Malware Analysis Report

2024-10-10 08:39

Sample ID 240604-f8sgeaeg4y
Target 330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe
SHA256 d9637f09d753701fec8f9be4519910bd301e40eb96acd2a27984821d321c44ef
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d9637f09d753701fec8f9be4519910bd301e40eb96acd2a27984821d321c44ef

Threat Level: Known bad

The file 330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

xmrig

KPOT Core Executable

Xmrig family

Kpot family

KPOT

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 05:32

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 05:32

Reported

2024-06-04 05:35

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XWiFqkk.exe N/A
N/A N/A C:\Windows\System\xeQBSrj.exe N/A
N/A N/A C:\Windows\System\dykZUNm.exe N/A
N/A N/A C:\Windows\System\YaagWza.exe N/A
N/A N/A C:\Windows\System\nuDEzPp.exe N/A
N/A N/A C:\Windows\System\GtYHZXT.exe N/A
N/A N/A C:\Windows\System\mMYtCwQ.exe N/A
N/A N/A C:\Windows\System\jJHGZWQ.exe N/A
N/A N/A C:\Windows\System\DfHSRnL.exe N/A
N/A N/A C:\Windows\System\RsnGueP.exe N/A
N/A N/A C:\Windows\System\TZQkdFb.exe N/A
N/A N/A C:\Windows\System\cVXWEJY.exe N/A
N/A N/A C:\Windows\System\fCnCHwr.exe N/A
N/A N/A C:\Windows\System\rLavhro.exe N/A
N/A N/A C:\Windows\System\CMzZVwK.exe N/A
N/A N/A C:\Windows\System\IpdUCyq.exe N/A
N/A N/A C:\Windows\System\zitzoit.exe N/A
N/A N/A C:\Windows\System\rnbfSAc.exe N/A
N/A N/A C:\Windows\System\cTjmpSp.exe N/A
N/A N/A C:\Windows\System\vLwKinh.exe N/A
N/A N/A C:\Windows\System\LqViGBd.exe N/A
N/A N/A C:\Windows\System\JgOwaFB.exe N/A
N/A N/A C:\Windows\System\VqtmdtM.exe N/A
N/A N/A C:\Windows\System\UcPbpJA.exe N/A
N/A N/A C:\Windows\System\rpCEshm.exe N/A
N/A N/A C:\Windows\System\VhtXDeH.exe N/A
N/A N/A C:\Windows\System\NChNWLN.exe N/A
N/A N/A C:\Windows\System\KiJtiFc.exe N/A
N/A N/A C:\Windows\System\MoJQosl.exe N/A
N/A N/A C:\Windows\System\fCkZVvG.exe N/A
N/A N/A C:\Windows\System\MumjBGq.exe N/A
N/A N/A C:\Windows\System\eJTJWEN.exe N/A
N/A N/A C:\Windows\System\GwSpCYq.exe N/A
N/A N/A C:\Windows\System\efXnXAv.exe N/A
N/A N/A C:\Windows\System\yGzbOMd.exe N/A
N/A N/A C:\Windows\System\TUtelNj.exe N/A
N/A N/A C:\Windows\System\vzyMdbR.exe N/A
N/A N/A C:\Windows\System\gtFWOSD.exe N/A
N/A N/A C:\Windows\System\yrgDHpG.exe N/A
N/A N/A C:\Windows\System\sMQTaWt.exe N/A
N/A N/A C:\Windows\System\pMRBjvt.exe N/A
N/A N/A C:\Windows\System\ZlHGcxP.exe N/A
N/A N/A C:\Windows\System\rqxvwHU.exe N/A
N/A N/A C:\Windows\System\CcHvefD.exe N/A
N/A N/A C:\Windows\System\dvRNWgJ.exe N/A
N/A N/A C:\Windows\System\pWHvayG.exe N/A
N/A N/A C:\Windows\System\aykDLDq.exe N/A
N/A N/A C:\Windows\System\ftWfpeW.exe N/A
N/A N/A C:\Windows\System\uEfeuvr.exe N/A
N/A N/A C:\Windows\System\PYSVLQu.exe N/A
N/A N/A C:\Windows\System\OEwgkZI.exe N/A
N/A N/A C:\Windows\System\mSCSlpb.exe N/A
N/A N/A C:\Windows\System\XLmkUMN.exe N/A
N/A N/A C:\Windows\System\JwtwmFy.exe N/A
N/A N/A C:\Windows\System\ubNCQec.exe N/A
N/A N/A C:\Windows\System\LWpzmcP.exe N/A
N/A N/A C:\Windows\System\AVnmCsG.exe N/A
N/A N/A C:\Windows\System\kEWRlCd.exe N/A
N/A N/A C:\Windows\System\sGnOYPt.exe N/A
N/A N/A C:\Windows\System\qAwvfVE.exe N/A
N/A N/A C:\Windows\System\hwUnxkB.exe N/A
N/A N/A C:\Windows\System\uemwkKX.exe N/A
N/A N/A C:\Windows\System\fYxCKVf.exe N/A
N/A N/A C:\Windows\System\mwabRJs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\mwabRJs.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfAcBvJ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXFMipa.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOTUkzI.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvtvVhm.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdqTidS.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQNUYoa.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHSXcwl.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKsZSTO.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaagWza.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMYtCwQ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqxvwHU.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgqcpmX.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVIBOOM.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\JlrGRkq.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYbXjAq.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNqPDto.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfHSRnL.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqViGBd.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhtXDeH.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZDrobt.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\utoIVcw.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxiMUTA.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGzRmsl.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtgSaUP.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjiUfPZ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRBXoqk.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\OqjSxik.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDoDPDD.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\pLVAZMF.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpdUCyq.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNIWvuY.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XilKqWN.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\RryZNZs.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\aykDLDq.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIhBMkD.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\foWDhUA.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gfUHyZe.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMkuQQE.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRsFGIk.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFNklLy.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzOYafj.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdfrvnY.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgOwaFB.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpCEshm.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\svsCRhg.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\tukMJQH.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxihteK.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQIbguz.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvOvsgf.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWNgikc.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCeItHM.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVXWEJY.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WppZrON.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HelrZmk.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\YeHQVxL.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvRNWgJ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fYxCKVf.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BhVlUxu.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAKAxSZ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\amrlTCv.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHaYFjC.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEgbVIc.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\efXnXAv.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3332 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\XWiFqkk.exe
PID 3332 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\XWiFqkk.exe
PID 3332 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\xeQBSrj.exe
PID 3332 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\xeQBSrj.exe
PID 3332 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\dykZUNm.exe
PID 3332 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\dykZUNm.exe
PID 3332 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\YaagWza.exe
PID 3332 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\YaagWza.exe
PID 3332 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\nuDEzPp.exe
PID 3332 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\nuDEzPp.exe
PID 3332 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\GtYHZXT.exe
PID 3332 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\GtYHZXT.exe
PID 3332 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\mMYtCwQ.exe
PID 3332 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\mMYtCwQ.exe
PID 3332 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\jJHGZWQ.exe
PID 3332 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\jJHGZWQ.exe
PID 3332 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\DfHSRnL.exe
PID 3332 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\DfHSRnL.exe
PID 3332 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\RsnGueP.exe
PID 3332 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\RsnGueP.exe
PID 3332 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TZQkdFb.exe
PID 3332 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TZQkdFb.exe
PID 3332 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cVXWEJY.exe
PID 3332 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cVXWEJY.exe
PID 3332 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\fCnCHwr.exe
PID 3332 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\fCnCHwr.exe
PID 3332 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rLavhro.exe
PID 3332 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rLavhro.exe
PID 3332 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\CMzZVwK.exe
PID 3332 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\CMzZVwK.exe
PID 3332 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\IpdUCyq.exe
PID 3332 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\IpdUCyq.exe
PID 3332 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\zitzoit.exe
PID 3332 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\zitzoit.exe
PID 3332 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rnbfSAc.exe
PID 3332 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rnbfSAc.exe
PID 3332 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cTjmpSp.exe
PID 3332 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cTjmpSp.exe
PID 3332 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\vLwKinh.exe
PID 3332 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\vLwKinh.exe
PID 3332 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\LqViGBd.exe
PID 3332 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\LqViGBd.exe
PID 3332 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\JgOwaFB.exe
PID 3332 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\JgOwaFB.exe
PID 3332 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\VqtmdtM.exe
PID 3332 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\VqtmdtM.exe
PID 3332 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\UcPbpJA.exe
PID 3332 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\UcPbpJA.exe
PID 3332 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rpCEshm.exe
PID 3332 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rpCEshm.exe
PID 3332 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\VhtXDeH.exe
PID 3332 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\VhtXDeH.exe
PID 3332 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\NChNWLN.exe
PID 3332 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\NChNWLN.exe
PID 3332 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\KiJtiFc.exe
PID 3332 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\KiJtiFc.exe
PID 3332 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\MoJQosl.exe
PID 3332 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\MoJQosl.exe
PID 3332 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\fCkZVvG.exe
PID 3332 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\fCkZVvG.exe
PID 3332 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\MumjBGq.exe
PID 3332 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\MumjBGq.exe
PID 3332 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\eJTJWEN.exe
PID 3332 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\eJTJWEN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe"

C:\Windows\System\XWiFqkk.exe

C:\Windows\System\XWiFqkk.exe

C:\Windows\System\xeQBSrj.exe

C:\Windows\System\xeQBSrj.exe

C:\Windows\System\dykZUNm.exe

C:\Windows\System\dykZUNm.exe

C:\Windows\System\YaagWza.exe

C:\Windows\System\YaagWza.exe

C:\Windows\System\nuDEzPp.exe

C:\Windows\System\nuDEzPp.exe

C:\Windows\System\GtYHZXT.exe

C:\Windows\System\GtYHZXT.exe

C:\Windows\System\mMYtCwQ.exe

C:\Windows\System\mMYtCwQ.exe

C:\Windows\System\jJHGZWQ.exe

C:\Windows\System\jJHGZWQ.exe

C:\Windows\System\DfHSRnL.exe

C:\Windows\System\DfHSRnL.exe

C:\Windows\System\RsnGueP.exe

C:\Windows\System\RsnGueP.exe

C:\Windows\System\TZQkdFb.exe

C:\Windows\System\TZQkdFb.exe

C:\Windows\System\cVXWEJY.exe

C:\Windows\System\cVXWEJY.exe

C:\Windows\System\fCnCHwr.exe

C:\Windows\System\fCnCHwr.exe

C:\Windows\System\rLavhro.exe

C:\Windows\System\rLavhro.exe

C:\Windows\System\CMzZVwK.exe

C:\Windows\System\CMzZVwK.exe

C:\Windows\System\IpdUCyq.exe

C:\Windows\System\IpdUCyq.exe

C:\Windows\System\zitzoit.exe

C:\Windows\System\zitzoit.exe

C:\Windows\System\rnbfSAc.exe

C:\Windows\System\rnbfSAc.exe

C:\Windows\System\cTjmpSp.exe

C:\Windows\System\cTjmpSp.exe

C:\Windows\System\vLwKinh.exe

C:\Windows\System\vLwKinh.exe

C:\Windows\System\LqViGBd.exe

C:\Windows\System\LqViGBd.exe

C:\Windows\System\JgOwaFB.exe

C:\Windows\System\JgOwaFB.exe

C:\Windows\System\VqtmdtM.exe

C:\Windows\System\VqtmdtM.exe

C:\Windows\System\UcPbpJA.exe

C:\Windows\System\UcPbpJA.exe

C:\Windows\System\rpCEshm.exe

C:\Windows\System\rpCEshm.exe

C:\Windows\System\VhtXDeH.exe

C:\Windows\System\VhtXDeH.exe

C:\Windows\System\NChNWLN.exe

C:\Windows\System\NChNWLN.exe

C:\Windows\System\KiJtiFc.exe

C:\Windows\System\KiJtiFc.exe

C:\Windows\System\MoJQosl.exe

C:\Windows\System\MoJQosl.exe

C:\Windows\System\fCkZVvG.exe

C:\Windows\System\fCkZVvG.exe

C:\Windows\System\MumjBGq.exe

C:\Windows\System\MumjBGq.exe

C:\Windows\System\eJTJWEN.exe

C:\Windows\System\eJTJWEN.exe

C:\Windows\System\GwSpCYq.exe

C:\Windows\System\GwSpCYq.exe

C:\Windows\System\efXnXAv.exe

C:\Windows\System\efXnXAv.exe

C:\Windows\System\yGzbOMd.exe

C:\Windows\System\yGzbOMd.exe

C:\Windows\System\TUtelNj.exe

C:\Windows\System\TUtelNj.exe

C:\Windows\System\vzyMdbR.exe

C:\Windows\System\vzyMdbR.exe

C:\Windows\System\gtFWOSD.exe

C:\Windows\System\gtFWOSD.exe

C:\Windows\System\yrgDHpG.exe

C:\Windows\System\yrgDHpG.exe

C:\Windows\System\sMQTaWt.exe

C:\Windows\System\sMQTaWt.exe

C:\Windows\System\pMRBjvt.exe

C:\Windows\System\pMRBjvt.exe

C:\Windows\System\ZlHGcxP.exe

C:\Windows\System\ZlHGcxP.exe

C:\Windows\System\rqxvwHU.exe

C:\Windows\System\rqxvwHU.exe

C:\Windows\System\CcHvefD.exe

C:\Windows\System\CcHvefD.exe

C:\Windows\System\dvRNWgJ.exe

C:\Windows\System\dvRNWgJ.exe

C:\Windows\System\pWHvayG.exe

C:\Windows\System\pWHvayG.exe

C:\Windows\System\aykDLDq.exe

C:\Windows\System\aykDLDq.exe

C:\Windows\System\ftWfpeW.exe

C:\Windows\System\ftWfpeW.exe

C:\Windows\System\uEfeuvr.exe

C:\Windows\System\uEfeuvr.exe

C:\Windows\System\PYSVLQu.exe

C:\Windows\System\PYSVLQu.exe

C:\Windows\System\OEwgkZI.exe

C:\Windows\System\OEwgkZI.exe

C:\Windows\System\mSCSlpb.exe

C:\Windows\System\mSCSlpb.exe

C:\Windows\System\XLmkUMN.exe

C:\Windows\System\XLmkUMN.exe

C:\Windows\System\JwtwmFy.exe

C:\Windows\System\JwtwmFy.exe

C:\Windows\System\ubNCQec.exe

C:\Windows\System\ubNCQec.exe

C:\Windows\System\LWpzmcP.exe

C:\Windows\System\LWpzmcP.exe

C:\Windows\System\AVnmCsG.exe

C:\Windows\System\AVnmCsG.exe

C:\Windows\System\kEWRlCd.exe

C:\Windows\System\kEWRlCd.exe

C:\Windows\System\sGnOYPt.exe

C:\Windows\System\sGnOYPt.exe

C:\Windows\System\qAwvfVE.exe

C:\Windows\System\qAwvfVE.exe

C:\Windows\System\hwUnxkB.exe

C:\Windows\System\hwUnxkB.exe

C:\Windows\System\uemwkKX.exe

C:\Windows\System\uemwkKX.exe

C:\Windows\System\fYxCKVf.exe

C:\Windows\System\fYxCKVf.exe

C:\Windows\System\mwabRJs.exe

C:\Windows\System\mwabRJs.exe

C:\Windows\System\QfumEed.exe

C:\Windows\System\QfumEed.exe

C:\Windows\System\OpEsAdt.exe

C:\Windows\System\OpEsAdt.exe

C:\Windows\System\fgcMjbH.exe

C:\Windows\System\fgcMjbH.exe

C:\Windows\System\sohvHPC.exe

C:\Windows\System\sohvHPC.exe

C:\Windows\System\sACKApy.exe

C:\Windows\System\sACKApy.exe

C:\Windows\System\sWiVVrV.exe

C:\Windows\System\sWiVVrV.exe

C:\Windows\System\ejnoriE.exe

C:\Windows\System\ejnoriE.exe

C:\Windows\System\slqoMHm.exe

C:\Windows\System\slqoMHm.exe

C:\Windows\System\bVaQFBC.exe

C:\Windows\System\bVaQFBC.exe

C:\Windows\System\pIRXyHV.exe

C:\Windows\System\pIRXyHV.exe

C:\Windows\System\NfAcBvJ.exe

C:\Windows\System\NfAcBvJ.exe

C:\Windows\System\JojZVYb.exe

C:\Windows\System\JojZVYb.exe

C:\Windows\System\voRArcd.exe

C:\Windows\System\voRArcd.exe

C:\Windows\System\eViFyyT.exe

C:\Windows\System\eViFyyT.exe

C:\Windows\System\uQgLidt.exe

C:\Windows\System\uQgLidt.exe

C:\Windows\System\vzSWzZI.exe

C:\Windows\System\vzSWzZI.exe

C:\Windows\System\YObuRaI.exe

C:\Windows\System\YObuRaI.exe

C:\Windows\System\EslzwSJ.exe

C:\Windows\System\EslzwSJ.exe

C:\Windows\System\kkJGfaj.exe

C:\Windows\System\kkJGfaj.exe

C:\Windows\System\YSnglip.exe

C:\Windows\System\YSnglip.exe

C:\Windows\System\KpibSaA.exe

C:\Windows\System\KpibSaA.exe

C:\Windows\System\mBWbZjS.exe

C:\Windows\System\mBWbZjS.exe

C:\Windows\System\GCDDOiT.exe

C:\Windows\System\GCDDOiT.exe

C:\Windows\System\QFlhBrh.exe

C:\Windows\System\QFlhBrh.exe

C:\Windows\System\mjVEdPl.exe

C:\Windows\System\mjVEdPl.exe

C:\Windows\System\lcjRApR.exe

C:\Windows\System\lcjRApR.exe

C:\Windows\System\vnVmbOc.exe

C:\Windows\System\vnVmbOc.exe

C:\Windows\System\yiIXMXj.exe

C:\Windows\System\yiIXMXj.exe

C:\Windows\System\fwmbkUC.exe

C:\Windows\System\fwmbkUC.exe

C:\Windows\System\SkERjBc.exe

C:\Windows\System\SkERjBc.exe

C:\Windows\System\vpZaaZx.exe

C:\Windows\System\vpZaaZx.exe

C:\Windows\System\sDBauit.exe

C:\Windows\System\sDBauit.exe

C:\Windows\System\zFcbtMy.exe

C:\Windows\System\zFcbtMy.exe

C:\Windows\System\QQitvod.exe

C:\Windows\System\QQitvod.exe

C:\Windows\System\hmnPQJe.exe

C:\Windows\System\hmnPQJe.exe

C:\Windows\System\jHrxAVa.exe

C:\Windows\System\jHrxAVa.exe

C:\Windows\System\TpHuyas.exe

C:\Windows\System\TpHuyas.exe

C:\Windows\System\KSpRvgI.exe

C:\Windows\System\KSpRvgI.exe

C:\Windows\System\YRPdnvm.exe

C:\Windows\System\YRPdnvm.exe

C:\Windows\System\CdLvXBH.exe

C:\Windows\System\CdLvXBH.exe

C:\Windows\System\LlVSHVa.exe

C:\Windows\System\LlVSHVa.exe

C:\Windows\System\cgqcpmX.exe

C:\Windows\System\cgqcpmX.exe

C:\Windows\System\wbjLrxN.exe

C:\Windows\System\wbjLrxN.exe

C:\Windows\System\gVIBOOM.exe

C:\Windows\System\gVIBOOM.exe

C:\Windows\System\GOnaQLz.exe

C:\Windows\System\GOnaQLz.exe

C:\Windows\System\iaokidq.exe

C:\Windows\System\iaokidq.exe

C:\Windows\System\OqjSxik.exe

C:\Windows\System\OqjSxik.exe

C:\Windows\System\SCsUypO.exe

C:\Windows\System\SCsUypO.exe

C:\Windows\System\JlrGRkq.exe

C:\Windows\System\JlrGRkq.exe

C:\Windows\System\paUSXdD.exe

C:\Windows\System\paUSXdD.exe

C:\Windows\System\ustuTYO.exe

C:\Windows\System\ustuTYO.exe

C:\Windows\System\rerVhZH.exe

C:\Windows\System\rerVhZH.exe

C:\Windows\System\BhVlUxu.exe

C:\Windows\System\BhVlUxu.exe

C:\Windows\System\WFzdqgp.exe

C:\Windows\System\WFzdqgp.exe

C:\Windows\System\kZDrobt.exe

C:\Windows\System\kZDrobt.exe

C:\Windows\System\oBffXUh.exe

C:\Windows\System\oBffXUh.exe

C:\Windows\System\tDKyhNK.exe

C:\Windows\System\tDKyhNK.exe

C:\Windows\System\rXFMipa.exe

C:\Windows\System\rXFMipa.exe

C:\Windows\System\uyteFOG.exe

C:\Windows\System\uyteFOG.exe

C:\Windows\System\UOTUkzI.exe

C:\Windows\System\UOTUkzI.exe

C:\Windows\System\RpwnzLm.exe

C:\Windows\System\RpwnzLm.exe

C:\Windows\System\HDCLEYm.exe

C:\Windows\System\HDCLEYm.exe

C:\Windows\System\moiHbZE.exe

C:\Windows\System\moiHbZE.exe

C:\Windows\System\DGhXiQu.exe

C:\Windows\System\DGhXiQu.exe

C:\Windows\System\xlqaUHp.exe

C:\Windows\System\xlqaUHp.exe

C:\Windows\System\FzOYafj.exe

C:\Windows\System\FzOYafj.exe

C:\Windows\System\rNIWvuY.exe

C:\Windows\System\rNIWvuY.exe

C:\Windows\System\YgJUGlI.exe

C:\Windows\System\YgJUGlI.exe

C:\Windows\System\utoIVcw.exe

C:\Windows\System\utoIVcw.exe

C:\Windows\System\WppZrON.exe

C:\Windows\System\WppZrON.exe

C:\Windows\System\CoHSpkS.exe

C:\Windows\System\CoHSpkS.exe

C:\Windows\System\LzwHvxR.exe

C:\Windows\System\LzwHvxR.exe

C:\Windows\System\GxiMUTA.exe

C:\Windows\System\GxiMUTA.exe

C:\Windows\System\mjKdDiE.exe

C:\Windows\System\mjKdDiE.exe

C:\Windows\System\dwLMcdh.exe

C:\Windows\System\dwLMcdh.exe

C:\Windows\System\UwoNUbd.exe

C:\Windows\System\UwoNUbd.exe

C:\Windows\System\ssmmftz.exe

C:\Windows\System\ssmmftz.exe

C:\Windows\System\dLQcBFp.exe

C:\Windows\System\dLQcBFp.exe

C:\Windows\System\OAxHFNz.exe

C:\Windows\System\OAxHFNz.exe

C:\Windows\System\gvtvVhm.exe

C:\Windows\System\gvtvVhm.exe

C:\Windows\System\TzGDJtj.exe

C:\Windows\System\TzGDJtj.exe

C:\Windows\System\TgHHSUy.exe

C:\Windows\System\TgHHSUy.exe

C:\Windows\System\NRZjYbG.exe

C:\Windows\System\NRZjYbG.exe

C:\Windows\System\hbOhtQA.exe

C:\Windows\System\hbOhtQA.exe

C:\Windows\System\znmwxpQ.exe

C:\Windows\System\znmwxpQ.exe

C:\Windows\System\WGzRmsl.exe

C:\Windows\System\WGzRmsl.exe

C:\Windows\System\tkCPxaJ.exe

C:\Windows\System\tkCPxaJ.exe

C:\Windows\System\TimsYFn.exe

C:\Windows\System\TimsYFn.exe

C:\Windows\System\xDoDPDD.exe

C:\Windows\System\xDoDPDD.exe

C:\Windows\System\vlnwCcI.exe

C:\Windows\System\vlnwCcI.exe

C:\Windows\System\wbHznWb.exe

C:\Windows\System\wbHznWb.exe

C:\Windows\System\SuIKzdk.exe

C:\Windows\System\SuIKzdk.exe

C:\Windows\System\HmyVvGz.exe

C:\Windows\System\HmyVvGz.exe

C:\Windows\System\hHdHSbZ.exe

C:\Windows\System\hHdHSbZ.exe

C:\Windows\System\aYdwwLR.exe

C:\Windows\System\aYdwwLR.exe

C:\Windows\System\DYKmfJF.exe

C:\Windows\System\DYKmfJF.exe

C:\Windows\System\IAKAxSZ.exe

C:\Windows\System\IAKAxSZ.exe

C:\Windows\System\MYITfhn.exe

C:\Windows\System\MYITfhn.exe

C:\Windows\System\OtyEByk.exe

C:\Windows\System\OtyEByk.exe

C:\Windows\System\XjlTfNo.exe

C:\Windows\System\XjlTfNo.exe

C:\Windows\System\sOuYyNo.exe

C:\Windows\System\sOuYyNo.exe

C:\Windows\System\wpiWxsc.exe

C:\Windows\System\wpiWxsc.exe

C:\Windows\System\FNraYoa.exe

C:\Windows\System\FNraYoa.exe

C:\Windows\System\WVMjoWK.exe

C:\Windows\System\WVMjoWK.exe

C:\Windows\System\nTyZoyx.exe

C:\Windows\System\nTyZoyx.exe

C:\Windows\System\svsCRhg.exe

C:\Windows\System\svsCRhg.exe

C:\Windows\System\TYbXjAq.exe

C:\Windows\System\TYbXjAq.exe

C:\Windows\System\WIhBMkD.exe

C:\Windows\System\WIhBMkD.exe

C:\Windows\System\oMnGhvu.exe

C:\Windows\System\oMnGhvu.exe

C:\Windows\System\nQGWIbJ.exe

C:\Windows\System\nQGWIbJ.exe

C:\Windows\System\evjDtDy.exe

C:\Windows\System\evjDtDy.exe

C:\Windows\System\BKVyHla.exe

C:\Windows\System\BKVyHla.exe

C:\Windows\System\tukMJQH.exe

C:\Windows\System\tukMJQH.exe

C:\Windows\System\kUxYyqt.exe

C:\Windows\System\kUxYyqt.exe

C:\Windows\System\QuAFGMF.exe

C:\Windows\System\QuAFGMF.exe

C:\Windows\System\srRHiZF.exe

C:\Windows\System\srRHiZF.exe

C:\Windows\System\FTiiHkZ.exe

C:\Windows\System\FTiiHkZ.exe

C:\Windows\System\HMCfjew.exe

C:\Windows\System\HMCfjew.exe

C:\Windows\System\mNvKKzk.exe

C:\Windows\System\mNvKKzk.exe

C:\Windows\System\fbGfrCD.exe

C:\Windows\System\fbGfrCD.exe

C:\Windows\System\eNqPDto.exe

C:\Windows\System\eNqPDto.exe

C:\Windows\System\EIaPvtj.exe

C:\Windows\System\EIaPvtj.exe

C:\Windows\System\ZygLxKI.exe

C:\Windows\System\ZygLxKI.exe

C:\Windows\System\WtgSaUP.exe

C:\Windows\System\WtgSaUP.exe

C:\Windows\System\ydjsdXo.exe

C:\Windows\System\ydjsdXo.exe

C:\Windows\System\MQzEuhZ.exe

C:\Windows\System\MQzEuhZ.exe

C:\Windows\System\FksVmhU.exe

C:\Windows\System\FksVmhU.exe

C:\Windows\System\ZzQndHB.exe

C:\Windows\System\ZzQndHB.exe

C:\Windows\System\lMLTtTb.exe

C:\Windows\System\lMLTtTb.exe

C:\Windows\System\WxnkDLq.exe

C:\Windows\System\WxnkDLq.exe

C:\Windows\System\sxihteK.exe

C:\Windows\System\sxihteK.exe

C:\Windows\System\MUdjbrZ.exe

C:\Windows\System\MUdjbrZ.exe

C:\Windows\System\SCByBkC.exe

C:\Windows\System\SCByBkC.exe

C:\Windows\System\bIozuUI.exe

C:\Windows\System\bIozuUI.exe

C:\Windows\System\iSIBxYm.exe

C:\Windows\System\iSIBxYm.exe

C:\Windows\System\UBENWhw.exe

C:\Windows\System\UBENWhw.exe

C:\Windows\System\IdfrvnY.exe

C:\Windows\System\IdfrvnY.exe

C:\Windows\System\OBFzTFj.exe

C:\Windows\System\OBFzTFj.exe

C:\Windows\System\WsIwrYV.exe

C:\Windows\System\WsIwrYV.exe

C:\Windows\System\cVuQVxC.exe

C:\Windows\System\cVuQVxC.exe

C:\Windows\System\vIhVGQn.exe

C:\Windows\System\vIhVGQn.exe

C:\Windows\System\AjOiinR.exe

C:\Windows\System\AjOiinR.exe

C:\Windows\System\aFsRNEo.exe

C:\Windows\System\aFsRNEo.exe

C:\Windows\System\SjDFhdh.exe

C:\Windows\System\SjDFhdh.exe

C:\Windows\System\HelrZmk.exe

C:\Windows\System\HelrZmk.exe

C:\Windows\System\XzKjfwE.exe

C:\Windows\System\XzKjfwE.exe

C:\Windows\System\IBnfhVh.exe

C:\Windows\System\IBnfhVh.exe

C:\Windows\System\WsbLvRN.exe

C:\Windows\System\WsbLvRN.exe

C:\Windows\System\KxBFIoA.exe

C:\Windows\System\KxBFIoA.exe

C:\Windows\System\TlccBAr.exe

C:\Windows\System\TlccBAr.exe

C:\Windows\System\NCJxhep.exe

C:\Windows\System\NCJxhep.exe

C:\Windows\System\bFFiqxd.exe

C:\Windows\System\bFFiqxd.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4316,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8

C:\Windows\System\IQIbguz.exe

C:\Windows\System\IQIbguz.exe

C:\Windows\System\vemHXRT.exe

C:\Windows\System\vemHXRT.exe

C:\Windows\System\pqQIDSz.exe

C:\Windows\System\pqQIDSz.exe

C:\Windows\System\JQRMEVY.exe

C:\Windows\System\JQRMEVY.exe

C:\Windows\System\mrAXXxl.exe

C:\Windows\System\mrAXXxl.exe

C:\Windows\System\AjiUfPZ.exe

C:\Windows\System\AjiUfPZ.exe

C:\Windows\System\BNlzgQl.exe

C:\Windows\System\BNlzgQl.exe

C:\Windows\System\kdqTidS.exe

C:\Windows\System\kdqTidS.exe

C:\Windows\System\QvOvsgf.exe

C:\Windows\System\QvOvsgf.exe

C:\Windows\System\OTEJKXv.exe

C:\Windows\System\OTEJKXv.exe

C:\Windows\System\YeHQVxL.exe

C:\Windows\System\YeHQVxL.exe

C:\Windows\System\bEfzVMg.exe

C:\Windows\System\bEfzVMg.exe

C:\Windows\System\XilKqWN.exe

C:\Windows\System\XilKqWN.exe

C:\Windows\System\hFPBBYm.exe

C:\Windows\System\hFPBBYm.exe

C:\Windows\System\DhcwHkE.exe

C:\Windows\System\DhcwHkE.exe

C:\Windows\System\zkwgsge.exe

C:\Windows\System\zkwgsge.exe

C:\Windows\System\oiDWHGu.exe

C:\Windows\System\oiDWHGu.exe

C:\Windows\System\OZkQpRO.exe

C:\Windows\System\OZkQpRO.exe

C:\Windows\System\foWDhUA.exe

C:\Windows\System\foWDhUA.exe

C:\Windows\System\fwbDzJB.exe

C:\Windows\System\fwbDzJB.exe

C:\Windows\System\MNiGGIR.exe

C:\Windows\System\MNiGGIR.exe

C:\Windows\System\MKYrzwv.exe

C:\Windows\System\MKYrzwv.exe

C:\Windows\System\BtfaWYW.exe

C:\Windows\System\BtfaWYW.exe

C:\Windows\System\nqsDYqs.exe

C:\Windows\System\nqsDYqs.exe

C:\Windows\System\wWNgikc.exe

C:\Windows\System\wWNgikc.exe

C:\Windows\System\htkvxYQ.exe

C:\Windows\System\htkvxYQ.exe

C:\Windows\System\YTGHYVR.exe

C:\Windows\System\YTGHYVR.exe

C:\Windows\System\UusCpIS.exe

C:\Windows\System\UusCpIS.exe

C:\Windows\System\GkycqsH.exe

C:\Windows\System\GkycqsH.exe

C:\Windows\System\jLdATgZ.exe

C:\Windows\System\jLdATgZ.exe

C:\Windows\System\zCWHpWx.exe

C:\Windows\System\zCWHpWx.exe

C:\Windows\System\oQNUYoa.exe

C:\Windows\System\oQNUYoa.exe

C:\Windows\System\LIqfeQy.exe

C:\Windows\System\LIqfeQy.exe

C:\Windows\System\HErBYfp.exe

C:\Windows\System\HErBYfp.exe

C:\Windows\System\pRrIRny.exe

C:\Windows\System\pRrIRny.exe

C:\Windows\System\XFJraYI.exe

C:\Windows\System\XFJraYI.exe

C:\Windows\System\RQEIiQz.exe

C:\Windows\System\RQEIiQz.exe

C:\Windows\System\gfUHyZe.exe

C:\Windows\System\gfUHyZe.exe

C:\Windows\System\rVrqbDP.exe

C:\Windows\System\rVrqbDP.exe

C:\Windows\System\pLVAZMF.exe

C:\Windows\System\pLVAZMF.exe

C:\Windows\System\xRBXoqk.exe

C:\Windows\System\xRBXoqk.exe

C:\Windows\System\kpfdcLa.exe

C:\Windows\System\kpfdcLa.exe

C:\Windows\System\jYSbwTB.exe

C:\Windows\System\jYSbwTB.exe

C:\Windows\System\fCeItHM.exe

C:\Windows\System\fCeItHM.exe

C:\Windows\System\gWhYZRV.exe

C:\Windows\System\gWhYZRV.exe

C:\Windows\System\sZwvzZG.exe

C:\Windows\System\sZwvzZG.exe

C:\Windows\System\RKkPqEa.exe

C:\Windows\System\RKkPqEa.exe

C:\Windows\System\WKnvYtw.exe

C:\Windows\System\WKnvYtw.exe

C:\Windows\System\CjprBPf.exe

C:\Windows\System\CjprBPf.exe

C:\Windows\System\amrlTCv.exe

C:\Windows\System\amrlTCv.exe

C:\Windows\System\pQoMKdZ.exe

C:\Windows\System\pQoMKdZ.exe

C:\Windows\System\HQoNfRd.exe

C:\Windows\System\HQoNfRd.exe

C:\Windows\System\HffzVcy.exe

C:\Windows\System\HffzVcy.exe

C:\Windows\System\GMkuQQE.exe

C:\Windows\System\GMkuQQE.exe

C:\Windows\System\tACprPL.exe

C:\Windows\System\tACprPL.exe

C:\Windows\System\LOwqGbx.exe

C:\Windows\System\LOwqGbx.exe

C:\Windows\System\uxIMUrr.exe

C:\Windows\System\uxIMUrr.exe

C:\Windows\System\ItFjQxL.exe

C:\Windows\System\ItFjQxL.exe

C:\Windows\System\cgtMNlh.exe

C:\Windows\System\cgtMNlh.exe

C:\Windows\System\CPEATCl.exe

C:\Windows\System\CPEATCl.exe

C:\Windows\System\GBaqDsl.exe

C:\Windows\System\GBaqDsl.exe

C:\Windows\System\XlCiNzX.exe

C:\Windows\System\XlCiNzX.exe

C:\Windows\System\QlGGnQk.exe

C:\Windows\System\QlGGnQk.exe

C:\Windows\System\ggGQMKc.exe

C:\Windows\System\ggGQMKc.exe

C:\Windows\System\OiIimdd.exe

C:\Windows\System\OiIimdd.exe

C:\Windows\System\cmgqnHY.exe

C:\Windows\System\cmgqnHY.exe

C:\Windows\System\hRsFGIk.exe

C:\Windows\System\hRsFGIk.exe

C:\Windows\System\MOWrnBP.exe

C:\Windows\System\MOWrnBP.exe

C:\Windows\System\aEwGKZo.exe

C:\Windows\System\aEwGKZo.exe

C:\Windows\System\SwLGaXA.exe

C:\Windows\System\SwLGaXA.exe

C:\Windows\System\zvGZZMz.exe

C:\Windows\System\zvGZZMz.exe

C:\Windows\System\jVgrKio.exe

C:\Windows\System\jVgrKio.exe

C:\Windows\System\AIyMoxP.exe

C:\Windows\System\AIyMoxP.exe

C:\Windows\System\lRvTBqL.exe

C:\Windows\System\lRvTBqL.exe

C:\Windows\System\QLvVdJi.exe

C:\Windows\System\QLvVdJi.exe

C:\Windows\System\qeGlgHa.exe

C:\Windows\System\qeGlgHa.exe

C:\Windows\System\TFNklLy.exe

C:\Windows\System\TFNklLy.exe

C:\Windows\System\eqpyvfE.exe

C:\Windows\System\eqpyvfE.exe

C:\Windows\System\gLJxXwc.exe

C:\Windows\System\gLJxXwc.exe

C:\Windows\System\WHaYFjC.exe

C:\Windows\System\WHaYFjC.exe

C:\Windows\System\IXkVzGL.exe

C:\Windows\System\IXkVzGL.exe

C:\Windows\System\OxASAuA.exe

C:\Windows\System\OxASAuA.exe

C:\Windows\System\JPwbgdn.exe

C:\Windows\System\JPwbgdn.exe

C:\Windows\System\EthDEKJ.exe

C:\Windows\System\EthDEKJ.exe

C:\Windows\System\xmvbDat.exe

C:\Windows\System\xmvbDat.exe

C:\Windows\System\EBXOIpX.exe

C:\Windows\System\EBXOIpX.exe

C:\Windows\System\hEgbVIc.exe

C:\Windows\System\hEgbVIc.exe

C:\Windows\System\CUutspi.exe

C:\Windows\System\CUutspi.exe

C:\Windows\System\HCjeGOy.exe

C:\Windows\System\HCjeGOy.exe

C:\Windows\System\kNmpYIT.exe

C:\Windows\System\kNmpYIT.exe

C:\Windows\System\dIXGKHR.exe

C:\Windows\System\dIXGKHR.exe

C:\Windows\System\QBzAmSd.exe

C:\Windows\System\QBzAmSd.exe

C:\Windows\System\BsotsVP.exe

C:\Windows\System\BsotsVP.exe

C:\Windows\System\qHSXcwl.exe

C:\Windows\System\qHSXcwl.exe

C:\Windows\System\oAfaqQF.exe

C:\Windows\System\oAfaqQF.exe

C:\Windows\System\LsWAorN.exe

C:\Windows\System\LsWAorN.exe

C:\Windows\System\bxTpnqO.exe

C:\Windows\System\bxTpnqO.exe

C:\Windows\System\rgBtMRD.exe

C:\Windows\System\rgBtMRD.exe

C:\Windows\System\EKwdYWF.exe

C:\Windows\System\EKwdYWF.exe

C:\Windows\System\wPmNrLM.exe

C:\Windows\System\wPmNrLM.exe

C:\Windows\System\iKsZSTO.exe

C:\Windows\System\iKsZSTO.exe

C:\Windows\System\Qnucbcu.exe

C:\Windows\System\Qnucbcu.exe

C:\Windows\System\RryZNZs.exe

C:\Windows\System\RryZNZs.exe

C:\Windows\System\KewdUmR.exe

C:\Windows\System\KewdUmR.exe

C:\Windows\System\xWnNtQM.exe

C:\Windows\System\xWnNtQM.exe

C:\Windows\System\QNCRkRG.exe

C:\Windows\System\QNCRkRG.exe

C:\Windows\System\orpmOGw.exe

C:\Windows\System\orpmOGw.exe

C:\Windows\System\GgfPpTG.exe

C:\Windows\System\GgfPpTG.exe

C:\Windows\System\vNHbUIg.exe

C:\Windows\System\vNHbUIg.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/3332-0-0x00007FF681300000-0x00007FF681654000-memory.dmp

memory/3332-1-0x00000290829E0000-0x00000290829F0000-memory.dmp

C:\Windows\System\XWiFqkk.exe

MD5 6d15e3059e531a549e4d1c347aa36ca6
SHA1 5cb028716ca6db0f12d7eb319b5d9a106a915a64
SHA256 d09cc78afdc5c7ebfd2f0270a37cf55ef4e50212145c18eedd822c739897b947
SHA512 a30613f885b0d04f9fadf0a66d929d81328e07813466367861cc38200881f74c7cbc71e01ebc74018d1b248d51c5c73585c343f17e2119dff2585a1c93c164ba

C:\Windows\System\dykZUNm.exe

MD5 a4c7e7898e361bded8084cb4b170601d
SHA1 9989cc18466cdccca3bba73be21555ad8bc4aacf
SHA256 b4d6c6a6fc17a1f2ceecb542766c62b755a684f4d9963240eb3b1cb20cb28d9e
SHA512 57ed48c2e98b3460f9a08682c9213ebce9db4221d722e01982d66feb93e5afdad2e59789c84202743ed2b9145c2e6b91adad55b196a000e7a0c94255c3f36bc7

C:\Windows\System\xeQBSrj.exe

MD5 2c1ca5757d11f9ac5d5adc23d6feaf98
SHA1 6ad7642fedd726d4d49d761aa0c9e4d695db0d76
SHA256 9667d98c2a59e6c18951a1a3f4120819456fb9a061d374f67886a8e535a2b2fe
SHA512 a3636c4ebc0664ef471c416c7e193e5b6006859fee0dc9e099deba3b70acdfd909aed3752c6098c7e4fc31c281c09d72bc0147738d2cc0786d1795e27bc16ea9

C:\Windows\System\YaagWza.exe

MD5 aa0cb35ff7cc448b0668ad5472968ae4
SHA1 5f745e355518cc69303006bfaee078152cf46b90
SHA256 f904615dbe41e5d0cf01bafb2c48a73b819d8d9348a0c2fca9de88d122497420
SHA512 9fdca6eaf98797c973c1d445938a6768f7284d2a61d49976d24d2e55ed61c8219c1b8444d838ad034ffd43a8fb171f96c93cbd0ec0ad3296c42d5c4d0ffc650a

C:\Windows\System\nuDEzPp.exe

MD5 ad66338ec01d679ecd83fbe72be059d6
SHA1 f8a8b6f828ba466e9744806f1d8cc753b19f7ceb
SHA256 af8abedd0e450ce38ac670c31b7648b47a5116de84cd03956c0cdaa204a3d351
SHA512 10f9ac75e5bf6d2388b42ee5a3dd5ee09eade6b83c80295a0db0deccd8a6fe87f8d9f8a4a534ca8b3b3d9fb54785803e7cdb07c7efe8d520edfb68c3273138d8

C:\Windows\System\mMYtCwQ.exe

MD5 08d93384dc34be102f472c89b860fc7f
SHA1 daa416e30ca1faacee00e53b58f4c27b5f8c9d7f
SHA256 f375e1bd25bfa0d40f073651c0e52ec0582126805b051cfff43ab6441ddb66fc
SHA512 c964f1a32d3aba852e5581f16adc813323c2d833fa14c64d7e0d4a2538fc3d90b6078fda7416dd6d4f8122b7bcb50056fe95c5e049721b816ab502af45ed60b8

C:\Windows\System\DfHSRnL.exe

MD5 fca3c0c8661c0a30383ec9a02fee4fc5
SHA1 7dcaa0ea10b573e5723e318578e7a8b55982d0ae
SHA256 770f77b34afec7c9c4c173cc56048ff5c5901430ed61f36e3717360431a029fa
SHA512 ffe63808fd91aab42aa017e2f98e1e97426cd1f94192a656ce19b3acadbbf495471344425c3c30efb62ccaeb3befced7740da3c5e4a3e7fe4f77c3302df7cae4

C:\Windows\System\fCnCHwr.exe

MD5 c625bbb8f04e35ce64eaf1aede0cf035
SHA1 b972157ca21cdd25982063d6338dbe9c7813aec7
SHA256 5c8418552c699b7bd96a8c54412dd948c3d797e39c70c49deb012c60e19bc987
SHA512 f6ca984875d0c1976446845895229327b91e8f8c7c2efccd02c87dd41e86aab7174be63940fcbc1e94c059a93db24cc5bb8064df9f45166becfe847a7ee42029

C:\Windows\System\JgOwaFB.exe

MD5 c3415729d09ce6db2e775a0f0551891d
SHA1 3af0cc6b5e258f529160bd0c57c11c87e3f7d8d3
SHA256 04ed7175679943f1a9987dcaf0fa82b9367cf404ff0b6adbd3f11de6cc9da7c2
SHA512 d321fcc2881f1e858cb1449f3b08369b0311ef8855d2d74c12fa06933fccb3a98cc1aa9509a96952671572e9adc3931de0a3dd6489078a093817ac3a9568374a

C:\Windows\System\rpCEshm.exe

MD5 5f130cf70e88e0542e74d03c3540724f
SHA1 3d505543708c4d489d2b8b332116a0a9cd6c6445
SHA256 3dbf325a254623dbaef51b9f3d78a0b8dd9f1bcb658e49d145bc416bb2b3012f
SHA512 31a2063c0fce715aaedeb81d7ae4808d3c30639f0dde42e0fcd509c34af8d988657b9f07241d2caf4d3a7e288edeaa5f1f471e3ff939c5219ea2b4752e72a258

memory/2152-712-0x00007FF716470000-0x00007FF7167C4000-memory.dmp

memory/388-714-0x00007FF6D20F0000-0x00007FF6D2444000-memory.dmp

memory/2524-713-0x00007FF706E40000-0x00007FF707194000-memory.dmp

memory/3464-715-0x00007FF70D070000-0x00007FF70D3C4000-memory.dmp

C:\Windows\System\GwSpCYq.exe

MD5 2dc0551b1859e25b7819ada228aef239
SHA1 132f0f5feddc2b31d8a61c5059adbcab394ceb40
SHA256 9f657dc189ebf023e8578ea146002a2df82d280acd381aa8544cac0789c1685a
SHA512 f480d364d1b3b479dfb28f989a88316d0fdfd3573531454db913c46c0e8e3b4caa192d95080a96c80aba6458296bbe87940d29ca7160c3e0fab583c07e579b42

C:\Windows\System\MumjBGq.exe

MD5 d33b0f241853704923eb2e351f506adc
SHA1 6f7aae19ac9b5c8d399701c3faab7a0b5626a937
SHA256 e94251cf5088ae06172062724c48aab226f4f81dcb74570c808374704248e632
SHA512 b73ef331061f8f89827e9fb03b4150e1e4c32c6b182ed9c0af3180f71d295548e929b1fb86bc02ccca785f21b244755e1b504f81ef5e96fe55734368ef06eaf7

C:\Windows\System\eJTJWEN.exe

MD5 8063cc7f65f69b8975ff60e0f64c6dc4
SHA1 a1daffe0dee00b41f198e3aabb742a0e1d6e6ec8
SHA256 e819475f7d26010a12c29b442f9354a745118f1278d39f25c093bd6525f8ff2f
SHA512 e7b9e847aa03b2aaa7f8f8c6d85565ea46a4c8a58ad0de5b1bf63b6fc0b4dc20aea1f17aee6dec9c2c0eb6d67796ced476b4234784a312bb54aba1a7f8ce853e

C:\Windows\System\fCkZVvG.exe

MD5 f20037a2ddef11728153f09b4aa6faa9
SHA1 3c161d89723394a676e13cc43424b5ecff483984
SHA256 05c362f699d02882d7f99e03e5fababba8402a0b81c8d7bcdd9405db47d822c2
SHA512 f3659e36782911255fe9f8eb4a46c6936564301a1d83873abebe1795c7eb368b79d136a7a4a88e2e5cf443a8845d93d016f5824478eed35ca2e6ffad86e42c33

C:\Windows\System\MoJQosl.exe

MD5 c9b6ab4acc3985f4fa4417268c0c2721
SHA1 4da8be69349e9ec69a18b180535b086c9de7f4b9
SHA256 69bb6d2f9be0603e91271c9e794a347b3b0037819008b146e987e9e4958ac34e
SHA512 5b6b634eb29abd040fde93fa10b5dd6b0b1f70fa16f3dd17b131ad35edd00cb50795eef65eff802d797da9a6d0262837b7a85d4a6668d7e0f26fb3b2377c7c08

C:\Windows\System\KiJtiFc.exe

MD5 f89c55c8e76d40e2a9d6a276a47eac15
SHA1 cd6984a13674cf377a11484510791d114bb5974c
SHA256 beb159fb6ab6eb6b3f04827a2c032e75e9b52398f4a771cf9cc62e1b41485234
SHA512 7ba12e95a6b9b0dde9b2c7c793ea8e17cf7981d05b3239f61ff9ee39631c984ea96dc03f8c34fb2faecb1e1e4bd09fe11e4af3f1e9d0591ab109dc99750818c4

C:\Windows\System\NChNWLN.exe

MD5 33736ddf4e9ae9776477b0b6318cfd58
SHA1 cf05487081b894913fe4cd8ac80d18792c798304
SHA256 1e436a96bbd359834c6ffd84b15c300ab8d530a852ee5debdf5974c3d81702da
SHA512 8cd066b20106f2b27298bfa8641264c36a9744701098dc037b601c6cf0dd3daee28b73852f1b4a9cb84e0afcbb70433c72e5012561a37935ba91ffe9f0eb56ad

C:\Windows\System\VhtXDeH.exe

MD5 0089236c476ddebbe6f9b90f403cb74d
SHA1 d1b650f2e07ed653ba9a16f17a43c538cb1aa859
SHA256 c11dff80895983a0aa50fa887830d779a0c2264880f78bddc6bbbaa8cc750725
SHA512 a04e94caa79822eebb30a9e9976ef07752e575578f88fb6f2d1de3a5091025e5f366e11dab2ec26a425b5a54bafc4427d35b4ddb23ca2eab609de3023796962c

C:\Windows\System\UcPbpJA.exe

MD5 1b6faf745de0fffb9e669a3196b0fc47
SHA1 c3881e4c3fabc42c93e03cfeb0965f0f7a13b9ef
SHA256 a3a0f4625efc2e0ee56633152a1d68d3118cc43918dbfec5eceb5bea3cecd7a9
SHA512 61204a1ed55b829d749bbac00945735bb132f7497c1be7c72607b23bb4b549d253406189f5996d34749be6a0af7eb092be7cd4c340d9f2a090563064d73c94c8

C:\Windows\System\VqtmdtM.exe

MD5 9987f8b802c48164b9f3ec351c499594
SHA1 5d3180161a01a91eec5a108cbe7226b2571f40cd
SHA256 9a83413c0396b34c2c86e7271ea7d468c7b6419f188c1b28e6cd1c09515c6ff7
SHA512 249dc9dfda15776401ec118b0e258162bd3744581ac90f54063ef34e71d135c0a337cd8c3747acdebf6ba19d0f90cd80b47ceb20b64eb305a0527e21510a499b

C:\Windows\System\LqViGBd.exe

MD5 c7b70b8615396520d1979e757474e17e
SHA1 1c978852c8d614a455778ce8d2aa407b4e3d3555
SHA256 6ad1f17cfda08bff4a6691506835f92ab4534c268babf9357c2e38c7d0396b94
SHA512 93881871908603b34bcd43af4fd47f777d7b984293349c41724daa39bd73b04d0c5969ae9bfe38050200f0602f4cc27a631ed613f79824db4e2e843ef83d098a

C:\Windows\System\vLwKinh.exe

MD5 292e9413f48eccf8695e83acb0160405
SHA1 ddb2dbccefc34e65a6a947121917cb097c02f5e6
SHA256 413531ecd27e5f3830b0a02551924f15bdc4b9803cd23456adcdfe73c24edaca
SHA512 7ec10e141d176f243f01667ab4223197a69bbda845dfac0c0dc1e71dafdcf402e28b2acf1365797ffe2596d72182b5b986e0a5767c258564ba12483e196d6f58

C:\Windows\System\cTjmpSp.exe

MD5 087ca51619d894a396f8d221184354e9
SHA1 23c58cb065e7e6526831b6d8d36a6d0206e397a5
SHA256 83a292c083a4a7b44e2e9ff1adcb6c11538e16b1809ee5f1361a511ed4b37170
SHA512 7f2e1922b1bd49cc3ea7f4d47a24529f9e7ee221b1b3994d09a8fa364dfd6b8ea4ac268e4233999a5d01fc87c0143da04199fc4392c04d92523268b56c054bc2

memory/2656-716-0x00007FF6DD6D0000-0x00007FF6DDA24000-memory.dmp

C:\Windows\System\rnbfSAc.exe

MD5 9d427818e8735d93a9838aadcd298fd2
SHA1 ecfb2be069260262722db570b73448495514907a
SHA256 22107bfad41cd81d37898519ce1897fcf01d7a0f04981b0d902b1e7221a2f3c6
SHA512 2bc1d35676a5d3f128472d9dc09ea18f48c5b1ed0f8241212976b2b7168864ed2beb8ca2d8c03944336e2f7d3a4893ce3a688a39d28204cf6194ba5420e31847

memory/2416-717-0x00007FF654640000-0x00007FF654994000-memory.dmp

C:\Windows\System\zitzoit.exe

MD5 f8fc74e89644f9dc005dce790ce75398
SHA1 b56f4ab8d5c037e45c3af7ccbfda14cb5b092914
SHA256 8a9ff9126238c9b949a7d497c5efaef88d9ce45411c9d468bcb857e823503ec4
SHA512 af36bcc49786e21c523f3194de1d17353b90c779f7fb774becc605ef98e0987badb09579aad2f9873b5b95dc414a1dbf42cf2f63aaa654a2856215abdc83b5f5

C:\Windows\System\IpdUCyq.exe

MD5 d6087d4f9192a8a6b594c262661704ee
SHA1 2901accbb92a58fe6c15d7c4a98dd4796c20de8b
SHA256 a93261731c6a2c9ded917f5f16e8125009247ea280d399db93f49fbe017b2b77
SHA512 8fe2d75071bd3cd3e99087b40da58cc50a3448d3a0624ed008ede0f0190f863b7b1a07aa4e2eb1fa56d3b005a6d4c780f9afd7e31a934f808369929265346a28

C:\Windows\System\CMzZVwK.exe

MD5 e0d9a662d04c4f0b9f970f0fa1a40411
SHA1 00a5193d19fdd34c27f54ba7e5af00d387987c48
SHA256 3e97ce1862fca1f32c4781c443656f93a4196b8e08000a7bbd303a6d07ed3063
SHA512 b9e2f5217fd27ff85340bb493e30720f9f899787dd263cac9fc80e320234f8f1db0aadfec039ea5c556a8b7b8e2653eef0821cd2577c6cb093f99498b27620a0

C:\Windows\System\rLavhro.exe

MD5 4575ea2f12eb919308ba51be4febd3de
SHA1 635c50367cbd2eeba37ceed83a38e9e69040d4a7
SHA256 0188860be54d4b15d0ee58675ffa5c54b54b48aaf9fe9682ab52dc05dd65cecd
SHA512 de46a582640544d863a27b007daa860dc4f73208d332a22fbe96b99d3e399cc6df046767e825dfe2c10e86a9c0cb1d35f057fa53f646a57d3f869277921008e5

C:\Windows\System\cVXWEJY.exe

MD5 2a99236e783ea78b27791b624355dabc
SHA1 370f5dda3f83ee30832e4519b95756ae6055be3f
SHA256 03d8905c1afbcaf57e516c4ee4b739a2e35a0b6d875d2095566412d5f784315a
SHA512 19a41e76a793de45da34171c1148d4fbfbebb16d470c70416efe7fc629043788dcc0ffcd0ac4568e700f6c842bb779321cfaa36cbd94b7bd08be6b37e58b9d7c

C:\Windows\System\TZQkdFb.exe

MD5 2742df13d872b71ac738f187dec2f8cc
SHA1 e7e7f943e5d5473f2a34343e954649b15730619c
SHA256 1c35045a1fe62a0b65e8072ee49cf05fc4f29d100f221c5a9e412dbf498c7e88
SHA512 c694da7dcb1159b9a0f03670ec0d8a57f06fe3f96916b4f804614279fe6c93ebae473f516b821f4aa58b4acc2dd846e7c47173bc2322f6629967bd3ed061906e

C:\Windows\System\RsnGueP.exe

MD5 fcc05095855c2618ef96039ebc21a5b7
SHA1 8d9af5d54a441798c42243c94d67d835ff43f526
SHA256 2d1697c287676c88e839213940f9d1f4818bee6eb047ee0fe5cb7104d3304b4e
SHA512 262e71a429f8a606825c6479681998b0d53a031d26d0b04b5f221720f86f7c96575e53b30c2c8f13381bf2f6fa95c2ae18f28728802de363c321efb78e6585da

C:\Windows\System\jJHGZWQ.exe

MD5 b40519d50ccf83c7c4a74e7ff1e675ac
SHA1 affda86462f9c899bcf6869685198adf403b2d93
SHA256 8425bfd5a422d1706cb37298f7801bde5a9a5b44580fb7c36218f709c6a1608a
SHA512 dac824993cfb0277fe805d49dc4b1fdafab6961265577478430dc7e343ed1f4ad5cd94ed51c47dd1b5be3f9832868682197681a1478b213e2d9d46d8b884257b

C:\Windows\System\GtYHZXT.exe

MD5 0fa1c7bc7cfa324335b38ebee8772b27
SHA1 d9332874e7f29cbb8a91cf8a4a3528f212eac30a
SHA256 5f45c2097afd107f2f9ad54c8c7f01b1b6684b33c2ff23e42c19f1e59b49516e
SHA512 ef49939e6ffbc3b128182cab9e7c29f0416044f2d04bbb9b25d2993939cb7a9b7c47692b94c2525cffaa084a048190ce28d7f66b80cf0adce347f0a360afc41f

memory/1380-22-0x00007FF72BE00000-0x00007FF72C154000-memory.dmp

memory/3028-27-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp

memory/4504-11-0x00007FF6FF950000-0x00007FF6FFCA4000-memory.dmp

memory/4076-718-0x00007FF77A7F0000-0x00007FF77AB44000-memory.dmp

memory/5048-741-0x00007FF6B6AD0000-0x00007FF6B6E24000-memory.dmp

memory/3132-754-0x00007FF7E7190000-0x00007FF7E74E4000-memory.dmp

memory/2012-747-0x00007FF7C5C70000-0x00007FF7C5FC4000-memory.dmp

memory/3560-763-0x00007FF624B00000-0x00007FF624E54000-memory.dmp

memory/1480-780-0x00007FF66B740000-0x00007FF66BA94000-memory.dmp

memory/3536-786-0x00007FF7F8420000-0x00007FF7F8774000-memory.dmp

memory/2888-804-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp

memory/532-800-0x00007FF784AA0000-0x00007FF784DF4000-memory.dmp

memory/4916-795-0x00007FF6F0250000-0x00007FF6F05A4000-memory.dmp

memory/4492-811-0x00007FF7A8E60000-0x00007FF7A91B4000-memory.dmp

memory/4772-814-0x00007FF7D0440000-0x00007FF7D0794000-memory.dmp

memory/1384-816-0x00007FF7AD440000-0x00007FF7AD794000-memory.dmp

memory/828-817-0x00007FF7E8790000-0x00007FF7E8AE4000-memory.dmp

memory/5088-815-0x00007FF7755A0000-0x00007FF7758F4000-memory.dmp

memory/1696-783-0x00007FF6BD220000-0x00007FF6BD574000-memory.dmp

memory/772-775-0x00007FF6A49A0000-0x00007FF6A4CF4000-memory.dmp

memory/3384-774-0x00007FF627320000-0x00007FF627674000-memory.dmp

memory/1436-731-0x00007FF7D9610000-0x00007FF7D9964000-memory.dmp

memory/2800-726-0x00007FF695D10000-0x00007FF696064000-memory.dmp

memory/3332-1069-0x00007FF681300000-0x00007FF681654000-memory.dmp

memory/4504-1070-0x00007FF6FF950000-0x00007FF6FFCA4000-memory.dmp

memory/1380-1071-0x00007FF72BE00000-0x00007FF72C154000-memory.dmp

memory/3028-1072-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp

memory/4504-1073-0x00007FF6FF950000-0x00007FF6FFCA4000-memory.dmp

memory/2524-1074-0x00007FF706E40000-0x00007FF707194000-memory.dmp

memory/1380-1075-0x00007FF72BE00000-0x00007FF72C154000-memory.dmp

memory/388-1077-0x00007FF6D20F0000-0x00007FF6D2444000-memory.dmp

memory/828-1078-0x00007FF7E8790000-0x00007FF7E8AE4000-memory.dmp

memory/2152-1076-0x00007FF716470000-0x00007FF7167C4000-memory.dmp

memory/2656-1081-0x00007FF6DD6D0000-0x00007FF6DDA24000-memory.dmp

memory/3464-1097-0x00007FF70D070000-0x00007FF70D3C4000-memory.dmp

memory/2888-1100-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp

memory/5088-1099-0x00007FF7755A0000-0x00007FF7758F4000-memory.dmp

memory/4492-1098-0x00007FF7A8E60000-0x00007FF7A91B4000-memory.dmp

memory/4772-1096-0x00007FF7D0440000-0x00007FF7D0794000-memory.dmp

memory/4076-1095-0x00007FF77A7F0000-0x00007FF77AB44000-memory.dmp

memory/2416-1094-0x00007FF654640000-0x00007FF654994000-memory.dmp

memory/2800-1093-0x00007FF695D10000-0x00007FF696064000-memory.dmp

memory/5048-1092-0x00007FF6B6AD0000-0x00007FF6B6E24000-memory.dmp

memory/1436-1091-0x00007FF7D9610000-0x00007FF7D9964000-memory.dmp

memory/3132-1090-0x00007FF7E7190000-0x00007FF7E74E4000-memory.dmp

memory/3560-1089-0x00007FF624B00000-0x00007FF624E54000-memory.dmp

memory/3384-1088-0x00007FF627320000-0x00007FF627674000-memory.dmp

memory/772-1087-0x00007FF6A49A0000-0x00007FF6A4CF4000-memory.dmp

memory/1480-1086-0x00007FF66B740000-0x00007FF66BA94000-memory.dmp

memory/3536-1084-0x00007FF7F8420000-0x00007FF7F8774000-memory.dmp

memory/4916-1083-0x00007FF6F0250000-0x00007FF6F05A4000-memory.dmp

memory/532-1082-0x00007FF784AA0000-0x00007FF784DF4000-memory.dmp

memory/2012-1080-0x00007FF7C5C70000-0x00007FF7C5FC4000-memory.dmp

memory/1696-1085-0x00007FF6BD220000-0x00007FF6BD574000-memory.dmp

memory/3028-1079-0x00007FF79B860000-0x00007FF79BBB4000-memory.dmp

memory/1384-1101-0x00007FF7AD440000-0x00007FF7AD794000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 05:32

Reported

2024-06-04 05:35

Platform

win7-20240419-en

Max time kernel

143s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TmGZfJs.exe N/A
N/A N/A C:\Windows\System\kvWtQQu.exe N/A
N/A N/A C:\Windows\System\yaxWBYh.exe N/A
N/A N/A C:\Windows\System\EcuTLpH.exe N/A
N/A N/A C:\Windows\System\QuVDcTv.exe N/A
N/A N/A C:\Windows\System\FRWxlam.exe N/A
N/A N/A C:\Windows\System\cvbnYbq.exe N/A
N/A N/A C:\Windows\System\uGAuDDj.exe N/A
N/A N/A C:\Windows\System\PGURbMa.exe N/A
N/A N/A C:\Windows\System\yRoIuPw.exe N/A
N/A N/A C:\Windows\System\XLGJequ.exe N/A
N/A N/A C:\Windows\System\cjbRKOP.exe N/A
N/A N/A C:\Windows\System\BCPDkVJ.exe N/A
N/A N/A C:\Windows\System\xNjUqSg.exe N/A
N/A N/A C:\Windows\System\YuXqfqF.exe N/A
N/A N/A C:\Windows\System\DoOcRha.exe N/A
N/A N/A C:\Windows\System\uqwfCjW.exe N/A
N/A N/A C:\Windows\System\gSOgmqc.exe N/A
N/A N/A C:\Windows\System\jhnQKNN.exe N/A
N/A N/A C:\Windows\System\rtjhzzY.exe N/A
N/A N/A C:\Windows\System\AxVLyqE.exe N/A
N/A N/A C:\Windows\System\TvzWQEJ.exe N/A
N/A N/A C:\Windows\System\TxibZAe.exe N/A
N/A N/A C:\Windows\System\vbrBxeU.exe N/A
N/A N/A C:\Windows\System\ierJKrG.exe N/A
N/A N/A C:\Windows\System\yTDidwX.exe N/A
N/A N/A C:\Windows\System\KlLwLFl.exe N/A
N/A N/A C:\Windows\System\qTzykGq.exe N/A
N/A N/A C:\Windows\System\FLEgIUY.exe N/A
N/A N/A C:\Windows\System\Etkpkem.exe N/A
N/A N/A C:\Windows\System\otypMIy.exe N/A
N/A N/A C:\Windows\System\tzPcUMV.exe N/A
N/A N/A C:\Windows\System\WmxLGFa.exe N/A
N/A N/A C:\Windows\System\xyBGCcu.exe N/A
N/A N/A C:\Windows\System\gYEnroP.exe N/A
N/A N/A C:\Windows\System\lTypSsx.exe N/A
N/A N/A C:\Windows\System\iZyQcKA.exe N/A
N/A N/A C:\Windows\System\UuHjhXI.exe N/A
N/A N/A C:\Windows\System\KeeVBjJ.exe N/A
N/A N/A C:\Windows\System\wzFXcKm.exe N/A
N/A N/A C:\Windows\System\ZFlPMBX.exe N/A
N/A N/A C:\Windows\System\EMsbiFx.exe N/A
N/A N/A C:\Windows\System\BQOFiAK.exe N/A
N/A N/A C:\Windows\System\eLjJjRI.exe N/A
N/A N/A C:\Windows\System\QCtuckf.exe N/A
N/A N/A C:\Windows\System\YsQstjv.exe N/A
N/A N/A C:\Windows\System\IMyYTEJ.exe N/A
N/A N/A C:\Windows\System\WpTeIzx.exe N/A
N/A N/A C:\Windows\System\xKjsfol.exe N/A
N/A N/A C:\Windows\System\yxpmzdh.exe N/A
N/A N/A C:\Windows\System\pPiFCnt.exe N/A
N/A N/A C:\Windows\System\jxNrTzr.exe N/A
N/A N/A C:\Windows\System\pLDqWpl.exe N/A
N/A N/A C:\Windows\System\rORwcKI.exe N/A
N/A N/A C:\Windows\System\KgNDrTa.exe N/A
N/A N/A C:\Windows\System\ObEYsKy.exe N/A
N/A N/A C:\Windows\System\QeYEzHQ.exe N/A
N/A N/A C:\Windows\System\GyOODBX.exe N/A
N/A N/A C:\Windows\System\AUiTbBF.exe N/A
N/A N/A C:\Windows\System\SdVWdEJ.exe N/A
N/A N/A C:\Windows\System\UvsNzjt.exe N/A
N/A N/A C:\Windows\System\KXtVCgG.exe N/A
N/A N/A C:\Windows\System\BSrHZSo.exe N/A
N/A N/A C:\Windows\System\mLvirLd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FRWxlam.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXaMQqY.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\JyPplPg.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DuBnryx.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxyTewU.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DuaIiez.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTypSsx.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\siwXYcz.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXtmVmp.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCsPDyA.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ciuYmFo.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTmrbkN.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADJBuBk.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\UiGHoPW.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSOgmqc.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\euWLLbP.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCAnSMV.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\StLuGur.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDYkxci.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFCQyji.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYDvDnI.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\Awrtsrw.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPWPUJQ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\pAOdzJJ.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gYEnroP.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMsbiFx.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\oulvDgf.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SnJIoOo.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXxwtZV.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtWJhVF.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWtvmqI.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\PuCKbrr.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQsgmqg.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFlPMBX.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQOFiAK.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCtuckf.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\PoyJTOv.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxgghVr.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKjsfol.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyTHESj.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\VXzdSwj.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjcrsWa.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVINiDC.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQhmRdA.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQLUruO.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCsFYfb.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdixzBw.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wFxXAfy.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\iibzpZl.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\Hpzvtgk.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\TxibZAe.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUiTbBF.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjUklwN.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WolurKW.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKHwDqg.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QaJvKmi.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoOcRha.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKHtagA.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFsCZAe.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEwJemf.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\owfQZYG.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVHLxIu.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhXvHwI.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
File created C:\Windows\System\idFLOYh.exe C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TmGZfJs.exe
PID 1996 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TmGZfJs.exe
PID 1996 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TmGZfJs.exe
PID 1996 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\kvWtQQu.exe
PID 1996 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\kvWtQQu.exe
PID 1996 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\kvWtQQu.exe
PID 1996 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uGAuDDj.exe
PID 1996 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uGAuDDj.exe
PID 1996 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uGAuDDj.exe
PID 1996 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yaxWBYh.exe
PID 1996 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yaxWBYh.exe
PID 1996 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yaxWBYh.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\XLGJequ.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\XLGJequ.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\XLGJequ.exe
PID 1996 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\EcuTLpH.exe
PID 1996 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\EcuTLpH.exe
PID 1996 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\EcuTLpH.exe
PID 1996 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cjbRKOP.exe
PID 1996 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cjbRKOP.exe
PID 1996 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cjbRKOP.exe
PID 1996 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\QuVDcTv.exe
PID 1996 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\QuVDcTv.exe
PID 1996 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\QuVDcTv.exe
PID 1996 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\BCPDkVJ.exe
PID 1996 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\BCPDkVJ.exe
PID 1996 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\BCPDkVJ.exe
PID 1996 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\FRWxlam.exe
PID 1996 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\FRWxlam.exe
PID 1996 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\FRWxlam.exe
PID 1996 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\xNjUqSg.exe
PID 1996 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\xNjUqSg.exe
PID 1996 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\xNjUqSg.exe
PID 1996 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cvbnYbq.exe
PID 1996 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cvbnYbq.exe
PID 1996 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\cvbnYbq.exe
PID 1996 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\YuXqfqF.exe
PID 1996 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\YuXqfqF.exe
PID 1996 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\YuXqfqF.exe
PID 1996 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\PGURbMa.exe
PID 1996 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\PGURbMa.exe
PID 1996 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\PGURbMa.exe
PID 1996 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\DoOcRha.exe
PID 1996 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\DoOcRha.exe
PID 1996 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\DoOcRha.exe
PID 1996 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yRoIuPw.exe
PID 1996 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yRoIuPw.exe
PID 1996 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\yRoIuPw.exe
PID 1996 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\jhnQKNN.exe
PID 1996 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\jhnQKNN.exe
PID 1996 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\jhnQKNN.exe
PID 1996 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uqwfCjW.exe
PID 1996 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uqwfCjW.exe
PID 1996 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\uqwfCjW.exe
PID 1996 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rtjhzzY.exe
PID 1996 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rtjhzzY.exe
PID 1996 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\rtjhzzY.exe
PID 1996 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\gSOgmqc.exe
PID 1996 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\gSOgmqc.exe
PID 1996 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\gSOgmqc.exe
PID 1996 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\AxVLyqE.exe
PID 1996 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\AxVLyqE.exe
PID 1996 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\AxVLyqE.exe
PID 1996 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe C:\Windows\System\TvzWQEJ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\330f5d12eceb1ea21cfc93835851d020_NeikiAnalytics.exe"

C:\Windows\System\TmGZfJs.exe

C:\Windows\System\TmGZfJs.exe

C:\Windows\System\kvWtQQu.exe

C:\Windows\System\kvWtQQu.exe

C:\Windows\System\uGAuDDj.exe

C:\Windows\System\uGAuDDj.exe

C:\Windows\System\yaxWBYh.exe

C:\Windows\System\yaxWBYh.exe

C:\Windows\System\XLGJequ.exe

C:\Windows\System\XLGJequ.exe

C:\Windows\System\EcuTLpH.exe

C:\Windows\System\EcuTLpH.exe

C:\Windows\System\cjbRKOP.exe

C:\Windows\System\cjbRKOP.exe

C:\Windows\System\QuVDcTv.exe

C:\Windows\System\QuVDcTv.exe

C:\Windows\System\BCPDkVJ.exe

C:\Windows\System\BCPDkVJ.exe

C:\Windows\System\FRWxlam.exe

C:\Windows\System\FRWxlam.exe

C:\Windows\System\xNjUqSg.exe

C:\Windows\System\xNjUqSg.exe

C:\Windows\System\cvbnYbq.exe

C:\Windows\System\cvbnYbq.exe

C:\Windows\System\YuXqfqF.exe

C:\Windows\System\YuXqfqF.exe

C:\Windows\System\PGURbMa.exe

C:\Windows\System\PGURbMa.exe

C:\Windows\System\DoOcRha.exe

C:\Windows\System\DoOcRha.exe

C:\Windows\System\yRoIuPw.exe

C:\Windows\System\yRoIuPw.exe

C:\Windows\System\jhnQKNN.exe

C:\Windows\System\jhnQKNN.exe

C:\Windows\System\uqwfCjW.exe

C:\Windows\System\uqwfCjW.exe

C:\Windows\System\rtjhzzY.exe

C:\Windows\System\rtjhzzY.exe

C:\Windows\System\gSOgmqc.exe

C:\Windows\System\gSOgmqc.exe

C:\Windows\System\AxVLyqE.exe

C:\Windows\System\AxVLyqE.exe

C:\Windows\System\TvzWQEJ.exe

C:\Windows\System\TvzWQEJ.exe

C:\Windows\System\TxibZAe.exe

C:\Windows\System\TxibZAe.exe

C:\Windows\System\vbrBxeU.exe

C:\Windows\System\vbrBxeU.exe

C:\Windows\System\ierJKrG.exe

C:\Windows\System\ierJKrG.exe

C:\Windows\System\yTDidwX.exe

C:\Windows\System\yTDidwX.exe

C:\Windows\System\KlLwLFl.exe

C:\Windows\System\KlLwLFl.exe

C:\Windows\System\qTzykGq.exe

C:\Windows\System\qTzykGq.exe

C:\Windows\System\FLEgIUY.exe

C:\Windows\System\FLEgIUY.exe

C:\Windows\System\Etkpkem.exe

C:\Windows\System\Etkpkem.exe

C:\Windows\System\otypMIy.exe

C:\Windows\System\otypMIy.exe

C:\Windows\System\tzPcUMV.exe

C:\Windows\System\tzPcUMV.exe

C:\Windows\System\WmxLGFa.exe

C:\Windows\System\WmxLGFa.exe

C:\Windows\System\xyBGCcu.exe

C:\Windows\System\xyBGCcu.exe

C:\Windows\System\gYEnroP.exe

C:\Windows\System\gYEnroP.exe

C:\Windows\System\lTypSsx.exe

C:\Windows\System\lTypSsx.exe

C:\Windows\System\iZyQcKA.exe

C:\Windows\System\iZyQcKA.exe

C:\Windows\System\UuHjhXI.exe

C:\Windows\System\UuHjhXI.exe

C:\Windows\System\KeeVBjJ.exe

C:\Windows\System\KeeVBjJ.exe

C:\Windows\System\wzFXcKm.exe

C:\Windows\System\wzFXcKm.exe

C:\Windows\System\ZFlPMBX.exe

C:\Windows\System\ZFlPMBX.exe

C:\Windows\System\EMsbiFx.exe

C:\Windows\System\EMsbiFx.exe

C:\Windows\System\BQOFiAK.exe

C:\Windows\System\BQOFiAK.exe

C:\Windows\System\eLjJjRI.exe

C:\Windows\System\eLjJjRI.exe

C:\Windows\System\QCtuckf.exe

C:\Windows\System\QCtuckf.exe

C:\Windows\System\YsQstjv.exe

C:\Windows\System\YsQstjv.exe

C:\Windows\System\IMyYTEJ.exe

C:\Windows\System\IMyYTEJ.exe

C:\Windows\System\WpTeIzx.exe

C:\Windows\System\WpTeIzx.exe

C:\Windows\System\xKjsfol.exe

C:\Windows\System\xKjsfol.exe

C:\Windows\System\yxpmzdh.exe

C:\Windows\System\yxpmzdh.exe

C:\Windows\System\pPiFCnt.exe

C:\Windows\System\pPiFCnt.exe

C:\Windows\System\jxNrTzr.exe

C:\Windows\System\jxNrTzr.exe

C:\Windows\System\pLDqWpl.exe

C:\Windows\System\pLDqWpl.exe

C:\Windows\System\rORwcKI.exe

C:\Windows\System\rORwcKI.exe

C:\Windows\System\KgNDrTa.exe

C:\Windows\System\KgNDrTa.exe

C:\Windows\System\ObEYsKy.exe

C:\Windows\System\ObEYsKy.exe

C:\Windows\System\QeYEzHQ.exe

C:\Windows\System\QeYEzHQ.exe

C:\Windows\System\GyOODBX.exe

C:\Windows\System\GyOODBX.exe

C:\Windows\System\AUiTbBF.exe

C:\Windows\System\AUiTbBF.exe

C:\Windows\System\SdVWdEJ.exe

C:\Windows\System\SdVWdEJ.exe

C:\Windows\System\UvsNzjt.exe

C:\Windows\System\UvsNzjt.exe

C:\Windows\System\KXtVCgG.exe

C:\Windows\System\KXtVCgG.exe

C:\Windows\System\BSrHZSo.exe

C:\Windows\System\BSrHZSo.exe

C:\Windows\System\mLvirLd.exe

C:\Windows\System\mLvirLd.exe

C:\Windows\System\dtqKzlZ.exe

C:\Windows\System\dtqKzlZ.exe

C:\Windows\System\RtUwtcJ.exe

C:\Windows\System\RtUwtcJ.exe

C:\Windows\System\hhMlIJU.exe

C:\Windows\System\hhMlIJU.exe

C:\Windows\System\citxfgq.exe

C:\Windows\System\citxfgq.exe

C:\Windows\System\TxjwbBZ.exe

C:\Windows\System\TxjwbBZ.exe

C:\Windows\System\JfDIVhT.exe

C:\Windows\System\JfDIVhT.exe

C:\Windows\System\LDaQtjG.exe

C:\Windows\System\LDaQtjG.exe

C:\Windows\System\ZyTHESj.exe

C:\Windows\System\ZyTHESj.exe

C:\Windows\System\PoyJTOv.exe

C:\Windows\System\PoyJTOv.exe

C:\Windows\System\OQhmRdA.exe

C:\Windows\System\OQhmRdA.exe

C:\Windows\System\MiMdSSm.exe

C:\Windows\System\MiMdSSm.exe

C:\Windows\System\KyviUKz.exe

C:\Windows\System\KyviUKz.exe

C:\Windows\System\TqInqGY.exe

C:\Windows\System\TqInqGY.exe

C:\Windows\System\fbwqkUC.exe

C:\Windows\System\fbwqkUC.exe

C:\Windows\System\AaqiOdE.exe

C:\Windows\System\AaqiOdE.exe

C:\Windows\System\wJYOQwn.exe

C:\Windows\System\wJYOQwn.exe

C:\Windows\System\ZsKOJKw.exe

C:\Windows\System\ZsKOJKw.exe

C:\Windows\System\PFkomVO.exe

C:\Windows\System\PFkomVO.exe

C:\Windows\System\oPrIEJD.exe

C:\Windows\System\oPrIEJD.exe

C:\Windows\System\lMIDtyl.exe

C:\Windows\System\lMIDtyl.exe

C:\Windows\System\rfgSZWy.exe

C:\Windows\System\rfgSZWy.exe

C:\Windows\System\BiggaBz.exe

C:\Windows\System\BiggaBz.exe

C:\Windows\System\hDlZFCY.exe

C:\Windows\System\hDlZFCY.exe

C:\Windows\System\UXaMQqY.exe

C:\Windows\System\UXaMQqY.exe

C:\Windows\System\StLuGur.exe

C:\Windows\System\StLuGur.exe

C:\Windows\System\QwdWZda.exe

C:\Windows\System\QwdWZda.exe

C:\Windows\System\NkLAeDl.exe

C:\Windows\System\NkLAeDl.exe

C:\Windows\System\fErTdfu.exe

C:\Windows\System\fErTdfu.exe

C:\Windows\System\DEnqJkj.exe

C:\Windows\System\DEnqJkj.exe

C:\Windows\System\XjUklwN.exe

C:\Windows\System\XjUklwN.exe

C:\Windows\System\zHeVZkW.exe

C:\Windows\System\zHeVZkW.exe

C:\Windows\System\FCsPDyA.exe

C:\Windows\System\FCsPDyA.exe

C:\Windows\System\ITRojQl.exe

C:\Windows\System\ITRojQl.exe

C:\Windows\System\MDtruRY.exe

C:\Windows\System\MDtruRY.exe

C:\Windows\System\euWLLbP.exe

C:\Windows\System\euWLLbP.exe

C:\Windows\System\HocWWoc.exe

C:\Windows\System\HocWWoc.exe

C:\Windows\System\OckfuoA.exe

C:\Windows\System\OckfuoA.exe

C:\Windows\System\dPqZIGj.exe

C:\Windows\System\dPqZIGj.exe

C:\Windows\System\oHbSPJM.exe

C:\Windows\System\oHbSPJM.exe

C:\Windows\System\HWsmMdV.exe

C:\Windows\System\HWsmMdV.exe

C:\Windows\System\FPbMvjM.exe

C:\Windows\System\FPbMvjM.exe

C:\Windows\System\MRzbzzj.exe

C:\Windows\System\MRzbzzj.exe

C:\Windows\System\AzqmWiN.exe

C:\Windows\System\AzqmWiN.exe

C:\Windows\System\WolurKW.exe

C:\Windows\System\WolurKW.exe

C:\Windows\System\oCsEJHZ.exe

C:\Windows\System\oCsEJHZ.exe

C:\Windows\System\fxgghVr.exe

C:\Windows\System\fxgghVr.exe

C:\Windows\System\vMfDmHl.exe

C:\Windows\System\vMfDmHl.exe

C:\Windows\System\LSjMCXl.exe

C:\Windows\System\LSjMCXl.exe

C:\Windows\System\gorncAO.exe

C:\Windows\System\gorncAO.exe

C:\Windows\System\JyPplPg.exe

C:\Windows\System\JyPplPg.exe

C:\Windows\System\sMwFqFP.exe

C:\Windows\System\sMwFqFP.exe

C:\Windows\System\VlgmAqm.exe

C:\Windows\System\VlgmAqm.exe

C:\Windows\System\cjOFVvI.exe

C:\Windows\System\cjOFVvI.exe

C:\Windows\System\dnwXoet.exe

C:\Windows\System\dnwXoet.exe

C:\Windows\System\eKHwDqg.exe

C:\Windows\System\eKHwDqg.exe

C:\Windows\System\IqSxKGG.exe

C:\Windows\System\IqSxKGG.exe

C:\Windows\System\iyrrfHx.exe

C:\Windows\System\iyrrfHx.exe

C:\Windows\System\LUQmzpD.exe

C:\Windows\System\LUQmzpD.exe

C:\Windows\System\joRbDFi.exe

C:\Windows\System\joRbDFi.exe

C:\Windows\System\BDpFSDG.exe

C:\Windows\System\BDpFSDG.exe

C:\Windows\System\zPluWAz.exe

C:\Windows\System\zPluWAz.exe

C:\Windows\System\DuBnryx.exe

C:\Windows\System\DuBnryx.exe

C:\Windows\System\RWzkPuK.exe

C:\Windows\System\RWzkPuK.exe

C:\Windows\System\qoARDDp.exe

C:\Windows\System\qoARDDp.exe

C:\Windows\System\fVHLxIu.exe

C:\Windows\System\fVHLxIu.exe

C:\Windows\System\ihDLMBi.exe

C:\Windows\System\ihDLMBi.exe

C:\Windows\System\oulvDgf.exe

C:\Windows\System\oulvDgf.exe

C:\Windows\System\fiEGDMT.exe

C:\Windows\System\fiEGDMT.exe

C:\Windows\System\uKkytpt.exe

C:\Windows\System\uKkytpt.exe

C:\Windows\System\PLveGzg.exe

C:\Windows\System\PLveGzg.exe

C:\Windows\System\gpuYoWt.exe

C:\Windows\System\gpuYoWt.exe

C:\Windows\System\VgtsbhQ.exe

C:\Windows\System\VgtsbhQ.exe

C:\Windows\System\tvTUSxU.exe

C:\Windows\System\tvTUSxU.exe

C:\Windows\System\OiAPrmr.exe

C:\Windows\System\OiAPrmr.exe

C:\Windows\System\iOIyjqv.exe

C:\Windows\System\iOIyjqv.exe

C:\Windows\System\VjZekEF.exe

C:\Windows\System\VjZekEF.exe

C:\Windows\System\sRojJBt.exe

C:\Windows\System\sRojJBt.exe

C:\Windows\System\oQLUruO.exe

C:\Windows\System\oQLUruO.exe

C:\Windows\System\HkoSObK.exe

C:\Windows\System\HkoSObK.exe

C:\Windows\System\hEkIuaw.exe

C:\Windows\System\hEkIuaw.exe

C:\Windows\System\VgbFQNj.exe

C:\Windows\System\VgbFQNj.exe

C:\Windows\System\fCsFYfb.exe

C:\Windows\System\fCsFYfb.exe

C:\Windows\System\hPbBLvl.exe

C:\Windows\System\hPbBLvl.exe

C:\Windows\System\siwXYcz.exe

C:\Windows\System\siwXYcz.exe

C:\Windows\System\tfeVQeW.exe

C:\Windows\System\tfeVQeW.exe

C:\Windows\System\sKDsXQC.exe

C:\Windows\System\sKDsXQC.exe

C:\Windows\System\MNuAwLa.exe

C:\Windows\System\MNuAwLa.exe

C:\Windows\System\XVKTEaD.exe

C:\Windows\System\XVKTEaD.exe

C:\Windows\System\nloTtbL.exe

C:\Windows\System\nloTtbL.exe

C:\Windows\System\VXzdSwj.exe

C:\Windows\System\VXzdSwj.exe

C:\Windows\System\ciuYmFo.exe

C:\Windows\System\ciuYmFo.exe

C:\Windows\System\sWixyXn.exe

C:\Windows\System\sWixyXn.exe

C:\Windows\System\MXaAXNN.exe

C:\Windows\System\MXaAXNN.exe

C:\Windows\System\SKHtagA.exe

C:\Windows\System\SKHtagA.exe

C:\Windows\System\LhXjZzy.exe

C:\Windows\System\LhXjZzy.exe

C:\Windows\System\tNJmXAx.exe

C:\Windows\System\tNJmXAx.exe

C:\Windows\System\GZErLSU.exe

C:\Windows\System\GZErLSU.exe

C:\Windows\System\SnJIoOo.exe

C:\Windows\System\SnJIoOo.exe

C:\Windows\System\CjcrsWa.exe

C:\Windows\System\CjcrsWa.exe

C:\Windows\System\bfIzMDQ.exe

C:\Windows\System\bfIzMDQ.exe

C:\Windows\System\RbRdlyB.exe

C:\Windows\System\RbRdlyB.exe

C:\Windows\System\cKDkrUR.exe

C:\Windows\System\cKDkrUR.exe

C:\Windows\System\bcvmdRL.exe

C:\Windows\System\bcvmdRL.exe

C:\Windows\System\kDYkxci.exe

C:\Windows\System\kDYkxci.exe

C:\Windows\System\naXKtkO.exe

C:\Windows\System\naXKtkO.exe

C:\Windows\System\UTugVRf.exe

C:\Windows\System\UTugVRf.exe

C:\Windows\System\CkODTAH.exe

C:\Windows\System\CkODTAH.exe

C:\Windows\System\gdixzBw.exe

C:\Windows\System\gdixzBw.exe

C:\Windows\System\XTmrbkN.exe

C:\Windows\System\XTmrbkN.exe

C:\Windows\System\DklmhMn.exe

C:\Windows\System\DklmhMn.exe

C:\Windows\System\OFGYApd.exe

C:\Windows\System\OFGYApd.exe

C:\Windows\System\IuryNPM.exe

C:\Windows\System\IuryNPM.exe

C:\Windows\System\UyJbUrj.exe

C:\Windows\System\UyJbUrj.exe

C:\Windows\System\uXxwtZV.exe

C:\Windows\System\uXxwtZV.exe

C:\Windows\System\LHmNsvo.exe

C:\Windows\System\LHmNsvo.exe

C:\Windows\System\wFxXAfy.exe

C:\Windows\System\wFxXAfy.exe

C:\Windows\System\RVggtCV.exe

C:\Windows\System\RVggtCV.exe

C:\Windows\System\lCAnSMV.exe

C:\Windows\System\lCAnSMV.exe

C:\Windows\System\PFsCZAe.exe

C:\Windows\System\PFsCZAe.exe

C:\Windows\System\RQMJpvD.exe

C:\Windows\System\RQMJpvD.exe

C:\Windows\System\iCzfBSC.exe

C:\Windows\System\iCzfBSC.exe

C:\Windows\System\wtWJhVF.exe

C:\Windows\System\wtWJhVF.exe

C:\Windows\System\aPRbXlx.exe

C:\Windows\System\aPRbXlx.exe

C:\Windows\System\QBuqWku.exe

C:\Windows\System\QBuqWku.exe

C:\Windows\System\aZhyTNo.exe

C:\Windows\System\aZhyTNo.exe

C:\Windows\System\ZhXvHwI.exe

C:\Windows\System\ZhXvHwI.exe

C:\Windows\System\NLqqlUo.exe

C:\Windows\System\NLqqlUo.exe

C:\Windows\System\aENvLMf.exe

C:\Windows\System\aENvLMf.exe

C:\Windows\System\KlznnFf.exe

C:\Windows\System\KlznnFf.exe

C:\Windows\System\pMdhwvd.exe

C:\Windows\System\pMdhwvd.exe

C:\Windows\System\XWpQuwA.exe

C:\Windows\System\XWpQuwA.exe

C:\Windows\System\HTBNvuB.exe

C:\Windows\System\HTBNvuB.exe

C:\Windows\System\daiPAeo.exe

C:\Windows\System\daiPAeo.exe

C:\Windows\System\CrFiSsU.exe

C:\Windows\System\CrFiSsU.exe

C:\Windows\System\FSpXljZ.exe

C:\Windows\System\FSpXljZ.exe

C:\Windows\System\YYqQGFw.exe

C:\Windows\System\YYqQGFw.exe

C:\Windows\System\RGOpHTe.exe

C:\Windows\System\RGOpHTe.exe

C:\Windows\System\lqHHSCE.exe

C:\Windows\System\lqHHSCE.exe

C:\Windows\System\fhdDJmS.exe

C:\Windows\System\fhdDJmS.exe

C:\Windows\System\NgdPrxr.exe

C:\Windows\System\NgdPrxr.exe

C:\Windows\System\MWtvmqI.exe

C:\Windows\System\MWtvmqI.exe

C:\Windows\System\XLrgSTq.exe

C:\Windows\System\XLrgSTq.exe

C:\Windows\System\TzJQmkU.exe

C:\Windows\System\TzJQmkU.exe

C:\Windows\System\ptcBOhU.exe

C:\Windows\System\ptcBOhU.exe

C:\Windows\System\NhDmhLW.exe

C:\Windows\System\NhDmhLW.exe

C:\Windows\System\ytRyeJD.exe

C:\Windows\System\ytRyeJD.exe

C:\Windows\System\plQbPqh.exe

C:\Windows\System\plQbPqh.exe

C:\Windows\System\LZXVtgA.exe

C:\Windows\System\LZXVtgA.exe

C:\Windows\System\mrlopvo.exe

C:\Windows\System\mrlopvo.exe

C:\Windows\System\ADJBuBk.exe

C:\Windows\System\ADJBuBk.exe

C:\Windows\System\TxJdSaw.exe

C:\Windows\System\TxJdSaw.exe

C:\Windows\System\eLmJmfD.exe

C:\Windows\System\eLmJmfD.exe

C:\Windows\System\xxIPbTY.exe

C:\Windows\System\xxIPbTY.exe

C:\Windows\System\YNpQgqi.exe

C:\Windows\System\YNpQgqi.exe

C:\Windows\System\aieQTfs.exe

C:\Windows\System\aieQTfs.exe

C:\Windows\System\asmNexg.exe

C:\Windows\System\asmNexg.exe

C:\Windows\System\IRgWGTt.exe

C:\Windows\System\IRgWGTt.exe

C:\Windows\System\nygMdbE.exe

C:\Windows\System\nygMdbE.exe

C:\Windows\System\EMDucEj.exe

C:\Windows\System\EMDucEj.exe

C:\Windows\System\YlOQDrE.exe

C:\Windows\System\YlOQDrE.exe

C:\Windows\System\ugkfmTT.exe

C:\Windows\System\ugkfmTT.exe

C:\Windows\System\zFCQyji.exe

C:\Windows\System\zFCQyji.exe

C:\Windows\System\CynCamu.exe

C:\Windows\System\CynCamu.exe

C:\Windows\System\kiyTRMv.exe

C:\Windows\System\kiyTRMv.exe

C:\Windows\System\noXGJRx.exe

C:\Windows\System\noXGJRx.exe

C:\Windows\System\LEyMtcQ.exe

C:\Windows\System\LEyMtcQ.exe

C:\Windows\System\DHVHPsf.exe

C:\Windows\System\DHVHPsf.exe

C:\Windows\System\pfQaSsh.exe

C:\Windows\System\pfQaSsh.exe

C:\Windows\System\lSdKaHI.exe

C:\Windows\System\lSdKaHI.exe

C:\Windows\System\mthQhQG.exe

C:\Windows\System\mthQhQG.exe

C:\Windows\System\PknUWXH.exe

C:\Windows\System\PknUWXH.exe

C:\Windows\System\GGFVlva.exe

C:\Windows\System\GGFVlva.exe

C:\Windows\System\VslQyMD.exe

C:\Windows\System\VslQyMD.exe

C:\Windows\System\AKIdjTz.exe

C:\Windows\System\AKIdjTz.exe

C:\Windows\System\iibzpZl.exe

C:\Windows\System\iibzpZl.exe

C:\Windows\System\Hpzvtgk.exe

C:\Windows\System\Hpzvtgk.exe

C:\Windows\System\FZdFHUY.exe

C:\Windows\System\FZdFHUY.exe

C:\Windows\System\HiwOKoH.exe

C:\Windows\System\HiwOKoH.exe

C:\Windows\System\oRdsyyr.exe

C:\Windows\System\oRdsyyr.exe

C:\Windows\System\YjZWzHx.exe

C:\Windows\System\YjZWzHx.exe

C:\Windows\System\SNfyelo.exe

C:\Windows\System\SNfyelo.exe

C:\Windows\System\WtatYdi.exe

C:\Windows\System\WtatYdi.exe

C:\Windows\System\pAOdzJJ.exe

C:\Windows\System\pAOdzJJ.exe

C:\Windows\System\WdFFRYj.exe

C:\Windows\System\WdFFRYj.exe

C:\Windows\System\PuCKbrr.exe

C:\Windows\System\PuCKbrr.exe

C:\Windows\System\LcMUIHd.exe

C:\Windows\System\LcMUIHd.exe

C:\Windows\System\jlNLhLL.exe

C:\Windows\System\jlNLhLL.exe

C:\Windows\System\VXiBpzr.exe

C:\Windows\System\VXiBpzr.exe

C:\Windows\System\YHOSIHT.exe

C:\Windows\System\YHOSIHT.exe

C:\Windows\System\oVfQqMU.exe

C:\Windows\System\oVfQqMU.exe

C:\Windows\System\DEPCNdS.exe

C:\Windows\System\DEPCNdS.exe

C:\Windows\System\MyWFAhz.exe

C:\Windows\System\MyWFAhz.exe

C:\Windows\System\fadUIEg.exe

C:\Windows\System\fadUIEg.exe

C:\Windows\System\sqnnRBD.exe

C:\Windows\System\sqnnRBD.exe

C:\Windows\System\IhJmLQg.exe

C:\Windows\System\IhJmLQg.exe

C:\Windows\System\sEwJemf.exe

C:\Windows\System\sEwJemf.exe

C:\Windows\System\SMAVljt.exe

C:\Windows\System\SMAVljt.exe

C:\Windows\System\idFLOYh.exe

C:\Windows\System\idFLOYh.exe

C:\Windows\System\cNqrSAw.exe

C:\Windows\System\cNqrSAw.exe

C:\Windows\System\eHgsiiX.exe

C:\Windows\System\eHgsiiX.exe

C:\Windows\System\CWbYgwA.exe

C:\Windows\System\CWbYgwA.exe

C:\Windows\System\HxyTewU.exe

C:\Windows\System\HxyTewU.exe

C:\Windows\System\sGxIYXP.exe

C:\Windows\System\sGxIYXP.exe

C:\Windows\System\rejSpsV.exe

C:\Windows\System\rejSpsV.exe

C:\Windows\System\UiGHoPW.exe

C:\Windows\System\UiGHoPW.exe

C:\Windows\System\qqOekDj.exe

C:\Windows\System\qqOekDj.exe

C:\Windows\System\UejnQHm.exe

C:\Windows\System\UejnQHm.exe

C:\Windows\System\VZwOrcZ.exe

C:\Windows\System\VZwOrcZ.exe

C:\Windows\System\LaIpyXK.exe

C:\Windows\System\LaIpyXK.exe

C:\Windows\System\VcRihgZ.exe

C:\Windows\System\VcRihgZ.exe

C:\Windows\System\QzkMopb.exe

C:\Windows\System\QzkMopb.exe

C:\Windows\System\cVINiDC.exe

C:\Windows\System\cVINiDC.exe

C:\Windows\System\qobqeMJ.exe

C:\Windows\System\qobqeMJ.exe

C:\Windows\System\OUkMeuX.exe

C:\Windows\System\OUkMeuX.exe

C:\Windows\System\McqrMED.exe

C:\Windows\System\McqrMED.exe

C:\Windows\System\AqieRVW.exe

C:\Windows\System\AqieRVW.exe

C:\Windows\System\YCesRaR.exe

C:\Windows\System\YCesRaR.exe

C:\Windows\System\QtXjQuj.exe

C:\Windows\System\QtXjQuj.exe

C:\Windows\System\kZRgFjW.exe

C:\Windows\System\kZRgFjW.exe

C:\Windows\System\qXtmVmp.exe

C:\Windows\System\qXtmVmp.exe

C:\Windows\System\syPwyNu.exe

C:\Windows\System\syPwyNu.exe

C:\Windows\System\lyDUwEn.exe

C:\Windows\System\lyDUwEn.exe

C:\Windows\System\ibFjWVf.exe

C:\Windows\System\ibFjWVf.exe

C:\Windows\System\eBzKxax.exe

C:\Windows\System\eBzKxax.exe

C:\Windows\System\bnbtFyy.exe

C:\Windows\System\bnbtFyy.exe

C:\Windows\System\DuaIiez.exe

C:\Windows\System\DuaIiez.exe

C:\Windows\System\hcFGZrZ.exe

C:\Windows\System\hcFGZrZ.exe

C:\Windows\System\qWeUOAH.exe

C:\Windows\System\qWeUOAH.exe

C:\Windows\System\ELdPSQP.exe

C:\Windows\System\ELdPSQP.exe

C:\Windows\System\kgrDaPr.exe

C:\Windows\System\kgrDaPr.exe

C:\Windows\System\IiFSXiC.exe

C:\Windows\System\IiFSXiC.exe

C:\Windows\System\YxggxFC.exe

C:\Windows\System\YxggxFC.exe

C:\Windows\System\QaJvKmi.exe

C:\Windows\System\QaJvKmi.exe

C:\Windows\System\gxZnREm.exe

C:\Windows\System\gxZnREm.exe

C:\Windows\System\PjEEmnt.exe

C:\Windows\System\PjEEmnt.exe

C:\Windows\System\OYDvDnI.exe

C:\Windows\System\OYDvDnI.exe

C:\Windows\System\afsiSac.exe

C:\Windows\System\afsiSac.exe

C:\Windows\System\eVKJNck.exe

C:\Windows\System\eVKJNck.exe

C:\Windows\System\YHDvswu.exe

C:\Windows\System\YHDvswu.exe

C:\Windows\System\CycHeeb.exe

C:\Windows\System\CycHeeb.exe

C:\Windows\System\owfQZYG.exe

C:\Windows\System\owfQZYG.exe

C:\Windows\System\fHSQUfp.exe

C:\Windows\System\fHSQUfp.exe

C:\Windows\System\RyPrGuI.exe

C:\Windows\System\RyPrGuI.exe

C:\Windows\System\VNLiNSF.exe

C:\Windows\System\VNLiNSF.exe

C:\Windows\System\SQqgddG.exe

C:\Windows\System\SQqgddG.exe

C:\Windows\System\gwbhkAr.exe

C:\Windows\System\gwbhkAr.exe

C:\Windows\System\RkGacsj.exe

C:\Windows\System\RkGacsj.exe

C:\Windows\System\VQsgmqg.exe

C:\Windows\System\VQsgmqg.exe

C:\Windows\System\Awrtsrw.exe

C:\Windows\System\Awrtsrw.exe

C:\Windows\System\qqSmUAb.exe

C:\Windows\System\qqSmUAb.exe

C:\Windows\System\MxgmUUG.exe

C:\Windows\System\MxgmUUG.exe

C:\Windows\System\PbYpIJo.exe

C:\Windows\System\PbYpIJo.exe

C:\Windows\System\xKPlHBU.exe

C:\Windows\System\xKPlHBU.exe

C:\Windows\System\ENJvkDn.exe

C:\Windows\System\ENJvkDn.exe

C:\Windows\System\iCGgFER.exe

C:\Windows\System\iCGgFER.exe

C:\Windows\System\iTQXDPh.exe

C:\Windows\System\iTQXDPh.exe

C:\Windows\System\IndfErB.exe

C:\Windows\System\IndfErB.exe

C:\Windows\System\luOtUjO.exe

C:\Windows\System\luOtUjO.exe

C:\Windows\System\smCyFJl.exe

C:\Windows\System\smCyFJl.exe

C:\Windows\System\vPWPUJQ.exe

C:\Windows\System\vPWPUJQ.exe

C:\Windows\System\blaKahb.exe

C:\Windows\System\blaKahb.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1996-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/1996-1-0x0000000000180000-0x0000000000190000-memory.dmp

\Windows\system\TmGZfJs.exe

MD5 29483a95fd76d21d9e918cf8246a98de
SHA1 8513a97b2c5ff5f91429d200b760bf1cb9ee8db0
SHA256 cc3818733ac52594175f001ff234eca1a984481ca6db0148778b57a5ec40fb9b
SHA512 a241312e94a3b0a9e67295449c833f8ec38f99092da57e614a42db98126ab192bd26157c6b41c87cb10e022ff1943c27e22aa9627999ae5e0e3d9e084a8ca3d1

memory/2724-8-0x000000013F470000-0x000000013F7C4000-memory.dmp

C:\Windows\system\kvWtQQu.exe

MD5 1e943df82f4b72935e673dfdc2aec266
SHA1 2a6fd6f6813daa7ce8e1c82b49e623aab0337930
SHA256 a2a009a08d7b1cd6c0b2e242d25c7062dff06d0e8ee60c1b57e525676565e235
SHA512 3766f9d8c05d35dcccb9fc28eb3a0eb8bc470f10ee69ae1ee6773730dd19b1b7580dad3381918195d2666aec704b86f45b8d9e099fcc8527c02d1e53e42c43fe

C:\Windows\system\QuVDcTv.exe

MD5 ac422de931c4afb1f485b0f00df652bb
SHA1 f7aae8ba61326d54ad6b8dc3a34593be65cb75b0
SHA256 2c42c50b621894e56329c95c59f9bf04fba5a7a3ef7e3165e6c8fd3dd483aa38
SHA512 4597717d7d2b1d131a66509512e2efaca130fb38a89b40bc15b78d385787a39bf21cfbf8e83013acd6cb159ad19d7af1991c6c75cc923d362592b07fd1876856

C:\Windows\system\uGAuDDj.exe

MD5 0c635e73928972805ccbb018069423c7
SHA1 ef60ae72b961f991a30c6da1adde7d0874f4fa26
SHA256 ff328d3a0a6fd2c7b1d00dfcf741526671bd6805cc000436327081845db8678f
SHA512 03ea9bbe63aa24175daccd2802480c00b7254a7b875738cc27dd5c30ddc96d6be963a723c4b9755dceb9ce689eb165f7941820e233ca173f9357bfaf8715eb29

\Windows\system\yRoIuPw.exe

MD5 93f549d3926b55fb8ae2a9cb989e6151
SHA1 423acc8f08ef6019fc68a320aa762094f98ce587
SHA256 93fea6830769d7a6a611395c10f66938dbc6d1d5683ecbd2b57baf77164505bb
SHA512 928711dd6dbcbcf661c759308384c733a730571942e2228ac0ca390db9d390f895b8ea7d89f3dd1e8dc8bb8521f833a5f99f57a409a3002f3d44ec528fc23d31

memory/1692-83-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/1996-86-0x000000013FEB0000-0x0000000140204000-memory.dmp

C:\Windows\system\xNjUqSg.exe

MD5 6580814c22f97b8a3850f0ff38331837
SHA1 b3c9810141b9663928b6c8cfa7756affa9105185
SHA256 95a3180dce608e99fcba536c8497691fc189a9dfec56bf7f6a98f001882dcce1
SHA512 52b9f2a20bdd88010664151a490281125dd650bfd8c6fde038f7be0d61a5b17cf21c48a5ad39d4f6d3ad9dfce951ba86928c07e30cdf6f1710eb88a30dced683

memory/2396-98-0x000000013F540000-0x000000013F894000-memory.dmp

memory/1996-77-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2684-76-0x000000013F6F0000-0x000000013FA44000-memory.dmp

C:\Windows\system\PGURbMa.exe

MD5 3048cc30caeb14f44ece61a94015fd4a
SHA1 5a965fc7fcb5f56eda4753e1c58bf834162c1cbc
SHA256 6d6684db9e35bb7c94a44497c5e35320a8b6fe4ea4b829de1262cd628b7a6d34
SHA512 e1ebc649b3ae1c65b6b894c990df688e7ee5a221b7773f8c0fae0f04349bcf2f5d8dfead168e357a70d24ed7f8af249ff5cdb5d68b7f5c1be6cb9e564b750c53

\Windows\system\DoOcRha.exe

MD5 a4e0fe3564b29eb5941b58e02db7dedf
SHA1 7b80b18b3764bc9f60eec202282c74fe9be48a94
SHA256 cb776d3eb31d27af1ba54d2fd0fd8a6affc0bdc2aa7263eba4e3871d5a0b91c9
SHA512 846a4e76820c9e10b494e85442bd33e9fc9e863610259167feddb82711d23a9f6a00dbab595e0f805820a0feb7160c031cabf4eaeb1b77e119c3dc9230f8af44

memory/1996-64-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2196-62-0x000000013F9C0000-0x000000013FD14000-memory.dmp

C:\Windows\system\cvbnYbq.exe

MD5 0b42ecde5c4b89b4c9058551c99b8b11
SHA1 71041d4445c1825bdc390babc864a1b8377ec13f
SHA256 c4743b02f9b83f4626c25991bcba7aae87bb2f2d70ec78ea84ca01ef1026f924
SHA512 975163772f3cdc9d4e9618194a27a53c5a02c25387d8e968c652f5b442284e4feff9bf3ba18ce68ce4227c6a11c052b4286ddbf9d9329b0aca49f8f22d3413e0

\Windows\system\YuXqfqF.exe

MD5 c5c31ecd031b4b1af452e706925d13b6
SHA1 a96198315b8b03d869a9e89149f77116ed5309b1
SHA256 58def6ffb61fa4f550b84619270ede36bf9442cc56b98efa0b646bee9896fbc9
SHA512 136e75947516ff8bfeda91064c92a5bdaf37a96e6e7bf9477055572cf565b966081e47e19a8f8098ce6e71d3357ea9745724e06a9acd503ed5c37a56d7f10f36

memory/2816-97-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2692-96-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/1996-43-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

\Windows\system\BCPDkVJ.exe

MD5 8d8cabfc699c56db154f8f10a9e2067c
SHA1 b57b7682fa9a4bb1defcd4effcc577221a023b7c
SHA256 8a1d9abd25c1715ebf185b22e1fb5ae11db65d5ddafdc386b80524fdde9fd4c6
SHA512 a48d597d95b16141ddc51f20676a4f85105ecb4adbb6ebd7c52b85f61de760c5f280265bbd38322d7458960e5c7d9a14fbaba1c2e8f4974b9a6561d80dd4f3d8

C:\Windows\system\EcuTLpH.exe

MD5 2ddf82bea0aa429e1fe823964d7f4f47
SHA1 812af218d941c234c8e4137c3220d4d21e83525c
SHA256 9def8ceb8ed5bf52711bac2322479a2832de8a2e28b911c5a0296f36ed4382f5
SHA512 dac9c46462b674a73829593d440574abbdb7edc02ccd4923b6b338ae2a05a3d8df68f949f9efa476408c0478972ef3723c29f8622f2e4f0723a9c54f9e08692f

\Windows\system\cjbRKOP.exe

MD5 708b8be2147b95da2f5f2729cac5d775
SHA1 c119db1967c817368b51fb3e0d2368a3fee7a73b
SHA256 a6a9a062f488633850e28c383b8a455cd81b49cea08d9da81caf29dcb31a0393
SHA512 21b52a98c0971ce669e409709670472be3418d444d779c750e23c063ea7a0b01890a4e7cad9e4cd26b342a6f1bad560f12e7c3d7b94d522b67808f623ad38e23

memory/1996-27-0x000000013F9D0000-0x000000013FD24000-memory.dmp

C:\Windows\system\yaxWBYh.exe

MD5 e8adf3f882501ff9608917f1a91db4bb
SHA1 84ed8f932dd197e0b8c9ae5696cdd77651399cc3
SHA256 e3367b1fcdbd3021c62cd4015a597fa86db354fa9abb6f7a0b55275963ff580c
SHA512 d2e2cc359c7ea1f75a8a02b6d1bcba62a72fc090821c71201950859eb701cc07fe29b7930521710facaff54fc5783e8f91aadc6ef7441c9656c2fe1964449e77

\Windows\system\XLGJequ.exe

MD5 dc8a5514f5cba5c6489d563dd07f0872
SHA1 800147d767b47a593fa6f1579dcf4872c7f0e581
SHA256 74855076fe45960856e7e78f8fa08ff4e1d0c48702fc6826f17cc137dfe559d1
SHA512 42e24ed23a6a9d600a110c2e29973609d1d8dc6af9e6169621632625148cc9377f4e97f330d33ef5719decf596c5753c7020324b7117efb9f77727a757edce8c

memory/876-17-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/1996-95-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/1996-89-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/1996-88-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/1996-87-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/1996-85-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/1996-84-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2780-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/1060-81-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2776-57-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/1996-51-0x0000000001FB0000-0x0000000002304000-memory.dmp

C:\Windows\system\FRWxlam.exe

MD5 35628879dba09f70110dce3322a74fe9
SHA1 646d93a79dd045d3268c122084354ef8a3465f5e
SHA256 802a1a0ee1e1026c3ec367c9612803be00363871ee4a2c0d84b13785cd9cdbcd
SHA512 afaf12c1a5e539964eb324d5cb400255f819a6d0b25edf9ea51d75ba0f236174ed4cfe9e369d8da89853d5ab19be633e514732d58faf1ece188ed1e358c3eba1

memory/1996-46-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2756-31-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1996-22-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/1996-13-0x000000013FFF0000-0x0000000140344000-memory.dmp

\Windows\system\uqwfCjW.exe

MD5 038fc1692b9db48d0dddd2ce60e6733f
SHA1 ae79c1bede98013783f90ebc8ea1f7f1fb376b68
SHA256 44f4a4ff86342186fbb4c4b4857c1884be26a226da9e4c4e313bd1e6781fed29
SHA512 d1236b58e5f14b45147a65a71c0c610200668cc7c3292959b9c42268c426713b02aa46b412fdac0be41fbc35f61c7742f30bef4b53c5f4bada4f607e16b649a1

C:\Windows\system\gSOgmqc.exe

MD5 2541de4cc366a656fed74a539f0cd148
SHA1 c1210d501aa2e65b178a56f75295b4e395e1750c
SHA256 6819d884a974ac58ad2fcdb328145d70fa2f04c9a340e594336c33da06f8fc45
SHA512 449e4ab7231c2967d95479084713ff5ab0df7bc1dd8a37044ae115d1e2961354d5d601a8eb7b7616a236d940087fec6478006305b37c2f90a88800a6cf3a9ee7

\Windows\system\jhnQKNN.exe

MD5 5c2d6dc3c1e8b3f0fe900ed894897fd3
SHA1 42335c5280ba61eddb8265bfeff7299be0f95ed2
SHA256 a5ba30a8b1f6b4c2b897de70aacbc2af47929932cdf19bb545a7a518c9d74314
SHA512 37af08df7655db1bcbc6501d45980f5d83c9b2d6ddc06ed8b9d4290919381350723e017c267e11b166dac4453277042ea993f7c963652cfaa313bf9867392b41

\Windows\system\rtjhzzY.exe

MD5 bee496f35cc71db2ace8ba6444588c3b
SHA1 565fe654c1ca817d0e3462b89010676da19f055f
SHA256 9059c497e4de02a410a75088684e3787ae37c45ee210a41b83243e7f813541dc
SHA512 dfc7f3f2ac67a969678843f4310b090f288557adb6cea2ae73b2f5e58143e8acc50eff9430d9212a753e81c7cf04ec72845f3c20a933881364e628cd6b117bfe

\Windows\system\AxVLyqE.exe

MD5 c3e1173165a0b0f41ab43e4e02ea7f74
SHA1 19de47c62f47d377234c62a02acce56c572a8a67
SHA256 0ee7eeb71fd2c9eb4504509693935a49c626696af399c182b2648497885d9aad
SHA512 7381a03a77fa423ddd4413b9ca2ae995e73fc7000b8caf5e6ea630b0b58114f104fde29b0eb9cc77b2b6c5525ea6781d2e84e007f2232ca4ff0d89a79da51bee

C:\Windows\system\vbrBxeU.exe

MD5 658228c4b2f01ff532c2de65a67e0b0d
SHA1 826bc161a39df62c102a353ad9f0c89250d0d249
SHA256 ea24b163992a996d5dd5dadcf1add3af60519a593bd8839c3602b71097940090
SHA512 081ad5e7462a32fec4e0264462bdcadff33ab81b79608835a2c1f17e78ff0ab6eccaa2bcb1a0f5cd4178ffed4901d1c301662c4e8c0ec7c8bfe6e6ec3eeda7c4

C:\Windows\system\ierJKrG.exe

MD5 ebd35aa11f8e888c88774cb88163fb0c
SHA1 7a414f9d0636dae3a1c39cb660a4c99eaab5f5f9
SHA256 6126334467d555c26a1b1cd07705566c76739eba4abab8ad1db27c449ea6c9b1
SHA512 ce95c52073aa01ed051c29b2a6b5feacc274ba510ff3b7b93d17d4da2f710777bce332d89fac62f43663d24fb6cc162264df4cb5ac183f6838451a8ef9fcdb85

C:\Windows\system\yTDidwX.exe

MD5 755c88932acf9150280042426d42c387
SHA1 69cc759eaf38f9e296b6bbca04e684d204c34ea8
SHA256 db620b7605e9e02ae1a5f620932ccafff34b358a218eb3b1b7e1f6b290a80349
SHA512 17980d92f59e2ed34c4ac2fca49f24083adc0905b3c7f3651371816530fd7cd2a78617f0b59546ffa5a1d5bfe0b7df6877492cc340de8608115f3fe807041bd4

C:\Windows\system\KlLwLFl.exe

MD5 0292d9847100165adb4c2349554f0f53
SHA1 f1c1e0b3592204c16baaacb6fe1ef5ef82c19a2f
SHA256 133641e0c1d762ddd4e88f0acd5e50dd160c2bf05886ca31bc82bf60ec2ae674
SHA512 62bfd671e7c82b904f8baffd6342941788d617bde284d840ee222d189aa662ddbdd4650435273ecc81ca0b54a022d9ca9234ee720c0009764629731b851c65dc

C:\Windows\system\Etkpkem.exe

MD5 3b7a28941084710028d369dc8d822fa2
SHA1 cc24175c49ef5c8c57298417aad39db2a19ffe2c
SHA256 733df0415e6bcc33bcc181e90545fcfd4069db71df8c84cb95a2113760e7833c
SHA512 76bb2d57429167e4fc30b07b2919092bd2199f152820cadda3083fe1117aaf59d6355e2df0821435d0a4fd1847995f5d2ab2ba7fe2214cc323c80a0933331eac

C:\Windows\system\tzPcUMV.exe

MD5 95304d6023a47782b81a1f0893534128
SHA1 22a0879128bfcf5faba13213586bd42c0dcd20fd
SHA256 4ae6d3b68e1e1f473b165c9a724ceac4405c50f778da8656e16e4c275ba49eb4
SHA512 f11e4a910d59f9005fed58e61dab2213a2b3ad78b3989595fc9d28beb511013f1461c2bb697ddf9218619f2cdad57e12818129764ddb454a571e39fe361541d4

C:\Windows\system\otypMIy.exe

MD5 a70f4df8d326e2972f43dff3d1a18425
SHA1 08ff1ff6f11c850e72429f9cc845248c0a755af9
SHA256 2a1ead1cc9d54242f7a5d4cb5b1b9697b476b6d2be33b525cb2f526d5aee28ed
SHA512 3c1d78ffebd271484709094b38233128de08a736ffc14c222d519350c51ad14390344502072ac884655663533d4295e2ce96607881924d97d373389e619f327c

C:\Windows\system\FLEgIUY.exe

MD5 977df53b9c66f7f3e9ffa8905f8c91fd
SHA1 bd472f619a2eaf19bb94a75af063fd3949f03b3d
SHA256 1c7b62ad11858ad1e90dff7738fe2330cd59811b8874f1071ced6ff93696b79f
SHA512 13a354dc4040daee6b88b06abe8f352dd6e52d9cf326e7ef50aad31b0087c2590265334aed66edcbe12aca2022af067bd82308028c625550f752a86f1913e0f4

C:\Windows\system\qTzykGq.exe

MD5 886a8c1ba81ffe4971b9bdbc820a9b6a
SHA1 50adcb102380b34f4ffc300698039ff4ebde18e0
SHA256 4b30928861a241b4e55e6eb9ba2f886b8ee68989047553da0056c8a7039044ea
SHA512 7c2697b0db64b48f3d70ceef36733c70ab7d50ee41ee4ef7d3ceb3fe2b6560b9ad4ee12d786194e297b86c96397ad560e337c3d734f34beea69bd81a65560686

C:\Windows\system\TxibZAe.exe

MD5 d8db9e8e578daa0c5334f0896db0c3db
SHA1 dab31f44ad5c31962b400a7bca85ca673390fcbe
SHA256 b3fb66bdda5e14be396780a28e2324e6e6af62ad21cd296d6968207dbded821a
SHA512 8e2459825f7f2c41f70404144136ffa7310648df79e983a16f1771a9f00370e38deda0b9a8881806080d01d0482680fe598fe944c904bec458b7cac391d3217e

C:\Windows\system\TvzWQEJ.exe

MD5 9f0321270c96b37838b1931ca02d97ec
SHA1 84f065bc2d82a16961a34d66099b8a29f2391ccb
SHA256 6c847c50da1b5642feac11c62a433945e1f9d0e7111ee1b1ba3665fe0a24493c
SHA512 ab4d0ac71ecb33970791ef6fb9f62aad246a0980f3f2054914a1e2231764e83c9a0365984a8d3b9696d0083cc5f6a36d835846ddc024f4db6a3bad6e26aa9913

memory/876-950-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2724-949-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/1996-1070-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/1996-1071-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2756-1072-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/2776-1073-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2196-1074-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2612-1075-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/1060-1076-0x000000013F600000-0x000000013F954000-memory.dmp

memory/1996-1077-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2684-1078-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2780-1079-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/1996-1080-0x0000000001FB0000-0x0000000002304000-memory.dmp

memory/2692-1081-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2396-1083-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2816-1082-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2724-1084-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/876-1085-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2756-1086-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1692-1087-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2612-1090-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2196-1089-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2776-1088-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2684-1091-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/1060-1094-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2692-1093-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2780-1092-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/2816-1095-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2396-1096-0x000000013F540000-0x000000013F894000-memory.dmp