Malware Analysis Report

2024-10-10 09:07

Sample ID 240607-2b18yaed88
Target 729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe
SHA256 a3286c5d6179fef6a4fde58adb4f0bcee14fa860b1822a93d3e367935fd2647a
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a3286c5d6179fef6a4fde58adb4f0bcee14fa860b1822a93d3e367935fd2647a

Threat Level: Known bad

The file 729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Xmrig family

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 22:25

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 22:25

Reported

2024-06-07 22:29

Platform

win10v2004-20240426-en

Max time kernel

2s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oJEwHoQ.exe N/A
N/A N/A C:\Windows\System\XJZmneG.exe N/A
N/A N/A C:\Windows\System\OWKxKQa.exe N/A
N/A N/A C:\Windows\System\WpJnBtp.exe N/A
N/A N/A C:\Windows\System\QoEcQlC.exe N/A
N/A N/A C:\Windows\System\GVpHKxS.exe N/A
N/A N/A C:\Windows\System\EufpGJp.exe N/A
N/A N/A C:\Windows\System\PtoUGCj.exe N/A
N/A N/A C:\Windows\System\LGEEYuV.exe N/A
N/A N/A C:\Windows\System\dPSTDCs.exe N/A
N/A N/A C:\Windows\System\XUThpzA.exe N/A
N/A N/A C:\Windows\System\noHuEjU.exe N/A
N/A N/A C:\Windows\System\ptIPHwb.exe N/A
N/A N/A C:\Windows\System\daSXPUY.exe N/A
N/A N/A C:\Windows\System\XORHLKP.exe N/A
N/A N/A C:\Windows\System\dwUGucy.exe N/A
N/A N/A C:\Windows\System\xZCSRxE.exe N/A
N/A N/A C:\Windows\System\cBbANYf.exe N/A
N/A N/A C:\Windows\System\wXAffzN.exe N/A
N/A N/A C:\Windows\System\XNgfetd.exe N/A
N/A N/A C:\Windows\System\AzhHebO.exe N/A
N/A N/A C:\Windows\System\ElWbSZd.exe N/A
N/A N/A C:\Windows\System\Ceklrme.exe N/A
N/A N/A C:\Windows\System\SBWbjcw.exe N/A
N/A N/A C:\Windows\System\TqUwEDH.exe N/A
N/A N/A C:\Windows\System\creLdCQ.exe N/A
N/A N/A C:\Windows\System\FqguyPZ.exe N/A
N/A N/A C:\Windows\System\NxTGxDH.exe N/A
N/A N/A C:\Windows\System\ugQeYeb.exe N/A
N/A N/A C:\Windows\System\zYzSCQz.exe N/A
N/A N/A C:\Windows\System\CddOklx.exe N/A
N/A N/A C:\Windows\System\DoxcJHN.exe N/A
N/A N/A C:\Windows\System\fBMyUJR.exe N/A
N/A N/A C:\Windows\System\KVbloHV.exe N/A
N/A N/A C:\Windows\System\UvfKLCR.exe N/A
N/A N/A C:\Windows\System\PPqccoy.exe N/A
N/A N/A C:\Windows\System\XYxGFOf.exe N/A
N/A N/A C:\Windows\System\GvdzWPc.exe N/A
N/A N/A C:\Windows\System\iDpRWse.exe N/A
N/A N/A C:\Windows\System\OCkbtum.exe N/A
N/A N/A C:\Windows\System\SOpQMqX.exe N/A
N/A N/A C:\Windows\System\LhptReS.exe N/A
N/A N/A C:\Windows\System\HikbHMS.exe N/A
N/A N/A C:\Windows\System\KgoxNza.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LhptReS.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtoUGCj.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptIPHwb.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwUGucy.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBbANYf.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBWbjcw.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxTGxDH.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBMyUJR.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVbloHV.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWKxKQa.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\daSXPUY.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZCSRxE.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDpRWse.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgoxNza.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zYzSCQz.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XYxGFOf.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJibuwS.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVpHKxS.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUThpzA.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AzhHebO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HikbHMS.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJZmneG.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\QoEcQlC.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOpQMqX.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElWbSZd.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvdzWPc.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ceklrme.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqguyPZ.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugQeYeb.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoxcJHN.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvfKLCR.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\oJEwHoQ.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\EufpGJp.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dPSTDCs.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XORHLKP.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqUwEDH.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpJnBtp.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGEEYuV.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\noHuEjU.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\CddOklx.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPqccoy.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCkbtum.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXAffzN.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNgfetd.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\creLdCQ.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1580 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\oJEwHoQ.exe
PID 1580 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\oJEwHoQ.exe
PID 1580 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XJZmneG.exe
PID 1580 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XJZmneG.exe
PID 1580 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\OWKxKQa.exe
PID 1580 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\OWKxKQa.exe
PID 1580 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\WpJnBtp.exe
PID 1580 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\WpJnBtp.exe
PID 1580 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\QoEcQlC.exe
PID 1580 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\QoEcQlC.exe
PID 1580 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\GVpHKxS.exe
PID 1580 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\GVpHKxS.exe
PID 1580 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\EufpGJp.exe
PID 1580 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\EufpGJp.exe
PID 1580 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\PtoUGCj.exe
PID 1580 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\PtoUGCj.exe
PID 1580 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\LGEEYuV.exe
PID 1580 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\LGEEYuV.exe
PID 1580 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dPSTDCs.exe
PID 1580 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dPSTDCs.exe
PID 1580 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\noHuEjU.exe
PID 1580 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\noHuEjU.exe
PID 1580 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XUThpzA.exe
PID 1580 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XUThpzA.exe
PID 1580 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ptIPHwb.exe
PID 1580 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ptIPHwb.exe
PID 1580 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\daSXPUY.exe
PID 1580 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\daSXPUY.exe
PID 1580 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XORHLKP.exe
PID 1580 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XORHLKP.exe
PID 1580 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dwUGucy.exe
PID 1580 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dwUGucy.exe
PID 1580 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\xZCSRxE.exe
PID 1580 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\xZCSRxE.exe
PID 1580 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\cBbANYf.exe
PID 1580 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\cBbANYf.exe
PID 1580 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\wXAffzN.exe
PID 1580 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\wXAffzN.exe
PID 1580 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XNgfetd.exe
PID 1580 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XNgfetd.exe
PID 1580 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\AzhHebO.exe
PID 1580 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\AzhHebO.exe
PID 1580 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ElWbSZd.exe
PID 1580 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ElWbSZd.exe
PID 1580 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\Ceklrme.exe
PID 1580 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\Ceklrme.exe
PID 1580 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\SBWbjcw.exe
PID 1580 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\SBWbjcw.exe
PID 1580 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\TqUwEDH.exe
PID 1580 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\TqUwEDH.exe
PID 1580 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\creLdCQ.exe
PID 1580 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\creLdCQ.exe
PID 1580 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\FqguyPZ.exe
PID 1580 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\FqguyPZ.exe
PID 1580 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\NxTGxDH.exe
PID 1580 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\NxTGxDH.exe
PID 1580 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ugQeYeb.exe
PID 1580 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ugQeYeb.exe
PID 1580 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\zYzSCQz.exe
PID 1580 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\zYzSCQz.exe
PID 1580 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\CddOklx.exe
PID 1580 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\CddOklx.exe
PID 1580 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\DoxcJHN.exe
PID 1580 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\DoxcJHN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe"

C:\Windows\System\oJEwHoQ.exe

C:\Windows\System\oJEwHoQ.exe

C:\Windows\System\XJZmneG.exe

C:\Windows\System\XJZmneG.exe

C:\Windows\System\OWKxKQa.exe

C:\Windows\System\OWKxKQa.exe

C:\Windows\System\WpJnBtp.exe

C:\Windows\System\WpJnBtp.exe

C:\Windows\System\QoEcQlC.exe

C:\Windows\System\QoEcQlC.exe

C:\Windows\System\GVpHKxS.exe

C:\Windows\System\GVpHKxS.exe

C:\Windows\System\EufpGJp.exe

C:\Windows\System\EufpGJp.exe

C:\Windows\System\PtoUGCj.exe

C:\Windows\System\PtoUGCj.exe

C:\Windows\System\LGEEYuV.exe

C:\Windows\System\LGEEYuV.exe

C:\Windows\System\dPSTDCs.exe

C:\Windows\System\dPSTDCs.exe

C:\Windows\System\noHuEjU.exe

C:\Windows\System\noHuEjU.exe

C:\Windows\System\XUThpzA.exe

C:\Windows\System\XUThpzA.exe

C:\Windows\System\ptIPHwb.exe

C:\Windows\System\ptIPHwb.exe

C:\Windows\System\daSXPUY.exe

C:\Windows\System\daSXPUY.exe

C:\Windows\System\XORHLKP.exe

C:\Windows\System\XORHLKP.exe

C:\Windows\System\dwUGucy.exe

C:\Windows\System\dwUGucy.exe

C:\Windows\System\xZCSRxE.exe

C:\Windows\System\xZCSRxE.exe

C:\Windows\System\cBbANYf.exe

C:\Windows\System\cBbANYf.exe

C:\Windows\System\wXAffzN.exe

C:\Windows\System\wXAffzN.exe

C:\Windows\System\XNgfetd.exe

C:\Windows\System\XNgfetd.exe

C:\Windows\System\AzhHebO.exe

C:\Windows\System\AzhHebO.exe

C:\Windows\System\ElWbSZd.exe

C:\Windows\System\ElWbSZd.exe

C:\Windows\System\Ceklrme.exe

C:\Windows\System\Ceklrme.exe

C:\Windows\System\SBWbjcw.exe

C:\Windows\System\SBWbjcw.exe

C:\Windows\System\TqUwEDH.exe

C:\Windows\System\TqUwEDH.exe

C:\Windows\System\creLdCQ.exe

C:\Windows\System\creLdCQ.exe

C:\Windows\System\FqguyPZ.exe

C:\Windows\System\FqguyPZ.exe

C:\Windows\System\NxTGxDH.exe

C:\Windows\System\NxTGxDH.exe

C:\Windows\System\ugQeYeb.exe

C:\Windows\System\ugQeYeb.exe

C:\Windows\System\zYzSCQz.exe

C:\Windows\System\zYzSCQz.exe

C:\Windows\System\CddOklx.exe

C:\Windows\System\CddOklx.exe

C:\Windows\System\DoxcJHN.exe

C:\Windows\System\DoxcJHN.exe

C:\Windows\System\fBMyUJR.exe

C:\Windows\System\fBMyUJR.exe

C:\Windows\System\KVbloHV.exe

C:\Windows\System\KVbloHV.exe

C:\Windows\System\UvfKLCR.exe

C:\Windows\System\UvfKLCR.exe

C:\Windows\System\PPqccoy.exe

C:\Windows\System\PPqccoy.exe

C:\Windows\System\XYxGFOf.exe

C:\Windows\System\XYxGFOf.exe

C:\Windows\System\GvdzWPc.exe

C:\Windows\System\GvdzWPc.exe

C:\Windows\System\iDpRWse.exe

C:\Windows\System\iDpRWse.exe

C:\Windows\System\OCkbtum.exe

C:\Windows\System\OCkbtum.exe

C:\Windows\System\SOpQMqX.exe

C:\Windows\System\SOpQMqX.exe

C:\Windows\System\LhptReS.exe

C:\Windows\System\LhptReS.exe

C:\Windows\System\HikbHMS.exe

C:\Windows\System\HikbHMS.exe

C:\Windows\System\KgoxNza.exe

C:\Windows\System\KgoxNza.exe

C:\Windows\System\SJibuwS.exe

C:\Windows\System\SJibuwS.exe

C:\Windows\System\nDYhzYI.exe

C:\Windows\System\nDYhzYI.exe

C:\Windows\System\XatRUAy.exe

C:\Windows\System\XatRUAy.exe

C:\Windows\System\yLCagbg.exe

C:\Windows\System\yLCagbg.exe

C:\Windows\System\IbdeQeL.exe

C:\Windows\System\IbdeQeL.exe

C:\Windows\System\IsDVaZR.exe

C:\Windows\System\IsDVaZR.exe

C:\Windows\System\tYgPAbY.exe

C:\Windows\System\tYgPAbY.exe

C:\Windows\System\JuJzVdC.exe

C:\Windows\System\JuJzVdC.exe

C:\Windows\System\euquQom.exe

C:\Windows\System\euquQom.exe

C:\Windows\System\wZcpHvF.exe

C:\Windows\System\wZcpHvF.exe

C:\Windows\System\GfrkuIL.exe

C:\Windows\System\GfrkuIL.exe

C:\Windows\System\GlkcuJV.exe

C:\Windows\System\GlkcuJV.exe

C:\Windows\System\aLYhPtL.exe

C:\Windows\System\aLYhPtL.exe

C:\Windows\System\svwtOZd.exe

C:\Windows\System\svwtOZd.exe

C:\Windows\System\GmMbByC.exe

C:\Windows\System\GmMbByC.exe

C:\Windows\System\kiPfIZo.exe

C:\Windows\System\kiPfIZo.exe

C:\Windows\System\lMvrDsd.exe

C:\Windows\System\lMvrDsd.exe

C:\Windows\System\rkiDxEQ.exe

C:\Windows\System\rkiDxEQ.exe

C:\Windows\System\ZXnhGfG.exe

C:\Windows\System\ZXnhGfG.exe

C:\Windows\System\fOSoECf.exe

C:\Windows\System\fOSoECf.exe

C:\Windows\System\eOChCiI.exe

C:\Windows\System\eOChCiI.exe

C:\Windows\System\ZwucKZr.exe

C:\Windows\System\ZwucKZr.exe

C:\Windows\System\XjsHwHP.exe

C:\Windows\System\XjsHwHP.exe

C:\Windows\System\YuYFgjp.exe

C:\Windows\System\YuYFgjp.exe

C:\Windows\System\ebyDRDY.exe

C:\Windows\System\ebyDRDY.exe

C:\Windows\System\vRHsVJo.exe

C:\Windows\System\vRHsVJo.exe

C:\Windows\System\PNSaAAP.exe

C:\Windows\System\PNSaAAP.exe

C:\Windows\System\HEYgXSR.exe

C:\Windows\System\HEYgXSR.exe

C:\Windows\System\aEEUiOy.exe

C:\Windows\System\aEEUiOy.exe

C:\Windows\System\enunwgz.exe

C:\Windows\System\enunwgz.exe

C:\Windows\System\JrJbZBo.exe

C:\Windows\System\JrJbZBo.exe

C:\Windows\System\cZdGpqw.exe

C:\Windows\System\cZdGpqw.exe

C:\Windows\System\LYRzuns.exe

C:\Windows\System\LYRzuns.exe

C:\Windows\System\mOoWkhn.exe

C:\Windows\System\mOoWkhn.exe

C:\Windows\System\NpgBWYx.exe

C:\Windows\System\NpgBWYx.exe

C:\Windows\System\UTaSUhm.exe

C:\Windows\System\UTaSUhm.exe

C:\Windows\System\wFzaVMd.exe

C:\Windows\System\wFzaVMd.exe

C:\Windows\System\DQPLKCu.exe

C:\Windows\System\DQPLKCu.exe

C:\Windows\System\ZPOYwfT.exe

C:\Windows\System\ZPOYwfT.exe

C:\Windows\System\MizCNyS.exe

C:\Windows\System\MizCNyS.exe

C:\Windows\System\qxtezjF.exe

C:\Windows\System\qxtezjF.exe

C:\Windows\System\qDamlZt.exe

C:\Windows\System\qDamlZt.exe

C:\Windows\System\rNfqniP.exe

C:\Windows\System\rNfqniP.exe

C:\Windows\System\npMAWXB.exe

C:\Windows\System\npMAWXB.exe

C:\Windows\System\orXrxBL.exe

C:\Windows\System\orXrxBL.exe

C:\Windows\System\flOJQBu.exe

C:\Windows\System\flOJQBu.exe

C:\Windows\System\ZORNRlO.exe

C:\Windows\System\ZORNRlO.exe

C:\Windows\System\wpIyfMP.exe

C:\Windows\System\wpIyfMP.exe

C:\Windows\System\BYWakxf.exe

C:\Windows\System\BYWakxf.exe

C:\Windows\System\anVwhim.exe

C:\Windows\System\anVwhim.exe

C:\Windows\System\MqmmMRR.exe

C:\Windows\System\MqmmMRR.exe

C:\Windows\System\CfccQVD.exe

C:\Windows\System\CfccQVD.exe

C:\Windows\System\ZkVhIbz.exe

C:\Windows\System\ZkVhIbz.exe

C:\Windows\System\ESPrYGa.exe

C:\Windows\System\ESPrYGa.exe

C:\Windows\System\Jnrlmuq.exe

C:\Windows\System\Jnrlmuq.exe

C:\Windows\System\BSjMkVR.exe

C:\Windows\System\BSjMkVR.exe

C:\Windows\System\bEPvRxO.exe

C:\Windows\System\bEPvRxO.exe

C:\Windows\System\fVNyZKt.exe

C:\Windows\System\fVNyZKt.exe

C:\Windows\System\CnQISvF.exe

C:\Windows\System\CnQISvF.exe

C:\Windows\System\CMjnQuQ.exe

C:\Windows\System\CMjnQuQ.exe

C:\Windows\System\rhZRxvp.exe

C:\Windows\System\rhZRxvp.exe

C:\Windows\System\KyxOEWe.exe

C:\Windows\System\KyxOEWe.exe

C:\Windows\System\PmKBzMw.exe

C:\Windows\System\PmKBzMw.exe

C:\Windows\System\ghqqQHG.exe

C:\Windows\System\ghqqQHG.exe

C:\Windows\System\onNzuUz.exe

C:\Windows\System\onNzuUz.exe

C:\Windows\System\eaHBrKg.exe

C:\Windows\System\eaHBrKg.exe

C:\Windows\System\EDqKnaH.exe

C:\Windows\System\EDqKnaH.exe

C:\Windows\System\ojkTCtO.exe

C:\Windows\System\ojkTCtO.exe

C:\Windows\System\OdvAlwH.exe

C:\Windows\System\OdvAlwH.exe

C:\Windows\System\vuSHgLc.exe

C:\Windows\System\vuSHgLc.exe

C:\Windows\System\iwRELLC.exe

C:\Windows\System\iwRELLC.exe

C:\Windows\System\ZdNYDMF.exe

C:\Windows\System\ZdNYDMF.exe

C:\Windows\System\DxqnZZj.exe

C:\Windows\System\DxqnZZj.exe

C:\Windows\System\ywSPLSN.exe

C:\Windows\System\ywSPLSN.exe

C:\Windows\System\UppipFx.exe

C:\Windows\System\UppipFx.exe

C:\Windows\System\wIJYrgC.exe

C:\Windows\System\wIJYrgC.exe

C:\Windows\System\lITFiUY.exe

C:\Windows\System\lITFiUY.exe

C:\Windows\System\hmowBhV.exe

C:\Windows\System\hmowBhV.exe

C:\Windows\System\xzZHEal.exe

C:\Windows\System\xzZHEal.exe

C:\Windows\System\UisDkfs.exe

C:\Windows\System\UisDkfs.exe

C:\Windows\System\UbdfBKY.exe

C:\Windows\System\UbdfBKY.exe

C:\Windows\System\XKfWjnc.exe

C:\Windows\System\XKfWjnc.exe

C:\Windows\System\jxCZrix.exe

C:\Windows\System\jxCZrix.exe

C:\Windows\System\ISmWXmT.exe

C:\Windows\System\ISmWXmT.exe

C:\Windows\System\XTELCPY.exe

C:\Windows\System\XTELCPY.exe

C:\Windows\System\vMOhXsT.exe

C:\Windows\System\vMOhXsT.exe

C:\Windows\System\UzMZNmU.exe

C:\Windows\System\UzMZNmU.exe

C:\Windows\System\NvbogDv.exe

C:\Windows\System\NvbogDv.exe

C:\Windows\System\ckFVNhB.exe

C:\Windows\System\ckFVNhB.exe

C:\Windows\System\PVtWYDA.exe

C:\Windows\System\PVtWYDA.exe

C:\Windows\System\IJKlHpT.exe

C:\Windows\System\IJKlHpT.exe

C:\Windows\System\AOpnrOD.exe

C:\Windows\System\AOpnrOD.exe

C:\Windows\System\grkFmxd.exe

C:\Windows\System\grkFmxd.exe

C:\Windows\System\TyLHLXd.exe

C:\Windows\System\TyLHLXd.exe

C:\Windows\System\UkYOxAV.exe

C:\Windows\System\UkYOxAV.exe

C:\Windows\System\gqnLmbZ.exe

C:\Windows\System\gqnLmbZ.exe

C:\Windows\System\hmfuYOo.exe

C:\Windows\System\hmfuYOo.exe

C:\Windows\System\OljCuMk.exe

C:\Windows\System\OljCuMk.exe

C:\Windows\System\xfflaZg.exe

C:\Windows\System\xfflaZg.exe

C:\Windows\System\MEFxVpN.exe

C:\Windows\System\MEFxVpN.exe

C:\Windows\System\ecXCKxl.exe

C:\Windows\System\ecXCKxl.exe

C:\Windows\System\mFdNRgi.exe

C:\Windows\System\mFdNRgi.exe

C:\Windows\System\JRmNEzd.exe

C:\Windows\System\JRmNEzd.exe

C:\Windows\System\vjCpckY.exe

C:\Windows\System\vjCpckY.exe

C:\Windows\System\JyhwfvI.exe

C:\Windows\System\JyhwfvI.exe

C:\Windows\System\jZBbCoM.exe

C:\Windows\System\jZBbCoM.exe

C:\Windows\System\iAxQcxe.exe

C:\Windows\System\iAxQcxe.exe

C:\Windows\System\hfgAkuO.exe

C:\Windows\System\hfgAkuO.exe

C:\Windows\System\IFWUWZC.exe

C:\Windows\System\IFWUWZC.exe

C:\Windows\System\XuqqJHt.exe

C:\Windows\System\XuqqJHt.exe

C:\Windows\System\CBzOYPy.exe

C:\Windows\System\CBzOYPy.exe

C:\Windows\System\BRNvOjn.exe

C:\Windows\System\BRNvOjn.exe

C:\Windows\System\BybSUbt.exe

C:\Windows\System\BybSUbt.exe

C:\Windows\System\viODYSC.exe

C:\Windows\System\viODYSC.exe

C:\Windows\System\aCbsFOT.exe

C:\Windows\System\aCbsFOT.exe

C:\Windows\System\mfoOFUg.exe

C:\Windows\System\mfoOFUg.exe

C:\Windows\System\dsBOQqj.exe

C:\Windows\System\dsBOQqj.exe

C:\Windows\System\SqycHBq.exe

C:\Windows\System\SqycHBq.exe

C:\Windows\System\LeWOAFX.exe

C:\Windows\System\LeWOAFX.exe

C:\Windows\System\RlgOgEa.exe

C:\Windows\System\RlgOgEa.exe

C:\Windows\System\gmnLwZx.exe

C:\Windows\System\gmnLwZx.exe

C:\Windows\System\qOBLYnw.exe

C:\Windows\System\qOBLYnw.exe

C:\Windows\System\RnDLvSF.exe

C:\Windows\System\RnDLvSF.exe

C:\Windows\System\LRvxFaW.exe

C:\Windows\System\LRvxFaW.exe

C:\Windows\System\eHNDfzY.exe

C:\Windows\System\eHNDfzY.exe

C:\Windows\System\euXkLPr.exe

C:\Windows\System\euXkLPr.exe

C:\Windows\System\UZyCCQu.exe

C:\Windows\System\UZyCCQu.exe

C:\Windows\System\dfkVnKo.exe

C:\Windows\System\dfkVnKo.exe

C:\Windows\System\foClVDq.exe

C:\Windows\System\foClVDq.exe

C:\Windows\System\nmtFeue.exe

C:\Windows\System\nmtFeue.exe

C:\Windows\System\EffYjet.exe

C:\Windows\System\EffYjet.exe

C:\Windows\System\xRwnOgj.exe

C:\Windows\System\xRwnOgj.exe

C:\Windows\System\vOBvKEy.exe

C:\Windows\System\vOBvKEy.exe

C:\Windows\System\fCjJYNj.exe

C:\Windows\System\fCjJYNj.exe

C:\Windows\System\fZvYcrb.exe

C:\Windows\System\fZvYcrb.exe

C:\Windows\System\oICqbdW.exe

C:\Windows\System\oICqbdW.exe

C:\Windows\System\gLzfAbg.exe

C:\Windows\System\gLzfAbg.exe

C:\Windows\System\xscOvje.exe

C:\Windows\System\xscOvje.exe

C:\Windows\System\dkPUcJt.exe

C:\Windows\System\dkPUcJt.exe

C:\Windows\System\qtoIZrv.exe

C:\Windows\System\qtoIZrv.exe

C:\Windows\System\uBByitP.exe

C:\Windows\System\uBByitP.exe

C:\Windows\System\vYpbKSt.exe

C:\Windows\System\vYpbKSt.exe

C:\Windows\System\QPQKlXH.exe

C:\Windows\System\QPQKlXH.exe

C:\Windows\System\WScZhDB.exe

C:\Windows\System\WScZhDB.exe

C:\Windows\System\cMIiJdj.exe

C:\Windows\System\cMIiJdj.exe

C:\Windows\System\yVtadwt.exe

C:\Windows\System\yVtadwt.exe

C:\Windows\System\EgBVQui.exe

C:\Windows\System\EgBVQui.exe

C:\Windows\System\avfirTK.exe

C:\Windows\System\avfirTK.exe

C:\Windows\System\XtKaXxz.exe

C:\Windows\System\XtKaXxz.exe

C:\Windows\System\ujHWTIn.exe

C:\Windows\System\ujHWTIn.exe

C:\Windows\System\KBVfsek.exe

C:\Windows\System\KBVfsek.exe

C:\Windows\System\FwapFhP.exe

C:\Windows\System\FwapFhP.exe

C:\Windows\System\HPWfHXS.exe

C:\Windows\System\HPWfHXS.exe

C:\Windows\System\dRahMrx.exe

C:\Windows\System\dRahMrx.exe

C:\Windows\System\RFwRSQw.exe

C:\Windows\System\RFwRSQw.exe

C:\Windows\System\lRlBJeI.exe

C:\Windows\System\lRlBJeI.exe

C:\Windows\System\ZxfvaBG.exe

C:\Windows\System\ZxfvaBG.exe

C:\Windows\System\ZDetgtL.exe

C:\Windows\System\ZDetgtL.exe

C:\Windows\System\jgMdrOp.exe

C:\Windows\System\jgMdrOp.exe

C:\Windows\System\yLYOzHU.exe

C:\Windows\System\yLYOzHU.exe

C:\Windows\System\sRuQoWb.exe

C:\Windows\System\sRuQoWb.exe

C:\Windows\System\pRdfQRq.exe

C:\Windows\System\pRdfQRq.exe

C:\Windows\System\dGqKXpt.exe

C:\Windows\System\dGqKXpt.exe

C:\Windows\System\MfJvZKo.exe

C:\Windows\System\MfJvZKo.exe

C:\Windows\System\qgSccYy.exe

C:\Windows\System\qgSccYy.exe

C:\Windows\System\SNseTGE.exe

C:\Windows\System\SNseTGE.exe

C:\Windows\System\jikJHca.exe

C:\Windows\System\jikJHca.exe

C:\Windows\System\BYousAY.exe

C:\Windows\System\BYousAY.exe

C:\Windows\System\cJUKCbz.exe

C:\Windows\System\cJUKCbz.exe

C:\Windows\System\uLZwzEL.exe

C:\Windows\System\uLZwzEL.exe

C:\Windows\System\cDTDJRy.exe

C:\Windows\System\cDTDJRy.exe

C:\Windows\System\DbFfQRG.exe

C:\Windows\System\DbFfQRG.exe

C:\Windows\System\WeJlQca.exe

C:\Windows\System\WeJlQca.exe

C:\Windows\System\bMVzCGz.exe

C:\Windows\System\bMVzCGz.exe

C:\Windows\System\zCPTsRG.exe

C:\Windows\System\zCPTsRG.exe

C:\Windows\System\txOJOYW.exe

C:\Windows\System\txOJOYW.exe

C:\Windows\System\BbpFSyQ.exe

C:\Windows\System\BbpFSyQ.exe

C:\Windows\System\EFTYplM.exe

C:\Windows\System\EFTYplM.exe

C:\Windows\System\mzvLvSC.exe

C:\Windows\System\mzvLvSC.exe

C:\Windows\System\eaeMtbB.exe

C:\Windows\System\eaeMtbB.exe

C:\Windows\System\sXcktgo.exe

C:\Windows\System\sXcktgo.exe

C:\Windows\System\KIVocki.exe

C:\Windows\System\KIVocki.exe

C:\Windows\System\uLyLgEf.exe

C:\Windows\System\uLyLgEf.exe

C:\Windows\System\gEcJlhZ.exe

C:\Windows\System\gEcJlhZ.exe

C:\Windows\System\yydGyVM.exe

C:\Windows\System\yydGyVM.exe

C:\Windows\System\MdkhYuM.exe

C:\Windows\System\MdkhYuM.exe

C:\Windows\System\jbyTMar.exe

C:\Windows\System\jbyTMar.exe

C:\Windows\System\JHdbxqH.exe

C:\Windows\System\JHdbxqH.exe

C:\Windows\System\kNIhFQS.exe

C:\Windows\System\kNIhFQS.exe

C:\Windows\System\SYHMETD.exe

C:\Windows\System\SYHMETD.exe

C:\Windows\System\xBLDjsI.exe

C:\Windows\System\xBLDjsI.exe

C:\Windows\System\xkxgCWg.exe

C:\Windows\System\xkxgCWg.exe

C:\Windows\System\WaYbXnO.exe

C:\Windows\System\WaYbXnO.exe

C:\Windows\System\PaPPLAl.exe

C:\Windows\System\PaPPLAl.exe

C:\Windows\System\vQoHkYx.exe

C:\Windows\System\vQoHkYx.exe

C:\Windows\System\YNlbNrA.exe

C:\Windows\System\YNlbNrA.exe

C:\Windows\System\DweIgqZ.exe

C:\Windows\System\DweIgqZ.exe

C:\Windows\System\zJpirPm.exe

C:\Windows\System\zJpirPm.exe

C:\Windows\System\RcUUkYo.exe

C:\Windows\System\RcUUkYo.exe

C:\Windows\System\ZPqtftF.exe

C:\Windows\System\ZPqtftF.exe

C:\Windows\System\ZrDpmVJ.exe

C:\Windows\System\ZrDpmVJ.exe

C:\Windows\System\QExeRno.exe

C:\Windows\System\QExeRno.exe

C:\Windows\System\cDtIvny.exe

C:\Windows\System\cDtIvny.exe

C:\Windows\System\dsgHbWf.exe

C:\Windows\System\dsgHbWf.exe

C:\Windows\System\qLIgekM.exe

C:\Windows\System\qLIgekM.exe

C:\Windows\System\mjwZxep.exe

C:\Windows\System\mjwZxep.exe

C:\Windows\System\LBtIpvM.exe

C:\Windows\System\LBtIpvM.exe

C:\Windows\System\PLVHjph.exe

C:\Windows\System\PLVHjph.exe

C:\Windows\System\AHthBLp.exe

C:\Windows\System\AHthBLp.exe

C:\Windows\System\gExuXwn.exe

C:\Windows\System\gExuXwn.exe

C:\Windows\System\LfTvWFs.exe

C:\Windows\System\LfTvWFs.exe

C:\Windows\System\VreZPsV.exe

C:\Windows\System\VreZPsV.exe

C:\Windows\System\hvXjcOL.exe

C:\Windows\System\hvXjcOL.exe

C:\Windows\System\NMxhife.exe

C:\Windows\System\NMxhife.exe

C:\Windows\System\NxUfVVo.exe

C:\Windows\System\NxUfVVo.exe

C:\Windows\System\nFoKexo.exe

C:\Windows\System\nFoKexo.exe

C:\Windows\System\bsRngpP.exe

C:\Windows\System\bsRngpP.exe

C:\Windows\System\ylvuIhV.exe

C:\Windows\System\ylvuIhV.exe

C:\Windows\System\rZHOGCL.exe

C:\Windows\System\rZHOGCL.exe

C:\Windows\System\DTVPqit.exe

C:\Windows\System\DTVPqit.exe

C:\Windows\System\gXWCywM.exe

C:\Windows\System\gXWCywM.exe

C:\Windows\System\saXvlQR.exe

C:\Windows\System\saXvlQR.exe

C:\Windows\System\CxuPLcg.exe

C:\Windows\System\CxuPLcg.exe

C:\Windows\System\yxGOVcB.exe

C:\Windows\System\yxGOVcB.exe

C:\Windows\System\IbvpPGq.exe

C:\Windows\System\IbvpPGq.exe

C:\Windows\System\iNXJbIy.exe

C:\Windows\System\iNXJbIy.exe

C:\Windows\System\HVYwYGU.exe

C:\Windows\System\HVYwYGU.exe

C:\Windows\System\FADgvrr.exe

C:\Windows\System\FADgvrr.exe

C:\Windows\System\JQuTPxc.exe

C:\Windows\System\JQuTPxc.exe

C:\Windows\System\bSpTzgr.exe

C:\Windows\System\bSpTzgr.exe

C:\Windows\System\BoTkkEi.exe

C:\Windows\System\BoTkkEi.exe

C:\Windows\System\OhWQgXO.exe

C:\Windows\System\OhWQgXO.exe

C:\Windows\System\wmwGQbi.exe

C:\Windows\System\wmwGQbi.exe

C:\Windows\System\AlkHgHp.exe

C:\Windows\System\AlkHgHp.exe

C:\Windows\System\xmYDTAI.exe

C:\Windows\System\xmYDTAI.exe

C:\Windows\System\SRoSTUu.exe

C:\Windows\System\SRoSTUu.exe

C:\Windows\System\bMnIzsv.exe

C:\Windows\System\bMnIzsv.exe

C:\Windows\System\ApFqBMw.exe

C:\Windows\System\ApFqBMw.exe

C:\Windows\System\VFlGkHB.exe

C:\Windows\System\VFlGkHB.exe

C:\Windows\System\DiesaHK.exe

C:\Windows\System\DiesaHK.exe

C:\Windows\System\eZErqNq.exe

C:\Windows\System\eZErqNq.exe

C:\Windows\System\XkYxmiX.exe

C:\Windows\System\XkYxmiX.exe

C:\Windows\System\gEPvlkf.exe

C:\Windows\System\gEPvlkf.exe

C:\Windows\System\rGexgqy.exe

C:\Windows\System\rGexgqy.exe

C:\Windows\System\xzHnPUb.exe

C:\Windows\System\xzHnPUb.exe

C:\Windows\System\dcbPIYF.exe

C:\Windows\System\dcbPIYF.exe

C:\Windows\System\dajTLsy.exe

C:\Windows\System\dajTLsy.exe

C:\Windows\System\BLoRrQZ.exe

C:\Windows\System\BLoRrQZ.exe

C:\Windows\System\oZFQeZe.exe

C:\Windows\System\oZFQeZe.exe

C:\Windows\System\cnroZfq.exe

C:\Windows\System\cnroZfq.exe

C:\Windows\System\jvIxGYL.exe

C:\Windows\System\jvIxGYL.exe

C:\Windows\System\rUFofeM.exe

C:\Windows\System\rUFofeM.exe

C:\Windows\System\BwrFAwQ.exe

C:\Windows\System\BwrFAwQ.exe

C:\Windows\System\rkpXTMC.exe

C:\Windows\System\rkpXTMC.exe

C:\Windows\System\vQOOHJF.exe

C:\Windows\System\vQOOHJF.exe

C:\Windows\System\zeakHNq.exe

C:\Windows\System\zeakHNq.exe

C:\Windows\System\GXYEnTB.exe

C:\Windows\System\GXYEnTB.exe

C:\Windows\System\iSJmske.exe

C:\Windows\System\iSJmske.exe

C:\Windows\System\EdUbVpa.exe

C:\Windows\System\EdUbVpa.exe

C:\Windows\System\frcqWmJ.exe

C:\Windows\System\frcqWmJ.exe

C:\Windows\System\RGUhziP.exe

C:\Windows\System\RGUhziP.exe

C:\Windows\System\cJJeJqo.exe

C:\Windows\System\cJJeJqo.exe

C:\Windows\System\fGCiTBl.exe

C:\Windows\System\fGCiTBl.exe

C:\Windows\System\dLmpnTu.exe

C:\Windows\System\dLmpnTu.exe

C:\Windows\System\fhATbvp.exe

C:\Windows\System\fhATbvp.exe

C:\Windows\System\ZJuveFl.exe

C:\Windows\System\ZJuveFl.exe

C:\Windows\System\SSSQgmZ.exe

C:\Windows\System\SSSQgmZ.exe

C:\Windows\System\IpaUXBX.exe

C:\Windows\System\IpaUXBX.exe

C:\Windows\System\kshHnKS.exe

C:\Windows\System\kshHnKS.exe

C:\Windows\System\BJdKQbl.exe

C:\Windows\System\BJdKQbl.exe

C:\Windows\System\HlDxAjt.exe

C:\Windows\System\HlDxAjt.exe

C:\Windows\System\DnhDiFa.exe

C:\Windows\System\DnhDiFa.exe

C:\Windows\System\JUvmbib.exe

C:\Windows\System\JUvmbib.exe

C:\Windows\System\MTWtHmD.exe

C:\Windows\System\MTWtHmD.exe

C:\Windows\System\NNhRoqs.exe

C:\Windows\System\NNhRoqs.exe

C:\Windows\System\sgCrZFv.exe

C:\Windows\System\sgCrZFv.exe

C:\Windows\System\edwMqNh.exe

C:\Windows\System\edwMqNh.exe

C:\Windows\System\KDqYjeW.exe

C:\Windows\System\KDqYjeW.exe

C:\Windows\System\xnouiZD.exe

C:\Windows\System\xnouiZD.exe

C:\Windows\System\zbVlvHX.exe

C:\Windows\System\zbVlvHX.exe

C:\Windows\System\wwJXcjT.exe

C:\Windows\System\wwJXcjT.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
IE 52.111.236.23:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1580-1-0x0000026879E40000-0x0000026879E50000-memory.dmp

C:\Windows\System\XJZmneG.exe

MD5 2e344604ea9cdd353381a10265776635
SHA1 ad81f980e13c12c377ada62545f7911e7e616036
SHA256 d4c228928c54327a1e93c99d15a3f64d981f6e49abfde7d750e2580f17a71e05
SHA512 b6930e23af5f23311172bb2d3e48621964af04689c8c2b3c3a4107036628c4327d1d33542fa1a4cedc6d4ce7fa1f5ceabac2b952ef327aa0386b1d7b158108b0

C:\Windows\System\OWKxKQa.exe

MD5 198161194b50682b2fd97bfb533a2812
SHA1 e02ce5533550dcd25f7ac92d947788bf3c6566db
SHA256 96d79da93b218a85f1f11a4d7e132e1407931c90cb9b2c0eff4f33bc79fc72f0
SHA512 5247845b519139d5781b6ce49d4fc6d579daeb62afc3566adcba8986c2c563b9151f9b0e7239209ebb88b45b46840cfa8ef3c6ebc132641fd63bea17b0a635c1

C:\Windows\System\dPSTDCs.exe

MD5 86035c8b874dfd97f9e5e487ebe23c17
SHA1 00cc7172645aeb1791e4b65f08b6946f053980f6
SHA256 395065c0f325cbf305deaef484992f8f54da3a65eda2d7cff5880a8d78e0da8a
SHA512 bcb5b1606e800ef8f989d097040b1a81652c3537192a2d06de23056dec6715be8f66625011e0ea1fff4bc0f10dceb039f92df4560021b43de37f836d7da2c5bc

C:\Windows\System\dPSTDCs.exe

MD5 d8a7841725b7d2f51c1c70b25133106d
SHA1 8a994566e049b2ffeafbea533a58395d726f1ab0
SHA256 db1608042da99a83564b73f6143d613dde8b1e6e26305faccb20514af921ebf0
SHA512 b9ab8dd568e38f3541585a27c62821fec28928d85d0de5fdd29cb23a4d873f707ab10dde6affacbd3c0a4c0a51073445e8a0885db1ece37303963b033520cf49

C:\Windows\System\XORHLKP.exe

MD5 6ea2f0dc1c25997677f99faccb5e7331
SHA1 529abccad109b37dac806dccf674103ae1236a06
SHA256 a46b5dac4c3eafb519938c01c703a637b36a74b79f7ea77df3f1553ce802dfec
SHA512 52b94daaa6fd915a473af49cfe753346f9759b55c678ec4b4314aa940520af5848811c6d376d9ad362c65d384a8a53b40597fa4f8d522e4a4cced65ff553f23d

memory/1640-94-0x00007FF7CD780000-0x00007FF7CDAD4000-memory.dmp

memory/4920-107-0x00007FF78D4A0000-0x00007FF78D7F4000-memory.dmp

memory/4864-135-0x00007FF65E230000-0x00007FF65E584000-memory.dmp

memory/2596-145-0x00007FF7FDAF0000-0x00007FF7FDE44000-memory.dmp

C:\Windows\System\creLdCQ.exe

MD5 4c6304df03ba168ab5b7db51559da987
SHA1 798d183d2d41edc245c1cb464ad3673e616a8bed
SHA256 b871966bc0fa6461e167c59e82a4c1625d1c5e438b4130a63826ec698e00b4cc
SHA512 f9a312c9887ab5d98de1e6152e3d00037a86a07a071c8dfdc43a6006371f87c68bea93298987ad4f1c6bf7ab1727a7ddcb2198307a439ebaefb2dd77dbeff0ff

C:\Windows\System\NxTGxDH.exe

MD5 5057d01bfe4ff0cccd79553eee26f83a
SHA1 afdddd5fd17427fd298e09a27662644f504533a6
SHA256 f47aef5b7f21228c93cf0c85b288556ea8f92f641ecd5e238ea89aa5e639c620
SHA512 459ce72b7ac865764500f01c4a0f522b22b57967a5c996373c9ee74045e92f6d0e578a8d2cae0b719bd0eed7212538424d561a2c8d46b4f1804d92ff2a07da83

C:\Windows\System\DoxcJHN.exe

MD5 6a47ef0a5d92d054e61466202a511294
SHA1 0ba8f09f62157a6673340e134136ab1d7803e04e
SHA256 66cfb694e5fc412ddd7b15f95b20b6bef90ac9dbcba46afd9c8abdfd7694ca64
SHA512 4a0572e71804a61e8a1900aa3fab5539c3e49dc10c0ca057d2190fb24cd5eb6025ebf3f02415e0f5596b2307f0e944de9a44db33054bedb1e387b43368897635

C:\Windows\System\fBMyUJR.exe

MD5 cd5ef36ef03eac2b20cce67daca8e60e
SHA1 78ffe5bdf11fd5c1af061891a6f825c7e6d5971e
SHA256 c9394411c09cedeb6199f3ce46bf92c0c6fd19fa68844008591c10a1cf195974
SHA512 5806b974fa088e66d040826bc66b929a74fa0017878d780c1b5daeca898125a6d7965ed63fbdb5f892a98e1909fc8fae29ef3faa316e6f8db54adbdaa8571a2a

C:\Windows\System\CddOklx.exe

MD5 cdcf7356647142d422479f05aad1001b
SHA1 2fda40d60a5615f87789846dc8219bea51def515
SHA256 2cbe7d6b79d031ef87e25b9df210f15a283114a83369809ccac96683171ab551
SHA512 30ff3785f4f2744e1b83fc3ae807e49c2e99d8ebda936a47f59bd97d0ed22a8fce2c2933fd2a4452a2399dd28d53bea5e5764a413a49014c1a4fa6622137e1e5

C:\Windows\System\zYzSCQz.exe

MD5 4959a79809f44a8da6953668ffc34069
SHA1 3f67364945203787f401d600cfbc9c6246634c8f
SHA256 e914c3b9a43262d2e6473567087db2c2116f5d248acbcd0b89d562cd35c4f064
SHA512 6147573b0b53258e946828d80391e55f31234e691590a982ec697a462a8d794712bdc3a7f6874156c465da2b452134c50ebb02c2bfcde8629e192881a34efa4b

memory/2464-181-0x00007FF7934C0000-0x00007FF793814000-memory.dmp

memory/1580-544-0x00007FF7B73C0000-0x00007FF7B7714000-memory.dmp

memory/1456-867-0x00007FF6FCF50000-0x00007FF6FD2A4000-memory.dmp

memory/2888-1072-0x00007FF75CDD0000-0x00007FF75D124000-memory.dmp

memory/1932-1073-0x00007FF7B57E0000-0x00007FF7B5B34000-memory.dmp

memory/2480-1074-0x00007FF6654D0000-0x00007FF665824000-memory.dmp

memory/4592-180-0x00007FF76ED90000-0x00007FF76F0E4000-memory.dmp

C:\Windows\System\ugQeYeb.exe

MD5 8675bc9c59265e40c2b264e72d509c41
SHA1 7ca13ba973ed4e49f9756333c702ae854585a8db
SHA256 5ff849a0efd1c95bd3f501d85998ca93e2a9a9fe44e33378d22e133e74d0302e
SHA512 774701ff1045d31a2c6c060b4cb79785054b103d9aa3baacdfddea43523d54649273340ea4780a114e7159ff2a2310924273fb9b47fce60432bc69096f32c406

C:\Windows\System\FqguyPZ.exe

MD5 e7aff87ae093d1c1323ebe427fd9d895
SHA1 e48e97ae723e3fcdf5e5b6767abf4145930ebd3a
SHA256 73d9cdced43fb65258dca3cbc995df63b940559886a97a25fc826c2536ea98ce
SHA512 efbee87ee35f748bdaf20749ab07819f266a2e9f642fc06fdb4ea5cce21df604122ca10b21c15adbefed64c1be739eb9674265a6bd28529a2b17b104d5b6b3cb

memory/4604-162-0x00007FF6FB570000-0x00007FF6FB8C4000-memory.dmp

memory/2120-161-0x00007FF61EB40000-0x00007FF61EE94000-memory.dmp

memory/2700-160-0x00007FF677EF0000-0x00007FF678244000-memory.dmp

memory/2872-158-0x00007FF6FA840000-0x00007FF6FAB94000-memory.dmp

memory/4472-157-0x00007FF786530000-0x00007FF786884000-memory.dmp

memory/4816-154-0x00007FF7473E0000-0x00007FF747734000-memory.dmp

memory/4888-151-0x00007FF718820000-0x00007FF718B74000-memory.dmp

C:\Windows\System\TqUwEDH.exe

MD5 4044898c751f097b5a60bc2da68b6ef1
SHA1 7610162e6f359a4bf13f5e082f4034fa232724e6
SHA256 30b61995ca76f46ca28fe3abd31a950b4b3232e62c8a9d1978036f60261e9526
SHA512 06b26050fd9d280e3b2b89efea3b4763c4f169609fe93c228b8cc33fb432c328aa0244f462b789c6af9a99a63eac77cbabc34be43d6555f4f81d86b005b18b7c

C:\Windows\System\SBWbjcw.exe

MD5 791b608292cb63f9a5c36b34f0141aa8
SHA1 498ca890013d2fd980897db47268fb0a53e63927
SHA256 1ebf5293cccfdf13f62bdd4e43366a9ef36182db053280fed5973ad477573325
SHA512 080e5234f574ac7318c305f82b9f330573d66d20e1f5b4d24c7b45b183d762ce84e1617968656d200f9878f8b024a4605060077e0d73e746884fac7668be1425

memory/1424-146-0x00007FF6F6FF0000-0x00007FF6F7344000-memory.dmp

C:\Windows\System\creLdCQ.exe

MD5 989dfdaf881d0a0a86db77bc5dc70555
SHA1 8850b240302f47f9e6e6819f757afc2180bc0e50
SHA256 47a2cc6e9929cebdce280d1bd9674e035a77da1692fc238cf852f63cb0fb9f09
SHA512 4180cd2a545e0bbfc7b441e829fe02075b0e624f429ca94af3a596ece047b708637d1afc2340c11f5300a9a177b359bd2853006eaeadd71a5cda4bdcd9463e42

memory/856-140-0x00007FF6EC950000-0x00007FF6ECCA4000-memory.dmp

C:\Windows\System\Ceklrme.exe

MD5 04489b62e10cd9b012f6fe23ea685acd
SHA1 5b86a16ff93453f5ea8870f6e2f7ae4c05d6230a
SHA256 9397c5fbd59359c89892e7820522b61f3f638cdf566dad66fc56194713d5ec01
SHA512 ab9bdc216ce4c1854dd0552145f680a93b10aa6711e7aa3e5d1c75eea59862c5f6d7d03fea2cdb768cdef7d635a3f1cb0c709c9c75b147751fa9b0ed21f41bb4

memory/3080-132-0x00007FF7AC740000-0x00007FF7ACA94000-memory.dmp

C:\Windows\System\XNgfetd.exe

MD5 fd14487c96148e9b45e47086dd701312
SHA1 db11c30a2d33c4a4470b21c4e150b371d5ce63a2
SHA256 f7b02500d5fa0ab0792478deecca40806435b425f8705105717f649a5fc8c515
SHA512 804d4088a0a9f51042874dc1c84927f66c689acb9142c64bcd8548059897bde3e9e7569feef0f30ce15264e10304dc77cc9f88c4ebea97216a2d91680ae93b9d

C:\Windows\System\ElWbSZd.exe

MD5 1be97e3ed300e916d65e5345d7a569d9
SHA1 42e08b6060890d7b6522591b61af618468271077
SHA256 425bb5a02a902351be7ea0755ea2e2214a37d88e7aa3137fdb2dd15a2c0fab42
SHA512 8ac189cc3840ee361f054ef1b557e83ad74b86a4e860fe9d58dc4238343a356d44027b86ec149dad2c9e0b533814d0c33e539dfc76c50e947525528672614731

C:\Windows\System\AzhHebO.exe

MD5 8e3fc5783ccdf855ff55f4613077d752
SHA1 80b6dca66f2213c2a54408dd4483bf94cb275f8c
SHA256 bd4165fbdeb87beea90ed208e645750d015280e2f0ecf93fa82ff892524c9443
SHA512 12cf3d2d5d69d4d3f3ea1e553153836dfb2a50a36ca09a80f4386c19b030fd85715bd6ac5fbd0d941496d3ded7447f84ad1be84cf151cd0e3d57433143281488

memory/1880-123-0x00007FF73BB60000-0x00007FF73BEB4000-memory.dmp

C:\Windows\System\AzhHebO.exe

MD5 406548e856e12ad9ef08b0734ea04051
SHA1 e7510bf1bab6ccde38406ba5bb67b462c152cbd2
SHA256 67bd4c2aea307b918ee96b19284355e542ec00ae3e9300374b8c859d11097765
SHA512 abde1b2327226649f7604c13eeac9ed282d77578e998f96a5fd101ae95964705c264dce7ea82a53096e83cf8928f20d444e1e9236f46bb139c32216fc62d8d53

memory/5052-118-0x00007FF669B20000-0x00007FF669E74000-memory.dmp

C:\Windows\System\cBbANYf.exe

MD5 88e0e608c0bc6086d2a4a276eab1db48
SHA1 7a800948710f471157250fc51bd79c73322e397c
SHA256 ece670c9b9f581127224710530e1bb4dea81e27d86129e6bebafcd2babb00bc0
SHA512 a4894c9c703455c8e7bddd29abad361da40e0d04e3684f83a0f99ad0d43c535d10ce3a53fdda5405ba5074487e7f94f1adf1457758e9b71a9845a539db8bd98e

C:\Windows\System\wXAffzN.exe

MD5 ad9cd0721060221bcc70f0ee60c6ea38
SHA1 76a5d8568d6dc7f06888e115d440a4e93f04600d
SHA256 e164878912d2c1b13a3e5c8986de4bc46202113afba1e99bd911c18ef653279d
SHA512 89f300a0e9a02eac0a947270031f3c3c2798da8756777895b72fd87b0e88a91726e9a9e5444dee95adf447deb8462ba5a906d5e08b8bd390afe56f52486f5695

memory/668-104-0x00007FF721820000-0x00007FF721B74000-memory.dmp

C:\Windows\System\dwUGucy.exe

MD5 a4482d8ca1f4d8473c088b8626cc325d
SHA1 ebad111c25f0c6bdf058158ce2fa0b956f228020
SHA256 c5547fdec680d9996bd009f74ceea32a3583ce24cfe919ed3ed2b9369a4b7365
SHA512 b9f50ff425308c4ce51606432d58a8bee3e8077d654b0eee8f0598d4cbd814ead4737e6a1167114a5e158ef249709b5d99818455b0ca18bb80d12ccaa80cc9f7

memory/4864-1075-0x00007FF65E230000-0x00007FF65E584000-memory.dmp

memory/2596-1076-0x00007FF7FDAF0000-0x00007FF7FDE44000-memory.dmp

C:\Windows\System\xZCSRxE.exe

MD5 9fbd1f4b5c751b09cfbf4ed326a8b01b
SHA1 98d647021aae50c9af8350ae268e19e38c1d4286
SHA256 afb3216f7a228f25293a759c942ff090cf5659348037cf950f417ac2644c1535
SHA512 9c2a43cf181443509162aa342c082e80aef6cc28b88bbe88028761524287ac503b56d77c958fcd2354ca0fad1ba278a6feafc25033fd918bccd5fc5bae605088

memory/1208-92-0x00007FF7271D0000-0x00007FF727524000-memory.dmp

C:\Windows\System\daSXPUY.exe

MD5 c756c91a1728b63311248c2f906fbfd7
SHA1 7fd5ce42cc7076eee2032e68637d0c408993b8e8
SHA256 e817f9f969f141a9ed42427caf285da26408be43560d6d9d1686082f0b08086d
SHA512 cb9f84fe6b076ce3263604b362a746106e6f3aec413e20586611e73232f15d50f8dfc4fd8cb052d131a88e8b306090a0b5b7a32a8a4e21c6903414a8f155c7c6

C:\Windows\System\daSXPUY.exe

MD5 db4c740a4db34b207b2636538d47c6a2
SHA1 74dce7d8ef07ab67c8ae90536d77388cc0a45e80
SHA256 2c3a91c267e630f002d63358989c14ee894ef2f16fbf2a594165382beefc1b9f
SHA512 27f01bbec21403bdd39140d794de871ac446620397d6e9e5435e6a10a47a2f766cd0032d140f267200e4a4c058692b7ec80110c3a0c5fb01dfb5a8e22c294731

C:\Windows\System\ptIPHwb.exe

MD5 a7f711d85396f67fad087522a8908be9
SHA1 8d1bc1ffbe02ff372308abfec9a4ff3727a4cc12
SHA256 432f482010ec4d5717bdc01d7426f33529c705effae3c4721fcb3543ab6cf51f
SHA512 b1e24a671ec25cd468b05edf637001de6800f36f6e87e5049b68e41c15f77f1a3f67175a921301af395ffda31bb4eb8b80391c9ea74a482db48271eea2d0e22f

C:\Windows\System\noHuEjU.exe

MD5 135f4b9ef6bc151968853284649720c4
SHA1 b5712a171aeae21ec3812e0c981b9cc83c89d186
SHA256 3ca8354d3c42684adc83ae5c2708e6e464a10533907cb173d7a8f5199478abfd
SHA512 508f68b38253d59d1d101f2913ffd4a823daf4e6c0e9076c3454bc494bc72473dc00b34a799d26367b32b38e6cc0ff4dfb26cd0a6552012d4e8b8b4f20b34fe3

C:\Windows\System\noHuEjU.exe

MD5 8a44452e4020a5690bdb5ab4b9423a30
SHA1 4c411a1c72f814994199ff87e2b15a023e8ec369
SHA256 11f8d90029978b95c0d172136a1a1e9fd350b1531c027ef2956a436ecc0f23c2
SHA512 1c509b1048697ea0666b458b36ab55ba466e8cf34835bddc820597e47ba06b780c081d40ee741e43ebc310617f51bf86b8181cac038f5b71669b77caa09bad01

C:\Windows\System\XUThpzA.exe

MD5 5c3ad0566c565944dc30d80438abe3a4
SHA1 6ff603f049ef4f0f63aac1bdf87771fccc38eeb0
SHA256 c56302c4f2d3a2a0647a5d2a3131e4952777e7d32ccc79ef5f2806324cf9c331
SHA512 ab87a1d7d3c05bf1ae0dbec2179adcbdd1db834c973adbd8bee58252de74dadb24b2f1c949e8785942ba64eb2edc216cb7d4efd9e79bef7440608c13f790313a

memory/2944-61-0x00007FF7DB570000-0x00007FF7DB8C4000-memory.dmp

memory/2480-59-0x00007FF6654D0000-0x00007FF665824000-memory.dmp

C:\Windows\System\LGEEYuV.exe

MD5 5cb7ca68b3c7584dcbb8c385b6d1e30d
SHA1 b7ce1cd44f6885ccae8952f20e0d0d68c40fb2e4
SHA256 b88de5dab22af9430d0c3df7b2fd0c81eb2081a6cf362cde3439e994abde9472
SHA512 b26c30353f2743a7873d6fed86f9370ba932c98d6ebe559aa6ccef722217dc4de16c1c3c3dfe9a136d70499d0254389fb121c542d3be2c2a5f50859a3338ce10

memory/5000-52-0x00007FF700060000-0x00007FF7003B4000-memory.dmp

C:\Windows\System\GVpHKxS.exe

MD5 c13269796f7cec9c1d9dcc51bdc76a43
SHA1 9a8bd4f00801c3e0092848a2b5274e475d4e5388
SHA256 6876424392d05435b1fc9475a457358e85dacb1c02cdb9c6f38e655b30dfd032
SHA512 759187363185bb0ad32b1f898b198acd85ab7909c722c7cce1318f7ebcc35a65c55bd2aa3a56aa3153105b4486725545a2739ef5356b27734e677ac025315de1

C:\Windows\System\EufpGJp.exe

MD5 f660630356bb7c3dec0c8108690f602f
SHA1 372d91c2f3a1b916cb22b28aa53b7e101cc34c61
SHA256 1d06dc0eb3e8d8a02ac374141f2277bf03a5f50d04a06e44a03ec56d4a2618b5
SHA512 4bbdee11e3a5a4880c5b1091ba606c145cb10bd7c4daeb6bc43ca77bd9a90dd101214b83c478ad2a5867be627ab449e4b474fdaa845fd8642c905dd6162f611b

memory/1932-39-0x00007FF7B57E0000-0x00007FF7B5B34000-memory.dmp

memory/4440-38-0x00007FF76D420000-0x00007FF76D774000-memory.dmp

memory/2888-32-0x00007FF75CDD0000-0x00007FF75D124000-memory.dmp

C:\Windows\System\QoEcQlC.exe

MD5 52371c0340dfb686368b2d04c5a5f19c
SHA1 b2d23b2d7619b13cc83a9a0df4d71befa5fb3b47
SHA256 a8c41962f1b8b5083a8f6df0bc41c671e7ad8d78729b4e2d6b33e36cd97f9060
SHA512 c2dff91b91b9682e8c024e7571bcd7b4a08cd8740b2129113e9f3f5fa0ea1b754356cd99800d120f3935b78f01024967037c7c4a3ee4da4b2765a4410955b5ba

memory/3320-24-0x00007FF737BA0000-0x00007FF737EF4000-memory.dmp

C:\Windows\System\WpJnBtp.exe

MD5 688a6fe6f6528ad6cca6bf8d2b764ce0
SHA1 3f652df914da9a605f5c766f1dafacaa77f587a8
SHA256 536d64fae58524feadcf2f6dec281e95f9de70cf47ff2d22d9a4f7a3e1dd7c4b
SHA512 c32a60bd74fc4bef154f20fdb3bd1f5aa173c6befabe5dcb4e7163daccb90edd8846be27489a7d1424d97a81c06517f13e0d55d3c17653650edee667a25a8ad4

memory/4000-19-0x00007FF7A5EC0000-0x00007FF7A6214000-memory.dmp

C:\Windows\System\OWKxKQa.exe

MD5 7dd7262b4f21616241e7a5b259d6e5ce
SHA1 34f4bfa596014f20d573f3f878e6e7cf29c4da59
SHA256 bbde366033fbac6522ac97bcfbfb05744a92bf5d09c2f4d23223d449ca69d3f4
SHA512 1a387b65088787333b3a00706e912a1238f39b17e1e63ed284c3f2de7696e8fd1a0402f5360a6696973339672da339e0f4632189ed0775a0cacc9cd50f419da8

memory/3080-1077-0x00007FF7AC740000-0x00007FF7ACA94000-memory.dmp

memory/1456-8-0x00007FF6FCF50000-0x00007FF6FD2A4000-memory.dmp

C:\Windows\System\oJEwHoQ.exe

MD5 d495c8d14dfb73423f0da61cde63542a
SHA1 7845b2db67ca31ad643a38c12c55cc7381a8dfb1
SHA256 5abb98dc37a56a4796619b9067bd79c7c461d3881127d7633b0c198d1abec318
SHA512 570349ec34070b0d6d3941b9bc1ad0ed79f9a0778c96b2a8457098b0eef442a293f1801d9279a1adc148b5ca498d73b85a3c00005133f764deda8281f7378cb9

memory/1580-0-0x00007FF7B73C0000-0x00007FF7B7714000-memory.dmp

memory/4604-1078-0x00007FF6FB570000-0x00007FF6FB8C4000-memory.dmp

memory/3320-1081-0x00007FF737BA0000-0x00007FF737EF4000-memory.dmp

memory/2888-1083-0x00007FF75CDD0000-0x00007FF75D124000-memory.dmp

memory/1932-1085-0x00007FF7B57E0000-0x00007FF7B5B34000-memory.dmp

memory/2944-1086-0x00007FF7DB570000-0x00007FF7DB8C4000-memory.dmp

memory/2480-1087-0x00007FF6654D0000-0x00007FF665824000-memory.dmp

memory/1640-1089-0x00007FF7CD780000-0x00007FF7CDAD4000-memory.dmp

memory/668-1091-0x00007FF721820000-0x00007FF721B74000-memory.dmp

memory/4920-1092-0x00007FF78D4A0000-0x00007FF78D7F4000-memory.dmp

memory/5052-1093-0x00007FF669B20000-0x00007FF669E74000-memory.dmp

memory/4888-1094-0x00007FF718820000-0x00007FF718B74000-memory.dmp

memory/1880-1095-0x00007FF73BB60000-0x00007FF73BEB4000-memory.dmp

memory/4816-1097-0x00007FF7473E0000-0x00007FF747734000-memory.dmp

memory/2872-1098-0x00007FF6FA840000-0x00007FF6FAB94000-memory.dmp

memory/3080-1099-0x00007FF7AC740000-0x00007FF7ACA94000-memory.dmp

memory/856-1100-0x00007FF6EC950000-0x00007FF6ECCA4000-memory.dmp

memory/4864-1101-0x00007FF65E230000-0x00007FF65E584000-memory.dmp

memory/2596-1103-0x00007FF7FDAF0000-0x00007FF7FDE44000-memory.dmp

memory/2120-1104-0x00007FF61EB40000-0x00007FF61EE94000-memory.dmp

memory/2700-1102-0x00007FF677EF0000-0x00007FF678244000-memory.dmp

memory/4604-1105-0x00007FF6FB570000-0x00007FF6FB8C4000-memory.dmp

memory/4592-1106-0x00007FF76ED90000-0x00007FF76F0E4000-memory.dmp

memory/2464-1107-0x00007FF7934C0000-0x00007FF793814000-memory.dmp

memory/4472-1096-0x00007FF786530000-0x00007FF786884000-memory.dmp

memory/1424-1090-0x00007FF6F6FF0000-0x00007FF6F7344000-memory.dmp

memory/1208-1088-0x00007FF7271D0000-0x00007FF727524000-memory.dmp

memory/5000-1084-0x00007FF700060000-0x00007FF7003B4000-memory.dmp

memory/4440-1082-0x00007FF76D420000-0x00007FF76D774000-memory.dmp

memory/4000-1080-0x00007FF7A5EC0000-0x00007FF7A6214000-memory.dmp

memory/1456-1079-0x00007FF6FCF50000-0x00007FF6FD2A4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 22:25

Reported

2024-06-07 22:28

Platform

win7-20240419-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\hwHdemf.exe N/A
N/A N/A C:\Windows\System\irmejUU.exe N/A
N/A N/A C:\Windows\System\wuAncvU.exe N/A
N/A N/A C:\Windows\System\OqCKLqS.exe N/A
N/A N/A C:\Windows\System\ceSmaWN.exe N/A
N/A N/A C:\Windows\System\tugfiiu.exe N/A
N/A N/A C:\Windows\System\kgscWmf.exe N/A
N/A N/A C:\Windows\System\PuVZDKR.exe N/A
N/A N/A C:\Windows\System\dXKUMqk.exe N/A
N/A N/A C:\Windows\System\xNkClum.exe N/A
N/A N/A C:\Windows\System\nQvwWBe.exe N/A
N/A N/A C:\Windows\System\XUbIVij.exe N/A
N/A N/A C:\Windows\System\kkUsLdv.exe N/A
N/A N/A C:\Windows\System\gHHODSn.exe N/A
N/A N/A C:\Windows\System\LBAyfJA.exe N/A
N/A N/A C:\Windows\System\hKvMNoD.exe N/A
N/A N/A C:\Windows\System\YQjsRGt.exe N/A
N/A N/A C:\Windows\System\hIRsxaL.exe N/A
N/A N/A C:\Windows\System\SQANqNf.exe N/A
N/A N/A C:\Windows\System\BtRYlBT.exe N/A
N/A N/A C:\Windows\System\dMSVWNg.exe N/A
N/A N/A C:\Windows\System\YGrkpgA.exe N/A
N/A N/A C:\Windows\System\VHZcGak.exe N/A
N/A N/A C:\Windows\System\yIOIisE.exe N/A
N/A N/A C:\Windows\System\iQqhWmw.exe N/A
N/A N/A C:\Windows\System\AVHQpXm.exe N/A
N/A N/A C:\Windows\System\aSjPsFr.exe N/A
N/A N/A C:\Windows\System\xPFxnqU.exe N/A
N/A N/A C:\Windows\System\HGqvbCO.exe N/A
N/A N/A C:\Windows\System\qbFQxiC.exe N/A
N/A N/A C:\Windows\System\GaBiGpV.exe N/A
N/A N/A C:\Windows\System\YVxONYt.exe N/A
N/A N/A C:\Windows\System\CpWqcfl.exe N/A
N/A N/A C:\Windows\System\oGjXxSL.exe N/A
N/A N/A C:\Windows\System\bVoqQFy.exe N/A
N/A N/A C:\Windows\System\yMzzqrZ.exe N/A
N/A N/A C:\Windows\System\qXxzMfx.exe N/A
N/A N/A C:\Windows\System\iFbSHRf.exe N/A
N/A N/A C:\Windows\System\HVkJIXk.exe N/A
N/A N/A C:\Windows\System\XdVcyWg.exe N/A
N/A N/A C:\Windows\System\mAUCKtW.exe N/A
N/A N/A C:\Windows\System\LcUhcvi.exe N/A
N/A N/A C:\Windows\System\bjItWry.exe N/A
N/A N/A C:\Windows\System\OsGIIXj.exe N/A
N/A N/A C:\Windows\System\rPthGTK.exe N/A
N/A N/A C:\Windows\System\FvrcmDl.exe N/A
N/A N/A C:\Windows\System\gDVydDt.exe N/A
N/A N/A C:\Windows\System\uLxgbir.exe N/A
N/A N/A C:\Windows\System\WwtXlZA.exe N/A
N/A N/A C:\Windows\System\hiwwKyr.exe N/A
N/A N/A C:\Windows\System\peDNlCu.exe N/A
N/A N/A C:\Windows\System\MnfokFq.exe N/A
N/A N/A C:\Windows\System\PvgNUDi.exe N/A
N/A N/A C:\Windows\System\DHKooxT.exe N/A
N/A N/A C:\Windows\System\lFjngsG.exe N/A
N/A N/A C:\Windows\System\VuWTHYn.exe N/A
N/A N/A C:\Windows\System\WlmZKgo.exe N/A
N/A N/A C:\Windows\System\bToCHWI.exe N/A
N/A N/A C:\Windows\System\VyBmyQb.exe N/A
N/A N/A C:\Windows\System\vgWfCjy.exe N/A
N/A N/A C:\Windows\System\aIzkOyN.exe N/A
N/A N/A C:\Windows\System\WWoBaDr.exe N/A
N/A N/A C:\Windows\System\TSbikSZ.exe N/A
N/A N/A C:\Windows\System\mtBDpFB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vgWfCjy.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\djCLAvT.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IIpbJaR.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYWOfBs.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLDHWBe.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\edTgKhF.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvwHCSL.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\coNACtd.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVFcItD.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoRLxUv.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OqCKLqS.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBAyfJA.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFAITbv.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrsAXqi.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJXcCPf.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGqvbCO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVxONYt.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwjWnfu.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOOAYMG.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhSJXwl.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNrBiAi.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzvOHUN.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCwLNkt.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNJUoaW.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\srWQhrT.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwtXlZA.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UipKVxl.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpFJUye.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPAGsTC.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkWSGZE.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MxMADmV.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JAcAQEV.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZLgxgK.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKvMNoD.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMSVWNg.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\VyBmyQb.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTjxMGU.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKFQQoC.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYfbowI.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEZmSij.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghLAOuQ.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcqypdR.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqlzmSe.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiwCNdO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFSxGcR.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HVkJIXk.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGqLldK.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XygsMBz.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlmZKgo.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MyqVloj.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQlVxLH.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDjnMqi.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ikAccdx.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQvwWBe.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIOIisE.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPthGTK.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSuDkaO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\RoNwzZt.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JdlsObO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDQPRoV.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcYIUkN.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRalMqp.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZuknVO.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdDuoCP.exe C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hwHdemf.exe
PID 2944 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hwHdemf.exe
PID 2944 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hwHdemf.exe
PID 2944 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\irmejUU.exe
PID 2944 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\irmejUU.exe
PID 2944 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\irmejUU.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\wuAncvU.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\wuAncvU.exe
PID 2944 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\wuAncvU.exe
PID 2944 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\OqCKLqS.exe
PID 2944 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\OqCKLqS.exe
PID 2944 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\OqCKLqS.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ceSmaWN.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ceSmaWN.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\ceSmaWN.exe
PID 2944 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\tugfiiu.exe
PID 2944 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\tugfiiu.exe
PID 2944 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\tugfiiu.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kgscWmf.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kgscWmf.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kgscWmf.exe
PID 2944 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dXKUMqk.exe
PID 2944 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dXKUMqk.exe
PID 2944 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dXKUMqk.exe
PID 2944 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\PuVZDKR.exe
PID 2944 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\PuVZDKR.exe
PID 2944 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\PuVZDKR.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\xNkClum.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\xNkClum.exe
PID 2944 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\xNkClum.exe
PID 2944 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\nQvwWBe.exe
PID 2944 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\nQvwWBe.exe
PID 2944 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\nQvwWBe.exe
PID 2944 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XUbIVij.exe
PID 2944 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XUbIVij.exe
PID 2944 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\XUbIVij.exe
PID 2944 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kkUsLdv.exe
PID 2944 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kkUsLdv.exe
PID 2944 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\kkUsLdv.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\gHHODSn.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\gHHODSn.exe
PID 2944 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\gHHODSn.exe
PID 2944 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hKvMNoD.exe
PID 2944 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hKvMNoD.exe
PID 2944 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hKvMNoD.exe
PID 2944 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\LBAyfJA.exe
PID 2944 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\LBAyfJA.exe
PID 2944 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\LBAyfJA.exe
PID 2944 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\YQjsRGt.exe
PID 2944 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\YQjsRGt.exe
PID 2944 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\YQjsRGt.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hIRsxaL.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hIRsxaL.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\hIRsxaL.exe
PID 2944 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\SQANqNf.exe
PID 2944 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\SQANqNf.exe
PID 2944 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\SQANqNf.exe
PID 2944 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\BtRYlBT.exe
PID 2944 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\BtRYlBT.exe
PID 2944 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\BtRYlBT.exe
PID 2944 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dMSVWNg.exe
PID 2944 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dMSVWNg.exe
PID 2944 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\dMSVWNg.exe
PID 2944 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe C:\Windows\System\YGrkpgA.exe

Processes

C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\729e662e8478fe49792381f93b0f9d00_NeikiAnalytics.exe"

C:\Windows\System\hwHdemf.exe

C:\Windows\System\hwHdemf.exe

C:\Windows\System\irmejUU.exe

C:\Windows\System\irmejUU.exe

C:\Windows\System\wuAncvU.exe

C:\Windows\System\wuAncvU.exe

C:\Windows\System\OqCKLqS.exe

C:\Windows\System\OqCKLqS.exe

C:\Windows\System\ceSmaWN.exe

C:\Windows\System\ceSmaWN.exe

C:\Windows\System\tugfiiu.exe

C:\Windows\System\tugfiiu.exe

C:\Windows\System\kgscWmf.exe

C:\Windows\System\kgscWmf.exe

C:\Windows\System\dXKUMqk.exe

C:\Windows\System\dXKUMqk.exe

C:\Windows\System\PuVZDKR.exe

C:\Windows\System\PuVZDKR.exe

C:\Windows\System\xNkClum.exe

C:\Windows\System\xNkClum.exe

C:\Windows\System\nQvwWBe.exe

C:\Windows\System\nQvwWBe.exe

C:\Windows\System\XUbIVij.exe

C:\Windows\System\XUbIVij.exe

C:\Windows\System\kkUsLdv.exe

C:\Windows\System\kkUsLdv.exe

C:\Windows\System\gHHODSn.exe

C:\Windows\System\gHHODSn.exe

C:\Windows\System\hKvMNoD.exe

C:\Windows\System\hKvMNoD.exe

C:\Windows\System\LBAyfJA.exe

C:\Windows\System\LBAyfJA.exe

C:\Windows\System\YQjsRGt.exe

C:\Windows\System\YQjsRGt.exe

C:\Windows\System\hIRsxaL.exe

C:\Windows\System\hIRsxaL.exe

C:\Windows\System\SQANqNf.exe

C:\Windows\System\SQANqNf.exe

C:\Windows\System\BtRYlBT.exe

C:\Windows\System\BtRYlBT.exe

C:\Windows\System\dMSVWNg.exe

C:\Windows\System\dMSVWNg.exe

C:\Windows\System\YGrkpgA.exe

C:\Windows\System\YGrkpgA.exe

C:\Windows\System\yIOIisE.exe

C:\Windows\System\yIOIisE.exe

C:\Windows\System\VHZcGak.exe

C:\Windows\System\VHZcGak.exe

C:\Windows\System\AVHQpXm.exe

C:\Windows\System\AVHQpXm.exe

C:\Windows\System\iQqhWmw.exe

C:\Windows\System\iQqhWmw.exe

C:\Windows\System\HGqvbCO.exe

C:\Windows\System\HGqvbCO.exe

C:\Windows\System\aSjPsFr.exe

C:\Windows\System\aSjPsFr.exe

C:\Windows\System\qbFQxiC.exe

C:\Windows\System\qbFQxiC.exe

C:\Windows\System\xPFxnqU.exe

C:\Windows\System\xPFxnqU.exe

C:\Windows\System\GaBiGpV.exe

C:\Windows\System\GaBiGpV.exe

C:\Windows\System\YVxONYt.exe

C:\Windows\System\YVxONYt.exe

C:\Windows\System\CpWqcfl.exe

C:\Windows\System\CpWqcfl.exe

C:\Windows\System\oGjXxSL.exe

C:\Windows\System\oGjXxSL.exe

C:\Windows\System\bVoqQFy.exe

C:\Windows\System\bVoqQFy.exe

C:\Windows\System\yMzzqrZ.exe

C:\Windows\System\yMzzqrZ.exe

C:\Windows\System\qXxzMfx.exe

C:\Windows\System\qXxzMfx.exe

C:\Windows\System\iFbSHRf.exe

C:\Windows\System\iFbSHRf.exe

C:\Windows\System\HVkJIXk.exe

C:\Windows\System\HVkJIXk.exe

C:\Windows\System\XdVcyWg.exe

C:\Windows\System\XdVcyWg.exe

C:\Windows\System\mAUCKtW.exe

C:\Windows\System\mAUCKtW.exe

C:\Windows\System\LcUhcvi.exe

C:\Windows\System\LcUhcvi.exe

C:\Windows\System\bjItWry.exe

C:\Windows\System\bjItWry.exe

C:\Windows\System\OsGIIXj.exe

C:\Windows\System\OsGIIXj.exe

C:\Windows\System\rPthGTK.exe

C:\Windows\System\rPthGTK.exe

C:\Windows\System\FvrcmDl.exe

C:\Windows\System\FvrcmDl.exe

C:\Windows\System\gDVydDt.exe

C:\Windows\System\gDVydDt.exe

C:\Windows\System\uLxgbir.exe

C:\Windows\System\uLxgbir.exe

C:\Windows\System\WwtXlZA.exe

C:\Windows\System\WwtXlZA.exe

C:\Windows\System\hiwwKyr.exe

C:\Windows\System\hiwwKyr.exe

C:\Windows\System\peDNlCu.exe

C:\Windows\System\peDNlCu.exe

C:\Windows\System\MnfokFq.exe

C:\Windows\System\MnfokFq.exe

C:\Windows\System\PvgNUDi.exe

C:\Windows\System\PvgNUDi.exe

C:\Windows\System\DHKooxT.exe

C:\Windows\System\DHKooxT.exe

C:\Windows\System\lFjngsG.exe

C:\Windows\System\lFjngsG.exe

C:\Windows\System\VuWTHYn.exe

C:\Windows\System\VuWTHYn.exe

C:\Windows\System\WlmZKgo.exe

C:\Windows\System\WlmZKgo.exe

C:\Windows\System\bToCHWI.exe

C:\Windows\System\bToCHWI.exe

C:\Windows\System\VyBmyQb.exe

C:\Windows\System\VyBmyQb.exe

C:\Windows\System\vgWfCjy.exe

C:\Windows\System\vgWfCjy.exe

C:\Windows\System\aIzkOyN.exe

C:\Windows\System\aIzkOyN.exe

C:\Windows\System\WWoBaDr.exe

C:\Windows\System\WWoBaDr.exe

C:\Windows\System\TSbikSZ.exe

C:\Windows\System\TSbikSZ.exe

C:\Windows\System\mtBDpFB.exe

C:\Windows\System\mtBDpFB.exe

C:\Windows\System\LpBckpy.exe

C:\Windows\System\LpBckpy.exe

C:\Windows\System\fvcjFhf.exe

C:\Windows\System\fvcjFhf.exe

C:\Windows\System\UuUOCPx.exe

C:\Windows\System\UuUOCPx.exe

C:\Windows\System\zpEBjCJ.exe

C:\Windows\System\zpEBjCJ.exe

C:\Windows\System\gVLSbjZ.exe

C:\Windows\System\gVLSbjZ.exe

C:\Windows\System\UipKVxl.exe

C:\Windows\System\UipKVxl.exe

C:\Windows\System\lBrexJU.exe

C:\Windows\System\lBrexJU.exe

C:\Windows\System\ceeSAoS.exe

C:\Windows\System\ceeSAoS.exe

C:\Windows\System\nzANDvr.exe

C:\Windows\System\nzANDvr.exe

C:\Windows\System\cMhZpZH.exe

C:\Windows\System\cMhZpZH.exe

C:\Windows\System\GyRlHMe.exe

C:\Windows\System\GyRlHMe.exe

C:\Windows\System\guQQwVH.exe

C:\Windows\System\guQQwVH.exe

C:\Windows\System\HkFhyma.exe

C:\Windows\System\HkFhyma.exe

C:\Windows\System\nagsHXN.exe

C:\Windows\System\nagsHXN.exe

C:\Windows\System\ZRJMkYS.exe

C:\Windows\System\ZRJMkYS.exe

C:\Windows\System\PgfLBcD.exe

C:\Windows\System\PgfLBcD.exe

C:\Windows\System\HNJFNnF.exe

C:\Windows\System\HNJFNnF.exe

C:\Windows\System\QiNqGHM.exe

C:\Windows\System\QiNqGHM.exe

C:\Windows\System\jYfbowI.exe

C:\Windows\System\jYfbowI.exe

C:\Windows\System\tGqLldK.exe

C:\Windows\System\tGqLldK.exe

C:\Windows\System\LkvFNat.exe

C:\Windows\System\LkvFNat.exe

C:\Windows\System\ERuEmJA.exe

C:\Windows\System\ERuEmJA.exe

C:\Windows\System\COChcHY.exe

C:\Windows\System\COChcHY.exe

C:\Windows\System\CYrCBVj.exe

C:\Windows\System\CYrCBVj.exe

C:\Windows\System\HLLWDEO.exe

C:\Windows\System\HLLWDEO.exe

C:\Windows\System\waBSNeM.exe

C:\Windows\System\waBSNeM.exe

C:\Windows\System\JXxFnGh.exe

C:\Windows\System\JXxFnGh.exe

C:\Windows\System\RaaiWce.exe

C:\Windows\System\RaaiWce.exe

C:\Windows\System\yxYFbUu.exe

C:\Windows\System\yxYFbUu.exe

C:\Windows\System\quBqlXI.exe

C:\Windows\System\quBqlXI.exe

C:\Windows\System\URwkDwR.exe

C:\Windows\System\URwkDwR.exe

C:\Windows\System\dWBHguZ.exe

C:\Windows\System\dWBHguZ.exe

C:\Windows\System\pEQPokY.exe

C:\Windows\System\pEQPokY.exe

C:\Windows\System\DBdnWTI.exe

C:\Windows\System\DBdnWTI.exe

C:\Windows\System\CLRcklN.exe

C:\Windows\System\CLRcklN.exe

C:\Windows\System\wpFJUye.exe

C:\Windows\System\wpFJUye.exe

C:\Windows\System\afNYCaN.exe

C:\Windows\System\afNYCaN.exe

C:\Windows\System\RPAGsTC.exe

C:\Windows\System\RPAGsTC.exe

C:\Windows\System\rKoeXXw.exe

C:\Windows\System\rKoeXXw.exe

C:\Windows\System\MyqVloj.exe

C:\Windows\System\MyqVloj.exe

C:\Windows\System\ppsOZfO.exe

C:\Windows\System\ppsOZfO.exe

C:\Windows\System\uLQFhDC.exe

C:\Windows\System\uLQFhDC.exe

C:\Windows\System\WpYDQjy.exe

C:\Windows\System\WpYDQjy.exe

C:\Windows\System\NSxkPra.exe

C:\Windows\System\NSxkPra.exe

C:\Windows\System\EOOAYMG.exe

C:\Windows\System\EOOAYMG.exe

C:\Windows\System\PdquhlZ.exe

C:\Windows\System\PdquhlZ.exe

C:\Windows\System\ZwSgRhY.exe

C:\Windows\System\ZwSgRhY.exe

C:\Windows\System\aPaDKKB.exe

C:\Windows\System\aPaDKKB.exe

C:\Windows\System\XzvOHUN.exe

C:\Windows\System\XzvOHUN.exe

C:\Windows\System\iiXBBrp.exe

C:\Windows\System\iiXBBrp.exe

C:\Windows\System\vkWSGZE.exe

C:\Windows\System\vkWSGZE.exe

C:\Windows\System\pqzxplJ.exe

C:\Windows\System\pqzxplJ.exe

C:\Windows\System\wskScNC.exe

C:\Windows\System\wskScNC.exe

C:\Windows\System\UULvPNU.exe

C:\Windows\System\UULvPNU.exe

C:\Windows\System\QbhkSrX.exe

C:\Windows\System\QbhkSrX.exe

C:\Windows\System\reAsIvI.exe

C:\Windows\System\reAsIvI.exe

C:\Windows\System\XygsMBz.exe

C:\Windows\System\XygsMBz.exe

C:\Windows\System\VSCwkZr.exe

C:\Windows\System\VSCwkZr.exe

C:\Windows\System\TfXtPJp.exe

C:\Windows\System\TfXtPJp.exe

C:\Windows\System\hLjSsmn.exe

C:\Windows\System\hLjSsmn.exe

C:\Windows\System\laycvwG.exe

C:\Windows\System\laycvwG.exe

C:\Windows\System\OlliAow.exe

C:\Windows\System\OlliAow.exe

C:\Windows\System\tzseTPZ.exe

C:\Windows\System\tzseTPZ.exe

C:\Windows\System\jiXJNVA.exe

C:\Windows\System\jiXJNVA.exe

C:\Windows\System\DuerJJq.exe

C:\Windows\System\DuerJJq.exe

C:\Windows\System\AcqypdR.exe

C:\Windows\System\AcqypdR.exe

C:\Windows\System\IeSXdDh.exe

C:\Windows\System\IeSXdDh.exe

C:\Windows\System\iASNaMa.exe

C:\Windows\System\iASNaMa.exe

C:\Windows\System\sRptCzE.exe

C:\Windows\System\sRptCzE.exe

C:\Windows\System\sVOgDak.exe

C:\Windows\System\sVOgDak.exe

C:\Windows\System\QKsHwNW.exe

C:\Windows\System\QKsHwNW.exe

C:\Windows\System\LSkKKqK.exe

C:\Windows\System\LSkKKqK.exe

C:\Windows\System\snNVaqa.exe

C:\Windows\System\snNVaqa.exe

C:\Windows\System\mwjWnfu.exe

C:\Windows\System\mwjWnfu.exe

C:\Windows\System\edTgKhF.exe

C:\Windows\System\edTgKhF.exe

C:\Windows\System\SIIASpc.exe

C:\Windows\System\SIIASpc.exe

C:\Windows\System\hyjooej.exe

C:\Windows\System\hyjooej.exe

C:\Windows\System\kEZmSij.exe

C:\Windows\System\kEZmSij.exe

C:\Windows\System\bHVQutB.exe

C:\Windows\System\bHVQutB.exe

C:\Windows\System\PVffVlh.exe

C:\Windows\System\PVffVlh.exe

C:\Windows\System\ZiOyolm.exe

C:\Windows\System\ZiOyolm.exe

C:\Windows\System\LGtSUQg.exe

C:\Windows\System\LGtSUQg.exe

C:\Windows\System\yUsyXfv.exe

C:\Windows\System\yUsyXfv.exe

C:\Windows\System\IPSXUHO.exe

C:\Windows\System\IPSXUHO.exe

C:\Windows\System\waJnJRN.exe

C:\Windows\System\waJnJRN.exe

C:\Windows\System\SYLVOsl.exe

C:\Windows\System\SYLVOsl.exe

C:\Windows\System\LzpliKE.exe

C:\Windows\System\LzpliKE.exe

C:\Windows\System\iGlCxct.exe

C:\Windows\System\iGlCxct.exe

C:\Windows\System\mcfBdWL.exe

C:\Windows\System\mcfBdWL.exe

C:\Windows\System\dROUqmC.exe

C:\Windows\System\dROUqmC.exe

C:\Windows\System\fWZWdhf.exe

C:\Windows\System\fWZWdhf.exe

C:\Windows\System\tUccEnt.exe

C:\Windows\System\tUccEnt.exe

C:\Windows\System\KdOdfGV.exe

C:\Windows\System\KdOdfGV.exe

C:\Windows\System\RpPbflE.exe

C:\Windows\System\RpPbflE.exe

C:\Windows\System\nLZKLzp.exe

C:\Windows\System\nLZKLzp.exe

C:\Windows\System\RQlVxLH.exe

C:\Windows\System\RQlVxLH.exe

C:\Windows\System\iqDozqg.exe

C:\Windows\System\iqDozqg.exe

C:\Windows\System\ucANJOz.exe

C:\Windows\System\ucANJOz.exe

C:\Windows\System\nCWxikC.exe

C:\Windows\System\nCWxikC.exe

C:\Windows\System\IdaSljm.exe

C:\Windows\System\IdaSljm.exe

C:\Windows\System\eEZMODf.exe

C:\Windows\System\eEZMODf.exe

C:\Windows\System\CDjnMqi.exe

C:\Windows\System\CDjnMqi.exe

C:\Windows\System\QaCjNgc.exe

C:\Windows\System\QaCjNgc.exe

C:\Windows\System\ghLAOuQ.exe

C:\Windows\System\ghLAOuQ.exe

C:\Windows\System\VNTZhOP.exe

C:\Windows\System\VNTZhOP.exe

C:\Windows\System\orsrUrp.exe

C:\Windows\System\orsrUrp.exe

C:\Windows\System\tpgPXRc.exe

C:\Windows\System\tpgPXRc.exe

C:\Windows\System\qMeMVAi.exe

C:\Windows\System\qMeMVAi.exe

C:\Windows\System\EDQPRoV.exe

C:\Windows\System\EDQPRoV.exe

C:\Windows\System\aiwkUYd.exe

C:\Windows\System\aiwkUYd.exe

C:\Windows\System\YzaOOBE.exe

C:\Windows\System\YzaOOBE.exe

C:\Windows\System\ScpfipG.exe

C:\Windows\System\ScpfipG.exe

C:\Windows\System\xNPhgxB.exe

C:\Windows\System\xNPhgxB.exe

C:\Windows\System\rIkEOnm.exe

C:\Windows\System\rIkEOnm.exe

C:\Windows\System\NAbhATt.exe

C:\Windows\System\NAbhATt.exe

C:\Windows\System\okPHSxB.exe

C:\Windows\System\okPHSxB.exe

C:\Windows\System\FOERRKh.exe

C:\Windows\System\FOERRKh.exe

C:\Windows\System\yZYVFzV.exe

C:\Windows\System\yZYVFzV.exe

C:\Windows\System\scRMPLq.exe

C:\Windows\System\scRMPLq.exe

C:\Windows\System\FXiQcdv.exe

C:\Windows\System\FXiQcdv.exe

C:\Windows\System\BfcWWzi.exe

C:\Windows\System\BfcWWzi.exe

C:\Windows\System\WBpQaOd.exe

C:\Windows\System\WBpQaOd.exe

C:\Windows\System\RqlzmSe.exe

C:\Windows\System\RqlzmSe.exe

C:\Windows\System\EhGVhaM.exe

C:\Windows\System\EhGVhaM.exe

C:\Windows\System\XMFLyBS.exe

C:\Windows\System\XMFLyBS.exe

C:\Windows\System\gvwHCSL.exe

C:\Windows\System\gvwHCSL.exe

C:\Windows\System\eiwCNdO.exe

C:\Windows\System\eiwCNdO.exe

C:\Windows\System\kFSxGcR.exe

C:\Windows\System\kFSxGcR.exe

C:\Windows\System\VylGSdy.exe

C:\Windows\System\VylGSdy.exe

C:\Windows\System\ZWmHybe.exe

C:\Windows\System\ZWmHybe.exe

C:\Windows\System\EIbGtFP.exe

C:\Windows\System\EIbGtFP.exe

C:\Windows\System\vuOwlfT.exe

C:\Windows\System\vuOwlfT.exe

C:\Windows\System\cKkGqKG.exe

C:\Windows\System\cKkGqKG.exe

C:\Windows\System\dsBHRwV.exe

C:\Windows\System\dsBHRwV.exe

C:\Windows\System\MxMADmV.exe

C:\Windows\System\MxMADmV.exe

C:\Windows\System\lLJIdjJ.exe

C:\Windows\System\lLJIdjJ.exe

C:\Windows\System\rvFAxNK.exe

C:\Windows\System\rvFAxNK.exe

C:\Windows\System\VhSJXwl.exe

C:\Windows\System\VhSJXwl.exe

C:\Windows\System\BBJtahb.exe

C:\Windows\System\BBJtahb.exe

C:\Windows\System\VhjDsGG.exe

C:\Windows\System\VhjDsGG.exe

C:\Windows\System\jAShzWT.exe

C:\Windows\System\jAShzWT.exe

C:\Windows\System\ikAccdx.exe

C:\Windows\System\ikAccdx.exe

C:\Windows\System\PcYIUkN.exe

C:\Windows\System\PcYIUkN.exe

C:\Windows\System\GqQgmBF.exe

C:\Windows\System\GqQgmBF.exe

C:\Windows\System\MlKbrUX.exe

C:\Windows\System\MlKbrUX.exe

C:\Windows\System\eKFQQoC.exe

C:\Windows\System\eKFQQoC.exe

C:\Windows\System\GKhsYQi.exe

C:\Windows\System\GKhsYQi.exe

C:\Windows\System\YmRWnmG.exe

C:\Windows\System\YmRWnmG.exe

C:\Windows\System\owwcfoj.exe

C:\Windows\System\owwcfoj.exe

C:\Windows\System\JemtmIr.exe

C:\Windows\System\JemtmIr.exe

C:\Windows\System\qkKxnDx.exe

C:\Windows\System\qkKxnDx.exe

C:\Windows\System\CWMhzZG.exe

C:\Windows\System\CWMhzZG.exe

C:\Windows\System\IAJEHZZ.exe

C:\Windows\System\IAJEHZZ.exe

C:\Windows\System\jWTJVNb.exe

C:\Windows\System\jWTJVNb.exe

C:\Windows\System\VlisRjz.exe

C:\Windows\System\VlisRjz.exe

C:\Windows\System\jCwLNkt.exe

C:\Windows\System\jCwLNkt.exe

C:\Windows\System\mSuDkaO.exe

C:\Windows\System\mSuDkaO.exe

C:\Windows\System\eaYQsQN.exe

C:\Windows\System\eaYQsQN.exe

C:\Windows\System\soQsfnG.exe

C:\Windows\System\soQsfnG.exe

C:\Windows\System\OGSHUDY.exe

C:\Windows\System\OGSHUDY.exe

C:\Windows\System\ssWFiGQ.exe

C:\Windows\System\ssWFiGQ.exe

C:\Windows\System\gZAJpJJ.exe

C:\Windows\System\gZAJpJJ.exe

C:\Windows\System\JyIbiiy.exe

C:\Windows\System\JyIbiiy.exe

C:\Windows\System\xFVwegE.exe

C:\Windows\System\xFVwegE.exe

C:\Windows\System\eKCGbLo.exe

C:\Windows\System\eKCGbLo.exe

C:\Windows\System\djCLAvT.exe

C:\Windows\System\djCLAvT.exe

C:\Windows\System\babpUyl.exe

C:\Windows\System\babpUyl.exe

C:\Windows\System\EpKRwWN.exe

C:\Windows\System\EpKRwWN.exe

C:\Windows\System\noIBrbt.exe

C:\Windows\System\noIBrbt.exe

C:\Windows\System\HNJUoaW.exe

C:\Windows\System\HNJUoaW.exe

C:\Windows\System\YtBtErN.exe

C:\Windows\System\YtBtErN.exe

C:\Windows\System\QEyPTlW.exe

C:\Windows\System\QEyPTlW.exe

C:\Windows\System\gcPDGvm.exe

C:\Windows\System\gcPDGvm.exe

C:\Windows\System\sbsmfsC.exe

C:\Windows\System\sbsmfsC.exe

C:\Windows\System\BCgxWic.exe

C:\Windows\System\BCgxWic.exe

C:\Windows\System\VLAKEXB.exe

C:\Windows\System\VLAKEXB.exe

C:\Windows\System\duLEdTb.exe

C:\Windows\System\duLEdTb.exe

C:\Windows\System\PfNVRCV.exe

C:\Windows\System\PfNVRCV.exe

C:\Windows\System\yQEqcoh.exe

C:\Windows\System\yQEqcoh.exe

C:\Windows\System\ZtFwzrJ.exe

C:\Windows\System\ZtFwzrJ.exe

C:\Windows\System\xxRbYHX.exe

C:\Windows\System\xxRbYHX.exe

C:\Windows\System\yUzYShz.exe

C:\Windows\System\yUzYShz.exe

C:\Windows\System\JAcAQEV.exe

C:\Windows\System\JAcAQEV.exe

C:\Windows\System\zRalMqp.exe

C:\Windows\System\zRalMqp.exe

C:\Windows\System\yjXZQfG.exe

C:\Windows\System\yjXZQfG.exe

C:\Windows\System\DWoRRaZ.exe

C:\Windows\System\DWoRRaZ.exe

C:\Windows\System\zqAOOpm.exe

C:\Windows\System\zqAOOpm.exe

C:\Windows\System\UnTcWrP.exe

C:\Windows\System\UnTcWrP.exe

C:\Windows\System\coNACtd.exe

C:\Windows\System\coNACtd.exe

C:\Windows\System\nsSVPGK.exe

C:\Windows\System\nsSVPGK.exe

C:\Windows\System\kxPLDor.exe

C:\Windows\System\kxPLDor.exe

C:\Windows\System\IIpbJaR.exe

C:\Windows\System\IIpbJaR.exe

C:\Windows\System\oNbdXrv.exe

C:\Windows\System\oNbdXrv.exe

C:\Windows\System\dFOvNSl.exe

C:\Windows\System\dFOvNSl.exe

C:\Windows\System\LOCzQfo.exe

C:\Windows\System\LOCzQfo.exe

C:\Windows\System\VDYUzzY.exe

C:\Windows\System\VDYUzzY.exe

C:\Windows\System\zZLgxgK.exe

C:\Windows\System\zZLgxgK.exe

C:\Windows\System\VdOhnfW.exe

C:\Windows\System\VdOhnfW.exe

C:\Windows\System\GgKaBlw.exe

C:\Windows\System\GgKaBlw.exe

C:\Windows\System\TFAITbv.exe

C:\Windows\System\TFAITbv.exe

C:\Windows\System\YxwYQSC.exe

C:\Windows\System\YxwYQSC.exe

C:\Windows\System\OvtDIEN.exe

C:\Windows\System\OvtDIEN.exe

C:\Windows\System\HOMznQL.exe

C:\Windows\System\HOMznQL.exe

C:\Windows\System\SZwfqVl.exe

C:\Windows\System\SZwfqVl.exe

C:\Windows\System\RoNwzZt.exe

C:\Windows\System\RoNwzZt.exe

C:\Windows\System\uUeWXqR.exe

C:\Windows\System\uUeWXqR.exe

C:\Windows\System\JdlsObO.exe

C:\Windows\System\JdlsObO.exe

C:\Windows\System\ZVFcItD.exe

C:\Windows\System\ZVFcItD.exe

C:\Windows\System\kMJhWIN.exe

C:\Windows\System\kMJhWIN.exe

C:\Windows\System\srWQhrT.exe

C:\Windows\System\srWQhrT.exe

C:\Windows\System\dZuknVO.exe

C:\Windows\System\dZuknVO.exe

C:\Windows\System\NBWyJbv.exe

C:\Windows\System\NBWyJbv.exe

C:\Windows\System\YUIWLWk.exe

C:\Windows\System\YUIWLWk.exe

C:\Windows\System\aTJWGxx.exe

C:\Windows\System\aTJWGxx.exe

C:\Windows\System\iLuiQkm.exe

C:\Windows\System\iLuiQkm.exe

C:\Windows\System\GmAtbqh.exe

C:\Windows\System\GmAtbqh.exe

C:\Windows\System\DzlbtlX.exe

C:\Windows\System\DzlbtlX.exe

C:\Windows\System\bvocGva.exe

C:\Windows\System\bvocGva.exe

C:\Windows\System\aNrBiAi.exe

C:\Windows\System\aNrBiAi.exe

C:\Windows\System\LHXqhla.exe

C:\Windows\System\LHXqhla.exe

C:\Windows\System\WMaPTxC.exe

C:\Windows\System\WMaPTxC.exe

C:\Windows\System\IvzSeEG.exe

C:\Windows\System\IvzSeEG.exe

C:\Windows\System\rYWOfBs.exe

C:\Windows\System\rYWOfBs.exe

C:\Windows\System\hKPqIbP.exe

C:\Windows\System\hKPqIbP.exe

C:\Windows\System\AIPDFOB.exe

C:\Windows\System\AIPDFOB.exe

C:\Windows\System\yrsAXqi.exe

C:\Windows\System\yrsAXqi.exe

C:\Windows\System\KIDfLIg.exe

C:\Windows\System\KIDfLIg.exe

C:\Windows\System\snrhGDd.exe

C:\Windows\System\snrhGDd.exe

C:\Windows\System\BtjSazE.exe

C:\Windows\System\BtjSazE.exe

C:\Windows\System\pSvEjkQ.exe

C:\Windows\System\pSvEjkQ.exe

C:\Windows\System\wgzmOpb.exe

C:\Windows\System\wgzmOpb.exe

C:\Windows\System\otQMQVU.exe

C:\Windows\System\otQMQVU.exe

C:\Windows\System\KupxeIE.exe

C:\Windows\System\KupxeIE.exe

C:\Windows\System\UzfOmXa.exe

C:\Windows\System\UzfOmXa.exe

C:\Windows\System\ODnFTsR.exe

C:\Windows\System\ODnFTsR.exe

C:\Windows\System\UoRLxUv.exe

C:\Windows\System\UoRLxUv.exe

C:\Windows\System\LCSZSSR.exe

C:\Windows\System\LCSZSSR.exe

C:\Windows\System\aGjdJCo.exe

C:\Windows\System\aGjdJCo.exe

C:\Windows\System\nkNPJzJ.exe

C:\Windows\System\nkNPJzJ.exe

C:\Windows\System\oyzSDYv.exe

C:\Windows\System\oyzSDYv.exe

C:\Windows\System\emMwmBV.exe

C:\Windows\System\emMwmBV.exe

C:\Windows\System\bzegJlY.exe

C:\Windows\System\bzegJlY.exe

C:\Windows\System\HeuNBcT.exe

C:\Windows\System\HeuNBcT.exe

C:\Windows\System\wiROzKy.exe

C:\Windows\System\wiROzKy.exe

C:\Windows\System\NdDuoCP.exe

C:\Windows\System\NdDuoCP.exe

C:\Windows\System\EDUHENx.exe

C:\Windows\System\EDUHENx.exe

C:\Windows\System\YvNJpzh.exe

C:\Windows\System\YvNJpzh.exe

C:\Windows\System\ltShLiS.exe

C:\Windows\System\ltShLiS.exe

C:\Windows\System\kylYxMr.exe

C:\Windows\System\kylYxMr.exe

C:\Windows\System\rUMyfmQ.exe

C:\Windows\System\rUMyfmQ.exe

C:\Windows\System\YLYYAwE.exe

C:\Windows\System\YLYYAwE.exe

C:\Windows\System\zLDHWBe.exe

C:\Windows\System\zLDHWBe.exe

C:\Windows\System\eMaLEsn.exe

C:\Windows\System\eMaLEsn.exe

C:\Windows\System\gUHWQWq.exe

C:\Windows\System\gUHWQWq.exe

C:\Windows\System\viFfYIp.exe

C:\Windows\System\viFfYIp.exe

C:\Windows\System\DZpXiDc.exe

C:\Windows\System\DZpXiDc.exe

C:\Windows\System\JTjxMGU.exe

C:\Windows\System\JTjxMGU.exe

C:\Windows\System\tJXcCPf.exe

C:\Windows\System\tJXcCPf.exe

C:\Windows\System\OeNbPgg.exe

C:\Windows\System\OeNbPgg.exe

C:\Windows\System\lrmcygj.exe

C:\Windows\System\lrmcygj.exe

C:\Windows\System\GsnpwhR.exe

C:\Windows\System\GsnpwhR.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2944-0-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\hwHdemf.exe

MD5 c38d10cf9c16b5555fcd9a821b29a35a
SHA1 1e0d518d2ba4718f142519ac3e2cf141daf566cd
SHA256 5b31c94c0d192fcf5629f6b72694e67bbceeef2ab553d29e6cf4e372bccd6177
SHA512 6b51f8b02abd95aa5c8bda3577ee42eeb4f5702acfb2af717e67a4a4063d0c6a828d205a668dbcebb0c9b7b5a9b6851100a791a311f20637c8064b207e3c0b1c

C:\Windows\system\irmejUU.exe

MD5 b0807cf43ec794b79c8dcdaeaf53adc5
SHA1 93ff4f145b5f8a4bcfd0340e08bcc2089a0c2441
SHA256 e10168cca145f08cd1032361e8aeb1dc67104fc926a2303fd9e009c755753fdb
SHA512 16968764fc33fb97a4e7c02360da9ac3be264bf409ebdce6bae2e6d48c9aa4aaed77595d836083c07414f82aa93ae993ca26dab1952e9fbe3f8e9556a50770f1

memory/2944-8-0x0000000002120000-0x0000000002474000-memory.dmp

C:\Windows\system\wuAncvU.exe

MD5 be125a8f1cdd287a3f01f9668982043e
SHA1 24c19773cad6c6ad24e34ba796692d541456dcf2
SHA256 e8227799e49e23a851b9ae27db6c4f8bc85205a586492be2ebfaf2cae41eea8b
SHA512 af69ddf825711c7acfa447f9c774470239958e6dbbff50a49fe941c96ed5b228feec9393090b7c07468ef061aac7f539a8b3415e9bde56a2515acf1003e390e6

C:\Windows\system\tugfiiu.exe

MD5 d716b60d4a8842ecb709a4c7b0a45cf2
SHA1 52e2640722d99b147d97689b21ec6548136471ba
SHA256 be058ae188771c330fda60be2c6169f1914676f71bdeb8869dcca7d795795b13
SHA512 a40b5fadcfb09a86b9537b9f30523adb6b71148fc3dc391da2585031df49761acc723e7f297ef8d1dc025f7047a2b4ae26ceca22ba3b6db1faf55cb736e47a3f

\Windows\system\xNkClum.exe

MD5 129016dc1ba83443e1f07164d1d2457e
SHA1 1c244f0a401a02a8122cce1a11fc1602ae28506f
SHA256 1fd16475608790af137ef490f030b224aa123026a0e00d4876bad6ec43af1b23
SHA512 6487f056b5722d6ff7de4a9921d04bb35f16356ce1a9dbfd05430dd2e6fe9bd5d8ddb17f01e25a3a37d7694df547f569ddd8137b7862fd9d1d16b49e3a5b09ae

memory/2704-67-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2944-85-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2308-97-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2944-100-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-106-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2944-110-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2436-111-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2944-109-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2568-108-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2508-107-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2944-105-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2944-104-0x000000013F640000-0x000000013F994000-memory.dmp

C:\Windows\system\YGrkpgA.exe

MD5 94a26c555685b475368de1f815e525b0
SHA1 9c2f93b68f4706707f33d3786522d0ad926fd465
SHA256 ccf0e05d4737ea2e50ded90c9566d2d22a2edc7703e982ae49876aadd27645dc
SHA512 18dbe28f8fd30eab2697836274f5571ee978d471a25cf4536db762118475bc847edc3705be23bed1859edeefc7fac68472640c3633a5c574b632f2473c451a2a

\Windows\system\VHZcGak.exe

MD5 f2d629ca7ef52e435d6d3ef1c7d0f199
SHA1 916a212b97620d54dc66c3fa047e23d89b15b753
SHA256 d2857c4be117e5e5c34b9e2405b989b64229bfbd640c03aad97e1701cc1f6329
SHA512 0aebbcb8acc8eb5ce998c35befeec5822be95b1291e9e4f2ccd0640b6bfa5be1af0220842c51970d2be8cdeda6009dc417df5b6b4b9fb0e0a1e5434a1b11b7fb

C:\Windows\system\iQqhWmw.exe

MD5 fe1d7cb58c39a644ed501653c1f0504d
SHA1 a84b74b65d759543c863202d045dae761b39dff5
SHA256 c9c7ef2560f32cb7b6af27296e5868c4c7596ecaff03f2a56632a813f9576f3b
SHA512 b9f2c7c1da2fff5ee54fffae72e13279b7116b3c28214623212adb0344897e5aa1a3b820622e71059d21bf0269eabdcd55d143bffa4f31dc5de31f90f9c49530

\Windows\system\xPFxnqU.exe

MD5 72fb7e4d0badde3e84efad791ecd3e7c
SHA1 c89181ab3f87bc38db30c3454c25be12ac73c280
SHA256 0d63e3c46d7f1fa51165550e8d062af644fbabe85b63630b0c3b1d8920013309
SHA512 4fd3a0fadad3efa8ba19f8df0761988dc6515dbf8f9fad84d06dfddfcab1c4182c6754e7c1c1af3ec5a1a41a27fbfe6ef1a8f502b60e1d52225ee8bc5cf78d6a

\Windows\system\qbFQxiC.exe

MD5 fa57fa7ddee12730656d7f0a9dda54f0
SHA1 7dbf8de87f79c9f2c9f36224af6c73647337278e
SHA256 f8995e351a4ff2dc0071efb42477c374c8c9954a1bca9c0016ff744b28061c08
SHA512 cbc1640a1f1740c0ea5a184394afaa23e5026780800e6aa347476e33a93d14c6620d92865c1727839b0a0f1f44d874658a5c5c6c985e0c10c1559c7842b45e61

C:\Windows\system\YVxONYt.exe

MD5 c5e2b92ae257f08e7d7fb54795bbc79f
SHA1 130b0fd3c2ccc2dcadd32588e48d251247985d72
SHA256 dd1c0537ef9fd7f4dc669b331747f02c343bb2adfd81d1dfe6cf8bd4005038b5
SHA512 d34a8ce084dbd74b9c708721ad505ec523cd7697fa1098233460a464e509b82756113ac276e2d81a85e183ac3b093294669d0f900c4504a88ffecc6a11fb5643

C:\Windows\system\GaBiGpV.exe

MD5 6662e3cc96d7a7b5d6427e82b9f26cac
SHA1 3136597621ab6a8e01e7294ab7b435291b148bc1
SHA256 7b64e113d38ad451dc7f9427ed1529559bd0c8195a3aaf9c1cdcf111fb97549a
SHA512 8122e87685a5693a5b65b4c3ce795b436469d0613ecb81514a7a32346e0f7563e9d9b43cc1ae1f7f42e1c5361b6460fbc51b5a30b9491059d0c3fba50a7e8a74

C:\Windows\system\HGqvbCO.exe

MD5 5af5fcb2a734c5cf1f757bbb325649d6
SHA1 273a828e506869ad00700f2f14bb0a9cb82e39e1
SHA256 c46f70f596905746ecaba3a3335b497868b323f8232defe0abae71941320b739
SHA512 7bd45fa6fd27f000b61cebdfd20f079f0bc749458dbc1738cee85a4a9cd38f9dd50a5e3ee2b0e68b81b2f285931d54b21046b821d2bb327731690a921613b0da

C:\Windows\system\AVHQpXm.exe

MD5 9fbad086fc355437a2d53dfd64252053
SHA1 ed1bcf3b4a3659dfe3542eea3802d4a6ef9e7603
SHA256 3272712d102e4b98fc781916e36599845b80e51d05119ab76c34a595c7d87fb0
SHA512 882663d47fbfe155232965eab073cc750302879839ec7ae6583247b93d3cd19760d95cd08d85b24db3410b2d088d759c267d56c7c13c8ac6f068a14cc9d3852c

C:\Windows\system\yIOIisE.exe

MD5 8e3fc5783ccdf855ff55f4613077d752
SHA1 80b6dca66f2213c2a54408dd4483bf94cb275f8c
SHA256 bd4165fbdeb87beea90ed208e645750d015280e2f0ecf93fa82ff892524c9443
SHA512 12cf3d2d5d69d4d3f3ea1e553153836dfb2a50a36ca09a80f4386c19b030fd85715bd6ac5fbd0d941496d3ded7447f84ad1be84cf151cd0e3d57433143281488

\Windows\system\yIOIisE.exe

MD5 46f39ca22e354584053aff23f0fceee9
SHA1 eda74b99b3d5de05fe36d47f06adb4b26935167a
SHA256 3c3960d651e42d9b368810590411024f2a4290485a53f5a94c8c9a600d768188
SHA512 b75dcaca0b61241f00aacb555f213a9b199e43076d19116b801ca3001673cdb65530f953002e443c801df351dd54194f6bc72ead1152bcdfe4b94271581635a2

C:\Windows\system\aSjPsFr.exe

MD5 5c335f55bf9721bea91ad9baee38ccb6
SHA1 39f6c052a3637573ce750c210a4d7049e62b0a16
SHA256 7177012f4f74e7531e76a84d9db591abb14e3f93df937640efdb651c7c038e40
SHA512 6230eff83a60906e1612ee8ee6cbea8c5b8ed1b1ac2160049e2fee427715550b83073fcc7e25a968175f8c3af6125721c560380241f8185864419aeab7ade371

\Windows\system\aSjPsFr.exe

MD5 d1bfd997fef4e33368ba605dc1a9e064
SHA1 6dab85a99ac71a69ecf2071210a1adca3cc1800b
SHA256 d983b30412359785a1f893d5201d5552d59baba66379d8af398db0765ff5b826
SHA512 7587949201cff0617b657f558d4218eb96135074b8239e081338412cd0bf121bc9e29a6f8a1cc496b95444e73198c713abbe17f53fa548070155a5c6e91a88e0

C:\Windows\system\dMSVWNg.exe

MD5 057d0a70aa238e016cfeccac92cb0221
SHA1 5ea066dd0da41d64532d1d26d478cd3ab083c770
SHA256 7453baeee2771d4e7a176df798fbfe5e5133c143e91805fd5758fea1097beef4
SHA512 805468e430114e2782339c0104874cdd403f8bb32a372469a5aee901adfdc59b9171b34ee8d12dd4ce386fb64f49ff3e466ce8f4adeebd2bdafec27a2ae7a135

\Windows\system\YGrkpgA.exe

MD5 f433193c11ce64dd1e2517991ec9f29e
SHA1 90df4ad6b9554cfc4930b90a45a738194a3db176
SHA256 f94467274ab855ba3835a7d10b49f5f7294208a0d29ff6c345c0fcf704b3760b
SHA512 b87f740ee2ac66060e7efdc6112815058b67b35f1de212a3a4d997632bbd7e09b1748996f2e8cf2f857b13b70653ffff44c9aeebc43f2fffbecf6ce6d1e6afae

C:\Windows\system\BtRYlBT.exe

MD5 23988bbceef3fe78137aed47ed4b7256
SHA1 33284c88a010af4b507ef17c10dcd6289bdf8152
SHA256 b7be0c492b9c40890f950dfbbd6ebd9beed3149beac97a7c68211ea1d0efbbfd
SHA512 327777d15e6735db4fadf4a00581f4ef28df1ed530390b4774b697d467a491c68a725d7bd230a5deecd45cd4b3bd620dea538d1753af26416d5020e5e9491574

C:\Windows\system\SQANqNf.exe

MD5 a7e06f107f9f5852bd8bb0afa823493b
SHA1 178e76688cefff8661f35234f07088d5f7e34e33
SHA256 c56592ccfa6450a31e601c9ec01396e004c9d5f74e5cb77b2fb42e71e0c9312b
SHA512 efc3f18f5af2c8d12094b134e1a2b02583aa6bb85071c5d5b324aafb5bd528d2d2c6b8d45774c0e94b01204cdd7dc0b8ba60f6c84d6447c9c3776908c6dca6d6

C:\Windows\system\hIRsxaL.exe

MD5 c713cf4cf177fa1716858432ed44f2b1
SHA1 90bd0246627842d57f4f92839e9aa6438b23b1dd
SHA256 b1cd23466158a650111707642fb0d8c99771d5f2949ed4c02b5a7f447a626cfd
SHA512 87313d427a068fc61b5665efcf4760850850e6bf71d70d2ecb8e114b5d70780b6aab538723b19e572570335555002b27bb5c2bda4e234cab5b90c8350b75a274

C:\Windows\system\YQjsRGt.exe

MD5 4f730797d8dc8e3eb792b36123917c67
SHA1 f34c67fa28b96a8cb920fa1015b6b157b979f788
SHA256 1e47779dc26e39d3db9eca79a95071b4551fa119df098ba87e6ce28aaa64d05b
SHA512 fd68b95ab264b8a9198de5d01450f01ed8895199ad8bf34c59049c9f31c4e3dda3bb8ccd4750dabafe3dbe41c8f4cd4ede70d7f56553915beab50d3c251aee5c

memory/1776-103-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2944-102-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-101-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-99-0x0000000002120000-0x0000000002474000-memory.dmp

memory/3012-98-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2804-96-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2944-94-0x000000013F5D0000-0x000000013F924000-memory.dmp

C:\Windows\system\hKvMNoD.exe

MD5 0832aec722cce4fe7988d382873c9f3a
SHA1 60ca1a59e9615b48c80c925369a3fe138f7d4efd
SHA256 5aaf5ce86571c36c480addac1df9df17b953d6f81a754a3f9356288057aaf4a0
SHA512 a7deb740f62b2e7c7c2ebf52ce05e42539cea9c046eb1508e4105c17c40e665238f80190e02cc7b4e37f25917b80e777682727140c02da3c798cc49df4fc0885

memory/2904-89-0x000000013FBE0000-0x000000013FF34000-memory.dmp

C:\Windows\system\LBAyfJA.exe

MD5 ebc3b63d6f3c056bd877168775198dd4
SHA1 8e7eba6536b5278ac55cd4cf0759c97eb065d4ba
SHA256 6cdc3e0aea361b51c4cdcae539579acde73381a9bc00b10257b4e5471d0036f9
SHA512 f1b07a570e415bc0ac9c9714e1b5a9f858041b910cd242fe5cdeaa7aa2447b870c16cee230b0ec1b7f70a408f2ebaeda16a2348c797afeb0db8d5bb634ef4029

C:\Windows\system\gHHODSn.exe

MD5 7389a688f435555d71abd98aa37fbd6a
SHA1 4473a55e7b4da51d8044bdfff27af92db5a2841b
SHA256 e06b5313eac83700f7bc5a07344baddef84cebc55889a7de30a01e41af7ee4d4
SHA512 7042cda34fb381007befd460d3570bdb45b4a504b91583ecb962412c68e23f6dac7d28ea7b13b911157d1972953742be7b3ea69b7b04f885044ee00cecae594e

C:\Windows\system\kkUsLdv.exe

MD5 82b56214106c325d638af7b0aacc955d
SHA1 bc3829663e2a917846f94f7dab0484056e4fa864
SHA256 43e41f7be3765d7fcc381b2408dde976cd912fd2bbf55182f9cf023dd68993d6
SHA512 3f4171f5f97f5a327734052c2dbfe7550de2985672c1ec490215dadcb61f0077b5ca3ec845e9da59c18f3297e004bd6626da8cc763d42fd3980583bf8e691950

memory/2916-80-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2944-72-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

C:\Windows\system\XUbIVij.exe

MD5 a0f3850f02f642d3e207156ca464953e
SHA1 2d10cc506263303c8dc73a4d03d890cfca967d4f
SHA256 aadf699861ef22ec025dfe55114b12676ab8d264bfa1e2a320ad65d38089997c
SHA512 f28d5753553c15164726030de4734cb44f34039df9aa85570d6df7d764b66b4f390068acbcc92d7136c9448e459e02cda5aca761ecc4e1b2490dccc0200a63c9

C:\Windows\system\nQvwWBe.exe

MD5 a7ffcd652c4fa86b7742c240b9e51703
SHA1 ce436ca34603c1dbe82ff59bf25231f9e567a0aa
SHA256 8c96ff6db56efac3512eb23c6a28e60c8d5e7bcf785fb20aaa6b5cdf51d17adb
SHA512 904201d0b9fe5608a8043fe903a72b3572ca0b0d646f984e8d29f90651449dd8d1ff607bdc27d78005253ac0bbcc4a248f5e29d2dc9006769371fd387f2e0811

memory/2944-62-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2644-58-0x000000013F1D0000-0x000000013F524000-memory.dmp

memory/2944-57-0x000000013F1D0000-0x000000013F524000-memory.dmp

C:\Windows\system\PuVZDKR.exe

MD5 75ddc0cda4179585ec3fe28fe83e0c7d
SHA1 0e833453736af752ba80b0b543782b8612137a10
SHA256 61508d92e736e379f57dc1254c0723f9055d6ec5b9d4f20119347c899d513048
SHA512 68992a0ec6b02b1914355d5d27dc70f3e8380b0f704ed37f6889b596b16fd5f544cba86e72f02764e1da9e43ca0cf03e72e563eb8a05c9dfbc43fbe704210da8

memory/2596-53-0x000000013FCF0000-0x0000000140044000-memory.dmp

\Windows\system\dXKUMqk.exe

MD5 f7fc9e414a3c2b65779015f50a02ab92
SHA1 9fdb9930a2cd5a8a55f2e118a681ec6efbcbd520
SHA256 674272419cdfb5679dda025a19381da5c2dbfbf830bf16958858a6964d7b2bc5
SHA512 70ab597ac3241faad607ce5c83463627eaf578c60e99038c7872cf4de84f1761ff89a6cf9159e48cb25f3fa4ec360b863b3fe86e712bad1121a3f9efa8085668

memory/2944-46-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-1070-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-1072-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2944-1073-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-1071-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2944-1069-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\kgscWmf.exe

MD5 1f5b0c0dca46f885f90e8dc738acfabf
SHA1 e68405425fe65769455383f395423321112e2b99
SHA256 27bc0185b3fee7f28dd37a946e92a6137906cb9e09de9b42c951fbf0ef475c6f
SHA512 0562bcbb2c0305c5f9921682f19c13d670bc73c3e9da4de5dc907c3e3541b3eaf9042faeb336681a7f0243c4c90df1acda9e3cc4644b92019d547d23fbfbe1ed

memory/2416-36-0x000000013FBB0000-0x000000013FF04000-memory.dmp

C:\Windows\system\ceSmaWN.exe

MD5 fa9e2422a484561270421c732960bbe9
SHA1 321360e4c41ac8f3e8e72e4506129a935f51fc8f
SHA256 d727ac50e8d8b050cb55ad3e39b1accdbc0111b7b654005e45663b290cad6554
SHA512 0b98fb4e1a6915227de3fc34006374d3556091eb3ac477b7a851c59faa2242583d37f266521afa9612524fc45762597b676c1a3e0c36a7f615abfd3275c00053

C:\Windows\system\OqCKLqS.exe

MD5 294cf3b3538e8c168b1be7e3d56ba62e
SHA1 62087112b1ce61247bb478149896122bb95ae831
SHA256 419d1c015aa6e89752e54457abef6a7f12fe2f7ad8f2ad23978f401941f5b0bf
SHA512 3b9f89556f4b577328f477992f8d21dc219227160baea0d270d742e30b3cb28b3796bea0005c397118aadbd567241fb88b3529de9acda3d5ca80cbe79b4d4110

memory/2944-1-0x0000000000080000-0x0000000000090000-memory.dmp

memory/2944-1074-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-1075-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2944-1077-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2944-1076-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2416-1078-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2308-1087-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2568-1089-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2436-1090-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2508-1088-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2804-1086-0x000000013F640000-0x000000013F994000-memory.dmp

memory/3012-1085-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2904-1084-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2916-1083-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

memory/2644-1082-0x000000013F1D0000-0x000000013F524000-memory.dmp

memory/1776-1081-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2704-1080-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2596-1079-0x000000013FCF0000-0x0000000140044000-memory.dmp