Malware Analysis Report

2024-10-10 09:49

Sample ID 240617-nxvrdstbqr
Target 8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe
SHA256 2817f3cd80d3afe6e354fc222c3aeb86d131ee9a0415974266dfee32d6dbc6dc
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2817f3cd80d3afe6e354fc222c3aeb86d131ee9a0415974266dfee32d6dbc6dc

Threat Level: Known bad

The file 8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Xmrig family

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 11:47

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 11:47

Reported

2024-06-17 11:49

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\NIHGDst.exe N/A
N/A N/A C:\Windows\System\OqBVEZK.exe N/A
N/A N/A C:\Windows\System\nVkNjTM.exe N/A
N/A N/A C:\Windows\System\NRTvwLm.exe N/A
N/A N/A C:\Windows\System\VyTVcpK.exe N/A
N/A N/A C:\Windows\System\GBllPDH.exe N/A
N/A N/A C:\Windows\System\AcBimbo.exe N/A
N/A N/A C:\Windows\System\dKTvAiE.exe N/A
N/A N/A C:\Windows\System\SsYvWDO.exe N/A
N/A N/A C:\Windows\System\dAfxuMT.exe N/A
N/A N/A C:\Windows\System\tGdTvJe.exe N/A
N/A N/A C:\Windows\System\FEIPciz.exe N/A
N/A N/A C:\Windows\System\kNTOlbg.exe N/A
N/A N/A C:\Windows\System\GumtVjX.exe N/A
N/A N/A C:\Windows\System\RvhoyLQ.exe N/A
N/A N/A C:\Windows\System\hOCQPHf.exe N/A
N/A N/A C:\Windows\System\mTaGGkt.exe N/A
N/A N/A C:\Windows\System\ncayZpT.exe N/A
N/A N/A C:\Windows\System\ViOQbZk.exe N/A
N/A N/A C:\Windows\System\JibbVZB.exe N/A
N/A N/A C:\Windows\System\aklKFXz.exe N/A
N/A N/A C:\Windows\System\hfigOnK.exe N/A
N/A N/A C:\Windows\System\laADiHp.exe N/A
N/A N/A C:\Windows\System\AMgnDXo.exe N/A
N/A N/A C:\Windows\System\TMCRwtk.exe N/A
N/A N/A C:\Windows\System\ybSWiDH.exe N/A
N/A N/A C:\Windows\System\NyhJGiZ.exe N/A
N/A N/A C:\Windows\System\iqkpOfY.exe N/A
N/A N/A C:\Windows\System\JnszYcj.exe N/A
N/A N/A C:\Windows\System\dZpSsQy.exe N/A
N/A N/A C:\Windows\System\UtSjPkY.exe N/A
N/A N/A C:\Windows\System\xINThOz.exe N/A
N/A N/A C:\Windows\System\IeJtCsJ.exe N/A
N/A N/A C:\Windows\System\ZxTlwqD.exe N/A
N/A N/A C:\Windows\System\ItLwVut.exe N/A
N/A N/A C:\Windows\System\LKCkJdM.exe N/A
N/A N/A C:\Windows\System\KhjebsK.exe N/A
N/A N/A C:\Windows\System\FtOXths.exe N/A
N/A N/A C:\Windows\System\ImRCDir.exe N/A
N/A N/A C:\Windows\System\IggCLdG.exe N/A
N/A N/A C:\Windows\System\JyZsSkn.exe N/A
N/A N/A C:\Windows\System\iHDcWJu.exe N/A
N/A N/A C:\Windows\System\tlKLqXY.exe N/A
N/A N/A C:\Windows\System\MoaHkjS.exe N/A
N/A N/A C:\Windows\System\picOzje.exe N/A
N/A N/A C:\Windows\System\OKwluNe.exe N/A
N/A N/A C:\Windows\System\qnCoPFK.exe N/A
N/A N/A C:\Windows\System\YcCFWBH.exe N/A
N/A N/A C:\Windows\System\bArWiop.exe N/A
N/A N/A C:\Windows\System\YCUOAfJ.exe N/A
N/A N/A C:\Windows\System\BTSkOjq.exe N/A
N/A N/A C:\Windows\System\TDruMTg.exe N/A
N/A N/A C:\Windows\System\eTSjCvZ.exe N/A
N/A N/A C:\Windows\System\CaTuRMu.exe N/A
N/A N/A C:\Windows\System\qmxEnHf.exe N/A
N/A N/A C:\Windows\System\QKVGCXR.exe N/A
N/A N/A C:\Windows\System\Jknuytq.exe N/A
N/A N/A C:\Windows\System\MdCICgb.exe N/A
N/A N/A C:\Windows\System\HkLLdPY.exe N/A
N/A N/A C:\Windows\System\pjXkcjP.exe N/A
N/A N/A C:\Windows\System\rxKfCpl.exe N/A
N/A N/A C:\Windows\System\nwdXUWI.exe N/A
N/A N/A C:\Windows\System\EPDARme.exe N/A
N/A N/A C:\Windows\System\HpmURFk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\LCGsrAm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cciRceQ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnOBOsy.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNsUCJm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZFDdhQ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsYvWDO.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TMCRwtk.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVUVyHK.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIcNeWF.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDHuJme.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEyaRKI.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHvKcxb.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JiCOPTa.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJqZJiI.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhoRNbI.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlXBQci.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpucyRm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKwluNe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\okyGnQM.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YixppTB.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaOHflD.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\REQSuRU.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKVGCXR.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFZYhaT.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\anAMllz.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsGBDYS.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KpjYwtF.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlcqdTx.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGHWNCG.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkVawXA.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ydEDQsi.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zBsHLlK.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IggCLdG.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HkLLdPY.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGbhkKp.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TiJEYho.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIQtyBQ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iavxaRa.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JnszYcj.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtSjPkY.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJGvTLE.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MusPDYu.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygAhvGY.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mTaGGkt.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgqvNzN.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwxltKb.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DmuMYIP.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PfycvmD.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTSkOjq.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmBKUfJ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ncayZpT.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qnCoPFK.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nGSuJHe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlTogoy.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HPGtZMo.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZdxtGow.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdowDEw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVkNjTM.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NRTvwLm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NyhJGiZ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iHDcWJu.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDcSgIo.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\laADiHp.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JyZsSkn.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5020 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NIHGDst.exe
PID 5020 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NIHGDst.exe
PID 5020 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\OqBVEZK.exe
PID 5020 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\OqBVEZK.exe
PID 5020 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\nVkNjTM.exe
PID 5020 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\nVkNjTM.exe
PID 5020 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NRTvwLm.exe
PID 5020 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NRTvwLm.exe
PID 5020 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\VyTVcpK.exe
PID 5020 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\VyTVcpK.exe
PID 5020 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GBllPDH.exe
PID 5020 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GBllPDH.exe
PID 5020 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\AcBimbo.exe
PID 5020 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\AcBimbo.exe
PID 5020 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dKTvAiE.exe
PID 5020 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dKTvAiE.exe
PID 5020 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\SsYvWDO.exe
PID 5020 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\SsYvWDO.exe
PID 5020 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dAfxuMT.exe
PID 5020 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dAfxuMT.exe
PID 5020 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\tGdTvJe.exe
PID 5020 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\tGdTvJe.exe
PID 5020 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\FEIPciz.exe
PID 5020 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\FEIPciz.exe
PID 5020 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\kNTOlbg.exe
PID 5020 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\kNTOlbg.exe
PID 5020 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GumtVjX.exe
PID 5020 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GumtVjX.exe
PID 5020 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\RvhoyLQ.exe
PID 5020 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\RvhoyLQ.exe
PID 5020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\hOCQPHf.exe
PID 5020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\hOCQPHf.exe
PID 5020 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\mTaGGkt.exe
PID 5020 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\mTaGGkt.exe
PID 5020 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ncayZpT.exe
PID 5020 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ncayZpT.exe
PID 5020 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ViOQbZk.exe
PID 5020 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ViOQbZk.exe
PID 5020 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\JibbVZB.exe
PID 5020 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\JibbVZB.exe
PID 5020 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\aklKFXz.exe
PID 5020 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\aklKFXz.exe
PID 5020 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\hfigOnK.exe
PID 5020 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\hfigOnK.exe
PID 5020 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\laADiHp.exe
PID 5020 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\laADiHp.exe
PID 5020 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\AMgnDXo.exe
PID 5020 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\AMgnDXo.exe
PID 5020 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\TMCRwtk.exe
PID 5020 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\TMCRwtk.exe
PID 5020 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ybSWiDH.exe
PID 5020 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ybSWiDH.exe
PID 5020 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NyhJGiZ.exe
PID 5020 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NyhJGiZ.exe
PID 5020 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\iqkpOfY.exe
PID 5020 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\iqkpOfY.exe
PID 5020 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\JnszYcj.exe
PID 5020 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\JnszYcj.exe
PID 5020 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dZpSsQy.exe
PID 5020 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\dZpSsQy.exe
PID 5020 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\UtSjPkY.exe
PID 5020 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\UtSjPkY.exe
PID 5020 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\xINThOz.exe
PID 5020 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\xINThOz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe"

C:\Windows\System\NIHGDst.exe

C:\Windows\System\NIHGDst.exe

C:\Windows\System\OqBVEZK.exe

C:\Windows\System\OqBVEZK.exe

C:\Windows\System\nVkNjTM.exe

C:\Windows\System\nVkNjTM.exe

C:\Windows\System\NRTvwLm.exe

C:\Windows\System\NRTvwLm.exe

C:\Windows\System\VyTVcpK.exe

C:\Windows\System\VyTVcpK.exe

C:\Windows\System\GBllPDH.exe

C:\Windows\System\GBllPDH.exe

C:\Windows\System\AcBimbo.exe

C:\Windows\System\AcBimbo.exe

C:\Windows\System\dKTvAiE.exe

C:\Windows\System\dKTvAiE.exe

C:\Windows\System\SsYvWDO.exe

C:\Windows\System\SsYvWDO.exe

C:\Windows\System\dAfxuMT.exe

C:\Windows\System\dAfxuMT.exe

C:\Windows\System\tGdTvJe.exe

C:\Windows\System\tGdTvJe.exe

C:\Windows\System\FEIPciz.exe

C:\Windows\System\FEIPciz.exe

C:\Windows\System\kNTOlbg.exe

C:\Windows\System\kNTOlbg.exe

C:\Windows\System\GumtVjX.exe

C:\Windows\System\GumtVjX.exe

C:\Windows\System\RvhoyLQ.exe

C:\Windows\System\RvhoyLQ.exe

C:\Windows\System\hOCQPHf.exe

C:\Windows\System\hOCQPHf.exe

C:\Windows\System\mTaGGkt.exe

C:\Windows\System\mTaGGkt.exe

C:\Windows\System\ncayZpT.exe

C:\Windows\System\ncayZpT.exe

C:\Windows\System\ViOQbZk.exe

C:\Windows\System\ViOQbZk.exe

C:\Windows\System\JibbVZB.exe

C:\Windows\System\JibbVZB.exe

C:\Windows\System\aklKFXz.exe

C:\Windows\System\aklKFXz.exe

C:\Windows\System\hfigOnK.exe

C:\Windows\System\hfigOnK.exe

C:\Windows\System\laADiHp.exe

C:\Windows\System\laADiHp.exe

C:\Windows\System\AMgnDXo.exe

C:\Windows\System\AMgnDXo.exe

C:\Windows\System\TMCRwtk.exe

C:\Windows\System\TMCRwtk.exe

C:\Windows\System\ybSWiDH.exe

C:\Windows\System\ybSWiDH.exe

C:\Windows\System\NyhJGiZ.exe

C:\Windows\System\NyhJGiZ.exe

C:\Windows\System\iqkpOfY.exe

C:\Windows\System\iqkpOfY.exe

C:\Windows\System\JnszYcj.exe

C:\Windows\System\JnszYcj.exe

C:\Windows\System\dZpSsQy.exe

C:\Windows\System\dZpSsQy.exe

C:\Windows\System\UtSjPkY.exe

C:\Windows\System\UtSjPkY.exe

C:\Windows\System\xINThOz.exe

C:\Windows\System\xINThOz.exe

C:\Windows\System\IeJtCsJ.exe

C:\Windows\System\IeJtCsJ.exe

C:\Windows\System\ZxTlwqD.exe

C:\Windows\System\ZxTlwqD.exe

C:\Windows\System\ItLwVut.exe

C:\Windows\System\ItLwVut.exe

C:\Windows\System\LKCkJdM.exe

C:\Windows\System\LKCkJdM.exe

C:\Windows\System\KhjebsK.exe

C:\Windows\System\KhjebsK.exe

C:\Windows\System\FtOXths.exe

C:\Windows\System\FtOXths.exe

C:\Windows\System\ImRCDir.exe

C:\Windows\System\ImRCDir.exe

C:\Windows\System\IggCLdG.exe

C:\Windows\System\IggCLdG.exe

C:\Windows\System\JyZsSkn.exe

C:\Windows\System\JyZsSkn.exe

C:\Windows\System\iHDcWJu.exe

C:\Windows\System\iHDcWJu.exe

C:\Windows\System\tlKLqXY.exe

C:\Windows\System\tlKLqXY.exe

C:\Windows\System\MoaHkjS.exe

C:\Windows\System\MoaHkjS.exe

C:\Windows\System\picOzje.exe

C:\Windows\System\picOzje.exe

C:\Windows\System\OKwluNe.exe

C:\Windows\System\OKwluNe.exe

C:\Windows\System\qnCoPFK.exe

C:\Windows\System\qnCoPFK.exe

C:\Windows\System\YcCFWBH.exe

C:\Windows\System\YcCFWBH.exe

C:\Windows\System\bArWiop.exe

C:\Windows\System\bArWiop.exe

C:\Windows\System\YCUOAfJ.exe

C:\Windows\System\YCUOAfJ.exe

C:\Windows\System\BTSkOjq.exe

C:\Windows\System\BTSkOjq.exe

C:\Windows\System\TDruMTg.exe

C:\Windows\System\TDruMTg.exe

C:\Windows\System\eTSjCvZ.exe

C:\Windows\System\eTSjCvZ.exe

C:\Windows\System\CaTuRMu.exe

C:\Windows\System\CaTuRMu.exe

C:\Windows\System\qmxEnHf.exe

C:\Windows\System\qmxEnHf.exe

C:\Windows\System\QKVGCXR.exe

C:\Windows\System\QKVGCXR.exe

C:\Windows\System\Jknuytq.exe

C:\Windows\System\Jknuytq.exe

C:\Windows\System\MdCICgb.exe

C:\Windows\System\MdCICgb.exe

C:\Windows\System\HkLLdPY.exe

C:\Windows\System\HkLLdPY.exe

C:\Windows\System\pjXkcjP.exe

C:\Windows\System\pjXkcjP.exe

C:\Windows\System\rxKfCpl.exe

C:\Windows\System\rxKfCpl.exe

C:\Windows\System\nwdXUWI.exe

C:\Windows\System\nwdXUWI.exe

C:\Windows\System\EPDARme.exe

C:\Windows\System\EPDARme.exe

C:\Windows\System\HpmURFk.exe

C:\Windows\System\HpmURFk.exe

C:\Windows\System\aDHuJme.exe

C:\Windows\System\aDHuJme.exe

C:\Windows\System\EAimTqj.exe

C:\Windows\System\EAimTqj.exe

C:\Windows\System\RewUrBv.exe

C:\Windows\System\RewUrBv.exe

C:\Windows\System\LCGsrAm.exe

C:\Windows\System\LCGsrAm.exe

C:\Windows\System\OQGIqSb.exe

C:\Windows\System\OQGIqSb.exe

C:\Windows\System\mEwHHza.exe

C:\Windows\System\mEwHHza.exe

C:\Windows\System\qFMrgEx.exe

C:\Windows\System\qFMrgEx.exe

C:\Windows\System\kFZYhaT.exe

C:\Windows\System\kFZYhaT.exe

C:\Windows\System\wdXdbfK.exe

C:\Windows\System\wdXdbfK.exe

C:\Windows\System\aoMWbGD.exe

C:\Windows\System\aoMWbGD.exe

C:\Windows\System\UZTiZvq.exe

C:\Windows\System\UZTiZvq.exe

C:\Windows\System\WSglbUh.exe

C:\Windows\System\WSglbUh.exe

C:\Windows\System\ZVywlKK.exe

C:\Windows\System\ZVywlKK.exe

C:\Windows\System\mRsQbxo.exe

C:\Windows\System\mRsQbxo.exe

C:\Windows\System\hTRJBxT.exe

C:\Windows\System\hTRJBxT.exe

C:\Windows\System\vFIgmgZ.exe

C:\Windows\System\vFIgmgZ.exe

C:\Windows\System\aCHqIcb.exe

C:\Windows\System\aCHqIcb.exe

C:\Windows\System\eTkdtze.exe

C:\Windows\System\eTkdtze.exe

C:\Windows\System\yXqTOKj.exe

C:\Windows\System\yXqTOKj.exe

C:\Windows\System\eUSuWdJ.exe

C:\Windows\System\eUSuWdJ.exe

C:\Windows\System\vElmYLB.exe

C:\Windows\System\vElmYLB.exe

C:\Windows\System\FVKBLUS.exe

C:\Windows\System\FVKBLUS.exe

C:\Windows\System\Xeoxtsy.exe

C:\Windows\System\Xeoxtsy.exe

C:\Windows\System\nlcqdTx.exe

C:\Windows\System\nlcqdTx.exe

C:\Windows\System\SVkQjwH.exe

C:\Windows\System\SVkQjwH.exe

C:\Windows\System\sWyrRmr.exe

C:\Windows\System\sWyrRmr.exe

C:\Windows\System\OQmLmhJ.exe

C:\Windows\System\OQmLmhJ.exe

C:\Windows\System\ccbErMY.exe

C:\Windows\System\ccbErMY.exe

C:\Windows\System\yFqzCsD.exe

C:\Windows\System\yFqzCsD.exe

C:\Windows\System\Dsdlkkq.exe

C:\Windows\System\Dsdlkkq.exe

C:\Windows\System\YYYcfpN.exe

C:\Windows\System\YYYcfpN.exe

C:\Windows\System\zrjYgnK.exe

C:\Windows\System\zrjYgnK.exe

C:\Windows\System\TjKWzME.exe

C:\Windows\System\TjKWzME.exe

C:\Windows\System\rUiIPDb.exe

C:\Windows\System\rUiIPDb.exe

C:\Windows\System\GgOFlgW.exe

C:\Windows\System\GgOFlgW.exe

C:\Windows\System\vAfHDvu.exe

C:\Windows\System\vAfHDvu.exe

C:\Windows\System\cciRceQ.exe

C:\Windows\System\cciRceQ.exe

C:\Windows\System\DEyaRKI.exe

C:\Windows\System\DEyaRKI.exe

C:\Windows\System\OJGvTLE.exe

C:\Windows\System\OJGvTLE.exe

C:\Windows\System\qUomtUL.exe

C:\Windows\System\qUomtUL.exe

C:\Windows\System\CHvKcxb.exe

C:\Windows\System\CHvKcxb.exe

C:\Windows\System\QDvGljr.exe

C:\Windows\System\QDvGljr.exe

C:\Windows\System\SwYmTmd.exe

C:\Windows\System\SwYmTmd.exe

C:\Windows\System\RJqZJiI.exe

C:\Windows\System\RJqZJiI.exe

C:\Windows\System\gsVnUdm.exe

C:\Windows\System\gsVnUdm.exe

C:\Windows\System\iERzNuj.exe

C:\Windows\System\iERzNuj.exe

C:\Windows\System\dTivxFL.exe

C:\Windows\System\dTivxFL.exe

C:\Windows\System\mfLauzm.exe

C:\Windows\System\mfLauzm.exe

C:\Windows\System\iECXwKF.exe

C:\Windows\System\iECXwKF.exe

C:\Windows\System\anAMllz.exe

C:\Windows\System\anAMllz.exe

C:\Windows\System\yVRtkXj.exe

C:\Windows\System\yVRtkXj.exe

C:\Windows\System\BGHWNCG.exe

C:\Windows\System\BGHWNCG.exe

C:\Windows\System\gGmLjIA.exe

C:\Windows\System\gGmLjIA.exe

C:\Windows\System\NEUNtkx.exe

C:\Windows\System\NEUNtkx.exe

C:\Windows\System\lexCkXr.exe

C:\Windows\System\lexCkXr.exe

C:\Windows\System\vtvopSp.exe

C:\Windows\System\vtvopSp.exe

C:\Windows\System\YIMEeAB.exe

C:\Windows\System\YIMEeAB.exe

C:\Windows\System\okyGnQM.exe

C:\Windows\System\okyGnQM.exe

C:\Windows\System\dyfGMYc.exe

C:\Windows\System\dyfGMYc.exe

C:\Windows\System\TUNvGUg.exe

C:\Windows\System\TUNvGUg.exe

C:\Windows\System\rQFGEII.exe

C:\Windows\System\rQFGEII.exe

C:\Windows\System\tWEeViU.exe

C:\Windows\System\tWEeViU.exe

C:\Windows\System\HblHkUV.exe

C:\Windows\System\HblHkUV.exe

C:\Windows\System\FhoRNbI.exe

C:\Windows\System\FhoRNbI.exe

C:\Windows\System\rNVtKIC.exe

C:\Windows\System\rNVtKIC.exe

C:\Windows\System\JVesnex.exe

C:\Windows\System\JVesnex.exe

C:\Windows\System\mzpLnuX.exe

C:\Windows\System\mzpLnuX.exe

C:\Windows\System\uxnYocr.exe

C:\Windows\System\uxnYocr.exe

C:\Windows\System\JPRnmRa.exe

C:\Windows\System\JPRnmRa.exe

C:\Windows\System\YAZwKPw.exe

C:\Windows\System\YAZwKPw.exe

C:\Windows\System\MfgsVum.exe

C:\Windows\System\MfgsVum.exe

C:\Windows\System\dbbrLXf.exe

C:\Windows\System\dbbrLXf.exe

C:\Windows\System\dAQyHgW.exe

C:\Windows\System\dAQyHgW.exe

C:\Windows\System\WZMVwVy.exe

C:\Windows\System\WZMVwVy.exe

C:\Windows\System\SkVawXA.exe

C:\Windows\System\SkVawXA.exe

C:\Windows\System\nGSuJHe.exe

C:\Windows\System\nGSuJHe.exe

C:\Windows\System\vltHGPJ.exe

C:\Windows\System\vltHGPJ.exe

C:\Windows\System\HGbhkKp.exe

C:\Windows\System\HGbhkKp.exe

C:\Windows\System\Wgaxbsi.exe

C:\Windows\System\Wgaxbsi.exe

C:\Windows\System\bDMZYHh.exe

C:\Windows\System\bDMZYHh.exe

C:\Windows\System\TnOBOsy.exe

C:\Windows\System\TnOBOsy.exe

C:\Windows\System\nfXJKLH.exe

C:\Windows\System\nfXJKLH.exe

C:\Windows\System\CTOPhZD.exe

C:\Windows\System\CTOPhZD.exe

C:\Windows\System\fouYJdK.exe

C:\Windows\System\fouYJdK.exe

C:\Windows\System\yfNrgql.exe

C:\Windows\System\yfNrgql.exe

C:\Windows\System\rRxSSqi.exe

C:\Windows\System\rRxSSqi.exe

C:\Windows\System\XdXSkRe.exe

C:\Windows\System\XdXSkRe.exe

C:\Windows\System\eujvgRD.exe

C:\Windows\System\eujvgRD.exe

C:\Windows\System\NlXBQci.exe

C:\Windows\System\NlXBQci.exe

C:\Windows\System\WCBBogR.exe

C:\Windows\System\WCBBogR.exe

C:\Windows\System\JiCOPTa.exe

C:\Windows\System\JiCOPTa.exe

C:\Windows\System\mokyeCh.exe

C:\Windows\System\mokyeCh.exe

C:\Windows\System\qrDoklF.exe

C:\Windows\System\qrDoklF.exe

C:\Windows\System\NpucyRm.exe

C:\Windows\System\NpucyRm.exe

C:\Windows\System\tZaASNC.exe

C:\Windows\System\tZaASNC.exe

C:\Windows\System\bjdLGez.exe

C:\Windows\System\bjdLGez.exe

C:\Windows\System\ydEDQsi.exe

C:\Windows\System\ydEDQsi.exe

C:\Windows\System\ncolMVo.exe

C:\Windows\System\ncolMVo.exe

C:\Windows\System\zHcTFUO.exe

C:\Windows\System\zHcTFUO.exe

C:\Windows\System\QMBQUyk.exe

C:\Windows\System\QMBQUyk.exe

C:\Windows\System\FmIaSiA.exe

C:\Windows\System\FmIaSiA.exe

C:\Windows\System\jaolqUQ.exe

C:\Windows\System\jaolqUQ.exe

C:\Windows\System\sGdztdN.exe

C:\Windows\System\sGdztdN.exe

C:\Windows\System\zBsHLlK.exe

C:\Windows\System\zBsHLlK.exe

C:\Windows\System\oJbGOJT.exe

C:\Windows\System\oJbGOJT.exe

C:\Windows\System\BQzGZYz.exe

C:\Windows\System\BQzGZYz.exe

C:\Windows\System\xXBucjr.exe

C:\Windows\System\xXBucjr.exe

C:\Windows\System\fAHawQp.exe

C:\Windows\System\fAHawQp.exe

C:\Windows\System\uGSshtc.exe

C:\Windows\System\uGSshtc.exe

C:\Windows\System\EzfoPYM.exe

C:\Windows\System\EzfoPYM.exe

C:\Windows\System\EuBxjSs.exe

C:\Windows\System\EuBxjSs.exe

C:\Windows\System\MusPDYu.exe

C:\Windows\System\MusPDYu.exe

C:\Windows\System\CSScdlh.exe

C:\Windows\System\CSScdlh.exe

C:\Windows\System\CRkqeMD.exe

C:\Windows\System\CRkqeMD.exe

C:\Windows\System\FgrcQpH.exe

C:\Windows\System\FgrcQpH.exe

C:\Windows\System\lDcSgIo.exe

C:\Windows\System\lDcSgIo.exe

C:\Windows\System\YixppTB.exe

C:\Windows\System\YixppTB.exe

C:\Windows\System\RlTogoy.exe

C:\Windows\System\RlTogoy.exe

C:\Windows\System\wsePcwn.exe

C:\Windows\System\wsePcwn.exe

C:\Windows\System\sDcEgIe.exe

C:\Windows\System\sDcEgIe.exe

C:\Windows\System\HPGtZMo.exe

C:\Windows\System\HPGtZMo.exe

C:\Windows\System\KgRYsGi.exe

C:\Windows\System\KgRYsGi.exe

C:\Windows\System\eEXxzze.exe

C:\Windows\System\eEXxzze.exe

C:\Windows\System\ygAhvGY.exe

C:\Windows\System\ygAhvGY.exe

C:\Windows\System\KksCmUx.exe

C:\Windows\System\KksCmUx.exe

C:\Windows\System\HKoIhfb.exe

C:\Windows\System\HKoIhfb.exe

C:\Windows\System\uBUEqzU.exe

C:\Windows\System\uBUEqzU.exe

C:\Windows\System\HhxMrHW.exe

C:\Windows\System\HhxMrHW.exe

C:\Windows\System\EdccpaS.exe

C:\Windows\System\EdccpaS.exe

C:\Windows\System\YnLfIAB.exe

C:\Windows\System\YnLfIAB.exe

C:\Windows\System\mAhMDxJ.exe

C:\Windows\System\mAhMDxJ.exe

C:\Windows\System\iOGbXkb.exe

C:\Windows\System\iOGbXkb.exe

C:\Windows\System\bNsUCJm.exe

C:\Windows\System\bNsUCJm.exe

C:\Windows\System\FyLUXHp.exe

C:\Windows\System\FyLUXHp.exe

C:\Windows\System\PbNocwH.exe

C:\Windows\System\PbNocwH.exe

C:\Windows\System\WOYSmrA.exe

C:\Windows\System\WOYSmrA.exe

C:\Windows\System\YhDSFlG.exe

C:\Windows\System\YhDSFlG.exe

C:\Windows\System\kVUVyHK.exe

C:\Windows\System\kVUVyHK.exe

C:\Windows\System\yrqHfJr.exe

C:\Windows\System\yrqHfJr.exe

C:\Windows\System\xgKfhKw.exe

C:\Windows\System\xgKfhKw.exe

C:\Windows\System\tokrUWa.exe

C:\Windows\System\tokrUWa.exe

C:\Windows\System\kxQavAJ.exe

C:\Windows\System\kxQavAJ.exe

C:\Windows\System\IEtBwrl.exe

C:\Windows\System\IEtBwrl.exe

C:\Windows\System\KalfkZS.exe

C:\Windows\System\KalfkZS.exe

C:\Windows\System\xqnLOEk.exe

C:\Windows\System\xqnLOEk.exe

C:\Windows\System\PjJicaS.exe

C:\Windows\System\PjJicaS.exe

C:\Windows\System\dkWQpXW.exe

C:\Windows\System\dkWQpXW.exe

C:\Windows\System\krAFIqW.exe

C:\Windows\System\krAFIqW.exe

C:\Windows\System\bXUdIqf.exe

C:\Windows\System\bXUdIqf.exe

C:\Windows\System\kroegAV.exe

C:\Windows\System\kroegAV.exe

C:\Windows\System\KqPnpud.exe

C:\Windows\System\KqPnpud.exe

C:\Windows\System\LiqlYiL.exe

C:\Windows\System\LiqlYiL.exe

C:\Windows\System\sfNOdMB.exe

C:\Windows\System\sfNOdMB.exe

C:\Windows\System\ORUQwDs.exe

C:\Windows\System\ORUQwDs.exe

C:\Windows\System\HgqvNzN.exe

C:\Windows\System\HgqvNzN.exe

C:\Windows\System\FziPMch.exe

C:\Windows\System\FziPMch.exe

C:\Windows\System\ctsXXZA.exe

C:\Windows\System\ctsXXZA.exe

C:\Windows\System\EhmhDJh.exe

C:\Windows\System\EhmhDJh.exe

C:\Windows\System\XgHffmG.exe

C:\Windows\System\XgHffmG.exe

C:\Windows\System\lDaCibV.exe

C:\Windows\System\lDaCibV.exe

C:\Windows\System\GitnuMQ.exe

C:\Windows\System\GitnuMQ.exe

C:\Windows\System\pIuiYGr.exe

C:\Windows\System\pIuiYGr.exe

C:\Windows\System\WumGSiC.exe

C:\Windows\System\WumGSiC.exe

C:\Windows\System\qCkFvci.exe

C:\Windows\System\qCkFvci.exe

C:\Windows\System\MBPzQTt.exe

C:\Windows\System\MBPzQTt.exe

C:\Windows\System\PhHDrWj.exe

C:\Windows\System\PhHDrWj.exe

C:\Windows\System\LptquTF.exe

C:\Windows\System\LptquTF.exe

C:\Windows\System\iGHBaoK.exe

C:\Windows\System\iGHBaoK.exe

C:\Windows\System\DJNmSOH.exe

C:\Windows\System\DJNmSOH.exe

C:\Windows\System\JonChfw.exe

C:\Windows\System\JonChfw.exe

C:\Windows\System\XqmEFuw.exe

C:\Windows\System\XqmEFuw.exe

C:\Windows\System\FhxixjK.exe

C:\Windows\System\FhxixjK.exe

C:\Windows\System\LwzXnzA.exe

C:\Windows\System\LwzXnzA.exe

C:\Windows\System\JNqAsCc.exe

C:\Windows\System\JNqAsCc.exe

C:\Windows\System\sjkBbiY.exe

C:\Windows\System\sjkBbiY.exe

C:\Windows\System\oRUiBug.exe

C:\Windows\System\oRUiBug.exe

C:\Windows\System\uSzURbB.exe

C:\Windows\System\uSzURbB.exe

C:\Windows\System\JXMacRE.exe

C:\Windows\System\JXMacRE.exe

C:\Windows\System\PfNbMOU.exe

C:\Windows\System\PfNbMOU.exe

C:\Windows\System\BPvUlTu.exe

C:\Windows\System\BPvUlTu.exe

C:\Windows\System\TiJEYho.exe

C:\Windows\System\TiJEYho.exe

C:\Windows\System\tMARZMc.exe

C:\Windows\System\tMARZMc.exe

C:\Windows\System\hbJfjVS.exe

C:\Windows\System\hbJfjVS.exe

C:\Windows\System\dCVooDt.exe

C:\Windows\System\dCVooDt.exe

C:\Windows\System\vsGBDYS.exe

C:\Windows\System\vsGBDYS.exe

C:\Windows\System\QHbMjKb.exe

C:\Windows\System\QHbMjKb.exe

C:\Windows\System\RGjGDky.exe

C:\Windows\System\RGjGDky.exe

C:\Windows\System\ZdxtGow.exe

C:\Windows\System\ZdxtGow.exe

C:\Windows\System\Lsibmvb.exe

C:\Windows\System\Lsibmvb.exe

C:\Windows\System\qBHRrwy.exe

C:\Windows\System\qBHRrwy.exe

C:\Windows\System\LSGFTCi.exe

C:\Windows\System\LSGFTCi.exe

C:\Windows\System\KpjYwtF.exe

C:\Windows\System\KpjYwtF.exe

C:\Windows\System\fmVprgK.exe

C:\Windows\System\fmVprgK.exe

C:\Windows\System\elyDRoX.exe

C:\Windows\System\elyDRoX.exe

C:\Windows\System\phQycaZ.exe

C:\Windows\System\phQycaZ.exe

C:\Windows\System\eNHiWpf.exe

C:\Windows\System\eNHiWpf.exe

C:\Windows\System\UgqmeUI.exe

C:\Windows\System\UgqmeUI.exe

C:\Windows\System\YTrwzvj.exe

C:\Windows\System\YTrwzvj.exe

C:\Windows\System\mlFGnez.exe

C:\Windows\System\mlFGnez.exe

C:\Windows\System\dZFDdhQ.exe

C:\Windows\System\dZFDdhQ.exe

C:\Windows\System\rIcNeWF.exe

C:\Windows\System\rIcNeWF.exe

C:\Windows\System\NSEOhfA.exe

C:\Windows\System\NSEOhfA.exe

C:\Windows\System\tebhvqk.exe

C:\Windows\System\tebhvqk.exe

C:\Windows\System\PELOMhN.exe

C:\Windows\System\PELOMhN.exe

C:\Windows\System\lwCFagc.exe

C:\Windows\System\lwCFagc.exe

C:\Windows\System\vmqqVOJ.exe

C:\Windows\System\vmqqVOJ.exe

C:\Windows\System\iaOHflD.exe

C:\Windows\System\iaOHflD.exe

C:\Windows\System\XeNmMwN.exe

C:\Windows\System\XeNmMwN.exe

C:\Windows\System\XraRRMh.exe

C:\Windows\System\XraRRMh.exe

C:\Windows\System\mijpOim.exe

C:\Windows\System\mijpOim.exe

C:\Windows\System\GtGKlSu.exe

C:\Windows\System\GtGKlSu.exe

C:\Windows\System\PXEhVLR.exe

C:\Windows\System\PXEhVLR.exe

C:\Windows\System\ADTNgQv.exe

C:\Windows\System\ADTNgQv.exe

C:\Windows\System\vfKdUSJ.exe

C:\Windows\System\vfKdUSJ.exe

C:\Windows\System\TpwapTl.exe

C:\Windows\System\TpwapTl.exe

C:\Windows\System\GHJksIV.exe

C:\Windows\System\GHJksIV.exe

C:\Windows\System\wHTyvwD.exe

C:\Windows\System\wHTyvwD.exe

C:\Windows\System\spqUBIO.exe

C:\Windows\System\spqUBIO.exe

C:\Windows\System\QeiYDdN.exe

C:\Windows\System\QeiYDdN.exe

C:\Windows\System\xjWTYKF.exe

C:\Windows\System\xjWTYKF.exe

C:\Windows\System\FHcaiPJ.exe

C:\Windows\System\FHcaiPJ.exe

C:\Windows\System\jaTqOSs.exe

C:\Windows\System\jaTqOSs.exe

C:\Windows\System\NGVZLLC.exe

C:\Windows\System\NGVZLLC.exe

C:\Windows\System\OvPKmie.exe

C:\Windows\System\OvPKmie.exe

C:\Windows\System\Wxmukdh.exe

C:\Windows\System\Wxmukdh.exe

C:\Windows\System\qIQtyBQ.exe

C:\Windows\System\qIQtyBQ.exe

C:\Windows\System\AVzivel.exe

C:\Windows\System\AVzivel.exe

C:\Windows\System\xidBsfY.exe

C:\Windows\System\xidBsfY.exe

C:\Windows\System\ecVZvvA.exe

C:\Windows\System\ecVZvvA.exe

C:\Windows\System\UnArmIa.exe

C:\Windows\System\UnArmIa.exe

C:\Windows\System\nTbpCtd.exe

C:\Windows\System\nTbpCtd.exe

C:\Windows\System\FzepGpZ.exe

C:\Windows\System\FzepGpZ.exe

C:\Windows\System\DHUMEQS.exe

C:\Windows\System\DHUMEQS.exe

C:\Windows\System\jVqIqYS.exe

C:\Windows\System\jVqIqYS.exe

C:\Windows\System\fmvfUAB.exe

C:\Windows\System\fmvfUAB.exe

C:\Windows\System\EwxltKb.exe

C:\Windows\System\EwxltKb.exe

C:\Windows\System\PWTfeAl.exe

C:\Windows\System\PWTfeAl.exe

C:\Windows\System\wdowDEw.exe

C:\Windows\System\wdowDEw.exe

C:\Windows\System\pCSttbY.exe

C:\Windows\System\pCSttbY.exe

C:\Windows\System\HIwpTnA.exe

C:\Windows\System\HIwpTnA.exe

C:\Windows\System\ylmifpY.exe

C:\Windows\System\ylmifpY.exe

C:\Windows\System\LVArzJH.exe

C:\Windows\System\LVArzJH.exe

C:\Windows\System\DmuMYIP.exe

C:\Windows\System\DmuMYIP.exe

C:\Windows\System\REQSuRU.exe

C:\Windows\System\REQSuRU.exe

C:\Windows\System\lCjkrkw.exe

C:\Windows\System\lCjkrkw.exe

C:\Windows\System\WZiSZwp.exe

C:\Windows\System\WZiSZwp.exe

C:\Windows\System\lmBKUfJ.exe

C:\Windows\System\lmBKUfJ.exe

C:\Windows\System\LVeudBC.exe

C:\Windows\System\LVeudBC.exe

C:\Windows\System\MjIRfAg.exe

C:\Windows\System\MjIRfAg.exe

C:\Windows\System\ULtFmJx.exe

C:\Windows\System\ULtFmJx.exe

C:\Windows\System\zQzUAfb.exe

C:\Windows\System\zQzUAfb.exe

C:\Windows\System\ZpkxMSo.exe

C:\Windows\System\ZpkxMSo.exe

C:\Windows\System\gccpxoa.exe

C:\Windows\System\gccpxoa.exe

C:\Windows\System\qpWBsVN.exe

C:\Windows\System\qpWBsVN.exe

C:\Windows\System\LMFFiBn.exe

C:\Windows\System\LMFFiBn.exe

C:\Windows\System\lOvdvpm.exe

C:\Windows\System\lOvdvpm.exe

C:\Windows\System\NSwyoOV.exe

C:\Windows\System\NSwyoOV.exe

C:\Windows\System\PfycvmD.exe

C:\Windows\System\PfycvmD.exe

C:\Windows\System\iavxaRa.exe

C:\Windows\System\iavxaRa.exe

C:\Windows\System\riUfGCC.exe

C:\Windows\System\riUfGCC.exe

C:\Windows\System\nXkxfNI.exe

C:\Windows\System\nXkxfNI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

memory/5020-0-0x00007FF6ED320000-0x00007FF6ED674000-memory.dmp

memory/5020-1-0x000001664C880000-0x000001664C890000-memory.dmp

C:\Windows\System\NIHGDst.exe

MD5 f55dbe02dbeecd228ac62607524eb1c7
SHA1 b6a96b1d9e2e4a98dc1e2899ef9603c87bf60851
SHA256 d7e9f4ed9e3e2332a223fed196d42cce05826ed46a49f92ba24cd7dcfe8e7d98
SHA512 284f2a235ffda79e6168d467d0cb57d7e57199637f8153b818c927dfd1bd4d722ae8d2860b57f2294d3983feff9cdbdf2072d14280298d4dbc13073159597615

memory/1724-8-0x00007FF6EF300000-0x00007FF6EF654000-memory.dmp

C:\Windows\System\OqBVEZK.exe

MD5 f17e5aa5c7ede6f34f916957b01d6d15
SHA1 e7d14e8e54a12aed425ce5fcc5eeaa2b9049e016
SHA256 5809004a486c5bfddc5e500992c57d0195bbe035dac272fdc360c6f3055dcc0b
SHA512 a704fe24a884c097cdda9555a9f1abba0487f37a6c263cd30ebf90f91fa7578289083535ab68f1b5b3ef265e2ff0875861d8f8ecbe584cdcfeeade7d3a40fe29

memory/3580-14-0x00007FF648EB0000-0x00007FF649204000-memory.dmp

C:\Windows\System\nVkNjTM.exe

MD5 f56081acef2b312c9efbb4b88b318901
SHA1 1e95ed404de4e7e4fdf2e54021da32e96b740139
SHA256 d6a0270b69532178d359a31e4eaf3fe6024d55b71e54ac5ce1c0ed84bbc43cf4
SHA512 476ef2a63d0deed9244da068532b6f8b2d98b576d45f1d5869a410405a7fbd85cf2ffd349f8154d39f67203a47f5f5851323b8cfa85d1b3771f22feaed5a55c8

memory/548-18-0x00007FF7E1640000-0x00007FF7E1994000-memory.dmp

C:\Windows\System\NRTvwLm.exe

MD5 6769c4de0bcf3b70b72d5d24ce36e6e2
SHA1 046e996ff6b60c3ec6223cb88cf9de0cc35af79d
SHA256 ff22e0d8b43351991e843db8a9c9736f3531ef336d2f02285f679754c2489d7b
SHA512 aa1b00628177fe7b93a88c518c806a329deec8a5ac3defa83c7993e01c9ff5393ee867db28d935bc33e16af3d6c941385fc7d87bfbaa5d38bf62cd264752cfdc

C:\Windows\System\VyTVcpK.exe

MD5 d5ed783a0209a76353dfe052fe361fbe
SHA1 0d56ab5a274ee4b58890735b96984de3b39e4269
SHA256 96bf2a653363855ea406453b152f805c4d0392145eab1f73cdbd3c9e52afbcd0
SHA512 3e9fe1ba4ccda026164d76e96ccb439ca866a841c40a9d006e0597b0da30e2f3a61dfa9f85e1428a4714e44c34fb406f24381a9d7e3d90a24f84ce1f9a597210

C:\Windows\System\GBllPDH.exe

MD5 7efa42521a720d71fd7abed9f8567dd2
SHA1 2bbcc58002797d77496bad5048778f2af4d49ca1
SHA256 3bb2533b054b1ac319b056a8587dacd176e3fc4ecfb71929f4212777f6df03e7
SHA512 a57019f33892ed75e0bd72dc0396fb7bd6672bfe4da349800070abc223b19c3db2f82b4ba237c522283d3602a0d440481454917ad1f2bf590c3078346bce2d56

C:\Windows\System\AcBimbo.exe

MD5 0e7917005970142e04ee618b059aaf08
SHA1 0a7d4cb273bb263e87d5f0f8ea3241ceeecd18ea
SHA256 c038ff76acecad3a5ede7010341d457e2ba2be493495a9e1656531d2379d0df4
SHA512 333208e675171c41b1ba80bd6157a706a03fe272991961faf866641eec9ba8258a691d9c4cac3a8c66bb7887bb9a9d45d08c87cdfc13515fa9fd7cf568e2373a

C:\Windows\System\dAfxuMT.exe

MD5 8d68d774ccba1b05b92bc736f38a268c
SHA1 6e5828a4b1db446412ce83a6870d6d08614fecdf
SHA256 21a0219bc2b1ca8e65082e8133119142e83a9603b4a960ecdb7146082cbe3527
SHA512 3d69d311bcb6d51136e0ce5de7624472c784f59ea2381fc2d718c6951841bbc127d32bf86bad7055244210ffecc11249ceae968ba006ab2cc842ad9f7567c50e

C:\Windows\System\FEIPciz.exe

MD5 45a18dbb888c9de4884c0a530a0d0a4b
SHA1 9b38cee726dec085d3bddc48454edb2990a613f2
SHA256 9af7c6e8498b74b6e5517989b5178b0bdce949785d044966cfb5d55c434d238c
SHA512 7aee71dc19eeb84dd7734989aca9e40b09ea558a8b01ba152e5cf805cd213cf0330994858866520ebf0be3e1db2affe62b6fb268d106ccc3dcd0ae50c3d48a72

C:\Windows\System\kNTOlbg.exe

MD5 595438f0ce4737de36a19f34b7f72540
SHA1 a320fb67063e5c156645245edc4e0a476b04d359
SHA256 b824ca0092c850760e5bf76842defe01ebcd66af881693698b9e99fd7b39e981
SHA512 96d4ad5955bf2dc109bd801f5e02589104a610cde40416366f966aed7c353727ca353c9566f1fd4351845b6c6aea4fb126c92e43bc549996787ddd23ae9d52fa

C:\Windows\System\RvhoyLQ.exe

MD5 3d41868b508388efce12aa3077fb5a02
SHA1 010ce36cf607c0d37e3c84fa772788b56d4448b2
SHA256 85376471eb85a1f7012d65dd44b96ba177b1a3ea19c56843e5625681d0e5e7f1
SHA512 489c61138b7e1cd547db542af519d704bc59e08d8d3da07cec52c9d274e2ad63c8abb997f3f0d6d2e2af01ec94bcff562e50043bcb83371fa204f3370c680457

C:\Windows\System\hOCQPHf.exe

MD5 ba72a977fe4e3ceaa58fb0b3b851b69b
SHA1 a5842d4e579ede42dc39f26a8d4f505e30b35bcd
SHA256 1cd4ecb17006e3933e51a1248c1efc05b0243d83c039d2eb709213aab8a5ea0a
SHA512 58423dbdb0c3c3b8d3642a80879406f0945942ae632a6604c77ab7ae3063517e8efe07189218c8aff316b94b1ba04bd0e043d74574bbb91edf99dc34dc2f2663

C:\Windows\System\mTaGGkt.exe

MD5 ad77e906a1e33efabf4a81f1b7616ace
SHA1 c721f4643a782e41f21e46a789d42be100147bd3
SHA256 d4fa62d4e447e50551e055783f1533ebe102afbff2240713ee7dd653cbc5917a
SHA512 b6350168037842438ec9a0d38865b37303a567172c0a8bae20a4b5b2fbeb635ad6892855614f262e48eface3332482c939ecc944ede86f15f0f9e0bb88a553a5

C:\Windows\System\ncayZpT.exe

MD5 7e5a41449d7dbd4df2b5f02b0faf06d9
SHA1 8df7ebd5f2115d48a56a537583c808bc49760d2c
SHA256 559b0698c3d1f1be0aefcba95076f22e08ee363a6a04e512e282802c85d5c222
SHA512 bad66dceaf8bf6dc28fa733ec6a5a901ce34514f7df035cd1cd120b393b9d3395c1fdcbcfbfc617ca233025d3b719d884cfc9559ff11cecacef4f79b2c176f2d

C:\Windows\System\ViOQbZk.exe

MD5 c6e7de6a8de788fb3c9c7b75355503ee
SHA1 30510a34609d79bfc8cd735ac5d50992af0526bd
SHA256 92af3babdae27b95bca7c750da644d65602d5d21c23ac39d9563dc7ad73f4169
SHA512 0b0d9032144c55e2a37a1dc389a9958a753ff69fa3d8a6c7ae0981370f7ee3047b9ee660d4e6fcacb9db61f8ba98719277a25a856498e97ed95ddc3d7ddccd1e

C:\Windows\System\TMCRwtk.exe

MD5 4bf8b07ee091e1b61cca3f0f60bc3897
SHA1 7d66409a4a84244947e93f0aac51f4fa86035d54
SHA256 47aa6b7e881e574e6bd33a899e12e81a36a48cc4475424777b7071365406d1df
SHA512 65ba3c1680e4f38f86b2ec16d8819e0a2fda6501be81e0e6abb04cf6b5c33ccb5deeec8e7479b5859f12e8af9135a420cdb0b7a09f70a0171663775e2c441757

C:\Windows\System\dZpSsQy.exe

MD5 ee5d4198a5bd0fbac887f6de8a91dece
SHA1 8bc110fa69c41cf7f80d2a848adfcb77ee796a8b
SHA256 eab77b4f9c5e4fc9cea4b9a77e377301d7c61c050157cae46ca8039c383f694c
SHA512 9ba216e4f4020ed68a32fcfccf31a0dbb92af2b8d3dc516349f7dd0a636487d8af9e3cc3dfb5286b785ba0f8696d75c07f43374bcda8832c5ceba791830922f6

memory/3788-449-0x00007FF747EF0000-0x00007FF748244000-memory.dmp

memory/220-464-0x00007FF6FAF60000-0x00007FF6FB2B4000-memory.dmp

memory/4132-473-0x00007FF756450000-0x00007FF7567A4000-memory.dmp

memory/3848-488-0x00007FF6F1420000-0x00007FF6F1774000-memory.dmp

memory/1256-494-0x00007FF648C10000-0x00007FF648F64000-memory.dmp

memory/848-502-0x00007FF6D62C0000-0x00007FF6D6614000-memory.dmp

memory/1728-505-0x00007FF65EE20000-0x00007FF65F174000-memory.dmp

memory/4808-516-0x00007FF757A10000-0x00007FF757D64000-memory.dmp

memory/3444-527-0x00007FF77DE70000-0x00007FF77E1C4000-memory.dmp

memory/3128-532-0x00007FF662800000-0x00007FF662B54000-memory.dmp

memory/824-538-0x00007FF7C0FB0000-0x00007FF7C1304000-memory.dmp

memory/3856-539-0x00007FF6F8600000-0x00007FF6F8954000-memory.dmp

memory/1276-540-0x00007FF7C9940000-0x00007FF7C9C94000-memory.dmp

memory/440-534-0x00007FF746990000-0x00007FF746CE4000-memory.dmp

memory/3196-533-0x00007FF793760000-0x00007FF793AB4000-memory.dmp

memory/4120-522-0x00007FF7B0B70000-0x00007FF7B0EC4000-memory.dmp

memory/4708-519-0x00007FF705350000-0x00007FF7056A4000-memory.dmp

memory/1764-515-0x00007FF744290000-0x00007FF7445E4000-memory.dmp

memory/3540-514-0x00007FF601270000-0x00007FF6015C4000-memory.dmp

memory/3204-506-0x00007FF6FD080000-0x00007FF6FD3D4000-memory.dmp

memory/2492-495-0x00007FF6B5820000-0x00007FF6B5B74000-memory.dmp

memory/1376-483-0x00007FF615460000-0x00007FF6157B4000-memory.dmp

memory/3836-480-0x00007FF625880000-0x00007FF625BD4000-memory.dmp

memory/1416-469-0x00007FF76E9D0000-0x00007FF76ED24000-memory.dmp

memory/2036-457-0x00007FF6FA3B0000-0x00007FF6FA704000-memory.dmp

memory/4048-451-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp

C:\Windows\System\IeJtCsJ.exe

MD5 1db11691a394ff663829672a07b4953f
SHA1 23d32d8be8c1e654e097adf4a9fd0b91a4e41f81
SHA256 b8bfd9c08fdee1d35634f03e32b1aa3076d5b1b75eaf97069070b24683537385
SHA512 2cba45e93c9ca073783bf35081ba735bb23d6815ee36a90ea8fb5de594db9d48a7c6bdb6bc5d95ddf2c903268213267c8f58d3a8a5da4df5956b7ee7115a4c11

C:\Windows\System\xINThOz.exe

MD5 3af2ea1286be5820d03c3f37d117ce5c
SHA1 bc714e27248af66564f4318224bf8f76db0768e0
SHA256 0183a2956c08881bd10bdbc8ee4b970dabb771cafdcf970eb3a0787a308fcbac
SHA512 facd6b9a27db3f41d8fba28de35a3925be84ab55d17ee4368d321480096825677f8d6ccd4b05f60cea3073a0de6490ce68343a5d01e1f4dd3a4418ecad08e4bb

C:\Windows\System\UtSjPkY.exe

MD5 802db0cbbadd2a81a8ebd7c79fa91e09
SHA1 c53516a0ce5d52adc6999a4a3c47ec4c63e030d0
SHA256 207df78dae68d4feae93eb9e6efabb11a987dbd2436384bec74aca8e6b872fd9
SHA512 3ed0f490151c4992fd5d2c779401b66412a96eb5695c6d0f1922a1b43466860a45ed480fec13c876134c14ad411296682659246f82e3c7252250a7b188a083f4

C:\Windows\System\JnszYcj.exe

MD5 2ae1df99cd3c9d528989772363b52095
SHA1 9f0c07341d965796a53ad83724369c50e64988c5
SHA256 e3b1b16b0b9ab8d70fae3a68f29817181957435b476d2a154333810e42b0d3d2
SHA512 8f99112d59d385f2aca2fa4e9789c828e579aae1b5aa90ff333b570e31b52e1f9a984a8d526a4c461cfa934bfa718b8ff85160ffa18b898b469c1c9401718f4c

C:\Windows\System\iqkpOfY.exe

MD5 44c85957db753484cb91cb0df3309e4c
SHA1 d83cabe8005688707b22ebc5db6d36c2643c237d
SHA256 c66a0e52cc569aa367b46de19ef0f7313816046b03902ac8d0d22373fcdae28f
SHA512 c230822c8a06bd5aea150e884fef7c0215138502821701c4084ff094b67cfb0cc58acdb6d11f2c13b27b645f1138497b77fd9491bcfe6610ad203db3c0a06d55

C:\Windows\System\NyhJGiZ.exe

MD5 b6f494b2416e975b6cd9b193e5e0d70f
SHA1 02295f4607dce6238344c2ec8ab6a233946c2316
SHA256 b8f04ed92812512e09b00f22d5c4db459756574bdae5125da2334a43eb0b32bf
SHA512 ffe2a8bb638bf3d74704f579d6bbf87ef0c594825f40925d05ec25b0dd21bb411755289682ecd7b6906a9270da4fb274dc4f636a2cd4e563588d3dd6652ef137

C:\Windows\System\ybSWiDH.exe

MD5 7b637c53762ce4c6ec36f51c710bd6da
SHA1 7b3eae40024cc85f0ac82cedf77829eb7706edd1
SHA256 dcd01c92fdbabfd7420393edceb595c308466f01ed46379c8e4b91ad8f5a1add
SHA512 09f4866e3dbeceddf9acbcadc8ef5113c7e82a33a1d1e2b6790742e7434a2f1bcdb348c06e0024fa82752df13b1fba9f3f03878c2ff346176f7463b8b652a4d9

C:\Windows\System\AMgnDXo.exe

MD5 dd08c4b0fd81baee4ef336bf9f561620
SHA1 2f07960cbbef70c19363a6180ce0dacc889b392f
SHA256 cc246af7cda5cabcb43afe1d3bee555dd62467d37f092890001867db01bd2a64
SHA512 fedfe15ff3907cc0a156bd86e9d4682eeb6b63575f8e69d73c80b5f8bfa7d545a5dbb87fef69a02c84232e9dd613c90c64694985799b43d118bd9914b82ff2b6

C:\Windows\System\laADiHp.exe

MD5 76a088ec005798ecfd43dabbb17cc73b
SHA1 ae0be8798de0ae784dc66babaeae5c63fc4b3277
SHA256 353cdfcf1a4ef5e0bc0745331d6f7fb00a3bd05464645d278f6298f493c64648
SHA512 05a9b1e9985b3a5041aba4f86c784387f69bee2a1c73a950dbcf0be06e51bad0b9ccd502392100305d76f53363da5022f904f0ea09515008128a0b8046aa2277

C:\Windows\System\hfigOnK.exe

MD5 5f06debf37c2f1074c95f8ef2659a577
SHA1 8a3b31c47aa69bca1aeb406dd1d7a0afce58d5e2
SHA256 9129d58151478ef0c356abef1d81e0c2178a7d3ca1469f96360a691435e62d0c
SHA512 817560a29cbfccf7d55cd038a9959798b199bf4faa4d331d9e13bda4829ac8406312be0a6bc48c357651292b8e8a4016b6161b6b88348eb12429ea5bf31ac37a

C:\Windows\System\aklKFXz.exe

MD5 9a746dd5300400721c1fa41db9c8dd50
SHA1 025cfcd1e4f420492b596a93c6159af42d7aa295
SHA256 dc2805dd4add1494a3dd799d095576bba7043302e60b6eb000dda6a302bfe211
SHA512 d411e3cddc8a2dd346cf1448c7f6cfb31d13566ecbf339f714b35070352ad93b003151b72f629adc58775fa65810cf35edf20daf9e6b851a5c920240b3c40c07

C:\Windows\System\JibbVZB.exe

MD5 d1f5eb344f4627104039b8299a50a524
SHA1 5be14f6c4d6f8645911ac5c31c7a1b213d7be68e
SHA256 0711079184c1abc13f62e68575bfc6d06bedc30cc33e63c53281cc4ab72206f5
SHA512 0b1f3d605298477b037e16fb33091c941887a1f6a4c89b7470dd51e4ff640595e64a3638b89cfb856f74216aad679e29417efa01a71ea8023864e1c771cd17cf

C:\Windows\System\GumtVjX.exe

MD5 6db7d435d3ee66fb06e2b972e46bb690
SHA1 cd2f71ebe6d8605ef7c71dbf196383b6380b6d9d
SHA256 42ddd324c5c6780d1f95366e194aa8ee07e78518c543dbd8c6d4a60f6404bb4f
SHA512 7e35e1591eca550a49798175c684cf31a2c6eef0e69b3d10e88f8e39ae6ab9339a6c75e17b917e3b5eabe2bab80b31514e779363f18628f989a7e11ba0a32352

C:\Windows\System\tGdTvJe.exe

MD5 560a980583398406f8575771fdaba0c4
SHA1 3e00f0b23045949ab28f3dd02abb88b7a0c80814
SHA256 cb483c750c638cab5d3a8a6a8614851e7f5a3683692abe5c9d60edb63998f470
SHA512 91dd85a008f30216a529a0ff03e7549d8c97db4721c1375aed116a296364e869537cd76abf149c4479127b3d35764fcceaa8f019b4b14bde433ab09547ab6c4e

C:\Windows\System\SsYvWDO.exe

MD5 087afebe0e9e017488f3cd31fc942fd3
SHA1 09ac7cc72b486da6595bb3bc88cb8280398bd311
SHA256 a9887842d5852d4dc5879b12dd1525e428092863a21adce933008c38e763b309
SHA512 547b205fbd7ade51fcab7d9c42c13eaa98a4b6e625a180d04400d8048f99b2cdc8056f1df7240313e4e0e58a31ac2c00fd22e2d6c95e1d7488ff258576fa8604

C:\Windows\System\dKTvAiE.exe

MD5 8fe12ec9506a9d20b6a7ef178657b42e
SHA1 048e5591776f92362198ba76ae9a7c2a70ae738b
SHA256 d60f8ade8c3d4404a898002bd0747536b948ca50851a78d068e8403d25981dad
SHA512 a973121df8ce1719b5f3ec4074a09639860bfef984824ee110d9fd460389e9a7c1331c0be86e2fde1eb8f9d1d05970eed1ac659b6cd0a77ed1e0cf04bd2fd80b

memory/5020-1070-0x00007FF6ED320000-0x00007FF6ED674000-memory.dmp

memory/1724-1071-0x00007FF6EF300000-0x00007FF6EF654000-memory.dmp

memory/1724-1072-0x00007FF6EF300000-0x00007FF6EF654000-memory.dmp

memory/3580-1073-0x00007FF648EB0000-0x00007FF649204000-memory.dmp

memory/548-1074-0x00007FF7E1640000-0x00007FF7E1994000-memory.dmp

memory/3788-1075-0x00007FF747EF0000-0x00007FF748244000-memory.dmp

memory/2036-1076-0x00007FF6FA3B0000-0x00007FF6FA704000-memory.dmp

memory/220-1077-0x00007FF6FAF60000-0x00007FF6FB2B4000-memory.dmp

memory/4048-1078-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp

memory/4132-1080-0x00007FF756450000-0x00007FF7567A4000-memory.dmp

memory/1376-1082-0x00007FF615460000-0x00007FF6157B4000-memory.dmp

memory/3836-1081-0x00007FF625880000-0x00007FF625BD4000-memory.dmp

memory/1416-1079-0x00007FF76E9D0000-0x00007FF76ED24000-memory.dmp

memory/1256-1083-0x00007FF648C10000-0x00007FF648F64000-memory.dmp

memory/848-1090-0x00007FF6D62C0000-0x00007FF6D6614000-memory.dmp

memory/1728-1089-0x00007FF65EE20000-0x00007FF65F174000-memory.dmp

memory/1764-1088-0x00007FF744290000-0x00007FF7445E4000-memory.dmp

memory/3540-1087-0x00007FF601270000-0x00007FF6015C4000-memory.dmp

memory/3204-1086-0x00007FF6FD080000-0x00007FF6FD3D4000-memory.dmp

memory/2492-1085-0x00007FF6B5820000-0x00007FF6B5B74000-memory.dmp

memory/3848-1084-0x00007FF6F1420000-0x00007FF6F1774000-memory.dmp

memory/4120-1092-0x00007FF7B0B70000-0x00007FF7B0EC4000-memory.dmp

memory/4708-1099-0x00007FF705350000-0x00007FF7056A4000-memory.dmp

memory/3128-1100-0x00007FF662800000-0x00007FF662B54000-memory.dmp

memory/4808-1098-0x00007FF757A10000-0x00007FF757D64000-memory.dmp

memory/3196-1097-0x00007FF793760000-0x00007FF793AB4000-memory.dmp

memory/440-1096-0x00007FF746990000-0x00007FF746CE4000-memory.dmp

memory/3856-1095-0x00007FF6F8600000-0x00007FF6F8954000-memory.dmp

memory/824-1094-0x00007FF7C0FB0000-0x00007FF7C1304000-memory.dmp

memory/3444-1093-0x00007FF77DE70000-0x00007FF77E1C4000-memory.dmp

memory/1276-1091-0x00007FF7C9940000-0x00007FF7C9C94000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 11:47

Reported

2024-06-17 11:49

Platform

win7-20240419-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xyuqWWn.exe N/A
N/A N/A C:\Windows\System\gPhNtNN.exe N/A
N/A N/A C:\Windows\System\eKSewdy.exe N/A
N/A N/A C:\Windows\System\mqoupzy.exe N/A
N/A N/A C:\Windows\System\gKhHHzl.exe N/A
N/A N/A C:\Windows\System\GHFyBre.exe N/A
N/A N/A C:\Windows\System\NllbQjS.exe N/A
N/A N/A C:\Windows\System\cECwrrn.exe N/A
N/A N/A C:\Windows\System\ojQwPuh.exe N/A
N/A N/A C:\Windows\System\cTfOSSw.exe N/A
N/A N/A C:\Windows\System\lDqChCd.exe N/A
N/A N/A C:\Windows\System\DYYZZqK.exe N/A
N/A N/A C:\Windows\System\QixQIBM.exe N/A
N/A N/A C:\Windows\System\diZPAyD.exe N/A
N/A N/A C:\Windows\System\tusrclj.exe N/A
N/A N/A C:\Windows\System\MfaHYri.exe N/A
N/A N/A C:\Windows\System\eGNIGyJ.exe N/A
N/A N/A C:\Windows\System\OzhXsak.exe N/A
N/A N/A C:\Windows\System\usOiurk.exe N/A
N/A N/A C:\Windows\System\jmVFHbm.exe N/A
N/A N/A C:\Windows\System\VQFPjcL.exe N/A
N/A N/A C:\Windows\System\ejCYzzM.exe N/A
N/A N/A C:\Windows\System\bovwDcJ.exe N/A
N/A N/A C:\Windows\System\aeNVEDc.exe N/A
N/A N/A C:\Windows\System\QKYKrzF.exe N/A
N/A N/A C:\Windows\System\wMzRCfk.exe N/A
N/A N/A C:\Windows\System\NGfmBuU.exe N/A
N/A N/A C:\Windows\System\xJPDzsw.exe N/A
N/A N/A C:\Windows\System\tHaerDg.exe N/A
N/A N/A C:\Windows\System\zpJidsd.exe N/A
N/A N/A C:\Windows\System\MedWLmc.exe N/A
N/A N/A C:\Windows\System\uDRCpFT.exe N/A
N/A N/A C:\Windows\System\CpQIVQw.exe N/A
N/A N/A C:\Windows\System\tnETcpi.exe N/A
N/A N/A C:\Windows\System\xEbcAjA.exe N/A
N/A N/A C:\Windows\System\mKZrSHc.exe N/A
N/A N/A C:\Windows\System\bFkUpSX.exe N/A
N/A N/A C:\Windows\System\EHbHjpL.exe N/A
N/A N/A C:\Windows\System\aJOvVnF.exe N/A
N/A N/A C:\Windows\System\ociJglB.exe N/A
N/A N/A C:\Windows\System\gHumipz.exe N/A
N/A N/A C:\Windows\System\yYGZyHz.exe N/A
N/A N/A C:\Windows\System\rVgNzqL.exe N/A
N/A N/A C:\Windows\System\vnnqgKr.exe N/A
N/A N/A C:\Windows\System\aUhpkgc.exe N/A
N/A N/A C:\Windows\System\ZQkmvRR.exe N/A
N/A N/A C:\Windows\System\rPcQyTd.exe N/A
N/A N/A C:\Windows\System\GQNKndL.exe N/A
N/A N/A C:\Windows\System\AvcWCZW.exe N/A
N/A N/A C:\Windows\System\xGTrGrE.exe N/A
N/A N/A C:\Windows\System\ThqrtzS.exe N/A
N/A N/A C:\Windows\System\XSuwgbX.exe N/A
N/A N/A C:\Windows\System\JNHSWMo.exe N/A
N/A N/A C:\Windows\System\hAHlQOh.exe N/A
N/A N/A C:\Windows\System\PlbNlYB.exe N/A
N/A N/A C:\Windows\System\EpzFhrk.exe N/A
N/A N/A C:\Windows\System\YBAuuhH.exe N/A
N/A N/A C:\Windows\System\ITXQypg.exe N/A
N/A N/A C:\Windows\System\resfStS.exe N/A
N/A N/A C:\Windows\System\eRFMHmo.exe N/A
N/A N/A C:\Windows\System\JpFzTCx.exe N/A
N/A N/A C:\Windows\System\MVwIAps.exe N/A
N/A N/A C:\Windows\System\FYZHosQ.exe N/A
N/A N/A C:\Windows\System\dfSUMPM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\crvsRTw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HayKnoz.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PoAxEdm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpWhGAQ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVwIAps.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnCGstd.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASnydXF.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVNfyKc.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jhNMRDr.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzhXsak.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEbcAjA.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMqZDlv.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yHQlYco.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xvQWwLF.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPhNtNN.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gKhHHzl.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GPpkVCd.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnHlrHu.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzvwsFl.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHUBsoU.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MfaHYri.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHumipz.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrBwQZo.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFCUMhU.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\blhXuLa.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLFxgEj.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tusrclj.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFhnAKy.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PEcHIUe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtUVrjj.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDQywkl.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpQIVQw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFkUpSX.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRXxZRg.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMZkuzI.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XcxShuj.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HidxqIi.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLFOwwb.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\exdHBgx.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRohGya.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCOvkvW.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ungWQTD.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\txANqyc.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQMyaFe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBVRDEe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDgJMjS.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXoMKJR.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\shlNNHP.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYDObqr.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvffDXx.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDqChCd.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHFyBre.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bovwDcJ.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtMxJNl.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIJipbY.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJPDzsw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBDuvsm.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKTarHM.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJdNfFw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgYNAZe.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUsnUds.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PTLKBjT.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVrDyvi.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bXTErFw.exe C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\xyuqWWn.exe
PID 2124 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\xyuqWWn.exe
PID 2124 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\xyuqWWn.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gPhNtNN.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gPhNtNN.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gPhNtNN.exe
PID 2124 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cTfOSSw.exe
PID 2124 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cTfOSSw.exe
PID 2124 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cTfOSSw.exe
PID 2124 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eKSewdy.exe
PID 2124 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eKSewdy.exe
PID 2124 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eKSewdy.exe
PID 2124 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\lDqChCd.exe
PID 2124 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\lDqChCd.exe
PID 2124 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\lDqChCd.exe
PID 2124 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\mqoupzy.exe
PID 2124 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\mqoupzy.exe
PID 2124 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\mqoupzy.exe
PID 2124 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\DYYZZqK.exe
PID 2124 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\DYYZZqK.exe
PID 2124 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\DYYZZqK.exe
PID 2124 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gKhHHzl.exe
PID 2124 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gKhHHzl.exe
PID 2124 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\gKhHHzl.exe
PID 2124 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\QixQIBM.exe
PID 2124 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\QixQIBM.exe
PID 2124 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\QixQIBM.exe
PID 2124 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GHFyBre.exe
PID 2124 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GHFyBre.exe
PID 2124 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\GHFyBre.exe
PID 2124 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\diZPAyD.exe
PID 2124 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\diZPAyD.exe
PID 2124 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\diZPAyD.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NllbQjS.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NllbQjS.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\NllbQjS.exe
PID 2124 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\MfaHYri.exe
PID 2124 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\MfaHYri.exe
PID 2124 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\MfaHYri.exe
PID 2124 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cECwrrn.exe
PID 2124 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cECwrrn.exe
PID 2124 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\cECwrrn.exe
PID 2124 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eGNIGyJ.exe
PID 2124 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eGNIGyJ.exe
PID 2124 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\eGNIGyJ.exe
PID 2124 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ojQwPuh.exe
PID 2124 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ojQwPuh.exe
PID 2124 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ojQwPuh.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\OzhXsak.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\OzhXsak.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\OzhXsak.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\tusrclj.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\tusrclj.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\tusrclj.exe
PID 2124 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\jmVFHbm.exe
PID 2124 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\jmVFHbm.exe
PID 2124 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\jmVFHbm.exe
PID 2124 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\usOiurk.exe
PID 2124 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\usOiurk.exe
PID 2124 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\usOiurk.exe
PID 2124 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\VQFPjcL.exe
PID 2124 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\VQFPjcL.exe
PID 2124 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\VQFPjcL.exe
PID 2124 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe C:\Windows\System\ejCYzzM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8752146533202e502a8356ea02c26cb0_NeikiAnalytics.exe"

C:\Windows\System\xyuqWWn.exe

C:\Windows\System\xyuqWWn.exe

C:\Windows\System\gPhNtNN.exe

C:\Windows\System\gPhNtNN.exe

C:\Windows\System\cTfOSSw.exe

C:\Windows\System\cTfOSSw.exe

C:\Windows\System\eKSewdy.exe

C:\Windows\System\eKSewdy.exe

C:\Windows\System\lDqChCd.exe

C:\Windows\System\lDqChCd.exe

C:\Windows\System\mqoupzy.exe

C:\Windows\System\mqoupzy.exe

C:\Windows\System\DYYZZqK.exe

C:\Windows\System\DYYZZqK.exe

C:\Windows\System\gKhHHzl.exe

C:\Windows\System\gKhHHzl.exe

C:\Windows\System\QixQIBM.exe

C:\Windows\System\QixQIBM.exe

C:\Windows\System\GHFyBre.exe

C:\Windows\System\GHFyBre.exe

C:\Windows\System\diZPAyD.exe

C:\Windows\System\diZPAyD.exe

C:\Windows\System\NllbQjS.exe

C:\Windows\System\NllbQjS.exe

C:\Windows\System\MfaHYri.exe

C:\Windows\System\MfaHYri.exe

C:\Windows\System\cECwrrn.exe

C:\Windows\System\cECwrrn.exe

C:\Windows\System\eGNIGyJ.exe

C:\Windows\System\eGNIGyJ.exe

C:\Windows\System\ojQwPuh.exe

C:\Windows\System\ojQwPuh.exe

C:\Windows\System\OzhXsak.exe

C:\Windows\System\OzhXsak.exe

C:\Windows\System\tusrclj.exe

C:\Windows\System\tusrclj.exe

C:\Windows\System\jmVFHbm.exe

C:\Windows\System\jmVFHbm.exe

C:\Windows\System\usOiurk.exe

C:\Windows\System\usOiurk.exe

C:\Windows\System\VQFPjcL.exe

C:\Windows\System\VQFPjcL.exe

C:\Windows\System\ejCYzzM.exe

C:\Windows\System\ejCYzzM.exe

C:\Windows\System\bovwDcJ.exe

C:\Windows\System\bovwDcJ.exe

C:\Windows\System\aeNVEDc.exe

C:\Windows\System\aeNVEDc.exe

C:\Windows\System\QKYKrzF.exe

C:\Windows\System\QKYKrzF.exe

C:\Windows\System\wMzRCfk.exe

C:\Windows\System\wMzRCfk.exe

C:\Windows\System\NGfmBuU.exe

C:\Windows\System\NGfmBuU.exe

C:\Windows\System\xJPDzsw.exe

C:\Windows\System\xJPDzsw.exe

C:\Windows\System\tHaerDg.exe

C:\Windows\System\tHaerDg.exe

C:\Windows\System\zpJidsd.exe

C:\Windows\System\zpJidsd.exe

C:\Windows\System\MedWLmc.exe

C:\Windows\System\MedWLmc.exe

C:\Windows\System\uDRCpFT.exe

C:\Windows\System\uDRCpFT.exe

C:\Windows\System\CpQIVQw.exe

C:\Windows\System\CpQIVQw.exe

C:\Windows\System\tnETcpi.exe

C:\Windows\System\tnETcpi.exe

C:\Windows\System\xEbcAjA.exe

C:\Windows\System\xEbcAjA.exe

C:\Windows\System\mKZrSHc.exe

C:\Windows\System\mKZrSHc.exe

C:\Windows\System\bFkUpSX.exe

C:\Windows\System\bFkUpSX.exe

C:\Windows\System\EHbHjpL.exe

C:\Windows\System\EHbHjpL.exe

C:\Windows\System\aJOvVnF.exe

C:\Windows\System\aJOvVnF.exe

C:\Windows\System\ociJglB.exe

C:\Windows\System\ociJglB.exe

C:\Windows\System\gHumipz.exe

C:\Windows\System\gHumipz.exe

C:\Windows\System\yYGZyHz.exe

C:\Windows\System\yYGZyHz.exe

C:\Windows\System\rVgNzqL.exe

C:\Windows\System\rVgNzqL.exe

C:\Windows\System\vnnqgKr.exe

C:\Windows\System\vnnqgKr.exe

C:\Windows\System\aUhpkgc.exe

C:\Windows\System\aUhpkgc.exe

C:\Windows\System\ZQkmvRR.exe

C:\Windows\System\ZQkmvRR.exe

C:\Windows\System\rPcQyTd.exe

C:\Windows\System\rPcQyTd.exe

C:\Windows\System\GQNKndL.exe

C:\Windows\System\GQNKndL.exe

C:\Windows\System\AvcWCZW.exe

C:\Windows\System\AvcWCZW.exe

C:\Windows\System\xGTrGrE.exe

C:\Windows\System\xGTrGrE.exe

C:\Windows\System\ThqrtzS.exe

C:\Windows\System\ThqrtzS.exe

C:\Windows\System\XSuwgbX.exe

C:\Windows\System\XSuwgbX.exe

C:\Windows\System\JNHSWMo.exe

C:\Windows\System\JNHSWMo.exe

C:\Windows\System\hAHlQOh.exe

C:\Windows\System\hAHlQOh.exe

C:\Windows\System\PlbNlYB.exe

C:\Windows\System\PlbNlYB.exe

C:\Windows\System\EpzFhrk.exe

C:\Windows\System\EpzFhrk.exe

C:\Windows\System\YBAuuhH.exe

C:\Windows\System\YBAuuhH.exe

C:\Windows\System\ITXQypg.exe

C:\Windows\System\ITXQypg.exe

C:\Windows\System\resfStS.exe

C:\Windows\System\resfStS.exe

C:\Windows\System\eRFMHmo.exe

C:\Windows\System\eRFMHmo.exe

C:\Windows\System\JpFzTCx.exe

C:\Windows\System\JpFzTCx.exe

C:\Windows\System\MVwIAps.exe

C:\Windows\System\MVwIAps.exe

C:\Windows\System\FYZHosQ.exe

C:\Windows\System\FYZHosQ.exe

C:\Windows\System\dfSUMPM.exe

C:\Windows\System\dfSUMPM.exe

C:\Windows\System\JcBILOP.exe

C:\Windows\System\JcBILOP.exe

C:\Windows\System\VKFDLxc.exe

C:\Windows\System\VKFDLxc.exe

C:\Windows\System\zAdFasQ.exe

C:\Windows\System\zAdFasQ.exe

C:\Windows\System\EWWCTEz.exe

C:\Windows\System\EWWCTEz.exe

C:\Windows\System\uKWgsix.exe

C:\Windows\System\uKWgsix.exe

C:\Windows\System\ADalPaR.exe

C:\Windows\System\ADalPaR.exe

C:\Windows\System\QsnRdeK.exe

C:\Windows\System\QsnRdeK.exe

C:\Windows\System\IIPPgWI.exe

C:\Windows\System\IIPPgWI.exe

C:\Windows\System\IlmRWGx.exe

C:\Windows\System\IlmRWGx.exe

C:\Windows\System\EmuIhMq.exe

C:\Windows\System\EmuIhMq.exe

C:\Windows\System\FqDwyuH.exe

C:\Windows\System\FqDwyuH.exe

C:\Windows\System\XbTWoQk.exe

C:\Windows\System\XbTWoQk.exe

C:\Windows\System\pnCGstd.exe

C:\Windows\System\pnCGstd.exe

C:\Windows\System\FwpAFqW.exe

C:\Windows\System\FwpAFqW.exe

C:\Windows\System\NxEBBFU.exe

C:\Windows\System\NxEBBFU.exe

C:\Windows\System\myRDQef.exe

C:\Windows\System\myRDQef.exe

C:\Windows\System\OpMVreT.exe

C:\Windows\System\OpMVreT.exe

C:\Windows\System\JROdjOM.exe

C:\Windows\System\JROdjOM.exe

C:\Windows\System\HJPROch.exe

C:\Windows\System\HJPROch.exe

C:\Windows\System\OCcbaFq.exe

C:\Windows\System\OCcbaFq.exe

C:\Windows\System\IjnoGZT.exe

C:\Windows\System\IjnoGZT.exe

C:\Windows\System\wPIiEGF.exe

C:\Windows\System\wPIiEGF.exe

C:\Windows\System\cqHkOJd.exe

C:\Windows\System\cqHkOJd.exe

C:\Windows\System\cUaYCeE.exe

C:\Windows\System\cUaYCeE.exe

C:\Windows\System\pSCXYyB.exe

C:\Windows\System\pSCXYyB.exe

C:\Windows\System\NFcMkqj.exe

C:\Windows\System\NFcMkqj.exe

C:\Windows\System\AeoLhMF.exe

C:\Windows\System\AeoLhMF.exe

C:\Windows\System\AMKTiIW.exe

C:\Windows\System\AMKTiIW.exe

C:\Windows\System\YElJAKY.exe

C:\Windows\System\YElJAKY.exe

C:\Windows\System\oOOzvJc.exe

C:\Windows\System\oOOzvJc.exe

C:\Windows\System\ytwaUJm.exe

C:\Windows\System\ytwaUJm.exe

C:\Windows\System\WJPYNIB.exe

C:\Windows\System\WJPYNIB.exe

C:\Windows\System\QlxrBjD.exe

C:\Windows\System\QlxrBjD.exe

C:\Windows\System\dQMyaFe.exe

C:\Windows\System\dQMyaFe.exe

C:\Windows\System\nbEAUZA.exe

C:\Windows\System\nbEAUZA.exe

C:\Windows\System\CkYgBVd.exe

C:\Windows\System\CkYgBVd.exe

C:\Windows\System\OBVRDEe.exe

C:\Windows\System\OBVRDEe.exe

C:\Windows\System\DhgqJDJ.exe

C:\Windows\System\DhgqJDJ.exe

C:\Windows\System\HtOVpcD.exe

C:\Windows\System\HtOVpcD.exe

C:\Windows\System\XlTlRcS.exe

C:\Windows\System\XlTlRcS.exe

C:\Windows\System\ASnydXF.exe

C:\Windows\System\ASnydXF.exe

C:\Windows\System\VFhnAKy.exe

C:\Windows\System\VFhnAKy.exe

C:\Windows\System\khzZnRh.exe

C:\Windows\System\khzZnRh.exe

C:\Windows\System\Mpiwdxy.exe

C:\Windows\System\Mpiwdxy.exe

C:\Windows\System\CjcVlCb.exe

C:\Windows\System\CjcVlCb.exe

C:\Windows\System\BwTRuYV.exe

C:\Windows\System\BwTRuYV.exe

C:\Windows\System\zMqZDlv.exe

C:\Windows\System\zMqZDlv.exe

C:\Windows\System\FzjlGzb.exe

C:\Windows\System\FzjlGzb.exe

C:\Windows\System\OrBwQZo.exe

C:\Windows\System\OrBwQZo.exe

C:\Windows\System\UYpOpbB.exe

C:\Windows\System\UYpOpbB.exe

C:\Windows\System\Obggpnp.exe

C:\Windows\System\Obggpnp.exe

C:\Windows\System\NuMmDQd.exe

C:\Windows\System\NuMmDQd.exe

C:\Windows\System\toLhkiH.exe

C:\Windows\System\toLhkiH.exe

C:\Windows\System\VrETAYG.exe

C:\Windows\System\VrETAYG.exe

C:\Windows\System\VusbxSX.exe

C:\Windows\System\VusbxSX.exe

C:\Windows\System\OiHCDSh.exe

C:\Windows\System\OiHCDSh.exe

C:\Windows\System\lkSekBZ.exe

C:\Windows\System\lkSekBZ.exe

C:\Windows\System\bttWWGZ.exe

C:\Windows\System\bttWWGZ.exe

C:\Windows\System\LAHrZZG.exe

C:\Windows\System\LAHrZZG.exe

C:\Windows\System\ZPQKEmT.exe

C:\Windows\System\ZPQKEmT.exe

C:\Windows\System\PEcHIUe.exe

C:\Windows\System\PEcHIUe.exe

C:\Windows\System\mVNfyKc.exe

C:\Windows\System\mVNfyKc.exe

C:\Windows\System\OMTnkCe.exe

C:\Windows\System\OMTnkCe.exe

C:\Windows\System\uFelyYI.exe

C:\Windows\System\uFelyYI.exe

C:\Windows\System\exdHBgx.exe

C:\Windows\System\exdHBgx.exe

C:\Windows\System\wqQUtUd.exe

C:\Windows\System\wqQUtUd.exe

C:\Windows\System\MqdmLNo.exe

C:\Windows\System\MqdmLNo.exe

C:\Windows\System\yJQzYVM.exe

C:\Windows\System\yJQzYVM.exe

C:\Windows\System\iuaQwOe.exe

C:\Windows\System\iuaQwOe.exe

C:\Windows\System\WHVVkfa.exe

C:\Windows\System\WHVVkfa.exe

C:\Windows\System\wojqqkl.exe

C:\Windows\System\wojqqkl.exe

C:\Windows\System\KYMVdMt.exe

C:\Windows\System\KYMVdMt.exe

C:\Windows\System\gzIeaxt.exe

C:\Windows\System\gzIeaxt.exe

C:\Windows\System\sLGlxpT.exe

C:\Windows\System\sLGlxpT.exe

C:\Windows\System\rfAocyj.exe

C:\Windows\System\rfAocyj.exe

C:\Windows\System\MlCvuMV.exe

C:\Windows\System\MlCvuMV.exe

C:\Windows\System\oZVrRLt.exe

C:\Windows\System\oZVrRLt.exe

C:\Windows\System\JECBWrb.exe

C:\Windows\System\JECBWrb.exe

C:\Windows\System\XcxShuj.exe

C:\Windows\System\XcxShuj.exe

C:\Windows\System\jCxKptd.exe

C:\Windows\System\jCxKptd.exe

C:\Windows\System\Tucfdwt.exe

C:\Windows\System\Tucfdwt.exe

C:\Windows\System\iRohGya.exe

C:\Windows\System\iRohGya.exe

C:\Windows\System\JXcwyEV.exe

C:\Windows\System\JXcwyEV.exe

C:\Windows\System\yHQlYco.exe

C:\Windows\System\yHQlYco.exe

C:\Windows\System\JaJrGQs.exe

C:\Windows\System\JaJrGQs.exe

C:\Windows\System\ODUhbPG.exe

C:\Windows\System\ODUhbPG.exe

C:\Windows\System\eGFuDko.exe

C:\Windows\System\eGFuDko.exe

C:\Windows\System\tcKSoKW.exe

C:\Windows\System\tcKSoKW.exe

C:\Windows\System\KxxxQuB.exe

C:\Windows\System\KxxxQuB.exe

C:\Windows\System\JrsqbRa.exe

C:\Windows\System\JrsqbRa.exe

C:\Windows\System\plZnZeA.exe

C:\Windows\System\plZnZeA.exe

C:\Windows\System\qXnIIxv.exe

C:\Windows\System\qXnIIxv.exe

C:\Windows\System\WmyiqJV.exe

C:\Windows\System\WmyiqJV.exe

C:\Windows\System\iXbIKPR.exe

C:\Windows\System\iXbIKPR.exe

C:\Windows\System\xzJmPnT.exe

C:\Windows\System\xzJmPnT.exe

C:\Windows\System\ckNhiDz.exe

C:\Windows\System\ckNhiDz.exe

C:\Windows\System\OBDuvsm.exe

C:\Windows\System\OBDuvsm.exe

C:\Windows\System\wfuwQUA.exe

C:\Windows\System\wfuwQUA.exe

C:\Windows\System\rlAnFCx.exe

C:\Windows\System\rlAnFCx.exe

C:\Windows\System\CtMxJNl.exe

C:\Windows\System\CtMxJNl.exe

C:\Windows\System\qiChgSV.exe

C:\Windows\System\qiChgSV.exe

C:\Windows\System\nXKCMCm.exe

C:\Windows\System\nXKCMCm.exe

C:\Windows\System\MNfJkrs.exe

C:\Windows\System\MNfJkrs.exe

C:\Windows\System\UHcFemX.exe

C:\Windows\System\UHcFemX.exe

C:\Windows\System\ccVmejb.exe

C:\Windows\System\ccVmejb.exe

C:\Windows\System\GqyHvVC.exe

C:\Windows\System\GqyHvVC.exe

C:\Windows\System\eXGAMmg.exe

C:\Windows\System\eXGAMmg.exe

C:\Windows\System\GqNDIVV.exe

C:\Windows\System\GqNDIVV.exe

C:\Windows\System\crvsRTw.exe

C:\Windows\System\crvsRTw.exe

C:\Windows\System\mTAMUSo.exe

C:\Windows\System\mTAMUSo.exe

C:\Windows\System\ctVzzwm.exe

C:\Windows\System\ctVzzwm.exe

C:\Windows\System\HIJipbY.exe

C:\Windows\System\HIJipbY.exe

C:\Windows\System\haMXhqh.exe

C:\Windows\System\haMXhqh.exe

C:\Windows\System\sfnUMDk.exe

C:\Windows\System\sfnUMDk.exe

C:\Windows\System\HDgJMjS.exe

C:\Windows\System\HDgJMjS.exe

C:\Windows\System\bNqYgKq.exe

C:\Windows\System\bNqYgKq.exe

C:\Windows\System\jhNMRDr.exe

C:\Windows\System\jhNMRDr.exe

C:\Windows\System\MgCKqQy.exe

C:\Windows\System\MgCKqQy.exe

C:\Windows\System\vjnrbKk.exe

C:\Windows\System\vjnrbKk.exe

C:\Windows\System\JRXxZRg.exe

C:\Windows\System\JRXxZRg.exe

C:\Windows\System\KTRqAqe.exe

C:\Windows\System\KTRqAqe.exe

C:\Windows\System\oIDnKTf.exe

C:\Windows\System\oIDnKTf.exe

C:\Windows\System\yHqrLQH.exe

C:\Windows\System\yHqrLQH.exe

C:\Windows\System\HidxqIi.exe

C:\Windows\System\HidxqIi.exe

C:\Windows\System\shlNNHP.exe

C:\Windows\System\shlNNHP.exe

C:\Windows\System\cibPrdn.exe

C:\Windows\System\cibPrdn.exe

C:\Windows\System\DhKwzuz.exe

C:\Windows\System\DhKwzuz.exe

C:\Windows\System\iNdGBlO.exe

C:\Windows\System\iNdGBlO.exe

C:\Windows\System\ibSHaYD.exe

C:\Windows\System\ibSHaYD.exe

C:\Windows\System\BkCzDfX.exe

C:\Windows\System\BkCzDfX.exe

C:\Windows\System\MflqPaK.exe

C:\Windows\System\MflqPaK.exe

C:\Windows\System\tQPcEkL.exe

C:\Windows\System\tQPcEkL.exe

C:\Windows\System\LUsnUds.exe

C:\Windows\System\LUsnUds.exe

C:\Windows\System\grWCGpv.exe

C:\Windows\System\grWCGpv.exe

C:\Windows\System\lMZkuzI.exe

C:\Windows\System\lMZkuzI.exe

C:\Windows\System\iZIiCaD.exe

C:\Windows\System\iZIiCaD.exe

C:\Windows\System\QFCUMhU.exe

C:\Windows\System\QFCUMhU.exe

C:\Windows\System\GKFJdJm.exe

C:\Windows\System\GKFJdJm.exe

C:\Windows\System\rWUCWSd.exe

C:\Windows\System\rWUCWSd.exe

C:\Windows\System\VSOQqBR.exe

C:\Windows\System\VSOQqBR.exe

C:\Windows\System\ldHrNwX.exe

C:\Windows\System\ldHrNwX.exe

C:\Windows\System\uLfLENw.exe

C:\Windows\System\uLfLENw.exe

C:\Windows\System\aiiwQUE.exe

C:\Windows\System\aiiwQUE.exe

C:\Windows\System\dPPyyTl.exe

C:\Windows\System\dPPyyTl.exe

C:\Windows\System\vDpysUd.exe

C:\Windows\System\vDpysUd.exe

C:\Windows\System\GPpkVCd.exe

C:\Windows\System\GPpkVCd.exe

C:\Windows\System\xpsWxce.exe

C:\Windows\System\xpsWxce.exe

C:\Windows\System\SIBbolg.exe

C:\Windows\System\SIBbolg.exe

C:\Windows\System\cAJgugn.exe

C:\Windows\System\cAJgugn.exe

C:\Windows\System\wvxokCR.exe

C:\Windows\System\wvxokCR.exe

C:\Windows\System\kHMPaFi.exe

C:\Windows\System\kHMPaFi.exe

C:\Windows\System\TetOmQt.exe

C:\Windows\System\TetOmQt.exe

C:\Windows\System\EENvxwY.exe

C:\Windows\System\EENvxwY.exe

C:\Windows\System\PTLKBjT.exe

C:\Windows\System\PTLKBjT.exe

C:\Windows\System\VxpCZwA.exe

C:\Windows\System\VxpCZwA.exe

C:\Windows\System\wtUVrjj.exe

C:\Windows\System\wtUVrjj.exe

C:\Windows\System\dKTarHM.exe

C:\Windows\System\dKTarHM.exe

C:\Windows\System\jnuKYuO.exe

C:\Windows\System\jnuKYuO.exe

C:\Windows\System\gBXnoRU.exe

C:\Windows\System\gBXnoRU.exe

C:\Windows\System\sZaYDmz.exe

C:\Windows\System\sZaYDmz.exe

C:\Windows\System\dYDObqr.exe

C:\Windows\System\dYDObqr.exe

C:\Windows\System\McAouXq.exe

C:\Windows\System\McAouXq.exe

C:\Windows\System\WEvYaWf.exe

C:\Windows\System\WEvYaWf.exe

C:\Windows\System\iapGcKY.exe

C:\Windows\System\iapGcKY.exe

C:\Windows\System\pVrDyvi.exe

C:\Windows\System\pVrDyvi.exe

C:\Windows\System\blhXuLa.exe

C:\Windows\System\blhXuLa.exe

C:\Windows\System\xUBsRfc.exe

C:\Windows\System\xUBsRfc.exe

C:\Windows\System\PPoTIUh.exe

C:\Windows\System\PPoTIUh.exe

C:\Windows\System\FSoOJcY.exe

C:\Windows\System\FSoOJcY.exe

C:\Windows\System\JmDStzj.exe

C:\Windows\System\JmDStzj.exe

C:\Windows\System\HHUBsoU.exe

C:\Windows\System\HHUBsoU.exe

C:\Windows\System\TPuSJHH.exe

C:\Windows\System\TPuSJHH.exe

C:\Windows\System\geldxUq.exe

C:\Windows\System\geldxUq.exe

C:\Windows\System\CHqYXRX.exe

C:\Windows\System\CHqYXRX.exe

C:\Windows\System\dFZFJBz.exe

C:\Windows\System\dFZFJBz.exe

C:\Windows\System\DLFOwwb.exe

C:\Windows\System\DLFOwwb.exe

C:\Windows\System\TRcujQl.exe

C:\Windows\System\TRcujQl.exe

C:\Windows\System\PELcvXQ.exe

C:\Windows\System\PELcvXQ.exe

C:\Windows\System\CpEEUXf.exe

C:\Windows\System\CpEEUXf.exe

C:\Windows\System\xDOvsGi.exe

C:\Windows\System\xDOvsGi.exe

C:\Windows\System\bXTErFw.exe

C:\Windows\System\bXTErFw.exe

C:\Windows\System\waBGqFp.exe

C:\Windows\System\waBGqFp.exe

C:\Windows\System\lTCfsAX.exe

C:\Windows\System\lTCfsAX.exe

C:\Windows\System\LVtbLUf.exe

C:\Windows\System\LVtbLUf.exe

C:\Windows\System\HayKnoz.exe

C:\Windows\System\HayKnoz.exe

C:\Windows\System\KxXXrfa.exe

C:\Windows\System\KxXXrfa.exe

C:\Windows\System\WwTVRwC.exe

C:\Windows\System\WwTVRwC.exe

C:\Windows\System\iIblDTv.exe

C:\Windows\System\iIblDTv.exe

C:\Windows\System\ewaWXBW.exe

C:\Windows\System\ewaWXBW.exe

C:\Windows\System\NaObKCq.exe

C:\Windows\System\NaObKCq.exe

C:\Windows\System\cdWxjkj.exe

C:\Windows\System\cdWxjkj.exe

C:\Windows\System\PTHgMtk.exe

C:\Windows\System\PTHgMtk.exe

C:\Windows\System\TXoMKJR.exe

C:\Windows\System\TXoMKJR.exe

C:\Windows\System\QXvpRSe.exe

C:\Windows\System\QXvpRSe.exe

C:\Windows\System\RZfxgrF.exe

C:\Windows\System\RZfxgrF.exe

C:\Windows\System\XSvCqgK.exe

C:\Windows\System\XSvCqgK.exe

C:\Windows\System\DkyNXUQ.exe

C:\Windows\System\DkyNXUQ.exe

C:\Windows\System\WynvPpD.exe

C:\Windows\System\WynvPpD.exe

C:\Windows\System\aDQywkl.exe

C:\Windows\System\aDQywkl.exe

C:\Windows\System\QnHlrHu.exe

C:\Windows\System\QnHlrHu.exe

C:\Windows\System\ZCOvkvW.exe

C:\Windows\System\ZCOvkvW.exe

C:\Windows\System\DSELmJR.exe

C:\Windows\System\DSELmJR.exe

C:\Windows\System\VuMyFNj.exe

C:\Windows\System\VuMyFNj.exe

C:\Windows\System\vXgKNkZ.exe

C:\Windows\System\vXgKNkZ.exe

C:\Windows\System\QaMSWEV.exe

C:\Windows\System\QaMSWEV.exe

C:\Windows\System\LeZlhRo.exe

C:\Windows\System\LeZlhRo.exe

C:\Windows\System\FMVHtUJ.exe

C:\Windows\System\FMVHtUJ.exe

C:\Windows\System\WWZKntW.exe

C:\Windows\System\WWZKntW.exe

C:\Windows\System\kEDOSyV.exe

C:\Windows\System\kEDOSyV.exe

C:\Windows\System\gXJhEWV.exe

C:\Windows\System\gXJhEWV.exe

C:\Windows\System\rSsSZDA.exe

C:\Windows\System\rSsSZDA.exe

C:\Windows\System\uQPCaUE.exe

C:\Windows\System\uQPCaUE.exe

C:\Windows\System\pPsAqaX.exe

C:\Windows\System\pPsAqaX.exe

C:\Windows\System\meykbug.exe

C:\Windows\System\meykbug.exe

C:\Windows\System\ungWQTD.exe

C:\Windows\System\ungWQTD.exe

C:\Windows\System\sZzBNDp.exe

C:\Windows\System\sZzBNDp.exe

C:\Windows\System\tmmuFfC.exe

C:\Windows\System\tmmuFfC.exe

C:\Windows\System\rJdNfFw.exe

C:\Windows\System\rJdNfFw.exe

C:\Windows\System\mTUnOpd.exe

C:\Windows\System\mTUnOpd.exe

C:\Windows\System\ryfDdTK.exe

C:\Windows\System\ryfDdTK.exe

C:\Windows\System\PbvUVQn.exe

C:\Windows\System\PbvUVQn.exe

C:\Windows\System\ZjFlNrq.exe

C:\Windows\System\ZjFlNrq.exe

C:\Windows\System\KTiVfuH.exe

C:\Windows\System\KTiVfuH.exe

C:\Windows\System\qkNOUME.exe

C:\Windows\System\qkNOUME.exe

C:\Windows\System\DCXzhaY.exe

C:\Windows\System\DCXzhaY.exe

C:\Windows\System\GOlLsKC.exe

C:\Windows\System\GOlLsKC.exe

C:\Windows\System\utFsijz.exe

C:\Windows\System\utFsijz.exe

C:\Windows\System\vmIYFxO.exe

C:\Windows\System\vmIYFxO.exe

C:\Windows\System\pVuQUAY.exe

C:\Windows\System\pVuQUAY.exe

C:\Windows\System\zeJkBuO.exe

C:\Windows\System\zeJkBuO.exe

C:\Windows\System\GLFxgEj.exe

C:\Windows\System\GLFxgEj.exe

C:\Windows\System\AxHsNBg.exe

C:\Windows\System\AxHsNBg.exe

C:\Windows\System\NHhPeLH.exe

C:\Windows\System\NHhPeLH.exe

C:\Windows\System\zzvwsFl.exe

C:\Windows\System\zzvwsFl.exe

C:\Windows\System\PoAxEdm.exe

C:\Windows\System\PoAxEdm.exe

C:\Windows\System\pEsmYvr.exe

C:\Windows\System\pEsmYvr.exe

C:\Windows\System\mhWNKps.exe

C:\Windows\System\mhWNKps.exe

C:\Windows\System\zhdZxZd.exe

C:\Windows\System\zhdZxZd.exe

C:\Windows\System\qNSocsP.exe

C:\Windows\System\qNSocsP.exe

C:\Windows\System\QGpBTQS.exe

C:\Windows\System\QGpBTQS.exe

C:\Windows\System\OccqYVB.exe

C:\Windows\System\OccqYVB.exe

C:\Windows\System\wvffDXx.exe

C:\Windows\System\wvffDXx.exe

C:\Windows\System\vQXFcyW.exe

C:\Windows\System\vQXFcyW.exe

C:\Windows\System\YCWOBrN.exe

C:\Windows\System\YCWOBrN.exe

C:\Windows\System\iTAQRNe.exe

C:\Windows\System\iTAQRNe.exe

C:\Windows\System\NvtHoQT.exe

C:\Windows\System\NvtHoQT.exe

C:\Windows\System\bjTwifu.exe

C:\Windows\System\bjTwifu.exe

C:\Windows\System\THTzuOU.exe

C:\Windows\System\THTzuOU.exe

C:\Windows\System\dcoMwFS.exe

C:\Windows\System\dcoMwFS.exe

C:\Windows\System\HsTRPHe.exe

C:\Windows\System\HsTRPHe.exe

C:\Windows\System\xvQWwLF.exe

C:\Windows\System\xvQWwLF.exe

C:\Windows\System\kpWhGAQ.exe

C:\Windows\System\kpWhGAQ.exe

C:\Windows\System\rERGBqL.exe

C:\Windows\System\rERGBqL.exe

C:\Windows\System\TKzjLQf.exe

C:\Windows\System\TKzjLQf.exe

C:\Windows\System\AFIDdzO.exe

C:\Windows\System\AFIDdzO.exe

C:\Windows\System\WepqgFI.exe

C:\Windows\System\WepqgFI.exe

C:\Windows\System\bALlbLl.exe

C:\Windows\System\bALlbLl.exe

C:\Windows\System\mgYNAZe.exe

C:\Windows\System\mgYNAZe.exe

C:\Windows\System\VEFepjd.exe

C:\Windows\System\VEFepjd.exe

C:\Windows\System\txANqyc.exe

C:\Windows\System\txANqyc.exe

C:\Windows\System\wpSRbTA.exe

C:\Windows\System\wpSRbTA.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2124-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\xyuqWWn.exe

MD5 122145ddcca375eeb277158f88f464ef
SHA1 fcdf587064a1951131ea9f4aa327e2d202d06995
SHA256 efbcfbf59d6cbdb5a18456619ba3107f1d3e7ab978e8cc9b46a43147fe5a4373
SHA512 76702394c21ec0fd894c6c520001b6ac8b1df01aa7e7eb220f206f8f37dfd38ef165dd3cc35d3eeb25cc4b820494ec3c5d15d50ce8f73cfd06558ae1fb93ac1c

memory/2124-9-0x000000013F620000-0x000000013F974000-memory.dmp

memory/3024-8-0x000000013F620000-0x000000013F974000-memory.dmp

memory/2124-6-0x000000013F0E0000-0x000000013F434000-memory.dmp

\Windows\system\gPhNtNN.exe

MD5 eb2614bff267f16e7faf880dbc0f7200
SHA1 609696fd71e6dec875abf805cac44dc70382f6cc
SHA256 fa6731f319addeef421652d431124c684a38df017118465959bfa5e273fa8bc7
SHA512 0391430ada7e56c4e30bd5c68bab1bd958cd337a4751343daa31404085ba1910ab5a808a75aa3a92ab177ecd45c507ad901570660c6167f5349fa31cababd787

memory/2124-13-0x000000013FDC0000-0x0000000140114000-memory.dmp

\Windows\system\cTfOSSw.exe

MD5 1e1470ee53607e10b23f4444dbf397e2
SHA1 4cd8dcecca41d27e4e20d6e8988c4a1945d1763b
SHA256 30ce13399243d5d378ca6109f357e3cd49510a4a11608516575b1aa45c9d0f7f
SHA512 00f84bd7b04e0bde18de4300b62f78123146eef2c5953b6122977f0e62f073a3db64ff9c15c0dba6804c46b6a78b353164f6a4836466aa8b52bcd5373cd1c423

C:\Windows\system\cECwrrn.exe

MD5 dcf9a06b2669a1b76072bde8a6fc4050
SHA1 df052e4610845351ff6a62af3bdcae2a744f29c5
SHA256 1040719b4e8ce15feaf631fbdea56c9fcf454f338ab72299fa8fcbdf527859ed
SHA512 43336a6a6a9a4ff67ba487417ba6b3ca12956140bfaec4a3693e816318a1ccd4e632670329029bd9520a1149adb7b792d27b2d653866ae463cb857d3e7456e5a

memory/2332-87-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2124-90-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2596-94-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2660-100-0x000000013FDE0000-0x0000000140134000-memory.dmp

C:\Windows\system\bovwDcJ.exe

MD5 2e5276ec6b5acb135b02c2b920e3dbb0
SHA1 5ef475cec17cbe6a43f739f54d8f6b33053ec3d4
SHA256 03f25d8fc1c667b2c0d2233abcd42e83c9d56d38eb6395afad6bc2e5d229ca99
SHA512 ca192d3e2c8fc433b3013a8eae16642aabc0159e8b9e75a43b5184d5ab1cfccc747cd772c0f6e47bd90ed54594f60358b844e5c18c0335da6c8d235b9dbb9c68

C:\Windows\system\zpJidsd.exe

MD5 e70a7bd77e4561b68e0e152755bfe17c
SHA1 2c65c93ea2d6ae4dd91a03b5514e05402cc2c582
SHA256 918767dc09bcab89f2ec2cfc921412500037d98430bf5f91571dfdfcb270522d
SHA512 462f8813a5f5332dba8da169e5574f2e1fc304787df16958df1249305e0b3a30d9ba266d11d435d731054351bcf5f60b0ef3e5fd5e04a82a9d0162b483c1bbf2

memory/2892-1070-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/3024-697-0x000000013F620000-0x000000013F974000-memory.dmp

memory/2124-341-0x000000013F0E0000-0x000000013F434000-memory.dmp

C:\Windows\system\uDRCpFT.exe

MD5 ec356734a32beb34d8ca1c58b4523202
SHA1 4f8782207d2242325f8e5200ef60009aa43d24c4
SHA256 b4599248a1699af8af2c08d58e4f84cafa3c7f5c71851436b1ea0d08a239f721
SHA512 1e812ff2ee5c40b3fed6d193a360ac5f6c760fadfd736cffdeef036169ba2aad7f41798830b6035bd7768e3db1624d378f54112cd952bd839fdb1a7096aab8d7

C:\Windows\system\MedWLmc.exe

MD5 f69116f9a4a469fa04834dae5d684fc3
SHA1 8203d9dd1363bb9a5a72ba1fe62a675eeae77b3e
SHA256 4e3f649d211af4e6011cbadc972d9e34a2ff11aadde8a9077efd7ec0f8fe94b1
SHA512 604c930c78d8d285ec69e37fa7035ce268849dbdf7411858d08c5d327bd3f3a9cd27a7867d8d3bb2cbc0e3a171e8fa3c3933f86b8a45aa96c5607347d711348e

C:\Windows\system\tHaerDg.exe

MD5 d567b94a4679260d2ef111962ffe1b24
SHA1 bb757ad0c8cf1b2a7f69116051ec4451e08db75e
SHA256 e431e3e6192b7f788975f2ecdbd1598961aea0daf8978fa118b2603bc553bdc2
SHA512 1c838505dfd2c2d9d3cecb0a6d6d75c11757886f7369b94dfec6d35c5713d97ca6ae10d59eaa1f5485a9ab3aebd65f0b51076b575a5e7e98727fce6d45452012

C:\Windows\system\xJPDzsw.exe

MD5 4e248ee7ac2212e12c60246acd0ab764
SHA1 170738467c68358f464b584ba3b9cc27fb25f30e
SHA256 518c4c5249d32448e20c2f503f84caf6167756cee278ea2369a6ae384d8a976f
SHA512 982b1973ed64a9c5595cb61f801a70fed0c5c159ae26431ccc3d9ad5baaca2f4aa8e2b304e2f4393f7da169ae86e4d4042e82682d44ed58471efecd1aad4a923

C:\Windows\system\NGfmBuU.exe

MD5 36ca2aa935cb235eaae5d801a623be73
SHA1 81db9e3f2cddabf445e6911cf14a836fa3947b8d
SHA256 ff530afe91797a0172cdbae759f5a76f8e08d72915480e484c4b376917136da5
SHA512 d9717bd301688be6db7bbadc167620ba0c0dd36277148c7928dd1e7f2d39e8b4ae08d7c7bfea36da2c26631a500b3b7f230c01feafb00b0b503090d10c884cc4

C:\Windows\system\wMzRCfk.exe

MD5 a37be9d26c1c1cad24fb1a8d5a85dc43
SHA1 6223d24716eef6f40b692f5507312340636a150b
SHA256 97fd4404d8a1fdf258024d31596891a8a9af967d77e63a380861129e89a8fb33
SHA512 23b7d9a0d778f2e748a2da6e127d7892aaae9f620ade87c3cb70b99ca5d9a895eb93cd7821b926e7a689d800955876b114341cf17687fb0fdb495b6c3ebcca3f

C:\Windows\system\QKYKrzF.exe

MD5 cf573c81381cd62ff05fda5ea730e2b1
SHA1 725ac6c9cff48721102b716197f5e41c420a19e7
SHA256 c0359a4445fe273f713bb0d90b0971f54456afeb8a07eddb1ec6164cde355d64
SHA512 bcb485a662da407a770c5d20e8a0e50102455340d6297b4f513d34296e537186bb7432fcad18dcb120c302284f77e223980f3413af5b529ac4ca661e242e071a

C:\Windows\system\VQFPjcL.exe

MD5 bb98b4dc0087655b1652e0e8617dfc7a
SHA1 ac123b5a4272ba3ea4756b2bfc15f0ea1cf61bcb
SHA256 4ad04083fc9ade069a9846507a77b87219e165600307d63b47efd42d3ed34afb
SHA512 69a9904c8813f5525afb64d1282dd95baa27b02c933198c5ad68df63fe1da2adb3b26442c0ee7f3f67014f454cb326878e41d9b5b39d734f381c54b8ca878a0e

C:\Windows\system\OzhXsak.exe

MD5 089940355cd33efa36088219f05532d6
SHA1 c9b60397f6bbfaade8b6c4dc21f2b7355c6dd995
SHA256 d2e5905fd72334c0a835cb836222ddeb5db19d8050e31a84fcd787dc3803ff0b
SHA512 a7237d7ca9ecd90ba999ec61579ff53c4ef38c95f65845af3481e2fcad6f62e9118500f366cbc1469714e0f8f81684f82ec4283cf0f235fdc20a0f2217d143d7

\Windows\system\jmVFHbm.exe

MD5 7677939f44010e13d624cf1600edbe45
SHA1 f9546c5106375e5c7e660b1b7b345ddbd6637a45
SHA256 18c5c08aa8c4fcbbaa37256379ebeca29f2a2b67e34be9ebd5a2272ebf6eb6e9
SHA512 083f9954200380edc7aa0313c217ad98e66a9ca52e7c878028eb2703b2dddcdb4fd847caf628d2dc0e76252edcffd4e71e9cc3f592a96ebf2bd265581c638c8b

C:\Windows\system\diZPAyD.exe

MD5 9b2762f1656e518aaae2dcb30dae0df4
SHA1 562bb9ff84cf3653d79b788862b332a68f82238c
SHA256 77211735cda6bb1a928f8e108439dac752b2f526707ba0b13f4964a810f7d3f5
SHA512 0dfa48e28e557263a3e1f8baec4c364f612d39dd896ab6fe62a2abb2e940ec6b5ddf7b0d410e5340209fdf0a1498da3b53e73abc226d458df64a29050e39863d

C:\Windows\system\aeNVEDc.exe

MD5 ada27edf2081dd1a8d22cdbf5e60b857
SHA1 3d350d585f48a868c1452d15c596be601a052b37
SHA256 4c43d4d199de439f5fab64ce5c833de16220ac4018351201880efa6e1f52c8a8
SHA512 8f6c3a762bfb06d95bb7a4055bc1e14ab074c1858942922941bb002f72a4469a39b2be08dae138c3fe1aaed453cd007c95b993bf108a1210d6e3844493532f67

C:\Windows\system\ejCYzzM.exe

MD5 fd3c576db552913ecde3ecba07461fb9
SHA1 f0148ad7378720c51033b8e8fe43f883dbd750a2
SHA256 58019dfe4e37e7b55ed75150341091277b5a5a2ad81f754cf20945b2c65b5569
SHA512 ad4e986d26063c3cdf0158a48949da75093901f1a937847ea358a3e3e3d13934b094fb137f897787b8f0e3ad6c78f8ff7d58fb102f87238b9c73b24a6bb3e054

C:\Windows\system\usOiurk.exe

MD5 70a6439ac9833e0400a635ff37174b63
SHA1 96486df0fbb84bab582b4bf5df5fef7ebea21b1e
SHA256 239ccc7ada4045242c83b7354e3294d98529a79937ef17c27db0801812bb8b16
SHA512 bc7d50739f7afc2e6aa93310ac62403f3a011488d436e405948f42c8e12aae0e9bab1422271bc38fe71d9e77857b78b5a8968700e5b88494e9133a4be571b647

\Windows\system\eGNIGyJ.exe

MD5 a81a9c808fed22b576107b0027cf58c2
SHA1 2b392b2de1a2c6ed59196f440c0327cad4ccaa81
SHA256 f26a64215b36516e9eb783ec00ddabe6d7181f418a73479e4fa7813897b7e709
SHA512 e99edfd53efe9af164c64afc9bfe400d379bf89ec3640d085ad055f1142a80a2e37543e185e9daa6245f3918837ed96de351915bfe0abfc53f65ba528c8ed839

C:\Windows\system\NllbQjS.exe

MD5 77677adb6b9ce735a84433272ae76418
SHA1 053194c14f13867275c1fd7e1708145ac5591ca8
SHA256 e99816ee5ba044623aa8e524eefd019072e7a7b6639d857ccb5de278bde42ceb
SHA512 1b305a159f728ef56f835ddde8cadf4148fbb3aea06d11bd58915fd2e3b858cabb078c5cae510a9158579806990dec831209a50a7b7fa44aa14f27d0b9a1556d

C:\Windows\system\GHFyBre.exe

MD5 47725338ede7c8bf13c5d66bd33f6ea1
SHA1 3a19f03e9b5c86e6bce5be82ced38c74bafdf7c3
SHA256 66fe40dd34d22a4bd7aca7adf5c8999ba99e3fb13d66c606580104a9c58e2c40
SHA512 73aa194bc057738d11c8fb92ebaa12ff2e2352637c11c3c6324aac09ff4804501a49139aafa57c3347a2a4c3703b904ffa2a21796fc233daf1c71eef909a549c

\Windows\system\MfaHYri.exe

MD5 18bcfc443f7a6ba5679d102efa9a5224
SHA1 0240fd24dcf6b035ae8724c07e22578934b9be6c
SHA256 64f145c3f694765df26348a3af2526ea36f0118e4be73df2751b1be654aed4a1
SHA512 a663ab12969c27b6cb841257c5daf7d9cd7f38ae3763875d6df3837613ca299a241f784e2b0a906dd2fe6e08eb460b51832cbf059092d57d45e19394edf4dc5e

memory/2124-48-0x000000013FC10000-0x000000013FF64000-memory.dmp

C:\Windows\system\gKhHHzl.exe

MD5 6886916a2757d4cb7beedaddbcd4ed43
SHA1 097fd6fab73f6e478edc9d53b84f161a743387d3
SHA256 241c521c40156ff0b1be8cac0b307e2273e6839f313de872631beed9cd17bf52
SHA512 c7c42d5974b4002b133155828fec4f70f91c2d15ed49aa3c9145443ccb6ae91691fd5c60bd5630cf42fa443c89f5a2d5f85826c5f33e4fd154ad1b6cedea4642

C:\Windows\system\mqoupzy.exe

MD5 7adbffb7bbd6203deae5779345cccaf0
SHA1 bd708d69206d8f04e30a1d0e9e7e07bb610826a9
SHA256 902b0ee284ebe56cf6be6e9ebd1fc802b92b14d1341c3d7cd2819ba0e2f61cfc
SHA512 37b19075118d7515898b8e60c5e4eccd5ccd90c6c9d48d3641126d10f6dcea64f8535a9d2d34cd26193b4734f88deec2f7293cba531c34c2098c1be776160624

C:\Windows\system\eKSewdy.exe

MD5 243e7d624516e3b2155923c6caea71db
SHA1 b07135ba00220934c4fb92cee1d25ca220e3f5da
SHA256 c1810e3bfc6e8e042d748fe4b6ca8ab4472df574fb2d291dbc50566d45d1ff74
SHA512 defb5da6a32e757170febd83e038e004a2eb9bfe062253f6e9fd952b17882428d65f9d00ff28a3d5b5934b95b8797da9bb1f895909a97779011559cc05e55f61

memory/2124-38-0x000000013FDE0000-0x0000000140134000-memory.dmp

\Windows\system\QixQIBM.exe

MD5 236ad69b64c652233e482da2f3f11655
SHA1 27e67f53893e6d37351509bc9c2ebd4b09c487eb
SHA256 1298d817765cc0fe43f6f73b1c257f4ecb8d873414a3aa53fee9e8b77170e216
SHA512 2af07644af88f67a7bf0290354c1b6ce4b1a9b3ffaff6cd7b76748aa8efabea38f19e5b88c15be79ab052817b1476044265da835d302f5d76be912ad90241494

C:\Windows\system\tusrclj.exe

MD5 38e675d451dee33aeb6e2bb7ffc99f1a
SHA1 b32c3cce5270825347ee5425ba8e3bd5f4f2338a
SHA256 311af831a398711c2fc58e50885278f3a56c14bb22b9cda1abc1879ee965a689
SHA512 4d1ee47f3af3970e3cabfd80b9f3af2e018140020d9c06e302b2e0ae633ecff94bb5b5606c6a3a7375292606e111c7e320edd67669e1e465a154583b6063949d

memory/2620-101-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2124-31-0x000000013FBE0000-0x000000013FF34000-memory.dmp

\Windows\system\DYYZZqK.exe

MD5 6bacdfee856269da2d52fdc4a026cb5b
SHA1 b683ad3700b593c51cd2ada94057fd93b1033afe
SHA256 d4e27c89e2aab0d0acf0e9beecbefef561e70bee4e6c5519cb4f076b42df98ce
SHA512 e71a5f72241e698df84cbcd77f327c3fd855323f874e87cf770a4f77f037cd80c8d9257e36a08d92e032e078341f83def3f4521e55aa45df0bc14bf2169e669c

memory/2696-99-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2124-24-0x000000013F860000-0x000000013FBB4000-memory.dmp

\Windows\system\lDqChCd.exe

MD5 79094650c1d2f552b595a7faee8d59c3
SHA1 b2cec639af715780e15564efa2b5639b91e713c7
SHA256 c7607d6c7ea127ef108e76a2436a5f5f571749872edfb857f2248460be576fe8
SHA512 dc608b19fb1f68207a4e1027d6d9cfb9e8b186169a0309f998670f8e2a7fc6d595dfaebb3fd39281d1535428aea3e4256844863cca4d91bd14fe281888819de7

memory/2556-93-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2124-92-0x000000013FA30000-0x000000013FD84000-memory.dmp

memory/2124-91-0x000000013F760000-0x000000013FAB4000-memory.dmp

memory/2124-89-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2084-88-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/2124-86-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2124-85-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2796-80-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2880-79-0x000000013F720000-0x000000013FA74000-memory.dmp

C:\Windows\system\ojQwPuh.exe

MD5 c5aa6095b876addd8a952bc29b14c459
SHA1 95c0b4ecdd08411974bac8fda778a76848e747f5
SHA256 74f9b16877683cfcabaf27cd04139e2feecbb86209833331c9e87828c2c55bb6
SHA512 ce9c048a6b3e3ef48fd3f7ca68568d3693f401ace5ff690881f9a4af49ee5fb9b08ce3570a04c48ba91e60c636515505203a89a147b5139dcdfaf1c93c5c236b

memory/2124-76-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2904-71-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2780-64-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2124-53-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2124-35-0x00000000020C0000-0x0000000002414000-memory.dmp

memory/2124-1071-0x00000000020C0000-0x0000000002414000-memory.dmp

memory/2124-1072-0x00000000020C0000-0x0000000002414000-memory.dmp

memory/2124-1073-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2780-1074-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2696-1075-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2620-1076-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/3024-1077-0x000000013F620000-0x000000013F974000-memory.dmp

memory/2892-1078-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2780-1079-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2904-1080-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2084-1081-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/2880-1083-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2796-1082-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2556-1085-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2332-1084-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2660-1086-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2696-1088-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2620-1087-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2596-1089-0x000000013F860000-0x000000013FBB4000-memory.dmp