Malware Analysis Report

2024-10-10 08:39

Sample ID 240603-c5dx3ahf83
Target 9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe
SHA256 515378c71baa3f83e338c8907b82689af44733a8c4e626f8e5d98be6f2c1585d
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

515378c71baa3f83e338c8907b82689af44733a8c4e626f8e5d98be6f2c1585d

Threat Level: Known bad

The file 9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Xmrig family

KPOT Core Executable

xmrig

Kpot family

XMRig Miner payload

KPOT

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 02:39

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 02:39

Reported

2024-06-03 02:41

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kpynAjr.exe N/A
N/A N/A C:\Windows\System\nYVAZBv.exe N/A
N/A N/A C:\Windows\System\DFehKHO.exe N/A
N/A N/A C:\Windows\System\nTCGrSa.exe N/A
N/A N/A C:\Windows\System\hOoRMhU.exe N/A
N/A N/A C:\Windows\System\hUNepRp.exe N/A
N/A N/A C:\Windows\System\MyyqKwy.exe N/A
N/A N/A C:\Windows\System\oJfloIG.exe N/A
N/A N/A C:\Windows\System\SoAiGkL.exe N/A
N/A N/A C:\Windows\System\oBVppox.exe N/A
N/A N/A C:\Windows\System\YHEAAeG.exe N/A
N/A N/A C:\Windows\System\oJGfpOI.exe N/A
N/A N/A C:\Windows\System\ITlVXZL.exe N/A
N/A N/A C:\Windows\System\cWCWWEL.exe N/A
N/A N/A C:\Windows\System\mGMxsnq.exe N/A
N/A N/A C:\Windows\System\uREGLsu.exe N/A
N/A N/A C:\Windows\System\rHovdzR.exe N/A
N/A N/A C:\Windows\System\NyHAxWl.exe N/A
N/A N/A C:\Windows\System\GBUneyv.exe N/A
N/A N/A C:\Windows\System\vGZjvjv.exe N/A
N/A N/A C:\Windows\System\MARZepK.exe N/A
N/A N/A C:\Windows\System\LshvdQX.exe N/A
N/A N/A C:\Windows\System\oijVAEo.exe N/A
N/A N/A C:\Windows\System\CgaWtIz.exe N/A
N/A N/A C:\Windows\System\rJcBGDR.exe N/A
N/A N/A C:\Windows\System\FRSTyEC.exe N/A
N/A N/A C:\Windows\System\rJOzUqB.exe N/A
N/A N/A C:\Windows\System\vFiRUuB.exe N/A
N/A N/A C:\Windows\System\BsNCrpy.exe N/A
N/A N/A C:\Windows\System\DgzYVJm.exe N/A
N/A N/A C:\Windows\System\hNnrnwT.exe N/A
N/A N/A C:\Windows\System\Hjddnah.exe N/A
N/A N/A C:\Windows\System\lYhDVXZ.exe N/A
N/A N/A C:\Windows\System\xrNxWFQ.exe N/A
N/A N/A C:\Windows\System\noydLTg.exe N/A
N/A N/A C:\Windows\System\QXaWUQw.exe N/A
N/A N/A C:\Windows\System\sRWNAJJ.exe N/A
N/A N/A C:\Windows\System\FGECGmU.exe N/A
N/A N/A C:\Windows\System\yMeaKtS.exe N/A
N/A N/A C:\Windows\System\qUCaThQ.exe N/A
N/A N/A C:\Windows\System\YDzLDLx.exe N/A
N/A N/A C:\Windows\System\SCoEsXs.exe N/A
N/A N/A C:\Windows\System\ffSVhJS.exe N/A
N/A N/A C:\Windows\System\jkNxhJt.exe N/A
N/A N/A C:\Windows\System\NqbZSpb.exe N/A
N/A N/A C:\Windows\System\ubmcRSn.exe N/A
N/A N/A C:\Windows\System\PnhHitU.exe N/A
N/A N/A C:\Windows\System\PwgVmRz.exe N/A
N/A N/A C:\Windows\System\yNvqePE.exe N/A
N/A N/A C:\Windows\System\CdMQQDT.exe N/A
N/A N/A C:\Windows\System\ABByfpL.exe N/A
N/A N/A C:\Windows\System\mBHDZmm.exe N/A
N/A N/A C:\Windows\System\YWUuWZm.exe N/A
N/A N/A C:\Windows\System\ElZeeVP.exe N/A
N/A N/A C:\Windows\System\WsmbnhQ.exe N/A
N/A N/A C:\Windows\System\IzzVyHe.exe N/A
N/A N/A C:\Windows\System\UirrzIg.exe N/A
N/A N/A C:\Windows\System\bdjuYLD.exe N/A
N/A N/A C:\Windows\System\OguFYQv.exe N/A
N/A N/A C:\Windows\System\ppawAfM.exe N/A
N/A N/A C:\Windows\System\SHjYRzK.exe N/A
N/A N/A C:\Windows\System\BlWsCIq.exe N/A
N/A N/A C:\Windows\System\kQAwZWK.exe N/A
N/A N/A C:\Windows\System\pZnlSjQ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cjwXgSe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcEYojV.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLyGICz.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qinXWyP.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgWeNgi.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCZVQSn.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWoQgos.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcUodbr.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\jSYWjqs.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHovdzR.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFOSKjW.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\LslORUe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFVcHRk.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\utYEveu.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzifPYb.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEVAakB.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\BAKfrNq.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahAlask.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDDwChQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbdUiWo.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\noydLTg.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXaWUQw.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhARGsr.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQHQhpM.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKbTHsP.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUPQZYI.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\gaIjroe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVmdVXb.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDzLDLx.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\OguFYQv.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIgZiqa.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXXgZde.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltXhKYl.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\Whwxudv.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\quqrJcS.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjNYBsz.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqhOIcz.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgRZmbl.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeNhYMZ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQwkaZh.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrNkOUx.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFiRUuB.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfFhYrp.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\CUKONBQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcEeWeN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMGZDTg.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmTvnNP.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\OUuCCWG.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdsVxxn.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\MARZepK.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\biuzzPT.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\KoMLGwg.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfmrlDT.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTpVUtd.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffSVhJS.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIEEDYJ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\oJvTtzo.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUCaThQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdhjYIv.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\YXPTkbb.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfYlCHh.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUqpCtE.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzAPrdO.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUURMEN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\kpynAjr.exe
PID 2960 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\kpynAjr.exe
PID 2960 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\nYVAZBv.exe
PID 2960 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\nYVAZBv.exe
PID 2960 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\DFehKHO.exe
PID 2960 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\DFehKHO.exe
PID 2960 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\nTCGrSa.exe
PID 2960 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\nTCGrSa.exe
PID 2960 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hOoRMhU.exe
PID 2960 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hOoRMhU.exe
PID 2960 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hUNepRp.exe
PID 2960 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hUNepRp.exe
PID 2960 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\MyyqKwy.exe
PID 2960 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\MyyqKwy.exe
PID 2960 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oJfloIG.exe
PID 2960 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oJfloIG.exe
PID 2960 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\SoAiGkL.exe
PID 2960 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\SoAiGkL.exe
PID 2960 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oBVppox.exe
PID 2960 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oBVppox.exe
PID 2960 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\YHEAAeG.exe
PID 2960 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\YHEAAeG.exe
PID 2960 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oJGfpOI.exe
PID 2960 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oJGfpOI.exe
PID 2960 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\ITlVXZL.exe
PID 2960 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\ITlVXZL.exe
PID 2960 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\cWCWWEL.exe
PID 2960 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\cWCWWEL.exe
PID 2960 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\mGMxsnq.exe
PID 2960 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\mGMxsnq.exe
PID 2960 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\uREGLsu.exe
PID 2960 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\uREGLsu.exe
PID 2960 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rHovdzR.exe
PID 2960 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rHovdzR.exe
PID 2960 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\NyHAxWl.exe
PID 2960 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\NyHAxWl.exe
PID 2960 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\GBUneyv.exe
PID 2960 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\GBUneyv.exe
PID 2960 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\vGZjvjv.exe
PID 2960 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\vGZjvjv.exe
PID 2960 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\MARZepK.exe
PID 2960 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\MARZepK.exe
PID 2960 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\LshvdQX.exe
PID 2960 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\LshvdQX.exe
PID 2960 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oijVAEo.exe
PID 2960 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\oijVAEo.exe
PID 2960 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\CgaWtIz.exe
PID 2960 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\CgaWtIz.exe
PID 2960 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJcBGDR.exe
PID 2960 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJcBGDR.exe
PID 2960 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\FRSTyEC.exe
PID 2960 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\FRSTyEC.exe
PID 2960 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJOzUqB.exe
PID 2960 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJOzUqB.exe
PID 2960 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\vFiRUuB.exe
PID 2960 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\vFiRUuB.exe
PID 2960 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\BsNCrpy.exe
PID 2960 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\BsNCrpy.exe
PID 2960 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\DgzYVJm.exe
PID 2960 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\DgzYVJm.exe
PID 2960 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hNnrnwT.exe
PID 2960 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\hNnrnwT.exe
PID 2960 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\Hjddnah.exe
PID 2960 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\Hjddnah.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe"

C:\Windows\System\kpynAjr.exe

C:\Windows\System\kpynAjr.exe

C:\Windows\System\nYVAZBv.exe

C:\Windows\System\nYVAZBv.exe

C:\Windows\System\DFehKHO.exe

C:\Windows\System\DFehKHO.exe

C:\Windows\System\nTCGrSa.exe

C:\Windows\System\nTCGrSa.exe

C:\Windows\System\hOoRMhU.exe

C:\Windows\System\hOoRMhU.exe

C:\Windows\System\hUNepRp.exe

C:\Windows\System\hUNepRp.exe

C:\Windows\System\MyyqKwy.exe

C:\Windows\System\MyyqKwy.exe

C:\Windows\System\oJfloIG.exe

C:\Windows\System\oJfloIG.exe

C:\Windows\System\SoAiGkL.exe

C:\Windows\System\SoAiGkL.exe

C:\Windows\System\oBVppox.exe

C:\Windows\System\oBVppox.exe

C:\Windows\System\YHEAAeG.exe

C:\Windows\System\YHEAAeG.exe

C:\Windows\System\oJGfpOI.exe

C:\Windows\System\oJGfpOI.exe

C:\Windows\System\ITlVXZL.exe

C:\Windows\System\ITlVXZL.exe

C:\Windows\System\cWCWWEL.exe

C:\Windows\System\cWCWWEL.exe

C:\Windows\System\mGMxsnq.exe

C:\Windows\System\mGMxsnq.exe

C:\Windows\System\uREGLsu.exe

C:\Windows\System\uREGLsu.exe

C:\Windows\System\rHovdzR.exe

C:\Windows\System\rHovdzR.exe

C:\Windows\System\NyHAxWl.exe

C:\Windows\System\NyHAxWl.exe

C:\Windows\System\GBUneyv.exe

C:\Windows\System\GBUneyv.exe

C:\Windows\System\vGZjvjv.exe

C:\Windows\System\vGZjvjv.exe

C:\Windows\System\MARZepK.exe

C:\Windows\System\MARZepK.exe

C:\Windows\System\LshvdQX.exe

C:\Windows\System\LshvdQX.exe

C:\Windows\System\oijVAEo.exe

C:\Windows\System\oijVAEo.exe

C:\Windows\System\CgaWtIz.exe

C:\Windows\System\CgaWtIz.exe

C:\Windows\System\rJcBGDR.exe

C:\Windows\System\rJcBGDR.exe

C:\Windows\System\FRSTyEC.exe

C:\Windows\System\FRSTyEC.exe

C:\Windows\System\rJOzUqB.exe

C:\Windows\System\rJOzUqB.exe

C:\Windows\System\vFiRUuB.exe

C:\Windows\System\vFiRUuB.exe

C:\Windows\System\BsNCrpy.exe

C:\Windows\System\BsNCrpy.exe

C:\Windows\System\DgzYVJm.exe

C:\Windows\System\DgzYVJm.exe

C:\Windows\System\hNnrnwT.exe

C:\Windows\System\hNnrnwT.exe

C:\Windows\System\Hjddnah.exe

C:\Windows\System\Hjddnah.exe

C:\Windows\System\lYhDVXZ.exe

C:\Windows\System\lYhDVXZ.exe

C:\Windows\System\xrNxWFQ.exe

C:\Windows\System\xrNxWFQ.exe

C:\Windows\System\noydLTg.exe

C:\Windows\System\noydLTg.exe

C:\Windows\System\QXaWUQw.exe

C:\Windows\System\QXaWUQw.exe

C:\Windows\System\sRWNAJJ.exe

C:\Windows\System\sRWNAJJ.exe

C:\Windows\System\FGECGmU.exe

C:\Windows\System\FGECGmU.exe

C:\Windows\System\yMeaKtS.exe

C:\Windows\System\yMeaKtS.exe

C:\Windows\System\qUCaThQ.exe

C:\Windows\System\qUCaThQ.exe

C:\Windows\System\YDzLDLx.exe

C:\Windows\System\YDzLDLx.exe

C:\Windows\System\SCoEsXs.exe

C:\Windows\System\SCoEsXs.exe

C:\Windows\System\ffSVhJS.exe

C:\Windows\System\ffSVhJS.exe

C:\Windows\System\jkNxhJt.exe

C:\Windows\System\jkNxhJt.exe

C:\Windows\System\NqbZSpb.exe

C:\Windows\System\NqbZSpb.exe

C:\Windows\System\ubmcRSn.exe

C:\Windows\System\ubmcRSn.exe

C:\Windows\System\PnhHitU.exe

C:\Windows\System\PnhHitU.exe

C:\Windows\System\PwgVmRz.exe

C:\Windows\System\PwgVmRz.exe

C:\Windows\System\yNvqePE.exe

C:\Windows\System\yNvqePE.exe

C:\Windows\System\CdMQQDT.exe

C:\Windows\System\CdMQQDT.exe

C:\Windows\System\ABByfpL.exe

C:\Windows\System\ABByfpL.exe

C:\Windows\System\mBHDZmm.exe

C:\Windows\System\mBHDZmm.exe

C:\Windows\System\YWUuWZm.exe

C:\Windows\System\YWUuWZm.exe

C:\Windows\System\ElZeeVP.exe

C:\Windows\System\ElZeeVP.exe

C:\Windows\System\WsmbnhQ.exe

C:\Windows\System\WsmbnhQ.exe

C:\Windows\System\IzzVyHe.exe

C:\Windows\System\IzzVyHe.exe

C:\Windows\System\UirrzIg.exe

C:\Windows\System\UirrzIg.exe

C:\Windows\System\bdjuYLD.exe

C:\Windows\System\bdjuYLD.exe

C:\Windows\System\OguFYQv.exe

C:\Windows\System\OguFYQv.exe

C:\Windows\System\ppawAfM.exe

C:\Windows\System\ppawAfM.exe

C:\Windows\System\SHjYRzK.exe

C:\Windows\System\SHjYRzK.exe

C:\Windows\System\BlWsCIq.exe

C:\Windows\System\BlWsCIq.exe

C:\Windows\System\kQAwZWK.exe

C:\Windows\System\kQAwZWK.exe

C:\Windows\System\pZnlSjQ.exe

C:\Windows\System\pZnlSjQ.exe

C:\Windows\System\GmWxXzN.exe

C:\Windows\System\GmWxXzN.exe

C:\Windows\System\XTAMpAZ.exe

C:\Windows\System\XTAMpAZ.exe

C:\Windows\System\hXspSqZ.exe

C:\Windows\System\hXspSqZ.exe

C:\Windows\System\tcssHCE.exe

C:\Windows\System\tcssHCE.exe

C:\Windows\System\yfFhYrp.exe

C:\Windows\System\yfFhYrp.exe

C:\Windows\System\ZKBxYXi.exe

C:\Windows\System\ZKBxYXi.exe

C:\Windows\System\bEviGOI.exe

C:\Windows\System\bEviGOI.exe

C:\Windows\System\XPnJycP.exe

C:\Windows\System\XPnJycP.exe

C:\Windows\System\oGQPSnK.exe

C:\Windows\System\oGQPSnK.exe

C:\Windows\System\uyPgxWk.exe

C:\Windows\System\uyPgxWk.exe

C:\Windows\System\KrbbKhk.exe

C:\Windows\System\KrbbKhk.exe

C:\Windows\System\zjNYBsz.exe

C:\Windows\System\zjNYBsz.exe

C:\Windows\System\otPOndR.exe

C:\Windows\System\otPOndR.exe

C:\Windows\System\uERkyXn.exe

C:\Windows\System\uERkyXn.exe

C:\Windows\System\LbbmPle.exe

C:\Windows\System\LbbmPle.exe

C:\Windows\System\qTAKkWP.exe

C:\Windows\System\qTAKkWP.exe

C:\Windows\System\MfqEutC.exe

C:\Windows\System\MfqEutC.exe

C:\Windows\System\DqhOIcz.exe

C:\Windows\System\DqhOIcz.exe

C:\Windows\System\VrXvTIc.exe

C:\Windows\System\VrXvTIc.exe

C:\Windows\System\dssOHLK.exe

C:\Windows\System\dssOHLK.exe

C:\Windows\System\WKPZIty.exe

C:\Windows\System\WKPZIty.exe

C:\Windows\System\jJEWuTz.exe

C:\Windows\System\jJEWuTz.exe

C:\Windows\System\CpIRrsb.exe

C:\Windows\System\CpIRrsb.exe

C:\Windows\System\rLmkhlP.exe

C:\Windows\System\rLmkhlP.exe

C:\Windows\System\ADgapoI.exe

C:\Windows\System\ADgapoI.exe

C:\Windows\System\KgRZmbl.exe

C:\Windows\System\KgRZmbl.exe

C:\Windows\System\YMOhSOE.exe

C:\Windows\System\YMOhSOE.exe

C:\Windows\System\lLBOTqh.exe

C:\Windows\System\lLBOTqh.exe

C:\Windows\System\PUqpCtE.exe

C:\Windows\System\PUqpCtE.exe

C:\Windows\System\DLyGICz.exe

C:\Windows\System\DLyGICz.exe

C:\Windows\System\cJEfMMv.exe

C:\Windows\System\cJEfMMv.exe

C:\Windows\System\gazmWqh.exe

C:\Windows\System\gazmWqh.exe

C:\Windows\System\hhARGsr.exe

C:\Windows\System\hhARGsr.exe

C:\Windows\System\nfpXmVs.exe

C:\Windows\System\nfpXmVs.exe

C:\Windows\System\QzAPrdO.exe

C:\Windows\System\QzAPrdO.exe

C:\Windows\System\TUsgCdD.exe

C:\Windows\System\TUsgCdD.exe

C:\Windows\System\lxpMZXX.exe

C:\Windows\System\lxpMZXX.exe

C:\Windows\System\BIQCMVG.exe

C:\Windows\System\BIQCMVG.exe

C:\Windows\System\lYMISyz.exe

C:\Windows\System\lYMISyz.exe

C:\Windows\System\YXPTkbb.exe

C:\Windows\System\YXPTkbb.exe

C:\Windows\System\CbtKgJK.exe

C:\Windows\System\CbtKgJK.exe

C:\Windows\System\tKivqyP.exe

C:\Windows\System\tKivqyP.exe

C:\Windows\System\VWoQgos.exe

C:\Windows\System\VWoQgos.exe

C:\Windows\System\GEnMQKf.exe

C:\Windows\System\GEnMQKf.exe

C:\Windows\System\jFNQyXP.exe

C:\Windows\System\jFNQyXP.exe

C:\Windows\System\TXXgZde.exe

C:\Windows\System\TXXgZde.exe

C:\Windows\System\eUURMEN.exe

C:\Windows\System\eUURMEN.exe

C:\Windows\System\ctXNwjs.exe

C:\Windows\System\ctXNwjs.exe

C:\Windows\System\khmDhmO.exe

C:\Windows\System\khmDhmO.exe

C:\Windows\System\biuzzPT.exe

C:\Windows\System\biuzzPT.exe

C:\Windows\System\MXpEnYz.exe

C:\Windows\System\MXpEnYz.exe

C:\Windows\System\SPNuPCG.exe

C:\Windows\System\SPNuPCG.exe

C:\Windows\System\XXayMuG.exe

C:\Windows\System\XXayMuG.exe

C:\Windows\System\OSwtWtQ.exe

C:\Windows\System\OSwtWtQ.exe

C:\Windows\System\fosdeFR.exe

C:\Windows\System\fosdeFR.exe

C:\Windows\System\wQHQhpM.exe

C:\Windows\System\wQHQhpM.exe

C:\Windows\System\AuVmsMV.exe

C:\Windows\System\AuVmsMV.exe

C:\Windows\System\VQFHuaC.exe

C:\Windows\System\VQFHuaC.exe

C:\Windows\System\PBhbXgR.exe

C:\Windows\System\PBhbXgR.exe

C:\Windows\System\DVXwTLn.exe

C:\Windows\System\DVXwTLn.exe

C:\Windows\System\SHVcTJL.exe

C:\Windows\System\SHVcTJL.exe

C:\Windows\System\ltXhKYl.exe

C:\Windows\System\ltXhKYl.exe

C:\Windows\System\AVaxNLy.exe

C:\Windows\System\AVaxNLy.exe

C:\Windows\System\DmIaygA.exe

C:\Windows\System\DmIaygA.exe

C:\Windows\System\XPtvWio.exe

C:\Windows\System\XPtvWio.exe

C:\Windows\System\cjwXgSe.exe

C:\Windows\System\cjwXgSe.exe

C:\Windows\System\kTPdhuh.exe

C:\Windows\System\kTPdhuh.exe

C:\Windows\System\eilXPgf.exe

C:\Windows\System\eilXPgf.exe

C:\Windows\System\giHIaNi.exe

C:\Windows\System\giHIaNi.exe

C:\Windows\System\GgFqcTY.exe

C:\Windows\System\GgFqcTY.exe

C:\Windows\System\qinXWyP.exe

C:\Windows\System\qinXWyP.exe

C:\Windows\System\rXMAtUP.exe

C:\Windows\System\rXMAtUP.exe

C:\Windows\System\RIEEDYJ.exe

C:\Windows\System\RIEEDYJ.exe

C:\Windows\System\tNQfJxe.exe

C:\Windows\System\tNQfJxe.exe

C:\Windows\System\gNIlHwd.exe

C:\Windows\System\gNIlHwd.exe

C:\Windows\System\ZeNhYMZ.exe

C:\Windows\System\ZeNhYMZ.exe

C:\Windows\System\IdFGqlI.exe

C:\Windows\System\IdFGqlI.exe

C:\Windows\System\iKwffgR.exe

C:\Windows\System\iKwffgR.exe

C:\Windows\System\zFVcHRk.exe

C:\Windows\System\zFVcHRk.exe

C:\Windows\System\bbNCTjM.exe

C:\Windows\System\bbNCTjM.exe

C:\Windows\System\GnhGPtF.exe

C:\Windows\System\GnhGPtF.exe

C:\Windows\System\CAcctnk.exe

C:\Windows\System\CAcctnk.exe

C:\Windows\System\kyHnviO.exe

C:\Windows\System\kyHnviO.exe

C:\Windows\System\lzifPYb.exe

C:\Windows\System\lzifPYb.exe

C:\Windows\System\utYEveu.exe

C:\Windows\System\utYEveu.exe

C:\Windows\System\jenRURx.exe

C:\Windows\System\jenRURx.exe

C:\Windows\System\TfHmuWm.exe

C:\Windows\System\TfHmuWm.exe

C:\Windows\System\hxKRvJc.exe

C:\Windows\System\hxKRvJc.exe

C:\Windows\System\HKnkCYM.exe

C:\Windows\System\HKnkCYM.exe

C:\Windows\System\wCaZhrx.exe

C:\Windows\System\wCaZhrx.exe

C:\Windows\System\pAjWWyK.exe

C:\Windows\System\pAjWWyK.exe

C:\Windows\System\Whwxudv.exe

C:\Windows\System\Whwxudv.exe

C:\Windows\System\lBgTkdS.exe

C:\Windows\System\lBgTkdS.exe

C:\Windows\System\uRlFIaZ.exe

C:\Windows\System\uRlFIaZ.exe

C:\Windows\System\xOxVfms.exe

C:\Windows\System\xOxVfms.exe

C:\Windows\System\DyOmvDM.exe

C:\Windows\System\DyOmvDM.exe

C:\Windows\System\bKbTHsP.exe

C:\Windows\System\bKbTHsP.exe

C:\Windows\System\rQFoEKw.exe

C:\Windows\System\rQFoEKw.exe

C:\Windows\System\ZcUodbr.exe

C:\Windows\System\ZcUodbr.exe

C:\Windows\System\dVVUdMP.exe

C:\Windows\System\dVVUdMP.exe

C:\Windows\System\PTeXQBs.exe

C:\Windows\System\PTeXQBs.exe

C:\Windows\System\omfPKVB.exe

C:\Windows\System\omfPKVB.exe

C:\Windows\System\WwqTKVN.exe

C:\Windows\System\WwqTKVN.exe

C:\Windows\System\qQRAPaZ.exe

C:\Windows\System\qQRAPaZ.exe

C:\Windows\System\CUKONBQ.exe

C:\Windows\System\CUKONBQ.exe

C:\Windows\System\UEVAakB.exe

C:\Windows\System\UEVAakB.exe

C:\Windows\System\XfYlCHh.exe

C:\Windows\System\XfYlCHh.exe

C:\Windows\System\HsIAgpY.exe

C:\Windows\System\HsIAgpY.exe

C:\Windows\System\GSNJMlT.exe

C:\Windows\System\GSNJMlT.exe

C:\Windows\System\rkcdWlX.exe

C:\Windows\System\rkcdWlX.exe

C:\Windows\System\npmgyJH.exe

C:\Windows\System\npmgyJH.exe

C:\Windows\System\ZUPQZYI.exe

C:\Windows\System\ZUPQZYI.exe

C:\Windows\System\cNABZCB.exe

C:\Windows\System\cNABZCB.exe

C:\Windows\System\QleuYQv.exe

C:\Windows\System\QleuYQv.exe

C:\Windows\System\GsyZuMu.exe

C:\Windows\System\GsyZuMu.exe

C:\Windows\System\fWDTutQ.exe

C:\Windows\System\fWDTutQ.exe

C:\Windows\System\iNpdNjS.exe

C:\Windows\System\iNpdNjS.exe

C:\Windows\System\jbaeuPu.exe

C:\Windows\System\jbaeuPu.exe

C:\Windows\System\TcqZdOf.exe

C:\Windows\System\TcqZdOf.exe

C:\Windows\System\gaIjroe.exe

C:\Windows\System\gaIjroe.exe

C:\Windows\System\iuGfQjF.exe

C:\Windows\System\iuGfQjF.exe

C:\Windows\System\bQwkaZh.exe

C:\Windows\System\bQwkaZh.exe

C:\Windows\System\BdhjYIv.exe

C:\Windows\System\BdhjYIv.exe

C:\Windows\System\OBwdGkH.exe

C:\Windows\System\OBwdGkH.exe

C:\Windows\System\bZMckPj.exe

C:\Windows\System\bZMckPj.exe

C:\Windows\System\fZDfenO.exe

C:\Windows\System\fZDfenO.exe

C:\Windows\System\PxinSNx.exe

C:\Windows\System\PxinSNx.exe

C:\Windows\System\OaWSIEv.exe

C:\Windows\System\OaWSIEv.exe

C:\Windows\System\rcEeWeN.exe

C:\Windows\System\rcEeWeN.exe

C:\Windows\System\amdSCds.exe

C:\Windows\System\amdSCds.exe

C:\Windows\System\XpHMbGk.exe

C:\Windows\System\XpHMbGk.exe

C:\Windows\System\hbXLwEV.exe

C:\Windows\System\hbXLwEV.exe

C:\Windows\System\fnOeDXv.exe

C:\Windows\System\fnOeDXv.exe

C:\Windows\System\rqwvVkB.exe

C:\Windows\System\rqwvVkB.exe

C:\Windows\System\qMGZDTg.exe

C:\Windows\System\qMGZDTg.exe

C:\Windows\System\wZvjIpP.exe

C:\Windows\System\wZvjIpP.exe

C:\Windows\System\kuHTNXz.exe

C:\Windows\System\kuHTNXz.exe

C:\Windows\System\xaaomXc.exe

C:\Windows\System\xaaomXc.exe

C:\Windows\System\HFOSKjW.exe

C:\Windows\System\HFOSKjW.exe

C:\Windows\System\BsjRhKA.exe

C:\Windows\System\BsjRhKA.exe

C:\Windows\System\tzmhEhy.exe

C:\Windows\System\tzmhEhy.exe

C:\Windows\System\xUjHgbA.exe

C:\Windows\System\xUjHgbA.exe

C:\Windows\System\lGnHYkL.exe

C:\Windows\System\lGnHYkL.exe

C:\Windows\System\BaYQdZA.exe

C:\Windows\System\BaYQdZA.exe

C:\Windows\System\MHzstLW.exe

C:\Windows\System\MHzstLW.exe

C:\Windows\System\SMpYGOG.exe

C:\Windows\System\SMpYGOG.exe

C:\Windows\System\LslORUe.exe

C:\Windows\System\LslORUe.exe

C:\Windows\System\ItogNca.exe

C:\Windows\System\ItogNca.exe

C:\Windows\System\JCKvuLq.exe

C:\Windows\System\JCKvuLq.exe

C:\Windows\System\VrhqrwA.exe

C:\Windows\System\VrhqrwA.exe

C:\Windows\System\iRroOzw.exe

C:\Windows\System\iRroOzw.exe

C:\Windows\System\wBldAOg.exe

C:\Windows\System\wBldAOg.exe

C:\Windows\System\BAKfrNq.exe

C:\Windows\System\BAKfrNq.exe

C:\Windows\System\jSYWjqs.exe

C:\Windows\System\jSYWjqs.exe

C:\Windows\System\LrqmdrI.exe

C:\Windows\System\LrqmdrI.exe

C:\Windows\System\NcLgFCz.exe

C:\Windows\System\NcLgFCz.exe

C:\Windows\System\QlIMcSc.exe

C:\Windows\System\QlIMcSc.exe

C:\Windows\System\MjLdkUl.exe

C:\Windows\System\MjLdkUl.exe

C:\Windows\System\tOWjiOT.exe

C:\Windows\System\tOWjiOT.exe

C:\Windows\System\ahAlask.exe

C:\Windows\System\ahAlask.exe

C:\Windows\System\MruQOVV.exe

C:\Windows\System\MruQOVV.exe

C:\Windows\System\fYAJRrv.exe

C:\Windows\System\fYAJRrv.exe

C:\Windows\System\TjlRqoP.exe

C:\Windows\System\TjlRqoP.exe

C:\Windows\System\KjSJdlp.exe

C:\Windows\System\KjSJdlp.exe

C:\Windows\System\KnQoWjM.exe

C:\Windows\System\KnQoWjM.exe

C:\Windows\System\SgWeNgi.exe

C:\Windows\System\SgWeNgi.exe

C:\Windows\System\ORzsYCN.exe

C:\Windows\System\ORzsYCN.exe

C:\Windows\System\dwVAMgz.exe

C:\Windows\System\dwVAMgz.exe

C:\Windows\System\oAbUDrd.exe

C:\Windows\System\oAbUDrd.exe

C:\Windows\System\oVmdVXb.exe

C:\Windows\System\oVmdVXb.exe

C:\Windows\System\DCJCOyG.exe

C:\Windows\System\DCJCOyG.exe

C:\Windows\System\jMIGFSV.exe

C:\Windows\System\jMIGFSV.exe

C:\Windows\System\xRGelIb.exe

C:\Windows\System\xRGelIb.exe

C:\Windows\System\JcEYojV.exe

C:\Windows\System\JcEYojV.exe

C:\Windows\System\WXLbJZM.exe

C:\Windows\System\WXLbJZM.exe

C:\Windows\System\fBhSMSQ.exe

C:\Windows\System\fBhSMSQ.exe

C:\Windows\System\zNFcJez.exe

C:\Windows\System\zNFcJez.exe

C:\Windows\System\XmYsrBq.exe

C:\Windows\System\XmYsrBq.exe

C:\Windows\System\AuJdbEo.exe

C:\Windows\System\AuJdbEo.exe

C:\Windows\System\UERZuan.exe

C:\Windows\System\UERZuan.exe

C:\Windows\System\quqrJcS.exe

C:\Windows\System\quqrJcS.exe

C:\Windows\System\SwMPXzj.exe

C:\Windows\System\SwMPXzj.exe

C:\Windows\System\SFHiqhg.exe

C:\Windows\System\SFHiqhg.exe

C:\Windows\System\FfMBXes.exe

C:\Windows\System\FfMBXes.exe

C:\Windows\System\YDLZpLh.exe

C:\Windows\System\YDLZpLh.exe

C:\Windows\System\uPGzIRs.exe

C:\Windows\System\uPGzIRs.exe

C:\Windows\System\nWumotF.exe

C:\Windows\System\nWumotF.exe

C:\Windows\System\tBhKyYi.exe

C:\Windows\System\tBhKyYi.exe

C:\Windows\System\UmsKLZi.exe

C:\Windows\System\UmsKLZi.exe

C:\Windows\System\YWLyrQh.exe

C:\Windows\System\YWLyrQh.exe

C:\Windows\System\caXGXaA.exe

C:\Windows\System\caXGXaA.exe

C:\Windows\System\hHPMxhG.exe

C:\Windows\System\hHPMxhG.exe

C:\Windows\System\CRjLTRw.exe

C:\Windows\System\CRjLTRw.exe

C:\Windows\System\wrNkOUx.exe

C:\Windows\System\wrNkOUx.exe

C:\Windows\System\sxNqHuO.exe

C:\Windows\System\sxNqHuO.exe

C:\Windows\System\fRvpOCP.exe

C:\Windows\System\fRvpOCP.exe

C:\Windows\System\GmTvnNP.exe

C:\Windows\System\GmTvnNP.exe

C:\Windows\System\uBzCOAu.exe

C:\Windows\System\uBzCOAu.exe

C:\Windows\System\GThMArD.exe

C:\Windows\System\GThMArD.exe

C:\Windows\System\xdwkJFL.exe

C:\Windows\System\xdwkJFL.exe

C:\Windows\System\iVuroEW.exe

C:\Windows\System\iVuroEW.exe

C:\Windows\System\RBmoOud.exe

C:\Windows\System\RBmoOud.exe

C:\Windows\System\yjOmwnD.exe

C:\Windows\System\yjOmwnD.exe

C:\Windows\System\kyONOeJ.exe

C:\Windows\System\kyONOeJ.exe

C:\Windows\System\iTsXkJj.exe

C:\Windows\System\iTsXkJj.exe

C:\Windows\System\nrdYWhW.exe

C:\Windows\System\nrdYWhW.exe

C:\Windows\System\SsEEywo.exe

C:\Windows\System\SsEEywo.exe

C:\Windows\System\jGxuRTU.exe

C:\Windows\System\jGxuRTU.exe

C:\Windows\System\ETkkQfw.exe

C:\Windows\System\ETkkQfw.exe

C:\Windows\System\yaoXJFy.exe

C:\Windows\System\yaoXJFy.exe

C:\Windows\System\cPYkOer.exe

C:\Windows\System\cPYkOer.exe

C:\Windows\System\OUuCCWG.exe

C:\Windows\System\OUuCCWG.exe

C:\Windows\System\hGlpPcB.exe

C:\Windows\System\hGlpPcB.exe

C:\Windows\System\epPgKZd.exe

C:\Windows\System\epPgKZd.exe

C:\Windows\System\gYqTLVb.exe

C:\Windows\System\gYqTLVb.exe

C:\Windows\System\LCZVQSn.exe

C:\Windows\System\LCZVQSn.exe

C:\Windows\System\OXlMYFq.exe

C:\Windows\System\OXlMYFq.exe

C:\Windows\System\aIgZiqa.exe

C:\Windows\System\aIgZiqa.exe

C:\Windows\System\yzepqDy.exe

C:\Windows\System\yzepqDy.exe

C:\Windows\System\uiFoNQk.exe

C:\Windows\System\uiFoNQk.exe

C:\Windows\System\AWRfOSC.exe

C:\Windows\System\AWRfOSC.exe

C:\Windows\System\wGRrmoH.exe

C:\Windows\System\wGRrmoH.exe

C:\Windows\System\YrWbhIs.exe

C:\Windows\System\YrWbhIs.exe

C:\Windows\System\pmnTFxH.exe

C:\Windows\System\pmnTFxH.exe

C:\Windows\System\YlJBFpx.exe

C:\Windows\System\YlJBFpx.exe

C:\Windows\System\TiIUZIx.exe

C:\Windows\System\TiIUZIx.exe

C:\Windows\System\dEcYhzw.exe

C:\Windows\System\dEcYhzw.exe

C:\Windows\System\VFfPNQE.exe

C:\Windows\System\VFfPNQE.exe

C:\Windows\System\OFAxXlo.exe

C:\Windows\System\OFAxXlo.exe

C:\Windows\System\CTpVUtd.exe

C:\Windows\System\CTpVUtd.exe

C:\Windows\System\RdsVxxn.exe

C:\Windows\System\RdsVxxn.exe

C:\Windows\System\oJvTtzo.exe

C:\Windows\System\oJvTtzo.exe

C:\Windows\System\mtEWWHT.exe

C:\Windows\System\mtEWWHT.exe

C:\Windows\System\ArhhrxA.exe

C:\Windows\System\ArhhrxA.exe

C:\Windows\System\KHoCtNG.exe

C:\Windows\System\KHoCtNG.exe

C:\Windows\System\xlppvCB.exe

C:\Windows\System\xlppvCB.exe

C:\Windows\System\ZSpVQWS.exe

C:\Windows\System\ZSpVQWS.exe

C:\Windows\System\aBAsKkx.exe

C:\Windows\System\aBAsKkx.exe

C:\Windows\System\lhUgFWC.exe

C:\Windows\System\lhUgFWC.exe

C:\Windows\System\KoMLGwg.exe

C:\Windows\System\KoMLGwg.exe

C:\Windows\System\EurtOrd.exe

C:\Windows\System\EurtOrd.exe

C:\Windows\System\lJQpJKA.exe

C:\Windows\System\lJQpJKA.exe

C:\Windows\System\OfVdoIu.exe

C:\Windows\System\OfVdoIu.exe

C:\Windows\System\PDDwChQ.exe

C:\Windows\System\PDDwChQ.exe

C:\Windows\System\jUEJoRh.exe

C:\Windows\System\jUEJoRh.exe

C:\Windows\System\wJaqpyp.exe

C:\Windows\System\wJaqpyp.exe

C:\Windows\System\XdEMXLq.exe

C:\Windows\System\XdEMXLq.exe

C:\Windows\System\uegxShm.exe

C:\Windows\System\uegxShm.exe

C:\Windows\System\YAAAbWY.exe

C:\Windows\System\YAAAbWY.exe

C:\Windows\System\iEhKlRy.exe

C:\Windows\System\iEhKlRy.exe

C:\Windows\System\aKOdrVG.exe

C:\Windows\System\aKOdrVG.exe

C:\Windows\System\qCJNvSV.exe

C:\Windows\System\qCJNvSV.exe

C:\Windows\System\uxXktEu.exe

C:\Windows\System\uxXktEu.exe

C:\Windows\System\AebGAzO.exe

C:\Windows\System\AebGAzO.exe

C:\Windows\System\sHvyJVq.exe

C:\Windows\System\sHvyJVq.exe

C:\Windows\System\NfIylGl.exe

C:\Windows\System\NfIylGl.exe

C:\Windows\System\HeBdQZM.exe

C:\Windows\System\HeBdQZM.exe

C:\Windows\System\zJSFNvZ.exe

C:\Windows\System\zJSFNvZ.exe

C:\Windows\System\QbdUiWo.exe

C:\Windows\System\QbdUiWo.exe

C:\Windows\System\cWsHcLM.exe

C:\Windows\System\cWsHcLM.exe

C:\Windows\System\qfmrlDT.exe

C:\Windows\System\qfmrlDT.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/2960-0-0x00007FF75E670000-0x00007FF75E9C4000-memory.dmp

memory/2960-1-0x0000020A05B00000-0x0000020A05B10000-memory.dmp

C:\Windows\System\kpynAjr.exe

MD5 921a0cf5463debf801de56ee9fb757b3
SHA1 b5dbad927383f0fb6d315cccb8b25b17905b1834
SHA256 b3472edb031ea9a4a80825ef7f60c15700deb23f8fb969f9a09aa3bddc59214c
SHA512 a2a20529eebb8565e9488ba91422b628b7ecb188b8f8e5b051e2f28be876db63516c4db5d2d34adc9270ba02254374a924bcf1929fead77de5ec8e297dc7d928

C:\Windows\System\nYVAZBv.exe

MD5 2d720afe5adb5a93cc688d68eeecda75
SHA1 43103ddb7e27b3b8e72e92441eac982ae49c0291
SHA256 bb41c0332acc905f10f39101e13de8a08372c9a83bf0d102ba6572a98de37936
SHA512 d5e8e5dc8579b4eedbd40ffc96d9c2940cf5d79402414a60fafaf8ef1e4b578bf7e0bf218b2021c25eb7c4c21ce1abb890ca721cc4b4714ecf9b9a568ef5739e

C:\Windows\System\DFehKHO.exe

MD5 4862301a366316ea6fcbbca5a16320ab
SHA1 db5dd96c5025b48004719e04947c88cde40762d7
SHA256 ff3753a4b7885944366479152e30e63d3be954823352a49980086c94a2a0ebbc
SHA512 449f39c0e6062a173baa57adbf2fee1b9ddb6c53393d7d0cf0e279c58ded6d7754bea2eb62410c37ef0afcf0c248ca09b3ff71453435f5854019277fd186fa16

memory/2728-14-0x00007FF755FC0000-0x00007FF756314000-memory.dmp

memory/4984-18-0x00007FF6D72E0000-0x00007FF6D7634000-memory.dmp

memory/1460-8-0x00007FF79E170000-0x00007FF79E4C4000-memory.dmp

C:\Windows\System\nTCGrSa.exe

MD5 732ca2ae66f3f903e4eb415326bd29cc
SHA1 f4fd8a339d1f22be2f31f3f0745fe3cfbd0596fd
SHA256 aed11a071d4c22fa6b383bc92fbe1c009a02a803614f4312e58dc0e23e43c68a
SHA512 a74b95eb0c79264a5524ff01ff3b573713f58c56fba961f39ed18c64f1199db97df4efc1cc9b80c540ee51a6f7ffdee8430cee6563a2177f965599b5bf615c7b

C:\Windows\System\hOoRMhU.exe

MD5 eb7b0df2ec06b5ecf7ef18bc4f243152
SHA1 64150e2adc7b5baf7ebcf076ae2659ad457006e3
SHA256 d49b1eecc687a43ab4211f3dcf25e1c4fa141978a4e0330c364b6175bf7587c1
SHA512 b0cf10a6a42230b4cfaf29af05a185c69c8422d6eee9dd0bcb104851d8e3316fa49396a37c001eb287af50188e78691462b098ace9c809a96d7d020df44541cd

memory/1284-29-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp

memory/5092-27-0x00007FF7A6540000-0x00007FF7A6894000-memory.dmp

C:\Windows\System\hUNepRp.exe

MD5 8faff722d0fb0232f8c832e8430c8af5
SHA1 6759a265f2c853c41209fcdb8d16a4029fc60e26
SHA256 8b95affe7744f6039b2b4e37e9d53610992d80c55ff401794a3042a14e3e104b
SHA512 cbfa9b07df7f13b75fe18f84331e77dd7a09af5cb33866f826183daba552e1ff338826524b2dc927e90a9b4d3cb49e7edef66b87df903bca11f93f5706108604

memory/4336-38-0x00007FF726900000-0x00007FF726C54000-memory.dmp

C:\Windows\System\MyyqKwy.exe

MD5 8fd337d0501b741f6962ed20bdbd240e
SHA1 a2194a0748342779d08665b39568ab569a973152
SHA256 73b429c3ce770282fd5e7dce114df8029ad4683690084a44056f18d6ea6e089c
SHA512 3141b87643ccbb5a7c16aada4e49ac8def33c37873ddf17bde5118dfd948102f9766bc08f06e8f016dff8faac8770ded195279d8cbf82a0bf4f648397190d340

C:\Windows\System\oJfloIG.exe

MD5 da10e915e2952bedd17877b2ce13d7e1
SHA1 08ae17375ede999e456118fd1766d5ebb87ded1f
SHA256 62d0421df646882d044837aedf35c4346099212d47670bcabeb3b1e9d99df2fa
SHA512 0ad3f9a29d5ecf95fb63796711a4235279f808380b77ec045ff53fc5f824c0ce2f5066898ee0f2f65e3c54da70c5d4cd4f139d75b363628e8ecc92485fd632fd

C:\Windows\System\SoAiGkL.exe

MD5 db6d38fb0ea87cf5a4fd9ea74d07790a
SHA1 4f9403097dc7d18f62682315114ef47afd2853f5
SHA256 8c4d24f336bff70700e3ec0ea39c1f9c793ac4fe57dc52b018b5b473876713ba
SHA512 3e192b556f609e3a2af5b7c562c706a1ff6b8e631767bf4fd09eaa7593fe6236bbb055e1ac25ce5f2093504d02c84c910b8cd10674245aec19a77cdbff641560

memory/1696-51-0x00007FF72F3A0000-0x00007FF72F6F4000-memory.dmp

memory/3000-47-0x00007FF662D30000-0x00007FF663084000-memory.dmp

memory/2548-53-0x00007FF7EDFB0000-0x00007FF7EE304000-memory.dmp

C:\Windows\System\oBVppox.exe

MD5 6e11e8d7912431f50ac49305a240eaac
SHA1 ba9671d9a8c461e7bd2eff9ebee8ec8a24341dd8
SHA256 17fb0cb1c66b33a66892b4770ca8c2fbba146af156d51fb976a848c7b8c46dbd
SHA512 82308b4dd46d2c7e38730c67e0c061fb166a626d3b9e0403b8d155c5b788c0dc322e5f3dc24b0b676010f3693a294fd20980cee465eb4042b1507b75d7d997b1

memory/2960-60-0x00007FF75E670000-0x00007FF75E9C4000-memory.dmp

memory/1272-63-0x00007FF623410000-0x00007FF623764000-memory.dmp

C:\Windows\System\oJGfpOI.exe

MD5 5620bc02b67a8b638e83f473d013ff40
SHA1 b8aadcccef32235b631833e3029afd9a5c7d7039
SHA256 f71d76d5fc71faedde7aa3d7ca236853d98920e59a676f24bdd674f5ee9a563e
SHA512 31a30506a574d0792b58c79cbe37810754a4a2ce900248d31a6e41361d5b83ebd0369e69029fae70141fcab1ca22676bc577adf308bb34758ab675cd5f2bd03d

memory/2728-74-0x00007FF755FC0000-0x00007FF756314000-memory.dmp

C:\Windows\System\ITlVXZL.exe

MD5 9f7b41c9891a1bd19d1d5fbb89cca401
SHA1 45e87bf4ed7a80bc3481472ac8dfbef5ba91ddd6
SHA256 2861092d1e0bf6b2f588a16e352cfdc63c36e396c9d77e30e5ccf11db8fd24bd
SHA512 39b890d7118efb091b525c56988a11064fbeeebe87eac25aeb95218d230e11ff869a192e56ac40d5a5fb9bb4a22a7241ebee6b4050989e77ba7ec0d22e2224b6

memory/4984-83-0x00007FF6D72E0000-0x00007FF6D7634000-memory.dmp

memory/820-85-0x00007FF65BDC0000-0x00007FF65C114000-memory.dmp

C:\Windows\System\uREGLsu.exe

MD5 6af3944c0ee9361c3a9646276f4aac92
SHA1 b66dac9284c18c7d468d2ff5a09a24d7e825264e
SHA256 8812f37e05dbb143cabbca198fa9f878f70978a0e0206596bdae886125e85097
SHA512 92ca6a0e016f62e0739dd6687c5253e1f5b7dc94d24f39c7388ea6c718bf1ab00cb2446fd990f9df208cbd009980f415f43529de405029fd58e2951f66d4dd47

C:\Windows\System\rHovdzR.exe

MD5 2653f27b8e2848874cae3917e12e8e58
SHA1 e5617bc2f102d6ae05a62bb518439b3b09dd7f7b
SHA256 a87278bf63c7808dd2edbcfc68449226dfe51bdc6e661a1ece286169451575f2
SHA512 a0a80761307d5b4dc21679dc8d4581a4d32afedc95ca701548ffeabfc8e8fcb7f14bd9dd5ce320428a7b5683c83611caaba7bc9f9b901688b36691269b7ace33

C:\Windows\System\MARZepK.exe

MD5 f9e5c4a3682709a239225001f8cae400
SHA1 d0ed0ff3d46faa4d9094495585aaa2b291ea905c
SHA256 4f1a5773807c455d5f154afb4018dc4c6c03b6b56de6088d0d53f3cefba46dd2
SHA512 f52ef7cab8c45391108656a5be8424ecc64b6f50647ba2aa7957de8d1f6bb15628e7158d5214db955ff3843c3106981ffb91d4f5813716646d96964179133f08

C:\Windows\System\LshvdQX.exe

MD5 bfd06210d9304995d9b61519a3b5b78a
SHA1 66b1deb17bce29afb455ee82a41f12ce89a3d999
SHA256 a634776ae3e3d6874a3988fe5ce77e2774cb051d15e76bf5b258eeff02667456
SHA512 9ad03736989d5164eb3d8ea3ef149825ee3f7fab203bdb1e1a29df985daa5cdca275da1aa2b831793c0aeec503bcdd6d222330c7b9bfb5daba96ac93c8079e23

C:\Windows\System\CgaWtIz.exe

MD5 8e9affd62e335b1a450ff73e9e3d9b92
SHA1 793380ba53dfbfa1d635bf28b7ef48cabd4addb6
SHA256 fca22b3484cc3175e97ea25521b3374ceb3e44bbc43ad69de63e3ef0dc88c9d0
SHA512 561c05b289582571de594ede8aef710e59124b3acf756533c5f10ff8430f9e95bdc725707bf8f41c450a8f055c0f8d907d288e5dd2fd817bdedc338a2a06fd46

C:\Windows\System\rJcBGDR.exe

MD5 95c8ba89891c3c92db47192c652dc90c
SHA1 9158a7b48ccf47c4c31c131dc5c975be7677e7ce
SHA256 88547abe18258ae69fc0355b33f99de549f93ab9e6b9d39d40a2014abab0e22e
SHA512 c0f1afbdf14957a2d0c296b39b31f0592b0f46b274e1c6183adfd2ef380b5ffcef2b8388007b7066a4506600f5c24b756497b4f56c6dacf78c415d76b3374f95

C:\Windows\System\Hjddnah.exe

MD5 86e953cfcff8c9a43c98e5931e818a95
SHA1 208b5b8e66b37d5b56351d85a7fe8df157a034a5
SHA256 2ae06f4b0ba048c81acf44391380c4f2c34e06807d6de7518790fdcc1257d1c8
SHA512 72b2e48a056dcf239bf97746fdd7a4643e1cc8309475538194d6086c3cbb3a04a8bbf52ecd11b5fa52b4df6a8680a33c1f342cc899a48b334ac1e0b40ff21872

memory/1284-386-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp

memory/3560-387-0x00007FF690D90000-0x00007FF6910E4000-memory.dmp

memory/2008-390-0x00007FF68AB60000-0x00007FF68AEB4000-memory.dmp

memory/2656-396-0x00007FF79D690000-0x00007FF79D9E4000-memory.dmp

memory/4740-397-0x00007FF7CF030000-0x00007FF7CF384000-memory.dmp

memory/4308-401-0x00007FF7062C0000-0x00007FF706614000-memory.dmp

memory/5016-405-0x00007FF771520000-0x00007FF771874000-memory.dmp

memory/4184-408-0x00007FF700970000-0x00007FF700CC4000-memory.dmp

memory/1580-409-0x00007FF778810000-0x00007FF778B64000-memory.dmp

memory/4668-412-0x00007FF7A9C40000-0x00007FF7A9F94000-memory.dmp

memory/4800-411-0x00007FF64F8E0000-0x00007FF64FC34000-memory.dmp

memory/640-410-0x00007FF6E5B00000-0x00007FF6E5E54000-memory.dmp

memory/4888-406-0x00007FF6D2A20000-0x00007FF6D2D74000-memory.dmp

memory/2256-404-0x00007FF7C5820000-0x00007FF7C5B74000-memory.dmp

memory/4028-389-0x00007FF6C0260000-0x00007FF6C05B4000-memory.dmp

memory/656-388-0x00007FF7E7670000-0x00007FF7E79C4000-memory.dmp

C:\Windows\System\hNnrnwT.exe

MD5 959d68449c9ad9f095f6a5210b071a93
SHA1 2ebfd368d26f710ded964109c877e591ba2f3b9d
SHA256 a8c06ffbd987cd26a573c6e785fffd1fabfb3dd6bf8545da853efe2630d78501
SHA512 1540f4941f2e5fa4617f7591c1784bf15aa99118d3d59628812b6fb4986db971aecd4313b3cf2310dbf6b96a2f7ab5d3e2550a5678a1b2459297e8f0f862007d

C:\Windows\System\DgzYVJm.exe

MD5 eb045adb7901a133d11bb13a0b936df0
SHA1 ad87214d72c5710c1414af783063be139dbd812d
SHA256 22f0fa4528b0a4f213efa0720927d38e38044ee3b18ce6b641a9cdb3d0893eea
SHA512 9bc98b830543f30a6f82b6e2ca56d5c6c3aeced6dceb16caa9ed9089db9d7d9cc70e914b63172bf020c32d1b212de91a441b146e307e12a9066d93689f29c343

C:\Windows\System\BsNCrpy.exe

MD5 aae3839fd957c5884a5c902d0a150fa4
SHA1 7a68361bfb5ffdaf0c257104aad4df07f39f2da7
SHA256 283789dfafaaf79096ed3f7691ae79ddc9b51a6d5f54390fa3268a295e64577d
SHA512 8e34ff547d15e1709de94af6657d69882e0a01c5434bd5324b6d5771a7644a675f60c7f25af82956ee411606959df38c62a8a323bab90c2017f4903f9a177f12

C:\Windows\System\vFiRUuB.exe

MD5 2cf68c89a408fed948b07067c77ff1c2
SHA1 daf03de79d21018dda2466259f4fb1326b7b7fa3
SHA256 2dc4cae8554e995c4c1c53a68ea6e9d82e858a0d9b3a22b78253bd481049dcf5
SHA512 d784c1c4c2b3238969165d050ea1e4908cc6b058181931ae53a8bd3b8f08826c561bbbc5033264044965530a69df6e2bf01df12757b8cf0868eb0d1135361cee

C:\Windows\System\rJOzUqB.exe

MD5 aa4845e98137f831c435e3346b6c1c8c
SHA1 d2af8d4b92efc43205af8726c8030f5aa57b56f0
SHA256 ab2154003e7c4b4ea7b99f41cb2a6c6fec2e48eafbfa7e509091a04914666f52
SHA512 8e4f476e9d55eba9e04b6bfa8da71c0967ab3c33f04ebea81c8d2b59be3830bae922d3da5f219546829d435a41b8df846fc7d3642401ed04b61dcbba60e2cba6

C:\Windows\System\FRSTyEC.exe

MD5 75dce752b805c776a559ecba882ba1dd
SHA1 9c66d8a3b4accbf264f8ac7f22e4f52210376b2e
SHA256 dfcd9bac2fb3493d8c8dcdd222ce96d12547112839a8963c3e32c2aafe858853
SHA512 0b4ce742ea071459a6942c81d0425aa7d7b5481b3b1cbb600badda3a38c68d3692fe23e1fa36e736c99446a2b575a5769c6b0c17047267ecbea8ada8966da6b2

C:\Windows\System\oijVAEo.exe

MD5 27b10c3e059a3f4a2bf4b837ba27457b
SHA1 3fbdf2c29b4119e81679b9fe85c79abb29c04c97
SHA256 7c4da5672bcaa0f68cd17668781ee6bc4d76a939925a96ffc247d5014bfd2e05
SHA512 6d9a4435b8eb5da65cf8885d7c83b6ffbe6bb7f189db24a376b624f5ee509661a4b569754125282a3162c3de05e0fe6501462afa862d34fbe7b5e2d7a92de6aa

C:\Windows\System\vGZjvjv.exe

MD5 47245b4e6b884d9c43d78aff7be446ae
SHA1 36a307f2f8872bbe6b9150493881e77d0d81b5bf
SHA256 9621c59865a5a971bf2c68e63efc4634491730a9b2737e045046d463f179b667
SHA512 edb5d7571709f279e6f14c2007e54f46f9cc1f1147969b39e728710a3f2b48b8e654434c730b5c54296268728c0e75fbc41847a34d6bf39c1806f2d4681f7203

C:\Windows\System\GBUneyv.exe

MD5 90a235c393aa72178c4f738337a1bdd5
SHA1 e4d99b2c28900ebb596b0de5976001c0397bfb18
SHA256 4ef8377f41bdd9de70fc9713f8781ad6a98d10df11fb1a9bca2b615e9ffb84d6
SHA512 081235ccae140ab3c86a2a3dfa236b1b2b841716a725e718c5250a90e665a7bb510d8ccc407d8955bbb0c7ec21c3b4af4e7c54562287aad55aa788f6fd826e5d

C:\Windows\System\NyHAxWl.exe

MD5 7a4198b6f849b241ca2c898e387ca392
SHA1 6d9e009072d2189b5975d71e7911bcd9054019bf
SHA256 aabc64fd3a06fc7b855a3aa5756a0f4aaa2f409d5c4e5ede79411b8db5e81296
SHA512 47a51d70510248592f471044e43c47d6e66051ae3ffd64aa37a8cb0558623becd78c52350c9fba4551f0476d12c01358c97a5b6885850c9bd76965e1ffb25276

C:\Windows\System\mGMxsnq.exe

MD5 eae12efc0bfd69dc9f26f3995a4c85f1
SHA1 d2183e89046b729279e421617230f6b6978bfd2f
SHA256 aa7046bd2fd791c6eda601c8d09db247e03065a9f4168bfe5e468eb68d71216f
SHA512 af28380824df57044a9384c1d02d8dc5a67e9d1bf54030931597ddab44da4f03a722c26c381d87f0316da7ba1249a1689ab23960dfe7c31867b55c4666198001

C:\Windows\System\cWCWWEL.exe

MD5 cb622a97c5aabb53bea6942a2b7760f6
SHA1 4f38e37bcd0d2c2b62bb7c67cb06335c122dbf4f
SHA256 857ac7bc9cca165253c625b1917a10346fa337259f6c4f9c717070f25eb49091
SHA512 73c82e7b3b93285eda9bcfbdd2a9a9b1d0c6019fc3c58e3417243f3b66027cab6f9fec4a56d384f3d41c135f4012feb335995586ce1db8cacfecfcec8ac9f4d7

memory/3752-88-0x00007FF664190000-0x00007FF6644E4000-memory.dmp

memory/3260-81-0x00007FF73F900000-0x00007FF73FC54000-memory.dmp

C:\Windows\System\YHEAAeG.exe

MD5 640031281aa1d57bb2d16817e277672d
SHA1 2f909f5bca2e1532d6c5effd92b236bc34d6034e
SHA256 981a33470879bfa9f07e1935397d8624beea50f90d369bb7d26074789d2a2c91
SHA512 cae13dd0bd29dcb342a208eec6c62f20d9903a43031efff86e54b264fc7d74e56efd35fda6acdf5c3ca5cdaa5019c30e0ef21b07c3550fe393c990135682548a

memory/4904-69-0x00007FF75BC00000-0x00007FF75BF54000-memory.dmp

memory/3000-847-0x00007FF662D30000-0x00007FF663084000-memory.dmp

memory/1696-1075-0x00007FF72F3A0000-0x00007FF72F6F4000-memory.dmp

memory/2548-1076-0x00007FF7EDFB0000-0x00007FF7EE304000-memory.dmp

memory/4904-1077-0x00007FF75BC00000-0x00007FF75BF54000-memory.dmp

memory/3260-1078-0x00007FF73F900000-0x00007FF73FC54000-memory.dmp

memory/1460-1079-0x00007FF79E170000-0x00007FF79E4C4000-memory.dmp

memory/5092-1080-0x00007FF7A6540000-0x00007FF7A6894000-memory.dmp

memory/2728-1081-0x00007FF755FC0000-0x00007FF756314000-memory.dmp

memory/4984-1082-0x00007FF6D72E0000-0x00007FF6D7634000-memory.dmp

memory/1284-1083-0x00007FF7C1270000-0x00007FF7C15C4000-memory.dmp

memory/4336-1084-0x00007FF726900000-0x00007FF726C54000-memory.dmp

memory/3000-1085-0x00007FF662D30000-0x00007FF663084000-memory.dmp

memory/820-1086-0x00007FF65BDC0000-0x00007FF65C114000-memory.dmp

memory/1696-1087-0x00007FF72F3A0000-0x00007FF72F6F4000-memory.dmp

memory/2548-1088-0x00007FF7EDFB0000-0x00007FF7EE304000-memory.dmp

memory/1272-1089-0x00007FF623410000-0x00007FF623764000-memory.dmp

memory/3260-1090-0x00007FF73F900000-0x00007FF73FC54000-memory.dmp

memory/4904-1091-0x00007FF75BC00000-0x00007FF75BF54000-memory.dmp

memory/656-1092-0x00007FF7E7670000-0x00007FF7E79C4000-memory.dmp

memory/4308-1099-0x00007FF7062C0000-0x00007FF706614000-memory.dmp

memory/2656-1098-0x00007FF79D690000-0x00007FF79D9E4000-memory.dmp

memory/4740-1097-0x00007FF7CF030000-0x00007FF7CF384000-memory.dmp

memory/2008-1096-0x00007FF68AB60000-0x00007FF68AEB4000-memory.dmp

memory/4028-1095-0x00007FF6C0260000-0x00007FF6C05B4000-memory.dmp

memory/820-1094-0x00007FF65BDC0000-0x00007FF65C114000-memory.dmp

memory/3560-1093-0x00007FF690D90000-0x00007FF6910E4000-memory.dmp

memory/1580-1101-0x00007FF778810000-0x00007FF778B64000-memory.dmp

memory/4184-1102-0x00007FF700970000-0x00007FF700CC4000-memory.dmp

memory/5016-1107-0x00007FF771520000-0x00007FF771874000-memory.dmp

memory/4800-1106-0x00007FF64F8E0000-0x00007FF64FC34000-memory.dmp

memory/4668-1105-0x00007FF7A9C40000-0x00007FF7A9F94000-memory.dmp

memory/640-1104-0x00007FF6E5B00000-0x00007FF6E5E54000-memory.dmp

memory/4888-1103-0x00007FF6D2A20000-0x00007FF6D2D74000-memory.dmp

memory/2256-1100-0x00007FF7C5820000-0x00007FF7C5B74000-memory.dmp

memory/3752-1108-0x00007FF664190000-0x00007FF6644E4000-memory.dmp

memory/3752-1109-0x00007FF664190000-0x00007FF6644E4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 02:39

Reported

2024-06-03 02:41

Platform

win7-20240508-en

Max time kernel

142s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TflfbNl.exe N/A
N/A N/A C:\Windows\System\FyCkOxq.exe N/A
N/A N/A C:\Windows\System\wMByqbe.exe N/A
N/A N/A C:\Windows\System\ADiikGy.exe N/A
N/A N/A C:\Windows\System\OJQnHNg.exe N/A
N/A N/A C:\Windows\System\rJtpvZn.exe N/A
N/A N/A C:\Windows\System\RPurETQ.exe N/A
N/A N/A C:\Windows\System\xTLrSme.exe N/A
N/A N/A C:\Windows\System\WlNZGMU.exe N/A
N/A N/A C:\Windows\System\QeausiJ.exe N/A
N/A N/A C:\Windows\System\JjzwxTf.exe N/A
N/A N/A C:\Windows\System\wrbjVPb.exe N/A
N/A N/A C:\Windows\System\kdBPLpV.exe N/A
N/A N/A C:\Windows\System\zfbZjMT.exe N/A
N/A N/A C:\Windows\System\AZsRsai.exe N/A
N/A N/A C:\Windows\System\snadLgp.exe N/A
N/A N/A C:\Windows\System\UnvMPpR.exe N/A
N/A N/A C:\Windows\System\SIZlAKs.exe N/A
N/A N/A C:\Windows\System\UFbjJBx.exe N/A
N/A N/A C:\Windows\System\XQEqUBX.exe N/A
N/A N/A C:\Windows\System\HhmeIuW.exe N/A
N/A N/A C:\Windows\System\IwCfOlZ.exe N/A
N/A N/A C:\Windows\System\mxfOeYQ.exe N/A
N/A N/A C:\Windows\System\kyIEupn.exe N/A
N/A N/A C:\Windows\System\oHyutKm.exe N/A
N/A N/A C:\Windows\System\DCyGLYY.exe N/A
N/A N/A C:\Windows\System\zRMcPDw.exe N/A
N/A N/A C:\Windows\System\KZMgFHa.exe N/A
N/A N/A C:\Windows\System\lMviKRu.exe N/A
N/A N/A C:\Windows\System\YwLwGlJ.exe N/A
N/A N/A C:\Windows\System\ZypeiyP.exe N/A
N/A N/A C:\Windows\System\DfhLvZB.exe N/A
N/A N/A C:\Windows\System\mjoaoDL.exe N/A
N/A N/A C:\Windows\System\JizfvEv.exe N/A
N/A N/A C:\Windows\System\kyOJqAn.exe N/A
N/A N/A C:\Windows\System\rXwVdtE.exe N/A
N/A N/A C:\Windows\System\ApXvOjW.exe N/A
N/A N/A C:\Windows\System\wUJuwuf.exe N/A
N/A N/A C:\Windows\System\QjjSbzh.exe N/A
N/A N/A C:\Windows\System\WJMoopE.exe N/A
N/A N/A C:\Windows\System\nMUFbQJ.exe N/A
N/A N/A C:\Windows\System\iUstUWG.exe N/A
N/A N/A C:\Windows\System\dXogqVG.exe N/A
N/A N/A C:\Windows\System\ajagkkR.exe N/A
N/A N/A C:\Windows\System\zbgAMnY.exe N/A
N/A N/A C:\Windows\System\FZadRWa.exe N/A
N/A N/A C:\Windows\System\QHIkRHm.exe N/A
N/A N/A C:\Windows\System\pkjaLtD.exe N/A
N/A N/A C:\Windows\System\XIoqGHd.exe N/A
N/A N/A C:\Windows\System\UpLtXGO.exe N/A
N/A N/A C:\Windows\System\aXZMLxo.exe N/A
N/A N/A C:\Windows\System\zRKFtBe.exe N/A
N/A N/A C:\Windows\System\DRKkpqC.exe N/A
N/A N/A C:\Windows\System\iTNNcfB.exe N/A
N/A N/A C:\Windows\System\vrQjkzu.exe N/A
N/A N/A C:\Windows\System\oXdMdbw.exe N/A
N/A N/A C:\Windows\System\izEsvxx.exe N/A
N/A N/A C:\Windows\System\YTDCUMA.exe N/A
N/A N/A C:\Windows\System\yaUZNup.exe N/A
N/A N/A C:\Windows\System\fXHYfjk.exe N/A
N/A N/A C:\Windows\System\kHftiEW.exe N/A
N/A N/A C:\Windows\System\bCpdhba.exe N/A
N/A N/A C:\Windows\System\tZWuwcE.exe N/A
N/A N/A C:\Windows\System\EGTdFBA.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZwxKafI.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\SIZlAKs.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\JizfvEv.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\JreIDoN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLDENNy.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfhLvZB.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\xvFrZqS.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\udEwTyQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJJeZbm.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDkdBiB.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfMKwhE.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\RjGUETH.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\FZKNUpN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAjEDJF.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLMTxRd.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\PEhzmIS.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\auOyAZA.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSCthrO.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\nikFFfe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjGspgo.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwCfOlZ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOnuNOo.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWbMxNC.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwUEWFB.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXwVdtE.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOcJitv.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcGfHWg.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTDCUMA.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddDjrpN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxSNVfh.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSyzBrX.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPOQytZ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGfBEor.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCyGLYY.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRKFtBe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORKYdqN.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\Csdjrth.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlNZGMU.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\kgSaqHQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTxWLJe.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppbVgNX.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzKvBRz.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzhQGHU.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJCwvwu.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyIEupn.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\wkbDkNf.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxHUhZu.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZMrvHx.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDZtKuR.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwgHPwG.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\TtCjyll.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMiDcTr.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIoqGHd.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIXzQNE.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmtrpSD.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeIBEjC.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHghtdn.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzdhJTg.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\msVboft.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\AigQzCA.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\EtQRoCQ.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUJuwuf.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajagkkR.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASvjdvm.exe C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1728 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\TflfbNl.exe
PID 1728 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\TflfbNl.exe
PID 1728 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\TflfbNl.exe
PID 1728 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\FyCkOxq.exe
PID 1728 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\FyCkOxq.exe
PID 1728 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\FyCkOxq.exe
PID 1728 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\ADiikGy.exe
PID 1728 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\ADiikGy.exe
PID 1728 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\ADiikGy.exe
PID 1728 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wMByqbe.exe
PID 1728 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wMByqbe.exe
PID 1728 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wMByqbe.exe
PID 1728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\xTLrSme.exe
PID 1728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\xTLrSme.exe
PID 1728 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\xTLrSme.exe
PID 1728 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\OJQnHNg.exe
PID 1728 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\OJQnHNg.exe
PID 1728 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\OJQnHNg.exe
PID 1728 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\WlNZGMU.exe
PID 1728 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\WlNZGMU.exe
PID 1728 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\WlNZGMU.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJtpvZn.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJtpvZn.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\rJtpvZn.exe
PID 1728 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\QeausiJ.exe
PID 1728 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\QeausiJ.exe
PID 1728 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\QeausiJ.exe
PID 1728 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\RPurETQ.exe
PID 1728 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\RPurETQ.exe
PID 1728 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\RPurETQ.exe
PID 1728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\JjzwxTf.exe
PID 1728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\JjzwxTf.exe
PID 1728 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\JjzwxTf.exe
PID 1728 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wrbjVPb.exe
PID 1728 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wrbjVPb.exe
PID 1728 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\wrbjVPb.exe
PID 1728 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\kdBPLpV.exe
PID 1728 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\kdBPLpV.exe
PID 1728 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\kdBPLpV.exe
PID 1728 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\zfbZjMT.exe
PID 1728 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\zfbZjMT.exe
PID 1728 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\zfbZjMT.exe
PID 1728 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\AZsRsai.exe
PID 1728 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\AZsRsai.exe
PID 1728 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\AZsRsai.exe
PID 1728 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\snadLgp.exe
PID 1728 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\snadLgp.exe
PID 1728 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\snadLgp.exe
PID 1728 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UnvMPpR.exe
PID 1728 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UnvMPpR.exe
PID 1728 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UnvMPpR.exe
PID 1728 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\SIZlAKs.exe
PID 1728 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\SIZlAKs.exe
PID 1728 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\SIZlAKs.exe
PID 1728 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UFbjJBx.exe
PID 1728 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UFbjJBx.exe
PID 1728 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\UFbjJBx.exe
PID 1728 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\XQEqUBX.exe
PID 1728 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\XQEqUBX.exe
PID 1728 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\XQEqUBX.exe
PID 1728 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\HhmeIuW.exe
PID 1728 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\HhmeIuW.exe
PID 1728 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\HhmeIuW.exe
PID 1728 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe C:\Windows\System\IwCfOlZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9886f33742cdc768628eebf7540e5b50_NeikiAnalytics.exe"

C:\Windows\System\TflfbNl.exe

C:\Windows\System\TflfbNl.exe

C:\Windows\System\FyCkOxq.exe

C:\Windows\System\FyCkOxq.exe

C:\Windows\System\ADiikGy.exe

C:\Windows\System\ADiikGy.exe

C:\Windows\System\wMByqbe.exe

C:\Windows\System\wMByqbe.exe

C:\Windows\System\xTLrSme.exe

C:\Windows\System\xTLrSme.exe

C:\Windows\System\OJQnHNg.exe

C:\Windows\System\OJQnHNg.exe

C:\Windows\System\WlNZGMU.exe

C:\Windows\System\WlNZGMU.exe

C:\Windows\System\rJtpvZn.exe

C:\Windows\System\rJtpvZn.exe

C:\Windows\System\QeausiJ.exe

C:\Windows\System\QeausiJ.exe

C:\Windows\System\RPurETQ.exe

C:\Windows\System\RPurETQ.exe

C:\Windows\System\JjzwxTf.exe

C:\Windows\System\JjzwxTf.exe

C:\Windows\System\wrbjVPb.exe

C:\Windows\System\wrbjVPb.exe

C:\Windows\System\kdBPLpV.exe

C:\Windows\System\kdBPLpV.exe

C:\Windows\System\zfbZjMT.exe

C:\Windows\System\zfbZjMT.exe

C:\Windows\System\AZsRsai.exe

C:\Windows\System\AZsRsai.exe

C:\Windows\System\snadLgp.exe

C:\Windows\System\snadLgp.exe

C:\Windows\System\UnvMPpR.exe

C:\Windows\System\UnvMPpR.exe

C:\Windows\System\SIZlAKs.exe

C:\Windows\System\SIZlAKs.exe

C:\Windows\System\UFbjJBx.exe

C:\Windows\System\UFbjJBx.exe

C:\Windows\System\XQEqUBX.exe

C:\Windows\System\XQEqUBX.exe

C:\Windows\System\HhmeIuW.exe

C:\Windows\System\HhmeIuW.exe

C:\Windows\System\IwCfOlZ.exe

C:\Windows\System\IwCfOlZ.exe

C:\Windows\System\mxfOeYQ.exe

C:\Windows\System\mxfOeYQ.exe

C:\Windows\System\kyIEupn.exe

C:\Windows\System\kyIEupn.exe

C:\Windows\System\oHyutKm.exe

C:\Windows\System\oHyutKm.exe

C:\Windows\System\DCyGLYY.exe

C:\Windows\System\DCyGLYY.exe

C:\Windows\System\zRMcPDw.exe

C:\Windows\System\zRMcPDw.exe

C:\Windows\System\KZMgFHa.exe

C:\Windows\System\KZMgFHa.exe

C:\Windows\System\lMviKRu.exe

C:\Windows\System\lMviKRu.exe

C:\Windows\System\YwLwGlJ.exe

C:\Windows\System\YwLwGlJ.exe

C:\Windows\System\ZypeiyP.exe

C:\Windows\System\ZypeiyP.exe

C:\Windows\System\DfhLvZB.exe

C:\Windows\System\DfhLvZB.exe

C:\Windows\System\mjoaoDL.exe

C:\Windows\System\mjoaoDL.exe

C:\Windows\System\JizfvEv.exe

C:\Windows\System\JizfvEv.exe

C:\Windows\System\kyOJqAn.exe

C:\Windows\System\kyOJqAn.exe

C:\Windows\System\rXwVdtE.exe

C:\Windows\System\rXwVdtE.exe

C:\Windows\System\ApXvOjW.exe

C:\Windows\System\ApXvOjW.exe

C:\Windows\System\wUJuwuf.exe

C:\Windows\System\wUJuwuf.exe

C:\Windows\System\QjjSbzh.exe

C:\Windows\System\QjjSbzh.exe

C:\Windows\System\WJMoopE.exe

C:\Windows\System\WJMoopE.exe

C:\Windows\System\nMUFbQJ.exe

C:\Windows\System\nMUFbQJ.exe

C:\Windows\System\iUstUWG.exe

C:\Windows\System\iUstUWG.exe

C:\Windows\System\dXogqVG.exe

C:\Windows\System\dXogqVG.exe

C:\Windows\System\ajagkkR.exe

C:\Windows\System\ajagkkR.exe

C:\Windows\System\zbgAMnY.exe

C:\Windows\System\zbgAMnY.exe

C:\Windows\System\FZadRWa.exe

C:\Windows\System\FZadRWa.exe

C:\Windows\System\QHIkRHm.exe

C:\Windows\System\QHIkRHm.exe

C:\Windows\System\pkjaLtD.exe

C:\Windows\System\pkjaLtD.exe

C:\Windows\System\XIoqGHd.exe

C:\Windows\System\XIoqGHd.exe

C:\Windows\System\UpLtXGO.exe

C:\Windows\System\UpLtXGO.exe

C:\Windows\System\aXZMLxo.exe

C:\Windows\System\aXZMLxo.exe

C:\Windows\System\zRKFtBe.exe

C:\Windows\System\zRKFtBe.exe

C:\Windows\System\DRKkpqC.exe

C:\Windows\System\DRKkpqC.exe

C:\Windows\System\iTNNcfB.exe

C:\Windows\System\iTNNcfB.exe

C:\Windows\System\vrQjkzu.exe

C:\Windows\System\vrQjkzu.exe

C:\Windows\System\oXdMdbw.exe

C:\Windows\System\oXdMdbw.exe

C:\Windows\System\izEsvxx.exe

C:\Windows\System\izEsvxx.exe

C:\Windows\System\YTDCUMA.exe

C:\Windows\System\YTDCUMA.exe

C:\Windows\System\yaUZNup.exe

C:\Windows\System\yaUZNup.exe

C:\Windows\System\fXHYfjk.exe

C:\Windows\System\fXHYfjk.exe

C:\Windows\System\kHftiEW.exe

C:\Windows\System\kHftiEW.exe

C:\Windows\System\bCpdhba.exe

C:\Windows\System\bCpdhba.exe

C:\Windows\System\tZWuwcE.exe

C:\Windows\System\tZWuwcE.exe

C:\Windows\System\EGTdFBA.exe

C:\Windows\System\EGTdFBA.exe

C:\Windows\System\qKXKYcx.exe

C:\Windows\System\qKXKYcx.exe

C:\Windows\System\wdXdhOS.exe

C:\Windows\System\wdXdhOS.exe

C:\Windows\System\HtYjKhC.exe

C:\Windows\System\HtYjKhC.exe

C:\Windows\System\eEICrGR.exe

C:\Windows\System\eEICrGR.exe

C:\Windows\System\eYVFaPL.exe

C:\Windows\System\eYVFaPL.exe

C:\Windows\System\mCfbhyR.exe

C:\Windows\System\mCfbhyR.exe

C:\Windows\System\JreIDoN.exe

C:\Windows\System\JreIDoN.exe

C:\Windows\System\vaUzoYN.exe

C:\Windows\System\vaUzoYN.exe

C:\Windows\System\BOnuNOo.exe

C:\Windows\System\BOnuNOo.exe

C:\Windows\System\YwpSDde.exe

C:\Windows\System\YwpSDde.exe

C:\Windows\System\DILpjgs.exe

C:\Windows\System\DILpjgs.exe

C:\Windows\System\AtAJOwD.exe

C:\Windows\System\AtAJOwD.exe

C:\Windows\System\MMaguMd.exe

C:\Windows\System\MMaguMd.exe

C:\Windows\System\MjPVUQN.exe

C:\Windows\System\MjPVUQN.exe

C:\Windows\System\rGGeHtX.exe

C:\Windows\System\rGGeHtX.exe

C:\Windows\System\iMJZGTd.exe

C:\Windows\System\iMJZGTd.exe

C:\Windows\System\ASvjdvm.exe

C:\Windows\System\ASvjdvm.exe

C:\Windows\System\qnLWqrg.exe

C:\Windows\System\qnLWqrg.exe

C:\Windows\System\ldnCbSa.exe

C:\Windows\System\ldnCbSa.exe

C:\Windows\System\NivvLmz.exe

C:\Windows\System\NivvLmz.exe

C:\Windows\System\kgSaqHQ.exe

C:\Windows\System\kgSaqHQ.exe

C:\Windows\System\aDCCwFu.exe

C:\Windows\System\aDCCwFu.exe

C:\Windows\System\PAjEDJF.exe

C:\Windows\System\PAjEDJF.exe

C:\Windows\System\YvkSGwX.exe

C:\Windows\System\YvkSGwX.exe

C:\Windows\System\YAyafiK.exe

C:\Windows\System\YAyafiK.exe

C:\Windows\System\fPvuGnd.exe

C:\Windows\System\fPvuGnd.exe

C:\Windows\System\KSQhNtA.exe

C:\Windows\System\KSQhNtA.exe

C:\Windows\System\RwkeKmf.exe

C:\Windows\System\RwkeKmf.exe

C:\Windows\System\pSsHBEZ.exe

C:\Windows\System\pSsHBEZ.exe

C:\Windows\System\pgjTLjl.exe

C:\Windows\System\pgjTLjl.exe

C:\Windows\System\CeddBZU.exe

C:\Windows\System\CeddBZU.exe

C:\Windows\System\DznlEMg.exe

C:\Windows\System\DznlEMg.exe

C:\Windows\System\ejntHQj.exe

C:\Windows\System\ejntHQj.exe

C:\Windows\System\abTNxXw.exe

C:\Windows\System\abTNxXw.exe

C:\Windows\System\FmqKbdz.exe

C:\Windows\System\FmqKbdz.exe

C:\Windows\System\awlFACd.exe

C:\Windows\System\awlFACd.exe

C:\Windows\System\eedEzxk.exe

C:\Windows\System\eedEzxk.exe

C:\Windows\System\tlyaMVz.exe

C:\Windows\System\tlyaMVz.exe

C:\Windows\System\eAUioHG.exe

C:\Windows\System\eAUioHG.exe

C:\Windows\System\FouTAjh.exe

C:\Windows\System\FouTAjh.exe

C:\Windows\System\znkygjo.exe

C:\Windows\System\znkygjo.exe

C:\Windows\System\yLMTxRd.exe

C:\Windows\System\yLMTxRd.exe

C:\Windows\System\vHQLBTw.exe

C:\Windows\System\vHQLBTw.exe

C:\Windows\System\BkmjlZW.exe

C:\Windows\System\BkmjlZW.exe

C:\Windows\System\FncyHEw.exe

C:\Windows\System\FncyHEw.exe

C:\Windows\System\eISyOzQ.exe

C:\Windows\System\eISyOzQ.exe

C:\Windows\System\sNTnRkx.exe

C:\Windows\System\sNTnRkx.exe

C:\Windows\System\uNvYIii.exe

C:\Windows\System\uNvYIii.exe

C:\Windows\System\QUlTBAE.exe

C:\Windows\System\QUlTBAE.exe

C:\Windows\System\VSrKDGV.exe

C:\Windows\System\VSrKDGV.exe

C:\Windows\System\ddDjrpN.exe

C:\Windows\System\ddDjrpN.exe

C:\Windows\System\dDSKGQl.exe

C:\Windows\System\dDSKGQl.exe

C:\Windows\System\kwzUEUN.exe

C:\Windows\System\kwzUEUN.exe

C:\Windows\System\VwXrUhZ.exe

C:\Windows\System\VwXrUhZ.exe

C:\Windows\System\QwoDqAx.exe

C:\Windows\System\QwoDqAx.exe

C:\Windows\System\PyTewxw.exe

C:\Windows\System\PyTewxw.exe

C:\Windows\System\NWbMxNC.exe

C:\Windows\System\NWbMxNC.exe

C:\Windows\System\IYAglQP.exe

C:\Windows\System\IYAglQP.exe

C:\Windows\System\xDREbpv.exe

C:\Windows\System\xDREbpv.exe

C:\Windows\System\QQTLJdS.exe

C:\Windows\System\QQTLJdS.exe

C:\Windows\System\rvrmfWg.exe

C:\Windows\System\rvrmfWg.exe

C:\Windows\System\elginAC.exe

C:\Windows\System\elginAC.exe

C:\Windows\System\POIdNtP.exe

C:\Windows\System\POIdNtP.exe

C:\Windows\System\BKyujls.exe

C:\Windows\System\BKyujls.exe

C:\Windows\System\CHBJOGj.exe

C:\Windows\System\CHBJOGj.exe

C:\Windows\System\PEhzmIS.exe

C:\Windows\System\PEhzmIS.exe

C:\Windows\System\KLDENNy.exe

C:\Windows\System\KLDENNy.exe

C:\Windows\System\auOyAZA.exe

C:\Windows\System\auOyAZA.exe

C:\Windows\System\MNPllSu.exe

C:\Windows\System\MNPllSu.exe

C:\Windows\System\FnBPujD.exe

C:\Windows\System\FnBPujD.exe

C:\Windows\System\arqVsvO.exe

C:\Windows\System\arqVsvO.exe

C:\Windows\System\XTxWLJe.exe

C:\Windows\System\XTxWLJe.exe

C:\Windows\System\UHvsXpg.exe

C:\Windows\System\UHvsXpg.exe

C:\Windows\System\HzKvBRz.exe

C:\Windows\System\HzKvBRz.exe

C:\Windows\System\FInynPN.exe

C:\Windows\System\FInynPN.exe

C:\Windows\System\GJwiKRP.exe

C:\Windows\System\GJwiKRP.exe

C:\Windows\System\AShiBYs.exe

C:\Windows\System\AShiBYs.exe

C:\Windows\System\lIXzQNE.exe

C:\Windows\System\lIXzQNE.exe

C:\Windows\System\AArpFTk.exe

C:\Windows\System\AArpFTk.exe

C:\Windows\System\jZFurVJ.exe

C:\Windows\System\jZFurVJ.exe

C:\Windows\System\GnusexA.exe

C:\Windows\System\GnusexA.exe

C:\Windows\System\FmtrpSD.exe

C:\Windows\System\FmtrpSD.exe

C:\Windows\System\qJVcLNX.exe

C:\Windows\System\qJVcLNX.exe

C:\Windows\System\EZwkWXx.exe

C:\Windows\System\EZwkWXx.exe

C:\Windows\System\xwUEWFB.exe

C:\Windows\System\xwUEWFB.exe

C:\Windows\System\ORKYdqN.exe

C:\Windows\System\ORKYdqN.exe

C:\Windows\System\iIqNVqw.exe

C:\Windows\System\iIqNVqw.exe

C:\Windows\System\wfdoDtn.exe

C:\Windows\System\wfdoDtn.exe

C:\Windows\System\FdMYBqX.exe

C:\Windows\System\FdMYBqX.exe

C:\Windows\System\jrYPcUG.exe

C:\Windows\System\jrYPcUG.exe

C:\Windows\System\dLOvgKc.exe

C:\Windows\System\dLOvgKc.exe

C:\Windows\System\hQzzXfB.exe

C:\Windows\System\hQzzXfB.exe

C:\Windows\System\REkMptb.exe

C:\Windows\System\REkMptb.exe

C:\Windows\System\XyRlUYF.exe

C:\Windows\System\XyRlUYF.exe

C:\Windows\System\JofzULK.exe

C:\Windows\System\JofzULK.exe

C:\Windows\System\EHzIXcF.exe

C:\Windows\System\EHzIXcF.exe

C:\Windows\System\zhaCvsL.exe

C:\Windows\System\zhaCvsL.exe

C:\Windows\System\IUMsJJH.exe

C:\Windows\System\IUMsJJH.exe

C:\Windows\System\aGrIlIa.exe

C:\Windows\System\aGrIlIa.exe

C:\Windows\System\XCgATbP.exe

C:\Windows\System\XCgATbP.exe

C:\Windows\System\AGYeXlV.exe

C:\Windows\System\AGYeXlV.exe

C:\Windows\System\tkJZoDX.exe

C:\Windows\System\tkJZoDX.exe

C:\Windows\System\qDkdBiB.exe

C:\Windows\System\qDkdBiB.exe

C:\Windows\System\LXJqibm.exe

C:\Windows\System\LXJqibm.exe

C:\Windows\System\xnEudiY.exe

C:\Windows\System\xnEudiY.exe

C:\Windows\System\RfMKwhE.exe

C:\Windows\System\RfMKwhE.exe

C:\Windows\System\NfcrmKW.exe

C:\Windows\System\NfcrmKW.exe

C:\Windows\System\ibGetuD.exe

C:\Windows\System\ibGetuD.exe

C:\Windows\System\vDxRwMn.exe

C:\Windows\System\vDxRwMn.exe

C:\Windows\System\ZwxKafI.exe

C:\Windows\System\ZwxKafI.exe

C:\Windows\System\LgGiOgB.exe

C:\Windows\System\LgGiOgB.exe

C:\Windows\System\MiYjScn.exe

C:\Windows\System\MiYjScn.exe

C:\Windows\System\zNuokIt.exe

C:\Windows\System\zNuokIt.exe

C:\Windows\System\HzhQGHU.exe

C:\Windows\System\HzhQGHU.exe

C:\Windows\System\IOnyqOE.exe

C:\Windows\System\IOnyqOE.exe

C:\Windows\System\WfRhvnS.exe

C:\Windows\System\WfRhvnS.exe

C:\Windows\System\tMFzqLI.exe

C:\Windows\System\tMFzqLI.exe

C:\Windows\System\WeIBEjC.exe

C:\Windows\System\WeIBEjC.exe

C:\Windows\System\SMyBccc.exe

C:\Windows\System\SMyBccc.exe

C:\Windows\System\xoDckxg.exe

C:\Windows\System\xoDckxg.exe

C:\Windows\System\trRkrUv.exe

C:\Windows\System\trRkrUv.exe

C:\Windows\System\FBbzrme.exe

C:\Windows\System\FBbzrme.exe

C:\Windows\System\VgzckSY.exe

C:\Windows\System\VgzckSY.exe

C:\Windows\System\gDZtKuR.exe

C:\Windows\System\gDZtKuR.exe

C:\Windows\System\JeFnTBC.exe

C:\Windows\System\JeFnTBC.exe

C:\Windows\System\Axqlola.exe

C:\Windows\System\Axqlola.exe

C:\Windows\System\XdQeSJc.exe

C:\Windows\System\XdQeSJc.exe

C:\Windows\System\pOCLTin.exe

C:\Windows\System\pOCLTin.exe

C:\Windows\System\VatCHcy.exe

C:\Windows\System\VatCHcy.exe

C:\Windows\System\DjNmxJN.exe

C:\Windows\System\DjNmxJN.exe

C:\Windows\System\xcLrfjl.exe

C:\Windows\System\xcLrfjl.exe

C:\Windows\System\AdfUdDF.exe

C:\Windows\System\AdfUdDF.exe

C:\Windows\System\OtOpVzt.exe

C:\Windows\System\OtOpVzt.exe

C:\Windows\System\RjGUETH.exe

C:\Windows\System\RjGUETH.exe

C:\Windows\System\NxSNVfh.exe

C:\Windows\System\NxSNVfh.exe

C:\Windows\System\IjfyQXa.exe

C:\Windows\System\IjfyQXa.exe

C:\Windows\System\dSyVUTF.exe

C:\Windows\System\dSyVUTF.exe

C:\Windows\System\TPLcSiD.exe

C:\Windows\System\TPLcSiD.exe

C:\Windows\System\HksFJsA.exe

C:\Windows\System\HksFJsA.exe

C:\Windows\System\SeoCyJV.exe

C:\Windows\System\SeoCyJV.exe

C:\Windows\System\lvJhxyv.exe

C:\Windows\System\lvJhxyv.exe

C:\Windows\System\zjGspgo.exe

C:\Windows\System\zjGspgo.exe

C:\Windows\System\wkbDkNf.exe

C:\Windows\System\wkbDkNf.exe

C:\Windows\System\NODjrTT.exe

C:\Windows\System\NODjrTT.exe

C:\Windows\System\KdAfYbX.exe

C:\Windows\System\KdAfYbX.exe

C:\Windows\System\RtdZzyQ.exe

C:\Windows\System\RtdZzyQ.exe

C:\Windows\System\nxHUhZu.exe

C:\Windows\System\nxHUhZu.exe

C:\Windows\System\qKxutXk.exe

C:\Windows\System\qKxutXk.exe

C:\Windows\System\KfzyoBG.exe

C:\Windows\System\KfzyoBG.exe

C:\Windows\System\hvpJvGw.exe

C:\Windows\System\hvpJvGw.exe

C:\Windows\System\AigQzCA.exe

C:\Windows\System\AigQzCA.exe

C:\Windows\System\xwgHPwG.exe

C:\Windows\System\xwgHPwG.exe

C:\Windows\System\FZKNUpN.exe

C:\Windows\System\FZKNUpN.exe

C:\Windows\System\cUPQfWS.exe

C:\Windows\System\cUPQfWS.exe

C:\Windows\System\gIotqnn.exe

C:\Windows\System\gIotqnn.exe

C:\Windows\System\EOxmlBJ.exe

C:\Windows\System\EOxmlBJ.exe

C:\Windows\System\SCkGwzo.exe

C:\Windows\System\SCkGwzo.exe

C:\Windows\System\sxTGGFS.exe

C:\Windows\System\sxTGGFS.exe

C:\Windows\System\Csdjrth.exe

C:\Windows\System\Csdjrth.exe

C:\Windows\System\YDHHwDO.exe

C:\Windows\System\YDHHwDO.exe

C:\Windows\System\jZMrvHx.exe

C:\Windows\System\jZMrvHx.exe

C:\Windows\System\BsOPfAu.exe

C:\Windows\System\BsOPfAu.exe

C:\Windows\System\TtCjyll.exe

C:\Windows\System\TtCjyll.exe

C:\Windows\System\CHXKCbe.exe

C:\Windows\System\CHXKCbe.exe

C:\Windows\System\mGskELB.exe

C:\Windows\System\mGskELB.exe

C:\Windows\System\ekwyIdZ.exe

C:\Windows\System\ekwyIdZ.exe

C:\Windows\System\swHCmNk.exe

C:\Windows\System\swHCmNk.exe

C:\Windows\System\JFKSuEO.exe

C:\Windows\System\JFKSuEO.exe

C:\Windows\System\qJCwvwu.exe

C:\Windows\System\qJCwvwu.exe

C:\Windows\System\gSCthrO.exe

C:\Windows\System\gSCthrO.exe

C:\Windows\System\nSyzBrX.exe

C:\Windows\System\nSyzBrX.exe

C:\Windows\System\xvFrZqS.exe

C:\Windows\System\xvFrZqS.exe

C:\Windows\System\SGskvdI.exe

C:\Windows\System\SGskvdI.exe

C:\Windows\System\udEwTyQ.exe

C:\Windows\System\udEwTyQ.exe

C:\Windows\System\PtAnrAm.exe

C:\Windows\System\PtAnrAm.exe

C:\Windows\System\CuKzHUL.exe

C:\Windows\System\CuKzHUL.exe

C:\Windows\System\YMiDcTr.exe

C:\Windows\System\YMiDcTr.exe

C:\Windows\System\cTXuTHt.exe

C:\Windows\System\cTXuTHt.exe

C:\Windows\System\fEIOkNz.exe

C:\Windows\System\fEIOkNz.exe

C:\Windows\System\QtczsNb.exe

C:\Windows\System\QtczsNb.exe

C:\Windows\System\qbIslAi.exe

C:\Windows\System\qbIslAi.exe

C:\Windows\System\WBNEwto.exe

C:\Windows\System\WBNEwto.exe

C:\Windows\System\PwAqzEl.exe

C:\Windows\System\PwAqzEl.exe

C:\Windows\System\nGknvve.exe

C:\Windows\System\nGknvve.exe

C:\Windows\System\klDiScO.exe

C:\Windows\System\klDiScO.exe

C:\Windows\System\pxuKQdr.exe

C:\Windows\System\pxuKQdr.exe

C:\Windows\System\sMeJuxR.exe

C:\Windows\System\sMeJuxR.exe

C:\Windows\System\BgDCvLZ.exe

C:\Windows\System\BgDCvLZ.exe

C:\Windows\System\nikFFfe.exe

C:\Windows\System\nikFFfe.exe

C:\Windows\System\wnTHCWY.exe

C:\Windows\System\wnTHCWY.exe

C:\Windows\System\tloynIB.exe

C:\Windows\System\tloynIB.exe

C:\Windows\System\mdnVNht.exe

C:\Windows\System\mdnVNht.exe

C:\Windows\System\qKBhltD.exe

C:\Windows\System\qKBhltD.exe

C:\Windows\System\jlKeWyD.exe

C:\Windows\System\jlKeWyD.exe

C:\Windows\System\MpciKDm.exe

C:\Windows\System\MpciKDm.exe

C:\Windows\System\QOcJitv.exe

C:\Windows\System\QOcJitv.exe

C:\Windows\System\ppbVgNX.exe

C:\Windows\System\ppbVgNX.exe

C:\Windows\System\sgvBeuP.exe

C:\Windows\System\sgvBeuP.exe

C:\Windows\System\CstLKyp.exe

C:\Windows\System\CstLKyp.exe

C:\Windows\System\kkySXfx.exe

C:\Windows\System\kkySXfx.exe

C:\Windows\System\QHghtdn.exe

C:\Windows\System\QHghtdn.exe

C:\Windows\System\GCemUYv.exe

C:\Windows\System\GCemUYv.exe

C:\Windows\System\aHzDFSC.exe

C:\Windows\System\aHzDFSC.exe

C:\Windows\System\IRaIPpV.exe

C:\Windows\System\IRaIPpV.exe

C:\Windows\System\Nwusfac.exe

C:\Windows\System\Nwusfac.exe

C:\Windows\System\vjEchkB.exe

C:\Windows\System\vjEchkB.exe

C:\Windows\System\heLvLXD.exe

C:\Windows\System\heLvLXD.exe

C:\Windows\System\jzJZtQd.exe

C:\Windows\System\jzJZtQd.exe

C:\Windows\System\YoOiKYk.exe

C:\Windows\System\YoOiKYk.exe

C:\Windows\System\tPOQytZ.exe

C:\Windows\System\tPOQytZ.exe

C:\Windows\System\UoKkBXx.exe

C:\Windows\System\UoKkBXx.exe

C:\Windows\System\tUFYQns.exe

C:\Windows\System\tUFYQns.exe

C:\Windows\System\XSCdYnd.exe

C:\Windows\System\XSCdYnd.exe

C:\Windows\System\VoDoZBB.exe

C:\Windows\System\VoDoZBB.exe

C:\Windows\System\HOaWmWu.exe

C:\Windows\System\HOaWmWu.exe

C:\Windows\System\xMPmkNQ.exe

C:\Windows\System\xMPmkNQ.exe

C:\Windows\System\LKDQqop.exe

C:\Windows\System\LKDQqop.exe

C:\Windows\System\QcbaNfJ.exe

C:\Windows\System\QcbaNfJ.exe

C:\Windows\System\UgYEBPO.exe

C:\Windows\System\UgYEBPO.exe

C:\Windows\System\wFWYKap.exe

C:\Windows\System\wFWYKap.exe

C:\Windows\System\KzdhJTg.exe

C:\Windows\System\KzdhJTg.exe

C:\Windows\System\nOvlkNF.exe

C:\Windows\System\nOvlkNF.exe

C:\Windows\System\dFrWKyx.exe

C:\Windows\System\dFrWKyx.exe

C:\Windows\System\RalPnbh.exe

C:\Windows\System\RalPnbh.exe

C:\Windows\System\FquGCmo.exe

C:\Windows\System\FquGCmo.exe

C:\Windows\System\jgdnTQj.exe

C:\Windows\System\jgdnTQj.exe

C:\Windows\System\QcaicEK.exe

C:\Windows\System\QcaicEK.exe

C:\Windows\System\TJJeZbm.exe

C:\Windows\System\TJJeZbm.exe

C:\Windows\System\hyZnoiN.exe

C:\Windows\System\hyZnoiN.exe

C:\Windows\System\qSyOcfQ.exe

C:\Windows\System\qSyOcfQ.exe

C:\Windows\System\cWWecAs.exe

C:\Windows\System\cWWecAs.exe

C:\Windows\System\kHYWALw.exe

C:\Windows\System\kHYWALw.exe

C:\Windows\System\EtQRoCQ.exe

C:\Windows\System\EtQRoCQ.exe

C:\Windows\System\QVmVteS.exe

C:\Windows\System\QVmVteS.exe

C:\Windows\System\uJuUeqr.exe

C:\Windows\System\uJuUeqr.exe

C:\Windows\System\qtjqiuR.exe

C:\Windows\System\qtjqiuR.exe

C:\Windows\System\EdrLwLh.exe

C:\Windows\System\EdrLwLh.exe

C:\Windows\System\eFpNEFe.exe

C:\Windows\System\eFpNEFe.exe

C:\Windows\System\msVboft.exe

C:\Windows\System\msVboft.exe

C:\Windows\System\TnFXNZG.exe

C:\Windows\System\TnFXNZG.exe

C:\Windows\System\TlhAIWG.exe

C:\Windows\System\TlhAIWG.exe

C:\Windows\System\WjvdOgp.exe

C:\Windows\System\WjvdOgp.exe

C:\Windows\System\GQyeryC.exe

C:\Windows\System\GQyeryC.exe

C:\Windows\System\VIRsBGK.exe

C:\Windows\System\VIRsBGK.exe

C:\Windows\System\olVpOmP.exe

C:\Windows\System\olVpOmP.exe

C:\Windows\System\vflfETT.exe

C:\Windows\System\vflfETT.exe

C:\Windows\System\NjVplLb.exe

C:\Windows\System\NjVplLb.exe

C:\Windows\System\CQWDrCE.exe

C:\Windows\System\CQWDrCE.exe

C:\Windows\System\pBYvAaK.exe

C:\Windows\System\pBYvAaK.exe

C:\Windows\System\OcGfHWg.exe

C:\Windows\System\OcGfHWg.exe

C:\Windows\System\gofevtd.exe

C:\Windows\System\gofevtd.exe

C:\Windows\System\BKwxpAy.exe

C:\Windows\System\BKwxpAy.exe

C:\Windows\System\GZMAwGW.exe

C:\Windows\System\GZMAwGW.exe

C:\Windows\System\ezEoUCg.exe

C:\Windows\System\ezEoUCg.exe

C:\Windows\System\ZzyxMUQ.exe

C:\Windows\System\ZzyxMUQ.exe

C:\Windows\System\zwCLVOG.exe

C:\Windows\System\zwCLVOG.exe

C:\Windows\System\UMHQDWk.exe

C:\Windows\System\UMHQDWk.exe

C:\Windows\System\fLsqSit.exe

C:\Windows\System\fLsqSit.exe

C:\Windows\System\DGfBEor.exe

C:\Windows\System\DGfBEor.exe

C:\Windows\System\mlXoEzm.exe

C:\Windows\System\mlXoEzm.exe

C:\Windows\System\rFNKhJM.exe

C:\Windows\System\rFNKhJM.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1728-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/1728-1-0x000000013FD90000-0x00000001400E4000-memory.dmp

C:\Windows\system\TflfbNl.exe

MD5 ead3c24e614f1ddd844dd3c9f8b5ed6d
SHA1 070f5a0229ec1252db4326564f9db6666c9d2a6a
SHA256 afdd01108b3c474672aaed6ce734bf614a707a7fbc238c80d41fdb4c824f808d
SHA512 490e0a4b059ef7798fe96fb9fa24e2f1439d5ebf6a9f45423b28fa63cf822cef64dd83ac4f79e370ffc1d6e052b154b9eb2abd98047feb7abec8b9e3b4863f15

C:\Windows\system\FyCkOxq.exe

MD5 7de287112fda7816934631c5e8f0033d
SHA1 97428ea0add301514c18ead4ee62053ac7136eb5
SHA256 e244450c46d965fab78ed2b59c4db69422e0dad36eaa6527783165cdc6dec5aa
SHA512 3e6236835c2db0c9ce8973f4659e57cc01e31d565d742033c48e145523808862525ab2f6ce9931eff05dd665b723e46ffa8e0da18c0178908b3af90803fbb5f0

memory/2860-9-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/2160-22-0x000000013F510000-0x000000013F864000-memory.dmp

C:\Windows\system\RPurETQ.exe

MD5 932cc43fb52e50d71d3b779b25eb9457
SHA1 a8e37f3646b5311c567a1c3b7b635bfc14aa2dd9
SHA256 9c87e76c6157e4a9d86af487dbf5d403c62ebe6853e3a85fcf019e14c4e112d9
SHA512 07fc571846ac29043288342614f35f74d787b716ef8ad430d1ca1cb9fd554e4de41649356f11115a098290744fc1229c8e09a0d0dfb4e602404b99853212d60f

memory/2432-56-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/1728-57-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2728-55-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2640-37-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/1728-84-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/1728-98-0x000000013FD90000-0x00000001400E4000-memory.dmp

C:\Windows\system\YwLwGlJ.exe

MD5 f9fdbe179c22141d5037b1dd93705be3
SHA1 77cd3395e1a955960ff1ad9e6479d056445b4066
SHA256 65ee67f554a582b3f2899a138bcc5b505933052fa95f8717cb247fb2923adb9a
SHA512 e53d02eeb022165b1f2b2e32b3e2e7290f984389c1e4a145b2ddfdcc53e596d63e91ae7bc2779179c428bfb8faa93f8861307e1a987e40482d1285316aeea574

memory/2432-861-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2728-860-0x000000013F840000-0x000000013FB94000-memory.dmp

C:\Windows\system\DfhLvZB.exe

MD5 8d97c551ee74a6b15213b0d649d84169
SHA1 2309dfa42b20a5f9d9ee35126702350b407fc979
SHA256 f1a98df867d8f0504f04844c4b0b3f93542decc35cad3d5cb1158a66b774eac4
SHA512 7228d3e9547f7778be218281279143beaad7884bdcdb138c2584a0ca9d71df6cc1e645a8aebdabd4a5f7e80d6c1c7236e2c09dd7221e847c7f2829b9d40a31ad

C:\Windows\system\ZypeiyP.exe

MD5 909ec1c563c465b6882f40e0d6dc854c
SHA1 c2b3fd7859c823908e61d863d2fc39375ef3b946
SHA256 14786a284084b56965cd83909787ed587d923d4a5d2a6c9088d31dc6b8992a28
SHA512 4644cc1f60a2f2aa8032df4d32b7eda0e8b6dbd0036fc0e7975ae689c78245b31db3182bf621afd2f965628e1e099b4df6496fd7d2fb20bfb0b9339c7d0ff0da

C:\Windows\system\lMviKRu.exe

MD5 029b357bba1f9b85473825955679c660
SHA1 d55f62a37ea5017aa5c5569824192a396558c3dd
SHA256 9c04c6b958c73317dfd254d7c3555dca133a4b1b16fdc30c33c2f2611d417466
SHA512 5e4de1b93aa016ebecb7569120e99011bda233ce733c99529d5cc8a2cecdaca12cc1783f72f5094ec3a6fb1c59ce28731db74e295d65734c3b51c5d74f1fb66c

C:\Windows\system\KZMgFHa.exe

MD5 74a4ecb0bb4407decb228f97ce113f8f
SHA1 0ce4d810be1bc7ef54dda48fad97eb27b726e9c1
SHA256 9b28a41b9b97d5ff7b4489bd4eea484ede244015d4beb4eebafa10d31876d269
SHA512 3ade26a88fab2526c1a850153c0b9931385334956220807f5c6c5baa97254092848492cd44eb0037b77e97d669e38aef86df0ccb3500baa1c91df5550afed236

C:\Windows\system\zRMcPDw.exe

MD5 8b45aa49647c94f4b69735e542901448
SHA1 ee3b6f5eb669adbbeedc26e64d06832c8207cbca
SHA256 c88bfb7e53fcc5d9e9feee2c3cd02c763a14ef7d6001fd601301a4dabbd66107
SHA512 6730cabac9440da72f42aa82008ad42b5ebac1a326252093c6ba0376fcefde77d5fff93a39f639953c169417389af58c03197ff25583f830e9500508f438c17b

C:\Windows\system\oHyutKm.exe

MD5 d7c8e2beeaccbf9b3de9ef4ddd209523
SHA1 725f0da691365a969e0bef6c900fdee5f15bd5ad
SHA256 ccb92c438d50117a0d2a777cf411ef839f3d07fe609aced5da25bb9d794a7029
SHA512 ad7aa79d16225f4e514ec403eb8e85b5f65e93369a0b477cbf8eeb82d0d577c90540e85f0082625603649a3ba10e221649939d9a12e0fe043aa2075d1bce6df8

C:\Windows\system\DCyGLYY.exe

MD5 2959bd567171e717d9738e8b4580ae0b
SHA1 99bd5dc9445e6cad8dac76ed39e3e3d55ac729ed
SHA256 3728a659aa89b5a06f70a74e55bd1219b44375c688b32472b6c2ddb9dcbb2dd5
SHA512 24c8a3b4a9461c25edf397e5a2975af0fb784c4280e619b0de86e3cf12abf9b3b7d71b9412a3b81b24d788225507b50d8342313ade5bc2cad2ed1fc6fba66620

C:\Windows\system\mxfOeYQ.exe

MD5 9da1d8c6a670fc901abdec3dd364e01c
SHA1 96d365758b4e1bc67e1c5dab1cc31a3d9f8ffc68
SHA256 72bf00091b0524bfd38084c0b597562216ae5ca7fe55b08ad261c30fbc26214a
SHA512 456dd19200bf64e7f90972c8a3c5f38f8cfb73f18b925770c8ca89eef51904be4713389ffb0baf0493fe922a7bbb337175f101d91532314b903456a61026d2b8

C:\Windows\system\HhmeIuW.exe

MD5 cf16e3ca768ea89ad458d1a6beba3c42
SHA1 3c1cdeefc13c974ec6c0ebb28c7a66e595c42b25
SHA256 7cc6761c7c9c831141a417e3a76495a264c67526795f98a1eab151297257f71c
SHA512 e9e099546eb835a1fdf02fb96c198926c29d4d78b4c8039378c2a8839e17891f0525d73ac4a5f5e568ad7cdd7987dbece8665cbe05b76e3050d6343ede009e80

C:\Windows\system\kyIEupn.exe

MD5 d0e522d9941069e97619dfcb69df3d93
SHA1 86f1cec101c8eee0a4fa9ef57010a51cde7ead29
SHA256 c4833ea6fa4d85c685b4c694f11e5926976944b8b09167dc3687cacdf9725ea4
SHA512 f6877ac7b2b721d4464ba1889b40fbdbcf8580f892cef3814f2e8443f1fb75efe286c70e19cbbbc290f89038eba58ec784bc56358f593963caff49a2bbe62dd1

C:\Windows\system\IwCfOlZ.exe

MD5 4017d2e93f02477eeec02370c9194112
SHA1 d6c2fa6c5c69b78a2826ddca9a4c303b72474d46
SHA256 83d256499c5a7980ae316a0cdce7c2e0100ed5c29e384ad23d5aeb4b6c8c5d99
SHA512 4166eb027a579ec7ab7fc855e68c14a9b9d5ebfb963fdb4cfcbdc68376fa1868d9e89a2a3beecaf844c23a007da9d1c048846c5714ee5767caf06970c49726ea

C:\Windows\system\XQEqUBX.exe

MD5 430083882db1d49ce4a5530a7b5928d3
SHA1 3b9e07ef3f56878bac6afa38ad1725c81010d1b5
SHA256 2d89792ebc2d689a725858bf6750889b9ca429f16ce1a7aa9ef9b4e093f4f55f
SHA512 c1036a8ad035d0efb9196973267f379cfd981b151231d3e00e85cef22c4641db20d5e297400d3b62f860fdfb01a6b30a115bffb30a27de62851d629857cb9b28

C:\Windows\system\UFbjJBx.exe

MD5 f6c3173d5422773c3d24ef73aaeee4ac
SHA1 aa4074b43632de34186716002483b4c2891523ed
SHA256 3eab359e94b82bf39873873e0562e878796232ba5b809f0513630e655d2257d8
SHA512 a30fbf160f579c25962a24fdee23a0352b5a5c5dc67d432505b3e627002ccbb631e0c549d717ea54cb2a7a7da37011fdd0139324039803cca86cb9dbcf2037b3

C:\Windows\system\SIZlAKs.exe

MD5 14ea08f63ac5c21dcd1599e67533c071
SHA1 420679ca0736b8aed697a1becba5ec994ba50a5c
SHA256 55992da1a1a8eafd511474443e7b38f855ab9306906d923cf2b9f7a28f55651e
SHA512 d7f9238ec99a5975c6220a10de193999f591fb124c03834150a71bf62b056c59bb36d19e3c0f01eb08255211a2bcaea02d393e007e38ad39ecb0022c5591818e

C:\Windows\system\UnvMPpR.exe

MD5 f33a4a92ddc1adc980c56706555c0276
SHA1 3425aba02529ca83f601f81ae5517ac65563aeec
SHA256 078cf6815fc5a11c39e33e0302da08512bf84723b8e17cb9c8f7b7ec04ec0894
SHA512 2654bcee78257f317273a4c17fdaebb8c98e4a6d82d4a0746109d4e6bf714101c50b9fcd3ee46546d8f11669bcbef22b2205a58809f56e849ba15be6d08a667b

C:\Windows\system\snadLgp.exe

MD5 f3a6510153ec2b67d3173204ad76e8de
SHA1 6c4ec6687d3b9149b04fb261f6317145b07aad4e
SHA256 ef2f9e6d4a9b250a0d561e5d68404a311805b6185965ba969f67d01fc9bb3a70
SHA512 46a988781199a745c09c9915eea9ade40a6a5ef5210b74385d4c30378670147d82655448d7f33a67dd61495b8c42b01e4a0d7e5398bd682f672ac942bc921870

memory/1728-110-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2640-109-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2704-108-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2160-107-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2860-106-0x000000013F710000-0x000000013FA64000-memory.dmp

C:\Windows\system\AZsRsai.exe

MD5 0e6a7d06fdf7fbdc61571d8a48762078
SHA1 b31f61d62efab5e7fb00c8f8217372014872cb89
SHA256 89956e1626df4aafe74f9304ccca52e4fceb4dfa8b24c726e3992609f6c915df
SHA512 c3c016c221a592d904e85c882e0cea0143301b12ead0cd8bb4244c8bdec7a0368b1cfb6a2aee51def06949c6f34c2f5559564ad561d372729c642a40dd6d2f39

memory/2852-93-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/3008-99-0x000000013FF10000-0x0000000140264000-memory.dmp

C:\Windows\system\zfbZjMT.exe

MD5 559f22179519207207d0b70ff4e12dbb
SHA1 3f683357d00610a0783ce085fcbaa2c81057593b
SHA256 5c24ea3ed87b62ec146c5b4376de9272263b2e212771260c2db8c3741c3e6a56
SHA512 878dc04f2558ec29270c4e2f4ffb1f2b5adc07c0075f7281b667dd3e83e0a34e970db9dde3c3376c096200586044604a6bbf21ce464db51dd859bbc06ddc55b1

memory/1728-92-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

C:\Windows\system\kdBPLpV.exe

MD5 447d45a4a4234b899fd1f242eecdd42f
SHA1 edaf1ac69f96d21f6e346c098cc873af7b022938
SHA256 d60439058ace49a65e95a36f2345056855a85dd1035e18ed3fedb2a20f7dcd73
SHA512 d90031e95f049d7541ed90ad6dba7e0a1367ffda844884bbb5bc672a01dbd73ed0b9dad3ba1e82653e6e7f209e21bcf7911474d60f42c5dfc95a4d46214ff00c

memory/2804-85-0x000000013F7B0000-0x000000013FB04000-memory.dmp

C:\Windows\system\wrbjVPb.exe

MD5 25797c13f5376e994061858b099ec95d
SHA1 d0bb468b6c2e0610257df0cafa96d770737ca1f6
SHA256 df7744aa18969961721a6d2ec68ad22c521b6ac16a45769b6b5ccd92092941e5
SHA512 ff7365e5f7d7a019ae94f2a0d7b2a29382ea6a8fa9b2ff3466d68aa282fafaf0d9eae534a0061d6b7829f37f6fa8fd0cecee466ffc3d428289757502956c5dd9

memory/2576-79-0x000000013FDF0000-0x0000000140144000-memory.dmp

C:\Windows\system\JjzwxTf.exe

MD5 58346d14016425df1fcb5775bb46ae13
SHA1 1b7e0c0a09a6d4d7056e05c57e4b890e4ef95db7
SHA256 4536f4e83e7c993d32a50d6b9bd5226470b819b77c4cd08b3f5253e6bcb90646
SHA512 04c187038dd13c6c74666194ca1e1d62d79eb14fac9e30865a5bf59987b02fee8200d02e117f928f18368e8dd8c5ac0bbf5c49d580afec45ae1562e24ffd69db

memory/2648-74-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2764-73-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2696-72-0x000000013F210000-0x000000013F564000-memory.dmp

C:\Windows\system\QeausiJ.exe

MD5 c01b53ebc3f42a07a0844a44c82c25fd
SHA1 2137db0c2d6a9705e51d4e5b04902c1ccd08a9b6
SHA256 a2fc33e201a29475f69e9588acd7eb7974ac6a6a623eb864ff5d8ff29ec9253b
SHA512 ecebe4a1e872a6503978a2b186db63136cb681a335203ba05d6420b6dd3013035ea43ca9fbd1559eb67d242a095e03e8aa856736674248238f6fad6796793d99

C:\Windows\system\WlNZGMU.exe

MD5 8010e0507662142efbaabd0532b7e471
SHA1 13191f8a6c3d5a866cd729354c8653bdae0d57b7
SHA256 3dfeadc55177b252b35bff6e8e2d4f1d95711e963f033f0aabb9f0a78c536b4d
SHA512 5684ab5ec63bf4c7ef3c047058a74a1552d5f2e4ffe9b3f4f3319e737fb2c5aec901706cec30188ecffe4ffac15cc5ad1eaefb45e4a206f24390135f261114f8

C:\Windows\system\xTLrSme.exe

MD5 dd775d65013261c51ed04d622d3df317
SHA1 90bf6b2ecab689423553b2ca206bfef7ff5ba447
SHA256 582e5b3a70e9d13ca3159b07d3c45886c624376f93de307354c8a894fbc757bf
SHA512 840988569d566c8790114588a33fabde05226f540c4e8278909a9f3cb3e9bf2e87ad4e190d14d34befbf43a3d260e598db2c7ded9c9f95945e27e2c048fa9fd1

memory/1728-67-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2520-66-0x000000013FE30000-0x0000000140184000-memory.dmp

memory/1728-65-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/1728-64-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/1728-46-0x000000013F210000-0x000000013F564000-memory.dmp

memory/1728-25-0x0000000002010000-0x0000000002364000-memory.dmp

C:\Windows\system\wMByqbe.exe

MD5 dac3868eaab50e3ad17c18d3d9bf3333
SHA1 1f0eb272b0e3ea0354daf3abf6966d2828ffcca9
SHA256 04d92811e5261c7847e547bafba56ad44decaa35f6135d46f93f20433f9c4bbe
SHA512 2a504fa4facff521cf14748daac11ed283721176d63855902f48060554391d1397540bbb21fd2c5fc60030cfdaf9e0e267400cc4186791fbb5a42fdf12616f72

memory/1728-17-0x000000013F510000-0x000000013F864000-memory.dmp

memory/1728-54-0x000000013F2E0000-0x000000013F634000-memory.dmp

C:\Windows\system\rJtpvZn.exe

MD5 82908894fad4c7e9baac7bfdabb5c827
SHA1 822e9d3ede82a75be658fb14a0aebf0802c545cf
SHA256 d1f2a5fdbfa964919251d1c4fc026613b6e57e713f281544dbfd9edec0b17c32
SHA512 86d563846de17b7a8ebb0ef4bbf7233c6f3484ebb60f36ba8b7c668cbcd5b110df402fbc273c9ff2f9846dfafb69a3e1289bb388f7b10c461eb99fe6ab04b993

C:\Windows\system\OJQnHNg.exe

MD5 d67527b1deafa0b94e478a9c4c43c9bf
SHA1 dee56dc44e1ec13da78b6d63a0d87a69549acbb1
SHA256 d52381f74a9e98c7f17e447d2e96fb8d7ab1f51303c62cd7f1c4df7b96808cc7
SHA512 d9cf83628d0a9cd59bc24e0388b84e4f85a2b91098669652b49e1f4c67e1177a44c7cd5304621e8aca3a7ee5b9ad2cb08fdf5ad1dee793d972732adde34a2fc6

memory/1728-49-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1728-42-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2704-32-0x000000013F770000-0x000000013FAC4000-memory.dmp

C:\Windows\system\ADiikGy.exe

MD5 772813fa48d3b0a0aae5e9a5f5c87595
SHA1 218489d8365811519f815197647a4983cb6a01cc
SHA256 12680ad9485c0637a8eb53399c2c55588cbc086514d0300e3cf39ce21b62b9c0
SHA512 1734f0539d5f86ac211bc2f1067058386e722ff72921ec7e463d76d5828c5d19606d3f31584c9af340f384f2feb9394d72df75bd9a081d0de4eb138c1ffaa449

memory/1728-7-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/1728-1075-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2764-1076-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2648-1077-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2804-1078-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/1728-1079-0x0000000002010000-0x0000000002364000-memory.dmp

memory/3008-1080-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/1728-1081-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2860-1082-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/2160-1083-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2704-1084-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2520-1088-0x000000013FE30000-0x0000000140184000-memory.dmp

memory/2640-1087-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2432-1086-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2728-1085-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2696-1089-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2764-1091-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2576-1092-0x000000013FDF0000-0x0000000140144000-memory.dmp

memory/2648-1090-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2804-1093-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2852-1094-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/3008-1095-0x000000013FF10000-0x0000000140264000-memory.dmp