Malware Analysis Report

2024-10-10 08:36

Sample ID 240607-ads7kaea9s
Target 2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe
SHA256 f09a3c1f40f5ca090ffc3e2e37aeae46c98a2464c4602711231e5d897e9824fb
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f09a3c1f40f5ca090ffc3e2e37aeae46c98a2464c4602711231e5d897e9824fb

Threat Level: Known bad

The file 2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

KPOT Core Executable

Xmrig family

xmrig

XMRig Miner payload

Kpot family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 00:06

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 00:06

Reported

2024-06-07 00:09

Platform

win7-20240508-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\caqyqRv.exe N/A
N/A N/A C:\Windows\System\dtuwtRJ.exe N/A
N/A N/A C:\Windows\System\rRMVaDS.exe N/A
N/A N/A C:\Windows\System\zxoxwYv.exe N/A
N/A N/A C:\Windows\System\RNNbQwN.exe N/A
N/A N/A C:\Windows\System\uzMexOV.exe N/A
N/A N/A C:\Windows\System\KfsONpZ.exe N/A
N/A N/A C:\Windows\System\vXLSOAa.exe N/A
N/A N/A C:\Windows\System\RdmmuLt.exe N/A
N/A N/A C:\Windows\System\TyxuWYR.exe N/A
N/A N/A C:\Windows\System\WHcxUse.exe N/A
N/A N/A C:\Windows\System\ODZEMCX.exe N/A
N/A N/A C:\Windows\System\wYbnaBF.exe N/A
N/A N/A C:\Windows\System\ULyADbT.exe N/A
N/A N/A C:\Windows\System\IzvdYsn.exe N/A
N/A N/A C:\Windows\System\EqhirOK.exe N/A
N/A N/A C:\Windows\System\obwpiFi.exe N/A
N/A N/A C:\Windows\System\GfoTcvQ.exe N/A
N/A N/A C:\Windows\System\LFAOHkG.exe N/A
N/A N/A C:\Windows\System\JgJHZOK.exe N/A
N/A N/A C:\Windows\System\HnKjpSA.exe N/A
N/A N/A C:\Windows\System\IaZmLeR.exe N/A
N/A N/A C:\Windows\System\IokMlcT.exe N/A
N/A N/A C:\Windows\System\DCNZtGN.exe N/A
N/A N/A C:\Windows\System\iAQMLHA.exe N/A
N/A N/A C:\Windows\System\CCAUgOU.exe N/A
N/A N/A C:\Windows\System\siqudMC.exe N/A
N/A N/A C:\Windows\System\yOBIrzQ.exe N/A
N/A N/A C:\Windows\System\SSIsZfI.exe N/A
N/A N/A C:\Windows\System\qwmOAKj.exe N/A
N/A N/A C:\Windows\System\hKfQIWU.exe N/A
N/A N/A C:\Windows\System\NBSyWpe.exe N/A
N/A N/A C:\Windows\System\tzpwlKQ.exe N/A
N/A N/A C:\Windows\System\JGRESEn.exe N/A
N/A N/A C:\Windows\System\FAazPzp.exe N/A
N/A N/A C:\Windows\System\rZSCjfn.exe N/A
N/A N/A C:\Windows\System\cTLjFwO.exe N/A
N/A N/A C:\Windows\System\gPTMegb.exe N/A
N/A N/A C:\Windows\System\aYtDCHB.exe N/A
N/A N/A C:\Windows\System\eHewciZ.exe N/A
N/A N/A C:\Windows\System\FIVaaRY.exe N/A
N/A N/A C:\Windows\System\mXsJyUR.exe N/A
N/A N/A C:\Windows\System\RerFIKZ.exe N/A
N/A N/A C:\Windows\System\LVvPsOg.exe N/A
N/A N/A C:\Windows\System\whevLGI.exe N/A
N/A N/A C:\Windows\System\Qfosvsx.exe N/A
N/A N/A C:\Windows\System\jgIiRIp.exe N/A
N/A N/A C:\Windows\System\kNjjdYP.exe N/A
N/A N/A C:\Windows\System\IOJSNLX.exe N/A
N/A N/A C:\Windows\System\mucDVSF.exe N/A
N/A N/A C:\Windows\System\ZtddJwS.exe N/A
N/A N/A C:\Windows\System\JTbstWQ.exe N/A
N/A N/A C:\Windows\System\XlbHQSj.exe N/A
N/A N/A C:\Windows\System\JcYXEoY.exe N/A
N/A N/A C:\Windows\System\aoXQNHb.exe N/A
N/A N/A C:\Windows\System\ZXCEDcg.exe N/A
N/A N/A C:\Windows\System\oWUiTAt.exe N/A
N/A N/A C:\Windows\System\nrotpls.exe N/A
N/A N/A C:\Windows\System\ORfQdVl.exe N/A
N/A N/A C:\Windows\System\TPFwDub.exe N/A
N/A N/A C:\Windows\System\hMNEtNq.exe N/A
N/A N/A C:\Windows\System\QPWRihd.exe N/A
N/A N/A C:\Windows\System\PkDUhji.exe N/A
N/A N/A C:\Windows\System\nQnTNKg.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LFAOHkG.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCNZtGN.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAQMLHA.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJIqxzt.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACiLKpT.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbMFmrR.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOyFMNd.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\caqyqRv.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TPFwDub.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJntgiw.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqoWPqa.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZjzSlBd.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\erRmpjL.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYtDCHB.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpiWHAD.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJnGsRk.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKNzZyy.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkZjQKz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfoTcvQ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkPvXlj.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGgBDLO.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEXoXRV.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFgBxvb.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXLSOAa.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqhirOK.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMNEtNq.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLyiSkW.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\xuXOlEr.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAazPzp.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\cTLjFwO.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EnVNfsZ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\DNdBxRw.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdmmuLt.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOJSNLX.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNlaled.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxoxwYv.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfcoPEX.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogKZeIZ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxcEcKX.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYTKnCy.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbEiPsw.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqVNYtX.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwmOAKj.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\hutNcsJ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uUrXxSl.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWJsoNd.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwlRDkJ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWcjOFf.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWQVcfQ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\PeRwfIs.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IokMlcT.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSIsZfI.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNjjdYP.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\FkixiaZ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFrdPre.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\TATwtww.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsZBGaD.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mucDVSF.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVyQnNV.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\fILMTRQ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\DelDinz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IXOGRCG.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRAIeiO.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrotpls.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\caqyqRv.exe
PID 2148 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\caqyqRv.exe
PID 2148 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\caqyqRv.exe
PID 2148 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\dtuwtRJ.exe
PID 2148 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\dtuwtRJ.exe
PID 2148 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\dtuwtRJ.exe
PID 2148 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\rRMVaDS.exe
PID 2148 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\rRMVaDS.exe
PID 2148 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\rRMVaDS.exe
PID 2148 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\zxoxwYv.exe
PID 2148 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\zxoxwYv.exe
PID 2148 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\zxoxwYv.exe
PID 2148 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RNNbQwN.exe
PID 2148 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RNNbQwN.exe
PID 2148 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RNNbQwN.exe
PID 2148 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\uzMexOV.exe
PID 2148 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\uzMexOV.exe
PID 2148 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\uzMexOV.exe
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\KfsONpZ.exe
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\KfsONpZ.exe
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\KfsONpZ.exe
PID 2148 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\vXLSOAa.exe
PID 2148 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\vXLSOAa.exe
PID 2148 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\vXLSOAa.exe
PID 2148 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\TyxuWYR.exe
PID 2148 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\TyxuWYR.exe
PID 2148 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\TyxuWYR.exe
PID 2148 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RdmmuLt.exe
PID 2148 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RdmmuLt.exe
PID 2148 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RdmmuLt.exe
PID 2148 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\WHcxUse.exe
PID 2148 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\WHcxUse.exe
PID 2148 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\WHcxUse.exe
PID 2148 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ODZEMCX.exe
PID 2148 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ODZEMCX.exe
PID 2148 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ODZEMCX.exe
PID 2148 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\wYbnaBF.exe
PID 2148 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\wYbnaBF.exe
PID 2148 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\wYbnaBF.exe
PID 2148 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ULyADbT.exe
PID 2148 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ULyADbT.exe
PID 2148 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ULyADbT.exe
PID 2148 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IzvdYsn.exe
PID 2148 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IzvdYsn.exe
PID 2148 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IzvdYsn.exe
PID 2148 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\EqhirOK.exe
PID 2148 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\EqhirOK.exe
PID 2148 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\EqhirOK.exe
PID 2148 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\obwpiFi.exe
PID 2148 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\obwpiFi.exe
PID 2148 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\obwpiFi.exe
PID 2148 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\GfoTcvQ.exe
PID 2148 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\GfoTcvQ.exe
PID 2148 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\GfoTcvQ.exe
PID 2148 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LFAOHkG.exe
PID 2148 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LFAOHkG.exe
PID 2148 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LFAOHkG.exe
PID 2148 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\JgJHZOK.exe
PID 2148 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\JgJHZOK.exe
PID 2148 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\JgJHZOK.exe
PID 2148 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\HnKjpSA.exe
PID 2148 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\HnKjpSA.exe
PID 2148 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\HnKjpSA.exe
PID 2148 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IaZmLeR.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe"

C:\Windows\System\caqyqRv.exe

C:\Windows\System\caqyqRv.exe

C:\Windows\System\dtuwtRJ.exe

C:\Windows\System\dtuwtRJ.exe

C:\Windows\System\rRMVaDS.exe

C:\Windows\System\rRMVaDS.exe

C:\Windows\System\zxoxwYv.exe

C:\Windows\System\zxoxwYv.exe

C:\Windows\System\RNNbQwN.exe

C:\Windows\System\RNNbQwN.exe

C:\Windows\System\uzMexOV.exe

C:\Windows\System\uzMexOV.exe

C:\Windows\System\KfsONpZ.exe

C:\Windows\System\KfsONpZ.exe

C:\Windows\System\vXLSOAa.exe

C:\Windows\System\vXLSOAa.exe

C:\Windows\System\TyxuWYR.exe

C:\Windows\System\TyxuWYR.exe

C:\Windows\System\RdmmuLt.exe

C:\Windows\System\RdmmuLt.exe

C:\Windows\System\WHcxUse.exe

C:\Windows\System\WHcxUse.exe

C:\Windows\System\ODZEMCX.exe

C:\Windows\System\ODZEMCX.exe

C:\Windows\System\wYbnaBF.exe

C:\Windows\System\wYbnaBF.exe

C:\Windows\System\ULyADbT.exe

C:\Windows\System\ULyADbT.exe

C:\Windows\System\IzvdYsn.exe

C:\Windows\System\IzvdYsn.exe

C:\Windows\System\EqhirOK.exe

C:\Windows\System\EqhirOK.exe

C:\Windows\System\obwpiFi.exe

C:\Windows\System\obwpiFi.exe

C:\Windows\System\GfoTcvQ.exe

C:\Windows\System\GfoTcvQ.exe

C:\Windows\System\LFAOHkG.exe

C:\Windows\System\LFAOHkG.exe

C:\Windows\System\JgJHZOK.exe

C:\Windows\System\JgJHZOK.exe

C:\Windows\System\HnKjpSA.exe

C:\Windows\System\HnKjpSA.exe

C:\Windows\System\IaZmLeR.exe

C:\Windows\System\IaZmLeR.exe

C:\Windows\System\IokMlcT.exe

C:\Windows\System\IokMlcT.exe

C:\Windows\System\DCNZtGN.exe

C:\Windows\System\DCNZtGN.exe

C:\Windows\System\iAQMLHA.exe

C:\Windows\System\iAQMLHA.exe

C:\Windows\System\CCAUgOU.exe

C:\Windows\System\CCAUgOU.exe

C:\Windows\System\siqudMC.exe

C:\Windows\System\siqudMC.exe

C:\Windows\System\yOBIrzQ.exe

C:\Windows\System\yOBIrzQ.exe

C:\Windows\System\SSIsZfI.exe

C:\Windows\System\SSIsZfI.exe

C:\Windows\System\qwmOAKj.exe

C:\Windows\System\qwmOAKj.exe

C:\Windows\System\hKfQIWU.exe

C:\Windows\System\hKfQIWU.exe

C:\Windows\System\NBSyWpe.exe

C:\Windows\System\NBSyWpe.exe

C:\Windows\System\tzpwlKQ.exe

C:\Windows\System\tzpwlKQ.exe

C:\Windows\System\JGRESEn.exe

C:\Windows\System\JGRESEn.exe

C:\Windows\System\FAazPzp.exe

C:\Windows\System\FAazPzp.exe

C:\Windows\System\rZSCjfn.exe

C:\Windows\System\rZSCjfn.exe

C:\Windows\System\cTLjFwO.exe

C:\Windows\System\cTLjFwO.exe

C:\Windows\System\gPTMegb.exe

C:\Windows\System\gPTMegb.exe

C:\Windows\System\aYtDCHB.exe

C:\Windows\System\aYtDCHB.exe

C:\Windows\System\eHewciZ.exe

C:\Windows\System\eHewciZ.exe

C:\Windows\System\FIVaaRY.exe

C:\Windows\System\FIVaaRY.exe

C:\Windows\System\mXsJyUR.exe

C:\Windows\System\mXsJyUR.exe

C:\Windows\System\RerFIKZ.exe

C:\Windows\System\RerFIKZ.exe

C:\Windows\System\LVvPsOg.exe

C:\Windows\System\LVvPsOg.exe

C:\Windows\System\whevLGI.exe

C:\Windows\System\whevLGI.exe

C:\Windows\System\Qfosvsx.exe

C:\Windows\System\Qfosvsx.exe

C:\Windows\System\jgIiRIp.exe

C:\Windows\System\jgIiRIp.exe

C:\Windows\System\kNjjdYP.exe

C:\Windows\System\kNjjdYP.exe

C:\Windows\System\IOJSNLX.exe

C:\Windows\System\IOJSNLX.exe

C:\Windows\System\mucDVSF.exe

C:\Windows\System\mucDVSF.exe

C:\Windows\System\ZtddJwS.exe

C:\Windows\System\ZtddJwS.exe

C:\Windows\System\JTbstWQ.exe

C:\Windows\System\JTbstWQ.exe

C:\Windows\System\XlbHQSj.exe

C:\Windows\System\XlbHQSj.exe

C:\Windows\System\JcYXEoY.exe

C:\Windows\System\JcYXEoY.exe

C:\Windows\System\aoXQNHb.exe

C:\Windows\System\aoXQNHb.exe

C:\Windows\System\ZXCEDcg.exe

C:\Windows\System\ZXCEDcg.exe

C:\Windows\System\oWUiTAt.exe

C:\Windows\System\oWUiTAt.exe

C:\Windows\System\nrotpls.exe

C:\Windows\System\nrotpls.exe

C:\Windows\System\ORfQdVl.exe

C:\Windows\System\ORfQdVl.exe

C:\Windows\System\TPFwDub.exe

C:\Windows\System\TPFwDub.exe

C:\Windows\System\hMNEtNq.exe

C:\Windows\System\hMNEtNq.exe

C:\Windows\System\QPWRihd.exe

C:\Windows\System\QPWRihd.exe

C:\Windows\System\PkDUhji.exe

C:\Windows\System\PkDUhji.exe

C:\Windows\System\nQnTNKg.exe

C:\Windows\System\nQnTNKg.exe

C:\Windows\System\WJntgiw.exe

C:\Windows\System\WJntgiw.exe

C:\Windows\System\SmfRUEl.exe

C:\Windows\System\SmfRUEl.exe

C:\Windows\System\iJIqxzt.exe

C:\Windows\System\iJIqxzt.exe

C:\Windows\System\TpiWHAD.exe

C:\Windows\System\TpiWHAD.exe

C:\Windows\System\BWcjOFf.exe

C:\Windows\System\BWcjOFf.exe

C:\Windows\System\erFlQJs.exe

C:\Windows\System\erFlQJs.exe

C:\Windows\System\txZBrmA.exe

C:\Windows\System\txZBrmA.exe

C:\Windows\System\qMsCUXn.exe

C:\Windows\System\qMsCUXn.exe

C:\Windows\System\cPamraw.exe

C:\Windows\System\cPamraw.exe

C:\Windows\System\VUWmAjD.exe

C:\Windows\System\VUWmAjD.exe

C:\Windows\System\icsVQcI.exe

C:\Windows\System\icsVQcI.exe

C:\Windows\System\LRaKcgQ.exe

C:\Windows\System\LRaKcgQ.exe

C:\Windows\System\YdZMBdO.exe

C:\Windows\System\YdZMBdO.exe

C:\Windows\System\qVjkhdT.exe

C:\Windows\System\qVjkhdT.exe

C:\Windows\System\VODLwto.exe

C:\Windows\System\VODLwto.exe

C:\Windows\System\qvFTBoc.exe

C:\Windows\System\qvFTBoc.exe

C:\Windows\System\nsskdyj.exe

C:\Windows\System\nsskdyj.exe

C:\Windows\System\IhNKdUF.exe

C:\Windows\System\IhNKdUF.exe

C:\Windows\System\KmTPuEc.exe

C:\Windows\System\KmTPuEc.exe

C:\Windows\System\EnVNfsZ.exe

C:\Windows\System\EnVNfsZ.exe

C:\Windows\System\ffwwskj.exe

C:\Windows\System\ffwwskj.exe

C:\Windows\System\ocXhXEU.exe

C:\Windows\System\ocXhXEU.exe

C:\Windows\System\SxezCGk.exe

C:\Windows\System\SxezCGk.exe

C:\Windows\System\MLvgiLo.exe

C:\Windows\System\MLvgiLo.exe

C:\Windows\System\FkixiaZ.exe

C:\Windows\System\FkixiaZ.exe

C:\Windows\System\ACiLKpT.exe

C:\Windows\System\ACiLKpT.exe

C:\Windows\System\aTsZrsm.exe

C:\Windows\System\aTsZrsm.exe

C:\Windows\System\MeGjUST.exe

C:\Windows\System\MeGjUST.exe

C:\Windows\System\THPPlmW.exe

C:\Windows\System\THPPlmW.exe

C:\Windows\System\WAsGwht.exe

C:\Windows\System\WAsGwht.exe

C:\Windows\System\CWGiaDp.exe

C:\Windows\System\CWGiaDp.exe

C:\Windows\System\IUlYBjA.exe

C:\Windows\System\IUlYBjA.exe

C:\Windows\System\WfcoPEX.exe

C:\Windows\System\WfcoPEX.exe

C:\Windows\System\zpRTHmz.exe

C:\Windows\System\zpRTHmz.exe

C:\Windows\System\xtuijVU.exe

C:\Windows\System\xtuijVU.exe

C:\Windows\System\WtORqVb.exe

C:\Windows\System\WtORqVb.exe

C:\Windows\System\KDwTXmw.exe

C:\Windows\System\KDwTXmw.exe

C:\Windows\System\ogKZeIZ.exe

C:\Windows\System\ogKZeIZ.exe

C:\Windows\System\PJuVMrq.exe

C:\Windows\System\PJuVMrq.exe

C:\Windows\System\SKjzwff.exe

C:\Windows\System\SKjzwff.exe

C:\Windows\System\gkHuePl.exe

C:\Windows\System\gkHuePl.exe

C:\Windows\System\hutNcsJ.exe

C:\Windows\System\hutNcsJ.exe

C:\Windows\System\DvNYsPZ.exe

C:\Windows\System\DvNYsPZ.exe

C:\Windows\System\NxHcSzC.exe

C:\Windows\System\NxHcSzC.exe

C:\Windows\System\gYMibhR.exe

C:\Windows\System\gYMibhR.exe

C:\Windows\System\InSHMvj.exe

C:\Windows\System\InSHMvj.exe

C:\Windows\System\wqGFKeA.exe

C:\Windows\System\wqGFKeA.exe

C:\Windows\System\RFcxPCf.exe

C:\Windows\System\RFcxPCf.exe

C:\Windows\System\zXwuQZc.exe

C:\Windows\System\zXwuQZc.exe

C:\Windows\System\cxcEcKX.exe

C:\Windows\System\cxcEcKX.exe

C:\Windows\System\cgCoSDA.exe

C:\Windows\System\cgCoSDA.exe

C:\Windows\System\kmFPTmn.exe

C:\Windows\System\kmFPTmn.exe

C:\Windows\System\mVyQnNV.exe

C:\Windows\System\mVyQnNV.exe

C:\Windows\System\CWvXpIW.exe

C:\Windows\System\CWvXpIW.exe

C:\Windows\System\evBmkUa.exe

C:\Windows\System\evBmkUa.exe

C:\Windows\System\rmfxesX.exe

C:\Windows\System\rmfxesX.exe

C:\Windows\System\ZFnCNSr.exe

C:\Windows\System\ZFnCNSr.exe

C:\Windows\System\tLnUaZu.exe

C:\Windows\System\tLnUaZu.exe

C:\Windows\System\seOjINL.exe

C:\Windows\System\seOjINL.exe

C:\Windows\System\zqTFXkf.exe

C:\Windows\System\zqTFXkf.exe

C:\Windows\System\DLDlsag.exe

C:\Windows\System\DLDlsag.exe

C:\Windows\System\GRodBYJ.exe

C:\Windows\System\GRodBYJ.exe

C:\Windows\System\ZwhnPtb.exe

C:\Windows\System\ZwhnPtb.exe

C:\Windows\System\AvPpMts.exe

C:\Windows\System\AvPpMts.exe

C:\Windows\System\rJYuHGP.exe

C:\Windows\System\rJYuHGP.exe

C:\Windows\System\sLyiSkW.exe

C:\Windows\System\sLyiSkW.exe

C:\Windows\System\fILMTRQ.exe

C:\Windows\System\fILMTRQ.exe

C:\Windows\System\uyRJfUq.exe

C:\Windows\System\uyRJfUq.exe

C:\Windows\System\TyGnQrv.exe

C:\Windows\System\TyGnQrv.exe

C:\Windows\System\uUrXxSl.exe

C:\Windows\System\uUrXxSl.exe

C:\Windows\System\cIeKLib.exe

C:\Windows\System\cIeKLib.exe

C:\Windows\System\vZffjzB.exe

C:\Windows\System\vZffjzB.exe

C:\Windows\System\pioBdwC.exe

C:\Windows\System\pioBdwC.exe

C:\Windows\System\GLVSGox.exe

C:\Windows\System\GLVSGox.exe

C:\Windows\System\wbzIMid.exe

C:\Windows\System\wbzIMid.exe

C:\Windows\System\nUbXlEv.exe

C:\Windows\System\nUbXlEv.exe

C:\Windows\System\ViqGXzT.exe

C:\Windows\System\ViqGXzT.exe

C:\Windows\System\rPRGEjr.exe

C:\Windows\System\rPRGEjr.exe

C:\Windows\System\pBDUSkD.exe

C:\Windows\System\pBDUSkD.exe

C:\Windows\System\efXsbub.exe

C:\Windows\System\efXsbub.exe

C:\Windows\System\NBytxtG.exe

C:\Windows\System\NBytxtG.exe

C:\Windows\System\rBdZNXj.exe

C:\Windows\System\rBdZNXj.exe

C:\Windows\System\afokxBq.exe

C:\Windows\System\afokxBq.exe

C:\Windows\System\uTWmaRq.exe

C:\Windows\System\uTWmaRq.exe

C:\Windows\System\ZqtdnYn.exe

C:\Windows\System\ZqtdnYn.exe

C:\Windows\System\dylORVK.exe

C:\Windows\System\dylORVK.exe

C:\Windows\System\HWQVcfQ.exe

C:\Windows\System\HWQVcfQ.exe

C:\Windows\System\mkPvXlj.exe

C:\Windows\System\mkPvXlj.exe

C:\Windows\System\zNdEPgA.exe

C:\Windows\System\zNdEPgA.exe

C:\Windows\System\lhymfxE.exe

C:\Windows\System\lhymfxE.exe

C:\Windows\System\aMBDSxa.exe

C:\Windows\System\aMBDSxa.exe

C:\Windows\System\GrkrAvs.exe

C:\Windows\System\GrkrAvs.exe

C:\Windows\System\SslCJCc.exe

C:\Windows\System\SslCJCc.exe

C:\Windows\System\BZDpBQX.exe

C:\Windows\System\BZDpBQX.exe

C:\Windows\System\rfvStWs.exe

C:\Windows\System\rfvStWs.exe

C:\Windows\System\EHzrAXH.exe

C:\Windows\System\EHzrAXH.exe

C:\Windows\System\vYTKnCy.exe

C:\Windows\System\vYTKnCy.exe

C:\Windows\System\inAyvRl.exe

C:\Windows\System\inAyvRl.exe

C:\Windows\System\CJnGsRk.exe

C:\Windows\System\CJnGsRk.exe

C:\Windows\System\ejXJTaV.exe

C:\Windows\System\ejXJTaV.exe

C:\Windows\System\OzqAtZF.exe

C:\Windows\System\OzqAtZF.exe

C:\Windows\System\rdTPcfa.exe

C:\Windows\System\rdTPcfa.exe

C:\Windows\System\YGgBDLO.exe

C:\Windows\System\YGgBDLO.exe

C:\Windows\System\zNlaled.exe

C:\Windows\System\zNlaled.exe

C:\Windows\System\uNRwHEQ.exe

C:\Windows\System\uNRwHEQ.exe

C:\Windows\System\doFdyqG.exe

C:\Windows\System\doFdyqG.exe

C:\Windows\System\MWJsoNd.exe

C:\Windows\System\MWJsoNd.exe

C:\Windows\System\DelDinz.exe

C:\Windows\System\DelDinz.exe

C:\Windows\System\WqoWPqa.exe

C:\Windows\System\WqoWPqa.exe

C:\Windows\System\kRscCYc.exe

C:\Windows\System\kRscCYc.exe

C:\Windows\System\kGYngUT.exe

C:\Windows\System\kGYngUT.exe

C:\Windows\System\UgrKtUQ.exe

C:\Windows\System\UgrKtUQ.exe

C:\Windows\System\JCsoJGv.exe

C:\Windows\System\JCsoJGv.exe

C:\Windows\System\VbMFmrR.exe

C:\Windows\System\VbMFmrR.exe

C:\Windows\System\hOXguXS.exe

C:\Windows\System\hOXguXS.exe

C:\Windows\System\azJVjZH.exe

C:\Windows\System\azJVjZH.exe

C:\Windows\System\ugdhqla.exe

C:\Windows\System\ugdhqla.exe

C:\Windows\System\GxMpcXg.exe

C:\Windows\System\GxMpcXg.exe

C:\Windows\System\JOgLKhf.exe

C:\Windows\System\JOgLKhf.exe

C:\Windows\System\WoeGMYW.exe

C:\Windows\System\WoeGMYW.exe

C:\Windows\System\RQyIYEo.exe

C:\Windows\System\RQyIYEo.exe

C:\Windows\System\YiIPnGx.exe

C:\Windows\System\YiIPnGx.exe

C:\Windows\System\SeoGKup.exe

C:\Windows\System\SeoGKup.exe

C:\Windows\System\bpyRiJV.exe

C:\Windows\System\bpyRiJV.exe

C:\Windows\System\bdwzaFu.exe

C:\Windows\System\bdwzaFu.exe

C:\Windows\System\bIQqZSj.exe

C:\Windows\System\bIQqZSj.exe

C:\Windows\System\iubgfie.exe

C:\Windows\System\iubgfie.exe

C:\Windows\System\oNqULJF.exe

C:\Windows\System\oNqULJF.exe

C:\Windows\System\APidLBw.exe

C:\Windows\System\APidLBw.exe

C:\Windows\System\YjZPBOv.exe

C:\Windows\System\YjZPBOv.exe

C:\Windows\System\llgphPv.exe

C:\Windows\System\llgphPv.exe

C:\Windows\System\pMYfYyz.exe

C:\Windows\System\pMYfYyz.exe

C:\Windows\System\CWuAqXz.exe

C:\Windows\System\CWuAqXz.exe

C:\Windows\System\JfpPLjd.exe

C:\Windows\System\JfpPLjd.exe

C:\Windows\System\PgoBFOL.exe

C:\Windows\System\PgoBFOL.exe

C:\Windows\System\SlBFdYv.exe

C:\Windows\System\SlBFdYv.exe

C:\Windows\System\himCRhD.exe

C:\Windows\System\himCRhD.exe

C:\Windows\System\qcGWUKo.exe

C:\Windows\System\qcGWUKo.exe

C:\Windows\System\PeRwfIs.exe

C:\Windows\System\PeRwfIs.exe

C:\Windows\System\zwlRDkJ.exe

C:\Windows\System\zwlRDkJ.exe

C:\Windows\System\AamLpWN.exe

C:\Windows\System\AamLpWN.exe

C:\Windows\System\ZjzSlBd.exe

C:\Windows\System\ZjzSlBd.exe

C:\Windows\System\xSzCRPl.exe

C:\Windows\System\xSzCRPl.exe

C:\Windows\System\LqYCRpK.exe

C:\Windows\System\LqYCRpK.exe

C:\Windows\System\TQDALsN.exe

C:\Windows\System\TQDALsN.exe

C:\Windows\System\pBwchyG.exe

C:\Windows\System\pBwchyG.exe

C:\Windows\System\LqfqjEl.exe

C:\Windows\System\LqfqjEl.exe

C:\Windows\System\YxYlzSW.exe

C:\Windows\System\YxYlzSW.exe

C:\Windows\System\hRNfiMD.exe

C:\Windows\System\hRNfiMD.exe

C:\Windows\System\pWoRJpL.exe

C:\Windows\System\pWoRJpL.exe

C:\Windows\System\fYnAALa.exe

C:\Windows\System\fYnAALa.exe

C:\Windows\System\qgyefpa.exe

C:\Windows\System\qgyefpa.exe

C:\Windows\System\hPJalyT.exe

C:\Windows\System\hPJalyT.exe

C:\Windows\System\qIxpLPp.exe

C:\Windows\System\qIxpLPp.exe

C:\Windows\System\wQECgrW.exe

C:\Windows\System\wQECgrW.exe

C:\Windows\System\UdvmlgE.exe

C:\Windows\System\UdvmlgE.exe

C:\Windows\System\erRmpjL.exe

C:\Windows\System\erRmpjL.exe

C:\Windows\System\IXOGRCG.exe

C:\Windows\System\IXOGRCG.exe

C:\Windows\System\QJbkxdP.exe

C:\Windows\System\QJbkxdP.exe

C:\Windows\System\WlwtOzD.exe

C:\Windows\System\WlwtOzD.exe

C:\Windows\System\sSHrgOO.exe

C:\Windows\System\sSHrgOO.exe

C:\Windows\System\WFdJLUS.exe

C:\Windows\System\WFdJLUS.exe

C:\Windows\System\tdQdwOo.exe

C:\Windows\System\tdQdwOo.exe

C:\Windows\System\FZVTKCi.exe

C:\Windows\System\FZVTKCi.exe

C:\Windows\System\ESsEjpg.exe

C:\Windows\System\ESsEjpg.exe

C:\Windows\System\mEXoXRV.exe

C:\Windows\System\mEXoXRV.exe

C:\Windows\System\lhifvWr.exe

C:\Windows\System\lhifvWr.exe

C:\Windows\System\DOTWpxb.exe

C:\Windows\System\DOTWpxb.exe

C:\Windows\System\skwEaha.exe

C:\Windows\System\skwEaha.exe

C:\Windows\System\QdsxgZf.exe

C:\Windows\System\QdsxgZf.exe

C:\Windows\System\iNAELwi.exe

C:\Windows\System\iNAELwi.exe

C:\Windows\System\tFHUkzS.exe

C:\Windows\System\tFHUkzS.exe

C:\Windows\System\iMDujzU.exe

C:\Windows\System\iMDujzU.exe

C:\Windows\System\jPaDxtX.exe

C:\Windows\System\jPaDxtX.exe

C:\Windows\System\EYHykkM.exe

C:\Windows\System\EYHykkM.exe

C:\Windows\System\sflzaIW.exe

C:\Windows\System\sflzaIW.exe

C:\Windows\System\PdMEwTs.exe

C:\Windows\System\PdMEwTs.exe

C:\Windows\System\fAmCIFA.exe

C:\Windows\System\fAmCIFA.exe

C:\Windows\System\UjKniUJ.exe

C:\Windows\System\UjKniUJ.exe

C:\Windows\System\EFgBxvb.exe

C:\Windows\System\EFgBxvb.exe

C:\Windows\System\ohCuIGx.exe

C:\Windows\System\ohCuIGx.exe

C:\Windows\System\BdVuloo.exe

C:\Windows\System\BdVuloo.exe

C:\Windows\System\HMzZhFa.exe

C:\Windows\System\HMzZhFa.exe

C:\Windows\System\nRAIeiO.exe

C:\Windows\System\nRAIeiO.exe

C:\Windows\System\hhGJVho.exe

C:\Windows\System\hhGJVho.exe

C:\Windows\System\kjYegQk.exe

C:\Windows\System\kjYegQk.exe

C:\Windows\System\jlRJERw.exe

C:\Windows\System\jlRJERw.exe

C:\Windows\System\mKNzZyy.exe

C:\Windows\System\mKNzZyy.exe

C:\Windows\System\wWkQXlW.exe

C:\Windows\System\wWkQXlW.exe

C:\Windows\System\AxbmTIU.exe

C:\Windows\System\AxbmTIU.exe

C:\Windows\System\XAXrsOH.exe

C:\Windows\System\XAXrsOH.exe

C:\Windows\System\cKYeZav.exe

C:\Windows\System\cKYeZav.exe

C:\Windows\System\FWIvFjc.exe

C:\Windows\System\FWIvFjc.exe

C:\Windows\System\hmNYKUZ.exe

C:\Windows\System\hmNYKUZ.exe

C:\Windows\System\tafzDCw.exe

C:\Windows\System\tafzDCw.exe

C:\Windows\System\UbEiPsw.exe

C:\Windows\System\UbEiPsw.exe

C:\Windows\System\qVQsXjM.exe

C:\Windows\System\qVQsXjM.exe

C:\Windows\System\DiRQbCc.exe

C:\Windows\System\DiRQbCc.exe

C:\Windows\System\tlyKUky.exe

C:\Windows\System\tlyKUky.exe

C:\Windows\System\eECWPiG.exe

C:\Windows\System\eECWPiG.exe

C:\Windows\System\FDmlDUi.exe

C:\Windows\System\FDmlDUi.exe

C:\Windows\System\LhKelVD.exe

C:\Windows\System\LhKelVD.exe

C:\Windows\System\ENFcGYj.exe

C:\Windows\System\ENFcGYj.exe

C:\Windows\System\yFrdPre.exe

C:\Windows\System\yFrdPre.exe

C:\Windows\System\ZoAlaig.exe

C:\Windows\System\ZoAlaig.exe

C:\Windows\System\qMasPtC.exe

C:\Windows\System\qMasPtC.exe

C:\Windows\System\NQBXmtF.exe

C:\Windows\System\NQBXmtF.exe

C:\Windows\System\eAjLWCC.exe

C:\Windows\System\eAjLWCC.exe

C:\Windows\System\EoycHSd.exe

C:\Windows\System\EoycHSd.exe

C:\Windows\System\krejJPt.exe

C:\Windows\System\krejJPt.exe

C:\Windows\System\jpyDUgs.exe

C:\Windows\System\jpyDUgs.exe

C:\Windows\System\SfmCutl.exe

C:\Windows\System\SfmCutl.exe

C:\Windows\System\KyHUgmk.exe

C:\Windows\System\KyHUgmk.exe

C:\Windows\System\ESXbyxK.exe

C:\Windows\System\ESXbyxK.exe

C:\Windows\System\kwzCSKj.exe

C:\Windows\System\kwzCSKj.exe

C:\Windows\System\ISjaqZa.exe

C:\Windows\System\ISjaqZa.exe

C:\Windows\System\LXphFaw.exe

C:\Windows\System\LXphFaw.exe

C:\Windows\System\GBmEUJG.exe

C:\Windows\System\GBmEUJG.exe

C:\Windows\System\PCqxeSQ.exe

C:\Windows\System\PCqxeSQ.exe

C:\Windows\System\CwbDrvS.exe

C:\Windows\System\CwbDrvS.exe

C:\Windows\System\cdoiQdD.exe

C:\Windows\System\cdoiQdD.exe

C:\Windows\System\TOfYprx.exe

C:\Windows\System\TOfYprx.exe

C:\Windows\System\NwVEcLc.exe

C:\Windows\System\NwVEcLc.exe

C:\Windows\System\WZiIUJv.exe

C:\Windows\System\WZiIUJv.exe

C:\Windows\System\pCsZjCK.exe

C:\Windows\System\pCsZjCK.exe

C:\Windows\System\JFNYCRx.exe

C:\Windows\System\JFNYCRx.exe

C:\Windows\System\qrqtzAk.exe

C:\Windows\System\qrqtzAk.exe

C:\Windows\System\vFPQaJp.exe

C:\Windows\System\vFPQaJp.exe

C:\Windows\System\MJsgoCf.exe

C:\Windows\System\MJsgoCf.exe

C:\Windows\System\NkZjQKz.exe

C:\Windows\System\NkZjQKz.exe

C:\Windows\System\BZtntQU.exe

C:\Windows\System\BZtntQU.exe

C:\Windows\System\ECzpUuD.exe

C:\Windows\System\ECzpUuD.exe

C:\Windows\System\iUneaUH.exe

C:\Windows\System\iUneaUH.exe

C:\Windows\System\DNdBxRw.exe

C:\Windows\System\DNdBxRw.exe

C:\Windows\System\pKpgFNb.exe

C:\Windows\System\pKpgFNb.exe

C:\Windows\System\iEGQvVo.exe

C:\Windows\System\iEGQvVo.exe

C:\Windows\System\EsZBGaD.exe

C:\Windows\System\EsZBGaD.exe

C:\Windows\System\lOihXld.exe

C:\Windows\System\lOihXld.exe

C:\Windows\System\bSrsqYo.exe

C:\Windows\System\bSrsqYo.exe

C:\Windows\System\eUWBfCk.exe

C:\Windows\System\eUWBfCk.exe

C:\Windows\System\UidakOQ.exe

C:\Windows\System\UidakOQ.exe

C:\Windows\System\TATwtww.exe

C:\Windows\System\TATwtww.exe

C:\Windows\System\YEHnNmx.exe

C:\Windows\System\YEHnNmx.exe

C:\Windows\System\eUhDBUp.exe

C:\Windows\System\eUhDBUp.exe

C:\Windows\System\smCciJM.exe

C:\Windows\System\smCciJM.exe

C:\Windows\System\xabovFO.exe

C:\Windows\System\xabovFO.exe

C:\Windows\System\ByTOpfB.exe

C:\Windows\System\ByTOpfB.exe

C:\Windows\System\VqVNYtX.exe

C:\Windows\System\VqVNYtX.exe

C:\Windows\System\oXLPkBC.exe

C:\Windows\System\oXLPkBC.exe

C:\Windows\System\iobFgrM.exe

C:\Windows\System\iobFgrM.exe

C:\Windows\System\pMMsOpI.exe

C:\Windows\System\pMMsOpI.exe

C:\Windows\System\CgNTLZm.exe

C:\Windows\System\CgNTLZm.exe

C:\Windows\System\PmeCFhq.exe

C:\Windows\System\PmeCFhq.exe

C:\Windows\System\JPIgLIk.exe

C:\Windows\System\JPIgLIk.exe

C:\Windows\System\HcewvOI.exe

C:\Windows\System\HcewvOI.exe

C:\Windows\System\LbMBjZR.exe

C:\Windows\System\LbMBjZR.exe

C:\Windows\System\xuXOlEr.exe

C:\Windows\System\xuXOlEr.exe

C:\Windows\System\gMRCMEI.exe

C:\Windows\System\gMRCMEI.exe

C:\Windows\System\zCNcQXF.exe

C:\Windows\System\zCNcQXF.exe

C:\Windows\System\bHRYAFa.exe

C:\Windows\System\bHRYAFa.exe

C:\Windows\System\YOyFMNd.exe

C:\Windows\System\YOyFMNd.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2148-0-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2148-1-0x0000000000300000-0x0000000000310000-memory.dmp

\Windows\system\caqyqRv.exe

MD5 5e19e6add97f9901b9c75fc8ec2c56d0
SHA1 83c5e5de7205af3004fc8f03784f5efd97e08a62
SHA256 f240d9465aa80f6fc14c37a85629651938f2745cf211bb6cca6fe2fe67e6edf0
SHA512 77523b2772b02b363646b04b844fccd7a299a04ee787b0a99ab5d70cc1e145bbd4f420d3cf81756445240c383c07439740b8ba433f03465995e6b18a701ecd61

memory/2148-8-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2280-9-0x000000013F470000-0x000000013F7C4000-memory.dmp

\Windows\system\dtuwtRJ.exe

MD5 2f88a6b5d9a31708f4e30927ef7a3ff2
SHA1 732b68cd8c9800472893c55a87ba1f7f3535c7ae
SHA256 e491f50df239b9194b61aa62d4135c2a13a3e9d66821e4dadf854bb6cd04bf67
SHA512 7a3b1cf657cdce25a42f72a33ad6f2556f937101c5b56873f7863c066862d687343fd3e8edb65e8e5158507cdc09df3f4fc28d22cd28c50bbb7e98e3cc00ae30

memory/3032-14-0x000000013F5D0000-0x000000013F924000-memory.dmp

\Windows\system\rRMVaDS.exe

MD5 08d8667530688cf3030978c78cd55d6e
SHA1 4c299df53a4a36d6ab4fe572e5231028b81afade
SHA256 ca5052e1d6f411416d9f2101eb5a9410cd090c2bae393296c7540b792ee060da
SHA512 f5b565306dbcbe6ae9b01d2ee37002b403e5b59ece96abbcb3e087f39062442134003ccc9f7d65051d76aac2433678560971a41f7884ba8e3ff97f7f7e53c789

memory/3052-22-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/2148-21-0x000000013FF80000-0x00000001402D4000-memory.dmp

\Windows\system\zxoxwYv.exe

MD5 b95b3f1af4b611fdfaa06e6d7911baed
SHA1 901d54dd1dd2623c59a762908e890e47bda3ce4d
SHA256 101e885a191dc129ef327231a93c6171e7029a1953e13e0f74954b3e8b0a8409
SHA512 51f166c979d300e0532aaf61435d0c82540beb0be569cbc436206ccd364cd2ade65933161404b0cae3e1a90f495b5704eb0b2c466f128ca5b02ae8337935a6fc

memory/2148-28-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2740-29-0x000000013F870000-0x000000013FBC4000-memory.dmp

\Windows\system\uzMexOV.exe

MD5 251875ef27699c7deab9141ed5b0a94f
SHA1 efb9f49e7909884ff35263b2f6e6aff06c6b4c05
SHA256 1498bdda690df0ed411e6a05056260673df6fbfbe127f052a75c5cdb89e05c11
SHA512 c9c48d0339f8bb3e9a7c41b6d09f6173d224311daed4f4f1648c416a0b3f0e4d54e5c074b06e6988408285056ab8ff09050b6e598155dfa23316dbc4e118372b

memory/2148-38-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2532-43-0x000000013FE40000-0x0000000140194000-memory.dmp

\Windows\system\KfsONpZ.exe

MD5 15416484299f05d6877c5c16cc663c75
SHA1 3a7e55067ddd282a8126533781a6aa1f19fe3e9e
SHA256 3daf7385aa8a7c8e1d72aeac3a64d22b4a7baaaa70cd605b24cd585e578cdc4d
SHA512 c336178bcab5d7c618cc697cd116685e6dec7228bbbcb2b067cb0737c027f6b05ce2c3036adf78af83fd68326567249de1e279a6a2e208774bbfe442a4e94d00

memory/2148-45-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2872-42-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2148-39-0x000000013F1C0000-0x000000013F514000-memory.dmp

C:\Windows\system\RNNbQwN.exe

MD5 a6a3a98bb64b390716331015aa5bf7cc
SHA1 b2a73e820a65efad90182e4e1e573c7d180ecd18
SHA256 837d48090bb5ce92be414c8730b4991c5fb832888de0f7b5a67d5292230cb1f9
SHA512 1d45d9666d979e90ba699fbcea0d35d2b7b419f8e93716206e73866e18bdf032d2af62fa1bad2d651feea5dd8f6d4d06b6e0534aa70a89c8ba91c070a5a83242

memory/2148-49-0x000000013F810000-0x000000013FB64000-memory.dmp

\Windows\system\TyxuWYR.exe

MD5 37ac2aacb321f1368281c7d207a7642b
SHA1 0b9de9a258734937a6b67a3b19eed9c075c7e26b
SHA256 789d92ff00258a1da78b0a647fe34f819622078d4e10b8c0daa6be5facec1ee4
SHA512 44cc25205c2a6b72a16dd427120ecced161b03707490f34a82a0300dc31987aa263641781c9957c6c616766767e5e41b814cc7a9654773e635cf8f96844bfef4

memory/2148-64-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2580-69-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2540-70-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2592-68-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\RdmmuLt.exe

MD5 9e5523506622c30369df1727ef2469de
SHA1 01cb700e7fd02c3bb63c61c1f23e4ec77cbac83b
SHA256 d7cd2b97148fb4f85e6338132ad8159db07ea73e2c63477d98f6f64d33e038a7
SHA512 55e45b42915524b3dc4818525da0cffceaf9ed6927ab2d18b5aa7ef034967d7024f6e0af4356fd3cb6e8d4acac0dc90d02c81340318cf183d5e734559765714d

C:\Windows\system\vXLSOAa.exe

MD5 d601f159cef16129acf77a04189cbbb3
SHA1 a9622db8c8a783afc85134670c32117a9394ba35
SHA256 8f0048cd76cfbc86427d07e5bfbaa216070179c7d4e0d3231cd893da56a7261a
SHA512 78f004735547b211d7bac06fb1aeac94623b7e8347e245c3f1440ba8410fb099315de3fc2d6a6853ea6d6b005ad6901d3a0051067221a585d719bd5984e4853f

memory/2840-58-0x000000013F660000-0x000000013F9B4000-memory.dmp

\Windows\system\WHcxUse.exe

MD5 9bfa5aaeaa0df19b4507a70d8b4f1926
SHA1 2094e8950d67f6d48da7f51dcd597614acbc0406
SHA256 b3355c322d2869097e0f8afaac21c5928cec757102c787773bad92efc7361833
SHA512 114e8ca2610abed1391d9d82f7880ec274fcb9a278eaa9cadde1160f7bdc469ebc3f961afb4ba961c7fad0333f66dc11c2ff12228ef2c8d5e40d58ffa6be1e59

C:\Windows\system\ODZEMCX.exe

MD5 eb4cb754b4f5908cdab12d2bd69fa9b2
SHA1 f7e8c84a362d45f4fe168031a373adf8765f5775
SHA256 825464197899278504b9f92d46d516451ad84346d290bedb878fb2677d36f8d2
SHA512 faaddca545581aa458d1819a4ba910fd8b1d625ebdfd6a9c42ad1c31b32bd01027b2507d0dfebcaca0071449522cb6acbb6a6bce3bf131a454a9b69e4f5c1218

memory/2148-82-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2008-84-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/3032-80-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/1812-78-0x000000013FA80000-0x000000013FDD4000-memory.dmp

\Windows\system\wYbnaBF.exe

MD5 6edb568b3ea269489fd571c08e7a1a6e
SHA1 a7db7869265d98e79ea60e070a507106fccf6f40
SHA256 8b099c20ecf49ffe1d52c7afa7703df64350cf1602e6f3c1878c13b9bf317ed0
SHA512 cbad5f0934da4ff43d7fbe00ec8682af869920cb9cbcc4ef7f9017b67d62487daa32d0a8cbe04a10fc41c2ff8772c480e190f227ba9eef41f36a3f97a3f304c9

memory/2148-88-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2616-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2872-91-0x000000013F1C0000-0x000000013F514000-memory.dmp

C:\Windows\system\ULyADbT.exe

MD5 0d75d75c0a678cb78830d217ff211750
SHA1 35becf47d891ff8e345c0820b5208303f4deacf2
SHA256 a38f78e220d044bbbfaeee06ad0669344e7582de9cd79430fcb1011a85a6af28
SHA512 743c0aebcb44cd19f4dfd4166ee4b5ad3a293bfe836b8be57a8431fdeadadc7e6b89aec26aceacb3909c7a807f37de99ff57986ec48f8189a929d6940f369b20

\Windows\system\IzvdYsn.exe

MD5 75adddf3e865cc821298f9e781ac0027
SHA1 fb51f19be851b8aa530bfde985c6c55176bf6883
SHA256 96a9b6c8c0189441005f98e4e6c19a09b3f2c026f5ae2b8e766580a699a3c175
SHA512 5c40a0bf9f7b28abc36cdc9cc2f8ea43b8d81b7cfb72ceb8ac8270b0a28415bc31aa7e3e506a788c733da0e85eb8ed14eacfee7f4e2c249de960d7b728a64ff4

memory/2148-105-0x0000000001E10000-0x0000000002164000-memory.dmp

\Windows\system\EqhirOK.exe

MD5 9872a8e606f992e3897fa70a3d98d838
SHA1 21f371769ad9822111d11f64af68327f691e981c
SHA256 77e6732b8e040947ac12030efbcb791b1e74fff819d4612e6360a3fec0093bd8
SHA512 91ae805948210b6fc157a2042dcc417ce9b2cb82cd5df06c57e468b067fed8929a357322020a80ab5e544e0a1b137b10260cef6b2328d1df001d8aee92887c39

C:\Windows\system\obwpiFi.exe

MD5 d95c7aada9d0c1800eee8c7f19922aa9
SHA1 2f261eac2fb30977b2b1b8a119d544ecc152803a
SHA256 94743eb7c222f6d5a22d5d0173eefb124cbf24fc43847179698332d415425b3a
SHA512 dc5a0cabd231961403cffd85b49a8d7c2a4ff92352108cf93806e58437a7f6d731ebfff1942d780bff7caceeb2e516d55b0fbe879fabc9e9b487d674998ae944

C:\Windows\system\GfoTcvQ.exe

MD5 c566a0944f4f00e3a21a7d3a6eece9e6
SHA1 6570eef1b0ec04b681d045135bb9fe0864be6612
SHA256 4113f2192dadf2d50090b464a539427a46e94b025d07d43e465e7ddddcce5541
SHA512 316dd798313d5688d97debfccf9d9c7ab9db9736a8f8820c93087a24ea8096538766820078220e22f4465944080b099c177bf2c10b1c192524303faff225e10c

C:\Windows\system\JgJHZOK.exe

MD5 a132cad681b0c3de7913d01619f93672
SHA1 0621415e332a93121ba364ca299b6a88e3c81029
SHA256 f16a9d72e1b4da1d190a8e3aecc263300f0d00fe216aec6a4d7ebc6df8286a54
SHA512 58c2234b14b472cee45955dcb39d9a9c115f98dd4fedbeb6f534a657bb0785677791a102bbb620e7bb2b2768910da5b02962b4b808842b44b8f9c088ed6783ea

C:\Windows\system\IokMlcT.exe

MD5 d78e098efd712e31fccbf147c3305619
SHA1 c0cb1e75f7e3c969d965fb5e2134dbb8f137004c
SHA256 92a0ee16ffdf5a154e50922fb0bbe8d873c559c33db4b74582e916765d449b92
SHA512 f53589acbf29d230e31cd98acbb8adb054f54931c4c9cba0f4b4ba9278f5cebcdfc2e7f964403bd556b2e56b24c271da4b1f796b3262edba612dafd00efbfc66

\Windows\system\CCAUgOU.exe

MD5 170c7d9060a38d7b16a4099ce6bff463
SHA1 7cab48c7bf5aa0713409a3d5feebb2048c7f6963
SHA256 796d205dbb632fadc39b5ce09a0b09ca723158649bf7fa8220b0f68703ae7d3c
SHA512 93a357c62a9ad8d81aee991b3a185c6e8e3b6f2b6ec5ed6308a9e42be59c7ba582e8ab06a56fd722a0ab73763cdf9731f034eb6492502c84bd5cf7dde3df7833

C:\Windows\system\qwmOAKj.exe

MD5 8186a1bfd0f7e95d4abfbeb79ccad222
SHA1 a2e789a5f19f104c969ddfada90604fd9672685c
SHA256 e9235b6aebb9da9864b1ffef54493629cb72418dda2c44369737d4dbf0f8816c
SHA512 e30fb78c926ebee4b9bfa2a28fdafb69b7d117453b224c4d46a00247db249ee400520c34193518d2d7c182f540c1087a82c68df7ee2c6d3808d3cc0d0da13de1

C:\Windows\system\NBSyWpe.exe

MD5 acd8ad47329bde8a86b5bd02a1252b7b
SHA1 5bb1710b011c687986753ba0bce7ae967bb5e216
SHA256 acf4d0c80faf320eed51741ec2ef294428ff55b61e6aab167f8e8814b3923adf
SHA512 a146b6001b44603198809f2276abb449199aeaff70c77bf79d8bb83c8e76a9a044aba9d46b01943503082b2c17d6864bbeb4c4c522188f6c65a9a9a72152c6b6

C:\Windows\system\hKfQIWU.exe

MD5 5a9783ca6e00d1ebb36f66a458a82980
SHA1 afbd579ab4cd4bca7b08298c5c90fd526ff08591
SHA256 d68aedf3f0f838a876272a002e2654e3fa292724ccd5c87438344c52e02b8855
SHA512 a3bccdbd40ea3d72ad2ccbf286b1c75f24077b35b3f4d8421c4a57cebeda1b5d17150cab0ce9cded421d188ce8b81afa08875d075b88d1dfa60c0a5768440bf7

C:\Windows\system\SSIsZfI.exe

MD5 f2064d0c33394b5ce0841b5148071371
SHA1 edd4f010ab8bbefbc0bcd32817b882671c2d235f
SHA256 fd31c14666c3a67a3d50f448b0bfe97cd8fd9f0fdb8dc03d6c02450072c98d22
SHA512 52f5c8de86ce7d757dbeaf6160ebb5cc286533b5446f7ed5934fc22fc009cd30bc9d650a3f02c65229cfdc2d1d249acb3f5b696d731070b57552ee76cb5e8ccd

C:\Windows\system\yOBIrzQ.exe

MD5 7b4da3a5508648be1989636f2ea2b804
SHA1 2a0f8f0e8b30752cdf8dc60113e06c022f379774
SHA256 ee5f2c032de88389ddbf5d9c610b7b8ecc2e48a04902ad847df9ddb49201d002
SHA512 a8a5e4dc159b550a47847e8852b11454f8679b2f4327b796ba35f5203406bc573e9631a5467599e417e0e421b1840be2225bff214feb4a9655aef98252144074

C:\Windows\system\siqudMC.exe

MD5 de76264739f2d5550cc3824cf483f988
SHA1 a6fb56cc64bb4aaa46afde54aceff5835cf18ba7
SHA256 c643238aceda56ab68997d8ee1c7c4dc43a0f62c070ec08425b4b2faafc7122b
SHA512 efb2daf204289c0a12d07cd4fb1ba1361bf538f987cab17c1b02623560733512b713c7716d18d5423d7d3840f72e84f54595288e37b59f63c1d55ebe6cc1afdf

C:\Windows\system\iAQMLHA.exe

MD5 073eb2fb915bb6f353c56c7da6320574
SHA1 a3abeaa996d27bcb282ccaebe9fd3cc46651c49d
SHA256 fe2cee977bb73ba837864b8fbe0bc7dd9c38fc09c21652326a4be168f038035a
SHA512 d88aa2063129ae9637c78b019679e472d0eb59ce5c0e7f7e9210581c93faff449a7e98f0570c09d98feac104c65890a209c42fe5d687b7d70f68a2567a1ad16e

C:\Windows\system\DCNZtGN.exe

MD5 6bf86fc2498203cb8df6925256491272
SHA1 429fa6c7e32636296e87b4eb4516bb05137876c7
SHA256 08f956bbabbb69ebf7ee450eef87c6ab2cb653b16822ad980a2dea17bca01a30
SHA512 0c87e0818c6200b11ae2ee8e139b37c5670ce07a9f5ab8ad79f37184e19c191afc6d3842e5612109d87854998a7f94620b1390e08c4d95c1d6cdec0306f842e2

C:\Windows\system\IaZmLeR.exe

MD5 43ec417cb688cdd110846308981d2c33
SHA1 a2c6660bdc45c378d1a23886610797ddf45f70e9
SHA256 c27e8e9ad194e153b75c16529404d094a55c2a292a195924494979c1b68f77c3
SHA512 675aec0bbacb20152cad01fbbba391747a7e2268fb0555e12f81f004910640a02b91146d3d10a46249dd5ccff265aff6237475f0627e3b07c6de2c965a4a3959

C:\Windows\system\HnKjpSA.exe

MD5 71964c957ede41642dab4818adf4a57c
SHA1 22486fa4e6d14f19f4e0a89c647028fc2425496d
SHA256 4226e15223c0df54ffdb8ba46ac52d0b6bab04c971ccb4fe6a14787d8c6709fd
SHA512 7a9e2e2918a0c2c4bf4e0637b607ef33ac4bdcbd27efb0880989c2d12db8ee47a178c6627f945b4884f0339453146874c459d185d019aee8cbad43173a9b0d8b

C:\Windows\system\LFAOHkG.exe

MD5 5fa35f3870d06fe5b8b94e981b0fa53e
SHA1 42de9744d7d861d411e99d52f0d3071fd4e31234
SHA256 b7240320171471f90b82183db78087d3d3f3980edbd895aecc3e8a69aa50b66e
SHA512 101aa2d346e91af39cc605103ad65457ab8e083d9b929a2f75c302a8e9552db91338e19843420bd4418ec3790b6f910591123df68e2edc0f3c830e95e65b8102

memory/2860-104-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2148-103-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2148-855-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1070-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1071-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1072-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1073-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1074-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2148-1075-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2280-1076-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/3032-1077-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/3052-1078-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/2740-1079-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2532-1081-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2872-1080-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2840-1082-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2580-1083-0x000000013FB40000-0x000000013FE94000-memory.dmp

memory/2592-1084-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2540-1085-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/1812-1086-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2008-1087-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2616-1088-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2860-1089-0x000000013F340000-0x000000013F694000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 00:06

Reported

2024-06-07 00:09

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\vUgmiNu.exe N/A
N/A N/A C:\Windows\System\gDHMGND.exe N/A
N/A N/A C:\Windows\System\dMszQWt.exe N/A
N/A N/A C:\Windows\System\PMTYSic.exe N/A
N/A N/A C:\Windows\System\SrnxoRx.exe N/A
N/A N/A C:\Windows\System\QcnJtAq.exe N/A
N/A N/A C:\Windows\System\RVTIJPE.exe N/A
N/A N/A C:\Windows\System\LmiBMlO.exe N/A
N/A N/A C:\Windows\System\YsOxQAU.exe N/A
N/A N/A C:\Windows\System\IpWCokC.exe N/A
N/A N/A C:\Windows\System\IqUSCqA.exe N/A
N/A N/A C:\Windows\System\GwsjMsm.exe N/A
N/A N/A C:\Windows\System\iOkOzqp.exe N/A
N/A N/A C:\Windows\System\ZHfcoxZ.exe N/A
N/A N/A C:\Windows\System\tNsHTLW.exe N/A
N/A N/A C:\Windows\System\OsAPzKL.exe N/A
N/A N/A C:\Windows\System\cvuQalV.exe N/A
N/A N/A C:\Windows\System\xSAihgO.exe N/A
N/A N/A C:\Windows\System\qbtmTAV.exe N/A
N/A N/A C:\Windows\System\oGEeoAf.exe N/A
N/A N/A C:\Windows\System\YJxBTXN.exe N/A
N/A N/A C:\Windows\System\sJUUrKz.exe N/A
N/A N/A C:\Windows\System\ULAeMBb.exe N/A
N/A N/A C:\Windows\System\CmEJlFF.exe N/A
N/A N/A C:\Windows\System\uMENFrT.exe N/A
N/A N/A C:\Windows\System\afKOtUi.exe N/A
N/A N/A C:\Windows\System\fzOjtGr.exe N/A
N/A N/A C:\Windows\System\CJgxEdW.exe N/A
N/A N/A C:\Windows\System\hjoxtcY.exe N/A
N/A N/A C:\Windows\System\npSisxX.exe N/A
N/A N/A C:\Windows\System\NbQXCSA.exe N/A
N/A N/A C:\Windows\System\LXSxQhu.exe N/A
N/A N/A C:\Windows\System\syDDGxt.exe N/A
N/A N/A C:\Windows\System\eFCDHVR.exe N/A
N/A N/A C:\Windows\System\iYOyHro.exe N/A
N/A N/A C:\Windows\System\ybjjtVJ.exe N/A
N/A N/A C:\Windows\System\fVKxsnS.exe N/A
N/A N/A C:\Windows\System\tALPVTL.exe N/A
N/A N/A C:\Windows\System\DWqlsPs.exe N/A
N/A N/A C:\Windows\System\Afpdwls.exe N/A
N/A N/A C:\Windows\System\yGpKZGj.exe N/A
N/A N/A C:\Windows\System\zmvAQMW.exe N/A
N/A N/A C:\Windows\System\JMNlNEw.exe N/A
N/A N/A C:\Windows\System\smzazBC.exe N/A
N/A N/A C:\Windows\System\YxqwMxw.exe N/A
N/A N/A C:\Windows\System\WErtbDW.exe N/A
N/A N/A C:\Windows\System\IoMlasv.exe N/A
N/A N/A C:\Windows\System\EdaYlSj.exe N/A
N/A N/A C:\Windows\System\ZMNwIZw.exe N/A
N/A N/A C:\Windows\System\lQGHTuf.exe N/A
N/A N/A C:\Windows\System\fUUpLSE.exe N/A
N/A N/A C:\Windows\System\AhMRjxA.exe N/A
N/A N/A C:\Windows\System\ZzULCXw.exe N/A
N/A N/A C:\Windows\System\FkLhOhj.exe N/A
N/A N/A C:\Windows\System\lctOwtH.exe N/A
N/A N/A C:\Windows\System\awJoSbf.exe N/A
N/A N/A C:\Windows\System\KoWXaoJ.exe N/A
N/A N/A C:\Windows\System\dPbpidB.exe N/A
N/A N/A C:\Windows\System\XILrtFn.exe N/A
N/A N/A C:\Windows\System\KMquaQx.exe N/A
N/A N/A C:\Windows\System\UOlRjBu.exe N/A
N/A N/A C:\Windows\System\bxvztsK.exe N/A
N/A N/A C:\Windows\System\sifRnfn.exe N/A
N/A N/A C:\Windows\System\ZTtMBqT.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QGwPUAM.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\usCnHSv.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEQYVdD.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\smzazBC.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOPGigz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\MAUhNLT.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYKjRqV.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFCDHVR.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrpDPTk.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQwnlHV.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptFmYRI.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBXJkYt.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfZFLdG.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\qbtmTAV.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMENFrT.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\fzIcMsp.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbHrmas.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlvTlkY.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLwruaz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\tALPVTL.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWXktDB.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgONbro.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpEBrMr.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mIqiriy.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGkrDKP.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjOUArD.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\kckLXci.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbQXCSA.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDOedoY.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\aHVucBX.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVHuXoY.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsAPzKL.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\syDDGxt.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMgalpx.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKbzIVf.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJqWQzh.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\vUgmiNu.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\afKOtUi.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpNjELF.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlSipPW.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOiBujp.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\wybhqCz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\PMpHsti.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULAeMBb.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJgxEdW.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpWCokC.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YxqwMxw.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGkXxPJ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIHpKMr.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuAVZMK.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTSuPmJ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIyxXZe.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXqHjqQ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOZlTGm.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLWgbxI.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\caIJMhE.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\rjtwxAK.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfLlFBA.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDNdcXy.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVAqqlZ.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACpRiNW.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\FRfLRij.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCBzKLz.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJxBTXN.exe C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4848 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\vUgmiNu.exe
PID 4848 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\vUgmiNu.exe
PID 4848 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\gDHMGND.exe
PID 4848 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\gDHMGND.exe
PID 4848 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\dMszQWt.exe
PID 4848 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\dMszQWt.exe
PID 4848 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\PMTYSic.exe
PID 4848 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\PMTYSic.exe
PID 4848 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\SrnxoRx.exe
PID 4848 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\SrnxoRx.exe
PID 4848 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\QcnJtAq.exe
PID 4848 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\QcnJtAq.exe
PID 4848 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RVTIJPE.exe
PID 4848 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\RVTIJPE.exe
PID 4848 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LmiBMlO.exe
PID 4848 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LmiBMlO.exe
PID 4848 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\YsOxQAU.exe
PID 4848 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\YsOxQAU.exe
PID 4848 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IpWCokC.exe
PID 4848 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IpWCokC.exe
PID 4848 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IqUSCqA.exe
PID 4848 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\IqUSCqA.exe
PID 4848 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\GwsjMsm.exe
PID 4848 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\GwsjMsm.exe
PID 4848 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\iOkOzqp.exe
PID 4848 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\iOkOzqp.exe
PID 4848 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ZHfcoxZ.exe
PID 4848 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ZHfcoxZ.exe
PID 4848 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\tNsHTLW.exe
PID 4848 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\tNsHTLW.exe
PID 4848 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\OsAPzKL.exe
PID 4848 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\OsAPzKL.exe
PID 4848 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\cvuQalV.exe
PID 4848 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\cvuQalV.exe
PID 4848 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\xSAihgO.exe
PID 4848 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\xSAihgO.exe
PID 4848 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\qbtmTAV.exe
PID 4848 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\qbtmTAV.exe
PID 4848 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\oGEeoAf.exe
PID 4848 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\oGEeoAf.exe
PID 4848 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\YJxBTXN.exe
PID 4848 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\YJxBTXN.exe
PID 4848 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\sJUUrKz.exe
PID 4848 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\sJUUrKz.exe
PID 4848 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ULAeMBb.exe
PID 4848 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\ULAeMBb.exe
PID 4848 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\CmEJlFF.exe
PID 4848 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\CmEJlFF.exe
PID 4848 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\uMENFrT.exe
PID 4848 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\uMENFrT.exe
PID 4848 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\afKOtUi.exe
PID 4848 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\afKOtUi.exe
PID 4848 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\fzOjtGr.exe
PID 4848 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\fzOjtGr.exe
PID 4848 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\CJgxEdW.exe
PID 4848 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\CJgxEdW.exe
PID 4848 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\hjoxtcY.exe
PID 4848 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\hjoxtcY.exe
PID 4848 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\npSisxX.exe
PID 4848 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\npSisxX.exe
PID 4848 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\NbQXCSA.exe
PID 4848 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\NbQXCSA.exe
PID 4848 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LXSxQhu.exe
PID 4848 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe C:\Windows\System\LXSxQhu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2694f7dfcaa1a6a54ebae1b66ccad890_NeikiAnalytics.exe"

C:\Windows\System\vUgmiNu.exe

C:\Windows\System\vUgmiNu.exe

C:\Windows\System\gDHMGND.exe

C:\Windows\System\gDHMGND.exe

C:\Windows\System\dMszQWt.exe

C:\Windows\System\dMszQWt.exe

C:\Windows\System\PMTYSic.exe

C:\Windows\System\PMTYSic.exe

C:\Windows\System\SrnxoRx.exe

C:\Windows\System\SrnxoRx.exe

C:\Windows\System\QcnJtAq.exe

C:\Windows\System\QcnJtAq.exe

C:\Windows\System\RVTIJPE.exe

C:\Windows\System\RVTIJPE.exe

C:\Windows\System\LmiBMlO.exe

C:\Windows\System\LmiBMlO.exe

C:\Windows\System\YsOxQAU.exe

C:\Windows\System\YsOxQAU.exe

C:\Windows\System\IpWCokC.exe

C:\Windows\System\IpWCokC.exe

C:\Windows\System\IqUSCqA.exe

C:\Windows\System\IqUSCqA.exe

C:\Windows\System\GwsjMsm.exe

C:\Windows\System\GwsjMsm.exe

C:\Windows\System\iOkOzqp.exe

C:\Windows\System\iOkOzqp.exe

C:\Windows\System\ZHfcoxZ.exe

C:\Windows\System\ZHfcoxZ.exe

C:\Windows\System\tNsHTLW.exe

C:\Windows\System\tNsHTLW.exe

C:\Windows\System\OsAPzKL.exe

C:\Windows\System\OsAPzKL.exe

C:\Windows\System\cvuQalV.exe

C:\Windows\System\cvuQalV.exe

C:\Windows\System\xSAihgO.exe

C:\Windows\System\xSAihgO.exe

C:\Windows\System\qbtmTAV.exe

C:\Windows\System\qbtmTAV.exe

C:\Windows\System\oGEeoAf.exe

C:\Windows\System\oGEeoAf.exe

C:\Windows\System\YJxBTXN.exe

C:\Windows\System\YJxBTXN.exe

C:\Windows\System\sJUUrKz.exe

C:\Windows\System\sJUUrKz.exe

C:\Windows\System\ULAeMBb.exe

C:\Windows\System\ULAeMBb.exe

C:\Windows\System\CmEJlFF.exe

C:\Windows\System\CmEJlFF.exe

C:\Windows\System\uMENFrT.exe

C:\Windows\System\uMENFrT.exe

C:\Windows\System\afKOtUi.exe

C:\Windows\System\afKOtUi.exe

C:\Windows\System\fzOjtGr.exe

C:\Windows\System\fzOjtGr.exe

C:\Windows\System\CJgxEdW.exe

C:\Windows\System\CJgxEdW.exe

C:\Windows\System\hjoxtcY.exe

C:\Windows\System\hjoxtcY.exe

C:\Windows\System\npSisxX.exe

C:\Windows\System\npSisxX.exe

C:\Windows\System\NbQXCSA.exe

C:\Windows\System\NbQXCSA.exe

C:\Windows\System\LXSxQhu.exe

C:\Windows\System\LXSxQhu.exe

C:\Windows\System\syDDGxt.exe

C:\Windows\System\syDDGxt.exe

C:\Windows\System\eFCDHVR.exe

C:\Windows\System\eFCDHVR.exe

C:\Windows\System\iYOyHro.exe

C:\Windows\System\iYOyHro.exe

C:\Windows\System\ybjjtVJ.exe

C:\Windows\System\ybjjtVJ.exe

C:\Windows\System\fVKxsnS.exe

C:\Windows\System\fVKxsnS.exe

C:\Windows\System\tALPVTL.exe

C:\Windows\System\tALPVTL.exe

C:\Windows\System\DWqlsPs.exe

C:\Windows\System\DWqlsPs.exe

C:\Windows\System\Afpdwls.exe

C:\Windows\System\Afpdwls.exe

C:\Windows\System\yGpKZGj.exe

C:\Windows\System\yGpKZGj.exe

C:\Windows\System\zmvAQMW.exe

C:\Windows\System\zmvAQMW.exe

C:\Windows\System\JMNlNEw.exe

C:\Windows\System\JMNlNEw.exe

C:\Windows\System\smzazBC.exe

C:\Windows\System\smzazBC.exe

C:\Windows\System\YxqwMxw.exe

C:\Windows\System\YxqwMxw.exe

C:\Windows\System\WErtbDW.exe

C:\Windows\System\WErtbDW.exe

C:\Windows\System\IoMlasv.exe

C:\Windows\System\IoMlasv.exe

C:\Windows\System\EdaYlSj.exe

C:\Windows\System\EdaYlSj.exe

C:\Windows\System\ZMNwIZw.exe

C:\Windows\System\ZMNwIZw.exe

C:\Windows\System\lQGHTuf.exe

C:\Windows\System\lQGHTuf.exe

C:\Windows\System\fUUpLSE.exe

C:\Windows\System\fUUpLSE.exe

C:\Windows\System\AhMRjxA.exe

C:\Windows\System\AhMRjxA.exe

C:\Windows\System\ZzULCXw.exe

C:\Windows\System\ZzULCXw.exe

C:\Windows\System\FkLhOhj.exe

C:\Windows\System\FkLhOhj.exe

C:\Windows\System\lctOwtH.exe

C:\Windows\System\lctOwtH.exe

C:\Windows\System\awJoSbf.exe

C:\Windows\System\awJoSbf.exe

C:\Windows\System\KoWXaoJ.exe

C:\Windows\System\KoWXaoJ.exe

C:\Windows\System\dPbpidB.exe

C:\Windows\System\dPbpidB.exe

C:\Windows\System\XILrtFn.exe

C:\Windows\System\XILrtFn.exe

C:\Windows\System\KMquaQx.exe

C:\Windows\System\KMquaQx.exe

C:\Windows\System\UOlRjBu.exe

C:\Windows\System\UOlRjBu.exe

C:\Windows\System\bxvztsK.exe

C:\Windows\System\bxvztsK.exe

C:\Windows\System\sifRnfn.exe

C:\Windows\System\sifRnfn.exe

C:\Windows\System\ZTtMBqT.exe

C:\Windows\System\ZTtMBqT.exe

C:\Windows\System\RXqHjqQ.exe

C:\Windows\System\RXqHjqQ.exe

C:\Windows\System\yYjwbyb.exe

C:\Windows\System\yYjwbyb.exe

C:\Windows\System\GusggbD.exe

C:\Windows\System\GusggbD.exe

C:\Windows\System\qUGKzeK.exe

C:\Windows\System\qUGKzeK.exe

C:\Windows\System\CgfZdVj.exe

C:\Windows\System\CgfZdVj.exe

C:\Windows\System\AjOUArD.exe

C:\Windows\System\AjOUArD.exe

C:\Windows\System\epDAsEt.exe

C:\Windows\System\epDAsEt.exe

C:\Windows\System\mwhtmQt.exe

C:\Windows\System\mwhtmQt.exe

C:\Windows\System\kgnyqnR.exe

C:\Windows\System\kgnyqnR.exe

C:\Windows\System\SOZlTGm.exe

C:\Windows\System\SOZlTGm.exe

C:\Windows\System\zHFFiye.exe

C:\Windows\System\zHFFiye.exe

C:\Windows\System\IpTYHqh.exe

C:\Windows\System\IpTYHqh.exe

C:\Windows\System\jJXHvRH.exe

C:\Windows\System\jJXHvRH.exe

C:\Windows\System\WkPOaPD.exe

C:\Windows\System\WkPOaPD.exe

C:\Windows\System\jZFpQlk.exe

C:\Windows\System\jZFpQlk.exe

C:\Windows\System\xrpDPTk.exe

C:\Windows\System\xrpDPTk.exe

C:\Windows\System\paMuuEL.exe

C:\Windows\System\paMuuEL.exe

C:\Windows\System\SesVpDT.exe

C:\Windows\System\SesVpDT.exe

C:\Windows\System\wdTHULJ.exe

C:\Windows\System\wdTHULJ.exe

C:\Windows\System\zUxBKAn.exe

C:\Windows\System\zUxBKAn.exe

C:\Windows\System\eLoLDbc.exe

C:\Windows\System\eLoLDbc.exe

C:\Windows\System\qAPvdss.exe

C:\Windows\System\qAPvdss.exe

C:\Windows\System\VdVzzdB.exe

C:\Windows\System\VdVzzdB.exe

C:\Windows\System\cLGcuBp.exe

C:\Windows\System\cLGcuBp.exe

C:\Windows\System\uWiIPBZ.exe

C:\Windows\System\uWiIPBZ.exe

C:\Windows\System\tAKlRoT.exe

C:\Windows\System\tAKlRoT.exe

C:\Windows\System\eIACuYf.exe

C:\Windows\System\eIACuYf.exe

C:\Windows\System\AfofMGJ.exe

C:\Windows\System\AfofMGJ.exe

C:\Windows\System\MAUhNLT.exe

C:\Windows\System\MAUhNLT.exe

C:\Windows\System\gfjSrOX.exe

C:\Windows\System\gfjSrOX.exe

C:\Windows\System\ZkdqmWi.exe

C:\Windows\System\ZkdqmWi.exe

C:\Windows\System\YDWjLGv.exe

C:\Windows\System\YDWjLGv.exe

C:\Windows\System\JPrzfkl.exe

C:\Windows\System\JPrzfkl.exe

C:\Windows\System\IGkXxPJ.exe

C:\Windows\System\IGkXxPJ.exe

C:\Windows\System\LpNjELF.exe

C:\Windows\System\LpNjELF.exe

C:\Windows\System\kckLXci.exe

C:\Windows\System\kckLXci.exe

C:\Windows\System\WrnjJxb.exe

C:\Windows\System\WrnjJxb.exe

C:\Windows\System\dOrBYZy.exe

C:\Windows\System\dOrBYZy.exe

C:\Windows\System\GraFNVR.exe

C:\Windows\System\GraFNVR.exe

C:\Windows\System\gBWRrwL.exe

C:\Windows\System\gBWRrwL.exe

C:\Windows\System\YmKUpbc.exe

C:\Windows\System\YmKUpbc.exe

C:\Windows\System\kIHpKMr.exe

C:\Windows\System\kIHpKMr.exe

C:\Windows\System\ameClzU.exe

C:\Windows\System\ameClzU.exe

C:\Windows\System\cymMVoB.exe

C:\Windows\System\cymMVoB.exe

C:\Windows\System\VuAVZMK.exe

C:\Windows\System\VuAVZMK.exe

C:\Windows\System\BYfAghF.exe

C:\Windows\System\BYfAghF.exe

C:\Windows\System\BjLpPZP.exe

C:\Windows\System\BjLpPZP.exe

C:\Windows\System\FVMuAcS.exe

C:\Windows\System\FVMuAcS.exe

C:\Windows\System\oZFwlvM.exe

C:\Windows\System\oZFwlvM.exe

C:\Windows\System\PoleRZk.exe

C:\Windows\System\PoleRZk.exe

C:\Windows\System\FGdyqGk.exe

C:\Windows\System\FGdyqGk.exe

C:\Windows\System\usLjKIk.exe

C:\Windows\System\usLjKIk.exe

C:\Windows\System\ymhitpA.exe

C:\Windows\System\ymhitpA.exe

C:\Windows\System\fCXfleS.exe

C:\Windows\System\fCXfleS.exe

C:\Windows\System\slKIJLH.exe

C:\Windows\System\slKIJLH.exe

C:\Windows\System\EHfadGG.exe

C:\Windows\System\EHfadGG.exe

C:\Windows\System\PiAjSYo.exe

C:\Windows\System\PiAjSYo.exe

C:\Windows\System\mNgWSjo.exe

C:\Windows\System\mNgWSjo.exe

C:\Windows\System\UmFAqNF.exe

C:\Windows\System\UmFAqNF.exe

C:\Windows\System\NyCFAPC.exe

C:\Windows\System\NyCFAPC.exe

C:\Windows\System\FysdQQx.exe

C:\Windows\System\FysdQQx.exe

C:\Windows\System\RqYzmVq.exe

C:\Windows\System\RqYzmVq.exe

C:\Windows\System\fciebzE.exe

C:\Windows\System\fciebzE.exe

C:\Windows\System\YoOcGAF.exe

C:\Windows\System\YoOcGAF.exe

C:\Windows\System\WiAmlgH.exe

C:\Windows\System\WiAmlgH.exe

C:\Windows\System\cJhbiYr.exe

C:\Windows\System\cJhbiYr.exe

C:\Windows\System\PaBMnLs.exe

C:\Windows\System\PaBMnLs.exe

C:\Windows\System\rjtwxAK.exe

C:\Windows\System\rjtwxAK.exe

C:\Windows\System\eDJdhhd.exe

C:\Windows\System\eDJdhhd.exe

C:\Windows\System\LrotHRo.exe

C:\Windows\System\LrotHRo.exe

C:\Windows\System\OynNzzA.exe

C:\Windows\System\OynNzzA.exe

C:\Windows\System\OxFQeSn.exe

C:\Windows\System\OxFQeSn.exe

C:\Windows\System\GdMFURD.exe

C:\Windows\System\GdMFURD.exe

C:\Windows\System\JZlQRQp.exe

C:\Windows\System\JZlQRQp.exe

C:\Windows\System\aOXQZug.exe

C:\Windows\System\aOXQZug.exe

C:\Windows\System\NCGGrHl.exe

C:\Windows\System\NCGGrHl.exe

C:\Windows\System\lNEZavp.exe

C:\Windows\System\lNEZavp.exe

C:\Windows\System\eEDuVWf.exe

C:\Windows\System\eEDuVWf.exe

C:\Windows\System\nWpoCds.exe

C:\Windows\System\nWpoCds.exe

C:\Windows\System\UQwnlHV.exe

C:\Windows\System\UQwnlHV.exe

C:\Windows\System\UVONTNL.exe

C:\Windows\System\UVONTNL.exe

C:\Windows\System\cliLUan.exe

C:\Windows\System\cliLUan.exe

C:\Windows\System\zWXktDB.exe

C:\Windows\System\zWXktDB.exe

C:\Windows\System\RlSipPW.exe

C:\Windows\System\RlSipPW.exe

C:\Windows\System\dDFMuIi.exe

C:\Windows\System\dDFMuIi.exe

C:\Windows\System\kQRgYQe.exe

C:\Windows\System\kQRgYQe.exe

C:\Windows\System\hOiBujp.exe

C:\Windows\System\hOiBujp.exe

C:\Windows\System\bOPGigz.exe

C:\Windows\System\bOPGigz.exe

C:\Windows\System\MMEAmyh.exe

C:\Windows\System\MMEAmyh.exe

C:\Windows\System\QGwPUAM.exe

C:\Windows\System\QGwPUAM.exe

C:\Windows\System\FurFBCn.exe

C:\Windows\System\FurFBCn.exe

C:\Windows\System\dhAufGj.exe

C:\Windows\System\dhAufGj.exe

C:\Windows\System\hDNdcXy.exe

C:\Windows\System\hDNdcXy.exe

C:\Windows\System\vgsPqNQ.exe

C:\Windows\System\vgsPqNQ.exe

C:\Windows\System\vwRBTAu.exe

C:\Windows\System\vwRBTAu.exe

C:\Windows\System\VSQNYyX.exe

C:\Windows\System\VSQNYyX.exe

C:\Windows\System\RcTkuCz.exe

C:\Windows\System\RcTkuCz.exe

C:\Windows\System\LVAqqlZ.exe

C:\Windows\System\LVAqqlZ.exe

C:\Windows\System\NptyAUK.exe

C:\Windows\System\NptyAUK.exe

C:\Windows\System\xGpxxVt.exe

C:\Windows\System\xGpxxVt.exe

C:\Windows\System\EHioAEP.exe

C:\Windows\System\EHioAEP.exe

C:\Windows\System\PLbkEVG.exe

C:\Windows\System\PLbkEVG.exe

C:\Windows\System\jkifGVp.exe

C:\Windows\System\jkifGVp.exe

C:\Windows\System\YYpjROs.exe

C:\Windows\System\YYpjROs.exe

C:\Windows\System\Hvyfmtj.exe

C:\Windows\System\Hvyfmtj.exe

C:\Windows\System\xgwpYJE.exe

C:\Windows\System\xgwpYJE.exe

C:\Windows\System\nSRGTJX.exe

C:\Windows\System\nSRGTJX.exe

C:\Windows\System\iblebSS.exe

C:\Windows\System\iblebSS.exe

C:\Windows\System\yGwWmbw.exe

C:\Windows\System\yGwWmbw.exe

C:\Windows\System\mVroZlV.exe

C:\Windows\System\mVroZlV.exe

C:\Windows\System\kyhPBEC.exe

C:\Windows\System\kyhPBEC.exe

C:\Windows\System\bjEzunA.exe

C:\Windows\System\bjEzunA.exe

C:\Windows\System\DyQmujT.exe

C:\Windows\System\DyQmujT.exe

C:\Windows\System\dBJEJQR.exe

C:\Windows\System\dBJEJQR.exe

C:\Windows\System\kenyElg.exe

C:\Windows\System\kenyElg.exe

C:\Windows\System\gcGzJRN.exe

C:\Windows\System\gcGzJRN.exe

C:\Windows\System\XgONbro.exe

C:\Windows\System\XgONbro.exe

C:\Windows\System\oMfLsNH.exe

C:\Windows\System\oMfLsNH.exe

C:\Windows\System\gXarnSf.exe

C:\Windows\System\gXarnSf.exe

C:\Windows\System\clmjeOV.exe

C:\Windows\System\clmjeOV.exe

C:\Windows\System\CfVvHus.exe

C:\Windows\System\CfVvHus.exe

C:\Windows\System\DUiGrZn.exe

C:\Windows\System\DUiGrZn.exe

C:\Windows\System\GJmoYJe.exe

C:\Windows\System\GJmoYJe.exe

C:\Windows\System\XgGUqsg.exe

C:\Windows\System\XgGUqsg.exe

C:\Windows\System\RcwZtck.exe

C:\Windows\System\RcwZtck.exe

C:\Windows\System\uUFtLxo.exe

C:\Windows\System\uUFtLxo.exe

C:\Windows\System\RnoTgsn.exe

C:\Windows\System\RnoTgsn.exe

C:\Windows\System\EUFLTTk.exe

C:\Windows\System\EUFLTTk.exe

C:\Windows\System\ptFmYRI.exe

C:\Windows\System\ptFmYRI.exe

C:\Windows\System\cPAGUym.exe

C:\Windows\System\cPAGUym.exe

C:\Windows\System\pZcTUcN.exe

C:\Windows\System\pZcTUcN.exe

C:\Windows\System\jLssXov.exe

C:\Windows\System\jLssXov.exe

C:\Windows\System\IsMXgJz.exe

C:\Windows\System\IsMXgJz.exe

C:\Windows\System\IDWzDUM.exe

C:\Windows\System\IDWzDUM.exe

C:\Windows\System\VDvjrzY.exe

C:\Windows\System\VDvjrzY.exe

C:\Windows\System\CDfelRs.exe

C:\Windows\System\CDfelRs.exe

C:\Windows\System\fpEBrMr.exe

C:\Windows\System\fpEBrMr.exe

C:\Windows\System\wybhqCz.exe

C:\Windows\System\wybhqCz.exe

C:\Windows\System\OTSuPmJ.exe

C:\Windows\System\OTSuPmJ.exe

C:\Windows\System\wzFhXtq.exe

C:\Windows\System\wzFhXtq.exe

C:\Windows\System\qIDdQWC.exe

C:\Windows\System\qIDdQWC.exe

C:\Windows\System\stzjsHA.exe

C:\Windows\System\stzjsHA.exe

C:\Windows\System\tvtQYGd.exe

C:\Windows\System\tvtQYGd.exe

C:\Windows\System\UzMmWzN.exe

C:\Windows\System\UzMmWzN.exe

C:\Windows\System\GscRhEY.exe

C:\Windows\System\GscRhEY.exe

C:\Windows\System\GRCEytw.exe

C:\Windows\System\GRCEytw.exe

C:\Windows\System\CthwkmV.exe

C:\Windows\System\CthwkmV.exe

C:\Windows\System\CrTMdAR.exe

C:\Windows\System\CrTMdAR.exe

C:\Windows\System\EuotIQz.exe

C:\Windows\System\EuotIQz.exe

C:\Windows\System\wAziDdW.exe

C:\Windows\System\wAziDdW.exe

C:\Windows\System\HNyBWLW.exe

C:\Windows\System\HNyBWLW.exe

C:\Windows\System\mnVbdga.exe

C:\Windows\System\mnVbdga.exe

C:\Windows\System\hJJFVqW.exe

C:\Windows\System\hJJFVqW.exe

C:\Windows\System\LfLlFBA.exe

C:\Windows\System\LfLlFBA.exe

C:\Windows\System\pPAmDpq.exe

C:\Windows\System\pPAmDpq.exe

C:\Windows\System\EPofgwm.exe

C:\Windows\System\EPofgwm.exe

C:\Windows\System\GAIkmfs.exe

C:\Windows\System\GAIkmfs.exe

C:\Windows\System\pCAlpGD.exe

C:\Windows\System\pCAlpGD.exe

C:\Windows\System\MpBpAJD.exe

C:\Windows\System\MpBpAJD.exe

C:\Windows\System\cyYZfSv.exe

C:\Windows\System\cyYZfSv.exe

C:\Windows\System\ztSfxxH.exe

C:\Windows\System\ztSfxxH.exe

C:\Windows\System\OyaoJrg.exe

C:\Windows\System\OyaoJrg.exe

C:\Windows\System\PyTZjcj.exe

C:\Windows\System\PyTZjcj.exe

C:\Windows\System\EfpzgUd.exe

C:\Windows\System\EfpzgUd.exe

C:\Windows\System\MBeEiSy.exe

C:\Windows\System\MBeEiSy.exe

C:\Windows\System\vBXJkYt.exe

C:\Windows\System\vBXJkYt.exe

C:\Windows\System\HVhJRDu.exe

C:\Windows\System\HVhJRDu.exe

C:\Windows\System\YSSJhxK.exe

C:\Windows\System\YSSJhxK.exe

C:\Windows\System\usCnHSv.exe

C:\Windows\System\usCnHSv.exe

C:\Windows\System\zLWgbxI.exe

C:\Windows\System\zLWgbxI.exe

C:\Windows\System\OAuikzD.exe

C:\Windows\System\OAuikzD.exe

C:\Windows\System\vMgalpx.exe

C:\Windows\System\vMgalpx.exe

C:\Windows\System\FrVepSt.exe

C:\Windows\System\FrVepSt.exe

C:\Windows\System\JVitiIQ.exe

C:\Windows\System\JVitiIQ.exe

C:\Windows\System\eMXOjJW.exe

C:\Windows\System\eMXOjJW.exe

C:\Windows\System\BnBbKZb.exe

C:\Windows\System\BnBbKZb.exe

C:\Windows\System\YjMFEtL.exe

C:\Windows\System\YjMFEtL.exe

C:\Windows\System\rdjhbbx.exe

C:\Windows\System\rdjhbbx.exe

C:\Windows\System\QcwaAZg.exe

C:\Windows\System\QcwaAZg.exe

C:\Windows\System\DbgHpRP.exe

C:\Windows\System\DbgHpRP.exe

C:\Windows\System\cPCXsqA.exe

C:\Windows\System\cPCXsqA.exe

C:\Windows\System\DqPDHqa.exe

C:\Windows\System\DqPDHqa.exe

C:\Windows\System\MeODNvK.exe

C:\Windows\System\MeODNvK.exe

C:\Windows\System\PWbkOiT.exe

C:\Windows\System\PWbkOiT.exe

C:\Windows\System\RNKdwqG.exe

C:\Windows\System\RNKdwqG.exe

C:\Windows\System\deHBocp.exe

C:\Windows\System\deHBocp.exe

C:\Windows\System\kbDjihX.exe

C:\Windows\System\kbDjihX.exe

C:\Windows\System\XOKxNjQ.exe

C:\Windows\System\XOKxNjQ.exe

C:\Windows\System\XkqLDpG.exe

C:\Windows\System\XkqLDpG.exe

C:\Windows\System\diBTJHo.exe

C:\Windows\System\diBTJHo.exe

C:\Windows\System\tGamqHL.exe

C:\Windows\System\tGamqHL.exe

C:\Windows\System\ACpRiNW.exe

C:\Windows\System\ACpRiNW.exe

C:\Windows\System\jUObLra.exe

C:\Windows\System\jUObLra.exe

C:\Windows\System\fzIcMsp.exe

C:\Windows\System\fzIcMsp.exe

C:\Windows\System\sZZpkpt.exe

C:\Windows\System\sZZpkpt.exe

C:\Windows\System\OTyNCWG.exe

C:\Windows\System\OTyNCWG.exe

C:\Windows\System\NbhdSKg.exe

C:\Windows\System\NbhdSKg.exe

C:\Windows\System\YzLCoJh.exe

C:\Windows\System\YzLCoJh.exe

C:\Windows\System\mIqiriy.exe

C:\Windows\System\mIqiriy.exe

C:\Windows\System\jAGsiLt.exe

C:\Windows\System\jAGsiLt.exe

C:\Windows\System\XWMOTGo.exe

C:\Windows\System\XWMOTGo.exe

C:\Windows\System\gWCyVxV.exe

C:\Windows\System\gWCyVxV.exe

C:\Windows\System\aGTWjHv.exe

C:\Windows\System\aGTWjHv.exe

C:\Windows\System\iYklEOa.exe

C:\Windows\System\iYklEOa.exe

C:\Windows\System\hAPQNeH.exe

C:\Windows\System\hAPQNeH.exe

C:\Windows\System\xqWNcDr.exe

C:\Windows\System\xqWNcDr.exe

C:\Windows\System\WzNZHig.exe

C:\Windows\System\WzNZHig.exe

C:\Windows\System\VxWISwR.exe

C:\Windows\System\VxWISwR.exe

C:\Windows\System\aHVucBX.exe

C:\Windows\System\aHVucBX.exe

C:\Windows\System\dUjtuAw.exe

C:\Windows\System\dUjtuAw.exe

C:\Windows\System\KGUvxiA.exe

C:\Windows\System\KGUvxiA.exe

C:\Windows\System\FRfLRij.exe

C:\Windows\System\FRfLRij.exe

C:\Windows\System\crogwId.exe

C:\Windows\System\crogwId.exe

C:\Windows\System\ekAiTZf.exe

C:\Windows\System\ekAiTZf.exe

C:\Windows\System\MPeNTeG.exe

C:\Windows\System\MPeNTeG.exe

C:\Windows\System\KqRvKcM.exe

C:\Windows\System\KqRvKcM.exe

C:\Windows\System\xXCTRvJ.exe

C:\Windows\System\xXCTRvJ.exe

C:\Windows\System\caIJMhE.exe

C:\Windows\System\caIJMhE.exe

C:\Windows\System\yNXPMfN.exe

C:\Windows\System\yNXPMfN.exe

C:\Windows\System\WRnYNtf.exe

C:\Windows\System\WRnYNtf.exe

C:\Windows\System\sPJqioS.exe

C:\Windows\System\sPJqioS.exe

C:\Windows\System\KEQYVdD.exe

C:\Windows\System\KEQYVdD.exe

C:\Windows\System\YCBzKLz.exe

C:\Windows\System\YCBzKLz.exe

C:\Windows\System\HFRlynL.exe

C:\Windows\System\HFRlynL.exe

C:\Windows\System\gSdnUDk.exe

C:\Windows\System\gSdnUDk.exe

C:\Windows\System\iVOJbeX.exe

C:\Windows\System\iVOJbeX.exe

C:\Windows\System\mKbzIVf.exe

C:\Windows\System\mKbzIVf.exe

C:\Windows\System\GJFSXFb.exe

C:\Windows\System\GJFSXFb.exe

C:\Windows\System\QBDLzsp.exe

C:\Windows\System\QBDLzsp.exe

C:\Windows\System\SDOedoY.exe

C:\Windows\System\SDOedoY.exe

C:\Windows\System\FScRXbY.exe

C:\Windows\System\FScRXbY.exe

C:\Windows\System\GOQWcMn.exe

C:\Windows\System\GOQWcMn.exe

C:\Windows\System\PRuJhtC.exe

C:\Windows\System\PRuJhtC.exe

C:\Windows\System\lbHrmas.exe

C:\Windows\System\lbHrmas.exe

C:\Windows\System\AwcAPat.exe

C:\Windows\System\AwcAPat.exe

C:\Windows\System\nJqWQzh.exe

C:\Windows\System\nJqWQzh.exe

C:\Windows\System\EfZFLdG.exe

C:\Windows\System\EfZFLdG.exe

C:\Windows\System\IqxIRcr.exe

C:\Windows\System\IqxIRcr.exe

C:\Windows\System\qDUdjUf.exe

C:\Windows\System\qDUdjUf.exe

C:\Windows\System\UlvTlkY.exe

C:\Windows\System\UlvTlkY.exe

C:\Windows\System\QEjhPZg.exe

C:\Windows\System\QEjhPZg.exe

C:\Windows\System\mXHZtCk.exe

C:\Windows\System\mXHZtCk.exe

C:\Windows\System\skmAXJz.exe

C:\Windows\System\skmAXJz.exe

C:\Windows\System\KDGZSvT.exe

C:\Windows\System\KDGZSvT.exe

C:\Windows\System\WxjIXon.exe

C:\Windows\System\WxjIXon.exe

C:\Windows\System\RIyxXZe.exe

C:\Windows\System\RIyxXZe.exe

C:\Windows\System\iIicwnm.exe

C:\Windows\System\iIicwnm.exe

C:\Windows\System\EYKjRqV.exe

C:\Windows\System\EYKjRqV.exe

C:\Windows\System\FfHQGwa.exe

C:\Windows\System\FfHQGwa.exe

C:\Windows\System\DGkrDKP.exe

C:\Windows\System\DGkrDKP.exe

C:\Windows\System\buLhOKc.exe

C:\Windows\System\buLhOKc.exe

C:\Windows\System\PMpHsti.exe

C:\Windows\System\PMpHsti.exe

C:\Windows\System\pSaRNxA.exe

C:\Windows\System\pSaRNxA.exe

C:\Windows\System\rURfrnR.exe

C:\Windows\System\rURfrnR.exe

C:\Windows\System\BZLiIlJ.exe

C:\Windows\System\BZLiIlJ.exe

C:\Windows\System\uVHuXoY.exe

C:\Windows\System\uVHuXoY.exe

C:\Windows\System\XvTJnoe.exe

C:\Windows\System\XvTJnoe.exe

C:\Windows\System\olWoXzg.exe

C:\Windows\System\olWoXzg.exe

C:\Windows\System\HcraDtN.exe

C:\Windows\System\HcraDtN.exe

C:\Windows\System\jLwruaz.exe

C:\Windows\System\jLwruaz.exe

C:\Windows\System\sYECKih.exe

C:\Windows\System\sYECKih.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 57.82.21.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 121.150.79.40.in-addr.arpa udp

Files

memory/4848-0-0x00007FF7F4190000-0x00007FF7F44E4000-memory.dmp

memory/4848-1-0x0000020370E70000-0x0000020370E80000-memory.dmp

C:\Windows\System\vUgmiNu.exe

MD5 9d4772d7846e48e3a23572e14dd33cae
SHA1 9968d2cb55d9f9329d207ac3249b2f6eb930ee9f
SHA256 2f28961db0c3d7c49631d1bccc046cff81a403f2f84ca8edd12800da36f25205
SHA512 4c8d50a67ecacfa5332c3d9ccf3344c4d3015bba0ddcf55c7431ec15ffa8ef688ad922fe4a451c96e6942f4a114ad162787d9e5469ef07cd0a7b59527f4eb755

C:\Windows\System\dMszQWt.exe

MD5 bf5ff9e04700e93acaf534bdcdf988f5
SHA1 a71f8ce07bd4d3e418da369bfd6d2d891d230f4c
SHA256 3c5f49cb0d977913f76c6517d54ab3ffdb144832e193a74bcb81b7d81d49c696
SHA512 d1abf4a492d8b5a7a98b3f18e419cf47ae641f996e15fcbcb61861b9b303164a77316127baaa7777103bc184ecaae9133710faf5cb9416a6b821728368f381d1

C:\Windows\System\gDHMGND.exe

MD5 1de85933e13c3b4b9d83c9f1aadb29f5
SHA1 5dc84653964c9426d049431c5817fe3dd825957d
SHA256 be6565825fcea52db5c123a0372dafe6ac8c89f44166c5050efb0ffcb4f27265
SHA512 2d395a3e5fcf3d142741ef645af7653245cad88942a4a269b88f2e8f759e4c30ae9455f27c97f1eb9f59391d2c785d4d996ac6f5ee7b06cd684935b0e624b5c7

C:\Windows\System\PMTYSic.exe

MD5 e755cd847be436bdb867c5f0cbb65b73
SHA1 43893dedacdbf95b05285ff3cb72660f13673cc5
SHA256 6a28157ee045e19365bf7ff563d001a0b8a715243ef6ef6ba274509b89ff9270
SHA512 75c8d3a2ed2007afb0724847c967ee634957128e473e17a0601cc5176caeef5500207c03f3c7fdc9c591d2538fd80c1f1bde71c3c2b63d63d079774cbeb17825

memory/1432-22-0x00007FF7A5510000-0x00007FF7A5864000-memory.dmp

memory/4468-15-0x00007FF6EBD90000-0x00007FF6EC0E4000-memory.dmp

memory/1780-8-0x00007FF7DAA50000-0x00007FF7DADA4000-memory.dmp

C:\Windows\System\SrnxoRx.exe

MD5 ccd7c10bb23d6d85f8bc47ca20b4fa55
SHA1 a5c6d139757f11c7e1b92485af0a5a575c270099
SHA256 24edcd1f71e06a257f8cc13dc16953ba935a1ed680b71a3be61d881d3ee39477
SHA512 ce8b218e514b1b7ded75c3ba7015982f7a8a1a0b6b62b97ee728d4e3c04bf29090d7f34804a1b97338d94e86ab065fb5ff32be98ebeccff38f807c6c186f7319

C:\Windows\System\QcnJtAq.exe

MD5 c379e4e6010124c5ca6e66a93ad07c06
SHA1 6cfa17b2b6e0d3c5366f7c1fa298729b8ba7cb16
SHA256 b1258587b4c739c7298b550e3f8155ea752c61ee7d8a8b6b63a2bb9ad1ba3531
SHA512 fe8a6ab800f81be0fbb8b7a522da5b81555b3c77b2eaa64d8f203124ca038a998721f29a03f5699c0de84322c16ef0a9b2f973e9bdddc7860cb508da9d375c0a

C:\Windows\System\RVTIJPE.exe

MD5 6256081e955a7e405fe07438309ac301
SHA1 3dbb6c0453de20885db41315d2b59fac82e9d236
SHA256 40774fa7ddbb46399fad13bba263c531706c309366d24149e356801e6ae94fd7
SHA512 d211e59f9347b439568b4bc40b9695b463a4635c5e37eac0475a125c0891cb5b8556c3a90c6d39c816835552ce1458c981189ed247c0d4f12274a5d3a3293ed2

C:\Windows\System\YsOxQAU.exe

MD5 69b1aa819e152b391897d3b266a8fd10
SHA1 c2d24e0969cbe5c4f2e7e317038ad367b244cde1
SHA256 7cddf4f5396545a30ed9b4b6b2ce7ed8f72178fcd4f44bb603a0ca6248f72259
SHA512 980faed3a7a07659c22820bec1b2060502814933ed878ed39eed077374b37a9541ce22fc91577f521419a47bf10d053b4faa0e40f8723c0d9d68174317d249a9

C:\Windows\System\IpWCokC.exe

MD5 bb065a721866fc24d6f0c9e38a3ab423
SHA1 6ef69472516bef5db0eb8251f2866c62e2f08f3f
SHA256 9163bebb67ba2eb2cdc6e225dd274aaa2e5058923305f9e3f13062420d194c94
SHA512 a529a8417fdb2ca6847d9b85bc3ca0e568a5b5c0a5b06a6519e5a0fafc443cba25f05193724ac501c94a7408ae961eae7c492b2308f8f7c4c41f603844e562c0

C:\Windows\System\tNsHTLW.exe

MD5 f9ec0e3975b6085f7d2ca076679cd633
SHA1 fae445c4995b698def0effce9e904741d0d45c97
SHA256 08c112b4c2048af99ff3c984788ef80ec7e2af6bc44a6554f3167ae10bb40c0a
SHA512 d1fa357963a35c6906694a43863dd24b986f5c4e597087a2021c5a2adff6c9e8e0923efc99f663030d85e6825cc094d343827ecd4ec0f7d6e79cb2d5ebdf85d0

C:\Windows\System\xSAihgO.exe

MD5 4912bd7e17cf5b7a0dc02f67f2942e97
SHA1 5821f077b4f7dc32bd1c0fdf1ddc8739284c2a0a
SHA256 4271cadde330e35c550231835ecee9ceaebcab2f4feaab6a2b082104df092cc0
SHA512 0131bf21084a34b7090c7cbc4433d88cafdb5aa05293033c313c6629e93d26c94fb60875e5e79975e2d35b51a0bc1ca5a8f6d2af425f41bce473c054158c41af

C:\Windows\System\oGEeoAf.exe

MD5 3ea31cdf2ac6997cabb19c3324801357
SHA1 f0f9341aa4e843fa8acb6966864cafd0f5c7eb52
SHA256 84d06bd69a238b74b6fcf22c0b1e6a74141aae078f370a5f14f292ba7e07a83e
SHA512 5be4a1d89bd1aba709722512b820e0c7e82a35605ea27244c9fbe1e6116e33f39f098b76ade0b46ec5b87d4fa01bcd932d59117afb99b204187e520309e7eaf9

C:\Windows\System\sJUUrKz.exe

MD5 c7906910fcc6f14e587141c5b77fdba4
SHA1 5b2c323b0083213d60205a4a380dbda3bee9d876
SHA256 1bd6cd1f6129b991fa4bb58dc4d4cb5ebd7f4e80df7835197c73230d39c1db11
SHA512 9ee146d3f5c923e299cb32488fb51c0295513db3920e476f33b74a59942b9d2237e477706ec3359be77e409de202a94277a5889f91ac3e36037419f9d294ca57

C:\Windows\System\ULAeMBb.exe

MD5 6bc1c27eec45e9868642e46153fd2fea
SHA1 bccadc72808ba4a52009be41066e52cf1cb59376
SHA256 ad918bccbed4d40f7a64e581626b632ac5029e38aa3ae7a05c4f6d8185ab9dbe
SHA512 beac36cc00103f1f2f8f90d7f58f2c9c5023b783eb4d9cccc434f5bfa14b05800fd531f4fc3275b4a88f0c0eecf8d43a0e91404aaac01cf28b4be7557bb0e071

C:\Windows\System\fzOjtGr.exe

MD5 4884c2eb68675d6683dcdc58c9f14839
SHA1 7c5da58c814ad4cb3077ec43e8f65c35fcf4140a
SHA256 17af4662863f247095d02e8cd597a9d87e7bbdf88da1ded8a17bcd3ac9ff3a81
SHA512 391764e80b723c6e94a7c784b2f55b324402a13093e262a88f5304b174655a2cf150ede72e86cdaa5b550ac0e61d2fb7dae2adfb35b472aa7d83ef8b2ece32d6

C:\Windows\System\hjoxtcY.exe

MD5 5af4ce429ddf5fd4869d29b19c289013
SHA1 8d4016fabb0e1c848e2df2e92e8342c6cde7d975
SHA256 ab1fe10c9a515c8f1e995e8fa802c508df95aa655ffe8a9b79fef6d3f4e95ea3
SHA512 bb1c7bd7e01d5d53082c563173ca6323a815df8db4aa31c6d2f6f3bac209f007e89f1487135a43e692226036bb84200c593cb1781c2f193ea3b314a80d85785d

memory/1252-233-0x00007FF76E1D0000-0x00007FF76E524000-memory.dmp

memory/2336-241-0x00007FF7E66C0000-0x00007FF7E6A14000-memory.dmp

memory/4060-248-0x00007FF6AD0C0000-0x00007FF6AD414000-memory.dmp

memory/4984-254-0x00007FF6AC950000-0x00007FF6ACCA4000-memory.dmp

memory/4364-256-0x00007FF744320000-0x00007FF744674000-memory.dmp

memory/1132-255-0x00007FF6FF1A0000-0x00007FF6FF4F4000-memory.dmp

memory/4516-253-0x00007FF73E1C0000-0x00007FF73E514000-memory.dmp

memory/2344-252-0x00007FF67F9E0000-0x00007FF67FD34000-memory.dmp

memory/2992-251-0x00007FF68A310000-0x00007FF68A664000-memory.dmp

memory/4892-250-0x00007FF630AE0000-0x00007FF630E34000-memory.dmp

memory/816-249-0x00007FF7DC8A0000-0x00007FF7DCBF4000-memory.dmp

memory/3508-247-0x00007FF655B70000-0x00007FF655EC4000-memory.dmp

memory/2144-246-0x00007FF74D0A0000-0x00007FF74D3F4000-memory.dmp

memory/3092-245-0x00007FF6E1FF0000-0x00007FF6E2344000-memory.dmp

memory/3316-244-0x00007FF704D50000-0x00007FF7050A4000-memory.dmp

memory/2888-243-0x00007FF794710000-0x00007FF794A64000-memory.dmp

memory/436-242-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp

memory/1136-240-0x00007FF645880000-0x00007FF645BD4000-memory.dmp

memory/3652-239-0x00007FF638860000-0x00007FF638BB4000-memory.dmp

memory/2540-238-0x00007FF680D90000-0x00007FF6810E4000-memory.dmp

memory/4704-237-0x00007FF69CC80000-0x00007FF69CFD4000-memory.dmp

memory/1100-236-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp

memory/2696-235-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp

memory/2936-234-0x00007FF73BD20000-0x00007FF73C074000-memory.dmp

memory/3896-232-0x00007FF625C70000-0x00007FF625FC4000-memory.dmp

memory/2136-231-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp

C:\Windows\System\LXSxQhu.exe

MD5 af926f77919d9b7d1d5efe14e82f876c
SHA1 896bbc05d2045ea1318533696814d94b6cfec0af
SHA256 740282e3907c2e685b1a597edc5c2a6448910bd92c2a5e8b878d6c9ef262c053
SHA512 212229906cf5a0f40fd06e8aced16b1a6d635557334799b8d2d882ae9ea8fa91df2e7e3b0f527bec94755077eebd5418a4cc4ea6e073eb731e052983b8919394

C:\Windows\System\NbQXCSA.exe

MD5 b3ffd19b7726bb5a2a4def13c991d1bb
SHA1 9f9832b7c952446025f77994ba0b0e428ba3cc86
SHA256 355827d5c5df66103a1016463cf5ae2d7fab1e99c84c5e6f15eb2eb63a5b1ca8
SHA512 8697e9cfb402b723510308af051951e54d690dfa8d6ec64b1400f373fc5c5f6d5dcc40afed21230d7ca0bd9e9505456f7709a69d04ba2a733e6b677222904af3

C:\Windows\System\npSisxX.exe

MD5 28605efde3da137c6b3897265e7648d8
SHA1 b4a8a1a3de6fa53b3d5bcf62f25fb49fb6740433
SHA256 2a84ebfcfd7088192295c52ee72e65cd568f8dcb6274c2fa1ab03c02b296cb4c
SHA512 35872fc4a2389e027b9660a64698032a61883689eaf1e4949bcecb0c48e5c2c4cbfebc06cf3ccae62afb2c00034b3fe3ee7a8c96cbb9c33523b11b75147610ac

C:\Windows\System\CJgxEdW.exe

MD5 72da4904dd8e0c846289126cbcc71c2e
SHA1 c084b379c6c7184616567e0e011cc31c335d2a0f
SHA256 5462cb7fa6204e6dcfd6a81deb8c582be38555a77e18089a59717b2937dd57dd
SHA512 b27988145da83306847a90c04ff1dc92ccd219c30c62e07a3a8fe20a73a1517dea064916586f4cf2d8ebf13a8880e9bca0b6b93fe4bf58628e6afdfd80df8202

C:\Windows\System\afKOtUi.exe

MD5 2b4d6511721f848d78f5541f69ba43c5
SHA1 52f088f613ea414fae123079439e1bd23860d30e
SHA256 152c962d9a20d1e5ed3d06f9933d8b5cdb265f287f506f8fffa0d5e42cc25197
SHA512 eb8766b55c7e786be6f2e21c01dc99f275389c552e2fab01d701d9505a34edecb96e26dc8ada858d39bb307fdcc0c4758ed0e5ef364b2d146d08981ab3be280b

C:\Windows\System\uMENFrT.exe

MD5 fee0c4694e843761eb577784dc7a907e
SHA1 c5fc7f6fa284f8ca41b584866a46cb6080c6e0d8
SHA256 232a7c40ec7ccc3ddfa82be40fe25467b271b4ec3a5c324a6da8b2c34fd8b204
SHA512 35932385c2d036b20fa5c79ef94fa67885e7ad501249a454eec96a59938e52e823c1847336279693e49dc3fa57201d09073a05221a0f04922cc3f40b8df61b3d

C:\Windows\System\CmEJlFF.exe

MD5 9dcde01800ec6afae8afc93388765742
SHA1 5cfdc3d70d21a9ba00251720966185b1909df93a
SHA256 348c85f541947ee70f8295330c3e4d458d60b8a5f2f835a79b606392df6979f5
SHA512 60d9f2caa8c50ea2fdb4411be0551a9add1efaa9daeab374db3d395189721a38c75c7d101613d32df17e6dc110226144d9c57e9df184737a99ae4ab6cf254bf6

C:\Windows\System\YJxBTXN.exe

MD5 7930606f782260382eab7f9bb44f4756
SHA1 a55f0a214afc0ea81029dd3381c580965198b41a
SHA256 f679c923b7ff9be441a52316906e4a60ea16f736756384a97ace27e79f5f772b
SHA512 5a4419b73f490ed6a72a106e826b48d7d3b62c4e4da97840c8a77d5245df4ea74ec0b7c7e3aa19a2b0c84bbd1404f93082386bceba4a8ddc4485babcc92b5734

C:\Windows\System\qbtmTAV.exe

MD5 739100eeaacfabd3c929d34bf942b798
SHA1 10b8da7fd22b6715edf547a5fa2976ae36651bee
SHA256 b401ecd6630d9bb694623f2b07ae2ad8d07dd4561f40d49bf6b996a76de362ca
SHA512 815fa18da45fa1415537fcd84cc2e74d76ffd2f899c5e5ea7271ee2b4d0e68d795790939172c13e24b045b84766e11431dc35c33f9227cc36a1d880d05e60310

C:\Windows\System\cvuQalV.exe

MD5 07a4072c0bee69dccfd09eeca4c7b2db
SHA1 cf784e7734cbb784fc229f2b9fe721e0755448fc
SHA256 a92e4bf13b6d6c434b5ed93828394a0e1513bb74940cff16f21b692177143d7e
SHA512 a1ea4c002bc98a2ccb4a1d875ffcbf07eb4fc61cc7a6e92f72c816b7eabc8fc82891f921b1448d5313ff4c337919b7386d0ad00b171783bea369a5ca5093c5f2

C:\Windows\System\OsAPzKL.exe

MD5 c6d4e112ec0cb41f64073866df80a9d7
SHA1 7d91377698190ae9af55723487190719c02dd8aa
SHA256 8f03584bab5c406ce2112faf50dcb220b4fb1ae4e8004c040b3fb33fbff88b84
SHA512 93589c660a50d10f2f1fc112fd5aa589adba435e3597b9bb9a2f06e01516b5025d85d1d125c59ea3c9cd0b04b2f86cebd90eb0a2c5058d34f9038962dfdac37f

C:\Windows\System\ZHfcoxZ.exe

MD5 9629a0700456254232389137d5778c3c
SHA1 579c7467f495a386341efedd2d828c5a8ee90aab
SHA256 23d39f97c556b84608060bfbf24e6bf6c211a2b544acd8d9152f80915e248bf7
SHA512 1311440afe7b43071429ce41aef12219f794f7168058d15e27085020493b5601d9aa3a5c5ddbbc35699a184aed2ecb99eccacc9804096ca55cd3bbfb69aabbc8

C:\Windows\System\iOkOzqp.exe

MD5 cbb3c702d1ecb742abe5301415fbb3ef
SHA1 dda80fcae42ee66dabdbdae3d2c322167a32a634
SHA256 57b7e7f85d7aa3d3da4dcfdcd9da5230c453cdab43eabbea4892a90024304fd0
SHA512 664e32628b03aa0af9513fe1a3584ef368075b3c9f935a0a8a5487924f74440799793ab9ecca4520e3aca71014883f49bed2fc028cb6e3c18be37502caf78f23

C:\Windows\System\GwsjMsm.exe

MD5 edbd60a5e7a72d75fb5a345cbd5052e8
SHA1 7a996fcd32651bc898b3663c2aed5b0b4472a6f2
SHA256 b6f0b56d9ad75c3fa676b5861f11f0d4fd4dad86c58fb9e6a158a747a0e8e031
SHA512 487c6217206503f56c635334b4409aa603280328741f8e58ca62eb7825e596f0ee86d34b9c43a2fc3489eaba1769c66c260290aa794d3dfe6ee153af7d8b9a72

C:\Windows\System\IqUSCqA.exe

MD5 0c8ffcb3373a2de455e0ed8b3e94738b
SHA1 b03e18e44e9289025a68a15dca041668f75145fc
SHA256 65771e63379da779e4555aabce7cbda95c371454066c9e7ee0b1b6f25674792c
SHA512 8e024aac52a4000c38b8353ecbc21df85087ed41597580a2a594550c9ad2323f1b12bdee8d9590158f28636df64dd128e5489c55da9e8cd3af31107e1db9c1fc

C:\Windows\System\LmiBMlO.exe

MD5 59efc5f1cb7c0ef63ba15ccd2e2da290
SHA1 aa8ee74b2e3327718413d4bd7faee3ab0d255ac7
SHA256 a725d3bc70c6550041fa63dbfc9447b28743e44459f7804aefca94df0ffca090
SHA512 ae7a6d5d5ede33c95ec0b0351e2668978769bfb7711529efdcaaf093f4ba6c630a853391f904afbe665971cca4e9cce1599ccca3126ed668c6a7acb835a1020c

memory/4848-1069-0x00007FF7F4190000-0x00007FF7F44E4000-memory.dmp

memory/1780-1070-0x00007FF7DAA50000-0x00007FF7DADA4000-memory.dmp

memory/4468-1071-0x00007FF6EBD90000-0x00007FF6EC0E4000-memory.dmp

memory/1432-1072-0x00007FF7A5510000-0x00007FF7A5864000-memory.dmp

memory/1780-1073-0x00007FF7DAA50000-0x00007FF7DADA4000-memory.dmp

memory/4468-1074-0x00007FF6EBD90000-0x00007FF6EC0E4000-memory.dmp

memory/1432-1076-0x00007FF7A5510000-0x00007FF7A5864000-memory.dmp

memory/1132-1075-0x00007FF6FF1A0000-0x00007FF6FF4F4000-memory.dmp

memory/4364-1077-0x00007FF744320000-0x00007FF744674000-memory.dmp

memory/2136-1078-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp

memory/3896-1079-0x00007FF625C70000-0x00007FF625FC4000-memory.dmp

memory/2696-1081-0x00007FF6EEF40000-0x00007FF6EF294000-memory.dmp

memory/1252-1080-0x00007FF76E1D0000-0x00007FF76E524000-memory.dmp

memory/2936-1082-0x00007FF73BD20000-0x00007FF73C074000-memory.dmp

memory/3652-1084-0x00007FF638860000-0x00007FF638BB4000-memory.dmp

memory/2540-1085-0x00007FF680D90000-0x00007FF6810E4000-memory.dmp

memory/2336-1087-0x00007FF7E66C0000-0x00007FF7E6A14000-memory.dmp

memory/4704-1086-0x00007FF69CC80000-0x00007FF69CFD4000-memory.dmp

memory/1100-1083-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp

memory/2888-1093-0x00007FF794710000-0x00007FF794A64000-memory.dmp

memory/2144-1094-0x00007FF74D0A0000-0x00007FF74D3F4000-memory.dmp

memory/3092-1096-0x00007FF6E1FF0000-0x00007FF6E2344000-memory.dmp

memory/4892-1095-0x00007FF630AE0000-0x00007FF630E34000-memory.dmp

memory/4060-1090-0x00007FF6AD0C0000-0x00007FF6AD414000-memory.dmp

memory/436-1089-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp

memory/3316-1092-0x00007FF704D50000-0x00007FF7050A4000-memory.dmp

memory/1136-1088-0x00007FF645880000-0x00007FF645BD4000-memory.dmp

memory/3508-1091-0x00007FF655B70000-0x00007FF655EC4000-memory.dmp

memory/2344-1100-0x00007FF67F9E0000-0x00007FF67FD34000-memory.dmp

memory/2992-1101-0x00007FF68A310000-0x00007FF68A664000-memory.dmp

memory/4516-1099-0x00007FF73E1C0000-0x00007FF73E514000-memory.dmp

memory/4984-1098-0x00007FF6AC950000-0x00007FF6ACCA4000-memory.dmp

memory/816-1097-0x00007FF7DC8A0000-0x00007FF7DCBF4000-memory.dmp