Malware Analysis Report

2024-10-10 09:49

Sample ID 240619-zgssms1arc
Target 065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe
SHA256 065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123

Threat Level: Known bad

The file 065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

xmrig

KPOT Core Executable

XMRig Miner payload

Xmrig family

KPOT

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 20:41

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 20:41

Reported

2024-06-19 20:44

Platform

win7-20231129-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\InInPVd.exe N/A
N/A N/A C:\Windows\System\eLqzdIB.exe N/A
N/A N/A C:\Windows\System\XkJgZBK.exe N/A
N/A N/A C:\Windows\System\cEdZrfB.exe N/A
N/A N/A C:\Windows\System\tfISUBk.exe N/A
N/A N/A C:\Windows\System\DpZMawL.exe N/A
N/A N/A C:\Windows\System\bSdbbOl.exe N/A
N/A N/A C:\Windows\System\bDEAsvF.exe N/A
N/A N/A C:\Windows\System\KXzdbgK.exe N/A
N/A N/A C:\Windows\System\tJwXxfe.exe N/A
N/A N/A C:\Windows\System\gjRSEOS.exe N/A
N/A N/A C:\Windows\System\WbyorhP.exe N/A
N/A N/A C:\Windows\System\wEcFwMD.exe N/A
N/A N/A C:\Windows\System\sKzBbEE.exe N/A
N/A N/A C:\Windows\System\RVOAAHG.exe N/A
N/A N/A C:\Windows\System\lWdOGst.exe N/A
N/A N/A C:\Windows\System\eBGPEFc.exe N/A
N/A N/A C:\Windows\System\SMYawhM.exe N/A
N/A N/A C:\Windows\System\zxjAbJu.exe N/A
N/A N/A C:\Windows\System\FkDedSB.exe N/A
N/A N/A C:\Windows\System\sFoYskD.exe N/A
N/A N/A C:\Windows\System\qsghbQJ.exe N/A
N/A N/A C:\Windows\System\rRHvOoz.exe N/A
N/A N/A C:\Windows\System\NAfKDQX.exe N/A
N/A N/A C:\Windows\System\jUTPQRo.exe N/A
N/A N/A C:\Windows\System\CEcbUZp.exe N/A
N/A N/A C:\Windows\System\QJBeflZ.exe N/A
N/A N/A C:\Windows\System\uFYxMHO.exe N/A
N/A N/A C:\Windows\System\YgUVhaC.exe N/A
N/A N/A C:\Windows\System\ThZiaKD.exe N/A
N/A N/A C:\Windows\System\bZFJQXp.exe N/A
N/A N/A C:\Windows\System\PFEcBAt.exe N/A
N/A N/A C:\Windows\System\ObNLDcp.exe N/A
N/A N/A C:\Windows\System\wddRuut.exe N/A
N/A N/A C:\Windows\System\tuYWRCI.exe N/A
N/A N/A C:\Windows\System\lZIOrXS.exe N/A
N/A N/A C:\Windows\System\zNwjEfb.exe N/A
N/A N/A C:\Windows\System\bTfgUIr.exe N/A
N/A N/A C:\Windows\System\MFFESZv.exe N/A
N/A N/A C:\Windows\System\nSMeSVX.exe N/A
N/A N/A C:\Windows\System\RdSCCQu.exe N/A
N/A N/A C:\Windows\System\MkuzCUJ.exe N/A
N/A N/A C:\Windows\System\TSaQnzI.exe N/A
N/A N/A C:\Windows\System\RbirDSG.exe N/A
N/A N/A C:\Windows\System\QIcLPAE.exe N/A
N/A N/A C:\Windows\System\minUgGD.exe N/A
N/A N/A C:\Windows\System\vxnNofP.exe N/A
N/A N/A C:\Windows\System\LgbQHPD.exe N/A
N/A N/A C:\Windows\System\GOogFma.exe N/A
N/A N/A C:\Windows\System\wZtrBAe.exe N/A
N/A N/A C:\Windows\System\kDWzBGn.exe N/A
N/A N/A C:\Windows\System\sgBkZbo.exe N/A
N/A N/A C:\Windows\System\IYdYXmP.exe N/A
N/A N/A C:\Windows\System\KCfQQPB.exe N/A
N/A N/A C:\Windows\System\KlxYMhL.exe N/A
N/A N/A C:\Windows\System\ioRHBAN.exe N/A
N/A N/A C:\Windows\System\GfZYnQx.exe N/A
N/A N/A C:\Windows\System\QrpDTRv.exe N/A
N/A N/A C:\Windows\System\HpuTTDi.exe N/A
N/A N/A C:\Windows\System\owWDuSe.exe N/A
N/A N/A C:\Windows\System\iFPvJMj.exe N/A
N/A N/A C:\Windows\System\xfgVTGg.exe N/A
N/A N/A C:\Windows\System\pDEfEZP.exe N/A
N/A N/A C:\Windows\System\KUpcfXC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ChWiJQo.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCLubEk.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfISUBk.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRHQXSI.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibEwxTu.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeSVqsd.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJLcrsd.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYdYXmP.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFlojgo.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLwcIqQ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQFiQjJ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRXJXXw.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\KlxYMhL.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\utzRNYw.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtKXPcz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdtzHDc.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdUUDJe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKzBbEE.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\BbruVcJ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\YeXqYHP.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vdQyAAP.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyoxqdA.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDEAsvF.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObNLDcp.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\oacfRCA.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOgICLI.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\waBliSH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYzmDGH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJwXxfe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRHvOoz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxnNofP.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfZYnQx.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbELMCe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdSCCQu.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZyIkDS.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfPWipz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAVtkcB.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFFESZv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\OiwnFUv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIqeEFV.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\mfeyQzY.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpHqWeL.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFYxMHO.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSMeSVX.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGBogus.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCsgOBo.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXzdbgK.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZFJQXp.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUbWLXo.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\eInesDE.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCRqmcf.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\TklZbRw.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFRegcz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbqzsyJ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNxRuVt.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXaIGAf.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZIOrXS.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOvnZZf.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\AlzPBni.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmigifI.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\jUTPQRo.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUjEclX.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\PysUvnW.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbXipaX.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\InInPVd.exe
PID 2888 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\InInPVd.exe
PID 2888 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\InInPVd.exe
PID 2888 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\XkJgZBK.exe
PID 2888 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\XkJgZBK.exe
PID 2888 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\XkJgZBK.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\eLqzdIB.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\eLqzdIB.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\eLqzdIB.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\cEdZrfB.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\cEdZrfB.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\cEdZrfB.exe
PID 2888 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tfISUBk.exe
PID 2888 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tfISUBk.exe
PID 2888 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tfISUBk.exe
PID 2888 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\DpZMawL.exe
PID 2888 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\DpZMawL.exe
PID 2888 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\DpZMawL.exe
PID 2888 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KXzdbgK.exe
PID 2888 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KXzdbgK.exe
PID 2888 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KXzdbgK.exe
PID 2888 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bSdbbOl.exe
PID 2888 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bSdbbOl.exe
PID 2888 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bSdbbOl.exe
PID 2888 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\WbyorhP.exe
PID 2888 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\WbyorhP.exe
PID 2888 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\WbyorhP.exe
PID 2888 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bDEAsvF.exe
PID 2888 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bDEAsvF.exe
PID 2888 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bDEAsvF.exe
PID 2888 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\SMYawhM.exe
PID 2888 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\SMYawhM.exe
PID 2888 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\SMYawhM.exe
PID 2888 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tJwXxfe.exe
PID 2888 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tJwXxfe.exe
PID 2888 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tJwXxfe.exe
PID 2888 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sFoYskD.exe
PID 2888 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sFoYskD.exe
PID 2888 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sFoYskD.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\gjRSEOS.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\gjRSEOS.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\gjRSEOS.exe
PID 2888 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\qsghbQJ.exe
PID 2888 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\qsghbQJ.exe
PID 2888 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\qsghbQJ.exe
PID 2888 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\wEcFwMD.exe
PID 2888 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\wEcFwMD.exe
PID 2888 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\wEcFwMD.exe
PID 2888 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\rRHvOoz.exe
PID 2888 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\rRHvOoz.exe
PID 2888 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\rRHvOoz.exe
PID 2888 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sKzBbEE.exe
PID 2888 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sKzBbEE.exe
PID 2888 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\sKzBbEE.exe
PID 2888 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NAfKDQX.exe
PID 2888 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NAfKDQX.exe
PID 2888 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NAfKDQX.exe
PID 2888 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\RVOAAHG.exe
PID 2888 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\RVOAAHG.exe
PID 2888 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\RVOAAHG.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\CEcbUZp.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\CEcbUZp.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\CEcbUZp.exe
PID 2888 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\lWdOGst.exe

Processes

C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe"

C:\Windows\System\InInPVd.exe

C:\Windows\System\InInPVd.exe

C:\Windows\System\XkJgZBK.exe

C:\Windows\System\XkJgZBK.exe

C:\Windows\System\eLqzdIB.exe

C:\Windows\System\eLqzdIB.exe

C:\Windows\System\cEdZrfB.exe

C:\Windows\System\cEdZrfB.exe

C:\Windows\System\tfISUBk.exe

C:\Windows\System\tfISUBk.exe

C:\Windows\System\DpZMawL.exe

C:\Windows\System\DpZMawL.exe

C:\Windows\System\KXzdbgK.exe

C:\Windows\System\KXzdbgK.exe

C:\Windows\System\bSdbbOl.exe

C:\Windows\System\bSdbbOl.exe

C:\Windows\System\WbyorhP.exe

C:\Windows\System\WbyorhP.exe

C:\Windows\System\bDEAsvF.exe

C:\Windows\System\bDEAsvF.exe

C:\Windows\System\SMYawhM.exe

C:\Windows\System\SMYawhM.exe

C:\Windows\System\tJwXxfe.exe

C:\Windows\System\tJwXxfe.exe

C:\Windows\System\sFoYskD.exe

C:\Windows\System\sFoYskD.exe

C:\Windows\System\gjRSEOS.exe

C:\Windows\System\gjRSEOS.exe

C:\Windows\System\qsghbQJ.exe

C:\Windows\System\qsghbQJ.exe

C:\Windows\System\wEcFwMD.exe

C:\Windows\System\wEcFwMD.exe

C:\Windows\System\rRHvOoz.exe

C:\Windows\System\rRHvOoz.exe

C:\Windows\System\sKzBbEE.exe

C:\Windows\System\sKzBbEE.exe

C:\Windows\System\NAfKDQX.exe

C:\Windows\System\NAfKDQX.exe

C:\Windows\System\RVOAAHG.exe

C:\Windows\System\RVOAAHG.exe

C:\Windows\System\CEcbUZp.exe

C:\Windows\System\CEcbUZp.exe

C:\Windows\System\lWdOGst.exe

C:\Windows\System\lWdOGst.exe

C:\Windows\System\QJBeflZ.exe

C:\Windows\System\QJBeflZ.exe

C:\Windows\System\eBGPEFc.exe

C:\Windows\System\eBGPEFc.exe

C:\Windows\System\uFYxMHO.exe

C:\Windows\System\uFYxMHO.exe

C:\Windows\System\zxjAbJu.exe

C:\Windows\System\zxjAbJu.exe

C:\Windows\System\YgUVhaC.exe

C:\Windows\System\YgUVhaC.exe

C:\Windows\System\FkDedSB.exe

C:\Windows\System\FkDedSB.exe

C:\Windows\System\ThZiaKD.exe

C:\Windows\System\ThZiaKD.exe

C:\Windows\System\jUTPQRo.exe

C:\Windows\System\jUTPQRo.exe

C:\Windows\System\bZFJQXp.exe

C:\Windows\System\bZFJQXp.exe

C:\Windows\System\PFEcBAt.exe

C:\Windows\System\PFEcBAt.exe

C:\Windows\System\ObNLDcp.exe

C:\Windows\System\ObNLDcp.exe

C:\Windows\System\wddRuut.exe

C:\Windows\System\wddRuut.exe

C:\Windows\System\tuYWRCI.exe

C:\Windows\System\tuYWRCI.exe

C:\Windows\System\lZIOrXS.exe

C:\Windows\System\lZIOrXS.exe

C:\Windows\System\zNwjEfb.exe

C:\Windows\System\zNwjEfb.exe

C:\Windows\System\bTfgUIr.exe

C:\Windows\System\bTfgUIr.exe

C:\Windows\System\MFFESZv.exe

C:\Windows\System\MFFESZv.exe

C:\Windows\System\nSMeSVX.exe

C:\Windows\System\nSMeSVX.exe

C:\Windows\System\RdSCCQu.exe

C:\Windows\System\RdSCCQu.exe

C:\Windows\System\MkuzCUJ.exe

C:\Windows\System\MkuzCUJ.exe

C:\Windows\System\TSaQnzI.exe

C:\Windows\System\TSaQnzI.exe

C:\Windows\System\RbirDSG.exe

C:\Windows\System\RbirDSG.exe

C:\Windows\System\QIcLPAE.exe

C:\Windows\System\QIcLPAE.exe

C:\Windows\System\minUgGD.exe

C:\Windows\System\minUgGD.exe

C:\Windows\System\vxnNofP.exe

C:\Windows\System\vxnNofP.exe

C:\Windows\System\LgbQHPD.exe

C:\Windows\System\LgbQHPD.exe

C:\Windows\System\GOogFma.exe

C:\Windows\System\GOogFma.exe

C:\Windows\System\wZtrBAe.exe

C:\Windows\System\wZtrBAe.exe

C:\Windows\System\kDWzBGn.exe

C:\Windows\System\kDWzBGn.exe

C:\Windows\System\sgBkZbo.exe

C:\Windows\System\sgBkZbo.exe

C:\Windows\System\IYdYXmP.exe

C:\Windows\System\IYdYXmP.exe

C:\Windows\System\KCfQQPB.exe

C:\Windows\System\KCfQQPB.exe

C:\Windows\System\KlxYMhL.exe

C:\Windows\System\KlxYMhL.exe

C:\Windows\System\ioRHBAN.exe

C:\Windows\System\ioRHBAN.exe

C:\Windows\System\GfZYnQx.exe

C:\Windows\System\GfZYnQx.exe

C:\Windows\System\QrpDTRv.exe

C:\Windows\System\QrpDTRv.exe

C:\Windows\System\owWDuSe.exe

C:\Windows\System\owWDuSe.exe

C:\Windows\System\HpuTTDi.exe

C:\Windows\System\HpuTTDi.exe

C:\Windows\System\xfgVTGg.exe

C:\Windows\System\xfgVTGg.exe

C:\Windows\System\iFPvJMj.exe

C:\Windows\System\iFPvJMj.exe

C:\Windows\System\pDEfEZP.exe

C:\Windows\System\pDEfEZP.exe

C:\Windows\System\KUpcfXC.exe

C:\Windows\System\KUpcfXC.exe

C:\Windows\System\vjvLqiV.exe

C:\Windows\System\vjvLqiV.exe

C:\Windows\System\cUEwyLR.exe

C:\Windows\System\cUEwyLR.exe

C:\Windows\System\HfPsoMY.exe

C:\Windows\System\HfPsoMY.exe

C:\Windows\System\CSzYfOs.exe

C:\Windows\System\CSzYfOs.exe

C:\Windows\System\ykziHlT.exe

C:\Windows\System\ykziHlT.exe

C:\Windows\System\mqZRKHg.exe

C:\Windows\System\mqZRKHg.exe

C:\Windows\System\UmqaUDT.exe

C:\Windows\System\UmqaUDT.exe

C:\Windows\System\FjZuEPL.exe

C:\Windows\System\FjZuEPL.exe

C:\Windows\System\rYUOSzW.exe

C:\Windows\System\rYUOSzW.exe

C:\Windows\System\tlyFdAr.exe

C:\Windows\System\tlyFdAr.exe

C:\Windows\System\mRDMYkg.exe

C:\Windows\System\mRDMYkg.exe

C:\Windows\System\XXvAfvG.exe

C:\Windows\System\XXvAfvG.exe

C:\Windows\System\HCjUeZf.exe

C:\Windows\System\HCjUeZf.exe

C:\Windows\System\xXbLQht.exe

C:\Windows\System\xXbLQht.exe

C:\Windows\System\odQnzHr.exe

C:\Windows\System\odQnzHr.exe

C:\Windows\System\XjsDntk.exe

C:\Windows\System\XjsDntk.exe

C:\Windows\System\FZnkkww.exe

C:\Windows\System\FZnkkww.exe

C:\Windows\System\utzRNYw.exe

C:\Windows\System\utzRNYw.exe

C:\Windows\System\EKApAHy.exe

C:\Windows\System\EKApAHy.exe

C:\Windows\System\cuLiqks.exe

C:\Windows\System\cuLiqks.exe

C:\Windows\System\KMrJnlK.exe

C:\Windows\System\KMrJnlK.exe

C:\Windows\System\gkiEHzj.exe

C:\Windows\System\gkiEHzj.exe

C:\Windows\System\fJvGyII.exe

C:\Windows\System\fJvGyII.exe

C:\Windows\System\xBwNKYn.exe

C:\Windows\System\xBwNKYn.exe

C:\Windows\System\gPwadmA.exe

C:\Windows\System\gPwadmA.exe

C:\Windows\System\qOvnZZf.exe

C:\Windows\System\qOvnZZf.exe

C:\Windows\System\VuZwSXB.exe

C:\Windows\System\VuZwSXB.exe

C:\Windows\System\sQVxdnQ.exe

C:\Windows\System\sQVxdnQ.exe

C:\Windows\System\VeRlyds.exe

C:\Windows\System\VeRlyds.exe

C:\Windows\System\ROqDJsC.exe

C:\Windows\System\ROqDJsC.exe

C:\Windows\System\VSvAslt.exe

C:\Windows\System\VSvAslt.exe

C:\Windows\System\YvodcTT.exe

C:\Windows\System\YvodcTT.exe

C:\Windows\System\XbELMCe.exe

C:\Windows\System\XbELMCe.exe

C:\Windows\System\ruoinyK.exe

C:\Windows\System\ruoinyK.exe

C:\Windows\System\ZXqNTQt.exe

C:\Windows\System\ZXqNTQt.exe

C:\Windows\System\NbnOpAS.exe

C:\Windows\System\NbnOpAS.exe

C:\Windows\System\AdeeoyL.exe

C:\Windows\System\AdeeoyL.exe

C:\Windows\System\gEWtLEl.exe

C:\Windows\System\gEWtLEl.exe

C:\Windows\System\aZyIkDS.exe

C:\Windows\System\aZyIkDS.exe

C:\Windows\System\wAFvSsq.exe

C:\Windows\System\wAFvSsq.exe

C:\Windows\System\yfOTapk.exe

C:\Windows\System\yfOTapk.exe

C:\Windows\System\eUjEclX.exe

C:\Windows\System\eUjEclX.exe

C:\Windows\System\TSfuPVE.exe

C:\Windows\System\TSfuPVE.exe

C:\Windows\System\annfOqp.exe

C:\Windows\System\annfOqp.exe

C:\Windows\System\VqHIhbG.exe

C:\Windows\System\VqHIhbG.exe

C:\Windows\System\XgXocgV.exe

C:\Windows\System\XgXocgV.exe

C:\Windows\System\PysUvnW.exe

C:\Windows\System\PysUvnW.exe

C:\Windows\System\uGJZodD.exe

C:\Windows\System\uGJZodD.exe

C:\Windows\System\eDguejl.exe

C:\Windows\System\eDguejl.exe

C:\Windows\System\MOCgjTR.exe

C:\Windows\System\MOCgjTR.exe

C:\Windows\System\OiwnFUv.exe

C:\Windows\System\OiwnFUv.exe

C:\Windows\System\BOfrJtX.exe

C:\Windows\System\BOfrJtX.exe

C:\Windows\System\pzbyfTP.exe

C:\Windows\System\pzbyfTP.exe

C:\Windows\System\nUbWLXo.exe

C:\Windows\System\nUbWLXo.exe

C:\Windows\System\czVOYYd.exe

C:\Windows\System\czVOYYd.exe

C:\Windows\System\DxPXWtb.exe

C:\Windows\System\DxPXWtb.exe

C:\Windows\System\HbffEGu.exe

C:\Windows\System\HbffEGu.exe

C:\Windows\System\TklZbRw.exe

C:\Windows\System\TklZbRw.exe

C:\Windows\System\GNxVsTF.exe

C:\Windows\System\GNxVsTF.exe

C:\Windows\System\wXRBDvT.exe

C:\Windows\System\wXRBDvT.exe

C:\Windows\System\OJhnCzI.exe

C:\Windows\System\OJhnCzI.exe

C:\Windows\System\bJVynbo.exe

C:\Windows\System\bJVynbo.exe

C:\Windows\System\UtKXPcz.exe

C:\Windows\System\UtKXPcz.exe

C:\Windows\System\VRHQXSI.exe

C:\Windows\System\VRHQXSI.exe

C:\Windows\System\NPJYRxv.exe

C:\Windows\System\NPJYRxv.exe

C:\Windows\System\KqUrPyj.exe

C:\Windows\System\KqUrPyj.exe

C:\Windows\System\NmqYtkf.exe

C:\Windows\System\NmqYtkf.exe

C:\Windows\System\mZiIXMp.exe

C:\Windows\System\mZiIXMp.exe

C:\Windows\System\UsgVgQy.exe

C:\Windows\System\UsgVgQy.exe

C:\Windows\System\tWsOXkG.exe

C:\Windows\System\tWsOXkG.exe

C:\Windows\System\dUFtfUh.exe

C:\Windows\System\dUFtfUh.exe

C:\Windows\System\klLMfFM.exe

C:\Windows\System\klLMfFM.exe

C:\Windows\System\LEJaKDw.exe

C:\Windows\System\LEJaKDw.exe

C:\Windows\System\YIqeEFV.exe

C:\Windows\System\YIqeEFV.exe

C:\Windows\System\CVqqemk.exe

C:\Windows\System\CVqqemk.exe

C:\Windows\System\blieGGs.exe

C:\Windows\System\blieGGs.exe

C:\Windows\System\udYTcSq.exe

C:\Windows\System\udYTcSq.exe

C:\Windows\System\tLAupPq.exe

C:\Windows\System\tLAupPq.exe

C:\Windows\System\WFRegcz.exe

C:\Windows\System\WFRegcz.exe

C:\Windows\System\adQolXJ.exe

C:\Windows\System\adQolXJ.exe

C:\Windows\System\mfeyQzY.exe

C:\Windows\System\mfeyQzY.exe

C:\Windows\System\syIIWQE.exe

C:\Windows\System\syIIWQE.exe

C:\Windows\System\kWqLIbY.exe

C:\Windows\System\kWqLIbY.exe

C:\Windows\System\SjJmRvc.exe

C:\Windows\System\SjJmRvc.exe

C:\Windows\System\rCUHUGa.exe

C:\Windows\System\rCUHUGa.exe

C:\Windows\System\iWmPQLT.exe

C:\Windows\System\iWmPQLT.exe

C:\Windows\System\oacfRCA.exe

C:\Windows\System\oacfRCA.exe

C:\Windows\System\AfbPaoL.exe

C:\Windows\System\AfbPaoL.exe

C:\Windows\System\pOgICLI.exe

C:\Windows\System\pOgICLI.exe

C:\Windows\System\iOxsLRo.exe

C:\Windows\System\iOxsLRo.exe

C:\Windows\System\SfPWipz.exe

C:\Windows\System\SfPWipz.exe

C:\Windows\System\pMuGBGA.exe

C:\Windows\System\pMuGBGA.exe

C:\Windows\System\IxnsDwO.exe

C:\Windows\System\IxnsDwO.exe

C:\Windows\System\KoOUbmZ.exe

C:\Windows\System\KoOUbmZ.exe

C:\Windows\System\uoABaSG.exe

C:\Windows\System\uoABaSG.exe

C:\Windows\System\nTpVtxV.exe

C:\Windows\System\nTpVtxV.exe

C:\Windows\System\BLaVNqt.exe

C:\Windows\System\BLaVNqt.exe

C:\Windows\System\EotLynq.exe

C:\Windows\System\EotLynq.exe

C:\Windows\System\NbqzsyJ.exe

C:\Windows\System\NbqzsyJ.exe

C:\Windows\System\aSxPIaE.exe

C:\Windows\System\aSxPIaE.exe

C:\Windows\System\OktpDqe.exe

C:\Windows\System\OktpDqe.exe

C:\Windows\System\sdOPqus.exe

C:\Windows\System\sdOPqus.exe

C:\Windows\System\SOftrrH.exe

C:\Windows\System\SOftrrH.exe

C:\Windows\System\BbruVcJ.exe

C:\Windows\System\BbruVcJ.exe

C:\Windows\System\FNxRuVt.exe

C:\Windows\System\FNxRuVt.exe

C:\Windows\System\BniERPx.exe

C:\Windows\System\BniERPx.exe

C:\Windows\System\wdtzHDc.exe

C:\Windows\System\wdtzHDc.exe

C:\Windows\System\ibEwxTu.exe

C:\Windows\System\ibEwxTu.exe

C:\Windows\System\SjxBSWH.exe

C:\Windows\System\SjxBSWH.exe

C:\Windows\System\mWOiRRl.exe

C:\Windows\System\mWOiRRl.exe

C:\Windows\System\hHsHHBf.exe

C:\Windows\System\hHsHHBf.exe

C:\Windows\System\ODRqPPs.exe

C:\Windows\System\ODRqPPs.exe

C:\Windows\System\MgTFnLZ.exe

C:\Windows\System\MgTFnLZ.exe

C:\Windows\System\YYpJPJX.exe

C:\Windows\System\YYpJPJX.exe

C:\Windows\System\wHrPVqY.exe

C:\Windows\System\wHrPVqY.exe

C:\Windows\System\sbkzWlM.exe

C:\Windows\System\sbkzWlM.exe

C:\Windows\System\qorwWoD.exe

C:\Windows\System\qorwWoD.exe

C:\Windows\System\OqXmmAV.exe

C:\Windows\System\OqXmmAV.exe

C:\Windows\System\hmgybdR.exe

C:\Windows\System\hmgybdR.exe

C:\Windows\System\ogLepXM.exe

C:\Windows\System\ogLepXM.exe

C:\Windows\System\bDozWex.exe

C:\Windows\System\bDozWex.exe

C:\Windows\System\UmtahZF.exe

C:\Windows\System\UmtahZF.exe

C:\Windows\System\XoGHtUX.exe

C:\Windows\System\XoGHtUX.exe

C:\Windows\System\FdUUDJe.exe

C:\Windows\System\FdUUDJe.exe

C:\Windows\System\ctoXvAL.exe

C:\Windows\System\ctoXvAL.exe

C:\Windows\System\uleaxwm.exe

C:\Windows\System\uleaxwm.exe

C:\Windows\System\TzfjDeV.exe

C:\Windows\System\TzfjDeV.exe

C:\Windows\System\rMrgOFp.exe

C:\Windows\System\rMrgOFp.exe

C:\Windows\System\NbXipaX.exe

C:\Windows\System\NbXipaX.exe

C:\Windows\System\QeSVqsd.exe

C:\Windows\System\QeSVqsd.exe

C:\Windows\System\wLukmQV.exe

C:\Windows\System\wLukmQV.exe

C:\Windows\System\xrwxEPf.exe

C:\Windows\System\xrwxEPf.exe

C:\Windows\System\KFWrggN.exe

C:\Windows\System\KFWrggN.exe

C:\Windows\System\RPDVAri.exe

C:\Windows\System\RPDVAri.exe

C:\Windows\System\AnEJCQB.exe

C:\Windows\System\AnEJCQB.exe

C:\Windows\System\sOiVpCB.exe

C:\Windows\System\sOiVpCB.exe

C:\Windows\System\mYzmDGH.exe

C:\Windows\System\mYzmDGH.exe

C:\Windows\System\TpHqWeL.exe

C:\Windows\System\TpHqWeL.exe

C:\Windows\System\jbnGzUs.exe

C:\Windows\System\jbnGzUs.exe

C:\Windows\System\SntpGnT.exe

C:\Windows\System\SntpGnT.exe

C:\Windows\System\ifWtvrN.exe

C:\Windows\System\ifWtvrN.exe

C:\Windows\System\vHtyqiR.exe

C:\Windows\System\vHtyqiR.exe

C:\Windows\System\iCJjybU.exe

C:\Windows\System\iCJjybU.exe

C:\Windows\System\CEHwCRp.exe

C:\Windows\System\CEHwCRp.exe

C:\Windows\System\uQFiQjJ.exe

C:\Windows\System\uQFiQjJ.exe

C:\Windows\System\uSPmyBo.exe

C:\Windows\System\uSPmyBo.exe

C:\Windows\System\tNmEDEq.exe

C:\Windows\System\tNmEDEq.exe

C:\Windows\System\LtdOdIO.exe

C:\Windows\System\LtdOdIO.exe

C:\Windows\System\NiXAMLm.exe

C:\Windows\System\NiXAMLm.exe

C:\Windows\System\jcyfNOZ.exe

C:\Windows\System\jcyfNOZ.exe

C:\Windows\System\waBliSH.exe

C:\Windows\System\waBliSH.exe

C:\Windows\System\gHossHe.exe

C:\Windows\System\gHossHe.exe

C:\Windows\System\UMruMal.exe

C:\Windows\System\UMruMal.exe

C:\Windows\System\PQtZiqJ.exe

C:\Windows\System\PQtZiqJ.exe

C:\Windows\System\IZLYViW.exe

C:\Windows\System\IZLYViW.exe

C:\Windows\System\QUeTWja.exe

C:\Windows\System\QUeTWja.exe

C:\Windows\System\YeXqYHP.exe

C:\Windows\System\YeXqYHP.exe

C:\Windows\System\hWhuxDi.exe

C:\Windows\System\hWhuxDi.exe

C:\Windows\System\umJOYwM.exe

C:\Windows\System\umJOYwM.exe

C:\Windows\System\yGQAOEa.exe

C:\Windows\System\yGQAOEa.exe

C:\Windows\System\vzoUTAl.exe

C:\Windows\System\vzoUTAl.exe

C:\Windows\System\AlzPBni.exe

C:\Windows\System\AlzPBni.exe

C:\Windows\System\aJLcrsd.exe

C:\Windows\System\aJLcrsd.exe

C:\Windows\System\fELNEDr.exe

C:\Windows\System\fELNEDr.exe

C:\Windows\System\ZEKeNig.exe

C:\Windows\System\ZEKeNig.exe

C:\Windows\System\WusySax.exe

C:\Windows\System\WusySax.exe

C:\Windows\System\EmYYqqy.exe

C:\Windows\System\EmYYqqy.exe

C:\Windows\System\XRXJXXw.exe

C:\Windows\System\XRXJXXw.exe

C:\Windows\System\XYdBrOT.exe

C:\Windows\System\XYdBrOT.exe

C:\Windows\System\NLqjcge.exe

C:\Windows\System\NLqjcge.exe

C:\Windows\System\ZyRHNdz.exe

C:\Windows\System\ZyRHNdz.exe

C:\Windows\System\QzJSpDo.exe

C:\Windows\System\QzJSpDo.exe

C:\Windows\System\cBfVVGs.exe

C:\Windows\System\cBfVVGs.exe

C:\Windows\System\MoNUnfz.exe

C:\Windows\System\MoNUnfz.exe

C:\Windows\System\SQYojlh.exe

C:\Windows\System\SQYojlh.exe

C:\Windows\System\ChWiJQo.exe

C:\Windows\System\ChWiJQo.exe

C:\Windows\System\JFyBSYz.exe

C:\Windows\System\JFyBSYz.exe

C:\Windows\System\dwFMuMg.exe

C:\Windows\System\dwFMuMg.exe

C:\Windows\System\fCLubEk.exe

C:\Windows\System\fCLubEk.exe

C:\Windows\System\WVVoMbv.exe

C:\Windows\System\WVVoMbv.exe

C:\Windows\System\AzksbFa.exe

C:\Windows\System\AzksbFa.exe

C:\Windows\System\UgbiWUj.exe

C:\Windows\System\UgbiWUj.exe

C:\Windows\System\YQemUse.exe

C:\Windows\System\YQemUse.exe

C:\Windows\System\axBRnUd.exe

C:\Windows\System\axBRnUd.exe

C:\Windows\System\mAVtkcB.exe

C:\Windows\System\mAVtkcB.exe

C:\Windows\System\QfAKGCl.exe

C:\Windows\System\QfAKGCl.exe

C:\Windows\System\mJNsJWa.exe

C:\Windows\System\mJNsJWa.exe

C:\Windows\System\QgyAUtf.exe

C:\Windows\System\QgyAUtf.exe

C:\Windows\System\GvwDatN.exe

C:\Windows\System\GvwDatN.exe

C:\Windows\System\dxPTUfO.exe

C:\Windows\System\dxPTUfO.exe

C:\Windows\System\nZMGbmY.exe

C:\Windows\System\nZMGbmY.exe

C:\Windows\System\PtteAPe.exe

C:\Windows\System\PtteAPe.exe

C:\Windows\System\HjdGllw.exe

C:\Windows\System\HjdGllw.exe

C:\Windows\System\AIxbbrb.exe

C:\Windows\System\AIxbbrb.exe

C:\Windows\System\vdQyAAP.exe

C:\Windows\System\vdQyAAP.exe

C:\Windows\System\HmloGFP.exe

C:\Windows\System\HmloGFP.exe

C:\Windows\System\lFlojgo.exe

C:\Windows\System\lFlojgo.exe

C:\Windows\System\NEmRKkk.exe

C:\Windows\System\NEmRKkk.exe

C:\Windows\System\WJzedOS.exe

C:\Windows\System\WJzedOS.exe

C:\Windows\System\wZvSSsG.exe

C:\Windows\System\wZvSSsG.exe

C:\Windows\System\vZnsYmU.exe

C:\Windows\System\vZnsYmU.exe

C:\Windows\System\DReFnYA.exe

C:\Windows\System\DReFnYA.exe

C:\Windows\System\ZXKCaHv.exe

C:\Windows\System\ZXKCaHv.exe

C:\Windows\System\YyoxqdA.exe

C:\Windows\System\YyoxqdA.exe

C:\Windows\System\aShHeRw.exe

C:\Windows\System\aShHeRw.exe

C:\Windows\System\EvSUowN.exe

C:\Windows\System\EvSUowN.exe

C:\Windows\System\IHFsFMj.exe

C:\Windows\System\IHFsFMj.exe

C:\Windows\System\DKfzBeZ.exe

C:\Windows\System\DKfzBeZ.exe

C:\Windows\System\tdILsSM.exe

C:\Windows\System\tdILsSM.exe

C:\Windows\System\GPQbQuI.exe

C:\Windows\System\GPQbQuI.exe

C:\Windows\System\bRTlcAw.exe

C:\Windows\System\bRTlcAw.exe

C:\Windows\System\OfGoJHi.exe

C:\Windows\System\OfGoJHi.exe

C:\Windows\System\bEbAWEJ.exe

C:\Windows\System\bEbAWEJ.exe

C:\Windows\System\uGBogus.exe

C:\Windows\System\uGBogus.exe

C:\Windows\System\fztpypC.exe

C:\Windows\System\fztpypC.exe

C:\Windows\System\YmigifI.exe

C:\Windows\System\YmigifI.exe

C:\Windows\System\KbavGDE.exe

C:\Windows\System\KbavGDE.exe

C:\Windows\System\IcGBVOx.exe

C:\Windows\System\IcGBVOx.exe

C:\Windows\System\TpsoSUc.exe

C:\Windows\System\TpsoSUc.exe

C:\Windows\System\fpzKHDJ.exe

C:\Windows\System\fpzKHDJ.exe

C:\Windows\System\tpcwHKb.exe

C:\Windows\System\tpcwHKb.exe

C:\Windows\System\rQHSMlF.exe

C:\Windows\System\rQHSMlF.exe

C:\Windows\System\YEiBepF.exe

C:\Windows\System\YEiBepF.exe

C:\Windows\System\KCICQfb.exe

C:\Windows\System\KCICQfb.exe

C:\Windows\System\zXaIGAf.exe

C:\Windows\System\zXaIGAf.exe

C:\Windows\System\mYAByIV.exe

C:\Windows\System\mYAByIV.exe

C:\Windows\System\LhuUhOt.exe

C:\Windows\System\LhuUhOt.exe

C:\Windows\System\RLwcIqQ.exe

C:\Windows\System\RLwcIqQ.exe

C:\Windows\System\kbIjBmb.exe

C:\Windows\System\kbIjBmb.exe

C:\Windows\System\DjTTSxk.exe

C:\Windows\System\DjTTSxk.exe

C:\Windows\System\SrlHGLa.exe

C:\Windows\System\SrlHGLa.exe

C:\Windows\System\GhVrWjD.exe

C:\Windows\System\GhVrWjD.exe

C:\Windows\System\QXnZFSW.exe

C:\Windows\System\QXnZFSW.exe

C:\Windows\System\pKveCtb.exe

C:\Windows\System\pKveCtb.exe

C:\Windows\System\bdDySkG.exe

C:\Windows\System\bdDySkG.exe

C:\Windows\System\BwFxVxM.exe

C:\Windows\System\BwFxVxM.exe

C:\Windows\System\XeQAWxM.exe

C:\Windows\System\XeQAWxM.exe

C:\Windows\System\gDcYZUS.exe

C:\Windows\System\gDcYZUS.exe

C:\Windows\System\eInesDE.exe

C:\Windows\System\eInesDE.exe

C:\Windows\System\HyFllGI.exe

C:\Windows\System\HyFllGI.exe

C:\Windows\System\FfAOpQK.exe

C:\Windows\System\FfAOpQK.exe

C:\Windows\System\jPWrzeC.exe

C:\Windows\System\jPWrzeC.exe

C:\Windows\System\DMNUUjj.exe

C:\Windows\System\DMNUUjj.exe

C:\Windows\System\nCRqmcf.exe

C:\Windows\System\nCRqmcf.exe

C:\Windows\System\KgHcDiR.exe

C:\Windows\System\KgHcDiR.exe

C:\Windows\System\gCOUuCL.exe

C:\Windows\System\gCOUuCL.exe

C:\Windows\System\WLpsJRl.exe

C:\Windows\System\WLpsJRl.exe

C:\Windows\System\ZVwzQup.exe

C:\Windows\System\ZVwzQup.exe

C:\Windows\System\jtmHzoH.exe

C:\Windows\System\jtmHzoH.exe

C:\Windows\System\ebslaSt.exe

C:\Windows\System\ebslaSt.exe

C:\Windows\System\dFxozDr.exe

C:\Windows\System\dFxozDr.exe

C:\Windows\System\BiUxqoF.exe

C:\Windows\System\BiUxqoF.exe

C:\Windows\System\NDKBZXo.exe

C:\Windows\System\NDKBZXo.exe

C:\Windows\System\aqDlnMg.exe

C:\Windows\System\aqDlnMg.exe

C:\Windows\System\XrsdUrq.exe

C:\Windows\System\XrsdUrq.exe

C:\Windows\System\PsUgESf.exe

C:\Windows\System\PsUgESf.exe

C:\Windows\System\hcuqqKT.exe

C:\Windows\System\hcuqqKT.exe

C:\Windows\System\fgyjsGc.exe

C:\Windows\System\fgyjsGc.exe

C:\Windows\System\vCsgOBo.exe

C:\Windows\System\vCsgOBo.exe

C:\Windows\System\LcTAZJd.exe

C:\Windows\System\LcTAZJd.exe

C:\Windows\System\FOjQZgm.exe

C:\Windows\System\FOjQZgm.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2888-0-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2888-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\InInPVd.exe

MD5 30de3df9e0c2a093b4828aad3bfcfee3
SHA1 d730220b8b646e070a674056b7f53cc01adbc30d
SHA256 03218820c2704a50ba8518110b1336569aeeec44d0e291860fc38f7afc51a24e
SHA512 f9426393c5ebc0d1b182573dc14236cc0174d03d556f212d4c5d561b8cea9c288466b2846136f0ce06fd606bdcab7a9f36d51cdad9a5e05f73823c944cac07de

memory/2888-13-0x000000013FE20000-0x0000000140174000-memory.dmp

\Windows\system\eLqzdIB.exe

MD5 fb68112d904f23ef08f4c58d3c3600ee
SHA1 0d52d7ea48da47d8122d10626f514ae2b605ea0b
SHA256 d251fe689b89c70cf8b7b7860479d7f9a6a9b154472fdb0a2d884c54102b95b5
SHA512 34959d28fe77c88a244a3002bb448936829bae3369eb9cf1e9bc8eeb2b7f23e39bae688883980abae26ae98d08a8d07244a0d39ab0c46e3df42715477fc801ab

C:\Windows\system\XkJgZBK.exe

MD5 f009cb6b646c7a82b02790cab9e5e579
SHA1 a38cab7b7d990e06f3bfc5c71d2e74ceeac1a6c3
SHA256 865e5afde500cc40cbb09d8efe5756bc8098f2d7ee09b0f75e96b8b600d9d4e1
SHA512 54cd683453c19be2971c7c0cbfc06517dd8bddf467eef598e2646c7f791f0c2ee38e17bd182a7c001cc83b0da0d7ea353e4088dc21f15f2401446b5d28aa874c

C:\Windows\system\cEdZrfB.exe

MD5 73b1b757121aa77881fa07a680a47792
SHA1 0bfdbf88040d80838d49cff148bd0b307437100f
SHA256 69bf7639b36050898cf050fc271e4c28811c2a9059a031cf704d2bbc94888c45
SHA512 f58e728ca112b669186c021e78a0374d200ea84b2a4b2e26e1a46fbe19dd0d6def1f750ca341ad108cd2f2a5fab25d421c437955ae08a969bd6c43a35ace4b63

memory/3032-22-0x000000013F6E0000-0x000000013FA34000-memory.dmp

memory/2156-30-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2824-29-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2888-21-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2888-19-0x000000013F6E0000-0x000000013FA34000-memory.dmp

memory/2768-17-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2888-7-0x000000013FD50000-0x00000001400A4000-memory.dmp

\Windows\system\tfISUBk.exe

MD5 534edd9cfc38acc83ad24c3018d22809
SHA1 af77b3cc905e2833124ec7ffdeb3b93d6b87adce
SHA256 0e4c1335c0ef4976802452580f351630df0668977dff845121a2367659c51e36
SHA512 105f8185780a2eef466a81ac92d6e21d3684baa5237671c9465b7a3481fdb48d801e13ea9865760f862d5ed27705d71812e79469faae92f5399b23ec4dffe0cb

memory/2716-35-0x000000013F4B0000-0x000000013F804000-memory.dmp

\Windows\system\DpZMawL.exe

MD5 347750b5be4c5cf8bce448eeb33835a7
SHA1 6c149e3475aae85e6cbb2efefe7450db9ebdea64
SHA256 2704e698f76703819f25772b6451e502291c14cb334852940a5b44ec28e23b50
SHA512 ab8b675626ce8545595072492c4adf1ad6406b3de73e9d3b97f82409485bc6a4f805b60b4985773f51a7a8f3b1156ca01186de868f74eee28a29011b6169d8e3

\Windows\system\sKzBbEE.exe

MD5 015dc9f56db47c55acdd0a46b960df95
SHA1 936b1f2bbbe7470fe84834747663a83362df3407
SHA256 43069d404975a9c8417f803f1e6b5f3c0feb24354284ba6d84bd108a4c46d27c
SHA512 e8ed7f861028d28dab1dbe6be44b2621159d4eda80515d553ea064cfdef18dfe7f82c61930cf97fedc6ae6d76a0bdea7084ea4ef04ae711d90ed702d0ce6be72

\Windows\system\zxjAbJu.exe

MD5 42e9d594b5c6fc3bd5835a2d613aa4d1
SHA1 5e533cb40e232349f8077693b67d2e9694d93362
SHA256 2fa32998196c37e168adbfd8fe0151f6b5a6a627f594c35c7214550daf996e3e
SHA512 0cedbed53ecff72a1fe600860f7f9df4abbc2c2332476bcfa12d231c84de81f27ae69448bf5d05cdddfe6847286c4bab11f380bc80fffabf20b8d1e202d3503f

memory/2836-64-0x000000013F240000-0x000000013F594000-memory.dmp

\Windows\system\qsghbQJ.exe

MD5 863337505e82f9413e51489e318c4531
SHA1 7f8ddc73a1ab2bfc3fef39fdac1601651552240b
SHA256 064e443d4a781f4d96a9c3f5ae0c1480e227a1b9dc39a2d18c5aa07fcb0d2108
SHA512 8e396d8356181f07339ec21e3f257ec5969944ed52974581b60be0966b55539889d0541cbd3fb096d354989628b0acbd6d8f25a2c8d69d949952a01aa899d7c7

C:\Windows\system\SMYawhM.exe

MD5 7ae84fea287f7543961ac9a412a046c9
SHA1 f62c867e59ad854c4908065348b36a8a42d9754f
SHA256 53e45f9d1d982d39376721856c43df1924d81c85134c8b7e88f9ac75e02f7aa4
SHA512 be4605410c2155280adb0fde76ff77c4cca3548fd380618b2a8cc9f13143e6feafa3ade5573ba9e649de9035f12d42048834ea13b0f6485f05ee8aace8120a09

\Windows\system\FkDedSB.exe

MD5 53330fa8eb2661fd2735e666843f15c7
SHA1 220a0df768420a107ceae19c0781798d5066aeac
SHA256 da253a6d0a8bb7ef117e4225b79d0837796dc6400e6b50bce9fc999045e1ea58
SHA512 f234c39764b0b371224fb938a5d0fd4e1005258501b13a4e07d4b82a2a78e5aa90f14f5ef8ef0476f331538e2c8c75f9b230d54deaf14948c86e8e63a01a7ff0

C:\Windows\system\QJBeflZ.exe

MD5 a583a2f91387d097555fc02053d4a6d6
SHA1 dbce35ab542779c4a1cd1fbdc0e960738ae7107e
SHA256 ce76e6366060b1e7b219b6f1ee80c01fdfe81b55361c16371624df6585e5dbfa
SHA512 11cbd77bdbb5f356496db019ae8889fbaba8c1334618c531c72aa33ceaa4243868d18e2d0515a60997ef7108d7d9771cefb57f8e69ed2fcb6fb7ebdc785870ef

C:\Windows\system\bZFJQXp.exe

MD5 322c609ddbf1be825e52f1d3687c40f1
SHA1 38a49470ee6b3832f70ad4155b5f72e76eeeffdb
SHA256 f0f36dc6eaf92f15d853c9fb466bd302e3e40bfe6df41c51fdb46cc14c2d91cd
SHA512 55d529d80e92b16eba066750aaed6f816b64e5cee4628f96d91c8a77e7416968d8ee4561ca96c080b9f7cc77286de5f6384b84b248b18a77d79184b67275873c

C:\Windows\system\PFEcBAt.exe

MD5 9fbec36b97754d4f43f2c5f2aa70c3e4
SHA1 69812fda55d59a97a257d7df46f6cfce30142483
SHA256 cd114a048e26c689e402e09e24e10a3c8610b89ecb9d14270fe7be82a0890f10
SHA512 e9fcaa9125ae6cd4402006316c17e66c22fb627de7b4ba31d770c4e1fd10f321a9e11da90c2a9fa4eb40deac7b6cd51bf5209cc16e6ab1d0f4271184d0508b76

C:\Windows\system\ThZiaKD.exe

MD5 f6701e49e3656bdd76c255fbbb317aee
SHA1 a89712c1b1baac3123c9c490cee091de4245a89a
SHA256 68007d5d014a385bde08efb0aa467a26faddcd0ae1535ac202810ab5f2d81ffa
SHA512 3227caa4ff637fa1690bfba5fc6ccde79ceefb96f406716efd539e4c87a7b676f487dee7a95346c69abc4f799328d4f57513933999a66fb2331b26e3dc74dd58

C:\Windows\system\NAfKDQX.exe

MD5 d061cb9eced32cd66e843d29bbd6699e
SHA1 b9d80cf2519309d1769d90f9af6196aec2887259
SHA256 4dbb6d866005262be22770d0c3e2d9e92fe4d85114d56f4b982b7b6e3d135efd
SHA512 ca6006b196dd4e265d36d71493f71adff8920363ae2b15c5a93e45bfc75a491c3331646af36b026510f0781db69e3718fb52c7779e3a422b6ccccb8bd92f775f

C:\Windows\system\rRHvOoz.exe

MD5 fa6f5ed6dbf864b862f41a68d919506f
SHA1 ef5f693f9d0614ed87dd52b2bb365f7c36cae03d
SHA256 25184217e3976b81a2805c5ca659a891e48434167137a647b0739b646624877e
SHA512 86394ef6cfd0ae0b59ba4b1701423f540925890bebac50ac8d97988b75bfccc5e699011a084b20f791f5aae5450f8ef8255d98d892d9fd2a75e3fbcaccc28a31

memory/2888-157-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-156-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-154-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-153-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2524-152-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2888-151-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-150-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-149-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2732-148-0x000000013F510000-0x000000013F864000-memory.dmp

C:\Windows\system\sFoYskD.exe

MD5 778d0e47f325273eeef772a509bee939
SHA1 a65f3a8f43f31e3dbe7ea4bc2a8007f90da924c0
SHA256 72c5150a4c08d155030e0b76fe90e6477a3700c1a3816dad48ba0574f5caec5b
SHA512 d85cddcbfbe05edd8bb6bfd260bf67c111a5df3b9d111c1e8059aaa7c60f2159aa086abae1a00fe6cb1e328e17d6542fd2a1a61e1d1f6f00da1774413dcbdd89

memory/2888-143-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2520-140-0x000000013FBD0000-0x000000013FF24000-memory.dmp

memory/2888-137-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-123-0x0000000002130000-0x0000000002484000-memory.dmp

C:\Windows\system\eBGPEFc.exe

MD5 5828f44d53a2279c0487a229580b5393
SHA1 cd7a4dea3bb1e57d277eb97602ba944d23c7d1d0
SHA256 5c685d49c968c4405b475dd1a51091a5e68cb3b2577eb0d33b7f5394bf4cc110
SHA512 e50ae857c52a3d4cb912feb1d6c073af9176e9089924fed587ce65015008e94ffa2aa56a29f4bf0dbfac48cd8cd62cf61d5a17bad42303f200a35dd991554569

C:\Windows\system\lWdOGst.exe

MD5 67b0833228ce490498f08f1b68750ac4
SHA1 c9d3bbb45ad04a4cb6b6fc1417671ef00a4c267e
SHA256 11684c1937c3eb618dc2e4ef71fd1db6d68649b1ebfcdfb8023c063dc1f89e17
SHA512 dc572f555fffadaf9141f91f35e738e983d6d52f670ef7c237cb337a3899b02cf0e5eea9544ebb21b5e5fa3fade4f1d793aca961647b8860a288a80785eda476

C:\Windows\system\RVOAAHG.exe

MD5 ae6b4674c9381432f9ad9a261dbf0163
SHA1 fed7e2538295dc9d67cf7f3f0e77601efc93c02b
SHA256 d1be53ec0ddccf91e23c238d142bcf7b48a7e089bd8b533576c5dafec1a81e9e
SHA512 612e6350535e1f44a13efafa6e868ff5a06d11df123acd346f49b906cb90c78d08a1d49d3bffc39ba4c6e22996aeb3b17d41fa3b9430c7e8459c6fc951dd5897

\Windows\system\YgUVhaC.exe

MD5 036712087fbb0bb1c56811ed78a15424
SHA1 7950f148ca386f03fd788f164beb1a97f2a7b617
SHA256 500e80e98a190c65ce0b4832f3b83eab27d87129912e4ced4bb1b9c67cbe301a
SHA512 c7cd3f6fe02d7b8e0be7b3d6106e9a700d63d5267d211338220dbf227328c32bde22856c6113571f8dee4751c2321674d9b94e99ad3ab3765960d0a69edc56fb

C:\Windows\system\wEcFwMD.exe

MD5 45d172a2ae04a6ce949df5dfdaa34dab
SHA1 3a1f01d178decbc588dcd32c2616b86a9c1176eb
SHA256 73262badb8969b619236db9aff7ad441daa0a6f7f6f76b75159effdc0a743d5b
SHA512 bdf3fe860f8751b35a1924e2bbf3ce1b23ae505abc2db116c5bfc80f84e40c4fe2039ffd5426504287e9476f29bca14511d47bcf0c28b2a8facc12293de62472

C:\Windows\system\WbyorhP.exe

MD5 ce002a5bf72763d21ec0e3fa60a62f34
SHA1 47671e3fcf55f47b255e23e82044e8119edb781f
SHA256 81c3bc958eb0e6f816e29f4354998787348eb4677fc36084602c323282525a0a
SHA512 4cf1fec110a74115fb9721dfc71016fc8f957f96a907f165f176d3feb3341b51420d60ee8333c6bddb2ee0de0e241295f68f7516081b4a8bb7659b4ccfd1fb83

memory/2776-111-0x000000013F410000-0x000000013F764000-memory.dmp

\Windows\system\uFYxMHO.exe

MD5 5480c06daeb82b62fff2c74969cd2a50
SHA1 66ec1222dfbaf4bd5389240d7b5d51f1f53cad70
SHA256 5b70e37dba0b5ae384f899a3080cabad1c8e81971cc4be996c517540304f0d2b
SHA512 33b81262a1b8b9009106d57895b79dab6c2b3fc9f1d11f7f9f6f3ed92af7144a315f72e932ad26ff0cf8154f258611c33b29ba63dc23dbb66306c4a3b18b1fae

\Windows\system\CEcbUZp.exe

MD5 644e01058b26b9b8fbacf4e2ef1e0683
SHA1 3bb9b508c6475c30908622f56a2e8396fc7a8515
SHA256 366f9ea41cbf4f9430264dae0c13c794d75da9eb5edb83dfe61d2e61dc6ed77a
SHA512 64d95dac30324d3be2abada4073859bbaba6937ac1f002792b920138eec5e16f72e8ed3217edcbaea27e169554f2139f078b9c79a6dea520cdfd262a4d3b7b5e

C:\Windows\system\gjRSEOS.exe

MD5 89dd1577b709570ae8ed94c4033512b9
SHA1 e54a12bfcf62692210fbc3197be486c08da864bb
SHA256 52935f98019a0febed9b19d434423aa15fe7474cc1a2f68862725a3a3ad387eb
SHA512 577eefd968b8109edf8ff724b494e24c944deeef91ad4a9b946144f5b067c2cbf75e257f5a5a28be6fb6919af76aeb5e70378c9ed0558a77e49303a33690b6df

C:\Windows\system\tJwXxfe.exe

MD5 bdc3683e20cbd763515c7a4ce5e1ad8f
SHA1 bf470b38f9397121ef0c06c0847a63d780430728
SHA256 d7ec403c9a177900270796f8f15a918f7638227c65b154eda8b85d6cb807bbf1
SHA512 c7298d3406be743985c400eab9f611955a5c42353b14c70b01114eb5e244646517f5d5326251715baf933a747bb31612bf2ade7661c5bd7d3395017641cc8906

C:\Windows\system\bDEAsvF.exe

MD5 5d3b00b1d2ef5d6e23f55d4e791ec367
SHA1 a16443970792800192da281fa69dbd9d1ef434eb
SHA256 60b65d89eab7070df993988caa79cf87aec404e6f6504f72e4040b0640354f70
SHA512 c2d5230a7bd202174ef9360003fb5cd9c26127b34ffa463613ccae8c9fd8cbb7b6973915c6bf6ae1c1ae37bf5ffabeb1f37e3a46eff4dd340f3c0f0e8dd911af

C:\Windows\system\jUTPQRo.exe

MD5 b326e4642771a299f0fe4e20f22bc30e
SHA1 56e2faae476790d5f657bf1265f3534b5b20a3f1
SHA256 b6c800878be6418039ad19a6f128e11924cd553c8a8702564dbe0b5c2e108552
SHA512 719fbae2ac363fd27c0f94bcf1fccab015e36bdab9a15040893fdad030f687d2d8223ee5cf3b6e0a5bf3cad488b564b1bbca60e6a14322193ea6a82831af4709

memory/2888-101-0x000000013F900000-0x000000013FC54000-memory.dmp

C:\Windows\system\KXzdbgK.exe

MD5 ec4fefcf05a46c7c6d026d1469eebb6c
SHA1 e393f3b5b23df63d50c1a388a71dd05e2deb485c
SHA256 c475bf3784c44bdfc7379be7b0906a5ec19579e004930d8cdf0866938e23b01b
SHA512 765b0b1f57d231a47babf7cdfb3aa946162b1e4f5c857f63c802839d91b491426af98d367c811c55bbd1a1793fb74a9bfbff60d26629f9217942ce700277612e

C:\Windows\system\bSdbbOl.exe

MD5 5f1021273816d780d543ce5ab9635a68
SHA1 f668f534814cf0a14a32df87ebe7b160ef5f6908
SHA256 6e0b0a6be2d8623ce4c0d20104e574f447ac22484d0a080885f5e3ac00e6977f
SHA512 111dd2a4ad3517974d16a7c7788556f33a19df8c44ce4fceea9cdf8c547a318ef98278e5aa2f4b77de090df8923b85663984c46b756424d3f66c7c568886adb2

memory/2888-1066-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2824-1067-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2888-1068-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2716-1069-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2888-1070-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2836-1071-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2888-1072-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2888-1073-0x0000000002130000-0x0000000002484000-memory.dmp

memory/2768-1074-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/3032-1075-0x000000013F6E0000-0x000000013FA34000-memory.dmp

memory/2824-1076-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2156-1077-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2716-1078-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2836-1079-0x000000013F240000-0x000000013F594000-memory.dmp

memory/2776-1080-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2520-1081-0x000000013FBD0000-0x000000013FF24000-memory.dmp

memory/2524-1082-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2732-1083-0x000000013F510000-0x000000013F864000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 20:41

Reported

2024-06-19 20:44

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MXcSawV.exe N/A
N/A N/A C:\Windows\System\jbDobkz.exe N/A
N/A N/A C:\Windows\System\NDRembE.exe N/A
N/A N/A C:\Windows\System\JOFNpim.exe N/A
N/A N/A C:\Windows\System\KEGrLGm.exe N/A
N/A N/A C:\Windows\System\FGEAoWX.exe N/A
N/A N/A C:\Windows\System\UAwFTVL.exe N/A
N/A N/A C:\Windows\System\tZWXYQH.exe N/A
N/A N/A C:\Windows\System\veNItzh.exe N/A
N/A N/A C:\Windows\System\oYFrjcH.exe N/A
N/A N/A C:\Windows\System\YEpLXzR.exe N/A
N/A N/A C:\Windows\System\zNFsUqx.exe N/A
N/A N/A C:\Windows\System\IoWwKlg.exe N/A
N/A N/A C:\Windows\System\pQIfWel.exe N/A
N/A N/A C:\Windows\System\tjsNlNM.exe N/A
N/A N/A C:\Windows\System\FbJRLny.exe N/A
N/A N/A C:\Windows\System\HZVekJe.exe N/A
N/A N/A C:\Windows\System\pGdBjcJ.exe N/A
N/A N/A C:\Windows\System\yifWBio.exe N/A
N/A N/A C:\Windows\System\gNvdpDK.exe N/A
N/A N/A C:\Windows\System\NykyUkO.exe N/A
N/A N/A C:\Windows\System\bIAoYtl.exe N/A
N/A N/A C:\Windows\System\SuNpkdH.exe N/A
N/A N/A C:\Windows\System\DuehpcI.exe N/A
N/A N/A C:\Windows\System\LQjruxC.exe N/A
N/A N/A C:\Windows\System\OKZpIre.exe N/A
N/A N/A C:\Windows\System\byqutpl.exe N/A
N/A N/A C:\Windows\System\ZKeTOiH.exe N/A
N/A N/A C:\Windows\System\KULIBZH.exe N/A
N/A N/A C:\Windows\System\ratDEVh.exe N/A
N/A N/A C:\Windows\System\IPISCrd.exe N/A
N/A N/A C:\Windows\System\zlipznx.exe N/A
N/A N/A C:\Windows\System\lKzyPKC.exe N/A
N/A N/A C:\Windows\System\TkcCwaW.exe N/A
N/A N/A C:\Windows\System\RzNhcRf.exe N/A
N/A N/A C:\Windows\System\UbECKsE.exe N/A
N/A N/A C:\Windows\System\LnwmEws.exe N/A
N/A N/A C:\Windows\System\nSkbBDm.exe N/A
N/A N/A C:\Windows\System\AaHmZfs.exe N/A
N/A N/A C:\Windows\System\jfXaQhe.exe N/A
N/A N/A C:\Windows\System\hkzgZKQ.exe N/A
N/A N/A C:\Windows\System\pRBewMb.exe N/A
N/A N/A C:\Windows\System\JjKHJFS.exe N/A
N/A N/A C:\Windows\System\pzzmFgB.exe N/A
N/A N/A C:\Windows\System\dIAmJpi.exe N/A
N/A N/A C:\Windows\System\EMePMUP.exe N/A
N/A N/A C:\Windows\System\MjRsgev.exe N/A
N/A N/A C:\Windows\System\NjeQguT.exe N/A
N/A N/A C:\Windows\System\CIkKUkg.exe N/A
N/A N/A C:\Windows\System\OIXhNoj.exe N/A
N/A N/A C:\Windows\System\QAtiisC.exe N/A
N/A N/A C:\Windows\System\mKqLrRY.exe N/A
N/A N/A C:\Windows\System\qYMTVIr.exe N/A
N/A N/A C:\Windows\System\dlGQZSq.exe N/A
N/A N/A C:\Windows\System\uXxWukO.exe N/A
N/A N/A C:\Windows\System\XjCpvLe.exe N/A
N/A N/A C:\Windows\System\iWoGqBf.exe N/A
N/A N/A C:\Windows\System\uxpysSB.exe N/A
N/A N/A C:\Windows\System\hqbFzfa.exe N/A
N/A N/A C:\Windows\System\fMUtWUd.exe N/A
N/A N/A C:\Windows\System\ChIvRyw.exe N/A
N/A N/A C:\Windows\System\SMIWzqA.exe N/A
N/A N/A C:\Windows\System\SCKipcG.exe N/A
N/A N/A C:\Windows\System\DEbVFVR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ldmqckp.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfXaQhe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\hioXCeW.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\NShoonD.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwVmrQz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIAoYtl.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\prljkZu.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVWQsbe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuNpkdH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vzCotbv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\WEpwflc.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPKzfPQ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmCqTpQ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\fSOOAAe.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlhmsqr.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\wVEixXT.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzNhcRf.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgyOxWZ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\PWVjZvs.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHpQmuq.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPLKXzk.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXjrphZ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\NykyUkO.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAmJHGw.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVolUSv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijPjojv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDkXvgc.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCeItkx.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKZpIre.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOzLPFL.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJfAdoV.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkBgeKv.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKqLrRY.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlGQZSq.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcmDuyG.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWFwzCz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbDobkz.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjsNlNM.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlipznx.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnwmEws.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\oRCTCGR.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\MjRsgev.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEbVFVR.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHVlFWC.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXWkYFR.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYFrjcH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgRoiZd.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQzHLlQ.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvJGSWV.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkcCwaW.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPJPzop.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zuZzJaL.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\JzXaCno.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbYtaws.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqQhSHq.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\rOjigvk.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\URpjMBa.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmOvunR.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZWXYQH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWoGqBf.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGindVC.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsJSwIS.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHtYhsM.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgBOpeH.exe C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4212 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\MXcSawV.exe
PID 4212 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\MXcSawV.exe
PID 4212 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\jbDobkz.exe
PID 4212 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\jbDobkz.exe
PID 4212 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NDRembE.exe
PID 4212 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NDRembE.exe
PID 4212 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KEGrLGm.exe
PID 4212 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KEGrLGm.exe
PID 4212 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\JOFNpim.exe
PID 4212 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\JOFNpim.exe
PID 4212 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\FGEAoWX.exe
PID 4212 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\FGEAoWX.exe
PID 4212 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\UAwFTVL.exe
PID 4212 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\UAwFTVL.exe
PID 4212 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tZWXYQH.exe
PID 4212 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tZWXYQH.exe
PID 4212 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\YEpLXzR.exe
PID 4212 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\YEpLXzR.exe
PID 4212 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\veNItzh.exe
PID 4212 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\veNItzh.exe
PID 4212 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\oYFrjcH.exe
PID 4212 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\oYFrjcH.exe
PID 4212 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tjsNlNM.exe
PID 4212 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\tjsNlNM.exe
PID 4212 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\zNFsUqx.exe
PID 4212 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\zNFsUqx.exe
PID 4212 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\IoWwKlg.exe
PID 4212 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\IoWwKlg.exe
PID 4212 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\pQIfWel.exe
PID 4212 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\pQIfWel.exe
PID 4212 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\FbJRLny.exe
PID 4212 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\FbJRLny.exe
PID 4212 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\HZVekJe.exe
PID 4212 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\HZVekJe.exe
PID 4212 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\pGdBjcJ.exe
PID 4212 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\pGdBjcJ.exe
PID 4212 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\yifWBio.exe
PID 4212 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\yifWBio.exe
PID 4212 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\gNvdpDK.exe
PID 4212 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\gNvdpDK.exe
PID 4212 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NykyUkO.exe
PID 4212 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\NykyUkO.exe
PID 4212 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bIAoYtl.exe
PID 4212 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\bIAoYtl.exe
PID 4212 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\SuNpkdH.exe
PID 4212 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\SuNpkdH.exe
PID 4212 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\DuehpcI.exe
PID 4212 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\DuehpcI.exe
PID 4212 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\LQjruxC.exe
PID 4212 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\LQjruxC.exe
PID 4212 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\OKZpIre.exe
PID 4212 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\OKZpIre.exe
PID 4212 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\byqutpl.exe
PID 4212 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\byqutpl.exe
PID 4212 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\RzNhcRf.exe
PID 4212 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\RzNhcRf.exe
PID 4212 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\ZKeTOiH.exe
PID 4212 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\ZKeTOiH.exe
PID 4212 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KULIBZH.exe
PID 4212 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\KULIBZH.exe
PID 4212 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\ratDEVh.exe
PID 4212 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\ratDEVh.exe
PID 4212 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\IPISCrd.exe
PID 4212 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe C:\Windows\System\IPISCrd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\065e90d019cffe4c01c94e58fd16ad442057d4e831c5eda49c4d872b02db6123_NeikiAnalytics.exe"

C:\Windows\System\MXcSawV.exe

C:\Windows\System\MXcSawV.exe

C:\Windows\System\jbDobkz.exe

C:\Windows\System\jbDobkz.exe

C:\Windows\System\NDRembE.exe

C:\Windows\System\NDRembE.exe

C:\Windows\System\KEGrLGm.exe

C:\Windows\System\KEGrLGm.exe

C:\Windows\System\JOFNpim.exe

C:\Windows\System\JOFNpim.exe

C:\Windows\System\FGEAoWX.exe

C:\Windows\System\FGEAoWX.exe

C:\Windows\System\UAwFTVL.exe

C:\Windows\System\UAwFTVL.exe

C:\Windows\System\tZWXYQH.exe

C:\Windows\System\tZWXYQH.exe

C:\Windows\System\YEpLXzR.exe

C:\Windows\System\YEpLXzR.exe

C:\Windows\System\veNItzh.exe

C:\Windows\System\veNItzh.exe

C:\Windows\System\oYFrjcH.exe

C:\Windows\System\oYFrjcH.exe

C:\Windows\System\tjsNlNM.exe

C:\Windows\System\tjsNlNM.exe

C:\Windows\System\zNFsUqx.exe

C:\Windows\System\zNFsUqx.exe

C:\Windows\System\IoWwKlg.exe

C:\Windows\System\IoWwKlg.exe

C:\Windows\System\pQIfWel.exe

C:\Windows\System\pQIfWel.exe

C:\Windows\System\FbJRLny.exe

C:\Windows\System\FbJRLny.exe

C:\Windows\System\HZVekJe.exe

C:\Windows\System\HZVekJe.exe

C:\Windows\System\pGdBjcJ.exe

C:\Windows\System\pGdBjcJ.exe

C:\Windows\System\yifWBio.exe

C:\Windows\System\yifWBio.exe

C:\Windows\System\gNvdpDK.exe

C:\Windows\System\gNvdpDK.exe

C:\Windows\System\NykyUkO.exe

C:\Windows\System\NykyUkO.exe

C:\Windows\System\bIAoYtl.exe

C:\Windows\System\bIAoYtl.exe

C:\Windows\System\SuNpkdH.exe

C:\Windows\System\SuNpkdH.exe

C:\Windows\System\DuehpcI.exe

C:\Windows\System\DuehpcI.exe

C:\Windows\System\LQjruxC.exe

C:\Windows\System\LQjruxC.exe

C:\Windows\System\OKZpIre.exe

C:\Windows\System\OKZpIre.exe

C:\Windows\System\byqutpl.exe

C:\Windows\System\byqutpl.exe

C:\Windows\System\RzNhcRf.exe

C:\Windows\System\RzNhcRf.exe

C:\Windows\System\ZKeTOiH.exe

C:\Windows\System\ZKeTOiH.exe

C:\Windows\System\KULIBZH.exe

C:\Windows\System\KULIBZH.exe

C:\Windows\System\ratDEVh.exe

C:\Windows\System\ratDEVh.exe

C:\Windows\System\IPISCrd.exe

C:\Windows\System\IPISCrd.exe

C:\Windows\System\zlipznx.exe

C:\Windows\System\zlipznx.exe

C:\Windows\System\lKzyPKC.exe

C:\Windows\System\lKzyPKC.exe

C:\Windows\System\TkcCwaW.exe

C:\Windows\System\TkcCwaW.exe

C:\Windows\System\UbECKsE.exe

C:\Windows\System\UbECKsE.exe

C:\Windows\System\LnwmEws.exe

C:\Windows\System\LnwmEws.exe

C:\Windows\System\nSkbBDm.exe

C:\Windows\System\nSkbBDm.exe

C:\Windows\System\AaHmZfs.exe

C:\Windows\System\AaHmZfs.exe

C:\Windows\System\jfXaQhe.exe

C:\Windows\System\jfXaQhe.exe

C:\Windows\System\hkzgZKQ.exe

C:\Windows\System\hkzgZKQ.exe

C:\Windows\System\pRBewMb.exe

C:\Windows\System\pRBewMb.exe

C:\Windows\System\JjKHJFS.exe

C:\Windows\System\JjKHJFS.exe

C:\Windows\System\pzzmFgB.exe

C:\Windows\System\pzzmFgB.exe

C:\Windows\System\dIAmJpi.exe

C:\Windows\System\dIAmJpi.exe

C:\Windows\System\EMePMUP.exe

C:\Windows\System\EMePMUP.exe

C:\Windows\System\MjRsgev.exe

C:\Windows\System\MjRsgev.exe

C:\Windows\System\NjeQguT.exe

C:\Windows\System\NjeQguT.exe

C:\Windows\System\CIkKUkg.exe

C:\Windows\System\CIkKUkg.exe

C:\Windows\System\OIXhNoj.exe

C:\Windows\System\OIXhNoj.exe

C:\Windows\System\QAtiisC.exe

C:\Windows\System\QAtiisC.exe

C:\Windows\System\mKqLrRY.exe

C:\Windows\System\mKqLrRY.exe

C:\Windows\System\qYMTVIr.exe

C:\Windows\System\qYMTVIr.exe

C:\Windows\System\dlGQZSq.exe

C:\Windows\System\dlGQZSq.exe

C:\Windows\System\uXxWukO.exe

C:\Windows\System\uXxWukO.exe

C:\Windows\System\XjCpvLe.exe

C:\Windows\System\XjCpvLe.exe

C:\Windows\System\iWoGqBf.exe

C:\Windows\System\iWoGqBf.exe

C:\Windows\System\uxpysSB.exe

C:\Windows\System\uxpysSB.exe

C:\Windows\System\hqbFzfa.exe

C:\Windows\System\hqbFzfa.exe

C:\Windows\System\fMUtWUd.exe

C:\Windows\System\fMUtWUd.exe

C:\Windows\System\ChIvRyw.exe

C:\Windows\System\ChIvRyw.exe

C:\Windows\System\SMIWzqA.exe

C:\Windows\System\SMIWzqA.exe

C:\Windows\System\SCKipcG.exe

C:\Windows\System\SCKipcG.exe

C:\Windows\System\DEbVFVR.exe

C:\Windows\System\DEbVFVR.exe

C:\Windows\System\aVzoDba.exe

C:\Windows\System\aVzoDba.exe

C:\Windows\System\ZQntFMB.exe

C:\Windows\System\ZQntFMB.exe

C:\Windows\System\MeXLHmL.exe

C:\Windows\System\MeXLHmL.exe

C:\Windows\System\KZnWHwE.exe

C:\Windows\System\KZnWHwE.exe

C:\Windows\System\XfSEYRt.exe

C:\Windows\System\XfSEYRt.exe

C:\Windows\System\WhLeKJh.exe

C:\Windows\System\WhLeKJh.exe

C:\Windows\System\nSEzSvQ.exe

C:\Windows\System\nSEzSvQ.exe

C:\Windows\System\YWwbTEP.exe

C:\Windows\System\YWwbTEP.exe

C:\Windows\System\DEwOMmW.exe

C:\Windows\System\DEwOMmW.exe

C:\Windows\System\UcirKeN.exe

C:\Windows\System\UcirKeN.exe

C:\Windows\System\vOzLPFL.exe

C:\Windows\System\vOzLPFL.exe

C:\Windows\System\VMcqgKa.exe

C:\Windows\System\VMcqgKa.exe

C:\Windows\System\jAtZYwk.exe

C:\Windows\System\jAtZYwk.exe

C:\Windows\System\oRFbfML.exe

C:\Windows\System\oRFbfML.exe

C:\Windows\System\iKyIaHh.exe

C:\Windows\System\iKyIaHh.exe

C:\Windows\System\dYtKXWF.exe

C:\Windows\System\dYtKXWF.exe

C:\Windows\System\wDEQtFJ.exe

C:\Windows\System\wDEQtFJ.exe

C:\Windows\System\rgAcPVj.exe

C:\Windows\System\rgAcPVj.exe

C:\Windows\System\zgRoiZd.exe

C:\Windows\System\zgRoiZd.exe

C:\Windows\System\PIqDaUw.exe

C:\Windows\System\PIqDaUw.exe

C:\Windows\System\WXuSgqU.exe

C:\Windows\System\WXuSgqU.exe

C:\Windows\System\ZLYzGZK.exe

C:\Windows\System\ZLYzGZK.exe

C:\Windows\System\wJNlHwD.exe

C:\Windows\System\wJNlHwD.exe

C:\Windows\System\trGruZw.exe

C:\Windows\System\trGruZw.exe

C:\Windows\System\BGykAPD.exe

C:\Windows\System\BGykAPD.exe

C:\Windows\System\MCBjBcX.exe

C:\Windows\System\MCBjBcX.exe

C:\Windows\System\DqjaIjr.exe

C:\Windows\System\DqjaIjr.exe

C:\Windows\System\LtmBLfE.exe

C:\Windows\System\LtmBLfE.exe

C:\Windows\System\xVRegNL.exe

C:\Windows\System\xVRegNL.exe

C:\Windows\System\NGakHyR.exe

C:\Windows\System\NGakHyR.exe

C:\Windows\System\KIqytaT.exe

C:\Windows\System\KIqytaT.exe

C:\Windows\System\LwyoTCM.exe

C:\Windows\System\LwyoTCM.exe

C:\Windows\System\OVGrWxs.exe

C:\Windows\System\OVGrWxs.exe

C:\Windows\System\oGlkoWX.exe

C:\Windows\System\oGlkoWX.exe

C:\Windows\System\cPHRYqI.exe

C:\Windows\System\cPHRYqI.exe

C:\Windows\System\pmCqTpQ.exe

C:\Windows\System\pmCqTpQ.exe

C:\Windows\System\FqJtscL.exe

C:\Windows\System\FqJtscL.exe

C:\Windows\System\NHVlFWC.exe

C:\Windows\System\NHVlFWC.exe

C:\Windows\System\CkmTIpB.exe

C:\Windows\System\CkmTIpB.exe

C:\Windows\System\rHfEeRd.exe

C:\Windows\System\rHfEeRd.exe

C:\Windows\System\vtARmTy.exe

C:\Windows\System\vtARmTy.exe

C:\Windows\System\usaMKZL.exe

C:\Windows\System\usaMKZL.exe

C:\Windows\System\PvgTdjD.exe

C:\Windows\System\PvgTdjD.exe

C:\Windows\System\kcKmsuf.exe

C:\Windows\System\kcKmsuf.exe

C:\Windows\System\nCDlofg.exe

C:\Windows\System\nCDlofg.exe

C:\Windows\System\iJfAdoV.exe

C:\Windows\System\iJfAdoV.exe

C:\Windows\System\ajwiGNN.exe

C:\Windows\System\ajwiGNN.exe

C:\Windows\System\BqKhkDg.exe

C:\Windows\System\BqKhkDg.exe

C:\Windows\System\zAgNSTM.exe

C:\Windows\System\zAgNSTM.exe

C:\Windows\System\sxAJUgo.exe

C:\Windows\System\sxAJUgo.exe

C:\Windows\System\HOtkinu.exe

C:\Windows\System\HOtkinu.exe

C:\Windows\System\WHqaqdz.exe

C:\Windows\System\WHqaqdz.exe

C:\Windows\System\OGindVC.exe

C:\Windows\System\OGindVC.exe

C:\Windows\System\YeecNZl.exe

C:\Windows\System\YeecNZl.exe

C:\Windows\System\iGZJJJy.exe

C:\Windows\System\iGZJJJy.exe

C:\Windows\System\jQcNrQu.exe

C:\Windows\System\jQcNrQu.exe

C:\Windows\System\KgyePTH.exe

C:\Windows\System\KgyePTH.exe

C:\Windows\System\zuZzJaL.exe

C:\Windows\System\zuZzJaL.exe

C:\Windows\System\QXQYmcd.exe

C:\Windows\System\QXQYmcd.exe

C:\Windows\System\QjvPVrW.exe

C:\Windows\System\QjvPVrW.exe

C:\Windows\System\gkBgeKv.exe

C:\Windows\System\gkBgeKv.exe

C:\Windows\System\fSOOAAe.exe

C:\Windows\System\fSOOAAe.exe

C:\Windows\System\hKtCbQl.exe

C:\Windows\System\hKtCbQl.exe

C:\Windows\System\hioXCeW.exe

C:\Windows\System\hioXCeW.exe

C:\Windows\System\eXsenEj.exe

C:\Windows\System\eXsenEj.exe

C:\Windows\System\hIgNckk.exe

C:\Windows\System\hIgNckk.exe

C:\Windows\System\PwNAlyY.exe

C:\Windows\System\PwNAlyY.exe

C:\Windows\System\gWmWadV.exe

C:\Windows\System\gWmWadV.exe

C:\Windows\System\MbjnILt.exe

C:\Windows\System\MbjnILt.exe

C:\Windows\System\IAmJHGw.exe

C:\Windows\System\IAmJHGw.exe

C:\Windows\System\zUKmoix.exe

C:\Windows\System\zUKmoix.exe

C:\Windows\System\bNObrNF.exe

C:\Windows\System\bNObrNF.exe

C:\Windows\System\gGZSUZT.exe

C:\Windows\System\gGZSUZT.exe

C:\Windows\System\oJAAQBi.exe

C:\Windows\System\oJAAQBi.exe

C:\Windows\System\xDBLXZW.exe

C:\Windows\System\xDBLXZW.exe

C:\Windows\System\iGqGqVI.exe

C:\Windows\System\iGqGqVI.exe

C:\Windows\System\uxVWxKw.exe

C:\Windows\System\uxVWxKw.exe

C:\Windows\System\iyFCzaR.exe

C:\Windows\System\iyFCzaR.exe

C:\Windows\System\dNaTWOp.exe

C:\Windows\System\dNaTWOp.exe

C:\Windows\System\ZUhTLdz.exe

C:\Windows\System\ZUhTLdz.exe

C:\Windows\System\lyIEBfX.exe

C:\Windows\System\lyIEBfX.exe

C:\Windows\System\fUeCYyb.exe

C:\Windows\System\fUeCYyb.exe

C:\Windows\System\IRnsVIt.exe

C:\Windows\System\IRnsVIt.exe

C:\Windows\System\QUbvvre.exe

C:\Windows\System\QUbvvre.exe

C:\Windows\System\yKkqJRc.exe

C:\Windows\System\yKkqJRc.exe

C:\Windows\System\NShoonD.exe

C:\Windows\System\NShoonD.exe

C:\Windows\System\ewcvSSj.exe

C:\Windows\System\ewcvSSj.exe

C:\Windows\System\vzCotbv.exe

C:\Windows\System\vzCotbv.exe

C:\Windows\System\zggrZnH.exe

C:\Windows\System\zggrZnH.exe

C:\Windows\System\JcmDuyG.exe

C:\Windows\System\JcmDuyG.exe

C:\Windows\System\mQcxjGn.exe

C:\Windows\System\mQcxjGn.exe

C:\Windows\System\WkMLCEx.exe

C:\Windows\System\WkMLCEx.exe

C:\Windows\System\wDTNUhA.exe

C:\Windows\System\wDTNUhA.exe

C:\Windows\System\ZcjibZy.exe

C:\Windows\System\ZcjibZy.exe

C:\Windows\System\RgyOxWZ.exe

C:\Windows\System\RgyOxWZ.exe

C:\Windows\System\xXzWBGd.exe

C:\Windows\System\xXzWBGd.exe

C:\Windows\System\vlhmsqr.exe

C:\Windows\System\vlhmsqr.exe

C:\Windows\System\qRsOyGp.exe

C:\Windows\System\qRsOyGp.exe

C:\Windows\System\ZlLDAiU.exe

C:\Windows\System\ZlLDAiU.exe

C:\Windows\System\fWajclc.exe

C:\Windows\System\fWajclc.exe

C:\Windows\System\pXWkYFR.exe

C:\Windows\System\pXWkYFR.exe

C:\Windows\System\MIsJwTv.exe

C:\Windows\System\MIsJwTv.exe

C:\Windows\System\wykheOW.exe

C:\Windows\System\wykheOW.exe

C:\Windows\System\ntftNWm.exe

C:\Windows\System\ntftNWm.exe

C:\Windows\System\GOQgqjb.exe

C:\Windows\System\GOQgqjb.exe

C:\Windows\System\SOfaMWq.exe

C:\Windows\System\SOfaMWq.exe

C:\Windows\System\FZGTOCL.exe

C:\Windows\System\FZGTOCL.exe

C:\Windows\System\gODACut.exe

C:\Windows\System\gODACut.exe

C:\Windows\System\jbpIYaw.exe

C:\Windows\System\jbpIYaw.exe

C:\Windows\System\XurSsYH.exe

C:\Windows\System\XurSsYH.exe

C:\Windows\System\xwVmrQz.exe

C:\Windows\System\xwVmrQz.exe

C:\Windows\System\ITuyBkH.exe

C:\Windows\System\ITuyBkH.exe

C:\Windows\System\ldmqckp.exe

C:\Windows\System\ldmqckp.exe

C:\Windows\System\WVolUSv.exe

C:\Windows\System\WVolUSv.exe

C:\Windows\System\JuxHbyp.exe

C:\Windows\System\JuxHbyp.exe

C:\Windows\System\wVEixXT.exe

C:\Windows\System\wVEixXT.exe

C:\Windows\System\dnkyjWG.exe

C:\Windows\System\dnkyjWG.exe

C:\Windows\System\kAZmDSD.exe

C:\Windows\System\kAZmDSD.exe

C:\Windows\System\DubGEbO.exe

C:\Windows\System\DubGEbO.exe

C:\Windows\System\CrOBseM.exe

C:\Windows\System\CrOBseM.exe

C:\Windows\System\YPXjgFs.exe

C:\Windows\System\YPXjgFs.exe

C:\Windows\System\kCqfvFj.exe

C:\Windows\System\kCqfvFj.exe

C:\Windows\System\XeerTtq.exe

C:\Windows\System\XeerTtq.exe

C:\Windows\System\KWFwzCz.exe

C:\Windows\System\KWFwzCz.exe

C:\Windows\System\AxpJFKT.exe

C:\Windows\System\AxpJFKT.exe

C:\Windows\System\iUGjkhD.exe

C:\Windows\System\iUGjkhD.exe

C:\Windows\System\CYhPxjJ.exe

C:\Windows\System\CYhPxjJ.exe

C:\Windows\System\rHtYhsM.exe

C:\Windows\System\rHtYhsM.exe

C:\Windows\System\oDkXvgc.exe

C:\Windows\System\oDkXvgc.exe

C:\Windows\System\xGkZEIi.exe

C:\Windows\System\xGkZEIi.exe

C:\Windows\System\ZlvAlyf.exe

C:\Windows\System\ZlvAlyf.exe

C:\Windows\System\CsYMkMD.exe

C:\Windows\System\CsYMkMD.exe

C:\Windows\System\AhpZhnb.exe

C:\Windows\System\AhpZhnb.exe

C:\Windows\System\rYuecLX.exe

C:\Windows\System\rYuecLX.exe

C:\Windows\System\dvXnNFG.exe

C:\Windows\System\dvXnNFG.exe

C:\Windows\System\orwSFeB.exe

C:\Windows\System\orwSFeB.exe

C:\Windows\System\dvPfraB.exe

C:\Windows\System\dvPfraB.exe

C:\Windows\System\oANifhy.exe

C:\Windows\System\oANifhy.exe

C:\Windows\System\amLyZHu.exe

C:\Windows\System\amLyZHu.exe

C:\Windows\System\pdKqjnW.exe

C:\Windows\System\pdKqjnW.exe

C:\Windows\System\QRKLQSz.exe

C:\Windows\System\QRKLQSz.exe

C:\Windows\System\YXIAGCk.exe

C:\Windows\System\YXIAGCk.exe

C:\Windows\System\oRskZDg.exe

C:\Windows\System\oRskZDg.exe

C:\Windows\System\XvizVVL.exe

C:\Windows\System\XvizVVL.exe

C:\Windows\System\fNneILW.exe

C:\Windows\System\fNneILW.exe

C:\Windows\System\SPJPzop.exe

C:\Windows\System\SPJPzop.exe

C:\Windows\System\MURQVjq.exe

C:\Windows\System\MURQVjq.exe

C:\Windows\System\WEpwflc.exe

C:\Windows\System\WEpwflc.exe

C:\Windows\System\dgmZYEy.exe

C:\Windows\System\dgmZYEy.exe

C:\Windows\System\BSROUMn.exe

C:\Windows\System\BSROUMn.exe

C:\Windows\System\qgBOpeH.exe

C:\Windows\System\qgBOpeH.exe

C:\Windows\System\cKGSxhE.exe

C:\Windows\System\cKGSxhE.exe

C:\Windows\System\ffrHQBM.exe

C:\Windows\System\ffrHQBM.exe

C:\Windows\System\lpyQYQv.exe

C:\Windows\System\lpyQYQv.exe

C:\Windows\System\XhFHEdd.exe

C:\Windows\System\XhFHEdd.exe

C:\Windows\System\zsJSwIS.exe

C:\Windows\System\zsJSwIS.exe

C:\Windows\System\BMyrptP.exe

C:\Windows\System\BMyrptP.exe

C:\Windows\System\uHiurjM.exe

C:\Windows\System\uHiurjM.exe

C:\Windows\System\qnzUjIP.exe

C:\Windows\System\qnzUjIP.exe

C:\Windows\System\KpsDAqp.exe

C:\Windows\System\KpsDAqp.exe

C:\Windows\System\ZPRjRNx.exe

C:\Windows\System\ZPRjRNx.exe

C:\Windows\System\PzKIUbu.exe

C:\Windows\System\PzKIUbu.exe

C:\Windows\System\ohXqmDu.exe

C:\Windows\System\ohXqmDu.exe

C:\Windows\System\WastILc.exe

C:\Windows\System\WastILc.exe

C:\Windows\System\JzXaCno.exe

C:\Windows\System\JzXaCno.exe

C:\Windows\System\rvCfieU.exe

C:\Windows\System\rvCfieU.exe

C:\Windows\System\ENfNraX.exe

C:\Windows\System\ENfNraX.exe

C:\Windows\System\aeLOpDt.exe

C:\Windows\System\aeLOpDt.exe

C:\Windows\System\ahCMYNF.exe

C:\Windows\System\ahCMYNF.exe

C:\Windows\System\prljkZu.exe

C:\Windows\System\prljkZu.exe

C:\Windows\System\hCsqYiB.exe

C:\Windows\System\hCsqYiB.exe

C:\Windows\System\hpeAKSP.exe

C:\Windows\System\hpeAKSP.exe

C:\Windows\System\TWkDdBG.exe

C:\Windows\System\TWkDdBG.exe

C:\Windows\System\YocrvJu.exe

C:\Windows\System\YocrvJu.exe

C:\Windows\System\uacXQcR.exe

C:\Windows\System\uacXQcR.exe

C:\Windows\System\ijPjojv.exe

C:\Windows\System\ijPjojv.exe

C:\Windows\System\sCidtoC.exe

C:\Windows\System\sCidtoC.exe

C:\Windows\System\vPtkhop.exe

C:\Windows\System\vPtkhop.exe

C:\Windows\System\PFpJJaJ.exe

C:\Windows\System\PFpJJaJ.exe

C:\Windows\System\SgnMucP.exe

C:\Windows\System\SgnMucP.exe

C:\Windows\System\oWDWeMt.exe

C:\Windows\System\oWDWeMt.exe

C:\Windows\System\ZyWhRXi.exe

C:\Windows\System\ZyWhRXi.exe

C:\Windows\System\pSvQJFS.exe

C:\Windows\System\pSvQJFS.exe

C:\Windows\System\lkIgukT.exe

C:\Windows\System\lkIgukT.exe

C:\Windows\System\iORWnII.exe

C:\Windows\System\iORWnII.exe

C:\Windows\System\EQesWap.exe

C:\Windows\System\EQesWap.exe

C:\Windows\System\AprhszN.exe

C:\Windows\System\AprhszN.exe

C:\Windows\System\ROZqFSo.exe

C:\Windows\System\ROZqFSo.exe

C:\Windows\System\AFmtADt.exe

C:\Windows\System\AFmtADt.exe

C:\Windows\System\dIwBcAZ.exe

C:\Windows\System\dIwBcAZ.exe

C:\Windows\System\bqouhUd.exe

C:\Windows\System\bqouhUd.exe

C:\Windows\System\rOjigvk.exe

C:\Windows\System\rOjigvk.exe

C:\Windows\System\iaBIROA.exe

C:\Windows\System\iaBIROA.exe

C:\Windows\System\sHpQmuq.exe

C:\Windows\System\sHpQmuq.exe

C:\Windows\System\WVRodvk.exe

C:\Windows\System\WVRodvk.exe

C:\Windows\System\mjTnWaF.exe

C:\Windows\System\mjTnWaF.exe

C:\Windows\System\zPKzfPQ.exe

C:\Windows\System\zPKzfPQ.exe

C:\Windows\System\YIctvmK.exe

C:\Windows\System\YIctvmK.exe

C:\Windows\System\LGBCCaD.exe

C:\Windows\System\LGBCCaD.exe

C:\Windows\System\ojKVAvf.exe

C:\Windows\System\ojKVAvf.exe

C:\Windows\System\wmBLtFz.exe

C:\Windows\System\wmBLtFz.exe

C:\Windows\System\OGPXbec.exe

C:\Windows\System\OGPXbec.exe

C:\Windows\System\OoBGMMF.exe

C:\Windows\System\OoBGMMF.exe

C:\Windows\System\okslgDI.exe

C:\Windows\System\okslgDI.exe

C:\Windows\System\VQzHLlQ.exe

C:\Windows\System\VQzHLlQ.exe

C:\Windows\System\URpjMBa.exe

C:\Windows\System\URpjMBa.exe

C:\Windows\System\hdYufbI.exe

C:\Windows\System\hdYufbI.exe

C:\Windows\System\sIWcQdp.exe

C:\Windows\System\sIWcQdp.exe

C:\Windows\System\bBIhPmt.exe

C:\Windows\System\bBIhPmt.exe

C:\Windows\System\thwdzSl.exe

C:\Windows\System\thwdzSl.exe

C:\Windows\System\myjctwC.exe

C:\Windows\System\myjctwC.exe

C:\Windows\System\oRCTCGR.exe

C:\Windows\System\oRCTCGR.exe

C:\Windows\System\iRZsDke.exe

C:\Windows\System\iRZsDke.exe

C:\Windows\System\LPLKXzk.exe

C:\Windows\System\LPLKXzk.exe

C:\Windows\System\iIIvaBs.exe

C:\Windows\System\iIIvaBs.exe

C:\Windows\System\EbHSeUH.exe

C:\Windows\System\EbHSeUH.exe

C:\Windows\System\APFlkGR.exe

C:\Windows\System\APFlkGR.exe

C:\Windows\System\UVWQsbe.exe

C:\Windows\System\UVWQsbe.exe

C:\Windows\System\QpTNTth.exe

C:\Windows\System\QpTNTth.exe

C:\Windows\System\BYcPiKc.exe

C:\Windows\System\BYcPiKc.exe

C:\Windows\System\TvJGSWV.exe

C:\Windows\System\TvJGSWV.exe

C:\Windows\System\YGYMqES.exe

C:\Windows\System\YGYMqES.exe

C:\Windows\System\oXjrphZ.exe

C:\Windows\System\oXjrphZ.exe

C:\Windows\System\OWqcdmS.exe

C:\Windows\System\OWqcdmS.exe

C:\Windows\System\Xtwapzp.exe

C:\Windows\System\Xtwapzp.exe

C:\Windows\System\TnNFQdh.exe

C:\Windows\System\TnNFQdh.exe

C:\Windows\System\vYkrdoC.exe

C:\Windows\System\vYkrdoC.exe

C:\Windows\System\SbYtaws.exe

C:\Windows\System\SbYtaws.exe

C:\Windows\System\ANtEdZS.exe

C:\Windows\System\ANtEdZS.exe

C:\Windows\System\wtRPnUx.exe

C:\Windows\System\wtRPnUx.exe

C:\Windows\System\pVpnzgs.exe

C:\Windows\System\pVpnzgs.exe

C:\Windows\System\DqPjmNv.exe

C:\Windows\System\DqPjmNv.exe

C:\Windows\System\PTOHumz.exe

C:\Windows\System\PTOHumz.exe

C:\Windows\System\fCeItkx.exe

C:\Windows\System\fCeItkx.exe

C:\Windows\System\VJndMSA.exe

C:\Windows\System\VJndMSA.exe

C:\Windows\System\rQkFWbN.exe

C:\Windows\System\rQkFWbN.exe

C:\Windows\System\CsLtHye.exe

C:\Windows\System\CsLtHye.exe

C:\Windows\System\GbodVhF.exe

C:\Windows\System\GbodVhF.exe

C:\Windows\System\nFZKUQn.exe

C:\Windows\System\nFZKUQn.exe

C:\Windows\System\HVXXrJO.exe

C:\Windows\System\HVXXrJO.exe

C:\Windows\System\YsEdVGD.exe

C:\Windows\System\YsEdVGD.exe

C:\Windows\System\oUqQDHo.exe

C:\Windows\System\oUqQDHo.exe

C:\Windows\System\PWVjZvs.exe

C:\Windows\System\PWVjZvs.exe

C:\Windows\System\ZrFACcD.exe

C:\Windows\System\ZrFACcD.exe

C:\Windows\System\tIFwSab.exe

C:\Windows\System\tIFwSab.exe

C:\Windows\System\rNFKmyF.exe

C:\Windows\System\rNFKmyF.exe

C:\Windows\System\tTVAepP.exe

C:\Windows\System\tTVAepP.exe

C:\Windows\System\PpiSawN.exe

C:\Windows\System\PpiSawN.exe

C:\Windows\System\KmOvunR.exe

C:\Windows\System\KmOvunR.exe

C:\Windows\System\fRbrSrV.exe

C:\Windows\System\fRbrSrV.exe

C:\Windows\System\UaNfDxq.exe

C:\Windows\System\UaNfDxq.exe

C:\Windows\System\aebVSyd.exe

C:\Windows\System\aebVSyd.exe

C:\Windows\System\yLnpkoi.exe

C:\Windows\System\yLnpkoi.exe

C:\Windows\System\mPpSemm.exe

C:\Windows\System\mPpSemm.exe

C:\Windows\System\GgkOcNR.exe

C:\Windows\System\GgkOcNR.exe

C:\Windows\System\rEAmdyP.exe

C:\Windows\System\rEAmdyP.exe

C:\Windows\System\VKFYfre.exe

C:\Windows\System\VKFYfre.exe

C:\Windows\System\KzmHIoT.exe

C:\Windows\System\KzmHIoT.exe

C:\Windows\System\qHfMXxz.exe

C:\Windows\System\qHfMXxz.exe

C:\Windows\System\WukAuTb.exe

C:\Windows\System\WukAuTb.exe

C:\Windows\System\aqQhSHq.exe

C:\Windows\System\aqQhSHq.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp

Files

memory/4212-0-0x00007FF69D550000-0x00007FF69D8A4000-memory.dmp

memory/4212-1-0x0000023D6B620000-0x0000023D6B630000-memory.dmp

C:\Windows\System\NDRembE.exe

MD5 67eb7f4f5d8f76919ba0a9a9a2a340b2
SHA1 dd1df7acb2bd05da3e4dd596090138396628cdb7
SHA256 e605e050edc9f3fc62ff3bedbbebcb9216c47816d152ae83072c430650cec4ac
SHA512 3d34179e59ca3827ea3c301f9d8fd0bb91af14767cf2142bdac8b9b80e648f412e6d051696b899685f535802a614416550b900701ef6724e0beb0d5e48692949

C:\Windows\System\FGEAoWX.exe

MD5 585508db9abefed28d3909918feec4d8
SHA1 f4f3bd6a19af7e5b9fec5153cbaa675423ff475b
SHA256 3af300f0863455953ec0e47a68c4fbc896c388a07f4e1d2e31b23629b1383b55
SHA512 e854082054814b2a19259c401a5acea52a88694bed587831f64ddb799c1ba2982b378bacd0fff034eb8db2291522ecb892aa7fc6b91a063118fa7f599c1a131a

C:\Windows\System\oYFrjcH.exe

MD5 bc07108df88e59ea1fc42d89b1eeda79
SHA1 0355706dd22e4eaf14183d1e6d2e217eaaf132d7
SHA256 52b3623a5df9a8b4887dd58c80a8044d46d52c27df7ed6c3c38fd12a53caed92
SHA512 267482cdf0b369208344a85965336d65d38b14056ec7c7e391794f795e662df740ebd6bcd3c5d49a231c06c1d1384b8068a65551e3933937bd0ae5ecc9948603

memory/3444-73-0x00007FF6F6E50000-0x00007FF6F71A4000-memory.dmp

memory/4600-78-0x00007FF777FC0000-0x00007FF778314000-memory.dmp

C:\Windows\System\FbJRLny.exe

MD5 329eca790a3fbbf380d9859bedad9490
SHA1 1ab4bf514f36317f8e847b0c89d67434ddee1947
SHA256 b0c8317901309182c2f6e541863017c6d78524dbb922e9fcef75df727e656a86
SHA512 c749dd24dd1d5c97052d4ddfcfa6adbd88aaf73f9521126f44cf3976def6945aaee38971338ecbbf0b32d9de3e4e843598568ac613ccec18fcb77b684f2b7784

memory/4940-103-0x00007FF728530000-0x00007FF728884000-memory.dmp

memory/4772-108-0x00007FF7B0C00000-0x00007FF7B0F54000-memory.dmp

memory/4380-116-0x00007FF77AD60000-0x00007FF77B0B4000-memory.dmp

memory/4716-125-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp

C:\Windows\System\LQjruxC.exe

MD5 5c946de7d3fe21596f4b2a8aec9afbde
SHA1 4ebc2b4fb1ae44b4aefe3fe259521ec32b6e5d7d
SHA256 1fc04ab56591d2c29dba42ce8ba0c125b8e8a060a6fa9d7dafdd655839ce1543
SHA512 e17fb9e23bcab5fe7d0bd30a13eaf107c74bbda5af01beb4bae460601a7970d204d9fb3d5df0161a29b1aae976cbae64aae4eeab0057fd201a038c26d7c834b4

memory/4756-166-0x00007FF714C50000-0x00007FF714FA4000-memory.dmp

memory/2732-181-0x00007FF733040000-0x00007FF733394000-memory.dmp

memory/2952-200-0x00007FF78B590000-0x00007FF78B8E4000-memory.dmp

memory/2600-209-0x00007FF7BF750000-0x00007FF7BFAA4000-memory.dmp

memory/2024-208-0x00007FF6332C0000-0x00007FF633614000-memory.dmp

memory/3956-207-0x00007FF6A5DC0000-0x00007FF6A6114000-memory.dmp

memory/3948-204-0x00007FF7BA260000-0x00007FF7BA5B4000-memory.dmp

memory/5064-202-0x00007FF747C50000-0x00007FF747FA4000-memory.dmp

memory/3376-201-0x00007FF6882F0000-0x00007FF688644000-memory.dmp

memory/1040-199-0x00007FF793E60000-0x00007FF7941B4000-memory.dmp

C:\Windows\System\KULIBZH.exe

MD5 e58e57dfdb84832f3697bcf5e0e114eb
SHA1 768ae4cf2e6c039c620b7013d9d54391aa76b698
SHA256 d1ec2616886556d772da7608f47841bf3d3481ee52292a434ddfc25eab4e211a
SHA512 5d2e41cfa0c5cbe05f789f88662d7c34a49af40f66a5e228cea416cfe1298b9aef912c1aa9b50c72b1222c32aa0e0df71600067078001acb3c21d76ac13291fc

C:\Windows\System\ZKeTOiH.exe

MD5 173396865ad65a20839afcceda9b0d05
SHA1 e7d419156bf07043a324e72cb5e722819aaadd82
SHA256 5303c7e5f9e403ac3dd2ec6a6a6eebd56b8e4fc02c7d66aebdcf8370c5489aea
SHA512 72038348713a6e789f8cf1d563f5fa32b69859ab39494c8643ec78598fa32a63e29b4ed923c745daefb51e97b55d3acf5464d42c7dd7200528729763699f9473

memory/1328-182-0x00007FF751EA0000-0x00007FF7521F4000-memory.dmp

C:\Windows\System\byqutpl.exe

MD5 e04b8bbb44ec42bb100067f9b21fd3ac
SHA1 fc671cb672e938c6bc2a13e7cccf63a4fd595b25
SHA256 ac541910de214081c920b25f7c075aa7868d6dcebc905d2de3427e45630eec82
SHA512 6e77d65e7bcaccdf2a9aa68bbd6352dd09850205e5668030465081f155db63fd5797c9b25cef74a93f9f25c7a22b1e2df165abaaee9edc056fe5cdb57069cc34

C:\Windows\System\OKZpIre.exe

MD5 084800d5c58e25c6b863315c26b872c8
SHA1 a56f9066626ece2282e5167c477d64ad0b7688a1
SHA256 01869111724055e05ab5776ef0df508ea43a257089bfc862342f8b95187e85ef
SHA512 5073c716b5625431bc5f4e820b7a5b9cf3975491ccb9105d87eb029a257ef90d9db6bf1f4b26e7ff86242481a5c146d582415e5d504f201a03fb655bafbad894

C:\Windows\System\DuehpcI.exe

MD5 db864d0fb743b269612bd65fdca65567
SHA1 d5d8a45fc5d45d3c2925331b804e72cd387ede8d
SHA256 e1f61676be83d5498fb91029ff4ac5c682f078f135e942031d31308650d83e07
SHA512 19f271e6cbd879649d5e017819be7ca66fe88c8b211987e93a2c91e0a1413ff7eec9141c8f7fb8fb69c831e8d5548ddad768b6e034f65f9eaa7a0a2e2e5affa4

C:\Windows\System\SuNpkdH.exe

MD5 d06af63c9fa543e37c2348e0c4edf13a
SHA1 55c90f5b68d9b97fbbb2462aa2fe3433f2eb0b2f
SHA256 7eec7853171dd7cad2be609463660547ca420428a7bf7b2afabd06acef71afc2
SHA512 7064bdfd8dfdd4318b6c014b71d4342926efa2a98ef91ef72ce01c51241b418278aef8c69678669535b3a9083eb6f0a63958adf8eccbdb8fbdb475a0578d43d0

C:\Windows\System\RzNhcRf.exe

MD5 933e28745482f4953baa6ae352f72d32
SHA1 3f8fcd891265560e47421f08368bba696a88b1f4
SHA256 38a5176ff208105d162c6d9ac408e6e8c00a1a2c2cb765457dee5dc0bb724c68
SHA512 fc4ef5d9844e2d70005856f26f36929ead123f14627ffd578361e23c0e4b0242cb5b06a15b6abf78f095bcd6d031af9018c0bba97ed4f4141ba1210633811019

C:\Windows\System\TkcCwaW.exe

MD5 cb4a27adfa7a0525e062ca5aa538d049
SHA1 93ac535a0e0ab66d5dfd16924bbaffd7a9020851
SHA256 e38ab3301f50f4d380cf0de6c62b9b689206f238decef4fe026ee15e48ed3aee
SHA512 990911ecee2e630ee6ce2ba22987c71b894c530af31233ae8260ec3a4dd350c8af0bc20949b195bcbe0e52ac59b222e6540de3346d750b4ed8af10c421d46137

C:\Windows\System\bIAoYtl.exe

MD5 63bdf85da2b6e5498e156ac6789941d2
SHA1 1e2862807f17a5176eba316a563cdd10daa5fb2c
SHA256 b3f0492bab17cc5866975a8ba5a7d3f6d481bb6c4149d7fac31a8fa7370f01cb
SHA512 c9b78bca11168ce7fd94d06f59fc3829a7bdb9b01f2cc39158d34710b05468f21160fd2e90d62c3d099b3aca7e320d6ab4b99156ec7764aa32d77652c19fc51c

C:\Windows\System\lKzyPKC.exe

MD5 415c6066f44cdac680ea6151ac5122a2
SHA1 d4fa0a7e6aed28ad7380689e2ff57568757a4c7e
SHA256 d547a44edf2f1a6eb6a38aa7bb1fcfef355ed179d50144ab214222cc8f4d9767
SHA512 5929af83044f94493999e6875ea22480e89ec936cb8590eadd2c5ffae4ff70e11965a7c4b193acca4cbf391033580b376df692805c1362cc9e38e435e1f21baf

C:\Windows\System\zlipznx.exe

MD5 3252e73aaabbd5e1e5fd1537599f024e
SHA1 8c527b9d2774c9362907351adabd4426284feb72
SHA256 070c8a7f36284b8c337186640cac00de75f6fc178806761b4625e4726480d6ed
SHA512 911b2e78dbdc63f69e78653b3891580645d39031166ed665439fcefb0135b9fd762911f2d8178cac3cd222f5aa3f987b2f00fbafa53438d928447dc1d2588315

C:\Windows\System\IPISCrd.exe

MD5 465e18babb17db6afedaaa41fab32e86
SHA1 fb7525ad7dc9f0c8f946a585899d6ecd3034c9e5
SHA256 69dbf3c6525d694fc0a4fcab2035a4b6c4ae88a9c2efd9f63866f85988328f17
SHA512 90c92a56f45b614f4cb8ba9e7585c1b6939bcee0c21080cf15c41415808bbbf9ce2774586629b1c5dadde955caf1929f5921fe95446888f964002b0e6a3e089a

C:\Windows\System\ratDEVh.exe

MD5 9823fd863be3c064086d996fa6171683
SHA1 a5b9fbda32a760c99ba173ce9059a29d19c4a1ed
SHA256 a24133550b6b17de3a39af7d0037550f88d6a4dc6f66610c171e3ea315d18a2c
SHA512 6da5592a9766af89bcccb6b3d065659d3fb371f77fc9d668280f1768aa09436fb5b25497c20c6372fccfcdb37f42c6d295277e1dd4a9470db9fc330aa70b2f69

memory/2036-154-0x00007FF63C040000-0x00007FF63C394000-memory.dmp

C:\Windows\System\NykyUkO.exe

MD5 10eef5f28a497b8357d3d66c6de1ef52
SHA1 3b3a2107c8185b3aa191d6a061938843b56ca3d8
SHA256 c1b0475814ac92b7ba56f1f8520e85ecc71bd1ba8fc10d78a33d0ce1bfeec779
SHA512 3cdc8cf4fa24fb28ae07aebeed4cffaa59b5bd0dc4673fae1acf327aaaaec2d826c2d00baafcbfbc850d5e5e61307bd0c67062bfe2a3d6f7f39894a34c2e7c77

C:\Windows\System\gNvdpDK.exe

MD5 07ebb18954ce1f6a97d173ec657eb035
SHA1 9b619f9c118ecafe517d3cd00a382ee779567d16
SHA256 cda50452e631735c14db11dd5bd824a9d4de3ec6cb58b23d6414671664833cbd
SHA512 368a896b0101b16e4dcc9135eb0b5b0b105ffc161a569e208db58028b71ae2ced566561cc90aa1f56c6bbfd48e39e40f2bfa722567caa6cad749c145b2b37901

C:\Windows\System\HZVekJe.exe

MD5 7227d3eaa0c5b6e5e9d7bf63e58f28a8
SHA1 c46daad24c06c0969caba7d2a855bfc5a0e71062
SHA256 fe208b2d720c03ebb30d45b9a43559468339b29aadf840081aadbaf32b34704e
SHA512 35c3690578813c39a0a444ca3903c89fef079cdfedf25fd187c512be42f3bc096eeab9238a47b8a28b835d53be9f189f351d30b55c230ceb1da05cccf7bebf41

memory/2944-117-0x00007FF659A20000-0x00007FF659D74000-memory.dmp

C:\Windows\System\yifWBio.exe

MD5 09ffb9abfe98745e70d31fc50e9244bc
SHA1 aea6b2fe061d626ac1252472440c644569206f75
SHA256 d5a074b76df1af9615c2ba48e52b96990ebda80825515fc09b0312a3d9a1e5cc
SHA512 08fc4ffb2aa1923c4fb8b5245d68e935600f0b1d155cc3d87fd5ff7edbba6f2fb649c3e002853b24873706cc54f66ba6f95ac7cd177a1fe07c6ea19072e6abcd

C:\Windows\System\pGdBjcJ.exe

MD5 037745c90e654db08ccd659496b40aac
SHA1 22fc819e4ac9cbead114f78bf70e91a38ee3d5ac
SHA256 27e8e4e17444dee9ab13365044f4ce152c7b15003ac6c4725504d6317b2fefec
SHA512 ec7a95e8d151bebc3a0d15148bfc3e0a33c5893ca89f1b239ea7b28cc1ab1cb27b8daacda920d78dbe49181ec68e08ad403ee1ba39497b70fc6d1ed783c3aec9

memory/2716-109-0x00007FF6425F0000-0x00007FF642944000-memory.dmp

memory/4516-104-0x00007FF7E61D0000-0x00007FF7E6524000-memory.dmp

memory/1020-93-0x00007FF6B6D60000-0x00007FF6B70B4000-memory.dmp

C:\Windows\System\pQIfWel.exe

MD5 129f93176611ea6375590309498b6419
SHA1 83715d7db6b8466cd8d6f45bf71f9ad26e961c6c
SHA256 90ca81935c84147bc945c7a5420e82bd307eb72490a6c4a9f386cfe04d05c6d0
SHA512 d5d7176c3f9c4dacd33495d61ac3d69d742536611975701b6f5e3994274643f56e562d3f7a6b88abcde8e2ffbfa306602d298e7d0dde916bddc11a5ed9130aef

C:\Windows\System\IoWwKlg.exe

MD5 aee42007a793342a42767af8d96d15b7
SHA1 00c4b8a81b735e7d07e262b3bd6edc70e251fb8f
SHA256 91f7a02471601ba363e4b5fe19ddd9621b351aac3544349ee9f8a4937122be98
SHA512 cf5565525da3de13d42a53de8dfe73b668a4724b187b31c2b6b8fe66a6c8e5f695ac2b0ecb9cacf345fc0593dd8b28230c5d5725121a2b87b96bf56a0941e8dd

C:\Windows\System\zNFsUqx.exe

MD5 faea70b0a22ec79752226a17e7a4bf0f
SHA1 c8d7f1a12264052c83d95dca4a83aad4b72691ba
SHA256 cfdc820b5aeb42e66bfa3d27af548f2e48ae7104fd5bf60125cb18a74aa2ca84
SHA512 fc8761142e44b792b459875822161405b8be9544728d246df63086eecc2fe589574082e1d67405dcfb2417d23ff270c5280e5d652b8cb01583f3227b67a83f33

C:\Windows\System\veNItzh.exe

MD5 d611f2e42feebce188effedcc18355b5
SHA1 f3ed175187ee64a9a5c5b907cd7eae4f7632178d
SHA256 c63592c20855fa7e3b6a1e2ea8281a2e762f8b3d56471a976adf60e229afcaaa
SHA512 93c24091c585b718008d8f9e7bf63f517623723389b955a080d5669e33c5973682d511ac849103c35f8535bb03d1137ce3e0bf24beaf7063c5d7e96e0656cac4

memory/4152-79-0x00007FF7E25F0000-0x00007FF7E2944000-memory.dmp

C:\Windows\System\YEpLXzR.exe

MD5 5bcfcc9e03603c724afe302101c5a1a6
SHA1 6c39001a51a0cd11a12f8db7c485eb18c580f6da
SHA256 b4d9908cce4570663e5098aa4149464f3e27040a47faf26161deff7c00c70eee
SHA512 7b2017111c5a248f65dcb8c643150e6b955ae6a2976ed64b633db03b15df69c67065ff721553b19c2cbd5ea98f12c626b54af6057f61ad8359eb2444acd19a9c

C:\Windows\System\tjsNlNM.exe

MD5 9676359efb5750581202832c538fed03
SHA1 86c9282f3abd1b94358891813462c4629d9ca931
SHA256 0d1812dc919386fa514d3c1ef6d4f54a006658a7c77ff1b322092ae15003aab8
SHA512 097d60e1e8496d4692390da4e357e7ae725e69648ceba5dd190a0ff160afb990496ba5c92732a01504e6e840330d40c1ecb8c5d9f03ef575c2b3a9a3f8a56524

memory/3868-63-0x00007FF7F86F0000-0x00007FF7F8A44000-memory.dmp

C:\Windows\System\UAwFTVL.exe

MD5 f5c6aa52607cd8185ad5f4e9b346f574
SHA1 078589f67e5644faedfde6f14421a2b810882b3b
SHA256 a5cd0aa436a3fef9ee933de30a7cfb8b61984c20e73fbfee75527ed1cd9b22fb
SHA512 00bf2a99cf1129a0a4296d94a9a2245c45a96406030d4abbd362b7fdbe3101e66f6b7ee3a56aa6ea0435a50a4db16ace4bef25b13affef99e2585b215a94ea82

C:\Windows\System\KEGrLGm.exe

MD5 5a321761932e3946d9269934fbcda317
SHA1 bf6f41e96669b8eed517aec6710c14595e45388b
SHA256 c5e2c31bfcd8d57e00f4dff81b2b1794056f37f3cbf8ebafdf7c1daa53e88b4f
SHA512 50ec749ea6b90c6b7d572245a77df9b85a9ca458378f95fc0e03e52255119ed2687aa51f2e66d1726e28954fa022b3f8d14c65aa9d9d6ba72fe2546002fe36f8

memory/2632-49-0x00007FF70F990000-0x00007FF70FCE4000-memory.dmp

C:\Windows\System\tZWXYQH.exe

MD5 bbb7bd28b409a3838831bc3ddc9a0ed6
SHA1 9a01b1b14fe4cb0521781f3fdad713a3da25bba4
SHA256 1a0b231de91bc1f6da202d231a7f82edc6e3741fda3dba5f638bd5e47f280189
SHA512 e1925907850d33fb48260d5d7ee937821b59053af3b52cc902d58e7240ea58860b1c8f6b0f553508e8ad52cd67d3534dcc2295f98a47a8eea4de67670ac110b3

memory/3932-43-0x00007FF65E400000-0x00007FF65E754000-memory.dmp

memory/4660-29-0x00007FF715680000-0x00007FF7159D4000-memory.dmp

C:\Windows\System\JOFNpim.exe

MD5 138657be049344b03f570bcc97e19ea7
SHA1 bfecd0cf09240c0fd26413f9ee5f38d7346f782a
SHA256 659c77725468f0716e9e7794fa34baede7b18f118aae097443924a1e03357b76
SHA512 73bdcc952bca7bf61b1b597619ed57a41fc1aefd5c45631e83bda3bdfc46fd417c97cbc278ec5f931ead0d03b0a2d739f10f8619b3c6205ad8b8e696a310374f

C:\Windows\System\jbDobkz.exe

MD5 fe852bb6434d59d5065c1afe63f695ca
SHA1 3381d8c3aa2a25a1e8f2b88cfb8ba976bb211392
SHA256 f9a71fa3ec22c8c75094de9f863344d1fab68139028d3d51374500f60fc536c2
SHA512 7d7311a0a559d6acd49ff4b59962fcc5909b958d418cbf1e199401cc8887cc8f1dd2cc9cdf405b1713261c7a81c1f0fcda1798a6fdb9ff67bc544c31c6fe8934

memory/5048-28-0x00007FF6FD3D0000-0x00007FF6FD724000-memory.dmp

C:\Windows\System\MXcSawV.exe

MD5 521a693720d49348f6003ade69f4eb49
SHA1 d48fa9b675840c527e6dae827d409edc2aa415c0
SHA256 b0e7d1160d46d6069f012051c54faefc219fd2daf32387b0e90dfabb91dfb062
SHA512 83beaccafecaa549a24c494e2f451d24e7fa698f8f15ec1661505415e1dadbeeeeece74604fe472ba498f1226e12c1f31d4ed41aee74a4dfe2c47af48e7d7614

memory/4764-8-0x00007FF605070000-0x00007FF6053C4000-memory.dmp

memory/4212-1069-0x00007FF69D550000-0x00007FF69D8A4000-memory.dmp

memory/4764-1070-0x00007FF605070000-0x00007FF6053C4000-memory.dmp

memory/5048-1071-0x00007FF6FD3D0000-0x00007FF6FD724000-memory.dmp

memory/4660-1072-0x00007FF715680000-0x00007FF7159D4000-memory.dmp

memory/3868-1073-0x00007FF7F86F0000-0x00007FF7F8A44000-memory.dmp

memory/4940-1074-0x00007FF728530000-0x00007FF728884000-memory.dmp

memory/2716-1075-0x00007FF6425F0000-0x00007FF642944000-memory.dmp

memory/4764-1076-0x00007FF605070000-0x00007FF6053C4000-memory.dmp

memory/3932-1077-0x00007FF65E400000-0x00007FF65E754000-memory.dmp

memory/4660-1078-0x00007FF715680000-0x00007FF7159D4000-memory.dmp

memory/5048-1079-0x00007FF6FD3D0000-0x00007FF6FD724000-memory.dmp

memory/3444-1081-0x00007FF6F6E50000-0x00007FF6F71A4000-memory.dmp

memory/2632-1080-0x00007FF70F990000-0x00007FF70FCE4000-memory.dmp

memory/2944-1082-0x00007FF659A20000-0x00007FF659D74000-memory.dmp

memory/4600-1083-0x00007FF777FC0000-0x00007FF778314000-memory.dmp

memory/1020-1087-0x00007FF6B6D60000-0x00007FF6B70B4000-memory.dmp

memory/4716-1088-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp

memory/4516-1090-0x00007FF7E61D0000-0x00007FF7E6524000-memory.dmp

memory/4940-1089-0x00007FF728530000-0x00007FF728884000-memory.dmp

memory/4772-1086-0x00007FF7B0C00000-0x00007FF7B0F54000-memory.dmp

memory/3868-1085-0x00007FF7F86F0000-0x00007FF7F8A44000-memory.dmp

memory/4152-1084-0x00007FF7E25F0000-0x00007FF7E2944000-memory.dmp

memory/2716-1095-0x00007FF6425F0000-0x00007FF642944000-memory.dmp

memory/2036-1094-0x00007FF63C040000-0x00007FF63C394000-memory.dmp

memory/4380-1093-0x00007FF77AD60000-0x00007FF77B0B4000-memory.dmp

memory/2732-1092-0x00007FF733040000-0x00007FF733394000-memory.dmp

memory/4756-1091-0x00007FF714C50000-0x00007FF714FA4000-memory.dmp

memory/2952-1099-0x00007FF78B590000-0x00007FF78B8E4000-memory.dmp

memory/2600-1104-0x00007FF7BF750000-0x00007FF7BFAA4000-memory.dmp

memory/2024-1103-0x00007FF6332C0000-0x00007FF633614000-memory.dmp

memory/3376-1102-0x00007FF6882F0000-0x00007FF688644000-memory.dmp

memory/1328-1101-0x00007FF751EA0000-0x00007FF7521F4000-memory.dmp

memory/1040-1100-0x00007FF793E60000-0x00007FF7941B4000-memory.dmp

memory/5064-1098-0x00007FF747C50000-0x00007FF747FA4000-memory.dmp

memory/3956-1097-0x00007FF6A5DC0000-0x00007FF6A6114000-memory.dmp

memory/3948-1096-0x00007FF7BA260000-0x00007FF7BA5B4000-memory.dmp