Malware Analysis Report

2024-10-10 09:49

Sample ID 240619-1tmb3atcpb
Target 0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe
SHA256 0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972

Threat Level: Known bad

The file 0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Kpot family

xmrig

KPOT Core Executable

Xmrig family

XMRig Miner payload

KPOT

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 21:56

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 21:56

Reported

2024-06-19 21:59

Platform

win7-20240508-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\HkCGeiK.exe N/A
N/A N/A C:\Windows\System\TVNqxIv.exe N/A
N/A N/A C:\Windows\System\PsafyEH.exe N/A
N/A N/A C:\Windows\System\THyPZVV.exe N/A
N/A N/A C:\Windows\System\EJMAdgA.exe N/A
N/A N/A C:\Windows\System\TDZkazk.exe N/A
N/A N/A C:\Windows\System\BXvfimv.exe N/A
N/A N/A C:\Windows\System\GNpRcqZ.exe N/A
N/A N/A C:\Windows\System\NaUCjme.exe N/A
N/A N/A C:\Windows\System\NBGcKlu.exe N/A
N/A N/A C:\Windows\System\rqKrfPp.exe N/A
N/A N/A C:\Windows\System\vAlgzjR.exe N/A
N/A N/A C:\Windows\System\cEaUFAi.exe N/A
N/A N/A C:\Windows\System\fBfYhfX.exe N/A
N/A N/A C:\Windows\System\pMimPSu.exe N/A
N/A N/A C:\Windows\System\yvzCule.exe N/A
N/A N/A C:\Windows\System\CreZUQg.exe N/A
N/A N/A C:\Windows\System\bPwdfla.exe N/A
N/A N/A C:\Windows\System\EGHdOiS.exe N/A
N/A N/A C:\Windows\System\GqTZEzn.exe N/A
N/A N/A C:\Windows\System\gdrOefW.exe N/A
N/A N/A C:\Windows\System\AtIGvMC.exe N/A
N/A N/A C:\Windows\System\kHRNGuw.exe N/A
N/A N/A C:\Windows\System\OiTusJy.exe N/A
N/A N/A C:\Windows\System\xoSINjw.exe N/A
N/A N/A C:\Windows\System\wKzdsHw.exe N/A
N/A N/A C:\Windows\System\xYnJGUv.exe N/A
N/A N/A C:\Windows\System\hGkKzxz.exe N/A
N/A N/A C:\Windows\System\usszgCu.exe N/A
N/A N/A C:\Windows\System\uIsdjhH.exe N/A
N/A N/A C:\Windows\System\LRCLGRd.exe N/A
N/A N/A C:\Windows\System\MTyfbul.exe N/A
N/A N/A C:\Windows\System\zexGOsr.exe N/A
N/A N/A C:\Windows\System\SLBUsRM.exe N/A
N/A N/A C:\Windows\System\YIFigQn.exe N/A
N/A N/A C:\Windows\System\CFmZOmn.exe N/A
N/A N/A C:\Windows\System\EwTlyUJ.exe N/A
N/A N/A C:\Windows\System\utpCrGR.exe N/A
N/A N/A C:\Windows\System\HaqvEvz.exe N/A
N/A N/A C:\Windows\System\OGMegOA.exe N/A
N/A N/A C:\Windows\System\heZfNyA.exe N/A
N/A N/A C:\Windows\System\KdUIpaf.exe N/A
N/A N/A C:\Windows\System\PZBQFsc.exe N/A
N/A N/A C:\Windows\System\cVEjCzm.exe N/A
N/A N/A C:\Windows\System\JkNpzHS.exe N/A
N/A N/A C:\Windows\System\SiljVgX.exe N/A
N/A N/A C:\Windows\System\fwbOtmh.exe N/A
N/A N/A C:\Windows\System\WPchlWL.exe N/A
N/A N/A C:\Windows\System\InpYJfg.exe N/A
N/A N/A C:\Windows\System\XeASziU.exe N/A
N/A N/A C:\Windows\System\IcGoyzP.exe N/A
N/A N/A C:\Windows\System\QWlTsqZ.exe N/A
N/A N/A C:\Windows\System\uMbDGli.exe N/A
N/A N/A C:\Windows\System\lcAatEx.exe N/A
N/A N/A C:\Windows\System\mEWADTw.exe N/A
N/A N/A C:\Windows\System\UfCmrUF.exe N/A
N/A N/A C:\Windows\System\tZrnoKb.exe N/A
N/A N/A C:\Windows\System\mFxDReP.exe N/A
N/A N/A C:\Windows\System\yOZrqrL.exe N/A
N/A N/A C:\Windows\System\TybxLgc.exe N/A
N/A N/A C:\Windows\System\dheznUL.exe N/A
N/A N/A C:\Windows\System\gKsfbrE.exe N/A
N/A N/A C:\Windows\System\qyMJZmz.exe N/A
N/A N/A C:\Windows\System\SjTdkyF.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EJMAdgA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzXvsgk.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\gfqxEyY.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVEjCzm.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBHWSNa.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\htbFBIK.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\mQMeAXA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYMmdLr.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\sOOWtQh.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJxycol.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\ncAkVij.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSYKQMV.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\GNpRcqZ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFNgUiF.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHiEdbq.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfpCCin.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxceWLZ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoSINjw.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYnJGUv.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRGvHEL.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\zijBuyC.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsZhsXA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFYlwji.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\DzVRkQH.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyPhghv.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMoIEjv.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\YPdcckP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzGalaD.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XygCRiP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\znsbkTr.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsafyEH.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\InpYJfg.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XygveZC.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\xjdjxGm.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAyCYAo.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUTVPzJ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRSVywS.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkNpzHS.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGmMgyh.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhmTRLc.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\zmRtyzl.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\okKFWJr.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGMegOA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcvmFjR.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLPbubK.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIFigQn.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZvAOrP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBtuwLo.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzWrNWY.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFxSFly.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxnHMvb.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\yyqpvZM.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\InFRWEL.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyIFQKD.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhwTXwi.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfWXzlt.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkMgtYC.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\GelpmiM.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDrAUNQ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\vDkppFF.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTcoVVK.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHazjEC.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyhcQvk.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSzwYNM.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\HkCGeiK.exe
PID 1600 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\HkCGeiK.exe
PID 1600 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\HkCGeiK.exe
PID 1600 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TVNqxIv.exe
PID 1600 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TVNqxIv.exe
PID 1600 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TVNqxIv.exe
PID 1600 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\PsafyEH.exe
PID 1600 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\PsafyEH.exe
PID 1600 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\PsafyEH.exe
PID 1600 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\THyPZVV.exe
PID 1600 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\THyPZVV.exe
PID 1600 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\THyPZVV.exe
PID 1600 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EJMAdgA.exe
PID 1600 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EJMAdgA.exe
PID 1600 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EJMAdgA.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TDZkazk.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TDZkazk.exe
PID 1600 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TDZkazk.exe
PID 1600 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\BXvfimv.exe
PID 1600 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\BXvfimv.exe
PID 1600 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\BXvfimv.exe
PID 1600 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NaUCjme.exe
PID 1600 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NaUCjme.exe
PID 1600 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NaUCjme.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GNpRcqZ.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GNpRcqZ.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GNpRcqZ.exe
PID 1600 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NBGcKlu.exe
PID 1600 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NBGcKlu.exe
PID 1600 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NBGcKlu.exe
PID 1600 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\rqKrfPp.exe
PID 1600 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\rqKrfPp.exe
PID 1600 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\rqKrfPp.exe
PID 1600 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\vAlgzjR.exe
PID 1600 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\vAlgzjR.exe
PID 1600 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\vAlgzjR.exe
PID 1600 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\cEaUFAi.exe
PID 1600 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\cEaUFAi.exe
PID 1600 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\cEaUFAi.exe
PID 1600 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\fBfYhfX.exe
PID 1600 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\fBfYhfX.exe
PID 1600 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\fBfYhfX.exe
PID 1600 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\pMimPSu.exe
PID 1600 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\pMimPSu.exe
PID 1600 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\pMimPSu.exe
PID 1600 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\yvzCule.exe
PID 1600 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\yvzCule.exe
PID 1600 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\yvzCule.exe
PID 1600 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\CreZUQg.exe
PID 1600 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\CreZUQg.exe
PID 1600 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\CreZUQg.exe
PID 1600 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\bPwdfla.exe
PID 1600 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\bPwdfla.exe
PID 1600 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\bPwdfla.exe
PID 1600 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EGHdOiS.exe
PID 1600 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EGHdOiS.exe
PID 1600 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EGHdOiS.exe
PID 1600 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GqTZEzn.exe
PID 1600 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GqTZEzn.exe
PID 1600 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GqTZEzn.exe
PID 1600 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\gdrOefW.exe
PID 1600 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\gdrOefW.exe
PID 1600 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\gdrOefW.exe
PID 1600 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\AtIGvMC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe"

C:\Windows\System\HkCGeiK.exe

C:\Windows\System\HkCGeiK.exe

C:\Windows\System\TVNqxIv.exe

C:\Windows\System\TVNqxIv.exe

C:\Windows\System\PsafyEH.exe

C:\Windows\System\PsafyEH.exe

C:\Windows\System\THyPZVV.exe

C:\Windows\System\THyPZVV.exe

C:\Windows\System\EJMAdgA.exe

C:\Windows\System\EJMAdgA.exe

C:\Windows\System\TDZkazk.exe

C:\Windows\System\TDZkazk.exe

C:\Windows\System\BXvfimv.exe

C:\Windows\System\BXvfimv.exe

C:\Windows\System\NaUCjme.exe

C:\Windows\System\NaUCjme.exe

C:\Windows\System\GNpRcqZ.exe

C:\Windows\System\GNpRcqZ.exe

C:\Windows\System\NBGcKlu.exe

C:\Windows\System\NBGcKlu.exe

C:\Windows\System\rqKrfPp.exe

C:\Windows\System\rqKrfPp.exe

C:\Windows\System\vAlgzjR.exe

C:\Windows\System\vAlgzjR.exe

C:\Windows\System\cEaUFAi.exe

C:\Windows\System\cEaUFAi.exe

C:\Windows\System\fBfYhfX.exe

C:\Windows\System\fBfYhfX.exe

C:\Windows\System\pMimPSu.exe

C:\Windows\System\pMimPSu.exe

C:\Windows\System\yvzCule.exe

C:\Windows\System\yvzCule.exe

C:\Windows\System\CreZUQg.exe

C:\Windows\System\CreZUQg.exe

C:\Windows\System\bPwdfla.exe

C:\Windows\System\bPwdfla.exe

C:\Windows\System\EGHdOiS.exe

C:\Windows\System\EGHdOiS.exe

C:\Windows\System\GqTZEzn.exe

C:\Windows\System\GqTZEzn.exe

C:\Windows\System\gdrOefW.exe

C:\Windows\System\gdrOefW.exe

C:\Windows\System\AtIGvMC.exe

C:\Windows\System\AtIGvMC.exe

C:\Windows\System\kHRNGuw.exe

C:\Windows\System\kHRNGuw.exe

C:\Windows\System\OiTusJy.exe

C:\Windows\System\OiTusJy.exe

C:\Windows\System\xoSINjw.exe

C:\Windows\System\xoSINjw.exe

C:\Windows\System\wKzdsHw.exe

C:\Windows\System\wKzdsHw.exe

C:\Windows\System\xYnJGUv.exe

C:\Windows\System\xYnJGUv.exe

C:\Windows\System\hGkKzxz.exe

C:\Windows\System\hGkKzxz.exe

C:\Windows\System\usszgCu.exe

C:\Windows\System\usszgCu.exe

C:\Windows\System\uIsdjhH.exe

C:\Windows\System\uIsdjhH.exe

C:\Windows\System\LRCLGRd.exe

C:\Windows\System\LRCLGRd.exe

C:\Windows\System\MTyfbul.exe

C:\Windows\System\MTyfbul.exe

C:\Windows\System\zexGOsr.exe

C:\Windows\System\zexGOsr.exe

C:\Windows\System\SLBUsRM.exe

C:\Windows\System\SLBUsRM.exe

C:\Windows\System\YIFigQn.exe

C:\Windows\System\YIFigQn.exe

C:\Windows\System\CFmZOmn.exe

C:\Windows\System\CFmZOmn.exe

C:\Windows\System\EwTlyUJ.exe

C:\Windows\System\EwTlyUJ.exe

C:\Windows\System\utpCrGR.exe

C:\Windows\System\utpCrGR.exe

C:\Windows\System\HaqvEvz.exe

C:\Windows\System\HaqvEvz.exe

C:\Windows\System\OGMegOA.exe

C:\Windows\System\OGMegOA.exe

C:\Windows\System\heZfNyA.exe

C:\Windows\System\heZfNyA.exe

C:\Windows\System\KdUIpaf.exe

C:\Windows\System\KdUIpaf.exe

C:\Windows\System\PZBQFsc.exe

C:\Windows\System\PZBQFsc.exe

C:\Windows\System\cVEjCzm.exe

C:\Windows\System\cVEjCzm.exe

C:\Windows\System\JkNpzHS.exe

C:\Windows\System\JkNpzHS.exe

C:\Windows\System\SiljVgX.exe

C:\Windows\System\SiljVgX.exe

C:\Windows\System\fwbOtmh.exe

C:\Windows\System\fwbOtmh.exe

C:\Windows\System\WPchlWL.exe

C:\Windows\System\WPchlWL.exe

C:\Windows\System\InpYJfg.exe

C:\Windows\System\InpYJfg.exe

C:\Windows\System\XeASziU.exe

C:\Windows\System\XeASziU.exe

C:\Windows\System\IcGoyzP.exe

C:\Windows\System\IcGoyzP.exe

C:\Windows\System\QWlTsqZ.exe

C:\Windows\System\QWlTsqZ.exe

C:\Windows\System\uMbDGli.exe

C:\Windows\System\uMbDGli.exe

C:\Windows\System\lcAatEx.exe

C:\Windows\System\lcAatEx.exe

C:\Windows\System\mEWADTw.exe

C:\Windows\System\mEWADTw.exe

C:\Windows\System\UfCmrUF.exe

C:\Windows\System\UfCmrUF.exe

C:\Windows\System\tZrnoKb.exe

C:\Windows\System\tZrnoKb.exe

C:\Windows\System\mFxDReP.exe

C:\Windows\System\mFxDReP.exe

C:\Windows\System\yOZrqrL.exe

C:\Windows\System\yOZrqrL.exe

C:\Windows\System\TybxLgc.exe

C:\Windows\System\TybxLgc.exe

C:\Windows\System\dheznUL.exe

C:\Windows\System\dheznUL.exe

C:\Windows\System\gKsfbrE.exe

C:\Windows\System\gKsfbrE.exe

C:\Windows\System\qyMJZmz.exe

C:\Windows\System\qyMJZmz.exe

C:\Windows\System\SjTdkyF.exe

C:\Windows\System\SjTdkyF.exe

C:\Windows\System\zcitoIL.exe

C:\Windows\System\zcitoIL.exe

C:\Windows\System\MTpOzaU.exe

C:\Windows\System\MTpOzaU.exe

C:\Windows\System\ibDmKJR.exe

C:\Windows\System\ibDmKJR.exe

C:\Windows\System\QKwRSlk.exe

C:\Windows\System\QKwRSlk.exe

C:\Windows\System\BkoBXCp.exe

C:\Windows\System\BkoBXCp.exe

C:\Windows\System\BfaEDPI.exe

C:\Windows\System\BfaEDPI.exe

C:\Windows\System\owSEYMT.exe

C:\Windows\System\owSEYMT.exe

C:\Windows\System\QqxQzcL.exe

C:\Windows\System\QqxQzcL.exe

C:\Windows\System\rwYcHtb.exe

C:\Windows\System\rwYcHtb.exe

C:\Windows\System\rcvmFjR.exe

C:\Windows\System\rcvmFjR.exe

C:\Windows\System\ZpxXCgk.exe

C:\Windows\System\ZpxXCgk.exe

C:\Windows\System\PELevju.exe

C:\Windows\System\PELevju.exe

C:\Windows\System\WWrSRtu.exe

C:\Windows\System\WWrSRtu.exe

C:\Windows\System\VyWsOsa.exe

C:\Windows\System\VyWsOsa.exe

C:\Windows\System\imoaMDQ.exe

C:\Windows\System\imoaMDQ.exe

C:\Windows\System\fmcIkIl.exe

C:\Windows\System\fmcIkIl.exe

C:\Windows\System\yQtSbdI.exe

C:\Windows\System\yQtSbdI.exe

C:\Windows\System\okUxKMS.exe

C:\Windows\System\okUxKMS.exe

C:\Windows\System\WGdOJru.exe

C:\Windows\System\WGdOJru.exe

C:\Windows\System\SzXvsgk.exe

C:\Windows\System\SzXvsgk.exe

C:\Windows\System\dBSskBa.exe

C:\Windows\System\dBSskBa.exe

C:\Windows\System\vFYlwji.exe

C:\Windows\System\vFYlwji.exe

C:\Windows\System\gZXOZQo.exe

C:\Windows\System\gZXOZQo.exe

C:\Windows\System\yNgutDj.exe

C:\Windows\System\yNgutDj.exe

C:\Windows\System\WYBHOib.exe

C:\Windows\System\WYBHOib.exe

C:\Windows\System\flItxbA.exe

C:\Windows\System\flItxbA.exe

C:\Windows\System\cbzPWPH.exe

C:\Windows\System\cbzPWPH.exe

C:\Windows\System\tXersdd.exe

C:\Windows\System\tXersdd.exe

C:\Windows\System\Vhwuhwy.exe

C:\Windows\System\Vhwuhwy.exe

C:\Windows\System\xemZFhz.exe

C:\Windows\System\xemZFhz.exe

C:\Windows\System\QmcyHlY.exe

C:\Windows\System\QmcyHlY.exe

C:\Windows\System\zIGmkRb.exe

C:\Windows\System\zIGmkRb.exe

C:\Windows\System\lFegvuy.exe

C:\Windows\System\lFegvuy.exe

C:\Windows\System\pZvAOrP.exe

C:\Windows\System\pZvAOrP.exe

C:\Windows\System\ebbdEmv.exe

C:\Windows\System\ebbdEmv.exe

C:\Windows\System\aCtaypk.exe

C:\Windows\System\aCtaypk.exe

C:\Windows\System\JoqxSci.exe

C:\Windows\System\JoqxSci.exe

C:\Windows\System\DwKRKqS.exe

C:\Windows\System\DwKRKqS.exe

C:\Windows\System\CACWPvu.exe

C:\Windows\System\CACWPvu.exe

C:\Windows\System\kSjtIcU.exe

C:\Windows\System\kSjtIcU.exe

C:\Windows\System\NtewtmF.exe

C:\Windows\System\NtewtmF.exe

C:\Windows\System\cFIIiGP.exe

C:\Windows\System\cFIIiGP.exe

C:\Windows\System\VjLuZsm.exe

C:\Windows\System\VjLuZsm.exe

C:\Windows\System\ASwaXIn.exe

C:\Windows\System\ASwaXIn.exe

C:\Windows\System\OBfDboA.exe

C:\Windows\System\OBfDboA.exe

C:\Windows\System\kLGMjeO.exe

C:\Windows\System\kLGMjeO.exe

C:\Windows\System\uweOBfR.exe

C:\Windows\System\uweOBfR.exe

C:\Windows\System\DzVRkQH.exe

C:\Windows\System\DzVRkQH.exe

C:\Windows\System\qKOQKbG.exe

C:\Windows\System\qKOQKbG.exe

C:\Windows\System\XygveZC.exe

C:\Windows\System\XygveZC.exe

C:\Windows\System\FHVuZYS.exe

C:\Windows\System\FHVuZYS.exe

C:\Windows\System\JlYgONM.exe

C:\Windows\System\JlYgONM.exe

C:\Windows\System\fWgiCmq.exe

C:\Windows\System\fWgiCmq.exe

C:\Windows\System\xjdjxGm.exe

C:\Windows\System\xjdjxGm.exe

C:\Windows\System\dDHaIPU.exe

C:\Windows\System\dDHaIPU.exe

C:\Windows\System\LBtuwLo.exe

C:\Windows\System\LBtuwLo.exe

C:\Windows\System\edMYtis.exe

C:\Windows\System\edMYtis.exe

C:\Windows\System\eCJRwAw.exe

C:\Windows\System\eCJRwAw.exe

C:\Windows\System\GvUccBz.exe

C:\Windows\System\GvUccBz.exe

C:\Windows\System\YIHQVhq.exe

C:\Windows\System\YIHQVhq.exe

C:\Windows\System\XJbPsjV.exe

C:\Windows\System\XJbPsjV.exe

C:\Windows\System\vYBcWxb.exe

C:\Windows\System\vYBcWxb.exe

C:\Windows\System\xCygJyv.exe

C:\Windows\System\xCygJyv.exe

C:\Windows\System\vxHFTkI.exe

C:\Windows\System\vxHFTkI.exe

C:\Windows\System\WyPhghv.exe

C:\Windows\System\WyPhghv.exe

C:\Windows\System\qYfWYol.exe

C:\Windows\System\qYfWYol.exe

C:\Windows\System\KFKwBgA.exe

C:\Windows\System\KFKwBgA.exe

C:\Windows\System\ORvkJvW.exe

C:\Windows\System\ORvkJvW.exe

C:\Windows\System\XVyLxCC.exe

C:\Windows\System\XVyLxCC.exe

C:\Windows\System\HggLRHz.exe

C:\Windows\System\HggLRHz.exe

C:\Windows\System\erdksKq.exe

C:\Windows\System\erdksKq.exe

C:\Windows\System\uFNgUiF.exe

C:\Windows\System\uFNgUiF.exe

C:\Windows\System\XXricvX.exe

C:\Windows\System\XXricvX.exe

C:\Windows\System\iGmMgyh.exe

C:\Windows\System\iGmMgyh.exe

C:\Windows\System\kxnHMvb.exe

C:\Windows\System\kxnHMvb.exe

C:\Windows\System\mNmGBqa.exe

C:\Windows\System\mNmGBqa.exe

C:\Windows\System\uHiEdbq.exe

C:\Windows\System\uHiEdbq.exe

C:\Windows\System\DoRKsPg.exe

C:\Windows\System\DoRKsPg.exe

C:\Windows\System\vcotzjl.exe

C:\Windows\System\vcotzjl.exe

C:\Windows\System\NoxTtoF.exe

C:\Windows\System\NoxTtoF.exe

C:\Windows\System\yyqpvZM.exe

C:\Windows\System\yyqpvZM.exe

C:\Windows\System\XAyCYAo.exe

C:\Windows\System\XAyCYAo.exe

C:\Windows\System\lRGvHEL.exe

C:\Windows\System\lRGvHEL.exe

C:\Windows\System\FpuTGfI.exe

C:\Windows\System\FpuTGfI.exe

C:\Windows\System\KBHWSNa.exe

C:\Windows\System\KBHWSNa.exe

C:\Windows\System\dfxpzys.exe

C:\Windows\System\dfxpzys.exe

C:\Windows\System\jZWFjRf.exe

C:\Windows\System\jZWFjRf.exe

C:\Windows\System\IHoCjzp.exe

C:\Windows\System\IHoCjzp.exe

C:\Windows\System\DdNVQAg.exe

C:\Windows\System\DdNVQAg.exe

C:\Windows\System\vDkppFF.exe

C:\Windows\System\vDkppFF.exe

C:\Windows\System\luFNKcr.exe

C:\Windows\System\luFNKcr.exe

C:\Windows\System\qhwTXwi.exe

C:\Windows\System\qhwTXwi.exe

C:\Windows\System\htbFBIK.exe

C:\Windows\System\htbFBIK.exe

C:\Windows\System\TVpHNFd.exe

C:\Windows\System\TVpHNFd.exe

C:\Windows\System\AJWXWNM.exe

C:\Windows\System\AJWXWNM.exe

C:\Windows\System\FblEROO.exe

C:\Windows\System\FblEROO.exe

C:\Windows\System\OOrcZGj.exe

C:\Windows\System\OOrcZGj.exe

C:\Windows\System\GFnQTKq.exe

C:\Windows\System\GFnQTKq.exe

C:\Windows\System\WpIXrKo.exe

C:\Windows\System\WpIXrKo.exe

C:\Windows\System\VMoIEjv.exe

C:\Windows\System\VMoIEjv.exe

C:\Windows\System\wXowmuf.exe

C:\Windows\System\wXowmuf.exe

C:\Windows\System\HoUKYxK.exe

C:\Windows\System\HoUKYxK.exe

C:\Windows\System\zDsCbSs.exe

C:\Windows\System\zDsCbSs.exe

C:\Windows\System\VskMpjw.exe

C:\Windows\System\VskMpjw.exe

C:\Windows\System\dJcPHeh.exe

C:\Windows\System\dJcPHeh.exe

C:\Windows\System\ENnZPIj.exe

C:\Windows\System\ENnZPIj.exe

C:\Windows\System\RTcoVVK.exe

C:\Windows\System\RTcoVVK.exe

C:\Windows\System\zDFDpVr.exe

C:\Windows\System\zDFDpVr.exe

C:\Windows\System\NishaDn.exe

C:\Windows\System\NishaDn.exe

C:\Windows\System\VGPLmfj.exe

C:\Windows\System\VGPLmfj.exe

C:\Windows\System\hdZDKPb.exe

C:\Windows\System\hdZDKPb.exe

C:\Windows\System\OTUyPzj.exe

C:\Windows\System\OTUyPzj.exe

C:\Windows\System\bzGalaD.exe

C:\Windows\System\bzGalaD.exe

C:\Windows\System\cdUocyq.exe

C:\Windows\System\cdUocyq.exe

C:\Windows\System\jyMDbzF.exe

C:\Windows\System\jyMDbzF.exe

C:\Windows\System\iWMjqUJ.exe

C:\Windows\System\iWMjqUJ.exe

C:\Windows\System\CSBGWEW.exe

C:\Windows\System\CSBGWEW.exe

C:\Windows\System\FHazjEC.exe

C:\Windows\System\FHazjEC.exe

C:\Windows\System\kjRWOaS.exe

C:\Windows\System\kjRWOaS.exe

C:\Windows\System\sOOWtQh.exe

C:\Windows\System\sOOWtQh.exe

C:\Windows\System\rSamJiN.exe

C:\Windows\System\rSamJiN.exe

C:\Windows\System\HRQUusx.exe

C:\Windows\System\HRQUusx.exe

C:\Windows\System\wctYFYM.exe

C:\Windows\System\wctYFYM.exe

C:\Windows\System\QnkcFFm.exe

C:\Windows\System\QnkcFFm.exe

C:\Windows\System\mQMeAXA.exe

C:\Windows\System\mQMeAXA.exe

C:\Windows\System\GwnXjKt.exe

C:\Windows\System\GwnXjKt.exe

C:\Windows\System\HDhUzJl.exe

C:\Windows\System\HDhUzJl.exe

C:\Windows\System\RmxOevb.exe

C:\Windows\System\RmxOevb.exe

C:\Windows\System\ZxJEqNZ.exe

C:\Windows\System\ZxJEqNZ.exe

C:\Windows\System\yEgiGAK.exe

C:\Windows\System\yEgiGAK.exe

C:\Windows\System\tjceEEs.exe

C:\Windows\System\tjceEEs.exe

C:\Windows\System\TmeeydP.exe

C:\Windows\System\TmeeydP.exe

C:\Windows\System\vCnVmib.exe

C:\Windows\System\vCnVmib.exe

C:\Windows\System\ZvDbuuQ.exe

C:\Windows\System\ZvDbuuQ.exe

C:\Windows\System\XygCRiP.exe

C:\Windows\System\XygCRiP.exe

C:\Windows\System\JTgznaL.exe

C:\Windows\System\JTgznaL.exe

C:\Windows\System\PkvSvQW.exe

C:\Windows\System\PkvSvQW.exe

C:\Windows\System\vLPbubK.exe

C:\Windows\System\vLPbubK.exe

C:\Windows\System\JHjgRiL.exe

C:\Windows\System\JHjgRiL.exe

C:\Windows\System\KTRkEFZ.exe

C:\Windows\System\KTRkEFZ.exe

C:\Windows\System\znsbkTr.exe

C:\Windows\System\znsbkTr.exe

C:\Windows\System\UIBrwil.exe

C:\Windows\System\UIBrwil.exe

C:\Windows\System\XUTVPzJ.exe

C:\Windows\System\XUTVPzJ.exe

C:\Windows\System\IQkeluy.exe

C:\Windows\System\IQkeluy.exe

C:\Windows\System\plHjlPW.exe

C:\Windows\System\plHjlPW.exe

C:\Windows\System\TbXUqaG.exe

C:\Windows\System\TbXUqaG.exe

C:\Windows\System\OHSVlzR.exe

C:\Windows\System\OHSVlzR.exe

C:\Windows\System\UsbSxRy.exe

C:\Windows\System\UsbSxRy.exe

C:\Windows\System\eTiLvtz.exe

C:\Windows\System\eTiLvtz.exe

C:\Windows\System\utzYoHg.exe

C:\Windows\System\utzYoHg.exe

C:\Windows\System\pCqSphR.exe

C:\Windows\System\pCqSphR.exe

C:\Windows\System\LcuzjEn.exe

C:\Windows\System\LcuzjEn.exe

C:\Windows\System\YPdcckP.exe

C:\Windows\System\YPdcckP.exe

C:\Windows\System\VwulOrf.exe

C:\Windows\System\VwulOrf.exe

C:\Windows\System\DQxbmKM.exe

C:\Windows\System\DQxbmKM.exe

C:\Windows\System\iJUtvSR.exe

C:\Windows\System\iJUtvSR.exe

C:\Windows\System\jEVpNgn.exe

C:\Windows\System\jEVpNgn.exe

C:\Windows\System\aeBzHYH.exe

C:\Windows\System\aeBzHYH.exe

C:\Windows\System\NxhanjA.exe

C:\Windows\System\NxhanjA.exe

C:\Windows\System\UqjvRcG.exe

C:\Windows\System\UqjvRcG.exe

C:\Windows\System\XfpCCin.exe

C:\Windows\System\XfpCCin.exe

C:\Windows\System\NlNggDq.exe

C:\Windows\System\NlNggDq.exe

C:\Windows\System\nCjWqeS.exe

C:\Windows\System\nCjWqeS.exe

C:\Windows\System\MTntoAR.exe

C:\Windows\System\MTntoAR.exe

C:\Windows\System\JBUIBhF.exe

C:\Windows\System\JBUIBhF.exe

C:\Windows\System\OZPavAY.exe

C:\Windows\System\OZPavAY.exe

C:\Windows\System\VguhBQY.exe

C:\Windows\System\VguhBQY.exe

C:\Windows\System\rGcXUHo.exe

C:\Windows\System\rGcXUHo.exe

C:\Windows\System\tfeQOsD.exe

C:\Windows\System\tfeQOsD.exe

C:\Windows\System\uwAJvvU.exe

C:\Windows\System\uwAJvvU.exe

C:\Windows\System\LrTOMLe.exe

C:\Windows\System\LrTOMLe.exe

C:\Windows\System\yCmyRlV.exe

C:\Windows\System\yCmyRlV.exe

C:\Windows\System\xNzgtvi.exe

C:\Windows\System\xNzgtvi.exe

C:\Windows\System\PGFlzkP.exe

C:\Windows\System\PGFlzkP.exe

C:\Windows\System\PzWrNWY.exe

C:\Windows\System\PzWrNWY.exe

C:\Windows\System\fhmTRLc.exe

C:\Windows\System\fhmTRLc.exe

C:\Windows\System\IkYPWkW.exe

C:\Windows\System\IkYPWkW.exe

C:\Windows\System\rMWVuoS.exe

C:\Windows\System\rMWVuoS.exe

C:\Windows\System\eoZJMWt.exe

C:\Windows\System\eoZJMWt.exe

C:\Windows\System\vINUcqx.exe

C:\Windows\System\vINUcqx.exe

C:\Windows\System\KGUmJzr.exe

C:\Windows\System\KGUmJzr.exe

C:\Windows\System\poEhimQ.exe

C:\Windows\System\poEhimQ.exe

C:\Windows\System\ONPIVHf.exe

C:\Windows\System\ONPIVHf.exe

C:\Windows\System\KTNzWhp.exe

C:\Windows\System\KTNzWhp.exe

C:\Windows\System\UtNTtsw.exe

C:\Windows\System\UtNTtsw.exe

C:\Windows\System\OoquYiz.exe

C:\Windows\System\OoquYiz.exe

C:\Windows\System\PjxMDNh.exe

C:\Windows\System\PjxMDNh.exe

C:\Windows\System\AHuLqRV.exe

C:\Windows\System\AHuLqRV.exe

C:\Windows\System\envKkkU.exe

C:\Windows\System\envKkkU.exe

C:\Windows\System\gGRoxCu.exe

C:\Windows\System\gGRoxCu.exe

C:\Windows\System\ZxceWLZ.exe

C:\Windows\System\ZxceWLZ.exe

C:\Windows\System\ZneLQor.exe

C:\Windows\System\ZneLQor.exe

C:\Windows\System\kdkmBkW.exe

C:\Windows\System\kdkmBkW.exe

C:\Windows\System\rMgbGtV.exe

C:\Windows\System\rMgbGtV.exe

C:\Windows\System\pjtJvUc.exe

C:\Windows\System\pjtJvUc.exe

C:\Windows\System\rEmuUuq.exe

C:\Windows\System\rEmuUuq.exe

C:\Windows\System\FJeajve.exe

C:\Windows\System\FJeajve.exe

C:\Windows\System\uiyWDET.exe

C:\Windows\System\uiyWDET.exe

C:\Windows\System\UbcdYCT.exe

C:\Windows\System\UbcdYCT.exe

C:\Windows\System\uFdKLTG.exe

C:\Windows\System\uFdKLTG.exe

C:\Windows\System\jaIcvsM.exe

C:\Windows\System\jaIcvsM.exe

C:\Windows\System\dEYpEQT.exe

C:\Windows\System\dEYpEQT.exe

C:\Windows\System\bcNQWrj.exe

C:\Windows\System\bcNQWrj.exe

C:\Windows\System\gjdMNCO.exe

C:\Windows\System\gjdMNCO.exe

C:\Windows\System\zmRtyzl.exe

C:\Windows\System\zmRtyzl.exe

C:\Windows\System\ZwRNmEo.exe

C:\Windows\System\ZwRNmEo.exe

C:\Windows\System\ncAkVij.exe

C:\Windows\System\ncAkVij.exe

C:\Windows\System\BYltKdf.exe

C:\Windows\System\BYltKdf.exe

C:\Windows\System\oZwvhxr.exe

C:\Windows\System\oZwvhxr.exe

C:\Windows\System\ZFepAAo.exe

C:\Windows\System\ZFepAAo.exe

C:\Windows\System\AQwruMT.exe

C:\Windows\System\AQwruMT.exe

C:\Windows\System\eYMmdLr.exe

C:\Windows\System\eYMmdLr.exe

C:\Windows\System\zsZhsXA.exe

C:\Windows\System\zsZhsXA.exe

C:\Windows\System\khJqiMo.exe

C:\Windows\System\khJqiMo.exe

C:\Windows\System\DMStCMy.exe

C:\Windows\System\DMStCMy.exe

C:\Windows\System\QUXrsCW.exe

C:\Windows\System\QUXrsCW.exe

C:\Windows\System\VOCyZRy.exe

C:\Windows\System\VOCyZRy.exe

C:\Windows\System\FknSWXB.exe

C:\Windows\System\FknSWXB.exe

C:\Windows\System\jFxSFly.exe

C:\Windows\System\jFxSFly.exe

C:\Windows\System\tRUYePA.exe

C:\Windows\System\tRUYePA.exe

C:\Windows\System\vGFlFmV.exe

C:\Windows\System\vGFlFmV.exe

C:\Windows\System\okKFWJr.exe

C:\Windows\System\okKFWJr.exe

C:\Windows\System\NqlwJsO.exe

C:\Windows\System\NqlwJsO.exe

C:\Windows\System\YUXHiDP.exe

C:\Windows\System\YUXHiDP.exe

C:\Windows\System\cSYKQMV.exe

C:\Windows\System\cSYKQMV.exe

C:\Windows\System\JoWtVkz.exe

C:\Windows\System\JoWtVkz.exe

C:\Windows\System\iyhcQvk.exe

C:\Windows\System\iyhcQvk.exe

C:\Windows\System\OYPoFxu.exe

C:\Windows\System\OYPoFxu.exe

C:\Windows\System\gSzwYNM.exe

C:\Windows\System\gSzwYNM.exe

C:\Windows\System\pfWXzlt.exe

C:\Windows\System\pfWXzlt.exe

C:\Windows\System\KtYiRhb.exe

C:\Windows\System\KtYiRhb.exe

C:\Windows\System\CLTXUpl.exe

C:\Windows\System\CLTXUpl.exe

C:\Windows\System\slVvPaQ.exe

C:\Windows\System\slVvPaQ.exe

C:\Windows\System\xyfibTu.exe

C:\Windows\System\xyfibTu.exe

C:\Windows\System\GWhlfmC.exe

C:\Windows\System\GWhlfmC.exe

C:\Windows\System\xmwLzge.exe

C:\Windows\System\xmwLzge.exe

C:\Windows\System\HoBmIPu.exe

C:\Windows\System\HoBmIPu.exe

C:\Windows\System\QXAlasJ.exe

C:\Windows\System\QXAlasJ.exe

C:\Windows\System\hLzFKRo.exe

C:\Windows\System\hLzFKRo.exe

C:\Windows\System\tnbczMG.exe

C:\Windows\System\tnbczMG.exe

C:\Windows\System\oXRiAik.exe

C:\Windows\System\oXRiAik.exe

C:\Windows\System\ohHncrf.exe

C:\Windows\System\ohHncrf.exe

C:\Windows\System\XJgyOzS.exe

C:\Windows\System\XJgyOzS.exe

C:\Windows\System\LCPLMrn.exe

C:\Windows\System\LCPLMrn.exe

C:\Windows\System\kJxycol.exe

C:\Windows\System\kJxycol.exe

C:\Windows\System\gfqxEyY.exe

C:\Windows\System\gfqxEyY.exe

C:\Windows\System\InFRWEL.exe

C:\Windows\System\InFRWEL.exe

C:\Windows\System\KTEjiIz.exe

C:\Windows\System\KTEjiIz.exe

C:\Windows\System\MxwZzaF.exe

C:\Windows\System\MxwZzaF.exe

C:\Windows\System\fRSVywS.exe

C:\Windows\System\fRSVywS.exe

C:\Windows\System\DyIFQKD.exe

C:\Windows\System\DyIFQKD.exe

C:\Windows\System\bkMgtYC.exe

C:\Windows\System\bkMgtYC.exe

C:\Windows\System\hosdHiQ.exe

C:\Windows\System\hosdHiQ.exe

C:\Windows\System\ZYQjxGF.exe

C:\Windows\System\ZYQjxGF.exe

C:\Windows\System\DRgHjAd.exe

C:\Windows\System\DRgHjAd.exe

C:\Windows\System\GelpmiM.exe

C:\Windows\System\GelpmiM.exe

C:\Windows\System\zijBuyC.exe

C:\Windows\System\zijBuyC.exe

C:\Windows\System\OCDHvkI.exe

C:\Windows\System\OCDHvkI.exe

C:\Windows\System\WrgQpSQ.exe

C:\Windows\System\WrgQpSQ.exe

C:\Windows\System\XDrAUNQ.exe

C:\Windows\System\XDrAUNQ.exe

C:\Windows\System\IMtEMek.exe

C:\Windows\System\IMtEMek.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1600-0-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/1600-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\HkCGeiK.exe

MD5 a87956afaa92875024e2528f86f6bf26
SHA1 7b5068927893f87d7958e9014561b48b395ab5b0
SHA256 0179d7cc3bb4cfca3988d614f31524cde276a767f9077aac24af04c4fe8874e4
SHA512 685d0e460e1976eb4c4c2bdb90f2f5a4cb378be32db5d192ac78e0d35f9a8c7aa7f1a0f8c34dd0a4de28ae2ed55ddc9f0511f77439b5612bdbb72048d8196044

memory/1672-9-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1600-8-0x000000013F120000-0x000000013F474000-memory.dmp

C:\Windows\system\TVNqxIv.exe

MD5 7323cf81a9b3af3c60dea9c70cbc7ef8
SHA1 8b77b2f689c4ccacc0d1809e76b1da598a054c6d
SHA256 eb985f97bbfa06093eb871e85ed2859799f53afbdb257ab1b13193a92f9d55f4
SHA512 13662ce72225c9c8034828edd23192a71ecf93c5d8888294de32788f6419cdb1cf193313f23db41905c6dbf6503301c0705b17c174250dca8ae3b5161c040e6f

memory/3060-15-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/1600-20-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2636-22-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\THyPZVV.exe

MD5 7a2009fcbf5bfdc7444743451721b8d0
SHA1 8b04b21ca3361e8064f30c872f0a06c9cf08452f
SHA256 89af8fea02a62fd412e570a7faa427126f510da2039b1ba2d151dc26af1a435b
SHA512 e00bab566b1937ad3e4452490daa19d4b7bd1492dd440476ab88f7eeec4fa3d45d1a1bea003e82d4086b7be10fc1dc098feadb7d98e967c1e439c75721ae81d4

C:\Windows\system\EJMAdgA.exe

MD5 c1f8528bc473481712075bf241b9c7bd
SHA1 de11a708338dbd277e18f31d6ea8a9e87c4ab545
SHA256 601ff331af1defc1ee21d17ca1d9861f940a385454f9419be470ba4efa881431
SHA512 d2aaf20cbea68de0f7471006e0cbb70cd7cbe182f8ef96db5ef79f4c336caa1723274840ec0326eb15668b15a1d0fc60f35936ff5fb59691f15fe5fb291bc122

C:\Windows\system\BXvfimv.exe

MD5 5a9ac23bb10bb9d9d828240ad1a78752
SHA1 f0c1aa2bb089e25d1a4edfe551cf4c668160919d
SHA256 c930b24d16567cdf50f7a1025192c2d6cf154751002281fb26b40bc73f96a4ad
SHA512 07c1286d4df37c77bf8f87fa69f5e68525e225560404e4c2fe1a28d61df1288d8099b3a17fd456a302b52f176275160af8759a3629cc3f59479cbb93796b824b

C:\Windows\system\TDZkazk.exe

MD5 19ce06aa33225acc0dbe066a68671e99
SHA1 17143fc9a90c9584e036dae9b99c4a51ebd05692
SHA256 d7577fda12d6c4a911d6036cf5901ed542ce368485e1428daef9e6b9daedae4d
SHA512 d1a69355dd228c028928e6a4b17d3fee4f61b61189d7c555e2eef668142ca3cb123bc9daad1eeef000b906eed872a03794b13f134ea190dcf4c45512ceab2285

\Windows\system\NaUCjme.exe

MD5 083609931b36211f79ac598a23313b05
SHA1 d3c0f0d21bf211262eb86eb8db1c7abef9c347f3
SHA256 a5cbdb7336f5d322eab152b3dc2543a928af48c82f18962914929fc58c06f902
SHA512 65260144687272eed7e6ea9543c66e4b8317c0daeeb52b68e2497f02e8b021eec89db9c6e4f775428d1573dcf5ee027d1948c7449c0ee0973a69648be7ee3389

C:\Windows\system\rqKrfPp.exe

MD5 251bc9d20b744ab88db76c8411ff9c01
SHA1 d95fbc58a0db1522da92c2107941b3951dcac7e2
SHA256 bb9998d9be7bbc5fbf59f95bd6ac9a52c935b5000f7b0a99fa66cb719658f083
SHA512 7ed3cce42cdac3bc11132f31a43eb8ba9694eccb44087b188fd2e14ac00c831d674cc8173f2d084be5d87ae81beaf0c635fd07b261d8eeee44182da7f218c0bf

memory/1600-79-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/3004-84-0x000000013F1D0000-0x000000013F524000-memory.dmp

\Windows\system\fBfYhfX.exe

MD5 22943117b8dedb12e633ecf8a45dcf6d
SHA1 c9941cb6b21b7bb6cf27a22e84f61d05568de5f6
SHA256 be555d139e15e8fb3b4551bdfc9252ac2956ffabe917e1822846a240a22dfff9
SHA512 bfb594512bf4366b4329fcd0bd5578e355c740a75072d1bd61f02d31ea45372bcec4ca9049d0e463981c5cf213afc931d002ac9cae464c8c0dc13b734d355ad0

memory/2772-100-0x000000013F070000-0x000000013F3C4000-memory.dmp

C:\Windows\system\gdrOefW.exe

MD5 6a3be24f6e2043423a29b892a6a22ba1
SHA1 9daddd09fde847676a72dc83e5b5dcc93c5ec967
SHA256 6743a9eac0d217f9710904b85a74d358857c27ca5b89459435c8ea57483e53b3
SHA512 d9570d068812f187813a6445067b44605a0aac43d1ba97771b7e25b5ed207dd55b028157e1e79c0482517b503519c78d9835f5c475ea82a4d51293ae6023de09

memory/2624-697-0x000000013F6D0000-0x000000013FA24000-memory.dmp

C:\Windows\system\MTyfbul.exe

MD5 79550df9e78bb1c7bd28c98032f852d2
SHA1 58f166f3d7e2f2912f1c8deb6ce845cc8fc4a1b5
SHA256 141e21c4cfa9eb9f7047075fb9bd244ad97370eb4defdc285337bba41ae18003
SHA512 1a0e3408391d35fd9b50b69ec4c303f5181ba54a29839e635326be53403db1b1c2aff97f5c103190777568050b77d53e09c3445e3cdc8e728d858d739821c43a

C:\Windows\system\LRCLGRd.exe

MD5 f0ecc7772a3908e31c1b2054be556029
SHA1 5f5d3e87c40379850e6bae2f8e1b297dbbe99c63
SHA256 0c938233cd25c1cd51325f3028f8ed62eb469ebf3124ce87cfa20b19d8ccb261
SHA512 5ad54a59ce934ff9e64744888b8ff0897e390774215fd2d468c88777b47e9815e9b57371d019bbf28de6e8aed395ed9b23127bf4409e37c9cb5e44527131d57d

C:\Windows\system\uIsdjhH.exe

MD5 86c3ade09d9244665b66c0157c7f72c9
SHA1 351a96bd87471c2db6da9215c27560b177ad467a
SHA256 2c48c8a033975e4034e6d4d1f8fcad2123eb5fde199df888c1fa5ea669623323
SHA512 815b79de26f737813f1cb33f5ad313d094392a6b92ba1e3b26718cdd4fc8f946bb33e853f57bd4ba82ba138acb32fa816c9ea50124331d717af787473b90b3e3

C:\Windows\system\usszgCu.exe

MD5 42bcea215e6d946b7789810c09507b91
SHA1 f12ec2b9958087a5ebd1070e9d9332b93cddfb4f
SHA256 483e5700c7d6e0834160cb7d2fccae55c83130fc205ceaf08f7038acbcc80d78
SHA512 e3d26b00f2aa86a04d541131fb268232935ebd7288b05455cdf53a7ff38a6eb41f7b94596aa8354f54c683db27967d5665b7d72425cc99a142e465a949b7f539

C:\Windows\system\hGkKzxz.exe

MD5 d8c6f152dffc557d20e1d69d11414089
SHA1 3105d6e0d97033225d406f47df5d4478cf33aa43
SHA256 49807ee3a446e34aeae25a9830effb415755e6d493f3f36d0cf59a5cf457e9f8
SHA512 fe47b15724276f3931a8d868023bc13407f79b1bdee463953528eababecebea9d5835a953bad869619b7f46f95252e418c966a39eda474233609d4a28fa7753c

C:\Windows\system\xYnJGUv.exe

MD5 ba87df49651ffe4827a0a648cac4263b
SHA1 046067e2b3086f269d6a58377482266b5b52898b
SHA256 3527a8e7535a4c06b8b9625990bcf75d2f13b03320c2967e2f7de22a4e918d99
SHA512 e42dcae1bc10570f045af94ddd560e296a8719a85ef5fa4061b1a233479bbaee2a59adb6a29580e30cd9b8eecf5f19de002e050bade57cee7036e8e2976aac15

C:\Windows\system\wKzdsHw.exe

MD5 720de3d66188038f92fdd839001441b3
SHA1 1481b9d46310137a9a629910f4bd67db8d180391
SHA256 9a5c301fefa61d975f7463475266f2e883bbb12066435e2a548aff4e983cb242
SHA512 71b88d462da830e3baea56a94a645eea7da549ba0804da773455b6d8f5e5d302a45468d02fa2bc1d7569add17be8fec4005e56a98a54f45c50240b68165ea3b5

C:\Windows\system\OiTusJy.exe

MD5 a982c01bf57b538089fa2b58bc150c5e
SHA1 fd128e4bfa559c66411063681b0cb21cecf5f285
SHA256 3985347fafd987b985dfdf24c3f83223d4c88f729a0ac0fe70f9bc1b98c16854
SHA512 ad5c2a782581de6435cc7c2536829b419b45469db9fef096a096c010fbbacd8b45f729f464bbde4d60d9d0f3ff7b5ee663c83237f44a24fb1c2baa4c9797fcb8

C:\Windows\system\xoSINjw.exe

MD5 b0bcf81b0b0ffc827ab0927f7add80e6
SHA1 9d189799d8c769eddbcb8ac020c09e15397d2870
SHA256 396f59e5001495fdf8ee97e8692a80ddc21f7c307b0e74d85934d520c827f055
SHA512 bb8adfcf7140dbe862204c4a6aa02b7a65bf7a73e70b395aca912d84dbd93b947187766de6eea8fb84dbbe5be6a0368333564cd6904850c945ce0a565e333b1d

C:\Windows\system\kHRNGuw.exe

MD5 51d0d76317cbbc8b812df56a68c10cb4
SHA1 bd7c2253e5bc93eefaf3043bc048ccdb7a38f3e6
SHA256 6a7140a0f7e235b0b96012c74029a077fa351091f9c3c0d0936453d7811079e1
SHA512 3301033860c74eb8302f2bf70a56b94c1cdec6b57fe6e924117a2fd9bc07df1796fa37b85e0a2577c92c266a9729ba3f80b9f7821f2143afb289c34752ceb0dd

C:\Windows\system\AtIGvMC.exe

MD5 89d22aa2af2cac6efa48080a94f2dc84
SHA1 c9a6ac327f46f533aa5cb89f7be25f23e6b48810
SHA256 819ef42e1ead473dafe05eeb49e967d8b2a95c2b6b17e9df24629437334fb1b2
SHA512 67a6f8f0392c119ee24f1208ca77f62876f733aa87829d93f0e760773cd5f49d8847bc88c5deaee0615dc4e432f2b4312ff2c3a5d9c628fea97f376ff7a01fa0

C:\Windows\system\GqTZEzn.exe

MD5 fc678911a08582fd1eab04d51132a30e
SHA1 f10e93eb7605d08adba0d864701a7a64b6e1fe14
SHA256 08138ece3e62b65f89518ece189a0eed10b126eec9a4e275d2338f213bb0c845
SHA512 0581e4f271d14fe5bb8e4ed6663fd8d6c68a23e6e6661bc6b905c59d8c22c592a92447e354b547e6cdb22248fda0f7397f5afa76bee831c3ff58ab1bc73cad21

C:\Windows\system\EGHdOiS.exe

MD5 cd418f18cf62d495f50b28fe1286a437
SHA1 294fa29851339a358a7d346b0cbe1cc81e1c5b0f
SHA256 37bbb7aa6ef531b30d7e62628a0b2fff05470604dc9099f2a74bb0cb5be238c6
SHA512 ea4c291ef5090a64335c1d163bc5be9e8e438e2a13035bf1f6b1009d4d266e53b76530366c1d4c1a566e8545c910727917cd6860af790180a33fc2bed9e8f7b4

C:\Windows\system\bPwdfla.exe

MD5 653e0f09cffeb16ee01996df8925a221
SHA1 18eefe25e4f335ed1d926c7b163c7b3415ffe07c
SHA256 bd48586bae8e9c68237c8463eaaed012073431c94c61d635be583df3b1f01f7c
SHA512 13d67805f21ab768a0ac535f17ed5e316ff59dd8bcf249c953ea84c4c9b510a944892772e013ac178a2d53687e48cd319721e6ebc9b1d5e7aa7470ff297a3cf2

C:\Windows\system\CreZUQg.exe

MD5 310b95277be4954dbb23b3d6839b6f84
SHA1 0311615cfff2e1e273f3d00e194b3e2050062052
SHA256 b399a70b18d74e75ad1e2e42ed77cc3d3d926483e876f87d8e12739d2303d2dd
SHA512 0e5cd2a8ec6ff25f093714717b1bf720c5b915f62389353d36acb4929b0793b9d00260a039f9965af5a7436569b12a6f7bd9ef6c6207a3ecbe03a90c0d447bac

C:\Windows\system\yvzCule.exe

MD5 b48921d5ddb3a855e621c6554affd563
SHA1 9a863832966d1137526217ada2c3acb2ef2c2c28
SHA256 83ebca9ecb87eedd99482b1b018d8b10950103b82412a38431b5334688deddc4
SHA512 28484d7da841ecee1ab022243feb2879bac22e75c47e8080490a08ec988be4bd89203dfdfb4722613debfd78fcf736c543fbe1c4d94d311146a60c0380adb851

memory/1600-108-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2640-107-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1552-101-0x000000013F600000-0x000000013F954000-memory.dmp

C:\Windows\system\pMimPSu.exe

MD5 d1a07bf1928f69593aec7906812a9757
SHA1 0d6e24c2310a605497e19a578d37de8c54e532e1
SHA256 2e7cbeae30d93e0e2d75d05ea8cc44f62b5a62251377d0e5ca463a40673e97f0
SHA512 c607ec83cd89b86fc319a394e5fad6deadc4d07b5767665fbce5da7be0b710c5066964c5c2fba06ab920daacb41c7888ff9c6f136651da2ed93390c7955b2800

memory/1600-97-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2636-96-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2568-95-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/1600-91-0x000000013F380000-0x000000013F6D4000-memory.dmp

C:\Windows\system\vAlgzjR.exe

MD5 87985d1e47e8232283fc9e913cf49335
SHA1 2624cc1cfd5241f4f41566af9e0c97b4f4862144
SHA256 069657d616b1d4f1edbb5e6141c2214cfae456bac9ef12baf07731b8ab03e5ae
SHA512 63d17b3ea2de3533db85f9511fafab3cbcbf6ba575125d8612802a67c4be6a2e27bcac24d7abd117b901f2f4ce71626676ad4262bf66a6a6d0afa87e27289b9f

memory/1600-81-0x000000013F1D0000-0x000000013F524000-memory.dmp

memory/1740-80-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/3060-90-0x000000013F800000-0x000000013FB54000-memory.dmp

C:\Windows\system\cEaUFAi.exe

MD5 c8e03ac70da8f21e42b63eb5100fe78a
SHA1 2f33b54b50f0f10208e6f004295c8914d1b72c4d
SHA256 7b05a552e5ee2a94ae4ee195338be5a1b39938ce2f2a3f689cdc8f434d737e7e
SHA512 a53d13d63496045e57aed1ca3c6c4af33dcb38d876941330b0e46901e5ca91ec42de9ab52ce4d0a29ae08129f663819eebfa2b666e88cc2b43bfb55eed27b8c9

memory/2584-69-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\NBGcKlu.exe

MD5 bff3f1187c034b739e61e7ea7b8194fa
SHA1 e7d4b18abdd9a4a8f995fd1db6025359431da66f
SHA256 052824318f67fb0b0c572cee4374b6898e2f942bc8c2bf0480875075aba8dae2
SHA512 36de9096cb30c3e3a5a2e634dc2dfec0d05e2d7946af0a13aee2705dc24c72188170d7dcbb23b0d46edb2966ef66ca831995326d1f98a1d131323d5b10f64c9d

memory/876-64-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2104-63-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2624-40-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/1600-39-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/1600-61-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/1600-59-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2976-58-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/1600-57-0x000000013F960000-0x000000013FCB4000-memory.dmp

C:\Windows\system\GNpRcqZ.exe

MD5 5089f7b4879977ac3a4c7dfd7c0c0b77
SHA1 1595d2a0e219ecc3beb0032334c26cf7f57909f5
SHA256 765c19cef392cb7aa8ae74e10735b977f12dcf502ade4f3dcae4e1c39692a9fc
SHA512 48187f44cce56e0a46a89260ee841c3de216fecde5b928daa7b9c89d74e40a6865a1d81d939aa12f763fe916da69f6ed259e90042601e4ebcada6e6049e0852f

memory/2640-35-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1600-34-0x0000000002120000-0x0000000002474000-memory.dmp

memory/2772-29-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/1600-27-0x000000013F070000-0x000000013F3C4000-memory.dmp

C:\Windows\system\PsafyEH.exe

MD5 a00a99d51e7f3836caac06867de46429
SHA1 c207787d723f05ed97e9cfa9c41439c2099b08f4
SHA256 6f907b3e071370cf9c3ea6b567561ee4e5bae548bb40cd9bc50601011f027a02
SHA512 04e6e1c4eaeca86cc78f902ddad61bd0487939bb8219e7570557a36012f3add99fee428f9b4f30385795fe1210718c7d6fd6700bc38255b52f96b43b2f26531c

memory/1600-14-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2584-1073-0x000000013F020000-0x000000013F374000-memory.dmp

memory/1600-1074-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/1600-1075-0x000000013F600000-0x000000013F954000-memory.dmp

memory/1600-1076-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/1672-1077-0x000000013F120000-0x000000013F474000-memory.dmp

memory/3060-1078-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2636-1079-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2640-1080-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2976-1081-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2772-1082-0x000000013F070000-0x000000013F3C4000-memory.dmp

memory/2624-1085-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/1740-1086-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2104-1084-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2584-1083-0x000000013F020000-0x000000013F374000-memory.dmp

memory/3004-1088-0x000000013F1D0000-0x000000013F524000-memory.dmp

memory/2568-1087-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/1552-1089-0x000000013F600000-0x000000013F954000-memory.dmp

memory/876-1090-0x000000013F450000-0x000000013F7A4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 21:56

Reported

2024-06-19 21:59

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\HkCGeiK.exe N/A
N/A N/A C:\Windows\System\TVNqxIv.exe N/A
N/A N/A C:\Windows\System\PsafyEH.exe N/A
N/A N/A C:\Windows\System\THyPZVV.exe N/A
N/A N/A C:\Windows\System\EJMAdgA.exe N/A
N/A N/A C:\Windows\System\TDZkazk.exe N/A
N/A N/A C:\Windows\System\BXvfimv.exe N/A
N/A N/A C:\Windows\System\NaUCjme.exe N/A
N/A N/A C:\Windows\System\GNpRcqZ.exe N/A
N/A N/A C:\Windows\System\NBGcKlu.exe N/A
N/A N/A C:\Windows\System\rqKrfPp.exe N/A
N/A N/A C:\Windows\System\vAlgzjR.exe N/A
N/A N/A C:\Windows\System\cEaUFAi.exe N/A
N/A N/A C:\Windows\System\fBfYhfX.exe N/A
N/A N/A C:\Windows\System\pMimPSu.exe N/A
N/A N/A C:\Windows\System\yvzCule.exe N/A
N/A N/A C:\Windows\System\CreZUQg.exe N/A
N/A N/A C:\Windows\System\bPwdfla.exe N/A
N/A N/A C:\Windows\System\EGHdOiS.exe N/A
N/A N/A C:\Windows\System\GqTZEzn.exe N/A
N/A N/A C:\Windows\System\gdrOefW.exe N/A
N/A N/A C:\Windows\System\AtIGvMC.exe N/A
N/A N/A C:\Windows\System\kHRNGuw.exe N/A
N/A N/A C:\Windows\System\OiTusJy.exe N/A
N/A N/A C:\Windows\System\xoSINjw.exe N/A
N/A N/A C:\Windows\System\wKzdsHw.exe N/A
N/A N/A C:\Windows\System\xYnJGUv.exe N/A
N/A N/A C:\Windows\System\hGkKzxz.exe N/A
N/A N/A C:\Windows\System\usszgCu.exe N/A
N/A N/A C:\Windows\System\uIsdjhH.exe N/A
N/A N/A C:\Windows\System\LRCLGRd.exe N/A
N/A N/A C:\Windows\System\MTyfbul.exe N/A
N/A N/A C:\Windows\System\zexGOsr.exe N/A
N/A N/A C:\Windows\System\SLBUsRM.exe N/A
N/A N/A C:\Windows\System\YIFigQn.exe N/A
N/A N/A C:\Windows\System\CFmZOmn.exe N/A
N/A N/A C:\Windows\System\EwTlyUJ.exe N/A
N/A N/A C:\Windows\System\utpCrGR.exe N/A
N/A N/A C:\Windows\System\HaqvEvz.exe N/A
N/A N/A C:\Windows\System\OGMegOA.exe N/A
N/A N/A C:\Windows\System\heZfNyA.exe N/A
N/A N/A C:\Windows\System\KdUIpaf.exe N/A
N/A N/A C:\Windows\System\PZBQFsc.exe N/A
N/A N/A C:\Windows\System\cVEjCzm.exe N/A
N/A N/A C:\Windows\System\JkNpzHS.exe N/A
N/A N/A C:\Windows\System\SiljVgX.exe N/A
N/A N/A C:\Windows\System\fwbOtmh.exe N/A
N/A N/A C:\Windows\System\WPchlWL.exe N/A
N/A N/A C:\Windows\System\InpYJfg.exe N/A
N/A N/A C:\Windows\System\XeASziU.exe N/A
N/A N/A C:\Windows\System\IcGoyzP.exe N/A
N/A N/A C:\Windows\System\QWlTsqZ.exe N/A
N/A N/A C:\Windows\System\uMbDGli.exe N/A
N/A N/A C:\Windows\System\lcAatEx.exe N/A
N/A N/A C:\Windows\System\mEWADTw.exe N/A
N/A N/A C:\Windows\System\UfCmrUF.exe N/A
N/A N/A C:\Windows\System\tZrnoKb.exe N/A
N/A N/A C:\Windows\System\mFxDReP.exe N/A
N/A N/A C:\Windows\System\yOZrqrL.exe N/A
N/A N/A C:\Windows\System\TybxLgc.exe N/A
N/A N/A C:\Windows\System\dheznUL.exe N/A
N/A N/A C:\Windows\System\gKsfbrE.exe N/A
N/A N/A C:\Windows\System\qyMJZmz.exe N/A
N/A N/A C:\Windows\System\SjTdkyF.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gZXOZQo.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkvSvQW.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\gKsfbrE.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpIXrKo.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsbSxRy.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmwLzge.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZrnoKb.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAlgzjR.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKwRSlk.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XXricvX.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\NoxTtoF.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRGvHEL.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjxMDNh.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOCyZRy.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\HkCGeiK.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\imoaMDQ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZvAOrP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\kJxycol.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\qyMJZmz.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWrSRtu.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\edMYtis.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\yyqpvZM.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\TbXUqaG.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\YPdcckP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoWtVkz.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGHdOiS.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEWADTw.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\Vhwuhwy.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCqSphR.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\ONPIVHf.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKzdsHw.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdNVQAg.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENnZPIj.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\UIBrwil.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSjtIcU.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\InpYJfg.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\uweOBfR.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCJRwAw.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\aeBzHYH.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTNzWhp.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyhcQvk.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyIFQKD.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqTZEzn.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTiLvtz.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMStCMy.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXowmuf.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfCmrUF.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\vDkppFF.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhwTXwi.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\LrTOMLe.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSYKQMV.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcGoyzP.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFKwBgA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\HoUKYxK.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWMjqUJ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjceEEs.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxhanjA.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XygveZC.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfxpzys.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfeQOsD.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcNQWrj.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDrAUNQ.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\erdksKq.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORvkJvW.exe C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1388 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\HkCGeiK.exe
PID 1388 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\HkCGeiK.exe
PID 1388 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TVNqxIv.exe
PID 1388 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TVNqxIv.exe
PID 1388 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\PsafyEH.exe
PID 1388 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\PsafyEH.exe
PID 1388 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\THyPZVV.exe
PID 1388 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\THyPZVV.exe
PID 1388 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EJMAdgA.exe
PID 1388 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EJMAdgA.exe
PID 1388 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TDZkazk.exe
PID 1388 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\TDZkazk.exe
PID 1388 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\BXvfimv.exe
PID 1388 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\BXvfimv.exe
PID 1388 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NaUCjme.exe
PID 1388 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NaUCjme.exe
PID 1388 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GNpRcqZ.exe
PID 1388 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GNpRcqZ.exe
PID 1388 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NBGcKlu.exe
PID 1388 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\NBGcKlu.exe
PID 1388 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\rqKrfPp.exe
PID 1388 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\rqKrfPp.exe
PID 1388 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\vAlgzjR.exe
PID 1388 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\vAlgzjR.exe
PID 1388 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\cEaUFAi.exe
PID 1388 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\cEaUFAi.exe
PID 1388 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\fBfYhfX.exe
PID 1388 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\fBfYhfX.exe
PID 1388 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\pMimPSu.exe
PID 1388 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\pMimPSu.exe
PID 1388 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\yvzCule.exe
PID 1388 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\yvzCule.exe
PID 1388 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\CreZUQg.exe
PID 1388 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\CreZUQg.exe
PID 1388 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\bPwdfla.exe
PID 1388 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\bPwdfla.exe
PID 1388 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EGHdOiS.exe
PID 1388 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\EGHdOiS.exe
PID 1388 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GqTZEzn.exe
PID 1388 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\GqTZEzn.exe
PID 1388 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\gdrOefW.exe
PID 1388 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\gdrOefW.exe
PID 1388 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\AtIGvMC.exe
PID 1388 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\AtIGvMC.exe
PID 1388 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\kHRNGuw.exe
PID 1388 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\kHRNGuw.exe
PID 1388 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\OiTusJy.exe
PID 1388 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\OiTusJy.exe
PID 1388 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\xoSINjw.exe
PID 1388 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\xoSINjw.exe
PID 1388 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\wKzdsHw.exe
PID 1388 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\wKzdsHw.exe
PID 1388 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\xYnJGUv.exe
PID 1388 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\xYnJGUv.exe
PID 1388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\hGkKzxz.exe
PID 1388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\hGkKzxz.exe
PID 1388 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\usszgCu.exe
PID 1388 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\usszgCu.exe
PID 1388 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\uIsdjhH.exe
PID 1388 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\uIsdjhH.exe
PID 1388 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\LRCLGRd.exe
PID 1388 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\LRCLGRd.exe
PID 1388 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\MTyfbul.exe
PID 1388 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe C:\Windows\System\MTyfbul.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0e6d42914e30aab3c848ef2051b56abdf875e77041cf927fb182876be3a5d972_NeikiAnalytics.exe"

C:\Windows\System\HkCGeiK.exe

C:\Windows\System\HkCGeiK.exe

C:\Windows\System\TVNqxIv.exe

C:\Windows\System\TVNqxIv.exe

C:\Windows\System\PsafyEH.exe

C:\Windows\System\PsafyEH.exe

C:\Windows\System\THyPZVV.exe

C:\Windows\System\THyPZVV.exe

C:\Windows\System\EJMAdgA.exe

C:\Windows\System\EJMAdgA.exe

C:\Windows\System\TDZkazk.exe

C:\Windows\System\TDZkazk.exe

C:\Windows\System\BXvfimv.exe

C:\Windows\System\BXvfimv.exe

C:\Windows\System\NaUCjme.exe

C:\Windows\System\NaUCjme.exe

C:\Windows\System\GNpRcqZ.exe

C:\Windows\System\GNpRcqZ.exe

C:\Windows\System\NBGcKlu.exe

C:\Windows\System\NBGcKlu.exe

C:\Windows\System\rqKrfPp.exe

C:\Windows\System\rqKrfPp.exe

C:\Windows\System\vAlgzjR.exe

C:\Windows\System\vAlgzjR.exe

C:\Windows\System\cEaUFAi.exe

C:\Windows\System\cEaUFAi.exe

C:\Windows\System\fBfYhfX.exe

C:\Windows\System\fBfYhfX.exe

C:\Windows\System\pMimPSu.exe

C:\Windows\System\pMimPSu.exe

C:\Windows\System\yvzCule.exe

C:\Windows\System\yvzCule.exe

C:\Windows\System\CreZUQg.exe

C:\Windows\System\CreZUQg.exe

C:\Windows\System\bPwdfla.exe

C:\Windows\System\bPwdfla.exe

C:\Windows\System\EGHdOiS.exe

C:\Windows\System\EGHdOiS.exe

C:\Windows\System\GqTZEzn.exe

C:\Windows\System\GqTZEzn.exe

C:\Windows\System\gdrOefW.exe

C:\Windows\System\gdrOefW.exe

C:\Windows\System\AtIGvMC.exe

C:\Windows\System\AtIGvMC.exe

C:\Windows\System\kHRNGuw.exe

C:\Windows\System\kHRNGuw.exe

C:\Windows\System\OiTusJy.exe

C:\Windows\System\OiTusJy.exe

C:\Windows\System\xoSINjw.exe

C:\Windows\System\xoSINjw.exe

C:\Windows\System\wKzdsHw.exe

C:\Windows\System\wKzdsHw.exe

C:\Windows\System\xYnJGUv.exe

C:\Windows\System\xYnJGUv.exe

C:\Windows\System\hGkKzxz.exe

C:\Windows\System\hGkKzxz.exe

C:\Windows\System\usszgCu.exe

C:\Windows\System\usszgCu.exe

C:\Windows\System\uIsdjhH.exe

C:\Windows\System\uIsdjhH.exe

C:\Windows\System\LRCLGRd.exe

C:\Windows\System\LRCLGRd.exe

C:\Windows\System\MTyfbul.exe

C:\Windows\System\MTyfbul.exe

C:\Windows\System\zexGOsr.exe

C:\Windows\System\zexGOsr.exe

C:\Windows\System\SLBUsRM.exe

C:\Windows\System\SLBUsRM.exe

C:\Windows\System\YIFigQn.exe

C:\Windows\System\YIFigQn.exe

C:\Windows\System\CFmZOmn.exe

C:\Windows\System\CFmZOmn.exe

C:\Windows\System\EwTlyUJ.exe

C:\Windows\System\EwTlyUJ.exe

C:\Windows\System\utpCrGR.exe

C:\Windows\System\utpCrGR.exe

C:\Windows\System\HaqvEvz.exe

C:\Windows\System\HaqvEvz.exe

C:\Windows\System\OGMegOA.exe

C:\Windows\System\OGMegOA.exe

C:\Windows\System\heZfNyA.exe

C:\Windows\System\heZfNyA.exe

C:\Windows\System\KdUIpaf.exe

C:\Windows\System\KdUIpaf.exe

C:\Windows\System\PZBQFsc.exe

C:\Windows\System\PZBQFsc.exe

C:\Windows\System\cVEjCzm.exe

C:\Windows\System\cVEjCzm.exe

C:\Windows\System\JkNpzHS.exe

C:\Windows\System\JkNpzHS.exe

C:\Windows\System\SiljVgX.exe

C:\Windows\System\SiljVgX.exe

C:\Windows\System\fwbOtmh.exe

C:\Windows\System\fwbOtmh.exe

C:\Windows\System\WPchlWL.exe

C:\Windows\System\WPchlWL.exe

C:\Windows\System\InpYJfg.exe

C:\Windows\System\InpYJfg.exe

C:\Windows\System\XeASziU.exe

C:\Windows\System\XeASziU.exe

C:\Windows\System\IcGoyzP.exe

C:\Windows\System\IcGoyzP.exe

C:\Windows\System\QWlTsqZ.exe

C:\Windows\System\QWlTsqZ.exe

C:\Windows\System\uMbDGli.exe

C:\Windows\System\uMbDGli.exe

C:\Windows\System\lcAatEx.exe

C:\Windows\System\lcAatEx.exe

C:\Windows\System\mEWADTw.exe

C:\Windows\System\mEWADTw.exe

C:\Windows\System\UfCmrUF.exe

C:\Windows\System\UfCmrUF.exe

C:\Windows\System\tZrnoKb.exe

C:\Windows\System\tZrnoKb.exe

C:\Windows\System\mFxDReP.exe

C:\Windows\System\mFxDReP.exe

C:\Windows\System\yOZrqrL.exe

C:\Windows\System\yOZrqrL.exe

C:\Windows\System\TybxLgc.exe

C:\Windows\System\TybxLgc.exe

C:\Windows\System\dheznUL.exe

C:\Windows\System\dheznUL.exe

C:\Windows\System\gKsfbrE.exe

C:\Windows\System\gKsfbrE.exe

C:\Windows\System\qyMJZmz.exe

C:\Windows\System\qyMJZmz.exe

C:\Windows\System\SjTdkyF.exe

C:\Windows\System\SjTdkyF.exe

C:\Windows\System\zcitoIL.exe

C:\Windows\System\zcitoIL.exe

C:\Windows\System\MTpOzaU.exe

C:\Windows\System\MTpOzaU.exe

C:\Windows\System\ibDmKJR.exe

C:\Windows\System\ibDmKJR.exe

C:\Windows\System\QKwRSlk.exe

C:\Windows\System\QKwRSlk.exe

C:\Windows\System\BkoBXCp.exe

C:\Windows\System\BkoBXCp.exe

C:\Windows\System\BfaEDPI.exe

C:\Windows\System\BfaEDPI.exe

C:\Windows\System\owSEYMT.exe

C:\Windows\System\owSEYMT.exe

C:\Windows\System\QqxQzcL.exe

C:\Windows\System\QqxQzcL.exe

C:\Windows\System\rwYcHtb.exe

C:\Windows\System\rwYcHtb.exe

C:\Windows\System\rcvmFjR.exe

C:\Windows\System\rcvmFjR.exe

C:\Windows\System\ZpxXCgk.exe

C:\Windows\System\ZpxXCgk.exe

C:\Windows\System\PELevju.exe

C:\Windows\System\PELevju.exe

C:\Windows\System\WWrSRtu.exe

C:\Windows\System\WWrSRtu.exe

C:\Windows\System\VyWsOsa.exe

C:\Windows\System\VyWsOsa.exe

C:\Windows\System\imoaMDQ.exe

C:\Windows\System\imoaMDQ.exe

C:\Windows\System\fmcIkIl.exe

C:\Windows\System\fmcIkIl.exe

C:\Windows\System\yQtSbdI.exe

C:\Windows\System\yQtSbdI.exe

C:\Windows\System\okUxKMS.exe

C:\Windows\System\okUxKMS.exe

C:\Windows\System\WGdOJru.exe

C:\Windows\System\WGdOJru.exe

C:\Windows\System\SzXvsgk.exe

C:\Windows\System\SzXvsgk.exe

C:\Windows\System\dBSskBa.exe

C:\Windows\System\dBSskBa.exe

C:\Windows\System\vFYlwji.exe

C:\Windows\System\vFYlwji.exe

C:\Windows\System\gZXOZQo.exe

C:\Windows\System\gZXOZQo.exe

C:\Windows\System\yNgutDj.exe

C:\Windows\System\yNgutDj.exe

C:\Windows\System\WYBHOib.exe

C:\Windows\System\WYBHOib.exe

C:\Windows\System\flItxbA.exe

C:\Windows\System\flItxbA.exe

C:\Windows\System\cbzPWPH.exe

C:\Windows\System\cbzPWPH.exe

C:\Windows\System\tXersdd.exe

C:\Windows\System\tXersdd.exe

C:\Windows\System\Vhwuhwy.exe

C:\Windows\System\Vhwuhwy.exe

C:\Windows\System\xemZFhz.exe

C:\Windows\System\xemZFhz.exe

C:\Windows\System\QmcyHlY.exe

C:\Windows\System\QmcyHlY.exe

C:\Windows\System\zIGmkRb.exe

C:\Windows\System\zIGmkRb.exe

C:\Windows\System\lFegvuy.exe

C:\Windows\System\lFegvuy.exe

C:\Windows\System\pZvAOrP.exe

C:\Windows\System\pZvAOrP.exe

C:\Windows\System\ebbdEmv.exe

C:\Windows\System\ebbdEmv.exe

C:\Windows\System\aCtaypk.exe

C:\Windows\System\aCtaypk.exe

C:\Windows\System\JoqxSci.exe

C:\Windows\System\JoqxSci.exe

C:\Windows\System\DwKRKqS.exe

C:\Windows\System\DwKRKqS.exe

C:\Windows\System\CACWPvu.exe

C:\Windows\System\CACWPvu.exe

C:\Windows\System\kSjtIcU.exe

C:\Windows\System\kSjtIcU.exe

C:\Windows\System\NtewtmF.exe

C:\Windows\System\NtewtmF.exe

C:\Windows\System\cFIIiGP.exe

C:\Windows\System\cFIIiGP.exe

C:\Windows\System\VjLuZsm.exe

C:\Windows\System\VjLuZsm.exe

C:\Windows\System\ASwaXIn.exe

C:\Windows\System\ASwaXIn.exe

C:\Windows\System\OBfDboA.exe

C:\Windows\System\OBfDboA.exe

C:\Windows\System\kLGMjeO.exe

C:\Windows\System\kLGMjeO.exe

C:\Windows\System\uweOBfR.exe

C:\Windows\System\uweOBfR.exe

C:\Windows\System\DzVRkQH.exe

C:\Windows\System\DzVRkQH.exe

C:\Windows\System\qKOQKbG.exe

C:\Windows\System\qKOQKbG.exe

C:\Windows\System\XygveZC.exe

C:\Windows\System\XygveZC.exe

C:\Windows\System\FHVuZYS.exe

C:\Windows\System\FHVuZYS.exe

C:\Windows\System\JlYgONM.exe

C:\Windows\System\JlYgONM.exe

C:\Windows\System\fWgiCmq.exe

C:\Windows\System\fWgiCmq.exe

C:\Windows\System\xjdjxGm.exe

C:\Windows\System\xjdjxGm.exe

C:\Windows\System\dDHaIPU.exe

C:\Windows\System\dDHaIPU.exe

C:\Windows\System\LBtuwLo.exe

C:\Windows\System\LBtuwLo.exe

C:\Windows\System\edMYtis.exe

C:\Windows\System\edMYtis.exe

C:\Windows\System\eCJRwAw.exe

C:\Windows\System\eCJRwAw.exe

C:\Windows\System\GvUccBz.exe

C:\Windows\System\GvUccBz.exe

C:\Windows\System\YIHQVhq.exe

C:\Windows\System\YIHQVhq.exe

C:\Windows\System\XJbPsjV.exe

C:\Windows\System\XJbPsjV.exe

C:\Windows\System\vYBcWxb.exe

C:\Windows\System\vYBcWxb.exe

C:\Windows\System\xCygJyv.exe

C:\Windows\System\xCygJyv.exe

C:\Windows\System\vxHFTkI.exe

C:\Windows\System\vxHFTkI.exe

C:\Windows\System\WyPhghv.exe

C:\Windows\System\WyPhghv.exe

C:\Windows\System\qYfWYol.exe

C:\Windows\System\qYfWYol.exe

C:\Windows\System\KFKwBgA.exe

C:\Windows\System\KFKwBgA.exe

C:\Windows\System\ORvkJvW.exe

C:\Windows\System\ORvkJvW.exe

C:\Windows\System\XVyLxCC.exe

C:\Windows\System\XVyLxCC.exe

C:\Windows\System\HggLRHz.exe

C:\Windows\System\HggLRHz.exe

C:\Windows\System\erdksKq.exe

C:\Windows\System\erdksKq.exe

C:\Windows\System\uFNgUiF.exe

C:\Windows\System\uFNgUiF.exe

C:\Windows\System\XXricvX.exe

C:\Windows\System\XXricvX.exe

C:\Windows\System\iGmMgyh.exe

C:\Windows\System\iGmMgyh.exe

C:\Windows\System\kxnHMvb.exe

C:\Windows\System\kxnHMvb.exe

C:\Windows\System\mNmGBqa.exe

C:\Windows\System\mNmGBqa.exe

C:\Windows\System\uHiEdbq.exe

C:\Windows\System\uHiEdbq.exe

C:\Windows\System\DoRKsPg.exe

C:\Windows\System\DoRKsPg.exe

C:\Windows\System\vcotzjl.exe

C:\Windows\System\vcotzjl.exe

C:\Windows\System\NoxTtoF.exe

C:\Windows\System\NoxTtoF.exe

C:\Windows\System\yyqpvZM.exe

C:\Windows\System\yyqpvZM.exe

C:\Windows\System\XAyCYAo.exe

C:\Windows\System\XAyCYAo.exe

C:\Windows\System\lRGvHEL.exe

C:\Windows\System\lRGvHEL.exe

C:\Windows\System\FpuTGfI.exe

C:\Windows\System\FpuTGfI.exe

C:\Windows\System\KBHWSNa.exe

C:\Windows\System\KBHWSNa.exe

C:\Windows\System\dfxpzys.exe

C:\Windows\System\dfxpzys.exe

C:\Windows\System\jZWFjRf.exe

C:\Windows\System\jZWFjRf.exe

C:\Windows\System\IHoCjzp.exe

C:\Windows\System\IHoCjzp.exe

C:\Windows\System\DdNVQAg.exe

C:\Windows\System\DdNVQAg.exe

C:\Windows\System\vDkppFF.exe

C:\Windows\System\vDkppFF.exe

C:\Windows\System\luFNKcr.exe

C:\Windows\System\luFNKcr.exe

C:\Windows\System\qhwTXwi.exe

C:\Windows\System\qhwTXwi.exe

C:\Windows\System\htbFBIK.exe

C:\Windows\System\htbFBIK.exe

C:\Windows\System\TVpHNFd.exe

C:\Windows\System\TVpHNFd.exe

C:\Windows\System\AJWXWNM.exe

C:\Windows\System\AJWXWNM.exe

C:\Windows\System\FblEROO.exe

C:\Windows\System\FblEROO.exe

C:\Windows\System\OOrcZGj.exe

C:\Windows\System\OOrcZGj.exe

C:\Windows\System\GFnQTKq.exe

C:\Windows\System\GFnQTKq.exe

C:\Windows\System\WpIXrKo.exe

C:\Windows\System\WpIXrKo.exe

C:\Windows\System\VMoIEjv.exe

C:\Windows\System\VMoIEjv.exe

C:\Windows\System\wXowmuf.exe

C:\Windows\System\wXowmuf.exe

C:\Windows\System\HoUKYxK.exe

C:\Windows\System\HoUKYxK.exe

C:\Windows\System\zDsCbSs.exe

C:\Windows\System\zDsCbSs.exe

C:\Windows\System\VskMpjw.exe

C:\Windows\System\VskMpjw.exe

C:\Windows\System\dJcPHeh.exe

C:\Windows\System\dJcPHeh.exe

C:\Windows\System\ENnZPIj.exe

C:\Windows\System\ENnZPIj.exe

C:\Windows\System\RTcoVVK.exe

C:\Windows\System\RTcoVVK.exe

C:\Windows\System\zDFDpVr.exe

C:\Windows\System\zDFDpVr.exe

C:\Windows\System\NishaDn.exe

C:\Windows\System\NishaDn.exe

C:\Windows\System\VGPLmfj.exe

C:\Windows\System\VGPLmfj.exe

C:\Windows\System\hdZDKPb.exe

C:\Windows\System\hdZDKPb.exe

C:\Windows\System\OTUyPzj.exe

C:\Windows\System\OTUyPzj.exe

C:\Windows\System\bzGalaD.exe

C:\Windows\System\bzGalaD.exe

C:\Windows\System\cdUocyq.exe

C:\Windows\System\cdUocyq.exe

C:\Windows\System\jyMDbzF.exe

C:\Windows\System\jyMDbzF.exe

C:\Windows\System\iWMjqUJ.exe

C:\Windows\System\iWMjqUJ.exe

C:\Windows\System\CSBGWEW.exe

C:\Windows\System\CSBGWEW.exe

C:\Windows\System\FHazjEC.exe

C:\Windows\System\FHazjEC.exe

C:\Windows\System\kjRWOaS.exe

C:\Windows\System\kjRWOaS.exe

C:\Windows\System\sOOWtQh.exe

C:\Windows\System\sOOWtQh.exe

C:\Windows\System\rSamJiN.exe

C:\Windows\System\rSamJiN.exe

C:\Windows\System\HRQUusx.exe

C:\Windows\System\HRQUusx.exe

C:\Windows\System\wctYFYM.exe

C:\Windows\System\wctYFYM.exe

C:\Windows\System\QnkcFFm.exe

C:\Windows\System\QnkcFFm.exe

C:\Windows\System\mQMeAXA.exe

C:\Windows\System\mQMeAXA.exe

C:\Windows\System\GwnXjKt.exe

C:\Windows\System\GwnXjKt.exe

C:\Windows\System\HDhUzJl.exe

C:\Windows\System\HDhUzJl.exe

C:\Windows\System\RmxOevb.exe

C:\Windows\System\RmxOevb.exe

C:\Windows\System\ZxJEqNZ.exe

C:\Windows\System\ZxJEqNZ.exe

C:\Windows\System\yEgiGAK.exe

C:\Windows\System\yEgiGAK.exe

C:\Windows\System\tjceEEs.exe

C:\Windows\System\tjceEEs.exe

C:\Windows\System\TmeeydP.exe

C:\Windows\System\TmeeydP.exe

C:\Windows\System\vCnVmib.exe

C:\Windows\System\vCnVmib.exe

C:\Windows\System\ZvDbuuQ.exe

C:\Windows\System\ZvDbuuQ.exe

C:\Windows\System\XygCRiP.exe

C:\Windows\System\XygCRiP.exe

C:\Windows\System\JTgznaL.exe

C:\Windows\System\JTgznaL.exe

C:\Windows\System\PkvSvQW.exe

C:\Windows\System\PkvSvQW.exe

C:\Windows\System\vLPbubK.exe

C:\Windows\System\vLPbubK.exe

C:\Windows\System\JHjgRiL.exe

C:\Windows\System\JHjgRiL.exe

C:\Windows\System\KTRkEFZ.exe

C:\Windows\System\KTRkEFZ.exe

C:\Windows\System\znsbkTr.exe

C:\Windows\System\znsbkTr.exe

C:\Windows\System\UIBrwil.exe

C:\Windows\System\UIBrwil.exe

C:\Windows\System\XUTVPzJ.exe

C:\Windows\System\XUTVPzJ.exe

C:\Windows\System\IQkeluy.exe

C:\Windows\System\IQkeluy.exe

C:\Windows\System\plHjlPW.exe

C:\Windows\System\plHjlPW.exe

C:\Windows\System\TbXUqaG.exe

C:\Windows\System\TbXUqaG.exe

C:\Windows\System\OHSVlzR.exe

C:\Windows\System\OHSVlzR.exe

C:\Windows\System\UsbSxRy.exe

C:\Windows\System\UsbSxRy.exe

C:\Windows\System\eTiLvtz.exe

C:\Windows\System\eTiLvtz.exe

C:\Windows\System\utzYoHg.exe

C:\Windows\System\utzYoHg.exe

C:\Windows\System\pCqSphR.exe

C:\Windows\System\pCqSphR.exe

C:\Windows\System\LcuzjEn.exe

C:\Windows\System\LcuzjEn.exe

C:\Windows\System\YPdcckP.exe

C:\Windows\System\YPdcckP.exe

C:\Windows\System\VwulOrf.exe

C:\Windows\System\VwulOrf.exe

C:\Windows\System\DQxbmKM.exe

C:\Windows\System\DQxbmKM.exe

C:\Windows\System\iJUtvSR.exe

C:\Windows\System\iJUtvSR.exe

C:\Windows\System\jEVpNgn.exe

C:\Windows\System\jEVpNgn.exe

C:\Windows\System\aeBzHYH.exe

C:\Windows\System\aeBzHYH.exe

C:\Windows\System\NxhanjA.exe

C:\Windows\System\NxhanjA.exe

C:\Windows\System\UqjvRcG.exe

C:\Windows\System\UqjvRcG.exe

C:\Windows\System\XfpCCin.exe

C:\Windows\System\XfpCCin.exe

C:\Windows\System\NlNggDq.exe

C:\Windows\System\NlNggDq.exe

C:\Windows\System\nCjWqeS.exe

C:\Windows\System\nCjWqeS.exe

C:\Windows\System\MTntoAR.exe

C:\Windows\System\MTntoAR.exe

C:\Windows\System\JBUIBhF.exe

C:\Windows\System\JBUIBhF.exe

C:\Windows\System\OZPavAY.exe

C:\Windows\System\OZPavAY.exe

C:\Windows\System\VguhBQY.exe

C:\Windows\System\VguhBQY.exe

C:\Windows\System\rGcXUHo.exe

C:\Windows\System\rGcXUHo.exe

C:\Windows\System\tfeQOsD.exe

C:\Windows\System\tfeQOsD.exe

C:\Windows\System\uwAJvvU.exe

C:\Windows\System\uwAJvvU.exe

C:\Windows\System\LrTOMLe.exe

C:\Windows\System\LrTOMLe.exe

C:\Windows\System\yCmyRlV.exe

C:\Windows\System\yCmyRlV.exe

C:\Windows\System\xNzgtvi.exe

C:\Windows\System\xNzgtvi.exe

C:\Windows\System\PGFlzkP.exe

C:\Windows\System\PGFlzkP.exe

C:\Windows\System\PzWrNWY.exe

C:\Windows\System\PzWrNWY.exe

C:\Windows\System\fhmTRLc.exe

C:\Windows\System\fhmTRLc.exe

C:\Windows\System\IkYPWkW.exe

C:\Windows\System\IkYPWkW.exe

C:\Windows\System\rMWVuoS.exe

C:\Windows\System\rMWVuoS.exe

C:\Windows\System\eoZJMWt.exe

C:\Windows\System\eoZJMWt.exe

C:\Windows\System\vINUcqx.exe

C:\Windows\System\vINUcqx.exe

C:\Windows\System\KGUmJzr.exe

C:\Windows\System\KGUmJzr.exe

C:\Windows\System\poEhimQ.exe

C:\Windows\System\poEhimQ.exe

C:\Windows\System\ONPIVHf.exe

C:\Windows\System\ONPIVHf.exe

C:\Windows\System\KTNzWhp.exe

C:\Windows\System\KTNzWhp.exe

C:\Windows\System\UtNTtsw.exe

C:\Windows\System\UtNTtsw.exe

C:\Windows\System\OoquYiz.exe

C:\Windows\System\OoquYiz.exe

C:\Windows\System\PjxMDNh.exe

C:\Windows\System\PjxMDNh.exe

C:\Windows\System\AHuLqRV.exe

C:\Windows\System\AHuLqRV.exe

C:\Windows\System\envKkkU.exe

C:\Windows\System\envKkkU.exe

C:\Windows\System\gGRoxCu.exe

C:\Windows\System\gGRoxCu.exe

C:\Windows\System\ZxceWLZ.exe

C:\Windows\System\ZxceWLZ.exe

C:\Windows\System\ZneLQor.exe

C:\Windows\System\ZneLQor.exe

C:\Windows\System\kdkmBkW.exe

C:\Windows\System\kdkmBkW.exe

C:\Windows\System\rMgbGtV.exe

C:\Windows\System\rMgbGtV.exe

C:\Windows\System\pjtJvUc.exe

C:\Windows\System\pjtJvUc.exe

C:\Windows\System\rEmuUuq.exe

C:\Windows\System\rEmuUuq.exe

C:\Windows\System\FJeajve.exe

C:\Windows\System\FJeajve.exe

C:\Windows\System\uiyWDET.exe

C:\Windows\System\uiyWDET.exe

C:\Windows\System\UbcdYCT.exe

C:\Windows\System\UbcdYCT.exe

C:\Windows\System\uFdKLTG.exe

C:\Windows\System\uFdKLTG.exe

C:\Windows\System\jaIcvsM.exe

C:\Windows\System\jaIcvsM.exe

C:\Windows\System\dEYpEQT.exe

C:\Windows\System\dEYpEQT.exe

C:\Windows\System\bcNQWrj.exe

C:\Windows\System\bcNQWrj.exe

C:\Windows\System\gjdMNCO.exe

C:\Windows\System\gjdMNCO.exe

C:\Windows\System\zmRtyzl.exe

C:\Windows\System\zmRtyzl.exe

C:\Windows\System\ZwRNmEo.exe

C:\Windows\System\ZwRNmEo.exe

C:\Windows\System\ncAkVij.exe

C:\Windows\System\ncAkVij.exe

C:\Windows\System\BYltKdf.exe

C:\Windows\System\BYltKdf.exe

C:\Windows\System\oZwvhxr.exe

C:\Windows\System\oZwvhxr.exe

C:\Windows\System\ZFepAAo.exe

C:\Windows\System\ZFepAAo.exe

C:\Windows\System\AQwruMT.exe

C:\Windows\System\AQwruMT.exe

C:\Windows\System\eYMmdLr.exe

C:\Windows\System\eYMmdLr.exe

C:\Windows\System\zsZhsXA.exe

C:\Windows\System\zsZhsXA.exe

C:\Windows\System\khJqiMo.exe

C:\Windows\System\khJqiMo.exe

C:\Windows\System\DMStCMy.exe

C:\Windows\System\DMStCMy.exe

C:\Windows\System\QUXrsCW.exe

C:\Windows\System\QUXrsCW.exe

C:\Windows\System\VOCyZRy.exe

C:\Windows\System\VOCyZRy.exe

C:\Windows\System\FknSWXB.exe

C:\Windows\System\FknSWXB.exe

C:\Windows\System\jFxSFly.exe

C:\Windows\System\jFxSFly.exe

C:\Windows\System\tRUYePA.exe

C:\Windows\System\tRUYePA.exe

C:\Windows\System\vGFlFmV.exe

C:\Windows\System\vGFlFmV.exe

C:\Windows\System\okKFWJr.exe

C:\Windows\System\okKFWJr.exe

C:\Windows\System\NqlwJsO.exe

C:\Windows\System\NqlwJsO.exe

C:\Windows\System\YUXHiDP.exe

C:\Windows\System\YUXHiDP.exe

C:\Windows\System\cSYKQMV.exe

C:\Windows\System\cSYKQMV.exe

C:\Windows\System\JoWtVkz.exe

C:\Windows\System\JoWtVkz.exe

C:\Windows\System\iyhcQvk.exe

C:\Windows\System\iyhcQvk.exe

C:\Windows\System\OYPoFxu.exe

C:\Windows\System\OYPoFxu.exe

C:\Windows\System\gSzwYNM.exe

C:\Windows\System\gSzwYNM.exe

C:\Windows\System\pfWXzlt.exe

C:\Windows\System\pfWXzlt.exe

C:\Windows\System\KtYiRhb.exe

C:\Windows\System\KtYiRhb.exe

C:\Windows\System\CLTXUpl.exe

C:\Windows\System\CLTXUpl.exe

C:\Windows\System\slVvPaQ.exe

C:\Windows\System\slVvPaQ.exe

C:\Windows\System\xyfibTu.exe

C:\Windows\System\xyfibTu.exe

C:\Windows\System\GWhlfmC.exe

C:\Windows\System\GWhlfmC.exe

C:\Windows\System\xmwLzge.exe

C:\Windows\System\xmwLzge.exe

C:\Windows\System\HoBmIPu.exe

C:\Windows\System\HoBmIPu.exe

C:\Windows\System\QXAlasJ.exe

C:\Windows\System\QXAlasJ.exe

C:\Windows\System\hLzFKRo.exe

C:\Windows\System\hLzFKRo.exe

C:\Windows\System\tnbczMG.exe

C:\Windows\System\tnbczMG.exe

C:\Windows\System\oXRiAik.exe

C:\Windows\System\oXRiAik.exe

C:\Windows\System\ohHncrf.exe

C:\Windows\System\ohHncrf.exe

C:\Windows\System\XJgyOzS.exe

C:\Windows\System\XJgyOzS.exe

C:\Windows\System\LCPLMrn.exe

C:\Windows\System\LCPLMrn.exe

C:\Windows\System\kJxycol.exe

C:\Windows\System\kJxycol.exe

C:\Windows\System\gfqxEyY.exe

C:\Windows\System\gfqxEyY.exe

C:\Windows\System\InFRWEL.exe

C:\Windows\System\InFRWEL.exe

C:\Windows\System\KTEjiIz.exe

C:\Windows\System\KTEjiIz.exe

C:\Windows\System\MxwZzaF.exe

C:\Windows\System\MxwZzaF.exe

C:\Windows\System\fRSVywS.exe

C:\Windows\System\fRSVywS.exe

C:\Windows\System\DyIFQKD.exe

C:\Windows\System\DyIFQKD.exe

C:\Windows\System\bkMgtYC.exe

C:\Windows\System\bkMgtYC.exe

C:\Windows\System\hosdHiQ.exe

C:\Windows\System\hosdHiQ.exe

C:\Windows\System\ZYQjxGF.exe

C:\Windows\System\ZYQjxGF.exe

C:\Windows\System\DRgHjAd.exe

C:\Windows\System\DRgHjAd.exe

C:\Windows\System\GelpmiM.exe

C:\Windows\System\GelpmiM.exe

C:\Windows\System\zijBuyC.exe

C:\Windows\System\zijBuyC.exe

C:\Windows\System\OCDHvkI.exe

C:\Windows\System\OCDHvkI.exe

C:\Windows\System\WrgQpSQ.exe

C:\Windows\System\WrgQpSQ.exe

C:\Windows\System\XDrAUNQ.exe

C:\Windows\System\XDrAUNQ.exe

C:\Windows\System\IMtEMek.exe

C:\Windows\System\IMtEMek.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/1388-0-0x00007FF7DA450000-0x00007FF7DA7A4000-memory.dmp

memory/1388-1-0x0000016764A10000-0x0000016764A20000-memory.dmp

C:\Windows\System\HkCGeiK.exe

MD5 a87956afaa92875024e2528f86f6bf26
SHA1 7b5068927893f87d7958e9014561b48b395ab5b0
SHA256 0179d7cc3bb4cfca3988d614f31524cde276a767f9077aac24af04c4fe8874e4
SHA512 685d0e460e1976eb4c4c2bdb90f2f5a4cb378be32db5d192ac78e0d35f9a8c7aa7f1a0f8c34dd0a4de28ae2ed55ddc9f0511f77439b5612bdbb72048d8196044

C:\Windows\System\TVNqxIv.exe

MD5 7323cf81a9b3af3c60dea9c70cbc7ef8
SHA1 8b77b2f689c4ccacc0d1809e76b1da598a054c6d
SHA256 eb985f97bbfa06093eb871e85ed2859799f53afbdb257ab1b13193a92f9d55f4
SHA512 13662ce72225c9c8034828edd23192a71ecf93c5d8888294de32788f6419cdb1cf193313f23db41905c6dbf6503301c0705b17c174250dca8ae3b5161c040e6f

memory/952-12-0x00007FF66F0B0000-0x00007FF66F404000-memory.dmp

C:\Windows\System\PsafyEH.exe

MD5 a00a99d51e7f3836caac06867de46429
SHA1 c207787d723f05ed97e9cfa9c41439c2099b08f4
SHA256 6f907b3e071370cf9c3ea6b567561ee4e5bae548bb40cd9bc50601011f027a02
SHA512 04e6e1c4eaeca86cc78f902ddad61bd0487939bb8219e7570557a36012f3add99fee428f9b4f30385795fe1210718c7d6fd6700bc38255b52f96b43b2f26531c

memory/2392-7-0x00007FF73D410000-0x00007FF73D764000-memory.dmp

C:\Windows\System\EJMAdgA.exe

MD5 c1f8528bc473481712075bf241b9c7bd
SHA1 de11a708338dbd277e18f31d6ea8a9e87c4ab545
SHA256 601ff331af1defc1ee21d17ca1d9861f940a385454f9419be470ba4efa881431
SHA512 d2aaf20cbea68de0f7471006e0cbb70cd7cbe182f8ef96db5ef79f4c336caa1723274840ec0326eb15668b15a1d0fc60f35936ff5fb59691f15fe5fb291bc122

C:\Windows\System\TDZkazk.exe

MD5 19ce06aa33225acc0dbe066a68671e99
SHA1 17143fc9a90c9584e036dae9b99c4a51ebd05692
SHA256 d7577fda12d6c4a911d6036cf5901ed542ce368485e1428daef9e6b9daedae4d
SHA512 d1a69355dd228c028928e6a4b17d3fee4f61b61189d7c555e2eef668142ca3cb123bc9daad1eeef000b906eed872a03794b13f134ea190dcf4c45512ceab2285

C:\Windows\System\BXvfimv.exe

MD5 5a9ac23bb10bb9d9d828240ad1a78752
SHA1 f0c1aa2bb089e25d1a4edfe551cf4c668160919d
SHA256 c930b24d16567cdf50f7a1025192c2d6cf154751002281fb26b40bc73f96a4ad
SHA512 07c1286d4df37c77bf8f87fa69f5e68525e225560404e4c2fe1a28d61df1288d8099b3a17fd456a302b52f176275160af8759a3629cc3f59479cbb93796b824b

C:\Windows\System\NaUCjme.exe

MD5 083609931b36211f79ac598a23313b05
SHA1 d3c0f0d21bf211262eb86eb8db1c7abef9c347f3
SHA256 a5cbdb7336f5d322eab152b3dc2543a928af48c82f18962914929fc58c06f902
SHA512 65260144687272eed7e6ea9543c66e4b8317c0daeeb52b68e2497f02e8b021eec89db9c6e4f775428d1573dcf5ee027d1948c7449c0ee0973a69648be7ee3389

C:\Windows\System\fBfYhfX.exe

MD5 22943117b8dedb12e633ecf8a45dcf6d
SHA1 c9941cb6b21b7bb6cf27a22e84f61d05568de5f6
SHA256 be555d139e15e8fb3b4551bdfc9252ac2956ffabe917e1822846a240a22dfff9
SHA512 bfb594512bf4366b4329fcd0bd5578e355c740a75072d1bd61f02d31ea45372bcec4ca9049d0e463981c5cf213afc931d002ac9cae464c8c0dc13b734d355ad0

C:\Windows\System\yvzCule.exe

MD5 b48921d5ddb3a855e621c6554affd563
SHA1 9a863832966d1137526217ada2c3acb2ef2c2c28
SHA256 83ebca9ecb87eedd99482b1b018d8b10950103b82412a38431b5334688deddc4
SHA512 28484d7da841ecee1ab022243feb2879bac22e75c47e8080490a08ec988be4bd89203dfdfb4722613debfd78fcf736c543fbe1c4d94d311146a60c0380adb851

C:\Windows\System\EGHdOiS.exe

MD5 cd418f18cf62d495f50b28fe1286a437
SHA1 294fa29851339a358a7d346b0cbe1cc81e1c5b0f
SHA256 37bbb7aa6ef531b30d7e62628a0b2fff05470604dc9099f2a74bb0cb5be238c6
SHA512 ea4c291ef5090a64335c1d163bc5be9e8e438e2a13035bf1f6b1009d4d266e53b76530366c1d4c1a566e8545c910727917cd6860af790180a33fc2bed9e8f7b4

C:\Windows\System\gdrOefW.exe

MD5 6a3be24f6e2043423a29b892a6a22ba1
SHA1 9daddd09fde847676a72dc83e5b5dcc93c5ec967
SHA256 6743a9eac0d217f9710904b85a74d358857c27ca5b89459435c8ea57483e53b3
SHA512 d9570d068812f187813a6445067b44605a0aac43d1ba97771b7e25b5ed207dd55b028157e1e79c0482517b503519c78d9835f5c475ea82a4d51293ae6023de09

C:\Windows\System\wKzdsHw.exe

MD5 720de3d66188038f92fdd839001441b3
SHA1 1481b9d46310137a9a629910f4bd67db8d180391
SHA256 9a5c301fefa61d975f7463475266f2e883bbb12066435e2a548aff4e983cb242
SHA512 71b88d462da830e3baea56a94a645eea7da549ba0804da773455b6d8f5e5d302a45468d02fa2bc1d7569add17be8fec4005e56a98a54f45c50240b68165ea3b5

C:\Windows\System\hGkKzxz.exe

MD5 d8c6f152dffc557d20e1d69d11414089
SHA1 3105d6e0d97033225d406f47df5d4478cf33aa43
SHA256 49807ee3a446e34aeae25a9830effb415755e6d493f3f36d0cf59a5cf457e9f8
SHA512 fe47b15724276f3931a8d868023bc13407f79b1bdee463953528eababecebea9d5835a953bad869619b7f46f95252e418c966a39eda474233609d4a28fa7753c

memory/3612-824-0x00007FF6AE330000-0x00007FF6AE684000-memory.dmp

memory/1772-825-0x00007FF6EFCA0000-0x00007FF6EFFF4000-memory.dmp

memory/4680-827-0x00007FF6E03B0000-0x00007FF6E0704000-memory.dmp

memory/1044-826-0x00007FF6D1C80000-0x00007FF6D1FD4000-memory.dmp

memory/3780-829-0x00007FF705E30000-0x00007FF706184000-memory.dmp

memory/3128-831-0x00007FF7C16C0000-0x00007FF7C1A14000-memory.dmp

memory/516-830-0x00007FF742AF0000-0x00007FF742E44000-memory.dmp

memory/440-828-0x00007FF7A8680000-0x00007FF7A89D4000-memory.dmp

memory/4424-833-0x00007FF7DD630000-0x00007FF7DD984000-memory.dmp

memory/3672-834-0x00007FF74F930000-0x00007FF74FC84000-memory.dmp

memory/1528-832-0x00007FF601810000-0x00007FF601B64000-memory.dmp

C:\Windows\System\zexGOsr.exe

MD5 c96471b70311a0b89d3154961002b69c
SHA1 d22813e23c12a29aab91c0edf2950aaaffe543ab
SHA256 4cf2b2f9608efc830442baaaa9d47183878560e7a5f160d7fd1d9f42d3b4e13b
SHA512 0da7a6b7cd55ba453a416679599b7b330cbe45db0ef13c0ddc417153881ecbb0dce187b82e2e6e906815f3c6b1bf1855b9edb65b2c9c86bf8645b0bec67d71a4

C:\Windows\System\LRCLGRd.exe

MD5 f0ecc7772a3908e31c1b2054be556029
SHA1 5f5d3e87c40379850e6bae2f8e1b297dbbe99c63
SHA256 0c938233cd25c1cd51325f3028f8ed62eb469ebf3124ce87cfa20b19d8ccb261
SHA512 5ad54a59ce934ff9e64744888b8ff0897e390774215fd2d468c88777b47e9815e9b57371d019bbf28de6e8aed395ed9b23127bf4409e37c9cb5e44527131d57d

C:\Windows\System\MTyfbul.exe

MD5 79550df9e78bb1c7bd28c98032f852d2
SHA1 58f166f3d7e2f2912f1c8deb6ce845cc8fc4a1b5
SHA256 141e21c4cfa9eb9f7047075fb9bd244ad97370eb4defdc285337bba41ae18003
SHA512 1a0e3408391d35fd9b50b69ec4c303f5181ba54a29839e635326be53403db1b1c2aff97f5c103190777568050b77d53e09c3445e3cdc8e728d858d739821c43a

C:\Windows\System\uIsdjhH.exe

MD5 86c3ade09d9244665b66c0157c7f72c9
SHA1 351a96bd87471c2db6da9215c27560b177ad467a
SHA256 2c48c8a033975e4034e6d4d1f8fcad2123eb5fde199df888c1fa5ea669623323
SHA512 815b79de26f737813f1cb33f5ad313d094392a6b92ba1e3b26718cdd4fc8f946bb33e853f57bd4ba82ba138acb32fa816c9ea50124331d717af787473b90b3e3

C:\Windows\System\usszgCu.exe

MD5 42bcea215e6d946b7789810c09507b91
SHA1 f12ec2b9958087a5ebd1070e9d9332b93cddfb4f
SHA256 483e5700c7d6e0834160cb7d2fccae55c83130fc205ceaf08f7038acbcc80d78
SHA512 e3d26b00f2aa86a04d541131fb268232935ebd7288b05455cdf53a7ff38a6eb41f7b94596aa8354f54c683db27967d5665b7d72425cc99a142e465a949b7f539

C:\Windows\System\xYnJGUv.exe

MD5 ba87df49651ffe4827a0a648cac4263b
SHA1 046067e2b3086f269d6a58377482266b5b52898b
SHA256 3527a8e7535a4c06b8b9625990bcf75d2f13b03320c2967e2f7de22a4e918d99
SHA512 e42dcae1bc10570f045af94ddd560e296a8719a85ef5fa4061b1a233479bbaee2a59adb6a29580e30cd9b8eecf5f19de002e050bade57cee7036e8e2976aac15

C:\Windows\System\xoSINjw.exe

MD5 b0bcf81b0b0ffc827ab0927f7add80e6
SHA1 9d189799d8c769eddbcb8ac020c09e15397d2870
SHA256 396f59e5001495fdf8ee97e8692a80ddc21f7c307b0e74d85934d520c827f055
SHA512 bb8adfcf7140dbe862204c4a6aa02b7a65bf7a73e70b395aca912d84dbd93b947187766de6eea8fb84dbbe5be6a0368333564cd6904850c945ce0a565e333b1d

C:\Windows\System\OiTusJy.exe

MD5 a982c01bf57b538089fa2b58bc150c5e
SHA1 fd128e4bfa559c66411063681b0cb21cecf5f285
SHA256 3985347fafd987b985dfdf24c3f83223d4c88f729a0ac0fe70f9bc1b98c16854
SHA512 ad5c2a782581de6435cc7c2536829b419b45469db9fef096a096c010fbbacd8b45f729f464bbde4d60d9d0f3ff7b5ee663c83237f44a24fb1c2baa4c9797fcb8

C:\Windows\System\kHRNGuw.exe

MD5 51d0d76317cbbc8b812df56a68c10cb4
SHA1 bd7c2253e5bc93eefaf3043bc048ccdb7a38f3e6
SHA256 6a7140a0f7e235b0b96012c74029a077fa351091f9c3c0d0936453d7811079e1
SHA512 3301033860c74eb8302f2bf70a56b94c1cdec6b57fe6e924117a2fd9bc07df1796fa37b85e0a2577c92c266a9729ba3f80b9f7821f2143afb289c34752ceb0dd

C:\Windows\System\AtIGvMC.exe

MD5 89d22aa2af2cac6efa48080a94f2dc84
SHA1 c9a6ac327f46f533aa5cb89f7be25f23e6b48810
SHA256 819ef42e1ead473dafe05eeb49e967d8b2a95c2b6b17e9df24629437334fb1b2
SHA512 67a6f8f0392c119ee24f1208ca77f62876f733aa87829d93f0e760773cd5f49d8847bc88c5deaee0615dc4e432f2b4312ff2c3a5d9c628fea97f376ff7a01fa0

C:\Windows\System\GqTZEzn.exe

MD5 fc678911a08582fd1eab04d51132a30e
SHA1 f10e93eb7605d08adba0d864701a7a64b6e1fe14
SHA256 08138ece3e62b65f89518ece189a0eed10b126eec9a4e275d2338f213bb0c845
SHA512 0581e4f271d14fe5bb8e4ed6663fd8d6c68a23e6e6661bc6b905c59d8c22c592a92447e354b547e6cdb22248fda0f7397f5afa76bee831c3ff58ab1bc73cad21

C:\Windows\System\bPwdfla.exe

MD5 653e0f09cffeb16ee01996df8925a221
SHA1 18eefe25e4f335ed1d926c7b163c7b3415ffe07c
SHA256 bd48586bae8e9c68237c8463eaaed012073431c94c61d635be583df3b1f01f7c
SHA512 13d67805f21ab768a0ac535f17ed5e316ff59dd8bcf249c953ea84c4c9b510a944892772e013ac178a2d53687e48cd319721e6ebc9b1d5e7aa7470ff297a3cf2

C:\Windows\System\CreZUQg.exe

MD5 310b95277be4954dbb23b3d6839b6f84
SHA1 0311615cfff2e1e273f3d00e194b3e2050062052
SHA256 b399a70b18d74e75ad1e2e42ed77cc3d3d926483e876f87d8e12739d2303d2dd
SHA512 0e5cd2a8ec6ff25f093714717b1bf720c5b915f62389353d36acb4929b0793b9d00260a039f9965af5a7436569b12a6f7bd9ef6c6207a3ecbe03a90c0d447bac

C:\Windows\System\pMimPSu.exe

MD5 d1a07bf1928f69593aec7906812a9757
SHA1 0d6e24c2310a605497e19a578d37de8c54e532e1
SHA256 2e7cbeae30d93e0e2d75d05ea8cc44f62b5a62251377d0e5ca463a40673e97f0
SHA512 c607ec83cd89b86fc319a394e5fad6deadc4d07b5767665fbce5da7be0b710c5066964c5c2fba06ab920daacb41c7888ff9c6f136651da2ed93390c7955b2800

C:\Windows\System\cEaUFAi.exe

MD5 c8e03ac70da8f21e42b63eb5100fe78a
SHA1 2f33b54b50f0f10208e6f004295c8914d1b72c4d
SHA256 7b05a552e5ee2a94ae4ee195338be5a1b39938ce2f2a3f689cdc8f434d737e7e
SHA512 a53d13d63496045e57aed1ca3c6c4af33dcb38d876941330b0e46901e5ca91ec42de9ab52ce4d0a29ae08129f663819eebfa2b666e88cc2b43bfb55eed27b8c9

C:\Windows\System\vAlgzjR.exe

MD5 87985d1e47e8232283fc9e913cf49335
SHA1 2624cc1cfd5241f4f41566af9e0c97b4f4862144
SHA256 069657d616b1d4f1edbb5e6141c2214cfae456bac9ef12baf07731b8ab03e5ae
SHA512 63d17b3ea2de3533db85f9511fafab3cbcbf6ba575125d8612802a67c4be6a2e27bcac24d7abd117b901f2f4ce71626676ad4262bf66a6a6d0afa87e27289b9f

C:\Windows\System\rqKrfPp.exe

MD5 251bc9d20b744ab88db76c8411ff9c01
SHA1 d95fbc58a0db1522da92c2107941b3951dcac7e2
SHA256 bb9998d9be7bbc5fbf59f95bd6ac9a52c935b5000f7b0a99fa66cb719658f083
SHA512 7ed3cce42cdac3bc11132f31a43eb8ba9694eccb44087b188fd2e14ac00c831d674cc8173f2d084be5d87ae81beaf0c635fd07b261d8eeee44182da7f218c0bf

C:\Windows\System\NBGcKlu.exe

MD5 bff3f1187c034b739e61e7ea7b8194fa
SHA1 e7d4b18abdd9a4a8f995fd1db6025359431da66f
SHA256 052824318f67fb0b0c572cee4374b6898e2f942bc8c2bf0480875075aba8dae2
SHA512 36de9096cb30c3e3a5a2e634dc2dfec0d05e2d7946af0a13aee2705dc24c72188170d7dcbb23b0d46edb2966ef66ca831995326d1f98a1d131323d5b10f64c9d

C:\Windows\System\GNpRcqZ.exe

MD5 5089f7b4879977ac3a4c7dfd7c0c0b77
SHA1 1595d2a0e219ecc3beb0032334c26cf7f57909f5
SHA256 765c19cef392cb7aa8ae74e10735b977f12dcf502ade4f3dcae4e1c39692a9fc
SHA512 48187f44cce56e0a46a89260ee841c3de216fecde5b928daa7b9c89d74e40a6865a1d81d939aa12f763fe916da69f6ed259e90042601e4ebcada6e6049e0852f

C:\Windows\System\THyPZVV.exe

MD5 7a2009fcbf5bfdc7444743451721b8d0
SHA1 8b04b21ca3361e8064f30c872f0a06c9cf08452f
SHA256 89af8fea02a62fd412e570a7faa427126f510da2039b1ba2d151dc26af1a435b
SHA512 e00bab566b1937ad3e4452490daa19d4b7bd1492dd440476ab88f7eeec4fa3d45d1a1bea003e82d4086b7be10fc1dc098feadb7d98e967c1e439c75721ae81d4

memory/4148-847-0x00007FF629860000-0x00007FF629BB4000-memory.dmp

memory/4404-900-0x00007FF66D2C0000-0x00007FF66D614000-memory.dmp

memory/3852-894-0x00007FF7698A0000-0x00007FF769BF4000-memory.dmp

memory/3160-903-0x00007FF695760000-0x00007FF695AB4000-memory.dmp

memory/688-891-0x00007FF641A80000-0x00007FF641DD4000-memory.dmp

memory/4564-888-0x00007FF692E00000-0x00007FF693154000-memory.dmp

memory/1840-883-0x00007FF67FBD0000-0x00007FF67FF24000-memory.dmp

memory/1612-873-0x00007FF72B1A0000-0x00007FF72B4F4000-memory.dmp

memory/1716-916-0x00007FF71A660000-0x00007FF71A9B4000-memory.dmp

memory/4952-927-0x00007FF720A00000-0x00007FF720D54000-memory.dmp

memory/560-858-0x00007FF6FF690000-0x00007FF6FF9E4000-memory.dmp

memory/784-855-0x00007FF65F3B0000-0x00007FF65F704000-memory.dmp

memory/1376-850-0x00007FF63C580000-0x00007FF63C8D4000-memory.dmp

memory/4292-942-0x00007FF74C1A0000-0x00007FF74C4F4000-memory.dmp

memory/892-949-0x00007FF7E6DE0000-0x00007FF7E7134000-memory.dmp

memory/4788-954-0x00007FF7C7290000-0x00007FF7C75E4000-memory.dmp

memory/1388-1070-0x00007FF7DA450000-0x00007FF7DA7A4000-memory.dmp

memory/2392-1071-0x00007FF73D410000-0x00007FF73D764000-memory.dmp

memory/952-1072-0x00007FF66F0B0000-0x00007FF66F404000-memory.dmp

memory/2392-1073-0x00007FF73D410000-0x00007FF73D764000-memory.dmp

memory/952-1074-0x00007FF66F0B0000-0x00007FF66F404000-memory.dmp

memory/3612-1075-0x00007FF6AE330000-0x00007FF6AE684000-memory.dmp

memory/1772-1076-0x00007FF6EFCA0000-0x00007FF6EFFF4000-memory.dmp

memory/4680-1079-0x00007FF6E03B0000-0x00007FF6E0704000-memory.dmp

memory/516-1081-0x00007FF742AF0000-0x00007FF742E44000-memory.dmp

memory/3780-1080-0x00007FF705E30000-0x00007FF706184000-memory.dmp

memory/1044-1078-0x00007FF6D1C80000-0x00007FF6D1FD4000-memory.dmp

memory/440-1077-0x00007FF7A8680000-0x00007FF7A89D4000-memory.dmp

memory/4952-1086-0x00007FF720A00000-0x00007FF720D54000-memory.dmp

memory/1612-1101-0x00007FF72B1A0000-0x00007FF72B4F4000-memory.dmp

memory/1840-1100-0x00007FF67FBD0000-0x00007FF67FF24000-memory.dmp

memory/3128-1099-0x00007FF7C16C0000-0x00007FF7C1A14000-memory.dmp

memory/4404-1098-0x00007FF66D2C0000-0x00007FF66D614000-memory.dmp

memory/1528-1097-0x00007FF601810000-0x00007FF601B64000-memory.dmp

memory/4424-1096-0x00007FF7DD630000-0x00007FF7DD984000-memory.dmp

memory/3672-1095-0x00007FF74F930000-0x00007FF74FC84000-memory.dmp

memory/4148-1094-0x00007FF629860000-0x00007FF629BB4000-memory.dmp

memory/1376-1093-0x00007FF63C580000-0x00007FF63C8D4000-memory.dmp

memory/784-1092-0x00007FF65F3B0000-0x00007FF65F704000-memory.dmp

memory/560-1091-0x00007FF6FF690000-0x00007FF6FF9E4000-memory.dmp

memory/4564-1090-0x00007FF692E00000-0x00007FF693154000-memory.dmp

memory/688-1089-0x00007FF641A80000-0x00007FF641DD4000-memory.dmp

memory/3160-1087-0x00007FF695760000-0x00007FF695AB4000-memory.dmp

memory/4292-1085-0x00007FF74C1A0000-0x00007FF74C4F4000-memory.dmp

memory/892-1084-0x00007FF7E6DE0000-0x00007FF7E7134000-memory.dmp

memory/4788-1083-0x00007FF7C7290000-0x00007FF7C75E4000-memory.dmp

memory/1716-1082-0x00007FF71A660000-0x00007FF71A9B4000-memory.dmp

memory/3852-1088-0x00007FF7698A0000-0x00007FF769BF4000-memory.dmp