Malware Analysis Report

2024-09-10 23:01

Sample ID 240613-1va1esvhpm
Target 8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe
SHA256 b062372a26919a52ac418b5c9d77f12e848cd15f8936185ff421916b345c15ac
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b062372a26919a52ac418b5c9d77f12e848cd15f8936185ff421916b345c15ac

Threat Level: Known bad

The file 8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:57

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:57

Reported

2024-06-13 22:00

Platform

win7-20240221-en

Max time kernel

137s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DxrtJTB.exe N/A
N/A N/A C:\Windows\System\DjfYHuL.exe N/A
N/A N/A C:\Windows\System\LcoBwLW.exe N/A
N/A N/A C:\Windows\System\mDEAAyY.exe N/A
N/A N/A C:\Windows\System\rfLcuIf.exe N/A
N/A N/A C:\Windows\System\NaquvaW.exe N/A
N/A N/A C:\Windows\System\qyyauOa.exe N/A
N/A N/A C:\Windows\System\DNzhDyD.exe N/A
N/A N/A C:\Windows\System\UzMZOSA.exe N/A
N/A N/A C:\Windows\System\bvwZpyC.exe N/A
N/A N/A C:\Windows\System\uDhmRfW.exe N/A
N/A N/A C:\Windows\System\JLeksVQ.exe N/A
N/A N/A C:\Windows\System\BeakYXx.exe N/A
N/A N/A C:\Windows\System\PqJUekN.exe N/A
N/A N/A C:\Windows\System\TfURPce.exe N/A
N/A N/A C:\Windows\System\jOIAHxu.exe N/A
N/A N/A C:\Windows\System\NDupBsW.exe N/A
N/A N/A C:\Windows\System\HlBkIlY.exe N/A
N/A N/A C:\Windows\System\LEyPOgk.exe N/A
N/A N/A C:\Windows\System\jHFtjbj.exe N/A
N/A N/A C:\Windows\System\dWttUBB.exe N/A
N/A N/A C:\Windows\System\iPHXJts.exe N/A
N/A N/A C:\Windows\System\oQIGQYW.exe N/A
N/A N/A C:\Windows\System\HyTnxoK.exe N/A
N/A N/A C:\Windows\System\WifeEXa.exe N/A
N/A N/A C:\Windows\System\UpkXyKQ.exe N/A
N/A N/A C:\Windows\System\oItYFmI.exe N/A
N/A N/A C:\Windows\System\MevsRTF.exe N/A
N/A N/A C:\Windows\System\MCeIfvp.exe N/A
N/A N/A C:\Windows\System\czJkyiP.exe N/A
N/A N/A C:\Windows\System\alpSnZY.exe N/A
N/A N/A C:\Windows\System\ZPmVndG.exe N/A
N/A N/A C:\Windows\System\GzhRlMr.exe N/A
N/A N/A C:\Windows\System\CukUwjP.exe N/A
N/A N/A C:\Windows\System\SPvKyGm.exe N/A
N/A N/A C:\Windows\System\RYNkJOF.exe N/A
N/A N/A C:\Windows\System\RXNqbjL.exe N/A
N/A N/A C:\Windows\System\sevvZmK.exe N/A
N/A N/A C:\Windows\System\orzEBfK.exe N/A
N/A N/A C:\Windows\System\mofXUBK.exe N/A
N/A N/A C:\Windows\System\UOtSOeC.exe N/A
N/A N/A C:\Windows\System\SYQCXrM.exe N/A
N/A N/A C:\Windows\System\QTLkCTc.exe N/A
N/A N/A C:\Windows\System\PLHyHTd.exe N/A
N/A N/A C:\Windows\System\GSoSxvQ.exe N/A
N/A N/A C:\Windows\System\ldDCfKy.exe N/A
N/A N/A C:\Windows\System\oKfucRk.exe N/A
N/A N/A C:\Windows\System\NHcVlHs.exe N/A
N/A N/A C:\Windows\System\qgIoKMl.exe N/A
N/A N/A C:\Windows\System\SHaujkZ.exe N/A
N/A N/A C:\Windows\System\roDbrAm.exe N/A
N/A N/A C:\Windows\System\RDkEaoe.exe N/A
N/A N/A C:\Windows\System\VVmkVYo.exe N/A
N/A N/A C:\Windows\System\nVpYsZo.exe N/A
N/A N/A C:\Windows\System\HUEXpmh.exe N/A
N/A N/A C:\Windows\System\iMSjUbz.exe N/A
N/A N/A C:\Windows\System\sOhUxta.exe N/A
N/A N/A C:\Windows\System\UlpBzPs.exe N/A
N/A N/A C:\Windows\System\iiRDlOv.exe N/A
N/A N/A C:\Windows\System\sqIvlHr.exe N/A
N/A N/A C:\Windows\System\ZdxgWwV.exe N/A
N/A N/A C:\Windows\System\uiCRJJr.exe N/A
N/A N/A C:\Windows\System\WGcGUrm.exe N/A
N/A N/A C:\Windows\System\kfQYgjK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DxrtJTB.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCeIfvp.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\uAPMRId.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLjYsNc.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfURPce.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\mofXUBK.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOtSOeC.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\umoYUOa.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLwvZqF.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\wIooYcg.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UaWIOjj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPyAxvp.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLeksVQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYQCXrM.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSoSxvQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRezYff.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzoblPB.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\unqFUBl.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPHXJts.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\HyTnxoK.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVmkVYo.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErFhawu.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHjXwWH.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZVjnCe.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfxykZv.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\XsOOkXj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzhRlMr.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMSjUbz.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUHapad.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuEYAUi.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEBQocy.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTLkCTc.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjsUJtp.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOuqwmz.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\zaNtxIC.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozYkzyU.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\yWETeqJ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZagXgj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufnIkgt.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkgHipI.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\DWIrNPc.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSBcIGc.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\alpSnZY.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLHyHTd.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDkEaoe.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPsUTPC.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtXbENR.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\nuImEmt.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPUdkDl.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\FlcQfVU.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpDPUGQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJDTqtk.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHaujkZ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOVCjgb.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpkXyKQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlpBzPs.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oyJRAKW.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOIAHxu.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oItYFmI.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWYeYYl.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULBVIZD.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnwBWIm.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXNqbjL.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPVJFmO.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DxrtJTB.exe
PID 1644 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DxrtJTB.exe
PID 1644 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DxrtJTB.exe
PID 1644 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DjfYHuL.exe
PID 1644 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DjfYHuL.exe
PID 1644 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DjfYHuL.exe
PID 1644 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LcoBwLW.exe
PID 1644 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LcoBwLW.exe
PID 1644 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LcoBwLW.exe
PID 1644 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\mDEAAyY.exe
PID 1644 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\mDEAAyY.exe
PID 1644 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\mDEAAyY.exe
PID 1644 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\rfLcuIf.exe
PID 1644 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\rfLcuIf.exe
PID 1644 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\rfLcuIf.exe
PID 1644 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NaquvaW.exe
PID 1644 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NaquvaW.exe
PID 1644 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NaquvaW.exe
PID 1644 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\qyyauOa.exe
PID 1644 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\qyyauOa.exe
PID 1644 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\qyyauOa.exe
PID 1644 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DNzhDyD.exe
PID 1644 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DNzhDyD.exe
PID 1644 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\DNzhDyD.exe
PID 1644 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\UzMZOSA.exe
PID 1644 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\UzMZOSA.exe
PID 1644 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\UzMZOSA.exe
PID 1644 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\bvwZpyC.exe
PID 1644 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\bvwZpyC.exe
PID 1644 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\bvwZpyC.exe
PID 1644 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uDhmRfW.exe
PID 1644 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uDhmRfW.exe
PID 1644 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uDhmRfW.exe
PID 1644 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\JLeksVQ.exe
PID 1644 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\JLeksVQ.exe
PID 1644 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\JLeksVQ.exe
PID 1644 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BeakYXx.exe
PID 1644 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BeakYXx.exe
PID 1644 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BeakYXx.exe
PID 1644 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\PqJUekN.exe
PID 1644 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\PqJUekN.exe
PID 1644 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\PqJUekN.exe
PID 1644 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\TfURPce.exe
PID 1644 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\TfURPce.exe
PID 1644 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\TfURPce.exe
PID 1644 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jOIAHxu.exe
PID 1644 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jOIAHxu.exe
PID 1644 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jOIAHxu.exe
PID 1644 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NDupBsW.exe
PID 1644 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NDupBsW.exe
PID 1644 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\NDupBsW.exe
PID 1644 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\HlBkIlY.exe
PID 1644 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\HlBkIlY.exe
PID 1644 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\HlBkIlY.exe
PID 1644 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LEyPOgk.exe
PID 1644 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LEyPOgk.exe
PID 1644 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\LEyPOgk.exe
PID 1644 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jHFtjbj.exe
PID 1644 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jHFtjbj.exe
PID 1644 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jHFtjbj.exe
PID 1644 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\dWttUBB.exe
PID 1644 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\dWttUBB.exe
PID 1644 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\dWttUBB.exe
PID 1644 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\iPHXJts.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe"

C:\Windows\System\DxrtJTB.exe

C:\Windows\System\DxrtJTB.exe

C:\Windows\System\DjfYHuL.exe

C:\Windows\System\DjfYHuL.exe

C:\Windows\System\LcoBwLW.exe

C:\Windows\System\LcoBwLW.exe

C:\Windows\System\mDEAAyY.exe

C:\Windows\System\mDEAAyY.exe

C:\Windows\System\rfLcuIf.exe

C:\Windows\System\rfLcuIf.exe

C:\Windows\System\NaquvaW.exe

C:\Windows\System\NaquvaW.exe

C:\Windows\System\qyyauOa.exe

C:\Windows\System\qyyauOa.exe

C:\Windows\System\DNzhDyD.exe

C:\Windows\System\DNzhDyD.exe

C:\Windows\System\UzMZOSA.exe

C:\Windows\System\UzMZOSA.exe

C:\Windows\System\bvwZpyC.exe

C:\Windows\System\bvwZpyC.exe

C:\Windows\System\uDhmRfW.exe

C:\Windows\System\uDhmRfW.exe

C:\Windows\System\JLeksVQ.exe

C:\Windows\System\JLeksVQ.exe

C:\Windows\System\BeakYXx.exe

C:\Windows\System\BeakYXx.exe

C:\Windows\System\PqJUekN.exe

C:\Windows\System\PqJUekN.exe

C:\Windows\System\TfURPce.exe

C:\Windows\System\TfURPce.exe

C:\Windows\System\jOIAHxu.exe

C:\Windows\System\jOIAHxu.exe

C:\Windows\System\NDupBsW.exe

C:\Windows\System\NDupBsW.exe

C:\Windows\System\HlBkIlY.exe

C:\Windows\System\HlBkIlY.exe

C:\Windows\System\LEyPOgk.exe

C:\Windows\System\LEyPOgk.exe

C:\Windows\System\jHFtjbj.exe

C:\Windows\System\jHFtjbj.exe

C:\Windows\System\dWttUBB.exe

C:\Windows\System\dWttUBB.exe

C:\Windows\System\iPHXJts.exe

C:\Windows\System\iPHXJts.exe

C:\Windows\System\oQIGQYW.exe

C:\Windows\System\oQIGQYW.exe

C:\Windows\System\HyTnxoK.exe

C:\Windows\System\HyTnxoK.exe

C:\Windows\System\WifeEXa.exe

C:\Windows\System\WifeEXa.exe

C:\Windows\System\UpkXyKQ.exe

C:\Windows\System\UpkXyKQ.exe

C:\Windows\System\oItYFmI.exe

C:\Windows\System\oItYFmI.exe

C:\Windows\System\MevsRTF.exe

C:\Windows\System\MevsRTF.exe

C:\Windows\System\MCeIfvp.exe

C:\Windows\System\MCeIfvp.exe

C:\Windows\System\czJkyiP.exe

C:\Windows\System\czJkyiP.exe

C:\Windows\System\alpSnZY.exe

C:\Windows\System\alpSnZY.exe

C:\Windows\System\ZPmVndG.exe

C:\Windows\System\ZPmVndG.exe

C:\Windows\System\GzhRlMr.exe

C:\Windows\System\GzhRlMr.exe

C:\Windows\System\CukUwjP.exe

C:\Windows\System\CukUwjP.exe

C:\Windows\System\SPvKyGm.exe

C:\Windows\System\SPvKyGm.exe

C:\Windows\System\RYNkJOF.exe

C:\Windows\System\RYNkJOF.exe

C:\Windows\System\RXNqbjL.exe

C:\Windows\System\RXNqbjL.exe

C:\Windows\System\sevvZmK.exe

C:\Windows\System\sevvZmK.exe

C:\Windows\System\orzEBfK.exe

C:\Windows\System\orzEBfK.exe

C:\Windows\System\mofXUBK.exe

C:\Windows\System\mofXUBK.exe

C:\Windows\System\UOtSOeC.exe

C:\Windows\System\UOtSOeC.exe

C:\Windows\System\SYQCXrM.exe

C:\Windows\System\SYQCXrM.exe

C:\Windows\System\QTLkCTc.exe

C:\Windows\System\QTLkCTc.exe

C:\Windows\System\PLHyHTd.exe

C:\Windows\System\PLHyHTd.exe

C:\Windows\System\GSoSxvQ.exe

C:\Windows\System\GSoSxvQ.exe

C:\Windows\System\ldDCfKy.exe

C:\Windows\System\ldDCfKy.exe

C:\Windows\System\oKfucRk.exe

C:\Windows\System\oKfucRk.exe

C:\Windows\System\NHcVlHs.exe

C:\Windows\System\NHcVlHs.exe

C:\Windows\System\qgIoKMl.exe

C:\Windows\System\qgIoKMl.exe

C:\Windows\System\SHaujkZ.exe

C:\Windows\System\SHaujkZ.exe

C:\Windows\System\roDbrAm.exe

C:\Windows\System\roDbrAm.exe

C:\Windows\System\RDkEaoe.exe

C:\Windows\System\RDkEaoe.exe

C:\Windows\System\VVmkVYo.exe

C:\Windows\System\VVmkVYo.exe

C:\Windows\System\nVpYsZo.exe

C:\Windows\System\nVpYsZo.exe

C:\Windows\System\HUEXpmh.exe

C:\Windows\System\HUEXpmh.exe

C:\Windows\System\iMSjUbz.exe

C:\Windows\System\iMSjUbz.exe

C:\Windows\System\sOhUxta.exe

C:\Windows\System\sOhUxta.exe

C:\Windows\System\UlpBzPs.exe

C:\Windows\System\UlpBzPs.exe

C:\Windows\System\iiRDlOv.exe

C:\Windows\System\iiRDlOv.exe

C:\Windows\System\sqIvlHr.exe

C:\Windows\System\sqIvlHr.exe

C:\Windows\System\ZdxgWwV.exe

C:\Windows\System\ZdxgWwV.exe

C:\Windows\System\uiCRJJr.exe

C:\Windows\System\uiCRJJr.exe

C:\Windows\System\WGcGUrm.exe

C:\Windows\System\WGcGUrm.exe

C:\Windows\System\kfQYgjK.exe

C:\Windows\System\kfQYgjK.exe

C:\Windows\System\FwwbfdY.exe

C:\Windows\System\FwwbfdY.exe

C:\Windows\System\ydjySsu.exe

C:\Windows\System\ydjySsu.exe

C:\Windows\System\CiFglnl.exe

C:\Windows\System\CiFglnl.exe

C:\Windows\System\lqMOYUV.exe

C:\Windows\System\lqMOYUV.exe

C:\Windows\System\TuEYAUi.exe

C:\Windows\System\TuEYAUi.exe

C:\Windows\System\XYGnRzf.exe

C:\Windows\System\XYGnRzf.exe

C:\Windows\System\SZagXgj.exe

C:\Windows\System\SZagXgj.exe

C:\Windows\System\bFStNID.exe

C:\Windows\System\bFStNID.exe

C:\Windows\System\tbdWJjA.exe

C:\Windows\System\tbdWJjA.exe

C:\Windows\System\wrIdUcy.exe

C:\Windows\System\wrIdUcy.exe

C:\Windows\System\JHjXwWH.exe

C:\Windows\System\JHjXwWH.exe

C:\Windows\System\xfAVYBz.exe

C:\Windows\System\xfAVYBz.exe

C:\Windows\System\IiRJUqV.exe

C:\Windows\System\IiRJUqV.exe

C:\Windows\System\wTBkJea.exe

C:\Windows\System\wTBkJea.exe

C:\Windows\System\RsVQQOa.exe

C:\Windows\System\RsVQQOa.exe

C:\Windows\System\VujYRUW.exe

C:\Windows\System\VujYRUW.exe

C:\Windows\System\ptCGlkQ.exe

C:\Windows\System\ptCGlkQ.exe

C:\Windows\System\wQcraEb.exe

C:\Windows\System\wQcraEb.exe

C:\Windows\System\nuImEmt.exe

C:\Windows\System\nuImEmt.exe

C:\Windows\System\ufnIkgt.exe

C:\Windows\System\ufnIkgt.exe

C:\Windows\System\zaNtxIC.exe

C:\Windows\System\zaNtxIC.exe

C:\Windows\System\uAPMRId.exe

C:\Windows\System\uAPMRId.exe

C:\Windows\System\HLjYsNc.exe

C:\Windows\System\HLjYsNc.exe

C:\Windows\System\hPVJFmO.exe

C:\Windows\System\hPVJFmO.exe

C:\Windows\System\aPsUTPC.exe

C:\Windows\System\aPsUTPC.exe

C:\Windows\System\gsYbJZZ.exe

C:\Windows\System\gsYbJZZ.exe

C:\Windows\System\umoYUOa.exe

C:\Windows\System\umoYUOa.exe

C:\Windows\System\SRtpcdg.exe

C:\Windows\System\SRtpcdg.exe

C:\Windows\System\ZLwvZqF.exe

C:\Windows\System\ZLwvZqF.exe

C:\Windows\System\LFgccAU.exe

C:\Windows\System\LFgccAU.exe

C:\Windows\System\SWalWFP.exe

C:\Windows\System\SWalWFP.exe

C:\Windows\System\zfDOWnQ.exe

C:\Windows\System\zfDOWnQ.exe

C:\Windows\System\tvyjVHz.exe

C:\Windows\System\tvyjVHz.exe

C:\Windows\System\zJUwCkA.exe

C:\Windows\System\zJUwCkA.exe

C:\Windows\System\oOVCjgb.exe

C:\Windows\System\oOVCjgb.exe

C:\Windows\System\RfxykZv.exe

C:\Windows\System\RfxykZv.exe

C:\Windows\System\aNZqDPC.exe

C:\Windows\System\aNZqDPC.exe

C:\Windows\System\rIYVahI.exe

C:\Windows\System\rIYVahI.exe

C:\Windows\System\ErFhawu.exe

C:\Windows\System\ErFhawu.exe

C:\Windows\System\gAKRJRM.exe

C:\Windows\System\gAKRJRM.exe

C:\Windows\System\VwgGHak.exe

C:\Windows\System\VwgGHak.exe

C:\Windows\System\EQXfktb.exe

C:\Windows\System\EQXfktb.exe

C:\Windows\System\zGpZbTR.exe

C:\Windows\System\zGpZbTR.exe

C:\Windows\System\CJTJMGS.exe

C:\Windows\System\CJTJMGS.exe

C:\Windows\System\fPUdkDl.exe

C:\Windows\System\fPUdkDl.exe

C:\Windows\System\lVJgmYe.exe

C:\Windows\System\lVJgmYe.exe

C:\Windows\System\wLoajZU.exe

C:\Windows\System\wLoajZU.exe

C:\Windows\System\DSBcIGc.exe

C:\Windows\System\DSBcIGc.exe

C:\Windows\System\XustsFI.exe

C:\Windows\System\XustsFI.exe

C:\Windows\System\GEBQocy.exe

C:\Windows\System\GEBQocy.exe

C:\Windows\System\VatkxEh.exe

C:\Windows\System\VatkxEh.exe

C:\Windows\System\JjpMFus.exe

C:\Windows\System\JjpMFus.exe

C:\Windows\System\PwUQHXR.exe

C:\Windows\System\PwUQHXR.exe

C:\Windows\System\ImdRONm.exe

C:\Windows\System\ImdRONm.exe

C:\Windows\System\lIJIBpK.exe

C:\Windows\System\lIJIBpK.exe

C:\Windows\System\uWlXMvY.exe

C:\Windows\System\uWlXMvY.exe

C:\Windows\System\wIooYcg.exe

C:\Windows\System\wIooYcg.exe

C:\Windows\System\ozYkzyU.exe

C:\Windows\System\ozYkzyU.exe

C:\Windows\System\AUHapad.exe

C:\Windows\System\AUHapad.exe

C:\Windows\System\mIgPJgF.exe

C:\Windows\System\mIgPJgF.exe

C:\Windows\System\Awclcoa.exe

C:\Windows\System\Awclcoa.exe

C:\Windows\System\YpYQnyX.exe

C:\Windows\System\YpYQnyX.exe

C:\Windows\System\XzNpNkq.exe

C:\Windows\System\XzNpNkq.exe

C:\Windows\System\zjsUJtp.exe

C:\Windows\System\zjsUJtp.exe

C:\Windows\System\VDlBJKJ.exe

C:\Windows\System\VDlBJKJ.exe

C:\Windows\System\WpDPUGQ.exe

C:\Windows\System\WpDPUGQ.exe

C:\Windows\System\qqfapnP.exe

C:\Windows\System\qqfapnP.exe

C:\Windows\System\rBsYVPP.exe

C:\Windows\System\rBsYVPP.exe

C:\Windows\System\oIrHqEs.exe

C:\Windows\System\oIrHqEs.exe

C:\Windows\System\UOrtsfX.exe

C:\Windows\System\UOrtsfX.exe

C:\Windows\System\ifpXxAy.exe

C:\Windows\System\ifpXxAy.exe

C:\Windows\System\wGqIdXK.exe

C:\Windows\System\wGqIdXK.exe

C:\Windows\System\lYqQumN.exe

C:\Windows\System\lYqQumN.exe

C:\Windows\System\ZKVBKCJ.exe

C:\Windows\System\ZKVBKCJ.exe

C:\Windows\System\kJDTqtk.exe

C:\Windows\System\kJDTqtk.exe

C:\Windows\System\nTGusrP.exe

C:\Windows\System\nTGusrP.exe

C:\Windows\System\AAJxqQl.exe

C:\Windows\System\AAJxqQl.exe

C:\Windows\System\PBcYNHp.exe

C:\Windows\System\PBcYNHp.exe

C:\Windows\System\aefABCf.exe

C:\Windows\System\aefABCf.exe

C:\Windows\System\fEHnVQK.exe

C:\Windows\System\fEHnVQK.exe

C:\Windows\System\HXOUuOI.exe

C:\Windows\System\HXOUuOI.exe

C:\Windows\System\yWETeqJ.exe

C:\Windows\System\yWETeqJ.exe

C:\Windows\System\rxLABMl.exe

C:\Windows\System\rxLABMl.exe

C:\Windows\System\THgkCLQ.exe

C:\Windows\System\THgkCLQ.exe

C:\Windows\System\tTrhEvo.exe

C:\Windows\System\tTrhEvo.exe

C:\Windows\System\MYehKNv.exe

C:\Windows\System\MYehKNv.exe

C:\Windows\System\ZRezYff.exe

C:\Windows\System\ZRezYff.exe

C:\Windows\System\kWYeYYl.exe

C:\Windows\System\kWYeYYl.exe

C:\Windows\System\ljdSWtU.exe

C:\Windows\System\ljdSWtU.exe

C:\Windows\System\tGxWfVF.exe

C:\Windows\System\tGxWfVF.exe

C:\Windows\System\ZfZHVnk.exe

C:\Windows\System\ZfZHVnk.exe

C:\Windows\System\UtXbENR.exe

C:\Windows\System\UtXbENR.exe

C:\Windows\System\qjcVWgF.exe

C:\Windows\System\qjcVWgF.exe

C:\Windows\System\BPEJfjP.exe

C:\Windows\System\BPEJfjP.exe

C:\Windows\System\UaWIOjj.exe

C:\Windows\System\UaWIOjj.exe

C:\Windows\System\eOuqwmz.exe

C:\Windows\System\eOuqwmz.exe

C:\Windows\System\qWqWWpp.exe

C:\Windows\System\qWqWWpp.exe

C:\Windows\System\tmNznQY.exe

C:\Windows\System\tmNznQY.exe

C:\Windows\System\mzsOOGv.exe

C:\Windows\System\mzsOOGv.exe

C:\Windows\System\oyJRAKW.exe

C:\Windows\System\oyJRAKW.exe

C:\Windows\System\HhjwuzE.exe

C:\Windows\System\HhjwuzE.exe

C:\Windows\System\FlcQfVU.exe

C:\Windows\System\FlcQfVU.exe

C:\Windows\System\XsOOkXj.exe

C:\Windows\System\XsOOkXj.exe

C:\Windows\System\vzzxFpp.exe

C:\Windows\System\vzzxFpp.exe

C:\Windows\System\gLjGDoc.exe

C:\Windows\System\gLjGDoc.exe

C:\Windows\System\RSDaLDy.exe

C:\Windows\System\RSDaLDy.exe

C:\Windows\System\mwEpWGd.exe

C:\Windows\System\mwEpWGd.exe

C:\Windows\System\gObNFHt.exe

C:\Windows\System\gObNFHt.exe

C:\Windows\System\lyNrVYz.exe

C:\Windows\System\lyNrVYz.exe

C:\Windows\System\jtfQOUn.exe

C:\Windows\System\jtfQOUn.exe

C:\Windows\System\qZVjnCe.exe

C:\Windows\System\qZVjnCe.exe

C:\Windows\System\lvgHVpz.exe

C:\Windows\System\lvgHVpz.exe

C:\Windows\System\uIsHDtR.exe

C:\Windows\System\uIsHDtR.exe

C:\Windows\System\izCAQJi.exe

C:\Windows\System\izCAQJi.exe

C:\Windows\System\ofyvRov.exe

C:\Windows\System\ofyvRov.exe

C:\Windows\System\wPyAxvp.exe

C:\Windows\System\wPyAxvp.exe

C:\Windows\System\SwpYsia.exe

C:\Windows\System\SwpYsia.exe

C:\Windows\System\nzoblPB.exe

C:\Windows\System\nzoblPB.exe

C:\Windows\System\XpWKmjv.exe

C:\Windows\System\XpWKmjv.exe

C:\Windows\System\nrSBewl.exe

C:\Windows\System\nrSBewl.exe

C:\Windows\System\unqFUBl.exe

C:\Windows\System\unqFUBl.exe

C:\Windows\System\CkgHipI.exe

C:\Windows\System\CkgHipI.exe

C:\Windows\System\PDutIzW.exe

C:\Windows\System\PDutIzW.exe

C:\Windows\System\DWIrNPc.exe

C:\Windows\System\DWIrNPc.exe

C:\Windows\System\sJEYwxI.exe

C:\Windows\System\sJEYwxI.exe

C:\Windows\System\paxHKAx.exe

C:\Windows\System\paxHKAx.exe

C:\Windows\System\XIZqbvT.exe

C:\Windows\System\XIZqbvT.exe

C:\Windows\System\acZkgwT.exe

C:\Windows\System\acZkgwT.exe

C:\Windows\System\ULBVIZD.exe

C:\Windows\System\ULBVIZD.exe

C:\Windows\System\WIODcxa.exe

C:\Windows\System\WIODcxa.exe

C:\Windows\System\rQfTsnO.exe

C:\Windows\System\rQfTsnO.exe

C:\Windows\System\vREQLpb.exe

C:\Windows\System\vREQLpb.exe

C:\Windows\System\GnwBWIm.exe

C:\Windows\System\GnwBWIm.exe

C:\Windows\System\TrfpTkX.exe

C:\Windows\System\TrfpTkX.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1644-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\DxrtJTB.exe

MD5 00975d251e670bf7fcdf5eb89ca3e418
SHA1 dd135f7f6cfd72bcefd9fb10236e488d51937b4d
SHA256 a4f33dea7ed1be4ca2e79fc7820471c9c5df940f8ff2bf5f7bd2485159ec0dc7
SHA512 aefc6e06123eb4a13af6a842a70c8950fe44b90600514e1a94ad6beed52fa1fec90d55059cfa12e44ff78ae5f67f4847b9a73120980293b48f755e70d16b2aef

\Windows\system\DjfYHuL.exe

MD5 6f9fbf75fe35895edd474c2dfd9feb69
SHA1 a2a6cc62080fc9ebf605c66d8289dc87f3e7f918
SHA256 629477e3994cd6daedb26cd4795fd07bf4e4545ae4018885d88d961f5675ded9
SHA512 a44953005ac4ecb67757a862ec5841699a1a61ffebfe7252e7129b625859d7c11aa68e3a0309933a4f18af32e325f7b986c23eab5feea40501478c04f75a2bc7

C:\Windows\system\LcoBwLW.exe

MD5 0209b66cd2c307638b9021b1219ae336
SHA1 7ebc553b629afbe9ad9f6826496ca9ee8089be0d
SHA256 dd535312845511aeecadcb975cc45eb81c6a009d8067129de83d282749efe1ec
SHA512 58b9930e7d6e18837ba32c71043b66089061a199329227874ae8edc90520894598478220e31a507d46d9203fe9d046622f09b5678e6ef4b3de232fce2aabe7fe

\Windows\system\mDEAAyY.exe

MD5 1c887b23d3297fcffe8f89467daa13ab
SHA1 cd715c482da95d24c5e19c13ca73298800495b9b
SHA256 3314b4a4ac6907d08396d0c5c5fccc277f2bbf18d89e4f82385e05aa15936a70
SHA512 5b1bae7911c5ac8d5e2dda1bfef4209774cb93c401508804e6ad7fb58e1c54104c51b160915939ee0919a5455eb455b2fbe2bf368c08bb7833e294493eaef15f

C:\Windows\system\rfLcuIf.exe

MD5 c8338fff91ba634780eabcfd6ed56e82
SHA1 c72a97b379fd7235c5c910be3f3d116d061f49d3
SHA256 0a3e5d3f7abb49c94c7e440df2a4442415455a1ddec482fa9e6fcf8547aac745
SHA512 09e2ff9d3b2f2b08aa00b8180ab865d0d5c3e5afeeca4e214cbfe9c3f85a97c148212185e92fbc76f140aac700b7dda0ca4cdefa4fd5669f0b61dbd48170e017

C:\Windows\system\UzMZOSA.exe

MD5 1fa44d9e2f160b3748031d6e82533465
SHA1 54101db145314a99af0a4452335f1d6ec55cc644
SHA256 7009ecd63c9b85866b1a00894d5e07e64fe4cf8559fc06c756b469506938f8b2
SHA512 db7100b140c7a9e48191ad206e289325715f208c1c45c4b1a853f963bad48d8687e414fa8fb1ecb48809f55be8921fb53fc5f8448e3244fb77ce4cd163892ba6

C:\Windows\system\PqJUekN.exe

MD5 be664be49d0717004cc7e0e96eaad579
SHA1 d4a4016176aa109fe9fe3cd0ff3dcc2da8f949ce
SHA256 7235c1448bc1fd428613a0ff1dee0e3da8a0507ad40d5d2ac99df3aab1957f73
SHA512 b87ee813c45d9e64fe3c2e2121da676a7c5454a7136636b8e87fe0578b16146943a92ebb5d7424add69f923724c8c04a6c392c534b67d9584491c6410b63cf12

C:\Windows\system\HlBkIlY.exe

MD5 2074a07e6454c809093ff5e596a5f34e
SHA1 4deb07f420b460a732cf62e9ed52baa55f17e036
SHA256 fb2e1240940aea43df8217cb6a1e739022eadaaf82f6f373e34865639017f50c
SHA512 1ad0fb31aacbbf0a4b1b1ecf8bdc1b68a78368d4961c812215c450025b5bcfcdf6a94d39a80227ea5fd84f6a83a0d50dd64846f0045a68c78943ecd8fdd78d7f

C:\Windows\system\HyTnxoK.exe

MD5 54d4e08ee5e822d31dc9eaee76e719eb
SHA1 eea745427a4adfa78f776c6e975681995a5d2457
SHA256 feeb4b831d7a49184d09c9f9a1ed183e9eb3bae1306f26a8614b0b8f2a6fa224
SHA512 30d732bc9a45b6d51b047ff3e62a3ea3e158d1e5f52e82d5bddff49450746c65197e25870bb126af5ba0dfe8a4f7aca7e34f7cb62dce74e834ae0a845d669759

C:\Windows\system\ZPmVndG.exe

MD5 2c14e9a8d3b87dafa365ec3dd7dd583c
SHA1 a1621cc1958516cfe6436748504eda337368a294
SHA256 c37d32461af72fbf625ffa41af0a668257cd98eb0c40d86847412d3fe6de54df
SHA512 2970faf52810ba6c915b8acd473b8ed0f8e25cc765b3348b0b58ba2f26afafb54d2bb9ddfadce6baafa51f44e4c54abc5c61117a476ef693cee551cc8c56e2b7

C:\Windows\system\alpSnZY.exe

MD5 a9e95f678314d9b89b44986ca9eeb0f6
SHA1 c1c547bee5569b4238a65e097e78e49fa019fec1
SHA256 2b6611ea329e75fdc9cc48d1e0c8575883a5861989f8be21d34ef01f49cd7594
SHA512 af0c94a03a1d39eb45f7cf1cbcb4ed3b90faa01620c015c33fd08dce5878e0f708b2ef9de5974b097aa3e1c5ad62f80aa16b0b9039c8c72eafa861e511fa6050

C:\Windows\system\czJkyiP.exe

MD5 ba531bdefe86254e8c0152f56545ae68
SHA1 7ebfa0f61b25a72596f6c3fc2020c5131bacb505
SHA256 dcce775c0ed2e65352db6814baaf0d52106bd737eeb68ad5288d25e66a1c01a9
SHA512 73858d82389d85cdc238a90753bc295c91ea8911b8706f0bde988b004284cccf6cc1f838f1d31e202b6cc8226a26dd0cb3cbaa257c08c974ce44f15b8698d0de

C:\Windows\system\MCeIfvp.exe

MD5 bd0f6b69fd0fd23f7dc67430b4503a58
SHA1 0ddb58059185964b55463a59dc4feb485c2723e0
SHA256 3d37831b2b48a297b486a66bb6b137e747fe95b34db917d521a22358bd5b769e
SHA512 4853ce5bfd8d785528136bd0ee1ac18c4e610b58946ae76d0e1c453dadb7afb1d26fd465a39e7e95c2141d5dde8d24b0b50041136f4ab16422aa9a2615c2cea3

C:\Windows\system\MevsRTF.exe

MD5 d9c2f9df9602b117d1d267465ff074b3
SHA1 1d5c13f55d73d94fee0639c21e8428553afb6917
SHA256 621edea909b80f4369f4d7278d8aeb049d564b003e6e52c382136ea58368dd31
SHA512 0b7c2460fbece4c454333f8a383aec9896aae80f4896fac0dc5cb5943b9cdb8f4ff1c3d04e41021078243f11f212bbe940f27e5f8a61f75f6c5fd4b2e6f1fa85

C:\Windows\system\oItYFmI.exe

MD5 166ffa80c66fbff2ab179edb539a1024
SHA1 b7b96322a73e5d40be443071acb59c40aaa6576a
SHA256 1fb3d87d14182741953bdf1a65d2d9539f7c83e0a774b9e667edba681caf74fa
SHA512 6ab7a208be4e5ad483036f88acdc362ba331f5e41d8e931b67822dc708d902c5cfb810103ce02b631d00c42f70bb2600468a738a1c08d2ec7062c1a4ab3d9054

C:\Windows\system\UpkXyKQ.exe

MD5 30826a6d26f2b910da2f4e86e23fbb9a
SHA1 542d2c5e570c6fdd97499acfe412a851e8deaa47
SHA256 a97f0fb9d1629bd0afaad2aea4d0eb5732d9684dc5a5d6c1d3f820308694c9e5
SHA512 0f6c31777f11549dbe24755df3aa93aac4fc3fe4f9961a490381ebcd73d165a9f29c64493dadacc24a2673614ddd4ad7fe517e26f1dcec9683f995ab5f57118e

C:\Windows\system\WifeEXa.exe

MD5 266046f7a726bb0a9989915d9231b339
SHA1 6ff2e2baef7fa623e3e38346b6c28acad8e21d0f
SHA256 8f4618172e2e1a3b6571878ae40f1b88e3f4691b9deabe4bab272b4a1fc7e2d1
SHA512 490809d674c1dcba32dc5991b22c7d9d4ba4c7da1878ee03a9d09b3656587ec28b60c914e503722854f69d3ea56408cf8f5735cdc0c6145c0701d40f3508c9d4

C:\Windows\system\oQIGQYW.exe

MD5 03425c1feddeddb1df35fa7c5f3bcb4e
SHA1 f0318a2022d1d422d0ff904d5a6b9ad13142c2b6
SHA256 cb9df30e017c7417dca68c4413916eded86cb1e1d79e19fdbba64e2b5b9cd91b
SHA512 347866596d2811866ed15fd7f06fa53463bba9049f655a9df69254d1ddabd618be38feb14c5d99806f157b2ab77ea88c9ea1122b376d2152fa8ae859b643cdef

C:\Windows\system\iPHXJts.exe

MD5 d78baa86bb0f10fc308dfb5540f8a3cd
SHA1 2b61400101925829e14bfd25b991cb8a4c2600dd
SHA256 f4396e29954a4e787d0d8bf5ed444bf20203f86cd2e5e141fba84f22b8a631bc
SHA512 6b14bb7a859ce89c495259e0598bf3e8a9ff19ef702179e69d079769823cad1cece0cae703d08fb91c7657486475b48fb2aab3fdd2a57fc8b257434b5bdbac6b

C:\Windows\system\dWttUBB.exe

MD5 7eadbd896b835fd3b5293ccb8cdc5c61
SHA1 c57f6f3ed21faa14cfb1cb058a22ef67b0caf0cf
SHA256 210cea3f19b221834fdbb5e8b7097123d5099271d0e2859a3d09f96c42e351c3
SHA512 d22bde4c34237b54183e07c9025ff3a321be0d99f7db2a865e3cb901503d591737cbbdbe4c8b4c266dba25c92318072bbcfd87ec2bd21bb95736241140252b28

C:\Windows\system\jHFtjbj.exe

MD5 27a1e711442a97bfa8bc1da4a8dff597
SHA1 d54a96ea5389cd0110f784d121a3d2c9b874df25
SHA256 7c5efa679304ceeca38f40407e01e71742c9214a7aa629ff54d978f4ad6cc971
SHA512 206a36ff22ba31686d8c304f59891b53f486072c7c8bb3b6f6cb4335575db06398dbda50b7d9198f0b117df7113013c4fcb95cb117c08b31032d82df9cbd8292

C:\Windows\system\LEyPOgk.exe

MD5 a4970f3adb532552d41d1ee783f442ff
SHA1 1f0bc7dea9a245d021350734c307a7293becc7a9
SHA256 5105445259ee935a73e41e0808ea8f294c221910f9eb7dd1d4af306dd015b33e
SHA512 661d39cedb9f36f6f585c94b87ec846a163ce4acef79b86ddb12a10b96bfde1c0988a9c35866dc5b3de9a859eba49398c4579ffb8f0bdaa4388e4dfe4f4666e8

C:\Windows\system\NDupBsW.exe

MD5 7925ae5f152f113a8cb082d8b5d98f6e
SHA1 a737cd49efaba9eec7f9917e12c1e4f4652db743
SHA256 c2e6ffc89e364b9d929c761cbd64c4606073b2db245389a82ef882b7d4d828d1
SHA512 92b6b50cb55abc0a9d949c31e28eb54b98185747ca9fab292e7d5f2cc3decc1608109a40fbf251a88bc8bc1518a5ebb6e383837e5c9e4f176e1292f20bfe2376

C:\Windows\system\jOIAHxu.exe

MD5 e90aa12857576b7c780c1e8f1245ac02
SHA1 8d0753c995b4f96778ada83989696dcca18e1a3e
SHA256 49f57c2c2255f64eac25057920687b13053261bbf8a23b3d32bf6e8a579df7eb
SHA512 3395581121bb80f1e47b210bf03e313e56c026e15d3769cdade49e994e032efb1c31b5db222a0f72569d39c9f15274e18f3d28128563344432a90755e4c21dc8

C:\Windows\system\TfURPce.exe

MD5 3ebb6c880e9ef00b2bec46154f91dc26
SHA1 0adde10dd73f6f13b95424ac263347b7a68c7ffa
SHA256 d6cdcef488627f961e6c74787ebd64fe72cb468b38a5c093c351baef624654d6
SHA512 17a7adf1d386000f7729884dae34e918e6efd3594dc8572269a290be6860b44cff0d3dceb24e966188ff61a320d958cfbdcc3758d7a05155235a0ee3830863b1

C:\Windows\system\BeakYXx.exe

MD5 3553629ca61e00873d7a13a0b4cb9bc5
SHA1 1ebd3624aee93b39cac7e5bb697e9cc0ffd192d1
SHA256 a0df20e5e6a971d87ede7f5550493bafe3620ecb430a6f1af897334f378320a8
SHA512 dacaf7df13cd358a9e6cb3a76e482195f606bf1da876dbedfda1b10909fc3317b2167bf79ad96449ee8b72a06fcb1577e2b150f0f4f508e69f50224d86ab5975

C:\Windows\system\JLeksVQ.exe

MD5 f07120fbb9a247e04c39ee05f5eba74b
SHA1 02465817449db45edfbc964e4db86984dcebb592
SHA256 9413705dcc5a8c97a014783727a190f6e12d18becad4bc907cec47afacc35f17
SHA512 385a02e3a2bfa1269a43d929c414909362b1f33851edd26a196382d158ce912e23885760a4e2e05379c357488447efbc7a83ef73d0fc36216ac9cc1785606aa9

C:\Windows\system\uDhmRfW.exe

MD5 21de6f6cdeabb8ee1a8083c959021721
SHA1 63b2b7b760170658394ce1424e1478a08adefae0
SHA256 b5e0b6837fabc71eccd3362307a8e516e0889979250209fd37ecb894603953cd
SHA512 44f336fba92411f083f5c50650946e902706465073279244656e4436062ad61d6d561723403e3123635655ea872b17e7e8db0f6bcaf78883611eb113d409b5ec

C:\Windows\system\bvwZpyC.exe

MD5 b9ff680e6bcfac895d3162132b784bbb
SHA1 a7a9bcf1f66417f2b538eeed1807b55be70a6a2b
SHA256 098434218270f2358badfd2839b9c9c52d226deba8ea6a7363b8b8656ddbf4dc
SHA512 2595fd029fe1d0b7e66600df6d65e2932002d0c099a5c79c3ac1ce7e0d49b1eeb54cfb171278866eced3b0d73593de98026370f382bc93635facbddc250b53f6

C:\Windows\system\DNzhDyD.exe

MD5 ae72b7d181492ecb3853049fdc0d013e
SHA1 eb811adbfc3fde6db350086d65252b67e1737fd7
SHA256 ae229142a39b7c3b23f474d87ed647417cdc3f90ff35064c98ca2bb29259a5d1
SHA512 89b0641a7a1177ba710e59d0fb24fb7021e2c51b2eeb303b75659bafdb4e447ced35c2764aa1132f6e662bc18c034ffe6e4a8dcd2170851eef83abcf15b9e152

C:\Windows\system\qyyauOa.exe

MD5 3bc878ea131fe3fb00dc3e5e86466481
SHA1 c72e9a57d39e3ad1255d782b9f8c554dbcabd793
SHA256 d3e975334c4eec18193ba5f874af40f615bd7ca7af058f3b2416d68096f81561
SHA512 577df6f9c98c0e3173a3cef313af1c1733c953930c0948e9a094def794299ee1f13f7265edffc98efe2ec18c2186bfed1f9ffe9717dd0fb7e2dcdf794aae4440

C:\Windows\system\NaquvaW.exe

MD5 6f4bf238ca3806380332a824361d9679
SHA1 f7ff766deaf893e853eb80598dec524debf01532
SHA256 17efd7fd7b1c21b7f7eba7609f7bf3ed024ba3429818fe4dfb051cca6d804e6c
SHA512 098e212a5e5b47e560c2660ee26d6e361a500b49ea63f9e1cd9bf2aef5cf181b9e0dd03d92eb1771115745dbc07fe121e214c54ab5aa524643a6e315a3273b89

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:57

Reported

2024-06-13 22:00

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dMVIdRl.exe N/A
N/A N/A C:\Windows\System\vLgnYsj.exe N/A
N/A N/A C:\Windows\System\GGepMzD.exe N/A
N/A N/A C:\Windows\System\TSqEDTd.exe N/A
N/A N/A C:\Windows\System\YLXoAsM.exe N/A
N/A N/A C:\Windows\System\weSATbY.exe N/A
N/A N/A C:\Windows\System\JCUgbMY.exe N/A
N/A N/A C:\Windows\System\wqBQvEq.exe N/A
N/A N/A C:\Windows\System\UOVHcmA.exe N/A
N/A N/A C:\Windows\System\yQOFCnZ.exe N/A
N/A N/A C:\Windows\System\ZSdEhTi.exe N/A
N/A N/A C:\Windows\System\sFowLLF.exe N/A
N/A N/A C:\Windows\System\slQatYF.exe N/A
N/A N/A C:\Windows\System\ZEJGbRw.exe N/A
N/A N/A C:\Windows\System\uwmhBYh.exe N/A
N/A N/A C:\Windows\System\MUwxtEs.exe N/A
N/A N/A C:\Windows\System\jYFisOc.exe N/A
N/A N/A C:\Windows\System\BQXydMi.exe N/A
N/A N/A C:\Windows\System\MhrNWhp.exe N/A
N/A N/A C:\Windows\System\sJQYsyG.exe N/A
N/A N/A C:\Windows\System\RXwwGUv.exe N/A
N/A N/A C:\Windows\System\HdowSTL.exe N/A
N/A N/A C:\Windows\System\EJvzIyD.exe N/A
N/A N/A C:\Windows\System\vcOXJhO.exe N/A
N/A N/A C:\Windows\System\BQZEGfX.exe N/A
N/A N/A C:\Windows\System\mtaDSqy.exe N/A
N/A N/A C:\Windows\System\aRIMABI.exe N/A
N/A N/A C:\Windows\System\nEKYbmb.exe N/A
N/A N/A C:\Windows\System\nQNjawf.exe N/A
N/A N/A C:\Windows\System\cCiaNEi.exe N/A
N/A N/A C:\Windows\System\uMJxKZo.exe N/A
N/A N/A C:\Windows\System\BFeidxp.exe N/A
N/A N/A C:\Windows\System\hKdXGdt.exe N/A
N/A N/A C:\Windows\System\AHNqkpD.exe N/A
N/A N/A C:\Windows\System\oNZdlnE.exe N/A
N/A N/A C:\Windows\System\ydNBFCA.exe N/A
N/A N/A C:\Windows\System\CaLLGAx.exe N/A
N/A N/A C:\Windows\System\mFinnXj.exe N/A
N/A N/A C:\Windows\System\lPBCEAu.exe N/A
N/A N/A C:\Windows\System\jlEvsUU.exe N/A
N/A N/A C:\Windows\System\taiYQPN.exe N/A
N/A N/A C:\Windows\System\floFeSA.exe N/A
N/A N/A C:\Windows\System\otBysbi.exe N/A
N/A N/A C:\Windows\System\tYsqLhh.exe N/A
N/A N/A C:\Windows\System\JTpOmXM.exe N/A
N/A N/A C:\Windows\System\ZRnBQqC.exe N/A
N/A N/A C:\Windows\System\wxGXUzv.exe N/A
N/A N/A C:\Windows\System\tXYKptC.exe N/A
N/A N/A C:\Windows\System\zREYcmU.exe N/A
N/A N/A C:\Windows\System\soMXynR.exe N/A
N/A N/A C:\Windows\System\uJfxJvC.exe N/A
N/A N/A C:\Windows\System\MYzoCui.exe N/A
N/A N/A C:\Windows\System\nhxVCGF.exe N/A
N/A N/A C:\Windows\System\dvvqVPl.exe N/A
N/A N/A C:\Windows\System\nhhKenb.exe N/A
N/A N/A C:\Windows\System\cbocODf.exe N/A
N/A N/A C:\Windows\System\TGWSBDV.exe N/A
N/A N/A C:\Windows\System\SksnABV.exe N/A
N/A N/A C:\Windows\System\UOzTwhY.exe N/A
N/A N/A C:\Windows\System\ZpltOSD.exe N/A
N/A N/A C:\Windows\System\eiJtAdq.exe N/A
N/A N/A C:\Windows\System\aedBrVx.exe N/A
N/A N/A C:\Windows\System\xsYCEJY.exe N/A
N/A N/A C:\Windows\System\OofCjTT.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nZDNgYC.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMjFDUr.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKjWeoS.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjDYGtK.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNZdlnE.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbnjfyB.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\moCpBxg.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSSQigl.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\iEjkPSj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFinnXj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\floFeSA.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\maDbnqi.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\AsTxXOp.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhTokql.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\soMXynR.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTMkLGR.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFowLLF.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUlqfAy.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOPybRz.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ydNBFCA.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\Hkscfbm.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQjFfTQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXYKptC.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDfEcyK.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\aWhfcty.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHmnsuQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\szBGFDp.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhbuWle.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\veBSZFM.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShkzGJj.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\haBMZxq.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdnsmBU.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWQxOvT.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYzoCui.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\cBMPQON.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrZMmsb.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXkxRTz.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNDvIJA.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHONxQq.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\weSATbY.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbocODf.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiJtAdq.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPtytfQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDnpPjP.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwmhBYh.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOzTwhY.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\loJQzgf.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\aanJXMt.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHYNetD.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJjxvDh.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSdEhTi.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPBCEAu.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbQhKft.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJvzIyD.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJnxhzs.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\nEKYbmb.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\LcyyiJY.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBCBRNa.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\BQXydMi.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\otBysbi.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgFsfpc.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\ispAzaQ.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiExOeI.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
File created C:\Windows\System\piMzufI.exe C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1572 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\dMVIdRl.exe
PID 1572 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\dMVIdRl.exe
PID 1572 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\vLgnYsj.exe
PID 1572 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\vLgnYsj.exe
PID 1572 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\GGepMzD.exe
PID 1572 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\GGepMzD.exe
PID 1572 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\TSqEDTd.exe
PID 1572 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\TSqEDTd.exe
PID 1572 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\YLXoAsM.exe
PID 1572 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\YLXoAsM.exe
PID 1572 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\weSATbY.exe
PID 1572 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\weSATbY.exe
PID 1572 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\JCUgbMY.exe
PID 1572 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\JCUgbMY.exe
PID 1572 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\wqBQvEq.exe
PID 1572 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\wqBQvEq.exe
PID 1572 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\UOVHcmA.exe
PID 1572 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\UOVHcmA.exe
PID 1572 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\yQOFCnZ.exe
PID 1572 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\yQOFCnZ.exe
PID 1572 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\ZSdEhTi.exe
PID 1572 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\ZSdEhTi.exe
PID 1572 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\sFowLLF.exe
PID 1572 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\sFowLLF.exe
PID 1572 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\slQatYF.exe
PID 1572 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\slQatYF.exe
PID 1572 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\ZEJGbRw.exe
PID 1572 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\ZEJGbRw.exe
PID 1572 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uwmhBYh.exe
PID 1572 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uwmhBYh.exe
PID 1572 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\MUwxtEs.exe
PID 1572 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\MUwxtEs.exe
PID 1572 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jYFisOc.exe
PID 1572 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\jYFisOc.exe
PID 1572 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BQXydMi.exe
PID 1572 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BQXydMi.exe
PID 1572 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\MhrNWhp.exe
PID 1572 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\MhrNWhp.exe
PID 1572 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\sJQYsyG.exe
PID 1572 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\sJQYsyG.exe
PID 1572 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\RXwwGUv.exe
PID 1572 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\RXwwGUv.exe
PID 1572 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\HdowSTL.exe
PID 1572 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\HdowSTL.exe
PID 1572 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\EJvzIyD.exe
PID 1572 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\EJvzIyD.exe
PID 1572 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\vcOXJhO.exe
PID 1572 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\vcOXJhO.exe
PID 1572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BQZEGfX.exe
PID 1572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BQZEGfX.exe
PID 1572 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\mtaDSqy.exe
PID 1572 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\mtaDSqy.exe
PID 1572 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\aRIMABI.exe
PID 1572 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\aRIMABI.exe
PID 1572 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\nEKYbmb.exe
PID 1572 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\nEKYbmb.exe
PID 1572 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\nQNjawf.exe
PID 1572 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\nQNjawf.exe
PID 1572 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\cCiaNEi.exe
PID 1572 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\cCiaNEi.exe
PID 1572 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uMJxKZo.exe
PID 1572 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\uMJxKZo.exe
PID 1572 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BFeidxp.exe
PID 1572 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe C:\Windows\System\BFeidxp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a3064ab287cc7f6262f35c781788750_NeikiAnalytics.exe"

C:\Windows\System\dMVIdRl.exe

C:\Windows\System\dMVIdRl.exe

C:\Windows\System\vLgnYsj.exe

C:\Windows\System\vLgnYsj.exe

C:\Windows\System\GGepMzD.exe

C:\Windows\System\GGepMzD.exe

C:\Windows\System\TSqEDTd.exe

C:\Windows\System\TSqEDTd.exe

C:\Windows\System\YLXoAsM.exe

C:\Windows\System\YLXoAsM.exe

C:\Windows\System\weSATbY.exe

C:\Windows\System\weSATbY.exe

C:\Windows\System\JCUgbMY.exe

C:\Windows\System\JCUgbMY.exe

C:\Windows\System\wqBQvEq.exe

C:\Windows\System\wqBQvEq.exe

C:\Windows\System\UOVHcmA.exe

C:\Windows\System\UOVHcmA.exe

C:\Windows\System\yQOFCnZ.exe

C:\Windows\System\yQOFCnZ.exe

C:\Windows\System\ZSdEhTi.exe

C:\Windows\System\ZSdEhTi.exe

C:\Windows\System\sFowLLF.exe

C:\Windows\System\sFowLLF.exe

C:\Windows\System\slQatYF.exe

C:\Windows\System\slQatYF.exe

C:\Windows\System\ZEJGbRw.exe

C:\Windows\System\ZEJGbRw.exe

C:\Windows\System\uwmhBYh.exe

C:\Windows\System\uwmhBYh.exe

C:\Windows\System\MUwxtEs.exe

C:\Windows\System\MUwxtEs.exe

C:\Windows\System\jYFisOc.exe

C:\Windows\System\jYFisOc.exe

C:\Windows\System\BQXydMi.exe

C:\Windows\System\BQXydMi.exe

C:\Windows\System\MhrNWhp.exe

C:\Windows\System\MhrNWhp.exe

C:\Windows\System\sJQYsyG.exe

C:\Windows\System\sJQYsyG.exe

C:\Windows\System\RXwwGUv.exe

C:\Windows\System\RXwwGUv.exe

C:\Windows\System\HdowSTL.exe

C:\Windows\System\HdowSTL.exe

C:\Windows\System\EJvzIyD.exe

C:\Windows\System\EJvzIyD.exe

C:\Windows\System\vcOXJhO.exe

C:\Windows\System\vcOXJhO.exe

C:\Windows\System\BQZEGfX.exe

C:\Windows\System\BQZEGfX.exe

C:\Windows\System\mtaDSqy.exe

C:\Windows\System\mtaDSqy.exe

C:\Windows\System\aRIMABI.exe

C:\Windows\System\aRIMABI.exe

C:\Windows\System\nEKYbmb.exe

C:\Windows\System\nEKYbmb.exe

C:\Windows\System\nQNjawf.exe

C:\Windows\System\nQNjawf.exe

C:\Windows\System\cCiaNEi.exe

C:\Windows\System\cCiaNEi.exe

C:\Windows\System\uMJxKZo.exe

C:\Windows\System\uMJxKZo.exe

C:\Windows\System\BFeidxp.exe

C:\Windows\System\BFeidxp.exe

C:\Windows\System\hKdXGdt.exe

C:\Windows\System\hKdXGdt.exe

C:\Windows\System\AHNqkpD.exe

C:\Windows\System\AHNqkpD.exe

C:\Windows\System\oNZdlnE.exe

C:\Windows\System\oNZdlnE.exe

C:\Windows\System\ydNBFCA.exe

C:\Windows\System\ydNBFCA.exe

C:\Windows\System\CaLLGAx.exe

C:\Windows\System\CaLLGAx.exe

C:\Windows\System\mFinnXj.exe

C:\Windows\System\mFinnXj.exe

C:\Windows\System\lPBCEAu.exe

C:\Windows\System\lPBCEAu.exe

C:\Windows\System\jlEvsUU.exe

C:\Windows\System\jlEvsUU.exe

C:\Windows\System\taiYQPN.exe

C:\Windows\System\taiYQPN.exe

C:\Windows\System\floFeSA.exe

C:\Windows\System\floFeSA.exe

C:\Windows\System\otBysbi.exe

C:\Windows\System\otBysbi.exe

C:\Windows\System\tYsqLhh.exe

C:\Windows\System\tYsqLhh.exe

C:\Windows\System\JTpOmXM.exe

C:\Windows\System\JTpOmXM.exe

C:\Windows\System\ZRnBQqC.exe

C:\Windows\System\ZRnBQqC.exe

C:\Windows\System\wxGXUzv.exe

C:\Windows\System\wxGXUzv.exe

C:\Windows\System\tXYKptC.exe

C:\Windows\System\tXYKptC.exe

C:\Windows\System\zREYcmU.exe

C:\Windows\System\zREYcmU.exe

C:\Windows\System\soMXynR.exe

C:\Windows\System\soMXynR.exe

C:\Windows\System\uJfxJvC.exe

C:\Windows\System\uJfxJvC.exe

C:\Windows\System\MYzoCui.exe

C:\Windows\System\MYzoCui.exe

C:\Windows\System\nhxVCGF.exe

C:\Windows\System\nhxVCGF.exe

C:\Windows\System\dvvqVPl.exe

C:\Windows\System\dvvqVPl.exe

C:\Windows\System\nhhKenb.exe

C:\Windows\System\nhhKenb.exe

C:\Windows\System\cbocODf.exe

C:\Windows\System\cbocODf.exe

C:\Windows\System\TGWSBDV.exe

C:\Windows\System\TGWSBDV.exe

C:\Windows\System\SksnABV.exe

C:\Windows\System\SksnABV.exe

C:\Windows\System\UOzTwhY.exe

C:\Windows\System\UOzTwhY.exe

C:\Windows\System\ZpltOSD.exe

C:\Windows\System\ZpltOSD.exe

C:\Windows\System\eiJtAdq.exe

C:\Windows\System\eiJtAdq.exe

C:\Windows\System\aedBrVx.exe

C:\Windows\System\aedBrVx.exe

C:\Windows\System\xsYCEJY.exe

C:\Windows\System\xsYCEJY.exe

C:\Windows\System\OofCjTT.exe

C:\Windows\System\OofCjTT.exe

C:\Windows\System\TiICJfB.exe

C:\Windows\System\TiICJfB.exe

C:\Windows\System\QQOWefv.exe

C:\Windows\System\QQOWefv.exe

C:\Windows\System\cBMPQON.exe

C:\Windows\System\cBMPQON.exe

C:\Windows\System\iiExOeI.exe

C:\Windows\System\iiExOeI.exe

C:\Windows\System\SCuzGMs.exe

C:\Windows\System\SCuzGMs.exe

C:\Windows\System\dzZEJtC.exe

C:\Windows\System\dzZEJtC.exe

C:\Windows\System\pdojapX.exe

C:\Windows\System\pdojapX.exe

C:\Windows\System\BPtytfQ.exe

C:\Windows\System\BPtytfQ.exe

C:\Windows\System\pyvpnPb.exe

C:\Windows\System\pyvpnPb.exe

C:\Windows\System\nUfrCHZ.exe

C:\Windows\System\nUfrCHZ.exe

C:\Windows\System\UggFgqg.exe

C:\Windows\System\UggFgqg.exe

C:\Windows\System\ziOQwgE.exe

C:\Windows\System\ziOQwgE.exe

C:\Windows\System\XBiXKeg.exe

C:\Windows\System\XBiXKeg.exe

C:\Windows\System\TWptYZs.exe

C:\Windows\System\TWptYZs.exe

C:\Windows\System\SbnjfyB.exe

C:\Windows\System\SbnjfyB.exe

C:\Windows\System\hdOXxMM.exe

C:\Windows\System\hdOXxMM.exe

C:\Windows\System\XTMkLGR.exe

C:\Windows\System\XTMkLGR.exe

C:\Windows\System\loJQzgf.exe

C:\Windows\System\loJQzgf.exe

C:\Windows\System\Hkscfbm.exe

C:\Windows\System\Hkscfbm.exe

C:\Windows\System\QnYvAJP.exe

C:\Windows\System\QnYvAJP.exe

C:\Windows\System\lTCZmQH.exe

C:\Windows\System\lTCZmQH.exe

C:\Windows\System\aanJXMt.exe

C:\Windows\System\aanJXMt.exe

C:\Windows\System\IxMgADb.exe

C:\Windows\System\IxMgADb.exe

C:\Windows\System\bnCDmdg.exe

C:\Windows\System\bnCDmdg.exe

C:\Windows\System\piMzufI.exe

C:\Windows\System\piMzufI.exe

C:\Windows\System\HJMtTnH.exe

C:\Windows\System\HJMtTnH.exe

C:\Windows\System\ORQIAZA.exe

C:\Windows\System\ORQIAZA.exe

C:\Windows\System\laBCcuA.exe

C:\Windows\System\laBCcuA.exe

C:\Windows\System\dnsqLkf.exe

C:\Windows\System\dnsqLkf.exe

C:\Windows\System\FcrCSkT.exe

C:\Windows\System\FcrCSkT.exe

C:\Windows\System\hHmnsuQ.exe

C:\Windows\System\hHmnsuQ.exe

C:\Windows\System\oXHuPdp.exe

C:\Windows\System\oXHuPdp.exe

C:\Windows\System\PKaMGep.exe

C:\Windows\System\PKaMGep.exe

C:\Windows\System\RrZMmsb.exe

C:\Windows\System\RrZMmsb.exe

C:\Windows\System\KDOLNea.exe

C:\Windows\System\KDOLNea.exe

C:\Windows\System\rrxwhDy.exe

C:\Windows\System\rrxwhDy.exe

C:\Windows\System\maDbnqi.exe

C:\Windows\System\maDbnqi.exe

C:\Windows\System\moCpBxg.exe

C:\Windows\System\moCpBxg.exe

C:\Windows\System\yuNCWye.exe

C:\Windows\System\yuNCWye.exe

C:\Windows\System\cNzArnR.exe

C:\Windows\System\cNzArnR.exe

C:\Windows\System\PqQiqBC.exe

C:\Windows\System\PqQiqBC.exe

C:\Windows\System\WSSQigl.exe

C:\Windows\System\WSSQigl.exe

C:\Windows\System\OvtBCfS.exe

C:\Windows\System\OvtBCfS.exe

C:\Windows\System\thizXLx.exe

C:\Windows\System\thizXLx.exe

C:\Windows\System\EKHOwpX.exe

C:\Windows\System\EKHOwpX.exe

C:\Windows\System\sDnpPjP.exe

C:\Windows\System\sDnpPjP.exe

C:\Windows\System\YSRnKNR.exe

C:\Windows\System\YSRnKNR.exe

C:\Windows\System\wJvqkYk.exe

C:\Windows\System\wJvqkYk.exe

C:\Windows\System\LhJZrCo.exe

C:\Windows\System\LhJZrCo.exe

C:\Windows\System\xPMoALG.exe

C:\Windows\System\xPMoALG.exe

C:\Windows\System\tDWnjlP.exe

C:\Windows\System\tDWnjlP.exe

C:\Windows\System\DUJySsm.exe

C:\Windows\System\DUJySsm.exe

C:\Windows\System\iaIEKDW.exe

C:\Windows\System\iaIEKDW.exe

C:\Windows\System\QuLtGfi.exe

C:\Windows\System\QuLtGfi.exe

C:\Windows\System\MWSbxlQ.exe

C:\Windows\System\MWSbxlQ.exe

C:\Windows\System\EVvXtDt.exe

C:\Windows\System\EVvXtDt.exe

C:\Windows\System\IvpjzIC.exe

C:\Windows\System\IvpjzIC.exe

C:\Windows\System\CNDvIJA.exe

C:\Windows\System\CNDvIJA.exe

C:\Windows\System\GwAFUrS.exe

C:\Windows\System\GwAFUrS.exe

C:\Windows\System\onYrdEh.exe

C:\Windows\System\onYrdEh.exe

C:\Windows\System\kjDYGtK.exe

C:\Windows\System\kjDYGtK.exe

C:\Windows\System\lZCaHuj.exe

C:\Windows\System\lZCaHuj.exe

C:\Windows\System\TWXapAs.exe

C:\Windows\System\TWXapAs.exe

C:\Windows\System\vMFTVaV.exe

C:\Windows\System\vMFTVaV.exe

C:\Windows\System\cJnxhzs.exe

C:\Windows\System\cJnxhzs.exe

C:\Windows\System\JXBkSKn.exe

C:\Windows\System\JXBkSKn.exe

C:\Windows\System\mmQdtJm.exe

C:\Windows\System\mmQdtJm.exe

C:\Windows\System\LqWvuuE.exe

C:\Windows\System\LqWvuuE.exe

C:\Windows\System\smDZSTX.exe

C:\Windows\System\smDZSTX.exe

C:\Windows\System\AsTxXOp.exe

C:\Windows\System\AsTxXOp.exe

C:\Windows\System\MNYEvkM.exe

C:\Windows\System\MNYEvkM.exe

C:\Windows\System\vaOWNGh.exe

C:\Windows\System\vaOWNGh.exe

C:\Windows\System\jWdEwGR.exe

C:\Windows\System\jWdEwGR.exe

C:\Windows\System\JjNkter.exe

C:\Windows\System\JjNkter.exe

C:\Windows\System\FLgJqYu.exe

C:\Windows\System\FLgJqYu.exe

C:\Windows\System\bbQhKft.exe

C:\Windows\System\bbQhKft.exe

C:\Windows\System\PbSfVEL.exe

C:\Windows\System\PbSfVEL.exe

C:\Windows\System\gYRdGYe.exe

C:\Windows\System\gYRdGYe.exe

C:\Windows\System\BXkxRTz.exe

C:\Windows\System\BXkxRTz.exe

C:\Windows\System\SgFsfpc.exe

C:\Windows\System\SgFsfpc.exe

C:\Windows\System\LdnsmBU.exe

C:\Windows\System\LdnsmBU.exe

C:\Windows\System\ZGtsiRP.exe

C:\Windows\System\ZGtsiRP.exe

C:\Windows\System\TmqOfhe.exe

C:\Windows\System\TmqOfhe.exe

C:\Windows\System\ltEzhmG.exe

C:\Windows\System\ltEzhmG.exe

C:\Windows\System\KFjZhQW.exe

C:\Windows\System\KFjZhQW.exe

C:\Windows\System\szBGFDp.exe

C:\Windows\System\szBGFDp.exe

C:\Windows\System\fKFKkOd.exe

C:\Windows\System\fKFKkOd.exe

C:\Windows\System\QhbuWle.exe

C:\Windows\System\QhbuWle.exe

C:\Windows\System\TTnYmGz.exe

C:\Windows\System\TTnYmGz.exe

C:\Windows\System\ZHYNetD.exe

C:\Windows\System\ZHYNetD.exe

C:\Windows\System\ispAzaQ.exe

C:\Windows\System\ispAzaQ.exe

C:\Windows\System\xggpmUu.exe

C:\Windows\System\xggpmUu.exe

C:\Windows\System\oQYtWXH.exe

C:\Windows\System\oQYtWXH.exe

C:\Windows\System\ZHsMMOO.exe

C:\Windows\System\ZHsMMOO.exe

C:\Windows\System\TrvSZVW.exe

C:\Windows\System\TrvSZVW.exe

C:\Windows\System\HwOFkWg.exe

C:\Windows\System\HwOFkWg.exe

C:\Windows\System\HbvWmpu.exe

C:\Windows\System\HbvWmpu.exe

C:\Windows\System\nZDNgYC.exe

C:\Windows\System\nZDNgYC.exe

C:\Windows\System\VPxQoVz.exe

C:\Windows\System\VPxQoVz.exe

C:\Windows\System\IcpJZSi.exe

C:\Windows\System\IcpJZSi.exe

C:\Windows\System\zYprjIn.exe

C:\Windows\System\zYprjIn.exe

C:\Windows\System\IfKJTIO.exe

C:\Windows\System\IfKJTIO.exe

C:\Windows\System\jaZUdLo.exe

C:\Windows\System\jaZUdLo.exe

C:\Windows\System\qDfEcyK.exe

C:\Windows\System\qDfEcyK.exe

C:\Windows\System\veBSZFM.exe

C:\Windows\System\veBSZFM.exe

C:\Windows\System\aWhfcty.exe

C:\Windows\System\aWhfcty.exe

C:\Windows\System\oUlqfAy.exe

C:\Windows\System\oUlqfAy.exe

C:\Windows\System\rWQxOvT.exe

C:\Windows\System\rWQxOvT.exe

C:\Windows\System\oHONxQq.exe

C:\Windows\System\oHONxQq.exe

C:\Windows\System\GJjxvDh.exe

C:\Windows\System\GJjxvDh.exe

C:\Windows\System\WEbVdYC.exe

C:\Windows\System\WEbVdYC.exe

C:\Windows\System\XmzMCzF.exe

C:\Windows\System\XmzMCzF.exe

C:\Windows\System\uGKMSUl.exe

C:\Windows\System\uGKMSUl.exe

C:\Windows\System\WUrEpIW.exe

C:\Windows\System\WUrEpIW.exe

C:\Windows\System\RMjFDUr.exe

C:\Windows\System\RMjFDUr.exe

C:\Windows\System\IQjFfTQ.exe

C:\Windows\System\IQjFfTQ.exe

C:\Windows\System\VCVREFn.exe

C:\Windows\System\VCVREFn.exe

C:\Windows\System\VhTokql.exe

C:\Windows\System\VhTokql.exe

C:\Windows\System\gOPybRz.exe

C:\Windows\System\gOPybRz.exe

C:\Windows\System\dCnWuHb.exe

C:\Windows\System\dCnWuHb.exe

C:\Windows\System\gRnUGkO.exe

C:\Windows\System\gRnUGkO.exe

C:\Windows\System\OsHJPMG.exe

C:\Windows\System\OsHJPMG.exe

C:\Windows\System\lYWneSw.exe

C:\Windows\System\lYWneSw.exe

C:\Windows\System\JhnyVbc.exe

C:\Windows\System\JhnyVbc.exe

C:\Windows\System\nHHOawN.exe

C:\Windows\System\nHHOawN.exe

C:\Windows\System\iEjkPSj.exe

C:\Windows\System\iEjkPSj.exe

C:\Windows\System\gzxwYew.exe

C:\Windows\System\gzxwYew.exe

C:\Windows\System\haBMZxq.exe

C:\Windows\System\haBMZxq.exe

C:\Windows\System\LcyyiJY.exe

C:\Windows\System\LcyyiJY.exe

C:\Windows\System\vBCBRNa.exe

C:\Windows\System\vBCBRNa.exe

C:\Windows\System\txNdeRz.exe

C:\Windows\System\txNdeRz.exe

C:\Windows\System\HKjWeoS.exe

C:\Windows\System\HKjWeoS.exe

C:\Windows\System\rVBydHO.exe

C:\Windows\System\rVBydHO.exe

C:\Windows\System\ShkzGJj.exe

C:\Windows\System\ShkzGJj.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.246.64:443 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/1572-0-0x00000188417E0000-0x00000188417F0000-memory.dmp

C:\Windows\System\dMVIdRl.exe

MD5 ca9fac8a311b496abc4aef1e0b17e317
SHA1 62c1dcc09ff8fbfc47bba7db6f9893a431f2ee10
SHA256 7dcf276c35d90acc88f06d7334920e64dc4918d85a0e048bca873593d0116f71
SHA512 e3217e828b693ae64038205d858ac09875ecd4740ba3d244f3d2ccc794975df28d44ae70770947e3be0616d056a6129b601a5825f7dbd8f3347dbe79770c969a

C:\Windows\System\vLgnYsj.exe

MD5 1abadf843b1a6fdc0d9fd3f717ebc210
SHA1 a6937a21b2b828add65c9d1e19fc501210015f5e
SHA256 650a001ba1a04cce47a7b5cddba921e76e9026d3b58125503c184f09e9d3df5c
SHA512 d47823865c98f5ca0243e72fd821dc2a9de3e36b19d6107e87ffdd8ad8330c3e1caada6f5b65f7bd9aeac22b047859a249a96753db352326bf878d6fede20df6

C:\Windows\System\GGepMzD.exe

MD5 d0dc86e01950d2defdf36c1b21fd4e55
SHA1 c0c71e918028d57211098cfa108ae19a70487caf
SHA256 83b85f5d48eac58d9c93fb68fea893080815aa9ab2b9457c47bb8fad82815b1a
SHA512 f2ea3ac64177b8a23501416f82106a226945233bfcacefc71b2dde01b03a1c78fc2bab8e4a5d9e799fcaa44d2402f0826bc79324ca8fa16ce82a47ace0290820

C:\Windows\System\TSqEDTd.exe

MD5 9ea01aa3d614a05af56afe759ea5e6af
SHA1 c4ab1a58b16b3b7ae1b03059aaf043718c6c72b6
SHA256 1209e3793caa0265ebb72913cfbb9dadf76e4764b272973200b0be81ee7063fd
SHA512 7886d29ab2eb4302d641d6bc7fb3a99cefdae3544d33e7f5efa6a6aa52d117eb922429c693a439983b8990c1bd9dafd67cebc4734abf3a39b5dd2829a39a905a

C:\Windows\System\YLXoAsM.exe

MD5 25c26eb53fea43c3224f51cf87cb76cb
SHA1 0d03bfd3b324e58461f939d3bbcdeee54ee1bfb0
SHA256 2ddb668937b5f4b8bccff1b0d606df7964b5b6323561aeba14410c991ea370b3
SHA512 b65ea7140618906fc1af753a0acecfffc1abf33eac06188aa1a850d979ffbb26486e3b6daf8365793379dcc5e01a9674f09a26ba35d20d21c6b7330ebc171326

C:\Windows\System\weSATbY.exe

MD5 4004dcf0d50e4aa0e9ea0c095eb20c7d
SHA1 b5051e689385b110d5e7d7fb771557b590a01e41
SHA256 de1fa4c3a14976877b74bf15203c4a5c3d15b2a76dbf972ca7c32d73a7d20716
SHA512 bfc3cd82c98d86abd781e21d4c38f7b1117b415e7c7c20518d7bbc345749645f9a478b428eec7143d641d4ee7f66a1698f0d670914271ad9d196d037a8ee50d4

C:\Windows\System\JCUgbMY.exe

MD5 d369a6ccae193646cbe597037afa3d18
SHA1 00b1239b5bb46920f184426e26924db8c3042787
SHA256 c4fdfe5e03eb60eefe3daa5db5cf935c0b64360b72fac683a254f9d782a2073c
SHA512 811819ab82a62e48421595fc6d719b9fee3d03bc9e0e31ff53fada60554e37d026779bec10825b8b1971c4c60410bbd5ef5f862d0bf08a7b72f5a547d8db9bbb

C:\Windows\System\wqBQvEq.exe

MD5 e082ba881c698efc20dc3d748c9cb6fa
SHA1 d88557e503fab0b93e8be74e4b8b63263f887b6c
SHA256 9d6dee02d0828b562b74eb2b63bb711560699485e67ed5aac78d04b5d5f81a11
SHA512 74fdfced89820edd08a513296712aa58e4cd1522c53b3fcf014dde64fa441f25ee1c8f91386b513080089ccfab9c9edf03125bc68541be244d288d34a645685a

C:\Windows\System\UOVHcmA.exe

MD5 32a5a121dd38eaca9532b794518eec76
SHA1 61c0c1ace3863e80f48e9f83377c2d13ec295dec
SHA256 932b1f319466b87b7a4d3899500ad86b03daec94665eaf84ca4e659ef692a579
SHA512 a3a3967a9383aa8a498ebd4d65c22afa8d0adaec8470ba94333629e498eadbad9e227f870ffd35204a1bbb313bcea70415d8b6fae61c6f69150825ccbac141a8

C:\Windows\System\yQOFCnZ.exe

MD5 06be6949e0c95b3c06cbd14097e60f88
SHA1 725f0dc09bbccf49d67c79987ade5def2a3f4130
SHA256 2dd74e295ef570661ef70fa7b899e297470eea4fae26f4620a805db5726bb0d3
SHA512 007954a36ba005add88c2230c67d7a8f1eadbbbcf2136a295e09c2747a87ae18fa9c39d8f7cc2f30e999c6d01777f75a526d6545170672b7f9ad4f12c9f08562

C:\Windows\System\ZSdEhTi.exe

MD5 5278c7992837aecdb70115e1d614505a
SHA1 b9d179c470b9f6967c6da4a837eadaeaf44c1d65
SHA256 50aab8796a0b4a374636d7ccc4b93b20164724ad04e1299caaa4612cd7bd06f1
SHA512 72fe59edc7b590514cd56787bf18fc90a1ea3f7c82f0ac321666dc0d92a74b426bd3b61191abc39c230273ba39556cfa7fc8f260cf54f7cc77990308e6ff3c28

C:\Windows\System\sFowLLF.exe

MD5 5929a683000ded8b32d0a1545c8e5d24
SHA1 cd3c8b91c4bfd24f17821d2c6d6c5fd7abb21878
SHA256 c89d4214774762be0bbd917f4d809837d652cbb993febaab09ccc02d93724922
SHA512 2d2c223d7fa9103f38698a14a5e6a5f296b5815db951d1a8573438db627248c3c6922d82ac1951a9aab9091a3e68d0e5f1f3fa516b66412eff6330c556b10b88

C:\Windows\System\slQatYF.exe

MD5 c0e5ffbc6270ae6b3efccfd5a04a4401
SHA1 4cd799e14248d1ba977ec1f91dcd0a9b6acc1e95
SHA256 2e0eeea470498ee0e84a0b73498199ace99770769bec4a92b9956d2e5f3387dd
SHA512 9db7910c922a6eb03969b32fc315e23436dba3d23390b6fb0b16274c124b7eff161fea814ee815219a2b38274c373edb760831ae9fb866ed231de088d8bde44b

C:\Windows\System\ZEJGbRw.exe

MD5 c6dbfbd70fd892f59a5c23983dd380ce
SHA1 035686f02148acf8f7a593562a8f7210a2470358
SHA256 1f9c6175429f465a2dcfcde44a409d46676bd6ac3fb925db80a2450138a055e5
SHA512 cb7b9ecc83a3d0442598998f8e959445a0ea952f94ba64ea50d3562261177f4fa549a6fe2f713d1e83d1cdaff636d86eaea3e7cfc4ad596ece73fbc1700eb047

C:\Windows\System\BQXydMi.exe

MD5 8e611a46984e86318421839518f27178
SHA1 bc413797af45eba848f4677ba812b9ba1a5f71b9
SHA256 d86c8db4bf2f510421106aa7695f98b32a60eb0c894f6213deca939bfa48d2da
SHA512 e88d583ba6a7d32a37ece1a83f354b20490c69e07eba852ebb532149334a00fd991866439bfc0a4f2e966cffbd0c29c6c766cdd34e462dece3bfdf4ce71e567a

C:\Windows\System\RXwwGUv.exe

MD5 4fda8dd2bbe75b8ffcf466a3ddc4f021
SHA1 e9268eca69856a679e0a53ed2ad31073d7e01dbd
SHA256 48e55fdd9363065860586476c19b24e764c3e4d96444258151bf645f64baa2fc
SHA512 14a5f645c56d26965ea44c646e3c524968a18d13f370b24fe57e28f52f350974de20d5022d5a1d5208a7e50be0a11c4c4d9c6a80c03618bcc437f8473753c883

C:\Windows\System\BQZEGfX.exe

MD5 5974a40c0bd207117b9c48c2e7886481
SHA1 cf986e89b5b26c3b0dfc648e22c3c778c6f4f733
SHA256 203dcf5860bf428f1b33cdfe5028a763bc915a842eca8e8ba282852a65071ba6
SHA512 bcb7a404025ec67eeb519e4146255592674f19a2000db921ce3614dec5504acb7be257b1d6e5492a6e8f909e3749b4f47e156b58667cae7e2d2ce2c46f59450d

C:\Windows\System\aRIMABI.exe

MD5 552766d2bcf5fc64c1f6230ee113a69a
SHA1 d216ff2ee128b7dc812ec307dee8414383a8ceee
SHA256 6299345dad28ede8c478565d5f4b51038acfaca6f33c2191181a9d403a4a50b9
SHA512 04c403dda5244af64bafb791b302a903b5f4e1979f6111462c99440b21e3e0de4770c50a800097354215f416a482063dd11b0b96c1983981a13625f829534d8a

C:\Windows\System\nEKYbmb.exe

MD5 1caaf3b3a271ed415870cca15063dd8c
SHA1 bb5b995bac90860778eded99214f1ceec5fd6555
SHA256 e9186f257bb0ce4cb43e6793c05400c36088517fa5c470a41247f51becd01c55
SHA512 bddd754dea4e42ba400e033aff1981e98384d4117fe541a2c2d9a91475ff6aeea7b7e1b6d88489c4df98394a7839560e1e5de7caaf7909c29551da1331e841e0

C:\Windows\System\nQNjawf.exe

MD5 54474b554307e735f139ef15a3229bf3
SHA1 9efedc2bbdc520997118e3df8ac9d629fa6352e1
SHA256 c81f5df237d4d8bba2160218c024911da34ad7c5f6dcbca70c7a7556d266b607
SHA512 70d94504924ced9ed81c93bce2d9d508f2c8975b1f6af93f42519290bedb7a8ebbfee28b4c7a66092c2d75dfc80c1fa95e40a32174d89a112a1a5553160f38dc

C:\Windows\System\cCiaNEi.exe

MD5 bf2b4f6b7e0cb8e07864108fe29603c5
SHA1 1920625d4e842b2baf20d872611babfa265b58a1
SHA256 bca57d4fca579102bb93f005550f8c2c316695b9cf596b000966a1190f9778b8
SHA512 ad68912648be04025372cf546986eeea83d2d01d7cc5703721ac3934cb28cec820e64cccfa87a272cc9d35085551c5372e6372be6e75bd708f8ac1da8da60853

C:\Windows\System\BFeidxp.exe

MD5 07f4c76cc0aaf8f423d8f627d0d20f4a
SHA1 df62c28c8264a040ff690123e2022eb9819a0023
SHA256 be9cb24df9f87f7221de53a6b81df33fd1560c2cbc13555d6fcb22563e57bda4
SHA512 4ca1a4aefc91d92e48e1d75679f7ea7f1b81b1e575a59b5010454e39f984bfe56e5e8f897b65c8c630880f19bf7a3071464be79ac482af4f7a2b3db1770a2cb0

C:\Windows\System\uMJxKZo.exe

MD5 5b1956781cd3273e66ca20522c04ceec
SHA1 625c25a0571e9aa5c130627a38488262b31a70ab
SHA256 08f4f99b9dcf2fa8cca488d6da73e70e77b99855aafa05a5ffdeff3e4a5a8b53
SHA512 b7e49c10fe2015ba8cd3605debef4d85af67bca1a7b8bfbdca392daafe0c82666beae36470714212e91516946b3ec66f2ccf5dfcc1b7df63bd343e139647cbc2

C:\Windows\System\mtaDSqy.exe

MD5 bb5c97e158505cd1bd680ce90bbde3df
SHA1 33a4d14408adb1879b833bad0645ee3df240f2ac
SHA256 45a9389379413475deef004a4bfaced46cbbba5cc18d888ac5e26ea85664399f
SHA512 d8d0424dc1db6e2800f465e78bfc31a64b6dc386882e68a181100de4da2cf59471f596d913e38265f870e66563b43f2404e618591af7cc8d66e4cb2ef6680aa6

C:\Windows\System\vcOXJhO.exe

MD5 73a9d1bc8fec2ba7f32c1233bc763c7b
SHA1 934a466957ba6a3267130493e9cd4d42d795d0a3
SHA256 66018ff01291d0571c57ebef02b2fdb61163898a1e024783a6cae92b925ba913
SHA512 1e71f50f132207722288f587741815877592e9e0ea2bac9394e303b9de0d23d4bc8d7dcc3f58f44bae843b45e096ff3aec9f0f93a61b18d21fbbebcf06420f68

C:\Windows\System\EJvzIyD.exe

MD5 77e2c41f720da17dd1bca1f01c8ea74c
SHA1 2a7283f6c668ed8d72cdc7153eeec3a90037eade
SHA256 a178f11eed110c33a2aa06e2b658e12bbe001490b6c27eb11f032c39e1a9b373
SHA512 3e771233eeac7f2479fd20e61d5520bfe41823cb91246f27b1b8f1eaece2f3f2a3e8599cef11d38de2df15f8c768b6725afd707d99ceba18932005c15a356614

C:\Windows\System\HdowSTL.exe

MD5 cc59a9aa3591fee963f1021c9d3cdf26
SHA1 346d923ff180e2379236cb14600c258b05ee51fb
SHA256 d3fc47aeabf7bedb4bcb8214e000d1c5041e6a959239f7ef48a03dce6b152a73
SHA512 c47b906e1e000245b8da3de324b41b58b21bb9cd70aa51142083caf6e4ff2fe2654e95f888c88e863a7716d7113976ad2dea6460df1872d2be454ee2a449ab9c

C:\Windows\System\sJQYsyG.exe

MD5 5df99392d3e3069e12edf42f265332b8
SHA1 ab954d3c77878b601dadadec22da533b2412d551
SHA256 28c4907e683c0c6824b5d9b8103fdac474ab115e2d240a8191aec7042549fb8f
SHA512 fdd94a601dd84e2ba1d7e8adcde1ec5f3d1d1bfc15dce6f3626e745d8bea300648572c2bc3ffb62c5db7104f5862c59c34be311880e8e9e89401a71cc74a676f

C:\Windows\System\MhrNWhp.exe

MD5 f2372b11e9cf8bb54415aad0285eeaa5
SHA1 2561d59b5ad6e8ce95ffadda7a5b0f62cc130f4a
SHA256 18c1039d4608f91ce01ea99060c2bdd34fea85858d82c52860326da889bdd7b4
SHA512 ec4a9941157e7134da373cc79defd4455b77b092c80b08727207de2a80e7abeea2cf68cfaa9098abac3261e0d9101b38bd59548508075568f50a95d491b3e1cb

C:\Windows\System\jYFisOc.exe

MD5 f440af4d3a0891e4969b139acfa41a26
SHA1 972e755b31a194493caf07121ac646a7fe3e77fe
SHA256 844c3ea3c58496ac5b0189698efc4051bba3765c93301bf037ca85899678bbcb
SHA512 6a7122bcc5c5a1220a5925454dba9a8a7864f1d7ea314923b8d01c1ce369b17b97a5f071ba71e70c88c808e2845b1eacc64cd820172f4e4b38c1d1a8b043023b

C:\Windows\System\MUwxtEs.exe

MD5 7d0cc41ebcb25b2d35c0d1d7565744c0
SHA1 b5172ecfb8bd89e214f78c2e40ef678a5230229b
SHA256 69a9252514e42415a798c6f99238fb041eb92de6e89f27fbf9ba94bded00305d
SHA512 6ac620dfbeeba6962a0fa2df5f2131fd787a011bd06864527777fbb9a324a8c1bf93923d43be247f628d00dd055a04c63d34969f1c96be7bb8743955056e63f8

C:\Windows\System\uwmhBYh.exe

MD5 24db44b21983f9cee8cfdc755e1809a7
SHA1 fded124811cb2979dfb9b390f306d278a586ac97
SHA256 71d755a772049b23412d76f77f9e5c251c6cf51d4baacfc74311db8a23dcedae
SHA512 dd89284b616f2f3bc5af665fb00117c178fbedffed89ac63e07e20f08792c2bf003818196f7c945fddc6c6f8ed4a0464ec67d8a9ea724d8e73311d1a2d5b5987