Malware Analysis Report

2024-10-16 07:37

Sample ID 240602-c63mtagf72
Target 276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe
SHA256 966143258f3cf729741b6f784b2004c90c01a7b102e9ca6fee1c3a72c865e69b
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

966143258f3cf729741b6f784b2004c90c01a7b102e9ca6fee1c3a72c865e69b

Threat Level: Known bad

The file 276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

Xmrig family

xmrig

Kpot family

XMRig Miner payload

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 02:42

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 02:42

Reported

2024-06-02 02:44

Platform

win7-20240215-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wOxnqlF.exe N/A
N/A N/A C:\Windows\System\XMFtWbC.exe N/A
N/A N/A C:\Windows\System\mipwEeW.exe N/A
N/A N/A C:\Windows\System\imCtSFE.exe N/A
N/A N/A C:\Windows\System\viXidej.exe N/A
N/A N/A C:\Windows\System\bdogxyJ.exe N/A
N/A N/A C:\Windows\System\dKyGIbf.exe N/A
N/A N/A C:\Windows\System\krDTTHx.exe N/A
N/A N/A C:\Windows\System\CCivqzK.exe N/A
N/A N/A C:\Windows\System\TPkzIKa.exe N/A
N/A N/A C:\Windows\System\BtFsMkz.exe N/A
N/A N/A C:\Windows\System\aDzMuag.exe N/A
N/A N/A C:\Windows\System\FnSAtUQ.exe N/A
N/A N/A C:\Windows\System\VmpWiVq.exe N/A
N/A N/A C:\Windows\System\qlpdaWe.exe N/A
N/A N/A C:\Windows\System\ZHPMqYI.exe N/A
N/A N/A C:\Windows\System\XTZptbV.exe N/A
N/A N/A C:\Windows\System\EWqPINS.exe N/A
N/A N/A C:\Windows\System\PlRJrKc.exe N/A
N/A N/A C:\Windows\System\llpQvbj.exe N/A
N/A N/A C:\Windows\System\LhZtIYZ.exe N/A
N/A N/A C:\Windows\System\PtlyXEP.exe N/A
N/A N/A C:\Windows\System\qaBUpOS.exe N/A
N/A N/A C:\Windows\System\iVdUnaH.exe N/A
N/A N/A C:\Windows\System\wqTSfdH.exe N/A
N/A N/A C:\Windows\System\AUOdNWl.exe N/A
N/A N/A C:\Windows\System\uJgwmcy.exe N/A
N/A N/A C:\Windows\System\jKIRqKa.exe N/A
N/A N/A C:\Windows\System\YhQcklo.exe N/A
N/A N/A C:\Windows\System\bsdnKoG.exe N/A
N/A N/A C:\Windows\System\IVUSUpb.exe N/A
N/A N/A C:\Windows\System\XqrWckv.exe N/A
N/A N/A C:\Windows\System\JetERDM.exe N/A
N/A N/A C:\Windows\System\zcPLNHo.exe N/A
N/A N/A C:\Windows\System\IcGMJMQ.exe N/A
N/A N/A C:\Windows\System\NTZMWdv.exe N/A
N/A N/A C:\Windows\System\VkmcSUo.exe N/A
N/A N/A C:\Windows\System\IRjoQRG.exe N/A
N/A N/A C:\Windows\System\nMBbUoF.exe N/A
N/A N/A C:\Windows\System\FdHAlfk.exe N/A
N/A N/A C:\Windows\System\narFnhN.exe N/A
N/A N/A C:\Windows\System\vLjhZNM.exe N/A
N/A N/A C:\Windows\System\uITagYW.exe N/A
N/A N/A C:\Windows\System\cblqFPM.exe N/A
N/A N/A C:\Windows\System\YCgMrhE.exe N/A
N/A N/A C:\Windows\System\bCLgePj.exe N/A
N/A N/A C:\Windows\System\nRyPpoS.exe N/A
N/A N/A C:\Windows\System\LyoCyEM.exe N/A
N/A N/A C:\Windows\System\rNniuvo.exe N/A
N/A N/A C:\Windows\System\bfDqBvr.exe N/A
N/A N/A C:\Windows\System\aEPKOCy.exe N/A
N/A N/A C:\Windows\System\cnyOLII.exe N/A
N/A N/A C:\Windows\System\vscAewN.exe N/A
N/A N/A C:\Windows\System\YAZLvzh.exe N/A
N/A N/A C:\Windows\System\BhAvWBv.exe N/A
N/A N/A C:\Windows\System\mtStVyD.exe N/A
N/A N/A C:\Windows\System\qeWqdxs.exe N/A
N/A N/A C:\Windows\System\wOafTId.exe N/A
N/A N/A C:\Windows\System\utIuKBj.exe N/A
N/A N/A C:\Windows\System\CLFVEnt.exe N/A
N/A N/A C:\Windows\System\gZewvBT.exe N/A
N/A N/A C:\Windows\System\jaYaewU.exe N/A
N/A N/A C:\Windows\System\Izzujth.exe N/A
N/A N/A C:\Windows\System\XNpnRck.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aDeGjpx.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCTQVvN.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVUSUpb.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\hpjqwjf.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTnMHlK.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMAbvCX.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\gAPCxbu.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgGrzPI.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\bwFZxny.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMFtWbC.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOafTId.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNpnRck.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzCyWAs.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfbCyqj.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnPhlTd.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\yyQUXDy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\FnSAtUQ.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAZLvzh.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLFVEnt.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJPAvuG.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\nACkDjW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\hqdOyoe.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcPLNHo.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnyOLII.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\qPkKTxU.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnopYpA.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaXTjUW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdHAlfk.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZVyiKK.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnIeFlx.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWrQOqO.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJeUvXl.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\KprJEWv.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\iUfKgsT.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\whOQxbz.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEAzePj.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVBSDzl.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\Huxywnh.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAKRsjz.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\narFnhN.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCLgePj.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzymCTE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcDZdfS.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCCTpxW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWfyUJy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\vNqNjGF.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvRYmKL.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\HqmrkgH.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMuHtou.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\tFeiztI.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\jazhulK.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaNvEaU.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPUDJPu.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSQiEWO.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\LrmrTOt.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjoMxNb.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhZtIYZ.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHKqMEK.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBWtDZL.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXRgWsH.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\nazcXhP.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDVNDiy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\imCtSFE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVdUnaH.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1972 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wOxnqlF.exe
PID 1972 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wOxnqlF.exe
PID 1972 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wOxnqlF.exe
PID 1972 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XMFtWbC.exe
PID 1972 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XMFtWbC.exe
PID 1972 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XMFtWbC.exe
PID 1972 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\mipwEeW.exe
PID 1972 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\mipwEeW.exe
PID 1972 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\mipwEeW.exe
PID 1972 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\imCtSFE.exe
PID 1972 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\imCtSFE.exe
PID 1972 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\imCtSFE.exe
PID 1972 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\viXidej.exe
PID 1972 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\viXidej.exe
PID 1972 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\viXidej.exe
PID 1972 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bdogxyJ.exe
PID 1972 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bdogxyJ.exe
PID 1972 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bdogxyJ.exe
PID 1972 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\krDTTHx.exe
PID 1972 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\krDTTHx.exe
PID 1972 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\krDTTHx.exe
PID 1972 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\dKyGIbf.exe
PID 1972 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\dKyGIbf.exe
PID 1972 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\dKyGIbf.exe
PID 1972 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\TPkzIKa.exe
PID 1972 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\TPkzIKa.exe
PID 1972 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\TPkzIKa.exe
PID 1972 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\CCivqzK.exe
PID 1972 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\CCivqzK.exe
PID 1972 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\CCivqzK.exe
PID 1972 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\BtFsMkz.exe
PID 1972 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\BtFsMkz.exe
PID 1972 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\BtFsMkz.exe
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\aDzMuag.exe
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\aDzMuag.exe
PID 1972 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\aDzMuag.exe
PID 1972 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\FnSAtUQ.exe
PID 1972 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\FnSAtUQ.exe
PID 1972 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\FnSAtUQ.exe
PID 1972 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\VmpWiVq.exe
PID 1972 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\VmpWiVq.exe
PID 1972 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\VmpWiVq.exe
PID 1972 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\ZHPMqYI.exe
PID 1972 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\ZHPMqYI.exe
PID 1972 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\ZHPMqYI.exe
PID 1972 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qlpdaWe.exe
PID 1972 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qlpdaWe.exe
PID 1972 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qlpdaWe.exe
PID 1972 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\EWqPINS.exe
PID 1972 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\EWqPINS.exe
PID 1972 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\EWqPINS.exe
PID 1972 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XTZptbV.exe
PID 1972 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XTZptbV.exe
PID 1972 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XTZptbV.exe
PID 1972 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PlRJrKc.exe
PID 1972 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PlRJrKc.exe
PID 1972 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PlRJrKc.exe
PID 1972 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\llpQvbj.exe
PID 1972 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\llpQvbj.exe
PID 1972 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\llpQvbj.exe
PID 1972 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\LhZtIYZ.exe
PID 1972 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\LhZtIYZ.exe
PID 1972 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\LhZtIYZ.exe
PID 1972 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PtlyXEP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe"

C:\Windows\System\wOxnqlF.exe

C:\Windows\System\wOxnqlF.exe

C:\Windows\System\XMFtWbC.exe

C:\Windows\System\XMFtWbC.exe

C:\Windows\System\mipwEeW.exe

C:\Windows\System\mipwEeW.exe

C:\Windows\System\imCtSFE.exe

C:\Windows\System\imCtSFE.exe

C:\Windows\System\viXidej.exe

C:\Windows\System\viXidej.exe

C:\Windows\System\bdogxyJ.exe

C:\Windows\System\bdogxyJ.exe

C:\Windows\System\krDTTHx.exe

C:\Windows\System\krDTTHx.exe

C:\Windows\System\dKyGIbf.exe

C:\Windows\System\dKyGIbf.exe

C:\Windows\System\TPkzIKa.exe

C:\Windows\System\TPkzIKa.exe

C:\Windows\System\CCivqzK.exe

C:\Windows\System\CCivqzK.exe

C:\Windows\System\BtFsMkz.exe

C:\Windows\System\BtFsMkz.exe

C:\Windows\System\aDzMuag.exe

C:\Windows\System\aDzMuag.exe

C:\Windows\System\FnSAtUQ.exe

C:\Windows\System\FnSAtUQ.exe

C:\Windows\System\VmpWiVq.exe

C:\Windows\System\VmpWiVq.exe

C:\Windows\System\ZHPMqYI.exe

C:\Windows\System\ZHPMqYI.exe

C:\Windows\System\qlpdaWe.exe

C:\Windows\System\qlpdaWe.exe

C:\Windows\System\EWqPINS.exe

C:\Windows\System\EWqPINS.exe

C:\Windows\System\XTZptbV.exe

C:\Windows\System\XTZptbV.exe

C:\Windows\System\PlRJrKc.exe

C:\Windows\System\PlRJrKc.exe

C:\Windows\System\llpQvbj.exe

C:\Windows\System\llpQvbj.exe

C:\Windows\System\LhZtIYZ.exe

C:\Windows\System\LhZtIYZ.exe

C:\Windows\System\PtlyXEP.exe

C:\Windows\System\PtlyXEP.exe

C:\Windows\System\qaBUpOS.exe

C:\Windows\System\qaBUpOS.exe

C:\Windows\System\iVdUnaH.exe

C:\Windows\System\iVdUnaH.exe

C:\Windows\System\wqTSfdH.exe

C:\Windows\System\wqTSfdH.exe

C:\Windows\System\AUOdNWl.exe

C:\Windows\System\AUOdNWl.exe

C:\Windows\System\uJgwmcy.exe

C:\Windows\System\uJgwmcy.exe

C:\Windows\System\jKIRqKa.exe

C:\Windows\System\jKIRqKa.exe

C:\Windows\System\YhQcklo.exe

C:\Windows\System\YhQcklo.exe

C:\Windows\System\bsdnKoG.exe

C:\Windows\System\bsdnKoG.exe

C:\Windows\System\IVUSUpb.exe

C:\Windows\System\IVUSUpb.exe

C:\Windows\System\XqrWckv.exe

C:\Windows\System\XqrWckv.exe

C:\Windows\System\JetERDM.exe

C:\Windows\System\JetERDM.exe

C:\Windows\System\zcPLNHo.exe

C:\Windows\System\zcPLNHo.exe

C:\Windows\System\IcGMJMQ.exe

C:\Windows\System\IcGMJMQ.exe

C:\Windows\System\NTZMWdv.exe

C:\Windows\System\NTZMWdv.exe

C:\Windows\System\VkmcSUo.exe

C:\Windows\System\VkmcSUo.exe

C:\Windows\System\IRjoQRG.exe

C:\Windows\System\IRjoQRG.exe

C:\Windows\System\nMBbUoF.exe

C:\Windows\System\nMBbUoF.exe

C:\Windows\System\FdHAlfk.exe

C:\Windows\System\FdHAlfk.exe

C:\Windows\System\narFnhN.exe

C:\Windows\System\narFnhN.exe

C:\Windows\System\vLjhZNM.exe

C:\Windows\System\vLjhZNM.exe

C:\Windows\System\uITagYW.exe

C:\Windows\System\uITagYW.exe

C:\Windows\System\cblqFPM.exe

C:\Windows\System\cblqFPM.exe

C:\Windows\System\YCgMrhE.exe

C:\Windows\System\YCgMrhE.exe

C:\Windows\System\bCLgePj.exe

C:\Windows\System\bCLgePj.exe

C:\Windows\System\nRyPpoS.exe

C:\Windows\System\nRyPpoS.exe

C:\Windows\System\LyoCyEM.exe

C:\Windows\System\LyoCyEM.exe

C:\Windows\System\rNniuvo.exe

C:\Windows\System\rNniuvo.exe

C:\Windows\System\bfDqBvr.exe

C:\Windows\System\bfDqBvr.exe

C:\Windows\System\aEPKOCy.exe

C:\Windows\System\aEPKOCy.exe

C:\Windows\System\cnyOLII.exe

C:\Windows\System\cnyOLII.exe

C:\Windows\System\vscAewN.exe

C:\Windows\System\vscAewN.exe

C:\Windows\System\YAZLvzh.exe

C:\Windows\System\YAZLvzh.exe

C:\Windows\System\BhAvWBv.exe

C:\Windows\System\BhAvWBv.exe

C:\Windows\System\mtStVyD.exe

C:\Windows\System\mtStVyD.exe

C:\Windows\System\qeWqdxs.exe

C:\Windows\System\qeWqdxs.exe

C:\Windows\System\wOafTId.exe

C:\Windows\System\wOafTId.exe

C:\Windows\System\utIuKBj.exe

C:\Windows\System\utIuKBj.exe

C:\Windows\System\CLFVEnt.exe

C:\Windows\System\CLFVEnt.exe

C:\Windows\System\gZewvBT.exe

C:\Windows\System\gZewvBT.exe

C:\Windows\System\jaYaewU.exe

C:\Windows\System\jaYaewU.exe

C:\Windows\System\Izzujth.exe

C:\Windows\System\Izzujth.exe

C:\Windows\System\XNpnRck.exe

C:\Windows\System\XNpnRck.exe

C:\Windows\System\YqlJcNj.exe

C:\Windows\System\YqlJcNj.exe

C:\Windows\System\IVSUPkq.exe

C:\Windows\System\IVSUPkq.exe

C:\Windows\System\avjoWsm.exe

C:\Windows\System\avjoWsm.exe

C:\Windows\System\qNvXOaV.exe

C:\Windows\System\qNvXOaV.exe

C:\Windows\System\CGtlWbM.exe

C:\Windows\System\CGtlWbM.exe

C:\Windows\System\ZtCURVt.exe

C:\Windows\System\ZtCURVt.exe

C:\Windows\System\YtYNtdh.exe

C:\Windows\System\YtYNtdh.exe

C:\Windows\System\QMAbvCX.exe

C:\Windows\System\QMAbvCX.exe

C:\Windows\System\InmgtSZ.exe

C:\Windows\System\InmgtSZ.exe

C:\Windows\System\iOjbMwj.exe

C:\Windows\System\iOjbMwj.exe

C:\Windows\System\cDsCCcU.exe

C:\Windows\System\cDsCCcU.exe

C:\Windows\System\wTFPREx.exe

C:\Windows\System\wTFPREx.exe

C:\Windows\System\tCkIkCg.exe

C:\Windows\System\tCkIkCg.exe

C:\Windows\System\kQEIAaW.exe

C:\Windows\System\kQEIAaW.exe

C:\Windows\System\laVPkDv.exe

C:\Windows\System\laVPkDv.exe

C:\Windows\System\xKRnLQf.exe

C:\Windows\System\xKRnLQf.exe

C:\Windows\System\DHKqMEK.exe

C:\Windows\System\DHKqMEK.exe

C:\Windows\System\KykhbLn.exe

C:\Windows\System\KykhbLn.exe

C:\Windows\System\AaggUxn.exe

C:\Windows\System\AaggUxn.exe

C:\Windows\System\TozVfQM.exe

C:\Windows\System\TozVfQM.exe

C:\Windows\System\CxtUwSu.exe

C:\Windows\System\CxtUwSu.exe

C:\Windows\System\lCjypQe.exe

C:\Windows\System\lCjypQe.exe

C:\Windows\System\LubYBau.exe

C:\Windows\System\LubYBau.exe

C:\Windows\System\LVpejzA.exe

C:\Windows\System\LVpejzA.exe

C:\Windows\System\NsOJngh.exe

C:\Windows\System\NsOJngh.exe

C:\Windows\System\jPPcEjM.exe

C:\Windows\System\jPPcEjM.exe

C:\Windows\System\HSShOzo.exe

C:\Windows\System\HSShOzo.exe

C:\Windows\System\hpjqwjf.exe

C:\Windows\System\hpjqwjf.exe

C:\Windows\System\qPkKTxU.exe

C:\Windows\System\qPkKTxU.exe

C:\Windows\System\qsQDWwm.exe

C:\Windows\System\qsQDWwm.exe

C:\Windows\System\DWFOsGo.exe

C:\Windows\System\DWFOsGo.exe

C:\Windows\System\HMYcFIg.exe

C:\Windows\System\HMYcFIg.exe

C:\Windows\System\BHDmVJQ.exe

C:\Windows\System\BHDmVJQ.exe

C:\Windows\System\beGmNmU.exe

C:\Windows\System\beGmNmU.exe

C:\Windows\System\CrTIjSw.exe

C:\Windows\System\CrTIjSw.exe

C:\Windows\System\iUfKgsT.exe

C:\Windows\System\iUfKgsT.exe

C:\Windows\System\bjVRcyr.exe

C:\Windows\System\bjVRcyr.exe

C:\Windows\System\gpTbuxx.exe

C:\Windows\System\gpTbuxx.exe

C:\Windows\System\bhyORdK.exe

C:\Windows\System\bhyORdK.exe

C:\Windows\System\FlnRbks.exe

C:\Windows\System\FlnRbks.exe

C:\Windows\System\DBdPopM.exe

C:\Windows\System\DBdPopM.exe

C:\Windows\System\PrCgsGC.exe

C:\Windows\System\PrCgsGC.exe

C:\Windows\System\tFeiztI.exe

C:\Windows\System\tFeiztI.exe

C:\Windows\System\JWfyUJy.exe

C:\Windows\System\JWfyUJy.exe

C:\Windows\System\yrNtxhv.exe

C:\Windows\System\yrNtxhv.exe

C:\Windows\System\QjBEEYc.exe

C:\Windows\System\QjBEEYc.exe

C:\Windows\System\IakZadk.exe

C:\Windows\System\IakZadk.exe

C:\Windows\System\KjwGYbn.exe

C:\Windows\System\KjwGYbn.exe

C:\Windows\System\LUNwEYv.exe

C:\Windows\System\LUNwEYv.exe

C:\Windows\System\lAwnrxk.exe

C:\Windows\System\lAwnrxk.exe

C:\Windows\System\JTIMjIV.exe

C:\Windows\System\JTIMjIV.exe

C:\Windows\System\rzymCTE.exe

C:\Windows\System\rzymCTE.exe

C:\Windows\System\nsQpjPc.exe

C:\Windows\System\nsQpjPc.exe

C:\Windows\System\rKZbmhW.exe

C:\Windows\System\rKZbmhW.exe

C:\Windows\System\MBWtDZL.exe

C:\Windows\System\MBWtDZL.exe

C:\Windows\System\BjgUVRM.exe

C:\Windows\System\BjgUVRM.exe

C:\Windows\System\aDMGNEf.exe

C:\Windows\System\aDMGNEf.exe

C:\Windows\System\PZYYTFp.exe

C:\Windows\System\PZYYTFp.exe

C:\Windows\System\jazhulK.exe

C:\Windows\System\jazhulK.exe

C:\Windows\System\vUMbtsD.exe

C:\Windows\System\vUMbtsD.exe

C:\Windows\System\jQxydEn.exe

C:\Windows\System\jQxydEn.exe

C:\Windows\System\SJjPPvs.exe

C:\Windows\System\SJjPPvs.exe

C:\Windows\System\kVlNOYY.exe

C:\Windows\System\kVlNOYY.exe

C:\Windows\System\DfTkrUT.exe

C:\Windows\System\DfTkrUT.exe

C:\Windows\System\dIEWKKz.exe

C:\Windows\System\dIEWKKz.exe

C:\Windows\System\aJPAvuG.exe

C:\Windows\System\aJPAvuG.exe

C:\Windows\System\fTnMHlK.exe

C:\Windows\System\fTnMHlK.exe

C:\Windows\System\ZLzATfj.exe

C:\Windows\System\ZLzATfj.exe

C:\Windows\System\sZpUtak.exe

C:\Windows\System\sZpUtak.exe

C:\Windows\System\hBLOILv.exe

C:\Windows\System\hBLOILv.exe

C:\Windows\System\aZVyiKK.exe

C:\Windows\System\aZVyiKK.exe

C:\Windows\System\iaelxCW.exe

C:\Windows\System\iaelxCW.exe

C:\Windows\System\rYLkNGp.exe

C:\Windows\System\rYLkNGp.exe

C:\Windows\System\XSipUXP.exe

C:\Windows\System\XSipUXP.exe

C:\Windows\System\yEoxymb.exe

C:\Windows\System\yEoxymb.exe

C:\Windows\System\HRiFzWM.exe

C:\Windows\System\HRiFzWM.exe

C:\Windows\System\BFjlNRr.exe

C:\Windows\System\BFjlNRr.exe

C:\Windows\System\gzxslnM.exe

C:\Windows\System\gzxslnM.exe

C:\Windows\System\votBrKH.exe

C:\Windows\System\votBrKH.exe

C:\Windows\System\YzCyWAs.exe

C:\Windows\System\YzCyWAs.exe

C:\Windows\System\MnhPsyo.exe

C:\Windows\System\MnhPsyo.exe

C:\Windows\System\etkybgb.exe

C:\Windows\System\etkybgb.exe

C:\Windows\System\xajjbad.exe

C:\Windows\System\xajjbad.exe

C:\Windows\System\AwFBPUD.exe

C:\Windows\System\AwFBPUD.exe

C:\Windows\System\ONWrbmO.exe

C:\Windows\System\ONWrbmO.exe

C:\Windows\System\VobOzYm.exe

C:\Windows\System\VobOzYm.exe

C:\Windows\System\qlMuWSa.exe

C:\Windows\System\qlMuWSa.exe

C:\Windows\System\kxqRyZM.exe

C:\Windows\System\kxqRyZM.exe

C:\Windows\System\BUXGbTd.exe

C:\Windows\System\BUXGbTd.exe

C:\Windows\System\PytIVNy.exe

C:\Windows\System\PytIVNy.exe

C:\Windows\System\aDeGjpx.exe

C:\Windows\System\aDeGjpx.exe

C:\Windows\System\NFJVdvV.exe

C:\Windows\System\NFJVdvV.exe

C:\Windows\System\gkywhSA.exe

C:\Windows\System\gkywhSA.exe

C:\Windows\System\zxDlPnO.exe

C:\Windows\System\zxDlPnO.exe

C:\Windows\System\UxEUxDS.exe

C:\Windows\System\UxEUxDS.exe

C:\Windows\System\TeKDABx.exe

C:\Windows\System\TeKDABx.exe

C:\Windows\System\sqIihPC.exe

C:\Windows\System\sqIihPC.exe

C:\Windows\System\GpijUAs.exe

C:\Windows\System\GpijUAs.exe

C:\Windows\System\ppZQTFf.exe

C:\Windows\System\ppZQTFf.exe

C:\Windows\System\aqRanmg.exe

C:\Windows\System\aqRanmg.exe

C:\Windows\System\SaNvEaU.exe

C:\Windows\System\SaNvEaU.exe

C:\Windows\System\NutdQll.exe

C:\Windows\System\NutdQll.exe

C:\Windows\System\EMyRPeY.exe

C:\Windows\System\EMyRPeY.exe

C:\Windows\System\SVkTIDm.exe

C:\Windows\System\SVkTIDm.exe

C:\Windows\System\dNVxBZR.exe

C:\Windows\System\dNVxBZR.exe

C:\Windows\System\MPdLgeE.exe

C:\Windows\System\MPdLgeE.exe

C:\Windows\System\UrLXQzV.exe

C:\Windows\System\UrLXQzV.exe

C:\Windows\System\cnkJnap.exe

C:\Windows\System\cnkJnap.exe

C:\Windows\System\gAPCxbu.exe

C:\Windows\System\gAPCxbu.exe

C:\Windows\System\YdSOdUq.exe

C:\Windows\System\YdSOdUq.exe

C:\Windows\System\mgSziOm.exe

C:\Windows\System\mgSziOm.exe

C:\Windows\System\ZQqvhnW.exe

C:\Windows\System\ZQqvhnW.exe

C:\Windows\System\FkhZesz.exe

C:\Windows\System\FkhZesz.exe

C:\Windows\System\zwTkShQ.exe

C:\Windows\System\zwTkShQ.exe

C:\Windows\System\whOQxbz.exe

C:\Windows\System\whOQxbz.exe

C:\Windows\System\BkJRUZF.exe

C:\Windows\System\BkJRUZF.exe

C:\Windows\System\fAmLKcV.exe

C:\Windows\System\fAmLKcV.exe

C:\Windows\System\LtHqOOk.exe

C:\Windows\System\LtHqOOk.exe

C:\Windows\System\Kerxwxc.exe

C:\Windows\System\Kerxwxc.exe

C:\Windows\System\DEAzePj.exe

C:\Windows\System\DEAzePj.exe

C:\Windows\System\BZRhMLP.exe

C:\Windows\System\BZRhMLP.exe

C:\Windows\System\ioWChQV.exe

C:\Windows\System\ioWChQV.exe

C:\Windows\System\WCTQVvN.exe

C:\Windows\System\WCTQVvN.exe

C:\Windows\System\fEeYvot.exe

C:\Windows\System\fEeYvot.exe

C:\Windows\System\rXRgWsH.exe

C:\Windows\System\rXRgWsH.exe

C:\Windows\System\OVBSDzl.exe

C:\Windows\System\OVBSDzl.exe

C:\Windows\System\rVzPJrV.exe

C:\Windows\System\rVzPJrV.exe

C:\Windows\System\vNqNjGF.exe

C:\Windows\System\vNqNjGF.exe

C:\Windows\System\xwyCsOr.exe

C:\Windows\System\xwyCsOr.exe

C:\Windows\System\kFSZJfJ.exe

C:\Windows\System\kFSZJfJ.exe

C:\Windows\System\czoMKGU.exe

C:\Windows\System\czoMKGU.exe

C:\Windows\System\eNSMHfm.exe

C:\Windows\System\eNSMHfm.exe

C:\Windows\System\vfaYZWM.exe

C:\Windows\System\vfaYZWM.exe

C:\Windows\System\zovYoEh.exe

C:\Windows\System\zovYoEh.exe

C:\Windows\System\Huxywnh.exe

C:\Windows\System\Huxywnh.exe

C:\Windows\System\dPqAlgI.exe

C:\Windows\System\dPqAlgI.exe

C:\Windows\System\AfbCyqj.exe

C:\Windows\System\AfbCyqj.exe

C:\Windows\System\jumbNrW.exe

C:\Windows\System\jumbNrW.exe

C:\Windows\System\WhNFFFF.exe

C:\Windows\System\WhNFFFF.exe

C:\Windows\System\xxXhKfD.exe

C:\Windows\System\xxXhKfD.exe

C:\Windows\System\IUXHBal.exe

C:\Windows\System\IUXHBal.exe

C:\Windows\System\nACkDjW.exe

C:\Windows\System\nACkDjW.exe

C:\Windows\System\WnIeFlx.exe

C:\Windows\System\WnIeFlx.exe

C:\Windows\System\bnopYpA.exe

C:\Windows\System\bnopYpA.exe

C:\Windows\System\nDDnogO.exe

C:\Windows\System\nDDnogO.exe

C:\Windows\System\uvRYmKL.exe

C:\Windows\System\uvRYmKL.exe

C:\Windows\System\iiYTgMD.exe

C:\Windows\System\iiYTgMD.exe

C:\Windows\System\WCqnQIe.exe

C:\Windows\System\WCqnQIe.exe

C:\Windows\System\tgcbrUF.exe

C:\Windows\System\tgcbrUF.exe

C:\Windows\System\rsjfRMv.exe

C:\Windows\System\rsjfRMv.exe

C:\Windows\System\qNpbzKA.exe

C:\Windows\System\qNpbzKA.exe

C:\Windows\System\sEHtemr.exe

C:\Windows\System\sEHtemr.exe

C:\Windows\System\TRAPeOd.exe

C:\Windows\System\TRAPeOd.exe

C:\Windows\System\iVIgYMj.exe

C:\Windows\System\iVIgYMj.exe

C:\Windows\System\kzGzXbR.exe

C:\Windows\System\kzGzXbR.exe

C:\Windows\System\AgGrzPI.exe

C:\Windows\System\AgGrzPI.exe

C:\Windows\System\GEcnEBb.exe

C:\Windows\System\GEcnEBb.exe

C:\Windows\System\KFoGYmw.exe

C:\Windows\System\KFoGYmw.exe

C:\Windows\System\HdoyGXq.exe

C:\Windows\System\HdoyGXq.exe

C:\Windows\System\LPqfJns.exe

C:\Windows\System\LPqfJns.exe

C:\Windows\System\JmsptxF.exe

C:\Windows\System\JmsptxF.exe

C:\Windows\System\OPUDJPu.exe

C:\Windows\System\OPUDJPu.exe

C:\Windows\System\QzcBlSp.exe

C:\Windows\System\QzcBlSp.exe

C:\Windows\System\UBKFZUi.exe

C:\Windows\System\UBKFZUi.exe

C:\Windows\System\IcDZdfS.exe

C:\Windows\System\IcDZdfS.exe

C:\Windows\System\wyLuiQH.exe

C:\Windows\System\wyLuiQH.exe

C:\Windows\System\bwFZxny.exe

C:\Windows\System\bwFZxny.exe

C:\Windows\System\HomSjAQ.exe

C:\Windows\System\HomSjAQ.exe

C:\Windows\System\KyhsSdr.exe

C:\Windows\System\KyhsSdr.exe

C:\Windows\System\gfhvnTA.exe

C:\Windows\System\gfhvnTA.exe

C:\Windows\System\jAYREHY.exe

C:\Windows\System\jAYREHY.exe

C:\Windows\System\dywnuvx.exe

C:\Windows\System\dywnuvx.exe

C:\Windows\System\CReMoWc.exe

C:\Windows\System\CReMoWc.exe

C:\Windows\System\GpimPcx.exe

C:\Windows\System\GpimPcx.exe

C:\Windows\System\fYPKzWW.exe

C:\Windows\System\fYPKzWW.exe

C:\Windows\System\IQIRvVX.exe

C:\Windows\System\IQIRvVX.exe

C:\Windows\System\uBZEhMM.exe

C:\Windows\System\uBZEhMM.exe

C:\Windows\System\AITmPrr.exe

C:\Windows\System\AITmPrr.exe

C:\Windows\System\rWSspEw.exe

C:\Windows\System\rWSspEw.exe

C:\Windows\System\onUnLLT.exe

C:\Windows\System\onUnLLT.exe

C:\Windows\System\yfhtwve.exe

C:\Windows\System\yfhtwve.exe

C:\Windows\System\qekHOMo.exe

C:\Windows\System\qekHOMo.exe

C:\Windows\System\eZzDBVa.exe

C:\Windows\System\eZzDBVa.exe

C:\Windows\System\GtkfCem.exe

C:\Windows\System\GtkfCem.exe

C:\Windows\System\ONhvYhA.exe

C:\Windows\System\ONhvYhA.exe

C:\Windows\System\uSeAaRL.exe

C:\Windows\System\uSeAaRL.exe

C:\Windows\System\QWrQOqO.exe

C:\Windows\System\QWrQOqO.exe

C:\Windows\System\IRODFwg.exe

C:\Windows\System\IRODFwg.exe

C:\Windows\System\zNKglyd.exe

C:\Windows\System\zNKglyd.exe

C:\Windows\System\ccqRQyM.exe

C:\Windows\System\ccqRQyM.exe

C:\Windows\System\nazcXhP.exe

C:\Windows\System\nazcXhP.exe

C:\Windows\System\HCCTpxW.exe

C:\Windows\System\HCCTpxW.exe

C:\Windows\System\ThAQbSp.exe

C:\Windows\System\ThAQbSp.exe

C:\Windows\System\uhmmFAX.exe

C:\Windows\System\uhmmFAX.exe

C:\Windows\System\ZDVNDiy.exe

C:\Windows\System\ZDVNDiy.exe

C:\Windows\System\hSQiEWO.exe

C:\Windows\System\hSQiEWO.exe

C:\Windows\System\eZchgwC.exe

C:\Windows\System\eZchgwC.exe

C:\Windows\System\wwKjdWx.exe

C:\Windows\System\wwKjdWx.exe

C:\Windows\System\BmfwuDU.exe

C:\Windows\System\BmfwuDU.exe

C:\Windows\System\IMHPDXm.exe

C:\Windows\System\IMHPDXm.exe

C:\Windows\System\LrmrTOt.exe

C:\Windows\System\LrmrTOt.exe

C:\Windows\System\AezlBJU.exe

C:\Windows\System\AezlBJU.exe

C:\Windows\System\tOLlNmb.exe

C:\Windows\System\tOLlNmb.exe

C:\Windows\System\JGuEJEo.exe

C:\Windows\System\JGuEJEo.exe

C:\Windows\System\hqdOyoe.exe

C:\Windows\System\hqdOyoe.exe

C:\Windows\System\IWOmxrW.exe

C:\Windows\System\IWOmxrW.exe

C:\Windows\System\wAKRsjz.exe

C:\Windows\System\wAKRsjz.exe

C:\Windows\System\WDHpvAT.exe

C:\Windows\System\WDHpvAT.exe

C:\Windows\System\kKwKkqG.exe

C:\Windows\System\kKwKkqG.exe

C:\Windows\System\SIEKGaq.exe

C:\Windows\System\SIEKGaq.exe

C:\Windows\System\HqmrkgH.exe

C:\Windows\System\HqmrkgH.exe

C:\Windows\System\naGcAwr.exe

C:\Windows\System\naGcAwr.exe

C:\Windows\System\ZHDAhHE.exe

C:\Windows\System\ZHDAhHE.exe

C:\Windows\System\rJeUvXl.exe

C:\Windows\System\rJeUvXl.exe

C:\Windows\System\lqMHkhL.exe

C:\Windows\System\lqMHkhL.exe

C:\Windows\System\xnPhlTd.exe

C:\Windows\System\xnPhlTd.exe

C:\Windows\System\aAUpnYz.exe

C:\Windows\System\aAUpnYz.exe

C:\Windows\System\OMssSZG.exe

C:\Windows\System\OMssSZG.exe

C:\Windows\System\OGTlJoc.exe

C:\Windows\System\OGTlJoc.exe

C:\Windows\System\cXSvpfE.exe

C:\Windows\System\cXSvpfE.exe

C:\Windows\System\wBAvmSh.exe

C:\Windows\System\wBAvmSh.exe

C:\Windows\System\gWVWIhX.exe

C:\Windows\System\gWVWIhX.exe

C:\Windows\System\VvWqaXe.exe

C:\Windows\System\VvWqaXe.exe

C:\Windows\System\nQSbsgj.exe

C:\Windows\System\nQSbsgj.exe

C:\Windows\System\rQjSVvJ.exe

C:\Windows\System\rQjSVvJ.exe

C:\Windows\System\KkydQTs.exe

C:\Windows\System\KkydQTs.exe

C:\Windows\System\bsICtsr.exe

C:\Windows\System\bsICtsr.exe

C:\Windows\System\EauvEKt.exe

C:\Windows\System\EauvEKt.exe

C:\Windows\System\XuhkJaW.exe

C:\Windows\System\XuhkJaW.exe

C:\Windows\System\mDkBwsR.exe

C:\Windows\System\mDkBwsR.exe

C:\Windows\System\BSTBTHW.exe

C:\Windows\System\BSTBTHW.exe

C:\Windows\System\weWSQex.exe

C:\Windows\System\weWSQex.exe

C:\Windows\System\oaXTjUW.exe

C:\Windows\System\oaXTjUW.exe

C:\Windows\System\NqjwwBM.exe

C:\Windows\System\NqjwwBM.exe

C:\Windows\System\vErvtBU.exe

C:\Windows\System\vErvtBU.exe

C:\Windows\System\kCfHMkr.exe

C:\Windows\System\kCfHMkr.exe

C:\Windows\System\UttzgIY.exe

C:\Windows\System\UttzgIY.exe

C:\Windows\System\yORFlMl.exe

C:\Windows\System\yORFlMl.exe

C:\Windows\System\KprJEWv.exe

C:\Windows\System\KprJEWv.exe

C:\Windows\System\XgwHopM.exe

C:\Windows\System\XgwHopM.exe

C:\Windows\System\AtQGLPf.exe

C:\Windows\System\AtQGLPf.exe

C:\Windows\System\ywoFXWy.exe

C:\Windows\System\ywoFXWy.exe

C:\Windows\System\yomcwjM.exe

C:\Windows\System\yomcwjM.exe

C:\Windows\System\GMuHtou.exe

C:\Windows\System\GMuHtou.exe

C:\Windows\System\yyQUXDy.exe

C:\Windows\System\yyQUXDy.exe

C:\Windows\System\PsNbvJV.exe

C:\Windows\System\PsNbvJV.exe

C:\Windows\System\oBOsmkd.exe

C:\Windows\System\oBOsmkd.exe

C:\Windows\System\peWsjqo.exe

C:\Windows\System\peWsjqo.exe

C:\Windows\System\pnhnFLq.exe

C:\Windows\System\pnhnFLq.exe

C:\Windows\System\uVXLMPR.exe

C:\Windows\System\uVXLMPR.exe

C:\Windows\System\eRKARYj.exe

C:\Windows\System\eRKARYj.exe

C:\Windows\System\QnSRXwh.exe

C:\Windows\System\QnSRXwh.exe

C:\Windows\System\wPQsamD.exe

C:\Windows\System\wPQsamD.exe

C:\Windows\System\xPiJxxL.exe

C:\Windows\System\xPiJxxL.exe

C:\Windows\System\dlbXCvf.exe

C:\Windows\System\dlbXCvf.exe

C:\Windows\System\vrvKVyv.exe

C:\Windows\System\vrvKVyv.exe

C:\Windows\System\TjoMxNb.exe

C:\Windows\System\TjoMxNb.exe

C:\Windows\System\ElEULAE.exe

C:\Windows\System\ElEULAE.exe

C:\Windows\System\eaofKHX.exe

C:\Windows\System\eaofKHX.exe

C:\Windows\System\GMyvVGA.exe

C:\Windows\System\GMyvVGA.exe

C:\Windows\System\pvLGdUY.exe

C:\Windows\System\pvLGdUY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1972-0-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/1972-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\wOxnqlF.exe

MD5 654c5a803f4fd271116f670b16db389f
SHA1 d6e2c1075c888d1d274a41401a803292f13889f1
SHA256 fa8d46d4fde0b42b0ce4def45f403c690fcdaeefbe6feba9cf09c2756e0d1656
SHA512 8a37881be5c811b0abffd5c9478331e56a06039543b24865b82b6694c333d83abeaeda7ba3ac15b423994601db6ac7bea264e310471d371c58a11693dcc7a22b

memory/2936-8-0x000000013F7E0000-0x000000013FB34000-memory.dmp

\Windows\system\XMFtWbC.exe

MD5 45660f85bd7ccad7fca7426f14fb26ee
SHA1 f193e83c1987bc116d16d000b403da3eacca050f
SHA256 3428d2bdd3b7102c32222d05296892fb0f45aeb3d7e4968314b14c59c2807be1
SHA512 6bca9e44374f860cf99c940f8b5a3e53d9fada279f89528e7b03c0493ee92c2892d6bf596f38499a34190e2d52f6ae25715b350da214d9feb1b91d1a3620f06e

memory/1972-12-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/2512-14-0x000000013FB70000-0x000000013FEC4000-memory.dmp

C:\Windows\system\mipwEeW.exe

MD5 0155623a1bc784eaf49d67f0f726b3cb
SHA1 b1225dca5d6d782c00260ad41a51a048b39f5434
SHA256 9182890a56fc54efef8cb228bcdaaab15bdf606422597350f3283af8b3d49dc3
SHA512 34b352d1d9a971da307638673f99ca27bdad3153f949e2d64c4c1517daf9ebef0a468ea75be8acacac738b5106c6bd76fd1f530f29de37075b61e1310bb36ba1

memory/2508-22-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/1972-20-0x000000013F2F0000-0x000000013F644000-memory.dmp

\Windows\system\imCtSFE.exe

MD5 14d35e0bdda6c50a335b99ec2ecea905
SHA1 d573e05fe276a7d4f708d7eb65da03ec8f02a734
SHA256 76ad92a8437ad05dab085b9b48ee5847768e779de990b912d095c9402a9c6ea8
SHA512 a1b7d2e68045e0c4782e4acc97a2c9c4f8cf879aed3380c961cbc927c4043875c8779712877b47be1cdfacd402ee36911b2b66b707ae4c7d783f8a038282fa67

memory/2828-29-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/1972-27-0x0000000001FF0000-0x0000000002344000-memory.dmp

C:\Windows\system\viXidej.exe

MD5 566f29ad1e73e67f5d6de52592d0948b
SHA1 f4b6f2aa2b236ab005b2822c9a1e126ad62a84de
SHA256 7622bd0e5185e5f1c040136d00da0082261d893f170b08744563fb81b752df87
SHA512 b73c35ea76f752280bbb9970b0a7592bae4f8c5603d8cbc69520d42f2956fd765ee2ee24243fa20718e63b86aee6af4e4a25ea70babc45038e70b4cb255a4adc

memory/1972-35-0x000000013F030000-0x000000013F384000-memory.dmp

\Windows\system\krDTTHx.exe

MD5 843bf7f69254cb77da7e3affc01fb7ea
SHA1 21361270b4f4f230b394f24ceed0757fcdea25c5
SHA256 dc8a0f4f63ac64064370f3144b80831926bf7559ae6119adb9684c5b25b95799
SHA512 fb3c7a0116253b02f399f834d2a4254b56f5528597bfcbc0475c53e2349fc5dcac860c2698273a8ce31f18767bdf0f4ffdf7318d971ca6c1942d23224cb33288

memory/2708-47-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/1972-67-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2456-66-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2516-63-0x000000013F9C0000-0x000000013FD14000-memory.dmp

C:\Windows\system\CCivqzK.exe

MD5 d488e354b098fffb1fd9842efad99c6d
SHA1 5cca3b8a669b1956180a06fd61659e98f1a970ab
SHA256 00563a6a57827c69f6cc98c7f042b8e714614e79bf1c2aae8f016f9755dbe8cf
SHA512 95f51237a75b9073d21bd4946fdbfbc136750c7a1d8ba2a8a4660205b80cd4a58f25a21b550422aa47cf49c543e57240cba0d78a9e180c3f936c3e3b82071411

C:\Windows\system\aDzMuag.exe

MD5 b53a928684ea546489c23b652065d7a1
SHA1 5dee955a946008557b147f3192e1761fe06f3d53
SHA256 64d91730240e0456d06e797b1bdd8a3998cd3a32698dcc344be2627ea267ff83
SHA512 134b2654c0c5908bdb04bac34f4c9424ab8dc96757960f6a2a3ba66e2cb22bd0618f0a1afbe74371b3c6013a14319820048771eecf25d1a708463b6a90d2bf62

memory/2508-84-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/1972-87-0x000000013F760000-0x000000013FAB4000-memory.dmp

memory/1972-56-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2604-88-0x000000013F760000-0x000000013FAB4000-memory.dmp

memory/2912-79-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2400-78-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2512-77-0x000000013FB70000-0x000000013FEC4000-memory.dmp

C:\Windows\system\BtFsMkz.exe

MD5 bc75cbec7582cb60fca12dda60ddee74
SHA1 e7dc5194980f3610508d295411b39302b3fea629
SHA256 02b58d3b9e126482d17c8402c3c773830fe974c598916044fb0bd27512ed6dca
SHA512 d7756b323ec1d898216bf5a41e78031c79b6a8c8ce53bda7e4ce0f32bfd2ef3ff8f3730da777f76919429ecbc91b3dbe68b087f6ee08c909174fd6bcbe2fa2df

C:\Windows\system\TPkzIKa.exe

MD5 3ff1e5e5db6557f4019b1ff8ae4c45bf
SHA1 0a84660a85ce71594de06afd424135a32c775597
SHA256 b0b07f022b1726f90db2a855352a153204d3016b84af795a43041616c807ce73
SHA512 74ea86fc036617b55864b682a0dfb30add20ddacce8c652f0627571bf13c0b01d84a5757bc8bef0b11b466f52b7c470dba47d3f32242228c50205893b1f31b24

memory/1972-74-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/2968-73-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/1972-72-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/2936-70-0x000000013F7E0000-0x000000013FB34000-memory.dmp

C:\Windows\system\dKyGIbf.exe

MD5 2266004303d79371e3660f6757107e4a
SHA1 9962183916f3b9b969a2409671c867cfbbf20b59
SHA256 03e567713529a5274c1a9b311ce10d5c60766104e2855b65545ce524ff110640
SHA512 8f47c4b63c7645c6f2fe323d3101f701c1527ddcb482d150a5e3a55738467afa770d7b48bca788f635271069e68656d136500317a300ce14675dfbd8705f4cb4

memory/1972-51-0x000000013F7E0000-0x000000013FB34000-memory.dmp

memory/1972-43-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/1972-41-0x000000013F740000-0x000000013FA94000-memory.dmp

C:\Windows\system\bdogxyJ.exe

MD5 a044b4f36182165c7c5b61201f88ba89
SHA1 b7c1c25b2dd195b8500b21268e49e3884b8d133a
SHA256 f80bd53f6cb86c52ad7c0228388c01482ab9f2cb86851a6a5c1c0f2c8d0cb4cc
SHA512 7301771dcee428396f5b11a6ec6f9417266b1c7ebcddc51169d6b433bcbd9edec9bcaca6a240bea14264e639bc0af15ef0eee8212865d9b6a423f6eaf49e8ed5

\Windows\system\FnSAtUQ.exe

MD5 de453562529ee746c21f6a89bbbe0b8b
SHA1 79b4bcde6eae521d2acaab77a6007b821e15bb55
SHA256 9d1240d01c111e18929d09da01420320222f17c712f63cd4919e23eddbefec97
SHA512 a93512769171f67cd989a3fa6c9720e2e0b346decfe3a6474900f53a88f60e07828c9f337741805867f88c71000936aad8f47e35dad166beace4f127d2e25373

memory/2828-96-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/1972-95-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/3032-39-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2780-97-0x000000013F560000-0x000000013F8B4000-memory.dmp

\Windows\system\ZHPMqYI.exe

MD5 6a2a381665ee272537768e6a7e6c08b0
SHA1 a907b77c0420814d248f9b65e1bf12750e2010ac
SHA256 f41844eb342cff8d6bf492bec1707840ba6b3d1e9fd24bbd62ad114ef3960047
SHA512 64c073979a477554999d3baa3e0ff274326394be8cc7411281926855a75d143a04c80104a4c09c03ecd550ceb9d5325260587b2e0b12f650488936fb8c4f6272

memory/2220-110-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/1972-123-0x000000013F120000-0x000000013F474000-memory.dmp

C:\Windows\system\XTZptbV.exe

MD5 c2aba35004dde916b09a9a673b8fff5d
SHA1 21c7cd69a27674d52c4fd155f298c115a9853928
SHA256 84fa6feb81e2a9113078a70386c2829d15769875f6bbce6b71ede63c2d2db5ef
SHA512 380d4ab5e354b59643817a7a5afbe0ef9ce58ef7b5635aa98bcf470fbe10787604a1acca8c4ad21ffacaac2cca6bdb429db38e9a04ff07dbbd05f8172f67ff08

C:\Windows\system\EWqPINS.exe

MD5 2a88f66cf01a656b451f2a385b898b0f
SHA1 6d5a2e82a9bccc0d292b29bbed188144cdccb0d1
SHA256 1cd686f320c0aa7310ab0de28343c9d1b99f25a5590ec95aa63beb4ec160e677
SHA512 ab5d010e2e3c011518685ee0ad3bd88790621f11308dd5900df4aabe3591cfce5cdd30dc4cc5b149d9d48eeb14f34f687fbf64ba3af1d91ba6ddae68cc9192b1

C:\Windows\system\llpQvbj.exe

MD5 a20ff1a152433162c6e1761c5cf792e3
SHA1 3f9e4751da6131c8b12d165341d64d4536fa4965
SHA256 f3369daed4623c9762a89abf603383cb427ecfaddea268c229a5d52de54b413c
SHA512 5c0e88515de3b4bd9c9ecf54e9a876b579b1b01e85eb4e8f7797d8d6cbdb208efe65e1612b64eabf95d54380aa9e848a5225bd001cda2c408c06ca86d38dee33

C:\Windows\system\LhZtIYZ.exe

MD5 28f9baabbec5ebb2400ed988b518fe14
SHA1 1149292efd1c13f871b6f112a894c52418a647f6
SHA256 01cd45552737805560ef74425a0de4cd0f3ee4b837889044524127d9a8396b04
SHA512 4e84238d7d65637b2375e348774e41c5b91b8c877d45f1d2d78cf7b9df2dca66c4c659f18348d1cd8641baa1a495466944047147ba2a3900e29ce6fac94cd66e

C:\Windows\system\AUOdNWl.exe

MD5 4f97583cdb1148d5d57a6a5ea8ef2667
SHA1 0a408d14e45cc28018014a412af2c72bb8d0821c
SHA256 0a141939dff48895dc1cc5d17faaa5a6dd9fb6faaaaf2eafec1a2f5395dfbbe8
SHA512 3841564c2e19508954e4a56456b5f1e5ea28ef25979c54f873331bd3e1d42b8f5f010f8e5f318db5359c41f299bcb9cd42efb7dc6a6a3e1037bccab77a4ebbd6

C:\Windows\system\YhQcklo.exe

MD5 f5e9efa3f756d842a964a92413c2ce04
SHA1 4f7188e9f93c91fc4211688071f92ccf89c8d5b4
SHA256 f3b3d243c2023e16a34912ccd4c52e85c78268bc50f00ab1b22cdeff09915dd7
SHA512 ccdcf34a2c329572933f33ea6befa6b78e73881acb8c5772153215d68babe93fd7df782523bad4109b1449b7b42b2bf1d094c34a455d9b30e73924c245fc25af

C:\Windows\system\IVUSUpb.exe

MD5 e58995fb71e3428711744b446507ec98
SHA1 f21a3f1efa6c033ffb4e96e936e832e1c7d4581b
SHA256 eeb5ed468ff12519c1fb6e2704a09fe0add5edff587bba095ff79c5cc736bc01
SHA512 9d3cfbb6ec117ba1d57973635f2910b70a64c8047fa356ce39c923a50441075d47618dcd009c193af8501c3723c9abb842347a915c29e0caa981e3a6ee6c4087

memory/2456-455-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/1972-454-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2516-317-0x000000013F9C0000-0x000000013FD14000-memory.dmp

C:\Windows\system\XqrWckv.exe

MD5 f0b7c26ac43ed8bab6b2deb74882e4a7
SHA1 b422192523fc8fd0330b05c44db10a3b9c82e9fc
SHA256 156bb2f08655d5ad82dcdb0229acb96d6c5a6e25b298d0d517a8602e4ebaa826
SHA512 8b5e27194bc9afe1330616b1cba510028e1caeb1538abcdf5ef657aadc682f88442c33d9adbc999630333055a45a027913dfbad8a143dbe5082926078c296e10

C:\Windows\system\bsdnKoG.exe

MD5 898518e92ba662ff0e526f8d9901614c
SHA1 e5db220c1b5e18330e50c68f393c99b6c5c93df0
SHA256 fa432df4537dfd65018ffac490d833f0433fa6bb4c175954c5591118ff41b572
SHA512 66baf67545f8ba5040fda0ca223803d026fd05bfe161d81a5c95d87a469bac6fb5d924a156348f62bbdffeba56b58287af5dc4321a26816ba36266e341f2f705

C:\Windows\system\uJgwmcy.exe

MD5 b1354717a111eb5a42b68228bc387de9
SHA1 6a21b9eb0577e4627336a7387363801c4136c7b8
SHA256 091654783cb91c0ca8a9931c660ba7fde429a067d39343396f2cdd3f970fec60
SHA512 0d0bcb6793d341ba333a259ac89a57f31cf501fd703aca5182feba62428349d241ddcb99f2df04fbcf6bb3bbf21f0d7f6dee972179f656f402818ec6dd94e612

C:\Windows\system\jKIRqKa.exe

MD5 8f23e269d69da044d430da1bc54c1427
SHA1 4c89a3aca01930b9febc30ef4e1474f984dd9f99
SHA256 28955de259fbdceb395af6c4b9dd392ebdb866231ea4050210b36d32d09df0b3
SHA512 d8fad3622971854210bcdddc2805c0f2dd340dd50047f2eae8fce03681f2c9adaacf653ffc7d339b63c431ecdaf3faf7b031344d745dbbdee719fe159532e47d

C:\Windows\system\wqTSfdH.exe

MD5 7e6e412613e91a3ba0936f312f37252d
SHA1 5b8e5ede88e053ca850d3be293819e7311d5c1db
SHA256 c9b73eb53486b0b73b814ab98e159374050dda6bf33932d9ceaccc679ab1d8df
SHA512 d1997c6608f9232c32b0ec09c064dde76a7b4000f9d701a0745ec70542615de94b424dbadaa32386577dac60e2d4ae20a8b44c735080e26d38cb102e058b4434

C:\Windows\system\iVdUnaH.exe

MD5 74d7797d867a9c52cd94c3be509daa63
SHA1 3a876565b534689e8700be5c7d9bd90f0a543bc9
SHA256 b4eee12b4f3ef2c6cd72f4ceaca2ca4d8f0d50a1f0c2a9f3694a4bcdb6d1ee6d
SHA512 3e8b45a6fe0f66019d91e6c29e9328214d74cadac8f2135aa903c2a14661c4a4d3b6b7d24ceec4c25fab363b6ab348d74bbf6969b727c76f62ea07b5d59ec9ea

C:\Windows\system\qaBUpOS.exe

MD5 3c0cc370418d07d2d7bf29828eb4ee80
SHA1 b35829e786962bad6d1ca749f6390007afcbb95d
SHA256 15909eb7733904a5ebbdc0d6c62e4eec994b62712e482fe0ba5fcdca8e3baf24
SHA512 31cb30992a197352e6cb4cf47cce91240cfaeb31ccc2c24351199bf2b9ec3f4ba390ef028186f11b88f37df58ef2112a60ff6e358a870d6964b854e92e48d578

C:\Windows\system\PtlyXEP.exe

MD5 9c042c4befe371806afe5dbf5493eab8
SHA1 f2a1625c29b51622e8bfa70e1237d6bee86f75c6
SHA256 eacf17b672e114712015bb2b6bb788534fd703c64510d76fd984ed14f21fc5b4
SHA512 596e5734486586b1dd300635d7abd02123e8836231bb229c70f2ec6f80eae8fe0d5f3190ee411de271de67995cb972d09ee48999e52756c9c208a640ba0e5c77

C:\Windows\system\PlRJrKc.exe

MD5 63bcbacce31a44f25e9067b3750a290c
SHA1 9b5dd74d6e53de689bbf3687bd3ec1f02c4077d9
SHA256 5366a5b97388c6bb2638943dfdc20d9e2f8159a299a4ab4fe7dce6c3f1af543f
SHA512 97c30c10c61ed3988700b0b73e3fcf191fefe24fee4ad05e22179edabd0d7cc7a519bf41677b95e9ea20020ddb0234319743a1c4612e309e33f2d07b283fd5cb

C:\Windows\system\qlpdaWe.exe

MD5 7ecb3837c10a64bcbb71f97f4868cd43
SHA1 5b6bceb519b98400a4dbed8341428db71a875f0f
SHA256 718e127801f675dc2752df99e9105cb74db953a0678f0b9b3642ce96d3fd9da6
SHA512 411677477bbed069ba225bad28f454d27fdf2ef59837752cd00e4cef84363a331a019c6781f5847ae2b1266abb86f36c8c5ffece4410ae37303ff8c35111fbbf

memory/1972-108-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/1972-104-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/1972-102-0x000000013F030000-0x000000013F384000-memory.dmp

C:\Windows\system\VmpWiVq.exe

MD5 5c3b9616fb0daaa47b73069bae523e66
SHA1 bf24af914e339b9357e4eecd0516f740d52b53d5
SHA256 6d54765a09353e96b89dd6b8133cf2164fbf466c8b245ec833b75a0d9944a495
SHA512 ab0bdf120281dcb346993a02f34a5f3a4d87e0fd81d0f0605f95f3c240336e9c321bb823cc70988189e2550f7e0d19750dd7971722be87a5e4aeae1767b70e53

memory/1972-945-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/1972-1080-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/2400-1081-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2912-1082-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/1972-1083-0x000000013F760000-0x000000013FAB4000-memory.dmp

memory/1972-1084-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/1972-1085-0x0000000001FF0000-0x0000000002344000-memory.dmp

memory/1972-1086-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2936-1087-0x000000013F7E0000-0x000000013FB34000-memory.dmp

memory/2512-1088-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2508-1089-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2828-1090-0x000000013FB00000-0x000000013FE54000-memory.dmp

memory/3032-1091-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2708-1092-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2516-1093-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2456-1095-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2968-1094-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2912-1096-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2604-1097-0x000000013F760000-0x000000013FAB4000-memory.dmp

memory/2400-1098-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2780-1099-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2220-1100-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 02:42

Reported

2024-06-02 02:44

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wOxnqlF.exe N/A
N/A N/A C:\Windows\System\XMFtWbC.exe N/A
N/A N/A C:\Windows\System\mipwEeW.exe N/A
N/A N/A C:\Windows\System\imCtSFE.exe N/A
N/A N/A C:\Windows\System\viXidej.exe N/A
N/A N/A C:\Windows\System\bdogxyJ.exe N/A
N/A N/A C:\Windows\System\krDTTHx.exe N/A
N/A N/A C:\Windows\System\dKyGIbf.exe N/A
N/A N/A C:\Windows\System\TPkzIKa.exe N/A
N/A N/A C:\Windows\System\CCivqzK.exe N/A
N/A N/A C:\Windows\System\BtFsMkz.exe N/A
N/A N/A C:\Windows\System\aDzMuag.exe N/A
N/A N/A C:\Windows\System\FnSAtUQ.exe N/A
N/A N/A C:\Windows\System\VmpWiVq.exe N/A
N/A N/A C:\Windows\System\ZHPMqYI.exe N/A
N/A N/A C:\Windows\System\EWqPINS.exe N/A
N/A N/A C:\Windows\System\PlRJrKc.exe N/A
N/A N/A C:\Windows\System\llpQvbj.exe N/A
N/A N/A C:\Windows\System\LhZtIYZ.exe N/A
N/A N/A C:\Windows\System\PtlyXEP.exe N/A
N/A N/A C:\Windows\System\qlpdaWe.exe N/A
N/A N/A C:\Windows\System\XTZptbV.exe N/A
N/A N/A C:\Windows\System\qaBUpOS.exe N/A
N/A N/A C:\Windows\System\iVdUnaH.exe N/A
N/A N/A C:\Windows\System\wqTSfdH.exe N/A
N/A N/A C:\Windows\System\AUOdNWl.exe N/A
N/A N/A C:\Windows\System\uJgwmcy.exe N/A
N/A N/A C:\Windows\System\jKIRqKa.exe N/A
N/A N/A C:\Windows\System\YhQcklo.exe N/A
N/A N/A C:\Windows\System\IVUSUpb.exe N/A
N/A N/A C:\Windows\System\bsdnKoG.exe N/A
N/A N/A C:\Windows\System\XqrWckv.exe N/A
N/A N/A C:\Windows\System\JetERDM.exe N/A
N/A N/A C:\Windows\System\zcPLNHo.exe N/A
N/A N/A C:\Windows\System\IcGMJMQ.exe N/A
N/A N/A C:\Windows\System\NTZMWdv.exe N/A
N/A N/A C:\Windows\System\VkmcSUo.exe N/A
N/A N/A C:\Windows\System\IRjoQRG.exe N/A
N/A N/A C:\Windows\System\nMBbUoF.exe N/A
N/A N/A C:\Windows\System\FdHAlfk.exe N/A
N/A N/A C:\Windows\System\narFnhN.exe N/A
N/A N/A C:\Windows\System\vLjhZNM.exe N/A
N/A N/A C:\Windows\System\uITagYW.exe N/A
N/A N/A C:\Windows\System\cblqFPM.exe N/A
N/A N/A C:\Windows\System\YCgMrhE.exe N/A
N/A N/A C:\Windows\System\bCLgePj.exe N/A
N/A N/A C:\Windows\System\LyoCyEM.exe N/A
N/A N/A C:\Windows\System\rNniuvo.exe N/A
N/A N/A C:\Windows\System\nRyPpoS.exe N/A
N/A N/A C:\Windows\System\bfDqBvr.exe N/A
N/A N/A C:\Windows\System\aEPKOCy.exe N/A
N/A N/A C:\Windows\System\cnyOLII.exe N/A
N/A N/A C:\Windows\System\vscAewN.exe N/A
N/A N/A C:\Windows\System\YAZLvzh.exe N/A
N/A N/A C:\Windows\System\BhAvWBv.exe N/A
N/A N/A C:\Windows\System\mtStVyD.exe N/A
N/A N/A C:\Windows\System\qeWqdxs.exe N/A
N/A N/A C:\Windows\System\wOafTId.exe N/A
N/A N/A C:\Windows\System\utIuKBj.exe N/A
N/A N/A C:\Windows\System\CLFVEnt.exe N/A
N/A N/A C:\Windows\System\gZewvBT.exe N/A
N/A N/A C:\Windows\System\jaYaewU.exe N/A
N/A N/A C:\Windows\System\XNpnRck.exe N/A
N/A N/A C:\Windows\System\Izzujth.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xxXhKfD.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvLGdUY.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNniuvo.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\YtYNtdh.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjgUVRM.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\IWOmxrW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAUpnYz.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\mDkBwsR.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\krDTTHx.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\PytIVNy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWSspEw.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAmLKcV.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVzPJrV.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\ONhvYhA.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\KprJEWv.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\iUfKgsT.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrNtxhv.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccqRQyM.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpTbuxx.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\FlnRbks.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAwnrxk.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaelxCW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzCyWAs.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqrWckv.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\bfDqBvr.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\KykhbLn.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElEULAE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\BUXGbTd.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\czoMKGU.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHDAhHE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEHtemr.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFoGYmw.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOLlNmb.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\laVPkDv.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnhPsyo.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCTQVvN.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCCTpxW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBOsmkd.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRKARYj.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgSziOm.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\zovYoEh.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcDZdfS.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqRanmg.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLFVEnt.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZpUtak.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlMuWSa.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\onUnLLT.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\AtQGLPf.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\peWsjqo.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\aEPKOCy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFjlNRr.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRAPeOd.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\CReMoWc.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\uITagYW.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWfyUJy.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\IakZadk.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgwHopM.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPdLgeE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAKRsjz.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMssSZG.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXSvpfE.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\qsQDWwm.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxEUxDS.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMyRPeY.exe C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4028 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wOxnqlF.exe
PID 4028 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wOxnqlF.exe
PID 4028 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XMFtWbC.exe
PID 4028 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XMFtWbC.exe
PID 4028 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\mipwEeW.exe
PID 4028 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\mipwEeW.exe
PID 4028 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\imCtSFE.exe
PID 4028 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\imCtSFE.exe
PID 4028 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\viXidej.exe
PID 4028 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\viXidej.exe
PID 4028 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bdogxyJ.exe
PID 4028 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bdogxyJ.exe
PID 4028 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\krDTTHx.exe
PID 4028 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\krDTTHx.exe
PID 4028 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\dKyGIbf.exe
PID 4028 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\dKyGIbf.exe
PID 4028 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\TPkzIKa.exe
PID 4028 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\TPkzIKa.exe
PID 4028 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\CCivqzK.exe
PID 4028 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\CCivqzK.exe
PID 4028 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\BtFsMkz.exe
PID 4028 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\BtFsMkz.exe
PID 4028 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\aDzMuag.exe
PID 4028 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\aDzMuag.exe
PID 4028 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\FnSAtUQ.exe
PID 4028 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\FnSAtUQ.exe
PID 4028 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\VmpWiVq.exe
PID 4028 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\VmpWiVq.exe
PID 4028 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\ZHPMqYI.exe
PID 4028 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\ZHPMqYI.exe
PID 4028 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qlpdaWe.exe
PID 4028 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qlpdaWe.exe
PID 4028 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\EWqPINS.exe
PID 4028 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\EWqPINS.exe
PID 4028 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XTZptbV.exe
PID 4028 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XTZptbV.exe
PID 4028 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PlRJrKc.exe
PID 4028 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PlRJrKc.exe
PID 4028 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\llpQvbj.exe
PID 4028 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\llpQvbj.exe
PID 4028 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\LhZtIYZ.exe
PID 4028 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\LhZtIYZ.exe
PID 4028 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PtlyXEP.exe
PID 4028 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\PtlyXEP.exe
PID 4028 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qaBUpOS.exe
PID 4028 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\qaBUpOS.exe
PID 4028 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\iVdUnaH.exe
PID 4028 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\iVdUnaH.exe
PID 4028 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wqTSfdH.exe
PID 4028 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\wqTSfdH.exe
PID 4028 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\AUOdNWl.exe
PID 4028 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\AUOdNWl.exe
PID 4028 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\uJgwmcy.exe
PID 4028 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\uJgwmcy.exe
PID 4028 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\jKIRqKa.exe
PID 4028 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\jKIRqKa.exe
PID 4028 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\YhQcklo.exe
PID 4028 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\YhQcklo.exe
PID 4028 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bsdnKoG.exe
PID 4028 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\bsdnKoG.exe
PID 4028 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\IVUSUpb.exe
PID 4028 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\IVUSUpb.exe
PID 4028 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XqrWckv.exe
PID 4028 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe C:\Windows\System\XqrWckv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\276dc3964a30f2b2f926d8a38ee2a530_NeikiAnalytics.exe"

C:\Windows\System\wOxnqlF.exe

C:\Windows\System\wOxnqlF.exe

C:\Windows\System\XMFtWbC.exe

C:\Windows\System\XMFtWbC.exe

C:\Windows\System\mipwEeW.exe

C:\Windows\System\mipwEeW.exe

C:\Windows\System\imCtSFE.exe

C:\Windows\System\imCtSFE.exe

C:\Windows\System\viXidej.exe

C:\Windows\System\viXidej.exe

C:\Windows\System\bdogxyJ.exe

C:\Windows\System\bdogxyJ.exe

C:\Windows\System\krDTTHx.exe

C:\Windows\System\krDTTHx.exe

C:\Windows\System\dKyGIbf.exe

C:\Windows\System\dKyGIbf.exe

C:\Windows\System\TPkzIKa.exe

C:\Windows\System\TPkzIKa.exe

C:\Windows\System\CCivqzK.exe

C:\Windows\System\CCivqzK.exe

C:\Windows\System\BtFsMkz.exe

C:\Windows\System\BtFsMkz.exe

C:\Windows\System\aDzMuag.exe

C:\Windows\System\aDzMuag.exe

C:\Windows\System\FnSAtUQ.exe

C:\Windows\System\FnSAtUQ.exe

C:\Windows\System\VmpWiVq.exe

C:\Windows\System\VmpWiVq.exe

C:\Windows\System\ZHPMqYI.exe

C:\Windows\System\ZHPMqYI.exe

C:\Windows\System\qlpdaWe.exe

C:\Windows\System\qlpdaWe.exe

C:\Windows\System\EWqPINS.exe

C:\Windows\System\EWqPINS.exe

C:\Windows\System\XTZptbV.exe

C:\Windows\System\XTZptbV.exe

C:\Windows\System\PlRJrKc.exe

C:\Windows\System\PlRJrKc.exe

C:\Windows\System\llpQvbj.exe

C:\Windows\System\llpQvbj.exe

C:\Windows\System\LhZtIYZ.exe

C:\Windows\System\LhZtIYZ.exe

C:\Windows\System\PtlyXEP.exe

C:\Windows\System\PtlyXEP.exe

C:\Windows\System\qaBUpOS.exe

C:\Windows\System\qaBUpOS.exe

C:\Windows\System\iVdUnaH.exe

C:\Windows\System\iVdUnaH.exe

C:\Windows\System\wqTSfdH.exe

C:\Windows\System\wqTSfdH.exe

C:\Windows\System\AUOdNWl.exe

C:\Windows\System\AUOdNWl.exe

C:\Windows\System\uJgwmcy.exe

C:\Windows\System\uJgwmcy.exe

C:\Windows\System\jKIRqKa.exe

C:\Windows\System\jKIRqKa.exe

C:\Windows\System\YhQcklo.exe

C:\Windows\System\YhQcklo.exe

C:\Windows\System\bsdnKoG.exe

C:\Windows\System\bsdnKoG.exe

C:\Windows\System\IVUSUpb.exe

C:\Windows\System\IVUSUpb.exe

C:\Windows\System\XqrWckv.exe

C:\Windows\System\XqrWckv.exe

C:\Windows\System\JetERDM.exe

C:\Windows\System\JetERDM.exe

C:\Windows\System\zcPLNHo.exe

C:\Windows\System\zcPLNHo.exe

C:\Windows\System\IcGMJMQ.exe

C:\Windows\System\IcGMJMQ.exe

C:\Windows\System\NTZMWdv.exe

C:\Windows\System\NTZMWdv.exe

C:\Windows\System\VkmcSUo.exe

C:\Windows\System\VkmcSUo.exe

C:\Windows\System\IRjoQRG.exe

C:\Windows\System\IRjoQRG.exe

C:\Windows\System\nMBbUoF.exe

C:\Windows\System\nMBbUoF.exe

C:\Windows\System\FdHAlfk.exe

C:\Windows\System\FdHAlfk.exe

C:\Windows\System\narFnhN.exe

C:\Windows\System\narFnhN.exe

C:\Windows\System\vLjhZNM.exe

C:\Windows\System\vLjhZNM.exe

C:\Windows\System\uITagYW.exe

C:\Windows\System\uITagYW.exe

C:\Windows\System\cblqFPM.exe

C:\Windows\System\cblqFPM.exe

C:\Windows\System\YCgMrhE.exe

C:\Windows\System\YCgMrhE.exe

C:\Windows\System\bCLgePj.exe

C:\Windows\System\bCLgePj.exe

C:\Windows\System\nRyPpoS.exe

C:\Windows\System\nRyPpoS.exe

C:\Windows\System\LyoCyEM.exe

C:\Windows\System\LyoCyEM.exe

C:\Windows\System\rNniuvo.exe

C:\Windows\System\rNniuvo.exe

C:\Windows\System\bfDqBvr.exe

C:\Windows\System\bfDqBvr.exe

C:\Windows\System\aEPKOCy.exe

C:\Windows\System\aEPKOCy.exe

C:\Windows\System\cnyOLII.exe

C:\Windows\System\cnyOLII.exe

C:\Windows\System\vscAewN.exe

C:\Windows\System\vscAewN.exe

C:\Windows\System\YAZLvzh.exe

C:\Windows\System\YAZLvzh.exe

C:\Windows\System\BhAvWBv.exe

C:\Windows\System\BhAvWBv.exe

C:\Windows\System\mtStVyD.exe

C:\Windows\System\mtStVyD.exe

C:\Windows\System\qeWqdxs.exe

C:\Windows\System\qeWqdxs.exe

C:\Windows\System\wOafTId.exe

C:\Windows\System\wOafTId.exe

C:\Windows\System\utIuKBj.exe

C:\Windows\System\utIuKBj.exe

C:\Windows\System\CLFVEnt.exe

C:\Windows\System\CLFVEnt.exe

C:\Windows\System\gZewvBT.exe

C:\Windows\System\gZewvBT.exe

C:\Windows\System\jaYaewU.exe

C:\Windows\System\jaYaewU.exe

C:\Windows\System\Izzujth.exe

C:\Windows\System\Izzujth.exe

C:\Windows\System\XNpnRck.exe

C:\Windows\System\XNpnRck.exe

C:\Windows\System\YqlJcNj.exe

C:\Windows\System\YqlJcNj.exe

C:\Windows\System\IVSUPkq.exe

C:\Windows\System\IVSUPkq.exe

C:\Windows\System\avjoWsm.exe

C:\Windows\System\avjoWsm.exe

C:\Windows\System\qNvXOaV.exe

C:\Windows\System\qNvXOaV.exe

C:\Windows\System\CGtlWbM.exe

C:\Windows\System\CGtlWbM.exe

C:\Windows\System\ZtCURVt.exe

C:\Windows\System\ZtCURVt.exe

C:\Windows\System\YtYNtdh.exe

C:\Windows\System\YtYNtdh.exe

C:\Windows\System\QMAbvCX.exe

C:\Windows\System\QMAbvCX.exe

C:\Windows\System\InmgtSZ.exe

C:\Windows\System\InmgtSZ.exe

C:\Windows\System\iOjbMwj.exe

C:\Windows\System\iOjbMwj.exe

C:\Windows\System\cDsCCcU.exe

C:\Windows\System\cDsCCcU.exe

C:\Windows\System\wTFPREx.exe

C:\Windows\System\wTFPREx.exe

C:\Windows\System\tCkIkCg.exe

C:\Windows\System\tCkIkCg.exe

C:\Windows\System\kQEIAaW.exe

C:\Windows\System\kQEIAaW.exe

C:\Windows\System\laVPkDv.exe

C:\Windows\System\laVPkDv.exe

C:\Windows\System\xKRnLQf.exe

C:\Windows\System\xKRnLQf.exe

C:\Windows\System\DHKqMEK.exe

C:\Windows\System\DHKqMEK.exe

C:\Windows\System\KykhbLn.exe

C:\Windows\System\KykhbLn.exe

C:\Windows\System\AaggUxn.exe

C:\Windows\System\AaggUxn.exe

C:\Windows\System\TozVfQM.exe

C:\Windows\System\TozVfQM.exe

C:\Windows\System\CxtUwSu.exe

C:\Windows\System\CxtUwSu.exe

C:\Windows\System\lCjypQe.exe

C:\Windows\System\lCjypQe.exe

C:\Windows\System\LubYBau.exe

C:\Windows\System\LubYBau.exe

C:\Windows\System\LVpejzA.exe

C:\Windows\System\LVpejzA.exe

C:\Windows\System\NsOJngh.exe

C:\Windows\System\NsOJngh.exe

C:\Windows\System\jPPcEjM.exe

C:\Windows\System\jPPcEjM.exe

C:\Windows\System\HSShOzo.exe

C:\Windows\System\HSShOzo.exe

C:\Windows\System\hpjqwjf.exe

C:\Windows\System\hpjqwjf.exe

C:\Windows\System\qPkKTxU.exe

C:\Windows\System\qPkKTxU.exe

C:\Windows\System\qsQDWwm.exe

C:\Windows\System\qsQDWwm.exe

C:\Windows\System\DWFOsGo.exe

C:\Windows\System\DWFOsGo.exe

C:\Windows\System\HMYcFIg.exe

C:\Windows\System\HMYcFIg.exe

C:\Windows\System\BHDmVJQ.exe

C:\Windows\System\BHDmVJQ.exe

C:\Windows\System\beGmNmU.exe

C:\Windows\System\beGmNmU.exe

C:\Windows\System\CrTIjSw.exe

C:\Windows\System\CrTIjSw.exe

C:\Windows\System\iUfKgsT.exe

C:\Windows\System\iUfKgsT.exe

C:\Windows\System\bjVRcyr.exe

C:\Windows\System\bjVRcyr.exe

C:\Windows\System\gpTbuxx.exe

C:\Windows\System\gpTbuxx.exe

C:\Windows\System\bhyORdK.exe

C:\Windows\System\bhyORdK.exe

C:\Windows\System\FlnRbks.exe

C:\Windows\System\FlnRbks.exe

C:\Windows\System\DBdPopM.exe

C:\Windows\System\DBdPopM.exe

C:\Windows\System\PrCgsGC.exe

C:\Windows\System\PrCgsGC.exe

C:\Windows\System\tFeiztI.exe

C:\Windows\System\tFeiztI.exe

C:\Windows\System\JWfyUJy.exe

C:\Windows\System\JWfyUJy.exe

C:\Windows\System\yrNtxhv.exe

C:\Windows\System\yrNtxhv.exe

C:\Windows\System\QjBEEYc.exe

C:\Windows\System\QjBEEYc.exe

C:\Windows\System\IakZadk.exe

C:\Windows\System\IakZadk.exe

C:\Windows\System\KjwGYbn.exe

C:\Windows\System\KjwGYbn.exe

C:\Windows\System\LUNwEYv.exe

C:\Windows\System\LUNwEYv.exe

C:\Windows\System\lAwnrxk.exe

C:\Windows\System\lAwnrxk.exe

C:\Windows\System\JTIMjIV.exe

C:\Windows\System\JTIMjIV.exe

C:\Windows\System\rzymCTE.exe

C:\Windows\System\rzymCTE.exe

C:\Windows\System\nsQpjPc.exe

C:\Windows\System\nsQpjPc.exe

C:\Windows\System\rKZbmhW.exe

C:\Windows\System\rKZbmhW.exe

C:\Windows\System\MBWtDZL.exe

C:\Windows\System\MBWtDZL.exe

C:\Windows\System\BjgUVRM.exe

C:\Windows\System\BjgUVRM.exe

C:\Windows\System\aDMGNEf.exe

C:\Windows\System\aDMGNEf.exe

C:\Windows\System\PZYYTFp.exe

C:\Windows\System\PZYYTFp.exe

C:\Windows\System\jazhulK.exe

C:\Windows\System\jazhulK.exe

C:\Windows\System\vUMbtsD.exe

C:\Windows\System\vUMbtsD.exe

C:\Windows\System\jQxydEn.exe

C:\Windows\System\jQxydEn.exe

C:\Windows\System\SJjPPvs.exe

C:\Windows\System\SJjPPvs.exe

C:\Windows\System\kVlNOYY.exe

C:\Windows\System\kVlNOYY.exe

C:\Windows\System\DfTkrUT.exe

C:\Windows\System\DfTkrUT.exe

C:\Windows\System\dIEWKKz.exe

C:\Windows\System\dIEWKKz.exe

C:\Windows\System\aJPAvuG.exe

C:\Windows\System\aJPAvuG.exe

C:\Windows\System\fTnMHlK.exe

C:\Windows\System\fTnMHlK.exe

C:\Windows\System\ZLzATfj.exe

C:\Windows\System\ZLzATfj.exe

C:\Windows\System\sZpUtak.exe

C:\Windows\System\sZpUtak.exe

C:\Windows\System\hBLOILv.exe

C:\Windows\System\hBLOILv.exe

C:\Windows\System\aZVyiKK.exe

C:\Windows\System\aZVyiKK.exe

C:\Windows\System\iaelxCW.exe

C:\Windows\System\iaelxCW.exe

C:\Windows\System\rYLkNGp.exe

C:\Windows\System\rYLkNGp.exe

C:\Windows\System\XSipUXP.exe

C:\Windows\System\XSipUXP.exe

C:\Windows\System\yEoxymb.exe

C:\Windows\System\yEoxymb.exe

C:\Windows\System\HRiFzWM.exe

C:\Windows\System\HRiFzWM.exe

C:\Windows\System\BFjlNRr.exe

C:\Windows\System\BFjlNRr.exe

C:\Windows\System\gzxslnM.exe

C:\Windows\System\gzxslnM.exe

C:\Windows\System\votBrKH.exe

C:\Windows\System\votBrKH.exe

C:\Windows\System\YzCyWAs.exe

C:\Windows\System\YzCyWAs.exe

C:\Windows\System\MnhPsyo.exe

C:\Windows\System\MnhPsyo.exe

C:\Windows\System\etkybgb.exe

C:\Windows\System\etkybgb.exe

C:\Windows\System\xajjbad.exe

C:\Windows\System\xajjbad.exe

C:\Windows\System\AwFBPUD.exe

C:\Windows\System\AwFBPUD.exe

C:\Windows\System\ONWrbmO.exe

C:\Windows\System\ONWrbmO.exe

C:\Windows\System\VobOzYm.exe

C:\Windows\System\VobOzYm.exe

C:\Windows\System\qlMuWSa.exe

C:\Windows\System\qlMuWSa.exe

C:\Windows\System\kxqRyZM.exe

C:\Windows\System\kxqRyZM.exe

C:\Windows\System\BUXGbTd.exe

C:\Windows\System\BUXGbTd.exe

C:\Windows\System\PytIVNy.exe

C:\Windows\System\PytIVNy.exe

C:\Windows\System\aDeGjpx.exe

C:\Windows\System\aDeGjpx.exe

C:\Windows\System\NFJVdvV.exe

C:\Windows\System\NFJVdvV.exe

C:\Windows\System\gkywhSA.exe

C:\Windows\System\gkywhSA.exe

C:\Windows\System\zxDlPnO.exe

C:\Windows\System\zxDlPnO.exe

C:\Windows\System\UxEUxDS.exe

C:\Windows\System\UxEUxDS.exe

C:\Windows\System\TeKDABx.exe

C:\Windows\System\TeKDABx.exe

C:\Windows\System\sqIihPC.exe

C:\Windows\System\sqIihPC.exe

C:\Windows\System\GpijUAs.exe

C:\Windows\System\GpijUAs.exe

C:\Windows\System\ppZQTFf.exe

C:\Windows\System\ppZQTFf.exe

C:\Windows\System\aqRanmg.exe

C:\Windows\System\aqRanmg.exe

C:\Windows\System\SaNvEaU.exe

C:\Windows\System\SaNvEaU.exe

C:\Windows\System\NutdQll.exe

C:\Windows\System\NutdQll.exe

C:\Windows\System\EMyRPeY.exe

C:\Windows\System\EMyRPeY.exe

C:\Windows\System\SVkTIDm.exe

C:\Windows\System\SVkTIDm.exe

C:\Windows\System\dNVxBZR.exe

C:\Windows\System\dNVxBZR.exe

C:\Windows\System\MPdLgeE.exe

C:\Windows\System\MPdLgeE.exe

C:\Windows\System\UrLXQzV.exe

C:\Windows\System\UrLXQzV.exe

C:\Windows\System\cnkJnap.exe

C:\Windows\System\cnkJnap.exe

C:\Windows\System\gAPCxbu.exe

C:\Windows\System\gAPCxbu.exe

C:\Windows\System\YdSOdUq.exe

C:\Windows\System\YdSOdUq.exe

C:\Windows\System\mgSziOm.exe

C:\Windows\System\mgSziOm.exe

C:\Windows\System\ZQqvhnW.exe

C:\Windows\System\ZQqvhnW.exe

C:\Windows\System\FkhZesz.exe

C:\Windows\System\FkhZesz.exe

C:\Windows\System\zwTkShQ.exe

C:\Windows\System\zwTkShQ.exe

C:\Windows\System\whOQxbz.exe

C:\Windows\System\whOQxbz.exe

C:\Windows\System\BkJRUZF.exe

C:\Windows\System\BkJRUZF.exe

C:\Windows\System\fAmLKcV.exe

C:\Windows\System\fAmLKcV.exe

C:\Windows\System\LtHqOOk.exe

C:\Windows\System\LtHqOOk.exe

C:\Windows\System\Kerxwxc.exe

C:\Windows\System\Kerxwxc.exe

C:\Windows\System\DEAzePj.exe

C:\Windows\System\DEAzePj.exe

C:\Windows\System\BZRhMLP.exe

C:\Windows\System\BZRhMLP.exe

C:\Windows\System\ioWChQV.exe

C:\Windows\System\ioWChQV.exe

C:\Windows\System\WCTQVvN.exe

C:\Windows\System\WCTQVvN.exe

C:\Windows\System\fEeYvot.exe

C:\Windows\System\fEeYvot.exe

C:\Windows\System\rXRgWsH.exe

C:\Windows\System\rXRgWsH.exe

C:\Windows\System\OVBSDzl.exe

C:\Windows\System\OVBSDzl.exe

C:\Windows\System\rVzPJrV.exe

C:\Windows\System\rVzPJrV.exe

C:\Windows\System\vNqNjGF.exe

C:\Windows\System\vNqNjGF.exe

C:\Windows\System\xwyCsOr.exe

C:\Windows\System\xwyCsOr.exe

C:\Windows\System\kFSZJfJ.exe

C:\Windows\System\kFSZJfJ.exe

C:\Windows\System\czoMKGU.exe

C:\Windows\System\czoMKGU.exe

C:\Windows\System\eNSMHfm.exe

C:\Windows\System\eNSMHfm.exe

C:\Windows\System\vfaYZWM.exe

C:\Windows\System\vfaYZWM.exe

C:\Windows\System\zovYoEh.exe

C:\Windows\System\zovYoEh.exe

C:\Windows\System\Huxywnh.exe

C:\Windows\System\Huxywnh.exe

C:\Windows\System\dPqAlgI.exe

C:\Windows\System\dPqAlgI.exe

C:\Windows\System\AfbCyqj.exe

C:\Windows\System\AfbCyqj.exe

C:\Windows\System\jumbNrW.exe

C:\Windows\System\jumbNrW.exe

C:\Windows\System\WhNFFFF.exe

C:\Windows\System\WhNFFFF.exe

C:\Windows\System\xxXhKfD.exe

C:\Windows\System\xxXhKfD.exe

C:\Windows\System\IUXHBal.exe

C:\Windows\System\IUXHBal.exe

C:\Windows\System\nACkDjW.exe

C:\Windows\System\nACkDjW.exe

C:\Windows\System\WnIeFlx.exe

C:\Windows\System\WnIeFlx.exe

C:\Windows\System\bnopYpA.exe

C:\Windows\System\bnopYpA.exe

C:\Windows\System\nDDnogO.exe

C:\Windows\System\nDDnogO.exe

C:\Windows\System\uvRYmKL.exe

C:\Windows\System\uvRYmKL.exe

C:\Windows\System\iiYTgMD.exe

C:\Windows\System\iiYTgMD.exe

C:\Windows\System\WCqnQIe.exe

C:\Windows\System\WCqnQIe.exe

C:\Windows\System\tgcbrUF.exe

C:\Windows\System\tgcbrUF.exe

C:\Windows\System\rsjfRMv.exe

C:\Windows\System\rsjfRMv.exe

C:\Windows\System\qNpbzKA.exe

C:\Windows\System\qNpbzKA.exe

C:\Windows\System\sEHtemr.exe

C:\Windows\System\sEHtemr.exe

C:\Windows\System\TRAPeOd.exe

C:\Windows\System\TRAPeOd.exe

C:\Windows\System\iVIgYMj.exe

C:\Windows\System\iVIgYMj.exe

C:\Windows\System\kzGzXbR.exe

C:\Windows\System\kzGzXbR.exe

C:\Windows\System\AgGrzPI.exe

C:\Windows\System\AgGrzPI.exe

C:\Windows\System\GEcnEBb.exe

C:\Windows\System\GEcnEBb.exe

C:\Windows\System\KFoGYmw.exe

C:\Windows\System\KFoGYmw.exe

C:\Windows\System\HdoyGXq.exe

C:\Windows\System\HdoyGXq.exe

C:\Windows\System\LPqfJns.exe

C:\Windows\System\LPqfJns.exe

C:\Windows\System\JmsptxF.exe

C:\Windows\System\JmsptxF.exe

C:\Windows\System\OPUDJPu.exe

C:\Windows\System\OPUDJPu.exe

C:\Windows\System\QzcBlSp.exe

C:\Windows\System\QzcBlSp.exe

C:\Windows\System\UBKFZUi.exe

C:\Windows\System\UBKFZUi.exe

C:\Windows\System\IcDZdfS.exe

C:\Windows\System\IcDZdfS.exe

C:\Windows\System\wyLuiQH.exe

C:\Windows\System\wyLuiQH.exe

C:\Windows\System\bwFZxny.exe

C:\Windows\System\bwFZxny.exe

C:\Windows\System\HomSjAQ.exe

C:\Windows\System\HomSjAQ.exe

C:\Windows\System\KyhsSdr.exe

C:\Windows\System\KyhsSdr.exe

C:\Windows\System\gfhvnTA.exe

C:\Windows\System\gfhvnTA.exe

C:\Windows\System\jAYREHY.exe

C:\Windows\System\jAYREHY.exe

C:\Windows\System\dywnuvx.exe

C:\Windows\System\dywnuvx.exe

C:\Windows\System\CReMoWc.exe

C:\Windows\System\CReMoWc.exe

C:\Windows\System\GpimPcx.exe

C:\Windows\System\GpimPcx.exe

C:\Windows\System\fYPKzWW.exe

C:\Windows\System\fYPKzWW.exe

C:\Windows\System\IQIRvVX.exe

C:\Windows\System\IQIRvVX.exe

C:\Windows\System\uBZEhMM.exe

C:\Windows\System\uBZEhMM.exe

C:\Windows\System\AITmPrr.exe

C:\Windows\System\AITmPrr.exe

C:\Windows\System\rWSspEw.exe

C:\Windows\System\rWSspEw.exe

C:\Windows\System\onUnLLT.exe

C:\Windows\System\onUnLLT.exe

C:\Windows\System\yfhtwve.exe

C:\Windows\System\yfhtwve.exe

C:\Windows\System\qekHOMo.exe

C:\Windows\System\qekHOMo.exe

C:\Windows\System\eZzDBVa.exe

C:\Windows\System\eZzDBVa.exe

C:\Windows\System\GtkfCem.exe

C:\Windows\System\GtkfCem.exe

C:\Windows\System\ONhvYhA.exe

C:\Windows\System\ONhvYhA.exe

C:\Windows\System\uSeAaRL.exe

C:\Windows\System\uSeAaRL.exe

C:\Windows\System\QWrQOqO.exe

C:\Windows\System\QWrQOqO.exe

C:\Windows\System\IRODFwg.exe

C:\Windows\System\IRODFwg.exe

C:\Windows\System\zNKglyd.exe

C:\Windows\System\zNKglyd.exe

C:\Windows\System\ccqRQyM.exe

C:\Windows\System\ccqRQyM.exe

C:\Windows\System\nazcXhP.exe

C:\Windows\System\nazcXhP.exe

C:\Windows\System\HCCTpxW.exe

C:\Windows\System\HCCTpxW.exe

C:\Windows\System\ThAQbSp.exe

C:\Windows\System\ThAQbSp.exe

C:\Windows\System\uhmmFAX.exe

C:\Windows\System\uhmmFAX.exe

C:\Windows\System\ZDVNDiy.exe

C:\Windows\System\ZDVNDiy.exe

C:\Windows\System\hSQiEWO.exe

C:\Windows\System\hSQiEWO.exe

C:\Windows\System\eZchgwC.exe

C:\Windows\System\eZchgwC.exe

C:\Windows\System\wwKjdWx.exe

C:\Windows\System\wwKjdWx.exe

C:\Windows\System\BmfwuDU.exe

C:\Windows\System\BmfwuDU.exe

C:\Windows\System\IMHPDXm.exe

C:\Windows\System\IMHPDXm.exe

C:\Windows\System\LrmrTOt.exe

C:\Windows\System\LrmrTOt.exe

C:\Windows\System\AezlBJU.exe

C:\Windows\System\AezlBJU.exe

C:\Windows\System\tOLlNmb.exe

C:\Windows\System\tOLlNmb.exe

C:\Windows\System\JGuEJEo.exe

C:\Windows\System\JGuEJEo.exe

C:\Windows\System\hqdOyoe.exe

C:\Windows\System\hqdOyoe.exe

C:\Windows\System\IWOmxrW.exe

C:\Windows\System\IWOmxrW.exe

C:\Windows\System\wAKRsjz.exe

C:\Windows\System\wAKRsjz.exe

C:\Windows\System\WDHpvAT.exe

C:\Windows\System\WDHpvAT.exe

C:\Windows\System\kKwKkqG.exe

C:\Windows\System\kKwKkqG.exe

C:\Windows\System\SIEKGaq.exe

C:\Windows\System\SIEKGaq.exe

C:\Windows\System\HqmrkgH.exe

C:\Windows\System\HqmrkgH.exe

C:\Windows\System\naGcAwr.exe

C:\Windows\System\naGcAwr.exe

C:\Windows\System\ZHDAhHE.exe

C:\Windows\System\ZHDAhHE.exe

C:\Windows\System\rJeUvXl.exe

C:\Windows\System\rJeUvXl.exe

C:\Windows\System\lqMHkhL.exe

C:\Windows\System\lqMHkhL.exe

C:\Windows\System\xnPhlTd.exe

C:\Windows\System\xnPhlTd.exe

C:\Windows\System\aAUpnYz.exe

C:\Windows\System\aAUpnYz.exe

C:\Windows\System\OMssSZG.exe

C:\Windows\System\OMssSZG.exe

C:\Windows\System\OGTlJoc.exe

C:\Windows\System\OGTlJoc.exe

C:\Windows\System\cXSvpfE.exe

C:\Windows\System\cXSvpfE.exe

C:\Windows\System\wBAvmSh.exe

C:\Windows\System\wBAvmSh.exe

C:\Windows\System\gWVWIhX.exe

C:\Windows\System\gWVWIhX.exe

C:\Windows\System\VvWqaXe.exe

C:\Windows\System\VvWqaXe.exe

C:\Windows\System\nQSbsgj.exe

C:\Windows\System\nQSbsgj.exe

C:\Windows\System\rQjSVvJ.exe

C:\Windows\System\rQjSVvJ.exe

C:\Windows\System\KkydQTs.exe

C:\Windows\System\KkydQTs.exe

C:\Windows\System\bsICtsr.exe

C:\Windows\System\bsICtsr.exe

C:\Windows\System\EauvEKt.exe

C:\Windows\System\EauvEKt.exe

C:\Windows\System\XuhkJaW.exe

C:\Windows\System\XuhkJaW.exe

C:\Windows\System\mDkBwsR.exe

C:\Windows\System\mDkBwsR.exe

C:\Windows\System\BSTBTHW.exe

C:\Windows\System\BSTBTHW.exe

C:\Windows\System\weWSQex.exe

C:\Windows\System\weWSQex.exe

C:\Windows\System\oaXTjUW.exe

C:\Windows\System\oaXTjUW.exe

C:\Windows\System\NqjwwBM.exe

C:\Windows\System\NqjwwBM.exe

C:\Windows\System\vErvtBU.exe

C:\Windows\System\vErvtBU.exe

C:\Windows\System\kCfHMkr.exe

C:\Windows\System\kCfHMkr.exe

C:\Windows\System\UttzgIY.exe

C:\Windows\System\UttzgIY.exe

C:\Windows\System\yORFlMl.exe

C:\Windows\System\yORFlMl.exe

C:\Windows\System\KprJEWv.exe

C:\Windows\System\KprJEWv.exe

C:\Windows\System\XgwHopM.exe

C:\Windows\System\XgwHopM.exe

C:\Windows\System\AtQGLPf.exe

C:\Windows\System\AtQGLPf.exe

C:\Windows\System\ywoFXWy.exe

C:\Windows\System\ywoFXWy.exe

C:\Windows\System\yomcwjM.exe

C:\Windows\System\yomcwjM.exe

C:\Windows\System\GMuHtou.exe

C:\Windows\System\GMuHtou.exe

C:\Windows\System\yyQUXDy.exe

C:\Windows\System\yyQUXDy.exe

C:\Windows\System\PsNbvJV.exe

C:\Windows\System\PsNbvJV.exe

C:\Windows\System\oBOsmkd.exe

C:\Windows\System\oBOsmkd.exe

C:\Windows\System\peWsjqo.exe

C:\Windows\System\peWsjqo.exe

C:\Windows\System\pnhnFLq.exe

C:\Windows\System\pnhnFLq.exe

C:\Windows\System\uVXLMPR.exe

C:\Windows\System\uVXLMPR.exe

C:\Windows\System\eRKARYj.exe

C:\Windows\System\eRKARYj.exe

C:\Windows\System\QnSRXwh.exe

C:\Windows\System\QnSRXwh.exe

C:\Windows\System\wPQsamD.exe

C:\Windows\System\wPQsamD.exe

C:\Windows\System\xPiJxxL.exe

C:\Windows\System\xPiJxxL.exe

C:\Windows\System\dlbXCvf.exe

C:\Windows\System\dlbXCvf.exe

C:\Windows\System\vrvKVyv.exe

C:\Windows\System\vrvKVyv.exe

C:\Windows\System\TjoMxNb.exe

C:\Windows\System\TjoMxNb.exe

C:\Windows\System\ElEULAE.exe

C:\Windows\System\ElEULAE.exe

C:\Windows\System\eaofKHX.exe

C:\Windows\System\eaofKHX.exe

C:\Windows\System\GMyvVGA.exe

C:\Windows\System\GMyvVGA.exe

C:\Windows\System\pvLGdUY.exe

C:\Windows\System\pvLGdUY.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp

Files

memory/4028-0-0x00007FF7AE810000-0x00007FF7AEB64000-memory.dmp

memory/4028-1-0x00000168435E0000-0x00000168435F0000-memory.dmp

C:\Windows\System\wOxnqlF.exe

MD5 654c5a803f4fd271116f670b16db389f
SHA1 d6e2c1075c888d1d274a41401a803292f13889f1
SHA256 fa8d46d4fde0b42b0ce4def45f403c690fcdaeefbe6feba9cf09c2756e0d1656
SHA512 8a37881be5c811b0abffd5c9478331e56a06039543b24865b82b6694c333d83abeaeda7ba3ac15b423994601db6ac7bea264e310471d371c58a11693dcc7a22b

memory/4568-10-0x00007FF62D380000-0x00007FF62D6D4000-memory.dmp

C:\Windows\System\imCtSFE.exe

MD5 14d35e0bdda6c50a335b99ec2ecea905
SHA1 d573e05fe276a7d4f708d7eb65da03ec8f02a734
SHA256 76ad92a8437ad05dab085b9b48ee5847768e779de990b912d095c9402a9c6ea8
SHA512 a1b7d2e68045e0c4782e4acc97a2c9c4f8cf879aed3380c961cbc927c4043875c8779712877b47be1cdfacd402ee36911b2b66b707ae4c7d783f8a038282fa67

C:\Windows\System\bdogxyJ.exe

MD5 a044b4f36182165c7c5b61201f88ba89
SHA1 b7c1c25b2dd195b8500b21268e49e3884b8d133a
SHA256 f80bd53f6cb86c52ad7c0228388c01482ab9f2cb86851a6a5c1c0f2c8d0cb4cc
SHA512 7301771dcee428396f5b11a6ec6f9417266b1c7ebcddc51169d6b433bcbd9edec9bcaca6a240bea14264e639bc0af15ef0eee8212865d9b6a423f6eaf49e8ed5

C:\Windows\System\TPkzIKa.exe

MD5 3ff1e5e5db6557f4019b1ff8ae4c45bf
SHA1 0a84660a85ce71594de06afd424135a32c775597
SHA256 b0b07f022b1726f90db2a855352a153204d3016b84af795a43041616c807ce73
SHA512 74ea86fc036617b55864b682a0dfb30add20ddacce8c652f0627571bf13c0b01d84a5757bc8bef0b11b466f52b7c470dba47d3f32242228c50205893b1f31b24

memory/4180-77-0x00007FF616510000-0x00007FF616864000-memory.dmp

C:\Windows\System\PtlyXEP.exe

MD5 9c042c4befe371806afe5dbf5493eab8
SHA1 f2a1625c29b51622e8bfa70e1237d6bee86f75c6
SHA256 eacf17b672e114712015bb2b6bb788534fd703c64510d76fd984ed14f21fc5b4
SHA512 596e5734486586b1dd300635d7abd02123e8836231bb229c70f2ec6f80eae8fe0d5f3190ee411de271de67995cb972d09ee48999e52756c9c208a640ba0e5c77

C:\Windows\System\LhZtIYZ.exe

MD5 28f9baabbec5ebb2400ed988b518fe14
SHA1 1149292efd1c13f871b6f112a894c52418a647f6
SHA256 01cd45552737805560ef74425a0de4cd0f3ee4b837889044524127d9a8396b04
SHA512 4e84238d7d65637b2375e348774e41c5b91b8c877d45f1d2d78cf7b9df2dca66c4c659f18348d1cd8641baa1a495466944047147ba2a3900e29ce6fac94cd66e

C:\Windows\System\AUOdNWl.exe

MD5 4f97583cdb1148d5d57a6a5ea8ef2667
SHA1 0a408d14e45cc28018014a412af2c72bb8d0821c
SHA256 0a141939dff48895dc1cc5d17faaa5a6dd9fb6faaaaf2eafec1a2f5395dfbbe8
SHA512 3841564c2e19508954e4a56456b5f1e5ea28ef25979c54f873331bd3e1d42b8f5f010f8e5f318db5359c41f299bcb9cd42efb7dc6a6a3e1037bccab77a4ebbd6

memory/4576-128-0x00007FF6B88C0000-0x00007FF6B8C14000-memory.dmp

memory/916-133-0x00007FF7C0940000-0x00007FF7C0C94000-memory.dmp

memory/2348-138-0x00007FF7C1FC0000-0x00007FF7C2314000-memory.dmp

memory/2536-141-0x00007FF6C7B60000-0x00007FF6C7EB4000-memory.dmp

memory/1836-140-0x00007FF6EC990000-0x00007FF6ECCE4000-memory.dmp

memory/2952-139-0x00007FF6636C0000-0x00007FF663A14000-memory.dmp

memory/3080-137-0x00007FF782D40000-0x00007FF783094000-memory.dmp

memory/3512-136-0x00007FF628CA0000-0x00007FF628FF4000-memory.dmp

memory/1624-135-0x00007FF7203E0000-0x00007FF720734000-memory.dmp

memory/4524-134-0x00007FF706290000-0x00007FF7065E4000-memory.dmp

memory/3748-132-0x00007FF7FDA70000-0x00007FF7FDDC4000-memory.dmp

memory/1868-131-0x00007FF7941A0000-0x00007FF7944F4000-memory.dmp

memory/464-130-0x00007FF62AC50000-0x00007FF62AFA4000-memory.dmp

memory/3160-129-0x00007FF6EE6C0000-0x00007FF6EEA14000-memory.dmp

memory/3132-127-0x00007FF7EDC40000-0x00007FF7EDF94000-memory.dmp

memory/2208-126-0x00007FF796B80000-0x00007FF796ED4000-memory.dmp

memory/2232-125-0x00007FF668780000-0x00007FF668AD4000-memory.dmp

memory/3076-123-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp

C:\Windows\System\wqTSfdH.exe

MD5 7e6e412613e91a3ba0936f312f37252d
SHA1 5b8e5ede88e053ca850d3be293819e7311d5c1db
SHA256 c9b73eb53486b0b73b814ab98e159374050dda6bf33932d9ceaccc679ab1d8df
SHA512 d1997c6608f9232c32b0ec09c064dde76a7b4000f9d701a0745ec70542615de94b424dbadaa32386577dac60e2d4ae20a8b44c735080e26d38cb102e058b4434

C:\Windows\System\iVdUnaH.exe

MD5 74d7797d867a9c52cd94c3be509daa63
SHA1 3a876565b534689e8700be5c7d9bd90f0a543bc9
SHA256 b4eee12b4f3ef2c6cd72f4ceaca2ca4d8f0d50a1f0c2a9f3694a4bcdb6d1ee6d
SHA512 3e8b45a6fe0f66019d91e6c29e9328214d74cadac8f2135aa903c2a14661c4a4d3b6b7d24ceec4c25fab363b6ab348d74bbf6969b727c76f62ea07b5d59ec9ea

C:\Windows\System\qaBUpOS.exe

MD5 3c0cc370418d07d2d7bf29828eb4ee80
SHA1 b35829e786962bad6d1ca749f6390007afcbb95d
SHA256 15909eb7733904a5ebbdc0d6c62e4eec994b62712e482fe0ba5fcdca8e3baf24
SHA512 31cb30992a197352e6cb4cf47cce91240cfaeb31ccc2c24351199bf2b9ec3f4ba390ef028186f11b88f37df58ef2112a60ff6e358a870d6964b854e92e48d578

C:\Windows\System\XTZptbV.exe

MD5 c2aba35004dde916b09a9a673b8fff5d
SHA1 21c7cd69a27674d52c4fd155f298c115a9853928
SHA256 84fa6feb81e2a9113078a70386c2829d15769875f6bbce6b71ede63c2d2db5ef
SHA512 380d4ab5e354b59643817a7a5afbe0ef9ce58ef7b5635aa98bcf470fbe10787604a1acca8c4ad21ffacaac2cca6bdb429db38e9a04ff07dbbd05f8172f67ff08

C:\Windows\System\qlpdaWe.exe

MD5 7ecb3837c10a64bcbb71f97f4868cd43
SHA1 5b6bceb519b98400a4dbed8341428db71a875f0f
SHA256 718e127801f675dc2752df99e9105cb74db953a0678f0b9b3642ce96d3fd9da6
SHA512 411677477bbed069ba225bad28f454d27fdf2ef59837752cd00e4cef84363a331a019c6781f5847ae2b1266abb86f36c8c5ffece4410ae37303ff8c35111fbbf

memory/3452-116-0x00007FF7CAC20000-0x00007FF7CAF74000-memory.dmp

C:\Windows\System\llpQvbj.exe

MD5 a20ff1a152433162c6e1761c5cf792e3
SHA1 3f9e4751da6131c8b12d165341d64d4536fa4965
SHA256 f3369daed4623c9762a89abf603383cb427ecfaddea268c229a5d52de54b413c
SHA512 5c0e88515de3b4bd9c9ecf54e9a876b579b1b01e85eb4e8f7797d8d6cbdb208efe65e1612b64eabf95d54380aa9e848a5225bd001cda2c408c06ca86d38dee33

C:\Windows\System\PlRJrKc.exe

MD5 63bcbacce31a44f25e9067b3750a290c
SHA1 9b5dd74d6e53de689bbf3687bd3ec1f02c4077d9
SHA256 5366a5b97388c6bb2638943dfdc20d9e2f8159a299a4ab4fe7dce6c3f1af543f
SHA512 97c30c10c61ed3988700b0b73e3fcf191fefe24fee4ad05e22179edabd0d7cc7a519bf41677b95e9ea20020ddb0234319743a1c4612e309e33f2d07b283fd5cb

C:\Windows\System\ZHPMqYI.exe

MD5 6a2a381665ee272537768e6a7e6c08b0
SHA1 a907b77c0420814d248f9b65e1bf12750e2010ac
SHA256 f41844eb342cff8d6bf492bec1707840ba6b3d1e9fd24bbd62ad114ef3960047
SHA512 64c073979a477554999d3baa3e0ff274326394be8cc7411281926855a75d143a04c80104a4c09c03ecd550ceb9d5325260587b2e0b12f650488936fb8c4f6272

C:\Windows\System\FnSAtUQ.exe

MD5 de453562529ee746c21f6a89bbbe0b8b
SHA1 79b4bcde6eae521d2acaab77a6007b821e15bb55
SHA256 9d1240d01c111e18929d09da01420320222f17c712f63cd4919e23eddbefec97
SHA512 a93512769171f67cd989a3fa6c9720e2e0b346decfe3a6474900f53a88f60e07828c9f337741805867f88c71000936aad8f47e35dad166beace4f127d2e25373

memory/3624-109-0x00007FF6165D0000-0x00007FF616924000-memory.dmp

C:\Windows\System\aDzMuag.exe

MD5 b53a928684ea546489c23b652065d7a1
SHA1 5dee955a946008557b147f3192e1761fe06f3d53
SHA256 64d91730240e0456d06e797b1bdd8a3998cd3a32698dcc344be2627ea267ff83
SHA512 134b2654c0c5908bdb04bac34f4c9424ab8dc96757960f6a2a3ba66e2cb22bd0618f0a1afbe74371b3c6013a14319820048771eecf25d1a708463b6a90d2bf62

C:\Windows\System\dKyGIbf.exe

MD5 2266004303d79371e3660f6757107e4a
SHA1 9962183916f3b9b969a2409671c867cfbbf20b59
SHA256 03e567713529a5274c1a9b311ce10d5c60766104e2855b65545ce524ff110640
SHA512 8f47c4b63c7645c6f2fe323d3101f701c1527ddcb482d150a5e3a55738467afa770d7b48bca788f635271069e68656d136500317a300ce14675dfbd8705f4cb4

memory/536-96-0x00007FF7A2450000-0x00007FF7A27A4000-memory.dmp

C:\Windows\System\BtFsMkz.exe

MD5 bc75cbec7582cb60fca12dda60ddee74
SHA1 e7dc5194980f3610508d295411b39302b3fea629
SHA256 02b58d3b9e126482d17c8402c3c773830fe974c598916044fb0bd27512ed6dca
SHA512 d7756b323ec1d898216bf5a41e78031c79b6a8c8ce53bda7e4ce0f32bfd2ef3ff8f3730da777f76919429ecbc91b3dbe68b087f6ee08c909174fd6bcbe2fa2df

C:\Windows\System\EWqPINS.exe

MD5 2a88f66cf01a656b451f2a385b898b0f
SHA1 6d5a2e82a9bccc0d292b29bbed188144cdccb0d1
SHA256 1cd686f320c0aa7310ab0de28343c9d1b99f25a5590ec95aa63beb4ec160e677
SHA512 ab5d010e2e3c011518685ee0ad3bd88790621f11308dd5900df4aabe3591cfce5cdd30dc4cc5b149d9d48eeb14f34f687fbf64ba3af1d91ba6ddae68cc9192b1

C:\Windows\System\VmpWiVq.exe

MD5 5c3b9616fb0daaa47b73069bae523e66
SHA1 bf24af914e339b9357e4eecd0516f740d52b53d5
SHA256 6d54765a09353e96b89dd6b8133cf2164fbf466c8b245ec833b75a0d9944a495
SHA512 ab0bdf120281dcb346993a02f34a5f3a4d87e0fd81d0f0605f95f3c240336e9c321bb823cc70988189e2550f7e0d19750dd7971722be87a5e4aeae1767b70e53

C:\Windows\System\CCivqzK.exe

MD5 d488e354b098fffb1fd9842efad99c6d
SHA1 5cca3b8a669b1956180a06fd61659e98f1a970ab
SHA256 00563a6a57827c69f6cc98c7f042b8e714614e79bf1c2aae8f016f9755dbe8cf
SHA512 95f51237a75b9073d21bd4946fdbfbc136750c7a1d8ba2a8a4660205b80cd4a58f25a21b550422aa47cf49c543e57240cba0d78a9e180c3f936c3e3b82071411

C:\Windows\System\krDTTHx.exe

MD5 843bf7f69254cb77da7e3affc01fb7ea
SHA1 21361270b4f4f230b394f24ceed0757fcdea25c5
SHA256 dc8a0f4f63ac64064370f3144b80831926bf7559ae6119adb9684c5b25b95799
SHA512 fb3c7a0116253b02f399f834d2a4254b56f5528597bfcbc0475c53e2349fc5dcac860c2698273a8ce31f18767bdf0f4ffdf7318d971ca6c1942d23224cb33288

memory/2804-57-0x00007FF7EF730000-0x00007FF7EFA84000-memory.dmp

memory/4044-48-0x00007FF606670000-0x00007FF6069C4000-memory.dmp

C:\Windows\System\viXidej.exe

MD5 566f29ad1e73e67f5d6de52592d0948b
SHA1 f4b6f2aa2b236ab005b2822c9a1e126ad62a84de
SHA256 7622bd0e5185e5f1c040136d00da0082261d893f170b08744563fb81b752df87
SHA512 b73c35ea76f752280bbb9970b0a7592bae4f8c5603d8cbc69520d42f2956fd765ee2ee24243fa20718e63b86aee6af4e4a25ea70babc45038e70b4cb255a4adc

memory/1032-31-0x00007FF74D2B0000-0x00007FF74D604000-memory.dmp

C:\Windows\System\mipwEeW.exe

MD5 0155623a1bc784eaf49d67f0f726b3cb
SHA1 b1225dca5d6d782c00260ad41a51a048b39f5434
SHA256 9182890a56fc54efef8cb228bcdaaab15bdf606422597350f3283af8b3d49dc3
SHA512 34b352d1d9a971da307638673f99ca27bdad3153f949e2d64c4c1517daf9ebef0a468ea75be8acacac738b5106c6bd76fd1f530f29de37075b61e1310bb36ba1

C:\Windows\System\XMFtWbC.exe

MD5 45660f85bd7ccad7fca7426f14fb26ee
SHA1 f193e83c1987bc116d16d000b403da3eacca050f
SHA256 3428d2bdd3b7102c32222d05296892fb0f45aeb3d7e4968314b14c59c2807be1
SHA512 6bca9e44374f860cf99c940f8b5a3e53d9fada279f89528e7b03c0493ee92c2892d6bf596f38499a34190e2d52f6ae25715b350da214d9feb1b91d1a3620f06e

C:\Windows\System\jKIRqKa.exe

MD5 8f23e269d69da044d430da1bc54c1427
SHA1 4c89a3aca01930b9febc30ef4e1474f984dd9f99
SHA256 28955de259fbdceb395af6c4b9dd392ebdb866231ea4050210b36d32d09df0b3
SHA512 d8fad3622971854210bcdddc2805c0f2dd340dd50047f2eae8fce03681f2c9adaacf653ffc7d339b63c431ecdaf3faf7b031344d745dbbdee719fe159532e47d

C:\Windows\System\uJgwmcy.exe

MD5 b1354717a111eb5a42b68228bc387de9
SHA1 6a21b9eb0577e4627336a7387363801c4136c7b8
SHA256 091654783cb91c0ca8a9931c660ba7fde429a067d39343396f2cdd3f970fec60
SHA512 0d0bcb6793d341ba333a259ac89a57f31cf501fd703aca5182feba62428349d241ddcb99f2df04fbcf6bb3bbf21f0d7f6dee972179f656f402818ec6dd94e612

C:\Windows\System\YhQcklo.exe

MD5 f5e9efa3f756d842a964a92413c2ce04
SHA1 4f7188e9f93c91fc4211688071f92ccf89c8d5b4
SHA256 f3b3d243c2023e16a34912ccd4c52e85c78268bc50f00ab1b22cdeff09915dd7
SHA512 ccdcf34a2c329572933f33ea6befa6b78e73881acb8c5772153215d68babe93fd7df782523bad4109b1449b7b42b2bf1d094c34a455d9b30e73924c245fc25af

C:\Windows\System\bsdnKoG.exe

MD5 898518e92ba662ff0e526f8d9901614c
SHA1 e5db220c1b5e18330e50c68f393c99b6c5c93df0
SHA256 fa432df4537dfd65018ffac490d833f0433fa6bb4c175954c5591118ff41b572
SHA512 66baf67545f8ba5040fda0ca223803d026fd05bfe161d81a5c95d87a469bac6fb5d924a156348f62bbdffeba56b58287af5dc4321a26816ba36266e341f2f705

C:\Windows\System\XqrWckv.exe

MD5 f0b7c26ac43ed8bab6b2deb74882e4a7
SHA1 b422192523fc8fd0330b05c44db10a3b9c82e9fc
SHA256 156bb2f08655d5ad82dcdb0229acb96d6c5a6e25b298d0d517a8602e4ebaa826
SHA512 8b5e27194bc9afe1330616b1cba510028e1caeb1538abcdf5ef657aadc682f88442c33d9adbc999630333055a45a027913dfbad8a143dbe5082926078c296e10

C:\Windows\System\IVUSUpb.exe

MD5 e58995fb71e3428711744b446507ec98
SHA1 f21a3f1efa6c033ffb4e96e936e832e1c7d4581b
SHA256 eeb5ed468ff12519c1fb6e2704a09fe0add5edff587bba095ff79c5cc736bc01
SHA512 9d3cfbb6ec117ba1d57973635f2910b70a64c8047fa356ce39c923a50441075d47618dcd009c193af8501c3723c9abb842347a915c29e0caa981e3a6ee6c4087

memory/4404-180-0x00007FF720020000-0x00007FF720374000-memory.dmp

memory/3904-212-0x00007FF6E6FE0000-0x00007FF6E7334000-memory.dmp

memory/3120-205-0x00007FF6CE9A0000-0x00007FF6CECF4000-memory.dmp

memory/4028-1070-0x00007FF7AE810000-0x00007FF7AEB64000-memory.dmp

memory/4568-1071-0x00007FF62D380000-0x00007FF62D6D4000-memory.dmp

memory/4044-1072-0x00007FF606670000-0x00007FF6069C4000-memory.dmp

memory/536-1073-0x00007FF7A2450000-0x00007FF7A27A4000-memory.dmp

memory/3624-1074-0x00007FF6165D0000-0x00007FF616924000-memory.dmp

memory/3452-1075-0x00007FF7CAC20000-0x00007FF7CAF74000-memory.dmp

memory/3076-1076-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp

memory/3132-1077-0x00007FF7EDC40000-0x00007FF7EDF94000-memory.dmp

memory/3160-1079-0x00007FF6EE6C0000-0x00007FF6EEA14000-memory.dmp

memory/464-1080-0x00007FF62AC50000-0x00007FF62AFA4000-memory.dmp

memory/4576-1078-0x00007FF6B88C0000-0x00007FF6B8C14000-memory.dmp

memory/1868-1081-0x00007FF7941A0000-0x00007FF7944F4000-memory.dmp

memory/3748-1082-0x00007FF7FDA70000-0x00007FF7FDDC4000-memory.dmp

memory/916-1083-0x00007FF7C0940000-0x00007FF7C0C94000-memory.dmp

memory/4524-1084-0x00007FF706290000-0x00007FF7065E4000-memory.dmp

memory/2348-1085-0x00007FF7C1FC0000-0x00007FF7C2314000-memory.dmp

memory/2952-1086-0x00007FF6636C0000-0x00007FF663A14000-memory.dmp

memory/1836-1087-0x00007FF6EC990000-0x00007FF6ECCE4000-memory.dmp

memory/2536-1088-0x00007FF6C7B60000-0x00007FF6C7EB4000-memory.dmp

memory/4568-1090-0x00007FF62D380000-0x00007FF62D6D4000-memory.dmp

memory/1032-1089-0x00007FF74D2B0000-0x00007FF74D604000-memory.dmp

memory/4044-1091-0x00007FF606670000-0x00007FF6069C4000-memory.dmp

memory/2804-1093-0x00007FF7EF730000-0x00007FF7EFA84000-memory.dmp

memory/1624-1092-0x00007FF7203E0000-0x00007FF720734000-memory.dmp

memory/4180-1094-0x00007FF616510000-0x00007FF616864000-memory.dmp

memory/3512-1095-0x00007FF628CA0000-0x00007FF628FF4000-memory.dmp

memory/3080-1098-0x00007FF782D40000-0x00007FF783094000-memory.dmp

memory/2232-1097-0x00007FF668780000-0x00007FF668AD4000-memory.dmp

memory/2208-1096-0x00007FF796B80000-0x00007FF796ED4000-memory.dmp

memory/1868-1101-0x00007FF7941A0000-0x00007FF7944F4000-memory.dmp

memory/916-1104-0x00007FF7C0940000-0x00007FF7C0C94000-memory.dmp

memory/4524-1108-0x00007FF706290000-0x00007FF7065E4000-memory.dmp

memory/3624-1109-0x00007FF6165D0000-0x00007FF616924000-memory.dmp

memory/1836-1107-0x00007FF6EC990000-0x00007FF6ECCE4000-memory.dmp

memory/3132-1106-0x00007FF7EDC40000-0x00007FF7EDF94000-memory.dmp

memory/3160-1105-0x00007FF6EE6C0000-0x00007FF6EEA14000-memory.dmp

memory/2348-1103-0x00007FF7C1FC0000-0x00007FF7C2314000-memory.dmp

memory/4576-1102-0x00007FF6B88C0000-0x00007FF6B8C14000-memory.dmp

memory/3748-1100-0x00007FF7FDA70000-0x00007FF7FDDC4000-memory.dmp

memory/3076-1099-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp

memory/4404-1110-0x00007FF720020000-0x00007FF720374000-memory.dmp

memory/464-1115-0x00007FF62AC50000-0x00007FF62AFA4000-memory.dmp

memory/3120-1117-0x00007FF6CE9A0000-0x00007FF6CECF4000-memory.dmp

memory/3904-1116-0x00007FF6E6FE0000-0x00007FF6E7334000-memory.dmp

memory/2536-1114-0x00007FF6C7B60000-0x00007FF6C7EB4000-memory.dmp

memory/3452-1113-0x00007FF7CAC20000-0x00007FF7CAF74000-memory.dmp

memory/536-1112-0x00007FF7A2450000-0x00007FF7A27A4000-memory.dmp

memory/2952-1111-0x00007FF6636C0000-0x00007FF663A14000-memory.dmp