Malware Analysis Report

2024-09-10 05:17

Sample ID 240613-q2r76svhqp
Target 813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
SHA256 e44119e0ca3ed5d923b3db9ca3454f19e59bebcd05bba7ed2b0ff9da44fd09c8
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e44119e0ca3ed5d923b3db9ca3454f19e59bebcd05bba7ed2b0ff9da44fd09c8

Threat Level: Known bad

The file 813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:45

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:45

Reported

2024-06-13 13:48

Platform

win7-20240508-en

Max time kernel

134s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mlafako.exe N/A
N/A N/A C:\Windows\System\WiRZcUB.exe N/A
N/A N/A C:\Windows\System\HhrqXzq.exe N/A
N/A N/A C:\Windows\System\hRggsSl.exe N/A
N/A N/A C:\Windows\System\pbChuyt.exe N/A
N/A N/A C:\Windows\System\WbcAllU.exe N/A
N/A N/A C:\Windows\System\oWxgjXU.exe N/A
N/A N/A C:\Windows\System\gsjGcpC.exe N/A
N/A N/A C:\Windows\System\fQCCHDq.exe N/A
N/A N/A C:\Windows\System\xNGrCmf.exe N/A
N/A N/A C:\Windows\System\GJqkDNU.exe N/A
N/A N/A C:\Windows\System\KdpidcT.exe N/A
N/A N/A C:\Windows\System\OKcwkcm.exe N/A
N/A N/A C:\Windows\System\QGxZnEI.exe N/A
N/A N/A C:\Windows\System\fmlsUaN.exe N/A
N/A N/A C:\Windows\System\esdSSwm.exe N/A
N/A N/A C:\Windows\System\ugUDLlN.exe N/A
N/A N/A C:\Windows\System\jFZaPtJ.exe N/A
N/A N/A C:\Windows\System\mRkXGeX.exe N/A
N/A N/A C:\Windows\System\HyYpXXN.exe N/A
N/A N/A C:\Windows\System\TeUSmqI.exe N/A
N/A N/A C:\Windows\System\RXtfwUL.exe N/A
N/A N/A C:\Windows\System\LzvHDqp.exe N/A
N/A N/A C:\Windows\System\IrFehUu.exe N/A
N/A N/A C:\Windows\System\gfjBzfm.exe N/A
N/A N/A C:\Windows\System\JvNOnhI.exe N/A
N/A N/A C:\Windows\System\AeQhKeW.exe N/A
N/A N/A C:\Windows\System\oVwoTho.exe N/A
N/A N/A C:\Windows\System\NhQZGlq.exe N/A
N/A N/A C:\Windows\System\yPttjij.exe N/A
N/A N/A C:\Windows\System\QhFtYFv.exe N/A
N/A N/A C:\Windows\System\OstnEBS.exe N/A
N/A N/A C:\Windows\System\lMyWxzg.exe N/A
N/A N/A C:\Windows\System\BAjHoTp.exe N/A
N/A N/A C:\Windows\System\wcPSxVX.exe N/A
N/A N/A C:\Windows\System\XaHGtPv.exe N/A
N/A N/A C:\Windows\System\skhqxqt.exe N/A
N/A N/A C:\Windows\System\TEdVIuR.exe N/A
N/A N/A C:\Windows\System\cvXzQZG.exe N/A
N/A N/A C:\Windows\System\LawOlQT.exe N/A
N/A N/A C:\Windows\System\UyesvyC.exe N/A
N/A N/A C:\Windows\System\lfdWRYx.exe N/A
N/A N/A C:\Windows\System\deZAosz.exe N/A
N/A N/A C:\Windows\System\IyaSong.exe N/A
N/A N/A C:\Windows\System\WxYudce.exe N/A
N/A N/A C:\Windows\System\vQZFHnF.exe N/A
N/A N/A C:\Windows\System\rodEsWo.exe N/A
N/A N/A C:\Windows\System\QwaOjpl.exe N/A
N/A N/A C:\Windows\System\EgtolwT.exe N/A
N/A N/A C:\Windows\System\oKpuNRU.exe N/A
N/A N/A C:\Windows\System\iYbGDXh.exe N/A
N/A N/A C:\Windows\System\eBNqAxi.exe N/A
N/A N/A C:\Windows\System\lYxCXlT.exe N/A
N/A N/A C:\Windows\System\bljCWEL.exe N/A
N/A N/A C:\Windows\System\XLnmDuF.exe N/A
N/A N/A C:\Windows\System\DsQMwYe.exe N/A
N/A N/A C:\Windows\System\bHXNJDG.exe N/A
N/A N/A C:\Windows\System\bsYjTZD.exe N/A
N/A N/A C:\Windows\System\kmHsZQu.exe N/A
N/A N/A C:\Windows\System\sBMqsUF.exe N/A
N/A N/A C:\Windows\System\IEmIJfF.exe N/A
N/A N/A C:\Windows\System\lIKSiqK.exe N/A
N/A N/A C:\Windows\System\zkCiXRB.exe N/A
N/A N/A C:\Windows\System\bdvfzhU.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DsQMwYe.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\slamaAC.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNjcrQu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\EAMPyvh.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcPSxVX.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\esdSSwm.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVwoTho.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKpuNRU.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwrfiGQ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\epSFdPJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLghFmJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwSebLD.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNGrCmf.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dIrbjGv.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFZaPtJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oixNRws.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhfDjwA.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\irnnkMJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAhlrQu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugUDLlN.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYbGDXh.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVIHSkR.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TEdVIuR.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxYudce.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAYKxvb.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\akiXYkF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXtfwUL.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\NhQZGlq.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQZFHnF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\iQtWCKD.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\efwCfgh.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\LocDjsG.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\EgtolwT.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdvfzhU.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZIoLYU.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\tczIEMq.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrFehUu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBMqsUF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BetMOqn.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdcPKGo.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdpidcT.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdhOSCl.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLlEPEU.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhFtYFv.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkCiXRB.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZNlusf.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWuqyAF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwhLZTq.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmsDsJJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UhrUqNu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\PrTIzzQ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvXzQZG.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwaOjpl.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKpYfyF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\aHCzzFh.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzqnhRl.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\edpMAwN.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaHGtPv.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmHsZQu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\weeCyat.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzcIvyX.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\rYtYYNl.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPttjij.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\FGnikQd.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mlafako.exe
PID 2980 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mlafako.exe
PID 2980 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mlafako.exe
PID 2980 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WiRZcUB.exe
PID 2980 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WiRZcUB.exe
PID 2980 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WiRZcUB.exe
PID 2980 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HhrqXzq.exe
PID 2980 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HhrqXzq.exe
PID 2980 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HhrqXzq.exe
PID 2980 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\hRggsSl.exe
PID 2980 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\hRggsSl.exe
PID 2980 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\hRggsSl.exe
PID 2980 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\pbChuyt.exe
PID 2980 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\pbChuyt.exe
PID 2980 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\pbChuyt.exe
PID 2980 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WbcAllU.exe
PID 2980 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WbcAllU.exe
PID 2980 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\WbcAllU.exe
PID 2980 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\oWxgjXU.exe
PID 2980 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\oWxgjXU.exe
PID 2980 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\oWxgjXU.exe
PID 2980 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\gsjGcpC.exe
PID 2980 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\gsjGcpC.exe
PID 2980 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\gsjGcpC.exe
PID 2980 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fQCCHDq.exe
PID 2980 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fQCCHDq.exe
PID 2980 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fQCCHDq.exe
PID 2980 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\xNGrCmf.exe
PID 2980 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\xNGrCmf.exe
PID 2980 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\xNGrCmf.exe
PID 2980 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\GJqkDNU.exe
PID 2980 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\GJqkDNU.exe
PID 2980 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\GJqkDNU.exe
PID 2980 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KdpidcT.exe
PID 2980 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KdpidcT.exe
PID 2980 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KdpidcT.exe
PID 2980 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\OKcwkcm.exe
PID 2980 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\OKcwkcm.exe
PID 2980 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\OKcwkcm.exe
PID 2980 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\QGxZnEI.exe
PID 2980 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\QGxZnEI.exe
PID 2980 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\QGxZnEI.exe
PID 2980 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fmlsUaN.exe
PID 2980 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fmlsUaN.exe
PID 2980 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\fmlsUaN.exe
PID 2980 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\esdSSwm.exe
PID 2980 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\esdSSwm.exe
PID 2980 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\esdSSwm.exe
PID 2980 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\ugUDLlN.exe
PID 2980 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\ugUDLlN.exe
PID 2980 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\ugUDLlN.exe
PID 2980 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\jFZaPtJ.exe
PID 2980 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\jFZaPtJ.exe
PID 2980 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\jFZaPtJ.exe
PID 2980 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mRkXGeX.exe
PID 2980 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mRkXGeX.exe
PID 2980 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mRkXGeX.exe
PID 2980 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HyYpXXN.exe
PID 2980 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HyYpXXN.exe
PID 2980 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HyYpXXN.exe
PID 2980 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\TeUSmqI.exe
PID 2980 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\TeUSmqI.exe
PID 2980 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\TeUSmqI.exe
PID 2980 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\RXtfwUL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe"

C:\Windows\System\mlafako.exe

C:\Windows\System\mlafako.exe

C:\Windows\System\WiRZcUB.exe

C:\Windows\System\WiRZcUB.exe

C:\Windows\System\HhrqXzq.exe

C:\Windows\System\HhrqXzq.exe

C:\Windows\System\hRggsSl.exe

C:\Windows\System\hRggsSl.exe

C:\Windows\System\pbChuyt.exe

C:\Windows\System\pbChuyt.exe

C:\Windows\System\WbcAllU.exe

C:\Windows\System\WbcAllU.exe

C:\Windows\System\oWxgjXU.exe

C:\Windows\System\oWxgjXU.exe

C:\Windows\System\gsjGcpC.exe

C:\Windows\System\gsjGcpC.exe

C:\Windows\System\fQCCHDq.exe

C:\Windows\System\fQCCHDq.exe

C:\Windows\System\xNGrCmf.exe

C:\Windows\System\xNGrCmf.exe

C:\Windows\System\GJqkDNU.exe

C:\Windows\System\GJqkDNU.exe

C:\Windows\System\KdpidcT.exe

C:\Windows\System\KdpidcT.exe

C:\Windows\System\OKcwkcm.exe

C:\Windows\System\OKcwkcm.exe

C:\Windows\System\QGxZnEI.exe

C:\Windows\System\QGxZnEI.exe

C:\Windows\System\fmlsUaN.exe

C:\Windows\System\fmlsUaN.exe

C:\Windows\System\esdSSwm.exe

C:\Windows\System\esdSSwm.exe

C:\Windows\System\ugUDLlN.exe

C:\Windows\System\ugUDLlN.exe

C:\Windows\System\jFZaPtJ.exe

C:\Windows\System\jFZaPtJ.exe

C:\Windows\System\mRkXGeX.exe

C:\Windows\System\mRkXGeX.exe

C:\Windows\System\HyYpXXN.exe

C:\Windows\System\HyYpXXN.exe

C:\Windows\System\TeUSmqI.exe

C:\Windows\System\TeUSmqI.exe

C:\Windows\System\RXtfwUL.exe

C:\Windows\System\RXtfwUL.exe

C:\Windows\System\LzvHDqp.exe

C:\Windows\System\LzvHDqp.exe

C:\Windows\System\IrFehUu.exe

C:\Windows\System\IrFehUu.exe

C:\Windows\System\gfjBzfm.exe

C:\Windows\System\gfjBzfm.exe

C:\Windows\System\JvNOnhI.exe

C:\Windows\System\JvNOnhI.exe

C:\Windows\System\AeQhKeW.exe

C:\Windows\System\AeQhKeW.exe

C:\Windows\System\oVwoTho.exe

C:\Windows\System\oVwoTho.exe

C:\Windows\System\NhQZGlq.exe

C:\Windows\System\NhQZGlq.exe

C:\Windows\System\yPttjij.exe

C:\Windows\System\yPttjij.exe

C:\Windows\System\QhFtYFv.exe

C:\Windows\System\QhFtYFv.exe

C:\Windows\System\OstnEBS.exe

C:\Windows\System\OstnEBS.exe

C:\Windows\System\lMyWxzg.exe

C:\Windows\System\lMyWxzg.exe

C:\Windows\System\BAjHoTp.exe

C:\Windows\System\BAjHoTp.exe

C:\Windows\System\wcPSxVX.exe

C:\Windows\System\wcPSxVX.exe

C:\Windows\System\XaHGtPv.exe

C:\Windows\System\XaHGtPv.exe

C:\Windows\System\skhqxqt.exe

C:\Windows\System\skhqxqt.exe

C:\Windows\System\TEdVIuR.exe

C:\Windows\System\TEdVIuR.exe

C:\Windows\System\cvXzQZG.exe

C:\Windows\System\cvXzQZG.exe

C:\Windows\System\LawOlQT.exe

C:\Windows\System\LawOlQT.exe

C:\Windows\System\UyesvyC.exe

C:\Windows\System\UyesvyC.exe

C:\Windows\System\lfdWRYx.exe

C:\Windows\System\lfdWRYx.exe

C:\Windows\System\deZAosz.exe

C:\Windows\System\deZAosz.exe

C:\Windows\System\IyaSong.exe

C:\Windows\System\IyaSong.exe

C:\Windows\System\WxYudce.exe

C:\Windows\System\WxYudce.exe

C:\Windows\System\vQZFHnF.exe

C:\Windows\System\vQZFHnF.exe

C:\Windows\System\rodEsWo.exe

C:\Windows\System\rodEsWo.exe

C:\Windows\System\QwaOjpl.exe

C:\Windows\System\QwaOjpl.exe

C:\Windows\System\EgtolwT.exe

C:\Windows\System\EgtolwT.exe

C:\Windows\System\oKpuNRU.exe

C:\Windows\System\oKpuNRU.exe

C:\Windows\System\iYbGDXh.exe

C:\Windows\System\iYbGDXh.exe

C:\Windows\System\eBNqAxi.exe

C:\Windows\System\eBNqAxi.exe

C:\Windows\System\lYxCXlT.exe

C:\Windows\System\lYxCXlT.exe

C:\Windows\System\bljCWEL.exe

C:\Windows\System\bljCWEL.exe

C:\Windows\System\XLnmDuF.exe

C:\Windows\System\XLnmDuF.exe

C:\Windows\System\DsQMwYe.exe

C:\Windows\System\DsQMwYe.exe

C:\Windows\System\bHXNJDG.exe

C:\Windows\System\bHXNJDG.exe

C:\Windows\System\bsYjTZD.exe

C:\Windows\System\bsYjTZD.exe

C:\Windows\System\kmHsZQu.exe

C:\Windows\System\kmHsZQu.exe

C:\Windows\System\sBMqsUF.exe

C:\Windows\System\sBMqsUF.exe

C:\Windows\System\IEmIJfF.exe

C:\Windows\System\IEmIJfF.exe

C:\Windows\System\lIKSiqK.exe

C:\Windows\System\lIKSiqK.exe

C:\Windows\System\zkCiXRB.exe

C:\Windows\System\zkCiXRB.exe

C:\Windows\System\bdvfzhU.exe

C:\Windows\System\bdvfzhU.exe

C:\Windows\System\weeCyat.exe

C:\Windows\System\weeCyat.exe

C:\Windows\System\SpqZRGk.exe

C:\Windows\System\SpqZRGk.exe

C:\Windows\System\ojYXBIc.exe

C:\Windows\System\ojYXBIc.exe

C:\Windows\System\GWoUZoJ.exe

C:\Windows\System\GWoUZoJ.exe

C:\Windows\System\ZMPmDsw.exe

C:\Windows\System\ZMPmDsw.exe

C:\Windows\System\iQtWCKD.exe

C:\Windows\System\iQtWCKD.exe

C:\Windows\System\Qlkyfyb.exe

C:\Windows\System\Qlkyfyb.exe

C:\Windows\System\klAtxFW.exe

C:\Windows\System\klAtxFW.exe

C:\Windows\System\NwKSDzo.exe

C:\Windows\System\NwKSDzo.exe

C:\Windows\System\GlJSOHD.exe

C:\Windows\System\GlJSOHD.exe

C:\Windows\System\iBDADTr.exe

C:\Windows\System\iBDADTr.exe

C:\Windows\System\oixNRws.exe

C:\Windows\System\oixNRws.exe

C:\Windows\System\YEJETNd.exe

C:\Windows\System\YEJETNd.exe

C:\Windows\System\sddbjek.exe

C:\Windows\System\sddbjek.exe

C:\Windows\System\peVhVcT.exe

C:\Windows\System\peVhVcT.exe

C:\Windows\System\TZNdHDM.exe

C:\Windows\System\TZNdHDM.exe

C:\Windows\System\hhfDjwA.exe

C:\Windows\System\hhfDjwA.exe

C:\Windows\System\bZIoLYU.exe

C:\Windows\System\bZIoLYU.exe

C:\Windows\System\gJJkoaf.exe

C:\Windows\System\gJJkoaf.exe

C:\Windows\System\slamaAC.exe

C:\Windows\System\slamaAC.exe

C:\Windows\System\rbrcNgP.exe

C:\Windows\System\rbrcNgP.exe

C:\Windows\System\fUezJJJ.exe

C:\Windows\System\fUezJJJ.exe

C:\Windows\System\dIrbjGv.exe

C:\Windows\System\dIrbjGv.exe

C:\Windows\System\EhgfMpi.exe

C:\Windows\System\EhgfMpi.exe

C:\Windows\System\MxPAoBf.exe

C:\Windows\System\MxPAoBf.exe

C:\Windows\System\qNjcrQu.exe

C:\Windows\System\qNjcrQu.exe

C:\Windows\System\kHkYSuG.exe

C:\Windows\System\kHkYSuG.exe

C:\Windows\System\QQMyQAk.exe

C:\Windows\System\QQMyQAk.exe

C:\Windows\System\TobOXTm.exe

C:\Windows\System\TobOXTm.exe

C:\Windows\System\EjliwBV.exe

C:\Windows\System\EjliwBV.exe

C:\Windows\System\DGRgVwg.exe

C:\Windows\System\DGRgVwg.exe

C:\Windows\System\ChZDecM.exe

C:\Windows\System\ChZDecM.exe

C:\Windows\System\PwPmTZz.exe

C:\Windows\System\PwPmTZz.exe

C:\Windows\System\LWnJzda.exe

C:\Windows\System\LWnJzda.exe

C:\Windows\System\uJNFhrg.exe

C:\Windows\System\uJNFhrg.exe

C:\Windows\System\KmsDsJJ.exe

C:\Windows\System\KmsDsJJ.exe

C:\Windows\System\QuOuXGZ.exe

C:\Windows\System\QuOuXGZ.exe

C:\Windows\System\IzcIvyX.exe

C:\Windows\System\IzcIvyX.exe

C:\Windows\System\HKpYfyF.exe

C:\Windows\System\HKpYfyF.exe

C:\Windows\System\FGnikQd.exe

C:\Windows\System\FGnikQd.exe

C:\Windows\System\wLlfrjE.exe

C:\Windows\System\wLlfrjE.exe

C:\Windows\System\tJTIyfz.exe

C:\Windows\System\tJTIyfz.exe

C:\Windows\System\YXVblIP.exe

C:\Windows\System\YXVblIP.exe

C:\Windows\System\rYtYYNl.exe

C:\Windows\System\rYtYYNl.exe

C:\Windows\System\SPHviuM.exe

C:\Windows\System\SPHviuM.exe

C:\Windows\System\ZXkDTpB.exe

C:\Windows\System\ZXkDTpB.exe

C:\Windows\System\CKyZHvp.exe

C:\Windows\System\CKyZHvp.exe

C:\Windows\System\pHxKhiw.exe

C:\Windows\System\pHxKhiw.exe

C:\Windows\System\UwuJeCM.exe

C:\Windows\System\UwuJeCM.exe

C:\Windows\System\uNnCDoK.exe

C:\Windows\System\uNnCDoK.exe

C:\Windows\System\GvhkMTE.exe

C:\Windows\System\GvhkMTE.exe

C:\Windows\System\fuzrAxM.exe

C:\Windows\System\fuzrAxM.exe

C:\Windows\System\wuMTGxP.exe

C:\Windows\System\wuMTGxP.exe

C:\Windows\System\NsFCVxH.exe

C:\Windows\System\NsFCVxH.exe

C:\Windows\System\QIKhHwY.exe

C:\Windows\System\QIKhHwY.exe

C:\Windows\System\UdhOSCl.exe

C:\Windows\System\UdhOSCl.exe

C:\Windows\System\dZeqRJn.exe

C:\Windows\System\dZeqRJn.exe

C:\Windows\System\fsGUrqf.exe

C:\Windows\System\fsGUrqf.exe

C:\Windows\System\slDfZqM.exe

C:\Windows\System\slDfZqM.exe

C:\Windows\System\irnnkMJ.exe

C:\Windows\System\irnnkMJ.exe

C:\Windows\System\sGrrceI.exe

C:\Windows\System\sGrrceI.exe

C:\Windows\System\KsFBXDt.exe

C:\Windows\System\KsFBXDt.exe

C:\Windows\System\HeziKfs.exe

C:\Windows\System\HeziKfs.exe

C:\Windows\System\LHfQFjL.exe

C:\Windows\System\LHfQFjL.exe

C:\Windows\System\LAYKxvb.exe

C:\Windows\System\LAYKxvb.exe

C:\Windows\System\efwCfgh.exe

C:\Windows\System\efwCfgh.exe

C:\Windows\System\bGwIURr.exe

C:\Windows\System\bGwIURr.exe

C:\Windows\System\ZMbnhhG.exe

C:\Windows\System\ZMbnhhG.exe

C:\Windows\System\hPBPCzx.exe

C:\Windows\System\hPBPCzx.exe

C:\Windows\System\TldanyX.exe

C:\Windows\System\TldanyX.exe

C:\Windows\System\JZNlusf.exe

C:\Windows\System\JZNlusf.exe

C:\Windows\System\bNtnmGP.exe

C:\Windows\System\bNtnmGP.exe

C:\Windows\System\UhrUqNu.exe

C:\Windows\System\UhrUqNu.exe

C:\Windows\System\REnIPsi.exe

C:\Windows\System\REnIPsi.exe

C:\Windows\System\QEcTUhp.exe

C:\Windows\System\QEcTUhp.exe

C:\Windows\System\akiXYkF.exe

C:\Windows\System\akiXYkF.exe

C:\Windows\System\yROGfcf.exe

C:\Windows\System\yROGfcf.exe

C:\Windows\System\MwrfiGQ.exe

C:\Windows\System\MwrfiGQ.exe

C:\Windows\System\xHUgilK.exe

C:\Windows\System\xHUgilK.exe

C:\Windows\System\UpEQxmd.exe

C:\Windows\System\UpEQxmd.exe

C:\Windows\System\FgVdmSj.exe

C:\Windows\System\FgVdmSj.exe

C:\Windows\System\nvUnbfa.exe

C:\Windows\System\nvUnbfa.exe

C:\Windows\System\hEVgnra.exe

C:\Windows\System\hEVgnra.exe

C:\Windows\System\OhKHLIq.exe

C:\Windows\System\OhKHLIq.exe

C:\Windows\System\tCWRtbz.exe

C:\Windows\System\tCWRtbz.exe

C:\Windows\System\BetMOqn.exe

C:\Windows\System\BetMOqn.exe

C:\Windows\System\QJkQrZi.exe

C:\Windows\System\QJkQrZi.exe

C:\Windows\System\LJvbUDA.exe

C:\Windows\System\LJvbUDA.exe

C:\Windows\System\qLlEPEU.exe

C:\Windows\System\qLlEPEU.exe

C:\Windows\System\PhwVPYO.exe

C:\Windows\System\PhwVPYO.exe

C:\Windows\System\EAMPyvh.exe

C:\Windows\System\EAMPyvh.exe

C:\Windows\System\dXaCMJA.exe

C:\Windows\System\dXaCMJA.exe

C:\Windows\System\FmKapfs.exe

C:\Windows\System\FmKapfs.exe

C:\Windows\System\PrTIzzQ.exe

C:\Windows\System\PrTIzzQ.exe

C:\Windows\System\EiPwlJA.exe

C:\Windows\System\EiPwlJA.exe

C:\Windows\System\NgxYVYk.exe

C:\Windows\System\NgxYVYk.exe

C:\Windows\System\XsKTXlb.exe

C:\Windows\System\XsKTXlb.exe

C:\Windows\System\EMzvIkG.exe

C:\Windows\System\EMzvIkG.exe

C:\Windows\System\LocDjsG.exe

C:\Windows\System\LocDjsG.exe

C:\Windows\System\RyAHeJQ.exe

C:\Windows\System\RyAHeJQ.exe

C:\Windows\System\Pvofmzj.exe

C:\Windows\System\Pvofmzj.exe

C:\Windows\System\OLMUdBJ.exe

C:\Windows\System\OLMUdBJ.exe

C:\Windows\System\WWuqyAF.exe

C:\Windows\System\WWuqyAF.exe

C:\Windows\System\eFiSQVC.exe

C:\Windows\System\eFiSQVC.exe

C:\Windows\System\WwhLZTq.exe

C:\Windows\System\WwhLZTq.exe

C:\Windows\System\QJdmjTy.exe

C:\Windows\System\QJdmjTy.exe

C:\Windows\System\aHCzzFh.exe

C:\Windows\System\aHCzzFh.exe

C:\Windows\System\UOVFLhG.exe

C:\Windows\System\UOVFLhG.exe

C:\Windows\System\NzqnhRl.exe

C:\Windows\System\NzqnhRl.exe

C:\Windows\System\hqdJNmM.exe

C:\Windows\System\hqdJNmM.exe

C:\Windows\System\epSFdPJ.exe

C:\Windows\System\epSFdPJ.exe

C:\Windows\System\FAhlrQu.exe

C:\Windows\System\FAhlrQu.exe

C:\Windows\System\YJtHeLC.exe

C:\Windows\System\YJtHeLC.exe

C:\Windows\System\wDwuLsT.exe

C:\Windows\System\wDwuLsT.exe

C:\Windows\System\tVIHSkR.exe

C:\Windows\System\tVIHSkR.exe

C:\Windows\System\CYcGcQX.exe

C:\Windows\System\CYcGcQX.exe

C:\Windows\System\qSHlHiw.exe

C:\Windows\System\qSHlHiw.exe

C:\Windows\System\IIlQDRv.exe

C:\Windows\System\IIlQDRv.exe

C:\Windows\System\ZxSlHEK.exe

C:\Windows\System\ZxSlHEK.exe

C:\Windows\System\tczIEMq.exe

C:\Windows\System\tczIEMq.exe

C:\Windows\System\trDhQil.exe

C:\Windows\System\trDhQil.exe

C:\Windows\System\XCrVUAU.exe

C:\Windows\System\XCrVUAU.exe

C:\Windows\System\rDrJyNH.exe

C:\Windows\System\rDrJyNH.exe

C:\Windows\System\NrMqUHK.exe

C:\Windows\System\NrMqUHK.exe

C:\Windows\System\XLghFmJ.exe

C:\Windows\System\XLghFmJ.exe

C:\Windows\System\zBznudv.exe

C:\Windows\System\zBznudv.exe

C:\Windows\System\cFiKEnS.exe

C:\Windows\System\cFiKEnS.exe

C:\Windows\System\iYIDVtE.exe

C:\Windows\System\iYIDVtE.exe

C:\Windows\System\PvYgUrE.exe

C:\Windows\System\PvYgUrE.exe

C:\Windows\System\VwSebLD.exe

C:\Windows\System\VwSebLD.exe

C:\Windows\System\edpMAwN.exe

C:\Windows\System\edpMAwN.exe

C:\Windows\System\dmPHxFf.exe

C:\Windows\System\dmPHxFf.exe

C:\Windows\System\wdcPKGo.exe

C:\Windows\System\wdcPKGo.exe

C:\Windows\System\KviTaAD.exe

C:\Windows\System\KviTaAD.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2980-0-0x0000000000200000-0x0000000000210000-memory.dmp

\Windows\system\mlafako.exe

MD5 53ed48bd524291425c6a1649dfda706f
SHA1 b55d35acee4e17ae4398659ac928424c609b299b
SHA256 765b6ec370696f807a73d900e516f7a18c132ea53bf8b393b5027bad946cabe7
SHA512 b2554f6228851ea1781abe55356f24c876f07ce0589a2b7753e104c962dcaca46e58fd29a84e079361a2af7673880e4e5d3ad141edb7d2c1f87df7d507ac2260

\Windows\system\WiRZcUB.exe

MD5 3e71c871df3be9318236060906498f93
SHA1 596dcf2399b68b9c7c120f5fa546daf0e1111d1e
SHA256 87bb660cdc9d978dd5c3cb6a49b9098b7e9a500e870534b2e02181c7fa4c1d62
SHA512 402285b6c9d3ac86b1c895514d73b7a17efb54cc33378c0e7f257f3abc6188d0d949bf085c79a597ceb8b8c8aa7558c824ccd4c14a3c8f700bd79ddaebffa606

C:\Windows\system\HhrqXzq.exe

MD5 0d30337f917ecbaa74e10945cc9a00b9
SHA1 f87831c0de0ed0d208e372614416d287f68344c7
SHA256 8f1252ff4c793fafd1fe70ee54494b130bbb877a71b7828f356861f4c7e9108a
SHA512 998d9f15d8fc67dab7ff7d3b415fb3f69a5d89879aa99949c546410ee75c5a06b3290c01eb909d6c7d04db478291602e5a53b96cefe3198c0c0d35e82fb3c9b4

C:\Windows\system\hRggsSl.exe

MD5 cd96e49b535775d564d1c4f82e22afc6
SHA1 70d15c7d411e6f73ff1f31b713898b759e6c423b
SHA256 12bde4ccb7982cd739a7fded292f629904daa2a34e38a691e939457f22a28784
SHA512 72336189f3fd9788fd8997ff9d52d8b7727603e3be777a27e1d702fe56124e1182e59aefed03feadd1d235039c5a688912e072815a93a748f924372c9ccf4f52

C:\Windows\system\pbChuyt.exe

MD5 a5026887576e705a1fde24a83d38dcd9
SHA1 bb31fcf98beefa6276deb4e43a4b936e54d32847
SHA256 63f2bcaf85b3523c23300ba0e2c4e2e252fcd2bddc0212daec6fb6b8e2ad9acb
SHA512 8b6e7aeda72a2363722127bdb48ddb0c1c556e08bd04fd4ca817ff8481424f3a5f66629ca03606ccf2becc8f72cadade9c5d79873d73cece680d84b5eb360340

C:\Windows\system\WbcAllU.exe

MD5 7d37783078b07883135ba0a911fee20a
SHA1 97ba9a699cf71642a932a35b2c5d6e838f419724
SHA256 7d173053875a434dd76c6579b6e7c2361dc1ed150a5a2e45935d5420978f9809
SHA512 c99cf28e03d9554a6d99a5a6a88e2f20d1e7a2c76c64c6d0030c112c18d1a7ac4bfb4796df63ca9a107ab8894793de4919b4fa7ab4ecf3f6dd06ba9481debcc0

C:\Windows\system\oWxgjXU.exe

MD5 cb028e00adb8472532ec04e2f50ff6bf
SHA1 830e062cc67bb9d5a531d9aac58208590832b725
SHA256 9b3dc462101b55da70f405567f8c67fe66fcda25ea2e6fadd5695b58476164d9
SHA512 0ba34d118fd8b693a09ea8e730c69b53617fdb0612bc43c0285638f2e8acadb00553300042be486c87f3db6e1890f9097cc733557dbeebb27f873507892f74fe

\Windows\system\xNGrCmf.exe

MD5 5356e4d22383d281327428a5eafb4754
SHA1 d8575ee3b46ac26b280656b6e7bbef889dd2a934
SHA256 92f84fcbb08dd2f99c09108f603af9396f62c7dda71591c95679c95381d85893
SHA512 43325fdeebf9f88f9cc30e8436dba071b0ece02b5ac3069b7055378977d307bcb8e33caa72d89fd808e657944878cde0e6d147a8866a7e6af48fd60f1064a4db

C:\Windows\system\OKcwkcm.exe

MD5 2f52724734de660c1d78ee14267c11b2
SHA1 1d8a966f2ec263f8d01810a93bb9102fa560d414
SHA256 bacc2239759834c4adeb1f972e9d22659ab6e4988bce35f7434106a5b49567c9
SHA512 87ede00d64dcf797f85f86ec969f574e58f756f8c97a8ca24d799bdd5dfa8c8233835a11fc8c527111078de8360ec7039354731dfb027910b271e75f01381876

C:\Windows\system\RXtfwUL.exe

MD5 025a763194b74ea07f9125477f14626b
SHA1 32fa970647853545d8d227821b201d8cad871d1c
SHA256 35230b793e6ff3c44b1a5d95bd99814bf3f251ac7c166706e98d66578405edb8
SHA512 afd661a90431b5373095607190fb65a8cf001eec4281e1d2f7d29936857df1e97620b33a3eb90abfcd4111f3680673ef94860609ad567aa299117c89e1767c24

C:\Windows\system\IrFehUu.exe

MD5 3fac3724904c4627d7c11252c76a0b89
SHA1 0b34042436f87b233323f87cf317657ffe660433
SHA256 f55dd91e203b2eb3dd413d980671f4934e356d45712c3328546af159ccbad067
SHA512 f1be74999615d2c527fc3ce6d5cf5ac3ce23cad70ccd760caa872f7fc4de1d108c4941bd581df5baa5cba7478446ae5e88be76399d07ca282c95d126ab0586df

C:\Windows\system\yPttjij.exe

MD5 7c29222e5cfe8b404e04eb16b7ee66eb
SHA1 555a1a1b381887f676c2cddd0a8785b4ba74ef00
SHA256 3975a0c75553c24dcf475127d465d0d7acbca515126334bb6eb408f35cd71bd6
SHA512 b91909e36da839517624433842853589e0770a66936d2fbf62a9eb0823f6275c2153c8d81677b929823384e6bb40e1ef89d8ce22e95c750fee6a8e6b7bbe52ad

C:\Windows\system\OstnEBS.exe

MD5 a3f8787feef4e883659f2459f2d73f30
SHA1 63f7a536c2371a62253cb96be0c780d9126ae378
SHA256 babb304c39f44a99b538252de244919b19c44c8e6cbbafcca5384991e95477a7
SHA512 a801800bed66f413323295346f1f62d2cfc8d85b531b0c0cdc10c42f593dfdec19a9de5e98902526e7977792ddefd1eb25fc9848db64dd155f108d565559defb

C:\Windows\system\QhFtYFv.exe

MD5 1f54bd4b8f0187e9ea0d6f2c6d9386ee
SHA1 f6c061990a88daa8d27e0f619a6c61d0b68c2888
SHA256 2f36cf14dc09fbe97d5f0ff48a5be4b275bb5decceb800b50ec49820037cec75
SHA512 f51d15079c4caac5e2c59480eb3226b5d9f45613108d2f2870ad34670b521a59c04d23e4bba20575fe212a93b86bedbbf2d57f93f62842b003c1ae5870eca9e3

C:\Windows\system\NhQZGlq.exe

MD5 68c7ed7605b1fe1fb9a48727c3383a64
SHA1 824c301bdfd19273196217191feaa391b7739cff
SHA256 4d3a40c422e1b3ffebf18d2f03d9b1e8e020e7015baa1926ea211d5d0b1f52c9
SHA512 16d7c57b688f1bf327afa7be09b07df56c0e4fa2030840f650f7734e0cfa3fd2feede4f221e5db8d18834e0a64072ae676af77e3d3788a1a5ed9fadce6f8a236

C:\Windows\system\oVwoTho.exe

MD5 f1dba0cbb6ebd952b1e9ae79ada2b69f
SHA1 95b5c6fe484015d09d09cfdc238a4c5a67336c20
SHA256 8183eb528c477ed3b5d5f3907972e2d705ac5c499f8321eb5674c8cd23c65cc6
SHA512 266238b16c624a5a34d00dbac2f55e0be026932c1f09577d9d2a1e27eef31932473780841ce63fba1a80d9162ee1008ee018704ec94e3ab6bccec67bbf0fc7a3

C:\Windows\system\AeQhKeW.exe

MD5 8f863b8febad89d405d38ab6f81d93b9
SHA1 0becc2e715ac2b94961947144fd93fcbbd08afb2
SHA256 d26f9258ff149f64e3adb8fd12c21cd19bd5ae752a742a451447d53fff3ca239
SHA512 081521bdd942f4c82cc432884f8bb188bccdd028fea33b8a6103bc4e3ba56a3f0306498516fdedd1b776ca672fac7e82b910a2ff4acb16aa5db768f1c5b86396

C:\Windows\system\JvNOnhI.exe

MD5 bc5202394ce0a11b2dd148018118a4a1
SHA1 eedb9197ba8ba056cb930ec28ff8c47562664b42
SHA256 d7ba6fdd4f97c6ea1b43dd81c54f5dc7cf0caf23707c0b249d40b82825df2199
SHA512 02f4b41d84d58eb52220ca137d98ea6a218f2c349284015fc8b54d9e987dd2cfe39e03a90e1bda3f9d4de79eb07e32119ba6d146ffb59b9ae1fb7dac3c409599

C:\Windows\system\gfjBzfm.exe

MD5 862f355d753d28efb6d6eadab367ea48
SHA1 f00a56df6de1e51929c939677eaae8f8a82fcbc6
SHA256 bd3bf8d98f8adeb06ef4977f5d73c4d737a5f3cd306082e01bc52c61ae3b57a4
SHA512 7af68ebbcacbe39d911f31ab39c2c9ee9cdb0d5497af45ada48fe755817c992270990a5afe0a09da4bd972d670a26fef47d8683695196e1d4daf985b916e59e8

C:\Windows\system\LzvHDqp.exe

MD5 7561731fda3ee0b1e6040b5eda055f33
SHA1 31465491981a3126892aaca25f5414bb4cdec100
SHA256 a5f4eb65efe34c61eee9a75b68a7080785a0dd7e2381b7df97270e8930d66418
SHA512 d1e94623cfbece926e9ab0b58861856c45ce2cabc5b5fd6a844badd0d82344b267474686bec882d177200abd47f8662fd18d376660c87cfe8167e783af41c6be

C:\Windows\system\TeUSmqI.exe

MD5 614794e62d429fd361805fff57b97272
SHA1 6554e2bad7372a4763421d74377230e99361ba24
SHA256 c417cc526eeeadc89c93dfc56e8095173d538cd9b954238ecb2946cd5b562d35
SHA512 99c5b4726aa2ef3bc1cadc20b3df092eb907288d34763a7193119728ba0623e92673c8bed661b68dc557fec64e30fb0b214a16a61dd84a57f520c0d37df59f64

C:\Windows\system\HyYpXXN.exe

MD5 fca7db1d13fe1e5edf96e7c5b1f81643
SHA1 4ac7b3900b6cef8e1efbd2b8fea93cdb04bece38
SHA256 f602f16cbdd349ee9abc4370e188c01f176c95ce584bf8edddbc652e8b10cf20
SHA512 eb9cc18bab91e63c3862d903a7309c33f650c6261e7c6c1909c809e6b29e82beeb86c8a367fab8fe16b5761085c9d3ae9d2c769a75e7b9e49b9783afade8adae

C:\Windows\system\mRkXGeX.exe

MD5 2274558424aa8e43c0bae3c0a4120bbc
SHA1 67d8e89aeae777e072e857625500de495e076c5c
SHA256 f29ce7a82bca371e354201c4c6bd4c78703f95da1c4d38dcf0538c18ad3611a5
SHA512 4ca1a69bb356483f615808ef59e07053cb74f7cd96a74f35905ea99b901de5a3adc12a4dbaa2112322bc704b5bc3002f23b41ab6edb0ed369403ba98335d5318

C:\Windows\system\jFZaPtJ.exe

MD5 d35ddc5420ad7b47e375c18abc1386b9
SHA1 735b5eb172b6e41615f59acb5956c5565bfc0aaf
SHA256 3aba43abc246a4a3933ce728a10a01302722984657d913975d9d5aa4a028280e
SHA512 02224295011a2c750190446511c4b8096a30e52dadda334e397189fa15891065024fe7fb3c3c952ebad872f93f68441a6101492d2371a580a50a29359d4518b4

C:\Windows\system\ugUDLlN.exe

MD5 71df2c214ca8f3ceee20a29cfc1c84e8
SHA1 05c9ae55af9cbb928913f4c7f7fbb270442db263
SHA256 8c64226458a690f9be66d303914d9613b287bffc8cae631b4b593653783f1a2f
SHA512 18d094fee848b4a3779468aeb490fecfc44c696f3a84b834e9e36a900932765d05bec9297730ffdbf8424a3bbdd65553ffdc2e6cae983e466d782a36c693f016

C:\Windows\system\esdSSwm.exe

MD5 16d6aea703c5c0a04cfc450eebb5546b
SHA1 f3c0d41767807a2899f81fbaeb6b7c1f65848de7
SHA256 1a6824fdd7b1e47a5981d53f9c88b8add0c18c52006c089b4390a63dcbe9a74e
SHA512 1c19b945b8b1df66dbda6f37d7c4c2aee3f4c592b2351738f23b8084e7ac46a929eea9e8d5db56a552023690bcb68792a3070554e7fe6e1d1c798bca9f625493

C:\Windows\system\fmlsUaN.exe

MD5 71cc1eb365802190d454b374f97812e4
SHA1 7ae141e8c66dc330e124518e74a3c245fb58cdc8
SHA256 daadc04087f89bfd7c6726b1c9563a22070cd996333057bf504f5db470f0a965
SHA512 33c3f6a01dad86663b97016a3ae55e92ef73d336c90aa3e6d51b434e6d2b257aa4f732f0e0db6f98ffe8fad3db51d9fb1af475599c7463fecaeaab5f852fc830

C:\Windows\system\QGxZnEI.exe

MD5 77124451cdc39ca72f59c488f84d291f
SHA1 15b718ebffb90b4c14782525888764b6e660dcc4
SHA256 10e5bea6e4bda7d5062a2ff788352c719eda7548b7f5c1a81fbb961ca8311e1f
SHA512 aaee2b3a3bd4eb953361f12e1986dc4f1628cae2b03e9d4c7ba6f6be67515c9bd7380d0c8163050a6fc55b6b8d6f96ee4365615b5f4dc9679a27ae3fca46a550

C:\Windows\system\KdpidcT.exe

MD5 b281bd50e2079b334b36ee05b36daf40
SHA1 d366572468b521c1575c84bd9203d3e993fef931
SHA256 b03edefd4f68a3bf37ae409553261efc6afd8a9e0171fb50df129d37b9306754
SHA512 d3ce349b474078f86e04c81904b8677488cf5670c782391caf5d49c43a58b164c7622874f6eb5fc64eda44cceda10adabc27b480ba29529ce777171614225470

C:\Windows\system\GJqkDNU.exe

MD5 2f7e493e2442f4e3d59eca851bc91372
SHA1 46e8936bc24517977f6f485671c317163d83c7cc
SHA256 0139833fe58eb71cf7bda65d07375608d3911b2f7039c46c7b84c0e5676dc416
SHA512 2c55e40460dd53979932c5f20993c6eb37e166c3da700361f3c85f68214db2b552429a250bea000417966a4a45c5a662d0cbfa2840ed401a517b0a74272d6e8b

C:\Windows\system\fQCCHDq.exe

MD5 712c34b6131c8abb19efa5515bef565b
SHA1 32e2196cf22c383ffdb61f35f1cfcd61a0376afe
SHA256 fb927d6e4701ab57d0e7a14b749f1e98b410effc69c8bcb03b8d96c302210e8d
SHA512 54a5018f48bef1dd671eba46efe4d326315d31c398dd6f9108b8d5fc3d2749be666f44f7321d03bfcb7c13d39dea07794471c6d219e54178181692130475f26a

C:\Windows\system\gsjGcpC.exe

MD5 f152ee210ec50a3756ab3c5e549d51e1
SHA1 b4d58d27f91fa4fa338c24fd2c80bbb173457aac
SHA256 3b191b3be557cbdf2a29bf01afc9e171e020da419c404bbe74c2c498a9d406ed
SHA512 9ce90e19f98bd84a9c808e6a531615ac6fc876399459c674132a1a9433961cb9453d476a6854d191bd92d4a7cbc36cc3c329ddeda15f13cb0236753858f26dbd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:45

Reported

2024-06-13 13:48

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zSKIpnK.exe N/A
N/A N/A C:\Windows\System\karhspJ.exe N/A
N/A N/A C:\Windows\System\jAMSXpD.exe N/A
N/A N/A C:\Windows\System\phDeYZn.exe N/A
N/A N/A C:\Windows\System\JviNbMg.exe N/A
N/A N/A C:\Windows\System\nduDFHY.exe N/A
N/A N/A C:\Windows\System\UylNDSx.exe N/A
N/A N/A C:\Windows\System\KlkyZOA.exe N/A
N/A N/A C:\Windows\System\nxdTonp.exe N/A
N/A N/A C:\Windows\System\JYPieLi.exe N/A
N/A N/A C:\Windows\System\rNWXLdA.exe N/A
N/A N/A C:\Windows\System\KVYfRBJ.exe N/A
N/A N/A C:\Windows\System\nrErUGy.exe N/A
N/A N/A C:\Windows\System\ZsTsTRW.exe N/A
N/A N/A C:\Windows\System\TvUbRYk.exe N/A
N/A N/A C:\Windows\System\OzbiDZp.exe N/A
N/A N/A C:\Windows\System\JqHvDaq.exe N/A
N/A N/A C:\Windows\System\XykhEgo.exe N/A
N/A N/A C:\Windows\System\mfdOkIw.exe N/A
N/A N/A C:\Windows\System\HDDFBJg.exe N/A
N/A N/A C:\Windows\System\FEsyJig.exe N/A
N/A N/A C:\Windows\System\daKOBHR.exe N/A
N/A N/A C:\Windows\System\LAoEVVf.exe N/A
N/A N/A C:\Windows\System\CgzWwZS.exe N/A
N/A N/A C:\Windows\System\aWLOejk.exe N/A
N/A N/A C:\Windows\System\oxjeBXu.exe N/A
N/A N/A C:\Windows\System\xExfEMs.exe N/A
N/A N/A C:\Windows\System\GmHeUVV.exe N/A
N/A N/A C:\Windows\System\eslIzlg.exe N/A
N/A N/A C:\Windows\System\CrfkMxs.exe N/A
N/A N/A C:\Windows\System\AvHNfFH.exe N/A
N/A N/A C:\Windows\System\YmkQDLN.exe N/A
N/A N/A C:\Windows\System\zrWdhIl.exe N/A
N/A N/A C:\Windows\System\AcUrewJ.exe N/A
N/A N/A C:\Windows\System\hjEymQK.exe N/A
N/A N/A C:\Windows\System\OhpKRJA.exe N/A
N/A N/A C:\Windows\System\HlgEiyI.exe N/A
N/A N/A C:\Windows\System\QrbrlqE.exe N/A
N/A N/A C:\Windows\System\fKYRrOu.exe N/A
N/A N/A C:\Windows\System\kZjEbwY.exe N/A
N/A N/A C:\Windows\System\gidUsrD.exe N/A
N/A N/A C:\Windows\System\spLBuiR.exe N/A
N/A N/A C:\Windows\System\pUTGRSB.exe N/A
N/A N/A C:\Windows\System\tbxoqyE.exe N/A
N/A N/A C:\Windows\System\XUCrxiC.exe N/A
N/A N/A C:\Windows\System\TovBacH.exe N/A
N/A N/A C:\Windows\System\ZhYoSRq.exe N/A
N/A N/A C:\Windows\System\gEUJmqP.exe N/A
N/A N/A C:\Windows\System\jzNCtFo.exe N/A
N/A N/A C:\Windows\System\GeMiuTU.exe N/A
N/A N/A C:\Windows\System\jNpQqcp.exe N/A
N/A N/A C:\Windows\System\YPUMVAG.exe N/A
N/A N/A C:\Windows\System\QeYQFFc.exe N/A
N/A N/A C:\Windows\System\WUMLHHj.exe N/A
N/A N/A C:\Windows\System\NaCnYYY.exe N/A
N/A N/A C:\Windows\System\SaBmXmv.exe N/A
N/A N/A C:\Windows\System\kHvuTlA.exe N/A
N/A N/A C:\Windows\System\AowYxWs.exe N/A
N/A N/A C:\Windows\System\HGcWeZM.exe N/A
N/A N/A C:\Windows\System\mwEpKsl.exe N/A
N/A N/A C:\Windows\System\kKOOBZl.exe N/A
N/A N/A C:\Windows\System\ccyGVsJ.exe N/A
N/A N/A C:\Windows\System\NlagPsY.exe N/A
N/A N/A C:\Windows\System\MLcueZc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vnfnvyE.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvUbRYk.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMFiHap.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdFBUyT.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhUhBLC.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhYoSRq.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\govoSHF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqKRCXw.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZjEbwY.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuUeqFy.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsEJIvu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxYviEU.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzZijQs.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcJlnWz.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWbLqrM.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\oxjeBXu.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmkQDLN.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcaMTXp.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCBsoQt.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBqwCfH.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hvxlgmh.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUMLHHj.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYEmhRx.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFdleqp.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNMyMrs.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPozkot.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyZLyRG.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QDQrZJe.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\rDtBceN.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\JviNbMg.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccyGVsJ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEBkqFt.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyfAieF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzqfIhv.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UKDhbni.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOtntox.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEJsIop.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkrbAZE.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\csrMEMs.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzKrmhr.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eslIzlg.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrfkMxs.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\dihatjk.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUErKRF.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWnREyB.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\rniYhhg.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVGNtQn.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\eQufdDf.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtsONkt.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\yNkldsN.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBhTIGr.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\jAMSXpD.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxxBOJV.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdvIBcP.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwFuIBA.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VELDfOC.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghuVyiM.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGPBXrQ.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrbrlqE.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNgJHNV.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaBmXmv.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrCzBVl.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKWuhlE.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
File created C:\Windows\System\mfdOkIw.exe C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2616 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\zSKIpnK.exe
PID 2616 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\zSKIpnK.exe
PID 2616 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\karhspJ.exe
PID 2616 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\karhspJ.exe
PID 2616 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\jAMSXpD.exe
PID 2616 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\jAMSXpD.exe
PID 2616 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\phDeYZn.exe
PID 2616 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\phDeYZn.exe
PID 2616 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JviNbMg.exe
PID 2616 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JviNbMg.exe
PID 2616 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nduDFHY.exe
PID 2616 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nduDFHY.exe
PID 2616 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\UylNDSx.exe
PID 2616 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\UylNDSx.exe
PID 2616 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KlkyZOA.exe
PID 2616 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KlkyZOA.exe
PID 2616 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nxdTonp.exe
PID 2616 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nxdTonp.exe
PID 2616 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JYPieLi.exe
PID 2616 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JYPieLi.exe
PID 2616 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\rNWXLdA.exe
PID 2616 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\rNWXLdA.exe
PID 2616 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KVYfRBJ.exe
PID 2616 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\KVYfRBJ.exe
PID 2616 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nrErUGy.exe
PID 2616 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\nrErUGy.exe
PID 2616 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\ZsTsTRW.exe
PID 2616 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\ZsTsTRW.exe
PID 2616 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\TvUbRYk.exe
PID 2616 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\TvUbRYk.exe
PID 2616 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\OzbiDZp.exe
PID 2616 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\OzbiDZp.exe
PID 2616 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JqHvDaq.exe
PID 2616 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\JqHvDaq.exe
PID 2616 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\XykhEgo.exe
PID 2616 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\XykhEgo.exe
PID 2616 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mfdOkIw.exe
PID 2616 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\mfdOkIw.exe
PID 2616 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HDDFBJg.exe
PID 2616 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\HDDFBJg.exe
PID 2616 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\FEsyJig.exe
PID 2616 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\FEsyJig.exe
PID 2616 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\daKOBHR.exe
PID 2616 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\daKOBHR.exe
PID 2616 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\LAoEVVf.exe
PID 2616 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\LAoEVVf.exe
PID 2616 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\CgzWwZS.exe
PID 2616 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\CgzWwZS.exe
PID 2616 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\aWLOejk.exe
PID 2616 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\aWLOejk.exe
PID 2616 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\oxjeBXu.exe
PID 2616 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\oxjeBXu.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\xExfEMs.exe
PID 2616 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\xExfEMs.exe
PID 2616 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\GmHeUVV.exe
PID 2616 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\GmHeUVV.exe
PID 2616 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\eslIzlg.exe
PID 2616 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\eslIzlg.exe
PID 2616 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\CrfkMxs.exe
PID 2616 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\CrfkMxs.exe
PID 2616 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\AvHNfFH.exe
PID 2616 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\AvHNfFH.exe
PID 2616 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\YmkQDLN.exe
PID 2616 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe C:\Windows\System\YmkQDLN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe"

C:\Windows\System\zSKIpnK.exe

C:\Windows\System\zSKIpnK.exe

C:\Windows\System\karhspJ.exe

C:\Windows\System\karhspJ.exe

C:\Windows\System\jAMSXpD.exe

C:\Windows\System\jAMSXpD.exe

C:\Windows\System\phDeYZn.exe

C:\Windows\System\phDeYZn.exe

C:\Windows\System\JviNbMg.exe

C:\Windows\System\JviNbMg.exe

C:\Windows\System\nduDFHY.exe

C:\Windows\System\nduDFHY.exe

C:\Windows\System\UylNDSx.exe

C:\Windows\System\UylNDSx.exe

C:\Windows\System\KlkyZOA.exe

C:\Windows\System\KlkyZOA.exe

C:\Windows\System\nxdTonp.exe

C:\Windows\System\nxdTonp.exe

C:\Windows\System\JYPieLi.exe

C:\Windows\System\JYPieLi.exe

C:\Windows\System\rNWXLdA.exe

C:\Windows\System\rNWXLdA.exe

C:\Windows\System\KVYfRBJ.exe

C:\Windows\System\KVYfRBJ.exe

C:\Windows\System\nrErUGy.exe

C:\Windows\System\nrErUGy.exe

C:\Windows\System\ZsTsTRW.exe

C:\Windows\System\ZsTsTRW.exe

C:\Windows\System\TvUbRYk.exe

C:\Windows\System\TvUbRYk.exe

C:\Windows\System\OzbiDZp.exe

C:\Windows\System\OzbiDZp.exe

C:\Windows\System\JqHvDaq.exe

C:\Windows\System\JqHvDaq.exe

C:\Windows\System\XykhEgo.exe

C:\Windows\System\XykhEgo.exe

C:\Windows\System\mfdOkIw.exe

C:\Windows\System\mfdOkIw.exe

C:\Windows\System\HDDFBJg.exe

C:\Windows\System\HDDFBJg.exe

C:\Windows\System\FEsyJig.exe

C:\Windows\System\FEsyJig.exe

C:\Windows\System\daKOBHR.exe

C:\Windows\System\daKOBHR.exe

C:\Windows\System\LAoEVVf.exe

C:\Windows\System\LAoEVVf.exe

C:\Windows\System\CgzWwZS.exe

C:\Windows\System\CgzWwZS.exe

C:\Windows\System\aWLOejk.exe

C:\Windows\System\aWLOejk.exe

C:\Windows\System\oxjeBXu.exe

C:\Windows\System\oxjeBXu.exe

C:\Windows\System\xExfEMs.exe

C:\Windows\System\xExfEMs.exe

C:\Windows\System\GmHeUVV.exe

C:\Windows\System\GmHeUVV.exe

C:\Windows\System\eslIzlg.exe

C:\Windows\System\eslIzlg.exe

C:\Windows\System\CrfkMxs.exe

C:\Windows\System\CrfkMxs.exe

C:\Windows\System\AvHNfFH.exe

C:\Windows\System\AvHNfFH.exe

C:\Windows\System\YmkQDLN.exe

C:\Windows\System\YmkQDLN.exe

C:\Windows\System\zrWdhIl.exe

C:\Windows\System\zrWdhIl.exe

C:\Windows\System\AcUrewJ.exe

C:\Windows\System\AcUrewJ.exe

C:\Windows\System\hjEymQK.exe

C:\Windows\System\hjEymQK.exe

C:\Windows\System\OhpKRJA.exe

C:\Windows\System\OhpKRJA.exe

C:\Windows\System\HlgEiyI.exe

C:\Windows\System\HlgEiyI.exe

C:\Windows\System\QrbrlqE.exe

C:\Windows\System\QrbrlqE.exe

C:\Windows\System\fKYRrOu.exe

C:\Windows\System\fKYRrOu.exe

C:\Windows\System\kZjEbwY.exe

C:\Windows\System\kZjEbwY.exe

C:\Windows\System\gidUsrD.exe

C:\Windows\System\gidUsrD.exe

C:\Windows\System\spLBuiR.exe

C:\Windows\System\spLBuiR.exe

C:\Windows\System\pUTGRSB.exe

C:\Windows\System\pUTGRSB.exe

C:\Windows\System\tbxoqyE.exe

C:\Windows\System\tbxoqyE.exe

C:\Windows\System\XUCrxiC.exe

C:\Windows\System\XUCrxiC.exe

C:\Windows\System\TovBacH.exe

C:\Windows\System\TovBacH.exe

C:\Windows\System\ZhYoSRq.exe

C:\Windows\System\ZhYoSRq.exe

C:\Windows\System\gEUJmqP.exe

C:\Windows\System\gEUJmqP.exe

C:\Windows\System\jzNCtFo.exe

C:\Windows\System\jzNCtFo.exe

C:\Windows\System\GeMiuTU.exe

C:\Windows\System\GeMiuTU.exe

C:\Windows\System\jNpQqcp.exe

C:\Windows\System\jNpQqcp.exe

C:\Windows\System\YPUMVAG.exe

C:\Windows\System\YPUMVAG.exe

C:\Windows\System\QeYQFFc.exe

C:\Windows\System\QeYQFFc.exe

C:\Windows\System\WUMLHHj.exe

C:\Windows\System\WUMLHHj.exe

C:\Windows\System\NaCnYYY.exe

C:\Windows\System\NaCnYYY.exe

C:\Windows\System\SaBmXmv.exe

C:\Windows\System\SaBmXmv.exe

C:\Windows\System\kHvuTlA.exe

C:\Windows\System\kHvuTlA.exe

C:\Windows\System\AowYxWs.exe

C:\Windows\System\AowYxWs.exe

C:\Windows\System\HGcWeZM.exe

C:\Windows\System\HGcWeZM.exe

C:\Windows\System\mwEpKsl.exe

C:\Windows\System\mwEpKsl.exe

C:\Windows\System\kKOOBZl.exe

C:\Windows\System\kKOOBZl.exe

C:\Windows\System\ccyGVsJ.exe

C:\Windows\System\ccyGVsJ.exe

C:\Windows\System\NlagPsY.exe

C:\Windows\System\NlagPsY.exe

C:\Windows\System\MLcueZc.exe

C:\Windows\System\MLcueZc.exe

C:\Windows\System\ZbgLrxE.exe

C:\Windows\System\ZbgLrxE.exe

C:\Windows\System\xjcMTzP.exe

C:\Windows\System\xjcMTzP.exe

C:\Windows\System\AWbLqrM.exe

C:\Windows\System\AWbLqrM.exe

C:\Windows\System\FwsMUud.exe

C:\Windows\System\FwsMUud.exe

C:\Windows\System\UPozkot.exe

C:\Windows\System\UPozkot.exe

C:\Windows\System\khkfChK.exe

C:\Windows\System\khkfChK.exe

C:\Windows\System\XSnAkhZ.exe

C:\Windows\System\XSnAkhZ.exe

C:\Windows\System\tmnVjUc.exe

C:\Windows\System\tmnVjUc.exe

C:\Windows\System\pQKgWsC.exe

C:\Windows\System\pQKgWsC.exe

C:\Windows\System\BwyDjWn.exe

C:\Windows\System\BwyDjWn.exe

C:\Windows\System\vnfnvyE.exe

C:\Windows\System\vnfnvyE.exe

C:\Windows\System\pjelLmd.exe

C:\Windows\System\pjelLmd.exe

C:\Windows\System\govoSHF.exe

C:\Windows\System\govoSHF.exe

C:\Windows\System\hEBkqFt.exe

C:\Windows\System\hEBkqFt.exe

C:\Windows\System\QSIVDUd.exe

C:\Windows\System\QSIVDUd.exe

C:\Windows\System\VrCzBVl.exe

C:\Windows\System\VrCzBVl.exe

C:\Windows\System\uYCsAmw.exe

C:\Windows\System\uYCsAmw.exe

C:\Windows\System\zoVeTEs.exe

C:\Windows\System\zoVeTEs.exe

C:\Windows\System\UAafFrC.exe

C:\Windows\System\UAafFrC.exe

C:\Windows\System\UpsbloJ.exe

C:\Windows\System\UpsbloJ.exe

C:\Windows\System\KtmReOn.exe

C:\Windows\System\KtmReOn.exe

C:\Windows\System\DzqfIhv.exe

C:\Windows\System\DzqfIhv.exe

C:\Windows\System\zxxBOJV.exe

C:\Windows\System\zxxBOJV.exe

C:\Windows\System\bPXcDlR.exe

C:\Windows\System\bPXcDlR.exe

C:\Windows\System\UKDhbni.exe

C:\Windows\System\UKDhbni.exe

C:\Windows\System\IrzLwtL.exe

C:\Windows\System\IrzLwtL.exe

C:\Windows\System\QxYviEU.exe

C:\Windows\System\QxYviEU.exe

C:\Windows\System\ZuUeqFy.exe

C:\Windows\System\ZuUeqFy.exe

C:\Windows\System\RyZLyRG.exe

C:\Windows\System\RyZLyRG.exe

C:\Windows\System\XVQvnXV.exe

C:\Windows\System\XVQvnXV.exe

C:\Windows\System\hvxlgmh.exe

C:\Windows\System\hvxlgmh.exe

C:\Windows\System\sHbuEXc.exe

C:\Windows\System\sHbuEXc.exe

C:\Windows\System\azaWHGu.exe

C:\Windows\System\azaWHGu.exe

C:\Windows\System\UNURoLS.exe

C:\Windows\System\UNURoLS.exe

C:\Windows\System\BVGNtQn.exe

C:\Windows\System\BVGNtQn.exe

C:\Windows\System\TrsDQCl.exe

C:\Windows\System\TrsDQCl.exe

C:\Windows\System\aADntBT.exe

C:\Windows\System\aADntBT.exe

C:\Windows\System\jTvsIYF.exe

C:\Windows\System\jTvsIYF.exe

C:\Windows\System\eQufdDf.exe

C:\Windows\System\eQufdDf.exe

C:\Windows\System\dihatjk.exe

C:\Windows\System\dihatjk.exe

C:\Windows\System\teytefM.exe

C:\Windows\System\teytefM.exe

C:\Windows\System\hkrbAZE.exe

C:\Windows\System\hkrbAZE.exe

C:\Windows\System\KRtPvPL.exe

C:\Windows\System\KRtPvPL.exe

C:\Windows\System\nKWuhlE.exe

C:\Windows\System\nKWuhlE.exe

C:\Windows\System\eUErKRF.exe

C:\Windows\System\eUErKRF.exe

C:\Windows\System\DKZhlvP.exe

C:\Windows\System\DKZhlvP.exe

C:\Windows\System\UnngrxN.exe

C:\Windows\System\UnngrxN.exe

C:\Windows\System\QDQrZJe.exe

C:\Windows\System\QDQrZJe.exe

C:\Windows\System\KUuZdFC.exe

C:\Windows\System\KUuZdFC.exe

C:\Windows\System\UtsONkt.exe

C:\Windows\System\UtsONkt.exe

C:\Windows\System\oKOIXkz.exe

C:\Windows\System\oKOIXkz.exe

C:\Windows\System\yNkldsN.exe

C:\Windows\System\yNkldsN.exe

C:\Windows\System\BNgJHNV.exe

C:\Windows\System\BNgJHNV.exe

C:\Windows\System\VwaiVGB.exe

C:\Windows\System\VwaiVGB.exe

C:\Windows\System\hlKUJQf.exe

C:\Windows\System\hlKUJQf.exe

C:\Windows\System\dcQTiYa.exe

C:\Windows\System\dcQTiYa.exe

C:\Windows\System\GsEJIvu.exe

C:\Windows\System\GsEJIvu.exe

C:\Windows\System\MZVVZAu.exe

C:\Windows\System\MZVVZAu.exe

C:\Windows\System\zZAySYK.exe

C:\Windows\System\zZAySYK.exe

C:\Windows\System\IdFBUyT.exe

C:\Windows\System\IdFBUyT.exe

C:\Windows\System\CAJovOA.exe

C:\Windows\System\CAJovOA.exe

C:\Windows\System\UkDcgBv.exe

C:\Windows\System\UkDcgBv.exe

C:\Windows\System\fUaeyRx.exe

C:\Windows\System\fUaeyRx.exe

C:\Windows\System\JSIppZx.exe

C:\Windows\System\JSIppZx.exe

C:\Windows\System\OzZijQs.exe

C:\Windows\System\OzZijQs.exe

C:\Windows\System\csrMEMs.exe

C:\Windows\System\csrMEMs.exe

C:\Windows\System\zEtFvdZ.exe

C:\Windows\System\zEtFvdZ.exe

C:\Windows\System\jKtquXx.exe

C:\Windows\System\jKtquXx.exe

C:\Windows\System\JBhTIGr.exe

C:\Windows\System\JBhTIGr.exe

C:\Windows\System\NAnGcMD.exe

C:\Windows\System\NAnGcMD.exe

C:\Windows\System\CQEuPoQ.exe

C:\Windows\System\CQEuPoQ.exe

C:\Windows\System\FwFuIBA.exe

C:\Windows\System\FwFuIBA.exe

C:\Windows\System\xgsoVbA.exe

C:\Windows\System\xgsoVbA.exe

C:\Windows\System\nRrVLdA.exe

C:\Windows\System\nRrVLdA.exe

C:\Windows\System\EausuTU.exe

C:\Windows\System\EausuTU.exe

C:\Windows\System\mkruLIy.exe

C:\Windows\System\mkruLIy.exe

C:\Windows\System\GBxTroo.exe

C:\Windows\System\GBxTroo.exe

C:\Windows\System\VELDfOC.exe

C:\Windows\System\VELDfOC.exe

C:\Windows\System\hDweuxU.exe

C:\Windows\System\hDweuxU.exe

C:\Windows\System\NADtGvq.exe

C:\Windows\System\NADtGvq.exe

C:\Windows\System\HFdleqp.exe

C:\Windows\System\HFdleqp.exe

C:\Windows\System\wnpddSd.exe

C:\Windows\System\wnpddSd.exe

C:\Windows\System\vqKRCXw.exe

C:\Windows\System\vqKRCXw.exe

C:\Windows\System\xWelbVL.exe

C:\Windows\System\xWelbVL.exe

C:\Windows\System\bzKrmhr.exe

C:\Windows\System\bzKrmhr.exe

C:\Windows\System\rniYhhg.exe

C:\Windows\System\rniYhhg.exe

C:\Windows\System\TJBSXrp.exe

C:\Windows\System\TJBSXrp.exe

C:\Windows\System\BOtntox.exe

C:\Windows\System\BOtntox.exe

C:\Windows\System\hhUhBLC.exe

C:\Windows\System\hhUhBLC.exe

C:\Windows\System\JmKVlGn.exe

C:\Windows\System\JmKVlGn.exe

C:\Windows\System\EDMQnLb.exe

C:\Windows\System\EDMQnLb.exe

C:\Windows\System\sYEmhRx.exe

C:\Windows\System\sYEmhRx.exe

C:\Windows\System\dcaMTXp.exe

C:\Windows\System\dcaMTXp.exe

C:\Windows\System\XOJOuOL.exe

C:\Windows\System\XOJOuOL.exe

C:\Windows\System\dRcERgQ.exe

C:\Windows\System\dRcERgQ.exe

C:\Windows\System\CUMBlqb.exe

C:\Windows\System\CUMBlqb.exe

C:\Windows\System\FDFTFli.exe

C:\Windows\System\FDFTFli.exe

C:\Windows\System\BfChxRE.exe

C:\Windows\System\BfChxRE.exe

C:\Windows\System\ysbeSiM.exe

C:\Windows\System\ysbeSiM.exe

C:\Windows\System\bNMyMrs.exe

C:\Windows\System\bNMyMrs.exe

C:\Windows\System\LURcKzb.exe

C:\Windows\System\LURcKzb.exe

C:\Windows\System\qhDZtvk.exe

C:\Windows\System\qhDZtvk.exe

C:\Windows\System\gvvtUYL.exe

C:\Windows\System\gvvtUYL.exe

C:\Windows\System\ghuVyiM.exe

C:\Windows\System\ghuVyiM.exe

C:\Windows\System\ZkVRGXI.exe

C:\Windows\System\ZkVRGXI.exe

C:\Windows\System\vHxOSOC.exe

C:\Windows\System\vHxOSOC.exe

C:\Windows\System\bbtaACR.exe

C:\Windows\System\bbtaACR.exe

C:\Windows\System\EsQXuCb.exe

C:\Windows\System\EsQXuCb.exe

C:\Windows\System\PeNYrnl.exe

C:\Windows\System\PeNYrnl.exe

C:\Windows\System\WyfAieF.exe

C:\Windows\System\WyfAieF.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:8

C:\Windows\System\yAVYVWv.exe

C:\Windows\System\yAVYVWv.exe

C:\Windows\System\RWnREyB.exe

C:\Windows\System\RWnREyB.exe

C:\Windows\System\UDYjehm.exe

C:\Windows\System\UDYjehm.exe

C:\Windows\System\QrvoXkV.exe

C:\Windows\System\QrvoXkV.exe

C:\Windows\System\dMFiHap.exe

C:\Windows\System\dMFiHap.exe

C:\Windows\System\IdvIBcP.exe

C:\Windows\System\IdvIBcP.exe

C:\Windows\System\sNxLRXD.exe

C:\Windows\System\sNxLRXD.exe

C:\Windows\System\rDtBceN.exe

C:\Windows\System\rDtBceN.exe

C:\Windows\System\MGPBXrQ.exe

C:\Windows\System\MGPBXrQ.exe

C:\Windows\System\GEJsIop.exe

C:\Windows\System\GEJsIop.exe

C:\Windows\System\mcJlnWz.exe

C:\Windows\System\mcJlnWz.exe

C:\Windows\System\eCBsoQt.exe

C:\Windows\System\eCBsoQt.exe

C:\Windows\System\YRJgNXU.exe

C:\Windows\System\YRJgNXU.exe

C:\Windows\System\qxxxcMo.exe

C:\Windows\System\qxxxcMo.exe

C:\Windows\System\YKmcUiq.exe

C:\Windows\System\YKmcUiq.exe

C:\Windows\System\AusXwmT.exe

C:\Windows\System\AusXwmT.exe

C:\Windows\System\dBqwCfH.exe

C:\Windows\System\dBqwCfH.exe

C:\Windows\System\PxaRsTq.exe

C:\Windows\System\PxaRsTq.exe

C:\Windows\System\KeWVkfO.exe

C:\Windows\System\KeWVkfO.exe

C:\Windows\System\MOQyZXd.exe

C:\Windows\System\MOQyZXd.exe

C:\Windows\System\bXkJwkK.exe

C:\Windows\System\bXkJwkK.exe

C:\Windows\System\FjfkcAX.exe

C:\Windows\System\FjfkcAX.exe

C:\Windows\System\OuINjfc.exe

C:\Windows\System\OuINjfc.exe

C:\Windows\System\JuhdQrJ.exe

C:\Windows\System\JuhdQrJ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2616-0-0x000001F2C7F40000-0x000001F2C7F50000-memory.dmp

C:\Windows\System\zSKIpnK.exe

MD5 9ffbf8276ca720a20c379feb9cc04c80
SHA1 7ae3e4098d7189766e8f07c766376d94216177fb
SHA256 b3f689f94f361ff91783b0681b0b268fb68dd10940c761bc32b9e1870e05f05e
SHA512 9750cebcf6fb615eb03043f2bd58bcfb0df7a97c42b25ec495cf9e873d368769e237b32a612fe4428d77ece3bfa2237df10db80064c3d590b798235f4c269f03

C:\Windows\System\jAMSXpD.exe

MD5 7554f628b9c6142194dc7768433eb2ed
SHA1 20e6b01ab7652d40e467d22c73ea298e9c242f5d
SHA256 0005b3e1fde9cce44e82da0eb8e70958c5e9442db9daf13ad9d15d9fb8772432
SHA512 b9944ced1098137b0f8c825dabbde24d7ff9f1f5a471060804555abd3d4c30bdc2803915f7b8a4f1738bb714acacf6149df354117aa933213a67ef8776c32b5e

C:\Windows\System\karhspJ.exe

MD5 00c55a9093809f062d276a02556d15fc
SHA1 d3bcbbc00da25eae6be9a23a6b16b4eb55e68759
SHA256 9b5b7943c4a1f1c8538dd35e6a65d8f740d6fb1a24fae0bbd904471245296855
SHA512 4827c92cadb06e29e9d290ff57314f912780b591a9d085871c5f1992e8264c6a239851e2d8438f668e1f473297d3731fb30e115e234329654e4dec94d2b0b605

C:\Windows\System\phDeYZn.exe

MD5 ad5e9abbc345f9cb1a2e7db98383cf1c
SHA1 516ab752d6c138ba6eb21c1bcfcc6882b87c2e79
SHA256 d4edaacf1059c7c8e257264c84c1fa69797837a744414709d7391da8e0fc0542
SHA512 e4ace612c14fd7fed64757befea238d418cfc29f90e45b264462877ffcc3144afd5df7e72740c306a557f83747b074bffb82209b08b1bdd329bafc5812dc4cff

C:\Windows\System\JviNbMg.exe

MD5 a25611ff652d2d9cb3578aff5edd34e2
SHA1 9bba9e03b1c6ccc30c96070918518c70bbd6ddfa
SHA256 fbd52899d6510ac290012328a33c69e3672a8be92db6ae7d4946f7a680f15341
SHA512 aef405b500910be582bfcabf8feab068f19062c34da00a536073da917fc8766f07f3e0d71e598b0a2169cc89aa4875d5dbd3373082a0ddb37a728617cb061bcd

C:\Windows\System\nduDFHY.exe

MD5 65178241a1994b5451c9a069c1a10a3c
SHA1 df1f68460fcf2b438429dfc201e0bdcf4e52eec6
SHA256 6c10f72ac9a78139bada5cb2f96242a545237c468f7cf3872fb1ca466804e637
SHA512 3cec426645ababf7f9ae2a59eeec94bec2315ed3f31fc0f6f594410083965c9695129bd39c541bc44008c30c5a1738a5ac6c013291087bb42f8133175fbc23c1

C:\Windows\System\KlkyZOA.exe

MD5 ced360cf4f8b162729b867367e3a794d
SHA1 4de4a5e3eeef19876100684d05b0567dc6b5f36e
SHA256 aaffbd34c01305e5fbc27170a0b30bd21f268e0b44f8c877e64bd0f076900e51
SHA512 1aff1fbfc2e77e73ad5c5721c4acef490d98f3fda4f3acbee518cf2195413b6d055a4630bfce5b56c9e08d6c33f4c692024898b6bc9afbbfba2eccb13ae13992

C:\Windows\System\UylNDSx.exe

MD5 2e66b7679f9df30b8b738ec3ae2f96e1
SHA1 dc37fb64968976fe59f9cd6a9abe4dd2c0276f27
SHA256 aa0a8b5aa52e2224acfc20016d55c279853183abd283b01f544a4b5e7edd1c65
SHA512 ca53dbde5e4a9715661142380c329c3ec7a7ed2eead8a86bb961b167abacba07ff1f8a7d3fcc901bdbb4b63acb958a8975640f1468b6e643950dab21203558eb

C:\Windows\System\nxdTonp.exe

MD5 560567076fad2f4dbaa4d1e977a63724
SHA1 2fe8973103cc37bcb909946e495542af76ffbf28
SHA256 ae4425c9e342521925bdf866c60fa408be31aa69634be1d88e413b805aae58bf
SHA512 335ec95a85e246b22364eab5651ecc86fbcc95180903cd04d1e624482be10c3350c31694eb1c970593f8cf6cdaa5ef89069514457efec69c1d993e031be292b8

C:\Windows\System\JYPieLi.exe

MD5 792775de15c7ed6de457ec3439190f16
SHA1 941682be20ffe67cd6689b19c97511918fefcc51
SHA256 62e57b08724693fbcb0883da171b8f7e22c3fe740c96ccb40b0732dd7c68b240
SHA512 fc8ac38047af5a2bb94c63aa8693accb293e03fb2a35476a73bf940c4c4c4ef20fb4846ee7147eefcd50cbf6f82b0cf85db907ad1d5190377c1befc2a0df4503

C:\Windows\System\rNWXLdA.exe

MD5 1666d651cbdc6251b6302a9ee3b53c6e
SHA1 e3f4e89f70587099907d86d4579465aef944e6e2
SHA256 5f30f108faa261f0e8a643271f4999619476dfd3a2f4d0904e033a24acad3681
SHA512 595e57b8694fd94948064795898e3ab11102252a85dd9e24116f34cf326c1ef185ee2f8e6508dc743e9f946edf3724114203a7a851bf4c82b5329cc8ca3dd4ce

C:\Windows\System\KVYfRBJ.exe

MD5 bc99191e93177534d81784a885239c4c
SHA1 262f1c4284c5e8183dd6f64d883901b3af61ca88
SHA256 4fbc01993fae85fcf9eb6e03be71a82469719bfd842f95db4314529a8efe10e6
SHA512 8409afe4242c4879f76e47c9d66d50f231b5d9080584e37f6c0d1e8401d0e4ec7248764fc16f37b07493d270b2346fc8fc31eac582b72af2dc8cd4e6d278bb18

C:\Windows\System\nrErUGy.exe

MD5 a71a3e95e5103694654680548ac90e0e
SHA1 a552be0274229fc66f7dc2912faefb0c5400b8a3
SHA256 989ba19e4de561a52d6195911c7af01c8834aaef9ad47347b5e7d16558f7a378
SHA512 e4f943a3a511c14b77cde35b9178f2fb5dea134526ff3aa62c5459bbbe1b527ad1f545ffdb8c7a5c9113baf87f128dc98b6cd0405cf96b38544c34f609ca5602

C:\Windows\System\ZsTsTRW.exe

MD5 575ca83adc7d4540ceae9169f0fae85b
SHA1 36594eae29ed19feec374c1a4d6194c8c0956acb
SHA256 8bc22396eb3587d6344bdb0425cbb089af5291f4e7c2d8dd116118938ec9151d
SHA512 2bf47a958c71659942853a16a6e75374cf3415af90ecc584ecc4a0fbc32548c5f7fa6529aa066ffe89f8d54a845d70059b53678c6d28a8c539cba81269403ce8

C:\Windows\System\OzbiDZp.exe

MD5 d64d2bed3a03138b6ec076f121df4dff
SHA1 c42df023ae8e16f67a9b16df86f0d746528b9822
SHA256 33e791a0eb81a91996606a5a51afab7e1d116cb488ef99c0ab5290e463763130
SHA512 d4123f35323d3bb0d3babc14581e1a96e99983e3bf37dfe109b6850d6d62cac165a754139c9fbd2f2a9d04c1a92cd876857c780029be9f7f01d44b709b4e3d6b

C:\Windows\System\JqHvDaq.exe

MD5 74817d665b436d620907b0c747a6dab7
SHA1 0a73480e4be34e3ca1deed356cd0b9a09f27b241
SHA256 4f9a1fdbbbd37167fe7e38836e3be279eae0bd9b2772804781fcc0f79e422cc1
SHA512 7b6684c58870fe18082156327c52cfab1c57915536c4c3b333c6688cf2ead94e667ee90524ded6a330f59976fa4ddbdf8f7e877ae912ed1e49089e67fd91bf7b

C:\Windows\System\TvUbRYk.exe

MD5 1590ab98946713d3698dd25dc4dd579c
SHA1 365b6bff66fbcdf2025107f510ba1d19e668731c
SHA256 0946b83af556ea7af55107f60863145ff1759bf5c6fa73f7dfe1e1a1d58ca701
SHA512 2eaebae4199d8f92c763ab79f4d4a1363e06595e6cb204f07b9e7ee75db1eb2c944e33b00237f057888def5a2a1ddbc7bc3f8dc7c024e0e23acd543ca1222d6f

C:\Windows\System\XykhEgo.exe

MD5 97402516c22382dd51177f0e8b7b01f0
SHA1 93b10da0cda80d8697cf999053d09b24f4e69af9
SHA256 b4e96e814da5b5bcff33a2c75f21c4bff86ce6dcdb230020ad66b429b35105f1
SHA512 4693a7b54d619fa9f0e23eb211e48adc67d4a3fbfe5796a782cfd52d7a22f37bd6e908b47a87361743c1812db17bada0ee03b1a021ccfcc49a08b1c9bccb924d

C:\Windows\System\mfdOkIw.exe

MD5 cd816a3ae4dc939686495f2ea5272cdb
SHA1 4f6f8ea35318851a7fb7dc1eccbf6ad89f0ac6d4
SHA256 335b51fbd957383be09d1b915315acc8927c1b44d5cdac5752082adb05a00114
SHA512 3c908a520f503be098c363ee755c5d27e46c4f0436fd9ae2d77a5762be1e0f5f9338828d7215c3ff377413e01beb28f1f6af049b7d4cdcc9fd4d763f1f06095e

C:\Windows\System\HDDFBJg.exe

MD5 2d1d45c37dd0900b71e0814f17c81066
SHA1 c199840c3c2a5e14fcd87dae7430ab6dcc634f71
SHA256 3e38011334eb609c83a1583a729013e9538ad01bfe9bf99fba35f5b575b4455b
SHA512 7a801cb8c03d74237154674ad39991e486e3583b8d8c196543be616c56aaab8517012bb89f47b526286812f5b327fbbb120302c532460bb8e65a854534829cbd

C:\Windows\System\FEsyJig.exe

MD5 65687af9457770330ea4c46f2be1d1c8
SHA1 ecb608f911748338f759026c8b741f0075130488
SHA256 b239be92e854f418b9d4352cd558da878b5766db9e7221c14f6527d1b2fc3d6a
SHA512 8a9cf7ce51bbd4a9a058f5b224ceddd708b8f50a571f3bbdb8b80237217261c7ea8b9e60dc145130c69df7690ac2f8c3cc18f6e6fb40388a328c22e29c7f0883

C:\Windows\System\daKOBHR.exe

MD5 d18366294e3fa1c71904988b3d104009
SHA1 ac41bc20b17549e6364e65c25df50006437d3ab9
SHA256 d25d970216b2cde6fec3cdca75a3d89e269456f93120833e81666517006824fa
SHA512 56edba3ea6e721c3d209b29fa14454d97430770193ced602cfba9dfe3ddf20735aece79f1d996adb5b84cde1f4e400520dc256f6d7424636b4546b92e62094e3

C:\Windows\System\LAoEVVf.exe

MD5 af5f6adf23b36ce17300052c88d22cb0
SHA1 64103fb7213a1838d7accfb0646cbdb6148501f8
SHA256 313402458bac48293da60ea9a62711a0ad2738fce5a2d7790402e2e890ec31c3
SHA512 6643f6987f26c109dc88ffb015447d5846bf429b71b25537d190ea9bad648af5901b294476cc18bd90c9eb8ee4a91753ca1f6d656c84bbf1a490ab9f7d188978

C:\Windows\System\CgzWwZS.exe

MD5 1da14e13fbb9e8d3d6b30f780112ca3d
SHA1 3cdea2d30bba9a111be50574eaa9e438b0164be0
SHA256 e7e0b0b6ce384c93b9c49f2ebfd9ee77fdbdbe1b831ca1228fea093a0f52f9fd
SHA512 ebe84ea1f822475a2fd39935aae81bcf7adeb4899db363d98b7a1aa020efbadf9e885632530437ab2fcae2965f8e3e57378fd0dcc8575b8b299ecab8b2077ad4

C:\Windows\System\aWLOejk.exe

MD5 096f5d5e97d00016da3fe70e9dbd436f
SHA1 64b713f3d689cdf45160846eff5a3412ccd1ae79
SHA256 91925d0e2cb93e9a883a6d0f67a9c6f163db5ed4851c0e285c2295b8999393f0
SHA512 41e8979d284076f3e1afdba008f186d13fd2ac7f9582fba54526a651733f4929d704eb23fb1d554ec0e4abfa2db474291bee2a7e4559878165d8b8b42a2adbf8

C:\Windows\System\oxjeBXu.exe

MD5 162d14dd020d85fd4c1866f462a8cde2
SHA1 892e17ec3eddf3324da3d6facdfa81ca18ea6876
SHA256 5af53049d34bc2284a08760e7a56b2028a2f17599c92ca5463def3e7a37e5b92
SHA512 0730e639f4c95d6c3011e004b75a37c6f05df5e5fb84387e0a7bd668931317ce90bf0be0ecfafdc27cfd01f4ced0d3cdf6348d93d1bc493d40d59a19ec9e69b4

C:\Windows\System\GmHeUVV.exe

MD5 278a23735cfead7a63d57f9648b31c31
SHA1 85d98af938f24e66f3daa3b3358b7d8b496bbd4a
SHA256 c7f9fec94cecee3cc1bb13c71eccb8d8977c781bf8575e50d7a6037327fc40d5
SHA512 496be61be5ee58c228602ee961f26ae0a13f357c86b75e4ebe58c0e3cc1f93d1f80ee68bbc2a0dbcf51804a8c57083201eb235dd75ce4ffb15dff9fa9ca34d91

C:\Windows\System\xExfEMs.exe

MD5 430a94002c3f916517639be1c81b249d
SHA1 99f3462a974ac94677f6c47870e2519cd0234a13
SHA256 9d56abd2811835508a9d98a704e12fe4e62cea0a9b75cea2f914583bfafe63d6
SHA512 36ff6f602a945f3ae9459666a71caf1d29c8311416533536f44f30a01e9a1f5a149719a51d00d84bf6a9d09d848f5bbbe910a5aa98e30c3aaeeb7c7035b8d15b

C:\Windows\System\eslIzlg.exe

MD5 1b8e1cbc4545c7857f996e30ea75ce08
SHA1 6c2a01162556b84efc1ac914e6df158bba649062
SHA256 f273b58b6946d412300a659fe14da37a0facb7db7fb35d7d62adff23e445b6b8
SHA512 c428387a1153301894fd37011684f02b8de5583a233f0f0e11ba3a0e62805d712d3701afe243433acbc28afa9be7eaff9b5d1f083a818b100e347f6491ef0e43

C:\Windows\System\CrfkMxs.exe

MD5 ad37b05b29fb51e3642eb52e06f53a5b
SHA1 4f5ff8aa7b34fbd7427661bae44391718965a396
SHA256 c40598e19247d523d673b2fdd7500faeffb8e6d45adbc76c2272c5aa3d3cd022
SHA512 813e05b2b96b4e5834ab8c3efd62113af5e59035d975a23167781a1a785e749276401b2992a4a76312fa2bee7b7400ee5267486fb920a2acb8bd9ea498c855d0

C:\Windows\System\AvHNfFH.exe

MD5 e95376ba4fc094e830d27e1d33683247
SHA1 cee7dc1e5077fba4fe5e21f43234116dc0ccd71e
SHA256 0251d65f6f7945ef922c77697ae3b3f41edb8e487fae2f0b4a74a05e7e9ad146
SHA512 175ed318574735e50d3a7ff92fa44809315dcf786083c5eca62dcb9dfeb9e1dd9d9547f84ed1db9c12b6763a41f2612a204d9418709b06a390a9e63885132704

C:\Windows\System\YmkQDLN.exe

MD5 d2ee5b5234a17ccca7843eaed99b34e4
SHA1 2d015ee3450a0d710835cc5f1c20c8ccbfeed6f5
SHA256 3e764df2a9154206af7c358f950e5c0696cf921cdb49348e709fa4defa94e681
SHA512 9c98183e4ac091d3a1cff77157fa00059897f8202eb5e5e9cc762bc6d64d8737cdac653f65440b13388c63567f609a6768bc29987e2d66cdbd2dc26aa8610343