Malware Analysis Report

2024-10-10 08:39

Sample ID 240603-cf75lsgf78
Target 97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe
SHA256 3324a31a9223b6223604a250f9ed639fbee9df16371e472e8bf3007d3b8bf383
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3324a31a9223b6223604a250f9ed639fbee9df16371e472e8bf3007d3b8bf383

Threat Level: Known bad

The file 97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Xmrig family

XMRig Miner payload

KPOT

xmrig

Kpot family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 02:02

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 02:02

Reported

2024-06-03 02:04

Platform

win7-20240215-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DgoTlaf.exe N/A
N/A N/A C:\Windows\System\lAxmYdG.exe N/A
N/A N/A C:\Windows\System\YGAHQDR.exe N/A
N/A N/A C:\Windows\System\ghJZrpU.exe N/A
N/A N/A C:\Windows\System\QiGWmlk.exe N/A
N/A N/A C:\Windows\System\tmvYjHQ.exe N/A
N/A N/A C:\Windows\System\kWfkWJR.exe N/A
N/A N/A C:\Windows\System\BtVjUjE.exe N/A
N/A N/A C:\Windows\System\LNqgVnh.exe N/A
N/A N/A C:\Windows\System\hYwWDUF.exe N/A
N/A N/A C:\Windows\System\VgZIglw.exe N/A
N/A N/A C:\Windows\System\jKiayRj.exe N/A
N/A N/A C:\Windows\System\SdfHWis.exe N/A
N/A N/A C:\Windows\System\mhzjWLF.exe N/A
N/A N/A C:\Windows\System\EnqivCD.exe N/A
N/A N/A C:\Windows\System\zOQFfNi.exe N/A
N/A N/A C:\Windows\System\YbdkmWZ.exe N/A
N/A N/A C:\Windows\System\uMPGfrd.exe N/A
N/A N/A C:\Windows\System\UHLvUGg.exe N/A
N/A N/A C:\Windows\System\ERLXrZw.exe N/A
N/A N/A C:\Windows\System\ZkpnQjr.exe N/A
N/A N/A C:\Windows\System\soIsFpr.exe N/A
N/A N/A C:\Windows\System\MKJwhIt.exe N/A
N/A N/A C:\Windows\System\weCRCbV.exe N/A
N/A N/A C:\Windows\System\CLAZDaE.exe N/A
N/A N/A C:\Windows\System\PcEAXpw.exe N/A
N/A N/A C:\Windows\System\PHuBhCv.exe N/A
N/A N/A C:\Windows\System\UwlYpJt.exe N/A
N/A N/A C:\Windows\System\bgKCdpl.exe N/A
N/A N/A C:\Windows\System\OgxhWLv.exe N/A
N/A N/A C:\Windows\System\bYgLEqe.exe N/A
N/A N/A C:\Windows\System\ruAhTIM.exe N/A
N/A N/A C:\Windows\System\MeWBrRt.exe N/A
N/A N/A C:\Windows\System\MTbAwaJ.exe N/A
N/A N/A C:\Windows\System\hRSQGOz.exe N/A
N/A N/A C:\Windows\System\JpkMZuN.exe N/A
N/A N/A C:\Windows\System\LdgAKIr.exe N/A
N/A N/A C:\Windows\System\HNDynhy.exe N/A
N/A N/A C:\Windows\System\EaJVxCY.exe N/A
N/A N/A C:\Windows\System\QHHyOdm.exe N/A
N/A N/A C:\Windows\System\PEFriLN.exe N/A
N/A N/A C:\Windows\System\vnvAvmy.exe N/A
N/A N/A C:\Windows\System\wvajCqx.exe N/A
N/A N/A C:\Windows\System\HwjwaLj.exe N/A
N/A N/A C:\Windows\System\ClXxJDL.exe N/A
N/A N/A C:\Windows\System\SEIKqwU.exe N/A
N/A N/A C:\Windows\System\DPXHGXN.exe N/A
N/A N/A C:\Windows\System\EZzIsxi.exe N/A
N/A N/A C:\Windows\System\COFMvvp.exe N/A
N/A N/A C:\Windows\System\iZcKPcw.exe N/A
N/A N/A C:\Windows\System\vwbLttp.exe N/A
N/A N/A C:\Windows\System\DiRSVzM.exe N/A
N/A N/A C:\Windows\System\RxVtzVN.exe N/A
N/A N/A C:\Windows\System\uXqhWqe.exe N/A
N/A N/A C:\Windows\System\nLVpsxI.exe N/A
N/A N/A C:\Windows\System\ZHFhVIq.exe N/A
N/A N/A C:\Windows\System\QUjiBUh.exe N/A
N/A N/A C:\Windows\System\rVxhtZd.exe N/A
N/A N/A C:\Windows\System\YsHIFUk.exe N/A
N/A N/A C:\Windows\System\VUlkrJG.exe N/A
N/A N/A C:\Windows\System\hUrxFSn.exe N/A
N/A N/A C:\Windows\System\cXHDlWJ.exe N/A
N/A N/A C:\Windows\System\aGnXpqP.exe N/A
N/A N/A C:\Windows\System\jDXMVLw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EZzIsxi.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwkGydX.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\vokPwLH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAIVQjO.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDXtHNV.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgxhWLv.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsHIFUk.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVYjREu.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRFJnDD.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZgpeNC.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDyIemZ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtagyst.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJEyoBT.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\jMzDteH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZhyZiy.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRzXaTP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxNrKSN.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwYvMQE.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxqOkAv.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ukVNoiR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKLDmrn.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\KlSJkDy.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\OjibaIC.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvEJLEc.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\aGnXpqP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\NallIpz.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOWejHZ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrgARYf.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\duJvxQk.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbdkmWZ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrsVHTW.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEGJIgZ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQIHygR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\JguRPIP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\JurINaq.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSEwWHR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNeXjLw.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHyhgxS.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJwjKaq.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQHeZHg.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\YErKZpE.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofSJCtC.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyccynW.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\aihhUJP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxJCLyo.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZxstKF.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBeZVGy.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDeBprE.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\QiyQFuG.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlOvUkj.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgYgNGa.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHLvUGg.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwjwaLj.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXqhWqe.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdvUFYL.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIyqUvm.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQgxQid.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwbLttp.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOSUOAP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAcaXBF.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\trjTlwR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkfLxPp.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\coyTyVL.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\fuHJfeH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1656 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\DgoTlaf.exe
PID 1656 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\DgoTlaf.exe
PID 1656 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\DgoTlaf.exe
PID 1656 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\lAxmYdG.exe
PID 1656 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\lAxmYdG.exe
PID 1656 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\lAxmYdG.exe
PID 1656 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YGAHQDR.exe
PID 1656 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YGAHQDR.exe
PID 1656 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YGAHQDR.exe
PID 1656 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ghJZrpU.exe
PID 1656 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ghJZrpU.exe
PID 1656 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ghJZrpU.exe
PID 1656 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\QiGWmlk.exe
PID 1656 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\QiGWmlk.exe
PID 1656 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\QiGWmlk.exe
PID 1656 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\tmvYjHQ.exe
PID 1656 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\tmvYjHQ.exe
PID 1656 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\tmvYjHQ.exe
PID 1656 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\kWfkWJR.exe
PID 1656 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\kWfkWJR.exe
PID 1656 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\kWfkWJR.exe
PID 1656 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BtVjUjE.exe
PID 1656 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BtVjUjE.exe
PID 1656 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BtVjUjE.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\LNqgVnh.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\LNqgVnh.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\LNqgVnh.exe
PID 1656 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\hYwWDUF.exe
PID 1656 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\hYwWDUF.exe
PID 1656 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\hYwWDUF.exe
PID 1656 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VgZIglw.exe
PID 1656 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VgZIglw.exe
PID 1656 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VgZIglw.exe
PID 1656 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\jKiayRj.exe
PID 1656 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\jKiayRj.exe
PID 1656 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\jKiayRj.exe
PID 1656 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\SdfHWis.exe
PID 1656 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\SdfHWis.exe
PID 1656 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\SdfHWis.exe
PID 1656 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\zOQFfNi.exe
PID 1656 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\zOQFfNi.exe
PID 1656 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\zOQFfNi.exe
PID 1656 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\mhzjWLF.exe
PID 1656 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\mhzjWLF.exe
PID 1656 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\mhzjWLF.exe
PID 1656 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\uMPGfrd.exe
PID 1656 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\uMPGfrd.exe
PID 1656 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\uMPGfrd.exe
PID 1656 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\EnqivCD.exe
PID 1656 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\EnqivCD.exe
PID 1656 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\EnqivCD.exe
PID 1656 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ERLXrZw.exe
PID 1656 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ERLXrZw.exe
PID 1656 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ERLXrZw.exe
PID 1656 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YbdkmWZ.exe
PID 1656 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YbdkmWZ.exe
PID 1656 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YbdkmWZ.exe
PID 1656 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ZkpnQjr.exe
PID 1656 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ZkpnQjr.exe
PID 1656 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ZkpnQjr.exe
PID 1656 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\UHLvUGg.exe
PID 1656 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\UHLvUGg.exe
PID 1656 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\UHLvUGg.exe
PID 1656 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\soIsFpr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe"

C:\Windows\System\DgoTlaf.exe

C:\Windows\System\DgoTlaf.exe

C:\Windows\System\lAxmYdG.exe

C:\Windows\System\lAxmYdG.exe

C:\Windows\System\YGAHQDR.exe

C:\Windows\System\YGAHQDR.exe

C:\Windows\System\ghJZrpU.exe

C:\Windows\System\ghJZrpU.exe

C:\Windows\System\QiGWmlk.exe

C:\Windows\System\QiGWmlk.exe

C:\Windows\System\tmvYjHQ.exe

C:\Windows\System\tmvYjHQ.exe

C:\Windows\System\kWfkWJR.exe

C:\Windows\System\kWfkWJR.exe

C:\Windows\System\BtVjUjE.exe

C:\Windows\System\BtVjUjE.exe

C:\Windows\System\LNqgVnh.exe

C:\Windows\System\LNqgVnh.exe

C:\Windows\System\hYwWDUF.exe

C:\Windows\System\hYwWDUF.exe

C:\Windows\System\VgZIglw.exe

C:\Windows\System\VgZIglw.exe

C:\Windows\System\jKiayRj.exe

C:\Windows\System\jKiayRj.exe

C:\Windows\System\SdfHWis.exe

C:\Windows\System\SdfHWis.exe

C:\Windows\System\zOQFfNi.exe

C:\Windows\System\zOQFfNi.exe

C:\Windows\System\mhzjWLF.exe

C:\Windows\System\mhzjWLF.exe

C:\Windows\System\uMPGfrd.exe

C:\Windows\System\uMPGfrd.exe

C:\Windows\System\EnqivCD.exe

C:\Windows\System\EnqivCD.exe

C:\Windows\System\ERLXrZw.exe

C:\Windows\System\ERLXrZw.exe

C:\Windows\System\YbdkmWZ.exe

C:\Windows\System\YbdkmWZ.exe

C:\Windows\System\ZkpnQjr.exe

C:\Windows\System\ZkpnQjr.exe

C:\Windows\System\UHLvUGg.exe

C:\Windows\System\UHLvUGg.exe

C:\Windows\System\soIsFpr.exe

C:\Windows\System\soIsFpr.exe

C:\Windows\System\MKJwhIt.exe

C:\Windows\System\MKJwhIt.exe

C:\Windows\System\weCRCbV.exe

C:\Windows\System\weCRCbV.exe

C:\Windows\System\CLAZDaE.exe

C:\Windows\System\CLAZDaE.exe

C:\Windows\System\PcEAXpw.exe

C:\Windows\System\PcEAXpw.exe

C:\Windows\System\PHuBhCv.exe

C:\Windows\System\PHuBhCv.exe

C:\Windows\System\UwlYpJt.exe

C:\Windows\System\UwlYpJt.exe

C:\Windows\System\bgKCdpl.exe

C:\Windows\System\bgKCdpl.exe

C:\Windows\System\OgxhWLv.exe

C:\Windows\System\OgxhWLv.exe

C:\Windows\System\bYgLEqe.exe

C:\Windows\System\bYgLEqe.exe

C:\Windows\System\MeWBrRt.exe

C:\Windows\System\MeWBrRt.exe

C:\Windows\System\ruAhTIM.exe

C:\Windows\System\ruAhTIM.exe

C:\Windows\System\hRSQGOz.exe

C:\Windows\System\hRSQGOz.exe

C:\Windows\System\MTbAwaJ.exe

C:\Windows\System\MTbAwaJ.exe

C:\Windows\System\LdgAKIr.exe

C:\Windows\System\LdgAKIr.exe

C:\Windows\System\JpkMZuN.exe

C:\Windows\System\JpkMZuN.exe

C:\Windows\System\HNDynhy.exe

C:\Windows\System\HNDynhy.exe

C:\Windows\System\EaJVxCY.exe

C:\Windows\System\EaJVxCY.exe

C:\Windows\System\QHHyOdm.exe

C:\Windows\System\QHHyOdm.exe

C:\Windows\System\PEFriLN.exe

C:\Windows\System\PEFriLN.exe

C:\Windows\System\vnvAvmy.exe

C:\Windows\System\vnvAvmy.exe

C:\Windows\System\wvajCqx.exe

C:\Windows\System\wvajCqx.exe

C:\Windows\System\HwjwaLj.exe

C:\Windows\System\HwjwaLj.exe

C:\Windows\System\ClXxJDL.exe

C:\Windows\System\ClXxJDL.exe

C:\Windows\System\SEIKqwU.exe

C:\Windows\System\SEIKqwU.exe

C:\Windows\System\DPXHGXN.exe

C:\Windows\System\DPXHGXN.exe

C:\Windows\System\EZzIsxi.exe

C:\Windows\System\EZzIsxi.exe

C:\Windows\System\COFMvvp.exe

C:\Windows\System\COFMvvp.exe

C:\Windows\System\iZcKPcw.exe

C:\Windows\System\iZcKPcw.exe

C:\Windows\System\vwbLttp.exe

C:\Windows\System\vwbLttp.exe

C:\Windows\System\DiRSVzM.exe

C:\Windows\System\DiRSVzM.exe

C:\Windows\System\RxVtzVN.exe

C:\Windows\System\RxVtzVN.exe

C:\Windows\System\uXqhWqe.exe

C:\Windows\System\uXqhWqe.exe

C:\Windows\System\nLVpsxI.exe

C:\Windows\System\nLVpsxI.exe

C:\Windows\System\ZHFhVIq.exe

C:\Windows\System\ZHFhVIq.exe

C:\Windows\System\QUjiBUh.exe

C:\Windows\System\QUjiBUh.exe

C:\Windows\System\rVxhtZd.exe

C:\Windows\System\rVxhtZd.exe

C:\Windows\System\YsHIFUk.exe

C:\Windows\System\YsHIFUk.exe

C:\Windows\System\VUlkrJG.exe

C:\Windows\System\VUlkrJG.exe

C:\Windows\System\hUrxFSn.exe

C:\Windows\System\hUrxFSn.exe

C:\Windows\System\cXHDlWJ.exe

C:\Windows\System\cXHDlWJ.exe

C:\Windows\System\aGnXpqP.exe

C:\Windows\System\aGnXpqP.exe

C:\Windows\System\FnJTDYn.exe

C:\Windows\System\FnJTDYn.exe

C:\Windows\System\jDXMVLw.exe

C:\Windows\System\jDXMVLw.exe

C:\Windows\System\NallIpz.exe

C:\Windows\System\NallIpz.exe

C:\Windows\System\NPeUIAY.exe

C:\Windows\System\NPeUIAY.exe

C:\Windows\System\rkbmhzh.exe

C:\Windows\System\rkbmhzh.exe

C:\Windows\System\izRXFAt.exe

C:\Windows\System\izRXFAt.exe

C:\Windows\System\nNtDDzf.exe

C:\Windows\System\nNtDDzf.exe

C:\Windows\System\aaNdTGK.exe

C:\Windows\System\aaNdTGK.exe

C:\Windows\System\mYbZqdS.exe

C:\Windows\System\mYbZqdS.exe

C:\Windows\System\IlxDjAO.exe

C:\Windows\System\IlxDjAO.exe

C:\Windows\System\CirRQAQ.exe

C:\Windows\System\CirRQAQ.exe

C:\Windows\System\dRgszVN.exe

C:\Windows\System\dRgszVN.exe

C:\Windows\System\xKmFGoh.exe

C:\Windows\System\xKmFGoh.exe

C:\Windows\System\mBaObXy.exe

C:\Windows\System\mBaObXy.exe

C:\Windows\System\FhdxzAD.exe

C:\Windows\System\FhdxzAD.exe

C:\Windows\System\CMrBPmL.exe

C:\Windows\System\CMrBPmL.exe

C:\Windows\System\vMrpeKD.exe

C:\Windows\System\vMrpeKD.exe

C:\Windows\System\dNMsUDQ.exe

C:\Windows\System\dNMsUDQ.exe

C:\Windows\System\dofeJBG.exe

C:\Windows\System\dofeJBG.exe

C:\Windows\System\coyTyVL.exe

C:\Windows\System\coyTyVL.exe

C:\Windows\System\XXxLBBO.exe

C:\Windows\System\XXxLBBO.exe

C:\Windows\System\KFSbLko.exe

C:\Windows\System\KFSbLko.exe

C:\Windows\System\uixkKde.exe

C:\Windows\System\uixkKde.exe

C:\Windows\System\fKMLsDw.exe

C:\Windows\System\fKMLsDw.exe

C:\Windows\System\mCsoFcv.exe

C:\Windows\System\mCsoFcv.exe

C:\Windows\System\higWqtl.exe

C:\Windows\System\higWqtl.exe

C:\Windows\System\PpYkzuN.exe

C:\Windows\System\PpYkzuN.exe

C:\Windows\System\JSeqmfC.exe

C:\Windows\System\JSeqmfC.exe

C:\Windows\System\TzmpHug.exe

C:\Windows\System\TzmpHug.exe

C:\Windows\System\UOGkIDM.exe

C:\Windows\System\UOGkIDM.exe

C:\Windows\System\RWiQYEV.exe

C:\Windows\System\RWiQYEV.exe

C:\Windows\System\IqQaKSc.exe

C:\Windows\System\IqQaKSc.exe

C:\Windows\System\wLqDemb.exe

C:\Windows\System\wLqDemb.exe

C:\Windows\System\LlkSnBM.exe

C:\Windows\System\LlkSnBM.exe

C:\Windows\System\hrkojrT.exe

C:\Windows\System\hrkojrT.exe

C:\Windows\System\NJEyoBT.exe

C:\Windows\System\NJEyoBT.exe

C:\Windows\System\hrsVHTW.exe

C:\Windows\System\hrsVHTW.exe

C:\Windows\System\CgVYfYv.exe

C:\Windows\System\CgVYfYv.exe

C:\Windows\System\zXelTRI.exe

C:\Windows\System\zXelTRI.exe

C:\Windows\System\GHjhERF.exe

C:\Windows\System\GHjhERF.exe

C:\Windows\System\lafNpkr.exe

C:\Windows\System\lafNpkr.exe

C:\Windows\System\qBgsRbe.exe

C:\Windows\System\qBgsRbe.exe

C:\Windows\System\XDGaDqe.exe

C:\Windows\System\XDGaDqe.exe

C:\Windows\System\VnBefus.exe

C:\Windows\System\VnBefus.exe

C:\Windows\System\dEGJIgZ.exe

C:\Windows\System\dEGJIgZ.exe

C:\Windows\System\adVeymR.exe

C:\Windows\System\adVeymR.exe

C:\Windows\System\UJdRMBl.exe

C:\Windows\System\UJdRMBl.exe

C:\Windows\System\yFFNOTJ.exe

C:\Windows\System\yFFNOTJ.exe

C:\Windows\System\LQQmafZ.exe

C:\Windows\System\LQQmafZ.exe

C:\Windows\System\CbYGYpl.exe

C:\Windows\System\CbYGYpl.exe

C:\Windows\System\fpXCBqy.exe

C:\Windows\System\fpXCBqy.exe

C:\Windows\System\fliftyS.exe

C:\Windows\System\fliftyS.exe

C:\Windows\System\kkqnSuy.exe

C:\Windows\System\kkqnSuy.exe

C:\Windows\System\hZMENHf.exe

C:\Windows\System\hZMENHf.exe

C:\Windows\System\rQoNfbs.exe

C:\Windows\System\rQoNfbs.exe

C:\Windows\System\jMzDteH.exe

C:\Windows\System\jMzDteH.exe

C:\Windows\System\asBYirr.exe

C:\Windows\System\asBYirr.exe

C:\Windows\System\ApmRCNj.exe

C:\Windows\System\ApmRCNj.exe

C:\Windows\System\JwVYAFH.exe

C:\Windows\System\JwVYAFH.exe

C:\Windows\System\XSQLVFp.exe

C:\Windows\System\XSQLVFp.exe

C:\Windows\System\RJWbzUx.exe

C:\Windows\System\RJWbzUx.exe

C:\Windows\System\JuNpIcS.exe

C:\Windows\System\JuNpIcS.exe

C:\Windows\System\cDQbtJz.exe

C:\Windows\System\cDQbtJz.exe

C:\Windows\System\hIBeWOT.exe

C:\Windows\System\hIBeWOT.exe

C:\Windows\System\rGwAVNx.exe

C:\Windows\System\rGwAVNx.exe

C:\Windows\System\NUMNhgq.exe

C:\Windows\System\NUMNhgq.exe

C:\Windows\System\xlGyKkz.exe

C:\Windows\System\xlGyKkz.exe

C:\Windows\System\WCRPRQi.exe

C:\Windows\System\WCRPRQi.exe

C:\Windows\System\DhHcCTD.exe

C:\Windows\System\DhHcCTD.exe

C:\Windows\System\oxamFqY.exe

C:\Windows\System\oxamFqY.exe

C:\Windows\System\qnNXvLP.exe

C:\Windows\System\qnNXvLP.exe

C:\Windows\System\Zlqrkkr.exe

C:\Windows\System\Zlqrkkr.exe

C:\Windows\System\CDxmqpJ.exe

C:\Windows\System\CDxmqpJ.exe

C:\Windows\System\PAPicWe.exe

C:\Windows\System\PAPicWe.exe

C:\Windows\System\IOWejHZ.exe

C:\Windows\System\IOWejHZ.exe

C:\Windows\System\wvIebIe.exe

C:\Windows\System\wvIebIe.exe

C:\Windows\System\IIZhSjH.exe

C:\Windows\System\IIZhSjH.exe

C:\Windows\System\uOSUOAP.exe

C:\Windows\System\uOSUOAP.exe

C:\Windows\System\AboabMM.exe

C:\Windows\System\AboabMM.exe

C:\Windows\System\gTbrTyd.exe

C:\Windows\System\gTbrTyd.exe

C:\Windows\System\IqsXXcD.exe

C:\Windows\System\IqsXXcD.exe

C:\Windows\System\MZhyZiy.exe

C:\Windows\System\MZhyZiy.exe

C:\Windows\System\vokPwLH.exe

C:\Windows\System\vokPwLH.exe

C:\Windows\System\IRzXaTP.exe

C:\Windows\System\IRzXaTP.exe

C:\Windows\System\KdvUFYL.exe

C:\Windows\System\KdvUFYL.exe

C:\Windows\System\wbuVwFr.exe

C:\Windows\System\wbuVwFr.exe

C:\Windows\System\pyccynW.exe

C:\Windows\System\pyccynW.exe

C:\Windows\System\TxqTjbK.exe

C:\Windows\System\TxqTjbK.exe

C:\Windows\System\iTCkSxz.exe

C:\Windows\System\iTCkSxz.exe

C:\Windows\System\KdqfJNT.exe

C:\Windows\System\KdqfJNT.exe

C:\Windows\System\aihhUJP.exe

C:\Windows\System\aihhUJP.exe

C:\Windows\System\GDeBprE.exe

C:\Windows\System\GDeBprE.exe

C:\Windows\System\rVVapUD.exe

C:\Windows\System\rVVapUD.exe

C:\Windows\System\NwpRYjx.exe

C:\Windows\System\NwpRYjx.exe

C:\Windows\System\NkHeOyo.exe

C:\Windows\System\NkHeOyo.exe

C:\Windows\System\OHnqDvu.exe

C:\Windows\System\OHnqDvu.exe

C:\Windows\System\JFRfTDq.exe

C:\Windows\System\JFRfTDq.exe

C:\Windows\System\UyyLPbU.exe

C:\Windows\System\UyyLPbU.exe

C:\Windows\System\VzTLNYD.exe

C:\Windows\System\VzTLNYD.exe

C:\Windows\System\OMyLmac.exe

C:\Windows\System\OMyLmac.exe

C:\Windows\System\hxqOkAv.exe

C:\Windows\System\hxqOkAv.exe

C:\Windows\System\SxJCLyo.exe

C:\Windows\System\SxJCLyo.exe

C:\Windows\System\hpPsSmu.exe

C:\Windows\System\hpPsSmu.exe

C:\Windows\System\asztHRz.exe

C:\Windows\System\asztHRz.exe

C:\Windows\System\MvQfmPe.exe

C:\Windows\System\MvQfmPe.exe

C:\Windows\System\eRFJnDD.exe

C:\Windows\System\eRFJnDD.exe

C:\Windows\System\uRWOJEZ.exe

C:\Windows\System\uRWOJEZ.exe

C:\Windows\System\iMtbWlC.exe

C:\Windows\System\iMtbWlC.exe

C:\Windows\System\RsRreun.exe

C:\Windows\System\RsRreun.exe

C:\Windows\System\SezQOYF.exe

C:\Windows\System\SezQOYF.exe

C:\Windows\System\UAgbmof.exe

C:\Windows\System\UAgbmof.exe

C:\Windows\System\DXibOLa.exe

C:\Windows\System\DXibOLa.exe

C:\Windows\System\qVYjREu.exe

C:\Windows\System\qVYjREu.exe

C:\Windows\System\jDqgkpR.exe

C:\Windows\System\jDqgkpR.exe

C:\Windows\System\QiyQFuG.exe

C:\Windows\System\QiyQFuG.exe

C:\Windows\System\uoOEilq.exe

C:\Windows\System\uoOEilq.exe

C:\Windows\System\pONHSNM.exe

C:\Windows\System\pONHSNM.exe

C:\Windows\System\xWQxZUX.exe

C:\Windows\System\xWQxZUX.exe

C:\Windows\System\VUhVoOu.exe

C:\Windows\System\VUhVoOu.exe

C:\Windows\System\EZgpeNC.exe

C:\Windows\System\EZgpeNC.exe

C:\Windows\System\XdqSHJD.exe

C:\Windows\System\XdqSHJD.exe

C:\Windows\System\SGIJqYV.exe

C:\Windows\System\SGIJqYV.exe

C:\Windows\System\eYWIEYD.exe

C:\Windows\System\eYWIEYD.exe

C:\Windows\System\iFNNytU.exe

C:\Windows\System\iFNNytU.exe

C:\Windows\System\mAcaXBF.exe

C:\Windows\System\mAcaXBF.exe

C:\Windows\System\mwjqVCq.exe

C:\Windows\System\mwjqVCq.exe

C:\Windows\System\JurINaq.exe

C:\Windows\System\JurINaq.exe

C:\Windows\System\jwdJjsw.exe

C:\Windows\System\jwdJjsw.exe

C:\Windows\System\CTFAJiu.exe

C:\Windows\System\CTFAJiu.exe

C:\Windows\System\NNQawbd.exe

C:\Windows\System\NNQawbd.exe

C:\Windows\System\NpYylCS.exe

C:\Windows\System\NpYylCS.exe

C:\Windows\System\GJJYQva.exe

C:\Windows\System\GJJYQva.exe

C:\Windows\System\RezNLIN.exe

C:\Windows\System\RezNLIN.exe

C:\Windows\System\yMzQgoG.exe

C:\Windows\System\yMzQgoG.exe

C:\Windows\System\TwkGydX.exe

C:\Windows\System\TwkGydX.exe

C:\Windows\System\ukVNoiR.exe

C:\Windows\System\ukVNoiR.exe

C:\Windows\System\NgchrtY.exe

C:\Windows\System\NgchrtY.exe

C:\Windows\System\UyXqIhk.exe

C:\Windows\System\UyXqIhk.exe

C:\Windows\System\NyutERJ.exe

C:\Windows\System\NyutERJ.exe

C:\Windows\System\vnkylXg.exe

C:\Windows\System\vnkylXg.exe

C:\Windows\System\ZRmcxUe.exe

C:\Windows\System\ZRmcxUe.exe

C:\Windows\System\uoHXeHK.exe

C:\Windows\System\uoHXeHK.exe

C:\Windows\System\lUTOWxy.exe

C:\Windows\System\lUTOWxy.exe

C:\Windows\System\wghVvDk.exe

C:\Windows\System\wghVvDk.exe

C:\Windows\System\oxFLRYu.exe

C:\Windows\System\oxFLRYu.exe

C:\Windows\System\cZxstKF.exe

C:\Windows\System\cZxstKF.exe

C:\Windows\System\blSWoJy.exe

C:\Windows\System\blSWoJy.exe

C:\Windows\System\voRSlwK.exe

C:\Windows\System\voRSlwK.exe

C:\Windows\System\yrgARYf.exe

C:\Windows\System\yrgARYf.exe

C:\Windows\System\WiyVnCs.exe

C:\Windows\System\WiyVnCs.exe

C:\Windows\System\fuHJfeH.exe

C:\Windows\System\fuHJfeH.exe

C:\Windows\System\OjibaIC.exe

C:\Windows\System\OjibaIC.exe

C:\Windows\System\fdpWZUK.exe

C:\Windows\System\fdpWZUK.exe

C:\Windows\System\YTAlbGh.exe

C:\Windows\System\YTAlbGh.exe

C:\Windows\System\VhedHIt.exe

C:\Windows\System\VhedHIt.exe

C:\Windows\System\HljFpyZ.exe

C:\Windows\System\HljFpyZ.exe

C:\Windows\System\GKLDmrn.exe

C:\Windows\System\GKLDmrn.exe

C:\Windows\System\BHeQRGp.exe

C:\Windows\System\BHeQRGp.exe

C:\Windows\System\URCVLuf.exe

C:\Windows\System\URCVLuf.exe

C:\Windows\System\aUNhQud.exe

C:\Windows\System\aUNhQud.exe

C:\Windows\System\VwmKeqt.exe

C:\Windows\System\VwmKeqt.exe

C:\Windows\System\SSEwWHR.exe

C:\Windows\System\SSEwWHR.exe

C:\Windows\System\trjTlwR.exe

C:\Windows\System\trjTlwR.exe

C:\Windows\System\msEhanM.exe

C:\Windows\System\msEhanM.exe

C:\Windows\System\mlGYpxX.exe

C:\Windows\System\mlGYpxX.exe

C:\Windows\System\hfvrQLf.exe

C:\Windows\System\hfvrQLf.exe

C:\Windows\System\lJHcasw.exe

C:\Windows\System\lJHcasw.exe

C:\Windows\System\QEidNfC.exe

C:\Windows\System\QEidNfC.exe

C:\Windows\System\coZjgkv.exe

C:\Windows\System\coZjgkv.exe

C:\Windows\System\HlhniNF.exe

C:\Windows\System\HlhniNF.exe

C:\Windows\System\FQvMYlC.exe

C:\Windows\System\FQvMYlC.exe

C:\Windows\System\PGdKfLO.exe

C:\Windows\System\PGdKfLO.exe

C:\Windows\System\TfxcDOH.exe

C:\Windows\System\TfxcDOH.exe

C:\Windows\System\xRekvNU.exe

C:\Windows\System\xRekvNU.exe

C:\Windows\System\KnVufLV.exe

C:\Windows\System\KnVufLV.exe

C:\Windows\System\msZlZBz.exe

C:\Windows\System\msZlZBz.exe

C:\Windows\System\UemOqdb.exe

C:\Windows\System\UemOqdb.exe

C:\Windows\System\OqnSMFm.exe

C:\Windows\System\OqnSMFm.exe

C:\Windows\System\kDyIemZ.exe

C:\Windows\System\kDyIemZ.exe

C:\Windows\System\JTuoGgk.exe

C:\Windows\System\JTuoGgk.exe

C:\Windows\System\BLsoNWT.exe

C:\Windows\System\BLsoNWT.exe

C:\Windows\System\oglADEe.exe

C:\Windows\System\oglADEe.exe

C:\Windows\System\lwJawNN.exe

C:\Windows\System\lwJawNN.exe

C:\Windows\System\LQIHygR.exe

C:\Windows\System\LQIHygR.exe

C:\Windows\System\fkPJjup.exe

C:\Windows\System\fkPJjup.exe

C:\Windows\System\lJRUfsc.exe

C:\Windows\System\lJRUfsc.exe

C:\Windows\System\DJwjKaq.exe

C:\Windows\System\DJwjKaq.exe

C:\Windows\System\RNixdki.exe

C:\Windows\System\RNixdki.exe

C:\Windows\System\dPequPB.exe

C:\Windows\System\dPequPB.exe

C:\Windows\System\aIyqUvm.exe

C:\Windows\System\aIyqUvm.exe

C:\Windows\System\gRiVIgm.exe

C:\Windows\System\gRiVIgm.exe

C:\Windows\System\NAIVQjO.exe

C:\Windows\System\NAIVQjO.exe

C:\Windows\System\wYhtSBS.exe

C:\Windows\System\wYhtSBS.exe

C:\Windows\System\TNeXjLw.exe

C:\Windows\System\TNeXjLw.exe

C:\Windows\System\duJvxQk.exe

C:\Windows\System\duJvxQk.exe

C:\Windows\System\WaZktmJ.exe

C:\Windows\System\WaZktmJ.exe

C:\Windows\System\dWVvzOZ.exe

C:\Windows\System\dWVvzOZ.exe

C:\Windows\System\jRcHopG.exe

C:\Windows\System\jRcHopG.exe

C:\Windows\System\ywlKBIU.exe

C:\Windows\System\ywlKBIU.exe

C:\Windows\System\gRfXdaw.exe

C:\Windows\System\gRfXdaw.exe

C:\Windows\System\AiwOaYc.exe

C:\Windows\System\AiwOaYc.exe

C:\Windows\System\XHyhgxS.exe

C:\Windows\System\XHyhgxS.exe

C:\Windows\System\OULCKSn.exe

C:\Windows\System\OULCKSn.exe

C:\Windows\System\GINoxEu.exe

C:\Windows\System\GINoxEu.exe

C:\Windows\System\fGiDxup.exe

C:\Windows\System\fGiDxup.exe

C:\Windows\System\lHEEsSA.exe

C:\Windows\System\lHEEsSA.exe

C:\Windows\System\DkfLxPp.exe

C:\Windows\System\DkfLxPp.exe

C:\Windows\System\NhmYGhM.exe

C:\Windows\System\NhmYGhM.exe

C:\Windows\System\UNfpFMs.exe

C:\Windows\System\UNfpFMs.exe

C:\Windows\System\GQHeZHg.exe

C:\Windows\System\GQHeZHg.exe

C:\Windows\System\UUcfKrp.exe

C:\Windows\System\UUcfKrp.exe

C:\Windows\System\ikUPNpc.exe

C:\Windows\System\ikUPNpc.exe

C:\Windows\System\FQgxQid.exe

C:\Windows\System\FQgxQid.exe

C:\Windows\System\nrPfcFR.exe

C:\Windows\System\nrPfcFR.exe

C:\Windows\System\OdMNaWo.exe

C:\Windows\System\OdMNaWo.exe

C:\Windows\System\pwtbEmi.exe

C:\Windows\System\pwtbEmi.exe

C:\Windows\System\rcByRvg.exe

C:\Windows\System\rcByRvg.exe

C:\Windows\System\YErKZpE.exe

C:\Windows\System\YErKZpE.exe

C:\Windows\System\LtIegKt.exe

C:\Windows\System\LtIegKt.exe

C:\Windows\System\kHBAHZw.exe

C:\Windows\System\kHBAHZw.exe

C:\Windows\System\dvEJLEc.exe

C:\Windows\System\dvEJLEc.exe

C:\Windows\System\NEztNhw.exe

C:\Windows\System\NEztNhw.exe

C:\Windows\System\rVzwUyP.exe

C:\Windows\System\rVzwUyP.exe

C:\Windows\System\AHKAclF.exe

C:\Windows\System\AHKAclF.exe

C:\Windows\System\psfKuZG.exe

C:\Windows\System\psfKuZG.exe

C:\Windows\System\jOjGIPq.exe

C:\Windows\System\jOjGIPq.exe

C:\Windows\System\sBDiiTu.exe

C:\Windows\System\sBDiiTu.exe

C:\Windows\System\KlSJkDy.exe

C:\Windows\System\KlSJkDy.exe

C:\Windows\System\UAqelIJ.exe

C:\Windows\System\UAqelIJ.exe

C:\Windows\System\hixpjAx.exe

C:\Windows\System\hixpjAx.exe

C:\Windows\System\GlOvUkj.exe

C:\Windows\System\GlOvUkj.exe

C:\Windows\System\XDXtHNV.exe

C:\Windows\System\XDXtHNV.exe

C:\Windows\System\Tvvhfgj.exe

C:\Windows\System\Tvvhfgj.exe

C:\Windows\System\OUfUoPX.exe

C:\Windows\System\OUfUoPX.exe

C:\Windows\System\TgYgNGa.exe

C:\Windows\System\TgYgNGa.exe

C:\Windows\System\gtagyst.exe

C:\Windows\System\gtagyst.exe

C:\Windows\System\yVZOQqa.exe

C:\Windows\System\yVZOQqa.exe

C:\Windows\System\IxNrKSN.exe

C:\Windows\System\IxNrKSN.exe

C:\Windows\System\ZZpJAgt.exe

C:\Windows\System\ZZpJAgt.exe

C:\Windows\System\ahHAtkh.exe

C:\Windows\System\ahHAtkh.exe

C:\Windows\System\REkLFYB.exe

C:\Windows\System\REkLFYB.exe

C:\Windows\System\jxLtYTg.exe

C:\Windows\System\jxLtYTg.exe

C:\Windows\System\RmWiRoq.exe

C:\Windows\System\RmWiRoq.exe

C:\Windows\System\owvizCF.exe

C:\Windows\System\owvizCF.exe

C:\Windows\System\icYwIsf.exe

C:\Windows\System\icYwIsf.exe

C:\Windows\System\rjWZWDQ.exe

C:\Windows\System\rjWZWDQ.exe

C:\Windows\System\TGLPLSs.exe

C:\Windows\System\TGLPLSs.exe

C:\Windows\System\ofSJCtC.exe

C:\Windows\System\ofSJCtC.exe

C:\Windows\System\fkdKIuu.exe

C:\Windows\System\fkdKIuu.exe

C:\Windows\System\tHUkSJj.exe

C:\Windows\System\tHUkSJj.exe

C:\Windows\System\LwqTBjP.exe

C:\Windows\System\LwqTBjP.exe

C:\Windows\System\XbhPuqe.exe

C:\Windows\System\XbhPuqe.exe

C:\Windows\System\aBeZVGy.exe

C:\Windows\System\aBeZVGy.exe

C:\Windows\System\mFRZQrI.exe

C:\Windows\System\mFRZQrI.exe

C:\Windows\System\BOmWnDO.exe

C:\Windows\System\BOmWnDO.exe

C:\Windows\System\abSsonY.exe

C:\Windows\System\abSsonY.exe

C:\Windows\System\RTHkhLR.exe

C:\Windows\System\RTHkhLR.exe

C:\Windows\System\ykjQSAA.exe

C:\Windows\System\ykjQSAA.exe

C:\Windows\System\IwYvMQE.exe

C:\Windows\System\IwYvMQE.exe

C:\Windows\System\JguRPIP.exe

C:\Windows\System\JguRPIP.exe

C:\Windows\System\DpxVXad.exe

C:\Windows\System\DpxVXad.exe

C:\Windows\System\lWDFZQC.exe

C:\Windows\System\lWDFZQC.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1656-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1656-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\DgoTlaf.exe

MD5 5648f3d443b8f3e94d5cec60f568f0e5
SHA1 42b396acc8eee48d2f3b289848cce7f6eb10ee0f
SHA256 ad7f2c5c161909ea0b0c13b24769637161e58b86021304453cce09db7f0633f5
SHA512 9f65a4e524a7c32cf7c64ebafb683d2e4a1c1c168d5d5c83c20b05799184d5be5cc80b7a6fa7eb3d5c434401f8dd912a7d03771efb624b71366f461aabed5322

C:\Windows\system\YGAHQDR.exe

MD5 da91555f50ebd2e4d76289bdbf656e8a
SHA1 bf7a4a86fdbb31303074461b913fc2dd528d96b4
SHA256 0bdd1cda6d21b60d6c75ebd20fee3b95d0327ea351cac567c2edd4076d242e97
SHA512 d868b43d67eef05d61f32d1977fb63f57db559b2ab0caa372c9b2675d47daaf08e785ba11c7d9eac2573e0a9d5447162efa1733e04de97a2e86cb35936cfb150

\Windows\system\ghJZrpU.exe

MD5 bb0bafd6bcafc3ab0f19147933b6d49c
SHA1 99139dc4877fbf0f90aac2a3961a7f5239e38c90
SHA256 ebc7dc0c6d17c27b225e92aa6e01b5c2ccfa4ec82705c5f34278983cc7bee4f7
SHA512 cb0c3cce428dbf2e65ec3ee3720faebcafc9f86ac510669bb18dba0890abb4895e85d689c49d9f945955402d87da1b4487e6b50dab93bcc6a58e2a8bee0529d9

\Windows\system\lAxmYdG.exe

MD5 279592f8dac61cf47b0c9822e1f81869
SHA1 eeeed090589962b706abd1656e173ada60a75fca
SHA256 255e5951a8e4a7cc3a9ac8b295b832837aea6854392efda168e6650e49a8e7f6
SHA512 f5ba2693cc56fc4b366749b3eb527e8ac89df5dfb675df292c0fea18779fd413e09b44c1003c3a526d0187552f88609a00d45029adb07d2841b4e1c32331fb83

memory/1656-25-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2944-27-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/3056-26-0x000000013F540000-0x000000013F894000-memory.dmp

memory/1656-30-0x000000013FC80000-0x000000013FFD4000-memory.dmp

memory/2620-37-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\kWfkWJR.exe

MD5 abcb20644453dc98e671c4497f0af96a
SHA1 0d29cb545c7066cc45b900f61bae5029a400b611
SHA256 fc819474db339d8a64425afca5bc2d57ea6e7a4933ca40bd8db646cadc0cf12a
SHA512 838bb18e8c57329e8b1cfe03921f4116e64a601792c566b4873b8212592accedf2b37e4d18b340434584c39e81c60770ed0c12cd0f226816ec48e632647fb4c1

memory/2592-51-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2516-56-0x000000013FE80000-0x00000001401D4000-memory.dmp

memory/2776-77-0x000000013FB10000-0x000000013FE64000-memory.dmp

C:\Windows\system\SdfHWis.exe

MD5 e010324365976beafb7274cb5326d8d4
SHA1 676757a2c97db3081450ae0e669e3cd6619f806c
SHA256 680fd4f2f6efd814bb83e2f582bc0834d4c84ef1af514ac1bab3f946822fc1f4
SHA512 a3d866e680a1c387c6604cd2e1a55816af48f034111bf8c91ded65dd46b66be0360be70e909bafb563f4fec863e5915581153680a1041939d7045a14d3e3b906

C:\Windows\system\jKiayRj.exe

MD5 bbe2245bb560a36fb968ec379de72f9a
SHA1 4265cfadfbe4d2564ee18bced5cd9a052696acdb
SHA256 c89c39cd9f45d4d7dd77be6d4e50f41020e6a034559cfa1b116ec941da02a839
SHA512 8317a72f8ebe43ce19a7d802ccdd28b2e94d69f9d43e069a5d6daee1a419834c9929eeafc32d6c610b5c1b683f224e646527a6dde89d95e0cd140a9d39dea656

C:\Windows\system\weCRCbV.exe

MD5 680b453c52847f4f97ff4427c10c7fb8
SHA1 857e6a0349c02cc7170bca62d9307ac511e18442
SHA256 8c9dcc9f08a341e144a63225789363ab159f955ed6d179a9de8c780f9823088f
SHA512 1a31f9c88b45b1c8f723ed74e21a5faab3497a3e75e07fea8e2fdf692dd9a2ad9d08384bf3998866128b90f14160927656e6d4c00c15de88dd1f2c1a6bbaefb1

C:\Windows\system\PHuBhCv.exe

MD5 2c5431ba6bfb37e4a84c4c5e85496627
SHA1 5f90739e56056a3138971ac0f831612c6565ef5b
SHA256 82f6e1c0dfa8bcbf4a290fcc753d8bff7fa013c7b79827a18ba5eae656d625b5
SHA512 331559b2b68f49c2a033dadb50b4d41979d94dcb0df300d310be40acff09bec1dc851945a208a1e33e33fa9965d951c167885fd2fc5db809b28381d3275f5d51

memory/2620-1070-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2704-1071-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2516-1072-0x000000013FE80000-0x00000001401D4000-memory.dmp

\Windows\system\MeWBrRt.exe

MD5 bf5cc1215704c524adc40eb810a859a2
SHA1 0d45480a22285cf2ceb97a039b32784650d8a96c
SHA256 d30abc3385d8a03b9b63b65d8d5537a061a4a5b745d1750b2a5d4853f8e59bf3
SHA512 3104a87e59573dd4afefb4ed6e01016b5625a71eb63caf17ad3b9247524dd82a11ea6a4f5faa85d51a5091487d6e57e52c732b508d2cfff37c823471fbcdf465

\Windows\system\ruAhTIM.exe

MD5 908c5512f2b30ca263f7cb0b202fc535
SHA1 b4b63ecfa0f97d959087296434462d0aaaa5bc1c
SHA256 22719065b46d643e20cbc97d8684eaf10c66ced99433b40981dcbc007b459d92
SHA512 b3972e356b55505bcbc756d69ace58b8a52c8eb20c1841c0be602d073f9bba11af9deffc3cc3692b550beacddece9a18a50a1e1b14ddfbec5ff18a3e99ee0868

C:\Windows\system\OgxhWLv.exe

MD5 9d703548a241fe327ba8feb616ed93fb
SHA1 0e9c67e50efce6bef118663db512a32dce9f7fcf
SHA256 f9c7ba5d38422cb1a7902fe39e8ad12141b115d1ac6706dbe69ca43e3a783abf
SHA512 68b910e9a0cbfc757ab1711c3554d99174cc334aa7a05789e3a87e10dcf47cd94022a1248e396fe7cd48faa263ca4b58f9085fbc815eb5c495aa2fa120bc2ac0

C:\Windows\system\bYgLEqe.exe

MD5 1931358622f9821f776b07c0e3897768
SHA1 0f80ccd6b6dac5ee00efd953e7af211c6bad6da0
SHA256 e28655e8ee631189d7b2cfaf00ecb32027aadd158f382e27febf36fb18ab3532
SHA512 aef3498e7c4227342d6ab151ee83fb36580a2ebb244db1953a1bf6919e006e020a5a302f7909f2b3219bec1480323cec02f300686b3f9c03d2bdae0c9c082ccd

C:\Windows\system\UwlYpJt.exe

MD5 76a666713c16bf37c53080581485153e
SHA1 01eb0df030bbbdef779bd94f2baccbb2afad8d8c
SHA256 ec1e2cdc6425c24386a48129ede6bd9aadbc4d9fb35851caf078747d73b97070
SHA512 3244c9e86520b6ff7526447b9fe5d040501add8ea1f8776f4798593e253a1ca343d73ab19d98bff90a710dc958b3780ef7988d05e8d28fbf8a2d4a3e12185805

C:\Windows\system\bgKCdpl.exe

MD5 1bdbbd05cdf8b98e80dfd831b0417f0e
SHA1 6ed08cc289e9e29312ab1cab92c8b3ba7619a24c
SHA256 fcbeeefcc5c8d0397730f184dab323dfbbf24560e67e757d68891c8888c72468
SHA512 a672511d319651c5f494f7a162f9bdb0a441d2f92808ef5ff5902ba0caac68c78032b63e9eeb766687efe49044e11bf7c6806b3b8e57836c04d732c9c7c85b0f

C:\Windows\system\PcEAXpw.exe

MD5 c40263eb0b352523bde7578513360942
SHA1 8c1550205154f09676ff3e781d27903a937be989
SHA256 a47b33906c37b7f85f56f9a6ba9067644271ef31fdbb38e9d19925beb6a893af
SHA512 04542b1bb8051152dc945f040ec49bc5a0a96d50e3428a57d6308f4a28416670ed3012cfc95267c0bc7364b57181dc7e27285a1309fe376da5bc7a54abd637a5

C:\Windows\system\CLAZDaE.exe

MD5 15ba9299c43190da804c685b606fb2b6
SHA1 7438501293392159c4d0fdea2efe3836be7b71f8
SHA256 303c2c72b98bb2c0825af78567b0e418cb7f8c0b1caa68659db81947a9affdc9
SHA512 bb9d3a17c25cd1e37b4e51e21ad5759c6a968edb95b6a9b640f8ab59b4722a2dd822c9776f1ab7cdb6e6a2dd8dd97f99d2d573c3ff70614c7e20e603d476238f

C:\Windows\system\soIsFpr.exe

MD5 9b26cd1741237cf7c329cdd8fe0d8980
SHA1 b147d78355ea6474f0d054805a1c56fb382eff53
SHA256 594473738306f2e5551e105c13a6981d0fc1b3f27269522340b1f5862e3cdb67
SHA512 527d8db3a22b56eed04227686b4dacafd20a79d5455b12dd28fdeb26ca211b91fc1a993d33ee06a3ca1e7c9f2f22e00f9ccee86d08041c8b943eac11627c74ae

C:\Windows\system\ZkpnQjr.exe

MD5 63da3eb5d7b8ce2e1e470009e38795d3
SHA1 506af0950338c7d3ea5e9bd9908cfbecfafe96fc
SHA256 49c9400db13fd26435b708a78edc66787ef1f2c19a403432c34ed0db0e41f3b9
SHA512 f7bb514c806dd037ca17e369bc0af6cca8343299d45ae70aa6db654ceb007877a8037a07f2ad7fb7fbc99bbd5d607021495337626ce5f265418dcde630e72f65

C:\Windows\system\zOQFfNi.exe

MD5 29bec55f4c49144e1315c0b856c165e8
SHA1 8997f7704f0397d4e23b7b8c82b85da13c196f92
SHA256 df25b17136c043d0f422cd6ce78d345da6b8c899f47561759a2de9efedf5b846
SHA512 14f7182b5d17b09d5541f14b03cb9ff644753d842a870aea5c370cd3666c61b66440382d240400048f1dcd8b742e1d6336e8e60bf6fca24b92c195d7659864e3

memory/2588-115-0x000000013F4B0000-0x000000013F804000-memory.dmp

C:\Windows\system\EnqivCD.exe

MD5 ea458d8bd5ffd4530eedaec957b0624b
SHA1 bfe2174541145bd385b6f06e66a05b451a3db49b
SHA256 001bb01b6e109455ff7eecc63a33b8d2c540faf0d34fd0d361a736e0bf6e637e
SHA512 a7ad3cdbbb6b2b9b4a323235e78ec46ed12530f222e3a991017e1fbfdd3c178484f01e9de5ea8f5822cd8c486fd7813677a9dab02622093f0d7a81607085cb0f

\Windows\system\ERLXrZw.exe

MD5 344589bfe5aeca2b65a0fa01f29a4307
SHA1 4f559ef5e53e1465e75e3af4b6dfbfec885f3398
SHA256 7facf7eb81618780f7002bd951e748edd93e0ab8bb642ed2ceff4e992941c401
SHA512 6ebf471e3b08756300a979d824e77d2cf1ca7a2ad61308f0d7e68734dd33f8316c6a293698e472c5d48e82925ae6ca1cca85621b966ccbce9c1f65792eb8db3b

memory/1656-105-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/1656-104-0x000000013F4B0000-0x000000013F804000-memory.dmp

\Windows\system\uMPGfrd.exe

MD5 1991bad8ddb674ed39ac75a03cd5e61c
SHA1 71e1ab3b2e717fbe26ca23ea6285a723cd2ef612
SHA256 aed952293c9bdaa7be4e2449474be18e8bff562808973a222dce3e884000f6b8
SHA512 b875d453683955de125523e43702d87634033148e48d22f6c0c8fd3514b4dda40f5590a21658f306eb94fbbee103bea25dcfb7d056aac1a64b66d31feb13f7e6

C:\Windows\system\MKJwhIt.exe

MD5 d269bb021f9b58f230370f67afc41d3d
SHA1 dc4173ecc8df49b2e9257b4bf03230942e2906cf
SHA256 4f09610de4cde58c8a8f4428fb437367a44b64ec3be700902d19d4a633391fed
SHA512 ee94d8add2fc20b6bd8d828629c190cda62fcae9cd37c8478c68cc3b76180d908b522d0a2a0bd3dbe5814aaa078b96e55fefc254b800609a1b5b77e3c355fa8c

C:\Windows\system\UHLvUGg.exe

MD5 87c2f4f1ce72b6b27bba7ce13747ecc3
SHA1 8935303a834095cbc7b45125a89d23863f89d2eb
SHA256 5b5a7f3013f13c99f0d5bd8b67ff2655912ba66aee0a3209079c15e55aaf643e
SHA512 12b375264201ad53610910fefa56b6ee03a891731a9634393c2775e52b6a36ff5fc6d44a97e30476295a90d703df2ef1f9779d9cf995a16e43d583fe9ba078bd

memory/1656-1073-0x0000000002110000-0x0000000002464000-memory.dmp

C:\Windows\system\YbdkmWZ.exe

MD5 42a4af7dd38b77cff345d3daaed3ff71
SHA1 d6350edf401fda8ea6ee774b0e330cf137f14b15
SHA256 baaf67a3542bf28cb4509d9db840337e240ca7347965b496ea56c8cabd984276
SHA512 31be1e7e865ef2da5cab7eb45b0ca4497ee3272739e2b11740a59752d50fafbc21d24bcfc5a9f7aa8bd19d360c9ea66239dacc9600cb66671a07d52b0c6eb9da

memory/1656-83-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2888-82-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/1656-81-0x0000000002110000-0x0000000002464000-memory.dmp

memory/1656-101-0x0000000002110000-0x0000000002464000-memory.dmp

memory/856-100-0x000000013F510000-0x000000013F864000-memory.dmp

C:\Windows\system\mhzjWLF.exe

MD5 bd0bece099d5ae9f5182bb468fb52530
SHA1 a312cd55be97ff88bd3c516ccabcb7c03db8f95d
SHA256 3061b93a602f749c0a03a20f60d31093e914299d70262f3f7625068ca4ee1e25
SHA512 986493bb0fbccaeb37d52cbbe8d925c17869f603204ac8685d079bbbc716f87f1c262047a797331df85aeff7c5d2d0834e02009cfe9ba2cd27f30ca9f85b9d44

memory/764-96-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/1656-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\hYwWDUF.exe

MD5 eccdab94ceb0947517e5decc8a486fe2
SHA1 b21ae4450a9f057ba9701aa934083c03d6770d6a
SHA256 3d94cda778404c3c677081d6726f044a511903d169fe53f08871ff5b879d2dd0
SHA512 c5f57152e5b419c0c7127f3e9c299008e7cd85ae1b8daa3b1e3a07962cf9cc18f261b1ea0549e06bf1e1fa773481b197d3a9a96c59bf03e66a155b3291473326

memory/1656-76-0x0000000002110000-0x0000000002464000-memory.dmp

C:\Windows\system\VgZIglw.exe

MD5 f5fda72e558921c60f20bbd014e97a57
SHA1 7d3c29f3b705a4e698e1a0709f54e9dd2848482e
SHA256 07e8543724ced9c342b00d927dc4ec77821e937a668111c68af2bfbca6bb7fa8
SHA512 8d356a18a55ca086bd7a6c0645a782fbef69b1fb52ff05ea1cbcd997b584826c678d3e8c8152dce4aa1218250c4d04acb20dc19e858d319717580c15b5edfbfb

memory/2364-65-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1656-64-0x0000000002110000-0x0000000002464000-memory.dmp

C:\Windows\system\LNqgVnh.exe

MD5 a6696f31619b5d5771343508e84901e7
SHA1 77d9dd6c2167227105e8644c724175b93324a33e
SHA256 33f987828ac58d33ac69f270778f51d491c4e6f51c89b4dba3e8751a44a84d3d
SHA512 a40f6a40f4361ccea5428e1b6a4e79ff93a9293989698d9fa408522bece3dc5684e0472864c650a391c1ceb40594b89a725a75aba680fb5537907d002c5d3906

memory/1656-55-0x000000013FE80000-0x00000001401D4000-memory.dmp

C:\Windows\system\BtVjUjE.exe

MD5 8088da3a706c889b56e05ed4116032bb
SHA1 cd819c5088566438f54c62058f39cda96afa15ed
SHA256 1aeb575efd9dd8a489bf843c66525418b44e7315b2e1207a47340cb4e93fa8e5
SHA512 2f1d0e71ed15b50b8ca9bd5791d199034ad37670b6c68165fe1ce8e2ecd9d53939870da736dc24029dbec5a2477a4eee881aceecc667e051b0e2e4f820c77a9a

memory/1656-50-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2704-43-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1656-42-0x000000013FDC0000-0x0000000140114000-memory.dmp

C:\Windows\system\tmvYjHQ.exe

MD5 2d23254b81e49b429e4eb89bb200cb58
SHA1 8245168a3ea5ff94145bba6e6113a1a2e26afcc3
SHA256 d60f2b01e540a74871953b855c56edb9ba3347cd79e1a63aa0f9d3603db74320
SHA512 49aafd7c7fbd315bfcc7b1b9e82d4ea6a47cdd03e2f06d33724248c63a684f118b43b404f62e5a77e47ed7ae49affcfce4ab4324a229deb30ceb120ccbcc4509

memory/1656-35-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\QiGWmlk.exe

MD5 38c2827766c2bf0d9223d40fa1478b91
SHA1 2c0b8ade7fd22b047261ceda9194baf9ee3150f7
SHA256 b7d39250a551524ca84ac90da54a96f9101c0425d8d0b78db141595ed914c962
SHA512 3d788a27ae63f778ce9fa65b30b963ea261703335c838a6c41fb926cfa11bdcabebf051e61c0782e31aace8ce4f1787efbacebc4f5245cd055029e74f2a2bdf3

memory/1656-29-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2552-28-0x000000013FC80000-0x000000013FFD4000-memory.dmp

memory/1656-12-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1840-21-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1656-1074-0x0000000002110000-0x0000000002464000-memory.dmp

memory/1656-1075-0x0000000002110000-0x0000000002464000-memory.dmp

memory/1656-1076-0x0000000002110000-0x0000000002464000-memory.dmp

memory/1840-1077-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/3056-1078-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2944-1079-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2552-1080-0x000000013FC80000-0x000000013FFD4000-memory.dmp

memory/2620-1081-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2592-1082-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2704-1083-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2516-1084-0x000000013FE80000-0x00000001401D4000-memory.dmp

memory/2364-1085-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2888-1087-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2776-1086-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/764-1089-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/856-1088-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2588-1090-0x000000013F4B0000-0x000000013F804000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 02:02

Reported

2024-06-03 02:04

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GQIyEBX.exe N/A
N/A N/A C:\Windows\System\FjrmbMv.exe N/A
N/A N/A C:\Windows\System\HqjmhNU.exe N/A
N/A N/A C:\Windows\System\GpvjMYN.exe N/A
N/A N/A C:\Windows\System\gRDRHSf.exe N/A
N/A N/A C:\Windows\System\wwaMxpd.exe N/A
N/A N/A C:\Windows\System\uHcUOra.exe N/A
N/A N/A C:\Windows\System\UAGfSta.exe N/A
N/A N/A C:\Windows\System\NxhvKNj.exe N/A
N/A N/A C:\Windows\System\BHNfMZi.exe N/A
N/A N/A C:\Windows\System\rAFhTgr.exe N/A
N/A N/A C:\Windows\System\jldRezS.exe N/A
N/A N/A C:\Windows\System\YlwTyne.exe N/A
N/A N/A C:\Windows\System\cUVjtsE.exe N/A
N/A N/A C:\Windows\System\dNjhZap.exe N/A
N/A N/A C:\Windows\System\DrwSnbg.exe N/A
N/A N/A C:\Windows\System\VwwRRXi.exe N/A
N/A N/A C:\Windows\System\BNiXAqC.exe N/A
N/A N/A C:\Windows\System\RBdpdpy.exe N/A
N/A N/A C:\Windows\System\ocXRFgo.exe N/A
N/A N/A C:\Windows\System\fBTKcRw.exe N/A
N/A N/A C:\Windows\System\iiXJPpk.exe N/A
N/A N/A C:\Windows\System\OvVGmBc.exe N/A
N/A N/A C:\Windows\System\VXarmGB.exe N/A
N/A N/A C:\Windows\System\TWDTkQk.exe N/A
N/A N/A C:\Windows\System\mpuxxYg.exe N/A
N/A N/A C:\Windows\System\KgPbsIe.exe N/A
N/A N/A C:\Windows\System\oLDTvAf.exe N/A
N/A N/A C:\Windows\System\hJQnROx.exe N/A
N/A N/A C:\Windows\System\ppxSHbH.exe N/A
N/A N/A C:\Windows\System\zabFtoO.exe N/A
N/A N/A C:\Windows\System\FoSitIl.exe N/A
N/A N/A C:\Windows\System\cEVLPbc.exe N/A
N/A N/A C:\Windows\System\WyoxcmI.exe N/A
N/A N/A C:\Windows\System\nJWoTyW.exe N/A
N/A N/A C:\Windows\System\ufcodcd.exe N/A
N/A N/A C:\Windows\System\ePkHaLe.exe N/A
N/A N/A C:\Windows\System\TEIsUcB.exe N/A
N/A N/A C:\Windows\System\rnDvEIV.exe N/A
N/A N/A C:\Windows\System\MUTtMpl.exe N/A
N/A N/A C:\Windows\System\fLmcNFk.exe N/A
N/A N/A C:\Windows\System\ZLKopeQ.exe N/A
N/A N/A C:\Windows\System\mVJaYwH.exe N/A
N/A N/A C:\Windows\System\fUArdge.exe N/A
N/A N/A C:\Windows\System\QdoZDsp.exe N/A
N/A N/A C:\Windows\System\jqzNPCg.exe N/A
N/A N/A C:\Windows\System\VAJmxWm.exe N/A
N/A N/A C:\Windows\System\GVuIRTH.exe N/A
N/A N/A C:\Windows\System\zIByKBu.exe N/A
N/A N/A C:\Windows\System\zAGAbQJ.exe N/A
N/A N/A C:\Windows\System\TtpmagE.exe N/A
N/A N/A C:\Windows\System\GLFuopo.exe N/A
N/A N/A C:\Windows\System\GFEgxkq.exe N/A
N/A N/A C:\Windows\System\VGZpgtb.exe N/A
N/A N/A C:\Windows\System\YFdnZAL.exe N/A
N/A N/A C:\Windows\System\ODqIPbH.exe N/A
N/A N/A C:\Windows\System\tDyQvEX.exe N/A
N/A N/A C:\Windows\System\Wbxlbaj.exe N/A
N/A N/A C:\Windows\System\QmNCKig.exe N/A
N/A N/A C:\Windows\System\urMRCiB.exe N/A
N/A N/A C:\Windows\System\mVTeDSw.exe N/A
N/A N/A C:\Windows\System\NeIeTAS.exe N/A
N/A N/A C:\Windows\System\DFtSSAG.exe N/A
N/A N/A C:\Windows\System\xXvMlXC.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nXaqdEz.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGHscdR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGjTxaf.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVTKZki.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\UAGfSta.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcueZKE.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\yNEedJG.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOfwlmK.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCckJgM.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLHkuSf.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGbCQxH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJfUdRR.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSYYjRd.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlMRATP.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfIvluk.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClbptlS.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLHOeeU.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\gelcNJt.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\SjJcZtJ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\fSPRgmq.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmjOFgU.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\hwcxYZe.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\xaBTjXj.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\cEVLPbc.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAGAbQJ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\zqPkBqB.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\wbHMOfM.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\edDBqmc.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHgFtyA.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUhKLng.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwwRRXi.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ytsfjKo.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVorwJe.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\QAbmmJu.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwaMxpd.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBVvtji.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\SIYuWxB.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwxWCcK.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRiZWhn.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\fULsBQp.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwNXIet.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\XudcKbg.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZzSEEw.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\tDyQvEX.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSbCqem.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\kuealAK.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhBKxau.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUxFnHk.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnkJwhJ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\hzUhIyJ.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORGuVjH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\uClxOmY.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORrAAzI.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVfxlFk.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVDmTNX.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRMtrHH.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufcodcd.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUTtMpl.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\KALEKOG.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\efbjrNl.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\rffWVni.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDDdOLx.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\tSkPmki.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGuvjaL.exe C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3056 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\GQIyEBX.exe
PID 3056 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\GQIyEBX.exe
PID 3056 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\FjrmbMv.exe
PID 3056 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\FjrmbMv.exe
PID 3056 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\HqjmhNU.exe
PID 3056 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\HqjmhNU.exe
PID 3056 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\GpvjMYN.exe
PID 3056 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\GpvjMYN.exe
PID 3056 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\gRDRHSf.exe
PID 3056 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\gRDRHSf.exe
PID 3056 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\wwaMxpd.exe
PID 3056 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\wwaMxpd.exe
PID 3056 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\uHcUOra.exe
PID 3056 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\uHcUOra.exe
PID 3056 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\UAGfSta.exe
PID 3056 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\UAGfSta.exe
PID 3056 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\NxhvKNj.exe
PID 3056 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\NxhvKNj.exe
PID 3056 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BHNfMZi.exe
PID 3056 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BHNfMZi.exe
PID 3056 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\rAFhTgr.exe
PID 3056 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\rAFhTgr.exe
PID 3056 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\jldRezS.exe
PID 3056 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\jldRezS.exe
PID 3056 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YlwTyne.exe
PID 3056 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\YlwTyne.exe
PID 3056 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\cUVjtsE.exe
PID 3056 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\cUVjtsE.exe
PID 3056 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\dNjhZap.exe
PID 3056 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\dNjhZap.exe
PID 3056 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\DrwSnbg.exe
PID 3056 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\DrwSnbg.exe
PID 3056 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VwwRRXi.exe
PID 3056 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VwwRRXi.exe
PID 3056 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BNiXAqC.exe
PID 3056 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\BNiXAqC.exe
PID 3056 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\RBdpdpy.exe
PID 3056 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\RBdpdpy.exe
PID 3056 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ocXRFgo.exe
PID 3056 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ocXRFgo.exe
PID 3056 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\fBTKcRw.exe
PID 3056 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\fBTKcRw.exe
PID 3056 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\iiXJPpk.exe
PID 3056 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\iiXJPpk.exe
PID 3056 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\OvVGmBc.exe
PID 3056 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\OvVGmBc.exe
PID 3056 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VXarmGB.exe
PID 3056 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\VXarmGB.exe
PID 3056 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\TWDTkQk.exe
PID 3056 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\TWDTkQk.exe
PID 3056 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\mpuxxYg.exe
PID 3056 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\mpuxxYg.exe
PID 3056 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\KgPbsIe.exe
PID 3056 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\KgPbsIe.exe
PID 3056 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\oLDTvAf.exe
PID 3056 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\oLDTvAf.exe
PID 3056 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\hJQnROx.exe
PID 3056 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\hJQnROx.exe
PID 3056 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ppxSHbH.exe
PID 3056 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\ppxSHbH.exe
PID 3056 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\zabFtoO.exe
PID 3056 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\zabFtoO.exe
PID 3056 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\FoSitIl.exe
PID 3056 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe C:\Windows\System\FoSitIl.exe

Processes

C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97a442592af5160ef3c03c3a4a4a4270_NeikiAnalytics.exe"

C:\Windows\System\GQIyEBX.exe

C:\Windows\System\GQIyEBX.exe

C:\Windows\System\FjrmbMv.exe

C:\Windows\System\FjrmbMv.exe

C:\Windows\System\HqjmhNU.exe

C:\Windows\System\HqjmhNU.exe

C:\Windows\System\GpvjMYN.exe

C:\Windows\System\GpvjMYN.exe

C:\Windows\System\gRDRHSf.exe

C:\Windows\System\gRDRHSf.exe

C:\Windows\System\wwaMxpd.exe

C:\Windows\System\wwaMxpd.exe

C:\Windows\System\uHcUOra.exe

C:\Windows\System\uHcUOra.exe

C:\Windows\System\UAGfSta.exe

C:\Windows\System\UAGfSta.exe

C:\Windows\System\NxhvKNj.exe

C:\Windows\System\NxhvKNj.exe

C:\Windows\System\BHNfMZi.exe

C:\Windows\System\BHNfMZi.exe

C:\Windows\System\rAFhTgr.exe

C:\Windows\System\rAFhTgr.exe

C:\Windows\System\jldRezS.exe

C:\Windows\System\jldRezS.exe

C:\Windows\System\YlwTyne.exe

C:\Windows\System\YlwTyne.exe

C:\Windows\System\cUVjtsE.exe

C:\Windows\System\cUVjtsE.exe

C:\Windows\System\dNjhZap.exe

C:\Windows\System\dNjhZap.exe

C:\Windows\System\DrwSnbg.exe

C:\Windows\System\DrwSnbg.exe

C:\Windows\System\VwwRRXi.exe

C:\Windows\System\VwwRRXi.exe

C:\Windows\System\BNiXAqC.exe

C:\Windows\System\BNiXAqC.exe

C:\Windows\System\RBdpdpy.exe

C:\Windows\System\RBdpdpy.exe

C:\Windows\System\ocXRFgo.exe

C:\Windows\System\ocXRFgo.exe

C:\Windows\System\fBTKcRw.exe

C:\Windows\System\fBTKcRw.exe

C:\Windows\System\iiXJPpk.exe

C:\Windows\System\iiXJPpk.exe

C:\Windows\System\OvVGmBc.exe

C:\Windows\System\OvVGmBc.exe

C:\Windows\System\VXarmGB.exe

C:\Windows\System\VXarmGB.exe

C:\Windows\System\TWDTkQk.exe

C:\Windows\System\TWDTkQk.exe

C:\Windows\System\mpuxxYg.exe

C:\Windows\System\mpuxxYg.exe

C:\Windows\System\KgPbsIe.exe

C:\Windows\System\KgPbsIe.exe

C:\Windows\System\oLDTvAf.exe

C:\Windows\System\oLDTvAf.exe

C:\Windows\System\hJQnROx.exe

C:\Windows\System\hJQnROx.exe

C:\Windows\System\ppxSHbH.exe

C:\Windows\System\ppxSHbH.exe

C:\Windows\System\zabFtoO.exe

C:\Windows\System\zabFtoO.exe

C:\Windows\System\FoSitIl.exe

C:\Windows\System\FoSitIl.exe

C:\Windows\System\cEVLPbc.exe

C:\Windows\System\cEVLPbc.exe

C:\Windows\System\WyoxcmI.exe

C:\Windows\System\WyoxcmI.exe

C:\Windows\System\nJWoTyW.exe

C:\Windows\System\nJWoTyW.exe

C:\Windows\System\ufcodcd.exe

C:\Windows\System\ufcodcd.exe

C:\Windows\System\ePkHaLe.exe

C:\Windows\System\ePkHaLe.exe

C:\Windows\System\TEIsUcB.exe

C:\Windows\System\TEIsUcB.exe

C:\Windows\System\rnDvEIV.exe

C:\Windows\System\rnDvEIV.exe

C:\Windows\System\MUTtMpl.exe

C:\Windows\System\MUTtMpl.exe

C:\Windows\System\fLmcNFk.exe

C:\Windows\System\fLmcNFk.exe

C:\Windows\System\ZLKopeQ.exe

C:\Windows\System\ZLKopeQ.exe

C:\Windows\System\mVJaYwH.exe

C:\Windows\System\mVJaYwH.exe

C:\Windows\System\fUArdge.exe

C:\Windows\System\fUArdge.exe

C:\Windows\System\QdoZDsp.exe

C:\Windows\System\QdoZDsp.exe

C:\Windows\System\jqzNPCg.exe

C:\Windows\System\jqzNPCg.exe

C:\Windows\System\VAJmxWm.exe

C:\Windows\System\VAJmxWm.exe

C:\Windows\System\GVuIRTH.exe

C:\Windows\System\GVuIRTH.exe

C:\Windows\System\zIByKBu.exe

C:\Windows\System\zIByKBu.exe

C:\Windows\System\zAGAbQJ.exe

C:\Windows\System\zAGAbQJ.exe

C:\Windows\System\TtpmagE.exe

C:\Windows\System\TtpmagE.exe

C:\Windows\System\GLFuopo.exe

C:\Windows\System\GLFuopo.exe

C:\Windows\System\GFEgxkq.exe

C:\Windows\System\GFEgxkq.exe

C:\Windows\System\VGZpgtb.exe

C:\Windows\System\VGZpgtb.exe

C:\Windows\System\YFdnZAL.exe

C:\Windows\System\YFdnZAL.exe

C:\Windows\System\ODqIPbH.exe

C:\Windows\System\ODqIPbH.exe

C:\Windows\System\tDyQvEX.exe

C:\Windows\System\tDyQvEX.exe

C:\Windows\System\Wbxlbaj.exe

C:\Windows\System\Wbxlbaj.exe

C:\Windows\System\QmNCKig.exe

C:\Windows\System\QmNCKig.exe

C:\Windows\System\urMRCiB.exe

C:\Windows\System\urMRCiB.exe

C:\Windows\System\mVTeDSw.exe

C:\Windows\System\mVTeDSw.exe

C:\Windows\System\NeIeTAS.exe

C:\Windows\System\NeIeTAS.exe

C:\Windows\System\DFtSSAG.exe

C:\Windows\System\DFtSSAG.exe

C:\Windows\System\xXvMlXC.exe

C:\Windows\System\xXvMlXC.exe

C:\Windows\System\XhToiDt.exe

C:\Windows\System\XhToiDt.exe

C:\Windows\System\KeViPpj.exe

C:\Windows\System\KeViPpj.exe

C:\Windows\System\SGuvjaL.exe

C:\Windows\System\SGuvjaL.exe

C:\Windows\System\zqPkBqB.exe

C:\Windows\System\zqPkBqB.exe

C:\Windows\System\HultWoS.exe

C:\Windows\System\HultWoS.exe

C:\Windows\System\fFgYvAh.exe

C:\Windows\System\fFgYvAh.exe

C:\Windows\System\tGbCQxH.exe

C:\Windows\System\tGbCQxH.exe

C:\Windows\System\FLyGGRV.exe

C:\Windows\System\FLyGGRV.exe

C:\Windows\System\cKZKUgN.exe

C:\Windows\System\cKZKUgN.exe

C:\Windows\System\dSbCqem.exe

C:\Windows\System\dSbCqem.exe

C:\Windows\System\mOcriqs.exe

C:\Windows\System\mOcriqs.exe

C:\Windows\System\vzawGuB.exe

C:\Windows\System\vzawGuB.exe

C:\Windows\System\OrkbVuD.exe

C:\Windows\System\OrkbVuD.exe

C:\Windows\System\wbHMOfM.exe

C:\Windows\System\wbHMOfM.exe

C:\Windows\System\wuZWimA.exe

C:\Windows\System\wuZWimA.exe

C:\Windows\System\uClxOmY.exe

C:\Windows\System\uClxOmY.exe

C:\Windows\System\cilgVMc.exe

C:\Windows\System\cilgVMc.exe

C:\Windows\System\SbgoLyB.exe

C:\Windows\System\SbgoLyB.exe

C:\Windows\System\fSPRgmq.exe

C:\Windows\System\fSPRgmq.exe

C:\Windows\System\ClbptlS.exe

C:\Windows\System\ClbptlS.exe

C:\Windows\System\eHNkEpq.exe

C:\Windows\System\eHNkEpq.exe

C:\Windows\System\nAnfKLx.exe

C:\Windows\System\nAnfKLx.exe

C:\Windows\System\wJfyurr.exe

C:\Windows\System\wJfyurr.exe

C:\Windows\System\ikCJqdE.exe

C:\Windows\System\ikCJqdE.exe

C:\Windows\System\uZqhNOo.exe

C:\Windows\System\uZqhNOo.exe

C:\Windows\System\ccefaFE.exe

C:\Windows\System\ccefaFE.exe

C:\Windows\System\rWnUbys.exe

C:\Windows\System\rWnUbys.exe

C:\Windows\System\edDBqmc.exe

C:\Windows\System\edDBqmc.exe

C:\Windows\System\oxFVine.exe

C:\Windows\System\oxFVine.exe

C:\Windows\System\MPSxWJc.exe

C:\Windows\System\MPSxWJc.exe

C:\Windows\System\EYLYLGC.exe

C:\Windows\System\EYLYLGC.exe

C:\Windows\System\jLHOeeU.exe

C:\Windows\System\jLHOeeU.exe

C:\Windows\System\CXmFxxZ.exe

C:\Windows\System\CXmFxxZ.exe

C:\Windows\System\mEhqcPg.exe

C:\Windows\System\mEhqcPg.exe

C:\Windows\System\RBVvtji.exe

C:\Windows\System\RBVvtji.exe

C:\Windows\System\JKzxlBU.exe

C:\Windows\System\JKzxlBU.exe

C:\Windows\System\ytsfjKo.exe

C:\Windows\System\ytsfjKo.exe

C:\Windows\System\giklFih.exe

C:\Windows\System\giklFih.exe

C:\Windows\System\qSXrkDg.exe

C:\Windows\System\qSXrkDg.exe

C:\Windows\System\ghGeARd.exe

C:\Windows\System\ghGeARd.exe

C:\Windows\System\nXaqdEz.exe

C:\Windows\System\nXaqdEz.exe

C:\Windows\System\fbxatdS.exe

C:\Windows\System\fbxatdS.exe

C:\Windows\System\SHuDBIr.exe

C:\Windows\System\SHuDBIr.exe

C:\Windows\System\nmdRnsP.exe

C:\Windows\System\nmdRnsP.exe

C:\Windows\System\spQzFqj.exe

C:\Windows\System\spQzFqj.exe

C:\Windows\System\gelcNJt.exe

C:\Windows\System\gelcNJt.exe

C:\Windows\System\SjJcZtJ.exe

C:\Windows\System\SjJcZtJ.exe

C:\Windows\System\SIYuWxB.exe

C:\Windows\System\SIYuWxB.exe

C:\Windows\System\fQYZNZE.exe

C:\Windows\System\fQYZNZE.exe

C:\Windows\System\LRUfmDV.exe

C:\Windows\System\LRUfmDV.exe

C:\Windows\System\YJfUdRR.exe

C:\Windows\System\YJfUdRR.exe

C:\Windows\System\FWBWzla.exe

C:\Windows\System\FWBWzla.exe

C:\Windows\System\GgTlMRS.exe

C:\Windows\System\GgTlMRS.exe

C:\Windows\System\kasThdw.exe

C:\Windows\System\kasThdw.exe

C:\Windows\System\pTDynHU.exe

C:\Windows\System\pTDynHU.exe

C:\Windows\System\yDGODNT.exe

C:\Windows\System\yDGODNT.exe

C:\Windows\System\DuGYFTE.exe

C:\Windows\System\DuGYFTE.exe

C:\Windows\System\pGKGiFe.exe

C:\Windows\System\pGKGiFe.exe

C:\Windows\System\qcrOPOM.exe

C:\Windows\System\qcrOPOM.exe

C:\Windows\System\lUApSRI.exe

C:\Windows\System\lUApSRI.exe

C:\Windows\System\bUgilfE.exe

C:\Windows\System\bUgilfE.exe

C:\Windows\System\gMRzHjp.exe

C:\Windows\System\gMRzHjp.exe

C:\Windows\System\ChjBiuG.exe

C:\Windows\System\ChjBiuG.exe

C:\Windows\System\EYeHASD.exe

C:\Windows\System\EYeHASD.exe

C:\Windows\System\fdvTDne.exe

C:\Windows\System\fdvTDne.exe

C:\Windows\System\VDSMXOI.exe

C:\Windows\System\VDSMXOI.exe

C:\Windows\System\YUorRej.exe

C:\Windows\System\YUorRej.exe

C:\Windows\System\xfMxFtj.exe

C:\Windows\System\xfMxFtj.exe

C:\Windows\System\ogmEhlS.exe

C:\Windows\System\ogmEhlS.exe

C:\Windows\System\GRGSfax.exe

C:\Windows\System\GRGSfax.exe

C:\Windows\System\vlDctyP.exe

C:\Windows\System\vlDctyP.exe

C:\Windows\System\AXIJLxC.exe

C:\Windows\System\AXIJLxC.exe

C:\Windows\System\kuealAK.exe

C:\Windows\System\kuealAK.exe

C:\Windows\System\YXgsvDm.exe

C:\Windows\System\YXgsvDm.exe

C:\Windows\System\rdSzVwP.exe

C:\Windows\System\rdSzVwP.exe

C:\Windows\System\HVoQuGf.exe

C:\Windows\System\HVoQuGf.exe

C:\Windows\System\upIXcsV.exe

C:\Windows\System\upIXcsV.exe

C:\Windows\System\pWtilff.exe

C:\Windows\System\pWtilff.exe

C:\Windows\System\nbkgJkT.exe

C:\Windows\System\nbkgJkT.exe

C:\Windows\System\GhBKxau.exe

C:\Windows\System\GhBKxau.exe

C:\Windows\System\KALEKOG.exe

C:\Windows\System\KALEKOG.exe

C:\Windows\System\iKyIyte.exe

C:\Windows\System\iKyIyte.exe

C:\Windows\System\nUxFnHk.exe

C:\Windows\System\nUxFnHk.exe

C:\Windows\System\IOFdjNM.exe

C:\Windows\System\IOFdjNM.exe

C:\Windows\System\DrCDeQl.exe

C:\Windows\System\DrCDeQl.exe

C:\Windows\System\cDYJOPF.exe

C:\Windows\System\cDYJOPF.exe

C:\Windows\System\BbyjcyB.exe

C:\Windows\System\BbyjcyB.exe

C:\Windows\System\efdJmkk.exe

C:\Windows\System\efdJmkk.exe

C:\Windows\System\UviPfpK.exe

C:\Windows\System\UviPfpK.exe

C:\Windows\System\twdswyh.exe

C:\Windows\System\twdswyh.exe

C:\Windows\System\RpzbiIs.exe

C:\Windows\System\RpzbiIs.exe

C:\Windows\System\ZtwfqaA.exe

C:\Windows\System\ZtwfqaA.exe

C:\Windows\System\ACVuoUj.exe

C:\Windows\System\ACVuoUj.exe

C:\Windows\System\chktOtN.exe

C:\Windows\System\chktOtN.exe

C:\Windows\System\mHtLSzN.exe

C:\Windows\System\mHtLSzN.exe

C:\Windows\System\TRbYbDH.exe

C:\Windows\System\TRbYbDH.exe

C:\Windows\System\NZxUBba.exe

C:\Windows\System\NZxUBba.exe

C:\Windows\System\HcSWMrC.exe

C:\Windows\System\HcSWMrC.exe

C:\Windows\System\adbPvLn.exe

C:\Windows\System\adbPvLn.exe

C:\Windows\System\lAbqECT.exe

C:\Windows\System\lAbqECT.exe

C:\Windows\System\tkmyYNb.exe

C:\Windows\System\tkmyYNb.exe

C:\Windows\System\BcueZKE.exe

C:\Windows\System\BcueZKE.exe

C:\Windows\System\FUDgBgG.exe

C:\Windows\System\FUDgBgG.exe

C:\Windows\System\yNEedJG.exe

C:\Windows\System\yNEedJG.exe

C:\Windows\System\eSYYjRd.exe

C:\Windows\System\eSYYjRd.exe

C:\Windows\System\SlMcEUa.exe

C:\Windows\System\SlMcEUa.exe

C:\Windows\System\sAFvmkl.exe

C:\Windows\System\sAFvmkl.exe

C:\Windows\System\HYPvrdn.exe

C:\Windows\System\HYPvrdn.exe

C:\Windows\System\jXrXMcm.exe

C:\Windows\System\jXrXMcm.exe

C:\Windows\System\FYIMNuJ.exe

C:\Windows\System\FYIMNuJ.exe

C:\Windows\System\TNKGzav.exe

C:\Windows\System\TNKGzav.exe

C:\Windows\System\jlCrMaJ.exe

C:\Windows\System\jlCrMaJ.exe

C:\Windows\System\IIJRZWh.exe

C:\Windows\System\IIJRZWh.exe

C:\Windows\System\GXykKLe.exe

C:\Windows\System\GXykKLe.exe

C:\Windows\System\zacwxCH.exe

C:\Windows\System\zacwxCH.exe

C:\Windows\System\tAZrAzT.exe

C:\Windows\System\tAZrAzT.exe

C:\Windows\System\kVSAnCb.exe

C:\Windows\System\kVSAnCb.exe

C:\Windows\System\rmjOFgU.exe

C:\Windows\System\rmjOFgU.exe

C:\Windows\System\bZbxOLz.exe

C:\Windows\System\bZbxOLz.exe

C:\Windows\System\lgtoKQD.exe

C:\Windows\System\lgtoKQD.exe

C:\Windows\System\ORrAAzI.exe

C:\Windows\System\ORrAAzI.exe

C:\Windows\System\vfaOavh.exe

C:\Windows\System\vfaOavh.exe

C:\Windows\System\hwcxYZe.exe

C:\Windows\System\hwcxYZe.exe

C:\Windows\System\AlOCTla.exe

C:\Windows\System\AlOCTla.exe

C:\Windows\System\KskcfUr.exe

C:\Windows\System\KskcfUr.exe

C:\Windows\System\wlMRATP.exe

C:\Windows\System\wlMRATP.exe

C:\Windows\System\aVfxlFk.exe

C:\Windows\System\aVfxlFk.exe

C:\Windows\System\tGHscdR.exe

C:\Windows\System\tGHscdR.exe

C:\Windows\System\ohcOuph.exe

C:\Windows\System\ohcOuph.exe

C:\Windows\System\uaiJrSX.exe

C:\Windows\System\uaiJrSX.exe

C:\Windows\System\bkKhHmk.exe

C:\Windows\System\bkKhHmk.exe

C:\Windows\System\efbjrNl.exe

C:\Windows\System\efbjrNl.exe

C:\Windows\System\wpSGguU.exe

C:\Windows\System\wpSGguU.exe

C:\Windows\System\tNaPZEM.exe

C:\Windows\System\tNaPZEM.exe

C:\Windows\System\WkozsXf.exe

C:\Windows\System\WkozsXf.exe

C:\Windows\System\JJqeHUX.exe

C:\Windows\System\JJqeHUX.exe

C:\Windows\System\LVorwJe.exe

C:\Windows\System\LVorwJe.exe

C:\Windows\System\pJtlFLw.exe

C:\Windows\System\pJtlFLw.exe

C:\Windows\System\myHqMJj.exe

C:\Windows\System\myHqMJj.exe

C:\Windows\System\nGDdbUh.exe

C:\Windows\System\nGDdbUh.exe

C:\Windows\System\cSvxHip.exe

C:\Windows\System\cSvxHip.exe

C:\Windows\System\OthYmRR.exe

C:\Windows\System\OthYmRR.exe

C:\Windows\System\DnQeWgw.exe

C:\Windows\System\DnQeWgw.exe

C:\Windows\System\RngOdVQ.exe

C:\Windows\System\RngOdVQ.exe

C:\Windows\System\VOfwlmK.exe

C:\Windows\System\VOfwlmK.exe

C:\Windows\System\zrLzpxz.exe

C:\Windows\System\zrLzpxz.exe

C:\Windows\System\FwxWCcK.exe

C:\Windows\System\FwxWCcK.exe

C:\Windows\System\RKsqTJs.exe

C:\Windows\System\RKsqTJs.exe

C:\Windows\System\upOmzvw.exe

C:\Windows\System\upOmzvw.exe

C:\Windows\System\xkaktcN.exe

C:\Windows\System\xkaktcN.exe

C:\Windows\System\HwjEhLC.exe

C:\Windows\System\HwjEhLC.exe

C:\Windows\System\cfIvluk.exe

C:\Windows\System\cfIvluk.exe

C:\Windows\System\jmAxgiI.exe

C:\Windows\System\jmAxgiI.exe

C:\Windows\System\rGjTxaf.exe

C:\Windows\System\rGjTxaf.exe

C:\Windows\System\WtWphlY.exe

C:\Windows\System\WtWphlY.exe

C:\Windows\System\oiyCNHY.exe

C:\Windows\System\oiyCNHY.exe

C:\Windows\System\fhFRisq.exe

C:\Windows\System\fhFRisq.exe

C:\Windows\System\gCDdFaI.exe

C:\Windows\System\gCDdFaI.exe

C:\Windows\System\XVDmTNX.exe

C:\Windows\System\XVDmTNX.exe

C:\Windows\System\ZgOMRcI.exe

C:\Windows\System\ZgOMRcI.exe

C:\Windows\System\oiZMbUd.exe

C:\Windows\System\oiZMbUd.exe

C:\Windows\System\IFuMFkd.exe

C:\Windows\System\IFuMFkd.exe

C:\Windows\System\IYYvVGc.exe

C:\Windows\System\IYYvVGc.exe

C:\Windows\System\dHgFtyA.exe

C:\Windows\System\dHgFtyA.exe

C:\Windows\System\RZInFQn.exe

C:\Windows\System\RZInFQn.exe

C:\Windows\System\yKYQqwT.exe

C:\Windows\System\yKYQqwT.exe

C:\Windows\System\XfpSFPb.exe

C:\Windows\System\XfpSFPb.exe

C:\Windows\System\etNoGQs.exe

C:\Windows\System\etNoGQs.exe

C:\Windows\System\CuGHPMr.exe

C:\Windows\System\CuGHPMr.exe

C:\Windows\System\hwqEgeS.exe

C:\Windows\System\hwqEgeS.exe

C:\Windows\System\gRMtrHH.exe

C:\Windows\System\gRMtrHH.exe

C:\Windows\System\jVTKZki.exe

C:\Windows\System\jVTKZki.exe

C:\Windows\System\omiaDJi.exe

C:\Windows\System\omiaDJi.exe

C:\Windows\System\WnkJwhJ.exe

C:\Windows\System\WnkJwhJ.exe

C:\Windows\System\NDVNHBk.exe

C:\Windows\System\NDVNHBk.exe

C:\Windows\System\rffWVni.exe

C:\Windows\System\rffWVni.exe

C:\Windows\System\xnXuoVp.exe

C:\Windows\System\xnXuoVp.exe

C:\Windows\System\DWuoROh.exe

C:\Windows\System\DWuoROh.exe

C:\Windows\System\tVYDgCK.exe

C:\Windows\System\tVYDgCK.exe

C:\Windows\System\FWKMDXn.exe

C:\Windows\System\FWKMDXn.exe

C:\Windows\System\cDDdOLx.exe

C:\Windows\System\cDDdOLx.exe

C:\Windows\System\qOMhrQM.exe

C:\Windows\System\qOMhrQM.exe

C:\Windows\System\VSQkotG.exe

C:\Windows\System\VSQkotG.exe

C:\Windows\System\qYXYqSg.exe

C:\Windows\System\qYXYqSg.exe

C:\Windows\System\hXFxiRj.exe

C:\Windows\System\hXFxiRj.exe

C:\Windows\System\quaIayC.exe

C:\Windows\System\quaIayC.exe

C:\Windows\System\XtFuVMV.exe

C:\Windows\System\XtFuVMV.exe

C:\Windows\System\XFEffoK.exe

C:\Windows\System\XFEffoK.exe

C:\Windows\System\MSohtFS.exe

C:\Windows\System\MSohtFS.exe

C:\Windows\System\YTPMQCw.exe

C:\Windows\System\YTPMQCw.exe

C:\Windows\System\BRkJVSS.exe

C:\Windows\System\BRkJVSS.exe

C:\Windows\System\YuYorgY.exe

C:\Windows\System\YuYorgY.exe

C:\Windows\System\tECiHwI.exe

C:\Windows\System\tECiHwI.exe

C:\Windows\System\VuBlIaG.exe

C:\Windows\System\VuBlIaG.exe

C:\Windows\System\xRiZWhn.exe

C:\Windows\System\xRiZWhn.exe

C:\Windows\System\ITCmOjG.exe

C:\Windows\System\ITCmOjG.exe

C:\Windows\System\xaBTjXj.exe

C:\Windows\System\xaBTjXj.exe

C:\Windows\System\QAbmmJu.exe

C:\Windows\System\QAbmmJu.exe

C:\Windows\System\VOavBnh.exe

C:\Windows\System\VOavBnh.exe

C:\Windows\System\stCRQjC.exe

C:\Windows\System\stCRQjC.exe

C:\Windows\System\fULsBQp.exe

C:\Windows\System\fULsBQp.exe

C:\Windows\System\YJEcyYP.exe

C:\Windows\System\YJEcyYP.exe

C:\Windows\System\EZEsjKF.exe

C:\Windows\System\EZEsjKF.exe

C:\Windows\System\vsnzmcx.exe

C:\Windows\System\vsnzmcx.exe

C:\Windows\System\gwVFafV.exe

C:\Windows\System\gwVFafV.exe

C:\Windows\System\bHCidUK.exe

C:\Windows\System\bHCidUK.exe

C:\Windows\System\mDFZpxl.exe

C:\Windows\System\mDFZpxl.exe

C:\Windows\System\KCeRULP.exe

C:\Windows\System\KCeRULP.exe

C:\Windows\System\oozBvkO.exe

C:\Windows\System\oozBvkO.exe

C:\Windows\System\HlHglHS.exe

C:\Windows\System\HlHglHS.exe

C:\Windows\System\tSkPmki.exe

C:\Windows\System\tSkPmki.exe

C:\Windows\System\fCckJgM.exe

C:\Windows\System\fCckJgM.exe

C:\Windows\System\vwNXIet.exe

C:\Windows\System\vwNXIet.exe

C:\Windows\System\XudcKbg.exe

C:\Windows\System\XudcKbg.exe

C:\Windows\System\tFAifqX.exe

C:\Windows\System\tFAifqX.exe

C:\Windows\System\fRZlNsm.exe

C:\Windows\System\fRZlNsm.exe

C:\Windows\System\OkWtusJ.exe

C:\Windows\System\OkWtusJ.exe

C:\Windows\System\YtQtDWa.exe

C:\Windows\System\YtQtDWa.exe

C:\Windows\System\hzUhIyJ.exe

C:\Windows\System\hzUhIyJ.exe

C:\Windows\System\zehOeKu.exe

C:\Windows\System\zehOeKu.exe

C:\Windows\System\nKgLgtq.exe

C:\Windows\System\nKgLgtq.exe

C:\Windows\System\ZTQiyJT.exe

C:\Windows\System\ZTQiyJT.exe

C:\Windows\System\RbCrndZ.exe

C:\Windows\System\RbCrndZ.exe

C:\Windows\System\uUMsGhy.exe

C:\Windows\System\uUMsGhy.exe

C:\Windows\System\HjNgjOz.exe

C:\Windows\System\HjNgjOz.exe

C:\Windows\System\iYZlJnF.exe

C:\Windows\System\iYZlJnF.exe

C:\Windows\System\lcIhoez.exe

C:\Windows\System\lcIhoez.exe

C:\Windows\System\VISwDPl.exe

C:\Windows\System\VISwDPl.exe

C:\Windows\System\EUhKLng.exe

C:\Windows\System\EUhKLng.exe

C:\Windows\System\AvMjpHw.exe

C:\Windows\System\AvMjpHw.exe

C:\Windows\System\upcQHbn.exe

C:\Windows\System\upcQHbn.exe

C:\Windows\System\YEpRvDj.exe

C:\Windows\System\YEpRvDj.exe

C:\Windows\System\ORGuVjH.exe

C:\Windows\System\ORGuVjH.exe

C:\Windows\System\BZzSEEw.exe

C:\Windows\System\BZzSEEw.exe

C:\Windows\System\aZSKsin.exe

C:\Windows\System\aZSKsin.exe

C:\Windows\System\vqLWZMc.exe

C:\Windows\System\vqLWZMc.exe

C:\Windows\System\gLHkuSf.exe

C:\Windows\System\gLHkuSf.exe

C:\Windows\System\zxCOoto.exe

C:\Windows\System\zxCOoto.exe

C:\Windows\System\idlgdFQ.exe

C:\Windows\System\idlgdFQ.exe

C:\Windows\System\RbuwLbI.exe

C:\Windows\System\RbuwLbI.exe

C:\Windows\System\CLOPERZ.exe

C:\Windows\System\CLOPERZ.exe

C:\Windows\System\VsiHNJc.exe

C:\Windows\System\VsiHNJc.exe

C:\Windows\System\AGCxDOO.exe

C:\Windows\System\AGCxDOO.exe

C:\Windows\System\VQFGhsD.exe

C:\Windows\System\VQFGhsD.exe

C:\Windows\System\aLMmlvZ.exe

C:\Windows\System\aLMmlvZ.exe

C:\Windows\System\eRCFvOm.exe

C:\Windows\System\eRCFvOm.exe

C:\Windows\System\LnyJPRY.exe

C:\Windows\System\LnyJPRY.exe

C:\Windows\System\NEIeSET.exe

C:\Windows\System\NEIeSET.exe

C:\Windows\System\TBoXNIt.exe

C:\Windows\System\TBoXNIt.exe

C:\Windows\System\MmZauAA.exe

C:\Windows\System\MmZauAA.exe

C:\Windows\System\PowGqjV.exe

C:\Windows\System\PowGqjV.exe

C:\Windows\System\GpsxFQe.exe

C:\Windows\System\GpsxFQe.exe

C:\Windows\System\YNCMTJC.exe

C:\Windows\System\YNCMTJC.exe

C:\Windows\System\VoYDmlV.exe

C:\Windows\System\VoYDmlV.exe

C:\Windows\System\JRKlwJz.exe

C:\Windows\System\JRKlwJz.exe

C:\Windows\System\ufnrHqI.exe

C:\Windows\System\ufnrHqI.exe

C:\Windows\System\mTmyHhK.exe

C:\Windows\System\mTmyHhK.exe

C:\Windows\System\uXETcyD.exe

C:\Windows\System\uXETcyD.exe

C:\Windows\System\xkixYEa.exe

C:\Windows\System\xkixYEa.exe

C:\Windows\System\OHPVsrT.exe

C:\Windows\System\OHPVsrT.exe

C:\Windows\System\FykWTzG.exe

C:\Windows\System\FykWTzG.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3056-0-0x00007FF6458D0000-0x00007FF645C24000-memory.dmp

memory/3056-1-0x000001A26D0A0000-0x000001A26D0B0000-memory.dmp

C:\Windows\System\GQIyEBX.exe

MD5 0c03eecc7bc22030c6dadae07a3e077b
SHA1 6a64930b401e38f9d0d71f9628d4d5719845cb9e
SHA256 a4d1594f58b4fd1fb84d6dcfbf98cf20940e7ffd1c3adc72ad2d0f8a3f1940e3
SHA512 1fa5a3f18eef2b0050c5d736f59fb4557fdbd39f6cbc062a2291ca138865466457da2df3c86f6a0d55244404a2e3afaf7d96db610f5922b09450a966dbb67ef8

C:\Windows\System\FjrmbMv.exe

MD5 18838777f1925b4401201a78cc355682
SHA1 c4976e1899dd0a391c6e21266f7ac6a70bbece43
SHA256 308b2a8e25f1bc1b524e9c793848f17f01f7aad813c18e02c94f1ec6f569b5e3
SHA512 c2291dd72fba0edc598b3164107046cc75655a2e25880d95ba3cacd535a3cb68bae8c79c94a23673e3ed9d6b0077a8fc47287c9c69166467d6962b7d034eedd3

memory/1160-10-0x00007FF74A380000-0x00007FF74A6D4000-memory.dmp

C:\Windows\System\HqjmhNU.exe

MD5 13148a916c51d0062a151e40d48845f9
SHA1 2d5a77eb01f5b56f18b13a33cef0938201872619
SHA256 78b9b50ec006e6ef374e1499049fc9dd5b832cfcb45613fc9d5bc7354371d8a4
SHA512 e84a24fdeda55cad0dca603f4a1d7139864573bc3fdd8912d1785722e35cca31944ae7dad87a37e1962f502dc6094dec01dacf1417c7be6c2049a0c9ca0e4138

memory/1444-20-0x00007FF7166E0000-0x00007FF716A34000-memory.dmp

C:\Windows\System\gRDRHSf.exe

MD5 ff5a29b80c96505a4a82486f8e3b94b8
SHA1 5626ae9335bc6374e1d678346910b8ca3b4a02f9
SHA256 70b29c647bbc0011d890fdc06264ff3ec51e934d34de833f9343ac2216782500
SHA512 6a8848deb92a98b7423be120d24f2a9773379dd02bfcd6ffbc0d9cf2fef55050f153dd6886ffa4eb5f4c874d4b8e98aa4b0465e1855113830019302a1ede5e79

C:\Windows\System\BHNfMZi.exe

MD5 b3f854c03a7d989ae087a960912a65c4
SHA1 258138b74da74258dd467c320335e77ec8ad0858
SHA256 057d948cc4122d16ebc1b90d3f9e1969dd85b322dc930097cdba9d296275ee21
SHA512 b92dee5c637b2ecd5714a82eb1570c04851e6c264fe2d7882900f15cdb47d1d56da3499dec37de7c0242b33c5a55fe72f6a3f7d8cf52fd9be4fb585a6657e91c

C:\Windows\System\rAFhTgr.exe

MD5 a2ca9c859e05df92424584a2293f694d
SHA1 3392b14aad9b8cb6c02b32e66b7760e4363a11a2
SHA256 fd64cfe05b0fd1b206a4845acc6e51147b1ee5e156c326af5c7aae3c36c64369
SHA512 f2cac82401e8957fcb51723df44110ddda136a962d7979b6d311b6349a695521913d6e9ac3a752334d85291b53da7bfb2706e52ef1f6b540e024a51ef5475d70

C:\Windows\System\jldRezS.exe

MD5 a5ca0406a83f15d71165f9c0d9867ec1
SHA1 0e22414d9dc3fa9e6c8a90d9f8814eb4e8ef41a8
SHA256 f86d4979a9ac0bd8e3308609313c1fcc68cda948c9084274138e38c6a87bb927
SHA512 956a7ae1e63a29886da9023cfef7e26d6757bd7da81ceb991c2c5dde746325e5a66868f3b51e4958dcdf0b86dac3b8204ba0eae2023728344250416c0e6ec798

C:\Windows\System\cUVjtsE.exe

MD5 78e39e28074de71a5e0511d6991d4b33
SHA1 ea3c92badb3b15af6045d070d5d0e29dedd0c3bf
SHA256 5d803d3f5e2357229ccdcc1a9f6cc1301d242c19c479f4e873d57926fc95571c
SHA512 00d2c35fef1ee9dedf60146bfd630e7c9695bbc7229ea4e33e07984a0c50a070756583dc98853748e8904096fb59e28d5d911a4ea8e5d7a78781e8c5d541a9f8

C:\Windows\System\fBTKcRw.exe

MD5 ad028f864494d29dca8674a215bbe6e9
SHA1 188c4a9d57dab68c0d0ec927790d4c9c87fd53f1
SHA256 619e9acaa45f1c0692dc8d393ff0b3945531d13122c11701863f6b9e9880eb35
SHA512 400dfc41c67e4ee4c505f95cd7682661e41782352833d1d8927a6c63d9dbe698d39c57435d483f6307fa5443c5569620399640bc3d8311988c0119f2c4b9be19

C:\Windows\System\OvVGmBc.exe

MD5 053306d8ae25758f0d1e266a7c3b94bc
SHA1 a5b24bb1a9f928d1a7e30727f3f279e13d4997c9
SHA256 e48687ab707e44abf05080563c1c8cdb75a524c4f85c6bd6e0bf7d53ac26b9b8
SHA512 8192569a65c49d64075d3fa4495f86eb3e53e32dcbf4cc69f5a1326202719cc4fe160e0e9fe10d03a4b247fcae59855d705e763b526ee2d20ac52b50c6bc16c7

C:\Windows\System\ocXRFgo.exe

MD5 263fa3c1693ce4e4911f95a573545942
SHA1 b9ad2da148e2c779fb033293f1f09d9319a152db
SHA256 aa3bf3419119f59ca29c8c1941cdbe208f63815f858f263744977103b20c5cc0
SHA512 c34a6b1308613338f7711ca523a794e90d051bd734224e8b8bda878047d92ffc747727c55946fd53027d024150c00032384a4aabfd7c9dfc6e416e991b7248a8

C:\Windows\System\VXarmGB.exe

MD5 c399cdc7ea610a3e47e4f1d0e18cd8d5
SHA1 2048b9c37e1991bc1b6b37e20b0e3f99bffe55af
SHA256 51abea0b9283bafedeb531fd62bd027e6353e9823937c3cfcb9c3b3f689122a8
SHA512 28d3bae6f7372387b3b2002952f060b65b3413f19e7a12b5135f51c255c576b6fee0ec4e4c71ae7df8f72e437d95fe5387e1b2ce97bb172ab15a7a8a5ff0dcab

C:\Windows\System\oLDTvAf.exe

MD5 ead86d92358640954c0d51f6fcdd1e3f
SHA1 b8dcf950b066e2b2d134d6c43f4a7d689d240101
SHA256 6fa148f863c85928750cadc9e1e20e536b8b5516602a2bc7263f50c4a161b6f1
SHA512 b02b38c11e934bc60d85ac66a98688e8ff97e27026372bd50d3cb04178db2b212412fcdb9b26f095140a49390e282713cd915c03af0c56a5b4ce330ad7425b1a

memory/4580-194-0x00007FF669290000-0x00007FF6695E4000-memory.dmp

memory/2616-203-0x00007FF7B59F0000-0x00007FF7B5D44000-memory.dmp

memory/1872-202-0x00007FF7A2C20000-0x00007FF7A2F74000-memory.dmp

memory/2876-201-0x00007FF74F2B0000-0x00007FF74F604000-memory.dmp

memory/752-200-0x00007FF65A5A0000-0x00007FF65A8F4000-memory.dmp

memory/4568-199-0x00007FF6EF060000-0x00007FF6EF3B4000-memory.dmp

memory/4704-198-0x00007FF7F6A20000-0x00007FF7F6D74000-memory.dmp

memory/4144-197-0x00007FF6B76D0000-0x00007FF6B7A24000-memory.dmp

memory/1920-196-0x00007FF7B82C0000-0x00007FF7B8614000-memory.dmp

memory/1448-195-0x00007FF7EB730000-0x00007FF7EBA84000-memory.dmp

memory/3780-190-0x00007FF7EC470000-0x00007FF7EC7C4000-memory.dmp

memory/2208-189-0x00007FF6CED20000-0x00007FF6CF074000-memory.dmp

memory/4380-186-0x00007FF618510000-0x00007FF618864000-memory.dmp

C:\Windows\System\KgPbsIe.exe

MD5 2480ad3647bde3f6f1b045cbbe63a07c
SHA1 091daea46113749e3d0e07ee29b603d8db01eee4
SHA256 92b3a93f651842ebb7fceb18884872665a4a081809bcbac11bd0ffec180b332c
SHA512 8c0a63088af4b0de6e929efcd67cc9f1b2bf591ba2313b912b3964ae3e2718105bfab79382fd94186af5a81fed9ae3e450722a90065fe6fd69604c8dddaa2cd1

C:\Windows\System\ufcodcd.exe

MD5 b8f896031a30b14d7406df589f864511
SHA1 704a5bd29de8baf5cbe33970d40c784962229163
SHA256 896a575fb2ece8ae70c43731e89eb1e2e1c56157b2853a37984363b65ded8e10
SHA512 1c97a538cfc6e047295c37118c3b2127cee3393b4f8f34e3662f6272b67eb8569658fc1b712c50987516e23cb073c979c8f04ca4bbe79e77d355890a6131ab51

C:\Windows\System\nJWoTyW.exe

MD5 65b8428d9b00a49f70c87d0337a8e49f
SHA1 98f2f4a8820a401ef7272768cd53f39a01a34ef3
SHA256 5aa5957ec4d162f097ebb3ef94df4c5d1018d4cc7891e43b9a32b70aeec27803
SHA512 629c0b750ba0a2bbc1080c11d94adf063dca646c543f05efa038e61feb8e26fc7ad7c6cc65663c5614e359aa7aeba51cabc93ef3597bf7efb28c74209de7a2c0

C:\Windows\System\WyoxcmI.exe

MD5 0dd9177e31ff53dd4cddc5f7cc0f9785
SHA1 27e59289922d4e79ac2b9077479e4b62d19bb8e4
SHA256 ff20a48f902375869440f0eb7f8f46d506eed366c1b61b5cd7850f6dcded3fc0
SHA512 d4552fa54244e45db64d30ed49f89085a32b03b9b0dc6aec18a555ccc3e9536c4956774bc15b2e3ea7abea01067e1478210a3a9f28e9b311b7bceb6214abf004

C:\Windows\System\mpuxxYg.exe

MD5 021a7eb411a8331cdac8aad47e639712
SHA1 adb0332351bab21d7352a081112ee422598d22d5
SHA256 3762d375fcacc88c82e68540ee8b2d2ef80c2359042c86ae9b003a0d542a841e
SHA512 bf9fac32fece543511a5738afdbb13d6b3271069780274a80f712141373fd2a7b058684d85e9ffc5ce6ba12e0cd53aab14c988016852c6ff18758ddb0a7f163e

memory/2076-171-0x00007FF60C400000-0x00007FF60C754000-memory.dmp

memory/3528-170-0x00007FF7E2600000-0x00007FF7E2954000-memory.dmp

C:\Windows\System\TWDTkQk.exe

MD5 12fbb337fdeea399670f10e8fa4879a0
SHA1 5e72e0c714c79bcf890f5d23b58bda2b34f109c3
SHA256 f1e2174256f6edfff1f2fcc19670e4448c75e99c85053bbd27b1f3589ccfc2fa
SHA512 06207d6386cdb9c5c96772690871c6d81ba628fd92ff0169967dfe08ac9b4aa3cc928b14744263c7be18aec5fb549062b4213600d22334985dc63bb3bc30ac29

C:\Windows\System\cEVLPbc.exe

MD5 e8393c6a1522937fb41ecc444f04e42a
SHA1 297ee4dce178d4eb73d8c3917bb0dbfdb7da33be
SHA256 5112de80e1302a987a9fe280158a44b98be84e41237bf0ce032d36392ddefaee
SHA512 8e5fa318a4022e842bc702563f0cbae8d3345187356f27e71b9ffea982734ddcb597904b8002959607cc7b30dc1ba79bae15e6e467fb71d270ace7b159fba1d9

C:\Windows\System\FoSitIl.exe

MD5 ca8b2f16ebc4d8e0c73555b18aac52d5
SHA1 62ee74e83f3cca18cde55aa5eca5ce5bc0f76be5
SHA256 144b885f4b46f7423285d4db510602198e9ec55b452a9bb71aa92f0db88c2195
SHA512 62050e7e952a3c7eef018ff213c1f285a331c13a2d58bc378e87be6264a34119918562609c6b6684d841825c07929b56466dec5cca8667b08da1571f74c13b32

memory/3124-155-0x00007FF785420000-0x00007FF785774000-memory.dmp

memory/3964-154-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp

C:\Windows\System\zabFtoO.exe

MD5 2388d9df290688659f101f64d8c33e27
SHA1 a9cdb549d036214eb1a00cc00aeba4c1d365babf
SHA256 820e5a5328525e08676a110f4b502fd5ce7b0940e998d345e4633c96797d6594
SHA512 80fb49dfbcc7640805d682dab17310d4c84c07b0c69172afc99713ff712984b2a2bcce6bf526e0582a15e499ff372a0e1702bd9b69b5c593581377a42db59688

C:\Windows\System\RBdpdpy.exe

MD5 635b63546a1f2c47b0a2275f6d3e8721
SHA1 df6688c1b695a62d5effd663a48b97d77e855f9f
SHA256 849b7574cc0ef6dc58f48920d8c5cd30fa4823f72ce97d6d89bd9481f2f6c87e
SHA512 dbdfee1af16fce51ff9b1104ca017c56b4cb96b94aa5e674fd1e79c4e742e147e44ee5035c614f180140e0eb028a50abdfbc2e8ceff4c40af8bd024a1572dcbe

C:\Windows\System\ppxSHbH.exe

MD5 f2bd2dd61ea4bfd5ae9f494e9785c4bf
SHA1 504172429550a98fc0cba843162dc1ed71b6d35e
SHA256 c44210dc73e3f93e44bb10f8bb472740dbd026f6450fe02b01f159587994f893
SHA512 a498892c246864438f0711ee7564361b44879bb959a6d76cb755667c315574b298679436eebe17da3d74bf25368f815b4338261a12e733e61d75c2aa989bc662

C:\Windows\System\hJQnROx.exe

MD5 7d930c23127378a06e0680e39930daf2
SHA1 7d58a2a59f050717e06440900257d1e1549938a4
SHA256 f734b9598abf1f2c7400768230e7418cc51685299745a65ea4b280fc1107ca6a
SHA512 fbc55b4f5d2fa8743e57e0505a3b836ea6c078da43dee1eeca03322175b868fab122d02a164c7297ce2e40dcdbc0bd7ea4753688ee5097223ffa4214dbc4311c

C:\Windows\System\iiXJPpk.exe

MD5 526438617890760a249781a0babdf655
SHA1 aa3d5186b5a512dad235db29fde8ab9ceafe7140
SHA256 bbf2b328b9d4f62fd89a952cb253a868e109780bc2d780649c18d57f3f5f164b
SHA512 24cf63d52ee96992067f89ed79041e4333a889b070d1b4ce004e2784fc4d4fff8ccf48bf237a3e751f671a1583df24b0b581624bf5117e19d32773a5a88ade4d

C:\Windows\System\BNiXAqC.exe

MD5 f26f29433abd3ed347f3285dac385c1c
SHA1 33b7b87484018659103b3399153df59172d54d60
SHA256 aec60e1643d74e4339b2de2641f35ab931761317d09e753052ff3af86a650bc5
SHA512 efff6d304f67a94149c89b7476d569e0ca8abe0fabb2d8091b7d02f39e64a118cfa1485ca2b34f8c196df9d1f9a4415de32ffb4682d1db45cb900dbebe3f616f

C:\Windows\System\DrwSnbg.exe

MD5 50b12928e498713a8fb375c04a2b79c0
SHA1 3ec141ec51a3028a0dddb6a669eca0c73ad9cc0d
SHA256 9498f45c4168d9d71fb6cc4770869d1fbafed9eb1544f4092f1da1c078f25c2d
SHA512 825a4c3411c51753ecec505d1e076efd0f0f0e1286bd30d920f4d22b8c526ccbdb758ddecb19c97a8b218baf37f247d10fda5e778cd08e552d6349e6313891c2

memory/624-118-0x00007FF708460000-0x00007FF7087B4000-memory.dmp

C:\Windows\System\VwwRRXi.exe

MD5 3c96760481ed71b7032e63512352c0b1
SHA1 959dca7c265f02053081e35b5336eae676308f9e
SHA256 d53513ef80da3531a260a8d167389faab21ff6bc6001ea6bebfddebb6047310b
SHA512 950140664f49c3f1e54ab632625828051f291e7113fbc95f0bd227f2ea97eba903afb7a6385a43a67a93272d6370507a2142c7918f8e192e6b946e392ca68350

memory/3040-105-0x00007FF7BAEB0000-0x00007FF7BB204000-memory.dmp

C:\Windows\System\dNjhZap.exe

MD5 cd9f369f676a186d4c079f0bfcf69197
SHA1 ef3d0f98691b95854c6f4441170599f4c622afce
SHA256 aa8377050ec4037fee72ce4e7d3181163ae7786cfa13be6102660a7602358c05
SHA512 e370997a4907f1db2e4c341fcfaa195a8b7e8e908a831e80efb42ea0fd6c4295ee1f7d9516949c99aa3c9e73bb10a8d5fb43f7de5421093e6a0cde0d00436980

memory/4016-91-0x00007FF7B74B0000-0x00007FF7B7804000-memory.dmp

memory/5088-87-0x00007FF63CE00000-0x00007FF63D154000-memory.dmp

C:\Windows\System\YlwTyne.exe

MD5 faa9511d24c3c65bd25ef0d8d41f903e
SHA1 e78a0f7df9a02bd666b6e53f516fcb759d6e27b9
SHA256 19f185294c8aa912e2183ed3274d6317d7aad1c704ca261b6cd56bd9a0f0dab8
SHA512 8642d9f3c1889456f7d7b3085e5353b28751f3f5031c48e068ab08e855ccbe6b111413b3be6c1c29a98a906a2bbd48519218e73d7e1869df442757dd05adbc87

memory/620-77-0x00007FF69F520000-0x00007FF69F874000-memory.dmp

C:\Windows\System\NxhvKNj.exe

MD5 d99ebe1ebc8dfd0bd15452cb828df8b2
SHA1 447ca77803bfad8f6eeee47622a97dc6a798d1d4
SHA256 29eb87d51c9ffaccaf8e0d150f719d9ebef2e205b7ce00d12500a5296cffb28f
SHA512 f0a7a43f22c8087c708c16ed1e9adc73c25355a306adaa4d31e1f633936896baa2020cfb985c6d7acfd69103c798c83968edf03e673f9dc0059e91bf4ad35a86

memory/1104-64-0x00007FF6FD160000-0x00007FF6FD4B4000-memory.dmp

memory/1576-57-0x00007FF797380000-0x00007FF7976D4000-memory.dmp

C:\Windows\System\UAGfSta.exe

MD5 428490e5075a95601ce6eafa45a098a5
SHA1 642d59559ea9e9061341906030fd4d8c89b2abf4
SHA256 5e41080a14507efd4e18df1ae4f048889d239ad260f19ef28599e82a1d0f74d3
SHA512 261edfd6f64488f044926b285030b75675195818456c942db409fb9ae0500e75f1554c951605bbbee111d65d5dab93c0cd059f2e2a02d5bd6be1f629add77b7c

C:\Windows\System\uHcUOra.exe

MD5 be02ec8cd9b0cb847dd8fb41979b0929
SHA1 e285ebf953a5df151dfbb1312187b02721512d76
SHA256 18abe4af4824ef63fe33c50a65281c63984baddd88156c4e02534edcd143a143
SHA512 572d2e02e21348e43589b4a56713be777ab5c5fd7477865ef880aefdb30b295b76ddc0ecb730d6c159e255bb19df37dbf670eb52960639510413f3ce1fa2dbcf

C:\Windows\System\wwaMxpd.exe

MD5 a211b323dc53f757405179d6fe700364
SHA1 d47489759471806ba75f3bd3581be9eb02c95bdc
SHA256 400c6658707ce80afba77a592b88e1c5a3c14b36ebab03236eabbcd506679321
SHA512 013fc5e96b394540abdd49fa5669aaa59af553263c1b817cf56c5b6157c9760f2d53ff01f4cbed3fa0d650488c877aebed76c2083d879c16dc0537a215cb4d83

memory/4056-45-0x00007FF6E8940000-0x00007FF6E8C94000-memory.dmp

memory/4332-44-0x00007FF65B2C0000-0x00007FF65B614000-memory.dmp

memory/4188-35-0x00007FF68E170000-0x00007FF68E4C4000-memory.dmp

C:\Windows\System\GpvjMYN.exe

MD5 1f68242d0fec5e90686c6ff5e3835144
SHA1 f3584e75f7f9070adc23dc9922f653827e275707
SHA256 5d5613d5eb075428514e074f8b5f73b946f4df994139bc839a526aab736fab0b
SHA512 b96b8213816cac96134ffc5f0e08b571a8e8f5c7c638fbd0cca6ca0b39e31e1aedef21732798230c0be291e0cdced97b4d2d6657f801d9284a28b993632d5670

memory/3056-1070-0x00007FF6458D0000-0x00007FF645C24000-memory.dmp

memory/1160-1071-0x00007FF74A380000-0x00007FF74A6D4000-memory.dmp

memory/1104-1072-0x00007FF6FD160000-0x00007FF6FD4B4000-memory.dmp

memory/620-1073-0x00007FF69F520000-0x00007FF69F874000-memory.dmp

memory/3964-1074-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp

memory/4188-1075-0x00007FF68E170000-0x00007FF68E4C4000-memory.dmp

memory/1160-1076-0x00007FF74A380000-0x00007FF74A6D4000-memory.dmp

memory/1444-1077-0x00007FF7166E0000-0x00007FF716A34000-memory.dmp

memory/4056-1078-0x00007FF6E8940000-0x00007FF6E8C94000-memory.dmp

memory/4332-1079-0x00007FF65B2C0000-0x00007FF65B614000-memory.dmp

memory/4188-1080-0x00007FF68E170000-0x00007FF68E4C4000-memory.dmp

memory/1576-1087-0x00007FF797380000-0x00007FF7976D4000-memory.dmp

memory/620-1088-0x00007FF69F520000-0x00007FF69F874000-memory.dmp

memory/1104-1086-0x00007FF6FD160000-0x00007FF6FD4B4000-memory.dmp

memory/1920-1085-0x00007FF7B82C0000-0x00007FF7B8614000-memory.dmp

memory/5088-1084-0x00007FF63CE00000-0x00007FF63D154000-memory.dmp

memory/4144-1083-0x00007FF6B76D0000-0x00007FF6B7A24000-memory.dmp

memory/4016-1082-0x00007FF7B74B0000-0x00007FF7B7804000-memory.dmp

memory/1448-1081-0x00007FF7EB730000-0x00007FF7EBA84000-memory.dmp

memory/2876-1092-0x00007FF74F2B0000-0x00007FF74F604000-memory.dmp

memory/752-1094-0x00007FF65A5A0000-0x00007FF65A8F4000-memory.dmp

memory/3528-1096-0x00007FF7E2600000-0x00007FF7E2954000-memory.dmp

memory/4568-1095-0x00007FF6EF060000-0x00007FF6EF3B4000-memory.dmp

memory/624-1093-0x00007FF708460000-0x00007FF7087B4000-memory.dmp

memory/3124-1091-0x00007FF785420000-0x00007FF785774000-memory.dmp

memory/3040-1090-0x00007FF7BAEB0000-0x00007FF7BB204000-memory.dmp

memory/4704-1089-0x00007FF7F6A20000-0x00007FF7F6D74000-memory.dmp

memory/2616-1103-0x00007FF7B59F0000-0x00007FF7B5D44000-memory.dmp

memory/4380-1102-0x00007FF618510000-0x00007FF618864000-memory.dmp

memory/1872-1101-0x00007FF7A2C20000-0x00007FF7A2F74000-memory.dmp

memory/2208-1100-0x00007FF6CED20000-0x00007FF6CF074000-memory.dmp

memory/4580-1099-0x00007FF669290000-0x00007FF6695E4000-memory.dmp

memory/3780-1098-0x00007FF7EC470000-0x00007FF7EC7C4000-memory.dmp

memory/3964-1097-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp

memory/2076-1104-0x00007FF60C400000-0x00007FF60C754000-memory.dmp