Malware Analysis Report

2024-10-10 08:40

Sample ID 240604-fxjp5aeh39
Target 31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe
SHA256 ad0df4057e588969bfd4ae8d97d64647c135155f5f04e60755fd3735ecee40e5
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ad0df4057e588969bfd4ae8d97d64647c135155f5f04e60755fd3735ecee40e5

Threat Level: Known bad

The file 31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT Core Executable

XMRig Miner payload

KPOT

Kpot family

xmrig

Xmrig family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 05:15

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 05:15

Reported

2024-06-04 05:17

Platform

win10v2004-20240226-en

Max time kernel

137s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\JfPYNAt.exe N/A
N/A N/A C:\Windows\System\nmbsJDx.exe N/A
N/A N/A C:\Windows\System\mGlWuLe.exe N/A
N/A N/A C:\Windows\System\FYoMPWA.exe N/A
N/A N/A C:\Windows\System\jeIhbDP.exe N/A
N/A N/A C:\Windows\System\WQvVxeY.exe N/A
N/A N/A C:\Windows\System\AqMsKKp.exe N/A
N/A N/A C:\Windows\System\chOpaiP.exe N/A
N/A N/A C:\Windows\System\vcKHFDz.exe N/A
N/A N/A C:\Windows\System\wxAUxar.exe N/A
N/A N/A C:\Windows\System\wgGnPOF.exe N/A
N/A N/A C:\Windows\System\QPjEtGA.exe N/A
N/A N/A C:\Windows\System\TDaXlZa.exe N/A
N/A N/A C:\Windows\System\uOSYrwK.exe N/A
N/A N/A C:\Windows\System\xngtUEy.exe N/A
N/A N/A C:\Windows\System\QTNQcYh.exe N/A
N/A N/A C:\Windows\System\giSpycd.exe N/A
N/A N/A C:\Windows\System\uKmxmDi.exe N/A
N/A N/A C:\Windows\System\RdElwAw.exe N/A
N/A N/A C:\Windows\System\ZEGFOmu.exe N/A
N/A N/A C:\Windows\System\vvZyejp.exe N/A
N/A N/A C:\Windows\System\mLTsEUT.exe N/A
N/A N/A C:\Windows\System\hxOojQm.exe N/A
N/A N/A C:\Windows\System\FHTHfiP.exe N/A
N/A N/A C:\Windows\System\xIYRYiV.exe N/A
N/A N/A C:\Windows\System\AYSPXPp.exe N/A
N/A N/A C:\Windows\System\qSzMdGV.exe N/A
N/A N/A C:\Windows\System\jvRPYkg.exe N/A
N/A N/A C:\Windows\System\Odmtuhu.exe N/A
N/A N/A C:\Windows\System\UFZczPi.exe N/A
N/A N/A C:\Windows\System\MIODYFr.exe N/A
N/A N/A C:\Windows\System\YjLkhaf.exe N/A
N/A N/A C:\Windows\System\riKmTVA.exe N/A
N/A N/A C:\Windows\System\YgzafmB.exe N/A
N/A N/A C:\Windows\System\StmNwNO.exe N/A
N/A N/A C:\Windows\System\xdEJhyi.exe N/A
N/A N/A C:\Windows\System\BKLvdCN.exe N/A
N/A N/A C:\Windows\System\xWBySHh.exe N/A
N/A N/A C:\Windows\System\ggEZsDi.exe N/A
N/A N/A C:\Windows\System\eOENJhN.exe N/A
N/A N/A C:\Windows\System\ZzRFkaH.exe N/A
N/A N/A C:\Windows\System\FFWtmYM.exe N/A
N/A N/A C:\Windows\System\PBiODbL.exe N/A
N/A N/A C:\Windows\System\jgUayMV.exe N/A
N/A N/A C:\Windows\System\OmrJYCI.exe N/A
N/A N/A C:\Windows\System\xewaQth.exe N/A
N/A N/A C:\Windows\System\ofSkwWL.exe N/A
N/A N/A C:\Windows\System\GvSNGme.exe N/A
N/A N/A C:\Windows\System\wmqaNWX.exe N/A
N/A N/A C:\Windows\System\uyhsUYh.exe N/A
N/A N/A C:\Windows\System\tCKCvRQ.exe N/A
N/A N/A C:\Windows\System\pAEONJh.exe N/A
N/A N/A C:\Windows\System\MvAyhkJ.exe N/A
N/A N/A C:\Windows\System\PHpHgTg.exe N/A
N/A N/A C:\Windows\System\QHsLQKX.exe N/A
N/A N/A C:\Windows\System\GhYomfw.exe N/A
N/A N/A C:\Windows\System\cVKSays.exe N/A
N/A N/A C:\Windows\System\kCCVjvE.exe N/A
N/A N/A C:\Windows\System\bBNNMpo.exe N/A
N/A N/A C:\Windows\System\nJoCowX.exe N/A
N/A N/A C:\Windows\System\JZSolHH.exe N/A
N/A N/A C:\Windows\System\exEYIIE.exe N/A
N/A N/A C:\Windows\System\FFoNUFr.exe N/A
N/A N/A C:\Windows\System\JqXYbYa.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\mGlWuLe.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmqaNWX.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJoCowX.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqMlpgr.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMjYZfH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTjzWKy.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxUPjdO.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MniDfTz.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpkWYOl.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OEsaIeV.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDjIqIg.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNVcmIp.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BoljOFz.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOmYrnx.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcEQNTc.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgwaLGV.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\txxAVgH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KZszEeD.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCjToio.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlVYyZX.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSRgDUQ.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYSPXPp.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RnSZxNl.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXWwgSF.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFwpIor.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxAUxar.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLbVxsy.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wjgqVie.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIoHUUD.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYoMPWA.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZSolHH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\prYwZMM.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqThlGu.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmQUNzW.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IiJsCAv.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhjyvXp.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgzafmB.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmIZPBJ.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPQKgSd.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYOpAXx.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzRFkaH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxKwDff.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCElcBH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssfuKVS.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNFByzm.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\euFlxeU.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgGnPOF.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FFWtmYM.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\olpCTyW.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdpTSGT.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPHjcZD.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UefSrHd.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NMmfNhT.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdElwAw.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YWXoZcI.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXDgtVk.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIasAqx.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLYIHzR.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuacRAN.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DlsmWic.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xngtUEy.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhYomfw.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ushhTBG.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJrorpk.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\JfPYNAt.exe
PID 4764 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\JfPYNAt.exe
PID 4764 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\nmbsJDx.exe
PID 4764 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\nmbsJDx.exe
PID 4764 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mGlWuLe.exe
PID 4764 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mGlWuLe.exe
PID 4764 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FYoMPWA.exe
PID 4764 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FYoMPWA.exe
PID 4764 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jeIhbDP.exe
PID 4764 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jeIhbDP.exe
PID 4764 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\WQvVxeY.exe
PID 4764 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\WQvVxeY.exe
PID 4764 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AqMsKKp.exe
PID 4764 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AqMsKKp.exe
PID 4764 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\chOpaiP.exe
PID 4764 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\chOpaiP.exe
PID 4764 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\vcKHFDz.exe
PID 4764 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\vcKHFDz.exe
PID 4764 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\wxAUxar.exe
PID 4764 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\wxAUxar.exe
PID 4764 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\wgGnPOF.exe
PID 4764 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\wgGnPOF.exe
PID 4764 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\QPjEtGA.exe
PID 4764 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\QPjEtGA.exe
PID 4764 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\TDaXlZa.exe
PID 4764 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\TDaXlZa.exe
PID 4764 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\uOSYrwK.exe
PID 4764 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\uOSYrwK.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\xngtUEy.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\xngtUEy.exe
PID 4764 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\QTNQcYh.exe
PID 4764 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\QTNQcYh.exe
PID 4764 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\giSpycd.exe
PID 4764 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\giSpycd.exe
PID 4764 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\uKmxmDi.exe
PID 4764 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\uKmxmDi.exe
PID 4764 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\RdElwAw.exe
PID 4764 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\RdElwAw.exe
PID 4764 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ZEGFOmu.exe
PID 4764 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ZEGFOmu.exe
PID 4764 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\vvZyejp.exe
PID 4764 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\vvZyejp.exe
PID 4764 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mLTsEUT.exe
PID 4764 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mLTsEUT.exe
PID 4764 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\hxOojQm.exe
PID 4764 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\hxOojQm.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FHTHfiP.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FHTHfiP.exe
PID 4764 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\xIYRYiV.exe
PID 4764 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\xIYRYiV.exe
PID 4764 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AYSPXPp.exe
PID 4764 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AYSPXPp.exe
PID 4764 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\qSzMdGV.exe
PID 4764 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\qSzMdGV.exe
PID 4764 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jvRPYkg.exe
PID 4764 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jvRPYkg.exe
PID 4764 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\Odmtuhu.exe
PID 4764 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\Odmtuhu.exe
PID 4764 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\UFZczPi.exe
PID 4764 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\UFZczPi.exe
PID 4764 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\MIODYFr.exe
PID 4764 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\MIODYFr.exe
PID 4764 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\YjLkhaf.exe
PID 4764 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\YjLkhaf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe"

C:\Windows\System\JfPYNAt.exe

C:\Windows\System\JfPYNAt.exe

C:\Windows\System\nmbsJDx.exe

C:\Windows\System\nmbsJDx.exe

C:\Windows\System\mGlWuLe.exe

C:\Windows\System\mGlWuLe.exe

C:\Windows\System\FYoMPWA.exe

C:\Windows\System\FYoMPWA.exe

C:\Windows\System\jeIhbDP.exe

C:\Windows\System\jeIhbDP.exe

C:\Windows\System\WQvVxeY.exe

C:\Windows\System\WQvVxeY.exe

C:\Windows\System\AqMsKKp.exe

C:\Windows\System\AqMsKKp.exe

C:\Windows\System\chOpaiP.exe

C:\Windows\System\chOpaiP.exe

C:\Windows\System\vcKHFDz.exe

C:\Windows\System\vcKHFDz.exe

C:\Windows\System\wxAUxar.exe

C:\Windows\System\wxAUxar.exe

C:\Windows\System\wgGnPOF.exe

C:\Windows\System\wgGnPOF.exe

C:\Windows\System\QPjEtGA.exe

C:\Windows\System\QPjEtGA.exe

C:\Windows\System\TDaXlZa.exe

C:\Windows\System\TDaXlZa.exe

C:\Windows\System\uOSYrwK.exe

C:\Windows\System\uOSYrwK.exe

C:\Windows\System\xngtUEy.exe

C:\Windows\System\xngtUEy.exe

C:\Windows\System\QTNQcYh.exe

C:\Windows\System\QTNQcYh.exe

C:\Windows\System\giSpycd.exe

C:\Windows\System\giSpycd.exe

C:\Windows\System\uKmxmDi.exe

C:\Windows\System\uKmxmDi.exe

C:\Windows\System\RdElwAw.exe

C:\Windows\System\RdElwAw.exe

C:\Windows\System\ZEGFOmu.exe

C:\Windows\System\ZEGFOmu.exe

C:\Windows\System\vvZyejp.exe

C:\Windows\System\vvZyejp.exe

C:\Windows\System\mLTsEUT.exe

C:\Windows\System\mLTsEUT.exe

C:\Windows\System\hxOojQm.exe

C:\Windows\System\hxOojQm.exe

C:\Windows\System\FHTHfiP.exe

C:\Windows\System\FHTHfiP.exe

C:\Windows\System\xIYRYiV.exe

C:\Windows\System\xIYRYiV.exe

C:\Windows\System\AYSPXPp.exe

C:\Windows\System\AYSPXPp.exe

C:\Windows\System\qSzMdGV.exe

C:\Windows\System\qSzMdGV.exe

C:\Windows\System\jvRPYkg.exe

C:\Windows\System\jvRPYkg.exe

C:\Windows\System\Odmtuhu.exe

C:\Windows\System\Odmtuhu.exe

C:\Windows\System\UFZczPi.exe

C:\Windows\System\UFZczPi.exe

C:\Windows\System\MIODYFr.exe

C:\Windows\System\MIODYFr.exe

C:\Windows\System\YjLkhaf.exe

C:\Windows\System\YjLkhaf.exe

C:\Windows\System\riKmTVA.exe

C:\Windows\System\riKmTVA.exe

C:\Windows\System\YgzafmB.exe

C:\Windows\System\YgzafmB.exe

C:\Windows\System\StmNwNO.exe

C:\Windows\System\StmNwNO.exe

C:\Windows\System\xdEJhyi.exe

C:\Windows\System\xdEJhyi.exe

C:\Windows\System\BKLvdCN.exe

C:\Windows\System\BKLvdCN.exe

C:\Windows\System\xWBySHh.exe

C:\Windows\System\xWBySHh.exe

C:\Windows\System\ggEZsDi.exe

C:\Windows\System\ggEZsDi.exe

C:\Windows\System\eOENJhN.exe

C:\Windows\System\eOENJhN.exe

C:\Windows\System\ZzRFkaH.exe

C:\Windows\System\ZzRFkaH.exe

C:\Windows\System\FFWtmYM.exe

C:\Windows\System\FFWtmYM.exe

C:\Windows\System\PBiODbL.exe

C:\Windows\System\PBiODbL.exe

C:\Windows\System\jgUayMV.exe

C:\Windows\System\jgUayMV.exe

C:\Windows\System\OmrJYCI.exe

C:\Windows\System\OmrJYCI.exe

C:\Windows\System\xewaQth.exe

C:\Windows\System\xewaQth.exe

C:\Windows\System\ofSkwWL.exe

C:\Windows\System\ofSkwWL.exe

C:\Windows\System\GvSNGme.exe

C:\Windows\System\GvSNGme.exe

C:\Windows\System\wmqaNWX.exe

C:\Windows\System\wmqaNWX.exe

C:\Windows\System\uyhsUYh.exe

C:\Windows\System\uyhsUYh.exe

C:\Windows\System\tCKCvRQ.exe

C:\Windows\System\tCKCvRQ.exe

C:\Windows\System\pAEONJh.exe

C:\Windows\System\pAEONJh.exe

C:\Windows\System\MvAyhkJ.exe

C:\Windows\System\MvAyhkJ.exe

C:\Windows\System\PHpHgTg.exe

C:\Windows\System\PHpHgTg.exe

C:\Windows\System\QHsLQKX.exe

C:\Windows\System\QHsLQKX.exe

C:\Windows\System\GhYomfw.exe

C:\Windows\System\GhYomfw.exe

C:\Windows\System\cVKSays.exe

C:\Windows\System\cVKSays.exe

C:\Windows\System\kCCVjvE.exe

C:\Windows\System\kCCVjvE.exe

C:\Windows\System\bBNNMpo.exe

C:\Windows\System\bBNNMpo.exe

C:\Windows\System\nJoCowX.exe

C:\Windows\System\nJoCowX.exe

C:\Windows\System\JZSolHH.exe

C:\Windows\System\JZSolHH.exe

C:\Windows\System\exEYIIE.exe

C:\Windows\System\exEYIIE.exe

C:\Windows\System\FFoNUFr.exe

C:\Windows\System\FFoNUFr.exe

C:\Windows\System\JqXYbYa.exe

C:\Windows\System\JqXYbYa.exe

C:\Windows\System\rtWPWtP.exe

C:\Windows\System\rtWPWtP.exe

C:\Windows\System\VmcDfCc.exe

C:\Windows\System\VmcDfCc.exe

C:\Windows\System\ygHWYDk.exe

C:\Windows\System\ygHWYDk.exe

C:\Windows\System\zqxVDbx.exe

C:\Windows\System\zqxVDbx.exe

C:\Windows\System\CxGSBvQ.exe

C:\Windows\System\CxGSBvQ.exe

C:\Windows\System\ushhTBG.exe

C:\Windows\System\ushhTBG.exe

C:\Windows\System\txxAVgH.exe

C:\Windows\System\txxAVgH.exe

C:\Windows\System\eUgGwTs.exe

C:\Windows\System\eUgGwTs.exe

C:\Windows\System\iSrbVRM.exe

C:\Windows\System\iSrbVRM.exe

C:\Windows\System\olpCTyW.exe

C:\Windows\System\olpCTyW.exe

C:\Windows\System\KZszEeD.exe

C:\Windows\System\KZszEeD.exe

C:\Windows\System\TglLXJB.exe

C:\Windows\System\TglLXJB.exe

C:\Windows\System\CUzbFDt.exe

C:\Windows\System\CUzbFDt.exe

C:\Windows\System\mLsEWXk.exe

C:\Windows\System\mLsEWXk.exe

C:\Windows\System\KxUPjdO.exe

C:\Windows\System\KxUPjdO.exe

C:\Windows\System\SHsvzqH.exe

C:\Windows\System\SHsvzqH.exe

C:\Windows\System\YUlwJOL.exe

C:\Windows\System\YUlwJOL.exe

C:\Windows\System\ZLYIHzR.exe

C:\Windows\System\ZLYIHzR.exe

C:\Windows\System\QuuDrBo.exe

C:\Windows\System\QuuDrBo.exe

C:\Windows\System\UxVoSFP.exe

C:\Windows\System\UxVoSFP.exe

C:\Windows\System\ZTLejPo.exe

C:\Windows\System\ZTLejPo.exe

C:\Windows\System\UYbUTcz.exe

C:\Windows\System\UYbUTcz.exe

C:\Windows\System\hFbYTxW.exe

C:\Windows\System\hFbYTxW.exe

C:\Windows\System\EbyAgwD.exe

C:\Windows\System\EbyAgwD.exe

C:\Windows\System\PodRCSB.exe

C:\Windows\System\PodRCSB.exe

C:\Windows\System\zmdudix.exe

C:\Windows\System\zmdudix.exe

C:\Windows\System\qMAlSBj.exe

C:\Windows\System\qMAlSBj.exe

C:\Windows\System\OwfLUVs.exe

C:\Windows\System\OwfLUVs.exe

C:\Windows\System\eLMVdMN.exe

C:\Windows\System\eLMVdMN.exe

C:\Windows\System\kLbVxsy.exe

C:\Windows\System\kLbVxsy.exe

C:\Windows\System\LuVBsUc.exe

C:\Windows\System\LuVBsUc.exe

C:\Windows\System\yXziyZT.exe

C:\Windows\System\yXziyZT.exe

C:\Windows\System\IbBPZmG.exe

C:\Windows\System\IbBPZmG.exe

C:\Windows\System\erdkmGt.exe

C:\Windows\System\erdkmGt.exe

C:\Windows\System\WnNjbmq.exe

C:\Windows\System\WnNjbmq.exe

C:\Windows\System\TClkdDN.exe

C:\Windows\System\TClkdDN.exe

C:\Windows\System\lrfwChk.exe

C:\Windows\System\lrfwChk.exe

C:\Windows\System\lCjToio.exe

C:\Windows\System\lCjToio.exe

C:\Windows\System\GUrUpsC.exe

C:\Windows\System\GUrUpsC.exe

C:\Windows\System\ZxKwDff.exe

C:\Windows\System\ZxKwDff.exe

C:\Windows\System\luTEGyn.exe

C:\Windows\System\luTEGyn.exe

C:\Windows\System\MniDfTz.exe

C:\Windows\System\MniDfTz.exe

C:\Windows\System\DUKavxg.exe

C:\Windows\System\DUKavxg.exe

C:\Windows\System\zREFexN.exe

C:\Windows\System\zREFexN.exe

C:\Windows\System\prYwZMM.exe

C:\Windows\System\prYwZMM.exe

C:\Windows\System\OPDauCh.exe

C:\Windows\System\OPDauCh.exe

C:\Windows\System\PryDrXD.exe

C:\Windows\System\PryDrXD.exe

C:\Windows\System\edMJXHw.exe

C:\Windows\System\edMJXHw.exe

C:\Windows\System\rTgigbu.exe

C:\Windows\System\rTgigbu.exe

C:\Windows\System\BmIZPBJ.exe

C:\Windows\System\BmIZPBJ.exe

C:\Windows\System\IPQKgSd.exe

C:\Windows\System\IPQKgSd.exe

C:\Windows\System\zvJScwb.exe

C:\Windows\System\zvJScwb.exe

C:\Windows\System\IQYbhAH.exe

C:\Windows\System\IQYbhAH.exe

C:\Windows\System\FnlBMzI.exe

C:\Windows\System\FnlBMzI.exe

C:\Windows\System\qkuqrUC.exe

C:\Windows\System\qkuqrUC.exe

C:\Windows\System\KxnLoqS.exe

C:\Windows\System\KxnLoqS.exe

C:\Windows\System\XasmCEi.exe

C:\Windows\System\XasmCEi.exe

C:\Windows\System\EqMlpgr.exe

C:\Windows\System\EqMlpgr.exe

C:\Windows\System\VpkWYOl.exe

C:\Windows\System\VpkWYOl.exe

C:\Windows\System\rAkBuvS.exe

C:\Windows\System\rAkBuvS.exe

C:\Windows\System\JLtjOUj.exe

C:\Windows\System\JLtjOUj.exe

C:\Windows\System\PMTkIzz.exe

C:\Windows\System\PMTkIzz.exe

C:\Windows\System\jGrchnF.exe

C:\Windows\System\jGrchnF.exe

C:\Windows\System\hrmaLli.exe

C:\Windows\System\hrmaLli.exe

C:\Windows\System\XAtdsud.exe

C:\Windows\System\XAtdsud.exe

C:\Windows\System\fhGnzae.exe

C:\Windows\System\fhGnzae.exe

C:\Windows\System\uVPeUei.exe

C:\Windows\System\uVPeUei.exe

C:\Windows\System\MGOJXjM.exe

C:\Windows\System\MGOJXjM.exe

C:\Windows\System\UIRgNRL.exe

C:\Windows\System\UIRgNRL.exe

C:\Windows\System\dbeghbS.exe

C:\Windows\System\dbeghbS.exe

C:\Windows\System\gpaikil.exe

C:\Windows\System\gpaikil.exe

C:\Windows\System\dPDrcBg.exe

C:\Windows\System\dPDrcBg.exe

C:\Windows\System\CiDiJbL.exe

C:\Windows\System\CiDiJbL.exe

C:\Windows\System\YakxLkr.exe

C:\Windows\System\YakxLkr.exe

C:\Windows\System\oiELbsP.exe

C:\Windows\System\oiELbsP.exe

C:\Windows\System\YWXoZcI.exe

C:\Windows\System\YWXoZcI.exe

C:\Windows\System\BpdkHum.exe

C:\Windows\System\BpdkHum.exe

C:\Windows\System\pdpTSGT.exe

C:\Windows\System\pdpTSGT.exe

C:\Windows\System\gUAnmzT.exe

C:\Windows\System\gUAnmzT.exe

C:\Windows\System\IflinKw.exe

C:\Windows\System\IflinKw.exe

C:\Windows\System\qAWOQPb.exe

C:\Windows\System\qAWOQPb.exe

C:\Windows\System\ovrIvBL.exe

C:\Windows\System\ovrIvBL.exe

C:\Windows\System\rOpNNeP.exe

C:\Windows\System\rOpNNeP.exe

C:\Windows\System\RnSZxNl.exe

C:\Windows\System\RnSZxNl.exe

C:\Windows\System\MmrHeZm.exe

C:\Windows\System\MmrHeZm.exe

C:\Windows\System\BffyqEw.exe

C:\Windows\System\BffyqEw.exe

C:\Windows\System\cPHjcZD.exe

C:\Windows\System\cPHjcZD.exe

C:\Windows\System\XbWVPsH.exe

C:\Windows\System\XbWVPsH.exe

C:\Windows\System\gCElcBH.exe

C:\Windows\System\gCElcBH.exe

C:\Windows\System\RZueWiT.exe

C:\Windows\System\RZueWiT.exe

C:\Windows\System\ybBLqso.exe

C:\Windows\System\ybBLqso.exe

C:\Windows\System\OEsaIeV.exe

C:\Windows\System\OEsaIeV.exe

C:\Windows\System\OdAqHFi.exe

C:\Windows\System\OdAqHFi.exe

C:\Windows\System\qXkoCNv.exe

C:\Windows\System\qXkoCNv.exe

C:\Windows\System\wBDRhKO.exe

C:\Windows\System\wBDRhKO.exe

C:\Windows\System\DzgVFNH.exe

C:\Windows\System\DzgVFNH.exe

C:\Windows\System\zFbejGt.exe

C:\Windows\System\zFbejGt.exe

C:\Windows\System\UefSrHd.exe

C:\Windows\System\UefSrHd.exe

C:\Windows\System\yEBdUiw.exe

C:\Windows\System\yEBdUiw.exe

C:\Windows\System\HANdKTU.exe

C:\Windows\System\HANdKTU.exe

C:\Windows\System\yYpRRhP.exe

C:\Windows\System\yYpRRhP.exe

C:\Windows\System\eDjIqIg.exe

C:\Windows\System\eDjIqIg.exe

C:\Windows\System\PtJlOfn.exe

C:\Windows\System\PtJlOfn.exe

C:\Windows\System\rXWwgSF.exe

C:\Windows\System\rXWwgSF.exe

C:\Windows\System\DbVuhKB.exe

C:\Windows\System\DbVuhKB.exe

C:\Windows\System\qRLuOLE.exe

C:\Windows\System\qRLuOLE.exe

C:\Windows\System\bWArFls.exe

C:\Windows\System\bWArFls.exe

C:\Windows\System\RwuuHaX.exe

C:\Windows\System\RwuuHaX.exe

C:\Windows\System\dnHHoNz.exe

C:\Windows\System\dnHHoNz.exe

C:\Windows\System\aOeIPOz.exe

C:\Windows\System\aOeIPOz.exe

C:\Windows\System\BNVcmIp.exe

C:\Windows\System\BNVcmIp.exe

C:\Windows\System\OynIrBc.exe

C:\Windows\System\OynIrBc.exe

C:\Windows\System\JZJKnJj.exe

C:\Windows\System\JZJKnJj.exe

C:\Windows\System\gGYzUYV.exe

C:\Windows\System\gGYzUYV.exe

C:\Windows\System\ssfuKVS.exe

C:\Windows\System\ssfuKVS.exe

C:\Windows\System\rYOpAXx.exe

C:\Windows\System\rYOpAXx.exe

C:\Windows\System\RtuAaNZ.exe

C:\Windows\System\RtuAaNZ.exe

C:\Windows\System\tAIBbOh.exe

C:\Windows\System\tAIBbOh.exe

C:\Windows\System\WCvQWOJ.exe

C:\Windows\System\WCvQWOJ.exe

C:\Windows\System\hxEqsfD.exe

C:\Windows\System\hxEqsfD.exe

C:\Windows\System\ooxFeSe.exe

C:\Windows\System\ooxFeSe.exe

C:\Windows\System\JuvBwTV.exe

C:\Windows\System\JuvBwTV.exe

C:\Windows\System\kpwMDAC.exe

C:\Windows\System\kpwMDAC.exe

C:\Windows\System\IgGGoaJ.exe

C:\Windows\System\IgGGoaJ.exe

C:\Windows\System\ahtqNZS.exe

C:\Windows\System\ahtqNZS.exe

C:\Windows\System\yUduAGL.exe

C:\Windows\System\yUduAGL.exe

C:\Windows\System\DMsVlpY.exe

C:\Windows\System\DMsVlpY.exe

C:\Windows\System\tVZddgp.exe

C:\Windows\System\tVZddgp.exe

C:\Windows\System\ERDemmJ.exe

C:\Windows\System\ERDemmJ.exe

C:\Windows\System\BoljOFz.exe

C:\Windows\System\BoljOFz.exe

C:\Windows\System\vTjzWKy.exe

C:\Windows\System\vTjzWKy.exe

C:\Windows\System\bTyXAbE.exe

C:\Windows\System\bTyXAbE.exe

C:\Windows\System\fbRiDRK.exe

C:\Windows\System\fbRiDRK.exe

C:\Windows\System\tWWqICi.exe

C:\Windows\System\tWWqICi.exe

C:\Windows\System\GXZOrcB.exe

C:\Windows\System\GXZOrcB.exe

C:\Windows\System\vqThlGu.exe

C:\Windows\System\vqThlGu.exe

C:\Windows\System\NMmfNhT.exe

C:\Windows\System\NMmfNhT.exe

C:\Windows\System\FWvMZQY.exe

C:\Windows\System\FWvMZQY.exe

C:\Windows\System\KisoorH.exe

C:\Windows\System\KisoorH.exe

C:\Windows\System\nlLhfTc.exe

C:\Windows\System\nlLhfTc.exe

C:\Windows\System\AFwpIor.exe

C:\Windows\System\AFwpIor.exe

C:\Windows\System\xBJkGYn.exe

C:\Windows\System\xBJkGYn.exe

C:\Windows\System\NUuudbV.exe

C:\Windows\System\NUuudbV.exe

C:\Windows\System\iebDCPY.exe

C:\Windows\System\iebDCPY.exe

C:\Windows\System\PVnuTIc.exe

C:\Windows\System\PVnuTIc.exe

C:\Windows\System\nXDgtVk.exe

C:\Windows\System\nXDgtVk.exe

C:\Windows\System\TbZkEaF.exe

C:\Windows\System\TbZkEaF.exe

C:\Windows\System\BPnRRLo.exe

C:\Windows\System\BPnRRLo.exe

C:\Windows\System\qJrorpk.exe

C:\Windows\System\qJrorpk.exe

C:\Windows\System\pXOwCPW.exe

C:\Windows\System\pXOwCPW.exe

C:\Windows\System\SuacRAN.exe

C:\Windows\System\SuacRAN.exe

C:\Windows\System\TOfLgGt.exe

C:\Windows\System\TOfLgGt.exe

C:\Windows\System\OVDrbpR.exe

C:\Windows\System\OVDrbpR.exe

C:\Windows\System\vHnacwl.exe

C:\Windows\System\vHnacwl.exe

C:\Windows\System\WtUJcao.exe

C:\Windows\System\WtUJcao.exe

C:\Windows\System\RRMnVKH.exe

C:\Windows\System\RRMnVKH.exe

C:\Windows\System\PaMMrEm.exe

C:\Windows\System\PaMMrEm.exe

C:\Windows\System\aUESUCS.exe

C:\Windows\System\aUESUCS.exe

C:\Windows\System\XukslAe.exe

C:\Windows\System\XukslAe.exe

C:\Windows\System\OeiQnKl.exe

C:\Windows\System\OeiQnKl.exe

C:\Windows\System\MUNIxel.exe

C:\Windows\System\MUNIxel.exe

C:\Windows\System\ypTojSs.exe

C:\Windows\System\ypTojSs.exe

C:\Windows\System\XhScHye.exe

C:\Windows\System\XhScHye.exe

C:\Windows\System\IBswKql.exe

C:\Windows\System\IBswKql.exe

C:\Windows\System\iBEYzLt.exe

C:\Windows\System\iBEYzLt.exe

C:\Windows\System\meibhfJ.exe

C:\Windows\System\meibhfJ.exe

C:\Windows\System\CHuJvbK.exe

C:\Windows\System\CHuJvbK.exe

C:\Windows\System\dOmYrnx.exe

C:\Windows\System\dOmYrnx.exe

C:\Windows\System\XWNXzJX.exe

C:\Windows\System\XWNXzJX.exe

C:\Windows\System\NrJeTOk.exe

C:\Windows\System\NrJeTOk.exe

C:\Windows\System\MMjYZfH.exe

C:\Windows\System\MMjYZfH.exe

C:\Windows\System\uJcCPaJ.exe

C:\Windows\System\uJcCPaJ.exe

C:\Windows\System\oUSieDm.exe

C:\Windows\System\oUSieDm.exe

C:\Windows\System\HbvMRLV.exe

C:\Windows\System\HbvMRLV.exe

C:\Windows\System\gFLdepb.exe

C:\Windows\System\gFLdepb.exe

C:\Windows\System\KTwpFNH.exe

C:\Windows\System\KTwpFNH.exe

C:\Windows\System\oWxbOac.exe

C:\Windows\System\oWxbOac.exe

C:\Windows\System\olNuPkE.exe

C:\Windows\System\olNuPkE.exe

C:\Windows\System\fwckvhp.exe

C:\Windows\System\fwckvhp.exe

C:\Windows\System\OyumseF.exe

C:\Windows\System\OyumseF.exe

C:\Windows\System\hNFByzm.exe

C:\Windows\System\hNFByzm.exe

C:\Windows\System\frDDnFY.exe

C:\Windows\System\frDDnFY.exe

C:\Windows\System\wmQUNzW.exe

C:\Windows\System\wmQUNzW.exe

C:\Windows\System\ooqzntD.exe

C:\Windows\System\ooqzntD.exe

C:\Windows\System\MYiODbj.exe

C:\Windows\System\MYiODbj.exe

C:\Windows\System\FGTVSwv.exe

C:\Windows\System\FGTVSwv.exe

C:\Windows\System\SVFncoW.exe

C:\Windows\System\SVFncoW.exe

C:\Windows\System\cGEzeMK.exe

C:\Windows\System\cGEzeMK.exe

C:\Windows\System\KqFuqdM.exe

C:\Windows\System\KqFuqdM.exe

C:\Windows\System\jmDPzAc.exe

C:\Windows\System\jmDPzAc.exe

C:\Windows\System\JcVpJqw.exe

C:\Windows\System\JcVpJqw.exe

C:\Windows\System\NueZycH.exe

C:\Windows\System\NueZycH.exe

C:\Windows\System\wjgqVie.exe

C:\Windows\System\wjgqVie.exe

C:\Windows\System\IiJsCAv.exe

C:\Windows\System\IiJsCAv.exe

C:\Windows\System\jcNsbIq.exe

C:\Windows\System\jcNsbIq.exe

C:\Windows\System\saZgVex.exe

C:\Windows\System\saZgVex.exe

C:\Windows\System\RieMYtv.exe

C:\Windows\System\RieMYtv.exe

C:\Windows\System\AYRCWHE.exe

C:\Windows\System\AYRCWHE.exe

C:\Windows\System\ayzxORq.exe

C:\Windows\System\ayzxORq.exe

C:\Windows\System\FcEQNTc.exe

C:\Windows\System\FcEQNTc.exe

C:\Windows\System\qUMXamI.exe

C:\Windows\System\qUMXamI.exe

C:\Windows\System\SWUwJZM.exe

C:\Windows\System\SWUwJZM.exe

C:\Windows\System\YxqGvvd.exe

C:\Windows\System\YxqGvvd.exe

C:\Windows\System\kLOEuxJ.exe

C:\Windows\System\kLOEuxJ.exe

C:\Windows\System\MeYLevn.exe

C:\Windows\System\MeYLevn.exe

C:\Windows\System\wmwkimR.exe

C:\Windows\System\wmwkimR.exe

C:\Windows\System\PXAUsYs.exe

C:\Windows\System\PXAUsYs.exe

C:\Windows\System\AdCUbWH.exe

C:\Windows\System\AdCUbWH.exe

C:\Windows\System\FoLZWFS.exe

C:\Windows\System\FoLZWFS.exe

C:\Windows\System\euFlxeU.exe

C:\Windows\System\euFlxeU.exe

C:\Windows\System\aWlwCrC.exe

C:\Windows\System\aWlwCrC.exe

C:\Windows\System\uIasAqx.exe

C:\Windows\System\uIasAqx.exe

C:\Windows\System\NfFKaDw.exe

C:\Windows\System\NfFKaDw.exe

C:\Windows\System\uBAgtKJ.exe

C:\Windows\System\uBAgtKJ.exe

C:\Windows\System\dnJwefw.exe

C:\Windows\System\dnJwefw.exe

C:\Windows\System\iFlqgVX.exe

C:\Windows\System\iFlqgVX.exe

C:\Windows\System\yuhcdMg.exe

C:\Windows\System\yuhcdMg.exe

C:\Windows\System\CwSjNAS.exe

C:\Windows\System\CwSjNAS.exe

C:\Windows\System\qCEwfRg.exe

C:\Windows\System\qCEwfRg.exe

C:\Windows\System\qEPupbS.exe

C:\Windows\System\qEPupbS.exe

C:\Windows\System\jXFSBYW.exe

C:\Windows\System\jXFSBYW.exe

C:\Windows\System\QDenyOV.exe

C:\Windows\System\QDenyOV.exe

C:\Windows\System\VNExdde.exe

C:\Windows\System\VNExdde.exe

C:\Windows\System\QlVYyZX.exe

C:\Windows\System\QlVYyZX.exe

C:\Windows\System\HytlwOy.exe

C:\Windows\System\HytlwOy.exe

C:\Windows\System\VPgIJbe.exe

C:\Windows\System\VPgIJbe.exe

C:\Windows\System\EqwABJw.exe

C:\Windows\System\EqwABJw.exe

C:\Windows\System\AaDzLuO.exe

C:\Windows\System\AaDzLuO.exe

C:\Windows\System\nZwTOjL.exe

C:\Windows\System\nZwTOjL.exe

C:\Windows\System\zSRgDUQ.exe

C:\Windows\System\zSRgDUQ.exe

C:\Windows\System\qPCbkmR.exe

C:\Windows\System\qPCbkmR.exe

C:\Windows\System\kYjJsaQ.exe

C:\Windows\System\kYjJsaQ.exe

C:\Windows\System\VSROmcP.exe

C:\Windows\System\VSROmcP.exe

C:\Windows\System\DlsmWic.exe

C:\Windows\System\DlsmWic.exe

C:\Windows\System\QhjyvXp.exe

C:\Windows\System\QhjyvXp.exe

C:\Windows\System\AbFAIKc.exe

C:\Windows\System\AbFAIKc.exe

C:\Windows\System\zLnPxHT.exe

C:\Windows\System\zLnPxHT.exe

C:\Windows\System\rlsfDrR.exe

C:\Windows\System\rlsfDrR.exe

C:\Windows\System\mCcgpNv.exe

C:\Windows\System\mCcgpNv.exe

C:\Windows\System\fQpqFHi.exe

C:\Windows\System\fQpqFHi.exe

C:\Windows\System\ePUolSX.exe

C:\Windows\System\ePUolSX.exe

C:\Windows\System\zNLKYeh.exe

C:\Windows\System\zNLKYeh.exe

C:\Windows\System\XzZxmbo.exe

C:\Windows\System\XzZxmbo.exe

C:\Windows\System\GvKqTUW.exe

C:\Windows\System\GvKqTUW.exe

C:\Windows\System\mBdLNDW.exe

C:\Windows\System\mBdLNDW.exe

C:\Windows\System\MAwtqoQ.exe

C:\Windows\System\MAwtqoQ.exe

C:\Windows\System\gIoHUUD.exe

C:\Windows\System\gIoHUUD.exe

C:\Windows\System\IDNobly.exe

C:\Windows\System\IDNobly.exe

C:\Windows\System\OKxyHwh.exe

C:\Windows\System\OKxyHwh.exe

C:\Windows\System\KNRjWGv.exe

C:\Windows\System\KNRjWGv.exe

C:\Windows\System\IgwaLGV.exe

C:\Windows\System\IgwaLGV.exe

C:\Windows\System\yKxiVSI.exe

C:\Windows\System\yKxiVSI.exe

C:\Windows\System\DPzHNGl.exe

C:\Windows\System\DPzHNGl.exe

C:\Windows\System\CenvPii.exe

C:\Windows\System\CenvPii.exe

C:\Windows\System\KVhwWPp.exe

C:\Windows\System\KVhwWPp.exe

C:\Windows\System\KyvFoqV.exe

C:\Windows\System\KyvFoqV.exe

C:\Windows\System\nXsQvOM.exe

C:\Windows\System\nXsQvOM.exe

C:\Windows\System\OYmmtGL.exe

C:\Windows\System\OYmmtGL.exe

C:\Windows\System\EwQqtPY.exe

C:\Windows\System\EwQqtPY.exe

C:\Windows\System\nqDMtpE.exe

C:\Windows\System\nqDMtpE.exe

C:\Windows\System\YQYUPwE.exe

C:\Windows\System\YQYUPwE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

memory/4764-0-0x00007FF7B9C70000-0x00007FF7B9FC4000-memory.dmp

memory/4764-1-0x000002A1CA710000-0x000002A1CA720000-memory.dmp

C:\Windows\System\JfPYNAt.exe

MD5 818b6b335fe6b6a161e05b2ba8ab78fd
SHA1 005f82d429814f364ccd134a364c8d96dee61cb7
SHA256 f9eb60324e801fa5afd3fe035997af2fe573f8a2cc687a52bff7cc638b4eb2d9
SHA512 bafa6e3eab746d7084e19c1ef3b216aca7a5f9be63444c02b89e314095fd4a9cad82d2b7bd72c29069282d586a707feddcf8bc80f2719e06b0667a385a24b37a

memory/2780-8-0x00007FF6F4880000-0x00007FF6F4BD4000-memory.dmp

C:\Windows\System\nmbsJDx.exe

MD5 eadeae06697ec1ecd4d43cf0ce0e8c60
SHA1 939b0257dc9b02e41dd67534b2e13e69833da99d
SHA256 655a1ac2036f6da26d07bc1d04334c80ba0db7fa60025e964370a0e59bc9735a
SHA512 228ae616c1729c2284db328ab31d56f7a30ae138602441da58fe1361793134a5c8fa7fe8abaa87eb96083870e0ca7673b45a92b4061ef3f9998289bdf10e39ce

C:\Windows\System\mGlWuLe.exe

MD5 a42e26c2afac2353f755e287186e9549
SHA1 158e2cce437d311f13f655850b1fe7ed33adf81b
SHA256 61adda6938b8c5308d51e115ad10a5871d9606984cec210ed7cfda324ffdb2c5
SHA512 d7235adceba683d248d622070999a15ee21b4a09f9705433140efcd86e8f47be7ab85fad985d6e121dff1d446df9564fc8a7d24b61362c338827c75868b9258a

memory/4664-14-0x00007FF63F3D0000-0x00007FF63F724000-memory.dmp

C:\Windows\System\FYoMPWA.exe

MD5 4370ad30db8baf806c0ec16a0b4b03b4
SHA1 640f522e279dacaa958d48059eb50491baaf801f
SHA256 a0ab69cf8d8cc50ad604620a4e6064d0cc700b43a08587bc88be776341975d90
SHA512 792fc92bb4059b26abd7fd81c7113f952adfb53f904bd36cc47a970bf087e534ada50d48abd75fd2bb182860e5ea1c1f15372b880e1fea549cc3eb3cdef890a8

C:\Windows\System\jeIhbDP.exe

MD5 c4add3fe29c7895222c1b06fe9ed610a
SHA1 53ee49ccc9f5737484fb6f4396c798b29a9314ad
SHA256 63e852fe23434941dd6e0b2e4c7d23b39ffdeb3d12993c329bf16dfb1267d697
SHA512 bae24c28b00eac924fe3c0cb04aeb0999e7816809fb5adbd42f675f294f8af8a4216c9329ff5699dabcc74920cd4eae4b06d0cead64102e94f86bc2a130fc6f8

C:\Windows\System\WQvVxeY.exe

MD5 da7326c2997699a51525dec1494c5ca3
SHA1 030204565129b0714b397aa06d22b25cc8ee6e12
SHA256 49e01e6d32860c85e8b253eb1f0f38636f14ed000c8ec3d68f450ca28c9c3105
SHA512 eeaee9070424d43da375097b685e2e76d0377ece6290101cf6a48b1171f8b11d2bddd31612f03898032eb84e6852191dcfd48cf4f43ee6c583520fdb75663481

C:\Windows\System\AqMsKKp.exe

MD5 84e406be4c7f5fff7848a4ee2338dd9c
SHA1 0fb34e6d1c95091afefdf863b00d1404a796132b
SHA256 1e7ec859e797e23accc276480cde1214a9a3405d83a306716a065aa43176a96e
SHA512 b2917156548b86a263616f1123d17035774c4e6114875ef9c3234ce37f896ae018d4b421823176d94119fc2fa1443f7a9b4fc2abf315ef1ab968079b2aa59e49

C:\Windows\System\chOpaiP.exe

MD5 6a7cb0426de4645542452177c78391ac
SHA1 48b6d99618d5f52946750aeaa6fb4f6a65c04ee4
SHA256 e7343f3a11c342279ef891205e1a06c128f53e8ddb78fc063c79e47006d92eaa
SHA512 39d2bc45894968e30857115228624ce4a168570a4fd6f93d982f7b4c8218ef284cf53136f04ce0ba9ecb8a910fe021f5068edc8a7b0a99212ebfa18799cd53d2

C:\Windows\System\QPjEtGA.exe

MD5 f7a37e0b3e8b56d2f11ff1722773427d
SHA1 d4cc15b05b5693e2cc356a43f7179103949feb44
SHA256 4b83956527488ec1e8b39a8d9bb629c802ef3a951e4655833ad94e9a8b80a027
SHA512 f36841e302ae45ac5a874a0a76e73c3d377c19afb2ffde006f53cdc19594078a7d73494ae0d7e37a404513a652a4762aab47bc7969bfbbb9349258c75b8c4b4a

C:\Windows\System\TDaXlZa.exe

MD5 6edb0711d9a4d69bafef4c123db9f95c
SHA1 1124af17e797bd83f500d27345aca55c21f0dddb
SHA256 8d852005d9ea61c7c7b7f71384359f7060d13492e58d8af84d7531ac9577fab6
SHA512 eef21d54047006faf1f9b312b14f973a984269661424dd6fb942da00694c179054da5732b73068f7140ade8e561ac949755fb974c6df6355c0c508c544c4d860

C:\Windows\System\uOSYrwK.exe

MD5 6a931dd25d4910f76d11f33596ae8bad
SHA1 a7622faba3770882d60925a113b1f26c3c562721
SHA256 e3e59afd4b2550e66a1281a578eb8e2f670cfcc479968c7530c8b94e94124530
SHA512 f6233273409fcd54fa8da57c993c8dba078ae1a63746a3ace63d49de434e49432769201fdc9c8cfaf54fc3556eb87ac67d9d50d8281bf1b712fdf56a5ed6874b

C:\Windows\System\QTNQcYh.exe

MD5 80b08fc97048ca23f23cbec02ee2faee
SHA1 87b0089dd2e2abcaa0ed28d40c78a4ea39133796
SHA256 4f0d880b0ffa12b387c4189217b137600b89c8da0f201f94cfdf3f98f75113c6
SHA512 97a1a98b963ca319069e6388b3ee31bad7abc318721d329c10131d7fcf73bf973b2e6d882fb329af1df5e8fba54a970a46c5d18b8a81e2d5543fa8fa037b3713

C:\Windows\System\giSpycd.exe

MD5 5cba8a53f20fdb5149520a72f2e4f21e
SHA1 5a1a2dd38b6760dc602d0b57a0941e9bc29438f4
SHA256 e7d787f6aa57828783b255868cd345519768ec1b8e99e761e8a722c33cfa7a62
SHA512 044f9c14b203a78cb22598f2326852849b3bab7ff1920d0dcaa32249144fcd9bf96d9fa74d830b4ee0935538eb0f02c6eaa7056bbb94bb87e2ab32852084169b

C:\Windows\System\uKmxmDi.exe

MD5 0ec288112553b5ce5e4e0dbf79d05a24
SHA1 740c4d1f640abc0ce5a5725c40492f0c87b3bc73
SHA256 717ac30940bfdd235d4b9a78a64f7b340c5c77467ff551f99e5d2af947d955aa
SHA512 83f24e7879d9f51885592dac257af067946c02c39d126cf7e89e23bf1d3a2942dcc21735f3ba364aea78a435ff83a80de29ff7687ca694b11bc7e53feee87268

C:\Windows\System\RdElwAw.exe

MD5 3b1cbad4ba6028accae680198edfc371
SHA1 7352c183de4c9b63dbb1de5674a6b4bf8f236cd1
SHA256 8a4d57babf0dc4484d98bc67d11d2157bbc3d25b71eae46daaed1c97cf6fe6bf
SHA512 945226df80613810b7045502360d0b22f82c83fbbfbdc57af8c43ba4d7975e16d04abe5404d6d1523da67c7535538d6b570ac4fff0e3599d319e95959d36cc4d

C:\Windows\System\ZEGFOmu.exe

MD5 1dfb493ef5ab6648c9ab825b7069ef33
SHA1 14441d003dbde506bf9b08198f27e77fe6575f54
SHA256 dbc7346b7d4b61cd625b8ce15787dfa2fad850bf80f21da27486070390225499
SHA512 06e8ff41d95d8b816a91f4b78fbe48b13fd62f99f8fa374dbecb2b4aaf117753a96091d7da38af26770a550bcf83434ada361698543df5c477e5e8dfa9698456

C:\Windows\System\mLTsEUT.exe

MD5 c7df7ba02b94be331b9546265fef1008
SHA1 2718f3b78620233c3723f0bff6f8c7c62d6ae0a3
SHA256 9f90eb63e09304aafa9b70a9efd1df6cf03b80f27e232ddd4058e424718408e4
SHA512 8b4bee7d67892c24a5a0f2e8fddc3bd857d8578e2bd068d4f6ba42781baa24175aa7b4f059d1e74277689ec3f271321432d78d1f2c28d3f653df127ed63738a9

C:\Windows\System\hxOojQm.exe

MD5 af3d07733a9cd138bccb0e8982e751e2
SHA1 7f431f9b299f0a3cb3f80272bcbc4182b9f61bd8
SHA256 8d4c643bd3c95161068fa8ddcff1ce541dd7bdd295bb2627a13a17362c2d856d
SHA512 affff99f58fe46e06261b536c89d759ad2c53a25d30ecbbcf6ad3820001e856c50fab10f7eec3c694f30c55fd5cde3449d7ac08e71845989a5d55f9af326e361

C:\Windows\System\xIYRYiV.exe

MD5 eb058288ef1a67fc4e259005cae233b3
SHA1 3ccab0fd705e094790ea53b267d6d3229f8d9a44
SHA256 4faf7a7b83385065feff7e4a4f8ed6b077b8b8146ad69ea6b7fbf69f65c8ffec
SHA512 860c76a3a13846cfe008c865d91b19f389147e465cc82ebe19b27db1b6dff80456800249e61e03587eaab21101c161fbf21f5ffdbabf65dd17ebb3e3500d97b0

C:\Windows\System\Odmtuhu.exe

MD5 e1745e34862fdd88c1bd702c590d7a91
SHA1 ab5e59929281a484f01371e04635362d8f9bdd0a
SHA256 6f14a39a9a8868ffde14eb34d7e57b167e1a721b43b9f9cc0742a46818d3d451
SHA512 923e6f158b341fc1672062fc4f818535aca8ef2ffce834fbf81f164818dadc744598ab002295d49d1a7a5bbd922a7162ab3a27346641cf2929ee3f745bf0ce26

memory/5000-222-0x00007FF61FA50000-0x00007FF61FDA4000-memory.dmp

memory/3796-228-0x00007FF767D10000-0x00007FF768064000-memory.dmp

memory/4412-234-0x00007FF74B5E0000-0x00007FF74B934000-memory.dmp

memory/2384-236-0x00007FF73D6E0000-0x00007FF73DA34000-memory.dmp

memory/1776-243-0x00007FF6B8700000-0x00007FF6B8A54000-memory.dmp

memory/1944-250-0x00007FF6AB980000-0x00007FF6ABCD4000-memory.dmp

memory/3044-254-0x00007FF61E600000-0x00007FF61E954000-memory.dmp

memory/1880-258-0x00007FF7D58F0000-0x00007FF7D5C44000-memory.dmp

memory/260-263-0x00007FF77A830000-0x00007FF77AB84000-memory.dmp

memory/4924-262-0x00007FF757B80000-0x00007FF757ED4000-memory.dmp

memory/884-261-0x00007FF649350000-0x00007FF6496A4000-memory.dmp

memory/1104-260-0x00007FF7C0150000-0x00007FF7C04A4000-memory.dmp

memory/4668-259-0x00007FF6BC8C0000-0x00007FF6BCC14000-memory.dmp

memory/3568-257-0x00007FF699490000-0x00007FF6997E4000-memory.dmp

memory/2908-256-0x00007FF7A96E0000-0x00007FF7A9A34000-memory.dmp

memory/1392-255-0x00007FF68FB60000-0x00007FF68FEB4000-memory.dmp

memory/1924-253-0x00007FF657C50000-0x00007FF657FA4000-memory.dmp

memory/2284-251-0x00007FF62B3E0000-0x00007FF62B734000-memory.dmp

memory/4952-248-0x00007FF7EA1E0000-0x00007FF7EA534000-memory.dmp

memory/3180-247-0x00007FF7511B0000-0x00007FF751504000-memory.dmp

memory/5072-235-0x00007FF7864D0000-0x00007FF786824000-memory.dmp

memory/2612-231-0x00007FF6C3040000-0x00007FF6C3394000-memory.dmp

memory/3564-229-0x00007FF73C3C0000-0x00007FF73C714000-memory.dmp

memory/3328-227-0x00007FF6D6CA0000-0x00007FF6D6FF4000-memory.dmp

memory/4580-226-0x00007FF7BC690000-0x00007FF7BC9E4000-memory.dmp

memory/3996-221-0x00007FF776460000-0x00007FF7767B4000-memory.dmp

memory/4188-217-0x00007FF731BE0000-0x00007FF731F34000-memory.dmp

C:\Windows\System\MIODYFr.exe

MD5 3b840b556d74d01d92c716d5a04a2e46
SHA1 f769b7cfec10d1845394aa8ae1dcf5c1003604f0
SHA256 cfb5449c5d5eafc0f100af2545a1174dcfed849dc955990caafacd11ec4276da
SHA512 821bd28bbf1aaca3cc7eaa1ebb93c80250c02a3e977c2940d3ea41a089230a2af79043796d5922a9a31a6ba3b3586a7d286573d1e27256554a03f27377467bed

C:\Windows\System\riKmTVA.exe

MD5 cb1c958f1b15ca6b21b88be250bd84de
SHA1 c2921dd71415e8e448731a02d41c2688d9f108c6
SHA256 6c430feb43baf65b184b30d7b2fbea49cf621fc943bfa099df8be49c317cbdb7
SHA512 fc5f96b31ce4c433d9d3f6b23ba68d7b04888e524bce07f3d08fcd5beb06035110314ee2572af68cfacaca02bfb9461c497de0cb5317ce99a466f7ec673e75fa

C:\Windows\System\YjLkhaf.exe

MD5 e8b42e0b388020f6a66c78f8e2c4d420
SHA1 ab6a6aa62bdf5c1f1c4092902610fa6d92a6a4cc
SHA256 8b6a0fc22306e2313e94457ae0f5bf9f5cac8bfe58cea68909b0ad18e599b3b9
SHA512 ab580f779373b79649ce88d8187daf6aa098fae79a657940e8322ea149321adb2e3ad1b22f80aa19fce04dbbad84f16999dd2f24daf169f6f22623459085fb79

C:\Windows\System\UFZczPi.exe

MD5 bfa6770655c3e6e1fbfb75659aac9e9e
SHA1 467d87117994cab6629921bd2c88c8d9cd7f8ecc
SHA256 1d8ecf76f941882bc4e5dd46bd0cb777746b22dd9f5b30d63cb7649a6cd60d40
SHA512 3c17826ca83e63382d2f0756299dfb3ffeedaa477b0f7f37c56fe694613d866f8edb1cbf7131c70e768726eb3b8cc29a44514ffc12290c52e79c8bdf17d4b13f

C:\Windows\System\jvRPYkg.exe

MD5 4d634ae80da0cb0ec006119ca7a13af7
SHA1 0e09b6de876509c05d099f0a7c4995af4f36217c
SHA256 914ecf8c4613f9434a1638e12c9c9de3b27ab0a09bc6b2813366d4b18f0b1b7e
SHA512 4ee6d495856078f58e71fad168ad470a812be11d40f11ac4caf23db70542efc1bb94e497102abfbc823cd3ea0b7f278d7d0e5bd7f991d35c91e21f11e13deb27

C:\Windows\System\qSzMdGV.exe

MD5 f478e0c05acc88eb1b86f07ee04e059d
SHA1 5f28e16ee1207bfea661459b99352b8b32199c1b
SHA256 eb00ead4ed90e2fbfed0645c09d5f896c323e45e7f3aa4688faee4c98067b883
SHA512 19cf689a9b79779d22ac85fd29e42a1435bae909d7fd36e117692103122e7f875fda6c7c2f1691de0b67ad97cea5a74f1e0121fc3f1eb7640b52d7978638a290

C:\Windows\System\AYSPXPp.exe

MD5 256dc266eafd6d0208f287fe090a1d15
SHA1 dfd9c2850e4e6596982bf7e6f826772ca676cc0a
SHA256 d4f0ca81fd7fef7317a0985f2b21526bc261f2cde8b1aace863a3ef869463b3b
SHA512 a7f9fe1f78d34de632d740eaa28bba68aebb31eccb93fbc0f3fd4690984b4abcd9b4bd2273f96546d271aa90dbf5b5d47535a0dd36ae8ccbaa3da6e39782e652

C:\Windows\System\FHTHfiP.exe

MD5 a6a38d84e6b2babf1ca3e82b9b931cba
SHA1 a7553e1fc055a9a3191ad13ea4578d01fac45a9d
SHA256 3587537cd272f63ec99e47889c18cb66c668d591300b3ee6731e4663ac249903
SHA512 8cae36b63a1c6e57dac678605bb19de173ae74c45c6d6b4db584a9f32c07ec0e19223ef857b3086ad3ac8da78e221374e6ec8d4a1a9a6407d30f5bc496be6ac3

C:\Windows\System\vvZyejp.exe

MD5 9285fee9db3646e48d1213591521088c
SHA1 a0bfa53e878f0c4e936c21784793f2c604d36306
SHA256 d56b302cd9e2651ddeb17a63fcfe6de0c797c8ceb935507a59bba43a2311b1d4
SHA512 259986b28d6446a4cafc4059810ce8de2aca0b7052eec11f6981020f31557909160065e7b3c8f505612ccfd0bc1878d00b518435a91896efcb9d70fc5a9966ec

C:\Windows\System\xngtUEy.exe

MD5 5d933fbd30cf6593d03afd3cf4d8fc7a
SHA1 0e830da7590a030c4f8cf53a2b2e3fe4bdea2dcc
SHA256 bfe5913ce5b75d4a4630635e510df455f7389f35bd5072d0ad52a93a7e1bcc79
SHA512 2eadfbba0d0a891f2a387b68a6eea5bfe20b59103024f6a828faecafbcd2cafe5ba89addeebfa801ada6219d0993dad7c44c59533084d676ef2f6dbeef252e06

C:\Windows\System\wgGnPOF.exe

MD5 7774424b5303912b24d6bf37098d4259
SHA1 b4f31ca8d806038c0582540fc53517205b427c33
SHA256 332c8d0d7ed5e69ef47702e779e323f5c3d50112601e8056410e64bc307f168f
SHA512 07745e5863dc568459fd9a651e410b979474ccbde76faa80a610a499bdc65eb4b6d641cef51e83a58e4a2761381f45d51158ca37dcb29438c146de640c3c1e41

C:\Windows\System\wxAUxar.exe

MD5 6524afe3332703e2ba306efaf6b9d783
SHA1 01f75a02da199efecd9d058014ae457df42f6583
SHA256 8f9b6c4173255452737d2ed9a093173d3d24c8647a5a39b510d96a5730eca2b6
SHA512 b25ca6e3dffa3640b4b61cc9d01ea269be7062f707350e45626e02b0f795e0794fd674b3e86dee3e730ee82c7106ac4f1aa54fc5018283eb1b28d8759a5de017

C:\Windows\System\vcKHFDz.exe

MD5 a4106ff5b9ff8f8579a8f953486346d6
SHA1 2937c5ea0cd1e456208406909deab70ef08210d7
SHA256 b7438f2468929cec04a934dfc017394d5172ae0a59a6e70d87a5d604e3f992cc
SHA512 d3f9d4f5886db7da1d50aa9c08fb33eff2369587f5057b8fdd9752f3efaa83e1cd5f9f450a23c6e807962571f2407ba2f42975ed75f4fa6b48cfd56a219a892f

memory/4764-1070-0x00007FF7B9C70000-0x00007FF7B9FC4000-memory.dmp

memory/2780-1071-0x00007FF6F4880000-0x00007FF6F4BD4000-memory.dmp

memory/4664-1072-0x00007FF63F3D0000-0x00007FF63F724000-memory.dmp

memory/2780-1073-0x00007FF6F4880000-0x00007FF6F4BD4000-memory.dmp

memory/4664-1074-0x00007FF63F3D0000-0x00007FF63F724000-memory.dmp

memory/4188-1075-0x00007FF731BE0000-0x00007FF731F34000-memory.dmp

memory/3996-1076-0x00007FF776460000-0x00007FF7767B4000-memory.dmp

memory/5000-1077-0x00007FF61FA50000-0x00007FF61FDA4000-memory.dmp

memory/260-1078-0x00007FF77A830000-0x00007FF77AB84000-memory.dmp

memory/4580-1079-0x00007FF7BC690000-0x00007FF7BC9E4000-memory.dmp

memory/3328-1080-0x00007FF6D6CA0000-0x00007FF6D6FF4000-memory.dmp

memory/3796-1081-0x00007FF767D10000-0x00007FF768064000-memory.dmp

memory/3564-1082-0x00007FF73C3C0000-0x00007FF73C714000-memory.dmp

memory/2612-1083-0x00007FF6C3040000-0x00007FF6C3394000-memory.dmp

memory/4412-1084-0x00007FF74B5E0000-0x00007FF74B934000-memory.dmp

memory/4952-1087-0x00007FF7EA1E0000-0x00007FF7EA534000-memory.dmp

memory/3180-1088-0x00007FF7511B0000-0x00007FF751504000-memory.dmp

memory/5072-1086-0x00007FF7864D0000-0x00007FF786824000-memory.dmp

memory/1776-1085-0x00007FF6B8700000-0x00007FF6B8A54000-memory.dmp

memory/2284-1090-0x00007FF62B3E0000-0x00007FF62B734000-memory.dmp

memory/2384-1089-0x00007FF73D6E0000-0x00007FF73DA34000-memory.dmp

memory/1924-1092-0x00007FF657C50000-0x00007FF657FA4000-memory.dmp

memory/1944-1091-0x00007FF6AB980000-0x00007FF6ABCD4000-memory.dmp

memory/1392-1093-0x00007FF68FB60000-0x00007FF68FEB4000-memory.dmp

memory/4924-1099-0x00007FF757B80000-0x00007FF757ED4000-memory.dmp

memory/1104-1101-0x00007FF7C0150000-0x00007FF7C04A4000-memory.dmp

memory/884-1100-0x00007FF649350000-0x00007FF6496A4000-memory.dmp

memory/3044-1098-0x00007FF61E600000-0x00007FF61E954000-memory.dmp

memory/2908-1097-0x00007FF7A96E0000-0x00007FF7A9A34000-memory.dmp

memory/3568-1096-0x00007FF699490000-0x00007FF6997E4000-memory.dmp

memory/1880-1095-0x00007FF7D58F0000-0x00007FF7D5C44000-memory.dmp

memory/4668-1094-0x00007FF6BC8C0000-0x00007FF6BCC14000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 05:15

Reported

2024-06-04 05:17

Platform

win7-20240221-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\qlacVwv.exe N/A
N/A N/A C:\Windows\System\kcOdwQD.exe N/A
N/A N/A C:\Windows\System\ADGtMsL.exe N/A
N/A N/A C:\Windows\System\gJJltES.exe N/A
N/A N/A C:\Windows\System\jIiMDif.exe N/A
N/A N/A C:\Windows\System\AnUqJsu.exe N/A
N/A N/A C:\Windows\System\sBlzGsC.exe N/A
N/A N/A C:\Windows\System\NarGcpT.exe N/A
N/A N/A C:\Windows\System\risMLbD.exe N/A
N/A N/A C:\Windows\System\FdINDti.exe N/A
N/A N/A C:\Windows\System\KxWSZQk.exe N/A
N/A N/A C:\Windows\System\YWJZtQk.exe N/A
N/A N/A C:\Windows\System\oNSwEkr.exe N/A
N/A N/A C:\Windows\System\oSdwzZM.exe N/A
N/A N/A C:\Windows\System\UajXZlH.exe N/A
N/A N/A C:\Windows\System\GJujVch.exe N/A
N/A N/A C:\Windows\System\sWUWHop.exe N/A
N/A N/A C:\Windows\System\CYRqpSk.exe N/A
N/A N/A C:\Windows\System\mHTNckh.exe N/A
N/A N/A C:\Windows\System\ueLizHZ.exe N/A
N/A N/A C:\Windows\System\eiehAdc.exe N/A
N/A N/A C:\Windows\System\tdYKfol.exe N/A
N/A N/A C:\Windows\System\UbyPzsf.exe N/A
N/A N/A C:\Windows\System\OfcPojX.exe N/A
N/A N/A C:\Windows\System\lwjQeyC.exe N/A
N/A N/A C:\Windows\System\UvQVCIc.exe N/A
N/A N/A C:\Windows\System\DAbYNMg.exe N/A
N/A N/A C:\Windows\System\nzebSHa.exe N/A
N/A N/A C:\Windows\System\sMPoZke.exe N/A
N/A N/A C:\Windows\System\XUtPHbm.exe N/A
N/A N/A C:\Windows\System\grcwfJD.exe N/A
N/A N/A C:\Windows\System\aNLlvhP.exe N/A
N/A N/A C:\Windows\System\sjwfriW.exe N/A
N/A N/A C:\Windows\System\DhXTiVX.exe N/A
N/A N/A C:\Windows\System\oUzFEVH.exe N/A
N/A N/A C:\Windows\System\qUmUXIE.exe N/A
N/A N/A C:\Windows\System\xAUhyLJ.exe N/A
N/A N/A C:\Windows\System\clJvTMx.exe N/A
N/A N/A C:\Windows\System\LrHsCvs.exe N/A
N/A N/A C:\Windows\System\QqCgglC.exe N/A
N/A N/A C:\Windows\System\gBxOdlE.exe N/A
N/A N/A C:\Windows\System\sxLCUfA.exe N/A
N/A N/A C:\Windows\System\XTLayoh.exe N/A
N/A N/A C:\Windows\System\BHQPAZz.exe N/A
N/A N/A C:\Windows\System\uWfJPLU.exe N/A
N/A N/A C:\Windows\System\ryBZkiH.exe N/A
N/A N/A C:\Windows\System\XPHhnlF.exe N/A
N/A N/A C:\Windows\System\nfbZysK.exe N/A
N/A N/A C:\Windows\System\YomwZAz.exe N/A
N/A N/A C:\Windows\System\ubDnXvH.exe N/A
N/A N/A C:\Windows\System\vbTitvd.exe N/A
N/A N/A C:\Windows\System\zeKpPjx.exe N/A
N/A N/A C:\Windows\System\JhOuDnw.exe N/A
N/A N/A C:\Windows\System\bHCyeSd.exe N/A
N/A N/A C:\Windows\System\NTWVhYr.exe N/A
N/A N/A C:\Windows\System\yJZEXgx.exe N/A
N/A N/A C:\Windows\System\GvHdTCb.exe N/A
N/A N/A C:\Windows\System\CeOayDv.exe N/A
N/A N/A C:\Windows\System\TJhuDFu.exe N/A
N/A N/A C:\Windows\System\EMEDQiB.exe N/A
N/A N/A C:\Windows\System\WYubwUC.exe N/A
N/A N/A C:\Windows\System\TPeqyxY.exe N/A
N/A N/A C:\Windows\System\lHEQHAu.exe N/A
N/A N/A C:\Windows\System\fuZXojn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gpiAHPs.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\thlFjOs.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqvoRdV.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxVLExq.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKewkBF.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\risMLbD.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfcPojX.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tugOuBo.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKtylBB.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bitYuCc.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\baKYzib.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAAQNcb.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXFORdD.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzoObpM.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHTNckh.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqCgglC.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qpBgLHA.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubDnXvH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrXeqDq.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHYCvUI.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUmEczC.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGCeVOK.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyqGXQA.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYEFeQS.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\csducSR.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDAMzbG.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDaiLpq.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgsIQUp.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sOcfdTd.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUKruJH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcoiHYN.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPzHKeE.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmYyKpv.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\giWhhQs.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlacVwv.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADGtMsL.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aCkHVyt.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpTbxWp.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUkyndt.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDgNVxC.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhIYTNg.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJujVch.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYubwUC.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbKgwkk.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fFmuUwG.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYRqpSk.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNcJbiT.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsluSsu.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tUlkVUa.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pwzxyos.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlZusIj.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRXgLGJ.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Myyvfry.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PobTqjs.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfnVjFh.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WjvRUdx.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXmkGkI.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJZEXgx.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJhuDFu.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TsLSHfb.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cIXQDGH.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZkheaF.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlpfMQG.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOXcvsZ.exe C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1660 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\qlacVwv.exe
PID 1660 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\qlacVwv.exe
PID 1660 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\qlacVwv.exe
PID 1660 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\kcOdwQD.exe
PID 1660 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\kcOdwQD.exe
PID 1660 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\kcOdwQD.exe
PID 1660 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ADGtMsL.exe
PID 1660 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ADGtMsL.exe
PID 1660 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ADGtMsL.exe
PID 1660 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\gJJltES.exe
PID 1660 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\gJJltES.exe
PID 1660 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\gJJltES.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jIiMDif.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jIiMDif.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\jIiMDif.exe
PID 1660 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AnUqJsu.exe
PID 1660 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AnUqJsu.exe
PID 1660 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\AnUqJsu.exe
PID 1660 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sBlzGsC.exe
PID 1660 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sBlzGsC.exe
PID 1660 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sBlzGsC.exe
PID 1660 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\NarGcpT.exe
PID 1660 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\NarGcpT.exe
PID 1660 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\NarGcpT.exe
PID 1660 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\risMLbD.exe
PID 1660 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\risMLbD.exe
PID 1660 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\risMLbD.exe
PID 1660 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FdINDti.exe
PID 1660 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FdINDti.exe
PID 1660 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\FdINDti.exe
PID 1660 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\KxWSZQk.exe
PID 1660 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\KxWSZQk.exe
PID 1660 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\KxWSZQk.exe
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\YWJZtQk.exe
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\YWJZtQk.exe
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\YWJZtQk.exe
PID 1660 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oNSwEkr.exe
PID 1660 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oNSwEkr.exe
PID 1660 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oNSwEkr.exe
PID 1660 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oSdwzZM.exe
PID 1660 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oSdwzZM.exe
PID 1660 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\oSdwzZM.exe
PID 1660 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\UajXZlH.exe
PID 1660 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\UajXZlH.exe
PID 1660 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\UajXZlH.exe
PID 1660 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\GJujVch.exe
PID 1660 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\GJujVch.exe
PID 1660 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\GJujVch.exe
PID 1660 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sWUWHop.exe
PID 1660 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sWUWHop.exe
PID 1660 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\sWUWHop.exe
PID 1660 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\CYRqpSk.exe
PID 1660 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\CYRqpSk.exe
PID 1660 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\CYRqpSk.exe
PID 1660 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mHTNckh.exe
PID 1660 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mHTNckh.exe
PID 1660 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\mHTNckh.exe
PID 1660 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ueLizHZ.exe
PID 1660 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ueLizHZ.exe
PID 1660 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\ueLizHZ.exe
PID 1660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\eiehAdc.exe
PID 1660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\eiehAdc.exe
PID 1660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\eiehAdc.exe
PID 1660 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe C:\Windows\System\tdYKfol.exe

Processes

C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\31735fb87fcb3e72af245f7283a167a0_NeikiAnalytics.exe"

C:\Windows\System\qlacVwv.exe

C:\Windows\System\qlacVwv.exe

C:\Windows\System\kcOdwQD.exe

C:\Windows\System\kcOdwQD.exe

C:\Windows\System\ADGtMsL.exe

C:\Windows\System\ADGtMsL.exe

C:\Windows\System\gJJltES.exe

C:\Windows\System\gJJltES.exe

C:\Windows\System\jIiMDif.exe

C:\Windows\System\jIiMDif.exe

C:\Windows\System\AnUqJsu.exe

C:\Windows\System\AnUqJsu.exe

C:\Windows\System\sBlzGsC.exe

C:\Windows\System\sBlzGsC.exe

C:\Windows\System\NarGcpT.exe

C:\Windows\System\NarGcpT.exe

C:\Windows\System\risMLbD.exe

C:\Windows\System\risMLbD.exe

C:\Windows\System\FdINDti.exe

C:\Windows\System\FdINDti.exe

C:\Windows\System\KxWSZQk.exe

C:\Windows\System\KxWSZQk.exe

C:\Windows\System\YWJZtQk.exe

C:\Windows\System\YWJZtQk.exe

C:\Windows\System\oNSwEkr.exe

C:\Windows\System\oNSwEkr.exe

C:\Windows\System\oSdwzZM.exe

C:\Windows\System\oSdwzZM.exe

C:\Windows\System\UajXZlH.exe

C:\Windows\System\UajXZlH.exe

C:\Windows\System\GJujVch.exe

C:\Windows\System\GJujVch.exe

C:\Windows\System\sWUWHop.exe

C:\Windows\System\sWUWHop.exe

C:\Windows\System\CYRqpSk.exe

C:\Windows\System\CYRqpSk.exe

C:\Windows\System\mHTNckh.exe

C:\Windows\System\mHTNckh.exe

C:\Windows\System\ueLizHZ.exe

C:\Windows\System\ueLizHZ.exe

C:\Windows\System\eiehAdc.exe

C:\Windows\System\eiehAdc.exe

C:\Windows\System\tdYKfol.exe

C:\Windows\System\tdYKfol.exe

C:\Windows\System\UbyPzsf.exe

C:\Windows\System\UbyPzsf.exe

C:\Windows\System\OfcPojX.exe

C:\Windows\System\OfcPojX.exe

C:\Windows\System\lwjQeyC.exe

C:\Windows\System\lwjQeyC.exe

C:\Windows\System\UvQVCIc.exe

C:\Windows\System\UvQVCIc.exe

C:\Windows\System\DAbYNMg.exe

C:\Windows\System\DAbYNMg.exe

C:\Windows\System\nzebSHa.exe

C:\Windows\System\nzebSHa.exe

C:\Windows\System\sMPoZke.exe

C:\Windows\System\sMPoZke.exe

C:\Windows\System\XUtPHbm.exe

C:\Windows\System\XUtPHbm.exe

C:\Windows\System\grcwfJD.exe

C:\Windows\System\grcwfJD.exe

C:\Windows\System\aNLlvhP.exe

C:\Windows\System\aNLlvhP.exe

C:\Windows\System\sjwfriW.exe

C:\Windows\System\sjwfriW.exe

C:\Windows\System\DhXTiVX.exe

C:\Windows\System\DhXTiVX.exe

C:\Windows\System\oUzFEVH.exe

C:\Windows\System\oUzFEVH.exe

C:\Windows\System\qUmUXIE.exe

C:\Windows\System\qUmUXIE.exe

C:\Windows\System\xAUhyLJ.exe

C:\Windows\System\xAUhyLJ.exe

C:\Windows\System\clJvTMx.exe

C:\Windows\System\clJvTMx.exe

C:\Windows\System\LrHsCvs.exe

C:\Windows\System\LrHsCvs.exe

C:\Windows\System\QqCgglC.exe

C:\Windows\System\QqCgglC.exe

C:\Windows\System\gBxOdlE.exe

C:\Windows\System\gBxOdlE.exe

C:\Windows\System\sxLCUfA.exe

C:\Windows\System\sxLCUfA.exe

C:\Windows\System\XTLayoh.exe

C:\Windows\System\XTLayoh.exe

C:\Windows\System\BHQPAZz.exe

C:\Windows\System\BHQPAZz.exe

C:\Windows\System\uWfJPLU.exe

C:\Windows\System\uWfJPLU.exe

C:\Windows\System\ryBZkiH.exe

C:\Windows\System\ryBZkiH.exe

C:\Windows\System\XPHhnlF.exe

C:\Windows\System\XPHhnlF.exe

C:\Windows\System\nfbZysK.exe

C:\Windows\System\nfbZysK.exe

C:\Windows\System\YomwZAz.exe

C:\Windows\System\YomwZAz.exe

C:\Windows\System\ubDnXvH.exe

C:\Windows\System\ubDnXvH.exe

C:\Windows\System\vbTitvd.exe

C:\Windows\System\vbTitvd.exe

C:\Windows\System\zeKpPjx.exe

C:\Windows\System\zeKpPjx.exe

C:\Windows\System\JhOuDnw.exe

C:\Windows\System\JhOuDnw.exe

C:\Windows\System\bHCyeSd.exe

C:\Windows\System\bHCyeSd.exe

C:\Windows\System\NTWVhYr.exe

C:\Windows\System\NTWVhYr.exe

C:\Windows\System\yJZEXgx.exe

C:\Windows\System\yJZEXgx.exe

C:\Windows\System\GvHdTCb.exe

C:\Windows\System\GvHdTCb.exe

C:\Windows\System\CeOayDv.exe

C:\Windows\System\CeOayDv.exe

C:\Windows\System\TJhuDFu.exe

C:\Windows\System\TJhuDFu.exe

C:\Windows\System\EMEDQiB.exe

C:\Windows\System\EMEDQiB.exe

C:\Windows\System\WYubwUC.exe

C:\Windows\System\WYubwUC.exe

C:\Windows\System\TPeqyxY.exe

C:\Windows\System\TPeqyxY.exe

C:\Windows\System\lHEQHAu.exe

C:\Windows\System\lHEQHAu.exe

C:\Windows\System\fuZXojn.exe

C:\Windows\System\fuZXojn.exe

C:\Windows\System\vfUtTlD.exe

C:\Windows\System\vfUtTlD.exe

C:\Windows\System\xAYYYIm.exe

C:\Windows\System\xAYYYIm.exe

C:\Windows\System\bDgopUa.exe

C:\Windows\System\bDgopUa.exe

C:\Windows\System\cDaiLpq.exe

C:\Windows\System\cDaiLpq.exe

C:\Windows\System\JoCUmgM.exe

C:\Windows\System\JoCUmgM.exe

C:\Windows\System\QsgybSv.exe

C:\Windows\System\QsgybSv.exe

C:\Windows\System\IMLtUOO.exe

C:\Windows\System\IMLtUOO.exe

C:\Windows\System\jkzPfam.exe

C:\Windows\System\jkzPfam.exe

C:\Windows\System\atdHWFr.exe

C:\Windows\System\atdHWFr.exe

C:\Windows\System\zsfDsbu.exe

C:\Windows\System\zsfDsbu.exe

C:\Windows\System\tugOuBo.exe

C:\Windows\System\tugOuBo.exe

C:\Windows\System\VIkFrzc.exe

C:\Windows\System\VIkFrzc.exe

C:\Windows\System\qpBgLHA.exe

C:\Windows\System\qpBgLHA.exe

C:\Windows\System\GwMZlmB.exe

C:\Windows\System\GwMZlmB.exe

C:\Windows\System\wtamPlZ.exe

C:\Windows\System\wtamPlZ.exe

C:\Windows\System\DLILmLz.exe

C:\Windows\System\DLILmLz.exe

C:\Windows\System\WlZusIj.exe

C:\Windows\System\WlZusIj.exe

C:\Windows\System\PVsFvZD.exe

C:\Windows\System\PVsFvZD.exe

C:\Windows\System\dDtLRty.exe

C:\Windows\System\dDtLRty.exe

C:\Windows\System\RQtAeps.exe

C:\Windows\System\RQtAeps.exe

C:\Windows\System\TnLQgQw.exe

C:\Windows\System\TnLQgQw.exe

C:\Windows\System\SzkFVoT.exe

C:\Windows\System\SzkFVoT.exe

C:\Windows\System\eZkheaF.exe

C:\Windows\System\eZkheaF.exe

C:\Windows\System\oUmEczC.exe

C:\Windows\System\oUmEczC.exe

C:\Windows\System\aCkHVyt.exe

C:\Windows\System\aCkHVyt.exe

C:\Windows\System\GpBUWix.exe

C:\Windows\System\GpBUWix.exe

C:\Windows\System\mgsIQUp.exe

C:\Windows\System\mgsIQUp.exe

C:\Windows\System\iDxPlgB.exe

C:\Windows\System\iDxPlgB.exe

C:\Windows\System\dSQvtvP.exe

C:\Windows\System\dSQvtvP.exe

C:\Windows\System\ihcJKUV.exe

C:\Windows\System\ihcJKUV.exe

C:\Windows\System\pgGBYIj.exe

C:\Windows\System\pgGBYIj.exe

C:\Windows\System\ioWXpCZ.exe

C:\Windows\System\ioWXpCZ.exe

C:\Windows\System\NrmEJOs.exe

C:\Windows\System\NrmEJOs.exe

C:\Windows\System\UbKgwkk.exe

C:\Windows\System\UbKgwkk.exe

C:\Windows\System\zqmiGxE.exe

C:\Windows\System\zqmiGxE.exe

C:\Windows\System\FTPpxvF.exe

C:\Windows\System\FTPpxvF.exe

C:\Windows\System\aMwZZVx.exe

C:\Windows\System\aMwZZVx.exe

C:\Windows\System\EUKruJH.exe

C:\Windows\System\EUKruJH.exe

C:\Windows\System\YmLcoOb.exe

C:\Windows\System\YmLcoOb.exe

C:\Windows\System\LGPnIOz.exe

C:\Windows\System\LGPnIOz.exe

C:\Windows\System\lkQfvmw.exe

C:\Windows\System\lkQfvmw.exe

C:\Windows\System\JZUbFGR.exe

C:\Windows\System\JZUbFGR.exe

C:\Windows\System\hcswCOl.exe

C:\Windows\System\hcswCOl.exe

C:\Windows\System\kQZVcAG.exe

C:\Windows\System\kQZVcAG.exe

C:\Windows\System\BNcJbiT.exe

C:\Windows\System\BNcJbiT.exe

C:\Windows\System\VfqpaPL.exe

C:\Windows\System\VfqpaPL.exe

C:\Windows\System\SzuLmkw.exe

C:\Windows\System\SzuLmkw.exe

C:\Windows\System\qFkLvoJ.exe

C:\Windows\System\qFkLvoJ.exe

C:\Windows\System\uRXgLGJ.exe

C:\Windows\System\uRXgLGJ.exe

C:\Windows\System\XnIHamw.exe

C:\Windows\System\XnIHamw.exe

C:\Windows\System\gpiAHPs.exe

C:\Windows\System\gpiAHPs.exe

C:\Windows\System\xpLymam.exe

C:\Windows\System\xpLymam.exe

C:\Windows\System\wryQbfT.exe

C:\Windows\System\wryQbfT.exe

C:\Windows\System\THRBQlM.exe

C:\Windows\System\THRBQlM.exe

C:\Windows\System\UllMSeV.exe

C:\Windows\System\UllMSeV.exe

C:\Windows\System\wcnipbj.exe

C:\Windows\System\wcnipbj.exe

C:\Windows\System\ZxeGwru.exe

C:\Windows\System\ZxeGwru.exe

C:\Windows\System\DpTbxWp.exe

C:\Windows\System\DpTbxWp.exe

C:\Windows\System\thlFjOs.exe

C:\Windows\System\thlFjOs.exe

C:\Windows\System\kkBBJQC.exe

C:\Windows\System\kkBBJQC.exe

C:\Windows\System\IYEzqdR.exe

C:\Windows\System\IYEzqdR.exe

C:\Windows\System\DmbNXCS.exe

C:\Windows\System\DmbNXCS.exe

C:\Windows\System\Vaylcpb.exe

C:\Windows\System\Vaylcpb.exe

C:\Windows\System\SqvoRdV.exe

C:\Windows\System\SqvoRdV.exe

C:\Windows\System\sUSlOLl.exe

C:\Windows\System\sUSlOLl.exe

C:\Windows\System\nbgCknR.exe

C:\Windows\System\nbgCknR.exe

C:\Windows\System\KvYeIjG.exe

C:\Windows\System\KvYeIjG.exe

C:\Windows\System\XUuWFDB.exe

C:\Windows\System\XUuWFDB.exe

C:\Windows\System\IEVqwjV.exe

C:\Windows\System\IEVqwjV.exe

C:\Windows\System\TEhKXdP.exe

C:\Windows\System\TEhKXdP.exe

C:\Windows\System\nzQfwSM.exe

C:\Windows\System\nzQfwSM.exe

C:\Windows\System\KrlGZiu.exe

C:\Windows\System\KrlGZiu.exe

C:\Windows\System\lgfeaOK.exe

C:\Windows\System\lgfeaOK.exe

C:\Windows\System\WMMzAIz.exe

C:\Windows\System\WMMzAIz.exe

C:\Windows\System\KvgEOfM.exe

C:\Windows\System\KvgEOfM.exe

C:\Windows\System\yorNbSb.exe

C:\Windows\System\yorNbSb.exe

C:\Windows\System\tKHJEqR.exe

C:\Windows\System\tKHJEqR.exe

C:\Windows\System\CoCXBbf.exe

C:\Windows\System\CoCXBbf.exe

C:\Windows\System\izNTCGe.exe

C:\Windows\System\izNTCGe.exe

C:\Windows\System\RlMoexC.exe

C:\Windows\System\RlMoexC.exe

C:\Windows\System\rgGuuoX.exe

C:\Windows\System\rgGuuoX.exe

C:\Windows\System\wDmeoyG.exe

C:\Windows\System\wDmeoyG.exe

C:\Windows\System\SXFORdD.exe

C:\Windows\System\SXFORdD.exe

C:\Windows\System\vVWdiPG.exe

C:\Windows\System\vVWdiPG.exe

C:\Windows\System\IRfYXqz.exe

C:\Windows\System\IRfYXqz.exe

C:\Windows\System\uNzgkJc.exe

C:\Windows\System\uNzgkJc.exe

C:\Windows\System\CWquCVe.exe

C:\Windows\System\CWquCVe.exe

C:\Windows\System\jxVLExq.exe

C:\Windows\System\jxVLExq.exe

C:\Windows\System\TDexFsa.exe

C:\Windows\System\TDexFsa.exe

C:\Windows\System\eAwIhfL.exe

C:\Windows\System\eAwIhfL.exe

C:\Windows\System\TsLSHfb.exe

C:\Windows\System\TsLSHfb.exe

C:\Windows\System\sOcfdTd.exe

C:\Windows\System\sOcfdTd.exe

C:\Windows\System\zSXHosM.exe

C:\Windows\System\zSXHosM.exe

C:\Windows\System\EQvOOQu.exe

C:\Windows\System\EQvOOQu.exe

C:\Windows\System\lcoiHYN.exe

C:\Windows\System\lcoiHYN.exe

C:\Windows\System\nwPyhlr.exe

C:\Windows\System\nwPyhlr.exe

C:\Windows\System\eBcEkGr.exe

C:\Windows\System\eBcEkGr.exe

C:\Windows\System\zFnSFnp.exe

C:\Windows\System\zFnSFnp.exe

C:\Windows\System\fYvkLnW.exe

C:\Windows\System\fYvkLnW.exe

C:\Windows\System\wevpgXw.exe

C:\Windows\System\wevpgXw.exe

C:\Windows\System\IRGeLCG.exe

C:\Windows\System\IRGeLCG.exe

C:\Windows\System\PVanGSz.exe

C:\Windows\System\PVanGSz.exe

C:\Windows\System\EPzHKeE.exe

C:\Windows\System\EPzHKeE.exe

C:\Windows\System\bESvAhp.exe

C:\Windows\System\bESvAhp.exe

C:\Windows\System\qBwDCda.exe

C:\Windows\System\qBwDCda.exe

C:\Windows\System\XZMiptG.exe

C:\Windows\System\XZMiptG.exe

C:\Windows\System\AasdZqq.exe

C:\Windows\System\AasdZqq.exe

C:\Windows\System\mzCTGED.exe

C:\Windows\System\mzCTGED.exe

C:\Windows\System\tgrHace.exe

C:\Windows\System\tgrHace.exe

C:\Windows\System\XKewkBF.exe

C:\Windows\System\XKewkBF.exe

C:\Windows\System\BOMASYG.exe

C:\Windows\System\BOMASYG.exe

C:\Windows\System\PobTqjs.exe

C:\Windows\System\PobTqjs.exe

C:\Windows\System\HdkLJhC.exe

C:\Windows\System\HdkLJhC.exe

C:\Windows\System\hfbtFyd.exe

C:\Windows\System\hfbtFyd.exe

C:\Windows\System\hcXcAHM.exe

C:\Windows\System\hcXcAHM.exe

C:\Windows\System\evJLaek.exe

C:\Windows\System\evJLaek.exe

C:\Windows\System\otJTpGT.exe

C:\Windows\System\otJTpGT.exe

C:\Windows\System\TlpfMQG.exe

C:\Windows\System\TlpfMQG.exe

C:\Windows\System\ytBstdA.exe

C:\Windows\System\ytBstdA.exe

C:\Windows\System\jzoObpM.exe

C:\Windows\System\jzoObpM.exe

C:\Windows\System\DhSSEca.exe

C:\Windows\System\DhSSEca.exe

C:\Windows\System\VQdSAAf.exe

C:\Windows\System\VQdSAAf.exe

C:\Windows\System\ECzWhmN.exe

C:\Windows\System\ECzWhmN.exe

C:\Windows\System\Myyvfry.exe

C:\Windows\System\Myyvfry.exe

C:\Windows\System\bitYuCc.exe

C:\Windows\System\bitYuCc.exe

C:\Windows\System\fBwsOTy.exe

C:\Windows\System\fBwsOTy.exe

C:\Windows\System\USghrfP.exe

C:\Windows\System\USghrfP.exe

C:\Windows\System\dGCeVOK.exe

C:\Windows\System\dGCeVOK.exe

C:\Windows\System\PvgVaex.exe

C:\Windows\System\PvgVaex.exe

C:\Windows\System\yISsvUI.exe

C:\Windows\System\yISsvUI.exe

C:\Windows\System\rfnVjFh.exe

C:\Windows\System\rfnVjFh.exe

C:\Windows\System\ZcXCtdJ.exe

C:\Windows\System\ZcXCtdJ.exe

C:\Windows\System\YFyKNeK.exe

C:\Windows\System\YFyKNeK.exe

C:\Windows\System\uyqGXQA.exe

C:\Windows\System\uyqGXQA.exe

C:\Windows\System\JzSYxqo.exe

C:\Windows\System\JzSYxqo.exe

C:\Windows\System\LPhzeNx.exe

C:\Windows\System\LPhzeNx.exe

C:\Windows\System\PFMgoBf.exe

C:\Windows\System\PFMgoBf.exe

C:\Windows\System\yAaADQU.exe

C:\Windows\System\yAaADQU.exe

C:\Windows\System\LtrrFNh.exe

C:\Windows\System\LtrrFNh.exe

C:\Windows\System\pjqRLKv.exe

C:\Windows\System\pjqRLKv.exe

C:\Windows\System\CPnfgfC.exe

C:\Windows\System\CPnfgfC.exe

C:\Windows\System\WzRTyJI.exe

C:\Windows\System\WzRTyJI.exe

C:\Windows\System\YkApOkd.exe

C:\Windows\System\YkApOkd.exe

C:\Windows\System\RVnTxNd.exe

C:\Windows\System\RVnTxNd.exe

C:\Windows\System\ctPdxxR.exe

C:\Windows\System\ctPdxxR.exe

C:\Windows\System\OyyElSu.exe

C:\Windows\System\OyyElSu.exe

C:\Windows\System\cYPevsV.exe

C:\Windows\System\cYPevsV.exe

C:\Windows\System\XUkyndt.exe

C:\Windows\System\XUkyndt.exe

C:\Windows\System\TfQaRmn.exe

C:\Windows\System\TfQaRmn.exe

C:\Windows\System\isDfATL.exe

C:\Windows\System\isDfATL.exe

C:\Windows\System\qOXcvsZ.exe

C:\Windows\System\qOXcvsZ.exe

C:\Windows\System\XHHPiPt.exe

C:\Windows\System\XHHPiPt.exe

C:\Windows\System\ObDMzxO.exe

C:\Windows\System\ObDMzxO.exe

C:\Windows\System\ajZejKa.exe

C:\Windows\System\ajZejKa.exe

C:\Windows\System\dCYZxjU.exe

C:\Windows\System\dCYZxjU.exe

C:\Windows\System\ZfTuauY.exe

C:\Windows\System\ZfTuauY.exe

C:\Windows\System\fRNNnIx.exe

C:\Windows\System\fRNNnIx.exe

C:\Windows\System\thKnoyW.exe

C:\Windows\System\thKnoyW.exe

C:\Windows\System\jOKmiUx.exe

C:\Windows\System\jOKmiUx.exe

C:\Windows\System\IQFkVrA.exe

C:\Windows\System\IQFkVrA.exe

C:\Windows\System\FuCUhDA.exe

C:\Windows\System\FuCUhDA.exe

C:\Windows\System\GwWClve.exe

C:\Windows\System\GwWClve.exe

C:\Windows\System\ILPgUkj.exe

C:\Windows\System\ILPgUkj.exe

C:\Windows\System\JvQJoYq.exe

C:\Windows\System\JvQJoYq.exe

C:\Windows\System\baKYzib.exe

C:\Windows\System\baKYzib.exe

C:\Windows\System\dgrOTYe.exe

C:\Windows\System\dgrOTYe.exe

C:\Windows\System\gLueZuI.exe

C:\Windows\System\gLueZuI.exe

C:\Windows\System\ASvkyfO.exe

C:\Windows\System\ASvkyfO.exe

C:\Windows\System\VOPfJXC.exe

C:\Windows\System\VOPfJXC.exe

C:\Windows\System\eReuYpH.exe

C:\Windows\System\eReuYpH.exe

C:\Windows\System\oRpDAUe.exe

C:\Windows\System\oRpDAUe.exe

C:\Windows\System\rBEwOce.exe

C:\Windows\System\rBEwOce.exe

C:\Windows\System\RgAyYkN.exe

C:\Windows\System\RgAyYkN.exe

C:\Windows\System\pVnWgwd.exe

C:\Windows\System\pVnWgwd.exe

C:\Windows\System\yYEFeQS.exe

C:\Windows\System\yYEFeQS.exe

C:\Windows\System\BDgNVxC.exe

C:\Windows\System\BDgNVxC.exe

C:\Windows\System\fQpaFAJ.exe

C:\Windows\System\fQpaFAJ.exe

C:\Windows\System\cIXQDGH.exe

C:\Windows\System\cIXQDGH.exe

C:\Windows\System\jDqxdUT.exe

C:\Windows\System\jDqxdUT.exe

C:\Windows\System\OcvoIHZ.exe

C:\Windows\System\OcvoIHZ.exe

C:\Windows\System\tgxYPIb.exe

C:\Windows\System\tgxYPIb.exe

C:\Windows\System\eeJuIwe.exe

C:\Windows\System\eeJuIwe.exe

C:\Windows\System\jctzhJu.exe

C:\Windows\System\jctzhJu.exe

C:\Windows\System\McPPDuq.exe

C:\Windows\System\McPPDuq.exe

C:\Windows\System\csducSR.exe

C:\Windows\System\csducSR.exe

C:\Windows\System\FLlzSkq.exe

C:\Windows\System\FLlzSkq.exe

C:\Windows\System\QfLMyYn.exe

C:\Windows\System\QfLMyYn.exe

C:\Windows\System\jvzAjas.exe

C:\Windows\System\jvzAjas.exe

C:\Windows\System\jkzzKZc.exe

C:\Windows\System\jkzzKZc.exe

C:\Windows\System\GBViKtJ.exe

C:\Windows\System\GBViKtJ.exe

C:\Windows\System\mWStTpA.exe

C:\Windows\System\mWStTpA.exe

C:\Windows\System\pCEmpxg.exe

C:\Windows\System\pCEmpxg.exe

C:\Windows\System\SlaRPZg.exe

C:\Windows\System\SlaRPZg.exe

C:\Windows\System\CVOpAcg.exe

C:\Windows\System\CVOpAcg.exe

C:\Windows\System\cdTuBVA.exe

C:\Windows\System\cdTuBVA.exe

C:\Windows\System\yafBasv.exe

C:\Windows\System\yafBasv.exe

C:\Windows\System\ubNbeTT.exe

C:\Windows\System\ubNbeTT.exe

C:\Windows\System\fzWZBAA.exe

C:\Windows\System\fzWZBAA.exe

C:\Windows\System\ZTIhzTy.exe

C:\Windows\System\ZTIhzTy.exe

C:\Windows\System\Bgruuqp.exe

C:\Windows\System\Bgruuqp.exe

C:\Windows\System\YsluSsu.exe

C:\Windows\System\YsluSsu.exe

C:\Windows\System\whbbayC.exe

C:\Windows\System\whbbayC.exe

C:\Windows\System\uEbMbMa.exe

C:\Windows\System\uEbMbMa.exe

C:\Windows\System\AAewFaN.exe

C:\Windows\System\AAewFaN.exe

C:\Windows\System\vJJgszD.exe

C:\Windows\System\vJJgszD.exe

C:\Windows\System\wAAQNcb.exe

C:\Windows\System\wAAQNcb.exe

C:\Windows\System\GfnKXrR.exe

C:\Windows\System\GfnKXrR.exe

C:\Windows\System\RgPXfUs.exe

C:\Windows\System\RgPXfUs.exe

C:\Windows\System\rdwICWR.exe

C:\Windows\System\rdwICWR.exe

C:\Windows\System\lRzkNBR.exe

C:\Windows\System\lRzkNBR.exe

C:\Windows\System\zFPwRpu.exe

C:\Windows\System\zFPwRpu.exe

C:\Windows\System\zOhaVJz.exe

C:\Windows\System\zOhaVJz.exe

C:\Windows\System\nmYyKpv.exe

C:\Windows\System\nmYyKpv.exe

C:\Windows\System\UrXRRhg.exe

C:\Windows\System\UrXRRhg.exe

C:\Windows\System\tUlkVUa.exe

C:\Windows\System\tUlkVUa.exe

C:\Windows\System\ohvNMTl.exe

C:\Windows\System\ohvNMTl.exe

C:\Windows\System\FtUyKrT.exe

C:\Windows\System\FtUyKrT.exe

C:\Windows\System\gXwdUcU.exe

C:\Windows\System\gXwdUcU.exe

C:\Windows\System\IrXeqDq.exe

C:\Windows\System\IrXeqDq.exe

C:\Windows\System\WjvRUdx.exe

C:\Windows\System\WjvRUdx.exe

C:\Windows\System\MtkBcGH.exe

C:\Windows\System\MtkBcGH.exe

C:\Windows\System\aVBvSUP.exe

C:\Windows\System\aVBvSUP.exe

C:\Windows\System\JHYCvUI.exe

C:\Windows\System\JHYCvUI.exe

C:\Windows\System\fFmuUwG.exe

C:\Windows\System\fFmuUwG.exe

C:\Windows\System\PhIYTNg.exe

C:\Windows\System\PhIYTNg.exe

C:\Windows\System\vrfXkPM.exe

C:\Windows\System\vrfXkPM.exe

C:\Windows\System\HfMmswB.exe

C:\Windows\System\HfMmswB.exe

C:\Windows\System\yWNwFyd.exe

C:\Windows\System\yWNwFyd.exe

C:\Windows\System\jgkgLBA.exe

C:\Windows\System\jgkgLBA.exe

C:\Windows\System\mHUlyiq.exe

C:\Windows\System\mHUlyiq.exe

C:\Windows\System\mWaFOTN.exe

C:\Windows\System\mWaFOTN.exe

C:\Windows\System\iVackIY.exe

C:\Windows\System\iVackIY.exe

C:\Windows\System\oVDbeDc.exe

C:\Windows\System\oVDbeDc.exe

C:\Windows\System\eWWoiZg.exe

C:\Windows\System\eWWoiZg.exe

C:\Windows\System\FDxeuRf.exe

C:\Windows\System\FDxeuRf.exe

C:\Windows\System\wWVtmhs.exe

C:\Windows\System\wWVtmhs.exe

C:\Windows\System\zQnDtvI.exe

C:\Windows\System\zQnDtvI.exe

C:\Windows\System\VRUEBrD.exe

C:\Windows\System\VRUEBrD.exe

C:\Windows\System\fQzCwJM.exe

C:\Windows\System\fQzCwJM.exe

C:\Windows\System\gzXQzZt.exe

C:\Windows\System\gzXQzZt.exe

C:\Windows\System\atHZyIH.exe

C:\Windows\System\atHZyIH.exe

C:\Windows\System\giWhhQs.exe

C:\Windows\System\giWhhQs.exe

C:\Windows\System\vTDkcFn.exe

C:\Windows\System\vTDkcFn.exe

C:\Windows\System\iDkUCts.exe

C:\Windows\System\iDkUCts.exe

C:\Windows\System\IrwfQgv.exe

C:\Windows\System\IrwfQgv.exe

C:\Windows\System\sKYkOUA.exe

C:\Windows\System\sKYkOUA.exe

C:\Windows\System\HxZtNNS.exe

C:\Windows\System\HxZtNNS.exe

C:\Windows\System\ZMYRqpr.exe

C:\Windows\System\ZMYRqpr.exe

C:\Windows\System\EKtylBB.exe

C:\Windows\System\EKtylBB.exe

C:\Windows\System\pwzxyos.exe

C:\Windows\System\pwzxyos.exe

C:\Windows\System\WypcLlB.exe

C:\Windows\System\WypcLlB.exe

C:\Windows\System\leVtfyM.exe

C:\Windows\System\leVtfyM.exe

C:\Windows\System\diMrFjT.exe

C:\Windows\System\diMrFjT.exe

C:\Windows\System\UZepjvt.exe

C:\Windows\System\UZepjvt.exe

C:\Windows\System\QYAJJAo.exe

C:\Windows\System\QYAJJAo.exe

C:\Windows\System\aDAMzbG.exe

C:\Windows\System\aDAMzbG.exe

C:\Windows\System\UeoVtdR.exe

C:\Windows\System\UeoVtdR.exe

C:\Windows\System\HHZHhLn.exe

C:\Windows\System\HHZHhLn.exe

C:\Windows\System\nXmkGkI.exe

C:\Windows\System\nXmkGkI.exe

C:\Windows\System\enQtAUn.exe

C:\Windows\System\enQtAUn.exe

C:\Windows\System\FGSeRTA.exe

C:\Windows\System\FGSeRTA.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1660-0-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/1660-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\qlacVwv.exe

MD5 c895ae0febdcacdf66f1bc8dffd3e38c
SHA1 eb343211593614be74ea65ffab74766f3d0685d7
SHA256 f8967f5f3c44996209f40c4f5aac0d01264924d7c19dc65961e990ad97db0d67
SHA512 d0381872284e62573d694b379e1588b4f33e985327ab7dfd3e391270d7b0e4ab3b384b237bcbddc8ffb5c2673eee37bfb3dd763e1a49e3b1663a9627bb2f255d

memory/1244-9-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/1660-8-0x000000013F8E0000-0x000000013FC34000-memory.dmp

\Windows\system\kcOdwQD.exe

MD5 a48a30cb2e3c807ee254cc03964ef5e8
SHA1 48ba23dd489933b6ab12eedc6ae5daf0b15e0758
SHA256 0d8d99d603c311549d66d22415d11721e4162ab03c280bbc01a821d07e167dca
SHA512 d872cc8d0cc0212c170cdf332ab4399a4f8d95b9daa73f0ac6b24407a6eb370c12dccb9153e46b10e7df155f1d8ba778276cf71de368f8ccdec1a38120ca26fe

memory/3008-15-0x000000013FF90000-0x00000001402E4000-memory.dmp

C:\Windows\system\ADGtMsL.exe

MD5 bd241981e0084964936ddbc59b891387
SHA1 83b822bd1317dfb1d053abfbdea8740a8607b972
SHA256 56a2dfb6509cd650a760e41df385b814ebd08736aacb1d90e2fd7f334364a04a
SHA512 c2a8626be1f8595a79f79c5df1839f137c5b0e004fc4ef32cf047cc62d6542454d02ac76a63b3e239e676003b104b38b19ec3d6cb457d3d7304538ca19a3f12d

memory/1660-19-0x0000000001F70000-0x00000000022C4000-memory.dmp

memory/2600-21-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2516-29-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/1660-28-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

C:\Windows\system\gJJltES.exe

MD5 30ffee98f13e4f7dfd8978933fdae223
SHA1 b27ade5ed9262057fbd783e49000e83cbc7426e4
SHA256 fb26d07717475b0cdada1c54bfedad289ce5182b304f312fe44b3e1033ae74d9
SHA512 0fade8293eeaddf5844f32c01d98785dca97d924c2454dc0005c9623f4d6fbc688a2f7cd4210bdd25653ef75f797077cf9ac4804da49043499f245c1f333302f

\Windows\system\jIiMDif.exe

MD5 4ee7b1bb3652a529974b7b293b3d907e
SHA1 9aa70d81cc619732bb12ac0c3a6dd04c4106621b
SHA256 d72ce41cd8a9e46bd16b53bb3536c19197fc75eb429fcd66d5a6293f50a4e76a
SHA512 71f98466fba3d1cd63f546ed90728a223134da397ddfbf23e7a39e56c74baeac10e0b22a4c32bb32e72365b2a354bf252436bd9dde04d4edb25bf2a614a655a7

\Windows\system\sBlzGsC.exe

MD5 6af52997eef7a82f1eef4c2709807489
SHA1 8071387b5dedf70462b8d547fc90f3c5d102c0e9
SHA256 09f03a7ce1f9327fa0fbd59d9477cf915945181415a27333baa1f1f7d9f3c4ae
SHA512 b45a56af2a54427c0f09fe99275d237e890384c846d2c448a36571377397a9f501b6e2e96a7acd81a27b8844090a8018b792087a8f459d284ecffd92dbc106bc

C:\Windows\system\AnUqJsu.exe

MD5 51605fa3239647d187036fe7a9165b58
SHA1 61cc62b0e1eda5ac642c8fcc9371b91c0ca48013
SHA256 284e9e78d3c6914807e4610cce065a38c77b2fdf37ffb079583c019da8b0fbe8
SHA512 cddf5e1a13d2a5d4d1d0077cf958deeeccb5e3c20ffa61a2c5dba91109287bcbf33ec7441b37c71fbf1134eebe9aec1bc9121de29baecf703b60972df27f2a61

memory/2488-42-0x000000013FDB0000-0x0000000140104000-memory.dmp

\Windows\system\NarGcpT.exe

MD5 42bbfd33596efae9f6310c07413f585f
SHA1 2a7b994c291ab6c6370c36cc0c4d699d3651c57c
SHA256 b11b43cda37135db5c14d4d67dbcd59bc8eda86f7d1140e6bc6014cd2d9e1a00
SHA512 a9816e2e33fd5d816c883f5f06f662e0378bd3515b7a5fdb700267f64eba59d033c38211d5cf35481bcd6b6f57deab37739244703b811163c3e225b515520705

memory/1660-59-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

C:\Windows\system\FdINDti.exe

MD5 66e7c7b6669435cacf5830534c0b3fa8
SHA1 146b1dd5a44eca1f8dfc5498a7ce3eed019d9872
SHA256 4de67c3c91b4dfde169915e8c90c9f18b4c50fd91d9accff91e4f968e96199b9
SHA512 c33a3f18705f10f86c16c57350387a054ba689019794641bc78ad1c7f6af5547bddbceeab2aa41b9121c4dfa57966fbec01b7f6ecb5b316c45f9a89e072b32a9

C:\Windows\system\risMLbD.exe

MD5 d1795635ce330da2b51be2b3372caf7c
SHA1 bfcc573feba3a06c73a4520422f24cee15e376cc
SHA256 8aaaef42dab41e7966a981cedd23fd8b32644e662000cd0ac39f93b42b710b18
SHA512 34e923eff770b8ec1668a541ed630f9eadfbebbd08ddce47947946b732776d39ee9edcfc8122f2cd117144c27dbe604287e5cd9af0eecd38e4e0653418243e63

memory/2324-71-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2376-63-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2416-61-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2584-60-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/1660-70-0x000000013FE60000-0x00000001401B4000-memory.dmp

memory/1660-57-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2408-56-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/1660-54-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/1660-52-0x0000000001F70000-0x00000000022C4000-memory.dmp

memory/1660-38-0x0000000001F70000-0x00000000022C4000-memory.dmp

C:\Windows\system\KxWSZQk.exe

MD5 a09d620018e4d4859add16c9dc9e7211
SHA1 216f14c5d31dfc42284a0646fde33456346f8d73
SHA256 237947d49feff03a55c4d1515bc8b847131eb503bbc55c47511f7a7ac3b741c7
SHA512 85d6d398cb6d1cef2e5883c29d55f7e7f4dafa4d8e3da858a9bf24d357018391e2a9bdbd61a4c89b15e5adb57953588fcf73dcb1b703e4d976dd909c467817e0

memory/3008-77-0x000000013FF90000-0x00000001402E4000-memory.dmp

C:\Windows\system\YWJZtQk.exe

MD5 fa25e32aaae56c16e18a3ee324798199
SHA1 7a64ec9fd41707ff36c45fef8d82e8d4db8133ce
SHA256 4edeb7da62c1714f6de2dc3b106822efe44a8f53965251ee545a9c6b34d886c2
SHA512 b26ddf3b5498071d6bbd17584a3016d6896147b30bb293f0e41b589225525fb601687d86f818516b7a6b21f10a0b0bd11c827dfb76b55cedd20dbc0886b48a1c

memory/1940-78-0x000000013F410000-0x000000013F764000-memory.dmp

\Windows\system\oNSwEkr.exe

MD5 adfb9e8b5ad023466ed5ec164f890fa4
SHA1 330005b8a670c7296589129e843c4abab0d3684e
SHA256 873a8ada645a812ef057095274cbd80cc400e704457cd308ac4a4aba15226865
SHA512 9c11ed5d5d05dab9ad2f5aa7e84aede93d63508e12a3b67441265e11f4bf8038cf425078b38c779bb122be06b2cb663476a1f7ebf7d90c26c7ad6e4dc7d73f6f

memory/2772-84-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1608-91-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2600-89-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/1660-87-0x000000013F530000-0x000000013F884000-memory.dmp

C:\Windows\system\oSdwzZM.exe

MD5 ab6cf6434cddbcae2b6e666dfd40db65
SHA1 f3f5db15cfde9bce3915fa19068eef1747dbf5a5
SHA256 50f48f287d17b7b8b4c4646c11d578fcaf0f8ddd640e295e4735b4dce3344fb4
SHA512 cdabf386988cd19cffc2b516603290fd2f6c7d2f96243415eb408268ff722c0befc635b509cb7a0f3ccbdf76f9b64967b30677001a4456e615cbf7690868724e

memory/2028-99-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/1660-97-0x0000000001F70000-0x00000000022C4000-memory.dmp

\Windows\system\GJujVch.exe

MD5 27ab8a9353ea25b9877c5d39f37ccba3
SHA1 af518b1d905c8799fdb2f1e00872599b66f0dad9
SHA256 856915f6d533a394c4bae24454b960da1ce4b7ef5165c3686df18b76dc8ea58c
SHA512 2e0f8c026f1678934f21219d26a705f0d738ea16895eedc17915954b9a230386a7673ce5e8275de3246c2c2ef523d3ca6262e2f85005c5779a236868f490a47b

memory/1660-115-0x0000000001F70000-0x00000000022C4000-memory.dmp

C:\Windows\system\sWUWHop.exe

MD5 2591170b06b22dee1e69f71777d137d7
SHA1 d3517add7d2cf75e91970e6a78d1f9d709829e6b
SHA256 ffeed14096fcb7703d95084315d57cffd7b0a8690fcfdafeeec67c096c654866
SHA512 4f1e6f80d468eed0434c7636f93b14dbbc7d20d7d2ac0668cbf9b1d576673b4adb828bfbecab32fd4b2ce14735eb7f2d0795ce929ae2a10c6c5b368d7df84114

C:\Windows\system\UajXZlH.exe

MD5 bc1d74b3a2860379800052690cfa2290
SHA1 79c83a3ab05c06580192f47bc923be1088a0d9aa
SHA256 a2ecb1bce65f5067cc15b4733f937dd7be8ea0ac98f620da22883984d0fe68dd
SHA512 6b7ace2890b24b777c42303433152f61f14a5c0e8426e0ae85ca235b4d8b9594a97efdae9128ff86750d6ce640e97b1cac94cb2e35d52a77472ec1d9837628d5

\Windows\system\CYRqpSk.exe

MD5 7776bf55067e5096212590c01e9c3110
SHA1 8b85c42f002b2b068b43baa31e762e009d8bde62
SHA256 af7e1beb7a9277fd5d28da763f1dd99fb3afa9cb56cc4d0e294f28aa6f48207e
SHA512 4060953a2aca74b1f165c9b0fffcf253cc39a5a3b6dca012c48250802a4654a0a5dfdbc7ab2e78f2f7334c5706c8413be37edf01ef156995f5ba7d9d09ebb75e

C:\Windows\system\tdYKfol.exe

MD5 9c122414e55d97ad45688d5c6172998c
SHA1 ba0da8af65378609997d40a155175ffdd00bdf97
SHA256 3ec326c3510b6b73e045f8c799d08cde57a887dcb283f81bd3fb29b766b943cc
SHA512 2d0440332dfbec945c57f0773039ff4511ee1ace108fcc5eecf96b373738ddb66f4666da28498b3a4523fb97b97eba34cd42420dc5d381533dfd769d48d473fc

C:\Windows\system\UbyPzsf.exe

MD5 1517e9e5566e65471b74a39c64b1ab57
SHA1 f215bcc91b6184e0d18dd4e9f6da3482a196d2a0
SHA256 5feca9776b6d10de72f4dc0e99805db894b50ade0223d8161994300aa83d9657
SHA512 2ebc32ad6d99f9b13df246d6d54a63ae4918d2481a6d5532cd816f8e37f13cb826ce2cd1c0e50b96f6bf17611d565a1019bd050efabd46fc70a573fbd939d7d1

C:\Windows\system\OfcPojX.exe

MD5 0e77caff65156d1ec51e0442991dac05
SHA1 6d75d621537fe2f393ca595726b3963f623c8240
SHA256 ecf7935afc5e07dbfb42db8c965d4768f22616b20c7e6517df19fd0a2b99b591
SHA512 91af476585ce9ca4c6bfef109c8248b2d83e597f239721edc96cb044b7e77c15eadd3afdcd7d50f5dcb001282d544a0ca2379c84581dfcf6b94377e62ea729dd

C:\Windows\system\DAbYNMg.exe

MD5 4e7fb5eaca06ac89e454b074698525a9
SHA1 d49129df68a2416a07ccb5cff62a829f492d57e8
SHA256 247e3d4342e603b3171ef7d2026707844052c3f3070e092e374c3feb896929e1
SHA512 d9d2db2df7be2997c91c92b62cda45d6a49e5e05c2e5a605b132a4660b6b4b8fe2c24c67c14e18bb7b5af6aa7b00969dee0b3d4893c0796f7fe2306dfdfa7911

C:\Windows\system\nzebSHa.exe

MD5 4c5896a85e7c3ada040129611dbb406e
SHA1 d4f77e7d0c971710656f5387698774ffd17fca96
SHA256 9c7942b29f78a781bc83530d5070f1006fbac5225d73d53a88c62688d782a9bc
SHA512 b401e24ebf283a145841f40bf00116eb0c31edfc5a9a2093a96db198830d60625254582ccfc317d6470b3fba209dbfadf95ba6c226200a3ca4d686efa1635d1a

memory/1660-340-0x000000013F9E0000-0x000000013FD34000-memory.dmp

C:\Windows\system\aNLlvhP.exe

MD5 fd6f77059844637fd92ceb80e57089ac
SHA1 a92990e5a386654583dedc524502c20a390057f7
SHA256 88d7585d97bae039d9a23071d9873e5958ba681f6ac87e7ac2e299021736722d
SHA512 79b9280d6811159b90a1696ee49da588a5208b38a3f0485f06c5604ce6aeb769433a0c8c1dd3c0d1e396fa5c2b4b863e2dac47537d562ba692929e0d460c702d

C:\Windows\system\grcwfJD.exe

MD5 8030f79528d326786e4f10638c8c02de
SHA1 f926c5740654987359a5ff62cff5ea89c7038fd3
SHA256 db7015930588c94e668e499d9e5a61f3909b8441d12e9832721f271aa2990dd7
SHA512 77508b9dbd536da28478b2ebb6094070b4007a97a8ab70f12633b335fb9890a51b7432248631e46c99c06c5b43120281c7b770224791ebb4e5f4168e1dc9cae4

C:\Windows\system\XUtPHbm.exe

MD5 a824e08855b0e3e448c8265036025e51
SHA1 94577cc8ec36b277e16dfa527b0b177022e8b9f1
SHA256 b21aa2f46a7bf84f6ab1891c989cfc3cc98638cf02b514c8efee737dc201d43d
SHA512 cf0d0ff6d1b87a487c2bc9bec244f38d5569befd578161c854ea096a7189203a8209ebf3842edf756c7cfc479ec9edf8a7a3d296a2a84e9b545579df7cb62c39

C:\Windows\system\sMPoZke.exe

MD5 d32813f7bc75576452bda5cb501fd44f
SHA1 acffc63ba6a806d0f988cb89743c718093cd95aa
SHA256 c5be6045fe8880373d598ed9f172da8955fa57ea02ad904c110446dcb777a668
SHA512 2bfbea85adc0ead5076568c6778ce5fc80ac59ef60e514437a618a23c124b87d42557cec1e231a18140ca896c06233d5b9c68b3b98143daa465e1d4f6ac0d3f5

C:\Windows\system\UvQVCIc.exe

MD5 71e09107c291238acd91bcbda3055d94
SHA1 e7b9a5695748f16cc35ed1b41b09848a2510a563
SHA256 b1791dfc69f6eeb5aacf7bbaa2d05a50c646a79e2d11cfce6ad665225feee1e4
SHA512 6b93b7357b8ef8121103b5964c4e775f34a6e782e46fe943f6d2b7249c81c1d2a283ff97f2cfce29a161cdeb60e31c45ed0c27aa8cb9d2fbc8f3a9063a86dd7d

C:\Windows\system\lwjQeyC.exe

MD5 e2a16fd7ce407cd3fd68f481479fd181
SHA1 6b3e47f4c13e25912deae7630008931fd9754bd8
SHA256 3104f553af5e7a66ded4326eda965791681595477a3bc53bfbdf90f60a6fc794
SHA512 c5e922747d5cf80a69b2efa2364b3e0e7e3bb9ce80fd938fe097fa49488c147cd41875d65b7fcecad828bc9593a2bf450b038f0ab9818252f9fe031537da2ff9

C:\Windows\system\eiehAdc.exe

MD5 cb4dbd55257912b37a92d3855f32664a
SHA1 1e6b665faf70db0db8d232e5de8872ade59f8021
SHA256 ce820ef3e2399b05c5f0b6c39bb15d10842c587a28e1b3b0b68a48579396e0b4
SHA512 02e63037da041ae423078f2dabffd68c6ae3e9ce087240501fcb795591ce0d2e97417032652927145031c19cf2c7f162abe1b4f5a03e76975fa4af74ad495f14

C:\Windows\system\mHTNckh.exe

MD5 ac6512c605c348c5a6ed1ea03ac0dec9
SHA1 b6d14e2ab721d9870649fc7d776923ad700cc93f
SHA256 66c8f7056480cc509d843972bcbed11ca8986e4466ca111aab5cf9d3dd29560c
SHA512 1df22a388d81a2e1abc2ed34624881ea69955ed332ac31a0c7788cba89ddce443cdd94a735ede907c6a97fa41fdc115984c6c84ae3c1fc37bd4d76c720bdcd28

C:\Windows\system\ueLizHZ.exe

MD5 22986c5372db40d3bc11c3fb90ea67ab
SHA1 98d51864f3e66d7316790509ad042e09408f4111
SHA256 71c9835468c6f163b4595c8146a9f663405cb942c7121b0809f2eaeeaaa0643a
SHA512 8ab9c403f997c8ddaa132dce94060bf2a5f8c5e29e29099b2110f0f314c68c8e5d4245a413ffa257184b4d2bb15e5c15c00c5c580496d2bb071686eaed23181a

memory/2376-1070-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/1660-1071-0x0000000001F70000-0x00000000022C4000-memory.dmp

memory/1660-1072-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1660-1073-0x000000013F530000-0x000000013F884000-memory.dmp

memory/1608-1074-0x000000013F530000-0x000000013F884000-memory.dmp

memory/1660-1075-0x0000000001F70000-0x00000000022C4000-memory.dmp

memory/2028-1076-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/1660-1077-0x0000000001F70000-0x00000000022C4000-memory.dmp

memory/1244-1078-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/3008-1079-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2516-1080-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2600-1081-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2488-1082-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2408-1083-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2584-1084-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/2416-1085-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2324-1086-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2376-1087-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/1940-1088-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2772-1089-0x000000013F500000-0x000000013F854000-memory.dmp

memory/1608-1090-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2028-1091-0x000000013FB70000-0x000000013FEC4000-memory.dmp