Malware Analysis Report

2024-10-10 08:36

Sample ID 240606-ycq8ksca47
Target fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe
SHA256 553a5a763d8e7ab110178275cabea5f51d2af19dc6b9d4bbdd71298b92b02b61
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

553a5a763d8e7ab110178275cabea5f51d2af19dc6b9d4bbdd71298b92b02b61

Threat Level: Known bad

The file fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

xmrig

XMRig Miner payload

KPOT

Xmrig family

KPOT Core Executable

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 19:39

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 19:38

Reported

2024-06-06 19:41

Platform

win7-20240419-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\rEPYSVN.exe N/A
N/A N/A C:\Windows\System\urqbHEF.exe N/A
N/A N/A C:\Windows\System\uBTMNep.exe N/A
N/A N/A C:\Windows\System\ulmtNRX.exe N/A
N/A N/A C:\Windows\System\Evgfqcg.exe N/A
N/A N/A C:\Windows\System\yizVnxk.exe N/A
N/A N/A C:\Windows\System\hJobQCz.exe N/A
N/A N/A C:\Windows\System\xZDaaTV.exe N/A
N/A N/A C:\Windows\System\bQdFYAu.exe N/A
N/A N/A C:\Windows\System\ywKlJei.exe N/A
N/A N/A C:\Windows\System\OGTnPGM.exe N/A
N/A N/A C:\Windows\System\mnxOxme.exe N/A
N/A N/A C:\Windows\System\DBkWKRr.exe N/A
N/A N/A C:\Windows\System\JfefnLd.exe N/A
N/A N/A C:\Windows\System\TgaaLEb.exe N/A
N/A N/A C:\Windows\System\NLakakm.exe N/A
N/A N/A C:\Windows\System\DftwLgj.exe N/A
N/A N/A C:\Windows\System\aQEnwkP.exe N/A
N/A N/A C:\Windows\System\cqJSasf.exe N/A
N/A N/A C:\Windows\System\CcdlZgt.exe N/A
N/A N/A C:\Windows\System\UTwXASn.exe N/A
N/A N/A C:\Windows\System\VpcNQDo.exe N/A
N/A N/A C:\Windows\System\nYaVBVK.exe N/A
N/A N/A C:\Windows\System\HjWHtNc.exe N/A
N/A N/A C:\Windows\System\tMJyZCD.exe N/A
N/A N/A C:\Windows\System\pxTAEWY.exe N/A
N/A N/A C:\Windows\System\TlRbvNq.exe N/A
N/A N/A C:\Windows\System\NUSnFLI.exe N/A
N/A N/A C:\Windows\System\rexHIpF.exe N/A
N/A N/A C:\Windows\System\GkJOjOH.exe N/A
N/A N/A C:\Windows\System\abcoHdA.exe N/A
N/A N/A C:\Windows\System\mkGXdCR.exe N/A
N/A N/A C:\Windows\System\veKgNBT.exe N/A
N/A N/A C:\Windows\System\GMvJFNg.exe N/A
N/A N/A C:\Windows\System\KxQtBPO.exe N/A
N/A N/A C:\Windows\System\DDzztZD.exe N/A
N/A N/A C:\Windows\System\JgoqKWC.exe N/A
N/A N/A C:\Windows\System\OPPiMwA.exe N/A
N/A N/A C:\Windows\System\PgoYSQR.exe N/A
N/A N/A C:\Windows\System\uBxuZTb.exe N/A
N/A N/A C:\Windows\System\sgqipbP.exe N/A
N/A N/A C:\Windows\System\zzmVVIC.exe N/A
N/A N/A C:\Windows\System\KbxbxHu.exe N/A
N/A N/A C:\Windows\System\kUjAObs.exe N/A
N/A N/A C:\Windows\System\bUNAmXT.exe N/A
N/A N/A C:\Windows\System\RYMMrfU.exe N/A
N/A N/A C:\Windows\System\IHmCvjm.exe N/A
N/A N/A C:\Windows\System\UwTUdRx.exe N/A
N/A N/A C:\Windows\System\dUykkRl.exe N/A
N/A N/A C:\Windows\System\cKRYuUs.exe N/A
N/A N/A C:\Windows\System\tsvLPOn.exe N/A
N/A N/A C:\Windows\System\heenffG.exe N/A
N/A N/A C:\Windows\System\xEYLDlt.exe N/A
N/A N/A C:\Windows\System\iJeeJsk.exe N/A
N/A N/A C:\Windows\System\XIccJbx.exe N/A
N/A N/A C:\Windows\System\FNAXIpo.exe N/A
N/A N/A C:\Windows\System\awUUobS.exe N/A
N/A N/A C:\Windows\System\ZyudSYd.exe N/A
N/A N/A C:\Windows\System\DYeAxKP.exe N/A
N/A N/A C:\Windows\System\LRNmtqR.exe N/A
N/A N/A C:\Windows\System\QjeawDz.exe N/A
N/A N/A C:\Windows\System\ovONtuO.exe N/A
N/A N/A C:\Windows\System\NFHctxL.exe N/A
N/A N/A C:\Windows\System\KIGlTcx.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\zvQzRrL.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIqIitH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgoqKWC.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIccJbx.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyUhkML.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRXkWws.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnqQpwq.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTEPgnq.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSuzJlc.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGTnPGM.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpcNQDo.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTPdouN.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDzyCys.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPNtbrc.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pybKksa.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KROUwYY.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMtuykz.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJpNkQI.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\InFfKbH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqTSZuS.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbDDzrA.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KIGlTcx.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWKSrFP.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErLZHvG.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPnanfx.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPRSHap.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHOHaJs.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yizVnxk.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUNAmXT.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNAXIpo.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUzAtrK.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNsWEZa.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwLZuOJ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZDaaTV.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FErBMMR.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QLFDfRQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjByACE.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfefnLd.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEYLDlt.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eyZjyZt.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DftwLgj.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovONtuO.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNVwFPz.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkfendN.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BHASugd.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywKlJei.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDzztZD.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\brOxhow.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\euZwiYf.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtedFur.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXDIOYY.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qtmuQUA.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PqrqVLx.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxvUldM.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfWrjcF.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\arXIMRP.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\upHBMXW.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTHXrvH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAEDcwf.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYKwctQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkzRCJa.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJobQCz.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wywDDlv.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oyXAWrY.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 992 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\rEPYSVN.exe
PID 992 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\rEPYSVN.exe
PID 992 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\rEPYSVN.exe
PID 992 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\urqbHEF.exe
PID 992 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\urqbHEF.exe
PID 992 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\urqbHEF.exe
PID 992 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\uBTMNep.exe
PID 992 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\uBTMNep.exe
PID 992 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\uBTMNep.exe
PID 992 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ulmtNRX.exe
PID 992 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ulmtNRX.exe
PID 992 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ulmtNRX.exe
PID 992 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\Evgfqcg.exe
PID 992 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\Evgfqcg.exe
PID 992 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\Evgfqcg.exe
PID 992 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\yizVnxk.exe
PID 992 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\yizVnxk.exe
PID 992 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\yizVnxk.exe
PID 992 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\hJobQCz.exe
PID 992 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\hJobQCz.exe
PID 992 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\hJobQCz.exe
PID 992 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\xZDaaTV.exe
PID 992 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\xZDaaTV.exe
PID 992 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\xZDaaTV.exe
PID 992 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\bQdFYAu.exe
PID 992 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\bQdFYAu.exe
PID 992 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\bQdFYAu.exe
PID 992 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ywKlJei.exe
PID 992 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ywKlJei.exe
PID 992 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ywKlJei.exe
PID 992 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OGTnPGM.exe
PID 992 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OGTnPGM.exe
PID 992 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OGTnPGM.exe
PID 992 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mnxOxme.exe
PID 992 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mnxOxme.exe
PID 992 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mnxOxme.exe
PID 992 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DBkWKRr.exe
PID 992 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DBkWKRr.exe
PID 992 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DBkWKRr.exe
PID 992 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\JfefnLd.exe
PID 992 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\JfefnLd.exe
PID 992 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\JfefnLd.exe
PID 992 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\TgaaLEb.exe
PID 992 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\TgaaLEb.exe
PID 992 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\TgaaLEb.exe
PID 992 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\NLakakm.exe
PID 992 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\NLakakm.exe
PID 992 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\NLakakm.exe
PID 992 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DftwLgj.exe
PID 992 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DftwLgj.exe
PID 992 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\DftwLgj.exe
PID 992 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\aQEnwkP.exe
PID 992 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\aQEnwkP.exe
PID 992 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\aQEnwkP.exe
PID 992 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\cqJSasf.exe
PID 992 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\cqJSasf.exe
PID 992 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\cqJSasf.exe
PID 992 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CcdlZgt.exe
PID 992 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CcdlZgt.exe
PID 992 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CcdlZgt.exe
PID 992 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\UTwXASn.exe
PID 992 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\UTwXASn.exe
PID 992 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\UTwXASn.exe
PID 992 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\VpcNQDo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe"

C:\Windows\System\rEPYSVN.exe

C:\Windows\System\rEPYSVN.exe

C:\Windows\System\urqbHEF.exe

C:\Windows\System\urqbHEF.exe

C:\Windows\System\uBTMNep.exe

C:\Windows\System\uBTMNep.exe

C:\Windows\System\ulmtNRX.exe

C:\Windows\System\ulmtNRX.exe

C:\Windows\System\Evgfqcg.exe

C:\Windows\System\Evgfqcg.exe

C:\Windows\System\yizVnxk.exe

C:\Windows\System\yizVnxk.exe

C:\Windows\System\hJobQCz.exe

C:\Windows\System\hJobQCz.exe

C:\Windows\System\xZDaaTV.exe

C:\Windows\System\xZDaaTV.exe

C:\Windows\System\bQdFYAu.exe

C:\Windows\System\bQdFYAu.exe

C:\Windows\System\ywKlJei.exe

C:\Windows\System\ywKlJei.exe

C:\Windows\System\OGTnPGM.exe

C:\Windows\System\OGTnPGM.exe

C:\Windows\System\mnxOxme.exe

C:\Windows\System\mnxOxme.exe

C:\Windows\System\DBkWKRr.exe

C:\Windows\System\DBkWKRr.exe

C:\Windows\System\JfefnLd.exe

C:\Windows\System\JfefnLd.exe

C:\Windows\System\TgaaLEb.exe

C:\Windows\System\TgaaLEb.exe

C:\Windows\System\NLakakm.exe

C:\Windows\System\NLakakm.exe

C:\Windows\System\DftwLgj.exe

C:\Windows\System\DftwLgj.exe

C:\Windows\System\aQEnwkP.exe

C:\Windows\System\aQEnwkP.exe

C:\Windows\System\cqJSasf.exe

C:\Windows\System\cqJSasf.exe

C:\Windows\System\CcdlZgt.exe

C:\Windows\System\CcdlZgt.exe

C:\Windows\System\UTwXASn.exe

C:\Windows\System\UTwXASn.exe

C:\Windows\System\VpcNQDo.exe

C:\Windows\System\VpcNQDo.exe

C:\Windows\System\nYaVBVK.exe

C:\Windows\System\nYaVBVK.exe

C:\Windows\System\HjWHtNc.exe

C:\Windows\System\HjWHtNc.exe

C:\Windows\System\tMJyZCD.exe

C:\Windows\System\tMJyZCD.exe

C:\Windows\System\pxTAEWY.exe

C:\Windows\System\pxTAEWY.exe

C:\Windows\System\TlRbvNq.exe

C:\Windows\System\TlRbvNq.exe

C:\Windows\System\NUSnFLI.exe

C:\Windows\System\NUSnFLI.exe

C:\Windows\System\rexHIpF.exe

C:\Windows\System\rexHIpF.exe

C:\Windows\System\GkJOjOH.exe

C:\Windows\System\GkJOjOH.exe

C:\Windows\System\abcoHdA.exe

C:\Windows\System\abcoHdA.exe

C:\Windows\System\mkGXdCR.exe

C:\Windows\System\mkGXdCR.exe

C:\Windows\System\veKgNBT.exe

C:\Windows\System\veKgNBT.exe

C:\Windows\System\GMvJFNg.exe

C:\Windows\System\GMvJFNg.exe

C:\Windows\System\KxQtBPO.exe

C:\Windows\System\KxQtBPO.exe

C:\Windows\System\DDzztZD.exe

C:\Windows\System\DDzztZD.exe

C:\Windows\System\JgoqKWC.exe

C:\Windows\System\JgoqKWC.exe

C:\Windows\System\OPPiMwA.exe

C:\Windows\System\OPPiMwA.exe

C:\Windows\System\PgoYSQR.exe

C:\Windows\System\PgoYSQR.exe

C:\Windows\System\uBxuZTb.exe

C:\Windows\System\uBxuZTb.exe

C:\Windows\System\sgqipbP.exe

C:\Windows\System\sgqipbP.exe

C:\Windows\System\zzmVVIC.exe

C:\Windows\System\zzmVVIC.exe

C:\Windows\System\KbxbxHu.exe

C:\Windows\System\KbxbxHu.exe

C:\Windows\System\kUjAObs.exe

C:\Windows\System\kUjAObs.exe

C:\Windows\System\bUNAmXT.exe

C:\Windows\System\bUNAmXT.exe

C:\Windows\System\RYMMrfU.exe

C:\Windows\System\RYMMrfU.exe

C:\Windows\System\IHmCvjm.exe

C:\Windows\System\IHmCvjm.exe

C:\Windows\System\UwTUdRx.exe

C:\Windows\System\UwTUdRx.exe

C:\Windows\System\dUykkRl.exe

C:\Windows\System\dUykkRl.exe

C:\Windows\System\cKRYuUs.exe

C:\Windows\System\cKRYuUs.exe

C:\Windows\System\tsvLPOn.exe

C:\Windows\System\tsvLPOn.exe

C:\Windows\System\heenffG.exe

C:\Windows\System\heenffG.exe

C:\Windows\System\xEYLDlt.exe

C:\Windows\System\xEYLDlt.exe

C:\Windows\System\iJeeJsk.exe

C:\Windows\System\iJeeJsk.exe

C:\Windows\System\XIccJbx.exe

C:\Windows\System\XIccJbx.exe

C:\Windows\System\FNAXIpo.exe

C:\Windows\System\FNAXIpo.exe

C:\Windows\System\awUUobS.exe

C:\Windows\System\awUUobS.exe

C:\Windows\System\ZyudSYd.exe

C:\Windows\System\ZyudSYd.exe

C:\Windows\System\DYeAxKP.exe

C:\Windows\System\DYeAxKP.exe

C:\Windows\System\LRNmtqR.exe

C:\Windows\System\LRNmtqR.exe

C:\Windows\System\QjeawDz.exe

C:\Windows\System\QjeawDz.exe

C:\Windows\System\ovONtuO.exe

C:\Windows\System\ovONtuO.exe

C:\Windows\System\NFHctxL.exe

C:\Windows\System\NFHctxL.exe

C:\Windows\System\KIGlTcx.exe

C:\Windows\System\KIGlTcx.exe

C:\Windows\System\XPTQwNC.exe

C:\Windows\System\XPTQwNC.exe

C:\Windows\System\qoBLMBb.exe

C:\Windows\System\qoBLMBb.exe

C:\Windows\System\oEyeaUA.exe

C:\Windows\System\oEyeaUA.exe

C:\Windows\System\YwKkXBk.exe

C:\Windows\System\YwKkXBk.exe

C:\Windows\System\PJFhVnO.exe

C:\Windows\System\PJFhVnO.exe

C:\Windows\System\hEFcfsy.exe

C:\Windows\System\hEFcfsy.exe

C:\Windows\System\phFxKxD.exe

C:\Windows\System\phFxKxD.exe

C:\Windows\System\hWKSrFP.exe

C:\Windows\System\hWKSrFP.exe

C:\Windows\System\SELhEOF.exe

C:\Windows\System\SELhEOF.exe

C:\Windows\System\oYVcEYj.exe

C:\Windows\System\oYVcEYj.exe

C:\Windows\System\UqMfAfK.exe

C:\Windows\System\UqMfAfK.exe

C:\Windows\System\mHKORrq.exe

C:\Windows\System\mHKORrq.exe

C:\Windows\System\arXIMRP.exe

C:\Windows\System\arXIMRP.exe

C:\Windows\System\FJpNkQI.exe

C:\Windows\System\FJpNkQI.exe

C:\Windows\System\brOxhow.exe

C:\Windows\System\brOxhow.exe

C:\Windows\System\EbhqGHe.exe

C:\Windows\System\EbhqGHe.exe

C:\Windows\System\iLxfpwK.exe

C:\Windows\System\iLxfpwK.exe

C:\Windows\System\GeVIMGV.exe

C:\Windows\System\GeVIMGV.exe

C:\Windows\System\TEwsnBM.exe

C:\Windows\System\TEwsnBM.exe

C:\Windows\System\ztanyPC.exe

C:\Windows\System\ztanyPC.exe

C:\Windows\System\qtmuQUA.exe

C:\Windows\System\qtmuQUA.exe

C:\Windows\System\Bztmsbn.exe

C:\Windows\System\Bztmsbn.exe

C:\Windows\System\pRSZYNx.exe

C:\Windows\System\pRSZYNx.exe

C:\Windows\System\XyUhkML.exe

C:\Windows\System\XyUhkML.exe

C:\Windows\System\OqURJjV.exe

C:\Windows\System\OqURJjV.exe

C:\Windows\System\LnglZCP.exe

C:\Windows\System\LnglZCP.exe

C:\Windows\System\WjleIAl.exe

C:\Windows\System\WjleIAl.exe

C:\Windows\System\zOkSKCL.exe

C:\Windows\System\zOkSKCL.exe

C:\Windows\System\FdqHcXS.exe

C:\Windows\System\FdqHcXS.exe

C:\Windows\System\wbACFll.exe

C:\Windows\System\wbACFll.exe

C:\Windows\System\oGsdRtn.exe

C:\Windows\System\oGsdRtn.exe

C:\Windows\System\oHSXadM.exe

C:\Windows\System\oHSXadM.exe

C:\Windows\System\cUDJFwu.exe

C:\Windows\System\cUDJFwu.exe

C:\Windows\System\ccwyZSx.exe

C:\Windows\System\ccwyZSx.exe

C:\Windows\System\ErdZpNg.exe

C:\Windows\System\ErdZpNg.exe

C:\Windows\System\ucTGRRS.exe

C:\Windows\System\ucTGRRS.exe

C:\Windows\System\TYWMVet.exe

C:\Windows\System\TYWMVet.exe

C:\Windows\System\trmvyrc.exe

C:\Windows\System\trmvyrc.exe

C:\Windows\System\FErBMMR.exe

C:\Windows\System\FErBMMR.exe

C:\Windows\System\QKyUJFx.exe

C:\Windows\System\QKyUJFx.exe

C:\Windows\System\upHBMXW.exe

C:\Windows\System\upHBMXW.exe

C:\Windows\System\AlxwghB.exe

C:\Windows\System\AlxwghB.exe

C:\Windows\System\UQmaoGN.exe

C:\Windows\System\UQmaoGN.exe

C:\Windows\System\jdGjyKP.exe

C:\Windows\System\jdGjyKP.exe

C:\Windows\System\kVakXTq.exe

C:\Windows\System\kVakXTq.exe

C:\Windows\System\bOBwUOb.exe

C:\Windows\System\bOBwUOb.exe

C:\Windows\System\IcqXrWN.exe

C:\Windows\System\IcqXrWN.exe

C:\Windows\System\fiyGlqS.exe

C:\Windows\System\fiyGlqS.exe

C:\Windows\System\Quonoxi.exe

C:\Windows\System\Quonoxi.exe

C:\Windows\System\FLArBql.exe

C:\Windows\System\FLArBql.exe

C:\Windows\System\mhsrfXf.exe

C:\Windows\System\mhsrfXf.exe

C:\Windows\System\YRwGlhZ.exe

C:\Windows\System\YRwGlhZ.exe

C:\Windows\System\GrPGLln.exe

C:\Windows\System\GrPGLln.exe

C:\Windows\System\CelEHwu.exe

C:\Windows\System\CelEHwu.exe

C:\Windows\System\wywDDlv.exe

C:\Windows\System\wywDDlv.exe

C:\Windows\System\jqwrCsi.exe

C:\Windows\System\jqwrCsi.exe

C:\Windows\System\WLSFQhJ.exe

C:\Windows\System\WLSFQhJ.exe

C:\Windows\System\PqrqVLx.exe

C:\Windows\System\PqrqVLx.exe

C:\Windows\System\lniWubc.exe

C:\Windows\System\lniWubc.exe

C:\Windows\System\InFfKbH.exe

C:\Windows\System\InFfKbH.exe

C:\Windows\System\EEJfXUK.exe

C:\Windows\System\EEJfXUK.exe

C:\Windows\System\IeYInis.exe

C:\Windows\System\IeYInis.exe

C:\Windows\System\HCjGsJn.exe

C:\Windows\System\HCjGsJn.exe

C:\Windows\System\DVLwwVG.exe

C:\Windows\System\DVLwwVG.exe

C:\Windows\System\JQenZvf.exe

C:\Windows\System\JQenZvf.exe

C:\Windows\System\JAhSPaG.exe

C:\Windows\System\JAhSPaG.exe

C:\Windows\System\ImkoVaw.exe

C:\Windows\System\ImkoVaw.exe

C:\Windows\System\IvnxJxt.exe

C:\Windows\System\IvnxJxt.exe

C:\Windows\System\VqTSZuS.exe

C:\Windows\System\VqTSZuS.exe

C:\Windows\System\lGlKbmH.exe

C:\Windows\System\lGlKbmH.exe

C:\Windows\System\FSjwwCr.exe

C:\Windows\System\FSjwwCr.exe

C:\Windows\System\MmiZars.exe

C:\Windows\System\MmiZars.exe

C:\Windows\System\ziffLEF.exe

C:\Windows\System\ziffLEF.exe

C:\Windows\System\VzbOrTH.exe

C:\Windows\System\VzbOrTH.exe

C:\Windows\System\ikFuwoq.exe

C:\Windows\System\ikFuwoq.exe

C:\Windows\System\zJEnQLJ.exe

C:\Windows\System\zJEnQLJ.exe

C:\Windows\System\kbiVzeF.exe

C:\Windows\System\kbiVzeF.exe

C:\Windows\System\aDtBcsY.exe

C:\Windows\System\aDtBcsY.exe

C:\Windows\System\cDzyCys.exe

C:\Windows\System\cDzyCys.exe

C:\Windows\System\WxpUauA.exe

C:\Windows\System\WxpUauA.exe

C:\Windows\System\JPnanfx.exe

C:\Windows\System\JPnanfx.exe

C:\Windows\System\VmylRIB.exe

C:\Windows\System\VmylRIB.exe

C:\Windows\System\pUfmmzs.exe

C:\Windows\System\pUfmmzs.exe

C:\Windows\System\mTKHlJX.exe

C:\Windows\System\mTKHlJX.exe

C:\Windows\System\mNVwFPz.exe

C:\Windows\System\mNVwFPz.exe

C:\Windows\System\StZUYuf.exe

C:\Windows\System\StZUYuf.exe

C:\Windows\System\QLFDfRQ.exe

C:\Windows\System\QLFDfRQ.exe

C:\Windows\System\BeRxtjA.exe

C:\Windows\System\BeRxtjA.exe

C:\Windows\System\xhptxiE.exe

C:\Windows\System\xhptxiE.exe

C:\Windows\System\lcRrwPM.exe

C:\Windows\System\lcRrwPM.exe

C:\Windows\System\AjRcLLH.exe

C:\Windows\System\AjRcLLH.exe

C:\Windows\System\ThvOeUx.exe

C:\Windows\System\ThvOeUx.exe

C:\Windows\System\LqbneAV.exe

C:\Windows\System\LqbneAV.exe

C:\Windows\System\cPNtbrc.exe

C:\Windows\System\cPNtbrc.exe

C:\Windows\System\eyZjyZt.exe

C:\Windows\System\eyZjyZt.exe

C:\Windows\System\pybKksa.exe

C:\Windows\System\pybKksa.exe

C:\Windows\System\HTPdouN.exe

C:\Windows\System\HTPdouN.exe

C:\Windows\System\BEaSaLb.exe

C:\Windows\System\BEaSaLb.exe

C:\Windows\System\CxhZuEI.exe

C:\Windows\System\CxhZuEI.exe

C:\Windows\System\qJWfBAh.exe

C:\Windows\System\qJWfBAh.exe

C:\Windows\System\VywFdUZ.exe

C:\Windows\System\VywFdUZ.exe

C:\Windows\System\tcnFPUI.exe

C:\Windows\System\tcnFPUI.exe

C:\Windows\System\kxoDNHp.exe

C:\Windows\System\kxoDNHp.exe

C:\Windows\System\xZAYKYY.exe

C:\Windows\System\xZAYKYY.exe

C:\Windows\System\FnDSWSe.exe

C:\Windows\System\FnDSWSe.exe

C:\Windows\System\dGnHYmh.exe

C:\Windows\System\dGnHYmh.exe

C:\Windows\System\NwPNzOW.exe

C:\Windows\System\NwPNzOW.exe

C:\Windows\System\zvQzRrL.exe

C:\Windows\System\zvQzRrL.exe

C:\Windows\System\LxvUldM.exe

C:\Windows\System\LxvUldM.exe

C:\Windows\System\rJBXcrv.exe

C:\Windows\System\rJBXcrv.exe

C:\Windows\System\euZwiYf.exe

C:\Windows\System\euZwiYf.exe

C:\Windows\System\pamwmPu.exe

C:\Windows\System\pamwmPu.exe

C:\Windows\System\oyXAWrY.exe

C:\Windows\System\oyXAWrY.exe

C:\Windows\System\eDEhMtI.exe

C:\Windows\System\eDEhMtI.exe

C:\Windows\System\pVJHdJu.exe

C:\Windows\System\pVJHdJu.exe

C:\Windows\System\DlUvfng.exe

C:\Windows\System\DlUvfng.exe

C:\Windows\System\mhZgFrv.exe

C:\Windows\System\mhZgFrv.exe

C:\Windows\System\AySLBWU.exe

C:\Windows\System\AySLBWU.exe

C:\Windows\System\VIqIitH.exe

C:\Windows\System\VIqIitH.exe

C:\Windows\System\vaLFxTm.exe

C:\Windows\System\vaLFxTm.exe

C:\Windows\System\LGlwwys.exe

C:\Windows\System\LGlwwys.exe

C:\Windows\System\soIMMOn.exe

C:\Windows\System\soIMMOn.exe

C:\Windows\System\zszMllr.exe

C:\Windows\System\zszMllr.exe

C:\Windows\System\ieIaJii.exe

C:\Windows\System\ieIaJii.exe

C:\Windows\System\ThAdjDQ.exe

C:\Windows\System\ThAdjDQ.exe

C:\Windows\System\aScFMlL.exe

C:\Windows\System\aScFMlL.exe

C:\Windows\System\NMhVDYY.exe

C:\Windows\System\NMhVDYY.exe

C:\Windows\System\ElInvel.exe

C:\Windows\System\ElInvel.exe

C:\Windows\System\hpXDShN.exe

C:\Windows\System\hpXDShN.exe

C:\Windows\System\TzUkLAM.exe

C:\Windows\System\TzUkLAM.exe

C:\Windows\System\PbnatBL.exe

C:\Windows\System\PbnatBL.exe

C:\Windows\System\kTHXrvH.exe

C:\Windows\System\kTHXrvH.exe

C:\Windows\System\yJZrupk.exe

C:\Windows\System\yJZrupk.exe

C:\Windows\System\FZTkaGF.exe

C:\Windows\System\FZTkaGF.exe

C:\Windows\System\HnPBlmn.exe

C:\Windows\System\HnPBlmn.exe

C:\Windows\System\qhpbZej.exe

C:\Windows\System\qhpbZej.exe

C:\Windows\System\QQCqhot.exe

C:\Windows\System\QQCqhot.exe

C:\Windows\System\lVdxAyN.exe

C:\Windows\System\lVdxAyN.exe

C:\Windows\System\aKqxsqx.exe

C:\Windows\System\aKqxsqx.exe

C:\Windows\System\SPRSHap.exe

C:\Windows\System\SPRSHap.exe

C:\Windows\System\VaRTovF.exe

C:\Windows\System\VaRTovF.exe

C:\Windows\System\ZCMSgbT.exe

C:\Windows\System\ZCMSgbT.exe

C:\Windows\System\KzjtSXd.exe

C:\Windows\System\KzjtSXd.exe

C:\Windows\System\jjByACE.exe

C:\Windows\System\jjByACE.exe

C:\Windows\System\tJHoTJF.exe

C:\Windows\System\tJHoTJF.exe

C:\Windows\System\fBgxXgc.exe

C:\Windows\System\fBgxXgc.exe

C:\Windows\System\iXiTWRd.exe

C:\Windows\System\iXiTWRd.exe

C:\Windows\System\eNLhMSU.exe

C:\Windows\System\eNLhMSU.exe

C:\Windows\System\yNgCPvY.exe

C:\Windows\System\yNgCPvY.exe

C:\Windows\System\cNDdSXj.exe

C:\Windows\System\cNDdSXj.exe

C:\Windows\System\MFWDwmL.exe

C:\Windows\System\MFWDwmL.exe

C:\Windows\System\oxHSjYc.exe

C:\Windows\System\oxHSjYc.exe

C:\Windows\System\ZAEDcwf.exe

C:\Windows\System\ZAEDcwf.exe

C:\Windows\System\uPTccgo.exe

C:\Windows\System\uPTccgo.exe

C:\Windows\System\mSmWCHH.exe

C:\Windows\System\mSmWCHH.exe

C:\Windows\System\TEEXJMU.exe

C:\Windows\System\TEEXJMU.exe

C:\Windows\System\IWseMfx.exe

C:\Windows\System\IWseMfx.exe

C:\Windows\System\IfwkPbO.exe

C:\Windows\System\IfwkPbO.exe

C:\Windows\System\VigTSKY.exe

C:\Windows\System\VigTSKY.exe

C:\Windows\System\FuIpTsi.exe

C:\Windows\System\FuIpTsi.exe

C:\Windows\System\WLpNibd.exe

C:\Windows\System\WLpNibd.exe

C:\Windows\System\hKgnJJY.exe

C:\Windows\System\hKgnJJY.exe

C:\Windows\System\zUzAtrK.exe

C:\Windows\System\zUzAtrK.exe

C:\Windows\System\PkfendN.exe

C:\Windows\System\PkfendN.exe

C:\Windows\System\RvhujWo.exe

C:\Windows\System\RvhujWo.exe

C:\Windows\System\KROUwYY.exe

C:\Windows\System\KROUwYY.exe

C:\Windows\System\NzYrepl.exe

C:\Windows\System\NzYrepl.exe

C:\Windows\System\xbGFEfG.exe

C:\Windows\System\xbGFEfG.exe

C:\Windows\System\tVQgQny.exe

C:\Windows\System\tVQgQny.exe

C:\Windows\System\EFudKvU.exe

C:\Windows\System\EFudKvU.exe

C:\Windows\System\lmpwgSS.exe

C:\Windows\System\lmpwgSS.exe

C:\Windows\System\ciMtXDf.exe

C:\Windows\System\ciMtXDf.exe

C:\Windows\System\qrQToib.exe

C:\Windows\System\qrQToib.exe

C:\Windows\System\ccTbYbO.exe

C:\Windows\System\ccTbYbO.exe

C:\Windows\System\JFOoMAG.exe

C:\Windows\System\JFOoMAG.exe

C:\Windows\System\OoimNhf.exe

C:\Windows\System\OoimNhf.exe

C:\Windows\System\Btoqwgd.exe

C:\Windows\System\Btoqwgd.exe

C:\Windows\System\JuwwdIt.exe

C:\Windows\System\JuwwdIt.exe

C:\Windows\System\ofOiXwu.exe

C:\Windows\System\ofOiXwu.exe

C:\Windows\System\nNqNfLo.exe

C:\Windows\System\nNqNfLo.exe

C:\Windows\System\WNsWEZa.exe

C:\Windows\System\WNsWEZa.exe

C:\Windows\System\XsYMNyi.exe

C:\Windows\System\XsYMNyi.exe

C:\Windows\System\cLaXfsK.exe

C:\Windows\System\cLaXfsK.exe

C:\Windows\System\XRXkWws.exe

C:\Windows\System\XRXkWws.exe

C:\Windows\System\dlrNmlz.exe

C:\Windows\System\dlrNmlz.exe

C:\Windows\System\VtedFur.exe

C:\Windows\System\VtedFur.exe

C:\Windows\System\ccbFVns.exe

C:\Windows\System\ccbFVns.exe

C:\Windows\System\SaEOgbU.exe

C:\Windows\System\SaEOgbU.exe

C:\Windows\System\iITORqE.exe

C:\Windows\System\iITORqE.exe

C:\Windows\System\NOGDQTG.exe

C:\Windows\System\NOGDQTG.exe

C:\Windows\System\VTCetpJ.exe

C:\Windows\System\VTCetpJ.exe

C:\Windows\System\UrdSjJV.exe

C:\Windows\System\UrdSjJV.exe

C:\Windows\System\lnqQpwq.exe

C:\Windows\System\lnqQpwq.exe

C:\Windows\System\tssygrT.exe

C:\Windows\System\tssygrT.exe

C:\Windows\System\KaXDuJh.exe

C:\Windows\System\KaXDuJh.exe

C:\Windows\System\mPBLfUM.exe

C:\Windows\System\mPBLfUM.exe

C:\Windows\System\eYKwctQ.exe

C:\Windows\System\eYKwctQ.exe

C:\Windows\System\DRQBIav.exe

C:\Windows\System\DRQBIav.exe

C:\Windows\System\GFOYltT.exe

C:\Windows\System\GFOYltT.exe

C:\Windows\System\ISVmeac.exe

C:\Windows\System\ISVmeac.exe

C:\Windows\System\jDOUHna.exe

C:\Windows\System\jDOUHna.exe

C:\Windows\System\wtsvKas.exe

C:\Windows\System\wtsvKas.exe

C:\Windows\System\aZTfRdl.exe

C:\Windows\System\aZTfRdl.exe

C:\Windows\System\ZyoXkXJ.exe

C:\Windows\System\ZyoXkXJ.exe

C:\Windows\System\SUYQJtA.exe

C:\Windows\System\SUYQJtA.exe

C:\Windows\System\UGBtToT.exe

C:\Windows\System\UGBtToT.exe

C:\Windows\System\lgdxOvq.exe

C:\Windows\System\lgdxOvq.exe

C:\Windows\System\kahsreD.exe

C:\Windows\System\kahsreD.exe

C:\Windows\System\HHOHaJs.exe

C:\Windows\System\HHOHaJs.exe

C:\Windows\System\ojOhuTY.exe

C:\Windows\System\ojOhuTY.exe

C:\Windows\System\rBVUwkl.exe

C:\Windows\System\rBVUwkl.exe

C:\Windows\System\bLiEiRu.exe

C:\Windows\System\bLiEiRu.exe

C:\Windows\System\ZXDIOYY.exe

C:\Windows\System\ZXDIOYY.exe

C:\Windows\System\jhzScHL.exe

C:\Windows\System\jhzScHL.exe

C:\Windows\System\dENMlDG.exe

C:\Windows\System\dENMlDG.exe

C:\Windows\System\BHASugd.exe

C:\Windows\System\BHASugd.exe

C:\Windows\System\aMtuykz.exe

C:\Windows\System\aMtuykz.exe

C:\Windows\System\mRcJFah.exe

C:\Windows\System\mRcJFah.exe

C:\Windows\System\CfWrjcF.exe

C:\Windows\System\CfWrjcF.exe

C:\Windows\System\lEwSPvH.exe

C:\Windows\System\lEwSPvH.exe

C:\Windows\System\EAqdgOt.exe

C:\Windows\System\EAqdgOt.exe

C:\Windows\System\CzeeniN.exe

C:\Windows\System\CzeeniN.exe

C:\Windows\System\KXqlqLz.exe

C:\Windows\System\KXqlqLz.exe

C:\Windows\System\MqpnbkE.exe

C:\Windows\System\MqpnbkE.exe

C:\Windows\System\LDVUrGg.exe

C:\Windows\System\LDVUrGg.exe

C:\Windows\System\kGCfccr.exe

C:\Windows\System\kGCfccr.exe

C:\Windows\System\nTEPgnq.exe

C:\Windows\System\nTEPgnq.exe

C:\Windows\System\NSuzJlc.exe

C:\Windows\System\NSuzJlc.exe

C:\Windows\System\RPnaeAt.exe

C:\Windows\System\RPnaeAt.exe

C:\Windows\System\NDMqMzI.exe

C:\Windows\System\NDMqMzI.exe

C:\Windows\System\aBZlJdp.exe

C:\Windows\System\aBZlJdp.exe

C:\Windows\System\ErLZHvG.exe

C:\Windows\System\ErLZHvG.exe

C:\Windows\System\uQQspjL.exe

C:\Windows\System\uQQspjL.exe

C:\Windows\System\fGMaUah.exe

C:\Windows\System\fGMaUah.exe

C:\Windows\System\EHaemXc.exe

C:\Windows\System\EHaemXc.exe

C:\Windows\System\ypSpcGi.exe

C:\Windows\System\ypSpcGi.exe

C:\Windows\System\IhNGMpI.exe

C:\Windows\System\IhNGMpI.exe

C:\Windows\System\OkzRCJa.exe

C:\Windows\System\OkzRCJa.exe

C:\Windows\System\QkFBZct.exe

C:\Windows\System\QkFBZct.exe

C:\Windows\System\mtynEgf.exe

C:\Windows\System\mtynEgf.exe

C:\Windows\System\PWwCZEq.exe

C:\Windows\System\PWwCZEq.exe

C:\Windows\System\UrDWvgc.exe

C:\Windows\System\UrDWvgc.exe

C:\Windows\System\KFjZPXN.exe

C:\Windows\System\KFjZPXN.exe

C:\Windows\System\liHBjZv.exe

C:\Windows\System\liHBjZv.exe

C:\Windows\System\EQHMArq.exe

C:\Windows\System\EQHMArq.exe

C:\Windows\System\OGlDwFE.exe

C:\Windows\System\OGlDwFE.exe

C:\Windows\System\LisrnGx.exe

C:\Windows\System\LisrnGx.exe

C:\Windows\System\iqzeDFN.exe

C:\Windows\System\iqzeDFN.exe

C:\Windows\System\ltnbwOG.exe

C:\Windows\System\ltnbwOG.exe

C:\Windows\System\cwLZuOJ.exe

C:\Windows\System\cwLZuOJ.exe

C:\Windows\System\gnruaSL.exe

C:\Windows\System\gnruaSL.exe

C:\Windows\System\GKnQqYb.exe

C:\Windows\System\GKnQqYb.exe

C:\Windows\System\bKvjjFO.exe

C:\Windows\System\bKvjjFO.exe

C:\Windows\System\CbDDzrA.exe

C:\Windows\System\CbDDzrA.exe

C:\Windows\System\aiNhxFO.exe

C:\Windows\System\aiNhxFO.exe

C:\Windows\System\XQCIcTh.exe

C:\Windows\System\XQCIcTh.exe

C:\Windows\System\uSLIkbX.exe

C:\Windows\System\uSLIkbX.exe

C:\Windows\System\hgkMSGh.exe

C:\Windows\System\hgkMSGh.exe

C:\Windows\System\jgiIQmM.exe

C:\Windows\System\jgiIQmM.exe

C:\Windows\System\ttpAmzC.exe

C:\Windows\System\ttpAmzC.exe

C:\Windows\System\hYIhPCu.exe

C:\Windows\System\hYIhPCu.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/992-0-0x0000000000080000-0x0000000000090000-memory.dmp

memory/992-2-0x000000013FF80000-0x00000001402D4000-memory.dmp

\Windows\system\rEPYSVN.exe

MD5 55f7cc02fdbfa820e6205b61a37855e7
SHA1 fd6383b46602d1969052a0140b9cd2873e6a9711
SHA256 a69567011f61e54b3b386776dce0a47d2d02c7582ee5a757691ff356b7ff74d0
SHA512 07f368cc80970dac1044dd8e4ce0f671d7a2e4f8ea82484b75be98f7ae789ba493ed8c5bee16f4e3ecb175aca82e1a1f17cea865e08cc84baa880cc08295ac9d

memory/1956-9-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/992-8-0x000000013F680000-0x000000013F9D4000-memory.dmp

\Windows\system\urqbHEF.exe

MD5 5d29b68a2b6cea5b2d5f554e7506f482
SHA1 b32dbb880b59bb6767724c490263b51c821ce68b
SHA256 a72ae5a0c1fb5c40ce52e7e983d305baaa831e3c7c291bcd55616bb8ff5b5550
SHA512 5d3f31148d1cfe57a3b0f07feeb2e281701dc5d2006b2ccc7bb23b960e5983d4891d73174c992286fec7c590f5bb0413c18269743722ab779e1bd17ef0cce32e

memory/992-13-0x000000013F170000-0x000000013F4C4000-memory.dmp

C:\Windows\system\uBTMNep.exe

MD5 c6d319556576de85d13242508605d8bc
SHA1 034593c00195d87c5337940ad61d8b9af66a7c29
SHA256 6ebe74370a9eaf3d2b9a3dbc4a9cdda57dfe638605cfb321b2ac6e2c3305ffa4
SHA512 40da62def564e3c982293cbff0963c3abdce714e47fdf2524fef86a946fbf47e505ae78665521ddb6afa201b8067bb384247c322c849940f6e0a981a67942d79

C:\Windows\system\ulmtNRX.exe

MD5 f72ee6ec3bc76b1f71dcab508b61c7f6
SHA1 53f2976176891dc5ca92f442b435c4bd2083f41c
SHA256 f60bf020693338494210a93e6e1981825232d547ae7961c418d8c55b9b7696ab
SHA512 cd492878d99121e261002bea4cb3828cd97e99cc584e4e7374324870cbca812e1bce8c26a82e354c525dd8113e177dd4036b23b07236221715ba8e26e0a5f379

memory/2560-28-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/992-27-0x0000000001FA0000-0x00000000022F4000-memory.dmp

\Windows\system\Evgfqcg.exe

MD5 3aa4157415f787a2dbbe8214f1f86327
SHA1 79cf8e1f2b01f275dd37f32af33be0d40ad8aa62
SHA256 b96c879abe4830343f1095cae2501ce9551948a9d07bcde7f3c0e5e7beba9505
SHA512 5d47d690cd15f7259d52a3df1547eedf5c5b3c71a127b20a4ea859f2b7223f8deadade0f3047df83486f887a5542874fdfc4e1d572c20d087c7fb1463ee0d701

C:\Windows\system\yizVnxk.exe

MD5 0e22607f724c1fa05bf7d71f54bd17df
SHA1 78b565190bcc3bd4e69a2381548ac7290a4258ac
SHA256 26121f4a72e77ac27559c8d1f26da93ff7e4b63d3941db985152caaa89dde88b
SHA512 aeadab82a0c3e27f6a2188cdbf7b1ad53f509aeee9c783b142f83c1494f72c04a4edd21770f7425350608907a7e772f52f93f5d5a68c808040cdbf25f5400c0a

memory/992-43-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/992-33-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2536-40-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2684-38-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2220-22-0x000000013F510000-0x000000013F864000-memory.dmp

memory/992-20-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2528-49-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2428-57-0x000000013FF40000-0x0000000140294000-memory.dmp

C:\Windows\system\ywKlJei.exe

MD5 21531e461bceeccd5457d4984d575172
SHA1 7be0ebd61049fa60acf795897832faef2330b394
SHA256 c2fe741e0c51a97dff343997649e7476eb2900180eae144c60bcb14e56b4243e
SHA512 368f8fbb5c5465a78925ae02bb2ce2078d4d77fde73fbc1d963e04b4cdb9039ce42246f0ae0756365110336bed025493dbfe668cba323e4350e2d5eb6924d047

memory/2420-70-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2460-63-0x000000013F9F0000-0x000000013FD44000-memory.dmp

C:\Windows\system\OGTnPGM.exe

MD5 b9ee3a720a588a51ca424e3c70acb299
SHA1 8518f47112d297e94c5ae80ce854a9b910950ead
SHA256 3a44906fcce721f23de8f0c6afda6c556e9ae83145180aeb1abc1fca6f82dbca
SHA512 7c23c593effe6ba178e229cab590ed832767150e410634f198e1b35f9c01ac5e14f6cb542746989611188268828e585e61de6f747c4b774ef1d8ca4d9baa195c

memory/2232-76-0x000000013F5B0000-0x000000013F904000-memory.dmp

C:\Windows\system\JfefnLd.exe

MD5 d69c51944fd9d0e816f17763507aba13
SHA1 9dba3ca36221d81481259761687f3cb413608422
SHA256 891f07d9e1a51d1278f11457c381bce612e7546f2478d64c6c4567ddefedbd61
SHA512 e5d16c6a08c75adb6d48041ad9fcb22c6fe518a993d750f452de09c5d2ce122b94413fef675044a091ce4bc4c2a6d907e32a96e36f1c0085515c1f250cf1ad50

memory/992-100-0x000000013F030000-0x000000013F384000-memory.dmp

C:\Windows\system\cqJSasf.exe

MD5 c7d6bc69f51c9c9c43575e77945c9e0d
SHA1 bd3e4fb94171a1aef105a3d3420c02e2616c8973
SHA256 ce93d7d5705f25fbd9f8cbd088368d6812cd91dcccfb3abf4ef211221fccc2e0
SHA512 f25cf922a82cf82207b06a2d32fe1c2f8c9bb479fd2b7c5019795ed84a9815404dcc66171bb698f99491d5a253f166f0c835a3258dd18818ef02fdfdecc0f97f

C:\Windows\system\nYaVBVK.exe

MD5 4fb2ac592c56d3676a912d9160b24af4
SHA1 1bed7189556a8eb73a2b3ad59c01286ce44d926a
SHA256 93eecc05c3652bc3104d55d942834c3e7f5067f8289fa571b4f81704c8b7b7fe
SHA512 53a8606c6e9067d8f4c3309877829518b1efc95739d583fe6af8fab5d643d51b5301a57a684612fe60b0d9ae4fe92b2f435838cbdeea13369a88d43bbebcee51

C:\Windows\system\NUSnFLI.exe

MD5 6d0bf56d565e81ca9fa7c332ab7868b8
SHA1 ad680f3d79c31fc036f184c32589bf8d881f8077
SHA256 dab5a9eec81c9aabb63953eee00769d698724c32c0bafb073d345e2a2c8ffd50
SHA512 760170a2ebd14c6bd7ec63be2e412893b064ae35aec306f23b8c5d4f2cbaa3456bb1f12dd93c63ea34a67a2fc6c2a10bb40b8a19b6dbe04abf62ec4503869666

\Windows\system\bQdFYAu.exe

MD5 7fb4b39465cd75a021e529296884baff
SHA1 9ff9b4bc1771febf2e7c193b8f87d02970d25e4f
SHA256 87ec2156e8944b1ae171ca9289ceb14fcafc86d79008453ae2a3b50defbd9afa
SHA512 0282a4f34c75eead5b600c94c71b4c0dd2861f8822bcf1323c41e90794183dd118612f365692de1f509a5782e7bd705b5ace51ea359e90c74a3e02c5e952cec1

memory/2460-1006-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/992-568-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2420-1076-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2528-333-0x000000013F540000-0x000000013F894000-memory.dmp

C:\Windows\system\mkGXdCR.exe

MD5 936d02737af1a741c3dc5025c05dab51
SHA1 f16144b239a83bedcbd74a4c8cd4b5d5c52424c4
SHA256 a3b1984071fd424a11ed941fabc0273357505eda8e39766b0eb49adbe5acffbb
SHA512 c3ce173bab4f51c5b228f7be42e7e87776ad3e633aa772952c3d26cc13b57a59e823cffe0ada5c7ef8375858055854492d7ac1267445c6af67a2cdf4117cb8c8

C:\Windows\system\abcoHdA.exe

MD5 ac5c0d0e417eabb038002350f3fba177
SHA1 ed7323a5a32ee27982bce3b445a84d55316b96bf
SHA256 eb9bbc17b2430af7884f1ff4ee29005d927087091b484ea5d435d5cfd8d14f13
SHA512 ae329aaffec1fb9f2f754a900e78c8f5a09fa631b8c24e83cfcd87c3b6440737db436e16190becc631fcac89bf3b79cd1dd966d4a0fa791fbb8b274a2b1eb03a

C:\Windows\system\GkJOjOH.exe

MD5 ee8298f0fe72cfceb92df4be8cc963f7
SHA1 ba5b833e5cdc925f098614f182109ad23749b6b3
SHA256 230d38004c6f36a3cb8bd4f9679c0d421033e4f567bce82ca566b26c2798c5b4
SHA512 f39d28b819f6f5b99ecd81afe5f186f22f869412bd70e6729bee7f7cb8f320ddef50c09b3f833fd8d2e5f7f13c11cfa95d8a40507eeb6f42d63a910888bc8b6f

C:\Windows\system\rexHIpF.exe

MD5 6073a0fbd2dc0a74e3995879b9c23921
SHA1 05342aec14732f914fe3907ed84652a628bb5a77
SHA256 54ffd678522bcf0176bbd47f4556cd984a806761ff9b3437753df7af44c1669e
SHA512 369a56d4df3d786d138ba292c6d406bab20818ad352dd7b3915f781755f47394d270a1412f4d05111cbd932ed061eb2ac91e8fb6bab77aecefa1b4171c4ee77e

C:\Windows\system\TlRbvNq.exe

MD5 ffec59778206fce2f7fd92b9b22beb60
SHA1 a1d8c88ac15df849d5523e3114ba86b8c94a0f03
SHA256 0d342f38192b551456cb404d586b0f13295ae3c9070b7d4cd4212376a94a03d7
SHA512 ff3fabb56d9f73dfe2abe0480e4642c237200baf2775f3f4a9fa4a7fad6f0ce882559565adc5b2d465f61683ce5145d1ac71b248d8ae577472c195917558e798

C:\Windows\system\pxTAEWY.exe

MD5 a57c60409954fc9206d014fa2067ef43
SHA1 037857d939b404676d67296a027c777f85695cdf
SHA256 c057ca33e3b550d54bb6fc5c962eedb251447bae56763c912dff0789887e6283
SHA512 4f8604f090581e4d07307ce23d582131dfad20bbc9645c7fd02dc8664c2c2a6bfb6f7706afd5c49ca718db0e1407372d35e504ae404561511927a6c178dd2524

C:\Windows\system\tMJyZCD.exe

MD5 9a9f975721ab215678429117ff611584
SHA1 ae7d860332941aa4f175e588bae4cc0333dfda18
SHA256 c777d01e73b68f3e0933f63c106d687f07d982658cf28aa0eddb730ce771a0a5
SHA512 294126e1191a955e244443045e27d2de96a155938b742eb39f123f01fedb8799354d9b5b168e48ff85ec7106de133ef9d46dcd676681240417f6f9c82330573c

C:\Windows\system\HjWHtNc.exe

MD5 2c691e81fd5b96ecb95ef772587f37a5
SHA1 7ced3be0b17169d7c43d176bcb3cc82f06e14439
SHA256 5006e3a209900d20edcdb0f9506fad967fd5bd3ac583a45fe836d0933450a39c
SHA512 4485d999188d5a2758d82e6794fc4770c449b693d34df72a8530a43c34502214a2ddab036525f9e85e3dad4ef5eb49347b98707e0c82bc11a0eebf8c00aa0e3e

memory/992-1077-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2232-1078-0x000000013F5B0000-0x000000013F904000-memory.dmp

C:\Windows\system\VpcNQDo.exe

MD5 0c06d55afbf7f0239679f8d4def89d38
SHA1 084f570cee9802948804175b1aa64d80541f0dc4
SHA256 1d5693e539805573705396715aae25cf65e60b0795c3c003eb516eb467f8f1f6
SHA512 7e6663d3bd30808a11f7d487ad2db3bd4ae361b5634aff97fcf4ca21db47e0d80c2865a5764684cf39c2c40a5f5cc32ab65015afbf568a0f64c0e49b3b2ec060

C:\Windows\system\UTwXASn.exe

MD5 c707da1a8a8a1484d84474a05f3d23c9
SHA1 2e9862c07236bd8e79b9ee3ff374cb6b934c1fba
SHA256 731339f2aab0855e73cf2190ca3adcbc5d04f40e4320ca229fa83c3fd497b891
SHA512 97de9cffee1c6e6487e92c549f0e5b4383aeb2f72e3e5ada65f9d3084f992a43ccb6c0384d24d928beb7f42658e9ccd051d29ba64c244fb869b70aff559ba507

C:\Windows\system\CcdlZgt.exe

MD5 f0c60e90e8a9686e1f624f6c8438d360
SHA1 513bb7cae3654a9a379dea9ac8dcf1623d85f694
SHA256 24d46d7b8c8d03de92904960178886a2297558e6ccf31247859183473dbb2413
SHA512 ac054db06637a027775f9dbaff4f36b5b63b8c81c39d78fcda1cc015b02b898cc83c971863d386a1f43da17c9132890d824a8553f15c5516c47f9f5931a7b27d

C:\Windows\system\aQEnwkP.exe

MD5 db100238a035c550b2305b99dd439846
SHA1 3b981692dc7d88be6f293b9f64b1bb495c1d8c15
SHA256 b2b3873e9260c413bd8780aed48f1dd0df539f083164490f63f59cc8033f307d
SHA512 f3e73849565f1df24a49fae7ac1c9363b018b04886d414b67d1c01ef22c4e9af8d2105bd9e2815f2ffe0ba80ea829f0ab6bd04da73935d984cc8e046b9eb99b5

C:\Windows\system\DftwLgj.exe

MD5 15a60c1af9e8f4bd359cc050e899f3fa
SHA1 2e32999cfa0403933db5ed16053ade697aa32b38
SHA256 3b9d4e1150a152a72ec6aef38b11c2de6b974813951aab53b71993da22f6d09c
SHA512 a56de2288bf0272a4e2381c3fd9b40191c93dcbda86bfed0eff21f1cad900526934e0b3e46e11c7186052bc9dad151490ff499d932e4d794d4477f7457cc49b2

memory/992-108-0x000000013F5F0000-0x000000013F944000-memory.dmp

C:\Windows\system\TgaaLEb.exe

MD5 11d38b96d3ca03d50a98faca9c51e0be
SHA1 92d0aeb5d82002b602abc75f9c941dffb3185579
SHA256 441359b7866a277d20b5247536dd7ec443e13b5cb57174775ccb4479ab3e82da
SHA512 4d1379ee1c6776a6f8475140a3503ecf73a261f51cd3abe84a2b82b2ba69dde67bac59fd5368c6f489f9bb6ecc504a3aec3dca58a922a34a3ad2dcfe78f1b9f5

C:\Windows\system\NLakakm.exe

MD5 1a107164b8c9cef662dbe07dff78d14f
SHA1 5ccde51c4e2e4408fec38935bd927ade4c7a4192
SHA256 fe21dcf78e1484224dce78e6cc19836a693ea137e87d99c517e71b9df36c979b
SHA512 f6c1c7d42ebfcc9f72717d6f5745c6431f0eebef5e3ae2967bc2228d7134855c44dfaa87607bae623430ad17a44a3459383187eaf64e329c5eee5af64838dd18

memory/2756-94-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/992-93-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2684-92-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2560-91-0x000000013FCD0000-0x0000000140024000-memory.dmp

C:\Windows\system\DBkWKRr.exe

MD5 5dc60262a27ffca74283aa65d0c31dd5
SHA1 31f123b9f9713d79f739eed50559a6920be3c506
SHA256 aaa17e78c8178bc1dff89fa7471574c10f07bf20e7ac2b3358c20863d3c75068
SHA512 829dcf1574601f40fb41e3d66d698f445d54c3f93feacbbdfcb537013a9b533fdd4b6d99be166a447d7b3553437692e1a7be9810ea65d6b4c219e0765240d0fd

memory/1528-101-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2536-99-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2636-86-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2220-85-0x000000013F510000-0x000000013F864000-memory.dmp

memory/992-75-0x000000013F170000-0x000000013F4C4000-memory.dmp

C:\Windows\system\mnxOxme.exe

MD5 46c9ee278142fd216ae240e0fcae9942
SHA1 2df536a5651acee50716302efd8a4472f818e609
SHA256 a63f8e79a82e29758389d2bcba99c0907ef7909a855fc2f67cf9c632e78a36e3
SHA512 7c25604c1f195ba5e2c21389c86a859acb48a8b0f997e69f9614435bf1d95345e2c5972fcaccd69359a4a316a3f83097cd9317d3dcb41df9332469abcded0f0a

memory/992-80-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2976-79-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/992-62-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/992-56-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/992-48-0x000000013F540000-0x000000013F894000-memory.dmp

C:\Windows\system\hJobQCz.exe

MD5 6fc11f96a069547568f64fa3680b08ce
SHA1 69e0f70cf5773e023bb0730bf6672facad564e61
SHA256 4bd4cab537df0a1bc1694661b161a4de6a8cbdf0524f9d9661767b134a60993b
SHA512 ac1992a69e28dc168ff6ac86d10c485c3b9a35ac46f4dfeace610b0f79ba3a7b15766208a034fd0fb35cae4083a61ff66385971c76f067e2f35d0a95fcb6bbe4

C:\Windows\system\xZDaaTV.exe

MD5 e7a4f861c183092f2afa78cc85f29180
SHA1 863f6879af85633c09a9ed22e090a93a621fa287
SHA256 3af3e009a0c83140649cabe37462b92fde3bdc615241a7bebf97d8db2c872571
SHA512 4878b5c25d0bfde2e6518483ced2063438dbdbb822ebf4891fcaf7d682c5a27cde9329cdb61fc7413190556388eb029fd7a53acebb8eb4a4ea011c5644a9e1c9

memory/992-1079-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/992-1080-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2756-1081-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/992-1082-0x000000013F030000-0x000000013F384000-memory.dmp

memory/1528-1083-0x000000013F030000-0x000000013F384000-memory.dmp

memory/992-1084-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/1956-1085-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2220-1086-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2976-1087-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2560-1088-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2536-1089-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2684-1090-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2528-1091-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2428-1092-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2460-1094-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2420-1093-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2232-1095-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2636-1096-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2756-1098-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/1528-1097-0x000000013F030000-0x000000013F384000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 19:38

Reported

2024-06-06 19:41

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\uojDkwG.exe N/A
N/A N/A C:\Windows\System\OajbJgu.exe N/A
N/A N/A C:\Windows\System\dturWos.exe N/A
N/A N/A C:\Windows\System\clQEhsI.exe N/A
N/A N/A C:\Windows\System\dedaMKb.exe N/A
N/A N/A C:\Windows\System\BzeJBeE.exe N/A
N/A N/A C:\Windows\System\rumLIsA.exe N/A
N/A N/A C:\Windows\System\PgwWXey.exe N/A
N/A N/A C:\Windows\System\dAVcFSo.exe N/A
N/A N/A C:\Windows\System\KWctSiL.exe N/A
N/A N/A C:\Windows\System\sSzMCBH.exe N/A
N/A N/A C:\Windows\System\mNtEdUV.exe N/A
N/A N/A C:\Windows\System\CJBhmXl.exe N/A
N/A N/A C:\Windows\System\mlkKtiz.exe N/A
N/A N/A C:\Windows\System\SELXOKD.exe N/A
N/A N/A C:\Windows\System\WiOopUo.exe N/A
N/A N/A C:\Windows\System\UfyfhBO.exe N/A
N/A N/A C:\Windows\System\XMimEJV.exe N/A
N/A N/A C:\Windows\System\OXJeYLw.exe N/A
N/A N/A C:\Windows\System\RNLPVcp.exe N/A
N/A N/A C:\Windows\System\gMEuzVD.exe N/A
N/A N/A C:\Windows\System\Lbreawg.exe N/A
N/A N/A C:\Windows\System\pJlfFOt.exe N/A
N/A N/A C:\Windows\System\flvhlsI.exe N/A
N/A N/A C:\Windows\System\CXMkHsr.exe N/A
N/A N/A C:\Windows\System\MKRpdEI.exe N/A
N/A N/A C:\Windows\System\PDntHbZ.exe N/A
N/A N/A C:\Windows\System\gjcrDCn.exe N/A
N/A N/A C:\Windows\System\xHDsvNK.exe N/A
N/A N/A C:\Windows\System\hlKzNfa.exe N/A
N/A N/A C:\Windows\System\ykQiEbs.exe N/A
N/A N/A C:\Windows\System\ftCEeuB.exe N/A
N/A N/A C:\Windows\System\nofKJUb.exe N/A
N/A N/A C:\Windows\System\vtRyalp.exe N/A
N/A N/A C:\Windows\System\kgThgnU.exe N/A
N/A N/A C:\Windows\System\mEunMCp.exe N/A
N/A N/A C:\Windows\System\eHotKnT.exe N/A
N/A N/A C:\Windows\System\SOMdBsD.exe N/A
N/A N/A C:\Windows\System\DBqGZeO.exe N/A
N/A N/A C:\Windows\System\pOJqXfi.exe N/A
N/A N/A C:\Windows\System\InfMMdt.exe N/A
N/A N/A C:\Windows\System\dgtBPAc.exe N/A
N/A N/A C:\Windows\System\AAhSUNL.exe N/A
N/A N/A C:\Windows\System\IsHvRpn.exe N/A
N/A N/A C:\Windows\System\pMechMF.exe N/A
N/A N/A C:\Windows\System\iCCGYtf.exe N/A
N/A N/A C:\Windows\System\ZtXqnhK.exe N/A
N/A N/A C:\Windows\System\WAVNJnO.exe N/A
N/A N/A C:\Windows\System\aGmWzPj.exe N/A
N/A N/A C:\Windows\System\tluGGHF.exe N/A
N/A N/A C:\Windows\System\SpJmwAC.exe N/A
N/A N/A C:\Windows\System\kITPxMi.exe N/A
N/A N/A C:\Windows\System\fDHyAHV.exe N/A
N/A N/A C:\Windows\System\JsOeTnZ.exe N/A
N/A N/A C:\Windows\System\Ivkaqnz.exe N/A
N/A N/A C:\Windows\System\CImGCHF.exe N/A
N/A N/A C:\Windows\System\CnjCrMz.exe N/A
N/A N/A C:\Windows\System\EEBYASr.exe N/A
N/A N/A C:\Windows\System\wSkCCXD.exe N/A
N/A N/A C:\Windows\System\cwfMwHM.exe N/A
N/A N/A C:\Windows\System\VkyzvvH.exe N/A
N/A N/A C:\Windows\System\YCHnjZX.exe N/A
N/A N/A C:\Windows\System\qLNgeAC.exe N/A
N/A N/A C:\Windows\System\KtseBSM.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LCYtJGH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nooSByq.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BagFuvP.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySlQlnW.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWfTkzz.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XirxGSc.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYouYgQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBQwRGE.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSWNosv.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKxxcck.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwXuzJG.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dedaMKb.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLNgeAC.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsxZPkA.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CFAypWI.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HRjrYvR.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFFkIVk.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOcSMPn.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WXrgckW.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWctSiL.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJBhmXl.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMEuzVD.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBqGZeO.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HRcgyZn.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wEbNIwb.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAHlWUK.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNLPVcp.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDntHbZ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOJqXfi.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IINeTqY.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgehSgF.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXJeYLw.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\flvhlsI.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nofKJUb.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEunMCp.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSHHpcU.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\npZWZfa.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjfnRQQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajrYGuj.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WiOopUo.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXMkHsr.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSehBNH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuiiDHQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMimEJV.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAhSUNL.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TADKRCg.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgKgOSH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftCEeuB.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsHvRpn.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBwOAXc.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JseSyYO.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQbmcGx.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnZXhCh.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tluGGHF.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgNTyEW.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIUMSoC.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LvIXrOQ.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDjHbdB.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjBAvEt.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VkyzvvH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSsfkEH.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pUjtWsf.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfrgUxc.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSqIrGV.exe C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3440 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\uojDkwG.exe
PID 3440 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\uojDkwG.exe
PID 3440 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OajbJgu.exe
PID 3440 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OajbJgu.exe
PID 3440 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dturWos.exe
PID 3440 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dturWos.exe
PID 3440 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\clQEhsI.exe
PID 3440 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\clQEhsI.exe
PID 3440 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dedaMKb.exe
PID 3440 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dedaMKb.exe
PID 3440 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\BzeJBeE.exe
PID 3440 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\BzeJBeE.exe
PID 3440 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\rumLIsA.exe
PID 3440 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\rumLIsA.exe
PID 3440 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\PgwWXey.exe
PID 3440 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\PgwWXey.exe
PID 3440 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dAVcFSo.exe
PID 3440 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\dAVcFSo.exe
PID 3440 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\KWctSiL.exe
PID 3440 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\KWctSiL.exe
PID 3440 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\sSzMCBH.exe
PID 3440 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\sSzMCBH.exe
PID 3440 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mNtEdUV.exe
PID 3440 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mNtEdUV.exe
PID 3440 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CJBhmXl.exe
PID 3440 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CJBhmXl.exe
PID 3440 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mlkKtiz.exe
PID 3440 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\mlkKtiz.exe
PID 3440 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\SELXOKD.exe
PID 3440 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\SELXOKD.exe
PID 3440 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\WiOopUo.exe
PID 3440 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\WiOopUo.exe
PID 3440 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\UfyfhBO.exe
PID 3440 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\UfyfhBO.exe
PID 3440 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\XMimEJV.exe
PID 3440 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\XMimEJV.exe
PID 3440 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OXJeYLw.exe
PID 3440 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\OXJeYLw.exe
PID 3440 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\RNLPVcp.exe
PID 3440 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\RNLPVcp.exe
PID 3440 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\gMEuzVD.exe
PID 3440 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\gMEuzVD.exe
PID 3440 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\Lbreawg.exe
PID 3440 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\Lbreawg.exe
PID 3440 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\pJlfFOt.exe
PID 3440 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\pJlfFOt.exe
PID 3440 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\flvhlsI.exe
PID 3440 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\flvhlsI.exe
PID 3440 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CXMkHsr.exe
PID 3440 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\CXMkHsr.exe
PID 3440 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\MKRpdEI.exe
PID 3440 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\MKRpdEI.exe
PID 3440 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\PDntHbZ.exe
PID 3440 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\PDntHbZ.exe
PID 3440 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\gjcrDCn.exe
PID 3440 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\gjcrDCn.exe
PID 3440 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\xHDsvNK.exe
PID 3440 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\xHDsvNK.exe
PID 3440 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\hlKzNfa.exe
PID 3440 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\hlKzNfa.exe
PID 3440 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ykQiEbs.exe
PID 3440 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ykQiEbs.exe
PID 3440 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ftCEeuB.exe
PID 3440 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe C:\Windows\System\ftCEeuB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\fc71afe6781dc3bed2005f71cd9e4df0_NeikiAnalytics.exe"

C:\Windows\System\uojDkwG.exe

C:\Windows\System\uojDkwG.exe

C:\Windows\System\OajbJgu.exe

C:\Windows\System\OajbJgu.exe

C:\Windows\System\dturWos.exe

C:\Windows\System\dturWos.exe

C:\Windows\System\clQEhsI.exe

C:\Windows\System\clQEhsI.exe

C:\Windows\System\dedaMKb.exe

C:\Windows\System\dedaMKb.exe

C:\Windows\System\BzeJBeE.exe

C:\Windows\System\BzeJBeE.exe

C:\Windows\System\rumLIsA.exe

C:\Windows\System\rumLIsA.exe

C:\Windows\System\PgwWXey.exe

C:\Windows\System\PgwWXey.exe

C:\Windows\System\dAVcFSo.exe

C:\Windows\System\dAVcFSo.exe

C:\Windows\System\KWctSiL.exe

C:\Windows\System\KWctSiL.exe

C:\Windows\System\sSzMCBH.exe

C:\Windows\System\sSzMCBH.exe

C:\Windows\System\mNtEdUV.exe

C:\Windows\System\mNtEdUV.exe

C:\Windows\System\CJBhmXl.exe

C:\Windows\System\CJBhmXl.exe

C:\Windows\System\mlkKtiz.exe

C:\Windows\System\mlkKtiz.exe

C:\Windows\System\SELXOKD.exe

C:\Windows\System\SELXOKD.exe

C:\Windows\System\WiOopUo.exe

C:\Windows\System\WiOopUo.exe

C:\Windows\System\UfyfhBO.exe

C:\Windows\System\UfyfhBO.exe

C:\Windows\System\XMimEJV.exe

C:\Windows\System\XMimEJV.exe

C:\Windows\System\OXJeYLw.exe

C:\Windows\System\OXJeYLw.exe

C:\Windows\System\RNLPVcp.exe

C:\Windows\System\RNLPVcp.exe

C:\Windows\System\gMEuzVD.exe

C:\Windows\System\gMEuzVD.exe

C:\Windows\System\Lbreawg.exe

C:\Windows\System\Lbreawg.exe

C:\Windows\System\pJlfFOt.exe

C:\Windows\System\pJlfFOt.exe

C:\Windows\System\flvhlsI.exe

C:\Windows\System\flvhlsI.exe

C:\Windows\System\CXMkHsr.exe

C:\Windows\System\CXMkHsr.exe

C:\Windows\System\MKRpdEI.exe

C:\Windows\System\MKRpdEI.exe

C:\Windows\System\PDntHbZ.exe

C:\Windows\System\PDntHbZ.exe

C:\Windows\System\gjcrDCn.exe

C:\Windows\System\gjcrDCn.exe

C:\Windows\System\xHDsvNK.exe

C:\Windows\System\xHDsvNK.exe

C:\Windows\System\hlKzNfa.exe

C:\Windows\System\hlKzNfa.exe

C:\Windows\System\ykQiEbs.exe

C:\Windows\System\ykQiEbs.exe

C:\Windows\System\ftCEeuB.exe

C:\Windows\System\ftCEeuB.exe

C:\Windows\System\nofKJUb.exe

C:\Windows\System\nofKJUb.exe

C:\Windows\System\vtRyalp.exe

C:\Windows\System\vtRyalp.exe

C:\Windows\System\kgThgnU.exe

C:\Windows\System\kgThgnU.exe

C:\Windows\System\mEunMCp.exe

C:\Windows\System\mEunMCp.exe

C:\Windows\System\eHotKnT.exe

C:\Windows\System\eHotKnT.exe

C:\Windows\System\SOMdBsD.exe

C:\Windows\System\SOMdBsD.exe

C:\Windows\System\DBqGZeO.exe

C:\Windows\System\DBqGZeO.exe

C:\Windows\System\pOJqXfi.exe

C:\Windows\System\pOJqXfi.exe

C:\Windows\System\InfMMdt.exe

C:\Windows\System\InfMMdt.exe

C:\Windows\System\dgtBPAc.exe

C:\Windows\System\dgtBPAc.exe

C:\Windows\System\AAhSUNL.exe

C:\Windows\System\AAhSUNL.exe

C:\Windows\System\IsHvRpn.exe

C:\Windows\System\IsHvRpn.exe

C:\Windows\System\pMechMF.exe

C:\Windows\System\pMechMF.exe

C:\Windows\System\iCCGYtf.exe

C:\Windows\System\iCCGYtf.exe

C:\Windows\System\ZtXqnhK.exe

C:\Windows\System\ZtXqnhK.exe

C:\Windows\System\WAVNJnO.exe

C:\Windows\System\WAVNJnO.exe

C:\Windows\System\aGmWzPj.exe

C:\Windows\System\aGmWzPj.exe

C:\Windows\System\tluGGHF.exe

C:\Windows\System\tluGGHF.exe

C:\Windows\System\SpJmwAC.exe

C:\Windows\System\SpJmwAC.exe

C:\Windows\System\kITPxMi.exe

C:\Windows\System\kITPxMi.exe

C:\Windows\System\fDHyAHV.exe

C:\Windows\System\fDHyAHV.exe

C:\Windows\System\JsOeTnZ.exe

C:\Windows\System\JsOeTnZ.exe

C:\Windows\System\Ivkaqnz.exe

C:\Windows\System\Ivkaqnz.exe

C:\Windows\System\CImGCHF.exe

C:\Windows\System\CImGCHF.exe

C:\Windows\System\CnjCrMz.exe

C:\Windows\System\CnjCrMz.exe

C:\Windows\System\EEBYASr.exe

C:\Windows\System\EEBYASr.exe

C:\Windows\System\wSkCCXD.exe

C:\Windows\System\wSkCCXD.exe

C:\Windows\System\cwfMwHM.exe

C:\Windows\System\cwfMwHM.exe

C:\Windows\System\VkyzvvH.exe

C:\Windows\System\VkyzvvH.exe

C:\Windows\System\YCHnjZX.exe

C:\Windows\System\YCHnjZX.exe

C:\Windows\System\qLNgeAC.exe

C:\Windows\System\qLNgeAC.exe

C:\Windows\System\KtseBSM.exe

C:\Windows\System\KtseBSM.exe

C:\Windows\System\LCYtJGH.exe

C:\Windows\System\LCYtJGH.exe

C:\Windows\System\nllHTBK.exe

C:\Windows\System\nllHTBK.exe

C:\Windows\System\lvOFCmf.exe

C:\Windows\System\lvOFCmf.exe

C:\Windows\System\pCqissw.exe

C:\Windows\System\pCqissw.exe

C:\Windows\System\oEQDubn.exe

C:\Windows\System\oEQDubn.exe

C:\Windows\System\Znkqfuz.exe

C:\Windows\System\Znkqfuz.exe

C:\Windows\System\ANSVQoI.exe

C:\Windows\System\ANSVQoI.exe

C:\Windows\System\AShzzuT.exe

C:\Windows\System\AShzzuT.exe

C:\Windows\System\mdnhyCN.exe

C:\Windows\System\mdnhyCN.exe

C:\Windows\System\PQFNlCF.exe

C:\Windows\System\PQFNlCF.exe

C:\Windows\System\WnIerAh.exe

C:\Windows\System\WnIerAh.exe

C:\Windows\System\sxqFSFK.exe

C:\Windows\System\sxqFSFK.exe

C:\Windows\System\CphNGwU.exe

C:\Windows\System\CphNGwU.exe

C:\Windows\System\FDTczvS.exe

C:\Windows\System\FDTczvS.exe

C:\Windows\System\VZvSAol.exe

C:\Windows\System\VZvSAol.exe

C:\Windows\System\CYbyprr.exe

C:\Windows\System\CYbyprr.exe

C:\Windows\System\YgNTyEW.exe

C:\Windows\System\YgNTyEW.exe

C:\Windows\System\DQWSODQ.exe

C:\Windows\System\DQWSODQ.exe

C:\Windows\System\WaNqObs.exe

C:\Windows\System\WaNqObs.exe

C:\Windows\System\nHFJqzF.exe

C:\Windows\System\nHFJqzF.exe

C:\Windows\System\JvpCJZC.exe

C:\Windows\System\JvpCJZC.exe

C:\Windows\System\uSjZsBG.exe

C:\Windows\System\uSjZsBG.exe

C:\Windows\System\NQlMaBk.exe

C:\Windows\System\NQlMaBk.exe

C:\Windows\System\TgeKVNU.exe

C:\Windows\System\TgeKVNU.exe

C:\Windows\System\bhebgDY.exe

C:\Windows\System\bhebgDY.exe

C:\Windows\System\ZSehBNH.exe

C:\Windows\System\ZSehBNH.exe

C:\Windows\System\MmvIxLU.exe

C:\Windows\System\MmvIxLU.exe

C:\Windows\System\Krtesuz.exe

C:\Windows\System\Krtesuz.exe

C:\Windows\System\ZUqrLHk.exe

C:\Windows\System\ZUqrLHk.exe

C:\Windows\System\sUkkDqs.exe

C:\Windows\System\sUkkDqs.exe

C:\Windows\System\kwniSiN.exe

C:\Windows\System\kwniSiN.exe

C:\Windows\System\aQkhRNF.exe

C:\Windows\System\aQkhRNF.exe

C:\Windows\System\UGGwPsA.exe

C:\Windows\System\UGGwPsA.exe

C:\Windows\System\gpuASpJ.exe

C:\Windows\System\gpuASpJ.exe

C:\Windows\System\AkuVuvv.exe

C:\Windows\System\AkuVuvv.exe

C:\Windows\System\WuiiDHQ.exe

C:\Windows\System\WuiiDHQ.exe

C:\Windows\System\YltbgQl.exe

C:\Windows\System\YltbgQl.exe

C:\Windows\System\ZutvkJt.exe

C:\Windows\System\ZutvkJt.exe

C:\Windows\System\pWfTkzz.exe

C:\Windows\System\pWfTkzz.exe

C:\Windows\System\DRZdUej.exe

C:\Windows\System\DRZdUej.exe

C:\Windows\System\rLuHQJs.exe

C:\Windows\System\rLuHQJs.exe

C:\Windows\System\IBwFWUp.exe

C:\Windows\System\IBwFWUp.exe

C:\Windows\System\RkfzBVM.exe

C:\Windows\System\RkfzBVM.exe

C:\Windows\System\tTdqcOF.exe

C:\Windows\System\tTdqcOF.exe

C:\Windows\System\uheFeXQ.exe

C:\Windows\System\uheFeXQ.exe

C:\Windows\System\fjKAdej.exe

C:\Windows\System\fjKAdej.exe

C:\Windows\System\cGClCwE.exe

C:\Windows\System\cGClCwE.exe

C:\Windows\System\mSzPhHv.exe

C:\Windows\System\mSzPhHv.exe

C:\Windows\System\ujoGUgK.exe

C:\Windows\System\ujoGUgK.exe

C:\Windows\System\lvyUmEI.exe

C:\Windows\System\lvyUmEI.exe

C:\Windows\System\nFpoIqe.exe

C:\Windows\System\nFpoIqe.exe

C:\Windows\System\lDzpSZt.exe

C:\Windows\System\lDzpSZt.exe

C:\Windows\System\gyWvJni.exe

C:\Windows\System\gyWvJni.exe

C:\Windows\System\nooSByq.exe

C:\Windows\System\nooSByq.exe

C:\Windows\System\CFAypWI.exe

C:\Windows\System\CFAypWI.exe

C:\Windows\System\PJAhPOB.exe

C:\Windows\System\PJAhPOB.exe

C:\Windows\System\hQlEbve.exe

C:\Windows\System\hQlEbve.exe

C:\Windows\System\vAgRDTM.exe

C:\Windows\System\vAgRDTM.exe

C:\Windows\System\ExCZxkI.exe

C:\Windows\System\ExCZxkI.exe

C:\Windows\System\czktkXK.exe

C:\Windows\System\czktkXK.exe

C:\Windows\System\VXVhAfp.exe

C:\Windows\System\VXVhAfp.exe

C:\Windows\System\FnZgJIi.exe

C:\Windows\System\FnZgJIi.exe

C:\Windows\System\cbSdwpa.exe

C:\Windows\System\cbSdwpa.exe

C:\Windows\System\IfsDbhL.exe

C:\Windows\System\IfsDbhL.exe

C:\Windows\System\ThVBwDT.exe

C:\Windows\System\ThVBwDT.exe

C:\Windows\System\gSsfkEH.exe

C:\Windows\System\gSsfkEH.exe

C:\Windows\System\KxQQVoy.exe

C:\Windows\System\KxQQVoy.exe

C:\Windows\System\BtsKMWi.exe

C:\Windows\System\BtsKMWi.exe

C:\Windows\System\NZfcAgM.exe

C:\Windows\System\NZfcAgM.exe

C:\Windows\System\AkXFMAp.exe

C:\Windows\System\AkXFMAp.exe

C:\Windows\System\kRohxQP.exe

C:\Windows\System\kRohxQP.exe

C:\Windows\System\CGtnuzs.exe

C:\Windows\System\CGtnuzs.exe

C:\Windows\System\TkvXVhl.exe

C:\Windows\System\TkvXVhl.exe

C:\Windows\System\lIldDPc.exe

C:\Windows\System\lIldDPc.exe

C:\Windows\System\dSHHpcU.exe

C:\Windows\System\dSHHpcU.exe

C:\Windows\System\GWUXAih.exe

C:\Windows\System\GWUXAih.exe

C:\Windows\System\kvgZVWL.exe

C:\Windows\System\kvgZVWL.exe

C:\Windows\System\QqzJnDq.exe

C:\Windows\System\QqzJnDq.exe

C:\Windows\System\jTJfski.exe

C:\Windows\System\jTJfski.exe

C:\Windows\System\UpGABAq.exe

C:\Windows\System\UpGABAq.exe

C:\Windows\System\HjRggLx.exe

C:\Windows\System\HjRggLx.exe

C:\Windows\System\IINeTqY.exe

C:\Windows\System\IINeTqY.exe

C:\Windows\System\VXcTHnM.exe

C:\Windows\System\VXcTHnM.exe

C:\Windows\System\kDcRPyY.exe

C:\Windows\System\kDcRPyY.exe

C:\Windows\System\tedfuiB.exe

C:\Windows\System\tedfuiB.exe

C:\Windows\System\wyUtnWO.exe

C:\Windows\System\wyUtnWO.exe

C:\Windows\System\xhFSYgz.exe

C:\Windows\System\xhFSYgz.exe

C:\Windows\System\xqsWUPk.exe

C:\Windows\System\xqsWUPk.exe

C:\Windows\System\IzhcUKE.exe

C:\Windows\System\IzhcUKE.exe

C:\Windows\System\EqGCgDm.exe

C:\Windows\System\EqGCgDm.exe

C:\Windows\System\MVmCEcv.exe

C:\Windows\System\MVmCEcv.exe

C:\Windows\System\AFNTnSu.exe

C:\Windows\System\AFNTnSu.exe

C:\Windows\System\GwHHulH.exe

C:\Windows\System\GwHHulH.exe

C:\Windows\System\zDjHbdB.exe

C:\Windows\System\zDjHbdB.exe

C:\Windows\System\txWxVkM.exe

C:\Windows\System\txWxVkM.exe

C:\Windows\System\zJdCsBj.exe

C:\Windows\System\zJdCsBj.exe

C:\Windows\System\AuOmbuL.exe

C:\Windows\System\AuOmbuL.exe

C:\Windows\System\npZWZfa.exe

C:\Windows\System\npZWZfa.exe

C:\Windows\System\OPLdDoT.exe

C:\Windows\System\OPLdDoT.exe

C:\Windows\System\uNzHULF.exe

C:\Windows\System\uNzHULF.exe

C:\Windows\System\wuZIqbE.exe

C:\Windows\System\wuZIqbE.exe

C:\Windows\System\NISrVtT.exe

C:\Windows\System\NISrVtT.exe

C:\Windows\System\HZtrIeD.exe

C:\Windows\System\HZtrIeD.exe

C:\Windows\System\izwfJKB.exe

C:\Windows\System\izwfJKB.exe

C:\Windows\System\GgehSgF.exe

C:\Windows\System\GgehSgF.exe

C:\Windows\System\thddUCa.exe

C:\Windows\System\thddUCa.exe

C:\Windows\System\WkchPNF.exe

C:\Windows\System\WkchPNF.exe

C:\Windows\System\pbPEVSK.exe

C:\Windows\System\pbPEVSK.exe

C:\Windows\System\dqobjgA.exe

C:\Windows\System\dqobjgA.exe

C:\Windows\System\bheIEGZ.exe

C:\Windows\System\bheIEGZ.exe

C:\Windows\System\ukCbTnI.exe

C:\Windows\System\ukCbTnI.exe

C:\Windows\System\bqQFYlI.exe

C:\Windows\System\bqQFYlI.exe

C:\Windows\System\NuqlLZw.exe

C:\Windows\System\NuqlLZw.exe

C:\Windows\System\TADKRCg.exe

C:\Windows\System\TADKRCg.exe

C:\Windows\System\DIXzjSL.exe

C:\Windows\System\DIXzjSL.exe

C:\Windows\System\GXgmNhn.exe

C:\Windows\System\GXgmNhn.exe

C:\Windows\System\afTraZz.exe

C:\Windows\System\afTraZz.exe

C:\Windows\System\WIUMSoC.exe

C:\Windows\System\WIUMSoC.exe

C:\Windows\System\sIlISsM.exe

C:\Windows\System\sIlISsM.exe

C:\Windows\System\JlObAim.exe

C:\Windows\System\JlObAim.exe

C:\Windows\System\HRcgyZn.exe

C:\Windows\System\HRcgyZn.exe

C:\Windows\System\JDNRauZ.exe

C:\Windows\System\JDNRauZ.exe

C:\Windows\System\ybWwTJB.exe

C:\Windows\System\ybWwTJB.exe

C:\Windows\System\oXtBNaC.exe

C:\Windows\System\oXtBNaC.exe

C:\Windows\System\AdCPlNR.exe

C:\Windows\System\AdCPlNR.exe

C:\Windows\System\NBwOAXc.exe

C:\Windows\System\NBwOAXc.exe

C:\Windows\System\FlkBwdE.exe

C:\Windows\System\FlkBwdE.exe

C:\Windows\System\vgKgOSH.exe

C:\Windows\System\vgKgOSH.exe

C:\Windows\System\HRjrYvR.exe

C:\Windows\System\HRjrYvR.exe

C:\Windows\System\AjfnRQQ.exe

C:\Windows\System\AjfnRQQ.exe

C:\Windows\System\ktoikkW.exe

C:\Windows\System\ktoikkW.exe

C:\Windows\System\pUjtWsf.exe

C:\Windows\System\pUjtWsf.exe

C:\Windows\System\omsaCvy.exe

C:\Windows\System\omsaCvy.exe

C:\Windows\System\fiKuCiu.exe

C:\Windows\System\fiKuCiu.exe

C:\Windows\System\jnigwbs.exe

C:\Windows\System\jnigwbs.exe

C:\Windows\System\mKDYxGi.exe

C:\Windows\System\mKDYxGi.exe

C:\Windows\System\HnLsWIv.exe

C:\Windows\System\HnLsWIv.exe

C:\Windows\System\NgbxBBA.exe

C:\Windows\System\NgbxBBA.exe

C:\Windows\System\RVOpadA.exe

C:\Windows\System\RVOpadA.exe

C:\Windows\System\gEqUkaA.exe

C:\Windows\System\gEqUkaA.exe

C:\Windows\System\EFFkIVk.exe

C:\Windows\System\EFFkIVk.exe

C:\Windows\System\CTbUEum.exe

C:\Windows\System\CTbUEum.exe

C:\Windows\System\ROSuusx.exe

C:\Windows\System\ROSuusx.exe

C:\Windows\System\MZUCUya.exe

C:\Windows\System\MZUCUya.exe

C:\Windows\System\myhsLlS.exe

C:\Windows\System\myhsLlS.exe

C:\Windows\System\DzabYTV.exe

C:\Windows\System\DzabYTV.exe

C:\Windows\System\BfFfoxd.exe

C:\Windows\System\BfFfoxd.exe

C:\Windows\System\pgPPXvh.exe

C:\Windows\System\pgPPXvh.exe

C:\Windows\System\WTobboc.exe

C:\Windows\System\WTobboc.exe

C:\Windows\System\vDWEhVx.exe

C:\Windows\System\vDWEhVx.exe

C:\Windows\System\NLXfDyM.exe

C:\Windows\System\NLXfDyM.exe

C:\Windows\System\sAZrnxB.exe

C:\Windows\System\sAZrnxB.exe

C:\Windows\System\kTEYhXG.exe

C:\Windows\System\kTEYhXG.exe

C:\Windows\System\IoYTSHZ.exe

C:\Windows\System\IoYTSHZ.exe

C:\Windows\System\BagFuvP.exe

C:\Windows\System\BagFuvP.exe

C:\Windows\System\CcjWjcE.exe

C:\Windows\System\CcjWjcE.exe

C:\Windows\System\lwMfdRy.exe

C:\Windows\System\lwMfdRy.exe

C:\Windows\System\VQysJQk.exe

C:\Windows\System\VQysJQk.exe

C:\Windows\System\SjOZeWS.exe

C:\Windows\System\SjOZeWS.exe

C:\Windows\System\ReszGex.exe

C:\Windows\System\ReszGex.exe

C:\Windows\System\ASSdoop.exe

C:\Windows\System\ASSdoop.exe

C:\Windows\System\DfrgUxc.exe

C:\Windows\System\DfrgUxc.exe

C:\Windows\System\VBTWoKb.exe

C:\Windows\System\VBTWoKb.exe

C:\Windows\System\GNMDrmx.exe

C:\Windows\System\GNMDrmx.exe

C:\Windows\System\JqDyYaE.exe

C:\Windows\System\JqDyYaE.exe

C:\Windows\System\gSgBEcu.exe

C:\Windows\System\gSgBEcu.exe

C:\Windows\System\MZfgWhK.exe

C:\Windows\System\MZfgWhK.exe

C:\Windows\System\HotKeLD.exe

C:\Windows\System\HotKeLD.exe

C:\Windows\System\weqsxml.exe

C:\Windows\System\weqsxml.exe

C:\Windows\System\okxVSok.exe

C:\Windows\System\okxVSok.exe

C:\Windows\System\CyYfAWL.exe

C:\Windows\System\CyYfAWL.exe

C:\Windows\System\sghbsZO.exe

C:\Windows\System\sghbsZO.exe

C:\Windows\System\hNNJweh.exe

C:\Windows\System\hNNJweh.exe

C:\Windows\System\ncapoFC.exe

C:\Windows\System\ncapoFC.exe

C:\Windows\System\cHSPBAr.exe

C:\Windows\System\cHSPBAr.exe

C:\Windows\System\lpbnrrf.exe

C:\Windows\System\lpbnrrf.exe

C:\Windows\System\kqYKYwg.exe

C:\Windows\System\kqYKYwg.exe

C:\Windows\System\bEkcQlB.exe

C:\Windows\System\bEkcQlB.exe

C:\Windows\System\XirxGSc.exe

C:\Windows\System\XirxGSc.exe

C:\Windows\System\rYJuNMI.exe

C:\Windows\System\rYJuNMI.exe

C:\Windows\System\KkLAPgt.exe

C:\Windows\System\KkLAPgt.exe

C:\Windows\System\jKTLIBg.exe

C:\Windows\System\jKTLIBg.exe

C:\Windows\System\lMiAUFy.exe

C:\Windows\System\lMiAUFy.exe

C:\Windows\System\hweydMj.exe

C:\Windows\System\hweydMj.exe

C:\Windows\System\ZzfqpSy.exe

C:\Windows\System\ZzfqpSy.exe

C:\Windows\System\IVIKVSD.exe

C:\Windows\System\IVIKVSD.exe

C:\Windows\System\qIxuNQf.exe

C:\Windows\System\qIxuNQf.exe

C:\Windows\System\TIfMQAd.exe

C:\Windows\System\TIfMQAd.exe

C:\Windows\System\UaREizk.exe

C:\Windows\System\UaREizk.exe

C:\Windows\System\OYouYgQ.exe

C:\Windows\System\OYouYgQ.exe

C:\Windows\System\JseSyYO.exe

C:\Windows\System\JseSyYO.exe

C:\Windows\System\wEbNIwb.exe

C:\Windows\System\wEbNIwb.exe

C:\Windows\System\DeWTOaC.exe

C:\Windows\System\DeWTOaC.exe

C:\Windows\System\lskwiui.exe

C:\Windows\System\lskwiui.exe

C:\Windows\System\lRgtXEK.exe

C:\Windows\System\lRgtXEK.exe

C:\Windows\System\RNjKupu.exe

C:\Windows\System\RNjKupu.exe

C:\Windows\System\khrAQcs.exe

C:\Windows\System\khrAQcs.exe

C:\Windows\System\OVGdBbV.exe

C:\Windows\System\OVGdBbV.exe

C:\Windows\System\DBQwRGE.exe

C:\Windows\System\DBQwRGE.exe

C:\Windows\System\AVcpUlB.exe

C:\Windows\System\AVcpUlB.exe

C:\Windows\System\rQbmcGx.exe

C:\Windows\System\rQbmcGx.exe

C:\Windows\System\HjdNygU.exe

C:\Windows\System\HjdNygU.exe

C:\Windows\System\YrTrDjw.exe

C:\Windows\System\YrTrDjw.exe

C:\Windows\System\pkBSaxR.exe

C:\Windows\System\pkBSaxR.exe

C:\Windows\System\NSqIrGV.exe

C:\Windows\System\NSqIrGV.exe

C:\Windows\System\scYJzBg.exe

C:\Windows\System\scYJzBg.exe

C:\Windows\System\SCxzpLP.exe

C:\Windows\System\SCxzpLP.exe

C:\Windows\System\aQgUHdS.exe

C:\Windows\System\aQgUHdS.exe

C:\Windows\System\xfGewea.exe

C:\Windows\System\xfGewea.exe

C:\Windows\System\kttbdkK.exe

C:\Windows\System\kttbdkK.exe

C:\Windows\System\CrdUMYz.exe

C:\Windows\System\CrdUMYz.exe

C:\Windows\System\BxerUPd.exe

C:\Windows\System\BxerUPd.exe

C:\Windows\System\pjBAvEt.exe

C:\Windows\System\pjBAvEt.exe

C:\Windows\System\ApQhMMD.exe

C:\Windows\System\ApQhMMD.exe

C:\Windows\System\gOcSMPn.exe

C:\Windows\System\gOcSMPn.exe

C:\Windows\System\hxREqVj.exe

C:\Windows\System\hxREqVj.exe

C:\Windows\System\QsXlboL.exe

C:\Windows\System\QsXlboL.exe

C:\Windows\System\ySlQlnW.exe

C:\Windows\System\ySlQlnW.exe

C:\Windows\System\zfxQkCL.exe

C:\Windows\System\zfxQkCL.exe

C:\Windows\System\HnZXhCh.exe

C:\Windows\System\HnZXhCh.exe

C:\Windows\System\mGensam.exe

C:\Windows\System\mGensam.exe

C:\Windows\System\jyuXRBR.exe

C:\Windows\System\jyuXRBR.exe

C:\Windows\System\irrctCT.exe

C:\Windows\System\irrctCT.exe

C:\Windows\System\RSWNosv.exe

C:\Windows\System\RSWNosv.exe

C:\Windows\System\kYrmaEp.exe

C:\Windows\System\kYrmaEp.exe

C:\Windows\System\ZVXivxC.exe

C:\Windows\System\ZVXivxC.exe

C:\Windows\System\OCufkFA.exe

C:\Windows\System\OCufkFA.exe

C:\Windows\System\OaORbsE.exe

C:\Windows\System\OaORbsE.exe

C:\Windows\System\gJYEFvc.exe

C:\Windows\System\gJYEFvc.exe

C:\Windows\System\GOKehWV.exe

C:\Windows\System\GOKehWV.exe

C:\Windows\System\qfeQCyH.exe

C:\Windows\System\qfeQCyH.exe

C:\Windows\System\BBFRPZG.exe

C:\Windows\System\BBFRPZG.exe

C:\Windows\System\mNraWDv.exe

C:\Windows\System\mNraWDv.exe

C:\Windows\System\UznNLQv.exe

C:\Windows\System\UznNLQv.exe

C:\Windows\System\znKBgFO.exe

C:\Windows\System\znKBgFO.exe

C:\Windows\System\vKxxcck.exe

C:\Windows\System\vKxxcck.exe

C:\Windows\System\nnQzxxa.exe

C:\Windows\System\nnQzxxa.exe

C:\Windows\System\vQLVqXV.exe

C:\Windows\System\vQLVqXV.exe

C:\Windows\System\ZgjhJoU.exe

C:\Windows\System\ZgjhJoU.exe

C:\Windows\System\mQIZKrl.exe

C:\Windows\System\mQIZKrl.exe

C:\Windows\System\ajrYGuj.exe

C:\Windows\System\ajrYGuj.exe

C:\Windows\System\ZwXuzJG.exe

C:\Windows\System\ZwXuzJG.exe

C:\Windows\System\WXrgckW.exe

C:\Windows\System\WXrgckW.exe

C:\Windows\System\XXvLziT.exe

C:\Windows\System\XXvLziT.exe

C:\Windows\System\nsxZPkA.exe

C:\Windows\System\nsxZPkA.exe

C:\Windows\System\ZRctgBx.exe

C:\Windows\System\ZRctgBx.exe

C:\Windows\System\iyZqAeT.exe

C:\Windows\System\iyZqAeT.exe

C:\Windows\System\PKdxFOl.exe

C:\Windows\System\PKdxFOl.exe

C:\Windows\System\LvIXrOQ.exe

C:\Windows\System\LvIXrOQ.exe

C:\Windows\System\luCnvnu.exe

C:\Windows\System\luCnvnu.exe

C:\Windows\System\YAHlWUK.exe

C:\Windows\System\YAHlWUK.exe

C:\Windows\System\eyBoZaz.exe

C:\Windows\System\eyBoZaz.exe

C:\Windows\System\NKXXuWB.exe

C:\Windows\System\NKXXuWB.exe

C:\Windows\System\NBokyZH.exe

C:\Windows\System\NBokyZH.exe

C:\Windows\System\JgxaGaq.exe

C:\Windows\System\JgxaGaq.exe

C:\Windows\System\rciOBzQ.exe

C:\Windows\System\rciOBzQ.exe

C:\Windows\System\jBWpZIi.exe

C:\Windows\System\jBWpZIi.exe

C:\Windows\System\UzYkroh.exe

C:\Windows\System\UzYkroh.exe

C:\Windows\System\ekVoZiX.exe

C:\Windows\System\ekVoZiX.exe

C:\Windows\System\EKzAHIs.exe

C:\Windows\System\EKzAHIs.exe

C:\Windows\System\CAqxBdy.exe

C:\Windows\System\CAqxBdy.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.203:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3440-0-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp

memory/3440-1-0x00000254F63B0000-0x00000254F63C0000-memory.dmp

C:\Windows\System\dturWos.exe

MD5 6359cb0ed56294df9e4cdccecda227e0
SHA1 f55e57294e69d836e552fce238c1a801c6179068
SHA256 fb5f4dd0fb0b5cb5f95c527148bc85aa66b1f77071710abe55ff59c15cd48da1
SHA512 fe67ea14b395ec09e0ba03eb79dfd52a9cf516bcdcb6b5afea26bbfc1f4cf6e88b11580028a8a39af3f2ee8d2947eb68b98cd700afbcdc3c8c7c4ef0f0efd15c

C:\Windows\System\uojDkwG.exe

MD5 816bd7cd7eb5a904b0b09fb886cb4433
SHA1 39014cbdf5f05df2c64de564781c2872852b4d2b
SHA256 e9d81b47b63e292fb25a2165b8d515606b4bd272b149d9dbf66eef4d1704a5b3
SHA512 5fde446fc2967d206ead03b5d3407d01fc668fdc62ed5f5f1c22f1203bbe0c8545eceefc879d273689eafcefbe78188fe32f3d0751d4efda7131d552eda85003

C:\Windows\System\clQEhsI.exe

MD5 a650ae584cd2773dec8e17357bf48cfc
SHA1 b83eea37b2c3467f01bd87c21e3682e43cd10d0b
SHA256 f3a2aa64f0443be753cec7875543685347e70b1c8e66db627f01eddf050d57d1
SHA512 de5a97cd911bb02c7e9573e7b3aafafe94a95847368269d59fc0b1f8f504289ad1574bafd0584ebc33f05d397ff52bad875a7195cc2a019ab93c31716a9faaa2

C:\Windows\System\dedaMKb.exe

MD5 3f00a321b6b38e058f0ed4e7bab597c9
SHA1 8b4915b5ff8e3373c08d151e7e172d750efc2f77
SHA256 95ca67ca18740aea3ed3170f2467df8c45ebb6add81daa04668ee5c475afe950
SHA512 d2be0cd248e044aa6c24882c9e7b3497bc91682f2f5f27e3402038bb373ed70efe29db068178214327e46b649aa87b77286613464e65da220aa0410e3dbbe989

memory/2532-29-0x00007FF7B87E0000-0x00007FF7B8B34000-memory.dmp

C:\Windows\System\BzeJBeE.exe

MD5 20d3e4878707d733a26832231bacc35d
SHA1 0668e04905cf557da1783a359e861402290a45f3
SHA256 eb9feca899b60b5e9b54ea6c3188867f205a9110cccdf63ed4703d0d2055d89a
SHA512 d8f3f02344005c217edf66f2afce54e2c8d132e1791eb7c261b04a107a9adb1a6d9058a50cc0ca72ae8decc45cccadfe728c6e6ef3d1e7b886f15f383922ff92

C:\Windows\System\dAVcFSo.exe

MD5 0062dd821dfe1e24f179a9aff3919745
SHA1 5918996fb833f9dd15bfdc571230a2c7b7f545f8
SHA256 609636b85e9247e4df7052ebbfa770fc94d5d4c478cdf0eee0535ac92af98cd4
SHA512 31c1cdf2b96127ae53bd2a524fd96ac07dfda39581c48e6309b4a5a3cda2c3990024b176fd0b34356993acfeb28fd9d482435374426c31e0f58a07f9b3c4c59b

C:\Windows\System\WiOopUo.exe

MD5 845fc492c9f110a4965d6321601dbd9a
SHA1 24914503722bba4f3e2ae4f20ba76c17a1724d3a
SHA256 6d3b9ba4831a4d56f895ae906ccac9abddece42995cf39698ef492858fc5ea50
SHA512 9cddb10dcc0b0808397ab97cacc8bbd832179a1f74802a270165ffba1c86d5842be38568f094ded5c4736645c6c2881c30f0b88c738bf7107236743f78e1b5ce

C:\Windows\System\pJlfFOt.exe

MD5 1f41c714b0af42ace88c744d98974865
SHA1 5cdd70f1b69cea3d9895a8fae9a0cdb748d36a27
SHA256 56638b38aeeba9f8e485f85519499ebc19b14cd524f5db6badc551938aa157eb
SHA512 bc61140e20718e6a307f83c6554d6ea5e34cc824d931a1720d514070a196cfa239949c3d7891b1b576955155b265244abee5ba0661afa5205d27cff810b8de8e

C:\Windows\System\xHDsvNK.exe

MD5 2ac3f27651a692c9ec6443f24a6eac7b
SHA1 bcd6ef16af1110b2f330855b1e3a4a078e5875b0
SHA256 50915866420b1bec6f765ce99d355d71b64dc2c40c8bc335f5478d0d91fbe4ff
SHA512 5f5092759024c4b81c7e474795377c1e7bd1a3fc3c1e0191254e5f08330761e774d4328375b862fab0573633d0f87fa8be7c4dea9573d5dba0a46d1667627c63

C:\Windows\System\ftCEeuB.exe

MD5 8b32ec53cf22e5903d36a96a7e7a979e
SHA1 a301f4c90e614b50fdad034878ec10e6c1f6aef6
SHA256 335839d04fd6feac696eedfe74e9acdf1556be230617a8809cb13cda28fca7ab
SHA512 df073795a006a8fd171acf5127c16b0ec27376355c64c94fa06203c72c87af31b254b0664a89fece3abff97d04be2c554e39a1febff1510f27f2d6bbab2e7994

C:\Windows\System\ykQiEbs.exe

MD5 dd0e414742a280a2cce8257fc499b8d5
SHA1 2c88b2cfad6fc7fa4ee1d1130b5bfd322eaeb96e
SHA256 000a6ebceff94937f9636eba7592c786450bd03a06e5f870d1e01874410e1b2a
SHA512 44ba143a91aa06ec748ac57cd4f7c247f2289015c36350e6c5ae7fc4b21445594e4bc5fef8c8ae7486d6e393a960b3064be9dc3f858fe1ac50dae3ff9ecefb27

memory/4980-695-0x00007FF77C8C0000-0x00007FF77CC14000-memory.dmp

C:\Windows\System\hlKzNfa.exe

MD5 c45c66a24132db496ff53fe63b6d9bc8
SHA1 d485d4de02e71099858703ad5f710ed1b41ccce7
SHA256 c7d4d06544b4a546bdb26da96022f80210696b42e8cd4e7d6d7e08961adb6c90
SHA512 365934947ca05a5502a1b539037a8212c816c415750b621f71f04d2e9471d5e7025947538b523c3141d4b8d1b48d0dafa0dcacb663a65a83c8cf159b367c6f7f

memory/4488-696-0x00007FF767230000-0x00007FF767584000-memory.dmp

C:\Windows\System\gjcrDCn.exe

MD5 d208f1ea0ecef76dc47eaf19b922498b
SHA1 cd4ee9ce87f2eacdab2a4658e1cdd44c0165b8a3
SHA256 1d6679f08eca09bde7c8d321584482ac9c7dc628992bb4040d07b8ef687fdd32
SHA512 a295c6e2d609cc83e6e3275881bbb0b63abd32488c9237cea2a11de23ca414a3380b7ef4be17afd73e7cf6d47ebde2d6e08e3151ffea32b26b2dd5a9b9c9a0bc

C:\Windows\System\PDntHbZ.exe

MD5 6e3b586b5b35e8edc474a532ee95fae4
SHA1 e5e21e56100be7fb4bb811cbb45d4a27789aedeb
SHA256 1f3bb2a216dea835b3ce46b952aaae7fe9f4297f5e4222b5c3e2f9aef423909e
SHA512 bfce0ac1e7e65cea382dac0bd414af4d46183eafd35555163b67c876441aa80ab960a23db9a9ff714e010681facad32f7ca1aaff810424208179137cbbf43c35

C:\Windows\System\MKRpdEI.exe

MD5 d29d1894b3fd121648308eaaaf7f5e5d
SHA1 8ed30d622155d8e1eb88f6808905a4dde5d55b7c
SHA256 7cc92c28efa8cc0552d4739fb68c0c09c3bb3b7de55b026235dc5568530b75e9
SHA512 f2ff0fdf312e36396e3690f912f88f5acfd19dc38c33e9c06e2860f024c224407116c3428a03b884f2a49c7decaefb3c93b10d5b2a3ddbcfff5a2a6e3f9c401f

memory/548-697-0x00007FF750380000-0x00007FF7506D4000-memory.dmp

C:\Windows\System\CXMkHsr.exe

MD5 68268d3b734fea0475657c0a972009ad
SHA1 43c1415ffbe666a307968e87514a3082bce75161
SHA256 8bdd03ddffcea4079180a99d78541b1c0c8ae426b37ce885c8d0130422a1690a
SHA512 f94fc85617b05e1734f0ed8ab62d7fb59d9288f95b8d964ad5b18956573aa5a02115feefd3ee75b6cd65f3a69a6b887ec06c97dc9be19369cddde76d9dd81e0a

memory/2392-698-0x00007FF6801C0000-0x00007FF680514000-memory.dmp

C:\Windows\System\flvhlsI.exe

MD5 c03c95d01d119e8d06d1b4fe117df44f
SHA1 2ecb9507c3e6cb1d00fb3d596b8f46baf50f2da0
SHA256 684b7ad3fa97661189663fdd2a9c31605697c52a724ca22f29fbb85f9ebfad63
SHA512 9887f4b479e4fb07d5f5288e00a080d91b4a88d4c2a42e5e036da9e69caefe473634ff7b44e34c68e5be4a021488ca09476e100d9c989004538085ca9ec57992

memory/400-699-0x00007FF6907C0000-0x00007FF690B14000-memory.dmp

memory/896-700-0x00007FF6253B0000-0x00007FF625704000-memory.dmp

C:\Windows\System\Lbreawg.exe

MD5 cb47ea06e9cdc76295e530bd4706dabd
SHA1 fc48570ad0b6f09bf905cf39f628a3a3b0d06d23
SHA256 9044200289ae3d78f2f183cbba833dbd539d1512396c15fe0072138b6b7010bd
SHA512 5bc52d4873edcb13c1ce05518b0f09f1cc1f6e5263ad75bc56cf48ac43bf6d2104bd89117c7a13e98a9fce88a6634142305da1bc5d0502a09606e4ba66d85acc

memory/2724-701-0x00007FF69C470000-0x00007FF69C7C4000-memory.dmp

memory/3372-702-0x00007FF7DCB10000-0x00007FF7DCE64000-memory.dmp

C:\Windows\System\gMEuzVD.exe

MD5 277f4537305b3d5bebd7d046a215edf5
SHA1 a11bbd0c83a4e1f543c3e947bb7f405b3acd7054
SHA256 3b746db21b8ad136604b282086902bf84b50ae1c0cf4113ec11336c5151bb93e
SHA512 a8c9168d5d6ae21ece861478d898a5fc49dd32bda1662b363c027ba949f3a8cb7efff8a4f9dc4974466ed2092425de17e69e82e4c95e463d5a81977722bdc3b2

memory/4772-715-0x00007FF7A8760000-0x00007FF7A8AB4000-memory.dmp

memory/3652-720-0x00007FF6CCCC0000-0x00007FF6CD014000-memory.dmp

memory/3240-749-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp

memory/4468-745-0x00007FF69A490000-0x00007FF69A7E4000-memory.dmp

memory/3716-742-0x00007FF698130000-0x00007FF698484000-memory.dmp

memory/1912-780-0x00007FF6B0840000-0x00007FF6B0B94000-memory.dmp

memory/2008-774-0x00007FF6F77E0000-0x00007FF6F7B34000-memory.dmp

memory/2272-765-0x00007FF78BC60000-0x00007FF78BFB4000-memory.dmp

memory/960-764-0x00007FF6CA7A0000-0x00007FF6CAAF4000-memory.dmp

memory/2452-761-0x00007FF66CF20000-0x00007FF66D274000-memory.dmp

memory/4372-760-0x00007FF7438D0000-0x00007FF743C24000-memory.dmp

memory/4680-755-0x00007FF745150000-0x00007FF7454A4000-memory.dmp

memory/3404-736-0x00007FF61AE40000-0x00007FF61B194000-memory.dmp

memory/3980-730-0x00007FF7F4240000-0x00007FF7F4594000-memory.dmp

memory/4176-725-0x00007FF705660000-0x00007FF7059B4000-memory.dmp

memory/3088-711-0x00007FF6F6330000-0x00007FF6F6684000-memory.dmp

memory/412-707-0x00007FF62BB50000-0x00007FF62BEA4000-memory.dmp

C:\Windows\System\RNLPVcp.exe

MD5 0db7876b759452fddbd073a74edad9d5
SHA1 008badf9a3607a3b877af83392aa815bb37a7c8f
SHA256 27e512fc097b69158700428281ea72c04ba2bae749ebd315e3a0aa0a19a90158
SHA512 de3793de4336b686012a06c7bfda02ced34de2c4721b07f74ff6c39f93cffe188ac0a0089d9567028f58581df215319fa4a92da56fd2f142f0e382d9cb0e83a2

C:\Windows\System\OXJeYLw.exe

MD5 5a597d2bf2b27474dfab7ee40cffdda2
SHA1 2d37decfeb5d28636434fc11a738c3c4a679eb8e
SHA256 fcb47d295decd181d5f7c6da0c9e09205dbb7b714c68c10f1b949be0b9eca175
SHA512 90e2bde9d5464ba83ca303a3403f443a8b18b2947a95ebf22a12fd08741ceb58e6b67e68d23c6d4ca67a55e89dcd2ab3affe1a5f0b7a5081b9d55a4601b8fae5

C:\Windows\System\XMimEJV.exe

MD5 91dbcc3f5b765b83175641bbb0cea67c
SHA1 a944d76a4165945705cd142a3c66454b68e4aced
SHA256 1ab53bceb2cb2b4d4bb75d999bc6a91869ff78b673ec1c239edfd3fac4f2f30b
SHA512 f13c361639fdd355c557f7d93ab0c3da8453488e57e10536e38bee3f62fd2fcc916bd18140b4a8a6c8a15b6265b5f77b1ed2417f6fe03f410f3fbbca73601e5e

C:\Windows\System\UfyfhBO.exe

MD5 46f64d8e770e712f34ba4c82a4aabaea
SHA1 3954a743c07588d784f9f0134f1ed61085580c95
SHA256 7029cbcdb4b3ec988928280332f0150048bb27936eadf7c17890ef8c1bd0a17a
SHA512 97f935cc2f58a5d9086addea5fbf6f39b587a7b44277d96289f862a623c407b0a34bade8a959652aa7958e4fedf17dfff761710dedf29204e57972e6304cf9db

C:\Windows\System\SELXOKD.exe

MD5 62ec1d4bfd6b2223f5dce22e153e6f77
SHA1 08af5dce086bb4f7e508289386931ff9b58ec6d3
SHA256 e52b391d1a7793d2ec36415f862f201bdd5c7f957a74e7d307319513f8177bfb
SHA512 d6aa9be31bf8b8dbf3fca86982b65f6e7f8da4ba3a1115f7155dd45129ea91b3078cc4bfa540d1b3b77534f1b2aaacbf41c1d04ab11bb5850b91d4e9bd8585ec

C:\Windows\System\mlkKtiz.exe

MD5 e1ad927707b02a0a639115b574bfb246
SHA1 7fa79712331c5dcc1f6fae90d818b0f55ff0eef5
SHA256 cff61d5fa2d3f283dfbf60948f86fae022892d0599fc1cc2b509756c1972228a
SHA512 6bb5656ae04faca22026f11f5af6e3b740b13e1dafbf63f97737f749d9604c8ebe56c3c45722fbfce35823166413e09272062bc02daeeacf6efd1f1afabe1a46

C:\Windows\System\CJBhmXl.exe

MD5 572c5e244c204fdd804069c6d9b56220
SHA1 f82205344f6a4de1e39af2e60efb2c8f32388374
SHA256 938f95c404abef77974bcdd67d4079f3161e4a52a657e02cb1d212e3452a27a3
SHA512 f11e6dffa69ed03260cbcd94ebd60fc1504ac3f27e4414abb8f2f9c71a4247585d4a6d548d4198bf44a5dd1630de9df201fbc7006cd2f988337d28f4c6ce41dc

C:\Windows\System\mNtEdUV.exe

MD5 0fd35860f9a1f3696bca0a8b9c058c78
SHA1 eeca00faa7ab0c924d017a04ab4c768106288afd
SHA256 2860f5520c7336c13459c7af315d6cf2fa1809c50971e7ae7687861fc32cfc29
SHA512 5d05e7d8b8e5d1efdd06f75ec8ca7a785ccde7d276d4aadb4a06b863aa2ae987042e51f2e205f7c19106e8e2a6935b789144cb7a324cc0d84579a449950bbd1b

C:\Windows\System\sSzMCBH.exe

MD5 73d6e0cc153fba3707d50cb92a046c3b
SHA1 601857636b41d2f03af69bbc5da4016a89d9d19a
SHA256 12e1ce799d4c2368b38ae520bf174a0bc6648c5666b2a1d3cb7c77127eafd9fd
SHA512 1497c372dd792ed9e9808a0d77236caaadd335427f0d817a6c3efd02b2523367e9e929424ecce5f275520a004a14c77d0da21f2268f95a31d5e1e0b5ad4092de

C:\Windows\System\KWctSiL.exe

MD5 018d2372e6da48e01bdb09ceaaafe054
SHA1 b1ca4450a151c7e0096bf0f1e8b5ff6e9516b17e
SHA256 4ce363bca55a526ee9f2ff74f863027141fe195462edb5ccbb7653a03d6b5f4c
SHA512 28d3a32bbc024d743e63b84f0f944063ca97e62e44f4ca41e510726ab83e7118c00947027c61f8f0ddd800587c2519efab1725aff02906791c846773c1c99342

C:\Windows\System\PgwWXey.exe

MD5 f664a9e4e994881416b2c805f76d1ebf
SHA1 5da45fee418b775d6d8f0d3525d15114dc471ceb
SHA256 e7f6a296cab61f80a70719dd8ef7a6065becd275e68e39688c5e1867a7cf8a5f
SHA512 8d7d396da7de654a6098db6b2dfa790cde4627dbc9ecbf07cd611e27bfb390899866e05cb53617b473c984a43e2139a9820dde9b4fe63d9a02dbef26745dfa0f

C:\Windows\System\rumLIsA.exe

MD5 b422e43c3f868958dd2e50461ef5bedb
SHA1 4db90848240c9a4be9905d1757978dbfc4f02e40
SHA256 a83113d6d7051d8dc349540c96c5c628e082c70dd6a2edef24e6c6482664bb42
SHA512 5491d536b1634a52d783e5da3680c5a892c3373cc5c4f6299474a2d5fc3412139fdd50532d404785f3070bcb0c89aaea71bc32d310776ccaf2abe252962e1044

memory/1952-28-0x00007FF7229B0000-0x00007FF722D04000-memory.dmp

memory/948-22-0x00007FF6F7950000-0x00007FF6F7CA4000-memory.dmp

memory/1920-14-0x00007FF6567C0000-0x00007FF656B14000-memory.dmp

C:\Windows\System\OajbJgu.exe

MD5 d24b660b6ac4356f6cc9295c1a772329
SHA1 48681d9c29517110b4736cc0bc8ab9d7c3e5d80b
SHA256 3efde8fc2b241fd74210b843455bf96e248606c97564a5e4ab80e1b93aaaa74e
SHA512 c72d410e9259e8a77ce8a89e1404207d575ad52f8f0acc7149291082fab38aec4c94fc526b17cf08ee1f48e29983c3e2fbed5fd5be81e0eae649c02a055942c1

memory/3440-1070-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp

memory/1920-1071-0x00007FF6567C0000-0x00007FF656B14000-memory.dmp

memory/4980-1072-0x00007FF77C8C0000-0x00007FF77CC14000-memory.dmp

memory/948-1073-0x00007FF6F7950000-0x00007FF6F7CA4000-memory.dmp

memory/1920-1074-0x00007FF6567C0000-0x00007FF656B14000-memory.dmp

memory/1952-1075-0x00007FF7229B0000-0x00007FF722D04000-memory.dmp

memory/2532-1076-0x00007FF7B87E0000-0x00007FF7B8B34000-memory.dmp

memory/4488-1079-0x00007FF767230000-0x00007FF767584000-memory.dmp

memory/548-1080-0x00007FF750380000-0x00007FF7506D4000-memory.dmp

memory/400-1082-0x00007FF6907C0000-0x00007FF690B14000-memory.dmp

memory/896-1083-0x00007FF6253B0000-0x00007FF625704000-memory.dmp

memory/412-1086-0x00007FF62BB50000-0x00007FF62BEA4000-memory.dmp

memory/4772-1088-0x00007FF7A8760000-0x00007FF7A8AB4000-memory.dmp

memory/3088-1087-0x00007FF6F6330000-0x00007FF6F6684000-memory.dmp

memory/3652-1089-0x00007FF6CCCC0000-0x00007FF6CD014000-memory.dmp

memory/3716-1093-0x00007FF698130000-0x00007FF698484000-memory.dmp

memory/3240-1095-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp

memory/4468-1094-0x00007FF69A490000-0x00007FF69A7E4000-memory.dmp

memory/2452-1098-0x00007FF66CF20000-0x00007FF66D274000-memory.dmp

memory/960-1099-0x00007FF6CA7A0000-0x00007FF6CAAF4000-memory.dmp

memory/2008-1101-0x00007FF6F77E0000-0x00007FF6F7B34000-memory.dmp

memory/2272-1100-0x00007FF78BC60000-0x00007FF78BFB4000-memory.dmp

memory/4372-1097-0x00007FF7438D0000-0x00007FF743C24000-memory.dmp

memory/4680-1096-0x00007FF745150000-0x00007FF7454A4000-memory.dmp

memory/3404-1092-0x00007FF61AE40000-0x00007FF61B194000-memory.dmp

memory/3980-1091-0x00007FF7F4240000-0x00007FF7F4594000-memory.dmp

memory/4176-1090-0x00007FF705660000-0x00007FF7059B4000-memory.dmp

memory/3372-1085-0x00007FF7DCB10000-0x00007FF7DCE64000-memory.dmp

memory/2724-1084-0x00007FF69C470000-0x00007FF69C7C4000-memory.dmp

memory/2392-1081-0x00007FF6801C0000-0x00007FF680514000-memory.dmp

memory/1912-1078-0x00007FF6B0840000-0x00007FF6B0B94000-memory.dmp

memory/4980-1077-0x00007FF77C8C0000-0x00007FF77CC14000-memory.dmp