Malware Analysis Report

2024-10-10 09:50

Sample ID 240620-j3tn3a1hmq
Target 48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
SHA256 48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28

Threat Level: Known bad

The file 48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

xmrig

KPOT

Xmrig family

Kpot family

XMRig Miner payload

KPOT Core Executable

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 08:12

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 08:12

Reported

2024-06-20 08:14

Platform

win7-20240221-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\hzObRmV.exe N/A
N/A N/A C:\Windows\System\vNcSlyw.exe N/A
N/A N/A C:\Windows\System\SmFUzTo.exe N/A
N/A N/A C:\Windows\System\uUCacof.exe N/A
N/A N/A C:\Windows\System\vgqAWGN.exe N/A
N/A N/A C:\Windows\System\mYvCUYY.exe N/A
N/A N/A C:\Windows\System\SfbRVsr.exe N/A
N/A N/A C:\Windows\System\arpxZZE.exe N/A
N/A N/A C:\Windows\System\yBTdcRI.exe N/A
N/A N/A C:\Windows\System\anSmohW.exe N/A
N/A N/A C:\Windows\System\TrIgmvl.exe N/A
N/A N/A C:\Windows\System\cYzWwEg.exe N/A
N/A N/A C:\Windows\System\MsKdUBW.exe N/A
N/A N/A C:\Windows\System\gBjOxQA.exe N/A
N/A N/A C:\Windows\System\lvCaPIW.exe N/A
N/A N/A C:\Windows\System\XVnwDwx.exe N/A
N/A N/A C:\Windows\System\GEHyQcg.exe N/A
N/A N/A C:\Windows\System\BudkRyF.exe N/A
N/A N/A C:\Windows\System\uHRhLXV.exe N/A
N/A N/A C:\Windows\System\ZEhwfDk.exe N/A
N/A N/A C:\Windows\System\sVHKEvB.exe N/A
N/A N/A C:\Windows\System\doTAijP.exe N/A
N/A N/A C:\Windows\System\gADXOoD.exe N/A
N/A N/A C:\Windows\System\qCEisAB.exe N/A
N/A N/A C:\Windows\System\EFIluFx.exe N/A
N/A N/A C:\Windows\System\mWRkzvF.exe N/A
N/A N/A C:\Windows\System\CABKUmR.exe N/A
N/A N/A C:\Windows\System\JMqkLkH.exe N/A
N/A N/A C:\Windows\System\lAgMolj.exe N/A
N/A N/A C:\Windows\System\jKqjaOa.exe N/A
N/A N/A C:\Windows\System\zGebJaa.exe N/A
N/A N/A C:\Windows\System\Ptzllzo.exe N/A
N/A N/A C:\Windows\System\gIDNwGR.exe N/A
N/A N/A C:\Windows\System\kWHnhIV.exe N/A
N/A N/A C:\Windows\System\RdyuyWl.exe N/A
N/A N/A C:\Windows\System\ZvOWNUD.exe N/A
N/A N/A C:\Windows\System\QQXVMaj.exe N/A
N/A N/A C:\Windows\System\guvnlbK.exe N/A
N/A N/A C:\Windows\System\VvFCViW.exe N/A
N/A N/A C:\Windows\System\ToADmZn.exe N/A
N/A N/A C:\Windows\System\KMTzRVM.exe N/A
N/A N/A C:\Windows\System\IgdKIaU.exe N/A
N/A N/A C:\Windows\System\OxCvEeD.exe N/A
N/A N/A C:\Windows\System\LwusVjC.exe N/A
N/A N/A C:\Windows\System\wIOwiUQ.exe N/A
N/A N/A C:\Windows\System\BeumArl.exe N/A
N/A N/A C:\Windows\System\mOZRuNv.exe N/A
N/A N/A C:\Windows\System\yzrDQdF.exe N/A
N/A N/A C:\Windows\System\ktHfgak.exe N/A
N/A N/A C:\Windows\System\DMdqrhP.exe N/A
N/A N/A C:\Windows\System\DUskxYw.exe N/A
N/A N/A C:\Windows\System\NpoYmAv.exe N/A
N/A N/A C:\Windows\System\SKHNJqd.exe N/A
N/A N/A C:\Windows\System\ajQWGbM.exe N/A
N/A N/A C:\Windows\System\frsBUGg.exe N/A
N/A N/A C:\Windows\System\oVAIzqP.exe N/A
N/A N/A C:\Windows\System\GgdSGbR.exe N/A
N/A N/A C:\Windows\System\BEElbuO.exe N/A
N/A N/A C:\Windows\System\FcXNHue.exe N/A
N/A N/A C:\Windows\System\tFnssop.exe N/A
N/A N/A C:\Windows\System\bRRTXdR.exe N/A
N/A N/A C:\Windows\System\VenUPAd.exe N/A
N/A N/A C:\Windows\System\gewAhDs.exe N/A
N/A N/A C:\Windows\System\eGVycXE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EFIluFx.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNyRemr.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYbSwTA.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggNiqgj.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTLWBas.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzjPAdI.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtyNaAe.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGVycXE.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqvArGG.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeCznny.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOFPejx.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtrYfxq.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDJSXvq.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSivjEW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqVjuYW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuicHqL.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgWIYTF.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCMytlg.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXYGYji.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHJjagb.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcbVKwQ.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\GysnuCX.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\efliPoU.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\TzSauFE.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\MLhvmbn.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESgzYoP.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\vuwsqSD.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUmXcnD.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpcgiMM.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\txJNsYp.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwusVjC.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\yekUdUh.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\MXILeML.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYheAnU.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGhpGpX.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\wadYMiX.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYzWwEg.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHhXowX.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqIftXS.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcVnzpa.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\tINiKcj.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgSgiIY.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\anSmohW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\CABKUmR.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\LWegJtw.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCjSKDe.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWJHPTT.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\emMBgLG.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYvCUYY.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\guvnlbK.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzeEOJk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXtFkqs.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkzCdqt.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\fojxQzF.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\HsgHVsk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNXAZig.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVHKEvB.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\frsBUGg.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\sudcGfW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnlZWhv.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeaJQYR.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEhwfDk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCEisAB.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcXNHue.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\hzObRmV.exe
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\hzObRmV.exe
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\hzObRmV.exe
PID 1924 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vNcSlyw.exe
PID 1924 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vNcSlyw.exe
PID 1924 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vNcSlyw.exe
PID 1924 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SmFUzTo.exe
PID 1924 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SmFUzTo.exe
PID 1924 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SmFUzTo.exe
PID 1924 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uUCacof.exe
PID 1924 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uUCacof.exe
PID 1924 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uUCacof.exe
PID 1924 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\mYvCUYY.exe
PID 1924 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\mYvCUYY.exe
PID 1924 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\mYvCUYY.exe
PID 1924 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vgqAWGN.exe
PID 1924 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vgqAWGN.exe
PID 1924 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\vgqAWGN.exe
PID 1924 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SfbRVsr.exe
PID 1924 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SfbRVsr.exe
PID 1924 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SfbRVsr.exe
PID 1924 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\arpxZZE.exe
PID 1924 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\arpxZZE.exe
PID 1924 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\arpxZZE.exe
PID 1924 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\yBTdcRI.exe
PID 1924 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\yBTdcRI.exe
PID 1924 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\yBTdcRI.exe
PID 1924 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\anSmohW.exe
PID 1924 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\anSmohW.exe
PID 1924 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\anSmohW.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\TrIgmvl.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\TrIgmvl.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\TrIgmvl.exe
PID 1924 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cYzWwEg.exe
PID 1924 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cYzWwEg.exe
PID 1924 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cYzWwEg.exe
PID 1924 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\MsKdUBW.exe
PID 1924 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\MsKdUBW.exe
PID 1924 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\MsKdUBW.exe
PID 1924 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gBjOxQA.exe
PID 1924 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gBjOxQA.exe
PID 1924 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gBjOxQA.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\lvCaPIW.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\lvCaPIW.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\lvCaPIW.exe
PID 1924 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\XVnwDwx.exe
PID 1924 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\XVnwDwx.exe
PID 1924 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\XVnwDwx.exe
PID 1924 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GEHyQcg.exe
PID 1924 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GEHyQcg.exe
PID 1924 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GEHyQcg.exe
PID 1924 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BudkRyF.exe
PID 1924 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BudkRyF.exe
PID 1924 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BudkRyF.exe
PID 1924 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uHRhLXV.exe
PID 1924 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uHRhLXV.exe
PID 1924 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uHRhLXV.exe
PID 1924 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ZEhwfDk.exe
PID 1924 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ZEhwfDk.exe
PID 1924 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ZEhwfDk.exe
PID 1924 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\sVHKEvB.exe
PID 1924 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\sVHKEvB.exe
PID 1924 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\sVHKEvB.exe
PID 1924 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\doTAijP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe"

C:\Windows\System\hzObRmV.exe

C:\Windows\System\hzObRmV.exe

C:\Windows\System\vNcSlyw.exe

C:\Windows\System\vNcSlyw.exe

C:\Windows\System\SmFUzTo.exe

C:\Windows\System\SmFUzTo.exe

C:\Windows\System\uUCacof.exe

C:\Windows\System\uUCacof.exe

C:\Windows\System\mYvCUYY.exe

C:\Windows\System\mYvCUYY.exe

C:\Windows\System\vgqAWGN.exe

C:\Windows\System\vgqAWGN.exe

C:\Windows\System\SfbRVsr.exe

C:\Windows\System\SfbRVsr.exe

C:\Windows\System\arpxZZE.exe

C:\Windows\System\arpxZZE.exe

C:\Windows\System\yBTdcRI.exe

C:\Windows\System\yBTdcRI.exe

C:\Windows\System\anSmohW.exe

C:\Windows\System\anSmohW.exe

C:\Windows\System\TrIgmvl.exe

C:\Windows\System\TrIgmvl.exe

C:\Windows\System\cYzWwEg.exe

C:\Windows\System\cYzWwEg.exe

C:\Windows\System\MsKdUBW.exe

C:\Windows\System\MsKdUBW.exe

C:\Windows\System\gBjOxQA.exe

C:\Windows\System\gBjOxQA.exe

C:\Windows\System\lvCaPIW.exe

C:\Windows\System\lvCaPIW.exe

C:\Windows\System\XVnwDwx.exe

C:\Windows\System\XVnwDwx.exe

C:\Windows\System\GEHyQcg.exe

C:\Windows\System\GEHyQcg.exe

C:\Windows\System\BudkRyF.exe

C:\Windows\System\BudkRyF.exe

C:\Windows\System\uHRhLXV.exe

C:\Windows\System\uHRhLXV.exe

C:\Windows\System\ZEhwfDk.exe

C:\Windows\System\ZEhwfDk.exe

C:\Windows\System\sVHKEvB.exe

C:\Windows\System\sVHKEvB.exe

C:\Windows\System\doTAijP.exe

C:\Windows\System\doTAijP.exe

C:\Windows\System\gADXOoD.exe

C:\Windows\System\gADXOoD.exe

C:\Windows\System\qCEisAB.exe

C:\Windows\System\qCEisAB.exe

C:\Windows\System\EFIluFx.exe

C:\Windows\System\EFIluFx.exe

C:\Windows\System\mWRkzvF.exe

C:\Windows\System\mWRkzvF.exe

C:\Windows\System\CABKUmR.exe

C:\Windows\System\CABKUmR.exe

C:\Windows\System\JMqkLkH.exe

C:\Windows\System\JMqkLkH.exe

C:\Windows\System\lAgMolj.exe

C:\Windows\System\lAgMolj.exe

C:\Windows\System\jKqjaOa.exe

C:\Windows\System\jKqjaOa.exe

C:\Windows\System\zGebJaa.exe

C:\Windows\System\zGebJaa.exe

C:\Windows\System\Ptzllzo.exe

C:\Windows\System\Ptzllzo.exe

C:\Windows\System\gIDNwGR.exe

C:\Windows\System\gIDNwGR.exe

C:\Windows\System\kWHnhIV.exe

C:\Windows\System\kWHnhIV.exe

C:\Windows\System\RdyuyWl.exe

C:\Windows\System\RdyuyWl.exe

C:\Windows\System\ZvOWNUD.exe

C:\Windows\System\ZvOWNUD.exe

C:\Windows\System\QQXVMaj.exe

C:\Windows\System\QQXVMaj.exe

C:\Windows\System\guvnlbK.exe

C:\Windows\System\guvnlbK.exe

C:\Windows\System\VvFCViW.exe

C:\Windows\System\VvFCViW.exe

C:\Windows\System\ToADmZn.exe

C:\Windows\System\ToADmZn.exe

C:\Windows\System\KMTzRVM.exe

C:\Windows\System\KMTzRVM.exe

C:\Windows\System\IgdKIaU.exe

C:\Windows\System\IgdKIaU.exe

C:\Windows\System\OxCvEeD.exe

C:\Windows\System\OxCvEeD.exe

C:\Windows\System\LwusVjC.exe

C:\Windows\System\LwusVjC.exe

C:\Windows\System\wIOwiUQ.exe

C:\Windows\System\wIOwiUQ.exe

C:\Windows\System\BeumArl.exe

C:\Windows\System\BeumArl.exe

C:\Windows\System\mOZRuNv.exe

C:\Windows\System\mOZRuNv.exe

C:\Windows\System\yzrDQdF.exe

C:\Windows\System\yzrDQdF.exe

C:\Windows\System\ktHfgak.exe

C:\Windows\System\ktHfgak.exe

C:\Windows\System\DMdqrhP.exe

C:\Windows\System\DMdqrhP.exe

C:\Windows\System\DUskxYw.exe

C:\Windows\System\DUskxYw.exe

C:\Windows\System\NpoYmAv.exe

C:\Windows\System\NpoYmAv.exe

C:\Windows\System\ajQWGbM.exe

C:\Windows\System\ajQWGbM.exe

C:\Windows\System\SKHNJqd.exe

C:\Windows\System\SKHNJqd.exe

C:\Windows\System\frsBUGg.exe

C:\Windows\System\frsBUGg.exe

C:\Windows\System\oVAIzqP.exe

C:\Windows\System\oVAIzqP.exe

C:\Windows\System\GgdSGbR.exe

C:\Windows\System\GgdSGbR.exe

C:\Windows\System\BEElbuO.exe

C:\Windows\System\BEElbuO.exe

C:\Windows\System\FcXNHue.exe

C:\Windows\System\FcXNHue.exe

C:\Windows\System\tFnssop.exe

C:\Windows\System\tFnssop.exe

C:\Windows\System\bRRTXdR.exe

C:\Windows\System\bRRTXdR.exe

C:\Windows\System\VenUPAd.exe

C:\Windows\System\VenUPAd.exe

C:\Windows\System\gewAhDs.exe

C:\Windows\System\gewAhDs.exe

C:\Windows\System\eGVycXE.exe

C:\Windows\System\eGVycXE.exe

C:\Windows\System\HDuxmpI.exe

C:\Windows\System\HDuxmpI.exe

C:\Windows\System\QqSvKgh.exe

C:\Windows\System\QqSvKgh.exe

C:\Windows\System\TzSauFE.exe

C:\Windows\System\TzSauFE.exe

C:\Windows\System\QELANyb.exe

C:\Windows\System\QELANyb.exe

C:\Windows\System\EiyQQLu.exe

C:\Windows\System\EiyQQLu.exe

C:\Windows\System\FqVjuYW.exe

C:\Windows\System\FqVjuYW.exe

C:\Windows\System\rYYAsGL.exe

C:\Windows\System\rYYAsGL.exe

C:\Windows\System\KfXNqbx.exe

C:\Windows\System\KfXNqbx.exe

C:\Windows\System\LWegJtw.exe

C:\Windows\System\LWegJtw.exe

C:\Windows\System\LwdpGYk.exe

C:\Windows\System\LwdpGYk.exe

C:\Windows\System\zCjSKDe.exe

C:\Windows\System\zCjSKDe.exe

C:\Windows\System\oxGaxta.exe

C:\Windows\System\oxGaxta.exe

C:\Windows\System\UHFtIVI.exe

C:\Windows\System\UHFtIVI.exe

C:\Windows\System\UeExMqi.exe

C:\Windows\System\UeExMqi.exe

C:\Windows\System\qqvArGG.exe

C:\Windows\System\qqvArGG.exe

C:\Windows\System\JRwijvE.exe

C:\Windows\System\JRwijvE.exe

C:\Windows\System\yDZntkX.exe

C:\Windows\System\yDZntkX.exe

C:\Windows\System\TXCskhA.exe

C:\Windows\System\TXCskhA.exe

C:\Windows\System\sudcGfW.exe

C:\Windows\System\sudcGfW.exe

C:\Windows\System\fxCnmnb.exe

C:\Windows\System\fxCnmnb.exe

C:\Windows\System\ohyGeAZ.exe

C:\Windows\System\ohyGeAZ.exe

C:\Windows\System\BRkKSVI.exe

C:\Windows\System\BRkKSVI.exe

C:\Windows\System\nmfWeUt.exe

C:\Windows\System\nmfWeUt.exe

C:\Windows\System\COPkMnc.exe

C:\Windows\System\COPkMnc.exe

C:\Windows\System\YuicHqL.exe

C:\Windows\System\YuicHqL.exe

C:\Windows\System\xQGHEDr.exe

C:\Windows\System\xQGHEDr.exe

C:\Windows\System\vwVfgDW.exe

C:\Windows\System\vwVfgDW.exe

C:\Windows\System\rOUbQhj.exe

C:\Windows\System\rOUbQhj.exe

C:\Windows\System\FnovadD.exe

C:\Windows\System\FnovadD.exe

C:\Windows\System\SnReSEB.exe

C:\Windows\System\SnReSEB.exe

C:\Windows\System\GliHxoi.exe

C:\Windows\System\GliHxoi.exe

C:\Windows\System\rRwdLFZ.exe

C:\Windows\System\rRwdLFZ.exe

C:\Windows\System\nNNLXfe.exe

C:\Windows\System\nNNLXfe.exe

C:\Windows\System\UpPMZtW.exe

C:\Windows\System\UpPMZtW.exe

C:\Windows\System\YgWIYTF.exe

C:\Windows\System\YgWIYTF.exe

C:\Windows\System\UHhXowX.exe

C:\Windows\System\UHhXowX.exe

C:\Windows\System\CavIRNn.exe

C:\Windows\System\CavIRNn.exe

C:\Windows\System\QsMeWHy.exe

C:\Windows\System\QsMeWHy.exe

C:\Windows\System\YnejwdK.exe

C:\Windows\System\YnejwdK.exe

C:\Windows\System\OroHGuO.exe

C:\Windows\System\OroHGuO.exe

C:\Windows\System\RzCDlZB.exe

C:\Windows\System\RzCDlZB.exe

C:\Windows\System\GhVffKL.exe

C:\Windows\System\GhVffKL.exe

C:\Windows\System\agKfQDJ.exe

C:\Windows\System\agKfQDJ.exe

C:\Windows\System\aURRukp.exe

C:\Windows\System\aURRukp.exe

C:\Windows\System\uxINMCS.exe

C:\Windows\System\uxINMCS.exe

C:\Windows\System\cNfLfVI.exe

C:\Windows\System\cNfLfVI.exe

C:\Windows\System\IzMCVAi.exe

C:\Windows\System\IzMCVAi.exe

C:\Windows\System\EQdTYtl.exe

C:\Windows\System\EQdTYtl.exe

C:\Windows\System\xeCznny.exe

C:\Windows\System\xeCznny.exe

C:\Windows\System\zuZOxOm.exe

C:\Windows\System\zuZOxOm.exe

C:\Windows\System\jtuIPro.exe

C:\Windows\System\jtuIPro.exe

C:\Windows\System\jSDiHel.exe

C:\Windows\System\jSDiHel.exe

C:\Windows\System\bMTkkCh.exe

C:\Windows\System\bMTkkCh.exe

C:\Windows\System\ncRLLmJ.exe

C:\Windows\System\ncRLLmJ.exe

C:\Windows\System\BUvqQlC.exe

C:\Windows\System\BUvqQlC.exe

C:\Windows\System\nLFfmIC.exe

C:\Windows\System\nLFfmIC.exe

C:\Windows\System\oMqCvMP.exe

C:\Windows\System\oMqCvMP.exe

C:\Windows\System\nOFPejx.exe

C:\Windows\System\nOFPejx.exe

C:\Windows\System\ukwpzUQ.exe

C:\Windows\System\ukwpzUQ.exe

C:\Windows\System\nSMtleF.exe

C:\Windows\System\nSMtleF.exe

C:\Windows\System\ZqknFLB.exe

C:\Windows\System\ZqknFLB.exe

C:\Windows\System\qynIrPx.exe

C:\Windows\System\qynIrPx.exe

C:\Windows\System\kmNrwbP.exe

C:\Windows\System\kmNrwbP.exe

C:\Windows\System\fpaIqWG.exe

C:\Windows\System\fpaIqWG.exe

C:\Windows\System\ExdSjYP.exe

C:\Windows\System\ExdSjYP.exe

C:\Windows\System\yekUdUh.exe

C:\Windows\System\yekUdUh.exe

C:\Windows\System\rMJUkQE.exe

C:\Windows\System\rMJUkQE.exe

C:\Windows\System\YBPNGUR.exe

C:\Windows\System\YBPNGUR.exe

C:\Windows\System\lfCOmCo.exe

C:\Windows\System\lfCOmCo.exe

C:\Windows\System\WpzeemA.exe

C:\Windows\System\WpzeemA.exe

C:\Windows\System\pHEeOVE.exe

C:\Windows\System\pHEeOVE.exe

C:\Windows\System\SnuNtvg.exe

C:\Windows\System\SnuNtvg.exe

C:\Windows\System\RYXRCxW.exe

C:\Windows\System\RYXRCxW.exe

C:\Windows\System\xBmRSNR.exe

C:\Windows\System\xBmRSNR.exe

C:\Windows\System\DtrYfxq.exe

C:\Windows\System\DtrYfxq.exe

C:\Windows\System\roYAJhW.exe

C:\Windows\System\roYAJhW.exe

C:\Windows\System\QmGqSix.exe

C:\Windows\System\QmGqSix.exe

C:\Windows\System\iwcLObi.exe

C:\Windows\System\iwcLObi.exe

C:\Windows\System\FfcMPrX.exe

C:\Windows\System\FfcMPrX.exe

C:\Windows\System\CiXgYIC.exe

C:\Windows\System\CiXgYIC.exe

C:\Windows\System\vVCPSeC.exe

C:\Windows\System\vVCPSeC.exe

C:\Windows\System\lnlZWhv.exe

C:\Windows\System\lnlZWhv.exe

C:\Windows\System\PkiPcYa.exe

C:\Windows\System\PkiPcYa.exe

C:\Windows\System\Scehpbb.exe

C:\Windows\System\Scehpbb.exe

C:\Windows\System\pWlKuPM.exe

C:\Windows\System\pWlKuPM.exe

C:\Windows\System\MLhvmbn.exe

C:\Windows\System\MLhvmbn.exe

C:\Windows\System\UpOEaHv.exe

C:\Windows\System\UpOEaHv.exe

C:\Windows\System\mrqMeoW.exe

C:\Windows\System\mrqMeoW.exe

C:\Windows\System\toiwlnB.exe

C:\Windows\System\toiwlnB.exe

C:\Windows\System\fKPDohc.exe

C:\Windows\System\fKPDohc.exe

C:\Windows\System\EkzCdqt.exe

C:\Windows\System\EkzCdqt.exe

C:\Windows\System\YNyRemr.exe

C:\Windows\System\YNyRemr.exe

C:\Windows\System\lWJHPTT.exe

C:\Windows\System\lWJHPTT.exe

C:\Windows\System\vqIftXS.exe

C:\Windows\System\vqIftXS.exe

C:\Windows\System\eCMytlg.exe

C:\Windows\System\eCMytlg.exe

C:\Windows\System\MQypehl.exe

C:\Windows\System\MQypehl.exe

C:\Windows\System\dDBDqQY.exe

C:\Windows\System\dDBDqQY.exe

C:\Windows\System\jDJSXvq.exe

C:\Windows\System\jDJSXvq.exe

C:\Windows\System\GzjPAdI.exe

C:\Windows\System\GzjPAdI.exe

C:\Windows\System\VdvHPnT.exe

C:\Windows\System\VdvHPnT.exe

C:\Windows\System\TPvhMGx.exe

C:\Windows\System\TPvhMGx.exe

C:\Windows\System\dsQoYHq.exe

C:\Windows\System\dsQoYHq.exe

C:\Windows\System\qpaCzXM.exe

C:\Windows\System\qpaCzXM.exe

C:\Windows\System\IJyLoNt.exe

C:\Windows\System\IJyLoNt.exe

C:\Windows\System\vQriCEH.exe

C:\Windows\System\vQriCEH.exe

C:\Windows\System\DGrNUPG.exe

C:\Windows\System\DGrNUPG.exe

C:\Windows\System\mbevTdf.exe

C:\Windows\System\mbevTdf.exe

C:\Windows\System\LevpCMx.exe

C:\Windows\System\LevpCMx.exe

C:\Windows\System\EqXKlCO.exe

C:\Windows\System\EqXKlCO.exe

C:\Windows\System\ODKuiuw.exe

C:\Windows\System\ODKuiuw.exe

C:\Windows\System\hFDJXzG.exe

C:\Windows\System\hFDJXzG.exe

C:\Windows\System\twULbaF.exe

C:\Windows\System\twULbaF.exe

C:\Windows\System\cEAqPPQ.exe

C:\Windows\System\cEAqPPQ.exe

C:\Windows\System\DoHveBZ.exe

C:\Windows\System\DoHveBZ.exe

C:\Windows\System\ElCzcTw.exe

C:\Windows\System\ElCzcTw.exe

C:\Windows\System\ESgzYoP.exe

C:\Windows\System\ESgzYoP.exe

C:\Windows\System\LQvvtua.exe

C:\Windows\System\LQvvtua.exe

C:\Windows\System\KjPnNBG.exe

C:\Windows\System\KjPnNBG.exe

C:\Windows\System\ZeaJQYR.exe

C:\Windows\System\ZeaJQYR.exe

C:\Windows\System\JxXTbvn.exe

C:\Windows\System\JxXTbvn.exe

C:\Windows\System\ZqOIpEe.exe

C:\Windows\System\ZqOIpEe.exe

C:\Windows\System\yvExzCg.exe

C:\Windows\System\yvExzCg.exe

C:\Windows\System\jLqWdIp.exe

C:\Windows\System\jLqWdIp.exe

C:\Windows\System\TkRcGbO.exe

C:\Windows\System\TkRcGbO.exe

C:\Windows\System\vibzMsk.exe

C:\Windows\System\vibzMsk.exe

C:\Windows\System\mLJnixa.exe

C:\Windows\System\mLJnixa.exe

C:\Windows\System\hEhBapL.exe

C:\Windows\System\hEhBapL.exe

C:\Windows\System\kgQTuDE.exe

C:\Windows\System\kgQTuDE.exe

C:\Windows\System\aYbSwTA.exe

C:\Windows\System\aYbSwTA.exe

C:\Windows\System\EygSHWI.exe

C:\Windows\System\EygSHWI.exe

C:\Windows\System\EcVnzpa.exe

C:\Windows\System\EcVnzpa.exe

C:\Windows\System\vLvcIWc.exe

C:\Windows\System\vLvcIWc.exe

C:\Windows\System\zcXlLcw.exe

C:\Windows\System\zcXlLcw.exe

C:\Windows\System\hhlrWzM.exe

C:\Windows\System\hhlrWzM.exe

C:\Windows\System\CUTflTb.exe

C:\Windows\System\CUTflTb.exe

C:\Windows\System\vzvuPlq.exe

C:\Windows\System\vzvuPlq.exe

C:\Windows\System\WEEdLYE.exe

C:\Windows\System\WEEdLYE.exe

C:\Windows\System\emMBgLG.exe

C:\Windows\System\emMBgLG.exe

C:\Windows\System\TborvwV.exe

C:\Windows\System\TborvwV.exe

C:\Windows\System\HtyNaAe.exe

C:\Windows\System\HtyNaAe.exe

C:\Windows\System\QcnUqJx.exe

C:\Windows\System\QcnUqJx.exe

C:\Windows\System\zoPfRQG.exe

C:\Windows\System\zoPfRQG.exe

C:\Windows\System\umcSUYa.exe

C:\Windows\System\umcSUYa.exe

C:\Windows\System\giyysOT.exe

C:\Windows\System\giyysOT.exe

C:\Windows\System\rnKRoZP.exe

C:\Windows\System\rnKRoZP.exe

C:\Windows\System\CzWmCXV.exe

C:\Windows\System\CzWmCXV.exe

C:\Windows\System\KycgQnN.exe

C:\Windows\System\KycgQnN.exe

C:\Windows\System\MAxVtut.exe

C:\Windows\System\MAxVtut.exe

C:\Windows\System\OSivjEW.exe

C:\Windows\System\OSivjEW.exe

C:\Windows\System\MXILeML.exe

C:\Windows\System\MXILeML.exe

C:\Windows\System\vuwsqSD.exe

C:\Windows\System\vuwsqSD.exe

C:\Windows\System\zGPwROD.exe

C:\Windows\System\zGPwROD.exe

C:\Windows\System\UwKAEXF.exe

C:\Windows\System\UwKAEXF.exe

C:\Windows\System\uzeEOJk.exe

C:\Windows\System\uzeEOJk.exe

C:\Windows\System\tXtFkqs.exe

C:\Windows\System\tXtFkqs.exe

C:\Windows\System\DmWavfZ.exe

C:\Windows\System\DmWavfZ.exe

C:\Windows\System\BUjQNqW.exe

C:\Windows\System\BUjQNqW.exe

C:\Windows\System\iGCTxdM.exe

C:\Windows\System\iGCTxdM.exe

C:\Windows\System\Rounaxu.exe

C:\Windows\System\Rounaxu.exe

C:\Windows\System\pvleXzz.exe

C:\Windows\System\pvleXzz.exe

C:\Windows\System\ggNiqgj.exe

C:\Windows\System\ggNiqgj.exe

C:\Windows\System\fojxQzF.exe

C:\Windows\System\fojxQzF.exe

C:\Windows\System\VhiqTUC.exe

C:\Windows\System\VhiqTUC.exe

C:\Windows\System\ZsYKXvM.exe

C:\Windows\System\ZsYKXvM.exe

C:\Windows\System\tINiKcj.exe

C:\Windows\System\tINiKcj.exe

C:\Windows\System\BBjwLOJ.exe

C:\Windows\System\BBjwLOJ.exe

C:\Windows\System\iYhwWFr.exe

C:\Windows\System\iYhwWFr.exe

C:\Windows\System\riNINmT.exe

C:\Windows\System\riNINmT.exe

C:\Windows\System\PnTnoIy.exe

C:\Windows\System\PnTnoIy.exe

C:\Windows\System\FyBwTTY.exe

C:\Windows\System\FyBwTTY.exe

C:\Windows\System\mlMYwZT.exe

C:\Windows\System\mlMYwZT.exe

C:\Windows\System\GtAjXHZ.exe

C:\Windows\System\GtAjXHZ.exe

C:\Windows\System\GGDYYkm.exe

C:\Windows\System\GGDYYkm.exe

C:\Windows\System\JalTFTx.exe

C:\Windows\System\JalTFTx.exe

C:\Windows\System\HAEniZj.exe

C:\Windows\System\HAEniZj.exe

C:\Windows\System\jDpkAlH.exe

C:\Windows\System\jDpkAlH.exe

C:\Windows\System\xgSgiIY.exe

C:\Windows\System\xgSgiIY.exe

C:\Windows\System\bSWdFCG.exe

C:\Windows\System\bSWdFCG.exe

C:\Windows\System\ZJzQzRP.exe

C:\Windows\System\ZJzQzRP.exe

C:\Windows\System\fXpSqdb.exe

C:\Windows\System\fXpSqdb.exe

C:\Windows\System\gXYGYji.exe

C:\Windows\System\gXYGYji.exe

C:\Windows\System\YMwHjMc.exe

C:\Windows\System\YMwHjMc.exe

C:\Windows\System\rVfycft.exe

C:\Windows\System\rVfycft.exe

C:\Windows\System\IKKHecs.exe

C:\Windows\System\IKKHecs.exe

C:\Windows\System\PxhVgIb.exe

C:\Windows\System\PxhVgIb.exe

C:\Windows\System\MJLUSWa.exe

C:\Windows\System\MJLUSWa.exe

C:\Windows\System\wXxrxRq.exe

C:\Windows\System\wXxrxRq.exe

C:\Windows\System\ZYheAnU.exe

C:\Windows\System\ZYheAnU.exe

C:\Windows\System\lmXthKj.exe

C:\Windows\System\lmXthKj.exe

C:\Windows\System\EHmIurs.exe

C:\Windows\System\EHmIurs.exe

C:\Windows\System\pLsGlkx.exe

C:\Windows\System\pLsGlkx.exe

C:\Windows\System\NDEigtQ.exe

C:\Windows\System\NDEigtQ.exe

C:\Windows\System\mhsseZG.exe

C:\Windows\System\mhsseZG.exe

C:\Windows\System\uGhpGpX.exe

C:\Windows\System\uGhpGpX.exe

C:\Windows\System\lUmXcnD.exe

C:\Windows\System\lUmXcnD.exe

C:\Windows\System\ngJGlrU.exe

C:\Windows\System\ngJGlrU.exe

C:\Windows\System\BJdopHo.exe

C:\Windows\System\BJdopHo.exe

C:\Windows\System\CQhzCcw.exe

C:\Windows\System\CQhzCcw.exe

C:\Windows\System\NaGCkcC.exe

C:\Windows\System\NaGCkcC.exe

C:\Windows\System\YWkzKsc.exe

C:\Windows\System\YWkzKsc.exe

C:\Windows\System\JtoHULc.exe

C:\Windows\System\JtoHULc.exe

C:\Windows\System\UaaudLl.exe

C:\Windows\System\UaaudLl.exe

C:\Windows\System\PRuzRJb.exe

C:\Windows\System\PRuzRJb.exe

C:\Windows\System\xbHlqUn.exe

C:\Windows\System\xbHlqUn.exe

C:\Windows\System\cyKqsZo.exe

C:\Windows\System\cyKqsZo.exe

C:\Windows\System\FaJeIJc.exe

C:\Windows\System\FaJeIJc.exe

C:\Windows\System\SbrHZAV.exe

C:\Windows\System\SbrHZAV.exe

C:\Windows\System\yhnNqib.exe

C:\Windows\System\yhnNqib.exe

C:\Windows\System\lwtqRXO.exe

C:\Windows\System\lwtqRXO.exe

C:\Windows\System\ACbooWr.exe

C:\Windows\System\ACbooWr.exe

C:\Windows\System\ZcbVKwQ.exe

C:\Windows\System\ZcbVKwQ.exe

C:\Windows\System\ouMvYRT.exe

C:\Windows\System\ouMvYRT.exe

C:\Windows\System\XtXckXY.exe

C:\Windows\System\XtXckXY.exe

C:\Windows\System\ztyGCpr.exe

C:\Windows\System\ztyGCpr.exe

C:\Windows\System\pItHCoE.exe

C:\Windows\System\pItHCoE.exe

C:\Windows\System\sxUIjSH.exe

C:\Windows\System\sxUIjSH.exe

C:\Windows\System\OWVeOri.exe

C:\Windows\System\OWVeOri.exe

C:\Windows\System\lEDFOmA.exe

C:\Windows\System\lEDFOmA.exe

C:\Windows\System\KuFVBBu.exe

C:\Windows\System\KuFVBBu.exe

C:\Windows\System\kxVJRTn.exe

C:\Windows\System\kxVJRTn.exe

C:\Windows\System\OSetOXU.exe

C:\Windows\System\OSetOXU.exe

C:\Windows\System\PhjmRua.exe

C:\Windows\System\PhjmRua.exe

C:\Windows\System\SAnLDpG.exe

C:\Windows\System\SAnLDpG.exe

C:\Windows\System\aZlzayV.exe

C:\Windows\System\aZlzayV.exe

C:\Windows\System\aOwAVQc.exe

C:\Windows\System\aOwAVQc.exe

C:\Windows\System\nmzcGVe.exe

C:\Windows\System\nmzcGVe.exe

C:\Windows\System\QKROnFX.exe

C:\Windows\System\QKROnFX.exe

C:\Windows\System\GysnuCX.exe

C:\Windows\System\GysnuCX.exe

C:\Windows\System\HsgHVsk.exe

C:\Windows\System\HsgHVsk.exe

C:\Windows\System\kMpflRI.exe

C:\Windows\System\kMpflRI.exe

C:\Windows\System\YNXAZig.exe

C:\Windows\System\YNXAZig.exe

C:\Windows\System\efliPoU.exe

C:\Windows\System\efliPoU.exe

C:\Windows\System\hbfTxqm.exe

C:\Windows\System\hbfTxqm.exe

C:\Windows\System\PKYDNrd.exe

C:\Windows\System\PKYDNrd.exe

C:\Windows\System\KfvmvXj.exe

C:\Windows\System\KfvmvXj.exe

C:\Windows\System\wadYMiX.exe

C:\Windows\System\wadYMiX.exe

C:\Windows\System\JGsydvg.exe

C:\Windows\System\JGsydvg.exe

C:\Windows\System\zyrrcXL.exe

C:\Windows\System\zyrrcXL.exe

C:\Windows\System\byRgJbR.exe

C:\Windows\System\byRgJbR.exe

C:\Windows\System\ZPyinuB.exe

C:\Windows\System\ZPyinuB.exe

C:\Windows\System\QxnsWrZ.exe

C:\Windows\System\QxnsWrZ.exe

C:\Windows\System\LHJjagb.exe

C:\Windows\System\LHJjagb.exe

C:\Windows\System\CcgJMck.exe

C:\Windows\System\CcgJMck.exe

C:\Windows\System\sBlIfaU.exe

C:\Windows\System\sBlIfaU.exe

C:\Windows\System\tTLWBas.exe

C:\Windows\System\tTLWBas.exe

C:\Windows\System\AOYwePo.exe

C:\Windows\System\AOYwePo.exe

C:\Windows\System\XnkycpT.exe

C:\Windows\System\XnkycpT.exe

C:\Windows\System\vDWkzTw.exe

C:\Windows\System\vDWkzTw.exe

C:\Windows\System\MpcgiMM.exe

C:\Windows\System\MpcgiMM.exe

C:\Windows\System\bWQPXpm.exe

C:\Windows\System\bWQPXpm.exe

C:\Windows\System\txJNsYp.exe

C:\Windows\System\txJNsYp.exe

C:\Windows\System\JZoHmHD.exe

C:\Windows\System\JZoHmHD.exe

C:\Windows\System\bCpydCs.exe

C:\Windows\System\bCpydCs.exe

C:\Windows\System\JYrQWgn.exe

C:\Windows\System\JYrQWgn.exe

C:\Windows\System\PzPpcaf.exe

C:\Windows\System\PzPpcaf.exe

C:\Windows\System\SdodRtz.exe

C:\Windows\System\SdodRtz.exe

C:\Windows\System\lMRxnLp.exe

C:\Windows\System\lMRxnLp.exe

C:\Windows\System\oFTowRY.exe

C:\Windows\System\oFTowRY.exe

C:\Windows\System\ikwzoTQ.exe

C:\Windows\System\ikwzoTQ.exe

C:\Windows\System\GGXDTMF.exe

C:\Windows\System\GGXDTMF.exe

C:\Windows\System\jRNQmfy.exe

C:\Windows\System\jRNQmfy.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1924-2-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1924-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\hzObRmV.exe

MD5 cf0d4b4152aa3a3e1b0d579b0c393ac2
SHA1 d0710cdc317be0f9a4ae60b66f19567c66d57f21
SHA256 8d778d09d0d519ec74129ee6cb1dab3b9ea751217a95ec6001b3c34881131889
SHA512 482bba9d12e54fafc4d5a23a39f38b6549142bf325f0e11f97e98a3d08ca43758f3cbf5a27dc142f1e2fc4a06ab6dda333fd4d4dd8c5394e718d05dc44a40f97

C:\Windows\system\SmFUzTo.exe

MD5 741fdf7a753a6e8f52dccc369783862b
SHA1 f06be638da9c9eeb7d18cd21f59632c2ea02f908
SHA256 d09dcf720036a932a22fd533801ecf5751ce01c3edee9601dbf03338794d3446
SHA512 1527de499fc23b936e05ca0ff12db7fa089d50889352373102bc53367df4580a0dce74acbd8cf3cc5c26e4b3e0c1052a0a26b6cfcecf4d0cddea9e073e3feaff

memory/2332-18-0x000000013F510000-0x000000013F864000-memory.dmp

C:\Windows\system\uUCacof.exe

MD5 8e86a5db269c1b5bb2bcb1646801d515
SHA1 1331ca7dce5788de7fc9d341c6d9914eedf6cf44
SHA256 416fa73039e8cf45779190454b184c9d25f658a68b91d6138a972a7ab06b941c
SHA512 eb8c697afe53e0d3990c83f40117b2e03246a90f404b4246514f7261621a70165342fb2be9a5593c5186ea34c60fc817815c5c96df915b00aa148bbfaaadd56a

memory/2516-37-0x000000013F3F0000-0x000000013F744000-memory.dmp

C:\Windows\system\arpxZZE.exe

MD5 99f3c3f13e5f8f8fe861cd21d75053b2
SHA1 5b5fd81d7fcd50c40b733718b44293ba41805ef2
SHA256 5616ceeddcf5330a76716509629bb370a3d4c38f69d02b562d801c4091f74581
SHA512 9a20f6d1a35ba99a1ff60a0384ba38450803981abc281a26faad85e3fb13cbd2dc95fe68493cda83c8f774bd5254adebc031f4108722589165aee4481e50117e

C:\Windows\system\cYzWwEg.exe

MD5 a6b8f09055da8fb9a9bfa6cff55b1f3b
SHA1 aa84001b9796449008285f42c161648ab4da637e
SHA256 b4f9e19116e9b601cda59b7cdc02576f14630d49e614fe93ae3ba270017549f0
SHA512 4c16f41a6babe061c1afd155de529b10f84b0bf0b73d9465effa4ef0631be0cb04fc3a105bd49ad4a28637f49dc4c41b65bea53a6d9eebc60869ce0da1822eb3

C:\Windows\system\gBjOxQA.exe

MD5 0551af827af75bb7c491560a90def4e0
SHA1 2c59300b26924684d6e92b0ab17c8f26de2f4c15
SHA256 cb32853f64ff46962fb445476ab0216be6ce7c8fc48b4fbacd139716390cc476
SHA512 c7e62e0e6e50c454732a088d87ff4a97cdf2bce207f4e0905152ce67113e2437a02a14146dc7b9af9b436533811de3ab66eae0139ac054386068f48cad0af345

C:\Windows\system\GEHyQcg.exe

MD5 4d2fce8a47e2404fe974958ea91c651b
SHA1 0b9a66b7e503cbd56b68a832c01870c48715fde2
SHA256 0be3daf0e790eaab0b90a5788f4758ab6281117443a70a9ea8030d9b784253e7
SHA512 79dbebd66a58899649371b3b84cd76529677a7d5b0dc881d57748cd6acd2d685a76cc599884de61ac90804be08a034398504e8182268077766bb2cb8eaf1f488

\Windows\system\qCEisAB.exe

MD5 7c8e496dec1f6ad5acf14f360b8dc592
SHA1 b925a430ff9f661644e8964a9377251ed810f934
SHA256 84f6e6cd698cca9860e8a24e952bc0ff3b2a9d2065a2def0c9bfcfe382fbdc8a
SHA512 638c7ba0913e81fbc6b9f7a8e4479f55d69fcab8baa332a25d146c0df08ca0814e7ffdacf8ccb20d31b3c42cf080b97bfe1ed1b438a3c23bae0fb2d0306d67fb

C:\Windows\system\mWRkzvF.exe

MD5 8b450dfc64176a5af0d98ea413fcd17d
SHA1 2e0162b9e16abb28d5a1cd0c52a5834e9d442cf0
SHA256 9ad08559b5e16e8d36c8fd60758a9f1d57990791f33e665aa3147d04f18ac572
SHA512 e16a44c576043276c1edd509102e1b8a8a96a722a220effa0068468a7d999b8ad129c1f9c2d62c458f0705ac52008876f3bedae4e09ff0a9fc4576f56af6920a

\Windows\system\lAgMolj.exe

MD5 fa8e55aa4e610af7b8891b4c6321549d
SHA1 19e96b0036d091a7831f555d8af1de649e84fe84
SHA256 51fe3544c031b0ab7bbe56acc717733fe07b8e7bdc882af653dfdd188e60cda6
SHA512 075b216132503808f6384a93fcfe17d6b26ad9a275fcd929ea83abac17577deeecc2b669aea8217a1868d272cda85525250aab5e6ddd8b6897cc84bdd185b104

memory/2152-719-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/1924-724-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1924-745-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1940-748-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/1924-747-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/1924-746-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-744-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2656-743-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/1924-742-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/760-741-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1924-735-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/2908-729-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1924-713-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/2404-711-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/1924-710-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2440-709-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/1924-707-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2156-706-0x000000013F110000-0x000000013F464000-memory.dmp

memory/1924-705-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2580-701-0x000000013FD00000-0x0000000140054000-memory.dmp

C:\Windows\system\Ptzllzo.exe

MD5 6064d89d1b64a5c351c09c126c65b710
SHA1 171e74aacd544565a0d98e580727564a494a1351
SHA256 cb48e05525ca8299b4708b3780856198db62ce9a7a8308f07c2b1b8ee8f9807d
SHA512 ae587e63f949182d61c10aad9e3da7b2e0e260a50be5684718b88e9f53307edf39df1462c2953ef5e53a645df54bae7d1d505885043432dc29167be24db8ee1b

C:\Windows\system\zGebJaa.exe

MD5 8d380d7766c8a566eea3997f3e4519ef
SHA1 6ec56be8671042676c1f7d2cc30b2b6f3b723729
SHA256 b1d157937cd6da568a85ae664a8d4797488416f55b3925e0186a06a75cddf9f1
SHA512 a77a58d270331dfadc26974cf4078451541ef0989e74c03aeff998abd9497ea9109f5680c21cea583f80ee6ef18d6c81060c775e4cf8c2a814971dec9df3c1b1

C:\Windows\system\jKqjaOa.exe

MD5 a900d1667056ca13674b971a342cc336
SHA1 3f4c1f5280af127497a3c850ccb9c6b0fa44c983
SHA256 1cb7cd57b615fa17f99307081948cb51fb0a3ced217f50b99f7f0e3e3ab034d7
SHA512 b0992e0f7caf1220d286a25674f2796dab46b9c10b643e36d724f711740abd6548f3710a8071c1a77b55364f763ae096bdc738ae6259fdf4579c2fd52b5d2739

C:\Windows\system\JMqkLkH.exe

MD5 62992f7b14e23d90292f1cebb808dd64
SHA1 94f5a8ea47eb6381e34ad4dfb33a7913fe560dfe
SHA256 93e04273bc5a8b0cb6320f9c4b877c56c0d9ef159b742c5a7a0e73de625c6a79
SHA512 ad297693283a67cd506a3d8e6a89265fb61b3447f3c9e51f6d96a36f12064718d51c6600c48468ea18e6e78e4d61bbde5beef114bb5b1c8ec46050fddbddaacc

C:\Windows\system\CABKUmR.exe

MD5 186cb7bf0548b2fcb6facc3882bfb917
SHA1 f793fac27aa2e980952d531763b5e50a5f225d91
SHA256 0ee98ffc5da1acc5f73899a0093121dbfb407ff1e0ed4e07a6e3da956973cfae
SHA512 ed7cf681f5b3c6904badcafad7e3f46abb40269075b85a917063ff94e7a71c46d40545bb1ae37849480d55eb70716b15c682382ae20a3d4562f5022abe1477dc

C:\Windows\system\EFIluFx.exe

MD5 9aabb6299a63fb3cc72e1a9c1cd0a0f7
SHA1 38e3355ec455bae31954a12282d8c2cc765be0c4
SHA256 0aad5d520fe0f124ec5fe2253e7e6c5af001b573af37c13ccd372e4d34b77977
SHA512 3b1ad54deb9feed15d884adac4629305725f8e69dc7f55f64a2c4c7895e03e408518105e50548bdf0054f40437546e38594b77df554ae1b134bec8aaee309c91

C:\Windows\system\gADXOoD.exe

MD5 174b2bfa933ad3ec2c80e6d23d14d61b
SHA1 664684c852c624f2b55ad1b778cf7764e95ae62e
SHA256 098f669a54325ab9188bccfa5fa82561c0f84cd67242e46babfa16d3579b603b
SHA512 f47cd9ac9bb8d72cfaab84b2ac702079ce499480dfa6bbef93042c1abd08295cbe1dd34419cc9839df97bf25202a374fd92e57f83b18391fab320ae42875a8ec

C:\Windows\system\doTAijP.exe

MD5 08903bdba9285e5dc7c0e8e14866120f
SHA1 bb15dd41ed2b9335696771d833b50db56f870751
SHA256 e8da59db0869bd5ed843f149131efeec1f4b849f17aa8cec51af550479d72d67
SHA512 f00b4e0655b48b0ec99684a265e636d744d3fd7900c619d27144983905a2714824cd8e1fef6e110ac1055c3225b500708f1460ae298f5693dba3544245e5013b

C:\Windows\system\sVHKEvB.exe

MD5 69a8a031db0a121232d226bced1877cd
SHA1 0ed519722fa535625396c35141aeed3babca1503
SHA256 e9455609272ae49384e29c3f679ae1d8d4008cd35f6c057ad6a652a912bc28e8
SHA512 e8ba07d475ab3cc5570e0989c56cfea606625afc176141fcebaf1cc8a13cb13be4a96ef99d2bebf34dafa46c1a2030aec19196b06a02c7c5756f2f0ced5e1f62

C:\Windows\system\uHRhLXV.exe

MD5 7274da97fd0fbd1eb53d73eefad6d038
SHA1 a999318b84786cbb9a1886075d77129ddf7aaaff
SHA256 2b84750ea6e62273b3989a783b5700ec0b56732fcdbb21c6253597f52af1dfa3
SHA512 90d415f335a1598cc991405a927ed3e7247bb9cb39e3adc86811a16acaf92734dfdb1861a4c58f4abfa880400687d7e2328c59ad7cc020caeef2212c43a41d5d

C:\Windows\system\ZEhwfDk.exe

MD5 d4c93e520a9e64508f76b77a2e51b288
SHA1 b7713c1d3965aa3ae07d9e8be0cd8afa00679b02
SHA256 6a955db77c99507f0a1dcefe067e8ab66e366f7656022c03ccec53a3c144b2c1
SHA512 fa7dcfa50f50d5af31b5edae94bb7409a54e5658f42457c4563090601ab2145f47e8c0ac6478da657f5f4a5b8becab8a3925e919327257334356de8c39fb2088

C:\Windows\system\BudkRyF.exe

MD5 bffb06f99705b62bf8d726025e05433a
SHA1 ea61fca56ecc4e0cea3d0b1ad0792996a923e609
SHA256 eb2149e478ef002068609147c3b7227e70990e41eae6f55cb2f150829066a7a5
SHA512 276e3ff7b9d840c959a32192f5f48bb85e7c30a1685c6696946a3ece4aea59b46a4fe1560f9ed088a2d6a4e85381d75380fdbedb35b38ef2cee85bbecf8d7681

C:\Windows\system\XVnwDwx.exe

MD5 789b65284f8a4c0ce693db227743920f
SHA1 aaa9191b2eb6a4b6afe37723d2a8202972ee0f59
SHA256 bba60646e8094f5aca7622085cd5f4355d940a50aff86233bf027372423feee6
SHA512 839f1c3d750e44fb7e19a4bc344c4a1b534adb1a0ffc45fa9fc7c9fada5fac0f6ccab4d0a5cd31438821cb63e21c3be74dfe32eb3e11d3712e4983176a1bd326

C:\Windows\system\lvCaPIW.exe

MD5 92d7ee189d8283bcfb1997a607dbfe1e
SHA1 760c689223f2c653810f8057bd01d0d149003e91
SHA256 9e1beaab9e7846d3e4aba92b1a94b5c80532f2588a34e0a6fc9a49902639d02f
SHA512 35174a4ad84345cd532362c47da545d76fc92aff72e052bd655913e6839275d50bebb304d734cfdc0bfb128ce5186c0df74a69d61e6a85ec1277152bcb284b30

C:\Windows\system\MsKdUBW.exe

MD5 fda8335bbfe9064d0221b8d8c50d4a6c
SHA1 d98591ad83ecc85a992928745484dfbd50241b2b
SHA256 30882bef39b337407a71727635b37a1a67cbe483ad774e348b4f9684c352c3c2
SHA512 72ab41d06cb7819ad15fb7e8dd909a7f2d55bb380b550840096a70c54ce2ad75c4410b2aa628cf75f4cf336d56e52e099735e23be1fbc2ebdd400d8516edb271

C:\Windows\system\TrIgmvl.exe

MD5 d4e31a34c51fc65bb8759e66f8007a38
SHA1 fc28e4adfb87c2b5a280cd4a7b83f099ae1aea32
SHA256 869140522a25a05051ceaf967307a3b14ff27298eb96181b8d2315f8305ffad9
SHA512 3314cad43304e989864ae718b0ad35c756dcfa6aebf53c53b385ce1a21038bac80027ca08fde0f3791a3e1790be2c8959538c90e5452cebd1a3f559a97f1b7f0

C:\Windows\system\anSmohW.exe

MD5 4a6bbaad1b38ffdca73f396713494eae
SHA1 9524bec1edcaa1a946504ea3920a80f22f56bea2
SHA256 c5ff678b9da8e99e20770db4c89aa8d61ae435f9233dcc2a9d8c9d96ef73aecb
SHA512 06760ffe1be38763bc9a1cb295fc24b7fbfa8717275a3eab72ba667087f3fcac8548949629bab6c0f3657eb6f3f9e0511c86ad7063233b78d24110c632025490

C:\Windows\system\yBTdcRI.exe

MD5 123f9caa9af690750bc8a28c9a8a2d5b
SHA1 d32c06fd64e4423505b77919ded3790f6ef25706
SHA256 8d3ced9daa30ea7ed6a34a1c3038efd245439f8b7fc71be716f0a19517462eb2
SHA512 9a84f6ddaa073cbda77da68dd8ff4af724b73769903714b1017a0730dca434fd88e595b117b50082e8535cd3d1af2ccedc953e60eb177ce14d02274fe3041528

C:\Windows\system\SfbRVsr.exe

MD5 0f5afaa9f972449534425d71d164ac16
SHA1 c42529576df1e95e222c14b99e57e0df11d36bd5
SHA256 9239c5d0b5656308b71e3ba0bea5cfb8411bfe8d60eee15e2dafea8da1e526e7
SHA512 bb9a2cb5cdaca8033cfd8f70a6152ef5286315db22ceb58aad61ed35b32bbff1abfb9e7702063ef22ec3a4f99f5fbc1b2e8c681b75137c8465a7a88049b45182

C:\Windows\system\mYvCUYY.exe

MD5 91b27f199ae95bf8453790aecfbec227
SHA1 cd296109a20d425813e3f50a353c0ac69b7c74f4
SHA256 b76c3c5c61d1aa2624a08f3a6fa836ba79f8ffd128b71a0528cd84d087107c9a
SHA512 1662d5c88ea6d219dff16b6d867ae6e29fcdb43280feeec1a03d4793d7c6e87d65b5c1f689528120336129a19541238b65d4ca624e35564a014cec4412eb5291

memory/2820-42-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/1924-25-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2608-38-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/1924-34-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-32-0x000000013F3F0000-0x000000013F744000-memory.dmp

C:\Windows\system\vgqAWGN.exe

MD5 53c1f635d8eee24e9cfbd9185e39076c
SHA1 b38618633d12ea7d2bf9745f0a59f6815f0db7f5
SHA256 2ae051c30db8b674d24f9f4532a9957356cdaf005ac70bc4a18368962946aa9a
SHA512 c56c413c15471d7000bf9451a7eb2ce3a5d50a7811003057a55f65823693eb74c315c2d18325aa6444f1bd94eae890e8bc7236ef3d5696952f7179e0d3418a23

memory/2320-14-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/1924-13-0x0000000001EF0000-0x0000000002244000-memory.dmp

\Windows\system\vNcSlyw.exe

MD5 6ddea91565d0a0edbfa4bdebc7a77a5d
SHA1 fb8037088a19890ab54ca6aace24ef289a20e7c3
SHA256 4647db82fdba61b86fb7d66ad59198be0f7443bcd6df48a06eba6e416412843e
SHA512 5e4d5977e37c80183d36ab4563a29f521869d80fd835864a8ca39a6f4e59ac339940652d14013bbbf68512b30780338661b896907cebe853cbacbd6adad7ddeb

memory/1924-1069-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1924-1070-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2580-1071-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/1924-1072-0x000000013F110000-0x000000013F464000-memory.dmp

memory/1924-1073-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1074-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/1924-1075-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/1924-1076-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/1924-1077-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/1924-1078-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1079-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1080-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1081-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1082-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2320-1083-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/2332-1084-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2608-1087-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2516-1086-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/2820-1085-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2404-1090-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/1940-1091-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2908-1092-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/760-1093-0x000000013F480000-0x000000013F7D4000-memory.dmp

memory/2656-1094-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2440-1089-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2156-1088-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2152-1095-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/2580-1096-0x000000013FD00000-0x0000000140054000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 08:12

Reported

2024-06-20 08:14

Platform

win10v2004-20240611-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lbqGjFO.exe N/A
N/A N/A C:\Windows\System\PwWSnhl.exe N/A
N/A N/A C:\Windows\System\BeozQer.exe N/A
N/A N/A C:\Windows\System\UcgkxQQ.exe N/A
N/A N/A C:\Windows\System\cIYBNhs.exe N/A
N/A N/A C:\Windows\System\CHsxpyT.exe N/A
N/A N/A C:\Windows\System\xqUnsnZ.exe N/A
N/A N/A C:\Windows\System\syiBWba.exe N/A
N/A N/A C:\Windows\System\AlLtIjK.exe N/A
N/A N/A C:\Windows\System\uOjuplz.exe N/A
N/A N/A C:\Windows\System\pLwFZqg.exe N/A
N/A N/A C:\Windows\System\cyuNcmP.exe N/A
N/A N/A C:\Windows\System\IOotLvX.exe N/A
N/A N/A C:\Windows\System\cbnYKPy.exe N/A
N/A N/A C:\Windows\System\XNNhmyL.exe N/A
N/A N/A C:\Windows\System\gAbBLXA.exe N/A
N/A N/A C:\Windows\System\gpPaTzp.exe N/A
N/A N/A C:\Windows\System\SBappHI.exe N/A
N/A N/A C:\Windows\System\DOHhMya.exe N/A
N/A N/A C:\Windows\System\GrzkZXK.exe N/A
N/A N/A C:\Windows\System\TarZskz.exe N/A
N/A N/A C:\Windows\System\foRuBpm.exe N/A
N/A N/A C:\Windows\System\ilOhThm.exe N/A
N/A N/A C:\Windows\System\OvdIlgh.exe N/A
N/A N/A C:\Windows\System\BjPZYdp.exe N/A
N/A N/A C:\Windows\System\GSWjgsB.exe N/A
N/A N/A C:\Windows\System\cbIfRbu.exe N/A
N/A N/A C:\Windows\System\sdlxbRn.exe N/A
N/A N/A C:\Windows\System\KKqULet.exe N/A
N/A N/A C:\Windows\System\PHSVxYS.exe N/A
N/A N/A C:\Windows\System\ILvSnqY.exe N/A
N/A N/A C:\Windows\System\OPLYbvl.exe N/A
N/A N/A C:\Windows\System\ZSYrsRh.exe N/A
N/A N/A C:\Windows\System\RDeVCgW.exe N/A
N/A N/A C:\Windows\System\rUtaVvr.exe N/A
N/A N/A C:\Windows\System\HwKKooq.exe N/A
N/A N/A C:\Windows\System\lqXYErA.exe N/A
N/A N/A C:\Windows\System\ssAhSWE.exe N/A
N/A N/A C:\Windows\System\IIIlcwT.exe N/A
N/A N/A C:\Windows\System\aTIloXq.exe N/A
N/A N/A C:\Windows\System\mEkqCRm.exe N/A
N/A N/A C:\Windows\System\EXmlSlN.exe N/A
N/A N/A C:\Windows\System\GBLybdu.exe N/A
N/A N/A C:\Windows\System\jMLfYxx.exe N/A
N/A N/A C:\Windows\System\KBeYcQu.exe N/A
N/A N/A C:\Windows\System\SIlphxx.exe N/A
N/A N/A C:\Windows\System\EALEmLU.exe N/A
N/A N/A C:\Windows\System\AvuEwIW.exe N/A
N/A N/A C:\Windows\System\hfCQvgq.exe N/A
N/A N/A C:\Windows\System\VvPgvUc.exe N/A
N/A N/A C:\Windows\System\bRHLeKL.exe N/A
N/A N/A C:\Windows\System\PSdHwqX.exe N/A
N/A N/A C:\Windows\System\IrrRDqo.exe N/A
N/A N/A C:\Windows\System\ttqNStS.exe N/A
N/A N/A C:\Windows\System\PerABJq.exe N/A
N/A N/A C:\Windows\System\lQlrtJg.exe N/A
N/A N/A C:\Windows\System\jPsAIEy.exe N/A
N/A N/A C:\Windows\System\fSMgJvc.exe N/A
N/A N/A C:\Windows\System\yWcHMHS.exe N/A
N/A N/A C:\Windows\System\SkFSuNk.exe N/A
N/A N/A C:\Windows\System\Flonxft.exe N/A
N/A N/A C:\Windows\System\KlCESOj.exe N/A
N/A N/A C:\Windows\System\eqHrKVT.exe N/A
N/A N/A C:\Windows\System\npyariM.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HwKKooq.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\SIlphxx.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvuEwIW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLwPIGC.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNdghkZ.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\biIygmD.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbqGjFO.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPLYbvl.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGHUlMd.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQTMSRN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccRQgaZ.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnfxpEn.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPsAIEy.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\AyfJtYJ.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmuRpzv.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\wFHzKsN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBoQQwf.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnlAFdN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\qPccBDe.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLdyjpa.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvdIlgh.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCGfvhv.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\OuoQRpt.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYhLwVv.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLOTTWe.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkpkfEN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvBzVyk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbnYKPy.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwEiryi.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDWEyfk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImXuCaA.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\KlCESOj.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdrHDaH.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\kuvMlwA.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYfMVBU.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxLMtzh.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjaSwPt.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\EALEmLU.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\wJKEyTh.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmMkWqg.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwVjHTP.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMVAWIN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\IIIlcwT.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\guUZNoN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcjpcCA.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGbvkKZ.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbHGgfs.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilOhThm.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkFSuNk.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\avlwWiq.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\nuKReUP.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDeVCgW.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUyUNwT.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\LWJNHWd.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHaYIPB.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\UujkcqB.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpPaTzp.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\TarZskz.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtZgeUp.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\fSMgJvc.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\SyUaJmG.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYqMbVA.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\wRwzSdN.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDSlxbG.exe C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4516 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\lbqGjFO.exe
PID 4516 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\lbqGjFO.exe
PID 4516 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\PwWSnhl.exe
PID 4516 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\PwWSnhl.exe
PID 4516 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BeozQer.exe
PID 4516 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BeozQer.exe
PID 4516 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\UcgkxQQ.exe
PID 4516 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\UcgkxQQ.exe
PID 4516 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\CHsxpyT.exe
PID 4516 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\CHsxpyT.exe
PID 4516 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\xqUnsnZ.exe
PID 4516 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\xqUnsnZ.exe
PID 4516 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cIYBNhs.exe
PID 4516 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cIYBNhs.exe
PID 4516 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\syiBWba.exe
PID 4516 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\syiBWba.exe
PID 4516 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\AlLtIjK.exe
PID 4516 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\AlLtIjK.exe
PID 4516 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uOjuplz.exe
PID 4516 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\uOjuplz.exe
PID 4516 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\pLwFZqg.exe
PID 4516 wrote to memory of 3912 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\pLwFZqg.exe
PID 4516 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cyuNcmP.exe
PID 4516 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cyuNcmP.exe
PID 4516 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SBappHI.exe
PID 4516 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\SBappHI.exe
PID 4516 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\IOotLvX.exe
PID 4516 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\IOotLvX.exe
PID 4516 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cbnYKPy.exe
PID 4516 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cbnYKPy.exe
PID 4516 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gAbBLXA.exe
PID 4516 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gAbBLXA.exe
PID 4516 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\XNNhmyL.exe
PID 4516 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\XNNhmyL.exe
PID 4516 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GrzkZXK.exe
PID 4516 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GrzkZXK.exe
PID 4516 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\foRuBpm.exe
PID 4516 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\foRuBpm.exe
PID 4516 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gpPaTzp.exe
PID 4516 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\gpPaTzp.exe
PID 4516 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\DOHhMya.exe
PID 4516 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\DOHhMya.exe
PID 4516 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\TarZskz.exe
PID 4516 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\TarZskz.exe
PID 4516 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ilOhThm.exe
PID 4516 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ilOhThm.exe
PID 4516 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\OvdIlgh.exe
PID 4516 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\OvdIlgh.exe
PID 4516 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\OPLYbvl.exe
PID 4516 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\OPLYbvl.exe
PID 4516 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BjPZYdp.exe
PID 4516 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\BjPZYdp.exe
PID 4516 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GSWjgsB.exe
PID 4516 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\GSWjgsB.exe
PID 4516 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cbIfRbu.exe
PID 4516 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\cbIfRbu.exe
PID 4516 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\sdlxbRn.exe
PID 4516 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\sdlxbRn.exe
PID 4516 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\KKqULet.exe
PID 4516 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\KKqULet.exe
PID 4516 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\PHSVxYS.exe
PID 4516 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\PHSVxYS.exe
PID 4516 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ILvSnqY.exe
PID 4516 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe C:\Windows\System\ILvSnqY.exe

Processes

C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe"

C:\Windows\System\lbqGjFO.exe

C:\Windows\System\lbqGjFO.exe

C:\Windows\System\PwWSnhl.exe

C:\Windows\System\PwWSnhl.exe

C:\Windows\System\BeozQer.exe

C:\Windows\System\BeozQer.exe

C:\Windows\System\UcgkxQQ.exe

C:\Windows\System\UcgkxQQ.exe

C:\Windows\System\CHsxpyT.exe

C:\Windows\System\CHsxpyT.exe

C:\Windows\System\xqUnsnZ.exe

C:\Windows\System\xqUnsnZ.exe

C:\Windows\System\cIYBNhs.exe

C:\Windows\System\cIYBNhs.exe

C:\Windows\System\syiBWba.exe

C:\Windows\System\syiBWba.exe

C:\Windows\System\AlLtIjK.exe

C:\Windows\System\AlLtIjK.exe

C:\Windows\System\uOjuplz.exe

C:\Windows\System\uOjuplz.exe

C:\Windows\System\pLwFZqg.exe

C:\Windows\System\pLwFZqg.exe

C:\Windows\System\cyuNcmP.exe

C:\Windows\System\cyuNcmP.exe

C:\Windows\System\SBappHI.exe

C:\Windows\System\SBappHI.exe

C:\Windows\System\IOotLvX.exe

C:\Windows\System\IOotLvX.exe

C:\Windows\System\cbnYKPy.exe

C:\Windows\System\cbnYKPy.exe

C:\Windows\System\gAbBLXA.exe

C:\Windows\System\gAbBLXA.exe

C:\Windows\System\XNNhmyL.exe

C:\Windows\System\XNNhmyL.exe

C:\Windows\System\GrzkZXK.exe

C:\Windows\System\GrzkZXK.exe

C:\Windows\System\foRuBpm.exe

C:\Windows\System\foRuBpm.exe

C:\Windows\System\gpPaTzp.exe

C:\Windows\System\gpPaTzp.exe

C:\Windows\System\DOHhMya.exe

C:\Windows\System\DOHhMya.exe

C:\Windows\System\TarZskz.exe

C:\Windows\System\TarZskz.exe

C:\Windows\System\ilOhThm.exe

C:\Windows\System\ilOhThm.exe

C:\Windows\System\OvdIlgh.exe

C:\Windows\System\OvdIlgh.exe

C:\Windows\System\OPLYbvl.exe

C:\Windows\System\OPLYbvl.exe

C:\Windows\System\BjPZYdp.exe

C:\Windows\System\BjPZYdp.exe

C:\Windows\System\GSWjgsB.exe

C:\Windows\System\GSWjgsB.exe

C:\Windows\System\cbIfRbu.exe

C:\Windows\System\cbIfRbu.exe

C:\Windows\System\sdlxbRn.exe

C:\Windows\System\sdlxbRn.exe

C:\Windows\System\KKqULet.exe

C:\Windows\System\KKqULet.exe

C:\Windows\System\PHSVxYS.exe

C:\Windows\System\PHSVxYS.exe

C:\Windows\System\ILvSnqY.exe

C:\Windows\System\ILvSnqY.exe

C:\Windows\System\ZSYrsRh.exe

C:\Windows\System\ZSYrsRh.exe

C:\Windows\System\RDeVCgW.exe

C:\Windows\System\RDeVCgW.exe

C:\Windows\System\rUtaVvr.exe

C:\Windows\System\rUtaVvr.exe

C:\Windows\System\HwKKooq.exe

C:\Windows\System\HwKKooq.exe

C:\Windows\System\lqXYErA.exe

C:\Windows\System\lqXYErA.exe

C:\Windows\System\ssAhSWE.exe

C:\Windows\System\ssAhSWE.exe

C:\Windows\System\IIIlcwT.exe

C:\Windows\System\IIIlcwT.exe

C:\Windows\System\GBLybdu.exe

C:\Windows\System\GBLybdu.exe

C:\Windows\System\aTIloXq.exe

C:\Windows\System\aTIloXq.exe

C:\Windows\System\mEkqCRm.exe

C:\Windows\System\mEkqCRm.exe

C:\Windows\System\EXmlSlN.exe

C:\Windows\System\EXmlSlN.exe

C:\Windows\System\jMLfYxx.exe

C:\Windows\System\jMLfYxx.exe

C:\Windows\System\KBeYcQu.exe

C:\Windows\System\KBeYcQu.exe

C:\Windows\System\SIlphxx.exe

C:\Windows\System\SIlphxx.exe

C:\Windows\System\EALEmLU.exe

C:\Windows\System\EALEmLU.exe

C:\Windows\System\AvuEwIW.exe

C:\Windows\System\AvuEwIW.exe

C:\Windows\System\hfCQvgq.exe

C:\Windows\System\hfCQvgq.exe

C:\Windows\System\VvPgvUc.exe

C:\Windows\System\VvPgvUc.exe

C:\Windows\System\bRHLeKL.exe

C:\Windows\System\bRHLeKL.exe

C:\Windows\System\PSdHwqX.exe

C:\Windows\System\PSdHwqX.exe

C:\Windows\System\IrrRDqo.exe

C:\Windows\System\IrrRDqo.exe

C:\Windows\System\ttqNStS.exe

C:\Windows\System\ttqNStS.exe

C:\Windows\System\PerABJq.exe

C:\Windows\System\PerABJq.exe

C:\Windows\System\lQlrtJg.exe

C:\Windows\System\lQlrtJg.exe

C:\Windows\System\jPsAIEy.exe

C:\Windows\System\jPsAIEy.exe

C:\Windows\System\fSMgJvc.exe

C:\Windows\System\fSMgJvc.exe

C:\Windows\System\yWcHMHS.exe

C:\Windows\System\yWcHMHS.exe

C:\Windows\System\SkFSuNk.exe

C:\Windows\System\SkFSuNk.exe

C:\Windows\System\gTlBOVZ.exe

C:\Windows\System\gTlBOVZ.exe

C:\Windows\System\Flonxft.exe

C:\Windows\System\Flonxft.exe

C:\Windows\System\KlCESOj.exe

C:\Windows\System\KlCESOj.exe

C:\Windows\System\eqHrKVT.exe

C:\Windows\System\eqHrKVT.exe

C:\Windows\System\npyariM.exe

C:\Windows\System\npyariM.exe

C:\Windows\System\FmBrRhR.exe

C:\Windows\System\FmBrRhR.exe

C:\Windows\System\YyiBOXj.exe

C:\Windows\System\YyiBOXj.exe

C:\Windows\System\ZKzGqpv.exe

C:\Windows\System\ZKzGqpv.exe

C:\Windows\System\ddRmhzc.exe

C:\Windows\System\ddRmhzc.exe

C:\Windows\System\xhIxuiY.exe

C:\Windows\System\xhIxuiY.exe

C:\Windows\System\CFmZxGI.exe

C:\Windows\System\CFmZxGI.exe

C:\Windows\System\VSuuyQA.exe

C:\Windows\System\VSuuyQA.exe

C:\Windows\System\fCGfvhv.exe

C:\Windows\System\fCGfvhv.exe

C:\Windows\System\mgOanCG.exe

C:\Windows\System\mgOanCG.exe

C:\Windows\System\AyfJtYJ.exe

C:\Windows\System\AyfJtYJ.exe

C:\Windows\System\nmuRpzv.exe

C:\Windows\System\nmuRpzv.exe

C:\Windows\System\wFHzKsN.exe

C:\Windows\System\wFHzKsN.exe

C:\Windows\System\MYqMbVA.exe

C:\Windows\System\MYqMbVA.exe

C:\Windows\System\kYdUSGv.exe

C:\Windows\System\kYdUSGv.exe

C:\Windows\System\HHypSYZ.exe

C:\Windows\System\HHypSYZ.exe

C:\Windows\System\ohpTBAj.exe

C:\Windows\System\ohpTBAj.exe

C:\Windows\System\IKEDmev.exe

C:\Windows\System\IKEDmev.exe

C:\Windows\System\wQubhwC.exe

C:\Windows\System\wQubhwC.exe

C:\Windows\System\SLhIWXX.exe

C:\Windows\System\SLhIWXX.exe

C:\Windows\System\IksOXFj.exe

C:\Windows\System\IksOXFj.exe

C:\Windows\System\uraFRDb.exe

C:\Windows\System\uraFRDb.exe

C:\Windows\System\LlpJfHo.exe

C:\Windows\System\LlpJfHo.exe

C:\Windows\System\zxZOxol.exe

C:\Windows\System\zxZOxol.exe

C:\Windows\System\kcsmeLF.exe

C:\Windows\System\kcsmeLF.exe

C:\Windows\System\SvMDfOi.exe

C:\Windows\System\SvMDfOi.exe

C:\Windows\System\dzfJVOM.exe

C:\Windows\System\dzfJVOM.exe

C:\Windows\System\LzdnzRX.exe

C:\Windows\System\LzdnzRX.exe

C:\Windows\System\hfngJOV.exe

C:\Windows\System\hfngJOV.exe

C:\Windows\System\OnBDPKQ.exe

C:\Windows\System\OnBDPKQ.exe

C:\Windows\System\CTdEGcI.exe

C:\Windows\System\CTdEGcI.exe

C:\Windows\System\eZOnCpS.exe

C:\Windows\System\eZOnCpS.exe

C:\Windows\System\fzPqhbr.exe

C:\Windows\System\fzPqhbr.exe

C:\Windows\System\QBFOaQb.exe

C:\Windows\System\QBFOaQb.exe

C:\Windows\System\bYfMVBU.exe

C:\Windows\System\bYfMVBU.exe

C:\Windows\System\wRwzSdN.exe

C:\Windows\System\wRwzSdN.exe

C:\Windows\System\GmSQVrn.exe

C:\Windows\System\GmSQVrn.exe

C:\Windows\System\wvTeRZP.exe

C:\Windows\System\wvTeRZP.exe

C:\Windows\System\IySuUPt.exe

C:\Windows\System\IySuUPt.exe

C:\Windows\System\JyPYZTB.exe

C:\Windows\System\JyPYZTB.exe

C:\Windows\System\XVoJxLO.exe

C:\Windows\System\XVoJxLO.exe

C:\Windows\System\WxMoMxA.exe

C:\Windows\System\WxMoMxA.exe

C:\Windows\System\WBDEmRI.exe

C:\Windows\System\WBDEmRI.exe

C:\Windows\System\jBoQQwf.exe

C:\Windows\System\jBoQQwf.exe

C:\Windows\System\EKDiTOs.exe

C:\Windows\System\EKDiTOs.exe

C:\Windows\System\oinWglQ.exe

C:\Windows\System\oinWglQ.exe

C:\Windows\System\ccRQgaZ.exe

C:\Windows\System\ccRQgaZ.exe

C:\Windows\System\KzmbULO.exe

C:\Windows\System\KzmbULO.exe

C:\Windows\System\bTCSceZ.exe

C:\Windows\System\bTCSceZ.exe

C:\Windows\System\feXrjUK.exe

C:\Windows\System\feXrjUK.exe

C:\Windows\System\lYkFsKn.exe

C:\Windows\System\lYkFsKn.exe

C:\Windows\System\FMORoOF.exe

C:\Windows\System\FMORoOF.exe

C:\Windows\System\ISaZjEU.exe

C:\Windows\System\ISaZjEU.exe

C:\Windows\System\guUZNoN.exe

C:\Windows\System\guUZNoN.exe

C:\Windows\System\HbrtBOP.exe

C:\Windows\System\HbrtBOP.exe

C:\Windows\System\LWJNHWd.exe

C:\Windows\System\LWJNHWd.exe

C:\Windows\System\zRKAyZk.exe

C:\Windows\System\zRKAyZk.exe

C:\Windows\System\TQCpMjU.exe

C:\Windows\System\TQCpMjU.exe

C:\Windows\System\NuXsBdo.exe

C:\Windows\System\NuXsBdo.exe

C:\Windows\System\HdrHDaH.exe

C:\Windows\System\HdrHDaH.exe

C:\Windows\System\qJDohOg.exe

C:\Windows\System\qJDohOg.exe

C:\Windows\System\vPggMoe.exe

C:\Windows\System\vPggMoe.exe

C:\Windows\System\FLwPIGC.exe

C:\Windows\System\FLwPIGC.exe

C:\Windows\System\rHHPVjM.exe

C:\Windows\System\rHHPVjM.exe

C:\Windows\System\NGUYFfD.exe

C:\Windows\System\NGUYFfD.exe

C:\Windows\System\VwEiryi.exe

C:\Windows\System\VwEiryi.exe

C:\Windows\System\tWgwcmF.exe

C:\Windows\System\tWgwcmF.exe

C:\Windows\System\SyUaJmG.exe

C:\Windows\System\SyUaJmG.exe

C:\Windows\System\dPOgOpi.exe

C:\Windows\System\dPOgOpi.exe

C:\Windows\System\eSlZOIi.exe

C:\Windows\System\eSlZOIi.exe

C:\Windows\System\MHRXQjV.exe

C:\Windows\System\MHRXQjV.exe

C:\Windows\System\RHxcOLg.exe

C:\Windows\System\RHxcOLg.exe

C:\Windows\System\mSnJMat.exe

C:\Windows\System\mSnJMat.exe

C:\Windows\System\NCEfeJn.exe

C:\Windows\System\NCEfeJn.exe

C:\Windows\System\yatuZkT.exe

C:\Windows\System\yatuZkT.exe

C:\Windows\System\yBgktEu.exe

C:\Windows\System\yBgktEu.exe

C:\Windows\System\QOvugaD.exe

C:\Windows\System\QOvugaD.exe

C:\Windows\System\YrhTZmI.exe

C:\Windows\System\YrhTZmI.exe

C:\Windows\System\MnlAFdN.exe

C:\Windows\System\MnlAFdN.exe

C:\Windows\System\BZgLzGs.exe

C:\Windows\System\BZgLzGs.exe

C:\Windows\System\CogVDKK.exe

C:\Windows\System\CogVDKK.exe

C:\Windows\System\YJASYPS.exe

C:\Windows\System\YJASYPS.exe

C:\Windows\System\vnfxpEn.exe

C:\Windows\System\vnfxpEn.exe

C:\Windows\System\QMwqTPd.exe

C:\Windows\System\QMwqTPd.exe

C:\Windows\System\vmtlbaG.exe

C:\Windows\System\vmtlbaG.exe

C:\Windows\System\qPccBDe.exe

C:\Windows\System\qPccBDe.exe

C:\Windows\System\KLOTTWe.exe

C:\Windows\System\KLOTTWe.exe

C:\Windows\System\iDSlxbG.exe

C:\Windows\System\iDSlxbG.exe

C:\Windows\System\EHaYIPB.exe

C:\Windows\System\EHaYIPB.exe

C:\Windows\System\GYEOPOC.exe

C:\Windows\System\GYEOPOC.exe

C:\Windows\System\PVMceHh.exe

C:\Windows\System\PVMceHh.exe

C:\Windows\System\GlQefko.exe

C:\Windows\System\GlQefko.exe

C:\Windows\System\YkpkfEN.exe

C:\Windows\System\YkpkfEN.exe

C:\Windows\System\KmdtuSr.exe

C:\Windows\System\KmdtuSr.exe

C:\Windows\System\CBKLQoz.exe

C:\Windows\System\CBKLQoz.exe

C:\Windows\System\Wczpmit.exe

C:\Windows\System\Wczpmit.exe

C:\Windows\System\WeAMdQW.exe

C:\Windows\System\WeAMdQW.exe

C:\Windows\System\WgIeWXp.exe

C:\Windows\System\WgIeWXp.exe

C:\Windows\System\KRNTJFa.exe

C:\Windows\System\KRNTJFa.exe

C:\Windows\System\ahYjjqj.exe

C:\Windows\System\ahYjjqj.exe

C:\Windows\System\uKZkaVk.exe

C:\Windows\System\uKZkaVk.exe

C:\Windows\System\xXuafft.exe

C:\Windows\System\xXuafft.exe

C:\Windows\System\URequub.exe

C:\Windows\System\URequub.exe

C:\Windows\System\CbmKoHW.exe

C:\Windows\System\CbmKoHW.exe

C:\Windows\System\wJKEyTh.exe

C:\Windows\System\wJKEyTh.exe

C:\Windows\System\chojQXH.exe

C:\Windows\System\chojQXH.exe

C:\Windows\System\vXrPacO.exe

C:\Windows\System\vXrPacO.exe

C:\Windows\System\JJutPvw.exe

C:\Windows\System\JJutPvw.exe

C:\Windows\System\WqPRkFD.exe

C:\Windows\System\WqPRkFD.exe

C:\Windows\System\ybneJJS.exe

C:\Windows\System\ybneJJS.exe

C:\Windows\System\xugoIOa.exe

C:\Windows\System\xugoIOa.exe

C:\Windows\System\nUyUNwT.exe

C:\Windows\System\nUyUNwT.exe

C:\Windows\System\BBTTDpo.exe

C:\Windows\System\BBTTDpo.exe

C:\Windows\System\tlGQbSx.exe

C:\Windows\System\tlGQbSx.exe

C:\Windows\System\RXQribV.exe

C:\Windows\System\RXQribV.exe

C:\Windows\System\IEAqziW.exe

C:\Windows\System\IEAqziW.exe

C:\Windows\System\zOxyHcV.exe

C:\Windows\System\zOxyHcV.exe

C:\Windows\System\gtZgeUp.exe

C:\Windows\System\gtZgeUp.exe

C:\Windows\System\veVRsPO.exe

C:\Windows\System\veVRsPO.exe

C:\Windows\System\XAZpeKn.exe

C:\Windows\System\XAZpeKn.exe

C:\Windows\System\dBxArfZ.exe

C:\Windows\System\dBxArfZ.exe

C:\Windows\System\ODIDNiK.exe

C:\Windows\System\ODIDNiK.exe

C:\Windows\System\aCFGDgA.exe

C:\Windows\System\aCFGDgA.exe

C:\Windows\System\YcCwLLi.exe

C:\Windows\System\YcCwLLi.exe

C:\Windows\System\TmclOCt.exe

C:\Windows\System\TmclOCt.exe

C:\Windows\System\avlwWiq.exe

C:\Windows\System\avlwWiq.exe

C:\Windows\System\ZcjpcCA.exe

C:\Windows\System\ZcjpcCA.exe

C:\Windows\System\bcTLNya.exe

C:\Windows\System\bcTLNya.exe

C:\Windows\System\BsoGuZx.exe

C:\Windows\System\BsoGuZx.exe

C:\Windows\System\sjzdVmV.exe

C:\Windows\System\sjzdVmV.exe

C:\Windows\System\ZDWEyfk.exe

C:\Windows\System\ZDWEyfk.exe

C:\Windows\System\AFXywTA.exe

C:\Windows\System\AFXywTA.exe

C:\Windows\System\xFqTTiK.exe

C:\Windows\System\xFqTTiK.exe

C:\Windows\System\HqTJxSA.exe

C:\Windows\System\HqTJxSA.exe

C:\Windows\System\ecmJpIo.exe

C:\Windows\System\ecmJpIo.exe

C:\Windows\System\zcIrfEq.exe

C:\Windows\System\zcIrfEq.exe

C:\Windows\System\NbNWzAG.exe

C:\Windows\System\NbNWzAG.exe

C:\Windows\System\HxKthOl.exe

C:\Windows\System\HxKthOl.exe

C:\Windows\System\KmMkWqg.exe

C:\Windows\System\KmMkWqg.exe

C:\Windows\System\VqPXDBh.exe

C:\Windows\System\VqPXDBh.exe

C:\Windows\System\qPUmSjb.exe

C:\Windows\System\qPUmSjb.exe

C:\Windows\System\cNdghkZ.exe

C:\Windows\System\cNdghkZ.exe

C:\Windows\System\BBDTvsu.exe

C:\Windows\System\BBDTvsu.exe

C:\Windows\System\JYZCMSg.exe

C:\Windows\System\JYZCMSg.exe

C:\Windows\System\clsWoBd.exe

C:\Windows\System\clsWoBd.exe

C:\Windows\System\bEPPDKW.exe

C:\Windows\System\bEPPDKW.exe

C:\Windows\System\cGHshTN.exe

C:\Windows\System\cGHshTN.exe

C:\Windows\System\fLBCvXy.exe

C:\Windows\System\fLBCvXy.exe

C:\Windows\System\mYpUvxa.exe

C:\Windows\System\mYpUvxa.exe

C:\Windows\System\fGbvkKZ.exe

C:\Windows\System\fGbvkKZ.exe

C:\Windows\System\ozEVxdE.exe

C:\Windows\System\ozEVxdE.exe

C:\Windows\System\wBhVeod.exe

C:\Windows\System\wBhVeod.exe

C:\Windows\System\YIKMIyg.exe

C:\Windows\System\YIKMIyg.exe

C:\Windows\System\QQkvEjW.exe

C:\Windows\System\QQkvEjW.exe

C:\Windows\System\IggwUmA.exe

C:\Windows\System\IggwUmA.exe

C:\Windows\System\lKBhODR.exe

C:\Windows\System\lKBhODR.exe

C:\Windows\System\nuKReUP.exe

C:\Windows\System\nuKReUP.exe

C:\Windows\System\vADbrJh.exe

C:\Windows\System\vADbrJh.exe

C:\Windows\System\OpcseIw.exe

C:\Windows\System\OpcseIw.exe

C:\Windows\System\teNgKlO.exe

C:\Windows\System\teNgKlO.exe

C:\Windows\System\CvqyvuD.exe

C:\Windows\System\CvqyvuD.exe

C:\Windows\System\uKuibnJ.exe

C:\Windows\System\uKuibnJ.exe

C:\Windows\System\rNCEWfS.exe

C:\Windows\System\rNCEWfS.exe

C:\Windows\System\QWFrbvx.exe

C:\Windows\System\QWFrbvx.exe

C:\Windows\System\dCbmrhz.exe

C:\Windows\System\dCbmrhz.exe

C:\Windows\System\XCAdTSf.exe

C:\Windows\System\XCAdTSf.exe

C:\Windows\System\pzolOpR.exe

C:\Windows\System\pzolOpR.exe

C:\Windows\System\tnsNfaQ.exe

C:\Windows\System\tnsNfaQ.exe

C:\Windows\System\KvBzVyk.exe

C:\Windows\System\KvBzVyk.exe

C:\Windows\System\heEobLg.exe

C:\Windows\System\heEobLg.exe

C:\Windows\System\CpvHPWN.exe

C:\Windows\System\CpvHPWN.exe

C:\Windows\System\XrWRtWI.exe

C:\Windows\System\XrWRtWI.exe

C:\Windows\System\FbHGgfs.exe

C:\Windows\System\FbHGgfs.exe

C:\Windows\System\VZspVws.exe

C:\Windows\System\VZspVws.exe

C:\Windows\System\iDIWPZT.exe

C:\Windows\System\iDIWPZT.exe

C:\Windows\System\PFhlnwP.exe

C:\Windows\System\PFhlnwP.exe

C:\Windows\System\oluHJPT.exe

C:\Windows\System\oluHJPT.exe

C:\Windows\System\BlKJseO.exe

C:\Windows\System\BlKJseO.exe

C:\Windows\System\ITcfZfw.exe

C:\Windows\System\ITcfZfw.exe

C:\Windows\System\biIygmD.exe

C:\Windows\System\biIygmD.exe

C:\Windows\System\UujkcqB.exe

C:\Windows\System\UujkcqB.exe

C:\Windows\System\lezOePT.exe

C:\Windows\System\lezOePT.exe

C:\Windows\System\BXwcRAi.exe

C:\Windows\System\BXwcRAi.exe

C:\Windows\System\bqRWlsr.exe

C:\Windows\System\bqRWlsr.exe

C:\Windows\System\TLdyjpa.exe

C:\Windows\System\TLdyjpa.exe

C:\Windows\System\Itquiue.exe

C:\Windows\System\Itquiue.exe

C:\Windows\System\CCbohCd.exe

C:\Windows\System\CCbohCd.exe

C:\Windows\System\SGHUlMd.exe

C:\Windows\System\SGHUlMd.exe

C:\Windows\System\XwVjHTP.exe

C:\Windows\System\XwVjHTP.exe

C:\Windows\System\xJcrCEK.exe

C:\Windows\System\xJcrCEK.exe

C:\Windows\System\dcUuyTt.exe

C:\Windows\System\dcUuyTt.exe

C:\Windows\System\pQCdNYW.exe

C:\Windows\System\pQCdNYW.exe

C:\Windows\System\NYRvCKS.exe

C:\Windows\System\NYRvCKS.exe

C:\Windows\System\mFZeRrl.exe

C:\Windows\System\mFZeRrl.exe

C:\Windows\System\ELvNFiZ.exe

C:\Windows\System\ELvNFiZ.exe

C:\Windows\System\SlrFAUC.exe

C:\Windows\System\SlrFAUC.exe

C:\Windows\System\PTCAdpQ.exe

C:\Windows\System\PTCAdpQ.exe

C:\Windows\System\NUYbnlW.exe

C:\Windows\System\NUYbnlW.exe

C:\Windows\System\KWAaJho.exe

C:\Windows\System\KWAaJho.exe

C:\Windows\System\QhrDswB.exe

C:\Windows\System\QhrDswB.exe

C:\Windows\System\SGBSpeH.exe

C:\Windows\System\SGBSpeH.exe

C:\Windows\System\fQTMSRN.exe

C:\Windows\System\fQTMSRN.exe

C:\Windows\System\FbtDDPl.exe

C:\Windows\System\FbtDDPl.exe

C:\Windows\System\FNLYgCv.exe

C:\Windows\System\FNLYgCv.exe

C:\Windows\System\XobjamJ.exe

C:\Windows\System\XobjamJ.exe

C:\Windows\System\VxfBgWp.exe

C:\Windows\System\VxfBgWp.exe

C:\Windows\System\rxLJIPu.exe

C:\Windows\System\rxLJIPu.exe

C:\Windows\System\oXmiGhr.exe

C:\Windows\System\oXmiGhr.exe

C:\Windows\System\TclNnsD.exe

C:\Windows\System\TclNnsD.exe

C:\Windows\System\oUGpXvc.exe

C:\Windows\System\oUGpXvc.exe

C:\Windows\System\lKrUjsW.exe

C:\Windows\System\lKrUjsW.exe

C:\Windows\System\HgIiJPC.exe

C:\Windows\System\HgIiJPC.exe

C:\Windows\System\eyVcIvA.exe

C:\Windows\System\eyVcIvA.exe

C:\Windows\System\QCQctus.exe

C:\Windows\System\QCQctus.exe

C:\Windows\System\sZINdst.exe

C:\Windows\System\sZINdst.exe

C:\Windows\System\YftufHN.exe

C:\Windows\System\YftufHN.exe

C:\Windows\System\EDzUrun.exe

C:\Windows\System\EDzUrun.exe

C:\Windows\System\xxLMtzh.exe

C:\Windows\System\xxLMtzh.exe

C:\Windows\System\ImXuCaA.exe

C:\Windows\System\ImXuCaA.exe

C:\Windows\System\ygzOjiN.exe

C:\Windows\System\ygzOjiN.exe

C:\Windows\System\oYKDZjO.exe

C:\Windows\System\oYKDZjO.exe

C:\Windows\System\wfzfvNf.exe

C:\Windows\System\wfzfvNf.exe

C:\Windows\System\jTgBGha.exe

C:\Windows\System\jTgBGha.exe

C:\Windows\System\fBSZnGV.exe

C:\Windows\System\fBSZnGV.exe

C:\Windows\System\yjaSwPt.exe

C:\Windows\System\yjaSwPt.exe

C:\Windows\System\VIUnZqq.exe

C:\Windows\System\VIUnZqq.exe

C:\Windows\System\zuHmjXg.exe

C:\Windows\System\zuHmjXg.exe

C:\Windows\System\GGMFNRy.exe

C:\Windows\System\GGMFNRy.exe

C:\Windows\System\XeZdxfU.exe

C:\Windows\System\XeZdxfU.exe

C:\Windows\System\dfnbGoV.exe

C:\Windows\System\dfnbGoV.exe

C:\Windows\System\nybYREG.exe

C:\Windows\System\nybYREG.exe

C:\Windows\System\bpfaeSU.exe

C:\Windows\System\bpfaeSU.exe

C:\Windows\System\ZgGBeKP.exe

C:\Windows\System\ZgGBeKP.exe

C:\Windows\System\FCzqEqz.exe

C:\Windows\System\FCzqEqz.exe

C:\Windows\System\FLnRpFd.exe

C:\Windows\System\FLnRpFd.exe

C:\Windows\System\tvPgVFR.exe

C:\Windows\System\tvPgVFR.exe

C:\Windows\System\gMnsOvy.exe

C:\Windows\System\gMnsOvy.exe

C:\Windows\System\ZeDwPkG.exe

C:\Windows\System\ZeDwPkG.exe

C:\Windows\System\kuvMlwA.exe

C:\Windows\System\kuvMlwA.exe

C:\Windows\System\ZmQTBxI.exe

C:\Windows\System\ZmQTBxI.exe

C:\Windows\System\jLqHCiZ.exe

C:\Windows\System\jLqHCiZ.exe

C:\Windows\System\IMVAWIN.exe

C:\Windows\System\IMVAWIN.exe

C:\Windows\System\OuoQRpt.exe

C:\Windows\System\OuoQRpt.exe

C:\Windows\System\fyZSEjs.exe

C:\Windows\System\fyZSEjs.exe

C:\Windows\System\cvJjRbK.exe

C:\Windows\System\cvJjRbK.exe

C:\Windows\System\KROnNLi.exe

C:\Windows\System\KROnNLi.exe

C:\Windows\System\uCRypNx.exe

C:\Windows\System\uCRypNx.exe

C:\Windows\System\kYALJcU.exe

C:\Windows\System\kYALJcU.exe

C:\Windows\System\urwTdLW.exe

C:\Windows\System\urwTdLW.exe

C:\Windows\System\kUHWXNX.exe

C:\Windows\System\kUHWXNX.exe

C:\Windows\System\lLZEoao.exe

C:\Windows\System\lLZEoao.exe

C:\Windows\System\hNCfOJb.exe

C:\Windows\System\hNCfOJb.exe

C:\Windows\System\NKaeobn.exe

C:\Windows\System\NKaeobn.exe

C:\Windows\System\UxcFWOu.exe

C:\Windows\System\UxcFWOu.exe

C:\Windows\System\yxzikvH.exe

C:\Windows\System\yxzikvH.exe

C:\Windows\System\upVkqYj.exe

C:\Windows\System\upVkqYj.exe

C:\Windows\System\avcfksz.exe

C:\Windows\System\avcfksz.exe

C:\Windows\System\aYHMNzP.exe

C:\Windows\System\aYHMNzP.exe

C:\Windows\System\doknxPb.exe

C:\Windows\System\doknxPb.exe

C:\Windows\System\RYhLwVv.exe

C:\Windows\System\RYhLwVv.exe

C:\Windows\System\EtuhgGv.exe

C:\Windows\System\EtuhgGv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 98.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.106:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4516-0-0x00007FF7B5DA0000-0x00007FF7B60F4000-memory.dmp

memory/4516-1-0x000001DF2BD90000-0x000001DF2BDA0000-memory.dmp

C:\Windows\System\lbqGjFO.exe

MD5 2c8b687ba9e2505279354ed1e28dfe59
SHA1 909d7ff03659f4f8d925ec9f2fde7cc1b5a0829e
SHA256 19a2c111a52ed80c082b72c3895ea9e08311ef33acb381214135b40a36af73d3
SHA512 7610e85d9da8dc29c4b13e99f98b3c9841dab6f3cf5efd60025cbbfcf1a9aa3d763cc3915ce74c682f64e5cfb17498df3b5d4289c81b995f410e10fb583c991f

C:\Windows\System\UcgkxQQ.exe

MD5 4bb3b1f13198115e027f294de82ba4e3
SHA1 81cd06dcab43b3afcb16c69e940055120b665f20
SHA256 b248fe1c5d8732a3b76dc858d9c54744cbd831f2f9620e6ef75e84c6b40d2bb5
SHA512 9fd9a14145276f2c79df9f4967f0bf5953ab24289aca41202957593231968e694f32a6d279480c806de725f92795cc8d9db0ff527e94b103ed8d9d977a521512

C:\Windows\System\CHsxpyT.exe

MD5 8b8cbfb4703a520abb0a55dfc5a5e3c4
SHA1 a6db4165f1669d13eddfc59c0da66981060311fc
SHA256 45e302e585955fc6229e5206f5fa3bdb602dfc0ff4223d1f448ae56ce73f3eda
SHA512 29ae5049f8ddb185f4672650ddc2198551c189b6910b98c0f9d29e6bbee125654b58153cf1de6ed2bccadc5363b1e05a2d06109332e516a16684f566a4c6cca5

C:\Windows\System\BeozQer.exe

MD5 da922d0349cf0582b625fe9f835ebe29
SHA1 5f44c86740d3f1b2319e63e8d3138d4f118a934f
SHA256 5ddfa4ab75f5228cfde9353193b6c33b4c05f074d7c884ba736db0e647717241
SHA512 259647d4318c8b0ff4f6bc8faa4ba90ba1ba7f3b364c78cbcd1324266280423b8cc6fd15bec4458763c2b317568ad60cd164e7a13e54d07604f3145f3fff0239

C:\Windows\System\PwWSnhl.exe

MD5 7c5642f55306cc7d38e1b65f6bc711e8
SHA1 96f3ac262143fbaef0f4177fbd96265a802338f6
SHA256 3bec1b66544116bdf72c5604ddb9a5f15f45df3ee0cfea25e5a3e28f8e84b7f1
SHA512 c0b2b5d41e9776454fc4ef92be2451c23e7a21508235d56ec0ee3d479c8acc631fa0619aab93b70f5d1adf8820684e3b0970b734dcae34c51edbc04977d907fd

memory/3212-18-0x00007FF791F20000-0x00007FF792274000-memory.dmp

C:\Windows\System\AlLtIjK.exe

MD5 6c605e09e443377d5d03738010cb2fb4
SHA1 036c21f82f331d5330487b2bce8b62b16acf4103
SHA256 7c3bdafb370a7ff3ba00db49c19dcae21eb978386d27438b890b2e82f09ff021
SHA512 97041ff1edbe2592428857d3c51a1563d41dec3f5c9b6e3438f781d931e5f423abb9907d6ec57dbaecfbdf315e91f4572ead6c956d532650ece9be9671db7dbd

C:\Windows\System\syiBWba.exe

MD5 e331aa559483b4dc3c01170ab4841512
SHA1 e64d4f6690cf679c63beb71e440bb3b34d7e44df
SHA256 6ac81b70b6f295d507cad19af6ced901e6e99a19c461be492fe45475153b4189
SHA512 91beb7780e078f388247c543a4ebbede3cf89781a252dc38ac050003fc68febad615b8809d59b7c6dad981136d935811c0f839e09cfe3ac0f9bce399ba1c7d2f

C:\Windows\System\xqUnsnZ.exe

MD5 3b7ce5edca9a691e0bb8715a5b023195
SHA1 4c1285b544de66f9768ce41a30c04e471fdd42ee
SHA256 bce36d4d33144e4a5101c9059197d1a833b669f8e9c3892449efb5d0a899b070
SHA512 c1b846c39fa8f87900c7a55f9a8d5861eab51977644c052c2f44011f2e4651da93d44296a9bcd108d3b5cdb761e29aba0ece30fe1e62d63b3a5b991e65339407

memory/3236-31-0x00007FF68F8F0000-0x00007FF68FC44000-memory.dmp

C:\Windows\System\cIYBNhs.exe

MD5 b810574efc9fed60e2b1385aa14e3f8b
SHA1 8c1cf642840153c08b5cc2e2bf64868a6c05a33f
SHA256 04b40ea287ab8f88d2d26e1f01a9babc53d6106599d22c0810761cdf17f749d3
SHA512 f43d3f9c5280bcb683deffca97313e474b6afe0125322a13adbee26be9dd8578bc9f070b70f0251bcc8632103c66a3c587d29e229077053aa42ef31b45e0028f

memory/1412-41-0x00007FF7AA3B0000-0x00007FF7AA704000-memory.dmp

C:\Windows\System\uOjuplz.exe

MD5 93677254fd5ce3ec20239aef7afe05c6
SHA1 8e5a518c2574ec6abf7cb77b406612ade724f514
SHA256 e37861d47e952a76c086fb2fb4f2c8477da7299d82f603c01424831acdc00993
SHA512 4a9fc6753c098b83e16492c278e6c6f04c4e736f558ed3bbf2ca3f6e116d5f3700f90cc118ac3214c812790c7e751fd6a5407794dc38b405280d73517a8ed79a

C:\Windows\System\pLwFZqg.exe

MD5 e652a7c9ca0699f787b16ebed2e3aa90
SHA1 520888bef1258a1a9029a188d13aaa6d22f1fc47
SHA256 14ed562ebd14ecc664df6e89cd0e8457ef7ec3ead7ebce92f7fc4460acef3576
SHA512 947c144246aebb10c2dd025586319e3f0c9ed650d60d447a929ea769a7912d65a75898fcef38e8701e65a334ec69c1cbc8a74739d500419c967a53a8b54cad2d

C:\Windows\System\gAbBLXA.exe

MD5 a856178666ad95ccbe4e54e31ffc1fa1
SHA1 946bf1129648259e478985aa636c989796082b06
SHA256 97dc942e3b258e58aa6edd5b031d54f4f068714a62db2ff33e0a6b8213bb5183
SHA512 b917a75edea435629bac4891a53ee1a46ae8c8288ae07933d11440cd18c090269118d7bd58992c43d56e02608267602a7b9b35fbb363395d3def10d02528060a

C:\Windows\System\SBappHI.exe

MD5 532b2bb0d28f93bf90fe376630d24698
SHA1 9a8d261e72dbc85f41e8987326c8e81fe3316e96
SHA256 32657c16c462173f9e63b2e10846114e014197eab116799ad5cb0c4fcdcc5c3e
SHA512 1dfefa5b6d886f2e46bee72df2554b3e824e498ec8d727fb47b3b1831576c14719ef498cbe1039961b3e2dde7d06424167fc05e1e1b059b38728b8f28167e680

C:\Windows\System\BjPZYdp.exe

MD5 19d22ef4ade90d270c07e461be17fdfa
SHA1 f8efa9ba6dcf242b9218523cda67ef5e9d830369
SHA256 132ebb681c1f955c4edd4a5ea1c781f3c73c502b99e939dd0493f690e6e17a6b
SHA512 acafe24d6748b1cc3af434faa639b39dbdb86f8d5ad21f88f20e4749974b1c9ebbe1b763298f5da3488e75c2a1c071eb1612a5894dbbca3c1697dc4b7a41408e

C:\Windows\System\HwKKooq.exe

MD5 bd1f83d7bf33113e5bf5bf546d03d858
SHA1 8cd6081caacbbd86e894417c3cf694c116d02c1c
SHA256 3774a007e19b4bd49b81e99b9d65dfa9385b2d42f1c54936598a5a6289351693
SHA512 b595648294e2ddb05cadcef2db24e2a6e23aa776daec2c63e2f4f6307164e82b7a4e0750926186dbd2bdf01df30e01bd88c718bfc3fcbdb8d023561f6bdcecf8

memory/2980-220-0x00007FF7A3EE0000-0x00007FF7A4234000-memory.dmp

memory/2924-260-0x00007FF7BFB00000-0x00007FF7BFE54000-memory.dmp

memory/2412-278-0x00007FF715B70000-0x00007FF715EC4000-memory.dmp

memory/3244-288-0x00007FF6DB5A0000-0x00007FF6DB8F4000-memory.dmp

memory/5116-290-0x00007FF6C6600000-0x00007FF6C6954000-memory.dmp

memory/1048-289-0x00007FF70A400000-0x00007FF70A754000-memory.dmp

memory/856-287-0x00007FF799430000-0x00007FF799784000-memory.dmp

memory/2884-286-0x00007FF6A1770000-0x00007FF6A1AC4000-memory.dmp

memory/2780-285-0x00007FF684520000-0x00007FF684874000-memory.dmp

memory/3124-284-0x00007FF7CC8A0000-0x00007FF7CCBF4000-memory.dmp

memory/2420-283-0x00007FF6006D0000-0x00007FF600A24000-memory.dmp

memory/3472-282-0x00007FF660EB0000-0x00007FF661204000-memory.dmp

memory/968-277-0x00007FF61D850000-0x00007FF61DBA4000-memory.dmp

memory/3860-276-0x00007FF6B3CC0000-0x00007FF6B4014000-memory.dmp

memory/4392-275-0x00007FF7C6DD0000-0x00007FF7C7124000-memory.dmp

memory/3144-249-0x00007FF727D00000-0x00007FF728054000-memory.dmp

memory/1920-248-0x00007FF7168F0000-0x00007FF716C44000-memory.dmp

memory/1616-201-0x00007FF6AD0F0000-0x00007FF6AD444000-memory.dmp

memory/3204-200-0x00007FF7029F0000-0x00007FF702D44000-memory.dmp

memory/4252-186-0x00007FF61F3D0000-0x00007FF61F724000-memory.dmp

C:\Windows\System\aTIloXq.exe

MD5 7a2c485e7528616e4c5887ccdae4096a
SHA1 227e51b013fad0d1e4885a85ad9b9e7296ad07ed
SHA256 a0c6cf0c492343c12ad3839a426e8f8975e72b656dcfbd64b26bfaa64efb3bb5
SHA512 58ddebb56391914c85824bf2bc392863235e943b7c2bff3facd952148cb52064fac39d29dcab30ff18b089b64ed9657ff4ddb7ea2836e5c3c206309bb859cb09

C:\Windows\System\IIIlcwT.exe

MD5 25896cc51a059953bec35a9e58e105a2
SHA1 23024e5248b4685b9abee42f4e5e45f4b8e01bb2
SHA256 3c017f89e3ba63327f047c81b552734e14083364691f3b331f5484cbe9b8589e
SHA512 49d075c9aa39d465e52d08e02b1373e56260508aa3a402ea4a918c467fbbe20d6520ddeb8c402dc611364ba45c7d402e28db4334983977fe2b57c629eafaa65f

C:\Windows\System\ssAhSWE.exe

MD5 4ea7406816e3ec7f9928e809a60abf49
SHA1 08ef3a5c412921cd6d3f3a181e522cfc2a40cdcb
SHA256 360cbe9105817a4217ab0ca1add53dbd88f0bb613c13c8f837016b0cdf5be6e5
SHA512 edbb9f26e688609360bf64c569b1a0938d58ea30ec75e820405e9ce95cfc5eef2e79a29469c9d174e21586c7d0e7c7898ee8288a4f069b0b00908e817dd25f1c

C:\Windows\System\lqXYErA.exe

MD5 eefd50d283dc2cc9c183494bd4933981
SHA1 8f7e5ddf3822c1f24dd8567482da2744f13664b4
SHA256 a5db11099fff3fb447a0ced5053f0b1b2142d89f0578f189899ad8fde3785735
SHA512 1e3cea2e99ec7ffa75c20a15de2cb7a39fbb91858a58ffb3ea1fb84ff87e2eb1efc35d2a6dd6cbd4f06a2051475ffccba1e4bfedb8323e88f2aeb4e4cf355864

C:\Windows\System\ilOhThm.exe

MD5 640e76e651918769c1af81e9b2dacdc3
SHA1 e02818866e7680040017e0f24d1ed86aef8bf60a
SHA256 0cb8d111a242575da583952aa7ebe3cf3e4635b2125d36e981d8df4d74f67e7e
SHA512 959a319d735d2c12de534b516985d39edd262644efdca89031463bbc314981c3cd0aed650f98dcd7088162f2335a3005f2c99c3ded1795122c09268dfaf55adb

C:\Windows\System\TarZskz.exe

MD5 f3c4c4ad6ad7bbc35a638d680eff5d6e
SHA1 24e973be13a3f370cfb53a8a254ecb9492b7fd30
SHA256 26420d06b253864ec96b808fbc9ae6f3ea57d9e7b42091b24da5ff0db7005ff3
SHA512 cdd48a2aeb2e309cbcb4a52268ad10a44470c1d065c5b05cfd6f65ecd890afc429b176ac5ad83b4ad198a5246e52de86d435683b3622318aae749c6189ac1305

C:\Windows\System\GrzkZXK.exe

MD5 93b297816870380419b288a4fe626272
SHA1 47a63647ab2df9e8b98edfbc8148f70e016c3c1d
SHA256 f019a1e64741f631b7e2b0f08268aa7ce25703415ef73cbd49f57769d9d274ab
SHA512 357b131a2766f6875b45c7e3039c4eea519c0a2c8d6beaafd26027687b86cd78118e417b80fef2fea022d022658f4cac638f13e55812a46797c20edf9b2fc55a

C:\Windows\System\DOHhMya.exe

MD5 5e4a45ec1eb05b04fa29b058b56281d0
SHA1 34c093fa5c4b4963e143e25510de564c7cff0e21
SHA256 077f4d2fcab8af126c8262d6b2e108ec85a94856627bd504c91c8610a7aa6349
SHA512 9b37189d953b2b8e3fcff400881c862e49103d9ef3988bc81f28982f63794e1fc05bc3f49277a5b1459149893288d05050867fd8f461708a9d60f54492196c8c

C:\Windows\System\rUtaVvr.exe

MD5 1a6a91ae1adf61f01433f0c15c0361be
SHA1 1a9b2dad4addadfee71168af1639c6d37bb1ff6d
SHA256 e83a10de31f841d4a9e4e93d499d264470706bd4aeeb146bc99e89b327c4f827
SHA512 83ed8021f07f4640ade2f0ed84015bc6b24997ba380ad93846f992157347d30a89dffca7420be3b41e7dd43d3ca3634653168089d1f37e62dbca21e9e3313ef0

C:\Windows\System\RDeVCgW.exe

MD5 1a7f1e7e5b9582897d5cb1417d872b3b
SHA1 a8db7b20ed152985e66cf222cb60d4d44d6e4b1f
SHA256 37081b3f2e2b1af3d4e5981908d8d9988c123f11b32be0f54083ad191de627be
SHA512 37ea46b844fe45cd71cc7ceeee6dae6ea9ccc1aea59a0b08542f7e39710484db43d9c820f9eccd8e17106838be51a7938ee00bdc21eb51a291ab8075e8e910b2

C:\Windows\System\ZSYrsRh.exe

MD5 440c83a8b0169a4632cc36cb1c833699
SHA1 9f7dc626afa3de20adee31ec6e7f6d50e7135ced
SHA256 d43140759e2a7acaa68fe5836c15614fd77ee8ed33ae0c60ce73a69f589b29de
SHA512 29e1b1917e57b56e13165e086a5ee570aae59c2672ff75f16699f784e9ee4197c7d914fc863c4e95c3d551ca2d16fdda9f0175453ad8f90dac4c63be5a8bf3d1

C:\Windows\System\OPLYbvl.exe

MD5 725bbb5ee42b4114b4625ec745ff26e3
SHA1 6f0554251e4a0ce9319b1a7814fb67c614bc5090
SHA256 3010f609dd94a13a485b7d72c0f4e5fa6b95d9ba274cd20454b8d59b8695ad34
SHA512 ce0fd75bcdb5b8322b55a3d9d2b55ef85d3c95bf12289308d84fc3cefb1e69b37f0bb2f3edb554fd050e9c419c350522d6c8daa3705091b0607ef9880fdc5a7f

C:\Windows\System\ILvSnqY.exe

MD5 9ab16ef98ccb60eb8bd8b22b25d63d0f
SHA1 2de3ed9334497159ee942cf7736a9c7f30beada0
SHA256 b8ec9d03fd691ddc43b6db9f88e0b3f35e9d4c2ce9755553786eb01e148b63e9
SHA512 e7228c45a10046dab7f91eefc1e485c9e16d386a55038eef7e1582c4ae27f50ba39367dabadaa2dc79b867bc05199eb57b07fa8ecc3a452e732627526afd901a

C:\Windows\System\PHSVxYS.exe

MD5 c0e1fe396931f1ec3b7f0c824df034bb
SHA1 e63442a29fbc0280ceb7ef43ac3428164fda0bea
SHA256 68280dca0bc75c782efc22ef9afd6195f3ff68114cc0c28c4891a69c69b85fb4
SHA512 f318ad94c5a0ff4b6297822b481d1f3e33cec503d913e1da160010573d74d120accce1f2712f6e665d67fff7b3729bae20ec34f62eb4c86035a52992ea55cec7

C:\Windows\System\OvdIlgh.exe

MD5 c992a45751701d0274afc3d96edce32c
SHA1 73bdedf43d9459797b272218ba928e7200bb2ceb
SHA256 cfd54e312dd9db58db8e633feaa894e8e720d109eeef74470d02cb162339cc79
SHA512 306c4d4f680f89225c9191cede3fb5478a1778d8f22b406fe7fcc9c887ae004948a25cc4c9e8450281dd37d28904e14f27b1949ca4183699a509fb3429670e5e

memory/3912-151-0x00007FF77D260000-0x00007FF77D5B4000-memory.dmp

C:\Windows\System\KKqULet.exe

MD5 71ba324fbf9e774e5abaeb45c9619187
SHA1 88aea65500b30dd68daa907ac34c9dcf6720f9e1
SHA256 b93a3c861be5259bf17c53f547d22b68f2c029d008f9d065ca64cf1dd020da28
SHA512 7f33b4cc8c1f90cc512822398173366531176e6380ff9086cd28d3f7eceaca5334ed7757b68d19836b2e7877e40fc716a897d536d04702e7d72d3265af2149d3

C:\Windows\System\cbIfRbu.exe

MD5 722809e56fae33aa05291e1d21cf1cab
SHA1 46cc888c317e9c138707353536220bbff2743e3b
SHA256 538beccc4178bbcc503f27a612decdfbe690f7167380343507d0d35ac0f1127b
SHA512 0f0290a4e14f49949bcb5de803e7cb5725fd919307a7d2ea2b3d9b65c1548ebf9c0a0ea9dc0f39629832e1af8b9b77a44c3e7ecbf9a12803ff6e229a45e7874f

C:\Windows\System\GSWjgsB.exe

MD5 68a153512ab0838f026cb03f94ff2465
SHA1 14ded6244e4eba5da9d541a80d45cc5d6ee041a9
SHA256 bc8cc61991f2a5793b4d5c4d56d71dc6619fdebd072e3b157264d3cae4c61e2a
SHA512 4a1c327b29172c6d91e40297b0495d1cf0f6531876957dc6113fac939e4580190921f3f4a6e3a18a37240a5379d4d09920a5a1e60ce7c3e6605ddd78e3094cf2

C:\Windows\System\XNNhmyL.exe

MD5 9b111f2d37a33a1efef8c6a24742545d
SHA1 811926a1636de4e4ddcccc27340b2c479402d002
SHA256 8b4ab77f6f06e9f220ea33ab744ec2b811eb250b69bfe4cfd253383abd8a634b
SHA512 c76c2a1b386f73715e6d75658ef0f03137a6dfc38371fc1669d3be003683acc632781d4282e4cc52cb9c86c27262a87405be5da7491eeeb8a4c88ff8415fd351

C:\Windows\System\gpPaTzp.exe

MD5 d6be8ac8390121555de0ec565eaabea9
SHA1 5d9b1e9c43f46847c4c7c310bf6b345fbd025265
SHA256 d7cc5f239be06882e086c3e94755401ca9428955d19dadfce92752d5ba574501
SHA512 a1ffd77bc0c1208a472ac7c8cd976057ea22ddaeb24799b7a514bcea431d2037aa7b7cf359881b1616d285933882e36d855f5eb8444145ff85496aa80e5c2b56

memory/2912-116-0x00007FF695600000-0x00007FF695954000-memory.dmp

C:\Windows\System\foRuBpm.exe

MD5 1fe7643391634271e1b2daafd2e12ee7
SHA1 f4822079dae37a7c16ca0eb21e331eee426e72e6
SHA256 7d9ffa7edcc452f7ce571285619d93c0d4f28639d572403b0ab52a729cd8d93e
SHA512 2cd3f51f416a86a18e1e99fef3f14a98124b3cf486ca97322f5b592b5dd3b5ec1096bc7db6015dd41290ae8147a288800bfb6d12be1487f220bf42a8ebee9a07

memory/2988-110-0x00007FF6C1790000-0x00007FF6C1AE4000-memory.dmp

C:\Windows\System\sdlxbRn.exe

MD5 0b60aafdc1572d04f914827ecc9787b4
SHA1 c62f8540bd7dbcc1f724833c2147f998f83aa745
SHA256 0b9f46b2ed5b26b9fc08bfa7ed4b1055df1293beaa8d2bb7f4ebad4741d8e697
SHA512 cbffaf99c37f4bfb0dffcee122ae64f1ebf6ce6d59b77cf370df7cc05d3ab80c70367ba5735d0448bc1828a6683b4efa41020aeb73fae8612b2acf3cfadf1bc9

C:\Windows\System\IOotLvX.exe

MD5 910d8208ae4516b10c7a579c9cca6f4c
SHA1 f0628f04cee9104447728022c871f71d2fbb74fb
SHA256 20c4bbc7c5fadeee4e1436f4b079afbd59e01c33b9d5ae85f774a9a0d787508a
SHA512 9cfb0051409c892aa52768b7019397d363edab72b0d1d591cccb50999ab03aed1e655bac4e0e45ea7ded5216d03c9dd97f6aaeafc57f191786b26b2b51b6160e

C:\Windows\System\cyuNcmP.exe

MD5 4bca7ca22d57479c4def543cef9c38cb
SHA1 a52ef91a2544754a718fbeec0b42c33993d64438
SHA256 9243e58a32f82c8af28363d0702feae0bb7e37038b3f726b7fe7a0040dbbd011
SHA512 a03b87f7d09bde6f1d2982c275581f1be105c100c7e86d28e68e5af34657985a100bcd93e3e3084f9f4be069cb78e60bc429435dedb5e6ef98f5ff499964b8bc

C:\Windows\System\cbnYKPy.exe

MD5 b7bb9c25b43addf1e43348fe2b3c8937
SHA1 9dd307230e28d92baa2c5b1ed8ed436d66e372e2
SHA256 8a6c5c4bc0e952033924674ac893f448bf06afde38ab274eb66d472138de3620
SHA512 1cfe8c9d9074e21fa2ac76c980852844ad92e9808afb78dc646b0026ea8a87b025dfd64369756d726fb178580f1ace6db953924c487ab6dabf5f9b01225d5dc8

memory/1348-75-0x00007FF63B560000-0x00007FF63B8B4000-memory.dmp

memory/4480-62-0x00007FF62B3C0000-0x00007FF62B714000-memory.dmp

memory/3388-59-0x00007FF765F50000-0x00007FF7662A4000-memory.dmp

memory/4516-1070-0x00007FF7B5DA0000-0x00007FF7B60F4000-memory.dmp

memory/1412-1071-0x00007FF7AA3B0000-0x00007FF7AA704000-memory.dmp

memory/3388-1072-0x00007FF765F50000-0x00007FF7662A4000-memory.dmp

memory/1348-1073-0x00007FF63B560000-0x00007FF63B8B4000-memory.dmp

memory/3912-1075-0x00007FF77D260000-0x00007FF77D5B4000-memory.dmp

memory/2988-1074-0x00007FF6C1790000-0x00007FF6C1AE4000-memory.dmp

memory/4480-1076-0x00007FF62B3C0000-0x00007FF62B714000-memory.dmp

memory/3212-1077-0x00007FF791F20000-0x00007FF792274000-memory.dmp

memory/3236-1078-0x00007FF68F8F0000-0x00007FF68FC44000-memory.dmp

memory/1412-1079-0x00007FF7AA3B0000-0x00007FF7AA704000-memory.dmp

memory/3124-1080-0x00007FF7CC8A0000-0x00007FF7CCBF4000-memory.dmp

memory/1616-1081-0x00007FF6AD0F0000-0x00007FF6AD444000-memory.dmp

memory/4480-1082-0x00007FF62B3C0000-0x00007FF62B714000-memory.dmp

memory/1348-1084-0x00007FF63B560000-0x00007FF63B8B4000-memory.dmp

memory/2912-1083-0x00007FF695600000-0x00007FF695954000-memory.dmp

memory/2884-1090-0x00007FF6A1770000-0x00007FF6A1AC4000-memory.dmp

memory/3244-1091-0x00007FF6DB5A0000-0x00007FF6DB8F4000-memory.dmp

memory/2780-1092-0x00007FF684520000-0x00007FF684874000-memory.dmp

memory/3204-1089-0x00007FF7029F0000-0x00007FF702D44000-memory.dmp

memory/3388-1088-0x00007FF765F50000-0x00007FF7662A4000-memory.dmp

memory/2988-1087-0x00007FF6C1790000-0x00007FF6C1AE4000-memory.dmp

memory/4252-1086-0x00007FF61F3D0000-0x00007FF61F724000-memory.dmp

memory/856-1085-0x00007FF799430000-0x00007FF799784000-memory.dmp

memory/1920-1100-0x00007FF7168F0000-0x00007FF716C44000-memory.dmp

memory/3912-1105-0x00007FF77D260000-0x00007FF77D5B4000-memory.dmp

memory/2980-1104-0x00007FF7A3EE0000-0x00007FF7A4234000-memory.dmp

memory/1048-1103-0x00007FF70A400000-0x00007FF70A754000-memory.dmp

memory/3860-1101-0x00007FF6B3CC0000-0x00007FF6B4014000-memory.dmp

memory/3144-1099-0x00007FF727D00000-0x00007FF728054000-memory.dmp

memory/2924-1098-0x00007FF7BFB00000-0x00007FF7BFE54000-memory.dmp

memory/968-1097-0x00007FF61D850000-0x00007FF61DBA4000-memory.dmp

memory/4392-1096-0x00007FF7C6DD0000-0x00007FF7C7124000-memory.dmp

memory/2412-1095-0x00007FF715B70000-0x00007FF715EC4000-memory.dmp

memory/2420-1094-0x00007FF6006D0000-0x00007FF600A24000-memory.dmp

memory/5116-1102-0x00007FF6C6600000-0x00007FF6C6954000-memory.dmp

memory/3472-1093-0x00007FF660EB0000-0x00007FF661204000-memory.dmp