Malware Analysis Report

2024-10-10 08:36

Sample ID 240606-xz1vvsaf9v
Target 0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe
SHA256 b062063cb4c76ebc564a73e6b81e0c491c0c0f79572e368b5483f8665b0e7364
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b062063cb4c76ebc564a73e6b81e0c491c0c0f79572e368b5483f8665b0e7364

Threat Level: Known bad

The file 0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

XMRig Miner payload

KPOT

Kpot family

Xmrig family

KPOT Core Executable

xmrig

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 19:18

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 19:18

Reported

2024-06-06 19:21

Platform

win7-20240419-en

Max time kernel

142s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ixRfLZf.exe N/A
N/A N/A C:\Windows\System\pBjByLt.exe N/A
N/A N/A C:\Windows\System\xlHahhc.exe N/A
N/A N/A C:\Windows\System\cFZbggh.exe N/A
N/A N/A C:\Windows\System\JafAMzF.exe N/A
N/A N/A C:\Windows\System\BqOHlyf.exe N/A
N/A N/A C:\Windows\System\eeIJpYg.exe N/A
N/A N/A C:\Windows\System\yquegVF.exe N/A
N/A N/A C:\Windows\System\XPPKxdY.exe N/A
N/A N/A C:\Windows\System\YcPEram.exe N/A
N/A N/A C:\Windows\System\eAjceah.exe N/A
N/A N/A C:\Windows\System\AJpDaUX.exe N/A
N/A N/A C:\Windows\System\faauYLb.exe N/A
N/A N/A C:\Windows\System\IwOkKYf.exe N/A
N/A N/A C:\Windows\System\fxlicXK.exe N/A
N/A N/A C:\Windows\System\dfoAJug.exe N/A
N/A N/A C:\Windows\System\PWAKSio.exe N/A
N/A N/A C:\Windows\System\QKCJmfA.exe N/A
N/A N/A C:\Windows\System\tiXZfel.exe N/A
N/A N/A C:\Windows\System\fAidzBS.exe N/A
N/A N/A C:\Windows\System\uBfPJUj.exe N/A
N/A N/A C:\Windows\System\dDpmahJ.exe N/A
N/A N/A C:\Windows\System\uxKlWbP.exe N/A
N/A N/A C:\Windows\System\kNwwdbg.exe N/A
N/A N/A C:\Windows\System\iziqgvW.exe N/A
N/A N/A C:\Windows\System\tyfXXOg.exe N/A
N/A N/A C:\Windows\System\HdCDwsV.exe N/A
N/A N/A C:\Windows\System\oqnqXaK.exe N/A
N/A N/A C:\Windows\System\QSbGzON.exe N/A
N/A N/A C:\Windows\System\JmNasYY.exe N/A
N/A N/A C:\Windows\System\lRvxJRM.exe N/A
N/A N/A C:\Windows\System\DARoMIx.exe N/A
N/A N/A C:\Windows\System\hBArEiX.exe N/A
N/A N/A C:\Windows\System\bLlTOXy.exe N/A
N/A N/A C:\Windows\System\XyvctCn.exe N/A
N/A N/A C:\Windows\System\kUgdqFH.exe N/A
N/A N/A C:\Windows\System\GsJaVFB.exe N/A
N/A N/A C:\Windows\System\ZYUTRqe.exe N/A
N/A N/A C:\Windows\System\gXKtzlL.exe N/A
N/A N/A C:\Windows\System\WQCVGul.exe N/A
N/A N/A C:\Windows\System\yKfcKJw.exe N/A
N/A N/A C:\Windows\System\XRqHyah.exe N/A
N/A N/A C:\Windows\System\IqRtByn.exe N/A
N/A N/A C:\Windows\System\GofSXsL.exe N/A
N/A N/A C:\Windows\System\olSlYot.exe N/A
N/A N/A C:\Windows\System\uyupbVK.exe N/A
N/A N/A C:\Windows\System\ecpejGv.exe N/A
N/A N/A C:\Windows\System\kbDxdPf.exe N/A
N/A N/A C:\Windows\System\UehoqTE.exe N/A
N/A N/A C:\Windows\System\wwMKQuA.exe N/A
N/A N/A C:\Windows\System\ibBLkzP.exe N/A
N/A N/A C:\Windows\System\LxcJRja.exe N/A
N/A N/A C:\Windows\System\ziyLiJj.exe N/A
N/A N/A C:\Windows\System\HVYkhAc.exe N/A
N/A N/A C:\Windows\System\VXlrlho.exe N/A
N/A N/A C:\Windows\System\yiUCOso.exe N/A
N/A N/A C:\Windows\System\yOHMDnH.exe N/A
N/A N/A C:\Windows\System\gGTVvlY.exe N/A
N/A N/A C:\Windows\System\roWssho.exe N/A
N/A N/A C:\Windows\System\lSlEraI.exe N/A
N/A N/A C:\Windows\System\qPgGvEh.exe N/A
N/A N/A C:\Windows\System\qRXSGQo.exe N/A
N/A N/A C:\Windows\System\qhZvCop.exe N/A
N/A N/A C:\Windows\System\eDqYQgk.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dfoAJug.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNeoEQQ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzsvdQG.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmgZErF.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tyfXXOg.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecpejGv.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDqYQgk.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWfIGhJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\feDBmFA.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIhHjpg.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJIAteh.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADgSZjZ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EyNUqtV.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bXdrKnf.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKCJmfA.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkSwTzm.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oesxiQa.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbtdFVe.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XuvUFMi.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HVYkhAc.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrFwKqS.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ByhrbEP.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSoVUHq.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hBArEiX.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyvctCn.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkRmpzT.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezOHfhq.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvWWKBE.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPonLxl.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmNasYY.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyupbVK.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\doIOJRL.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gNkVPcz.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MzSGkXL.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uflszqO.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjspCja.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCxfdXR.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\brDoySr.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xebVOrB.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hpGlhsY.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKyblcr.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yiUCOso.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDfcbzn.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EZBzEfJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\remVMLV.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPPKxdY.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOlgcPe.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dxstqIl.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIBCOaJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWzDbkP.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFutOHJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBKgmGx.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVmAtQb.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WGgLABT.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLmxgrS.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RFBtnze.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzcbQNN.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PWAKSio.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tiXZfel.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HcwkkBL.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObAVplU.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDMRHdm.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMOFafB.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOEMfsc.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\ixRfLZf.exe
PID 2248 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\ixRfLZf.exe
PID 2248 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\ixRfLZf.exe
PID 2248 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\pBjByLt.exe
PID 2248 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\pBjByLt.exe
PID 2248 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\pBjByLt.exe
PID 2248 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\xlHahhc.exe
PID 2248 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\xlHahhc.exe
PID 2248 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\xlHahhc.exe
PID 2248 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\cFZbggh.exe
PID 2248 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\cFZbggh.exe
PID 2248 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\cFZbggh.exe
PID 2248 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\JafAMzF.exe
PID 2248 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\JafAMzF.exe
PID 2248 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\JafAMzF.exe
PID 2248 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\BqOHlyf.exe
PID 2248 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\BqOHlyf.exe
PID 2248 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\BqOHlyf.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eeIJpYg.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eeIJpYg.exe
PID 2248 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eeIJpYg.exe
PID 2248 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\yquegVF.exe
PID 2248 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\yquegVF.exe
PID 2248 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\yquegVF.exe
PID 2248 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\AJpDaUX.exe
PID 2248 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\AJpDaUX.exe
PID 2248 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\AJpDaUX.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\XPPKxdY.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\XPPKxdY.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\XPPKxdY.exe
PID 2248 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\faauYLb.exe
PID 2248 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\faauYLb.exe
PID 2248 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\faauYLb.exe
PID 2248 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\YcPEram.exe
PID 2248 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\YcPEram.exe
PID 2248 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\YcPEram.exe
PID 2248 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\IwOkKYf.exe
PID 2248 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\IwOkKYf.exe
PID 2248 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\IwOkKYf.exe
PID 2248 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eAjceah.exe
PID 2248 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eAjceah.exe
PID 2248 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\eAjceah.exe
PID 2248 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fxlicXK.exe
PID 2248 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fxlicXK.exe
PID 2248 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fxlicXK.exe
PID 2248 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dfoAJug.exe
PID 2248 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dfoAJug.exe
PID 2248 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dfoAJug.exe
PID 2248 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\PWAKSio.exe
PID 2248 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\PWAKSio.exe
PID 2248 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\PWAKSio.exe
PID 2248 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\QKCJmfA.exe
PID 2248 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\QKCJmfA.exe
PID 2248 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\QKCJmfA.exe
PID 2248 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\tiXZfel.exe
PID 2248 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\tiXZfel.exe
PID 2248 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\tiXZfel.exe
PID 2248 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fAidzBS.exe
PID 2248 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fAidzBS.exe
PID 2248 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\fAidzBS.exe
PID 2248 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\uBfPJUj.exe
PID 2248 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\uBfPJUj.exe
PID 2248 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\uBfPJUj.exe
PID 2248 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dDpmahJ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe"

C:\Windows\System\ixRfLZf.exe

C:\Windows\System\ixRfLZf.exe

C:\Windows\System\pBjByLt.exe

C:\Windows\System\pBjByLt.exe

C:\Windows\System\xlHahhc.exe

C:\Windows\System\xlHahhc.exe

C:\Windows\System\cFZbggh.exe

C:\Windows\System\cFZbggh.exe

C:\Windows\System\JafAMzF.exe

C:\Windows\System\JafAMzF.exe

C:\Windows\System\BqOHlyf.exe

C:\Windows\System\BqOHlyf.exe

C:\Windows\System\eeIJpYg.exe

C:\Windows\System\eeIJpYg.exe

C:\Windows\System\yquegVF.exe

C:\Windows\System\yquegVF.exe

C:\Windows\System\AJpDaUX.exe

C:\Windows\System\AJpDaUX.exe

C:\Windows\System\XPPKxdY.exe

C:\Windows\System\XPPKxdY.exe

C:\Windows\System\faauYLb.exe

C:\Windows\System\faauYLb.exe

C:\Windows\System\YcPEram.exe

C:\Windows\System\YcPEram.exe

C:\Windows\System\IwOkKYf.exe

C:\Windows\System\IwOkKYf.exe

C:\Windows\System\eAjceah.exe

C:\Windows\System\eAjceah.exe

C:\Windows\System\fxlicXK.exe

C:\Windows\System\fxlicXK.exe

C:\Windows\System\dfoAJug.exe

C:\Windows\System\dfoAJug.exe

C:\Windows\System\PWAKSio.exe

C:\Windows\System\PWAKSio.exe

C:\Windows\System\QKCJmfA.exe

C:\Windows\System\QKCJmfA.exe

C:\Windows\System\tiXZfel.exe

C:\Windows\System\tiXZfel.exe

C:\Windows\System\fAidzBS.exe

C:\Windows\System\fAidzBS.exe

C:\Windows\System\uBfPJUj.exe

C:\Windows\System\uBfPJUj.exe

C:\Windows\System\dDpmahJ.exe

C:\Windows\System\dDpmahJ.exe

C:\Windows\System\uxKlWbP.exe

C:\Windows\System\uxKlWbP.exe

C:\Windows\System\kNwwdbg.exe

C:\Windows\System\kNwwdbg.exe

C:\Windows\System\iziqgvW.exe

C:\Windows\System\iziqgvW.exe

C:\Windows\System\tyfXXOg.exe

C:\Windows\System\tyfXXOg.exe

C:\Windows\System\HdCDwsV.exe

C:\Windows\System\HdCDwsV.exe

C:\Windows\System\oqnqXaK.exe

C:\Windows\System\oqnqXaK.exe

C:\Windows\System\QSbGzON.exe

C:\Windows\System\QSbGzON.exe

C:\Windows\System\JmNasYY.exe

C:\Windows\System\JmNasYY.exe

C:\Windows\System\lRvxJRM.exe

C:\Windows\System\lRvxJRM.exe

C:\Windows\System\DARoMIx.exe

C:\Windows\System\DARoMIx.exe

C:\Windows\System\hBArEiX.exe

C:\Windows\System\hBArEiX.exe

C:\Windows\System\bLlTOXy.exe

C:\Windows\System\bLlTOXy.exe

C:\Windows\System\XyvctCn.exe

C:\Windows\System\XyvctCn.exe

C:\Windows\System\kUgdqFH.exe

C:\Windows\System\kUgdqFH.exe

C:\Windows\System\GsJaVFB.exe

C:\Windows\System\GsJaVFB.exe

C:\Windows\System\ZYUTRqe.exe

C:\Windows\System\ZYUTRqe.exe

C:\Windows\System\gXKtzlL.exe

C:\Windows\System\gXKtzlL.exe

C:\Windows\System\WQCVGul.exe

C:\Windows\System\WQCVGul.exe

C:\Windows\System\yKfcKJw.exe

C:\Windows\System\yKfcKJw.exe

C:\Windows\System\XRqHyah.exe

C:\Windows\System\XRqHyah.exe

C:\Windows\System\IqRtByn.exe

C:\Windows\System\IqRtByn.exe

C:\Windows\System\GofSXsL.exe

C:\Windows\System\GofSXsL.exe

C:\Windows\System\olSlYot.exe

C:\Windows\System\olSlYot.exe

C:\Windows\System\uyupbVK.exe

C:\Windows\System\uyupbVK.exe

C:\Windows\System\ecpejGv.exe

C:\Windows\System\ecpejGv.exe

C:\Windows\System\kbDxdPf.exe

C:\Windows\System\kbDxdPf.exe

C:\Windows\System\UehoqTE.exe

C:\Windows\System\UehoqTE.exe

C:\Windows\System\wwMKQuA.exe

C:\Windows\System\wwMKQuA.exe

C:\Windows\System\ibBLkzP.exe

C:\Windows\System\ibBLkzP.exe

C:\Windows\System\LxcJRja.exe

C:\Windows\System\LxcJRja.exe

C:\Windows\System\ziyLiJj.exe

C:\Windows\System\ziyLiJj.exe

C:\Windows\System\HVYkhAc.exe

C:\Windows\System\HVYkhAc.exe

C:\Windows\System\VXlrlho.exe

C:\Windows\System\VXlrlho.exe

C:\Windows\System\yiUCOso.exe

C:\Windows\System\yiUCOso.exe

C:\Windows\System\yOHMDnH.exe

C:\Windows\System\yOHMDnH.exe

C:\Windows\System\gGTVvlY.exe

C:\Windows\System\gGTVvlY.exe

C:\Windows\System\roWssho.exe

C:\Windows\System\roWssho.exe

C:\Windows\System\lSlEraI.exe

C:\Windows\System\lSlEraI.exe

C:\Windows\System\qPgGvEh.exe

C:\Windows\System\qPgGvEh.exe

C:\Windows\System\qRXSGQo.exe

C:\Windows\System\qRXSGQo.exe

C:\Windows\System\qhZvCop.exe

C:\Windows\System\qhZvCop.exe

C:\Windows\System\eDqYQgk.exe

C:\Windows\System\eDqYQgk.exe

C:\Windows\System\WHVkcEc.exe

C:\Windows\System\WHVkcEc.exe

C:\Windows\System\TxZwMNR.exe

C:\Windows\System\TxZwMNR.exe

C:\Windows\System\UzKRICb.exe

C:\Windows\System\UzKRICb.exe

C:\Windows\System\KGQXvaY.exe

C:\Windows\System\KGQXvaY.exe

C:\Windows\System\IqXVbmS.exe

C:\Windows\System\IqXVbmS.exe

C:\Windows\System\zcSvwPX.exe

C:\Windows\System\zcSvwPX.exe

C:\Windows\System\OZNJmWS.exe

C:\Windows\System\OZNJmWS.exe

C:\Windows\System\hsplBRa.exe

C:\Windows\System\hsplBRa.exe

C:\Windows\System\ydQMVUP.exe

C:\Windows\System\ydQMVUP.exe

C:\Windows\System\HQfDqTM.exe

C:\Windows\System\HQfDqTM.exe

C:\Windows\System\WrFWUsc.exe

C:\Windows\System\WrFWUsc.exe

C:\Windows\System\KWfIGhJ.exe

C:\Windows\System\KWfIGhJ.exe

C:\Windows\System\mmgJtqW.exe

C:\Windows\System\mmgJtqW.exe

C:\Windows\System\ZrewTqO.exe

C:\Windows\System\ZrewTqO.exe

C:\Windows\System\MLwhWfg.exe

C:\Windows\System\MLwhWfg.exe

C:\Windows\System\moBCIkS.exe

C:\Windows\System\moBCIkS.exe

C:\Windows\System\pbmgqXs.exe

C:\Windows\System\pbmgqXs.exe

C:\Windows\System\RoagsOr.exe

C:\Windows\System\RoagsOr.exe

C:\Windows\System\dfXyViV.exe

C:\Windows\System\dfXyViV.exe

C:\Windows\System\WOlgcPe.exe

C:\Windows\System\WOlgcPe.exe

C:\Windows\System\fNUHjSS.exe

C:\Windows\System\fNUHjSS.exe

C:\Windows\System\NoyYdDn.exe

C:\Windows\System\NoyYdDn.exe

C:\Windows\System\rNeoEQQ.exe

C:\Windows\System\rNeoEQQ.exe

C:\Windows\System\LAxjCvx.exe

C:\Windows\System\LAxjCvx.exe

C:\Windows\System\XvdpDKZ.exe

C:\Windows\System\XvdpDKZ.exe

C:\Windows\System\FOPhFJs.exe

C:\Windows\System\FOPhFJs.exe

C:\Windows\System\ytAphCm.exe

C:\Windows\System\ytAphCm.exe

C:\Windows\System\WwiEGPN.exe

C:\Windows\System\WwiEGPN.exe

C:\Windows\System\FuUjdcK.exe

C:\Windows\System\FuUjdcK.exe

C:\Windows\System\kFutOHJ.exe

C:\Windows\System\kFutOHJ.exe

C:\Windows\System\xLQKlXQ.exe

C:\Windows\System\xLQKlXQ.exe

C:\Windows\System\feDBmFA.exe

C:\Windows\System\feDBmFA.exe

C:\Windows\System\EzfNOLn.exe

C:\Windows\System\EzfNOLn.exe

C:\Windows\System\toGjmTq.exe

C:\Windows\System\toGjmTq.exe

C:\Windows\System\TkaOPaC.exe

C:\Windows\System\TkaOPaC.exe

C:\Windows\System\uadZmZq.exe

C:\Windows\System\uadZmZq.exe

C:\Windows\System\UXajUtg.exe

C:\Windows\System\UXajUtg.exe

C:\Windows\System\LDCAqMh.exe

C:\Windows\System\LDCAqMh.exe

C:\Windows\System\KcUdafq.exe

C:\Windows\System\KcUdafq.exe

C:\Windows\System\doIOJRL.exe

C:\Windows\System\doIOJRL.exe

C:\Windows\System\lcwVHFM.exe

C:\Windows\System\lcwVHFM.exe

C:\Windows\System\yRDHWsr.exe

C:\Windows\System\yRDHWsr.exe

C:\Windows\System\dXNatLz.exe

C:\Windows\System\dXNatLz.exe

C:\Windows\System\apzBhJT.exe

C:\Windows\System\apzBhJT.exe

C:\Windows\System\rpEVckU.exe

C:\Windows\System\rpEVckU.exe

C:\Windows\System\vrgwjtY.exe

C:\Windows\System\vrgwjtY.exe

C:\Windows\System\SnqatUE.exe

C:\Windows\System\SnqatUE.exe

C:\Windows\System\USZjkxb.exe

C:\Windows\System\USZjkxb.exe

C:\Windows\System\WwefGZc.exe

C:\Windows\System\WwefGZc.exe

C:\Windows\System\VnHnQnD.exe

C:\Windows\System\VnHnQnD.exe

C:\Windows\System\rOQDjxA.exe

C:\Windows\System\rOQDjxA.exe

C:\Windows\System\SQNVrCG.exe

C:\Windows\System\SQNVrCG.exe

C:\Windows\System\vqpTnYB.exe

C:\Windows\System\vqpTnYB.exe

C:\Windows\System\kzsvdQG.exe

C:\Windows\System\kzsvdQG.exe

C:\Windows\System\blCeWAm.exe

C:\Windows\System\blCeWAm.exe

C:\Windows\System\FQdPVqR.exe

C:\Windows\System\FQdPVqR.exe

C:\Windows\System\ppLCBdA.exe

C:\Windows\System\ppLCBdA.exe

C:\Windows\System\zhfywkq.exe

C:\Windows\System\zhfywkq.exe

C:\Windows\System\RkRmpzT.exe

C:\Windows\System\RkRmpzT.exe

C:\Windows\System\FqNRhrE.exe

C:\Windows\System\FqNRhrE.exe

C:\Windows\System\gNkVPcz.exe

C:\Windows\System\gNkVPcz.exe

C:\Windows\System\zmpQjmW.exe

C:\Windows\System\zmpQjmW.exe

C:\Windows\System\RDBBDDJ.exe

C:\Windows\System\RDBBDDJ.exe

C:\Windows\System\QQNhudO.exe

C:\Windows\System\QQNhudO.exe

C:\Windows\System\RWNHKGU.exe

C:\Windows\System\RWNHKGU.exe

C:\Windows\System\BodqyMp.exe

C:\Windows\System\BodqyMp.exe

C:\Windows\System\QjblMsz.exe

C:\Windows\System\QjblMsz.exe

C:\Windows\System\YQXoDIW.exe

C:\Windows\System\YQXoDIW.exe

C:\Windows\System\toVzWSI.exe

C:\Windows\System\toVzWSI.exe

C:\Windows\System\UvqyiyZ.exe

C:\Windows\System\UvqyiyZ.exe

C:\Windows\System\WZvAoni.exe

C:\Windows\System\WZvAoni.exe

C:\Windows\System\iuDcieR.exe

C:\Windows\System\iuDcieR.exe

C:\Windows\System\nCxfdXR.exe

C:\Windows\System\nCxfdXR.exe

C:\Windows\System\ELWfmKJ.exe

C:\Windows\System\ELWfmKJ.exe

C:\Windows\System\ezOHfhq.exe

C:\Windows\System\ezOHfhq.exe

C:\Windows\System\TlUNGWG.exe

C:\Windows\System\TlUNGWG.exe

C:\Windows\System\uIhHjpg.exe

C:\Windows\System\uIhHjpg.exe

C:\Windows\System\MWReWKl.exe

C:\Windows\System\MWReWKl.exe

C:\Windows\System\MXsudfo.exe

C:\Windows\System\MXsudfo.exe

C:\Windows\System\JvYsLeY.exe

C:\Windows\System\JvYsLeY.exe

C:\Windows\System\rqIRjPL.exe

C:\Windows\System\rqIRjPL.exe

C:\Windows\System\bVVjNtu.exe

C:\Windows\System\bVVjNtu.exe

C:\Windows\System\OrFwKqS.exe

C:\Windows\System\OrFwKqS.exe

C:\Windows\System\dxstqIl.exe

C:\Windows\System\dxstqIl.exe

C:\Windows\System\GNIccye.exe

C:\Windows\System\GNIccye.exe

C:\Windows\System\aupsRxM.exe

C:\Windows\System\aupsRxM.exe

C:\Windows\System\DlfRrTg.exe

C:\Windows\System\DlfRrTg.exe

C:\Windows\System\TYSiPBC.exe

C:\Windows\System\TYSiPBC.exe

C:\Windows\System\FYZnIor.exe

C:\Windows\System\FYZnIor.exe

C:\Windows\System\rIBCOaJ.exe

C:\Windows\System\rIBCOaJ.exe

C:\Windows\System\KVZzBBs.exe

C:\Windows\System\KVZzBBs.exe

C:\Windows\System\zkSwTzm.exe

C:\Windows\System\zkSwTzm.exe

C:\Windows\System\wKsJPGc.exe

C:\Windows\System\wKsJPGc.exe

C:\Windows\System\ONwCthI.exe

C:\Windows\System\ONwCthI.exe

C:\Windows\System\QSGUcAv.exe

C:\Windows\System\QSGUcAv.exe

C:\Windows\System\guAqIDM.exe

C:\Windows\System\guAqIDM.exe

C:\Windows\System\nTNJVPS.exe

C:\Windows\System\nTNJVPS.exe

C:\Windows\System\MxmAdVq.exe

C:\Windows\System\MxmAdVq.exe

C:\Windows\System\PSrjguO.exe

C:\Windows\System\PSrjguO.exe

C:\Windows\System\UYGIDvD.exe

C:\Windows\System\UYGIDvD.exe

C:\Windows\System\XBKgmGx.exe

C:\Windows\System\XBKgmGx.exe

C:\Windows\System\MycIERn.exe

C:\Windows\System\MycIERn.exe

C:\Windows\System\MzSGkXL.exe

C:\Windows\System\MzSGkXL.exe

C:\Windows\System\jnFrcwu.exe

C:\Windows\System\jnFrcwu.exe

C:\Windows\System\ArkjfHs.exe

C:\Windows\System\ArkjfHs.exe

C:\Windows\System\SwzkqgK.exe

C:\Windows\System\SwzkqgK.exe

C:\Windows\System\kjArYhW.exe

C:\Windows\System\kjArYhW.exe

C:\Windows\System\dmoZRiC.exe

C:\Windows\System\dmoZRiC.exe

C:\Windows\System\HcwkkBL.exe

C:\Windows\System\HcwkkBL.exe

C:\Windows\System\HNAdMcF.exe

C:\Windows\System\HNAdMcF.exe

C:\Windows\System\ObAVplU.exe

C:\Windows\System\ObAVplU.exe

C:\Windows\System\plFVfMI.exe

C:\Windows\System\plFVfMI.exe

C:\Windows\System\YPHNtbF.exe

C:\Windows\System\YPHNtbF.exe

C:\Windows\System\AaizXFK.exe

C:\Windows\System\AaizXFK.exe

C:\Windows\System\JvyuGcd.exe

C:\Windows\System\JvyuGcd.exe

C:\Windows\System\UsLciJL.exe

C:\Windows\System\UsLciJL.exe

C:\Windows\System\VVmAtQb.exe

C:\Windows\System\VVmAtQb.exe

C:\Windows\System\wehUeoS.exe

C:\Windows\System\wehUeoS.exe

C:\Windows\System\NsbqzgA.exe

C:\Windows\System\NsbqzgA.exe

C:\Windows\System\iAkUMOm.exe

C:\Windows\System\iAkUMOm.exe

C:\Windows\System\EMzThWb.exe

C:\Windows\System\EMzThWb.exe

C:\Windows\System\oTfEddV.exe

C:\Windows\System\oTfEddV.exe

C:\Windows\System\MTwoFXf.exe

C:\Windows\System\MTwoFXf.exe

C:\Windows\System\cwFEtmf.exe

C:\Windows\System\cwFEtmf.exe

C:\Windows\System\QmHVPmp.exe

C:\Windows\System\QmHVPmp.exe

C:\Windows\System\DRQwhgi.exe

C:\Windows\System\DRQwhgi.exe

C:\Windows\System\EnNBvij.exe

C:\Windows\System\EnNBvij.exe

C:\Windows\System\QMTWMfw.exe

C:\Windows\System\QMTWMfw.exe

C:\Windows\System\UbPAOki.exe

C:\Windows\System\UbPAOki.exe

C:\Windows\System\WDMRHdm.exe

C:\Windows\System\WDMRHdm.exe

C:\Windows\System\WWcNfMz.exe

C:\Windows\System\WWcNfMz.exe

C:\Windows\System\JjXEuQC.exe

C:\Windows\System\JjXEuQC.exe

C:\Windows\System\PCugsfG.exe

C:\Windows\System\PCugsfG.exe

C:\Windows\System\KEjHhVe.exe

C:\Windows\System\KEjHhVe.exe

C:\Windows\System\SiuRJrV.exe

C:\Windows\System\SiuRJrV.exe

C:\Windows\System\kWzDbkP.exe

C:\Windows\System\kWzDbkP.exe

C:\Windows\System\YwehkBt.exe

C:\Windows\System\YwehkBt.exe

C:\Windows\System\PeHgmym.exe

C:\Windows\System\PeHgmym.exe

C:\Windows\System\PvSMnMk.exe

C:\Windows\System\PvSMnMk.exe

C:\Windows\System\FlltJma.exe

C:\Windows\System\FlltJma.exe

C:\Windows\System\HFVhUUM.exe

C:\Windows\System\HFVhUUM.exe

C:\Windows\System\yDlGyQL.exe

C:\Windows\System\yDlGyQL.exe

C:\Windows\System\IHwWdFr.exe

C:\Windows\System\IHwWdFr.exe

C:\Windows\System\tKyuayH.exe

C:\Windows\System\tKyuayH.exe

C:\Windows\System\dFYTWGc.exe

C:\Windows\System\dFYTWGc.exe

C:\Windows\System\fVOBmqO.exe

C:\Windows\System\fVOBmqO.exe

C:\Windows\System\BSaqHYs.exe

C:\Windows\System\BSaqHYs.exe

C:\Windows\System\oesxiQa.exe

C:\Windows\System\oesxiQa.exe

C:\Windows\System\brDoySr.exe

C:\Windows\System\brDoySr.exe

C:\Windows\System\WGgLABT.exe

C:\Windows\System\WGgLABT.exe

C:\Windows\System\uflszqO.exe

C:\Windows\System\uflszqO.exe

C:\Windows\System\wmgZErF.exe

C:\Windows\System\wmgZErF.exe

C:\Windows\System\ByhrbEP.exe

C:\Windows\System\ByhrbEP.exe

C:\Windows\System\uOZAqnW.exe

C:\Windows\System\uOZAqnW.exe

C:\Windows\System\pbtdFVe.exe

C:\Windows\System\pbtdFVe.exe

C:\Windows\System\wkCiGbW.exe

C:\Windows\System\wkCiGbW.exe

C:\Windows\System\NFGOMiL.exe

C:\Windows\System\NFGOMiL.exe

C:\Windows\System\xebVOrB.exe

C:\Windows\System\xebVOrB.exe

C:\Windows\System\nqtVQgV.exe

C:\Windows\System\nqtVQgV.exe

C:\Windows\System\aJIAteh.exe

C:\Windows\System\aJIAteh.exe

C:\Windows\System\GkdLVBs.exe

C:\Windows\System\GkdLVBs.exe

C:\Windows\System\qVERMsf.exe

C:\Windows\System\qVERMsf.exe

C:\Windows\System\avCRhsb.exe

C:\Windows\System\avCRhsb.exe

C:\Windows\System\pAlpXpz.exe

C:\Windows\System\pAlpXpz.exe

C:\Windows\System\ADgSZjZ.exe

C:\Windows\System\ADgSZjZ.exe

C:\Windows\System\ZDnuAmT.exe

C:\Windows\System\ZDnuAmT.exe

C:\Windows\System\xvZSXyL.exe

C:\Windows\System\xvZSXyL.exe

C:\Windows\System\SFgwSpR.exe

C:\Windows\System\SFgwSpR.exe

C:\Windows\System\XXyQAFa.exe

C:\Windows\System\XXyQAFa.exe

C:\Windows\System\EyNUqtV.exe

C:\Windows\System\EyNUqtV.exe

C:\Windows\System\MulMrFz.exe

C:\Windows\System\MulMrFz.exe

C:\Windows\System\EdGkmiX.exe

C:\Windows\System\EdGkmiX.exe

C:\Windows\System\xDfcbzn.exe

C:\Windows\System\xDfcbzn.exe

C:\Windows\System\scwZXKU.exe

C:\Windows\System\scwZXKU.exe

C:\Windows\System\eATZOtu.exe

C:\Windows\System\eATZOtu.exe

C:\Windows\System\EIZUhAl.exe

C:\Windows\System\EIZUhAl.exe

C:\Windows\System\FkwglPm.exe

C:\Windows\System\FkwglPm.exe

C:\Windows\System\NzDkyMq.exe

C:\Windows\System\NzDkyMq.exe

C:\Windows\System\VcGOZZX.exe

C:\Windows\System\VcGOZZX.exe

C:\Windows\System\vNxUmjA.exe

C:\Windows\System\vNxUmjA.exe

C:\Windows\System\QjasSJO.exe

C:\Windows\System\QjasSJO.exe

C:\Windows\System\kCuAZuZ.exe

C:\Windows\System\kCuAZuZ.exe

C:\Windows\System\zgFwnqA.exe

C:\Windows\System\zgFwnqA.exe

C:\Windows\System\JMOFafB.exe

C:\Windows\System\JMOFafB.exe

C:\Windows\System\PtvqOKk.exe

C:\Windows\System\PtvqOKk.exe

C:\Windows\System\GUsumLl.exe

C:\Windows\System\GUsumLl.exe

C:\Windows\System\hFsKlfM.exe

C:\Windows\System\hFsKlfM.exe

C:\Windows\System\bvWWKBE.exe

C:\Windows\System\bvWWKBE.exe

C:\Windows\System\umppWgk.exe

C:\Windows\System\umppWgk.exe

C:\Windows\System\HUvSoNZ.exe

C:\Windows\System\HUvSoNZ.exe

C:\Windows\System\bLemIss.exe

C:\Windows\System\bLemIss.exe

C:\Windows\System\GXQPxKQ.exe

C:\Windows\System\GXQPxKQ.exe

C:\Windows\System\WgoHTMo.exe

C:\Windows\System\WgoHTMo.exe

C:\Windows\System\MIFcAmn.exe

C:\Windows\System\MIFcAmn.exe

C:\Windows\System\hpGlhsY.exe

C:\Windows\System\hpGlhsY.exe

C:\Windows\System\eTHqGfy.exe

C:\Windows\System\eTHqGfy.exe

C:\Windows\System\XHGOLaV.exe

C:\Windows\System\XHGOLaV.exe

C:\Windows\System\iJBapPp.exe

C:\Windows\System\iJBapPp.exe

C:\Windows\System\aVtbLau.exe

C:\Windows\System\aVtbLau.exe

C:\Windows\System\giyyDHX.exe

C:\Windows\System\giyyDHX.exe

C:\Windows\System\lKnIHeB.exe

C:\Windows\System\lKnIHeB.exe

C:\Windows\System\AImkRXb.exe

C:\Windows\System\AImkRXb.exe

C:\Windows\System\fOYyRQj.exe

C:\Windows\System\fOYyRQj.exe

C:\Windows\System\NeXrhiR.exe

C:\Windows\System\NeXrhiR.exe

C:\Windows\System\SdTmxls.exe

C:\Windows\System\SdTmxls.exe

C:\Windows\System\AwFpMOE.exe

C:\Windows\System\AwFpMOE.exe

C:\Windows\System\EZBzEfJ.exe

C:\Windows\System\EZBzEfJ.exe

C:\Windows\System\HLmxgrS.exe

C:\Windows\System\HLmxgrS.exe

C:\Windows\System\SOEMfsc.exe

C:\Windows\System\SOEMfsc.exe

C:\Windows\System\gQSszXv.exe

C:\Windows\System\gQSszXv.exe

C:\Windows\System\uptkQva.exe

C:\Windows\System\uptkQva.exe

C:\Windows\System\BrVqTYi.exe

C:\Windows\System\BrVqTYi.exe

C:\Windows\System\ZFIUKIo.exe

C:\Windows\System\ZFIUKIo.exe

C:\Windows\System\tPonLxl.exe

C:\Windows\System\tPonLxl.exe

C:\Windows\System\iVISusj.exe

C:\Windows\System\iVISusj.exe

C:\Windows\System\snCQXPf.exe

C:\Windows\System\snCQXPf.exe

C:\Windows\System\GVNdzcS.exe

C:\Windows\System\GVNdzcS.exe

C:\Windows\System\DzYFnms.exe

C:\Windows\System\DzYFnms.exe

C:\Windows\System\UIHXJSp.exe

C:\Windows\System\UIHXJSp.exe

C:\Windows\System\FpXjyxk.exe

C:\Windows\System\FpXjyxk.exe

C:\Windows\System\XuvUFMi.exe

C:\Windows\System\XuvUFMi.exe

C:\Windows\System\GgnOErt.exe

C:\Windows\System\GgnOErt.exe

C:\Windows\System\tXowWsZ.exe

C:\Windows\System\tXowWsZ.exe

C:\Windows\System\fwKhfmv.exe

C:\Windows\System\fwKhfmv.exe

C:\Windows\System\gKFXHzt.exe

C:\Windows\System\gKFXHzt.exe

C:\Windows\System\gwNiGkZ.exe

C:\Windows\System\gwNiGkZ.exe

C:\Windows\System\WfALRzk.exe

C:\Windows\System\WfALRzk.exe

C:\Windows\System\GVfMAqG.exe

C:\Windows\System\GVfMAqG.exe

C:\Windows\System\bXdrKnf.exe

C:\Windows\System\bXdrKnf.exe

C:\Windows\System\OFzOxSt.exe

C:\Windows\System\OFzOxSt.exe

C:\Windows\System\fMpoUJq.exe

C:\Windows\System\fMpoUJq.exe

C:\Windows\System\remVMLV.exe

C:\Windows\System\remVMLV.exe

C:\Windows\System\hZQWKxy.exe

C:\Windows\System\hZQWKxy.exe

C:\Windows\System\jIehtnl.exe

C:\Windows\System\jIehtnl.exe

C:\Windows\System\jddNuFY.exe

C:\Windows\System\jddNuFY.exe

C:\Windows\System\bpohlln.exe

C:\Windows\System\bpohlln.exe

C:\Windows\System\JotsWSv.exe

C:\Windows\System\JotsWSv.exe

C:\Windows\System\DQczMPK.exe

C:\Windows\System\DQczMPK.exe

C:\Windows\System\iKyblcr.exe

C:\Windows\System\iKyblcr.exe

C:\Windows\System\lNaOjda.exe

C:\Windows\System\lNaOjda.exe

C:\Windows\System\SpfOKLR.exe

C:\Windows\System\SpfOKLR.exe

C:\Windows\System\HQaVsAT.exe

C:\Windows\System\HQaVsAT.exe

C:\Windows\System\jExifOF.exe

C:\Windows\System\jExifOF.exe

C:\Windows\System\gvAakHD.exe

C:\Windows\System\gvAakHD.exe

C:\Windows\System\RFBtnze.exe

C:\Windows\System\RFBtnze.exe

C:\Windows\System\PjspCja.exe

C:\Windows\System\PjspCja.exe

C:\Windows\System\oSoVUHq.exe

C:\Windows\System\oSoVUHq.exe

C:\Windows\System\FjHOYyU.exe

C:\Windows\System\FjHOYyU.exe

C:\Windows\System\xvoctmY.exe

C:\Windows\System\xvoctmY.exe

C:\Windows\System\OtJHOOZ.exe

C:\Windows\System\OtJHOOZ.exe

C:\Windows\System\rGsMxBt.exe

C:\Windows\System\rGsMxBt.exe

C:\Windows\System\drHtWfw.exe

C:\Windows\System\drHtWfw.exe

C:\Windows\System\paFoVcs.exe

C:\Windows\System\paFoVcs.exe

C:\Windows\System\XBHSlFi.exe

C:\Windows\System\XBHSlFi.exe

C:\Windows\System\lZfWONj.exe

C:\Windows\System\lZfWONj.exe

C:\Windows\System\BhAtqfr.exe

C:\Windows\System\BhAtqfr.exe

C:\Windows\System\EzLQCkz.exe

C:\Windows\System\EzLQCkz.exe

C:\Windows\System\vcJzwNB.exe

C:\Windows\System\vcJzwNB.exe

C:\Windows\System\arURkiK.exe

C:\Windows\System\arURkiK.exe

C:\Windows\System\PNdSQSY.exe

C:\Windows\System\PNdSQSY.exe

C:\Windows\System\gzcbQNN.exe

C:\Windows\System\gzcbQNN.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2248-0-0x000000013FE80000-0x00000001401D1000-memory.dmp

memory/2248-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\ixRfLZf.exe

MD5 263e263ceb3f0938f0fab537bdf612be
SHA1 e937f5000ecbcb3dba7e21f6218f86c0d9067a34
SHA256 7c7de5b7cb29bb6c0d25fd30369bf07aa5561ccf630accfe48462c4d54d4a79a
SHA512 df9e4692270f655f616d83970fbbb140f7aa00890dda6ebaa1b4942bf4fab422687053ae12fd18d68cf992b6c67fbe5577f37b0025c94fc22fca9a4efeb5a197

memory/2028-9-0x000000013F440000-0x000000013F791000-memory.dmp

memory/2248-7-0x000000013F440000-0x000000013F791000-memory.dmp

\Windows\system\pBjByLt.exe

MD5 ebb396b95d5a305d28cf575d5a545185
SHA1 4bed635aa5ffdb7a8afa50fceab2a84aed2e8bc7
SHA256 921484ff395aadacf427f0ce9a1e95a6d844e5edd83a25b783e0e795906a0a12
SHA512 d551591f39d140b50c090292d996c4e229731b95c1db561a120c6c84869c3c64aecd5bbec220799a19fe480b549d66ac6fd651001388cdbfde0ffef5d7ff547b

memory/1984-14-0x000000013FAF0000-0x000000013FE41000-memory.dmp

C:\Windows\system\cFZbggh.exe

MD5 510aee4f0ce5d5c617652772e980b5ac
SHA1 fc9ff20879ad9b4844a62c91b1d386ef64e6c236
SHA256 38237f305f0a13054b499a66f771b0455ce66b64eb0d89db545776cd14978f64
SHA512 87755fd73946faeae265068f00f87d851e7e49ef22b3931532e4b82391cfd3776bc4eca89417851060d9591bb8cad0cd2b19efc43b2df80780df780e2c12e0e4

memory/2248-24-0x000000013F1E0000-0x000000013F531000-memory.dmp

memory/2248-28-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2680-29-0x000000013FC80000-0x000000013FFD1000-memory.dmp

\Windows\system\JafAMzF.exe

MD5 74ed8c6226eadaae6bef5ff0bdb33cfd
SHA1 dcb83e4d51c221f45efb1c4b5e4717bba86e30f8
SHA256 1e9a032d4e1b619dd05c38937a49a074d6be515cb13be85f33ac321608c52401
SHA512 2ceb6c02be590906b64702f4bb8a079251cef1fd62bd28bf1e9ae622cd5ba70c5c36e5f815080e8e7858c961ac49dd77c1543a25866d2ce03543870c6d2f5dec

C:\Windows\system\xlHahhc.exe

MD5 ff6fbe918b6032834ca927581f8318eb
SHA1 637c9d29cfc5c8d58a40aaeb902b787fdf6897ca
SHA256 547f3d3207915addeffd3ce1a481f456f1b4f4af32b968de112cfff9394eab62
SHA512 1c4c514fe9ed60da71f48c003aace841f50adbaf4bc1073227703f9d47ca7a5c69f9b47c121dd0c5f7cdceac8ef1b79248c04c39d841dede8fc6adb551c7e6fd

memory/1636-25-0x000000013F1E0000-0x000000013F531000-memory.dmp

C:\Windows\system\BqOHlyf.exe

MD5 94f2e1b64ac53ff8057ab1c43fea788d
SHA1 a5ebc1e755d6d64c0bbfee9c363aaa37040d7b79
SHA256 5993c242aefdafba93f9c395276efb77411218833417a08c895a374d96062b4e
SHA512 9cfdb78e78c87ec50efd8ef9d7e4178ad8d6e3f0afec97366b4a19eeeca01d23006b86679fbdd69fd0a6b02505162a12f254e6d593ae9cb15519ce1b858cf5cd

\Windows\system\eAjceah.exe

MD5 eb081afc5ad85bc2b2f2eb83ff84dfc4
SHA1 3f706130777a93b8f38c962e04785bdeb1b97175
SHA256 44e1036e960971fe5ab2c17628bbb755939bd440219cb31614f979b4bc9514b0
SHA512 095ad154573014202ad98cd6c4185bebcbaddfc02dca6f5bd21882e070cac2127c3282632458d976df6425b9b8083e956235e08f1e471ed930341ad7943e6916

\Windows\system\AJpDaUX.exe

MD5 65f332cf1dbc022df2b2c1e8c5941300
SHA1 cab3b224ec41048ff84b444bc316bd661c6ac084
SHA256 da02da625e1a322c695005364adab324322aacbef6d691c3cff0b04c1d0c6377
SHA512 8083ecb2402af950a1f2a813b3ad8bbeb75c71c92057d7e8b82fe447ba6e392ae288599aa867e6ea7b82fc5fe3a09ed7fb4de34bda8fce01b73682b6f71a1b81

\Windows\system\YcPEram.exe

MD5 d572564d36c1ffe8f5d76cd3369afb95
SHA1 ad4f56d2f34e357c14e29a340bdd0b9159005bd9
SHA256 1edfc8e793d867968bd74b9f0e494098c729baa883eaf49aeb08e5c57f001974
SHA512 a8868356e041f12b9c2bb597426777a578b35921ee4e36c45cab6e25bf2d45b9e69ebf6808f355e7641a0bffc49d92a66dd2f21f94a1f3bc21bd21de0900b08e

\Windows\system\XPPKxdY.exe

MD5 35cd820132c2911afc090e1847277d7e
SHA1 a7d095eedbdc3c84619811f2af31dca090190b7e
SHA256 855b60125533c00fbb5a6874b56e09c8af086c7d2a6b0a3b0a7f7f54a2e20272
SHA512 f6a1d971c15d10e611e068e8d0ef95bd255f31cb257cf882b92bad3829fb5f6eba19359f07ec41d2db729a4c693e88cd4656388f0bbbedd2838669ee08bf9173

memory/2896-44-0x000000013F2B0000-0x000000013F601000-memory.dmp

\Windows\system\IwOkKYf.exe

MD5 89772dd967e3b79915bf7da99ecd6932
SHA1 4f000ee4d9c5d808d4e2fe80cb1da72d3df21d84
SHA256 ee7849c28e2ed06972bd8fefd379e4d0a53e7de142a1b9c02f4a0ca9c8b4625f
SHA512 b4f408e01e77c0b5f491ae02ac546f4444ad6145b2525246ab0f0c6bccbd5ce8449e7359447d7b17335d553a7137914ea3de5c8bbc3563fae7f9a2f22b14bddd

\Windows\system\yquegVF.exe

MD5 85c13b72c4c597cacef8a6731534159f
SHA1 d232e3e48f240ab95d439e1b3db31e065b84e40f
SHA256 c664685a9c77815284986316a301b39879d1be5b536de2c503cda85ccea7f3bb
SHA512 fd36d93eda050b9c1d5c3981270e11b379b6a3a0edc9fac1dfc14fe853a5c4e579ae874ac835e8ad6b47e0ca69f86908205e55715e9351d203869b8f8800c306

\Windows\system\faauYLb.exe

MD5 2db1250a34dbb2cbee8fe262b0e2afde
SHA1 8030b686b6f25031f34c89cf4efc0e5faae5e1ca
SHA256 ade30006441f5c1453a6093902e9aeec80acce58a3341cf77b72a3551ca2d22a
SHA512 c89b40d70835f0d2a3358445d4f9e9e712633250891584b0ce3e16733258c8a0d62d8a841c3472198203709157ea3e155c7c3f03d6557ba236931d02f41f48da

C:\Windows\system\PWAKSio.exe

MD5 c8893b7e299ada1698650cd5175ac000
SHA1 f34eb9796748c73d17dc84c3ed506b7d24381d8c
SHA256 eb3d47050ec71c7c42561ffbe9b5954826fef6452023cb05be8e0ed311db2f16
SHA512 b9e0a82044e5be171ff37e477e3ca9d6a5b484956562dfe7324efd8b01df9e9bda8850c8ea0791d1e1d38505b5eca9c1f53032df9bd7c87d870acb48fb399b98

C:\Windows\system\dDpmahJ.exe

MD5 28d0dbc605502088f57502449aa69c46
SHA1 87f5486e6fed179d4a1a9af39a667eb695c43293
SHA256 1d82b110c107546633fc3dfaaa4df67307897f364e9eb44545b9577b9acdb228
SHA512 2bdfca9f5dd351aa4c524ea39fb5e6e75d0f2bf357d98ecab2834794c214827aeb5a5e2e4fafadfc26293be6f4171d67e9b54be0ddefac8d449305be2227af67

C:\Windows\system\kNwwdbg.exe

MD5 834512390035a6fb537208429a657ee1
SHA1 d3cd18a2155d9fd46f76149bd0d1eecf51224421
SHA256 e9483d629c868038db39c6c6ba7407a60daaf7f609952352a3b5f2f2ecfab6aa
SHA512 339d9dd1eb8e56c39b8ea270a2ae2b283637502d8b69545970b5bd13d40b38fc827bdf0bf68f4bc58077cfdcdfee6160a8dfefc19cebf1e8d44ca192397a7ee8

C:\Windows\system\lRvxJRM.exe

MD5 c9d2503cae27c7da1b35ae73f894a5b9
SHA1 6f420edcd056afea04efafad4090b9a8e64ae73d
SHA256 be088e718a0962bb90ed0b7b3fe0a2ce08da78b80268dede07317732cc3b9652
SHA512 20966f4f8cdab12e3af3321f9ce9b88b5aa404c109cc9354b2ee824ee168a5ee9cd3ed01a4713b6dd5576f1fb1dac8633551c5efbaa4f72171b1ceb4222a0948

C:\Windows\system\DARoMIx.exe

MD5 6cf04e4e797261feb3944ad42ee22a40
SHA1 a98cf8e058e67e383b16c4157f9dfcd43bbfcdff
SHA256 a72cb3ea788d7f8f90e9761c6d068ae398bf97b926ace3d9275bca71950cce71
SHA512 39a8dc5c412f07c867896e2ab3250b8507ffb0c441f9d74257d60c2d511db43c1188a7ca443a5fd1a315adf0f564a49130195a6627601bb435ae28ac6da981d9

C:\Windows\system\QSbGzON.exe

MD5 bfad7f4d6e3ceaaad82d7ec6a00e3494
SHA1 d7ebd26fe8922e7207e95830ac990f5f95780717
SHA256 85d1e706a41c4bcaf87adf4791a1dc836733bd5c085847b6bef4aaad2f39d5fd
SHA512 e229aba6da93bd7ffd85f5b27721f28eecdc17f5b9df5a66ce8c828802ea01d8b4270843493754ca466f0c9307b2723486b4e50b27685ec25d204b4f152689a7

C:\Windows\system\JmNasYY.exe

MD5 c9da46b58cff16d81c3f7b64342f35a8
SHA1 1330ae885af9120a1f3938b33d84dda2c75b6936
SHA256 4b2dbb344e0de4b7e0bdd9c2a8f04fbe669cc545c31140248ca20ce230f7f347
SHA512 4d5832a98c8f0b68c1333b438bf480f75e9c5d6acf8fbfb52f63798ac7e54083e0e1863cff61b6af3f0700a47d50967275e4d49528626f62eb7e1f71f9ce9e4f

C:\Windows\system\HdCDwsV.exe

MD5 df10d7f5734e753f23e37e8711b90155
SHA1 d854fca87cefcd29d8f955c2fb7c953ed1f1c836
SHA256 78052cef346f1e1ac61fd9da17cde7d7b6f2fa48326af2113e3e91ce99660562
SHA512 b3f8b8502a3ef1490f41188549c6d52c9ad291d3be026cbd38dcc12a968fa1a34da98f102dcbcff4c569e739d86a6c6201b062df8a89edd832817dfe3f17da1e

C:\Windows\system\oqnqXaK.exe

MD5 21fd8e66b110d970d7b0cec378b93921
SHA1 6de6cb1f9232c912c56f53fad107c4cdbc8db8aa
SHA256 894cc47e295ca0fab349674d0ce49d86c4154a3211bb43a81879f3c76585d6bc
SHA512 1a624b62d31341a22f1c2075373f140e2c9e676876cba418f117f017f425d045992bc7a524ce2024e0b045376082eb258a8399cab9ab4bc26fd444f8ffab2763

C:\Windows\system\tyfXXOg.exe

MD5 3d6002b5aedcac2fa08cbc1c26f3ba12
SHA1 24965ca0d2d4b83cbc9acb3061fb55641cf6914d
SHA256 67c80062d19eec1fbd4812a6fe31bf0591cc6e47cac5eea4de3315353dd5703d
SHA512 73ab679b74f9f80c9c5589f48bde2543e1265a1efefedc5717bc6a68be8aeed604b502e03bb96eb4ceda96cec74e76784e957dd16a1a003f5fe5148596010ba6

C:\Windows\system\iziqgvW.exe

MD5 5618f00ed467b4b7152827303cb1fa24
SHA1 a098d8473ff2c4dce1d905f9c1c4c915c4b67066
SHA256 18bac2e13d34e11d47667188bd9019724e090ec54b663b19480883eacdce132f
SHA512 452735a8d328a917061434a3ea0954ee92c603c1c409cce5d67c52da01daf2141dd819503ac4ad8e94aaf54734fa8bdb9eddf99976e8f286ca4e7b872ac7211a

C:\Windows\system\uxKlWbP.exe

MD5 302cb513a7256728a31eb93e6b86463a
SHA1 f19e090ee9acf06a63e07ab05351839affa59160
SHA256 88defb170b0aec386221ee182fe23c2b8747bd74b303f1773c6c67e0741a6e2f
SHA512 5af646fd5ca55332e1d58c842f2b7ad139fc627d55988bb0150b4c9a3c948a892acac889a665b5071bf7989d8c16405a3a8dfcc0668258409a46ab87e9fc86b1

C:\Windows\system\uBfPJUj.exe

MD5 a9b8b466b58323a3f85ab7df540b011b
SHA1 cef376793d6e544dd0e23672d9c795e237157361
SHA256 e7d8630ba27af4771661740f7cb66e39e1d2546afa6b1d182ac93831140c2116
SHA512 82567f5420855e448d9b4276699b4ec2dd98c630a4b9587f58b2e65d01cacfc589272693fe66b050221e6ab144fb58f7d9bd740e79711b724a32efac0f7e1399

C:\Windows\system\fAidzBS.exe

MD5 41b9f4084944bfc3f27739b4dacbd829
SHA1 2a1f621bd6fc02c0627347b1294b8c50a552c17a
SHA256 753824473569fbc2826a2a68b06eef7c1ecac16afd7c023ba44d4755ebfb8724
SHA512 4e655aef5175cfe43b3f5a02167458052c0b940918e5e213b2f4c631ea26aeca18f038df7b5cf3b3b75d0ee95034331fa4396dba8d186b842fd8faaec7bd13d7

C:\Windows\system\tiXZfel.exe

MD5 64daca46fb17f8794db94459d908d25b
SHA1 7a8793cbd407d9cb03a309e010edfced2835674b
SHA256 9113e5b49d2a08199f1f97a63e836cbb322977ee7236325fc0a3d3b23b4111ea
SHA512 3f5ba12cc0941f0928ed1c0b75eabee9bf756411a14d99ec8cba496c65424d6bc9ed9862fe789e0907ce9ea55447ce0151d2b76d5f1975ede1dae1cdaefceaff

C:\Windows\system\QKCJmfA.exe

MD5 785f2694b224a730f906fbfd37b79dd9
SHA1 163641af2cb428205046baa740aa539807c6fbd6
SHA256 ef95a3f751d806eb15843ce5f11295957e15c39e88cb7f5f71361c1f312874b5
SHA512 4f395082ad070bf0b45448350eb8d84f7d77a526f015d5e0f11c9d79998e9dc79ff61a628fa33edb11294785ba0302224803da6b927240c8eb62971ca275d780

C:\Windows\system\fxlicXK.exe

MD5 fc879d7948e4eec9db2dd9721910894a
SHA1 7aed140e6a4864b5f0d36deb5ddc3474ad7e2115
SHA256 f49db9e5822ffc8a692814aba527753347b2068dca832b56c11768b575391637
SHA512 df65798b0e77482ec8ad081a24d2df5b9e2acfa7d64c72f3494839b2a8b4b3086d6d22617fec093d99d43eea4022723fa4d375875452586c06186ed123672279

memory/2288-97-0x000000013FBF0000-0x000000013FF41000-memory.dmp

memory/2528-96-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/2752-92-0x000000013F6D0000-0x000000013FA21000-memory.dmp

memory/2488-91-0x000000013F800000-0x000000013FB51000-memory.dmp

memory/2248-90-0x000000013FAC0000-0x000000013FE11000-memory.dmp

memory/2248-88-0x000000013F6D0000-0x000000013FA21000-memory.dmp

memory/2248-87-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/1540-86-0x000000013FAC0000-0x000000013FE11000-memory.dmp

memory/2372-85-0x000000013F0F0000-0x000000013F441000-memory.dmp

memory/2476-83-0x000000013FE40000-0x0000000140191000-memory.dmp

memory/2632-82-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2248-81-0x000000013F190000-0x000000013F4E1000-memory.dmp

memory/2248-80-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/2248-76-0x0000000001E60000-0x00000000021B1000-memory.dmp

C:\Windows\system\dfoAJug.exe

MD5 718eb2ad3f2c8d35877a70cc65ae8a5f
SHA1 f9207dd88481277bd1335b10fb42a8c647a8f364
SHA256 16861e10a5786839c7eae98514665e2b258119610c52d1c7ea47b4ad3467cff4
SHA512 0bc0729eb3b0b218e6f428739b4dd1f6b650cd154af203a083fe4dd83454a752de387a605d37d5aba29a8c62e4075dbb31f5c6e40f1c9fd63b789f6f327ae566

C:\Windows\system\eeIJpYg.exe

MD5 f1420240250a33a31d0b720d8211f6ed
SHA1 03dcf36a384fb894ea9c8d8b6091ff2f16a35f6f
SHA256 d3a79f2695f23888c9587639b644fe7bc779f6663ce9d7215c13a6594db90b41
SHA512 961e3a61590ddcddb82d6430d03cdd80a69e085267521438f34208d91ceb9d83b0aa98e06e440271a8ab852a9ff750684a470d17a942d5b1e93bd6ad477ea95e

memory/2248-68-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2500-67-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/2248-62-0x000000013F800000-0x000000013FB51000-memory.dmp

memory/2248-672-0x000000013FE80000-0x00000001401D1000-memory.dmp

memory/2028-1066-0x000000013F440000-0x000000013F791000-memory.dmp

memory/1984-1086-0x000000013FAF0000-0x000000013FE41000-memory.dmp

memory/1636-1087-0x000000013F1E0000-0x000000013F531000-memory.dmp

memory/2248-1088-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2896-1089-0x000000013F2B0000-0x000000013F601000-memory.dmp

memory/2528-1122-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/2028-1162-0x000000013F440000-0x000000013F791000-memory.dmp

memory/1984-1164-0x000000013FAF0000-0x000000013FE41000-memory.dmp

memory/2680-1167-0x000000013FC80000-0x000000013FFD1000-memory.dmp

memory/1636-1168-0x000000013F1E0000-0x000000013F531000-memory.dmp

memory/2500-1172-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/2896-1171-0x000000013F2B0000-0x000000013F601000-memory.dmp

memory/2632-1176-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2488-1175-0x000000013F800000-0x000000013FB51000-memory.dmp

memory/2476-1182-0x000000013FE40000-0x0000000140191000-memory.dmp

memory/1540-1181-0x000000013FAC0000-0x000000013FE11000-memory.dmp

memory/2372-1180-0x000000013F0F0000-0x000000013F441000-memory.dmp

memory/2288-1184-0x000000013FBF0000-0x000000013FF41000-memory.dmp

memory/2752-1186-0x000000013F6D0000-0x000000013FA21000-memory.dmp

memory/2528-1357-0x000000013F900000-0x000000013FC51000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 19:18

Reported

2024-06-06 19:21

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zPeosvl.exe N/A
N/A N/A C:\Windows\System\YcDJJPq.exe N/A
N/A N/A C:\Windows\System\IwDZGqA.exe N/A
N/A N/A C:\Windows\System\SMasYXc.exe N/A
N/A N/A C:\Windows\System\uVIbHuu.exe N/A
N/A N/A C:\Windows\System\VKLGLKo.exe N/A
N/A N/A C:\Windows\System\bruaBJK.exe N/A
N/A N/A C:\Windows\System\vqgShwY.exe N/A
N/A N/A C:\Windows\System\CbPinWR.exe N/A
N/A N/A C:\Windows\System\DAiJryN.exe N/A
N/A N/A C:\Windows\System\vxfxTWC.exe N/A
N/A N/A C:\Windows\System\QvuAKaS.exe N/A
N/A N/A C:\Windows\System\gdHrPAV.exe N/A
N/A N/A C:\Windows\System\HrLZISR.exe N/A
N/A N/A C:\Windows\System\SdxGccS.exe N/A
N/A N/A C:\Windows\System\WKTdBHm.exe N/A
N/A N/A C:\Windows\System\mhstnsw.exe N/A
N/A N/A C:\Windows\System\KsrYjkl.exe N/A
N/A N/A C:\Windows\System\meQkAcb.exe N/A
N/A N/A C:\Windows\System\vqvWaki.exe N/A
N/A N/A C:\Windows\System\zVKKfPX.exe N/A
N/A N/A C:\Windows\System\frUuoUH.exe N/A
N/A N/A C:\Windows\System\FjPstPn.exe N/A
N/A N/A C:\Windows\System\KvOGcDs.exe N/A
N/A N/A C:\Windows\System\dBMwkpB.exe N/A
N/A N/A C:\Windows\System\vOrcLmL.exe N/A
N/A N/A C:\Windows\System\zdFaBga.exe N/A
N/A N/A C:\Windows\System\ZXQjeNe.exe N/A
N/A N/A C:\Windows\System\gyuagmQ.exe N/A
N/A N/A C:\Windows\System\gOsCzvB.exe N/A
N/A N/A C:\Windows\System\tgtCFPQ.exe N/A
N/A N/A C:\Windows\System\HNNGEKc.exe N/A
N/A N/A C:\Windows\System\oqtUlCk.exe N/A
N/A N/A C:\Windows\System\HcAlhYb.exe N/A
N/A N/A C:\Windows\System\bngvONn.exe N/A
N/A N/A C:\Windows\System\JUBWhbr.exe N/A
N/A N/A C:\Windows\System\pUIsHfg.exe N/A
N/A N/A C:\Windows\System\iCPbbiM.exe N/A
N/A N/A C:\Windows\System\NzFAhgw.exe N/A
N/A N/A C:\Windows\System\pbBGmmx.exe N/A
N/A N/A C:\Windows\System\aBLimwc.exe N/A
N/A N/A C:\Windows\System\zznKVbT.exe N/A
N/A N/A C:\Windows\System\KzwqkeA.exe N/A
N/A N/A C:\Windows\System\QpSjcJm.exe N/A
N/A N/A C:\Windows\System\DzNKnqE.exe N/A
N/A N/A C:\Windows\System\jsGnaRY.exe N/A
N/A N/A C:\Windows\System\dHOuAsd.exe N/A
N/A N/A C:\Windows\System\BmAsMnj.exe N/A
N/A N/A C:\Windows\System\vjpoOiX.exe N/A
N/A N/A C:\Windows\System\fjMhCjN.exe N/A
N/A N/A C:\Windows\System\IFewEjm.exe N/A
N/A N/A C:\Windows\System\zhYHxbi.exe N/A
N/A N/A C:\Windows\System\UwBdWsU.exe N/A
N/A N/A C:\Windows\System\dvktazq.exe N/A
N/A N/A C:\Windows\System\wZzjnPR.exe N/A
N/A N/A C:\Windows\System\KLqDbYV.exe N/A
N/A N/A C:\Windows\System\sxvLHyq.exe N/A
N/A N/A C:\Windows\System\kQyNzbb.exe N/A
N/A N/A C:\Windows\System\HuwYDDu.exe N/A
N/A N/A C:\Windows\System\EkwlLPs.exe N/A
N/A N/A C:\Windows\System\YWkuerW.exe N/A
N/A N/A C:\Windows\System\RsEhbEE.exe N/A
N/A N/A C:\Windows\System\pYDxfhD.exe N/A
N/A N/A C:\Windows\System\POKfVWI.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QpSjcJm.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\erwgCzK.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PwGapPX.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCYsvsX.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRBwnYQ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UncMMev.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyuagmQ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUVAlHC.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZhSyVs.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTOmRPT.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOTVeoS.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOsCzvB.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqtUlCk.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vjpoOiX.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\arTdsar.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSCVsYz.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYmCowM.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDicBUJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoQpeYf.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvkfmeM.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GkctbZm.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EurEnwU.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpqTHIj.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYqEHik.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXpClId.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SdxGccS.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUBWhbr.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbBGmmx.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvktazq.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mddgZMG.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqsMxKj.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIRmIYw.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbyxVTS.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpwoAtk.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITaZFtJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgJSFzN.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Exrlecs.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mibWSbr.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GMgLpwo.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ByBYYyl.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBmPuLl.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVAiUrP.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\eXWnArJ.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QuIzqly.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWFbZdV.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMfVbud.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPeosvl.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YWkuerW.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tHMahWO.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fYnedNn.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAJRCUz.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MSjbTKD.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iOqVqgG.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEKjNQH.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KhzuDVk.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzNKnqE.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQMpHei.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QBGrikR.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fwuVaEA.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvrelRD.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhstnsw.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMPoKCN.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMynRaO.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
File created C:\Windows\System\beZtrFT.exe C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3364 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zPeosvl.exe
PID 3364 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zPeosvl.exe
PID 3364 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\YcDJJPq.exe
PID 3364 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\YcDJJPq.exe
PID 3364 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\IwDZGqA.exe
PID 3364 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\IwDZGqA.exe
PID 3364 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\SMasYXc.exe
PID 3364 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\SMasYXc.exe
PID 3364 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\uVIbHuu.exe
PID 3364 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\uVIbHuu.exe
PID 3364 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\VKLGLKo.exe
PID 3364 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\VKLGLKo.exe
PID 3364 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\bruaBJK.exe
PID 3364 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\bruaBJK.exe
PID 3364 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vqgShwY.exe
PID 3364 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vqgShwY.exe
PID 3364 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\CbPinWR.exe
PID 3364 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\CbPinWR.exe
PID 3364 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\DAiJryN.exe
PID 3364 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\DAiJryN.exe
PID 3364 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vxfxTWC.exe
PID 3364 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vxfxTWC.exe
PID 3364 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\QvuAKaS.exe
PID 3364 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\QvuAKaS.exe
PID 3364 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gdHrPAV.exe
PID 3364 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gdHrPAV.exe
PID 3364 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\HrLZISR.exe
PID 3364 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\HrLZISR.exe
PID 3364 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\SdxGccS.exe
PID 3364 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\SdxGccS.exe
PID 3364 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\WKTdBHm.exe
PID 3364 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\WKTdBHm.exe
PID 3364 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\mhstnsw.exe
PID 3364 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\mhstnsw.exe
PID 3364 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\KsrYjkl.exe
PID 3364 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\KsrYjkl.exe
PID 3364 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\meQkAcb.exe
PID 3364 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\meQkAcb.exe
PID 3364 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vqvWaki.exe
PID 3364 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vqvWaki.exe
PID 3364 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zVKKfPX.exe
PID 3364 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zVKKfPX.exe
PID 3364 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\frUuoUH.exe
PID 3364 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\frUuoUH.exe
PID 3364 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\FjPstPn.exe
PID 3364 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\FjPstPn.exe
PID 3364 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\KvOGcDs.exe
PID 3364 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\KvOGcDs.exe
PID 3364 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dBMwkpB.exe
PID 3364 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\dBMwkpB.exe
PID 3364 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vOrcLmL.exe
PID 3364 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\vOrcLmL.exe
PID 3364 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zdFaBga.exe
PID 3364 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\zdFaBga.exe
PID 3364 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\ZXQjeNe.exe
PID 3364 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\ZXQjeNe.exe
PID 3364 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gyuagmQ.exe
PID 3364 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gyuagmQ.exe
PID 3364 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gOsCzvB.exe
PID 3364 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\gOsCzvB.exe
PID 3364 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\tgtCFPQ.exe
PID 3364 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\tgtCFPQ.exe
PID 3364 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\HNNGEKc.exe
PID 3364 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe C:\Windows\System\HNNGEKc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0e6fe3b08c45d16c0536dfe0aa24ef10_NeikiAnalytics.exe"

C:\Windows\System\zPeosvl.exe

C:\Windows\System\zPeosvl.exe

C:\Windows\System\YcDJJPq.exe

C:\Windows\System\YcDJJPq.exe

C:\Windows\System\IwDZGqA.exe

C:\Windows\System\IwDZGqA.exe

C:\Windows\System\SMasYXc.exe

C:\Windows\System\SMasYXc.exe

C:\Windows\System\uVIbHuu.exe

C:\Windows\System\uVIbHuu.exe

C:\Windows\System\VKLGLKo.exe

C:\Windows\System\VKLGLKo.exe

C:\Windows\System\bruaBJK.exe

C:\Windows\System\bruaBJK.exe

C:\Windows\System\vqgShwY.exe

C:\Windows\System\vqgShwY.exe

C:\Windows\System\CbPinWR.exe

C:\Windows\System\CbPinWR.exe

C:\Windows\System\DAiJryN.exe

C:\Windows\System\DAiJryN.exe

C:\Windows\System\vxfxTWC.exe

C:\Windows\System\vxfxTWC.exe

C:\Windows\System\QvuAKaS.exe

C:\Windows\System\QvuAKaS.exe

C:\Windows\System\gdHrPAV.exe

C:\Windows\System\gdHrPAV.exe

C:\Windows\System\HrLZISR.exe

C:\Windows\System\HrLZISR.exe

C:\Windows\System\SdxGccS.exe

C:\Windows\System\SdxGccS.exe

C:\Windows\System\WKTdBHm.exe

C:\Windows\System\WKTdBHm.exe

C:\Windows\System\mhstnsw.exe

C:\Windows\System\mhstnsw.exe

C:\Windows\System\KsrYjkl.exe

C:\Windows\System\KsrYjkl.exe

C:\Windows\System\meQkAcb.exe

C:\Windows\System\meQkAcb.exe

C:\Windows\System\vqvWaki.exe

C:\Windows\System\vqvWaki.exe

C:\Windows\System\zVKKfPX.exe

C:\Windows\System\zVKKfPX.exe

C:\Windows\System\frUuoUH.exe

C:\Windows\System\frUuoUH.exe

C:\Windows\System\FjPstPn.exe

C:\Windows\System\FjPstPn.exe

C:\Windows\System\KvOGcDs.exe

C:\Windows\System\KvOGcDs.exe

C:\Windows\System\dBMwkpB.exe

C:\Windows\System\dBMwkpB.exe

C:\Windows\System\vOrcLmL.exe

C:\Windows\System\vOrcLmL.exe

C:\Windows\System\zdFaBga.exe

C:\Windows\System\zdFaBga.exe

C:\Windows\System\ZXQjeNe.exe

C:\Windows\System\ZXQjeNe.exe

C:\Windows\System\gyuagmQ.exe

C:\Windows\System\gyuagmQ.exe

C:\Windows\System\gOsCzvB.exe

C:\Windows\System\gOsCzvB.exe

C:\Windows\System\tgtCFPQ.exe

C:\Windows\System\tgtCFPQ.exe

C:\Windows\System\HNNGEKc.exe

C:\Windows\System\HNNGEKc.exe

C:\Windows\System\oqtUlCk.exe

C:\Windows\System\oqtUlCk.exe

C:\Windows\System\HcAlhYb.exe

C:\Windows\System\HcAlhYb.exe

C:\Windows\System\bngvONn.exe

C:\Windows\System\bngvONn.exe

C:\Windows\System\JUBWhbr.exe

C:\Windows\System\JUBWhbr.exe

C:\Windows\System\pUIsHfg.exe

C:\Windows\System\pUIsHfg.exe

C:\Windows\System\iCPbbiM.exe

C:\Windows\System\iCPbbiM.exe

C:\Windows\System\NzFAhgw.exe

C:\Windows\System\NzFAhgw.exe

C:\Windows\System\pbBGmmx.exe

C:\Windows\System\pbBGmmx.exe

C:\Windows\System\aBLimwc.exe

C:\Windows\System\aBLimwc.exe

C:\Windows\System\zznKVbT.exe

C:\Windows\System\zznKVbT.exe

C:\Windows\System\KzwqkeA.exe

C:\Windows\System\KzwqkeA.exe

C:\Windows\System\QpSjcJm.exe

C:\Windows\System\QpSjcJm.exe

C:\Windows\System\DzNKnqE.exe

C:\Windows\System\DzNKnqE.exe

C:\Windows\System\jsGnaRY.exe

C:\Windows\System\jsGnaRY.exe

C:\Windows\System\dHOuAsd.exe

C:\Windows\System\dHOuAsd.exe

C:\Windows\System\BmAsMnj.exe

C:\Windows\System\BmAsMnj.exe

C:\Windows\System\vjpoOiX.exe

C:\Windows\System\vjpoOiX.exe

C:\Windows\System\fjMhCjN.exe

C:\Windows\System\fjMhCjN.exe

C:\Windows\System\IFewEjm.exe

C:\Windows\System\IFewEjm.exe

C:\Windows\System\zhYHxbi.exe

C:\Windows\System\zhYHxbi.exe

C:\Windows\System\UwBdWsU.exe

C:\Windows\System\UwBdWsU.exe

C:\Windows\System\dvktazq.exe

C:\Windows\System\dvktazq.exe

C:\Windows\System\wZzjnPR.exe

C:\Windows\System\wZzjnPR.exe

C:\Windows\System\KLqDbYV.exe

C:\Windows\System\KLqDbYV.exe

C:\Windows\System\sxvLHyq.exe

C:\Windows\System\sxvLHyq.exe

C:\Windows\System\kQyNzbb.exe

C:\Windows\System\kQyNzbb.exe

C:\Windows\System\HuwYDDu.exe

C:\Windows\System\HuwYDDu.exe

C:\Windows\System\EkwlLPs.exe

C:\Windows\System\EkwlLPs.exe

C:\Windows\System\YWkuerW.exe

C:\Windows\System\YWkuerW.exe

C:\Windows\System\RsEhbEE.exe

C:\Windows\System\RsEhbEE.exe

C:\Windows\System\pYDxfhD.exe

C:\Windows\System\pYDxfhD.exe

C:\Windows\System\POKfVWI.exe

C:\Windows\System\POKfVWI.exe

C:\Windows\System\mibWSbr.exe

C:\Windows\System\mibWSbr.exe

C:\Windows\System\CntWNHX.exe

C:\Windows\System\CntWNHX.exe

C:\Windows\System\mddgZMG.exe

C:\Windows\System\mddgZMG.exe

C:\Windows\System\ZmzUSWL.exe

C:\Windows\System\ZmzUSWL.exe

C:\Windows\System\cwHFZWw.exe

C:\Windows\System\cwHFZWw.exe

C:\Windows\System\ldoRooo.exe

C:\Windows\System\ldoRooo.exe

C:\Windows\System\hlejpwF.exe

C:\Windows\System\hlejpwF.exe

C:\Windows\System\KhzuDVk.exe

C:\Windows\System\KhzuDVk.exe

C:\Windows\System\tVCYitc.exe

C:\Windows\System\tVCYitc.exe

C:\Windows\System\dSFRkMa.exe

C:\Windows\System\dSFRkMa.exe

C:\Windows\System\daVIvsM.exe

C:\Windows\System\daVIvsM.exe

C:\Windows\System\JMsWldN.exe

C:\Windows\System\JMsWldN.exe

C:\Windows\System\WUVAlHC.exe

C:\Windows\System\WUVAlHC.exe

C:\Windows\System\GMgLpwo.exe

C:\Windows\System\GMgLpwo.exe

C:\Windows\System\hoQpeYf.exe

C:\Windows\System\hoQpeYf.exe

C:\Windows\System\uvkfmeM.exe

C:\Windows\System\uvkfmeM.exe

C:\Windows\System\BopCHUB.exe

C:\Windows\System\BopCHUB.exe

C:\Windows\System\erwgCzK.exe

C:\Windows\System\erwgCzK.exe

C:\Windows\System\MsGsVYX.exe

C:\Windows\System\MsGsVYX.exe

C:\Windows\System\ugizXop.exe

C:\Windows\System\ugizXop.exe

C:\Windows\System\SiRGAFB.exe

C:\Windows\System\SiRGAFB.exe

C:\Windows\System\XusrbJs.exe

C:\Windows\System\XusrbJs.exe

C:\Windows\System\mBLAjzl.exe

C:\Windows\System\mBLAjzl.exe

C:\Windows\System\eRzBekp.exe

C:\Windows\System\eRzBekp.exe

C:\Windows\System\ArTqNJf.exe

C:\Windows\System\ArTqNJf.exe

C:\Windows\System\kXlDdyB.exe

C:\Windows\System\kXlDdyB.exe

C:\Windows\System\MfypmXp.exe

C:\Windows\System\MfypmXp.exe

C:\Windows\System\yEzoPMP.exe

C:\Windows\System\yEzoPMP.exe

C:\Windows\System\fvRReJx.exe

C:\Windows\System\fvRReJx.exe

C:\Windows\System\zjJgDaX.exe

C:\Windows\System\zjJgDaX.exe

C:\Windows\System\eqsMxKj.exe

C:\Windows\System\eqsMxKj.exe

C:\Windows\System\IEXCEsB.exe

C:\Windows\System\IEXCEsB.exe

C:\Windows\System\HxrlMno.exe

C:\Windows\System\HxrlMno.exe

C:\Windows\System\GkctbZm.exe

C:\Windows\System\GkctbZm.exe

C:\Windows\System\exkSfhQ.exe

C:\Windows\System\exkSfhQ.exe

C:\Windows\System\fykAozI.exe

C:\Windows\System\fykAozI.exe

C:\Windows\System\jqmruST.exe

C:\Windows\System\jqmruST.exe

C:\Windows\System\LaclyMo.exe

C:\Windows\System\LaclyMo.exe

C:\Windows\System\JsMCEOq.exe

C:\Windows\System\JsMCEOq.exe

C:\Windows\System\wXdWtJx.exe

C:\Windows\System\wXdWtJx.exe

C:\Windows\System\nQMpHei.exe

C:\Windows\System\nQMpHei.exe

C:\Windows\System\tQSbPRk.exe

C:\Windows\System\tQSbPRk.exe

C:\Windows\System\DmmnYgu.exe

C:\Windows\System\DmmnYgu.exe

C:\Windows\System\fJHdNud.exe

C:\Windows\System\fJHdNud.exe

C:\Windows\System\NGxmTKn.exe

C:\Windows\System\NGxmTKn.exe

C:\Windows\System\kHmeCPv.exe

C:\Windows\System\kHmeCPv.exe

C:\Windows\System\EurEnwU.exe

C:\Windows\System\EurEnwU.exe

C:\Windows\System\ByBYYyl.exe

C:\Windows\System\ByBYYyl.exe

C:\Windows\System\qBmPuLl.exe

C:\Windows\System\qBmPuLl.exe

C:\Windows\System\bCKcToA.exe

C:\Windows\System\bCKcToA.exe

C:\Windows\System\aItXfhl.exe

C:\Windows\System\aItXfhl.exe

C:\Windows\System\GcIGIpb.exe

C:\Windows\System\GcIGIpb.exe

C:\Windows\System\aIQynqu.exe

C:\Windows\System\aIQynqu.exe

C:\Windows\System\cNJpWkE.exe

C:\Windows\System\cNJpWkE.exe

C:\Windows\System\rVGMJGz.exe

C:\Windows\System\rVGMJGz.exe

C:\Windows\System\naYBHrZ.exe

C:\Windows\System\naYBHrZ.exe

C:\Windows\System\VNFcvdb.exe

C:\Windows\System\VNFcvdb.exe

C:\Windows\System\MYkiNuV.exe

C:\Windows\System\MYkiNuV.exe

C:\Windows\System\qipAkqp.exe

C:\Windows\System\qipAkqp.exe

C:\Windows\System\znRurZR.exe

C:\Windows\System\znRurZR.exe

C:\Windows\System\QhNMLQe.exe

C:\Windows\System\QhNMLQe.exe

C:\Windows\System\GngOGKO.exe

C:\Windows\System\GngOGKO.exe

C:\Windows\System\KSLVEVA.exe

C:\Windows\System\KSLVEVA.exe

C:\Windows\System\bsXNJYV.exe

C:\Windows\System\bsXNJYV.exe

C:\Windows\System\emylSiZ.exe

C:\Windows\System\emylSiZ.exe

C:\Windows\System\OUrOkWB.exe

C:\Windows\System\OUrOkWB.exe

C:\Windows\System\qrvKoRi.exe

C:\Windows\System\qrvKoRi.exe

C:\Windows\System\bEuNTOB.exe

C:\Windows\System\bEuNTOB.exe

C:\Windows\System\NJFWMNw.exe

C:\Windows\System\NJFWMNw.exe

C:\Windows\System\WouZIju.exe

C:\Windows\System\WouZIju.exe

C:\Windows\System\eQABbpj.exe

C:\Windows\System\eQABbpj.exe

C:\Windows\System\CxZGRhC.exe

C:\Windows\System\CxZGRhC.exe

C:\Windows\System\cDGrKOm.exe

C:\Windows\System\cDGrKOm.exe

C:\Windows\System\iZcPlqn.exe

C:\Windows\System\iZcPlqn.exe

C:\Windows\System\NMjuzOH.exe

C:\Windows\System\NMjuzOH.exe

C:\Windows\System\mGkMdRP.exe

C:\Windows\System\mGkMdRP.exe

C:\Windows\System\BTGXQBE.exe

C:\Windows\System\BTGXQBE.exe

C:\Windows\System\BYyScdz.exe

C:\Windows\System\BYyScdz.exe

C:\Windows\System\LbVhXdo.exe

C:\Windows\System\LbVhXdo.exe

C:\Windows\System\BxgAvtb.exe

C:\Windows\System\BxgAvtb.exe

C:\Windows\System\sqDfUKQ.exe

C:\Windows\System\sqDfUKQ.exe

C:\Windows\System\YrDTKOc.exe

C:\Windows\System\YrDTKOc.exe

C:\Windows\System\IorGmLJ.exe

C:\Windows\System\IorGmLJ.exe

C:\Windows\System\KXWgjKH.exe

C:\Windows\System\KXWgjKH.exe

C:\Windows\System\vKUkKXX.exe

C:\Windows\System\vKUkKXX.exe

C:\Windows\System\uIRmIYw.exe

C:\Windows\System\uIRmIYw.exe

C:\Windows\System\vIxqQAW.exe

C:\Windows\System\vIxqQAW.exe

C:\Windows\System\EpqTHIj.exe

C:\Windows\System\EpqTHIj.exe

C:\Windows\System\HMHrQeg.exe

C:\Windows\System\HMHrQeg.exe

C:\Windows\System\EbKNboI.exe

C:\Windows\System\EbKNboI.exe

C:\Windows\System\WJuarqS.exe

C:\Windows\System\WJuarqS.exe

C:\Windows\System\wJPmqxY.exe

C:\Windows\System\wJPmqxY.exe

C:\Windows\System\QPwPJrT.exe

C:\Windows\System\QPwPJrT.exe

C:\Windows\System\mfQWgrk.exe

C:\Windows\System\mfQWgrk.exe

C:\Windows\System\EsQifbm.exe

C:\Windows\System\EsQifbm.exe

C:\Windows\System\elQUgVU.exe

C:\Windows\System\elQUgVU.exe

C:\Windows\System\PwGapPX.exe

C:\Windows\System\PwGapPX.exe

C:\Windows\System\vufpQWf.exe

C:\Windows\System\vufpQWf.exe

C:\Windows\System\PoTPYMW.exe

C:\Windows\System\PoTPYMW.exe

C:\Windows\System\irvcGgD.exe

C:\Windows\System\irvcGgD.exe

C:\Windows\System\mOQZYVb.exe

C:\Windows\System\mOQZYVb.exe

C:\Windows\System\QBGrikR.exe

C:\Windows\System\QBGrikR.exe

C:\Windows\System\ssYxBKY.exe

C:\Windows\System\ssYxBKY.exe

C:\Windows\System\WgNtJvh.exe

C:\Windows\System\WgNtJvh.exe

C:\Windows\System\EYqEHik.exe

C:\Windows\System\EYqEHik.exe

C:\Windows\System\VVAiUrP.exe

C:\Windows\System\VVAiUrP.exe

C:\Windows\System\urvloWq.exe

C:\Windows\System\urvloWq.exe

C:\Windows\System\DwiwEeO.exe

C:\Windows\System\DwiwEeO.exe

C:\Windows\System\arTdsar.exe

C:\Windows\System\arTdsar.exe

C:\Windows\System\hteFIiU.exe

C:\Windows\System\hteFIiU.exe

C:\Windows\System\zcgSZGi.exe

C:\Windows\System\zcgSZGi.exe

C:\Windows\System\CXpClId.exe

C:\Windows\System\CXpClId.exe

C:\Windows\System\tHMahWO.exe

C:\Windows\System\tHMahWO.exe

C:\Windows\System\KLfWpNd.exe

C:\Windows\System\KLfWpNd.exe

C:\Windows\System\PQANCaS.exe

C:\Windows\System\PQANCaS.exe

C:\Windows\System\eixOhHK.exe

C:\Windows\System\eixOhHK.exe

C:\Windows\System\KWedRol.exe

C:\Windows\System\KWedRol.exe

C:\Windows\System\AbyxVTS.exe

C:\Windows\System\AbyxVTS.exe

C:\Windows\System\OJTOASL.exe

C:\Windows\System\OJTOASL.exe

C:\Windows\System\SnqaTFl.exe

C:\Windows\System\SnqaTFl.exe

C:\Windows\System\uInPFlk.exe

C:\Windows\System\uInPFlk.exe

C:\Windows\System\LrAhLRZ.exe

C:\Windows\System\LrAhLRZ.exe

C:\Windows\System\AQduuNC.exe

C:\Windows\System\AQduuNC.exe

C:\Windows\System\Tucoxcd.exe

C:\Windows\System\Tucoxcd.exe

C:\Windows\System\ihOBgzW.exe

C:\Windows\System\ihOBgzW.exe

C:\Windows\System\jtdxWiW.exe

C:\Windows\System\jtdxWiW.exe

C:\Windows\System\wHXRvnM.exe

C:\Windows\System\wHXRvnM.exe

C:\Windows\System\pXodBtF.exe

C:\Windows\System\pXodBtF.exe

C:\Windows\System\qdZUcmx.exe

C:\Windows\System\qdZUcmx.exe

C:\Windows\System\tycxMFQ.exe

C:\Windows\System\tycxMFQ.exe

C:\Windows\System\wjXabjy.exe

C:\Windows\System\wjXabjy.exe

C:\Windows\System\yZODNQa.exe

C:\Windows\System\yZODNQa.exe

C:\Windows\System\fwuVaEA.exe

C:\Windows\System\fwuVaEA.exe

C:\Windows\System\jLhaxfY.exe

C:\Windows\System\jLhaxfY.exe

C:\Windows\System\wGqUrnU.exe

C:\Windows\System\wGqUrnU.exe

C:\Windows\System\YMPoKCN.exe

C:\Windows\System\YMPoKCN.exe

C:\Windows\System\fYnedNn.exe

C:\Windows\System\fYnedNn.exe

C:\Windows\System\tpdsGwK.exe

C:\Windows\System\tpdsGwK.exe

C:\Windows\System\XQoSvEz.exe

C:\Windows\System\XQoSvEz.exe

C:\Windows\System\ozhHznF.exe

C:\Windows\System\ozhHznF.exe

C:\Windows\System\PRyZbDP.exe

C:\Windows\System\PRyZbDP.exe

C:\Windows\System\woWWqLQ.exe

C:\Windows\System\woWWqLQ.exe

C:\Windows\System\qVPaRcY.exe

C:\Windows\System\qVPaRcY.exe

C:\Windows\System\hVLbMDn.exe

C:\Windows\System\hVLbMDn.exe

C:\Windows\System\ekOosqi.exe

C:\Windows\System\ekOosqi.exe

C:\Windows\System\goaAtNL.exe

C:\Windows\System\goaAtNL.exe

C:\Windows\System\ZNMkrac.exe

C:\Windows\System\ZNMkrac.exe

C:\Windows\System\GNriBVQ.exe

C:\Windows\System\GNriBVQ.exe

C:\Windows\System\aXGlMlj.exe

C:\Windows\System\aXGlMlj.exe

C:\Windows\System\CCYsvsX.exe

C:\Windows\System\CCYsvsX.exe

C:\Windows\System\dNwYOfK.exe

C:\Windows\System\dNwYOfK.exe

C:\Windows\System\ordwxIe.exe

C:\Windows\System\ordwxIe.exe

C:\Windows\System\qZhSyVs.exe

C:\Windows\System\qZhSyVs.exe

C:\Windows\System\tMiFmzw.exe

C:\Windows\System\tMiFmzw.exe

C:\Windows\System\TSCVsYz.exe

C:\Windows\System\TSCVsYz.exe

C:\Windows\System\FyQkjTM.exe

C:\Windows\System\FyQkjTM.exe

C:\Windows\System\LnWTsBz.exe

C:\Windows\System\LnWTsBz.exe

C:\Windows\System\RXTssGU.exe

C:\Windows\System\RXTssGU.exe

C:\Windows\System\eVlNHtH.exe

C:\Windows\System\eVlNHtH.exe

C:\Windows\System\bnIVYTD.exe

C:\Windows\System\bnIVYTD.exe

C:\Windows\System\jDTkgPR.exe

C:\Windows\System\jDTkgPR.exe

C:\Windows\System\TtqLqjg.exe

C:\Windows\System\TtqLqjg.exe

C:\Windows\System\atlrZEy.exe

C:\Windows\System\atlrZEy.exe

C:\Windows\System\xcgwpHK.exe

C:\Windows\System\xcgwpHK.exe

C:\Windows\System\YjEWrAc.exe

C:\Windows\System\YjEWrAc.exe

C:\Windows\System\NHWaxpc.exe

C:\Windows\System\NHWaxpc.exe

C:\Windows\System\UQRIAnh.exe

C:\Windows\System\UQRIAnh.exe

C:\Windows\System\tvrelRD.exe

C:\Windows\System\tvrelRD.exe

C:\Windows\System\eXWnArJ.exe

C:\Windows\System\eXWnArJ.exe

C:\Windows\System\LBxEdYi.exe

C:\Windows\System\LBxEdYi.exe

C:\Windows\System\ceEHFLi.exe

C:\Windows\System\ceEHFLi.exe

C:\Windows\System\quJzaKb.exe

C:\Windows\System\quJzaKb.exe

C:\Windows\System\VNtOReF.exe

C:\Windows\System\VNtOReF.exe

C:\Windows\System\HjwBsvR.exe

C:\Windows\System\HjwBsvR.exe

C:\Windows\System\tefNgaU.exe

C:\Windows\System\tefNgaU.exe

C:\Windows\System\qOwveyq.exe

C:\Windows\System\qOwveyq.exe

C:\Windows\System\YtUGSaC.exe

C:\Windows\System\YtUGSaC.exe

C:\Windows\System\zSErfGf.exe

C:\Windows\System\zSErfGf.exe

C:\Windows\System\iTOmRPT.exe

C:\Windows\System\iTOmRPT.exe

C:\Windows\System\qYmCowM.exe

C:\Windows\System\qYmCowM.exe

C:\Windows\System\QuIzqly.exe

C:\Windows\System\QuIzqly.exe

C:\Windows\System\gxtKJAT.exe

C:\Windows\System\gxtKJAT.exe

C:\Windows\System\CpMoeTu.exe

C:\Windows\System\CpMoeTu.exe

C:\Windows\System\btiSDPX.exe

C:\Windows\System\btiSDPX.exe

C:\Windows\System\DLLhmuD.exe

C:\Windows\System\DLLhmuD.exe

C:\Windows\System\Lnwierl.exe

C:\Windows\System\Lnwierl.exe

C:\Windows\System\cPRnXTA.exe

C:\Windows\System\cPRnXTA.exe

C:\Windows\System\bRAeNWN.exe

C:\Windows\System\bRAeNWN.exe

C:\Windows\System\jjxtdbo.exe

C:\Windows\System\jjxtdbo.exe

C:\Windows\System\sDfIdzi.exe

C:\Windows\System\sDfIdzi.exe

C:\Windows\System\KANusKr.exe

C:\Windows\System\KANusKr.exe

C:\Windows\System\BtsHhKl.exe

C:\Windows\System\BtsHhKl.exe

C:\Windows\System\avWctrp.exe

C:\Windows\System\avWctrp.exe

C:\Windows\System\ZOIqrIg.exe

C:\Windows\System\ZOIqrIg.exe

C:\Windows\System\Exrlecs.exe

C:\Windows\System\Exrlecs.exe

C:\Windows\System\tOTVeoS.exe

C:\Windows\System\tOTVeoS.exe

C:\Windows\System\gMynRaO.exe

C:\Windows\System\gMynRaO.exe

C:\Windows\System\sWFbZdV.exe

C:\Windows\System\sWFbZdV.exe

C:\Windows\System\dDicBUJ.exe

C:\Windows\System\dDicBUJ.exe

C:\Windows\System\tbvQoht.exe

C:\Windows\System\tbvQoht.exe

C:\Windows\System\DYBSuFk.exe

C:\Windows\System\DYBSuFk.exe

C:\Windows\System\SImnMtS.exe

C:\Windows\System\SImnMtS.exe

C:\Windows\System\DpwoAtk.exe

C:\Windows\System\DpwoAtk.exe

C:\Windows\System\qLDDgfF.exe

C:\Windows\System\qLDDgfF.exe

C:\Windows\System\nAJRCUz.exe

C:\Windows\System\nAJRCUz.exe

C:\Windows\System\sMWmBLY.exe

C:\Windows\System\sMWmBLY.exe

C:\Windows\System\pnuHywD.exe

C:\Windows\System\pnuHywD.exe

C:\Windows\System\ITaZFtJ.exe

C:\Windows\System\ITaZFtJ.exe

C:\Windows\System\xBiGezo.exe

C:\Windows\System\xBiGezo.exe

C:\Windows\System\mbsABjU.exe

C:\Windows\System\mbsABjU.exe

C:\Windows\System\BQzbUJU.exe

C:\Windows\System\BQzbUJU.exe

C:\Windows\System\WrKUNOw.exe

C:\Windows\System\WrKUNOw.exe

C:\Windows\System\jtjhByM.exe

C:\Windows\System\jtjhByM.exe

C:\Windows\System\CPzgxVO.exe

C:\Windows\System\CPzgxVO.exe

C:\Windows\System\GfYOTzZ.exe

C:\Windows\System\GfYOTzZ.exe

C:\Windows\System\GWUzvUL.exe

C:\Windows\System\GWUzvUL.exe

C:\Windows\System\JiDZpBT.exe

C:\Windows\System\JiDZpBT.exe

C:\Windows\System\NfeEIpJ.exe

C:\Windows\System\NfeEIpJ.exe

C:\Windows\System\ybNQyGh.exe

C:\Windows\System\ybNQyGh.exe

C:\Windows\System\LbOHuwf.exe

C:\Windows\System\LbOHuwf.exe

C:\Windows\System\MSjbTKD.exe

C:\Windows\System\MSjbTKD.exe

C:\Windows\System\IPITGSn.exe

C:\Windows\System\IPITGSn.exe

C:\Windows\System\oKUAtBc.exe

C:\Windows\System\oKUAtBc.exe

C:\Windows\System\DHLloIU.exe

C:\Windows\System\DHLloIU.exe

C:\Windows\System\zNUSKCK.exe

C:\Windows\System\zNUSKCK.exe

C:\Windows\System\ZxsPMbn.exe

C:\Windows\System\ZxsPMbn.exe

C:\Windows\System\bHCBWCW.exe

C:\Windows\System\bHCBWCW.exe

C:\Windows\System\IRBwnYQ.exe

C:\Windows\System\IRBwnYQ.exe

C:\Windows\System\IWEBmiG.exe

C:\Windows\System\IWEBmiG.exe

C:\Windows\System\iOqVqgG.exe

C:\Windows\System\iOqVqgG.exe

C:\Windows\System\TTMopyc.exe

C:\Windows\System\TTMopyc.exe

C:\Windows\System\vgJSFzN.exe

C:\Windows\System\vgJSFzN.exe

C:\Windows\System\XZDbkCJ.exe

C:\Windows\System\XZDbkCJ.exe

C:\Windows\System\beZtrFT.exe

C:\Windows\System\beZtrFT.exe

C:\Windows\System\zaXDBko.exe

C:\Windows\System\zaXDBko.exe

C:\Windows\System\qZmfGBf.exe

C:\Windows\System\qZmfGBf.exe

C:\Windows\System\mVqKqdo.exe

C:\Windows\System\mVqKqdo.exe

C:\Windows\System\AMfVbud.exe

C:\Windows\System\AMfVbud.exe

C:\Windows\System\oAyhCLA.exe

C:\Windows\System\oAyhCLA.exe

C:\Windows\System\bHiucII.exe

C:\Windows\System\bHiucII.exe

C:\Windows\System\DyhyRgh.exe

C:\Windows\System\DyhyRgh.exe

C:\Windows\System\WqDiome.exe

C:\Windows\System\WqDiome.exe

C:\Windows\System\raThcQy.exe

C:\Windows\System\raThcQy.exe

C:\Windows\System\SplmlaK.exe

C:\Windows\System\SplmlaK.exe

C:\Windows\System\UncMMev.exe

C:\Windows\System\UncMMev.exe

C:\Windows\System\QGhInPv.exe

C:\Windows\System\QGhInPv.exe

C:\Windows\System\yMXjOzx.exe

C:\Windows\System\yMXjOzx.exe

C:\Windows\System\yxSRHku.exe

C:\Windows\System\yxSRHku.exe

C:\Windows\System\gtQhUim.exe

C:\Windows\System\gtQhUim.exe

C:\Windows\System\iMjnkRr.exe

C:\Windows\System\iMjnkRr.exe

C:\Windows\System\ucjTBVP.exe

C:\Windows\System\ucjTBVP.exe

C:\Windows\System\SrUKbxT.exe

C:\Windows\System\SrUKbxT.exe

C:\Windows\System\dyQYSaH.exe

C:\Windows\System\dyQYSaH.exe

C:\Windows\System\tgejSCQ.exe

C:\Windows\System\tgejSCQ.exe

C:\Windows\System\whcYLPR.exe

C:\Windows\System\whcYLPR.exe

C:\Windows\System\PQGgFPW.exe

C:\Windows\System\PQGgFPW.exe

C:\Windows\System\qRwdPvc.exe

C:\Windows\System\qRwdPvc.exe

C:\Windows\System\QbkGraZ.exe

C:\Windows\System\QbkGraZ.exe

C:\Windows\System\vEKjNQH.exe

C:\Windows\System\vEKjNQH.exe

C:\Windows\System\Myxkoey.exe

C:\Windows\System\Myxkoey.exe

C:\Windows\System\fauHUAV.exe

C:\Windows\System\fauHUAV.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/3364-0-0x00007FF6AFD90000-0x00007FF6B00E1000-memory.dmp

memory/3364-1-0x0000026C9ADD0000-0x0000026C9ADE0000-memory.dmp

C:\Windows\System\zPeosvl.exe

MD5 0666d0924afb421115008b94a5301f8d
SHA1 533fec52684bd9641dbbbfc79e14497ec271cc88
SHA256 e6f645b5ba05d08728d60791e7cbaf150ac525a18e27b132fff3aa2e7a24d38a
SHA512 5343a4b5d194213919a58ca4327d7046dd968981d7bf7cc777ff09c1b49c76c60ffe1cbfe66d3874799d24c528e10d5a6fb792dd2d9999b914dea4380ab573fc

memory/3764-9-0x00007FF691670000-0x00007FF6919C1000-memory.dmp

C:\Windows\System\IwDZGqA.exe

MD5 e60ab5308032c0ac4609fe328826092a
SHA1 2daf598b577065228a2a7691aee06534b52aa178
SHA256 ae0fc3da6114abf2602d5bbce693b7eacd63e9d907874f3a4cb43139afa609bb
SHA512 7f79268f2ce1fb7a2c851005f904d2ab52cc7147bbf62e7086fcf0f57d57bb5f9cd6a326dc9d284f9aa6b7868df52a39115ea635a2f8942174bfeab519e60ddd

C:\Windows\System\YcDJJPq.exe

MD5 1dbdbeb3dc9314c2b4e460f8d7147f69
SHA1 85703a0a59ac79963b88a0c328464fe5651f9859
SHA256 e54efc73c6d9c992617bcd178007d4e7d6aaabfa8c0b7a7d36dbe31490dd3ba6
SHA512 fd4850b3bd9a2fa7b1c2b998ddf8788ba7bf464c66449a8af06fcced2fbf908816810e5ab6f6ccea0033b135ea49e5be57b29a97cf74de0cff3eac7cb8593b53

memory/1308-25-0x00007FF6C27D0000-0x00007FF6C2B21000-memory.dmp

memory/672-32-0x00007FF7D5900000-0x00007FF7D5C51000-memory.dmp

C:\Windows\System\bruaBJK.exe

MD5 2e3c6a59a9827b5894ef6e14ac0a92a6
SHA1 06c40a9e5e7ef84f63a29b8917a418e876ce6e95
SHA256 1396b342077205b2b254d5a319261e9f2a3d2c21dea97fdc4b7d5fe9ad32da4b
SHA512 5dae0f9e6851ab60fd630912f96c3a9950b12d0acaecd051d709fa6f6cda4ede9e98026d310c56e300241354429f52acf8c1043ef521d9c4a71933c58365daeb

C:\Windows\System\vqgShwY.exe

MD5 3ad7ab79baaf17b94ad3446b701bb274
SHA1 47732bd322f1fe942b151b643f1bbe2fd7458d02
SHA256 71dd90528300251ca9d489d0a14d2e93dd67cbd506c1f7460dbe1dd04088566e
SHA512 350e0ac42d51acfdfa29cafc425bd721280b364b32d3ac95d955dc03ed0427f38e552ccc37dc4ea40a43bd4d509b823bb2da1c4b94c083b97501f10e1b986395

C:\Windows\System\CbPinWR.exe

MD5 06c81fb7baeb48a683478d5b4cfac0bf
SHA1 6c5233663397b28c38eead646f2757822fb37d11
SHA256 4e87a41fe6c4fad98695a38f5b43057a048a5176c7681a1ad9fa8075c5b20841
SHA512 83ec52b397c5509dea20a87ee3b632161883d96695d72bb0927a70dec1508563c7dba17753687981f6f46cf59fc7e54a5401886af2b05841001c548c8ef1863f

C:\Windows\System\gdHrPAV.exe

MD5 644e83410e7c56543e18265ff6689d6a
SHA1 2d3bffa5f3d08bae59e7f2f8c941cb2185c07963
SHA256 605334c2e5819e057519e86b9f9ea90153c0161f34f8fc51e7d8a06bf3a18d40
SHA512 21d35d2b47f7bcb9b6b3377cb16fbf93d350701c9dbf6e00b43a560c15bdaef976895eaeb88812ea981608888223d5bcc62c984373d2c67612116b6c7ab4f805

C:\Windows\System\SdxGccS.exe

MD5 e58035fbeebd652c6bb5d9d04e2d6e88
SHA1 28b8f9b814f6c356107e75a032b6fd9db9d8b386
SHA256 a2c299402029473bf1e8ee1922a844418f0708cbbabdb44904f892b4ceb0402f
SHA512 b163ff42f3c38c0c777e51bc5de76916e824a38b4dbe6509f4cbbaf93978676bc5b7d7946bff798c21a3752c9fe66feea12368e75448b2e44872efae1d45e2f2

C:\Windows\System\frUuoUH.exe

MD5 fedda2d8fbde2599fb1dc059d537d7e1
SHA1 64246e7b717350ecb795e879f3b76408bc770e61
SHA256 819ffd19254862680489bd95f90205c47f78fd0d451fd42d8f178f671c3acdda
SHA512 0c83139d52756cb3f7751375c067c3557aab06e6fcbc15e64ed8590ea3124202ce96d19578be1735c2f2ba1241fac41b6c4160e552974f0ffba36dc4494804c7

C:\Windows\System\KvOGcDs.exe

MD5 69512724e6649774148a31f0dda4cfcb
SHA1 e1d1aa9cb7ef420fce2c61ab17ad41be2a1ea192
SHA256 ffdf79bc6d4999501483fa80c2153bd8443801f639dcbe0f7af3e0135a24fb84
SHA512 1e1d67a570746ad72470833212558234e9fea7e908a3745555cd2a6be54f83bd36dda2e745ebecb137118cf0c9ec4bc836f1c5c7d5c4f9a0fcb664ce90041a24

C:\Windows\System\dBMwkpB.exe

MD5 6a75a656dc738d8efbb9c9ae11819f93
SHA1 1274f8b85a8250e26fb3c7f647b12725b8971c2e
SHA256 bc0fbfc9d3b93ce9a5b023922546f008eb2701025ffa30e2e3fd04ebf0fb44e6
SHA512 dbe37431c23422c34240213a58c6bc2c0ff71df6d7a09e012e45a2b35e94980d15aaf868225e05580a91cbbfe237f877ca8f3e17551c5c994e96021768021d2c

C:\Windows\System\gyuagmQ.exe

MD5 b8e9f3bc5757fdc3703e8d3041d29530
SHA1 20d9155e5c00c9c2eb3816bbde16b715c92d9ef8
SHA256 8b5902caad18a00897b19ad6ff29d247b127fda91859bfb6ef26a3f3f300a2e3
SHA512 2dc109f558dafc33b02e377c67bc0616e17b0c51b9ea9e8ef9bd45cbd788cfca0dc1eab1cba8610c8f198aa93e8734fed17dbe12d76becf6353d7ad7d5c3ea15

memory/1568-388-0x00007FF6133E0000-0x00007FF613731000-memory.dmp

C:\Windows\System\oqtUlCk.exe

MD5 00044f1c4e12bea00d1275cb43b93658
SHA1 c6d85bce9e230b766430c173cf714370b157cf9b
SHA256 327d654848b21cfbd14ca3b73d18b8bca9304bc811355be1ba336d18f2f36e92
SHA512 7420ba903eb4a4d0b8db56c98b0b858e47c2a5580f71671c18c0fc3c9995715b67b16ecaec42f95da7ac5d25a1a4a783490b1895ce6e168b3de089ebbaef3320

C:\Windows\System\tgtCFPQ.exe

MD5 b283f86351b511f276204f597565a2ab
SHA1 33c71d0cfd3b8f7b85d95597e954ccf2c49eb23a
SHA256 5ccb850f4e7ed32fb627ee7aaf6f6c3041e063be3623464df9f149dcaef4211d
SHA512 44a765ddeda7f665c2d1ea339408d94e6797b8fa1cd9f50a83c62e20a916e3ebe0e34926e198fca247fa4cdd73d1664e5e3b0dabeb1b8cd16c0af1ed963ef466

C:\Windows\System\HNNGEKc.exe

MD5 8c3673d1409ad7afdf3e9c2101dd829b
SHA1 6bd460789a4c6f1d39400246236405b69dc82c64
SHA256 11c7de2d1e2bdc51df372469d4a9486e663cddf5582092aa6d8e4207e8924adb
SHA512 6f1d714a849a14a7973f3e138db801a6d0924434c47273051db3eb2b354ee5307c24359d28b4341e944660d2e314bcbeef09ccb4283def14f30954c8d3117e61

C:\Windows\System\gOsCzvB.exe

MD5 ca2c64d59db322389b73e8c88b499eab
SHA1 129fbaf6a4e68d99c0b032971f8da71d1bb0036b
SHA256 1f85ffed3366f682cf6be3c19e4776d0214d3e8d1520f5c6f3d721cc6e426fef
SHA512 97ea57c06e612ac7d56feefc52c2f59b280ee39e2efd47de57212a4c1bc7535c5c7cb042f68a092829d3c21bcc013630ee89a72c874f7d21c13824a9515b68a3

C:\Windows\System\ZXQjeNe.exe

MD5 d7d91a2d74d6799e1496e2815d7e433a
SHA1 e0d5ce5f01e16495dfe927e9ded3510de62c172b
SHA256 73272b53dfe13c68485c7f1ae3ea9e3cfcf3d8499e087c0e7141a718065a3945
SHA512 104ed85b8c59bccafad6253c9f8678f1d1f7ab3c3ed069324adf83368397c0c85c50d8bd1c6ebd63e104779c6ad1852d07adf0cc44e4d3d8c883b64b0cf7f03b

C:\Windows\System\zdFaBga.exe

MD5 494d86a3561793eae247421d028f4def
SHA1 6f9e29f9ac970b1e9cd880f6ecd0dc7eff3bdaf3
SHA256 b44e023c19ba8cd378e30d1b64ac5042792b48e4de4840e47f7a0bdd69c441bf
SHA512 a56e27d698d493afcdf7659734c5094289367a516a0b34f36c4077a8d8254a1f433a0f378fa3b83e6e3aa7c91e72d1b0b241a75cd94f1cbc72031da2d6b49ffd

C:\Windows\System\vOrcLmL.exe

MD5 02825a4f90a043c366d5ce6435de2735
SHA1 0b67c195c37bd9a3f5047fbd0e06b5e80aee0f4e
SHA256 c5eeba5efc2374694de600f240a43d84c5b0f230fa9e2e649ffd34e42e958619
SHA512 e42c09f85c91080fc692c5d2edde73c9618a189dc93488a1d3ea09e1db6379c5aac47b7966932a1e7446801fa082c46bfc47b2a1c16261b839b38273e901e166

C:\Windows\System\FjPstPn.exe

MD5 75b0ac1f234de13e54a95aaa589cacea
SHA1 b7fc348a2fa7be2cd88d47f637ff8971bc4cbb7a
SHA256 edf059e2b503c3aa39e5aa72efc31bfba8583eea27049e82f51533b8116d5c28
SHA512 6691486eef6c88e6bd2560dc8ddd0144c87b92f38f387691f0e369e05077157f950e1efcce4e4c420b65a7d11af04ff2c0d5fe0f8df1bcb26eb978825d511108

C:\Windows\System\zVKKfPX.exe

MD5 97c0060fb9a854a3a78c15baad70b8a2
SHA1 6a6fc5d8e7e621c2c7dff3004e3f6722662bfb8b
SHA256 97af45015e0438da131e6dceb0839a66904ffd1730685eafc439462610b81947
SHA512 5d7f786b5c961ea6f0525d42925e7968100ed579d2f2164b6c7e71687225d9bc5aaed7fba1b0946319a5450adf129c090fabbb5bbab1cdb25f4aa6cec2c8ad45

memory/2128-389-0x00007FF6054C0000-0x00007FF605811000-memory.dmp

memory/448-391-0x00007FF6B5420000-0x00007FF6B5771000-memory.dmp

memory/528-390-0x00007FF747460000-0x00007FF7477B1000-memory.dmp

memory/4352-392-0x00007FF70AF10000-0x00007FF70B261000-memory.dmp

C:\Windows\System\vqvWaki.exe

MD5 65d69584c0cef72761812d132b15f69c
SHA1 76a178d31e7ef9caa2047b7e85d06a12f4d31627
SHA256 7bdefbff64a6b4246e5842ce01e9e04db56e1313d56b82782a52c1eea684d46a
SHA512 7743fa73aff4e02a58e2836d3f4f744f7fa57e14eca78f20b6054f6daccb7e212050fdf3844d5c2b2cdb8b7328c5d054c3b10145e1b018e3d99fac29a6c2855b

C:\Windows\System\meQkAcb.exe

MD5 163dddd206fecdce8b22c598c3ad67d4
SHA1 2b3e5bd0112b6f12f047f864f1ad6cdd8abff55f
SHA256 0390b1478de0da2c2a59a1232168c171dbf250dc354beb4cd90f8ba9eb7a3afd
SHA512 d36c0a92a33f0a98143a22f1761b5aeedf5d38ebd2d41e5e2128cefe36027987ad747a3b672400f9d397e90ab10c985c503fc01eda6f8bb48a64a7774758a7d7

C:\Windows\System\KsrYjkl.exe

MD5 bb219f9e8cf7bc7e39c427872ea493c6
SHA1 ee36c93f4969c2c5d1a086fd68b3587bde894db9
SHA256 0d3dc4beed1c77b5cfc97898160037e24947bc1fd79b236b30e89ff6ccc57758
SHA512 f9f3311b6967efc779bad3bdc6649ebe7f30415fb36544438ce4f8d419f88f5b0454244cf11d942e4578a196c6e645c21ef16352ba4312ccf786289ea8f24c2b

C:\Windows\System\mhstnsw.exe

MD5 f8c425ae01c17be4574cdc673e417f28
SHA1 fcdb7504e9dd93945d630a304f0d6b15e93545f9
SHA256 75489725e17515664144aa247c2144d7270d8891afbdf367548292a83a5249cb
SHA512 5c6101dbce956f581c30bc58f6182978567dc829cc207254b98b29b006aabb09f2dfd36fb88052950b614e6d4d2bf28cf15efcba743f66565281a6a01c36b6e8

C:\Windows\System\WKTdBHm.exe

MD5 c1b0a4d9360db4bb7959fcced9672447
SHA1 67d7f4e61193111987fc4a4edd7788f0928285fe
SHA256 c6128d2b80d8d03f636c1fd0e2866baee7b4b728d93b91169a912a8cfeefbe29
SHA512 9573378b30441844b550753d257d9182d72249395ec09b8bf6cef0e14df3716bae6235da130c7ac82c498ff4bdf195a180a4a422c31116260be0d568d0ec79e5

C:\Windows\System\HrLZISR.exe

MD5 eef1fd78337425e082c806986d32b282
SHA1 56611a62e9523323fdb2f5686f0769792096b969
SHA256 66b2898276071f79634bba41c4407dbf3dff9dc627d24758e25f8edd73f3f332
SHA512 01d7e19cf9722d70c3f04e97ef008ac202bf4bb96a87e3f3b1177b2f628b870ad94d1983b85645cbad060e5264799f2ddcc7addf864f06c5e41203ed3d67be8e

C:\Windows\System\QvuAKaS.exe

MD5 4a382df3e903c869ac3d0c51bcaff52d
SHA1 0d1574da5660c85d8b7fa79059aa1c7c3120c623
SHA256 bf3da6ca3bb16b4c6ec03e97ac262b3f3288c9742858edbe88c89758ce5e67b0
SHA512 63b87b4ff279eacc1326ca38238cc256ff7d2491f328e688b155d2da3e68315d70ff85f85daf76394be1749af55845b4901bd6e8b9fb848b71f672420a138054

C:\Windows\System\vxfxTWC.exe

MD5 73560dd1afc2465174567e0f3c83751a
SHA1 c750afa8a30e65578bbab04d6e6377dbd09d42a0
SHA256 0a605af82830c277952f04b5911edbd2d89e0d2cfb969aeabe8ff244ce16e2f0
SHA512 b8f254f18b229cafe568a4861940f5911e880448d77a329786bc6dd743333ed868489f8dbeff60dd5c3916c041739f11c9c210372ee542b517e61da77f73565f

C:\Windows\System\DAiJryN.exe

MD5 388ecbad7be99ee18b0038a960c5359e
SHA1 bad4f34e09858f302b0290ef5bb7b28d7b6807a0
SHA256 6a48d5d829a102eb93851d2ca74fd83328dab726727b95a07fdf6f6f339bdf49
SHA512 ee34ae663369807cd2e7c66fffe8ed24140877a8fad2b8d276dfde7fb436b2416b1fb765ce34989c69913c42478b54983ae9a7d7ef6a0d01e61df72a3be74f99

memory/3164-38-0x00007FF72CCD0000-0x00007FF72D021000-memory.dmp

C:\Windows\System\uVIbHuu.exe

MD5 897d04d2a59d6e440f8b439b281307e4
SHA1 0697f20ba98b5051c926eb870db56e38d60202c1
SHA256 ea8495c36e368db39fb2976388fa2f7425921dd908769b699ebd760b94518fa6
SHA512 959dd72d2a72d92d2414921c28904095fcee48f99f057f48afe35b959576b734c87f22ebfff53e3ade796e969545552329932fefe1746581ff17edcf996eda6c

memory/2112-36-0x00007FF602910000-0x00007FF602C61000-memory.dmp

C:\Windows\System\SMasYXc.exe

MD5 c91ad3d5fb8e431e2793603259064665
SHA1 f1bc23bbb15a3f6ea73894bee38b3860ea9a74a4
SHA256 71bc957ff43298e9d2eae33d8c3d4c7dc3b67d9b663a4c6a0536afbdcee76f19
SHA512 1edcbc6f4d17cd4dc10b78edbe066583583b1a7714a415c8a26840aa7d1643935d3ac8127bae4ff0a3fdaa58790a9082f282525fa0d465e581c6ef45e823853d

C:\Windows\System\VKLGLKo.exe

MD5 86a3cc96454c0cd65a88ae6d2ad50ded
SHA1 c3af2898311cd78379b83c5a3b463e0b826e3cff
SHA256 eb133d44e0c9e6d2b1c10020928c6fca930db12203b513dded9a0a4e603ff4e6
SHA512 01f52410ffcf944eae46d45c333ac645c3ae40fdcfdd3a756cc890ce79a62272927e7418d1f0a96cea4621fcf47a0bdc35ef32fd2b1de67c10883fc97b255722

memory/1100-15-0x00007FF63E3A0000-0x00007FF63E6F1000-memory.dmp

memory/3844-393-0x00007FF72C260000-0x00007FF72C5B1000-memory.dmp

memory/4880-557-0x00007FF6C78B0000-0x00007FF6C7C01000-memory.dmp

memory/3756-558-0x00007FF68E730000-0x00007FF68EA81000-memory.dmp

memory/4700-562-0x00007FF78CE00000-0x00007FF78D151000-memory.dmp

memory/1556-563-0x00007FF7E7FE0000-0x00007FF7E8331000-memory.dmp

memory/5056-564-0x00007FF646AB0000-0x00007FF646E01000-memory.dmp

memory/4400-567-0x00007FF75F970000-0x00007FF75FCC1000-memory.dmp

memory/224-568-0x00007FF613580000-0x00007FF6138D1000-memory.dmp

memory/408-565-0x00007FF69E200000-0x00007FF69E551000-memory.dmp

memory/3316-571-0x00007FF7A1610000-0x00007FF7A1961000-memory.dmp

memory/3528-576-0x00007FF6EA620000-0x00007FF6EA971000-memory.dmp

memory/2240-597-0x00007FF67F0B0000-0x00007FF67F401000-memory.dmp

memory/388-609-0x00007FF6E4030000-0x00007FF6E4381000-memory.dmp

memory/4428-617-0x00007FF73DEC0000-0x00007FF73E211000-memory.dmp

memory/2456-594-0x00007FF734130000-0x00007FF734481000-memory.dmp

memory/3916-591-0x00007FF7D45B0000-0x00007FF7D4901000-memory.dmp

memory/3564-585-0x00007FF7AFFD0000-0x00007FF7B0321000-memory.dmp

memory/2920-581-0x00007FF6A28E0000-0x00007FF6A2C31000-memory.dmp

memory/3364-1166-0x00007FF6AFD90000-0x00007FF6B00E1000-memory.dmp

memory/3764-1167-0x00007FF691670000-0x00007FF6919C1000-memory.dmp

memory/1100-1175-0x00007FF63E3A0000-0x00007FF63E6F1000-memory.dmp

memory/1308-1176-0x00007FF6C27D0000-0x00007FF6C2B21000-memory.dmp

memory/672-1178-0x00007FF7D5900000-0x00007FF7D5C51000-memory.dmp

memory/3764-1181-0x00007FF691670000-0x00007FF6919C1000-memory.dmp

memory/1100-1183-0x00007FF63E3A0000-0x00007FF63E6F1000-memory.dmp

memory/3164-1187-0x00007FF72CCD0000-0x00007FF72D021000-memory.dmp

memory/672-1186-0x00007FF7D5900000-0x00007FF7D5C51000-memory.dmp

memory/2112-1190-0x00007FF602910000-0x00007FF602C61000-memory.dmp

memory/1568-1191-0x00007FF6133E0000-0x00007FF613731000-memory.dmp

memory/3844-1208-0x00007FF72C260000-0x00007FF72C5B1000-memory.dmp

memory/4352-1210-0x00007FF70AF10000-0x00007FF70B261000-memory.dmp

memory/3916-1225-0x00007FF7D45B0000-0x00007FF7D4901000-memory.dmp

memory/2456-1229-0x00007FF734130000-0x00007FF734481000-memory.dmp

memory/4428-1231-0x00007FF73DEC0000-0x00007FF73E211000-memory.dmp

memory/2240-1237-0x00007FF67F0B0000-0x00007FF67F401000-memory.dmp

memory/388-1235-0x00007FF6E4030000-0x00007FF6E4381000-memory.dmp

memory/2920-1227-0x00007FF6A28E0000-0x00007FF6A2C31000-memory.dmp

memory/3528-1223-0x00007FF6EA620000-0x00007FF6EA971000-memory.dmp

memory/3564-1221-0x00007FF7AFFD0000-0x00007FF7B0321000-memory.dmp

memory/3316-1220-0x00007FF7A1610000-0x00007FF7A1961000-memory.dmp

memory/224-1217-0x00007FF613580000-0x00007FF6138D1000-memory.dmp

memory/4880-1206-0x00007FF6C78B0000-0x00007FF6C7C01000-memory.dmp

memory/3756-1204-0x00007FF68E730000-0x00007FF68EA81000-memory.dmp

memory/4700-1202-0x00007FF78CE00000-0x00007FF78D151000-memory.dmp

memory/1556-1200-0x00007FF7E7FE0000-0x00007FF7E8331000-memory.dmp

memory/528-1198-0x00007FF747460000-0x00007FF7477B1000-memory.dmp

memory/2128-1196-0x00007FF6054C0000-0x00007FF605811000-memory.dmp

memory/5056-1215-0x00007FF646AB0000-0x00007FF646E01000-memory.dmp

memory/408-1214-0x00007FF69E200000-0x00007FF69E551000-memory.dmp

memory/448-1212-0x00007FF6B5420000-0x00007FF6B5771000-memory.dmp

memory/4400-1194-0x00007FF75F970000-0x00007FF75FCC1000-memory.dmp

memory/1308-1345-0x00007FF6C27D0000-0x00007FF6C2B21000-memory.dmp