Malware Analysis Report

2024-10-10 08:38

Sample ID 240603-nxcktaef45
Target a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe
SHA256 0b750a968ae8d3565b00663b6144d0e5bfd9593d796d3dbb47124b80187e4869
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0b750a968ae8d3565b00663b6144d0e5bfd9593d796d3dbb47124b80187e4869

Threat Level: Known bad

The file a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Xmrig family

Kpot family

XMRig Miner payload

xmrig

KPOT Core Executable

KPOT

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 11:46

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 11:46

Reported

2024-06-03 11:48

Platform

win7-20240221-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\njoCJxJ.exe N/A
N/A N/A C:\Windows\System\GWdxnjj.exe N/A
N/A N/A C:\Windows\System\RpBEdZr.exe N/A
N/A N/A C:\Windows\System\sexUxNr.exe N/A
N/A N/A C:\Windows\System\MMqwJEZ.exe N/A
N/A N/A C:\Windows\System\eUYYAGL.exe N/A
N/A N/A C:\Windows\System\uCuSpsb.exe N/A
N/A N/A C:\Windows\System\QWDjoCq.exe N/A
N/A N/A C:\Windows\System\UyrfneK.exe N/A
N/A N/A C:\Windows\System\PNwVZDM.exe N/A
N/A N/A C:\Windows\System\XpOoueF.exe N/A
N/A N/A C:\Windows\System\DmkInId.exe N/A
N/A N/A C:\Windows\System\igKwWHI.exe N/A
N/A N/A C:\Windows\System\YagJsdW.exe N/A
N/A N/A C:\Windows\System\AQzcuox.exe N/A
N/A N/A C:\Windows\System\pdKQVAX.exe N/A
N/A N/A C:\Windows\System\uWufkzM.exe N/A
N/A N/A C:\Windows\System\NpvGXEq.exe N/A
N/A N/A C:\Windows\System\oJDvDoZ.exe N/A
N/A N/A C:\Windows\System\ruKDXyk.exe N/A
N/A N/A C:\Windows\System\iMcRcph.exe N/A
N/A N/A C:\Windows\System\PVlfVWL.exe N/A
N/A N/A C:\Windows\System\nXojEnT.exe N/A
N/A N/A C:\Windows\System\DcreLJR.exe N/A
N/A N/A C:\Windows\System\xFrnMXO.exe N/A
N/A N/A C:\Windows\System\YuKplfD.exe N/A
N/A N/A C:\Windows\System\lirRzFw.exe N/A
N/A N/A C:\Windows\System\keAQtqw.exe N/A
N/A N/A C:\Windows\System\Hwbzsfx.exe N/A
N/A N/A C:\Windows\System\CVobiHE.exe N/A
N/A N/A C:\Windows\System\xdMNJap.exe N/A
N/A N/A C:\Windows\System\ggwuzfD.exe N/A
N/A N/A C:\Windows\System\fWLlMiS.exe N/A
N/A N/A C:\Windows\System\gJKvUZZ.exe N/A
N/A N/A C:\Windows\System\NUerRlp.exe N/A
N/A N/A C:\Windows\System\DFdqIWN.exe N/A
N/A N/A C:\Windows\System\CJkXCJp.exe N/A
N/A N/A C:\Windows\System\BKXFlvY.exe N/A
N/A N/A C:\Windows\System\nUINoaM.exe N/A
N/A N/A C:\Windows\System\jiuYtLp.exe N/A
N/A N/A C:\Windows\System\NhcvOQf.exe N/A
N/A N/A C:\Windows\System\GJRjWzR.exe N/A
N/A N/A C:\Windows\System\bdrcUvU.exe N/A
N/A N/A C:\Windows\System\dvQpqiH.exe N/A
N/A N/A C:\Windows\System\KaTNoWa.exe N/A
N/A N/A C:\Windows\System\PJtFZeL.exe N/A
N/A N/A C:\Windows\System\LceCsFb.exe N/A
N/A N/A C:\Windows\System\VfeLpPL.exe N/A
N/A N/A C:\Windows\System\uZiHvQd.exe N/A
N/A N/A C:\Windows\System\nQQctrE.exe N/A
N/A N/A C:\Windows\System\JlNGhVQ.exe N/A
N/A N/A C:\Windows\System\SFVHvMK.exe N/A
N/A N/A C:\Windows\System\HClFyJz.exe N/A
N/A N/A C:\Windows\System\yPFNKIh.exe N/A
N/A N/A C:\Windows\System\ksTxYos.exe N/A
N/A N/A C:\Windows\System\PYaqVif.exe N/A
N/A N/A C:\Windows\System\cMIcKOV.exe N/A
N/A N/A C:\Windows\System\CXaUZwf.exe N/A
N/A N/A C:\Windows\System\EHraNWF.exe N/A
N/A N/A C:\Windows\System\vfsjShJ.exe N/A
N/A N/A C:\Windows\System\TrksLWL.exe N/A
N/A N/A C:\Windows\System\hXWqIaN.exe N/A
N/A N/A C:\Windows\System\sQThbHX.exe N/A
N/A N/A C:\Windows\System\jsMrsrm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nXojEnT.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPZcNcw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NIwfPbr.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHKWrtJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGaRVQe.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwXXpyU.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWuouzf.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDIHhaB.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUYYAGL.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOqNJak.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeaYvfR.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKtJfHw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\XpvagDr.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuLOaNE.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\owbPfzM.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mANLgBw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMKyUkT.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\njoCJxJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\keAQtqw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQThbHX.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wBRQDLf.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cWnJSmA.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nNKdzOm.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\suwJgWP.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrcjoJv.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCiyato.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\UutywfX.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\smwwyxO.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRahdAk.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\omiTmQH.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHktDqg.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhWVEiu.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CggGyyp.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMqwJEZ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMcRcph.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pTMHYjL.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\Uffffdu.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFdiZYX.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kcamHmi.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwStsLI.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVlfVWL.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfsjShJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygQHEZS.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiuWoTt.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojiBset.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\heYoKyT.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WdeyGoO.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpBEdZr.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWdxnjj.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZyavEt.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpDfgOn.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpcXSDw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPgHWoN.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtvgeEs.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWufkzM.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHyazzC.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwNaSDJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdQXzSR.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQxLBrW.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwZnRbP.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBLeNrq.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWDjoCq.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HClFyJz.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\XoaNltt.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\njoCJxJ.exe
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\njoCJxJ.exe
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\njoCJxJ.exe
PID 1948 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\GWdxnjj.exe
PID 1948 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\GWdxnjj.exe
PID 1948 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\GWdxnjj.exe
PID 1948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\RpBEdZr.exe
PID 1948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\RpBEdZr.exe
PID 1948 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\RpBEdZr.exe
PID 1948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\sexUxNr.exe
PID 1948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\sexUxNr.exe
PID 1948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\sexUxNr.exe
PID 1948 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\MMqwJEZ.exe
PID 1948 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\MMqwJEZ.exe
PID 1948 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\MMqwJEZ.exe
PID 1948 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\eUYYAGL.exe
PID 1948 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\eUYYAGL.exe
PID 1948 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\eUYYAGL.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uCuSpsb.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uCuSpsb.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uCuSpsb.exe
PID 1948 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\QWDjoCq.exe
PID 1948 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\QWDjoCq.exe
PID 1948 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\QWDjoCq.exe
PID 1948 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\UyrfneK.exe
PID 1948 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\UyrfneK.exe
PID 1948 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\UyrfneK.exe
PID 1948 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\PNwVZDM.exe
PID 1948 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\PNwVZDM.exe
PID 1948 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\PNwVZDM.exe
PID 1948 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\XpOoueF.exe
PID 1948 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\XpOoueF.exe
PID 1948 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\XpOoueF.exe
PID 1948 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DmkInId.exe
PID 1948 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DmkInId.exe
PID 1948 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DmkInId.exe
PID 1948 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\igKwWHI.exe
PID 1948 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\igKwWHI.exe
PID 1948 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\igKwWHI.exe
PID 1948 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\YagJsdW.exe
PID 1948 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\YagJsdW.exe
PID 1948 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\YagJsdW.exe
PID 1948 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\AQzcuox.exe
PID 1948 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\AQzcuox.exe
PID 1948 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\AQzcuox.exe
PID 1948 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\pdKQVAX.exe
PID 1948 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\pdKQVAX.exe
PID 1948 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\pdKQVAX.exe
PID 1948 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uWufkzM.exe
PID 1948 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uWufkzM.exe
PID 1948 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\uWufkzM.exe
PID 1948 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\NpvGXEq.exe
PID 1948 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\NpvGXEq.exe
PID 1948 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\NpvGXEq.exe
PID 1948 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\oJDvDoZ.exe
PID 1948 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\oJDvDoZ.exe
PID 1948 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\oJDvDoZ.exe
PID 1948 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ruKDXyk.exe
PID 1948 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ruKDXyk.exe
PID 1948 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ruKDXyk.exe
PID 1948 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\iMcRcph.exe
PID 1948 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\iMcRcph.exe
PID 1948 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\iMcRcph.exe
PID 1948 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\PVlfVWL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe"

C:\Windows\System\njoCJxJ.exe

C:\Windows\System\njoCJxJ.exe

C:\Windows\System\GWdxnjj.exe

C:\Windows\System\GWdxnjj.exe

C:\Windows\System\RpBEdZr.exe

C:\Windows\System\RpBEdZr.exe

C:\Windows\System\sexUxNr.exe

C:\Windows\System\sexUxNr.exe

C:\Windows\System\MMqwJEZ.exe

C:\Windows\System\MMqwJEZ.exe

C:\Windows\System\eUYYAGL.exe

C:\Windows\System\eUYYAGL.exe

C:\Windows\System\uCuSpsb.exe

C:\Windows\System\uCuSpsb.exe

C:\Windows\System\QWDjoCq.exe

C:\Windows\System\QWDjoCq.exe

C:\Windows\System\UyrfneK.exe

C:\Windows\System\UyrfneK.exe

C:\Windows\System\PNwVZDM.exe

C:\Windows\System\PNwVZDM.exe

C:\Windows\System\XpOoueF.exe

C:\Windows\System\XpOoueF.exe

C:\Windows\System\DmkInId.exe

C:\Windows\System\DmkInId.exe

C:\Windows\System\igKwWHI.exe

C:\Windows\System\igKwWHI.exe

C:\Windows\System\YagJsdW.exe

C:\Windows\System\YagJsdW.exe

C:\Windows\System\AQzcuox.exe

C:\Windows\System\AQzcuox.exe

C:\Windows\System\pdKQVAX.exe

C:\Windows\System\pdKQVAX.exe

C:\Windows\System\uWufkzM.exe

C:\Windows\System\uWufkzM.exe

C:\Windows\System\NpvGXEq.exe

C:\Windows\System\NpvGXEq.exe

C:\Windows\System\oJDvDoZ.exe

C:\Windows\System\oJDvDoZ.exe

C:\Windows\System\ruKDXyk.exe

C:\Windows\System\ruKDXyk.exe

C:\Windows\System\iMcRcph.exe

C:\Windows\System\iMcRcph.exe

C:\Windows\System\PVlfVWL.exe

C:\Windows\System\PVlfVWL.exe

C:\Windows\System\nXojEnT.exe

C:\Windows\System\nXojEnT.exe

C:\Windows\System\DcreLJR.exe

C:\Windows\System\DcreLJR.exe

C:\Windows\System\xFrnMXO.exe

C:\Windows\System\xFrnMXO.exe

C:\Windows\System\YuKplfD.exe

C:\Windows\System\YuKplfD.exe

C:\Windows\System\lirRzFw.exe

C:\Windows\System\lirRzFw.exe

C:\Windows\System\keAQtqw.exe

C:\Windows\System\keAQtqw.exe

C:\Windows\System\Hwbzsfx.exe

C:\Windows\System\Hwbzsfx.exe

C:\Windows\System\CVobiHE.exe

C:\Windows\System\CVobiHE.exe

C:\Windows\System\xdMNJap.exe

C:\Windows\System\xdMNJap.exe

C:\Windows\System\ggwuzfD.exe

C:\Windows\System\ggwuzfD.exe

C:\Windows\System\fWLlMiS.exe

C:\Windows\System\fWLlMiS.exe

C:\Windows\System\gJKvUZZ.exe

C:\Windows\System\gJKvUZZ.exe

C:\Windows\System\NUerRlp.exe

C:\Windows\System\NUerRlp.exe

C:\Windows\System\DFdqIWN.exe

C:\Windows\System\DFdqIWN.exe

C:\Windows\System\CJkXCJp.exe

C:\Windows\System\CJkXCJp.exe

C:\Windows\System\BKXFlvY.exe

C:\Windows\System\BKXFlvY.exe

C:\Windows\System\nUINoaM.exe

C:\Windows\System\nUINoaM.exe

C:\Windows\System\jiuYtLp.exe

C:\Windows\System\jiuYtLp.exe

C:\Windows\System\NhcvOQf.exe

C:\Windows\System\NhcvOQf.exe

C:\Windows\System\GJRjWzR.exe

C:\Windows\System\GJRjWzR.exe

C:\Windows\System\bdrcUvU.exe

C:\Windows\System\bdrcUvU.exe

C:\Windows\System\dvQpqiH.exe

C:\Windows\System\dvQpqiH.exe

C:\Windows\System\KaTNoWa.exe

C:\Windows\System\KaTNoWa.exe

C:\Windows\System\PJtFZeL.exe

C:\Windows\System\PJtFZeL.exe

C:\Windows\System\LceCsFb.exe

C:\Windows\System\LceCsFb.exe

C:\Windows\System\VfeLpPL.exe

C:\Windows\System\VfeLpPL.exe

C:\Windows\System\uZiHvQd.exe

C:\Windows\System\uZiHvQd.exe

C:\Windows\System\nQQctrE.exe

C:\Windows\System\nQQctrE.exe

C:\Windows\System\JlNGhVQ.exe

C:\Windows\System\JlNGhVQ.exe

C:\Windows\System\SFVHvMK.exe

C:\Windows\System\SFVHvMK.exe

C:\Windows\System\HClFyJz.exe

C:\Windows\System\HClFyJz.exe

C:\Windows\System\yPFNKIh.exe

C:\Windows\System\yPFNKIh.exe

C:\Windows\System\ksTxYos.exe

C:\Windows\System\ksTxYos.exe

C:\Windows\System\PYaqVif.exe

C:\Windows\System\PYaqVif.exe

C:\Windows\System\cMIcKOV.exe

C:\Windows\System\cMIcKOV.exe

C:\Windows\System\CXaUZwf.exe

C:\Windows\System\CXaUZwf.exe

C:\Windows\System\EHraNWF.exe

C:\Windows\System\EHraNWF.exe

C:\Windows\System\vfsjShJ.exe

C:\Windows\System\vfsjShJ.exe

C:\Windows\System\TrksLWL.exe

C:\Windows\System\TrksLWL.exe

C:\Windows\System\hXWqIaN.exe

C:\Windows\System\hXWqIaN.exe

C:\Windows\System\sQThbHX.exe

C:\Windows\System\sQThbHX.exe

C:\Windows\System\jsMrsrm.exe

C:\Windows\System\jsMrsrm.exe

C:\Windows\System\vxUrfMH.exe

C:\Windows\System\vxUrfMH.exe

C:\Windows\System\fNxJslT.exe

C:\Windows\System\fNxJslT.exe

C:\Windows\System\WAouIac.exe

C:\Windows\System\WAouIac.exe

C:\Windows\System\EPZcNcw.exe

C:\Windows\System\EPZcNcw.exe

C:\Windows\System\Xyttibb.exe

C:\Windows\System\Xyttibb.exe

C:\Windows\System\DltaTBT.exe

C:\Windows\System\DltaTBT.exe

C:\Windows\System\yuszEYI.exe

C:\Windows\System\yuszEYI.exe

C:\Windows\System\mBISbOd.exe

C:\Windows\System\mBISbOd.exe

C:\Windows\System\GRRzoNu.exe

C:\Windows\System\GRRzoNu.exe

C:\Windows\System\zfpPelA.exe

C:\Windows\System\zfpPelA.exe

C:\Windows\System\PBlYlMm.exe

C:\Windows\System\PBlYlMm.exe

C:\Windows\System\JQegFMu.exe

C:\Windows\System\JQegFMu.exe

C:\Windows\System\qKpDtTg.exe

C:\Windows\System\qKpDtTg.exe

C:\Windows\System\qGaRVQe.exe

C:\Windows\System\qGaRVQe.exe

C:\Windows\System\UutuBmc.exe

C:\Windows\System\UutuBmc.exe

C:\Windows\System\PfNQWoA.exe

C:\Windows\System\PfNQWoA.exe

C:\Windows\System\iymoFkt.exe

C:\Windows\System\iymoFkt.exe

C:\Windows\System\YOtstRX.exe

C:\Windows\System\YOtstRX.exe

C:\Windows\System\FIikByA.exe

C:\Windows\System\FIikByA.exe

C:\Windows\System\hSNNnwM.exe

C:\Windows\System\hSNNnwM.exe

C:\Windows\System\qHInwKi.exe

C:\Windows\System\qHInwKi.exe

C:\Windows\System\xvytCAB.exe

C:\Windows\System\xvytCAB.exe

C:\Windows\System\oWHlFiP.exe

C:\Windows\System\oWHlFiP.exe

C:\Windows\System\TZyavEt.exe

C:\Windows\System\TZyavEt.exe

C:\Windows\System\baSkkop.exe

C:\Windows\System\baSkkop.exe

C:\Windows\System\vTaGrdt.exe

C:\Windows\System\vTaGrdt.exe

C:\Windows\System\wBRQDLf.exe

C:\Windows\System\wBRQDLf.exe

C:\Windows\System\WuLOaNE.exe

C:\Windows\System\WuLOaNE.exe

C:\Windows\System\ygQHEZS.exe

C:\Windows\System\ygQHEZS.exe

C:\Windows\System\JPXsOgr.exe

C:\Windows\System\JPXsOgr.exe

C:\Windows\System\VJVEuZr.exe

C:\Windows\System\VJVEuZr.exe

C:\Windows\System\nsVekkQ.exe

C:\Windows\System\nsVekkQ.exe

C:\Windows\System\URFBEHz.exe

C:\Windows\System\URFBEHz.exe

C:\Windows\System\HZRsUid.exe

C:\Windows\System\HZRsUid.exe

C:\Windows\System\MpLFTZe.exe

C:\Windows\System\MpLFTZe.exe

C:\Windows\System\cWnJSmA.exe

C:\Windows\System\cWnJSmA.exe

C:\Windows\System\FKjuUyE.exe

C:\Windows\System\FKjuUyE.exe

C:\Windows\System\wweuyNL.exe

C:\Windows\System\wweuyNL.exe

C:\Windows\System\PwlbvqZ.exe

C:\Windows\System\PwlbvqZ.exe

C:\Windows\System\vTBHvqc.exe

C:\Windows\System\vTBHvqc.exe

C:\Windows\System\KiuELfn.exe

C:\Windows\System\KiuELfn.exe

C:\Windows\System\uTzsYyP.exe

C:\Windows\System\uTzsYyP.exe

C:\Windows\System\GpDfgOn.exe

C:\Windows\System\GpDfgOn.exe

C:\Windows\System\eYFTQNI.exe

C:\Windows\System\eYFTQNI.exe

C:\Windows\System\smwwyxO.exe

C:\Windows\System\smwwyxO.exe

C:\Windows\System\IXXKasD.exe

C:\Windows\System\IXXKasD.exe

C:\Windows\System\RjJHFBF.exe

C:\Windows\System\RjJHFBF.exe

C:\Windows\System\Uaelnzy.exe

C:\Windows\System\Uaelnzy.exe

C:\Windows\System\TqQPSHZ.exe

C:\Windows\System\TqQPSHZ.exe

C:\Windows\System\IqpzunI.exe

C:\Windows\System\IqpzunI.exe

C:\Windows\System\MePzCWz.exe

C:\Windows\System\MePzCWz.exe

C:\Windows\System\pGFpNAy.exe

C:\Windows\System\pGFpNAy.exe

C:\Windows\System\nNKdzOm.exe

C:\Windows\System\nNKdzOm.exe

C:\Windows\System\MCQWZwR.exe

C:\Windows\System\MCQWZwR.exe

C:\Windows\System\UOqNJak.exe

C:\Windows\System\UOqNJak.exe

C:\Windows\System\pTMHYjL.exe

C:\Windows\System\pTMHYjL.exe

C:\Windows\System\BfezavJ.exe

C:\Windows\System\BfezavJ.exe

C:\Windows\System\ZovHgub.exe

C:\Windows\System\ZovHgub.exe

C:\Windows\System\WeuPaBJ.exe

C:\Windows\System\WeuPaBJ.exe

C:\Windows\System\cHyazzC.exe

C:\Windows\System\cHyazzC.exe

C:\Windows\System\XcfYawD.exe

C:\Windows\System\XcfYawD.exe

C:\Windows\System\ePpdQzF.exe

C:\Windows\System\ePpdQzF.exe

C:\Windows\System\AVujugk.exe

C:\Windows\System\AVujugk.exe

C:\Windows\System\XoaNltt.exe

C:\Windows\System\XoaNltt.exe

C:\Windows\System\xxAeqbT.exe

C:\Windows\System\xxAeqbT.exe

C:\Windows\System\Uffffdu.exe

C:\Windows\System\Uffffdu.exe

C:\Windows\System\jDkURdU.exe

C:\Windows\System\jDkURdU.exe

C:\Windows\System\XKpqcWh.exe

C:\Windows\System\XKpqcWh.exe

C:\Windows\System\ejKjJFk.exe

C:\Windows\System\ejKjJFk.exe

C:\Windows\System\HfSuGRQ.exe

C:\Windows\System\HfSuGRQ.exe

C:\Windows\System\llxeuUe.exe

C:\Windows\System\llxeuUe.exe

C:\Windows\System\QIuNQAQ.exe

C:\Windows\System\QIuNQAQ.exe

C:\Windows\System\pcPhFHK.exe

C:\Windows\System\pcPhFHK.exe

C:\Windows\System\HVLdFVz.exe

C:\Windows\System\HVLdFVz.exe

C:\Windows\System\GtVyxtS.exe

C:\Windows\System\GtVyxtS.exe

C:\Windows\System\owbPfzM.exe

C:\Windows\System\owbPfzM.exe

C:\Windows\System\OTgWLxE.exe

C:\Windows\System\OTgWLxE.exe

C:\Windows\System\CerHiaT.exe

C:\Windows\System\CerHiaT.exe

C:\Windows\System\eiuWoTt.exe

C:\Windows\System\eiuWoTt.exe

C:\Windows\System\mqtIllh.exe

C:\Windows\System\mqtIllh.exe

C:\Windows\System\YseoVhf.exe

C:\Windows\System\YseoVhf.exe

C:\Windows\System\LKtjFQD.exe

C:\Windows\System\LKtjFQD.exe

C:\Windows\System\qmDZFtX.exe

C:\Windows\System\qmDZFtX.exe

C:\Windows\System\JQCeTeK.exe

C:\Windows\System\JQCeTeK.exe

C:\Windows\System\qpVkzNf.exe

C:\Windows\System\qpVkzNf.exe

C:\Windows\System\ojiBset.exe

C:\Windows\System\ojiBset.exe

C:\Windows\System\HTgCjBU.exe

C:\Windows\System\HTgCjBU.exe

C:\Windows\System\Pmevtoh.exe

C:\Windows\System\Pmevtoh.exe

C:\Windows\System\IckIgid.exe

C:\Windows\System\IckIgid.exe

C:\Windows\System\GoMbksL.exe

C:\Windows\System\GoMbksL.exe

C:\Windows\System\mgtwimY.exe

C:\Windows\System\mgtwimY.exe

C:\Windows\System\FggXDrR.exe

C:\Windows\System\FggXDrR.exe

C:\Windows\System\kYywepa.exe

C:\Windows\System\kYywepa.exe

C:\Windows\System\heYoKyT.exe

C:\Windows\System\heYoKyT.exe

C:\Windows\System\vKGNnku.exe

C:\Windows\System\vKGNnku.exe

C:\Windows\System\OHHyymg.exe

C:\Windows\System\OHHyymg.exe

C:\Windows\System\kKSjBYl.exe

C:\Windows\System\kKSjBYl.exe

C:\Windows\System\KphSatT.exe

C:\Windows\System\KphSatT.exe

C:\Windows\System\jeaYvfR.exe

C:\Windows\System\jeaYvfR.exe

C:\Windows\System\ACtHMaQ.exe

C:\Windows\System\ACtHMaQ.exe

C:\Windows\System\sMkWQcS.exe

C:\Windows\System\sMkWQcS.exe

C:\Windows\System\RvExoie.exe

C:\Windows\System\RvExoie.exe

C:\Windows\System\VxmYBRn.exe

C:\Windows\System\VxmYBRn.exe

C:\Windows\System\kcamHmi.exe

C:\Windows\System\kcamHmi.exe

C:\Windows\System\YwXXpyU.exe

C:\Windows\System\YwXXpyU.exe

C:\Windows\System\mwStsLI.exe

C:\Windows\System\mwStsLI.exe

C:\Windows\System\OpcXSDw.exe

C:\Windows\System\OpcXSDw.exe

C:\Windows\System\omiTmQH.exe

C:\Windows\System\omiTmQH.exe

C:\Windows\System\SOWMrGR.exe

C:\Windows\System\SOWMrGR.exe

C:\Windows\System\LjXhDOl.exe

C:\Windows\System\LjXhDOl.exe

C:\Windows\System\kQTrGMc.exe

C:\Windows\System\kQTrGMc.exe

C:\Windows\System\GoDcLxo.exe

C:\Windows\System\GoDcLxo.exe

C:\Windows\System\FsdTMCZ.exe

C:\Windows\System\FsdTMCZ.exe

C:\Windows\System\pUAqBUo.exe

C:\Windows\System\pUAqBUo.exe

C:\Windows\System\nmaZxcR.exe

C:\Windows\System\nmaZxcR.exe

C:\Windows\System\GFgNbzu.exe

C:\Windows\System\GFgNbzu.exe

C:\Windows\System\vHktDqg.exe

C:\Windows\System\vHktDqg.exe

C:\Windows\System\UfFytHf.exe

C:\Windows\System\UfFytHf.exe

C:\Windows\System\uaTMmtK.exe

C:\Windows\System\uaTMmtK.exe

C:\Windows\System\zWqjtqC.exe

C:\Windows\System\zWqjtqC.exe

C:\Windows\System\IswonZF.exe

C:\Windows\System\IswonZF.exe

C:\Windows\System\kwNaSDJ.exe

C:\Windows\System\kwNaSDJ.exe

C:\Windows\System\JVyhVWk.exe

C:\Windows\System\JVyhVWk.exe

C:\Windows\System\LnXJgpk.exe

C:\Windows\System\LnXJgpk.exe

C:\Windows\System\suwJgWP.exe

C:\Windows\System\suwJgWP.exe

C:\Windows\System\axeuYwG.exe

C:\Windows\System\axeuYwG.exe

C:\Windows\System\zDUXJVh.exe

C:\Windows\System\zDUXJVh.exe

C:\Windows\System\aLUTVke.exe

C:\Windows\System\aLUTVke.exe

C:\Windows\System\dzTkduA.exe

C:\Windows\System\dzTkduA.exe

C:\Windows\System\tsRhVTB.exe

C:\Windows\System\tsRhVTB.exe

C:\Windows\System\ZJxTFyH.exe

C:\Windows\System\ZJxTFyH.exe

C:\Windows\System\TyXnMrk.exe

C:\Windows\System\TyXnMrk.exe

C:\Windows\System\tETxCLQ.exe

C:\Windows\System\tETxCLQ.exe

C:\Windows\System\hDpYOcm.exe

C:\Windows\System\hDpYOcm.exe

C:\Windows\System\uNFEEHx.exe

C:\Windows\System\uNFEEHx.exe

C:\Windows\System\azhlQXK.exe

C:\Windows\System\azhlQXK.exe

C:\Windows\System\DqDWSec.exe

C:\Windows\System\DqDWSec.exe

C:\Windows\System\LGDFLXy.exe

C:\Windows\System\LGDFLXy.exe

C:\Windows\System\ChXDsnx.exe

C:\Windows\System\ChXDsnx.exe

C:\Windows\System\hNPBliv.exe

C:\Windows\System\hNPBliv.exe

C:\Windows\System\ThBbnEO.exe

C:\Windows\System\ThBbnEO.exe

C:\Windows\System\cBTwHIt.exe

C:\Windows\System\cBTwHIt.exe

C:\Windows\System\ygZRnkr.exe

C:\Windows\System\ygZRnkr.exe

C:\Windows\System\UMvJmzA.exe

C:\Windows\System\UMvJmzA.exe

C:\Windows\System\fnBHGia.exe

C:\Windows\System\fnBHGia.exe

C:\Windows\System\WdeyGoO.exe

C:\Windows\System\WdeyGoO.exe

C:\Windows\System\fdQXzSR.exe

C:\Windows\System\fdQXzSR.exe

C:\Windows\System\XYPqfAt.exe

C:\Windows\System\XYPqfAt.exe

C:\Windows\System\yrcjoJv.exe

C:\Windows\System\yrcjoJv.exe

C:\Windows\System\NJatpHt.exe

C:\Windows\System\NJatpHt.exe

C:\Windows\System\FeBaEfK.exe

C:\Windows\System\FeBaEfK.exe

C:\Windows\System\nLMAdxn.exe

C:\Windows\System\nLMAdxn.exe

C:\Windows\System\GQxLBrW.exe

C:\Windows\System\GQxLBrW.exe

C:\Windows\System\Nwjojdz.exe

C:\Windows\System\Nwjojdz.exe

C:\Windows\System\xrOgagN.exe

C:\Windows\System\xrOgagN.exe

C:\Windows\System\LMVDwxw.exe

C:\Windows\System\LMVDwxw.exe

C:\Windows\System\OTNJrXC.exe

C:\Windows\System\OTNJrXC.exe

C:\Windows\System\wvSjeWB.exe

C:\Windows\System\wvSjeWB.exe

C:\Windows\System\GFBtkPa.exe

C:\Windows\System\GFBtkPa.exe

C:\Windows\System\eqVTuqj.exe

C:\Windows\System\eqVTuqj.exe

C:\Windows\System\lRahdAk.exe

C:\Windows\System\lRahdAk.exe

C:\Windows\System\lNCIXyt.exe

C:\Windows\System\lNCIXyt.exe

C:\Windows\System\jOaTGms.exe

C:\Windows\System\jOaTGms.exe

C:\Windows\System\lHdPatt.exe

C:\Windows\System\lHdPatt.exe

C:\Windows\System\fIiPfjY.exe

C:\Windows\System\fIiPfjY.exe

C:\Windows\System\MwZnRbP.exe

C:\Windows\System\MwZnRbP.exe

C:\Windows\System\lEmDsIW.exe

C:\Windows\System\lEmDsIW.exe

C:\Windows\System\IxMzGgv.exe

C:\Windows\System\IxMzGgv.exe

C:\Windows\System\tUfCGEq.exe

C:\Windows\System\tUfCGEq.exe

C:\Windows\System\WCiyato.exe

C:\Windows\System\WCiyato.exe

C:\Windows\System\KMijeCM.exe

C:\Windows\System\KMijeCM.exe

C:\Windows\System\UutywfX.exe

C:\Windows\System\UutywfX.exe

C:\Windows\System\RdtZmMD.exe

C:\Windows\System\RdtZmMD.exe

C:\Windows\System\FojPVgf.exe

C:\Windows\System\FojPVgf.exe

C:\Windows\System\FKtJfHw.exe

C:\Windows\System\FKtJfHw.exe

C:\Windows\System\tCJvhgd.exe

C:\Windows\System\tCJvhgd.exe

C:\Windows\System\iIFxzIr.exe

C:\Windows\System\iIFxzIr.exe

C:\Windows\System\bRDNefn.exe

C:\Windows\System\bRDNefn.exe

C:\Windows\System\jWuouzf.exe

C:\Windows\System\jWuouzf.exe

C:\Windows\System\tluFJnQ.exe

C:\Windows\System\tluFJnQ.exe

C:\Windows\System\HBLeNrq.exe

C:\Windows\System\HBLeNrq.exe

C:\Windows\System\vhWVEiu.exe

C:\Windows\System\vhWVEiu.exe

C:\Windows\System\DjkVIro.exe

C:\Windows\System\DjkVIro.exe

C:\Windows\System\psSNcqc.exe

C:\Windows\System\psSNcqc.exe

C:\Windows\System\VrxoXWr.exe

C:\Windows\System\VrxoXWr.exe

C:\Windows\System\zYsiypX.exe

C:\Windows\System\zYsiypX.exe

C:\Windows\System\TjgDbAq.exe

C:\Windows\System\TjgDbAq.exe

C:\Windows\System\sePJmOv.exe

C:\Windows\System\sePJmOv.exe

C:\Windows\System\YLpbnPO.exe

C:\Windows\System\YLpbnPO.exe

C:\Windows\System\YlPWAcs.exe

C:\Windows\System\YlPWAcs.exe

C:\Windows\System\QrpioaQ.exe

C:\Windows\System\QrpioaQ.exe

C:\Windows\System\udHPqVr.exe

C:\Windows\System\udHPqVr.exe

C:\Windows\System\bLVZHIW.exe

C:\Windows\System\bLVZHIW.exe

C:\Windows\System\vSxcgii.exe

C:\Windows\System\vSxcgii.exe

C:\Windows\System\ybcPewF.exe

C:\Windows\System\ybcPewF.exe

C:\Windows\System\mANLgBw.exe

C:\Windows\System\mANLgBw.exe

C:\Windows\System\dRpcCsf.exe

C:\Windows\System\dRpcCsf.exe

C:\Windows\System\NpISRfh.exe

C:\Windows\System\NpISRfh.exe

C:\Windows\System\tXslDuV.exe

C:\Windows\System\tXslDuV.exe

C:\Windows\System\pFdiZYX.exe

C:\Windows\System\pFdiZYX.exe

C:\Windows\System\XpvagDr.exe

C:\Windows\System\XpvagDr.exe

C:\Windows\System\HXbtKms.exe

C:\Windows\System\HXbtKms.exe

C:\Windows\System\uMCuxqX.exe

C:\Windows\System\uMCuxqX.exe

C:\Windows\System\RMKyUkT.exe

C:\Windows\System\RMKyUkT.exe

C:\Windows\System\bmbXhtU.exe

C:\Windows\System\bmbXhtU.exe

C:\Windows\System\NZLngRo.exe

C:\Windows\System\NZLngRo.exe

C:\Windows\System\RPgHWoN.exe

C:\Windows\System\RPgHWoN.exe

C:\Windows\System\PlGKFUX.exe

C:\Windows\System\PlGKFUX.exe

C:\Windows\System\BoiIDir.exe

C:\Windows\System\BoiIDir.exe

C:\Windows\System\CggGyyp.exe

C:\Windows\System\CggGyyp.exe

C:\Windows\System\hnTeLcO.exe

C:\Windows\System\hnTeLcO.exe

C:\Windows\System\Thydbpd.exe

C:\Windows\System\Thydbpd.exe

C:\Windows\System\WpcKvby.exe

C:\Windows\System\WpcKvby.exe

C:\Windows\System\NIwfPbr.exe

C:\Windows\System\NIwfPbr.exe

C:\Windows\System\EiVkCYp.exe

C:\Windows\System\EiVkCYp.exe

C:\Windows\System\sHKWrtJ.exe

C:\Windows\System\sHKWrtJ.exe

C:\Windows\System\axmsRIc.exe

C:\Windows\System\axmsRIc.exe

C:\Windows\System\ggSysMa.exe

C:\Windows\System\ggSysMa.exe

C:\Windows\System\opYkMit.exe

C:\Windows\System\opYkMit.exe

C:\Windows\System\AldNlqT.exe

C:\Windows\System\AldNlqT.exe

C:\Windows\System\RClPpqg.exe

C:\Windows\System\RClPpqg.exe

C:\Windows\System\BeaATrT.exe

C:\Windows\System\BeaATrT.exe

C:\Windows\System\ApADWOz.exe

C:\Windows\System\ApADWOz.exe

C:\Windows\System\WhpZlsy.exe

C:\Windows\System\WhpZlsy.exe

C:\Windows\System\YxyxCcJ.exe

C:\Windows\System\YxyxCcJ.exe

C:\Windows\System\hQoDBcL.exe

C:\Windows\System\hQoDBcL.exe

C:\Windows\System\GijXOrG.exe

C:\Windows\System\GijXOrG.exe

C:\Windows\System\hqUmMwc.exe

C:\Windows\System\hqUmMwc.exe

C:\Windows\System\qlVpTZl.exe

C:\Windows\System\qlVpTZl.exe

C:\Windows\System\dmVMbEZ.exe

C:\Windows\System\dmVMbEZ.exe

C:\Windows\System\yNFFWDv.exe

C:\Windows\System\yNFFWDv.exe

C:\Windows\System\wtvgeEs.exe

C:\Windows\System\wtvgeEs.exe

C:\Windows\System\cSWzshu.exe

C:\Windows\System\cSWzshu.exe

C:\Windows\System\CWPFzxc.exe

C:\Windows\System\CWPFzxc.exe

C:\Windows\System\BftgcOk.exe

C:\Windows\System\BftgcOk.exe

C:\Windows\System\fEwgbNY.exe

C:\Windows\System\fEwgbNY.exe

C:\Windows\System\DzCKvYx.exe

C:\Windows\System\DzCKvYx.exe

C:\Windows\System\IzKYyBj.exe

C:\Windows\System\IzKYyBj.exe

C:\Windows\System\JqpeAFG.exe

C:\Windows\System\JqpeAFG.exe

C:\Windows\System\jDIHhaB.exe

C:\Windows\System\jDIHhaB.exe

C:\Windows\System\RaQdeSe.exe

C:\Windows\System\RaQdeSe.exe

C:\Windows\System\YKbdlXo.exe

C:\Windows\System\YKbdlXo.exe

C:\Windows\System\COrbthw.exe

C:\Windows\System\COrbthw.exe

C:\Windows\System\KTTWEqK.exe

C:\Windows\System\KTTWEqK.exe

C:\Windows\System\bSvkRBK.exe

C:\Windows\System\bSvkRBK.exe

C:\Windows\System\rdrWAgq.exe

C:\Windows\System\rdrWAgq.exe

C:\Windows\System\FOHoiwo.exe

C:\Windows\System\FOHoiwo.exe

C:\Windows\System\IvcPdgx.exe

C:\Windows\System\IvcPdgx.exe

C:\Windows\System\hXVrgWd.exe

C:\Windows\System\hXVrgWd.exe

C:\Windows\System\qUpWEUM.exe

C:\Windows\System\qUpWEUM.exe

C:\Windows\System\WxeqroM.exe

C:\Windows\System\WxeqroM.exe

C:\Windows\System\zSalXLj.exe

C:\Windows\System\zSalXLj.exe

C:\Windows\System\xDIlAFA.exe

C:\Windows\System\xDIlAFA.exe

C:\Windows\System\EKiABNr.exe

C:\Windows\System\EKiABNr.exe

C:\Windows\System\vUJgQuz.exe

C:\Windows\System\vUJgQuz.exe

C:\Windows\System\lIgPuUv.exe

C:\Windows\System\lIgPuUv.exe

C:\Windows\System\kcOEKmJ.exe

C:\Windows\System\kcOEKmJ.exe

C:\Windows\System\oPBveHb.exe

C:\Windows\System\oPBveHb.exe

C:\Windows\System\YBbfWnH.exe

C:\Windows\System\YBbfWnH.exe

C:\Windows\System\yXiSVhJ.exe

C:\Windows\System\yXiSVhJ.exe

C:\Windows\System\sJpszSl.exe

C:\Windows\System\sJpszSl.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1948-0-0x0000000000100000-0x0000000000110000-memory.dmp

memory/1948-2-0x000000013FC00000-0x000000013FF54000-memory.dmp

C:\Windows\system\njoCJxJ.exe

MD5 4755257cc283e39d80ae9d24eb1a7de3
SHA1 17e90228d6899cce100763de51c580975411fd88
SHA256 9fef13cf391c0047aae485c7b199406dac8dc4593c6f8ef65ad8c82e50e77c1e
SHA512 3ab17bd29ae90aaf4e022644502955ab1692c6d33e97b61c5b70b8a265ffd749a12818ee356dc5dec2c73da131fbad72b9171d0fe4699ddef3369005221e726d

memory/1948-6-0x0000000002120000-0x0000000002474000-memory.dmp

C:\Windows\system\GWdxnjj.exe

MD5 dce641c3e6c41acfa752994234e71637
SHA1 4cdf95bb0037d3da0f373024eda7a7bbdb0f7e2f
SHA256 9b016ae81c94dbe16e3d80276d955c57f4ec2ce0aea4ba1b6e8bb6c392af58e3
SHA512 a8661a8be6a1e35b6993fd7921fc2c57a6ae2527c728aa3161283dd2b85d22d43321df9f42944d03f2d69fbdc93ffca75c08e199fbd82fc28e8b6b54075f58ce

C:\Windows\system\RpBEdZr.exe

MD5 61fccc1cc81ba6c5123820bcd46500ed
SHA1 1ae886721bf4449f659ea35f82264c939dae437a
SHA256 e6127214a68245040ea3b1eae34e86411d4b5006181579eef587fa0cde58247a
SHA512 93493a250024a0d0e9277a1a5b7eef944a651a1c011dfec8d9c603a405dfd0e4818e9bafab2494c81888d78a8731b12a9e4c9b535126d6565363295d29df7e9b

C:\Windows\system\sexUxNr.exe

MD5 49059772fdeb91e58d9353d3cad90102
SHA1 9f60ec68ec93dd3ad808fa3812b3ca354361e086
SHA256 cf4d48b92e10c84dce766adc9c3889d3331c5407513486562599067330ea8682
SHA512 142351f916e68fb77d4d461bbdcc696ba9a3cc3b6421ad51294f215fa1b01d35743ff7d0cadb8abb78b3510512ab063597931adcc9bde23b9164f2e03ef975b1

C:\Windows\system\MMqwJEZ.exe

MD5 79bd5dd012f56492ab96e58467bcb7b3
SHA1 b59e3b8bb88964c4ea670082c9ccf0ac1903bcb6
SHA256 5261a58db90b4eedc38046452ab871f29c19e903a171d2c25678d8391b620910
SHA512 e1356c13c0776f8f8a21c3d3844d583ab99bb3cddf3f7791fc1f8ddc57387dd042233451845cd59a93eb0d2d2fe2b56c6699ef88803fb64e91cc3cb8f44669a1

C:\Windows\system\uCuSpsb.exe

MD5 9e23022c069f4c195eaec85ebd84b237
SHA1 eeb37216b2c0334ebe43b53772c52903ad26e3e3
SHA256 9faaf609f95651de15f0b04d6cf4201ecbea1244a72f1db76da640ba5e730bad
SHA512 d79b0e5a0ee45e46dd1740bf9e67cdb75b6ebc46e48860097ec4106bf9c0984093dd780a2c2c7506aba37703de4adc5a1dba5280dad04f5d4cb4bea847f8292f

memory/2928-35-0x000000013F870000-0x000000013FBC4000-memory.dmp

C:\Windows\system\QWDjoCq.exe

MD5 f779595679b73dddb11cd69d9cbb148f
SHA1 38252c0a53d8ab09cd767e19b96a21ca01bbcaa7
SHA256 ca14926bfb66bf1772c98ef87b50108f6529829b2a1b8c9a86e6699ccfee845c
SHA512 8b99d029078008f4e061e5f6f62a9081b3284ea8d19addf2d2f1d2a606aaf950e5578b90312664f9fcc7cff960847a88ffc7f178848a2c96437115cebe5f8dbc

memory/1948-48-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2596-46-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\UyrfneK.exe

MD5 cb998ea35bd33866b52e17e07aa92b5b
SHA1 965289596f21ef9bbb19993a774778d7c23ec3b3
SHA256 f1ae10636a4d2e6daf7963b85ca3d7004e403b85fc9ea1cbf7043af7d223fb36
SHA512 c071c22c580a0e5d906b8f0cfff29b7023ff83a7c74d3893c6b26bb9fcee3b80e350f778fa7adf5a0077ea79f87c92f1abbfef8fb0e3d0bae2f02e83d291694f

C:\Windows\system\DmkInId.exe

MD5 4f8d6658a11cb8ff5ccf2ce9608dad9a
SHA1 c1837fe862b34bf3c22af6d275636c4330807fce
SHA256 c96923c66c096dfe05f3a65f5dbe105e62249849765548e152c7b9edae216a40
SHA512 86164dde4f833565e6cb7af82ccb59ab76113a513fcc17bf660baf9473370c0531dcddfe65fb2ee894714455527dee860ff149d98bb4c518a648c5b20f43d6a9

C:\Windows\system\YagJsdW.exe

MD5 43fc7fcfaca0446170d11b0e322a8772
SHA1 f0cc4ba8331cea4413b2f2a5fa54b95130b88c6d
SHA256 c3df5bb3a81fab69d536c21da0a6f2ed22dbd609a1eee45b39c0f07f225b78d5
SHA512 58663b3181cb5ef8c3be944afeea8d505519d4c08fdedf3f83a3b6f38ec1a1ea42f919c6e670c858adc31f49d35a5d324d72a747581606dff35f1073ceba66ba

C:\Windows\system\NpvGXEq.exe

MD5 f1888c4df8d5f43e51e525488b30143a
SHA1 da406ed1c9ce35132a45275e67be8fdecd667a73
SHA256 51b38bb9ab31d3276c85020581302379133f9b5d40ba2a45abf2d3c9f9fc42d6
SHA512 efbb7d30d456eb0c8dbd11748d80ef004b5c75321b488a2e44a151f2af3e81e290be63ed88d074d493f80f33109a35d301e2223474e66aebe199a70ed99b3739

C:\Windows\system\iMcRcph.exe

MD5 9ce5cd1438a92be2996bd30b1a515ae1
SHA1 884343c82fc50ffb61d1fec70c23e74fe4e399a4
SHA256 899d7550205e7e7c24b4986ef0a89e3781a531fae4282f3837d5c1568c728ae4
SHA512 2849618d60f0389f65f57ac28a1b4b363137038e088f0aa005e81592014360e257ae4cdb385b586df11f76973d1f98da99e91a805c0f61350e66f4ab1ac09a33

C:\Windows\system\DcreLJR.exe

MD5 1523759ed58dd3a5fef2defeeff9a1a7
SHA1 436032cc46b5c31eaa2ba21d65fac9852ec76167
SHA256 b7daa17a85a96684e7281f428fc5f0f5e0ba89e797390af67915fdd356db3e7a
SHA512 988aadccbd766fee15a910db96a88e98cca79131e2afe1e90784ebfa79f17d46464b4aa208fc0f9856d60b30eebefe74fae54ddb21e0c705b098ba7fd7edc54f

C:\Windows\system\lirRzFw.exe

MD5 cf6b9fd106299a3a9e8fcda2e671991f
SHA1 964b6b1999aed3fd8694fe78aed04cd3515e87e9
SHA256 6c330a944e6e7786107b8ecb1a5e99b6d3ccfee859ee33f18656d6e6d5b822ca
SHA512 d0d27eb2d8b1fafd8b55cfc6a067e656f5dc81ced87021c703212715c016fdc88e44e9ae67968e48b447bdbf6bd49c2c045b5fcb950e0b5b822a0297b1a879de

memory/1948-554-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2452-563-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2860-567-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/1948-569-0x0000000002120000-0x0000000002474000-memory.dmp

memory/1948-576-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2772-580-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2416-581-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1948-583-0x0000000002120000-0x0000000002474000-memory.dmp

memory/1948-579-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2508-578-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/1948-577-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/1604-575-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/1948-574-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/1972-572-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/1948-564-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/1948-562-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2392-561-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/1948-559-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2496-556-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/1948-550-0x000000013FF90000-0x00000001402E4000-memory.dmp

C:\Windows\system\xdMNJap.exe

MD5 3702a98dcdb27b6d704f7492065b6750
SHA1 8cf26a58ba4a1395fc9a52cf5d331fbc803e5f8c
SHA256 76c89432eea1722bb867bc2160886234bfe0c6d12c0f46936617dc5d4f3b1a0d
SHA512 7b1884e9056ef79a6320f13a007dd78b565deff93c2156703be1a43875354ae9246ebd6a537bdfe88d7cfec29ea06d1e17e17aca8ee25eb1a2bc3b16b6c26d36

C:\Windows\system\ggwuzfD.exe

MD5 3d5094476aa846fd71e76718554b9cb4
SHA1 0bd77ea8154d00f9b7870ead3d95758eab5ae30f
SHA256 3876dd0b1529265b9325dc0ef112eceef598faa44b50f3e53c01d53cd0a10759
SHA512 1c2a996f2e68b65676addc91089e906925b886a704352da4e53b69a25dd9812c6bc02619f486fc88f98953a757884069dccec256853e529f364bf98c29e09a9d

C:\Windows\system\CVobiHE.exe

MD5 9814f94febf58f335b2c695953ea20ef
SHA1 de9a502f74f93635e50e1e155b725d032e321816
SHA256 ca71a824547d62a89877da871e29b7f9bffb29749d45a52372ca012b851fecc1
SHA512 f7170f0ac92210b9fddb123ac0f5158bd90ec172ad2984db317f2c06f258c5053491b296821a4e99f95c15034bf5358eedef619948baa302d8eb02026229a863

C:\Windows\system\Hwbzsfx.exe

MD5 30ee2a6fa0e780bd4c76f065083f7752
SHA1 97412ff0d21f291c8f2ed1561fe9ec004f16b446
SHA256 45fc47c297738a7008ceff2f2d1154faa383e4670cd0ed58b1598384abe2e7df
SHA512 a9b7e0de187775ac323a95d2fa561f1e78998b95c25b2332c14fbd3219197a5235c4370641b0db8b1bb98eb7ce9a917fe7fdfaa790a3dc1928574d641bdf05c6

C:\Windows\system\keAQtqw.exe

MD5 dfaf084842d24165c497b9382863f01d
SHA1 14cb1fb0534c9dc589cb8135760460b06559eb07
SHA256 17d918ecb6a1e9f48d32931459930212f3774ba888f83d8cb664d75a07745a1a
SHA512 d049a1dceecadec19e83c08f2a80ea29a9aaa07f55551ac63169687fe7574011d0dde86181a9326c147242bcfc4fc4d32c6b1291931a6b2d7fe12ad1b0039c51

C:\Windows\system\YuKplfD.exe

MD5 7075bbfe4f12561a3e806026d2a071b2
SHA1 66f3d5cc0238a943cdcfc5a9dfaefba0f280a443
SHA256 2d8c8664bf81725e7e9f649628ae376a4b3a1320a60547a3f45f07b7f883940a
SHA512 25c800bfe244c5f3a62e0f36912b9e03184c0f4afbe15b37d7974cb57830e3696cada5baeb60ee3b6ea1f617a02a55bf3402ef7b17a1c7513cd97c8d773dbef4

C:\Windows\system\xFrnMXO.exe

MD5 4c056d2ecb320888a4b3b8c828f82224
SHA1 1448273254c4abc6bf7cb71e89852727d93b49fe
SHA256 e3d2f463afc9c2aa8adb7b2ffcc117b3fdfc12f473d7a86b623cf0c347a08f30
SHA512 76555f82ece0dcba05f1c7fc506876751b6fa170aadf3a1666f673fb7b5067800864b44f930b8e2daac18897e7853200da7e8a361f95187387afb3c90749e0fb

memory/2780-130-0x000000013F260000-0x000000013F5B4000-memory.dmp

C:\Windows\system\nXojEnT.exe

MD5 d3c7d2f8566d334b22ea55bffeed3347
SHA1 7f3870d142d04aa717f6c42725e6efc608b3c436
SHA256 fdca79f629202f0613c9880da5746e645d04a481bc2781f53993ecfcbefbf91a
SHA512 5021ac42b2f3b94519a9d93a9a4afdd67fcc4793cbcd9fd05c2e3f140bd2753c5d2419356e2b6fd26d237bbbfe1ba89cc97bba7313bbe29318e251749506f48a

C:\Windows\system\PVlfVWL.exe

MD5 4d81a2ebad6e03f8a9ccffa3ab2fd684
SHA1 13562209e48ce016c47eb002e559ab912c6c8a3e
SHA256 a397d086a73b21d87e3e064e6329bedf24fc53bd53c2c410226f3cf7713518c4
SHA512 22f4dd637478d165b8b82f78f3f939562a019799182e47350522789af875ad425d236c36a01f10d18fb26bd617ed88d27b2451b5c5fd3e5d65218fc0dff4f72c

C:\Windows\system\ruKDXyk.exe

MD5 309e497216fe9a040f43a3b64f1ed920
SHA1 3b594e008dcaeff37155d80efc8a1920053c14f0
SHA256 9b17d1ffe6b05c8cb06783832fc3eb88c766f3683834bef67fa05b871f99c17d
SHA512 d2bc3ae710a44dd2184216071b7f1abeeeb663ce232e6ad75589fef9c5fdc1b9589bab7f9ceb18f3d5ed0d21916817081f83f96f9f74ed84ff95b92316119eb8

C:\Windows\system\oJDvDoZ.exe

MD5 0e4c2990decee36b11fe3d8eebdccef0
SHA1 a62922b8c901da466bb12033f8c39bf0735f550e
SHA256 2110e4b89407ce533527c2b26246ac0e7b13ebd295bf9969de61d3ac745c1336
SHA512 8dbc9346ef75645d34698a5f879504dfa9a1f958440cb1642738518469c38275eccecdbf1fd8d892e0fc41201d2eaf478356183224440303d03db7de2a1064d5

C:\Windows\system\uWufkzM.exe

MD5 f3f6b178b8b5a7d232a524f84f1e734a
SHA1 4bee22dbb256e1e76fd04ab07083134683825c6d
SHA256 509123f3381e60195a6325e763077bf430e48996edf2f2c151ef548d01c2882c
SHA512 37f825b98b611113956dda1f8e7e31f23101682e4b8758ad188d4cb8ab75100270f148326722d0620d09a639dc1a0b27db981f95973759df5d4d0df7912a4148

C:\Windows\system\pdKQVAX.exe

MD5 babcad08480518e1959ba34e4e5cd4b9
SHA1 0be4df2fb6d67ad3f1a26df4c92359b9ee181ba4
SHA256 76d4aa57c102cffef076fb506867ecab71b06a454436907b8090dae5be282374
SHA512 6401e6cb45676dca192f9bb6ea11e9f9db89b909a4f4021b6d7518e8af1dd1a670aaba06689b5a0676312527ec7762a5c3dbd15b0cad987631ab27b4d2c1cbca

C:\Windows\system\AQzcuox.exe

MD5 ee0e0e9041a5f3a754733ec96aa8c2b3
SHA1 50b5e6aa72d39ee0aa2748dbadd87872ed48d4a8
SHA256 1f03a50595dedb08f4d07a8e363521979680980d656aec2b92ca8d16f4298b12
SHA512 f1fde9883092b13f471a943403bb11109cdb524a853f8d43d9834ea372fa2808da927518480defd5025e24a30863d3678fca03a7fe3369b4bd95127b0380bd28

C:\Windows\system\igKwWHI.exe

MD5 4531c4b72a4970aa82a3f10b11a63a1f
SHA1 9c97d1f34868412b58852c9350a0ea8b5944fc6b
SHA256 c6507bab0adeb2e1589834dc49d7d6ea69b33d56accec472bd59830921852804
SHA512 90c5f4834f10ca7b384d0828d0359177a9206e952e412d308c30734e5bc5230a3ba969a3349b3699aea35e82bd4540e9f1a7fc09b0ef802206df4bf0f7c508be

C:\Windows\system\XpOoueF.exe

MD5 06ea9e04755121f049703f43c86c96d5
SHA1 aa433bd4b227e80bb3adcb45939e6df177fb29cc
SHA256 afdeac94f59fe09511a2754727ae548dee4b515f26dc191224be0daea6ec66ad
SHA512 1f63fa54fab45dfacaccc81b9bca6270408e82d55b452f4fde34c28c3da95f8e9e72f23b99f24967df2dc460fdb8fe78976a71708e53608c6b01dcfc9da49de2

C:\Windows\system\PNwVZDM.exe

MD5 5b5c4aefd0fb7263e6c25da30b6af07a
SHA1 04c280e97019b9709ebe0b145d00ac6bdb2dd7d4
SHA256 bd4908eb68cf79bcd134c975106d2d0228ff02ffbda0b379cd977c8a3d306dbe
SHA512 7d8fca6aaabb47d9105e811d3934f5ac365324d5f138b524d34e1e37e7214a98cd6b89382e49b06728f482e88b8ac2a04799c1b98cb690b9e553ea954b7e959d

memory/1948-43-0x0000000002120000-0x0000000002474000-memory.dmp

memory/3000-37-0x000000013F360000-0x000000013F6B4000-memory.dmp

C:\Windows\system\eUYYAGL.exe

MD5 50f118e628843d88c9d99a1b603a8254
SHA1 c0676bfc10e47cd57ef26a989af4bd1e6fea93d1
SHA256 28363e5a0126db359b5370e56f19917598bde7bb57586fc9a299174251f0a6b8
SHA512 54f95b4206bbd41054e7fa824c592dd6a250d4fcfe25399232bf70a0250f95e626fad5098276ee8046a7119cb7ce3ae3c3c1d415e5a0597d2db5bd37e29d3e5f

memory/2180-30-0x000000013FA30000-0x000000013FD84000-memory.dmp

memory/1948-1068-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/1948-1069-0x0000000002120000-0x0000000002474000-memory.dmp

memory/1948-1070-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1948-1071-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/1948-1072-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1948-1073-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/1948-1074-0x0000000002120000-0x0000000002474000-memory.dmp

memory/1948-1075-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/1948-1076-0x0000000002120000-0x0000000002474000-memory.dmp

memory/1948-1077-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/1948-1078-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/1948-1079-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2928-1080-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/3000-1081-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2596-1082-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2508-1084-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2180-1083-0x000000013FA30000-0x000000013FD84000-memory.dmp

memory/2780-1085-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2772-1086-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2496-1087-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2392-1089-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2416-1088-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2452-1090-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2860-1091-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/1972-1092-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/1604-1093-0x000000013F4E0000-0x000000013F834000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 11:46

Reported

2024-06-03 11:49

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RTXWrNf.exe N/A
N/A N/A C:\Windows\System\HEhvhfQ.exe N/A
N/A N/A C:\Windows\System\ljVjRsE.exe N/A
N/A N/A C:\Windows\System\vRZbyte.exe N/A
N/A N/A C:\Windows\System\BPTgcmP.exe N/A
N/A N/A C:\Windows\System\hCdBmkQ.exe N/A
N/A N/A C:\Windows\System\DFuLwOi.exe N/A
N/A N/A C:\Windows\System\gUitHII.exe N/A
N/A N/A C:\Windows\System\oYEFMTL.exe N/A
N/A N/A C:\Windows\System\mFAsvak.exe N/A
N/A N/A C:\Windows\System\FQrjZty.exe N/A
N/A N/A C:\Windows\System\xGJfGRa.exe N/A
N/A N/A C:\Windows\System\gXgqyOT.exe N/A
N/A N/A C:\Windows\System\qumMNCk.exe N/A
N/A N/A C:\Windows\System\fXhFIdP.exe N/A
N/A N/A C:\Windows\System\cAEhWZQ.exe N/A
N/A N/A C:\Windows\System\ebmkqsy.exe N/A
N/A N/A C:\Windows\System\WdhjpzH.exe N/A
N/A N/A C:\Windows\System\eCFfLWs.exe N/A
N/A N/A C:\Windows\System\rsBOAfQ.exe N/A
N/A N/A C:\Windows\System\CYwzYLn.exe N/A
N/A N/A C:\Windows\System\QIJgBZm.exe N/A
N/A N/A C:\Windows\System\CnlGOqH.exe N/A
N/A N/A C:\Windows\System\psUieYh.exe N/A
N/A N/A C:\Windows\System\OfyUMWX.exe N/A
N/A N/A C:\Windows\System\GSVQPPF.exe N/A
N/A N/A C:\Windows\System\ldgiWoQ.exe N/A
N/A N/A C:\Windows\System\HcooWxo.exe N/A
N/A N/A C:\Windows\System\vSENkAA.exe N/A
N/A N/A C:\Windows\System\LqLOMSn.exe N/A
N/A N/A C:\Windows\System\ZvZeJAS.exe N/A
N/A N/A C:\Windows\System\DWSxlpf.exe N/A
N/A N/A C:\Windows\System\rncTITr.exe N/A
N/A N/A C:\Windows\System\pmXgGib.exe N/A
N/A N/A C:\Windows\System\CADHjby.exe N/A
N/A N/A C:\Windows\System\bnPpIny.exe N/A
N/A N/A C:\Windows\System\IHTZxbk.exe N/A
N/A N/A C:\Windows\System\JmflJkG.exe N/A
N/A N/A C:\Windows\System\BMBeVwS.exe N/A
N/A N/A C:\Windows\System\ohfOhYZ.exe N/A
N/A N/A C:\Windows\System\HMGbRxG.exe N/A
N/A N/A C:\Windows\System\nApsGBu.exe N/A
N/A N/A C:\Windows\System\apkbqWb.exe N/A
N/A N/A C:\Windows\System\ESjzTXE.exe N/A
N/A N/A C:\Windows\System\NxDSfWD.exe N/A
N/A N/A C:\Windows\System\pRGuAej.exe N/A
N/A N/A C:\Windows\System\ogGIaKB.exe N/A
N/A N/A C:\Windows\System\ZSsDBLI.exe N/A
N/A N/A C:\Windows\System\CRasMhd.exe N/A
N/A N/A C:\Windows\System\hrpyRul.exe N/A
N/A N/A C:\Windows\System\ssvrEzt.exe N/A
N/A N/A C:\Windows\System\OkzIDNc.exe N/A
N/A N/A C:\Windows\System\rrlDYrJ.exe N/A
N/A N/A C:\Windows\System\iyKAAns.exe N/A
N/A N/A C:\Windows\System\IZZxGQN.exe N/A
N/A N/A C:\Windows\System\JRgmvzo.exe N/A
N/A N/A C:\Windows\System\hnLBFdV.exe N/A
N/A N/A C:\Windows\System\HLZxJgi.exe N/A
N/A N/A C:\Windows\System\LfsEfzo.exe N/A
N/A N/A C:\Windows\System\hQeWYYW.exe N/A
N/A N/A C:\Windows\System\rPOzDoM.exe N/A
N/A N/A C:\Windows\System\WUZYiMD.exe N/A
N/A N/A C:\Windows\System\QmhISoq.exe N/A
N/A N/A C:\Windows\System\GyveYrT.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rJbahNj.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzWNoJv.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJyPNLZ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\lInHbCA.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgZbsZN.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCbIFwF.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFkUIIi.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\smhWvRy.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRdXCTK.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsBOAfQ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvZeJAS.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sIfOtDl.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPKifGF.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFVMCOM.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVTdJGy.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpwkFiT.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnemWre.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDJnmGM.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUlgtvn.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\UkoKaXx.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoHZBYn.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRZbyte.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLtYQOs.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrxWRkJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRasMhd.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKkTMdU.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIUwtvR.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhbPFwB.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOFZvPL.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\AmijrER.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJPTcBw.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQrjZty.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCFfLWs.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEocBmx.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJRCcWe.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilpXCbH.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OxSqAuu.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiHcaHR.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ieYTHQp.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAuGtGo.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUitHII.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohfOhYZ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBGVfDy.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCJdjAH.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKOMwIN.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOYaADd.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSVQPPF.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BlOEyUW.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkSaaMC.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCqtABb.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgVSSMg.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMPFaRu.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMcKxvA.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kiRFOoJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugDPPIZ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZRHXYH.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVKZnYl.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YLOauKs.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCdBmkQ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrlDYrJ.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgXPiPR.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ttYkmDc.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfZJgWb.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvrfsPj.exe C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4284 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\RTXWrNf.exe
PID 4284 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\RTXWrNf.exe
PID 4284 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\HEhvhfQ.exe
PID 4284 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\HEhvhfQ.exe
PID 4284 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ljVjRsE.exe
PID 4284 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ljVjRsE.exe
PID 4284 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\vRZbyte.exe
PID 4284 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\vRZbyte.exe
PID 4284 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\BPTgcmP.exe
PID 4284 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\BPTgcmP.exe
PID 4284 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\hCdBmkQ.exe
PID 4284 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\hCdBmkQ.exe
PID 4284 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DFuLwOi.exe
PID 4284 wrote to memory of 3812 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DFuLwOi.exe
PID 4284 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\gUitHII.exe
PID 4284 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\gUitHII.exe
PID 4284 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\oYEFMTL.exe
PID 4284 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\oYEFMTL.exe
PID 4284 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\mFAsvak.exe
PID 4284 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\mFAsvak.exe
PID 4284 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\FQrjZty.exe
PID 4284 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\FQrjZty.exe
PID 4284 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\xGJfGRa.exe
PID 4284 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\xGJfGRa.exe
PID 4284 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\gXgqyOT.exe
PID 4284 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\gXgqyOT.exe
PID 4284 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\qumMNCk.exe
PID 4284 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\qumMNCk.exe
PID 4284 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\fXhFIdP.exe
PID 4284 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\fXhFIdP.exe
PID 4284 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\cAEhWZQ.exe
PID 4284 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\cAEhWZQ.exe
PID 4284 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ebmkqsy.exe
PID 4284 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ebmkqsy.exe
PID 4284 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\WdhjpzH.exe
PID 4284 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\WdhjpzH.exe
PID 4284 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\eCFfLWs.exe
PID 4284 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\eCFfLWs.exe
PID 4284 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\rsBOAfQ.exe
PID 4284 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\rsBOAfQ.exe
PID 4284 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\CYwzYLn.exe
PID 4284 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\CYwzYLn.exe
PID 4284 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\QIJgBZm.exe
PID 4284 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\QIJgBZm.exe
PID 4284 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\CnlGOqH.exe
PID 4284 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\CnlGOqH.exe
PID 4284 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\psUieYh.exe
PID 4284 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\psUieYh.exe
PID 4284 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\OfyUMWX.exe
PID 4284 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\OfyUMWX.exe
PID 4284 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\GSVQPPF.exe
PID 4284 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\GSVQPPF.exe
PID 4284 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ldgiWoQ.exe
PID 4284 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ldgiWoQ.exe
PID 4284 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\HcooWxo.exe
PID 4284 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\HcooWxo.exe
PID 4284 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\vSENkAA.exe
PID 4284 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\vSENkAA.exe
PID 4284 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\LqLOMSn.exe
PID 4284 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\LqLOMSn.exe
PID 4284 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ZvZeJAS.exe
PID 4284 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\ZvZeJAS.exe
PID 4284 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DWSxlpf.exe
PID 4284 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe C:\Windows\System\DWSxlpf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2531b363765cc9cd1e5b6690dcbcc40_NeikiAnalytics.exe"

C:\Windows\System\RTXWrNf.exe

C:\Windows\System\RTXWrNf.exe

C:\Windows\System\HEhvhfQ.exe

C:\Windows\System\HEhvhfQ.exe

C:\Windows\System\ljVjRsE.exe

C:\Windows\System\ljVjRsE.exe

C:\Windows\System\vRZbyte.exe

C:\Windows\System\vRZbyte.exe

C:\Windows\System\BPTgcmP.exe

C:\Windows\System\BPTgcmP.exe

C:\Windows\System\hCdBmkQ.exe

C:\Windows\System\hCdBmkQ.exe

C:\Windows\System\DFuLwOi.exe

C:\Windows\System\DFuLwOi.exe

C:\Windows\System\gUitHII.exe

C:\Windows\System\gUitHII.exe

C:\Windows\System\oYEFMTL.exe

C:\Windows\System\oYEFMTL.exe

C:\Windows\System\mFAsvak.exe

C:\Windows\System\mFAsvak.exe

C:\Windows\System\FQrjZty.exe

C:\Windows\System\FQrjZty.exe

C:\Windows\System\xGJfGRa.exe

C:\Windows\System\xGJfGRa.exe

C:\Windows\System\gXgqyOT.exe

C:\Windows\System\gXgqyOT.exe

C:\Windows\System\qumMNCk.exe

C:\Windows\System\qumMNCk.exe

C:\Windows\System\fXhFIdP.exe

C:\Windows\System\fXhFIdP.exe

C:\Windows\System\cAEhWZQ.exe

C:\Windows\System\cAEhWZQ.exe

C:\Windows\System\ebmkqsy.exe

C:\Windows\System\ebmkqsy.exe

C:\Windows\System\WdhjpzH.exe

C:\Windows\System\WdhjpzH.exe

C:\Windows\System\eCFfLWs.exe

C:\Windows\System\eCFfLWs.exe

C:\Windows\System\rsBOAfQ.exe

C:\Windows\System\rsBOAfQ.exe

C:\Windows\System\CYwzYLn.exe

C:\Windows\System\CYwzYLn.exe

C:\Windows\System\QIJgBZm.exe

C:\Windows\System\QIJgBZm.exe

C:\Windows\System\CnlGOqH.exe

C:\Windows\System\CnlGOqH.exe

C:\Windows\System\psUieYh.exe

C:\Windows\System\psUieYh.exe

C:\Windows\System\OfyUMWX.exe

C:\Windows\System\OfyUMWX.exe

C:\Windows\System\GSVQPPF.exe

C:\Windows\System\GSVQPPF.exe

C:\Windows\System\ldgiWoQ.exe

C:\Windows\System\ldgiWoQ.exe

C:\Windows\System\HcooWxo.exe

C:\Windows\System\HcooWxo.exe

C:\Windows\System\vSENkAA.exe

C:\Windows\System\vSENkAA.exe

C:\Windows\System\LqLOMSn.exe

C:\Windows\System\LqLOMSn.exe

C:\Windows\System\ZvZeJAS.exe

C:\Windows\System\ZvZeJAS.exe

C:\Windows\System\DWSxlpf.exe

C:\Windows\System\DWSxlpf.exe

C:\Windows\System\rncTITr.exe

C:\Windows\System\rncTITr.exe

C:\Windows\System\pmXgGib.exe

C:\Windows\System\pmXgGib.exe

C:\Windows\System\CADHjby.exe

C:\Windows\System\CADHjby.exe

C:\Windows\System\bnPpIny.exe

C:\Windows\System\bnPpIny.exe

C:\Windows\System\IHTZxbk.exe

C:\Windows\System\IHTZxbk.exe

C:\Windows\System\JmflJkG.exe

C:\Windows\System\JmflJkG.exe

C:\Windows\System\BMBeVwS.exe

C:\Windows\System\BMBeVwS.exe

C:\Windows\System\ohfOhYZ.exe

C:\Windows\System\ohfOhYZ.exe

C:\Windows\System\HMGbRxG.exe

C:\Windows\System\HMGbRxG.exe

C:\Windows\System\nApsGBu.exe

C:\Windows\System\nApsGBu.exe

C:\Windows\System\apkbqWb.exe

C:\Windows\System\apkbqWb.exe

C:\Windows\System\ESjzTXE.exe

C:\Windows\System\ESjzTXE.exe

C:\Windows\System\NxDSfWD.exe

C:\Windows\System\NxDSfWD.exe

C:\Windows\System\pRGuAej.exe

C:\Windows\System\pRGuAej.exe

C:\Windows\System\ogGIaKB.exe

C:\Windows\System\ogGIaKB.exe

C:\Windows\System\ZSsDBLI.exe

C:\Windows\System\ZSsDBLI.exe

C:\Windows\System\CRasMhd.exe

C:\Windows\System\CRasMhd.exe

C:\Windows\System\hrpyRul.exe

C:\Windows\System\hrpyRul.exe

C:\Windows\System\ssvrEzt.exe

C:\Windows\System\ssvrEzt.exe

C:\Windows\System\OkzIDNc.exe

C:\Windows\System\OkzIDNc.exe

C:\Windows\System\rrlDYrJ.exe

C:\Windows\System\rrlDYrJ.exe

C:\Windows\System\iyKAAns.exe

C:\Windows\System\iyKAAns.exe

C:\Windows\System\IZZxGQN.exe

C:\Windows\System\IZZxGQN.exe

C:\Windows\System\JRgmvzo.exe

C:\Windows\System\JRgmvzo.exe

C:\Windows\System\hnLBFdV.exe

C:\Windows\System\hnLBFdV.exe

C:\Windows\System\HLZxJgi.exe

C:\Windows\System\HLZxJgi.exe

C:\Windows\System\LfsEfzo.exe

C:\Windows\System\LfsEfzo.exe

C:\Windows\System\hQeWYYW.exe

C:\Windows\System\hQeWYYW.exe

C:\Windows\System\rPOzDoM.exe

C:\Windows\System\rPOzDoM.exe

C:\Windows\System\WUZYiMD.exe

C:\Windows\System\WUZYiMD.exe

C:\Windows\System\QmhISoq.exe

C:\Windows\System\QmhISoq.exe

C:\Windows\System\GyveYrT.exe

C:\Windows\System\GyveYrT.exe

C:\Windows\System\CUAkPvW.exe

C:\Windows\System\CUAkPvW.exe

C:\Windows\System\cgXPiPR.exe

C:\Windows\System\cgXPiPR.exe

C:\Windows\System\YNwafYX.exe

C:\Windows\System\YNwafYX.exe

C:\Windows\System\EhwDaZJ.exe

C:\Windows\System\EhwDaZJ.exe

C:\Windows\System\YmxkbTj.exe

C:\Windows\System\YmxkbTj.exe

C:\Windows\System\OGjVFav.exe

C:\Windows\System\OGjVFav.exe

C:\Windows\System\vqBgiIN.exe

C:\Windows\System\vqBgiIN.exe

C:\Windows\System\gohQDDm.exe

C:\Windows\System\gohQDDm.exe

C:\Windows\System\BVPMbnV.exe

C:\Windows\System\BVPMbnV.exe

C:\Windows\System\yLtYQOs.exe

C:\Windows\System\yLtYQOs.exe

C:\Windows\System\sIfOtDl.exe

C:\Windows\System\sIfOtDl.exe

C:\Windows\System\rRrPhSN.exe

C:\Windows\System\rRrPhSN.exe

C:\Windows\System\aOhYxsf.exe

C:\Windows\System\aOhYxsf.exe

C:\Windows\System\aNWRVVa.exe

C:\Windows\System\aNWRVVa.exe

C:\Windows\System\UfvViUr.exe

C:\Windows\System\UfvViUr.exe

C:\Windows\System\dgVSSMg.exe

C:\Windows\System\dgVSSMg.exe

C:\Windows\System\FJyPNLZ.exe

C:\Windows\System\FJyPNLZ.exe

C:\Windows\System\eVfjGtl.exe

C:\Windows\System\eVfjGtl.exe

C:\Windows\System\ebOstPF.exe

C:\Windows\System\ebOstPF.exe

C:\Windows\System\BXOxFlY.exe

C:\Windows\System\BXOxFlY.exe

C:\Windows\System\zKhzoVr.exe

C:\Windows\System\zKhzoVr.exe

C:\Windows\System\DSnvOLO.exe

C:\Windows\System\DSnvOLO.exe

C:\Windows\System\tToeEaP.exe

C:\Windows\System\tToeEaP.exe

C:\Windows\System\rJbahNj.exe

C:\Windows\System\rJbahNj.exe

C:\Windows\System\bHupmvO.exe

C:\Windows\System\bHupmvO.exe

C:\Windows\System\pVTdJGy.exe

C:\Windows\System\pVTdJGy.exe

C:\Windows\System\QGImWaw.exe

C:\Windows\System\QGImWaw.exe

C:\Windows\System\NeYeJnv.exe

C:\Windows\System\NeYeJnv.exe

C:\Windows\System\XhRLiYp.exe

C:\Windows\System\XhRLiYp.exe

C:\Windows\System\CorOsZR.exe

C:\Windows\System\CorOsZR.exe

C:\Windows\System\YpUsOLK.exe

C:\Windows\System\YpUsOLK.exe

C:\Windows\System\ylOlkla.exe

C:\Windows\System\ylOlkla.exe

C:\Windows\System\SVOegLE.exe

C:\Windows\System\SVOegLE.exe

C:\Windows\System\xIjGTeP.exe

C:\Windows\System\xIjGTeP.exe

C:\Windows\System\QpwkFiT.exe

C:\Windows\System\QpwkFiT.exe

C:\Windows\System\GnfdPNr.exe

C:\Windows\System\GnfdPNr.exe

C:\Windows\System\kiRFOoJ.exe

C:\Windows\System\kiRFOoJ.exe

C:\Windows\System\RjOjXzM.exe

C:\Windows\System\RjOjXzM.exe

C:\Windows\System\lsGrgnh.exe

C:\Windows\System\lsGrgnh.exe

C:\Windows\System\vEocBmx.exe

C:\Windows\System\vEocBmx.exe

C:\Windows\System\BIMydNz.exe

C:\Windows\System\BIMydNz.exe

C:\Windows\System\PBKQaZv.exe

C:\Windows\System\PBKQaZv.exe

C:\Windows\System\rxfOAxL.exe

C:\Windows\System\rxfOAxL.exe

C:\Windows\System\bJRegAX.exe

C:\Windows\System\bJRegAX.exe

C:\Windows\System\OnemWre.exe

C:\Windows\System\OnemWre.exe

C:\Windows\System\yrxWRkJ.exe

C:\Windows\System\yrxWRkJ.exe

C:\Windows\System\spBtnqi.exe

C:\Windows\System\spBtnqi.exe

C:\Windows\System\IaBAfgN.exe

C:\Windows\System\IaBAfgN.exe

C:\Windows\System\sMPFaRu.exe

C:\Windows\System\sMPFaRu.exe

C:\Windows\System\UtaJSkO.exe

C:\Windows\System\UtaJSkO.exe

C:\Windows\System\cPKifGF.exe

C:\Windows\System\cPKifGF.exe

C:\Windows\System\etcgbVu.exe

C:\Windows\System\etcgbVu.exe

C:\Windows\System\lJJbcmW.exe

C:\Windows\System\lJJbcmW.exe

C:\Windows\System\rIUwtvR.exe

C:\Windows\System\rIUwtvR.exe

C:\Windows\System\wkuBxIl.exe

C:\Windows\System\wkuBxIl.exe

C:\Windows\System\aQssCEF.exe

C:\Windows\System\aQssCEF.exe

C:\Windows\System\xeKOAyk.exe

C:\Windows\System\xeKOAyk.exe

C:\Windows\System\LhbPFwB.exe

C:\Windows\System\LhbPFwB.exe

C:\Windows\System\bQwIwGJ.exe

C:\Windows\System\bQwIwGJ.exe

C:\Windows\System\fRgzwuR.exe

C:\Windows\System\fRgzwuR.exe

C:\Windows\System\zNQMWsj.exe

C:\Windows\System\zNQMWsj.exe

C:\Windows\System\ugDPPIZ.exe

C:\Windows\System\ugDPPIZ.exe

C:\Windows\System\uccQqIo.exe

C:\Windows\System\uccQqIo.exe

C:\Windows\System\CCyWZoU.exe

C:\Windows\System\CCyWZoU.exe

C:\Windows\System\oSCpjmB.exe

C:\Windows\System\oSCpjmB.exe

C:\Windows\System\ITJtzhw.exe

C:\Windows\System\ITJtzhw.exe

C:\Windows\System\SkTudOf.exe

C:\Windows\System\SkTudOf.exe

C:\Windows\System\emIhxET.exe

C:\Windows\System\emIhxET.exe

C:\Windows\System\ilqVGKK.exe

C:\Windows\System\ilqVGKK.exe

C:\Windows\System\cgvprQn.exe

C:\Windows\System\cgvprQn.exe

C:\Windows\System\bOFZvPL.exe

C:\Windows\System\bOFZvPL.exe

C:\Windows\System\iFkUIIi.exe

C:\Windows\System\iFkUIIi.exe

C:\Windows\System\HUoZhnK.exe

C:\Windows\System\HUoZhnK.exe

C:\Windows\System\AgyBaXy.exe

C:\Windows\System\AgyBaXy.exe

C:\Windows\System\GkaFtwS.exe

C:\Windows\System\GkaFtwS.exe

C:\Windows\System\XTwtIvX.exe

C:\Windows\System\XTwtIvX.exe

C:\Windows\System\fitkFUl.exe

C:\Windows\System\fitkFUl.exe

C:\Windows\System\PbPkQsD.exe

C:\Windows\System\PbPkQsD.exe

C:\Windows\System\uNogrGe.exe

C:\Windows\System\uNogrGe.exe

C:\Windows\System\ZwJbbpi.exe

C:\Windows\System\ZwJbbpi.exe

C:\Windows\System\xxUSjdU.exe

C:\Windows\System\xxUSjdU.exe

C:\Windows\System\xJhtaCE.exe

C:\Windows\System\xJhtaCE.exe

C:\Windows\System\dTvaRtP.exe

C:\Windows\System\dTvaRtP.exe

C:\Windows\System\fcHTYfU.exe

C:\Windows\System\fcHTYfU.exe

C:\Windows\System\qcZXuSF.exe

C:\Windows\System\qcZXuSF.exe

C:\Windows\System\HlutnhZ.exe

C:\Windows\System\HlutnhZ.exe

C:\Windows\System\IhQlIaL.exe

C:\Windows\System\IhQlIaL.exe

C:\Windows\System\UiNqJYb.exe

C:\Windows\System\UiNqJYb.exe

C:\Windows\System\IgHGXoE.exe

C:\Windows\System\IgHGXoE.exe

C:\Windows\System\uftTbiV.exe

C:\Windows\System\uftTbiV.exe

C:\Windows\System\VbcOiSb.exe

C:\Windows\System\VbcOiSb.exe

C:\Windows\System\nykPjRX.exe

C:\Windows\System\nykPjRX.exe

C:\Windows\System\ilpXCbH.exe

C:\Windows\System\ilpXCbH.exe

C:\Windows\System\WwdQupf.exe

C:\Windows\System\WwdQupf.exe

C:\Windows\System\lInlpBB.exe

C:\Windows\System\lInlpBB.exe

C:\Windows\System\fwVGjMg.exe

C:\Windows\System\fwVGjMg.exe

C:\Windows\System\PZZJfQB.exe

C:\Windows\System\PZZJfQB.exe

C:\Windows\System\ZOzyKPg.exe

C:\Windows\System\ZOzyKPg.exe

C:\Windows\System\OFlDXEX.exe

C:\Windows\System\OFlDXEX.exe

C:\Windows\System\HCIVljf.exe

C:\Windows\System\HCIVljf.exe

C:\Windows\System\AmijrER.exe

C:\Windows\System\AmijrER.exe

C:\Windows\System\JCbIFwF.exe

C:\Windows\System\JCbIFwF.exe

C:\Windows\System\yDVnydX.exe

C:\Windows\System\yDVnydX.exe

C:\Windows\System\EUoKLFT.exe

C:\Windows\System\EUoKLFT.exe

C:\Windows\System\viMDvuI.exe

C:\Windows\System\viMDvuI.exe

C:\Windows\System\LTuuCXt.exe

C:\Windows\System\LTuuCXt.exe

C:\Windows\System\iBmyObE.exe

C:\Windows\System\iBmyObE.exe

C:\Windows\System\DNwEEdp.exe

C:\Windows\System\DNwEEdp.exe

C:\Windows\System\NQEkzfP.exe

C:\Windows\System\NQEkzfP.exe

C:\Windows\System\zcVNyTW.exe

C:\Windows\System\zcVNyTW.exe

C:\Windows\System\EgjSLfL.exe

C:\Windows\System\EgjSLfL.exe

C:\Windows\System\VDJnmGM.exe

C:\Windows\System\VDJnmGM.exe

C:\Windows\System\OxSqAuu.exe

C:\Windows\System\OxSqAuu.exe

C:\Windows\System\WCJdjAH.exe

C:\Windows\System\WCJdjAH.exe

C:\Windows\System\iZRHXYH.exe

C:\Windows\System\iZRHXYH.exe

C:\Windows\System\bvbkZxE.exe

C:\Windows\System\bvbkZxE.exe

C:\Windows\System\qHtQHrF.exe

C:\Windows\System\qHtQHrF.exe

C:\Windows\System\WUlgtvn.exe

C:\Windows\System\WUlgtvn.exe

C:\Windows\System\bRWgWjE.exe

C:\Windows\System\bRWgWjE.exe

C:\Windows\System\rrRzfCM.exe

C:\Windows\System\rrRzfCM.exe

C:\Windows\System\eLuCvcO.exe

C:\Windows\System\eLuCvcO.exe

C:\Windows\System\SUNqmug.exe

C:\Windows\System\SUNqmug.exe

C:\Windows\System\ddIBHwA.exe

C:\Windows\System\ddIBHwA.exe

C:\Windows\System\yQAsMYw.exe

C:\Windows\System\yQAsMYw.exe

C:\Windows\System\lySLVWl.exe

C:\Windows\System\lySLVWl.exe

C:\Windows\System\GHQRrIf.exe

C:\Windows\System\GHQRrIf.exe

C:\Windows\System\BdRGBxx.exe

C:\Windows\System\BdRGBxx.exe

C:\Windows\System\BlOEyUW.exe

C:\Windows\System\BlOEyUW.exe

C:\Windows\System\KzWNoJv.exe

C:\Windows\System\KzWNoJv.exe

C:\Windows\System\vXzfWWw.exe

C:\Windows\System\vXzfWWw.exe

C:\Windows\System\PylbsWp.exe

C:\Windows\System\PylbsWp.exe

C:\Windows\System\gCymicR.exe

C:\Windows\System\gCymicR.exe

C:\Windows\System\uobXmzi.exe

C:\Windows\System\uobXmzi.exe

C:\Windows\System\LcRAUmm.exe

C:\Windows\System\LcRAUmm.exe

C:\Windows\System\wcWduON.exe

C:\Windows\System\wcWduON.exe

C:\Windows\System\OvSClbj.exe

C:\Windows\System\OvSClbj.exe

C:\Windows\System\ZaPyRQL.exe

C:\Windows\System\ZaPyRQL.exe

C:\Windows\System\AWCTdiR.exe

C:\Windows\System\AWCTdiR.exe

C:\Windows\System\eMcKxvA.exe

C:\Windows\System\eMcKxvA.exe

C:\Windows\System\LTyPsVZ.exe

C:\Windows\System\LTyPsVZ.exe

C:\Windows\System\mFVMCOM.exe

C:\Windows\System\mFVMCOM.exe

C:\Windows\System\UGmPqOc.exe

C:\Windows\System\UGmPqOc.exe

C:\Windows\System\VpariVd.exe

C:\Windows\System\VpariVd.exe

C:\Windows\System\jxGyxhC.exe

C:\Windows\System\jxGyxhC.exe

C:\Windows\System\uUwcEkW.exe

C:\Windows\System\uUwcEkW.exe

C:\Windows\System\SJPTcBw.exe

C:\Windows\System\SJPTcBw.exe

C:\Windows\System\OwjKVuE.exe

C:\Windows\System\OwjKVuE.exe

C:\Windows\System\KgXwWsM.exe

C:\Windows\System\KgXwWsM.exe

C:\Windows\System\APFkkEZ.exe

C:\Windows\System\APFkkEZ.exe

C:\Windows\System\MDntaDo.exe

C:\Windows\System\MDntaDo.exe

C:\Windows\System\wdaIbla.exe

C:\Windows\System\wdaIbla.exe

C:\Windows\System\rznIuZo.exe

C:\Windows\System\rznIuZo.exe

C:\Windows\System\lsypzSS.exe

C:\Windows\System\lsypzSS.exe

C:\Windows\System\zWCniZa.exe

C:\Windows\System\zWCniZa.exe

C:\Windows\System\VwAgbAy.exe

C:\Windows\System\VwAgbAy.exe

C:\Windows\System\GUHbDXe.exe

C:\Windows\System\GUHbDXe.exe

C:\Windows\System\oURcRUn.exe

C:\Windows\System\oURcRUn.exe

C:\Windows\System\GaYlQtp.exe

C:\Windows\System\GaYlQtp.exe

C:\Windows\System\mmdZjUY.exe

C:\Windows\System\mmdZjUY.exe

C:\Windows\System\bAscKNj.exe

C:\Windows\System\bAscKNj.exe

C:\Windows\System\vmWPAld.exe

C:\Windows\System\vmWPAld.exe

C:\Windows\System\SEOTwCX.exe

C:\Windows\System\SEOTwCX.exe

C:\Windows\System\GKtjTLX.exe

C:\Windows\System\GKtjTLX.exe

C:\Windows\System\nDPUBJa.exe

C:\Windows\System\nDPUBJa.exe

C:\Windows\System\VhquKCO.exe

C:\Windows\System\VhquKCO.exe

C:\Windows\System\ujRdAUi.exe

C:\Windows\System\ujRdAUi.exe

C:\Windows\System\bkBeSIF.exe

C:\Windows\System\bkBeSIF.exe

C:\Windows\System\ovQuQXP.exe

C:\Windows\System\ovQuQXP.exe

C:\Windows\System\uPJvZWx.exe

C:\Windows\System\uPJvZWx.exe

C:\Windows\System\gVKZnYl.exe

C:\Windows\System\gVKZnYl.exe

C:\Windows\System\bpgsBzv.exe

C:\Windows\System\bpgsBzv.exe

C:\Windows\System\bMFVaCL.exe

C:\Windows\System\bMFVaCL.exe

C:\Windows\System\cKOMwIN.exe

C:\Windows\System\cKOMwIN.exe

C:\Windows\System\kinPNCS.exe

C:\Windows\System\kinPNCS.exe

C:\Windows\System\BJWCunU.exe

C:\Windows\System\BJWCunU.exe

C:\Windows\System\YLOauKs.exe

C:\Windows\System\YLOauKs.exe

C:\Windows\System\NBGVfDy.exe

C:\Windows\System\NBGVfDy.exe

C:\Windows\System\iEBDtaX.exe

C:\Windows\System\iEBDtaX.exe

C:\Windows\System\CkXSfkG.exe

C:\Windows\System\CkXSfkG.exe

C:\Windows\System\sjrjqFl.exe

C:\Windows\System\sjrjqFl.exe

C:\Windows\System\dOYaADd.exe

C:\Windows\System\dOYaADd.exe

C:\Windows\System\ZrCurbX.exe

C:\Windows\System\ZrCurbX.exe

C:\Windows\System\YImSnzf.exe

C:\Windows\System\YImSnzf.exe

C:\Windows\System\VmQvwuI.exe

C:\Windows\System\VmQvwuI.exe

C:\Windows\System\QuPpcOg.exe

C:\Windows\System\QuPpcOg.exe

C:\Windows\System\cTKSXWS.exe

C:\Windows\System\cTKSXWS.exe

C:\Windows\System\XiHcaHR.exe

C:\Windows\System\XiHcaHR.exe

C:\Windows\System\dmhIpiz.exe

C:\Windows\System\dmhIpiz.exe

C:\Windows\System\CQUKWhT.exe

C:\Windows\System\CQUKWhT.exe

C:\Windows\System\bxWKlsV.exe

C:\Windows\System\bxWKlsV.exe

C:\Windows\System\oQzICap.exe

C:\Windows\System\oQzICap.exe

C:\Windows\System\eJRCcWe.exe

C:\Windows\System\eJRCcWe.exe

C:\Windows\System\WOwBhwh.exe

C:\Windows\System\WOwBhwh.exe

C:\Windows\System\cjkaJsS.exe

C:\Windows\System\cjkaJsS.exe

C:\Windows\System\edDintt.exe

C:\Windows\System\edDintt.exe

C:\Windows\System\YUKDagv.exe

C:\Windows\System\YUKDagv.exe

C:\Windows\System\lInHbCA.exe

C:\Windows\System\lInHbCA.exe

C:\Windows\System\ieYTHQp.exe

C:\Windows\System\ieYTHQp.exe

C:\Windows\System\SLKUgdH.exe

C:\Windows\System\SLKUgdH.exe

C:\Windows\System\ecfkYMV.exe

C:\Windows\System\ecfkYMV.exe

C:\Windows\System\MBLWrtA.exe

C:\Windows\System\MBLWrtA.exe

C:\Windows\System\PIGXksK.exe

C:\Windows\System\PIGXksK.exe

C:\Windows\System\xIbgWLQ.exe

C:\Windows\System\xIbgWLQ.exe

C:\Windows\System\LVRXceb.exe

C:\Windows\System\LVRXceb.exe

C:\Windows\System\bJxSInK.exe

C:\Windows\System\bJxSInK.exe

C:\Windows\System\acnRaOx.exe

C:\Windows\System\acnRaOx.exe

C:\Windows\System\JrysoTg.exe

C:\Windows\System\JrysoTg.exe

C:\Windows\System\whZSrKb.exe

C:\Windows\System\whZSrKb.exe

C:\Windows\System\zEtFfjo.exe

C:\Windows\System\zEtFfjo.exe

C:\Windows\System\aBcveqv.exe

C:\Windows\System\aBcveqv.exe

C:\Windows\System\uhbDFph.exe

C:\Windows\System\uhbDFph.exe

C:\Windows\System\ttYkmDc.exe

C:\Windows\System\ttYkmDc.exe

C:\Windows\System\lVUzbUu.exe

C:\Windows\System\lVUzbUu.exe

C:\Windows\System\xCqtABb.exe

C:\Windows\System\xCqtABb.exe

C:\Windows\System\FkmpVxI.exe

C:\Windows\System\FkmpVxI.exe

C:\Windows\System\xBZqsFb.exe

C:\Windows\System\xBZqsFb.exe

C:\Windows\System\TiGAFzT.exe

C:\Windows\System\TiGAFzT.exe

C:\Windows\System\uFjMVnM.exe

C:\Windows\System\uFjMVnM.exe

C:\Windows\System\LFbXcYs.exe

C:\Windows\System\LFbXcYs.exe

C:\Windows\System\mpXXOpE.exe

C:\Windows\System\mpXXOpE.exe

C:\Windows\System\UkoKaXx.exe

C:\Windows\System\UkoKaXx.exe

C:\Windows\System\smhWvRy.exe

C:\Windows\System\smhWvRy.exe

C:\Windows\System\rGIUzya.exe

C:\Windows\System\rGIUzya.exe

C:\Windows\System\yrjHakT.exe

C:\Windows\System\yrjHakT.exe

C:\Windows\System\BKkTMdU.exe

C:\Windows\System\BKkTMdU.exe

C:\Windows\System\PiNhDMY.exe

C:\Windows\System\PiNhDMY.exe

C:\Windows\System\UfhUGsO.exe

C:\Windows\System\UfhUGsO.exe

C:\Windows\System\VKjWIHm.exe

C:\Windows\System\VKjWIHm.exe

C:\Windows\System\aAuGtGo.exe

C:\Windows\System\aAuGtGo.exe

C:\Windows\System\DyJpTsr.exe

C:\Windows\System\DyJpTsr.exe

C:\Windows\System\FPPBmTX.exe

C:\Windows\System\FPPBmTX.exe

C:\Windows\System\TmkzfvJ.exe

C:\Windows\System\TmkzfvJ.exe

C:\Windows\System\JZcHoXu.exe

C:\Windows\System\JZcHoXu.exe

C:\Windows\System\BbKJpiz.exe

C:\Windows\System\BbKJpiz.exe

C:\Windows\System\HZXGZpg.exe

C:\Windows\System\HZXGZpg.exe

C:\Windows\System\MZTZOXd.exe

C:\Windows\System\MZTZOXd.exe

C:\Windows\System\RvjUZjd.exe

C:\Windows\System\RvjUZjd.exe

C:\Windows\System\XzygCND.exe

C:\Windows\System\XzygCND.exe

C:\Windows\System\PoStrEA.exe

C:\Windows\System\PoStrEA.exe

C:\Windows\System\jgpOKBK.exe

C:\Windows\System\jgpOKBK.exe

C:\Windows\System\JyoMukm.exe

C:\Windows\System\JyoMukm.exe

C:\Windows\System\BjIhPKA.exe

C:\Windows\System\BjIhPKA.exe

C:\Windows\System\pfZJgWb.exe

C:\Windows\System\pfZJgWb.exe

C:\Windows\System\hiRdSlz.exe

C:\Windows\System\hiRdSlz.exe

C:\Windows\System\LoHZBYn.exe

C:\Windows\System\LoHZBYn.exe

C:\Windows\System\IQyTMwA.exe

C:\Windows\System\IQyTMwA.exe

C:\Windows\System\xRdXCTK.exe

C:\Windows\System\xRdXCTK.exe

C:\Windows\System\bmQZphC.exe

C:\Windows\System\bmQZphC.exe

C:\Windows\System\jnjzrfd.exe

C:\Windows\System\jnjzrfd.exe

C:\Windows\System\QhqbBoZ.exe

C:\Windows\System\QhqbBoZ.exe

C:\Windows\System\KTWDKQz.exe

C:\Windows\System\KTWDKQz.exe

C:\Windows\System\lhIbekV.exe

C:\Windows\System\lhIbekV.exe

C:\Windows\System\KVlHuAo.exe

C:\Windows\System\KVlHuAo.exe

C:\Windows\System\EkSaaMC.exe

C:\Windows\System\EkSaaMC.exe

C:\Windows\System\sUTVWGa.exe

C:\Windows\System\sUTVWGa.exe

C:\Windows\System\SwvOuiz.exe

C:\Windows\System\SwvOuiz.exe

C:\Windows\System\tvrfsPj.exe

C:\Windows\System\tvrfsPj.exe

C:\Windows\System\sgZbsZN.exe

C:\Windows\System\sgZbsZN.exe

C:\Windows\System\AwFBfZK.exe

C:\Windows\System\AwFBfZK.exe

C:\Windows\System\ncLvZIA.exe

C:\Windows\System\ncLvZIA.exe

C:\Windows\System\DLjrorr.exe

C:\Windows\System\DLjrorr.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3928 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 13.107.253.67:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

memory/4284-0-0x00007FF720340000-0x00007FF720694000-memory.dmp

memory/4284-1-0x0000024734200000-0x0000024734210000-memory.dmp

C:\Windows\System\RTXWrNf.exe

MD5 3a06865d69dedea706811ab071075257
SHA1 e7f995773cfe14a7fd98206298570ebe5e94e301
SHA256 ef58f794b7468e65a2559dbe2e1cdacc33d1c1170d787fefe82527107498465b
SHA512 13a291e38e46539c50d4f79a2a5d2a2e534bb85dca4dfffcb9f2491f12319344085fc60dfb3733f7367a341f4f180122ee215b39455a7f80c457cb5e4bdb9c79

memory/464-8-0x00007FF64BC90000-0x00007FF64BFE4000-memory.dmp

C:\Windows\System\HEhvhfQ.exe

MD5 50d2320bf1d5e28f137df92fa3b76b93
SHA1 988d0d051b15c27e14825e3b7f9b54f54434f3a6
SHA256 f857a714576bb523786ce5ad37f635b58acbd06286dcd6defa808740fdcd1650
SHA512 f4b6e27e6f1c173b73946723192fb5efb1b3eae1b431c733fb64cf461bd3639d82fb1efcce1a0dd433e178a2e4b8063b6fa51d48d93f7648b31661f6c5023b94

C:\Windows\System\ljVjRsE.exe

MD5 bed22ebb5bdf2791b026cb418e6d05a4
SHA1 b2f761ec1033a992b3c704a2cca8f080e688e42a
SHA256 8dff2127e36e04bb64c7ff85b8fabf958150df79835512b06835bc71a4f5277c
SHA512 0d02fa740dab5074c0b4a45f89fa0b1a3737fda1d85727f06b0f705ea8b42e0e748b1174c4574001f54bc8605630420429350e52369576a7959a8ec4b330f0bc

memory/5064-14-0x00007FF7F3150000-0x00007FF7F34A4000-memory.dmp

C:\Windows\System\vRZbyte.exe

MD5 c68294e4d5787f4109917420e206e504
SHA1 14fcc46a38e28166e04cdcd7b275d32183ee1254
SHA256 f9fab897ac790045d73ede4690c5fb0c3ae1df76dc53385219cf4ca9bca3c547
SHA512 6952902c437b999c47259a71051526fe09fa5d90079cc5527e8242ae7bc2b52fb39dcabe28f26cd66929e659f559651cd6dfc916865f4debf6eb3cd30fe5f7a1

memory/4776-22-0x00007FF7F0630000-0x00007FF7F0984000-memory.dmp

memory/1620-23-0x00007FF660FD0000-0x00007FF661324000-memory.dmp

C:\Windows\System\BPTgcmP.exe

MD5 0112c4163ae663b7b06115d5dc48342b
SHA1 b17a58503ea33aad11ae778fe235c1d689211844
SHA256 af97d363f152eeee624a935872d9a29bdf3f8004f43fb0b253b9d0567191e634
SHA512 775c05ebee826c62b24674c9edd64f2c0aedb8937633bc249ae46eed6f59d8ea8f3fff7c27c4b346ed18133a3c575b973db45c279ab7db71616ae2d72009297f

memory/4944-32-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp

C:\Windows\System\hCdBmkQ.exe

MD5 973df3e0c7d37dbffd511cd51decf966
SHA1 967a3a940d8db34d5dc5e9fbda9634eb4f07225e
SHA256 f207d6e45d0472fd78b90b77c4e381c5bde48ea72b3b693c55910e98f4776d97
SHA512 41f3d407a9b9bece688570f43bf3bbd5cebeae6abf427e65e5a78f76fb3083e2f283a25a567a69c2e6629799d9711a537a8130453ad02d90ad1eb92906f49d7c

memory/3784-38-0x00007FF696F10000-0x00007FF697264000-memory.dmp

C:\Windows\System\DFuLwOi.exe

MD5 73bc700e7356eb9e004851785088362c
SHA1 c419473edceadc1d057f3c349953a19f003c114f
SHA256 3cf59e24e2b520b658f7ec2457ea87aac98b821be768ad599d2c653209e79a1b
SHA512 9873eb7d8f0cd73865c19b218035d7525c522e432504d7212881e9834a70842e2a060c0ef6be190c94e219d69b3a577ca1663ddcb81012e51d362706f1d8706b

C:\Windows\System\gUitHII.exe

MD5 1ca338a8c1e5895e21c45b11885c2916
SHA1 59a87f9bc2ee48b74b975250d8cd4a1c84bc81eb
SHA256 c251ea80918f8726257a99b8d4e4154d106d7cf2499661c9719ce2117cc33206
SHA512 f6d9569c2bbf53e313c2d2d095d3385746419aca1eb4ab70cea6ec8559d18749a1cb36e8697797bd07a6d86674da7d9f5b25a6523aed8e5ce3236b210aeace49

memory/3812-48-0x00007FF7C3D30000-0x00007FF7C4084000-memory.dmp

C:\Windows\System\oYEFMTL.exe

MD5 bd30498ef89fbc29f8c31d2f895eddc1
SHA1 0fde6f1854662f142a9f35709fb245256513723b
SHA256 3ac0ebced1827d0f91b79294ca348058929e9fcfe8fc06032c39bd262ead3439
SHA512 3ded3d36d0010fe31972940711bbca64dd1baf50909930bb15a939be71cd1550f2a2c4b29684de050d41766a81c809b9c180fa6e212f9e1dbbdbf9652abd4d47

memory/3768-55-0x00007FF627A60000-0x00007FF627DB4000-memory.dmp

C:\Windows\System\mFAsvak.exe

MD5 ef8486099731b969fb100115dde069e5
SHA1 77c3101505013fe03120386f59596f55c21cdceb
SHA256 23278a604a833516dcce62e33615c30e82e773b0ff9ef1a67f0348e3b5fa7ef7
SHA512 fb10efc4cfb41c0f574bad6c158cc4c88cd1d01143f3e37f128c49e1b4876501ca604afee9238d92b5d86fe88fb708b76c11af847404b55efbbf66617757311b

C:\Windows\System\FQrjZty.exe

MD5 165c7e7e5613b4018a541400e2e6d031
SHA1 6c0f0127566aa6d8756afe921e98322916c97900
SHA256 e7c2c5f34fe710268d58ade18dc3a807091c1acb5df70bc861aa59da4eafdb4c
SHA512 41d08020fb2056226f9d43527f4f1ef0444e121e09cdd44b168c243f4457e63601c8ab235131b30ee1ca3bd61fefbc94d0363512e3dc9bd8a83ccf6994c2a124

memory/2608-65-0x00007FF7DE330000-0x00007FF7DE684000-memory.dmp

C:\Windows\System\xGJfGRa.exe

MD5 75623418fdfc5c45323df2842396db8b
SHA1 7a6584ab2674b470176e3b2644686c1fe0c874f7
SHA256 be2ccac90ec755661d8e179b48dec74373a3e94071c8cfcb1e5a06a8596b7dfa
SHA512 e04cefe25ea393e46568e297df76a08046603fdc1aa01442162dd0140ebb07ddd835225fe6273d853345183b2dd0967615d4951ce235379600b4bbd70d6d60dc

C:\Windows\System\qumMNCk.exe

MD5 acb754229ac60bdae01c8826b7067091
SHA1 f8d1e5f2a12ca04bdc1b4001ebfc3d278e235bbf
SHA256 4cfcf90411fb61932859e0a26b4bf13c2172dc0a238eb8c192ff1279cf868fa5
SHA512 52f77e419eaaa6a6ec94bbb2ffd5b6b45ba2fb9cf8c541b652e83e55f3b46e23ac8ec99905a441231ed883ffba9646991d539f4c8d2af65869fced7cf3a7c3f7

C:\Windows\System\fXhFIdP.exe

MD5 237c95c5b2eb2ce50c15126b5f78a613
SHA1 edd3a6c26996ec99ac39fa52147fbed86954735a
SHA256 1417b82f6a31000e599ac2ff49db6f7f930ac746e7e81560f25cae72a095c069
SHA512 46893324b46598f137ead26028c376709a949379e25732624c5bd3954c861217c6255ea9ecc4503a07b5ba7ce0a4de6be2f47f8ddec05b72ccf1ea5bfa944e95

C:\Windows\System\cAEhWZQ.exe

MD5 bf54a84d9b7fecc9532b49dc9fceda9e
SHA1 91af6e484db62b90dcf0dca1abf396c37d93113e
SHA256 fa80912ccb8f26e4d78cd7ecb7e1c0a65533ccfcc7febf615fa5d14ca3f2f5e3
SHA512 5eb07f1b129ea02b207ae220d1e107c81cb9289296172ef79ad0ddc05a115e94db0b6e0f926ef51dabf246f7bc71a09d752edc4aa3bf2bee9ae8498b84d7d1ab

C:\Windows\System\ebmkqsy.exe

MD5 379ece20ec497bb8c067b1a88660f087
SHA1 08e4898740f9e50cba78d8b6ba28bd2d080477cb
SHA256 8d0e9b00d6eea8864e638fcd7b0c982c59b4c5203d8526450f6939229036a539
SHA512 2e04e0ee45a8303b940aa40410fafc10462cf1899b1d83ef4310af5d6b150e5a8cdd0fead4d960e74a8b99e24b3728fd6a3721155fedb0121c43ec89f8157440

C:\Windows\System\WdhjpzH.exe

MD5 7f739be83e7e7758c87d830403b10522
SHA1 2adf6204b2cd7d314388ac75841d1c68a2bfd7bc
SHA256 37a7dfaf337808662422aa4e0508e01b8e55179a560da77481c1f163ac39e29c
SHA512 0f68f6facefbb9059a168f1a0382cbe10ab4e197fedb8f37fb9221566385a544ae653c4d1c5e59bacaa94083e06acfc3b2d8ed6c4a854a18f186084a2ed46c3f

C:\Windows\System\CYwzYLn.exe

MD5 be4ff25c63083e6e6b3d99d8fc0a1e8e
SHA1 9cc2eb46987e6dc55f4411694be5aada7d117cbf
SHA256 bf5f56a15300d85693c02ba34bbb6a7b3ecca105e5944032ec52cc72a37807f6
SHA512 250fbafe243ad797dc2a919856b59d2ce1b7a1b0861f0f44b7ca445c65ff037f615edc1f067ea75d2c2fdb6b665527d5b95a7b34752579b07171a9a2f6461964

C:\Windows\System\QIJgBZm.exe

MD5 1964a955f17941b63f36905d02e1744d
SHA1 bde2a2d3d31ccfd736588f866d99be1678a1cb1c
SHA256 f7393b325c65d68fd06735ae75ce53558e332f22c130935a961e71073766c3eb
SHA512 d260a1c83b90864ecf30b9e586a55c26d2323ba16968e190bcb0e7a6791c87cecd7e91d68b7fbc9df144f0a406f70bfb18f40ba15413266d17a46320100010b7

C:\Windows\System\ldgiWoQ.exe

MD5 7d9bf027fffbd8a7fc0d88b09691f82d
SHA1 fc6b2d22a5bd1850a3e316f77ac59f874b89079b
SHA256 2d0221c006cf4b66df844878bcb0f6777c30d804d096fbefa71a811e0b165af3
SHA512 b43bcc9bb8ca183a03b395a3a06226362f5beada896e70c917c80aeda4589cfe6c4fe9baf2598b7b156db22518e544f6aa176aaaff075bb72c9809f5bb46cba5

C:\Windows\System\ZvZeJAS.exe

MD5 9f36f4f7de0cab4dd7e1b7729a625521
SHA1 dc81e342d0eba42d49bdbc002d169be0ced9feed
SHA256 306206005003696075f9f516a4f5ce0ef7eabab965a4f44b350a723515e571dd
SHA512 d67c5e2526e0d42232e1015485e5ed09c7163c4650730c0c9aa5290331e36e45f72b73b4d33daeb09c18b8f17832337b14773068c6cd876ee3a5f90959718f5a

memory/4320-383-0x00007FF6908E0000-0x00007FF690C34000-memory.dmp

memory/1892-391-0x00007FF630ED0000-0x00007FF631224000-memory.dmp

memory/4304-401-0x00007FF7A61B0000-0x00007FF7A6504000-memory.dmp

memory/2096-414-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp

memory/3688-422-0x00007FF7F4D60000-0x00007FF7F50B4000-memory.dmp

memory/3260-426-0x00007FF64FD70000-0x00007FF6500C4000-memory.dmp

memory/4628-430-0x00007FF603A00000-0x00007FF603D54000-memory.dmp

memory/3528-435-0x00007FF7CEBD0000-0x00007FF7CEF24000-memory.dmp

memory/2436-440-0x00007FF66F800000-0x00007FF66FB54000-memory.dmp

memory/3504-455-0x00007FF704770000-0x00007FF704AC4000-memory.dmp

memory/1736-459-0x00007FF74FAC0000-0x00007FF74FE14000-memory.dmp

memory/3208-465-0x00007FF77BA50000-0x00007FF77BDA4000-memory.dmp

memory/848-468-0x00007FF70BE30000-0x00007FF70C184000-memory.dmp

memory/464-471-0x00007FF64BC90000-0x00007FF64BFE4000-memory.dmp

memory/1228-450-0x00007FF6DE920000-0x00007FF6DEC74000-memory.dmp

memory/4768-447-0x00007FF6FB5D0000-0x00007FF6FB924000-memory.dmp

memory/1128-418-0x00007FF72DAB0000-0x00007FF72DE04000-memory.dmp

memory/3544-410-0x00007FF6A5C70000-0x00007FF6A5FC4000-memory.dmp

memory/4336-404-0x00007FF737CE0000-0x00007FF738034000-memory.dmp

memory/4044-397-0x00007FF76CEE0000-0x00007FF76D234000-memory.dmp

memory/4284-378-0x00007FF720340000-0x00007FF720694000-memory.dmp

C:\Windows\System\rncTITr.exe

MD5 4c11640ed5d6d1559ad1c95d2c7b155c
SHA1 b522ec8a11418ae42893e57a32528963b30d2850
SHA256 784d1538b36da079e45153877524b20b6185f06a403d47ee6c19d21251bbf868
SHA512 bc7b159d6266f1a1b2dc5c2b1fb6532bdf672ddd1ccb052765570cacd67985f7d7ce88faaec6aebee9bbc26e545af2acc78af309140aeca6c8e60d3ad42584ed

C:\Windows\System\DWSxlpf.exe

MD5 1a0f25c5dad5f38efb92dbeca5dcbd56
SHA1 932c794f4b2269510a306c80b215abae335b5594
SHA256 4eb7effef378abcf5c89f5078f0226a90084e224b97373ef62af5be9abcb2ec0
SHA512 a3f2aa8b88b6ded74db4f2650d5beba12e3e5ab89d28f5978545773c1894de5e7ff4fbe809a3f0e53f5905f93300735f2565b984f4470a139ae6062b460bd2d3

C:\Windows\System\LqLOMSn.exe

MD5 ed8d486101f05b96cc1d88c2b3a41fea
SHA1 01b36cbe234574155551df826d35667a4c9c1913
SHA256 04d3041d97d9f3419def1a0d4641d2c694bdd7628c10b4fec7186d87983b1d5a
SHA512 881b9e2f4ce7fb350a28282bed6d99fd8c43e846f60970e123982b51a1dd97ec0d72e56fce434fede470706ca52bdc8fb14388e0fdd65d237b6993d518bf4da9

C:\Windows\System\vSENkAA.exe

MD5 9e216feaa37dbc3382a3c3407fc3cabb
SHA1 23bae7c0bf06576f8a992176104de412f2f2b569
SHA256 e848ba9b270357f3a87933b12f25f7787df261b1d42809fb302b2b985d9f7a07
SHA512 61eaed75facf39178cd9126e5b9555c7e650aa5e128a5a11b9aa6e355643d3fd24098cfb089fa65fff0299ccd3656258a41aaf424c58421d3dea245fb659ae6f

C:\Windows\System\HcooWxo.exe

MD5 243a4292538d9aef36f61adbe42d191e
SHA1 dad6ec1228d39893e82077f4a9fb577bdd3ac6d9
SHA256 60301629d7d193cae2292f10831cc36488e39f65583c1a164def272ae89b18ea
SHA512 a1eba69ae8b778fc7a42fff10d3e93484915d6d2dc7779021f30815f6090753461f0e27f621ea30841992eb10c85735496b46fe24c86e15514084ecfd3842c68

memory/5064-821-0x00007FF7F3150000-0x00007FF7F34A4000-memory.dmp

C:\Windows\System\GSVQPPF.exe

MD5 2d7395bcf0cfc3ab62a30c938327b596
SHA1 c51ed3dbac92224d3f936e4b07499c25e777c3a1
SHA256 f970ef15570198c706f77df799b6146146e50f0fc6b9eab6f5cc53f8500f253b
SHA512 b098f91cbefc036c28a2f43c794ed4587f155a52b96a434b8086d8d9279bf890f29049489403388840a80a7f7bc3a6a3ed492343530ee10e3fa68a33582d376e

C:\Windows\System\OfyUMWX.exe

MD5 c4f52ffab6b591e6bd77c6721cbb88da
SHA1 f2cd44a20306ea10cbafde58355e226213f95f2d
SHA256 f7c95824867a4977fd04f4a60d95ab76b8b01b6c7309b578abf6e9535a4fa0cd
SHA512 4fdaec2901f84b99366641ea8bd8d6d1ce0b6948c652a57206c775219df55254e0dea021d165652c36080feb0fdcb5b38b46b17272dcd39663dd7088a49bd349

C:\Windows\System\psUieYh.exe

MD5 52ccd2c09236881d123bf9f657cf190c
SHA1 53619cb8394185932853c067349057424e09f8c1
SHA256 74a17520324475ad02aed99faab8c15b463483291731c38340eef389a608e5e9
SHA512 efa5efe7562e95208c02249e6016b1b4f6d0debd37254cdaf70e7cea925718731077d144738fd615d43a230bfd952df5a7434a97bc9f27840ad24e1a28baf443

C:\Windows\System\CnlGOqH.exe

MD5 43ace678fb426b45a3ab4cdf72710f38
SHA1 07a692a61b03268f2e96b5dee3759840821d6e4f
SHA256 3fe9ab2bbcc7e009774d6dd2278823643b751a026952e1f8014a2790aff0d404
SHA512 4e1fb68447c4aba4b00f1fbabcafcd2390e182a69d1cbcf54f53089de0787fbe8411cb07a9c85d694e9da716116472f7573af3e91d858d6728ed5e2253047b3e

C:\Windows\System\rsBOAfQ.exe

MD5 4a9f5ba1c77e7125c14aecf4315548e9
SHA1 8af5973e6ab24b34d0cdf4801493ebf6edf150de
SHA256 af4925c57b6c5d71075c5ae2a4d7899b23d9c7d57a73e496559e08c1329ae721
SHA512 a743a42e09e673f86af497c8d6a6a2fb1f1bbf9e25696dda603d75b3588754847e16779569922ad111071d3b068eb50160c220ba2e567e73e27ef802829e0c8b

C:\Windows\System\eCFfLWs.exe

MD5 72760e185891b754e3c861e3bdf29158
SHA1 6ef7da04644b6785e6b9f41e5532220f26049f62
SHA256 3c1e7f53502832cbdae203efdd71300cd16d2c08fa1e713b5de119e140115017
SHA512 dc19fb8e2e6034547b89e3da4c6a4bf0d41bb96031bd4bbd0f078ec75d3c2c96c3084472f8b7e8a8d84c37ea85d8ad42efaf62bfd56b7a9fb41be8134947e2ea

C:\Windows\System\gXgqyOT.exe

MD5 0d8238e4aa69e65213855d9d94571f4c
SHA1 daed12c4c915c8b8ab27f6d65e6e8d7f0fc58fad
SHA256 1dbacfc440988c089a86602eff7e9641dbeab334b0f8476a07c4bac348ed08f4
SHA512 b4423006223c926501a7c93112b97ff77e765d80e9fa64a8b95bc39a83b750049c0f73000932402772589dbee4c6144bc041585c8814899a1e4a15c11b8f6f13

memory/2000-60-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp

memory/1620-1072-0x00007FF660FD0000-0x00007FF661324000-memory.dmp

memory/4944-1073-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp

memory/3812-1074-0x00007FF7C3D30000-0x00007FF7C4084000-memory.dmp

memory/3784-1075-0x00007FF696F10000-0x00007FF697264000-memory.dmp

memory/464-1076-0x00007FF64BC90000-0x00007FF64BFE4000-memory.dmp

memory/5064-1077-0x00007FF7F3150000-0x00007FF7F34A4000-memory.dmp

memory/4776-1078-0x00007FF7F0630000-0x00007FF7F0984000-memory.dmp

memory/1620-1079-0x00007FF660FD0000-0x00007FF661324000-memory.dmp

memory/4944-1080-0x00007FF60FB20000-0x00007FF60FE74000-memory.dmp

memory/3784-1081-0x00007FF696F10000-0x00007FF697264000-memory.dmp

memory/3812-1082-0x00007FF7C3D30000-0x00007FF7C4084000-memory.dmp

memory/2000-1083-0x00007FF6DB5B0000-0x00007FF6DB904000-memory.dmp

memory/3768-1084-0x00007FF627A60000-0x00007FF627DB4000-memory.dmp

memory/2608-1085-0x00007FF7DE330000-0x00007FF7DE684000-memory.dmp

memory/4320-1086-0x00007FF6908E0000-0x00007FF690C34000-memory.dmp

memory/848-1087-0x00007FF70BE30000-0x00007FF70C184000-memory.dmp

memory/4304-1089-0x00007FF7A61B0000-0x00007FF7A6504000-memory.dmp

memory/4044-1090-0x00007FF76CEE0000-0x00007FF76D234000-memory.dmp

memory/1892-1088-0x00007FF630ED0000-0x00007FF631224000-memory.dmp

memory/4336-1091-0x00007FF737CE0000-0x00007FF738034000-memory.dmp

memory/1128-1095-0x00007FF72DAB0000-0x00007FF72DE04000-memory.dmp

memory/3688-1094-0x00007FF7F4D60000-0x00007FF7F50B4000-memory.dmp

memory/3260-1096-0x00007FF64FD70000-0x00007FF6500C4000-memory.dmp

memory/3544-1093-0x00007FF6A5C70000-0x00007FF6A5FC4000-memory.dmp

memory/2096-1092-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp

memory/1736-1098-0x00007FF74FAC0000-0x00007FF74FE14000-memory.dmp

memory/4768-1100-0x00007FF6FB5D0000-0x00007FF6FB924000-memory.dmp

memory/3528-1104-0x00007FF7CEBD0000-0x00007FF7CEF24000-memory.dmp

memory/3208-1103-0x00007FF77BA50000-0x00007FF77BDA4000-memory.dmp

memory/4628-1102-0x00007FF603A00000-0x00007FF603D54000-memory.dmp

memory/1228-1101-0x00007FF6DE920000-0x00007FF6DEC74000-memory.dmp

memory/2436-1099-0x00007FF66F800000-0x00007FF66FB54000-memory.dmp

memory/3504-1097-0x00007FF704770000-0x00007FF704AC4000-memory.dmp