Malware Analysis Report

2024-10-16 07:31

Sample ID 240602-epm7xaad81
Target 33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe
SHA256 12388e8d0d7bcbe5f3e54312db5844d6f813424d08a27f938054d10441a440aa
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

12388e8d0d7bcbe5f3e54312db5844d6f813424d08a27f938054d10441a440aa

Threat Level: Known bad

The file 33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

KPOT

xmrig

KPOT Core Executable

Xmrig family

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:07

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:07

Reported

2024-06-02 04:09

Platform

win7-20240508-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gEukWkO.exe N/A
N/A N/A C:\Windows\System\HFovgCc.exe N/A
N/A N/A C:\Windows\System\kmUGCyv.exe N/A
N/A N/A C:\Windows\System\gwIxjPn.exe N/A
N/A N/A C:\Windows\System\gKwadEB.exe N/A
N/A N/A C:\Windows\System\pavhzkx.exe N/A
N/A N/A C:\Windows\System\IxfciiS.exe N/A
N/A N/A C:\Windows\System\ytpOrNQ.exe N/A
N/A N/A C:\Windows\System\szyswpO.exe N/A
N/A N/A C:\Windows\System\UImdkot.exe N/A
N/A N/A C:\Windows\System\hnTpgaS.exe N/A
N/A N/A C:\Windows\System\WgccXaM.exe N/A
N/A N/A C:\Windows\System\EvHNfHy.exe N/A
N/A N/A C:\Windows\System\rKlOuIl.exe N/A
N/A N/A C:\Windows\System\BTARLHD.exe N/A
N/A N/A C:\Windows\System\hTdBODS.exe N/A
N/A N/A C:\Windows\System\OhAqLKi.exe N/A
N/A N/A C:\Windows\System\wUfgAsl.exe N/A
N/A N/A C:\Windows\System\dcohaso.exe N/A
N/A N/A C:\Windows\System\qASsTtK.exe N/A
N/A N/A C:\Windows\System\gNvuqgB.exe N/A
N/A N/A C:\Windows\System\BTPunEa.exe N/A
N/A N/A C:\Windows\System\VcsJIwx.exe N/A
N/A N/A C:\Windows\System\GkKdzQt.exe N/A
N/A N/A C:\Windows\System\aFbIkjB.exe N/A
N/A N/A C:\Windows\System\mzlgWkM.exe N/A
N/A N/A C:\Windows\System\vhqGYKo.exe N/A
N/A N/A C:\Windows\System\POKGKEJ.exe N/A
N/A N/A C:\Windows\System\ySJJuKH.exe N/A
N/A N/A C:\Windows\System\FYxCKYz.exe N/A
N/A N/A C:\Windows\System\VMehNYq.exe N/A
N/A N/A C:\Windows\System\EJyKAaA.exe N/A
N/A N/A C:\Windows\System\VndDIkD.exe N/A
N/A N/A C:\Windows\System\DaQvoux.exe N/A
N/A N/A C:\Windows\System\eoghYmW.exe N/A
N/A N/A C:\Windows\System\jwqNRyz.exe N/A
N/A N/A C:\Windows\System\YOzhGJz.exe N/A
N/A N/A C:\Windows\System\SUnyUgA.exe N/A
N/A N/A C:\Windows\System\TumDZLr.exe N/A
N/A N/A C:\Windows\System\lcQnNER.exe N/A
N/A N/A C:\Windows\System\VPtqJhp.exe N/A
N/A N/A C:\Windows\System\nWexKeX.exe N/A
N/A N/A C:\Windows\System\SrNvpAP.exe N/A
N/A N/A C:\Windows\System\WWdLlXK.exe N/A
N/A N/A C:\Windows\System\uGTvnJU.exe N/A
N/A N/A C:\Windows\System\WpDqsuh.exe N/A
N/A N/A C:\Windows\System\yAaHnIo.exe N/A
N/A N/A C:\Windows\System\izleanG.exe N/A
N/A N/A C:\Windows\System\YHXafBo.exe N/A
N/A N/A C:\Windows\System\vDrNHwp.exe N/A
N/A N/A C:\Windows\System\MMAZnNY.exe N/A
N/A N/A C:\Windows\System\ViTHEqt.exe N/A
N/A N/A C:\Windows\System\XojucSs.exe N/A
N/A N/A C:\Windows\System\yvACRxy.exe N/A
N/A N/A C:\Windows\System\ODsiMBz.exe N/A
N/A N/A C:\Windows\System\NzRlzpj.exe N/A
N/A N/A C:\Windows\System\OfWTvZf.exe N/A
N/A N/A C:\Windows\System\meenOwY.exe N/A
N/A N/A C:\Windows\System\KRLqvII.exe N/A
N/A N/A C:\Windows\System\eBLJylq.exe N/A
N/A N/A C:\Windows\System\UCiGuSy.exe N/A
N/A N/A C:\Windows\System\mZvQDsd.exe N/A
N/A N/A C:\Windows\System\RhYBzNO.exe N/A
N/A N/A C:\Windows\System\RGpBQXd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gNvuqgB.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwVNUyg.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgraWwp.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\naChBuu.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqNuPqE.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TumDZLr.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYDoAGR.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGGOCYb.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQMYRyY.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPijpsJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZYbxaz.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\idDuKPK.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\HlreGXa.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rKlOuIl.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYxCKYz.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\czEGxbJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHkTanM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvRlKWz.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrMcYBf.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\yAaHnIo.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSzjCys.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmmPXik.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TMQwwmT.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\enkvUqk.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKYCRjJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDthkBi.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tevEajL.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVWwRXO.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMGzQTu.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjatCAH.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKnALwC.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBYweeP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmUGCyv.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnsVMJe.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgTqaDV.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNWyLBJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvHNfHy.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfWTvZf.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITMPaqR.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTmSeBg.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMnTbBg.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMufkHP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHHzVqD.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VciIPbA.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdJpevG.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\DuPqmwL.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\grpCGMd.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiusIYP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpEPaig.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAiprjv.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUfgAsl.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\WPHyEqv.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHBANVC.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGRCiOx.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQoJMJq.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\eoghYmW.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNsSgMk.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkFGHXF.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJyrqdx.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\fzMUrJh.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFpFatX.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSrggln.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmFcZdp.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\zyTEskq.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 836 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gEukWkO.exe
PID 836 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gEukWkO.exe
PID 836 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gEukWkO.exe
PID 836 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HFovgCc.exe
PID 836 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HFovgCc.exe
PID 836 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HFovgCc.exe
PID 836 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\pavhzkx.exe
PID 836 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\pavhzkx.exe
PID 836 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\pavhzkx.exe
PID 836 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\kmUGCyv.exe
PID 836 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\kmUGCyv.exe
PID 836 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\kmUGCyv.exe
PID 836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\szyswpO.exe
PID 836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\szyswpO.exe
PID 836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\szyswpO.exe
PID 836 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gwIxjPn.exe
PID 836 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gwIxjPn.exe
PID 836 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gwIxjPn.exe
PID 836 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\UImdkot.exe
PID 836 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\UImdkot.exe
PID 836 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\UImdkot.exe
PID 836 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gKwadEB.exe
PID 836 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gKwadEB.exe
PID 836 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gKwadEB.exe
PID 836 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hnTpgaS.exe
PID 836 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hnTpgaS.exe
PID 836 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hnTpgaS.exe
PID 836 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IxfciiS.exe
PID 836 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IxfciiS.exe
PID 836 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IxfciiS.exe
PID 836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\EvHNfHy.exe
PID 836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\EvHNfHy.exe
PID 836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\EvHNfHy.exe
PID 836 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ytpOrNQ.exe
PID 836 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ytpOrNQ.exe
PID 836 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ytpOrNQ.exe
PID 836 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\BTARLHD.exe
PID 836 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\BTARLHD.exe
PID 836 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\BTARLHD.exe
PID 836 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\WgccXaM.exe
PID 836 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\WgccXaM.exe
PID 836 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\WgccXaM.exe
PID 836 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hTdBODS.exe
PID 836 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hTdBODS.exe
PID 836 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\hTdBODS.exe
PID 836 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\rKlOuIl.exe
PID 836 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\rKlOuIl.exe
PID 836 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\rKlOuIl.exe
PID 836 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\wUfgAsl.exe
PID 836 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\wUfgAsl.exe
PID 836 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\wUfgAsl.exe
PID 836 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\OhAqLKi.exe
PID 836 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\OhAqLKi.exe
PID 836 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\OhAqLKi.exe
PID 836 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\dcohaso.exe
PID 836 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\dcohaso.exe
PID 836 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\dcohaso.exe
PID 836 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qASsTtK.exe
PID 836 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qASsTtK.exe
PID 836 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qASsTtK.exe
PID 836 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gNvuqgB.exe
PID 836 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gNvuqgB.exe
PID 836 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\gNvuqgB.exe
PID 836 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\BTPunEa.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe"

C:\Windows\System\gEukWkO.exe

C:\Windows\System\gEukWkO.exe

C:\Windows\System\HFovgCc.exe

C:\Windows\System\HFovgCc.exe

C:\Windows\System\pavhzkx.exe

C:\Windows\System\pavhzkx.exe

C:\Windows\System\kmUGCyv.exe

C:\Windows\System\kmUGCyv.exe

C:\Windows\System\szyswpO.exe

C:\Windows\System\szyswpO.exe

C:\Windows\System\gwIxjPn.exe

C:\Windows\System\gwIxjPn.exe

C:\Windows\System\UImdkot.exe

C:\Windows\System\UImdkot.exe

C:\Windows\System\gKwadEB.exe

C:\Windows\System\gKwadEB.exe

C:\Windows\System\hnTpgaS.exe

C:\Windows\System\hnTpgaS.exe

C:\Windows\System\IxfciiS.exe

C:\Windows\System\IxfciiS.exe

C:\Windows\System\EvHNfHy.exe

C:\Windows\System\EvHNfHy.exe

C:\Windows\System\ytpOrNQ.exe

C:\Windows\System\ytpOrNQ.exe

C:\Windows\System\BTARLHD.exe

C:\Windows\System\BTARLHD.exe

C:\Windows\System\WgccXaM.exe

C:\Windows\System\WgccXaM.exe

C:\Windows\System\hTdBODS.exe

C:\Windows\System\hTdBODS.exe

C:\Windows\System\rKlOuIl.exe

C:\Windows\System\rKlOuIl.exe

C:\Windows\System\wUfgAsl.exe

C:\Windows\System\wUfgAsl.exe

C:\Windows\System\OhAqLKi.exe

C:\Windows\System\OhAqLKi.exe

C:\Windows\System\dcohaso.exe

C:\Windows\System\dcohaso.exe

C:\Windows\System\qASsTtK.exe

C:\Windows\System\qASsTtK.exe

C:\Windows\System\gNvuqgB.exe

C:\Windows\System\gNvuqgB.exe

C:\Windows\System\BTPunEa.exe

C:\Windows\System\BTPunEa.exe

C:\Windows\System\VcsJIwx.exe

C:\Windows\System\VcsJIwx.exe

C:\Windows\System\GkKdzQt.exe

C:\Windows\System\GkKdzQt.exe

C:\Windows\System\aFbIkjB.exe

C:\Windows\System\aFbIkjB.exe

C:\Windows\System\mzlgWkM.exe

C:\Windows\System\mzlgWkM.exe

C:\Windows\System\vhqGYKo.exe

C:\Windows\System\vhqGYKo.exe

C:\Windows\System\POKGKEJ.exe

C:\Windows\System\POKGKEJ.exe

C:\Windows\System\ySJJuKH.exe

C:\Windows\System\ySJJuKH.exe

C:\Windows\System\FYxCKYz.exe

C:\Windows\System\FYxCKYz.exe

C:\Windows\System\VMehNYq.exe

C:\Windows\System\VMehNYq.exe

C:\Windows\System\EJyKAaA.exe

C:\Windows\System\EJyKAaA.exe

C:\Windows\System\VndDIkD.exe

C:\Windows\System\VndDIkD.exe

C:\Windows\System\DaQvoux.exe

C:\Windows\System\DaQvoux.exe

C:\Windows\System\eoghYmW.exe

C:\Windows\System\eoghYmW.exe

C:\Windows\System\jwqNRyz.exe

C:\Windows\System\jwqNRyz.exe

C:\Windows\System\YOzhGJz.exe

C:\Windows\System\YOzhGJz.exe

C:\Windows\System\SUnyUgA.exe

C:\Windows\System\SUnyUgA.exe

C:\Windows\System\TumDZLr.exe

C:\Windows\System\TumDZLr.exe

C:\Windows\System\lcQnNER.exe

C:\Windows\System\lcQnNER.exe

C:\Windows\System\VPtqJhp.exe

C:\Windows\System\VPtqJhp.exe

C:\Windows\System\nWexKeX.exe

C:\Windows\System\nWexKeX.exe

C:\Windows\System\SrNvpAP.exe

C:\Windows\System\SrNvpAP.exe

C:\Windows\System\WWdLlXK.exe

C:\Windows\System\WWdLlXK.exe

C:\Windows\System\uGTvnJU.exe

C:\Windows\System\uGTvnJU.exe

C:\Windows\System\WpDqsuh.exe

C:\Windows\System\WpDqsuh.exe

C:\Windows\System\yAaHnIo.exe

C:\Windows\System\yAaHnIo.exe

C:\Windows\System\izleanG.exe

C:\Windows\System\izleanG.exe

C:\Windows\System\YHXafBo.exe

C:\Windows\System\YHXafBo.exe

C:\Windows\System\vDrNHwp.exe

C:\Windows\System\vDrNHwp.exe

C:\Windows\System\MMAZnNY.exe

C:\Windows\System\MMAZnNY.exe

C:\Windows\System\ViTHEqt.exe

C:\Windows\System\ViTHEqt.exe

C:\Windows\System\XojucSs.exe

C:\Windows\System\XojucSs.exe

C:\Windows\System\yvACRxy.exe

C:\Windows\System\yvACRxy.exe

C:\Windows\System\ODsiMBz.exe

C:\Windows\System\ODsiMBz.exe

C:\Windows\System\NzRlzpj.exe

C:\Windows\System\NzRlzpj.exe

C:\Windows\System\OfWTvZf.exe

C:\Windows\System\OfWTvZf.exe

C:\Windows\System\meenOwY.exe

C:\Windows\System\meenOwY.exe

C:\Windows\System\KRLqvII.exe

C:\Windows\System\KRLqvII.exe

C:\Windows\System\eBLJylq.exe

C:\Windows\System\eBLJylq.exe

C:\Windows\System\UCiGuSy.exe

C:\Windows\System\UCiGuSy.exe

C:\Windows\System\mZvQDsd.exe

C:\Windows\System\mZvQDsd.exe

C:\Windows\System\RhYBzNO.exe

C:\Windows\System\RhYBzNO.exe

C:\Windows\System\RGpBQXd.exe

C:\Windows\System\RGpBQXd.exe

C:\Windows\System\czEGxbJ.exe

C:\Windows\System\czEGxbJ.exe

C:\Windows\System\NGqdDrD.exe

C:\Windows\System\NGqdDrD.exe

C:\Windows\System\KNRkMdQ.exe

C:\Windows\System\KNRkMdQ.exe

C:\Windows\System\MNDfGUM.exe

C:\Windows\System\MNDfGUM.exe

C:\Windows\System\mCThqBb.exe

C:\Windows\System\mCThqBb.exe

C:\Windows\System\zhyaIfr.exe

C:\Windows\System\zhyaIfr.exe

C:\Windows\System\YbNQXMY.exe

C:\Windows\System\YbNQXMY.exe

C:\Windows\System\ISAhQKn.exe

C:\Windows\System\ISAhQKn.exe

C:\Windows\System\usPcGsu.exe

C:\Windows\System\usPcGsu.exe

C:\Windows\System\FquCuYG.exe

C:\Windows\System\FquCuYG.exe

C:\Windows\System\RBXfWFo.exe

C:\Windows\System\RBXfWFo.exe

C:\Windows\System\kSzjCys.exe

C:\Windows\System\kSzjCys.exe

C:\Windows\System\KsrUfXW.exe

C:\Windows\System\KsrUfXW.exe

C:\Windows\System\FXGBCRc.exe

C:\Windows\System\FXGBCRc.exe

C:\Windows\System\MHwWeNZ.exe

C:\Windows\System\MHwWeNZ.exe

C:\Windows\System\dgKuuIx.exe

C:\Windows\System\dgKuuIx.exe

C:\Windows\System\kcqjcCp.exe

C:\Windows\System\kcqjcCp.exe

C:\Windows\System\wSrggln.exe

C:\Windows\System\wSrggln.exe

C:\Windows\System\IcJCdiD.exe

C:\Windows\System\IcJCdiD.exe

C:\Windows\System\kGxUJAK.exe

C:\Windows\System\kGxUJAK.exe

C:\Windows\System\dXQqkiW.exe

C:\Windows\System\dXQqkiW.exe

C:\Windows\System\INCtgQk.exe

C:\Windows\System\INCtgQk.exe

C:\Windows\System\qKlFsdq.exe

C:\Windows\System\qKlFsdq.exe

C:\Windows\System\CgAorMe.exe

C:\Windows\System\CgAorMe.exe

C:\Windows\System\zEAxAhQ.exe

C:\Windows\System\zEAxAhQ.exe

C:\Windows\System\wYODdFY.exe

C:\Windows\System\wYODdFY.exe

C:\Windows\System\VwpCajh.exe

C:\Windows\System\VwpCajh.exe

C:\Windows\System\qNWFvFw.exe

C:\Windows\System\qNWFvFw.exe

C:\Windows\System\weacfos.exe

C:\Windows\System\weacfos.exe

C:\Windows\System\FdJpevG.exe

C:\Windows\System\FdJpevG.exe

C:\Windows\System\rxafVdz.exe

C:\Windows\System\rxafVdz.exe

C:\Windows\System\lVkGDwh.exe

C:\Windows\System\lVkGDwh.exe

C:\Windows\System\DuPqmwL.exe

C:\Windows\System\DuPqmwL.exe

C:\Windows\System\zIniipK.exe

C:\Windows\System\zIniipK.exe

C:\Windows\System\RUmKkhP.exe

C:\Windows\System\RUmKkhP.exe

C:\Windows\System\grpCGMd.exe

C:\Windows\System\grpCGMd.exe

C:\Windows\System\iIPOCar.exe

C:\Windows\System\iIPOCar.exe

C:\Windows\System\rapkHNC.exe

C:\Windows\System\rapkHNC.exe

C:\Windows\System\XYDoAGR.exe

C:\Windows\System\XYDoAGR.exe

C:\Windows\System\nVxQsYd.exe

C:\Windows\System\nVxQsYd.exe

C:\Windows\System\GmmPXik.exe

C:\Windows\System\GmmPXik.exe

C:\Windows\System\wNsSgMk.exe

C:\Windows\System\wNsSgMk.exe

C:\Windows\System\roFJeWh.exe

C:\Windows\System\roFJeWh.exe

C:\Windows\System\sddaZmN.exe

C:\Windows\System\sddaZmN.exe

C:\Windows\System\ZwnwKPx.exe

C:\Windows\System\ZwnwKPx.exe

C:\Windows\System\QhDSHsp.exe

C:\Windows\System\QhDSHsp.exe

C:\Windows\System\yQMYRyY.exe

C:\Windows\System\yQMYRyY.exe

C:\Windows\System\EkFGHXF.exe

C:\Windows\System\EkFGHXF.exe

C:\Windows\System\hPijpsJ.exe

C:\Windows\System\hPijpsJ.exe

C:\Windows\System\LVbgahc.exe

C:\Windows\System\LVbgahc.exe

C:\Windows\System\tJyrqdx.exe

C:\Windows\System\tJyrqdx.exe

C:\Windows\System\EAxYXWa.exe

C:\Windows\System\EAxYXWa.exe

C:\Windows\System\kNflEDe.exe

C:\Windows\System\kNflEDe.exe

C:\Windows\System\vtuCBuo.exe

C:\Windows\System\vtuCBuo.exe

C:\Windows\System\GWDCgoT.exe

C:\Windows\System\GWDCgoT.exe

C:\Windows\System\bgraWwp.exe

C:\Windows\System\bgraWwp.exe

C:\Windows\System\TQhXWHc.exe

C:\Windows\System\TQhXWHc.exe

C:\Windows\System\szmNSFc.exe

C:\Windows\System\szmNSFc.exe

C:\Windows\System\oehJRIM.exe

C:\Windows\System\oehJRIM.exe

C:\Windows\System\sGhKbdX.exe

C:\Windows\System\sGhKbdX.exe

C:\Windows\System\ITMPaqR.exe

C:\Windows\System\ITMPaqR.exe

C:\Windows\System\JLdefHO.exe

C:\Windows\System\JLdefHO.exe

C:\Windows\System\tevEajL.exe

C:\Windows\System\tevEajL.exe

C:\Windows\System\LmFcZdp.exe

C:\Windows\System\LmFcZdp.exe

C:\Windows\System\riSuhjR.exe

C:\Windows\System\riSuhjR.exe

C:\Windows\System\YlNmhMp.exe

C:\Windows\System\YlNmhMp.exe

C:\Windows\System\LyYykXu.exe

C:\Windows\System\LyYykXu.exe

C:\Windows\System\HFLlyvr.exe

C:\Windows\System\HFLlyvr.exe

C:\Windows\System\EfmBMWb.exe

C:\Windows\System\EfmBMWb.exe

C:\Windows\System\tmEFhyt.exe

C:\Windows\System\tmEFhyt.exe

C:\Windows\System\fzMUrJh.exe

C:\Windows\System\fzMUrJh.exe

C:\Windows\System\YNtIpFy.exe

C:\Windows\System\YNtIpFy.exe

C:\Windows\System\RiusIYP.exe

C:\Windows\System\RiusIYP.exe

C:\Windows\System\PFnraCj.exe

C:\Windows\System\PFnraCj.exe

C:\Windows\System\jVWwRXO.exe

C:\Windows\System\jVWwRXO.exe

C:\Windows\System\VXBNTgy.exe

C:\Windows\System\VXBNTgy.exe

C:\Windows\System\oHkTanM.exe

C:\Windows\System\oHkTanM.exe

C:\Windows\System\vZYbxaz.exe

C:\Windows\System\vZYbxaz.exe

C:\Windows\System\lPaImMd.exe

C:\Windows\System\lPaImMd.exe

C:\Windows\System\QMJmQBg.exe

C:\Windows\System\QMJmQBg.exe

C:\Windows\System\TMQwwmT.exe

C:\Windows\System\TMQwwmT.exe

C:\Windows\System\nZQpyIk.exe

C:\Windows\System\nZQpyIk.exe

C:\Windows\System\zPIOIzd.exe

C:\Windows\System\zPIOIzd.exe

C:\Windows\System\YcPRvFw.exe

C:\Windows\System\YcPRvFw.exe

C:\Windows\System\XPfpdzI.exe

C:\Windows\System\XPfpdzI.exe

C:\Windows\System\KvRlKWz.exe

C:\Windows\System\KvRlKWz.exe

C:\Windows\System\mMGzQTu.exe

C:\Windows\System\mMGzQTu.exe

C:\Windows\System\HaLLVkW.exe

C:\Windows\System\HaLLVkW.exe

C:\Windows\System\MPBYrGQ.exe

C:\Windows\System\MPBYrGQ.exe

C:\Windows\System\WXCgSiL.exe

C:\Windows\System\WXCgSiL.exe

C:\Windows\System\wkKUqoa.exe

C:\Windows\System\wkKUqoa.exe

C:\Windows\System\HQuVsMk.exe

C:\Windows\System\HQuVsMk.exe

C:\Windows\System\VpEPaig.exe

C:\Windows\System\VpEPaig.exe

C:\Windows\System\rFpFatX.exe

C:\Windows\System\rFpFatX.exe

C:\Windows\System\MeBuefU.exe

C:\Windows\System\MeBuefU.exe

C:\Windows\System\LTfktWB.exe

C:\Windows\System\LTfktWB.exe

C:\Windows\System\DpsiweI.exe

C:\Windows\System\DpsiweI.exe

C:\Windows\System\sxfhAIe.exe

C:\Windows\System\sxfhAIe.exe

C:\Windows\System\keLlLVn.exe

C:\Windows\System\keLlLVn.exe

C:\Windows\System\czEcUtJ.exe

C:\Windows\System\czEcUtJ.exe

C:\Windows\System\ZgcmUGD.exe

C:\Windows\System\ZgcmUGD.exe

C:\Windows\System\WnunvNA.exe

C:\Windows\System\WnunvNA.exe

C:\Windows\System\RuEmIrF.exe

C:\Windows\System\RuEmIrF.exe

C:\Windows\System\iRcIVkh.exe

C:\Windows\System\iRcIVkh.exe

C:\Windows\System\pKOWGuE.exe

C:\Windows\System\pKOWGuE.exe

C:\Windows\System\enkvUqk.exe

C:\Windows\System\enkvUqk.exe

C:\Windows\System\RzaGuvm.exe

C:\Windows\System\RzaGuvm.exe

C:\Windows\System\shNDWAa.exe

C:\Windows\System\shNDWAa.exe

C:\Windows\System\BItARNB.exe

C:\Windows\System\BItARNB.exe

C:\Windows\System\BGDKjoy.exe

C:\Windows\System\BGDKjoy.exe

C:\Windows\System\FMavgrp.exe

C:\Windows\System\FMavgrp.exe

C:\Windows\System\nPGdegZ.exe

C:\Windows\System\nPGdegZ.exe

C:\Windows\System\CrMcYBf.exe

C:\Windows\System\CrMcYBf.exe

C:\Windows\System\wZwrAWu.exe

C:\Windows\System\wZwrAWu.exe

C:\Windows\System\XNxBnkZ.exe

C:\Windows\System\XNxBnkZ.exe

C:\Windows\System\xzPdsUh.exe

C:\Windows\System\xzPdsUh.exe

C:\Windows\System\ughASJf.exe

C:\Windows\System\ughASJf.exe

C:\Windows\System\iARixps.exe

C:\Windows\System\iARixps.exe

C:\Windows\System\BGdqhKO.exe

C:\Windows\System\BGdqhKO.exe

C:\Windows\System\WPHyEqv.exe

C:\Windows\System\WPHyEqv.exe

C:\Windows\System\jtccDfj.exe

C:\Windows\System\jtccDfj.exe

C:\Windows\System\DRQOUGP.exe

C:\Windows\System\DRQOUGP.exe

C:\Windows\System\zugabBV.exe

C:\Windows\System\zugabBV.exe

C:\Windows\System\dUPRxvW.exe

C:\Windows\System\dUPRxvW.exe

C:\Windows\System\cLavJyv.exe

C:\Windows\System\cLavJyv.exe

C:\Windows\System\zyTEskq.exe

C:\Windows\System\zyTEskq.exe

C:\Windows\System\nvqsNDq.exe

C:\Windows\System\nvqsNDq.exe

C:\Windows\System\tnXuYep.exe

C:\Windows\System\tnXuYep.exe

C:\Windows\System\ZZrPyOT.exe

C:\Windows\System\ZZrPyOT.exe

C:\Windows\System\LTmSeBg.exe

C:\Windows\System\LTmSeBg.exe

C:\Windows\System\FFhjqgg.exe

C:\Windows\System\FFhjqgg.exe

C:\Windows\System\gYFkKpD.exe

C:\Windows\System\gYFkKpD.exe

C:\Windows\System\XjCRvjb.exe

C:\Windows\System\XjCRvjb.exe

C:\Windows\System\mwVNUyg.exe

C:\Windows\System\mwVNUyg.exe

C:\Windows\System\pfewXZw.exe

C:\Windows\System\pfewXZw.exe

C:\Windows\System\VyJhuLT.exe

C:\Windows\System\VyJhuLT.exe

C:\Windows\System\wjAZMSL.exe

C:\Windows\System\wjAZMSL.exe

C:\Windows\System\JayvcDv.exe

C:\Windows\System\JayvcDv.exe

C:\Windows\System\VjatCAH.exe

C:\Windows\System\VjatCAH.exe

C:\Windows\System\YhLAQxB.exe

C:\Windows\System\YhLAQxB.exe

C:\Windows\System\CAiprjv.exe

C:\Windows\System\CAiprjv.exe

C:\Windows\System\DgGuFlH.exe

C:\Windows\System\DgGuFlH.exe

C:\Windows\System\uAUUXWL.exe

C:\Windows\System\uAUUXWL.exe

C:\Windows\System\zBJxpWD.exe

C:\Windows\System\zBJxpWD.exe

C:\Windows\System\RYyWNJO.exe

C:\Windows\System\RYyWNJO.exe

C:\Windows\System\vaHtQTo.exe

C:\Windows\System\vaHtQTo.exe

C:\Windows\System\fzRxlJD.exe

C:\Windows\System\fzRxlJD.exe

C:\Windows\System\TTxYuoU.exe

C:\Windows\System\TTxYuoU.exe

C:\Windows\System\dQgLgxY.exe

C:\Windows\System\dQgLgxY.exe

C:\Windows\System\OqXaEKM.exe

C:\Windows\System\OqXaEKM.exe

C:\Windows\System\oGGOCYb.exe

C:\Windows\System\oGGOCYb.exe

C:\Windows\System\EKkkGpq.exe

C:\Windows\System\EKkkGpq.exe

C:\Windows\System\XzqrApV.exe

C:\Windows\System\XzqrApV.exe

C:\Windows\System\OpPhtma.exe

C:\Windows\System\OpPhtma.exe

C:\Windows\System\vnsVMJe.exe

C:\Windows\System\vnsVMJe.exe

C:\Windows\System\fwduedZ.exe

C:\Windows\System\fwduedZ.exe

C:\Windows\System\Yqnkdow.exe

C:\Windows\System\Yqnkdow.exe

C:\Windows\System\IuYrQwh.exe

C:\Windows\System\IuYrQwh.exe

C:\Windows\System\gMnTbBg.exe

C:\Windows\System\gMnTbBg.exe

C:\Windows\System\xgTqaDV.exe

C:\Windows\System\xgTqaDV.exe

C:\Windows\System\OIBLbVC.exe

C:\Windows\System\OIBLbVC.exe

C:\Windows\System\GvlXwPO.exe

C:\Windows\System\GvlXwPO.exe

C:\Windows\System\EHBANVC.exe

C:\Windows\System\EHBANVC.exe

C:\Windows\System\nKnALwC.exe

C:\Windows\System\nKnALwC.exe

C:\Windows\System\gjnBhjP.exe

C:\Windows\System\gjnBhjP.exe

C:\Windows\System\URHromF.exe

C:\Windows\System\URHromF.exe

C:\Windows\System\eYwaQyy.exe

C:\Windows\System\eYwaQyy.exe

C:\Windows\System\hPYjcFh.exe

C:\Windows\System\hPYjcFh.exe

C:\Windows\System\idDuKPK.exe

C:\Windows\System\idDuKPK.exe

C:\Windows\System\EbBmnPv.exe

C:\Windows\System\EbBmnPv.exe

C:\Windows\System\LAliQxz.exe

C:\Windows\System\LAliQxz.exe

C:\Windows\System\XYwMzcw.exe

C:\Windows\System\XYwMzcw.exe

C:\Windows\System\STkINjZ.exe

C:\Windows\System\STkINjZ.exe

C:\Windows\System\hnCAkWR.exe

C:\Windows\System\hnCAkWR.exe

C:\Windows\System\PlADrZQ.exe

C:\Windows\System\PlADrZQ.exe

C:\Windows\System\DgxoRJX.exe

C:\Windows\System\DgxoRJX.exe

C:\Windows\System\ELqDbJf.exe

C:\Windows\System\ELqDbJf.exe

C:\Windows\System\mXIgtUQ.exe

C:\Windows\System\mXIgtUQ.exe

C:\Windows\System\pzqCIUA.exe

C:\Windows\System\pzqCIUA.exe

C:\Windows\System\KFdElIa.exe

C:\Windows\System\KFdElIa.exe

C:\Windows\System\wVpazvA.exe

C:\Windows\System\wVpazvA.exe

C:\Windows\System\QynAxjG.exe

C:\Windows\System\QynAxjG.exe

C:\Windows\System\yyksfhd.exe

C:\Windows\System\yyksfhd.exe

C:\Windows\System\hUdpUxJ.exe

C:\Windows\System\hUdpUxJ.exe

C:\Windows\System\BbKCvlz.exe

C:\Windows\System\BbKCvlz.exe

C:\Windows\System\PmEChbF.exe

C:\Windows\System\PmEChbF.exe

C:\Windows\System\LDxrfec.exe

C:\Windows\System\LDxrfec.exe

C:\Windows\System\RZshkXy.exe

C:\Windows\System\RZshkXy.exe

C:\Windows\System\VJnmWKR.exe

C:\Windows\System\VJnmWKR.exe

C:\Windows\System\LBYweeP.exe

C:\Windows\System\LBYweeP.exe

C:\Windows\System\wQoJMJq.exe

C:\Windows\System\wQoJMJq.exe

C:\Windows\System\nmTACUl.exe

C:\Windows\System\nmTACUl.exe

C:\Windows\System\OgYETPO.exe

C:\Windows\System\OgYETPO.exe

C:\Windows\System\HGRCiOx.exe

C:\Windows\System\HGRCiOx.exe

C:\Windows\System\vfwYvua.exe

C:\Windows\System\vfwYvua.exe

C:\Windows\System\YUYYMht.exe

C:\Windows\System\YUYYMht.exe

C:\Windows\System\PMYwuQn.exe

C:\Windows\System\PMYwuQn.exe

C:\Windows\System\dNWyLBJ.exe

C:\Windows\System\dNWyLBJ.exe

C:\Windows\System\lbdCsks.exe

C:\Windows\System\lbdCsks.exe

C:\Windows\System\vVZapWl.exe

C:\Windows\System\vVZapWl.exe

C:\Windows\System\lMufkHP.exe

C:\Windows\System\lMufkHP.exe

C:\Windows\System\QRKmcVq.exe

C:\Windows\System\QRKmcVq.exe

C:\Windows\System\AXvxtOP.exe

C:\Windows\System\AXvxtOP.exe

C:\Windows\System\aOsEdwy.exe

C:\Windows\System\aOsEdwy.exe

C:\Windows\System\xYqNLAc.exe

C:\Windows\System\xYqNLAc.exe

C:\Windows\System\CXXXCTA.exe

C:\Windows\System\CXXXCTA.exe

C:\Windows\System\wgpMBxD.exe

C:\Windows\System\wgpMBxD.exe

C:\Windows\System\XtjDRbm.exe

C:\Windows\System\XtjDRbm.exe

C:\Windows\System\xQkxmhv.exe

C:\Windows\System\xQkxmhv.exe

C:\Windows\System\DtnYgjM.exe

C:\Windows\System\DtnYgjM.exe

C:\Windows\System\cCDDcGE.exe

C:\Windows\System\cCDDcGE.exe

C:\Windows\System\ZGKDtth.exe

C:\Windows\System\ZGKDtth.exe

C:\Windows\System\QoClLHl.exe

C:\Windows\System\QoClLHl.exe

C:\Windows\System\FEVEkgX.exe

C:\Windows\System\FEVEkgX.exe

C:\Windows\System\ZcGLEyh.exe

C:\Windows\System\ZcGLEyh.exe

C:\Windows\System\VJONKyd.exe

C:\Windows\System\VJONKyd.exe

C:\Windows\System\ZmyblyN.exe

C:\Windows\System\ZmyblyN.exe

C:\Windows\System\WYtFnLM.exe

C:\Windows\System\WYtFnLM.exe

C:\Windows\System\jsIBxlt.exe

C:\Windows\System\jsIBxlt.exe

C:\Windows\System\OfcsFNR.exe

C:\Windows\System\OfcsFNR.exe

C:\Windows\System\nVdJJbU.exe

C:\Windows\System\nVdJJbU.exe

C:\Windows\System\cDPNiOd.exe

C:\Windows\System\cDPNiOd.exe

C:\Windows\System\bZaswsJ.exe

C:\Windows\System\bZaswsJ.exe

C:\Windows\System\AalvNhR.exe

C:\Windows\System\AalvNhR.exe

C:\Windows\System\EEaiOcn.exe

C:\Windows\System\EEaiOcn.exe

C:\Windows\System\wAlEPSu.exe

C:\Windows\System\wAlEPSu.exe

C:\Windows\System\NFYSRoi.exe

C:\Windows\System\NFYSRoi.exe

C:\Windows\System\kyFBzFh.exe

C:\Windows\System\kyFBzFh.exe

C:\Windows\System\wzMghYq.exe

C:\Windows\System\wzMghYq.exe

C:\Windows\System\lSAEpyz.exe

C:\Windows\System\lSAEpyz.exe

C:\Windows\System\FKYCRjJ.exe

C:\Windows\System\FKYCRjJ.exe

C:\Windows\System\RXluHyM.exe

C:\Windows\System\RXluHyM.exe

C:\Windows\System\HlreGXa.exe

C:\Windows\System\HlreGXa.exe

C:\Windows\System\TFAVNBn.exe

C:\Windows\System\TFAVNBn.exe

C:\Windows\System\mINVJzM.exe

C:\Windows\System\mINVJzM.exe

C:\Windows\System\EHHzVqD.exe

C:\Windows\System\EHHzVqD.exe

C:\Windows\System\TXcOpJx.exe

C:\Windows\System\TXcOpJx.exe

C:\Windows\System\jsZXBbB.exe

C:\Windows\System\jsZXBbB.exe

C:\Windows\System\bJZLzOM.exe

C:\Windows\System\bJZLzOM.exe

C:\Windows\System\naChBuu.exe

C:\Windows\System\naChBuu.exe

C:\Windows\System\eHEGayN.exe

C:\Windows\System\eHEGayN.exe

C:\Windows\System\ZDthkBi.exe

C:\Windows\System\ZDthkBi.exe

C:\Windows\System\AChlSgj.exe

C:\Windows\System\AChlSgj.exe

C:\Windows\System\VciIPbA.exe

C:\Windows\System\VciIPbA.exe

C:\Windows\System\zsmbPxo.exe

C:\Windows\System\zsmbPxo.exe

C:\Windows\System\cFIuraS.exe

C:\Windows\System\cFIuraS.exe

C:\Windows\System\uLOHZTT.exe

C:\Windows\System\uLOHZTT.exe

C:\Windows\System\xsYfLEW.exe

C:\Windows\System\xsYfLEW.exe

C:\Windows\System\OEgJJdC.exe

C:\Windows\System\OEgJJdC.exe

C:\Windows\System\PcCBkIg.exe

C:\Windows\System\PcCBkIg.exe

C:\Windows\System\bPQbNzo.exe

C:\Windows\System\bPQbNzo.exe

C:\Windows\System\LqNuPqE.exe

C:\Windows\System\LqNuPqE.exe

C:\Windows\System\GNJgSOa.exe

C:\Windows\System\GNJgSOa.exe

C:\Windows\System\ucBSgvO.exe

C:\Windows\System\ucBSgvO.exe

C:\Windows\System\oufLcxU.exe

C:\Windows\System\oufLcxU.exe

C:\Windows\System\HEsISiQ.exe

C:\Windows\System\HEsISiQ.exe

C:\Windows\System\xHsXxif.exe

C:\Windows\System\xHsXxif.exe

C:\Windows\System\EEJIwjL.exe

C:\Windows\System\EEJIwjL.exe

C:\Windows\System\OiQAWIr.exe

C:\Windows\System\OiQAWIr.exe

C:\Windows\System\rwKpVjV.exe

C:\Windows\System\rwKpVjV.exe

C:\Windows\System\nIgprdK.exe

C:\Windows\System\nIgprdK.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/836-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/836-1-0x0000000000200000-0x0000000000210000-memory.dmp

C:\Windows\system\gEukWkO.exe

MD5 2ea760399525f517550972ecf0b8ef7c
SHA1 22517675cdeb6bd143243398dddca5d7129c1a4d
SHA256 17277745754f4bc35de8df98c8781bc3998615f48a05b3c4ede51250189d42e8
SHA512 e3e452b6a65485259dd4decb8120eb14b14d9aa46c8e89b93dce11e0b7b4dc5f670e8298e7d3ebc50e42c2e206ad17b2fa7371b2793b5a9ce8dd763f5fdd57a5

C:\Windows\system\pavhzkx.exe

MD5 1843d2afef10b80050e312255a2718ce
SHA1 8c96b5b245a563aa9625493135923d08732b3010
SHA256 8b545d534b06368beb270ff77dad6db47d326ccf047140428e8d2fa85bbb1cde
SHA512 b21152115805657e07ab7b566289cfa214ff3a9ad86b9ca59dd45b5640db9c9726ec6c007de007e934134de2c836785dc021508f4056927b56211b74c697b210

C:\Windows\system\gKwadEB.exe

MD5 18985d3f9d2a47db0de64081f5c94616
SHA1 a73ec98151ce0aea7fb9bc5809ac29be6db5b8c0
SHA256 666594ff5d3d4220b122a785c3047e70e5f93bb45d73a6d04d243ccb1b4caf3f
SHA512 c23544c052fa9448f5560aed6194e02115d247a5fb3c25f1606dc75d4c1dbf8457a2069328bf46d930b2de0cbc319350254d3fb1821e91c4b5cc772949823af7

C:\Windows\system\IxfciiS.exe

MD5 6c7d4896f78ee0c3886bbed3b234fbea
SHA1 bb9e0925459fbd3be423420b1e5066f1b557055d
SHA256 6ec0c0ab1adca87ff1d93722f1f899347e8284a0078fc9cbe23ce3bcc2a1cdf1
SHA512 8b8f9b301fbe09d540204b6386ad55d7e18382704c5250fd4d29cfbbc5b8f51aeff68cf046b1ca7f891ac1e1fedfb524da83e4e24c7d3f15a0cef440bf4a7e2a

C:\Windows\system\ytpOrNQ.exe

MD5 78928657a479cd0d0fb9381b0547e624
SHA1 400bd62b88a9c4e5e8343a94136e35ed97dc3538
SHA256 f7d0ce5184394771800faee0df2257511f35393b4c4118b0d60922f15cbf9c93
SHA512 af8859ad63919b7e975f65ab0a6c085df4822f6774fa5a139c6c6edfbe78c6aa44680192e6682800f3bce36599a86cc87df8ed994e7b79be57206a5a4f2967d3

memory/2536-66-0x000000013F200000-0x000000013F554000-memory.dmp

memory/836-69-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2756-76-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2288-88-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/836-102-0x000000013F6B0000-0x000000013FA04000-memory.dmp

C:\Windows\system\BTPunEa.exe

MD5 41f939bf45b28be4b4e7e78d7fb2d26b
SHA1 a04d2fc8ca41159b1af88ef0621b4f4379750af1
SHA256 0380ce742077e13228fccff3a6bfdf4efbdd74f9dcb25d43cd9f954df26bf861
SHA512 d9268f600d04b3fa763dd7415b4aff504980c3da3265d70992b55b5432abb493d1dbbb1f8118d61a2b5da42a6d64ee6d06169da304353b109630f28a2c21c69b

C:\Windows\system\mzlgWkM.exe

MD5 82f872ea6fd9b0fe3c462b47de869872
SHA1 97529b7456c4d426e044646d999993b753de44d1
SHA256 0f9355c3174bbf37a4aa34249da6776bc2a83a823c9735d8bdf948ee45971d5c
SHA512 7f13dfeb40fc7e6fe4275cdc6f3fc56e65426803339c017bd78104871886811bf6cdb0b56dfca98b77665abdcbdabc0771ca4d210d170455b89ea942dff43541

C:\Windows\system\EJyKAaA.exe

MD5 be30c37abc99fbc0fe3fa11734aa23ed
SHA1 507b701c0d8d3756b4b57f3189aa6259ccc7c6f5
SHA256 16bf791a63762a853288d0786ed802d8079ac3dd01c6f12deea26961af18bc05
SHA512 d8b9c326ff2e1f4c6bd6516843d709357a75e4c3c1381c646b9f0871b1e6dc5a301603a1e39c1064e73bb80c9ba4fb8f6b35cf9880126491f29c9c2b44445cf3

memory/2108-742-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/836-741-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\VMehNYq.exe

MD5 67f94cfbbd23aef9558ea0374868f442
SHA1 3c13d435f24f0663473536063b0fac7894b0db4a
SHA256 3ffc80ec748089f5b6a13345982f040ac59c7bcd31c4e64ec88b219af25249da
SHA512 6dd4621a51b4574e5f060dc1afdb8d823e935ac0e4053826c6e59e8121ad8135a9aa5e9eeb3ed17ca37447d2f5fe47ae598f98ac06fa186ea385299b18bbc5fe

C:\Windows\system\FYxCKYz.exe

MD5 248db08b72d5affe7affaa11f4976369
SHA1 bc87e8cadb420db0cda76415e9a0d45304d35728
SHA256 b175bfa44b9076e969ba088cbe26202c49b642cadcbb046364765e1a4c5450a5
SHA512 027d6a81ed893e10752c90aacd2ca17789ef7d49f9a23d171bb38c7fa69593215f9aebf81e1803f874ffe4d474acd043ddd57993b01bc3f2840eff4a50fd1139

C:\Windows\system\ySJJuKH.exe

MD5 6d1113a3cd02bf7e0c742dff04037ff9
SHA1 196df7c293665ece9ebf48dd84576f15705441dd
SHA256 050f80e03bc765de2f1af4f32092c34d808f519eb97b5b8dbed875e9001a507d
SHA512 930724012d5ee1f5d0a2c24bc1e48f4b8273b83508631508813d13fdd1e8f6f69299e22bcc61bdf46a593f49bb84dca7ead28713ec745ed392a7d3c08f5f50ae

C:\Windows\system\POKGKEJ.exe

MD5 2ae25b1b55d76045a23bcdd644965472
SHA1 9c61a7123cec955ad29fd052b24aba0444913e63
SHA256 3b82678785125e0b888231df2b16029f337bbf471a0a1eba81852018bf204425
SHA512 560af8ec971dfeecf4f6846a2eb67f2fb3db0be453727e9b43d4e7f9ebefa8ad0a58df303095d21c65a25fe92b938e132106b92058b2a7c5e6419d44c5e835de

C:\Windows\system\vhqGYKo.exe

MD5 3a91735322f0837ff88f3c2639981b53
SHA1 b5c273187b204da109b760890a12784a5bb933e7
SHA256 356afcb76c54fa3039c2c4bea06ce5ada41c533a1c334368d9955492738e27bd
SHA512 a6ab5e5998916483ccf087523c762f5438331d5fac751b24e18c69b8a29aa81fb8aba0321773b7dac0009bdee474f756ab23ee5734b73860ca26ce2fe4e68768

C:\Windows\system\aFbIkjB.exe

MD5 537b02023a34cad03c29d36910a53acd
SHA1 0c55ae8b1be9564a85011e6898d4495bc9ccf07d
SHA256 b13c668d50c1dd9fe17b3e9aad08b4adf8dcbfccb97549bf1c9502ab155a80f7
SHA512 fdc223ce134ae5b88bddfd44e826d19f3bd523f4ef18220dfaaf416c43580a051baeabde20b366f20793ed0386ba9721ae7caec618335b24ca6d7f22c413642f

C:\Windows\system\VcsJIwx.exe

MD5 31d3b6e280f5db82a53eeb08223eacb8
SHA1 0fb2d6cfe270de53e869448f34f5a1f69bee7660
SHA256 b2c68be35db7c7053db273580135bac46be2cac02e3f0fbd426b34ec89fde015
SHA512 cd95ebd7f3e6867ca9f8771dcc938d350bf7b1b25492af4f7160a334142a5a18d6bfb5712e64112707d40079a45907ae3c1c104b6f45bd0b822ba9709919f2c7

C:\Windows\system\gNvuqgB.exe

MD5 7cc92bd3ad9d8e3e1adbc28d09b31306
SHA1 17831c0e14e867d3172bbcfb2d346ad0c8bebfbb
SHA256 10caa73be629b50dabf7e6b36b15f421d789ce79732bb8a31462938b9f2dc94b
SHA512 628aa671764134a633cf7ac4616cd6151c84ca22da9987145b73c70d1908f0f1273d3627dee8388dcb76e724e85c36ebf4c6e48f81febd5a88a639f92d3afb0b

C:\Windows\system\GkKdzQt.exe

MD5 7195d9fb7f157055084d0a53a0cff3de
SHA1 335df2ffc47c03219ae6da39f540fecbd2114b8d
SHA256 487fc798e00b7854a29c088e19fb8cf7043d89f51abffe1382acc117d38aed61
SHA512 8b918f3b7f7d3a9a6bd351ac585b0b233afaa77f81a40b8851b486d6dd6cf68489b3d8dd1dde5ee069708389ad4bdb4d6f3f7b5982e708609dc8df436ec6aa8e

C:\Windows\system\dcohaso.exe

MD5 ae8d78c22fd1ee778425e4d149aa338b
SHA1 973f79e7a139c80865b889ae07e3b2e98d57940a
SHA256 fe9881bc856c0d03d7542e2483586045845f66de49bb5629ea682b6be18f1771
SHA512 e4c66f37400d0b3dc08d1075472c375063b4fb33ced12eff84465d7743d0d6eb4b97698cdcef79424e01850999de9890dcc9c9f42d6acb5d1ef4e237a246565b

C:\Windows\system\wUfgAsl.exe

MD5 a2ad77333a27ea3551a00c302dfabf51
SHA1 65a855e46d224ac5e2cba7ba809454b9188b0e49
SHA256 cf0be4b3fb8ce0116854d1bd011203553798ec9122f6390460b4d6fe95e15dcb
SHA512 ada1b3c745e3ba042675b18a75ff4b2593d3067ecefc8e76470d46b3e33d589155e1f56cbed3cefc621ec5daa428100ebcc525b61e410db4f08d4172d8125324

C:\Windows\system\qASsTtK.exe

MD5 2d10a3259946a708f39b4e46e12d6d9d
SHA1 12ba09c79858812bf2a581e4abdc910745ff5968
SHA256 83e95da94310f00cae0b56710f3a00b11de687e2e8943eb45cefef552d8c1240
SHA512 e81473ab3b43aabc4fe6aa9e9e110c6933953d2be68500c3e0b957691eb251bbf1182a80cb41019938a5ea852cf8aa850ac7a0ea4c73b8c970747f1dd9c8e9ba

C:\Windows\system\hTdBODS.exe

MD5 478c1e84a2fe3b39ae487d3e0027de88
SHA1 90d8b5747540ff949f2c7a560fd8b23c24c3e26d
SHA256 0656734ffa845207c9bafa551278a65ac758a831293b2415dc03d321ed8cf67a
SHA512 f7f34f0c35626f0c07f1a28adf95568275fd8437d9bc88848730a1f5ef8bb5007b8df9e8116bf0437ee81c1abbf06c5da1b3940713711f8ad837cb9ad5e2a270

C:\Windows\system\BTARLHD.exe

MD5 6c2753d6b04b04b2d0075de0a1111f8a
SHA1 52c5ef24c550204b89ae257a18dadc27ff26b201
SHA256 2486e588858932e9b8d9508eb04751522599534f6bb34f49a22a59f2de73f802
SHA512 71e105d165bbd5aabb9836bc18d7efcc2a5c7b0ae40a6687f21fabd154c511ba0fc3dff253af2fcbbc1b09413c0f72d935fea9c6d16e2961a33000dbacaa61c8

memory/2720-98-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/836-97-0x000000013F130000-0x000000013F484000-memory.dmp

C:\Windows\system\EvHNfHy.exe

MD5 cbe3ca55cb84b3ea36bb52e0fd664617
SHA1 d6b78c7199b4cfa4c499b565520d20aaf37b9cc7
SHA256 0cee3394d81b429a516de197ab2d5641c70c9efd55633fafa25643607f0e25e1
SHA512 c2cf184d235d62782afe690f0f5eb72a59b9ce3d219b5631ccd8348e3f876fe0e2e0a1c20a50171faecbc190fdb3a7cece9c94e51bba6c78a2e6355c8c060a47

C:\Windows\system\OhAqLKi.exe

MD5 f02864017e8cc114f58ced2f6919af3f
SHA1 78aab2aff49c012481f6e9820d4280d72fa991d8
SHA256 6e178ad8be5158d33a3a5f08ee067988404c8f4b9eb1231964b1aea41007fdf9
SHA512 0e9bb9bb0149db6660a3e6da8693e9c917cdc6022835d9548f5dcf670653cb6e23298b35a496aec14ad8798147825daaeb0c47deae4faf69bbd3cdf0aa22b9ad

C:\Windows\system\hnTpgaS.exe

MD5 2deedd765aa57af12e579ef288ce4215
SHA1 ca95b52d644fb3634dd0b95080750e9c1a94ca88
SHA256 c36ea5b38cba7140ec0605e613b85e13a241484ffbef8ffc2afb2af3c111376d
SHA512 96ebe05537796c992a2aab0ad0091636381bb74e1e9f93c95b65a81e35138730ea177776fa9ee2c90b68757a973c6f388bc7d1f845b54ba3b746dd3b48a16a05

memory/836-80-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/836-57-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/836-49-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2784-47-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2616-46-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2988-45-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/836-44-0x000000013F240000-0x000000013F594000-memory.dmp

memory/836-39-0x0000000001FC0000-0x0000000002314000-memory.dmp

\Windows\system\UImdkot.exe

MD5 bece2f1259bdc2f435d6c807427518d9
SHA1 12202ae3ee03cb125dbdc3abd23ab1c98f310285
SHA256 edaa14e7ad1982d39f35340e58b3a26db26c36971d6f403809577c0dddea8a58
SHA512 9cba1b8faf4f3ca43105210cbbfad943136d702b6201334f146892d133f60dade8db1582b9f849810aa6890e63e81bfa4628283438753ed572d9ac853c99ed3e

C:\Windows\system\rKlOuIl.exe

MD5 de3e7f5691064a56d1af4cc4b8b018a5
SHA1 aad6d80a1ea36b8043ff51b00c0150c58cef5a1a
SHA256 077841e1119f8f60363730c019b2a0e87c06a7708c27f56bdb6b8f84b7772014
SHA512 b29bf5c908ec526aa79862b3bcf0aa7a88cf2dfd440804711295f93177a17b7e8550853bddf36f9e241aa119be5e5e8441e8e935bc4c2f0434f6e99a04bb6fbd

\Windows\system\szyswpO.exe

MD5 47bb90904e2cfb9d6c3accf6059e1d1e
SHA1 fbb20cfa836eeca26c4f28cd44988de28857af79
SHA256 8273d9897f5a451e28d61b086377758eb062704b6f61fd7af809e0f740fe09b3
SHA512 a2a94e8584309c2ec274e2e8d2c51ebae7aba0e82e49f005d6d9c33bb16a901967c4cef8e34409890046907a1ded0e482b165bc5213e7c4b37d8d68646cbe4ca

memory/1640-90-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/836-89-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\WgccXaM.exe

MD5 de6aa70fea59da9760df86459808c493
SHA1 06aeb53508d4c975f1aea413805da410a2c3f4a7
SHA256 d0e252300d5cc479017b24812a77579f4838dc34b2deaa92caf796e2e0d3e58d
SHA512 dba4b9e2a0acb70d4904e3db62e6c0196482202a744318519268a2fd0890fd37e98f713fed3795910bdc39414b4f30dd99096abb429b82ed786f87a7db436c78

memory/3044-75-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2568-71-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/836-68-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/836-67-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2384-65-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/836-16-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2360-61-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/836-60-0x000000013F600000-0x000000013F954000-memory.dmp

C:\Windows\system\gwIxjPn.exe

MD5 352ed0c0a89891ae1522914339039b4b
SHA1 fe96df3d39b8c8aefd7e471ce75c655ee5781fe8
SHA256 51a5bc670d6e1219126363e0dda44e5f542afbc54e58982eca9f541f6c7455f8
SHA512 4abeff78c436af37fd7cb72987e9598810f8ed465f2235f215cff9ffa7f5e8a93afb31306cf73bc489a35777ce2e4f7b7e292cc51e7a92b5aedb3660ad2af535

C:\Windows\system\kmUGCyv.exe

MD5 035148d24bc81bd20db8415c9612d832
SHA1 55357c3a3ae5df4c8efc9aa16da603b3e0980845
SHA256 1835356ba7fc21b833c482cbc192ec7065da08e15a8dee8ad5a3fc63cd0a215d
SHA512 c8f90441774f8c03ef1e416f4739fcd0d383962eaa8e9321d135d3ebdf6639d98e491e48e10c58e61d1fa221038c04d2fb011a9d0eacc8e4d4704a7d022ec771

C:\Windows\system\HFovgCc.exe

MD5 618eebe1d99d0a087efecc72a2a35d01
SHA1 dfba67a14a00a395f5940cdd07f49f153a51b83c
SHA256 42580c59cab238bdda9e60bfef42ddab1092fcf8b218b8de04ece72f57fbd6e6
SHA512 73b3fa2a72c095eb5cd870bc23b3f5056c219e8bedf873485df39b79a90859396ca926795901b3698cb9857d11753becc89f19688b61a59ba60907f4287b000b

memory/836-29-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2108-24-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/836-1031-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/836-1061-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2536-1071-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2568-1072-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/3044-1073-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2756-1074-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2288-1075-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/1640-1077-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/836-1076-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2720-1078-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2108-1079-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2360-1080-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2616-1082-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2988-1083-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2784-1081-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2536-1084-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2568-1085-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/3044-1086-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2756-1087-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2384-1089-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2288-1090-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/1640-1088-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2720-1091-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:07

Reported

2024-06-02 04:09

Platform

win10v2004-20240426-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jgWXoLH.exe N/A
N/A N/A C:\Windows\System\UohvilR.exe N/A
N/A N/A C:\Windows\System\YKWMQvA.exe N/A
N/A N/A C:\Windows\System\KuyZXap.exe N/A
N/A N/A C:\Windows\System\IavnROJ.exe N/A
N/A N/A C:\Windows\System\qFmlxoz.exe N/A
N/A N/A C:\Windows\System\eljOceC.exe N/A
N/A N/A C:\Windows\System\bYLFMsU.exe N/A
N/A N/A C:\Windows\System\cYwtjmv.exe N/A
N/A N/A C:\Windows\System\HRhWaOe.exe N/A
N/A N/A C:\Windows\System\bPneaut.exe N/A
N/A N/A C:\Windows\System\qTlxXnz.exe N/A
N/A N/A C:\Windows\System\HbQdfNp.exe N/A
N/A N/A C:\Windows\System\zuiHdFi.exe N/A
N/A N/A C:\Windows\System\YrOrRKC.exe N/A
N/A N/A C:\Windows\System\AqaSKjf.exe N/A
N/A N/A C:\Windows\System\FVsXeNQ.exe N/A
N/A N/A C:\Windows\System\PBotQLF.exe N/A
N/A N/A C:\Windows\System\FkAWQpP.exe N/A
N/A N/A C:\Windows\System\sHDIprR.exe N/A
N/A N/A C:\Windows\System\rFeUFwT.exe N/A
N/A N/A C:\Windows\System\XVDTMpf.exe N/A
N/A N/A C:\Windows\System\LefqUbw.exe N/A
N/A N/A C:\Windows\System\fdjDsvZ.exe N/A
N/A N/A C:\Windows\System\jQevSZq.exe N/A
N/A N/A C:\Windows\System\IMjVEbw.exe N/A
N/A N/A C:\Windows\System\qzLgkRY.exe N/A
N/A N/A C:\Windows\System\ilcCQvn.exe N/A
N/A N/A C:\Windows\System\FuPuhiU.exe N/A
N/A N/A C:\Windows\System\ghxnnoK.exe N/A
N/A N/A C:\Windows\System\tOaaCWj.exe N/A
N/A N/A C:\Windows\System\pTustSk.exe N/A
N/A N/A C:\Windows\System\NxyZEDM.exe N/A
N/A N/A C:\Windows\System\rHncRSy.exe N/A
N/A N/A C:\Windows\System\EfbNvLk.exe N/A
N/A N/A C:\Windows\System\SxlBkSm.exe N/A
N/A N/A C:\Windows\System\sozlGaP.exe N/A
N/A N/A C:\Windows\System\eTksBbD.exe N/A
N/A N/A C:\Windows\System\HHglgZo.exe N/A
N/A N/A C:\Windows\System\hoUqLIY.exe N/A
N/A N/A C:\Windows\System\lWhTojT.exe N/A
N/A N/A C:\Windows\System\QuldEWx.exe N/A
N/A N/A C:\Windows\System\IJFmEGZ.exe N/A
N/A N/A C:\Windows\System\vutGgkG.exe N/A
N/A N/A C:\Windows\System\HysXZxy.exe N/A
N/A N/A C:\Windows\System\vTBtZAt.exe N/A
N/A N/A C:\Windows\System\YmMmfHM.exe N/A
N/A N/A C:\Windows\System\kDofyJe.exe N/A
N/A N/A C:\Windows\System\VATEvHt.exe N/A
N/A N/A C:\Windows\System\MmUvLkC.exe N/A
N/A N/A C:\Windows\System\PDIrWfV.exe N/A
N/A N/A C:\Windows\System\kJOHUAn.exe N/A
N/A N/A C:\Windows\System\EwSoagV.exe N/A
N/A N/A C:\Windows\System\RejCaAv.exe N/A
N/A N/A C:\Windows\System\yxrhtFC.exe N/A
N/A N/A C:\Windows\System\BuCUtIA.exe N/A
N/A N/A C:\Windows\System\qOlBxCM.exe N/A
N/A N/A C:\Windows\System\Qseqwqm.exe N/A
N/A N/A C:\Windows\System\DLQlAVv.exe N/A
N/A N/A C:\Windows\System\DYejBCl.exe N/A
N/A N/A C:\Windows\System\ZDCgsKG.exe N/A
N/A N/A C:\Windows\System\XgojsXt.exe N/A
N/A N/A C:\Windows\System\ufexkYF.exe N/A
N/A N/A C:\Windows\System\JrcmyVs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\WhEXKVq.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tNHGtUF.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XggmOcM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmMmfHM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghffcCc.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcGODpq.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGhSRTA.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGbAMHj.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\jIiRRTX.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmmsoQG.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXwcsic.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYfbgjX.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQzzieF.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehnNgVP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTVzwph.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPneaut.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdBxPoX.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\edysKWL.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFeUFwT.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOlBxCM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuIHEGC.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\MuKIWCS.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwoyUxx.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\emJOwRh.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmEfgEC.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\vutGgkG.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPvtEpk.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWjkFHR.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWRuVqX.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\iowegZA.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\chQxSsn.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXGxXUj.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hChEoEZ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMLHjjZ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\VCDaRFJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGJrsZM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoUqLIY.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJyiAkg.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RjcoOHQ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmjDgsj.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\kianrSM.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmRWAAE.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLGfmAa.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYfaYwV.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\sozlGaP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgojsXt.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\afuChSS.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TdoSRtn.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBlIXQi.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\RbWeKfT.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\INKJLHP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQvdbJu.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbSTVmO.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYLFMsU.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilcCQvn.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqGPJil.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvfMwwl.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\ByjzEsJ.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTksBbD.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnfFMbD.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfAWRyh.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\FuPuhiU.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgsogyK.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuQncZP.exe C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1892 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\jgWXoLH.exe
PID 1892 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\jgWXoLH.exe
PID 1892 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\UohvilR.exe
PID 1892 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\UohvilR.exe
PID 1892 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\YKWMQvA.exe
PID 1892 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\YKWMQvA.exe
PID 1892 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\KuyZXap.exe
PID 1892 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\KuyZXap.exe
PID 1892 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IavnROJ.exe
PID 1892 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IavnROJ.exe
PID 1892 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qFmlxoz.exe
PID 1892 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qFmlxoz.exe
PID 1892 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\eljOceC.exe
PID 1892 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\eljOceC.exe
PID 1892 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HRhWaOe.exe
PID 1892 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HRhWaOe.exe
PID 1892 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\bYLFMsU.exe
PID 1892 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\bYLFMsU.exe
PID 1892 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\cYwtjmv.exe
PID 1892 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\cYwtjmv.exe
PID 1892 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\bPneaut.exe
PID 1892 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\bPneaut.exe
PID 1892 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qTlxXnz.exe
PID 1892 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qTlxXnz.exe
PID 1892 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HbQdfNp.exe
PID 1892 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\HbQdfNp.exe
PID 1892 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\zuiHdFi.exe
PID 1892 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\zuiHdFi.exe
PID 1892 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\YrOrRKC.exe
PID 1892 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\YrOrRKC.exe
PID 1892 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\AqaSKjf.exe
PID 1892 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\AqaSKjf.exe
PID 1892 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FVsXeNQ.exe
PID 1892 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FVsXeNQ.exe
PID 1892 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\LefqUbw.exe
PID 1892 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\LefqUbw.exe
PID 1892 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\PBotQLF.exe
PID 1892 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\PBotQLF.exe
PID 1892 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FkAWQpP.exe
PID 1892 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FkAWQpP.exe
PID 1892 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\sHDIprR.exe
PID 1892 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\sHDIprR.exe
PID 1892 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\rFeUFwT.exe
PID 1892 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\rFeUFwT.exe
PID 1892 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\XVDTMpf.exe
PID 1892 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\XVDTMpf.exe
PID 1892 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\fdjDsvZ.exe
PID 1892 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\fdjDsvZ.exe
PID 1892 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\jQevSZq.exe
PID 1892 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\jQevSZq.exe
PID 1892 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IMjVEbw.exe
PID 1892 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\IMjVEbw.exe
PID 1892 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qzLgkRY.exe
PID 1892 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\qzLgkRY.exe
PID 1892 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ilcCQvn.exe
PID 1892 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ilcCQvn.exe
PID 1892 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FuPuhiU.exe
PID 1892 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\FuPuhiU.exe
PID 1892 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ghxnnoK.exe
PID 1892 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\ghxnnoK.exe
PID 1892 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\tOaaCWj.exe
PID 1892 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\tOaaCWj.exe
PID 1892 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\pTustSk.exe
PID 1892 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe C:\Windows\System\pTustSk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\33fe56ed2289b25836b3b86af5d9dc20_NeikiAnalytics.exe"

C:\Windows\System\jgWXoLH.exe

C:\Windows\System\jgWXoLH.exe

C:\Windows\System\UohvilR.exe

C:\Windows\System\UohvilR.exe

C:\Windows\System\YKWMQvA.exe

C:\Windows\System\YKWMQvA.exe

C:\Windows\System\KuyZXap.exe

C:\Windows\System\KuyZXap.exe

C:\Windows\System\IavnROJ.exe

C:\Windows\System\IavnROJ.exe

C:\Windows\System\qFmlxoz.exe

C:\Windows\System\qFmlxoz.exe

C:\Windows\System\eljOceC.exe

C:\Windows\System\eljOceC.exe

C:\Windows\System\HRhWaOe.exe

C:\Windows\System\HRhWaOe.exe

C:\Windows\System\bYLFMsU.exe

C:\Windows\System\bYLFMsU.exe

C:\Windows\System\cYwtjmv.exe

C:\Windows\System\cYwtjmv.exe

C:\Windows\System\bPneaut.exe

C:\Windows\System\bPneaut.exe

C:\Windows\System\qTlxXnz.exe

C:\Windows\System\qTlxXnz.exe

C:\Windows\System\HbQdfNp.exe

C:\Windows\System\HbQdfNp.exe

C:\Windows\System\zuiHdFi.exe

C:\Windows\System\zuiHdFi.exe

C:\Windows\System\YrOrRKC.exe

C:\Windows\System\YrOrRKC.exe

C:\Windows\System\AqaSKjf.exe

C:\Windows\System\AqaSKjf.exe

C:\Windows\System\FVsXeNQ.exe

C:\Windows\System\FVsXeNQ.exe

C:\Windows\System\LefqUbw.exe

C:\Windows\System\LefqUbw.exe

C:\Windows\System\PBotQLF.exe

C:\Windows\System\PBotQLF.exe

C:\Windows\System\FkAWQpP.exe

C:\Windows\System\FkAWQpP.exe

C:\Windows\System\sHDIprR.exe

C:\Windows\System\sHDIprR.exe

C:\Windows\System\rFeUFwT.exe

C:\Windows\System\rFeUFwT.exe

C:\Windows\System\XVDTMpf.exe

C:\Windows\System\XVDTMpf.exe

C:\Windows\System\fdjDsvZ.exe

C:\Windows\System\fdjDsvZ.exe

C:\Windows\System\jQevSZq.exe

C:\Windows\System\jQevSZq.exe

C:\Windows\System\IMjVEbw.exe

C:\Windows\System\IMjVEbw.exe

C:\Windows\System\qzLgkRY.exe

C:\Windows\System\qzLgkRY.exe

C:\Windows\System\ilcCQvn.exe

C:\Windows\System\ilcCQvn.exe

C:\Windows\System\FuPuhiU.exe

C:\Windows\System\FuPuhiU.exe

C:\Windows\System\ghxnnoK.exe

C:\Windows\System\ghxnnoK.exe

C:\Windows\System\tOaaCWj.exe

C:\Windows\System\tOaaCWj.exe

C:\Windows\System\pTustSk.exe

C:\Windows\System\pTustSk.exe

C:\Windows\System\NxyZEDM.exe

C:\Windows\System\NxyZEDM.exe

C:\Windows\System\rHncRSy.exe

C:\Windows\System\rHncRSy.exe

C:\Windows\System\EfbNvLk.exe

C:\Windows\System\EfbNvLk.exe

C:\Windows\System\SxlBkSm.exe

C:\Windows\System\SxlBkSm.exe

C:\Windows\System\sozlGaP.exe

C:\Windows\System\sozlGaP.exe

C:\Windows\system32\BackgroundTaskHost.exe

"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

C:\Windows\System\eTksBbD.exe

C:\Windows\System\eTksBbD.exe

C:\Windows\System\HHglgZo.exe

C:\Windows\System\HHglgZo.exe

C:\Windows\System\hoUqLIY.exe

C:\Windows\System\hoUqLIY.exe

C:\Windows\System\lWhTojT.exe

C:\Windows\System\lWhTojT.exe

C:\Windows\System\QuldEWx.exe

C:\Windows\System\QuldEWx.exe

C:\Windows\System\IJFmEGZ.exe

C:\Windows\System\IJFmEGZ.exe

C:\Windows\System\vutGgkG.exe

C:\Windows\System\vutGgkG.exe

C:\Windows\System\HysXZxy.exe

C:\Windows\System\HysXZxy.exe

C:\Windows\System\vTBtZAt.exe

C:\Windows\System\vTBtZAt.exe

C:\Windows\System\YmMmfHM.exe

C:\Windows\System\YmMmfHM.exe

C:\Windows\System\kDofyJe.exe

C:\Windows\System\kDofyJe.exe

C:\Windows\System\VATEvHt.exe

C:\Windows\System\VATEvHt.exe

C:\Windows\System\MmUvLkC.exe

C:\Windows\System\MmUvLkC.exe

C:\Windows\System\kJOHUAn.exe

C:\Windows\System\kJOHUAn.exe

C:\Windows\System\PDIrWfV.exe

C:\Windows\System\PDIrWfV.exe

C:\Windows\System\EwSoagV.exe

C:\Windows\System\EwSoagV.exe

C:\Windows\System\RejCaAv.exe

C:\Windows\System\RejCaAv.exe

C:\Windows\System\yxrhtFC.exe

C:\Windows\System\yxrhtFC.exe

C:\Windows\System\BuCUtIA.exe

C:\Windows\System\BuCUtIA.exe

C:\Windows\System\qOlBxCM.exe

C:\Windows\System\qOlBxCM.exe

C:\Windows\System\Qseqwqm.exe

C:\Windows\System\Qseqwqm.exe

C:\Windows\System\DLQlAVv.exe

C:\Windows\System\DLQlAVv.exe

C:\Windows\System\DYejBCl.exe

C:\Windows\System\DYejBCl.exe

C:\Windows\System\ZDCgsKG.exe

C:\Windows\System\ZDCgsKG.exe

C:\Windows\System\XgojsXt.exe

C:\Windows\System\XgojsXt.exe

C:\Windows\System\ufexkYF.exe

C:\Windows\System\ufexkYF.exe

C:\Windows\System\JrcmyVs.exe

C:\Windows\System\JrcmyVs.exe

C:\Windows\System\QlAjKbO.exe

C:\Windows\System\QlAjKbO.exe

C:\Windows\System\KCZaCre.exe

C:\Windows\System\KCZaCre.exe

C:\Windows\System\HMhLnDD.exe

C:\Windows\System\HMhLnDD.exe

C:\Windows\System\VUrdjKg.exe

C:\Windows\System\VUrdjKg.exe

C:\Windows\System\KFmvQhA.exe

C:\Windows\System\KFmvQhA.exe

C:\Windows\System\rYloIht.exe

C:\Windows\System\rYloIht.exe

C:\Windows\System\rHjwVLe.exe

C:\Windows\System\rHjwVLe.exe

C:\Windows\System\TGWOfzr.exe

C:\Windows\System\TGWOfzr.exe

C:\Windows\System\ORrczXt.exe

C:\Windows\System\ORrczXt.exe

C:\Windows\System\ghffcCc.exe

C:\Windows\System\ghffcCc.exe

C:\Windows\System\TxTeFaT.exe

C:\Windows\System\TxTeFaT.exe

C:\Windows\System\rIoivEM.exe

C:\Windows\System\rIoivEM.exe

C:\Windows\System\eiBihuj.exe

C:\Windows\System\eiBihuj.exe

C:\Windows\System\FQkIRwm.exe

C:\Windows\System\FQkIRwm.exe

C:\Windows\System\GxezFFO.exe

C:\Windows\System\GxezFFO.exe

C:\Windows\System\cVMCelK.exe

C:\Windows\System\cVMCelK.exe

C:\Windows\System\bFGYcKB.exe

C:\Windows\System\bFGYcKB.exe

C:\Windows\System\lFtriii.exe

C:\Windows\System\lFtriii.exe

C:\Windows\System\DGbAMHj.exe

C:\Windows\System\DGbAMHj.exe

C:\Windows\System\PUcqBkO.exe

C:\Windows\System\PUcqBkO.exe

C:\Windows\System\xZLGduY.exe

C:\Windows\System\xZLGduY.exe

C:\Windows\System\BgsogyK.exe

C:\Windows\System\BgsogyK.exe

C:\Windows\System\HJDkBRm.exe

C:\Windows\System\HJDkBRm.exe

C:\Windows\System\zPLJbFm.exe

C:\Windows\System\zPLJbFm.exe

C:\Windows\System\MuKIWCS.exe

C:\Windows\System\MuKIWCS.exe

C:\Windows\System\RLUzEIP.exe

C:\Windows\System\RLUzEIP.exe

C:\Windows\System\DrzfXuY.exe

C:\Windows\System\DrzfXuY.exe

C:\Windows\System\JznRdxs.exe

C:\Windows\System\JznRdxs.exe

C:\Windows\System\XOZNOgK.exe

C:\Windows\System\XOZNOgK.exe

C:\Windows\System\AdlOcAV.exe

C:\Windows\System\AdlOcAV.exe

C:\Windows\System\ooVcWJZ.exe

C:\Windows\System\ooVcWJZ.exe

C:\Windows\System\XetQvga.exe

C:\Windows\System\XetQvga.exe

C:\Windows\System\mgRdwrY.exe

C:\Windows\System\mgRdwrY.exe

C:\Windows\System\DNkkbEW.exe

C:\Windows\System\DNkkbEW.exe

C:\Windows\System\VMwOpQd.exe

C:\Windows\System\VMwOpQd.exe

C:\Windows\System\JBwWkuT.exe

C:\Windows\System\JBwWkuT.exe

C:\Windows\System\mVmVFLk.exe

C:\Windows\System\mVmVFLk.exe

C:\Windows\System\YloktfT.exe

C:\Windows\System\YloktfT.exe

C:\Windows\System\HqrHYAs.exe

C:\Windows\System\HqrHYAs.exe

C:\Windows\System\icYZLxQ.exe

C:\Windows\System\icYZLxQ.exe

C:\Windows\System\DAgNbUx.exe

C:\Windows\System\DAgNbUx.exe

C:\Windows\System\ElrbVzY.exe

C:\Windows\System\ElrbVzY.exe

C:\Windows\System\nJyiAkg.exe

C:\Windows\System\nJyiAkg.exe

C:\Windows\System\CLziEqL.exe

C:\Windows\System\CLziEqL.exe

C:\Windows\System\jIiRRTX.exe

C:\Windows\System\jIiRRTX.exe

C:\Windows\System\cCTdIIx.exe

C:\Windows\System\cCTdIIx.exe

C:\Windows\System\SuQncZP.exe

C:\Windows\System\SuQncZP.exe

C:\Windows\System\DcGODpq.exe

C:\Windows\System\DcGODpq.exe

C:\Windows\System\DEiCekk.exe

C:\Windows\System\DEiCekk.exe

C:\Windows\System\sFgJMvA.exe

C:\Windows\System\sFgJMvA.exe

C:\Windows\System\nhvoSwv.exe

C:\Windows\System\nhvoSwv.exe

C:\Windows\System\ZuIHEGC.exe

C:\Windows\System\ZuIHEGC.exe

C:\Windows\System\JUmaKOZ.exe

C:\Windows\System\JUmaKOZ.exe

C:\Windows\System\gDyQDxl.exe

C:\Windows\System\gDyQDxl.exe

C:\Windows\System\MlzxZZo.exe

C:\Windows\System\MlzxZZo.exe

C:\Windows\System\HrEQrSI.exe

C:\Windows\System\HrEQrSI.exe

C:\Windows\System\eVBehUp.exe

C:\Windows\System\eVBehUp.exe

C:\Windows\System\YJbnsFr.exe

C:\Windows\System\YJbnsFr.exe

C:\Windows\System\HoAMURk.exe

C:\Windows\System\HoAMURk.exe

C:\Windows\System\MSMZCZZ.exe

C:\Windows\System\MSMZCZZ.exe

C:\Windows\System\ZmfIDtE.exe

C:\Windows\System\ZmfIDtE.exe

C:\Windows\System\OcfBAhw.exe

C:\Windows\System\OcfBAhw.exe

C:\Windows\System\GDebmWy.exe

C:\Windows\System\GDebmWy.exe

C:\Windows\System\PDnjEpD.exe

C:\Windows\System\PDnjEpD.exe

C:\Windows\System\ByJAEqE.exe

C:\Windows\System\ByJAEqE.exe

C:\Windows\System\vEZAvyq.exe

C:\Windows\System\vEZAvyq.exe

C:\Windows\System\NJvZckw.exe

C:\Windows\System\NJvZckw.exe

C:\Windows\System\BCPzBVX.exe

C:\Windows\System\BCPzBVX.exe

C:\Windows\System\wPyMnJe.exe

C:\Windows\System\wPyMnJe.exe

C:\Windows\System\BQxASUb.exe

C:\Windows\System\BQxASUb.exe

C:\Windows\System\BzZFAXF.exe

C:\Windows\System\BzZFAXF.exe

C:\Windows\System\WhEXKVq.exe

C:\Windows\System\WhEXKVq.exe

C:\Windows\System\mjJkKCn.exe

C:\Windows\System\mjJkKCn.exe

C:\Windows\System\nGxNlyw.exe

C:\Windows\System\nGxNlyw.exe

C:\Windows\System\eDYSKKr.exe

C:\Windows\System\eDYSKKr.exe

C:\Windows\System\UkRpCDW.exe

C:\Windows\System\UkRpCDW.exe

C:\Windows\System\wjheofL.exe

C:\Windows\System\wjheofL.exe

C:\Windows\System\kUdjHlZ.exe

C:\Windows\System\kUdjHlZ.exe

C:\Windows\System\AfbxcGT.exe

C:\Windows\System\AfbxcGT.exe

C:\Windows\System\OvSRrzW.exe

C:\Windows\System\OvSRrzW.exe

C:\Windows\System\afuChSS.exe

C:\Windows\System\afuChSS.exe

C:\Windows\System\bDfjBqG.exe

C:\Windows\System\bDfjBqG.exe

C:\Windows\System\XRFvcny.exe

C:\Windows\System\XRFvcny.exe

C:\Windows\System\WVhbZtG.exe

C:\Windows\System\WVhbZtG.exe

C:\Windows\System\dfvXSKB.exe

C:\Windows\System\dfvXSKB.exe

C:\Windows\System\psMKixi.exe

C:\Windows\System\psMKixi.exe

C:\Windows\System\TqGPJil.exe

C:\Windows\System\TqGPJil.exe

C:\Windows\System\CmmsoQG.exe

C:\Windows\System\CmmsoQG.exe

C:\Windows\System\XiBzOiP.exe

C:\Windows\System\XiBzOiP.exe

C:\Windows\System\xlqrBOc.exe

C:\Windows\System\xlqrBOc.exe

C:\Windows\System\HeXujNN.exe

C:\Windows\System\HeXujNN.exe

C:\Windows\System\ppUauKh.exe

C:\Windows\System\ppUauKh.exe

C:\Windows\System\REkjzTT.exe

C:\Windows\System\REkjzTT.exe

C:\Windows\System\GCSUTfv.exe

C:\Windows\System\GCSUTfv.exe

C:\Windows\System\ceGHtjn.exe

C:\Windows\System\ceGHtjn.exe

C:\Windows\System\VfodtWK.exe

C:\Windows\System\VfodtWK.exe

C:\Windows\System\FQzzieF.exe

C:\Windows\System\FQzzieF.exe

C:\Windows\System\eieszbd.exe

C:\Windows\System\eieszbd.exe

C:\Windows\System\wwoyUxx.exe

C:\Windows\System\wwoyUxx.exe

C:\Windows\System\hChEoEZ.exe

C:\Windows\System\hChEoEZ.exe

C:\Windows\System\scFipVq.exe

C:\Windows\System\scFipVq.exe

C:\Windows\System\qThZBlD.exe

C:\Windows\System\qThZBlD.exe

C:\Windows\System\oWAaDGT.exe

C:\Windows\System\oWAaDGT.exe

C:\Windows\System\TjQHUXK.exe

C:\Windows\System\TjQHUXK.exe

C:\Windows\System\qDhkBIf.exe

C:\Windows\System\qDhkBIf.exe

C:\Windows\System\CHaRQFl.exe

C:\Windows\System\CHaRQFl.exe

C:\Windows\System\annaJvV.exe

C:\Windows\System\annaJvV.exe

C:\Windows\System\qMLHjjZ.exe

C:\Windows\System\qMLHjjZ.exe

C:\Windows\System\TBlIXQi.exe

C:\Windows\System\TBlIXQi.exe

C:\Windows\System\mmXvSDU.exe

C:\Windows\System\mmXvSDU.exe

C:\Windows\System\VCDaRFJ.exe

C:\Windows\System\VCDaRFJ.exe

C:\Windows\System\ZfkmZun.exe

C:\Windows\System\ZfkmZun.exe

C:\Windows\System\bnfFMbD.exe

C:\Windows\System\bnfFMbD.exe

C:\Windows\System\mOwLFnT.exe

C:\Windows\System\mOwLFnT.exe

C:\Windows\System\kzLtuBq.exe

C:\Windows\System\kzLtuBq.exe

C:\Windows\System\BtjVSOo.exe

C:\Windows\System\BtjVSOo.exe

C:\Windows\System\hmjDgsj.exe

C:\Windows\System\hmjDgsj.exe

C:\Windows\System\ERbaOAT.exe

C:\Windows\System\ERbaOAT.exe

C:\Windows\System\YGhyJAL.exe

C:\Windows\System\YGhyJAL.exe

C:\Windows\System\saKUHxv.exe

C:\Windows\System\saKUHxv.exe

C:\Windows\System\nFSTEGe.exe

C:\Windows\System\nFSTEGe.exe

C:\Windows\System\UgVUqet.exe

C:\Windows\System\UgVUqet.exe

C:\Windows\System\ykwKIan.exe

C:\Windows\System\ykwKIan.exe

C:\Windows\System\jEBttgq.exe

C:\Windows\System\jEBttgq.exe

C:\Windows\System\BPchKQD.exe

C:\Windows\System\BPchKQD.exe

C:\Windows\System\ehnNgVP.exe

C:\Windows\System\ehnNgVP.exe

C:\Windows\System\eUsXOIe.exe

C:\Windows\System\eUsXOIe.exe

C:\Windows\System\kianrSM.exe

C:\Windows\System\kianrSM.exe

C:\Windows\System\AsDDwcP.exe

C:\Windows\System\AsDDwcP.exe

C:\Windows\System\AvxelRk.exe

C:\Windows\System\AvxelRk.exe

C:\Windows\System\igaAhOy.exe

C:\Windows\System\igaAhOy.exe

C:\Windows\System\lRhGyub.exe

C:\Windows\System\lRhGyub.exe

C:\Windows\System\NTVzwph.exe

C:\Windows\System\NTVzwph.exe

C:\Windows\System\MEEWnSV.exe

C:\Windows\System\MEEWnSV.exe

C:\Windows\System\RfxbjOB.exe

C:\Windows\System\RfxbjOB.exe

C:\Windows\System\RbWeKfT.exe

C:\Windows\System\RbWeKfT.exe

C:\Windows\System\nOJaAuF.exe

C:\Windows\System\nOJaAuF.exe

C:\Windows\System\ltEmkyi.exe

C:\Windows\System\ltEmkyi.exe

C:\Windows\System\MuxlcnK.exe

C:\Windows\System\MuxlcnK.exe

C:\Windows\System\vWkBtxE.exe

C:\Windows\System\vWkBtxE.exe

C:\Windows\System\lfWOMKZ.exe

C:\Windows\System\lfWOMKZ.exe

C:\Windows\System\hwUEdFZ.exe

C:\Windows\System\hwUEdFZ.exe

C:\Windows\System\AOvUyqX.exe

C:\Windows\System\AOvUyqX.exe

C:\Windows\System\cskIBaZ.exe

C:\Windows\System\cskIBaZ.exe

C:\Windows\System\CVgaFlb.exe

C:\Windows\System\CVgaFlb.exe

C:\Windows\System\TfAWRyh.exe

C:\Windows\System\TfAWRyh.exe

C:\Windows\System\yHoJCoD.exe

C:\Windows\System\yHoJCoD.exe

C:\Windows\System\emJOwRh.exe

C:\Windows\System\emJOwRh.exe

C:\Windows\System\tXwcsic.exe

C:\Windows\System\tXwcsic.exe

C:\Windows\System\hgqBTIb.exe

C:\Windows\System\hgqBTIb.exe

C:\Windows\System\hLPrRbb.exe

C:\Windows\System\hLPrRbb.exe

C:\Windows\System\INKJLHP.exe

C:\Windows\System\INKJLHP.exe

C:\Windows\System\aSqDFIw.exe

C:\Windows\System\aSqDFIw.exe

C:\Windows\System\kGUYjNE.exe

C:\Windows\System\kGUYjNE.exe

C:\Windows\System\KvfMwwl.exe

C:\Windows\System\KvfMwwl.exe

C:\Windows\System\OLItFuS.exe

C:\Windows\System\OLItFuS.exe

C:\Windows\System\BQHltax.exe

C:\Windows\System\BQHltax.exe

C:\Windows\System\VfSzSdK.exe

C:\Windows\System\VfSzSdK.exe

C:\Windows\System\lVdYeUi.exe

C:\Windows\System\lVdYeUi.exe

C:\Windows\System\JPvtEpk.exe

C:\Windows\System\JPvtEpk.exe

C:\Windows\System\kYfbgjX.exe

C:\Windows\System\kYfbgjX.exe

C:\Windows\System\UJwQQDS.exe

C:\Windows\System\UJwQQDS.exe

C:\Windows\System\bnNWIgT.exe

C:\Windows\System\bnNWIgT.exe

C:\Windows\System\eoMhPEe.exe

C:\Windows\System\eoMhPEe.exe

C:\Windows\System\YdBxPoX.exe

C:\Windows\System\YdBxPoX.exe

C:\Windows\System\iRZYwqb.exe

C:\Windows\System\iRZYwqb.exe

C:\Windows\System\myDPRiX.exe

C:\Windows\System\myDPRiX.exe

C:\Windows\System\jcEpDte.exe

C:\Windows\System\jcEpDte.exe

C:\Windows\System\lmcGrOw.exe

C:\Windows\System\lmcGrOw.exe

C:\Windows\System\oHwevQM.exe

C:\Windows\System\oHwevQM.exe

C:\Windows\System\UMMJcus.exe

C:\Windows\System\UMMJcus.exe

C:\Windows\System\nWRuVqX.exe

C:\Windows\System\nWRuVqX.exe

C:\Windows\System\RooyWfn.exe

C:\Windows\System\RooyWfn.exe

C:\Windows\System\tmRWAAE.exe

C:\Windows\System\tmRWAAE.exe

C:\Windows\System\iowegZA.exe

C:\Windows\System\iowegZA.exe

C:\Windows\System\ahqxvTX.exe

C:\Windows\System\ahqxvTX.exe

C:\Windows\System\nQaeCQi.exe

C:\Windows\System\nQaeCQi.exe

C:\Windows\System\EiwNgEY.exe

C:\Windows\System\EiwNgEY.exe

C:\Windows\System\YJcRiqi.exe

C:\Windows\System\YJcRiqi.exe

C:\Windows\System\OQvdbJu.exe

C:\Windows\System\OQvdbJu.exe

C:\Windows\System\ksHLCCT.exe

C:\Windows\System\ksHLCCT.exe

C:\Windows\System\cQqztmF.exe

C:\Windows\System\cQqztmF.exe

C:\Windows\System\IAAVUuS.exe

C:\Windows\System\IAAVUuS.exe

C:\Windows\System\sIkwbNA.exe

C:\Windows\System\sIkwbNA.exe

C:\Windows\System\xpyfzSG.exe

C:\Windows\System\xpyfzSG.exe

C:\Windows\System\CWjkFHR.exe

C:\Windows\System\CWjkFHR.exe

C:\Windows\System\RjcoOHQ.exe

C:\Windows\System\RjcoOHQ.exe

C:\Windows\System\SHTWUwH.exe

C:\Windows\System\SHTWUwH.exe

C:\Windows\System\HTdcvTx.exe

C:\Windows\System\HTdcvTx.exe

C:\Windows\System\DLGfmAa.exe

C:\Windows\System\DLGfmAa.exe

C:\Windows\System\chQxSsn.exe

C:\Windows\System\chQxSsn.exe

C:\Windows\System\QHJDbzr.exe

C:\Windows\System\QHJDbzr.exe

C:\Windows\System\gXwHrBb.exe

C:\Windows\System\gXwHrBb.exe

C:\Windows\System\AGJrsZM.exe

C:\Windows\System\AGJrsZM.exe

C:\Windows\System\OWxOYpv.exe

C:\Windows\System\OWxOYpv.exe

C:\Windows\System\LRFXbKb.exe

C:\Windows\System\LRFXbKb.exe

C:\Windows\System\dWFziqP.exe

C:\Windows\System\dWFziqP.exe

C:\Windows\System\oRMivCj.exe

C:\Windows\System\oRMivCj.exe

C:\Windows\System\aYfaYwV.exe

C:\Windows\System\aYfaYwV.exe

C:\Windows\System\nfoefaK.exe

C:\Windows\System\nfoefaK.exe

C:\Windows\System\laHyFau.exe

C:\Windows\System\laHyFau.exe

C:\Windows\System\jGDERbS.exe

C:\Windows\System\jGDERbS.exe

C:\Windows\System\xpmInUa.exe

C:\Windows\System\xpmInUa.exe

C:\Windows\System\rAFzTeG.exe

C:\Windows\System\rAFzTeG.exe

C:\Windows\System\tNHGtUF.exe

C:\Windows\System\tNHGtUF.exe

C:\Windows\System\attuiYN.exe

C:\Windows\System\attuiYN.exe

C:\Windows\System\VKJObNc.exe

C:\Windows\System\VKJObNc.exe

C:\Windows\System\NrifgaJ.exe

C:\Windows\System\NrifgaJ.exe

C:\Windows\System\nwlUICc.exe

C:\Windows\System\nwlUICc.exe

C:\Windows\System\qLaSPHx.exe

C:\Windows\System\qLaSPHx.exe

C:\Windows\System\okLDBCK.exe

C:\Windows\System\okLDBCK.exe

C:\Windows\System\rAGqesR.exe

C:\Windows\System\rAGqesR.exe

C:\Windows\System\fBtdrgO.exe

C:\Windows\System\fBtdrgO.exe

C:\Windows\System\ONmablX.exe

C:\Windows\System\ONmablX.exe

C:\Windows\System\clNRfCO.exe

C:\Windows\System\clNRfCO.exe

C:\Windows\System\CqmzGnj.exe

C:\Windows\System\CqmzGnj.exe

C:\Windows\System\PacKOCZ.exe

C:\Windows\System\PacKOCZ.exe

C:\Windows\System\iRCMLYB.exe

C:\Windows\System\iRCMLYB.exe

C:\Windows\System\gjbiyTz.exe

C:\Windows\System\gjbiyTz.exe

C:\Windows\System\kXGxXUj.exe

C:\Windows\System\kXGxXUj.exe

C:\Windows\System\NbSTVmO.exe

C:\Windows\System\NbSTVmO.exe

C:\Windows\System\JBXzMhh.exe

C:\Windows\System\JBXzMhh.exe

C:\Windows\System\zlSjAjd.exe

C:\Windows\System\zlSjAjd.exe

C:\Windows\System\FCLUZpI.exe

C:\Windows\System\FCLUZpI.exe

C:\Windows\System\dZEAxiw.exe

C:\Windows\System\dZEAxiw.exe

C:\Windows\System\ePyHpnF.exe

C:\Windows\System\ePyHpnF.exe

C:\Windows\System\woOiNGr.exe

C:\Windows\System\woOiNGr.exe

C:\Windows\System\lGhSRTA.exe

C:\Windows\System\lGhSRTA.exe

C:\Windows\System\LuxJJLa.exe

C:\Windows\System\LuxJJLa.exe

C:\Windows\System\edysKWL.exe

C:\Windows\System\edysKWL.exe

C:\Windows\System\dvdhKFb.exe

C:\Windows\System\dvdhKFb.exe

C:\Windows\System\XggmOcM.exe

C:\Windows\System\XggmOcM.exe

C:\Windows\System\GhSEnrK.exe

C:\Windows\System\GhSEnrK.exe

C:\Windows\System\ByjzEsJ.exe

C:\Windows\System\ByjzEsJ.exe

C:\Windows\System\hoxADhG.exe

C:\Windows\System\hoxADhG.exe

C:\Windows\System\BUmHWMF.exe

C:\Windows\System\BUmHWMF.exe

C:\Windows\System\refHZSO.exe

C:\Windows\System\refHZSO.exe

C:\Windows\System\JQlboow.exe

C:\Windows\System\JQlboow.exe

C:\Windows\System\jFCsbiv.exe

C:\Windows\System\jFCsbiv.exe

C:\Windows\System\fpMTHxt.exe

C:\Windows\System\fpMTHxt.exe

C:\Windows\System\xVIdHpF.exe

C:\Windows\System\xVIdHpF.exe

C:\Windows\System\dJMGoVM.exe

C:\Windows\System\dJMGoVM.exe

C:\Windows\System\UUhAXss.exe

C:\Windows\System\UUhAXss.exe

C:\Windows\System\HRWanbX.exe

C:\Windows\System\HRWanbX.exe

C:\Windows\System\iUcoeqx.exe

C:\Windows\System\iUcoeqx.exe

C:\Windows\System\mQzkaWL.exe

C:\Windows\System\mQzkaWL.exe

C:\Windows\System\RauGujp.exe

C:\Windows\System\RauGujp.exe

C:\Windows\System\nMKzNNu.exe

C:\Windows\System\nMKzNNu.exe

C:\Windows\System\oGAwEcL.exe

C:\Windows\System\oGAwEcL.exe

C:\Windows\System\YbsIdgQ.exe

C:\Windows\System\YbsIdgQ.exe

C:\Windows\System\TdoSRtn.exe

C:\Windows\System\TdoSRtn.exe

C:\Windows\System\recSqsc.exe

C:\Windows\System\recSqsc.exe

C:\Windows\System\sOuUeoN.exe

C:\Windows\System\sOuUeoN.exe

C:\Windows\System\GBmzfdV.exe

C:\Windows\System\GBmzfdV.exe

C:\Windows\System\XjPEsSw.exe

C:\Windows\System\XjPEsSw.exe

C:\Windows\System\bPYOsGI.exe

C:\Windows\System\bPYOsGI.exe

C:\Windows\System\lqDFmQq.exe

C:\Windows\System\lqDFmQq.exe

C:\Windows\System\qXxgURC.exe

C:\Windows\System\qXxgURC.exe

C:\Windows\System\KmEfgEC.exe

C:\Windows\System\KmEfgEC.exe

C:\Windows\System\COUqytT.exe

C:\Windows\System\COUqytT.exe

C:\Windows\System\IkVGlEH.exe

C:\Windows\System\IkVGlEH.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1892-0-0x00007FF6A3E00000-0x00007FF6A4154000-memory.dmp

memory/1892-1-0x000002009A770000-0x000002009A780000-memory.dmp

C:\Windows\System\jgWXoLH.exe

MD5 f6eb78e5b375a1a45ce5efe3453dc368
SHA1 233c828a4b542dbc835f680af7c3bfc5d6caff6f
SHA256 588d5aeba271f7b69151ccb20d7f86595c8bea57c82713a66b25a8c3af35ddce
SHA512 3760813aeea3da0dfb6f70cdd7cb2d37e4fd2c7f738d691579d52c339eaea99308aa01954745d58d7b81b3368862edaeee632c8fea23983715d09c4fb772a8f9

memory/2268-8-0x00007FF747440000-0x00007FF747794000-memory.dmp

C:\Windows\System\YKWMQvA.exe

MD5 c00c2e0d65fcde83976b666adf27f8a3
SHA1 c01e756852f3291fe803ff94d72ad5b95a0cadbb
SHA256 38de1c55f66888dcb0b245aee8361f69dd6122bf6387c1f4f2661c4ee398ee19
SHA512 b1d4bfd1678731658be4e772ac36efc5280ee736cbce878fbebd9c2f5abfd3278d5b9caf85746655f67ea22914759f0b77567ff3d5ccb0adad7cb509bb157f34

C:\Windows\System\KuyZXap.exe

MD5 358674122a08705c320e4e9f80617a83
SHA1 d58a2903cafb78837f6dd6141db6a789fbb42dc0
SHA256 a0a47fd0c948ee82f964a4799e4c1fd93b590ec0b40a45fed844ae3e43a9582b
SHA512 a6566f0092ff79ccd23763e7bb6f44101d4f08c68ab9184853e1aeaa4c56ee6455bbeef36be861cf8d86bb0fcc8034617098a322b2eed02ff098a792b14865d7

C:\Windows\System\qFmlxoz.exe

MD5 de143fc224e8b617a2a235090386d9e4
SHA1 45772ae8da84b9d0ff474b1a6fc75078734040cf
SHA256 c65159673c75c10ebfbd524984e4a3d34b2312ff378fba40b8b9bcc61364001a
SHA512 06bf85272492b415a804b117bb268ea3f57c5b4fa8ed4233b56ea2d0f17e9b41680965eec37c45e20220b85a5cc461758a4cf4a60c950c91ecca87340894be5f

C:\Windows\System\zuiHdFi.exe

MD5 d2063c9c57900f07282b2e124a4be917
SHA1 a7f295c8ae9110a2dc42f60ee3adce3f78a89ca2
SHA256 84211ae01eefc10ba246550415e1ac9bd8d59b48defcf6f6fcda0d293197780d
SHA512 252cac9000c66027f2f5cb5f43fbb5e60798ad976c63a197056bc890e73599e556d8905f20baba4d673d27382841da5edb2f61d8dd2cfe4ef6b2443c6871223f

C:\Windows\System\HRhWaOe.exe

MD5 d1af7d6a129cfb92b987c371cc3bbc02
SHA1 6f3aebd63245ab2e2570f5259d99441b4f9b9aaa
SHA256 7441e32fc365f2082efa7268adffef67e254799c77e1cf0e42aa5b15d5e8e050
SHA512 b921d573c75c42fca66af217fb514a84d2576d822805929b6648551bd356ad1e3a2ecad5d1224709e7ebfbdf309a792cad0ea489df100ca2d7e0de3a47ea87e0

memory/1232-119-0x00007FF78A850000-0x00007FF78ABA4000-memory.dmp

C:\Windows\System\LefqUbw.exe

MD5 5f572e2de1fc4bcafcb92555ae7a4c9f
SHA1 2ffc408edcb3c559f01478d2335f2378e3ae1c9b
SHA256 ce90067e646e4209d3e41534f2795e94971d4148131c63922bec45caacf440d3
SHA512 85d0c564967da4a523d66415ef716ee4fcf1943379726bdb329e6a09c965852b2a884c50142e5fabc2efe6b8377e639ba6d419598b3bcfa027ec40bfb86928a6

C:\Windows\System\jQevSZq.exe

MD5 252aa7896843f16003eefb739292f0df
SHA1 45fe34f4ce39de476dde9904c2aba1c2cb9bef07
SHA256 4958063fc099c5e6704c1e16f4c7afcbe1dd78a2a7358fe0e165c95a0c0d68df
SHA512 bac035fd730234fe5f2f8d1cc6457a162d4e64ff7cd1d0c58497e71593dda150694b7101fa9fb8280ff3fe7a745bc70841e4351888f22a149029b430b4e70281

C:\Windows\System\qzLgkRY.exe

MD5 0552bc1e5e0aab20272398643080c3ab
SHA1 0189607b45601ccf39ec32474231f535909c7282
SHA256 00db9589660af6e4a6876e0b9d012bfe66f83c6efd79aad2fc60ba690445e6f6
SHA512 4afa84571ccb787b762bb66404c60a3032f968c5976b822be322214c4f4dabee13a534b08db9a91e6683d807197160d2d4e4f9d32b65f8431af2d8a2f15525fe

memory/1628-185-0x00007FF6018C0000-0x00007FF601C14000-memory.dmp

memory/2148-192-0x00007FF6A6BF0000-0x00007FF6A6F44000-memory.dmp

memory/728-194-0x00007FF6EEAC0000-0x00007FF6EEE14000-memory.dmp

memory/1704-193-0x00007FF61C2D0000-0x00007FF61C624000-memory.dmp

memory/644-191-0x00007FF6812A0000-0x00007FF6815F4000-memory.dmp

memory/560-190-0x00007FF6A47D0000-0x00007FF6A4B24000-memory.dmp

memory/3220-189-0x00007FF668560000-0x00007FF6688B4000-memory.dmp

memory/1564-188-0x00007FF7A8100000-0x00007FF7A8454000-memory.dmp

memory/2720-187-0x00007FF7DB420000-0x00007FF7DB774000-memory.dmp

C:\Windows\System\tOaaCWj.exe

MD5 920f1f3054f18f5fc977632b07cba5a0
SHA1 ae5523aaeb002512a565490ecf5e050823b49066
SHA256 f6917d59a1ed5b87b29727c75088dcff5012e210e2f546558406ca7a5338d75c
SHA512 4a9f459dfcb51a1f3d15d5710e18d1d8655b325052acdb3b3a4884a3d694c7b2652a80ee4c869a0efcefa46f55fc849e633aa7bdcb70bc5fba25e2ffc5d9fa19

C:\Windows\System\ghxnnoK.exe

MD5 063e3dab30ea8359a3b47aa002f2a456
SHA1 113f4d0472051ecf50cd7dc8007461d127805d1a
SHA256 9487e627851725f8bb1c86efd890940198363f69b6d03fbaec9e36c3ac9effaa
SHA512 8f4895a6382f02b3b0826f28701e051a514f7195545a0f38a893cdde0788d698b28f34be60f6d29206586e2738527ea3eb88c7afe39215407fa9a0451c07e1a4

memory/3016-179-0x00007FF658240000-0x00007FF658594000-memory.dmp

memory/2296-178-0x00007FF62FAE0000-0x00007FF62FE34000-memory.dmp

C:\Windows\System\FuPuhiU.exe

MD5 c87d078df17edb03c7b25ab6ac15cecf
SHA1 eb90f404e62ef40050320e3ec156bed57db4c995
SHA256 e5f59615abfc2154179d6a9d42991fee3f6a0a09731d423cff54e63911e6ee9a
SHA512 7c716624793b1c4798a3e78afd450f50e4a1fd27d02f3ff1dafed3bf64d0b1929f50db83326c48e34db3a61813008c85f316885bab323ba612682c98f61be1ab

C:\Windows\System\ilcCQvn.exe

MD5 dc77ce6df6f961f1712fe6b7b0be7fc7
SHA1 1c32c9300bb1313e552612f989dc140c4d5dfd77
SHA256 42376b8b5cfcbf3a2e702a23eceb6ac1734446512477ab5117e382f9fa5f3b52
SHA512 b9190bd42eabdc0cdf09b028e02559bfe1b1820f40bfe95c7cfd23774be9f1ee0ce734f453e7987089c2c1c5a0a32c1607065179ab4d7fc8a0c0239f0da0fa9a

C:\Windows\System\IMjVEbw.exe

MD5 8aef55750746d389c6779aa505badf04
SHA1 b1c272b3f98e998f56f87089064a7ebfe270a93c
SHA256 b9711e786aa194a36d78a82ed2c1d50fdfab0eed24707502f6d1f9c674a15ffa
SHA512 b422a3886801d37922a0a5d5f251eea55b355f4c6e783f576726d83bbd21f3918ad531f1a99380e597ef500ff81f691da647e013c292fc6d37c7e0564eb2bb7f

C:\Windows\System\NxyZEDM.exe

MD5 a506eb677aba18699c489eab575d8b59
SHA1 ce780d6624c159f96e448d6dae7bc07925c8d1da
SHA256 03ec1861d0e25bd87fdb0e9175608f8ed751a9c6d6de2eccc033a250fcfb5def
SHA512 d8aa073d88ebe7f8d9e95f00b73b8f5742bf708cf2ac085a2a4713cc53269b050c8bdd80004e28da2996e940d79fb72651c754d27a2487406293d440c7c84c6a

memory/2988-166-0x00007FF7887C0000-0x00007FF788B14000-memory.dmp

C:\Windows\System\pTustSk.exe

MD5 19c3939a822c11f1d614aab843d70e8f
SHA1 ffdfe1928ae22d40eef241d522a05a75af32e48e
SHA256 20b00e316db49b956ee6356850523dafa013286580a9383d105151fa4f8c9d50
SHA512 f0142a9e33d9ce331dff08659b754e2cf5180b8ccf83fe0ec9a3a95368b46c46ccc1132fc98f23a5c63f494f98cc530eaab0961c3c86dccddf1aa140f55c22a9

memory/1668-154-0x00007FF60B920000-0x00007FF60BC74000-memory.dmp

C:\Windows\System\fdjDsvZ.exe

MD5 d989cfd58f8960074e0a7a0ef6d124b5
SHA1 66c70ef38ec48070c827a34f8da1f1441db91817
SHA256 f32e77bf2f899f3430bd1f48c63a473b162bc2e6294601ffe47cc588332c082d
SHA512 3b163251fe208fdc89158f2c545d031c81e1d5f0e15a4b907afe6cf6af17b505be1714fa63b7873600036356566aec2bf6c2b63386721baaa001b5e32bbcb45d

memory/3856-149-0x00007FF791010000-0x00007FF791364000-memory.dmp

memory/4732-135-0x00007FF6BE840000-0x00007FF6BEB94000-memory.dmp

C:\Windows\System\XVDTMpf.exe

MD5 6d02e4808a99f99b659553de446d78e9
SHA1 c36fbd5350c853a05b0526532ce3c47a290493e3
SHA256 2851364b3f9e579e597e6f3a4eea48d98685f0fc1a0065fdd4357ee3cdf4b55e
SHA512 d106d4e9b0c593a3b0c983446660302fd740d9ffb27a4fdfef5e136131f48c792d56b42e9385d3de6f0052dd257f47c4873f5ab8779a87d6e4edc084c340e03b

C:\Windows\System\rFeUFwT.exe

MD5 75e730673802e4f107feec534a4d6c2c
SHA1 6b5836cbe32066548e79ef9510ff06f72ebbc8fe
SHA256 f6a5d04fc53f467e7585a549f5e2cc037219cc97215c1ff46824d24874798271
SHA512 62c83c7bd8aaf7b27c9d73d2a46079673ce0bf50b8ee970a1baefc848810fffee075420b3b1088b3c3511f5c71348ee686e3384584fc29418bf09e3c87a7c00b

C:\Windows\System\FVsXeNQ.exe

MD5 621333691dd3aa1c94fe5aea4b6e1f0d
SHA1 3ee4a4e2de1f96eaec3424ff20fd62d0cdd8e57f
SHA256 a31dcb476ce7a2e51d7110b6506dacb3698b6b9b3c63f4412a1ce19412dedd0a
SHA512 8d4759610fc4495e4b52dcf5d5c698c556d4c06a4b9ca2a106a08cd616058358f222f61c4843db6fee61db42242dfa0efc2f12bc9b3e77cb74166ca5148104d2

C:\Windows\System\sHDIprR.exe

MD5 fc4b9ef94caf417b736ea22332d7e77f
SHA1 6ad738227237e7005b7b84aa91b50b6bed9d84d1
SHA256 1920455424c1ba4bfe7a94bf3c5653b653d84ed02e6ac03e86670c36d3d719ea
SHA512 acc51c5b3989eeaaedc2be0f1a3362390a7edd1c3eae0e3de47006039601c6b3835a25b320f78b54f6f7c4c4f406d73d8df8c50b4b2480a856a05e98bb89ef9f

C:\Windows\System\FkAWQpP.exe

MD5 15167613e910b4f69021b4e067ace150
SHA1 be73d5c1738b9e7b35cf70eee77a9664c8f3e1bd
SHA256 b471a16e6486f3a4ad158f05e2364c057cf62e70cf0917b2fadeb9ba211def79
SHA512 1634cf8ad148603fa0045eba405a9627040d4b38b2b58445ef8e759a361f7a587553fc9e5c727a8a2983c79333dba8575a21522cbc72ff6776380000003ac490

memory/1804-120-0x00007FF67AD30000-0x00007FF67B084000-memory.dmp

memory/700-117-0x00007FF688380000-0x00007FF6886D4000-memory.dmp

C:\Windows\System\PBotQLF.exe

MD5 2ea780d9827c8a43f00b3e802477cd97
SHA1 450adea448fabaae3a81b9d1234a35a0f14a6cb8
SHA256 e22fff29474af9124be8c8b8e4c51b480a5a700624ee04ece7d1b5e0b070bf58
SHA512 b891e3dcd88357d8b9816e02ef10d3966d6905511e9edfabb242f014eec278ee3a898494151318b7f4a756f406f78ea9266b021aebfd7b350345242e2b23ab19

C:\Windows\System\qTlxXnz.exe

MD5 92c9124565857a1a667be66f9976b7c0
SHA1 b96612ae478947eb25fe827dd38b4a18ba071aae
SHA256 9c976fed07a7ef6cebf743b765d40a56ad5a8ac514b55d6f47da7d357b725cbd
SHA512 d45b28e54b219ee09f4e9564c0551cf91991e227ea75cc1c9de35be5745dce9417428b6986acdfe33eb0c46a4da5a3e2d1bb6a47744ae82b5421a6ee6ea3d6bd

C:\Windows\System\bPneaut.exe

MD5 e8a99157e1e637d2316caf280b4c8400
SHA1 3477b03f88ecdd33930a00db057801eef707b112
SHA256 12e17298c0b4d0ee15222f5d57193e6bee0299904cd0a9426e665d26961ff5ff
SHA512 16bcdee57735906ff446554c135c187ac44d4ac08690cb3195465f81267c0cfb4bdeae7f8ceda19c3c51455542d021bc843374366bd02418ae49e034c2621453

memory/4880-101-0x00007FF7E9F10000-0x00007FF7EA264000-memory.dmp

C:\Windows\System\AqaSKjf.exe

MD5 e262890c6732971bb08d2946c74d11a6
SHA1 4f8a103560f703de1c9dd4e4b5bf24858edf37f3
SHA256 d9eefb237d49a125055b3bdbd979be3799a2743ba3b7be4b11935cdf0ca715a1
SHA512 8dc051a13eb0e515e2051d2c0673b2cf1fcebb5731d2af479aa8f361831d4dc74a0526cbe1e0cc6800df8a90cdb855238304691caeb789c5982387bdf0edfd05

C:\Windows\System\YrOrRKC.exe

MD5 a07b18231d8fbfe5a0b81423a1b00342
SHA1 c3a902d6c05075db6cd4231f3b085adb20c55680
SHA256 b419aeb146646351e2603bfc748ff1d18e1cd811c568b90c490b80557cf581f4
SHA512 fba81f8c10ff15de9dd2a707de2f79bcd532e66135bd768e41919c5c20abb7a73e77ea4949ef76059eca385068433a51bd9d5aee5187b2d4464092c03a1e1de9

memory/1060-78-0x00007FF614420000-0x00007FF614774000-memory.dmp

memory/1928-77-0x00007FF797270000-0x00007FF7975C4000-memory.dmp

C:\Windows\System\eljOceC.exe

MD5 1da0b6ff75fbacccdff601b2edf15ed3
SHA1 de50c47edd3de315c7f17a574bc9831b567e09a2
SHA256 5ab68df54e934fbb4ffc8ac6ed58c4f83280ae2fdd9b3d6fcf84fd110401477a
SHA512 45e4f7313d11ee37a4068d222487ca156911edb8b220b99bcbf85f9d38f3206b8643ce83322848e06892e928058983343f7cb81f687a877a4e34493da75ae8c6

C:\Windows\System\HbQdfNp.exe

MD5 7715d963f7b069299bb4b6b5eac0a6fa
SHA1 1f8bae6de7fc5e84da24f64fd2e4f21d8c6aabf0
SHA256 5f4b55a2c374a91d5d9b3fc4173453543df9816839000e52ab7888b505715bf5
SHA512 a240e8e6d9863672fd391d2a24ee5ba60150b7fc90f57b6ec92eacc853da0b5458b3a32fc4aed9b26153cb6a2c6b8bd734c2d2e3b88c70ff01ab54ad18f1c23c

C:\Windows\System\cYwtjmv.exe

MD5 f7ec9067058078008cafe9269b63ad2d
SHA1 1bd0418023c693697fa431d3e19fdc88bc241a82
SHA256 94b09c262975c5e6c01e3051ab2f46d685688ee9ee170c65bf094ce2f0312c7d
SHA512 2d6fdc1931877dbbeeaed075d31eb00c49f2328ac69caf68427e7566c4b9a7a4ecfcf40d5339a8e69d713da0b43a2f471c60ca396078fe36b48ceb9915263e97

memory/1080-62-0x00007FF72DD80000-0x00007FF72E0D4000-memory.dmp

memory/4864-53-0x00007FF715430000-0x00007FF715784000-memory.dmp

memory/2524-50-0x00007FF6454A0000-0x00007FF6457F4000-memory.dmp

C:\Windows\System\bYLFMsU.exe

MD5 0ddb9cebb08405bc325f7ed4f0667db9
SHA1 41b960afa9e86dcd3d2cf85688c47f4dff5c248d
SHA256 4d0e601371ad2b70cc475ef75a92ac693e6325f3fb0ac665d4c3cc02fd2a0e4c
SHA512 d7f9c5d7be1b815fb61008d7d019370f936a891b67abb6aff1214a9bcb091fe0b46efb20c4b2a2716b4ca2b0151c90cd9bab93191749817b1f6cf1d42e3827d3

C:\Windows\System\IavnROJ.exe

MD5 8acb6845dfd46758c79851c9ac1f41ff
SHA1 a4f0b7e4aed37f941d72183a6dbc46020a5b4e41
SHA256 866513c06a4ae4db3cb8e04391ac4ba77688f14b2bef5159b9da729fec0eecf8
SHA512 cf5a71bf3d9b5121ebb7db7f54f82049936256be0d83af9b6f71ba3cc3aa12459c49e76e24fd858e2e590bf2c9d3d210573b942d79921357584ba87a7fac4c8d

memory/2484-33-0x00007FF716E40000-0x00007FF717194000-memory.dmp

memory/548-30-0x00007FF792EA0000-0x00007FF7931F4000-memory.dmp

memory/2200-22-0x00007FF738B60000-0x00007FF738EB4000-memory.dmp

C:\Windows\System\UohvilR.exe

MD5 a2efec635212a03ed6fe12f79fd92647
SHA1 6374c32e9d18d3540b82c0539dad94e7a2ccd110
SHA256 31aa0fb8234940ddd98728f20282746f71e8492d5133834c52a45e426a7dda4a
SHA512 56c68dc0e4d3f9743c0a48835e66fd7b06fed2580b633b702727f3ee65636ff23b4b1031ef8d5b178d44f1845d2880606617302842009cf23ac0b40ed96ed77a

memory/3224-17-0x00007FF74F480000-0x00007FF74F7D4000-memory.dmp

memory/1892-1070-0x00007FF6A3E00000-0x00007FF6A4154000-memory.dmp

memory/2268-1071-0x00007FF747440000-0x00007FF747794000-memory.dmp

memory/3224-1072-0x00007FF74F480000-0x00007FF74F7D4000-memory.dmp

memory/2200-1073-0x00007FF738B60000-0x00007FF738EB4000-memory.dmp

memory/548-1074-0x00007FF792EA0000-0x00007FF7931F4000-memory.dmp

memory/2524-1075-0x00007FF6454A0000-0x00007FF6457F4000-memory.dmp

memory/2484-1076-0x00007FF716E40000-0x00007FF717194000-memory.dmp

memory/1060-1078-0x00007FF614420000-0x00007FF614774000-memory.dmp

memory/1928-1077-0x00007FF797270000-0x00007FF7975C4000-memory.dmp

memory/1232-1079-0x00007FF78A850000-0x00007FF78ABA4000-memory.dmp

memory/1080-1080-0x00007FF72DD80000-0x00007FF72E0D4000-memory.dmp

memory/1804-1082-0x00007FF67AD30000-0x00007FF67B084000-memory.dmp

memory/4880-1081-0x00007FF7E9F10000-0x00007FF7EA264000-memory.dmp

memory/2296-1083-0x00007FF62FAE0000-0x00007FF62FE34000-memory.dmp

memory/2268-1084-0x00007FF747440000-0x00007FF747794000-memory.dmp

memory/3224-1085-0x00007FF74F480000-0x00007FF74F7D4000-memory.dmp

memory/2200-1086-0x00007FF738B60000-0x00007FF738EB4000-memory.dmp

memory/2484-1087-0x00007FF716E40000-0x00007FF717194000-memory.dmp

memory/548-1088-0x00007FF792EA0000-0x00007FF7931F4000-memory.dmp

memory/4864-1089-0x00007FF715430000-0x00007FF715784000-memory.dmp

memory/2524-1090-0x00007FF6454A0000-0x00007FF6457F4000-memory.dmp

memory/3220-1092-0x00007FF668560000-0x00007FF6688B4000-memory.dmp

memory/1564-1091-0x00007FF7A8100000-0x00007FF7A8454000-memory.dmp

memory/2720-1093-0x00007FF7DB420000-0x00007FF7DB774000-memory.dmp

memory/560-1095-0x00007FF6A47D0000-0x00007FF6A4B24000-memory.dmp

memory/700-1094-0x00007FF688380000-0x00007FF6886D4000-memory.dmp

memory/1060-1097-0x00007FF614420000-0x00007FF614774000-memory.dmp

memory/1080-1098-0x00007FF72DD80000-0x00007FF72E0D4000-memory.dmp

memory/4732-1103-0x00007FF6BE840000-0x00007FF6BEB94000-memory.dmp

memory/1668-1104-0x00007FF60B920000-0x00007FF60BC74000-memory.dmp

memory/2988-1106-0x00007FF7887C0000-0x00007FF788B14000-memory.dmp

memory/3856-1105-0x00007FF791010000-0x00007FF791364000-memory.dmp

memory/1232-1102-0x00007FF78A850000-0x00007FF78ABA4000-memory.dmp

memory/644-1101-0x00007FF6812A0000-0x00007FF6815F4000-memory.dmp

memory/1804-1100-0x00007FF67AD30000-0x00007FF67B084000-memory.dmp

memory/4880-1099-0x00007FF7E9F10000-0x00007FF7EA264000-memory.dmp

memory/1928-1096-0x00007FF797270000-0x00007FF7975C4000-memory.dmp

memory/1704-1107-0x00007FF61C2D0000-0x00007FF61C624000-memory.dmp

memory/2148-1108-0x00007FF6A6BF0000-0x00007FF6A6F44000-memory.dmp

memory/2296-1110-0x00007FF62FAE0000-0x00007FF62FE34000-memory.dmp

memory/3016-1109-0x00007FF658240000-0x00007FF658594000-memory.dmp

memory/728-1111-0x00007FF6EEAC0000-0x00007FF6EEE14000-memory.dmp

memory/1628-1112-0x00007FF6018C0000-0x00007FF601C14000-memory.dmp