Malware Analysis Report

2024-11-16 11:42

Sample ID 240612-k4sntsxbpm
Target 2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe
SHA256 0aabdfc5926373da976ef2bfa1764dc7e85eba1ac5edcdc7e5e999b2de819346
Tags
xmrig miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0aabdfc5926373da976ef2bfa1764dc7e85eba1ac5edcdc7e5e999b2de819346

Threat Level: Known bad

The file 2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig miner

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:09

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:09

Reported

2024-06-12 09:12

Platform

win7-20240508-en

Max time kernel

137s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YagKfjk.exe N/A
N/A N/A C:\Windows\System\JnSRYvp.exe N/A
N/A N/A C:\Windows\System\WniXaKK.exe N/A
N/A N/A C:\Windows\System\gBGeQNm.exe N/A
N/A N/A C:\Windows\System\QTlRTUU.exe N/A
N/A N/A C:\Windows\System\aPHkCDJ.exe N/A
N/A N/A C:\Windows\System\KFILXvv.exe N/A
N/A N/A C:\Windows\System\sPOTGWm.exe N/A
N/A N/A C:\Windows\System\ZtBnOJl.exe N/A
N/A N/A C:\Windows\System\qgxUUxm.exe N/A
N/A N/A C:\Windows\System\uXIwZHq.exe N/A
N/A N/A C:\Windows\System\bsEjbEx.exe N/A
N/A N/A C:\Windows\System\jzuLmJs.exe N/A
N/A N/A C:\Windows\System\fhuMfzT.exe N/A
N/A N/A C:\Windows\System\KllKCtl.exe N/A
N/A N/A C:\Windows\System\MrhhbdZ.exe N/A
N/A N/A C:\Windows\System\nROAkHr.exe N/A
N/A N/A C:\Windows\System\rWjDZPK.exe N/A
N/A N/A C:\Windows\System\tvpeFtr.exe N/A
N/A N/A C:\Windows\System\qjjGlzb.exe N/A
N/A N/A C:\Windows\System\nFbMErL.exe N/A
N/A N/A C:\Windows\System\LDKKMhf.exe N/A
N/A N/A C:\Windows\System\qqkgHWH.exe N/A
N/A N/A C:\Windows\System\pBWzKCC.exe N/A
N/A N/A C:\Windows\System\MEDgfWp.exe N/A
N/A N/A C:\Windows\System\SAiSpXL.exe N/A
N/A N/A C:\Windows\System\yVRaFQq.exe N/A
N/A N/A C:\Windows\System\LKICwoP.exe N/A
N/A N/A C:\Windows\System\zuprYzO.exe N/A
N/A N/A C:\Windows\System\cxOLMtD.exe N/A
N/A N/A C:\Windows\System\EnysxEt.exe N/A
N/A N/A C:\Windows\System\SQevnJc.exe N/A
N/A N/A C:\Windows\System\qSKSJny.exe N/A
N/A N/A C:\Windows\System\iJzwuLF.exe N/A
N/A N/A C:\Windows\System\LePDlLk.exe N/A
N/A N/A C:\Windows\System\WqYBlEy.exe N/A
N/A N/A C:\Windows\System\UrAIeJA.exe N/A
N/A N/A C:\Windows\System\bYJQwGv.exe N/A
N/A N/A C:\Windows\System\SjVmgrS.exe N/A
N/A N/A C:\Windows\System\zXHNGxa.exe N/A
N/A N/A C:\Windows\System\PveBuBH.exe N/A
N/A N/A C:\Windows\System\qhRaxVK.exe N/A
N/A N/A C:\Windows\System\JACFXSu.exe N/A
N/A N/A C:\Windows\System\dLKlxel.exe N/A
N/A N/A C:\Windows\System\UuHreww.exe N/A
N/A N/A C:\Windows\System\UTjAfYg.exe N/A
N/A N/A C:\Windows\System\hggYcWw.exe N/A
N/A N/A C:\Windows\System\enfkylT.exe N/A
N/A N/A C:\Windows\System\kToDCnk.exe N/A
N/A N/A C:\Windows\System\xrDrhaT.exe N/A
N/A N/A C:\Windows\System\UqCYyPz.exe N/A
N/A N/A C:\Windows\System\gUtMvnf.exe N/A
N/A N/A C:\Windows\System\XKMZjBI.exe N/A
N/A N/A C:\Windows\System\bPTydcw.exe N/A
N/A N/A C:\Windows\System\Ctcztbx.exe N/A
N/A N/A C:\Windows\System\gVChvwH.exe N/A
N/A N/A C:\Windows\System\QSrxnqX.exe N/A
N/A N/A C:\Windows\System\ZUrVGHv.exe N/A
N/A N/A C:\Windows\System\cyPwDOi.exe N/A
N/A N/A C:\Windows\System\ZljUqvE.exe N/A
N/A N/A C:\Windows\System\UlEXRKE.exe N/A
N/A N/A C:\Windows\System\kEHAxXH.exe N/A
N/A N/A C:\Windows\System\CggVscz.exe N/A
N/A N/A C:\Windows\System\ANiFofQ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\jzuLmJs.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aaWKvoI.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DbQVYgY.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShcTiJB.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YqrPtFE.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFbMErL.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpDyjEC.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vplHiiQ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mDoqchu.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOEIUJj.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpSQqry.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsMwQft.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOexjVv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfunJZH.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMpDFpw.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMQhYkd.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhuMfzT.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSUwomd.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjcLXoa.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\skEZako.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JnSRYvp.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEHAxXH.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkUyhdC.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgVCkGV.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UuHreww.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIelPWx.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EnbOyTk.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kToDCnk.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvzuyEI.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHPEbDf.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYPGddF.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qvWqCsf.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\poTJcgy.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KjRmOAv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtHkuap.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSrxnqX.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBYmlZD.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FlLLaKx.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WniXaKK.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtBnOJl.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UqCYyPz.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DKALxRt.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBadYcK.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuwoMAb.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pBWzKCC.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yVRaFQq.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrDrhaT.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrhhbdZ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQkvOaH.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdNsiaX.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtzDAZy.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIdQfde.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QiqmXOc.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlNjpMH.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KSIoLwy.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfrwnLA.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUrVGHv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulCBOqg.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VPdFByV.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JACFXSu.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AOfNgla.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YvNgToC.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCwzkLf.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWqhUHc.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\YagKfjk.exe
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\YagKfjk.exe
PID 2928 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\YagKfjk.exe
PID 2928 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\JnSRYvp.exe
PID 2928 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\JnSRYvp.exe
PID 2928 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\JnSRYvp.exe
PID 2928 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\WniXaKK.exe
PID 2928 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\WniXaKK.exe
PID 2928 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\WniXaKK.exe
PID 2928 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\gBGeQNm.exe
PID 2928 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\gBGeQNm.exe
PID 2928 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\gBGeQNm.exe
PID 2928 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\QTlRTUU.exe
PID 2928 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\QTlRTUU.exe
PID 2928 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\QTlRTUU.exe
PID 2928 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\aPHkCDJ.exe
PID 2928 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\aPHkCDJ.exe
PID 2928 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\aPHkCDJ.exe
PID 2928 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KFILXvv.exe
PID 2928 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KFILXvv.exe
PID 2928 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KFILXvv.exe
PID 2928 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\sPOTGWm.exe
PID 2928 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\sPOTGWm.exe
PID 2928 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\sPOTGWm.exe
PID 2928 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ZtBnOJl.exe
PID 2928 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ZtBnOJl.exe
PID 2928 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ZtBnOJl.exe
PID 2928 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qgxUUxm.exe
PID 2928 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qgxUUxm.exe
PID 2928 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qgxUUxm.exe
PID 2928 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\uXIwZHq.exe
PID 2928 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\uXIwZHq.exe
PID 2928 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\uXIwZHq.exe
PID 2928 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\bsEjbEx.exe
PID 2928 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\bsEjbEx.exe
PID 2928 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\bsEjbEx.exe
PID 2928 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\jzuLmJs.exe
PID 2928 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\jzuLmJs.exe
PID 2928 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\jzuLmJs.exe
PID 2928 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\fhuMfzT.exe
PID 2928 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\fhuMfzT.exe
PID 2928 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\fhuMfzT.exe
PID 2928 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KllKCtl.exe
PID 2928 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KllKCtl.exe
PID 2928 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\KllKCtl.exe
PID 2928 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\MrhhbdZ.exe
PID 2928 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\MrhhbdZ.exe
PID 2928 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\MrhhbdZ.exe
PID 2928 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nROAkHr.exe
PID 2928 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nROAkHr.exe
PID 2928 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nROAkHr.exe
PID 2928 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\rWjDZPK.exe
PID 2928 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\rWjDZPK.exe
PID 2928 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\rWjDZPK.exe
PID 2928 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\tvpeFtr.exe
PID 2928 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\tvpeFtr.exe
PID 2928 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\tvpeFtr.exe
PID 2928 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qjjGlzb.exe
PID 2928 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qjjGlzb.exe
PID 2928 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\qjjGlzb.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nFbMErL.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nFbMErL.exe
PID 2928 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nFbMErL.exe
PID 2928 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LDKKMhf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe"

C:\Windows\System\YagKfjk.exe

C:\Windows\System\YagKfjk.exe

C:\Windows\System\JnSRYvp.exe

C:\Windows\System\JnSRYvp.exe

C:\Windows\System\WniXaKK.exe

C:\Windows\System\WniXaKK.exe

C:\Windows\System\gBGeQNm.exe

C:\Windows\System\gBGeQNm.exe

C:\Windows\System\QTlRTUU.exe

C:\Windows\System\QTlRTUU.exe

C:\Windows\System\aPHkCDJ.exe

C:\Windows\System\aPHkCDJ.exe

C:\Windows\System\KFILXvv.exe

C:\Windows\System\KFILXvv.exe

C:\Windows\System\sPOTGWm.exe

C:\Windows\System\sPOTGWm.exe

C:\Windows\System\ZtBnOJl.exe

C:\Windows\System\ZtBnOJl.exe

C:\Windows\System\qgxUUxm.exe

C:\Windows\System\qgxUUxm.exe

C:\Windows\System\uXIwZHq.exe

C:\Windows\System\uXIwZHq.exe

C:\Windows\System\bsEjbEx.exe

C:\Windows\System\bsEjbEx.exe

C:\Windows\System\jzuLmJs.exe

C:\Windows\System\jzuLmJs.exe

C:\Windows\System\fhuMfzT.exe

C:\Windows\System\fhuMfzT.exe

C:\Windows\System\KllKCtl.exe

C:\Windows\System\KllKCtl.exe

C:\Windows\System\MrhhbdZ.exe

C:\Windows\System\MrhhbdZ.exe

C:\Windows\System\nROAkHr.exe

C:\Windows\System\nROAkHr.exe

C:\Windows\System\rWjDZPK.exe

C:\Windows\System\rWjDZPK.exe

C:\Windows\System\tvpeFtr.exe

C:\Windows\System\tvpeFtr.exe

C:\Windows\System\qjjGlzb.exe

C:\Windows\System\qjjGlzb.exe

C:\Windows\System\nFbMErL.exe

C:\Windows\System\nFbMErL.exe

C:\Windows\System\LDKKMhf.exe

C:\Windows\System\LDKKMhf.exe

C:\Windows\System\qqkgHWH.exe

C:\Windows\System\qqkgHWH.exe

C:\Windows\System\pBWzKCC.exe

C:\Windows\System\pBWzKCC.exe

C:\Windows\System\MEDgfWp.exe

C:\Windows\System\MEDgfWp.exe

C:\Windows\System\SAiSpXL.exe

C:\Windows\System\SAiSpXL.exe

C:\Windows\System\yVRaFQq.exe

C:\Windows\System\yVRaFQq.exe

C:\Windows\System\LKICwoP.exe

C:\Windows\System\LKICwoP.exe

C:\Windows\System\zuprYzO.exe

C:\Windows\System\zuprYzO.exe

C:\Windows\System\cxOLMtD.exe

C:\Windows\System\cxOLMtD.exe

C:\Windows\System\EnysxEt.exe

C:\Windows\System\EnysxEt.exe

C:\Windows\System\SQevnJc.exe

C:\Windows\System\SQevnJc.exe

C:\Windows\System\qSKSJny.exe

C:\Windows\System\qSKSJny.exe

C:\Windows\System\iJzwuLF.exe

C:\Windows\System\iJzwuLF.exe

C:\Windows\System\LePDlLk.exe

C:\Windows\System\LePDlLk.exe

C:\Windows\System\WqYBlEy.exe

C:\Windows\System\WqYBlEy.exe

C:\Windows\System\UrAIeJA.exe

C:\Windows\System\UrAIeJA.exe

C:\Windows\System\bYJQwGv.exe

C:\Windows\System\bYJQwGv.exe

C:\Windows\System\SjVmgrS.exe

C:\Windows\System\SjVmgrS.exe

C:\Windows\System\zXHNGxa.exe

C:\Windows\System\zXHNGxa.exe

C:\Windows\System\PveBuBH.exe

C:\Windows\System\PveBuBH.exe

C:\Windows\System\qhRaxVK.exe

C:\Windows\System\qhRaxVK.exe

C:\Windows\System\JACFXSu.exe

C:\Windows\System\JACFXSu.exe

C:\Windows\System\dLKlxel.exe

C:\Windows\System\dLKlxel.exe

C:\Windows\System\UuHreww.exe

C:\Windows\System\UuHreww.exe

C:\Windows\System\UTjAfYg.exe

C:\Windows\System\UTjAfYg.exe

C:\Windows\System\hggYcWw.exe

C:\Windows\System\hggYcWw.exe

C:\Windows\System\enfkylT.exe

C:\Windows\System\enfkylT.exe

C:\Windows\System\kToDCnk.exe

C:\Windows\System\kToDCnk.exe

C:\Windows\System\xrDrhaT.exe

C:\Windows\System\xrDrhaT.exe

C:\Windows\System\UqCYyPz.exe

C:\Windows\System\UqCYyPz.exe

C:\Windows\System\gUtMvnf.exe

C:\Windows\System\gUtMvnf.exe

C:\Windows\System\XKMZjBI.exe

C:\Windows\System\XKMZjBI.exe

C:\Windows\System\bPTydcw.exe

C:\Windows\System\bPTydcw.exe

C:\Windows\System\Ctcztbx.exe

C:\Windows\System\Ctcztbx.exe

C:\Windows\System\gVChvwH.exe

C:\Windows\System\gVChvwH.exe

C:\Windows\System\QSrxnqX.exe

C:\Windows\System\QSrxnqX.exe

C:\Windows\System\ZUrVGHv.exe

C:\Windows\System\ZUrVGHv.exe

C:\Windows\System\cyPwDOi.exe

C:\Windows\System\cyPwDOi.exe

C:\Windows\System\ZljUqvE.exe

C:\Windows\System\ZljUqvE.exe

C:\Windows\System\UlEXRKE.exe

C:\Windows\System\UlEXRKE.exe

C:\Windows\System\kEHAxXH.exe

C:\Windows\System\kEHAxXH.exe

C:\Windows\System\CggVscz.exe

C:\Windows\System\CggVscz.exe

C:\Windows\System\ANiFofQ.exe

C:\Windows\System\ANiFofQ.exe

C:\Windows\System\fMgFAHG.exe

C:\Windows\System\fMgFAHG.exe

C:\Windows\System\QiqmXOc.exe

C:\Windows\System\QiqmXOc.exe

C:\Windows\System\uxLegkz.exe

C:\Windows\System\uxLegkz.exe

C:\Windows\System\bVJuvLJ.exe

C:\Windows\System\bVJuvLJ.exe

C:\Windows\System\pKAkzGI.exe

C:\Windows\System\pKAkzGI.exe

C:\Windows\System\DEynnBn.exe

C:\Windows\System\DEynnBn.exe

C:\Windows\System\dTcBOtJ.exe

C:\Windows\System\dTcBOtJ.exe

C:\Windows\System\SGkLodc.exe

C:\Windows\System\SGkLodc.exe

C:\Windows\System\GBYmlZD.exe

C:\Windows\System\GBYmlZD.exe

C:\Windows\System\ZCwzkLf.exe

C:\Windows\System\ZCwzkLf.exe

C:\Windows\System\NsMwQft.exe

C:\Windows\System\NsMwQft.exe

C:\Windows\System\okzIFXz.exe

C:\Windows\System\okzIFXz.exe

C:\Windows\System\ulCBOqg.exe

C:\Windows\System\ulCBOqg.exe

C:\Windows\System\lcsfpAI.exe

C:\Windows\System\lcsfpAI.exe

C:\Windows\System\ZvzuyEI.exe

C:\Windows\System\ZvzuyEI.exe

C:\Windows\System\fQkvOaH.exe

C:\Windows\System\fQkvOaH.exe

C:\Windows\System\aaWKvoI.exe

C:\Windows\System\aaWKvoI.exe

C:\Windows\System\RpSQqry.exe

C:\Windows\System\RpSQqry.exe

C:\Windows\System\inPjGme.exe

C:\Windows\System\inPjGme.exe

C:\Windows\System\vlNjpMH.exe

C:\Windows\System\vlNjpMH.exe

C:\Windows\System\poTJcgy.exe

C:\Windows\System\poTJcgy.exe

C:\Windows\System\JMGZjkc.exe

C:\Windows\System\JMGZjkc.exe

C:\Windows\System\CoViNxx.exe

C:\Windows\System\CoViNxx.exe

C:\Windows\System\lVDbNyV.exe

C:\Windows\System\lVDbNyV.exe

C:\Windows\System\KSIoLwy.exe

C:\Windows\System\KSIoLwy.exe

C:\Windows\System\kXNuGfP.exe

C:\Windows\System\kXNuGfP.exe

C:\Windows\System\EkUyhdC.exe

C:\Windows\System\EkUyhdC.exe

C:\Windows\System\MfLEOpk.exe

C:\Windows\System\MfLEOpk.exe

C:\Windows\System\wZckNWM.exe

C:\Windows\System\wZckNWM.exe

C:\Windows\System\zJKuzAr.exe

C:\Windows\System\zJKuzAr.exe

C:\Windows\System\DZcTIkv.exe

C:\Windows\System\DZcTIkv.exe

C:\Windows\System\ehawffm.exe

C:\Windows\System\ehawffm.exe

C:\Windows\System\zhIJobX.exe

C:\Windows\System\zhIJobX.exe

C:\Windows\System\YqrPtFE.exe

C:\Windows\System\YqrPtFE.exe

C:\Windows\System\DSUwomd.exe

C:\Windows\System\DSUwomd.exe

C:\Windows\System\nIelPWx.exe

C:\Windows\System\nIelPWx.exe

C:\Windows\System\mDoqchu.exe

C:\Windows\System\mDoqchu.exe

C:\Windows\System\uTLEIgJ.exe

C:\Windows\System\uTLEIgJ.exe

C:\Windows\System\ZgVCkGV.exe

C:\Windows\System\ZgVCkGV.exe

C:\Windows\System\oeEbUss.exe

C:\Windows\System\oeEbUss.exe

C:\Windows\System\EnfmnFd.exe

C:\Windows\System\EnfmnFd.exe

C:\Windows\System\KnKxPlK.exe

C:\Windows\System\KnKxPlK.exe

C:\Windows\System\dHPEbDf.exe

C:\Windows\System\dHPEbDf.exe

C:\Windows\System\VPdFByV.exe

C:\Windows\System\VPdFByV.exe

C:\Windows\System\NYPGddF.exe

C:\Windows\System\NYPGddF.exe

C:\Windows\System\bOexjVv.exe

C:\Windows\System\bOexjVv.exe

C:\Windows\System\ykQkLgX.exe

C:\Windows\System\ykQkLgX.exe

C:\Windows\System\eCvqUJg.exe

C:\Windows\System\eCvqUJg.exe

C:\Windows\System\hWqhUHc.exe

C:\Windows\System\hWqhUHc.exe

C:\Windows\System\qEpVlln.exe

C:\Windows\System\qEpVlln.exe

C:\Windows\System\odguMgf.exe

C:\Windows\System\odguMgf.exe

C:\Windows\System\Pjduurq.exe

C:\Windows\System\Pjduurq.exe

C:\Windows\System\CBBZysK.exe

C:\Windows\System\CBBZysK.exe

C:\Windows\System\PmptsSF.exe

C:\Windows\System\PmptsSF.exe

C:\Windows\System\iXakYYQ.exe

C:\Windows\System\iXakYYQ.exe

C:\Windows\System\IoSXXjT.exe

C:\Windows\System\IoSXXjT.exe

C:\Windows\System\FjcLXoa.exe

C:\Windows\System\FjcLXoa.exe

C:\Windows\System\swQVaFF.exe

C:\Windows\System\swQVaFF.exe

C:\Windows\System\DKALxRt.exe

C:\Windows\System\DKALxRt.exe

C:\Windows\System\TuwoMAb.exe

C:\Windows\System\TuwoMAb.exe

C:\Windows\System\kLDiysS.exe

C:\Windows\System\kLDiysS.exe

C:\Windows\System\vILlNuJ.exe

C:\Windows\System\vILlNuJ.exe

C:\Windows\System\jElkhvR.exe

C:\Windows\System\jElkhvR.exe

C:\Windows\System\hrTJSGZ.exe

C:\Windows\System\hrTJSGZ.exe

C:\Windows\System\OdNsiaX.exe

C:\Windows\System\OdNsiaX.exe

C:\Windows\System\myNevlk.exe

C:\Windows\System\myNevlk.exe

C:\Windows\System\JfrwnLA.exe

C:\Windows\System\JfrwnLA.exe

C:\Windows\System\rVmalsD.exe

C:\Windows\System\rVmalsD.exe

C:\Windows\System\YzBtAPU.exe

C:\Windows\System\YzBtAPU.exe

C:\Windows\System\FlLLaKx.exe

C:\Windows\System\FlLLaKx.exe

C:\Windows\System\YIdQfde.exe

C:\Windows\System\YIdQfde.exe

C:\Windows\System\KjRmOAv.exe

C:\Windows\System\KjRmOAv.exe

C:\Windows\System\SRpdLuL.exe

C:\Windows\System\SRpdLuL.exe

C:\Windows\System\GpDyjEC.exe

C:\Windows\System\GpDyjEC.exe

C:\Windows\System\OIHiGqg.exe

C:\Windows\System\OIHiGqg.exe

C:\Windows\System\IIGPtUw.exe

C:\Windows\System\IIGPtUw.exe

C:\Windows\System\fyCZtfW.exe

C:\Windows\System\fyCZtfW.exe

C:\Windows\System\EnbOyTk.exe

C:\Windows\System\EnbOyTk.exe

C:\Windows\System\gtzDAZy.exe

C:\Windows\System\gtzDAZy.exe

C:\Windows\System\MINQHYm.exe

C:\Windows\System\MINQHYm.exe

C:\Windows\System\RnsMorg.exe

C:\Windows\System\RnsMorg.exe

C:\Windows\System\eJkzLqf.exe

C:\Windows\System\eJkzLqf.exe

C:\Windows\System\NAkGgIH.exe

C:\Windows\System\NAkGgIH.exe

C:\Windows\System\gznpHjS.exe

C:\Windows\System\gznpHjS.exe

C:\Windows\System\yQTpUeX.exe

C:\Windows\System\yQTpUeX.exe

C:\Windows\System\qNGYwRN.exe

C:\Windows\System\qNGYwRN.exe

C:\Windows\System\iWcZmmi.exe

C:\Windows\System\iWcZmmi.exe

C:\Windows\System\AOfNgla.exe

C:\Windows\System\AOfNgla.exe

C:\Windows\System\vSrjQaO.exe

C:\Windows\System\vSrjQaO.exe

C:\Windows\System\kbvGwuX.exe

C:\Windows\System\kbvGwuX.exe

C:\Windows\System\xdjZquI.exe

C:\Windows\System\xdjZquI.exe

C:\Windows\System\ysQfmPl.exe

C:\Windows\System\ysQfmPl.exe

C:\Windows\System\bqqIZUP.exe

C:\Windows\System\bqqIZUP.exe

C:\Windows\System\yZGWnDP.exe

C:\Windows\System\yZGWnDP.exe

C:\Windows\System\SKYrsRU.exe

C:\Windows\System\SKYrsRU.exe

C:\Windows\System\YvNgToC.exe

C:\Windows\System\YvNgToC.exe

C:\Windows\System\skEZako.exe

C:\Windows\System\skEZako.exe

C:\Windows\System\xFGgZUh.exe

C:\Windows\System\xFGgZUh.exe

C:\Windows\System\IUQfeIH.exe

C:\Windows\System\IUQfeIH.exe

C:\Windows\System\JZpiwNv.exe

C:\Windows\System\JZpiwNv.exe

C:\Windows\System\KtrKCch.exe

C:\Windows\System\KtrKCch.exe

C:\Windows\System\WuuZGvn.exe

C:\Windows\System\WuuZGvn.exe

C:\Windows\System\RBLfqTo.exe

C:\Windows\System\RBLfqTo.exe

C:\Windows\System\vplHiiQ.exe

C:\Windows\System\vplHiiQ.exe

C:\Windows\System\NaMcKHL.exe

C:\Windows\System\NaMcKHL.exe

C:\Windows\System\UfunJZH.exe

C:\Windows\System\UfunJZH.exe

C:\Windows\System\DbQVYgY.exe

C:\Windows\System\DbQVYgY.exe

C:\Windows\System\qvWqCsf.exe

C:\Windows\System\qvWqCsf.exe

C:\Windows\System\VLmowCz.exe

C:\Windows\System\VLmowCz.exe

C:\Windows\System\dMpDFpw.exe

C:\Windows\System\dMpDFpw.exe

C:\Windows\System\PjOJMDh.exe

C:\Windows\System\PjOJMDh.exe

C:\Windows\System\MuGzmkK.exe

C:\Windows\System\MuGzmkK.exe

C:\Windows\System\OZSsIEQ.exe

C:\Windows\System\OZSsIEQ.exe

C:\Windows\System\VAvmqtx.exe

C:\Windows\System\VAvmqtx.exe

C:\Windows\System\ShcTiJB.exe

C:\Windows\System\ShcTiJB.exe

C:\Windows\System\XLmsgoB.exe

C:\Windows\System\XLmsgoB.exe

C:\Windows\System\QDqFYEV.exe

C:\Windows\System\QDqFYEV.exe

C:\Windows\System\iZZEdiJ.exe

C:\Windows\System\iZZEdiJ.exe

C:\Windows\System\OZJpOKX.exe

C:\Windows\System\OZJpOKX.exe

C:\Windows\System\OkdrWzk.exe

C:\Windows\System\OkdrWzk.exe

C:\Windows\System\rXfZRzz.exe

C:\Windows\System\rXfZRzz.exe

C:\Windows\System\BtHkuap.exe

C:\Windows\System\BtHkuap.exe

C:\Windows\System\hMQhYkd.exe

C:\Windows\System\hMQhYkd.exe

C:\Windows\System\cONRdzx.exe

C:\Windows\System\cONRdzx.exe

C:\Windows\System\iiVriGV.exe

C:\Windows\System\iiVriGV.exe

C:\Windows\System\jvgHyPO.exe

C:\Windows\System\jvgHyPO.exe

C:\Windows\System\QrfFVbR.exe

C:\Windows\System\QrfFVbR.exe

C:\Windows\System\gOEIUJj.exe

C:\Windows\System\gOEIUJj.exe

C:\Windows\System\xKPczWv.exe

C:\Windows\System\xKPczWv.exe

C:\Windows\System\KUcYrLR.exe

C:\Windows\System\KUcYrLR.exe

C:\Windows\System\mAiMGha.exe

C:\Windows\System\mAiMGha.exe

C:\Windows\System\KIPoxeQ.exe

C:\Windows\System\KIPoxeQ.exe

C:\Windows\System\xBadYcK.exe

C:\Windows\System\xBadYcK.exe

C:\Windows\System\CeQMPIq.exe

C:\Windows\System\CeQMPIq.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2928-0-0x00000000003F0000-0x0000000000400000-memory.dmp

\Windows\system\YagKfjk.exe

MD5 7caaa58960ae6a0a281663dce7d7beff
SHA1 1e4b793bf1c8eb7453a6d5d7edb9fda089f0f0c6
SHA256 fdeae386456aae05eb7b1a7e2ade8d060aaa6c5d8dcc9bb98d0ee26017967cd2
SHA512 0338dbeca830b2bd90292d6007d55f658d804c894e24d9cbbd1a388eb4b2fcf098545ead236cbe59d111682a4950d71b3051f6fe821b19d069dd650cdafd356c

\Windows\system\JnSRYvp.exe

MD5 6aa51f57cd7e58e8264da280d7a028e8
SHA1 c7f7350b0e160096a70c902f600b4483282a9f7c
SHA256 96057f396880df4a52b6335abfee2936ab5a6323454f67d9cfa13570c51022da
SHA512 1ac050640e1793a6eb1e8ed46f9016e00625685abe12def7924ea7ac9e85405ddbb4feefb751190bba7ee837a0f41c1209f4a2419e9d51478c9f032b79663f99

C:\Windows\system\WniXaKK.exe

MD5 b4f9e3abc64691e1dcc3d5223fdde45a
SHA1 69732385b0c17355b28d4e734450c3a76a512ab5
SHA256 0210606dcd1679831e66e2eee15af97657c3a8e888f2ef52c5fa375a3f29ee74
SHA512 8053f34b50e762e964a90a14aba893b743784ea78fa93c3822cd6b0ace89e92273cd84d3250b62d0a16c5a05e68e77f77f331ff433b508930ccec2f261c9a574

C:\Windows\system\gBGeQNm.exe

MD5 b47c8f21a27b90b2bc4e00a755562477
SHA1 712859aa757377841b8cadc004cb4ddae6186637
SHA256 e5edbebec043a8427c5e376fc426e6831a95669aa29761afcf3e849fead0407a
SHA512 717d3d0ca3ee0e46edf8c4ef33213eb47412f07e22d9d6aa880b057d4476fd314cabcb764ec28c02d32163b4718a4f4563ab6e5ea2752db5f73663bdc51b1628

C:\Windows\system\QTlRTUU.exe

MD5 043260675822b0b1762ed0fe3e603f4f
SHA1 bf5e1843ebe1465569cdf3408a11a0fdd7e1ce60
SHA256 1868b7b72e78f283afc9f612d8ef034ce0499270d491aa27031fcc7cb7b50f78
SHA512 556b65618d241105d1e5439c9b5bcbee659c880b27839ec6830e74a7a3007fec31a412ced811986f6c1cf215547b7da9556ec0b74ec8a794485b019ff600b892

\Windows\system\aPHkCDJ.exe

MD5 28275d5d4c161f5aeb8418505c4b889a
SHA1 fdf450b9cbf548a66d400b4652149590d617940c
SHA256 5c7b37137d206cec387a0d1c1fd7b9a7d3099cdda7e157c9d15b7dc17c08db67
SHA512 9f6d945cab32dca55f4befe356c4f7045a49d5cdfad11df4c00dac3a059196ee7500adef6064fbed63f19ba96abcdb15081c78cd9360ef9073c73cc8a04d7fe7

C:\Windows\system\KFILXvv.exe

MD5 230e5be2600c1c8ae873c853b40be4bf
SHA1 46bf0134799a8600542d829373364850abb15d55
SHA256 7119693ef781eec1e2bbb9716462bafe9e1496478044d607cbac076930814074
SHA512 a47f4745d85ba008beeeef339ba2e149f8ead79db8b6b139fbf6c11a7508b581548c834beec54225ca9e1f45a479cd4f09fae2157cf1a63954d1ec32825c02ee

\Windows\system\sPOTGWm.exe

MD5 a7d84c8a3771442d64d6e6676b2c22bf
SHA1 7f0e9499d2e32c1b0ae841612d99a61fdb898ad6
SHA256 38b39961db5bbb1e0d89086a3b5f64dbd889165de87792741dafce0a90a0fb9a
SHA512 14731b9aee0a6159cf11cb6a0eb614bbaae7c52be5544f8e081e88ca55b8f0e0647e2da1a998c68476ed48eb76c70b595ae774b4022b49aa730567459e266450

\Windows\system\ZtBnOJl.exe

MD5 e4eeba41fd8cf8a80ea39ec52a4ca3a7
SHA1 b2ea7cc45f2f5f7daf5ccce651db0dce1be8b963
SHA256 911b13e6b00a747849a2a0604ce8e290a60b4ae2961ffca725e7be67fbd3a606
SHA512 78039127cf42539b293bd97cf23ff2f8577cf7b6385268cd542922812cfdeb9de0c67d291d9c96a3eaca0d7309035b5aa8fc2d363e7a1fdd48e49c907681ca53

\Windows\system\qgxUUxm.exe

MD5 caf5eb9e1d948817e77172962a21869e
SHA1 2693fbd4213306d63a25164cf8ff6956917896fc
SHA256 06bebd92e23022af7b3b26ef86ff2987e292cd38d488b0023ca9d462597efc24
SHA512 4c6546ceb23ff5827dce15f7d22e52bc5c41c279401eefb36140eb11b02cc8d79500da5a3904a82962b3c7bfa9b5f28bed6449849b745b38479cdab0e97663fa

\Windows\system\uXIwZHq.exe

MD5 7d05841fa9caf769b0df055119ce8ea6
SHA1 977b9fe988a5259a0346d0c7a148fee905c2a4ba
SHA256 5b45797cfb6dbb7387cc00ac636cfe101cf750e3e71daed4d9e73ef4fabca4b8
SHA512 381309420d90cba292043a9dc3f732d5a1bda954436d48aabf9ff272ac78b3c7933c67a348d33485201a3238bc30b2e525c583df57fbd847d512bb3a1f29a6d8

\Windows\system\bsEjbEx.exe

MD5 e465a7fc5b7b3a226052943f34bc4c19
SHA1 50f3cae796d1539d907f944e6c598bc33363f69a
SHA256 28ddfe0ebab8e37a2ab36f01b673556b8cc73bd53ae10b20cbe879d7477c972b
SHA512 a4002e0333bbd62f04fc09630a1659111721c482e99540545ce4d37cb92bcf6dace9e2fb5dc4911cf6ee1dcf87ec6a0faa01877549cf2962951921f66e4e85ec

C:\Windows\system\jzuLmJs.exe

MD5 a9214aa10b6992c9a72dbe8f050648f1
SHA1 a4dc62c0f24b4e7604ee7538e9932085631e2329
SHA256 64a7d317df083ebcdfd01ef1eb15a78439e58314b1571fc2f1d20b74b04ce011
SHA512 2bb727408b10ac86f2b12d31589fb407b5be1a17ecbd0e13ddd0770d39f110d7994f92f598e25ab03174fee14838b37dcd437c67f885a1e35120c7cc6ac25124

C:\Windows\system\fhuMfzT.exe

MD5 bda13c3f84b4da0194f9f98525f97581
SHA1 f81c24b300b7b4d4b4cb7a37c954063d024244c1
SHA256 df069c1cc6f4d27fc880aa4939c0e54740b84c8033efea1c259e7850ca7cb8d1
SHA512 3aa4bc67d1a50c5279d73044de02a6ec81b212c12a74751c52e4626f537e59139b99da6abc3ca46d8ec5eb18bbbd9444fa21eda044c42a25bde2da8d45dc13ae

C:\Windows\system\MrhhbdZ.exe

MD5 024a532c234e653da77efedea193f50c
SHA1 8166d354ac1fc3fb4b5901ba52f5ebd1a14c147e
SHA256 506922632d351c971fa45691685867c229565c68c4aaf75c99a7af1abbda5822
SHA512 89f307f2d3012bd0027ab95363130a65dc8d6b105ac62668f7fdd9ae2aa224d759f56a7263f9c09e4c5c3acc63628ad67723b3badf7113cc9715c825c5eced8f

\Windows\system\KllKCtl.exe

MD5 a8cb118c0caaf45a1fa54735e7e95caf
SHA1 f1dc7199c1aaeedde3c5060b6c20044b5f975e12
SHA256 441badeb64bde6ad3aeac981d47fb3d151b8a6c2c07eeeaa0a9b606264e657dd
SHA512 74be596a8da3590918b255323a0b8df144bf726504ba9311172aae18ff21e444f055ece7523435a392852c7dfa3de298e9ef2f91f4acbc9bea5e43e8b63bd728

\Windows\system\nROAkHr.exe

MD5 9bca629ff20e5b744c5954ffec414591
SHA1 80dbdd829824ed32710d406aa1c5b8f8f3bcd46e
SHA256 c01bf28b96c1776eef46dddd546c05f4bd065d896d5d8cf173b1aea0ad94e160
SHA512 7b33f32983e138d056fce9fe7df9404ddf37e24e21640cf90cedbdb2b7f0da5d48dbc0a5dc07ed21d4475f4c5b440e30a0e1bc312815de2a88536f24bf7e8ee1

C:\Windows\system\rWjDZPK.exe

MD5 63913072cd0598661537e820f6629678
SHA1 7f3e19a47410ee1c4edf66aa3162406b9cfdba45
SHA256 4d035224d93169ea1aec6ffc37cbff62eba76a07a7285f858159794c7ecb2759
SHA512 d6f7355d376166bd3769445344039043795964af6bcbf054b4ba6da7e9c7bd8cf5ec927f0cd8fd78f0b694223aed60a7f05a5ec2de78c76437330cf4937cae92

C:\Windows\system\tvpeFtr.exe

MD5 62354e33e24483db1b902afee0c1d4b0
SHA1 0387cb28a996435bb095f54bbc4a2324dfcac2de
SHA256 b56c65c74d08031b5a85638ff3f42eb43f29c407800d4fb875feaf69b73a3b44
SHA512 3823e69c33e1366cf22fcf0bcc2bf94bc703e61a5d82f57b80813d2dbe89caa2f35feded109fbf7ee6a62c329db7df3538c4c6ef51ed7ccf941e8aba877b437e

C:\Windows\system\qjjGlzb.exe

MD5 056317206cb5e1779ae823cd2a5fffa2
SHA1 eae858e06e716a4069a1bca88a65e6d3ec55d75f
SHA256 82cfc449e3aa83511bb17c70328b600520b469d7d35691dc3abed2b251abe0c0
SHA512 5686796f69793f178612eea9539a33a58da6e3a49037c5f1f48a891360719a01195d60db3db8cca960f8bbaa95e1ad385169425b14daaad8b3075e2839ceec87

\Windows\system\nFbMErL.exe

MD5 ac44f035f12ebaae611d8d77c83846eb
SHA1 eb4e353677630c7e3b338b784ef7d1461ee62782
SHA256 950bb05239ae99087edbcb69ebf4c15ea0ef6b6239d0ca945a25f709a35cb7b6
SHA512 cfd0f9925913c9be19b81dad3eb908f5b183e1fbf35d77b1522d3d02ba215a523902ff2e27346ce979bddf9c38c8d4e1d13e1195d584112f5944469029b51fed

\Windows\system\LDKKMhf.exe

MD5 de15ec4bd90b143846ffd51d751d59bb
SHA1 0968f18b87f0dfc7c768ed849fb7c0c4139b53f8
SHA256 f57d158c2c531d0b6e53741a381fc15a93a30dc46278e9f7df32138bbf81fb53
SHA512 e7a459b9dd1b5ef596ce84593ea9a2867cee24bf4242f059c0677cc804532f55efd2aced1a1da7fc5dbdeaa125ef87b847af2759d78ee5055038b65d82af3724

\Windows\system\qqkgHWH.exe

MD5 9d622472961929c55c1c337a7e93d405
SHA1 66fef10f9f7e3f11d2e769ad785ad25f491b4d58
SHA256 f3869b002849482f88c4ee8fb4c77393c6eea48f4d350477bd582a56bb6e73d2
SHA512 47ee6ca2fd84deeb8948c7018ef129fd116278b5f41d50d160f2a1d38a2ab3dd760e1b14b1019912a150004a5d8c364c4eeb94fc5b7616811e48cd4ee1e31cb8

\Windows\system\pBWzKCC.exe

MD5 26f4301ad49db556dcec64f8cce670bf
SHA1 3551ccb5bb4db5cb6418e75941d5e97cc9f3e463
SHA256 24d25a2f38fd9690db337759af6bbf2de233a28f51b10847b324c8ed22f15b52
SHA512 cc8788419c11c46ad8f3c8de73448b49d83fe68793a9041f5b1fa4c126214468a1375017aa76c89ce6fcebcf2637d8f2381ea133616097d1a55ee1d3561d4866

\Windows\system\MEDgfWp.exe

MD5 72dada454969b7489b82d89f510cbaab
SHA1 157e80aba6bd35355fe9c3e1a63c6cda5f6c92cb
SHA256 5c17a4e38617b383973866116548715703201f557cad4be50fabe582817df3fa
SHA512 2230ab9b9020502176c4c822932451b5dde7e8b9fb8b7187778fa019ed4d2d847dd9f1582d79d777666070dd237247550834bfecbe63dd0c2a1754a05d4d6f1b

\Windows\system\SAiSpXL.exe

MD5 fda779a4b114dea910a2156645d009b1
SHA1 ed2efae794a9ea7aaae107297e81b2976837cfa8
SHA256 f5fd8bf888147414563d30c43043f1ebf0fceffd9f306cc02dd6cf2cb544a388
SHA512 c59763cfae7988f74fe8873be5df048e2c9165c5b687321f23f4871f0e3832695542513f3e04897cffd5e02bd6e7d9654a3710306e697ba4d9268a5da9472add

\Windows\system\yVRaFQq.exe

MD5 c4dc568824f5b074f626c9fcc3426c0d
SHA1 88d2d3ab61bdc7051cfb603ec1412bcb96191af9
SHA256 e162dd18c26aec46f111344bcf6390ca4397dacc79aaaec7ce95137b52d500b8
SHA512 150bf289a34bb83da186104e001dec8486d4c9f2b675fd3dc567504168ec46c658458c37b327b2485011cd489b7b5225c3337b7ba71bdf7555b0595c76c01ece

C:\Windows\system\LKICwoP.exe

MD5 0346a5c50f9c0c6ae638c341375519ce
SHA1 bc8ea59b65ca49f095e275a69957723e960284c0
SHA256 d7faf52e1dce52abf9213042a5b4f436d2b6c21a2fea78402e9ad28c463963b8
SHA512 11fff2adef85021f4082ded57f1b1757fb397b8ad45d04e4b012749673908ea1a018bc6b479a12c425589e25d992011b2eb9a87a4cd5a3b4d43a520916268fc9

\Windows\system\zuprYzO.exe

MD5 0f2ab16106c87c29387b0481fd742e29
SHA1 a552460962a47427dcaec6425a8b91991e5b0db1
SHA256 225cea76f13ce15c70f6656792cddbb95d53f92384cbaf306b073af026586dcd
SHA512 71ea1e6333af8c7966b11bc2549c8606d60e3c2734ae18aa262887fe92d6a11fe8b14b6c073f70c60c9e95cceab0215ee32cf17dba20a73d635cddef8e806d17

\Windows\system\cxOLMtD.exe

MD5 0e0aa18720c1b0f1555cd5e7d3231f94
SHA1 3a07c4af1fc77da366e7fb75d69643f413b38035
SHA256 d6402affe6f63fc002ce804e422df417c96e35148df37900060a1b80b1eaa57a
SHA512 8c0eb7b91dee771107cec9eae3cf49ab4d8669457df4cd51b96829e26095d72b8dfdbd35949af3013dbcce29a84e0b1844678b759ff8528982f943c66c68e49a

\Windows\system\EnysxEt.exe

MD5 70c4a4c44d03eb925434898c66633051
SHA1 8d2ce1975fcd71d8f166b6f821827cbf1660c779
SHA256 b6c0bf36e98596be9f95ec0d00cb70da73f22a5145096bf5a751226a7506c85c
SHA512 7ce8402046ce32ed604c6cd38a786c228705e26128db8f4c55d8dcd1a4b71e876fa1b18d266650fd87ac25c5dc7f2bfdb6b96ba4193c42edd7d1bd708df889a2

\Windows\system\SQevnJc.exe

MD5 55a1fa1a8df1fc37d437f2858eedaa08
SHA1 cd587eeee4b31caf87d6ffee9ee9f13bd2385d10
SHA256 8805645934982371bb1ffa3145bdbde26adb6f69bcaa2f3b3154c1074f96a327
SHA512 2d7a34b0acdebf9ec3f208c8cc843844dc309c55229184a96b5c2aba489fc04a9354a3882c30dd4b89c6a6bdeb81e5a0b9e5f237827e60be54c89353721c9458

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 09:09

Reported

2024-06-12 09:12

Platform

win10v2004-20240226-en

Max time kernel

155s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\BSlESHM.exe N/A
N/A N/A C:\Windows\System\NyMorcu.exe N/A
N/A N/A C:\Windows\System\AJyqHIv.exe N/A
N/A N/A C:\Windows\System\nYelwKk.exe N/A
N/A N/A C:\Windows\System\ViCPvew.exe N/A
N/A N/A C:\Windows\System\LkWeolX.exe N/A
N/A N/A C:\Windows\System\vuaJwjC.exe N/A
N/A N/A C:\Windows\System\LzByDeD.exe N/A
N/A N/A C:\Windows\System\bkBjInn.exe N/A
N/A N/A C:\Windows\System\ZkhJqim.exe N/A
N/A N/A C:\Windows\System\DGlncjx.exe N/A
N/A N/A C:\Windows\System\LDScakM.exe N/A
N/A N/A C:\Windows\System\hOzVjPC.exe N/A
N/A N/A C:\Windows\System\SCAcpEZ.exe N/A
N/A N/A C:\Windows\System\cbpYrwP.exe N/A
N/A N/A C:\Windows\System\ycJaMTa.exe N/A
N/A N/A C:\Windows\System\Znmjpyd.exe N/A
N/A N/A C:\Windows\System\ixcZLGh.exe N/A
N/A N/A C:\Windows\System\nGjoDVN.exe N/A
N/A N/A C:\Windows\System\OWcGpSL.exe N/A
N/A N/A C:\Windows\System\dHlnxVe.exe N/A
N/A N/A C:\Windows\System\aCGJfzi.exe N/A
N/A N/A C:\Windows\System\ATikEgW.exe N/A
N/A N/A C:\Windows\System\JZiIPam.exe N/A
N/A N/A C:\Windows\System\IxQIPUS.exe N/A
N/A N/A C:\Windows\System\PRXmqkc.exe N/A
N/A N/A C:\Windows\System\nwBnMtR.exe N/A
N/A N/A C:\Windows\System\FHomNGX.exe N/A
N/A N/A C:\Windows\System\hlcCzYQ.exe N/A
N/A N/A C:\Windows\System\CIomFfp.exe N/A
N/A N/A C:\Windows\System\EHyRJDB.exe N/A
N/A N/A C:\Windows\System\gXapXVv.exe N/A
N/A N/A C:\Windows\System\CmjCaXI.exe N/A
N/A N/A C:\Windows\System\VvzzLpC.exe N/A
N/A N/A C:\Windows\System\ALoCvRQ.exe N/A
N/A N/A C:\Windows\System\lwcyAUo.exe N/A
N/A N/A C:\Windows\System\aVygKsC.exe N/A
N/A N/A C:\Windows\System\ZpBuivX.exe N/A
N/A N/A C:\Windows\System\CcQSrar.exe N/A
N/A N/A C:\Windows\System\zitoTcr.exe N/A
N/A N/A C:\Windows\System\NWAjbgw.exe N/A
N/A N/A C:\Windows\System\ZawQygZ.exe N/A
N/A N/A C:\Windows\System\YzjKjXJ.exe N/A
N/A N/A C:\Windows\System\fpMQEGt.exe N/A
N/A N/A C:\Windows\System\cnhNNMf.exe N/A
N/A N/A C:\Windows\System\alJCxKo.exe N/A
N/A N/A C:\Windows\System\OFtgLvf.exe N/A
N/A N/A C:\Windows\System\MHWSjCt.exe N/A
N/A N/A C:\Windows\System\qqXZrLQ.exe N/A
N/A N/A C:\Windows\System\oyaCzQY.exe N/A
N/A N/A C:\Windows\System\CJtUFEX.exe N/A
N/A N/A C:\Windows\System\VSGYpiL.exe N/A
N/A N/A C:\Windows\System\feyNGxB.exe N/A
N/A N/A C:\Windows\System\sPIQPVa.exe N/A
N/A N/A C:\Windows\System\KBNkQpt.exe N/A
N/A N/A C:\Windows\System\PfRAjqx.exe N/A
N/A N/A C:\Windows\System\SBveBcz.exe N/A
N/A N/A C:\Windows\System\BauDovm.exe N/A
N/A N/A C:\Windows\System\PQLGLuG.exe N/A
N/A N/A C:\Windows\System\eyurdPM.exe N/A
N/A N/A C:\Windows\System\ejlRurh.exe N/A
N/A N/A C:\Windows\System\BHbCNOe.exe N/A
N/A N/A C:\Windows\System\GZaMMxd.exe N/A
N/A N/A C:\Windows\System\WOjbQFo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZpBuivX.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zitoTcr.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcvyfqx.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zewUVTd.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtxnagM.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlCHzkX.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oyaCzQY.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcxqQub.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AAeBVrN.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dVvyJDL.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHyRJDB.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwcyAUo.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nGjoDVN.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqXZrLQ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUBZWmj.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ielDqhq.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xccJrvv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFPnVdn.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtyuNQV.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJWVNmN.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sPIQPVa.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNnqZCr.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGlncjx.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tUxUxuL.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\feyNGxB.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmjCaXI.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWDaXxL.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AtYSqQy.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGtipZi.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMSXNKf.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOILbkM.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vuaJwjC.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhwnQNE.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkSnPUy.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yiKeQPN.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QIxqTXb.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXapXVv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFTZoWT.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jrSQgzn.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTDhMNA.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuYtXMM.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YzjKjXJ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpMQEGt.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PfRAjqx.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DuBUaSI.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlyMttQ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LzByDeD.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEiykol.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCdUFJw.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mRyWNHo.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCFhyjI.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TExanoZ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZTAAsEo.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UkfQhAM.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOFvedq.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALoCvRQ.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\szzhznj.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZnswdR.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSIdfbs.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jlJDxdD.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ycJaMTa.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dreAPSz.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlLtxwv.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejlRurh.exe C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\BSlESHM.exe
PID 1956 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\BSlESHM.exe
PID 1956 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\NyMorcu.exe
PID 1956 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\NyMorcu.exe
PID 1956 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\AJyqHIv.exe
PID 1956 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\AJyqHIv.exe
PID 1956 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nYelwKk.exe
PID 1956 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nYelwKk.exe
PID 1956 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ViCPvew.exe
PID 1956 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ViCPvew.exe
PID 1956 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LkWeolX.exe
PID 1956 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LkWeolX.exe
PID 1956 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\vuaJwjC.exe
PID 1956 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\vuaJwjC.exe
PID 1956 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LzByDeD.exe
PID 1956 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LzByDeD.exe
PID 1956 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\bkBjInn.exe
PID 1956 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\bkBjInn.exe
PID 1956 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ZkhJqim.exe
PID 1956 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ZkhJqim.exe
PID 1956 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\DGlncjx.exe
PID 1956 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\DGlncjx.exe
PID 1956 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LDScakM.exe
PID 1956 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\LDScakM.exe
PID 1956 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\hOzVjPC.exe
PID 1956 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\hOzVjPC.exe
PID 1956 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\SCAcpEZ.exe
PID 1956 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\SCAcpEZ.exe
PID 1956 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\cbpYrwP.exe
PID 1956 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\cbpYrwP.exe
PID 1956 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ycJaMTa.exe
PID 1956 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ycJaMTa.exe
PID 1956 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\Znmjpyd.exe
PID 1956 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\Znmjpyd.exe
PID 1956 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ixcZLGh.exe
PID 1956 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ixcZLGh.exe
PID 1956 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nGjoDVN.exe
PID 1956 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nGjoDVN.exe
PID 1956 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\OWcGpSL.exe
PID 1956 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\OWcGpSL.exe
PID 1956 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\dHlnxVe.exe
PID 1956 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\dHlnxVe.exe
PID 1956 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\aCGJfzi.exe
PID 1956 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\aCGJfzi.exe
PID 1956 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ATikEgW.exe
PID 1956 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\ATikEgW.exe
PID 1956 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\JZiIPam.exe
PID 1956 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\JZiIPam.exe
PID 1956 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\IxQIPUS.exe
PID 1956 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\IxQIPUS.exe
PID 1956 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\PRXmqkc.exe
PID 1956 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\PRXmqkc.exe
PID 1956 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nwBnMtR.exe
PID 1956 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\nwBnMtR.exe
PID 1956 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\FHomNGX.exe
PID 1956 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\FHomNGX.exe
PID 1956 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\hlcCzYQ.exe
PID 1956 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\hlcCzYQ.exe
PID 1956 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\CIomFfp.exe
PID 1956 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\CIomFfp.exe
PID 1956 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\EHyRJDB.exe
PID 1956 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\EHyRJDB.exe
PID 1956 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\gXapXVv.exe
PID 1956 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe C:\Windows\System\gXapXVv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2dc35e116f36f1e34ad23152539b79c0_NeikiAnalytics.exe"

C:\Windows\System\BSlESHM.exe

C:\Windows\System\BSlESHM.exe

C:\Windows\System\NyMorcu.exe

C:\Windows\System\NyMorcu.exe

C:\Windows\System\AJyqHIv.exe

C:\Windows\System\AJyqHIv.exe

C:\Windows\System\nYelwKk.exe

C:\Windows\System\nYelwKk.exe

C:\Windows\System\ViCPvew.exe

C:\Windows\System\ViCPvew.exe

C:\Windows\System\LkWeolX.exe

C:\Windows\System\LkWeolX.exe

C:\Windows\System\vuaJwjC.exe

C:\Windows\System\vuaJwjC.exe

C:\Windows\System\LzByDeD.exe

C:\Windows\System\LzByDeD.exe

C:\Windows\System\bkBjInn.exe

C:\Windows\System\bkBjInn.exe

C:\Windows\System\ZkhJqim.exe

C:\Windows\System\ZkhJqim.exe

C:\Windows\System\DGlncjx.exe

C:\Windows\System\DGlncjx.exe

C:\Windows\System\LDScakM.exe

C:\Windows\System\LDScakM.exe

C:\Windows\System\hOzVjPC.exe

C:\Windows\System\hOzVjPC.exe

C:\Windows\System\SCAcpEZ.exe

C:\Windows\System\SCAcpEZ.exe

C:\Windows\System\cbpYrwP.exe

C:\Windows\System\cbpYrwP.exe

C:\Windows\System\ycJaMTa.exe

C:\Windows\System\ycJaMTa.exe

C:\Windows\System\Znmjpyd.exe

C:\Windows\System\Znmjpyd.exe

C:\Windows\System\ixcZLGh.exe

C:\Windows\System\ixcZLGh.exe

C:\Windows\System\nGjoDVN.exe

C:\Windows\System\nGjoDVN.exe

C:\Windows\System\OWcGpSL.exe

C:\Windows\System\OWcGpSL.exe

C:\Windows\System\dHlnxVe.exe

C:\Windows\System\dHlnxVe.exe

C:\Windows\System\aCGJfzi.exe

C:\Windows\System\aCGJfzi.exe

C:\Windows\System\ATikEgW.exe

C:\Windows\System\ATikEgW.exe

C:\Windows\System\JZiIPam.exe

C:\Windows\System\JZiIPam.exe

C:\Windows\System\IxQIPUS.exe

C:\Windows\System\IxQIPUS.exe

C:\Windows\System\PRXmqkc.exe

C:\Windows\System\PRXmqkc.exe

C:\Windows\System\nwBnMtR.exe

C:\Windows\System\nwBnMtR.exe

C:\Windows\System\FHomNGX.exe

C:\Windows\System\FHomNGX.exe

C:\Windows\System\hlcCzYQ.exe

C:\Windows\System\hlcCzYQ.exe

C:\Windows\System\CIomFfp.exe

C:\Windows\System\CIomFfp.exe

C:\Windows\System\EHyRJDB.exe

C:\Windows\System\EHyRJDB.exe

C:\Windows\System\gXapXVv.exe

C:\Windows\System\gXapXVv.exe

C:\Windows\System\CmjCaXI.exe

C:\Windows\System\CmjCaXI.exe

C:\Windows\System\VvzzLpC.exe

C:\Windows\System\VvzzLpC.exe

C:\Windows\System\ALoCvRQ.exe

C:\Windows\System\ALoCvRQ.exe

C:\Windows\System\lwcyAUo.exe

C:\Windows\System\lwcyAUo.exe

C:\Windows\System\aVygKsC.exe

C:\Windows\System\aVygKsC.exe

C:\Windows\System\ZpBuivX.exe

C:\Windows\System\ZpBuivX.exe

C:\Windows\System\CcQSrar.exe

C:\Windows\System\CcQSrar.exe

C:\Windows\System\zitoTcr.exe

C:\Windows\System\zitoTcr.exe

C:\Windows\System\NWAjbgw.exe

C:\Windows\System\NWAjbgw.exe

C:\Windows\System\ZawQygZ.exe

C:\Windows\System\ZawQygZ.exe

C:\Windows\System\YzjKjXJ.exe

C:\Windows\System\YzjKjXJ.exe

C:\Windows\System\fpMQEGt.exe

C:\Windows\System\fpMQEGt.exe

C:\Windows\System\cnhNNMf.exe

C:\Windows\System\cnhNNMf.exe

C:\Windows\System\alJCxKo.exe

C:\Windows\System\alJCxKo.exe

C:\Windows\System\OFtgLvf.exe

C:\Windows\System\OFtgLvf.exe

C:\Windows\System\MHWSjCt.exe

C:\Windows\System\MHWSjCt.exe

C:\Windows\System\qqXZrLQ.exe

C:\Windows\System\qqXZrLQ.exe

C:\Windows\System\oyaCzQY.exe

C:\Windows\System\oyaCzQY.exe

C:\Windows\System\CJtUFEX.exe

C:\Windows\System\CJtUFEX.exe

C:\Windows\System\VSGYpiL.exe

C:\Windows\System\VSGYpiL.exe

C:\Windows\System\feyNGxB.exe

C:\Windows\System\feyNGxB.exe

C:\Windows\System\sPIQPVa.exe

C:\Windows\System\sPIQPVa.exe

C:\Windows\System\KBNkQpt.exe

C:\Windows\System\KBNkQpt.exe

C:\Windows\System\PfRAjqx.exe

C:\Windows\System\PfRAjqx.exe

C:\Windows\System\SBveBcz.exe

C:\Windows\System\SBveBcz.exe

C:\Windows\System\BauDovm.exe

C:\Windows\System\BauDovm.exe

C:\Windows\System\PQLGLuG.exe

C:\Windows\System\PQLGLuG.exe

C:\Windows\System\eyurdPM.exe

C:\Windows\System\eyurdPM.exe

C:\Windows\System\ejlRurh.exe

C:\Windows\System\ejlRurh.exe

C:\Windows\System\BHbCNOe.exe

C:\Windows\System\BHbCNOe.exe

C:\Windows\System\GZaMMxd.exe

C:\Windows\System\GZaMMxd.exe

C:\Windows\System\WOjbQFo.exe

C:\Windows\System\WOjbQFo.exe

C:\Windows\System\hkgIjBg.exe

C:\Windows\System\hkgIjBg.exe

C:\Windows\System\fJFHitF.exe

C:\Windows\System\fJFHitF.exe

C:\Windows\System\ZOigedW.exe

C:\Windows\System\ZOigedW.exe

C:\Windows\System\oUpbGMP.exe

C:\Windows\System\oUpbGMP.exe

C:\Windows\System\MUBZWmj.exe

C:\Windows\System\MUBZWmj.exe

C:\Windows\System\sWDaXxL.exe

C:\Windows\System\sWDaXxL.exe

C:\Windows\System\LDwdPuD.exe

C:\Windows\System\LDwdPuD.exe

C:\Windows\System\DEiykol.exe

C:\Windows\System\DEiykol.exe

C:\Windows\System\VELMJke.exe

C:\Windows\System\VELMJke.exe

C:\Windows\System\rOEqrTc.exe

C:\Windows\System\rOEqrTc.exe

C:\Windows\System\iNEVjLx.exe

C:\Windows\System\iNEVjLx.exe

C:\Windows\System\oUtueJg.exe

C:\Windows\System\oUtueJg.exe

C:\Windows\System\dCdUFJw.exe

C:\Windows\System\dCdUFJw.exe

C:\Windows\System\IZSDTak.exe

C:\Windows\System\IZSDTak.exe

C:\Windows\System\UMzigoZ.exe

C:\Windows\System\UMzigoZ.exe

C:\Windows\System\xpQCevS.exe

C:\Windows\System\xpQCevS.exe

C:\Windows\System\zewUVTd.exe

C:\Windows\System\zewUVTd.exe

C:\Windows\System\DzJyRQx.exe

C:\Windows\System\DzJyRQx.exe

C:\Windows\System\GzIfPtD.exe

C:\Windows\System\GzIfPtD.exe

C:\Windows\System\wIdrxhh.exe

C:\Windows\System\wIdrxhh.exe

C:\Windows\System\vjLyKBF.exe

C:\Windows\System\vjLyKBF.exe

C:\Windows\System\iFTZoWT.exe

C:\Windows\System\iFTZoWT.exe

C:\Windows\System\TSIdfbs.exe

C:\Windows\System\TSIdfbs.exe

C:\Windows\System\bcvyfqx.exe

C:\Windows\System\bcvyfqx.exe

C:\Windows\System\lbfeJpH.exe

C:\Windows\System\lbfeJpH.exe

C:\Windows\System\ZTAAsEo.exe

C:\Windows\System\ZTAAsEo.exe

C:\Windows\System\GLGUDIT.exe

C:\Windows\System\GLGUDIT.exe

C:\Windows\System\qZkVpqt.exe

C:\Windows\System\qZkVpqt.exe

C:\Windows\System\UkfQhAM.exe

C:\Windows\System\UkfQhAM.exe

C:\Windows\System\gZEunpF.exe

C:\Windows\System\gZEunpF.exe

C:\Windows\System\OBcbeOP.exe

C:\Windows\System\OBcbeOP.exe

C:\Windows\System\xhwnQNE.exe

C:\Windows\System\xhwnQNE.exe

C:\Windows\System\NifajBb.exe

C:\Windows\System\NifajBb.exe

C:\Windows\System\vluZfmk.exe

C:\Windows\System\vluZfmk.exe

C:\Windows\System\dreAPSz.exe

C:\Windows\System\dreAPSz.exe

C:\Windows\System\ielDqhq.exe

C:\Windows\System\ielDqhq.exe

C:\Windows\System\DcxqQub.exe

C:\Windows\System\DcxqQub.exe

C:\Windows\System\dKEQdOz.exe

C:\Windows\System\dKEQdOz.exe

C:\Windows\System\DBKqMuo.exe

C:\Windows\System\DBKqMuo.exe

C:\Windows\System\nxUTNvs.exe

C:\Windows\System\nxUTNvs.exe

C:\Windows\System\DuBUaSI.exe

C:\Windows\System\DuBUaSI.exe

C:\Windows\System\tNwjCEI.exe

C:\Windows\System\tNwjCEI.exe

C:\Windows\System\pQUFZnX.exe

C:\Windows\System\pQUFZnX.exe

C:\Windows\System\VVPDqIy.exe

C:\Windows\System\VVPDqIy.exe

C:\Windows\System\EnxMwbR.exe

C:\Windows\System\EnxMwbR.exe

C:\Windows\System\uRYJNFg.exe

C:\Windows\System\uRYJNFg.exe

C:\Windows\System\tUxUxuL.exe

C:\Windows\System\tUxUxuL.exe

C:\Windows\System\mlyMttQ.exe

C:\Windows\System\mlyMttQ.exe

C:\Windows\System\szzhznj.exe

C:\Windows\System\szzhznj.exe

C:\Windows\System\NzyWqqL.exe

C:\Windows\System\NzyWqqL.exe

C:\Windows\System\NtxnagM.exe

C:\Windows\System\NtxnagM.exe

C:\Windows\System\fOIXoXM.exe

C:\Windows\System\fOIXoXM.exe

C:\Windows\System\unwtHbC.exe

C:\Windows\System\unwtHbC.exe

C:\Windows\System\PMbblvy.exe

C:\Windows\System\PMbblvy.exe

C:\Windows\System\HrnGFFj.exe

C:\Windows\System\HrnGFFj.exe

C:\Windows\System\yxwFRFQ.exe

C:\Windows\System\yxwFRFQ.exe

C:\Windows\System\VbFEJiR.exe

C:\Windows\System\VbFEJiR.exe

C:\Windows\System\lUkGRQA.exe

C:\Windows\System\lUkGRQA.exe

C:\Windows\System\cwVterN.exe

C:\Windows\System\cwVterN.exe

C:\Windows\System\gkSnPUy.exe

C:\Windows\System\gkSnPUy.exe

C:\Windows\System\mRyWNHo.exe

C:\Windows\System\mRyWNHo.exe

C:\Windows\System\EIrTlRD.exe

C:\Windows\System\EIrTlRD.exe

C:\Windows\System\AAeBVrN.exe

C:\Windows\System\AAeBVrN.exe

C:\Windows\System\ilOXJAK.exe

C:\Windows\System\ilOXJAK.exe

C:\Windows\System\erGCcWt.exe

C:\Windows\System\erGCcWt.exe

C:\Windows\System\pyfUOaQ.exe

C:\Windows\System\pyfUOaQ.exe

C:\Windows\System\HlrSrDQ.exe

C:\Windows\System\HlrSrDQ.exe

C:\Windows\System\EHcLMgh.exe

C:\Windows\System\EHcLMgh.exe

C:\Windows\System\UNZdvaC.exe

C:\Windows\System\UNZdvaC.exe

C:\Windows\System\AtYSqQy.exe

C:\Windows\System\AtYSqQy.exe

C:\Windows\System\hxRimbQ.exe

C:\Windows\System\hxRimbQ.exe

C:\Windows\System\PWzYSzS.exe

C:\Windows\System\PWzYSzS.exe

C:\Windows\System\lQsRXrn.exe

C:\Windows\System\lQsRXrn.exe

C:\Windows\System\GOFvedq.exe

C:\Windows\System\GOFvedq.exe

C:\Windows\System\drutAJc.exe

C:\Windows\System\drutAJc.exe

C:\Windows\System\vlglufy.exe

C:\Windows\System\vlglufy.exe

C:\Windows\System\uBBKCMu.exe

C:\Windows\System\uBBKCMu.exe

C:\Windows\System\KxdbBms.exe

C:\Windows\System\KxdbBms.exe

C:\Windows\System\OCFhyjI.exe

C:\Windows\System\OCFhyjI.exe

C:\Windows\System\xccJrvv.exe

C:\Windows\System\xccJrvv.exe

C:\Windows\System\UNnqZCr.exe

C:\Windows\System\UNnqZCr.exe

C:\Windows\System\kXnTRqI.exe

C:\Windows\System\kXnTRqI.exe

C:\Windows\System\drMCWJU.exe

C:\Windows\System\drMCWJU.exe

C:\Windows\System\pVlNIyJ.exe

C:\Windows\System\pVlNIyJ.exe

C:\Windows\System\VJSInJH.exe

C:\Windows\System\VJSInJH.exe

C:\Windows\System\BkYWPjq.exe

C:\Windows\System\BkYWPjq.exe

C:\Windows\System\VlCHzkX.exe

C:\Windows\System\VlCHzkX.exe

C:\Windows\System\jlJDxdD.exe

C:\Windows\System\jlJDxdD.exe

C:\Windows\System\xcBZCPt.exe

C:\Windows\System\xcBZCPt.exe

C:\Windows\System\jrSQgzn.exe

C:\Windows\System\jrSQgzn.exe

C:\Windows\System\KcMBNHc.exe

C:\Windows\System\KcMBNHc.exe

C:\Windows\System\JDAFVUU.exe

C:\Windows\System\JDAFVUU.exe

C:\Windows\System\UlLtxwv.exe

C:\Windows\System\UlLtxwv.exe

C:\Windows\System\lFPnVdn.exe

C:\Windows\System\lFPnVdn.exe

C:\Windows\System\fSCWbPa.exe

C:\Windows\System\fSCWbPa.exe

C:\Windows\System\MirnIhA.exe

C:\Windows\System\MirnIhA.exe

C:\Windows\System\KPIqccr.exe

C:\Windows\System\KPIqccr.exe

C:\Windows\System\dVvyJDL.exe

C:\Windows\System\dVvyJDL.exe

C:\Windows\System\DtyuNQV.exe

C:\Windows\System\DtyuNQV.exe

C:\Windows\System\hIxupgW.exe

C:\Windows\System\hIxupgW.exe

C:\Windows\System\OWaANsD.exe

C:\Windows\System\OWaANsD.exe

C:\Windows\System\tTHEAHs.exe

C:\Windows\System\tTHEAHs.exe

C:\Windows\System\HLSYeVH.exe

C:\Windows\System\HLSYeVH.exe

C:\Windows\System\cTMMFlO.exe

C:\Windows\System\cTMMFlO.exe

C:\Windows\System\lvGKinV.exe

C:\Windows\System\lvGKinV.exe

C:\Windows\System\BCOGNfI.exe

C:\Windows\System\BCOGNfI.exe

C:\Windows\System\PnCrxSc.exe

C:\Windows\System\PnCrxSc.exe

C:\Windows\System\yiKeQPN.exe

C:\Windows\System\yiKeQPN.exe

C:\Windows\System\pEgROxX.exe

C:\Windows\System\pEgROxX.exe

C:\Windows\System\kJWVNmN.exe

C:\Windows\System\kJWVNmN.exe

C:\Windows\System\TExanoZ.exe

C:\Windows\System\TExanoZ.exe

C:\Windows\System\sBDMNPe.exe

C:\Windows\System\sBDMNPe.exe

C:\Windows\System\fTDhMNA.exe

C:\Windows\System\fTDhMNA.exe

C:\Windows\System\zKjKUAK.exe

C:\Windows\System\zKjKUAK.exe

C:\Windows\System\IAbViNO.exe

C:\Windows\System\IAbViNO.exe

C:\Windows\System\eyrowHr.exe

C:\Windows\System\eyrowHr.exe

C:\Windows\System\HyZBGRm.exe

C:\Windows\System\HyZBGRm.exe

C:\Windows\System\eRySsTc.exe

C:\Windows\System\eRySsTc.exe

C:\Windows\System\uqxdfrf.exe

C:\Windows\System\uqxdfrf.exe

C:\Windows\System\SGtipZi.exe

C:\Windows\System\SGtipZi.exe

C:\Windows\System\aMSXNKf.exe

C:\Windows\System\aMSXNKf.exe

C:\Windows\System\eZnswdR.exe

C:\Windows\System\eZnswdR.exe

C:\Windows\System\KOILbkM.exe

C:\Windows\System\KOILbkM.exe

C:\Windows\System\oaeAqvK.exe

C:\Windows\System\oaeAqvK.exe

C:\Windows\System\ClZbOPb.exe

C:\Windows\System\ClZbOPb.exe

C:\Windows\System\PRmkqSa.exe

C:\Windows\System\PRmkqSa.exe

C:\Windows\System\QIxqTXb.exe

C:\Windows\System\QIxqTXb.exe

C:\Windows\System\nHjdgyc.exe

C:\Windows\System\nHjdgyc.exe

C:\Windows\System\HuYtXMM.exe

C:\Windows\System\HuYtXMM.exe

C:\Windows\System\YpihmsO.exe

C:\Windows\System\YpihmsO.exe

C:\Windows\System\RHZnrsO.exe

C:\Windows\System\RHZnrsO.exe

C:\Windows\System\bvWQwag.exe

C:\Windows\System\bvWQwag.exe

C:\Windows\System\oMyQgis.exe

C:\Windows\System\oMyQgis.exe

C:\Windows\System\bkNoVIq.exe

C:\Windows\System\bkNoVIq.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/1956-0-0x000002E118AC0000-0x000002E118AD0000-memory.dmp

C:\Windows\System\BSlESHM.exe

MD5 93c26f4046e37821ebad8ad04ef33b37
SHA1 7f2914684061fcf8bb2fe2fe19230b15a95f4502
SHA256 b3c537166f3f45b0f66aa0e920dfaa286448f1d73a0b147ea6148dae8d235b8f
SHA512 11ab96cf443ad9844f22fb6b61ba446ae4cf8e8829dc64922bbe774e6224854374889f8ff7b7472de2a2dd69fb1ebee27eacfee50733429665086bc7c7c4a5d6

C:\Windows\System\NyMorcu.exe

MD5 38ece2f60f92b432f4038531e1061c81
SHA1 a2a132e05a06da1209bebd633b95eeeed2d8bfdd
SHA256 e647ffea5d68acac96858271d312c2a569f88018a68788e714e45e4ae8bddda5
SHA512 f3e2acc7e7d484f7b8db220b912e60ee3e6ca8b85befbe6a37a02e80a7f8294186213f3d56f55cfc032e270f8a86a2f13096e6d72c153dbbc16901cb486c2653

C:\Windows\System\AJyqHIv.exe

MD5 f1a34f8d4363d1cf94369e20b7f6716f
SHA1 74011258dd5aba3922d0176739fd2c594482fd24
SHA256 3eb5eb452255477e0d5f87ec941ef1351ad9b9b271daf738c6fa5b442390c543
SHA512 dd9f8b448cbe8d3315efb798f61a3cb3622cbcdc0b2b6dae79a63c8ff530e8c258a3e7ea73562e833ffdfd3fb3f3e9cb01a38601d9e1ac5b7bc19aeef10a5ce3

C:\Windows\System\nYelwKk.exe

MD5 6592835e8adfe60a5d8e558ae01e1312
SHA1 eac3f2afe647124c26b22143ee8784129bfd9b56
SHA256 8d0e41384bd3fee69b5b7208c3a8470ef49d72078e332a3d5c495c522ab01fe4
SHA512 ee242f99cf0357c399559aa69f64dac35c58301ae3daaf6a64dfdb881eae80c0711c53e4bd766e2cb3ae7cc0321733f6a7c4feed57a22ecaa6f3aae3728c0089

C:\Windows\System\ViCPvew.exe

MD5 be77eee439612c736b19ae76406febfd
SHA1 789f7e2216ecd9f9b6516701f101b63e3cef8f5c
SHA256 049a1dc9237e09bec5689aaf53cd72eabead3d767ad304d37e3c7270a5ed0334
SHA512 989bc48b07de739037e8af1a3e6d7471707be72f26cfe466bca6861aed5df41a560426812bc8a084ba0903a92185c21f678fb7169da8f05a327eab9178122e23

C:\Windows\System\LkWeolX.exe

MD5 ca7a350ed7b569cc789ec5d242eb0f4e
SHA1 71b0fae9689cea5e9f6890da45a7e50e56b01708
SHA256 e4f077e11b7a9eb97b21b25b388699478c446fa96546081e31a7e743509a83ee
SHA512 49732903c86712200bda24d8cd9e73210049543597c6e5e9925b02caa97b98b690353819352ac90e8f2e169bb32b2bbdd160e9036b41ed0d30122f8a13370443

C:\Windows\System\vuaJwjC.exe

MD5 ce37a38c2041e06c2e8ce0b88ad55b47
SHA1 e0b599f80fe8ffda81d8a9397197bd8b917bc1d3
SHA256 a1795e55327bf983ca9f07332250e24bfbda2e8051686346133692e192fef49e
SHA512 0effae0b14ceab9ee31a6499e795e153b8eb71530afa6ae27c9613b4380d03549f6c78e355f68686005af64788fa97747a9573457b29141fc356be1e68d8094c

C:\Windows\System\LzByDeD.exe

MD5 2825e66b10d7af79f154219eaf821858
SHA1 2b00f511407ede551ba90293e985dcdfb39f0c64
SHA256 f7326a0f3f35c1f992f6c721e1adbe042950ef349266e61704365c8c5b2071ae
SHA512 e8c4dd4972f021c40b4537da9f21f643e5e14b66db4cd6eb86c0d89b045a1f5999cb84529ea9551dc3635c3039608ab056c8dd174277c591b3816973de3622c9

C:\Windows\System\bkBjInn.exe

MD5 4f0d6a5d268bea3006dc7eb770043b5d
SHA1 1c12abe323b02d807c6cb77534135d8deff8c67c
SHA256 6cbdc450647c665bd75ac6cfdadb231dc1927c1a861ccb6e218c1549e09c74e7
SHA512 2aa345ca7f3760d7d6752f7d516e024fa1c6b3d17a2abdd146585a8ca9492c6de267c9815742101e67de3d1a8de93bd61a660c37b0474d65332a471c90cd0bbd

C:\Windows\System\ZkhJqim.exe

MD5 9fadde46e79e357c8ce158d2a72e0e5e
SHA1 e291f42d04b390a928a074154e3a08803ada6594
SHA256 b078b84f95c4bc0456eaf59d2d6520acd69b7eae2ac79dc549d6663946b65a29
SHA512 67ba3e604c6b5af388f329b7fb7f6ab30bf11e1bc9a40f57267d50dee068f0f478be17bf1be61b630fd7900304b6fb08b867851f95a21ddd33ef9bcf413c560a

C:\Windows\System\DGlncjx.exe

MD5 b2bc6ac635c1120e97296dc98c482e29
SHA1 d8c2127505abd63bceb06184901550e90ed64806
SHA256 69d0dfffda99c273df27bea183baaba0ed190c96cdc13c14f58c2c1914ad62a4
SHA512 18992654e876caa923f180c5690d8def4a861335f6451d0cdbed4ea80510b41370052d571d0905248249104c5d5baf972f1efcead57d346a3284c715b2e083ce

C:\Windows\System\LDScakM.exe

MD5 a0289eab432e33d386c7a4070f886472
SHA1 f27897960be6d9f3e018e3699892aa0fbfa385fb
SHA256 8d39be290af7716716a1d279ac14cbfe05815f1d25ad64bdaa1834f7f12dad4e
SHA512 6658238467e6c3d1854bc2b40bd9ec78cd95f58abda99a303cc12398b75bb688fe4e0a4139565d80d06721f6268d7643f2b96219c6bafeb3f8808598cc084a68

C:\Windows\System\hOzVjPC.exe

MD5 95cb702981408fe00a2084dd00051380
SHA1 0c3d6884bb93036c4d9ebc6797f281fa8edc3f21
SHA256 e8ba855f439aec2d529620023b11e561ec116dcdc06bea0be401200d94e39468
SHA512 5d2845f9e1f91a6b5da5e3b660c4f862adc0f0f4ceefef5e090f2908ba6282aa89472c68d465cd388c8f8a784a4be1d01b82ac7ffb770d8094bfaf32df100d00

C:\Windows\System\SCAcpEZ.exe

MD5 9e11ed465cf9d49acfd4e21e89d2831a
SHA1 ef06acc03261af744e09c9538387ccc293655657
SHA256 30c7edb269bf50224a0b792bd4a163721916fa459668cd06b75e6b6b4afc3a0e
SHA512 17b785457b403ebbb37bbe8d3af3c57e6f28c874368a1444675bb47c46d1457b8d316c60cf85df88f01424d91d66ae7453e63f0b213f03ffebf6fdd5a7c7728b

C:\Windows\System\cbpYrwP.exe

MD5 b2a4537425e5ea939385bbd3d25ec4cb
SHA1 ac9aa187a195ca108667730429c8e1407d16c28a
SHA256 66e203b8cdd056b4bc73f72666c6df82a3e9fef79e96221ce554a6a0aa4354cc
SHA512 2e40ac946d5e6c48f91c9d8a71bd68adbf48358af6b882a192f4b2f621d21a71f28f80ced91f8d4e46b7c1bf416eb2b0b5ccbd6bfa5d4bb7dbf65a6f06ab681f

C:\Windows\System\ycJaMTa.exe

MD5 700e859634ac89fb209c8d6ba92d6ec1
SHA1 4abbfd3e2010b673703f3817479b8485296ce29b
SHA256 de0717853f8960f602502a2586ae9b336bdb8981d6d9ff67e5831d5ffd2b709b
SHA512 8bcd7472a7edd86b8089815152e3d3591f006ca30695ea2f0705a38e267077a80864ba3f765399fd08ff481047103125b5074f946b5b761a75e5022fb5914756

C:\Windows\System\Znmjpyd.exe

MD5 026ada19ba91f671ae29f8896d711efd
SHA1 6f0bfec6b7cecd5113b9ae692b0ddd216460c033
SHA256 b25302fa9832a18380ba6ce41c07977708a892908e644b45db57a98713681bcc
SHA512 67c3c4f245ef3aefe2241348e8d823740306724f0c217c0ca3b191e555a8758205eda23916926be3e4eb0da43219bb6e8e30599c9c9bc4ab44633e09602259b6

C:\Windows\System\ixcZLGh.exe

MD5 73098a294f1c320b23b20be399ebfe49
SHA1 9e9adbb991120ea784b0c50e9c67715d7aa05e02
SHA256 736d1287c27fbb948ab8227f17d28e1ddc26219803f4a110fec3d2635c1ef985
SHA512 c2b1f7877a7b1673c1ae919613c095afca5280355dd2335c6f24106a8655ea040d7b1b7ef94dd6712b59438491af5f9ba7c43b97869092febb6183b3e4c3b327

C:\Windows\System\nGjoDVN.exe

MD5 d1e29762ca1bfe1c8390da3a1ce7a86e
SHA1 27a1e77e523a8b769276da451f0a9f7f1845b1a3
SHA256 7f40dea4c89a69990a897282df54009d6f29d7888b56d280747aed96d8f13b2a
SHA512 68a18db6fce3728b8771b12180637a29395ee68fd49c5a5ac156b29b04c637c84c86d45c66b967ff7adfd119cc3fa5275aea3dfb3c1fecfe9297bdcbb314c298

C:\Windows\System\OWcGpSL.exe

MD5 660185544c62c801a61541649e390ed1
SHA1 5c0759fac287a06741cc772ae5f7f3c8a99a6b2d
SHA256 cc8eb2439f5b3eb27288d5ee6621f79651c4254a3bcd79d52782ca06523e62b4
SHA512 b3a1044d9203d78ab5d54a9f77753fe0e54e3f16a48e3d49086ec7cddb4d2cb8570d0efa71bea5173ff52c90aefe94f86106583cd040e2524f85f0c03c0811ce

C:\Windows\System\dHlnxVe.exe

MD5 6fa05d7f084442d1225b30eff238c73a
SHA1 b979e688921e56dc8c9a13df161b5e445cde8d53
SHA256 2af17e84abca3181f496a888a34baba7c8912d5dde8d7ec5d3cc18bee9cac6e8
SHA512 b3af5fb3fa4eff9358138bb9e465266f65f00d8b24dfa083252a3c29d450e4930885024efaa9ff241e81a01604ef5952739a9053cf9e8e1c4b6e0fd6555969b8

C:\Windows\System\aCGJfzi.exe

MD5 7574cdf8436a9a486fa736b391d54086
SHA1 4e74fd008465580176c5810441578d0aee3ac7f0
SHA256 c98acf5b247fce66d5ec5044e31c90837650a5ab0de066a0215003333b6beee5
SHA512 e70d7a2f640ce6833e15a442dba27536d0d529ddc9606627990ab311109d1a6da3cdf43096cf54ebdb4bc9d4ef283d3a23208ef34457b59a6868e746a1ba3408

C:\Windows\System\JZiIPam.exe

MD5 d0e758aff1092a4f37a344a0ebaffd63
SHA1 754c8682b17755a29758add0a2d2b694a131f298
SHA256 1fe2d9aea10e2d4191a2e9cd2cd42f56b941a56b385b33d929c21f55fbd9170a
SHA512 a7038912fe35cc2b86c2bbbd8452ff63fae0c399fb81b9442bc2dbc08ca08f912a7a373179645e5be504647e51837aa64005b28b46483b1ed1966da114d9e7a7

C:\Windows\System\ATikEgW.exe

MD5 16c0c7eae8c95a021b7ef8b6a69fe095
SHA1 e1a3d44ee8de3b87c42cd8c2e2852c9e9974c370
SHA256 dba87a2acb6076ea8c99166c66595f3f4c4095202d8eeb41cff040c4ec3fe8a8
SHA512 6b756555c53e1849cf90382772d072f95ccbba81ac0587d958638655b8b4f7f31331a1a9857d68f4c9850501e85976c1ca4b8859f24edc7e1ded7a162f010c83

C:\Windows\System\IxQIPUS.exe

MD5 ef8a1ce2a68af9c4020e7659341d30a2
SHA1 a21788979165b83e0b48d4c6aff4d92c0eca4eac
SHA256 79efb0521d6ce80fd8aa894769d8f10ccaddf885b24ca41eba8685870bd5c6f0
SHA512 60e2560b2bbd4e0b1902fdd73eba9e1db4cfad43452f0deb6728a1907bda869cf326c72ff848f238e8179cf05371a4725909993937950ed6095d4b237a94035c

C:\Windows\System\nwBnMtR.exe

MD5 92601e7088b242eb7a8c13d06c1f73fa
SHA1 140a2bf132fa8fc6e17554374b22726bc6ba2ecf
SHA256 31ea0e0bd30b7965438c02343a512faa88535bb137ae3bbc76b6762679a93788
SHA512 4720ee4985048d5b4ca790877f2b16215e11e45842cef079a439298ba0aa0f117105a46d24eac72d19f63e92955794b61ba3bd8cb2d9cc9d8a6503d47a7147d1

C:\Windows\System\FHomNGX.exe

MD5 3c1160f96cc13739e192987a29c8f113
SHA1 8411f779acdb1b48fbc865be3b4c25c52a1b5e0d
SHA256 274cd46d5b4860ed93e138da547e04c093aee12c5112c86451818ca8dde4e3b6
SHA512 959f187794e27b3f6a82a582bd8513863a221e1f72a530a0b6060f1a49dc317b435a2983a3b37f2e0477c8bc43915146702ae1f588e1d360fa728dd1fb828c91

C:\Windows\System\hlcCzYQ.exe

MD5 74fc288e48fea9aab70c2bc96e4223ee
SHA1 63625e9d6961a0a8c0be5dde14d81fa24790fcec
SHA256 80bcc0343f6402d89f209f86bb73186b78173b884d0ede055329f98eb2b09e1e
SHA512 3d0305d284d39d0e0adb1af149951c1fdc3f79ae8041080c1f4d8db2c11d498d3b01cf75efb5fb9ca3f44535752f5197503f14680a4cefd5cac4b95d918ee128

C:\Windows\System\CIomFfp.exe

MD5 98944fb6815b71dfa1c4fec30a8794c7
SHA1 107649c55d4220420824871c7757b30fb0230da2
SHA256 80e37c79c6a19d213e331000637632f5779e71ef1861c2e779213385c43e2b4f
SHA512 18513a38bd16dcd69840d913bdc7203432196bd0ca420ce4bf2f7bc750dc34d1649274172e4251cd6caaf0b46a26c9d36c452ad35962d7cd34ab3eb38363bed9

C:\Windows\System\CmjCaXI.exe

MD5 26161b06ebadaee66a0de17a09d39cb4
SHA1 e8b20641623015937febe2b05216e77def36882b
SHA256 fa5388268d86877a991f1d20d655aba4951e931ee9efa6238145cb4aad603ea0
SHA512 2b46fbd70f34dbc656f8deeadb1bff02f54750bbd471dd877edfe3ef4436810821ba60069a867731e75f1036fc3f51b698b6cc05d77f47c4a81232a9bf362c79

C:\Windows\System\EHyRJDB.exe

MD5 6276995678d4bf68657e6f177acd6b02
SHA1 28adb673ed1a1df65568cfcb7210c5466a5ce241
SHA256 3c29f36961b5f61c7418ae59545965cc7bf2b4e02342330a5cfc1d9e8894f79a
SHA512 8d30e4fadad73c14a3b11daea44c19b84c7c1b91a2ce0d80ff65440697be0fb59e6a5fe2ff5d2f8f6f57041f68ecfefd035b4c142334938218778ab39c448726

C:\Windows\System\gXapXVv.exe

MD5 cdebade5e9e9aacd0a20ecb8ae7ab52f
SHA1 c9541e893c417fb24beb72f1a8d6c458942f0320
SHA256 682318c492234e8ca5a2f227d26a4a2c4b4ce5552e5157568710e88ab5dce983
SHA512 387d4463cc86caf766f799b1315e1b0c8eb1f3afd839b40051e42863f7f083a9ee5e8a0a057374e73f4d01cbe99f22d8d5eda1bc3c2615c9e67adc5344434d20

C:\Windows\System\PRXmqkc.exe

MD5 2efc4491c392c7c4b9ce1064648bf92a
SHA1 f44b11d9e0a7d9a33d35f225cd1a702b6c6c66a4
SHA256 00cc3263c34ed6721e9faf24a0095d938257e70538e95bc85ff99bc7fc4baf09
SHA512 a8fa667e1fc59b3f1f670001a44582c97a1cf057c087aaeff6a61fbced9532e5c5a4ee08744257d0ab8c61a4de3133cc5cdeb119ec17768297f82c298e89e630