Malware Analysis Report

2024-10-10 08:38

Sample ID 240602-2fn46shd6y
Target 773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe
SHA256 aa9c14347c8daeb84479763014673d85c6f882715c9550d77fbd14be453d1c58
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa9c14347c8daeb84479763014673d85c6f882715c9550d77fbd14be453d1c58

Threat Level: Known bad

The file 773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

xmrig

KPOT Core Executable

Kpot family

XMRig Miner payload

Xmrig family

KPOT

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:31

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:31

Reported

2024-06-02 22:34

Platform

win7-20240215-en

Max time kernel

140s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mNSOReZ.exe N/A
N/A N/A C:\Windows\System\OJoDyPn.exe N/A
N/A N/A C:\Windows\System\aUvdZFO.exe N/A
N/A N/A C:\Windows\System\IPxbqVC.exe N/A
N/A N/A C:\Windows\System\hrMKuxG.exe N/A
N/A N/A C:\Windows\System\KvKKOCt.exe N/A
N/A N/A C:\Windows\System\PZqocGX.exe N/A
N/A N/A C:\Windows\System\lShNxMh.exe N/A
N/A N/A C:\Windows\System\lMycseH.exe N/A
N/A N/A C:\Windows\System\APRNLFX.exe N/A
N/A N/A C:\Windows\System\PBwWsfS.exe N/A
N/A N/A C:\Windows\System\NVcnGCQ.exe N/A
N/A N/A C:\Windows\System\JfVrtIC.exe N/A
N/A N/A C:\Windows\System\NNUOXjj.exe N/A
N/A N/A C:\Windows\System\OUBgNbK.exe N/A
N/A N/A C:\Windows\System\NgkfnzQ.exe N/A
N/A N/A C:\Windows\System\oFiRUnF.exe N/A
N/A N/A C:\Windows\System\IwtUmfo.exe N/A
N/A N/A C:\Windows\System\kfqnCqD.exe N/A
N/A N/A C:\Windows\System\WGNtiDw.exe N/A
N/A N/A C:\Windows\System\iqmtqAH.exe N/A
N/A N/A C:\Windows\System\wPGqGJr.exe N/A
N/A N/A C:\Windows\System\ENnaHCQ.exe N/A
N/A N/A C:\Windows\System\vxJAgqB.exe N/A
N/A N/A C:\Windows\System\bYYUlEt.exe N/A
N/A N/A C:\Windows\System\cErvcQH.exe N/A
N/A N/A C:\Windows\System\BZDySvW.exe N/A
N/A N/A C:\Windows\System\HweMHtc.exe N/A
N/A N/A C:\Windows\System\WMVijIY.exe N/A
N/A N/A C:\Windows\System\HbLPncl.exe N/A
N/A N/A C:\Windows\System\xfMkUsD.exe N/A
N/A N/A C:\Windows\System\OpAlzJJ.exe N/A
N/A N/A C:\Windows\System\JaLgssP.exe N/A
N/A N/A C:\Windows\System\GhzuXmv.exe N/A
N/A N/A C:\Windows\System\FbshSmE.exe N/A
N/A N/A C:\Windows\System\CohCnpr.exe N/A
N/A N/A C:\Windows\System\SFqmuJr.exe N/A
N/A N/A C:\Windows\System\PXTBdsm.exe N/A
N/A N/A C:\Windows\System\hHSEAtj.exe N/A
N/A N/A C:\Windows\System\bfXwdbi.exe N/A
N/A N/A C:\Windows\System\RgCagmA.exe N/A
N/A N/A C:\Windows\System\vtrFsGJ.exe N/A
N/A N/A C:\Windows\System\HKFihMH.exe N/A
N/A N/A C:\Windows\System\XtafMNK.exe N/A
N/A N/A C:\Windows\System\pLWDHBZ.exe N/A
N/A N/A C:\Windows\System\YKGiTzg.exe N/A
N/A N/A C:\Windows\System\brwtJeQ.exe N/A
N/A N/A C:\Windows\System\JbjELZu.exe N/A
N/A N/A C:\Windows\System\QOziJFO.exe N/A
N/A N/A C:\Windows\System\vYmHCny.exe N/A
N/A N/A C:\Windows\System\uoGEnUf.exe N/A
N/A N/A C:\Windows\System\WYIvexd.exe N/A
N/A N/A C:\Windows\System\FZTZtdJ.exe N/A
N/A N/A C:\Windows\System\ePLHzzA.exe N/A
N/A N/A C:\Windows\System\YtPeeIg.exe N/A
N/A N/A C:\Windows\System\jOBUDLo.exe N/A
N/A N/A C:\Windows\System\fFlArkv.exe N/A
N/A N/A C:\Windows\System\oWKVXSO.exe N/A
N/A N/A C:\Windows\System\pOJzxuc.exe N/A
N/A N/A C:\Windows\System\EOJmVEq.exe N/A
N/A N/A C:\Windows\System\xUAShHd.exe N/A
N/A N/A C:\Windows\System\HrVDLYZ.exe N/A
N/A N/A C:\Windows\System\QKbTDzj.exe N/A
N/A N/A C:\Windows\System\cetjSpJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\POuehKJ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\LYzAvLv.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPWGpLN.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwpPJGS.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcEoowJ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbWPDKA.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\kqJFKPg.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDfRikE.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrGYmtx.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpVCNoX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwtUmfo.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyXKBxe.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApyQEvn.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\viNOLWI.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHwUalX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZEYKfW.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUjOokX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\doEOTHo.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\roFncNq.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkgdaBo.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\YiHukvu.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\KuAeDvS.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrMKuxG.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYmHCny.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIPMnnS.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qxcylvr.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMVijIY.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\DwctIzJ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\Idoqhhs.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrVuIZQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANudPge.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQLdqEn.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShSFizp.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUaGZkU.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\rbPuBwE.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWdsRNi.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvoYOrn.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiniNkp.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTDrYgR.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\pusGXNS.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErKQvYX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjpcEIr.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsylWuJ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\glskCas.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOziJFO.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\PXTBdsm.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDRKoRY.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxMMDRs.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCVWJdt.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGNtiDw.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiWZtfX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClWHLmG.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TAYjkXN.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztVwQwD.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKrQJMG.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\HweMHtc.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILtnAqc.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgyoXro.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqBOokY.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCxBUAQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\lShNxMh.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOJzxuc.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKbTDzj.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHlJGQi.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\mNSOReZ.exe
PID 2040 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\mNSOReZ.exe
PID 2040 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\mNSOReZ.exe
PID 2040 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OJoDyPn.exe
PID 2040 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OJoDyPn.exe
PID 2040 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OJoDyPn.exe
PID 2040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\aUvdZFO.exe
PID 2040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\aUvdZFO.exe
PID 2040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\aUvdZFO.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IPxbqVC.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IPxbqVC.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IPxbqVC.exe
PID 2040 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\hrMKuxG.exe
PID 2040 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\hrMKuxG.exe
PID 2040 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\hrMKuxG.exe
PID 2040 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\KvKKOCt.exe
PID 2040 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\KvKKOCt.exe
PID 2040 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\KvKKOCt.exe
PID 2040 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PZqocGX.exe
PID 2040 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PZqocGX.exe
PID 2040 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PZqocGX.exe
PID 2040 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lShNxMh.exe
PID 2040 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lShNxMh.exe
PID 2040 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lShNxMh.exe
PID 2040 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lMycseH.exe
PID 2040 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lMycseH.exe
PID 2040 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lMycseH.exe
PID 2040 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\APRNLFX.exe
PID 2040 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\APRNLFX.exe
PID 2040 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\APRNLFX.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PBwWsfS.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PBwWsfS.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\PBwWsfS.exe
PID 2040 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NVcnGCQ.exe
PID 2040 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NVcnGCQ.exe
PID 2040 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NVcnGCQ.exe
PID 2040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\JfVrtIC.exe
PID 2040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\JfVrtIC.exe
PID 2040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\JfVrtIC.exe
PID 2040 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NNUOXjj.exe
PID 2040 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NNUOXjj.exe
PID 2040 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NNUOXjj.exe
PID 2040 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OUBgNbK.exe
PID 2040 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OUBgNbK.exe
PID 2040 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OUBgNbK.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NgkfnzQ.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NgkfnzQ.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NgkfnzQ.exe
PID 2040 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\oFiRUnF.exe
PID 2040 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\oFiRUnF.exe
PID 2040 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\oFiRUnF.exe
PID 2040 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IwtUmfo.exe
PID 2040 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IwtUmfo.exe
PID 2040 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IwtUmfo.exe
PID 2040 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\kfqnCqD.exe
PID 2040 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\kfqnCqD.exe
PID 2040 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\kfqnCqD.exe
PID 2040 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WGNtiDw.exe
PID 2040 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WGNtiDw.exe
PID 2040 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WGNtiDw.exe
PID 2040 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\iqmtqAH.exe
PID 2040 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\iqmtqAH.exe
PID 2040 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\iqmtqAH.exe
PID 2040 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\wPGqGJr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe"

C:\Windows\System\mNSOReZ.exe

C:\Windows\System\mNSOReZ.exe

C:\Windows\System\OJoDyPn.exe

C:\Windows\System\OJoDyPn.exe

C:\Windows\System\aUvdZFO.exe

C:\Windows\System\aUvdZFO.exe

C:\Windows\System\IPxbqVC.exe

C:\Windows\System\IPxbqVC.exe

C:\Windows\System\hrMKuxG.exe

C:\Windows\System\hrMKuxG.exe

C:\Windows\System\KvKKOCt.exe

C:\Windows\System\KvKKOCt.exe

C:\Windows\System\PZqocGX.exe

C:\Windows\System\PZqocGX.exe

C:\Windows\System\lShNxMh.exe

C:\Windows\System\lShNxMh.exe

C:\Windows\System\lMycseH.exe

C:\Windows\System\lMycseH.exe

C:\Windows\System\APRNLFX.exe

C:\Windows\System\APRNLFX.exe

C:\Windows\System\PBwWsfS.exe

C:\Windows\System\PBwWsfS.exe

C:\Windows\System\NVcnGCQ.exe

C:\Windows\System\NVcnGCQ.exe

C:\Windows\System\JfVrtIC.exe

C:\Windows\System\JfVrtIC.exe

C:\Windows\System\NNUOXjj.exe

C:\Windows\System\NNUOXjj.exe

C:\Windows\System\OUBgNbK.exe

C:\Windows\System\OUBgNbK.exe

C:\Windows\System\NgkfnzQ.exe

C:\Windows\System\NgkfnzQ.exe

C:\Windows\System\oFiRUnF.exe

C:\Windows\System\oFiRUnF.exe

C:\Windows\System\IwtUmfo.exe

C:\Windows\System\IwtUmfo.exe

C:\Windows\System\kfqnCqD.exe

C:\Windows\System\kfqnCqD.exe

C:\Windows\System\WGNtiDw.exe

C:\Windows\System\WGNtiDw.exe

C:\Windows\System\iqmtqAH.exe

C:\Windows\System\iqmtqAH.exe

C:\Windows\System\wPGqGJr.exe

C:\Windows\System\wPGqGJr.exe

C:\Windows\System\ENnaHCQ.exe

C:\Windows\System\ENnaHCQ.exe

C:\Windows\System\vxJAgqB.exe

C:\Windows\System\vxJAgqB.exe

C:\Windows\System\bYYUlEt.exe

C:\Windows\System\bYYUlEt.exe

C:\Windows\System\cErvcQH.exe

C:\Windows\System\cErvcQH.exe

C:\Windows\System\BZDySvW.exe

C:\Windows\System\BZDySvW.exe

C:\Windows\System\HweMHtc.exe

C:\Windows\System\HweMHtc.exe

C:\Windows\System\WMVijIY.exe

C:\Windows\System\WMVijIY.exe

C:\Windows\System\HbLPncl.exe

C:\Windows\System\HbLPncl.exe

C:\Windows\System\xfMkUsD.exe

C:\Windows\System\xfMkUsD.exe

C:\Windows\System\OpAlzJJ.exe

C:\Windows\System\OpAlzJJ.exe

C:\Windows\System\JaLgssP.exe

C:\Windows\System\JaLgssP.exe

C:\Windows\System\GhzuXmv.exe

C:\Windows\System\GhzuXmv.exe

C:\Windows\System\FbshSmE.exe

C:\Windows\System\FbshSmE.exe

C:\Windows\System\CohCnpr.exe

C:\Windows\System\CohCnpr.exe

C:\Windows\System\SFqmuJr.exe

C:\Windows\System\SFqmuJr.exe

C:\Windows\System\PXTBdsm.exe

C:\Windows\System\PXTBdsm.exe

C:\Windows\System\hHSEAtj.exe

C:\Windows\System\hHSEAtj.exe

C:\Windows\System\bfXwdbi.exe

C:\Windows\System\bfXwdbi.exe

C:\Windows\System\RgCagmA.exe

C:\Windows\System\RgCagmA.exe

C:\Windows\System\vtrFsGJ.exe

C:\Windows\System\vtrFsGJ.exe

C:\Windows\System\HKFihMH.exe

C:\Windows\System\HKFihMH.exe

C:\Windows\System\XtafMNK.exe

C:\Windows\System\XtafMNK.exe

C:\Windows\System\pLWDHBZ.exe

C:\Windows\System\pLWDHBZ.exe

C:\Windows\System\YKGiTzg.exe

C:\Windows\System\YKGiTzg.exe

C:\Windows\System\brwtJeQ.exe

C:\Windows\System\brwtJeQ.exe

C:\Windows\System\JbjELZu.exe

C:\Windows\System\JbjELZu.exe

C:\Windows\System\QOziJFO.exe

C:\Windows\System\QOziJFO.exe

C:\Windows\System\vYmHCny.exe

C:\Windows\System\vYmHCny.exe

C:\Windows\System\uoGEnUf.exe

C:\Windows\System\uoGEnUf.exe

C:\Windows\System\WYIvexd.exe

C:\Windows\System\WYIvexd.exe

C:\Windows\System\FZTZtdJ.exe

C:\Windows\System\FZTZtdJ.exe

C:\Windows\System\ePLHzzA.exe

C:\Windows\System\ePLHzzA.exe

C:\Windows\System\YtPeeIg.exe

C:\Windows\System\YtPeeIg.exe

C:\Windows\System\jOBUDLo.exe

C:\Windows\System\jOBUDLo.exe

C:\Windows\System\fFlArkv.exe

C:\Windows\System\fFlArkv.exe

C:\Windows\System\oWKVXSO.exe

C:\Windows\System\oWKVXSO.exe

C:\Windows\System\pOJzxuc.exe

C:\Windows\System\pOJzxuc.exe

C:\Windows\System\EOJmVEq.exe

C:\Windows\System\EOJmVEq.exe

C:\Windows\System\xUAShHd.exe

C:\Windows\System\xUAShHd.exe

C:\Windows\System\HrVDLYZ.exe

C:\Windows\System\HrVDLYZ.exe

C:\Windows\System\QKbTDzj.exe

C:\Windows\System\QKbTDzj.exe

C:\Windows\System\cetjSpJ.exe

C:\Windows\System\cetjSpJ.exe

C:\Windows\System\PgNIMQX.exe

C:\Windows\System\PgNIMQX.exe

C:\Windows\System\tiEhggU.exe

C:\Windows\System\tiEhggU.exe

C:\Windows\System\mUjOokX.exe

C:\Windows\System\mUjOokX.exe

C:\Windows\System\DDgeJwP.exe

C:\Windows\System\DDgeJwP.exe

C:\Windows\System\ocmVmmk.exe

C:\Windows\System\ocmVmmk.exe

C:\Windows\System\ccYZZLi.exe

C:\Windows\System\ccYZZLi.exe

C:\Windows\System\dWNgZGU.exe

C:\Windows\System\dWNgZGU.exe

C:\Windows\System\xcpbjnG.exe

C:\Windows\System\xcpbjnG.exe

C:\Windows\System\SDRKoRY.exe

C:\Windows\System\SDRKoRY.exe

C:\Windows\System\ExcEPfK.exe

C:\Windows\System\ExcEPfK.exe

C:\Windows\System\kPWGpLN.exe

C:\Windows\System\kPWGpLN.exe

C:\Windows\System\braTikg.exe

C:\Windows\System\braTikg.exe

C:\Windows\System\cRKAnpp.exe

C:\Windows\System\cRKAnpp.exe

C:\Windows\System\LKmrmPP.exe

C:\Windows\System\LKmrmPP.exe

C:\Windows\System\ySuVNlF.exe

C:\Windows\System\ySuVNlF.exe

C:\Windows\System\YwpPJGS.exe

C:\Windows\System\YwpPJGS.exe

C:\Windows\System\OHlJGQi.exe

C:\Windows\System\OHlJGQi.exe

C:\Windows\System\NsYYxni.exe

C:\Windows\System\NsYYxni.exe

C:\Windows\System\ApyQEvn.exe

C:\Windows\System\ApyQEvn.exe

C:\Windows\System\omyoXLz.exe

C:\Windows\System\omyoXLz.exe

C:\Windows\System\XIPMnnS.exe

C:\Windows\System\XIPMnnS.exe

C:\Windows\System\nrVuIZQ.exe

C:\Windows\System\nrVuIZQ.exe

C:\Windows\System\AIVAApW.exe

C:\Windows\System\AIVAApW.exe

C:\Windows\System\SxMMDRs.exe

C:\Windows\System\SxMMDRs.exe

C:\Windows\System\pGokRmL.exe

C:\Windows\System\pGokRmL.exe

C:\Windows\System\oxHWjWJ.exe

C:\Windows\System\oxHWjWJ.exe

C:\Windows\System\lLeNtEw.exe

C:\Windows\System\lLeNtEw.exe

C:\Windows\System\viNOLWI.exe

C:\Windows\System\viNOLWI.exe

C:\Windows\System\YkgyaRt.exe

C:\Windows\System\YkgyaRt.exe

C:\Windows\System\iDCzLEJ.exe

C:\Windows\System\iDCzLEJ.exe

C:\Windows\System\eTDrYgR.exe

C:\Windows\System\eTDrYgR.exe

C:\Windows\System\XwbKxjU.exe

C:\Windows\System\XwbKxjU.exe

C:\Windows\System\lcygfqJ.exe

C:\Windows\System\lcygfqJ.exe

C:\Windows\System\RiniNkp.exe

C:\Windows\System\RiniNkp.exe

C:\Windows\System\wHwUalX.exe

C:\Windows\System\wHwUalX.exe

C:\Windows\System\QfiqSNJ.exe

C:\Windows\System\QfiqSNJ.exe

C:\Windows\System\YvTUmcN.exe

C:\Windows\System\YvTUmcN.exe

C:\Windows\System\JfVFYoQ.exe

C:\Windows\System\JfVFYoQ.exe

C:\Windows\System\ARTrPbP.exe

C:\Windows\System\ARTrPbP.exe

C:\Windows\System\TcEoowJ.exe

C:\Windows\System\TcEoowJ.exe

C:\Windows\System\zEevKac.exe

C:\Windows\System\zEevKac.exe

C:\Windows\System\doEOTHo.exe

C:\Windows\System\doEOTHo.exe

C:\Windows\System\NCBqRne.exe

C:\Windows\System\NCBqRne.exe

C:\Windows\System\mkBeiAc.exe

C:\Windows\System\mkBeiAc.exe

C:\Windows\System\cMHXOMW.exe

C:\Windows\System\cMHXOMW.exe

C:\Windows\System\roFncNq.exe

C:\Windows\System\roFncNq.exe

C:\Windows\System\OVygBYT.exe

C:\Windows\System\OVygBYT.exe

C:\Windows\System\OhqnkPn.exe

C:\Windows\System\OhqnkPn.exe

C:\Windows\System\tbWPDKA.exe

C:\Windows\System\tbWPDKA.exe

C:\Windows\System\gcKdSAO.exe

C:\Windows\System\gcKdSAO.exe

C:\Windows\System\SZbrzZp.exe

C:\Windows\System\SZbrzZp.exe

C:\Windows\System\zkpfjCQ.exe

C:\Windows\System\zkpfjCQ.exe

C:\Windows\System\MiKiOjs.exe

C:\Windows\System\MiKiOjs.exe

C:\Windows\System\BGtlFGp.exe

C:\Windows\System\BGtlFGp.exe

C:\Windows\System\smKENaI.exe

C:\Windows\System\smKENaI.exe

C:\Windows\System\GmJaMet.exe

C:\Windows\System\GmJaMet.exe

C:\Windows\System\LonUVwE.exe

C:\Windows\System\LonUVwE.exe

C:\Windows\System\qNJsNPv.exe

C:\Windows\System\qNJsNPv.exe

C:\Windows\System\kmaqXKR.exe

C:\Windows\System\kmaqXKR.exe

C:\Windows\System\mgSMDLt.exe

C:\Windows\System\mgSMDLt.exe

C:\Windows\System\LwhQxcM.exe

C:\Windows\System\LwhQxcM.exe

C:\Windows\System\zQOTwlr.exe

C:\Windows\System\zQOTwlr.exe

C:\Windows\System\MihHywB.exe

C:\Windows\System\MihHywB.exe

C:\Windows\System\vPncQii.exe

C:\Windows\System\vPncQii.exe

C:\Windows\System\CRroXaq.exe

C:\Windows\System\CRroXaq.exe

C:\Windows\System\IDVwnCU.exe

C:\Windows\System\IDVwnCU.exe

C:\Windows\System\ZQHzhQL.exe

C:\Windows\System\ZQHzhQL.exe

C:\Windows\System\kJhHVfV.exe

C:\Windows\System\kJhHVfV.exe

C:\Windows\System\IMqAZYa.exe

C:\Windows\System\IMqAZYa.exe

C:\Windows\System\BUhucXF.exe

C:\Windows\System\BUhucXF.exe

C:\Windows\System\RcoSqxr.exe

C:\Windows\System\RcoSqxr.exe

C:\Windows\System\RoCVjEW.exe

C:\Windows\System\RoCVjEW.exe

C:\Windows\System\dEAecvz.exe

C:\Windows\System\dEAecvz.exe

C:\Windows\System\gmclNCM.exe

C:\Windows\System\gmclNCM.exe

C:\Windows\System\sFanYVr.exe

C:\Windows\System\sFanYVr.exe

C:\Windows\System\QefJbwZ.exe

C:\Windows\System\QefJbwZ.exe

C:\Windows\System\LevCecg.exe

C:\Windows\System\LevCecg.exe

C:\Windows\System\HQinNuk.exe

C:\Windows\System\HQinNuk.exe

C:\Windows\System\UObdtzR.exe

C:\Windows\System\UObdtzR.exe

C:\Windows\System\XBLCNHe.exe

C:\Windows\System\XBLCNHe.exe

C:\Windows\System\iOMLYlR.exe

C:\Windows\System\iOMLYlR.exe

C:\Windows\System\bkgdaBo.exe

C:\Windows\System\bkgdaBo.exe

C:\Windows\System\JKcdUkW.exe

C:\Windows\System\JKcdUkW.exe

C:\Windows\System\ANudPge.exe

C:\Windows\System\ANudPge.exe

C:\Windows\System\kqJFKPg.exe

C:\Windows\System\kqJFKPg.exe

C:\Windows\System\kNPyusq.exe

C:\Windows\System\kNPyusq.exe

C:\Windows\System\FCVWJdt.exe

C:\Windows\System\FCVWJdt.exe

C:\Windows\System\RIdRFei.exe

C:\Windows\System\RIdRFei.exe

C:\Windows\System\CmQDZUS.exe

C:\Windows\System\CmQDZUS.exe

C:\Windows\System\pusGXNS.exe

C:\Windows\System\pusGXNS.exe

C:\Windows\System\hARtObR.exe

C:\Windows\System\hARtObR.exe

C:\Windows\System\Fgcbbep.exe

C:\Windows\System\Fgcbbep.exe

C:\Windows\System\SkZdzQu.exe

C:\Windows\System\SkZdzQu.exe

C:\Windows\System\jNoqOcz.exe

C:\Windows\System\jNoqOcz.exe

C:\Windows\System\hyElfRY.exe

C:\Windows\System\hyElfRY.exe

C:\Windows\System\EnvmmSx.exe

C:\Windows\System\EnvmmSx.exe

C:\Windows\System\PYTyCgx.exe

C:\Windows\System\PYTyCgx.exe

C:\Windows\System\QqJveXC.exe

C:\Windows\System\QqJveXC.exe

C:\Windows\System\ILtnAqc.exe

C:\Windows\System\ILtnAqc.exe

C:\Windows\System\IQLdqEn.exe

C:\Windows\System\IQLdqEn.exe

C:\Windows\System\FhqQwtG.exe

C:\Windows\System\FhqQwtG.exe

C:\Windows\System\cSGgLkj.exe

C:\Windows\System\cSGgLkj.exe

C:\Windows\System\xDfRikE.exe

C:\Windows\System\xDfRikE.exe

C:\Windows\System\TpRxhVb.exe

C:\Windows\System\TpRxhVb.exe

C:\Windows\System\POuehKJ.exe

C:\Windows\System\POuehKJ.exe

C:\Windows\System\rPbOIUO.exe

C:\Windows\System\rPbOIUO.exe

C:\Windows\System\wJTTClL.exe

C:\Windows\System\wJTTClL.exe

C:\Windows\System\kIQAMCw.exe

C:\Windows\System\kIQAMCw.exe

C:\Windows\System\YxGKbkn.exe

C:\Windows\System\YxGKbkn.exe

C:\Windows\System\fvzStSW.exe

C:\Windows\System\fvzStSW.exe

C:\Windows\System\bzeRdNM.exe

C:\Windows\System\bzeRdNM.exe

C:\Windows\System\LYzAvLv.exe

C:\Windows\System\LYzAvLv.exe

C:\Windows\System\Qxcylvr.exe

C:\Windows\System\Qxcylvr.exe

C:\Windows\System\OIzUwLZ.exe

C:\Windows\System\OIzUwLZ.exe

C:\Windows\System\TyFbosW.exe

C:\Windows\System\TyFbosW.exe

C:\Windows\System\ydNFHRU.exe

C:\Windows\System\ydNFHRU.exe

C:\Windows\System\YiHukvu.exe

C:\Windows\System\YiHukvu.exe

C:\Windows\System\xfnxDVz.exe

C:\Windows\System\xfnxDVz.exe

C:\Windows\System\DwctIzJ.exe

C:\Windows\System\DwctIzJ.exe

C:\Windows\System\ShSFizp.exe

C:\Windows\System\ShSFizp.exe

C:\Windows\System\wZJeDgN.exe

C:\Windows\System\wZJeDgN.exe

C:\Windows\System\UQAAJVU.exe

C:\Windows\System\UQAAJVU.exe

C:\Windows\System\KuAeDvS.exe

C:\Windows\System\KuAeDvS.exe

C:\Windows\System\JnPoKld.exe

C:\Windows\System\JnPoKld.exe

C:\Windows\System\xYOCMMq.exe

C:\Windows\System\xYOCMMq.exe

C:\Windows\System\SiWZtfX.exe

C:\Windows\System\SiWZtfX.exe

C:\Windows\System\JbTiCYp.exe

C:\Windows\System\JbTiCYp.exe

C:\Windows\System\eTZtTEj.exe

C:\Windows\System\eTZtTEj.exe

C:\Windows\System\UMgLqUW.exe

C:\Windows\System\UMgLqUW.exe

C:\Windows\System\zbPrBem.exe

C:\Windows\System\zbPrBem.exe

C:\Windows\System\BgFJcmu.exe

C:\Windows\System\BgFJcmu.exe

C:\Windows\System\IhtrcKM.exe

C:\Windows\System\IhtrcKM.exe

C:\Windows\System\bcTgCAb.exe

C:\Windows\System\bcTgCAb.exe

C:\Windows\System\QVyGEbU.exe

C:\Windows\System\QVyGEbU.exe

C:\Windows\System\ErKQvYX.exe

C:\Windows\System\ErKQvYX.exe

C:\Windows\System\hZEYKfW.exe

C:\Windows\System\hZEYKfW.exe

C:\Windows\System\mihBogz.exe

C:\Windows\System\mihBogz.exe

C:\Windows\System\FXuylOx.exe

C:\Windows\System\FXuylOx.exe

C:\Windows\System\UKSMNtc.exe

C:\Windows\System\UKSMNtc.exe

C:\Windows\System\DTDaTpL.exe

C:\Windows\System\DTDaTpL.exe

C:\Windows\System\eqCoUFa.exe

C:\Windows\System\eqCoUFa.exe

C:\Windows\System\JcyCFNa.exe

C:\Windows\System\JcyCFNa.exe

C:\Windows\System\wYbYqka.exe

C:\Windows\System\wYbYqka.exe

C:\Windows\System\ClWHLmG.exe

C:\Windows\System\ClWHLmG.exe

C:\Windows\System\TrGYmtx.exe

C:\Windows\System\TrGYmtx.exe

C:\Windows\System\xzqfdZc.exe

C:\Windows\System\xzqfdZc.exe

C:\Windows\System\RCzPmHR.exe

C:\Windows\System\RCzPmHR.exe

C:\Windows\System\ZBlUAfG.exe

C:\Windows\System\ZBlUAfG.exe

C:\Windows\System\uMIqXKS.exe

C:\Windows\System\uMIqXKS.exe

C:\Windows\System\TAYjkXN.exe

C:\Windows\System\TAYjkXN.exe

C:\Windows\System\BRFJGXZ.exe

C:\Windows\System\BRFJGXZ.exe

C:\Windows\System\IUaGZkU.exe

C:\Windows\System\IUaGZkU.exe

C:\Windows\System\lcTsGtW.exe

C:\Windows\System\lcTsGtW.exe

C:\Windows\System\Zqlqyvy.exe

C:\Windows\System\Zqlqyvy.exe

C:\Windows\System\myimWnk.exe

C:\Windows\System\myimWnk.exe

C:\Windows\System\VFyvnvf.exe

C:\Windows\System\VFyvnvf.exe

C:\Windows\System\VMjGTQN.exe

C:\Windows\System\VMjGTQN.exe

C:\Windows\System\TYqneLd.exe

C:\Windows\System\TYqneLd.exe

C:\Windows\System\eFxNGdY.exe

C:\Windows\System\eFxNGdY.exe

C:\Windows\System\SNJcFHB.exe

C:\Windows\System\SNJcFHB.exe

C:\Windows\System\kxMqJVG.exe

C:\Windows\System\kxMqJVG.exe

C:\Windows\System\XubBtUb.exe

C:\Windows\System\XubBtUb.exe

C:\Windows\System\MqvcIBM.exe

C:\Windows\System\MqvcIBM.exe

C:\Windows\System\DfLyZiX.exe

C:\Windows\System\DfLyZiX.exe

C:\Windows\System\bjpcEIr.exe

C:\Windows\System\bjpcEIr.exe

C:\Windows\System\adOlCUw.exe

C:\Windows\System\adOlCUw.exe

C:\Windows\System\lcTORhq.exe

C:\Windows\System\lcTORhq.exe

C:\Windows\System\Idoqhhs.exe

C:\Windows\System\Idoqhhs.exe

C:\Windows\System\ORhInNP.exe

C:\Windows\System\ORhInNP.exe

C:\Windows\System\RtDoUwz.exe

C:\Windows\System\RtDoUwz.exe

C:\Windows\System\mVelmLA.exe

C:\Windows\System\mVelmLA.exe

C:\Windows\System\UOeQDwM.exe

C:\Windows\System\UOeQDwM.exe

C:\Windows\System\PFhLyJS.exe

C:\Windows\System\PFhLyJS.exe

C:\Windows\System\eklUXTy.exe

C:\Windows\System\eklUXTy.exe

C:\Windows\System\LsylWuJ.exe

C:\Windows\System\LsylWuJ.exe

C:\Windows\System\MKgwNEr.exe

C:\Windows\System\MKgwNEr.exe

C:\Windows\System\RlCoXLf.exe

C:\Windows\System\RlCoXLf.exe

C:\Windows\System\xnBMdrD.exe

C:\Windows\System\xnBMdrD.exe

C:\Windows\System\YmhLTEH.exe

C:\Windows\System\YmhLTEH.exe

C:\Windows\System\HIHyUBB.exe

C:\Windows\System\HIHyUBB.exe

C:\Windows\System\ztVwQwD.exe

C:\Windows\System\ztVwQwD.exe

C:\Windows\System\jFYsdIj.exe

C:\Windows\System\jFYsdIj.exe

C:\Windows\System\YgyoXro.exe

C:\Windows\System\YgyoXro.exe

C:\Windows\System\pMQlnyw.exe

C:\Windows\System\pMQlnyw.exe

C:\Windows\System\cENjFfI.exe

C:\Windows\System\cENjFfI.exe

C:\Windows\System\fCQpDVg.exe

C:\Windows\System\fCQpDVg.exe

C:\Windows\System\UZbPOKV.exe

C:\Windows\System\UZbPOKV.exe

C:\Windows\System\GdiXIjG.exe

C:\Windows\System\GdiXIjG.exe

C:\Windows\System\oPZVYJj.exe

C:\Windows\System\oPZVYJj.exe

C:\Windows\System\GPFZvws.exe

C:\Windows\System\GPFZvws.exe

C:\Windows\System\hKrQJMG.exe

C:\Windows\System\hKrQJMG.exe

C:\Windows\System\avFvZYf.exe

C:\Windows\System\avFvZYf.exe

C:\Windows\System\XsQVhlA.exe

C:\Windows\System\XsQVhlA.exe

C:\Windows\System\qrqfhIs.exe

C:\Windows\System\qrqfhIs.exe

C:\Windows\System\BbLHNKk.exe

C:\Windows\System\BbLHNKk.exe

C:\Windows\System\lqBOokY.exe

C:\Windows\System\lqBOokY.exe

C:\Windows\System\LndNlyi.exe

C:\Windows\System\LndNlyi.exe

C:\Windows\System\lvVFfTx.exe

C:\Windows\System\lvVFfTx.exe

C:\Windows\System\oJjbVyb.exe

C:\Windows\System\oJjbVyb.exe

C:\Windows\System\qBIYuzQ.exe

C:\Windows\System\qBIYuzQ.exe

C:\Windows\System\SmFWtZn.exe

C:\Windows\System\SmFWtZn.exe

C:\Windows\System\FDIMERe.exe

C:\Windows\System\FDIMERe.exe

C:\Windows\System\xXIKIbo.exe

C:\Windows\System\xXIKIbo.exe

C:\Windows\System\YyPyLpj.exe

C:\Windows\System\YyPyLpj.exe

C:\Windows\System\eqOnAwz.exe

C:\Windows\System\eqOnAwz.exe

C:\Windows\System\Jysrkka.exe

C:\Windows\System\Jysrkka.exe

C:\Windows\System\DbGVGpd.exe

C:\Windows\System\DbGVGpd.exe

C:\Windows\System\NJKYgmR.exe

C:\Windows\System\NJKYgmR.exe

C:\Windows\System\rarTktp.exe

C:\Windows\System\rarTktp.exe

C:\Windows\System\IiIlLOs.exe

C:\Windows\System\IiIlLOs.exe

C:\Windows\System\yKzWrET.exe

C:\Windows\System\yKzWrET.exe

C:\Windows\System\BrQSVOA.exe

C:\Windows\System\BrQSVOA.exe

C:\Windows\System\YCEATei.exe

C:\Windows\System\YCEATei.exe

C:\Windows\System\pphMull.exe

C:\Windows\System\pphMull.exe

C:\Windows\System\nJLkrKe.exe

C:\Windows\System\nJLkrKe.exe

C:\Windows\System\QrUsTfc.exe

C:\Windows\System\QrUsTfc.exe

C:\Windows\System\mYOZeev.exe

C:\Windows\System\mYOZeev.exe

C:\Windows\System\FDEDfRJ.exe

C:\Windows\System\FDEDfRJ.exe

C:\Windows\System\KLcXrVb.exe

C:\Windows\System\KLcXrVb.exe

C:\Windows\System\IrDRMzX.exe

C:\Windows\System\IrDRMzX.exe

C:\Windows\System\LfzrMms.exe

C:\Windows\System\LfzrMms.exe

C:\Windows\System\UxyPFdl.exe

C:\Windows\System\UxyPFdl.exe

C:\Windows\System\MrBwupy.exe

C:\Windows\System\MrBwupy.exe

C:\Windows\System\nmvWquN.exe

C:\Windows\System\nmvWquN.exe

C:\Windows\System\WMAhgmU.exe

C:\Windows\System\WMAhgmU.exe

C:\Windows\System\yObnirW.exe

C:\Windows\System\yObnirW.exe

C:\Windows\System\wiakSVY.exe

C:\Windows\System\wiakSVY.exe

C:\Windows\System\rbPuBwE.exe

C:\Windows\System\rbPuBwE.exe

C:\Windows\System\MIiViJi.exe

C:\Windows\System\MIiViJi.exe

C:\Windows\System\CbphOnB.exe

C:\Windows\System\CbphOnB.exe

C:\Windows\System\KWNFZpC.exe

C:\Windows\System\KWNFZpC.exe

C:\Windows\System\glskCas.exe

C:\Windows\System\glskCas.exe

C:\Windows\System\iabtawP.exe

C:\Windows\System\iabtawP.exe

C:\Windows\System\AnYaZJX.exe

C:\Windows\System\AnYaZJX.exe

C:\Windows\System\ZnirAjT.exe

C:\Windows\System\ZnirAjT.exe

C:\Windows\System\ymCzRuW.exe

C:\Windows\System\ymCzRuW.exe

C:\Windows\System\WZhMTdp.exe

C:\Windows\System\WZhMTdp.exe

C:\Windows\System\bCxBUAQ.exe

C:\Windows\System\bCxBUAQ.exe

C:\Windows\System\YKckyXg.exe

C:\Windows\System\YKckyXg.exe

C:\Windows\System\pLPGELV.exe

C:\Windows\System\pLPGELV.exe

C:\Windows\System\AaWFxTg.exe

C:\Windows\System\AaWFxTg.exe

C:\Windows\System\XOwczNM.exe

C:\Windows\System\XOwczNM.exe

C:\Windows\System\RWdsRNi.exe

C:\Windows\System\RWdsRNi.exe

C:\Windows\System\SpVCNoX.exe

C:\Windows\System\SpVCNoX.exe

C:\Windows\System\TJPeHvD.exe

C:\Windows\System\TJPeHvD.exe

C:\Windows\System\wdwSzqM.exe

C:\Windows\System\wdwSzqM.exe

C:\Windows\System\TFadqkQ.exe

C:\Windows\System\TFadqkQ.exe

C:\Windows\System\ZfvxuTG.exe

C:\Windows\System\ZfvxuTG.exe

C:\Windows\System\WoBSgSr.exe

C:\Windows\System\WoBSgSr.exe

C:\Windows\System\NAqibfL.exe

C:\Windows\System\NAqibfL.exe

C:\Windows\System\rvoYOrn.exe

C:\Windows\System\rvoYOrn.exe

C:\Windows\System\ikBRrdQ.exe

C:\Windows\System\ikBRrdQ.exe

C:\Windows\System\GmNobII.exe

C:\Windows\System\GmNobII.exe

C:\Windows\System\RUPktoS.exe

C:\Windows\System\RUPktoS.exe

C:\Windows\System\HmisJjg.exe

C:\Windows\System\HmisJjg.exe

C:\Windows\System\NnGqFqu.exe

C:\Windows\System\NnGqFqu.exe

C:\Windows\System\RyXKBxe.exe

C:\Windows\System\RyXKBxe.exe

C:\Windows\System\NzOsrYp.exe

C:\Windows\System\NzOsrYp.exe

C:\Windows\System\IinSAXN.exe

C:\Windows\System\IinSAXN.exe

C:\Windows\System\RRoTkqG.exe

C:\Windows\System\RRoTkqG.exe

C:\Windows\System\byQiGxp.exe

C:\Windows\System\byQiGxp.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2040-1073-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2040-1074-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2676-1072-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2040-1076-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2492-1075-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2040-1077-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\OpAlzJJ.exe

MD5 73840be02469e6c31d0d28d13e422d89
SHA1 5857d1cc10bb14a6494d0dce882422355bcd7e59
SHA256 7117f87c1fb3aa2c59a90b9893a5a8a221e6700b1db5b2f79aa43edcd8f1d7ca
SHA512 27514d663a7a4c7cd774322b764a4b85742d5d8106b61972bb8515c4b4e1c2d8ab02ebf367dbbd2f7b8c6d17b5bbbe77ed259cfbddd09f50964a7589f6dfc010

C:\Windows\system\xfMkUsD.exe

MD5 2aecb94ccfd5d331a1d3d253b22d1aae
SHA1 647b6875d0ac6f37fcab90fc50475e12745a2d36
SHA256 288f2e301622f7ce35c57ed222f9940e40ed22fd32a2df7d21d7a5adb2de58ee
SHA512 55e4a2af6df0c357af2561a419a7a16d3ee30ec716ad54f88b14ea309537514edd9900b9487b2be6b4b2e0b9504a4beb3ccbc8ca45adde9ea977922175db70e5

C:\Windows\system\WMVijIY.exe

MD5 1860acf2c95b782e2da44232039d2f80
SHA1 79183304750152f7966d77768c6c9e702e5e9e87
SHA256 27544e992c8baa46ee68078c4246b912672128c675fd476ee54ba9145769d4b6
SHA512 b003490601a0822bb8c3b1e156fe7aa5d331c0504c0fe8e824dcc47afe63566fcd688f36a67b001ef813b2e6fd23e5e98e87af88387976e46d8129e2ee51923f

C:\Windows\system\HbLPncl.exe

MD5 da28abf27de7612151c801a2d73ea528
SHA1 38071cc43b5eb53789866588dc495592e94951f8
SHA256 9c9fbf2b241176d57d8e0337b03d02f6af1ec2439f1488cd3b06210116bcc3d0
SHA512 38ce19002214deb961aa9c1a292681dcc9392692f9b9631732f1b704ff11748fc00cf181dff9b12fee0e345c662df774fd288a28ee6349b15a2a9b7704603be8

C:\Windows\system\HweMHtc.exe

MD5 f445a4557a27f1484805b48ebd5a13d1
SHA1 94b2fc616840e357485214d144b69cb1f533c7fd
SHA256 0fe6d76a76f3927af07a761c4f22ee85a67bf76a464af389fec1c20e594eb067
SHA512 78f6b06fde9635ff167092bf8af0256364a55af6e40538004e08f3647956bff18085908bc28acf2c8d028dac5fa25a710a21be2649cfe229b26485b1bc84aa82

C:\Windows\system\BZDySvW.exe

MD5 3dcfb61528831b7b4e8897d2b9763e25
SHA1 96813918132776b23dc73e8d4a8507d12e5e6b19
SHA256 d7c1983c28326758a441993ed153900f60511a080772eb86d2122e4d2dc8328a
SHA512 4d3ba335fe4ea62c06ed18ddacb2b7126339d574aea2be866f93c286baee097bae7103a52be4bc1fca54eabc5571e783de2b07ab8866eddda8879de960992d26

C:\Windows\system\cErvcQH.exe

MD5 b2e212981785092ee244cfffaf2f24cf
SHA1 f046938e40d1fc06d32b0ec775af10d0c1bb5d3a
SHA256 b2404c745e1e38048a0883b33a477669a0dea13d3c3950ce99add9bd358d2d5a
SHA512 f08d5ec921ae6baa3065b0a7e0249cbd6e997d0de91a1637bc0a89e09b86a0f33ced5b40348cd13bb093215a9eefff40c4fbd208dd4d46cb54e355acd7083b44

C:\Windows\system\bYYUlEt.exe

MD5 1453834fc1e315494c5b9abc49447dd3
SHA1 64a84f99f1db332b07d78a0772d2bd910ccf2e4c
SHA256 7638eddcf80c77de1be2c64010c430a6a1397cf4edbf1deffe035e7b4ef1f153
SHA512 9aa75ee743bf41ba02d40eb7a43c0c446d961f10a90d72e0cda2c764599ab2192c400dc3b176b273e119a96992bf0c05bedfa8ad9bc8cddc60d87b0050c3b698

C:\Windows\system\vxJAgqB.exe

MD5 46f5df16e2eb133d203a1780223bcfab
SHA1 ff705e948a446ef954e0e014f04b183267e3bfdb
SHA256 f803053d876005428cffbf78945d4cf71e52b30c19f2b4026ce8385b54c8ca2d
SHA512 38620a6a0e6d799059cb78ce841fe2bcf7ce27ccf01b0161538e5a4ba65d6dce3b21547f9de89047c1f2b17a13f1411debd0f4d2df43d349168b1f9dc7b9c3f1

C:\Windows\system\ENnaHCQ.exe

MD5 1dcaac8bbeb1505dd77983cf0328c8cc
SHA1 3b33961ec15d72803fd31dc810bd6b347ca5b8f1
SHA256 fec4db1e5878eb71246d1f436a75d69d92113dd450fc9f64f489beea6bef096a
SHA512 91172ab7e20aee6f0ca6f68f374a989c3ad6036d83422923550facb0ca7167eb7d22ecd897b1276a1573d23c37e96c4852419056824708c45700a01d1c9400d1

C:\Windows\system\wPGqGJr.exe

MD5 c81534167eb4025aed1b3b4af6a75172
SHA1 29038c95338fb1b9d422d4d8c21a0bc30e2bd281
SHA256 bddfc8d9b87ce24be8a3b398ca7a5301b41188e3c0f268ebd2abbe3522c9f98e
SHA512 0b9ccfff48ac0c6b498441c0c2728f515a92a43f800bb31dbbcb2ef19dc2ffd1a938d643d870a74969a82d8e29750c4bac633ea2b71121df0f55deed09ba8f68

C:\Windows\system\iqmtqAH.exe

MD5 e7b4c5744afdc7cb0b3e26be9f13c12c
SHA1 08a4314651aff84e14740ca68df37805a865f470
SHA256 6c0d58d4b9d9860a82650a857da0f7af26de711229069f7d8c88c48fc8459736
SHA512 acbe49b129ffec65c36f92df69cd6c2baaa5a945e435d9ab22be0981a8df69542de10f35e2f69033d2c878829c85fbdcb8a612a2f19ac854a5fab7ec75df8cfe

C:\Windows\system\WGNtiDw.exe

MD5 eeb111c48e99b5269dee41d68ec7d77d
SHA1 c11aa8316f09bd3d96d92eb1bff2beec69c8c0a0
SHA256 43145d297414fdfc72b852cdb2c7a665eaf1ce4a95d431918355344703a4d3ae
SHA512 697cd1ca0081ed2199a2131def7bd5bd1e3aa8bdaae72f4ae297d61bf86872f684567814bf0f2727b43ec0ccbe0ce1eeabc40dc4dc6062e84bc1ffd1e5017031

C:\Windows\system\kfqnCqD.exe

MD5 454744d5b6ed6943c017567b0d4c4955
SHA1 94f9bc10e8581699021d1c083672af1d6826e906
SHA256 03ff7f4ca18b240bb1ecb1589bddd20a9f686a5eaf405fcaaddbbf83c60f4ee2
SHA512 21d0c87662a973548ec4f2203951c08b2034e6d3119735b23743e2e33212572255753ebd66408c750609a107b0cd43a413a1d7e5e325bfcb455ea00236cfa8fa

C:\Windows\system\IwtUmfo.exe

MD5 aa1caa1d747a80a4f22f01cef976d183
SHA1 f458a58ecca028de400dce1505f8fc127b4e6599
SHA256 dbc655b6a8686e51e12f4875d405dcb79e9a51946e21f7270cd14297c2f9a14c
SHA512 e878c93971059d6157de4872c7ae27771c89e606e52377b1d680e9fba959ff37886ed8f2382474be7d1d0763c6593902c8875b9d5937b98efaaa5cb5a173d4e3

C:\Windows\system\oFiRUnF.exe

MD5 dce84024c25bdac4cdc32af0005afc4f
SHA1 4cfbb463a4619d488c079c207088fbba7a679767
SHA256 136cf8d1afabdc367108582af216694f34e90990570736c1e05e140b6e6d97ed
SHA512 7097b3c474a7f24f2ed3de1ef61d334e77ef7946aee44ce336e7dd7a42a347b53aa5d88ad934f21d031b9d61d2e50b76e27b0320ace592feb410dfb132e8bbd6

memory/2040-108-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2040-107-0x000000013F3D0000-0x000000013F724000-memory.dmp

C:\Windows\system\OUBgNbK.exe

MD5 2a74c9f3b81f5ee9f2c1199dc27b3340
SHA1 6013930f6e9b3d73914298a5145a30b8985507ce
SHA256 b68cbaeaff28e0c360838fc5f8246b24fe333ff1814809e984342b3d71037d1b
SHA512 db72be3634510940662303c97538a1d83e4d9f4e955f50ec18a733be2d721d63e26ee7f635b4f7cd687e86b3a035b7d7c72eaa2f3003cc36bb0ff4515e6de4b0

C:\Windows\system\NgkfnzQ.exe

MD5 233deb00368df25df2945f11ec016a8e
SHA1 cac20fb63730eee771c9a10234c4aaec798764ac
SHA256 7717f7234bbfc1c7b01bff30f578a21f6401b16d2a92d70ece77aac9e53344cd
SHA512 dc50545b767b62f08eebee95cddb937b65d4880f54d7ec5b45eda1ba767336828330f1a4b681eb1ae6b7798a3b84dfd81f6c98bb88d4bae7b5e456c5760cd56a

memory/2772-102-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2040-101-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2964-100-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/2512-94-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2040-93-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\NNUOXjj.exe

MD5 7a8fc9ff2e6b4c427dbcb59633729366
SHA1 3857b2fd9f0dd31e655d09b7821176fd40e25d01
SHA256 1fb9bf965168a832891b16fe6cd6640774b8264c549c67d5723686bdab99b529
SHA512 a1403e9a93e8b17e358a5e44ddd606de5161577feccfff8c9bca425baf22cd8fb0cfb555351aa7d12463215f75f9d1efc94fb1679899967561545caeac5fb67a

C:\Windows\system\JfVrtIC.exe

MD5 716559d1ed4225ccfac9f042f4debf2b
SHA1 81fea0aa8e8cb2d822f4f0256f61b416240bddc8
SHA256 aed003be3b9588294d9c3f1be212b4f990d7c167610d581b31aa995df4d81ad4
SHA512 f55d496b75c5a50d2c3aedc220abb718561f3ac0f74d0d43dfbe666694f41050c605dd3e0f93af7b14b85222da490636922d6ee98cb1765efaf30a557f82bfdb

memory/1768-86-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2040-85-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2040-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp

C:\Windows\system\NVcnGCQ.exe

MD5 480bd2bebc2045291e519781e789b2aa
SHA1 913c7c576d719415ab04accd1ffaa5a8396ffa56
SHA256 674e6ac153c9927232b871812c93b0e325d6d341c68c873ea40b5f94a629e226
SHA512 a1962f20ed8fc7fb4fd2eecba03dc288e4bb501b6f7ae791fa17c2055876c9d60c0c15ae028af6d4b7d86bebd51dfa14ed3bc7706fe90f6357739845d8465369

memory/2464-79-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2680-78-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2040-77-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2040-76-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2040-75-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\PBwWsfS.exe

MD5 19e48f27e648602f3e2f3fef225ade5f
SHA1 fa55ab4ff0b90ea4f49b4249aa9f55ff581d2d70
SHA256 c69f63cd023a19798b61ef75dccd9a43eba54d6e8a284ba4847b48d22b66e579
SHA512 fa57b39be9c14753796a0b9e00b1723ead575168261734667f032bf2d46cffce327dcc3c5599552015b3b96b47d14795c431b377c9630c02f36717ca87c3c12e

memory/2040-72-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2040-71-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2492-70-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2472-68-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2684-54-0x000000013F720000-0x000000013FA74000-memory.dmp

C:\Windows\system\APRNLFX.exe

MD5 2b912733ff423269f0532df779d520cc
SHA1 df527226dcd9239f061e7c68cd91d788b17e9c58
SHA256 2c87ccc53d678a84fc56b447a897b420e1118adc7fc033966271470f62bddf41
SHA512 c0650403660b3b8f492bb08adb835676ccf11becb852e44719ee67cdca28980b0995a3c58850460759cafea815166ce70ffa48c18290a34d1e9e7bfb7b2fc1b5

C:\Windows\system\lMycseH.exe

MD5 4c68b206b82495ba016d78de43299204
SHA1 433b2fbadc6a4abd459d1bd581f379ec86ff9626
SHA256 498418edf3bdfba8cfefb3b7f3e959159c6eeae6b27e907f78bd3007b8626ef0
SHA512 2fa7c5ab233a9dd6db1619d2fdc53eace79853397fb27097e91a90b612d0755fdf1301dfa3306f66c6e21e05d6f974bfe10adfc76ccbbac0101e71745a726a6a

memory/2812-61-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2040-57-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\lShNxMh.exe

MD5 6b75ee8cb6a4726b857b9a78f6af0846
SHA1 baf9b87fbe110c565e57a608f062b3e3bd5fe1c5
SHA256 437e42905e6fb7555efd3a1ffcc37b6b06897bc379ae54321c0b02a00cd41ffd
SHA512 200e4a007b8bcfff202a4e62b2d098d5813afc29da294bdf9eb084d9c276a240725cc398f5d8971e9676ffec7a3e96510add80fbd902fea09585c66e7e782546

memory/2980-50-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2040-45-0x0000000001F50000-0x00000000022A4000-memory.dmp

C:\Windows\system\PZqocGX.exe

MD5 000f15433abdcbfb381b31e1d3a2ecf1
SHA1 d5d9263239e20f3cb92562ff546e3fb6ae4efa14
SHA256 53bbc41fb5de5698e9d4193eb72c59bdb8f4f6672329ba1d32cc1207e4495112
SHA512 75d6e53a63a0e6e5c7d9ef2fc3993e39bc7dd9949132520a1f297460ce9f1759ce91f6c081c92b52783d6730633afe45b885887adb51c6c2f3a3a94f78f44be3

C:\Windows\system\KvKKOCt.exe

MD5 6790a8fc8359628aeef389ef3f220184
SHA1 fa8f755fb79edf20eb936801f5bed422b53dfcdb
SHA256 92924489a08b880086a7388d179179f198f96214ba5a15147bb637ef02e49388
SHA512 4d3e7628be328f2ee094bb0f7886492251181b592afd19a34f815895b61b862bc8ca67a37f4eb3e98a37dd098e21ad9ce0ae136329342a47472bdb0b10c3e3dc

C:\Windows\system\hrMKuxG.exe

MD5 f4e1d46e559567aac7c84c96a537ecb3
SHA1 eb235f6c12f6e8e7f7a49629f90dcd515fd6d364
SHA256 a009d9f946259324dac86f049d4cc534d3b54cdd5b6878a366474f714e2aa076
SHA512 3a697a3dd75930a04f8c90d6be0950061454fac1c198b99c348bbf69ca2a6cec6d2aca8b9592f017fefb7da1caf7209b0b79a0bcb761a8aab7ac8b614923998b

memory/2676-30-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2040-28-0x000000013F2D0000-0x000000013F624000-memory.dmp

C:\Windows\system\IPxbqVC.exe

MD5 3786e551f86e4fb8bf293fdbf4c21f9b
SHA1 72c6bd05ecb7ccde4f46ee3722cc77fa04568aef
SHA256 1541eba3b12ccee202583e035a0447dcfc54b2d04bf06b7e76f4622d1d60cfdc
SHA512 3997ba73a56bc9b7eb0fb821edd01b8810d444122e3f5a6fb617086a1304053fdd1104c7c1ecf351544a8719891b254b1e7f0dcf89dbe92bc11e11fd2d2467b2

memory/2640-26-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/2040-24-0x000000013F3D0000-0x000000013F724000-memory.dmp

C:\Windows\system\aUvdZFO.exe

MD5 382306aeb21a4ee36406919703a858dc
SHA1 a4e8229bb26c57817ffa351bde8f41f267ec4c4b
SHA256 520036b1db2c325a68cee5472585284dcfce24619e1c0261f466cd595917e9f0
SHA512 65c1730dcae43d4e46f0a8796a1d55435aec3fb7e86858f7d39580c37379f58d90ecc51a8f417e896cdfec27642bebd31ed017a3a53f5922ad3cf558a9eec8ea

memory/2964-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/2004-9-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/2040-8-0x000000013F480000-0x000000013F7D4000-memory.dmp

C:\Windows\system\OJoDyPn.exe

MD5 deaf3566eccef0610ea731274e8f5a40
SHA1 4fe3450321a4f3dac7a61f5b6b508347c2214597
SHA256 ed23a3dc755bc85c53782ad3fc9d0eef973112c8428f0a5b7abddf1c9978a9df
SHA512 8bdf6a7daa0b78e70c2e7498877c8c6a78794853cce1b71ee7f127836a0ac4b3a5abe0b36e65a14fa13d33f31e68c0fd1007735637bc920267efb77580f4cba0

memory/2040-13-0x000000013F9D0000-0x000000013FD24000-memory.dmp

C:\Windows\system\mNSOReZ.exe

MD5 837daaaa7c22b42d8165cb49eb498932
SHA1 824be95a4efac442f7d70b68fb6bdbc316419336
SHA256 cf4da493cdda2bac975455e831d51f840645a5b95bfbcfeff7499d3f72927670
SHA512 8dd9ba1f10066d5d6bb9178fe116156a2e08b19470385c6f8d8ae08493e7876742784aef3ad7e07c277dc6123e777c7c1de6f0dc374d7fc0d35a93de65bc87f8

memory/2040-1-0x0000000000180000-0x0000000000190000-memory.dmp

memory/2040-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2040-1078-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/1768-1079-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2040-1080-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2040-1081-0x0000000001F50000-0x00000000022A4000-memory.dmp

memory/2040-1082-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2004-1083-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/2964-1084-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/2640-1085-0x000000013F3D0000-0x000000013F724000-memory.dmp

memory/2676-1086-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2980-1087-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2684-1088-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2812-1089-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2472-1090-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2680-1091-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2492-1092-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2464-1093-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/1768-1094-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2512-1095-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2772-1096-0x000000013FC40000-0x000000013FF94000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:31

Reported

2024-06-02 22:34

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\taOgDgJ.exe N/A
N/A N/A C:\Windows\System\DbbLDhR.exe N/A
N/A N/A C:\Windows\System\svGnHbV.exe N/A
N/A N/A C:\Windows\System\IOFEYYh.exe N/A
N/A N/A C:\Windows\System\NtGAkMD.exe N/A
N/A N/A C:\Windows\System\OVTlqKR.exe N/A
N/A N/A C:\Windows\System\jncJMdh.exe N/A
N/A N/A C:\Windows\System\WhEFrYY.exe N/A
N/A N/A C:\Windows\System\gRzeVOc.exe N/A
N/A N/A C:\Windows\System\IZIMaNI.exe N/A
N/A N/A C:\Windows\System\NNUMaLp.exe N/A
N/A N/A C:\Windows\System\pZqHMWD.exe N/A
N/A N/A C:\Windows\System\WwJPpTi.exe N/A
N/A N/A C:\Windows\System\SgfXrlU.exe N/A
N/A N/A C:\Windows\System\DYWbLFW.exe N/A
N/A N/A C:\Windows\System\fbNoBSO.exe N/A
N/A N/A C:\Windows\System\WHBrMdQ.exe N/A
N/A N/A C:\Windows\System\KpucCUz.exe N/A
N/A N/A C:\Windows\System\GnqMrct.exe N/A
N/A N/A C:\Windows\System\BicBTwG.exe N/A
N/A N/A C:\Windows\System\FlufxWw.exe N/A
N/A N/A C:\Windows\System\cmshiCc.exe N/A
N/A N/A C:\Windows\System\IjKuQvh.exe N/A
N/A N/A C:\Windows\System\zjGAJlV.exe N/A
N/A N/A C:\Windows\System\utlBAjO.exe N/A
N/A N/A C:\Windows\System\Weghjha.exe N/A
N/A N/A C:\Windows\System\zQuxpIp.exe N/A
N/A N/A C:\Windows\System\tbFDLis.exe N/A
N/A N/A C:\Windows\System\bSfECNx.exe N/A
N/A N/A C:\Windows\System\JlEsCKQ.exe N/A
N/A N/A C:\Windows\System\lpnXyof.exe N/A
N/A N/A C:\Windows\System\uRAAukd.exe N/A
N/A N/A C:\Windows\System\mmtokXv.exe N/A
N/A N/A C:\Windows\System\kvrQWaF.exe N/A
N/A N/A C:\Windows\System\yAitNjY.exe N/A
N/A N/A C:\Windows\System\TrQeZmQ.exe N/A
N/A N/A C:\Windows\System\zGqlnrY.exe N/A
N/A N/A C:\Windows\System\nMOizij.exe N/A
N/A N/A C:\Windows\System\IpWNOOd.exe N/A
N/A N/A C:\Windows\System\REnvYzo.exe N/A
N/A N/A C:\Windows\System\xuXpjiB.exe N/A
N/A N/A C:\Windows\System\uqMZhpt.exe N/A
N/A N/A C:\Windows\System\nJYHRZj.exe N/A
N/A N/A C:\Windows\System\TiHMRwA.exe N/A
N/A N/A C:\Windows\System\QwLyoep.exe N/A
N/A N/A C:\Windows\System\GSnfgUD.exe N/A
N/A N/A C:\Windows\System\SOULAcM.exe N/A
N/A N/A C:\Windows\System\MjgxIak.exe N/A
N/A N/A C:\Windows\System\CCipnSY.exe N/A
N/A N/A C:\Windows\System\diuXTNY.exe N/A
N/A N/A C:\Windows\System\qajNDtB.exe N/A
N/A N/A C:\Windows\System\TgmyHdp.exe N/A
N/A N/A C:\Windows\System\UZlHpOO.exe N/A
N/A N/A C:\Windows\System\ghdPRwm.exe N/A
N/A N/A C:\Windows\System\tbXbkYl.exe N/A
N/A N/A C:\Windows\System\VEQdrvX.exe N/A
N/A N/A C:\Windows\System\kfXRoyS.exe N/A
N/A N/A C:\Windows\System\EyaTnNi.exe N/A
N/A N/A C:\Windows\System\buTozdL.exe N/A
N/A N/A C:\Windows\System\uPBuiug.exe N/A
N/A N/A C:\Windows\System\HPxRWIt.exe N/A
N/A N/A C:\Windows\System\cFHxihy.exe N/A
N/A N/A C:\Windows\System\XPnSZVQ.exe N/A
N/A N/A C:\Windows\System\VrKNiln.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LfWOCed.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\mtinYng.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkVdEDn.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZLmxTi.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqueoKH.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XpPuMUg.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\REnvYzo.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbGxBRf.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZQYTgs.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\pRdZDwT.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGopcoO.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsvAcdz.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\zQuxpIp.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\HfcbHrB.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZXtFqK.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\nBUPCoQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOUcibB.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZBDYCg.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\tuJUthd.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\vzWfJFq.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJYHRZj.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\VEQdrvX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJWQTsf.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XrFBWQL.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdkFciF.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkPxllT.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcLsPmC.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\scuXrhQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzvYLCq.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\FFxokle.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcdJwtk.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMOizij.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\YXIWSXJ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbxbwEI.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZjIONl.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpfProD.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgxhUdO.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJVnaIb.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\jncJMdh.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPnSZVQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIWOoCC.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNnVLoG.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzFguof.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\yeOgXxX.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewdRarf.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\TiHMRwA.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLpzRWm.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\ChmteYh.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XktthCR.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiAFILq.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTNReMC.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQUgWIV.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVpsCJw.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOFEYYh.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYWbLFW.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\yohNMdy.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbNoBSO.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTtYQUj.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFjdYZi.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpNoeah.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXIsrDL.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQHazVC.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\gNnBcEV.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtGivMQ.exe C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2312 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\taOgDgJ.exe
PID 2312 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\taOgDgJ.exe
PID 2312 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\DbbLDhR.exe
PID 2312 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\DbbLDhR.exe
PID 2312 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\svGnHbV.exe
PID 2312 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\svGnHbV.exe
PID 2312 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IOFEYYh.exe
PID 2312 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IOFEYYh.exe
PID 2312 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NtGAkMD.exe
PID 2312 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NtGAkMD.exe
PID 2312 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OVTlqKR.exe
PID 2312 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\OVTlqKR.exe
PID 2312 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\jncJMdh.exe
PID 2312 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\jncJMdh.exe
PID 2312 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WhEFrYY.exe
PID 2312 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WhEFrYY.exe
PID 2312 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\pZqHMWD.exe
PID 2312 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\pZqHMWD.exe
PID 2312 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\gRzeVOc.exe
PID 2312 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\gRzeVOc.exe
PID 2312 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IZIMaNI.exe
PID 2312 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IZIMaNI.exe
PID 2312 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NNUMaLp.exe
PID 2312 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\NNUMaLp.exe
PID 2312 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WwJPpTi.exe
PID 2312 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WwJPpTi.exe
PID 2312 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\SgfXrlU.exe
PID 2312 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\SgfXrlU.exe
PID 2312 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\DYWbLFW.exe
PID 2312 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\DYWbLFW.exe
PID 2312 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\fbNoBSO.exe
PID 2312 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\fbNoBSO.exe
PID 2312 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WHBrMdQ.exe
PID 2312 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\WHBrMdQ.exe
PID 2312 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\KpucCUz.exe
PID 2312 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\KpucCUz.exe
PID 2312 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\GnqMrct.exe
PID 2312 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\GnqMrct.exe
PID 2312 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\BicBTwG.exe
PID 2312 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\BicBTwG.exe
PID 2312 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\FlufxWw.exe
PID 2312 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\FlufxWw.exe
PID 2312 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\cmshiCc.exe
PID 2312 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\cmshiCc.exe
PID 2312 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IjKuQvh.exe
PID 2312 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\IjKuQvh.exe
PID 2312 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\zjGAJlV.exe
PID 2312 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\zjGAJlV.exe
PID 2312 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\utlBAjO.exe
PID 2312 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\utlBAjO.exe
PID 2312 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\Weghjha.exe
PID 2312 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\Weghjha.exe
PID 2312 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\zQuxpIp.exe
PID 2312 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\zQuxpIp.exe
PID 2312 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\tbFDLis.exe
PID 2312 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\tbFDLis.exe
PID 2312 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\bSfECNx.exe
PID 2312 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\bSfECNx.exe
PID 2312 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\JlEsCKQ.exe
PID 2312 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\JlEsCKQ.exe
PID 2312 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lpnXyof.exe
PID 2312 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\lpnXyof.exe
PID 2312 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\uRAAukd.exe
PID 2312 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe C:\Windows\System\uRAAukd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\773cc4399dcbdddc1eeb4d5140206360_NeikiAnalytics.exe"

C:\Windows\System\taOgDgJ.exe

C:\Windows\System\taOgDgJ.exe

C:\Windows\System\DbbLDhR.exe

C:\Windows\System\DbbLDhR.exe

C:\Windows\System\svGnHbV.exe

C:\Windows\System\svGnHbV.exe

C:\Windows\System\IOFEYYh.exe

C:\Windows\System\IOFEYYh.exe

C:\Windows\System\NtGAkMD.exe

C:\Windows\System\NtGAkMD.exe

C:\Windows\System\OVTlqKR.exe

C:\Windows\System\OVTlqKR.exe

C:\Windows\System\jncJMdh.exe

C:\Windows\System\jncJMdh.exe

C:\Windows\System\WhEFrYY.exe

C:\Windows\System\WhEFrYY.exe

C:\Windows\System\pZqHMWD.exe

C:\Windows\System\pZqHMWD.exe

C:\Windows\System\gRzeVOc.exe

C:\Windows\System\gRzeVOc.exe

C:\Windows\System\IZIMaNI.exe

C:\Windows\System\IZIMaNI.exe

C:\Windows\System\NNUMaLp.exe

C:\Windows\System\NNUMaLp.exe

C:\Windows\System\WwJPpTi.exe

C:\Windows\System\WwJPpTi.exe

C:\Windows\System\SgfXrlU.exe

C:\Windows\System\SgfXrlU.exe

C:\Windows\System\DYWbLFW.exe

C:\Windows\System\DYWbLFW.exe

C:\Windows\System\fbNoBSO.exe

C:\Windows\System\fbNoBSO.exe

C:\Windows\System\WHBrMdQ.exe

C:\Windows\System\WHBrMdQ.exe

C:\Windows\System\KpucCUz.exe

C:\Windows\System\KpucCUz.exe

C:\Windows\System\GnqMrct.exe

C:\Windows\System\GnqMrct.exe

C:\Windows\System\BicBTwG.exe

C:\Windows\System\BicBTwG.exe

C:\Windows\System\FlufxWw.exe

C:\Windows\System\FlufxWw.exe

C:\Windows\System\cmshiCc.exe

C:\Windows\System\cmshiCc.exe

C:\Windows\System\IjKuQvh.exe

C:\Windows\System\IjKuQvh.exe

C:\Windows\System\zjGAJlV.exe

C:\Windows\System\zjGAJlV.exe

C:\Windows\System\utlBAjO.exe

C:\Windows\System\utlBAjO.exe

C:\Windows\System\Weghjha.exe

C:\Windows\System\Weghjha.exe

C:\Windows\System\zQuxpIp.exe

C:\Windows\System\zQuxpIp.exe

C:\Windows\System\tbFDLis.exe

C:\Windows\System\tbFDLis.exe

C:\Windows\System\bSfECNx.exe

C:\Windows\System\bSfECNx.exe

C:\Windows\System\JlEsCKQ.exe

C:\Windows\System\JlEsCKQ.exe

C:\Windows\System\lpnXyof.exe

C:\Windows\System\lpnXyof.exe

C:\Windows\System\uRAAukd.exe

C:\Windows\System\uRAAukd.exe

C:\Windows\System\mmtokXv.exe

C:\Windows\System\mmtokXv.exe

C:\Windows\System\kvrQWaF.exe

C:\Windows\System\kvrQWaF.exe

C:\Windows\System\yAitNjY.exe

C:\Windows\System\yAitNjY.exe

C:\Windows\System\TrQeZmQ.exe

C:\Windows\System\TrQeZmQ.exe

C:\Windows\System\zGqlnrY.exe

C:\Windows\System\zGqlnrY.exe

C:\Windows\System\nMOizij.exe

C:\Windows\System\nMOizij.exe

C:\Windows\System\IpWNOOd.exe

C:\Windows\System\IpWNOOd.exe

C:\Windows\System\REnvYzo.exe

C:\Windows\System\REnvYzo.exe

C:\Windows\System\xuXpjiB.exe

C:\Windows\System\xuXpjiB.exe

C:\Windows\System\uqMZhpt.exe

C:\Windows\System\uqMZhpt.exe

C:\Windows\System\nJYHRZj.exe

C:\Windows\System\nJYHRZj.exe

C:\Windows\System\TiHMRwA.exe

C:\Windows\System\TiHMRwA.exe

C:\Windows\System\QwLyoep.exe

C:\Windows\System\QwLyoep.exe

C:\Windows\System\GSnfgUD.exe

C:\Windows\System\GSnfgUD.exe

C:\Windows\System\SOULAcM.exe

C:\Windows\System\SOULAcM.exe

C:\Windows\System\MjgxIak.exe

C:\Windows\System\MjgxIak.exe

C:\Windows\System\CCipnSY.exe

C:\Windows\System\CCipnSY.exe

C:\Windows\System\diuXTNY.exe

C:\Windows\System\diuXTNY.exe

C:\Windows\System\qajNDtB.exe

C:\Windows\System\qajNDtB.exe

C:\Windows\System\TgmyHdp.exe

C:\Windows\System\TgmyHdp.exe

C:\Windows\System\UZlHpOO.exe

C:\Windows\System\UZlHpOO.exe

C:\Windows\System\ghdPRwm.exe

C:\Windows\System\ghdPRwm.exe

C:\Windows\System\tbXbkYl.exe

C:\Windows\System\tbXbkYl.exe

C:\Windows\System\VEQdrvX.exe

C:\Windows\System\VEQdrvX.exe

C:\Windows\System\kfXRoyS.exe

C:\Windows\System\kfXRoyS.exe

C:\Windows\System\EyaTnNi.exe

C:\Windows\System\EyaTnNi.exe

C:\Windows\System\buTozdL.exe

C:\Windows\System\buTozdL.exe

C:\Windows\System\uPBuiug.exe

C:\Windows\System\uPBuiug.exe

C:\Windows\System\HPxRWIt.exe

C:\Windows\System\HPxRWIt.exe

C:\Windows\System\cFHxihy.exe

C:\Windows\System\cFHxihy.exe

C:\Windows\System\XPnSZVQ.exe

C:\Windows\System\XPnSZVQ.exe

C:\Windows\System\VrKNiln.exe

C:\Windows\System\VrKNiln.exe

C:\Windows\System\aFNNfKY.exe

C:\Windows\System\aFNNfKY.exe

C:\Windows\System\mjXalYn.exe

C:\Windows\System\mjXalYn.exe

C:\Windows\System\oKHQjcp.exe

C:\Windows\System\oKHQjcp.exe

C:\Windows\System\cQHazVC.exe

C:\Windows\System\cQHazVC.exe

C:\Windows\System\maZydGr.exe

C:\Windows\System\maZydGr.exe

C:\Windows\System\vLpzRWm.exe

C:\Windows\System\vLpzRWm.exe

C:\Windows\System\PipdcpX.exe

C:\Windows\System\PipdcpX.exe

C:\Windows\System\bCrpGRF.exe

C:\Windows\System\bCrpGRF.exe

C:\Windows\System\FJWQTsf.exe

C:\Windows\System\FJWQTsf.exe

C:\Windows\System\ygxTVmB.exe

C:\Windows\System\ygxTVmB.exe

C:\Windows\System\mJHwHBX.exe

C:\Windows\System\mJHwHBX.exe

C:\Windows\System\gNnBcEV.exe

C:\Windows\System\gNnBcEV.exe

C:\Windows\System\gMdLqqH.exe

C:\Windows\System\gMdLqqH.exe

C:\Windows\System\KxuOXYq.exe

C:\Windows\System\KxuOXYq.exe

C:\Windows\System\liSTzdk.exe

C:\Windows\System\liSTzdk.exe

C:\Windows\System\cjjdcTA.exe

C:\Windows\System\cjjdcTA.exe

C:\Windows\System\CybdOhP.exe

C:\Windows\System\CybdOhP.exe

C:\Windows\System\AaitBhQ.exe

C:\Windows\System\AaitBhQ.exe

C:\Windows\System\yohNMdy.exe

C:\Windows\System\yohNMdy.exe

C:\Windows\System\GPHmzgG.exe

C:\Windows\System\GPHmzgG.exe

C:\Windows\System\LVMdZEe.exe

C:\Windows\System\LVMdZEe.exe

C:\Windows\System\RdBlHpJ.exe

C:\Windows\System\RdBlHpJ.exe

C:\Windows\System\pHGSTRN.exe

C:\Windows\System\pHGSTRN.exe

C:\Windows\System\DWiLYTK.exe

C:\Windows\System\DWiLYTK.exe

C:\Windows\System\PnJFLbQ.exe

C:\Windows\System\PnJFLbQ.exe

C:\Windows\System\XQLOlkr.exe

C:\Windows\System\XQLOlkr.exe

C:\Windows\System\BKxVXjd.exe

C:\Windows\System\BKxVXjd.exe

C:\Windows\System\Zxvecyl.exe

C:\Windows\System\Zxvecyl.exe

C:\Windows\System\bTnSjme.exe

C:\Windows\System\bTnSjme.exe

C:\Windows\System\SwWGGPf.exe

C:\Windows\System\SwWGGPf.exe

C:\Windows\System\XktthCR.exe

C:\Windows\System\XktthCR.exe

C:\Windows\System\xNCfoKy.exe

C:\Windows\System\xNCfoKy.exe

C:\Windows\System\MIDyzhd.exe

C:\Windows\System\MIDyzhd.exe

C:\Windows\System\azaePXH.exe

C:\Windows\System\azaePXH.exe

C:\Windows\System\EjOUkCA.exe

C:\Windows\System\EjOUkCA.exe

C:\Windows\System\dIEmajo.exe

C:\Windows\System\dIEmajo.exe

C:\Windows\System\hdOztAO.exe

C:\Windows\System\hdOztAO.exe

C:\Windows\System\WtaxFfH.exe

C:\Windows\System\WtaxFfH.exe

C:\Windows\System\MlnVKzY.exe

C:\Windows\System\MlnVKzY.exe

C:\Windows\System\JqFGSBq.exe

C:\Windows\System\JqFGSBq.exe

C:\Windows\System\BoLyiqK.exe

C:\Windows\System\BoLyiqK.exe

C:\Windows\System\scuXrhQ.exe

C:\Windows\System\scuXrhQ.exe

C:\Windows\System\GrvozRk.exe

C:\Windows\System\GrvozRk.exe

C:\Windows\System\GzmtjQI.exe

C:\Windows\System\GzmtjQI.exe

C:\Windows\System\NlyVcbP.exe

C:\Windows\System\NlyVcbP.exe

C:\Windows\System\GdWClux.exe

C:\Windows\System\GdWClux.exe

C:\Windows\System\tjOJXZJ.exe

C:\Windows\System\tjOJXZJ.exe

C:\Windows\System\TBAEcHA.exe

C:\Windows\System\TBAEcHA.exe

C:\Windows\System\sFWBglu.exe

C:\Windows\System\sFWBglu.exe

C:\Windows\System\twNjxcB.exe

C:\Windows\System\twNjxcB.exe

C:\Windows\System\NkVdEDn.exe

C:\Windows\System\NkVdEDn.exe

C:\Windows\System\iXLFxdU.exe

C:\Windows\System\iXLFxdU.exe

C:\Windows\System\TnYCKvR.exe

C:\Windows\System\TnYCKvR.exe

C:\Windows\System\XiAFILq.exe

C:\Windows\System\XiAFILq.exe

C:\Windows\System\xILCsgi.exe

C:\Windows\System\xILCsgi.exe

C:\Windows\System\LPbyuPn.exe

C:\Windows\System\LPbyuPn.exe

C:\Windows\System\ZyahiPl.exe

C:\Windows\System\ZyahiPl.exe

C:\Windows\System\ChmteYh.exe

C:\Windows\System\ChmteYh.exe

C:\Windows\System\NGcwTbN.exe

C:\Windows\System\NGcwTbN.exe

C:\Windows\System\ZDbxwEy.exe

C:\Windows\System\ZDbxwEy.exe

C:\Windows\System\upMLDqm.exe

C:\Windows\System\upMLDqm.exe

C:\Windows\System\BqQGflP.exe

C:\Windows\System\BqQGflP.exe

C:\Windows\System\uYzKWHa.exe

C:\Windows\System\uYzKWHa.exe

C:\Windows\System\VyBpizB.exe

C:\Windows\System\VyBpizB.exe

C:\Windows\System\erRAQgZ.exe

C:\Windows\System\erRAQgZ.exe

C:\Windows\System\DnsXeKd.exe

C:\Windows\System\DnsXeKd.exe

C:\Windows\System\llBCZAF.exe

C:\Windows\System\llBCZAF.exe

C:\Windows\System\PEqjbWq.exe

C:\Windows\System\PEqjbWq.exe

C:\Windows\System\AnGdkyX.exe

C:\Windows\System\AnGdkyX.exe

C:\Windows\System\YbMkxIU.exe

C:\Windows\System\YbMkxIU.exe

C:\Windows\System\KbGxBRf.exe

C:\Windows\System\KbGxBRf.exe

C:\Windows\System\GkIzQcP.exe

C:\Windows\System\GkIzQcP.exe

C:\Windows\System\RIWOoCC.exe

C:\Windows\System\RIWOoCC.exe

C:\Windows\System\NoEWdun.exe

C:\Windows\System\NoEWdun.exe

C:\Windows\System\qNnVLoG.exe

C:\Windows\System\qNnVLoG.exe

C:\Windows\System\WECVuiW.exe

C:\Windows\System\WECVuiW.exe

C:\Windows\System\TZjIONl.exe

C:\Windows\System\TZjIONl.exe

C:\Windows\System\lysDpYl.exe

C:\Windows\System\lysDpYl.exe

C:\Windows\System\qmlGZfw.exe

C:\Windows\System\qmlGZfw.exe

C:\Windows\System\TkkNOML.exe

C:\Windows\System\TkkNOML.exe

C:\Windows\System\nBUPCoQ.exe

C:\Windows\System\nBUPCoQ.exe

C:\Windows\System\CcRZXRp.exe

C:\Windows\System\CcRZXRp.exe

C:\Windows\System\UHXsBxM.exe

C:\Windows\System\UHXsBxM.exe

C:\Windows\System\npWnXIo.exe

C:\Windows\System\npWnXIo.exe

C:\Windows\System\GPZOgtc.exe

C:\Windows\System\GPZOgtc.exe

C:\Windows\System\BVGEhnQ.exe

C:\Windows\System\BVGEhnQ.exe

C:\Windows\System\lCeAvPT.exe

C:\Windows\System\lCeAvPT.exe

C:\Windows\System\IpfProD.exe

C:\Windows\System\IpfProD.exe

C:\Windows\System\YXIWSXJ.exe

C:\Windows\System\YXIWSXJ.exe

C:\Windows\System\qOUcibB.exe

C:\Windows\System\qOUcibB.exe

C:\Windows\System\MgruJJk.exe

C:\Windows\System\MgruJJk.exe

C:\Windows\System\MdVumir.exe

C:\Windows\System\MdVumir.exe

C:\Windows\System\BFmaomS.exe

C:\Windows\System\BFmaomS.exe

C:\Windows\System\NynSHJw.exe

C:\Windows\System\NynSHJw.exe

C:\Windows\System\TpGLRgK.exe

C:\Windows\System\TpGLRgK.exe

C:\Windows\System\hKGXCbW.exe

C:\Windows\System\hKGXCbW.exe

C:\Windows\System\CZQYTgs.exe

C:\Windows\System\CZQYTgs.exe

C:\Windows\System\xwGKcKB.exe

C:\Windows\System\xwGKcKB.exe

C:\Windows\System\gnsFRLF.exe

C:\Windows\System\gnsFRLF.exe

C:\Windows\System\RYZZdRb.exe

C:\Windows\System\RYZZdRb.exe

C:\Windows\System\zQEPeQg.exe

C:\Windows\System\zQEPeQg.exe

C:\Windows\System\QdfEXhp.exe

C:\Windows\System\QdfEXhp.exe

C:\Windows\System\yQgtPWh.exe

C:\Windows\System\yQgtPWh.exe

C:\Windows\System\qZBDYCg.exe

C:\Windows\System\qZBDYCg.exe

C:\Windows\System\RIoHXmS.exe

C:\Windows\System\RIoHXmS.exe

C:\Windows\System\gSHyzsQ.exe

C:\Windows\System\gSHyzsQ.exe

C:\Windows\System\WtlHhjd.exe

C:\Windows\System\WtlHhjd.exe

C:\Windows\System\YTNReMC.exe

C:\Windows\System\YTNReMC.exe

C:\Windows\System\yqrhgrR.exe

C:\Windows\System\yqrhgrR.exe

C:\Windows\System\szwnEoW.exe

C:\Windows\System\szwnEoW.exe

C:\Windows\System\HfcbHrB.exe

C:\Windows\System\HfcbHrB.exe

C:\Windows\System\yEFQcCZ.exe

C:\Windows\System\yEFQcCZ.exe

C:\Windows\System\OqWMHCf.exe

C:\Windows\System\OqWMHCf.exe

C:\Windows\System\uCyRHkW.exe

C:\Windows\System\uCyRHkW.exe

C:\Windows\System\lXZSIQE.exe

C:\Windows\System\lXZSIQE.exe

C:\Windows\System\xBsgQyq.exe

C:\Windows\System\xBsgQyq.exe

C:\Windows\System\zfCALMB.exe

C:\Windows\System\zfCALMB.exe

C:\Windows\System\oGrqlyI.exe

C:\Windows\System\oGrqlyI.exe

C:\Windows\System\wwbBUwM.exe

C:\Windows\System\wwbBUwM.exe

C:\Windows\System\CDPxoNo.exe

C:\Windows\System\CDPxoNo.exe

C:\Windows\System\xwiGOiC.exe

C:\Windows\System\xwiGOiC.exe

C:\Windows\System\tuJUthd.exe

C:\Windows\System\tuJUthd.exe

C:\Windows\System\AbfqLAu.exe

C:\Windows\System\AbfqLAu.exe

C:\Windows\System\UQlsSOS.exe

C:\Windows\System\UQlsSOS.exe

C:\Windows\System\uYRZPoH.exe

C:\Windows\System\uYRZPoH.exe

C:\Windows\System\sJSrUJF.exe

C:\Windows\System\sJSrUJF.exe

C:\Windows\System\sZXtFqK.exe

C:\Windows\System\sZXtFqK.exe

C:\Windows\System\VCeeFnc.exe

C:\Windows\System\VCeeFnc.exe

C:\Windows\System\NzFguof.exe

C:\Windows\System\NzFguof.exe

C:\Windows\System\UhsGWLv.exe

C:\Windows\System\UhsGWLv.exe

C:\Windows\System\AZyhaDO.exe

C:\Windows\System\AZyhaDO.exe

C:\Windows\System\SbxbwEI.exe

C:\Windows\System\SbxbwEI.exe

C:\Windows\System\HgFNTNv.exe

C:\Windows\System\HgFNTNv.exe

C:\Windows\System\PufpyWx.exe

C:\Windows\System\PufpyWx.exe

C:\Windows\System\IzvYLCq.exe

C:\Windows\System\IzvYLCq.exe

C:\Windows\System\hfgSyaV.exe

C:\Windows\System\hfgSyaV.exe

C:\Windows\System\UtHvRcv.exe

C:\Windows\System\UtHvRcv.exe

C:\Windows\System\JtGivMQ.exe

C:\Windows\System\JtGivMQ.exe

C:\Windows\System\CpNoeah.exe

C:\Windows\System\CpNoeah.exe

C:\Windows\System\fxtlapZ.exe

C:\Windows\System\fxtlapZ.exe

C:\Windows\System\vzWfJFq.exe

C:\Windows\System\vzWfJFq.exe

C:\Windows\System\XRjFkBT.exe

C:\Windows\System\XRjFkBT.exe

C:\Windows\System\KBtashG.exe

C:\Windows\System\KBtashG.exe

C:\Windows\System\HSPWyni.exe

C:\Windows\System\HSPWyni.exe

C:\Windows\System\yeOgXxX.exe

C:\Windows\System\yeOgXxX.exe

C:\Windows\System\uKdlorW.exe

C:\Windows\System\uKdlorW.exe

C:\Windows\System\uSCgVTJ.exe

C:\Windows\System\uSCgVTJ.exe

C:\Windows\System\DnBsMtZ.exe

C:\Windows\System\DnBsMtZ.exe

C:\Windows\System\iZggvwi.exe

C:\Windows\System\iZggvwi.exe

C:\Windows\System\EZLmxTi.exe

C:\Windows\System\EZLmxTi.exe

C:\Windows\System\wbGPcma.exe

C:\Windows\System\wbGPcma.exe

C:\Windows\System\KZTFpbM.exe

C:\Windows\System\KZTFpbM.exe

C:\Windows\System\AOTaPwX.exe

C:\Windows\System\AOTaPwX.exe

C:\Windows\System\RhnYenW.exe

C:\Windows\System\RhnYenW.exe

C:\Windows\System\YPPMxVr.exe

C:\Windows\System\YPPMxVr.exe

C:\Windows\System\nsHtojI.exe

C:\Windows\System\nsHtojI.exe

C:\Windows\System\jMeAAgH.exe

C:\Windows\System\jMeAAgH.exe

C:\Windows\System\svlvagc.exe

C:\Windows\System\svlvagc.exe

C:\Windows\System\XQUgWIV.exe

C:\Windows\System\XQUgWIV.exe

C:\Windows\System\igVqeff.exe

C:\Windows\System\igVqeff.exe

C:\Windows\System\jVSVMvm.exe

C:\Windows\System\jVSVMvm.exe

C:\Windows\System\Bepfgoz.exe

C:\Windows\System\Bepfgoz.exe

C:\Windows\System\FvcDGft.exe

C:\Windows\System\FvcDGft.exe

C:\Windows\System\leSLhrk.exe

C:\Windows\System\leSLhrk.exe

C:\Windows\System\vgQcaSO.exe

C:\Windows\System\vgQcaSO.exe

C:\Windows\System\JfwHbcp.exe

C:\Windows\System\JfwHbcp.exe

C:\Windows\System\sVpsCJw.exe

C:\Windows\System\sVpsCJw.exe

C:\Windows\System\MoIBZBm.exe

C:\Windows\System\MoIBZBm.exe

C:\Windows\System\MjgoBDo.exe

C:\Windows\System\MjgoBDo.exe

C:\Windows\System\dFCgjhX.exe

C:\Windows\System\dFCgjhX.exe

C:\Windows\System\LkovJMv.exe

C:\Windows\System\LkovJMv.exe

C:\Windows\System\BuVhmhX.exe

C:\Windows\System\BuVhmhX.exe

C:\Windows\System\FwqjPBu.exe

C:\Windows\System\FwqjPBu.exe

C:\Windows\System\KjHFDbZ.exe

C:\Windows\System\KjHFDbZ.exe

C:\Windows\System\FFxokle.exe

C:\Windows\System\FFxokle.exe

C:\Windows\System\PMRGeYq.exe

C:\Windows\System\PMRGeYq.exe

C:\Windows\System\qnWrail.exe

C:\Windows\System\qnWrail.exe

C:\Windows\System\pRdZDwT.exe

C:\Windows\System\pRdZDwT.exe

C:\Windows\System\qGopcoO.exe

C:\Windows\System\qGopcoO.exe

C:\Windows\System\GetvsDx.exe

C:\Windows\System\GetvsDx.exe

C:\Windows\System\bnGLfKp.exe

C:\Windows\System\bnGLfKp.exe

C:\Windows\System\BxWyTOh.exe

C:\Windows\System\BxWyTOh.exe

C:\Windows\System\rjXvCRR.exe

C:\Windows\System\rjXvCRR.exe

C:\Windows\System\LfWOCed.exe

C:\Windows\System\LfWOCed.exe

C:\Windows\System\UgxhUdO.exe

C:\Windows\System\UgxhUdO.exe

C:\Windows\System\NXhwjZw.exe

C:\Windows\System\NXhwjZw.exe

C:\Windows\System\pkcJpQv.exe

C:\Windows\System\pkcJpQv.exe

C:\Windows\System\JtkDdhg.exe

C:\Windows\System\JtkDdhg.exe

C:\Windows\System\LjECPcv.exe

C:\Windows\System\LjECPcv.exe

C:\Windows\System\zbcHLeV.exe

C:\Windows\System\zbcHLeV.exe

C:\Windows\System\JsvAcdz.exe

C:\Windows\System\JsvAcdz.exe

C:\Windows\System\feCtXir.exe

C:\Windows\System\feCtXir.exe

C:\Windows\System\QaVjeHQ.exe

C:\Windows\System\QaVjeHQ.exe

C:\Windows\System\azaSuOl.exe

C:\Windows\System\azaSuOl.exe

C:\Windows\System\DJVnaIb.exe

C:\Windows\System\DJVnaIb.exe

C:\Windows\System\vlQESiw.exe

C:\Windows\System\vlQESiw.exe

C:\Windows\System\fHiTUGn.exe

C:\Windows\System\fHiTUGn.exe

C:\Windows\System\GECRBVw.exe

C:\Windows\System\GECRBVw.exe

C:\Windows\System\augPaPq.exe

C:\Windows\System\augPaPq.exe

C:\Windows\System\aWdfSOP.exe

C:\Windows\System\aWdfSOP.exe

C:\Windows\System\bNfsbLy.exe

C:\Windows\System\bNfsbLy.exe

C:\Windows\System\jiuEhdh.exe

C:\Windows\System\jiuEhdh.exe

C:\Windows\System\kHyZgmJ.exe

C:\Windows\System\kHyZgmJ.exe

C:\Windows\System\EWYgqxz.exe

C:\Windows\System\EWYgqxz.exe

C:\Windows\System\VdEgIVo.exe

C:\Windows\System\VdEgIVo.exe

C:\Windows\System\xqueoKH.exe

C:\Windows\System\xqueoKH.exe

C:\Windows\System\JTtYQUj.exe

C:\Windows\System\JTtYQUj.exe

C:\Windows\System\soAUKkE.exe

C:\Windows\System\soAUKkE.exe

C:\Windows\System\IdkFciF.exe

C:\Windows\System\IdkFciF.exe

C:\Windows\System\rJToUEH.exe

C:\Windows\System\rJToUEH.exe

C:\Windows\System\ehYWhof.exe

C:\Windows\System\ehYWhof.exe

C:\Windows\System\uXIsrDL.exe

C:\Windows\System\uXIsrDL.exe

C:\Windows\System\vLtkYig.exe

C:\Windows\System\vLtkYig.exe

C:\Windows\System\PPIxVvd.exe

C:\Windows\System\PPIxVvd.exe

C:\Windows\System\ukqFuaA.exe

C:\Windows\System\ukqFuaA.exe

C:\Windows\System\dVJQKRh.exe

C:\Windows\System\dVJQKRh.exe

C:\Windows\System\TkPxllT.exe

C:\Windows\System\TkPxllT.exe

C:\Windows\System\ewdRarf.exe

C:\Windows\System\ewdRarf.exe

C:\Windows\System\FCVclcv.exe

C:\Windows\System\FCVclcv.exe

C:\Windows\System\ASCbwVH.exe

C:\Windows\System\ASCbwVH.exe

C:\Windows\System\TrcTjCg.exe

C:\Windows\System\TrcTjCg.exe

C:\Windows\System\iuXvNPB.exe

C:\Windows\System\iuXvNPB.exe

C:\Windows\System\CWudAXu.exe

C:\Windows\System\CWudAXu.exe

C:\Windows\System\EaJlOBE.exe

C:\Windows\System\EaJlOBE.exe

C:\Windows\System\TvsRqku.exe

C:\Windows\System\TvsRqku.exe

C:\Windows\System\WAKCbYu.exe

C:\Windows\System\WAKCbYu.exe

C:\Windows\System\GAGYSFq.exe

C:\Windows\System\GAGYSFq.exe

C:\Windows\System\srLdlKr.exe

C:\Windows\System\srLdlKr.exe

C:\Windows\System\rpDLlrA.exe

C:\Windows\System\rpDLlrA.exe

C:\Windows\System\qwlREjb.exe

C:\Windows\System\qwlREjb.exe

C:\Windows\System\plWHKZm.exe

C:\Windows\System\plWHKZm.exe

C:\Windows\System\bDgNZjs.exe

C:\Windows\System\bDgNZjs.exe

C:\Windows\System\ZcdJwtk.exe

C:\Windows\System\ZcdJwtk.exe

C:\Windows\System\fYiqHxH.exe

C:\Windows\System\fYiqHxH.exe

C:\Windows\System\GASspAI.exe

C:\Windows\System\GASspAI.exe

C:\Windows\System\lcUQbnR.exe

C:\Windows\System\lcUQbnR.exe

C:\Windows\System\ZufzoeY.exe

C:\Windows\System\ZufzoeY.exe

C:\Windows\System\jOWKEiy.exe

C:\Windows\System\jOWKEiy.exe

C:\Windows\System\xCjwTEp.exe

C:\Windows\System\xCjwTEp.exe

C:\Windows\System\oFjdYZi.exe

C:\Windows\System\oFjdYZi.exe

C:\Windows\System\etdqKIa.exe

C:\Windows\System\etdqKIa.exe

C:\Windows\System\gYbSzSU.exe

C:\Windows\System\gYbSzSU.exe

C:\Windows\System\oylOres.exe

C:\Windows\System\oylOres.exe

C:\Windows\System\zSyVBxT.exe

C:\Windows\System\zSyVBxT.exe

C:\Windows\System\dMMDuge.exe

C:\Windows\System\dMMDuge.exe

C:\Windows\System\RrVySaA.exe

C:\Windows\System\RrVySaA.exe

C:\Windows\System\NdfdhXI.exe

C:\Windows\System\NdfdhXI.exe

C:\Windows\System\wcLsPmC.exe

C:\Windows\System\wcLsPmC.exe

C:\Windows\System\XrFBWQL.exe

C:\Windows\System\XrFBWQL.exe

C:\Windows\System\XpPuMUg.exe

C:\Windows\System\XpPuMUg.exe

C:\Windows\System\bWTGOed.exe

C:\Windows\System\bWTGOed.exe

C:\Windows\System\mMeNCpM.exe

C:\Windows\System\mMeNCpM.exe

C:\Windows\System\eCaIyyw.exe

C:\Windows\System\eCaIyyw.exe

C:\Windows\System\wbmHjwg.exe

C:\Windows\System\wbmHjwg.exe

C:\Windows\System\ZRTXZaj.exe

C:\Windows\System\ZRTXZaj.exe

C:\Windows\System\KCbKEsW.exe

C:\Windows\System\KCbKEsW.exe

C:\Windows\System\mPtRnMr.exe

C:\Windows\System\mPtRnMr.exe

C:\Windows\System\mtinYng.exe

C:\Windows\System\mtinYng.exe

C:\Windows\System\zqPeKQk.exe

C:\Windows\System\zqPeKQk.exe

C:\Windows\System\nBXUiJu.exe

C:\Windows\System\nBXUiJu.exe

C:\Windows\System\QCmPlHr.exe

C:\Windows\System\QCmPlHr.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2312-0-0x00007FF6B8950000-0x00007FF6B8CA4000-memory.dmp

memory/2312-1-0x0000027E4F3D0000-0x0000027E4F3E0000-memory.dmp

C:\Windows\System\taOgDgJ.exe

MD5 ab1a7383711e4c722cfddfdb63aafcae
SHA1 da762e3338bb1fa8df96514762e15fb41fa1191a
SHA256 60c5e64fb5d46edbda4c2ab02d528e15197997024150957da2804fcdef3005d1
SHA512 f3dc789a670f24b5d59b883ad9625a3796fa222e629e6e16b6f786e0c13bf57444230a790fffb06af6844eae39efdc38ec468bc569cdd36639e63430c1195547

memory/3956-9-0x00007FF732350000-0x00007FF7326A4000-memory.dmp

C:\Windows\System\svGnHbV.exe

MD5 a4387f27f5ce706bade6a6efecf273d0
SHA1 6088878575063f47304ef3897ae805adbadbc0c0
SHA256 780a8a1cc23719114441de25bfd9f7a7a1adaa610f46789d66a3ed52a126fe0c
SHA512 f399781d5b41407deef1e3be8cdf371ed4f40df382cb1ce5270b933626b7a3166e2bbc0d25d5325ff0b79c345799879371d739dab4e18e4f9daf55c5d6eb7b1f

C:\Windows\System\IOFEYYh.exe

MD5 5df0fcbf8e199b21947b205ac768b8b4
SHA1 5ad5431b18971f98a365fabb14de2bcd3c9dd605
SHA256 7732be316a2002d2e529e9d257719379ce47f6cc518f190e645038d85e4a5d68
SHA512 e79fb0b78d1bf35ff90a42c9db0d5eee69182be5a3f67a3b6e444af83195e69a4d4cbad943c24ab4bf9831da6c65135b3d421a667c7ccd262bd19c8382b919e3

C:\Windows\System\OVTlqKR.exe

MD5 9c547ffc406ca010b3b0ea5913a3ead4
SHA1 6fd5dbec637104f2b696d81c24b679bd4a181b5c
SHA256 5f78ded6450676ec640378bff32b6888d1c3d61b96732f281c2fbc4c3d1ac07d
SHA512 b1360a7dc73d1da7e3341ae7023ffe9dab974c592d5d394f29be5b57a8ba9ed39d578d68aa75cc0c198eb606c526209950fa8df51e225401f5718869fd09b232

memory/2796-40-0x00007FF7B0630000-0x00007FF7B0984000-memory.dmp

C:\Windows\System\gRzeVOc.exe

MD5 a2fbcfe1b677f0bba9ebf30bb6381d60
SHA1 65dc069bb63651bd0ebf8391f8e6714913a91a36
SHA256 dfa4ef43594ae0717a9291889cdf7077653153acd7bb9660bd26c32536820c6a
SHA512 4d51aeff5324df4cce4d83a9b40957ea9450dfe5b92f9c67ea0ae4d918d3fa08166bf770eae157a845f5d1c8de92ef2bc5ae17c27c6e24e8b8c8d726a3c3741f

memory/3712-51-0x00007FF6D86F0000-0x00007FF6D8A44000-memory.dmp

C:\Windows\System\SgfXrlU.exe

MD5 168775c9a87575f129e9659a1d0239ed
SHA1 5cc0f468bdc7a00c193d1b18ca090109a0f2a616
SHA256 2165e37049ddb38601400fe004d43d4f3135376494c5fb10a4e1bdbecc8cedde
SHA512 11e87bf66e84bda5c85f35c9f30f14de1c4235018856b4177dd5e2048fcdb8db7aee482b280c6e543467287cd16a3a811750052a6d68fa4dd77663e9f92a2cb1

C:\Windows\System\IZIMaNI.exe

MD5 03ef986948eda4697a24b63ce4b15c02
SHA1 e5cd30056743f24c43efe61e5e831183d7fe1e9d
SHA256 1426ee2915dcf90ef278f02cb51a930ffd7ef14c4b0d68bb8a90275c9d9a68a5
SHA512 bba3b7ce10ebe1758e9f047caabe0b48f0142eee53aa879e714cc004e0232f8cafcae5ac54e425cdab0891642249202a9e4e564b72c02a748ff292c8be9bd6b5

C:\Windows\System\WwJPpTi.exe

MD5 02009a275b264cce68cb423a771e0816
SHA1 bf634766d2319aaa635e30897660d61ce8f30e7b
SHA256 c2976369b294c29712c61d4542a08e3c0c933c5ddce966fe36c00a0098b17199
SHA512 b30f0f0bc520d04ef74b3e365689e2b61df76fd8c676078de207fc5716d85252ba97780f305f5d5e7911cdef3a47cd3a034a384fe706f18569f3688d3da05e9d

memory/4724-104-0x00007FF6284D0000-0x00007FF628824000-memory.dmp

C:\Windows\System\WHBrMdQ.exe

MD5 5cbe852d3e02012df4a88723934176b2
SHA1 e66c9dbc05113ccf5aea6b9197a5fdc0c9ea5635
SHA256 e8a8e9c72d197da639118bd7283e6be6fdd6b0e6a1e67819fd29a1d5c7a1cf87
SHA512 c83874374792851a00ed53c3a8a9cfc81b813b77a4c1b8655534de4338b2de7c2627b0b025c1e46cce80bb45090b9c5787e87344c98e7ac313061b09cb428d3c

C:\Windows\System\zjGAJlV.exe

MD5 56aa9c9b00446a8466d3152cfcee6504
SHA1 7a6eb2cc63ec4c9c6b14851a72227d99476836e9
SHA256 9c65fd8935882f21eee75ae1080ff15fbe3ea0ef2028f0d54fca0bc98a8fc82a
SHA512 07b5fae1953e1c31c83d2eb1b7ceb1d9871a0334962d5e394e086ce0478bf265672f79536405a776a25323a35d49e4b6881cebee95be7f7bb2410a8af2adb19c

C:\Windows\System\zQuxpIp.exe

MD5 bb8fc06a5d1bf3e5ea1ec45a84c6a3bd
SHA1 b3166552fb458f1f60268b84cea77b985379a51f
SHA256 f369271aabefcc4b309f8ebee189f35007543ea796160202f1281489e642c110
SHA512 82128034a78c5f1c2bc5f8679447bc19e370c5726eb1aa66586a0bfb59ef9405e225b2a624649a7ab7aa4bbda86d5cb6d031eb45aa3f55813c5ae39855fbdda9

C:\Windows\System\tbFDLis.exe

MD5 9fc06525ce1c0a5d4698cbda161de277
SHA1 8dfe3b8f0d43ccd3e3f6bf2da2bc36b6ccc36913
SHA256 9071b3e4bd05b65cf6b2718b4c8741e3e6a1e6f0b45a880a5272106bf49430d2
SHA512 18de2d5e252416dec464187b3b79dc7e4a66f773fc7dd88ad96c8908979c872a860bb48156fa6e8872fee196229bd278cf4d9087a45dabbc1066dc5eda875ad9

memory/1356-183-0x00007FF741750000-0x00007FF741AA4000-memory.dmp

memory/1048-188-0x00007FF7C7570000-0x00007FF7C78C4000-memory.dmp

memory/4080-196-0x00007FF65CB60000-0x00007FF65CEB4000-memory.dmp

memory/1084-200-0x00007FF6DF4C0000-0x00007FF6DF814000-memory.dmp

memory/2364-199-0x00007FF754CE0000-0x00007FF755034000-memory.dmp

memory/2944-198-0x00007FF71A780000-0x00007FF71AAD4000-memory.dmp

memory/3808-197-0x00007FF68CFF0000-0x00007FF68D344000-memory.dmp

memory/4524-189-0x00007FF6041A0000-0x00007FF6044F4000-memory.dmp

memory/5064-187-0x00007FF747EE0000-0x00007FF748234000-memory.dmp

memory/3904-186-0x00007FF797A60000-0x00007FF797DB4000-memory.dmp

memory/4304-185-0x00007FF78ECE0000-0x00007FF78F034000-memory.dmp

memory/3876-184-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp

C:\Windows\System\yAitNjY.exe

MD5 4aa07642719b1d4cb7315a1199a21b8e
SHA1 f03bbfe369cfb7b67c79269fc4ee5f80cb9c8fd6
SHA256 0d8eb797448e0da389fd198efe16efccfc7af6a5f8ba0958afbfc6bb61082001
SHA512 0aaefb1514c604306e3709a230e9f8e5f9ad44dd5366323980d42d139eab7ebbf4beff5b134309dd93f617b7cf86702097daac77eff320e923c721dd3dabf9fe

C:\Windows\System\kvrQWaF.exe

MD5 89dd659ecee48aa86e65cb5c359448d1
SHA1 8401e6f411c1d3c601a2313a66c3b09d094169c1
SHA256 d9e86364897cb1e488de7ae016de17a012c46c49e4a8737c0f23595b4a08453c
SHA512 d961ec3bd0b14084678a6bc9f0265af79f5a5e95f09621f5d8e8f89750c3f9b333cabe7f14c59272f13759f7a9f11819f650f0da6ce37552a4bafd922a00fe0a

C:\Windows\System\bSfECNx.exe

MD5 94a1d557568c62137119a2a413ae502b
SHA1 23b91db96311a5438c36d524f4a8be1019153d21
SHA256 c7c80e977c21e5124a9c6b45afc30f815c00750989b2eb4db26dd490084da204
SHA512 b76a38b395643146a65cda2ff0adc03b41b36e3482d21782e2742a630739ce7382fb34b25c1d7d8ac3f8e87f0c8e8deedf9b866cc07c245ed9fd46a41230189d

C:\Windows\System\mmtokXv.exe

MD5 d23dbdb65263cdf955003b57bd0d9aa6
SHA1 e6504b3d38d51dcfcc21408c137e1144cc575cb1
SHA256 93986046f53cc069508d0e9f40a9387df812e20d0011513ca34bcea0a98397a3
SHA512 315439983a861727e4ded4708520c205b02295ea49980186d9c01e099616812f1d44753491127958ead612e64f575256d1de48ae5d63d7f3b2a6df91338f0fd1

C:\Windows\System\uRAAukd.exe

MD5 e8b8424363f85d5545be54c12cc5564b
SHA1 ad59a57c4f7faa2b2eb153d37ab93824e1dab516
SHA256 4d402a34a45aec21041648755005abba1bbc78ef8518ddd141acc61b323ac903
SHA512 ccd7869c755b40ca47ded8f76f7486a8e6d99f3f0a147ce479b403d412cbe84a612d48d0f2be73f8f8f960713f9a713f3f38374af2e8708d640614c4e2a1fc14

C:\Windows\System\lpnXyof.exe

MD5 52f9bf8ecd9b03ab94f73b880b59c70c
SHA1 ea7bd12b62f67effd59d1e532b659b7723787f55
SHA256 af52bebfd4c3082f7c74cd69ce402865af86dd95410a4935ed2b6c81ab93cac0
SHA512 2e4731f1fe76048a3fc0a68f42c157eb6af0f8c6f4d733c2081a259da087b661a422dfe49e35de9039eaa57b38eda78c3a69cd2dfad760850e4a56853f2c1b60

C:\Windows\System\JlEsCKQ.exe

MD5 c552db9e4cf1093cbf7f4a1f78a4f318
SHA1 6122d77a35ca3ca313f81f8a4a2a8dee9065e8fa
SHA256 d6a8cdf10c26754337fc8ed6d2fcff40ddbcb5473db0f6e6ce4eaa0192bd3922
SHA512 7b6ec7c2c675b8646281e24585e7912093fe8f4235c7aa06292dbfa207943a5d1c83b14d7bd51cbdf7d5f6ccd538de539ffd836d6cce1de60edaefb5bbe20e05

memory/2292-172-0x00007FF767A90000-0x00007FF767DE4000-memory.dmp

C:\Windows\System\Weghjha.exe

MD5 65a96ad4bb4fe2afbda7fe1681378c4a
SHA1 6f3fb8f67ce397f0ddaa11d45ab41122bac0146b
SHA256 55c98a30c80005ee995e0c0020f932484312371490e763bddca31af9945e057f
SHA512 dae6ce82fdc4c4a971d17783e63897d31e65a24e731cc56873c23ff164c3ba96af3edbcd52985816b0fc8557fa3eab3fc58e54c6059a5df1c9c7d089ba828968

C:\Windows\System\utlBAjO.exe

MD5 7379da11e571df5ebd549d1eab760b82
SHA1 2ad127e26fb52102398189fb21ae7444e386a826
SHA256 d967598b3f38583e6f2798f1545ad65241cf5129f75976674b96c5f88df6054a
SHA512 ec7a033939c47b007a84cdb2d97ec787bea5a7abd8c5661f038c9280107a807f1086e5d394689d6e94a652e0809a978a05d9991cf962e4b26c984a761c7e5611

C:\Windows\System\IjKuQvh.exe

MD5 3e69025c1dfc9ad108db116d13c4cd5f
SHA1 2f1de71d18179ee83cc808aa93bc72d744f7aa5c
SHA256 5277216b8095c88b06f4099d83a4edf3e5cff61628de9de188dcb9a3649c169c
SHA512 a96d6feb90a33496056c8d91e44661ac0e0b912d17563ec4455b73d40a2e35cc5f569711db8c76c4181cc47d61cf4a72b397f5bd3699378acc45898b82e602d9

memory/3120-146-0x00007FF7FED00000-0x00007FF7FF054000-memory.dmp

memory/4280-145-0x00007FF7F48C0000-0x00007FF7F4C14000-memory.dmp

C:\Windows\System\cmshiCc.exe

MD5 a22900d7daac0441073c3141af751fa7
SHA1 ab6ea7dbdbd2497caffeda7280ee63e645541eb9
SHA256 688367e410190579783c3c97dfb1a43ac72aa4966b315f4b2dbfb2a4b86de399
SHA512 82d6564ef142e298710b635b4502fae6d9b191b9a9909fb68aef56f0a99836129d07e2b22c0e03055e7b678daf048f64b541819d23c0372d760525e09ab9368d

memory/408-141-0x00007FF67C820000-0x00007FF67CB74000-memory.dmp

memory/3536-140-0x00007FF62DF10000-0x00007FF62E264000-memory.dmp

C:\Windows\System\KpucCUz.exe

MD5 f4f26d8b2de31535dfc12e9e22b186d5
SHA1 ce74620dea91982acb669cdf65a0a0059ddf38f8
SHA256 9755e94a7b2198b4dff85510bf5ffba65d76d6473b74774c5f9ea1f759656e96
SHA512 7ace9aac88dc230a6a9bb5a1b143e977413337595e2acf69565bb957deb66311da33000f5a2b1f4f3c4c450ca4b1315f66229491c48d8416087a1d6e3e66d863

C:\Windows\System\BicBTwG.exe

MD5 a53e5099f9c18fb7381a958ec839c42f
SHA1 e80e6e02d3401cefc056b18c2d3ca2ee654b8f74
SHA256 3018e846180100f2843ed328833715120f5ef74862ad70577e441bd75c310561
SHA512 5a1825855d7bfa0a2db433f4258d4dd2a6c2de25396eb614525a9e3fb7eb4d28efd051b0f121b37c4a64e746b171b422f85b398ad1d768ccb06e27ad57ad4401

C:\Windows\System\GnqMrct.exe

MD5 745767a964898ec8171a49fbff7664bd
SHA1 197ecc4b2d2636f6b772d5039fb77000effd142f
SHA256 09d88218aeb67fd48668302f129f54fb34d237b1226470590e17c10340791b5d
SHA512 4363a29ff92389b60abfd87ca73cdd877b98bf025802f19f68b06530824f99a46c4275c163f8c9b932c8208cd8e8c06f00821f0cd788ad2666faec397c37346b

C:\Windows\System\FlufxWw.exe

MD5 386e4687bb8bbb235a3ea094f43be33a
SHA1 2598d08b6dc4e47d2f9317df91d9af2bbcceb0dc
SHA256 b3a6a9688bf2fd9af31db80946ff09c9b9f61d18d2d42f2b9384cc6a4a610514
SHA512 7c1c19ff9b98348b6238ce0aea6b602841a486eee35e503e5112a1e9527a911c260beeafdcb3a86879485c714637235f6f1372a51b076cecc25fc6a5467759e9

C:\Windows\System\fbNoBSO.exe

MD5 0c37a71108d11c5301fd3847e97d302f
SHA1 28a5c41649d29556be91adf968a117b989fb91fb
SHA256 af6d61adaed1350ad3c494b5f11d4250cb66008e1b1cf46cb451f3946ec9b182
SHA512 ede85250910922c1f3e81f6011767a7ff998e713701545985b09ace52f00fc13e166eb3fc727ccd15c09eaa54f53081c7b0eb47237fd01dab596b303ccef41bc

memory/2904-118-0x00007FF7F4F70000-0x00007FF7F52C4000-memory.dmp

memory/4900-105-0x00007FF60DDF0000-0x00007FF60E144000-memory.dmp

C:\Windows\System\DYWbLFW.exe

MD5 90416b35a50f05c3f36b1c76e2af9111
SHA1 2adcf0c00ebe73850ddf7177ce94e2f6742abcef
SHA256 3a7b6a1fa19bea8555f94f97b2367e4e7e2ae39aa009c2326bde60d4b237ebd1
SHA512 83e724dd0c0ae53d98f459fc0204e1ea2d801bf25d41dba6a0bc44f16c3eea2d2ed2bbb23fc2020426c5b142a38fb426f139e67721f0771654ceff50c359ed73

memory/3100-85-0x00007FF691910000-0x00007FF691C64000-memory.dmp

C:\Windows\System\pZqHMWD.exe

MD5 7e5e36ecf1a5d339b7c075a7ef647389
SHA1 6a9fbf408e249e845434c785cde15feb84ed50b9
SHA256 569347bdd9b2b3e0a2200052abf01f97edece78217419c013ba0981f09444baa
SHA512 112d90654f85b7ac94e4f2f4114b230bcf0c556797e2b5e36e3eb9d7e13a636f004dad8920ae9face6f778960dcecd73035f4564ba6ea786240182629316c737

C:\Windows\System\NNUMaLp.exe

MD5 de62130b6f1a60fa2fcc69e544a6d6c3
SHA1 c8002e7127ac31056f2fac1b4aef4b13708416f0
SHA256 236e4c0d5beff162e5fc7001381aca8fe9881d25dd490182c7e90533ae832930
SHA512 5513a7f8bcccddd49113dd29ae480c4605f762c5d8d8816f57caeca582fe0dd52470a1eba8f1ec0f9f4c1220421828b0674933aa1747d95fa44b4217912e6a65

memory/1936-68-0x00007FF6F6E60000-0x00007FF6F71B4000-memory.dmp

memory/3768-67-0x00007FF64B8E0000-0x00007FF64BC34000-memory.dmp

memory/1836-61-0x00007FF72A3F0000-0x00007FF72A744000-memory.dmp

C:\Windows\System\WhEFrYY.exe

MD5 6c4d20e547a05da88ee46468ade3d580
SHA1 3f3ffd4e36cb4c36046ab7c51a172ba4fc8ff1bb
SHA256 385706106be80d3103ed2507ffdef76af215f7252cde4d9cccc538333f4684f2
SHA512 7c3d36a14a694c7bd2e6a447871120419a515d1be3d8ff8efe0f55a09391898cc462657a26fa25d982503ffdc135395e010fc8d090b207696054594367499328

C:\Windows\System\jncJMdh.exe

MD5 dba38f215e1dd798eae2e4a5bb098925
SHA1 34472a60b331b44e48571f1a68ba07876ea2c1c1
SHA256 1eb283effc5408e5410a7087bc9534825f459508d18c5bd34820c90388412f14
SHA512 aaef4524f8d9b722d92a94de5a0d4883af5c43d746bd959899c54f9336183cdf714c3099c143501f4d0c064edcdfa21c212d3bac4eb1e207d66cd544577bf9e8

C:\Windows\System\NtGAkMD.exe

MD5 269f9a633947507f19662ad5f2260423
SHA1 a355fa4e2904c71bd34b1ac3409740f7b778ea28
SHA256 1293b73d288f4f7747b149268e0e394284a401dedfbef2b6b11fbef31cd4b631
SHA512 c7ab1f70a1424db923a29b9068b48b1b584bc0a439da4cd31618145f69182279c9fcb53ca2595441faa7041e421c3f7b8bfb91f25530a04033b1d10a57f4adfd

memory/4460-34-0x00007FF6ECBD0000-0x00007FF6ECF24000-memory.dmp

memory/3624-19-0x00007FF711E30000-0x00007FF712184000-memory.dmp

C:\Windows\System\DbbLDhR.exe

MD5 711ca0581a30ea1ce80958c85740ce13
SHA1 31370d60440dfa15f5e49159370fc470ae24023a
SHA256 778d6cb87714a226c494acb9c66c2b3b384bb98cf3e708f9afc73e378ad46d6c
SHA512 b3c7c2004b96384bdcad0af8d96fcd3d8917ef14441d72a8978debe26cb8da306aa05f89f88786ff843cebfcb691342ee40193293290a7690e972cbdbcddf0ee

memory/2312-1070-0x00007FF6B8950000-0x00007FF6B8CA4000-memory.dmp

memory/3956-1071-0x00007FF732350000-0x00007FF7326A4000-memory.dmp

memory/4460-1072-0x00007FF6ECBD0000-0x00007FF6ECF24000-memory.dmp

memory/2796-1073-0x00007FF7B0630000-0x00007FF7B0984000-memory.dmp

memory/3768-1074-0x00007FF64B8E0000-0x00007FF64BC34000-memory.dmp

memory/3100-1075-0x00007FF691910000-0x00007FF691C64000-memory.dmp

memory/2904-1076-0x00007FF7F4F70000-0x00007FF7F52C4000-memory.dmp

memory/3536-1077-0x00007FF62DF10000-0x00007FF62E264000-memory.dmp

memory/4280-1078-0x00007FF7F48C0000-0x00007FF7F4C14000-memory.dmp

memory/2292-1079-0x00007FF767A90000-0x00007FF767DE4000-memory.dmp

memory/1936-1080-0x00007FF6F6E60000-0x00007FF6F71B4000-memory.dmp

memory/4900-1081-0x00007FF60DDF0000-0x00007FF60E144000-memory.dmp

memory/3120-1082-0x00007FF7FED00000-0x00007FF7FF054000-memory.dmp

memory/3956-1083-0x00007FF732350000-0x00007FF7326A4000-memory.dmp

memory/3624-1084-0x00007FF711E30000-0x00007FF712184000-memory.dmp

memory/4460-1086-0x00007FF6ECBD0000-0x00007FF6ECF24000-memory.dmp

memory/4304-1085-0x00007FF78ECE0000-0x00007FF78F034000-memory.dmp

memory/3712-1087-0x00007FF6D86F0000-0x00007FF6D8A44000-memory.dmp

memory/2796-1088-0x00007FF7B0630000-0x00007FF7B0984000-memory.dmp

memory/3904-1090-0x00007FF797A60000-0x00007FF797DB4000-memory.dmp

memory/1836-1089-0x00007FF72A3F0000-0x00007FF72A744000-memory.dmp

memory/1048-1091-0x00007FF7C7570000-0x00007FF7C78C4000-memory.dmp

memory/1936-1092-0x00007FF6F6E60000-0x00007FF6F71B4000-memory.dmp

memory/5064-1093-0x00007FF747EE0000-0x00007FF748234000-memory.dmp

memory/3100-1094-0x00007FF691910000-0x00007FF691C64000-memory.dmp

memory/3768-1096-0x00007FF64B8E0000-0x00007FF64BC34000-memory.dmp

memory/4724-1095-0x00007FF6284D0000-0x00007FF628824000-memory.dmp

memory/4524-1097-0x00007FF6041A0000-0x00007FF6044F4000-memory.dmp

memory/3536-1102-0x00007FF62DF10000-0x00007FF62E264000-memory.dmp

memory/4280-1104-0x00007FF7F48C0000-0x00007FF7F4C14000-memory.dmp

memory/2904-1103-0x00007FF7F4F70000-0x00007FF7F52C4000-memory.dmp

memory/4900-1100-0x00007FF60DDF0000-0x00007FF60E144000-memory.dmp

memory/408-1101-0x00007FF67C820000-0x00007FF67CB74000-memory.dmp

memory/4080-1099-0x00007FF65CB60000-0x00007FF65CEB4000-memory.dmp

memory/3808-1098-0x00007FF68CFF0000-0x00007FF68D344000-memory.dmp

memory/2292-1108-0x00007FF767A90000-0x00007FF767DE4000-memory.dmp

memory/3876-1111-0x00007FF7B5C90000-0x00007FF7B5FE4000-memory.dmp

memory/2944-1110-0x00007FF71A780000-0x00007FF71AAD4000-memory.dmp

memory/1356-1109-0x00007FF741750000-0x00007FF741AA4000-memory.dmp

memory/3120-1107-0x00007FF7FED00000-0x00007FF7FF054000-memory.dmp

memory/2364-1106-0x00007FF754CE0000-0x00007FF755034000-memory.dmp

memory/1084-1105-0x00007FF6DF4C0000-0x00007FF6DF814000-memory.dmp