Malware Analysis Report

2024-10-10 08:35

Sample ID 240608-wnzyraeh69
Target 1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe
SHA256 7336078211ba3d5cac4d45c0a43708973315269d7c03e218fdd71332f7e9678d
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7336078211ba3d5cac4d45c0a43708973315269d7c03e218fdd71332f7e9678d

Threat Level: Known bad

The file 1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Kpot family

KPOT

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 18:04

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 18:04

Reported

2024-06-08 18:07

Platform

win7-20240215-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nVaIDfD.exe N/A
N/A N/A C:\Windows\System\KvKCxKn.exe N/A
N/A N/A C:\Windows\System\fsghKTu.exe N/A
N/A N/A C:\Windows\System\MhdHtRe.exe N/A
N/A N/A C:\Windows\System\NJuYSRe.exe N/A
N/A N/A C:\Windows\System\fCFoijY.exe N/A
N/A N/A C:\Windows\System\JZxQUVc.exe N/A
N/A N/A C:\Windows\System\XyCNooS.exe N/A
N/A N/A C:\Windows\System\bcBbijJ.exe N/A
N/A N/A C:\Windows\System\gjUMHHf.exe N/A
N/A N/A C:\Windows\System\HkZnREK.exe N/A
N/A N/A C:\Windows\System\cwNyBNN.exe N/A
N/A N/A C:\Windows\System\NBGcwPo.exe N/A
N/A N/A C:\Windows\System\spbKJxk.exe N/A
N/A N/A C:\Windows\System\nUBSUvj.exe N/A
N/A N/A C:\Windows\System\bYlUdrG.exe N/A
N/A N/A C:\Windows\System\zIutEKP.exe N/A
N/A N/A C:\Windows\System\YlalXlI.exe N/A
N/A N/A C:\Windows\System\XDUJrWv.exe N/A
N/A N/A C:\Windows\System\FbJXhil.exe N/A
N/A N/A C:\Windows\System\cSbmiej.exe N/A
N/A N/A C:\Windows\System\hGCRSYI.exe N/A
N/A N/A C:\Windows\System\GoABDhD.exe N/A
N/A N/A C:\Windows\System\WCfQNrL.exe N/A
N/A N/A C:\Windows\System\kxSePvL.exe N/A
N/A N/A C:\Windows\System\CCmdufs.exe N/A
N/A N/A C:\Windows\System\RKrfLfq.exe N/A
N/A N/A C:\Windows\System\vAOLEBj.exe N/A
N/A N/A C:\Windows\System\iOcAQKt.exe N/A
N/A N/A C:\Windows\System\FFsFWEf.exe N/A
N/A N/A C:\Windows\System\DSjdCcA.exe N/A
N/A N/A C:\Windows\System\tspdemo.exe N/A
N/A N/A C:\Windows\System\yyrNAcX.exe N/A
N/A N/A C:\Windows\System\RgnNCce.exe N/A
N/A N/A C:\Windows\System\IgLdlEO.exe N/A
N/A N/A C:\Windows\System\XmkWMMF.exe N/A
N/A N/A C:\Windows\System\qzgIvLj.exe N/A
N/A N/A C:\Windows\System\XJlHLUP.exe N/A
N/A N/A C:\Windows\System\PBdIych.exe N/A
N/A N/A C:\Windows\System\AbMJaHD.exe N/A
N/A N/A C:\Windows\System\kQdKbkg.exe N/A
N/A N/A C:\Windows\System\yJMNeNB.exe N/A
N/A N/A C:\Windows\System\MYIHKhx.exe N/A
N/A N/A C:\Windows\System\FcNtvRU.exe N/A
N/A N/A C:\Windows\System\WCJSdJj.exe N/A
N/A N/A C:\Windows\System\TdVFLZi.exe N/A
N/A N/A C:\Windows\System\DDjdeNQ.exe N/A
N/A N/A C:\Windows\System\GtAoslT.exe N/A
N/A N/A C:\Windows\System\kVYQxwh.exe N/A
N/A N/A C:\Windows\System\vXqImid.exe N/A
N/A N/A C:\Windows\System\pepmyco.exe N/A
N/A N/A C:\Windows\System\twlxTDC.exe N/A
N/A N/A C:\Windows\System\wHPKeLe.exe N/A
N/A N/A C:\Windows\System\OjfTyUe.exe N/A
N/A N/A C:\Windows\System\zlEdTXD.exe N/A
N/A N/A C:\Windows\System\gMBSLmG.exe N/A
N/A N/A C:\Windows\System\CtdUlUz.exe N/A
N/A N/A C:\Windows\System\siyhuVO.exe N/A
N/A N/A C:\Windows\System\pHHeyzM.exe N/A
N/A N/A C:\Windows\System\hpIOwJj.exe N/A
N/A N/A C:\Windows\System\owkYWrr.exe N/A
N/A N/A C:\Windows\System\paOzekG.exe N/A
N/A N/A C:\Windows\System\XDXVFRW.exe N/A
N/A N/A C:\Windows\System\xUibvub.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fEikcnA.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lOkgRUN.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtAoslT.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLzpRcO.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKVCzYo.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwhGyfP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCcdaZm.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIutEKP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAciaYB.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQcbchZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tkIBgpf.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPKRRHD.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLuJDoX.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzgIvLj.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnvEDoj.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IexNDgO.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxWmBlg.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bsMyVFz.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BooGIeA.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUibvub.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFRclNj.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKRsqfF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZWEXhR.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUBSUvj.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIUQtsv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDHSYft.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjDvCUw.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIsIrNL.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSQKtFn.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROwsCLR.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnzqjuK.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvqEySi.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsIUBwF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRKohYZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StOgwMu.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QokitAF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYnmHYD.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbJXhil.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Dzeeoiy.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrFJWhT.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkzrIIF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFGbiRI.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jANhbXc.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YeyMGDI.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpxnOAA.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bveQvOP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sExmeAl.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QsuNeJm.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCdPMmP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWUlvvA.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqKMwnA.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlEdTXD.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKbsfoR.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAIvzXs.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UjNAOXJ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbpSZZH.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKlsiNJ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNykOOZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzyKGni.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxwoCES.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzaobnQ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnymleq.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLBPFul.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjooAcc.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nVaIDfD.exe
PID 2908 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nVaIDfD.exe
PID 2908 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nVaIDfD.exe
PID 2908 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\KvKCxKn.exe
PID 2908 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\KvKCxKn.exe
PID 2908 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\KvKCxKn.exe
PID 2908 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fsghKTu.exe
PID 2908 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fsghKTu.exe
PID 2908 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fsghKTu.exe
PID 2908 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\MhdHtRe.exe
PID 2908 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\MhdHtRe.exe
PID 2908 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\MhdHtRe.exe
PID 2908 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NJuYSRe.exe
PID 2908 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NJuYSRe.exe
PID 2908 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NJuYSRe.exe
PID 2908 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\JZxQUVc.exe
PID 2908 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\JZxQUVc.exe
PID 2908 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\JZxQUVc.exe
PID 2908 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fCFoijY.exe
PID 2908 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fCFoijY.exe
PID 2908 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fCFoijY.exe
PID 2908 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XyCNooS.exe
PID 2908 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XyCNooS.exe
PID 2908 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XyCNooS.exe
PID 2908 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bcBbijJ.exe
PID 2908 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bcBbijJ.exe
PID 2908 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bcBbijJ.exe
PID 2908 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\HkZnREK.exe
PID 2908 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\HkZnREK.exe
PID 2908 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\HkZnREK.exe
PID 2908 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\gjUMHHf.exe
PID 2908 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\gjUMHHf.exe
PID 2908 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\gjUMHHf.exe
PID 2908 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cwNyBNN.exe
PID 2908 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cwNyBNN.exe
PID 2908 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cwNyBNN.exe
PID 2908 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NBGcwPo.exe
PID 2908 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NBGcwPo.exe
PID 2908 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NBGcwPo.exe
PID 2908 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bYlUdrG.exe
PID 2908 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bYlUdrG.exe
PID 2908 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bYlUdrG.exe
PID 2908 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\spbKJxk.exe
PID 2908 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\spbKJxk.exe
PID 2908 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\spbKJxk.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\zIutEKP.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\zIutEKP.exe
PID 2908 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\zIutEKP.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nUBSUvj.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nUBSUvj.exe
PID 2908 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nUBSUvj.exe
PID 2908 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\YlalXlI.exe
PID 2908 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\YlalXlI.exe
PID 2908 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\YlalXlI.exe
PID 2908 wrote to memory of 500 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XDUJrWv.exe
PID 2908 wrote to memory of 500 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XDUJrWv.exe
PID 2908 wrote to memory of 500 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XDUJrWv.exe
PID 2908 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FbJXhil.exe
PID 2908 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FbJXhil.exe
PID 2908 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FbJXhil.exe
PID 2908 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cSbmiej.exe
PID 2908 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cSbmiej.exe
PID 2908 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cSbmiej.exe
PID 2908 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\hGCRSYI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe"

C:\Windows\System\nVaIDfD.exe

C:\Windows\System\nVaIDfD.exe

C:\Windows\System\KvKCxKn.exe

C:\Windows\System\KvKCxKn.exe

C:\Windows\System\fsghKTu.exe

C:\Windows\System\fsghKTu.exe

C:\Windows\System\MhdHtRe.exe

C:\Windows\System\MhdHtRe.exe

C:\Windows\System\NJuYSRe.exe

C:\Windows\System\NJuYSRe.exe

C:\Windows\System\JZxQUVc.exe

C:\Windows\System\JZxQUVc.exe

C:\Windows\System\fCFoijY.exe

C:\Windows\System\fCFoijY.exe

C:\Windows\System\XyCNooS.exe

C:\Windows\System\XyCNooS.exe

C:\Windows\System\bcBbijJ.exe

C:\Windows\System\bcBbijJ.exe

C:\Windows\System\HkZnREK.exe

C:\Windows\System\HkZnREK.exe

C:\Windows\System\gjUMHHf.exe

C:\Windows\System\gjUMHHf.exe

C:\Windows\System\cwNyBNN.exe

C:\Windows\System\cwNyBNN.exe

C:\Windows\System\NBGcwPo.exe

C:\Windows\System\NBGcwPo.exe

C:\Windows\System\bYlUdrG.exe

C:\Windows\System\bYlUdrG.exe

C:\Windows\System\spbKJxk.exe

C:\Windows\System\spbKJxk.exe

C:\Windows\System\zIutEKP.exe

C:\Windows\System\zIutEKP.exe

C:\Windows\System\nUBSUvj.exe

C:\Windows\System\nUBSUvj.exe

C:\Windows\System\YlalXlI.exe

C:\Windows\System\YlalXlI.exe

C:\Windows\System\XDUJrWv.exe

C:\Windows\System\XDUJrWv.exe

C:\Windows\System\FbJXhil.exe

C:\Windows\System\FbJXhil.exe

C:\Windows\System\cSbmiej.exe

C:\Windows\System\cSbmiej.exe

C:\Windows\System\hGCRSYI.exe

C:\Windows\System\hGCRSYI.exe

C:\Windows\System\GoABDhD.exe

C:\Windows\System\GoABDhD.exe

C:\Windows\System\WCfQNrL.exe

C:\Windows\System\WCfQNrL.exe

C:\Windows\System\kxSePvL.exe

C:\Windows\System\kxSePvL.exe

C:\Windows\System\RKrfLfq.exe

C:\Windows\System\RKrfLfq.exe

C:\Windows\System\CCmdufs.exe

C:\Windows\System\CCmdufs.exe

C:\Windows\System\vAOLEBj.exe

C:\Windows\System\vAOLEBj.exe

C:\Windows\System\iOcAQKt.exe

C:\Windows\System\iOcAQKt.exe

C:\Windows\System\FFsFWEf.exe

C:\Windows\System\FFsFWEf.exe

C:\Windows\System\DSjdCcA.exe

C:\Windows\System\DSjdCcA.exe

C:\Windows\System\tspdemo.exe

C:\Windows\System\tspdemo.exe

C:\Windows\System\yyrNAcX.exe

C:\Windows\System\yyrNAcX.exe

C:\Windows\System\RgnNCce.exe

C:\Windows\System\RgnNCce.exe

C:\Windows\System\IgLdlEO.exe

C:\Windows\System\IgLdlEO.exe

C:\Windows\System\XmkWMMF.exe

C:\Windows\System\XmkWMMF.exe

C:\Windows\System\qzgIvLj.exe

C:\Windows\System\qzgIvLj.exe

C:\Windows\System\XJlHLUP.exe

C:\Windows\System\XJlHLUP.exe

C:\Windows\System\PBdIych.exe

C:\Windows\System\PBdIych.exe

C:\Windows\System\AbMJaHD.exe

C:\Windows\System\AbMJaHD.exe

C:\Windows\System\kQdKbkg.exe

C:\Windows\System\kQdKbkg.exe

C:\Windows\System\yJMNeNB.exe

C:\Windows\System\yJMNeNB.exe

C:\Windows\System\MYIHKhx.exe

C:\Windows\System\MYIHKhx.exe

C:\Windows\System\FcNtvRU.exe

C:\Windows\System\FcNtvRU.exe

C:\Windows\System\WCJSdJj.exe

C:\Windows\System\WCJSdJj.exe

C:\Windows\System\vXqImid.exe

C:\Windows\System\vXqImid.exe

C:\Windows\System\TdVFLZi.exe

C:\Windows\System\TdVFLZi.exe

C:\Windows\System\twlxTDC.exe

C:\Windows\System\twlxTDC.exe

C:\Windows\System\DDjdeNQ.exe

C:\Windows\System\DDjdeNQ.exe

C:\Windows\System\wHPKeLe.exe

C:\Windows\System\wHPKeLe.exe

C:\Windows\System\GtAoslT.exe

C:\Windows\System\GtAoslT.exe

C:\Windows\System\OjfTyUe.exe

C:\Windows\System\OjfTyUe.exe

C:\Windows\System\kVYQxwh.exe

C:\Windows\System\kVYQxwh.exe

C:\Windows\System\zlEdTXD.exe

C:\Windows\System\zlEdTXD.exe

C:\Windows\System\pepmyco.exe

C:\Windows\System\pepmyco.exe

C:\Windows\System\gMBSLmG.exe

C:\Windows\System\gMBSLmG.exe

C:\Windows\System\CtdUlUz.exe

C:\Windows\System\CtdUlUz.exe

C:\Windows\System\pHHeyzM.exe

C:\Windows\System\pHHeyzM.exe

C:\Windows\System\siyhuVO.exe

C:\Windows\System\siyhuVO.exe

C:\Windows\System\hpIOwJj.exe

C:\Windows\System\hpIOwJj.exe

C:\Windows\System\owkYWrr.exe

C:\Windows\System\owkYWrr.exe

C:\Windows\System\paOzekG.exe

C:\Windows\System\paOzekG.exe

C:\Windows\System\XDXVFRW.exe

C:\Windows\System\XDXVFRW.exe

C:\Windows\System\xUibvub.exe

C:\Windows\System\xUibvub.exe

C:\Windows\System\YYJGUFe.exe

C:\Windows\System\YYJGUFe.exe

C:\Windows\System\jANhbXc.exe

C:\Windows\System\jANhbXc.exe

C:\Windows\System\AuAOfkq.exe

C:\Windows\System\AuAOfkq.exe

C:\Windows\System\VwUzmny.exe

C:\Windows\System\VwUzmny.exe

C:\Windows\System\BvTNKWW.exe

C:\Windows\System\BvTNKWW.exe

C:\Windows\System\nfrJSSc.exe

C:\Windows\System\nfrJSSc.exe

C:\Windows\System\MceZUkn.exe

C:\Windows\System\MceZUkn.exe

C:\Windows\System\adepphw.exe

C:\Windows\System\adepphw.exe

C:\Windows\System\FJfxMyy.exe

C:\Windows\System\FJfxMyy.exe

C:\Windows\System\wHfCQNP.exe

C:\Windows\System\wHfCQNP.exe

C:\Windows\System\qvwejNx.exe

C:\Windows\System\qvwejNx.exe

C:\Windows\System\sAdiXoV.exe

C:\Windows\System\sAdiXoV.exe

C:\Windows\System\inSdScV.exe

C:\Windows\System\inSdScV.exe

C:\Windows\System\wIuwvBr.exe

C:\Windows\System\wIuwvBr.exe

C:\Windows\System\bDOpmqw.exe

C:\Windows\System\bDOpmqw.exe

C:\Windows\System\WXXYSWg.exe

C:\Windows\System\WXXYSWg.exe

C:\Windows\System\cRKohYZ.exe

C:\Windows\System\cRKohYZ.exe

C:\Windows\System\FysmCcV.exe

C:\Windows\System\FysmCcV.exe

C:\Windows\System\hEwXnQU.exe

C:\Windows\System\hEwXnQU.exe

C:\Windows\System\sZEJsCW.exe

C:\Windows\System\sZEJsCW.exe

C:\Windows\System\nLzpRcO.exe

C:\Windows\System\nLzpRcO.exe

C:\Windows\System\GOzTpMj.exe

C:\Windows\System\GOzTpMj.exe

C:\Windows\System\zZdrSHD.exe

C:\Windows\System\zZdrSHD.exe

C:\Windows\System\VeGWGbc.exe

C:\Windows\System\VeGWGbc.exe

C:\Windows\System\vpYkNXw.exe

C:\Windows\System\vpYkNXw.exe

C:\Windows\System\PKVCzYo.exe

C:\Windows\System\PKVCzYo.exe

C:\Windows\System\COmPzZX.exe

C:\Windows\System\COmPzZX.exe

C:\Windows\System\nPhQjOD.exe

C:\Windows\System\nPhQjOD.exe

C:\Windows\System\CsErNhJ.exe

C:\Windows\System\CsErNhJ.exe

C:\Windows\System\zvluVfd.exe

C:\Windows\System\zvluVfd.exe

C:\Windows\System\GyJoHuy.exe

C:\Windows\System\GyJoHuy.exe

C:\Windows\System\TyIBWEw.exe

C:\Windows\System\TyIBWEw.exe

C:\Windows\System\leQxnkS.exe

C:\Windows\System\leQxnkS.exe

C:\Windows\System\cAKSLDM.exe

C:\Windows\System\cAKSLDM.exe

C:\Windows\System\bNnFFxM.exe

C:\Windows\System\bNnFFxM.exe

C:\Windows\System\WKlsiNJ.exe

C:\Windows\System\WKlsiNJ.exe

C:\Windows\System\mZjOQSC.exe

C:\Windows\System\mZjOQSC.exe

C:\Windows\System\VdzCMvk.exe

C:\Windows\System\VdzCMvk.exe

C:\Windows\System\OPTpYmT.exe

C:\Windows\System\OPTpYmT.exe

C:\Windows\System\JsIUBwF.exe

C:\Windows\System\JsIUBwF.exe

C:\Windows\System\VwBIJoP.exe

C:\Windows\System\VwBIJoP.exe

C:\Windows\System\XAciaYB.exe

C:\Windows\System\XAciaYB.exe

C:\Windows\System\fodSWJO.exe

C:\Windows\System\fodSWJO.exe

C:\Windows\System\QsuNeJm.exe

C:\Windows\System\QsuNeJm.exe

C:\Windows\System\dDJVppt.exe

C:\Windows\System\dDJVppt.exe

C:\Windows\System\LjooAcc.exe

C:\Windows\System\LjooAcc.exe

C:\Windows\System\XJTOmZS.exe

C:\Windows\System\XJTOmZS.exe

C:\Windows\System\sTtNBEr.exe

C:\Windows\System\sTtNBEr.exe

C:\Windows\System\tFzFxpu.exe

C:\Windows\System\tFzFxpu.exe

C:\Windows\System\nWiubxI.exe

C:\Windows\System\nWiubxI.exe

C:\Windows\System\KUBJfmK.exe

C:\Windows\System\KUBJfmK.exe

C:\Windows\System\qOZkHaD.exe

C:\Windows\System\qOZkHaD.exe

C:\Windows\System\qSRcJMj.exe

C:\Windows\System\qSRcJMj.exe

C:\Windows\System\hfkZLzv.exe

C:\Windows\System\hfkZLzv.exe

C:\Windows\System\ROwsCLR.exe

C:\Windows\System\ROwsCLR.exe

C:\Windows\System\RCoYPqs.exe

C:\Windows\System\RCoYPqs.exe

C:\Windows\System\EZETgRy.exe

C:\Windows\System\EZETgRy.exe

C:\Windows\System\rnzqjuK.exe

C:\Windows\System\rnzqjuK.exe

C:\Windows\System\jjAUQQw.exe

C:\Windows\System\jjAUQQw.exe

C:\Windows\System\cXRiHuB.exe

C:\Windows\System\cXRiHuB.exe

C:\Windows\System\aNXuemQ.exe

C:\Windows\System\aNXuemQ.exe

C:\Windows\System\iNgUVnh.exe

C:\Windows\System\iNgUVnh.exe

C:\Windows\System\vVYawlx.exe

C:\Windows\System\vVYawlx.exe

C:\Windows\System\nPcAMuL.exe

C:\Windows\System\nPcAMuL.exe

C:\Windows\System\QauLhbV.exe

C:\Windows\System\QauLhbV.exe

C:\Windows\System\cKhZPCr.exe

C:\Windows\System\cKhZPCr.exe

C:\Windows\System\UCkamwY.exe

C:\Windows\System\UCkamwY.exe

C:\Windows\System\JBBgyOe.exe

C:\Windows\System\JBBgyOe.exe

C:\Windows\System\MuNIYmM.exe

C:\Windows\System\MuNIYmM.exe

C:\Windows\System\mpgaAbt.exe

C:\Windows\System\mpgaAbt.exe

C:\Windows\System\KJhfaeD.exe

C:\Windows\System\KJhfaeD.exe

C:\Windows\System\UBizLiQ.exe

C:\Windows\System\UBizLiQ.exe

C:\Windows\System\JqkSBeY.exe

C:\Windows\System\JqkSBeY.exe

C:\Windows\System\iPBwlyT.exe

C:\Windows\System\iPBwlyT.exe

C:\Windows\System\BQcbchZ.exe

C:\Windows\System\BQcbchZ.exe

C:\Windows\System\BwAFekh.exe

C:\Windows\System\BwAFekh.exe

C:\Windows\System\DiHDFQE.exe

C:\Windows\System\DiHDFQE.exe

C:\Windows\System\CjWwVTZ.exe

C:\Windows\System\CjWwVTZ.exe

C:\Windows\System\gJUEXIs.exe

C:\Windows\System\gJUEXIs.exe

C:\Windows\System\tHuNEFc.exe

C:\Windows\System\tHuNEFc.exe

C:\Windows\System\XwhGyfP.exe

C:\Windows\System\XwhGyfP.exe

C:\Windows\System\xITJKaw.exe

C:\Windows\System\xITJKaw.exe

C:\Windows\System\wGmbIwU.exe

C:\Windows\System\wGmbIwU.exe

C:\Windows\System\YeyMGDI.exe

C:\Windows\System\YeyMGDI.exe

C:\Windows\System\NtjNmuv.exe

C:\Windows\System\NtjNmuv.exe

C:\Windows\System\puSQXCv.exe

C:\Windows\System\puSQXCv.exe

C:\Windows\System\aFxaFif.exe

C:\Windows\System\aFxaFif.exe

C:\Windows\System\vCdPMmP.exe

C:\Windows\System\vCdPMmP.exe

C:\Windows\System\jUBPYlS.exe

C:\Windows\System\jUBPYlS.exe

C:\Windows\System\NXnHyst.exe

C:\Windows\System\NXnHyst.exe

C:\Windows\System\ptOHhNE.exe

C:\Windows\System\ptOHhNE.exe

C:\Windows\System\wNElrHf.exe

C:\Windows\System\wNElrHf.exe

C:\Windows\System\HEXEBnE.exe

C:\Windows\System\HEXEBnE.exe

C:\Windows\System\SNlTvef.exe

C:\Windows\System\SNlTvef.exe

C:\Windows\System\StOgwMu.exe

C:\Windows\System\StOgwMu.exe

C:\Windows\System\ZFRclNj.exe

C:\Windows\System\ZFRclNj.exe

C:\Windows\System\FCcdaZm.exe

C:\Windows\System\FCcdaZm.exe

C:\Windows\System\OUOmGix.exe

C:\Windows\System\OUOmGix.exe

C:\Windows\System\tnvEDoj.exe

C:\Windows\System\tnvEDoj.exe

C:\Windows\System\WJufwum.exe

C:\Windows\System\WJufwum.exe

C:\Windows\System\VcDWurk.exe

C:\Windows\System\VcDWurk.exe

C:\Windows\System\pVnZrjs.exe

C:\Windows\System\pVnZrjs.exe

C:\Windows\System\kfACKxV.exe

C:\Windows\System\kfACKxV.exe

C:\Windows\System\ZvBSOgT.exe

C:\Windows\System\ZvBSOgT.exe

C:\Windows\System\IJHNiFr.exe

C:\Windows\System\IJHNiFr.exe

C:\Windows\System\khkAwap.exe

C:\Windows\System\khkAwap.exe

C:\Windows\System\VOAMdPC.exe

C:\Windows\System\VOAMdPC.exe

C:\Windows\System\QnecsCx.exe

C:\Windows\System\QnecsCx.exe

C:\Windows\System\vJSTPUG.exe

C:\Windows\System\vJSTPUG.exe

C:\Windows\System\RauAdfo.exe

C:\Windows\System\RauAdfo.exe

C:\Windows\System\twgHlVz.exe

C:\Windows\System\twgHlVz.exe

C:\Windows\System\qjlPoJe.exe

C:\Windows\System\qjlPoJe.exe

C:\Windows\System\dyeJbqx.exe

C:\Windows\System\dyeJbqx.exe

C:\Windows\System\lrRYevs.exe

C:\Windows\System\lrRYevs.exe

C:\Windows\System\CkDhjmT.exe

C:\Windows\System\CkDhjmT.exe

C:\Windows\System\XNykOOZ.exe

C:\Windows\System\XNykOOZ.exe

C:\Windows\System\spUtnjv.exe

C:\Windows\System\spUtnjv.exe

C:\Windows\System\VUHMDfX.exe

C:\Windows\System\VUHMDfX.exe

C:\Windows\System\TZIrwTg.exe

C:\Windows\System\TZIrwTg.exe

C:\Windows\System\lOkgRUN.exe

C:\Windows\System\lOkgRUN.exe

C:\Windows\System\rzyKGni.exe

C:\Windows\System\rzyKGni.exe

C:\Windows\System\xZcwTwh.exe

C:\Windows\System\xZcwTwh.exe

C:\Windows\System\jiLZbCo.exe

C:\Windows\System\jiLZbCo.exe

C:\Windows\System\YpxnOAA.exe

C:\Windows\System\YpxnOAA.exe

C:\Windows\System\QokitAF.exe

C:\Windows\System\QokitAF.exe

C:\Windows\System\IexNDgO.exe

C:\Windows\System\IexNDgO.exe

C:\Windows\System\MOgwPiJ.exe

C:\Windows\System\MOgwPiJ.exe

C:\Windows\System\QKbsfoR.exe

C:\Windows\System\QKbsfoR.exe

C:\Windows\System\RzRBJzZ.exe

C:\Windows\System\RzRBJzZ.exe

C:\Windows\System\EVxYRQF.exe

C:\Windows\System\EVxYRQF.exe

C:\Windows\System\MKRsqfF.exe

C:\Windows\System\MKRsqfF.exe

C:\Windows\System\easMuqw.exe

C:\Windows\System\easMuqw.exe

C:\Windows\System\DqThnRR.exe

C:\Windows\System\DqThnRR.exe

C:\Windows\System\ftjHSWO.exe

C:\Windows\System\ftjHSWO.exe

C:\Windows\System\ahgQwZw.exe

C:\Windows\System\ahgQwZw.exe

C:\Windows\System\efzcLdW.exe

C:\Windows\System\efzcLdW.exe

C:\Windows\System\vxwoCES.exe

C:\Windows\System\vxwoCES.exe

C:\Windows\System\fHzgABi.exe

C:\Windows\System\fHzgABi.exe

C:\Windows\System\jyRtnVp.exe

C:\Windows\System\jyRtnVp.exe

C:\Windows\System\UzZFoKi.exe

C:\Windows\System\UzZFoKi.exe

C:\Windows\System\PLUAZqC.exe

C:\Windows\System\PLUAZqC.exe

C:\Windows\System\riwkijj.exe

C:\Windows\System\riwkijj.exe

C:\Windows\System\qxozcHd.exe

C:\Windows\System\qxozcHd.exe

C:\Windows\System\LIUQtsv.exe

C:\Windows\System\LIUQtsv.exe

C:\Windows\System\oLnIivG.exe

C:\Windows\System\oLnIivG.exe

C:\Windows\System\FDHSYft.exe

C:\Windows\System\FDHSYft.exe

C:\Windows\System\VIEirQn.exe

C:\Windows\System\VIEirQn.exe

C:\Windows\System\Dzeeoiy.exe

C:\Windows\System\Dzeeoiy.exe

C:\Windows\System\fBHMNzz.exe

C:\Windows\System\fBHMNzz.exe

C:\Windows\System\tkIBgpf.exe

C:\Windows\System\tkIBgpf.exe

C:\Windows\System\fEikcnA.exe

C:\Windows\System\fEikcnA.exe

C:\Windows\System\RAdGpgK.exe

C:\Windows\System\RAdGpgK.exe

C:\Windows\System\prQmizw.exe

C:\Windows\System\prQmizw.exe

C:\Windows\System\DlmCCIw.exe

C:\Windows\System\DlmCCIw.exe

C:\Windows\System\IAvRiRw.exe

C:\Windows\System\IAvRiRw.exe

C:\Windows\System\EnQeCuo.exe

C:\Windows\System\EnQeCuo.exe

C:\Windows\System\bdszCJO.exe

C:\Windows\System\bdszCJO.exe

C:\Windows\System\LPjINTG.exe

C:\Windows\System\LPjINTG.exe

C:\Windows\System\EARrwjq.exe

C:\Windows\System\EARrwjq.exe

C:\Windows\System\KpKYcBs.exe

C:\Windows\System\KpKYcBs.exe

C:\Windows\System\DczFUji.exe

C:\Windows\System\DczFUji.exe

C:\Windows\System\QSnDbYw.exe

C:\Windows\System\QSnDbYw.exe

C:\Windows\System\HyYCKHy.exe

C:\Windows\System\HyYCKHy.exe

C:\Windows\System\MrFJWhT.exe

C:\Windows\System\MrFJWhT.exe

C:\Windows\System\LtEheYQ.exe

C:\Windows\System\LtEheYQ.exe

C:\Windows\System\jvmUvoy.exe

C:\Windows\System\jvmUvoy.exe

C:\Windows\System\vLIcckY.exe

C:\Windows\System\vLIcckY.exe

C:\Windows\System\lPKRRHD.exe

C:\Windows\System\lPKRRHD.exe

C:\Windows\System\dAIvzXs.exe

C:\Windows\System\dAIvzXs.exe

C:\Windows\System\dCNhYTK.exe

C:\Windows\System\dCNhYTK.exe

C:\Windows\System\bkzrIIF.exe

C:\Windows\System\bkzrIIF.exe

C:\Windows\System\tWdwSQg.exe

C:\Windows\System\tWdwSQg.exe

C:\Windows\System\xEICfSF.exe

C:\Windows\System\xEICfSF.exe

C:\Windows\System\UjNAOXJ.exe

C:\Windows\System\UjNAOXJ.exe

C:\Windows\System\MWUlvvA.exe

C:\Windows\System\MWUlvvA.exe

C:\Windows\System\EFGbiRI.exe

C:\Windows\System\EFGbiRI.exe

C:\Windows\System\XvEZNxw.exe

C:\Windows\System\XvEZNxw.exe

C:\Windows\System\LJUcTgv.exe

C:\Windows\System\LJUcTgv.exe

C:\Windows\System\qeFCMGz.exe

C:\Windows\System\qeFCMGz.exe

C:\Windows\System\zzmlifM.exe

C:\Windows\System\zzmlifM.exe

C:\Windows\System\FRSpbKu.exe

C:\Windows\System\FRSpbKu.exe

C:\Windows\System\WEtHCNI.exe

C:\Windows\System\WEtHCNI.exe

C:\Windows\System\GYnmHYD.exe

C:\Windows\System\GYnmHYD.exe

C:\Windows\System\QqlOkGp.exe

C:\Windows\System\QqlOkGp.exe

C:\Windows\System\AhKQUCn.exe

C:\Windows\System\AhKQUCn.exe

C:\Windows\System\TwthTpQ.exe

C:\Windows\System\TwthTpQ.exe

C:\Windows\System\CqKMwnA.exe

C:\Windows\System\CqKMwnA.exe

C:\Windows\System\ianwdkg.exe

C:\Windows\System\ianwdkg.exe

C:\Windows\System\iXUgEtw.exe

C:\Windows\System\iXUgEtw.exe

C:\Windows\System\HbpSZZH.exe

C:\Windows\System\HbpSZZH.exe

C:\Windows\System\PaDJtMu.exe

C:\Windows\System\PaDJtMu.exe

C:\Windows\System\BfGyYuO.exe

C:\Windows\System\BfGyYuO.exe

C:\Windows\System\IfTAFbW.exe

C:\Windows\System\IfTAFbW.exe

C:\Windows\System\cNycgWa.exe

C:\Windows\System\cNycgWa.exe

C:\Windows\System\gsiIZZp.exe

C:\Windows\System\gsiIZZp.exe

C:\Windows\System\gmvlhbB.exe

C:\Windows\System\gmvlhbB.exe

C:\Windows\System\xbysfbN.exe

C:\Windows\System\xbysfbN.exe

C:\Windows\System\KdthnyQ.exe

C:\Windows\System\KdthnyQ.exe

C:\Windows\System\cIVypmp.exe

C:\Windows\System\cIVypmp.exe

C:\Windows\System\glRTxII.exe

C:\Windows\System\glRTxII.exe

C:\Windows\System\qYayzyZ.exe

C:\Windows\System\qYayzyZ.exe

C:\Windows\System\XmzhEET.exe

C:\Windows\System\XmzhEET.exe

C:\Windows\System\tJeykYa.exe

C:\Windows\System\tJeykYa.exe

C:\Windows\System\sZdZZNg.exe

C:\Windows\System\sZdZZNg.exe

C:\Windows\System\iYemPon.exe

C:\Windows\System\iYemPon.exe

C:\Windows\System\NzpEvoH.exe

C:\Windows\System\NzpEvoH.exe

C:\Windows\System\LFPjEcD.exe

C:\Windows\System\LFPjEcD.exe

C:\Windows\System\lSQxrRV.exe

C:\Windows\System\lSQxrRV.exe

C:\Windows\System\iRsKmAe.exe

C:\Windows\System\iRsKmAe.exe

C:\Windows\System\dATlAwm.exe

C:\Windows\System\dATlAwm.exe

C:\Windows\System\LgOLzjw.exe

C:\Windows\System\LgOLzjw.exe

C:\Windows\System\LOBthdV.exe

C:\Windows\System\LOBthdV.exe

C:\Windows\System\QBhJtHl.exe

C:\Windows\System\QBhJtHl.exe

C:\Windows\System\XiZvhCw.exe

C:\Windows\System\XiZvhCw.exe

C:\Windows\System\RyLLapS.exe

C:\Windows\System\RyLLapS.exe

C:\Windows\System\bveQvOP.exe

C:\Windows\System\bveQvOP.exe

C:\Windows\System\dYGlTfv.exe

C:\Windows\System\dYGlTfv.exe

C:\Windows\System\QBlcnyS.exe

C:\Windows\System\QBlcnyS.exe

C:\Windows\System\PYYNkHH.exe

C:\Windows\System\PYYNkHH.exe

C:\Windows\System\ZQQjUOy.exe

C:\Windows\System\ZQQjUOy.exe

C:\Windows\System\qqxYEmP.exe

C:\Windows\System\qqxYEmP.exe

C:\Windows\System\VPDezNl.exe

C:\Windows\System\VPDezNl.exe

C:\Windows\System\oNOXIYL.exe

C:\Windows\System\oNOXIYL.exe

C:\Windows\System\zjDvCUw.exe

C:\Windows\System\zjDvCUw.exe

C:\Windows\System\DCtBGaT.exe

C:\Windows\System\DCtBGaT.exe

C:\Windows\System\CEUjpKe.exe

C:\Windows\System\CEUjpKe.exe

C:\Windows\System\AqCFjZL.exe

C:\Windows\System\AqCFjZL.exe

C:\Windows\System\jZWEXhR.exe

C:\Windows\System\jZWEXhR.exe

C:\Windows\System\tLuJDoX.exe

C:\Windows\System\tLuJDoX.exe

C:\Windows\System\HkToyrM.exe

C:\Windows\System\HkToyrM.exe

C:\Windows\System\fxWmBlg.exe

C:\Windows\System\fxWmBlg.exe

C:\Windows\System\cJIbetF.exe

C:\Windows\System\cJIbetF.exe

C:\Windows\System\vqrVLqV.exe

C:\Windows\System\vqrVLqV.exe

C:\Windows\System\FhLghEb.exe

C:\Windows\System\FhLghEb.exe

C:\Windows\System\NUulaRy.exe

C:\Windows\System\NUulaRy.exe

C:\Windows\System\tzaobnQ.exe

C:\Windows\System\tzaobnQ.exe

C:\Windows\System\icmoUID.exe

C:\Windows\System\icmoUID.exe

C:\Windows\System\BIsIrNL.exe

C:\Windows\System\BIsIrNL.exe

C:\Windows\System\lnymleq.exe

C:\Windows\System\lnymleq.exe

C:\Windows\System\GDItEQp.exe

C:\Windows\System\GDItEQp.exe

C:\Windows\System\CqshnQg.exe

C:\Windows\System\CqshnQg.exe

C:\Windows\System\sExmeAl.exe

C:\Windows\System\sExmeAl.exe

C:\Windows\System\BAgOcpy.exe

C:\Windows\System\BAgOcpy.exe

C:\Windows\System\bsMyVFz.exe

C:\Windows\System\bsMyVFz.exe

C:\Windows\System\aaqDPfU.exe

C:\Windows\System\aaqDPfU.exe

C:\Windows\System\VrVLRoV.exe

C:\Windows\System\VrVLRoV.exe

C:\Windows\System\TVNIFGb.exe

C:\Windows\System\TVNIFGb.exe

C:\Windows\System\IraXhLr.exe

C:\Windows\System\IraXhLr.exe

C:\Windows\System\jLBPFul.exe

C:\Windows\System\jLBPFul.exe

C:\Windows\System\MoXfmRl.exe

C:\Windows\System\MoXfmRl.exe

C:\Windows\System\gfOVjTl.exe

C:\Windows\System\gfOVjTl.exe

C:\Windows\System\KHAZnoA.exe

C:\Windows\System\KHAZnoA.exe

C:\Windows\System\XvqEySi.exe

C:\Windows\System\XvqEySi.exe

C:\Windows\System\RzzDfMs.exe

C:\Windows\System\RzzDfMs.exe

C:\Windows\System\zVADKzP.exe

C:\Windows\System\zVADKzP.exe

C:\Windows\System\WFWVuPZ.exe

C:\Windows\System\WFWVuPZ.exe

C:\Windows\System\oSQKtFn.exe

C:\Windows\System\oSQKtFn.exe

C:\Windows\System\vPQDNPJ.exe

C:\Windows\System\vPQDNPJ.exe

C:\Windows\System\jrQngKf.exe

C:\Windows\System\jrQngKf.exe

C:\Windows\System\BooGIeA.exe

C:\Windows\System\BooGIeA.exe

C:\Windows\System\zVyyeND.exe

C:\Windows\System\zVyyeND.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2908-2-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2908-0-0x0000000000200000-0x0000000000210000-memory.dmp

C:\Windows\system\nVaIDfD.exe

MD5 f8f82e30bcf991d1378e61cf8c4e668a
SHA1 63a2a2f270ad7280459cc3be7ed9de58a5b94757
SHA256 3af6a7b86143b3093779a24a7fc9e59aa6d6b693c656335dd89f355c17483867
SHA512 d24b8702a20e16460163ae7aa16b26c775c87ac61a2b185f14be826866492031cdd866e02f67a8eb614e13a0fa7a04f8f02359201ab82356548b19a39b28868b

C:\Windows\system\KvKCxKn.exe

MD5 e5ec69339953380fbfdb35d3c111db47
SHA1 ad8d8ac5edbc61420169585b96ffc0e5eae26d01
SHA256 5c86e12aac7fb0b606fe88c349a89c42eecdf72d5b3110749758317fd64a5510
SHA512 4e79c478e8dbd0c7dd27e99b4e23e673f4cd0078bc6a7ea6a8e09fe7afd37299fec72e4000deec67ee9617c0cf80944b925ca301961495b3a8cc4634bf3df85e

memory/2480-14-0x000000013FA20000-0x000000013FD74000-memory.dmp

memory/2908-13-0x000000013FA20000-0x000000013FD74000-memory.dmp

C:\Windows\system\fsghKTu.exe

MD5 d2614301c9d0b0ca547cd42983867bc2
SHA1 e9d2176854db973eed7d7991866585eb60d7e398
SHA256 6a2a3519504bfe446a70ac1f39e03b71c85bd2f7b0f8bbe6817fb35473114981
SHA512 3efc647ff724939d0f44a22142601d0e201146203e5e77cf7f998d201b760f4ac5334f07059b1fb1cbe2493c44c80e5055b53f4a552aa87ddf7da8f2600f1c3d

memory/2628-22-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2908-21-0x000000013F350000-0x000000013F6A4000-memory.dmp

C:\Windows\system\MhdHtRe.exe

MD5 3681e831c986e0fcd24707f5bbfc020c
SHA1 bcedf9c3d13d3bada178f678c08e64b4ab3f30fe
SHA256 0052da876a3b3a2508d8313df8bb9ddcc5121660a86c35af0175d336d5544ada
SHA512 98ca2f7822bc0c5c5ffba67c2d5210e51020e97cd37023c6d4de997ac332bc63fbf703ba30fd8f83ead180bd2716085eaedab1276376f3855e1cdc80c9294308

memory/2908-34-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2516-29-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2412-50-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2908-73-0x000000013F940000-0x000000013FC94000-memory.dmp

\Windows\system\HkZnREK.exe

MD5 24df183a5fbbe935536c73b002903e07
SHA1 85b73f7269e7ed823091f8043f3c0590c536b4bb
SHA256 fbb84ed24bd90210ab150840a4050d88683eee650325fd264d4d8dbfbda431a6
SHA512 892e7711472d98630fd92d0c837351b78506be6e02f0b87fdb8a8502acd68576dd2178ef5e834622f325ce94b79eb3773811edfea1cbde265322f49c38f78c36

C:\Windows\system\cwNyBNN.exe

MD5 5b3d9eea1db26d1e63f925c7358beddf
SHA1 f217789ba6a0e329604be79ae3cbde8564fb7ea3
SHA256 94bcd00a22ad4444365c577a495b1c0e76920ff8d1803d6bf8edb32abadb6467
SHA512 cc8728830fc5aa0658a8c584f95838e5015579c75c67c3914039b802c2e741cb148e7556b520a1c94f53aafbc6d147c323317a7659dec07d78b06abeddb01d93

C:\Windows\system\nUBSUvj.exe

MD5 35171b410fec201ed2a919d415ef08ba
SHA1 19107e8bf96a1db66935f213eccfdc7908041326
SHA256 6ac1b0941e86ff55a9d95499eebc752ef49d68fd0f5b3d8b684732fe7acaf396
SHA512 2aea7d1526d3f93a6a344fa4a5c14bf28342231060c0686615ec4f4c14c5815beb2c09473e007a9e807361fa4ee615e81e2864753ed6cf9516c28f17801b8266

memory/2696-98-0x000000013F490000-0x000000013F7E4000-memory.dmp

C:\Windows\system\cSbmiej.exe

MD5 3ea384a2f0b66a1fc1c9e1914326d349
SHA1 530c9c498969d36bca2a565a50890723b41c6373
SHA256 fc6d2dd4abcc1eb8a5ad339e6c502b3fac1c530ee5ab6020fcf55b018e32e7a1
SHA512 2373147c5c4f3aab3a59347ffacf34af73ebcd6ca9d714cd1a658a83586e270c4fed54f7f21f5cb34c11e728e423ba9f06c1d9158e78f8231b7e8f0348566ec3

C:\Windows\system\kxSePvL.exe

MD5 168c25b63df14262f183c2f68a58ae47
SHA1 1a7d4ff6c3702e0f8e911e1b50236ea3a5ac6aad
SHA256 009f84bef303fa2e1e5672ba1a11364aac709ff9ceb38ed6ce5492a9b8c96108
SHA512 b008781acf92d72c6a4cd2400ff1a960d104890e271bfd751be804c0b0b9b68437e485a4272586c6d377f2a8f4770ca8b8f11b406050463b8c0eaafeed9b7519

memory/2908-1068-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2312-1069-0x000000013F900000-0x000000013FC54000-memory.dmp

C:\Windows\system\tspdemo.exe

MD5 c2339d818756173d1c772a38fb51c024
SHA1 add9f894f5cff585c800d19a11eaba1e1755b674
SHA256 dbfeaef2ef288054ce2e0b2e8605ead887d8c06182f80463a0656857e2b6b38f
SHA512 1565511557c12d93026abd6f30bf1aea5d801f4a8364140c564027320e8c19e707feea8cb22bec967183f308755e76ccdfe71c36c0ca9cf4d667303d2b4b296b

C:\Windows\system\DSjdCcA.exe

MD5 857b1786a7825f5b3966517d58cbf8aa
SHA1 b12f913956a54282f08bc9018f10074bee7cbc8a
SHA256 276a85821cd01ea4a217d0c51528b3cef3e0fa6b8d570e783bd0cee63dd1023a
SHA512 4b1caa5f90fba5bf4e12d190c73d0e61eb8495526ebbfb0a1c74aa38d27d5492f9ceafb0b2b9eadceff9414fe4713f8193ca99b44c415dbb58628c9af0dd79eb

C:\Windows\system\FFsFWEf.exe

MD5 6f9779c9ef6721eb09772b7c213e9e0d
SHA1 0a83c59e9e39ea9ed3cc22dd377a203e24941b78
SHA256 2e41698d80a7b0479ef11f2e68584e38711304970d3b43466366eeee44cf6d3f
SHA512 c2e7326b8535597c7f12eea887655a734ed7d2530b55f922e31422c368905383d47eeb243e9da919b29a717e0f20541006100bd321d55fad51594273c422cf5f

C:\Windows\system\iOcAQKt.exe

MD5 20082f2f14fcb9d75ba959fdcebbc504
SHA1 604d1ab38a933653d03b6fce5a43eae8fd723627
SHA256 a23941cbb62139df2e06c28994ad81cf9b5d2b6e6f59fc9cc741f367e5cfc658
SHA512 416b5b6cbae53567407383089ae6d2506fb4661a9ed51b81c47ea723f3b9cdd03a2fa12cde3c91c391e6e911c9d3d2ff8dec118adf94d017fd83061452ef7d38

C:\Windows\system\vAOLEBj.exe

MD5 a62cb7b49456712f10fb17076194acde
SHA1 353fbe2822aa96986f5b5b5060ff634977dd2490
SHA256 fd100e718678d09efddfe43f0a188512d02c3b3b38ce92b63794c832a60a28c3
SHA512 94eeffccc4f9c37de975f1e0f689169fa6e3e52dbbda1c09605370f3b1c23f94d46b4c498721cfbc3c37183257fcb82279facc132689225f31ab549fb1611661

\Windows\system\RKrfLfq.exe

MD5 52fc91e2c5574b16cfe4117b655b7757
SHA1 4177dd1aa4e90279d6f47e053090d6fbb9d883e7
SHA256 27494b2724a2821b7c1ff7ef3788d30fefa506270de8a8a6af9ebb764d841ef3
SHA512 83d2921a5eca487493f946dfc36d254c8fa7a7712e89ef067b8a6878efb44eca8b89d224e87d92ac600ee39ce8310a748e5e4e8b20762e7db2d58fa3e2099c2e

C:\Windows\system\CCmdufs.exe

MD5 39faf6c60b62ddf13754fdcb09b6c972
SHA1 1bb254b68e64d73fc818b08c4ea068d789fa4d02
SHA256 7fb8b04289babcbb27e3653d173cef6fa52c90e2f2a5a09dad7b88b3bde1025d
SHA512 262c7cc0541d830288f78d401e458f44d9958e1713ac7c8348dfd52aa4208b4632e76c121b4d0a5c05ab4426caaefd5a2302734db2f761814d414b0763f2fb97

C:\Windows\system\WCfQNrL.exe

MD5 215b6ff91711b6aea4d212eef9a5a3d0
SHA1 950ab45c1ec8aa10e046e5d4e667d34d3e97a740
SHA256 1a67020d5ac55b00c988bc335b5379612297e7f1405b09c055f5d237b8d9266e
SHA512 dc83a5bef8a9ed8a4b045b8f8d19dbf482b886e27f9f9a31a61c5240e22d482339a0c8a54ee4360ccc0ef53eb6b8f7154415a7aa87de9177142585241c1999fa

C:\Windows\system\hGCRSYI.exe

MD5 8d9eabd8cfa6c6af66d11faf1f4a6b4b
SHA1 b8e0cec259db133b695368777f1538e926ae7c81
SHA256 9992e1165dacac9a751ac15fcb3aff7d4dc7075e7439bec2cf47b16610664f69
SHA512 71d5f81306af8fec54de561fc62570a0e7474aa64aa155403bd7ee3755fc444200be6b19bb27e10b18e020bba4ac6d814f5c994f0f738e6ab974a46be2ec1ed8

C:\Windows\system\GoABDhD.exe

MD5 133fb498ed65af2b7f4ae2f9f8c1c8f4
SHA1 b911984ed6d54abb516775d4d2d133004e5666c5
SHA256 6487e0b80eac35b0cf08e9754bd0eac8ffbc333c941fc0314bf89a6b6d0d5337
SHA512 fb86c4bfa6a64ebd9cef9ebfec31f990cba097dbcc6a71ee3d539d337206f8a009a8051094f0d2b2cc809ede7cf57b4c0a42c6e5548bfcfdbad1e3afbbcd4121

C:\Windows\system\FbJXhil.exe

MD5 a4ef2356dd75d5615a31deb1f74259ac
SHA1 533c5fb743dd3fe18b4f783b2c04693d43967f1f
SHA256 fe0d20747b822429bf097cc511090b043ce11ef5f5d2cd6af8f85dfca01b67c9
SHA512 1fd681f58cca63d4bc80187c9acd0903a872632e81c922dfa714b9d856a898c8da99a859fcf4f1f28bc4a38691d55cd02522354e105f50cb5792078d49ab76f7

C:\Windows\system\XDUJrWv.exe

MD5 c397fe856801fd8cc73832a4a61e29bc
SHA1 86eb4cda8d81c721f54fbe9b4f0dae876e5bfdd3
SHA256 fc8d45ad45ad31a9b48af402741b5d5e71a8a97cec191c316e3ae99cf9de1676
SHA512 3231c617cfc93200df9b623193a6a33f75d307dcc9e6a742ce9da678a49e0403d5498bf72658daa64cbbf1af88ad87ae6771d141a96e00ca5cd290d70c707954

C:\Windows\system\YlalXlI.exe

MD5 6b3ebe4d73199a90c6b5776260381eeb
SHA1 0c606fa4e61ee30d196052d5ee6c36d27b144b1a
SHA256 0ebd6a9a3ba7dadbbfee0e397d8e72f18b159b0865290ea585bfe69102ef7e12
SHA512 3399fccbdb32c83a6c48ddf25773d69a9a0015eea8e5c5a115b719df148f11fdc3ac4eb57e7fad38de7f1d92c3e4451b460c5c9a901d4c88b39400d0fa5a7c5a

C:\Windows\system\spbKJxk.exe

MD5 090973f11fcec5df09e7f8393808429a
SHA1 fbee6e52d7c456c06cb7a0022e2fb0b534a95c43
SHA256 dd8aa4e8696e40fe31182e5cd7e2a25273ba3d9acb0fa8f2d4fda1c871cccb77
SHA512 8923454654d42189499a4aee72dde46ed6a64a10d78edcf1c416dd5e89536e50af78e53de75cfa8e523d0efebe4ed6a0ebb5000b0ff5f9496a19b978334d517d

\Windows\system\zIutEKP.exe

MD5 50831ec6e6ab2ab6d6c478a840b7927f
SHA1 6dfdba4d2a8c45044c9069f4f92a15ebdb03f9e6
SHA256 0997dda2acffd09576646a84c1f8fab77a7780e7199fccd6f603b755a60f8ea1
SHA512 fd2ee1c34555bfb8f8897cce84baa94d30b8ce517dba0b9227222205fef263516e39eb6a859f8d7f6ea2134e5bd3184e491527ecea8c961dd244f5540fdb141f

memory/2492-89-0x000000013F1B0000-0x000000013F504000-memory.dmp

\Windows\system\bYlUdrG.exe

MD5 6b55ddb1d9e0a9472e26b351b5cbca4e
SHA1 05df4dfa9a784d1179457d040c18476342b1fb64
SHA256 142ed340b8601ea10bf75372a08067aef125a45f37688466959a095829e18d03
SHA512 6a89afb67625cda788f3afb98150d7c87ae47d75a1a8406ac3647f736d5c8354bb7ee6419fbb56152be35f4e1ee42a5a7363937911b3fe54df734e1a4c2adf06

memory/2908-109-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2908-108-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2908-107-0x000000013F510000-0x000000013F864000-memory.dmp

memory/1716-105-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2516-104-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2908-93-0x000000013F490000-0x000000013F7E4000-memory.dmp

C:\Windows\system\NBGcwPo.exe

MD5 d6d32c349be45cb15bb1533b0f431431
SHA1 655dfcc92098c464d0840d7248ae2797fb8665dd
SHA256 8281e7fa0f7a7d94a348dc37852fea576a557b32b211ec65f7c46078a80d6665
SHA512 0437ea3f5e5f3cf2570c7de20354a289bf2a4a98bfb4f3ad148f893e27524b411bc52f567a057df03031651752bdd6f5cc0a983001a950385c10c9f822f03da7

memory/1736-74-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2908-71-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2908-70-0x000000013F900000-0x000000013FC54000-memory.dmp

C:\Windows\system\gjUMHHf.exe

MD5 50d9f13d4c929a0019c93c2db69f7028
SHA1 ebe13f3209f89a9008bd0a119fa068770e6e38bc
SHA256 eddb9de23255d6fdd528f51ea6f896c5e4ac182f1b0d8d91865df0c082fb7013
SHA512 93f5be10a07e659d517048143b97b0da282dc3cbf99d1d2d9283dc02398917082ac901f4fb797bd2de6d6d1b7c3edf24bfd8630c35def95cb595725f053201c0

memory/2284-55-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2452-68-0x000000013F1C0000-0x000000013F514000-memory.dmp

C:\Windows\system\bcBbijJ.exe

MD5 9d24dd82c6cf2908a1b837b347e52627
SHA1 ea8aa8026e6b46ddd8e8c2577e3dabc115ed30a2
SHA256 603325c2bd7e3d4846483f13d37754fc88b1fb774d332b801938cb41866842bc
SHA512 bfd24655acb3215b9f66abe17083b76530ac00c588d4370dec3dad795a924200961ff275a314fd80e36d069067de365f70d43189a592aac9a5d6e1ce3974abf9

memory/2312-54-0x000000013F900000-0x000000013FC54000-memory.dmp

C:\Windows\system\XyCNooS.exe

MD5 97a787401ced94e56432dfba41254d4f
SHA1 d0b9e2d0c9387a14adf04c486c63bd7e93fdec96
SHA256 ef51f19c9af3771b14d23c3539e4bf47fc054917223ca34a15cc0dd5f720b3d7
SHA512 004012d7ea1558f930f8a66d668dbf389e05d482060775c646dfdbbf006e417c5a77e3160f993a39131e812e855cc6bc23b00e0ebb64282f81d8253bf6b741be

C:\Windows\system\JZxQUVc.exe

MD5 3a54ddd08f4d42eaea25d739d6327f8f
SHA1 f12e23d6468ade89d08c6a4e36720d3622ed6b09
SHA256 d3f4402ac03c473464ce18d8bf9518ea4bb9501c29e77e4848f2c82298b3adc2
SHA512 df3b4b5d7359f54b0e2c6e64065bd2572e0294f600828e28b754fa7a15aa6f8d62d1ee139ae5563fc21309822ae05d78d4cdc9a5bf7a61ce9e426864f08c96ff

memory/2908-48-0x0000000002020000-0x0000000002374000-memory.dmp

C:\Windows\system\fCFoijY.exe

MD5 5705902646b24ac41a92cf712bb327e3
SHA1 b2b031b64148029d588ffd4cf7cb7a963d4427b8
SHA256 dceb1e4401a75648ae41023fc42047496cb96767a149cb178defba40cc4eb1a0
SHA512 b12b71accdb7366397b021005aa126c9f646d3a63c019d0c4eeb1c06d3a587c85579c29605302e7c27eafbe51b6d99a80566829e511c9a2ba8ba86593b275a85

memory/2908-1070-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2908-46-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/1716-37-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2908-27-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

C:\Windows\system\NJuYSRe.exe

MD5 e8ae549fd284bf2f23546fb9a2c03d05
SHA1 257107e557a4f89cad03dcaf0f3925fc4b7ff2a3
SHA256 b213a2be0c57e018765879920a3bc522973b20e104db88ea7e8438012daf1006
SHA512 19fc4547338a7d5939460fe07c33d0d5a7a4c49d78cb3578d84791de3cb7a5e79445fd8aa2b92ba0af32d8879a776198f49cd587383c7c69c6fadf3026c394b9

memory/2496-15-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2492-1072-0x000000013F1B0000-0x000000013F504000-memory.dmp

memory/2884-1071-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/2908-1073-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2908-1075-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2908-1074-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2480-1076-0x000000013FA20000-0x000000013FD74000-memory.dmp

memory/2496-1077-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2628-1078-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2516-1079-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/1716-1080-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2412-1081-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2312-1084-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/2452-1083-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2284-1082-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/1736-1085-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2884-1086-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/2696-1087-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2492-1088-0x000000013F1B0000-0x000000013F504000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 18:04

Reported

2024-06-08 18:07

Platform

win10v2004-20240426-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nVaIDfD.exe N/A
N/A N/A C:\Windows\System\KvKCxKn.exe N/A
N/A N/A C:\Windows\System\fsghKTu.exe N/A
N/A N/A C:\Windows\System\MhdHtRe.exe N/A
N/A N/A C:\Windows\System\NJuYSRe.exe N/A
N/A N/A C:\Windows\System\JZxQUVc.exe N/A
N/A N/A C:\Windows\System\fCFoijY.exe N/A
N/A N/A C:\Windows\System\XyCNooS.exe N/A
N/A N/A C:\Windows\System\bcBbijJ.exe N/A
N/A N/A C:\Windows\System\HkZnREK.exe N/A
N/A N/A C:\Windows\System\gjUMHHf.exe N/A
N/A N/A C:\Windows\System\cwNyBNN.exe N/A
N/A N/A C:\Windows\System\NBGcwPo.exe N/A
N/A N/A C:\Windows\System\bYlUdrG.exe N/A
N/A N/A C:\Windows\System\spbKJxk.exe N/A
N/A N/A C:\Windows\System\zIutEKP.exe N/A
N/A N/A C:\Windows\System\nUBSUvj.exe N/A
N/A N/A C:\Windows\System\YlalXlI.exe N/A
N/A N/A C:\Windows\System\XDUJrWv.exe N/A
N/A N/A C:\Windows\System\FbJXhil.exe N/A
N/A N/A C:\Windows\System\cSbmiej.exe N/A
N/A N/A C:\Windows\System\hGCRSYI.exe N/A
N/A N/A C:\Windows\System\GoABDhD.exe N/A
N/A N/A C:\Windows\System\WCfQNrL.exe N/A
N/A N/A C:\Windows\System\kxSePvL.exe N/A
N/A N/A C:\Windows\System\RKrfLfq.exe N/A
N/A N/A C:\Windows\System\CCmdufs.exe N/A
N/A N/A C:\Windows\System\vAOLEBj.exe N/A
N/A N/A C:\Windows\System\iOcAQKt.exe N/A
N/A N/A C:\Windows\System\FFsFWEf.exe N/A
N/A N/A C:\Windows\System\DSjdCcA.exe N/A
N/A N/A C:\Windows\System\tspdemo.exe N/A
N/A N/A C:\Windows\System\yyrNAcX.exe N/A
N/A N/A C:\Windows\System\RgnNCce.exe N/A
N/A N/A C:\Windows\System\IgLdlEO.exe N/A
N/A N/A C:\Windows\System\XmkWMMF.exe N/A
N/A N/A C:\Windows\System\qzgIvLj.exe N/A
N/A N/A C:\Windows\System\XJlHLUP.exe N/A
N/A N/A C:\Windows\System\PBdIych.exe N/A
N/A N/A C:\Windows\System\AbMJaHD.exe N/A
N/A N/A C:\Windows\System\kQdKbkg.exe N/A
N/A N/A C:\Windows\System\yJMNeNB.exe N/A
N/A N/A C:\Windows\System\MYIHKhx.exe N/A
N/A N/A C:\Windows\System\FcNtvRU.exe N/A
N/A N/A C:\Windows\System\WCJSdJj.exe N/A
N/A N/A C:\Windows\System\vXqImid.exe N/A
N/A N/A C:\Windows\System\TdVFLZi.exe N/A
N/A N/A C:\Windows\System\twlxTDC.exe N/A
N/A N/A C:\Windows\System\DDjdeNQ.exe N/A
N/A N/A C:\Windows\System\wHPKeLe.exe N/A
N/A N/A C:\Windows\System\GtAoslT.exe N/A
N/A N/A C:\Windows\System\OjfTyUe.exe N/A
N/A N/A C:\Windows\System\kVYQxwh.exe N/A
N/A N/A C:\Windows\System\zlEdTXD.exe N/A
N/A N/A C:\Windows\System\pepmyco.exe N/A
N/A N/A C:\Windows\System\gMBSLmG.exe N/A
N/A N/A C:\Windows\System\CtdUlUz.exe N/A
N/A N/A C:\Windows\System\pHHeyzM.exe N/A
N/A N/A C:\Windows\System\siyhuVO.exe N/A
N/A N/A C:\Windows\System\hpIOwJj.exe N/A
N/A N/A C:\Windows\System\owkYWrr.exe N/A
N/A N/A C:\Windows\System\paOzekG.exe N/A
N/A N/A C:\Windows\System\XDXVFRW.exe N/A
N/A N/A C:\Windows\System\xUibvub.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\XDXVFRW.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfkZLzv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSQxrRV.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjDvCUw.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVxYRQF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAOLEBj.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwUzmny.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROwsCLR.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXRiHuB.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JqkSBeY.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwhGyfP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spUtnjv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLIcckY.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLuJDoX.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDUJrWv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJlHLUP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\inSdScV.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRKohYZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VdzCMvk.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNXuemQ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YeyMGDI.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUibvub.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDJVppt.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKhZPCr.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tHuNEFc.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QBhJtHl.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYYNkHH.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmkWMMF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLzpRcO.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsIUBwF.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzzDfMs.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yyrNAcX.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDOpmqw.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYnmHYD.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNnFFxM.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjWwVTZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\puSQXCv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWdwSQg.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBGcwPo.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\siyhuVO.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYemPon.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fsghKTu.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCfQNrL.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYIHKhx.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCdPMmP.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIEirQn.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPjINTG.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqrVLqV.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GoABDhD.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWiubxI.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQcbchZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYGlTfv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVNIFGb.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcBbijJ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKVCzYo.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNgUVnh.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVYawlx.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNykOOZ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UzZFoKi.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDItEQp.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCFoijY.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsErNhJ.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtjNmuv.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IexNDgO.exe C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1776 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nVaIDfD.exe
PID 1776 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nVaIDfD.exe
PID 1776 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\KvKCxKn.exe
PID 1776 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\KvKCxKn.exe
PID 1776 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fsghKTu.exe
PID 1776 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fsghKTu.exe
PID 1776 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\MhdHtRe.exe
PID 1776 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\MhdHtRe.exe
PID 1776 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NJuYSRe.exe
PID 1776 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NJuYSRe.exe
PID 1776 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\JZxQUVc.exe
PID 1776 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\JZxQUVc.exe
PID 1776 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fCFoijY.exe
PID 1776 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\fCFoijY.exe
PID 1776 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XyCNooS.exe
PID 1776 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XyCNooS.exe
PID 1776 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bcBbijJ.exe
PID 1776 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bcBbijJ.exe
PID 1776 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\HkZnREK.exe
PID 1776 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\HkZnREK.exe
PID 1776 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\gjUMHHf.exe
PID 1776 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\gjUMHHf.exe
PID 1776 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cwNyBNN.exe
PID 1776 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cwNyBNN.exe
PID 1776 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NBGcwPo.exe
PID 1776 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\NBGcwPo.exe
PID 1776 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bYlUdrG.exe
PID 1776 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\bYlUdrG.exe
PID 1776 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\spbKJxk.exe
PID 1776 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\spbKJxk.exe
PID 1776 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\zIutEKP.exe
PID 1776 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\zIutEKP.exe
PID 1776 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nUBSUvj.exe
PID 1776 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\nUBSUvj.exe
PID 1776 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\YlalXlI.exe
PID 1776 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\YlalXlI.exe
PID 1776 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XDUJrWv.exe
PID 1776 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\XDUJrWv.exe
PID 1776 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FbJXhil.exe
PID 1776 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FbJXhil.exe
PID 1776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cSbmiej.exe
PID 1776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\cSbmiej.exe
PID 1776 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\hGCRSYI.exe
PID 1776 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\hGCRSYI.exe
PID 1776 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\GoABDhD.exe
PID 1776 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\GoABDhD.exe
PID 1776 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\WCfQNrL.exe
PID 1776 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\WCfQNrL.exe
PID 1776 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\kxSePvL.exe
PID 1776 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\kxSePvL.exe
PID 1776 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\RKrfLfq.exe
PID 1776 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\RKrfLfq.exe
PID 1776 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\CCmdufs.exe
PID 1776 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\CCmdufs.exe
PID 1776 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\vAOLEBj.exe
PID 1776 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\vAOLEBj.exe
PID 1776 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\iOcAQKt.exe
PID 1776 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\iOcAQKt.exe
PID 1776 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FFsFWEf.exe
PID 1776 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\FFsFWEf.exe
PID 1776 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\DSjdCcA.exe
PID 1776 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\DSjdCcA.exe
PID 1776 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\tspdemo.exe
PID 1776 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe C:\Windows\System\tspdemo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1656e90a81f610d1d97cf4dda83420a0_NeikiAnalytics.exe"

C:\Windows\System\nVaIDfD.exe

C:\Windows\System\nVaIDfD.exe

C:\Windows\System\KvKCxKn.exe

C:\Windows\System\KvKCxKn.exe

C:\Windows\System\fsghKTu.exe

C:\Windows\System\fsghKTu.exe

C:\Windows\System\MhdHtRe.exe

C:\Windows\System\MhdHtRe.exe

C:\Windows\System\NJuYSRe.exe

C:\Windows\System\NJuYSRe.exe

C:\Windows\System\JZxQUVc.exe

C:\Windows\System\JZxQUVc.exe

C:\Windows\System\fCFoijY.exe

C:\Windows\System\fCFoijY.exe

C:\Windows\System\XyCNooS.exe

C:\Windows\System\XyCNooS.exe

C:\Windows\System\bcBbijJ.exe

C:\Windows\System\bcBbijJ.exe

C:\Windows\System\HkZnREK.exe

C:\Windows\System\HkZnREK.exe

C:\Windows\System\gjUMHHf.exe

C:\Windows\System\gjUMHHf.exe

C:\Windows\System\cwNyBNN.exe

C:\Windows\System\cwNyBNN.exe

C:\Windows\System\NBGcwPo.exe

C:\Windows\System\NBGcwPo.exe

C:\Windows\System\bYlUdrG.exe

C:\Windows\System\bYlUdrG.exe

C:\Windows\System\spbKJxk.exe

C:\Windows\System\spbKJxk.exe

C:\Windows\System\zIutEKP.exe

C:\Windows\System\zIutEKP.exe

C:\Windows\System\nUBSUvj.exe

C:\Windows\System\nUBSUvj.exe

C:\Windows\System\YlalXlI.exe

C:\Windows\System\YlalXlI.exe

C:\Windows\System\XDUJrWv.exe

C:\Windows\System\XDUJrWv.exe

C:\Windows\System\FbJXhil.exe

C:\Windows\System\FbJXhil.exe

C:\Windows\System\cSbmiej.exe

C:\Windows\System\cSbmiej.exe

C:\Windows\System\hGCRSYI.exe

C:\Windows\System\hGCRSYI.exe

C:\Windows\System\GoABDhD.exe

C:\Windows\System\GoABDhD.exe

C:\Windows\System\WCfQNrL.exe

C:\Windows\System\WCfQNrL.exe

C:\Windows\System\kxSePvL.exe

C:\Windows\System\kxSePvL.exe

C:\Windows\System\RKrfLfq.exe

C:\Windows\System\RKrfLfq.exe

C:\Windows\System\CCmdufs.exe

C:\Windows\System\CCmdufs.exe

C:\Windows\System\vAOLEBj.exe

C:\Windows\System\vAOLEBj.exe

C:\Windows\System\iOcAQKt.exe

C:\Windows\System\iOcAQKt.exe

C:\Windows\System\FFsFWEf.exe

C:\Windows\System\FFsFWEf.exe

C:\Windows\System\DSjdCcA.exe

C:\Windows\System\DSjdCcA.exe

C:\Windows\System\tspdemo.exe

C:\Windows\System\tspdemo.exe

C:\Windows\System\yyrNAcX.exe

C:\Windows\System\yyrNAcX.exe

C:\Windows\System\RgnNCce.exe

C:\Windows\System\RgnNCce.exe

C:\Windows\System\IgLdlEO.exe

C:\Windows\System\IgLdlEO.exe

C:\Windows\System\XmkWMMF.exe

C:\Windows\System\XmkWMMF.exe

C:\Windows\System\qzgIvLj.exe

C:\Windows\System\qzgIvLj.exe

C:\Windows\System\XJlHLUP.exe

C:\Windows\System\XJlHLUP.exe

C:\Windows\System\PBdIych.exe

C:\Windows\System\PBdIych.exe

C:\Windows\System\AbMJaHD.exe

C:\Windows\System\AbMJaHD.exe

C:\Windows\System\kQdKbkg.exe

C:\Windows\System\kQdKbkg.exe

C:\Windows\System\yJMNeNB.exe

C:\Windows\System\yJMNeNB.exe

C:\Windows\System\MYIHKhx.exe

C:\Windows\System\MYIHKhx.exe

C:\Windows\System\FcNtvRU.exe

C:\Windows\System\FcNtvRU.exe

C:\Windows\System\WCJSdJj.exe

C:\Windows\System\WCJSdJj.exe

C:\Windows\System\vXqImid.exe

C:\Windows\System\vXqImid.exe

C:\Windows\System\TdVFLZi.exe

C:\Windows\System\TdVFLZi.exe

C:\Windows\System\twlxTDC.exe

C:\Windows\System\twlxTDC.exe

C:\Windows\System\DDjdeNQ.exe

C:\Windows\System\DDjdeNQ.exe

C:\Windows\System\wHPKeLe.exe

C:\Windows\System\wHPKeLe.exe

C:\Windows\System\GtAoslT.exe

C:\Windows\System\GtAoslT.exe

C:\Windows\System\OjfTyUe.exe

C:\Windows\System\OjfTyUe.exe

C:\Windows\System\kVYQxwh.exe

C:\Windows\System\kVYQxwh.exe

C:\Windows\System\zlEdTXD.exe

C:\Windows\System\zlEdTXD.exe

C:\Windows\System\pepmyco.exe

C:\Windows\System\pepmyco.exe

C:\Windows\System\gMBSLmG.exe

C:\Windows\System\gMBSLmG.exe

C:\Windows\System\CtdUlUz.exe

C:\Windows\System\CtdUlUz.exe

C:\Windows\System\pHHeyzM.exe

C:\Windows\System\pHHeyzM.exe

C:\Windows\System\siyhuVO.exe

C:\Windows\System\siyhuVO.exe

C:\Windows\System\hpIOwJj.exe

C:\Windows\System\hpIOwJj.exe

C:\Windows\System\owkYWrr.exe

C:\Windows\System\owkYWrr.exe

C:\Windows\System\paOzekG.exe

C:\Windows\System\paOzekG.exe

C:\Windows\System\XDXVFRW.exe

C:\Windows\System\XDXVFRW.exe

C:\Windows\System\xUibvub.exe

C:\Windows\System\xUibvub.exe

C:\Windows\System\YYJGUFe.exe

C:\Windows\System\YYJGUFe.exe

C:\Windows\System\jANhbXc.exe

C:\Windows\System\jANhbXc.exe

C:\Windows\System\AuAOfkq.exe

C:\Windows\System\AuAOfkq.exe

C:\Windows\System\VwUzmny.exe

C:\Windows\System\VwUzmny.exe

C:\Windows\System\BvTNKWW.exe

C:\Windows\System\BvTNKWW.exe

C:\Windows\System\nfrJSSc.exe

C:\Windows\System\nfrJSSc.exe

C:\Windows\System\MceZUkn.exe

C:\Windows\System\MceZUkn.exe

C:\Windows\System\adepphw.exe

C:\Windows\System\adepphw.exe

C:\Windows\System\FJfxMyy.exe

C:\Windows\System\FJfxMyy.exe

C:\Windows\System\wHfCQNP.exe

C:\Windows\System\wHfCQNP.exe

C:\Windows\System\qvwejNx.exe

C:\Windows\System\qvwejNx.exe

C:\Windows\System\sAdiXoV.exe

C:\Windows\System\sAdiXoV.exe

C:\Windows\System\inSdScV.exe

C:\Windows\System\inSdScV.exe

C:\Windows\System\wIuwvBr.exe

C:\Windows\System\wIuwvBr.exe

C:\Windows\System\bDOpmqw.exe

C:\Windows\System\bDOpmqw.exe

C:\Windows\System\WXXYSWg.exe

C:\Windows\System\WXXYSWg.exe

C:\Windows\System\cRKohYZ.exe

C:\Windows\System\cRKohYZ.exe

C:\Windows\System\FysmCcV.exe

C:\Windows\System\FysmCcV.exe

C:\Windows\System\hEwXnQU.exe

C:\Windows\System\hEwXnQU.exe

C:\Windows\System\sZEJsCW.exe

C:\Windows\System\sZEJsCW.exe

C:\Windows\System\nLzpRcO.exe

C:\Windows\System\nLzpRcO.exe

C:\Windows\System\GOzTpMj.exe

C:\Windows\System\GOzTpMj.exe

C:\Windows\System\zZdrSHD.exe

C:\Windows\System\zZdrSHD.exe

C:\Windows\System\VeGWGbc.exe

C:\Windows\System\VeGWGbc.exe

C:\Windows\System\vpYkNXw.exe

C:\Windows\System\vpYkNXw.exe

C:\Windows\System\PKVCzYo.exe

C:\Windows\System\PKVCzYo.exe

C:\Windows\System\COmPzZX.exe

C:\Windows\System\COmPzZX.exe

C:\Windows\System\nPhQjOD.exe

C:\Windows\System\nPhQjOD.exe

C:\Windows\System\CsErNhJ.exe

C:\Windows\System\CsErNhJ.exe

C:\Windows\System\zvluVfd.exe

C:\Windows\System\zvluVfd.exe

C:\Windows\System\GyJoHuy.exe

C:\Windows\System\GyJoHuy.exe

C:\Windows\System\TyIBWEw.exe

C:\Windows\System\TyIBWEw.exe

C:\Windows\System\leQxnkS.exe

C:\Windows\System\leQxnkS.exe

C:\Windows\System\cAKSLDM.exe

C:\Windows\System\cAKSLDM.exe

C:\Windows\System\bNnFFxM.exe

C:\Windows\System\bNnFFxM.exe

C:\Windows\System\WKlsiNJ.exe

C:\Windows\System\WKlsiNJ.exe

C:\Windows\System\mZjOQSC.exe

C:\Windows\System\mZjOQSC.exe

C:\Windows\System\VdzCMvk.exe

C:\Windows\System\VdzCMvk.exe

C:\Windows\System\OPTpYmT.exe

C:\Windows\System\OPTpYmT.exe

C:\Windows\System\JsIUBwF.exe

C:\Windows\System\JsIUBwF.exe

C:\Windows\System\VwBIJoP.exe

C:\Windows\System\VwBIJoP.exe

C:\Windows\System\XAciaYB.exe

C:\Windows\System\XAciaYB.exe

C:\Windows\System\fodSWJO.exe

C:\Windows\System\fodSWJO.exe

C:\Windows\System\QsuNeJm.exe

C:\Windows\System\QsuNeJm.exe

C:\Windows\System\dDJVppt.exe

C:\Windows\System\dDJVppt.exe

C:\Windows\System\LjooAcc.exe

C:\Windows\System\LjooAcc.exe

C:\Windows\System\XJTOmZS.exe

C:\Windows\System\XJTOmZS.exe

C:\Windows\System\sTtNBEr.exe

C:\Windows\System\sTtNBEr.exe

C:\Windows\System\tFzFxpu.exe

C:\Windows\System\tFzFxpu.exe

C:\Windows\System\nWiubxI.exe

C:\Windows\System\nWiubxI.exe

C:\Windows\System\KUBJfmK.exe

C:\Windows\System\KUBJfmK.exe

C:\Windows\System\qOZkHaD.exe

C:\Windows\System\qOZkHaD.exe

C:\Windows\System\qSRcJMj.exe

C:\Windows\System\qSRcJMj.exe

C:\Windows\System\hfkZLzv.exe

C:\Windows\System\hfkZLzv.exe

C:\Windows\System\ROwsCLR.exe

C:\Windows\System\ROwsCLR.exe

C:\Windows\System\RCoYPqs.exe

C:\Windows\System\RCoYPqs.exe

C:\Windows\System\EZETgRy.exe

C:\Windows\System\EZETgRy.exe

C:\Windows\System\rnzqjuK.exe

C:\Windows\System\rnzqjuK.exe

C:\Windows\System\jjAUQQw.exe

C:\Windows\System\jjAUQQw.exe

C:\Windows\System\cXRiHuB.exe

C:\Windows\System\cXRiHuB.exe

C:\Windows\System\aNXuemQ.exe

C:\Windows\System\aNXuemQ.exe

C:\Windows\System\iNgUVnh.exe

C:\Windows\System\iNgUVnh.exe

C:\Windows\System\vVYawlx.exe

C:\Windows\System\vVYawlx.exe

C:\Windows\System\nPcAMuL.exe

C:\Windows\System\nPcAMuL.exe

C:\Windows\System\QauLhbV.exe

C:\Windows\System\QauLhbV.exe

C:\Windows\System\cKhZPCr.exe

C:\Windows\System\cKhZPCr.exe

C:\Windows\System\UCkamwY.exe

C:\Windows\System\UCkamwY.exe

C:\Windows\System\JBBgyOe.exe

C:\Windows\System\JBBgyOe.exe

C:\Windows\System\MuNIYmM.exe

C:\Windows\System\MuNIYmM.exe

C:\Windows\System\mpgaAbt.exe

C:\Windows\System\mpgaAbt.exe

C:\Windows\System\KJhfaeD.exe

C:\Windows\System\KJhfaeD.exe

C:\Windows\System\UBizLiQ.exe

C:\Windows\System\UBizLiQ.exe

C:\Windows\System\JqkSBeY.exe

C:\Windows\System\JqkSBeY.exe

C:\Windows\System\iPBwlyT.exe

C:\Windows\System\iPBwlyT.exe

C:\Windows\System\BQcbchZ.exe

C:\Windows\System\BQcbchZ.exe

C:\Windows\System\BwAFekh.exe

C:\Windows\System\BwAFekh.exe

C:\Windows\System\DiHDFQE.exe

C:\Windows\System\DiHDFQE.exe

C:\Windows\System\CjWwVTZ.exe

C:\Windows\System\CjWwVTZ.exe

C:\Windows\System\gJUEXIs.exe

C:\Windows\System\gJUEXIs.exe

C:\Windows\System\tHuNEFc.exe

C:\Windows\System\tHuNEFc.exe

C:\Windows\System\XwhGyfP.exe

C:\Windows\System\XwhGyfP.exe

C:\Windows\System\xITJKaw.exe

C:\Windows\System\xITJKaw.exe

C:\Windows\System\wGmbIwU.exe

C:\Windows\System\wGmbIwU.exe

C:\Windows\System\YeyMGDI.exe

C:\Windows\System\YeyMGDI.exe

C:\Windows\System\NtjNmuv.exe

C:\Windows\System\NtjNmuv.exe

C:\Windows\System\puSQXCv.exe

C:\Windows\System\puSQXCv.exe

C:\Windows\System\aFxaFif.exe

C:\Windows\System\aFxaFif.exe

C:\Windows\System\vCdPMmP.exe

C:\Windows\System\vCdPMmP.exe

C:\Windows\System\jUBPYlS.exe

C:\Windows\System\jUBPYlS.exe

C:\Windows\System\NXnHyst.exe

C:\Windows\System\NXnHyst.exe

C:\Windows\System\ptOHhNE.exe

C:\Windows\System\ptOHhNE.exe

C:\Windows\System\wNElrHf.exe

C:\Windows\System\wNElrHf.exe

C:\Windows\System\HEXEBnE.exe

C:\Windows\System\HEXEBnE.exe

C:\Windows\System\SNlTvef.exe

C:\Windows\System\SNlTvef.exe

C:\Windows\System\StOgwMu.exe

C:\Windows\System\StOgwMu.exe

C:\Windows\System\ZFRclNj.exe

C:\Windows\System\ZFRclNj.exe

C:\Windows\System\FCcdaZm.exe

C:\Windows\System\FCcdaZm.exe

C:\Windows\System\OUOmGix.exe

C:\Windows\System\OUOmGix.exe

C:\Windows\System\tnvEDoj.exe

C:\Windows\System\tnvEDoj.exe

C:\Windows\System\WJufwum.exe

C:\Windows\System\WJufwum.exe

C:\Windows\System\VcDWurk.exe

C:\Windows\System\VcDWurk.exe

C:\Windows\System\pVnZrjs.exe

C:\Windows\System\pVnZrjs.exe

C:\Windows\System\kfACKxV.exe

C:\Windows\System\kfACKxV.exe

C:\Windows\System\ZvBSOgT.exe

C:\Windows\System\ZvBSOgT.exe

C:\Windows\System\IJHNiFr.exe

C:\Windows\System\IJHNiFr.exe

C:\Windows\System\khkAwap.exe

C:\Windows\System\khkAwap.exe

C:\Windows\System\VOAMdPC.exe

C:\Windows\System\VOAMdPC.exe

C:\Windows\System\QnecsCx.exe

C:\Windows\System\QnecsCx.exe

C:\Windows\System\vJSTPUG.exe

C:\Windows\System\vJSTPUG.exe

C:\Windows\System\RauAdfo.exe

C:\Windows\System\RauAdfo.exe

C:\Windows\System\twgHlVz.exe

C:\Windows\System\twgHlVz.exe

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\System\qjlPoJe.exe

C:\Windows\System\qjlPoJe.exe

C:\Windows\System\dyeJbqx.exe

C:\Windows\System\dyeJbqx.exe

C:\Windows\System\lrRYevs.exe

C:\Windows\System\lrRYevs.exe

C:\Windows\System\CkDhjmT.exe

C:\Windows\System\CkDhjmT.exe

C:\Windows\System\XNykOOZ.exe

C:\Windows\System\XNykOOZ.exe

C:\Windows\System\spUtnjv.exe

C:\Windows\System\spUtnjv.exe

C:\Windows\System\VUHMDfX.exe

C:\Windows\System\VUHMDfX.exe

C:\Windows\System\TZIrwTg.exe

C:\Windows\System\TZIrwTg.exe

C:\Windows\System\lOkgRUN.exe

C:\Windows\System\lOkgRUN.exe

C:\Windows\System\rzyKGni.exe

C:\Windows\System\rzyKGni.exe

C:\Windows\System\xZcwTwh.exe

C:\Windows\System\xZcwTwh.exe

C:\Windows\System\jiLZbCo.exe

C:\Windows\System\jiLZbCo.exe

C:\Windows\System\YpxnOAA.exe

C:\Windows\System\YpxnOAA.exe

C:\Windows\System\QokitAF.exe

C:\Windows\System\QokitAF.exe

C:\Windows\System\IexNDgO.exe

C:\Windows\System\IexNDgO.exe

C:\Windows\System\MOgwPiJ.exe

C:\Windows\System\MOgwPiJ.exe

C:\Windows\System\QKbsfoR.exe

C:\Windows\System\QKbsfoR.exe

C:\Windows\System\RzRBJzZ.exe

C:\Windows\System\RzRBJzZ.exe

C:\Windows\System\EVxYRQF.exe

C:\Windows\System\EVxYRQF.exe

C:\Windows\System\MKRsqfF.exe

C:\Windows\System\MKRsqfF.exe

C:\Windows\System\easMuqw.exe

C:\Windows\System\easMuqw.exe

C:\Windows\System\DqThnRR.exe

C:\Windows\System\DqThnRR.exe

C:\Windows\System\ftjHSWO.exe

C:\Windows\System\ftjHSWO.exe

C:\Windows\System\ahgQwZw.exe

C:\Windows\System\ahgQwZw.exe

C:\Windows\System\efzcLdW.exe

C:\Windows\System\efzcLdW.exe

C:\Windows\System\vxwoCES.exe

C:\Windows\System\vxwoCES.exe

C:\Windows\System\fHzgABi.exe

C:\Windows\System\fHzgABi.exe

C:\Windows\System\jyRtnVp.exe

C:\Windows\System\jyRtnVp.exe

C:\Windows\System\UzZFoKi.exe

C:\Windows\System\UzZFoKi.exe

C:\Windows\System\PLUAZqC.exe

C:\Windows\System\PLUAZqC.exe

C:\Windows\System\riwkijj.exe

C:\Windows\System\riwkijj.exe

C:\Windows\System\qxozcHd.exe

C:\Windows\System\qxozcHd.exe

C:\Windows\System\LIUQtsv.exe

C:\Windows\System\LIUQtsv.exe

C:\Windows\System\oLnIivG.exe

C:\Windows\System\oLnIivG.exe

C:\Windows\System\FDHSYft.exe

C:\Windows\System\FDHSYft.exe

C:\Windows\System\VIEirQn.exe

C:\Windows\System\VIEirQn.exe

C:\Windows\System\Dzeeoiy.exe

C:\Windows\System\Dzeeoiy.exe

C:\Windows\System\fBHMNzz.exe

C:\Windows\System\fBHMNzz.exe

C:\Windows\System\tkIBgpf.exe

C:\Windows\System\tkIBgpf.exe

C:\Windows\System\fEikcnA.exe

C:\Windows\System\fEikcnA.exe

C:\Windows\System\RAdGpgK.exe

C:\Windows\System\RAdGpgK.exe

C:\Windows\System\prQmizw.exe

C:\Windows\System\prQmizw.exe

C:\Windows\System\DlmCCIw.exe

C:\Windows\System\DlmCCIw.exe

C:\Windows\System\IAvRiRw.exe

C:\Windows\System\IAvRiRw.exe

C:\Windows\System\EnQeCuo.exe

C:\Windows\System\EnQeCuo.exe

C:\Windows\System\bdszCJO.exe

C:\Windows\System\bdszCJO.exe

C:\Windows\System\LPjINTG.exe

C:\Windows\System\LPjINTG.exe

C:\Windows\System\EARrwjq.exe

C:\Windows\System\EARrwjq.exe

C:\Windows\System\KpKYcBs.exe

C:\Windows\System\KpKYcBs.exe

C:\Windows\System\DczFUji.exe

C:\Windows\System\DczFUji.exe

C:\Windows\System\QSnDbYw.exe

C:\Windows\System\QSnDbYw.exe

C:\Windows\System\HyYCKHy.exe

C:\Windows\System\HyYCKHy.exe

C:\Windows\System\MrFJWhT.exe

C:\Windows\System\MrFJWhT.exe

C:\Windows\System\LtEheYQ.exe

C:\Windows\System\LtEheYQ.exe

C:\Windows\System\jvmUvoy.exe

C:\Windows\System\jvmUvoy.exe

C:\Windows\System\vLIcckY.exe

C:\Windows\System\vLIcckY.exe

C:\Windows\System\lPKRRHD.exe

C:\Windows\System\lPKRRHD.exe

C:\Windows\System\dAIvzXs.exe

C:\Windows\System\dAIvzXs.exe

C:\Windows\System\dCNhYTK.exe

C:\Windows\System\dCNhYTK.exe

C:\Windows\System\bkzrIIF.exe

C:\Windows\System\bkzrIIF.exe

C:\Windows\System\tWdwSQg.exe

C:\Windows\System\tWdwSQg.exe

C:\Windows\System\xEICfSF.exe

C:\Windows\System\xEICfSF.exe

C:\Windows\System\UjNAOXJ.exe

C:\Windows\System\UjNAOXJ.exe

C:\Windows\System\MWUlvvA.exe

C:\Windows\System\MWUlvvA.exe

C:\Windows\System\EFGbiRI.exe

C:\Windows\System\EFGbiRI.exe

C:\Windows\System\XvEZNxw.exe

C:\Windows\System\XvEZNxw.exe

C:\Windows\System\LJUcTgv.exe

C:\Windows\System\LJUcTgv.exe

C:\Windows\System\qeFCMGz.exe

C:\Windows\System\qeFCMGz.exe

C:\Windows\System\zzmlifM.exe

C:\Windows\System\zzmlifM.exe

C:\Windows\System\FRSpbKu.exe

C:\Windows\System\FRSpbKu.exe

C:\Windows\System\WEtHCNI.exe

C:\Windows\System\WEtHCNI.exe

C:\Windows\System\GYnmHYD.exe

C:\Windows\System\GYnmHYD.exe

C:\Windows\System\QqlOkGp.exe

C:\Windows\System\QqlOkGp.exe

C:\Windows\System\AhKQUCn.exe

C:\Windows\System\AhKQUCn.exe

C:\Windows\System\TwthTpQ.exe

C:\Windows\System\TwthTpQ.exe

C:\Windows\System\CqKMwnA.exe

C:\Windows\System\CqKMwnA.exe

C:\Windows\System\ianwdkg.exe

C:\Windows\System\ianwdkg.exe

C:\Windows\System\iXUgEtw.exe

C:\Windows\System\iXUgEtw.exe

C:\Windows\System\HbpSZZH.exe

C:\Windows\System\HbpSZZH.exe

C:\Windows\System\PaDJtMu.exe

C:\Windows\System\PaDJtMu.exe

C:\Windows\System\BfGyYuO.exe

C:\Windows\System\BfGyYuO.exe

C:\Windows\System\IfTAFbW.exe

C:\Windows\System\IfTAFbW.exe

C:\Windows\System\cNycgWa.exe

C:\Windows\System\cNycgWa.exe

C:\Windows\System\gsiIZZp.exe

C:\Windows\System\gsiIZZp.exe

C:\Windows\System\gmvlhbB.exe

C:\Windows\System\gmvlhbB.exe

C:\Windows\System\xbysfbN.exe

C:\Windows\System\xbysfbN.exe

C:\Windows\System\KdthnyQ.exe

C:\Windows\System\KdthnyQ.exe

C:\Windows\System\cIVypmp.exe

C:\Windows\System\cIVypmp.exe

C:\Windows\System\glRTxII.exe

C:\Windows\System\glRTxII.exe

C:\Windows\System\qYayzyZ.exe

C:\Windows\System\qYayzyZ.exe

C:\Windows\System\XmzhEET.exe

C:\Windows\System\XmzhEET.exe

C:\Windows\System\tJeykYa.exe

C:\Windows\System\tJeykYa.exe

C:\Windows\System\sZdZZNg.exe

C:\Windows\System\sZdZZNg.exe

C:\Windows\System\iYemPon.exe

C:\Windows\System\iYemPon.exe

C:\Windows\System\NzpEvoH.exe

C:\Windows\System\NzpEvoH.exe

C:\Windows\System\LFPjEcD.exe

C:\Windows\System\LFPjEcD.exe

C:\Windows\System\lSQxrRV.exe

C:\Windows\System\lSQxrRV.exe

C:\Windows\System\iRsKmAe.exe

C:\Windows\System\iRsKmAe.exe

C:\Windows\System\dATlAwm.exe

C:\Windows\System\dATlAwm.exe

C:\Windows\System\LgOLzjw.exe

C:\Windows\System\LgOLzjw.exe

C:\Windows\System\LOBthdV.exe

C:\Windows\System\LOBthdV.exe

C:\Windows\System\QBhJtHl.exe

C:\Windows\System\QBhJtHl.exe

C:\Windows\System\XiZvhCw.exe

C:\Windows\System\XiZvhCw.exe

C:\Windows\System\RyLLapS.exe

C:\Windows\System\RyLLapS.exe

C:\Windows\System\bveQvOP.exe

C:\Windows\System\bveQvOP.exe

C:\Windows\System\dYGlTfv.exe

C:\Windows\System\dYGlTfv.exe

C:\Windows\System\QBlcnyS.exe

C:\Windows\System\QBlcnyS.exe

C:\Windows\System\PYYNkHH.exe

C:\Windows\System\PYYNkHH.exe

C:\Windows\System\ZQQjUOy.exe

C:\Windows\System\ZQQjUOy.exe

C:\Windows\System\qqxYEmP.exe

C:\Windows\System\qqxYEmP.exe

C:\Windows\System\VPDezNl.exe

C:\Windows\System\VPDezNl.exe

C:\Windows\System\oNOXIYL.exe

C:\Windows\System\oNOXIYL.exe

C:\Windows\System\zjDvCUw.exe

C:\Windows\System\zjDvCUw.exe

C:\Windows\System\DCtBGaT.exe

C:\Windows\System\DCtBGaT.exe

C:\Windows\System\CEUjpKe.exe

C:\Windows\System\CEUjpKe.exe

C:\Windows\System\AqCFjZL.exe

C:\Windows\System\AqCFjZL.exe

C:\Windows\System\jZWEXhR.exe

C:\Windows\System\jZWEXhR.exe

C:\Windows\System\tLuJDoX.exe

C:\Windows\System\tLuJDoX.exe

C:\Windows\System\HkToyrM.exe

C:\Windows\System\HkToyrM.exe

C:\Windows\System\fxWmBlg.exe

C:\Windows\System\fxWmBlg.exe

C:\Windows\System\cJIbetF.exe

C:\Windows\System\cJIbetF.exe

C:\Windows\System\vqrVLqV.exe

C:\Windows\System\vqrVLqV.exe

C:\Windows\System\FhLghEb.exe

C:\Windows\System\FhLghEb.exe

C:\Windows\System\NUulaRy.exe

C:\Windows\System\NUulaRy.exe

C:\Windows\System\tzaobnQ.exe

C:\Windows\System\tzaobnQ.exe

C:\Windows\System\icmoUID.exe

C:\Windows\System\icmoUID.exe

C:\Windows\System\BIsIrNL.exe

C:\Windows\System\BIsIrNL.exe

C:\Windows\System\lnymleq.exe

C:\Windows\System\lnymleq.exe

C:\Windows\System\GDItEQp.exe

C:\Windows\System\GDItEQp.exe

C:\Windows\System\CqshnQg.exe

C:\Windows\System\CqshnQg.exe

C:\Windows\System\sExmeAl.exe

C:\Windows\System\sExmeAl.exe

C:\Windows\System\BAgOcpy.exe

C:\Windows\System\BAgOcpy.exe

C:\Windows\System\bsMyVFz.exe

C:\Windows\System\bsMyVFz.exe

C:\Windows\System\aaqDPfU.exe

C:\Windows\System\aaqDPfU.exe

C:\Windows\System\VrVLRoV.exe

C:\Windows\System\VrVLRoV.exe

C:\Windows\System\TVNIFGb.exe

C:\Windows\System\TVNIFGb.exe

C:\Windows\System\IraXhLr.exe

C:\Windows\System\IraXhLr.exe

C:\Windows\System\jLBPFul.exe

C:\Windows\System\jLBPFul.exe

C:\Windows\System\MoXfmRl.exe

C:\Windows\System\MoXfmRl.exe

C:\Windows\System\gfOVjTl.exe

C:\Windows\System\gfOVjTl.exe

C:\Windows\System\KHAZnoA.exe

C:\Windows\System\KHAZnoA.exe

C:\Windows\System\XvqEySi.exe

C:\Windows\System\XvqEySi.exe

C:\Windows\System\RzzDfMs.exe

C:\Windows\System\RzzDfMs.exe

C:\Windows\System\zVADKzP.exe

C:\Windows\System\zVADKzP.exe

C:\Windows\System\WFWVuPZ.exe

C:\Windows\System\WFWVuPZ.exe

C:\Windows\System\oSQKtFn.exe

C:\Windows\System\oSQKtFn.exe

C:\Windows\System\vPQDNPJ.exe

C:\Windows\System\vPQDNPJ.exe

C:\Windows\System\jrQngKf.exe

C:\Windows\System\jrQngKf.exe

C:\Windows\System\BooGIeA.exe

C:\Windows\System\BooGIeA.exe

C:\Windows\System\zVyyeND.exe

C:\Windows\System\zVyyeND.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1776-0-0x00007FF7341C0000-0x00007FF734514000-memory.dmp

memory/1776-1-0x000001BC27520000-0x000001BC27530000-memory.dmp

C:\Windows\System\fsghKTu.exe

MD5 d2614301c9d0b0ca547cd42983867bc2
SHA1 e9d2176854db973eed7d7991866585eb60d7e398
SHA256 6a2a3519504bfe446a70ac1f39e03b71c85bd2f7b0f8bbe6817fb35473114981
SHA512 3efc647ff724939d0f44a22142601d0e201146203e5e77cf7f998d201b760f4ac5334f07059b1fb1cbe2493c44c80e5055b53f4a552aa87ddf7da8f2600f1c3d

C:\Windows\System\KvKCxKn.exe

MD5 e5ec69339953380fbfdb35d3c111db47
SHA1 ad8d8ac5edbc61420169585b96ffc0e5eae26d01
SHA256 5c86e12aac7fb0b606fe88c349a89c42eecdf72d5b3110749758317fd64a5510
SHA512 4e79c478e8dbd0c7dd27e99b4e23e673f4cd0078bc6a7ea6a8e09fe7afd37299fec72e4000deec67ee9617c0cf80944b925ca301961495b3a8cc4634bf3df85e

memory/2400-14-0x00007FF77ED70000-0x00007FF77F0C4000-memory.dmp

memory/3648-8-0x00007FF6D04A0000-0x00007FF6D07F4000-memory.dmp

C:\Windows\System\nVaIDfD.exe

MD5 f8f82e30bcf991d1378e61cf8c4e668a
SHA1 63a2a2f270ad7280459cc3be7ed9de58a5b94757
SHA256 3af6a7b86143b3093779a24a7fc9e59aa6d6b693c656335dd89f355c17483867
SHA512 d24b8702a20e16460163ae7aa16b26c775c87ac61a2b185f14be826866492031cdd866e02f67a8eb614e13a0fa7a04f8f02359201ab82356548b19a39b28868b

C:\Windows\System\MhdHtRe.exe

MD5 3681e831c986e0fcd24707f5bbfc020c
SHA1 bcedf9c3d13d3bada178f678c08e64b4ab3f30fe
SHA256 0052da876a3b3a2508d8313df8bb9ddcc5121660a86c35af0175d336d5544ada
SHA512 98ca2f7822bc0c5c5ffba67c2d5210e51020e97cd37023c6d4de997ac332bc63fbf703ba30fd8f83ead180bd2716085eaedab1276376f3855e1cdc80c9294308

C:\Windows\System\NJuYSRe.exe

MD5 e8ae549fd284bf2f23546fb9a2c03d05
SHA1 257107e557a4f89cad03dcaf0f3925fc4b7ff2a3
SHA256 b213a2be0c57e018765879920a3bc522973b20e104db88ea7e8438012daf1006
SHA512 19fc4547338a7d5939460fe07c33d0d5a7a4c49d78cb3578d84791de3cb7a5e79445fd8aa2b92ba0af32d8879a776198f49cd587383c7c69c6fadf3026c394b9

memory/1508-33-0x00007FF6E2D40000-0x00007FF6E3094000-memory.dmp

C:\Windows\System\fCFoijY.exe

MD5 5705902646b24ac41a92cf712bb327e3
SHA1 b2b031b64148029d588ffd4cf7cb7a963d4427b8
SHA256 dceb1e4401a75648ae41023fc42047496cb96767a149cb178defba40cc4eb1a0
SHA512 b12b71accdb7366397b021005aa126c9f646d3a63c019d0c4eeb1c06d3a587c85579c29605302e7c27eafbe51b6d99a80566829e511c9a2ba8ba86593b275a85

C:\Windows\System\XyCNooS.exe

MD5 97a787401ced94e56432dfba41254d4f
SHA1 d0b9e2d0c9387a14adf04c486c63bd7e93fdec96
SHA256 ef51f19c9af3771b14d23c3539e4bf47fc054917223ca34a15cc0dd5f720b3d7
SHA512 004012d7ea1558f930f8a66d668dbf389e05d482060775c646dfdbbf006e417c5a77e3160f993a39131e812e855cc6bc23b00e0ebb64282f81d8253bf6b741be

C:\Windows\System\bcBbijJ.exe

MD5 9d24dd82c6cf2908a1b837b347e52627
SHA1 ea8aa8026e6b46ddd8e8c2577e3dabc115ed30a2
SHA256 603325c2bd7e3d4846483f13d37754fc88b1fb774d332b801938cb41866842bc
SHA512 bfd24655acb3215b9f66abe17083b76530ac00c588d4370dec3dad795a924200961ff275a314fd80e36d069067de365f70d43189a592aac9a5d6e1ce3974abf9

C:\Windows\System\HkZnREK.exe

MD5 24df183a5fbbe935536c73b002903e07
SHA1 85b73f7269e7ed823091f8043f3c0590c536b4bb
SHA256 fbb84ed24bd90210ab150840a4050d88683eee650325fd264d4d8dbfbda431a6
SHA512 892e7711472d98630fd92d0c837351b78506be6e02f0b87fdb8a8502acd68576dd2178ef5e834622f325ce94b79eb3773811edfea1cbde265322f49c38f78c36

C:\Windows\System\cwNyBNN.exe

MD5 5b3d9eea1db26d1e63f925c7358beddf
SHA1 f217789ba6a0e329604be79ae3cbde8564fb7ea3
SHA256 94bcd00a22ad4444365c577a495b1c0e76920ff8d1803d6bf8edb32abadb6467
SHA512 cc8728830fc5aa0658a8c584f95838e5015579c75c67c3914039b802c2e741cb148e7556b520a1c94f53aafbc6d147c323317a7659dec07d78b06abeddb01d93

C:\Windows\System\NBGcwPo.exe

MD5 d6d32c349be45cb15bb1533b0f431431
SHA1 655dfcc92098c464d0840d7248ae2797fb8665dd
SHA256 8281e7fa0f7a7d94a348dc37852fea576a557b32b211ec65f7c46078a80d6665
SHA512 0437ea3f5e5f3cf2570c7de20354a289bf2a4a98bfb4f3ad148f893e27524b411bc52f567a057df03031651752bdd6f5cc0a983001a950385c10c9f822f03da7

C:\Windows\System\bYlUdrG.exe

MD5 6b55ddb1d9e0a9472e26b351b5cbca4e
SHA1 05df4dfa9a784d1179457d040c18476342b1fb64
SHA256 142ed340b8601ea10bf75372a08067aef125a45f37688466959a095829e18d03
SHA512 6a89afb67625cda788f3afb98150d7c87ae47d75a1a8406ac3647f736d5c8354bb7ee6419fbb56152be35f4e1ee42a5a7363937911b3fe54df734e1a4c2adf06

C:\Windows\System\GoABDhD.exe

MD5 133fb498ed65af2b7f4ae2f9f8c1c8f4
SHA1 b911984ed6d54abb516775d4d2d133004e5666c5
SHA256 6487e0b80eac35b0cf08e9754bd0eac8ffbc333c941fc0314bf89a6b6d0d5337
SHA512 fb86c4bfa6a64ebd9cef9ebfec31f990cba097dbcc6a71ee3d539d337206f8a009a8051094f0d2b2cc809ede7cf57b4c0a42c6e5548bfcfdbad1e3afbbcd4121

C:\Windows\System\RKrfLfq.exe

MD5 52fc91e2c5574b16cfe4117b655b7757
SHA1 4177dd1aa4e90279d6f47e053090d6fbb9d883e7
SHA256 27494b2724a2821b7c1ff7ef3788d30fefa506270de8a8a6af9ebb764d841ef3
SHA512 83d2921a5eca487493f946dfc36d254c8fa7a7712e89ef067b8a6878efb44eca8b89d224e87d92ac600ee39ce8310a748e5e4e8b20762e7db2d58fa3e2099c2e

C:\Windows\System\DSjdCcA.exe

MD5 857b1786a7825f5b3966517d58cbf8aa
SHA1 b12f913956a54282f08bc9018f10074bee7cbc8a
SHA256 276a85821cd01ea4a217d0c51528b3cef3e0fa6b8d570e783bd0cee63dd1023a
SHA512 4b1caa5f90fba5bf4e12d190c73d0e61eb8495526ebbfb0a1c74aa38d27d5492f9ceafb0b2b9eadceff9414fe4713f8193ca99b44c415dbb58628c9af0dd79eb

memory/4220-430-0x00007FF790A60000-0x00007FF790DB4000-memory.dmp

memory/4716-429-0x00007FF6D31E0000-0x00007FF6D3534000-memory.dmp

memory/4696-426-0x00007FF6BC0B0000-0x00007FF6BC404000-memory.dmp

memory/3900-433-0x00007FF64F2F0000-0x00007FF64F644000-memory.dmp

memory/1236-435-0x00007FF6E16D0000-0x00007FF6E1A24000-memory.dmp

memory/2868-453-0x00007FF7C2920000-0x00007FF7C2C74000-memory.dmp

memory/736-479-0x00007FF75E7B0000-0x00007FF75EB04000-memory.dmp

memory/4804-507-0x00007FF6EE0B0000-0x00007FF6EE404000-memory.dmp

memory/1352-522-0x00007FF694700000-0x00007FF694A54000-memory.dmp

memory/2788-518-0x00007FF7F9390000-0x00007FF7F96E4000-memory.dmp

memory/1792-517-0x00007FF7048C0000-0x00007FF704C14000-memory.dmp

memory/3672-513-0x00007FF710900000-0x00007FF710C54000-memory.dmp

memory/1452-512-0x00007FF6049C0000-0x00007FF604D14000-memory.dmp

memory/4372-503-0x00007FF710C10000-0x00007FF710F64000-memory.dmp

memory/1700-493-0x00007FF743310000-0x00007FF743664000-memory.dmp

memory/1560-484-0x00007FF6F29E0000-0x00007FF6F2D34000-memory.dmp

memory/3676-467-0x00007FF7A22F0000-0x00007FF7A2644000-memory.dmp

memory/4244-469-0x00007FF7BD020000-0x00007FF7BD374000-memory.dmp

memory/3472-461-0x00007FF7C0200000-0x00007FF7C0554000-memory.dmp

memory/2864-445-0x00007FF6586E0000-0x00007FF658A34000-memory.dmp

memory/3348-434-0x00007FF6D3AC0000-0x00007FF6D3E14000-memory.dmp

C:\Windows\System\yyrNAcX.exe

MD5 7e4c0b1ecf246b7544a6f928af9626a8
SHA1 b778adfbe762f12d9dcfa132aca588f51d3eeef8
SHA256 ed067fc60e6c7319ece931e94826b1b0606fc641e886e4bc15792c6f2021e90c
SHA512 696c39aaa4ee56d9ba905f665c18c9f1ee6f3c2de9dcb8454b4c5bf0effbeb27664da88d92cd04a9ee0db423a5cd6700444c481d5b88f047bd922a7ea1024959

C:\Windows\System\tspdemo.exe

MD5 c2339d818756173d1c772a38fb51c024
SHA1 add9f894f5cff585c800d19a11eaba1e1755b674
SHA256 dbfeaef2ef288054ce2e0b2e8605ead887d8c06182f80463a0656857e2b6b38f
SHA512 1565511557c12d93026abd6f30bf1aea5d801f4a8364140c564027320e8c19e707feea8cb22bec967183f308755e76ccdfe71c36c0ca9cf4d667303d2b4b296b

C:\Windows\System\FFsFWEf.exe

MD5 6f9779c9ef6721eb09772b7c213e9e0d
SHA1 0a83c59e9e39ea9ed3cc22dd377a203e24941b78
SHA256 2e41698d80a7b0479ef11f2e68584e38711304970d3b43466366eeee44cf6d3f
SHA512 c2e7326b8535597c7f12eea887655a734ed7d2530b55f922e31422c368905383d47eeb243e9da919b29a717e0f20541006100bd321d55fad51594273c422cf5f

C:\Windows\System\iOcAQKt.exe

MD5 20082f2f14fcb9d75ba959fdcebbc504
SHA1 604d1ab38a933653d03b6fce5a43eae8fd723627
SHA256 a23941cbb62139df2e06c28994ad81cf9b5d2b6e6f59fc9cc741f367e5cfc658
SHA512 416b5b6cbae53567407383089ae6d2506fb4661a9ed51b81c47ea723f3b9cdd03a2fa12cde3c91c391e6e911c9d3d2ff8dec118adf94d017fd83061452ef7d38

C:\Windows\System\vAOLEBj.exe

MD5 a62cb7b49456712f10fb17076194acde
SHA1 353fbe2822aa96986f5b5b5060ff634977dd2490
SHA256 fd100e718678d09efddfe43f0a188512d02c3b3b38ce92b63794c832a60a28c3
SHA512 94eeffccc4f9c37de975f1e0f689169fa6e3e52dbbda1c09605370f3b1c23f94d46b4c498721cfbc3c37183257fcb82279facc132689225f31ab549fb1611661

C:\Windows\System\CCmdufs.exe

MD5 39faf6c60b62ddf13754fdcb09b6c972
SHA1 1bb254b68e64d73fc818b08c4ea068d789fa4d02
SHA256 7fb8b04289babcbb27e3653d173cef6fa52c90e2f2a5a09dad7b88b3bde1025d
SHA512 262c7cc0541d830288f78d401e458f44d9958e1713ac7c8348dfd52aa4208b4632e76c121b4d0a5c05ab4426caaefd5a2302734db2f761814d414b0763f2fb97

C:\Windows\System\kxSePvL.exe

MD5 168c25b63df14262f183c2f68a58ae47
SHA1 1a7d4ff6c3702e0f8e911e1b50236ea3a5ac6aad
SHA256 009f84bef303fa2e1e5672ba1a11364aac709ff9ceb38ed6ce5492a9b8c96108
SHA512 b008781acf92d72c6a4cd2400ff1a960d104890e271bfd751be804c0b0b9b68437e485a4272586c6d377f2a8f4770ca8b8f11b406050463b8c0eaafeed9b7519

C:\Windows\System\WCfQNrL.exe

MD5 215b6ff91711b6aea4d212eef9a5a3d0
SHA1 950ab45c1ec8aa10e046e5d4e667d34d3e97a740
SHA256 1a67020d5ac55b00c988bc335b5379612297e7f1405b09c055f5d237b8d9266e
SHA512 dc83a5bef8a9ed8a4b045b8f8d19dbf482b886e27f9f9a31a61c5240e22d482339a0c8a54ee4360ccc0ef53eb6b8f7154415a7aa87de9177142585241c1999fa

C:\Windows\System\hGCRSYI.exe

MD5 8d9eabd8cfa6c6af66d11faf1f4a6b4b
SHA1 b8e0cec259db133b695368777f1538e926ae7c81
SHA256 9992e1165dacac9a751ac15fcb3aff7d4dc7075e7439bec2cf47b16610664f69
SHA512 71d5f81306af8fec54de561fc62570a0e7474aa64aa155403bd7ee3755fc444200be6b19bb27e10b18e020bba4ac6d814f5c994f0f738e6ab974a46be2ec1ed8

C:\Windows\System\cSbmiej.exe

MD5 3ea384a2f0b66a1fc1c9e1914326d349
SHA1 530c9c498969d36bca2a565a50890723b41c6373
SHA256 fc6d2dd4abcc1eb8a5ad339e6c502b3fac1c530ee5ab6020fcf55b018e32e7a1
SHA512 2373147c5c4f3aab3a59347ffacf34af73ebcd6ca9d714cd1a658a83586e270c4fed54f7f21f5cb34c11e728e423ba9f06c1d9158e78f8231b7e8f0348566ec3

C:\Windows\System\FbJXhil.exe

MD5 a4ef2356dd75d5615a31deb1f74259ac
SHA1 533c5fb743dd3fe18b4f783b2c04693d43967f1f
SHA256 fe0d20747b822429bf097cc511090b043ce11ef5f5d2cd6af8f85dfca01b67c9
SHA512 1fd681f58cca63d4bc80187c9acd0903a872632e81c922dfa714b9d856a898c8da99a859fcf4f1f28bc4a38691d55cd02522354e105f50cb5792078d49ab76f7

C:\Windows\System\XDUJrWv.exe

MD5 c397fe856801fd8cc73832a4a61e29bc
SHA1 86eb4cda8d81c721f54fbe9b4f0dae876e5bfdd3
SHA256 fc8d45ad45ad31a9b48af402741b5d5e71a8a97cec191c316e3ae99cf9de1676
SHA512 3231c617cfc93200df9b623193a6a33f75d307dcc9e6a742ce9da678a49e0403d5498bf72658daa64cbbf1af88ad87ae6771d141a96e00ca5cd290d70c707954

C:\Windows\System\YlalXlI.exe

MD5 6b3ebe4d73199a90c6b5776260381eeb
SHA1 0c606fa4e61ee30d196052d5ee6c36d27b144b1a
SHA256 0ebd6a9a3ba7dadbbfee0e397d8e72f18b159b0865290ea585bfe69102ef7e12
SHA512 3399fccbdb32c83a6c48ddf25773d69a9a0015eea8e5c5a115b719df148f11fdc3ac4eb57e7fad38de7f1d92c3e4451b460c5c9a901d4c88b39400d0fa5a7c5a

C:\Windows\System\nUBSUvj.exe

MD5 35171b410fec201ed2a919d415ef08ba
SHA1 19107e8bf96a1db66935f213eccfdc7908041326
SHA256 6ac1b0941e86ff55a9d95499eebc752ef49d68fd0f5b3d8b684732fe7acaf396
SHA512 2aea7d1526d3f93a6a344fa4a5c14bf28342231060c0686615ec4f4c14c5815beb2c09473e007a9e807361fa4ee615e81e2864753ed6cf9516c28f17801b8266

C:\Windows\System\zIutEKP.exe

MD5 50831ec6e6ab2ab6d6c478a840b7927f
SHA1 6dfdba4d2a8c45044c9069f4f92a15ebdb03f9e6
SHA256 0997dda2acffd09576646a84c1f8fab77a7780e7199fccd6f603b755a60f8ea1
SHA512 fd2ee1c34555bfb8f8897cce84baa94d30b8ce517dba0b9227222205fef263516e39eb6a859f8d7f6ea2134e5bd3184e491527ecea8c961dd244f5540fdb141f

C:\Windows\System\spbKJxk.exe

MD5 090973f11fcec5df09e7f8393808429a
SHA1 fbee6e52d7c456c06cb7a0022e2fb0b534a95c43
SHA256 dd8aa4e8696e40fe31182e5cd7e2a25273ba3d9acb0fa8f2d4fda1c871cccb77
SHA512 8923454654d42189499a4aee72dde46ed6a64a10d78edcf1c416dd5e89536e50af78e53de75cfa8e523d0efebe4ed6a0ebb5000b0ff5f9496a19b978334d517d

memory/3396-78-0x00007FF718460000-0x00007FF7187B4000-memory.dmp

memory/2896-72-0x00007FF653CA0000-0x00007FF653FF4000-memory.dmp

memory/1488-68-0x00007FF6FA670000-0x00007FF6FA9C4000-memory.dmp

C:\Windows\System\gjUMHHf.exe

MD5 50d9f13d4c929a0019c93c2db69f7028
SHA1 ebe13f3209f89a9008bd0a119fa068770e6e38bc
SHA256 eddb9de23255d6fdd528f51ea6f896c5e4ac182f1b0d8d91865df0c082fb7013
SHA512 93f5be10a07e659d517048143b97b0da282dc3cbf99d1d2d9283dc02398917082ac901f4fb797bd2de6d6d1b7c3edf24bfd8630c35def95cb595725f053201c0

memory/2472-57-0x00007FF683C90000-0x00007FF683FE4000-memory.dmp

C:\Windows\System\JZxQUVc.exe

MD5 3a54ddd08f4d42eaea25d739d6327f8f
SHA1 f12e23d6468ade89d08c6a4e36720d3622ed6b09
SHA256 d3f4402ac03c473464ce18d8bf9518ea4bb9501c29e77e4848f2c82298b3adc2
SHA512 df3b4b5d7359f54b0e2c6e64065bd2572e0294f600828e28b754fa7a15aa6f8d62d1ee139ae5563fc21309822ae05d78d4cdc9a5bf7a61ce9e426864f08c96ff

memory/4444-20-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp

memory/1776-1070-0x00007FF7341C0000-0x00007FF734514000-memory.dmp

memory/3648-1071-0x00007FF6D04A0000-0x00007FF6D07F4000-memory.dmp

memory/2400-1072-0x00007FF77ED70000-0x00007FF77F0C4000-memory.dmp

memory/4444-1073-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp

memory/2472-1074-0x00007FF683C90000-0x00007FF683FE4000-memory.dmp

memory/2400-1075-0x00007FF77ED70000-0x00007FF77F0C4000-memory.dmp

memory/3648-1076-0x00007FF6D04A0000-0x00007FF6D07F4000-memory.dmp

memory/1508-1077-0x00007FF6E2D40000-0x00007FF6E3094000-memory.dmp

memory/4444-1078-0x00007FF7EE200000-0x00007FF7EE554000-memory.dmp

memory/2472-1079-0x00007FF683C90000-0x00007FF683FE4000-memory.dmp

memory/3672-1081-0x00007FF710900000-0x00007FF710C54000-memory.dmp

memory/1452-1080-0x00007FF6049C0000-0x00007FF604D14000-memory.dmp

memory/1488-1082-0x00007FF6FA670000-0x00007FF6FA9C4000-memory.dmp

memory/2896-1083-0x00007FF653CA0000-0x00007FF653FF4000-memory.dmp

memory/3396-1084-0x00007FF718460000-0x00007FF7187B4000-memory.dmp

memory/1792-1085-0x00007FF7048C0000-0x00007FF704C14000-memory.dmp

memory/4696-1086-0x00007FF6BC0B0000-0x00007FF6BC404000-memory.dmp

memory/1352-1088-0x00007FF694700000-0x00007FF694A54000-memory.dmp

memory/4716-1089-0x00007FF6D31E0000-0x00007FF6D3534000-memory.dmp

memory/1236-1093-0x00007FF6E16D0000-0x00007FF6E1A24000-memory.dmp

memory/3348-1092-0x00007FF6D3AC0000-0x00007FF6D3E14000-memory.dmp

memory/3900-1091-0x00007FF64F2F0000-0x00007FF64F644000-memory.dmp

memory/4220-1090-0x00007FF790A60000-0x00007FF790DB4000-memory.dmp

memory/2788-1087-0x00007FF7F9390000-0x00007FF7F96E4000-memory.dmp

memory/736-1098-0x00007FF75E7B0000-0x00007FF75EB04000-memory.dmp

memory/1700-1101-0x00007FF743310000-0x00007FF743664000-memory.dmp

memory/4804-1103-0x00007FF6EE0B0000-0x00007FF6EE404000-memory.dmp

memory/4372-1102-0x00007FF710C10000-0x00007FF710F64000-memory.dmp

memory/1560-1099-0x00007FF6F29E0000-0x00007FF6F2D34000-memory.dmp

memory/3472-1100-0x00007FF7C0200000-0x00007FF7C0554000-memory.dmp

memory/2868-1096-0x00007FF7C2920000-0x00007FF7C2C74000-memory.dmp

memory/4244-1095-0x00007FF7BD020000-0x00007FF7BD374000-memory.dmp

memory/3676-1094-0x00007FF7A22F0000-0x00007FF7A2644000-memory.dmp

memory/2864-1097-0x00007FF6586E0000-0x00007FF658A34000-memory.dmp