Malware Analysis Report

2024-09-10 00:10

Sample ID 240613-kd8blavejq
Target 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe
SHA256 95dfa69a3dbfea32817216c020aa4dbfc0bb3dfb09f18164d8736405376e0db7
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

95dfa69a3dbfea32817216c020aa4dbfc0bb3dfb09f18164d8736405376e0db7

Threat Level: Known bad

The file 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:30

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:30

Reported

2024-06-13 08:32

Platform

win7-20240508-en

Max time kernel

135s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\AGrxKAF.exe N/A
N/A N/A C:\Windows\System\DqGMlin.exe N/A
N/A N/A C:\Windows\System\lpgktKN.exe N/A
N/A N/A C:\Windows\System\jFSRcsQ.exe N/A
N/A N/A C:\Windows\System\DCJSZxF.exe N/A
N/A N/A C:\Windows\System\nzrjXwS.exe N/A
N/A N/A C:\Windows\System\pptBMgR.exe N/A
N/A N/A C:\Windows\System\epUmBpD.exe N/A
N/A N/A C:\Windows\System\kLRfqwu.exe N/A
N/A N/A C:\Windows\System\yFnxcSM.exe N/A
N/A N/A C:\Windows\System\oXxfkDI.exe N/A
N/A N/A C:\Windows\System\DykGJYd.exe N/A
N/A N/A C:\Windows\System\USzQKkA.exe N/A
N/A N/A C:\Windows\System\QzajDKz.exe N/A
N/A N/A C:\Windows\System\rsRlKcK.exe N/A
N/A N/A C:\Windows\System\GWSphBV.exe N/A
N/A N/A C:\Windows\System\gwWnDnC.exe N/A
N/A N/A C:\Windows\System\uFHkzFj.exe N/A
N/A N/A C:\Windows\System\yRauzkN.exe N/A
N/A N/A C:\Windows\System\UbFfbdV.exe N/A
N/A N/A C:\Windows\System\Fidxoza.exe N/A
N/A N/A C:\Windows\System\rRrAXco.exe N/A
N/A N/A C:\Windows\System\CpYrhTK.exe N/A
N/A N/A C:\Windows\System\GZihKWQ.exe N/A
N/A N/A C:\Windows\System\ZqmWrwB.exe N/A
N/A N/A C:\Windows\System\OZCMhGB.exe N/A
N/A N/A C:\Windows\System\gLrUhwO.exe N/A
N/A N/A C:\Windows\System\BuvNwsq.exe N/A
N/A N/A C:\Windows\System\mevljXk.exe N/A
N/A N/A C:\Windows\System\gBGMflY.exe N/A
N/A N/A C:\Windows\System\LFrcovt.exe N/A
N/A N/A C:\Windows\System\ZywDJEc.exe N/A
N/A N/A C:\Windows\System\oXiIKDU.exe N/A
N/A N/A C:\Windows\System\sCIDhQx.exe N/A
N/A N/A C:\Windows\System\FFKVItB.exe N/A
N/A N/A C:\Windows\System\oQBVgZh.exe N/A
N/A N/A C:\Windows\System\lguEcRy.exe N/A
N/A N/A C:\Windows\System\unvfYgO.exe N/A
N/A N/A C:\Windows\System\MlTAbdX.exe N/A
N/A N/A C:\Windows\System\VGtqsWc.exe N/A
N/A N/A C:\Windows\System\nfsYohU.exe N/A
N/A N/A C:\Windows\System\yaMxqCw.exe N/A
N/A N/A C:\Windows\System\OtWmkwg.exe N/A
N/A N/A C:\Windows\System\SkpIgeh.exe N/A
N/A N/A C:\Windows\System\LHZyIWf.exe N/A
N/A N/A C:\Windows\System\JQadnth.exe N/A
N/A N/A C:\Windows\System\uOWXbtw.exe N/A
N/A N/A C:\Windows\System\RNTEula.exe N/A
N/A N/A C:\Windows\System\cxXpjLb.exe N/A
N/A N/A C:\Windows\System\wyfbpEV.exe N/A
N/A N/A C:\Windows\System\UrBMRtv.exe N/A
N/A N/A C:\Windows\System\WDMxKcI.exe N/A
N/A N/A C:\Windows\System\kXGlhuk.exe N/A
N/A N/A C:\Windows\System\CddWpJS.exe N/A
N/A N/A C:\Windows\System\JUwLSot.exe N/A
N/A N/A C:\Windows\System\iHvZYEy.exe N/A
N/A N/A C:\Windows\System\mkeaqSf.exe N/A
N/A N/A C:\Windows\System\lYHlQjs.exe N/A
N/A N/A C:\Windows\System\ZarAlqV.exe N/A
N/A N/A C:\Windows\System\SxoKesx.exe N/A
N/A N/A C:\Windows\System\inWHUWs.exe N/A
N/A N/A C:\Windows\System\GxFzVMY.exe N/A
N/A N/A C:\Windows\System\iMyZdek.exe N/A
N/A N/A C:\Windows\System\EMpPAOR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rsRlKcK.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gwWnDnC.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWzhIuT.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHSBuVm.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wphiAUQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CddWpJS.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\diYDWGZ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRtSsko.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVfRMkA.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVpOMGp.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkPhfsK.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyfbpEV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmrwUzT.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEtqtfq.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLiTJbq.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OtWmkwg.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOtXRUM.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXiIKDU.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbxKfXx.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzajDKz.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CoGHCZD.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvpBaQK.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfQDcre.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BBSrFii.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HrSfVUt.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGQjfbg.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRhRzDR.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnhEswV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpgktKN.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLRfqwu.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pWLAepk.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TzNcwns.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jSRNutR.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ToiMqgZ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZUEHpc.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfWJfNz.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\USzQKkA.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBGMflY.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lguEcRy.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxXpjLb.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFJnAwu.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCoJnvw.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UIeNojp.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbFfbdV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbYpBHU.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TczgonU.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZrrqftB.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oQBVgZh.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CaoLsCM.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYHlQjs.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZmqHqE.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWkzdYm.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuvNwsq.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkTGzIF.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\utCatPA.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXGlhuk.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NuiXQln.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqGMlin.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZqmWrwB.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\faIJVjF.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QIPzVGy.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NolspCr.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFrcovt.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNTEula.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\AGrxKAF.exe
PID 2424 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\AGrxKAF.exe
PID 2424 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\AGrxKAF.exe
PID 2424 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DqGMlin.exe
PID 2424 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DqGMlin.exe
PID 2424 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DqGMlin.exe
PID 2424 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\lpgktKN.exe
PID 2424 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\lpgktKN.exe
PID 2424 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\lpgktKN.exe
PID 2424 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\jFSRcsQ.exe
PID 2424 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\jFSRcsQ.exe
PID 2424 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\jFSRcsQ.exe
PID 2424 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DCJSZxF.exe
PID 2424 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DCJSZxF.exe
PID 2424 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DCJSZxF.exe
PID 2424 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\nzrjXwS.exe
PID 2424 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\nzrjXwS.exe
PID 2424 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\nzrjXwS.exe
PID 2424 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\pptBMgR.exe
PID 2424 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\pptBMgR.exe
PID 2424 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\pptBMgR.exe
PID 2424 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\epUmBpD.exe
PID 2424 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\epUmBpD.exe
PID 2424 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\epUmBpD.exe
PID 2424 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\kLRfqwu.exe
PID 2424 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\kLRfqwu.exe
PID 2424 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\kLRfqwu.exe
PID 2424 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yFnxcSM.exe
PID 2424 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yFnxcSM.exe
PID 2424 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yFnxcSM.exe
PID 2424 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oXxfkDI.exe
PID 2424 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oXxfkDI.exe
PID 2424 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oXxfkDI.exe
PID 2424 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DykGJYd.exe
PID 2424 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DykGJYd.exe
PID 2424 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\DykGJYd.exe
PID 2424 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\USzQKkA.exe
PID 2424 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\USzQKkA.exe
PID 2424 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\USzQKkA.exe
PID 2424 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\QzajDKz.exe
PID 2424 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\QzajDKz.exe
PID 2424 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\QzajDKz.exe
PID 2424 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\rsRlKcK.exe
PID 2424 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\rsRlKcK.exe
PID 2424 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\rsRlKcK.exe
PID 2424 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GWSphBV.exe
PID 2424 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GWSphBV.exe
PID 2424 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GWSphBV.exe
PID 2424 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\gwWnDnC.exe
PID 2424 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\gwWnDnC.exe
PID 2424 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\gwWnDnC.exe
PID 2424 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\uFHkzFj.exe
PID 2424 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\uFHkzFj.exe
PID 2424 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\uFHkzFj.exe
PID 2424 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yRauzkN.exe
PID 2424 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yRauzkN.exe
PID 2424 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yRauzkN.exe
PID 2424 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\UbFfbdV.exe
PID 2424 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\UbFfbdV.exe
PID 2424 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\UbFfbdV.exe
PID 2424 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\Fidxoza.exe
PID 2424 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\Fidxoza.exe
PID 2424 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\Fidxoza.exe
PID 2424 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\rRrAXco.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"

C:\Windows\System\AGrxKAF.exe

C:\Windows\System\AGrxKAF.exe

C:\Windows\System\DqGMlin.exe

C:\Windows\System\DqGMlin.exe

C:\Windows\System\lpgktKN.exe

C:\Windows\System\lpgktKN.exe

C:\Windows\System\jFSRcsQ.exe

C:\Windows\System\jFSRcsQ.exe

C:\Windows\System\DCJSZxF.exe

C:\Windows\System\DCJSZxF.exe

C:\Windows\System\nzrjXwS.exe

C:\Windows\System\nzrjXwS.exe

C:\Windows\System\pptBMgR.exe

C:\Windows\System\pptBMgR.exe

C:\Windows\System\epUmBpD.exe

C:\Windows\System\epUmBpD.exe

C:\Windows\System\kLRfqwu.exe

C:\Windows\System\kLRfqwu.exe

C:\Windows\System\yFnxcSM.exe

C:\Windows\System\yFnxcSM.exe

C:\Windows\System\oXxfkDI.exe

C:\Windows\System\oXxfkDI.exe

C:\Windows\System\DykGJYd.exe

C:\Windows\System\DykGJYd.exe

C:\Windows\System\USzQKkA.exe

C:\Windows\System\USzQKkA.exe

C:\Windows\System\QzajDKz.exe

C:\Windows\System\QzajDKz.exe

C:\Windows\System\rsRlKcK.exe

C:\Windows\System\rsRlKcK.exe

C:\Windows\System\GWSphBV.exe

C:\Windows\System\GWSphBV.exe

C:\Windows\System\gwWnDnC.exe

C:\Windows\System\gwWnDnC.exe

C:\Windows\System\uFHkzFj.exe

C:\Windows\System\uFHkzFj.exe

C:\Windows\System\yRauzkN.exe

C:\Windows\System\yRauzkN.exe

C:\Windows\System\UbFfbdV.exe

C:\Windows\System\UbFfbdV.exe

C:\Windows\System\Fidxoza.exe

C:\Windows\System\Fidxoza.exe

C:\Windows\System\rRrAXco.exe

C:\Windows\System\rRrAXco.exe

C:\Windows\System\CpYrhTK.exe

C:\Windows\System\CpYrhTK.exe

C:\Windows\System\GZihKWQ.exe

C:\Windows\System\GZihKWQ.exe

C:\Windows\System\ZqmWrwB.exe

C:\Windows\System\ZqmWrwB.exe

C:\Windows\System\OZCMhGB.exe

C:\Windows\System\OZCMhGB.exe

C:\Windows\System\gLrUhwO.exe

C:\Windows\System\gLrUhwO.exe

C:\Windows\System\BuvNwsq.exe

C:\Windows\System\BuvNwsq.exe

C:\Windows\System\mevljXk.exe

C:\Windows\System\mevljXk.exe

C:\Windows\System\gBGMflY.exe

C:\Windows\System\gBGMflY.exe

C:\Windows\System\LFrcovt.exe

C:\Windows\System\LFrcovt.exe

C:\Windows\System\ZywDJEc.exe

C:\Windows\System\ZywDJEc.exe

C:\Windows\System\oXiIKDU.exe

C:\Windows\System\oXiIKDU.exe

C:\Windows\System\sCIDhQx.exe

C:\Windows\System\sCIDhQx.exe

C:\Windows\System\FFKVItB.exe

C:\Windows\System\FFKVItB.exe

C:\Windows\System\oQBVgZh.exe

C:\Windows\System\oQBVgZh.exe

C:\Windows\System\lguEcRy.exe

C:\Windows\System\lguEcRy.exe

C:\Windows\System\unvfYgO.exe

C:\Windows\System\unvfYgO.exe

C:\Windows\System\MlTAbdX.exe

C:\Windows\System\MlTAbdX.exe

C:\Windows\System\VGtqsWc.exe

C:\Windows\System\VGtqsWc.exe

C:\Windows\System\nfsYohU.exe

C:\Windows\System\nfsYohU.exe

C:\Windows\System\yaMxqCw.exe

C:\Windows\System\yaMxqCw.exe

C:\Windows\System\OtWmkwg.exe

C:\Windows\System\OtWmkwg.exe

C:\Windows\System\SkpIgeh.exe

C:\Windows\System\SkpIgeh.exe

C:\Windows\System\LHZyIWf.exe

C:\Windows\System\LHZyIWf.exe

C:\Windows\System\JQadnth.exe

C:\Windows\System\JQadnth.exe

C:\Windows\System\uOWXbtw.exe

C:\Windows\System\uOWXbtw.exe

C:\Windows\System\RNTEula.exe

C:\Windows\System\RNTEula.exe

C:\Windows\System\cxXpjLb.exe

C:\Windows\System\cxXpjLb.exe

C:\Windows\System\wyfbpEV.exe

C:\Windows\System\wyfbpEV.exe

C:\Windows\System\UrBMRtv.exe

C:\Windows\System\UrBMRtv.exe

C:\Windows\System\WDMxKcI.exe

C:\Windows\System\WDMxKcI.exe

C:\Windows\System\kXGlhuk.exe

C:\Windows\System\kXGlhuk.exe

C:\Windows\System\CddWpJS.exe

C:\Windows\System\CddWpJS.exe

C:\Windows\System\JUwLSot.exe

C:\Windows\System\JUwLSot.exe

C:\Windows\System\iHvZYEy.exe

C:\Windows\System\iHvZYEy.exe

C:\Windows\System\mkeaqSf.exe

C:\Windows\System\mkeaqSf.exe

C:\Windows\System\lYHlQjs.exe

C:\Windows\System\lYHlQjs.exe

C:\Windows\System\ZarAlqV.exe

C:\Windows\System\ZarAlqV.exe

C:\Windows\System\SxoKesx.exe

C:\Windows\System\SxoKesx.exe

C:\Windows\System\inWHUWs.exe

C:\Windows\System\inWHUWs.exe

C:\Windows\System\GxFzVMY.exe

C:\Windows\System\GxFzVMY.exe

C:\Windows\System\iMyZdek.exe

C:\Windows\System\iMyZdek.exe

C:\Windows\System\EMpPAOR.exe

C:\Windows\System\EMpPAOR.exe

C:\Windows\System\VWhFctr.exe

C:\Windows\System\VWhFctr.exe

C:\Windows\System\ToiMqgZ.exe

C:\Windows\System\ToiMqgZ.exe

C:\Windows\System\TczgonU.exe

C:\Windows\System\TczgonU.exe

C:\Windows\System\aZNRwFB.exe

C:\Windows\System\aZNRwFB.exe

C:\Windows\System\hVwUQvl.exe

C:\Windows\System\hVwUQvl.exe

C:\Windows\System\RsnskHa.exe

C:\Windows\System\RsnskHa.exe

C:\Windows\System\yuFsEhH.exe

C:\Windows\System\yuFsEhH.exe

C:\Windows\System\hkTGzIF.exe

C:\Windows\System\hkTGzIF.exe

C:\Windows\System\TDxczdW.exe

C:\Windows\System\TDxczdW.exe

C:\Windows\System\CoGHCZD.exe

C:\Windows\System\CoGHCZD.exe

C:\Windows\System\WRtSsko.exe

C:\Windows\System\WRtSsko.exe

C:\Windows\System\lYJjZDj.exe

C:\Windows\System\lYJjZDj.exe

C:\Windows\System\tnCBUPc.exe

C:\Windows\System\tnCBUPc.exe

C:\Windows\System\gocKMpA.exe

C:\Windows\System\gocKMpA.exe

C:\Windows\System\oIpNpsj.exe

C:\Windows\System\oIpNpsj.exe

C:\Windows\System\TJsCKJm.exe

C:\Windows\System\TJsCKJm.exe

C:\Windows\System\HrSfVUt.exe

C:\Windows\System\HrSfVUt.exe

C:\Windows\System\GjcHnLY.exe

C:\Windows\System\GjcHnLY.exe

C:\Windows\System\nuuyLwU.exe

C:\Windows\System\nuuyLwU.exe

C:\Windows\System\jIwzFYc.exe

C:\Windows\System\jIwzFYc.exe

C:\Windows\System\bVfRMkA.exe

C:\Windows\System\bVfRMkA.exe

C:\Windows\System\LWVENrJ.exe

C:\Windows\System\LWVENrJ.exe

C:\Windows\System\ZrrqftB.exe

C:\Windows\System\ZrrqftB.exe

C:\Windows\System\pEMnHJd.exe

C:\Windows\System\pEMnHJd.exe

C:\Windows\System\rveuGiP.exe

C:\Windows\System\rveuGiP.exe

C:\Windows\System\zZmqHqE.exe

C:\Windows\System\zZmqHqE.exe

C:\Windows\System\meUHwJi.exe

C:\Windows\System\meUHwJi.exe

C:\Windows\System\FALCAsp.exe

C:\Windows\System\FALCAsp.exe

C:\Windows\System\zWzhIuT.exe

C:\Windows\System\zWzhIuT.exe

C:\Windows\System\nijrNZv.exe

C:\Windows\System\nijrNZv.exe

C:\Windows\System\xtNAuDy.exe

C:\Windows\System\xtNAuDy.exe

C:\Windows\System\BYVabfD.exe

C:\Windows\System\BYVabfD.exe

C:\Windows\System\OjBUWmB.exe

C:\Windows\System\OjBUWmB.exe

C:\Windows\System\mWkzdYm.exe

C:\Windows\System\mWkzdYm.exe

C:\Windows\System\pWLAepk.exe

C:\Windows\System\pWLAepk.exe

C:\Windows\System\YZiUCQs.exe

C:\Windows\System\YZiUCQs.exe

C:\Windows\System\TzNcwns.exe

C:\Windows\System\TzNcwns.exe

C:\Windows\System\uVpOMGp.exe

C:\Windows\System\uVpOMGp.exe

C:\Windows\System\XhLsHmF.exe

C:\Windows\System\XhLsHmF.exe

C:\Windows\System\TnyhhwC.exe

C:\Windows\System\TnyhhwC.exe

C:\Windows\System\diYDWGZ.exe

C:\Windows\System\diYDWGZ.exe

C:\Windows\System\tljBRVF.exe

C:\Windows\System\tljBRVF.exe

C:\Windows\System\LayEINt.exe

C:\Windows\System\LayEINt.exe

C:\Windows\System\GtmDsxr.exe

C:\Windows\System\GtmDsxr.exe

C:\Windows\System\eVfTWEK.exe

C:\Windows\System\eVfTWEK.exe

C:\Windows\System\NzQWcED.exe

C:\Windows\System\NzQWcED.exe

C:\Windows\System\EGQjfbg.exe

C:\Windows\System\EGQjfbg.exe

C:\Windows\System\aBFLARJ.exe

C:\Windows\System\aBFLARJ.exe

C:\Windows\System\UZUEHpc.exe

C:\Windows\System\UZUEHpc.exe

C:\Windows\System\yKmigJq.exe

C:\Windows\System\yKmigJq.exe

C:\Windows\System\WSFEssa.exe

C:\Windows\System\WSFEssa.exe

C:\Windows\System\KewxOkt.exe

C:\Windows\System\KewxOkt.exe

C:\Windows\System\SddTqnX.exe

C:\Windows\System\SddTqnX.exe

C:\Windows\System\faIJVjF.exe

C:\Windows\System\faIJVjF.exe

C:\Windows\System\fVrvDJA.exe

C:\Windows\System\fVrvDJA.exe

C:\Windows\System\jwsUseu.exe

C:\Windows\System\jwsUseu.exe

C:\Windows\System\LnhEswV.exe

C:\Windows\System\LnhEswV.exe

C:\Windows\System\ycrROkl.exe

C:\Windows\System\ycrROkl.exe

C:\Windows\System\ktZpdBm.exe

C:\Windows\System\ktZpdBm.exe

C:\Windows\System\xbEATcp.exe

C:\Windows\System\xbEATcp.exe

C:\Windows\System\ZFJnAwu.exe

C:\Windows\System\ZFJnAwu.exe

C:\Windows\System\wlxIDYU.exe

C:\Windows\System\wlxIDYU.exe

C:\Windows\System\hwWEiXU.exe

C:\Windows\System\hwWEiXU.exe

C:\Windows\System\ISLlDyJ.exe

C:\Windows\System\ISLlDyJ.exe

C:\Windows\System\cHSBuVm.exe

C:\Windows\System\cHSBuVm.exe

C:\Windows\System\fqgAZYC.exe

C:\Windows\System\fqgAZYC.exe

C:\Windows\System\qLiTJbq.exe

C:\Windows\System\qLiTJbq.exe

C:\Windows\System\nzrQsWf.exe

C:\Windows\System\nzrQsWf.exe

C:\Windows\System\YgwWFOQ.exe

C:\Windows\System\YgwWFOQ.exe

C:\Windows\System\eXfrnjE.exe

C:\Windows\System\eXfrnjE.exe

C:\Windows\System\wawpleh.exe

C:\Windows\System\wawpleh.exe

C:\Windows\System\pfWJfNz.exe

C:\Windows\System\pfWJfNz.exe

C:\Windows\System\NolspCr.exe

C:\Windows\System\NolspCr.exe

C:\Windows\System\RGdBvuB.exe

C:\Windows\System\RGdBvuB.exe

C:\Windows\System\XmaydxP.exe

C:\Windows\System\XmaydxP.exe

C:\Windows\System\QzqnomC.exe

C:\Windows\System\QzqnomC.exe

C:\Windows\System\KTvGVQb.exe

C:\Windows\System\KTvGVQb.exe

C:\Windows\System\DSFYdkH.exe

C:\Windows\System\DSFYdkH.exe

C:\Windows\System\vRhRzDR.exe

C:\Windows\System\vRhRzDR.exe

C:\Windows\System\QIPzVGy.exe

C:\Windows\System\QIPzVGy.exe

C:\Windows\System\bTddzEZ.exe

C:\Windows\System\bTddzEZ.exe

C:\Windows\System\utCatPA.exe

C:\Windows\System\utCatPA.exe

C:\Windows\System\zDsTcKr.exe

C:\Windows\System\zDsTcKr.exe

C:\Windows\System\kbfSAuw.exe

C:\Windows\System\kbfSAuw.exe

C:\Windows\System\sCSdXLB.exe

C:\Windows\System\sCSdXLB.exe

C:\Windows\System\awShvvH.exe

C:\Windows\System\awShvvH.exe

C:\Windows\System\CaoLsCM.exe

C:\Windows\System\CaoLsCM.exe

C:\Windows\System\tTcuOad.exe

C:\Windows\System\tTcuOad.exe

C:\Windows\System\fNwKRsl.exe

C:\Windows\System\fNwKRsl.exe

C:\Windows\System\PkPhfsK.exe

C:\Windows\System\PkPhfsK.exe

C:\Windows\System\BourZtw.exe

C:\Windows\System\BourZtw.exe

C:\Windows\System\DAXtFQR.exe

C:\Windows\System\DAXtFQR.exe

C:\Windows\System\wCoJnvw.exe

C:\Windows\System\wCoJnvw.exe

C:\Windows\System\EdntrxL.exe

C:\Windows\System\EdntrxL.exe

C:\Windows\System\OCrKMml.exe

C:\Windows\System\OCrKMml.exe

C:\Windows\System\RKvtDER.exe

C:\Windows\System\RKvtDER.exe

C:\Windows\System\KpsTyoT.exe

C:\Windows\System\KpsTyoT.exe

C:\Windows\System\nxUDXyv.exe

C:\Windows\System\nxUDXyv.exe

C:\Windows\System\mvpBaQK.exe

C:\Windows\System\mvpBaQK.exe

C:\Windows\System\bYiJdLJ.exe

C:\Windows\System\bYiJdLJ.exe

C:\Windows\System\yKapybh.exe

C:\Windows\System\yKapybh.exe

C:\Windows\System\UIeNojp.exe

C:\Windows\System\UIeNojp.exe

C:\Windows\System\tPhLAjj.exe

C:\Windows\System\tPhLAjj.exe

C:\Windows\System\UALlVfD.exe

C:\Windows\System\UALlVfD.exe

C:\Windows\System\OmrwUzT.exe

C:\Windows\System\OmrwUzT.exe

C:\Windows\System\BEQZXed.exe

C:\Windows\System\BEQZXed.exe

C:\Windows\System\hLsGPsp.exe

C:\Windows\System\hLsGPsp.exe

C:\Windows\System\RDWgbML.exe

C:\Windows\System\RDWgbML.exe

C:\Windows\System\hrKYafZ.exe

C:\Windows\System\hrKYafZ.exe

C:\Windows\System\SEtqtfq.exe

C:\Windows\System\SEtqtfq.exe

C:\Windows\System\wphiAUQ.exe

C:\Windows\System\wphiAUQ.exe

C:\Windows\System\jfQDcre.exe

C:\Windows\System\jfQDcre.exe

C:\Windows\System\CSgGocG.exe

C:\Windows\System\CSgGocG.exe

C:\Windows\System\sdHyNDl.exe

C:\Windows\System\sdHyNDl.exe

C:\Windows\System\FNxOkpp.exe

C:\Windows\System\FNxOkpp.exe

C:\Windows\System\sVQnLlA.exe

C:\Windows\System\sVQnLlA.exe

C:\Windows\System\fXQaCDO.exe

C:\Windows\System\fXQaCDO.exe

C:\Windows\System\vRTiNUG.exe

C:\Windows\System\vRTiNUG.exe

C:\Windows\System\HbYpBHU.exe

C:\Windows\System\HbYpBHU.exe

C:\Windows\System\BBSrFii.exe

C:\Windows\System\BBSrFii.exe

C:\Windows\System\GILkfyA.exe

C:\Windows\System\GILkfyA.exe

C:\Windows\System\PbxKfXx.exe

C:\Windows\System\PbxKfXx.exe

C:\Windows\System\PrPMvVK.exe

C:\Windows\System\PrPMvVK.exe

C:\Windows\System\SBfhbXO.exe

C:\Windows\System\SBfhbXO.exe

C:\Windows\System\oHwYWQP.exe

C:\Windows\System\oHwYWQP.exe

C:\Windows\System\oOtXRUM.exe

C:\Windows\System\oOtXRUM.exe

C:\Windows\System\jSRNutR.exe

C:\Windows\System\jSRNutR.exe

C:\Windows\System\IABbsbN.exe

C:\Windows\System\IABbsbN.exe

C:\Windows\System\NuiXQln.exe

C:\Windows\System\NuiXQln.exe

C:\Windows\System\rEfBrxW.exe

C:\Windows\System\rEfBrxW.exe

C:\Windows\System\tebMUwj.exe

C:\Windows\System\tebMUwj.exe

C:\Windows\System\vyNdtuq.exe

C:\Windows\System\vyNdtuq.exe

C:\Windows\System\WKpBsri.exe

C:\Windows\System\WKpBsri.exe

C:\Windows\System\tXNtNmK.exe

C:\Windows\System\tXNtNmK.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2424-0-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\AGrxKAF.exe

MD5 bc9f3909b5699636fba43e534a6c2205
SHA1 a58a6f07e67fe21581112cebdd7f536282995432
SHA256 81494af3ff0a7ce103e454142fe12cdb6daf6f41fb07403a2f32a5a1e0d24d47
SHA512 0e6853d5d06966e7d2a22123c0104cd191f1a7bb290c734d26df43772621bf56c28853948a773bae545b155bf849a510d202d5218a94ca4ddd79ed69062e303f

\Windows\system\DqGMlin.exe

MD5 0a3bbd37f851732194f4e90b94ec43ff
SHA1 8f6a0dbf9d1daad73b69cbda1054ea0e87fe1811
SHA256 b3dec7c910af8cfa43f85c6124aa9826cdbbbfe4f3b93fc7c244b43414703da9
SHA512 c6a3ba98109b22d700e1005a2b2755ddcd03cd6d57cf43872e3c62aec94a1cfb5e512216c1a20786d50a83edbfcf2700361cfee3e4c5685c6ac497d041117684

C:\Windows\system\lpgktKN.exe

MD5 a05ac1a3a4599609a1c5d50bc2988df7
SHA1 b30f012a0d1186f3241613a1222184180e762056
SHA256 9ca0a8a86ebac2c0190a1e7892f0b30170d478c5c94c6db4477ad076ec945a02
SHA512 911460ba7aa7174f35cb17668a57f28d8497797e8edaf91173c78b7b8240a677e767270308923955233a8c0ab26d37d868b6b57feb937476e67124b544996d0e

C:\Windows\system\jFSRcsQ.exe

MD5 ec690a7d6f52bac53f8484b09d1a200e
SHA1 628dd1c29d78b2f4e6d9b94fe6ad98f59be5a5a9
SHA256 8b420cd5c2b193e16cd385f875e3de1e3f1c574bef29a4315c0111f73fe40e66
SHA512 15f820079f1a51584d77eb86513c0f33bb6d20e16cd3dc51fc3626fb5f0589b3fb309291d833984df5e6daa685901a56806cab610f13702d73aec32cfe015709

C:\Windows\system\DCJSZxF.exe

MD5 017d3cbad2f5a3db91966ea78da6da81
SHA1 0e9da1fa2b54ed3e4e947b2b857e5928c4703fc3
SHA256 f55eef0b25789f20a89413bd3f69d741ebae31e1e1f2813fef2c3f629794b328
SHA512 bd79dddcd45320fee0ee3f3e16ab9c18dd7141dbd071f42ab23d302c0e9692b8efa562f1f7a95acaf01f6f1629cce37b8312e49277562757c5dd91dee7a443c2

C:\Windows\system\nzrjXwS.exe

MD5 15206ccc87076a32637282deb08a4e3e
SHA1 6c3c2a3a26e04e72bbaa9a4f5dc9fd302aeae878
SHA256 68c7861e9858bda6181a10a69816fff46dd06e8749cea82651af82aa079e0e0d
SHA512 97344f99e8ce9b2bcee53da565994f579ee610e4db3c07178d34c9be97d272e82e64a4d42b9d387561ca6dfe0c312021fcc57a41f0494c24352de816fd2ec563

C:\Windows\system\epUmBpD.exe

MD5 0e0e05507b167f8a3cc77e1c24fc42fe
SHA1 cd7d10eea3b1eb4be8f81e08a081dd12ac3daacc
SHA256 b2a49d4724b83744343578a484599b3f12fa738d34395d8570ed9e1964b3ddeb
SHA512 4eaa752a777b7571085f3284e858c85ab03f5291b16ee6e4874974ab850db7a45216853e351d9da4388fb46c112c8613677e9153ddfe6f6dde04dc68fd98e49b

C:\Windows\system\USzQKkA.exe

MD5 602bb416c3361866866d825e3fba9d81
SHA1 750f17b56d22406b2f56f2b6d585e9f1518eb807
SHA256 28e5d79156211f1cb94b3f06dd72e1714787e063819c13abb14a54f065ad0e21
SHA512 678228bd3e465b4a489a779ba4279057c4fa8d5f6e391661caaad98a12acfc4a08aaae9524164ffc08ae5ffc230821a4524512473af16db58c8d1aaebd3a538b

C:\Windows\system\GWSphBV.exe

MD5 8e8802c00997229379d606946edc60e2
SHA1 54bd84f222f7431b668534af20ebeb5f65304704
SHA256 6a3a3bf47fe9baa2cd05411e48d09e24f5fe3428a9ce8bee61fed764ee818246
SHA512 6cc64d3a763b7875ca1c7cc511dd58fed199deb51f9a3faab53ad331547eab0ea75586fe1bc29931e666851d4c1f50d188cf929647ed065dc1f74226583060c1

C:\Windows\system\Fidxoza.exe

MD5 12b73af519469725cc3b0f064a05eb5d
SHA1 2f48fe1ecbddac6d92354089d165aafc2398acf5
SHA256 fba738ddfb2e3b0bb46dea8bc4bd419ec072b685fbc1d01ccf32fb7a9a8e466b
SHA512 a25362b1df1a744d972db4500154e8ad0ad119f693b3d9af6fd26b9ef08437f8004171a5a9b65e2b0a5a34ff3a5d99c4bcc15e76e01c35a6d98a6a19048219bd

C:\Windows\system\GZihKWQ.exe

MD5 b934b2c1264182a18c00527146334ba0
SHA1 343c66bf5676a715af602bf8a7cbad5f387d17cd
SHA256 401bb18ed1d14326ed6e26ba23682ef74d2d9f0590dec5a81cb169f0e470d333
SHA512 a17ca9d9222d9294ea73b21dfacb00c3634ded056b639b913ad1fc5611d1dfb0002a2f2926704233fa5a22dfc21ed9e95b83ca6678834f8781833006df3bc58a

C:\Windows\system\ZywDJEc.exe

MD5 abb4026721bc00044a28843d1d139280
SHA1 9a35281aa9dd7cada5a1af71bb84b0565ffe1272
SHA256 afc86f98b1cce4ec835d37115e31f5602a1e96d9d552049b5d7ea65373e6d395
SHA512 e2e5361b13e314212e5be671a5d164a0807d45195b3801b5cb50aaf20dad306d0b43a48901565bab384b0c46894688bb5f5042d44fff036041a48575c54db230

C:\Windows\system\LFrcovt.exe

MD5 41edc9c2a7d57cc7849e6fbaf517b1b8
SHA1 644e428ffeb3fd9c11bb856f6de5f901a308dbfa
SHA256 2ef61ea5816ee03b58d8f3558b2ddb818f783948cdddf94f1c15db43710b9d8e
SHA512 350abd5b5026a938ecdefba8625382393ce585164ea3b9a2c3e2455d3933580741f04fdf948ff8392680c6b5fe9776030c57601e831af256c8ba237581310034

C:\Windows\system\gBGMflY.exe

MD5 261385f4a61377b0091a905a4de429f4
SHA1 b83614c58a176c42c640125d0b8e9d80628946e8
SHA256 89dc9cc5ea33d9094e67493d0272bbdd016838a3867c033f2bb9f202f390df7a
SHA512 31306d779c999150b385e1686b1d972f42b49a5567109a36e8c96c83f8aa483c99b519946db580dcecd731f76fa1346a620171b2bdeb8bac8c44d85142c0ff70

C:\Windows\system\mevljXk.exe

MD5 0ba9583b7fc4623aa27070d739484722
SHA1 29b6377dd0ee9e20fe60386ec014cda49667ff8d
SHA256 982b6069b8a92c545247c2502502b5d9107f31a8c01005ee14716d574774315a
SHA512 799e19d4b286f2ea8fc7ee7b855278a8197c7fc8f7cd734ab78712b450763faf13a84b5e0ba75943818e184723ef69de0964873457388ea86445019ef16a910d

C:\Windows\system\BuvNwsq.exe

MD5 67750794214af21d86c11c32e2052ccf
SHA1 9e52f5aedd408d757a2c2610ef839f5d18b48abf
SHA256 1e96b557c4234ced4d294d2019b446957b014fb05d56326752dbad21c9ef5ccf
SHA512 e57e416191589d9b1549b7711ff4874c8bf2fc4615d671c81ae30e077604d1764e23aa1136ea60768a9ae2eb672694ed740ddc752b699a0c8ef6ffab3db4912a

C:\Windows\system\gLrUhwO.exe

MD5 2a7930195bc39e654536a63ad2d356f3
SHA1 002faf17352f1ffca2ec45c476a5a36ceb9e74a3
SHA256 3eb83aad071bd5fc4e6e36577521ada8a972c3ad18bcdc295662fb87b25b5e5c
SHA512 04bc8f1cbc8a4e9d12f6f44cb21986a91bbd2c90083283421040601755ba8ea8bd7a45bcc999d632bcc593e2689dab28b7a2858585dd34ebb27f2ba0cb97af84

C:\Windows\system\OZCMhGB.exe

MD5 9d2692302bba3c53c22b25eae67d724b
SHA1 9a17d2ad86eb78864b5f3442b89826b99831bc06
SHA256 e6edbb36561e1dacfb2458873465c8fdac4e6142ff07979a249211826102706a
SHA512 50beb7dce50a773cf2d4729314df58fc549970f1ea97ea6311bfafd8694816530335363efcd9f78ce0300adf2cb51364bb6468a074868ef6c93c753da5273105

C:\Windows\system\ZqmWrwB.exe

MD5 d4f4c6e75a8946f192b19c301f0b6683
SHA1 8af896854d737b1e3a9739ecdd0a581828e5e236
SHA256 8538c5d5d7e81ec5ae837b1f2afd6f5180db0142a2114f5f4756ed5f496631aa
SHA512 608ad8029665a08ab393d75f52dc5dfab6b22e41e4098f4ac5795aeba61079529514f4b5e70394596c2f7394046e588df8349c8137ca39c84ca4f2eaf718f2c9

C:\Windows\system\CpYrhTK.exe

MD5 f5208c0280c6b122b24c7968fe9cdc9c
SHA1 390a1aa8e4b93f6d81e81c7e94e7b89c3084625a
SHA256 0efd60778ecc45b7bb3dfdb239935f983feefb9b24229edf78463044a27d3d81
SHA512 7cec71da3138cd225984421a83908b55656ec705ed95cea82487391b02c4d9e55cc2c8e67b510b903e0f459266c6fdf19ae3e8f6f1ed610f59fac83be7ba769f

C:\Windows\system\rRrAXco.exe

MD5 b9aa1d2c82cb8ef1bf2ac878bd5bc388
SHA1 31c2dc6ba9fdb199ea49b9fa1301df3fc0312e33
SHA256 42bf5d8d382bd2c48413c18e1ac507cfd8f955b861bfe86c9eefd1ec93543bfc
SHA512 1c0240768d10ab6523637ee7183a8e393631ff9b7f73102bef7efa06871edc504464eb7fc654f27920f9aefe81c0cd3260e4aa16e753735f73081fd068bc93ec

C:\Windows\system\UbFfbdV.exe

MD5 4ee7e2baadff97b43acaa66e9fceb0dc
SHA1 b59c8b52bc1a3a1c16f34d08d2c3c88d580d8f52
SHA256 bb13d9e19347606e2c9370a6944221ed507495f1eda837c166bad24a04eaa229
SHA512 ac611be298d25e0b116d9756c810ac9668720e44113dcf145273f1e9517f94e0e70f85178e4776fe9595663304a75b64b8db1de456ba382671c440a7a833e46a

C:\Windows\system\yRauzkN.exe

MD5 9b75460a5b304ecad3dc4f429a10b23a
SHA1 e7af3a4d74e3686390201dbe1518167f578602e8
SHA256 63ea270717518a78761f4edf59922cbd60b7462922d49f9ae59f6d2c346078e7
SHA512 3c1627c539e7e732ecb5ea6db546f3fb1ac74a319e986786e1edc2503dedbdaddad78b290483c5d32cf2715d50d3a9786bc91cb5fba3e46531fff599c856fdeb

C:\Windows\system\uFHkzFj.exe

MD5 ea38c1445823deb646908c26cd4f74b3
SHA1 5dc9a33df4ce9acc6f486f5d048e7561d857450e
SHA256 d868474f0b0d576128226642ff7758635302ea94f30d235b7801d243d16a21e4
SHA512 e345b3d52df3453275a766a56da2498cf3ff423dfe39d81062f771367bb8f814076825f0120ff2ca22b25a5e984ba990b77557e770e8831a6285fc32589b17af

C:\Windows\system\gwWnDnC.exe

MD5 5fe381152f1740147cec78cbaaafc5c8
SHA1 ada4df8775e25305e4bc58fe9cb736ccf074932f
SHA256 83b7fc5f89e4cf721bcf59389395e78d791ff85ab9d5ce88c4b3cd29619d3a4a
SHA512 a53d9a24f164e57725aad973e031ff62c2942e83e411c08c1d53b75da89e069cc9e50249d0261302b6915cadea52bdffdf0ed3adaadd1160be88fd146c72e1b7

C:\Windows\system\rsRlKcK.exe

MD5 3663eae031146efb3ff8fc05ea70758c
SHA1 a5fca2ffa7bd40439edd221341a67e1fbb777a9a
SHA256 a6b512142667240d23c12686878b322cf1c4a6bef3f41a6293bfd3a5bb3e7843
SHA512 0a75921a38199c92267a9b90b6f9b8343b0fdd221f846026c7aea381c87d9898eb676efcf01454de99de38a9b104b928be7d03b2dda98ed104feca88f2ff1956

C:\Windows\system\QzajDKz.exe

MD5 ee0c11d1be1089bbc37f4dbe3747432f
SHA1 f47cda54424a5cbb8ca0ffc46b8e999112cc7eb4
SHA256 496970e8d54586693b5a923c8a4c35002c84da7687d103270fa00a9e591e7922
SHA512 fd7589cf39abf56b6cd9cf15870930e5f1084234535874a77f80131cb111449c7a61919a82fb02b6c84a483de1a932fe414ae0677584e144fb0612a3550c4343

C:\Windows\system\DykGJYd.exe

MD5 5bd40e194d5ff0b1127881c2b06f4a49
SHA1 87d76498685d4f4f2a063b5c52157f314e8e2f4d
SHA256 71dcc072f71a6d9ec38fbe92ef1b1ab54364d435663a13f4b89b7386026af584
SHA512 c299c089794fd0316c912ab7ea1c3179a75d3bf8660ac82960334a9a8cdddf4253a8fcc102210c10907e73b009ca88db16fe203c69c48cddabdba2c1707901bb

C:\Windows\system\oXxfkDI.exe

MD5 0768ffb0e1c7202430e1778e65aff598
SHA1 dffbb02451db0986b621d7f92c79efc19d8c33aa
SHA256 2c1bb738c134dc4b2c234da5377adc58caec8ca05b9e125e3b30dd5e78ae64a4
SHA512 a93466b345650832a6cd4767fddfaa38da67306b21dd95bcd104c5af6c5b1c5776e2681f490f00f34130af45900e679f54bf9d6403f4735f40851cc656f834c8

C:\Windows\system\yFnxcSM.exe

MD5 2e415ceed7ab484bdb160a25dc3476ec
SHA1 8efa11804e27a779649b03bc2780d4c0e296af6f
SHA256 d131f749bc4b1bf0d1a49edfe142766eae444ce83fe022f5566d1cedc6ea564d
SHA512 29f742dc7caa03128640bf7bfb64ce0d79933f50c703eac146d1bb7dfa4f3dfb33f8af9bd20e73a823be4a346710f000dcdaad8deb461b5fb34a652605a5e8b2

C:\Windows\system\kLRfqwu.exe

MD5 d1dd98b277c966c374425fd99b942ca9
SHA1 9ae0defbe364b435155d8726cfe2c1001a4fd24d
SHA256 abec622ece634fa68f5526d42a9e1ef9911d99a3a2b59bae79e8ffa42e543c7a
SHA512 3d4533ae637156561e7bd7d7783011bd830d7026d03413013f1c12ab3a7249505dc52125047bbdfc53b3f9d50bd94731a5e2812b08cade9100aba9b5d410c7d4

C:\Windows\system\pptBMgR.exe

MD5 1e41a9a0aed4d56a655b8ce41dcfa288
SHA1 8057e4224dce760e95ec8edfe8ffcd87cf0d606d
SHA256 d17c8096441078c78d82c2884410dc85f8bf745cc2c33bd60725d3347e9cbf6d
SHA512 b4b1b55da0d9f97f36af5c3d81b456243a6ffd26e21287cc78de6cf29c1ad4f05dfe62b69b36f354bbe3271939d1e176e7893b01d16a3abae95518518cd2d45f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:30

Reported

2024-06-13 08:32

Platform

win10v2004-20240611-en

Max time kernel

135s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\KDIvGdi.exe N/A
N/A N/A C:\Windows\System\FzmUrcG.exe N/A
N/A N/A C:\Windows\System\eQaZkxW.exe N/A
N/A N/A C:\Windows\System\RNLFmYh.exe N/A
N/A N/A C:\Windows\System\znADdmx.exe N/A
N/A N/A C:\Windows\System\CkfzVtC.exe N/A
N/A N/A C:\Windows\System\Tglyotl.exe N/A
N/A N/A C:\Windows\System\iTciALX.exe N/A
N/A N/A C:\Windows\System\iIsZiGs.exe N/A
N/A N/A C:\Windows\System\ypfXvfu.exe N/A
N/A N/A C:\Windows\System\LPxuxgt.exe N/A
N/A N/A C:\Windows\System\vQPVJOk.exe N/A
N/A N/A C:\Windows\System\nrvAaBa.exe N/A
N/A N/A C:\Windows\System\xXrXVrG.exe N/A
N/A N/A C:\Windows\System\oUPVMMG.exe N/A
N/A N/A C:\Windows\System\ixcJLDV.exe N/A
N/A N/A C:\Windows\System\WGvxZHA.exe N/A
N/A N/A C:\Windows\System\munsgUI.exe N/A
N/A N/A C:\Windows\System\GyagfoU.exe N/A
N/A N/A C:\Windows\System\GoDQJSc.exe N/A
N/A N/A C:\Windows\System\oPsGDYh.exe N/A
N/A N/A C:\Windows\System\NisRJWJ.exe N/A
N/A N/A C:\Windows\System\IwGWvFS.exe N/A
N/A N/A C:\Windows\System\bNDHYvQ.exe N/A
N/A N/A C:\Windows\System\BWLwoJL.exe N/A
N/A N/A C:\Windows\System\fNhnOOM.exe N/A
N/A N/A C:\Windows\System\hUCsPPJ.exe N/A
N/A N/A C:\Windows\System\zopHHhs.exe N/A
N/A N/A C:\Windows\System\xMDkpzO.exe N/A
N/A N/A C:\Windows\System\BTsagjW.exe N/A
N/A N/A C:\Windows\System\fKGCGpN.exe N/A
N/A N/A C:\Windows\System\yjsyGeo.exe N/A
N/A N/A C:\Windows\System\KstmyBJ.exe N/A
N/A N/A C:\Windows\System\CxXHBcQ.exe N/A
N/A N/A C:\Windows\System\XVwViPb.exe N/A
N/A N/A C:\Windows\System\wVollzA.exe N/A
N/A N/A C:\Windows\System\nHtHVIE.exe N/A
N/A N/A C:\Windows\System\ejvGUaG.exe N/A
N/A N/A C:\Windows\System\agSrwMO.exe N/A
N/A N/A C:\Windows\System\ysUkdxi.exe N/A
N/A N/A C:\Windows\System\rICQOfz.exe N/A
N/A N/A C:\Windows\System\bMooZcy.exe N/A
N/A N/A C:\Windows\System\kKZCqXR.exe N/A
N/A N/A C:\Windows\System\nwvkgcS.exe N/A
N/A N/A C:\Windows\System\ztfUjwZ.exe N/A
N/A N/A C:\Windows\System\JCGeZVQ.exe N/A
N/A N/A C:\Windows\System\LWXVBiZ.exe N/A
N/A N/A C:\Windows\System\fZTyYIo.exe N/A
N/A N/A C:\Windows\System\KWCidWj.exe N/A
N/A N/A C:\Windows\System\wjQiKaA.exe N/A
N/A N/A C:\Windows\System\xjBwWFo.exe N/A
N/A N/A C:\Windows\System\VgekFpw.exe N/A
N/A N/A C:\Windows\System\pezNZsQ.exe N/A
N/A N/A C:\Windows\System\WdWfQCt.exe N/A
N/A N/A C:\Windows\System\OoLGGPJ.exe N/A
N/A N/A C:\Windows\System\ItvRFHx.exe N/A
N/A N/A C:\Windows\System\btfRxQj.exe N/A
N/A N/A C:\Windows\System\gGWeMfT.exe N/A
N/A N/A C:\Windows\System\DsHrter.exe N/A
N/A N/A C:\Windows\System\gWHjmzi.exe N/A
N/A N/A C:\Windows\System\xkfoPQY.exe N/A
N/A N/A C:\Windows\System\MKsUTrP.exe N/A
N/A N/A C:\Windows\System\SHQckCJ.exe N/A
N/A N/A C:\Windows\System\pKsmxAK.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LZbNEMm.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMyZTYi.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZjWNJqq.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAcXTTt.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\munsgUI.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qITFYjR.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJAAdRF.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fNhnOOM.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMDkpzO.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bziXGEG.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkRFqDd.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThnvIfx.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kRfxLWw.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixcJLDV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyrBeaI.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqqVtCj.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UlOanlQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKjiLxl.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZdoCdyk.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzmUrcG.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHtHVIE.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\agSrwMO.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gQsFyQT.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKsmxAK.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjFxEQV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztfUjwZ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtVLOUJ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dTsfcdf.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVGXVuH.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKHWOMa.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBwfiqW.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjQhsiV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PatgJSY.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMgodtd.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSAaXsP.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtCWAMG.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnnChAk.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RigQTkm.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyagfoU.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pBJaAYi.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wVollzA.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YXCyUbE.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TheiYcc.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pAUJSAy.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEoetDI.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IHIPsNY.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKZCqXR.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCGeZVQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\trvFkgV.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZHjqVG.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQPVJOk.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhmlHAf.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzvRRKQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQRQfiO.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErAqtYe.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spBRXSN.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CoPGBLl.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbNyrCY.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNDHYvQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXwdlQe.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtfOPxm.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrvAaBa.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxXHBcQ.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwGWvFS.exe C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4920 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\KDIvGdi.exe
PID 4920 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\KDIvGdi.exe
PID 4920 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\FzmUrcG.exe
PID 4920 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\FzmUrcG.exe
PID 4920 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\eQaZkxW.exe
PID 4920 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\eQaZkxW.exe
PID 4920 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\RNLFmYh.exe
PID 4920 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\RNLFmYh.exe
PID 4920 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\znADdmx.exe
PID 4920 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\znADdmx.exe
PID 4920 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\CkfzVtC.exe
PID 4920 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\CkfzVtC.exe
PID 4920 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\Tglyotl.exe
PID 4920 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\Tglyotl.exe
PID 4920 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\iTciALX.exe
PID 4920 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\iTciALX.exe
PID 4920 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\iIsZiGs.exe
PID 4920 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\iIsZiGs.exe
PID 4920 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\ypfXvfu.exe
PID 4920 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\ypfXvfu.exe
PID 4920 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\LPxuxgt.exe
PID 4920 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\LPxuxgt.exe
PID 4920 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\vQPVJOk.exe
PID 4920 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\vQPVJOk.exe
PID 4920 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\nrvAaBa.exe
PID 4920 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\nrvAaBa.exe
PID 4920 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\xXrXVrG.exe
PID 4920 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\xXrXVrG.exe
PID 4920 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oUPVMMG.exe
PID 4920 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oUPVMMG.exe
PID 4920 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\ixcJLDV.exe
PID 4920 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\ixcJLDV.exe
PID 4920 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\WGvxZHA.exe
PID 4920 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\WGvxZHA.exe
PID 4920 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\munsgUI.exe
PID 4920 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\munsgUI.exe
PID 4920 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GyagfoU.exe
PID 4920 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GyagfoU.exe
PID 4920 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GoDQJSc.exe
PID 4920 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\GoDQJSc.exe
PID 4920 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oPsGDYh.exe
PID 4920 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\oPsGDYh.exe
PID 4920 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\NisRJWJ.exe
PID 4920 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\NisRJWJ.exe
PID 4920 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\IwGWvFS.exe
PID 4920 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\IwGWvFS.exe
PID 4920 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\bNDHYvQ.exe
PID 4920 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\bNDHYvQ.exe
PID 4920 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\BWLwoJL.exe
PID 4920 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\BWLwoJL.exe
PID 4920 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\fNhnOOM.exe
PID 4920 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\fNhnOOM.exe
PID 4920 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\hUCsPPJ.exe
PID 4920 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\hUCsPPJ.exe
PID 4920 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\zopHHhs.exe
PID 4920 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\zopHHhs.exe
PID 4920 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\xMDkpzO.exe
PID 4920 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\xMDkpzO.exe
PID 4920 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\BTsagjW.exe
PID 4920 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\BTsagjW.exe
PID 4920 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\fKGCGpN.exe
PID 4920 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\fKGCGpN.exe
PID 4920 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yjsyGeo.exe
PID 4920 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe C:\Windows\System\yjsyGeo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"

C:\Windows\System\KDIvGdi.exe

C:\Windows\System\KDIvGdi.exe

C:\Windows\System\FzmUrcG.exe

C:\Windows\System\FzmUrcG.exe

C:\Windows\System\eQaZkxW.exe

C:\Windows\System\eQaZkxW.exe

C:\Windows\System\RNLFmYh.exe

C:\Windows\System\RNLFmYh.exe

C:\Windows\System\znADdmx.exe

C:\Windows\System\znADdmx.exe

C:\Windows\System\CkfzVtC.exe

C:\Windows\System\CkfzVtC.exe

C:\Windows\System\Tglyotl.exe

C:\Windows\System\Tglyotl.exe

C:\Windows\System\iTciALX.exe

C:\Windows\System\iTciALX.exe

C:\Windows\System\iIsZiGs.exe

C:\Windows\System\iIsZiGs.exe

C:\Windows\System\ypfXvfu.exe

C:\Windows\System\ypfXvfu.exe

C:\Windows\System\LPxuxgt.exe

C:\Windows\System\LPxuxgt.exe

C:\Windows\System\vQPVJOk.exe

C:\Windows\System\vQPVJOk.exe

C:\Windows\System\nrvAaBa.exe

C:\Windows\System\nrvAaBa.exe

C:\Windows\System\xXrXVrG.exe

C:\Windows\System\xXrXVrG.exe

C:\Windows\System\oUPVMMG.exe

C:\Windows\System\oUPVMMG.exe

C:\Windows\System\ixcJLDV.exe

C:\Windows\System\ixcJLDV.exe

C:\Windows\System\WGvxZHA.exe

C:\Windows\System\WGvxZHA.exe

C:\Windows\System\munsgUI.exe

C:\Windows\System\munsgUI.exe

C:\Windows\System\GyagfoU.exe

C:\Windows\System\GyagfoU.exe

C:\Windows\System\GoDQJSc.exe

C:\Windows\System\GoDQJSc.exe

C:\Windows\System\oPsGDYh.exe

C:\Windows\System\oPsGDYh.exe

C:\Windows\System\NisRJWJ.exe

C:\Windows\System\NisRJWJ.exe

C:\Windows\System\IwGWvFS.exe

C:\Windows\System\IwGWvFS.exe

C:\Windows\System\bNDHYvQ.exe

C:\Windows\System\bNDHYvQ.exe

C:\Windows\System\BWLwoJL.exe

C:\Windows\System\BWLwoJL.exe

C:\Windows\System\fNhnOOM.exe

C:\Windows\System\fNhnOOM.exe

C:\Windows\System\hUCsPPJ.exe

C:\Windows\System\hUCsPPJ.exe

C:\Windows\System\zopHHhs.exe

C:\Windows\System\zopHHhs.exe

C:\Windows\System\xMDkpzO.exe

C:\Windows\System\xMDkpzO.exe

C:\Windows\System\BTsagjW.exe

C:\Windows\System\BTsagjW.exe

C:\Windows\System\fKGCGpN.exe

C:\Windows\System\fKGCGpN.exe

C:\Windows\System\yjsyGeo.exe

C:\Windows\System\yjsyGeo.exe

C:\Windows\System\KstmyBJ.exe

C:\Windows\System\KstmyBJ.exe

C:\Windows\System\CxXHBcQ.exe

C:\Windows\System\CxXHBcQ.exe

C:\Windows\System\XVwViPb.exe

C:\Windows\System\XVwViPb.exe

C:\Windows\System\wVollzA.exe

C:\Windows\System\wVollzA.exe

C:\Windows\System\nHtHVIE.exe

C:\Windows\System\nHtHVIE.exe

C:\Windows\System\ejvGUaG.exe

C:\Windows\System\ejvGUaG.exe

C:\Windows\System\agSrwMO.exe

C:\Windows\System\agSrwMO.exe

C:\Windows\System\ysUkdxi.exe

C:\Windows\System\ysUkdxi.exe

C:\Windows\System\rICQOfz.exe

C:\Windows\System\rICQOfz.exe

C:\Windows\System\bMooZcy.exe

C:\Windows\System\bMooZcy.exe

C:\Windows\System\kKZCqXR.exe

C:\Windows\System\kKZCqXR.exe

C:\Windows\System\nwvkgcS.exe

C:\Windows\System\nwvkgcS.exe

C:\Windows\System\ztfUjwZ.exe

C:\Windows\System\ztfUjwZ.exe

C:\Windows\System\JCGeZVQ.exe

C:\Windows\System\JCGeZVQ.exe

C:\Windows\System\LWXVBiZ.exe

C:\Windows\System\LWXVBiZ.exe

C:\Windows\System\fZTyYIo.exe

C:\Windows\System\fZTyYIo.exe

C:\Windows\System\KWCidWj.exe

C:\Windows\System\KWCidWj.exe

C:\Windows\System\wjQiKaA.exe

C:\Windows\System\wjQiKaA.exe

C:\Windows\System\xjBwWFo.exe

C:\Windows\System\xjBwWFo.exe

C:\Windows\System\VgekFpw.exe

C:\Windows\System\VgekFpw.exe

C:\Windows\System\pezNZsQ.exe

C:\Windows\System\pezNZsQ.exe

C:\Windows\System\WdWfQCt.exe

C:\Windows\System\WdWfQCt.exe

C:\Windows\System\OoLGGPJ.exe

C:\Windows\System\OoLGGPJ.exe

C:\Windows\System\ItvRFHx.exe

C:\Windows\System\ItvRFHx.exe

C:\Windows\System\btfRxQj.exe

C:\Windows\System\btfRxQj.exe

C:\Windows\System\gGWeMfT.exe

C:\Windows\System\gGWeMfT.exe

C:\Windows\System\DsHrter.exe

C:\Windows\System\DsHrter.exe

C:\Windows\System\gWHjmzi.exe

C:\Windows\System\gWHjmzi.exe

C:\Windows\System\xkfoPQY.exe

C:\Windows\System\xkfoPQY.exe

C:\Windows\System\MKsUTrP.exe

C:\Windows\System\MKsUTrP.exe

C:\Windows\System\SHQckCJ.exe

C:\Windows\System\SHQckCJ.exe

C:\Windows\System\pKsmxAK.exe

C:\Windows\System\pKsmxAK.exe

C:\Windows\System\ThnvIfx.exe

C:\Windows\System\ThnvIfx.exe

C:\Windows\System\JdlCtZU.exe

C:\Windows\System\JdlCtZU.exe

C:\Windows\System\bRnsCxZ.exe

C:\Windows\System\bRnsCxZ.exe

C:\Windows\System\QtVLOUJ.exe

C:\Windows\System\QtVLOUJ.exe

C:\Windows\System\EWCTXDR.exe

C:\Windows\System\EWCTXDR.exe

C:\Windows\System\dTsfcdf.exe

C:\Windows\System\dTsfcdf.exe

C:\Windows\System\mnuVEQH.exe

C:\Windows\System\mnuVEQH.exe

C:\Windows\System\fyrBeaI.exe

C:\Windows\System\fyrBeaI.exe

C:\Windows\System\TheiYcc.exe

C:\Windows\System\TheiYcc.exe

C:\Windows\System\WPDHqLQ.exe

C:\Windows\System\WPDHqLQ.exe

C:\Windows\System\aGZHBuV.exe

C:\Windows\System\aGZHBuV.exe

C:\Windows\System\fjKQLer.exe

C:\Windows\System\fjKQLer.exe

C:\Windows\System\ZgXZSnz.exe

C:\Windows\System\ZgXZSnz.exe

C:\Windows\System\XVOEEds.exe

C:\Windows\System\XVOEEds.exe

C:\Windows\System\VNuYDkD.exe

C:\Windows\System\VNuYDkD.exe

C:\Windows\System\XdoYNyq.exe

C:\Windows\System\XdoYNyq.exe

C:\Windows\System\mMgodtd.exe

C:\Windows\System\mMgodtd.exe

C:\Windows\System\hEoetDI.exe

C:\Windows\System\hEoetDI.exe

C:\Windows\System\YQnuCEL.exe

C:\Windows\System\YQnuCEL.exe

C:\Windows\System\gykTZcn.exe

C:\Windows\System\gykTZcn.exe

C:\Windows\System\akXysGW.exe

C:\Windows\System\akXysGW.exe

C:\Windows\System\iqrpMpV.exe

C:\Windows\System\iqrpMpV.exe

C:\Windows\System\fhmlHAf.exe

C:\Windows\System\fhmlHAf.exe

C:\Windows\System\XEsPNED.exe

C:\Windows\System\XEsPNED.exe

C:\Windows\System\eSAaXsP.exe

C:\Windows\System\eSAaXsP.exe

C:\Windows\System\vXwdlQe.exe

C:\Windows\System\vXwdlQe.exe

C:\Windows\System\sQxAXAE.exe

C:\Windows\System\sQxAXAE.exe

C:\Windows\System\vtCWAMG.exe

C:\Windows\System\vtCWAMG.exe

C:\Windows\System\VwxuAzN.exe

C:\Windows\System\VwxuAzN.exe

C:\Windows\System\KTnXHhg.exe

C:\Windows\System\KTnXHhg.exe

C:\Windows\System\fArzwNZ.exe

C:\Windows\System\fArzwNZ.exe

C:\Windows\System\MqNFCqa.exe

C:\Windows\System\MqNFCqa.exe

C:\Windows\System\pBJaAYi.exe

C:\Windows\System\pBJaAYi.exe

C:\Windows\System\qITFYjR.exe

C:\Windows\System\qITFYjR.exe

C:\Windows\System\trvFkgV.exe

C:\Windows\System\trvFkgV.exe

C:\Windows\System\FUTrpUW.exe

C:\Windows\System\FUTrpUW.exe

C:\Windows\System\ZtfOPxm.exe

C:\Windows\System\ZtfOPxm.exe

C:\Windows\System\oeByfWG.exe

C:\Windows\System\oeByfWG.exe

C:\Windows\System\Scbgixo.exe

C:\Windows\System\Scbgixo.exe

C:\Windows\System\wQRQfiO.exe

C:\Windows\System\wQRQfiO.exe

C:\Windows\System\dnAMyQU.exe

C:\Windows\System\dnAMyQU.exe

C:\Windows\System\RpQLmbV.exe

C:\Windows\System\RpQLmbV.exe

C:\Windows\System\tslSFFq.exe

C:\Windows\System\tslSFFq.exe

C:\Windows\System\spBRXSN.exe

C:\Windows\System\spBRXSN.exe

C:\Windows\System\YGZmrPd.exe

C:\Windows\System\YGZmrPd.exe

C:\Windows\System\fSxpmCS.exe

C:\Windows\System\fSxpmCS.exe

C:\Windows\System\DzsbMvN.exe

C:\Windows\System\DzsbMvN.exe

C:\Windows\System\uMXjoaG.exe

C:\Windows\System\uMXjoaG.exe

C:\Windows\System\pAUJSAy.exe

C:\Windows\System\pAUJSAy.exe

C:\Windows\System\jFmSFqA.exe

C:\Windows\System\jFmSFqA.exe

C:\Windows\System\TBwfiqW.exe

C:\Windows\System\TBwfiqW.exe

C:\Windows\System\PKVHJvS.exe

C:\Windows\System\PKVHJvS.exe

C:\Windows\System\yqqVtCj.exe

C:\Windows\System\yqqVtCj.exe

C:\Windows\System\CUSrTqv.exe

C:\Windows\System\CUSrTqv.exe

C:\Windows\System\pyvoMAv.exe

C:\Windows\System\pyvoMAv.exe

C:\Windows\System\UlOanlQ.exe

C:\Windows\System\UlOanlQ.exe

C:\Windows\System\cBoQRVP.exe

C:\Windows\System\cBoQRVP.exe

C:\Windows\System\zySAOlm.exe

C:\Windows\System\zySAOlm.exe

C:\Windows\System\YXCyUbE.exe

C:\Windows\System\YXCyUbE.exe

C:\Windows\System\EJAAdRF.exe

C:\Windows\System\EJAAdRF.exe

C:\Windows\System\ZZHjqVG.exe

C:\Windows\System\ZZHjqVG.exe

C:\Windows\System\CTlTrxg.exe

C:\Windows\System\CTlTrxg.exe

C:\Windows\System\kMOVKWf.exe

C:\Windows\System\kMOVKWf.exe

C:\Windows\System\tLGEIcq.exe

C:\Windows\System\tLGEIcq.exe

C:\Windows\System\OpkTKrJ.exe

C:\Windows\System\OpkTKrJ.exe

C:\Windows\System\xtPxdRM.exe

C:\Windows\System\xtPxdRM.exe

C:\Windows\System\ErAqtYe.exe

C:\Windows\System\ErAqtYe.exe

C:\Windows\System\EAFNBep.exe

C:\Windows\System\EAFNBep.exe

C:\Windows\System\IiQRsjH.exe

C:\Windows\System\IiQRsjH.exe

C:\Windows\System\JIDcsiB.exe

C:\Windows\System\JIDcsiB.exe

C:\Windows\System\LZbNEMm.exe

C:\Windows\System\LZbNEMm.exe

C:\Windows\System\UnnChAk.exe

C:\Windows\System\UnnChAk.exe

C:\Windows\System\OmXUKnS.exe

C:\Windows\System\OmXUKnS.exe

C:\Windows\System\OSPAeqx.exe

C:\Windows\System\OSPAeqx.exe

C:\Windows\System\IjqCKEI.exe

C:\Windows\System\IjqCKEI.exe

C:\Windows\System\dmkjsnP.exe

C:\Windows\System\dmkjsnP.exe

C:\Windows\System\RigQTkm.exe

C:\Windows\System\RigQTkm.exe

C:\Windows\System\WnVpPha.exe

C:\Windows\System\WnVpPha.exe

C:\Windows\System\YyAbVVm.exe

C:\Windows\System\YyAbVVm.exe

C:\Windows\System\LjFxEQV.exe

C:\Windows\System\LjFxEQV.exe

C:\Windows\System\fhPnGwf.exe

C:\Windows\System\fhPnGwf.exe

C:\Windows\System\IHIPsNY.exe

C:\Windows\System\IHIPsNY.exe

C:\Windows\System\iDkXeLB.exe

C:\Windows\System\iDkXeLB.exe

C:\Windows\System\VghulLQ.exe

C:\Windows\System\VghulLQ.exe

C:\Windows\System\UjyNiHy.exe

C:\Windows\System\UjyNiHy.exe

C:\Windows\System\dBMNySQ.exe

C:\Windows\System\dBMNySQ.exe

C:\Windows\System\PxxxfEV.exe

C:\Windows\System\PxxxfEV.exe

C:\Windows\System\nMyZTYi.exe

C:\Windows\System\nMyZTYi.exe

C:\Windows\System\MQfDYXb.exe

C:\Windows\System\MQfDYXb.exe

C:\Windows\System\jboOZuK.exe

C:\Windows\System\jboOZuK.exe

C:\Windows\System\rFpSUsD.exe

C:\Windows\System\rFpSUsD.exe

C:\Windows\System\sVjZRRJ.exe

C:\Windows\System\sVjZRRJ.exe

C:\Windows\System\hmgbtCH.exe

C:\Windows\System\hmgbtCH.exe

C:\Windows\System\xKHclZh.exe

C:\Windows\System\xKHclZh.exe

C:\Windows\System\QtyFdGi.exe

C:\Windows\System\QtyFdGi.exe

C:\Windows\System\vlzeTNz.exe

C:\Windows\System\vlzeTNz.exe

C:\Windows\System\zRwCBoU.exe

C:\Windows\System\zRwCBoU.exe

C:\Windows\System\yoQdVFl.exe

C:\Windows\System\yoQdVFl.exe

C:\Windows\System\VpSXAVx.exe

C:\Windows\System\VpSXAVx.exe

C:\Windows\System\gjQhsiV.exe

C:\Windows\System\gjQhsiV.exe

C:\Windows\System\TgZrCUt.exe

C:\Windows\System\TgZrCUt.exe

C:\Windows\System\bziXGEG.exe

C:\Windows\System\bziXGEG.exe

C:\Windows\System\YEeakkb.exe

C:\Windows\System\YEeakkb.exe

C:\Windows\System\kKjiLxl.exe

C:\Windows\System\kKjiLxl.exe

C:\Windows\System\RZEnGxC.exe

C:\Windows\System\RZEnGxC.exe

C:\Windows\System\PatgJSY.exe

C:\Windows\System\PatgJSY.exe

C:\Windows\System\ZjWNJqq.exe

C:\Windows\System\ZjWNJqq.exe

C:\Windows\System\CCaCFxR.exe

C:\Windows\System\CCaCFxR.exe

C:\Windows\System\ZdoCdyk.exe

C:\Windows\System\ZdoCdyk.exe

C:\Windows\System\XgaofQN.exe

C:\Windows\System\XgaofQN.exe

C:\Windows\System\sKHWOMa.exe

C:\Windows\System\sKHWOMa.exe

C:\Windows\System\IktbCEW.exe

C:\Windows\System\IktbCEW.exe

C:\Windows\System\gQsFyQT.exe

C:\Windows\System\gQsFyQT.exe

C:\Windows\System\WVGXVuH.exe

C:\Windows\System\WVGXVuH.exe

C:\Windows\System\kRfxLWw.exe

C:\Windows\System\kRfxLWw.exe

C:\Windows\System\CoPGBLl.exe

C:\Windows\System\CoPGBLl.exe

C:\Windows\System\lbNyrCY.exe

C:\Windows\System\lbNyrCY.exe

C:\Windows\System\IDhSVPx.exe

C:\Windows\System\IDhSVPx.exe

C:\Windows\System\PkRFqDd.exe

C:\Windows\System\PkRFqDd.exe

C:\Windows\System\AZSFODh.exe

C:\Windows\System\AZSFODh.exe

C:\Windows\System\DpbwtSc.exe

C:\Windows\System\DpbwtSc.exe

C:\Windows\System\EUKbeGs.exe

C:\Windows\System\EUKbeGs.exe

C:\Windows\System\EOKzkyE.exe

C:\Windows\System\EOKzkyE.exe

C:\Windows\System\iXnNftY.exe

C:\Windows\System\iXnNftY.exe

C:\Windows\System\RLshkCn.exe

C:\Windows\System\RLshkCn.exe

C:\Windows\System\tYJygjS.exe

C:\Windows\System\tYJygjS.exe

C:\Windows\System\ApXLzXS.exe

C:\Windows\System\ApXLzXS.exe

C:\Windows\System\qlJwwGc.exe

C:\Windows\System\qlJwwGc.exe

C:\Windows\System\iAcXTTt.exe

C:\Windows\System\iAcXTTt.exe

C:\Windows\System\ttLSTlk.exe

C:\Windows\System\ttLSTlk.exe

C:\Windows\System\VyVBSuW.exe

C:\Windows\System\VyVBSuW.exe

C:\Windows\System\SuAjstS.exe

C:\Windows\System\SuAjstS.exe

C:\Windows\System\zzvRRKQ.exe

C:\Windows\System\zzvRRKQ.exe

C:\Windows\System\TGdlbAb.exe

C:\Windows\System\TGdlbAb.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4920-0-0x0000013B320C0000-0x0000013B320D0000-memory.dmp

C:\Windows\System\KDIvGdi.exe

MD5 4fa34aa3533ce8b768c8686bcb7c2cda
SHA1 7e6d2151e58b8ed6f4d2be65e37dc37f2bc851f7
SHA256 9f356df73f6e1631748eefccbcaa0f426fb98d04b2b0e48baca7ec69e561aa62
SHA512 4c603d6a4a44443b3ea7d0b8a1649caedd98ff34cb8593f80ddd32e310673de5af45af9cc1fd78fd01b8aadc2c2071bebd89fda453916fba91acf091948af957

C:\Windows\System\FzmUrcG.exe

MD5 0e74beb6dd2f83bea4d016e25823eef3
SHA1 e4527c9c1b2af0f9630346efb2a11a37b11d9c05
SHA256 9da7595cfb7d78ea5c81184e6bc46c2115723060c22294008dcc4033ba070c64
SHA512 c9bab88cb4b3b32186c0c4705c2170572a18935cae24bc710b9d8bb797c9f698900bef0fc39de2ff192c2075e8aa7b30ec7425d99c4103cd14c9536584fcb14b

C:\Windows\System\eQaZkxW.exe

MD5 00ddad9a5e0b2d7828618fabf94c2785
SHA1 6948ea6392f99ae05d5f415e1f948a1ab3428cfa
SHA256 278c95d0573328def5463dd9ea163a24916625d0336de19a7ef4e2bf007b197b
SHA512 42a1469146c868b8effafccdef287af8633286b8f732c70f0d04bf0636450ae0a8f4a5d7c9da2a4f76ae8bf036cfc7cb7b95400504bb029bc5440ad864fe0b8d

C:\Windows\System\RNLFmYh.exe

MD5 56c7cb6c6759f20aea98317c3dbb440a
SHA1 d9355003d0cef2f09b213856fc9b1d827d8b004f
SHA256 f49e48ab4c7311dcfd825e87421b5604cda261e1540c414ac2d30f45fdc9b020
SHA512 4a98f74d6e4ae27ae90db5910e3f096f3bfbfee035ca248af857de636fb3ce4f93d82fe73833bbbe473f5b6b01da554fc2531268b0c102d4bf4316463e674078

C:\Windows\System\CkfzVtC.exe

MD5 65d109b8fcd60f3bb2f0a83d17b6b02a
SHA1 8a7d0d87e5a11f6069cdc941f1be61ca723c89d3
SHA256 40a71a86d02ed99e5b6fcb3d79bb1f0b5a87e2f28ac6b7f982bc02ea5e8e3929
SHA512 18ce6c9be7ff090590153766173f84e8d49a4243ec0eaec392132af2e150b89a3d2f2b1b5848ac102f1d968c3036d180a423384f44cd69bd5021b5765f321c79

C:\Windows\System\Tglyotl.exe

MD5 aa1fd98498beea675cf008e76878f042
SHA1 54e4db08b1248fade658824d12e9f020b0973c5c
SHA256 2bf51b8563e7fd57245a1523c56f7df8871ead6a87a902cf82fcf858d110220e
SHA512 77be1084e6424d1f73c50cda03ac284bf2c7943da8f397c9a0100b1daa432d8069ff8b681d448cbdce8fc95b01cb9da0d9de5461cfb206374c2c58a0e703cd0a

C:\Windows\System\ypfXvfu.exe

MD5 2e3b5592302dc3fa2665c9f2e4bb3244
SHA1 56cb9b4d2f279fa49bdecb7ad87151572aae8814
SHA256 04b29a1e1b796f0b53a369f8005b7dee93524ff6285602d3d7f1f40329180c47
SHA512 4ab1886a175bdd74184f603f66309cf7eec0770257fb95c8ac71a3b3cea63eb6cd7cd4968bb509721249d01dedda723956110dc15957be05960abea3b8e9e8f6

C:\Windows\System\oUPVMMG.exe

MD5 7ededf97a129c612f85a95558a4ce480
SHA1 d79ad5892e59bb779ec4153a26bf40c36a869d54
SHA256 56063783e486167f5cd9b9d26b5da9035f31b5c61c520053805949d107a94eb8
SHA512 7dfb26402f9ffdfd8047e3f2b7c70f06de9b6fbe2b377fdc3af6ecceeff66e311a049a8b2fab6da21f48fc91e634791de9c4f0a018567562a57efd646ff19ce2

C:\Windows\System\WGvxZHA.exe

MD5 fe47260f7e48cbda7c06ff376dea8574
SHA1 b910742b2bb92d46261e828c8b68ead27e4d54f8
SHA256 63d51bb49edd2f3d68620573d522c2d07a9accafcee5defa075101e17b83a43e
SHA512 28a436c59d8cb6faea38907e1a683c0672a602b6b46c5cfc082e106206658ad06e35c1d905039e37a6bf5d4d8cabf72ce17156af254637753d1a9af26437e57a

C:\Windows\System\BWLwoJL.exe

MD5 decc1e5b3c628897541f4676331991a2
SHA1 e3e9a2e9fba82f03633a85a447a2937ce9947116
SHA256 cb573608ecfca7a5f5b552b6fe7d97dbd9f9e180f7156dca4dc0976499f73a0c
SHA512 1ae21f4906636812443aec45724db4a1e99c864f75dd4a287767705a2640834ebcb54d1379a7cf9fec8578b58b5720b5da8a65a2f93725e1e8e7b62c7dee5ed5

C:\Windows\System\zopHHhs.exe

MD5 a7ed996887c0fc0aea304f1e5d565584
SHA1 5430a7d6a335d3d967006fd37b8e22b1d4836f7b
SHA256 f74a25586b62627f2fd130014417629cdca9500d70956bfbd90b34012d5f0719
SHA512 ffc60f9374464535fca286facccfc51d874b084c6d7344a394f8b58ba91df57220eb56a64108940934d163c69e56ab7642b6f296dea7966a63c86f90de023d8d

C:\Windows\System\KstmyBJ.exe

MD5 6d71955f7ed41087d3e45f7650f4880f
SHA1 14aad72a682fcd19446accbe3a92997bc2a50c1f
SHA256 37c6d71d94e651dfe1870b51a8fb2ff40ed0b98225ce15e75f07de74fb0cd482
SHA512 dae4818ad3a6f739ff1e7336e17fecd49fdff7a0ef6d7b7a58fcf70c4ac85f9dcfe79c9d57f1c38a75e8009b21a6cc3a567f8448d57d63035d655017cf0f6e2c

C:\Windows\System\fKGCGpN.exe

MD5 1bf6faa6b1f0cc1b8416753978e09bc0
SHA1 9dfbe09a13c11c5023d30e04896567dd508456c1
SHA256 5692f32d7d08509dea4c4b38fecbd2629c822e717458774366ab5cddb509c2fe
SHA512 111e25145707cc2ecfcb1a4238013c0875685131c9d801ec1e72f911a011412d7176e3a0daa7b0abab2c45e82315ba7f86ef8ecf1db68f0a37ff7041bd8273e6

C:\Windows\System\yjsyGeo.exe

MD5 05c35e2568730a1606bc64d15b87d881
SHA1 d9fc442195b05a58f7bbd440df96b19866696a59
SHA256 7ebdad7d701dbab29c6aa342cfc31ca8e7ebb25fd68905b8884590e1ccd01f34
SHA512 44e62b14f7dbb4f2c59a0d674a51c99ad4bbc63c694db8aa31c02c176ad6552d555cf013e56998cacacc7e5c9c9a8c72cb296867d4d0dd777147c62d408dfba8

C:\Windows\System\BTsagjW.exe

MD5 fc6f5edead7d9c31283f5746194ab48b
SHA1 e3bd76be9a6eba5097859ea4da7a6579418c282a
SHA256 0be5973b06e2aad2b34a209c80947bf5e3a783aa77827dea63e852bcb57dbd69
SHA512 0bbb5cb9389ad6d07e66be413698f5a1f9d930e332ed73cacdb088b032093295646686aa401d2369bb2d18a9e70f5a5dc77dab97ae34fb878a2016057094c142

C:\Windows\System\xMDkpzO.exe

MD5 6d7289de4f1b9ded779e23daf1016aa8
SHA1 7c3e9fcaf1023603f7eefdcd15ec2a246f9d8181
SHA256 a6c83b8ae8fdf67f66f3c0a52e866edbc857490dab23afa389d6c5755440538f
SHA512 7d30dc55313f74b77be3b935b0e3a575bcaf1a9c6046e40153122e4a46014b9e712dc872aa884d416439f09c4fea9d746590961ebb2a43ace339770ff164f718

C:\Windows\System\hUCsPPJ.exe

MD5 697529c9ed250aee886c9882e420c554
SHA1 8b0ae5cefdc48a6a7dc68e31d5c1503152206c3f
SHA256 6d7fced12a9765d5fc7e41e0c0eb14ddf00d08477590dbcfb5f59ae8544e163c
SHA512 5cac250177140b339b6d2684619a365fc5295e5fa9b004c11900b5dcdc8ac2779cb2b7f95a7712ffbf3b64912dec56ff1d198126cc8473d62015352301016387

C:\Windows\System\fNhnOOM.exe

MD5 b0469acdd55b947d8e774669e1f10692
SHA1 ec2e03b8a3c56ee59cce4113c10787b459664717
SHA256 ad0027aaab6cecbabbc82dcd9a624933e2f21c98fabbbdf07a3c0d39cd63745c
SHA512 6a09aef67f23739d799559320140ec3575ca1b47c484db9a79a25dacdcf476e750897865682b31574e3593ee48e014933488237553ddaabc4746bb15ef5caef0

C:\Windows\System\bNDHYvQ.exe

MD5 dffa6bbdf9153a8196ba06110a3c641b
SHA1 4cfe04aa03967c77ae84e1b175edf16623fb284c
SHA256 635da2e84d5e5deb77be81349d8fd511d08818d99227aebdd6cf29b8f6ef431b
SHA512 2a74094c63dab3d17e8ef826f0697494114678a8938c3a51c627dbfa4f5da068a5b54d57f7db12e79213257f45f2048aa8e78983c8782617ad1040c46ff25a73

C:\Windows\System\IwGWvFS.exe

MD5 6d1604aee6f91f2ee65881ef07d048d4
SHA1 c51132001629f29cb1078f8f76f3c49d12981b8f
SHA256 a5ed92a20493946f7dae22d5c10f7d0cec596097c754680c2ac682be10716c35
SHA512 c0df4ce222a44bd7b0660427c42be559541f12a01034cb3071d3e1422fd1dff6805cc4e6dd941122be4c607b74d1ee9b8c3f1fbd3e38819b125d51488fa6072d

C:\Windows\System\NisRJWJ.exe

MD5 91a09c1d4f5ea00fdd5f79b594c36d94
SHA1 d630e5066813c9480d14734d4b732895a8410e8d
SHA256 c0e28020f9f6f2149a77dedac50d17507d5413e02b59991ccf903ad6f32144ec
SHA512 1d12441b9adfc3f58362ea53191fae3ad67bcc3cebecce0b2c30fc1ca2fdba0b40ff66630e71f088a51a7a7a964a6aedd1929ee5331d999a71e3c75a73545461

C:\Windows\System\oPsGDYh.exe

MD5 5dccd6a39277592c94c2dd8fffeaeccf
SHA1 878824b7a9e49d357f7ff01c0db4758f35df3e9f
SHA256 461c31eb2a1b50094d61634cee95caf81b05a437d673689be6ec73ae093da2fc
SHA512 dab32f529efb6beaca02f00bbc5aaa629bb513e551bdadf3f0705e0d3c681cb805166f4c6002437cb77bb1b25056dc83f02fd815028809c5bf826bbc8ce107d0

C:\Windows\System\GoDQJSc.exe

MD5 c3b3fcbe81b4c48a47d828578aedabe9
SHA1 4dcf8047f5e4d33538979894180f66e4811a236c
SHA256 b01e75f599d55f8601f681b50e19d9ec56cf17fe56bdc33d3327ba5121a8494e
SHA512 de3bbb288aee998dc0769cc5a9d48ffc48c9c1cd0600067b07e9025ba7c8791ca6ae393e03cd1f4185ecf6526beb9ac7bddd08a2cea27a40eaac624045afb589

C:\Windows\System\GyagfoU.exe

MD5 ec414ed18d3feacd1a042f52d15c621c
SHA1 585c8fb5b7a198bdd8b530392c2e0edcd10b2cfe
SHA256 5b68d4bdee7863eeb7420eedc004948b308c7cc026a274e318c3c93b9487feee
SHA512 90ef3aba1abeb3e55bcbf337142d0456e35f54ee26fd758dad5930567d66635c8e524d1d35fb7fe096cfa96dc007448b63f0566b36ad5922fb8ad6a49af2edae

C:\Windows\System\munsgUI.exe

MD5 dd1d90d977a421419254bf55853bf60e
SHA1 d9d8259ebbf62e16846f26f302deee9cee91cb01
SHA256 2b73eb67a7a875a83cf35460980175ab45c3fa47fef5207e55fd84e58ad30b17
SHA512 74d41fce75d9103f6a032d858c7c80d838256645e1a5454ee5d0251dc335f5baf3c8b4e531cb53213e9ccbc106495de699d7b9e32103652c8f3a35070cc9b176

C:\Windows\System\ixcJLDV.exe

MD5 10127c15638f5ee61c635db509effeb0
SHA1 885b0535ee4d8c04eec7118ecaa21f843e2c8459
SHA256 82be081a5dc5efdcd41ae5fc28b7d3db195db66a98a8480167843567dc0c5930
SHA512 beb8b044f595c9448c573a622a7edf26c9dc0a7c98be931195484c077765d717b979b23eb4262dafdef6c8c91014112c89012f673ff367bd43807d8e11e27ed6

C:\Windows\System\xXrXVrG.exe

MD5 4d45e257a867f7bffa98c8938567421d
SHA1 66b8583dff5533acd38ec15f317aabfdf880dc75
SHA256 cfad0037c3b4084c63c9e0859ff164399e3999e49ef03e7b1c2e7bb464a90319
SHA512 3476ff8da1aa4fec10a37c80414ebe960e92bd962b7b926e523b4621bbdecdbd1c20b79ba02d85aaaa7fa016432875148524dda66593197c725a177147478b70

C:\Windows\System\nrvAaBa.exe

MD5 23afe46e9ec97f18cf7732994e41f692
SHA1 30d8c13b768da12cbfcc2adc4d6d823462c4b079
SHA256 7a22430478d42fc3a9905ede869f3d748ee35486f8aa109b4387ac02a534f5a4
SHA512 f75c8d4dd2d10b434cff2ac33633748c11fb2590f30571cb399e13ead68d6d0fd5c977fe5976b758d7cf83dbc0e24d0478067fc62fc16fb73377a225bff6e416

C:\Windows\System\vQPVJOk.exe

MD5 b13a362f7b9ae2e5affee24c1bcc4362
SHA1 8c87b37797d2a5da03ec2f111db62d7b2b13426a
SHA256 87c9615bcd1a2c1df62a0850621bf66c93e4fbdbc4db1e8c8bd12967cedbf3b0
SHA512 736f60823bafa6097ee5ef0a7d22afc1d4fdeb70aab74936ce4e6bb33ee6ecbe5b61688d73e8a321015fd07a377f18d03380f17461e29745ef44d0825e77849c

C:\Windows\System\LPxuxgt.exe

MD5 29d9f3caa158b1fc2fd3849230e14257
SHA1 2ff6471b7eb874a76cf081ad1e09a81c22719bb9
SHA256 8a16b001194b4fc08e7729a46b7b961625f5ee6899e57f8228bdec823723664d
SHA512 ea87116896740cd9b251ab2a4a373d4768c2bb355d093ab4622e5360bdc8d2dc42352bbb2f0adc18c353aaa6f70d8ac27411f26491d080654ba5361d495b778f

C:\Windows\System\iIsZiGs.exe

MD5 baed8842933f7cf9aff6b72dea9e5f84
SHA1 b6b14d23e8e1004d8f95300e68d11b77c531f5ca
SHA256 f628f09d5d226dddea9651c1ca73e8f4513476811d288d4c85f8c9735a2f8b60
SHA512 24d93c52333bcd6cec386f8c7ceb9b26e04724a8eef4b220ad0d4e5b7791c2d60b199b706c041a73366fde79a4941809013857f9969c302cf15f4e6b9366392c

C:\Windows\System\iTciALX.exe

MD5 b08fb71c0b208994e52d9df3cdbffcf5
SHA1 be14eb2c344de57f3b108aadc9c6e381ca6d2efb
SHA256 3b19a57d375109326adc23cef0003d4fb9b327c6210c7f4eee3efd7b842e1bf2
SHA512 77ca3ef2e85ec3143d9e8239e210a5065463e6b3446d4281f26a60a0dc75166388bcb38dcbf678843b87c8341bf71a9825beb79b6f1daf3b12754472af6510df

C:\Windows\System\znADdmx.exe

MD5 82f2e027c399fd82040d34bde2e42e7c
SHA1 293acdc717d9b7b2eebfcb5ffb78ab6ecab074f3
SHA256 b9ffbb1caa1c3e751c6ad0625d2b54e4a60496241a07e63847abb0f2824c5254
SHA512 ffaf0f6af45c0198f63fb8dc3a86e1a64c5b12bcfaab4dc8c2dc0c82d190cbd03a25dea72ac21f8eac272f02213735faa75b3c223fc3721e299845cc54345215