Malware Analysis Report

2024-10-10 08:36

Sample ID 240608-fq6lbaac77
Target 8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe
SHA256 1a377a291144dd6820224425315932f4663547d94808f666ff243f5cb713a05b
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a377a291144dd6820224425315932f4663547d94808f666ff243f5cb713a05b

Threat Level: Known bad

The file 8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

KPOT

KPOT Core Executable

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 05:05

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 05:05

Reported

2024-06-08 05:08

Platform

win7-20240221-en

Max time kernel

140s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cXnCQor.exe N/A
N/A N/A C:\Windows\System\IHTKaEo.exe N/A
N/A N/A C:\Windows\System\nxdRXWl.exe N/A
N/A N/A C:\Windows\System\jzXoKWm.exe N/A
N/A N/A C:\Windows\System\WScrSfq.exe N/A
N/A N/A C:\Windows\System\KEdAYIR.exe N/A
N/A N/A C:\Windows\System\fgtPGfp.exe N/A
N/A N/A C:\Windows\System\pesHZIH.exe N/A
N/A N/A C:\Windows\System\xrHGTGz.exe N/A
N/A N/A C:\Windows\System\bTtwqzd.exe N/A
N/A N/A C:\Windows\System\QprdLSw.exe N/A
N/A N/A C:\Windows\System\znrcWVN.exe N/A
N/A N/A C:\Windows\System\LvXrKvK.exe N/A
N/A N/A C:\Windows\System\RhQWHMt.exe N/A
N/A N/A C:\Windows\System\cZDPRNd.exe N/A
N/A N/A C:\Windows\System\oLjSbRZ.exe N/A
N/A N/A C:\Windows\System\iKbthZu.exe N/A
N/A N/A C:\Windows\System\OLmZyKI.exe N/A
N/A N/A C:\Windows\System\STXANUw.exe N/A
N/A N/A C:\Windows\System\YNGLBeG.exe N/A
N/A N/A C:\Windows\System\aDAIwax.exe N/A
N/A N/A C:\Windows\System\oxmXNWc.exe N/A
N/A N/A C:\Windows\System\UTzpDLh.exe N/A
N/A N/A C:\Windows\System\AfYSChl.exe N/A
N/A N/A C:\Windows\System\JUGdTSR.exe N/A
N/A N/A C:\Windows\System\MApfEDb.exe N/A
N/A N/A C:\Windows\System\FzPRWkU.exe N/A
N/A N/A C:\Windows\System\xPIPICL.exe N/A
N/A N/A C:\Windows\System\EzOFRVi.exe N/A
N/A N/A C:\Windows\System\dorVUxM.exe N/A
N/A N/A C:\Windows\System\UvCAkUp.exe N/A
N/A N/A C:\Windows\System\GMuQlCw.exe N/A
N/A N/A C:\Windows\System\taKJjbP.exe N/A
N/A N/A C:\Windows\System\DYQImly.exe N/A
N/A N/A C:\Windows\System\iPpHRxm.exe N/A
N/A N/A C:\Windows\System\yqzhaww.exe N/A
N/A N/A C:\Windows\System\OMcVLSX.exe N/A
N/A N/A C:\Windows\System\UnvXTAj.exe N/A
N/A N/A C:\Windows\System\rjBuPvW.exe N/A
N/A N/A C:\Windows\System\ZSQtKGI.exe N/A
N/A N/A C:\Windows\System\SgKElfq.exe N/A
N/A N/A C:\Windows\System\qSVjXRV.exe N/A
N/A N/A C:\Windows\System\TMthKiH.exe N/A
N/A N/A C:\Windows\System\XKYAyIY.exe N/A
N/A N/A C:\Windows\System\vdztSjg.exe N/A
N/A N/A C:\Windows\System\QXhoRUm.exe N/A
N/A N/A C:\Windows\System\yzIPSVX.exe N/A
N/A N/A C:\Windows\System\BlKSeXt.exe N/A
N/A N/A C:\Windows\System\SpurfVd.exe N/A
N/A N/A C:\Windows\System\PHxvWUz.exe N/A
N/A N/A C:\Windows\System\dcJgqUl.exe N/A
N/A N/A C:\Windows\System\nomUQpa.exe N/A
N/A N/A C:\Windows\System\EZrDURy.exe N/A
N/A N/A C:\Windows\System\ScxLAkG.exe N/A
N/A N/A C:\Windows\System\JzrufKc.exe N/A
N/A N/A C:\Windows\System\jEdAAOF.exe N/A
N/A N/A C:\Windows\System\whrzOlM.exe N/A
N/A N/A C:\Windows\System\DFOesFN.exe N/A
N/A N/A C:\Windows\System\FEJYCTU.exe N/A
N/A N/A C:\Windows\System\KpEfoNf.exe N/A
N/A N/A C:\Windows\System\QNTrtXf.exe N/A
N/A N/A C:\Windows\System\SwhoKKu.exe N/A
N/A N/A C:\Windows\System\WgTrQiN.exe N/A
N/A N/A C:\Windows\System\ZcmOdBd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\faKxIgX.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\IONmuSY.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\jEdAAOF.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\goYMYwI.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiVTvxA.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKduNwn.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUGdTSR.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnvXTAj.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxbSbCQ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDGMibO.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\jAirKmJ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhgPraN.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhRsoUd.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfYSChl.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPcWhGy.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBnjjgf.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruJpUQf.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\blmpGiY.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\uBNYnvM.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVLmFdr.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRmeHPc.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKIiyuC.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\huHZmZd.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\UJZDapx.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGltEeA.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCLlWOg.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\WEqcjfW.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\TyGceSP.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\LadorGK.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\EEEdUZa.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGZgdWD.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpdygBn.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\oLjSbRZ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\QprdLSw.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\vpGLnZb.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\XsdwCzV.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrHGTGz.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\hOBwkGw.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaOJCzv.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\dhYcnEK.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJKspiQ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKNzGYS.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\MruHzRg.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxwYDPu.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\BjNDzlw.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHMBooL.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdMeiXQ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqsagQD.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\kHosoHK.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDAIwax.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqvflPA.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKckrjF.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\UTzpDLh.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\yCQBAci.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\aotzXvq.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\tKiEhsw.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghYvtPl.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPqEwKR.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXwzfhh.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsSKQmJ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\aEbRQBH.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\RhQWHMt.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIwGqce.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\HEJXvKp.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cXnCQor.exe
PID 1700 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cXnCQor.exe
PID 1700 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cXnCQor.exe
PID 1700 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\IHTKaEo.exe
PID 1700 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\IHTKaEo.exe
PID 1700 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\IHTKaEo.exe
PID 1700 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\nxdRXWl.exe
PID 1700 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\nxdRXWl.exe
PID 1700 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\nxdRXWl.exe
PID 1700 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\jzXoKWm.exe
PID 1700 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\jzXoKWm.exe
PID 1700 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\jzXoKWm.exe
PID 1700 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\KEdAYIR.exe
PID 1700 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\KEdAYIR.exe
PID 1700 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\KEdAYIR.exe
PID 1700 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\WScrSfq.exe
PID 1700 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\WScrSfq.exe
PID 1700 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\WScrSfq.exe
PID 1700 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fgtPGfp.exe
PID 1700 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fgtPGfp.exe
PID 1700 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fgtPGfp.exe
PID 1700 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\pesHZIH.exe
PID 1700 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\pesHZIH.exe
PID 1700 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\pesHZIH.exe
PID 1700 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\xrHGTGz.exe
PID 1700 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\xrHGTGz.exe
PID 1700 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\xrHGTGz.exe
PID 1700 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\bTtwqzd.exe
PID 1700 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\bTtwqzd.exe
PID 1700 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\bTtwqzd.exe
PID 1700 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\QprdLSw.exe
PID 1700 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\QprdLSw.exe
PID 1700 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\QprdLSw.exe
PID 1700 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\znrcWVN.exe
PID 1700 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\znrcWVN.exe
PID 1700 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\znrcWVN.exe
PID 1700 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\RhQWHMt.exe
PID 1700 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\RhQWHMt.exe
PID 1700 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\RhQWHMt.exe
PID 1700 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\LvXrKvK.exe
PID 1700 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\LvXrKvK.exe
PID 1700 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\LvXrKvK.exe
PID 1700 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cZDPRNd.exe
PID 1700 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cZDPRNd.exe
PID 1700 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cZDPRNd.exe
PID 1700 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oLjSbRZ.exe
PID 1700 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oLjSbRZ.exe
PID 1700 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oLjSbRZ.exe
PID 1700 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\OLmZyKI.exe
PID 1700 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\OLmZyKI.exe
PID 1700 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\OLmZyKI.exe
PID 1700 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\iKbthZu.exe
PID 1700 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\iKbthZu.exe
PID 1700 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\iKbthZu.exe
PID 1700 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\STXANUw.exe
PID 1700 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\STXANUw.exe
PID 1700 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\STXANUw.exe
PID 1700 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\YNGLBeG.exe
PID 1700 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\YNGLBeG.exe
PID 1700 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\YNGLBeG.exe
PID 1700 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\aDAIwax.exe
PID 1700 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\aDAIwax.exe
PID 1700 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\aDAIwax.exe
PID 1700 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oxmXNWc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe"

C:\Windows\System\cXnCQor.exe

C:\Windows\System\cXnCQor.exe

C:\Windows\System\IHTKaEo.exe

C:\Windows\System\IHTKaEo.exe

C:\Windows\System\nxdRXWl.exe

C:\Windows\System\nxdRXWl.exe

C:\Windows\System\jzXoKWm.exe

C:\Windows\System\jzXoKWm.exe

C:\Windows\System\KEdAYIR.exe

C:\Windows\System\KEdAYIR.exe

C:\Windows\System\WScrSfq.exe

C:\Windows\System\WScrSfq.exe

C:\Windows\System\fgtPGfp.exe

C:\Windows\System\fgtPGfp.exe

C:\Windows\System\pesHZIH.exe

C:\Windows\System\pesHZIH.exe

C:\Windows\System\xrHGTGz.exe

C:\Windows\System\xrHGTGz.exe

C:\Windows\System\bTtwqzd.exe

C:\Windows\System\bTtwqzd.exe

C:\Windows\System\QprdLSw.exe

C:\Windows\System\QprdLSw.exe

C:\Windows\System\znrcWVN.exe

C:\Windows\System\znrcWVN.exe

C:\Windows\System\RhQWHMt.exe

C:\Windows\System\RhQWHMt.exe

C:\Windows\System\LvXrKvK.exe

C:\Windows\System\LvXrKvK.exe

C:\Windows\System\cZDPRNd.exe

C:\Windows\System\cZDPRNd.exe

C:\Windows\System\oLjSbRZ.exe

C:\Windows\System\oLjSbRZ.exe

C:\Windows\System\OLmZyKI.exe

C:\Windows\System\OLmZyKI.exe

C:\Windows\System\iKbthZu.exe

C:\Windows\System\iKbthZu.exe

C:\Windows\System\STXANUw.exe

C:\Windows\System\STXANUw.exe

C:\Windows\System\YNGLBeG.exe

C:\Windows\System\YNGLBeG.exe

C:\Windows\System\aDAIwax.exe

C:\Windows\System\aDAIwax.exe

C:\Windows\System\oxmXNWc.exe

C:\Windows\System\oxmXNWc.exe

C:\Windows\System\UTzpDLh.exe

C:\Windows\System\UTzpDLh.exe

C:\Windows\System\AfYSChl.exe

C:\Windows\System\AfYSChl.exe

C:\Windows\System\JUGdTSR.exe

C:\Windows\System\JUGdTSR.exe

C:\Windows\System\MApfEDb.exe

C:\Windows\System\MApfEDb.exe

C:\Windows\System\FzPRWkU.exe

C:\Windows\System\FzPRWkU.exe

C:\Windows\System\xPIPICL.exe

C:\Windows\System\xPIPICL.exe

C:\Windows\System\EzOFRVi.exe

C:\Windows\System\EzOFRVi.exe

C:\Windows\System\dorVUxM.exe

C:\Windows\System\dorVUxM.exe

C:\Windows\System\UvCAkUp.exe

C:\Windows\System\UvCAkUp.exe

C:\Windows\System\GMuQlCw.exe

C:\Windows\System\GMuQlCw.exe

C:\Windows\System\taKJjbP.exe

C:\Windows\System\taKJjbP.exe

C:\Windows\System\DYQImly.exe

C:\Windows\System\DYQImly.exe

C:\Windows\System\iPpHRxm.exe

C:\Windows\System\iPpHRxm.exe

C:\Windows\System\yqzhaww.exe

C:\Windows\System\yqzhaww.exe

C:\Windows\System\OMcVLSX.exe

C:\Windows\System\OMcVLSX.exe

C:\Windows\System\UnvXTAj.exe

C:\Windows\System\UnvXTAj.exe

C:\Windows\System\rjBuPvW.exe

C:\Windows\System\rjBuPvW.exe

C:\Windows\System\ZSQtKGI.exe

C:\Windows\System\ZSQtKGI.exe

C:\Windows\System\SgKElfq.exe

C:\Windows\System\SgKElfq.exe

C:\Windows\System\qSVjXRV.exe

C:\Windows\System\qSVjXRV.exe

C:\Windows\System\TMthKiH.exe

C:\Windows\System\TMthKiH.exe

C:\Windows\System\XKYAyIY.exe

C:\Windows\System\XKYAyIY.exe

C:\Windows\System\vdztSjg.exe

C:\Windows\System\vdztSjg.exe

C:\Windows\System\QXhoRUm.exe

C:\Windows\System\QXhoRUm.exe

C:\Windows\System\yzIPSVX.exe

C:\Windows\System\yzIPSVX.exe

C:\Windows\System\BlKSeXt.exe

C:\Windows\System\BlKSeXt.exe

C:\Windows\System\SpurfVd.exe

C:\Windows\System\SpurfVd.exe

C:\Windows\System\PHxvWUz.exe

C:\Windows\System\PHxvWUz.exe

C:\Windows\System\dcJgqUl.exe

C:\Windows\System\dcJgqUl.exe

C:\Windows\System\nomUQpa.exe

C:\Windows\System\nomUQpa.exe

C:\Windows\System\EZrDURy.exe

C:\Windows\System\EZrDURy.exe

C:\Windows\System\ScxLAkG.exe

C:\Windows\System\ScxLAkG.exe

C:\Windows\System\JzrufKc.exe

C:\Windows\System\JzrufKc.exe

C:\Windows\System\jEdAAOF.exe

C:\Windows\System\jEdAAOF.exe

C:\Windows\System\whrzOlM.exe

C:\Windows\System\whrzOlM.exe

C:\Windows\System\DFOesFN.exe

C:\Windows\System\DFOesFN.exe

C:\Windows\System\FEJYCTU.exe

C:\Windows\System\FEJYCTU.exe

C:\Windows\System\KpEfoNf.exe

C:\Windows\System\KpEfoNf.exe

C:\Windows\System\QNTrtXf.exe

C:\Windows\System\QNTrtXf.exe

C:\Windows\System\SwhoKKu.exe

C:\Windows\System\SwhoKKu.exe

C:\Windows\System\WgTrQiN.exe

C:\Windows\System\WgTrQiN.exe

C:\Windows\System\ZcmOdBd.exe

C:\Windows\System\ZcmOdBd.exe

C:\Windows\System\CYTHEDT.exe

C:\Windows\System\CYTHEDT.exe

C:\Windows\System\AjFChlb.exe

C:\Windows\System\AjFChlb.exe

C:\Windows\System\MJGSrAm.exe

C:\Windows\System\MJGSrAm.exe

C:\Windows\System\gAfqXsJ.exe

C:\Windows\System\gAfqXsJ.exe

C:\Windows\System\LtJCBjb.exe

C:\Windows\System\LtJCBjb.exe

C:\Windows\System\dFvLpbQ.exe

C:\Windows\System\dFvLpbQ.exe

C:\Windows\System\uHaQQxW.exe

C:\Windows\System\uHaQQxW.exe

C:\Windows\System\xvqRiRB.exe

C:\Windows\System\xvqRiRB.exe

C:\Windows\System\LQHzCwD.exe

C:\Windows\System\LQHzCwD.exe

C:\Windows\System\zmvbIQN.exe

C:\Windows\System\zmvbIQN.exe

C:\Windows\System\fdHghjv.exe

C:\Windows\System\fdHghjv.exe

C:\Windows\System\EyOyuvj.exe

C:\Windows\System\EyOyuvj.exe

C:\Windows\System\LpLsdpE.exe

C:\Windows\System\LpLsdpE.exe

C:\Windows\System\lxghXpD.exe

C:\Windows\System\lxghXpD.exe

C:\Windows\System\pGltEeA.exe

C:\Windows\System\pGltEeA.exe

C:\Windows\System\dnDDvOz.exe

C:\Windows\System\dnDDvOz.exe

C:\Windows\System\sTdbQJM.exe

C:\Windows\System\sTdbQJM.exe

C:\Windows\System\didqlxU.exe

C:\Windows\System\didqlxU.exe

C:\Windows\System\vBmxZkf.exe

C:\Windows\System\vBmxZkf.exe

C:\Windows\System\MruHzRg.exe

C:\Windows\System\MruHzRg.exe

C:\Windows\System\IPUDlpa.exe

C:\Windows\System\IPUDlpa.exe

C:\Windows\System\IvgkzSr.exe

C:\Windows\System\IvgkzSr.exe

C:\Windows\System\KevntNE.exe

C:\Windows\System\KevntNE.exe

C:\Windows\System\rYTxryH.exe

C:\Windows\System\rYTxryH.exe

C:\Windows\System\MKNzGYS.exe

C:\Windows\System\MKNzGYS.exe

C:\Windows\System\PEVkzFU.exe

C:\Windows\System\PEVkzFU.exe

C:\Windows\System\IINBCef.exe

C:\Windows\System\IINBCef.exe

C:\Windows\System\zamrcAE.exe

C:\Windows\System\zamrcAE.exe

C:\Windows\System\hPqEwKR.exe

C:\Windows\System\hPqEwKR.exe

C:\Windows\System\NqctpQv.exe

C:\Windows\System\NqctpQv.exe

C:\Windows\System\OLqSyqZ.exe

C:\Windows\System\OLqSyqZ.exe

C:\Windows\System\tCKltmY.exe

C:\Windows\System\tCKltmY.exe

C:\Windows\System\tcxZKPW.exe

C:\Windows\System\tcxZKPW.exe

C:\Windows\System\nOGsBnG.exe

C:\Windows\System\nOGsBnG.exe

C:\Windows\System\blmpGiY.exe

C:\Windows\System\blmpGiY.exe

C:\Windows\System\uQVGuDO.exe

C:\Windows\System\uQVGuDO.exe

C:\Windows\System\gwSaHuR.exe

C:\Windows\System\gwSaHuR.exe

C:\Windows\System\KypyxBd.exe

C:\Windows\System\KypyxBd.exe

C:\Windows\System\sYDUOIh.exe

C:\Windows\System\sYDUOIh.exe

C:\Windows\System\kpyXvos.exe

C:\Windows\System\kpyXvos.exe

C:\Windows\System\gYCquks.exe

C:\Windows\System\gYCquks.exe

C:\Windows\System\bdFojfF.exe

C:\Windows\System\bdFojfF.exe

C:\Windows\System\UbzBDno.exe

C:\Windows\System\UbzBDno.exe

C:\Windows\System\gXwzfhh.exe

C:\Windows\System\gXwzfhh.exe

C:\Windows\System\VnmrUyX.exe

C:\Windows\System\VnmrUyX.exe

C:\Windows\System\TbPXoqB.exe

C:\Windows\System\TbPXoqB.exe

C:\Windows\System\iABgJov.exe

C:\Windows\System\iABgJov.exe

C:\Windows\System\XoltREO.exe

C:\Windows\System\XoltREO.exe

C:\Windows\System\byAAJNe.exe

C:\Windows\System\byAAJNe.exe

C:\Windows\System\CxwYDPu.exe

C:\Windows\System\CxwYDPu.exe

C:\Windows\System\uXxACCl.exe

C:\Windows\System\uXxACCl.exe

C:\Windows\System\ezpQpiw.exe

C:\Windows\System\ezpQpiw.exe

C:\Windows\System\AlVTIQW.exe

C:\Windows\System\AlVTIQW.exe

C:\Windows\System\QuKuCNV.exe

C:\Windows\System\QuKuCNV.exe

C:\Windows\System\nMgFOEp.exe

C:\Windows\System\nMgFOEp.exe

C:\Windows\System\BjNDzlw.exe

C:\Windows\System\BjNDzlw.exe

C:\Windows\System\XxbSbCQ.exe

C:\Windows\System\XxbSbCQ.exe

C:\Windows\System\gEkRenx.exe

C:\Windows\System\gEkRenx.exe

C:\Windows\System\GsSKQmJ.exe

C:\Windows\System\GsSKQmJ.exe

C:\Windows\System\pDGMibO.exe

C:\Windows\System\pDGMibO.exe

C:\Windows\System\dinudyv.exe

C:\Windows\System\dinudyv.exe

C:\Windows\System\SljgxYn.exe

C:\Windows\System\SljgxYn.exe

C:\Windows\System\SMaZONB.exe

C:\Windows\System\SMaZONB.exe

C:\Windows\System\xOtItNl.exe

C:\Windows\System\xOtItNl.exe

C:\Windows\System\tmVLOxy.exe

C:\Windows\System\tmVLOxy.exe

C:\Windows\System\DinGiNk.exe

C:\Windows\System\DinGiNk.exe

C:\Windows\System\QPWTgXF.exe

C:\Windows\System\QPWTgXF.exe

C:\Windows\System\vWNWksw.exe

C:\Windows\System\vWNWksw.exe

C:\Windows\System\uBNYnvM.exe

C:\Windows\System\uBNYnvM.exe

C:\Windows\System\GoMJzyq.exe

C:\Windows\System\GoMJzyq.exe

C:\Windows\System\oKduNwn.exe

C:\Windows\System\oKduNwn.exe

C:\Windows\System\AAkDrla.exe

C:\Windows\System\AAkDrla.exe

C:\Windows\System\eHMBooL.exe

C:\Windows\System\eHMBooL.exe

C:\Windows\System\ZkBCnJA.exe

C:\Windows\System\ZkBCnJA.exe

C:\Windows\System\aEbRQBH.exe

C:\Windows\System\aEbRQBH.exe

C:\Windows\System\SCartwG.exe

C:\Windows\System\SCartwG.exe

C:\Windows\System\ksaiciZ.exe

C:\Windows\System\ksaiciZ.exe

C:\Windows\System\Vcwhfus.exe

C:\Windows\System\Vcwhfus.exe

C:\Windows\System\cfAkGPr.exe

C:\Windows\System\cfAkGPr.exe

C:\Windows\System\UpTMVXD.exe

C:\Windows\System\UpTMVXD.exe

C:\Windows\System\jAirKmJ.exe

C:\Windows\System\jAirKmJ.exe

C:\Windows\System\rhgPraN.exe

C:\Windows\System\rhgPraN.exe

C:\Windows\System\oRpJZab.exe

C:\Windows\System\oRpJZab.exe

C:\Windows\System\ZqMpoza.exe

C:\Windows\System\ZqMpoza.exe

C:\Windows\System\yCQBAci.exe

C:\Windows\System\yCQBAci.exe

C:\Windows\System\BVXKcZW.exe

C:\Windows\System\BVXKcZW.exe

C:\Windows\System\ESlbyyr.exe

C:\Windows\System\ESlbyyr.exe

C:\Windows\System\BIHQebA.exe

C:\Windows\System\BIHQebA.exe

C:\Windows\System\UhOjUhA.exe

C:\Windows\System\UhOjUhA.exe

C:\Windows\System\xyBRAAn.exe

C:\Windows\System\xyBRAAn.exe

C:\Windows\System\DcvIgBw.exe

C:\Windows\System\DcvIgBw.exe

C:\Windows\System\rCuZOBE.exe

C:\Windows\System\rCuZOBE.exe

C:\Windows\System\tuKWUnB.exe

C:\Windows\System\tuKWUnB.exe

C:\Windows\System\KVLmFdr.exe

C:\Windows\System\KVLmFdr.exe

C:\Windows\System\SUUaTKK.exe

C:\Windows\System\SUUaTKK.exe

C:\Windows\System\moKKTCv.exe

C:\Windows\System\moKKTCv.exe

C:\Windows\System\zmnfVSW.exe

C:\Windows\System\zmnfVSW.exe

C:\Windows\System\mKocqbJ.exe

C:\Windows\System\mKocqbJ.exe

C:\Windows\System\GRmeHPc.exe

C:\Windows\System\GRmeHPc.exe

C:\Windows\System\PqmVaIV.exe

C:\Windows\System\PqmVaIV.exe

C:\Windows\System\ZUUVvid.exe

C:\Windows\System\ZUUVvid.exe

C:\Windows\System\FpZHPCP.exe

C:\Windows\System\FpZHPCP.exe

C:\Windows\System\GyXvdbs.exe

C:\Windows\System\GyXvdbs.exe

C:\Windows\System\rvNddsW.exe

C:\Windows\System\rvNddsW.exe

C:\Windows\System\TJBtywq.exe

C:\Windows\System\TJBtywq.exe

C:\Windows\System\faKxIgX.exe

C:\Windows\System\faKxIgX.exe

C:\Windows\System\QVudYgz.exe

C:\Windows\System\QVudYgz.exe

C:\Windows\System\mhRsoUd.exe

C:\Windows\System\mhRsoUd.exe

C:\Windows\System\lAhRIWx.exe

C:\Windows\System\lAhRIWx.exe

C:\Windows\System\bgfsFuZ.exe

C:\Windows\System\bgfsFuZ.exe

C:\Windows\System\wKIiyuC.exe

C:\Windows\System\wKIiyuC.exe

C:\Windows\System\kybfNid.exe

C:\Windows\System\kybfNid.exe

C:\Windows\System\ojoLjEu.exe

C:\Windows\System\ojoLjEu.exe

C:\Windows\System\ItfgdOo.exe

C:\Windows\System\ItfgdOo.exe

C:\Windows\System\SUsoXyn.exe

C:\Windows\System\SUsoXyn.exe

C:\Windows\System\huHZmZd.exe

C:\Windows\System\huHZmZd.exe

C:\Windows\System\arIfZPp.exe

C:\Windows\System\arIfZPp.exe

C:\Windows\System\UJZDapx.exe

C:\Windows\System\UJZDapx.exe

C:\Windows\System\GSkKoLq.exe

C:\Windows\System\GSkKoLq.exe

C:\Windows\System\HIwGqce.exe

C:\Windows\System\HIwGqce.exe

C:\Windows\System\IONmuSY.exe

C:\Windows\System\IONmuSY.exe

C:\Windows\System\TyGceSP.exe

C:\Windows\System\TyGceSP.exe

C:\Windows\System\uXWYsxF.exe

C:\Windows\System\uXWYsxF.exe

C:\Windows\System\pdMeiXQ.exe

C:\Windows\System\pdMeiXQ.exe

C:\Windows\System\wCLlWOg.exe

C:\Windows\System\wCLlWOg.exe

C:\Windows\System\cCHCOcd.exe

C:\Windows\System\cCHCOcd.exe

C:\Windows\System\ImgrqaC.exe

C:\Windows\System\ImgrqaC.exe

C:\Windows\System\wbXPxha.exe

C:\Windows\System\wbXPxha.exe

C:\Windows\System\UxibxJO.exe

C:\Windows\System\UxibxJO.exe

C:\Windows\System\OIduDLH.exe

C:\Windows\System\OIduDLH.exe

C:\Windows\System\DRjwHju.exe

C:\Windows\System\DRjwHju.exe

C:\Windows\System\aotzXvq.exe

C:\Windows\System\aotzXvq.exe

C:\Windows\System\lIyibPX.exe

C:\Windows\System\lIyibPX.exe

C:\Windows\System\goYMYwI.exe

C:\Windows\System\goYMYwI.exe

C:\Windows\System\OKBCVrM.exe

C:\Windows\System\OKBCVrM.exe

C:\Windows\System\SPbNijp.exe

C:\Windows\System\SPbNijp.exe

C:\Windows\System\BuIRKvv.exe

C:\Windows\System\BuIRKvv.exe

C:\Windows\System\DcrpSEt.exe

C:\Windows\System\DcrpSEt.exe

C:\Windows\System\LhzzUjd.exe

C:\Windows\System\LhzzUjd.exe

C:\Windows\System\hOBwkGw.exe

C:\Windows\System\hOBwkGw.exe

C:\Windows\System\MStXUws.exe

C:\Windows\System\MStXUws.exe

C:\Windows\System\evFDOpO.exe

C:\Windows\System\evFDOpO.exe

C:\Windows\System\tJSRPen.exe

C:\Windows\System\tJSRPen.exe

C:\Windows\System\rCwojdN.exe

C:\Windows\System\rCwojdN.exe

C:\Windows\System\LadorGK.exe

C:\Windows\System\LadorGK.exe

C:\Windows\System\gqvflPA.exe

C:\Windows\System\gqvflPA.exe

C:\Windows\System\gUtIPAe.exe

C:\Windows\System\gUtIPAe.exe

C:\Windows\System\ruJpUQf.exe

C:\Windows\System\ruJpUQf.exe

C:\Windows\System\iYEePzD.exe

C:\Windows\System\iYEePzD.exe

C:\Windows\System\TlVCEiV.exe

C:\Windows\System\TlVCEiV.exe

C:\Windows\System\DyNFVdD.exe

C:\Windows\System\DyNFVdD.exe

C:\Windows\System\aLeDyUO.exe

C:\Windows\System\aLeDyUO.exe

C:\Windows\System\NchUddK.exe

C:\Windows\System\NchUddK.exe

C:\Windows\System\nnuyGLV.exe

C:\Windows\System\nnuyGLV.exe

C:\Windows\System\sKmYiIe.exe

C:\Windows\System\sKmYiIe.exe

C:\Windows\System\TfQwsNh.exe

C:\Windows\System\TfQwsNh.exe

C:\Windows\System\YfqBOZY.exe

C:\Windows\System\YfqBOZY.exe

C:\Windows\System\EEEdUZa.exe

C:\Windows\System\EEEdUZa.exe

C:\Windows\System\GxtsLha.exe

C:\Windows\System\GxtsLha.exe

C:\Windows\System\XXviOXX.exe

C:\Windows\System\XXviOXX.exe

C:\Windows\System\dxXjCLS.exe

C:\Windows\System\dxXjCLS.exe

C:\Windows\System\gBWPUmp.exe

C:\Windows\System\gBWPUmp.exe

C:\Windows\System\VDvyqhT.exe

C:\Windows\System\VDvyqhT.exe

C:\Windows\System\JBilpMg.exe

C:\Windows\System\JBilpMg.exe

C:\Windows\System\tKuhBvf.exe

C:\Windows\System\tKuhBvf.exe

C:\Windows\System\xCwNYZa.exe

C:\Windows\System\xCwNYZa.exe

C:\Windows\System\oAgYuJT.exe

C:\Windows\System\oAgYuJT.exe

C:\Windows\System\VLHfJPu.exe

C:\Windows\System\VLHfJPu.exe

C:\Windows\System\EmVFsaA.exe

C:\Windows\System\EmVFsaA.exe

C:\Windows\System\iaOJCzv.exe

C:\Windows\System\iaOJCzv.exe

C:\Windows\System\HKckrjF.exe

C:\Windows\System\HKckrjF.exe

C:\Windows\System\WIpDoOu.exe

C:\Windows\System\WIpDoOu.exe

C:\Windows\System\RPcWhGy.exe

C:\Windows\System\RPcWhGy.exe

C:\Windows\System\IOWCOow.exe

C:\Windows\System\IOWCOow.exe

C:\Windows\System\ylEeHeZ.exe

C:\Windows\System\ylEeHeZ.exe

C:\Windows\System\taBdaQW.exe

C:\Windows\System\taBdaQW.exe

C:\Windows\System\vpGLnZb.exe

C:\Windows\System\vpGLnZb.exe

C:\Windows\System\hcqIAiQ.exe

C:\Windows\System\hcqIAiQ.exe

C:\Windows\System\ZEMHxCH.exe

C:\Windows\System\ZEMHxCH.exe

C:\Windows\System\liXTCPX.exe

C:\Windows\System\liXTCPX.exe

C:\Windows\System\osqibPl.exe

C:\Windows\System\osqibPl.exe

C:\Windows\System\ksqCqQE.exe

C:\Windows\System\ksqCqQE.exe

C:\Windows\System\aRRQJmo.exe

C:\Windows\System\aRRQJmo.exe

C:\Windows\System\LksMfMh.exe

C:\Windows\System\LksMfMh.exe

C:\Windows\System\VrhUpRI.exe

C:\Windows\System\VrhUpRI.exe

C:\Windows\System\qiwKSyf.exe

C:\Windows\System\qiwKSyf.exe

C:\Windows\System\xoKJlMP.exe

C:\Windows\System\xoKJlMP.exe

C:\Windows\System\SMnGGSj.exe

C:\Windows\System\SMnGGSj.exe

C:\Windows\System\PRzfkGk.exe

C:\Windows\System\PRzfkGk.exe

C:\Windows\System\iUVuvwK.exe

C:\Windows\System\iUVuvwK.exe

C:\Windows\System\jTPERGi.exe

C:\Windows\System\jTPERGi.exe

C:\Windows\System\iClhSHC.exe

C:\Windows\System\iClhSHC.exe

C:\Windows\System\ucBeWcG.exe

C:\Windows\System\ucBeWcG.exe

C:\Windows\System\wJDJFZB.exe

C:\Windows\System\wJDJFZB.exe

C:\Windows\System\NNzECXy.exe

C:\Windows\System\NNzECXy.exe

C:\Windows\System\vXTWmEp.exe

C:\Windows\System\vXTWmEp.exe

C:\Windows\System\uVOXDlZ.exe

C:\Windows\System\uVOXDlZ.exe

C:\Windows\System\LhlhBQv.exe

C:\Windows\System\LhlhBQv.exe

C:\Windows\System\RfQgUgB.exe

C:\Windows\System\RfQgUgB.exe

C:\Windows\System\jwmeaBj.exe

C:\Windows\System\jwmeaBj.exe

C:\Windows\System\yxJCakr.exe

C:\Windows\System\yxJCakr.exe

C:\Windows\System\wfGHzyM.exe

C:\Windows\System\wfGHzyM.exe

C:\Windows\System\EtYsFhK.exe

C:\Windows\System\EtYsFhK.exe

C:\Windows\System\hvpsJcz.exe

C:\Windows\System\hvpsJcz.exe

C:\Windows\System\gLAISuZ.exe

C:\Windows\System\gLAISuZ.exe

C:\Windows\System\rnhqxDc.exe

C:\Windows\System\rnhqxDc.exe

C:\Windows\System\WEqcjfW.exe

C:\Windows\System\WEqcjfW.exe

C:\Windows\System\BCswvLe.exe

C:\Windows\System\BCswvLe.exe

C:\Windows\System\dBnjjgf.exe

C:\Windows\System\dBnjjgf.exe

C:\Windows\System\RmHHNSB.exe

C:\Windows\System\RmHHNSB.exe

C:\Windows\System\bGZgdWD.exe

C:\Windows\System\bGZgdWD.exe

C:\Windows\System\uiUeMTN.exe

C:\Windows\System\uiUeMTN.exe

C:\Windows\System\ZgtgwDP.exe

C:\Windows\System\ZgtgwDP.exe

C:\Windows\System\HEJXvKp.exe

C:\Windows\System\HEJXvKp.exe

C:\Windows\System\YCwEQaG.exe

C:\Windows\System\YCwEQaG.exe

C:\Windows\System\yUWVfWr.exe

C:\Windows\System\yUWVfWr.exe

C:\Windows\System\QwOGtbR.exe

C:\Windows\System\QwOGtbR.exe

C:\Windows\System\nLKGVvI.exe

C:\Windows\System\nLKGVvI.exe

C:\Windows\System\tKMTiIX.exe

C:\Windows\System\tKMTiIX.exe

C:\Windows\System\VAIVlPC.exe

C:\Windows\System\VAIVlPC.exe

C:\Windows\System\SQeXAYt.exe

C:\Windows\System\SQeXAYt.exe

C:\Windows\System\XZrtnwG.exe

C:\Windows\System\XZrtnwG.exe

C:\Windows\System\gPTPyqv.exe

C:\Windows\System\gPTPyqv.exe

C:\Windows\System\XenKeZa.exe

C:\Windows\System\XenKeZa.exe

C:\Windows\System\dhYcnEK.exe

C:\Windows\System\dhYcnEK.exe

C:\Windows\System\xLsyfvf.exe

C:\Windows\System\xLsyfvf.exe

C:\Windows\System\rlECOQv.exe

C:\Windows\System\rlECOQv.exe

C:\Windows\System\kYXScHP.exe

C:\Windows\System\kYXScHP.exe

C:\Windows\System\MfpEcMQ.exe

C:\Windows\System\MfpEcMQ.exe

C:\Windows\System\DngRIfI.exe

C:\Windows\System\DngRIfI.exe

C:\Windows\System\IDofDxD.exe

C:\Windows\System\IDofDxD.exe

C:\Windows\System\tKiEhsw.exe

C:\Windows\System\tKiEhsw.exe

C:\Windows\System\ZYIfSPK.exe

C:\Windows\System\ZYIfSPK.exe

C:\Windows\System\lAOVKep.exe

C:\Windows\System\lAOVKep.exe

C:\Windows\System\qJDPLqs.exe

C:\Windows\System\qJDPLqs.exe

C:\Windows\System\XHWfffP.exe

C:\Windows\System\XHWfffP.exe

C:\Windows\System\wZADXKs.exe

C:\Windows\System\wZADXKs.exe

C:\Windows\System\HoqOCWA.exe

C:\Windows\System\HoqOCWA.exe

C:\Windows\System\agXkbZN.exe

C:\Windows\System\agXkbZN.exe

C:\Windows\System\ghYvtPl.exe

C:\Windows\System\ghYvtPl.exe

C:\Windows\System\TQLIHlo.exe

C:\Windows\System\TQLIHlo.exe

C:\Windows\System\dVhEQOS.exe

C:\Windows\System\dVhEQOS.exe

C:\Windows\System\ETsykrR.exe

C:\Windows\System\ETsykrR.exe

C:\Windows\System\HmobJTi.exe

C:\Windows\System\HmobJTi.exe

C:\Windows\System\lbgaukw.exe

C:\Windows\System\lbgaukw.exe

C:\Windows\System\SpdygBn.exe

C:\Windows\System\SpdygBn.exe

C:\Windows\System\XsdwCzV.exe

C:\Windows\System\XsdwCzV.exe

C:\Windows\System\XqsagQD.exe

C:\Windows\System\XqsagQD.exe

C:\Windows\System\MJcbWWQ.exe

C:\Windows\System\MJcbWWQ.exe

C:\Windows\System\RxjUkyS.exe

C:\Windows\System\RxjUkyS.exe

C:\Windows\System\bwLSLkH.exe

C:\Windows\System\bwLSLkH.exe

C:\Windows\System\kHosoHK.exe

C:\Windows\System\kHosoHK.exe

C:\Windows\System\QzzJvXG.exe

C:\Windows\System\QzzJvXG.exe

C:\Windows\System\iiVTvxA.exe

C:\Windows\System\iiVTvxA.exe

C:\Windows\System\DeVKcNr.exe

C:\Windows\System\DeVKcNr.exe

C:\Windows\System\AHwilJU.exe

C:\Windows\System\AHwilJU.exe

C:\Windows\System\cAyWmGa.exe

C:\Windows\System\cAyWmGa.exe

C:\Windows\System\MoyXNTg.exe

C:\Windows\System\MoyXNTg.exe

C:\Windows\System\ufgUnUP.exe

C:\Windows\System\ufgUnUP.exe

C:\Windows\System\pXomopl.exe

C:\Windows\System\pXomopl.exe

C:\Windows\System\nJKspiQ.exe

C:\Windows\System\nJKspiQ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1700-0-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/1700-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\cXnCQor.exe

MD5 9928d00892df1f166526e768daafcb74
SHA1 543229b7b4df6ed4038bf7d5d151dd4b2134a504
SHA256 d659f930a7c997ad0936c1242ac5c2d32c5011cd4741e3fdc1819f395052fc98
SHA512 6b42d797ef75bdb2f954af1082141e997d9b8633017448d08e649ddd1f0af20d203b0bb0f39174d95ae6df57e63484d6d20d13f3ae36de2d4124497a1701f5c0

memory/1700-8-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2176-9-0x000000013F790000-0x000000013FAE4000-memory.dmp

C:\Windows\system\IHTKaEo.exe

MD5 d4d708c2893acfddebf69fa5bb094056
SHA1 878ac1ada2eb4089de43b59bdf2676fd3b58255c
SHA256 0d20cbb38d9755f69d90167e1d48c532b544474ae5fae82d13b4f455638c1b8b
SHA512 e89d8415c55d620e501522e3c36d86145f7ab6065e2b63ecc11f82774b76550a74b2eed063c06905a142cf13d00551a1e8951ecda74a3ac354f72c710face493

memory/2552-16-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/1700-15-0x000000013F840000-0x000000013FB94000-memory.dmp

C:\Windows\system\nxdRXWl.exe

MD5 e2ee9e5f98c095bf887bc68395291c73
SHA1 e28e091c036ff7cc76db25bda84dbfb1d4161005
SHA256 db96103ed2d81012e895cc95bb99b3b0d68fa88b360daa08fbee0cec29cb193e
SHA512 cb132dad08279a6715c194af8deee1510dd08cb6ecc9f97102c9f5a10431ea37bc9044677296ffcd8a9219f8b5a1227f1bf2a0922d10e866a66405d7db33576c

memory/2820-28-0x000000013FD20000-0x0000000140074000-memory.dmp

C:\Windows\system\jzXoKWm.exe

MD5 7c81f0939c88143f581b9677a68d399e
SHA1 88f04fac1a46fe8f003ffbfccc256c0af16b48b2
SHA256 ee8c150782c58fd2eb7823c360a0dca8d8ce3c7ec3e11485faf2acdf76d81835
SHA512 d69c690a7d5a396c3bba6d2909538fd397f6ddde4d1f64512ea5f080cfa7eb8b06ee656433fb412b1369c88ea7f4cc6c9cc5a50201bccb959455cd70b820c854

memory/2660-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2584-42-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/1700-37-0x000000013F520000-0x000000013F874000-memory.dmp

C:\Windows\system\fgtPGfp.exe

MD5 b59652a5d566618e3f78efcab1ca363b
SHA1 afbe0b4a1346445dabf575232f501a66e78591a8
SHA256 b054c854dece30ca4737fccb6ddb12233e8e409c1ed55f457c2e7c42b2ef3662
SHA512 c3f8dca84ca280fdc3a2e0fcd42f87886505df0652b0f46a31b4d1bbe411d24ce91e7dfd7f83d883b9f9df3742921278252b4a4957a64e06c41da72ad2c35a81

memory/2788-51-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/1700-49-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2676-48-0x000000013F520000-0x000000013F874000-memory.dmp

memory/1700-46-0x00000000020A0000-0x00000000023F4000-memory.dmp

C:\Windows\system\KEdAYIR.exe

MD5 eb6087c950b59286be8382a1aa70341b
SHA1 da60480a73e8d02f5929f06fc50dc2b6aa84c941
SHA256 f32aa5ba11f9623fa050386dc21d516a1ca2b0e3543d3008b24548b6a37bc580
SHA512 6f9a07e66a28bbd6cbda68bb46d349935b3bd90a5cdf98643db78e7abf3d43368204ead05400bdb44826b54ce3d8f88a312f7ab3e22267f28309fe79f2535f2e

C:\Windows\system\WScrSfq.exe

MD5 f8b6180e0ecadd1af7742dac98a2d220
SHA1 3833d5cb53f9bd05b133650680e76f9cf7c8db9b
SHA256 d20c8d2d7ff754cb7a192c739d48ffb55778054aff8a804e50c687272f157961
SHA512 cab09b663f6dae3036d93df714e5cd01454b26e21f55a022336a51c756f37d45b8072f13dfbf60aed61c11cf8b78688f699d8b3c68d035dc55d7f0d7497627e3

memory/1700-33-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1700-24-0x000000013FD20000-0x0000000140074000-memory.dmp

C:\Windows\system\pesHZIH.exe

MD5 0d968babaf090378fd29012fe2ee3183
SHA1 44cfa627f32d5bdafce572632ce8014aec6d512b
SHA256 4660efd32812c505d96e56c75fb790aabb80e4cda3dfd307642d486d41cc1d47
SHA512 0fc38b795c222f6d873f0186e05b52963cb87fcc077bd6c01c50676086405c44773811dc2fab605c9fb55c21033a936ead9b6a46075b5d9c8d47b16e32693dc7

\Windows\system\bTtwqzd.exe

MD5 94453a6500a2e0a5345584e2975c48fd
SHA1 783eaeec8c5c1f877fb493c8bcde27599989c69e
SHA256 8246cae32c77e16e1ce675bb761f06f5cb15497758ee53f0d1466527e84c5d9d
SHA512 108b99670cbbd7cd0b5b663f9f892162fbb27a88290f202e0f6ff0d0e049d200718ffb917a9416fc4b02b08f06a748b8cfdfec64b232e9c83602404916181564

memory/1700-90-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2900-92-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/1700-91-0x000000013F4F0000-0x000000013F844000-memory.dmp

C:\Windows\system\RhQWHMt.exe

MD5 77e72a6392b2724d0e21117ebbeb3029
SHA1 10ebcc99d3c7c7d11b0c6ab8570b6083f55dc0b7
SHA256 ebdccc8a966b0c7ba0f05d325d6194cc19909464f3fea1a8fd1f1238f0253799
SHA512 97bab794f64289905abe46173ec7c663abe3c89b646f4fdbcdef250367feefde8b5a76cc69c1ed7cc2f484d07a976aab2ee12844d2b0e87d255c5b59ff1cba31

memory/2744-94-0x000000013F4F0000-0x000000013F844000-memory.dmp

\Windows\system\cZDPRNd.exe

MD5 0360820c7b1c762e7b8aeb5202242ee9
SHA1 3b2d0cb156666727b39b881e00792f8098eaa33c
SHA256 96c7795e830c3fa0b1002d9851e9e07b54debcdc377a8d099f7cedb9c95c8383
SHA512 e5d8951dc9f0bbd565d7f297b5740637a070248d2c1ac2915624684ef0d892d90cffeff78ef47899e413403d5554329e3b27eaae1590174ea53ec9af626498db

C:\Windows\system\QprdLSw.exe

MD5 c13b61574617cb0a6932d91acf86ddfc
SHA1 51d7c98f79d6a126f6bbf0061a5899642c35e57a
SHA256 f2c2fa649d2e2537810fac7d5a93507555110fa21b0f1f1aff1270e3d5f46f3d
SHA512 0eda6d1b2d09269f0b36885cf8b909202e7f8fd62f82853cbb714dc40952876dbadcf4cd24a2423b54c14ad003264aaf263e685c3a5aa1ed1e4ca10610eff06f

memory/2488-89-0x000000013F610000-0x000000013F964000-memory.dmp

memory/1700-86-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/1700-84-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\LvXrKvK.exe

MD5 150d0d158a06dc2a19525ff0fa0d124b
SHA1 4c646893036680e8f21383430d7d44ce1077ac21
SHA256 d098800fbad1f30a673bb7dc7fc3f95c5642e6834e30f2d5a794ca350309361f
SHA512 01e1aaaaf288beac42ac3f8d3c7faf5c8ba506a138f6d4d0035971258c3b4334afeaa45c94d36f496fb7aceffb5ec35adf5c59a6cf00989c8ee8d85b15a5490e

C:\Windows\system\znrcWVN.exe

MD5 bc8d019be97f45075a421529732bce5d
SHA1 3a00fa405e7a1163aa87ce57d8135d53d18e48d2
SHA256 35ee0634f642ada934e5fba04ecb66e8743890767580a449a6f67e959a78a04f
SHA512 8a3d000d39e1fc6aaa4b0437095147d91df8ea97a4e45402285cafe76265680893467b023f9dfc3a2dcfc3962a1fe41620c50daadc15230a12ed85fd15d2e234

memory/2624-73-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1700-68-0x000000013F890000-0x000000013FBE4000-memory.dmp

C:\Windows\system\xrHGTGz.exe

MD5 dbb8671d471db4a7a113d4688f9f35f5
SHA1 669ed14b2bdc04ada2fd6773a01aa6187550269f
SHA256 19f058603bc77a7d3a936c1e3e2a916d97380a18d5a545b84c487ad6c6468bf9
SHA512 acb4ba3e08974df865250a8112807f0e984066b29e75bd24428418c46d78b772ab260aedc32e413cac8e487a6b35753fd68a5867048b53f6c2c47000efda5c8a

\Windows\system\iKbthZu.exe

MD5 3a3decf5823435352c9c85fd7d0cfac0
SHA1 81d8f324a810198f9ae80941ab4bc579c6fe50a9
SHA256 27f1673287786a9497a486ad6ed0d57e9429b5fc70f017a1fdea638bee1d3458
SHA512 50dfe9894a4cb201c6e3d0f4a2abda09e29054276a5b63fa684783f996ea44b9c7c1ea91572ab9f3f4330f4fcc798515096d4b729d2458e4a1b49e2928b90f2a

C:\Windows\system\OLmZyKI.exe

MD5 1edf4901dfc2d799af88f6337e6e200f
SHA1 a47557542a904a11bcc0615ae3e3ee28b0e47f8c
SHA256 8a8d53c47d9875a612eb1b6a010d420e286872e845f1868ee102347fcf407ac5
SHA512 a3632bf4db958f6b2601c98ec8494b69a842dcd31980745623bd99f7e9f2dc04cf9634c9b43db57aa8ba7ea5835bd5bcc0e0376fccc3cb6e273509b25a534e3f

memory/1700-118-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2580-122-0x000000013FFC0000-0x0000000140314000-memory.dmp

C:\Windows\system\STXANUw.exe

MD5 59989e0a73f90bfc6deceb1ca33f15d5
SHA1 ee616223168fada8f9969fac79f8ed135ae4e694
SHA256 39ec8fb83e1e4567ade350137ff2efc22689c4ad91fdfd4944d307d0105a670e
SHA512 f37a034361fb358e4eb6c45931d4accd8a891d421be9ae1928aca4da52df10a1f3aa6d80717537cb64dce74003edb825adcf7281ee893b64c0fb5f8753c20cf8

memory/2224-126-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1700-125-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1700-124-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/1700-123-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2700-109-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/1700-107-0x000000013FD20000-0x0000000140074000-memory.dmp

C:\Windows\system\YNGLBeG.exe

MD5 bcafd3297066c8ba55d0fd1246b1b05d
SHA1 e4de11d52d2d6d5271fb4d26881db0af5b4bf57c
SHA256 c3536215900db05cd125843475d5f287deb62935af437b2b3952fa256b875a9e
SHA512 412dcc47396094f7edd21d2789f3c85b44412b9d433598b84b58f65e43143fbf33d0ea495f63a298458c67a0839b4faf0a7fdd52b529fe2408c75107093b4664

C:\Windows\system\dorVUxM.exe

MD5 51f977c9ea75517873cb9226aac06aef
SHA1 15130c768cd413c7ef405939265a48e6970b7e5b
SHA256 67141ac81d1c5dce1ff69997c0442946571e6a85b8f6c2e685b659a701f5cafc
SHA512 19a7f4af3e9c7e3feaab0c6925b351d979556fdd11de903fa0f09b092524063c28f2009905292dbce9cd4410ae9f401d9f1992d19701b57857642d884a8e4fdf

memory/1700-873-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/2820-1073-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/1700-1072-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/1700-1074-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1700-1075-0x000000013F520000-0x000000013F874000-memory.dmp

C:\Windows\system\GMuQlCw.exe

MD5 e4ff05086bc6390a7c03c74893687a74
SHA1 071c86f925b69e18dbc039490b279603066875c9
SHA256 7300962d2f75eb977b280283fb61868e2591a5f17eb002426d524b35888b0a9a
SHA512 72055ab1e7780878286e09bdefe67fa8b996ccb585c4a3c2c0955f70912b6d6795f6bbeb7f4a9fb60e36ea17f2d9890d68f94251f6a832ef016fd2ae4cb9608c

C:\Windows\system\UvCAkUp.exe

MD5 c3bca4492c0639d26a6d72989d4728db
SHA1 572df0bec16a12d60d9129db5b9e51baacdc3d44
SHA256 51ee4c6a9f5691559e9cd797b60db647b716d27c675aa40ca0b5daf0b5c3171b
SHA512 d0128022ef984c2227f1fb8b9bbb4171ece5905fc8b3f09a99f5b7a68554a41278bc76d25acb3836d8fa29bfe3db890fcb3f9f1a7c8e13b908d417dffedc6478

C:\Windows\system\EzOFRVi.exe

MD5 0cab3d1bfa0352eb9bb0c992d33cad0b
SHA1 05beba5deb0655d1d08afd8cb624506e5099704b
SHA256 fd5a09a9d808308f6a14586ff2cc31b0e15fea4e5bfdd511d4a89dcf4b8b8a9d
SHA512 76bd4bc0eafac093565e46520eedd5da1eef66eadd358d537b40bc3bdab0846c3275d0095bc94974b766d2f81e3e9d0a6e9ebe6b9d0f3ae1a93b8c79e9346e83

C:\Windows\system\xPIPICL.exe

MD5 da9b1961afc0f9d97a3190c868ae196b
SHA1 85b65e29def2562009f774c80c5f43a71526fb56
SHA256 e384864e43ba9c5cfa62795eb09c4556ab7b4b37d964a91f0afe7778695dee97
SHA512 0f0f9c863c04034af44302387dbbe5f96f6becd080b0bbac8dc57da890ccf41c813b5372b339b6e8ecd3815c5362687460ddad4a2166961d7e5abc46a2fbdb5a

C:\Windows\system\FzPRWkU.exe

MD5 636651564eedc6a29883d34e07cc4dd9
SHA1 22c6af9184ec6c81ee88bb28f4ae233afc25c413
SHA256 18134088ff06e396c79b02f5dea716188b5f13afb106a0bfe97bda8fa86587a9
SHA512 a14eade81e5ec0ba334f45346bd0dfa4beb1b0e91182470d71ff3bce873450368481b01ddf17e7c028522058ea9a2475696a9ca66829369b3400777488235fa8

C:\Windows\system\JUGdTSR.exe

MD5 309aa3caeab8218383385acb305ebdaf
SHA1 499cd42d27af46514d09325b4128109ad3baa632
SHA256 123e869c5068b1b3800a9c34091956c53420453ac8b21480075f7359abf66982
SHA512 27978f3d3f04dbb2e655d80ad90187f05f7deb3ac28ce42dfd32fde5b767881f249f9c6a8ac4d5e311819fcea129fcb53911e86ca2fd0abd72ad424ebffebb3e

C:\Windows\system\MApfEDb.exe

MD5 626cbee201d7a49d3f34b3d10c9682bf
SHA1 d45e7ec2183fcd8bcfcbce21b809dbb4a9d37933
SHA256 0b5206eae4109b62f666682999643751abce3f51d43ef203057ceb55047417a6
SHA512 93e4fc7bb14300b9fad53a7b123b6a6188aef7a226523383bb096dc13834ef76909c856546ceca8d6e5bf91b6227aaddb964c9e7bc748cfe5bf21cf8223b0084

C:\Windows\system\AfYSChl.exe

MD5 5e8978cb4a428f3a357acaaa9c0943b7
SHA1 ad91aa08411e6f0bcd2f146413f51039c8a42ec3
SHA256 2db36a56a35952bb676174a625dadc9fc6339613cf9e85ec83612ef289cb069e
SHA512 6039c2e482789b71ee6040e1f16ccfd390d22b6c61b14342919e51cac91f4c579e30f0487678a6c7c48306456d4be8dd8cc28766fadd129b89da308c044b94ca

C:\Windows\system\UTzpDLh.exe

MD5 efb52b26919f50107a33d8f6e05396bd
SHA1 e751a2c81a428f23f750f8c801b13dd5a2fe46bb
SHA256 fca559d3092c9b48d0a3d729d53a5e7f15ac7e449a1e036b60c20b893b16d9b5
SHA512 fea0c13241ace7eb4e0cbf0b81613084d2781d27972b934494e54aa8050af32c3cf84e3bd6e27baab87b33c032cba2c48f39233eb4fa3cb553e1201e1310f7af

C:\Windows\system\oxmXNWc.exe

MD5 313ccaaeeed493fa09e81e8c2152110a
SHA1 d3a81bba8524b113bd93d9475e9384d3110f76cd
SHA256 a88d00d9ebe3b446dc01f16e6051e0943168806815132af8d394b6d99929e0ad
SHA512 801e764ecd02b5d57196a6a12e27718b937461fabea7fe699df46005e1242076c6e97fb69da269137a797e36c3ffc4683faa5c7c30bc87e8d07706ec9699489e

C:\Windows\system\aDAIwax.exe

MD5 9bfb715a19ee81576b8dc0b84930b886
SHA1 6560f4cfe9cf4893f17a7c4b51a836565a961556
SHA256 cd5d85f0c6b224259d136cef23c57cff534ee3d4bffda04c4c55127bf3731b52
SHA512 0e4396bbef8ebb6d9c874cf7908f87ebb15ec4d0eca28a59b6a5b5b5ef7f73fe00c136726864cb8419c26751798b854b0d9c22672b9061e28a4a3cedd8bb42bb

C:\Windows\system\oLjSbRZ.exe

MD5 5c392cf6686ea994bdef4c369aa56112
SHA1 f03b82a53323ddd50688c5e8e797ba9dd97511d6
SHA256 937889e8d42e17328fc3ebf3f811713beb8fbf5dc91e242613e5f30ed96b1867
SHA512 9b82ab231a4ff5ffd9b3d7588947c8c6478eb436c50a60a34b2f04a91925d9547125eec73ed25ae68f61fa674bac41519ec60a875a4eefad83d3544d2320ec18

memory/1700-1076-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/1700-1077-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2788-1078-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/1700-1079-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1700-1080-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/2176-1081-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2552-1082-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2820-1083-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/2584-1085-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2676-1084-0x000000013F520000-0x000000013F874000-memory.dmp

memory/2660-1086-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2788-1087-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2624-1088-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2700-1089-0x000000013FD20000-0x0000000140074000-memory.dmp

memory/2488-1090-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2744-1092-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2580-1091-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/2900-1093-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2224-1094-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 05:05

Reported

2024-06-08 05:08

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fHPhaPk.exe N/A
N/A N/A C:\Windows\System\cqNKcod.exe N/A
N/A N/A C:\Windows\System\OoNwooo.exe N/A
N/A N/A C:\Windows\System\JGByfyg.exe N/A
N/A N/A C:\Windows\System\anauthL.exe N/A
N/A N/A C:\Windows\System\gcHfgMC.exe N/A
N/A N/A C:\Windows\System\oRjzzVq.exe N/A
N/A N/A C:\Windows\System\HtdLWTk.exe N/A
N/A N/A C:\Windows\System\zbzWAgB.exe N/A
N/A N/A C:\Windows\System\ntKEADG.exe N/A
N/A N/A C:\Windows\System\mJXuyNr.exe N/A
N/A N/A C:\Windows\System\zNnSKwv.exe N/A
N/A N/A C:\Windows\System\PpgibSf.exe N/A
N/A N/A C:\Windows\System\fIdWQag.exe N/A
N/A N/A C:\Windows\System\bxoMMTN.exe N/A
N/A N/A C:\Windows\System\FqPeiBc.exe N/A
N/A N/A C:\Windows\System\fLsIUfn.exe N/A
N/A N/A C:\Windows\System\fGFtppz.exe N/A
N/A N/A C:\Windows\System\LtXNEmN.exe N/A
N/A N/A C:\Windows\System\nFnppaD.exe N/A
N/A N/A C:\Windows\System\mxIfDlW.exe N/A
N/A N/A C:\Windows\System\fjBxXPU.exe N/A
N/A N/A C:\Windows\System\WFKzIEQ.exe N/A
N/A N/A C:\Windows\System\ZYwkmMR.exe N/A
N/A N/A C:\Windows\System\TfRPBIF.exe N/A
N/A N/A C:\Windows\System\iNfUllT.exe N/A
N/A N/A C:\Windows\System\IRkqizE.exe N/A
N/A N/A C:\Windows\System\ReaLGAq.exe N/A
N/A N/A C:\Windows\System\CUTqEtv.exe N/A
N/A N/A C:\Windows\System\ExkGGOX.exe N/A
N/A N/A C:\Windows\System\swqmZSh.exe N/A
N/A N/A C:\Windows\System\AWqyntg.exe N/A
N/A N/A C:\Windows\System\mkfnXuf.exe N/A
N/A N/A C:\Windows\System\sFmqHBH.exe N/A
N/A N/A C:\Windows\System\BGlnoWA.exe N/A
N/A N/A C:\Windows\System\osuVtYi.exe N/A
N/A N/A C:\Windows\System\jmbZLko.exe N/A
N/A N/A C:\Windows\System\glsSAve.exe N/A
N/A N/A C:\Windows\System\fEEcWBT.exe N/A
N/A N/A C:\Windows\System\UfbpISP.exe N/A
N/A N/A C:\Windows\System\ivqqRiN.exe N/A
N/A N/A C:\Windows\System\TrkPRJn.exe N/A
N/A N/A C:\Windows\System\JedQYoY.exe N/A
N/A N/A C:\Windows\System\vapnAVT.exe N/A
N/A N/A C:\Windows\System\IeQUMYS.exe N/A
N/A N/A C:\Windows\System\hBXjyjF.exe N/A
N/A N/A C:\Windows\System\PkmuKUw.exe N/A
N/A N/A C:\Windows\System\DpFLDCJ.exe N/A
N/A N/A C:\Windows\System\PiqVubi.exe N/A
N/A N/A C:\Windows\System\hqblaIE.exe N/A
N/A N/A C:\Windows\System\BZYGYGA.exe N/A
N/A N/A C:\Windows\System\qSbwiXK.exe N/A
N/A N/A C:\Windows\System\mhayRfa.exe N/A
N/A N/A C:\Windows\System\sKgLJnv.exe N/A
N/A N/A C:\Windows\System\tmrAEWf.exe N/A
N/A N/A C:\Windows\System\gzHiugO.exe N/A
N/A N/A C:\Windows\System\YYOZRVt.exe N/A
N/A N/A C:\Windows\System\hTVZZGb.exe N/A
N/A N/A C:\Windows\System\yqPTzhP.exe N/A
N/A N/A C:\Windows\System\jUeFrea.exe N/A
N/A N/A C:\Windows\System\WOnZrYn.exe N/A
N/A N/A C:\Windows\System\CDaHsoL.exe N/A
N/A N/A C:\Windows\System\zeZnBtE.exe N/A
N/A N/A C:\Windows\System\ZNZGLzs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\hUMxDSI.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCbHtKZ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\IfnbrTB.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObLEtkf.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkfnXuf.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivqqRiN.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\xopzolL.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\crremuP.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMXlqaX.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\BbpVBPQ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhunyKH.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKDNVQo.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOWfzAJ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLbwtVJ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\btzUDrt.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaTjXqH.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMIcpJv.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbCeFad.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCfAjid.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\mDEXRWa.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNsyAZe.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUDSsmn.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEvDKks.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkcAGSJ.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\uJGwGJi.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBbtqSi.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlefJol.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANuozSU.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPlveBg.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbUmQzB.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fIdWQag.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLsIUfn.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxIfDlW.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqPTzhP.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\aWNauBA.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTSjnJc.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfbpISP.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNZGLzs.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxjGwjK.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzaxPsc.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPyWXYo.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\gEIunSb.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqPeiBc.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTVZZGb.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFSHClX.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\CvNRlEm.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXhAgaB.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\oboNvBs.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\glsSAve.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\yeUvbsH.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCvuODb.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpxnQyj.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrKxmcU.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdDlKQn.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNIjhSb.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\fzGnlGM.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSgPavm.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\xLtBlTD.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOLTCny.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZYGYGA.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\SdfMhuj.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\aVfBnuP.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBEpQKl.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlTQyFN.exe C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fHPhaPk.exe
PID 2664 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fHPhaPk.exe
PID 2664 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cqNKcod.exe
PID 2664 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\cqNKcod.exe
PID 2664 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\OoNwooo.exe
PID 2664 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\OoNwooo.exe
PID 2664 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\JGByfyg.exe
PID 2664 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\JGByfyg.exe
PID 2664 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\anauthL.exe
PID 2664 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\anauthL.exe
PID 2664 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\gcHfgMC.exe
PID 2664 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\gcHfgMC.exe
PID 2664 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oRjzzVq.exe
PID 2664 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\oRjzzVq.exe
PID 2664 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\HtdLWTk.exe
PID 2664 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\HtdLWTk.exe
PID 2664 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\zbzWAgB.exe
PID 2664 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\zbzWAgB.exe
PID 2664 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ntKEADG.exe
PID 2664 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ntKEADG.exe
PID 2664 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\mJXuyNr.exe
PID 2664 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\mJXuyNr.exe
PID 2664 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\zNnSKwv.exe
PID 2664 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\zNnSKwv.exe
PID 2664 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\PpgibSf.exe
PID 2664 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\PpgibSf.exe
PID 2664 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fIdWQag.exe
PID 2664 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fIdWQag.exe
PID 2664 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\bxoMMTN.exe
PID 2664 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\bxoMMTN.exe
PID 2664 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\FqPeiBc.exe
PID 2664 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\FqPeiBc.exe
PID 2664 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fLsIUfn.exe
PID 2664 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fLsIUfn.exe
PID 2664 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fGFtppz.exe
PID 2664 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fGFtppz.exe
PID 2664 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\LtXNEmN.exe
PID 2664 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\LtXNEmN.exe
PID 2664 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\nFnppaD.exe
PID 2664 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\nFnppaD.exe
PID 2664 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\mxIfDlW.exe
PID 2664 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\mxIfDlW.exe
PID 2664 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fjBxXPU.exe
PID 2664 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\fjBxXPU.exe
PID 2664 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\WFKzIEQ.exe
PID 2664 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\WFKzIEQ.exe
PID 2664 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ZYwkmMR.exe
PID 2664 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ZYwkmMR.exe
PID 2664 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\TfRPBIF.exe
PID 2664 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\TfRPBIF.exe
PID 2664 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\iNfUllT.exe
PID 2664 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\iNfUllT.exe
PID 2664 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\IRkqizE.exe
PID 2664 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\IRkqizE.exe
PID 2664 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ReaLGAq.exe
PID 2664 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ReaLGAq.exe
PID 2664 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\CUTqEtv.exe
PID 2664 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\CUTqEtv.exe
PID 2664 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ExkGGOX.exe
PID 2664 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\ExkGGOX.exe
PID 2664 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\swqmZSh.exe
PID 2664 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\swqmZSh.exe
PID 2664 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\AWqyntg.exe
PID 2664 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe C:\Windows\System\AWqyntg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e5fd29783934d8ecccb929aca7b2090_NeikiAnalytics.exe"

C:\Windows\System\fHPhaPk.exe

C:\Windows\System\fHPhaPk.exe

C:\Windows\System\cqNKcod.exe

C:\Windows\System\cqNKcod.exe

C:\Windows\System\OoNwooo.exe

C:\Windows\System\OoNwooo.exe

C:\Windows\System\JGByfyg.exe

C:\Windows\System\JGByfyg.exe

C:\Windows\System\anauthL.exe

C:\Windows\System\anauthL.exe

C:\Windows\System\gcHfgMC.exe

C:\Windows\System\gcHfgMC.exe

C:\Windows\System\oRjzzVq.exe

C:\Windows\System\oRjzzVq.exe

C:\Windows\System\HtdLWTk.exe

C:\Windows\System\HtdLWTk.exe

C:\Windows\System\zbzWAgB.exe

C:\Windows\System\zbzWAgB.exe

C:\Windows\System\ntKEADG.exe

C:\Windows\System\ntKEADG.exe

C:\Windows\System\mJXuyNr.exe

C:\Windows\System\mJXuyNr.exe

C:\Windows\System\zNnSKwv.exe

C:\Windows\System\zNnSKwv.exe

C:\Windows\System\PpgibSf.exe

C:\Windows\System\PpgibSf.exe

C:\Windows\System\fIdWQag.exe

C:\Windows\System\fIdWQag.exe

C:\Windows\System\bxoMMTN.exe

C:\Windows\System\bxoMMTN.exe

C:\Windows\System\FqPeiBc.exe

C:\Windows\System\FqPeiBc.exe

C:\Windows\System\fLsIUfn.exe

C:\Windows\System\fLsIUfn.exe

C:\Windows\System\fGFtppz.exe

C:\Windows\System\fGFtppz.exe

C:\Windows\System\LtXNEmN.exe

C:\Windows\System\LtXNEmN.exe

C:\Windows\System\nFnppaD.exe

C:\Windows\System\nFnppaD.exe

C:\Windows\System\mxIfDlW.exe

C:\Windows\System\mxIfDlW.exe

C:\Windows\System\fjBxXPU.exe

C:\Windows\System\fjBxXPU.exe

C:\Windows\System\WFKzIEQ.exe

C:\Windows\System\WFKzIEQ.exe

C:\Windows\System\ZYwkmMR.exe

C:\Windows\System\ZYwkmMR.exe

C:\Windows\System\TfRPBIF.exe

C:\Windows\System\TfRPBIF.exe

C:\Windows\System\iNfUllT.exe

C:\Windows\System\iNfUllT.exe

C:\Windows\System\IRkqizE.exe

C:\Windows\System\IRkqizE.exe

C:\Windows\System\ReaLGAq.exe

C:\Windows\System\ReaLGAq.exe

C:\Windows\System\CUTqEtv.exe

C:\Windows\System\CUTqEtv.exe

C:\Windows\System\ExkGGOX.exe

C:\Windows\System\ExkGGOX.exe

C:\Windows\System\swqmZSh.exe

C:\Windows\System\swqmZSh.exe

C:\Windows\System\AWqyntg.exe

C:\Windows\System\AWqyntg.exe

C:\Windows\System\mkfnXuf.exe

C:\Windows\System\mkfnXuf.exe

C:\Windows\System\sFmqHBH.exe

C:\Windows\System\sFmqHBH.exe

C:\Windows\System\BGlnoWA.exe

C:\Windows\System\BGlnoWA.exe

C:\Windows\System\osuVtYi.exe

C:\Windows\System\osuVtYi.exe

C:\Windows\System\jmbZLko.exe

C:\Windows\System\jmbZLko.exe

C:\Windows\System\glsSAve.exe

C:\Windows\System\glsSAve.exe

C:\Windows\System\fEEcWBT.exe

C:\Windows\System\fEEcWBT.exe

C:\Windows\System\UfbpISP.exe

C:\Windows\System\UfbpISP.exe

C:\Windows\System\ivqqRiN.exe

C:\Windows\System\ivqqRiN.exe

C:\Windows\System\TrkPRJn.exe

C:\Windows\System\TrkPRJn.exe

C:\Windows\System\JedQYoY.exe

C:\Windows\System\JedQYoY.exe

C:\Windows\System\vapnAVT.exe

C:\Windows\System\vapnAVT.exe

C:\Windows\System\IeQUMYS.exe

C:\Windows\System\IeQUMYS.exe

C:\Windows\System\hBXjyjF.exe

C:\Windows\System\hBXjyjF.exe

C:\Windows\System\PkmuKUw.exe

C:\Windows\System\PkmuKUw.exe

C:\Windows\System\DpFLDCJ.exe

C:\Windows\System\DpFLDCJ.exe

C:\Windows\System\PiqVubi.exe

C:\Windows\System\PiqVubi.exe

C:\Windows\System\hqblaIE.exe

C:\Windows\System\hqblaIE.exe

C:\Windows\System\BZYGYGA.exe

C:\Windows\System\BZYGYGA.exe

C:\Windows\System\qSbwiXK.exe

C:\Windows\System\qSbwiXK.exe

C:\Windows\System\mhayRfa.exe

C:\Windows\System\mhayRfa.exe

C:\Windows\System\sKgLJnv.exe

C:\Windows\System\sKgLJnv.exe

C:\Windows\System\tmrAEWf.exe

C:\Windows\System\tmrAEWf.exe

C:\Windows\System\gzHiugO.exe

C:\Windows\System\gzHiugO.exe

C:\Windows\System\YYOZRVt.exe

C:\Windows\System\YYOZRVt.exe

C:\Windows\System\hTVZZGb.exe

C:\Windows\System\hTVZZGb.exe

C:\Windows\System\yqPTzhP.exe

C:\Windows\System\yqPTzhP.exe

C:\Windows\System\jUeFrea.exe

C:\Windows\System\jUeFrea.exe

C:\Windows\System\WOnZrYn.exe

C:\Windows\System\WOnZrYn.exe

C:\Windows\System\CDaHsoL.exe

C:\Windows\System\CDaHsoL.exe

C:\Windows\System\zeZnBtE.exe

C:\Windows\System\zeZnBtE.exe

C:\Windows\System\ZNZGLzs.exe

C:\Windows\System\ZNZGLzs.exe

C:\Windows\System\hKQsJwX.exe

C:\Windows\System\hKQsJwX.exe

C:\Windows\System\xopzolL.exe

C:\Windows\System\xopzolL.exe

C:\Windows\System\RIWtTaZ.exe

C:\Windows\System\RIWtTaZ.exe

C:\Windows\System\xGTosid.exe

C:\Windows\System\xGTosid.exe

C:\Windows\System\jocQaXJ.exe

C:\Windows\System\jocQaXJ.exe

C:\Windows\System\VoiYpdS.exe

C:\Windows\System\VoiYpdS.exe

C:\Windows\System\NnooOob.exe

C:\Windows\System\NnooOob.exe

C:\Windows\System\QjNzpFx.exe

C:\Windows\System\QjNzpFx.exe

C:\Windows\System\fxjGwjK.exe

C:\Windows\System\fxjGwjK.exe

C:\Windows\System\SdfMhuj.exe

C:\Windows\System\SdfMhuj.exe

C:\Windows\System\gZDeQEa.exe

C:\Windows\System\gZDeQEa.exe

C:\Windows\System\CfupnCD.exe

C:\Windows\System\CfupnCD.exe

C:\Windows\System\ffVxfMJ.exe

C:\Windows\System\ffVxfMJ.exe

C:\Windows\System\lrKxmcU.exe

C:\Windows\System\lrKxmcU.exe

C:\Windows\System\jnbOXep.exe

C:\Windows\System\jnbOXep.exe

C:\Windows\System\jcwKfqV.exe

C:\Windows\System\jcwKfqV.exe

C:\Windows\System\ipCHRZY.exe

C:\Windows\System\ipCHRZY.exe

C:\Windows\System\aVfBnuP.exe

C:\Windows\System\aVfBnuP.exe

C:\Windows\System\yXDwHKK.exe

C:\Windows\System\yXDwHKK.exe

C:\Windows\System\rFZdjBc.exe

C:\Windows\System\rFZdjBc.exe

C:\Windows\System\cSWLetk.exe

C:\Windows\System\cSWLetk.exe

C:\Windows\System\BOWfzAJ.exe

C:\Windows\System\BOWfzAJ.exe

C:\Windows\System\aWNauBA.exe

C:\Windows\System\aWNauBA.exe

C:\Windows\System\gHeTcqQ.exe

C:\Windows\System\gHeTcqQ.exe

C:\Windows\System\hBXJdtV.exe

C:\Windows\System\hBXJdtV.exe

C:\Windows\System\kjTgbIL.exe

C:\Windows\System\kjTgbIL.exe

C:\Windows\System\qEXeryV.exe

C:\Windows\System\qEXeryV.exe

C:\Windows\System\TEvDKks.exe

C:\Windows\System\TEvDKks.exe

C:\Windows\System\IHpoXuj.exe

C:\Windows\System\IHpoXuj.exe

C:\Windows\System\BqESnVC.exe

C:\Windows\System\BqESnVC.exe

C:\Windows\System\LtdQHez.exe

C:\Windows\System\LtdQHez.exe

C:\Windows\System\fLbwtVJ.exe

C:\Windows\System\fLbwtVJ.exe

C:\Windows\System\lWIMUKk.exe

C:\Windows\System\lWIMUKk.exe

C:\Windows\System\rSDuCLT.exe

C:\Windows\System\rSDuCLT.exe

C:\Windows\System\fdDlKQn.exe

C:\Windows\System\fdDlKQn.exe

C:\Windows\System\WikagsM.exe

C:\Windows\System\WikagsM.exe

C:\Windows\System\kJppKgK.exe

C:\Windows\System\kJppKgK.exe

C:\Windows\System\rBoyjTD.exe

C:\Windows\System\rBoyjTD.exe

C:\Windows\System\crremuP.exe

C:\Windows\System\crremuP.exe

C:\Windows\System\fwZgONe.exe

C:\Windows\System\fwZgONe.exe

C:\Windows\System\lupnGWF.exe

C:\Windows\System\lupnGWF.exe

C:\Windows\System\jBEpQKl.exe

C:\Windows\System\jBEpQKl.exe

C:\Windows\System\QEAaQBn.exe

C:\Windows\System\QEAaQBn.exe

C:\Windows\System\qFSHClX.exe

C:\Windows\System\qFSHClX.exe

C:\Windows\System\nAiMbCq.exe

C:\Windows\System\nAiMbCq.exe

C:\Windows\System\ewXboGB.exe

C:\Windows\System\ewXboGB.exe

C:\Windows\System\CmFuUHm.exe

C:\Windows\System\CmFuUHm.exe

C:\Windows\System\WYtBNey.exe

C:\Windows\System\WYtBNey.exe

C:\Windows\System\EnATyFF.exe

C:\Windows\System\EnATyFF.exe

C:\Windows\System\aZBBodK.exe

C:\Windows\System\aZBBodK.exe

C:\Windows\System\nCupeWk.exe

C:\Windows\System\nCupeWk.exe

C:\Windows\System\zsAHXRY.exe

C:\Windows\System\zsAHXRY.exe

C:\Windows\System\ZkcAGSJ.exe

C:\Windows\System\ZkcAGSJ.exe

C:\Windows\System\JMNAwQS.exe

C:\Windows\System\JMNAwQS.exe

C:\Windows\System\tclAzhC.exe

C:\Windows\System\tclAzhC.exe

C:\Windows\System\ZtZtUHX.exe

C:\Windows\System\ZtZtUHX.exe

C:\Windows\System\iCvYlQd.exe

C:\Windows\System\iCvYlQd.exe

C:\Windows\System\UOZsNoM.exe

C:\Windows\System\UOZsNoM.exe

C:\Windows\System\RCtVLup.exe

C:\Windows\System\RCtVLup.exe

C:\Windows\System\JOtaIXQ.exe

C:\Windows\System\JOtaIXQ.exe

C:\Windows\System\uJGwGJi.exe

C:\Windows\System\uJGwGJi.exe

C:\Windows\System\PukwKxd.exe

C:\Windows\System\PukwKxd.exe

C:\Windows\System\nmJwaso.exe

C:\Windows\System\nmJwaso.exe

C:\Windows\System\KgaPgZy.exe

C:\Windows\System\KgaPgZy.exe

C:\Windows\System\CvNRlEm.exe

C:\Windows\System\CvNRlEm.exe

C:\Windows\System\btzUDrt.exe

C:\Windows\System\btzUDrt.exe

C:\Windows\System\SatnYly.exe

C:\Windows\System\SatnYly.exe

C:\Windows\System\gTSjnJc.exe

C:\Windows\System\gTSjnJc.exe

C:\Windows\System\mlRqXiH.exe

C:\Windows\System\mlRqXiH.exe

C:\Windows\System\NSGEjNY.exe

C:\Windows\System\NSGEjNY.exe

C:\Windows\System\SCpnOKL.exe

C:\Windows\System\SCpnOKL.exe

C:\Windows\System\yUnSEBb.exe

C:\Windows\System\yUnSEBb.exe

C:\Windows\System\yBbtqSi.exe

C:\Windows\System\yBbtqSi.exe

C:\Windows\System\qlTQyFN.exe

C:\Windows\System\qlTQyFN.exe

C:\Windows\System\VlefJol.exe

C:\Windows\System\VlefJol.exe

C:\Windows\System\RPhSdTe.exe

C:\Windows\System\RPhSdTe.exe

C:\Windows\System\kMXlqaX.exe

C:\Windows\System\kMXlqaX.exe

C:\Windows\System\KXBpxFL.exe

C:\Windows\System\KXBpxFL.exe

C:\Windows\System\jvKZwBh.exe

C:\Windows\System\jvKZwBh.exe

C:\Windows\System\TgcrDdu.exe

C:\Windows\System\TgcrDdu.exe

C:\Windows\System\hUMxDSI.exe

C:\Windows\System\hUMxDSI.exe

C:\Windows\System\mDvJlIs.exe

C:\Windows\System\mDvJlIs.exe

C:\Windows\System\TUnqmOo.exe

C:\Windows\System\TUnqmOo.exe

C:\Windows\System\ObWzSnb.exe

C:\Windows\System\ObWzSnb.exe

C:\Windows\System\MSgjhmc.exe

C:\Windows\System\MSgjhmc.exe

C:\Windows\System\gaTjsBN.exe

C:\Windows\System\gaTjsBN.exe

C:\Windows\System\motjrNi.exe

C:\Windows\System\motjrNi.exe

C:\Windows\System\wUipxOs.exe

C:\Windows\System\wUipxOs.exe

C:\Windows\System\fzOSqJA.exe

C:\Windows\System\fzOSqJA.exe

C:\Windows\System\YMqckgF.exe

C:\Windows\System\YMqckgF.exe

C:\Windows\System\WNIjhSb.exe

C:\Windows\System\WNIjhSb.exe

C:\Windows\System\YbUmQzB.exe

C:\Windows\System\YbUmQzB.exe

C:\Windows\System\oBqrlYo.exe

C:\Windows\System\oBqrlYo.exe

C:\Windows\System\hJoAGQY.exe

C:\Windows\System\hJoAGQY.exe

C:\Windows\System\hTZnqWc.exe

C:\Windows\System\hTZnqWc.exe

C:\Windows\System\wzMCbLD.exe

C:\Windows\System\wzMCbLD.exe

C:\Windows\System\ANuozSU.exe

C:\Windows\System\ANuozSU.exe

C:\Windows\System\YnnnhuA.exe

C:\Windows\System\YnnnhuA.exe

C:\Windows\System\SjIjQAn.exe

C:\Windows\System\SjIjQAn.exe

C:\Windows\System\TCPwuTt.exe

C:\Windows\System\TCPwuTt.exe

C:\Windows\System\APFRQpQ.exe

C:\Windows\System\APFRQpQ.exe

C:\Windows\System\ZVMtNaa.exe

C:\Windows\System\ZVMtNaa.exe

C:\Windows\System\kaTjXqH.exe

C:\Windows\System\kaTjXqH.exe

C:\Windows\System\cNBkVey.exe

C:\Windows\System\cNBkVey.exe

C:\Windows\System\UCbHtKZ.exe

C:\Windows\System\UCbHtKZ.exe

C:\Windows\System\EBzTDoY.exe

C:\Windows\System\EBzTDoY.exe

C:\Windows\System\hJywfgi.exe

C:\Windows\System\hJywfgi.exe

C:\Windows\System\cNQxBDd.exe

C:\Windows\System\cNQxBDd.exe

C:\Windows\System\DsagPhe.exe

C:\Windows\System\DsagPhe.exe

C:\Windows\System\LMIcpJv.exe

C:\Windows\System\LMIcpJv.exe

C:\Windows\System\MAkNjJe.exe

C:\Windows\System\MAkNjJe.exe

C:\Windows\System\eOEnHDr.exe

C:\Windows\System\eOEnHDr.exe

C:\Windows\System\NgHwXlS.exe

C:\Windows\System\NgHwXlS.exe

C:\Windows\System\yieJafN.exe

C:\Windows\System\yieJafN.exe

C:\Windows\System\fzGnlGM.exe

C:\Windows\System\fzGnlGM.exe

C:\Windows\System\lgaQVTk.exe

C:\Windows\System\lgaQVTk.exe

C:\Windows\System\OyBqmys.exe

C:\Windows\System\OyBqmys.exe

C:\Windows\System\pTbwrAX.exe

C:\Windows\System\pTbwrAX.exe

C:\Windows\System\cSfKQKw.exe

C:\Windows\System\cSfKQKw.exe

C:\Windows\System\VTrctjd.exe

C:\Windows\System\VTrctjd.exe

C:\Windows\System\EZEWwtT.exe

C:\Windows\System\EZEWwtT.exe

C:\Windows\System\kNKiAyt.exe

C:\Windows\System\kNKiAyt.exe

C:\Windows\System\tFlHadP.exe

C:\Windows\System\tFlHadP.exe

C:\Windows\System\CVpGePl.exe

C:\Windows\System\CVpGePl.exe

C:\Windows\System\VGMWYYp.exe

C:\Windows\System\VGMWYYp.exe

C:\Windows\System\PtjLCNu.exe

C:\Windows\System\PtjLCNu.exe

C:\Windows\System\zKiXsni.exe

C:\Windows\System\zKiXsni.exe

C:\Windows\System\nOZHQdx.exe

C:\Windows\System\nOZHQdx.exe

C:\Windows\System\nQvQvXT.exe

C:\Windows\System\nQvQvXT.exe

C:\Windows\System\CtoFSbM.exe

C:\Windows\System\CtoFSbM.exe

C:\Windows\System\YrbMGRE.exe

C:\Windows\System\YrbMGRE.exe

C:\Windows\System\nhdVLsO.exe

C:\Windows\System\nhdVLsO.exe

C:\Windows\System\asRYjWl.exe

C:\Windows\System\asRYjWl.exe

C:\Windows\System\GxGeAQx.exe

C:\Windows\System\GxGeAQx.exe

C:\Windows\System\qSUpZga.exe

C:\Windows\System\qSUpZga.exe

C:\Windows\System\OspKyKp.exe

C:\Windows\System\OspKyKp.exe

C:\Windows\System\sZRSyXx.exe

C:\Windows\System\sZRSyXx.exe

C:\Windows\System\gnxhbyY.exe

C:\Windows\System\gnxhbyY.exe

C:\Windows\System\DsfrCVg.exe

C:\Windows\System\DsfrCVg.exe

C:\Windows\System\vLZyNHz.exe

C:\Windows\System\vLZyNHz.exe

C:\Windows\System\nEZppWW.exe

C:\Windows\System\nEZppWW.exe

C:\Windows\System\HMUEeJg.exe

C:\Windows\System\HMUEeJg.exe

C:\Windows\System\zYBSyyH.exe

C:\Windows\System\zYBSyyH.exe

C:\Windows\System\UAOzDhj.exe

C:\Windows\System\UAOzDhj.exe

C:\Windows\System\EXDsjiX.exe

C:\Windows\System\EXDsjiX.exe

C:\Windows\System\FwpJnut.exe

C:\Windows\System\FwpJnut.exe

C:\Windows\System\ykZVgfW.exe

C:\Windows\System\ykZVgfW.exe

C:\Windows\System\BNVfXtl.exe

C:\Windows\System\BNVfXtl.exe

C:\Windows\System\yeUvbsH.exe

C:\Windows\System\yeUvbsH.exe

C:\Windows\System\mbodKgc.exe

C:\Windows\System\mbodKgc.exe

C:\Windows\System\xDWhcoD.exe

C:\Windows\System\xDWhcoD.exe

C:\Windows\System\XNFcDuo.exe

C:\Windows\System\XNFcDuo.exe

C:\Windows\System\RnhgiEl.exe

C:\Windows\System\RnhgiEl.exe

C:\Windows\System\JErowlG.exe

C:\Windows\System\JErowlG.exe

C:\Windows\System\HSgPavm.exe

C:\Windows\System\HSgPavm.exe

C:\Windows\System\CCDvLdZ.exe

C:\Windows\System\CCDvLdZ.exe

C:\Windows\System\BGRCfLR.exe

C:\Windows\System\BGRCfLR.exe

C:\Windows\System\QqxdOGw.exe

C:\Windows\System\QqxdOGw.exe

C:\Windows\System\DzaxPsc.exe

C:\Windows\System\DzaxPsc.exe

C:\Windows\System\jHfltJm.exe

C:\Windows\System\jHfltJm.exe

C:\Windows\System\zNsyAZe.exe

C:\Windows\System\zNsyAZe.exe

C:\Windows\System\uXhAgaB.exe

C:\Windows\System\uXhAgaB.exe

C:\Windows\System\rkQMltj.exe

C:\Windows\System\rkQMltj.exe

C:\Windows\System\AWPRtNQ.exe

C:\Windows\System\AWPRtNQ.exe

C:\Windows\System\dEIdisn.exe

C:\Windows\System\dEIdisn.exe

C:\Windows\System\TvNCgVw.exe

C:\Windows\System\TvNCgVw.exe

C:\Windows\System\oboNvBs.exe

C:\Windows\System\oboNvBs.exe

C:\Windows\System\XQnkjDr.exe

C:\Windows\System\XQnkjDr.exe

C:\Windows\System\HvDRZZm.exe

C:\Windows\System\HvDRZZm.exe

C:\Windows\System\SFJJKsD.exe

C:\Windows\System\SFJJKsD.exe

C:\Windows\System\QOLTCny.exe

C:\Windows\System\QOLTCny.exe

C:\Windows\System\myKlJld.exe

C:\Windows\System\myKlJld.exe

C:\Windows\System\QshMpBM.exe

C:\Windows\System\QshMpBM.exe

C:\Windows\System\UOlYfSk.exe

C:\Windows\System\UOlYfSk.exe

C:\Windows\System\aoINoWK.exe

C:\Windows\System\aoINoWK.exe

C:\Windows\System\YbCeFad.exe

C:\Windows\System\YbCeFad.exe

C:\Windows\System\euqmOoe.exe

C:\Windows\System\euqmOoe.exe

C:\Windows\System\znmpnKY.exe

C:\Windows\System\znmpnKY.exe

C:\Windows\System\JPyWXYo.exe

C:\Windows\System\JPyWXYo.exe

C:\Windows\System\htprsQr.exe

C:\Windows\System\htprsQr.exe

C:\Windows\System\cPJMeWF.exe

C:\Windows\System\cPJMeWF.exe

C:\Windows\System\xLtBlTD.exe

C:\Windows\System\xLtBlTD.exe

C:\Windows\System\rSauzzc.exe

C:\Windows\System\rSauzzc.exe

C:\Windows\System\WXzbmcg.exe

C:\Windows\System\WXzbmcg.exe

C:\Windows\System\ZFdxsyH.exe

C:\Windows\System\ZFdxsyH.exe

C:\Windows\System\eLbkiek.exe

C:\Windows\System\eLbkiek.exe

C:\Windows\System\LUhGdpK.exe

C:\Windows\System\LUhGdpK.exe

C:\Windows\System\LCNwqrs.exe

C:\Windows\System\LCNwqrs.exe

C:\Windows\System\BbpVBPQ.exe

C:\Windows\System\BbpVBPQ.exe

C:\Windows\System\ieLdvRd.exe

C:\Windows\System\ieLdvRd.exe

C:\Windows\System\XkjsXpf.exe

C:\Windows\System\XkjsXpf.exe

C:\Windows\System\LPkcrmI.exe

C:\Windows\System\LPkcrmI.exe

C:\Windows\System\MThhCOK.exe

C:\Windows\System\MThhCOK.exe

C:\Windows\System\oIvGQcQ.exe

C:\Windows\System\oIvGQcQ.exe

C:\Windows\System\gEIunSb.exe

C:\Windows\System\gEIunSb.exe

C:\Windows\System\aVBVBZf.exe

C:\Windows\System\aVBVBZf.exe

C:\Windows\System\IfnbrTB.exe

C:\Windows\System\IfnbrTB.exe

C:\Windows\System\VlUJlSU.exe

C:\Windows\System\VlUJlSU.exe

C:\Windows\System\ObLEtkf.exe

C:\Windows\System\ObLEtkf.exe

C:\Windows\System\bHsiQFI.exe

C:\Windows\System\bHsiQFI.exe

C:\Windows\System\HLWVvDW.exe

C:\Windows\System\HLWVvDW.exe

C:\Windows\System\HUyZgwo.exe

C:\Windows\System\HUyZgwo.exe

C:\Windows\System\CKPwrnU.exe

C:\Windows\System\CKPwrnU.exe

C:\Windows\System\xhunyKH.exe

C:\Windows\System\xhunyKH.exe

C:\Windows\System\bIRJzHu.exe

C:\Windows\System\bIRJzHu.exe

C:\Windows\System\HKDNVQo.exe

C:\Windows\System\HKDNVQo.exe

C:\Windows\System\vaKeKvv.exe

C:\Windows\System\vaKeKvv.exe

C:\Windows\System\rrrYKKt.exe

C:\Windows\System\rrrYKKt.exe

C:\Windows\System\TYnGFBM.exe

C:\Windows\System\TYnGFBM.exe

C:\Windows\System\MEuJwqm.exe

C:\Windows\System\MEuJwqm.exe

C:\Windows\System\nnpgCSR.exe

C:\Windows\System\nnpgCSR.exe

C:\Windows\System\UcYRxRx.exe

C:\Windows\System\UcYRxRx.exe

C:\Windows\System\pkjYVcs.exe

C:\Windows\System\pkjYVcs.exe

C:\Windows\System\YNbmfPh.exe

C:\Windows\System\YNbmfPh.exe

C:\Windows\System\bUDSsmn.exe

C:\Windows\System\bUDSsmn.exe

C:\Windows\System\eBmHbUx.exe

C:\Windows\System\eBmHbUx.exe

C:\Windows\System\GktxWed.exe

C:\Windows\System\GktxWed.exe

C:\Windows\System\AEaVtIp.exe

C:\Windows\System\AEaVtIp.exe

C:\Windows\System\qCfAjid.exe

C:\Windows\System\qCfAjid.exe

C:\Windows\System\rjlaEWc.exe

C:\Windows\System\rjlaEWc.exe

C:\Windows\System\AWTpMjm.exe

C:\Windows\System\AWTpMjm.exe

C:\Windows\System\EXznRPK.exe

C:\Windows\System\EXznRPK.exe

C:\Windows\System\wjMFJhO.exe

C:\Windows\System\wjMFJhO.exe

C:\Windows\System\bGUsqYR.exe

C:\Windows\System\bGUsqYR.exe

C:\Windows\System\CCvuODb.exe

C:\Windows\System\CCvuODb.exe

C:\Windows\System\niOBGPr.exe

C:\Windows\System\niOBGPr.exe

C:\Windows\System\aUuSKiE.exe

C:\Windows\System\aUuSKiE.exe

C:\Windows\System\lgzkuOj.exe

C:\Windows\System\lgzkuOj.exe

C:\Windows\System\kRZZEzH.exe

C:\Windows\System\kRZZEzH.exe

C:\Windows\System\xxfFcCV.exe

C:\Windows\System\xxfFcCV.exe

C:\Windows\System\YoBKDTV.exe

C:\Windows\System\YoBKDTV.exe

C:\Windows\System\zbcwwWw.exe

C:\Windows\System\zbcwwWw.exe

C:\Windows\System\ZVrNHjn.exe

C:\Windows\System\ZVrNHjn.exe

C:\Windows\System\SsxAAcC.exe

C:\Windows\System\SsxAAcC.exe

C:\Windows\System\kqmuFYm.exe

C:\Windows\System\kqmuFYm.exe

C:\Windows\System\UcBogCQ.exe

C:\Windows\System\UcBogCQ.exe

C:\Windows\System\TfuwALK.exe

C:\Windows\System\TfuwALK.exe

C:\Windows\System\oUDSyrn.exe

C:\Windows\System\oUDSyrn.exe

C:\Windows\System\rcBQLmw.exe

C:\Windows\System\rcBQLmw.exe

C:\Windows\System\gEihGSs.exe

C:\Windows\System\gEihGSs.exe

C:\Windows\System\nWOfnbh.exe

C:\Windows\System\nWOfnbh.exe

C:\Windows\System\hSBdUrw.exe

C:\Windows\System\hSBdUrw.exe

C:\Windows\System\QlsFpDa.exe

C:\Windows\System\QlsFpDa.exe

C:\Windows\System\CbdtZUF.exe

C:\Windows\System\CbdtZUF.exe

C:\Windows\System\UDfmKkN.exe

C:\Windows\System\UDfmKkN.exe

C:\Windows\System\drToQxh.exe

C:\Windows\System\drToQxh.exe

C:\Windows\System\uHJwPPr.exe

C:\Windows\System\uHJwPPr.exe

C:\Windows\System\MLeuiak.exe

C:\Windows\System\MLeuiak.exe

C:\Windows\System\mDEXRWa.exe

C:\Windows\System\mDEXRWa.exe

C:\Windows\System\RnSacPv.exe

C:\Windows\System\RnSacPv.exe

C:\Windows\System\TJjJHey.exe

C:\Windows\System\TJjJHey.exe

C:\Windows\System\IvDQQJi.exe

C:\Windows\System\IvDQQJi.exe

C:\Windows\System\CHkwHoA.exe

C:\Windows\System\CHkwHoA.exe

C:\Windows\System\BIHAufH.exe

C:\Windows\System\BIHAufH.exe

C:\Windows\System\mTFDkiK.exe

C:\Windows\System\mTFDkiK.exe

C:\Windows\System\ULdpKgD.exe

C:\Windows\System\ULdpKgD.exe

C:\Windows\System\QjIEbnk.exe

C:\Windows\System\QjIEbnk.exe

C:\Windows\System\rPlveBg.exe

C:\Windows\System\rPlveBg.exe

C:\Windows\System\qkUAoRb.exe

C:\Windows\System\qkUAoRb.exe

C:\Windows\System\BpxnQyj.exe

C:\Windows\System\BpxnQyj.exe

C:\Windows\System\IlrJiRV.exe

C:\Windows\System\IlrJiRV.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp

Files

memory/2664-0-0x00007FF665F90000-0x00007FF6662E4000-memory.dmp

memory/2664-1-0x000001D437770000-0x000001D437780000-memory.dmp

C:\Windows\System\fHPhaPk.exe

MD5 656262f230949095cf9a3a3b7fa5784c
SHA1 1ccbbe46ec7547b882381df439e37dd1fc115506
SHA256 ab6ad93d40ccdc3912a0b8d3a4b13bf65f512471c56d7a5c4ca3bfa5f83664f4
SHA512 ee5c83bb398779b18affc00acf40b5c2ada2eda6b3bedc9e75504ef557d6c644370d4691d2a22a8b807bec671a93a1eaf90ecad4f38c586caf8dc7e6cea9108d

memory/8-6-0x00007FF62E860000-0x00007FF62EBB4000-memory.dmp

C:\Windows\System\OoNwooo.exe

MD5 c08fb6603f20810a7cd7223a5354cecb
SHA1 8f742a683f150660aceb23caa97ebf738659deae
SHA256 860e52918f925b27724d8844e61c6fc9214d4d7749819aa2a48938ade85b3469
SHA512 849effa07e2b42dbab075733113a1285161672ffee287d5cf2809f7f9e8b33da7f17a0ddd29cae35ab9d7448e823867cef87784a361a11b75ff97f5883188daa

C:\Windows\System\cqNKcod.exe

MD5 3eae60e9286d5327a34ccfeb4cdac11c
SHA1 0452aa1772ef865c63d95c52bfb79ca9ba16dc2d
SHA256 531e5aa3a5b4df7d12faecf7dbc292870974483745c905313136fa3e343d27fc
SHA512 06e01ff5a889e4e84ee122efa9d2aa2e33a823a89d1f7d75559ea0470bba52e0f306c608356a38d4725557020118bf2374ade0083d7b359b2a260bd76310614e

memory/1192-16-0x00007FF7C2FA0000-0x00007FF7C32F4000-memory.dmp

memory/2404-20-0x00007FF729E00000-0x00007FF72A154000-memory.dmp

C:\Windows\System\JGByfyg.exe

MD5 1e52f349ace417f5698c8ed8ff69734f
SHA1 c2eb9b2994ba8e21a0279688c850c3b681cd7877
SHA256 2e2f8e1637afa380b4433e6990fa1d88410c537aff3e7e9ac26cfc41d6f0b602
SHA512 ead799602c09fb7b53e32daba223c6292d85de326148f1b650117a0f5a6ba1a2f6344e6a4d6e6ac84bfdbc5534a8562d3c22f6ee80a789c3bf90d0df0d1d23a0

memory/1992-28-0x00007FF72ECF0000-0x00007FF72F044000-memory.dmp

C:\Windows\System\anauthL.exe

MD5 c2f161cd504e998f0608c50170f55445
SHA1 7c93cc99f39123a4d9e32e1e16e2002be0abe950
SHA256 f3d9be022cd7221f5ad92cb11bd41ce7e5f3081af8e0b51dd20890a8ddab7839
SHA512 fe24c11975355a86a05e3a4d5f59e37374710862cdea9347726b7239fe98cda570a31f27dbc8f8dd0c1f1eb6fefb83e869948ea23f0fa341cbf7a100cc7a14b7

C:\Windows\System\gcHfgMC.exe

MD5 2d73dd566ba5008d9145b3988bdebfb1
SHA1 30961ca45c158b90af3c144ce22b7dc7364bec3b
SHA256 5f8e56959b80fc1ac608f876717579eb811cb0c21bfa05d4ce7866d0d9fb35e1
SHA512 e86f7add078a5de00039f793c0e74f6d82895e408561f2fe4de01a7a431aa874ac8458f64d72a273b375065a32ca8040b31ab47ffb3bf4885035c71b5f87c96d

memory/3576-34-0x00007FF62DA80000-0x00007FF62DDD4000-memory.dmp

memory/3652-40-0x00007FF6E9A80000-0x00007FF6E9DD4000-memory.dmp

C:\Windows\System\HtdLWTk.exe

MD5 a98a02c5f92ef05d89ddb2580527f3c5
SHA1 1052f4ff2da57f312d89d3dc9b72a53afb18139c
SHA256 0d34adf30af7dde19f3acb418179ea766e24139346143befbb89255c18e9440d
SHA512 13375836675416560c5b20213fab21cbbfb8e1b46dbdc5868598b8278918ae1ab08637963eb449547c7636b9dfcb1a8a1202c575068b22d43fa720daccb58c43

C:\Windows\System\zbzWAgB.exe

MD5 bb1972ff7d09aaec7d9827bfa03dd4de
SHA1 73c0a27846941f6d2b762d14ad59ec99b798ea56
SHA256 db81b9effe84a845eb7aedb8eee9f7811fa68b7c0887b56913603bfe0e78e0fe
SHA512 15999a114548e8f7ed3db93aac6bf069eff854685210f830180ce0d056124ec207043d30f7d7697c4368ce18e9e08ebaf7d642f2fadffc55274fe84a509dc45f

C:\Windows\System\mJXuyNr.exe

MD5 4bead50c8dffec871de6552ded39e5f1
SHA1 2328a37c4159c81c4e0ad548525486e774ee241f
SHA256 e74d94f1dd3e14727f34e7b7299b40be0f736c121aa6842de739f9c420d34308
SHA512 1049c7039a914b2a2d4150373fcc8e6b7fa278183f00ed33bb892e1a39605a504cffcdfdb2ea1a3ef1820cc2a37630825fe4d75ffd2d451a363dec0019e09243

C:\Windows\System\ntKEADG.exe

MD5 bf45585cc2dddbeb638487f0f9290f12
SHA1 eba9f995e08f6383596ea1faa3b0d474d8237f28
SHA256 ed43778c0d4f6daecccf54d6292448f5721c328a572c59b9142ed956638f58bb
SHA512 5d6f37bbcad0909efe87d853be988912bcd9726601a0e3ad2f8918b51b34d88a0d69b0b5426cdb6fa2280774e61f24f9c9495bd93d8d6a947986edd9b4e1a242

memory/2728-52-0x00007FF6F4720000-0x00007FF6F4A74000-memory.dmp

memory/1268-71-0x00007FF705F10000-0x00007FF706264000-memory.dmp

memory/4932-74-0x00007FF72DFE0000-0x00007FF72E334000-memory.dmp

memory/3184-75-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp

memory/1548-82-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp

C:\Windows\System\bxoMMTN.exe

MD5 4504a2eaad43fceedab2110665dea758
SHA1 6243a2df99376489ee6bbfa53c0afe50b05b5119
SHA256 f22d7c0dfb3195ae86297f926b214b92ac7fcbd7ce15890a0d79bbe76ca6e23f
SHA512 386efec17913725ede61619695d1c48a2fb5e7214115b8d1f703249330d22e4237b2a24f300031c7022b5e6fee0a99d0205971444083f252815e07cfa1b6a2c7

C:\Windows\System\FqPeiBc.exe

MD5 5d690dc22b0794e142d1d54e3fba295f
SHA1 5791b74c32f5d0034bd5bb70a1c0ad216d4fe8d7
SHA256 a3df49a1d9ad9ceffb8519184e7959e5d1f5214cd3308ee0f851fc36cd6a1c89
SHA512 5bec66c07eb1d88db37abfc8df22acedc6571b8a50fc77497ac7a27fb39ebec56b4e6e7bb60c45c48b94f53b38761dd3d98bb3d5b31d9c80eda0656bdcf29ba0

C:\Windows\System\fLsIUfn.exe

MD5 7116bbed3f8acb35a8a126a8570fee00
SHA1 2f96b2fbe12e97568f4815283f95077ce61e85b0
SHA256 02d202335f49980056502ea5aacbe424eb853b004b40751d9a58555a110d9e69
SHA512 9d5bb8d5f8de8e0a8b5c747fd9dc89ac736ec3faeb2da991a715c26043625e3be0e26cb6d9ee3983948d53378dd228271948ea353c01fb2fa1769c0d2392e710

C:\Windows\System\fGFtppz.exe

MD5 7fa360a454cf35bb44c6ae4463750cee
SHA1 e71aaace79ac607fa3db7e085c75a59518eaf987
SHA256 210213c1a87e2393a7d184374a88bfb3821cacba1d9e2bc3687bd7957378e3a3
SHA512 f4ae0801fcaada2402c86ddd779f35e353318ef89b36e8a230980d2c139414d015cf98f8caf950f59b1c679bf786b16a2442d54fdbf2adb0495c19f2d13a3983

memory/3340-114-0x00007FF7AE9A0000-0x00007FF7AECF4000-memory.dmp

memory/992-118-0x00007FF6C6A70000-0x00007FF6C6DC4000-memory.dmp

memory/1656-122-0x00007FF60F180000-0x00007FF60F4D4000-memory.dmp

C:\Windows\System\WFKzIEQ.exe

MD5 c21c84ade640f3de08e940b85cd66b27
SHA1 c9c995acc51cd276ef47956caf59a918e9332b04
SHA256 6933d756d49f770693e1452ebd193c017eef841681f84c8423adbbfdf0b4fbac
SHA512 d4cd04b7c21ff2f3168cde22951a43b7d7e5528f6682ea477c9e1465e5a81259ccfeb42f50052606ffbcdc14ef2a236bc9968f8db8bc315211b962bf9877b410

C:\Windows\System\CUTqEtv.exe

MD5 ebe0eef220042aa3de7c60626a0abd39
SHA1 f394c9fa0d84852e9f8a2c5a5b5095d1030676fc
SHA256 1a9c0999a38c3f576667073adc1bb79e5fa968d6f3f3a49c71a6c37bad2162f6
SHA512 83e6adb17ed60b6e12156de6e3027dc119854eada234c96b9620e1cd2765f043adeec13248a17eefc0e428d276259ded26015ca6368d0ba0db5d4b77753af03e

memory/8-495-0x00007FF62E860000-0x00007FF62EBB4000-memory.dmp

memory/2848-496-0x00007FF6F6BA0000-0x00007FF6F6EF4000-memory.dmp

memory/1604-497-0x00007FF7A8340000-0x00007FF7A8694000-memory.dmp

memory/4388-504-0x00007FF7791B0000-0x00007FF779504000-memory.dmp

memory/2216-510-0x00007FF639D60000-0x00007FF63A0B4000-memory.dmp

memory/3316-507-0x00007FF6E2BF0000-0x00007FF6E2F44000-memory.dmp

memory/1424-526-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp

memory/3880-531-0x00007FF716850000-0x00007FF716BA4000-memory.dmp

memory/5040-524-0x00007FF6BBA30000-0x00007FF6BBD84000-memory.dmp

memory/696-522-0x00007FF759490000-0x00007FF7597E4000-memory.dmp

C:\Windows\System\mkfnXuf.exe

MD5 d0ccf583b08c45108080c42cd1512147
SHA1 d63ba2984985c45aed178c195bdb1462d3935372
SHA256 1566b6656df40cf5d5e37640d10604396f3622b8806fdf6976d46d0c643441ea
SHA512 59ebcdf5cb215f64fd82238c5a9bfc38477611d8e4a9507b3191f077a9a6cee2485df326c5d3776d6d88dbcfd96407bfcc6abe28d35e6878b6e4f259a74a5956

C:\Windows\System\swqmZSh.exe

MD5 2301d51d7e53730ef5050d6a4c0a77b3
SHA1 b2a748c3bcba48cd49ddde47db4ec65b32a10583
SHA256 ff8bf11de0fd8dd05206546730f3ea4173ea8d443c1edfe2f291f2de9c309200
SHA512 100175cd98c4dcbe1505d47f26f7c7772d0a2821aa8aa6649ffaf72f422b90a38b9622bc64f17ccdf19c415e2d5a5e4fff0ed62ead787d7b33f37464ff00f672

C:\Windows\System\AWqyntg.exe

MD5 a416819902e8ef815f675fe4cb611e6c
SHA1 96c85b8ed95e8d5dcfecd780f4bcdb9d139dae2a
SHA256 6ddb71b3a1c5cb752f9f1100a4ccaa6fb153230d6b342987eb19e9d5b580f0e8
SHA512 9a21465b34a13ec562d3cd49b8b4f6eb1e0f7b9cae8a84ac37aa3e00e85feb9485aaa1399a69c4209450a5e15c8406309e35100a7e30182becf97a39ff26942b

C:\Windows\System\ExkGGOX.exe

MD5 97a0808c025fb8413dff320e42488d96
SHA1 92c5283d8cae25a8c37035bb7a6cd7e16956f10a
SHA256 301c7560a2c7d29f306adb4500546b0316b3e0406836d5bfeada7e320c0b4c50
SHA512 5750d92e1c0c3297d60b66e7eac71cf8457bf5d84521f5c3a9d757ce0789c4fd7372b6e7220e8594b38e93a106d24932698c4e73e6945bdd256f1dd7606960f5

C:\Windows\System\ReaLGAq.exe

MD5 3b5ab3be8e0ade0f147a72bfb903cea1
SHA1 8c632a57e3dc0e04e84b98cc65593a1a5e9418f1
SHA256 a0c13960939a725f5c14c722450b4e500a427d4522a143294645755a653160b7
SHA512 2a6f35b4165182df3c5766d8221cd5f158589f11f770abe264a0fd26482b2a207618186bc90928554b1ed33b51fed0f863cabad10da65263998b0a7c75c46728

C:\Windows\System\IRkqizE.exe

MD5 69f0e9ca4cace6d4033e1ee61f66bd16
SHA1 2ccab94cc76f6b230c4a9f2653225606118d063b
SHA256 fe12931e70b9fa3fd00dd5dd78a1adc27ec21e209449d9ea2c1beb14e23477e7
SHA512 3dd38f86ce4d79e6ea1f9d86a5131adc21248cd70a35d3b5312ded0413535bb9395930ad10cb90aba999aa1d2094317faee2a8271d03de1b5f67339740ba58e7

C:\Windows\System\iNfUllT.exe

MD5 58dbdc6ab83c4d9ba0fbe9d985087577
SHA1 77cd200ff76e12477c79b50df45f91477824c58c
SHA256 a3d8a9d2e0afc528d6bd155a52bdcbf54e3a19a933c12ab0d7971d7f9be2af3c
SHA512 b602b7bf72b2df3549f8474b0999bdbabd1f6731c7f4f1efb345efbe42446a28394a0ab9016f4eb10caa40cca2cc2238dbca876704a2c888b4faa942d2ae627a

C:\Windows\System\TfRPBIF.exe

MD5 f6560957b7dd90aae11d901760a5e778
SHA1 01b6962aa37eab92741691a6e9d3e0c62c599910
SHA256 f86cbfb227b1722585fac3538f940861ab60d04132a67cd07749e3f3ebaead41
SHA512 c096f3dffce4b354e7ed3640cd72e16486c42168728ddf63415b58ac5f232db592b0af9e18c59d58dace33887a41041568a8e855bfec3976c447504f35d2d319

C:\Windows\System\ZYwkmMR.exe

MD5 b5861b57e49b7d8bf6a9257103e5d060
SHA1 350d13cee5997096609a246366532f8a42e1f531
SHA256 6ee7810aab2b1d655292a93c48345bd854751e69d78a1f8b0e8f7e8c96281435
SHA512 193ff1960ebf56312387d8ae606240877cb7c57cab4364c9f70808cbaed0fb70ff40ce7bbd05441b18c2992e6019dc712cad54e2296c900f33b48054a7288c62

C:\Windows\System\fjBxXPU.exe

MD5 cda36f948116c6aa0ed15b5074bce47f
SHA1 4251b39fc4b80d7c1b343234a17881c28fab581f
SHA256 5b01b5462d52aafdf1aac31c0869e7405c6c30b47cd7855ebb4f5f4a92b3d077
SHA512 3a722e13d54ef081710e6604d94b348e292cdc26419b786c8cf6cfafdbf4edae04486ea48b0ed9ab283e55f3b8a2bf404b3138487ecf558f3ed68e68878dfce9

C:\Windows\System\mxIfDlW.exe

MD5 505c76bfec34a800ec1982bd51d8f234
SHA1 331ad08ef8026b86c8bad2cba371e29bdf5303ab
SHA256 6b1ebcd7cdde4fda71304cc650ad8259eb673b50c074cd0b191bab5e93bfd33f
SHA512 d8416c3ea380cb4ed5cd3cd7bda8d884e543a18decd13f16a9028bb9fbc6b15a1f362d6c7e27a7a81c7c267fc4adb4f4702c394d6d310be21a8393d6546bfe34

memory/1468-123-0x00007FF788AF0000-0x00007FF788E44000-memory.dmp

memory/2664-121-0x00007FF665F90000-0x00007FF6662E4000-memory.dmp

C:\Windows\System\nFnppaD.exe

MD5 4ec613319fba09a85244b470c8362cde
SHA1 ee6ca46d1b3552aeaf2a28ec21d9f6e9c1087a43
SHA256 50c7d644540d526830157bc3fd4b5038435bf3896313c0dba9801dbb287ba0bd
SHA512 376b8488425b1cf7c9d863673ecba75f18aac20ff96e86743fa5b1f2d1723456750031440e1699a0d4f88b60443d101b910cfe3fcd0753347e2e2071dd67e26e

C:\Windows\System\LtXNEmN.exe

MD5 c520d923bfb8f15d295e5c418ab68ce2
SHA1 a1501ce2a43b9355e63660e6ce6414bbe7e23f52
SHA256 df1d13c34faa596a90b4fd241d3c91a1ccfefa788fcdf436ba1470785795660a
SHA512 ae729c7f02966d707d1dffd093fe23bea3b7dc17540397dd4ae67de1d99f6e55d7bd283dd147fc748fb39aeec52530f454e7ec7664a2668f16957508300656cd

memory/2316-115-0x00007FF762610000-0x00007FF762964000-memory.dmp

memory/2024-112-0x00007FF7BF5E0000-0x00007FF7BF934000-memory.dmp

memory/376-106-0x00007FF6C48A0000-0x00007FF6C4BF4000-memory.dmp

C:\Windows\System\fIdWQag.exe

MD5 4ed35bf736a75474671ded34869e5107
SHA1 370634bbb409ee55b8e0c4286c53b8da2a9d6306
SHA256 a21cf39505e323951db9b15c802ac75851c0a18f9fbd6ef3e40c04e2b4e70c7c
SHA512 d0d86a2e53acf797e356dd9bc0ba3be470c9e51653818bda64953f62d3730e50663857d3d38a51fecee9e1725f42ccdacfc7064d9f33cd35eceb184a2f785e8c

C:\Windows\System\PpgibSf.exe

MD5 416e550edcb63db5128cb487d654d120
SHA1 63e61f4435cb7c7d30cc8fecae9110b31a55637b
SHA256 eae94653a88ddd397543844c00e90e8a6c2f8c449367ffd5706b770d63ca5ccf
SHA512 042da851a9a5cb55026d4b9efc16e69dda0c1ced1248c4b046dbfaa4bbeeda95a710c9a7741738b45746d576a5f1c1dfdeaf298afaf2ae2418eb1430b28fe808

memory/4060-77-0x00007FF640DB0000-0x00007FF641104000-memory.dmp

C:\Windows\System\zNnSKwv.exe

MD5 27771fa4f50b6f24615c75237b6b082d
SHA1 f5d491816fc746e1c035ad74cb151ade6ca65c9a
SHA256 0b3c73d3eae740978d6e268cee7803c573b6507af882ce62dec182af7e0a1d51
SHA512 cd122de17302aebed89ad7df96a8d8dff8525d329f9c18b42ec7f400396ac1de1be9d5a954b9882a263333373f4dbd5229e02444ccd1cfd643e604e8abbe764f

memory/3780-67-0x00007FF726060000-0x00007FF7263B4000-memory.dmp

C:\Windows\System\oRjzzVq.exe

MD5 d1fbace679e4b08f89bdf96aefa327e8
SHA1 27d595dff87d4b7ea9187d8bb4da4b381cfe87d3
SHA256 e6332a3c0a737a6f37d21cd8e8b1454f44573132297431bffd0f9aa8048c6896
SHA512 123ddbc7448927402b31bb6c165c37d5a908f4f06affc6c8ebe130566b583c1ec779ea4fb691647047ec1f9a371d388410fec148085533183271e0d1538b905b

memory/1192-1008-0x00007FF7C2FA0000-0x00007FF7C32F4000-memory.dmp

memory/1992-1073-0x00007FF72ECF0000-0x00007FF72F044000-memory.dmp

memory/4932-1074-0x00007FF72DFE0000-0x00007FF72E334000-memory.dmp

memory/8-1075-0x00007FF62E860000-0x00007FF62EBB4000-memory.dmp

memory/1192-1076-0x00007FF7C2FA0000-0x00007FF7C32F4000-memory.dmp

memory/2404-1077-0x00007FF729E00000-0x00007FF72A154000-memory.dmp

memory/1992-1078-0x00007FF72ECF0000-0x00007FF72F044000-memory.dmp

memory/3576-1079-0x00007FF62DA80000-0x00007FF62DDD4000-memory.dmp

memory/3652-1080-0x00007FF6E9A80000-0x00007FF6E9DD4000-memory.dmp

memory/3780-1082-0x00007FF726060000-0x00007FF7263B4000-memory.dmp

memory/2728-1081-0x00007FF6F4720000-0x00007FF6F4A74000-memory.dmp

memory/1268-1084-0x00007FF705F10000-0x00007FF706264000-memory.dmp

memory/4060-1083-0x00007FF640DB0000-0x00007FF641104000-memory.dmp

memory/3184-1085-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp

memory/4932-1087-0x00007FF72DFE0000-0x00007FF72E334000-memory.dmp

memory/3340-1089-0x00007FF7AE9A0000-0x00007FF7AECF4000-memory.dmp

memory/1548-1091-0x00007FF72DC30000-0x00007FF72DF84000-memory.dmp

memory/376-1090-0x00007FF6C48A0000-0x00007FF6C4BF4000-memory.dmp

memory/2024-1088-0x00007FF7BF5E0000-0x00007FF7BF934000-memory.dmp

memory/2316-1086-0x00007FF762610000-0x00007FF762964000-memory.dmp

memory/992-1093-0x00007FF6C6A70000-0x00007FF6C6DC4000-memory.dmp

memory/1656-1092-0x00007FF60F180000-0x00007FF60F4D4000-memory.dmp

memory/1468-1094-0x00007FF788AF0000-0x00007FF788E44000-memory.dmp

memory/1424-1095-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp

memory/2216-1102-0x00007FF639D60000-0x00007FF63A0B4000-memory.dmp

memory/1604-1101-0x00007FF7A8340000-0x00007FF7A8694000-memory.dmp

memory/3880-1100-0x00007FF716850000-0x00007FF716BA4000-memory.dmp

memory/5040-1099-0x00007FF6BBA30000-0x00007FF6BBD84000-memory.dmp

memory/696-1098-0x00007FF759490000-0x00007FF7597E4000-memory.dmp

memory/3316-1097-0x00007FF6E2BF0000-0x00007FF6E2F44000-memory.dmp

memory/4388-1096-0x00007FF7791B0000-0x00007FF779504000-memory.dmp

memory/2848-1103-0x00007FF6F6BA0000-0x00007FF6F6EF4000-memory.dmp