Malware Analysis Report

2024-10-16 07:25

Sample ID 240602-e2pw9sah5w
Target 3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe
SHA256 b632082020cdc07bd881e1e78ed04b36bb458bfbaecdbf6161a2d68428ddf085
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b632082020cdc07bd881e1e78ed04b36bb458bfbaecdbf6161a2d68428ddf085

Threat Level: Known bad

The file 3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Kpot family

xmrig

KPOT Core Executable

XMRig Miner payload

Xmrig family

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:26

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:26

Reported

2024-06-02 04:28

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bQZTzFq.exe N/A
N/A N/A C:\Windows\System\vvdQlhJ.exe N/A
N/A N/A C:\Windows\System\PkHhCFO.exe N/A
N/A N/A C:\Windows\System\plFDIII.exe N/A
N/A N/A C:\Windows\System\GtMeOuI.exe N/A
N/A N/A C:\Windows\System\FdYDASt.exe N/A
N/A N/A C:\Windows\System\JwcdWXe.exe N/A
N/A N/A C:\Windows\System\cEtCxSq.exe N/A
N/A N/A C:\Windows\System\cFzjxzn.exe N/A
N/A N/A C:\Windows\System\mqJhSPK.exe N/A
N/A N/A C:\Windows\System\eNUcTIJ.exe N/A
N/A N/A C:\Windows\System\hXAXPhY.exe N/A
N/A N/A C:\Windows\System\RICbOAx.exe N/A
N/A N/A C:\Windows\System\HnwzItJ.exe N/A
N/A N/A C:\Windows\System\PYdFeHS.exe N/A
N/A N/A C:\Windows\System\BwlqQWl.exe N/A
N/A N/A C:\Windows\System\EAIIkPX.exe N/A
N/A N/A C:\Windows\System\QZbsxfc.exe N/A
N/A N/A C:\Windows\System\XitHjTY.exe N/A
N/A N/A C:\Windows\System\NqAGBfw.exe N/A
N/A N/A C:\Windows\System\ZhrxCCE.exe N/A
N/A N/A C:\Windows\System\hcpbVTG.exe N/A
N/A N/A C:\Windows\System\MmLCHxh.exe N/A
N/A N/A C:\Windows\System\wBtxPVV.exe N/A
N/A N/A C:\Windows\System\ZbOrGwZ.exe N/A
N/A N/A C:\Windows\System\nzhcnyG.exe N/A
N/A N/A C:\Windows\System\DRBssok.exe N/A
N/A N/A C:\Windows\System\TfCTlxT.exe N/A
N/A N/A C:\Windows\System\xjNrbwu.exe N/A
N/A N/A C:\Windows\System\pFcQfmG.exe N/A
N/A N/A C:\Windows\System\HnqfEaN.exe N/A
N/A N/A C:\Windows\System\hDwLuzV.exe N/A
N/A N/A C:\Windows\System\qCYcEiv.exe N/A
N/A N/A C:\Windows\System\ZsZOAor.exe N/A
N/A N/A C:\Windows\System\KUVmFYl.exe N/A
N/A N/A C:\Windows\System\RILogiS.exe N/A
N/A N/A C:\Windows\System\IDEfTin.exe N/A
N/A N/A C:\Windows\System\CVdgpFc.exe N/A
N/A N/A C:\Windows\System\RMlUMRw.exe N/A
N/A N/A C:\Windows\System\VPKyWWi.exe N/A
N/A N/A C:\Windows\System\HzxxeAw.exe N/A
N/A N/A C:\Windows\System\wMifjjb.exe N/A
N/A N/A C:\Windows\System\RVNgRhy.exe N/A
N/A N/A C:\Windows\System\VggCUhI.exe N/A
N/A N/A C:\Windows\System\SRPEzPX.exe N/A
N/A N/A C:\Windows\System\UkYopWA.exe N/A
N/A N/A C:\Windows\System\xWXzKge.exe N/A
N/A N/A C:\Windows\System\vnWWsCA.exe N/A
N/A N/A C:\Windows\System\vukmcRr.exe N/A
N/A N/A C:\Windows\System\eLTuHGS.exe N/A
N/A N/A C:\Windows\System\CpXBmXg.exe N/A
N/A N/A C:\Windows\System\xpwNhfK.exe N/A
N/A N/A C:\Windows\System\NKhUyAa.exe N/A
N/A N/A C:\Windows\System\CbTUWkb.exe N/A
N/A N/A C:\Windows\System\dMJThUp.exe N/A
N/A N/A C:\Windows\System\ARAxrpB.exe N/A
N/A N/A C:\Windows\System\WSEyhIg.exe N/A
N/A N/A C:\Windows\System\vIjrmLh.exe N/A
N/A N/A C:\Windows\System\krvNKOH.exe N/A
N/A N/A C:\Windows\System\mUVafws.exe N/A
N/A N/A C:\Windows\System\dTxpTuY.exe N/A
N/A N/A C:\Windows\System\OoBPLoY.exe N/A
N/A N/A C:\Windows\System\WVxiIRb.exe N/A
N/A N/A C:\Windows\System\KhPJckT.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UkYopWA.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORCLxvh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVLOmKc.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KcFLtcD.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kgIZGHD.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQAOBBS.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VfzVIIh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjWSvtN.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROayJJC.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKKEqBV.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XpWrhyV.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKuDihR.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NhFgMoW.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EodyCEO.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptggwrE.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GeEAutN.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxAmlHn.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxjBqRn.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhrxCCE.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCtoHXA.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGKPDhc.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAmQMYI.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXdQZzD.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QLePyGj.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZbOrGwZ.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qnTIAGI.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruihezY.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADlhzgF.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtzofFo.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcpbVTG.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfMTluH.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\stFiQvP.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDwLuzV.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWErRoC.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bJOntEX.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYeAwuh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFEGzZY.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WELhzqn.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Javrpys.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cEtCxSq.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZsZOAor.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQeBeFK.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NqyGKmz.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrfaDdz.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVOameW.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EnkKMmq.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrdROST.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZEkyxo.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NqAGBfw.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSEyhIg.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKnKzOE.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywsJUxD.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWXzKge.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\avMeIlk.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TWpDPJA.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BazqIru.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YafYBil.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECXVZwi.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQLEPCA.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eLTuHGS.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXWwzFB.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOzclry.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRqnMgl.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RghBIZB.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1496 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\bQZTzFq.exe
PID 1496 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\bQZTzFq.exe
PID 1496 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\vvdQlhJ.exe
PID 1496 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\vvdQlhJ.exe
PID 1496 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PkHhCFO.exe
PID 1496 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PkHhCFO.exe
PID 1496 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\plFDIII.exe
PID 1496 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\plFDIII.exe
PID 1496 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\GtMeOuI.exe
PID 1496 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\GtMeOuI.exe
PID 1496 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\FdYDASt.exe
PID 1496 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\FdYDASt.exe
PID 1496 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\JwcdWXe.exe
PID 1496 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\JwcdWXe.exe
PID 1496 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cEtCxSq.exe
PID 1496 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cEtCxSq.exe
PID 1496 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cFzjxzn.exe
PID 1496 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cFzjxzn.exe
PID 1496 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\mqJhSPK.exe
PID 1496 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\mqJhSPK.exe
PID 1496 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\eNUcTIJ.exe
PID 1496 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\eNUcTIJ.exe
PID 1496 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hXAXPhY.exe
PID 1496 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hXAXPhY.exe
PID 1496 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\RICbOAx.exe
PID 1496 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\RICbOAx.exe
PID 1496 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\HnwzItJ.exe
PID 1496 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\HnwzItJ.exe
PID 1496 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PYdFeHS.exe
PID 1496 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PYdFeHS.exe
PID 1496 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\BwlqQWl.exe
PID 1496 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\BwlqQWl.exe
PID 1496 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\EAIIkPX.exe
PID 1496 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\EAIIkPX.exe
PID 1496 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\QZbsxfc.exe
PID 1496 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\QZbsxfc.exe
PID 1496 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\XitHjTY.exe
PID 1496 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\XitHjTY.exe
PID 1496 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\NqAGBfw.exe
PID 1496 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\NqAGBfw.exe
PID 1496 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZhrxCCE.exe
PID 1496 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZhrxCCE.exe
PID 1496 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hcpbVTG.exe
PID 1496 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hcpbVTG.exe
PID 1496 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\MmLCHxh.exe
PID 1496 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\MmLCHxh.exe
PID 1496 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\wBtxPVV.exe
PID 1496 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\wBtxPVV.exe
PID 1496 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZbOrGwZ.exe
PID 1496 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZbOrGwZ.exe
PID 1496 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\nzhcnyG.exe
PID 1496 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\nzhcnyG.exe
PID 1496 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\DRBssok.exe
PID 1496 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\DRBssok.exe
PID 1496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\TfCTlxT.exe
PID 1496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\TfCTlxT.exe
PID 1496 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\xjNrbwu.exe
PID 1496 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\xjNrbwu.exe
PID 1496 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\pFcQfmG.exe
PID 1496 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\pFcQfmG.exe
PID 1496 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\HnqfEaN.exe
PID 1496 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\HnqfEaN.exe
PID 1496 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hDwLuzV.exe
PID 1496 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\hDwLuzV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe"

C:\Windows\System\bQZTzFq.exe

C:\Windows\System\bQZTzFq.exe

C:\Windows\System\vvdQlhJ.exe

C:\Windows\System\vvdQlhJ.exe

C:\Windows\System\PkHhCFO.exe

C:\Windows\System\PkHhCFO.exe

C:\Windows\System\plFDIII.exe

C:\Windows\System\plFDIII.exe

C:\Windows\System\GtMeOuI.exe

C:\Windows\System\GtMeOuI.exe

C:\Windows\System\FdYDASt.exe

C:\Windows\System\FdYDASt.exe

C:\Windows\System\JwcdWXe.exe

C:\Windows\System\JwcdWXe.exe

C:\Windows\System\cEtCxSq.exe

C:\Windows\System\cEtCxSq.exe

C:\Windows\System\cFzjxzn.exe

C:\Windows\System\cFzjxzn.exe

C:\Windows\System\mqJhSPK.exe

C:\Windows\System\mqJhSPK.exe

C:\Windows\System\eNUcTIJ.exe

C:\Windows\System\eNUcTIJ.exe

C:\Windows\System\hXAXPhY.exe

C:\Windows\System\hXAXPhY.exe

C:\Windows\System\RICbOAx.exe

C:\Windows\System\RICbOAx.exe

C:\Windows\System\HnwzItJ.exe

C:\Windows\System\HnwzItJ.exe

C:\Windows\System\PYdFeHS.exe

C:\Windows\System\PYdFeHS.exe

C:\Windows\System\BwlqQWl.exe

C:\Windows\System\BwlqQWl.exe

C:\Windows\System\EAIIkPX.exe

C:\Windows\System\EAIIkPX.exe

C:\Windows\System\QZbsxfc.exe

C:\Windows\System\QZbsxfc.exe

C:\Windows\System\XitHjTY.exe

C:\Windows\System\XitHjTY.exe

C:\Windows\System\NqAGBfw.exe

C:\Windows\System\NqAGBfw.exe

C:\Windows\System\ZhrxCCE.exe

C:\Windows\System\ZhrxCCE.exe

C:\Windows\System\hcpbVTG.exe

C:\Windows\System\hcpbVTG.exe

C:\Windows\System\MmLCHxh.exe

C:\Windows\System\MmLCHxh.exe

C:\Windows\System\wBtxPVV.exe

C:\Windows\System\wBtxPVV.exe

C:\Windows\System\ZbOrGwZ.exe

C:\Windows\System\ZbOrGwZ.exe

C:\Windows\System\nzhcnyG.exe

C:\Windows\System\nzhcnyG.exe

C:\Windows\System\DRBssok.exe

C:\Windows\System\DRBssok.exe

C:\Windows\System\TfCTlxT.exe

C:\Windows\System\TfCTlxT.exe

C:\Windows\System\xjNrbwu.exe

C:\Windows\System\xjNrbwu.exe

C:\Windows\System\pFcQfmG.exe

C:\Windows\System\pFcQfmG.exe

C:\Windows\System\HnqfEaN.exe

C:\Windows\System\HnqfEaN.exe

C:\Windows\System\hDwLuzV.exe

C:\Windows\System\hDwLuzV.exe

C:\Windows\System\qCYcEiv.exe

C:\Windows\System\qCYcEiv.exe

C:\Windows\System\ZsZOAor.exe

C:\Windows\System\ZsZOAor.exe

C:\Windows\System\KUVmFYl.exe

C:\Windows\System\KUVmFYl.exe

C:\Windows\System\RILogiS.exe

C:\Windows\System\RILogiS.exe

C:\Windows\System\IDEfTin.exe

C:\Windows\System\IDEfTin.exe

C:\Windows\System\CVdgpFc.exe

C:\Windows\System\CVdgpFc.exe

C:\Windows\System\RMlUMRw.exe

C:\Windows\System\RMlUMRw.exe

C:\Windows\System\VPKyWWi.exe

C:\Windows\System\VPKyWWi.exe

C:\Windows\System\HzxxeAw.exe

C:\Windows\System\HzxxeAw.exe

C:\Windows\System\wMifjjb.exe

C:\Windows\System\wMifjjb.exe

C:\Windows\System\RVNgRhy.exe

C:\Windows\System\RVNgRhy.exe

C:\Windows\System\VggCUhI.exe

C:\Windows\System\VggCUhI.exe

C:\Windows\System\SRPEzPX.exe

C:\Windows\System\SRPEzPX.exe

C:\Windows\System\UkYopWA.exe

C:\Windows\System\UkYopWA.exe

C:\Windows\System\xWXzKge.exe

C:\Windows\System\xWXzKge.exe

C:\Windows\System\vnWWsCA.exe

C:\Windows\System\vnWWsCA.exe

C:\Windows\System\vukmcRr.exe

C:\Windows\System\vukmcRr.exe

C:\Windows\System\eLTuHGS.exe

C:\Windows\System\eLTuHGS.exe

C:\Windows\System\CpXBmXg.exe

C:\Windows\System\CpXBmXg.exe

C:\Windows\System\xpwNhfK.exe

C:\Windows\System\xpwNhfK.exe

C:\Windows\System\NKhUyAa.exe

C:\Windows\System\NKhUyAa.exe

C:\Windows\System\CbTUWkb.exe

C:\Windows\System\CbTUWkb.exe

C:\Windows\System\dMJThUp.exe

C:\Windows\System\dMJThUp.exe

C:\Windows\System\ARAxrpB.exe

C:\Windows\System\ARAxrpB.exe

C:\Windows\System\WSEyhIg.exe

C:\Windows\System\WSEyhIg.exe

C:\Windows\System\vIjrmLh.exe

C:\Windows\System\vIjrmLh.exe

C:\Windows\System\krvNKOH.exe

C:\Windows\System\krvNKOH.exe

C:\Windows\System\mUVafws.exe

C:\Windows\System\mUVafws.exe

C:\Windows\System\dTxpTuY.exe

C:\Windows\System\dTxpTuY.exe

C:\Windows\System\OoBPLoY.exe

C:\Windows\System\OoBPLoY.exe

C:\Windows\System\WVxiIRb.exe

C:\Windows\System\WVxiIRb.exe

C:\Windows\System\KhPJckT.exe

C:\Windows\System\KhPJckT.exe

C:\Windows\System\eRqrVnf.exe

C:\Windows\System\eRqrVnf.exe

C:\Windows\System\LaguOVB.exe

C:\Windows\System\LaguOVB.exe

C:\Windows\System\MGBFvYF.exe

C:\Windows\System\MGBFvYF.exe

C:\Windows\System\tuQrUMe.exe

C:\Windows\System\tuQrUMe.exe

C:\Windows\System\EpNpZWt.exe

C:\Windows\System\EpNpZWt.exe

C:\Windows\System\QsGPawp.exe

C:\Windows\System\QsGPawp.exe

C:\Windows\System\iLjnxrS.exe

C:\Windows\System\iLjnxrS.exe

C:\Windows\System\TcjZQGM.exe

C:\Windows\System\TcjZQGM.exe

C:\Windows\System\ojEKDAN.exe

C:\Windows\System\ojEKDAN.exe

C:\Windows\System\ukunfRJ.exe

C:\Windows\System\ukunfRJ.exe

C:\Windows\System\DAXVLXT.exe

C:\Windows\System\DAXVLXT.exe

C:\Windows\System\CQeBeFK.exe

C:\Windows\System\CQeBeFK.exe

C:\Windows\System\WwLyHzG.exe

C:\Windows\System\WwLyHzG.exe

C:\Windows\System\rylLCyW.exe

C:\Windows\System\rylLCyW.exe

C:\Windows\System\zXWwzFB.exe

C:\Windows\System\zXWwzFB.exe

C:\Windows\System\CAmQMYI.exe

C:\Windows\System\CAmQMYI.exe

C:\Windows\System\NqyGKmz.exe

C:\Windows\System\NqyGKmz.exe

C:\Windows\System\tdCdKdK.exe

C:\Windows\System\tdCdKdK.exe

C:\Windows\System\LfMTluH.exe

C:\Windows\System\LfMTluH.exe

C:\Windows\System\pmCLjin.exe

C:\Windows\System\pmCLjin.exe

C:\Windows\System\LliGAnF.exe

C:\Windows\System\LliGAnF.exe

C:\Windows\System\btHlRvR.exe

C:\Windows\System\btHlRvR.exe

C:\Windows\System\Ifwfkwp.exe

C:\Windows\System\Ifwfkwp.exe

C:\Windows\System\ETSzSPV.exe

C:\Windows\System\ETSzSPV.exe

C:\Windows\System\kgIZGHD.exe

C:\Windows\System\kgIZGHD.exe

C:\Windows\System\xYmmBXc.exe

C:\Windows\System\xYmmBXc.exe

C:\Windows\System\avMeIlk.exe

C:\Windows\System\avMeIlk.exe

C:\Windows\System\ThqQGgx.exe

C:\Windows\System\ThqQGgx.exe

C:\Windows\System\ztxuvot.exe

C:\Windows\System\ztxuvot.exe

C:\Windows\System\MXmvORj.exe

C:\Windows\System\MXmvORj.exe

C:\Windows\System\yrfaDdz.exe

C:\Windows\System\yrfaDdz.exe

C:\Windows\System\qnTIAGI.exe

C:\Windows\System\qnTIAGI.exe

C:\Windows\System\MwMntsM.exe

C:\Windows\System\MwMntsM.exe

C:\Windows\System\sgFUbOI.exe

C:\Windows\System\sgFUbOI.exe

C:\Windows\System\PIbCbVy.exe

C:\Windows\System\PIbCbVy.exe

C:\Windows\System\PxFvTKE.exe

C:\Windows\System\PxFvTKE.exe

C:\Windows\System\DOzclry.exe

C:\Windows\System\DOzclry.exe

C:\Windows\System\IUuYvsw.exe

C:\Windows\System\IUuYvsw.exe

C:\Windows\System\TRZqRFC.exe

C:\Windows\System\TRZqRFC.exe

C:\Windows\System\LkUgGJR.exe

C:\Windows\System\LkUgGJR.exe

C:\Windows\System\sYAupFM.exe

C:\Windows\System\sYAupFM.exe

C:\Windows\System\NiJrjMV.exe

C:\Windows\System\NiJrjMV.exe

C:\Windows\System\cHuwjsD.exe

C:\Windows\System\cHuwjsD.exe

C:\Windows\System\KTbAIhV.exe

C:\Windows\System\KTbAIhV.exe

C:\Windows\System\GWErRoC.exe

C:\Windows\System\GWErRoC.exe

C:\Windows\System\gOaQAXC.exe

C:\Windows\System\gOaQAXC.exe

C:\Windows\System\cZvhPTJ.exe

C:\Windows\System\cZvhPTJ.exe

C:\Windows\System\NKRSnUB.exe

C:\Windows\System\NKRSnUB.exe

C:\Windows\System\nEtKyJj.exe

C:\Windows\System\nEtKyJj.exe

C:\Windows\System\ORCLxvh.exe

C:\Windows\System\ORCLxvh.exe

C:\Windows\System\akuqNBd.exe

C:\Windows\System\akuqNBd.exe

C:\Windows\System\MCtoHXA.exe

C:\Windows\System\MCtoHXA.exe

C:\Windows\System\tKWfOVy.exe

C:\Windows\System\tKWfOVy.exe

C:\Windows\System\nQAOBBS.exe

C:\Windows\System\nQAOBBS.exe

C:\Windows\System\WQnNsyb.exe

C:\Windows\System\WQnNsyb.exe

C:\Windows\System\fVOameW.exe

C:\Windows\System\fVOameW.exe

C:\Windows\System\mVLOmKc.exe

C:\Windows\System\mVLOmKc.exe

C:\Windows\System\KoWXKUi.exe

C:\Windows\System\KoWXKUi.exe

C:\Windows\System\sEopljW.exe

C:\Windows\System\sEopljW.exe

C:\Windows\System\OMbMhmd.exe

C:\Windows\System\OMbMhmd.exe

C:\Windows\System\KpFrgVY.exe

C:\Windows\System\KpFrgVY.exe

C:\Windows\System\lclfsvv.exe

C:\Windows\System\lclfsvv.exe

C:\Windows\System\XpWrhyV.exe

C:\Windows\System\XpWrhyV.exe

C:\Windows\System\gFUrZfs.exe

C:\Windows\System\gFUrZfs.exe

C:\Windows\System\yXdQZzD.exe

C:\Windows\System\yXdQZzD.exe

C:\Windows\System\OPUUulc.exe

C:\Windows\System\OPUUulc.exe

C:\Windows\System\NqUUlff.exe

C:\Windows\System\NqUUlff.exe

C:\Windows\System\KZWsums.exe

C:\Windows\System\KZWsums.exe

C:\Windows\System\prqcyPz.exe

C:\Windows\System\prqcyPz.exe

C:\Windows\System\RghBIZB.exe

C:\Windows\System\RghBIZB.exe

C:\Windows\System\EnkKMmq.exe

C:\Windows\System\EnkKMmq.exe

C:\Windows\System\pTpscHx.exe

C:\Windows\System\pTpscHx.exe

C:\Windows\System\RebvQvH.exe

C:\Windows\System\RebvQvH.exe

C:\Windows\System\pJfJSfT.exe

C:\Windows\System\pJfJSfT.exe

C:\Windows\System\zKeDQli.exe

C:\Windows\System\zKeDQli.exe

C:\Windows\System\PBDYlMk.exe

C:\Windows\System\PBDYlMk.exe

C:\Windows\System\iGkmaOG.exe

C:\Windows\System\iGkmaOG.exe

C:\Windows\System\bPkEqRW.exe

C:\Windows\System\bPkEqRW.exe

C:\Windows\System\cyJusJs.exe

C:\Windows\System\cyJusJs.exe

C:\Windows\System\Javrpys.exe

C:\Windows\System\Javrpys.exe

C:\Windows\System\stFiQvP.exe

C:\Windows\System\stFiQvP.exe

C:\Windows\System\IsxhRTe.exe

C:\Windows\System\IsxhRTe.exe

C:\Windows\System\fkIINaw.exe

C:\Windows\System\fkIINaw.exe

C:\Windows\System\GjKRZjl.exe

C:\Windows\System\GjKRZjl.exe

C:\Windows\System\cshDXtc.exe

C:\Windows\System\cshDXtc.exe

C:\Windows\System\iKnKzOE.exe

C:\Windows\System\iKnKzOE.exe

C:\Windows\System\uJuJpBp.exe

C:\Windows\System\uJuJpBp.exe

C:\Windows\System\rbDgBXj.exe

C:\Windows\System\rbDgBXj.exe

C:\Windows\System\FBpyVht.exe

C:\Windows\System\FBpyVht.exe

C:\Windows\System\CLjkoQU.exe

C:\Windows\System\CLjkoQU.exe

C:\Windows\System\MXjDJYy.exe

C:\Windows\System\MXjDJYy.exe

C:\Windows\System\EdkKeSv.exe

C:\Windows\System\EdkKeSv.exe

C:\Windows\System\QFhMRxG.exe

C:\Windows\System\QFhMRxG.exe

C:\Windows\System\bJOntEX.exe

C:\Windows\System\bJOntEX.exe

C:\Windows\System\VfzVIIh.exe

C:\Windows\System\VfzVIIh.exe

C:\Windows\System\NGOwcBh.exe

C:\Windows\System\NGOwcBh.exe

C:\Windows\System\mKuDihR.exe

C:\Windows\System\mKuDihR.exe

C:\Windows\System\HKpJrhA.exe

C:\Windows\System\HKpJrhA.exe

C:\Windows\System\ruihezY.exe

C:\Windows\System\ruihezY.exe

C:\Windows\System\bUefVOZ.exe

C:\Windows\System\bUefVOZ.exe

C:\Windows\System\SMiwsIA.exe

C:\Windows\System\SMiwsIA.exe

C:\Windows\System\jgVQQDt.exe

C:\Windows\System\jgVQQDt.exe

C:\Windows\System\ZHHKNvQ.exe

C:\Windows\System\ZHHKNvQ.exe

C:\Windows\System\FBizPcm.exe

C:\Windows\System\FBizPcm.exe

C:\Windows\System\ptggwrE.exe

C:\Windows\System\ptggwrE.exe

C:\Windows\System\VyAuAbi.exe

C:\Windows\System\VyAuAbi.exe

C:\Windows\System\yEvybzd.exe

C:\Windows\System\yEvybzd.exe

C:\Windows\System\ACRoMPx.exe

C:\Windows\System\ACRoMPx.exe

C:\Windows\System\OupCsdq.exe

C:\Windows\System\OupCsdq.exe

C:\Windows\System\VJOKyCZ.exe

C:\Windows\System\VJOKyCZ.exe

C:\Windows\System\DoZJflw.exe

C:\Windows\System\DoZJflw.exe

C:\Windows\System\iEUCWjQ.exe

C:\Windows\System\iEUCWjQ.exe

C:\Windows\System\EMTlbUP.exe

C:\Windows\System\EMTlbUP.exe

C:\Windows\System\thBvMzu.exe

C:\Windows\System\thBvMzu.exe

C:\Windows\System\VWdeNrn.exe

C:\Windows\System\VWdeNrn.exe

C:\Windows\System\APIJMqr.exe

C:\Windows\System\APIJMqr.exe

C:\Windows\System\bEMVUzo.exe

C:\Windows\System\bEMVUzo.exe

C:\Windows\System\QRspvRG.exe

C:\Windows\System\QRspvRG.exe

C:\Windows\System\gQiEWDh.exe

C:\Windows\System\gQiEWDh.exe

C:\Windows\System\mnXDGoV.exe

C:\Windows\System\mnXDGoV.exe

C:\Windows\System\DZVbeEM.exe

C:\Windows\System\DZVbeEM.exe

C:\Windows\System\kjWSvtN.exe

C:\Windows\System\kjWSvtN.exe

C:\Windows\System\IoFgdOn.exe

C:\Windows\System\IoFgdOn.exe

C:\Windows\System\gqaLDTl.exe

C:\Windows\System\gqaLDTl.exe

C:\Windows\System\rHVxidG.exe

C:\Windows\System\rHVxidG.exe

C:\Windows\System\StGckAx.exe

C:\Windows\System\StGckAx.exe

C:\Windows\System\BRIRniD.exe

C:\Windows\System\BRIRniD.exe

C:\Windows\System\pfOtXbI.exe

C:\Windows\System\pfOtXbI.exe

C:\Windows\System\UVundBw.exe

C:\Windows\System\UVundBw.exe

C:\Windows\System\PfJVSWx.exe

C:\Windows\System\PfJVSWx.exe

C:\Windows\System\duGjZjv.exe

C:\Windows\System\duGjZjv.exe

C:\Windows\System\xLZsUSl.exe

C:\Windows\System\xLZsUSl.exe

C:\Windows\System\OMAeEkY.exe

C:\Windows\System\OMAeEkY.exe

C:\Windows\System\jVvdwRK.exe

C:\Windows\System\jVvdwRK.exe

C:\Windows\System\XjvvhAm.exe

C:\Windows\System\XjvvhAm.exe

C:\Windows\System\GpUeZRH.exe

C:\Windows\System\GpUeZRH.exe

C:\Windows\System\XeJiIhJ.exe

C:\Windows\System\XeJiIhJ.exe

C:\Windows\System\zkwGlVO.exe

C:\Windows\System\zkwGlVO.exe

C:\Windows\System\TWpDPJA.exe

C:\Windows\System\TWpDPJA.exe

C:\Windows\System\KSmdmKf.exe

C:\Windows\System\KSmdmKf.exe

C:\Windows\System\xrtltpc.exe

C:\Windows\System\xrtltpc.exe

C:\Windows\System\hIZGCIL.exe

C:\Windows\System\hIZGCIL.exe

C:\Windows\System\KRWwQQU.exe

C:\Windows\System\KRWwQQU.exe

C:\Windows\System\kbokbKu.exe

C:\Windows\System\kbokbKu.exe

C:\Windows\System\vZTjdzz.exe

C:\Windows\System\vZTjdzz.exe

C:\Windows\System\bpddEqR.exe

C:\Windows\System\bpddEqR.exe

C:\Windows\System\xffMpTg.exe

C:\Windows\System\xffMpTg.exe

C:\Windows\System\ddUlpcs.exe

C:\Windows\System\ddUlpcs.exe

C:\Windows\System\MiBrvLK.exe

C:\Windows\System\MiBrvLK.exe

C:\Windows\System\aDCkMnD.exe

C:\Windows\System\aDCkMnD.exe

C:\Windows\System\pMzGEdp.exe

C:\Windows\System\pMzGEdp.exe

C:\Windows\System\JrdROST.exe

C:\Windows\System\JrdROST.exe

C:\Windows\System\yfDonis.exe

C:\Windows\System\yfDonis.exe

C:\Windows\System\GRRxUuu.exe

C:\Windows\System\GRRxUuu.exe

C:\Windows\System\huyvwye.exe

C:\Windows\System\huyvwye.exe

C:\Windows\System\msQyRmK.exe

C:\Windows\System\msQyRmK.exe

C:\Windows\System\sMVaEDJ.exe

C:\Windows\System\sMVaEDJ.exe

C:\Windows\System\AcxdSNU.exe

C:\Windows\System\AcxdSNU.exe

C:\Windows\System\KcFLtcD.exe

C:\Windows\System\KcFLtcD.exe

C:\Windows\System\snKvkNQ.exe

C:\Windows\System\snKvkNQ.exe

C:\Windows\System\ChKgpJy.exe

C:\Windows\System\ChKgpJy.exe

C:\Windows\System\UrOWrcC.exe

C:\Windows\System\UrOWrcC.exe

C:\Windows\System\GeEAutN.exe

C:\Windows\System\GeEAutN.exe

C:\Windows\System\ALgFKoT.exe

C:\Windows\System\ALgFKoT.exe

C:\Windows\System\ksOExRE.exe

C:\Windows\System\ksOExRE.exe

C:\Windows\System\PRqnMgl.exe

C:\Windows\System\PRqnMgl.exe

C:\Windows\System\xGXosAK.exe

C:\Windows\System\xGXosAK.exe

C:\Windows\System\qEBhsQm.exe

C:\Windows\System\qEBhsQm.exe

C:\Windows\System\AwGDNhh.exe

C:\Windows\System\AwGDNhh.exe

C:\Windows\System\VgwBCmU.exe

C:\Windows\System\VgwBCmU.exe

C:\Windows\System\CIYZQzS.exe

C:\Windows\System\CIYZQzS.exe

C:\Windows\System\MipmbgG.exe

C:\Windows\System\MipmbgG.exe

C:\Windows\System\RFPNhrh.exe

C:\Windows\System\RFPNhrh.exe

C:\Windows\System\vAYxDXb.exe

C:\Windows\System\vAYxDXb.exe

C:\Windows\System\ERhLimj.exe

C:\Windows\System\ERhLimj.exe

C:\Windows\System\voLODmq.exe

C:\Windows\System\voLODmq.exe

C:\Windows\System\ywsJUxD.exe

C:\Windows\System\ywsJUxD.exe

C:\Windows\System\rUsvsZK.exe

C:\Windows\System\rUsvsZK.exe

C:\Windows\System\jCVFaJH.exe

C:\Windows\System\jCVFaJH.exe

C:\Windows\System\NhFgMoW.exe

C:\Windows\System\NhFgMoW.exe

C:\Windows\System\NlBjySd.exe

C:\Windows\System\NlBjySd.exe

C:\Windows\System\CrRKXEF.exe

C:\Windows\System\CrRKXEF.exe

C:\Windows\System\PZAKbuz.exe

C:\Windows\System\PZAKbuz.exe

C:\Windows\System\jHdozmC.exe

C:\Windows\System\jHdozmC.exe

C:\Windows\System\ZRtCyYY.exe

C:\Windows\System\ZRtCyYY.exe

C:\Windows\System\GoZRina.exe

C:\Windows\System\GoZRina.exe

C:\Windows\System\LGamWNH.exe

C:\Windows\System\LGamWNH.exe

C:\Windows\System\mInAnPy.exe

C:\Windows\System\mInAnPy.exe

C:\Windows\System\qbpvKxL.exe

C:\Windows\System\qbpvKxL.exe

C:\Windows\System\bGKPDhc.exe

C:\Windows\System\bGKPDhc.exe

C:\Windows\System\ADlhzgF.exe

C:\Windows\System\ADlhzgF.exe

C:\Windows\System\OojnOwu.exe

C:\Windows\System\OojnOwu.exe

C:\Windows\System\SAOjpeN.exe

C:\Windows\System\SAOjpeN.exe

C:\Windows\System\wBBRjfo.exe

C:\Windows\System\wBBRjfo.exe

C:\Windows\System\IEReVcI.exe

C:\Windows\System\IEReVcI.exe

C:\Windows\System\ofnNpOX.exe

C:\Windows\System\ofnNpOX.exe

C:\Windows\System\uIlAnqj.exe

C:\Windows\System\uIlAnqj.exe

C:\Windows\System\BazqIru.exe

C:\Windows\System\BazqIru.exe

C:\Windows\System\EodyCEO.exe

C:\Windows\System\EodyCEO.exe

C:\Windows\System\XVCvgzn.exe

C:\Windows\System\XVCvgzn.exe

C:\Windows\System\DmozgmT.exe

C:\Windows\System\DmozgmT.exe

C:\Windows\System\oeGvGpQ.exe

C:\Windows\System\oeGvGpQ.exe

C:\Windows\System\xZEkyxo.exe

C:\Windows\System\xZEkyxo.exe

C:\Windows\System\uUjLGql.exe

C:\Windows\System\uUjLGql.exe

C:\Windows\System\QLePyGj.exe

C:\Windows\System\QLePyGj.exe

C:\Windows\System\bpMuFRj.exe

C:\Windows\System\bpMuFRj.exe

C:\Windows\System\iySZHKf.exe

C:\Windows\System\iySZHKf.exe

C:\Windows\System\SGuquVn.exe

C:\Windows\System\SGuquVn.exe

C:\Windows\System\kdDiACn.exe

C:\Windows\System\kdDiACn.exe

C:\Windows\System\FdENFGp.exe

C:\Windows\System\FdENFGp.exe

C:\Windows\System\DgXHvEp.exe

C:\Windows\System\DgXHvEp.exe

C:\Windows\System\NwgKlTb.exe

C:\Windows\System\NwgKlTb.exe

C:\Windows\System\jacjcLZ.exe

C:\Windows\System\jacjcLZ.exe

C:\Windows\System\TyGkdPj.exe

C:\Windows\System\TyGkdPj.exe

C:\Windows\System\EPeELQJ.exe

C:\Windows\System\EPeELQJ.exe

C:\Windows\System\uhrdvjR.exe

C:\Windows\System\uhrdvjR.exe

C:\Windows\System\BScQwSW.exe

C:\Windows\System\BScQwSW.exe

C:\Windows\System\ROayJJC.exe

C:\Windows\System\ROayJJC.exe

C:\Windows\System\xYeAwuh.exe

C:\Windows\System\xYeAwuh.exe

C:\Windows\System\dtzofFo.exe

C:\Windows\System\dtzofFo.exe

C:\Windows\System\HBZfUWX.exe

C:\Windows\System\HBZfUWX.exe

C:\Windows\System\Ocdhvwp.exe

C:\Windows\System\Ocdhvwp.exe

C:\Windows\System\naRlogy.exe

C:\Windows\System\naRlogy.exe

C:\Windows\System\KPRPqSR.exe

C:\Windows\System\KPRPqSR.exe

C:\Windows\System\rohIMcL.exe

C:\Windows\System\rohIMcL.exe

C:\Windows\System\hvaXlMq.exe

C:\Windows\System\hvaXlMq.exe

C:\Windows\System\RGbSnxw.exe

C:\Windows\System\RGbSnxw.exe

C:\Windows\System\GKhBvEt.exe

C:\Windows\System\GKhBvEt.exe

C:\Windows\System\urZICXO.exe

C:\Windows\System\urZICXO.exe

C:\Windows\System\RvtHEMd.exe

C:\Windows\System\RvtHEMd.exe

C:\Windows\System\GZdwzTU.exe

C:\Windows\System\GZdwzTU.exe

C:\Windows\System\uFEGzZY.exe

C:\Windows\System\uFEGzZY.exe

C:\Windows\System\YKKEqBV.exe

C:\Windows\System\YKKEqBV.exe

C:\Windows\System\YafYBil.exe

C:\Windows\System\YafYBil.exe

C:\Windows\System\jbubecB.exe

C:\Windows\System\jbubecB.exe

C:\Windows\System\ECXVZwi.exe

C:\Windows\System\ECXVZwi.exe

C:\Windows\System\uywrmNe.exe

C:\Windows\System\uywrmNe.exe

C:\Windows\System\CncGHYG.exe

C:\Windows\System\CncGHYG.exe

C:\Windows\System\GlMiZBr.exe

C:\Windows\System\GlMiZBr.exe

C:\Windows\System\qeHxVaF.exe

C:\Windows\System\qeHxVaF.exe

C:\Windows\System\ZobPjeH.exe

C:\Windows\System\ZobPjeH.exe

C:\Windows\System\cxAmlHn.exe

C:\Windows\System\cxAmlHn.exe

C:\Windows\System\wRhlldq.exe

C:\Windows\System\wRhlldq.exe

C:\Windows\System\fgEUHsR.exe

C:\Windows\System\fgEUHsR.exe

C:\Windows\System\GxjBqRn.exe

C:\Windows\System\GxjBqRn.exe

C:\Windows\System\uqpBEhJ.exe

C:\Windows\System\uqpBEhJ.exe

C:\Windows\System\EiYEfwq.exe

C:\Windows\System\EiYEfwq.exe

C:\Windows\System\sfOlthx.exe

C:\Windows\System\sfOlthx.exe

C:\Windows\System\xanjQrh.exe

C:\Windows\System\xanjQrh.exe

C:\Windows\System\acZctGB.exe

C:\Windows\System\acZctGB.exe

C:\Windows\System\dvEcMlI.exe

C:\Windows\System\dvEcMlI.exe

C:\Windows\System\yafjrNa.exe

C:\Windows\System\yafjrNa.exe

C:\Windows\System\RqRgydl.exe

C:\Windows\System\RqRgydl.exe

C:\Windows\System\WwzTNbj.exe

C:\Windows\System\WwzTNbj.exe

C:\Windows\System\AtYjKkk.exe

C:\Windows\System\AtYjKkk.exe

C:\Windows\System\lfgsWhD.exe

C:\Windows\System\lfgsWhD.exe

C:\Windows\System\WELhzqn.exe

C:\Windows\System\WELhzqn.exe

C:\Windows\System\BmBaSxt.exe

C:\Windows\System\BmBaSxt.exe

C:\Windows\System\CQLEPCA.exe

C:\Windows\System\CQLEPCA.exe

C:\Windows\System\FzGrZLZ.exe

C:\Windows\System\FzGrZLZ.exe

C:\Windows\System\oWnZDRM.exe

C:\Windows\System\oWnZDRM.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 52.111.229.43:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

memory/1496-0-0x00007FF7A0790000-0x00007FF7A0AE4000-memory.dmp

memory/1496-1-0x000001C144B50000-0x000001C144B60000-memory.dmp

C:\Windows\System\bQZTzFq.exe

MD5 5af638af6940cd90c188c5b5697a5745
SHA1 f3139ba8de0e09914b09707b087dc13145f56c64
SHA256 e6c0133bb8721d791785ea45987609ecc5defd3e76257f6a9006379e71746250
SHA512 84dd7e1660f936e538555782eeb861a0fec250b5e57b415ba88dc823a0578e413453da3d87619dc70d1c688cd09fcb51412eb74692c6c6ac1fb4ed04644132d4

memory/3100-10-0x00007FF6D18F0000-0x00007FF6D1C44000-memory.dmp

C:\Windows\System\vvdQlhJ.exe

MD5 5b7c94165aa9f589c3b68c1118c0fa3d
SHA1 cca0392041f6bd2152d6b8a7361f786899031ba0
SHA256 2737a4f5402b012cb4bbd54ebe70acb1da7e73030f2ac25297076a5f7ad526ab
SHA512 e8be3bc11e2205c3217b2eac4239f78fc42200a1a4084d65d7c8cde3483756473b0d929f725ba688ca0e66d7eeb7b8a552d7ac1930c1be77ff1af1ab78287f4a

memory/3092-14-0x00007FF6D86F0000-0x00007FF6D8A44000-memory.dmp

C:\Windows\System\PkHhCFO.exe

MD5 96948eb578539d0b02fd68f628d346d6
SHA1 b1453053f345e43dbc560f485670c32cdc079bbc
SHA256 10c942c481bb8f714f83cc3bb790330b489c74de0ca2584eb9bdefea63c7faa1
SHA512 b49f067d117d4b60e499e9b36dba0fe1ec32cddf816fc95174907d545bdc1010e89f23ec197983055534aeb78ebc3b84fb75fbde8b652c363fb3abcffd556aab

C:\Windows\System\plFDIII.exe

MD5 df22b054bb142fa64c8425b7a7cd1ad5
SHA1 8ba382412052535f5853584d11bc938d5f63b5dd
SHA256 dc3c19dec38d3d4bde4b73182746d53ec10bc8548354cf56597383c0816268a7
SHA512 acb8128737dafc86f875e0969b377095a84657b6a5b0af19fe3ba6ac259b2a43c1e07d03886243d6961b43ecc61dfe5640966aeff50b9d96fde00965e65ac423

memory/4536-22-0x00007FF676F90000-0x00007FF6772E4000-memory.dmp

C:\Windows\System\GtMeOuI.exe

MD5 b462eb2d219ec5d808004b3f7ad2f81c
SHA1 8d3f6e5c3c84ddc14fa66eb2be50a94428aa6862
SHA256 077d901937108bec5f1c539850f104ef7daf7ed09bcee7c955cada4537e1b18a
SHA512 6a574564143fad44b8f027f925d717d617eb4932ff97144911b0647aee752e1b2e4333ced78d3905211f564a99553fc56733cf9655957cac8625c7b28860fa81

memory/4680-32-0x00007FF664AE0000-0x00007FF664E34000-memory.dmp

memory/3348-33-0x00007FF7DB050000-0x00007FF7DB3A4000-memory.dmp

C:\Windows\System\FdYDASt.exe

MD5 8a00e9f46db1e162348a8015f93dab33
SHA1 947ba647a6e6ea79e6782cbf99a3447a2da99b8b
SHA256 0be9b4910b78aae322303bbb4328356a319aed83325955e0b1774806e83d66e7
SHA512 2ff5cf3036b4ccd043df57d2d29117b12c3987f0382891ce86ace820e35a1bedf19ddca4a387fd9ad3b37b3224e5a3aa1b6f178628c436ef7ee54edcc506089a

C:\Windows\System\JwcdWXe.exe

MD5 5346502b32e083a93339b28413688f34
SHA1 73f10ad42f25fc7a6304a4891709b8c3726d81fe
SHA256 331e26e838ec2a776405f2363d1593b56f5c54997bb605fd11488d8e09036774
SHA512 70b6b2c736fbdde053a143a43e5a7106596218f1396ed6826e6be8ce687cc27b511106cd62b3d8afc3b27a8c39d544e21dab73108774f141b335b5abb600e708

memory/1512-45-0x00007FF6FAC60000-0x00007FF6FAFB4000-memory.dmp

C:\Windows\System\mqJhSPK.exe

MD5 91cf36be325233478bc30561454890f9
SHA1 d42a4710af01d959dd0e46155096f1983a0ca1ad
SHA256 36355dc6547f812c9176d5b4663f8c0ca7b162d0e9970db75b12c07de57ce0a1
SHA512 618fd39b37ff4be42045159c11486ca9b02727a3d3467e175d08114b95b5ec96eb948f4ac75d57f09c4c295a488949a07442b063a704b0d82a8268ea2f694dda

C:\Windows\System\eNUcTIJ.exe

MD5 24cd31caac9b4546a484bfc0e0fbff50
SHA1 14f7469bfb169162b13c4a66135344c02c924255
SHA256 70b234f488166ec13d8181b8d8266176c559afc86a8dc2d575b3b438dd03d08d
SHA512 6ca60d123c5162ebdff42f75f1b02ae655975627bee5549139243e4aa3f27dfac76744225aa00c67bf50bd5f00b20aab2428925710f202bdfbc50dacbed1cabb

C:\Windows\System\EAIIkPX.exe

MD5 74acad6a2c94a3960b69dfae40edf286
SHA1 ba86e9738897377418630701e267964480ae9ecf
SHA256 fe1da537f75b64b8337f526c7ca3102d789d7ca7f177b90552da6c697309de12
SHA512 accf8f5386cec4e4c231568f35a3feb35bfd7559245cc8dd0ca3075ee5afa68ba9e47036fc214391bfa9054f583c4d7e33a1b4009909de8dc68f1a269ece5994

C:\Windows\System\MmLCHxh.exe

MD5 7313c3210769e64393adbd6d7ecea8c4
SHA1 ce4cd50cf1347a0b5246ccd24db7a1c66f5f5843
SHA256 cb7245c82c3d66946cb0f0311ba5a62f8b9bfbdccce0b4385fccbd67d0951eda
SHA512 9e94223da139ff5b75b9bdb78b5ddd94996ea29af3443d427de64bec800785c48277db83802c73d72216ba26d4b93bb5ba8020673c7eadd4d509211df9a153c7

C:\Windows\System\ZbOrGwZ.exe

MD5 046a0f87f75f79d13ae70f4c305b8860
SHA1 b2126d729f4a45b0f98f6e36cbf16b892b7e16dd
SHA256 ca2d2212e51c726c5d7b956bb4d4248e4bb644148da22d602c86f1e5bc7ce93a
SHA512 6fa556858675ccd0176a2d4b611b88c6792784a4f201068d4158eed2323334ffd7306e06934323573f98097af1138bb83267f9e49ce910ce55f68b53a2ee0e1f

C:\Windows\System\nzhcnyG.exe

MD5 50463ee28d4758ed9c9c10690a2fd79b
SHA1 893210afcf5fd93a8107b558c85384e8c1d500b1
SHA256 7690b5a06f8f2a7280a70a52dd91f0ca8b77d8b1de3f1fc5e55492556022c401
SHA512 bc0a6af80d096791afa5a809bab4c4f372376b276d72a0ca24e8d3ccc8afef03551a96b1b88a51b89016dc0d66d200a5ff6479094f23e237ecedcff84d6e07b1

C:\Windows\System\pFcQfmG.exe

MD5 ed2b2cc0c3c2ce09f17a041de76ec682
SHA1 41b76779355f34a5a6d22c1f643ef00654f33332
SHA256 a7de540621a4cb0a57ee58f6eee90c3bdd637a02eae93ca2c2b11ee560815da3
SHA512 9e9bd90d17ebcae663d1313bd925ee7e42603c0a6c387b44c650296c8346164c6b1f607934d53dfc60db613e45d3c1bec08af23425ce3a7056f546191b39869f

memory/4104-385-0x00007FF6BD370000-0x00007FF6BD6C4000-memory.dmp

memory/1836-388-0x00007FF63EB60000-0x00007FF63EEB4000-memory.dmp

memory/4692-403-0x00007FF6FE310000-0x00007FF6FE664000-memory.dmp

memory/4516-404-0x00007FF6851B0000-0x00007FF685504000-memory.dmp

memory/2336-400-0x00007FF638AC0000-0x00007FF638E14000-memory.dmp

memory/1972-399-0x00007FF774A10000-0x00007FF774D64000-memory.dmp

memory/4268-396-0x00007FF6A9E20000-0x00007FF6AA174000-memory.dmp

memory/3724-389-0x00007FF747F40000-0x00007FF748294000-memory.dmp

memory/3568-387-0x00007FF777AD0000-0x00007FF777E24000-memory.dmp

memory/1304-413-0x00007FF710980000-0x00007FF710CD4000-memory.dmp

memory/1112-414-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp

memory/4588-415-0x00007FF667150000-0x00007FF6674A4000-memory.dmp

memory/4428-416-0x00007FF64A4E0000-0x00007FF64A834000-memory.dmp

memory/2388-412-0x00007FF6EBA50000-0x00007FF6EBDA4000-memory.dmp

memory/4244-417-0x00007FF7B5B90000-0x00007FF7B5EE4000-memory.dmp

memory/60-433-0x00007FF76FAC0000-0x00007FF76FE14000-memory.dmp

memory/2948-427-0x00007FF68BFD0000-0x00007FF68C324000-memory.dmp

memory/1700-423-0x00007FF62FE70000-0x00007FF6301C4000-memory.dmp

memory/4560-420-0x00007FF78DC80000-0x00007FF78DFD4000-memory.dmp

memory/1208-418-0x00007FF7E0840000-0x00007FF7E0B94000-memory.dmp

C:\Windows\System\qCYcEiv.exe

MD5 8bd963ec5dd0d473c6866dc61a257c9c
SHA1 76b57c7657551193f1509f4c4dc11db4c9ceae98
SHA256 adbe80cd6c4f1ab9a107e55b12e12171507fd22a3bee93ddc5eb0484408f2040
SHA512 781c9a8b5e85f066b68f9add18a876b2b5860fd47a122828488bb810b02c0090a293bc170506319ffbbff9f0e7c7e3796a66b542f126882f6cb7e11ce6ac5a3f

C:\Windows\System\HnqfEaN.exe

MD5 e51c8aeb3bfe1a66c58bbb6c99e6dcdf
SHA1 2512c202e859bc669049586a26c289fec45a10e9
SHA256 1ea811aa1ef70fab4ca60c1744614a416762d73b73b5d6ef6175a79c19a4a74e
SHA512 266a560d7d91fd5373942e4472104986ace932246569750da7b92b9f922ccb6320b32554946a0f1635d7a11260debdee321eb976325ef644e10b64467a88e9ec

C:\Windows\System\hDwLuzV.exe

MD5 d500385a97ae45e60bd359bb23392ca8
SHA1 1b9db4bed24b3e094242c0eb331ecbaa9c591343
SHA256 1f9d5359fb71fb9c971271351f2a789aa71b0c7d1a8b5fa2bbe4906190164532
SHA512 153037a9c340097c6e7ddb1409f3c1049fd05cdc482ef11d88d549f50099edc31585534622d31a026900a7691c54d99118dd87a8b07e2bf38d00fce4cb165c45

C:\Windows\System\xjNrbwu.exe

MD5 3095de172cf0dae820748e4f7d1be475
SHA1 c842a8397d47bffcb5c7fba65ec88c846a0364cc
SHA256 9763ac38235f0309bc9989e1d620967a2f5108278e6da8c2f1ea9054f752acb9
SHA512 0e3e872081a8510f45427f7024f18f3fa17e3b218a95874cf556fe6ae0867f837e051b25a1dc43e7966a5b35e3e23c81edd58d68e95bb4eba48c045c7e992fa1

C:\Windows\System\TfCTlxT.exe

MD5 72c6a895a737ca23e4fc98aeabbe450d
SHA1 8ba65cfa4ac82cf6aaeca3671a560a7d348cfe57
SHA256 15f1ed14cbd6414a25a84b8d2708999b2e74fdd3d78a2483ca917285e7e1677c
SHA512 53e84cfc1c22ed14494f46337f1de859dd4d5ceff4953966030115bbc4cdb956e6a3f04d3134d41c29a0112979e4388678c4cb8ed09523f445d35572d2ba0de4

C:\Windows\System\DRBssok.exe

MD5 ab614dee8a151321cad0633ab10fbbf8
SHA1 6d577d9631c0f95035127b0e1e2ac758297afc8e
SHA256 0b154814da7d4a83f42a1d4204e796072cf7cf715fff1737b1481818331a37ac
SHA512 ed4a21069ae07e07eb139bcbea9f91f4e9b71fc3d88d1e4e2ebd711bab594ede4d2ce724983b5f6ebe3da695b397381c7e3610213e733d0bfd61078fdee83cef

C:\Windows\System\wBtxPVV.exe

MD5 e64c81699b5a2e05df64a5f00d6b2c80
SHA1 05a73d5e8247cd223b04db3e3e1e56aaa6a8042e
SHA256 b71e38ea1ea342ac2e186227dcfcdbf9df65aa05d630aa708b51d5aec05fed9f
SHA512 f772011b5ab91c3654a37de5ab6ba4d79adb979bb80559ec10cec1e8c84946b2193d7b95ae48edc0dfadd79963e6339c079f51fcc4daa7d06cdeb0abc1368e97

C:\Windows\System\hcpbVTG.exe

MD5 0bca4034db09ab7d65ec1a58a2fd8cf7
SHA1 3ee556cf92f14e22877ca8b99f0da7401a7e2998
SHA256 7468639c7b222b167ee96af7d8227de8aff8be0ff3a2119b8fdfdfb7bd001a19
SHA512 d928c2d169eb50058dcdf518ed781fd0c57a27430303fa762bdc8f08dde59056b79ff7f10b7fa3d5e1711ef2016a8d00b4bf77dcc0fcc538a02c27b6e0371a0d

C:\Windows\System\ZhrxCCE.exe

MD5 679fe0fe9b7496b04d33b9947c4c8ac5
SHA1 8a2a20833ef0c56e613606b1069bbcdc991662c2
SHA256 e38d5b775cb7379318a8133f6ab00a59ace46d28178a3747bfdbc87a26b5edde
SHA512 6a40b9484c093a7764e81de6b777d30441a17f49782a79de4050ffcb47a1dfc06219a64796e2bea8794ae1a68440092f6c79cce975ca384477bfd76db3b849ae

C:\Windows\System\NqAGBfw.exe

MD5 518e905043861a363edf469a308d15ce
SHA1 e2c31cd719e787bbb79ad212d2f8418d87dadd50
SHA256 d4a7e46f61589f943e52d5530649bed0b3d2e7c610ae3d99fbbcb4d0bb70db28
SHA512 47173bddbdc5252a7aeffe0ff91cad637a54bd4607c9b225311d55db952dea3ea8ad5bef9378f8e9fb18cfa37bd97e3991a801b8bf7280bb2d28d337d5cf6783

C:\Windows\System\XitHjTY.exe

MD5 c7f0c122a4596ff58a5a9f7e5af45946
SHA1 b659765a429763bd445397fc7b818c9c6a384567
SHA256 8c55af53245a93455ed419392d7a41729fab7037ab995c354614e1b675b21a79
SHA512 d5db35b55659356dcde7c31b47bde02dea5c85070a0c32264c51186f1c1b01abee930c033c463f33791aef443d77f5d8f8189a44fbc6fe8360f46d34c03b105f

C:\Windows\System\QZbsxfc.exe

MD5 df3b6cc85e699f5e7a1341fc52a6475d
SHA1 18df58f3b280cefb2caf55dc24948f300ba60fe3
SHA256 0bc769ad26af8af3d28b3ef7199ca4ec0d36642707ee209a56a43e5543556e93
SHA512 f4b529205dd7d1905db33071531fce65a1526f8d621401cc5dec6276cf20e78048f5a6b29e38c2dc205ac8290e5c6b2eed3f908caf947e9960d239ba7cc27d4c

C:\Windows\System\BwlqQWl.exe

MD5 caf804a76804d5b588c01f3b099c6945
SHA1 759cec29c005667377ec0e23913204cb6b6267ee
SHA256 3761f68afa76cdf6d4780e98f25b8f0ddfc0921869518e03f57db411c8962925
SHA512 b055acb9ab13ed8d2923a508a2204bcc534d35b46145c185b6bfb9c9d044b813d3c1f2df8654984782501503d99edcc422928899de8ce5697c30db25f191ea7b

C:\Windows\System\PYdFeHS.exe

MD5 94cea996394b249606055c40f1a0526c
SHA1 010e2bf5bee8a06c10a58ec3bfc6ece6e23637cc
SHA256 829372d8200e89894c44aee47632271be10da3d5b29cc5c930e93fe8e968e5dd
SHA512 617121ff1c9a7a372d7cc5da956ca6755480dab2b5e03cbda67ea1de410d2e1d1b8d6ad2039d00256bab5060158996e8565d16c30c4678f4ccb8270c85f7627b

C:\Windows\System\HnwzItJ.exe

MD5 058a5838ef9196888f15cf7ef294884f
SHA1 784a7a643b866090d8a7b4fad2fc8c36fe98bd59
SHA256 a9e4b96a852aa908a8c650b22b04e259b0bb3546b61df3881865fb6e8971e4ba
SHA512 87c7be54e23e73f705d187e1493ed79805366c3a9c67ac0b5975ed0465cf59dd690f1ee64e24f2907d5167bec4a423978dad1e54782e6ba13243104f7d70fd5c

C:\Windows\System\RICbOAx.exe

MD5 eebe9fb63a9bd475fccde24606f68216
SHA1 abf6b9bca80ea5fc796d0ca27ab7c99885f6342c
SHA256 3cb7795df509dc1e8783cfef473b53dbe5be07d318536b65db1494f16c79f608
SHA512 4b642513a7720af6181e20552ef26440d7705d69a47257b19aa37a292714ec54cc7a333b032033e9285db019b08977702a8fe7bb6a8f1dc12a6cbcd0b8ff1f2c

C:\Windows\System\hXAXPhY.exe

MD5 064b846d9f69a145e8925ba0c228f4b0
SHA1 bac1e0a9862a661b2e5ec42e3a994fbf9c41f426
SHA256 ad03500a67a05736e26ed98291551adcacb75498f540b29594d7ff02468cff0d
SHA512 ccf0ff02d9bee2ad16062b6d50540c37d1eba2b7675c410768ff4aae93709fe63b95358571da2d1301a87d6fc6961bc58aab8d57a0ff7e3021025e6c1ce8f0d1

C:\Windows\System\cFzjxzn.exe

MD5 998cc8ac086c4b11fbbcf9ceed3e62d7
SHA1 fbc8c4a7693f60ad197a9587cfdf49c7e3f2b061
SHA256 9811c50055d9d2245f86f05d18dec655904dd0603320e1048daf4c87d4f25449
SHA512 e23a484de14f3598f365471171b342487591161538e34dc7c0a0d933499556185259e932c57a494d74643217e455570a4be1d5153e1896cf62cf12f6b0e33132

memory/1148-53-0x00007FF69BC70000-0x00007FF69BFC4000-memory.dmp

memory/828-52-0x00007FF6655A0000-0x00007FF6658F4000-memory.dmp

C:\Windows\System\cEtCxSq.exe

MD5 477eab3610a579d4236e791fcf75481c
SHA1 899b5b0092d64bbff4a765907c2a6f09f47f3257
SHA256 33446d9a1ef8c8d3041ce5418dd783c3a7f34bab83acdae54c9fd0a9d4741170
SHA512 9b12e02ac69d6fdf0e758321eba48e8f103cfcd7a83de349c642f3bcb6163fec117f43dcb5f71ead2fbec4e353cd708268e7c81bf80d541bb9493b8542068c2f

memory/2400-47-0x00007FF755150000-0x00007FF7554A4000-memory.dmp

memory/1496-1070-0x00007FF7A0790000-0x00007FF7A0AE4000-memory.dmp

memory/3100-1071-0x00007FF6D18F0000-0x00007FF6D1C44000-memory.dmp

memory/3092-1072-0x00007FF6D86F0000-0x00007FF6D8A44000-memory.dmp

memory/3348-1073-0x00007FF7DB050000-0x00007FF7DB3A4000-memory.dmp

memory/828-1074-0x00007FF6655A0000-0x00007FF6658F4000-memory.dmp

memory/1148-1075-0x00007FF69BC70000-0x00007FF69BFC4000-memory.dmp

memory/3100-1076-0x00007FF6D18F0000-0x00007FF6D1C44000-memory.dmp

memory/3092-1077-0x00007FF6D86F0000-0x00007FF6D8A44000-memory.dmp

memory/4536-1078-0x00007FF676F90000-0x00007FF6772E4000-memory.dmp

memory/4680-1079-0x00007FF664AE0000-0x00007FF664E34000-memory.dmp

memory/1512-1082-0x00007FF6FAC60000-0x00007FF6FAFB4000-memory.dmp

memory/2400-1081-0x00007FF755150000-0x00007FF7554A4000-memory.dmp

memory/3348-1080-0x00007FF7DB050000-0x00007FF7DB3A4000-memory.dmp

memory/828-1083-0x00007FF6655A0000-0x00007FF6658F4000-memory.dmp

memory/1148-1084-0x00007FF69BC70000-0x00007FF69BFC4000-memory.dmp

memory/4104-1085-0x00007FF6BD370000-0x00007FF6BD6C4000-memory.dmp

memory/3568-1086-0x00007FF777AD0000-0x00007FF777E24000-memory.dmp

memory/3724-1088-0x00007FF747F40000-0x00007FF748294000-memory.dmp

memory/1836-1087-0x00007FF63EB60000-0x00007FF63EEB4000-memory.dmp

memory/2336-1094-0x00007FF638AC0000-0x00007FF638E14000-memory.dmp

memory/1972-1103-0x00007FF774A10000-0x00007FF774D64000-memory.dmp

memory/60-1104-0x00007FF76FAC0000-0x00007FF76FE14000-memory.dmp

memory/2388-1102-0x00007FF6EBA50000-0x00007FF6EBDA4000-memory.dmp

memory/1112-1100-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp

memory/1700-1097-0x00007FF62FE70000-0x00007FF6301C4000-memory.dmp

memory/2948-1096-0x00007FF68BFD0000-0x00007FF68C324000-memory.dmp

memory/4268-1095-0x00007FF6A9E20000-0x00007FF6AA174000-memory.dmp

memory/4516-1093-0x00007FF6851B0000-0x00007FF685504000-memory.dmp

memory/4692-1092-0x00007FF6FE310000-0x00007FF6FE664000-memory.dmp

memory/1304-1101-0x00007FF710980000-0x00007FF710CD4000-memory.dmp

memory/4588-1099-0x00007FF667150000-0x00007FF6674A4000-memory.dmp

memory/4428-1098-0x00007FF64A4E0000-0x00007FF64A834000-memory.dmp

memory/1208-1090-0x00007FF7E0840000-0x00007FF7E0B94000-memory.dmp

memory/4560-1089-0x00007FF78DC80000-0x00007FF78DFD4000-memory.dmp

memory/4244-1091-0x00007FF7B5B90000-0x00007FF7B5EE4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:26

Reported

2024-06-02 04:29

Platform

win7-20240221-en

Max time kernel

129s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oxSwFIE.exe N/A
N/A N/A C:\Windows\System\RfDYBKR.exe N/A
N/A N/A C:\Windows\System\rvcBKDa.exe N/A
N/A N/A C:\Windows\System\SNsKvJv.exe N/A
N/A N/A C:\Windows\System\wXJKqSH.exe N/A
N/A N/A C:\Windows\System\ytUBoXL.exe N/A
N/A N/A C:\Windows\System\WfqGMoq.exe N/A
N/A N/A C:\Windows\System\cmazWbn.exe N/A
N/A N/A C:\Windows\System\PRsHbYp.exe N/A
N/A N/A C:\Windows\System\jpXWyfA.exe N/A
N/A N/A C:\Windows\System\LhMnbFq.exe N/A
N/A N/A C:\Windows\System\SLvBjwA.exe N/A
N/A N/A C:\Windows\System\YEmFNqx.exe N/A
N/A N/A C:\Windows\System\SHWdZuc.exe N/A
N/A N/A C:\Windows\System\UeFzZkX.exe N/A
N/A N/A C:\Windows\System\LTpDdzY.exe N/A
N/A N/A C:\Windows\System\AziqtVO.exe N/A
N/A N/A C:\Windows\System\HuiiUwk.exe N/A
N/A N/A C:\Windows\System\rBArUaZ.exe N/A
N/A N/A C:\Windows\System\Ehwkoqs.exe N/A
N/A N/A C:\Windows\System\vTKaDKQ.exe N/A
N/A N/A C:\Windows\System\zwuutqg.exe N/A
N/A N/A C:\Windows\System\yBSYCgW.exe N/A
N/A N/A C:\Windows\System\ZYadvGO.exe N/A
N/A N/A C:\Windows\System\QYSKpNf.exe N/A
N/A N/A C:\Windows\System\tDjGJAo.exe N/A
N/A N/A C:\Windows\System\NKnzdTH.exe N/A
N/A N/A C:\Windows\System\VnoWfQI.exe N/A
N/A N/A C:\Windows\System\eFDlNrJ.exe N/A
N/A N/A C:\Windows\System\tfFRaGT.exe N/A
N/A N/A C:\Windows\System\qqmpdZB.exe N/A
N/A N/A C:\Windows\System\bBKsuoB.exe N/A
N/A N/A C:\Windows\System\lwFJucI.exe N/A
N/A N/A C:\Windows\System\lgOHJsQ.exe N/A
N/A N/A C:\Windows\System\AGootJR.exe N/A
N/A N/A C:\Windows\System\YUKzyRT.exe N/A
N/A N/A C:\Windows\System\HOltEcQ.exe N/A
N/A N/A C:\Windows\System\zIaCSBP.exe N/A
N/A N/A C:\Windows\System\TTltoGs.exe N/A
N/A N/A C:\Windows\System\UjwajtG.exe N/A
N/A N/A C:\Windows\System\dLHntHt.exe N/A
N/A N/A C:\Windows\System\tNxoMKn.exe N/A
N/A N/A C:\Windows\System\TnuBUdv.exe N/A
N/A N/A C:\Windows\System\CPYCMtv.exe N/A
N/A N/A C:\Windows\System\GJuYVsp.exe N/A
N/A N/A C:\Windows\System\kAujHMC.exe N/A
N/A N/A C:\Windows\System\fQTjkTf.exe N/A
N/A N/A C:\Windows\System\LvQQvEf.exe N/A
N/A N/A C:\Windows\System\ZEEIlaM.exe N/A
N/A N/A C:\Windows\System\nYqjpIK.exe N/A
N/A N/A C:\Windows\System\EelMYVp.exe N/A
N/A N/A C:\Windows\System\AYJrgUj.exe N/A
N/A N/A C:\Windows\System\yDEbvii.exe N/A
N/A N/A C:\Windows\System\xKwdPfs.exe N/A
N/A N/A C:\Windows\System\TTYUCqQ.exe N/A
N/A N/A C:\Windows\System\XzlPKLR.exe N/A
N/A N/A C:\Windows\System\gSUXjih.exe N/A
N/A N/A C:\Windows\System\UEHgQIW.exe N/A
N/A N/A C:\Windows\System\HDQzQPZ.exe N/A
N/A N/A C:\Windows\System\YXOZpTZ.exe N/A
N/A N/A C:\Windows\System\GZhDMpE.exe N/A
N/A N/A C:\Windows\System\jWVgzAy.exe N/A
N/A N/A C:\Windows\System\ERhDyqf.exe N/A
N/A N/A C:\Windows\System\vHFYAUb.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nSJalIU.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUugtDv.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUWCAKN.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjilJzd.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWZlfXL.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRbuGqh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkuTqHF.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovFyvpL.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xcNFzOs.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYqiEZO.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhMnbFq.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWrxZzp.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MDDrKbN.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFQBXkj.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHyVjpz.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\boEuFfu.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsDzRFh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gcuuwhx.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkzsYvx.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\loIaNqU.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXoEGTq.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TWHvzZk.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZLulEO.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qrnpHJm.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfDYBKR.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDEbvii.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ociOutx.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jdiTwYi.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ERhDyqf.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRQATtS.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGHxYmw.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LEQwJgG.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBKsuoB.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xvweyIz.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaRUOQy.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LSeBPpQ.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpIGeiT.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xXnAwnl.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcXeTRn.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWEknaR.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Narwyvs.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xuYROSe.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVXpNcX.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSUXjih.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SrKQSzh.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xuXCkYs.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTYUCqQ.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCxYSTw.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJCYZxB.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PwtbupH.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFHpQaX.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaXiMlr.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EAxmzQW.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuiiUwk.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fARIGni.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMaLdDi.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDMTDZH.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPxZBWf.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOioKYU.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pNHeJnX.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHWdZuc.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJuYVsp.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IziNYRQ.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBNDvcU.exe C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\oxSwFIE.exe
PID 2072 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\oxSwFIE.exe
PID 2072 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\oxSwFIE.exe
PID 2072 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\RfDYBKR.exe
PID 2072 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\RfDYBKR.exe
PID 2072 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\RfDYBKR.exe
PID 2072 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\rvcBKDa.exe
PID 2072 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\rvcBKDa.exe
PID 2072 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\rvcBKDa.exe
PID 2072 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ytUBoXL.exe
PID 2072 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ytUBoXL.exe
PID 2072 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ytUBoXL.exe
PID 2072 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SNsKvJv.exe
PID 2072 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SNsKvJv.exe
PID 2072 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SNsKvJv.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\WfqGMoq.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\WfqGMoq.exe
PID 2072 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\WfqGMoq.exe
PID 2072 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\wXJKqSH.exe
PID 2072 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\wXJKqSH.exe
PID 2072 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\wXJKqSH.exe
PID 2072 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\zwuutqg.exe
PID 2072 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\zwuutqg.exe
PID 2072 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\zwuutqg.exe
PID 2072 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cmazWbn.exe
PID 2072 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cmazWbn.exe
PID 2072 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\cmazWbn.exe
PID 2072 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\yBSYCgW.exe
PID 2072 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\yBSYCgW.exe
PID 2072 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\yBSYCgW.exe
PID 2072 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PRsHbYp.exe
PID 2072 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PRsHbYp.exe
PID 2072 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\PRsHbYp.exe
PID 2072 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZYadvGO.exe
PID 2072 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZYadvGO.exe
PID 2072 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\ZYadvGO.exe
PID 2072 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\jpXWyfA.exe
PID 2072 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\jpXWyfA.exe
PID 2072 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\jpXWyfA.exe
PID 2072 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\QYSKpNf.exe
PID 2072 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\QYSKpNf.exe
PID 2072 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\QYSKpNf.exe
PID 2072 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\LhMnbFq.exe
PID 2072 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\LhMnbFq.exe
PID 2072 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\LhMnbFq.exe
PID 2072 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\tDjGJAo.exe
PID 2072 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\tDjGJAo.exe
PID 2072 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\tDjGJAo.exe
PID 2072 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SLvBjwA.exe
PID 2072 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SLvBjwA.exe
PID 2072 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SLvBjwA.exe
PID 2072 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\NKnzdTH.exe
PID 2072 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\NKnzdTH.exe
PID 2072 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\NKnzdTH.exe
PID 2072 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\YEmFNqx.exe
PID 2072 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\YEmFNqx.exe
PID 2072 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\YEmFNqx.exe
PID 2072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\VnoWfQI.exe
PID 2072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\VnoWfQI.exe
PID 2072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\VnoWfQI.exe
PID 2072 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SHWdZuc.exe
PID 2072 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SHWdZuc.exe
PID 2072 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\SHWdZuc.exe
PID 2072 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe C:\Windows\System\tfFRaGT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3691ae97044f7d73c8e8403317421d10_NeikiAnalytics.exe"

C:\Windows\System\oxSwFIE.exe

C:\Windows\System\oxSwFIE.exe

C:\Windows\System\RfDYBKR.exe

C:\Windows\System\RfDYBKR.exe

C:\Windows\System\rvcBKDa.exe

C:\Windows\System\rvcBKDa.exe

C:\Windows\System\ytUBoXL.exe

C:\Windows\System\ytUBoXL.exe

C:\Windows\System\SNsKvJv.exe

C:\Windows\System\SNsKvJv.exe

C:\Windows\System\WfqGMoq.exe

C:\Windows\System\WfqGMoq.exe

C:\Windows\System\wXJKqSH.exe

C:\Windows\System\wXJKqSH.exe

C:\Windows\System\zwuutqg.exe

C:\Windows\System\zwuutqg.exe

C:\Windows\System\cmazWbn.exe

C:\Windows\System\cmazWbn.exe

C:\Windows\System\yBSYCgW.exe

C:\Windows\System\yBSYCgW.exe

C:\Windows\System\PRsHbYp.exe

C:\Windows\System\PRsHbYp.exe

C:\Windows\System\ZYadvGO.exe

C:\Windows\System\ZYadvGO.exe

C:\Windows\System\jpXWyfA.exe

C:\Windows\System\jpXWyfA.exe

C:\Windows\System\QYSKpNf.exe

C:\Windows\System\QYSKpNf.exe

C:\Windows\System\LhMnbFq.exe

C:\Windows\System\LhMnbFq.exe

C:\Windows\System\tDjGJAo.exe

C:\Windows\System\tDjGJAo.exe

C:\Windows\System\SLvBjwA.exe

C:\Windows\System\SLvBjwA.exe

C:\Windows\System\NKnzdTH.exe

C:\Windows\System\NKnzdTH.exe

C:\Windows\System\YEmFNqx.exe

C:\Windows\System\YEmFNqx.exe

C:\Windows\System\VnoWfQI.exe

C:\Windows\System\VnoWfQI.exe

C:\Windows\System\SHWdZuc.exe

C:\Windows\System\SHWdZuc.exe

C:\Windows\System\tfFRaGT.exe

C:\Windows\System\tfFRaGT.exe

C:\Windows\System\UeFzZkX.exe

C:\Windows\System\UeFzZkX.exe

C:\Windows\System\qqmpdZB.exe

C:\Windows\System\qqmpdZB.exe

C:\Windows\System\LTpDdzY.exe

C:\Windows\System\LTpDdzY.exe

C:\Windows\System\bBKsuoB.exe

C:\Windows\System\bBKsuoB.exe

C:\Windows\System\AziqtVO.exe

C:\Windows\System\AziqtVO.exe

C:\Windows\System\lwFJucI.exe

C:\Windows\System\lwFJucI.exe

C:\Windows\System\HuiiUwk.exe

C:\Windows\System\HuiiUwk.exe

C:\Windows\System\lgOHJsQ.exe

C:\Windows\System\lgOHJsQ.exe

C:\Windows\System\rBArUaZ.exe

C:\Windows\System\rBArUaZ.exe

C:\Windows\System\AGootJR.exe

C:\Windows\System\AGootJR.exe

C:\Windows\System\Ehwkoqs.exe

C:\Windows\System\Ehwkoqs.exe

C:\Windows\System\YUKzyRT.exe

C:\Windows\System\YUKzyRT.exe

C:\Windows\System\vTKaDKQ.exe

C:\Windows\System\vTKaDKQ.exe

C:\Windows\System\HOltEcQ.exe

C:\Windows\System\HOltEcQ.exe

C:\Windows\System\eFDlNrJ.exe

C:\Windows\System\eFDlNrJ.exe

C:\Windows\System\zIaCSBP.exe

C:\Windows\System\zIaCSBP.exe

C:\Windows\System\TTltoGs.exe

C:\Windows\System\TTltoGs.exe

C:\Windows\System\tNxoMKn.exe

C:\Windows\System\tNxoMKn.exe

C:\Windows\System\UjwajtG.exe

C:\Windows\System\UjwajtG.exe

C:\Windows\System\CPYCMtv.exe

C:\Windows\System\CPYCMtv.exe

C:\Windows\System\dLHntHt.exe

C:\Windows\System\dLHntHt.exe

C:\Windows\System\GJuYVsp.exe

C:\Windows\System\GJuYVsp.exe

C:\Windows\System\TnuBUdv.exe

C:\Windows\System\TnuBUdv.exe

C:\Windows\System\kAujHMC.exe

C:\Windows\System\kAujHMC.exe

C:\Windows\System\fQTjkTf.exe

C:\Windows\System\fQTjkTf.exe

C:\Windows\System\LvQQvEf.exe

C:\Windows\System\LvQQvEf.exe

C:\Windows\System\ZEEIlaM.exe

C:\Windows\System\ZEEIlaM.exe

C:\Windows\System\nYqjpIK.exe

C:\Windows\System\nYqjpIK.exe

C:\Windows\System\EelMYVp.exe

C:\Windows\System\EelMYVp.exe

C:\Windows\System\yDEbvii.exe

C:\Windows\System\yDEbvii.exe

C:\Windows\System\AYJrgUj.exe

C:\Windows\System\AYJrgUj.exe

C:\Windows\System\xKwdPfs.exe

C:\Windows\System\xKwdPfs.exe

C:\Windows\System\TTYUCqQ.exe

C:\Windows\System\TTYUCqQ.exe

C:\Windows\System\XzlPKLR.exe

C:\Windows\System\XzlPKLR.exe

C:\Windows\System\gSUXjih.exe

C:\Windows\System\gSUXjih.exe

C:\Windows\System\UEHgQIW.exe

C:\Windows\System\UEHgQIW.exe

C:\Windows\System\HDQzQPZ.exe

C:\Windows\System\HDQzQPZ.exe

C:\Windows\System\YXOZpTZ.exe

C:\Windows\System\YXOZpTZ.exe

C:\Windows\System\GZhDMpE.exe

C:\Windows\System\GZhDMpE.exe

C:\Windows\System\ERhDyqf.exe

C:\Windows\System\ERhDyqf.exe

C:\Windows\System\jWVgzAy.exe

C:\Windows\System\jWVgzAy.exe

C:\Windows\System\vHFYAUb.exe

C:\Windows\System\vHFYAUb.exe

C:\Windows\System\POsAGRp.exe

C:\Windows\System\POsAGRp.exe

C:\Windows\System\yTagQOY.exe

C:\Windows\System\yTagQOY.exe

C:\Windows\System\ZtFtkHx.exe

C:\Windows\System\ZtFtkHx.exe

C:\Windows\System\kMMiPRx.exe

C:\Windows\System\kMMiPRx.exe

C:\Windows\System\HtmCGSy.exe

C:\Windows\System\HtmCGSy.exe

C:\Windows\System\TCxYSTw.exe

C:\Windows\System\TCxYSTw.exe

C:\Windows\System\xjmpDSQ.exe

C:\Windows\System\xjmpDSQ.exe

C:\Windows\System\kdeCKVT.exe

C:\Windows\System\kdeCKVT.exe

C:\Windows\System\QuNQOmb.exe

C:\Windows\System\QuNQOmb.exe

C:\Windows\System\pvjYsgt.exe

C:\Windows\System\pvjYsgt.exe

C:\Windows\System\JmzJDKf.exe

C:\Windows\System\JmzJDKf.exe

C:\Windows\System\vRLgRvn.exe

C:\Windows\System\vRLgRvn.exe

C:\Windows\System\efyjyti.exe

C:\Windows\System\efyjyti.exe

C:\Windows\System\gaJLJZf.exe

C:\Windows\System\gaJLJZf.exe

C:\Windows\System\aSJkhFL.exe

C:\Windows\System\aSJkhFL.exe

C:\Windows\System\LRbuGqh.exe

C:\Windows\System\LRbuGqh.exe

C:\Windows\System\iZcvTbD.exe

C:\Windows\System\iZcvTbD.exe

C:\Windows\System\RtXTaRq.exe

C:\Windows\System\RtXTaRq.exe

C:\Windows\System\AfeODTe.exe

C:\Windows\System\AfeODTe.exe

C:\Windows\System\arVAvWC.exe

C:\Windows\System\arVAvWC.exe

C:\Windows\System\eDdwZOe.exe

C:\Windows\System\eDdwZOe.exe

C:\Windows\System\rgTSPTv.exe

C:\Windows\System\rgTSPTv.exe

C:\Windows\System\fVKFPrO.exe

C:\Windows\System\fVKFPrO.exe

C:\Windows\System\aBJwILE.exe

C:\Windows\System\aBJwILE.exe

C:\Windows\System\smoPttG.exe

C:\Windows\System\smoPttG.exe

C:\Windows\System\PCCVGAt.exe

C:\Windows\System\PCCVGAt.exe

C:\Windows\System\OkzsYvx.exe

C:\Windows\System\OkzsYvx.exe

C:\Windows\System\cMywgkL.exe

C:\Windows\System\cMywgkL.exe

C:\Windows\System\xCurOlG.exe

C:\Windows\System\xCurOlG.exe

C:\Windows\System\fARIGni.exe

C:\Windows\System\fARIGni.exe

C:\Windows\System\boMfVcA.exe

C:\Windows\System\boMfVcA.exe

C:\Windows\System\gNVybBY.exe

C:\Windows\System\gNVybBY.exe

C:\Windows\System\XIWfhhH.exe

C:\Windows\System\XIWfhhH.exe

C:\Windows\System\BXecXws.exe

C:\Windows\System\BXecXws.exe

C:\Windows\System\ecUKmuF.exe

C:\Windows\System\ecUKmuF.exe

C:\Windows\System\YDFurvf.exe

C:\Windows\System\YDFurvf.exe

C:\Windows\System\OVoVHek.exe

C:\Windows\System\OVoVHek.exe

C:\Windows\System\joNIJbe.exe

C:\Windows\System\joNIJbe.exe

C:\Windows\System\qXdFPKc.exe

C:\Windows\System\qXdFPKc.exe

C:\Windows\System\jNOYXUQ.exe

C:\Windows\System\jNOYXUQ.exe

C:\Windows\System\wrOIlsV.exe

C:\Windows\System\wrOIlsV.exe

C:\Windows\System\AJgCmGa.exe

C:\Windows\System\AJgCmGa.exe

C:\Windows\System\NCSjtyz.exe

C:\Windows\System\NCSjtyz.exe

C:\Windows\System\FFNVJOo.exe

C:\Windows\System\FFNVJOo.exe

C:\Windows\System\TUugtDv.exe

C:\Windows\System\TUugtDv.exe

C:\Windows\System\KJXmSkR.exe

C:\Windows\System\KJXmSkR.exe

C:\Windows\System\uDjoyVh.exe

C:\Windows\System\uDjoyVh.exe

C:\Windows\System\oGkzfDj.exe

C:\Windows\System\oGkzfDj.exe

C:\Windows\System\dUtbpDY.exe

C:\Windows\System\dUtbpDY.exe

C:\Windows\System\nEHXHqH.exe

C:\Windows\System\nEHXHqH.exe

C:\Windows\System\IziNYRQ.exe

C:\Windows\System\IziNYRQ.exe

C:\Windows\System\nUdhjSB.exe

C:\Windows\System\nUdhjSB.exe

C:\Windows\System\yVqdXlF.exe

C:\Windows\System\yVqdXlF.exe

C:\Windows\System\mUWCAKN.exe

C:\Windows\System\mUWCAKN.exe

C:\Windows\System\nsntuaa.exe

C:\Windows\System\nsntuaa.exe

C:\Windows\System\oUxfDAK.exe

C:\Windows\System\oUxfDAK.exe

C:\Windows\System\Opmpdxj.exe

C:\Windows\System\Opmpdxj.exe

C:\Windows\System\rVmYsdy.exe

C:\Windows\System\rVmYsdy.exe

C:\Windows\System\rslAeSV.exe

C:\Windows\System\rslAeSV.exe

C:\Windows\System\pyBaaYn.exe

C:\Windows\System\pyBaaYn.exe

C:\Windows\System\djOozxQ.exe

C:\Windows\System\djOozxQ.exe

C:\Windows\System\ociOutx.exe

C:\Windows\System\ociOutx.exe

C:\Windows\System\veFnWla.exe

C:\Windows\System\veFnWla.exe

C:\Windows\System\XPxZBWf.exe

C:\Windows\System\XPxZBWf.exe

C:\Windows\System\CeewLTN.exe

C:\Windows\System\CeewLTN.exe

C:\Windows\System\DcXeTRn.exe

C:\Windows\System\DcXeTRn.exe

C:\Windows\System\loIaNqU.exe

C:\Windows\System\loIaNqU.exe

C:\Windows\System\dXoEGTq.exe

C:\Windows\System\dXoEGTq.exe

C:\Windows\System\RdWgMXt.exe

C:\Windows\System\RdWgMXt.exe

C:\Windows\System\Lvzhxvh.exe

C:\Windows\System\Lvzhxvh.exe

C:\Windows\System\xmcbhib.exe

C:\Windows\System\xmcbhib.exe

C:\Windows\System\TDBzyDi.exe

C:\Windows\System\TDBzyDi.exe

C:\Windows\System\udVQvJF.exe

C:\Windows\System\udVQvJF.exe

C:\Windows\System\KVbeNPk.exe

C:\Windows\System\KVbeNPk.exe

C:\Windows\System\nhwUrfN.exe

C:\Windows\System\nhwUrfN.exe

C:\Windows\System\jIMnXkW.exe

C:\Windows\System\jIMnXkW.exe

C:\Windows\System\qxLGtiX.exe

C:\Windows\System\qxLGtiX.exe

C:\Windows\System\jWEknaR.exe

C:\Windows\System\jWEknaR.exe

C:\Windows\System\MumswVC.exe

C:\Windows\System\MumswVC.exe

C:\Windows\System\DkuTqHF.exe

C:\Windows\System\DkuTqHF.exe

C:\Windows\System\tSOyQLU.exe

C:\Windows\System\tSOyQLU.exe

C:\Windows\System\SrKQSzh.exe

C:\Windows\System\SrKQSzh.exe

C:\Windows\System\tWxtbHb.exe

C:\Windows\System\tWxtbHb.exe

C:\Windows\System\qZWCoxG.exe

C:\Windows\System\qZWCoxG.exe

C:\Windows\System\KpddQAU.exe

C:\Windows\System\KpddQAU.exe

C:\Windows\System\YTdWSNx.exe

C:\Windows\System\YTdWSNx.exe

C:\Windows\System\xCETVTo.exe

C:\Windows\System\xCETVTo.exe

C:\Windows\System\ghBsaHg.exe

C:\Windows\System\ghBsaHg.exe

C:\Windows\System\EXYbzoj.exe

C:\Windows\System\EXYbzoj.exe

C:\Windows\System\wQFkSyt.exe

C:\Windows\System\wQFkSyt.exe

C:\Windows\System\Narwyvs.exe

C:\Windows\System\Narwyvs.exe

C:\Windows\System\TWHvzZk.exe

C:\Windows\System\TWHvzZk.exe

C:\Windows\System\ovFyvpL.exe

C:\Windows\System\ovFyvpL.exe

C:\Windows\System\rfEknTT.exe

C:\Windows\System\rfEknTT.exe

C:\Windows\System\mFMewWx.exe

C:\Windows\System\mFMewWx.exe

C:\Windows\System\CtdZsTX.exe

C:\Windows\System\CtdZsTX.exe

C:\Windows\System\VMoDPZX.exe

C:\Windows\System\VMoDPZX.exe

C:\Windows\System\DelnnPq.exe

C:\Windows\System\DelnnPq.exe

C:\Windows\System\eyoQNge.exe

C:\Windows\System\eyoQNge.exe

C:\Windows\System\ljpXEoB.exe

C:\Windows\System\ljpXEoB.exe

C:\Windows\System\GlLuRIr.exe

C:\Windows\System\GlLuRIr.exe

C:\Windows\System\LDMNoxM.exe

C:\Windows\System\LDMNoxM.exe

C:\Windows\System\bYINkTW.exe

C:\Windows\System\bYINkTW.exe

C:\Windows\System\Gcuuwhx.exe

C:\Windows\System\Gcuuwhx.exe

C:\Windows\System\BZLulEO.exe

C:\Windows\System\BZLulEO.exe

C:\Windows\System\IELfiWe.exe

C:\Windows\System\IELfiWe.exe

C:\Windows\System\zYmZcwN.exe

C:\Windows\System\zYmZcwN.exe

C:\Windows\System\kgMGvjK.exe

C:\Windows\System\kgMGvjK.exe

C:\Windows\System\PQUwKzq.exe

C:\Windows\System\PQUwKzq.exe

C:\Windows\System\CRQATtS.exe

C:\Windows\System\CRQATtS.exe

C:\Windows\System\YAccesi.exe

C:\Windows\System\YAccesi.exe

C:\Windows\System\CZabrSX.exe

C:\Windows\System\CZabrSX.exe

C:\Windows\System\AHyVjpz.exe

C:\Windows\System\AHyVjpz.exe

C:\Windows\System\NWrxZzp.exe

C:\Windows\System\NWrxZzp.exe

C:\Windows\System\GMaFKoL.exe

C:\Windows\System\GMaFKoL.exe

C:\Windows\System\GMaLdDi.exe

C:\Windows\System\GMaLdDi.exe

C:\Windows\System\dzCoehv.exe

C:\Windows\System\dzCoehv.exe

C:\Windows\System\zFzSUfY.exe

C:\Windows\System\zFzSUfY.exe

C:\Windows\System\LZfUnqn.exe

C:\Windows\System\LZfUnqn.exe

C:\Windows\System\HOioKYU.exe

C:\Windows\System\HOioKYU.exe

C:\Windows\System\wSTmBAb.exe

C:\Windows\System\wSTmBAb.exe

C:\Windows\System\qrnpHJm.exe

C:\Windows\System\qrnpHJm.exe

C:\Windows\System\xuXCkYs.exe

C:\Windows\System\xuXCkYs.exe

C:\Windows\System\BDMTDZH.exe

C:\Windows\System\BDMTDZH.exe

C:\Windows\System\tGSsqgn.exe

C:\Windows\System\tGSsqgn.exe

C:\Windows\System\KmrUmJU.exe

C:\Windows\System\KmrUmJU.exe

C:\Windows\System\BNQulZs.exe

C:\Windows\System\BNQulZs.exe

C:\Windows\System\XDfHuCu.exe

C:\Windows\System\XDfHuCu.exe

C:\Windows\System\PwtbupH.exe

C:\Windows\System\PwtbupH.exe

C:\Windows\System\GFHpQaX.exe

C:\Windows\System\GFHpQaX.exe

C:\Windows\System\agBpOYj.exe

C:\Windows\System\agBpOYj.exe

C:\Windows\System\hIpVzOd.exe

C:\Windows\System\hIpVzOd.exe

C:\Windows\System\pegclKM.exe

C:\Windows\System\pegclKM.exe

C:\Windows\System\iUCmuHP.exe

C:\Windows\System\iUCmuHP.exe

C:\Windows\System\YHRVMHY.exe

C:\Windows\System\YHRVMHY.exe

C:\Windows\System\yBWStHF.exe

C:\Windows\System\yBWStHF.exe

C:\Windows\System\ojAnFZB.exe

C:\Windows\System\ojAnFZB.exe

C:\Windows\System\IcNiFQz.exe

C:\Windows\System\IcNiFQz.exe

C:\Windows\System\bgnQpGU.exe

C:\Windows\System\bgnQpGU.exe

C:\Windows\System\XrRqzLG.exe

C:\Windows\System\XrRqzLG.exe

C:\Windows\System\XRqLYqA.exe

C:\Windows\System\XRqLYqA.exe

C:\Windows\System\udnUWjx.exe

C:\Windows\System\udnUWjx.exe

C:\Windows\System\lYGAVKg.exe

C:\Windows\System\lYGAVKg.exe

C:\Windows\System\wwjOtLF.exe

C:\Windows\System\wwjOtLF.exe

C:\Windows\System\MGrAOHs.exe

C:\Windows\System\MGrAOHs.exe

C:\Windows\System\MDDrKbN.exe

C:\Windows\System\MDDrKbN.exe

C:\Windows\System\LSeBPpQ.exe

C:\Windows\System\LSeBPpQ.exe

C:\Windows\System\ctzgGwV.exe

C:\Windows\System\ctzgGwV.exe

C:\Windows\System\nzwXykq.exe

C:\Windows\System\nzwXykq.exe

C:\Windows\System\oJaqufB.exe

C:\Windows\System\oJaqufB.exe

C:\Windows\System\WpBJEPj.exe

C:\Windows\System\WpBJEPj.exe

C:\Windows\System\DBHOvKL.exe

C:\Windows\System\DBHOvKL.exe

C:\Windows\System\boEuFfu.exe

C:\Windows\System\boEuFfu.exe

C:\Windows\System\iydMZnh.exe

C:\Windows\System\iydMZnh.exe

C:\Windows\System\xcNFzOs.exe

C:\Windows\System\xcNFzOs.exe

C:\Windows\System\MjAtTPQ.exe

C:\Windows\System\MjAtTPQ.exe

C:\Windows\System\NUSWTjE.exe

C:\Windows\System\NUSWTjE.exe

C:\Windows\System\HlnBDvR.exe

C:\Windows\System\HlnBDvR.exe

C:\Windows\System\EGHxYmw.exe

C:\Windows\System\EGHxYmw.exe

C:\Windows\System\hiaOcRX.exe

C:\Windows\System\hiaOcRX.exe

C:\Windows\System\KkXqDKC.exe

C:\Windows\System\KkXqDKC.exe

C:\Windows\System\bCpfKfr.exe

C:\Windows\System\bCpfKfr.exe

C:\Windows\System\kwTUrmc.exe

C:\Windows\System\kwTUrmc.exe

C:\Windows\System\RJCYZxB.exe

C:\Windows\System\RJCYZxB.exe

C:\Windows\System\YeREhlz.exe

C:\Windows\System\YeREhlz.exe

C:\Windows\System\pNHeJnX.exe

C:\Windows\System\pNHeJnX.exe

C:\Windows\System\MAApdEG.exe

C:\Windows\System\MAApdEG.exe

C:\Windows\System\HpoKlEa.exe

C:\Windows\System\HpoKlEa.exe

C:\Windows\System\EmFPpce.exe

C:\Windows\System\EmFPpce.exe

C:\Windows\System\svkliRR.exe

C:\Windows\System\svkliRR.exe

C:\Windows\System\BgAtSJA.exe

C:\Windows\System\BgAtSJA.exe

C:\Windows\System\hBXbtua.exe

C:\Windows\System\hBXbtua.exe

C:\Windows\System\xuYROSe.exe

C:\Windows\System\xuYROSe.exe

C:\Windows\System\qHJKInl.exe

C:\Windows\System\qHJKInl.exe

C:\Windows\System\skpYTbZ.exe

C:\Windows\System\skpYTbZ.exe

C:\Windows\System\Btqgebw.exe

C:\Windows\System\Btqgebw.exe

C:\Windows\System\iAgHZsP.exe

C:\Windows\System\iAgHZsP.exe

C:\Windows\System\TcFVlqq.exe

C:\Windows\System\TcFVlqq.exe

C:\Windows\System\UjsOsmW.exe

C:\Windows\System\UjsOsmW.exe

C:\Windows\System\NaUhYAG.exe

C:\Windows\System\NaUhYAG.exe

C:\Windows\System\ZhYFbvB.exe

C:\Windows\System\ZhYFbvB.exe

C:\Windows\System\uUNOEHB.exe

C:\Windows\System\uUNOEHB.exe

C:\Windows\System\BgrYdKG.exe

C:\Windows\System\BgrYdKG.exe

C:\Windows\System\itxncGZ.exe

C:\Windows\System\itxncGZ.exe

C:\Windows\System\RVNPKjl.exe

C:\Windows\System\RVNPKjl.exe

C:\Windows\System\PWzgCvP.exe

C:\Windows\System\PWzgCvP.exe

C:\Windows\System\scUaYYI.exe

C:\Windows\System\scUaYYI.exe

C:\Windows\System\cwjTOKq.exe

C:\Windows\System\cwjTOKq.exe

C:\Windows\System\uWIJrij.exe

C:\Windows\System\uWIJrij.exe

C:\Windows\System\MfMOcGa.exe

C:\Windows\System\MfMOcGa.exe

C:\Windows\System\DTsBdPA.exe

C:\Windows\System\DTsBdPA.exe

C:\Windows\System\YEMjRQK.exe

C:\Windows\System\YEMjRQK.exe

C:\Windows\System\EYPCqYu.exe

C:\Windows\System\EYPCqYu.exe

C:\Windows\System\SHUiRyL.exe

C:\Windows\System\SHUiRyL.exe

C:\Windows\System\MMtxpRz.exe

C:\Windows\System\MMtxpRz.exe

C:\Windows\System\QcRBFCK.exe

C:\Windows\System\QcRBFCK.exe

C:\Windows\System\xvweyIz.exe

C:\Windows\System\xvweyIz.exe

C:\Windows\System\AqNPHws.exe

C:\Windows\System\AqNPHws.exe

C:\Windows\System\TaXiMlr.exe

C:\Windows\System\TaXiMlr.exe

C:\Windows\System\rEtKbWk.exe

C:\Windows\System\rEtKbWk.exe

C:\Windows\System\NnoyFuX.exe

C:\Windows\System\NnoyFuX.exe

C:\Windows\System\ooVgEEf.exe

C:\Windows\System\ooVgEEf.exe

C:\Windows\System\gkdHCUW.exe

C:\Windows\System\gkdHCUW.exe

C:\Windows\System\yHKcQFR.exe

C:\Windows\System\yHKcQFR.exe

C:\Windows\System\pkLtVUW.exe

C:\Windows\System\pkLtVUW.exe

C:\Windows\System\vaHcVBr.exe

C:\Windows\System\vaHcVBr.exe

C:\Windows\System\mirgaUs.exe

C:\Windows\System\mirgaUs.exe

C:\Windows\System\dYqiEZO.exe

C:\Windows\System\dYqiEZO.exe

C:\Windows\System\hkhGdoR.exe

C:\Windows\System\hkhGdoR.exe

C:\Windows\System\PfqTYtd.exe

C:\Windows\System\PfqTYtd.exe

C:\Windows\System\GaUzjWd.exe

C:\Windows\System\GaUzjWd.exe

C:\Windows\System\GJYCmDF.exe

C:\Windows\System\GJYCmDF.exe

C:\Windows\System\eBNDvcU.exe

C:\Windows\System\eBNDvcU.exe

C:\Windows\System\LpIGeiT.exe

C:\Windows\System\LpIGeiT.exe

C:\Windows\System\aIfuREB.exe

C:\Windows\System\aIfuREB.exe

C:\Windows\System\Uikafzi.exe

C:\Windows\System\Uikafzi.exe

C:\Windows\System\GynVJfL.exe

C:\Windows\System\GynVJfL.exe

C:\Windows\System\OBYqHHm.exe

C:\Windows\System\OBYqHHm.exe

C:\Windows\System\ezRLjAL.exe

C:\Windows\System\ezRLjAL.exe

C:\Windows\System\NmFHIpR.exe

C:\Windows\System\NmFHIpR.exe

C:\Windows\System\WaRUOQy.exe

C:\Windows\System\WaRUOQy.exe

C:\Windows\System\rVjsTEe.exe

C:\Windows\System\rVjsTEe.exe

C:\Windows\System\SsDzRFh.exe

C:\Windows\System\SsDzRFh.exe

C:\Windows\System\lzmdvpq.exe

C:\Windows\System\lzmdvpq.exe

C:\Windows\System\mWZlfXL.exe

C:\Windows\System\mWZlfXL.exe

C:\Windows\System\baktYqt.exe

C:\Windows\System\baktYqt.exe

C:\Windows\System\vynlwZZ.exe

C:\Windows\System\vynlwZZ.exe

C:\Windows\System\PzaUQnb.exe

C:\Windows\System\PzaUQnb.exe

C:\Windows\System\LEQwJgG.exe

C:\Windows\System\LEQwJgG.exe

C:\Windows\System\rtmScCd.exe

C:\Windows\System\rtmScCd.exe

C:\Windows\System\gDvQcmw.exe

C:\Windows\System\gDvQcmw.exe

C:\Windows\System\AqgTlqQ.exe

C:\Windows\System\AqgTlqQ.exe

C:\Windows\System\GOPcjlv.exe

C:\Windows\System\GOPcjlv.exe

C:\Windows\System\SvzFJKw.exe

C:\Windows\System\SvzFJKw.exe

C:\Windows\System\EAxmzQW.exe

C:\Windows\System\EAxmzQW.exe

C:\Windows\System\dZyLkhg.exe

C:\Windows\System\dZyLkhg.exe

C:\Windows\System\sgrQVQx.exe

C:\Windows\System\sgrQVQx.exe

C:\Windows\System\RDbYSpe.exe

C:\Windows\System\RDbYSpe.exe

C:\Windows\System\weiHGXR.exe

C:\Windows\System\weiHGXR.exe

C:\Windows\System\pJErIug.exe

C:\Windows\System\pJErIug.exe

C:\Windows\System\qjilJzd.exe

C:\Windows\System\qjilJzd.exe

C:\Windows\System\nSJalIU.exe

C:\Windows\System\nSJalIU.exe

C:\Windows\System\sVEccaZ.exe

C:\Windows\System\sVEccaZ.exe

C:\Windows\System\emJOsKz.exe

C:\Windows\System\emJOsKz.exe

C:\Windows\System\iwUIIwn.exe

C:\Windows\System\iwUIIwn.exe

C:\Windows\System\tKnVxJk.exe

C:\Windows\System\tKnVxJk.exe

C:\Windows\System\jdiTwYi.exe

C:\Windows\System\jdiTwYi.exe

C:\Windows\System\vYnMSKG.exe

C:\Windows\System\vYnMSKG.exe

C:\Windows\System\xXnAwnl.exe

C:\Windows\System\xXnAwnl.exe

C:\Windows\System\lFQBXkj.exe

C:\Windows\System\lFQBXkj.exe

C:\Windows\System\nEXkMLn.exe

C:\Windows\System\nEXkMLn.exe

C:\Windows\System\PeebVda.exe

C:\Windows\System\PeebVda.exe

C:\Windows\System\UGAbsCG.exe

C:\Windows\System\UGAbsCG.exe

C:\Windows\System\YumEDzK.exe

C:\Windows\System\YumEDzK.exe

C:\Windows\System\kLkzHRi.exe

C:\Windows\System\kLkzHRi.exe

C:\Windows\System\fKPRMux.exe

C:\Windows\System\fKPRMux.exe

C:\Windows\System\UouNPMM.exe

C:\Windows\System\UouNPMM.exe

C:\Windows\System\jSoRoVa.exe

C:\Windows\System\jSoRoVa.exe

C:\Windows\System\bZOrkgm.exe

C:\Windows\System\bZOrkgm.exe

C:\Windows\System\qSJBcGJ.exe

C:\Windows\System\qSJBcGJ.exe

C:\Windows\System\SVXpNcX.exe

C:\Windows\System\SVXpNcX.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2072-0-0x000000013FCE0000-0x0000000140034000-memory.dmp

memory/2072-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\oxSwFIE.exe

MD5 7792b69287f6cf0201fa68ec7e78fa79
SHA1 03fd170a7c9886082b1f7ce6dd718f0d046c5185
SHA256 0a55ccfb0a94f7e50e5cc8c41db17d963fe977f7ef5de036a66f314dd2b1e96a
SHA512 86d528062977872e017537e101a724f3ac61094a88ba596ac62b4b9c45e1e2e43a720fc20ae6cf63c5d833715e8c498442088fa1a1c1aed3a1379ba830030e90

C:\Windows\system\rvcBKDa.exe

MD5 62a6b6c6d45fdfeae8edf012482c49d7
SHA1 37c4e4898ac9713ec9ae5c47ef752e0208fa1793
SHA256 a1cbd220e959f62fc8c92b6bfe6fe99d27992a60ab0f450e373246667a806179
SHA512 c9700607f52ba9456a62e581761d9b53881004428bfc9e5f792d75ce78787f1b084794b06128ab7edda614d2e6f1488cbb31287011c8187484a555bffba80ba1

C:\Windows\system\RfDYBKR.exe

MD5 c6741fd3d32668be2a05179e0983af02
SHA1 62e56f99122c2bb4c96fc209afd9683e44eaf1af
SHA256 9b0f787db21790d1e918d66b801c664afb6b0f040444ed9a17714081b0a1cdff
SHA512 5976daff12fbcca0efda1a2a5ed598061f9aa5f66a0a38abc8bdf98f18ed1f250cacce99060aa33212b0b14172c22d9d20f22d88924681aac5e1ae07e2fa0dd1

memory/2072-10-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2188-28-0x000000013F3B0000-0x000000013F704000-memory.dmp

C:\Windows\system\Ehwkoqs.exe

MD5 c9efc11404e44bb2220ff05f8b1c86a2
SHA1 eaeecf17dc25c561bea1f99d0407b8de74ec51e0
SHA256 809940b8afd219039da4b96c8eb4b528a2031ba3a08be9c9f62e902faa835395
SHA512 e9940c8d9542d4bcc9799d2fe889ebf371319b1d0d99c1bb3b611b0fac8741354326c8fdb2f0874ba69f9a3d158b2806e897b6db2bf9f3d5625b3a12ef122d7d

\Windows\system\eFDlNrJ.exe

MD5 1455ab68f8a52927d75b20eea147d6e9
SHA1 d598bf3a257d9cbb840c4353f604e0601e293aa5
SHA256 3767ab99c5351dbf217125e46f507a54be81975be19692ef94ba301f91e2c9a1
SHA512 1af40c23ee783997b50241841c66fd4653b6c8a20aa2dff275fa0a6c95cb68f9acbee15fbdad84c71eec25cb6322aef3387c12327111d1d6de0786c6f8e5f5f6

C:\Windows\system\tDjGJAo.exe

MD5 c88a971bdd59bf970e9cf6646b73dbc8
SHA1 83228a76aba4b22f3730c90cf30deb763e211dee
SHA256 a613af5a6661121c4910e564ba08a4ca10b318df738f5885abfe5864973aa808
SHA512 58eff009fe6fb7b5233604622bf9a3fe7b8daaead3331af2f573645d997439d30fb99cbc3af5645e84054f34b756d0ce556398d2048a9e62e49f0d49beb9d35b

C:\Windows\system\NKnzdTH.exe

MD5 63b199985d79dc8fed260743e127c745
SHA1 bc8bf4fdb8ba122904296423f56132650663b163
SHA256 9cf3fb8384eeaf504d32fbf508f7208fd8a44844c3f79e70e981db1b40a99f34
SHA512 cf847770d78b93b2ca0a3a8330d9de71ed0767e4a43484b4d0f23f84cb92c55b96c0014110b4f78b4bbac4df63fd0a058d78e23eb2839a556853eef274bfa4e7

C:\Windows\system\QYSKpNf.exe

MD5 700e9bd56fcfb0020087573cb804763d
SHA1 33448c0636ce033512b8c8846a36b31284f2c6ff
SHA256 25d513bcc73ba474aa7c6b58de31f177a02b28ada9a3d93031e02d432ffc8c4f
SHA512 64bf9260b010548983402028568e48015fe5e85df17cee044038d2fee2c81ee33b79179c22c50da3b4c70571c827bc1a70973ec2c1abb679cea04b9371a8eac4

\Windows\system\HOltEcQ.exe

MD5 137a01e51276a18294ad3937c4d0ff54
SHA1 b39304b6dc5d40a6643019974581ecd38f4e88f9
SHA256 0adb05f490f1e174b1192557c8f5f4b036b14a77cf9d39ea6a8d5964dae7dbbd
SHA512 7aef0fb4371a600887669419addc12b80d153f915c8bcf632670f4aa364f979ab48d549725f6dd4bf55ce0005ae51c37ea585f92f164d25e5b22234c7ea73571

\Windows\system\YUKzyRT.exe

MD5 51edffa987b4d4aeaaf55815764d5e13
SHA1 315ffade17c037299b2d6c44378ec1378c2a00fc
SHA256 3f76a67a070de11ae5e3b84b7f775d3506dbd6345eff0515e663d9061e2c8f8c
SHA512 400f060182ded41c42530291ed5136a134540d49d3b625027eaf6f2e7717c62c38f84a78f513e1b1b63fc554f58ea736dc298a73ecdc4752c307a4667605ff1a

\Windows\system\AGootJR.exe

MD5 752cefba23e376eaf57a0c11f3f1997f
SHA1 c1bbc5d436a49d37ad21354d42b9c1ac71bb0051
SHA256 02138983f38ddbbcdc5a8dafecff5eebcb357844e0f9b0eb8b04c6519ef73457
SHA512 10356cc10d0e91f0cd61dea59fb346b89360741140fb7b3d67704f2f78ae501ceea5d14097effd9132b9ea7d4ab396590fcad609839eb42b911f45da1df3c5b4

\Windows\system\lgOHJsQ.exe

MD5 dbea9d146def95aee8cc586200572b11
SHA1 bf24aa3273f1611e847680e4839790831061f79e
SHA256 941e819bbd53c6585ac89b2d714fcbd99aa848eb8dc484f8cfaf94b766c23c30
SHA512 e9f498641a43f86236d2a7bc496b35094bde0dc7a518e476a2322f354d54a7009050ffe0e12aa479ca1809c86fe2b6a8a316610d357964797f78702202c6a2a5

memory/2072-137-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2072-136-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2404-135-0x000000013F4C0000-0x000000013F814000-memory.dmp

\Windows\system\lwFJucI.exe

MD5 e9653e11dd78e3b1fb79d366823da397
SHA1 8bec0242bb603cff1e9542735ab463d096691e72
SHA256 b6f3a38a816b3a9fc8645aa48f48d604d34ac03262564acfc7c0feb9b9473cb3
SHA512 1a6a897a7e2b21fc840295b019db45698993c91d53d4de2c3fb17ad42fc0e2fd0eae2e157a33f39fb9d07069dedf59b4352c43f4b101038ecf97ef409d43b3bc

memory/2072-126-0x000000013F950000-0x000000013FCA4000-memory.dmp

C:\Windows\system\LTpDdzY.exe

MD5 7813b3d173e20cb90443d8782fee936f
SHA1 ace782bb238e190f1063b2de86123d85a9ad8cc9
SHA256 228729539cbeb2df1750781714fb200c068ab7c5dab45f5bd1a525a63591794e
SHA512 d37e8b816ba94cf38b788346cb2e63a92249977a36aa588fb76ee33ca27a002b5679677b9916d75029c3da735b45d6265a2b0d21b98b3cf8032766ca3856d99c

\Windows\system\bBKsuoB.exe

MD5 43c3180f489fb5eb68571d81fe73d663
SHA1 dbd528268f24f0aad48dfc6ca3e0a26d59afed92
SHA256 560c658c8783c9139554c7ab0f86b02bb9ab556a34cbb78caa4fc14feef04dfb
SHA512 7bfdbe9be7c771d1baa68ec73893fa5e88cc2575bf807042d5218d46ab92a137e98f81a61fd20cbad06de0e8d37ed49ff119d039907f985b31559004e390d963

memory/2072-117-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

\Windows\system\qqmpdZB.exe

MD5 87a8c7afa2eba91e946bf4d75027bc8c
SHA1 b19c266d92aee34e2b4ed20f3c8226e8659b79e8
SHA256 e29345f4a98a6884b1bb3b3ee6e9179f286e5979dd5871292961c96ec7caa965
SHA512 7715bcd815db9fc9881a4a3c5321b8f98dcc0339667afcbd8b2d88de16a711eb4882a7b8783b1d7a2d4808eddef6cb0251d7f904dfea7e4b8eac4c59d85f613b

memory/2492-109-0x000000013F120000-0x000000013F474000-memory.dmp

C:\Windows\system\SHWdZuc.exe

MD5 575bea311cff02e4307fda4e2a6d9df8
SHA1 6b61c10c8c94964540b03e5f4b150b351e065712
SHA256 7f310e94da4746aa3816d14b9b53bbe3718e08942c4ace0f04282dd5be1edd30
SHA512 118bf5ca09786e1bfc202182814e87deb71caf9576c017ed4c5ec87106826a50da9622580cbeaee27c8bdb9dfa603f0f76153a1dba9db8254fa864a9fbfd9551

\Windows\system\tfFRaGT.exe

MD5 7f29f34679d7345dd4fa237cf63b1b74
SHA1 e5dc741a60c170c404f1b1d3b6122f7b32cc0819
SHA256 8913d52d10eb23e3f2a5c8be31947cc414c88e4ed23d5adf8ccbc62bf931304e
SHA512 b21a792720d3e15e2c7ab357c29e37bd0236189703e56dd3744185ed042d0b6879ef2594c0131c4a5066100053006a363b22b9790c0eb97c52f43cf4404b288b

memory/2072-100-0x0000000001FD0000-0x0000000002324000-memory.dmp

\Windows\system\VnoWfQI.exe

MD5 105ba83f39f55f82e2d328a5015eeeea
SHA1 8f11ea0c4ff726275dea54b090d9d386f74e0387
SHA256 bc4fb7c73514ace17486ae30a3c8dd3fc7da6a80e0544597ce6febb6dd47e880
SHA512 530812358ca77c6cfc0962db4d919a08ff467b9eabc7b6d0683e75097ff7ca58dc20d0865cfc59c54ea4d82e55e16278eed1bb31a1063a461d1ace3662df72ea

memory/2072-84-0x000000013F960000-0x000000013FCB4000-memory.dmp

C:\Windows\system\LhMnbFq.exe

MD5 601c4961e8bcab9b8166a0ce42828df8
SHA1 52e0c96c2faf14fb0ddfe985b175b8c9a81b2f6d
SHA256 7940da3e70c38ab134c8e477d64af43cfe2fec266a4214108ba682603b2fed26
SHA512 8c4d12e7cf5a0fb6dee7273526582e62f1fc0738c11b12b022b2d83a486bb06b20d7c965fc19d1b78d3d4ceff410f5b91d5c57321bd4bb7e7816ef6596710193

memory/2560-67-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2072-65-0x000000013F870000-0x000000013FBC4000-memory.dmp

\Windows\system\ZYadvGO.exe

MD5 2a8cfe00bc5acf2f00035e8fbf9a6419
SHA1 c9f5f152bea496f255008cd1b0cf5403197e4af2
SHA256 eb59c35ab66dc3f0e2402893fc166568105fb608df3387dbf030b9f59a4b774b
SHA512 00634589087b5b1b2941d16d552a80a19863b70f44136579789c0e45e926999cd9d09b038aae53311fed515e9712aceff129db75aeb506e25ce06dd7f907a88f

memory/2016-56-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2072-55-0x000000013F120000-0x000000013F474000-memory.dmp

\Windows\system\yBSYCgW.exe

MD5 32674a61cc5d36eba37a0cdf1e7a0fa8
SHA1 87b0b8193c1120f0fb9feaf2e85e92aa3cf202fe
SHA256 93a5eecc8c41846a04f525a91b01ff021d8b0826cadf7be185b316cc63aeaf8d
SHA512 be87652676822686d80f90bce5c3b1a0974a560b8d68074461294bc9a23ad829d8652027b876dd4cef3b738556ce7ea556a5f56eee89959eb811aed588879a88

C:\Windows\system\WfqGMoq.exe

MD5 f7d1d6e2ab22c813d70a866311f28043
SHA1 a72b509ad42d8acb6a9174b41325d4767afd64c1
SHA256 84f01a0c01f82848f83e4ade5f07fbb048af6bb4379a8b365f4f398f2c83ed81
SHA512 db2900860d9d4b615c93c0fb6fd03afe0cd4392867a92780ba7624cb6508ce1f9de22c82aded9bfb942afd8fe01fc4f98ec9c1b835d03a6381aebad8a0b27360

\Windows\system\zwuutqg.exe

MD5 e36ab6da4f5424c6ace02cf139fd2087
SHA1 0d9f99f097cb63e1eedc1ea86cde199ebb5da5d0
SHA256 c16507e27f7c009170b0dc8218eaf0fcf420b5e566cd23c67dd739968b413772
SHA512 e6d9aba6e4da1ad8f0f0101936a610acf8a6149b17450641117fa63f050d29027bebbc1a2ee66238b254adf4d3374d5e195ae9023dc98bc669df38438c08893f

C:\Windows\system\vTKaDKQ.exe

MD5 58428c93b46b686c35f257b39973e165
SHA1 2a440c03b77bb6d10485d78a0b0141f0c7562a55
SHA256 243dec23ec63481b2035e67edd899a8ea4ab3666e20fb17dc17e5521771a714c
SHA512 927dd4195cb624071d4dcad23355eb4f5fdf48b0c33fe47c33e28f94de7d04d42cdb6557f4e8333e1cf8df6ff4fcb925715109db93b4c7748d9ed4e2fe8515a1

C:\Windows\system\rBArUaZ.exe

MD5 261bd984af9b9a35c1cbbda67e7e2859
SHA1 0ee2468d176a9b9f515425d927b21f313ba2c02c
SHA256 8ab49b81954e80b57c768179a9f5e5da6b60a9c7ff34797219306d737b5dfd2e
SHA512 ad124a7a9e4152128fcc15902be0a977090b3268bd5923d3acae2184457f7543365a8a57a995dbee628685f7db65c1816160f9077a3d23a5e236808ef97de4cc

memory/2072-142-0x000000013F5E0000-0x000000013F934000-memory.dmp

C:\Windows\system\HuiiUwk.exe

MD5 eefee3c083bbb1262f0194aa9e0478e6
SHA1 9d4b6d8bc4395582f04432bae52d580d498ddd6b
SHA256 fcef9a4c127c3e7679baefa13c30df3b74ef629a2149b987c8e7b66d0cc37698
SHA512 ae0c6440c18afc662bb9cbcff3772ce6e82fff2335733ea3f7df03ce8e9cb4b984120394a20e4dd108d1f018b6510efe76cda0e4af7124bfa5662abb431176f5

memory/2072-131-0x000000013F4C0000-0x000000013F814000-memory.dmp

C:\Windows\system\AziqtVO.exe

MD5 03e96698c2fc27203b63e460bb57073c
SHA1 3ee7767bd7a20d66f4b11dd7ca153fd986cd4c9a
SHA256 1d3e775454473254f0e7312fec3689f1b7503f19daaca622fabd4b1035bd38e2
SHA512 3c27641f1c5b7a4da717ffabd51123f67141936e7f309392ed0b07a59469d619132d424514e2da716270dac7df68651873f8d7eb05473a83c20738d5b9fd77d5

memory/2072-121-0x0000000001FD0000-0x0000000002324000-memory.dmp

C:\Windows\system\UeFzZkX.exe

MD5 743bfae60e74a793f823f91de09b8e83
SHA1 889681087c25403a455397e14a46b07385b912eb
SHA256 5fc1c8ace5bdd728da386aa382f879035da32be1252e7a8da756416a19b82264
SHA512 688252023f0b2267c23610ac03677ce9c45605b30c23867cd7b92eb5729616611a842fdd441dd5309858278d1731bbce587c9385102488e98ea1484497261763

memory/2584-104-0x000000013FD00000-0x0000000140054000-memory.dmp

C:\Windows\system\YEmFNqx.exe

MD5 dbc094212da7032553e72dbb90aafd1e
SHA1 a4a8e2a698aa6c5ea18bf8d228958248e05064ea
SHA256 d60afc50510f00ef427e46d756da79f917edbb93f0020c9dca351814aec12bc6
SHA512 9134335c9129e9cbc9fbed1da36839e510f8430c84e4f96405c0bac40cdaa7806611f21f10cb8e731fb7364d913c1e4275b0d77fe16b6e79c94afd00310d41b5

C:\Windows\system\SLvBjwA.exe

MD5 f1851369a4063eed231cff730a1cca0f
SHA1 cdbd1e264502026671d2d8abcfdc141039838dd9
SHA256 60028c06e097a5a1cda5808dea64e59bcfa293e5be50d1c9aa3bad6221c5c221
SHA512 baf711d76bf9954bce8a7d10ce8aa4e4223c2421237a99be2db6a8d8df0b69b29fd0fcf4c1f68ac6f5c59c6bdb16fb164787e97bf6474f63cabbf651e4993554

memory/2424-88-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2376-71-0x000000013FFC0000-0x0000000140314000-memory.dmp

\Windows\system\jpXWyfA.exe

MD5 3335e62d3fa69f1d51b6a06351127c0d
SHA1 88c30aaf7fa96c2de6c8beeef4bdb0f7efe7df00
SHA256 f5c9f4ab758f687ca1d087ffdd862077259889e18c2f7e431703125399f5582c
SHA512 5d43888e1e8ef9622c9a547caf100c2f21b226f0f9f9a92ab5b02f037e9da050c70418de3ab0303f8747cba7cf9b9ab2a0ab816477f91c7339145bae8ed97353

memory/2072-62-0x0000000001FD0000-0x0000000002324000-memory.dmp

C:\Windows\system\PRsHbYp.exe

MD5 1adee652229f7aafd52712e98541ddfd
SHA1 d850115992ec4a3680208876d787f1adb931cb3c
SHA256 e8d4cd71e02cf24d57ee9c090360b3b5024b4b5ed515abad75326adf161aa3da
SHA512 1d05567bbc6c3423d4be645cc7ad920dd3ba560d6fc070496550b31e68e506f7c879144712f14b9017069b9b5d24f618162b3f0cbbc15053403e2979f1d0a069

memory/2072-51-0x000000013F2F0000-0x000000013F644000-memory.dmp

C:\Windows\system\cmazWbn.exe

MD5 b64d1f0bb9464ca23bb4314931463fe6
SHA1 86dbccdb5a6ee24c212a5b7d4705ce1b18e3a543
SHA256 ba3be0237399ce84d186762f750256d4858c94becfdebed1eae4dec3bcc38bb8
SHA512 b447c8ed8a6f6c900df7a7dad48815bc89a99b1977fe00098afc1ebf91cefc6d8daf1066ac2b63483ab3608e96dc00af04504e8455f33c4e2d49f07bf4d39ce8

memory/1096-41-0x000000013F410000-0x000000013F764000-memory.dmp

C:\Windows\system\ytUBoXL.exe

MD5 061c8ad27f4501fa792c665e6402accb
SHA1 827c38f9a7c3c25db657b541cd08e97755e51dca
SHA256 a21c262cc2bc1e1951acda06b60e835f1b2d8d915cc116ae03f2e43d3b365d5f
SHA512 8592b66ce6d7db2113f0ea2afbb64d5f18f1da087757844ec1bc39b9fd4b0889b28a1c18e2bdfa808b15479e22f219e926c5bbfcaeec3c10d88f652dcf6b28d1

memory/3024-33-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2072-23-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/1896-37-0x000000013F090000-0x000000013F3E4000-memory.dmp

\Windows\system\wXJKqSH.exe

MD5 12ddb655f5a2b3f39e939c13dd20c151
SHA1 0349c85d70e9944808c894d52b11cae979093b3f
SHA256 fa2fda0f3c3cdf0d17c960e60085521e3aa7af0252a4ed07dfc4667d240386f3
SHA512 1df29f0d02f80dc85be42670886f0d6bb46c6bcc431dd342816cf91f154edc76f85f159d5e6e59fd03e2e5bf18a182e5d1a28aa8f21a537e836e94e86a21905f

C:\Windows\system\SNsKvJv.exe

MD5 d0efe795e9dd8e23da5a1079e7702edb
SHA1 aed846694b9005d2274a8cb8e35fad4be64acab7
SHA256 c43c01ca00150bfce4df92bd6e8065a94b3dd0570251c6df5ad8c46e28f9faeb
SHA512 f52b0cfc1e7191f2acb065d185841f39d92fb14b79d86746fed797472fb4cb4e8409d3d6bb6be6becbbca7be77d6478e6764268ac43ce9454e4a4d281957454b

memory/2072-18-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2072-1068-0x000000013FCE0000-0x0000000140034000-memory.dmp

memory/3024-1069-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2376-1071-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/2072-1070-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2424-1072-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2072-1073-0x0000000001FD0000-0x0000000002324000-memory.dmp

memory/2492-1074-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1896-1075-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2188-1076-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/1096-1077-0x000000013F410000-0x000000013F764000-memory.dmp

memory/3024-1078-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2584-1079-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2016-1080-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2560-1081-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2404-1082-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2492-1083-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2376-1085-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/2424-1084-0x000000013FE00000-0x0000000140154000-memory.dmp