Malware Analysis Report

2024-10-10 09:07

Sample ID 240607-qy4f2aaa47
Target 203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe
SHA256 a84189d4a0be2a68df6e82492586515e47ede0bcaf0c5b8543eb2ec55fa37103
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a84189d4a0be2a68df6e82492586515e47ede0bcaf0c5b8543eb2ec55fa37103

Threat Level: Known bad

The file 203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Kpot family

xmrig

XMRig Miner payload

Xmrig family

KPOT

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 13:41

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 13:41

Reported

2024-06-07 13:47

Platform

win7-20240221-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oTPpezi.exe N/A
N/A N/A C:\Windows\System\zNTHMJc.exe N/A
N/A N/A C:\Windows\System\mSnocZd.exe N/A
N/A N/A C:\Windows\System\FHPTOOO.exe N/A
N/A N/A C:\Windows\System\TYzfpZr.exe N/A
N/A N/A C:\Windows\System\myTQhDn.exe N/A
N/A N/A C:\Windows\System\ALNFCqO.exe N/A
N/A N/A C:\Windows\System\bvrtepO.exe N/A
N/A N/A C:\Windows\System\jqCiuvG.exe N/A
N/A N/A C:\Windows\System\BCRaRvj.exe N/A
N/A N/A C:\Windows\System\ZrzYAip.exe N/A
N/A N/A C:\Windows\System\HUgjdgh.exe N/A
N/A N/A C:\Windows\System\PjXCgUh.exe N/A
N/A N/A C:\Windows\System\gnbBEbO.exe N/A
N/A N/A C:\Windows\System\VJCAwop.exe N/A
N/A N/A C:\Windows\System\VrjrFuA.exe N/A
N/A N/A C:\Windows\System\DvCRcah.exe N/A
N/A N/A C:\Windows\System\WUWbEao.exe N/A
N/A N/A C:\Windows\System\ZRfNwXo.exe N/A
N/A N/A C:\Windows\System\gZVzOll.exe N/A
N/A N/A C:\Windows\System\sCMnQYS.exe N/A
N/A N/A C:\Windows\System\XRdeDGU.exe N/A
N/A N/A C:\Windows\System\XGIwinE.exe N/A
N/A N/A C:\Windows\System\MqtbDec.exe N/A
N/A N/A C:\Windows\System\JasPhGY.exe N/A
N/A N/A C:\Windows\System\rzIDeye.exe N/A
N/A N/A C:\Windows\System\MLmkUnG.exe N/A
N/A N/A C:\Windows\System\qUjqSTc.exe N/A
N/A N/A C:\Windows\System\GEsHXBt.exe N/A
N/A N/A C:\Windows\System\kXOWOyU.exe N/A
N/A N/A C:\Windows\System\gNohQue.exe N/A
N/A N/A C:\Windows\System\ITSViDJ.exe N/A
N/A N/A C:\Windows\System\sXZlZEp.exe N/A
N/A N/A C:\Windows\System\xgcLVpQ.exe N/A
N/A N/A C:\Windows\System\UxGAYqu.exe N/A
N/A N/A C:\Windows\System\qlmIbnW.exe N/A
N/A N/A C:\Windows\System\xgcirwk.exe N/A
N/A N/A C:\Windows\System\eWHhffY.exe N/A
N/A N/A C:\Windows\System\dUVjeMI.exe N/A
N/A N/A C:\Windows\System\cTXDylW.exe N/A
N/A N/A C:\Windows\System\pdwimcI.exe N/A
N/A N/A C:\Windows\System\seFZBWY.exe N/A
N/A N/A C:\Windows\System\whmOtEI.exe N/A
N/A N/A C:\Windows\System\BFOHFDN.exe N/A
N/A N/A C:\Windows\System\xrquavx.exe N/A
N/A N/A C:\Windows\System\FaYCLSx.exe N/A
N/A N/A C:\Windows\System\EjXUUmP.exe N/A
N/A N/A C:\Windows\System\SklHtuN.exe N/A
N/A N/A C:\Windows\System\UetSAxm.exe N/A
N/A N/A C:\Windows\System\jKFwIzf.exe N/A
N/A N/A C:\Windows\System\kCQLeFe.exe N/A
N/A N/A C:\Windows\System\FHizOuB.exe N/A
N/A N/A C:\Windows\System\CximQCc.exe N/A
N/A N/A C:\Windows\System\POtHtEs.exe N/A
N/A N/A C:\Windows\System\cbUmktM.exe N/A
N/A N/A C:\Windows\System\RcIUBwL.exe N/A
N/A N/A C:\Windows\System\RrlGodg.exe N/A
N/A N/A C:\Windows\System\tRxRajN.exe N/A
N/A N/A C:\Windows\System\ljXHepa.exe N/A
N/A N/A C:\Windows\System\jPAHZbq.exe N/A
N/A N/A C:\Windows\System\HeypSUP.exe N/A
N/A N/A C:\Windows\System\rVuFOcH.exe N/A
N/A N/A C:\Windows\System\tBNXwwD.exe N/A
N/A N/A C:\Windows\System\rXColpe.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\lxKnWLk.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\jnhStHD.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\keXrZer.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrjrFuA.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnbBEbO.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZVzOll.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqusNFO.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQybRUo.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZQJGLgR.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnkoDQy.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYApUDd.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLBhLrF.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpXKDFx.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\MABhVPm.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\MNLnNBE.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\pRrCEjM.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYmNomY.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzpCqpV.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNTHMJc.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOQtpdW.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLcNguF.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZokahq.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdprCNI.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmPxyjg.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEsHXBt.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgcirwk.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOnTQfP.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\VakBMOW.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLhmZZs.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRAnuYT.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\myTQhDn.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITSViDJ.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCwOchB.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQcdrOj.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOyJTHG.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVuFOcH.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCywJCS.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFYCELa.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\WcqZpgH.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJKaAfM.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\FIKWfcn.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFrnUJx.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjXCgUh.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWHhffY.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\seFZBWY.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbUmktM.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVdrRXK.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\yppNRCK.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\tRxRajN.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWgdnkj.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\yZFqcMv.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCSJsyH.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFulnIU.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\FaYCLSx.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxDFkFs.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIWfLFv.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUpVOBG.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKBtfBN.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFxxnWj.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\RwYUhGZ.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCMnQYS.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDajIFo.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzwnyiT.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\lILDKfy.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 340 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\oTPpezi.exe
PID 340 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\oTPpezi.exe
PID 340 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\oTPpezi.exe
PID 340 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\zNTHMJc.exe
PID 340 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\zNTHMJc.exe
PID 340 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\zNTHMJc.exe
PID 340 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\mSnocZd.exe
PID 340 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\mSnocZd.exe
PID 340 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\mSnocZd.exe
PID 340 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\FHPTOOO.exe
PID 340 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\FHPTOOO.exe
PID 340 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\FHPTOOO.exe
PID 340 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\TYzfpZr.exe
PID 340 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\TYzfpZr.exe
PID 340 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\TYzfpZr.exe
PID 340 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\myTQhDn.exe
PID 340 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\myTQhDn.exe
PID 340 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\myTQhDn.exe
PID 340 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ALNFCqO.exe
PID 340 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ALNFCqO.exe
PID 340 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ALNFCqO.exe
PID 340 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\bvrtepO.exe
PID 340 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\bvrtepO.exe
PID 340 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\bvrtepO.exe
PID 340 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\jqCiuvG.exe
PID 340 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\jqCiuvG.exe
PID 340 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\jqCiuvG.exe
PID 340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\BCRaRvj.exe
PID 340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\BCRaRvj.exe
PID 340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\BCRaRvj.exe
PID 340 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\PjXCgUh.exe
PID 340 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\PjXCgUh.exe
PID 340 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\PjXCgUh.exe
PID 340 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZrzYAip.exe
PID 340 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZrzYAip.exe
PID 340 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZrzYAip.exe
PID 340 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VrjrFuA.exe
PID 340 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VrjrFuA.exe
PID 340 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VrjrFuA.exe
PID 340 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\HUgjdgh.exe
PID 340 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\HUgjdgh.exe
PID 340 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\HUgjdgh.exe
PID 340 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\WUWbEao.exe
PID 340 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\WUWbEao.exe
PID 340 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\WUWbEao.exe
PID 340 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gnbBEbO.exe
PID 340 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gnbBEbO.exe
PID 340 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gnbBEbO.exe
PID 340 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZRfNwXo.exe
PID 340 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZRfNwXo.exe
PID 340 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZRfNwXo.exe
PID 340 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VJCAwop.exe
PID 340 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VJCAwop.exe
PID 340 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VJCAwop.exe
PID 340 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gZVzOll.exe
PID 340 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gZVzOll.exe
PID 340 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\gZVzOll.exe
PID 340 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\DvCRcah.exe
PID 340 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\DvCRcah.exe
PID 340 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\DvCRcah.exe
PID 340 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\sCMnQYS.exe
PID 340 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\sCMnQYS.exe
PID 340 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\sCMnQYS.exe
PID 340 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\XRdeDGU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe"

C:\Windows\System\oTPpezi.exe

C:\Windows\System\oTPpezi.exe

C:\Windows\System\zNTHMJc.exe

C:\Windows\System\zNTHMJc.exe

C:\Windows\System\mSnocZd.exe

C:\Windows\System\mSnocZd.exe

C:\Windows\System\FHPTOOO.exe

C:\Windows\System\FHPTOOO.exe

C:\Windows\System\TYzfpZr.exe

C:\Windows\System\TYzfpZr.exe

C:\Windows\System\myTQhDn.exe

C:\Windows\System\myTQhDn.exe

C:\Windows\System\ALNFCqO.exe

C:\Windows\System\ALNFCqO.exe

C:\Windows\System\bvrtepO.exe

C:\Windows\System\bvrtepO.exe

C:\Windows\System\jqCiuvG.exe

C:\Windows\System\jqCiuvG.exe

C:\Windows\System\BCRaRvj.exe

C:\Windows\System\BCRaRvj.exe

C:\Windows\System\PjXCgUh.exe

C:\Windows\System\PjXCgUh.exe

C:\Windows\System\ZrzYAip.exe

C:\Windows\System\ZrzYAip.exe

C:\Windows\System\VrjrFuA.exe

C:\Windows\System\VrjrFuA.exe

C:\Windows\System\HUgjdgh.exe

C:\Windows\System\HUgjdgh.exe

C:\Windows\System\WUWbEao.exe

C:\Windows\System\WUWbEao.exe

C:\Windows\System\gnbBEbO.exe

C:\Windows\System\gnbBEbO.exe

C:\Windows\System\ZRfNwXo.exe

C:\Windows\System\ZRfNwXo.exe

C:\Windows\System\VJCAwop.exe

C:\Windows\System\VJCAwop.exe

C:\Windows\System\gZVzOll.exe

C:\Windows\System\gZVzOll.exe

C:\Windows\System\DvCRcah.exe

C:\Windows\System\DvCRcah.exe

C:\Windows\System\sCMnQYS.exe

C:\Windows\System\sCMnQYS.exe

C:\Windows\System\XRdeDGU.exe

C:\Windows\System\XRdeDGU.exe

C:\Windows\System\XGIwinE.exe

C:\Windows\System\XGIwinE.exe

C:\Windows\System\MqtbDec.exe

C:\Windows\System\MqtbDec.exe

C:\Windows\System\JasPhGY.exe

C:\Windows\System\JasPhGY.exe

C:\Windows\System\rzIDeye.exe

C:\Windows\System\rzIDeye.exe

C:\Windows\System\MLmkUnG.exe

C:\Windows\System\MLmkUnG.exe

C:\Windows\System\qUjqSTc.exe

C:\Windows\System\qUjqSTc.exe

C:\Windows\System\GEsHXBt.exe

C:\Windows\System\GEsHXBt.exe

C:\Windows\System\kXOWOyU.exe

C:\Windows\System\kXOWOyU.exe

C:\Windows\System\gNohQue.exe

C:\Windows\System\gNohQue.exe

C:\Windows\System\ITSViDJ.exe

C:\Windows\System\ITSViDJ.exe

C:\Windows\System\sXZlZEp.exe

C:\Windows\System\sXZlZEp.exe

C:\Windows\System\xgcLVpQ.exe

C:\Windows\System\xgcLVpQ.exe

C:\Windows\System\UxGAYqu.exe

C:\Windows\System\UxGAYqu.exe

C:\Windows\System\qlmIbnW.exe

C:\Windows\System\qlmIbnW.exe

C:\Windows\System\xgcirwk.exe

C:\Windows\System\xgcirwk.exe

C:\Windows\System\eWHhffY.exe

C:\Windows\System\eWHhffY.exe

C:\Windows\System\dUVjeMI.exe

C:\Windows\System\dUVjeMI.exe

C:\Windows\System\cTXDylW.exe

C:\Windows\System\cTXDylW.exe

C:\Windows\System\pdwimcI.exe

C:\Windows\System\pdwimcI.exe

C:\Windows\System\seFZBWY.exe

C:\Windows\System\seFZBWY.exe

C:\Windows\System\whmOtEI.exe

C:\Windows\System\whmOtEI.exe

C:\Windows\System\BFOHFDN.exe

C:\Windows\System\BFOHFDN.exe

C:\Windows\System\xrquavx.exe

C:\Windows\System\xrquavx.exe

C:\Windows\System\FaYCLSx.exe

C:\Windows\System\FaYCLSx.exe

C:\Windows\System\EjXUUmP.exe

C:\Windows\System\EjXUUmP.exe

C:\Windows\System\SklHtuN.exe

C:\Windows\System\SklHtuN.exe

C:\Windows\System\UetSAxm.exe

C:\Windows\System\UetSAxm.exe

C:\Windows\System\jKFwIzf.exe

C:\Windows\System\jKFwIzf.exe

C:\Windows\System\kCQLeFe.exe

C:\Windows\System\kCQLeFe.exe

C:\Windows\System\FHizOuB.exe

C:\Windows\System\FHizOuB.exe

C:\Windows\System\CximQCc.exe

C:\Windows\System\CximQCc.exe

C:\Windows\System\POtHtEs.exe

C:\Windows\System\POtHtEs.exe

C:\Windows\System\cbUmktM.exe

C:\Windows\System\cbUmktM.exe

C:\Windows\System\RcIUBwL.exe

C:\Windows\System\RcIUBwL.exe

C:\Windows\System\RrlGodg.exe

C:\Windows\System\RrlGodg.exe

C:\Windows\System\tRxRajN.exe

C:\Windows\System\tRxRajN.exe

C:\Windows\System\ljXHepa.exe

C:\Windows\System\ljXHepa.exe

C:\Windows\System\jPAHZbq.exe

C:\Windows\System\jPAHZbq.exe

C:\Windows\System\HeypSUP.exe

C:\Windows\System\HeypSUP.exe

C:\Windows\System\rVuFOcH.exe

C:\Windows\System\rVuFOcH.exe

C:\Windows\System\tBNXwwD.exe

C:\Windows\System\tBNXwwD.exe

C:\Windows\System\rXColpe.exe

C:\Windows\System\rXColpe.exe

C:\Windows\System\XioQCUc.exe

C:\Windows\System\XioQCUc.exe

C:\Windows\System\tLnMcLW.exe

C:\Windows\System\tLnMcLW.exe

C:\Windows\System\sXczexZ.exe

C:\Windows\System\sXczexZ.exe

C:\Windows\System\smdfKhB.exe

C:\Windows\System\smdfKhB.exe

C:\Windows\System\wsGzBOA.exe

C:\Windows\System\wsGzBOA.exe

C:\Windows\System\iWgdnkj.exe

C:\Windows\System\iWgdnkj.exe

C:\Windows\System\dTfoodP.exe

C:\Windows\System\dTfoodP.exe

C:\Windows\System\CVdrRXK.exe

C:\Windows\System\CVdrRXK.exe

C:\Windows\System\UFPTeuD.exe

C:\Windows\System\UFPTeuD.exe

C:\Windows\System\DSNIaXA.exe

C:\Windows\System\DSNIaXA.exe

C:\Windows\System\nTjcuos.exe

C:\Windows\System\nTjcuos.exe

C:\Windows\System\bhRAjgb.exe

C:\Windows\System\bhRAjgb.exe

C:\Windows\System\YcjZBVX.exe

C:\Windows\System\YcjZBVX.exe

C:\Windows\System\kBRmNGt.exe

C:\Windows\System\kBRmNGt.exe

C:\Windows\System\zrHjNUq.exe

C:\Windows\System\zrHjNUq.exe

C:\Windows\System\YOnTQfP.exe

C:\Windows\System\YOnTQfP.exe

C:\Windows\System\Nlysklq.exe

C:\Windows\System\Nlysklq.exe

C:\Windows\System\CdWOacG.exe

C:\Windows\System\CdWOacG.exe

C:\Windows\System\cOQtpdW.exe

C:\Windows\System\cOQtpdW.exe

C:\Windows\System\OxDbZEG.exe

C:\Windows\System\OxDbZEG.exe

C:\Windows\System\ryYKeug.exe

C:\Windows\System\ryYKeug.exe

C:\Windows\System\xCwOchB.exe

C:\Windows\System\xCwOchB.exe

C:\Windows\System\KNlUJUx.exe

C:\Windows\System\KNlUJUx.exe

C:\Windows\System\OtXxfSz.exe

C:\Windows\System\OtXxfSz.exe

C:\Windows\System\EDUmZba.exe

C:\Windows\System\EDUmZba.exe

C:\Windows\System\lhdnuYf.exe

C:\Windows\System\lhdnuYf.exe

C:\Windows\System\CJPrdJk.exe

C:\Windows\System\CJPrdJk.exe

C:\Windows\System\SczspgI.exe

C:\Windows\System\SczspgI.exe

C:\Windows\System\gLcNguF.exe

C:\Windows\System\gLcNguF.exe

C:\Windows\System\AelCLCE.exe

C:\Windows\System\AelCLCE.exe

C:\Windows\System\qlqpbyM.exe

C:\Windows\System\qlqpbyM.exe

C:\Windows\System\nqYjELQ.exe

C:\Windows\System\nqYjELQ.exe

C:\Windows\System\rpXKDFx.exe

C:\Windows\System\rpXKDFx.exe

C:\Windows\System\sfFwPFu.exe

C:\Windows\System\sfFwPFu.exe

C:\Windows\System\XXEjdEy.exe

C:\Windows\System\XXEjdEy.exe

C:\Windows\System\uMwuAjv.exe

C:\Windows\System\uMwuAjv.exe

C:\Windows\System\lzBTHcV.exe

C:\Windows\System\lzBTHcV.exe

C:\Windows\System\aqusNFO.exe

C:\Windows\System\aqusNFO.exe

C:\Windows\System\QyavElM.exe

C:\Windows\System\QyavElM.exe

C:\Windows\System\AZokahq.exe

C:\Windows\System\AZokahq.exe

C:\Windows\System\EDQolFd.exe

C:\Windows\System\EDQolFd.exe

C:\Windows\System\dIVIFpO.exe

C:\Windows\System\dIVIFpO.exe

C:\Windows\System\UIWpDvr.exe

C:\Windows\System\UIWpDvr.exe

C:\Windows\System\QQnsOED.exe

C:\Windows\System\QQnsOED.exe

C:\Windows\System\uOobkcS.exe

C:\Windows\System\uOobkcS.exe

C:\Windows\System\AtjxeyA.exe

C:\Windows\System\AtjxeyA.exe

C:\Windows\System\dCFOtZG.exe

C:\Windows\System\dCFOtZG.exe

C:\Windows\System\FJEDqBX.exe

C:\Windows\System\FJEDqBX.exe

C:\Windows\System\gtQbtER.exe

C:\Windows\System\gtQbtER.exe

C:\Windows\System\GrDxMIj.exe

C:\Windows\System\GrDxMIj.exe

C:\Windows\System\wAsNyXF.exe

C:\Windows\System\wAsNyXF.exe

C:\Windows\System\khzDlRo.exe

C:\Windows\System\khzDlRo.exe

C:\Windows\System\UEjLBrj.exe

C:\Windows\System\UEjLBrj.exe

C:\Windows\System\IQJmMkW.exe

C:\Windows\System\IQJmMkW.exe

C:\Windows\System\ArTXWld.exe

C:\Windows\System\ArTXWld.exe

C:\Windows\System\BPImLWQ.exe

C:\Windows\System\BPImLWQ.exe

C:\Windows\System\SKbkIZe.exe

C:\Windows\System\SKbkIZe.exe

C:\Windows\System\PiODyFu.exe

C:\Windows\System\PiODyFu.exe

C:\Windows\System\ehXEvLZ.exe

C:\Windows\System\ehXEvLZ.exe

C:\Windows\System\FVXRoOF.exe

C:\Windows\System\FVXRoOF.exe

C:\Windows\System\mSUHWHH.exe

C:\Windows\System\mSUHWHH.exe

C:\Windows\System\MSLNpTn.exe

C:\Windows\System\MSLNpTn.exe

C:\Windows\System\XGMaNMP.exe

C:\Windows\System\XGMaNMP.exe

C:\Windows\System\UNAALhC.exe

C:\Windows\System\UNAALhC.exe

C:\Windows\System\CEinlDI.exe

C:\Windows\System\CEinlDI.exe

C:\Windows\System\NbeckMe.exe

C:\Windows\System\NbeckMe.exe

C:\Windows\System\oGkVoAn.exe

C:\Windows\System\oGkVoAn.exe

C:\Windows\System\QhgAQBY.exe

C:\Windows\System\QhgAQBY.exe

C:\Windows\System\LZfmunz.exe

C:\Windows\System\LZfmunz.exe

C:\Windows\System\ifLeGWf.exe

C:\Windows\System\ifLeGWf.exe

C:\Windows\System\aIngxRO.exe

C:\Windows\System\aIngxRO.exe

C:\Windows\System\CYjvLlY.exe

C:\Windows\System\CYjvLlY.exe

C:\Windows\System\iJKtAyz.exe

C:\Windows\System\iJKtAyz.exe

C:\Windows\System\rQcdrOj.exe

C:\Windows\System\rQcdrOj.exe

C:\Windows\System\uBjFdmU.exe

C:\Windows\System\uBjFdmU.exe

C:\Windows\System\gfYJcXV.exe

C:\Windows\System\gfYJcXV.exe

C:\Windows\System\FHTRkYO.exe

C:\Windows\System\FHTRkYO.exe

C:\Windows\System\yxXFDNr.exe

C:\Windows\System\yxXFDNr.exe

C:\Windows\System\kXpjzcH.exe

C:\Windows\System\kXpjzcH.exe

C:\Windows\System\yOGwxuZ.exe

C:\Windows\System\yOGwxuZ.exe

C:\Windows\System\xElnDFu.exe

C:\Windows\System\xElnDFu.exe

C:\Windows\System\efNyYLA.exe

C:\Windows\System\efNyYLA.exe

C:\Windows\System\FIKWfcn.exe

C:\Windows\System\FIKWfcn.exe

C:\Windows\System\wHiZUsv.exe

C:\Windows\System\wHiZUsv.exe

C:\Windows\System\NXtZHfM.exe

C:\Windows\System\NXtZHfM.exe

C:\Windows\System\enMwrZY.exe

C:\Windows\System\enMwrZY.exe

C:\Windows\System\YLXOSbV.exe

C:\Windows\System\YLXOSbV.exe

C:\Windows\System\eGBWgGD.exe

C:\Windows\System\eGBWgGD.exe

C:\Windows\System\vEhdYOn.exe

C:\Windows\System\vEhdYOn.exe

C:\Windows\System\exENCWl.exe

C:\Windows\System\exENCWl.exe

C:\Windows\System\VJrSbrg.exe

C:\Windows\System\VJrSbrg.exe

C:\Windows\System\FrQuOZK.exe

C:\Windows\System\FrQuOZK.exe

C:\Windows\System\pfwaiTD.exe

C:\Windows\System\pfwaiTD.exe

C:\Windows\System\UwxGBrI.exe

C:\Windows\System\UwxGBrI.exe

C:\Windows\System\YqKqhTV.exe

C:\Windows\System\YqKqhTV.exe

C:\Windows\System\zruXmrz.exe

C:\Windows\System\zruXmrz.exe

C:\Windows\System\BfuXaBn.exe

C:\Windows\System\BfuXaBn.exe

C:\Windows\System\OQybRUo.exe

C:\Windows\System\OQybRUo.exe

C:\Windows\System\gKmwZNG.exe

C:\Windows\System\gKmwZNG.exe

C:\Windows\System\NrsleQT.exe

C:\Windows\System\NrsleQT.exe

C:\Windows\System\TDajIFo.exe

C:\Windows\System\TDajIFo.exe

C:\Windows\System\TqhQuIf.exe

C:\Windows\System\TqhQuIf.exe

C:\Windows\System\yUMPMgX.exe

C:\Windows\System\yUMPMgX.exe

C:\Windows\System\KlXcvMC.exe

C:\Windows\System\KlXcvMC.exe

C:\Windows\System\UclvTYZ.exe

C:\Windows\System\UclvTYZ.exe

C:\Windows\System\MZvqysS.exe

C:\Windows\System\MZvqysS.exe

C:\Windows\System\KhFHaCU.exe

C:\Windows\System\KhFHaCU.exe

C:\Windows\System\zQUBiKo.exe

C:\Windows\System\zQUBiKo.exe

C:\Windows\System\UdprCNI.exe

C:\Windows\System\UdprCNI.exe

C:\Windows\System\MnkoDQy.exe

C:\Windows\System\MnkoDQy.exe

C:\Windows\System\iubmplJ.exe

C:\Windows\System\iubmplJ.exe

C:\Windows\System\yYLVrQS.exe

C:\Windows\System\yYLVrQS.exe

C:\Windows\System\EgtlYxI.exe

C:\Windows\System\EgtlYxI.exe

C:\Windows\System\XxDFkFs.exe

C:\Windows\System\XxDFkFs.exe

C:\Windows\System\DHodHNF.exe

C:\Windows\System\DHodHNF.exe

C:\Windows\System\vCywJCS.exe

C:\Windows\System\vCywJCS.exe

C:\Windows\System\hIWfLFv.exe

C:\Windows\System\hIWfLFv.exe

C:\Windows\System\yZFqcMv.exe

C:\Windows\System\yZFqcMv.exe

C:\Windows\System\NXfgCCl.exe

C:\Windows\System\NXfgCCl.exe

C:\Windows\System\OtwWWvP.exe

C:\Windows\System\OtwWWvP.exe

C:\Windows\System\LNboxme.exe

C:\Windows\System\LNboxme.exe

C:\Windows\System\WMVXGjV.exe

C:\Windows\System\WMVXGjV.exe

C:\Windows\System\MsbwFJJ.exe

C:\Windows\System\MsbwFJJ.exe

C:\Windows\System\iOLvYCv.exe

C:\Windows\System\iOLvYCv.exe

C:\Windows\System\gzwnyiT.exe

C:\Windows\System\gzwnyiT.exe

C:\Windows\System\qOyJTHG.exe

C:\Windows\System\qOyJTHG.exe

C:\Windows\System\VakBMOW.exe

C:\Windows\System\VakBMOW.exe

C:\Windows\System\LBuZVZS.exe

C:\Windows\System\LBuZVZS.exe

C:\Windows\System\lxKnWLk.exe

C:\Windows\System\lxKnWLk.exe

C:\Windows\System\UVVewFb.exe

C:\Windows\System\UVVewFb.exe

C:\Windows\System\qTjmzPW.exe

C:\Windows\System\qTjmzPW.exe

C:\Windows\System\LsMBUri.exe

C:\Windows\System\LsMBUri.exe

C:\Windows\System\lILDKfy.exe

C:\Windows\System\lILDKfy.exe

C:\Windows\System\naXEkiC.exe

C:\Windows\System\naXEkiC.exe

C:\Windows\System\mYApUDd.exe

C:\Windows\System\mYApUDd.exe

C:\Windows\System\hFQqqCz.exe

C:\Windows\System\hFQqqCz.exe

C:\Windows\System\HPiERDr.exe

C:\Windows\System\HPiERDr.exe

C:\Windows\System\pHKUgwL.exe

C:\Windows\System\pHKUgwL.exe

C:\Windows\System\ToVsXdF.exe

C:\Windows\System\ToVsXdF.exe

C:\Windows\System\psMDaEC.exe

C:\Windows\System\psMDaEC.exe

C:\Windows\System\VsdwcLf.exe

C:\Windows\System\VsdwcLf.exe

C:\Windows\System\oJOsPFx.exe

C:\Windows\System\oJOsPFx.exe

C:\Windows\System\VGERnpg.exe

C:\Windows\System\VGERnpg.exe

C:\Windows\System\pYgraVF.exe

C:\Windows\System\pYgraVF.exe

C:\Windows\System\BmWTrvK.exe

C:\Windows\System\BmWTrvK.exe

C:\Windows\System\Zyblqej.exe

C:\Windows\System\Zyblqej.exe

C:\Windows\System\pAvptke.exe

C:\Windows\System\pAvptke.exe

C:\Windows\System\bUpVOBG.exe

C:\Windows\System\bUpVOBG.exe

C:\Windows\System\FakVpcA.exe

C:\Windows\System\FakVpcA.exe

C:\Windows\System\IEBOJOv.exe

C:\Windows\System\IEBOJOv.exe

C:\Windows\System\zhSLqvJ.exe

C:\Windows\System\zhSLqvJ.exe

C:\Windows\System\BYZKNxc.exe

C:\Windows\System\BYZKNxc.exe

C:\Windows\System\ipUBVSz.exe

C:\Windows\System\ipUBVSz.exe

C:\Windows\System\cPbyCnE.exe

C:\Windows\System\cPbyCnE.exe

C:\Windows\System\TvPDZgA.exe

C:\Windows\System\TvPDZgA.exe

C:\Windows\System\cSCZdsk.exe

C:\Windows\System\cSCZdsk.exe

C:\Windows\System\QNCGEMG.exe

C:\Windows\System\QNCGEMG.exe

C:\Windows\System\TSzXyya.exe

C:\Windows\System\TSzXyya.exe

C:\Windows\System\uiOktCB.exe

C:\Windows\System\uiOktCB.exe

C:\Windows\System\pRrCEjM.exe

C:\Windows\System\pRrCEjM.exe

C:\Windows\System\wYmNomY.exe

C:\Windows\System\wYmNomY.exe

C:\Windows\System\dCSJsyH.exe

C:\Windows\System\dCSJsyH.exe

C:\Windows\System\bPTISOv.exe

C:\Windows\System\bPTISOv.exe

C:\Windows\System\JFxxnWj.exe

C:\Windows\System\JFxxnWj.exe

C:\Windows\System\UIGSFBg.exe

C:\Windows\System\UIGSFBg.exe

C:\Windows\System\vqdUpNw.exe

C:\Windows\System\vqdUpNw.exe

C:\Windows\System\lSrQSRV.exe

C:\Windows\System\lSrQSRV.exe

C:\Windows\System\xPNuAHY.exe

C:\Windows\System\xPNuAHY.exe

C:\Windows\System\DssaWYs.exe

C:\Windows\System\DssaWYs.exe

C:\Windows\System\dLVfvaC.exe

C:\Windows\System\dLVfvaC.exe

C:\Windows\System\WbTwBcS.exe

C:\Windows\System\WbTwBcS.exe

C:\Windows\System\PvTjgNR.exe

C:\Windows\System\PvTjgNR.exe

C:\Windows\System\IDRFYZP.exe

C:\Windows\System\IDRFYZP.exe

C:\Windows\System\QFulnIU.exe

C:\Windows\System\QFulnIU.exe

C:\Windows\System\bFXBWTr.exe

C:\Windows\System\bFXBWTr.exe

C:\Windows\System\ZFYCELa.exe

C:\Windows\System\ZFYCELa.exe

C:\Windows\System\keKXuzt.exe

C:\Windows\System\keKXuzt.exe

C:\Windows\System\mFrnUJx.exe

C:\Windows\System\mFrnUJx.exe

C:\Windows\System\rjvnzWf.exe

C:\Windows\System\rjvnzWf.exe

C:\Windows\System\ZweebMb.exe

C:\Windows\System\ZweebMb.exe

C:\Windows\System\wapNBic.exe

C:\Windows\System\wapNBic.exe

C:\Windows\System\MlbrmHQ.exe

C:\Windows\System\MlbrmHQ.exe

C:\Windows\System\yLhmZZs.exe

C:\Windows\System\yLhmZZs.exe

C:\Windows\System\WcqZpgH.exe

C:\Windows\System\WcqZpgH.exe

C:\Windows\System\pMsYhhW.exe

C:\Windows\System\pMsYhhW.exe

C:\Windows\System\kZvlyUQ.exe

C:\Windows\System\kZvlyUQ.exe

C:\Windows\System\FYauTSy.exe

C:\Windows\System\FYauTSy.exe

C:\Windows\System\EzvSaIc.exe

C:\Windows\System\EzvSaIc.exe

C:\Windows\System\cKkaqIF.exe

C:\Windows\System\cKkaqIF.exe

C:\Windows\System\IyqObJY.exe

C:\Windows\System\IyqObJY.exe

C:\Windows\System\AKItZmP.exe

C:\Windows\System\AKItZmP.exe

C:\Windows\System\NiWejQr.exe

C:\Windows\System\NiWejQr.exe

C:\Windows\System\EHzjZJv.exe

C:\Windows\System\EHzjZJv.exe

C:\Windows\System\RcOvoBt.exe

C:\Windows\System\RcOvoBt.exe

C:\Windows\System\yppNRCK.exe

C:\Windows\System\yppNRCK.exe

C:\Windows\System\zWlXOCa.exe

C:\Windows\System\zWlXOCa.exe

C:\Windows\System\kQrfPjz.exe

C:\Windows\System\kQrfPjz.exe

C:\Windows\System\oeYzowA.exe

C:\Windows\System\oeYzowA.exe

C:\Windows\System\jnhStHD.exe

C:\Windows\System\jnhStHD.exe

C:\Windows\System\GPkzFLQ.exe

C:\Windows\System\GPkzFLQ.exe

C:\Windows\System\oCfrnaq.exe

C:\Windows\System\oCfrnaq.exe

C:\Windows\System\NIfjJmA.exe

C:\Windows\System\NIfjJmA.exe

C:\Windows\System\rNHiWjD.exe

C:\Windows\System\rNHiWjD.exe

C:\Windows\System\zpBtXGa.exe

C:\Windows\System\zpBtXGa.exe

C:\Windows\System\OajJgVd.exe

C:\Windows\System\OajJgVd.exe

C:\Windows\System\idnJhXu.exe

C:\Windows\System\idnJhXu.exe

C:\Windows\System\CRAnuYT.exe

C:\Windows\System\CRAnuYT.exe

C:\Windows\System\TLBhLrF.exe

C:\Windows\System\TLBhLrF.exe

C:\Windows\System\RwYUhGZ.exe

C:\Windows\System\RwYUhGZ.exe

C:\Windows\System\hnYrZgn.exe

C:\Windows\System\hnYrZgn.exe

C:\Windows\System\qlzrESb.exe

C:\Windows\System\qlzrESb.exe

C:\Windows\System\WlZVRUp.exe

C:\Windows\System\WlZVRUp.exe

C:\Windows\System\TXuFnZm.exe

C:\Windows\System\TXuFnZm.exe

C:\Windows\System\NgXRsRd.exe

C:\Windows\System\NgXRsRd.exe

C:\Windows\System\iOuCTJb.exe

C:\Windows\System\iOuCTJb.exe

C:\Windows\System\xQdkqMX.exe

C:\Windows\System\xQdkqMX.exe

C:\Windows\System\OdTyUjj.exe

C:\Windows\System\OdTyUjj.exe

C:\Windows\System\VaJWmsE.exe

C:\Windows\System\VaJWmsE.exe

C:\Windows\System\jzpCqpV.exe

C:\Windows\System\jzpCqpV.exe

C:\Windows\System\gJmcTxN.exe

C:\Windows\System\gJmcTxN.exe

C:\Windows\System\BFXAecn.exe

C:\Windows\System\BFXAecn.exe

C:\Windows\System\XktAZPU.exe

C:\Windows\System\XktAZPU.exe

C:\Windows\System\FWnqTCY.exe

C:\Windows\System\FWnqTCY.exe

C:\Windows\System\WVHgWqa.exe

C:\Windows\System\WVHgWqa.exe

C:\Windows\System\wtvQsUp.exe

C:\Windows\System\wtvQsUp.exe

C:\Windows\System\HvthmdU.exe

C:\Windows\System\HvthmdU.exe

C:\Windows\System\gCrHKjx.exe

C:\Windows\System\gCrHKjx.exe

C:\Windows\System\pvihuvF.exe

C:\Windows\System\pvihuvF.exe

C:\Windows\System\STFHCdV.exe

C:\Windows\System\STFHCdV.exe

C:\Windows\System\gmPxyjg.exe

C:\Windows\System\gmPxyjg.exe

C:\Windows\System\ETjZygv.exe

C:\Windows\System\ETjZygv.exe

C:\Windows\System\keXrZer.exe

C:\Windows\System\keXrZer.exe

C:\Windows\System\OlURfCn.exe

C:\Windows\System\OlURfCn.exe

C:\Windows\System\MylDlYH.exe

C:\Windows\System\MylDlYH.exe

C:\Windows\System\YvUjnqQ.exe

C:\Windows\System\YvUjnqQ.exe

C:\Windows\System\aJWVQLg.exe

C:\Windows\System\aJWVQLg.exe

C:\Windows\System\vaEKKBA.exe

C:\Windows\System\vaEKKBA.exe

C:\Windows\System\QiVtwVM.exe

C:\Windows\System\QiVtwVM.exe

C:\Windows\System\APIeabI.exe

C:\Windows\System\APIeabI.exe

C:\Windows\System\mvBCBFL.exe

C:\Windows\System\mvBCBFL.exe

C:\Windows\System\QEceNXt.exe

C:\Windows\System\QEceNXt.exe

C:\Windows\System\MnyYJmM.exe

C:\Windows\System\MnyYJmM.exe

C:\Windows\System\iNIpMKW.exe

C:\Windows\System\iNIpMKW.exe

C:\Windows\System\YkbgEDL.exe

C:\Windows\System\YkbgEDL.exe

C:\Windows\System\xdviHjH.exe

C:\Windows\System\xdviHjH.exe

C:\Windows\System\RauArnn.exe

C:\Windows\System\RauArnn.exe

C:\Windows\System\nSsthSe.exe

C:\Windows\System\nSsthSe.exe

C:\Windows\System\DxHPgNM.exe

C:\Windows\System\DxHPgNM.exe

C:\Windows\System\CKBtfBN.exe

C:\Windows\System\CKBtfBN.exe

C:\Windows\System\MrtGyJt.exe

C:\Windows\System\MrtGyJt.exe

C:\Windows\System\keIjczU.exe

C:\Windows\System\keIjczU.exe

C:\Windows\System\ZQJGLgR.exe

C:\Windows\System\ZQJGLgR.exe

C:\Windows\System\OiHnaKI.exe

C:\Windows\System\OiHnaKI.exe

C:\Windows\System\uBgspgJ.exe

C:\Windows\System\uBgspgJ.exe

C:\Windows\System\yJKaAfM.exe

C:\Windows\System\yJKaAfM.exe

C:\Windows\System\MABhVPm.exe

C:\Windows\System\MABhVPm.exe

C:\Windows\System\rcwwWEq.exe

C:\Windows\System\rcwwWEq.exe

C:\Windows\System\MNLnNBE.exe

C:\Windows\System\MNLnNBE.exe

C:\Windows\System\YoHbgdm.exe

C:\Windows\System\YoHbgdm.exe

C:\Windows\System\TAUKucy.exe

C:\Windows\System\TAUKucy.exe

C:\Windows\System\qCBaAXM.exe

C:\Windows\System\qCBaAXM.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/340-0-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/340-1-0x0000000000180000-0x0000000000190000-memory.dmp

\Windows\system\oTPpezi.exe

MD5 9f70299cfbafe7ddce1df2b0fc9b683e
SHA1 4c03dd61be13de7bbe459d5dfe6c420484e5b4fe
SHA256 a156cd186072cd3c5f9c969cecff94769b2a8c3e028b4a79833328204bcaa729
SHA512 9f6f540c677d7eeda7e548ae4785ca1ff1a82a6c8c5bb9d02befcf3105923ff441c6671395a91f9a2a7b09171ff0a43ca0e196b7aed65dc04e603e133699445e

memory/340-8-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2384-9-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\zNTHMJc.exe

MD5 c3f44a4230c85e61dfa6fd363ba06e8b
SHA1 2efb939a1b0f128941809668d9bae0c05454a2df
SHA256 d00cf8793d5e76309b4b15220364d9e7d9b8e30d12615fad39c2465273c5c33d
SHA512 78697532a101dd9d9d429d253478773c66baed4e45e561a83bd641b1a0504ab34c73d763ed86c825d8ff70d72cc99fc4ca18417f9cbd341f33252bd7c7f88b81

\Windows\system\FHPTOOO.exe

MD5 fabc0a2fe071b5ad450af6b41eb2f472
SHA1 26ad0ea25ab6619a54c482ecdc1a459c7fbee696
SHA256 a6b50c17b1d5c2e8599299348f50a418e06f6d75e8668306a12b6611e1576d02
SHA512 88d6697e81c7e7b6bd34b348e6746e6366959aeb51284136b5a8595dbee3b47b074938d3b2a759fef0ae2b0e00c4758f49653875aa586a1187671809560c96f3

memory/340-18-0x0000000001F10000-0x0000000002264000-memory.dmp

C:\Windows\system\mSnocZd.exe

MD5 b87358520dcc80b9a1a2feb03b4f738b
SHA1 d892589890222ab34cdd9ce7f98bc50ceab8c1ce
SHA256 9ce5bdf04f581b3c1b57c8e40355f63cc94f90232366d7676742eca071faddf0
SHA512 d4edf33e753905607c9aa07e9acb11da03b6634818660127ab82984d2bdc2ba073960575f000a6efc9d1b4fd0bad0f13d370617b759b61e64fd9ec867fb0d2dc

memory/2960-22-0x000000013F850000-0x000000013FBA4000-memory.dmp

C:\Windows\system\TYzfpZr.exe

MD5 20ae47487b2f2a1a23d81ee9d2724105
SHA1 fae62d553ca7b4de121e06e817be89761009a6dc
SHA256 9cee3af254c1dac9f84bfe6168a305f600adcec930b8aeb3b3d49dec454271f9
SHA512 71b40779c7cd129a386d5f8d33864290cc40d24e49e751038641cca700655bb36be7a2b7ffc281731a78055fe5529d70f1a4d128b292cb57e4085b70453748f6

C:\Windows\system\myTQhDn.exe

MD5 a926a885cc0702396829b2912bd9e9ba
SHA1 e1d2e909adafa19042ae9420d592a5f90a1e424a
SHA256 42a7bef19bbfe2a2c88cfd6ed94beb33bd127df7a9ef90fd30a334bd586d1984
SHA512 2c5959efd99dca7f314653d9f58f9300ca83b20d35ba6eaacb7b6a2d08a83cdc042825ddeee0ba58d0e199b985b38f17f57ac37c94e51ad603914c2d9f3a0de6

memory/340-39-0x000000013FDC0000-0x0000000140114000-memory.dmp

\Windows\system\ALNFCqO.exe

MD5 d28698bf111f939635e9e4f738f48cd5
SHA1 47ac149f0a8a75e3797e7168de485ad3f08ebc5b
SHA256 851a79b2a9748efbe8072404dafaa10ccd8c8a102d588f209cef66314d1f0e53
SHA512 19abf228084b4cd80035aab0bc0641f89914c466ec33c4b5339b69e6d58ed91e939f5d368e23cfd9eb669c8d8e31e5a35d72ec48a8e468e9c80d890f34ae7ef5

memory/2704-41-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2660-35-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2124-33-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2536-32-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/340-31-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/340-28-0x000000013FE90000-0x00000001401E4000-memory.dmp

C:\Windows\system\ALNFCqO.exe

MD5 a2c820a6aca3c88e4d8c07ed04db7cd1
SHA1 e529471b933e7e1678f6059855b891e73a2b8252
SHA256 2fd51021c1dbcc9bb5bf98d8fb20a7d1835feb0d64c04fed4aefb5db29511f2a
SHA512 e4e6e87c595283c96a6d65af0aa0d5e2fb510dded098a029e09551b6cc413cee67f75c96d33b815c5980de5de73b7347bfb23d141a8f3009600f70954205707d

memory/340-60-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2696-58-0x000000013F7C0000-0x000000013FB14000-memory.dmp

\Windows\system\bvrtepO.exe

MD5 b7db231196e3dfa4e66511dfd72eec2a
SHA1 a3362ba37402ffd97528c12ae21e5770b9c57a72
SHA256 d54ab7c097cf29f010d6c8559001b1ea23d2bd3c9ed0b8808188896aa2d9e957
SHA512 cd57ffafd483e0bcc1b473604c0a275fbe500c0810c463cb7a39f5942d83be2c65b6529a5edbf57c084448ddd91ac77a5723a9363636a65fbd51d8ee97edf331

memory/2568-63-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2460-62-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/340-61-0x0000000001F10000-0x0000000002264000-memory.dmp

\Windows\system\PjXCgUh.exe

MD5 b01bdb4e14be49c4be55b315a040c367
SHA1 e23c76aaafececba0539f9c4f5237c1b022b315d
SHA256 facb09dccc08cceb8db33b4f0f33c676c3f7a8a081fb765e84e386a08b16c85a
SHA512 9ae213f206193320f46583058b7d38221fa1ec55ae02eb9beceb29c2a9f4622e7cd071f507ffa4f25ae367643fa3f6df6ebc4f4cc84e408994d422a786c1af0f

C:\Windows\system\ZrzYAip.exe

MD5 fe23d8f2a683ea3c37e211db5c47c198
SHA1 c8d98757080f758fa71fe2947f967f4c2ba26b77
SHA256 e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8
SHA512 ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

memory/340-109-0x0000000001F10000-0x0000000002264000-memory.dmp

memory/340-119-0x0000000001F10000-0x0000000002264000-memory.dmp

C:\Windows\system\WUWbEao.exe

MD5 f433193c11ce64dd1e2517991ec9f29e
SHA1 90df4ad6b9554cfc4930b90a45a738194a3db176
SHA256 f94467274ab855ba3835a7d10b49f5f7294208a0d29ff6c345c0fcf704b3760b
SHA512 b87f740ee2ac66060e7efdc6112815058b67b35f1de212a3a4d997632bbd7e09b1748996f2e8cf2f857b13b70653ffff44c9aeebc43f2fffbecf6ce6d1e6afae

C:\Windows\system\sCMnQYS.exe

MD5 30b7f6e00bc181f47f876833242ebe52
SHA1 4fefd7c56973d7d9956d07c3030f304b05970280
SHA256 63cd4ff021b4548eb71de7e2f2885e5bae3020a5946be5c5d79dc89724945a36
SHA512 ce1cd3b48f13608ce1fd1e6acb532c44ccbdc718f8f0c0f9d9344cb17fd44e1ade9b4e62756aaac0226f1658310f3ca4b8e782a5a0fd983757b5ba67f58a7681

C:\Windows\system\JasPhGY.exe

MD5 728f1f1ca194e50ce967bf9cc550f15b
SHA1 36a0bb25736147e6f1b0a4c84ea9ca98333ca854
SHA256 a05961fc592f72d2271183b6d25519029718105fde0de203b7cbc930232ee4a9
SHA512 95733a1496bccdf59d4d09d635d1e2377eb66f9b8a7b271a3ccdeeaa639c1d478dd9817ce7b3242966f64be6261676b2c177788b9e131c4d0e57d6e5dabdfe94

memory/2660-1068-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2704-1070-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/340-1069-0x0000000001F10000-0x0000000002264000-memory.dmp

C:\Windows\system\ITSViDJ.exe

MD5 8b2eab9a9bb1361eafd5bc47cb69d5dd
SHA1 d26c0c240cf96c7874a2470914ecaee58edf1c7c
SHA256 f7e76e45ee22d9a423b9f2a47e6138b6b56aac3e32e93aef3e9d227671709cc9
SHA512 158532117b03f91d18e84735461eb50a4919361d94c7826029cc08c6c331c2e68aeb6d8d3e6b16484cc8263386da449fe3dc3358b3327ec0b2843a796fef56af

memory/340-1071-0x0000000001F10000-0x0000000002264000-memory.dmp

C:\Windows\system\gNohQue.exe

MD5 cd5ef36ef03eac2b20cce67daca8e60e
SHA1 78ffe5bdf11fd5c1af061891a6f825c7e6d5971e
SHA256 c9394411c09cedeb6199f3ce46bf92c0c6fd19fa68844008591c10a1cf195974
SHA512 5806b974fa088e66d040826bc66b929a74fa0017878d780c1b5daeca898125a6d7965ed63fbdb5f892a98e1909fc8fae29ef3faa316e6f8db54adbdaa8571a2a

C:\Windows\system\kXOWOyU.exe

MD5 6b5887af4274a78686a788865765637c
SHA1 5afc15e6fcbc11377bbabbda47ff43f6ebedd369
SHA256 ecdfed9bc02368fefbebe0d02090e93826b7e5cc1043e339dd245299c8b23006
SHA512 4f563e539f8ec68bbc27d4cc59c42ea4897bb131085e08433f745cc558ab7a030701a601ddb711cda19dfa6cd9086b458fb74762092be15aaa4190c05134d077

\Windows\system\GEsHXBt.exe

MD5 8e3fc5783ccdf855ff55f4613077d752
SHA1 80b6dca66f2213c2a54408dd4483bf94cb275f8c
SHA256 bd4165fbdeb87beea90ed208e645750d015280e2f0ecf93fa82ff892524c9443
SHA512 12cf3d2d5d69d4d3f3ea1e553153836dfb2a50a36ca09a80f4386c19b030fd85715bd6ac5fbd0d941496d3ded7447f84ad1be84cf151cd0e3d57433143281488

\Windows\system\MLmkUnG.exe

MD5 469aca0e2abc33bcc5100f89b3196890
SHA1 b77c2be76b0bcd5c1640c82143bf4ae8abf6ed35
SHA256 8e4d419e754f89fae1d30741df9483d06709f6d20541cbce976b97c6b74f264f
SHA512 bb8f27156094a7b200e5c1844466de9827240ad5c62598ca983899918fcfddc76480438ab7ff457f4059655d26f5dee65f9d3ba57dc850a7e0c1c267d7e2bdae

C:\Windows\system\rzIDeye.exe

MD5 35abfbaa44a4907e2b395dd578cf2abc
SHA1 aeb9e73f225ef474e08073a318e28a719eda0a51
SHA256 7587a6f55c3624215afd47a9bfa8d8f34b3af2ccd577afb2d813c0fbce003ac9
SHA512 662fa4101dc75e9cdfccbb01d29705a4dc69538839bfe48e7130869b04dbffe427aa2e126cfc1492abc797e64a7f45dcf62b5d319033a559d5564a9da54cb0ce

\Windows\system\rzIDeye.exe

MD5 cee1d7c75ec08ec3a0aa1b8d4f177dfa
SHA1 1207597f2e309bc114f05644994b14dd66867494
SHA256 aa8ddc9425332a6bee37c4e0cdbeb60d28c71352fc9d454ff68cbf78457825d8
SHA512 83e5da81ccdb7e0e25cbade96c3e7093378153d455d369d7d4f6a3aea8f892a34b9bfa83bb0709e115260a1817b227b386a9401fd7ac3a3fca4238ed40b276eb

\Windows\system\XGIwinE.exe

MD5 0642442db4acbbfb6037e06789624264
SHA1 923aee440a6887c7a7a8a78085aa492b2cdcee65
SHA256 5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85
SHA512 7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

C:\Windows\system\XRdeDGU.exe

MD5 8a44452e4020a5690bdb5ab4b9423a30
SHA1 4c411a1c72f814994199ff87e2b15a023e8ec369
SHA256 11f8d90029978b95c0d172136a1a1e9fd350b1531c027ef2956a436ecc0f23c2
SHA512 1c509b1048697ea0666b458b36ab55ba466e8cf34835bddc820597e47ba06b780c081d40ee741e43ebc310617f51bf86b8181cac038f5b71669b77caa09bad01

\Windows\system\XRdeDGU.exe

MD5 cdcf7356647142d422479f05aad1001b
SHA1 2fda40d60a5615f87789846dc8219bea51def515
SHA256 2cbe7d6b79d031ef87e25b9df210f15a283114a83369809ccac96683171ab551
SHA512 30ff3785f4f2744e1b83fc3ae807e49c2e99d8ebda936a47f59bd97d0ed22a8fce2c2933fd2a4452a2399dd28d53bea5e5764a413a49014c1a4fa6622137e1e5

\Windows\system\sCMnQYS.exe

MD5 70c897739a137e89f2d82c9dabeeef2a
SHA1 67e885a494517b5f750e480c68e0c2ca22b15cf7
SHA256 8dde36b650fbaf34587f72bf10830e17da0a25a3521601a65346afa7f80a78d8
SHA512 c8afb4166eacbeae69ec88f50ccde1ae578b8a02845a18b7b0eb2fafe7d310502593221cffeaad190d26bd2645f92b6d5b849beaec7416e5637bda83ee9bbb23

memory/2752-112-0x000000013FA60000-0x000000013FDB4000-memory.dmp

\Windows\system\gZVzOll.exe

MD5 40f92dd90f43543253bd3c102b8e3267
SHA1 333e1696231b0dda69216030124a64676e72c808
SHA256 c932fbf19951a1a28b8075e776ee8eb67426f2a2bd75870acd6e9d5e8ccacbfc
SHA512 0a35ac2c7a874ff41e437ee5e71233dd9dac9aceef48d6d36166fbe747c7f3b0b9deb0103b28543751834b4422eb844c50df08da16b835b4f8ca0576074164bb

C:\Windows\system\ZRfNwXo.exe

MD5 0cd2bfafae407df88afa92c4e7025bb9
SHA1 9874efa83db1fa3327765748a5f62d972d53560c
SHA256 4c6b792a2bd5ee9eb98cdb928471d2ba09d09a01df8f607b4ac668c501677b4f
SHA512 ef125c52210b603384971c1f1c35ee16c9cb399017fc2514ad991facb21f279a5e6382032c4d672ff05a73493ab4141b7561e583d2d596d9d33c176892746695

memory/340-122-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/340-121-0x0000000001F10000-0x0000000002264000-memory.dmp

C:\Windows\system\DvCRcah.exe

MD5 cc886dfab2bae39e2c76ea908eaecb05
SHA1 97a32740992251d0d2b227a2a107fccd3853343e
SHA256 18b5d80409ec96a2b6bb1ec3e15a32206ea4189d2b93cfb366d737c20310c4e9
SHA512 b33f100252043d34c6f0e508ded713fda80ca0e8ad0a9fa8843145de25d0bc57259f813f96f24abe99697fc2151425f29788276d75c118fd5f5360d001a65980

\Windows\system\ZRfNwXo.exe

MD5 3c3bc20bdcfc129acdd3888b38b78575
SHA1 4fbc397946cbcde00298ad265d5f22c845189fc8
SHA256 fc65533255b777b58ddc946e6ae9b39c1b6b5752b5f08c5cc4ce0946ed524167
SHA512 bcebc9a2e3f4cb93b5ccbd38d48977ea7117e5adc0020cc2c730280fb3cd00aac01e7e8695451ea4577474f6fb723765fbb82c25937f7f3876e5afb06f2c93a9

memory/340-90-0x000000013F030000-0x000000013F384000-memory.dmp

C:\Windows\system\HUgjdgh.exe

MD5 a0a04648f2e48315a44ceb7cb5a1127c
SHA1 8ed0ac2d8ff35c60a95275a3bd0446243cecfd92
SHA256 3eb694911037715d357c124a28eb5c01ef7c22731097d2e959c5ba05efb5b32e
SHA512 76e2105b616f4f9f98a1f70f07b52e6954991d4b3c0020bef4f105d2f5845d7417e367371b1ea383a1d62cebf450ccbff3498f910deedeec5e5fef941d34c809

\Windows\system\WUWbEao.exe

MD5 40dc223ffa69c4d514f84399129efc27
SHA1 0df23a48e36fa0cb452fee3f83e96134e589fac4
SHA256 438c9997ddc4e5d995d1f427270826d0a318742c91b53d64a3f7e02e0447b56d
SHA512 54b6dce94a9e7a02f008ed3ca30efc7e6cd334c4cf6453fd0ddb7a8a5efbc4187c9d1da7bc7570f76c9fa723286d9bf18fc7fd10f4aa97b087684fb9373d1d90

memory/2420-105-0x000000013F030000-0x000000013F384000-memory.dmp

C:\Windows\system\VJCAwop.exe

MD5 d381f97a19b34824800709182fd4459a
SHA1 ca7539e4446b81b41b67d656cb2467cd0283f7bc
SHA256 4867bc965ad936a06665edd42723284da7d03ce2cd10f1e78d5b553be22f55d4
SHA512 f513d5406959c510a32a6f7368141ce8696b87407be67f680c3099a635260c2c0fb003ef349fb16b2153c72c311d2632ea4a81e90297d3c2df4c7aa2c12e1142

C:\Windows\system\gnbBEbO.exe

MD5 c76d3ad297290e9bd5a7e9b3611dd6f2
SHA1 a0bdee812e16c2afa50fccc1be5a63f78fa08711
SHA256 0b11124758f7abda8a4dd7e95f4acd22f2419bd5791b4088a8f94ac040c9bc3f
SHA512 ae0ca452b0254c937817b597aac2b42aa594d92f333505491257638aa4752ae607d6d6180c6fa711005b310f98ad53e23333df2f0c32d3298037fb9e3c61ef0f

memory/340-74-0x0000000001F10000-0x0000000002264000-memory.dmp

memory/340-99-0x0000000001F10000-0x0000000002264000-memory.dmp

\Windows\system\VJCAwop.exe

MD5 c756c91a1728b63311248c2f906fbfd7
SHA1 7fd5ce42cc7076eee2032e68637d0c408993b8e8
SHA256 e817f9f969f141a9ed42427caf285da26408be43560d6d9d1686082f0b08086d
SHA512 cb9f84fe6b076ce3263604b362a746106e6f3aec413e20586611e73232f15d50f8dfc4fd8cb052d131a88e8b306090a0b5b7a32a8a4e21c6903414a8f155c7c6

memory/2476-1072-0x000000013FFF0000-0x0000000140344000-memory.dmp

\Windows\system\ZrzYAip.exe

MD5 43dbfe98da0368a1bd67501793f17ef6
SHA1 beb71607173546a475469bf5d38a67e853ee3253
SHA256 6723a9bddb8b56bd55bd1676ac005e0de669cd88b077bfc677f3e31bca81a4ea
SHA512 2f43ad5eed0fd60c70abe32af404ac03a4a6088c7b2b80e7cec58c2e44c06efec83b7a6b683a41f54c89e16e1b4de7cd434aa345ccba2a5c7c5201f288c66236

memory/2476-70-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/340-68-0x000000013FFF0000-0x0000000140344000-memory.dmp

C:\Windows\system\BCRaRvj.exe

MD5 9759254da6f957d81512b3635ff9a366
SHA1 6b8723895f24a625b3ca6003d8139605b4d43997
SHA256 a142fc2050ad7f2ca0e458971d730d0dd3ba7e1837e4c50923a7792a1e21cfbe
SHA512 68d38f4adddebb723fbd5c5c3f10209f974922d1b787b1cf3cdb5fda07a1cab114f198600970fbb7d0f08be97ac69e5208299d1184dc5285f95a5d8e486e1f87

C:\Windows\system\bvrtepO.exe

MD5 3c5ee978305cec85d7a92571748024b0
SHA1 bea9c3a6661f09fcde5a49b56913f720a4fd28ac
SHA256 ce87d38729737af457b4d502e2ca15eaa07c9ae2278e8836ece26a2c092e4abe
SHA512 9ce65ed6418860a8c28b85fce882c948cd12aef797ba13396ae6b20774ff17e7037d59c648b18758fb40d988d1621776444034aeb33db7f690dfab0dfd687e45

\Windows\system\jqCiuvG.exe

MD5 f2bdc45611e78cdc5ee186eda8c8061e
SHA1 15f7aad2f6069594ada4dcb09c117d35185ef36e
SHA256 6bc14bc3f6a9f6b289ddf710cc7c7f440c3a0ae3e20f253f8882e06dcaf06f5e
SHA512 1ef9370e8f165bc6ead4379c8e9411afe14138d2c49a386217539248dd60890f71bc72a3a72037272832ee019c3331d4658c1a4ad65655b5f21eec36c06badb6

memory/340-1074-0x000000013F030000-0x000000013F384000-memory.dmp

memory/340-1073-0x0000000001F10000-0x0000000002264000-memory.dmp

memory/340-1075-0x0000000001F10000-0x0000000002264000-memory.dmp

memory/340-1076-0x0000000001F10000-0x0000000002264000-memory.dmp

memory/2384-1077-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2960-1078-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2124-1079-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2536-1080-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2704-1081-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2660-1082-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2696-1083-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2460-1084-0x000000013FF80000-0x00000001402D4000-memory.dmp

memory/2568-1085-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2476-1086-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2420-1087-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2752-1088-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 13:41

Reported

2024-06-07 13:47

Platform

win10v2004-20240426-en

Max time kernel

141s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\yRfnabL.exe N/A
N/A N/A C:\Windows\System\AWAPSDv.exe N/A
N/A N/A C:\Windows\System\ftYdTMm.exe N/A
N/A N/A C:\Windows\System\nHAHRBe.exe N/A
N/A N/A C:\Windows\System\YJiQBOj.exe N/A
N/A N/A C:\Windows\System\tiGgfzf.exe N/A
N/A N/A C:\Windows\System\eKFJeDi.exe N/A
N/A N/A C:\Windows\System\nYyhdLq.exe N/A
N/A N/A C:\Windows\System\qnljnNE.exe N/A
N/A N/A C:\Windows\System\smJHtIR.exe N/A
N/A N/A C:\Windows\System\daPRBpS.exe N/A
N/A N/A C:\Windows\System\RKmnAhw.exe N/A
N/A N/A C:\Windows\System\oQnaVLS.exe N/A
N/A N/A C:\Windows\System\fsxPvOp.exe N/A
N/A N/A C:\Windows\System\TwVLyKk.exe N/A
N/A N/A C:\Windows\System\HOkVhdO.exe N/A
N/A N/A C:\Windows\System\XbMWSje.exe N/A
N/A N/A C:\Windows\System\UzqHdLO.exe N/A
N/A N/A C:\Windows\System\wGOlCxs.exe N/A
N/A N/A C:\Windows\System\wIAuKQo.exe N/A
N/A N/A C:\Windows\System\SqjwfwY.exe N/A
N/A N/A C:\Windows\System\uieuqtp.exe N/A
N/A N/A C:\Windows\System\VNqbwZL.exe N/A
N/A N/A C:\Windows\System\pmOtREc.exe N/A
N/A N/A C:\Windows\System\lGRqeci.exe N/A
N/A N/A C:\Windows\System\zoneTFh.exe N/A
N/A N/A C:\Windows\System\OUyIKOB.exe N/A
N/A N/A C:\Windows\System\pOdlUIf.exe N/A
N/A N/A C:\Windows\System\ReINdeX.exe N/A
N/A N/A C:\Windows\System\FqIcOoS.exe N/A
N/A N/A C:\Windows\System\sRDGioy.exe N/A
N/A N/A C:\Windows\System\ZFOQfdN.exe N/A
N/A N/A C:\Windows\System\NscONBe.exe N/A
N/A N/A C:\Windows\System\HbyPyub.exe N/A
N/A N/A C:\Windows\System\yiZYgMh.exe N/A
N/A N/A C:\Windows\System\nNsArEc.exe N/A
N/A N/A C:\Windows\System\zIbtknq.exe N/A
N/A N/A C:\Windows\System\OSzIagQ.exe N/A
N/A N/A C:\Windows\System\kPTizmz.exe N/A
N/A N/A C:\Windows\System\FFzxqMc.exe N/A
N/A N/A C:\Windows\System\mGGaMSo.exe N/A
N/A N/A C:\Windows\System\VHhYkxa.exe N/A
N/A N/A C:\Windows\System\KyymzXt.exe N/A
N/A N/A C:\Windows\System\NRUjEty.exe N/A
N/A N/A C:\Windows\System\lVwYANr.exe N/A
N/A N/A C:\Windows\System\EUDDxto.exe N/A
N/A N/A C:\Windows\System\MrZRDis.exe N/A
N/A N/A C:\Windows\System\YolCXRT.exe N/A
N/A N/A C:\Windows\System\KDRDCzD.exe N/A
N/A N/A C:\Windows\System\jvyukNL.exe N/A
N/A N/A C:\Windows\System\FuInjRX.exe N/A
N/A N/A C:\Windows\System\EkAmKHp.exe N/A
N/A N/A C:\Windows\System\HMjOBAI.exe N/A
N/A N/A C:\Windows\System\jOnQdFT.exe N/A
N/A N/A C:\Windows\System\hvjhYMc.exe N/A
N/A N/A C:\Windows\System\AOQMizK.exe N/A
N/A N/A C:\Windows\System\GAmwwTs.exe N/A
N/A N/A C:\Windows\System\oGNLXfv.exe N/A
N/A N/A C:\Windows\System\QJnrmdx.exe N/A
N/A N/A C:\Windows\System\xobghib.exe N/A
N/A N/A C:\Windows\System\ejOWFOw.exe N/A
N/A N/A C:\Windows\System\wqoaLIq.exe N/A
N/A N/A C:\Windows\System\dEfSDUc.exe N/A
N/A N/A C:\Windows\System\cVxLjjY.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EUDDxto.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTGskIe.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjFHrLc.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqJWBSV.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrumvxN.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\avDgdfk.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuGXTNr.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\EvUhraG.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJqcBUq.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGaPQzz.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\xobghib.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZiFoFY.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\BhCervN.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\XGFDASj.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBWizSV.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbyPyub.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\nNsArEc.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ailaMdw.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\tewNPoN.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\AofPOxA.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPohESx.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEfAHdm.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\NLItNuc.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\UzqHdLO.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\OUyIKOB.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\oiupZRi.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\CFjOUAV.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPxldAT.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ReINdeX.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\FpSgzPX.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAYZjvo.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWAPSDv.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKmnAhw.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\NRUjEty.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVxLjjY.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKLjkHn.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKrvePv.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubqXTRB.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\UivnuAZ.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\yRfnabL.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\JURYMOg.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEgQLbB.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYSdMqt.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHTVNgT.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\AuMjCds.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYimNLU.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDoSaWf.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMBSTvf.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzXBmDI.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPKupBV.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvrILHG.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCbIUsr.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMVRpMH.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVjVkBO.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\tFohicU.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\iENJPuR.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\SConNLP.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\smJHtIR.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqoaLIq.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQPXtUK.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFYvYXL.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVZNkcg.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgliiPC.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDRDCzD.exe C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\yRfnabL.exe
PID 2980 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\yRfnabL.exe
PID 2980 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\AWAPSDv.exe
PID 2980 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\AWAPSDv.exe
PID 2980 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ftYdTMm.exe
PID 2980 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ftYdTMm.exe
PID 2980 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\nHAHRBe.exe
PID 2980 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\nHAHRBe.exe
PID 2980 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\YJiQBOj.exe
PID 2980 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\YJiQBOj.exe
PID 2980 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\tiGgfzf.exe
PID 2980 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\tiGgfzf.exe
PID 2980 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\eKFJeDi.exe
PID 2980 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\eKFJeDi.exe
PID 2980 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\nYyhdLq.exe
PID 2980 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\nYyhdLq.exe
PID 2980 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\qnljnNE.exe
PID 2980 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\qnljnNE.exe
PID 2980 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\smJHtIR.exe
PID 2980 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\smJHtIR.exe
PID 2980 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\daPRBpS.exe
PID 2980 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\daPRBpS.exe
PID 2980 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\RKmnAhw.exe
PID 2980 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\RKmnAhw.exe
PID 2980 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\oQnaVLS.exe
PID 2980 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\oQnaVLS.exe
PID 2980 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\fsxPvOp.exe
PID 2980 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\fsxPvOp.exe
PID 2980 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\TwVLyKk.exe
PID 2980 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\TwVLyKk.exe
PID 2980 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\HOkVhdO.exe
PID 2980 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\HOkVhdO.exe
PID 2980 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\XbMWSje.exe
PID 2980 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\XbMWSje.exe
PID 2980 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\UzqHdLO.exe
PID 2980 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\UzqHdLO.exe
PID 2980 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\wGOlCxs.exe
PID 2980 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\wGOlCxs.exe
PID 2980 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\wIAuKQo.exe
PID 2980 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\wIAuKQo.exe
PID 2980 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\SqjwfwY.exe
PID 2980 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\SqjwfwY.exe
PID 2980 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\uieuqtp.exe
PID 2980 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\uieuqtp.exe
PID 2980 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VNqbwZL.exe
PID 2980 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\VNqbwZL.exe
PID 2980 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\pmOtREc.exe
PID 2980 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\pmOtREc.exe
PID 2980 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\lGRqeci.exe
PID 2980 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\lGRqeci.exe
PID 2980 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\zoneTFh.exe
PID 2980 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\zoneTFh.exe
PID 2980 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\OUyIKOB.exe
PID 2980 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\OUyIKOB.exe
PID 2980 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\pOdlUIf.exe
PID 2980 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\pOdlUIf.exe
PID 2980 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ReINdeX.exe
PID 2980 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ReINdeX.exe
PID 2980 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\FqIcOoS.exe
PID 2980 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\FqIcOoS.exe
PID 2980 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\sRDGioy.exe
PID 2980 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\sRDGioy.exe
PID 2980 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZFOQfdN.exe
PID 2980 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe C:\Windows\System\ZFOQfdN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\203b8c4daaee6bc3429efcb93ff85950_NeikiAnalytics.exe"

C:\Windows\System\yRfnabL.exe

C:\Windows\System\yRfnabL.exe

C:\Windows\System\AWAPSDv.exe

C:\Windows\System\AWAPSDv.exe

C:\Windows\System\ftYdTMm.exe

C:\Windows\System\ftYdTMm.exe

C:\Windows\System\nHAHRBe.exe

C:\Windows\System\nHAHRBe.exe

C:\Windows\System\YJiQBOj.exe

C:\Windows\System\YJiQBOj.exe

C:\Windows\System\tiGgfzf.exe

C:\Windows\System\tiGgfzf.exe

C:\Windows\System\eKFJeDi.exe

C:\Windows\System\eKFJeDi.exe

C:\Windows\System\nYyhdLq.exe

C:\Windows\System\nYyhdLq.exe

C:\Windows\System\qnljnNE.exe

C:\Windows\System\qnljnNE.exe

C:\Windows\System\smJHtIR.exe

C:\Windows\System\smJHtIR.exe

C:\Windows\System\daPRBpS.exe

C:\Windows\System\daPRBpS.exe

C:\Windows\System\RKmnAhw.exe

C:\Windows\System\RKmnAhw.exe

C:\Windows\System\oQnaVLS.exe

C:\Windows\System\oQnaVLS.exe

C:\Windows\System\fsxPvOp.exe

C:\Windows\System\fsxPvOp.exe

C:\Windows\System\TwVLyKk.exe

C:\Windows\System\TwVLyKk.exe

C:\Windows\System\HOkVhdO.exe

C:\Windows\System\HOkVhdO.exe

C:\Windows\System\XbMWSje.exe

C:\Windows\System\XbMWSje.exe

C:\Windows\System\UzqHdLO.exe

C:\Windows\System\UzqHdLO.exe

C:\Windows\System\wGOlCxs.exe

C:\Windows\System\wGOlCxs.exe

C:\Windows\System\wIAuKQo.exe

C:\Windows\System\wIAuKQo.exe

C:\Windows\System\SqjwfwY.exe

C:\Windows\System\SqjwfwY.exe

C:\Windows\System\uieuqtp.exe

C:\Windows\System\uieuqtp.exe

C:\Windows\System\VNqbwZL.exe

C:\Windows\System\VNqbwZL.exe

C:\Windows\System\pmOtREc.exe

C:\Windows\System\pmOtREc.exe

C:\Windows\System\lGRqeci.exe

C:\Windows\System\lGRqeci.exe

C:\Windows\System\zoneTFh.exe

C:\Windows\System\zoneTFh.exe

C:\Windows\System\OUyIKOB.exe

C:\Windows\System\OUyIKOB.exe

C:\Windows\System\pOdlUIf.exe

C:\Windows\System\pOdlUIf.exe

C:\Windows\System\ReINdeX.exe

C:\Windows\System\ReINdeX.exe

C:\Windows\System\FqIcOoS.exe

C:\Windows\System\FqIcOoS.exe

C:\Windows\System\sRDGioy.exe

C:\Windows\System\sRDGioy.exe

C:\Windows\System\ZFOQfdN.exe

C:\Windows\System\ZFOQfdN.exe

C:\Windows\System\NscONBe.exe

C:\Windows\System\NscONBe.exe

C:\Windows\System\HbyPyub.exe

C:\Windows\System\HbyPyub.exe

C:\Windows\System\nNsArEc.exe

C:\Windows\System\nNsArEc.exe

C:\Windows\System\yiZYgMh.exe

C:\Windows\System\yiZYgMh.exe

C:\Windows\System\zIbtknq.exe

C:\Windows\System\zIbtknq.exe

C:\Windows\System\OSzIagQ.exe

C:\Windows\System\OSzIagQ.exe

C:\Windows\System\kPTizmz.exe

C:\Windows\System\kPTizmz.exe

C:\Windows\System\FFzxqMc.exe

C:\Windows\System\FFzxqMc.exe

C:\Windows\System\mGGaMSo.exe

C:\Windows\System\mGGaMSo.exe

C:\Windows\System\VHhYkxa.exe

C:\Windows\System\VHhYkxa.exe

C:\Windows\System\KyymzXt.exe

C:\Windows\System\KyymzXt.exe

C:\Windows\System\NRUjEty.exe

C:\Windows\System\NRUjEty.exe

C:\Windows\System\lVwYANr.exe

C:\Windows\System\lVwYANr.exe

C:\Windows\System\EUDDxto.exe

C:\Windows\System\EUDDxto.exe

C:\Windows\System\MrZRDis.exe

C:\Windows\System\MrZRDis.exe

C:\Windows\System\YolCXRT.exe

C:\Windows\System\YolCXRT.exe

C:\Windows\System\KDRDCzD.exe

C:\Windows\System\KDRDCzD.exe

C:\Windows\System\jvyukNL.exe

C:\Windows\System\jvyukNL.exe

C:\Windows\System\FuInjRX.exe

C:\Windows\System\FuInjRX.exe

C:\Windows\System\EkAmKHp.exe

C:\Windows\System\EkAmKHp.exe

C:\Windows\System\HMjOBAI.exe

C:\Windows\System\HMjOBAI.exe

C:\Windows\System\jOnQdFT.exe

C:\Windows\System\jOnQdFT.exe

C:\Windows\System\hvjhYMc.exe

C:\Windows\System\hvjhYMc.exe

C:\Windows\System\AOQMizK.exe

C:\Windows\System\AOQMizK.exe

C:\Windows\System\GAmwwTs.exe

C:\Windows\System\GAmwwTs.exe

C:\Windows\System\oGNLXfv.exe

C:\Windows\System\oGNLXfv.exe

C:\Windows\System\QJnrmdx.exe

C:\Windows\System\QJnrmdx.exe

C:\Windows\System\xobghib.exe

C:\Windows\System\xobghib.exe

C:\Windows\System\ejOWFOw.exe

C:\Windows\System\ejOWFOw.exe

C:\Windows\System\wqoaLIq.exe

C:\Windows\System\wqoaLIq.exe

C:\Windows\System\dEfSDUc.exe

C:\Windows\System\dEfSDUc.exe

C:\Windows\System\cVxLjjY.exe

C:\Windows\System\cVxLjjY.exe

C:\Windows\System\VttFayq.exe

C:\Windows\System\VttFayq.exe

C:\Windows\System\jApBfMR.exe

C:\Windows\System\jApBfMR.exe

C:\Windows\System\AMXUAOe.exe

C:\Windows\System\AMXUAOe.exe

C:\Windows\System\iylZkvB.exe

C:\Windows\System\iylZkvB.exe

C:\Windows\System\TtLyJWg.exe

C:\Windows\System\TtLyJWg.exe

C:\Windows\System\BwlYexp.exe

C:\Windows\System\BwlYexp.exe

C:\Windows\System\RMVRpMH.exe

C:\Windows\System\RMVRpMH.exe

C:\Windows\System\rrumvxN.exe

C:\Windows\System\rrumvxN.exe

C:\Windows\System\cswhDAR.exe

C:\Windows\System\cswhDAR.exe

C:\Windows\System\XtSIOIW.exe

C:\Windows\System\XtSIOIW.exe

C:\Windows\System\sJQZvyZ.exe

C:\Windows\System\sJQZvyZ.exe

C:\Windows\System\VtRhVPk.exe

C:\Windows\System\VtRhVPk.exe

C:\Windows\System\wOMwytt.exe

C:\Windows\System\wOMwytt.exe

C:\Windows\System\iiDfFul.exe

C:\Windows\System\iiDfFul.exe

C:\Windows\System\gxEBbMK.exe

C:\Windows\System\gxEBbMK.exe

C:\Windows\System\bijpTUT.exe

C:\Windows\System\bijpTUT.exe

C:\Windows\System\kGMBtSi.exe

C:\Windows\System\kGMBtSi.exe

C:\Windows\System\mGhloTq.exe

C:\Windows\System\mGhloTq.exe

C:\Windows\System\VjQpYcM.exe

C:\Windows\System\VjQpYcM.exe

C:\Windows\System\LnrvtJK.exe

C:\Windows\System\LnrvtJK.exe

C:\Windows\System\qNYkJPC.exe

C:\Windows\System\qNYkJPC.exe

C:\Windows\System\UWSAjfU.exe

C:\Windows\System\UWSAjfU.exe

C:\Windows\System\PDhQebj.exe

C:\Windows\System\PDhQebj.exe

C:\Windows\System\wBDRlNZ.exe

C:\Windows\System\wBDRlNZ.exe

C:\Windows\System\zayRqla.exe

C:\Windows\System\zayRqla.exe

C:\Windows\System\hgvaYyF.exe

C:\Windows\System\hgvaYyF.exe

C:\Windows\System\AEtkEzz.exe

C:\Windows\System\AEtkEzz.exe

C:\Windows\System\HcqMgAh.exe

C:\Windows\System\HcqMgAh.exe

C:\Windows\System\LlbaYHA.exe

C:\Windows\System\LlbaYHA.exe

C:\Windows\System\XPohESx.exe

C:\Windows\System\XPohESx.exe

C:\Windows\System\fAcxlIm.exe

C:\Windows\System\fAcxlIm.exe

C:\Windows\System\qQROfWn.exe

C:\Windows\System\qQROfWn.exe

C:\Windows\System\KPfPpre.exe

C:\Windows\System\KPfPpre.exe

C:\Windows\System\xRpCKPY.exe

C:\Windows\System\xRpCKPY.exe

C:\Windows\System\azofrvq.exe

C:\Windows\System\azofrvq.exe

C:\Windows\System\azhammZ.exe

C:\Windows\System\azhammZ.exe

C:\Windows\System\rsbFSmP.exe

C:\Windows\System\rsbFSmP.exe

C:\Windows\System\VHOcoNe.exe

C:\Windows\System\VHOcoNe.exe

C:\Windows\System\LlqrfwD.exe

C:\Windows\System\LlqrfwD.exe

C:\Windows\System\duPTYLC.exe

C:\Windows\System\duPTYLC.exe

C:\Windows\System\wIsFNHZ.exe

C:\Windows\System\wIsFNHZ.exe

C:\Windows\System\AMBSTvf.exe

C:\Windows\System\AMBSTvf.exe

C:\Windows\System\JiBEAnp.exe

C:\Windows\System\JiBEAnp.exe

C:\Windows\System\BNCGuYZ.exe

C:\Windows\System\BNCGuYZ.exe

C:\Windows\System\oyiuNol.exe

C:\Windows\System\oyiuNol.exe

C:\Windows\System\bLQQonP.exe

C:\Windows\System\bLQQonP.exe

C:\Windows\System\juhHaAg.exe

C:\Windows\System\juhHaAg.exe

C:\Windows\System\ZVXcmTU.exe

C:\Windows\System\ZVXcmTU.exe

C:\Windows\System\JURYMOg.exe

C:\Windows\System\JURYMOg.exe

C:\Windows\System\zmDgcqu.exe

C:\Windows\System\zmDgcqu.exe

C:\Windows\System\lqcwoVB.exe

C:\Windows\System\lqcwoVB.exe

C:\Windows\System\pGgNgcN.exe

C:\Windows\System\pGgNgcN.exe

C:\Windows\System\AQwUEGv.exe

C:\Windows\System\AQwUEGv.exe

C:\Windows\System\XCTUJrM.exe

C:\Windows\System\XCTUJrM.exe

C:\Windows\System\LNXIecQ.exe

C:\Windows\System\LNXIecQ.exe

C:\Windows\System\lEfAHdm.exe

C:\Windows\System\lEfAHdm.exe

C:\Windows\System\rZiFoFY.exe

C:\Windows\System\rZiFoFY.exe

C:\Windows\System\HFodxGv.exe

C:\Windows\System\HFodxGv.exe

C:\Windows\System\SLtVutA.exe

C:\Windows\System\SLtVutA.exe

C:\Windows\System\MvKRGDN.exe

C:\Windows\System\MvKRGDN.exe

C:\Windows\System\nlSDEZL.exe

C:\Windows\System\nlSDEZL.exe

C:\Windows\System\SAHYlsA.exe

C:\Windows\System\SAHYlsA.exe

C:\Windows\System\aeMzxTi.exe

C:\Windows\System\aeMzxTi.exe

C:\Windows\System\GOwTILi.exe

C:\Windows\System\GOwTILi.exe

C:\Windows\System\vuAFAQf.exe

C:\Windows\System\vuAFAQf.exe

C:\Windows\System\geNYwGp.exe

C:\Windows\System\geNYwGp.exe

C:\Windows\System\KtBsYyj.exe

C:\Windows\System\KtBsYyj.exe

C:\Windows\System\oiupZRi.exe

C:\Windows\System\oiupZRi.exe

C:\Windows\System\vbHZYIq.exe

C:\Windows\System\vbHZYIq.exe

C:\Windows\System\NQkPLVd.exe

C:\Windows\System\NQkPLVd.exe

C:\Windows\System\wHSDRzb.exe

C:\Windows\System\wHSDRzb.exe

C:\Windows\System\posnNZR.exe

C:\Windows\System\posnNZR.exe

C:\Windows\System\qGoVWia.exe

C:\Windows\System\qGoVWia.exe

C:\Windows\System\wbOcaCf.exe

C:\Windows\System\wbOcaCf.exe

C:\Windows\System\fyyJJtN.exe

C:\Windows\System\fyyJJtN.exe

C:\Windows\System\taRxXYi.exe

C:\Windows\System\taRxXYi.exe

C:\Windows\System\NXwaqtZ.exe

C:\Windows\System\NXwaqtZ.exe

C:\Windows\System\RSmdpCL.exe

C:\Windows\System\RSmdpCL.exe

C:\Windows\System\NLItNuc.exe

C:\Windows\System\NLItNuc.exe

C:\Windows\System\tpwtYEw.exe

C:\Windows\System\tpwtYEw.exe

C:\Windows\System\sRYxKps.exe

C:\Windows\System\sRYxKps.exe

C:\Windows\System\BBLnYIg.exe

C:\Windows\System\BBLnYIg.exe

C:\Windows\System\ozCShdx.exe

C:\Windows\System\ozCShdx.exe

C:\Windows\System\iUcCyJO.exe

C:\Windows\System\iUcCyJO.exe

C:\Windows\System\pEgQLbB.exe

C:\Windows\System\pEgQLbB.exe

C:\Windows\System\isybDwi.exe

C:\Windows\System\isybDwi.exe

C:\Windows\System\lhfAGde.exe

C:\Windows\System\lhfAGde.exe

C:\Windows\System\YzXBmDI.exe

C:\Windows\System\YzXBmDI.exe

C:\Windows\System\cARXntl.exe

C:\Windows\System\cARXntl.exe

C:\Windows\System\xoduwXt.exe

C:\Windows\System\xoduwXt.exe

C:\Windows\System\DbnsXym.exe

C:\Windows\System\DbnsXym.exe

C:\Windows\System\uMUaabC.exe

C:\Windows\System\uMUaabC.exe

C:\Windows\System\THorwiO.exe

C:\Windows\System\THorwiO.exe

C:\Windows\System\VWSpvUe.exe

C:\Windows\System\VWSpvUe.exe

C:\Windows\System\aYReyma.exe

C:\Windows\System\aYReyma.exe

C:\Windows\System\dbHIuJh.exe

C:\Windows\System\dbHIuJh.exe

C:\Windows\System\qGqGeBo.exe

C:\Windows\System\qGqGeBo.exe

C:\Windows\System\YHvtPae.exe

C:\Windows\System\YHvtPae.exe

C:\Windows\System\PEPSHTt.exe

C:\Windows\System\PEPSHTt.exe

C:\Windows\System\TCbJtnX.exe

C:\Windows\System\TCbJtnX.exe

C:\Windows\System\oYSdMqt.exe

C:\Windows\System\oYSdMqt.exe

C:\Windows\System\ailaMdw.exe

C:\Windows\System\ailaMdw.exe

C:\Windows\System\eJRWohP.exe

C:\Windows\System\eJRWohP.exe

C:\Windows\System\avDgdfk.exe

C:\Windows\System\avDgdfk.exe

C:\Windows\System\WOyuEWJ.exe

C:\Windows\System\WOyuEWJ.exe

C:\Windows\System\avYxlXN.exe

C:\Windows\System\avYxlXN.exe

C:\Windows\System\CFjOUAV.exe

C:\Windows\System\CFjOUAV.exe

C:\Windows\System\lOQOEvC.exe

C:\Windows\System\lOQOEvC.exe

C:\Windows\System\MHTVNgT.exe

C:\Windows\System\MHTVNgT.exe

C:\Windows\System\RPKupBV.exe

C:\Windows\System\RPKupBV.exe

C:\Windows\System\ePCavda.exe

C:\Windows\System\ePCavda.exe

C:\Windows\System\XVnuRVK.exe

C:\Windows\System\XVnuRVK.exe

C:\Windows\System\beFkrlU.exe

C:\Windows\System\beFkrlU.exe

C:\Windows\System\BhCervN.exe

C:\Windows\System\BhCervN.exe

C:\Windows\System\iKWMpCE.exe

C:\Windows\System\iKWMpCE.exe

C:\Windows\System\xVFHAUv.exe

C:\Windows\System\xVFHAUv.exe

C:\Windows\System\vMTDIEy.exe

C:\Windows\System\vMTDIEy.exe

C:\Windows\System\LKLjkHn.exe

C:\Windows\System\LKLjkHn.exe

C:\Windows\System\dghoryl.exe

C:\Windows\System\dghoryl.exe

C:\Windows\System\NRwlXYO.exe

C:\Windows\System\NRwlXYO.exe

C:\Windows\System\IvrILHG.exe

C:\Windows\System\IvrILHG.exe

C:\Windows\System\MGioESH.exe

C:\Windows\System\MGioESH.exe

C:\Windows\System\CHejmmD.exe

C:\Windows\System\CHejmmD.exe

C:\Windows\System\GjLbUQF.exe

C:\Windows\System\GjLbUQF.exe

C:\Windows\System\BCswLUs.exe

C:\Windows\System\BCswLUs.exe

C:\Windows\System\vYXsifM.exe

C:\Windows\System\vYXsifM.exe

C:\Windows\System\nxqzQtW.exe

C:\Windows\System\nxqzQtW.exe

C:\Windows\System\ueJDZEh.exe

C:\Windows\System\ueJDZEh.exe

C:\Windows\System\GMwvglq.exe

C:\Windows\System\GMwvglq.exe

C:\Windows\System\WLIwgBw.exe

C:\Windows\System\WLIwgBw.exe

C:\Windows\System\KmljwWA.exe

C:\Windows\System\KmljwWA.exe

C:\Windows\System\insITqB.exe

C:\Windows\System\insITqB.exe

C:\Windows\System\OxZLkyY.exe

C:\Windows\System\OxZLkyY.exe

C:\Windows\System\VInwGxU.exe

C:\Windows\System\VInwGxU.exe

C:\Windows\System\LnLknWK.exe

C:\Windows\System\LnLknWK.exe

C:\Windows\System\doEhuZy.exe

C:\Windows\System\doEhuZy.exe

C:\Windows\System\opRAZTp.exe

C:\Windows\System\opRAZTp.exe

C:\Windows\System\OwUwrwQ.exe

C:\Windows\System\OwUwrwQ.exe

C:\Windows\System\tewNPoN.exe

C:\Windows\System\tewNPoN.exe

C:\Windows\System\oTSHLES.exe

C:\Windows\System\oTSHLES.exe

C:\Windows\System\UnmFula.exe

C:\Windows\System\UnmFula.exe

C:\Windows\System\fOOFTMR.exe

C:\Windows\System\fOOFTMR.exe

C:\Windows\System\pyFcZPY.exe

C:\Windows\System\pyFcZPY.exe

C:\Windows\System\YDAJZaC.exe

C:\Windows\System\YDAJZaC.exe

C:\Windows\System\YWMgcay.exe

C:\Windows\System\YWMgcay.exe

C:\Windows\System\lGIVvje.exe

C:\Windows\System\lGIVvje.exe

C:\Windows\System\kfeSCbX.exe

C:\Windows\System\kfeSCbX.exe

C:\Windows\System\QRQidsd.exe

C:\Windows\System\QRQidsd.exe

C:\Windows\System\QlXlgAV.exe

C:\Windows\System\QlXlgAV.exe

C:\Windows\System\LTGskIe.exe

C:\Windows\System\LTGskIe.exe

C:\Windows\System\nFblbVD.exe

C:\Windows\System\nFblbVD.exe

C:\Windows\System\zgliiPC.exe

C:\Windows\System\zgliiPC.exe

C:\Windows\System\ImUvjob.exe

C:\Windows\System\ImUvjob.exe

C:\Windows\System\rfiXQGO.exe

C:\Windows\System\rfiXQGO.exe

C:\Windows\System\UVjVkBO.exe

C:\Windows\System\UVjVkBO.exe

C:\Windows\System\clzVFFF.exe

C:\Windows\System\clzVFFF.exe

C:\Windows\System\IwYJKGB.exe

C:\Windows\System\IwYJKGB.exe

C:\Windows\System\Giwmgsu.exe

C:\Windows\System\Giwmgsu.exe

C:\Windows\System\sCbIUsr.exe

C:\Windows\System\sCbIUsr.exe

C:\Windows\System\acfTJsF.exe

C:\Windows\System\acfTJsF.exe

C:\Windows\System\aLOIwZR.exe

C:\Windows\System\aLOIwZR.exe

C:\Windows\System\VzrgrOk.exe

C:\Windows\System\VzrgrOk.exe

C:\Windows\System\qAVGLwt.exe

C:\Windows\System\qAVGLwt.exe

C:\Windows\System\jilqygg.exe

C:\Windows\System\jilqygg.exe

C:\Windows\System\YzvWJQU.exe

C:\Windows\System\YzvWJQU.exe

C:\Windows\System\AldeVQM.exe

C:\Windows\System\AldeVQM.exe

C:\Windows\System\AuMjCds.exe

C:\Windows\System\AuMjCds.exe

C:\Windows\System\MnNKSHP.exe

C:\Windows\System\MnNKSHP.exe

C:\Windows\System\EaRRRVD.exe

C:\Windows\System\EaRRRVD.exe

C:\Windows\System\ZuGXTNr.exe

C:\Windows\System\ZuGXTNr.exe

C:\Windows\System\EvUhraG.exe

C:\Windows\System\EvUhraG.exe

C:\Windows\System\UZfhdFK.exe

C:\Windows\System\UZfhdFK.exe

C:\Windows\System\pPebFNy.exe

C:\Windows\System\pPebFNy.exe

C:\Windows\System\zEYkjtq.exe

C:\Windows\System\zEYkjtq.exe

C:\Windows\System\odbfSKw.exe

C:\Windows\System\odbfSKw.exe

C:\Windows\System\zJCUspY.exe

C:\Windows\System\zJCUspY.exe

C:\Windows\System\llOuYmC.exe

C:\Windows\System\llOuYmC.exe

C:\Windows\System\xuIgayW.exe

C:\Windows\System\xuIgayW.exe

C:\Windows\System\tFohicU.exe

C:\Windows\System\tFohicU.exe

C:\Windows\System\ddiHpPr.exe

C:\Windows\System\ddiHpPr.exe

C:\Windows\System\MrlFTwh.exe

C:\Windows\System\MrlFTwh.exe

C:\Windows\System\qocvXHN.exe

C:\Windows\System\qocvXHN.exe

C:\Windows\System\bQPXtUK.exe

C:\Windows\System\bQPXtUK.exe

C:\Windows\System\KiDRDko.exe

C:\Windows\System\KiDRDko.exe

C:\Windows\System\dCQIrLb.exe

C:\Windows\System\dCQIrLb.exe

C:\Windows\System\GWqaCwt.exe

C:\Windows\System\GWqaCwt.exe

C:\Windows\System\gPxldAT.exe

C:\Windows\System\gPxldAT.exe

C:\Windows\System\sFYvYXL.exe

C:\Windows\System\sFYvYXL.exe

C:\Windows\System\lnNxGkx.exe

C:\Windows\System\lnNxGkx.exe

C:\Windows\System\sULfzNE.exe

C:\Windows\System\sULfzNE.exe

C:\Windows\System\PJgRxmN.exe

C:\Windows\System\PJgRxmN.exe

C:\Windows\System\vdJXNGJ.exe

C:\Windows\System\vdJXNGJ.exe

C:\Windows\System\XgczCRY.exe

C:\Windows\System\XgczCRY.exe

C:\Windows\System\ubqXTRB.exe

C:\Windows\System\ubqXTRB.exe

C:\Windows\System\bOIjIvm.exe

C:\Windows\System\bOIjIvm.exe

C:\Windows\System\wWiEHVg.exe

C:\Windows\System\wWiEHVg.exe

C:\Windows\System\atdyman.exe

C:\Windows\System\atdyman.exe

C:\Windows\System\UivnuAZ.exe

C:\Windows\System\UivnuAZ.exe

C:\Windows\System\CVZeWcD.exe

C:\Windows\System\CVZeWcD.exe

C:\Windows\System\jnMSKef.exe

C:\Windows\System\jnMSKef.exe

C:\Windows\System\FpSgzPX.exe

C:\Windows\System\FpSgzPX.exe

C:\Windows\System\CcBtbwf.exe

C:\Windows\System\CcBtbwf.exe

C:\Windows\System\cGoBgAj.exe

C:\Windows\System\cGoBgAj.exe

C:\Windows\System\vyPXAoy.exe

C:\Windows\System\vyPXAoy.exe

C:\Windows\System\sKrvePv.exe

C:\Windows\System\sKrvePv.exe

C:\Windows\System\lsLTSCo.exe

C:\Windows\System\lsLTSCo.exe

C:\Windows\System\hnGseLz.exe

C:\Windows\System\hnGseLz.exe

C:\Windows\System\poqGNoR.exe

C:\Windows\System\poqGNoR.exe

C:\Windows\System\YgJdoXV.exe

C:\Windows\System\YgJdoXV.exe

C:\Windows\System\LffwZup.exe

C:\Windows\System\LffwZup.exe

C:\Windows\System\aqojSqB.exe

C:\Windows\System\aqojSqB.exe

C:\Windows\System\pEOZhPj.exe

C:\Windows\System\pEOZhPj.exe

C:\Windows\System\GtghZKN.exe

C:\Windows\System\GtghZKN.exe

C:\Windows\System\wPQYLgN.exe

C:\Windows\System\wPQYLgN.exe

C:\Windows\System\Aqfdyln.exe

C:\Windows\System\Aqfdyln.exe

C:\Windows\System\qkyvVoi.exe

C:\Windows\System\qkyvVoi.exe

C:\Windows\System\dezNDuT.exe

C:\Windows\System\dezNDuT.exe

C:\Windows\System\GNyzEeH.exe

C:\Windows\System\GNyzEeH.exe

C:\Windows\System\aaBpleu.exe

C:\Windows\System\aaBpleu.exe

C:\Windows\System\uTWreaX.exe

C:\Windows\System\uTWreaX.exe

C:\Windows\System\jYimNLU.exe

C:\Windows\System\jYimNLU.exe

C:\Windows\System\TXiaTEx.exe

C:\Windows\System\TXiaTEx.exe

C:\Windows\System\SVZNkcg.exe

C:\Windows\System\SVZNkcg.exe

C:\Windows\System\ktuVHFI.exe

C:\Windows\System\ktuVHFI.exe

C:\Windows\System\RxKblRY.exe

C:\Windows\System\RxKblRY.exe

C:\Windows\System\UDpzGnD.exe

C:\Windows\System\UDpzGnD.exe

C:\Windows\System\iENJPuR.exe

C:\Windows\System\iENJPuR.exe

C:\Windows\System\qTzaxXU.exe

C:\Windows\System\qTzaxXU.exe

C:\Windows\System\UmLShyf.exe

C:\Windows\System\UmLShyf.exe

C:\Windows\System\NZKcBDT.exe

C:\Windows\System\NZKcBDT.exe

C:\Windows\System\HMFPjlF.exe

C:\Windows\System\HMFPjlF.exe

C:\Windows\System\kOFLvRj.exe

C:\Windows\System\kOFLvRj.exe

C:\Windows\System\FjFHrLc.exe

C:\Windows\System\FjFHrLc.exe

C:\Windows\System\ZcWyBDF.exe

C:\Windows\System\ZcWyBDF.exe

C:\Windows\System\AofPOxA.exe

C:\Windows\System\AofPOxA.exe

C:\Windows\System\CMSDTiV.exe

C:\Windows\System\CMSDTiV.exe

C:\Windows\System\VCwhQLJ.exe

C:\Windows\System\VCwhQLJ.exe

C:\Windows\System\FSHHbQp.exe

C:\Windows\System\FSHHbQp.exe

C:\Windows\System\aMsWWdA.exe

C:\Windows\System\aMsWWdA.exe

C:\Windows\System\lDoSaWf.exe

C:\Windows\System\lDoSaWf.exe

C:\Windows\System\WuneHCX.exe

C:\Windows\System\WuneHCX.exe

C:\Windows\System\SConNLP.exe

C:\Windows\System\SConNLP.exe

C:\Windows\System\SAYZjvo.exe

C:\Windows\System\SAYZjvo.exe

C:\Windows\System\kCkRQVe.exe

C:\Windows\System\kCkRQVe.exe

C:\Windows\System\iJqcBUq.exe

C:\Windows\System\iJqcBUq.exe

C:\Windows\System\FqJWBSV.exe

C:\Windows\System\FqJWBSV.exe

C:\Windows\System\ExVIlWt.exe

C:\Windows\System\ExVIlWt.exe

C:\Windows\System\YOBWCpp.exe

C:\Windows\System\YOBWCpp.exe

C:\Windows\System\lGaPQzz.exe

C:\Windows\System\lGaPQzz.exe

C:\Windows\System\WeBhjWq.exe

C:\Windows\System\WeBhjWq.exe

C:\Windows\System\LSLIYfA.exe

C:\Windows\System\LSLIYfA.exe

C:\Windows\System\KgBaGmt.exe

C:\Windows\System\KgBaGmt.exe

C:\Windows\System\XGFDASj.exe

C:\Windows\System\XGFDASj.exe

C:\Windows\System\lioofWe.exe

C:\Windows\System\lioofWe.exe

C:\Windows\System\zmfxgqr.exe

C:\Windows\System\zmfxgqr.exe

C:\Windows\System\eUvItxp.exe

C:\Windows\System\eUvItxp.exe

C:\Windows\System\BcUuxAN.exe

C:\Windows\System\BcUuxAN.exe

C:\Windows\System\PaSGTzm.exe

C:\Windows\System\PaSGTzm.exe

C:\Windows\System\DBWizSV.exe

C:\Windows\System\DBWizSV.exe

C:\Windows\System\tBFTNMk.exe

C:\Windows\System\tBFTNMk.exe

C:\Windows\System\zhFYZHT.exe

C:\Windows\System\zhFYZHT.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2980-0-0x00007FF622250000-0x00007FF6225A4000-memory.dmp

C:\Windows\System\AWAPSDv.exe

MD5 3a3f70a402d9d4489dd90160036b1317
SHA1 6b8b28dfb79eb10242c861a9650a63fcd596de69
SHA256 081e776e349321aff59e416729dbae50e0a0641f3ee5496d8b6c28d38fdd94cd
SHA512 d193488d4d796ff3003a01d5ea9dbbd218554ba568757af5f5bd2adb321708e229ecf25f01596febc4b43133851cde790dc43f2b897cdcf384e1d6d2ce08c9de

C:\Windows\System\ftYdTMm.exe

MD5 8b2eab9a9bb1361eafd5bc47cb69d5dd
SHA1 d26c0c240cf96c7874a2470914ecaee58edf1c7c
SHA256 f7e76e45ee22d9a423b9f2a47e6138b6b56aac3e32e93aef3e9d227671709cc9
SHA512 158532117b03f91d18e84735461eb50a4919361d94c7826029cc08c6c331c2e68aeb6d8d3e6b16484cc8263386da449fe3dc3358b3327ec0b2843a796fef56af

memory/688-17-0x00007FF6ADBB0000-0x00007FF6ADF04000-memory.dmp

C:\Windows\System\tiGgfzf.exe

MD5 8b64dda9e00f6997fcc7fad79a9eb286
SHA1 55716c46108969d97e8e36899979f76e203d11cc
SHA256 2ecac1c50a90142c26eb9958990fd0e134b77fd80773526449443cd1855c380f
SHA512 92b13e01f4fb50ce8b07aa5d0302fc1ac47f573d0297badc70520b74e602021a23cba8ef65591f7dcfb5b053bd9738cef806adacc7cab29f9ae2487cafafc404

memory/2284-46-0x00007FF763AB0000-0x00007FF763E04000-memory.dmp

C:\Windows\System\smJHtIR.exe

MD5 006046987c20af2899fc319d44178f5d
SHA1 abb7a6411410013f03d8eca92e9b41513c9db5ae
SHA256 4b5c68571a9f26d7a9982cef694e3649e1198d76341c54085b30f48cad516dfb
SHA512 069fb62f588b207b0ad44c749934382c50ad287003b7e8f29eb44e2975233636ae5f76615cb6105a5da6337b04bbb15e25b9b3ba58835b0034ec2a46b77e1673

C:\Windows\System\oQnaVLS.exe

MD5 33ad80f12006d0db752c927b938c2289
SHA1 f52e9f1582f04f9c3f41832edd5931a33c8a6b34
SHA256 fd1fa309ef83b89d03d2a8f66825846b9b236bfb2147b5bf7d50af8e79e04e20
SHA512 8242f037411ef9a521a2f1684c4f903690744bca11989341548a5350986e1abb9c325f7f40e7d93b2bace519fc4ff674130f0999bc353d8b5367e24681a9e26f

memory/808-90-0x00007FF7EE0B0000-0x00007FF7EE404000-memory.dmp

C:\Windows\System\HOkVhdO.exe

MD5 3c3bc20bdcfc129acdd3888b38b78575
SHA1 4fbc397946cbcde00298ad265d5f22c845189fc8
SHA256 fc65533255b777b58ddc946e6ae9b39c1b6b5752b5f08c5cc4ce0946ed524167
SHA512 bcebc9a2e3f4cb93b5ccbd38d48977ea7117e5adc0020cc2c730280fb3cd00aac01e7e8695451ea4577474f6fb723765fbb82c25937f7f3876e5afb06f2c93a9

memory/5100-105-0x00007FF739310000-0x00007FF739664000-memory.dmp

C:\Windows\System\UzqHdLO.exe

MD5 4c6304df03ba168ab5b7db51559da987
SHA1 798d183d2d41edc245c1cb464ad3673e616a8bed
SHA256 b871966bc0fa6461e167c59e82a4c1625d1c5e438b4130a63826ec698e00b4cc
SHA512 f9a312c9887ab5d98de1e6152e3d00037a86a07a071c8dfdc43a6006371f87c68bea93298987ad4f1c6bf7ab1727a7ddcb2198307a439ebaefb2dd77dbeff0ff

memory/2512-107-0x00007FF692E90000-0x00007FF6931E4000-memory.dmp

memory/1272-106-0x00007FF7F06F0000-0x00007FF7F0A44000-memory.dmp

C:\Windows\System\UzqHdLO.exe

MD5 4dc89ef02b5bcac29f193918f2ea6167
SHA1 3432f7a129efd2cadbd182816e53e7779ea3a973
SHA256 3f381e48a74604f3402db4e562d4ffc7cef40226d8caeb59d3fdf1dd97f0d7bc
SHA512 c6cedad3fbdee0f427a072f0e351734ed486d8a1a2b95ab7f589d9e3586e5124e9de5e83a6e3d000cf3894621c7afedf0f9b8125bce923af031385039f35f632

C:\Windows\System\XbMWSje.exe

MD5 b22a674753346d503f5a52c77843c631
SHA1 ddb807ecef879ac8b34b5ffb1f49f470fad10405
SHA256 659f85e71cf22709da54792672d8f55ba3b32f58303dea95ff2698a527551052
SHA512 f83b8d9becc3f9230f952c2a8f78efe278231d442bb11a7f6e208bafef565c233952dc0c289642018266d243ff09f00f49182d78dc915f14393869bf6edf53f4

memory/4568-102-0x00007FF7B5C40000-0x00007FF7B5F94000-memory.dmp

C:\Windows\System\wGOlCxs.exe

MD5 fe23d8f2a683ea3c37e211db5c47c198
SHA1 c8d98757080f758fa71fe2947f967f4c2ba26b77
SHA256 e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8
SHA512 ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

C:\Windows\System\wGOlCxs.exe

MD5 0642442db4acbbfb6037e06789624264
SHA1 923aee440a6887c7a7a8a78085aa492b2cdcee65
SHA256 5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85
SHA512 7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

memory/4440-96-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp

memory/3704-95-0x00007FF757360000-0x00007FF7576B4000-memory.dmp

C:\Windows\System\uieuqtp.exe

MD5 728f1f1ca194e50ce967bf9cc550f15b
SHA1 36a0bb25736147e6f1b0a4c84ea9ca98333ca854
SHA256 a05961fc592f72d2271183b6d25519029718105fde0de203b7cbc930232ee4a9
SHA512 95733a1496bccdf59d4d09d635d1e2377eb66f9b8a7b271a3ccdeeaa639c1d478dd9817ce7b3242966f64be6261676b2c177788b9e131c4d0e57d6e5dabdfe94

memory/828-152-0x00007FF6BE2B0000-0x00007FF6BE604000-memory.dmp

C:\Windows\System\zoneTFh.exe

MD5 c756c91a1728b63311248c2f906fbfd7
SHA1 7fd5ce42cc7076eee2032e68637d0c408993b8e8
SHA256 e817f9f969f141a9ed42427caf285da26408be43560d6d9d1686082f0b08086d
SHA512 cb9f84fe6b076ce3263604b362a746106e6f3aec413e20586611e73232f15d50f8dfc4fd8cb052d131a88e8b306090a0b5b7a32a8a4e21c6903414a8f155c7c6

memory/4656-166-0x00007FF6824F0000-0x00007FF682844000-memory.dmp

C:\Windows\System\FqIcOoS.exe

MD5 6bb4cb9c432e4cb6f63005d3bd27a685
SHA1 6657ecb53e5a91542e376235dde65aed48e744f8
SHA256 9aee2d10f86865b119b9f3ead2aa9991334423c7e74d2df38b6c515ca42bdbe0
SHA512 279790d3b2450b5744d9c9a10c655b307c649b6d7a8b3cd9796fbddaa113bf932f5c212ea46d900463a69596dc3a24dfa47980c8cd6b19072c0b16f0be57d86d

C:\Windows\System\sRDGioy.exe

MD5 864bf5738c707cd87253c23f258b4dab
SHA1 03be0714f6d88ce0e4f10076d253de505738af81
SHA256 75978824fb7e40ff0345426a1f8613b9084842c77856acb8d7b39baeaec17063
SHA512 64eb6ea0a622cb73184247f2969c09caeca3bda1edd5af1b10752d9479b03d7199801aca13c8987bf9a0819a61392dd84fc38b3f5215d7b965de7edd9af75a42

memory/2520-209-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp

memory/808-893-0x00007FF7EE0B0000-0x00007FF7EE404000-memory.dmp

memory/4104-890-0x00007FF78A6F0000-0x00007FF78AA44000-memory.dmp

memory/4504-888-0x00007FF614F00000-0x00007FF615254000-memory.dmp

memory/1792-885-0x00007FF67A750000-0x00007FF67AAA4000-memory.dmp

memory/1728-566-0x00007FF7A9730000-0x00007FF7A9A84000-memory.dmp

memory/2512-1079-0x00007FF692E90000-0x00007FF6931E4000-memory.dmp

memory/1272-1078-0x00007FF7F06F0000-0x00007FF7F0A44000-memory.dmp

memory/2624-205-0x00007FF7556E0000-0x00007FF755A34000-memory.dmp

memory/2452-202-0x00007FF7A57A0000-0x00007FF7A5AF4000-memory.dmp

memory/4936-194-0x00007FF723940000-0x00007FF723C94000-memory.dmp

memory/1576-192-0x00007FF68F6D0000-0x00007FF68FA24000-memory.dmp

memory/1444-189-0x00007FF755360000-0x00007FF7556B4000-memory.dmp

C:\Windows\System\ZFOQfdN.exe

MD5 4f95891f5d283edb0ac1e8935f22c376
SHA1 0cd9720a9a64243ee6ca46068a3d78fca2f30305
SHA256 e50b3f81e3ecfc0b2abf4fea4e1eaecd65de5a79aac93d678f1336a0c89dae7f
SHA512 430fe65e698f6ad131b84055262807c396617335d975f098724f07b4f702d71f109698c0eb26fec40c9fc0567cd53af774ac12dac63bcee9cb73d683292e9d80

C:\Windows\System\pOdlUIf.exe

MD5 97fadd1c69194fb7cfecc7fdc9934ef4
SHA1 d3f5262d2b3257b118f21cd4b54c99a184d81391
SHA256 36baca86d9718e877b6e34dceb79ec40a5bada066a9cc1323e1730615e02f87e
SHA512 3d27bb1269cefd22184eba9854d2809a72337d676ee44a41280c8d28843aa32922915e69dbbbb1ac6b3453d342a51457a579642b4ddd8f7d407393548f50d4d3

memory/1216-162-0x00007FF7E5C90000-0x00007FF7E5FE4000-memory.dmp

memory/4616-146-0x00007FF63A120000-0x00007FF63A474000-memory.dmp

memory/2980-142-0x00007FF622250000-0x00007FF6225A4000-memory.dmp

C:\Windows\System\pmOtREc.exe

MD5 305583dfa9a801cd5ba5861f3adeabe8
SHA1 4c7a3a0d2f5819ef1c49a485bf694e28f2b5d1f2
SHA256 46a6d65d84ad2d2fc12d4fca659a43f70c40321b46e864c00b44c596c760d251
SHA512 4f2c08f17dd8115308ada80e4e04ad4d402e8ee44a5354b76d86b6c60215a9c11a96adbfc190b2c03ae98e9ad496ebc2c0abc2cd4833fdb7bd93254811eb654d

memory/4672-136-0x00007FF7B2290000-0x00007FF7B25E4000-memory.dmp

C:\Windows\System\SqjwfwY.exe

MD5 cd5ef36ef03eac2b20cce67daca8e60e
SHA1 78ffe5bdf11fd5c1af061891a6f825c7e6d5971e
SHA256 c9394411c09cedeb6199f3ce46bf92c0c6fd19fa68844008591c10a1cf195974
SHA512 5806b974fa088e66d040826bc66b929a74fa0017878d780c1b5daeca898125a6d7965ed63fbdb5f892a98e1909fc8fae29ef3faa316e6f8db54adbdaa8571a2a

memory/4152-131-0x00007FF614D10000-0x00007FF615064000-memory.dmp

C:\Windows\System\VNqbwZL.exe

MD5 385b17a042f00558fc0077e33510b055
SHA1 d81798573a068c9061ab04ac55b12ae4e6c5e5d1
SHA256 a33ebc6df5e2f596c90de9bed4714ba4d43173c2460c78081f494d6012a132b0
SHA512 c07e3f93bdf7e2630c56d04ea2693236c07bede826607dfdc2aff7727d2bab9911ccaebd2d732c0ace9fe03a019ed3fad03766e9ad17627df753fd92e7fa7265

C:\Windows\System\wIAuKQo.exe

MD5 43dbfe98da0368a1bd67501793f17ef6
SHA1 beb71607173546a475469bf5d38a67e853ee3253
SHA256 6723a9bddb8b56bd55bd1676ac005e0de669cd88b077bfc677f3e31bca81a4ea
SHA512 2f43ad5eed0fd60c70abe32af404ac03a4a6088c7b2b80e7cec58c2e44c06efec83b7a6b683a41f54c89e16e1b4de7cd434aa345ccba2a5c7c5201f288c66236

C:\Windows\System\wIAuKQo.exe

MD5 b5d6cf659854ef3bf9113055ad7a7f87
SHA1 2e75ce3b6baf559701483aa6bfa4869e0c76d9ea
SHA256 43b4c81c8d36e59761c895fc01047d733f5b47fdcd0c28f21d7af76c94249592
SHA512 46e94581965c834ba23274b8d3c33f268fe7da91c49a8a6911c1a399ff24b711373cb8f61e5158d00eb28b0312462ca8ae964b97d518a0695cf0c6a64d8a5e60

memory/4364-116-0x00007FF6FA270000-0x00007FF6FA5C4000-memory.dmp

C:\Windows\System\TwVLyKk.exe

MD5 b9db161620f45936f7aa827b1e83b499
SHA1 1f45ee3783a2897960e3397a0963aa7492ad584d
SHA256 591dfe4e6df98d27205e05c04a8bd8b892993f7f5ff2287919175708dc67ba82
SHA512 0d8798a3d33b06f01e8b54543a5741d558ce47b1298b322f9504640dfc610b065879b6e20bff77f476311f0297628a9ff55a94ef6ae5f1c8deda4ea1b9f89daf

C:\Windows\System\fsxPvOp.exe

MD5 34b6a29e249aa37d54abe37b69ce28de
SHA1 6c58adf5c3a2a8f45fbd33936a40498586fd992f
SHA256 923c78f2bdd14d4fb60b1d6f2f5ab0fefb0189a538738a28ef849e8b7cfe9c1e
SHA512 fe83c79263d17f4a5b3de74a664d6ac886224382de270a9ec425dc09371d6ace72817de2a04d20d367c06250d7fb1aec62d230938b8d724d1d76de499e5df751

memory/2124-87-0x00007FF6D3A10000-0x00007FF6D3D64000-memory.dmp

memory/4104-83-0x00007FF78A6F0000-0x00007FF78AA44000-memory.dmp

memory/4152-1080-0x00007FF614D10000-0x00007FF615064000-memory.dmp

memory/3352-72-0x00007FF7B1290000-0x00007FF7B15E4000-memory.dmp

memory/4504-70-0x00007FF614F00000-0x00007FF615254000-memory.dmp

C:\Windows\System\daPRBpS.exe

MD5 3ecf7a45550a8e88d7bc0ab21638bc40
SHA1 4eaf7851af1e444ed53ef7b8b3faeb40b2bab07e
SHA256 0184f3a71b1e584c4038ec22d4789021172eacf825a615dc1d6f5a65dfe6a5d2
SHA512 36dcd7c001dc9936bd1e27a6b4d4812bba11dd1b8c985319357511d0d44b540865a90db945a7c3ca4dfbfb36b7dd7e2722f57739e4343bc2538d7c57d8efa921

C:\Windows\System\qnljnNE.exe

MD5 8a44452e4020a5690bdb5ab4b9423a30
SHA1 4c411a1c72f814994199ff87e2b15a023e8ec369
SHA256 11f8d90029978b95c0d172136a1a1e9fd350b1531c027ef2956a436ecc0f23c2
SHA512 1c509b1048697ea0666b458b36ab55ba466e8cf34835bddc820597e47ba06b780c081d40ee741e43ebc310617f51bf86b8181cac038f5b71669b77caa09bad01

memory/1792-53-0x00007FF67A750000-0x00007FF67AAA4000-memory.dmp

C:\Windows\System\eKFJeDi.exe

MD5 d381f97a19b34824800709182fd4459a
SHA1 ca7539e4446b81b41b67d656cb2467cd0283f7bc
SHA256 4867bc965ad936a06665edd42723284da7d03ce2cd10f1e78d5b553be22f55d4
SHA512 f513d5406959c510a32a6f7368141ce8696b87407be67f680c3099a635260c2c0fb003ef349fb16b2153c72c311d2632ea4a81e90297d3c2df4c7aa2c12e1142

memory/2520-42-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp

C:\Windows\System\eKFJeDi.exe

MD5 7902c2dd114d86428bdfc4feb3cace20
SHA1 9244ac59e1fd4904bad18810318c6371d04e42e7
SHA256 8105f4260178ab2c0efb9504456b9077f8db1b782efb1060a428a5522b2e6fbc
SHA512 fd47002585ec4db069b15276d2221c986a912d3aa1a901f620bf0f8c666d1db80695f64d1fb2144dbde580a6e01d390ff0c9a15da2bfda3307ea76be5f44837d

memory/740-33-0x00007FF6B15C0000-0x00007FF6B1914000-memory.dmp

C:\Windows\System\nHAHRBe.exe

MD5 9f1b36868026c17ab127fdecf13ba3b8
SHA1 461cb2085a9308f9dd94265dd422d8072eccb3a7
SHA256 734d0055831a60469a5ee3d37b5842a176af97daf4e66ca750bde87812fc5dea
SHA512 53a89a552a6f5e0070b3bd0f18d05d3ab3b3b38c5f55f3432ca57405d2e736cb3ee27cc4315d833ac0584f01fd788682f316dc5e8c7e68e6e7c29c4202b0f1fa

memory/1728-22-0x00007FF7A9730000-0x00007FF7A9A84000-memory.dmp

C:\Windows\System\ftYdTMm.exe

MD5 a6c9378cbe736e37247a5656af4a08a7
SHA1 f2c0b5f9ecb6e9076ce0da84c64fcaf53ad22bbf
SHA256 3f26eb9aca3a49f6523a16aaf86664dbf7c7d4b3fe036acff9f5ccdf776ee5f7
SHA512 b75a680af48a5e37eea8daa31980261114df8c3d30a6d49b2f1f837689b872ea24f824a7bc4d375f0b0dd6bf696f17145c643702025062de7994590d8de135cb

memory/4656-8-0x00007FF6824F0000-0x00007FF682844000-memory.dmp

C:\Windows\System\yRfnabL.exe

MD5 17b0532288d778f589c1304b97256b93
SHA1 a87ca13c6a7b4386b155a09eb335d843ce6dc139
SHA256 60373ca684ff2cac20f2baa94342fc30920f2e998f825d0d3476eac26d814224
SHA512 dc165a25d2b435472a2679d9c8c5c0d6c9cfb2ae29f30e3a305a53aeb16232fd4f8b83814d39811b6ee20ff3f02c0b28a2ba13ea7782cfa01c20c9b470c2169e

memory/2980-1-0x00000208FDDC0000-0x00000208FDDD0000-memory.dmp

memory/4672-1081-0x00007FF7B2290000-0x00007FF7B25E4000-memory.dmp

memory/4616-1082-0x00007FF63A120000-0x00007FF63A474000-memory.dmp

memory/4656-1083-0x00007FF6824F0000-0x00007FF682844000-memory.dmp

memory/688-1084-0x00007FF6ADBB0000-0x00007FF6ADF04000-memory.dmp

memory/1728-1085-0x00007FF7A9730000-0x00007FF7A9A84000-memory.dmp

memory/740-1086-0x00007FF6B15C0000-0x00007FF6B1914000-memory.dmp

memory/2520-1087-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp

memory/2284-1088-0x00007FF763AB0000-0x00007FF763E04000-memory.dmp

memory/1792-1089-0x00007FF67A750000-0x00007FF67AAA4000-memory.dmp

memory/3704-1091-0x00007FF757360000-0x00007FF7576B4000-memory.dmp

memory/3352-1090-0x00007FF7B1290000-0x00007FF7B15E4000-memory.dmp

memory/4440-1093-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp

memory/4504-1092-0x00007FF614F00000-0x00007FF615254000-memory.dmp

memory/4104-1094-0x00007FF78A6F0000-0x00007FF78AA44000-memory.dmp

memory/4568-1096-0x00007FF7B5C40000-0x00007FF7B5F94000-memory.dmp

memory/2124-1095-0x00007FF6D3A10000-0x00007FF6D3D64000-memory.dmp

memory/5100-1097-0x00007FF739310000-0x00007FF739664000-memory.dmp

memory/808-1098-0x00007FF7EE0B0000-0x00007FF7EE404000-memory.dmp

memory/1272-1100-0x00007FF7F06F0000-0x00007FF7F0A44000-memory.dmp

memory/2512-1099-0x00007FF692E90000-0x00007FF6931E4000-memory.dmp

memory/4364-1101-0x00007FF6FA270000-0x00007FF6FA5C4000-memory.dmp

memory/4152-1102-0x00007FF614D10000-0x00007FF615064000-memory.dmp

memory/4672-1103-0x00007FF7B2290000-0x00007FF7B25E4000-memory.dmp

memory/1216-1106-0x00007FF7E5C90000-0x00007FF7E5FE4000-memory.dmp

memory/4936-1109-0x00007FF723940000-0x00007FF723C94000-memory.dmp

memory/1444-1108-0x00007FF755360000-0x00007FF7556B4000-memory.dmp

memory/1576-1107-0x00007FF68F6D0000-0x00007FF68FA24000-memory.dmp

memory/4616-1105-0x00007FF63A120000-0x00007FF63A474000-memory.dmp

memory/828-1104-0x00007FF6BE2B0000-0x00007FF6BE604000-memory.dmp

memory/2452-1111-0x00007FF7A57A0000-0x00007FF7A5AF4000-memory.dmp

memory/2624-1110-0x00007FF7556E0000-0x00007FF755A34000-memory.dmp