Malware Analysis Report

2024-10-10 08:39

Sample ID 240604-b2l9lagg9t
Target 1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe
SHA256 9f0f533d4854daa7ee9b0c70400b8ab66596c3df515ec13b841be1a95d4205dc
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f0f533d4854daa7ee9b0c70400b8ab66596c3df515ec13b841be1a95d4205dc

Threat Level: Known bad

The file 1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

xmrig

XMRig Miner payload

KPOT

Kpot family

Xmrig family

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:38

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:38

Reported

2024-06-04 01:42

Platform

win7-20240508-en

Max time kernel

139s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\esMByyo.exe N/A
N/A N/A C:\Windows\System\iZEgmNk.exe N/A
N/A N/A C:\Windows\System\PlegnqA.exe N/A
N/A N/A C:\Windows\System\usTpgSA.exe N/A
N/A N/A C:\Windows\System\TlEOQWY.exe N/A
N/A N/A C:\Windows\System\pYSzcXi.exe N/A
N/A N/A C:\Windows\System\CGYohoD.exe N/A
N/A N/A C:\Windows\System\XlTLbUW.exe N/A
N/A N/A C:\Windows\System\DcnMJkF.exe N/A
N/A N/A C:\Windows\System\uESfgOe.exe N/A
N/A N/A C:\Windows\System\eEFkRnX.exe N/A
N/A N/A C:\Windows\System\MMxKZBo.exe N/A
N/A N/A C:\Windows\System\YDvcFBu.exe N/A
N/A N/A C:\Windows\System\LBgykQE.exe N/A
N/A N/A C:\Windows\System\RdyWzXr.exe N/A
N/A N/A C:\Windows\System\dqaNnvn.exe N/A
N/A N/A C:\Windows\System\QyFiTNA.exe N/A
N/A N/A C:\Windows\System\fBzEgkf.exe N/A
N/A N/A C:\Windows\System\fGiufgO.exe N/A
N/A N/A C:\Windows\System\NWgocJo.exe N/A
N/A N/A C:\Windows\System\CNKFwXW.exe N/A
N/A N/A C:\Windows\System\LuWpBPy.exe N/A
N/A N/A C:\Windows\System\EtUVJap.exe N/A
N/A N/A C:\Windows\System\iwpwXnt.exe N/A
N/A N/A C:\Windows\System\bYjOeIf.exe N/A
N/A N/A C:\Windows\System\YvVbbPE.exe N/A
N/A N/A C:\Windows\System\uLIsalF.exe N/A
N/A N/A C:\Windows\System\Omqmgis.exe N/A
N/A N/A C:\Windows\System\jXwXOgv.exe N/A
N/A N/A C:\Windows\System\tmLQbWv.exe N/A
N/A N/A C:\Windows\System\WlrpoMc.exe N/A
N/A N/A C:\Windows\System\EbopFqe.exe N/A
N/A N/A C:\Windows\System\tnroXLM.exe N/A
N/A N/A C:\Windows\System\yOwbztz.exe N/A
N/A N/A C:\Windows\System\ZRubnrw.exe N/A
N/A N/A C:\Windows\System\rlJoBfk.exe N/A
N/A N/A C:\Windows\System\NrfDtJG.exe N/A
N/A N/A C:\Windows\System\AGXTMVy.exe N/A
N/A N/A C:\Windows\System\pYvEvTO.exe N/A
N/A N/A C:\Windows\System\uKTNqvW.exe N/A
N/A N/A C:\Windows\System\hBVleiR.exe N/A
N/A N/A C:\Windows\System\czHUqsa.exe N/A
N/A N/A C:\Windows\System\uLcBSsr.exe N/A
N/A N/A C:\Windows\System\iJMgsRs.exe N/A
N/A N/A C:\Windows\System\SFIwBEa.exe N/A
N/A N/A C:\Windows\System\tzXXYNj.exe N/A
N/A N/A C:\Windows\System\mwNvUmJ.exe N/A
N/A N/A C:\Windows\System\HDnmErR.exe N/A
N/A N/A C:\Windows\System\RBjCaHH.exe N/A
N/A N/A C:\Windows\System\pIHdmQP.exe N/A
N/A N/A C:\Windows\System\wxWFayY.exe N/A
N/A N/A C:\Windows\System\bHhWMoh.exe N/A
N/A N/A C:\Windows\System\yXrmlvE.exe N/A
N/A N/A C:\Windows\System\ZcmDoyE.exe N/A
N/A N/A C:\Windows\System\LuHeKNk.exe N/A
N/A N/A C:\Windows\System\UjhUIOG.exe N/A
N/A N/A C:\Windows\System\qJlFtQG.exe N/A
N/A N/A C:\Windows\System\iPQLUKW.exe N/A
N/A N/A C:\Windows\System\iAdwsCg.exe N/A
N/A N/A C:\Windows\System\JjuOUfp.exe N/A
N/A N/A C:\Windows\System\PLopEIs.exe N/A
N/A N/A C:\Windows\System\SpksPCB.exe N/A
N/A N/A C:\Windows\System\mHRHPQk.exe N/A
N/A N/A C:\Windows\System\kIodjTE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HBohEHt.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKJMAdF.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BvjCzze.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqjsspg.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSprhHB.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgfWhEE.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOwbztz.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyzPOeL.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\leCtUoP.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLmWBzO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzoILsu.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGYohoD.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCGKnmL.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ToVyrll.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpMbYxO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQDWsQp.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGyIgdV.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTkkSXk.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FneAVGT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWhjkea.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlOdNZx.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gFvXucq.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwFKUUH.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpKzNLY.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHuIzgf.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcnMJkF.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBzEgkf.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIodjTE.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcrNRgj.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XniSZxL.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QckYODZ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTKlGtH.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmgiDQb.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwAJGwV.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSFDFGI.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfLLHOT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSgCJzR.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\emPwqBk.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsrtXDj.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VeMvNtJ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMWzymP.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aKOdiHA.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhbXTXD.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFIwBEa.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dstPuhQ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLcRPOG.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbOtalK.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzXXYNj.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCpFfTH.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RULIVCW.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FedxlEP.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqaNnvn.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNKFwXW.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StrFpFP.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXUHLhx.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLLnFAc.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLchgxN.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\amXsONW.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPSlMVV.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPiHzDM.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddWYXvh.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uLcBSsr.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfquQEO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPCILlF.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1772 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\esMByyo.exe
PID 1772 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\esMByyo.exe
PID 1772 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\esMByyo.exe
PID 1772 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\iZEgmNk.exe
PID 1772 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\iZEgmNk.exe
PID 1772 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\iZEgmNk.exe
PID 1772 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\PlegnqA.exe
PID 1772 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\PlegnqA.exe
PID 1772 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\PlegnqA.exe
PID 1772 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\usTpgSA.exe
PID 1772 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\usTpgSA.exe
PID 1772 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\usTpgSA.exe
PID 1772 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\TlEOQWY.exe
PID 1772 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\TlEOQWY.exe
PID 1772 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\TlEOQWY.exe
PID 1772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\pYSzcXi.exe
PID 1772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\pYSzcXi.exe
PID 1772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\pYSzcXi.exe
PID 1772 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CGYohoD.exe
PID 1772 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CGYohoD.exe
PID 1772 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CGYohoD.exe
PID 1772 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\XlTLbUW.exe
PID 1772 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\XlTLbUW.exe
PID 1772 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\XlTLbUW.exe
PID 1772 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\DcnMJkF.exe
PID 1772 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\DcnMJkF.exe
PID 1772 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\DcnMJkF.exe
PID 1772 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\uESfgOe.exe
PID 1772 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\uESfgOe.exe
PID 1772 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\uESfgOe.exe
PID 1772 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\eEFkRnX.exe
PID 1772 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\eEFkRnX.exe
PID 1772 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\eEFkRnX.exe
PID 1772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\MMxKZBo.exe
PID 1772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\MMxKZBo.exe
PID 1772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\MMxKZBo.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\YDvcFBu.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\YDvcFBu.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\YDvcFBu.exe
PID 1772 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LBgykQE.exe
PID 1772 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LBgykQE.exe
PID 1772 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LBgykQE.exe
PID 1772 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\RdyWzXr.exe
PID 1772 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\RdyWzXr.exe
PID 1772 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\RdyWzXr.exe
PID 1772 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\dqaNnvn.exe
PID 1772 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\dqaNnvn.exe
PID 1772 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\dqaNnvn.exe
PID 1772 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QyFiTNA.exe
PID 1772 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QyFiTNA.exe
PID 1772 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QyFiTNA.exe
PID 1772 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fBzEgkf.exe
PID 1772 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fBzEgkf.exe
PID 1772 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fBzEgkf.exe
PID 1772 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fGiufgO.exe
PID 1772 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fGiufgO.exe
PID 1772 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\fGiufgO.exe
PID 1772 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\NWgocJo.exe
PID 1772 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\NWgocJo.exe
PID 1772 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\NWgocJo.exe
PID 1772 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CNKFwXW.exe
PID 1772 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CNKFwXW.exe
PID 1772 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CNKFwXW.exe
PID 1772 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LuWpBPy.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe"

C:\Windows\System\esMByyo.exe

C:\Windows\System\esMByyo.exe

C:\Windows\System\iZEgmNk.exe

C:\Windows\System\iZEgmNk.exe

C:\Windows\System\PlegnqA.exe

C:\Windows\System\PlegnqA.exe

C:\Windows\System\usTpgSA.exe

C:\Windows\System\usTpgSA.exe

C:\Windows\System\TlEOQWY.exe

C:\Windows\System\TlEOQWY.exe

C:\Windows\System\pYSzcXi.exe

C:\Windows\System\pYSzcXi.exe

C:\Windows\System\CGYohoD.exe

C:\Windows\System\CGYohoD.exe

C:\Windows\System\XlTLbUW.exe

C:\Windows\System\XlTLbUW.exe

C:\Windows\System\DcnMJkF.exe

C:\Windows\System\DcnMJkF.exe

C:\Windows\System\uESfgOe.exe

C:\Windows\System\uESfgOe.exe

C:\Windows\System\eEFkRnX.exe

C:\Windows\System\eEFkRnX.exe

C:\Windows\System\MMxKZBo.exe

C:\Windows\System\MMxKZBo.exe

C:\Windows\System\YDvcFBu.exe

C:\Windows\System\YDvcFBu.exe

C:\Windows\System\LBgykQE.exe

C:\Windows\System\LBgykQE.exe

C:\Windows\System\RdyWzXr.exe

C:\Windows\System\RdyWzXr.exe

C:\Windows\System\dqaNnvn.exe

C:\Windows\System\dqaNnvn.exe

C:\Windows\System\QyFiTNA.exe

C:\Windows\System\QyFiTNA.exe

C:\Windows\System\fBzEgkf.exe

C:\Windows\System\fBzEgkf.exe

C:\Windows\System\fGiufgO.exe

C:\Windows\System\fGiufgO.exe

C:\Windows\System\NWgocJo.exe

C:\Windows\System\NWgocJo.exe

C:\Windows\System\CNKFwXW.exe

C:\Windows\System\CNKFwXW.exe

C:\Windows\System\LuWpBPy.exe

C:\Windows\System\LuWpBPy.exe

C:\Windows\System\EtUVJap.exe

C:\Windows\System\EtUVJap.exe

C:\Windows\System\iwpwXnt.exe

C:\Windows\System\iwpwXnt.exe

C:\Windows\System\bYjOeIf.exe

C:\Windows\System\bYjOeIf.exe

C:\Windows\System\YvVbbPE.exe

C:\Windows\System\YvVbbPE.exe

C:\Windows\System\uLIsalF.exe

C:\Windows\System\uLIsalF.exe

C:\Windows\System\Omqmgis.exe

C:\Windows\System\Omqmgis.exe

C:\Windows\System\jXwXOgv.exe

C:\Windows\System\jXwXOgv.exe

C:\Windows\System\tmLQbWv.exe

C:\Windows\System\tmLQbWv.exe

C:\Windows\System\WlrpoMc.exe

C:\Windows\System\WlrpoMc.exe

C:\Windows\System\EbopFqe.exe

C:\Windows\System\EbopFqe.exe

C:\Windows\System\tnroXLM.exe

C:\Windows\System\tnroXLM.exe

C:\Windows\System\yOwbztz.exe

C:\Windows\System\yOwbztz.exe

C:\Windows\System\ZRubnrw.exe

C:\Windows\System\ZRubnrw.exe

C:\Windows\System\rlJoBfk.exe

C:\Windows\System\rlJoBfk.exe

C:\Windows\System\NrfDtJG.exe

C:\Windows\System\NrfDtJG.exe

C:\Windows\System\AGXTMVy.exe

C:\Windows\System\AGXTMVy.exe

C:\Windows\System\pYvEvTO.exe

C:\Windows\System\pYvEvTO.exe

C:\Windows\System\uKTNqvW.exe

C:\Windows\System\uKTNqvW.exe

C:\Windows\System\hBVleiR.exe

C:\Windows\System\hBVleiR.exe

C:\Windows\System\czHUqsa.exe

C:\Windows\System\czHUqsa.exe

C:\Windows\System\uLcBSsr.exe

C:\Windows\System\uLcBSsr.exe

C:\Windows\System\iJMgsRs.exe

C:\Windows\System\iJMgsRs.exe

C:\Windows\System\SFIwBEa.exe

C:\Windows\System\SFIwBEa.exe

C:\Windows\System\tzXXYNj.exe

C:\Windows\System\tzXXYNj.exe

C:\Windows\System\mwNvUmJ.exe

C:\Windows\System\mwNvUmJ.exe

C:\Windows\System\HDnmErR.exe

C:\Windows\System\HDnmErR.exe

C:\Windows\System\RBjCaHH.exe

C:\Windows\System\RBjCaHH.exe

C:\Windows\System\pIHdmQP.exe

C:\Windows\System\pIHdmQP.exe

C:\Windows\System\wxWFayY.exe

C:\Windows\System\wxWFayY.exe

C:\Windows\System\bHhWMoh.exe

C:\Windows\System\bHhWMoh.exe

C:\Windows\System\yXrmlvE.exe

C:\Windows\System\yXrmlvE.exe

C:\Windows\System\ZcmDoyE.exe

C:\Windows\System\ZcmDoyE.exe

C:\Windows\System\LuHeKNk.exe

C:\Windows\System\LuHeKNk.exe

C:\Windows\System\UjhUIOG.exe

C:\Windows\System\UjhUIOG.exe

C:\Windows\System\qJlFtQG.exe

C:\Windows\System\qJlFtQG.exe

C:\Windows\System\iPQLUKW.exe

C:\Windows\System\iPQLUKW.exe

C:\Windows\System\iAdwsCg.exe

C:\Windows\System\iAdwsCg.exe

C:\Windows\System\JjuOUfp.exe

C:\Windows\System\JjuOUfp.exe

C:\Windows\System\PLopEIs.exe

C:\Windows\System\PLopEIs.exe

C:\Windows\System\SpksPCB.exe

C:\Windows\System\SpksPCB.exe

C:\Windows\System\mHRHPQk.exe

C:\Windows\System\mHRHPQk.exe

C:\Windows\System\kIodjTE.exe

C:\Windows\System\kIodjTE.exe

C:\Windows\System\mysvBYk.exe

C:\Windows\System\mysvBYk.exe

C:\Windows\System\UnokbyX.exe

C:\Windows\System\UnokbyX.exe

C:\Windows\System\cROQvxT.exe

C:\Windows\System\cROQvxT.exe

C:\Windows\System\TaAFsrM.exe

C:\Windows\System\TaAFsrM.exe

C:\Windows\System\HBohEHt.exe

C:\Windows\System\HBohEHt.exe

C:\Windows\System\NIeNyis.exe

C:\Windows\System\NIeNyis.exe

C:\Windows\System\emPwqBk.exe

C:\Windows\System\emPwqBk.exe

C:\Windows\System\NmtlTZq.exe

C:\Windows\System\NmtlTZq.exe

C:\Windows\System\bLwEiZC.exe

C:\Windows\System\bLwEiZC.exe

C:\Windows\System\XKJMAdF.exe

C:\Windows\System\XKJMAdF.exe

C:\Windows\System\RlyXKpM.exe

C:\Windows\System\RlyXKpM.exe

C:\Windows\System\BsrtXDj.exe

C:\Windows\System\BsrtXDj.exe

C:\Windows\System\tTQFxsk.exe

C:\Windows\System\tTQFxsk.exe

C:\Windows\System\jNgREef.exe

C:\Windows\System\jNgREef.exe

C:\Windows\System\QBsKgeM.exe

C:\Windows\System\QBsKgeM.exe

C:\Windows\System\EKYRbtN.exe

C:\Windows\System\EKYRbtN.exe

C:\Windows\System\HBLNVQX.exe

C:\Windows\System\HBLNVQX.exe

C:\Windows\System\bNAOGnG.exe

C:\Windows\System\bNAOGnG.exe

C:\Windows\System\IpYnOTO.exe

C:\Windows\System\IpYnOTO.exe

C:\Windows\System\kKuUEFf.exe

C:\Windows\System\kKuUEFf.exe

C:\Windows\System\PalmfdY.exe

C:\Windows\System\PalmfdY.exe

C:\Windows\System\rTkkSXk.exe

C:\Windows\System\rTkkSXk.exe

C:\Windows\System\VTPcNFv.exe

C:\Windows\System\VTPcNFv.exe

C:\Windows\System\PLchgxN.exe

C:\Windows\System\PLchgxN.exe

C:\Windows\System\rqDwPru.exe

C:\Windows\System\rqDwPru.exe

C:\Windows\System\wqqQwcu.exe

C:\Windows\System\wqqQwcu.exe

C:\Windows\System\gyzPOeL.exe

C:\Windows\System\gyzPOeL.exe

C:\Windows\System\MwfcKGv.exe

C:\Windows\System\MwfcKGv.exe

C:\Windows\System\WFlzPpt.exe

C:\Windows\System\WFlzPpt.exe

C:\Windows\System\xHxxmRf.exe

C:\Windows\System\xHxxmRf.exe

C:\Windows\System\QtsOocR.exe

C:\Windows\System\QtsOocR.exe

C:\Windows\System\FfquQEO.exe

C:\Windows\System\FfquQEO.exe

C:\Windows\System\mBePlZb.exe

C:\Windows\System\mBePlZb.exe

C:\Windows\System\TUQhMoq.exe

C:\Windows\System\TUQhMoq.exe

C:\Windows\System\gqNimoL.exe

C:\Windows\System\gqNimoL.exe

C:\Windows\System\OSpesQI.exe

C:\Windows\System\OSpesQI.exe

C:\Windows\System\VeMvNtJ.exe

C:\Windows\System\VeMvNtJ.exe

C:\Windows\System\KlNTtEv.exe

C:\Windows\System\KlNTtEv.exe

C:\Windows\System\VODXIvM.exe

C:\Windows\System\VODXIvM.exe

C:\Windows\System\UgsWeOP.exe

C:\Windows\System\UgsWeOP.exe

C:\Windows\System\IimdNdD.exe

C:\Windows\System\IimdNdD.exe

C:\Windows\System\BvjCzze.exe

C:\Windows\System\BvjCzze.exe

C:\Windows\System\NPaeFqf.exe

C:\Windows\System\NPaeFqf.exe

C:\Windows\System\yzyzHZE.exe

C:\Windows\System\yzyzHZE.exe

C:\Windows\System\VNTEohI.exe

C:\Windows\System\VNTEohI.exe

C:\Windows\System\wcrNRgj.exe

C:\Windows\System\wcrNRgj.exe

C:\Windows\System\iPCILlF.exe

C:\Windows\System\iPCILlF.exe

C:\Windows\System\zKirKlA.exe

C:\Windows\System\zKirKlA.exe

C:\Windows\System\usnUieq.exe

C:\Windows\System\usnUieq.exe

C:\Windows\System\hEXmQkN.exe

C:\Windows\System\hEXmQkN.exe

C:\Windows\System\TkvMIOF.exe

C:\Windows\System\TkvMIOF.exe

C:\Windows\System\nfNoLJX.exe

C:\Windows\System\nfNoLJX.exe

C:\Windows\System\PerDxUM.exe

C:\Windows\System\PerDxUM.exe

C:\Windows\System\zzGZvyC.exe

C:\Windows\System\zzGZvyC.exe

C:\Windows\System\cNpdeCT.exe

C:\Windows\System\cNpdeCT.exe

C:\Windows\System\oeHnQqq.exe

C:\Windows\System\oeHnQqq.exe

C:\Windows\System\mwVDKtV.exe

C:\Windows\System\mwVDKtV.exe

C:\Windows\System\rlCpjDT.exe

C:\Windows\System\rlCpjDT.exe

C:\Windows\System\BNlsADk.exe

C:\Windows\System\BNlsADk.exe

C:\Windows\System\amXsONW.exe

C:\Windows\System\amXsONW.exe

C:\Windows\System\hQQkQiB.exe

C:\Windows\System\hQQkQiB.exe

C:\Windows\System\OwXxuwv.exe

C:\Windows\System\OwXxuwv.exe

C:\Windows\System\ymHjFol.exe

C:\Windows\System\ymHjFol.exe

C:\Windows\System\pzijQJt.exe

C:\Windows\System\pzijQJt.exe

C:\Windows\System\NIgVlOd.exe

C:\Windows\System\NIgVlOd.exe

C:\Windows\System\MOLdoCu.exe

C:\Windows\System\MOLdoCu.exe

C:\Windows\System\GiDqGzy.exe

C:\Windows\System\GiDqGzy.exe

C:\Windows\System\HyTEllD.exe

C:\Windows\System\HyTEllD.exe

C:\Windows\System\PeuSKfa.exe

C:\Windows\System\PeuSKfa.exe

C:\Windows\System\JmSmlOs.exe

C:\Windows\System\JmSmlOs.exe

C:\Windows\System\SNLvfvr.exe

C:\Windows\System\SNLvfvr.exe

C:\Windows\System\FZVZWtP.exe

C:\Windows\System\FZVZWtP.exe

C:\Windows\System\tutjNGN.exe

C:\Windows\System\tutjNGN.exe

C:\Windows\System\iMWzymP.exe

C:\Windows\System\iMWzymP.exe

C:\Windows\System\CLZdPuq.exe

C:\Windows\System\CLZdPuq.exe

C:\Windows\System\IbpsbVH.exe

C:\Windows\System\IbpsbVH.exe

C:\Windows\System\zPKUAiW.exe

C:\Windows\System\zPKUAiW.exe

C:\Windows\System\JYYfpww.exe

C:\Windows\System\JYYfpww.exe

C:\Windows\System\NbmVehH.exe

C:\Windows\System\NbmVehH.exe

C:\Windows\System\gzAfOKP.exe

C:\Windows\System\gzAfOKP.exe

C:\Windows\System\SUSpHvl.exe

C:\Windows\System\SUSpHvl.exe

C:\Windows\System\lVURcIQ.exe

C:\Windows\System\lVURcIQ.exe

C:\Windows\System\qpUJzwL.exe

C:\Windows\System\qpUJzwL.exe

C:\Windows\System\bJkneuF.exe

C:\Windows\System\bJkneuF.exe

C:\Windows\System\FneAVGT.exe

C:\Windows\System\FneAVGT.exe

C:\Windows\System\DiuUDkx.exe

C:\Windows\System\DiuUDkx.exe

C:\Windows\System\iYVTGpk.exe

C:\Windows\System\iYVTGpk.exe

C:\Windows\System\hSBXAmx.exe

C:\Windows\System\hSBXAmx.exe

C:\Windows\System\OyfGCrn.exe

C:\Windows\System\OyfGCrn.exe

C:\Windows\System\iTMupFU.exe

C:\Windows\System\iTMupFU.exe

C:\Windows\System\YejIwRl.exe

C:\Windows\System\YejIwRl.exe

C:\Windows\System\ANBxBWC.exe

C:\Windows\System\ANBxBWC.exe

C:\Windows\System\yjkJilG.exe

C:\Windows\System\yjkJilG.exe

C:\Windows\System\IEQuzyq.exe

C:\Windows\System\IEQuzyq.exe

C:\Windows\System\SHMAcIY.exe

C:\Windows\System\SHMAcIY.exe

C:\Windows\System\etdZTSa.exe

C:\Windows\System\etdZTSa.exe

C:\Windows\System\XuMDPIH.exe

C:\Windows\System\XuMDPIH.exe

C:\Windows\System\ZPSlMVV.exe

C:\Windows\System\ZPSlMVV.exe

C:\Windows\System\QTRrdTu.exe

C:\Windows\System\QTRrdTu.exe

C:\Windows\System\wWhjkea.exe

C:\Windows\System\wWhjkea.exe

C:\Windows\System\StrFpFP.exe

C:\Windows\System\StrFpFP.exe

C:\Windows\System\fLvmHMK.exe

C:\Windows\System\fLvmHMK.exe

C:\Windows\System\BSHTWPA.exe

C:\Windows\System\BSHTWPA.exe

C:\Windows\System\urwBdus.exe

C:\Windows\System\urwBdus.exe

C:\Windows\System\iqjsspg.exe

C:\Windows\System\iqjsspg.exe

C:\Windows\System\YPpmvIz.exe

C:\Windows\System\YPpmvIz.exe

C:\Windows\System\mnaEfWz.exe

C:\Windows\System\mnaEfWz.exe

C:\Windows\System\JXJlzJV.exe

C:\Windows\System\JXJlzJV.exe

C:\Windows\System\mmgiDQb.exe

C:\Windows\System\mmgiDQb.exe

C:\Windows\System\WUrDrlB.exe

C:\Windows\System\WUrDrlB.exe

C:\Windows\System\xsGBgAz.exe

C:\Windows\System\xsGBgAz.exe

C:\Windows\System\AijBSEY.exe

C:\Windows\System\AijBSEY.exe

C:\Windows\System\rtsFvCr.exe

C:\Windows\System\rtsFvCr.exe

C:\Windows\System\ZwuclTD.exe

C:\Windows\System\ZwuclTD.exe

C:\Windows\System\wlOdNZx.exe

C:\Windows\System\wlOdNZx.exe

C:\Windows\System\LxdRjSo.exe

C:\Windows\System\LxdRjSo.exe

C:\Windows\System\hVeyhQt.exe

C:\Windows\System\hVeyhQt.exe

C:\Windows\System\IGSOvwt.exe

C:\Windows\System\IGSOvwt.exe

C:\Windows\System\oXUHLhx.exe

C:\Windows\System\oXUHLhx.exe

C:\Windows\System\MyLJssG.exe

C:\Windows\System\MyLJssG.exe

C:\Windows\System\BWNFhPn.exe

C:\Windows\System\BWNFhPn.exe

C:\Windows\System\VMBAVCL.exe

C:\Windows\System\VMBAVCL.exe

C:\Windows\System\ZkCeceg.exe

C:\Windows\System\ZkCeceg.exe

C:\Windows\System\SwAJGwV.exe

C:\Windows\System\SwAJGwV.exe

C:\Windows\System\HHKVrzL.exe

C:\Windows\System\HHKVrzL.exe

C:\Windows\System\UCGKnmL.exe

C:\Windows\System\UCGKnmL.exe

C:\Windows\System\IYySZtr.exe

C:\Windows\System\IYySZtr.exe

C:\Windows\System\PeLrdSL.exe

C:\Windows\System\PeLrdSL.exe

C:\Windows\System\ToVyrll.exe

C:\Windows\System\ToVyrll.exe

C:\Windows\System\gpMbYxO.exe

C:\Windows\System\gpMbYxO.exe

C:\Windows\System\sQDWsQp.exe

C:\Windows\System\sQDWsQp.exe

C:\Windows\System\bxhzAXY.exe

C:\Windows\System\bxhzAXY.exe

C:\Windows\System\BfOgjSG.exe

C:\Windows\System\BfOgjSG.exe

C:\Windows\System\krqfmGb.exe

C:\Windows\System\krqfmGb.exe

C:\Windows\System\tyjiayE.exe

C:\Windows\System\tyjiayE.exe

C:\Windows\System\qIgjZrZ.exe

C:\Windows\System\qIgjZrZ.exe

C:\Windows\System\XniSZxL.exe

C:\Windows\System\XniSZxL.exe

C:\Windows\System\FDBsMHe.exe

C:\Windows\System\FDBsMHe.exe

C:\Windows\System\XmOPqqM.exe

C:\Windows\System\XmOPqqM.exe

C:\Windows\System\bdMiEIm.exe

C:\Windows\System\bdMiEIm.exe

C:\Windows\System\qVexCzZ.exe

C:\Windows\System\qVexCzZ.exe

C:\Windows\System\mdcVvnb.exe

C:\Windows\System\mdcVvnb.exe

C:\Windows\System\qXlQeRQ.exe

C:\Windows\System\qXlQeRQ.exe

C:\Windows\System\RlmespV.exe

C:\Windows\System\RlmespV.exe

C:\Windows\System\QckYODZ.exe

C:\Windows\System\QckYODZ.exe

C:\Windows\System\IeBmMFO.exe

C:\Windows\System\IeBmMFO.exe

C:\Windows\System\leCtUoP.exe

C:\Windows\System\leCtUoP.exe

C:\Windows\System\ofmWAnU.exe

C:\Windows\System\ofmWAnU.exe

C:\Windows\System\UFeoaBu.exe

C:\Windows\System\UFeoaBu.exe

C:\Windows\System\dstPuhQ.exe

C:\Windows\System\dstPuhQ.exe

C:\Windows\System\CLcRPOG.exe

C:\Windows\System\CLcRPOG.exe

C:\Windows\System\UGUPwSV.exe

C:\Windows\System\UGUPwSV.exe

C:\Windows\System\dIvgVbe.exe

C:\Windows\System\dIvgVbe.exe

C:\Windows\System\dQcSEUn.exe

C:\Windows\System\dQcSEUn.exe

C:\Windows\System\gyqSFTr.exe

C:\Windows\System\gyqSFTr.exe

C:\Windows\System\zcaStXa.exe

C:\Windows\System\zcaStXa.exe

C:\Windows\System\oZVsBsX.exe

C:\Windows\System\oZVsBsX.exe

C:\Windows\System\SqrTUXq.exe

C:\Windows\System\SqrTUXq.exe

C:\Windows\System\itpZyNW.exe

C:\Windows\System\itpZyNW.exe

C:\Windows\System\gjPVNBG.exe

C:\Windows\System\gjPVNBG.exe

C:\Windows\System\WhzOTzy.exe

C:\Windows\System\WhzOTzy.exe

C:\Windows\System\dXSXzJp.exe

C:\Windows\System\dXSXzJp.exe

C:\Windows\System\ChUBSVC.exe

C:\Windows\System\ChUBSVC.exe

C:\Windows\System\lkpsZYO.exe

C:\Windows\System\lkpsZYO.exe

C:\Windows\System\kBcIsai.exe

C:\Windows\System\kBcIsai.exe

C:\Windows\System\nHBZmdD.exe

C:\Windows\System\nHBZmdD.exe

C:\Windows\System\HFGGOEa.exe

C:\Windows\System\HFGGOEa.exe

C:\Windows\System\hmGtLut.exe

C:\Windows\System\hmGtLut.exe

C:\Windows\System\YRsOZmK.exe

C:\Windows\System\YRsOZmK.exe

C:\Windows\System\JEJnKbc.exe

C:\Windows\System\JEJnKbc.exe

C:\Windows\System\YEVIcxb.exe

C:\Windows\System\YEVIcxb.exe

C:\Windows\System\zunftXB.exe

C:\Windows\System\zunftXB.exe

C:\Windows\System\PoQGEWx.exe

C:\Windows\System\PoQGEWx.exe

C:\Windows\System\HjTEGCy.exe

C:\Windows\System\HjTEGCy.exe

C:\Windows\System\ngLGPsX.exe

C:\Windows\System\ngLGPsX.exe

C:\Windows\System\aKOdiHA.exe

C:\Windows\System\aKOdiHA.exe

C:\Windows\System\etEKNrO.exe

C:\Windows\System\etEKNrO.exe

C:\Windows\System\OxasdVR.exe

C:\Windows\System\OxasdVR.exe

C:\Windows\System\iOQINiJ.exe

C:\Windows\System\iOQINiJ.exe

C:\Windows\System\mLmWBzO.exe

C:\Windows\System\mLmWBzO.exe

C:\Windows\System\FFiXQfi.exe

C:\Windows\System\FFiXQfi.exe

C:\Windows\System\YneKgxL.exe

C:\Windows\System\YneKgxL.exe

C:\Windows\System\PEnleYY.exe

C:\Windows\System\PEnleYY.exe

C:\Windows\System\CrVoTVm.exe

C:\Windows\System\CrVoTVm.exe

C:\Windows\System\LKFDBuQ.exe

C:\Windows\System\LKFDBuQ.exe

C:\Windows\System\BrDFugw.exe

C:\Windows\System\BrDFugw.exe

C:\Windows\System\SqiZXHU.exe

C:\Windows\System\SqiZXHU.exe

C:\Windows\System\FFeqPcr.exe

C:\Windows\System\FFeqPcr.exe

C:\Windows\System\rpKzNLY.exe

C:\Windows\System\rpKzNLY.exe

C:\Windows\System\mSFDFGI.exe

C:\Windows\System\mSFDFGI.exe

C:\Windows\System\WFYEBqE.exe

C:\Windows\System\WFYEBqE.exe

C:\Windows\System\WGyIgdV.exe

C:\Windows\System\WGyIgdV.exe

C:\Windows\System\wixehBi.exe

C:\Windows\System\wixehBi.exe

C:\Windows\System\WpPMiiN.exe

C:\Windows\System\WpPMiiN.exe

C:\Windows\System\lSprhHB.exe

C:\Windows\System\lSprhHB.exe

C:\Windows\System\KfDuvOk.exe

C:\Windows\System\KfDuvOk.exe

C:\Windows\System\MmcQnnT.exe

C:\Windows\System\MmcQnnT.exe

C:\Windows\System\uHuIzgf.exe

C:\Windows\System\uHuIzgf.exe

C:\Windows\System\rTKlGtH.exe

C:\Windows\System\rTKlGtH.exe

C:\Windows\System\sLxamLq.exe

C:\Windows\System\sLxamLq.exe

C:\Windows\System\EzoILsu.exe

C:\Windows\System\EzoILsu.exe

C:\Windows\System\yLmuRuM.exe

C:\Windows\System\yLmuRuM.exe

C:\Windows\System\mxGoFQv.exe

C:\Windows\System\mxGoFQv.exe

C:\Windows\System\wdeEiMm.exe

C:\Windows\System\wdeEiMm.exe

C:\Windows\System\uPZEnuD.exe

C:\Windows\System\uPZEnuD.exe

C:\Windows\System\PdQmiCN.exe

C:\Windows\System\PdQmiCN.exe

C:\Windows\System\BfLLHOT.exe

C:\Windows\System\BfLLHOT.exe

C:\Windows\System\IgfHdjX.exe

C:\Windows\System\IgfHdjX.exe

C:\Windows\System\dTDCrMU.exe

C:\Windows\System\dTDCrMU.exe

C:\Windows\System\srlNkkt.exe

C:\Windows\System\srlNkkt.exe

C:\Windows\System\KYbfYvf.exe

C:\Windows\System\KYbfYvf.exe

C:\Windows\System\UUQBYNu.exe

C:\Windows\System\UUQBYNu.exe

C:\Windows\System\AzIROnh.exe

C:\Windows\System\AzIROnh.exe

C:\Windows\System\vUjJNcM.exe

C:\Windows\System\vUjJNcM.exe

C:\Windows\System\hhbXTXD.exe

C:\Windows\System\hhbXTXD.exe

C:\Windows\System\JTOxmdR.exe

C:\Windows\System\JTOxmdR.exe

C:\Windows\System\DiUqagj.exe

C:\Windows\System\DiUqagj.exe

C:\Windows\System\FFvEvBe.exe

C:\Windows\System\FFvEvBe.exe

C:\Windows\System\egTuWwJ.exe

C:\Windows\System\egTuWwJ.exe

C:\Windows\System\WqoHKRU.exe

C:\Windows\System\WqoHKRU.exe

C:\Windows\System\KsIRvsZ.exe

C:\Windows\System\KsIRvsZ.exe

C:\Windows\System\IQenXMh.exe

C:\Windows\System\IQenXMh.exe

C:\Windows\System\WFphpPe.exe

C:\Windows\System\WFphpPe.exe

C:\Windows\System\gFvXucq.exe

C:\Windows\System\gFvXucq.exe

C:\Windows\System\tTJUMDu.exe

C:\Windows\System\tTJUMDu.exe

C:\Windows\System\tQgyFIA.exe

C:\Windows\System\tQgyFIA.exe

C:\Windows\System\ZkxRLlJ.exe

C:\Windows\System\ZkxRLlJ.exe

C:\Windows\System\ddWYXvh.exe

C:\Windows\System\ddWYXvh.exe

C:\Windows\System\IxTFCnp.exe

C:\Windows\System\IxTFCnp.exe

C:\Windows\System\zKovSKG.exe

C:\Windows\System\zKovSKG.exe

C:\Windows\System\pbOtalK.exe

C:\Windows\System\pbOtalK.exe

C:\Windows\System\aihzskr.exe

C:\Windows\System\aihzskr.exe

C:\Windows\System\MCpFfTH.exe

C:\Windows\System\MCpFfTH.exe

C:\Windows\System\GmPqtGU.exe

C:\Windows\System\GmPqtGU.exe

C:\Windows\System\PJRhtyX.exe

C:\Windows\System\PJRhtyX.exe

C:\Windows\System\MMWNbcj.exe

C:\Windows\System\MMWNbcj.exe

C:\Windows\System\WiKHBTU.exe

C:\Windows\System\WiKHBTU.exe

C:\Windows\System\jgfWhEE.exe

C:\Windows\System\jgfWhEE.exe

C:\Windows\System\EjbLKNh.exe

C:\Windows\System\EjbLKNh.exe

C:\Windows\System\sLLnFAc.exe

C:\Windows\System\sLLnFAc.exe

C:\Windows\System\ZwFKUUH.exe

C:\Windows\System\ZwFKUUH.exe

C:\Windows\System\hnVxYtA.exe

C:\Windows\System\hnVxYtA.exe

C:\Windows\System\RULIVCW.exe

C:\Windows\System\RULIVCW.exe

C:\Windows\System\QGSOnpX.exe

C:\Windows\System\QGSOnpX.exe

C:\Windows\System\FedxlEP.exe

C:\Windows\System\FedxlEP.exe

C:\Windows\System\PjrvaUv.exe

C:\Windows\System\PjrvaUv.exe

C:\Windows\System\KTuLdnG.exe

C:\Windows\System\KTuLdnG.exe

C:\Windows\System\ZsqcdtH.exe

C:\Windows\System\ZsqcdtH.exe

C:\Windows\System\AoCgCui.exe

C:\Windows\System\AoCgCui.exe

C:\Windows\System\hvaLyFp.exe

C:\Windows\System\hvaLyFp.exe

C:\Windows\System\wSgCJzR.exe

C:\Windows\System\wSgCJzR.exe

C:\Windows\System\zcciYou.exe

C:\Windows\System\zcciYou.exe

C:\Windows\System\QRUjnhW.exe

C:\Windows\System\QRUjnhW.exe

C:\Windows\System\vpAbhyM.exe

C:\Windows\System\vpAbhyM.exe

C:\Windows\System\HIfXuor.exe

C:\Windows\System\HIfXuor.exe

C:\Windows\System\SPiHzDM.exe

C:\Windows\System\SPiHzDM.exe

C:\Windows\System\tsibYxm.exe

C:\Windows\System\tsibYxm.exe

C:\Windows\System\tuIZAKd.exe

C:\Windows\System\tuIZAKd.exe

C:\Windows\System\GVFJVcU.exe

C:\Windows\System\GVFJVcU.exe

C:\Windows\System\PTVMUdV.exe

C:\Windows\System\PTVMUdV.exe

C:\Windows\System\MwMOHPs.exe

C:\Windows\System\MwMOHPs.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1772-0-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/1772-1-0x0000000000180000-0x0000000000190000-memory.dmp

\Windows\system\iZEgmNk.exe

MD5 cbc3f142f50456de89fde1060b780528
SHA1 49065ce85465d41d1fbc856ce876872b500cd144
SHA256 37f47d279812bd92680d88be9a724c65aa2ea11a7c364c121787dec4044c1dc8
SHA512 d2437157e8d7fe603872ba87bde8b6bec620df4627b5e203bcf95b152a31054d2be9d1c999d601f2e5f794c7caae679410eee011c35b9b149c2eec4f4397f2b6

C:\Windows\system\esMByyo.exe

MD5 633532ef3841a095903517bf94c1d552
SHA1 b40f31c10301f7b93b6c992e2e04c795fde4d254
SHA256 47aadf78c820380d41759680fd3c20a9c55300ccb842c3fe61553d6f67e0f345
SHA512 25524fef4e63a18bbc3cd88db9402d7b44f974a27e49209877a5897e34777fdeaf11fa8c9598cc0bffb82e03c99c180f0b231a6473a49286fc96f807fd5e8bcb

\Windows\system\usTpgSA.exe

MD5 0e44a4b336dfb1f6ff3189961fcb7e7e
SHA1 9de495b40a36b1b7a552f6c6d8006bd8c9f92cb7
SHA256 fc024341d17832eb3746c74e1d8d85dcdd48071d6375260358a8684e95929ba9
SHA512 97bffe677c94292401e7d8d64e4284d305b2d367a72bdcaf3a596a2c656c90e66e56c5832a36400b27f3013826ee7428f5d26a7568468fe69c4a0fd7121ce6f1

memory/2324-18-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1772-23-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\TlEOQWY.exe

MD5 1df053deb25aab4dbe3157f92d6fd666
SHA1 1688f1b975471ef68f42ec80db5bbc66df93f36d
SHA256 9c00b57d598902d0c302c9727e5f10936e7048c4b509a7a3745e553a22e8a44b
SHA512 c9be86a727ab8957206e6c2e5b498269074d0e014eac1cc58efbcfa916899237be86ddbeb40a3b083d3d16b5f6d3f68f47dba6fecf8a5ff5770e08eadf8f7158

C:\Windows\system\pYSzcXi.exe

MD5 c0c1f8b182e12c9f5dccdbb890af390e
SHA1 7742c51157e7624f7f1c1e262f4db0ca956b2c30
SHA256 11647a413575b45e106a9aad1d7ac9117b3485277dee3a7c804805f9d37866f4
SHA512 4c39e4d6e4738dc8372f684d7dff9b02f715f958c97e0bef005f74da400f1eebfcf4eb5b0cea036632c77f0d1b9abbee45efb56fc033e54ffbe8088adbe1d06f

C:\Windows\system\CGYohoD.exe

MD5 e3e054d3597dd9c14847fc6caa4929c5
SHA1 cf4bce387b2bffb1769b07ba8e1258f468d6f80d
SHA256 61697d72e535ec346957ea3306f0b73e73c55b01c6c63f0c0239e2af39b03171
SHA512 b49d614c1c82979e3e2317983e71706cf95cf45f3c5f70c6c61f289ac54062915047dbd5f3c559ec6f7c99b6b498864b444f53d57b4ea55a54da47183830b6c6

\Windows\system\uESfgOe.exe

MD5 f8fd9c754e3ee8141d15f01854c7a06d
SHA1 9c94f92c39db1698c7d793a1cc5c222ab74956f5
SHA256 45375c0da364cc985ab85b70e8cccab2c73e86010e7720036be6e22e4aa3db88
SHA512 5c0b516606c30dce0de6628793be1317b2a74aa93af52b1fb781d7f88ca9b6055ce2421eb9e3683bff3cd2bef5f3b09562f4c80044c432efdc335be93e45c3e3

C:\Windows\system\eEFkRnX.exe

MD5 14310adcccbee0dd748711075d3ed0f3
SHA1 bfac52f1b69bfef88659f2d10e057424a6c2c9d6
SHA256 0568501428e538c89927fd62fa3871d0b2c5ed2e7a93d06089ae108ff93d08d1
SHA512 a0909531f56005f88704bb0e5609050e9ffe26e2ce7f4f97e8cff80ae1cb3d3759952ea1cc6b39880c52380c9189e11bba670f8a6b47102fefc9188137c73bc2

C:\Windows\system\LBgykQE.exe

MD5 e66d5fecc8779ba2ceaba5a16f52639f
SHA1 ece631e033934df5701c14a5d584a28c5bad9e74
SHA256 a3043cca0ae1cb7d904084d490140b0401b3a0058ab9804c061cb1e864b3f416
SHA512 f7ade250d4df55906d9314d70fd72db57fae615cc1dbf2c564806a1fc9660064151fe8b39c00d4237fc4da165c61c858cb7606f1bdc29de4e3f3e650c23576b8

C:\Windows\system\QyFiTNA.exe

MD5 3ec8f81828fb6b5e1a5dafe36cea93bd
SHA1 5b7f62e634d38755b0414fe65216bb995e6f87e6
SHA256 e2223d876ba97343cf4f69317abefef0df867d048e0fa0fbd340a7ab0a5c2ff9
SHA512 741946875a66b925597ba280dddbee32a8fe9d8fbd17c7ba625e53c3f4f43d7a55e9ed8d5e164d641668553d6c86f0986fb164ccc80868f04b780fda6bfb2e1f

C:\Windows\system\iwpwXnt.exe

MD5 c82f78a23d8d71a2762572e88aa1e76e
SHA1 02fe5f04ca97bb383a67c48813e6c5614496b4cd
SHA256 1deaf808cdf38c872d60b084f095f7df0d3761a3f9e01ac833728b70cd637c9f
SHA512 bb0779a70c101ae5e336621ddc007327a527e1341d98ea0ed5696109692c5abf47a5ae71ffb7b7e7a2607b8438ee7d1405b56e44f8114a56817cd2614c12d474

C:\Windows\system\tmLQbWv.exe

MD5 8f6e9bf5b4e248b0d3ebc4e3392ecf32
SHA1 c98e2fac8deb1d658bf54865b7e73128ed49e508
SHA256 ec65d43bfa865f198353b2642a5ea6522ad1d25a192de16145232db94b681875
SHA512 2c5a9d9325e7d390ac28f4a90111b49c95b95287cef473316e2d94d0e53d7696afcc76e767c7cd19f78b084d983720e14747e405b514ec89e09562094125e247

memory/1772-554-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1772-555-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1772-573-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/1712-606-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/1772-656-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/1772-684-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2492-650-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2608-637-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2652-688-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1772-686-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2668-683-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/1772-613-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1772-681-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/3008-678-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1772-675-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1772-644-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/1772-628-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2796-621-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1772-598-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/3036-586-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/2568-657-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2460-565-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/1772-560-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2736-556-0x000000013F040000-0x000000013F394000-memory.dmp

memory/3068-553-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/3020-551-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\EbopFqe.exe

MD5 dde267685e25dfd8b15d79b2991afdaf
SHA1 bb40ed8fa5fb7904d6891a342e46bbabb9610e53
SHA256 a1a3285f14ca3f517077f4e4d8adbf2de0e2b84cb2900cc62c5d30d0b4377efd
SHA512 888c3f0e75b8b43f54947b5e8cc63a0cee9b183771365ca724906f43f1794767455ebe833f7e0c616b2378938ddf499816c1408f214e1ee2bff090c9634bb036

C:\Windows\system\WlrpoMc.exe

MD5 df1584b471414e271a9fb5354deb6aef
SHA1 466ab2f188ccf02c532426883493caf5939fcf1e
SHA256 d3582eb2f5d6728be00b791610f86dd5d887d5621337d0d3f73af0d2e1431f49
SHA512 41c591bffe8d6e953e2146f16fb37377a169d26ac46bbe4bb978cc2f6192543cbe4dd03688bc2cc341ead56826aff4d8fcf537d7e30ab3709dddf8b3e79d1381

C:\Windows\system\jXwXOgv.exe

MD5 7c9638a0044534b80e9f9f4bd185d4d7
SHA1 228f496226187a01c746a90b08669defdf0f51bb
SHA256 efee27d1898c751c4cc04cfbd376a3e475c4623fedeaa90d9129507d2aff1e85
SHA512 210ceb40ee0bc590bb27095597b7e5609f716afd4a694d8aad51996b3b04633e56858ac2784dfc66e6e68b872adfcaa5d627ba05d4af768b13d98c46f7606328

C:\Windows\system\uLIsalF.exe

MD5 3b1dfa1ce3bce1936cdff74e08a7d4f2
SHA1 d906a1c67fa9aaa2be75a5550664bf2d9ff4a791
SHA256 ea33bf9322bd2e05eef860d181be545b141a37d31ce80c17a5651bdf3155594a
SHA512 eb9df498fb5365933ed0b6af853e8f654fc496d08856684161fa10e7b6fcf687ac662aaebda2b15fc98e5dd24caa51fe0d3cf685a1c80692c32a69aaf55aa6c0

C:\Windows\system\Omqmgis.exe

MD5 4f2f7725edbdce606deb1ae9188941a4
SHA1 f8853583f57da436e35b39fffad2202c34819f9c
SHA256 443807b9eece818c479d395e761376ae058eec09ba791218a4a3c322e2697e4f
SHA512 5ee753b20594e31b75ad65d6c78e0fe0907fdedc2eee6ba74ada797d808a07bdab2695c03b3e9ceba1f16858631ac28366f98b0432a1fe2befe2ba303871dca6

C:\Windows\system\YvVbbPE.exe

MD5 702f49c675e7e01426e88cd34dccd7d7
SHA1 493e837c66d99db8ca16dff42b291bd3b02b544d
SHA256 94ea87062f203b59151336ed6b6c924fa31382144c39592367ceb437987d10ee
SHA512 b36efa56c6d0ea59717a17ce06ea765b98ab372192bef39323da53f74574ba87494b71e6bc9a1727eb266ecd8e180ee74b6ca9d22c174136ced23037bff5155f

C:\Windows\system\bYjOeIf.exe

MD5 25c1b8ef6b9cc7ba6d1016f6d76b157b
SHA1 40453369b6f519f1a43a14f9890c5fc8043cbda1
SHA256 fbc2a18d6fe700e9f39b33ed2ab51ed6618450dedfcae8721adb9a07a02bd49d
SHA512 8c8f82e98227d35b5c60eb32fcea90c02c417ae54337bbcd894435117b4727b8668cb49924ecd8cebf94f09032627e0f2d26daeeeda4ba2bd02f3e5531005fef

C:\Windows\system\EtUVJap.exe

MD5 fb3dd74ec1c0988ef01e55db70d92a84
SHA1 fae4554b5bac730d1a968056d5460ca092bfe9a8
SHA256 18bd7b7f1e8b562c6578b2aff5ee2c1a0f296ca3809c26051e1ae04063f04661
SHA512 4c97dbb32941076f9e34570e03584f09d38c9bf224fa3b2c7933131ed34d9dd47f4ee93d6a4c577b60e6ce2c117c5c7500ced7087d153daf7ad7465892a7aa3f

C:\Windows\system\CNKFwXW.exe

MD5 e49e899af57e1e7838a9de484372d53c
SHA1 eb0facdff30c8a42afcf8e37844c58849cc9af72
SHA256 5c2f332f343925588edb73f63abc2c22a2b7f94072bea9c8c3e64bdc48a893be
SHA512 9795ed4a039e8f60966295dff5497cbe139ebd9c6cee3cda81deafb0eb6ce9f5daaa2733674cf20520bfc859277380a4d5bd9df75d9f8fce1afea579d3ee2abf

C:\Windows\system\LuWpBPy.exe

MD5 bd4452c6a1a351407674d49d3f083714
SHA1 918ae9e64b0feef98175874b04c329478d57552c
SHA256 0ae340e8e93d78d8969c08e8e38614e8ad1906de1b7dbb9e39fe0d6a8c996935
SHA512 d23dc08b33bb5fc30ea0b3b1621f2e3ad812add4f28083fe0c92e0f652a04abe6a11a2ea9bb16454994093e48a088c89186a8c88e5c30cb3aa1a96c40ef4ae4f

C:\Windows\system\NWgocJo.exe

MD5 74a34dbe243e2c317e72e34bf7141952
SHA1 66ed482403ac9bbbb6789baf4f457db9c8380119
SHA256 2726bcadeb8f1934340822ee54c571cec57db80f1e3cce432a0ac57f9eff89d5
SHA512 c0fa746712b15eccdc43613d6a6d9b43502c72139300ee642ffd3d6aec5bc423921c47d648220b8a3a1da9ae5beec904bb58876e34b09d058b292ee724261290

C:\Windows\system\fGiufgO.exe

MD5 692cbc0720e632805a508854e1dd94dc
SHA1 7245450a13bafa446e7e1d9da4b642b74882f8a7
SHA256 f18423f62a94b1d3aaf8010ece32ba07a2bdf57fdf009f0e7cde800f8fc2dc70
SHA512 3f024e958f5d0c37f014ea17c94c7a20f4483fca07954fd332bb6bbb21e0b588a85aa90ff058279759772b84cedc8ca3c6d62a153c49358fffe2df74b9b68e8c

C:\Windows\system\fBzEgkf.exe

MD5 c622cb522cb47ce838279184657a2062
SHA1 7c0b9fd399380ea028739ec23ee30f53618052d9
SHA256 928207c79cafd0df03d01f553ff80c23b41d0583a7d1bf3d04ec1b3dcd3eee84
SHA512 428996f38d79fb8748020012cd2a6574678127ccf8ea42171e69d235d7c3a303d9da86a9d459fcd0540163c79bf73fd810d80688bd1560c86c357df2af30c163

C:\Windows\system\dqaNnvn.exe

MD5 5fc6f1feead54958aa70516f797de00a
SHA1 4497dba73e012b5836d5db6e5bbef48ab88ac06a
SHA256 8128fc9540027ad9e5edce93ec469425f0e490c8f7b30ad000da755f2cd1f7cb
SHA512 1857cd30df3ab92cc9ed60a227d2843fe043d011be5cd19e55dac2aa45f035d854c4f13e9a75442dd7b0b200acaf4c0f335f0810356c46602febe0b302b28e67

C:\Windows\system\RdyWzXr.exe

MD5 8599105e08e436765965432d431e7011
SHA1 fef028f89683d9ef957fe288c3a9ea8330fbe223
SHA256 774fe0746cd0e742db3eef43735e1600986ab05221086d51e2bd105a0b8bc208
SHA512 868459df1356cbd379a00f4aa5875739eacda20d51cc5fb05e5f875fc92fe6f05a16d1ef6da9f3186ebac6a07a02306359de2a0775db15aa6a2e5fe2cb2a13e9

C:\Windows\system\YDvcFBu.exe

MD5 30c819b08b028ee6ffefdea5e00839de
SHA1 70bf86f5118f508417e1a2c1e7a9287fdf888a64
SHA256 66b2db084fe435cddebdb2e636fdbf38c8f9c5de250f76acf39deab8c6249c94
SHA512 7ea2386ac156a65e2f4bd873a089b20e2a0aa90bae3ff8f5067456ebfd7dd2b883a75b80f04606b0d3fcdcc40a55f14a70184d350597d6f913a2880cfa9fbd45

C:\Windows\system\MMxKZBo.exe

MD5 6df1c645cd85618e2c8c8fae14c88177
SHA1 5b0bf4687486bb6ef022009172028facb4ae339e
SHA256 3ee71c4b842ce304f3d4d45e5b19a2723ad8016b8116c23f120e8e02ee8075a2
SHA512 b3ba51ad937b46f219ef18d8829c675dc25f9a42a94cd3a35298fed52469346789dc4af6d5d0c474d5fa4f926faeee4d2f6ec84d5c0781b2c96bdacbda6f4566

C:\Windows\system\DcnMJkF.exe

MD5 64a0e6b60bab00f8c052d8ec18dfee68
SHA1 40ed82edc39a3388b941ca4962793787408c80a9
SHA256 42cd1c4624ebe0e35ad2251cb392b6e10a802a1d6bc5e47037dd1b6cbd44e475
SHA512 ffae617f306ea7b99e7597119913f66d8d16f637d8ad2286e06a4aef269b8388b3b13d31de17c4af0a8eca9fe222fe473754453fc5cde3ff1e0c8f5ca2111841

C:\Windows\system\XlTLbUW.exe

MD5 42f18466d8def4ebddec5d0013ccb42d
SHA1 f61c5c7843e56ce7a1144722b88a053042597d22
SHA256 65fbeb6984a5e2cc855bc7e70cd2020c55d21e746b9d76a902fb3a517f7c001b
SHA512 9a4ab3b50185d7c4f35a926b02421852622b09833760844218c7e103aee44dec320ab898b876a4bca55a917126c57834dc1f38082890d4ef3292d8075b2bb35e

C:\Windows\system\PlegnqA.exe

MD5 fa89bd20296a905701df7c254e555c47
SHA1 fd39b509ac270ae79101a2c0492d0e8f1ead3f4d
SHA256 2d14f6ee77f660201f72db2c4fad3bfad6ee0f1087377ae7721e3c76ef454848
SHA512 740dda8605e1ffb3e7ce57319f93c6a384c9c402d1c9255d40cb9c5bae5c52cf141d6c56c2a11e4895167e4f63228c2f85d18fdd3ea5810dda4cbd7f3ebe9adc

memory/1772-13-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1772-1070-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/1772-1071-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1772-1072-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1772-1073-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1772-1074-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/1772-1075-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/1772-1076-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1772-1077-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1772-1078-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1772-1079-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/1772-1082-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/1772-1081-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1772-1083-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1772-1080-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/1772-1084-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2324-1085-0x000000013F500000-0x000000013F854000-memory.dmp

memory/3020-1086-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/3068-1087-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2652-1088-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2736-1089-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2460-1090-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/3008-1098-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2668-1097-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2568-1096-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2492-1095-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2608-1094-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2796-1093-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1712-1092-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/3036-1091-0x000000013FD60000-0x00000001400B4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:38

Reported

2024-06-04 01:42

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\hUogRRh.exe N/A
N/A N/A C:\Windows\System\CIxgooZ.exe N/A
N/A N/A C:\Windows\System\ydOLEJD.exe N/A
N/A N/A C:\Windows\System\UswzBCt.exe N/A
N/A N/A C:\Windows\System\rhwnqxv.exe N/A
N/A N/A C:\Windows\System\jMBJmDT.exe N/A
N/A N/A C:\Windows\System\LqVYZeM.exe N/A
N/A N/A C:\Windows\System\psEHYer.exe N/A
N/A N/A C:\Windows\System\FMfcpCy.exe N/A
N/A N/A C:\Windows\System\GfbnpSH.exe N/A
N/A N/A C:\Windows\System\BYlIEaR.exe N/A
N/A N/A C:\Windows\System\eLLnZGo.exe N/A
N/A N/A C:\Windows\System\oHmdqwb.exe N/A
N/A N/A C:\Windows\System\QJiUumT.exe N/A
N/A N/A C:\Windows\System\mVPRuei.exe N/A
N/A N/A C:\Windows\System\MmtBFkf.exe N/A
N/A N/A C:\Windows\System\gzTRxif.exe N/A
N/A N/A C:\Windows\System\cyeEoAt.exe N/A
N/A N/A C:\Windows\System\QnaHeHg.exe N/A
N/A N/A C:\Windows\System\dGOKYOt.exe N/A
N/A N/A C:\Windows\System\OHRcwin.exe N/A
N/A N/A C:\Windows\System\BgmOLPq.exe N/A
N/A N/A C:\Windows\System\GmgoOaY.exe N/A
N/A N/A C:\Windows\System\HxOOQSZ.exe N/A
N/A N/A C:\Windows\System\kjuAMyU.exe N/A
N/A N/A C:\Windows\System\vIMQBxn.exe N/A
N/A N/A C:\Windows\System\xcdSmrg.exe N/A
N/A N/A C:\Windows\System\aBIhehW.exe N/A
N/A N/A C:\Windows\System\pAtICFA.exe N/A
N/A N/A C:\Windows\System\UvLAEmO.exe N/A
N/A N/A C:\Windows\System\umfblKU.exe N/A
N/A N/A C:\Windows\System\yskWyhW.exe N/A
N/A N/A C:\Windows\System\lxMJTWU.exe N/A
N/A N/A C:\Windows\System\nvSQcJA.exe N/A
N/A N/A C:\Windows\System\rIpHKQC.exe N/A
N/A N/A C:\Windows\System\anFcUzX.exe N/A
N/A N/A C:\Windows\System\iSfHlaf.exe N/A
N/A N/A C:\Windows\System\MFUOtQs.exe N/A
N/A N/A C:\Windows\System\dlyeCZL.exe N/A
N/A N/A C:\Windows\System\qXXIfzd.exe N/A
N/A N/A C:\Windows\System\xIBPKcv.exe N/A
N/A N/A C:\Windows\System\FfOIkks.exe N/A
N/A N/A C:\Windows\System\klMsgzJ.exe N/A
N/A N/A C:\Windows\System\GhdSuen.exe N/A
N/A N/A C:\Windows\System\fxgXvsM.exe N/A
N/A N/A C:\Windows\System\KdNZFbv.exe N/A
N/A N/A C:\Windows\System\LiziLkp.exe N/A
N/A N/A C:\Windows\System\JHindOh.exe N/A
N/A N/A C:\Windows\System\OvfgqNM.exe N/A
N/A N/A C:\Windows\System\HjlLrDc.exe N/A
N/A N/A C:\Windows\System\UulfHkn.exe N/A
N/A N/A C:\Windows\System\dlWyfeJ.exe N/A
N/A N/A C:\Windows\System\ffahjJg.exe N/A
N/A N/A C:\Windows\System\AKVLxAB.exe N/A
N/A N/A C:\Windows\System\vhGcrQn.exe N/A
N/A N/A C:\Windows\System\JfKCCgX.exe N/A
N/A N/A C:\Windows\System\SsAnvsn.exe N/A
N/A N/A C:\Windows\System\MdYHCLk.exe N/A
N/A N/A C:\Windows\System\bmizxQc.exe N/A
N/A N/A C:\Windows\System\iFUoWwk.exe N/A
N/A N/A C:\Windows\System\UNIPCIA.exe N/A
N/A N/A C:\Windows\System\DwlLwgK.exe N/A
N/A N/A C:\Windows\System\PFXLATb.exe N/A
N/A N/A C:\Windows\System\lsSWJRT.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RlwXHRo.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqWTxtA.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRxWyyI.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZsxeZg.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBIhehW.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvSQcJA.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSzTOZN.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hatJNex.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NoJbPkl.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VeUCall.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJqgKCW.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNrepjt.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlJSreZ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GurzGKl.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgXqJgv.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzRNrMr.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDLHReO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMTYazc.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvLAEmO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KrTDbEe.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCLGtJT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ynFgzBz.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PttEqkc.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFmAZcP.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUUwfCf.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jMBJmDT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHindOh.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZQerOXG.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLpuwku.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZrjDRXB.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\auhlKQp.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hbaKzDk.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnLfxmC.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyEBESn.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JXVVbhO.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spcdRMS.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyxbHET.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgAVcHk.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFUOtQs.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfOIkks.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuWizEb.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJkzUgV.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NibgRPT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucNhDtj.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGPYdZr.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhwnqxv.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlWyfeJ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYZpoqj.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtqWLHu.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFUoWwk.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrjetto.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYYbINQ.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNyklSc.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmqtTMg.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzApnUE.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xcdSmrg.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxgXvsM.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RjYgirH.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JKaDgmT.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQsJkhD.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhwprii.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTvtavF.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEGJnLC.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGXILJS.exe C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1064 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\hUogRRh.exe
PID 1064 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\hUogRRh.exe
PID 1064 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CIxgooZ.exe
PID 1064 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\CIxgooZ.exe
PID 1064 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\ydOLEJD.exe
PID 1064 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\ydOLEJD.exe
PID 1064 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\UswzBCt.exe
PID 1064 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\UswzBCt.exe
PID 1064 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\jMBJmDT.exe
PID 1064 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\jMBJmDT.exe
PID 1064 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\rhwnqxv.exe
PID 1064 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\rhwnqxv.exe
PID 1064 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LqVYZeM.exe
PID 1064 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\LqVYZeM.exe
PID 1064 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\psEHYer.exe
PID 1064 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\psEHYer.exe
PID 1064 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\FMfcpCy.exe
PID 1064 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\FMfcpCy.exe
PID 1064 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\GfbnpSH.exe
PID 1064 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\GfbnpSH.exe
PID 1064 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\BYlIEaR.exe
PID 1064 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\BYlIEaR.exe
PID 1064 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\MmtBFkf.exe
PID 1064 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\MmtBFkf.exe
PID 1064 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\eLLnZGo.exe
PID 1064 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\eLLnZGo.exe
PID 1064 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\oHmdqwb.exe
PID 1064 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\oHmdqwb.exe
PID 1064 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QJiUumT.exe
PID 1064 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QJiUumT.exe
PID 1064 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\mVPRuei.exe
PID 1064 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\mVPRuei.exe
PID 1064 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\gzTRxif.exe
PID 1064 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\gzTRxif.exe
PID 1064 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\cyeEoAt.exe
PID 1064 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\cyeEoAt.exe
PID 1064 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QnaHeHg.exe
PID 1064 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\QnaHeHg.exe
PID 1064 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\dGOKYOt.exe
PID 1064 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\dGOKYOt.exe
PID 1064 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\OHRcwin.exe
PID 1064 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\OHRcwin.exe
PID 1064 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\BgmOLPq.exe
PID 1064 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\BgmOLPq.exe
PID 1064 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\GmgoOaY.exe
PID 1064 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\GmgoOaY.exe
PID 1064 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\HxOOQSZ.exe
PID 1064 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\HxOOQSZ.exe
PID 1064 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\kjuAMyU.exe
PID 1064 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\kjuAMyU.exe
PID 1064 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\vIMQBxn.exe
PID 1064 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\vIMQBxn.exe
PID 1064 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\xcdSmrg.exe
PID 1064 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\xcdSmrg.exe
PID 1064 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\aBIhehW.exe
PID 1064 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\aBIhehW.exe
PID 1064 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\pAtICFA.exe
PID 1064 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\pAtICFA.exe
PID 1064 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\UvLAEmO.exe
PID 1064 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\UvLAEmO.exe
PID 1064 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\umfblKU.exe
PID 1064 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\umfblKU.exe
PID 1064 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\yskWyhW.exe
PID 1064 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe C:\Windows\System\yskWyhW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1db0bd1555122b3578ee3fd6e99857a0_NeikiAnalytics.exe"

C:\Windows\System\hUogRRh.exe

C:\Windows\System\hUogRRh.exe

C:\Windows\System\CIxgooZ.exe

C:\Windows\System\CIxgooZ.exe

C:\Windows\System\ydOLEJD.exe

C:\Windows\System\ydOLEJD.exe

C:\Windows\System\UswzBCt.exe

C:\Windows\System\UswzBCt.exe

C:\Windows\System\jMBJmDT.exe

C:\Windows\System\jMBJmDT.exe

C:\Windows\System\rhwnqxv.exe

C:\Windows\System\rhwnqxv.exe

C:\Windows\System\LqVYZeM.exe

C:\Windows\System\LqVYZeM.exe

C:\Windows\System\psEHYer.exe

C:\Windows\System\psEHYer.exe

C:\Windows\System\FMfcpCy.exe

C:\Windows\System\FMfcpCy.exe

C:\Windows\System\GfbnpSH.exe

C:\Windows\System\GfbnpSH.exe

C:\Windows\System\BYlIEaR.exe

C:\Windows\System\BYlIEaR.exe

C:\Windows\System\MmtBFkf.exe

C:\Windows\System\MmtBFkf.exe

C:\Windows\System\eLLnZGo.exe

C:\Windows\System\eLLnZGo.exe

C:\Windows\System\oHmdqwb.exe

C:\Windows\System\oHmdqwb.exe

C:\Windows\System\QJiUumT.exe

C:\Windows\System\QJiUumT.exe

C:\Windows\System\mVPRuei.exe

C:\Windows\System\mVPRuei.exe

C:\Windows\System\gzTRxif.exe

C:\Windows\System\gzTRxif.exe

C:\Windows\System\cyeEoAt.exe

C:\Windows\System\cyeEoAt.exe

C:\Windows\System\QnaHeHg.exe

C:\Windows\System\QnaHeHg.exe

C:\Windows\System\dGOKYOt.exe

C:\Windows\System\dGOKYOt.exe

C:\Windows\System\OHRcwin.exe

C:\Windows\System\OHRcwin.exe

C:\Windows\System\BgmOLPq.exe

C:\Windows\System\BgmOLPq.exe

C:\Windows\System\GmgoOaY.exe

C:\Windows\System\GmgoOaY.exe

C:\Windows\System\HxOOQSZ.exe

C:\Windows\System\HxOOQSZ.exe

C:\Windows\System\kjuAMyU.exe

C:\Windows\System\kjuAMyU.exe

C:\Windows\System\vIMQBxn.exe

C:\Windows\System\vIMQBxn.exe

C:\Windows\System\xcdSmrg.exe

C:\Windows\System\xcdSmrg.exe

C:\Windows\System\aBIhehW.exe

C:\Windows\System\aBIhehW.exe

C:\Windows\System\pAtICFA.exe

C:\Windows\System\pAtICFA.exe

C:\Windows\System\UvLAEmO.exe

C:\Windows\System\UvLAEmO.exe

C:\Windows\System\umfblKU.exe

C:\Windows\System\umfblKU.exe

C:\Windows\System\yskWyhW.exe

C:\Windows\System\yskWyhW.exe

C:\Windows\System\lxMJTWU.exe

C:\Windows\System\lxMJTWU.exe

C:\Windows\System\nvSQcJA.exe

C:\Windows\System\nvSQcJA.exe

C:\Windows\System\rIpHKQC.exe

C:\Windows\System\rIpHKQC.exe

C:\Windows\System\anFcUzX.exe

C:\Windows\System\anFcUzX.exe

C:\Windows\System\iSfHlaf.exe

C:\Windows\System\iSfHlaf.exe

C:\Windows\System\MFUOtQs.exe

C:\Windows\System\MFUOtQs.exe

C:\Windows\System\dlyeCZL.exe

C:\Windows\System\dlyeCZL.exe

C:\Windows\System\qXXIfzd.exe

C:\Windows\System\qXXIfzd.exe

C:\Windows\System\xIBPKcv.exe

C:\Windows\System\xIBPKcv.exe

C:\Windows\System\FfOIkks.exe

C:\Windows\System\FfOIkks.exe

C:\Windows\System\klMsgzJ.exe

C:\Windows\System\klMsgzJ.exe

C:\Windows\System\GhdSuen.exe

C:\Windows\System\GhdSuen.exe

C:\Windows\System\fxgXvsM.exe

C:\Windows\System\fxgXvsM.exe

C:\Windows\System\KdNZFbv.exe

C:\Windows\System\KdNZFbv.exe

C:\Windows\System\LiziLkp.exe

C:\Windows\System\LiziLkp.exe

C:\Windows\System\JHindOh.exe

C:\Windows\System\JHindOh.exe

C:\Windows\System\OvfgqNM.exe

C:\Windows\System\OvfgqNM.exe

C:\Windows\System\HjlLrDc.exe

C:\Windows\System\HjlLrDc.exe

C:\Windows\System\UulfHkn.exe

C:\Windows\System\UulfHkn.exe

C:\Windows\System\dlWyfeJ.exe

C:\Windows\System\dlWyfeJ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8

C:\Windows\System\ffahjJg.exe

C:\Windows\System\ffahjJg.exe

C:\Windows\System\AKVLxAB.exe

C:\Windows\System\AKVLxAB.exe

C:\Windows\System\vhGcrQn.exe

C:\Windows\System\vhGcrQn.exe

C:\Windows\System\JfKCCgX.exe

C:\Windows\System\JfKCCgX.exe

C:\Windows\System\SsAnvsn.exe

C:\Windows\System\SsAnvsn.exe

C:\Windows\System\MdYHCLk.exe

C:\Windows\System\MdYHCLk.exe

C:\Windows\System\bmizxQc.exe

C:\Windows\System\bmizxQc.exe

C:\Windows\System\iFUoWwk.exe

C:\Windows\System\iFUoWwk.exe

C:\Windows\System\UNIPCIA.exe

C:\Windows\System\UNIPCIA.exe

C:\Windows\System\DwlLwgK.exe

C:\Windows\System\DwlLwgK.exe

C:\Windows\System\PFXLATb.exe

C:\Windows\System\PFXLATb.exe

C:\Windows\System\lsSWJRT.exe

C:\Windows\System\lsSWJRT.exe

C:\Windows\System\RlwXHRo.exe

C:\Windows\System\RlwXHRo.exe

C:\Windows\System\RjYgirH.exe

C:\Windows\System\RjYgirH.exe

C:\Windows\System\ZQerOXG.exe

C:\Windows\System\ZQerOXG.exe

C:\Windows\System\cggKVig.exe

C:\Windows\System\cggKVig.exe

C:\Windows\System\gEHwVvS.exe

C:\Windows\System\gEHwVvS.exe

C:\Windows\System\FzIaysu.exe

C:\Windows\System\FzIaysu.exe

C:\Windows\System\pSdcnth.exe

C:\Windows\System\pSdcnth.exe

C:\Windows\System\ZaQTaOu.exe

C:\Windows\System\ZaQTaOu.exe

C:\Windows\System\usYDcMJ.exe

C:\Windows\System\usYDcMJ.exe

C:\Windows\System\yCtxhHb.exe

C:\Windows\System\yCtxhHb.exe

C:\Windows\System\TiuWtSr.exe

C:\Windows\System\TiuWtSr.exe

C:\Windows\System\HafkYJD.exe

C:\Windows\System\HafkYJD.exe

C:\Windows\System\VRZSzPp.exe

C:\Windows\System\VRZSzPp.exe

C:\Windows\System\iHKYSJw.exe

C:\Windows\System\iHKYSJw.exe

C:\Windows\System\JqafzeB.exe

C:\Windows\System\JqafzeB.exe

C:\Windows\System\DIaRKWi.exe

C:\Windows\System\DIaRKWi.exe

C:\Windows\System\yXkudYk.exe

C:\Windows\System\yXkudYk.exe

C:\Windows\System\YICYIkB.exe

C:\Windows\System\YICYIkB.exe

C:\Windows\System\LLpuwku.exe

C:\Windows\System\LLpuwku.exe

C:\Windows\System\YYZpoqj.exe

C:\Windows\System\YYZpoqj.exe

C:\Windows\System\jcnCYqj.exe

C:\Windows\System\jcnCYqj.exe

C:\Windows\System\kuafRFL.exe

C:\Windows\System\kuafRFL.exe

C:\Windows\System\mTZHWtr.exe

C:\Windows\System\mTZHWtr.exe

C:\Windows\System\MtnCRyW.exe

C:\Windows\System\MtnCRyW.exe

C:\Windows\System\EgNHmTx.exe

C:\Windows\System\EgNHmTx.exe

C:\Windows\System\SewMYnl.exe

C:\Windows\System\SewMYnl.exe

C:\Windows\System\OtIBDpB.exe

C:\Windows\System\OtIBDpB.exe

C:\Windows\System\XZwosyk.exe

C:\Windows\System\XZwosyk.exe

C:\Windows\System\ywskqaL.exe

C:\Windows\System\ywskqaL.exe

C:\Windows\System\lAZWkXu.exe

C:\Windows\System\lAZWkXu.exe

C:\Windows\System\FjnMoQr.exe

C:\Windows\System\FjnMoQr.exe

C:\Windows\System\joHEIoz.exe

C:\Windows\System\joHEIoz.exe

C:\Windows\System\evgCDUo.exe

C:\Windows\System\evgCDUo.exe

C:\Windows\System\YhNjFDD.exe

C:\Windows\System\YhNjFDD.exe

C:\Windows\System\kiWerOS.exe

C:\Windows\System\kiWerOS.exe

C:\Windows\System\qlEyWxG.exe

C:\Windows\System\qlEyWxG.exe

C:\Windows\System\ZrjDRXB.exe

C:\Windows\System\ZrjDRXB.exe

C:\Windows\System\roMTfeM.exe

C:\Windows\System\roMTfeM.exe

C:\Windows\System\Fgrighv.exe

C:\Windows\System\Fgrighv.exe

C:\Windows\System\HnLfxmC.exe

C:\Windows\System\HnLfxmC.exe

C:\Windows\System\FEgiRPQ.exe

C:\Windows\System\FEgiRPQ.exe

C:\Windows\System\JKaDgmT.exe

C:\Windows\System\JKaDgmT.exe

C:\Windows\System\KrTDbEe.exe

C:\Windows\System\KrTDbEe.exe

C:\Windows\System\HgVGldt.exe

C:\Windows\System\HgVGldt.exe

C:\Windows\System\fZOhDki.exe

C:\Windows\System\fZOhDki.exe

C:\Windows\System\zxzYSxj.exe

C:\Windows\System\zxzYSxj.exe

C:\Windows\System\BAGXODw.exe

C:\Windows\System\BAGXODw.exe

C:\Windows\System\GurzGKl.exe

C:\Windows\System\GurzGKl.exe

C:\Windows\System\QhnnXWR.exe

C:\Windows\System\QhnnXWR.exe

C:\Windows\System\NoVPKyc.exe

C:\Windows\System\NoVPKyc.exe

C:\Windows\System\VQsJkhD.exe

C:\Windows\System\VQsJkhD.exe

C:\Windows\System\JZYXssz.exe

C:\Windows\System\JZYXssz.exe

C:\Windows\System\wdysEXz.exe

C:\Windows\System\wdysEXz.exe

C:\Windows\System\sJJfxBy.exe

C:\Windows\System\sJJfxBy.exe

C:\Windows\System\iUtXPfg.exe

C:\Windows\System\iUtXPfg.exe

C:\Windows\System\MpMWmMR.exe

C:\Windows\System\MpMWmMR.exe

C:\Windows\System\pBoKVHi.exe

C:\Windows\System\pBoKVHi.exe

C:\Windows\System\fvqPSDi.exe

C:\Windows\System\fvqPSDi.exe

C:\Windows\System\UXMDvLI.exe

C:\Windows\System\UXMDvLI.exe

C:\Windows\System\uxCGoKZ.exe

C:\Windows\System\uxCGoKZ.exe

C:\Windows\System\yrjetto.exe

C:\Windows\System\yrjetto.exe

C:\Windows\System\SFQNIVd.exe

C:\Windows\System\SFQNIVd.exe

C:\Windows\System\TMqOJcX.exe

C:\Windows\System\TMqOJcX.exe

C:\Windows\System\CQPqvWH.exe

C:\Windows\System\CQPqvWH.exe

C:\Windows\System\XYYbINQ.exe

C:\Windows\System\XYYbINQ.exe

C:\Windows\System\jgXqJgv.exe

C:\Windows\System\jgXqJgv.exe

C:\Windows\System\ItaRGNr.exe

C:\Windows\System\ItaRGNr.exe

C:\Windows\System\BwXSoKk.exe

C:\Windows\System\BwXSoKk.exe

C:\Windows\System\HNyklSc.exe

C:\Windows\System\HNyklSc.exe

C:\Windows\System\QQLhWca.exe

C:\Windows\System\QQLhWca.exe

C:\Windows\System\oNYgoJP.exe

C:\Windows\System\oNYgoJP.exe

C:\Windows\System\EBYorBQ.exe

C:\Windows\System\EBYorBQ.exe

C:\Windows\System\NoJbPkl.exe

C:\Windows\System\NoJbPkl.exe

C:\Windows\System\yNoNKic.exe

C:\Windows\System\yNoNKic.exe

C:\Windows\System\xtkqIhc.exe

C:\Windows\System\xtkqIhc.exe

C:\Windows\System\PoFULsf.exe

C:\Windows\System\PoFULsf.exe

C:\Windows\System\zrIYOaV.exe

C:\Windows\System\zrIYOaV.exe

C:\Windows\System\yLdnzPX.exe

C:\Windows\System\yLdnzPX.exe

C:\Windows\System\UjvKUbw.exe

C:\Windows\System\UjvKUbw.exe

C:\Windows\System\frJKoQF.exe

C:\Windows\System\frJKoQF.exe

C:\Windows\System\Rnonsbl.exe

C:\Windows\System\Rnonsbl.exe

C:\Windows\System\ZrqTeqn.exe

C:\Windows\System\ZrqTeqn.exe

C:\Windows\System\OkRqUkf.exe

C:\Windows\System\OkRqUkf.exe

C:\Windows\System\YCCwHiG.exe

C:\Windows\System\YCCwHiG.exe

C:\Windows\System\TvuiKQV.exe

C:\Windows\System\TvuiKQV.exe

C:\Windows\System\pmqtTMg.exe

C:\Windows\System\pmqtTMg.exe

C:\Windows\System\YuWizEb.exe

C:\Windows\System\YuWizEb.exe

C:\Windows\System\dfdEUap.exe

C:\Windows\System\dfdEUap.exe

C:\Windows\System\ZQfqYSn.exe

C:\Windows\System\ZQfqYSn.exe

C:\Windows\System\JhINYlm.exe

C:\Windows\System\JhINYlm.exe

C:\Windows\System\rYwipiQ.exe

C:\Windows\System\rYwipiQ.exe

C:\Windows\System\alTCKUz.exe

C:\Windows\System\alTCKUz.exe

C:\Windows\System\tpQdzWs.exe

C:\Windows\System\tpQdzWs.exe

C:\Windows\System\XAmAzsO.exe

C:\Windows\System\XAmAzsO.exe

C:\Windows\System\pzRNrMr.exe

C:\Windows\System\pzRNrMr.exe

C:\Windows\System\oxfRTaj.exe

C:\Windows\System\oxfRTaj.exe

C:\Windows\System\QULUuIF.exe

C:\Windows\System\QULUuIF.exe

C:\Windows\System\MsRxLpU.exe

C:\Windows\System\MsRxLpU.exe

C:\Windows\System\cdvwuDF.exe

C:\Windows\System\cdvwuDF.exe

C:\Windows\System\saKLDoy.exe

C:\Windows\System\saKLDoy.exe

C:\Windows\System\locACUC.exe

C:\Windows\System\locACUC.exe

C:\Windows\System\zraYNlU.exe

C:\Windows\System\zraYNlU.exe

C:\Windows\System\fDLHReO.exe

C:\Windows\System\fDLHReO.exe

C:\Windows\System\fJkzUgV.exe

C:\Windows\System\fJkzUgV.exe

C:\Windows\System\jjKGnDG.exe

C:\Windows\System\jjKGnDG.exe

C:\Windows\System\prfAiYs.exe

C:\Windows\System\prfAiYs.exe

C:\Windows\System\vbnXuVi.exe

C:\Windows\System\vbnXuVi.exe

C:\Windows\System\yCHqEkU.exe

C:\Windows\System\yCHqEkU.exe

C:\Windows\System\DfZpJcQ.exe

C:\Windows\System\DfZpJcQ.exe

C:\Windows\System\GsLoasY.exe

C:\Windows\System\GsLoasY.exe

C:\Windows\System\NibgRPT.exe

C:\Windows\System\NibgRPT.exe

C:\Windows\System\uyEBESn.exe

C:\Windows\System\uyEBESn.exe

C:\Windows\System\QyKqkkP.exe

C:\Windows\System\QyKqkkP.exe

C:\Windows\System\PttEqkc.exe

C:\Windows\System\PttEqkc.exe

C:\Windows\System\JXVVbhO.exe

C:\Windows\System\JXVVbhO.exe

C:\Windows\System\OkxBKMC.exe

C:\Windows\System\OkxBKMC.exe

C:\Windows\System\VcXBuHx.exe

C:\Windows\System\VcXBuHx.exe

C:\Windows\System\dQUGMOc.exe

C:\Windows\System\dQUGMOc.exe

C:\Windows\System\LXPPogu.exe

C:\Windows\System\LXPPogu.exe

C:\Windows\System\bJOfvzG.exe

C:\Windows\System\bJOfvzG.exe

C:\Windows\System\xhwprii.exe

C:\Windows\System\xhwprii.exe

C:\Windows\System\mbFGjix.exe

C:\Windows\System\mbFGjix.exe

C:\Windows\System\QaSOKKy.exe

C:\Windows\System\QaSOKKy.exe

C:\Windows\System\XoelChq.exe

C:\Windows\System\XoelChq.exe

C:\Windows\System\gCLGtJT.exe

C:\Windows\System\gCLGtJT.exe

C:\Windows\System\HlaTbYb.exe

C:\Windows\System\HlaTbYb.exe

C:\Windows\System\AxAxaGg.exe

C:\Windows\System\AxAxaGg.exe

C:\Windows\System\GZNjvNi.exe

C:\Windows\System\GZNjvNi.exe

C:\Windows\System\uPhmxzp.exe

C:\Windows\System\uPhmxzp.exe

C:\Windows\System\NSXeeNS.exe

C:\Windows\System\NSXeeNS.exe

C:\Windows\System\Orwmryz.exe

C:\Windows\System\Orwmryz.exe

C:\Windows\System\gzJNgcE.exe

C:\Windows\System\gzJNgcE.exe

C:\Windows\System\rIpXrYM.exe

C:\Windows\System\rIpXrYM.exe

C:\Windows\System\KIYwNiP.exe

C:\Windows\System\KIYwNiP.exe

C:\Windows\System\VyBVefJ.exe

C:\Windows\System\VyBVefJ.exe

C:\Windows\System\mlugxKY.exe

C:\Windows\System\mlugxKY.exe

C:\Windows\System\OSzTOZN.exe

C:\Windows\System\OSzTOZN.exe

C:\Windows\System\iOHjNJR.exe

C:\Windows\System\iOHjNJR.exe

C:\Windows\System\OFmAZcP.exe

C:\Windows\System\OFmAZcP.exe

C:\Windows\System\pSljhJp.exe

C:\Windows\System\pSljhJp.exe

C:\Windows\System\YzTXWhD.exe

C:\Windows\System\YzTXWhD.exe

C:\Windows\System\QtqWLHu.exe

C:\Windows\System\QtqWLHu.exe

C:\Windows\System\wmURFuk.exe

C:\Windows\System\wmURFuk.exe

C:\Windows\System\ucNhDtj.exe

C:\Windows\System\ucNhDtj.exe

C:\Windows\System\JZScHff.exe

C:\Windows\System\JZScHff.exe

C:\Windows\System\gjvPNkP.exe

C:\Windows\System\gjvPNkP.exe

C:\Windows\System\EmiFmUH.exe

C:\Windows\System\EmiFmUH.exe

C:\Windows\System\zyyEDQZ.exe

C:\Windows\System\zyyEDQZ.exe

C:\Windows\System\sLuFtmy.exe

C:\Windows\System\sLuFtmy.exe

C:\Windows\System\oiMqIoe.exe

C:\Windows\System\oiMqIoe.exe

C:\Windows\System\vRdueZH.exe

C:\Windows\System\vRdueZH.exe

C:\Windows\System\RJvpIsv.exe

C:\Windows\System\RJvpIsv.exe

C:\Windows\System\oTvtavF.exe

C:\Windows\System\oTvtavF.exe

C:\Windows\System\zhiJvuZ.exe

C:\Windows\System\zhiJvuZ.exe

C:\Windows\System\DHlKxGy.exe

C:\Windows\System\DHlKxGy.exe

C:\Windows\System\asFRUnS.exe

C:\Windows\System\asFRUnS.exe

C:\Windows\System\RzwtaeQ.exe

C:\Windows\System\RzwtaeQ.exe

C:\Windows\System\nctaODU.exe

C:\Windows\System\nctaODU.exe

C:\Windows\System\nueeKYQ.exe

C:\Windows\System\nueeKYQ.exe

C:\Windows\System\lSrgAnV.exe

C:\Windows\System\lSrgAnV.exe

C:\Windows\System\spcdRMS.exe

C:\Windows\System\spcdRMS.exe

C:\Windows\System\rlVILxB.exe

C:\Windows\System\rlVILxB.exe

C:\Windows\System\YNhXOgS.exe

C:\Windows\System\YNhXOgS.exe

C:\Windows\System\cGPYdZr.exe

C:\Windows\System\cGPYdZr.exe

C:\Windows\System\UvpMZfy.exe

C:\Windows\System\UvpMZfy.exe

C:\Windows\System\JITOuZa.exe

C:\Windows\System\JITOuZa.exe

C:\Windows\System\PgOvOoz.exe

C:\Windows\System\PgOvOoz.exe

C:\Windows\System\kAlylaq.exe

C:\Windows\System\kAlylaq.exe

C:\Windows\System\TZSiykx.exe

C:\Windows\System\TZSiykx.exe

C:\Windows\System\skEnSck.exe

C:\Windows\System\skEnSck.exe

C:\Windows\System\pHEqoBU.exe

C:\Windows\System\pHEqoBU.exe

C:\Windows\System\PkJNOlc.exe

C:\Windows\System\PkJNOlc.exe

C:\Windows\System\OJUwNSD.exe

C:\Windows\System\OJUwNSD.exe

C:\Windows\System\TiaTWYl.exe

C:\Windows\System\TiaTWYl.exe

C:\Windows\System\GrPhwsH.exe

C:\Windows\System\GrPhwsH.exe

C:\Windows\System\xLHmNRA.exe

C:\Windows\System\xLHmNRA.exe

C:\Windows\System\NyoloGR.exe

C:\Windows\System\NyoloGR.exe

C:\Windows\System\hIPQQFZ.exe

C:\Windows\System\hIPQQFZ.exe

C:\Windows\System\RQtXowr.exe

C:\Windows\System\RQtXowr.exe

C:\Windows\System\pewurAi.exe

C:\Windows\System\pewurAi.exe

C:\Windows\System\tcBATmB.exe

C:\Windows\System\tcBATmB.exe

C:\Windows\System\lFhRbsK.exe

C:\Windows\System\lFhRbsK.exe

C:\Windows\System\ZGDPTlN.exe

C:\Windows\System\ZGDPTlN.exe

C:\Windows\System\VeUCall.exe

C:\Windows\System\VeUCall.exe

C:\Windows\System\PYtgETX.exe

C:\Windows\System\PYtgETX.exe

C:\Windows\System\obhnKMA.exe

C:\Windows\System\obhnKMA.exe

C:\Windows\System\YeEWHkI.exe

C:\Windows\System\YeEWHkI.exe

C:\Windows\System\ynFgzBz.exe

C:\Windows\System\ynFgzBz.exe

C:\Windows\System\dzApnUE.exe

C:\Windows\System\dzApnUE.exe

C:\Windows\System\mcuuOTT.exe

C:\Windows\System\mcuuOTT.exe

C:\Windows\System\KWAAHZB.exe

C:\Windows\System\KWAAHZB.exe

C:\Windows\System\zcoLFIb.exe

C:\Windows\System\zcoLFIb.exe

C:\Windows\System\PZWhNev.exe

C:\Windows\System\PZWhNev.exe

C:\Windows\System\OxHBtlc.exe

C:\Windows\System\OxHBtlc.exe

C:\Windows\System\MJqgKCW.exe

C:\Windows\System\MJqgKCW.exe

C:\Windows\System\wcltKrR.exe

C:\Windows\System\wcltKrR.exe

C:\Windows\System\avBUbVv.exe

C:\Windows\System\avBUbVv.exe

C:\Windows\System\MLkkkhE.exe

C:\Windows\System\MLkkkhE.exe

C:\Windows\System\oPFJexs.exe

C:\Windows\System\oPFJexs.exe

C:\Windows\System\kWDecPP.exe

C:\Windows\System\kWDecPP.exe

C:\Windows\System\EMBbgDS.exe

C:\Windows\System\EMBbgDS.exe

C:\Windows\System\JAfMGso.exe

C:\Windows\System\JAfMGso.exe

C:\Windows\System\bOxArVF.exe

C:\Windows\System\bOxArVF.exe

C:\Windows\System\NHjrfuu.exe

C:\Windows\System\NHjrfuu.exe

C:\Windows\System\pEqEUPg.exe

C:\Windows\System\pEqEUPg.exe

C:\Windows\System\nzuBOHZ.exe

C:\Windows\System\nzuBOHZ.exe

C:\Windows\System\aBfNpVA.exe

C:\Windows\System\aBfNpVA.exe

C:\Windows\System\yVejAin.exe

C:\Windows\System\yVejAin.exe

C:\Windows\System\UzvZNhB.exe

C:\Windows\System\UzvZNhB.exe

C:\Windows\System\gAQOSJe.exe

C:\Windows\System\gAQOSJe.exe

C:\Windows\System\VNrepjt.exe

C:\Windows\System\VNrepjt.exe

C:\Windows\System\nGNnRLd.exe

C:\Windows\System\nGNnRLd.exe

C:\Windows\System\QEGJnLC.exe

C:\Windows\System\QEGJnLC.exe

C:\Windows\System\EdsgFhM.exe

C:\Windows\System\EdsgFhM.exe

C:\Windows\System\kqqlujs.exe

C:\Windows\System\kqqlujs.exe

C:\Windows\System\xImjaSQ.exe

C:\Windows\System\xImjaSQ.exe

C:\Windows\System\tOygDkw.exe

C:\Windows\System\tOygDkw.exe

C:\Windows\System\RyDLSOL.exe

C:\Windows\System\RyDLSOL.exe

C:\Windows\System\bXuTPeP.exe

C:\Windows\System\bXuTPeP.exe

C:\Windows\System\sZRMdgm.exe

C:\Windows\System\sZRMdgm.exe

C:\Windows\System\kyxbHET.exe

C:\Windows\System\kyxbHET.exe

C:\Windows\System\pOuZBXt.exe

C:\Windows\System\pOuZBXt.exe

C:\Windows\System\uYiYsGx.exe

C:\Windows\System\uYiYsGx.exe

C:\Windows\System\lZcxGbh.exe

C:\Windows\System\lZcxGbh.exe

C:\Windows\System\apfmvCL.exe

C:\Windows\System\apfmvCL.exe

C:\Windows\System\bmtBYVM.exe

C:\Windows\System\bmtBYVM.exe

C:\Windows\System\IbnhHDS.exe

C:\Windows\System\IbnhHDS.exe

C:\Windows\System\dlyqpCA.exe

C:\Windows\System\dlyqpCA.exe

C:\Windows\System\XjEaeiY.exe

C:\Windows\System\XjEaeiY.exe

C:\Windows\System\sVmjniT.exe

C:\Windows\System\sVmjniT.exe

C:\Windows\System\EMTYazc.exe

C:\Windows\System\EMTYazc.exe

C:\Windows\System\XrcrzOr.exe

C:\Windows\System\XrcrzOr.exe

C:\Windows\System\EGRmMns.exe

C:\Windows\System\EGRmMns.exe

C:\Windows\System\veyVjEq.exe

C:\Windows\System\veyVjEq.exe

C:\Windows\System\KhBEngS.exe

C:\Windows\System\KhBEngS.exe

C:\Windows\System\BgAVcHk.exe

C:\Windows\System\BgAVcHk.exe

C:\Windows\System\BoEAmTu.exe

C:\Windows\System\BoEAmTu.exe

C:\Windows\System\RMraVRz.exe

C:\Windows\System\RMraVRz.exe

C:\Windows\System\NfNrmiP.exe

C:\Windows\System\NfNrmiP.exe

C:\Windows\System\shWYSDj.exe

C:\Windows\System\shWYSDj.exe

C:\Windows\System\sBIhBSA.exe

C:\Windows\System\sBIhBSA.exe

C:\Windows\System\msgOUWe.exe

C:\Windows\System\msgOUWe.exe

C:\Windows\System\dmTPiPf.exe

C:\Windows\System\dmTPiPf.exe

C:\Windows\System\CvygLqv.exe

C:\Windows\System\CvygLqv.exe

C:\Windows\System\oFbKBxY.exe

C:\Windows\System\oFbKBxY.exe

C:\Windows\System\auhlKQp.exe

C:\Windows\System\auhlKQp.exe

C:\Windows\System\hbaKzDk.exe

C:\Windows\System\hbaKzDk.exe

C:\Windows\System\PUUwfCf.exe

C:\Windows\System\PUUwfCf.exe

C:\Windows\System\aqWTxtA.exe

C:\Windows\System\aqWTxtA.exe

C:\Windows\System\qlJSreZ.exe

C:\Windows\System\qlJSreZ.exe

C:\Windows\System\onwtNtP.exe

C:\Windows\System\onwtNtP.exe

C:\Windows\System\XQqGIqS.exe

C:\Windows\System\XQqGIqS.exe

C:\Windows\System\KRxWyyI.exe

C:\Windows\System\KRxWyyI.exe

C:\Windows\System\HOlIYfT.exe

C:\Windows\System\HOlIYfT.exe

C:\Windows\System\qGXILJS.exe

C:\Windows\System\qGXILJS.exe

C:\Windows\System\vbXNYiv.exe

C:\Windows\System\vbXNYiv.exe

C:\Windows\System\hatJNex.exe

C:\Windows\System\hatJNex.exe

C:\Windows\System\gNwxZsc.exe

C:\Windows\System\gNwxZsc.exe

C:\Windows\System\BZsxeZg.exe

C:\Windows\System\BZsxeZg.exe

C:\Windows\System\TlnUpnL.exe

C:\Windows\System\TlnUpnL.exe

C:\Windows\System\gYtftqp.exe

C:\Windows\System\gYtftqp.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 90.242.123.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/1064-0-0x00007FF690740000-0x00007FF690A94000-memory.dmp

C:\Windows\System\UswzBCt.exe

MD5 ba566b9f2ad70899876e6f7a213a7c96
SHA1 23c7f80960a3e38f64f136296043e4b19a950668
SHA256 9dadaa59bcc9042d2678ffeae2da713b7116e414e2f88f497369236661ffa1bc
SHA512 e22ab3c0eb1c729cc2dd63f576922a67c450740e046dd1bdfd4ba37fbdb086759b042a7891daa0222e07f028d548cbe267c58a25872da0c0241055f4aec1049b

memory/1536-55-0x00007FF7CEC00000-0x00007FF7CEF54000-memory.dmp

memory/4948-76-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

C:\Windows\System\cyeEoAt.exe

MD5 5d0b3f948eec0e8cfecd8212d3db0bc6
SHA1 bbfca9bfa7b44febf6a7c56a5383cb0e4cd2978e
SHA256 e41aa699da5e92e8434003d669109ba1ed08c9fb2d08ced66024185a8cb5eec6
SHA512 54cc4c935c4ee7839eb3965c762ee4ed8df8485ed67045285d6f19bfac624b0b98fa822efbab12f28d92635941fd0835a867ad6e961cd6fc72f8dbba8b6727d2

C:\Windows\System\GmgoOaY.exe

MD5 d336ec92a5bf9ed28339d3f8250bdc34
SHA1 d0b82e2d3e93678efb9f07b38232a03cc0315481
SHA256 9306c346015a4779cbe7e4f0f8756742c432b17b9dd31fe7f8a9e692f4c40859
SHA512 85feabb85f4e7ca2ddce35edde07c0fff896138969df515592860abe1c7c816b9edbd5cb48e7ea05903f72fe746a99ff296db52ca2a835bd2ff03a1cb58aced7

C:\Windows\System\QnaHeHg.exe

MD5 25ca6ca74f7a44a971e8b02e4aed4781
SHA1 f02d285167113eda73ee133ccf0ad308238eec3d
SHA256 abf85dda3362021b49e07acc4c167870c93e509784273a77ac16e6861189bcf3
SHA512 fd72ed7e94bfd4571e3f86d24b8e16faddaf30fde8bda6263a598ae3f4e2334aa92bfbddf287ac6a3e578174fda79d13cdc90ec659aa24498483d95c09b67a18

C:\Windows\System\HxOOQSZ.exe

MD5 ac3fc41f7ef1c5d4dd85b376a672eedc
SHA1 9a6cac2089aabb621becd0060f95304dc05be9fe
SHA256 7c0e0f3b514a8e91d8d8c1d69de6d3edb66d0ea000824f32a2a20f1333cb1d78
SHA512 2047283541481851671fdf44712f554b6322b71aa96db33efd9a850cf7b5cab49863f6c2af575ee7afe51b919867243c5bb4d0291cde3634c60dfa749be872f7

C:\Windows\System\aBIhehW.exe

MD5 1916eedc75bd3cac79a8e539c07253e8
SHA1 f619cd6ec2bb12cd662e6a3ec1e7cec4f0813194
SHA256 125e8e30c1f33b2c0b05a74ad217d0afe3a54d8dfcce25ff0734053d0b0a34f6
SHA512 b808044ffd1e6a3b2e054d62397f5ae59367fb86cf24b650c16286fc108701109814fd19ddaa1c1c8f4c9842fb8e3b2029728f774d2c0688be9d6cb90ac57e1a

memory/868-177-0x00007FF7394E0000-0x00007FF739834000-memory.dmp

memory/5048-182-0x00007FF696F10000-0x00007FF697264000-memory.dmp

memory/5064-187-0x00007FF7D44E0000-0x00007FF7D4834000-memory.dmp

memory/3792-190-0x00007FF739410000-0x00007FF739764000-memory.dmp

memory/2876-189-0x00007FF6B0BE0000-0x00007FF6B0F34000-memory.dmp

memory/4092-188-0x00007FF725770000-0x00007FF725AC4000-memory.dmp

memory/2764-186-0x00007FF6DBA50000-0x00007FF6DBDA4000-memory.dmp

memory/2892-185-0x00007FF6A46D0000-0x00007FF6A4A24000-memory.dmp

memory/3744-184-0x00007FF705D00000-0x00007FF706054000-memory.dmp

memory/3740-183-0x00007FF7E9740000-0x00007FF7E9A94000-memory.dmp

memory/3012-181-0x00007FF7332B0000-0x00007FF733604000-memory.dmp

memory/4932-180-0x00007FF7C8060000-0x00007FF7C83B4000-memory.dmp

memory/4628-179-0x00007FF775010000-0x00007FF775364000-memory.dmp

memory/2452-178-0x00007FF730900000-0x00007FF730C54000-memory.dmp

C:\Windows\System\yskWyhW.exe

MD5 12c06a4134b3c5066a6ccb748afb5171
SHA1 0e923e4e2453413593a2c467eb43e742d91b7646
SHA256 d6485143dc74063c244036768c7c87ff949ae835d12ad2bb7a2575a3d0ea0fe1
SHA512 a55b5c2ec294fd229b6823c70108c0bfc132a26678e7eab5ac79f2bca72e1f2d5aed0404e459f4afcd81e70045a552ce764a37952cba81cf20b9795cd92bd472

memory/3276-174-0x00007FF63E2B0000-0x00007FF63E604000-memory.dmp

C:\Windows\System\umfblKU.exe

MD5 6fe5429b08195bfe893436271c7dc03c
SHA1 4508910b86dec6dfd31894586a9e88cf647946fb
SHA256 06414cef71cd7ff8ef9657a504cb382771331a0ce0c711389ae4f4ab7ad9bcbc
SHA512 c8db50ada1ef5de03bbac955b9cdafd90ab6a517c71f541cc3e949b8039e419a43a9800a5feafc4e58aa17803c59b8117a4de07df29002f9373f99b46aff37b5

C:\Windows\System\UvLAEmO.exe

MD5 4a54e6f70739038b6e2c915d0ffb7e7e
SHA1 535c7db75b4b8d99d4ef53f29843f8d39d8a29f4
SHA256 bb558ced2510a3d0de8fbe9c892abf0906c5e0fbad7fcca211d60a586cea8f66
SHA512 624326f57c0a886d64fb1b061507ceffdd9eafec64c5ae1e6a2182ee8f2e32e402243f612c8adb4e481a7d08045c6d33981cb429de10ac1161e2f19edfdfc2b5

C:\Windows\System\pAtICFA.exe

MD5 3a6defa2bcc80829d7695040dfb11d5e
SHA1 a58af86e5b26f88adae7416a0a42756387de7039
SHA256 22e3e825d89a682c49798d7b030120302f5e4641afd502f512bdbca6e58c69b8
SHA512 1b8bae001c13f6891a0eb3bc50008cf2dd9725a79ce858301fbce2c1c655495954f755b02915326d88c689a56e70d8b1a6866c8d69761ce572041a1e940dfe53

memory/4372-167-0x00007FF7F40A0000-0x00007FF7F43F4000-memory.dmp

C:\Windows\System\vIMQBxn.exe

MD5 b9610101272a85cb999c4f3ba8902b36
SHA1 8633433647fd06076626d7e6af16956d9d36c3d5
SHA256 b3e111d13058d88406c47879891bb0363aadb3665e0aef498e486253a216e928
SHA512 8605446af4dc4a48a038fa9310233c32eaf17e65a844ed3f976d5149ce538cf0dc29472abea6f9b42a290ca3d2f2b9b005254b0cfc292d9640017beb73caf2fc

C:\Windows\System\kjuAMyU.exe

MD5 368df41ae65ffcfc9768c8502d484f82
SHA1 fe5ab01372150a00d4fed02124ba622d4b7070bd
SHA256 2d6c1b85ea35bba8ec96f9527b42aac13862bc96b09c1dca98af01af07f18a56
SHA512 4067ef610468bd64d0ff2486f537310347bcf3f3640326cedd98714af962d3655425d7e576a04199f338cbc63ebc90b4a21616bd3ee66ee5f4aca6d7b4d42294

memory/3388-159-0x00007FF7DE4D0000-0x00007FF7DE824000-memory.dmp

memory/2188-158-0x00007FF65ADA0000-0x00007FF65B0F4000-memory.dmp

C:\Windows\System\xcdSmrg.exe

MD5 fe8e7f1fabeeb7ecff8c0e49434cf46b
SHA1 9284ec6f829d303aeb95ddea687bdf6db6daa546
SHA256 456122dc5aab8aabab2ecfc222b779cdbec758973dff3a75f705a6ba7dfbd1ee
SHA512 6c3f146b20858cc32875a1ab2506934d11c74b1f311478051f161b5dd20d594b1a03f264abc3de1e5d014793e7f058413a14ee80f85c3e969c170e06aaa2866a

memory/4240-151-0x00007FF6C8910000-0x00007FF6C8C64000-memory.dmp

C:\Windows\System\BgmOLPq.exe

MD5 58652d60703d77b3736f0378dcb242c4
SHA1 b7a2b68464b7eeecfd73c347880d0e1c5dd960cd
SHA256 9539c7bf67bec4bbbf2cd04c328ed785e67792100b53c7adf00e7669ef54abdc
SHA512 f5db7666103f7443f8976d0aa258ddc2735c132babb0489820849496f4d2914c4ba8436bc0251b15670209d750eb3db9b34b15cbf264c13fcf9b6332802f005a

memory/1568-132-0x00007FF651720000-0x00007FF651A74000-memory.dmp

memory/1648-131-0x00007FF6E4150000-0x00007FF6E44A4000-memory.dmp

C:\Windows\System\MmtBFkf.exe

MD5 dd8064b5e46fce61b50488ee1dbc4dc5
SHA1 d94ea8616753c2c857ba3a98a74c09b21c109609
SHA256 b35f4cdf3f0c1ace8cc49d252a0c23bf7044891cfd1ff41e9da13252133cafac
SHA512 4cdb483c3dd9c20fbb954c47f2114ff0766ae93c6d533676e8fb39411d1fda973ae648ba748761eabbd4138b50945a2807cdc172b5dc00d0482922bc0ccd5b4b

C:\Windows\System\OHRcwin.exe

MD5 c5794242df37cc4b3c2b178542a3d3e6
SHA1 ac77680e3452c0791863aaa7bd11dd653dfeaad4
SHA256 e7d7423a2bfaeabfdfe89568062fa527976d4db5d2b5fdef3867b57aab92ae1d
SHA512 9aa40af74a217fffbe286aeec228cc750a6e97616fb359ac7f061151aa33f0a2b74c15f0c84974d26749ffea8b809143d93800a10f82f77ba44adde628c0c953

C:\Windows\System\dGOKYOt.exe

MD5 ae9b97b2174a3fe266c0c26aee827424
SHA1 9f9b42386e3a0784d84edb2a20bac84f9a64793d
SHA256 9b7a7d0727b75b9331fd502b31aca1ebe88e967f921b744b48b83446ca6ee078
SHA512 1e4b7a651c0c0aef4e04a7a75b920ac30b34704b23f4c86c75c742ddf259d63f92c74df15c86db6ba0626d6def5d775ff9ae914e38cc64bb7074f27d96fec721

memory/2312-112-0x00007FF7F3FE0000-0x00007FF7F4334000-memory.dmp

C:\Windows\System\gzTRxif.exe

MD5 81e964f8fc4cb9418ee3f8995bebedae
SHA1 e036d3cc6e677745c132707654f5d67e7b704e89
SHA256 43a8d11bde54633f277753c61e5ec4b565dd3e987cab1265490255f63075876b
SHA512 40acc39df9776050a5e84623516c507e04a202c319b75e72e5b5ad636cb2784403efeeea5d8f52b518f8b91754aea3da9f9bf080469476b26411364d318a844c

C:\Windows\System\eLLnZGo.exe

MD5 1debd5512ada4a47e82fd49e8e8911ad
SHA1 a53c0c1c3e19e05fd137a0ff3da2a630984e5ea5
SHA256 8a94558f46f119fd66e9f9f9a8a265fdb422a76b05f9a91c30f7bacca2bc7d7a
SHA512 43baf6264b8b9d5098848cf281bffedde496f287dea0ca5759cb178aaa44948035a9b5612969bfaf93b9a18b69f9112502a1a09abe04dac7a5f794b50337838e

memory/1976-101-0x00007FF786590000-0x00007FF7868E4000-memory.dmp

C:\Windows\System\QJiUumT.exe

MD5 c6a75cc54e1c6a4ead0437d62673548b
SHA1 b9acf5d57bd70d1225cbf95a460ef1d60230e3b8
SHA256 222c6ed7c025a096df043ab51728d079708d5603959e2b13902f9738d56510f4
SHA512 9fc33efbf3596a4dddba63e479dfcf3ee3704eb9f9e52f45092646b57e91a2006e307669ecd4df7405a768bd7d56365f53dfce17fc94694d157b4ef125f1b267

memory/1064-1070-0x00007FF690740000-0x00007FF690A94000-memory.dmp

C:\Windows\System\BYlIEaR.exe

MD5 b8569e37f2fc610ac4e09f7ca014d25d
SHA1 3dad065cd2d58cbdf83f810601e222491f6531d2
SHA256 16d711a0a3710414b3f434c4c2833c4e659a2b073887a228c0d0e494564f6def
SHA512 e50ae69a7e62be0b32d46c26fbfe53aac460481e308a82361c16cac3b071afb3cf6909080c40c23e33c5b3595da4e419bfa15b4666afef36f4536a9cb4bb1061

C:\Windows\System\psEHYer.exe

MD5 34bd6c2417ac7c87927ae9ca001f1a99
SHA1 5b84b8f7509c30d7c8159eb008a2275645ab2bff
SHA256 31ac5e4bdc10dca6b2b7b4386201b193cbafae36bb7235495f5bb7a10309126a
SHA512 2e8f8387cbe694323f1de5c8adabce7832f4ecf080da3a02d84dd14b82907f15efc6dcb45b87a269993375646c63d4fcdf7627c2a0a4455004f3c1c30919f61f

C:\Windows\System\mVPRuei.exe

MD5 c944d1dcd1440b89a1a888502fb3188e
SHA1 416f1ff06fb42c4ed51fc900e065f4cd6afe9689
SHA256 f0f59b9e37b8ee1925fa6ac177ba1231d311313236aedd474692bcbda7e3246f
SHA512 b895e93b65562a87e4bbfef3ef399aeb5f1769f31bde6abbad59730b4764991c88fc6e4cd64e2bc4598ea5bbfdcde88e6485e536d3f1b3eec67b10128980fe59

C:\Windows\System\oHmdqwb.exe

MD5 f532ec884ca636461c7d325c57acb5b7
SHA1 e3d6922fb190b5f611a2c1f30d18d51c99774c94
SHA256 61835c533f80fb81000c4da1f8860f1bdea5403c9131659f8d936646d39a28dd
SHA512 dce0f1182a7b464b639bf35e0789a6d5ace9c2bf5253a58b58032f89f823b62c5d8f82e39c56fd902bbfcd24728e5f09fe96a779064bd623a1af653847524d81

C:\Windows\System\GfbnpSH.exe

MD5 416d2b9ffac72f001a6bfdd6d5bf9d63
SHA1 37317cfc5b9d5c7fa0fa468fe6a0d1c5ba212aad
SHA256 afbc755d20e54ef2d1b9e87c5000468e0b9edae9d96e8f015422a5249f7b7193
SHA512 4abb25be82b22f7e430e262befe07844940ad83a5c53b1771801d836b9319b33c6f8857d2ef4289803c90ffad59e53ee80bd8410887401f190ba0fe4c056baab

C:\Windows\System\jMBJmDT.exe

MD5 938df9c25e8259bb0f6028e273ac82f1
SHA1 063b7603d73eda6024f8ca1b5888a7824a7a41f2
SHA256 43448af02f9e09e0cd181f7a12e459a75a6cd30a95bd4abdc8e626975915bce0
SHA512 3756d17713f7b98362d89c4689aeda4a959ab8d423cdf811fc889831c811c9f70cd04417ea4456d494ff8566b1b9560a2c56d0089db080611d533fb248595a00

C:\Windows\System\rhwnqxv.exe

MD5 abf2f35cbc2ab7eead5e02577a34e6a4
SHA1 bc2359eb748114022a8382520085e1302fa8f549
SHA256 e4ae26e6842466f66f6067f5cb3249946534b70c6af51a06572c73b5fba5694e
SHA512 66bf2a4eea51f2996b8c319f4bcf22af2d25b0270c732499e2f66c65b267cf7335f242e2b586f564c0569ddcf4d1ab84dd6f883052d8390451ac557f55348682

C:\Windows\System\LqVYZeM.exe

MD5 6d02ee0e458d554d3541e263743f7a69
SHA1 18c3dd5bd8332c3ed6c2681872d39453fc396947
SHA256 1f8be136cf1397a99acd7df38d5ae9f44357f4861ebf8b93fe22f948f3f74fcd
SHA512 535b122ce8c26ecfbc25e1ecebfaa2d415eddf3a8eaf81cb6107a495a098570b98dd1de8b0b6ae4064e9c24bb7293c2cd125a279514516d95459675587a9635d

C:\Windows\System\FMfcpCy.exe

MD5 3f9a695d6e130b757b3adabfe64f8fe2
SHA1 0a293944b37c8a90f9fe5f1081d36bec15e145ca
SHA256 07489f72f499421a25282747999ad0df6f62758a81db48517b972ea66784789c
SHA512 0dd65016731c5b73bb6f17d730ddba0a3a974bb412040cb6797fc5562ea72a54efa21ca90b134fd287fc77d327d83ac2d17b377ceacdddc93783190089bda19e

C:\Windows\System\ydOLEJD.exe

MD5 5ac88de37c9ade7175e1a822be845dce
SHA1 65d843795b0ef0615a587ede1fe6fd51c136f4a3
SHA256 d37f058c593d15868bf140c298383e8cdcf701f61a8749b03c2a305bb4110484
SHA512 d5eb5c66cb2d990fc352f5000bdb6fe9490b80f91bdd4d423decd5b9e9dab997438b3d865f809d4a4ca3cbce2ed1a2273b8b89cb9ab91b853b2ceb2f7cbdf058

memory/3400-26-0x00007FF7B32E0000-0x00007FF7B3634000-memory.dmp

memory/1996-23-0x00007FF6F2E80000-0x00007FF6F31D4000-memory.dmp

memory/4264-17-0x00007FF68BE80000-0x00007FF68C1D4000-memory.dmp

C:\Windows\System\CIxgooZ.exe

MD5 6e7a8510638409f03c60730e72e7993f
SHA1 e10cb27bced1395088c31312b7cc9ec9d1a4776c
SHA256 a3d23161747e1a00b7b8e8d76f6484917b1926e932ec28de94ca28d71f88f64f
SHA512 7d54986724d14d5938d8851e3222038d4c800a1b42a6b00a3488384d9cd9efcb131ed0ec26a9ab9642f58a108c2220d8f89b309db5ac3261323ae7700a71041f

memory/2968-8-0x00007FF7B4070000-0x00007FF7B43C4000-memory.dmp

C:\Windows\System\hUogRRh.exe

MD5 c42647facb38f8ba58619991d4bb1afa
SHA1 877c46475142adc4ebd3bb8ec5aa6b56c76571ba
SHA256 cd9133e3a0bf633f3dd2b9938fc7733e0d1e10a19d318c094b70554fe12d9b6e
SHA512 f2ffcbbe12066717d6bd1a47fb6ceef39830db933407918dc39860f09d3d793bb4dcaf4ce966638730c4e9b220eddcc46c35802ba5b0719cd13f27f2fbc330d5

memory/1064-1-0x000001F93B3C0000-0x000001F93B3D0000-memory.dmp

memory/2968-1071-0x00007FF7B4070000-0x00007FF7B43C4000-memory.dmp

memory/1996-1072-0x00007FF6F2E80000-0x00007FF6F31D4000-memory.dmp

memory/3400-1073-0x00007FF7B32E0000-0x00007FF7B3634000-memory.dmp

memory/1536-1074-0x00007FF7CEC00000-0x00007FF7CEF54000-memory.dmp

memory/4948-1075-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

memory/2452-1076-0x00007FF730900000-0x00007FF730C54000-memory.dmp

memory/2968-1077-0x00007FF7B4070000-0x00007FF7B43C4000-memory.dmp

memory/4264-1078-0x00007FF68BE80000-0x00007FF68C1D4000-memory.dmp

memory/1996-1079-0x00007FF6F2E80000-0x00007FF6F31D4000-memory.dmp

memory/3400-1080-0x00007FF7B32E0000-0x00007FF7B3634000-memory.dmp

memory/2312-1082-0x00007FF7F3FE0000-0x00007FF7F4334000-memory.dmp

memory/4240-1085-0x00007FF6C8910000-0x00007FF6C8C64000-memory.dmp

memory/4948-1086-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

memory/5064-1088-0x00007FF7D44E0000-0x00007FF7D4834000-memory.dmp

memory/2188-1089-0x00007FF65ADA0000-0x00007FF65B0F4000-memory.dmp

memory/2764-1091-0x00007FF6DBA50000-0x00007FF6DBDA4000-memory.dmp

memory/3388-1092-0x00007FF7DE4D0000-0x00007FF7DE824000-memory.dmp

memory/4372-1094-0x00007FF7F40A0000-0x00007FF7F43F4000-memory.dmp

memory/3276-1093-0x00007FF63E2B0000-0x00007FF63E604000-memory.dmp

memory/868-1098-0x00007FF7394E0000-0x00007FF739834000-memory.dmp

memory/2876-1099-0x00007FF6B0BE0000-0x00007FF6B0F34000-memory.dmp

memory/3744-1102-0x00007FF705D00000-0x00007FF706054000-memory.dmp

memory/3792-1101-0x00007FF739410000-0x00007FF739764000-memory.dmp

memory/3740-1100-0x00007FF7E9740000-0x00007FF7E9A94000-memory.dmp

memory/4628-1097-0x00007FF775010000-0x00007FF775364000-memory.dmp

memory/4932-1096-0x00007FF7C8060000-0x00007FF7C83B4000-memory.dmp

memory/2892-1104-0x00007FF6A46D0000-0x00007FF6A4A24000-memory.dmp

memory/5048-1103-0x00007FF696F10000-0x00007FF697264000-memory.dmp

memory/3012-1095-0x00007FF7332B0000-0x00007FF733604000-memory.dmp

memory/1568-1090-0x00007FF651720000-0x00007FF651A74000-memory.dmp

memory/4092-1087-0x00007FF725770000-0x00007FF725AC4000-memory.dmp

memory/1648-1084-0x00007FF6E4150000-0x00007FF6E44A4000-memory.dmp

memory/1536-1083-0x00007FF7CEC00000-0x00007FF7CEF54000-memory.dmp

memory/1976-1081-0x00007FF786590000-0x00007FF7868E4000-memory.dmp

memory/2452-1105-0x00007FF730900000-0x00007FF730C54000-memory.dmp