32bc35fb4718303a9aba5926a894d9d64122897909

C:\Windows\System\jAlBOSR.exe

MD5 0f1a7f062d4174d9f1ce6f950e992934
SHA1 9ed404383ce0b1420dcb72bcabe3431bb3df1f92
SHA256 82fa97dd4f28bac0bf9928c6ff2e7ef6517ff65b1d1b496717bf9758482a7847
SHA512 025ace4a80d6c231222914ec5f6a64c566eebd34d2d9f8e974df740dc1801450fd94e3a69536063e5aefad3ea19f2e2543fd52bea06978c42578b7b361dc3d03

memory/4236-19-0x00007FF7A2EB0000-0x00007FF7A3204000-memory.dmp

memory/1920-23-0x00007FF729760000-0x00007FF729AB4000-memory.dmp

C:\Windows\System\MwIUaYI.exe

MD5 fbab7ce8de6dd38507c2bdba1e7c6fa8
SHA1 d1aa603d8964d83eeb0b9c540e41227bfa75f35f
SHA256 938d6452b1f624bababa7774da0ab65a0919240d7c41dcd262c8f9f6f158d5a9
SHA512 718e9b839d72a55b44ef1a48bcc4ddb11ffb88e784557a33073086ec6b5e961dc72f86891951477c3302e3168065bf6fad7deca04f790eecdbd806fe15870bfc

C:\Windows\System\VOBZLNn.exe

MD5 31cffd3e79c05970a0d6a538ba3d397c
SHA1 fd8227e37383381007ac9e6c9889c7a30e3dca8e
SHA256 785e4957e39967d9ec1d30ef3c67f57d128663fef1dfd92876cfbdcae162cbdc
SHA512 4f0be7346a0e2605e6574febecc54d245e13d1bc52b74b7e6d2c8c6e17c27ea6cc06fd307a68a149db0de5ad1986c0799efb49ef2a73b31bf24d65a2b70803ff

memory/2680-33-0x00007FF69A3B0000-0x00007FF69A704000-memory.dmp

memory/1852-35-0x00007FF626F90000-0x00007FF6272E4000-memory.dmp

memory/2072-37-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp

C:\Windows\System\eweVLGw.exe

MD5 094bcce4a7287e78dc052cf47a9db0ec
SHA1 b957ae8190ae1a4412b5220c7b7f95fdce06403c
SHA256 f7e5aae92e77e7f82ab2d33f7616cc6e5254816363cc285acbf0a0f58f00e378
SHA512 6338e2ac85d7a7cb3b2a2fb470486743de7998bbccf80f839492579a59c646af9e015c4bf76dc2104a90a8c89b0a7c2f704c5ed62a18db328494306b9d6068c7

C:\Windows\System\hcKheac.exe

MD5 304f47064d3bed5cedf4aed6f084f128
SHA1 25c118977730b044628814559c430485a9507282
SHA256 ed44bf07e744d0c304a9ff824ec09754a978515d9243f4f7d12bd860a2590dfd
SHA512 54c9f70371e326291238cd3de773012b74aaa1ef02c533eb574a9df1dfca0c47139e94c367468ea09cd366668e58d3443b60e87f0929a36cecfd9d4ea7a30917

memory/2208-48-0x00007FF784CF0000-0x00007FF785044000-memory.dmp

C:\Windows\System\FAkRbyP.exe

MD5 780f2f74086624e0c972516dfdb3ce8e
SHA1 ccf28841c62e0787581241ad2fdfbce31210fea8
SHA256 eac578e7cc72f94bb176dab2f90124861358d38dbaef5c70b2f201e5fd7c09dc
SHA512 909aaa752afae4c8233ed3699d98e4e4aaa9fe24770f70ee752bd15a2785451fce5839f167983c714f70ba7137912f3a9e075afdf34bb927af73c1ae2a781665

C:\Windows\System\WmMDDyS.exe

MD5 c3b89177cfaaef235604744d4213b641
SHA1 103d6a9fb08f536fc1260560bfd19fa69579950a
SHA256 e9244e797b7bdab2ab61e1e4abbc5f02dd2ad310b5d843285753ceb68a44d02c
SHA512 8bcd1aa7903e4aea92a1dac0e124d449472d2012d9a21a359f754b9dae3ca3808d8072ea120d9b86eab27ee6c9cb532d3e1238bfcce0f8a2bf645977538da2de

memory/3036-65-0x00007FF7F7480000-0x00007FF7F77D4000-memory.dmp

memory/2428-64-0x00007FF753570000-0x00007FF7538C4000-memory.dmp

C:\Windows\System\FSJVPvQ.exe

MD5 e5cfe94f9d643c0ac53a610446501d8c
SHA1 bccdf382122d02870191930a2940b2a54e9546e0
SHA256 4ca69d8775d47ea773723c31df1f65d2a29b884bf281ecdf6b01de4fa79c557b
SHA512 40414841370a30c154c3084bcba19c3df739c063adcbedf95cce687a410b4544763cb25751fcfaeeec0860ebf69994ec70969f9eb334af4d990ca2b7d3abfd8d

memory/2696-55-0x00007FF61CB50000-0x00007FF61CEA4000-memory.dmp

C:\Windows\System\RCSSlOY.exe

MD5 6daa4bc7a58dee8fcdb70e9276cf9090
SHA1 477abc0631044f13da2cc9bf46e762bdcc1075e3
SHA256 a39d6a761c54d6a16d37e35d05e51a625522a78a91420f6c19b767c9bc71648a
SHA512 8c1ac6f4b8a14e23b045cc3a63493a236da13f72c060ab69dbcb87c96da0e62d13a3a6c010960448865e1ee7aeefbe38b72af69ddc51611b3a781f6e4114335b

memory/3876-71-0x00007FF6A0120000-0x00007FF6A0474000-memory.dmp

C:\Windows\System\zeOPdli.exe

MD5 57257d76c2bfd80875b13ca44080f3f7
SHA1 f1445a8c4f41a3d62c98b79f8c3316e185e70a01
SHA256 6b7f11e4d2934e1a7aabf7b3272e186addc5bb4447e1b33ad6899090c5173468
SHA512 b0703a35155930527c0c1dfdb5a50c7ee71aa4f2575a4614ce79e1a53c034b04857330bb4658e4a7596789a1969798aa5fa03bc2cd05897541a34047fcdebc2c

C:\Windows\System\alOVbns.exe

MD5 cc425db82a73d35d71f1f38442627994
SHA1 d78429425bad39aeec5afad4bca1bb1f54be4e86
SHA256 5ba23c056b377ed2563dfce981a8f38375fc144c21d4f49e13c2fefe41a0c072
SHA512 009446150118aa1c819ce974bf5e7859a51aa03243d6c57fff3c7957f15ef772cb540567a29689caab0e6c78ea443ac9e45dff04297e519414a35fdfd025127d

C:\Windows\System\gjFmvmt.exe

MD5 9afa2716650de9f3fbc88fbd5a789eb4
SHA1 97b838acaaf5cfe1afdded464f591dabbdb4f1bc
SHA256 3d9a645149dc364d2a82d2291837693953489e61cc82afe1c4ab85108becba5f
SHA512 29e8076705c603ac9c793e196ef59b695e1c55c8a5c0fd610ddf8ecb24ba6323e24b9428ccfe34ce08253e39a2ff5994c21a252dfd3c5acd7de28f55c3877716

C:\Windows\System\kAKKnTn.exe

MD5 7245a4e50b4c198e16e4a78718c18fce
SHA1 f0789a00f3c145c451a60f6c0e72a140ec3d3e44
SHA256 8028ab37e2a41b9218eba70e2929675b228a9d8d6f712cb79ce09eb67fc66f04
SHA512 11c01281aa97220d71edab68501c886b008a05b98db29e205b13664b39e06101f63aa1748ed1df835c5de163a3e401d6703cac8bd87e3478ec87af148e9894a7

C:\Windows\System\IkNPxhf.exe

MD5 7f451d916d522a50906474dfb85de389
SHA1 f736485efa14e9ae28b7e7f5c5bd99c0074c3849
SHA256 32771c5104b95681b2d77e1b96c92d6fa74d886f21a6dfe5b9ef8644063e1fae
SHA512 56fa8b199a19aa97865d3eb2967347d3bee90cc05fb635009d67c3f39be448d96e4b4839fee0ba988916c5b027421b3d1191494cc1df49f2f8bd221d7529daeb

memory/656-103-0x00007FF7284B0000-0x00007FF728804000-memory.dmp

memory/1920-105-0x00007FF729760000-0x00007FF729AB4000-memory.dmp

memory/2144-107-0x00007FF70EB10000-0x00007FF70EE64000-memory.dmp

memory/4568-106-0x00007FF792770000-0x00007FF792AC4000-memory.dmp

memory/2388-104-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp

memory/2888-102-0x00007FF6EFBA0000-0x00007FF6EFEF4000-memory.dmp

memory/1172-100-0x00007FF7CBB10000-0x00007FF7CBE64000-memory.dmp

memory/2176-94-0x00007FF6BD010000-0x00007FF6BD364000-memory.dmp

C:\Windows\System\bTgmzJI.exe

MD5 86b7c2fc6b66ca2feb34fabef596a596
SHA1 278c8c7f0f7dbc7a1cc57b2a52c960edf339eb20
SHA256 08a9b5050de55603cf111684153cdfc8f8adad8774dbc2d1a470731ea3c5683b
SHA512 fd45169c992867a3fe944566c48217394555c442bbc4e3f500f33db3302c74d5ddc73d879e01f90f6625764c548b063c89ba9f17eb6c5d5418a54d4089261028

memory/3912-84-0x00007FF63B500000-0x00007FF63B854000-memory.dmp

C:\Windows\System\PtmIULu.exe

MD5 b00bddcee9bedc521d00607880c97695
SHA1 8c4b0289fe331ccef4741c317652f6919206dc53
SHA256 c71691732cd47234fae99d7411f49ff46f5ae392086d7158ca9942b36ee70e4d
SHA512 d72a5990f78b333f20735096dc190e93dfde556ad769bfb3264e537db53b1993efe36301f55e52229f8d476261221417a50ab85bd22c194a8dc1fd792f33f967

memory/2204-74-0x00007FF76DAF0000-0x00007FF76DE44000-memory.dmp

C:\Windows\System\eNiTeGB.exe

MD5 6b4fceeb7fdf69bfd9dca616fa6f282b
SHA1 0173bec582b7abcdf3bde162e5b8dba6061ce5e0
SHA256 a6222e07a26ccd13d244600383365149613379db51c1d22f0f624df91356efe5
SHA512 01bbb198ae11efcafe3d2653fa8fdde97b613325e0538d3dd661f9d29734711f6711707ecda7ebc5d4b9b616a0b419e112712e4fb60b6a00937bd4241bb5df2b

C:\Windows\System\VCjBmKL.exe

MD5 6bfcfb5e17212da2ed015c64f951c66b
SHA1 93302e3dca78d36b1c5ba956684a88c435745462
SHA256 5ee9008928cc87a7e4a581701abf4cf416de235ab20baf976015d668b5bbe57e
SHA512 dfe9a6bb19a8a5e89b0659679ce5f1edcd21b4757237a4549b169f27a89f12e31079bdadfd1bb6f4ab5fab54173280560915e1d8715c74f41b60a18e40afbb7a

C:\Windows\System\UdagYue.exe

MD5 8e22ddb323a4eb2a2748b9c626d5b21c
SHA1 e3580c0df7f4220ebcd87a4d58efccedfb1ff989
SHA256 2826afaf81364f0b6239ab82f7760ec69e29aee6e623346d517ba51612df9528
SHA512 a562d3b01ccbd8909c329d90abcc515e6de7c10ec1a4f9f39e4a24d76b27cd5ea4dbf58d7a9953aa7782a22cfebabab9c06d464a296aa50eb2a60709701cf9bc

C:\Windows\System\vTBAbmP.exe

MD5 ba83e3cb43894d0ccdb532fc3daaa3af
SHA1 b5e049937ba6e05d36379dd1b7098346da4a4ae5
SHA256 a983aa14da12703f2c82b25c43d57b724b776ff71bb89fa325f7ec9629fb8671
SHA512 176472cff45480b5bbfb6054b1cc1aafe004c1faa5540f7e56319067c7a5981a839fe6a157ed6e5b985c457046012627d9823f272bcb4f0e4712752659bc96ee

C:\Windows\System\vhZGdtA.exe

MD5 a489d94a2824960f00932315b3407913
SHA1 529e028841fa6f6cac8c673e4f9825ecd5e141ca
SHA256 1a4fed2ccd007adf24a56f81f731c48e6ed60336be63d57a29999e29501f2226
SHA512 ca8a83b031759557f9587b3b51bea716d0847a0d2050bdd5b14b2754f50025da11877e5272e558429504cfaefd44a4596448460a6def9210980dd3160c186e89

C:\Windows\System\ZbXVUOY.exe

MD5 acbdabf9e2cad0baf959da0a1f7eb488
SHA1 ffca216492a51875c23c38f2b863f26a9f1f187c
SHA256 b08a000897fdb4fb6cc477c4744d9dc0a3e6e1263f1ed26ac89f93466b1fc12a
SHA512 f9219424a65e589f4caed2e45a099b5773b0a3b4dc84df0734a46079178d73161c4e22191a18d7ef9aea59487e788bf3d2cee44ac02c65660c4cb63375b087bd

C:\Windows\System\nZMTurA.exe

MD5 e065988fb4d209408ecc41eb15388d6c
SHA1 539aeaefbd72fde25161e02dc220b8caab0fcca4
SHA256 0eb7a4874c9178f97f74da8ec19406efcdf9c633e17df581a0ba71a11cfc8d7d
SHA512 7e8931e8c7ed6556d474f9dd8bbb98045eacfe396dae0cb487597aaeda2b39622bd737fef723dbccc284d9dfe7b05a25eef63bf4e07d7e735b5803b7693af4d2

C:\Windows\System\hjUCOGs.exe

MD5 c9be23a9d1dbfdb99e14dcd096e18ded
SHA1 a95086e3688d5fa16b5f656aebcdf9e3ccdacf59
SHA256 e58c1e076308646320d690298c95a02e3531cc50c1c2486ae68f6222894bb4ed
SHA512 e4572ce406d2cf8bcdd7bebc73855e36ca6d9a93603189083b1f8eac45789050beecc1e39c87fa62ca0732d8b290e1a3f52298ad6179d5ba92fec97fdc4b819f

C:\Windows\System\fCnRCoX.exe

MD5 dede00022701007f9abf463f9f181a0f
SHA1 2d21e1f671e35cf1f25205683e71252d27b2ac17
SHA256 9b4f518ab7cd30f50bfa8e27d247b2accd8959ac36e91606e334d32b5e9474c8
SHA512 3a04d57e8490a0ca5ba65edb6483067d577bb555b9f7012aa3a4f086dc59b0e3acde26ebdd8919a649f9bf80229d9f5794271b8c1e4aaba945fe1df012a3643d

memory/452-185-0x00007FF6D2540000-0x00007FF6D2894000-memory.dmp

C:\Windows\System\TsTSUqa.exe

MD5 47543bd72cec637d1c612d681bbb61e4
SHA1 a5b79a7666f92bcf65bec9960a982e3058f5108a
SHA256 d58468decaab4dc5a9c80f85a025cec4fe176491c92663757c30e07d427eb35e
SHA512 fb5f22a30c23995b9b6a43fe1d1a31edf080ffe687ceda316b9ad9e36f8f5f8df9ab3961a49c843f4efbf4696ddc3bb0e68b3e8656129cfa893d5119db57cc69

memory/1300-192-0x00007FF69D2F0000-0x00007FF69D644000-memory.dmp

memory/2696-195-0x00007FF61CB50000-0x00007FF61CEA4000-memory.dmp

memory/2712-194-0x00007FF78EE90000-0x00007FF78F1E4000-memory.dmp

memory/4968-193-0x00007FF6D59B0000-0x00007FF6D5D04000-memory.dmp

C:\Windows\System\YlxaqWT.exe

MD5 a692f3195114ce16d10324140dfdfffb
SHA1 8973d917db4ba2c8c0969820452841176ee1eb64
SHA256 64e325dc4a7a3eba636c58c32b123cfb29a1a11fa51755ef0c76a85eed773a4a
SHA512 712e2d87c85a08fcdfdc6aaf85e0563ac1be86871a0a3b5f3efb97f6be8189ecb0e40d52e9e52686465ec41da54168fdf3c266973c69fcedc933e99aa67bf3c8

memory/4400-187-0x00007FF6F4F70000-0x00007FF6F52C4000-memory.dmp

memory/2604-186-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp

memory/3984-180-0x00007FF7E6400000-0x00007FF7E6754000-memory.dmp

C:\Windows\System\bcQVgZP.exe

MD5 72b7a0fab310950c1d64e002446e7ed2
SHA1 6286e92231e84ecdc10e9c0c92eac93d37885fb3
SHA256 0cc27f9a723082453224cc1852b24049be4946b693516a508b372932335f3e3e
SHA512 48f27958d131d00ffb46cb8c8b283356f957edd900e820b33eb918d3bbfe0bbedc37876f6b2c08d2a132948342e3e0c8e27f605267d31cd01966da2fc51bc916

memory/4196-169-0x00007FF6BB660000-0x00007FF6BB9B4000-memory.dmp

memory/2364-166-0x00007FF65DCC0000-0x00007FF65E014000-memory.dmp

memory/2108-153-0x00007FF76B4A0000-0x00007FF76B7F4000-memory.dmp

C:\Windows\System\KcFcbQI.exe

MD5 e916a72547dc5ab9665758624c12cc2d
SHA1 0a4204fdc9927a026abd67f9fb40348be13ca3f6
SHA256 95c5a97271e7b260b031894785b7d00912597f916cf95124d7c402e88e8b499b
SHA512 75be7c5db84f2d583f6c3cdda6f26db2d8fa446f6fc1e0f9bab23f47152ec379315e152a34a6a4c9e87e1e91b8903bb927856c692dbeb0e1908631a155e1ae9b

C:\Windows\System\pPVqLvM.exe

MD5 a4e6f63aad89716ed076a296da15babb
SHA1 3039e2b4b45665b1444a4c527c529bb03ea9d227
SHA256 273482c0eda0a603f9b96312b36968cee70407edd729ae7fac56e6ef5eb5aaa4
SHA512 daff71ea4c27d62092cee61c0977b26e7440b3cc7c1f6721f62aa68e4c0d0eea693c5c219a4bc069d8e0c65ea579eea195f76a34aa7b43e76da8f2a9254571cd

memory/1444-133-0x00007FF71E250000-0x00007FF71E5A4000-memory.dmp

memory/2072-629-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp

memory/3912-1075-0x00007FF63B500000-0x00007FF63B854000-memory.dmp

memory/4236-1076-0x00007FF7A2EB0000-0x00007FF7A3204000-memory.dmp

memory/1920-1077-0x00007FF729760000-0x00007FF729AB4000-memory.dmp

memory/2680-1078-0x00007FF69A3B0000-0x00007FF69A704000-memory.dmp

memory/1852-1079-0x00007FF626F90000-0x00007FF6272E4000-memory.dmp

memory/2072-1080-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp

memory/2208-1081-0x00007FF784CF0000-0x00007FF785044000-memory.dmp

memory/2696-1082-0x00007FF61CB50000-0x00007FF61CEA4000-memory.dmp

memory/3036-1083-0x00007FF7F7480000-0x00007FF7F77D4000-memory.dmp

memory/3876-1084-0x00007FF6A0120000-0x00007FF6A0474000-memory.dmp

memory/2176-1085-0x00007FF6BD010000-0x00007FF6BD364000-memory.dmp

memory/2204-1086-0x00007FF76DAF0000-0x00007FF76DE44000-memory.dmp

memory/656-1087-0x00007FF7284B0000-0x00007FF728804000-memory.dmp

memory/2888-1088-0x00007FF6EFBA0000-0x00007FF6EFEF4000-memory.dmp

memory/1172-1089-0x00007FF7CBB10000-0x00007FF7CBE64000-memory.dmp

memory/2388-1090-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp

memory/4568-1092-0x00007FF792770000-0x00007FF792AC4000-memory.dmp

memory/2144-1091-0x00007FF70EB10000-0x00007FF70EE64000-memory.dmp

memory/1444-1093-0x00007FF71E250000-0x00007FF71E5A4000-memory.dmp

memory/2108-1094-0x00007FF76B4A0000-0x00007FF76B7F4000-memory.dmp

memory/4196-1097-0x00007FF6BB660000-0x00007FF6BB9B4000-memory.dmp

memory/3984-1096-0x00007FF7E6400000-0x00007FF7E6754000-memory.dmp

memory/2364-1095-0x00007FF65DCC0000-0x00007FF65E014000-memory.dmp

memory/452-1099-0x00007FF6D2540000-0x00007FF6D2894000-memory.dmp

memory/2604-1101-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp

memory/2712-1100-0x00007FF78EE90000-0x00007FF78F1E4000-memory.dmp

memory/4400-1102-0x00007FF6F4F70000-0x00007FF6F52C4000-memory.dmp

memory/1300-1098-0x00007FF69D2F0000-0x00007FF69D644000-memory.dmp

memory/4968-1103-0x00007FF6D59B0000-0x00007FF6D5D04000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 13:57

Reported

2024-06-01 13:59

Platform

win7-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RSrlqht.exe N/A
N/A N/A C:\Windows\System\BvRgUGb.exe N/A
N/A N/A C:\Windows\System\gqYlBef.exe N/A
N/A N/A C:\Windows\System\ohesEGa.exe N/A
N/A N/A C:\Windows\System\VkbMnsD.exe N/A
N/A N/A C:\Windows\System\IUDqXUb.exe N/A
N/A N/A C:\Windows\System\amjfazp.exe N/A
N/A N/A C:\Windows\System\ytFhlFS.exe N/A
N/A N/A C:\Windows\System\NIAPsmU.exe N/A
N/A N/A C:\Windows\System\fSUvIZJ.exe N/A
N/A N/A C:\Windows\System\UjRtZxu.exe N/A
N/A N/A C:\Windows\System\YALdUdm.exe N/A
N/A N/A C:\Windows\System\UgFxwwz.exe N/A
N/A N/A C:\Windows\System\NphtjRt.exe N/A
N/A N/A C:\Windows\System\CVIIAKC.exe N/A
N/A N/A C:\Windows\System\RJFFkVI.exe N/A
N/A N/A C:\Windows\System\woLrwnA.exe N/A
N/A N/A C:\Windows\System\QyAJswg.exe N/A
N/A N/A C:\Windows\System\HrpDTqu.exe N/A
N/A N/A C:\Windows\System\pDfJBQI.exe N/A
N/A N/A C:\Windows\System\EhwjIEy.exe N/A
N/A N/A C:\Windows\System\ClySvFg.exe N/A
N/A N/A C:\Windows\System\dtFZcOx.exe N/A
N/A N/A C:\Windows\System\ExiXtuI.exe N/A
N/A N/A C:\Windows\System\xPRbooo.exe N/A
N/A N/A C:\Windows\System\yZlYpaJ.exe N/A
N/A N/A C:\Windows\System\dJzgEUj.exe N/A
N/A N/A C:\Windows\System\lohNAdn.exe N/A
N/A N/A C:\Windows\System\QIhGamk.exe N/A
N/A N/A C:\Windows\System\drkJnlT.exe N/A
N/A N/A C:\Windows\System\nbhTium.exe N/A
N/A N/A C:\Windows\System\jPybweD.exe N/A
N/A N/A C:\Windows\System\nZbzmPQ.exe N/A
N/A N/A C:\Windows\System\xICCsYt.exe N/A
N/A N/A C:\Windows\System\tsfvZoI.exe N/A
N/A N/A C:\Windows\System\ocjbeWv.exe N/A
N/A N/A C:\Windows\System\mclLpti.exe N/A
N/A N/A C:\Windows\System\HfEnnfn.exe N/A
N/A N/A C:\Windows\System\njzaDDm.exe N/A
N/A N/A C:\Windows\System\hDctMlO.exe N/A
N/A N/A C:\Windows\System\IgaUpWP.exe N/A
N/A N/A C:\Windows\System\yVaGOwd.exe N/A
N/A N/A C:\Windows\System\xLIRtZz.exe N/A
N/A N/A C:\Windows\System\Wtmbzdh.exe N/A
N/A N/A C:\Windows\System\qMfOEsV.exe N/A
N/A N/A C:\Windows\System\UaNizac.exe N/A
N/A N/A C:\Windows\System\bxBVFdQ.exe N/A
N/A N/A C:\Windows\System\HXUomBJ.exe N/A
N/A N/A C:\Windows\System\CcfNqsI.exe N/A
N/A N/A C:\Windows\System\UGkyEqh.exe N/A
N/A N/A C:\Windows\System\OjloipG.exe N/A
N/A N/A C:\Windows\System\VvCNBfH.exe N/A
N/A N/A C:\Windows\System\PVulmve.exe N/A
N/A N/A C:\Windows\System\zsUYlaZ.exe N/A
N/A N/A C:\Windows\System\ipRPATA.exe N/A
N/A N/A C:\Windows\System\OWjwJLh.exe N/A
N/A N/A C:\Windows\System\SsidWHu.exe N/A
N/A N/A C:\Windows\System\RLXkCJm.exe N/A
N/A N/A C:\Windows\System\jsLKUxR.exe N/A
N/A N/A C:\Windows\System\FljwYjp.exe N/A
N/A N/A C:\Windows\System\rCgFvrF.exe N/A
N/A N/A C:\Windows\System\rPcOucv.exe N/A
N/A N/A C:\Windows\System\TTysVkV.exe N/A
N/A N/A C:\Windows\System\KZFJIgq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ClySvFg.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvRuVSi.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQVwobK.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTeBmQx.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMHfWRJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\fONXqQS.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZElslbh.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpvKqqZ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPybweD.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvBDwbD.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsGOgoQ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfLcKud.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\Czfmlcr.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsUYlaZ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\rBmIEdK.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDUKwec.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ToPuVek.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsBipge.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnnJeZh.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwfAbiV.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\SWwpIGA.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\drkJnlT.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcpCAAM.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhRMpHi.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcFThlw.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\wjjFjsY.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\NIAPsmU.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\HfEnnfn.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcfNqsI.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbsJSoV.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\NXNBdZv.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtQulMD.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQkWTPs.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWjwJLh.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJXNVWR.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\pkLNaBP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACORXAa.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\bsCRsJE.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFrECoy.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtFZcOx.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjloipG.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvfBmvJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfTojHV.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\deqpYIc.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTJwnXo.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\dxOkSNv.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZTamGU.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgFxwwz.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\swqSCIY.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPphThZ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsTQNPP.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvGwgUW.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXUKZvY.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwhJEbE.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGkyEqh.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAwheOT.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNmVKpF.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCSrGKw.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\NphtjRt.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\KZFJIgq.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtLqVAV.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\XihkvoJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocywkjJ.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfIvmaO.exe C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2480 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RSrlqht.exe
PID 2480 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RSrlqht.exe
PID 2480 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RSrlqht.exe
PID 2480 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\gqYlBef.exe
PID 2480 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\gqYlBef.exe
PID 2480 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\gqYlBef.exe
PID 2480 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\BvRgUGb.exe
PID 2480 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\BvRgUGb.exe
PID 2480 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\BvRgUGb.exe
PID 2480 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ohesEGa.exe
PID 2480 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ohesEGa.exe
PID 2480 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ohesEGa.exe
PID 2480 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VkbMnsD.exe
PID 2480 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VkbMnsD.exe
PID 2480 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\VkbMnsD.exe
PID 2480 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\IUDqXUb.exe
PID 2480 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\IUDqXUb.exe
PID 2480 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\IUDqXUb.exe
PID 2480 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\amjfazp.exe
PID 2480 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\amjfazp.exe
PID 2480 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\amjfazp.exe
PID 2480 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ytFhlFS.exe
PID 2480 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ytFhlFS.exe
PID 2480 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ytFhlFS.exe
PID 2480 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NIAPsmU.exe
PID 2480 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NIAPsmU.exe
PID 2480 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NIAPsmU.exe
PID 2480 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\fSUvIZJ.exe
PID 2480 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\fSUvIZJ.exe
PID 2480 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\fSUvIZJ.exe
PID 2480 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UjRtZxu.exe
PID 2480 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UjRtZxu.exe
PID 2480 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UjRtZxu.exe
PID 2480 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\YALdUdm.exe
PID 2480 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\YALdUdm.exe
PID 2480 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\YALdUdm.exe
PID 2480 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UgFxwwz.exe
PID 2480 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UgFxwwz.exe
PID 2480 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\UgFxwwz.exe
PID 2480 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NphtjRt.exe
PID 2480 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NphtjRt.exe
PID 2480 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\NphtjRt.exe
PID 2480 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\CVIIAKC.exe
PID 2480 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\CVIIAKC.exe
PID 2480 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\CVIIAKC.exe
PID 2480 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RJFFkVI.exe
PID 2480 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RJFFkVI.exe
PID 2480 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\RJFFkVI.exe
PID 2480 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\woLrwnA.exe
PID 2480 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\woLrwnA.exe
PID 2480 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\woLrwnA.exe
PID 2480 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\QyAJswg.exe
PID 2480 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\QyAJswg.exe
PID 2480 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\QyAJswg.exe
PID 2480 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\HrpDTqu.exe
PID 2480 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\HrpDTqu.exe
PID 2480 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\HrpDTqu.exe
PID 2480 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\pDfJBQI.exe
PID 2480 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\pDfJBQI.exe
PID 2480 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\pDfJBQI.exe
PID 2480 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\EhwjIEy.exe
PID 2480 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\EhwjIEy.exe
PID 2480 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\EhwjIEy.exe
PID 2480 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe C:\Windows\System\ClySvFg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fced17de18ed78c3ae4132d049572350_NeikiAnalytics.exe"

C:\Windows\System\RSrlqht.exe

C:\Windows\System\RSrlqht.exe

C:\Windows\System\gqYlBef.exe

C:\Windows\System\gqYlBef.exe

C:\Windows\System\BvRgUGb.exe

C:\Windows\System\BvRgUGb.exe

C:\Windows\System\ohesEGa.exe

C:\Windows\System\ohesEGa.exe

C:\Windows\System\VkbMnsD.exe

C:\Windows\System\VkbMnsD.exe

C:\Windows\System\IUDqXUb.exe

C:\Windows\System\IUDqXUb.exe

C:\Windows\System\amjfazp.exe

C:\Windows\System\amjfazp.exe

C:\Windows\System\ytFhlFS.exe

C:\Windows\System\ytFhlFS.exe

C:\Windows\System\NIAPsmU.exe

C:\Windows\System\NIAPsmU.exe

C:\Windows\System\fSUvIZJ.exe

C:\Windows\System\fSUvIZJ.exe

C:\Windows\System\UjRtZxu.exe

C:\Windows\System\UjRtZxu.exe

C:\Windows\System\YALdUdm.exe

C:\Windows\System\YALdUdm.exe

C:\Windows\System\UgFxwwz.exe

C:\Windows\System\UgFxwwz.exe

C:\Windows\System\NphtjRt.exe

C:\Windows\System\NphtjRt.exe

C:\Windows\System\CVIIAKC.exe

C:\Windows\System\CVIIAKC.exe

C:\Windows\System\RJFFkVI.exe

C:\Windows\System\RJFFkVI.exe

C:\Windows\System\woLrwnA.exe

C:\Windows\System\woLrwnA.exe

C:\Windows\System\QyAJswg.exe

C:\Windows\System\QyAJswg.exe

C:\Windows\System\HrpDTqu.exe

C:\Windows\System\HrpDTqu.exe

C:\Windows\System\pDfJBQI.exe

C:\Windows\System\pDfJBQI.exe

C:\Windows\System\EhwjIEy.exe

C:\Windows\System\EhwjIEy.exe

C:\Windows\System\ClySvFg.exe

C:\Windows\System\ClySvFg.exe

C:\Windows\System\dtFZcOx.exe

C:\Windows\System\dtFZcOx.exe

C:\Windows\System\ExiXtuI.exe

C:\Windows\System\ExiXtuI.exe

C:\Windows\System\xPRbooo.exe

C:\Windows\System\xPRbooo.exe

C:\Windows\System\yZlYpaJ.exe

C:\Windows\System\yZlYpaJ.exe

C:\Windows\System\dJzgEUj.exe

C:\Windows\System\dJzgEUj.exe

C:\Windows\System\lohNAdn.exe

C:\Windows\System\lohNAdn.exe

C:\Windows\System\QIhGamk.exe

C:\Windows\System\QIhGamk.exe

C:\Windows\System\drkJnlT.exe

C:\Windows\System\drkJnlT.exe

C:\Windows\System\nbhTium.exe

C:\Windows\System\nbhTium.exe

C:\Windows\System\jPybweD.exe

C:\Windows\System\jPybweD.exe

C:\Windows\System\nZbzmPQ.exe

C:\Windows\System\nZbzmPQ.exe

C:\Windows\System\xICCsYt.exe

C:\Windows\System\xICCsYt.exe

C:\Windows\System\tsfvZoI.exe

C:\Windows\System\tsfvZoI.exe

C:\Windows\System\ocjbeWv.exe

C:\Windows\System\ocjbeWv.exe

C:\Windows\System\mclLpti.exe

C:\Windows\System\mclLpti.exe

C:\Windows\System\HfEnnfn.exe

C:\Windows\System\HfEnnfn.exe

C:\Windows\System\njzaDDm.exe

C:\Windows\System\njzaDDm.exe

C:\Windows\System\hDctMlO.exe

C:\Windows\System\hDctMlO.exe

C:\Windows\System\IgaUpWP.exe

C:\Windows\System\IgaUpWP.exe

C:\Windows\System\yVaGOwd.exe

C:\Windows\System\yVaGOwd.exe

C:\Windows\System\xLIRtZz.exe

C:\Windows\System\xLIRtZz.exe

C:\Windows\System\Wtmbzdh.exe

C:\Windows\System\Wtmbzdh.exe

C:\Windows\System\qMfOEsV.exe

C:\Windows\System\qMfOEsV.exe

C:\Windows\System\UaNizac.exe

C:\Windows\System\UaNizac.exe

C:\Windows\System\bxBVFdQ.exe

C:\Windows\System\bxBVFdQ.exe

C:\Windows\System\HXUomBJ.exe

C:\Windows\System\HXUomBJ.exe

C:\Windows\System\CcfNqsI.exe

C:\Windows\System\CcfNqsI.exe

C:\Windows\System\UGkyEqh.exe

C:\Windows\System\UGkyEqh.exe

C:\Windows\System\OjloipG.exe

C:\Windows\System\OjloipG.exe

C:\Windows\System\VvCNBfH.exe

C:\Windows\System\VvCNBfH.exe

C:\Windows\System\PVulmve.exe

C:\Windows\System\PVulmve.exe

C:\Windows\System\zsUYlaZ.exe

C:\Windows\System\zsUYlaZ.exe

C:\Windows\System\ipRPATA.exe

C:\Windows\System\ipRPATA.exe

C:\Windows\System\OWjwJLh.exe

C:\Windows\System\OWjwJLh.exe

C:\Windows\System\SsidWHu.exe

C:\Windows\System\SsidWHu.exe

C:\Windows\System\RLXkCJm.exe

C:\Windows\System\RLXkCJm.exe

C:\Windows\System\jsLKUxR.exe

C:\Windows\System\jsLKUxR.exe

C:\Windows\System\FljwYjp.exe

C:\Windows\System\FljwYjp.exe

C:\Windows\System\rCgFvrF.exe

C:\Windows\System\rCgFvrF.exe

C:\Windows\System\rPcOucv.exe

C:\Windows\System\rPcOucv.exe

C:\Windows\System\TTysVkV.exe

C:\Windows\System\TTysVkV.exe

C:\Windows\System\KZFJIgq.exe

C:\Windows\System\KZFJIgq.exe

C:\Windows\System\caHyrDj.exe

C:\Windows\System\caHyrDj.exe

C:\Windows\System\AbsJSoV.exe

C:\Windows\System\AbsJSoV.exe

C:\Windows\System\mvfBmvJ.exe

C:\Windows\System\mvfBmvJ.exe

C:\Windows\System\zwtnIkX.exe

C:\Windows\System\zwtnIkX.exe

C:\Windows\System\HRtIKTp.exe

C:\Windows\System\HRtIKTp.exe

C:\Windows\System\HEaaPDC.exe

C:\Windows\System\HEaaPDC.exe

C:\Windows\System\CtLqVAV.exe

C:\Windows\System\CtLqVAV.exe

C:\Windows\System\XhUngSt.exe

C:\Windows\System\XhUngSt.exe

C:\Windows\System\jiXhQRW.exe

C:\Windows\System\jiXhQRW.exe

C:\Windows\System\eXcZjFD.exe

C:\Windows\System\eXcZjFD.exe

C:\Windows\System\zIuIoiZ.exe

C:\Windows\System\zIuIoiZ.exe

C:\Windows\System\aitmKhC.exe

C:\Windows\System\aitmKhC.exe

C:\Windows\System\LxRWzqV.exe

C:\Windows\System\LxRWzqV.exe

C:\Windows\System\KROsVzS.exe

C:\Windows\System\KROsVzS.exe

C:\Windows\System\YcpCAAM.exe

C:\Windows\System\YcpCAAM.exe

C:\Windows\System\bkKXuZF.exe

C:\Windows\System\bkKXuZF.exe

C:\Windows\System\XihkvoJ.exe

C:\Windows\System\XihkvoJ.exe

C:\Windows\System\eWEVmhl.exe

C:\Windows\System\eWEVmhl.exe

C:\Windows\System\IzROngJ.exe

C:\Windows\System\IzROngJ.exe

C:\Windows\System\umeBByT.exe

C:\Windows\System\umeBByT.exe

C:\Windows\System\rvRuVSi.exe

C:\Windows\System\rvRuVSi.exe

C:\Windows\System\VfrldDr.exe

C:\Windows\System\VfrldDr.exe

C:\Windows\System\tnnMeGO.exe

C:\Windows\System\tnnMeGO.exe

C:\Windows\System\ocywkjJ.exe

C:\Windows\System\ocywkjJ.exe

C:\Windows\System\wwGlPeS.exe

C:\Windows\System\wwGlPeS.exe

C:\Windows\System\UGqyiif.exe

C:\Windows\System\UGqyiif.exe

C:\Windows\System\rBmIEdK.exe

C:\Windows\System\rBmIEdK.exe

C:\Windows\System\wlpylss.exe

C:\Windows\System\wlpylss.exe

C:\Windows\System\ZElslbh.exe

C:\Windows\System\ZElslbh.exe

C:\Windows\System\jDsUsDh.exe

C:\Windows\System\jDsUsDh.exe

C:\Windows\System\EsjUwDo.exe

C:\Windows\System\EsjUwDo.exe

C:\Windows\System\GomoxfO.exe

C:\Windows\System\GomoxfO.exe

C:\Windows\System\LYEApxM.exe

C:\Windows\System\LYEApxM.exe

C:\Windows\System\XQVwobK.exe

C:\Windows\System\XQVwobK.exe

C:\Windows\System\gnnJeZh.exe

C:\Windows\System\gnnJeZh.exe

C:\Windows\System\UVQKPwm.exe

C:\Windows\System\UVQKPwm.exe

C:\Windows\System\rbvzgrJ.exe

C:\Windows\System\rbvzgrJ.exe

C:\Windows\System\GOhPdhj.exe

C:\Windows\System\GOhPdhj.exe

C:\Windows\System\iimkGha.exe

C:\Windows\System\iimkGha.exe

C:\Windows\System\hCqRVzz.exe

C:\Windows\System\hCqRVzz.exe

C:\Windows\System\OKlocuo.exe

C:\Windows\System\OKlocuo.exe

C:\Windows\System\wHaDtOx.exe

C:\Windows\System\wHaDtOx.exe

C:\Windows\System\wiJgNsL.exe

C:\Windows\System\wiJgNsL.exe

C:\Windows\System\EvXedWJ.exe

C:\Windows\System\EvXedWJ.exe

C:\Windows\System\GEWyOju.exe

C:\Windows\System\GEWyOju.exe

C:\Windows\System\gfdchup.exe

C:\Windows\System\gfdchup.exe

C:\Windows\System\BibLuvI.exe

C:\Windows\System\BibLuvI.exe

C:\Windows\System\EkVGJzz.exe

C:\Windows\System\EkVGJzz.exe

C:\Windows\System\pAizXcP.exe

C:\Windows\System\pAizXcP.exe

C:\Windows\System\fxyxRUw.exe

C:\Windows\System\fxyxRUw.exe

C:\Windows\System\ADLJZbk.exe

C:\Windows\System\ADLJZbk.exe

C:\Windows\System\zgiCrVc.exe

C:\Windows\System\zgiCrVc.exe

C:\Windows\System\tsTQNPP.exe

C:\Windows\System\tsTQNPP.exe

C:\Windows\System\uhRMpHi.exe

C:\Windows\System\uhRMpHi.exe

C:\Windows\System\gTeBmQx.exe

C:\Windows\System\gTeBmQx.exe

C:\Windows\System\LLRDPAO.exe

C:\Windows\System\LLRDPAO.exe

C:\Windows\System\shaqoaM.exe

C:\Windows\System\shaqoaM.exe

C:\Windows\System\qmUSDYN.exe

C:\Windows\System\qmUSDYN.exe

C:\Windows\System\pitmhAd.exe

C:\Windows\System\pitmhAd.exe

C:\Windows\System\mvGwgUW.exe

C:\Windows\System\mvGwgUW.exe

C:\Windows\System\KqSwEsk.exe

C:\Windows\System\KqSwEsk.exe

C:\Windows\System\AfTojHV.exe

C:\Windows\System\AfTojHV.exe

C:\Windows\System\cOxCAcR.exe

C:\Windows\System\cOxCAcR.exe

C:\Windows\System\tDBleIq.exe

C:\Windows\System\tDBleIq.exe

C:\Windows\System\deqpYIc.exe

C:\Windows\System\deqpYIc.exe

C:\Windows\System\vXUKZvY.exe

C:\Windows\System\vXUKZvY.exe

C:\Windows\System\OBBhpca.exe

C:\Windows\System\OBBhpca.exe

C:\Windows\System\EXvffRI.exe

C:\Windows\System\EXvffRI.exe

C:\Windows\System\EhfxlvO.exe

C:\Windows\System\EhfxlvO.exe

C:\Windows\System\IxQzrdg.exe

C:\Windows\System\IxQzrdg.exe

C:\Windows\System\PwFTEex.exe

C:\Windows\System\PwFTEex.exe

C:\Windows\System\cvZYXxZ.exe

C:\Windows\System\cvZYXxZ.exe

C:\Windows\System\nowIrST.exe

C:\Windows\System\nowIrST.exe

C:\Windows\System\cDUKwec.exe

C:\Windows\System\cDUKwec.exe

C:\Windows\System\VEryoLy.exe

C:\Windows\System\VEryoLy.exe

C:\Windows\System\axtgXAi.exe

C:\Windows\System\axtgXAi.exe

C:\Windows\System\uJVUXJN.exe

C:\Windows\System\uJVUXJN.exe

C:\Windows\System\RTJwnXo.exe

C:\Windows\System\RTJwnXo.exe

C:\Windows\System\qQjNbdl.exe

C:\Windows\System\qQjNbdl.exe

C:\Windows\System\seUdVps.exe

C:\Windows\System\seUdVps.exe

C:\Windows\System\rpBqJIX.exe

C:\Windows\System\rpBqJIX.exe

C:\Windows\System\nANCkDn.exe

C:\Windows\System\nANCkDn.exe

C:\Windows\System\cqFEgeq.exe

C:\Windows\System\cqFEgeq.exe

C:\Windows\System\QiYPLMa.exe

C:\Windows\System\QiYPLMa.exe

C:\Windows\System\pMySAgI.exe

C:\Windows\System\pMySAgI.exe

C:\Windows\System\QGmKzrp.exe

C:\Windows\System\QGmKzrp.exe

C:\Windows\System\jlPBEkP.exe

C:\Windows\System\jlPBEkP.exe

C:\Windows\System\HVudggU.exe

C:\Windows\System\HVudggU.exe

C:\Windows\System\xKywBng.exe

C:\Windows\System\xKywBng.exe

C:\Windows\System\FGfgPbr.exe

C:\Windows\System\FGfgPbr.exe

C:\Windows\System\UNIMuCy.exe

C:\Windows\System\UNIMuCy.exe

C:\Windows\System\nrYpZaJ.exe

C:\Windows\System\nrYpZaJ.exe

C:\Windows\System\NXNBdZv.exe

C:\Windows\System\NXNBdZv.exe

C:\Windows\System\efZhtbv.exe

C:\Windows\System\efZhtbv.exe

C:\Windows\System\myDGRuW.exe

C:\Windows\System\myDGRuW.exe

C:\Windows\System\jcuIoKL.exe

C:\Windows\System\jcuIoKL.exe

C:\Windows\System\IbgsDRn.exe

C:\Windows\System\IbgsDRn.exe

C:\Windows\System\cnLKBhV.exe

C:\Windows\System\cnLKBhV.exe

C:\Windows\System\FwfAbiV.exe

C:\Windows\System\FwfAbiV.exe

C:\Windows\System\SirvPEx.exe

C:\Windows\System\SirvPEx.exe

C:\Windows\System\cLFcUBn.exe

C:\Windows\System\cLFcUBn.exe

C:\Windows\System\fFPVGmg.exe

C:\Windows\System\fFPVGmg.exe

C:\Windows\System\harbsNW.exe

C:\Windows\System\harbsNW.exe

C:\Windows\System\nkwwbuL.exe

C:\Windows\System\nkwwbuL.exe

C:\Windows\System\Yddenoy.exe

C:\Windows\System\Yddenoy.exe

C:\Windows\System\dxOkSNv.exe

C:\Windows\System\dxOkSNv.exe

C:\Windows\System\uHvvmzx.exe

C:\Windows\System\uHvvmzx.exe

C:\Windows\System\meuPVqV.exe

C:\Windows\System\meuPVqV.exe

C:\Windows\System\KYYNIaJ.exe

C:\Windows\System\KYYNIaJ.exe

C:\Windows\System\pFrECoy.exe

C:\Windows\System\pFrECoy.exe

C:\Windows\System\QEGbLXE.exe

C:\Windows\System\QEGbLXE.exe

C:\Windows\System\FvnnVGX.exe

C:\Windows\System\FvnnVGX.exe

C:\Windows\System\phjWmfL.exe

C:\Windows\System\phjWmfL.exe

C:\Windows\System\qfIvmaO.exe

C:\Windows\System\qfIvmaO.exe

C:\Windows\System\KFtlxCo.exe

C:\Windows\System\KFtlxCo.exe

C:\Windows\System\NScwXeR.exe

C:\Windows\System\NScwXeR.exe

C:\Windows\System\OvBDwbD.exe

C:\Windows\System\OvBDwbD.exe

C:\Windows\System\KKyhonm.exe

C:\Windows\System\KKyhonm.exe

C:\Windows\System\oOyJzcm.exe

C:\Windows\System\oOyJzcm.exe

C:\Windows\System\ToPuVek.exe

C:\Windows\System\ToPuVek.exe

C:\Windows\System\PrRMGsX.exe

C:\Windows\System\PrRMGsX.exe

C:\Windows\System\TKVMpjm.exe

C:\Windows\System\TKVMpjm.exe

C:\Windows\System\NTbZbAa.exe

C:\Windows\System\NTbZbAa.exe

C:\Windows\System\cdvJnIE.exe

C:\Windows\System\cdvJnIE.exe

C:\Windows\System\nUNDrPO.exe

C:\Windows\System\nUNDrPO.exe

C:\Windows\System\BgXEHZk.exe

C:\Windows\System\BgXEHZk.exe

C:\Windows\System\GSaJjPt.exe

C:\Windows\System\GSaJjPt.exe

C:\Windows\System\aAmploA.exe

C:\Windows\System\aAmploA.exe

C:\Windows\System\iQjhTkm.exe

C:\Windows\System\iQjhTkm.exe

C:\Windows\System\qtZWAOK.exe

C:\Windows\System\qtZWAOK.exe

C:\Windows\System\JJXNVWR.exe

C:\Windows\System\JJXNVWR.exe

C:\Windows\System\unnxdJR.exe

C:\Windows\System\unnxdJR.exe

C:\Windows\System\sbaNOkR.exe

C:\Windows\System\sbaNOkR.exe

C:\Windows\System\Jezqqpr.exe

C:\Windows\System\Jezqqpr.exe

C:\Windows\System\RoBdhkF.exe

C:\Windows\System\RoBdhkF.exe

C:\Windows\System\ZwhJEbE.exe

C:\Windows\System\ZwhJEbE.exe

C:\Windows\System\tfzcRGo.exe

C:\Windows\System\tfzcRGo.exe

C:\Windows\System\ZtQulMD.exe

C:\Windows\System\ZtQulMD.exe

C:\Windows\System\SKhFalx.exe

C:\Windows\System\SKhFalx.exe

C:\Windows\System\HUDsvJz.exe

C:\Windows\System\HUDsvJz.exe

C:\Windows\System\PAeBsYf.exe

C:\Windows\System\PAeBsYf.exe

C:\Windows\System\lxKyUDp.exe

C:\Windows\System\lxKyUDp.exe

C:\Windows\System\qcshWlT.exe

C:\Windows\System\qcshWlT.exe

C:\Windows\System\oDdOpWx.exe

C:\Windows\System\oDdOpWx.exe

C:\Windows\System\sZTamGU.exe

C:\Windows\System\sZTamGU.exe

C:\Windows\System\nhVREpI.exe

C:\Windows\System\nhVREpI.exe

C:\Windows\System\LrqifRZ.exe

C:\Windows\System\LrqifRZ.exe

C:\Windows\System\rSTidAB.exe

C:\Windows\System\rSTidAB.exe

C:\Windows\System\qMroYOE.exe

C:\Windows\System\qMroYOE.exe

C:\Windows\System\ZNTEIGY.exe

C:\Windows\System\ZNTEIGY.exe

C:\Windows\System\JZaUMts.exe

C:\Windows\System\JZaUMts.exe

C:\Windows\System\ZpvKqqZ.exe

C:\Windows\System\ZpvKqqZ.exe

C:\Windows\System\CAwheOT.exe

C:\Windows\System\CAwheOT.exe

C:\Windows\System\RktyKpe.exe

C:\Windows\System\RktyKpe.exe

C:\Windows\System\sjGjJkl.exe

C:\Windows\System\sjGjJkl.exe

C:\Windows\System\xZgFYnq.exe

C:\Windows\System\xZgFYnq.exe

C:\Windows\System\swqSCIY.exe

C:\Windows\System\swqSCIY.exe

C:\Windows\System\KllgYKK.exe

C:\Windows\System\KllgYKK.exe

C:\Windows\System\EcFThlw.exe

C:\Windows\System\EcFThlw.exe

C:\Windows\System\FifIrku.exe

C:\Windows\System\FifIrku.exe

C:\Windows\System\nSKFQoP.exe

C:\Windows\System\nSKFQoP.exe

C:\Windows\System\sVGAzBm.exe

C:\Windows\System\sVGAzBm.exe

C:\Windows\System\WsLealC.exe

C:\Windows\System\WsLealC.exe

C:\Windows\System\AQkWTPs.exe

C:\Windows\System\AQkWTPs.exe

C:\Windows\System\rrAnaoT.exe

C:\Windows\System\rrAnaoT.exe

C:\Windows\System\VMINnOB.exe

C:\Windows\System\VMINnOB.exe

C:\Windows\System\KbKlOcK.exe

C:\Windows\System\KbKlOcK.exe

C:\Windows\System\JcSaHVV.exe

C:\Windows\System\JcSaHVV.exe

C:\Windows\System\wkLyhln.exe

C:\Windows\System\wkLyhln.exe

C:\Windows\System\qsblEVP.exe

C:\Windows\System\qsblEVP.exe

C:\Windows\System\PigZAwl.exe

C:\Windows\System\PigZAwl.exe

C:\Windows\System\tSTKZcG.exe

C:\Windows\System\tSTKZcG.exe

C:\Windows\System\xqLUIBj.exe

C:\Windows\System\xqLUIBj.exe

C:\Windows\System\wjjFjsY.exe

C:\Windows\System\wjjFjsY.exe

C:\Windows\System\ceEMfuE.exe

C:\Windows\System\ceEMfuE.exe

C:\Windows\System\tBMYedi.exe

C:\Windows\System\tBMYedi.exe

C:\Windows\System\jvKmBJr.exe

C:\Windows\System\jvKmBJr.exe

C:\Windows\System\gLjpMoZ.exe

C:\Windows\System\gLjpMoZ.exe

C:\Windows\System\OGDJyVS.exe

C:\Windows\System\OGDJyVS.exe

C:\Windows\System\BYFtmOe.exe

C:\Windows\System\BYFtmOe.exe

C:\Windows\System\vsGOgoQ.exe

C:\Windows\System\vsGOgoQ.exe

C:\Windows\System\QwYwCZL.exe

C:\Windows\System\QwYwCZL.exe

C:\Windows\System\tqsyXen.exe

C:\Windows\System\tqsyXen.exe

C:\Windows\System\bvJNpsk.exe

C:\Windows\System\bvJNpsk.exe

C:\Windows\System\bVqwKlZ.exe

C:\Windows\System\bVqwKlZ.exe

C:\Windows\System\yuWhpzO.exe

C:\Windows\System\yuWhpzO.exe

C:\Windows\System\ZqisnIO.exe

C:\Windows\System\ZqisnIO.exe

C:\Windows\System\AfLcKud.exe

C:\Windows\System\AfLcKud.exe

C:\Windows\System\Mprizpa.exe

C:\Windows\System\Mprizpa.exe

C:\Windows\System\UmadyJW.exe

C:\Windows\System\UmadyJW.exe

C:\Windows\System\xTpyBMt.exe

C:\Windows\System\xTpyBMt.exe

C:\Windows\System\TUyVtiE.exe

C:\Windows\System\TUyVtiE.exe

C:\Windows\System\tCSrGKw.exe

C:\Windows\System\tCSrGKw.exe

C:\Windows\System\bihqpCz.exe

C:\Windows\System\bihqpCz.exe

C:\Windows\System\UNmVKpF.exe

C:\Windows\System\UNmVKpF.exe

C:\Windows\System\ZzFdmjW.exe

C:\Windows\System\ZzFdmjW.exe

C:\Windows\System\rUIEshi.exe

C:\Windows\System\rUIEshi.exe

C:\Windows\System\DsBipge.exe

C:\Windows\System\DsBipge.exe

C:\Windows\System\IZbxyAp.exe

C:\Windows\System\IZbxyAp.exe

C:\Windows\System\IQBdWzR.exe

C:\Windows\System\IQBdWzR.exe

C:\Windows\System\nDwfKEy.exe

C:\Windows\System\nDwfKEy.exe

C:\Windows\System\pOBrPaI.exe

C:\Windows\System\pOBrPaI.exe

C:\Windows\System\vruDdLK.exe

C:\Windows\System\vruDdLK.exe

C:\Windows\System\pkLNaBP.exe

C:\Windows\System\pkLNaBP.exe

C:\Windows\System\rhWKGcg.exe

C:\Windows\System\rhWKGcg.exe

C:\Windows\System\eclGoVr.exe

C:\Windows\System\eclGoVr.exe

C:\Windows\System\KIiMPfZ.exe

C:\Windows\System\KIiMPfZ.exe

C:\Windows\System\TeTGKnR.exe

C:\Windows\System\TeTGKnR.exe

C:\Windows\System\ylYzrDm.exe

C:\Windows\System\ylYzrDm.exe

C:\Windows\System\DVCtdgC.exe

C:\Windows\System\DVCtdgC.exe

C:\Windows\System\ZIukKpL.exe

C:\Windows\System\ZIukKpL.exe

C:\Windows\System\TKVDiHI.exe

C:\Windows\System\TKVDiHI.exe

C:\Windows\System\iSQXViO.exe

C:\Windows\System\iSQXViO.exe

C:\Windows\System\XFPAkED.exe

C:\Windows\System\XFPAkED.exe

C:\Windows\System\MpbsMda.exe

C:\Windows\System\MpbsMda.exe

C:\Windows\System\CPfHYJR.exe

C:\Windows\System\CPfHYJR.exe

C:\Windows\System\JfIcWIG.exe

C:\Windows\System\JfIcWIG.exe

C:\Windows\System\LgqjebP.exe

C:\Windows\System\LgqjebP.exe

C:\Windows\System\UQxeRrO.exe

C:\Windows\System\UQxeRrO.exe

C:\Windows\System\jkXbqzs.exe

C:\Windows\System\jkXbqzs.exe

C:\Windows\System\mYWfNvn.exe

C:\Windows\System\mYWfNvn.exe

C:\Windows\System\DDjULUY.exe

C:\Windows\System\DDjULUY.exe

C:\Windows\System\AOhAtdu.exe

C:\Windows\System\AOhAtdu.exe

C:\Windows\System\ZLMIMwj.exe

C:\Windows\System\ZLMIMwj.exe

C:\Windows\System\qyGYlez.exe

C:\Windows\System\qyGYlez.exe

C:\Windows\System\nRsWOxt.exe

C:\Windows\System\nRsWOxt.exe

C:\Windows\System\KrjvSrC.exe

C:\Windows\System\KrjvSrC.exe

C:\Windows\System\gjzSOUL.exe

C:\Windows\System\gjzSOUL.exe

C:\Windows\System\idODMXV.exe

C:\Windows\System\idODMXV.exe

C:\Windows\System\sxrmncW.exe

C:\Windows\System\sxrmncW.exe

C:\Windows\System\EwkLqNO.exe

C:\Windows\System\EwkLqNO.exe

C:\Windows\System\aPphThZ.exe

C:\Windows\System\aPphThZ.exe

C:\Windows\System\RMHfWRJ.exe

C:\Windows\System\RMHfWRJ.exe

C:\Windows\System\qnvFHyV.exe

C:\Windows\System\qnvFHyV.exe

C:\Windows\System\zBeXTgU.exe

C:\Windows\System\zBeXTgU.exe

C:\Windows\System\yWqWURy.exe

C:\Windows\System\yWqWURy.exe

C:\Windows\System\jqdjUGK.exe

C:\Windows\System\jqdjUGK.exe

C:\Windows\System\fONXqQS.exe

C:\Windows\System\fONXqQS.exe

C:\Windows\System\RZoPeXs.exe

C:\Windows\System\RZoPeXs.exe

C:\Windows\System\ACORXAa.exe

C:\Windows\System\ACORXAa.exe

C:\Windows\System\uNcADlX.exe

C:\Windows\System\uNcADlX.exe

C:\Windows\System\BqiOXAv.exe

C:\Windows\System\BqiOXAv.exe

C:\Windows\System\ONuUINX.exe

C:\Windows\System\ONuUINX.exe

C:\Windows\System\Czfmlcr.exe

C:\Windows\System\Czfmlcr.exe

C:\Windows\System\fcfEOGv.exe

C:\Windows\System\fcfEOGv.exe

C:\Windows\System\SWwpIGA.exe

C:\Windows\System\SWwpIGA.exe

C:\Windows\System\rCHGyfM.exe

C:\Windows\System\rCHGyfM.exe

C:\Windows\System\BtofKfD.exe

C:\Windows\System\BtofKfD.exe

C:\Windows\System\UlNKSsQ.exe

C:\Windows\System\UlNKSsQ.exe

C:\Windows\System\VMAOlkE.exe

C:\Windows\System\VMAOlkE.exe

C:\Windows\System\UsUzLdY.exe

C:\Windows\System\UsUzLdY.exe

C:\Windows\System\droNDmG.exe

C:\Windows\System\droNDmG.exe

C:\Windows\System\bsCRsJE.exe

C:\Windows\System\bsCRsJE.exe

C:\Windows\System\UkXgIEB.exe

C:\Windows\System\UkXgIEB.exe

C:\Windows\System\KACNpMd.exe

C:\Windows\System\KACNpMd.exe

C:\Windows\System\yyLdeHm.exe

C:\Windows\System\yyLdeHm.exe

C:\Windows\System\JMLDETu.exe

C:\Windows\System\JMLDETu.exe

C:\Windows\System\gGKdKKZ.exe

C:\Windows\System\gGKdKKZ.exe

C:\Windows\System\BrYsZcg.exe

C:\Windows\System\BrYsZcg.exe

C:\Windows\System\FodWqXr.exe

C:\Windows\System\FodWqXr.exe

C:\Windows\System\JXCvmfh.exe

C:\Windows\System\JXCvmfh.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2480-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2480-1-0x0000000000200000-0x0000000000210000-memory.dmp

\Windows\system\RSrlqht.exe

MD5 5fed9f551a50768d5e4a6695d0db6e57
SHA1 25b6219118ea05e5438cec9342cc85c73a775b0a
SHA256 8c6011ab5b809c72d7a962dc4ccb213dfca8ad46c1cf84dd52beb50d96482ae8
SHA512 f4e5ece0a03b5b07c34e93ec8afd438192811c157369fa96ee5f9df5bb46a2902c5ce8ecfb1606fae336281d4af90fa495d4eeb5713d74b2833f0d86858be978

memory/2224-8-0x000000013F4C0000-0x000000013F814000-memory.dmp

\Windows\system\gqYlBef.exe

MD5 718fbfa2812dbe9f99bf04ad843b6ab1
SHA1 37d9dab0a431a8d48976e3ed77855936512ac371
SHA256 4544ecb4f085ea714715422d3c5faffa498d9965907fe06b7fdbabde24aff106
SHA512 c8af54a824084c8f96e7d44684919666d9667399fbd3ba2b153ebcbaeccbb0ae1936bac881faaa88698503a76224a77657f7a1f5a94897c6086d4e15a44f051f

\Windows\system\BvRgUGb.exe

MD5 a9725df8acb1a737cbf46074dac94332
SHA1 f3f6db5d6de2ca8a8e54ef519b9ce004c9ce0a89
SHA256 a5f8a157131209f64def05ff88dd1c7dd5a21c4e7d5a9b0b0cbfb0004740df96
SHA512 3ff99ea9deb00d779fb68093a59733f9fed5212541ea419d20250a2769a4be13d20a9e480ca0b115582e275bede63aefdd10e8474b91dfdfe8b8b4bdf7fc00c2

memory/2480-15-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2480-24-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2004-29-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2604-28-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/1992-23-0x000000013F340000-0x000000013F694000-memory.dmp

C:\Windows\system\ohesEGa.exe

MD5 63377b70ac74cb44262d4bebfc2c3b66
SHA1 121abadf410ccd1331c4edb0059849e0f6fbf00b
SHA256 7fd09840e4fdd5a1410373b2cb80ae6e866fe40a4fb87694ed7b517a0e8935f7
SHA512 3c5a585060ccbc6e283ec066387628697c6741875eb887e92f5e6817ed83c7fa8a1d7254a62d87a615882673461b12b8d2aa0b75b649b8e0353d3457d7f538d0

memory/2712-35-0x000000013F820000-0x000000013FB74000-memory.dmp

C:\Windows\system\IUDqXUb.exe

MD5 abfee9dbe35fc58c14d5b2fd2c997bb6
SHA1 23bfe6c05d40c5de33ed70b8483f6899cb319b0b
SHA256 babc2dd61509fc215c2cfe6d20f37e9211e0e0d358fa99323d21e3b82366835b
SHA512 4aa1a48c3cc137f640676e2053c0319a70f0e0646dbbe58067d5055b0712a1bcadf98177ff4d000ee158392d9779cc83e99a1462bf1d322fb8a4601c5712565f

memory/2016-41-0x000000013FB20000-0x000000013FE74000-memory.dmp

C:\Windows\system\ytFhlFS.exe

MD5 5fc92dbeaa5a9486ffac78def583dc7b
SHA1 8c69a7af55c601937a0fa1dc04485fadd2d60801
SHA256 9e0b321d1f0457d0a1dc29c1f56f2900eadaac82a6c9bd0f48dad46fadcc8001
SHA512 4c6adb4e0db61692e90915a3e7d82006bdad49f73da94791454f0b6949693a74ffb7ae8bf34556ef7780771581b5785265a1076213565ab0f54e906f51b2149f

memory/2432-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2480-68-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\HrpDTqu.exe

MD5 80e1674633a5c00cd9bd3601b7f28bb2
SHA1 f23992abc40956a64884b7571c9fb692a646866c
SHA256 5d28e8ff92d3632ca2829972ac7ad120435d7ff2a4d0393638117ea70318c682
SHA512 3f61c7e8e7ed27bf498b740ddf1847aca769718517661ea2c2f820c645c45b0346d4d95941c55f68444d4133738970f78f6bd3482b792521d5a7c65b245519a7

C:\Windows\system\ClySvFg.exe

MD5 05cefd7fa3c593310919bbada4b3642d
SHA1 b471ef98daf241603d8e2cbac2cb26c3163c4168
SHA256 830c987c4ad471b0e798e4635bfadd1c8423fa26a850b7bb5c38dff17b658599
SHA512 ca4f2be5e592746281757a8bebff81d8e7f954f834cd98d194e8225d0c233b5ace4282c4ee225a047f9d10334522c12bff5a3631e7072db1d84b0b9e183c82be

memory/2480-1075-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2488-1076-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2432-861-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2808-507-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2480-506-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2016-301-0x000000013FB20000-0x000000013FE74000-memory.dmp

C:\Windows\system\jPybweD.exe

MD5 905bec98b8ad2154738cec4641db2f09
SHA1 66dcd99dc1a9a4765451f97e272401a7b164fc99
SHA256 90c2d57e4ebed74bc1de599b53beca008a98dd0b24ed9606c60e77c18c6ed22e
SHA512 8f74b79ead302615b9987d61ff7a7ca78c07b6740de3182c412c64889556c931b802824e93f04dd2fd121e30c70cf0c2cf74bcc97b84e4062d24bfcf5bcac587

C:\Windows\system\nbhTium.exe

MD5 2c33857b0840112621c214d093b351fa
SHA1 0a4af96032889ca3bbe939340fe7befbc8d6b5ed
SHA256 12b25194343c704f702f1d784697f678127a3d5bca86340e68f658f0e4377c0f
SHA512 c618d7a6d49c45abcd1a5279cea94797c8963871a50ca1af049c41e53a279b0ace73fd90eca1f797b19f2dfb7efa2c0a9d749a6f710223163df590429fa7799d

C:\Windows\system\drkJnlT.exe

MD5 f9492e8e716f3c64d357b970d2985114
SHA1 49fb49248bb4f2f208b8858a1156138f2d5db690
SHA256 88e3dbf8c0547c0907d1debd55a5df3a4b8940ee2fac8b2ae50a1eb6c24cae88
SHA512 e23f66d1fae628a82d3c6434c833615abddb26905bb45ca9984e1afb4c6cf79a45261b006c264593d8269066cf89494b8121f4e9090fa5b8a55c7d3e72a27ffb

C:\Windows\system\QIhGamk.exe

MD5 d5b8f3a55c30bf7901fd8abd66239d24
SHA1 72d1b9c5b0b297ee5e3894cac6a03b4206bf56f6
SHA256 3352c615c5c07f2ee976f7ff2b86f8502d27f885738c0c28ae240b117987ab2b
SHA512 2122d7fd168416c3cb9345900420c61a2210852cd7ef3b860b76e1480bd82d585083fdfb8612534c9b67dee36f4211ed43f732b4b7131772b299e464aa077726

C:\Windows\system\lohNAdn.exe

MD5 4bddd548b074e4ce9ffc98654db67ba1
SHA1 0cdd3684dcc1f68319e035a69ecacef34c85bba8
SHA256 2370695579767e80168902fd7c517c297c1b7706c50c0ac7bd6172fd0eeac82b
SHA512 86897dd3d709894eb9a8caf581adcca48eae73ca392023e77b80e35cae8931be5ab62ab83af8fc4ffc04ac1ddd8e268c022357a156f8b506ed0788d4eb93655a

C:\Windows\system\dJzgEUj.exe

MD5 7859bab4c2f35c8a367a0b712c0aea87
SHA1 98d2751b99ff2f2625a2dea6bd2a067dd1620984
SHA256 c873c183b6c07f8f152df778d4ac9d012fb63d9c4c0e3913b3bca91e3ab08d66
SHA512 48ed2985913809f098c0a22f54e6626345492a4e30c54e1d4a2eec6919e94eff38b7bb1db89b5753d06a9c9a011798f473b42e0cc08f8517abbb280ec856a37c

C:\Windows\system\yZlYpaJ.exe

MD5 b33c60f94267362d77eb9bc297f09200
SHA1 259b27cb2447076eea70cd886e343289985eeeda
SHA256 94df77e618de6a0ddea683dda1bb17925ead8af38d192cc84085d1042b7f3e58
SHA512 72ef211c3abf9b3bce22d0a9cedcec4297e82b30d11bdcdc7390a2d12209054c4487f556424aeee648d2e487bdf15d16ce91a26c82fe2552cf25109ba19f301a

C:\Windows\system\xPRbooo.exe

MD5 a025e0c1c6463aaeef5b417cdcc1a3a6
SHA1 842f0e74b7489095a2fbb1366ee640f4281459e9
SHA256 a06df87db1eed60ef6f07fa7ee70c40fa8a81107381aa79548aef02327e660dc
SHA512 c6e4e69132cc52cff6715c56ec948009bcaeef30dcef6ee7af2d0e24fd864d929ca71a201a3f37bdd14b524850c5c4edb490fb665cc6ac6351feb6772d0aec29

C:\Windows\system\ExiXtuI.exe

MD5 2aab5e99f832449912cb511f7fdad86b
SHA1 872fc2185fc1f20d385c170d4b7dd11d659bb3ff
SHA256 8a05756791f033d4e52db75a8a2e397fa98ee9364c6a4e506b634dad3c7a903c
SHA512 cde4ba0d2c82604116b88eb41372cf6f380d2e371756a34376c7c7d42a2cdd617cbef6783aa4d1580cc4b9aeafba7e7ca49b555fabf10fad7d137aa86cf1d0b9

C:\Windows\system\dtFZcOx.exe

MD5 e6682e9305fad8cbd236e6a3c1e282a8
SHA1 105c8e985b56b8e9b28c54c31919d814d764f26f
SHA256 9e142c266caa11f017f7ff56f637c80a522cc13f292ec3b432bf4a29355517d2
SHA512 24aef72596d1236a05474bebff821d208ae395a89913d3443fac09a494b2c58b9c7d794f4c5a325f517615148a8e9b90301a20f9aca2c9c096538283c8a9abfb

C:\Windows\system\EhwjIEy.exe

MD5 3ce0a6cdfbec07d2c386a09631b1999c
SHA1 af9d380c8a89eecb736b74b5cda78842de861340
SHA256 7ee19d7f9e78f1d185661416c98eee32f299d6f9cc26af60160013eaef325164
SHA512 c9c673453b6e3f466c13aef2b6eb04f13c7c6b63c0dcd669cbdd9e940dcdf606dc0a2b2187ca706b735cb0e02fda959220d7b5413bb93345e28b110955c53ea6

C:\Windows\system\pDfJBQI.exe

MD5 60164b6bffe717e2c6fb98ce5efe5bc3
SHA1 b38c9f45c27d58bcac314bc60e87f48e2e8ab577
SHA256 805c432ac9002ccdc4a40bbd2341d34186e34057cb54ea0634550ab7046c7716
SHA512 2cc0cbad60eaf7b9f20a15723de5ecbd2cc857b4938c19e956ac6d94ffe6b91a7a2fbc256a49c437f4cecbb58fa18cec9e59096c8a2e6a52f12b50067c6db23e

C:\Windows\system\QyAJswg.exe

MD5 61db5f8404c7ffee672deb67d0668516
SHA1 546d075d6e8a7c420e2eb41989db1bc19c4ff734
SHA256 e63da9fa5663072b5a175ce5dcf0e6d029d81a10c493b1bb4a7d2206cd224271
SHA512 9ae30d6d01985b9e0df5d62992765a03f26f90fa8a6345153190bd9b9bbdfb9e53ca7e6d7a3aa79783738891f819b88d9eda381aadc6fbb447fccef0bcb21b23

C:\Windows\system\woLrwnA.exe

MD5 8695d01046e22d2a774db43cadc48bb7
SHA1 cf65f061908199bbd7cd487505d68edc7c954efa
SHA256 67ad2346a6e984d2397cb319214986484e436ac27ac56a1788bfc0d7f1dff979
SHA512 e46b0a0dcc3db7d5ef628695f60973bc33bea606b00fe743952f893260e3bdb22aba40a5a4d4ecf5c44ac7b34ddc6f5566c14bd5e0a7fda44555b3c9889a510f

C:\Windows\system\CVIIAKC.exe

MD5 912373e68d389c904cb8eee0b7064a71
SHA1 08516ed960bec78423c66fce46f6a4cb4986ed9c
SHA256 eae31581070349c9968d7558072d0c9fda2274c180d6ddf66fab2cb8d3cc32d6
SHA512 a92d7801115f118a90be4cb44856ebb2d50cf4be9d28d5e0b75217e8a704d2394fb17d7bb9b5773188680a748271a7bc727a5788f220e550b483aac2a1a0beba

memory/2480-103-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\RJFFkVI.exe

MD5 5a8cd5bc1463b56e7defac29bacbddc8
SHA1 a5687f75d3bced7d4aa94a5d12e729bc5fe55006
SHA256 8d748ab1158f1892ae6e7864bc1df16e851fd166ce6ef37f2c76b2a6e1ec85fd
SHA512 b6ce74711a8efe1b4a61071831047b1e089e14f1ef757aa1963778984cdfc0b8ef024fb0a0b6a2ab13b24fe4e471bf262a0b18825bf494a2f5709f92e86673fb

memory/2976-92-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2480-91-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1764-100-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2480-99-0x000000013F040000-0x000000013F394000-memory.dmp

C:\Windows\system\UgFxwwz.exe

MD5 21469aff816c5dad13af99673d906fbf
SHA1 ba9d1c20743fb3998acf4e1d6573983e3276b982
SHA256 a77291c53976b716debc33bea47233fc0716ea95af1bde2dda7e8b689b069b65
SHA512 38809f461147630746eefe7ca2d449282fceaf7657f7711c21f7f5c863236606cf7100a97accc0959caeb5d9a5b9d059ecb7fc72879eb0e485f415e71014dc26

memory/2712-98-0x000000013F820000-0x000000013FB74000-memory.dmp

C:\Windows\system\NphtjRt.exe

MD5 2dd6cbede72442960e8d7f9d5e6f7ee8
SHA1 a63b44aceecfdcd593d340d18a4eae780d917e48
SHA256 9a06b05596d2a79b0578f9d60475ceadbcf32d0e798f408c2780553d8b0f272f
SHA512 14d015f6dfa322f302aea19d93fd0dfedd6fc302b233e18592421560ad8e92ec8e0a368293248b36645b7299da343fd037378d652ec552f091fca280b63b07b1

memory/2852-86-0x000000013F8C0000-0x000000013FC14000-memory.dmp

memory/2480-85-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1992-84-0x000000013F340000-0x000000013F694000-memory.dmp

memory/1676-77-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2480-76-0x000000013FF40000-0x0000000140294000-memory.dmp

C:\Windows\system\UjRtZxu.exe

MD5 24a901f22b6a6d5f2060f821f53e4c94
SHA1 0b50120704e05ba84572861f212b77595566adc7
SHA256 d41fbe187f21f10a780e0c4080839b8e15b1930cd22a59ba613f34ba52336b93
SHA512 44569f1e41531aa7b077e318049f87c207a99855bdbd91b17d4809207d104820872662fbddd4913dc9480a13ab7510ef118658b99797cdb68940fb2926bebf5a

C:\Windows\system\YALdUdm.exe

MD5 d8ba99612b59e4490062c46fff9dd03c
SHA1 17c286be4cd1e493211d16cc8e224d7770dea320
SHA256 c75030618e4c5980cf835910af3ecc654c21e5879e6bb796b2c8c783ede9490e
SHA512 f77e8afbe56f544a36aac7b02884f321463d0710e366ef90e6d047177894b859a7566d1c5386713be0d480479e502c3e13431f4d673e174c8a160c8a83d04b65

memory/2564-70-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2480-69-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2488-61-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2480-60-0x000000013F6F0000-0x000000013FA44000-memory.dmp

C:\Windows\system\NIAPsmU.exe

MD5 1305e418f23ee7834495488139e934ca
SHA1 e10d7e3c20bbf639d03b1428e09e7e32c6e33c45
SHA256 4257b254dbaadefa5c6867888cf71bf96b96acd1673dd54e014c90920f745963
SHA512 4d58ca0383cbaf5c116bfb84daf713ad5da3bf1f891103aa5aea08a3314cb9e1fbc2c0c41d5ad3e4ba2ff5698a1bbc9a074e439342f214080e528e52017d5329

C:\Windows\system\fSUvIZJ.exe

MD5 85ab20150d26eacbc89bb2650a9782cc
SHA1 c749c56746c1eeb639f66882dc334118bbe03aff
SHA256 174d8e455bf3a44ee0d086e8b29f7e255ebae20b7d29c13fa6d249b6c2c33716
SHA512 9b9623f428fda46131032d5b23376abb1697bd3f31ddac277d5d67ed06471b04a27ef84ebfba9ddee3317e099b60893886584392b2de4af261b298ceca2e33dd

memory/2480-54-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2808-48-0x000000013F930000-0x000000013FC84000-memory.dmp

C:\Windows\system\amjfazp.exe

MD5 f374925491f85e05c9616d6e0d3e08a3
SHA1 ac076677b426cada261526147020e2f1a2c3ee07
SHA256 fdfac0603615e225f4acabed118c70b96057367cb6bbb7829188257962b19a49
SHA512 7102157a34d52190b1a997368dd77bacd5858717eed67e388d0fc4d9c75a09639e57de13d4dcc58bfb828446ff5feb84644bd15bda2d73aeff6d1888779745f0

memory/2480-38-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2480-34-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\VkbMnsD.exe

MD5 570049d4007ab4a394b924541fa07650
SHA1 de919f4a4bcecac219bc73ea655f6992acd5444e
SHA256 1dbf55f2df7bc268badf6825668123f71e966087bb6cd7c41c800886bea0c4cb
SHA512 f50359bdd07e0a8d757be9542867a7b39d0a14209e0e0ab91e630a6247860270379c4ca8217ec0d4c380d7bc35304d0a9eb8a3838d166c28f91d3bf5d1dfb73a

memory/2480-19-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2564-1078-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2480-1077-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/1676-1079-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2480-1080-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2480-1081-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2976-1082-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2480-1083-0x000000013F040000-0x000000013F394000-memory.dmp

memory/1764-1084-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2224-1085-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2004-1088-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/1992-1087-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2604-1086-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2808-1090-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2016-1089-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2488-1094-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2432-1093-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2564-1092-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2712-1091-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1676-1095-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2852-1096-0x000000013F8C0000-0x000000013FC14000-memory.dmp

memory/2976-1097-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1764-1098-0x000000013F040000-0x000000013F394000-memory.dmp