Malware Analysis Report

2024-10-10 08:39

Sample ID 240603-brhhnafe63
Target 956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe
SHA256 c83b7c327842dd87c7915a67eecb74d034440de9bd077b9844b0b692cf7f3352
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c83b7c327842dd87c7915a67eecb74d034440de9bd077b9844b0b692cf7f3352

Threat Level: Known bad

The file 956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Kpot family

xmrig

KPOT Core Executable

XMRig Miner payload

KPOT

Xmrig family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 01:22

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 01:22

Reported

2024-06-03 01:25

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lmsHbzf.exe N/A
N/A N/A C:\Windows\System\rJQRhKL.exe N/A
N/A N/A C:\Windows\System\hVUeVdD.exe N/A
N/A N/A C:\Windows\System\wSHzkZq.exe N/A
N/A N/A C:\Windows\System\KyKtqLn.exe N/A
N/A N/A C:\Windows\System\stcTYuP.exe N/A
N/A N/A C:\Windows\System\NMLAIIB.exe N/A
N/A N/A C:\Windows\System\SAlwiJK.exe N/A
N/A N/A C:\Windows\System\tMHbhut.exe N/A
N/A N/A C:\Windows\System\keaAoQe.exe N/A
N/A N/A C:\Windows\System\uKJWvnx.exe N/A
N/A N/A C:\Windows\System\xWJERGs.exe N/A
N/A N/A C:\Windows\System\LCrRKeJ.exe N/A
N/A N/A C:\Windows\System\TJiPjUN.exe N/A
N/A N/A C:\Windows\System\PGSQAcY.exe N/A
N/A N/A C:\Windows\System\slTKmvS.exe N/A
N/A N/A C:\Windows\System\QgUXTkM.exe N/A
N/A N/A C:\Windows\System\IoRyUwe.exe N/A
N/A N/A C:\Windows\System\divSvKJ.exe N/A
N/A N/A C:\Windows\System\eAnMwfh.exe N/A
N/A N/A C:\Windows\System\QltxDPV.exe N/A
N/A N/A C:\Windows\System\RBlwRBM.exe N/A
N/A N/A C:\Windows\System\diKRzFO.exe N/A
N/A N/A C:\Windows\System\NgOhHfJ.exe N/A
N/A N/A C:\Windows\System\umbPokt.exe N/A
N/A N/A C:\Windows\System\RJBMERM.exe N/A
N/A N/A C:\Windows\System\IAbLAhM.exe N/A
N/A N/A C:\Windows\System\ogJKoWE.exe N/A
N/A N/A C:\Windows\System\BTHHmUq.exe N/A
N/A N/A C:\Windows\System\dthWgyO.exe N/A
N/A N/A C:\Windows\System\vLRZJQE.exe N/A
N/A N/A C:\Windows\System\OIKMfOl.exe N/A
N/A N/A C:\Windows\System\WoGCCeH.exe N/A
N/A N/A C:\Windows\System\fTTaYcZ.exe N/A
N/A N/A C:\Windows\System\uNTbLXz.exe N/A
N/A N/A C:\Windows\System\uzrUqBA.exe N/A
N/A N/A C:\Windows\System\qXudtDc.exe N/A
N/A N/A C:\Windows\System\UbfUvDZ.exe N/A
N/A N/A C:\Windows\System\ZQSBysk.exe N/A
N/A N/A C:\Windows\System\mAvmLws.exe N/A
N/A N/A C:\Windows\System\HnVWJXg.exe N/A
N/A N/A C:\Windows\System\COTKtHC.exe N/A
N/A N/A C:\Windows\System\znmlwAX.exe N/A
N/A N/A C:\Windows\System\GLwVTuL.exe N/A
N/A N/A C:\Windows\System\TjKFBUM.exe N/A
N/A N/A C:\Windows\System\lYboRvW.exe N/A
N/A N/A C:\Windows\System\elTGewT.exe N/A
N/A N/A C:\Windows\System\abZKDCT.exe N/A
N/A N/A C:\Windows\System\mjANBVW.exe N/A
N/A N/A C:\Windows\System\uMyCRee.exe N/A
N/A N/A C:\Windows\System\GpROPsd.exe N/A
N/A N/A C:\Windows\System\HLhVPFp.exe N/A
N/A N/A C:\Windows\System\pcBDhOi.exe N/A
N/A N/A C:\Windows\System\hMVhSAn.exe N/A
N/A N/A C:\Windows\System\ZYalwbO.exe N/A
N/A N/A C:\Windows\System\FDSMhpJ.exe N/A
N/A N/A C:\Windows\System\VBLXNNO.exe N/A
N/A N/A C:\Windows\System\KFpbuZH.exe N/A
N/A N/A C:\Windows\System\NJSzrQt.exe N/A
N/A N/A C:\Windows\System\gQjteGC.exe N/A
N/A N/A C:\Windows\System\lyoJyZE.exe N/A
N/A N/A C:\Windows\System\yBGmbzg.exe N/A
N/A N/A C:\Windows\System\LLomrap.exe N/A
N/A N/A C:\Windows\System\gzbljAy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MChZBar.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsIHhjU.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpktprP.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BrIxCFh.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mCBxhOO.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubKBhzP.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhbfMZu.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLwVTuL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyiPszc.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rDRBfPV.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mnHjEHX.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkLbQEM.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aTuXtGw.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXRMdPJ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\juHsklW.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CaYHslA.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\elTGewT.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mjANBVW.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMyCRee.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FMehlof.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjfjiFL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uraWmjI.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xVFUUFD.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYVtfVL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qImkwsY.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZGdAWF.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmIvwRY.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkoVohK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIKMfOl.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\guUhPnC.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mdAzmkK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\akteebK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKpgeli.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICZSrpr.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqIwlhD.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVUeVdD.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgOhHfJ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBGmbzg.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptNBjPy.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mifFSKl.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RAAgReY.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTTaYcZ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXudtDc.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzbljAy.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBjmdWW.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\irdmqwY.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPEgLwL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifHxxOy.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqhtBEi.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRMjeye.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMFFUiK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFJmcti.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwTmXFN.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cuqGVwj.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAlwiJK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNTbLXz.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JjjLExe.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHOJRpE.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWjawtG.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FTKrXdV.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkxfaNM.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fItSIlz.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNcdUmt.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRBxVdG.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4964 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\lmsHbzf.exe
PID 4964 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\lmsHbzf.exe
PID 4964 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\rJQRhKL.exe
PID 4964 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\rJQRhKL.exe
PID 4964 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\hVUeVdD.exe
PID 4964 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\hVUeVdD.exe
PID 4964 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\wSHzkZq.exe
PID 4964 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\wSHzkZq.exe
PID 4964 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\KyKtqLn.exe
PID 4964 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\KyKtqLn.exe
PID 4964 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\stcTYuP.exe
PID 4964 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\stcTYuP.exe
PID 4964 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NMLAIIB.exe
PID 4964 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NMLAIIB.exe
PID 4964 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\SAlwiJK.exe
PID 4964 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\SAlwiJK.exe
PID 4964 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\tMHbhut.exe
PID 4964 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\tMHbhut.exe
PID 4964 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\keaAoQe.exe
PID 4964 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\keaAoQe.exe
PID 4964 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\uKJWvnx.exe
PID 4964 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\uKJWvnx.exe
PID 4964 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\xWJERGs.exe
PID 4964 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\xWJERGs.exe
PID 4964 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\LCrRKeJ.exe
PID 4964 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\LCrRKeJ.exe
PID 4964 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\TJiPjUN.exe
PID 4964 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\TJiPjUN.exe
PID 4964 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\PGSQAcY.exe
PID 4964 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\PGSQAcY.exe
PID 4964 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\slTKmvS.exe
PID 4964 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\slTKmvS.exe
PID 4964 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\QgUXTkM.exe
PID 4964 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\QgUXTkM.exe
PID 4964 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IoRyUwe.exe
PID 4964 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IoRyUwe.exe
PID 4964 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\divSvKJ.exe
PID 4964 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\divSvKJ.exe
PID 4964 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\eAnMwfh.exe
PID 4964 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\eAnMwfh.exe
PID 4964 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\QltxDPV.exe
PID 4964 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\QltxDPV.exe
PID 4964 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\RBlwRBM.exe
PID 4964 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\RBlwRBM.exe
PID 4964 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\diKRzFO.exe
PID 4964 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\diKRzFO.exe
PID 4964 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NgOhHfJ.exe
PID 4964 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NgOhHfJ.exe
PID 4964 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\umbPokt.exe
PID 4964 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\umbPokt.exe
PID 4964 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\RJBMERM.exe
PID 4964 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\RJBMERM.exe
PID 4964 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IAbLAhM.exe
PID 4964 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IAbLAhM.exe
PID 4964 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\ogJKoWE.exe
PID 4964 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\ogJKoWE.exe
PID 4964 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\BTHHmUq.exe
PID 4964 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\BTHHmUq.exe
PID 4964 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\dthWgyO.exe
PID 4964 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\dthWgyO.exe
PID 4964 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vLRZJQE.exe
PID 4964 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vLRZJQE.exe
PID 4964 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\OIKMfOl.exe
PID 4964 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\OIKMfOl.exe

Processes

C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe"

C:\Windows\System\lmsHbzf.exe

C:\Windows\System\lmsHbzf.exe

C:\Windows\System\rJQRhKL.exe

C:\Windows\System\rJQRhKL.exe

C:\Windows\System\hVUeVdD.exe

C:\Windows\System\hVUeVdD.exe

C:\Windows\System\wSHzkZq.exe

C:\Windows\System\wSHzkZq.exe

C:\Windows\System\KyKtqLn.exe

C:\Windows\System\KyKtqLn.exe

C:\Windows\System\stcTYuP.exe

C:\Windows\System\stcTYuP.exe

C:\Windows\System\NMLAIIB.exe

C:\Windows\System\NMLAIIB.exe

C:\Windows\System\SAlwiJK.exe

C:\Windows\System\SAlwiJK.exe

C:\Windows\System\tMHbhut.exe

C:\Windows\System\tMHbhut.exe

C:\Windows\System\keaAoQe.exe

C:\Windows\System\keaAoQe.exe

C:\Windows\System\uKJWvnx.exe

C:\Windows\System\uKJWvnx.exe

C:\Windows\System\xWJERGs.exe

C:\Windows\System\xWJERGs.exe

C:\Windows\System\LCrRKeJ.exe

C:\Windows\System\LCrRKeJ.exe

C:\Windows\System\TJiPjUN.exe

C:\Windows\System\TJiPjUN.exe

C:\Windows\System\PGSQAcY.exe

C:\Windows\System\PGSQAcY.exe

C:\Windows\System\slTKmvS.exe

C:\Windows\System\slTKmvS.exe

C:\Windows\System\QgUXTkM.exe

C:\Windows\System\QgUXTkM.exe

C:\Windows\System\IoRyUwe.exe

C:\Windows\System\IoRyUwe.exe

C:\Windows\System\divSvKJ.exe

C:\Windows\System\divSvKJ.exe

C:\Windows\System\eAnMwfh.exe

C:\Windows\System\eAnMwfh.exe

C:\Windows\System\QltxDPV.exe

C:\Windows\System\QltxDPV.exe

C:\Windows\System\RBlwRBM.exe

C:\Windows\System\RBlwRBM.exe

C:\Windows\System\diKRzFO.exe

C:\Windows\System\diKRzFO.exe

C:\Windows\System\NgOhHfJ.exe

C:\Windows\System\NgOhHfJ.exe

C:\Windows\System\umbPokt.exe

C:\Windows\System\umbPokt.exe

C:\Windows\System\RJBMERM.exe

C:\Windows\System\RJBMERM.exe

C:\Windows\System\IAbLAhM.exe

C:\Windows\System\IAbLAhM.exe

C:\Windows\System\ogJKoWE.exe

C:\Windows\System\ogJKoWE.exe

C:\Windows\System\BTHHmUq.exe

C:\Windows\System\BTHHmUq.exe

C:\Windows\System\dthWgyO.exe

C:\Windows\System\dthWgyO.exe

C:\Windows\System\vLRZJQE.exe

C:\Windows\System\vLRZJQE.exe

C:\Windows\System\OIKMfOl.exe

C:\Windows\System\OIKMfOl.exe

C:\Windows\System\WoGCCeH.exe

C:\Windows\System\WoGCCeH.exe

C:\Windows\System\fTTaYcZ.exe

C:\Windows\System\fTTaYcZ.exe

C:\Windows\System\uNTbLXz.exe

C:\Windows\System\uNTbLXz.exe

C:\Windows\System\uzrUqBA.exe

C:\Windows\System\uzrUqBA.exe

C:\Windows\System\qXudtDc.exe

C:\Windows\System\qXudtDc.exe

C:\Windows\System\UbfUvDZ.exe

C:\Windows\System\UbfUvDZ.exe

C:\Windows\System\ZQSBysk.exe

C:\Windows\System\ZQSBysk.exe

C:\Windows\System\mAvmLws.exe

C:\Windows\System\mAvmLws.exe

C:\Windows\System\HnVWJXg.exe

C:\Windows\System\HnVWJXg.exe

C:\Windows\System\COTKtHC.exe

C:\Windows\System\COTKtHC.exe

C:\Windows\System\znmlwAX.exe

C:\Windows\System\znmlwAX.exe

C:\Windows\System\GLwVTuL.exe

C:\Windows\System\GLwVTuL.exe

C:\Windows\System\TjKFBUM.exe

C:\Windows\System\TjKFBUM.exe

C:\Windows\System\lYboRvW.exe

C:\Windows\System\lYboRvW.exe

C:\Windows\System\elTGewT.exe

C:\Windows\System\elTGewT.exe

C:\Windows\System\abZKDCT.exe

C:\Windows\System\abZKDCT.exe

C:\Windows\System\mjANBVW.exe

C:\Windows\System\mjANBVW.exe

C:\Windows\System\uMyCRee.exe

C:\Windows\System\uMyCRee.exe

C:\Windows\System\GpROPsd.exe

C:\Windows\System\GpROPsd.exe

C:\Windows\System\HLhVPFp.exe

C:\Windows\System\HLhVPFp.exe

C:\Windows\System\pcBDhOi.exe

C:\Windows\System\pcBDhOi.exe

C:\Windows\System\hMVhSAn.exe

C:\Windows\System\hMVhSAn.exe

C:\Windows\System\ZYalwbO.exe

C:\Windows\System\ZYalwbO.exe

C:\Windows\System\FDSMhpJ.exe

C:\Windows\System\FDSMhpJ.exe

C:\Windows\System\VBLXNNO.exe

C:\Windows\System\VBLXNNO.exe

C:\Windows\System\KFpbuZH.exe

C:\Windows\System\KFpbuZH.exe

C:\Windows\System\NJSzrQt.exe

C:\Windows\System\NJSzrQt.exe

C:\Windows\System\gQjteGC.exe

C:\Windows\System\gQjteGC.exe

C:\Windows\System\lyoJyZE.exe

C:\Windows\System\lyoJyZE.exe

C:\Windows\System\yBGmbzg.exe

C:\Windows\System\yBGmbzg.exe

C:\Windows\System\LLomrap.exe

C:\Windows\System\LLomrap.exe

C:\Windows\System\gzbljAy.exe

C:\Windows\System\gzbljAy.exe

C:\Windows\System\bBInMug.exe

C:\Windows\System\bBInMug.exe

C:\Windows\System\aGDpXel.exe

C:\Windows\System\aGDpXel.exe

C:\Windows\System\vPLOdBZ.exe

C:\Windows\System\vPLOdBZ.exe

C:\Windows\System\JjjLExe.exe

C:\Windows\System\JjjLExe.exe

C:\Windows\System\hZGdAWF.exe

C:\Windows\System\hZGdAWF.exe

C:\Windows\System\aLaQENX.exe

C:\Windows\System\aLaQENX.exe

C:\Windows\System\kqNcgAn.exe

C:\Windows\System\kqNcgAn.exe

C:\Windows\System\prwGSAx.exe

C:\Windows\System\prwGSAx.exe

C:\Windows\System\CPUommo.exe

C:\Windows\System\CPUommo.exe

C:\Windows\System\TAeniOl.exe

C:\Windows\System\TAeniOl.exe

C:\Windows\System\HLsMscu.exe

C:\Windows\System\HLsMscu.exe

C:\Windows\System\qObocWn.exe

C:\Windows\System\qObocWn.exe

C:\Windows\System\bkFewhm.exe

C:\Windows\System\bkFewhm.exe

C:\Windows\System\CCAUcPB.exe

C:\Windows\System\CCAUcPB.exe

C:\Windows\System\TVnJvje.exe

C:\Windows\System\TVnJvje.exe

C:\Windows\System\DnQMVGS.exe

C:\Windows\System\DnQMVGS.exe

C:\Windows\System\SvqTMRT.exe

C:\Windows\System\SvqTMRT.exe

C:\Windows\System\TnCssZe.exe

C:\Windows\System\TnCssZe.exe

C:\Windows\System\uTSeyQs.exe

C:\Windows\System\uTSeyQs.exe

C:\Windows\System\pSeyvSs.exe

C:\Windows\System\pSeyvSs.exe

C:\Windows\System\qNKftJO.exe

C:\Windows\System\qNKftJO.exe

C:\Windows\System\jbAqSqq.exe

C:\Windows\System\jbAqSqq.exe

C:\Windows\System\FMehlof.exe

C:\Windows\System\FMehlof.exe

C:\Windows\System\VmTtEXC.exe

C:\Windows\System\VmTtEXC.exe

C:\Windows\System\vJaMwST.exe

C:\Windows\System\vJaMwST.exe

C:\Windows\System\dCcOkQb.exe

C:\Windows\System\dCcOkQb.exe

C:\Windows\System\SAIYnAV.exe

C:\Windows\System\SAIYnAV.exe

C:\Windows\System\voezkdm.exe

C:\Windows\System\voezkdm.exe

C:\Windows\System\XYLrtzy.exe

C:\Windows\System\XYLrtzy.exe

C:\Windows\System\aeWQyoG.exe

C:\Windows\System\aeWQyoG.exe

C:\Windows\System\ahsidhw.exe

C:\Windows\System\ahsidhw.exe

C:\Windows\System\AjfjiFL.exe

C:\Windows\System\AjfjiFL.exe

C:\Windows\System\mlnUtHu.exe

C:\Windows\System\mlnUtHu.exe

C:\Windows\System\guUhPnC.exe

C:\Windows\System\guUhPnC.exe

C:\Windows\System\INUVXCw.exe

C:\Windows\System\INUVXCw.exe

C:\Windows\System\WBjmdWW.exe

C:\Windows\System\WBjmdWW.exe

C:\Windows\System\uraWmjI.exe

C:\Windows\System\uraWmjI.exe

C:\Windows\System\gmRfCMv.exe

C:\Windows\System\gmRfCMv.exe

C:\Windows\System\olnwQUS.exe

C:\Windows\System\olnwQUS.exe

C:\Windows\System\sBoCLzN.exe

C:\Windows\System\sBoCLzN.exe

C:\Windows\System\clNhAjj.exe

C:\Windows\System\clNhAjj.exe

C:\Windows\System\asfpZan.exe

C:\Windows\System\asfpZan.exe

C:\Windows\System\hcYzTzq.exe

C:\Windows\System\hcYzTzq.exe

C:\Windows\System\giqJrya.exe

C:\Windows\System\giqJrya.exe

C:\Windows\System\LriFnSt.exe

C:\Windows\System\LriFnSt.exe

C:\Windows\System\wgAUfer.exe

C:\Windows\System\wgAUfer.exe

C:\Windows\System\YFBptVX.exe

C:\Windows\System\YFBptVX.exe

C:\Windows\System\KhxoEmw.exe

C:\Windows\System\KhxoEmw.exe

C:\Windows\System\SvebxMX.exe

C:\Windows\System\SvebxMX.exe

C:\Windows\System\NBcOhFx.exe

C:\Windows\System\NBcOhFx.exe

C:\Windows\System\zImprGq.exe

C:\Windows\System\zImprGq.exe

C:\Windows\System\MChZBar.exe

C:\Windows\System\MChZBar.exe

C:\Windows\System\VpthCFj.exe

C:\Windows\System\VpthCFj.exe

C:\Windows\System\xTCQeXv.exe

C:\Windows\System\xTCQeXv.exe

C:\Windows\System\ptNBjPy.exe

C:\Windows\System\ptNBjPy.exe

C:\Windows\System\keNTfcx.exe

C:\Windows\System\keNTfcx.exe

C:\Windows\System\LDZgpEk.exe

C:\Windows\System\LDZgpEk.exe

C:\Windows\System\AyABAyn.exe

C:\Windows\System\AyABAyn.exe

C:\Windows\System\ReXIxIz.exe

C:\Windows\System\ReXIxIz.exe

C:\Windows\System\mDvJTJc.exe

C:\Windows\System\mDvJTJc.exe

C:\Windows\System\iRGANIj.exe

C:\Windows\System\iRGANIj.exe

C:\Windows\System\vmOrTFs.exe

C:\Windows\System\vmOrTFs.exe

C:\Windows\System\IKQBSFX.exe

C:\Windows\System\IKQBSFX.exe

C:\Windows\System\oSQNoEY.exe

C:\Windows\System\oSQNoEY.exe

C:\Windows\System\FTKrXdV.exe

C:\Windows\System\FTKrXdV.exe

C:\Windows\System\irdmqwY.exe

C:\Windows\System\irdmqwY.exe

C:\Windows\System\kMuimrA.exe

C:\Windows\System\kMuimrA.exe

C:\Windows\System\mdAzmkK.exe

C:\Windows\System\mdAzmkK.exe

C:\Windows\System\GFSaGzm.exe

C:\Windows\System\GFSaGzm.exe

C:\Windows\System\McRNbNX.exe

C:\Windows\System\McRNbNX.exe

C:\Windows\System\qKYeyUg.exe

C:\Windows\System\qKYeyUg.exe

C:\Windows\System\mifFSKl.exe

C:\Windows\System\mifFSKl.exe

C:\Windows\System\PMrHiuL.exe

C:\Windows\System\PMrHiuL.exe

C:\Windows\System\VGaahHK.exe

C:\Windows\System\VGaahHK.exe

C:\Windows\System\OVVHZEx.exe

C:\Windows\System\OVVHZEx.exe

C:\Windows\System\ATorxFm.exe

C:\Windows\System\ATorxFm.exe

C:\Windows\System\LTzJzqt.exe

C:\Windows\System\LTzJzqt.exe

C:\Windows\System\aRMjeye.exe

C:\Windows\System\aRMjeye.exe

C:\Windows\System\uCGNVfr.exe

C:\Windows\System\uCGNVfr.exe

C:\Windows\System\NsIHhjU.exe

C:\Windows\System\NsIHhjU.exe

C:\Windows\System\oUBzIiD.exe

C:\Windows\System\oUBzIiD.exe

C:\Windows\System\cyiPszc.exe

C:\Windows\System\cyiPszc.exe

C:\Windows\System\WkxfaNM.exe

C:\Windows\System\WkxfaNM.exe

C:\Windows\System\tWOEUCs.exe

C:\Windows\System\tWOEUCs.exe

C:\Windows\System\MSTxgiw.exe

C:\Windows\System\MSTxgiw.exe

C:\Windows\System\JPROJnr.exe

C:\Windows\System\JPROJnr.exe

C:\Windows\System\ZpktprP.exe

C:\Windows\System\ZpktprP.exe

C:\Windows\System\vMUyOBl.exe

C:\Windows\System\vMUyOBl.exe

C:\Windows\System\BrIxCFh.exe

C:\Windows\System\BrIxCFh.exe

C:\Windows\System\hbPBMuH.exe

C:\Windows\System\hbPBMuH.exe

C:\Windows\System\sRdnnpf.exe

C:\Windows\System\sRdnnpf.exe

C:\Windows\System\qWBaXLQ.exe

C:\Windows\System\qWBaXLQ.exe

C:\Windows\System\LNnckVH.exe

C:\Windows\System\LNnckVH.exe

C:\Windows\System\XWNwOOJ.exe

C:\Windows\System\XWNwOOJ.exe

C:\Windows\System\qiQSLqP.exe

C:\Windows\System\qiQSLqP.exe

C:\Windows\System\yBwYxGa.exe

C:\Windows\System\yBwYxGa.exe

C:\Windows\System\jDBFUsh.exe

C:\Windows\System\jDBFUsh.exe

C:\Windows\System\cRIQSIg.exe

C:\Windows\System\cRIQSIg.exe

C:\Windows\System\oAEhgsK.exe

C:\Windows\System\oAEhgsK.exe

C:\Windows\System\uBBvfDz.exe

C:\Windows\System\uBBvfDz.exe

C:\Windows\System\VbRkWhh.exe

C:\Windows\System\VbRkWhh.exe

C:\Windows\System\UoWSwyw.exe

C:\Windows\System\UoWSwyw.exe

C:\Windows\System\fItSIlz.exe

C:\Windows\System\fItSIlz.exe

C:\Windows\System\lvJUAfc.exe

C:\Windows\System\lvJUAfc.exe

C:\Windows\System\WaXsxbl.exe

C:\Windows\System\WaXsxbl.exe

C:\Windows\System\tevSCDB.exe

C:\Windows\System\tevSCDB.exe

C:\Windows\System\GKGnPgO.exe

C:\Windows\System\GKGnPgO.exe

C:\Windows\System\ybFbSRB.exe

C:\Windows\System\ybFbSRB.exe

C:\Windows\System\CwGuOmK.exe

C:\Windows\System\CwGuOmK.exe

C:\Windows\System\tCXbjxj.exe

C:\Windows\System\tCXbjxj.exe

C:\Windows\System\akteebK.exe

C:\Windows\System\akteebK.exe

C:\Windows\System\FKpgeli.exe

C:\Windows\System\FKpgeli.exe

C:\Windows\System\DRmERbw.exe

C:\Windows\System\DRmERbw.exe

C:\Windows\System\FaCgyjS.exe

C:\Windows\System\FaCgyjS.exe

C:\Windows\System\KHmEzax.exe

C:\Windows\System\KHmEzax.exe

C:\Windows\System\KjeHhUg.exe

C:\Windows\System\KjeHhUg.exe

C:\Windows\System\jtmIrbu.exe

C:\Windows\System\jtmIrbu.exe

C:\Windows\System\yEXqNWC.exe

C:\Windows\System\yEXqNWC.exe

C:\Windows\System\ZQdgNaK.exe

C:\Windows\System\ZQdgNaK.exe

C:\Windows\System\FKDPpeG.exe

C:\Windows\System\FKDPpeG.exe

C:\Windows\System\moOLAXe.exe

C:\Windows\System\moOLAXe.exe

C:\Windows\System\RHztzcI.exe

C:\Windows\System\RHztzcI.exe

C:\Windows\System\nSQXznu.exe

C:\Windows\System\nSQXznu.exe

C:\Windows\System\CUFIUjy.exe

C:\Windows\System\CUFIUjy.exe

C:\Windows\System\xITbpcv.exe

C:\Windows\System\xITbpcv.exe

C:\Windows\System\BUjvorn.exe

C:\Windows\System\BUjvorn.exe

C:\Windows\System\eUIusln.exe

C:\Windows\System\eUIusln.exe

C:\Windows\System\DBdOOqk.exe

C:\Windows\System\DBdOOqk.exe

C:\Windows\System\cXZyhwq.exe

C:\Windows\System\cXZyhwq.exe

C:\Windows\System\mdzUWIt.exe

C:\Windows\System\mdzUWIt.exe

C:\Windows\System\ANkUXAS.exe

C:\Windows\System\ANkUXAS.exe

C:\Windows\System\wWLRYvx.exe

C:\Windows\System\wWLRYvx.exe

C:\Windows\System\LxNNSxw.exe

C:\Windows\System\LxNNSxw.exe

C:\Windows\System\XvXdZoi.exe

C:\Windows\System\XvXdZoi.exe

C:\Windows\System\yvxYQlN.exe

C:\Windows\System\yvxYQlN.exe

C:\Windows\System\maSRsev.exe

C:\Windows\System\maSRsev.exe

C:\Windows\System\JbkCBqe.exe

C:\Windows\System\JbkCBqe.exe

C:\Windows\System\qEprAdF.exe

C:\Windows\System\qEprAdF.exe

C:\Windows\System\RHXromi.exe

C:\Windows\System\RHXromi.exe

C:\Windows\System\eHOJRpE.exe

C:\Windows\System\eHOJRpE.exe

C:\Windows\System\FyZRyKZ.exe

C:\Windows\System\FyZRyKZ.exe

C:\Windows\System\HLWekde.exe

C:\Windows\System\HLWekde.exe

C:\Windows\System\XaWcNOD.exe

C:\Windows\System\XaWcNOD.exe

C:\Windows\System\eOYAZHn.exe

C:\Windows\System\eOYAZHn.exe

C:\Windows\System\rDRBfPV.exe

C:\Windows\System\rDRBfPV.exe

C:\Windows\System\ItxkNAL.exe

C:\Windows\System\ItxkNAL.exe

C:\Windows\System\ASrNmsV.exe

C:\Windows\System\ASrNmsV.exe

C:\Windows\System\xVFUUFD.exe

C:\Windows\System\xVFUUFD.exe

C:\Windows\System\wLHJXcP.exe

C:\Windows\System\wLHJXcP.exe

C:\Windows\System\YuQiPxQ.exe

C:\Windows\System\YuQiPxQ.exe

C:\Windows\System\mnHjEHX.exe

C:\Windows\System\mnHjEHX.exe

C:\Windows\System\rNcdUmt.exe

C:\Windows\System\rNcdUmt.exe

C:\Windows\System\QzPsegL.exe

C:\Windows\System\QzPsegL.exe

C:\Windows\System\vAehFxy.exe

C:\Windows\System\vAehFxy.exe

C:\Windows\System\ICZSrpr.exe

C:\Windows\System\ICZSrpr.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4396,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8

C:\Windows\System\mCBxhOO.exe

C:\Windows\System\mCBxhOO.exe

C:\Windows\System\lWjawtG.exe

C:\Windows\System\lWjawtG.exe

C:\Windows\System\ZoVLhpM.exe

C:\Windows\System\ZoVLhpM.exe

C:\Windows\System\GZqJssZ.exe

C:\Windows\System\GZqJssZ.exe

C:\Windows\System\mcpOGgr.exe

C:\Windows\System\mcpOGgr.exe

C:\Windows\System\gEluhpU.exe

C:\Windows\System\gEluhpU.exe

C:\Windows\System\zZPciIz.exe

C:\Windows\System\zZPciIz.exe

C:\Windows\System\TYUdOHW.exe

C:\Windows\System\TYUdOHW.exe

C:\Windows\System\uOhDwFM.exe

C:\Windows\System\uOhDwFM.exe

C:\Windows\System\XmIvwRY.exe

C:\Windows\System\XmIvwRY.exe

C:\Windows\System\hoQEVnp.exe

C:\Windows\System\hoQEVnp.exe

C:\Windows\System\vpowytU.exe

C:\Windows\System\vpowytU.exe

C:\Windows\System\QhBCdOR.exe

C:\Windows\System\QhBCdOR.exe

C:\Windows\System\UIKrqrM.exe

C:\Windows\System\UIKrqrM.exe

C:\Windows\System\HESDTvc.exe

C:\Windows\System\HESDTvc.exe

C:\Windows\System\eTXTUbz.exe

C:\Windows\System\eTXTUbz.exe

C:\Windows\System\hJawXtv.exe

C:\Windows\System\hJawXtv.exe

C:\Windows\System\PRBxVdG.exe

C:\Windows\System\PRBxVdG.exe

C:\Windows\System\SznVqIH.exe

C:\Windows\System\SznVqIH.exe

C:\Windows\System\hwyviII.exe

C:\Windows\System\hwyviII.exe

C:\Windows\System\DkoVohK.exe

C:\Windows\System\DkoVohK.exe

C:\Windows\System\NiXQqCx.exe

C:\Windows\System\NiXQqCx.exe

C:\Windows\System\lLcvXPU.exe

C:\Windows\System\lLcvXPU.exe

C:\Windows\System\srytAAN.exe

C:\Windows\System\srytAAN.exe

C:\Windows\System\BzlSppN.exe

C:\Windows\System\BzlSppN.exe

C:\Windows\System\AyWgpCb.exe

C:\Windows\System\AyWgpCb.exe

C:\Windows\System\sYnHOat.exe

C:\Windows\System\sYnHOat.exe

C:\Windows\System\eCLiROG.exe

C:\Windows\System\eCLiROG.exe

C:\Windows\System\JKBYPJS.exe

C:\Windows\System\JKBYPJS.exe

C:\Windows\System\dfsuKWz.exe

C:\Windows\System\dfsuKWz.exe

C:\Windows\System\cYVtfVL.exe

C:\Windows\System\cYVtfVL.exe

C:\Windows\System\cnwjlnT.exe

C:\Windows\System\cnwjlnT.exe

C:\Windows\System\acAWTKX.exe

C:\Windows\System\acAWTKX.exe

C:\Windows\System\nPZkqTp.exe

C:\Windows\System\nPZkqTp.exe

C:\Windows\System\zBSSVKC.exe

C:\Windows\System\zBSSVKC.exe

C:\Windows\System\RkLbQEM.exe

C:\Windows\System\RkLbQEM.exe

C:\Windows\System\YMFFUiK.exe

C:\Windows\System\YMFFUiK.exe

C:\Windows\System\vcaYVTP.exe

C:\Windows\System\vcaYVTP.exe

C:\Windows\System\cydjybf.exe

C:\Windows\System\cydjybf.exe

C:\Windows\System\aTuXtGw.exe

C:\Windows\System\aTuXtGw.exe

C:\Windows\System\jpoTIvI.exe

C:\Windows\System\jpoTIvI.exe

C:\Windows\System\RAAgReY.exe

C:\Windows\System\RAAgReY.exe

C:\Windows\System\DXRMdPJ.exe

C:\Windows\System\DXRMdPJ.exe

C:\Windows\System\uvvpQdi.exe

C:\Windows\System\uvvpQdi.exe

C:\Windows\System\UuwLBMS.exe

C:\Windows\System\UuwLBMS.exe

C:\Windows\System\DFyTvWI.exe

C:\Windows\System\DFyTvWI.exe

C:\Windows\System\dShxrNG.exe

C:\Windows\System\dShxrNG.exe

C:\Windows\System\VUMcOaI.exe

C:\Windows\System\VUMcOaI.exe

C:\Windows\System\iFJmcti.exe

C:\Windows\System\iFJmcti.exe

C:\Windows\System\pBKSdjk.exe

C:\Windows\System\pBKSdjk.exe

C:\Windows\System\paBogYp.exe

C:\Windows\System\paBogYp.exe

C:\Windows\System\svkvsVA.exe

C:\Windows\System\svkvsVA.exe

C:\Windows\System\ldLxhgU.exe

C:\Windows\System\ldLxhgU.exe

C:\Windows\System\bdojYgI.exe

C:\Windows\System\bdojYgI.exe

C:\Windows\System\bFphTTE.exe

C:\Windows\System\bFphTTE.exe

C:\Windows\System\ZvxITNp.exe

C:\Windows\System\ZvxITNp.exe

C:\Windows\System\CRpwDFK.exe

C:\Windows\System\CRpwDFK.exe

C:\Windows\System\OwXCnUg.exe

C:\Windows\System\OwXCnUg.exe

C:\Windows\System\UmEJoKh.exe

C:\Windows\System\UmEJoKh.exe

C:\Windows\System\PIklqWz.exe

C:\Windows\System\PIklqWz.exe

C:\Windows\System\yPEgLwL.exe

C:\Windows\System\yPEgLwL.exe

C:\Windows\System\gNIetMc.exe

C:\Windows\System\gNIetMc.exe

C:\Windows\System\YFMaPPW.exe

C:\Windows\System\YFMaPPW.exe

C:\Windows\System\qrRScCJ.exe

C:\Windows\System\qrRScCJ.exe

C:\Windows\System\uZznZZD.exe

C:\Windows\System\uZznZZD.exe

C:\Windows\System\ubKBhzP.exe

C:\Windows\System\ubKBhzP.exe

C:\Windows\System\HECWLfH.exe

C:\Windows\System\HECWLfH.exe

C:\Windows\System\reFsgps.exe

C:\Windows\System\reFsgps.exe

C:\Windows\System\JkVkGiV.exe

C:\Windows\System\JkVkGiV.exe

C:\Windows\System\ifHxxOy.exe

C:\Windows\System\ifHxxOy.exe

C:\Windows\System\cwTmXFN.exe

C:\Windows\System\cwTmXFN.exe

C:\Windows\System\BHQyctw.exe

C:\Windows\System\BHQyctw.exe

C:\Windows\System\TKSurmp.exe

C:\Windows\System\TKSurmp.exe

C:\Windows\System\zODzabc.exe

C:\Windows\System\zODzabc.exe

C:\Windows\System\juHsklW.exe

C:\Windows\System\juHsklW.exe

C:\Windows\System\wIecAKw.exe

C:\Windows\System\wIecAKw.exe

C:\Windows\System\umVqAHj.exe

C:\Windows\System\umVqAHj.exe

C:\Windows\System\CFnogLS.exe

C:\Windows\System\CFnogLS.exe

C:\Windows\System\sqhtBEi.exe

C:\Windows\System\sqhtBEi.exe

C:\Windows\System\AFIpJwW.exe

C:\Windows\System\AFIpJwW.exe

C:\Windows\System\wzMZbpl.exe

C:\Windows\System\wzMZbpl.exe

C:\Windows\System\bqIwlhD.exe

C:\Windows\System\bqIwlhD.exe

C:\Windows\System\blVDHXa.exe

C:\Windows\System\blVDHXa.exe

C:\Windows\System\MLFjMJC.exe

C:\Windows\System\MLFjMJC.exe

C:\Windows\System\YPHYnEQ.exe

C:\Windows\System\YPHYnEQ.exe

C:\Windows\System\DkefXyh.exe

C:\Windows\System\DkefXyh.exe

C:\Windows\System\ntRixxg.exe

C:\Windows\System\ntRixxg.exe

C:\Windows\System\cuqGVwj.exe

C:\Windows\System\cuqGVwj.exe

C:\Windows\System\QMSzPna.exe

C:\Windows\System\QMSzPna.exe

C:\Windows\System\ADGevLp.exe

C:\Windows\System\ADGevLp.exe

C:\Windows\System\pZgQSOw.exe

C:\Windows\System\pZgQSOw.exe

C:\Windows\System\QhbfMZu.exe

C:\Windows\System\QhbfMZu.exe

C:\Windows\System\HWrqnjq.exe

C:\Windows\System\HWrqnjq.exe

C:\Windows\System\hEDwHlk.exe

C:\Windows\System\hEDwHlk.exe

C:\Windows\System\eVbHPcI.exe

C:\Windows\System\eVbHPcI.exe

C:\Windows\System\ogUEhSi.exe

C:\Windows\System\ogUEhSi.exe

C:\Windows\System\CaYHslA.exe

C:\Windows\System\CaYHslA.exe

C:\Windows\System\fGyKDoo.exe

C:\Windows\System\fGyKDoo.exe

C:\Windows\System\qImkwsY.exe

C:\Windows\System\qImkwsY.exe

C:\Windows\System\JyXLTvs.exe

C:\Windows\System\JyXLTvs.exe

C:\Windows\System\sbVwngJ.exe

C:\Windows\System\sbVwngJ.exe

C:\Windows\System\oUwhArX.exe

C:\Windows\System\oUwhArX.exe

C:\Windows\System\JDyvjjf.exe

C:\Windows\System\JDyvjjf.exe

C:\Windows\System\LQnbkzB.exe

C:\Windows\System\LQnbkzB.exe

C:\Windows\System\veSsiau.exe

C:\Windows\System\veSsiau.exe

C:\Windows\System\jAntKxF.exe

C:\Windows\System\jAntKxF.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4964-0-0x00007FF631F30000-0x00007FF632284000-memory.dmp

memory/4964-1-0x00000262336B0000-0x00000262336C0000-memory.dmp

C:\Windows\System\lmsHbzf.exe

MD5 349ef28cd49ec11b187cab46c6220004
SHA1 be79d2ce5f5d52e64fd8c031807844ff03b26d86
SHA256 1371047889d8a493b4a634a36c0159f1cf218953d0b0519ee37cb0dfbb1ee5b8
SHA512 78dc4fb39d8c1c461431babae49a253c43440de6e47d60097d6fc59e536624ed40c29ca88b6a6c7386430390bc6c1f65fbf45a73cb525c7e2397c84c720b4272

C:\Windows\System\rJQRhKL.exe

MD5 b82d9d3f9c1af617fc0b628d7f30bd8b
SHA1 c2b798244a75b58308f0bc5d00e862497591849f
SHA256 5c209b13b0b88103ce83a7e254582d229b0fbf5c6154743f90f117df41c81b11
SHA512 26c7ee14bc2d6ae74ba6b005ff3c061e64d82ce80240c6cad5e4db933577bfc500f54b5dd2b3bb668df44996d8f7ab0a25a357df77f13f727e4e2c186024ed9e

memory/4832-11-0x00007FF7B4B30000-0x00007FF7B4E84000-memory.dmp

memory/2972-20-0x00007FF6F9B80000-0x00007FF6F9ED4000-memory.dmp

C:\Windows\System\wSHzkZq.exe

MD5 14fe336d9e96d3886154582a46748905
SHA1 e1f16bd5dd51caa555e1321757843e308110c45b
SHA256 41c7515077f4c630bc5b1cc91f9548b1c9057bd493cafddab6bd278d201b35d7
SHA512 8f6af22309889191dbf0237b838e4e12b488e1916e17567902dd37ba40b43b829efb9db4920d7724f2182a7d8fda4a8f44d59438a8bb4d9f26da637f30e63971

memory/1448-24-0x00007FF649610000-0x00007FF649964000-memory.dmp

C:\Windows\System\hVUeVdD.exe

MD5 b65ec9da02577512dddb7c6ec4ff53e3
SHA1 1f764c442ec6777d3408f35f5d1e84eb1038c8af
SHA256 107bbad8a7b11798d34044441d49c7bed5f8b9fdd620b2ed3a7672349e2c82d3
SHA512 120e0624aaa2be59a0bf16efd9836c240391e204d3fa575c922d8b290b65e3d011a269117bed9fbf24d8bb030155e54e72ae1aae2619d22a1315d723454fabc4

memory/1256-17-0x00007FF607F30000-0x00007FF608284000-memory.dmp

C:\Windows\System\stcTYuP.exe

MD5 bcad93c922bef833b43440aef56ccebc
SHA1 38809de49a629f5e195bd9aa24df8eba89aa559e
SHA256 9b253f7ed248ea0d261b5b323e0e21154a40c0f2ed9573c15da238b1162c5e16
SHA512 be48cbee2c45f011bbdccd1ad5e5b7df355503ef94379225c0af5b93711cdc0cb9fab39a5b429080ba0cf122e312e37760c7f5f825bfc10a9e8f25fffa56f9c6

C:\Windows\System\NMLAIIB.exe

MD5 20f2aa56c5900248e82ea1b41388d536
SHA1 0717ee9ae09c39ec1e8d3ca2141f1390df16f2c1
SHA256 b7a9a82735417460f78ca4be4d4661fe74261f45e8c76cce0178d8cccb49b760
SHA512 3ace4b67056eef99d1db87f9d627532c244b6c287fc3feaace1dce3629938cfeb3dd6af2c312845fe82bbb3a4fa091dcde80d0a0cbacf9a737cddd50c6a786ce

C:\Windows\System\SAlwiJK.exe

MD5 2087f7292e33003aff77b82ad46781d6
SHA1 c51aa4220dd2d3f8e354e9020b9e15eb84a6848a
SHA256 a77760a4d50bf316504016b7afbe73a56a2aa92488b19b814ba3144eaaf3501c
SHA512 f3397dfeeaff879b01ba1d3f0c7bcc0935264337aa45ad918f2db6a73efd006894b1995e6c205c0331379cde7f14bc09aab5545f16413b31a051baf312a7950d

memory/3668-49-0x00007FF7BCC20000-0x00007FF7BCF74000-memory.dmp

memory/3956-59-0x00007FF6D5430000-0x00007FF6D5784000-memory.dmp

C:\Windows\System\PGSQAcY.exe

MD5 54ce198b909b82922dce39d4f13ef869
SHA1 e025db5570d74dcef46698c7b548a6dbb2f32cd2
SHA256 39dca60408f8c5e5c940173e6cb425696b9cad51af89e71ddc710ad18751af16
SHA512 0888cc45e0968bac64531bca1e7de0cbbc25480562611043eadd22a0cd549f516ddd56b89ecfc73c34d170b0c5d5ed5a20c925ee92804c4c565f75e2328d522e

C:\Windows\System\divSvKJ.exe

MD5 b4a5b53d033f002b8f31e75d23f17544
SHA1 89e4aca8b24c081c5ada3291612acbe7cf2d9c5f
SHA256 42b584cc4ebbffa9359f5c7c70e3ec0f6788af3dd6a1df19c6f598d8e519d71e
SHA512 7cb3b5a426b3c7ffe6dcc635fffc5b54c9e052ecc85ff055e6e1cbfc208e8f6ee28e0e6732bb6b28119a2b606dc8519d409b1ce24d537a7063e5ebc03cc4e053

C:\Windows\System\RBlwRBM.exe

MD5 9af2f9f2081d1d24a888a6b6cd17706b
SHA1 6582e346595ca6ff072f8a41fd234520d87e62e1
SHA256 3c5ce88b2240ca0dc30f9c5c169cb273199c5d39157f9d8ef723fb112de0b103
SHA512 fac04c86b4bb0f768bb13f346537fae098a1bdfcb1cb84d30234b4dc85dd6cb4e45425b99f97b05cf18b91b7e191c55b731004e2c6aca30b7b8842578b11cfdc

C:\Windows\System\umbPokt.exe

MD5 0cebbe01fb9ff8c225649395a10a198a
SHA1 a00b8eba09bd4f58c9f134ffe0ba1c4f4f8623d6
SHA256 78990969904c3f618c92ecfc42230bb4f29e188faf1383eed90e766601a83b84
SHA512 907f20d65a8a06817f1ca99d7fcea9e211e221c0ce09e2714a890c7744249ae57de0e45aa6de0e0b6b22749f9bc1dc5931b9d218568188f1958f9f660dd5a3da

C:\Windows\System\BTHHmUq.exe

MD5 cfb7d534ac06f38cf2e341404bfd3b82
SHA1 5ea7e014d39c2fa0ce9572984e27dfe345ce8277
SHA256 c4f535a9fc4f9dbb9fd995cd563440cee8f5fb6d3a1629f542bfdddd5e5a5ed0
SHA512 9f18abbe30c55ed4434783751b8c12cad5bbd9f66eaa267d9019d6d199f5d9a967224225d5f6a00f7471aa7506279a27c3bd0ba891c3b92b67faf763e6096b47

memory/2036-755-0x00007FF7AB4B0000-0x00007FF7AB804000-memory.dmp

memory/4512-761-0x00007FF699130000-0x00007FF699484000-memory.dmp

memory/4836-764-0x00007FF77E5A0000-0x00007FF77E8F4000-memory.dmp

memory/1736-795-0x00007FF6CB7D0000-0x00007FF6CBB24000-memory.dmp

memory/1080-827-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp

memory/4908-839-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp

memory/3480-847-0x00007FF6DBC30000-0x00007FF6DBF84000-memory.dmp

memory/2600-822-0x00007FF6B86C0000-0x00007FF6B8A14000-memory.dmp

memory/4736-794-0x00007FF6F5960000-0x00007FF6F5CB4000-memory.dmp

memory/4868-791-0x00007FF7B0DB0000-0x00007FF7B1104000-memory.dmp

memory/3424-783-0x00007FF70FCE0000-0x00007FF710034000-memory.dmp

memory/5052-757-0x00007FF7695E0000-0x00007FF769934000-memory.dmp

memory/4184-752-0x00007FF661BB0000-0x00007FF661F04000-memory.dmp

memory/4732-749-0x00007FF6EFD00000-0x00007FF6F0054000-memory.dmp

memory/1104-744-0x00007FF7A5BE0000-0x00007FF7A5F34000-memory.dmp

memory/5024-741-0x00007FF6BF970000-0x00007FF6BFCC4000-memory.dmp

memory/4156-735-0x00007FF61AD10000-0x00007FF61B064000-memory.dmp

memory/2368-733-0x00007FF745BA0000-0x00007FF745EF4000-memory.dmp

C:\Windows\System\WoGCCeH.exe

MD5 020400c88920ac554e12729d7e46233b
SHA1 2147ff1bb0c0710c96260bed6ecd063d059e9d4f
SHA256 e9fc27a517f9e805c1590a4e26264bde38cc21b61dcb983d184b8dd55a34b7c2
SHA512 8eb793dfb6874fd47c5039f76071a5c86e9a83a80e6c4eab848a48dfd8dfe95e1046e25e16c0294c3bf2f64496b678b624872e3096886f99124826fc78e56445

C:\Windows\System\vLRZJQE.exe

MD5 72a882096d5697cebe6b16ac611be299
SHA1 873f76330dacabb7b9a9d39943530b6fa93fab8e
SHA256 d443f0dd9b733e2252bb454fb33bff607ac5e570666f2626b3400c28d0257d04
SHA512 989012025d7b43dec8e58afe4c7c3f4072d9ebc1c63c2b2e7e1f7f6d79f569f02971c86404eab96467f135137362686de1be4a5654f917e341ecf1449815a154

C:\Windows\System\OIKMfOl.exe

MD5 eed9fcbffa460464fca1aa8839281653
SHA1 35d0bd1bc8def540597c2212647502a314b6da1b
SHA256 f552b30d5ba896f4b2843cb9678a6eed44587b0c364bae4a4f4eb93e94b59ae6
SHA512 65f4fac59bcbc5b36056daf079dd4c4e0dfa0b7c06a8edc147b7ef3a85e9627c84f446629fe13ae21525fd55710e56fa0e4ab491b5eb78e260a9749f1fed7bfe

C:\Windows\System\dthWgyO.exe

MD5 092028280cea13642e118db46315fb93
SHA1 c6ad98d83a027cc3b776e5931f5758ee55f5b1e5
SHA256 3f3e20c2aed5cb43957f979f16590fee62834cbefb7349e6a55d12c6b8f7e267
SHA512 0a9c7d7c8828f0df5ca16999cadd3bd2a7d9dd37ebbece4335d55aed141ba64d8d3586e91feb8fa7e9244056c96779a1a6ae3d86797d79e97cf38eec0b403743

C:\Windows\System\ogJKoWE.exe

MD5 ad790c21f9939f1281ce19efecb81cd3
SHA1 c67a225d42543329803eeae4ee8017f881a8ec21
SHA256 0368bfc2dd7db3b8b7e6423ac2cd21ddf450cac40424cc8d2537cb30d7889063
SHA512 2e92d50bac574242b8d8e6c760cc9e0059b453b035aa25abba6317a72ee8632e905f0c1b7845f6084da059d50c5a08a27bdffcfadfc37fdb5cae429136858c29

C:\Windows\System\IAbLAhM.exe

MD5 75220f6d1c2d2e7730585c9870cf98a0
SHA1 56402d88278f36ca22863bed6ef0af590f3d7859
SHA256 08ac378194c1f5494d6dcb70eb14be4cdecda71d67c6fd827a5ce5ece6f92434
SHA512 2ca954b569fcbde1ab3ceacd6f24425708d72b529aa0b63c23b9373a4e38088b47eec4b9a2aa36569e735b58c702afaec3d662d1a080d3d409ac00c941f54afd

C:\Windows\System\RJBMERM.exe

MD5 97996cd7f36513dbaa47adffca0d33e0
SHA1 a49cc1d0ab8ec5232b346019ca23e47ad6394fb7
SHA256 268d4a132e29d26d2c5b0bb22edc769be4dc49eade8b852ac9564f612e47f877
SHA512 db2b78cb2078500c03c60b91a85932ba4322e90ad72bfd80451a028483d98187153c76bb80623cb13022fd75c747b22407479e4cdca6a5b7b93645abe2e4608d

C:\Windows\System\NgOhHfJ.exe

MD5 96f295ebf2afbf99a041800099e3b11a
SHA1 5f87f2a32241aee7eba705789ca5f16afcad0611
SHA256 397757bde96377bc83fd596409420eaeb600bcd5269d8d4327d06ec23b10c633
SHA512 c0b042214e403e9f15212a3d5fc9fe8f626a984c81dc55ea811e585c598b3ce70dce408ba47ee577629aa673a89a345179fd3b2bba373c3ffe7b5fc78e9a778e

C:\Windows\System\diKRzFO.exe

MD5 27ccc9f547649ba3443e2b4b7636518a
SHA1 1361b67cc403ee9c3058bee6ec3b29d8ae9f56ca
SHA256 12c425901ff74ba6919042f58858f9f14ede360fb8c5e81ac8a9c67b21b5ceb2
SHA512 f1e38ca0a5c8987b3413d45ffdf3ace3460c71545b4a4f0fb37d452307be44bab96cc97d589154b54a38f17a119c978866f595aa849590bd1413c1bac2f66db9

C:\Windows\System\QltxDPV.exe

MD5 d3750dc4b7908f72d97dd661c612c73d
SHA1 ad2d165db5b4f00a96f2ffec5a57fe86d482a5c8
SHA256 bf92cd343ef22eda389622d338b4ec6a130e96a0f5703383c2ebd053e1e2d318
SHA512 956afc6003b5e4490e782436cbd29b18b1b7b36c2a38921d4ea164b792711832a3c305c47e7fc091764897fa532993b8d719363fca3c45a086dd5a9c21f86e2b

C:\Windows\System\eAnMwfh.exe

MD5 c63a1f13ae2395ba046af62b3fa65cc2
SHA1 ce9f1018e828e2aae78c305b94dc11d411c738b2
SHA256 4679e9c67a9cb802852dc5b4d768f4ac4aeef82b684c61578f056cea695e4b8b
SHA512 da5d1fbd489439a459032bf0134e7bcbd21a5a9bf1ddf488f00334d30f4f15c00ed43acb9cfbffa506fda5d869450a77239a5d53a46d87958036333977a002d4

C:\Windows\System\IoRyUwe.exe

MD5 77a714a60ead94883daea3c91068b233
SHA1 d8d4716b7e3761e99f0dd74b0f8ff8acf0862446
SHA256 0d035c2120e83e4324d51a69a92d5e7846e3af15e68fd57294fc62303fc83c2d
SHA512 8995daf5d939de4ebbd9bfd0ba53cbdbc49fcc5bb08304bd8d3042f7dbb82195488a079492a1bd53bf3b05a1a1fd0fe3a7bbff7984d4c25a731f95fa439db94b

C:\Windows\System\QgUXTkM.exe

MD5 2f65f8ee8126466b5a17f2f24763e0e4
SHA1 6e296392fa54b16a3cbdceabd573d86c61c9b880
SHA256 c014edbcfdaade466b2c42fa9617512cc9b3238d2eba67ba44cd36a1b742e1b2
SHA512 b47c85cb1a75d62948a2639eb4805f14c4a3949d7532e5b7be621b482f2844316f60157489e7b99573b0dc1ccc42736c815cf0de2f45046685466a2244190f03

C:\Windows\System\slTKmvS.exe

MD5 663b3d189e53d391d57607ecb8cde779
SHA1 a8a632141607479ec7ebe8322761c263e44261dd
SHA256 6576ca77138e8b278c9aad6275a61cf84ae1b9f8aef4e3da008ada5d429c13b5
SHA512 259387b629e237ed1d71f837afb0422e7939c1a63059fc378267edd467e8b749e79839843b0f62ac0c73cb6ee5a94cb21fc78d54eb09e3feb6205023503e7476

C:\Windows\System\TJiPjUN.exe

MD5 8587e14d8ad8e155c1e40c852df5c6dd
SHA1 63e3f040f7e446e53da28d479523f076fa1388d1
SHA256 4eda181941ac0828ca70c83752793167e7697d0468444283787ac765b1caecb9
SHA512 76cd4a9a6ca551058dd9d5d2f6a5a0014705262ceb48f190643e30c8910f83fbd4d35fc010eb94966ffadf72ce672e6db43fd96f3113b2a68304318f2382a2e5

C:\Windows\System\LCrRKeJ.exe

MD5 b2adf69b57d3597ff26f0241e02454f7
SHA1 6f98e868a5b9afaedcec4a3c666005defa0d12b6
SHA256 a31d1d343fe6720760b853bda7c2a04caaa6447fcbdc5ca513226a0d62c5ba30
SHA512 c62fdb246970ac804ceb3017fc8ba2eee78a5df8d5bf37ffb29e263302ee15b910e85d4ea4beee3cf5e976299766b9c415bc671c88a4a7bed948d10fa1fdfade

C:\Windows\System\xWJERGs.exe

MD5 8e43ac3fb2be6d974b9e430f7aa6c75f
SHA1 046d069576b00fb279eec780cda8f0f366cc301a
SHA256 9a05907ab9627f3c2dc34206c0269c84e10f204df3bc6c1ccafae6b746b09fd9
SHA512 4b05091ae9d54d2d1eddd20d3bfe4053371834f2fe991280ce4d621ea9fec1e017522715477c6def6154f0a2baaf5052fde56c52d9dac6af9b2c60cb12fde9fb

C:\Windows\System\uKJWvnx.exe

MD5 d1e8bc4390b863fa54045e781497695b
SHA1 bb7bd739c290e0b0a3fbd3f5e7bb50e5158ebcfd
SHA256 8fcf278ac1d142d20d8c54cf5991c4eec5bf4d546efff1333076eae040210afd
SHA512 43ec73d7d1248fe493a4bbdae9c0e8627e1c08ee233ce5e577f0d99309ac59eb8f987685cdce17aa35958a5f515b039da003f4cf5d3eab28d19f026bb7b3393c

memory/4784-68-0x00007FF75DA10000-0x00007FF75DD64000-memory.dmp

C:\Windows\System\keaAoQe.exe

MD5 479c3a544abe32543cbf0280d560b4d9
SHA1 771728edfbc280305edd7cdd2c46b6ac09cd84ac
SHA256 7af65a6538472c69fd99507f0c1d8803a7b437193cd80e9bb94ac9af2229eb32
SHA512 5178561764974a3e4e345138a868eeb45f995aef2544269a5a9a2818cf371131b6c485ac7bee26320449ab4708f05c633f20400d5c5872c36cf33085f23249d1

memory/4652-63-0x00007FF78AF40000-0x00007FF78B294000-memory.dmp

C:\Windows\System\tMHbhut.exe

MD5 bfe970c3d776f5a4585bfb372ccf1b32
SHA1 c4535d8b9797d7a420203a680b4873eef0a80bec
SHA256 63ff15d50165c61ce59086e6fabdfa726fbdfc9faf1353ac7c3d802d23f63744
SHA512 2e52033f159ec3713be22aa6b15d2fe1eaff902c859033052567b222a2f81c6f94b71b9d3dbc3c40aef439f92a1e0d05f4489594bc0fdb7ddd79d6f63717c144

memory/4228-53-0x00007FF7C36D0000-0x00007FF7C3A24000-memory.dmp

memory/5096-46-0x00007FF7EFAE0000-0x00007FF7EFE34000-memory.dmp

memory/880-42-0x00007FF78B830000-0x00007FF78BB84000-memory.dmp

C:\Windows\System\KyKtqLn.exe

MD5 e46e8ce3e65a3309187d5095a4c09d12
SHA1 efe7bded4e0a9a6a04b5d54c4301c442f204f3cd
SHA256 cb207e72fcaa4c3606b4d50263187fb4a6430cd7e222679031ef9a66f942c96f
SHA512 06d17d2d1733396051f28e954581b330d4ef82b0deb48eb801757b05f492b44a112553435359a15e6ed8a3db00fefe0f060c327bff903887242bc904e03cf4a2

memory/4964-1070-0x00007FF631F30000-0x00007FF632284000-memory.dmp

memory/4832-1071-0x00007FF7B4B30000-0x00007FF7B4E84000-memory.dmp

memory/2972-1072-0x00007FF6F9B80000-0x00007FF6F9ED4000-memory.dmp

memory/1448-1073-0x00007FF649610000-0x00007FF649964000-memory.dmp

memory/3668-1074-0x00007FF7BCC20000-0x00007FF7BCF74000-memory.dmp

memory/3956-1075-0x00007FF6D5430000-0x00007FF6D5784000-memory.dmp

memory/4228-1076-0x00007FF7C36D0000-0x00007FF7C3A24000-memory.dmp

memory/4652-1077-0x00007FF78AF40000-0x00007FF78B294000-memory.dmp

memory/4784-1078-0x00007FF75DA10000-0x00007FF75DD64000-memory.dmp

memory/1256-1079-0x00007FF607F30000-0x00007FF608284000-memory.dmp

memory/4832-1080-0x00007FF7B4B30000-0x00007FF7B4E84000-memory.dmp

memory/2972-1081-0x00007FF6F9B80000-0x00007FF6F9ED4000-memory.dmp

memory/1448-1082-0x00007FF649610000-0x00007FF649964000-memory.dmp

memory/880-1083-0x00007FF78B830000-0x00007FF78BB84000-memory.dmp

memory/5096-1084-0x00007FF7EFAE0000-0x00007FF7EFE34000-memory.dmp

memory/3956-1086-0x00007FF6D5430000-0x00007FF6D5784000-memory.dmp

memory/3668-1085-0x00007FF7BCC20000-0x00007FF7BCF74000-memory.dmp

memory/4228-1087-0x00007FF7C36D0000-0x00007FF7C3A24000-memory.dmp

memory/2036-1096-0x00007FF7AB4B0000-0x00007FF7AB804000-memory.dmp

memory/4512-1098-0x00007FF699130000-0x00007FF699484000-memory.dmp

memory/3424-1100-0x00007FF70FCE0000-0x00007FF710034000-memory.dmp

memory/4868-1101-0x00007FF7B0DB0000-0x00007FF7B1104000-memory.dmp

memory/4836-1099-0x00007FF77E5A0000-0x00007FF77E8F4000-memory.dmp

memory/5052-1097-0x00007FF7695E0000-0x00007FF769934000-memory.dmp

memory/4184-1095-0x00007FF661BB0000-0x00007FF661F04000-memory.dmp

memory/4652-1094-0x00007FF78AF40000-0x00007FF78B294000-memory.dmp

memory/4784-1093-0x00007FF75DA10000-0x00007FF75DD64000-memory.dmp

memory/4732-1092-0x00007FF6EFD00000-0x00007FF6F0054000-memory.dmp

memory/2368-1091-0x00007FF745BA0000-0x00007FF745EF4000-memory.dmp

memory/4156-1090-0x00007FF61AD10000-0x00007FF61B064000-memory.dmp

memory/5024-1089-0x00007FF6BF970000-0x00007FF6BFCC4000-memory.dmp

memory/1104-1088-0x00007FF7A5BE0000-0x00007FF7A5F34000-memory.dmp

memory/4908-1102-0x00007FF6DE890000-0x00007FF6DEBE4000-memory.dmp

memory/1736-1106-0x00007FF6CB7D0000-0x00007FF6CBB24000-memory.dmp

memory/4736-1107-0x00007FF6F5960000-0x00007FF6F5CB4000-memory.dmp

memory/3480-1105-0x00007FF6DBC30000-0x00007FF6DBF84000-memory.dmp

memory/2600-1104-0x00007FF6B86C0000-0x00007FF6B8A14000-memory.dmp

memory/1080-1103-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 01:22

Reported

2024-06-03 01:25

Platform

win7-20240221-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bocJfWB.exe N/A
N/A N/A C:\Windows\System\ouapept.exe N/A
N/A N/A C:\Windows\System\qIkJaIs.exe N/A
N/A N/A C:\Windows\System\NKWLZmZ.exe N/A
N/A N/A C:\Windows\System\FFTIefv.exe N/A
N/A N/A C:\Windows\System\dIoDaFf.exe N/A
N/A N/A C:\Windows\System\kNTEnvi.exe N/A
N/A N/A C:\Windows\System\OWVBjmi.exe N/A
N/A N/A C:\Windows\System\vPYaokv.exe N/A
N/A N/A C:\Windows\System\tCiSNEv.exe N/A
N/A N/A C:\Windows\System\XSJIaSM.exe N/A
N/A N/A C:\Windows\System\xEWpRQk.exe N/A
N/A N/A C:\Windows\System\sdnhuOr.exe N/A
N/A N/A C:\Windows\System\mlSbRfN.exe N/A
N/A N/A C:\Windows\System\bdUfGtd.exe N/A
N/A N/A C:\Windows\System\JKKxJBS.exe N/A
N/A N/A C:\Windows\System\aevOyYO.exe N/A
N/A N/A C:\Windows\System\IzlzoiF.exe N/A
N/A N/A C:\Windows\System\NtDgPGC.exe N/A
N/A N/A C:\Windows\System\lnpbOqa.exe N/A
N/A N/A C:\Windows\System\hEWwoiP.exe N/A
N/A N/A C:\Windows\System\vkkfePz.exe N/A
N/A N/A C:\Windows\System\XbcnmSH.exe N/A
N/A N/A C:\Windows\System\ktkPlFR.exe N/A
N/A N/A C:\Windows\System\JFCxrWj.exe N/A
N/A N/A C:\Windows\System\AUWlXRJ.exe N/A
N/A N/A C:\Windows\System\OrPnSOZ.exe N/A
N/A N/A C:\Windows\System\imQQlhC.exe N/A
N/A N/A C:\Windows\System\qlzAfsE.exe N/A
N/A N/A C:\Windows\System\AbnQgIQ.exe N/A
N/A N/A C:\Windows\System\jGCAqOk.exe N/A
N/A N/A C:\Windows\System\xXOQiwi.exe N/A
N/A N/A C:\Windows\System\BTvYNgS.exe N/A
N/A N/A C:\Windows\System\UYFXDQG.exe N/A
N/A N/A C:\Windows\System\jxhclBa.exe N/A
N/A N/A C:\Windows\System\nCMDljp.exe N/A
N/A N/A C:\Windows\System\owuSAMe.exe N/A
N/A N/A C:\Windows\System\jentzCh.exe N/A
N/A N/A C:\Windows\System\TVUKVKl.exe N/A
N/A N/A C:\Windows\System\BOUraUm.exe N/A
N/A N/A C:\Windows\System\LKLWbZA.exe N/A
N/A N/A C:\Windows\System\ZkrTKpA.exe N/A
N/A N/A C:\Windows\System\lWbVxhm.exe N/A
N/A N/A C:\Windows\System\lzymMFa.exe N/A
N/A N/A C:\Windows\System\fFEjbDa.exe N/A
N/A N/A C:\Windows\System\levnfLf.exe N/A
N/A N/A C:\Windows\System\WdRIwIq.exe N/A
N/A N/A C:\Windows\System\MXZQZfN.exe N/A
N/A N/A C:\Windows\System\wKUcHKG.exe N/A
N/A N/A C:\Windows\System\vbFvwQz.exe N/A
N/A N/A C:\Windows\System\exaeShk.exe N/A
N/A N/A C:\Windows\System\IiOiTst.exe N/A
N/A N/A C:\Windows\System\rWAboQC.exe N/A
N/A N/A C:\Windows\System\NMcYjzE.exe N/A
N/A N/A C:\Windows\System\TELqIIy.exe N/A
N/A N/A C:\Windows\System\XRSVAuK.exe N/A
N/A N/A C:\Windows\System\osJgNPK.exe N/A
N/A N/A C:\Windows\System\PXRhxdZ.exe N/A
N/A N/A C:\Windows\System\ijCPjUW.exe N/A
N/A N/A C:\Windows\System\KzRUOzR.exe N/A
N/A N/A C:\Windows\System\WtgdDfg.exe N/A
N/A N/A C:\Windows\System\tgTZWUq.exe N/A
N/A N/A C:\Windows\System\aQWskCR.exe N/A
N/A N/A C:\Windows\System\vCYHlGM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\deftdno.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDxIsTu.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PXRhxdZ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhZnDdY.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vakKEsj.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmEpfBT.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZsihQx.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmcgViN.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPQnOFm.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgtZQhn.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDqoUev.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PGWagWK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRLfrZb.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozIXCfK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TalzvCB.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KloDsDO.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwxfvFT.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvCWCWH.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\exaeShk.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlbvMdx.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRBxBPy.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DRCAZCc.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jentzCh.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgTZWUq.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbnQgIQ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxhclBa.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRUmrar.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtbCKNU.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDTYdSD.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlSbRfN.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlmBdcA.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ngCDuER.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtBGsag.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOfPpdz.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYuKeSD.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwnIIEK.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSSKGZx.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMhLvIo.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUpJixn.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcqmbGp.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sGNmAnv.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WZcMCuM.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gbaFynk.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnNXyrU.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlTUtQl.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqtcWFZ.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKXbGQi.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLQQobf.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOQFzUT.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzlzoiF.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVUKVKl.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\opSfQfn.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\azJWtek.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UiSodXL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdYjIqI.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOlcBtN.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHEcPWo.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzRUOzR.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FvnftIV.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RGgmSHa.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TdAZIPz.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOTqQjs.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbKFNbT.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DhdSjwL.exe C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bocJfWB.exe
PID 2192 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bocJfWB.exe
PID 2192 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bocJfWB.exe
PID 2192 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\qIkJaIs.exe
PID 2192 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\qIkJaIs.exe
PID 2192 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\qIkJaIs.exe
PID 2192 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\ouapept.exe
PID 2192 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\ouapept.exe
PID 2192 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\ouapept.exe
PID 2192 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NKWLZmZ.exe
PID 2192 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NKWLZmZ.exe
PID 2192 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NKWLZmZ.exe
PID 2192 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\FFTIefv.exe
PID 2192 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\FFTIefv.exe
PID 2192 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\FFTIefv.exe
PID 2192 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\dIoDaFf.exe
PID 2192 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\dIoDaFf.exe
PID 2192 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\dIoDaFf.exe
PID 2192 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\kNTEnvi.exe
PID 2192 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\kNTEnvi.exe
PID 2192 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\kNTEnvi.exe
PID 2192 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\OWVBjmi.exe
PID 2192 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\OWVBjmi.exe
PID 2192 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\OWVBjmi.exe
PID 2192 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vPYaokv.exe
PID 2192 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vPYaokv.exe
PID 2192 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vPYaokv.exe
PID 2192 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\tCiSNEv.exe
PID 2192 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\tCiSNEv.exe
PID 2192 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\tCiSNEv.exe
PID 2192 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\XSJIaSM.exe
PID 2192 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\XSJIaSM.exe
PID 2192 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\XSJIaSM.exe
PID 2192 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\xEWpRQk.exe
PID 2192 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\xEWpRQk.exe
PID 2192 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\xEWpRQk.exe
PID 2192 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\sdnhuOr.exe
PID 2192 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\sdnhuOr.exe
PID 2192 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\sdnhuOr.exe
PID 2192 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\mlSbRfN.exe
PID 2192 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\mlSbRfN.exe
PID 2192 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\mlSbRfN.exe
PID 2192 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bdUfGtd.exe
PID 2192 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bdUfGtd.exe
PID 2192 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\bdUfGtd.exe
PID 2192 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\JKKxJBS.exe
PID 2192 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\JKKxJBS.exe
PID 2192 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\JKKxJBS.exe
PID 2192 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\aevOyYO.exe
PID 2192 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\aevOyYO.exe
PID 2192 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\aevOyYO.exe
PID 2192 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IzlzoiF.exe
PID 2192 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IzlzoiF.exe
PID 2192 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\IzlzoiF.exe
PID 2192 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NtDgPGC.exe
PID 2192 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NtDgPGC.exe
PID 2192 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\NtDgPGC.exe
PID 2192 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\lnpbOqa.exe
PID 2192 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\lnpbOqa.exe
PID 2192 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\lnpbOqa.exe
PID 2192 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\hEWwoiP.exe
PID 2192 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\hEWwoiP.exe
PID 2192 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\hEWwoiP.exe
PID 2192 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe C:\Windows\System\vkkfePz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\956d32d32038aae7fce906ba8a0388c0_NeikiAnalytics.exe"

C:\Windows\System\bocJfWB.exe

C:\Windows\System\bocJfWB.exe

C:\Windows\System\qIkJaIs.exe

C:\Windows\System\qIkJaIs.exe

C:\Windows\System\ouapept.exe

C:\Windows\System\ouapept.exe

C:\Windows\System\NKWLZmZ.exe

C:\Windows\System\NKWLZmZ.exe

C:\Windows\System\FFTIefv.exe

C:\Windows\System\FFTIefv.exe

C:\Windows\System\dIoDaFf.exe

C:\Windows\System\dIoDaFf.exe

C:\Windows\System\kNTEnvi.exe

C:\Windows\System\kNTEnvi.exe

C:\Windows\System\OWVBjmi.exe

C:\Windows\System\OWVBjmi.exe

C:\Windows\System\vPYaokv.exe

C:\Windows\System\vPYaokv.exe

C:\Windows\System\tCiSNEv.exe

C:\Windows\System\tCiSNEv.exe

C:\Windows\System\XSJIaSM.exe

C:\Windows\System\XSJIaSM.exe

C:\Windows\System\xEWpRQk.exe

C:\Windows\System\xEWpRQk.exe

C:\Windows\System\sdnhuOr.exe

C:\Windows\System\sdnhuOr.exe

C:\Windows\System\mlSbRfN.exe

C:\Windows\System\mlSbRfN.exe

C:\Windows\System\bdUfGtd.exe

C:\Windows\System\bdUfGtd.exe

C:\Windows\System\JKKxJBS.exe

C:\Windows\System\JKKxJBS.exe

C:\Windows\System\aevOyYO.exe

C:\Windows\System\aevOyYO.exe

C:\Windows\System\IzlzoiF.exe

C:\Windows\System\IzlzoiF.exe

C:\Windows\System\NtDgPGC.exe

C:\Windows\System\NtDgPGC.exe

C:\Windows\System\lnpbOqa.exe

C:\Windows\System\lnpbOqa.exe

C:\Windows\System\hEWwoiP.exe

C:\Windows\System\hEWwoiP.exe

C:\Windows\System\vkkfePz.exe

C:\Windows\System\vkkfePz.exe

C:\Windows\System\XbcnmSH.exe

C:\Windows\System\XbcnmSH.exe

C:\Windows\System\ktkPlFR.exe

C:\Windows\System\ktkPlFR.exe

C:\Windows\System\JFCxrWj.exe

C:\Windows\System\JFCxrWj.exe

C:\Windows\System\AUWlXRJ.exe

C:\Windows\System\AUWlXRJ.exe

C:\Windows\System\OrPnSOZ.exe

C:\Windows\System\OrPnSOZ.exe

C:\Windows\System\imQQlhC.exe

C:\Windows\System\imQQlhC.exe

C:\Windows\System\qlzAfsE.exe

C:\Windows\System\qlzAfsE.exe

C:\Windows\System\AbnQgIQ.exe

C:\Windows\System\AbnQgIQ.exe

C:\Windows\System\jGCAqOk.exe

C:\Windows\System\jGCAqOk.exe

C:\Windows\System\xXOQiwi.exe

C:\Windows\System\xXOQiwi.exe

C:\Windows\System\BTvYNgS.exe

C:\Windows\System\BTvYNgS.exe

C:\Windows\System\UYFXDQG.exe

C:\Windows\System\UYFXDQG.exe

C:\Windows\System\jxhclBa.exe

C:\Windows\System\jxhclBa.exe

C:\Windows\System\nCMDljp.exe

C:\Windows\System\nCMDljp.exe

C:\Windows\System\owuSAMe.exe

C:\Windows\System\owuSAMe.exe

C:\Windows\System\jentzCh.exe

C:\Windows\System\jentzCh.exe

C:\Windows\System\TVUKVKl.exe

C:\Windows\System\TVUKVKl.exe

C:\Windows\System\BOUraUm.exe

C:\Windows\System\BOUraUm.exe

C:\Windows\System\LKLWbZA.exe

C:\Windows\System\LKLWbZA.exe

C:\Windows\System\ZkrTKpA.exe

C:\Windows\System\ZkrTKpA.exe

C:\Windows\System\lWbVxhm.exe

C:\Windows\System\lWbVxhm.exe

C:\Windows\System\lzymMFa.exe

C:\Windows\System\lzymMFa.exe

C:\Windows\System\fFEjbDa.exe

C:\Windows\System\fFEjbDa.exe

C:\Windows\System\levnfLf.exe

C:\Windows\System\levnfLf.exe

C:\Windows\System\WdRIwIq.exe

C:\Windows\System\WdRIwIq.exe

C:\Windows\System\MXZQZfN.exe

C:\Windows\System\MXZQZfN.exe

C:\Windows\System\wKUcHKG.exe

C:\Windows\System\wKUcHKG.exe

C:\Windows\System\vbFvwQz.exe

C:\Windows\System\vbFvwQz.exe

C:\Windows\System\exaeShk.exe

C:\Windows\System\exaeShk.exe

C:\Windows\System\IiOiTst.exe

C:\Windows\System\IiOiTst.exe

C:\Windows\System\rWAboQC.exe

C:\Windows\System\rWAboQC.exe

C:\Windows\System\NMcYjzE.exe

C:\Windows\System\NMcYjzE.exe

C:\Windows\System\TELqIIy.exe

C:\Windows\System\TELqIIy.exe

C:\Windows\System\XRSVAuK.exe

C:\Windows\System\XRSVAuK.exe

C:\Windows\System\osJgNPK.exe

C:\Windows\System\osJgNPK.exe

C:\Windows\System\PXRhxdZ.exe

C:\Windows\System\PXRhxdZ.exe

C:\Windows\System\ijCPjUW.exe

C:\Windows\System\ijCPjUW.exe

C:\Windows\System\KzRUOzR.exe

C:\Windows\System\KzRUOzR.exe

C:\Windows\System\WtgdDfg.exe

C:\Windows\System\WtgdDfg.exe

C:\Windows\System\tgTZWUq.exe

C:\Windows\System\tgTZWUq.exe

C:\Windows\System\aQWskCR.exe

C:\Windows\System\aQWskCR.exe

C:\Windows\System\vCYHlGM.exe

C:\Windows\System\vCYHlGM.exe

C:\Windows\System\VqDGgQS.exe

C:\Windows\System\VqDGgQS.exe

C:\Windows\System\jRBzUlq.exe

C:\Windows\System\jRBzUlq.exe

C:\Windows\System\oaXtPjU.exe

C:\Windows\System\oaXtPjU.exe

C:\Windows\System\TPTReaf.exe

C:\Windows\System\TPTReaf.exe

C:\Windows\System\KYIesOi.exe

C:\Windows\System\KYIesOi.exe

C:\Windows\System\PlWVFsS.exe

C:\Windows\System\PlWVFsS.exe

C:\Windows\System\npXGfJn.exe

C:\Windows\System\npXGfJn.exe

C:\Windows\System\rdYLnau.exe

C:\Windows\System\rdYLnau.exe

C:\Windows\System\ucniNga.exe

C:\Windows\System\ucniNga.exe

C:\Windows\System\rhZnDdY.exe

C:\Windows\System\rhZnDdY.exe

C:\Windows\System\CWLYjRF.exe

C:\Windows\System\CWLYjRF.exe

C:\Windows\System\vCbHqne.exe

C:\Windows\System\vCbHqne.exe

C:\Windows\System\wzkHzKP.exe

C:\Windows\System\wzkHzKP.exe

C:\Windows\System\MVGjjaK.exe

C:\Windows\System\MVGjjaK.exe

C:\Windows\System\mPqqpjJ.exe

C:\Windows\System\mPqqpjJ.exe

C:\Windows\System\sTcqLQO.exe

C:\Windows\System\sTcqLQO.exe

C:\Windows\System\vakKEsj.exe

C:\Windows\System\vakKEsj.exe

C:\Windows\System\sSqNmiB.exe

C:\Windows\System\sSqNmiB.exe

C:\Windows\System\JxShPRB.exe

C:\Windows\System\JxShPRB.exe

C:\Windows\System\jcqmbGp.exe

C:\Windows\System\jcqmbGp.exe

C:\Windows\System\ryKxVor.exe

C:\Windows\System\ryKxVor.exe

C:\Windows\System\MHeNSsW.exe

C:\Windows\System\MHeNSsW.exe

C:\Windows\System\zOjmQYB.exe

C:\Windows\System\zOjmQYB.exe

C:\Windows\System\nmfZycc.exe

C:\Windows\System\nmfZycc.exe

C:\Windows\System\BmEpfBT.exe

C:\Windows\System\BmEpfBT.exe

C:\Windows\System\hDSbGqB.exe

C:\Windows\System\hDSbGqB.exe

C:\Windows\System\UGegMCy.exe

C:\Windows\System\UGegMCy.exe

C:\Windows\System\FvnftIV.exe

C:\Windows\System\FvnftIV.exe

C:\Windows\System\sGNmAnv.exe

C:\Windows\System\sGNmAnv.exe

C:\Windows\System\utbkEYN.exe

C:\Windows\System\utbkEYN.exe

C:\Windows\System\tTGjTXV.exe

C:\Windows\System\tTGjTXV.exe

C:\Windows\System\xRnEHCo.exe

C:\Windows\System\xRnEHCo.exe

C:\Windows\System\LTfPPVN.exe

C:\Windows\System\LTfPPVN.exe

C:\Windows\System\TIkbLUX.exe

C:\Windows\System\TIkbLUX.exe

C:\Windows\System\EkkRRDL.exe

C:\Windows\System\EkkRRDL.exe

C:\Windows\System\pNyOjSk.exe

C:\Windows\System\pNyOjSk.exe

C:\Windows\System\oxIkbZO.exe

C:\Windows\System\oxIkbZO.exe

C:\Windows\System\lVFvjEm.exe

C:\Windows\System\lVFvjEm.exe

C:\Windows\System\tyWApBi.exe

C:\Windows\System\tyWApBi.exe

C:\Windows\System\PgNTFUB.exe

C:\Windows\System\PgNTFUB.exe

C:\Windows\System\cgtZQhn.exe

C:\Windows\System\cgtZQhn.exe

C:\Windows\System\DgyfMUW.exe

C:\Windows\System\DgyfMUW.exe

C:\Windows\System\sKucXHs.exe

C:\Windows\System\sKucXHs.exe

C:\Windows\System\vlbvMdx.exe

C:\Windows\System\vlbvMdx.exe

C:\Windows\System\RGgmSHa.exe

C:\Windows\System\RGgmSHa.exe

C:\Windows\System\eOTBVgk.exe

C:\Windows\System\eOTBVgk.exe

C:\Windows\System\RNZwMCp.exe

C:\Windows\System\RNZwMCp.exe

C:\Windows\System\qVfQQdy.exe

C:\Windows\System\qVfQQdy.exe

C:\Windows\System\yUeVnBJ.exe

C:\Windows\System\yUeVnBJ.exe

C:\Windows\System\TFcfRYv.exe

C:\Windows\System\TFcfRYv.exe

C:\Windows\System\KRDOBBC.exe

C:\Windows\System\KRDOBBC.exe

C:\Windows\System\HdAPFPS.exe

C:\Windows\System\HdAPFPS.exe

C:\Windows\System\pcggzrQ.exe

C:\Windows\System\pcggzrQ.exe

C:\Windows\System\iZsihQx.exe

C:\Windows\System\iZsihQx.exe

C:\Windows\System\mPIRSXE.exe

C:\Windows\System\mPIRSXE.exe

C:\Windows\System\HyjFjVj.exe

C:\Windows\System\HyjFjVj.exe

C:\Windows\System\mpTLRXi.exe

C:\Windows\System\mpTLRXi.exe

C:\Windows\System\HbhbBpu.exe

C:\Windows\System\HbhbBpu.exe

C:\Windows\System\UACsyjY.exe

C:\Windows\System\UACsyjY.exe

C:\Windows\System\fdAJBTV.exe

C:\Windows\System\fdAJBTV.exe

C:\Windows\System\hyQDXqe.exe

C:\Windows\System\hyQDXqe.exe

C:\Windows\System\pvSgWhX.exe

C:\Windows\System\pvSgWhX.exe

C:\Windows\System\FuXbizM.exe

C:\Windows\System\FuXbizM.exe

C:\Windows\System\CRUmrar.exe

C:\Windows\System\CRUmrar.exe

C:\Windows\System\TdAZIPz.exe

C:\Windows\System\TdAZIPz.exe

C:\Windows\System\IpmpeCV.exe

C:\Windows\System\IpmpeCV.exe

C:\Windows\System\WZcMCuM.exe

C:\Windows\System\WZcMCuM.exe

C:\Windows\System\NlmBdcA.exe

C:\Windows\System\NlmBdcA.exe

C:\Windows\System\eDqoUev.exe

C:\Windows\System\eDqoUev.exe

C:\Windows\System\iqtcWFZ.exe

C:\Windows\System\iqtcWFZ.exe

C:\Windows\System\UKtHmmc.exe

C:\Windows\System\UKtHmmc.exe

C:\Windows\System\HbWNRes.exe

C:\Windows\System\HbWNRes.exe

C:\Windows\System\OPFfNKl.exe

C:\Windows\System\OPFfNKl.exe

C:\Windows\System\QuwbxSO.exe

C:\Windows\System\QuwbxSO.exe

C:\Windows\System\VYODtyw.exe

C:\Windows\System\VYODtyw.exe

C:\Windows\System\ngCDuER.exe

C:\Windows\System\ngCDuER.exe

C:\Windows\System\DwOsBOi.exe

C:\Windows\System\DwOsBOi.exe

C:\Windows\System\HpxTsJS.exe

C:\Windows\System\HpxTsJS.exe

C:\Windows\System\ZOmDGEW.exe

C:\Windows\System\ZOmDGEW.exe

C:\Windows\System\SSSKGZx.exe

C:\Windows\System\SSSKGZx.exe

C:\Windows\System\lGOpByw.exe

C:\Windows\System\lGOpByw.exe

C:\Windows\System\Okbaluw.exe

C:\Windows\System\Okbaluw.exe

C:\Windows\System\fkFjYNK.exe

C:\Windows\System\fkFjYNK.exe

C:\Windows\System\HRMbrdg.exe

C:\Windows\System\HRMbrdg.exe

C:\Windows\System\klnGcuy.exe

C:\Windows\System\klnGcuy.exe

C:\Windows\System\GKXbGQi.exe

C:\Windows\System\GKXbGQi.exe

C:\Windows\System\MSTzCpz.exe

C:\Windows\System\MSTzCpz.exe

C:\Windows\System\ATpTIEZ.exe

C:\Windows\System\ATpTIEZ.exe

C:\Windows\System\NoZDuar.exe

C:\Windows\System\NoZDuar.exe

C:\Windows\System\VkqUSsH.exe

C:\Windows\System\VkqUSsH.exe

C:\Windows\System\CAhMsiZ.exe

C:\Windows\System\CAhMsiZ.exe

C:\Windows\System\JBpvDJZ.exe

C:\Windows\System\JBpvDJZ.exe

C:\Windows\System\ZdDSXOw.exe

C:\Windows\System\ZdDSXOw.exe

C:\Windows\System\exsFUmn.exe

C:\Windows\System\exsFUmn.exe

C:\Windows\System\ozIXCfK.exe

C:\Windows\System\ozIXCfK.exe

C:\Windows\System\Uaknhws.exe

C:\Windows\System\Uaknhws.exe

C:\Windows\System\CcxWQsg.exe

C:\Windows\System\CcxWQsg.exe

C:\Windows\System\SbLqdCq.exe

C:\Windows\System\SbLqdCq.exe

C:\Windows\System\FGbKymX.exe

C:\Windows\System\FGbKymX.exe

C:\Windows\System\opSfQfn.exe

C:\Windows\System\opSfQfn.exe

C:\Windows\System\AFaiTvc.exe

C:\Windows\System\AFaiTvc.exe

C:\Windows\System\NxRIecg.exe

C:\Windows\System\NxRIecg.exe

C:\Windows\System\ATwDgkH.exe

C:\Windows\System\ATwDgkH.exe

C:\Windows\System\dllXKNu.exe

C:\Windows\System\dllXKNu.exe

C:\Windows\System\TnCBMku.exe

C:\Windows\System\TnCBMku.exe

C:\Windows\System\nHZLPYG.exe

C:\Windows\System\nHZLPYG.exe

C:\Windows\System\OmcgViN.exe

C:\Windows\System\OmcgViN.exe

C:\Windows\System\NkJNwYn.exe

C:\Windows\System\NkJNwYn.exe

C:\Windows\System\KTUQDUA.exe

C:\Windows\System\KTUQDUA.exe

C:\Windows\System\waxVxMM.exe

C:\Windows\System\waxVxMM.exe

C:\Windows\System\eOTqQjs.exe

C:\Windows\System\eOTqQjs.exe

C:\Windows\System\gNFIEYq.exe

C:\Windows\System\gNFIEYq.exe

C:\Windows\System\gbaFynk.exe

C:\Windows\System\gbaFynk.exe

C:\Windows\System\crDyqAw.exe

C:\Windows\System\crDyqAw.exe

C:\Windows\System\fvEVQtq.exe

C:\Windows\System\fvEVQtq.exe

C:\Windows\System\AZgxrCE.exe

C:\Windows\System\AZgxrCE.exe

C:\Windows\System\Vxxkubr.exe

C:\Windows\System\Vxxkubr.exe

C:\Windows\System\dbKFNbT.exe

C:\Windows\System\dbKFNbT.exe

C:\Windows\System\JIkYYmC.exe

C:\Windows\System\JIkYYmC.exe

C:\Windows\System\ytvAgBH.exe

C:\Windows\System\ytvAgBH.exe

C:\Windows\System\pHysnCC.exe

C:\Windows\System\pHysnCC.exe

C:\Windows\System\bOlcBtN.exe

C:\Windows\System\bOlcBtN.exe

C:\Windows\System\yDNcSKA.exe

C:\Windows\System\yDNcSKA.exe

C:\Windows\System\eHEcPWo.exe

C:\Windows\System\eHEcPWo.exe

C:\Windows\System\cEPScre.exe

C:\Windows\System\cEPScre.exe

C:\Windows\System\vLKUaUo.exe

C:\Windows\System\vLKUaUo.exe

C:\Windows\System\NxCxvGn.exe

C:\Windows\System\NxCxvGn.exe

C:\Windows\System\NXNtKLV.exe

C:\Windows\System\NXNtKLV.exe

C:\Windows\System\HInqWOl.exe

C:\Windows\System\HInqWOl.exe

C:\Windows\System\knMCmMf.exe

C:\Windows\System\knMCmMf.exe

C:\Windows\System\Yuqfitf.exe

C:\Windows\System\Yuqfitf.exe

C:\Windows\System\ZTXLQxd.exe

C:\Windows\System\ZTXLQxd.exe

C:\Windows\System\iIIxAeW.exe

C:\Windows\System\iIIxAeW.exe

C:\Windows\System\yMGlCZR.exe

C:\Windows\System\yMGlCZR.exe

C:\Windows\System\RgtdxSh.exe

C:\Windows\System\RgtdxSh.exe

C:\Windows\System\yrdaoIw.exe

C:\Windows\System\yrdaoIw.exe

C:\Windows\System\jtBGsag.exe

C:\Windows\System\jtBGsag.exe

C:\Windows\System\JOfPpdz.exe

C:\Windows\System\JOfPpdz.exe

C:\Windows\System\rQEWwTZ.exe

C:\Windows\System\rQEWwTZ.exe

C:\Windows\System\ggHFhpo.exe

C:\Windows\System\ggHFhpo.exe

C:\Windows\System\FLQQobf.exe

C:\Windows\System\FLQQobf.exe

C:\Windows\System\PGWagWK.exe

C:\Windows\System\PGWagWK.exe

C:\Windows\System\DhdSjwL.exe

C:\Windows\System\DhdSjwL.exe

C:\Windows\System\vsEiSKq.exe

C:\Windows\System\vsEiSKq.exe

C:\Windows\System\ULbpujq.exe

C:\Windows\System\ULbpujq.exe

C:\Windows\System\wlRzJvQ.exe

C:\Windows\System\wlRzJvQ.exe

C:\Windows\System\FuIkmJd.exe

C:\Windows\System\FuIkmJd.exe

C:\Windows\System\IYdGFOg.exe

C:\Windows\System\IYdGFOg.exe

C:\Windows\System\sAUCoEn.exe

C:\Windows\System\sAUCoEn.exe

C:\Windows\System\VeCEovh.exe

C:\Windows\System\VeCEovh.exe

C:\Windows\System\yXGJThV.exe

C:\Windows\System\yXGJThV.exe

C:\Windows\System\BOQFzUT.exe

C:\Windows\System\BOQFzUT.exe

C:\Windows\System\qCPGQLj.exe

C:\Windows\System\qCPGQLj.exe

C:\Windows\System\hsfJjWw.exe

C:\Windows\System\hsfJjWw.exe

C:\Windows\System\HkxsYUl.exe

C:\Windows\System\HkxsYUl.exe

C:\Windows\System\mkFBFJA.exe

C:\Windows\System\mkFBFJA.exe

C:\Windows\System\BnNXyrU.exe

C:\Windows\System\BnNXyrU.exe

C:\Windows\System\eZYwzvk.exe

C:\Windows\System\eZYwzvk.exe

C:\Windows\System\QNdlRCj.exe

C:\Windows\System\QNdlRCj.exe

C:\Windows\System\KRBxBPy.exe

C:\Windows\System\KRBxBPy.exe

C:\Windows\System\DRCAZCc.exe

C:\Windows\System\DRCAZCc.exe

C:\Windows\System\HcrFjsP.exe

C:\Windows\System\HcrFjsP.exe

C:\Windows\System\EnTfUah.exe

C:\Windows\System\EnTfUah.exe

C:\Windows\System\VltJlvP.exe

C:\Windows\System\VltJlvP.exe

C:\Windows\System\LvLzsCl.exe

C:\Windows\System\LvLzsCl.exe

C:\Windows\System\dtQtokZ.exe

C:\Windows\System\dtQtokZ.exe

C:\Windows\System\oNTkNhx.exe

C:\Windows\System\oNTkNhx.exe

C:\Windows\System\CJKnDGa.exe

C:\Windows\System\CJKnDGa.exe

C:\Windows\System\TalzvCB.exe

C:\Windows\System\TalzvCB.exe

C:\Windows\System\MMhLvIo.exe

C:\Windows\System\MMhLvIo.exe

C:\Windows\System\oAWjdVL.exe

C:\Windows\System\oAWjdVL.exe

C:\Windows\System\cgNyTCC.exe

C:\Windows\System\cgNyTCC.exe

C:\Windows\System\axojwpQ.exe

C:\Windows\System\axojwpQ.exe

C:\Windows\System\azJWtek.exe

C:\Windows\System\azJWtek.exe

C:\Windows\System\TYuKeSD.exe

C:\Windows\System\TYuKeSD.exe

C:\Windows\System\dhLDAvE.exe

C:\Windows\System\dhLDAvE.exe

C:\Windows\System\MbTlMPo.exe

C:\Windows\System\MbTlMPo.exe

C:\Windows\System\jXDBRaw.exe

C:\Windows\System\jXDBRaw.exe

C:\Windows\System\qVFHRBY.exe

C:\Windows\System\qVFHRBY.exe

C:\Windows\System\FKiwbmx.exe

C:\Windows\System\FKiwbmx.exe

C:\Windows\System\dhSoXgV.exe

C:\Windows\System\dhSoXgV.exe

C:\Windows\System\NNuDdRF.exe

C:\Windows\System\NNuDdRF.exe

C:\Windows\System\uxeyxSp.exe

C:\Windows\System\uxeyxSp.exe

C:\Windows\System\VEogBGl.exe

C:\Windows\System\VEogBGl.exe

C:\Windows\System\hpTKBsu.exe

C:\Windows\System\hpTKBsu.exe

C:\Windows\System\GbaMblj.exe

C:\Windows\System\GbaMblj.exe

C:\Windows\System\CwZATFF.exe

C:\Windows\System\CwZATFF.exe

C:\Windows\System\deftdno.exe

C:\Windows\System\deftdno.exe

C:\Windows\System\dewMarx.exe

C:\Windows\System\dewMarx.exe

C:\Windows\System\GnFBEGO.exe

C:\Windows\System\GnFBEGO.exe

C:\Windows\System\KloDsDO.exe

C:\Windows\System\KloDsDO.exe

C:\Windows\System\qQSLqsA.exe

C:\Windows\System\qQSLqsA.exe

C:\Windows\System\kDxIsTu.exe

C:\Windows\System\kDxIsTu.exe

C:\Windows\System\zrBHTKX.exe

C:\Windows\System\zrBHTKX.exe

C:\Windows\System\xtbCKNU.exe

C:\Windows\System\xtbCKNU.exe

C:\Windows\System\mpreOkD.exe

C:\Windows\System\mpreOkD.exe

C:\Windows\System\cPNOuvk.exe

C:\Windows\System\cPNOuvk.exe

C:\Windows\System\XLuQWMd.exe

C:\Windows\System\XLuQWMd.exe

C:\Windows\System\cGEdeIi.exe

C:\Windows\System\cGEdeIi.exe

C:\Windows\System\sOMAwBv.exe

C:\Windows\System\sOMAwBv.exe

C:\Windows\System\uRLfrZb.exe

C:\Windows\System\uRLfrZb.exe

C:\Windows\System\oxKnaDa.exe

C:\Windows\System\oxKnaDa.exe

C:\Windows\System\kcfJEJd.exe

C:\Windows\System\kcfJEJd.exe

C:\Windows\System\lwnIIEK.exe

C:\Windows\System\lwnIIEK.exe

C:\Windows\System\LRLgghS.exe

C:\Windows\System\LRLgghS.exe

C:\Windows\System\lLlevuv.exe

C:\Windows\System\lLlevuv.exe

C:\Windows\System\NZeqHbM.exe

C:\Windows\System\NZeqHbM.exe

C:\Windows\System\QIWZnbJ.exe

C:\Windows\System\QIWZnbJ.exe

C:\Windows\System\UBCaJPL.exe

C:\Windows\System\UBCaJPL.exe

C:\Windows\System\EMqcaFD.exe

C:\Windows\System\EMqcaFD.exe

C:\Windows\System\pjHIxiP.exe

C:\Windows\System\pjHIxiP.exe

C:\Windows\System\jrArnKP.exe

C:\Windows\System\jrArnKP.exe

C:\Windows\System\bZkaBjG.exe

C:\Windows\System\bZkaBjG.exe

C:\Windows\System\lLTCdwx.exe

C:\Windows\System\lLTCdwx.exe

C:\Windows\System\xYzJMno.exe

C:\Windows\System\xYzJMno.exe

C:\Windows\System\FvjWXVs.exe

C:\Windows\System\FvjWXVs.exe

C:\Windows\System\JMbPRBz.exe

C:\Windows\System\JMbPRBz.exe

C:\Windows\System\nSfxpdb.exe

C:\Windows\System\nSfxpdb.exe

C:\Windows\System\zPwoiOk.exe

C:\Windows\System\zPwoiOk.exe

C:\Windows\System\gPPYOwA.exe

C:\Windows\System\gPPYOwA.exe

C:\Windows\System\MIzXzQh.exe

C:\Windows\System\MIzXzQh.exe

C:\Windows\System\MJNEZie.exe

C:\Windows\System\MJNEZie.exe

C:\Windows\System\eXTUPPc.exe

C:\Windows\System\eXTUPPc.exe

C:\Windows\System\vUiwVTn.exe

C:\Windows\System\vUiwVTn.exe

C:\Windows\System\MbkvESP.exe

C:\Windows\System\MbkvESP.exe

C:\Windows\System\QoPULvW.exe

C:\Windows\System\QoPULvW.exe

C:\Windows\System\HGuvYqU.exe

C:\Windows\System\HGuvYqU.exe

C:\Windows\System\KmttpSa.exe

C:\Windows\System\KmttpSa.exe

C:\Windows\System\xwxfvFT.exe

C:\Windows\System\xwxfvFT.exe

C:\Windows\System\CONVhSj.exe

C:\Windows\System\CONVhSj.exe

C:\Windows\System\tPQnOFm.exe

C:\Windows\System\tPQnOFm.exe

C:\Windows\System\tLnWeUr.exe

C:\Windows\System\tLnWeUr.exe

C:\Windows\System\MGCydDc.exe

C:\Windows\System\MGCydDc.exe

C:\Windows\System\fFwylSk.exe

C:\Windows\System\fFwylSk.exe

C:\Windows\System\QUpJixn.exe

C:\Windows\System\QUpJixn.exe

C:\Windows\System\UwQsQSp.exe

C:\Windows\System\UwQsQSp.exe

C:\Windows\System\BXIQnfC.exe

C:\Windows\System\BXIQnfC.exe

C:\Windows\System\uBjhkTp.exe

C:\Windows\System\uBjhkTp.exe

C:\Windows\System\eWMyIHL.exe

C:\Windows\System\eWMyIHL.exe

C:\Windows\System\ZGdPGnw.exe

C:\Windows\System\ZGdPGnw.exe

C:\Windows\System\FDTYdSD.exe

C:\Windows\System\FDTYdSD.exe

C:\Windows\System\ZlTUtQl.exe

C:\Windows\System\ZlTUtQl.exe

C:\Windows\System\sIbeyLR.exe

C:\Windows\System\sIbeyLR.exe

C:\Windows\System\EvCWCWH.exe

C:\Windows\System\EvCWCWH.exe

C:\Windows\System\HYTjsax.exe

C:\Windows\System\HYTjsax.exe

C:\Windows\System\KIQlAaO.exe

C:\Windows\System\KIQlAaO.exe

C:\Windows\System\zCxYIWf.exe

C:\Windows\System\zCxYIWf.exe

C:\Windows\System\uExjQHN.exe

C:\Windows\System\uExjQHN.exe

C:\Windows\System\yAfaWwy.exe

C:\Windows\System\yAfaWwy.exe

C:\Windows\System\UiSodXL.exe

C:\Windows\System\UiSodXL.exe

C:\Windows\System\VlQfllt.exe

C:\Windows\System\VlQfllt.exe

C:\Windows\System\SKonxXg.exe

C:\Windows\System\SKonxXg.exe

C:\Windows\System\OqACVhF.exe

C:\Windows\System\OqACVhF.exe

C:\Windows\System\rcmhGDD.exe

C:\Windows\System\rcmhGDD.exe

C:\Windows\System\IeDonsN.exe

C:\Windows\System\IeDonsN.exe

C:\Windows\System\bAbePyG.exe

C:\Windows\System\bAbePyG.exe

C:\Windows\System\eUYkZvz.exe

C:\Windows\System\eUYkZvz.exe

C:\Windows\System\Fzrbdmy.exe

C:\Windows\System\Fzrbdmy.exe

C:\Windows\System\hEYUQKb.exe

C:\Windows\System\hEYUQKb.exe

C:\Windows\System\UdYjIqI.exe

C:\Windows\System\UdYjIqI.exe

C:\Windows\System\ZVjvlNz.exe

C:\Windows\System\ZVjvlNz.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2192-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2192-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\bocJfWB.exe

MD5 41c3bb811c26ef167c43c76cd3d27555
SHA1 3ca4b4d5fbac1be417f9016ebd057170023bf516
SHA256 b9cdf4693567882986472996e29ad30aeaa502066a92a6e439bc08abec1b1fdd
SHA512 a5e7697be4c5a330df931c7dbb65ec1e2effd318ca6f0d5ff5ecffe899543f4118da331484f252062981b6b887e9351ced36d63b6b4d9ef1e41079ad0dc14db1

\Windows\system\ouapept.exe

MD5 5f75dd8c7b400402d1836c74e2080f06
SHA1 679b086aaf19f08bd7fdf6c0992840cb3b40aab9
SHA256 50dd4fbd01afc64448ee8d6b4f5fb47510d9db2965bbc34cbd9a89a26194a7d7
SHA512 eeeaaa4051fccb77776319f2e6bcda341c4f2b105482ef6b72af64d8656ed5be0c8fe2b92ee79f82de9aebc4381009db79c6cba6e05d07feb3d20d218a9c8180

memory/2192-6-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\NKWLZmZ.exe

MD5 a577ea426ff34d3393c09c8eb93f70d9
SHA1 34dc8077f56a35b6b4985ed0bed8fbe2b86acecc
SHA256 2aca240dc33ea5cf9a5eae591420f4514958299645b122f0b1f52d349f91cff8
SHA512 a0f8753557fbadd767d354eb564c2a0b6a2bdadfb744a66953f8028bbddbeb886192214e5cf9e87f7a5a798f6d7688335323f563453a3995b410bbb489a169f7

memory/2192-12-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2652-28-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/3040-27-0x000000013FF40000-0x0000000140294000-memory.dmp

C:\Windows\system\qIkJaIs.exe

MD5 2d2988064fc5ec3ce2949ff79b40b07a
SHA1 d28bcb40e93ec4f3974087637814b8a06887e606
SHA256 57f11bf73ceaf4f2cd6a814a785c34eb07f63b7d730bdd1db67b23796cf6bf36
SHA512 f1db3dfc7cffe02e8a1bf0d2a2e56ce01a7db41a578b7bf8eebcfde70fe693d4cf0973ce2059d1f3d2c1c74fb14839e516ad4c78c0306feb1608c8b13050c4c5

C:\Windows\system\FFTIefv.exe

MD5 d122cbd0ea4941674eaea30bf8f045ec
SHA1 06a67ba6bfad2926d2301a4d4ce946dc5c6a3c25
SHA256 3e5be51353eb045e3a2b427dbe3b438e7bb5d66bc5de305c8d0a4c9d99b06080
SHA512 0303c6644213bbc7111ca6673b17bc5b75dac0446bb914832b3df42d48ac187af04aa1c82750b4c5f62d7923a429bf7ff638dedc496360095303277d15b64bae

memory/2192-40-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2192-54-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2572-55-0x000000013F960000-0x000000013FCB4000-memory.dmp

C:\Windows\system\vPYaokv.exe

MD5 2d157678ee7346188f16ef4b39bfed1e
SHA1 84b0a354bfbd1cd3ba88992af509f28acac2cd17
SHA256 739545435038011e4b8c0a62a9e3a4322414488ac04fffd537fb8496dbb0c98e
SHA512 626dceb8027c9e61ae22cdb7453d6c8642079484adb9be1a632b9e74347536ae7fe6d525c371385cec0f53af032eb8f10695177943bf46e28b920d5dc0200c66

memory/3064-84-0x000000013FC40000-0x000000013FF94000-memory.dmp

C:\Windows\system\bdUfGtd.exe

MD5 26ac97a765fc141d2ea95466905ff62e
SHA1 b926f006c34261a589d0a9d1a86d40b7803f2073
SHA256 67f52d9e6f38109b587e046da22061dd1286182438697423bd68b7ddfef16cb0
SHA512 c99e80054323d3ae2b40c79ee68b566f191309e0af77988c04d77751997dda95079a74a749c83ab4af08169c12eabeb8c8b614f2d01ad7111c70f152ad93ceda

C:\Windows\system\OrPnSOZ.exe

MD5 e9d76885f8a851f6a3effe296875ac00
SHA1 22d84b0f59d9eea9f7c35a2057f32ee357f8c51f
SHA256 2dd217c36f9f2686c3d5dbf95d0ddd30402632f15c45d8921d298622852a001d
SHA512 8112ed4e1b802599ee77023646d17cd11084b0814e8c75775e59ad0862c06812c101e5973181d9bc460470e511d9d4983098616340b37cc8029d7d3133f77743

memory/2192-1078-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/1548-1079-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2396-841-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2572-432-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2800-268-0x000000013F980000-0x000000013FCD4000-memory.dmp

C:\Windows\system\xXOQiwi.exe

MD5 e9fed30684e7c09139c5c75f4bd2a71c
SHA1 3be494cd1e07415534c08a32bca8bc90e59409de
SHA256 5acbb6dece5c97ed94ff73bba30b0d1b98cce9757970aa0acb1128d7871ca1dd
SHA512 31f0910159eb50dd0b4d75c1c682326f82a738f8db16a899e2baaf013925c1a7771b34099938f680b7abde263931e153c59940c66a6ae22681a61f7ad760845f

C:\Windows\system\jGCAqOk.exe

MD5 7583e416a69ead47629fbfcbf579d207
SHA1 c6b5d74141c5047269bf35ab2aa1bfdacbacec48
SHA256 5730b253b051a828bd887f2fb824381b90511fa003525fd57b006bffa0afe9a2
SHA512 231283f0b74247b42be343ec23e8c3454fa584a5470d7825ac10867b062d36b2bd18c3afa97a4ca8e8fd7a770edc2d407529473b0f7f9667cf98082a918bcb51

C:\Windows\system\AbnQgIQ.exe

MD5 1ad1038fbc5bf351190d1733897d3510
SHA1 3c614f49c97d6024bafbf51112e528b653db6b76
SHA256 cca93f1d414fab7a44aa4a413e130ac4d4dee5265e3b9f3543117743473107a7
SHA512 2e749656b735c266cb5cfba70757ec7a3d3d450fc8e53b05f017e943e2cbddc6cdf7e5b4b72936e8253d1b4710f9399b8d85e56f30dc586f12e3725499356aaf

C:\Windows\system\qlzAfsE.exe

MD5 a401118ba80958aab60f744ccdf27fbd
SHA1 e01bd8872601c5d63124126f3cee5ced4134930d
SHA256 bd8e409da1f287e7d8e46bd18a37bf66129bad9f7390cbff55795885ee9fec53
SHA512 709f0e4fd7f91e3f8e0a20bbe1f50e99c3b8d1d48ba91fcd73533a3384158d598eceadabae6f6e5dd151b8fc1fa701b698f6a014fb4dce9e054f6f81c383da5a

C:\Windows\system\imQQlhC.exe

MD5 efc89c954694903f24b45ba509fc5dbe
SHA1 64180f81e419cb51e440cf5b306965bf74f8db31
SHA256 4d7ab8185e379d24ae644ca5e82ee0468fefe8f31e3d5be26b641b91fe278b7e
SHA512 5c12f30eaf4803bafb53f94a06c5627fb4924e8b2a2fd8f10bc58959e9b613d5c47fc0e68d93a4e6c62086eeee6ee2e5f78060060d149491946e8ec987ab68f8

C:\Windows\system\AUWlXRJ.exe

MD5 82b6a9b799cc8ec6ed3b6e0b2fcc944c
SHA1 2ef00bc7dbbc5f7ada8e5aa247b89503a051aa6c
SHA256 543fbcb76c8a13f4ab4dbef821a6ae8f63755dc293f66cd99a2f07a304aa03a7
SHA512 ecc9d0ee772b21b8140dca5b127b7543ae927df602ce1c8e47bb22a6d92b24b6f9beb16ddfaeb0867aa3e2363229bb9b2ec494035d1d7c7866c80f0c1c28f7cc

C:\Windows\system\JFCxrWj.exe

MD5 9aad706a540c3aa609fa15914b326bd7
SHA1 1bea5f81d24c4f07289da3ac47608613e84ca632
SHA256 c8344b662870db2bb7cb4c885e15434556b35e4149aeb36ef233cb8b29c30190
SHA512 85a2246d7cf798c52fc6ef2046689519f77ae85d1dab4839eab498bcafbcd84805c1ae6e9f04960feb650b5133253a83bbe9efea12715168b42ebe7c72ef9be5

C:\Windows\system\ktkPlFR.exe

MD5 a41f2161fd7f0bcb26dff22c532cc350
SHA1 9f30d6039e030a161ccf30fbef257b89d8ee18ff
SHA256 42071fa1d3c784bd6a2a5f37f05e6fd00d86a5e5a303bc2b2d58823ebf56a550
SHA512 6297976b0719d5eac3dc8d41576b55853508fcd1bdf2bdd3a260117da06f41f98f829b82619040dbf38c5ab86597cb7335daf7a5809d65e2e5a4bcc3901f92b1

C:\Windows\system\XbcnmSH.exe

MD5 a7e454d06b9d289decdb754b95e2041f
SHA1 9b8b7c439122b68224511ebec79cdcbb101b8a52
SHA256 db157cf34df924bd3c724ee67ea15baa9930220072bc4d7a50573ff80d8a8e83
SHA512 cba2a5cf6920caa295d8371f90ca1e5f1920d6f11f4464edbff4ba0ebaa3676dd2e0eac68d9614354dabeae8650b04fef02ad4c87ce407b9b28ab2443fdcfec0

C:\Windows\system\vkkfePz.exe

MD5 a2fbe9e4a95f5a83132c35ab82e93795
SHA1 dd9a8c13f9f4519cc57329e80b838e848c23f8ac
SHA256 d8f9f9dd5d6737647c06753672a6ddf173ea984b082b3b4812a18087bf6a305a
SHA512 23dd726c8283e798e29b2fe066326a18ac3ae04309008bafce27ba846298a82be6111296f412075bef9ae6148ba669bfb34c9b9a03c2213e8e54009428d43ca7

C:\Windows\system\hEWwoiP.exe

MD5 2652fa4befa9f9f73a0699074d407e0d
SHA1 247e674357955a5967393fd7e3ffcd9c081ffb79
SHA256 63cc2a00d2b1ff33e4c0757c398d337336ab9448f4eaa30a2207327f222f5e1b
SHA512 379d94ced3bc329d39cad81f61821d8cebf57e64172703b70bb6edcbffd2de49cd1428771ebf3e5bbd19026b9d4a2f903a20ad440bc063495317824abd23c947

C:\Windows\system\lnpbOqa.exe

MD5 80c9810601a513b0dda100c4c3c5f52a
SHA1 aaf1048ad179af6825e9e83930a65c3fb507a74e
SHA256 90797c88d2508af928c5246a22bd32b0b6554a7ab28c1b6076b8f180bfadd31f
SHA512 ba8e26a0f3191baaec48271de3ed5f7d438bfba36bb37024e2c3f7cb5ad0d309238ffaa6b30dfcba84b8285dff00ddf23db876e3dcc6ec406e61488b71db6421

C:\Windows\system\NtDgPGC.exe

MD5 a0a37f25c0314b4efd6b67ddb96e7d48
SHA1 4aa5c2a5b5603daf39a65bdcb93d56937334f460
SHA256 802a81bf0ec92ba9e0ab8e86ecb45bdc2711ac89964330f9ff4d5ce393b24893
SHA512 0c8d6e6a3e2ec497bcfeb6f26a3af59f42ee10a86d7202aa7fa4972a8443f90057ef3100bcea9f409c2bb8baa7459e9da76ac972cf4dda5b12fb033ea88b4086

C:\Windows\system\IzlzoiF.exe

MD5 aced7a526cd9d385903eb37e172e59d5
SHA1 00c169a929860610093e3b01c8c488d35c7f1e01
SHA256 daca604a6bc20ef023ace7d2f1d343949d7e8b9c9583c9a4bbefcd9a6b6995e6
SHA512 b0cda42a8a81f52bc28e4a7c59de593f087dac5f3c7755e66ed4e40e39e8beb80261ab04de7ad7d049ea92ac65e866e094b5d74c54e4d10257ccfd750b5392b9

C:\Windows\system\aevOyYO.exe

MD5 9b313fab0550435dd175879e5a9fd25c
SHA1 8f4aec4f54ba059ccd697e699ba6ea2da97a6b55
SHA256 8e34d402cb5063ca11c6f8641a9ae969577b51d129526502877175bb79606063
SHA512 9b02f51cd07ee7b2ba2ee88339587f1890c4fd83276831ba85a8fe716ae36c37ab64bf3bcaee1e7322ad4dc5aa351701b5480be141c669ee89d0a76477613b1d

memory/2192-109-0x000000013F6B0000-0x000000013FA04000-memory.dmp

C:\Windows\system\JKKxJBS.exe

MD5 af1d3ddd2f1ff12fdd1297acada1b415
SHA1 1ad435b3ee0d924c00e44bd31c52b4bf717be08f
SHA256 0b8dec4fcd4a05451fd4341bfb304de1051fccb00ec6d0b4938d68519e82b22e
SHA512 9b0be307de749fe9b346b17f90d9b844a319fc0a597b16cacd05bac85454bc01894c4194aee1641972b2c430fb1b08eee220c2f76040b57ac2d2208e37647b58

memory/2516-108-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2956-102-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2192-101-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2804-95-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2192-94-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2652-93-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/3040-92-0x000000013FF40000-0x0000000140294000-memory.dmp

C:\Windows\system\mlSbRfN.exe

MD5 23aa72b0641bec87215457d14591185b
SHA1 89251ab3e79780a38befdfa2319b6ad3db000967
SHA256 c49442f3d54d2e534e9ac673732e19e0cd3cc8aac2db1034b18cf33a7b1d99b5
SHA512 9fdbc97beea11860d1f20e82f24bbac94a1ad6674c3742c208acf89f874a2f57cae54b5af1b88c56dd0cb9ac2faa304f8ec8c79d1c701af79f4fa7ef1f17ca13

C:\Windows\system\sdnhuOr.exe

MD5 196e8e77142ed44dd02b07a18fe84616
SHA1 46c371a0c72c8c8694491feb2637cce42108b6ee
SHA256 3b54759a454caaedec5049e84ebcd4c590dc45fb6ff564941deaff15106c6b8c
SHA512 0ac49a3a195033f48410690c457abadecad21630f756734def41a4db1bd82def90cd738f3a08484cc61f7a0001f39798e279c5e47e9ba7a88d22d6637fb9b336

memory/2148-86-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/1720-78-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2192-77-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2192-85-0x000000013F0C0000-0x000000013F414000-memory.dmp

C:\Windows\system\xEWpRQk.exe

MD5 4f5db99fd4548e739ac941c63e218b47
SHA1 19ec53919f4537d69dbf2daccee1fb457652900b
SHA256 f96db82cb61910944a0ec5560679343e13384473fb310e7f0f0b8799c6321d25
SHA512 3b698c532fb49e6b7b433e1068e8a46e46204c2e066878776265cf49b514baa354811e8d6b76ffb0e01232d9559f15bf2413719d69b5f3b2b799d2610c8c2d3d

C:\Windows\system\XSJIaSM.exe

MD5 7ee4835ada4e9378f8fa15ad88c6727d
SHA1 1fc267eb0b2ed9717bb0eface3522d3a47ca2ba0
SHA256 3d55c01779b057a4c61fdc766934aaba9843a46a791209759e364923e927159d
SHA512 8754fbd189258b83c51b2a6a2bc1c736957cab0ffc37369f3d811cabcc0b3a8e619d50d86a2ef4662249311138e9754fd724f30d18f3eee87efe3534b3e305bb

memory/1548-71-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2396-63-0x000000013F400000-0x000000013F754000-memory.dmp

memory/1776-62-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2192-70-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\tCiSNEv.exe

MD5 af698b685160971d4b0cb0a2d5b84d37
SHA1 c9597d84550ba559f532f9a6188198ecb7c91be8
SHA256 aec53039fb9d962a66c2a78d691ec0e61eaaf6c503d96076c9ec713231484c00
SHA512 ae043547343290edc4464537258eea5f3f8f81e301f1ad89c14d10d239eff2174a0644c8e93c73c19c6dbaf5f18b96e97d2ac405a3041efaf649deb95710db8d

memory/2192-59-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2800-49-0x000000013F980000-0x000000013FCD4000-memory.dmp

C:\Windows\system\OWVBjmi.exe

MD5 6743eae9e507cfe8ff3c7e87ceb6387b
SHA1 2ec1da0200b6645e7a5fe39e994bcae6423e8ef5
SHA256 4833ee8a6f8a759a8f989e9216885caeea6670042d89cb7c8932eeb0cded7dda
SHA512 9901a1540c64a3f3d5af95dbdc3607d5a9a059015c486c56e9ae9dc3916fccc0fca0eef00d8e750707a249a42a956b4e33e572f2dd54a72146a22d353e6eb5e6

memory/2192-48-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\kNTEnvi.exe

MD5 3923d6d5b6a6c59b93d618267550cbc4
SHA1 1976d0bd94860b3d734d08b4055fd29922513a52
SHA256 ab2ebaf537b6cde5ce5318f75345e102ff432e5c386e822e35a4030fc7e3c579
SHA512 b7b106b49372cf0020933194acfdd5a3c538eeda16aba906c5b72141f2ef36d57d826861c427d242c1b090fb22959153b6fe30167862d87156ca9f655d3d606a

memory/2516-41-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2372-34-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2192-33-0x000000013F240000-0x000000013F594000-memory.dmp

C:\Windows\system\dIoDaFf.exe

MD5 edb46803d11121bfc925ced7683d289d
SHA1 9b00da9c57ff9b423ce5da4d82acb28de414eee9
SHA256 458447ab14f3b4ec58e2bc62a8a1a937fe2fffd3dc2b93a6461579cfe24706e7
SHA512 e463acb39e0475a34278aa949657605b3b3542abc3f2a70d46c30540291e46c75d5668fac3010ba01be48a820eebf92e6784fb3d7408764db07f469b9372c303

memory/3064-24-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2192-22-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2192-20-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/1776-19-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2192-1080-0x000000013F610000-0x000000013F964000-memory.dmp

memory/1720-1081-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2192-1082-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2148-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2192-1084-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2804-1085-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2192-1086-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2956-1087-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2192-1088-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1776-1089-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/3064-1090-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2652-1092-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/3040-1091-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2516-1093-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2800-1094-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2572-1095-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2396-1096-0x000000013F400000-0x000000013F754000-memory.dmp

memory/1548-1097-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2148-1098-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2804-1099-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2956-1100-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/1720-1101-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2372-1102-0x000000013F240000-0x000000013F594000-memory.dmp