Malware Analysis Report

2024-10-10 08:43

Sample ID 240605-hepvjagf5y
Target 4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe
SHA256 17b66ab52fd27a7cec299b9e3d9d933ae766a1e66292d9e30d61cea41bfd7aa9
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

17b66ab52fd27a7cec299b9e3d9d933ae766a1e66292d9e30d61cea41bfd7aa9

Threat Level: Known bad

The file 4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

XMRig Miner payload

xmrig

KPOT Core Executable

Kpot family

KPOT

Xmrig family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 06:39

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 06:39

Reported

2024-06-05 06:41

Platform

win7-20240220-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dVGPRcE.exe N/A
N/A N/A C:\Windows\System\xlHLGCH.exe N/A
N/A N/A C:\Windows\System\EPIhEVt.exe N/A
N/A N/A C:\Windows\System\vaimZCN.exe N/A
N/A N/A C:\Windows\System\jLaJnsT.exe N/A
N/A N/A C:\Windows\System\CaTFjqA.exe N/A
N/A N/A C:\Windows\System\OKFxXyy.exe N/A
N/A N/A C:\Windows\System\FhcdeTu.exe N/A
N/A N/A C:\Windows\System\JFvXgGn.exe N/A
N/A N/A C:\Windows\System\RneHBNt.exe N/A
N/A N/A C:\Windows\System\PDWjbNk.exe N/A
N/A N/A C:\Windows\System\SuFSdrf.exe N/A
N/A N/A C:\Windows\System\rGOwEyb.exe N/A
N/A N/A C:\Windows\System\jUjbBlO.exe N/A
N/A N/A C:\Windows\System\xPDZYNu.exe N/A
N/A N/A C:\Windows\System\OtPBiRV.exe N/A
N/A N/A C:\Windows\System\kYbrhpo.exe N/A
N/A N/A C:\Windows\System\epDHGsd.exe N/A
N/A N/A C:\Windows\System\fqWDfgy.exe N/A
N/A N/A C:\Windows\System\vwUUbvm.exe N/A
N/A N/A C:\Windows\System\uZFIAZC.exe N/A
N/A N/A C:\Windows\System\tamQiob.exe N/A
N/A N/A C:\Windows\System\LaHFhrv.exe N/A
N/A N/A C:\Windows\System\CXxElbU.exe N/A
N/A N/A C:\Windows\System\PaEfWsq.exe N/A
N/A N/A C:\Windows\System\uRgngoN.exe N/A
N/A N/A C:\Windows\System\rIYMLDU.exe N/A
N/A N/A C:\Windows\System\VCbbMQL.exe N/A
N/A N/A C:\Windows\System\cPJramn.exe N/A
N/A N/A C:\Windows\System\keZiKRK.exe N/A
N/A N/A C:\Windows\System\RoDSZdT.exe N/A
N/A N/A C:\Windows\System\sRcVcau.exe N/A
N/A N/A C:\Windows\System\WoSLkvu.exe N/A
N/A N/A C:\Windows\System\purInYR.exe N/A
N/A N/A C:\Windows\System\UQPKXxh.exe N/A
N/A N/A C:\Windows\System\RJTxPpa.exe N/A
N/A N/A C:\Windows\System\qjbvioE.exe N/A
N/A N/A C:\Windows\System\XueOcvZ.exe N/A
N/A N/A C:\Windows\System\Pnsofzq.exe N/A
N/A N/A C:\Windows\System\dOVlizl.exe N/A
N/A N/A C:\Windows\System\HVHcQrq.exe N/A
N/A N/A C:\Windows\System\rcuoqNM.exe N/A
N/A N/A C:\Windows\System\wuyDyfl.exe N/A
N/A N/A C:\Windows\System\dYCcten.exe N/A
N/A N/A C:\Windows\System\LvBmxyA.exe N/A
N/A N/A C:\Windows\System\ciKBShz.exe N/A
N/A N/A C:\Windows\System\bpoJVGo.exe N/A
N/A N/A C:\Windows\System\DCQnkXZ.exe N/A
N/A N/A C:\Windows\System\pBWUSjk.exe N/A
N/A N/A C:\Windows\System\XWvdNlS.exe N/A
N/A N/A C:\Windows\System\pJntpnD.exe N/A
N/A N/A C:\Windows\System\kVRrXPY.exe N/A
N/A N/A C:\Windows\System\nCyqENL.exe N/A
N/A N/A C:\Windows\System\AkFQQQB.exe N/A
N/A N/A C:\Windows\System\UjBhTbU.exe N/A
N/A N/A C:\Windows\System\jwjeuiJ.exe N/A
N/A N/A C:\Windows\System\VoOQRKI.exe N/A
N/A N/A C:\Windows\System\IDDmgjx.exe N/A
N/A N/A C:\Windows\System\jbTHSYV.exe N/A
N/A N/A C:\Windows\System\melnrUL.exe N/A
N/A N/A C:\Windows\System\MhZoMAN.exe N/A
N/A N/A C:\Windows\System\BzZgosG.exe N/A
N/A N/A C:\Windows\System\oxEoBPX.exe N/A
N/A N/A C:\Windows\System\ehqqAHK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\KZUWdry.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aamHdEX.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRACWyg.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDDmgjx.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQBcjHG.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaXvMTQ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAqqqHr.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkgOaCm.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbQZFWC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HpSYdyz.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcuoqNM.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRJeLZR.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoSLkvu.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzZgosG.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Zydmwrj.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwsjoUT.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CaTFjqA.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhcdeTu.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEefjaf.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNWEDfs.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JanmuMa.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LlMPGDl.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixQIpgx.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfjNWmw.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXwFbJh.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjYwpdR.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYJyKuH.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\URdshXp.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VTrbvmV.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGOwEyb.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fqWDfgy.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZhgpxj.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDcjILV.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YacXzoC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdbSryD.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPFuvFm.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uZFIAZC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEgzkcU.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEALPmi.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFfcvWr.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzHbJKf.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLaJnsT.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVRrXPY.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPPxZPk.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXSReml.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tamQiob.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\apCHBrn.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLSNRYX.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aGKIKHa.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQUfTyP.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzQNzgQ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xPDZYNu.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQPKXxh.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KHtKDbY.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJcaaKs.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjpesCy.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBIOPyi.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaEfWsq.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCQnkXZ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKWzQXv.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIkajHz.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOTLfOv.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZzlaax.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cReoYlR.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2308 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\dVGPRcE.exe
PID 2308 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\dVGPRcE.exe
PID 2308 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\dVGPRcE.exe
PID 2308 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\EPIhEVt.exe
PID 2308 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\EPIhEVt.exe
PID 2308 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\EPIhEVt.exe
PID 2308 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xlHLGCH.exe
PID 2308 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xlHLGCH.exe
PID 2308 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xlHLGCH.exe
PID 2308 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vaimZCN.exe
PID 2308 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vaimZCN.exe
PID 2308 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vaimZCN.exe
PID 2308 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jLaJnsT.exe
PID 2308 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jLaJnsT.exe
PID 2308 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jLaJnsT.exe
PID 2308 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\CaTFjqA.exe
PID 2308 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\CaTFjqA.exe
PID 2308 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\CaTFjqA.exe
PID 2308 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OKFxXyy.exe
PID 2308 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OKFxXyy.exe
PID 2308 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OKFxXyy.exe
PID 2308 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\FhcdeTu.exe
PID 2308 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\FhcdeTu.exe
PID 2308 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\FhcdeTu.exe
PID 2308 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\JFvXgGn.exe
PID 2308 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\JFvXgGn.exe
PID 2308 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\JFvXgGn.exe
PID 2308 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\RneHBNt.exe
PID 2308 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\RneHBNt.exe
PID 2308 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\RneHBNt.exe
PID 2308 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\PDWjbNk.exe
PID 2308 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\PDWjbNk.exe
PID 2308 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\PDWjbNk.exe
PID 2308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\SuFSdrf.exe
PID 2308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\SuFSdrf.exe
PID 2308 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\SuFSdrf.exe
PID 2308 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\rGOwEyb.exe
PID 2308 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\rGOwEyb.exe
PID 2308 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\rGOwEyb.exe
PID 2308 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jUjbBlO.exe
PID 2308 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jUjbBlO.exe
PID 2308 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jUjbBlO.exe
PID 2308 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OtPBiRV.exe
PID 2308 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OtPBiRV.exe
PID 2308 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OtPBiRV.exe
PID 2308 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xPDZYNu.exe
PID 2308 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xPDZYNu.exe
PID 2308 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xPDZYNu.exe
PID 2308 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\epDHGsd.exe
PID 2308 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\epDHGsd.exe
PID 2308 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\epDHGsd.exe
PID 2308 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\kYbrhpo.exe
PID 2308 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\kYbrhpo.exe
PID 2308 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\kYbrhpo.exe
PID 2308 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\fqWDfgy.exe
PID 2308 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\fqWDfgy.exe
PID 2308 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\fqWDfgy.exe
PID 2308 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vwUUbvm.exe
PID 2308 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vwUUbvm.exe
PID 2308 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\vwUUbvm.exe
PID 2308 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\uZFIAZC.exe
PID 2308 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\uZFIAZC.exe
PID 2308 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\uZFIAZC.exe
PID 2308 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\tamQiob.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe"

C:\Windows\System\dVGPRcE.exe

C:\Windows\System\dVGPRcE.exe

C:\Windows\System\EPIhEVt.exe

C:\Windows\System\EPIhEVt.exe

C:\Windows\System\xlHLGCH.exe

C:\Windows\System\xlHLGCH.exe

C:\Windows\System\vaimZCN.exe

C:\Windows\System\vaimZCN.exe

C:\Windows\System\jLaJnsT.exe

C:\Windows\System\jLaJnsT.exe

C:\Windows\System\CaTFjqA.exe

C:\Windows\System\CaTFjqA.exe

C:\Windows\System\OKFxXyy.exe

C:\Windows\System\OKFxXyy.exe

C:\Windows\System\FhcdeTu.exe

C:\Windows\System\FhcdeTu.exe

C:\Windows\System\JFvXgGn.exe

C:\Windows\System\JFvXgGn.exe

C:\Windows\System\RneHBNt.exe

C:\Windows\System\RneHBNt.exe

C:\Windows\System\PDWjbNk.exe

C:\Windows\System\PDWjbNk.exe

C:\Windows\System\SuFSdrf.exe

C:\Windows\System\SuFSdrf.exe

C:\Windows\System\rGOwEyb.exe

C:\Windows\System\rGOwEyb.exe

C:\Windows\System\jUjbBlO.exe

C:\Windows\System\jUjbBlO.exe

C:\Windows\System\OtPBiRV.exe

C:\Windows\System\OtPBiRV.exe

C:\Windows\System\xPDZYNu.exe

C:\Windows\System\xPDZYNu.exe

C:\Windows\System\epDHGsd.exe

C:\Windows\System\epDHGsd.exe

C:\Windows\System\kYbrhpo.exe

C:\Windows\System\kYbrhpo.exe

C:\Windows\System\fqWDfgy.exe

C:\Windows\System\fqWDfgy.exe

C:\Windows\System\vwUUbvm.exe

C:\Windows\System\vwUUbvm.exe

C:\Windows\System\uZFIAZC.exe

C:\Windows\System\uZFIAZC.exe

C:\Windows\System\tamQiob.exe

C:\Windows\System\tamQiob.exe

C:\Windows\System\LaHFhrv.exe

C:\Windows\System\LaHFhrv.exe

C:\Windows\System\CXxElbU.exe

C:\Windows\System\CXxElbU.exe

C:\Windows\System\PaEfWsq.exe

C:\Windows\System\PaEfWsq.exe

C:\Windows\System\uRgngoN.exe

C:\Windows\System\uRgngoN.exe

C:\Windows\System\rIYMLDU.exe

C:\Windows\System\rIYMLDU.exe

C:\Windows\System\VCbbMQL.exe

C:\Windows\System\VCbbMQL.exe

C:\Windows\System\cPJramn.exe

C:\Windows\System\cPJramn.exe

C:\Windows\System\keZiKRK.exe

C:\Windows\System\keZiKRK.exe

C:\Windows\System\RoDSZdT.exe

C:\Windows\System\RoDSZdT.exe

C:\Windows\System\sRcVcau.exe

C:\Windows\System\sRcVcau.exe

C:\Windows\System\WoSLkvu.exe

C:\Windows\System\WoSLkvu.exe

C:\Windows\System\purInYR.exe

C:\Windows\System\purInYR.exe

C:\Windows\System\UQPKXxh.exe

C:\Windows\System\UQPKXxh.exe

C:\Windows\System\RJTxPpa.exe

C:\Windows\System\RJTxPpa.exe

C:\Windows\System\qjbvioE.exe

C:\Windows\System\qjbvioE.exe

C:\Windows\System\XueOcvZ.exe

C:\Windows\System\XueOcvZ.exe

C:\Windows\System\Pnsofzq.exe

C:\Windows\System\Pnsofzq.exe

C:\Windows\System\dOVlizl.exe

C:\Windows\System\dOVlizl.exe

C:\Windows\System\HVHcQrq.exe

C:\Windows\System\HVHcQrq.exe

C:\Windows\System\rcuoqNM.exe

C:\Windows\System\rcuoqNM.exe

C:\Windows\System\wuyDyfl.exe

C:\Windows\System\wuyDyfl.exe

C:\Windows\System\dYCcten.exe

C:\Windows\System\dYCcten.exe

C:\Windows\System\LvBmxyA.exe

C:\Windows\System\LvBmxyA.exe

C:\Windows\System\ciKBShz.exe

C:\Windows\System\ciKBShz.exe

C:\Windows\System\bpoJVGo.exe

C:\Windows\System\bpoJVGo.exe

C:\Windows\System\DCQnkXZ.exe

C:\Windows\System\DCQnkXZ.exe

C:\Windows\System\pBWUSjk.exe

C:\Windows\System\pBWUSjk.exe

C:\Windows\System\XWvdNlS.exe

C:\Windows\System\XWvdNlS.exe

C:\Windows\System\pJntpnD.exe

C:\Windows\System\pJntpnD.exe

C:\Windows\System\kVRrXPY.exe

C:\Windows\System\kVRrXPY.exe

C:\Windows\System\nCyqENL.exe

C:\Windows\System\nCyqENL.exe

C:\Windows\System\AkFQQQB.exe

C:\Windows\System\AkFQQQB.exe

C:\Windows\System\UjBhTbU.exe

C:\Windows\System\UjBhTbU.exe

C:\Windows\System\jwjeuiJ.exe

C:\Windows\System\jwjeuiJ.exe

C:\Windows\System\VoOQRKI.exe

C:\Windows\System\VoOQRKI.exe

C:\Windows\System\IDDmgjx.exe

C:\Windows\System\IDDmgjx.exe

C:\Windows\System\jbTHSYV.exe

C:\Windows\System\jbTHSYV.exe

C:\Windows\System\melnrUL.exe

C:\Windows\System\melnrUL.exe

C:\Windows\System\BzZgosG.exe

C:\Windows\System\BzZgosG.exe

C:\Windows\System\MhZoMAN.exe

C:\Windows\System\MhZoMAN.exe

C:\Windows\System\oxEoBPX.exe

C:\Windows\System\oxEoBPX.exe

C:\Windows\System\ehqqAHK.exe

C:\Windows\System\ehqqAHK.exe

C:\Windows\System\nGVPmCn.exe

C:\Windows\System\nGVPmCn.exe

C:\Windows\System\OOcKMcl.exe

C:\Windows\System\OOcKMcl.exe

C:\Windows\System\bLlfKaL.exe

C:\Windows\System\bLlfKaL.exe

C:\Windows\System\QMzahNY.exe

C:\Windows\System\QMzahNY.exe

C:\Windows\System\tXVNTJX.exe

C:\Windows\System\tXVNTJX.exe

C:\Windows\System\lKmRsVl.exe

C:\Windows\System\lKmRsVl.exe

C:\Windows\System\dSxAyoj.exe

C:\Windows\System\dSxAyoj.exe

C:\Windows\System\OfOtGPu.exe

C:\Windows\System\OfOtGPu.exe

C:\Windows\System\etMcISB.exe

C:\Windows\System\etMcISB.exe

C:\Windows\System\mXNPWEl.exe

C:\Windows\System\mXNPWEl.exe

C:\Windows\System\ccjTfOJ.exe

C:\Windows\System\ccjTfOJ.exe

C:\Windows\System\ZRJeLZR.exe

C:\Windows\System\ZRJeLZR.exe

C:\Windows\System\mEPLAQO.exe

C:\Windows\System\mEPLAQO.exe

C:\Windows\System\IWrhnEE.exe

C:\Windows\System\IWrhnEE.exe

C:\Windows\System\OirAZTs.exe

C:\Windows\System\OirAZTs.exe

C:\Windows\System\umtPQmd.exe

C:\Windows\System\umtPQmd.exe

C:\Windows\System\WnyNQkn.exe

C:\Windows\System\WnyNQkn.exe

C:\Windows\System\TYffgdW.exe

C:\Windows\System\TYffgdW.exe

C:\Windows\System\MfBUUcm.exe

C:\Windows\System\MfBUUcm.exe

C:\Windows\System\gZIEhWG.exe

C:\Windows\System\gZIEhWG.exe

C:\Windows\System\AKWObAy.exe

C:\Windows\System\AKWObAy.exe

C:\Windows\System\vgiPQkD.exe

C:\Windows\System\vgiPQkD.exe

C:\Windows\System\ixQIpgx.exe

C:\Windows\System\ixQIpgx.exe

C:\Windows\System\cmqSZWq.exe

C:\Windows\System\cmqSZWq.exe

C:\Windows\System\rwWwoPk.exe

C:\Windows\System\rwWwoPk.exe

C:\Windows\System\hwHfdag.exe

C:\Windows\System\hwHfdag.exe

C:\Windows\System\BkBEULj.exe

C:\Windows\System\BkBEULj.exe

C:\Windows\System\cXwFbJh.exe

C:\Windows\System\cXwFbJh.exe

C:\Windows\System\QbJgKqn.exe

C:\Windows\System\QbJgKqn.exe

C:\Windows\System\YnvDhiE.exe

C:\Windows\System\YnvDhiE.exe

C:\Windows\System\gjYwpdR.exe

C:\Windows\System\gjYwpdR.exe

C:\Windows\System\EhZYVjJ.exe

C:\Windows\System\EhZYVjJ.exe

C:\Windows\System\StHdJOF.exe

C:\Windows\System\StHdJOF.exe

C:\Windows\System\zqXBXll.exe

C:\Windows\System\zqXBXll.exe

C:\Windows\System\fPdeHYS.exe

C:\Windows\System\fPdeHYS.exe

C:\Windows\System\QrYcCaN.exe

C:\Windows\System\QrYcCaN.exe

C:\Windows\System\WTclpqq.exe

C:\Windows\System\WTclpqq.exe

C:\Windows\System\QeEyBrW.exe

C:\Windows\System\QeEyBrW.exe

C:\Windows\System\flBcvJG.exe

C:\Windows\System\flBcvJG.exe

C:\Windows\System\CqjRHXP.exe

C:\Windows\System\CqjRHXP.exe

C:\Windows\System\sLZfBeP.exe

C:\Windows\System\sLZfBeP.exe

C:\Windows\System\xAElxYP.exe

C:\Windows\System\xAElxYP.exe

C:\Windows\System\miloNdI.exe

C:\Windows\System\miloNdI.exe

C:\Windows\System\qdOsHkb.exe

C:\Windows\System\qdOsHkb.exe

C:\Windows\System\pfjNWmw.exe

C:\Windows\System\pfjNWmw.exe

C:\Windows\System\pnTTBMk.exe

C:\Windows\System\pnTTBMk.exe

C:\Windows\System\SOTLfOv.exe

C:\Windows\System\SOTLfOv.exe

C:\Windows\System\GYVKCXn.exe

C:\Windows\System\GYVKCXn.exe

C:\Windows\System\XXItYPW.exe

C:\Windows\System\XXItYPW.exe

C:\Windows\System\aImZEQg.exe

C:\Windows\System\aImZEQg.exe

C:\Windows\System\moOevtA.exe

C:\Windows\System\moOevtA.exe

C:\Windows\System\kbBypHQ.exe

C:\Windows\System\kbBypHQ.exe

C:\Windows\System\SLSNRYX.exe

C:\Windows\System\SLSNRYX.exe

C:\Windows\System\YqEOBGg.exe

C:\Windows\System\YqEOBGg.exe

C:\Windows\System\XMIRpfE.exe

C:\Windows\System\XMIRpfE.exe

C:\Windows\System\FVgkugE.exe

C:\Windows\System\FVgkugE.exe

C:\Windows\System\ZYRpsnV.exe

C:\Windows\System\ZYRpsnV.exe

C:\Windows\System\QpEQUxP.exe

C:\Windows\System\QpEQUxP.exe

C:\Windows\System\DGixxFb.exe

C:\Windows\System\DGixxFb.exe

C:\Windows\System\hFDyEXT.exe

C:\Windows\System\hFDyEXT.exe

C:\Windows\System\MlxNYuH.exe

C:\Windows\System\MlxNYuH.exe

C:\Windows\System\RADiWpF.exe

C:\Windows\System\RADiWpF.exe

C:\Windows\System\BsntsEh.exe

C:\Windows\System\BsntsEh.exe

C:\Windows\System\BEgzkcU.exe

C:\Windows\System\BEgzkcU.exe

C:\Windows\System\OQBcjHG.exe

C:\Windows\System\OQBcjHG.exe

C:\Windows\System\UDUPsXP.exe

C:\Windows\System\UDUPsXP.exe

C:\Windows\System\pEALPmi.exe

C:\Windows\System\pEALPmi.exe

C:\Windows\System\WaXvMTQ.exe

C:\Windows\System\WaXvMTQ.exe

C:\Windows\System\eOtdxbd.exe

C:\Windows\System\eOtdxbd.exe

C:\Windows\System\xPfYZil.exe

C:\Windows\System\xPfYZil.exe

C:\Windows\System\WHTpHdp.exe

C:\Windows\System\WHTpHdp.exe

C:\Windows\System\LTgpUJt.exe

C:\Windows\System\LTgpUJt.exe

C:\Windows\System\gGifbgb.exe

C:\Windows\System\gGifbgb.exe

C:\Windows\System\Zydmwrj.exe

C:\Windows\System\Zydmwrj.exe

C:\Windows\System\HwsjoUT.exe

C:\Windows\System\HwsjoUT.exe

C:\Windows\System\KEefjaf.exe

C:\Windows\System\KEefjaf.exe

C:\Windows\System\QhstueT.exe

C:\Windows\System\QhstueT.exe

C:\Windows\System\iZhgpxj.exe

C:\Windows\System\iZhgpxj.exe

C:\Windows\System\wRJpHrX.exe

C:\Windows\System\wRJpHrX.exe

C:\Windows\System\egIMczq.exe

C:\Windows\System\egIMczq.exe

C:\Windows\System\IZzlaax.exe

C:\Windows\System\IZzlaax.exe

C:\Windows\System\SSuzcXJ.exe

C:\Windows\System\SSuzcXJ.exe

C:\Windows\System\ZgUxCJw.exe

C:\Windows\System\ZgUxCJw.exe

C:\Windows\System\vHDDOjH.exe

C:\Windows\System\vHDDOjH.exe

C:\Windows\System\BNkUjLF.exe

C:\Windows\System\BNkUjLF.exe

C:\Windows\System\hKbQZnO.exe

C:\Windows\System\hKbQZnO.exe

C:\Windows\System\mMAoNIG.exe

C:\Windows\System\mMAoNIG.exe

C:\Windows\System\BMnRtOr.exe

C:\Windows\System\BMnRtOr.exe

C:\Windows\System\ITyXIfG.exe

C:\Windows\System\ITyXIfG.exe

C:\Windows\System\qhSKnUl.exe

C:\Windows\System\qhSKnUl.exe

C:\Windows\System\CKmcGAI.exe

C:\Windows\System\CKmcGAI.exe

C:\Windows\System\oQTqhIf.exe

C:\Windows\System\oQTqhIf.exe

C:\Windows\System\ytKWuiO.exe

C:\Windows\System\ytKWuiO.exe

C:\Windows\System\KQeeFTP.exe

C:\Windows\System\KQeeFTP.exe

C:\Windows\System\wKWzQXv.exe

C:\Windows\System\wKWzQXv.exe

C:\Windows\System\QDNPQJT.exe

C:\Windows\System\QDNPQJT.exe

C:\Windows\System\cirxpQE.exe

C:\Windows\System\cirxpQE.exe

C:\Windows\System\kxHKAGM.exe

C:\Windows\System\kxHKAGM.exe

C:\Windows\System\ElsiMLa.exe

C:\Windows\System\ElsiMLa.exe

C:\Windows\System\lKjkxcw.exe

C:\Windows\System\lKjkxcw.exe

C:\Windows\System\BdGSVBv.exe

C:\Windows\System\BdGSVBv.exe

C:\Windows\System\TvQfERy.exe

C:\Windows\System\TvQfERy.exe

C:\Windows\System\tMwiLZe.exe

C:\Windows\System\tMwiLZe.exe

C:\Windows\System\yzRktGX.exe

C:\Windows\System\yzRktGX.exe

C:\Windows\System\SqozVPX.exe

C:\Windows\System\SqozVPX.exe

C:\Windows\System\mepmOnp.exe

C:\Windows\System\mepmOnp.exe

C:\Windows\System\PGMChrC.exe

C:\Windows\System\PGMChrC.exe

C:\Windows\System\LvlGZrw.exe

C:\Windows\System\LvlGZrw.exe

C:\Windows\System\SlofIbm.exe

C:\Windows\System\SlofIbm.exe

C:\Windows\System\cReoYlR.exe

C:\Windows\System\cReoYlR.exe

C:\Windows\System\KZUWdry.exe

C:\Windows\System\KZUWdry.exe

C:\Windows\System\PRKRxUb.exe

C:\Windows\System\PRKRxUb.exe

C:\Windows\System\TGcAdXk.exe

C:\Windows\System\TGcAdXk.exe

C:\Windows\System\fUFANMZ.exe

C:\Windows\System\fUFANMZ.exe

C:\Windows\System\aamHdEX.exe

C:\Windows\System\aamHdEX.exe

C:\Windows\System\RpSLihV.exe

C:\Windows\System\RpSLihV.exe

C:\Windows\System\ImVZLYM.exe

C:\Windows\System\ImVZLYM.exe

C:\Windows\System\xMMeyaE.exe

C:\Windows\System\xMMeyaE.exe

C:\Windows\System\XRACWyg.exe

C:\Windows\System\XRACWyg.exe

C:\Windows\System\RkpHzOC.exe

C:\Windows\System\RkpHzOC.exe

C:\Windows\System\XdidPvZ.exe

C:\Windows\System\XdidPvZ.exe

C:\Windows\System\vZSFNPX.exe

C:\Windows\System\vZSFNPX.exe

C:\Windows\System\CYJyKuH.exe

C:\Windows\System\CYJyKuH.exe

C:\Windows\System\KFfcvWr.exe

C:\Windows\System\KFfcvWr.exe

C:\Windows\System\OhGyBlD.exe

C:\Windows\System\OhGyBlD.exe

C:\Windows\System\XPAiGAi.exe

C:\Windows\System\XPAiGAi.exe

C:\Windows\System\TUFLTXT.exe

C:\Windows\System\TUFLTXT.exe

C:\Windows\System\uuzotDF.exe

C:\Windows\System\uuzotDF.exe

C:\Windows\System\OeQTnKx.exe

C:\Windows\System\OeQTnKx.exe

C:\Windows\System\UzwTujf.exe

C:\Windows\System\UzwTujf.exe

C:\Windows\System\urOKgEa.exe

C:\Windows\System\urOKgEa.exe

C:\Windows\System\apCHBrn.exe

C:\Windows\System\apCHBrn.exe

C:\Windows\System\qcIorOh.exe

C:\Windows\System\qcIorOh.exe

C:\Windows\System\qESschh.exe

C:\Windows\System\qESschh.exe

C:\Windows\System\IZjwkNT.exe

C:\Windows\System\IZjwkNT.exe

C:\Windows\System\aGKIKHa.exe

C:\Windows\System\aGKIKHa.exe

C:\Windows\System\HPrshtG.exe

C:\Windows\System\HPrshtG.exe

C:\Windows\System\onZlPCo.exe

C:\Windows\System\onZlPCo.exe

C:\Windows\System\KHtKDbY.exe

C:\Windows\System\KHtKDbY.exe

C:\Windows\System\QoChylN.exe

C:\Windows\System\QoChylN.exe

C:\Windows\System\RRaXYBW.exe

C:\Windows\System\RRaXYBW.exe

C:\Windows\System\VhdhJyW.exe

C:\Windows\System\VhdhJyW.exe

C:\Windows\System\uzNfMCW.exe

C:\Windows\System\uzNfMCW.exe

C:\Windows\System\JkvhJYl.exe

C:\Windows\System\JkvhJYl.exe

C:\Windows\System\mAqqqHr.exe

C:\Windows\System\mAqqqHr.exe

C:\Windows\System\HIpyNBX.exe

C:\Windows\System\HIpyNBX.exe

C:\Windows\System\pPPxZPk.exe

C:\Windows\System\pPPxZPk.exe

C:\Windows\System\GFMavqH.exe

C:\Windows\System\GFMavqH.exe

C:\Windows\System\Vgqlzfd.exe

C:\Windows\System\Vgqlzfd.exe

C:\Windows\System\pkznBAm.exe

C:\Windows\System\pkznBAm.exe

C:\Windows\System\jvJKISo.exe

C:\Windows\System\jvJKISo.exe

C:\Windows\System\Ztpjrau.exe

C:\Windows\System\Ztpjrau.exe

C:\Windows\System\DDcjILV.exe

C:\Windows\System\DDcjILV.exe

C:\Windows\System\WNWEDfs.exe

C:\Windows\System\WNWEDfs.exe

C:\Windows\System\jvfbhCz.exe

C:\Windows\System\jvfbhCz.exe

C:\Windows\System\ljkkuCG.exe

C:\Windows\System\ljkkuCG.exe

C:\Windows\System\IzifoAS.exe

C:\Windows\System\IzifoAS.exe

C:\Windows\System\sWIqbZe.exe

C:\Windows\System\sWIqbZe.exe

C:\Windows\System\USnwicd.exe

C:\Windows\System\USnwicd.exe

C:\Windows\System\bweSfwS.exe

C:\Windows\System\bweSfwS.exe

C:\Windows\System\ehwbUAg.exe

C:\Windows\System\ehwbUAg.exe

C:\Windows\System\YacXzoC.exe

C:\Windows\System\YacXzoC.exe

C:\Windows\System\BuKJfiP.exe

C:\Windows\System\BuKJfiP.exe

C:\Windows\System\XJcaaKs.exe

C:\Windows\System\XJcaaKs.exe

C:\Windows\System\PyoPSkP.exe

C:\Windows\System\PyoPSkP.exe

C:\Windows\System\rdbSryD.exe

C:\Windows\System\rdbSryD.exe

C:\Windows\System\XsZBJMh.exe

C:\Windows\System\XsZBJMh.exe

C:\Windows\System\NEHPUnZ.exe

C:\Windows\System\NEHPUnZ.exe

C:\Windows\System\muyIlDc.exe

C:\Windows\System\muyIlDc.exe

C:\Windows\System\zOvWEvx.exe

C:\Windows\System\zOvWEvx.exe

C:\Windows\System\IXvziOt.exe

C:\Windows\System\IXvziOt.exe

C:\Windows\System\dZJJeaY.exe

C:\Windows\System\dZJJeaY.exe

C:\Windows\System\HmWxndi.exe

C:\Windows\System\HmWxndi.exe

C:\Windows\System\wvURCUx.exe

C:\Windows\System\wvURCUx.exe

C:\Windows\System\XQXsNgF.exe

C:\Windows\System\XQXsNgF.exe

C:\Windows\System\kxXjJCB.exe

C:\Windows\System\kxXjJCB.exe

C:\Windows\System\kRqwVhr.exe

C:\Windows\System\kRqwVhr.exe

C:\Windows\System\sbhoCUf.exe

C:\Windows\System\sbhoCUf.exe

C:\Windows\System\luNvhAM.exe

C:\Windows\System\luNvhAM.exe

C:\Windows\System\HXSReml.exe

C:\Windows\System\HXSReml.exe

C:\Windows\System\KTlMfYU.exe

C:\Windows\System\KTlMfYU.exe

C:\Windows\System\frTjtlT.exe

C:\Windows\System\frTjtlT.exe

C:\Windows\System\BPjJCTI.exe

C:\Windows\System\BPjJCTI.exe

C:\Windows\System\JGKsxwW.exe

C:\Windows\System\JGKsxwW.exe

C:\Windows\System\GjpesCy.exe

C:\Windows\System\GjpesCy.exe

C:\Windows\System\FpPtDih.exe

C:\Windows\System\FpPtDih.exe

C:\Windows\System\IggbHcp.exe

C:\Windows\System\IggbHcp.exe

C:\Windows\System\vxVfavH.exe

C:\Windows\System\vxVfavH.exe

C:\Windows\System\wzCHrdA.exe

C:\Windows\System\wzCHrdA.exe

C:\Windows\System\qcSLCOb.exe

C:\Windows\System\qcSLCOb.exe

C:\Windows\System\rwoGcll.exe

C:\Windows\System\rwoGcll.exe

C:\Windows\System\mmaQjaf.exe

C:\Windows\System\mmaQjaf.exe

C:\Windows\System\Mcwgufw.exe

C:\Windows\System\Mcwgufw.exe

C:\Windows\System\URdshXp.exe

C:\Windows\System\URdshXp.exe

C:\Windows\System\jdcqjSZ.exe

C:\Windows\System\jdcqjSZ.exe

C:\Windows\System\WZiEaxH.exe

C:\Windows\System\WZiEaxH.exe

C:\Windows\System\aQUfTyP.exe

C:\Windows\System\aQUfTyP.exe

C:\Windows\System\JanmuMa.exe

C:\Windows\System\JanmuMa.exe

C:\Windows\System\KjtAZjt.exe

C:\Windows\System\KjtAZjt.exe

C:\Windows\System\dkgOaCm.exe

C:\Windows\System\dkgOaCm.exe

C:\Windows\System\HBVbWIE.exe

C:\Windows\System\HBVbWIE.exe

C:\Windows\System\qjcDcuX.exe

C:\Windows\System\qjcDcuX.exe

C:\Windows\System\AwOhTGD.exe

C:\Windows\System\AwOhTGD.exe

C:\Windows\System\ThAqxeT.exe

C:\Windows\System\ThAqxeT.exe

C:\Windows\System\pnPxgVX.exe

C:\Windows\System\pnPxgVX.exe

C:\Windows\System\htfIYww.exe

C:\Windows\System\htfIYww.exe

C:\Windows\System\mrbbkEV.exe

C:\Windows\System\mrbbkEV.exe

C:\Windows\System\IzalAuT.exe

C:\Windows\System\IzalAuT.exe

C:\Windows\System\ugLBGSe.exe

C:\Windows\System\ugLBGSe.exe

C:\Windows\System\MItpsLv.exe

C:\Windows\System\MItpsLv.exe

C:\Windows\System\QhHNJhu.exe

C:\Windows\System\QhHNJhu.exe

C:\Windows\System\romvPJg.exe

C:\Windows\System\romvPJg.exe

C:\Windows\System\MsEeRIA.exe

C:\Windows\System\MsEeRIA.exe

C:\Windows\System\hMRrwIB.exe

C:\Windows\System\hMRrwIB.exe

C:\Windows\System\RMlaOTm.exe

C:\Windows\System\RMlaOTm.exe

C:\Windows\System\RcKEaPG.exe

C:\Windows\System\RcKEaPG.exe

C:\Windows\System\GzQNzgQ.exe

C:\Windows\System\GzQNzgQ.exe

C:\Windows\System\ewOPAqi.exe

C:\Windows\System\ewOPAqi.exe

C:\Windows\System\SDguFxF.exe

C:\Windows\System\SDguFxF.exe

C:\Windows\System\shfUvWc.exe

C:\Windows\System\shfUvWc.exe

C:\Windows\System\VTrbvmV.exe

C:\Windows\System\VTrbvmV.exe

C:\Windows\System\odYkoDF.exe

C:\Windows\System\odYkoDF.exe

C:\Windows\System\SnhiDXb.exe

C:\Windows\System\SnhiDXb.exe

C:\Windows\System\RPzIwbY.exe

C:\Windows\System\RPzIwbY.exe

C:\Windows\System\qIkajHz.exe

C:\Windows\System\qIkajHz.exe

C:\Windows\System\LlMPGDl.exe

C:\Windows\System\LlMPGDl.exe

C:\Windows\System\ghRkmin.exe

C:\Windows\System\ghRkmin.exe

C:\Windows\System\WBbCOGD.exe

C:\Windows\System\WBbCOGD.exe

C:\Windows\System\kBSolbk.exe

C:\Windows\System\kBSolbk.exe

C:\Windows\System\kzHbJKf.exe

C:\Windows\System\kzHbJKf.exe

C:\Windows\System\CBIOPyi.exe

C:\Windows\System\CBIOPyi.exe

C:\Windows\System\vbddkkV.exe

C:\Windows\System\vbddkkV.exe

C:\Windows\System\PWSkjGk.exe

C:\Windows\System\PWSkjGk.exe

C:\Windows\System\iFdCvcO.exe

C:\Windows\System\iFdCvcO.exe

C:\Windows\System\bIWkFyL.exe

C:\Windows\System\bIWkFyL.exe

C:\Windows\System\ZogWOzY.exe

C:\Windows\System\ZogWOzY.exe

C:\Windows\System\XBzXXzw.exe

C:\Windows\System\XBzXXzw.exe

C:\Windows\System\FpTVHiK.exe

C:\Windows\System\FpTVHiK.exe

C:\Windows\System\NwcetHl.exe

C:\Windows\System\NwcetHl.exe

C:\Windows\System\QHgdiAJ.exe

C:\Windows\System\QHgdiAJ.exe

C:\Windows\System\GdyqhWV.exe

C:\Windows\System\GdyqhWV.exe

C:\Windows\System\cgEyRVQ.exe

C:\Windows\System\cgEyRVQ.exe

C:\Windows\System\glZDRcj.exe

C:\Windows\System\glZDRcj.exe

C:\Windows\System\jbQZFWC.exe

C:\Windows\System\jbQZFWC.exe

C:\Windows\System\nPFuvFm.exe

C:\Windows\System\nPFuvFm.exe

C:\Windows\System\fCIuQCL.exe

C:\Windows\System\fCIuQCL.exe

C:\Windows\System\DSXhODE.exe

C:\Windows\System\DSXhODE.exe

C:\Windows\System\InkCRPH.exe

C:\Windows\System\InkCRPH.exe

C:\Windows\System\CuidMHq.exe

C:\Windows\System\CuidMHq.exe

C:\Windows\System\CztJCad.exe

C:\Windows\System\CztJCad.exe

C:\Windows\System\ZzXAiPC.exe

C:\Windows\System\ZzXAiPC.exe

C:\Windows\System\SCCDYHE.exe

C:\Windows\System\SCCDYHE.exe

C:\Windows\System\sFLnbtA.exe

C:\Windows\System\sFLnbtA.exe

C:\Windows\System\ONnGZrM.exe

C:\Windows\System\ONnGZrM.exe

C:\Windows\System\HpSYdyz.exe

C:\Windows\System\HpSYdyz.exe

C:\Windows\System\mliwKxk.exe

C:\Windows\System\mliwKxk.exe

C:\Windows\System\WfvKAEk.exe

C:\Windows\System\WfvKAEk.exe

C:\Windows\System\PqOjhkp.exe

C:\Windows\System\PqOjhkp.exe

C:\Windows\System\CSfsfse.exe

C:\Windows\System\CSfsfse.exe

C:\Windows\System\ApISGTW.exe

C:\Windows\System\ApISGTW.exe

C:\Windows\System\YDAaweY.exe

C:\Windows\System\YDAaweY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2308-0-0x0000000000100000-0x0000000000110000-memory.dmp

memory/2308-2-0x000000013F630000-0x000000013F984000-memory.dmp

\Windows\system\dVGPRcE.exe

MD5 54f824b943ab24dd9af94f6b667bd105
SHA1 b66cc633bc1093f018dcc2c99536161e30b6cf0f
SHA256 0fb8cfa12f514b33abd991646a20927b3695ab06a4edb88771560bb018695a55
SHA512 c731d948cc20691dcc3167b32dea94dc8c5a9a88fe07d9ff7adc6f966ed50612f915be5322b1c5c5fa190682f91794c4ddccb20e9b062ffec5a28644636a0828

memory/1252-9-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2308-7-0x000000013FEB0000-0x0000000140204000-memory.dmp

\Windows\system\xlHLGCH.exe

MD5 7a4fd55d336c31c26eb04f036b673a95
SHA1 daa9266bf9c8d91b9ed19d728c6e1c8d6edc8e1b
SHA256 88501ad57097f2da9481b04e8287a6f640930e1c1fa910781be7cf9814812d1c
SHA512 3183ec05d89d70432996636d5645f053129db30c16d856be8ef11afc07e43218c61d62960eae26234506a80a2a3891dd72722641ed5ebc5041afb3f3548cb1e1

memory/1748-22-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2652-21-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2308-20-0x00000000020A0000-0x00000000023F4000-memory.dmp

C:\Windows\system\EPIhEVt.exe

MD5 68c2b41293191b06f15b80b59f47300f
SHA1 48c1d9aa4ea93b97cd065e7791dab538bcc20174
SHA256 9f8958897fbcd7cbf41b45063bbd68418dc638e6d80d79883aa71b828cee5691
SHA512 9685e952278e53935c67be17295bb2bb5b48113ea5f8f24a32858a8156a75ecbb51f44becfcda8a6e2515ba207f1c5816f324a3cfa7b034ca263e2c307f21f23

\Windows\system\vaimZCN.exe

MD5 d010f2e852bf1a52dd6790f8c40fc165
SHA1 d4fa855a9122b80ff6b0fdcbec47367aec211fd8
SHA256 c9cd1a64ef650875c5f87b8806c5c2863ad5c3492471ba484dc4c4cc22f702af
SHA512 8e8724aabf1ed2fc54edde4e53ee50fbcca7af239a1e9970fe52c9588727b72b4b09899ec46c6a2bad7302e69670fa85c4ee53e2537ed07a5aea68dfdff3f2c8

\Windows\system\jLaJnsT.exe

MD5 dfae48b2a17c2c869a394ed67a7aa606
SHA1 746f861e4e99a4628a9135e67fa2e051ba31fd9a
SHA256 67df75aa53264467e93c08bbd934d86ac763102cc435372027a8b5359bb44af7
SHA512 9060a7c1000c2364c8f9c80c142ef44d41792df9234c72f74c73bcd4c39b19f093f5ae0cd916b3348ab18182f50271a0d790a1cc907dcc3d598256dce7227efd

memory/2308-33-0x000000013FDB0000-0x0000000140104000-memory.dmp

C:\Windows\system\CaTFjqA.exe

MD5 75ff5eeed646b142945cc89d513fa7d3
SHA1 038536b2c79839c6985d1fb959b11bcfa8c2552d
SHA256 b70fd15e13e351767d9315ef4ae94cbed407d80543abe613b077bd2072fa8471
SHA512 dc7121032f9b5f70ac6efbfe41b1360efb794c9dd095a88265bcb964ac0746e54ebf639236442fa66e390493aecd5e0043e4a916d1ee61d808080d184bcb5b70

memory/2700-40-0x000000013F270000-0x000000013F5C4000-memory.dmp

C:\Windows\system\FhcdeTu.exe

MD5 642449b2354b122bb7c18a1aed965a68
SHA1 eac5999c3a973cd3bceb75ca88afd091f59c2aea
SHA256 0946f0d40347e1ecd3985fb1578f8a22f974138edfe0a70e62691fe6f645fd6a
SHA512 f407d0b52a3e168d1fc9db80c222794ab52b45396e34d6d5a542266f6d15e43b425ac8a1197cd5d05a83190097b0537c9cb8751d9886599cc5816af81c34e5d1

C:\Windows\system\OKFxXyy.exe

MD5 6b2d669ebc1bab80809c67048c9fcd0a
SHA1 57519ad8e40b372670bd3916228c8bfde80c47b0
SHA256 70bc68dec0740b06fa88b459423a8aaf95bac590c4083f951fa3da8e25f453f0
SHA512 adc666f38fc1b11db2a9c97b6bbbee85d9b05cfd5a4c5fce36af7cb605b22aa6b65f98eb7da257adc0d45d5d58ca0218f8e8e99c564ef37aea9907de4cbe66ac

memory/2920-54-0x000000013F860000-0x000000013FBB4000-memory.dmp

C:\Windows\system\JFvXgGn.exe

MD5 c11fb86e28a58658b65924174c0fc96e
SHA1 02018b80fdbe6d5b81d0dd5b5da20eb6db81a3e7
SHA256 262047d9d1ea66cec24ade79e30add805e41611ae3ad4bc8cfa32a1afcb9d136
SHA512 01cb90711ce3e0efefcfeef90793a1a1daa68f1bf4327846245891601c0d3b52c27a0ddf93159987f1d5279bcd0812b78ee703af6be78741008c47f7847df440

memory/2692-59-0x000000013FBC0000-0x000000013FF14000-memory.dmp

memory/2732-53-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2308-52-0x000000013F630000-0x000000013F984000-memory.dmp

memory/2308-39-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2660-35-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2568-31-0x000000013FE40000-0x0000000140194000-memory.dmp

C:\Windows\system\RneHBNt.exe

MD5 ea4bfc8ec85488da3fa577b9113a40b5
SHA1 54bc0f004597e0898916e57e9e925a3348ff1c40
SHA256 df433cadacec61ff9a490f2c3659d6970140e1fd152482b2d27a21ecbf60ba20
SHA512 e845239ccdaba1f03ad3cd0959dccb5152be2712621cc2e37873e43ac8ef19bae16d852896d5ee86b1b87a43693f96291e14feb8d6837268c6a581b6599c7af1

C:\Windows\system\PDWjbNk.exe

MD5 f46a3af1347f7150c9c0939915f56f51
SHA1 98c2ace70825da89d78585a5ba7b32af0f553693
SHA256 053faed216e4f463de408a050c06d6d80782443e006d6e8c3f78cc94296887b0
SHA512 24fefd9b76ae658e69db31ffdb2cc3f65e61a2ebde84f174142af16606709cb89f83b7b5e45f1a198d67b265fa050b92c058fa320922e5ee609732add395df44

C:\Windows\system\SuFSdrf.exe

MD5 8126aa930b031d1571e47e1229df7c46
SHA1 3c82eef062844f39ef14b8e8e2dde5f8e28acd57
SHA256 b733ecce89d3885accbbeec49403c7c19b6825179db4c377f6189caeb74d9ba1
SHA512 820546a629e5bdd9189ee8b9f6dd15dc3d97b15206ba962c820c8e5acb507483a8b72fb83385081bc164ee6880f45999afecace3d5c5a71ec3d74d8ed95e417f

\Windows\system\OtPBiRV.exe

MD5 8eb622c093255c8aaea4dd7e3b97ecc6
SHA1 ff00abfbeaab05518388b4e682dbd236baffea95
SHA256 42e7c76178bfb3ecafcbe77b3fa1062cbdef8a30360ec5265a64891a27171153
SHA512 54d8da8c4f245aa0939f5c592423f07af045a34467416ad8b5519df842a3e5b09a37f4f16e8e0421ea4dcccd6c6edddb861330bd01a573863046590998ad212a

memory/2308-93-0x00000000020A0000-0x00000000023F4000-memory.dmp

\Windows\system\kYbrhpo.exe

MD5 241c2f3f07831bee0c227f2329a9507e
SHA1 f1fbd0ec5f2d7cafc942d262a5b60c3e35c3abf6
SHA256 bd6a652303e88ca2ea35af228672cc6d3eb776e707ce17ccb9ab38bcd2d60789
SHA512 b9f1b6b1249e2b2ef41970f04f13dbe79cff1c58c55fe04dc11486edf9d20d906185c5b8e9403260dbee7eef2d6f31fe5e34eb1a767d5a003879135c5e44a0f0

\Windows\system\xPDZYNu.exe

MD5 0c64ee4bc20b47ef03748c13e3d845cb
SHA1 da02214a90bdc80869ebabb06a26fdaf2c579941
SHA256 f3b2e76db1913cd0ff7213ee6bad10be58427fc55e3ed65ccd695ed480235107
SHA512 5a89b2d7f1aeaaa4f4dedc2af3080002bcd909bbf5f97a234e626c94b7d10599c479723246be3a73994171ee2c9e89faccd85c1eff9051dff5262b4931e1a6d0

C:\Windows\system\fqWDfgy.exe

MD5 97dcdd6c72ff1bef7700bd3936d5ef4a
SHA1 becf7af75e1998e7e8829caa44e8a7ec74b89401
SHA256 bea6b9903132510e6415d3b0ea6e2db41730f88e380147248695241b10a2c0fb
SHA512 7e05ff08a5edc6fb5dfb18f230332235f8e2bf8d0a1c4dc0d1951df1ccf5bdf08fc9ab945794bb6c9ec1fa1d7b96a4bb612282d41a18fa6793919210534c6bad

C:\Windows\system\tamQiob.exe

MD5 e16b9d7ae2fba512ddcb5aafa93e02c5
SHA1 227851c4975258ff28a0a8910d2cb0a0356eb997
SHA256 a4abdf695bcbfc28247c9faf571f5c92542b0cc413d2d7da4e3b896ad4b29db8
SHA512 8b5e747ef91c71cc4a121240b4f872bd0bee315ff48c44c99a7763ef9f4a0f56e892f107dd8f1e037bb5baf6c190454297329d8e2a97a2d3bf0109fffd7c6355

C:\Windows\system\PaEfWsq.exe

MD5 aed1261a8bc8176c09cf4e69b4d63bff
SHA1 50ce4104e08a0d8024e1e268eb4cae663ebd67eb
SHA256 a4e3d3e1de6a7d7a0ecf5a48f6160da75012f217175268f9356322b44f6975a8
SHA512 0666a935dd7fcfab7f04b15ffb6a0a8bc4fa99e22fa2449f6525644e9e995c155ee97aaf9d49dfc5de20a8c6f82fbec2c08d13517c3f00d8f558f0706dba9322

C:\Windows\system\uRgngoN.exe

MD5 fe6c80e526d5bc6cfeef505f8dd737e7
SHA1 9c7631de616aabe19bf51599663374618664fc93
SHA256 8fc949931ed9bf9b589c7d41878cc3550976bd4b5f1ddd8e5d5b4b79c58e48a3
SHA512 80338c47a951d0f91a5dd6e1e9633bcbf3107b66c79465ed9ad9f1c15789b15cfcc29bbb223e2575051d1995c939a489ba084e420fe1af1671ff6166c41ac4d0

C:\Windows\system\VCbbMQL.exe

MD5 b905ad42e9279a77592a8b12f0269d40
SHA1 4cddeceb6a8896b8daea8c737d7a349d69ff4a10
SHA256 772e837ed33ad2d9c0315a60763769db8dc8d7d8d8870d573ca774ada221f04a
SHA512 6025fb333be2d45af146f45d91d9967c9cb579ae2ae6048a2f0efa684584f62b1d6a069c2457ce1c8cb7aa3a03a9c5bfc3d985f94cd2accff45d01e6d57be764

memory/2308-268-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2660-468-0x000000013FDB0000-0x0000000140104000-memory.dmp

C:\Windows\system\sRcVcau.exe

MD5 24db9f5870382de85f50727ba8eebed3
SHA1 6ae2766d57c736c0c2d342fbb8adffe139cf3645
SHA256 a42158067d28bda99e65ff69cf5b719f1659fe8221d7db73a713f956680df882
SHA512 ed887dd50eef5062da677d0314ecf74ce288f7a7d2b7d35e0fe115dd0deae3de079c03dd948da196133f155641b1cd45fdd9f32ba55e1d7018bbe9f55a6f4af6

C:\Windows\system\RoDSZdT.exe

MD5 87304d48bf3b14883f4e2cea9bfac6c2
SHA1 08cbf57c60a0a4aea78d8f348755e0980fa9628f
SHA256 8275d90c2e5698291435114aeba236a3f5dea3536ec4342c2a5817a51199df45
SHA512 6ae3f869a4aec2bd6d388d0bb2745976f37906106263d4a22ef178b27ba3334a5f586035b7a91dfd86bd1fc3e099b7c03e096f23dd0a6ccd906e2a16a816ab8a

C:\Windows\system\keZiKRK.exe

MD5 a26bf87188574aa9eb9839b8b19ae5b1
SHA1 57e36c54c2176bfdf951720995bff927974d1c19
SHA256 8a1826708d809ceba2db43457deac9af2e36642c98a826d4101398b116fed7ab
SHA512 052872c06eab96d6786b5f0b1055a4aced91303defdbf4324527f9cb3b7fc4871d289f6376a61b1ec0e7844d23df147fdcb352e6f8e15dfa7ccec3e0f3db726c

C:\Windows\system\cPJramn.exe

MD5 99a57d3186191a591a5197fe856824ca
SHA1 f0a466e75a3c70233f0c5a1b4e4c784aa93c57a6
SHA256 7383879746ba9ed28811bde8c82e15e9f9c7d848698856cadbdaf9ad71d73588
SHA512 1edb81b2717bfc47bf97e617c12a50826c83248e05395279cc6be8818a91e25d98a63b1c056c4d6de3c4af03eef18d9e7d8fef732ca32539f1689fee54998a15

C:\Windows\system\rIYMLDU.exe

MD5 d47b1773fc232a0bd5533214d0244dd1
SHA1 365e48a0493a0a3e03134ae95a923fbac4c40381
SHA256 5e254934eaf8f904d492a373cfda9d6fe20b74115ce640b16cdf392fb49243c6
SHA512 f94fe572ce2894d9e696cf16e1c3a8c69eb612fbbd1ab13a079d417a63e97ea35659ea4458378d330bf1c856b5fec82dd0041aa3231b4dd63a04a8e1b259a590

C:\Windows\system\LaHFhrv.exe

MD5 445e3489f51c0cac25cad26e913b211d
SHA1 815f2a15307002023fad625497608dfc8ec52d0f
SHA256 c24c7d3e5bfee878eaadb5fe5e009a9371d81d9a46e5d42d043934c5eaab53da
SHA512 62eb037ba3b66ad2483ac1384f6f1345e83fd74e7dca5078381b7f094aa642c23c53d34fdd32837fd08545c4db09ac80d4d5b223653b4194a18988257d6183ff

C:\Windows\system\CXxElbU.exe

MD5 84ed5ccc61b1900fd5ea8a5d5f2a9759
SHA1 899092222eaa23ea6f45ca0d46129a68f9a13716
SHA256 4747791b523223b8fb7e41407aaffe6e7f8651915137b1db25470e35b426203f
SHA512 eb3bbf6cf5f0ac622d165abdd1a6cc07700d34da6fe2d9ceca7d2046dca8a389138cc14d77a4930e3f70c9e683b07dd7050096fed5e079420884bd0ce1039357

C:\Windows\system\uZFIAZC.exe

MD5 bc4ad23afc657db0c6c941587400b1a5
SHA1 9bdca012b413428672839a206ad65dd60ca2a557
SHA256 c7f7b59e42b14c82e0143dacbf9b23a0fc915dcaaac7397291a4b8dd8f65db54
SHA512 49ab59bcb1f2f28e8fd7489c24261e373488cad348f62acb6211fdbe2170048afd97e99d797ae03466ed42312203f2926b287aa5c379c3b43645744a46fed448

C:\Windows\system\vwUUbvm.exe

MD5 99fb5f75d30ff79df1bc804cc7b2280b
SHA1 bdc6a150a22805d8c0638e6cdbec9b0bb9161281
SHA256 d4cec8d93f129338a726f389b799059bf095c51b7619cde9e23cbb8c9548985b
SHA512 40f3d87a0a010023b60c79720ff42805614a135a549ff66bc05c11b63e413e426d2324ad3c03e34a43a801bdc60b21a465fafa0805c3ac500990329e39a48c24

memory/2308-118-0x000000013FE40000-0x0000000140194000-memory.dmp

C:\Windows\system\epDHGsd.exe

MD5 3b52ccadd70f84cc71d6f7404ead6b6b
SHA1 e6c43051e0f0351df2753187f3658859d16d5153
SHA256 f4bd3eb50ca8276f5f6d739ab912cd744d0533372054d228efa01985151f33a4
SHA512 a93ff36ebdda8ae54478b3e13e08b1c3fad48c5dcc273af3cede2d063c12f712a148943e13788e5d9912ef07da865cf0b28849f9880c95fcb6e71937673b461b

memory/2308-115-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/1052-114-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2308-110-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2308-108-0x00000000020A0000-0x00000000023F4000-memory.dmp

C:\Windows\system\jUjbBlO.exe

MD5 c3afc3a098bc5b4c7ebf5f982cf1fa02
SHA1 cf86fe0a48a695173aa4d8455846adaef48c07c1
SHA256 32155d74239f157729abe1ff7080402668a7814eab3a2b584b63e070a52e47e1
SHA512 9434ad3dba5ef2812df900130ce04f5bb0ebddb01b16fe89202ef25d73125254fd2b388b0782d612c8535256c4ba5a4034bb0c26e79735366b32c8d9a6a18f56

memory/2308-97-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2460-85-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\rGOwEyb.exe

MD5 c472f56e4b6313476cefcbacb00e128d
SHA1 d06aa2e2b18c1bc1237143a5b7b2c64231aea192
SHA256 33e128227153db34f9390208f72d143e70d2f26f87408c4a8717862c8eb3b23d
SHA512 32215ce12ca569e236d3730f6a95d3f4df759fa68c9126e21a7d8c0f784c29e7885a7033065182a723a47c5a0fc55b3e786566fd5a2152ed783eaa6d876263ae

memory/2368-76-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2896-80-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2700-1066-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2308-1067-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2896-1070-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2920-1069-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2308-1068-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2308-1072-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2368-1073-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2692-1071-0x000000013FBC0000-0x000000013FF14000-memory.dmp

memory/2308-1074-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2308-1075-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2308-1076-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/1252-1077-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2652-1079-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/1748-1078-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2568-1080-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2660-1081-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2732-1083-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2920-1084-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2700-1082-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2692-1085-0x000000013FBC0000-0x000000013FF14000-memory.dmp

memory/2460-1086-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2368-1087-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/1052-1088-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2896-1089-0x000000013FFE0000-0x0000000140334000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 06:39

Reported

2024-06-05 06:41

Platform

win10v2004-20240426-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\almkyBL.exe N/A
N/A N/A C:\Windows\System\rgOhCmE.exe N/A
N/A N/A C:\Windows\System\WtggprE.exe N/A
N/A N/A C:\Windows\System\LkdOSKR.exe N/A
N/A N/A C:\Windows\System\MaEbEbU.exe N/A
N/A N/A C:\Windows\System\zQoRVJo.exe N/A
N/A N/A C:\Windows\System\EZINfQo.exe N/A
N/A N/A C:\Windows\System\nSqZZIY.exe N/A
N/A N/A C:\Windows\System\HVwHAol.exe N/A
N/A N/A C:\Windows\System\xMNzsJQ.exe N/A
N/A N/A C:\Windows\System\trqKoaq.exe N/A
N/A N/A C:\Windows\System\SUKcxJw.exe N/A
N/A N/A C:\Windows\System\lyxccsp.exe N/A
N/A N/A C:\Windows\System\OGdwvGr.exe N/A
N/A N/A C:\Windows\System\PVmLnKl.exe N/A
N/A N/A C:\Windows\System\osOVRms.exe N/A
N/A N/A C:\Windows\System\NoyYkXy.exe N/A
N/A N/A C:\Windows\System\nbxrZYb.exe N/A
N/A N/A C:\Windows\System\uQWqhNZ.exe N/A
N/A N/A C:\Windows\System\gMmqezh.exe N/A
N/A N/A C:\Windows\System\jfxlBWd.exe N/A
N/A N/A C:\Windows\System\DpXqYvj.exe N/A
N/A N/A C:\Windows\System\RpwncqM.exe N/A
N/A N/A C:\Windows\System\eVZmBEo.exe N/A
N/A N/A C:\Windows\System\GPBloDB.exe N/A
N/A N/A C:\Windows\System\YEpqGye.exe N/A
N/A N/A C:\Windows\System\wqDnAwl.exe N/A
N/A N/A C:\Windows\System\CnRfGRh.exe N/A
N/A N/A C:\Windows\System\WmEGnOa.exe N/A
N/A N/A C:\Windows\System\JVYxYAy.exe N/A
N/A N/A C:\Windows\System\tfQYkfj.exe N/A
N/A N/A C:\Windows\System\yAYoajK.exe N/A
N/A N/A C:\Windows\System\dexhnce.exe N/A
N/A N/A C:\Windows\System\ANVTRII.exe N/A
N/A N/A C:\Windows\System\uZUeAZb.exe N/A
N/A N/A C:\Windows\System\aPfJwNn.exe N/A
N/A N/A C:\Windows\System\eJbrqXn.exe N/A
N/A N/A C:\Windows\System\KvhUvsf.exe N/A
N/A N/A C:\Windows\System\cSqGYtl.exe N/A
N/A N/A C:\Windows\System\qCJqtoe.exe N/A
N/A N/A C:\Windows\System\qOTzspM.exe N/A
N/A N/A C:\Windows\System\NwgIvWu.exe N/A
N/A N/A C:\Windows\System\OcOMcZb.exe N/A
N/A N/A C:\Windows\System\FIlhqRs.exe N/A
N/A N/A C:\Windows\System\FCdLLKO.exe N/A
N/A N/A C:\Windows\System\LEUGlTo.exe N/A
N/A N/A C:\Windows\System\JDCddII.exe N/A
N/A N/A C:\Windows\System\tyOmMAI.exe N/A
N/A N/A C:\Windows\System\sHajDkf.exe N/A
N/A N/A C:\Windows\System\GvRvAyF.exe N/A
N/A N/A C:\Windows\System\IMZTIAo.exe N/A
N/A N/A C:\Windows\System\pscHEZo.exe N/A
N/A N/A C:\Windows\System\FDPvOzj.exe N/A
N/A N/A C:\Windows\System\aBeQHOE.exe N/A
N/A N/A C:\Windows\System\jwCjlXS.exe N/A
N/A N/A C:\Windows\System\uByvAQs.exe N/A
N/A N/A C:\Windows\System\txrpPZT.exe N/A
N/A N/A C:\Windows\System\exDryij.exe N/A
N/A N/A C:\Windows\System\rhOENLa.exe N/A
N/A N/A C:\Windows\System\VHTNoDQ.exe N/A
N/A N/A C:\Windows\System\oyFGpry.exe N/A
N/A N/A C:\Windows\System\cigNedE.exe N/A
N/A N/A C:\Windows\System\LzytQEY.exe N/A
N/A N/A C:\Windows\System\mxDFSJv.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\pscHEZo.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFLcMXF.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nEgxoWi.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmLecdx.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEpqGye.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANVTRII.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhqOIXw.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezktHjk.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMRdfAp.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtggprE.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHajDkf.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNkdOeB.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oxsPgJQ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NDzbznO.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwaLlfz.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCqIdKw.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyCPUHK.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZINfQo.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCzYSXo.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsvYBYx.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixkcLWZ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrCTIPQ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gozZBAA.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GrEPQBK.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWeQoTa.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSHEsTj.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNafNyT.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzyNktg.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbRwFQa.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJRpSaB.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DneBexb.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqVPAlJ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oleelaC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGvcfPn.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmkIhNe.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\txrpPZT.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BACDBCt.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dexhnce.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfdlpaP.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkarsZE.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTCONdf.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcMSYZv.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DKeMvjU.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyxwaHi.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aQtHXsX.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmqkAfQ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOTzspM.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsMsajH.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwakWuH.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AoZONEO.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAimVdY.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CnRfGRh.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwCjlXS.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKtNNbJ.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujrksde.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYqSdJg.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxVkaBw.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBhJLzM.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXGgQDA.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FvebesC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJGQUNP.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAzyJmC.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcOMcZb.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRahIbb.exe C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\almkyBL.exe
PID 4864 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\almkyBL.exe
PID 4864 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\rgOhCmE.exe
PID 4864 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\rgOhCmE.exe
PID 4864 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\WtggprE.exe
PID 4864 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\WtggprE.exe
PID 4864 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\MaEbEbU.exe
PID 4864 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\MaEbEbU.exe
PID 4864 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\LkdOSKR.exe
PID 4864 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\LkdOSKR.exe
PID 4864 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\zQoRVJo.exe
PID 4864 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\zQoRVJo.exe
PID 4864 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\EZINfQo.exe
PID 4864 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\EZINfQo.exe
PID 4864 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\nSqZZIY.exe
PID 4864 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\nSqZZIY.exe
PID 4864 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\HVwHAol.exe
PID 4864 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\HVwHAol.exe
PID 4864 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xMNzsJQ.exe
PID 4864 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\xMNzsJQ.exe
PID 4864 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\trqKoaq.exe
PID 4864 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\trqKoaq.exe
PID 4864 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\SUKcxJw.exe
PID 4864 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\SUKcxJw.exe
PID 4864 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\lyxccsp.exe
PID 4864 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\lyxccsp.exe
PID 4864 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OGdwvGr.exe
PID 4864 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\OGdwvGr.exe
PID 4864 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\PVmLnKl.exe
PID 4864 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\PVmLnKl.exe
PID 4864 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\osOVRms.exe
PID 4864 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\osOVRms.exe
PID 4864 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\NoyYkXy.exe
PID 4864 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\NoyYkXy.exe
PID 4864 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\nbxrZYb.exe
PID 4864 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\nbxrZYb.exe
PID 4864 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\uQWqhNZ.exe
PID 4864 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\uQWqhNZ.exe
PID 4864 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\gMmqezh.exe
PID 4864 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\gMmqezh.exe
PID 4864 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jfxlBWd.exe
PID 4864 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\jfxlBWd.exe
PID 4864 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\DpXqYvj.exe
PID 4864 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\DpXqYvj.exe
PID 4864 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\RpwncqM.exe
PID 4864 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\RpwncqM.exe
PID 4864 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\eVZmBEo.exe
PID 4864 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\eVZmBEo.exe
PID 4864 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\GPBloDB.exe
PID 4864 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\GPBloDB.exe
PID 4864 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\YEpqGye.exe
PID 4864 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\YEpqGye.exe
PID 4864 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\wqDnAwl.exe
PID 4864 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\wqDnAwl.exe
PID 4864 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\CnRfGRh.exe
PID 4864 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\CnRfGRh.exe
PID 4864 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\WmEGnOa.exe
PID 4864 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\WmEGnOa.exe
PID 4864 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\JVYxYAy.exe
PID 4864 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\JVYxYAy.exe
PID 4864 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\tfQYkfj.exe
PID 4864 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\tfQYkfj.exe
PID 4864 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\yAYoajK.exe
PID 4864 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe C:\Windows\System\yAYoajK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4615d55b7a9a9ad426e32254f94a67d0_NeikiAnalytics.exe"

C:\Windows\System\almkyBL.exe

C:\Windows\System\almkyBL.exe

C:\Windows\System\rgOhCmE.exe

C:\Windows\System\rgOhCmE.exe

C:\Windows\System\WtggprE.exe

C:\Windows\System\WtggprE.exe

C:\Windows\System\MaEbEbU.exe

C:\Windows\System\MaEbEbU.exe

C:\Windows\System\LkdOSKR.exe

C:\Windows\System\LkdOSKR.exe

C:\Windows\System\zQoRVJo.exe

C:\Windows\System\zQoRVJo.exe

C:\Windows\System\EZINfQo.exe

C:\Windows\System\EZINfQo.exe

C:\Windows\System\nSqZZIY.exe

C:\Windows\System\nSqZZIY.exe

C:\Windows\System\HVwHAol.exe

C:\Windows\System\HVwHAol.exe

C:\Windows\System\xMNzsJQ.exe

C:\Windows\System\xMNzsJQ.exe

C:\Windows\System\trqKoaq.exe

C:\Windows\System\trqKoaq.exe

C:\Windows\System\SUKcxJw.exe

C:\Windows\System\SUKcxJw.exe

C:\Windows\System\lyxccsp.exe

C:\Windows\System\lyxccsp.exe

C:\Windows\System\OGdwvGr.exe

C:\Windows\System\OGdwvGr.exe

C:\Windows\System\PVmLnKl.exe

C:\Windows\System\PVmLnKl.exe

C:\Windows\System\osOVRms.exe

C:\Windows\System\osOVRms.exe

C:\Windows\System\NoyYkXy.exe

C:\Windows\System\NoyYkXy.exe

C:\Windows\System\nbxrZYb.exe

C:\Windows\System\nbxrZYb.exe

C:\Windows\System\uQWqhNZ.exe

C:\Windows\System\uQWqhNZ.exe

C:\Windows\System\gMmqezh.exe

C:\Windows\System\gMmqezh.exe

C:\Windows\System\jfxlBWd.exe

C:\Windows\System\jfxlBWd.exe

C:\Windows\System\DpXqYvj.exe

C:\Windows\System\DpXqYvj.exe

C:\Windows\System\RpwncqM.exe

C:\Windows\System\RpwncqM.exe

C:\Windows\System\eVZmBEo.exe

C:\Windows\System\eVZmBEo.exe

C:\Windows\System\GPBloDB.exe

C:\Windows\System\GPBloDB.exe

C:\Windows\System\YEpqGye.exe

C:\Windows\System\YEpqGye.exe

C:\Windows\System\wqDnAwl.exe

C:\Windows\System\wqDnAwl.exe

C:\Windows\System\CnRfGRh.exe

C:\Windows\System\CnRfGRh.exe

C:\Windows\System\WmEGnOa.exe

C:\Windows\System\WmEGnOa.exe

C:\Windows\System\JVYxYAy.exe

C:\Windows\System\JVYxYAy.exe

C:\Windows\System\tfQYkfj.exe

C:\Windows\System\tfQYkfj.exe

C:\Windows\System\yAYoajK.exe

C:\Windows\System\yAYoajK.exe

C:\Windows\System\dexhnce.exe

C:\Windows\System\dexhnce.exe

C:\Windows\System\ANVTRII.exe

C:\Windows\System\ANVTRII.exe

C:\Windows\System\uZUeAZb.exe

C:\Windows\System\uZUeAZb.exe

C:\Windows\System\aPfJwNn.exe

C:\Windows\System\aPfJwNn.exe

C:\Windows\System\eJbrqXn.exe

C:\Windows\System\eJbrqXn.exe

C:\Windows\System\KvhUvsf.exe

C:\Windows\System\KvhUvsf.exe

C:\Windows\System\cSqGYtl.exe

C:\Windows\System\cSqGYtl.exe

C:\Windows\System\qCJqtoe.exe

C:\Windows\System\qCJqtoe.exe

C:\Windows\System\qOTzspM.exe

C:\Windows\System\qOTzspM.exe

C:\Windows\System\NwgIvWu.exe

C:\Windows\System\NwgIvWu.exe

C:\Windows\System\OcOMcZb.exe

C:\Windows\System\OcOMcZb.exe

C:\Windows\System\FIlhqRs.exe

C:\Windows\System\FIlhqRs.exe

C:\Windows\System\FCdLLKO.exe

C:\Windows\System\FCdLLKO.exe

C:\Windows\System\LEUGlTo.exe

C:\Windows\System\LEUGlTo.exe

C:\Windows\System\JDCddII.exe

C:\Windows\System\JDCddII.exe

C:\Windows\System\tyOmMAI.exe

C:\Windows\System\tyOmMAI.exe

C:\Windows\System\sHajDkf.exe

C:\Windows\System\sHajDkf.exe

C:\Windows\System\GvRvAyF.exe

C:\Windows\System\GvRvAyF.exe

C:\Windows\System\IMZTIAo.exe

C:\Windows\System\IMZTIAo.exe

C:\Windows\System\pscHEZo.exe

C:\Windows\System\pscHEZo.exe

C:\Windows\System\FDPvOzj.exe

C:\Windows\System\FDPvOzj.exe

C:\Windows\System\aBeQHOE.exe

C:\Windows\System\aBeQHOE.exe

C:\Windows\System\jwCjlXS.exe

C:\Windows\System\jwCjlXS.exe

C:\Windows\System\uByvAQs.exe

C:\Windows\System\uByvAQs.exe

C:\Windows\System\txrpPZT.exe

C:\Windows\System\txrpPZT.exe

C:\Windows\System\exDryij.exe

C:\Windows\System\exDryij.exe

C:\Windows\System\rhOENLa.exe

C:\Windows\System\rhOENLa.exe

C:\Windows\System\VHTNoDQ.exe

C:\Windows\System\VHTNoDQ.exe

C:\Windows\System\oyFGpry.exe

C:\Windows\System\oyFGpry.exe

C:\Windows\System\cigNedE.exe

C:\Windows\System\cigNedE.exe

C:\Windows\System\LzytQEY.exe

C:\Windows\System\LzytQEY.exe

C:\Windows\System\mxDFSJv.exe

C:\Windows\System\mxDFSJv.exe

C:\Windows\System\IUYnhJi.exe

C:\Windows\System\IUYnhJi.exe

C:\Windows\System\RKtNNbJ.exe

C:\Windows\System\RKtNNbJ.exe

C:\Windows\System\WMVErIY.exe

C:\Windows\System\WMVErIY.exe

C:\Windows\System\HFLcMXF.exe

C:\Windows\System\HFLcMXF.exe

C:\Windows\System\UUKzCVy.exe

C:\Windows\System\UUKzCVy.exe

C:\Windows\System\BSHEsTj.exe

C:\Windows\System\BSHEsTj.exe

C:\Windows\System\SmjcAxm.exe

C:\Windows\System\SmjcAxm.exe

C:\Windows\System\vrrMrbr.exe

C:\Windows\System\vrrMrbr.exe

C:\Windows\System\KNkdOeB.exe

C:\Windows\System\KNkdOeB.exe

C:\Windows\System\LfdlpaP.exe

C:\Windows\System\LfdlpaP.exe

C:\Windows\System\agnUwte.exe

C:\Windows\System\agnUwte.exe

C:\Windows\System\bkVfKLx.exe

C:\Windows\System\bkVfKLx.exe

C:\Windows\System\KONGztB.exe

C:\Windows\System\KONGztB.exe

C:\Windows\System\IcMSYZv.exe

C:\Windows\System\IcMSYZv.exe

C:\Windows\System\VtJfyTC.exe

C:\Windows\System\VtJfyTC.exe

C:\Windows\System\oxsPgJQ.exe

C:\Windows\System\oxsPgJQ.exe

C:\Windows\System\gRahIbb.exe

C:\Windows\System\gRahIbb.exe

C:\Windows\System\WldUegj.exe

C:\Windows\System\WldUegj.exe

C:\Windows\System\RCjVuLG.exe

C:\Windows\System\RCjVuLG.exe

C:\Windows\System\BLebplC.exe

C:\Windows\System\BLebplC.exe

C:\Windows\System\gHcGivw.exe

C:\Windows\System\gHcGivw.exe

C:\Windows\System\KNsUQCc.exe

C:\Windows\System\KNsUQCc.exe

C:\Windows\System\SFGdgsB.exe

C:\Windows\System\SFGdgsB.exe

C:\Windows\System\nEgxoWi.exe

C:\Windows\System\nEgxoWi.exe

C:\Windows\System\eOMmRuh.exe

C:\Windows\System\eOMmRuh.exe

C:\Windows\System\LQBjCPp.exe

C:\Windows\System\LQBjCPp.exe

C:\Windows\System\TorbfAt.exe

C:\Windows\System\TorbfAt.exe

C:\Windows\System\RlnBsRt.exe

C:\Windows\System\RlnBsRt.exe

C:\Windows\System\ojKwbFV.exe

C:\Windows\System\ojKwbFV.exe

C:\Windows\System\lmLecdx.exe

C:\Windows\System\lmLecdx.exe

C:\Windows\System\jtdqooq.exe

C:\Windows\System\jtdqooq.exe

C:\Windows\System\SYHOeAQ.exe

C:\Windows\System\SYHOeAQ.exe

C:\Windows\System\azFyzTA.exe

C:\Windows\System\azFyzTA.exe

C:\Windows\System\vdazeVZ.exe

C:\Windows\System\vdazeVZ.exe

C:\Windows\System\bfMiCpL.exe

C:\Windows\System\bfMiCpL.exe

C:\Windows\System\oYJIYkX.exe

C:\Windows\System\oYJIYkX.exe

C:\Windows\System\RGFdmEq.exe

C:\Windows\System\RGFdmEq.exe

C:\Windows\System\jbyGGZE.exe

C:\Windows\System\jbyGGZE.exe

C:\Windows\System\EbNKYXf.exe

C:\Windows\System\EbNKYXf.exe

C:\Windows\System\HjIIwyc.exe

C:\Windows\System\HjIIwyc.exe

C:\Windows\System\npmZpst.exe

C:\Windows\System\npmZpst.exe

C:\Windows\System\pcNkQtb.exe

C:\Windows\System\pcNkQtb.exe

C:\Windows\System\yGsPsOJ.exe

C:\Windows\System\yGsPsOJ.exe

C:\Windows\System\YwAtlXl.exe

C:\Windows\System\YwAtlXl.exe

C:\Windows\System\XKnkHbW.exe

C:\Windows\System\XKnkHbW.exe

C:\Windows\System\mSDQBvk.exe

C:\Windows\System\mSDQBvk.exe

C:\Windows\System\GlHwUnw.exe

C:\Windows\System\GlHwUnw.exe

C:\Windows\System\zoMCyFC.exe

C:\Windows\System\zoMCyFC.exe

C:\Windows\System\CiIargv.exe

C:\Windows\System\CiIargv.exe

C:\Windows\System\tYpwTCJ.exe

C:\Windows\System\tYpwTCJ.exe

C:\Windows\System\kJRpSaB.exe

C:\Windows\System\kJRpSaB.exe

C:\Windows\System\OhqOIXw.exe

C:\Windows\System\OhqOIXw.exe

C:\Windows\System\lELZLWk.exe

C:\Windows\System\lELZLWk.exe

C:\Windows\System\ngAAHEk.exe

C:\Windows\System\ngAAHEk.exe

C:\Windows\System\REEWDCr.exe

C:\Windows\System\REEWDCr.exe

C:\Windows\System\YCbuZJd.exe

C:\Windows\System\YCbuZJd.exe

C:\Windows\System\OTxrihI.exe

C:\Windows\System\OTxrihI.exe

C:\Windows\System\kePplwA.exe

C:\Windows\System\kePplwA.exe

C:\Windows\System\kwHuvwv.exe

C:\Windows\System\kwHuvwv.exe

C:\Windows\System\NuZcdbQ.exe

C:\Windows\System\NuZcdbQ.exe

C:\Windows\System\DKeMvjU.exe

C:\Windows\System\DKeMvjU.exe

C:\Windows\System\MrCTIPQ.exe

C:\Windows\System\MrCTIPQ.exe

C:\Windows\System\gTENgYm.exe

C:\Windows\System\gTENgYm.exe

C:\Windows\System\onztFQP.exe

C:\Windows\System\onztFQP.exe

C:\Windows\System\wHKWMHK.exe

C:\Windows\System\wHKWMHK.exe

C:\Windows\System\wlIBXtO.exe

C:\Windows\System\wlIBXtO.exe

C:\Windows\System\ftcjXZg.exe

C:\Windows\System\ftcjXZg.exe

C:\Windows\System\lVTiJBj.exe

C:\Windows\System\lVTiJBj.exe

C:\Windows\System\mfhTNgj.exe

C:\Windows\System\mfhTNgj.exe

C:\Windows\System\hlldoTD.exe

C:\Windows\System\hlldoTD.exe

C:\Windows\System\AIGEyPZ.exe

C:\Windows\System\AIGEyPZ.exe

C:\Windows\System\UrdaztB.exe

C:\Windows\System\UrdaztB.exe

C:\Windows\System\METnRCE.exe

C:\Windows\System\METnRCE.exe

C:\Windows\System\JxTXkvO.exe

C:\Windows\System\JxTXkvO.exe

C:\Windows\System\MOhNvph.exe

C:\Windows\System\MOhNvph.exe

C:\Windows\System\LrPvzDH.exe

C:\Windows\System\LrPvzDH.exe

C:\Windows\System\QODqYmV.exe

C:\Windows\System\QODqYmV.exe

C:\Windows\System\tmTYeeQ.exe

C:\Windows\System\tmTYeeQ.exe

C:\Windows\System\pJAARxh.exe

C:\Windows\System\pJAARxh.exe

C:\Windows\System\gozZBAA.exe

C:\Windows\System\gozZBAA.exe

C:\Windows\System\JGVfpuy.exe

C:\Windows\System\JGVfpuy.exe

C:\Windows\System\exgxapn.exe

C:\Windows\System\exgxapn.exe

C:\Windows\System\tdXPhVj.exe

C:\Windows\System\tdXPhVj.exe

C:\Windows\System\xWltkux.exe

C:\Windows\System\xWltkux.exe

C:\Windows\System\uFclBtD.exe

C:\Windows\System\uFclBtD.exe

C:\Windows\System\vFgjJTf.exe

C:\Windows\System\vFgjJTf.exe

C:\Windows\System\wirZMkY.exe

C:\Windows\System\wirZMkY.exe

C:\Windows\System\GsMsajH.exe

C:\Windows\System\GsMsajH.exe

C:\Windows\System\xBGwmEP.exe

C:\Windows\System\xBGwmEP.exe

C:\Windows\System\PTWzEnU.exe

C:\Windows\System\PTWzEnU.exe

C:\Windows\System\jQZCNjV.exe

C:\Windows\System\jQZCNjV.exe

C:\Windows\System\PsslYKa.exe

C:\Windows\System\PsslYKa.exe

C:\Windows\System\DneBexb.exe

C:\Windows\System\DneBexb.exe

C:\Windows\System\vcJQMgq.exe

C:\Windows\System\vcJQMgq.exe

C:\Windows\System\gTZmtTc.exe

C:\Windows\System\gTZmtTc.exe

C:\Windows\System\GrEPQBK.exe

C:\Windows\System\GrEPQBK.exe

C:\Windows\System\iAkoCQz.exe

C:\Windows\System\iAkoCQz.exe

C:\Windows\System\yUJzBnN.exe

C:\Windows\System\yUJzBnN.exe

C:\Windows\System\sbOdDaP.exe

C:\Windows\System\sbOdDaP.exe

C:\Windows\System\hGyIdSg.exe

C:\Windows\System\hGyIdSg.exe

C:\Windows\System\iqVPAlJ.exe

C:\Windows\System\iqVPAlJ.exe

C:\Windows\System\zQetytn.exe

C:\Windows\System\zQetytn.exe

C:\Windows\System\WkzuQKP.exe

C:\Windows\System\WkzuQKP.exe

C:\Windows\System\MidlBMu.exe

C:\Windows\System\MidlBMu.exe

C:\Windows\System\SxVkaBw.exe

C:\Windows\System\SxVkaBw.exe

C:\Windows\System\WCzYSXo.exe

C:\Windows\System\WCzYSXo.exe

C:\Windows\System\GSHiSsT.exe

C:\Windows\System\GSHiSsT.exe

C:\Windows\System\NPmBVQw.exe

C:\Windows\System\NPmBVQw.exe

C:\Windows\System\BsvYBYx.exe

C:\Windows\System\BsvYBYx.exe

C:\Windows\System\AlKDxWu.exe

C:\Windows\System\AlKDxWu.exe

C:\Windows\System\ujrksde.exe

C:\Windows\System\ujrksde.exe

C:\Windows\System\WBhJLzM.exe

C:\Windows\System\WBhJLzM.exe

C:\Windows\System\uJJPoxU.exe

C:\Windows\System\uJJPoxU.exe

C:\Windows\System\pXGgQDA.exe

C:\Windows\System\pXGgQDA.exe

C:\Windows\System\VngPXoG.exe

C:\Windows\System\VngPXoG.exe

C:\Windows\System\NDzbznO.exe

C:\Windows\System\NDzbznO.exe

C:\Windows\System\VnUOyqQ.exe

C:\Windows\System\VnUOyqQ.exe

C:\Windows\System\cCKdhId.exe

C:\Windows\System\cCKdhId.exe

C:\Windows\System\BRFCuza.exe

C:\Windows\System\BRFCuza.exe

C:\Windows\System\DhmkwHC.exe

C:\Windows\System\DhmkwHC.exe

C:\Windows\System\bSrlFcn.exe

C:\Windows\System\bSrlFcn.exe

C:\Windows\System\eKNzrrt.exe

C:\Windows\System\eKNzrrt.exe

C:\Windows\System\DhtOkWp.exe

C:\Windows\System\DhtOkWp.exe

C:\Windows\System\wUCArdW.exe

C:\Windows\System\wUCArdW.exe

C:\Windows\System\qlNNzbC.exe

C:\Windows\System\qlNNzbC.exe

C:\Windows\System\kYXZTHR.exe

C:\Windows\System\kYXZTHR.exe

C:\Windows\System\cvCfRKm.exe

C:\Windows\System\cvCfRKm.exe

C:\Windows\System\DyxwaHi.exe

C:\Windows\System\DyxwaHi.exe

C:\Windows\System\oKDfhEt.exe

C:\Windows\System\oKDfhEt.exe

C:\Windows\System\gWeQoTa.exe

C:\Windows\System\gWeQoTa.exe

C:\Windows\System\ZRNuhOQ.exe

C:\Windows\System\ZRNuhOQ.exe

C:\Windows\System\VwakWuH.exe

C:\Windows\System\VwakWuH.exe

C:\Windows\System\BzpGjIb.exe

C:\Windows\System\BzpGjIb.exe

C:\Windows\System\QvbbAGt.exe

C:\Windows\System\QvbbAGt.exe

C:\Windows\System\fZQRZYO.exe

C:\Windows\System\fZQRZYO.exe

C:\Windows\System\edwLuob.exe

C:\Windows\System\edwLuob.exe

C:\Windows\System\QkarsZE.exe

C:\Windows\System\QkarsZE.exe

C:\Windows\System\McStGHB.exe

C:\Windows\System\McStGHB.exe

C:\Windows\System\TvVSVoV.exe

C:\Windows\System\TvVSVoV.exe

C:\Windows\System\CzlgVlK.exe

C:\Windows\System\CzlgVlK.exe

C:\Windows\System\ifmyEbs.exe

C:\Windows\System\ifmyEbs.exe

C:\Windows\System\sRGgtev.exe

C:\Windows\System\sRGgtev.exe

C:\Windows\System\oleelaC.exe

C:\Windows\System\oleelaC.exe

C:\Windows\System\guUVycX.exe

C:\Windows\System\guUVycX.exe

C:\Windows\System\tDImyfe.exe

C:\Windows\System\tDImyfe.exe

C:\Windows\System\jCwVMVW.exe

C:\Windows\System\jCwVMVW.exe

C:\Windows\System\ezktHjk.exe

C:\Windows\System\ezktHjk.exe

C:\Windows\System\omAktFu.exe

C:\Windows\System\omAktFu.exe

C:\Windows\System\xZaUomZ.exe

C:\Windows\System\xZaUomZ.exe

C:\Windows\System\WugLuCX.exe

C:\Windows\System\WugLuCX.exe

C:\Windows\System\qqJptGo.exe

C:\Windows\System\qqJptGo.exe

C:\Windows\System\dqWJfJU.exe

C:\Windows\System\dqWJfJU.exe

C:\Windows\System\rscPDju.exe

C:\Windows\System\rscPDju.exe

C:\Windows\System\AoZONEO.exe

C:\Windows\System\AoZONEO.exe

C:\Windows\System\UnsspPA.exe

C:\Windows\System\UnsspPA.exe

C:\Windows\System\DLFlUdV.exe

C:\Windows\System\DLFlUdV.exe

C:\Windows\System\fYPeXOZ.exe

C:\Windows\System\fYPeXOZ.exe

C:\Windows\System\glOihtI.exe

C:\Windows\System\glOihtI.exe

C:\Windows\System\YJxqeRb.exe

C:\Windows\System\YJxqeRb.exe

C:\Windows\System\PEuPAKD.exe

C:\Windows\System\PEuPAKD.exe

C:\Windows\System\JZTLPnU.exe

C:\Windows\System\JZTLPnU.exe

C:\Windows\System\KMRdfAp.exe

C:\Windows\System\KMRdfAp.exe

C:\Windows\System\mOpvjXH.exe

C:\Windows\System\mOpvjXH.exe

C:\Windows\System\gfuuWJH.exe

C:\Windows\System\gfuuWJH.exe

C:\Windows\System\fwaLlfz.exe

C:\Windows\System\fwaLlfz.exe

C:\Windows\System\dcJdbug.exe

C:\Windows\System\dcJdbug.exe

C:\Windows\System\PSRURcI.exe

C:\Windows\System\PSRURcI.exe

C:\Windows\System\KzbKuzc.exe

C:\Windows\System\KzbKuzc.exe

C:\Windows\System\jlYwENp.exe

C:\Windows\System\jlYwENp.exe

C:\Windows\System\XjAWwvg.exe

C:\Windows\System\XjAWwvg.exe

C:\Windows\System\zLMQPKs.exe

C:\Windows\System\zLMQPKs.exe

C:\Windows\System\NjobJDx.exe

C:\Windows\System\NjobJDx.exe

C:\Windows\System\QJRPehU.exe

C:\Windows\System\QJRPehU.exe

C:\Windows\System\knMDmqK.exe

C:\Windows\System\knMDmqK.exe

C:\Windows\System\wNTQgoV.exe

C:\Windows\System\wNTQgoV.exe

C:\Windows\System\FvebesC.exe

C:\Windows\System\FvebesC.exe

C:\Windows\System\BMGcuRn.exe

C:\Windows\System\BMGcuRn.exe

C:\Windows\System\aQtHXsX.exe

C:\Windows\System\aQtHXsX.exe

C:\Windows\System\CkjgGme.exe

C:\Windows\System\CkjgGme.exe

C:\Windows\System\LMztolJ.exe

C:\Windows\System\LMztolJ.exe

C:\Windows\System\OwSicRB.exe

C:\Windows\System\OwSicRB.exe

C:\Windows\System\TRQcyiU.exe

C:\Windows\System\TRQcyiU.exe

C:\Windows\System\rNafNyT.exe

C:\Windows\System\rNafNyT.exe

C:\Windows\System\yTDeqgf.exe

C:\Windows\System\yTDeqgf.exe

C:\Windows\System\KVtBpdr.exe

C:\Windows\System\KVtBpdr.exe

C:\Windows\System\RElTnCV.exe

C:\Windows\System\RElTnCV.exe

C:\Windows\System\CBKeQzC.exe

C:\Windows\System\CBKeQzC.exe

C:\Windows\System\uPDpxWy.exe

C:\Windows\System\uPDpxWy.exe

C:\Windows\System\KqNQaUU.exe

C:\Windows\System\KqNQaUU.exe

C:\Windows\System\yadUutI.exe

C:\Windows\System\yadUutI.exe

C:\Windows\System\DfMSXCo.exe

C:\Windows\System\DfMSXCo.exe

C:\Windows\System\KRcVKui.exe

C:\Windows\System\KRcVKui.exe

C:\Windows\System\llQVVus.exe

C:\Windows\System\llQVVus.exe

C:\Windows\System\cKlCXUa.exe

C:\Windows\System\cKlCXUa.exe

C:\Windows\System\HmTAGXD.exe

C:\Windows\System\HmTAGXD.exe

C:\Windows\System\rcAMLcZ.exe

C:\Windows\System\rcAMLcZ.exe

C:\Windows\System\MGvcfPn.exe

C:\Windows\System\MGvcfPn.exe

C:\Windows\System\qWxJJKB.exe

C:\Windows\System\qWxJJKB.exe

C:\Windows\System\WmqkAfQ.exe

C:\Windows\System\WmqkAfQ.exe

C:\Windows\System\lhRLkqM.exe

C:\Windows\System\lhRLkqM.exe

C:\Windows\System\zoIIApZ.exe

C:\Windows\System\zoIIApZ.exe

C:\Windows\System\fujlnpv.exe

C:\Windows\System\fujlnpv.exe

C:\Windows\System\CeXVhAs.exe

C:\Windows\System\CeXVhAs.exe

C:\Windows\System\DvvuIxL.exe

C:\Windows\System\DvvuIxL.exe

C:\Windows\System\tyywyBC.exe

C:\Windows\System\tyywyBC.exe

C:\Windows\System\JXIlsrk.exe

C:\Windows\System\JXIlsrk.exe

C:\Windows\System\NVIaJoo.exe

C:\Windows\System\NVIaJoo.exe

C:\Windows\System\SJbJkvv.exe

C:\Windows\System\SJbJkvv.exe

C:\Windows\System\LILekxw.exe

C:\Windows\System\LILekxw.exe

C:\Windows\System\YqFnJmJ.exe

C:\Windows\System\YqFnJmJ.exe

C:\Windows\System\EzyNktg.exe

C:\Windows\System\EzyNktg.exe

C:\Windows\System\RCqIdKw.exe

C:\Windows\System\RCqIdKw.exe

C:\Windows\System\EoNmlbX.exe

C:\Windows\System\EoNmlbX.exe

C:\Windows\System\QvHcMDJ.exe

C:\Windows\System\QvHcMDJ.exe

C:\Windows\System\OvWTmHF.exe

C:\Windows\System\OvWTmHF.exe

C:\Windows\System\knmSeaA.exe

C:\Windows\System\knmSeaA.exe

C:\Windows\System\QTlXVdD.exe

C:\Windows\System\QTlXVdD.exe

C:\Windows\System\SDxIcdB.exe

C:\Windows\System\SDxIcdB.exe

C:\Windows\System\VLFVMPr.exe

C:\Windows\System\VLFVMPr.exe

C:\Windows\System\WyCPUHK.exe

C:\Windows\System\WyCPUHK.exe

C:\Windows\System\nMCRjab.exe

C:\Windows\System\nMCRjab.exe

C:\Windows\System\HeHrKkA.exe

C:\Windows\System\HeHrKkA.exe

C:\Windows\System\CThssgH.exe

C:\Windows\System\CThssgH.exe

C:\Windows\System\MvaakUh.exe

C:\Windows\System\MvaakUh.exe

C:\Windows\System\SmOAAIi.exe

C:\Windows\System\SmOAAIi.exe

C:\Windows\System\WPrLoiR.exe

C:\Windows\System\WPrLoiR.exe

C:\Windows\System\xybMiQe.exe

C:\Windows\System\xybMiQe.exe

C:\Windows\System\Wtzkwzk.exe

C:\Windows\System\Wtzkwzk.exe

C:\Windows\System\MPhTJgB.exe

C:\Windows\System\MPhTJgB.exe

C:\Windows\System\qhJnomT.exe

C:\Windows\System\qhJnomT.exe

C:\Windows\System\nPDjOcQ.exe

C:\Windows\System\nPDjOcQ.exe

C:\Windows\System\pKjlcGV.exe

C:\Windows\System\pKjlcGV.exe

C:\Windows\System\XZqCumI.exe

C:\Windows\System\XZqCumI.exe

C:\Windows\System\ANuQEms.exe

C:\Windows\System\ANuQEms.exe

C:\Windows\System\gbfFKIR.exe

C:\Windows\System\gbfFKIR.exe

C:\Windows\System\bTCONdf.exe

C:\Windows\System\bTCONdf.exe

C:\Windows\System\zvxlmyf.exe

C:\Windows\System\zvxlmyf.exe

C:\Windows\System\fJGQUNP.exe

C:\Windows\System\fJGQUNP.exe

C:\Windows\System\wAzyJmC.exe

C:\Windows\System\wAzyJmC.exe

C:\Windows\System\QkWscxD.exe

C:\Windows\System\QkWscxD.exe

C:\Windows\System\nQvTAfc.exe

C:\Windows\System\nQvTAfc.exe

C:\Windows\System\gblaNtm.exe

C:\Windows\System\gblaNtm.exe

C:\Windows\System\UbRwFQa.exe

C:\Windows\System\UbRwFQa.exe

C:\Windows\System\wmkIhNe.exe

C:\Windows\System\wmkIhNe.exe

C:\Windows\System\MoHiYNU.exe

C:\Windows\System\MoHiYNU.exe

C:\Windows\System\UzZEZGR.exe

C:\Windows\System\UzZEZGR.exe

C:\Windows\System\hKzhsoa.exe

C:\Windows\System\hKzhsoa.exe

C:\Windows\System\STxiHGj.exe

C:\Windows\System\STxiHGj.exe

C:\Windows\System\csGhRIh.exe

C:\Windows\System\csGhRIh.exe

C:\Windows\System\BACDBCt.exe

C:\Windows\System\BACDBCt.exe

C:\Windows\System\imAJeVL.exe

C:\Windows\System\imAJeVL.exe

C:\Windows\System\uOnfwFY.exe

C:\Windows\System\uOnfwFY.exe

C:\Windows\System\GwbAPcG.exe

C:\Windows\System\GwbAPcG.exe

C:\Windows\System\vnCZaRF.exe

C:\Windows\System\vnCZaRF.exe

C:\Windows\System\YAimVdY.exe

C:\Windows\System\YAimVdY.exe

C:\Windows\System\ShBqlSt.exe

C:\Windows\System\ShBqlSt.exe

C:\Windows\System\ixkcLWZ.exe

C:\Windows\System\ixkcLWZ.exe

C:\Windows\System\cXiMRCq.exe

C:\Windows\System\cXiMRCq.exe

C:\Windows\System\GOjNWwS.exe

C:\Windows\System\GOjNWwS.exe

C:\Windows\System\wYqSdJg.exe

C:\Windows\System\wYqSdJg.exe

C:\Windows\System\EbTJCvT.exe

C:\Windows\System\EbTJCvT.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4864-0-0x00007FF6F2FA0000-0x00007FF6F32F4000-memory.dmp

memory/4864-1-0x000001BEE1DD0000-0x000001BEE1DE0000-memory.dmp

C:\Windows\System\WtggprE.exe

MD5 cf4791f895062b03b6cb97925dc139d5
SHA1 f8a250acd0c19037d13802defa29755cdc66e053
SHA256 cc18868a690cf624fb2bcff6812955f9e94a20152675232b85c041c5f02ee50a
SHA512 8c06990beacce22c9b44c6d79ff4a86577f840d5c7525b333c45abc6aadf1f27c8038dff80178d2cb00fd601b360e481e57464656ffc51a49ef3940c15a86151

C:\Windows\System\rgOhCmE.exe

MD5 94e46c5bf91176467b12a807bbde1ede
SHA1 ab170428cffba3e148b3326009dc523eb3828f28
SHA256 b343eeb14d16a4159bd54e1c1667d1e41cabb9cb226b2a332dac91c95bc03592
SHA512 17a80e436fc6b34fe4f56205aaa8bd580b0844fd46fd98fe88cbdf0c298eb5c9999be179c2b5574d093e936f5168c87fcfce1c872544e37e8501b53e8dac5173

C:\Windows\System\almkyBL.exe

MD5 5dcbde7e0590124d130a8940288b3138
SHA1 f47a236f230fc4907734660e5b640974eb1123e5
SHA256 81bfef0dacd77f065f7307594b3fff1658f9bc71a1e8799154deb001332587f5
SHA512 fd8e8199d3dfdcd16e61236c36c0f332969d78916ecf74e6c8b1bcd34f774534f3a2d85faf6036fb90275b8b557dd3ac68d3c6948051d9cfdac99f6a11ab4c0e

C:\Windows\System\MaEbEbU.exe

MD5 1944af69b8a6e23bae0c5c5f466ab538
SHA1 a9d90da7044359d99752050e8008fac4a7e9d124
SHA256 ee67db15e6e0f925968d3a5bbc7a9c338ed641c385c83a9edd786d03d9b7aa46
SHA512 f44bf50280514ff3afa2d2a08a28ffd4796111b91383f118b9145a7585ab1917e4a85fc5f020cf4f5d1dfb3267647ff182e7cdbb086b227837ce0350dd20c106

memory/2340-19-0x00007FF6DB150000-0x00007FF6DB4A4000-memory.dmp

C:\Windows\System\LkdOSKR.exe

MD5 79a59ea40687fd9038a3a64a9a664cd5
SHA1 d86ccba64065505994fe288ccf689027bc31baad
SHA256 eec3cb4304a000546359141cefcad4e4c07a11b81338addf7ca0a1d7e088df32
SHA512 fdc12ea492d4f76c9050791ff3bbc4b01a9ad55fe7186d0018cedfd401ff885d7df877be2605b810df12a4b2fc6eb1ca052e383d2ac3292bbe512bf444148bb2

memory/3484-60-0x00007FF6D33F0000-0x00007FF6D3744000-memory.dmp

C:\Windows\System\HVwHAol.exe

MD5 2f17a45dcf612bb00e755dec5a33a736
SHA1 fb9a9e12c10a665aff5ebee1b8a64842e7152715
SHA256 ed76ad7cf4a265730cf5d62c8fc325d630dd0ca9f0a55649cf4cea983d9ba6bd
SHA512 87078a5753d41441b7179c8c0f880710aa5faece5e579d751a60135cc7a73214a4f79a024d62eafe1f7de3dfe7b083cc0ff0d856c20801d96961fae79056c9ee

C:\Windows\System\NoyYkXy.exe

MD5 4132b5e6bf710af70b02a15f7e41fa35
SHA1 d92b8ba4ec163bb7818f6b8e932aae9af424d4ae
SHA256 e486a9711d8578a5b5503c60fe883a7c9520f26a832b159ff84eba68e6a75aa9
SHA512 d59677f9ee1553d674bd88bf9633b4af07c527e17004e3eb0ed28642f04a1e2a3f88b6d3ba1bd90686bbf1b71902314b8f0ff75b9272b442cabcbe16ff764b5d

C:\Windows\System\eVZmBEo.exe

MD5 0130df6db43c8bd174a77f7f1c1cabb7
SHA1 c437e0c18d15c2488847b838e7fb1e5aeab39187
SHA256 a18282833ce46e1fb1486f24d48edde1f0287c543a076e4b90d46a0113c0321d
SHA512 d1fb39777e83813f601d200030c7a5dbff4b9a9bfcf93ecf77301808953917941014bab0e3d44a65301be34ce9ad818066ad2f10f98d4f913987cf812ca055c3

memory/4384-123-0x00007FF7BA1D0000-0x00007FF7BA524000-memory.dmp

memory/4020-134-0x00007FF754050000-0x00007FF7543A4000-memory.dmp

C:\Windows\System\CnRfGRh.exe

MD5 e5846ff3c2f9587c875562fcc4ba72ac
SHA1 78c4d172f8967f52935cd1e1958b7b9f5521a142
SHA256 1ca257d3a893038eec24a40ede9a67deaf824e3de82678e469b12a474a402d7c
SHA512 844bf1b68518cc1b241ad7f905a57c0cbdad84f3b166e4a8652aa468a87d47c01ac004fba05adbf8600ecce97b5a25810ffbdfbec0036c370433bc5f7b8ac8ad

memory/2116-176-0x00007FF7A0CB0000-0x00007FF7A1004000-memory.dmp

C:\Windows\System\dexhnce.exe

MD5 e9a5193fa9123222883475711ab6392c
SHA1 21ff2c9eaa3c8983f02ab656f1faae922263cdfe
SHA256 076dfb5d144e10c5b3032f3e042419a16d7c45e827be5071575093ffee4fed83
SHA512 7c045cac898dad3e72c0515a151ed379986d542b433e3c41402333f9adc1e527de0be76ed3a22bc9ceae3a822a6550debf49f345fc3e46f8c3f633679ef8c075

C:\Windows\System\yAYoajK.exe

MD5 2f41bc36fbe27101fd2841ffbceb0404
SHA1 d423cca7ad697385e82c14712fd888d20c3ba973
SHA256 415f7e93fab67d2ba54331af21b3327e1fdb050a25be59442389354a58087732
SHA512 075c522c88f8750d3d575782e78250991ea4433f960d2fe572481cf85b5d08c4d07010198519df9681ce9dd481faf60f35a90ec30d44f4e7131676c92db0e209

memory/4800-186-0x00007FF60E130000-0x00007FF60E484000-memory.dmp

memory/1216-185-0x00007FF70BAD0000-0x00007FF70BE24000-memory.dmp

memory/512-184-0x00007FF689160000-0x00007FF6894B4000-memory.dmp

memory/2672-183-0x00007FF74B440000-0x00007FF74B794000-memory.dmp

memory/1028-182-0x00007FF629B80000-0x00007FF629ED4000-memory.dmp

memory/4584-181-0x00007FF6274D0000-0x00007FF627824000-memory.dmp

memory/4360-180-0x00007FF792EB0000-0x00007FF793204000-memory.dmp

memory/208-179-0x00007FF6FB560000-0x00007FF6FB8B4000-memory.dmp

memory/1232-178-0x00007FF7DB8F0000-0x00007FF7DBC44000-memory.dmp

memory/404-177-0x00007FF6DCB60000-0x00007FF6DCEB4000-memory.dmp

C:\Windows\System\tfQYkfj.exe

MD5 20bbdac5cb3094a36b55f53435a0c458
SHA1 714530485efff60040e2873d480ca0e56c7e47fb
SHA256 be02392b737be15279d757dc0422d68654c1125293dd4d5696ae1c27f9dc48d0
SHA512 8f9da19b93d0fde972bce2e59b90ad75620eb4f6e9be9dafd20f142ff8ffbc50077d841539ab02ddc0cfcea73e3cc0c2b5920ba4ea9360a4ea632ec95e9d0bb3

C:\Windows\System\JVYxYAy.exe

MD5 8ab6640d01a9c38071676ad234dfbd45
SHA1 4b3d28a2c59daae2457966945ccad0d09fd375d8
SHA256 efc98981dac6192a59eec59abb2fd3e20b800fe4449b49a9f388f924d7838c5f
SHA512 f74ef5a7bbe03d352886f2bf434653717f44c4a814446b46f929eb8cb6b1e3beca4bb1acd2b3c1348efb4a4f5bef883943bdce06247de6a3aebd98862519e4c3

C:\Windows\System\WmEGnOa.exe

MD5 0e1223deafd7f8cd3d3fe5ed55803746
SHA1 9944b0805dbf10fbbf5a2b3b8fda70a859b4d75e
SHA256 bce62b59deaf2e8e03e85133743e0219d31e6a38674f0ef383ea675a24359f88
SHA512 ee5108988d19d4201aa5c7358ba8f754c1f70f3bdf01cc55aad97c22f0d447329429b5f0f9523cceb8cc73b980839c4b2553829de82a7578ed2367701fe3339a

memory/4548-169-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp

C:\Windows\System\wqDnAwl.exe

MD5 917698dfb43aa7b6eccfcc210ccc2bc0
SHA1 cddd039be10b0691b4e5a881af4fadb46df4e892
SHA256 50eb5333ffcf3b440cc55d155ef96fc6073bf5bca4e901e5a6a77e3a79e68f35
SHA512 6180860ed5c104b69398d38f84d5604674f88b1de140ca82c46a19b48d5f4d6c32217a949b8085072fb88175ddd4d853c42240980c766a9277a7be24b9341db3

C:\Windows\System\GPBloDB.exe

MD5 b27464704e83faedffad593d7b1bc734
SHA1 fb05553cb4cca45b1dd553d86855da81d08f851a
SHA256 59675a11e961d764607fb6989c7ea0dffbdb78c56a12e903dd00a6b60b406e7b
SHA512 7cb39187362ed245becf913b0caaacf3da2d484e860e64cda98ab4d5add2da4819f0f5518164080ee5be1650102847368253a6f25cef56b64c47c18e43b737d2

memory/2792-162-0x00007FF782650000-0x00007FF7829A4000-memory.dmp

memory/2356-161-0x00007FF6FD7E0000-0x00007FF6FDB34000-memory.dmp

memory/1456-157-0x00007FF66E7A0000-0x00007FF66EAF4000-memory.dmp

C:\Windows\System\YEpqGye.exe

MD5 3d83069370ad6fe60007666903623fbd
SHA1 40360685c029be4a3be20cdea9d5b01fcabd70c8
SHA256 a9ec35a3c16f01e4f4b8f82ce24a2853b3a2a293531ffebad653f1c9d8ac2b07
SHA512 4b3b9c5d1c2b8815d801bb3802d5de0c983e4a68fb490bcbb47a60e3eccee0eb37556415d354354492f66884f581023c1aa9e6de674be0481c6d70fc7c425d93

memory/452-142-0x00007FF79CB30000-0x00007FF79CE84000-memory.dmp

C:\Windows\System\RpwncqM.exe

MD5 058a3f12a34dddcc1099a24169efb87d
SHA1 03f0eb1e7f30b48154a33ec700e1d4983c482c13
SHA256 e92d40d6b1edba2d39582203c24d7cdb0336db21f888a8dd9df67623265704e2
SHA512 297fd510d1ae7addc0f163f563b051b44ed9bad8e8c246df829bcb1eafa998908ec7927a94cf10c448187f82f4e5abae21c58e4e8300ee37a33e240df42210c8

C:\Windows\System\DpXqYvj.exe

MD5 ba4b031d8ddd05fe63862896ba9d4060
SHA1 06c7eb313a6299eec0807f45e8e2b12902b18fe8
SHA256 2568a4ce17dcccfcf99f79ef5233dac56fa1d175831ca3f56a9d9e7f16909764
SHA512 34054a88a6fa6bd2fc9777fd00f467486c15118cd66bd84ce0638737641b7fe662a85cccfad202d55db139e42b6922708edf72f61b2b080be77641792230c62a

C:\Windows\System\gMmqezh.exe

MD5 f25bd38c3a527fcb1abb118bd6961f8d
SHA1 0b11dd7389f84f5286c8f9bf19219c58460bcaf6
SHA256 1b52e189e80e12e507647bf0e95303d9e5909b3b5f809d478fe63063ec2bb60d
SHA512 68d37dc7a7f0b803285e46a150d6348c1a173d5a83427d481f28bf5612eb9fc87ae202b3331d1d4b715bd13caccc91759b05caa2f8cdf3f3e3e0ce819a100e53

memory/920-122-0x00007FF71C190000-0x00007FF71C4E4000-memory.dmp

C:\Windows\System\jfxlBWd.exe

MD5 9e56af701a7cc6e37a81c5da4f87ec7e
SHA1 d3dd95e869f4d84e8a7d28d8e02dc3ee1ad239bc
SHA256 18f0f811310f589ca8c05966a5974748897d6ac2d175bfcee6173e2a87275d6b
SHA512 1e8c0f77b400fc049835dbe67d3f1146a452cf63f9ca0b1887b9af389dac4bd74d5d9dabca822e5ba92366162f411b73e03db095b3bb5604cfdeff95fd21d0a1

C:\Windows\System\osOVRms.exe

MD5 c586da054254568efa6c74ed72032f56
SHA1 9d0ed6456a21732f5b36d953f35212b04bf2883d
SHA256 b1c439ec12960f25be78ab694eee871cf7a58cd9e3a3bc053d5743606538dae1
SHA512 eacb771c1784da28a5c0b4a89365c89b203cf4783b474e60a087351741b44ea41428714e0d5bcf11c2ead0aa7c0034e85b1e8a92cb1fe1bacb29e73f50c3736f

memory/4728-117-0x00007FF7E67F0000-0x00007FF7E6B44000-memory.dmp

C:\Windows\System\PVmLnKl.exe

MD5 becac82404b6043b053de935db79aded
SHA1 d580f97e9947173c9c547e46b55813623332b423
SHA256 694eaa445e419c622552f079b466f8d5c41bca27912bb18abf7ff16e14858ce2
SHA512 31865de61bdc3d47435ccf12a6978315180960d2d203646d48d4db92dfaef3638240cce5cb892c3c5d94a3a5c295e40d31e70f9d42c920303ffb3af6821cbe3b

C:\Windows\System\lyxccsp.exe

MD5 237c2abbab885ff7d470c904f7ad91e4
SHA1 f58ccfda021da305a6d5062dda6eb7fb9f10139f
SHA256 e62a9fbda850f567e59da51a0bb42cd4de0558980138cbb4a22f4406a5987a14
SHA512 3adc2461579ab5d7de8334acc4091b6cf7b0770a87d86c6e1fc51dac1802a9b6e353aee5e5e134f81a9d1dc9b5604388ce6173cdcb7832118727c0504cbef8c0

memory/1040-107-0x00007FF6213A0000-0x00007FF6216F4000-memory.dmp

memory/1480-104-0x00007FF6270C0000-0x00007FF627414000-memory.dmp

C:\Windows\System\uQWqhNZ.exe

MD5 2cc607b8dc277639dbebe62872ca0b1c
SHA1 7cf887fe81c8d9fce07c453f8bc5e2edbb6cd8b2
SHA256 f7c6ea2eceeddf036f1dc85104275e4056776a8af92816f61fbf465e98296e99
SHA512 f3401043ed11eb8955e22db2ef78ffce0fa8f489157a51fe146d68fd3d7090b46cec66bb1cc705afab8a068d2d5e20eb8ba0238e1a06e911f0c5d7aedea0a1a8

C:\Windows\System\nbxrZYb.exe

MD5 b159da76c00c0353dd0bc16bae0adcb4
SHA1 ef5f4e4ad50f8df355f2fc84cf1f45a8ed31b72e
SHA256 7633b58a57a3e5a47d9265544c8844403255cc48af553d058ba195bbb0db14bc
SHA512 3ad146c398a54b636dd8c16ea4c452a9d57b51b1d8a33d7ce9e80b5a142e309575a713747f2344fb11b5cc8ed0ec50dda320236a6d8773454e1d2648a153c8f8

C:\Windows\System\OGdwvGr.exe

MD5 bfb42c9207d73069ddb449b65b7c3181
SHA1 19598e25db956fa3cfb242d65eb2664b4a27e43c
SHA256 89ccd0f3a873ddb99d1d72ba207a061e706576e29395a488a7e95e870102a221
SHA512 a295a41d2c68dcda76138f09aeaf753e38d6f24d4a54728a6c692ac8015fbd832fec6a288a37548fa12e6b52424d2f695e2807e94752deeb7eaf098053928c3c

C:\Windows\System\SUKcxJw.exe

MD5 03206f0f8f45c13c35f4891b14ad0022
SHA1 b03be52380e1928dc32c5de3fa4fc158f9c1f0ab
SHA256 e13a9e19ec4507a5f65bacef7124c21f7a6288fa4a1da2a9141fd1dcd7941384
SHA512 bdbb92c8ff2ee6bc3a95ce57f48e39d7193ee7e1dd8ed61126fd886b0f75a781dfd2dcfada2fd9b7cffbaa8da11a916b523fe7da2678c14998b18f08397399aa

C:\Windows\System\trqKoaq.exe

MD5 20afbc7d4800fc58254e84442bc3b3f6
SHA1 2ea4b639218b6ce0249e8758a6a615347ebb643b
SHA256 523a8b7457267d517e4027f15502e0429d0469dd02112f1565c1112c94c22094
SHA512 fa3543442a84227f956a66641007e90226ce91aae90b8262b57d10ad662526e6c26cff5f1aac7a176ee160bb5c94458f8b2136aa2703c777c1b1782b7482a464

C:\Windows\System\xMNzsJQ.exe

MD5 5f7d087faa5327fd0ee9dd9c8ef66eda
SHA1 eaefdea8dfb2b32ed0e2893f7c6fa84049da64e2
SHA256 6ad1caa81ff1e24dbd918321ebce77e537ec0f754d24e04af8db3d21c03bfe5f
SHA512 8d3ab78eb33d7ab452578bfbf0cb4eae691bda8b466a8355fb3f50d698912c3fa9ad329c3be3002c800f2fc2bda429a19813e95f8aa1ccd7697bb67981da8cef

memory/3708-78-0x00007FF78CE00000-0x00007FF78D154000-memory.dmp

C:\Windows\System\nSqZZIY.exe

MD5 a4d231a22d1574d91de6a4a3baf51ae0
SHA1 b88449e52c0f572de9503b0b4b50d86e6c6f5985
SHA256 781845dcf4685c925427d3e4c81b1b74a423f9c4c7713309b40515771dea628e
SHA512 0a4b3b4dfe16a2f59bfcf39da6866c8db95f74ab84086650bf61031916f7fecbd9649410852f1eebb5c11f02490e9bc9086f01c9df03da5f37ff5393fa73ac0a

memory/3436-63-0x00007FF6165C0000-0x00007FF616914000-memory.dmp

C:\Windows\System\EZINfQo.exe

MD5 ce03becbf979da091bf10706557ffa0d
SHA1 5cbd6bac7846d067e70b3a99c55fd78c1bf4f0a4
SHA256 f683fad41af1bbb778f0d171f9135236a879cd5f1219699aef1995247c1bcfa9
SHA512 33cbeba5d2482627f779fefdaf88952f5dc5e402747f33cd8bbe16b13a8d6e79043bb18293ed80d96a5b4677e756497aa7ac6dc2a9ed7ecabd99739ac227f4b1

memory/3124-50-0x00007FF64F870000-0x00007FF64FBC4000-memory.dmp

C:\Windows\System\zQoRVJo.exe

MD5 210ffd37f24c6c86407d2242295bd0a0
SHA1 f01ef7a58ad82462680b1acfa9710576e3065beb
SHA256 f0956fb7a39095ae3f711cbf92c90b7846a564c8b853af3b6c3a72f79e6155a4
SHA512 6fd42f22d7e73a4cef48cd1679662c45a853c06488f99f87c6cd79a456d144e23ca5efd4b82897e7d1e01710e48b9464d867bd5179f5b8945c884540dec9d5fe

memory/3520-36-0x00007FF73A4A0000-0x00007FF73A7F4000-memory.dmp

memory/316-30-0x00007FF6CF630000-0x00007FF6CF984000-memory.dmp

memory/4864-1070-0x00007FF6F2FA0000-0x00007FF6F32F4000-memory.dmp

memory/2340-1071-0x00007FF6DB150000-0x00007FF6DB4A4000-memory.dmp

memory/3124-1072-0x00007FF64F870000-0x00007FF64FBC4000-memory.dmp

memory/3484-1073-0x00007FF6D33F0000-0x00007FF6D3744000-memory.dmp

memory/1040-1076-0x00007FF6213A0000-0x00007FF6216F4000-memory.dmp

memory/1480-1075-0x00007FF6270C0000-0x00007FF627414000-memory.dmp

memory/3708-1074-0x00007FF78CE00000-0x00007FF78D154000-memory.dmp

memory/3520-1077-0x00007FF73A4A0000-0x00007FF73A7F4000-memory.dmp

memory/3436-1078-0x00007FF6165C0000-0x00007FF616914000-memory.dmp

memory/920-1079-0x00007FF71C190000-0x00007FF71C4E4000-memory.dmp

memory/2340-1080-0x00007FF6DB150000-0x00007FF6DB4A4000-memory.dmp

memory/316-1081-0x00007FF6CF630000-0x00007FF6CF984000-memory.dmp

memory/208-1082-0x00007FF6FB560000-0x00007FF6FB8B4000-memory.dmp

memory/1232-1083-0x00007FF7DB8F0000-0x00007FF7DBC44000-memory.dmp

memory/3520-1084-0x00007FF73A4A0000-0x00007FF73A7F4000-memory.dmp

memory/3124-1085-0x00007FF64F870000-0x00007FF64FBC4000-memory.dmp

memory/4360-1087-0x00007FF792EB0000-0x00007FF793204000-memory.dmp

memory/3436-1086-0x00007FF6165C0000-0x00007FF616914000-memory.dmp

memory/1480-1091-0x00007FF6270C0000-0x00007FF627414000-memory.dmp

memory/3708-1090-0x00007FF78CE00000-0x00007FF78D154000-memory.dmp

memory/4384-1094-0x00007FF7BA1D0000-0x00007FF7BA524000-memory.dmp

memory/1028-1096-0x00007FF629B80000-0x00007FF629ED4000-memory.dmp

memory/1040-1095-0x00007FF6213A0000-0x00007FF6216F4000-memory.dmp

memory/4020-1093-0x00007FF754050000-0x00007FF7543A4000-memory.dmp

memory/4728-1092-0x00007FF7E67F0000-0x00007FF7E6B44000-memory.dmp

memory/4584-1089-0x00007FF6274D0000-0x00007FF627824000-memory.dmp

memory/3484-1088-0x00007FF6D33F0000-0x00007FF6D3744000-memory.dmp

memory/1216-1099-0x00007FF70BAD0000-0x00007FF70BE24000-memory.dmp

memory/452-1107-0x00007FF79CB30000-0x00007FF79CE84000-memory.dmp

memory/920-1106-0x00007FF71C190000-0x00007FF71C4E4000-memory.dmp

memory/512-1105-0x00007FF689160000-0x00007FF6894B4000-memory.dmp

memory/1456-1104-0x00007FF66E7A0000-0x00007FF66EAF4000-memory.dmp

memory/2792-1103-0x00007FF782650000-0x00007FF7829A4000-memory.dmp

memory/4800-1102-0x00007FF60E130000-0x00007FF60E484000-memory.dmp

memory/4548-1101-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp

memory/2356-1100-0x00007FF6FD7E0000-0x00007FF6FDB34000-memory.dmp

memory/2116-1098-0x00007FF7A0CB0000-0x00007FF7A1004000-memory.dmp

memory/404-1097-0x00007FF6DCB60000-0x00007FF6DCEB4000-memory.dmp

memory/2672-1108-0x00007FF74B440000-0x00007FF74B794000-memory.dmp