Malware Analysis Report

2024-10-10 08:45

Sample ID 240605-j8bensaf7s
Target 4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe
SHA256 5b0ba1164cf90fda0ded2a76218c6317d624966e6b48591eaa54b4da44d93603
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b0ba1164cf90fda0ded2a76218c6317d624966e6b48591eaa54b4da44d93603

Threat Level: Known bad

The file 4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

XMRig Miner payload

KPOT

Xmrig family

KPOT Core Executable

xmrig

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 08:19

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 08:19

Reported

2024-06-05 08:22

Platform

win7-20240508-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lUmOKxw.exe N/A
N/A N/A C:\Windows\System\iUynhUU.exe N/A
N/A N/A C:\Windows\System\bQMWzGo.exe N/A
N/A N/A C:\Windows\System\nddnZWz.exe N/A
N/A N/A C:\Windows\System\kplWJLp.exe N/A
N/A N/A C:\Windows\System\KzHyLol.exe N/A
N/A N/A C:\Windows\System\qtttMGR.exe N/A
N/A N/A C:\Windows\System\IAiRMHr.exe N/A
N/A N/A C:\Windows\System\mPgkCdn.exe N/A
N/A N/A C:\Windows\System\gqdHbdK.exe N/A
N/A N/A C:\Windows\System\GzIZDvX.exe N/A
N/A N/A C:\Windows\System\PJbmkYN.exe N/A
N/A N/A C:\Windows\System\inWFbaM.exe N/A
N/A N/A C:\Windows\System\BrNJFbA.exe N/A
N/A N/A C:\Windows\System\WlYqcFC.exe N/A
N/A N/A C:\Windows\System\wVcCAbN.exe N/A
N/A N/A C:\Windows\System\YHtdKVP.exe N/A
N/A N/A C:\Windows\System\HtcePNi.exe N/A
N/A N/A C:\Windows\System\vXhKnWa.exe N/A
N/A N/A C:\Windows\System\HtgagVm.exe N/A
N/A N/A C:\Windows\System\MOEOyrJ.exe N/A
N/A N/A C:\Windows\System\UXblbJX.exe N/A
N/A N/A C:\Windows\System\dERQbsz.exe N/A
N/A N/A C:\Windows\System\jPcELXY.exe N/A
N/A N/A C:\Windows\System\mkLUNbu.exe N/A
N/A N/A C:\Windows\System\qgGLPfZ.exe N/A
N/A N/A C:\Windows\System\FGhslzw.exe N/A
N/A N/A C:\Windows\System\TlvgQeF.exe N/A
N/A N/A C:\Windows\System\oUtURgZ.exe N/A
N/A N/A C:\Windows\System\QvtngcX.exe N/A
N/A N/A C:\Windows\System\LVaeHXX.exe N/A
N/A N/A C:\Windows\System\bYLBMhS.exe N/A
N/A N/A C:\Windows\System\XIQtoPe.exe N/A
N/A N/A C:\Windows\System\rjauahw.exe N/A
N/A N/A C:\Windows\System\nGkRdTO.exe N/A
N/A N/A C:\Windows\System\Hcdphoj.exe N/A
N/A N/A C:\Windows\System\YnQQttI.exe N/A
N/A N/A C:\Windows\System\oyYDLAG.exe N/A
N/A N/A C:\Windows\System\UrfyIwj.exe N/A
N/A N/A C:\Windows\System\GHecWVn.exe N/A
N/A N/A C:\Windows\System\ybbdGZq.exe N/A
N/A N/A C:\Windows\System\gGlbZqi.exe N/A
N/A N/A C:\Windows\System\YQChIEu.exe N/A
N/A N/A C:\Windows\System\yjTAZoZ.exe N/A
N/A N/A C:\Windows\System\ZjltpmM.exe N/A
N/A N/A C:\Windows\System\QVjShMr.exe N/A
N/A N/A C:\Windows\System\hlQosnj.exe N/A
N/A N/A C:\Windows\System\esAvgBv.exe N/A
N/A N/A C:\Windows\System\GiWfApp.exe N/A
N/A N/A C:\Windows\System\VZTpdSb.exe N/A
N/A N/A C:\Windows\System\LQNOMrd.exe N/A
N/A N/A C:\Windows\System\SNJCspb.exe N/A
N/A N/A C:\Windows\System\mpBiIZp.exe N/A
N/A N/A C:\Windows\System\imkpOQe.exe N/A
N/A N/A C:\Windows\System\xcqXECF.exe N/A
N/A N/A C:\Windows\System\KgDLWNY.exe N/A
N/A N/A C:\Windows\System\ScCCQAE.exe N/A
N/A N/A C:\Windows\System\NKVvgJA.exe N/A
N/A N/A C:\Windows\System\ComZRtL.exe N/A
N/A N/A C:\Windows\System\rbUqRBH.exe N/A
N/A N/A C:\Windows\System\xdZkazS.exe N/A
N/A N/A C:\Windows\System\RXnCFAa.exe N/A
N/A N/A C:\Windows\System\QohMoto.exe N/A
N/A N/A C:\Windows\System\mmXAIHR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TpBHuzZ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzAgZEy.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJYQMuj.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZTpdSb.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcYFMYT.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpdKNjn.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCkzbsi.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDiuith.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFInLQW.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VnwUMuc.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\imkpOQe.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGjDqGm.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUFnjzE.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\cERnWlx.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oShjgkL.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPgUoJW.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnPNcmj.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfXPaRv.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\emZoQWT.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAfyiPa.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUIjNks.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhWxDlS.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ScCCQAE.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFXQytT.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XoeZftR.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\teuIJQI.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvFRfUq.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXhKnWa.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgwAyoQ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fKRumEP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\mODhkDU.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrhbHdx.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCpEVzr.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFzhSgL.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\dERQbsz.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\TzvJPpr.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgXKuBV.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBjsDwo.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPVROdP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQiHTWJ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xdZkazS.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQeIujK.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxGOHOk.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\qdgdVJo.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\nGjWWMo.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkLUNbu.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgwzFLE.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDocmBN.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\bJLpZoD.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSLgroC.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\uLHcPWp.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFWWGsX.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xcqXECF.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUkUmiK.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjPmZlz.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpjtAAT.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\SNJCspb.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgDLWNY.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSCLMkJ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBDgvpV.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZqQjYB.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCktyeh.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSkXpRG.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrqlcwR.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\lUmOKxw.exe
PID 2232 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\lUmOKxw.exe
PID 2232 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\lUmOKxw.exe
PID 2232 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\iUynhUU.exe
PID 2232 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\iUynhUU.exe
PID 2232 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\iUynhUU.exe
PID 2232 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\kplWJLp.exe
PID 2232 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\kplWJLp.exe
PID 2232 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\kplWJLp.exe
PID 2232 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\bQMWzGo.exe
PID 2232 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\bQMWzGo.exe
PID 2232 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\bQMWzGo.exe
PID 2232 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\KzHyLol.exe
PID 2232 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\KzHyLol.exe
PID 2232 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\KzHyLol.exe
PID 2232 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\nddnZWz.exe
PID 2232 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\nddnZWz.exe
PID 2232 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\nddnZWz.exe
PID 2232 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\qtttMGR.exe
PID 2232 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\qtttMGR.exe
PID 2232 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\qtttMGR.exe
PID 2232 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\IAiRMHr.exe
PID 2232 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\IAiRMHr.exe
PID 2232 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\IAiRMHr.exe
PID 2232 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\mPgkCdn.exe
PID 2232 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\mPgkCdn.exe
PID 2232 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\mPgkCdn.exe
PID 2232 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\gqdHbdK.exe
PID 2232 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\gqdHbdK.exe
PID 2232 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\gqdHbdK.exe
PID 2232 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GzIZDvX.exe
PID 2232 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GzIZDvX.exe
PID 2232 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GzIZDvX.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\PJbmkYN.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\PJbmkYN.exe
PID 2232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\PJbmkYN.exe
PID 2232 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\inWFbaM.exe
PID 2232 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\inWFbaM.exe
PID 2232 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\inWFbaM.exe
PID 2232 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\BrNJFbA.exe
PID 2232 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\BrNJFbA.exe
PID 2232 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\BrNJFbA.exe
PID 2232 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WlYqcFC.exe
PID 2232 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WlYqcFC.exe
PID 2232 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WlYqcFC.exe
PID 2232 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\wVcCAbN.exe
PID 2232 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\wVcCAbN.exe
PID 2232 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\wVcCAbN.exe
PID 2232 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YHtdKVP.exe
PID 2232 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YHtdKVP.exe
PID 2232 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YHtdKVP.exe
PID 2232 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtcePNi.exe
PID 2232 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtcePNi.exe
PID 2232 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtcePNi.exe
PID 2232 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\vXhKnWa.exe
PID 2232 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\vXhKnWa.exe
PID 2232 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\vXhKnWa.exe
PID 2232 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtgagVm.exe
PID 2232 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtgagVm.exe
PID 2232 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HtgagVm.exe
PID 2232 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MOEOyrJ.exe
PID 2232 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MOEOyrJ.exe
PID 2232 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MOEOyrJ.exe
PID 2232 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\UXblbJX.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe"

C:\Windows\System\lUmOKxw.exe

C:\Windows\System\lUmOKxw.exe

C:\Windows\System\iUynhUU.exe

C:\Windows\System\iUynhUU.exe

C:\Windows\System\kplWJLp.exe

C:\Windows\System\kplWJLp.exe

C:\Windows\System\bQMWzGo.exe

C:\Windows\System\bQMWzGo.exe

C:\Windows\System\KzHyLol.exe

C:\Windows\System\KzHyLol.exe

C:\Windows\System\nddnZWz.exe

C:\Windows\System\nddnZWz.exe

C:\Windows\System\qtttMGR.exe

C:\Windows\System\qtttMGR.exe

C:\Windows\System\IAiRMHr.exe

C:\Windows\System\IAiRMHr.exe

C:\Windows\System\mPgkCdn.exe

C:\Windows\System\mPgkCdn.exe

C:\Windows\System\gqdHbdK.exe

C:\Windows\System\gqdHbdK.exe

C:\Windows\System\GzIZDvX.exe

C:\Windows\System\GzIZDvX.exe

C:\Windows\System\PJbmkYN.exe

C:\Windows\System\PJbmkYN.exe

C:\Windows\System\inWFbaM.exe

C:\Windows\System\inWFbaM.exe

C:\Windows\System\BrNJFbA.exe

C:\Windows\System\BrNJFbA.exe

C:\Windows\System\WlYqcFC.exe

C:\Windows\System\WlYqcFC.exe

C:\Windows\System\wVcCAbN.exe

C:\Windows\System\wVcCAbN.exe

C:\Windows\System\YHtdKVP.exe

C:\Windows\System\YHtdKVP.exe

C:\Windows\System\HtcePNi.exe

C:\Windows\System\HtcePNi.exe

C:\Windows\System\vXhKnWa.exe

C:\Windows\System\vXhKnWa.exe

C:\Windows\System\HtgagVm.exe

C:\Windows\System\HtgagVm.exe

C:\Windows\System\MOEOyrJ.exe

C:\Windows\System\MOEOyrJ.exe

C:\Windows\System\UXblbJX.exe

C:\Windows\System\UXblbJX.exe

C:\Windows\System\dERQbsz.exe

C:\Windows\System\dERQbsz.exe

C:\Windows\System\jPcELXY.exe

C:\Windows\System\jPcELXY.exe

C:\Windows\System\mkLUNbu.exe

C:\Windows\System\mkLUNbu.exe

C:\Windows\System\qgGLPfZ.exe

C:\Windows\System\qgGLPfZ.exe

C:\Windows\System\FGhslzw.exe

C:\Windows\System\FGhslzw.exe

C:\Windows\System\TlvgQeF.exe

C:\Windows\System\TlvgQeF.exe

C:\Windows\System\oUtURgZ.exe

C:\Windows\System\oUtURgZ.exe

C:\Windows\System\QvtngcX.exe

C:\Windows\System\QvtngcX.exe

C:\Windows\System\LVaeHXX.exe

C:\Windows\System\LVaeHXX.exe

C:\Windows\System\bYLBMhS.exe

C:\Windows\System\bYLBMhS.exe

C:\Windows\System\XIQtoPe.exe

C:\Windows\System\XIQtoPe.exe

C:\Windows\System\rjauahw.exe

C:\Windows\System\rjauahw.exe

C:\Windows\System\nGkRdTO.exe

C:\Windows\System\nGkRdTO.exe

C:\Windows\System\Hcdphoj.exe

C:\Windows\System\Hcdphoj.exe

C:\Windows\System\YnQQttI.exe

C:\Windows\System\YnQQttI.exe

C:\Windows\System\oyYDLAG.exe

C:\Windows\System\oyYDLAG.exe

C:\Windows\System\UrfyIwj.exe

C:\Windows\System\UrfyIwj.exe

C:\Windows\System\GHecWVn.exe

C:\Windows\System\GHecWVn.exe

C:\Windows\System\ybbdGZq.exe

C:\Windows\System\ybbdGZq.exe

C:\Windows\System\gGlbZqi.exe

C:\Windows\System\gGlbZqi.exe

C:\Windows\System\YQChIEu.exe

C:\Windows\System\YQChIEu.exe

C:\Windows\System\yjTAZoZ.exe

C:\Windows\System\yjTAZoZ.exe

C:\Windows\System\ZjltpmM.exe

C:\Windows\System\ZjltpmM.exe

C:\Windows\System\QVjShMr.exe

C:\Windows\System\QVjShMr.exe

C:\Windows\System\hlQosnj.exe

C:\Windows\System\hlQosnj.exe

C:\Windows\System\esAvgBv.exe

C:\Windows\System\esAvgBv.exe

C:\Windows\System\GiWfApp.exe

C:\Windows\System\GiWfApp.exe

C:\Windows\System\VZTpdSb.exe

C:\Windows\System\VZTpdSb.exe

C:\Windows\System\LQNOMrd.exe

C:\Windows\System\LQNOMrd.exe

C:\Windows\System\SNJCspb.exe

C:\Windows\System\SNJCspb.exe

C:\Windows\System\mpBiIZp.exe

C:\Windows\System\mpBiIZp.exe

C:\Windows\System\imkpOQe.exe

C:\Windows\System\imkpOQe.exe

C:\Windows\System\xcqXECF.exe

C:\Windows\System\xcqXECF.exe

C:\Windows\System\KgDLWNY.exe

C:\Windows\System\KgDLWNY.exe

C:\Windows\System\ScCCQAE.exe

C:\Windows\System\ScCCQAE.exe

C:\Windows\System\NKVvgJA.exe

C:\Windows\System\NKVvgJA.exe

C:\Windows\System\ComZRtL.exe

C:\Windows\System\ComZRtL.exe

C:\Windows\System\rbUqRBH.exe

C:\Windows\System\rbUqRBH.exe

C:\Windows\System\xdZkazS.exe

C:\Windows\System\xdZkazS.exe

C:\Windows\System\RXnCFAa.exe

C:\Windows\System\RXnCFAa.exe

C:\Windows\System\QohMoto.exe

C:\Windows\System\QohMoto.exe

C:\Windows\System\mmXAIHR.exe

C:\Windows\System\mmXAIHR.exe

C:\Windows\System\ArZboyF.exe

C:\Windows\System\ArZboyF.exe

C:\Windows\System\XKSlmOH.exe

C:\Windows\System\XKSlmOH.exe

C:\Windows\System\wsIFbvu.exe

C:\Windows\System\wsIFbvu.exe

C:\Windows\System\ovEZamc.exe

C:\Windows\System\ovEZamc.exe

C:\Windows\System\ILFyrOF.exe

C:\Windows\System\ILFyrOF.exe

C:\Windows\System\BJSTTOx.exe

C:\Windows\System\BJSTTOx.exe

C:\Windows\System\qTnXVdc.exe

C:\Windows\System\qTnXVdc.exe

C:\Windows\System\sIdqMxb.exe

C:\Windows\System\sIdqMxb.exe

C:\Windows\System\vrJcFVT.exe

C:\Windows\System\vrJcFVT.exe

C:\Windows\System\nubVBlK.exe

C:\Windows\System\nubVBlK.exe

C:\Windows\System\rPBqpxX.exe

C:\Windows\System\rPBqpxX.exe

C:\Windows\System\FDpVMsU.exe

C:\Windows\System\FDpVMsU.exe

C:\Windows\System\YCCejBv.exe

C:\Windows\System\YCCejBv.exe

C:\Windows\System\gWuEsUo.exe

C:\Windows\System\gWuEsUo.exe

C:\Windows\System\emZoQWT.exe

C:\Windows\System\emZoQWT.exe

C:\Windows\System\AAfyiPa.exe

C:\Windows\System\AAfyiPa.exe

C:\Windows\System\vibMPLb.exe

C:\Windows\System\vibMPLb.exe

C:\Windows\System\EHyeede.exe

C:\Windows\System\EHyeede.exe

C:\Windows\System\MNAxNOx.exe

C:\Windows\System\MNAxNOx.exe

C:\Windows\System\PHSQlnj.exe

C:\Windows\System\PHSQlnj.exe

C:\Windows\System\ZBrXMgJ.exe

C:\Windows\System\ZBrXMgJ.exe

C:\Windows\System\vnXfVVH.exe

C:\Windows\System\vnXfVVH.exe

C:\Windows\System\zMvMdMm.exe

C:\Windows\System\zMvMdMm.exe

C:\Windows\System\fgwzFLE.exe

C:\Windows\System\fgwzFLE.exe

C:\Windows\System\qSMzxRd.exe

C:\Windows\System\qSMzxRd.exe

C:\Windows\System\dSkXpRG.exe

C:\Windows\System\dSkXpRG.exe

C:\Windows\System\mfZkvom.exe

C:\Windows\System\mfZkvom.exe

C:\Windows\System\cARqhIL.exe

C:\Windows\System\cARqhIL.exe

C:\Windows\System\eYPHHBh.exe

C:\Windows\System\eYPHHBh.exe

C:\Windows\System\CgOlUGe.exe

C:\Windows\System\CgOlUGe.exe

C:\Windows\System\FfOSzHZ.exe

C:\Windows\System\FfOSzHZ.exe

C:\Windows\System\SizyzcL.exe

C:\Windows\System\SizyzcL.exe

C:\Windows\System\aFZWTUO.exe

C:\Windows\System\aFZWTUO.exe

C:\Windows\System\aYveCMn.exe

C:\Windows\System\aYveCMn.exe

C:\Windows\System\QBASizh.exe

C:\Windows\System\QBASizh.exe

C:\Windows\System\QmHFWvW.exe

C:\Windows\System\QmHFWvW.exe

C:\Windows\System\GQOkCJh.exe

C:\Windows\System\GQOkCJh.exe

C:\Windows\System\uQeIujK.exe

C:\Windows\System\uQeIujK.exe

C:\Windows\System\TpgWwkq.exe

C:\Windows\System\TpgWwkq.exe

C:\Windows\System\kbHfMUW.exe

C:\Windows\System\kbHfMUW.exe

C:\Windows\System\GbLERSa.exe

C:\Windows\System\GbLERSa.exe

C:\Windows\System\TzvJPpr.exe

C:\Windows\System\TzvJPpr.exe

C:\Windows\System\cJDKbqv.exe

C:\Windows\System\cJDKbqv.exe

C:\Windows\System\nJcSdOX.exe

C:\Windows\System\nJcSdOX.exe

C:\Windows\System\llfDbZe.exe

C:\Windows\System\llfDbZe.exe

C:\Windows\System\lEPwbOT.exe

C:\Windows\System\lEPwbOT.exe

C:\Windows\System\aZGrSyh.exe

C:\Windows\System\aZGrSyh.exe

C:\Windows\System\ZUkUmiK.exe

C:\Windows\System\ZUkUmiK.exe

C:\Windows\System\ToqePub.exe

C:\Windows\System\ToqePub.exe

C:\Windows\System\YGjDqGm.exe

C:\Windows\System\YGjDqGm.exe

C:\Windows\System\KdxDVWD.exe

C:\Windows\System\KdxDVWD.exe

C:\Windows\System\zFpBuHB.exe

C:\Windows\System\zFpBuHB.exe

C:\Windows\System\nRInmxe.exe

C:\Windows\System\nRInmxe.exe

C:\Windows\System\CQNMBjc.exe

C:\Windows\System\CQNMBjc.exe

C:\Windows\System\qEoCeso.exe

C:\Windows\System\qEoCeso.exe

C:\Windows\System\kMiMeJY.exe

C:\Windows\System\kMiMeJY.exe

C:\Windows\System\ENDLYbD.exe

C:\Windows\System\ENDLYbD.exe

C:\Windows\System\EFXQytT.exe

C:\Windows\System\EFXQytT.exe

C:\Windows\System\rrqlcwR.exe

C:\Windows\System\rrqlcwR.exe

C:\Windows\System\eeOPqoZ.exe

C:\Windows\System\eeOPqoZ.exe

C:\Windows\System\wgwAyoQ.exe

C:\Windows\System\wgwAyoQ.exe

C:\Windows\System\KsXOgoJ.exe

C:\Windows\System\KsXOgoJ.exe

C:\Windows\System\KEzgyhE.exe

C:\Windows\System\KEzgyhE.exe

C:\Windows\System\UZvpEBj.exe

C:\Windows\System\UZvpEBj.exe

C:\Windows\System\LjPmZlz.exe

C:\Windows\System\LjPmZlz.exe

C:\Windows\System\MVyTkuh.exe

C:\Windows\System\MVyTkuh.exe

C:\Windows\System\HeyEikg.exe

C:\Windows\System\HeyEikg.exe

C:\Windows\System\BrLFFUV.exe

C:\Windows\System\BrLFFUV.exe

C:\Windows\System\yRPBgAs.exe

C:\Windows\System\yRPBgAs.exe

C:\Windows\System\UpUaIDn.exe

C:\Windows\System\UpUaIDn.exe

C:\Windows\System\bqzhCeY.exe

C:\Windows\System\bqzhCeY.exe

C:\Windows\System\APYHccx.exe

C:\Windows\System\APYHccx.exe

C:\Windows\System\pzsyssM.exe

C:\Windows\System\pzsyssM.exe

C:\Windows\System\CRCmgJs.exe

C:\Windows\System\CRCmgJs.exe

C:\Windows\System\vCBydBB.exe

C:\Windows\System\vCBydBB.exe

C:\Windows\System\NNFrYnH.exe

C:\Windows\System\NNFrYnH.exe

C:\Windows\System\acZeIpI.exe

C:\Windows\System\acZeIpI.exe

C:\Windows\System\AXJhSYU.exe

C:\Windows\System\AXJhSYU.exe

C:\Windows\System\IcYFMYT.exe

C:\Windows\System\IcYFMYT.exe

C:\Windows\System\iZKTFDa.exe

C:\Windows\System\iZKTFDa.exe

C:\Windows\System\kyQHgXT.exe

C:\Windows\System\kyQHgXT.exe

C:\Windows\System\ZHEKWRY.exe

C:\Windows\System\ZHEKWRY.exe

C:\Windows\System\xaCwVxy.exe

C:\Windows\System\xaCwVxy.exe

C:\Windows\System\YFTAFYL.exe

C:\Windows\System\YFTAFYL.exe

C:\Windows\System\NnPEnHr.exe

C:\Windows\System\NnPEnHr.exe

C:\Windows\System\PTFzWnf.exe

C:\Windows\System\PTFzWnf.exe

C:\Windows\System\OoURagY.exe

C:\Windows\System\OoURagY.exe

C:\Windows\System\TgxmQDP.exe

C:\Windows\System\TgxmQDP.exe

C:\Windows\System\ajLXRhd.exe

C:\Windows\System\ajLXRhd.exe

C:\Windows\System\ACmEHwi.exe

C:\Windows\System\ACmEHwi.exe

C:\Windows\System\vgZrWel.exe

C:\Windows\System\vgZrWel.exe

C:\Windows\System\ekSWukp.exe

C:\Windows\System\ekSWukp.exe

C:\Windows\System\sOIcmqW.exe

C:\Windows\System\sOIcmqW.exe

C:\Windows\System\dZqQjYB.exe

C:\Windows\System\dZqQjYB.exe

C:\Windows\System\gUFnjzE.exe

C:\Windows\System\gUFnjzE.exe

C:\Windows\System\XfDbEAW.exe

C:\Windows\System\XfDbEAW.exe

C:\Windows\System\GTrmCOq.exe

C:\Windows\System\GTrmCOq.exe

C:\Windows\System\cPpNbPQ.exe

C:\Windows\System\cPpNbPQ.exe

C:\Windows\System\oShjgkL.exe

C:\Windows\System\oShjgkL.exe

C:\Windows\System\fgXKuBV.exe

C:\Windows\System\fgXKuBV.exe

C:\Windows\System\LUprcSl.exe

C:\Windows\System\LUprcSl.exe

C:\Windows\System\qidjJYO.exe

C:\Windows\System\qidjJYO.exe

C:\Windows\System\aNDcMDm.exe

C:\Windows\System\aNDcMDm.exe

C:\Windows\System\pJUCUHn.exe

C:\Windows\System\pJUCUHn.exe

C:\Windows\System\yUhxTOP.exe

C:\Windows\System\yUhxTOP.exe

C:\Windows\System\kYyanLy.exe

C:\Windows\System\kYyanLy.exe

C:\Windows\System\YdcSbHC.exe

C:\Windows\System\YdcSbHC.exe

C:\Windows\System\qkDmQOG.exe

C:\Windows\System\qkDmQOG.exe

C:\Windows\System\xCktyeh.exe

C:\Windows\System\xCktyeh.exe

C:\Windows\System\UltXdfz.exe

C:\Windows\System\UltXdfz.exe

C:\Windows\System\gBjsDwo.exe

C:\Windows\System\gBjsDwo.exe

C:\Windows\System\fLLrCtC.exe

C:\Windows\System\fLLrCtC.exe

C:\Windows\System\IWEvqCN.exe

C:\Windows\System\IWEvqCN.exe

C:\Windows\System\yynwdLY.exe

C:\Windows\System\yynwdLY.exe

C:\Windows\System\cRuUTHz.exe

C:\Windows\System\cRuUTHz.exe

C:\Windows\System\YOOxojU.exe

C:\Windows\System\YOOxojU.exe

C:\Windows\System\vAbnaxw.exe

C:\Windows\System\vAbnaxw.exe

C:\Windows\System\XPgUoJW.exe

C:\Windows\System\XPgUoJW.exe

C:\Windows\System\kYbqGoK.exe

C:\Windows\System\kYbqGoK.exe

C:\Windows\System\sbVVENW.exe

C:\Windows\System\sbVVENW.exe

C:\Windows\System\bfBKDxb.exe

C:\Windows\System\bfBKDxb.exe

C:\Windows\System\urgkMaj.exe

C:\Windows\System\urgkMaj.exe

C:\Windows\System\LROIbcG.exe

C:\Windows\System\LROIbcG.exe

C:\Windows\System\DOVKqej.exe

C:\Windows\System\DOVKqej.exe

C:\Windows\System\DJoAYFJ.exe

C:\Windows\System\DJoAYFJ.exe

C:\Windows\System\zhewHbU.exe

C:\Windows\System\zhewHbU.exe

C:\Windows\System\mMvPDcA.exe

C:\Windows\System\mMvPDcA.exe

C:\Windows\System\pMLGhvE.exe

C:\Windows\System\pMLGhvE.exe

C:\Windows\System\crCOZzB.exe

C:\Windows\System\crCOZzB.exe

C:\Windows\System\XoeZftR.exe

C:\Windows\System\XoeZftR.exe

C:\Windows\System\lrhbHdx.exe

C:\Windows\System\lrhbHdx.exe

C:\Windows\System\cERnWlx.exe

C:\Windows\System\cERnWlx.exe

C:\Windows\System\qhupPTQ.exe

C:\Windows\System\qhupPTQ.exe

C:\Windows\System\AKpltYq.exe

C:\Windows\System\AKpltYq.exe

C:\Windows\System\hNpSVvQ.exe

C:\Windows\System\hNpSVvQ.exe

C:\Windows\System\fVvLSsh.exe

C:\Windows\System\fVvLSsh.exe

C:\Windows\System\cIRBmhA.exe

C:\Windows\System\cIRBmhA.exe

C:\Windows\System\jzhAUDE.exe

C:\Windows\System\jzhAUDE.exe

C:\Windows\System\yDiuith.exe

C:\Windows\System\yDiuith.exe

C:\Windows\System\ikzmmUm.exe

C:\Windows\System\ikzmmUm.exe

C:\Windows\System\KARRqiL.exe

C:\Windows\System\KARRqiL.exe

C:\Windows\System\iHCbXjQ.exe

C:\Windows\System\iHCbXjQ.exe

C:\Windows\System\jGmSzif.exe

C:\Windows\System\jGmSzif.exe

C:\Windows\System\gpdKNjn.exe

C:\Windows\System\gpdKNjn.exe

C:\Windows\System\WnPNcmj.exe

C:\Windows\System\WnPNcmj.exe

C:\Windows\System\wrWRQCp.exe

C:\Windows\System\wrWRQCp.exe

C:\Windows\System\hllqheB.exe

C:\Windows\System\hllqheB.exe

C:\Windows\System\uYmhsEw.exe

C:\Windows\System\uYmhsEw.exe

C:\Windows\System\cvqIzVP.exe

C:\Windows\System\cvqIzVP.exe

C:\Windows\System\tYtkSxg.exe

C:\Windows\System\tYtkSxg.exe

C:\Windows\System\PAusCmf.exe

C:\Windows\System\PAusCmf.exe

C:\Windows\System\teuIJQI.exe

C:\Windows\System\teuIJQI.exe

C:\Windows\System\rWNpjgp.exe

C:\Windows\System\rWNpjgp.exe

C:\Windows\System\WOfAeDv.exe

C:\Windows\System\WOfAeDv.exe

C:\Windows\System\fKRumEP.exe

C:\Windows\System\fKRumEP.exe

C:\Windows\System\hcQHNkP.exe

C:\Windows\System\hcQHNkP.exe

C:\Windows\System\ofKqyDV.exe

C:\Windows\System\ofKqyDV.exe

C:\Windows\System\ozHMcAk.exe

C:\Windows\System\ozHMcAk.exe

C:\Windows\System\cnCbqNm.exe

C:\Windows\System\cnCbqNm.exe

C:\Windows\System\gbXwaNP.exe

C:\Windows\System\gbXwaNP.exe

C:\Windows\System\fCkzbsi.exe

C:\Windows\System\fCkzbsi.exe

C:\Windows\System\NpjtAAT.exe

C:\Windows\System\NpjtAAT.exe

C:\Windows\System\MmOwfSD.exe

C:\Windows\System\MmOwfSD.exe

C:\Windows\System\Kbtlppb.exe

C:\Windows\System\Kbtlppb.exe

C:\Windows\System\TOLObbm.exe

C:\Windows\System\TOLObbm.exe

C:\Windows\System\rSLgroC.exe

C:\Windows\System\rSLgroC.exe

C:\Windows\System\DMoPTNK.exe

C:\Windows\System\DMoPTNK.exe

C:\Windows\System\duBEsPK.exe

C:\Windows\System\duBEsPK.exe

C:\Windows\System\gtxHsAM.exe

C:\Windows\System\gtxHsAM.exe

C:\Windows\System\hyNXYPn.exe

C:\Windows\System\hyNXYPn.exe

C:\Windows\System\mAhOZib.exe

C:\Windows\System\mAhOZib.exe

C:\Windows\System\RDocmBN.exe

C:\Windows\System\RDocmBN.exe

C:\Windows\System\nSWGTCE.exe

C:\Windows\System\nSWGTCE.exe

C:\Windows\System\BCpEVzr.exe

C:\Windows\System\BCpEVzr.exe

C:\Windows\System\TBqTghi.exe

C:\Windows\System\TBqTghi.exe

C:\Windows\System\lMuHfPt.exe

C:\Windows\System\lMuHfPt.exe

C:\Windows\System\PZktzwH.exe

C:\Windows\System\PZktzwH.exe

C:\Windows\System\bJLpZoD.exe

C:\Windows\System\bJLpZoD.exe

C:\Windows\System\eLLcCzh.exe

C:\Windows\System\eLLcCzh.exe

C:\Windows\System\HDGYZaH.exe

C:\Windows\System\HDGYZaH.exe

C:\Windows\System\ueXDSjC.exe

C:\Windows\System\ueXDSjC.exe

C:\Windows\System\BbKuCGw.exe

C:\Windows\System\BbKuCGw.exe

C:\Windows\System\TpBHuzZ.exe

C:\Windows\System\TpBHuzZ.exe

C:\Windows\System\oFglfjR.exe

C:\Windows\System\oFglfjR.exe

C:\Windows\System\vaafpBe.exe

C:\Windows\System\vaafpBe.exe

C:\Windows\System\ovKUkAC.exe

C:\Windows\System\ovKUkAC.exe

C:\Windows\System\DhWqgRR.exe

C:\Windows\System\DhWqgRR.exe

C:\Windows\System\hXbydCl.exe

C:\Windows\System\hXbydCl.exe

C:\Windows\System\lirzvXv.exe

C:\Windows\System\lirzvXv.exe

C:\Windows\System\dQGkIMP.exe

C:\Windows\System\dQGkIMP.exe

C:\Windows\System\ilBjvJt.exe

C:\Windows\System\ilBjvJt.exe

C:\Windows\System\NtHWzyi.exe

C:\Windows\System\NtHWzyi.exe

C:\Windows\System\WsYEQkr.exe

C:\Windows\System\WsYEQkr.exe

C:\Windows\System\WxGOHOk.exe

C:\Windows\System\WxGOHOk.exe

C:\Windows\System\mODhkDU.exe

C:\Windows\System\mODhkDU.exe

C:\Windows\System\UFInLQW.exe

C:\Windows\System\UFInLQW.exe

C:\Windows\System\eRQYzWv.exe

C:\Windows\System\eRQYzWv.exe

C:\Windows\System\pMArIXU.exe

C:\Windows\System\pMArIXU.exe

C:\Windows\System\ZFxkrxD.exe

C:\Windows\System\ZFxkrxD.exe

C:\Windows\System\cJOntJc.exe

C:\Windows\System\cJOntJc.exe

C:\Windows\System\ZCwTuBB.exe

C:\Windows\System\ZCwTuBB.exe

C:\Windows\System\XzAgZEy.exe

C:\Windows\System\XzAgZEy.exe

C:\Windows\System\ATTlMin.exe

C:\Windows\System\ATTlMin.exe

C:\Windows\System\PYDOosJ.exe

C:\Windows\System\PYDOosJ.exe

C:\Windows\System\yfxIZTI.exe

C:\Windows\System\yfxIZTI.exe

C:\Windows\System\hxRDzIM.exe

C:\Windows\System\hxRDzIM.exe

C:\Windows\System\yFyaWOQ.exe

C:\Windows\System\yFyaWOQ.exe

C:\Windows\System\REhWjpr.exe

C:\Windows\System\REhWjpr.exe

C:\Windows\System\BsYUDHL.exe

C:\Windows\System\BsYUDHL.exe

C:\Windows\System\LYIQSsw.exe

C:\Windows\System\LYIQSsw.exe

C:\Windows\System\gnwljTC.exe

C:\Windows\System\gnwljTC.exe

C:\Windows\System\uLHcPWp.exe

C:\Windows\System\uLHcPWp.exe

C:\Windows\System\nGykkVF.exe

C:\Windows\System\nGykkVF.exe

C:\Windows\System\nGjWWMo.exe

C:\Windows\System\nGjWWMo.exe

C:\Windows\System\BiPQJeu.exe

C:\Windows\System\BiPQJeu.exe

C:\Windows\System\jfXPaRv.exe

C:\Windows\System\jfXPaRv.exe

C:\Windows\System\qdgdVJo.exe

C:\Windows\System\qdgdVJo.exe

C:\Windows\System\EsVwnvL.exe

C:\Windows\System\EsVwnvL.exe

C:\Windows\System\WoZEQbP.exe

C:\Windows\System\WoZEQbP.exe

C:\Windows\System\JxdmktN.exe

C:\Windows\System\JxdmktN.exe

C:\Windows\System\UeUbXqj.exe

C:\Windows\System\UeUbXqj.exe

C:\Windows\System\hCDulrn.exe

C:\Windows\System\hCDulrn.exe

C:\Windows\System\NqGHgBV.exe

C:\Windows\System\NqGHgBV.exe

C:\Windows\System\TJYQMuj.exe

C:\Windows\System\TJYQMuj.exe

C:\Windows\System\FpGhIMK.exe

C:\Windows\System\FpGhIMK.exe

C:\Windows\System\almDXkc.exe

C:\Windows\System\almDXkc.exe

C:\Windows\System\zpCgzIc.exe

C:\Windows\System\zpCgzIc.exe

C:\Windows\System\TvFRfUq.exe

C:\Windows\System\TvFRfUq.exe

C:\Windows\System\HiypfMy.exe

C:\Windows\System\HiypfMy.exe

C:\Windows\System\slbSMmn.exe

C:\Windows\System\slbSMmn.exe

C:\Windows\System\xFzUFxJ.exe

C:\Windows\System\xFzUFxJ.exe

C:\Windows\System\MFWWGsX.exe

C:\Windows\System\MFWWGsX.exe

C:\Windows\System\rDDnhGR.exe

C:\Windows\System\rDDnhGR.exe

C:\Windows\System\VUEIdry.exe

C:\Windows\System\VUEIdry.exe

C:\Windows\System\IhWxDlS.exe

C:\Windows\System\IhWxDlS.exe

C:\Windows\System\VnwUMuc.exe

C:\Windows\System\VnwUMuc.exe

C:\Windows\System\AUIjNks.exe

C:\Windows\System\AUIjNks.exe

C:\Windows\System\uwcrNqf.exe

C:\Windows\System\uwcrNqf.exe

C:\Windows\System\oSCLMkJ.exe

C:\Windows\System\oSCLMkJ.exe

C:\Windows\System\NAeylzK.exe

C:\Windows\System\NAeylzK.exe

C:\Windows\System\aEuRgBV.exe

C:\Windows\System\aEuRgBV.exe

C:\Windows\System\PyYWnGZ.exe

C:\Windows\System\PyYWnGZ.exe

C:\Windows\System\GBDgvpV.exe

C:\Windows\System\GBDgvpV.exe

C:\Windows\System\vJczlcC.exe

C:\Windows\System\vJczlcC.exe

C:\Windows\System\gCLvsQN.exe

C:\Windows\System\gCLvsQN.exe

C:\Windows\System\MPVROdP.exe

C:\Windows\System\MPVROdP.exe

C:\Windows\System\cukeBtE.exe

C:\Windows\System\cukeBtE.exe

C:\Windows\System\oFzhSgL.exe

C:\Windows\System\oFzhSgL.exe

C:\Windows\System\QBUeKka.exe

C:\Windows\System\QBUeKka.exe

C:\Windows\System\lukXZOP.exe

C:\Windows\System\lukXZOP.exe

C:\Windows\System\JAeQqee.exe

C:\Windows\System\JAeQqee.exe

C:\Windows\System\bcbQrVL.exe

C:\Windows\System\bcbQrVL.exe

C:\Windows\System\LhjmXqk.exe

C:\Windows\System\LhjmXqk.exe

C:\Windows\System\NbhxMcC.exe

C:\Windows\System\NbhxMcC.exe

C:\Windows\System\smBcbFa.exe

C:\Windows\System\smBcbFa.exe

C:\Windows\System\AloymGy.exe

C:\Windows\System\AloymGy.exe

C:\Windows\System\lOHPTMN.exe

C:\Windows\System\lOHPTMN.exe

C:\Windows\System\UZauJfo.exe

C:\Windows\System\UZauJfo.exe

C:\Windows\System\CQiHTWJ.exe

C:\Windows\System\CQiHTWJ.exe

C:\Windows\System\pjFYHfX.exe

C:\Windows\System\pjFYHfX.exe

C:\Windows\System\JffmESs.exe

C:\Windows\System\JffmESs.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2232-0-0x0000000000100000-0x0000000000110000-memory.dmp

memory/2232-2-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\iUynhUU.exe

MD5 ff024d5b3700683b5332a9134f59cfd5
SHA1 34500781683a2dc4163fd14fc6a61c6f3785f151
SHA256 651fd87636b292cc96433859a8733a2d9542f8cd9f283f271b03dd8cd60bb114
SHA512 234bce58e418034053a982476cf25d5eb9a6eb304d0b1a175dbdb0e289f8327f1448cce30da8dd3e0d27a7b08b4f3b3331cc0a5ffab8d009342fffa1162e77dd

C:\Windows\system\nddnZWz.exe

MD5 4e2191e4360ee128cfe3b8d5449b91b6
SHA1 4aa368017ce0b2e9bf29e145c21a42497a292d90
SHA256 dd8ada8cc9b4739eaf9df4e2391aa153db31c02e6cc983ab04aacc20c2805d8c
SHA512 c94ad376b575f3587611209a41e3b517e0e3e115a06e486c5b8b1d511fe4c5f6f5833010eaa3f1c520c15189963a70e7f4a9e3016cb9f4448a72dd444a7a16cc

memory/2596-31-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2232-35-0x000000013FFE0000-0x0000000140334000-memory.dmp

C:\Windows\system\KzHyLol.exe

MD5 004145830b46d749d25b69a6290517b2
SHA1 9ad954b5ecb0b93e58dd7d33c2272622555b2fb1
SHA256 cfd57ec0d97eee61475151234d257dfce2975532a7b2143ad5f6746254b38259
SHA512 fe9d71baa808ef3091c9144fb1bc6f9fca88bd2866b22f8b2edcbe9cc3a824e4afa50148b301b0e3dec1d5299f6e3c166f6f9263c83ccde0beeee486a78c7d51

memory/2728-39-0x000000013FF70000-0x00000001402C4000-memory.dmp

C:\Windows\system\gqdHbdK.exe

MD5 52e9269dd01bc9a05b472892bc7d8712
SHA1 cd3c90eea604e7399249d4040ad27a790f35cdfd
SHA256 b08c5c80176d8ac66aa75b115f52b6c3a42409b4331ee84260eba5df3ad7ce9d
SHA512 ef3179b9a35badf5e3b7e9570f7f258f8dde971b87d83f9e934a812fbbec4b202362314e736461a2e0a8c29e412efc8b7b7792ee7e2d0761c2b840313895ce8a

memory/2568-62-0x000000013F0D0000-0x000000013F424000-memory.dmp

C:\Windows\system\PJbmkYN.exe

MD5 7069d0f071e687a8d004058189271b18
SHA1 fa0790186d30c5fefdc5f6b81c2e4ec015d01b6e
SHA256 f7525c7e9685452c60401e1070c28712dda9385098ca33acc034efffda601d05
SHA512 4a12a636a0ae931c8ba375f25135db7a88e57479231b3069ff05a406983994afd94cf9a89e5db6eda97048726a557e6bc2bfd24cdf696d5967749913349c879d

memory/2696-84-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\wVcCAbN.exe

MD5 624d576c8fec148ccdff97e860fcfc00
SHA1 d22ff2ad2a18b79604af61f14a487e1809a6fde0
SHA256 dc744801eaffc10a409712f79e8114e557b7466018889943e3797296a687c6cd
SHA512 ab9ca7db51d5211796a345e2ea9fab961f97f2a8a8bbe2ca3291264ad41193eee684f1c2be7eb2cad404886c6525fc7c29776a596c59faae91d0ca8e8d928742

C:\Windows\system\MOEOyrJ.exe

MD5 274ad464dc7a44d5dc81f8a773f48845
SHA1 fe3407a67c8edbe66894b7663173a5b1cfc14fe8
SHA256 6e8dfc7fc607ff76e8fe7b6164da9688e6bb1f4a03c27533fa8d49348728f13a
SHA512 209ec4d843f7b5710d353dad8bb36a4f45a6ccb56c392188d7c88b893de4805cee4571644559a0c8c2276daee63d9cba98e2829f3ce36a0ec9dba5276be70042

C:\Windows\system\mkLUNbu.exe

MD5 0f15b0409a5a0b58a8b8be6c3715b0f7
SHA1 ca08b7c58c6065badde2f8174cb20b73c15349ba
SHA256 a2175db4b7b8f833d463b7fa3cfe57413f70d48d2b48f904ca6875ae3b3d297b
SHA512 4a42b6257aaa1d2829a5e57418fc4e58a06aa386190f6e08cdb7aa6cdb6d6cf3b015509740070adef19b1ca59da4ade00a5fda1752ac3276c57e6bcfc59eb6c6

C:\Windows\system\FGhslzw.exe

MD5 60d9df44887c29d0804f936e97da7aac
SHA1 9ae3bca3a3188e1355cee5a062534d4aae4d05a6
SHA256 1b6614ffc94833ccbdb8107abb9c6efab49a3bc2a7bf6a3b3a1ac7dab8e94ef7
SHA512 9f6fea6d3c28cca09a52e81a0d45c14a6a45c42707ad6cb65ef106aad46ddc7ffae07c8bd023424ce40379fb1e697c1c4a48c9fd4e8debadc521ef2775984f8a

memory/2232-1061-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2676-1063-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2568-1065-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2900-704-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2824-515-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2232-514-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2728-348-0x000000013FF70000-0x00000001402C4000-memory.dmp

C:\Windows\system\bYLBMhS.exe

MD5 ddf6bc9751c9130c43647635eea8329b
SHA1 7d185d38441fbb51c37d50983a91f344f6241eb8
SHA256 caa527bb536c541164382480a30b5778bdadd4b258359be6ce8a62e7dc63a980
SHA512 b5699c25b7bed51e637cfd8d70f384f45cce9ea1552aa2cf674576ade32b3f9cbf243e8c814ca624647f86e075dd96ca673319810d1e77f075d0ab16dbed1992

C:\Windows\system\LVaeHXX.exe

MD5 be1f555c476c8f6b09519d201af38a04
SHA1 51f9bf0b6cd11b781093626be4d2812e07cea96b
SHA256 85a2dd5f4f9c662227d0765af42ae9c8866b5494be9356aab326bbe4447b69fb
SHA512 3cedbb57df5d27b9e103be8263b1e1bf6266e7f7688c8d54818d0d0f80ca4cd238cbacea57ea97db2b17893dfbf03f3fb683b0474d96c4aa27ab3f76029e4e23

C:\Windows\system\QvtngcX.exe

MD5 a73c5f7cb00a7d6ed650f9d188bcc995
SHA1 685568453202bd2c084da5e139ed246bfa2c930b
SHA256 9c07b5e77fe0601c02f7edfc75a2ccc603b11f7b56a4bcf142bfb6a3bc1803c4
SHA512 abebb180cdb895748eae3681cf23ad0e2b3dff8cc8856d732d4c67cfea2d95586b4e2b9b4a01c86f8edd77859040b5690e60a4c92b6bb708206283605d2f6189

C:\Windows\system\oUtURgZ.exe

MD5 5d662d7ac038a08c44e98add4e20e8bd
SHA1 06f02b6456b6a775599a1cfdbb982d79a434a93f
SHA256 63779ba14d60afb0e37689159ce51f2374f774660063116699059f6553dc0734
SHA512 7ebfe4fac9f1957584eb39809410a1fa7d85df5b798484b8228b4b42bb8d20b30f39ac9db1c931b91d5d25eac237b194e42f0a73e5c44063a368614689a2bad2

C:\Windows\system\TlvgQeF.exe

MD5 ad73fcafdb408bb0ad8baf06f4ae130f
SHA1 432cceeb2a545dbf48dc5532f7423211ee0e1228
SHA256 70d62e27fb638b45913c7169e17efd085b3b0c94d23b7ce667ab8e004c3d0c12
SHA512 085605c7573f9fdeacee20699bcb69e675992e71a93a0731424ca357b48a608f0e663a69ba05dfa334d33942e8f01945e68dc8192c09d7630b34f111de6ba29c

C:\Windows\system\qgGLPfZ.exe

MD5 f5dffc1476ec61eddb8260490c6e3b30
SHA1 5c8dd1b3102399719c35e9a1e81259b5b847e300
SHA256 cbe733eca3455a0c5f26b3379bfd9f532fd4303408b6f143b25361d1232c31e9
SHA512 7dbd70d5a387c5f2469e99724c9424c4c9126a902a1650ffd9c6b307fd81b9b954ec2e9ec86ac50768c010f73731d62fdf707ac9e53223eb00f3c8c79a9b4770

C:\Windows\system\jPcELXY.exe

MD5 eccb70e03edf244fc49a843dc288e00e
SHA1 1107058b377575a54228ddbd1518636cf2d991be
SHA256 304f6024d2392b2bb74de6badfddc4354bec727d4d2bf93b1164ad66dc3ba726
SHA512 edfcc3e16c2d496b646dc304a906ad3f8261952936c5a6074f0b8888f0f8eb08d3f5306420503f1815d18f93adb7ecec00745faee0f73bf52bc99ab525a24ea6

C:\Windows\system\dERQbsz.exe

MD5 01f8c44e9fe1ff5111d81f7ede5794a8
SHA1 2f90444890cb660b72f21120832ab2874e46d16c
SHA256 4e124b9aa4efd950bab472d2dcdf66bb123a972f524cc20c70ea76c9e81fbd46
SHA512 9d11284a5b6511771e0c9c06c722bfac3582d363a84f5899ab9a2cbafa1979194a4227affcc6d540f5713a83f9a7defb95e5317004ff2ea9348902de20b77b5d

C:\Windows\system\UXblbJX.exe

MD5 95d8514f8d0846e050d8bcff82a35914
SHA1 055eba1f93eb4225ccb6dfc5f1dcb80e4c7c10c5
SHA256 500737ac2e6ef23eb67e83be2f9f581f960ae18ecca47bc8c548a846bbfaad70
SHA512 98fb7fba8dff4c28a4c1d67236d681236022de0f63ac7a2db17c06f04bed3cf7272e09ac42b2cd687a7705b8743870214afeb1c23cb8cf8e11b7962147bf7e19

C:\Windows\system\HtgagVm.exe

MD5 ae3d3b6338f847ebb241c35f4d40a305
SHA1 cb8cd4c269436dd43889307171965bc62c3680e7
SHA256 08c20e09cf6927d42bb142480affee3b6c6ddf76fa00c9e6bedaeea25f88e769
SHA512 8d2c9bf7c1b83122cf43414a2f802d9cee93ba06e3331eec41d641ced58886deccc7ef5068f5049f8e35c0829edf0640dd9e42f84214813885513e5b722798a2

C:\Windows\system\vXhKnWa.exe

MD5 7165b1282b829a5ab9913ded03e4c225
SHA1 76f34e17fda23ba93db78c897ab7417e9a2e7a79
SHA256 70bf11c68e30237b12f0c9702075353be9aa281d18a3399497a026071b35c9c2
SHA512 b40ca1c0cb1ac6c60c722b30be5c866f3bd080410aeee12955be8c15d0b21faafc02ebd541cc4847ec55db4dc0c4a21399f0eddd8ac567700c7433f61e0ed242

C:\Windows\system\HtcePNi.exe

MD5 2f9cff17040f46e80d66ad74cfcdc917
SHA1 9d2d2e5351260e23d07bcb237c2879e5d87be38e
SHA256 24b0c4f436590622293081f8421bf631e96846fffbcbb2e30bb497440bae0cf8
SHA512 69c5bc58b9261ab102a6b5bed3b89f930c7daa2add2292e5f31e2cbdd9d24778aa4f8d7c69839d15dd36c043e4617560a7d9da435880c51d55ce327b0da195dd

C:\Windows\system\YHtdKVP.exe

MD5 f714998b62c64e330cd08a8a4f88e5cc
SHA1 fe8c12413c86485e654e531c5ed3f034e8e55ff8
SHA256 335edbfb663fd0b0b0a6e71747248eac45c5539df2f443d9bbcff168bda23f6c
SHA512 94c073dd7748798dd899356cc22d4589a29474bed1af14b5c6965f5e433ec84332cfe50fbb60be95bb9b1c0a38ca9344ab36aedf5802c25fd84d0addef28fa4d

memory/2232-109-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2324-108-0x000000013F4B0000-0x000000013F804000-memory.dmp

C:\Windows\system\WlYqcFC.exe

MD5 3d7c0229b6dbf7102c9e8fec79f78543
SHA1 9cb9cf6baa955f35e4f6486f86178a299b70c9e8
SHA256 0fdf948397447314838da0b9647082ce60f5b042245f49da0ad3fda83705a6f1
SHA512 a820758eb950dc00749c200affcb0e1f8177948339b46d7300ab11beb254d7e1903b7da454f79c90fbe3650505610f30ab3855b58530646b197150a1350db5a9

memory/3044-94-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2232-93-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1524-102-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2232-101-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2712-92-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2656-91-0x000000013F0E0000-0x000000013F434000-memory.dmp

C:\Windows\system\inWFbaM.exe

MD5 6778b927a529b3816c847ee8a497699d
SHA1 ce105a400f96b1504e14520060b1078e5d5ed0ed
SHA256 29bf0a24dacdd95a0c5c557da0a42273ec954f97bc6dc4e22829487b05728e02
SHA512 243da1129378115e67a95e514b3e84d907c4099fdc7da47c180eb6b751a757c40589e987c6017bd9e865c7c1f5efa4009af5022e82d3a7b746ea2796c2081c91

C:\Windows\system\BrNJFbA.exe

MD5 11046427a8955cbf7afec9db00e46920
SHA1 69f7770431321902b75f8eacd5dc8eaadf4c583f
SHA256 0533260736a99e8bc7038062c508f6cbd8436c1fba7f9ad2d37f70f27d33027f
SHA512 b6141b4c1573cb1880bb83a6c7e91f4a3c8a1a8949b094040b74e429a084438b79f4f4b256ced654edd427bb619f90dbecd89e955c4d40056b12a1715eb271ed

memory/1328-85-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2632-79-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2232-78-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\GzIZDvX.exe

MD5 2f67223bdf6eab57e11833d70de0c592
SHA1 10bf277557cb3013a77749ff952646c275a48030
SHA256 ba5d896f910b1d30f354b52da418709effcb96dc4770f94883d360f840befd27
SHA512 7539e3414280ff7aaff2370cd445bc7210e32846b178e3b1069155757efe7f98ed5c1f76784bd59b50e25cf18649485e1cb27e53231a0555bb722f2898a79e5b

memory/2232-69-0x000000013F6D0000-0x000000013FA24000-memory.dmp

C:\Windows\system\mPgkCdn.exe

MD5 5ea0ea24188d0f006124a0ecd6888a9a
SHA1 0af66b4e5789e8774b331f59c9094b581622f352
SHA256 f98dcb3ae733d497dce7e97f255042883e4946f89bfcf1728c6f39f30b9266ed
SHA512 79353ec76f3b421be204a018d8e665c42d06da20852f27e5a9693f1a649d1477afaeb9035464dc6338047485addceaa98ad9e4a4141442cb1fda38ff917d6a22

memory/2232-61-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2676-60-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2232-59-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2900-51-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2232-50-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2824-45-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2232-44-0x0000000001FA0000-0x00000000022F4000-memory.dmp

C:\Windows\system\qtttMGR.exe

MD5 1972cd8f0b23628a83e9f4cfa275a821
SHA1 1a5f25960531e8df1790885f91bd1793aee7e04c
SHA256 a9c9b626f97e33419c96f44f3a3d1518bbfa8937a5c40a10c9c19b8a676d3637
SHA512 abdb9c05bc3d454232d65d6fe744f5654d91bfcfe6484f64652bac57e7287a754005e9cda6066ea9f5c3a48e5cee47bc7f7137c0d219531815be6269467c7fe7

C:\Windows\system\IAiRMHr.exe

MD5 2688132419e45a286e6e46b0935baad2
SHA1 f273da97cd2cb5a0b72856e544596088e2568e82
SHA256 884de3255251b7e91c27950734e6960742b194f158935fc3dd06036aad500e2d
SHA512 abf576a5258476daac7c23e0ad97c7ee10e90de1a2623f4d04214ddaf181d8340dfb45bbc002709faae00eadd24d54f0a6735c9092d0c8c760981493359b1841

memory/2232-22-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2324-36-0x000000013F4B0000-0x000000013F804000-memory.dmp

C:\Windows\system\kplWJLp.exe

MD5 514eb0128b3495901673af9652f1b0d4
SHA1 addebadf7f9c09ba5d47afa7924bb300e28dbca3
SHA256 aac9ef11df76142f7cf5d7593154f55c60176e240a1efdb21333c7e6608ce335
SHA512 42c5b8df6196145aa7433dfc36449c9cc003ac30f8002fbfc990a167bfe1fbfa6f0a1a904c907e82dfb585b6e0c14e2f8ab2dde47bd5f9545f9aabe02319c996

memory/2232-33-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2232-32-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2712-30-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2656-29-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2696-28-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\bQMWzGo.exe

MD5 29f5d25c30b598eae4a9f5a8be011051
SHA1 636f83deb00332f9af96dfc5d99333484a7a6154
SHA256 7c1b9ab9357ec0cfe3aaee3d81023f15f6ced039041968d8b555e4d13deb663d
SHA512 d0cc24398b10b0e2391583c9a674002737bc1fb813daaf3523783f1fa1cbf6bf62b1b7d846a5ce551c2ab4e199a683a4de4b5f9ccefa5a618da2b27c3d07fd00

C:\Windows\system\lUmOKxw.exe

MD5 d71038f766fd24e71df4e31ef7cb65f7
SHA1 e3b57a584115e8cd0b436cabac002e83c804fe90
SHA256 85a59057c0b2b5d5810ccb0d2b0c22c4819a61cb4de1409f142f9a38380dade2
SHA512 4c164f3bf7777d8e86e9bd868afb9f786acb3fc2980c1bae08eb58c6387556c4d3f5868b97b39885aadbb2b39233a07c58a84fc0cdef559db0e5070e335c270a

memory/2232-10-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2232-1080-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/1328-1081-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2232-1082-0x000000013F300000-0x000000013F654000-memory.dmp

memory/3044-1083-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2232-1084-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2232-1085-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2596-1086-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2696-1087-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2656-1088-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2712-1089-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2568-1091-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2824-1095-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2632-1096-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2676-1094-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2728-1093-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2324-1092-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2900-1090-0x000000013F410000-0x000000013F764000-memory.dmp

memory/1328-1097-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/3044-1098-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1524-1099-0x000000013F640000-0x000000013F994000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 08:19

Reported

2024-06-05 08:22

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FObKCBD.exe N/A
N/A N/A C:\Windows\System\WjRAreQ.exe N/A
N/A N/A C:\Windows\System\leMDuHG.exe N/A
N/A N/A C:\Windows\System\AfqxNQV.exe N/A
N/A N/A C:\Windows\System\LVhLjKV.exe N/A
N/A N/A C:\Windows\System\JGFSVId.exe N/A
N/A N/A C:\Windows\System\xjUvQgE.exe N/A
N/A N/A C:\Windows\System\QHOACsg.exe N/A
N/A N/A C:\Windows\System\rJyfvxr.exe N/A
N/A N/A C:\Windows\System\YKMPWCb.exe N/A
N/A N/A C:\Windows\System\sjsCtBl.exe N/A
N/A N/A C:\Windows\System\GCBQjFV.exe N/A
N/A N/A C:\Windows\System\MdXYIPw.exe N/A
N/A N/A C:\Windows\System\OnCmyyy.exe N/A
N/A N/A C:\Windows\System\HyULPhm.exe N/A
N/A N/A C:\Windows\System\GfDjHYN.exe N/A
N/A N/A C:\Windows\System\UbrvtBD.exe N/A
N/A N/A C:\Windows\System\yXxtTqg.exe N/A
N/A N/A C:\Windows\System\ataiGmp.exe N/A
N/A N/A C:\Windows\System\mTbxvHH.exe N/A
N/A N/A C:\Windows\System\UbzYdxO.exe N/A
N/A N/A C:\Windows\System\MFeTAqF.exe N/A
N/A N/A C:\Windows\System\pbhiCYG.exe N/A
N/A N/A C:\Windows\System\izSwDWQ.exe N/A
N/A N/A C:\Windows\System\rxzVHCV.exe N/A
N/A N/A C:\Windows\System\WBQEdun.exe N/A
N/A N/A C:\Windows\System\APFpCBl.exe N/A
N/A N/A C:\Windows\System\YhiVeHL.exe N/A
N/A N/A C:\Windows\System\ClRZldp.exe N/A
N/A N/A C:\Windows\System\OgZIZPT.exe N/A
N/A N/A C:\Windows\System\rmLdATL.exe N/A
N/A N/A C:\Windows\System\RuKsGZi.exe N/A
N/A N/A C:\Windows\System\NHezQCI.exe N/A
N/A N/A C:\Windows\System\MaCtPya.exe N/A
N/A N/A C:\Windows\System\QfPQVDN.exe N/A
N/A N/A C:\Windows\System\OduWrfO.exe N/A
N/A N/A C:\Windows\System\cyHdXlM.exe N/A
N/A N/A C:\Windows\System\BjQOKvi.exe N/A
N/A N/A C:\Windows\System\xhcgxwZ.exe N/A
N/A N/A C:\Windows\System\VfhJzZy.exe N/A
N/A N/A C:\Windows\System\rZvUNOA.exe N/A
N/A N/A C:\Windows\System\lNoSrjm.exe N/A
N/A N/A C:\Windows\System\IyROVzQ.exe N/A
N/A N/A C:\Windows\System\gAXDYbv.exe N/A
N/A N/A C:\Windows\System\tqxupdA.exe N/A
N/A N/A C:\Windows\System\WtmLNOY.exe N/A
N/A N/A C:\Windows\System\GucrAXx.exe N/A
N/A N/A C:\Windows\System\GIArnvP.exe N/A
N/A N/A C:\Windows\System\fgZJwDO.exe N/A
N/A N/A C:\Windows\System\Nwxtaut.exe N/A
N/A N/A C:\Windows\System\RqEiGNH.exe N/A
N/A N/A C:\Windows\System\IbDbqPL.exe N/A
N/A N/A C:\Windows\System\pCuumeC.exe N/A
N/A N/A C:\Windows\System\emgHQRp.exe N/A
N/A N/A C:\Windows\System\AQMVnwl.exe N/A
N/A N/A C:\Windows\System\SEDucLP.exe N/A
N/A N/A C:\Windows\System\oCNjXwc.exe N/A
N/A N/A C:\Windows\System\uhIjRAJ.exe N/A
N/A N/A C:\Windows\System\KoSAadE.exe N/A
N/A N/A C:\Windows\System\aQFpoOd.exe N/A
N/A N/A C:\Windows\System\kepxHfP.exe N/A
N/A N/A C:\Windows\System\dFMkQLz.exe N/A
N/A N/A C:\Windows\System\kmJJBys.exe N/A
N/A N/A C:\Windows\System\PpVsvnw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JLvVldz.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\phapdXH.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgIcpux.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHnxLud.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\objZwzy.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rELyxrD.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvirGtE.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJTbXtw.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOJlqBY.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCQCiEN.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\giUykbm.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\obNXUSB.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhIjRAJ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgZIZPT.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\PpVsvnw.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJfLOSP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGFSVId.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLvmYrM.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzXwzry.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjJcqDJ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBReofy.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQDEYpP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\CSctTWt.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhWOrRL.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\lNfBfFu.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClRZldp.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\QfPQVDN.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhjmPgt.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDFwPnH.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDxGYwk.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTgfjwu.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VGHDEmJ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\jQjALNo.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKMPWCb.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMhYgRz.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\KlmcdeZ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxzVHCV.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqFGYNN.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBGgyDi.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVHSJtR.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTHYTMl.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQMVnwl.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxKcrvj.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbVVdJY.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbDbqPL.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\iHTqZEP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\hFaRNmP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBNaDVG.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\VfhJzZy.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUdADCl.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMvVrDH.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZtDxLA.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\XpfqXVC.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoiNNkE.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\NVYDssC.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAkVQoW.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\kepxHfP.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\DiayaAt.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\YARboeL.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZLmdVF.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBvramh.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGpqRVc.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkhRIdB.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXhItwQ.exe C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4084 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\FObKCBD.exe
PID 4084 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\FObKCBD.exe
PID 4084 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\leMDuHG.exe
PID 4084 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\leMDuHG.exe
PID 4084 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WjRAreQ.exe
PID 4084 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WjRAreQ.exe
PID 4084 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\AfqxNQV.exe
PID 4084 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\AfqxNQV.exe
PID 4084 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\LVhLjKV.exe
PID 4084 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\LVhLjKV.exe
PID 4084 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\JGFSVId.exe
PID 4084 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\JGFSVId.exe
PID 4084 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\xjUvQgE.exe
PID 4084 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\xjUvQgE.exe
PID 4084 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\QHOACsg.exe
PID 4084 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\QHOACsg.exe
PID 4084 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rJyfvxr.exe
PID 4084 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rJyfvxr.exe
PID 4084 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YKMPWCb.exe
PID 4084 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YKMPWCb.exe
PID 4084 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\sjsCtBl.exe
PID 4084 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\sjsCtBl.exe
PID 4084 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GCBQjFV.exe
PID 4084 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GCBQjFV.exe
PID 4084 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MdXYIPw.exe
PID 4084 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MdXYIPw.exe
PID 4084 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\OnCmyyy.exe
PID 4084 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\OnCmyyy.exe
PID 4084 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HyULPhm.exe
PID 4084 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\HyULPhm.exe
PID 4084 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GfDjHYN.exe
PID 4084 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\GfDjHYN.exe
PID 4084 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\UbrvtBD.exe
PID 4084 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\UbrvtBD.exe
PID 4084 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\yXxtTqg.exe
PID 4084 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\yXxtTqg.exe
PID 4084 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\ataiGmp.exe
PID 4084 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\ataiGmp.exe
PID 4084 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\mTbxvHH.exe
PID 4084 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\mTbxvHH.exe
PID 4084 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\UbzYdxO.exe
PID 4084 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\UbzYdxO.exe
PID 4084 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MFeTAqF.exe
PID 4084 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\MFeTAqF.exe
PID 4084 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\pbhiCYG.exe
PID 4084 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\pbhiCYG.exe
PID 4084 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\izSwDWQ.exe
PID 4084 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\izSwDWQ.exe
PID 4084 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rxzVHCV.exe
PID 4084 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rxzVHCV.exe
PID 4084 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WBQEdun.exe
PID 4084 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\WBQEdun.exe
PID 4084 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\APFpCBl.exe
PID 4084 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\APFpCBl.exe
PID 4084 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YhiVeHL.exe
PID 4084 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\YhiVeHL.exe
PID 4084 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\ClRZldp.exe
PID 4084 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\ClRZldp.exe
PID 4084 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\OgZIZPT.exe
PID 4084 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\OgZIZPT.exe
PID 4084 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rmLdATL.exe
PID 4084 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\rmLdATL.exe
PID 4084 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\RuKsGZi.exe
PID 4084 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe C:\Windows\System\RuKsGZi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4b2ea8398a425dcf9916cbeb619c0a60_NeikiAnalytics.exe"

C:\Windows\System\FObKCBD.exe

C:\Windows\System\FObKCBD.exe

C:\Windows\System\leMDuHG.exe

C:\Windows\System\leMDuHG.exe

C:\Windows\System\WjRAreQ.exe

C:\Windows\System\WjRAreQ.exe

C:\Windows\System\AfqxNQV.exe

C:\Windows\System\AfqxNQV.exe

C:\Windows\System\LVhLjKV.exe

C:\Windows\System\LVhLjKV.exe

C:\Windows\System\JGFSVId.exe

C:\Windows\System\JGFSVId.exe

C:\Windows\System\xjUvQgE.exe

C:\Windows\System\xjUvQgE.exe

C:\Windows\System\QHOACsg.exe

C:\Windows\System\QHOACsg.exe

C:\Windows\System\rJyfvxr.exe

C:\Windows\System\rJyfvxr.exe

C:\Windows\System\YKMPWCb.exe

C:\Windows\System\YKMPWCb.exe

C:\Windows\System\sjsCtBl.exe

C:\Windows\System\sjsCtBl.exe

C:\Windows\System\GCBQjFV.exe

C:\Windows\System\GCBQjFV.exe

C:\Windows\System\MdXYIPw.exe

C:\Windows\System\MdXYIPw.exe

C:\Windows\System\OnCmyyy.exe

C:\Windows\System\OnCmyyy.exe

C:\Windows\System\HyULPhm.exe

C:\Windows\System\HyULPhm.exe

C:\Windows\System\GfDjHYN.exe

C:\Windows\System\GfDjHYN.exe

C:\Windows\System\UbrvtBD.exe

C:\Windows\System\UbrvtBD.exe

C:\Windows\System\yXxtTqg.exe

C:\Windows\System\yXxtTqg.exe

C:\Windows\System\ataiGmp.exe

C:\Windows\System\ataiGmp.exe

C:\Windows\System\mTbxvHH.exe

C:\Windows\System\mTbxvHH.exe

C:\Windows\System\UbzYdxO.exe

C:\Windows\System\UbzYdxO.exe

C:\Windows\System\MFeTAqF.exe

C:\Windows\System\MFeTAqF.exe

C:\Windows\System\pbhiCYG.exe

C:\Windows\System\pbhiCYG.exe

C:\Windows\System\izSwDWQ.exe

C:\Windows\System\izSwDWQ.exe

C:\Windows\System\rxzVHCV.exe

C:\Windows\System\rxzVHCV.exe

C:\Windows\System\WBQEdun.exe

C:\Windows\System\WBQEdun.exe

C:\Windows\System\APFpCBl.exe

C:\Windows\System\APFpCBl.exe

C:\Windows\System\YhiVeHL.exe

C:\Windows\System\YhiVeHL.exe

C:\Windows\System\ClRZldp.exe

C:\Windows\System\ClRZldp.exe

C:\Windows\System\OgZIZPT.exe

C:\Windows\System\OgZIZPT.exe

C:\Windows\System\rmLdATL.exe

C:\Windows\System\rmLdATL.exe

C:\Windows\System\RuKsGZi.exe

C:\Windows\System\RuKsGZi.exe

C:\Windows\System\NHezQCI.exe

C:\Windows\System\NHezQCI.exe

C:\Windows\System\MaCtPya.exe

C:\Windows\System\MaCtPya.exe

C:\Windows\System\QfPQVDN.exe

C:\Windows\System\QfPQVDN.exe

C:\Windows\System\OduWrfO.exe

C:\Windows\System\OduWrfO.exe

C:\Windows\System\cyHdXlM.exe

C:\Windows\System\cyHdXlM.exe

C:\Windows\System\BjQOKvi.exe

C:\Windows\System\BjQOKvi.exe

C:\Windows\System\xhcgxwZ.exe

C:\Windows\System\xhcgxwZ.exe

C:\Windows\System\VfhJzZy.exe

C:\Windows\System\VfhJzZy.exe

C:\Windows\System\rZvUNOA.exe

C:\Windows\System\rZvUNOA.exe

C:\Windows\System\lNoSrjm.exe

C:\Windows\System\lNoSrjm.exe

C:\Windows\System\IyROVzQ.exe

C:\Windows\System\IyROVzQ.exe

C:\Windows\System\gAXDYbv.exe

C:\Windows\System\gAXDYbv.exe

C:\Windows\System\tqxupdA.exe

C:\Windows\System\tqxupdA.exe

C:\Windows\System\WtmLNOY.exe

C:\Windows\System\WtmLNOY.exe

C:\Windows\System\GucrAXx.exe

C:\Windows\System\GucrAXx.exe

C:\Windows\System\GIArnvP.exe

C:\Windows\System\GIArnvP.exe

C:\Windows\System\fgZJwDO.exe

C:\Windows\System\fgZJwDO.exe

C:\Windows\System\Nwxtaut.exe

C:\Windows\System\Nwxtaut.exe

C:\Windows\System\RqEiGNH.exe

C:\Windows\System\RqEiGNH.exe

C:\Windows\System\IbDbqPL.exe

C:\Windows\System\IbDbqPL.exe

C:\Windows\System\pCuumeC.exe

C:\Windows\System\pCuumeC.exe

C:\Windows\System\emgHQRp.exe

C:\Windows\System\emgHQRp.exe

C:\Windows\System\AQMVnwl.exe

C:\Windows\System\AQMVnwl.exe

C:\Windows\System\SEDucLP.exe

C:\Windows\System\SEDucLP.exe

C:\Windows\System\oCNjXwc.exe

C:\Windows\System\oCNjXwc.exe

C:\Windows\System\uhIjRAJ.exe

C:\Windows\System\uhIjRAJ.exe

C:\Windows\System\KoSAadE.exe

C:\Windows\System\KoSAadE.exe

C:\Windows\System\aQFpoOd.exe

C:\Windows\System\aQFpoOd.exe

C:\Windows\System\kepxHfP.exe

C:\Windows\System\kepxHfP.exe

C:\Windows\System\dFMkQLz.exe

C:\Windows\System\dFMkQLz.exe

C:\Windows\System\kmJJBys.exe

C:\Windows\System\kmJJBys.exe

C:\Windows\System\PpVsvnw.exe

C:\Windows\System\PpVsvnw.exe

C:\Windows\System\wNcysOZ.exe

C:\Windows\System\wNcysOZ.exe

C:\Windows\System\DEWRsIp.exe

C:\Windows\System\DEWRsIp.exe

C:\Windows\System\TVrnLXE.exe

C:\Windows\System\TVrnLXE.exe

C:\Windows\System\LicMTPb.exe

C:\Windows\System\LicMTPb.exe

C:\Windows\System\JUIwGeJ.exe

C:\Windows\System\JUIwGeJ.exe

C:\Windows\System\fBaCLwI.exe

C:\Windows\System\fBaCLwI.exe

C:\Windows\System\bEaVeuV.exe

C:\Windows\System\bEaVeuV.exe

C:\Windows\System\gsShdqh.exe

C:\Windows\System\gsShdqh.exe

C:\Windows\System\DPXwEao.exe

C:\Windows\System\DPXwEao.exe

C:\Windows\System\dweUcIt.exe

C:\Windows\System\dweUcIt.exe

C:\Windows\System\HnNaHTm.exe

C:\Windows\System\HnNaHTm.exe

C:\Windows\System\CbqjACt.exe

C:\Windows\System\CbqjACt.exe

C:\Windows\System\jhAZexo.exe

C:\Windows\System\jhAZexo.exe

C:\Windows\System\NlajdGX.exe

C:\Windows\System\NlajdGX.exe

C:\Windows\System\sqbalOP.exe

C:\Windows\System\sqbalOP.exe

C:\Windows\System\PEXrvmi.exe

C:\Windows\System\PEXrvmi.exe

C:\Windows\System\xRwVhRD.exe

C:\Windows\System\xRwVhRD.exe

C:\Windows\System\PwdpqLA.exe

C:\Windows\System\PwdpqLA.exe

C:\Windows\System\rEApfVf.exe

C:\Windows\System\rEApfVf.exe

C:\Windows\System\KnuEYwx.exe

C:\Windows\System\KnuEYwx.exe

C:\Windows\System\fhjmPgt.exe

C:\Windows\System\fhjmPgt.exe

C:\Windows\System\pTPubRn.exe

C:\Windows\System\pTPubRn.exe

C:\Windows\System\LAnLSbu.exe

C:\Windows\System\LAnLSbu.exe

C:\Windows\System\nfIvRIF.exe

C:\Windows\System\nfIvRIF.exe

C:\Windows\System\fEMJese.exe

C:\Windows\System\fEMJese.exe

C:\Windows\System\WPMywRG.exe

C:\Windows\System\WPMywRG.exe

C:\Windows\System\iUhOyUg.exe

C:\Windows\System\iUhOyUg.exe

C:\Windows\System\QuznZxC.exe

C:\Windows\System\QuznZxC.exe

C:\Windows\System\XITZjSe.exe

C:\Windows\System\XITZjSe.exe

C:\Windows\System\EDFwPnH.exe

C:\Windows\System\EDFwPnH.exe

C:\Windows\System\bsdZLTb.exe

C:\Windows\System\bsdZLTb.exe

C:\Windows\System\hRcKBzF.exe

C:\Windows\System\hRcKBzF.exe

C:\Windows\System\Upohjrk.exe

C:\Windows\System\Upohjrk.exe

C:\Windows\System\soPqAho.exe

C:\Windows\System\soPqAho.exe

C:\Windows\System\nGUbDhL.exe

C:\Windows\System\nGUbDhL.exe

C:\Windows\System\eUdADCl.exe

C:\Windows\System\eUdADCl.exe

C:\Windows\System\SwyHfVV.exe

C:\Windows\System\SwyHfVV.exe

C:\Windows\System\jqDcpIj.exe

C:\Windows\System\jqDcpIj.exe

C:\Windows\System\BXMHyOR.exe

C:\Windows\System\BXMHyOR.exe

C:\Windows\System\yRCoHlC.exe

C:\Windows\System\yRCoHlC.exe

C:\Windows\System\FlGecdJ.exe

C:\Windows\System\FlGecdJ.exe

C:\Windows\System\WOJlqBY.exe

C:\Windows\System\WOJlqBY.exe

C:\Windows\System\yBVnUZq.exe

C:\Windows\System\yBVnUZq.exe

C:\Windows\System\KKHCfDX.exe

C:\Windows\System\KKHCfDX.exe

C:\Windows\System\iHTqZEP.exe

C:\Windows\System\iHTqZEP.exe

C:\Windows\System\epdhvAp.exe

C:\Windows\System\epdhvAp.exe

C:\Windows\System\XJTbXtw.exe

C:\Windows\System\XJTbXtw.exe

C:\Windows\System\NkURXJE.exe

C:\Windows\System\NkURXJE.exe

C:\Windows\System\IpyhkQM.exe

C:\Windows\System\IpyhkQM.exe

C:\Windows\System\LyrVXdA.exe

C:\Windows\System\LyrVXdA.exe

C:\Windows\System\vDYVtZn.exe

C:\Windows\System\vDYVtZn.exe

C:\Windows\System\JLvVldz.exe

C:\Windows\System\JLvVldz.exe

C:\Windows\System\ziqxkZJ.exe

C:\Windows\System\ziqxkZJ.exe

C:\Windows\System\owhUxxX.exe

C:\Windows\System\owhUxxX.exe

C:\Windows\System\EvwXCiN.exe

C:\Windows\System\EvwXCiN.exe

C:\Windows\System\phapdXH.exe

C:\Windows\System\phapdXH.exe

C:\Windows\System\uqQsdhA.exe

C:\Windows\System\uqQsdhA.exe

C:\Windows\System\xHYRpDN.exe

C:\Windows\System\xHYRpDN.exe

C:\Windows\System\czhKRwL.exe

C:\Windows\System\czhKRwL.exe

C:\Windows\System\lmxPaLo.exe

C:\Windows\System\lmxPaLo.exe

C:\Windows\System\yTtsXei.exe

C:\Windows\System\yTtsXei.exe

C:\Windows\System\NRPlRlr.exe

C:\Windows\System\NRPlRlr.exe

C:\Windows\System\YsrfCfh.exe

C:\Windows\System\YsrfCfh.exe

C:\Windows\System\jTubyIx.exe

C:\Windows\System\jTubyIx.exe

C:\Windows\System\qPqeEUz.exe

C:\Windows\System\qPqeEUz.exe

C:\Windows\System\wbYNzhu.exe

C:\Windows\System\wbYNzhu.exe

C:\Windows\System\rxpECfI.exe

C:\Windows\System\rxpECfI.exe

C:\Windows\System\zlnsXAp.exe

C:\Windows\System\zlnsXAp.exe

C:\Windows\System\SVLryii.exe

C:\Windows\System\SVLryii.exe

C:\Windows\System\dERwTCq.exe

C:\Windows\System\dERwTCq.exe

C:\Windows\System\NgIcpux.exe

C:\Windows\System\NgIcpux.exe

C:\Windows\System\Snqsfwj.exe

C:\Windows\System\Snqsfwj.exe

C:\Windows\System\zCQCiEN.exe

C:\Windows\System\zCQCiEN.exe

C:\Windows\System\wfasrus.exe

C:\Windows\System\wfasrus.exe

C:\Windows\System\ZoYxqNw.exe

C:\Windows\System\ZoYxqNw.exe

C:\Windows\System\vvkaWxo.exe

C:\Windows\System\vvkaWxo.exe

C:\Windows\System\pHnxLud.exe

C:\Windows\System\pHnxLud.exe

C:\Windows\System\nMvVrDH.exe

C:\Windows\System\nMvVrDH.exe

C:\Windows\System\NwLYxII.exe

C:\Windows\System\NwLYxII.exe

C:\Windows\System\ZTjFPYT.exe

C:\Windows\System\ZTjFPYT.exe

C:\Windows\System\rShbCzX.exe

C:\Windows\System\rShbCzX.exe

C:\Windows\System\JzJoVUd.exe

C:\Windows\System\JzJoVUd.exe

C:\Windows\System\WRmwRzJ.exe

C:\Windows\System\WRmwRzJ.exe

C:\Windows\System\DXPEcOr.exe

C:\Windows\System\DXPEcOr.exe

C:\Windows\System\IAbnCqm.exe

C:\Windows\System\IAbnCqm.exe

C:\Windows\System\WllRlqz.exe

C:\Windows\System\WllRlqz.exe

C:\Windows\System\oYlxAcx.exe

C:\Windows\System\oYlxAcx.exe

C:\Windows\System\HKxwcyg.exe

C:\Windows\System\HKxwcyg.exe

C:\Windows\System\vqeLorJ.exe

C:\Windows\System\vqeLorJ.exe

C:\Windows\System\objZwzy.exe

C:\Windows\System\objZwzy.exe

C:\Windows\System\aOHsFjz.exe

C:\Windows\System\aOHsFjz.exe

C:\Windows\System\AahZRoY.exe

C:\Windows\System\AahZRoY.exe

C:\Windows\System\HZtDxLA.exe

C:\Windows\System\HZtDxLA.exe

C:\Windows\System\XpfqXVC.exe

C:\Windows\System\XpfqXVC.exe

C:\Windows\System\smcWJdF.exe

C:\Windows\System\smcWJdF.exe

C:\Windows\System\giUykbm.exe

C:\Windows\System\giUykbm.exe

C:\Windows\System\jXrUBOs.exe

C:\Windows\System\jXrUBOs.exe

C:\Windows\System\xoiNNkE.exe

C:\Windows\System\xoiNNkE.exe

C:\Windows\System\Ayncone.exe

C:\Windows\System\Ayncone.exe

C:\Windows\System\xDxGYwk.exe

C:\Windows\System\xDxGYwk.exe

C:\Windows\System\BTgfjwu.exe

C:\Windows\System\BTgfjwu.exe

C:\Windows\System\FQmEmOv.exe

C:\Windows\System\FQmEmOv.exe

C:\Windows\System\lqFGYNN.exe

C:\Windows\System\lqFGYNN.exe

C:\Windows\System\NVYDssC.exe

C:\Windows\System\NVYDssC.exe

C:\Windows\System\LBGgyDi.exe

C:\Windows\System\LBGgyDi.exe

C:\Windows\System\EYpnEev.exe

C:\Windows\System\EYpnEev.exe

C:\Windows\System\zRkgHDw.exe

C:\Windows\System\zRkgHDw.exe

C:\Windows\System\MZvNQsa.exe

C:\Windows\System\MZvNQsa.exe

C:\Windows\System\ZRABVHD.exe

C:\Windows\System\ZRABVHD.exe

C:\Windows\System\XpAjAAs.exe

C:\Windows\System\XpAjAAs.exe

C:\Windows\System\YAkVQoW.exe

C:\Windows\System\YAkVQoW.exe

C:\Windows\System\eVXgDLn.exe

C:\Windows\System\eVXgDLn.exe

C:\Windows\System\CSctTWt.exe

C:\Windows\System\CSctTWt.exe

C:\Windows\System\yZdvAkP.exe

C:\Windows\System\yZdvAkP.exe

C:\Windows\System\nZLmdVF.exe

C:\Windows\System\nZLmdVF.exe

C:\Windows\System\drUbOcZ.exe

C:\Windows\System\drUbOcZ.exe

C:\Windows\System\XANTTEK.exe

C:\Windows\System\XANTTEK.exe

C:\Windows\System\FeAxvHx.exe

C:\Windows\System\FeAxvHx.exe

C:\Windows\System\AhWOrRL.exe

C:\Windows\System\AhWOrRL.exe

C:\Windows\System\qYlyOLM.exe

C:\Windows\System\qYlyOLM.exe

C:\Windows\System\UmZxemf.exe

C:\Windows\System\UmZxemf.exe

C:\Windows\System\iVHSJtR.exe

C:\Windows\System\iVHSJtR.exe

C:\Windows\System\rELyxrD.exe

C:\Windows\System\rELyxrD.exe

C:\Windows\System\rxeVyEu.exe

C:\Windows\System\rxeVyEu.exe

C:\Windows\System\CIwSrdy.exe

C:\Windows\System\CIwSrdy.exe

C:\Windows\System\SBTykOZ.exe

C:\Windows\System\SBTykOZ.exe

C:\Windows\System\VGHDEmJ.exe

C:\Windows\System\VGHDEmJ.exe

C:\Windows\System\FTixpNi.exe

C:\Windows\System\FTixpNi.exe

C:\Windows\System\ZVZXmIN.exe

C:\Windows\System\ZVZXmIN.exe

C:\Windows\System\bUFQyeA.exe

C:\Windows\System\bUFQyeA.exe

C:\Windows\System\peVNCiO.exe

C:\Windows\System\peVNCiO.exe

C:\Windows\System\WvsBdil.exe

C:\Windows\System\WvsBdil.exe

C:\Windows\System\wLNMFFQ.exe

C:\Windows\System\wLNMFFQ.exe

C:\Windows\System\zbVVdJY.exe

C:\Windows\System\zbVVdJY.exe

C:\Windows\System\nlEIPgV.exe

C:\Windows\System\nlEIPgV.exe

C:\Windows\System\PnYtalf.exe

C:\Windows\System\PnYtalf.exe

C:\Windows\System\jQjALNo.exe

C:\Windows\System\jQjALNo.exe

C:\Windows\System\pNBLqvI.exe

C:\Windows\System\pNBLqvI.exe

C:\Windows\System\xsbrRPz.exe

C:\Windows\System\xsbrRPz.exe

C:\Windows\System\fnMBGdT.exe

C:\Windows\System\fnMBGdT.exe

C:\Windows\System\JiijRrA.exe

C:\Windows\System\JiijRrA.exe

C:\Windows\System\KJBsepv.exe

C:\Windows\System\KJBsepv.exe

C:\Windows\System\fjggPZY.exe

C:\Windows\System\fjggPZY.exe

C:\Windows\System\prSuLli.exe

C:\Windows\System\prSuLli.exe

C:\Windows\System\ROneyyC.exe

C:\Windows\System\ROneyyC.exe

C:\Windows\System\VHbCgFf.exe

C:\Windows\System\VHbCgFf.exe

C:\Windows\System\XouFiMl.exe

C:\Windows\System\XouFiMl.exe

C:\Windows\System\YSpBWmr.exe

C:\Windows\System\YSpBWmr.exe

C:\Windows\System\sgRWQZL.exe

C:\Windows\System\sgRWQZL.exe

C:\Windows\System\ALEBUly.exe

C:\Windows\System\ALEBUly.exe

C:\Windows\System\roFsYub.exe

C:\Windows\System\roFsYub.exe

C:\Windows\System\pdSFGzI.exe

C:\Windows\System\pdSFGzI.exe

C:\Windows\System\rQNcLYk.exe

C:\Windows\System\rQNcLYk.exe

C:\Windows\System\slmwQxz.exe

C:\Windows\System\slmwQxz.exe

C:\Windows\System\ZJNeRuj.exe

C:\Windows\System\ZJNeRuj.exe

C:\Windows\System\ZOJAIBx.exe

C:\Windows\System\ZOJAIBx.exe

C:\Windows\System\YwJwuAK.exe

C:\Windows\System\YwJwuAK.exe

C:\Windows\System\VeBrJEg.exe

C:\Windows\System\VeBrJEg.exe

C:\Windows\System\QTcgstT.exe

C:\Windows\System\QTcgstT.exe

C:\Windows\System\lpAdjgA.exe

C:\Windows\System\lpAdjgA.exe

C:\Windows\System\mdvnsTS.exe

C:\Windows\System\mdvnsTS.exe

C:\Windows\System\Figfyeg.exe

C:\Windows\System\Figfyeg.exe

C:\Windows\System\iIRrSgq.exe

C:\Windows\System\iIRrSgq.exe

C:\Windows\System\JZNYLHW.exe

C:\Windows\System\JZNYLHW.exe

C:\Windows\System\jwFOiEF.exe

C:\Windows\System\jwFOiEF.exe

C:\Windows\System\APCAFui.exe

C:\Windows\System\APCAFui.exe

C:\Windows\System\ZIfuxtE.exe

C:\Windows\System\ZIfuxtE.exe

C:\Windows\System\zyAjdXk.exe

C:\Windows\System\zyAjdXk.exe

C:\Windows\System\aBvramh.exe

C:\Windows\System\aBvramh.exe

C:\Windows\System\QhAHTvQ.exe

C:\Windows\System\QhAHTvQ.exe

C:\Windows\System\KvirGtE.exe

C:\Windows\System\KvirGtE.exe

C:\Windows\System\TLNZwss.exe

C:\Windows\System\TLNZwss.exe

C:\Windows\System\JGpqRVc.exe

C:\Windows\System\JGpqRVc.exe

C:\Windows\System\bJxCGOj.exe

C:\Windows\System\bJxCGOj.exe

C:\Windows\System\uqxqfFs.exe

C:\Windows\System\uqxqfFs.exe

C:\Windows\System\uUKjPgG.exe

C:\Windows\System\uUKjPgG.exe

C:\Windows\System\YejvIWa.exe

C:\Windows\System\YejvIWa.exe

C:\Windows\System\nmBclSA.exe

C:\Windows\System\nmBclSA.exe

C:\Windows\System\iExPdED.exe

C:\Windows\System\iExPdED.exe

C:\Windows\System\GaGeRov.exe

C:\Windows\System\GaGeRov.exe

C:\Windows\System\iMfgCSE.exe

C:\Windows\System\iMfgCSE.exe

C:\Windows\System\KnMEYPq.exe

C:\Windows\System\KnMEYPq.exe

C:\Windows\System\gzYlbqJ.exe

C:\Windows\System\gzYlbqJ.exe

C:\Windows\System\RRHNOie.exe

C:\Windows\System\RRHNOie.exe

C:\Windows\System\fGezIKF.exe

C:\Windows\System\fGezIKF.exe

C:\Windows\System\pqtqlLP.exe

C:\Windows\System\pqtqlLP.exe

C:\Windows\System\EWQRJps.exe

C:\Windows\System\EWQRJps.exe

C:\Windows\System\aaYwQwD.exe

C:\Windows\System\aaYwQwD.exe

C:\Windows\System\Eoqubbg.exe

C:\Windows\System\Eoqubbg.exe

C:\Windows\System\GJgRxUi.exe

C:\Windows\System\GJgRxUi.exe

C:\Windows\System\FrEflCp.exe

C:\Windows\System\FrEflCp.exe

C:\Windows\System\lkhRIdB.exe

C:\Windows\System\lkhRIdB.exe

C:\Windows\System\AqekWtp.exe

C:\Windows\System\AqekWtp.exe

C:\Windows\System\UCBRRmz.exe

C:\Windows\System\UCBRRmz.exe

C:\Windows\System\lNpYKhJ.exe

C:\Windows\System\lNpYKhJ.exe

C:\Windows\System\OxBSGuh.exe

C:\Windows\System\OxBSGuh.exe

C:\Windows\System\BXhItwQ.exe

C:\Windows\System\BXhItwQ.exe

C:\Windows\System\KlmcdeZ.exe

C:\Windows\System\KlmcdeZ.exe

C:\Windows\System\RkgIHwD.exe

C:\Windows\System\RkgIHwD.exe

C:\Windows\System\hFaRNmP.exe

C:\Windows\System\hFaRNmP.exe

C:\Windows\System\rdXoCuH.exe

C:\Windows\System\rdXoCuH.exe

C:\Windows\System\tosBJgR.exe

C:\Windows\System\tosBJgR.exe

C:\Windows\System\XMhYgRz.exe

C:\Windows\System\XMhYgRz.exe

C:\Windows\System\ArwWlPF.exe

C:\Windows\System\ArwWlPF.exe

C:\Windows\System\HrMgLPs.exe

C:\Windows\System\HrMgLPs.exe

C:\Windows\System\obNXUSB.exe

C:\Windows\System\obNXUSB.exe

C:\Windows\System\IxKcrvj.exe

C:\Windows\System\IxKcrvj.exe

C:\Windows\System\IBTaXry.exe

C:\Windows\System\IBTaXry.exe

C:\Windows\System\XLvmYrM.exe

C:\Windows\System\XLvmYrM.exe

C:\Windows\System\MBNaDVG.exe

C:\Windows\System\MBNaDVG.exe

C:\Windows\System\HwacMVC.exe

C:\Windows\System\HwacMVC.exe

C:\Windows\System\pFzmuLm.exe

C:\Windows\System\pFzmuLm.exe

C:\Windows\System\FzXwzry.exe

C:\Windows\System\FzXwzry.exe

C:\Windows\System\NQMlqpR.exe

C:\Windows\System\NQMlqpR.exe

C:\Windows\System\dsmbSqQ.exe

C:\Windows\System\dsmbSqQ.exe

C:\Windows\System\lLNjtUY.exe

C:\Windows\System\lLNjtUY.exe

C:\Windows\System\jVtPoeB.exe

C:\Windows\System\jVtPoeB.exe

C:\Windows\System\SQrJfTJ.exe

C:\Windows\System\SQrJfTJ.exe

C:\Windows\System\FzFOFoN.exe

C:\Windows\System\FzFOFoN.exe

C:\Windows\System\lSyHFra.exe

C:\Windows\System\lSyHFra.exe

C:\Windows\System\jQpspIy.exe

C:\Windows\System\jQpspIy.exe

C:\Windows\System\YkpuRlt.exe

C:\Windows\System\YkpuRlt.exe

C:\Windows\System\gwmCOCr.exe

C:\Windows\System\gwmCOCr.exe

C:\Windows\System\EpGuqYz.exe

C:\Windows\System\EpGuqYz.exe

C:\Windows\System\xOrutNk.exe

C:\Windows\System\xOrutNk.exe

C:\Windows\System\zBeovEC.exe

C:\Windows\System\zBeovEC.exe

C:\Windows\System\nAumIdX.exe

C:\Windows\System\nAumIdX.exe

C:\Windows\System\VHEUlQc.exe

C:\Windows\System\VHEUlQc.exe

C:\Windows\System\LjJcqDJ.exe

C:\Windows\System\LjJcqDJ.exe

C:\Windows\System\GFQNSQU.exe

C:\Windows\System\GFQNSQU.exe

C:\Windows\System\CyjqcHO.exe

C:\Windows\System\CyjqcHO.exe

C:\Windows\System\OJfLOSP.exe

C:\Windows\System\OJfLOSP.exe

C:\Windows\System\YARboeL.exe

C:\Windows\System\YARboeL.exe

C:\Windows\System\DiayaAt.exe

C:\Windows\System\DiayaAt.exe

C:\Windows\System\LLIJNyk.exe

C:\Windows\System\LLIJNyk.exe

C:\Windows\System\asgiZYV.exe

C:\Windows\System\asgiZYV.exe

C:\Windows\System\sPAmRvu.exe

C:\Windows\System\sPAmRvu.exe

C:\Windows\System\QYzSPhl.exe

C:\Windows\System\QYzSPhl.exe

C:\Windows\System\vEgxFoA.exe

C:\Windows\System\vEgxFoA.exe

C:\Windows\System\DZvYrhy.exe

C:\Windows\System\DZvYrhy.exe

C:\Windows\System\eTHYTMl.exe

C:\Windows\System\eTHYTMl.exe

C:\Windows\System\jVEzmMO.exe

C:\Windows\System\jVEzmMO.exe

C:\Windows\System\ihatxLX.exe

C:\Windows\System\ihatxLX.exe

C:\Windows\System\bABNCCg.exe

C:\Windows\System\bABNCCg.exe

C:\Windows\System\KFkbhov.exe

C:\Windows\System\KFkbhov.exe

C:\Windows\System\gwtajwe.exe

C:\Windows\System\gwtajwe.exe

C:\Windows\System\IFAAABp.exe

C:\Windows\System\IFAAABp.exe

C:\Windows\System\OvoDDVS.exe

C:\Windows\System\OvoDDVS.exe

C:\Windows\System\ZBReofy.exe

C:\Windows\System\ZBReofy.exe

C:\Windows\System\GMuRwpK.exe

C:\Windows\System\GMuRwpK.exe

C:\Windows\System\EidGpry.exe

C:\Windows\System\EidGpry.exe

C:\Windows\System\oQDEYpP.exe

C:\Windows\System\oQDEYpP.exe

C:\Windows\System\lNfBfFu.exe

C:\Windows\System\lNfBfFu.exe

C:\Windows\System\vgrDsPj.exe

C:\Windows\System\vgrDsPj.exe

C:\Windows\System\msqXoUb.exe

C:\Windows\System\msqXoUb.exe

C:\Windows\System\jfjsbVM.exe

C:\Windows\System\jfjsbVM.exe

C:\Windows\System\MPLCVwI.exe

C:\Windows\System\MPLCVwI.exe

C:\Windows\System\bqohVaD.exe

C:\Windows\System\bqohVaD.exe

C:\Windows\System\LpUFNAR.exe

C:\Windows\System\LpUFNAR.exe

C:\Windows\System\qnkzIAn.exe

C:\Windows\System\qnkzIAn.exe

C:\Windows\System\chljBnE.exe

C:\Windows\System\chljBnE.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4084-0-0x00007FF7044F0000-0x00007FF704844000-memory.dmp

memory/4084-1-0x000002236F280000-0x000002236F290000-memory.dmp

C:\Windows\System\FObKCBD.exe

MD5 742e16d76a8a4f2325ae5984485c2380
SHA1 bedb66025101f373f5e30da8859af3e8409aebe4
SHA256 06483964d0a3f60ee4c4021700388b04a1f48c51daf21a9a7cefb52e497196f5
SHA512 c20271d5bca1064fb92ab8c2e237c809d77a3000832eaa8f4545eb2796d0d0aee463507629758883273f718c14e6d7487e684f4482b1d414baaf719717201dcc

memory/4612-12-0x00007FF7FCE20000-0x00007FF7FD174000-memory.dmp

C:\Windows\System\leMDuHG.exe

MD5 29e00654be092a5e024ee300cd39608c
SHA1 2c1767f9372c5ca2bdba5aa4ccb54f55bd1a381c
SHA256 92ddf33bd8b3a45e4642dc18398f6fdc911ac97130239503e9ef463d705c9266
SHA512 66dc577e45a110383991d25c8fb7ebdf6525dc7dbc239ea11c0e6d3fc2567240f0aaa1a51f62ef82794fafb047307054ddb148eab58707e3ad43c08fbe066d24

C:\Windows\System\AfqxNQV.exe

MD5 e44e35ae873c94a5993b1807218d5a0e
SHA1 dcbc00e527d4839ae303794093515d17eab97c40
SHA256 b46de40a5b614cd5c40079a79d0ac6995cdd1c71f225c685fea9c4ef0e1a6cc2
SHA512 c8b98e70a012b61951293bad49a378602f8b2f3096dc0b30e1cccee0732d13be9761a158ae867fdaa0f7ce1031442e0e63b5b7ae3d1f95effaf9db1054c54f39

C:\Windows\System\LVhLjKV.exe

MD5 529c3b8924f1e4404834c5ff99447cda
SHA1 05f409a2b22d65cdede00c46796effb0faaad081
SHA256 acc6a42d78d860906c2038fb94c200a06b97db1c55377c9ec9566546e7e0b8da
SHA512 c389d9a85ade3383da66f769556327f1e5edf04ecd11da11768a2ef05f946bb7de4f862df537e2bb64f55e90a2b7b48ad8721b901f5a86945a2edcd66ca83d91

C:\Windows\System\JGFSVId.exe

MD5 e4317510c913d06e6cd2a7bf456f20c2
SHA1 7c9df0f9e22f1ee117f4983ccb47f7edc3034e81
SHA256 0aae5609d03c372663c6990510a72456c30c6174216d99cfeef1cecbdcf21fc2
SHA512 1c5eb782168bf06a7f4060692c4d346284cd0952ce9cf60d0dc53420ab65effc453f623a4aa8dac60a2e2f68d741d38b261006f7171e16df19781f23fd8aba4d

memory/1492-39-0x00007FF76DF30000-0x00007FF76E284000-memory.dmp

C:\Windows\System\YKMPWCb.exe

MD5 4507af04192064d8737488b20d50e4f4
SHA1 2d8255e8f155a4171345b7ab8808650fc51c7414
SHA256 e9167f91e5fe01a15346a0293c17670e40044c1eac9143073a6eaed63fc6771b
SHA512 7f873976a885b3b2fbf689b192da5db7e46c94d6fc6afc5c67aab6ff439ecce56083ce7e3f6a31a638087f53f9f91677975c92d5587212deaba144b533c37447

C:\Windows\System\sjsCtBl.exe

MD5 2ce2492fa6b56b285c4d77e0a55c7331
SHA1 d1f36e407cdc8c41a6ef46d8bcde4d4ccf49dd14
SHA256 c501b44092a76a90dada564e04b5238021f7d819bc7fc16b2ee941c10342d126
SHA512 1deafe74111194dc3909e630f74924edafec3fbca6db8bcd03d335130b8dcfc479d6d3a5bb66a29ff4761cd506bf91b43cf3f80d9527b1a7b8219f8988611e53

C:\Windows\System\OnCmyyy.exe

MD5 972be2843481bb610b5304e708397c8f
SHA1 41363e9d741f45788d7ac973efdffc28cb7e6afc
SHA256 0ba2fd18a42c64e57177170206f99a9284ff576cb169933c428fe154449a8cff
SHA512 2bab3410ad2ea100de763bf00094f0b4b0c868ee555b83f91eaf1b090c3bb5e32acb033a82ec170c03a3b4ebcd7c18a4629d799baf8c5fd73c6fa1fe90d63af8

C:\Windows\System\yXxtTqg.exe

MD5 a90124757af2252a827b8a0da4110cb1
SHA1 37b37aeb4a48bb93a5fe3d8df68356c2d4dcde3d
SHA256 152bdf0cf24483e5e970a7eb64757f1ca8eae0900cdeec316f4193f32ee80cbd
SHA512 997f2c5a7a9549bd0d9087317f5f73544aee8099749f39222e1fe760f939dc906c064ea027651b66382b573331ecd893e5eb7a505842705e456fafad5a1cb436

C:\Windows\System\YhiVeHL.exe

MD5 a63b8a7ee2aac22637ca7e799d7d3cdf
SHA1 459c21b2a1822dc62eb9c5996f55042365c97788
SHA256 816888ea6135e2f402431f82339f74ee50be86fe11a970756a20d1c6ce92d40f
SHA512 e582ee7b6ec6559807bf9a069c93b8260602d95f5bd5c9cdc465048699278fe916fb318cad316393ca07795f1d863664f7777d206f47b82a2bb37dd185565858

memory/2148-481-0x00007FF6B7260000-0x00007FF6B75B4000-memory.dmp

memory/1188-485-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp

memory/2116-499-0x00007FF748E00000-0x00007FF749154000-memory.dmp

memory/2040-507-0x00007FF729230000-0x00007FF729584000-memory.dmp

memory/2276-504-0x00007FF656730000-0x00007FF656A84000-memory.dmp

memory/3748-510-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp

memory/4972-511-0x00007FF6C4F30000-0x00007FF6C5284000-memory.dmp

memory/4164-512-0x00007FF746D30000-0x00007FF747084000-memory.dmp

memory/400-509-0x00007FF76D360000-0x00007FF76D6B4000-memory.dmp

memory/4912-513-0x00007FF7319A0000-0x00007FF731CF4000-memory.dmp

memory/2892-494-0x00007FF7B4CD0000-0x00007FF7B5024000-memory.dmp

memory/4636-514-0x00007FF7633F0000-0x00007FF763744000-memory.dmp

memory/4508-515-0x00007FF751880000-0x00007FF751BD4000-memory.dmp

memory/528-523-0x00007FF7B93B0000-0x00007FF7B9704000-memory.dmp

memory/2068-539-0x00007FF6AD840000-0x00007FF6ADB94000-memory.dmp

memory/2448-557-0x00007FF6A8450000-0x00007FF6A87A4000-memory.dmp

memory/4496-551-0x00007FF7F3700000-0x00007FF7F3A54000-memory.dmp

memory/1204-547-0x00007FF767F10000-0x00007FF768264000-memory.dmp

memory/2980-531-0x00007FF7E04E0000-0x00007FF7E0834000-memory.dmp

memory/1152-526-0x00007FF6332D0000-0x00007FF633624000-memory.dmp

memory/4576-519-0x00007FF6DB230000-0x00007FF6DB584000-memory.dmp

memory/4340-493-0x00007FF7A1CF0000-0x00007FF7A2044000-memory.dmp

memory/4420-492-0x00007FF61D720000-0x00007FF61DA74000-memory.dmp

C:\Windows\System\NHezQCI.exe

MD5 3eab26d0e585440b5c0adf30f021806d
SHA1 901ab795aa846929d8c01b6aa06ece30cdff4c9f
SHA256 b4365899b231524356de4a0016fbe49fc9d6486cc711085e95116589c56bebcc
SHA512 58eca4d5754e50f799613dda40620d78ec18106a5f913ffebb750d21dae51d5a1020e1beff349c3c41e2fe43f284041cdf84a921c9ea29565555146f3146840a

C:\Windows\System\rmLdATL.exe

MD5 536344ae82a8a36ff49d0bcd9904442d
SHA1 57b370cc86765a717f241ca5644d11c32255af68
SHA256 6d2ea039ac200f849cf947d77abf984f723212650d47b6169086d9b63db2036d
SHA512 0ddb16bd6a38df113506683e64d65fd191c6c42ceb82138548c842fd65c77a942ce5e566cad4a607eaa4e2a832cf397216ec08b1acca4e1285412bfc2b840878

C:\Windows\System\RuKsGZi.exe

MD5 9130afe296c1524d6452864e97cc0dd2
SHA1 1c493c4da84592afe383581e48daf0093d4918bf
SHA256 dddf446fc7b327ebdd20b55b1ac7e703f357a38335fa9cacd9c942145e481420
SHA512 069395181c7489a4ce75edf83b731c2058a63eab0d721d84ef0ebcbc76a3322e63186abb013ab3f1b8e1911038eb94c1c90bbf3054822bd9b5cdd846af89bd63

C:\Windows\System\OgZIZPT.exe

MD5 469366584e6597f77a55197aede8b634
SHA1 6ca24d53e8f20c795c06ab64af492577e757bb6b
SHA256 4bee6c4373f84be1ec71b1836083bea7d74b8d0f5d41b41f365841e845aca706
SHA512 054d24d5a924d425df9edb95cfbc946b138eadcf1e284d10cefd27112a49763d455c758453be1c6f93558ddb62494f6e9fac9767933b57909b757e248053e198

C:\Windows\System\ClRZldp.exe

MD5 9b757fceca31103443abd82d8922a284
SHA1 ef550582abc7f939b8778780d71d1fa21198d324
SHA256 29420621bbb093c883ba1e80d4f571f72844b8f0cd11a20899ead693eda21f64
SHA512 1a37152c8d0fc256f8761faf3a1dfbb79dd6f3b746c4bcdd913f1074e6de8803a1b558a99577ab60fa112564d693ef640798082e977daefd68d3408604f718ff

C:\Windows\System\APFpCBl.exe

MD5 fc589da56962a99956a4f51381121e6d
SHA1 91ec9ee9b4fd9118e15474c55b06c99cfa874250
SHA256 9816759c1fb6720ccd849b752860e9baf7ced94013ae71e21556f32a07fdf06c
SHA512 0b6f926160ab6ee040d4bbbe9c11531d075456aee70ddddb171104a17cca8702a939acd1550f27225526708ce954e196458edcbab072f1227b0aeb1e06d8ebb5

C:\Windows\System\WBQEdun.exe

MD5 557dd550539244d994f9da4d73384064
SHA1 b5d17e9ff759e12344a5aab8b8ce7de05e559980
SHA256 bd9d50268a8df6d1125975b67687d1c7a5c55845bd4f2774b7edea06f0f75874
SHA512 25ebe806546564cd7e67c9aa164a9f60fc8341e7a1c5daad17ea72655c5a51f5e33112c0b9a13748f364ca15d5a3707f2ab3b7ca468a0408ee11b915cd1884ce

C:\Windows\System\rxzVHCV.exe

MD5 966785c7d40692c40beda29854516319
SHA1 ae821aadc7e99f64bba07f7356a973da71cd1a7d
SHA256 800ede6bbd47e8e5a7c5180815bb85690e205346566a0ce8c55b72528b16b9f6
SHA512 a25199c2226830b04e15b70d3ce96153425a149563c24e7c8cca631c8f5a696d88795578444b3a6777dcaa6fd8df6a56be52ef03ce8736f05c79032c097038bc

C:\Windows\System\izSwDWQ.exe

MD5 e226596a6ca94e2e6acb3ba3f96342a1
SHA1 fccd7a32b5b83678a0d4a69f8527db428c87d3d3
SHA256 40b82923518faf167b4c6f435d988607151d42c83a1a99a124487fb7b8f0d840
SHA512 f93b742c7443225836d167b57090dcb26b0d72b581e0c5f0f1a099cebddefff2bdd2d038560c14ecbd2969654f837c9850beb5325118f981dce927a5835f3e51

C:\Windows\System\pbhiCYG.exe

MD5 33267afca6658afbb69b854a7490bdbe
SHA1 902c0f36301f7a0d30d6b9040300a8bdda5078c1
SHA256 0b8394b96a16bbbd6da8db8c4c709235d7bb1a87a33b4f6588be96b2bce2ba65
SHA512 78f0b33a6d649e215a52208c222234854c93742294bc01783cf394282f49fce28b5de8b0c1f9e967af29616dddc29b5151fa4d224b3a5d0bf53eee4e858612d6

C:\Windows\System\MFeTAqF.exe

MD5 f063e7fe4e2780080d7abaad6cd4d8c1
SHA1 2e67e76b6a5341bb815d460d197f2a876b3aca3d
SHA256 7fe9abb8045b4253063fb0b34185877ea0d4707a4e8010b6abdbb479af847e87
SHA512 55503865ba5296a27df851a8b6d6f77c734856eb4b39d1962d113f25f1b9d0abf8782d698613ed99cdf6939c51d592d21c1da559cfc50af1c74208adcd2e8fdd

C:\Windows\System\UbzYdxO.exe

MD5 958d9fff58ac105c0ed2acd4aaf1d122
SHA1 a0af7bf0703550e0724ca74792c01a6462225f54
SHA256 2feedfd338217c97d392fb532e192ba448cf54acdb0e0e955d1c06e190ddb0f8
SHA512 5be33c325416564452b275155365db09838bc347a02b8af81b2d4587394008e25e01199e2321e419e7c5920a872f9dc0dcb9bdd263cd77edcf82b8f1d285f376

C:\Windows\System\mTbxvHH.exe

MD5 87104b76ecc89c81d6ad30219c231d7b
SHA1 120abc38c958a53b6590bd6bb8a7e7a96173f50c
SHA256 4eb4e7412ea87ec66e2b645a3d7358c06bb5cf65ddcea8f09f62abd0e16caa71
SHA512 ba0d676463cef536e1e3dfb0251d4b9539b88747520e06b31bf37c0fdf7aa13149839e94d7c3d980a56833ff53a8eee3707251eab0b0f7f292b63c2bb61f1408

C:\Windows\System\ataiGmp.exe

MD5 c3d8426cbbe569f90606d24747e959ac
SHA1 475ec079f23c3526f72abffd1dd86f17865afc8a
SHA256 ae0776270862836cafba970feee548945ea17347c8c1d897202cc749b9e2eff4
SHA512 c981bc37d91e7fb760b6288d5899d0ff43ce369e90c428a71d9c6f39f3b93b0d0be9f5ea91fdc60c80da199daf4e15a5662b3685ba5ddd263fa9132b70b1c60b

C:\Windows\System\UbrvtBD.exe

MD5 930e022a37b448b89aa8049501f38a85
SHA1 27d16b44409c97a4fcb2d7a8b3e947f36282fc81
SHA256 062498fa9b5e3be2ac57ad25721674df80092143a9a681aefa62ba1c7f794466
SHA512 986da94b0328e6c1bd69fd3a2fe9968250a136b8cc5791f9f6f3975e20b875138d9996796b84e3ca8de859a875b8fe4b3587ebaf32af9d730a52f79d40125dc7

C:\Windows\System\GfDjHYN.exe

MD5 32dfd1fd0df516bebb37fe0ebb3c0be7
SHA1 27ae6281b9534014ee823b7f73743dc69cd82fd2
SHA256 831f7222b6d5c3300ff11c417122f7c7d8ad326877d50f5e744b854478a22278
SHA512 fecfefe33779d9fc9279ec3c630abadba553c5d29c64dde4c3ce1e74d261eb4362941d5f8fee9c9f818b05ec21eb759b4e4efb30c5d6a2289f65de52efd8c82b

C:\Windows\System\HyULPhm.exe

MD5 07532ca8d2e515b79378e6486f61e8e8
SHA1 daf00135c7ba0f82696d8b664631ce567ad552a8
SHA256 53037a046a90bfb7f1a5d76b7145b39c191535ea0498e4691267a211448f71b0
SHA512 61beb8e909ee873d2142c4e988dde9b10eff50ae960139706423c11d1b7121053d05a2dfbe89e50a2916fa52ec3d091167a20b708f1e259113e1075edfe5cc8d

C:\Windows\System\MdXYIPw.exe

MD5 b2321920298d16ad736abfb12a1b7361
SHA1 11d40759ad44f17b1efcae0e7ce74a1f7ea584bf
SHA256 9958422a2560d4def309cd7abc5d7197626c642e5767abc0b35659047ef1bbd2
SHA512 c25eb29eea7ef514284772f186722b90358a81a9a2be2f5528b16074eca01f594e5c4077a09ebb66e21a86dbaeb922de0245025bb264119bacd534a07153c0f9

C:\Windows\System\GCBQjFV.exe

MD5 d230fc480c3b9fcd8882c18c28a091f3
SHA1 e13a50fabc79389317f8e9c99b2dff95d5f86549
SHA256 483c26dc87baedb9713aa1376be7884cbed1aa3f22ad54cdbf2b758994bd37df
SHA512 a99ff6bf365d614814e399ff0ad47f47cff2dba37f7a3c1e9b3b2389a2cab1e7e5cbe89bf76a0f6095b0a1f2fa10c2cf316e39f4efde4c9349ecc46905d92174

C:\Windows\System\rJyfvxr.exe

MD5 a779e8816d944006bd534f6cc0f579f8
SHA1 e194fc3ec7f78483c327f3256646d95261dd5457
SHA256 e1b870d12d6a08cb13f8f1c5a10a473ea1f46081049b016a8b9eba5e1f2b54e6
SHA512 482c9d8c7516f964ec33b7f971ea7daf548aa889f9c9c8e9852f30a2a6c792915c3be2578ed6702a7ca21b9fd6035cc98a58b3fa8ec0513604499a6f441254ab

C:\Windows\System\QHOACsg.exe

MD5 990168fb655f1263e7cbee5a4e3afe45
SHA1 be2c460659b073ebd4e697b602291626d63c6fbc
SHA256 712a9f591b46996653475faf29d7ab90586f3b0b75b1577a3bce561b24f3c4fd
SHA512 c05036c033bea4b6dccf6d483d9399e2f8fc7eef084367254a8e7b40737ee56443362535e9e27db6e8f3e7b0558cd21aa2abfe225e10986bf9c0861a8ea74bf7

memory/2748-46-0x00007FF60FB50000-0x00007FF60FEA4000-memory.dmp

C:\Windows\System\xjUvQgE.exe

MD5 fda520f6f9567d54cddb2a41fe5baa1e
SHA1 115f582ef08ee82d2a06eea2f7aab32c7f8f4cbd
SHA256 46400ea68d6edea6e59c27cb733456e26f21befc7948b924a3f0a71fefdbb0f5
SHA512 d8707229c6ae865143790e0b756a54480a6b3394836261ea1d3a049cad116ba8321d7e622e11e86b070d4ec29ecddd9e33af27d536dee7939d87f40d08d36813

memory/1616-38-0x00007FF776AD0000-0x00007FF776E24000-memory.dmp

memory/2736-31-0x00007FF71DC70000-0x00007FF71DFC4000-memory.dmp

memory/3252-21-0x00007FF620470000-0x00007FF6207C4000-memory.dmp

C:\Windows\System\WjRAreQ.exe

MD5 16baf456d41c39f4075884eb1c635d4c
SHA1 25f79445d92b0a47b2805a46c4db4497f1d17582
SHA256 b01527406e7ade29a838d717fd8f4480ef63fdeabd89dc51bc4a3e9256200028
SHA512 cb328c9f1a528e1b29d8e6ab48d9323dd9f3c99b16906743b228234fbbd3830c8d5bf098581db8208595ad0d7ab127b46314608f9e09d99b626b103c16094b14

memory/4084-1070-0x00007FF7044F0000-0x00007FF704844000-memory.dmp

memory/4612-1071-0x00007FF7FCE20000-0x00007FF7FD174000-memory.dmp

memory/1616-1072-0x00007FF776AD0000-0x00007FF776E24000-memory.dmp

memory/4612-1073-0x00007FF7FCE20000-0x00007FF7FD174000-memory.dmp

memory/2736-1074-0x00007FF71DC70000-0x00007FF71DFC4000-memory.dmp

memory/3252-1075-0x00007FF620470000-0x00007FF6207C4000-memory.dmp

memory/2748-1077-0x00007FF60FB50000-0x00007FF60FEA4000-memory.dmp

memory/1492-1076-0x00007FF76DF30000-0x00007FF76E284000-memory.dmp

memory/2148-1078-0x00007FF6B7260000-0x00007FF6B75B4000-memory.dmp

memory/1616-1079-0x00007FF776AD0000-0x00007FF776E24000-memory.dmp

memory/4496-1080-0x00007FF7F3700000-0x00007FF7F3A54000-memory.dmp

memory/2448-1081-0x00007FF6A8450000-0x00007FF6A87A4000-memory.dmp

memory/1188-1082-0x00007FF7F7AC0000-0x00007FF7F7E14000-memory.dmp

memory/2892-1085-0x00007FF7B4CD0000-0x00007FF7B5024000-memory.dmp

memory/4420-1084-0x00007FF61D720000-0x00007FF61DA74000-memory.dmp

memory/4340-1083-0x00007FF7A1CF0000-0x00007FF7A2044000-memory.dmp

memory/2276-1087-0x00007FF656730000-0x00007FF656A84000-memory.dmp

memory/2116-1086-0x00007FF748E00000-0x00007FF749154000-memory.dmp

memory/2040-1089-0x00007FF729230000-0x00007FF729584000-memory.dmp

memory/400-1088-0x00007FF76D360000-0x00007FF76D6B4000-memory.dmp

memory/4972-1090-0x00007FF6C4F30000-0x00007FF6C5284000-memory.dmp

memory/528-1101-0x00007FF7B93B0000-0x00007FF7B9704000-memory.dmp

memory/4576-1100-0x00007FF6DB230000-0x00007FF6DB584000-memory.dmp

memory/4508-1099-0x00007FF751880000-0x00007FF751BD4000-memory.dmp

memory/4636-1098-0x00007FF7633F0000-0x00007FF763744000-memory.dmp

memory/4912-1097-0x00007FF7319A0000-0x00007FF731CF4000-memory.dmp

memory/4164-1096-0x00007FF746D30000-0x00007FF747084000-memory.dmp

memory/2068-1095-0x00007FF6AD840000-0x00007FF6ADB94000-memory.dmp

memory/1152-1094-0x00007FF6332D0000-0x00007FF633624000-memory.dmp

memory/2980-1093-0x00007FF7E04E0000-0x00007FF7E0834000-memory.dmp

memory/1204-1092-0x00007FF767F10000-0x00007FF768264000-memory.dmp

memory/3748-1091-0x00007FF75BEA0000-0x00007FF75C1F4000-memory.dmp