Malware Analysis Report

2024-10-10 09:50

Sample ID 240620-kx5ptatbkm
Target 4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe
SHA256 4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c

Threat Level: Known bad

The file 4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

KPOT

xmrig

XMRig Miner payload

KPOT Core Executable

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 08:59

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 08:59

Reported

2024-06-20 09:02

Platform

win7-20240508-en

Max time kernel

142s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ablNeAp.exe N/A
N/A N/A C:\Windows\System\bRGywIO.exe N/A
N/A N/A C:\Windows\System\ywvqJiB.exe N/A
N/A N/A C:\Windows\System\zjpTChH.exe N/A
N/A N/A C:\Windows\System\FYxwEXZ.exe N/A
N/A N/A C:\Windows\System\VQwgzyc.exe N/A
N/A N/A C:\Windows\System\FeGgWQl.exe N/A
N/A N/A C:\Windows\System\mpVTbON.exe N/A
N/A N/A C:\Windows\System\zBIZXSX.exe N/A
N/A N/A C:\Windows\System\peHSSbv.exe N/A
N/A N/A C:\Windows\System\xinvXwo.exe N/A
N/A N/A C:\Windows\System\wxeFBEl.exe N/A
N/A N/A C:\Windows\System\yRhpdhR.exe N/A
N/A N/A C:\Windows\System\YQLPlpC.exe N/A
N/A N/A C:\Windows\System\oGEZgUH.exe N/A
N/A N/A C:\Windows\System\xWdMOen.exe N/A
N/A N/A C:\Windows\System\NgZkGqX.exe N/A
N/A N/A C:\Windows\System\kmcBFWM.exe N/A
N/A N/A C:\Windows\System\KiFQOZF.exe N/A
N/A N/A C:\Windows\System\PcmjsWB.exe N/A
N/A N/A C:\Windows\System\vTsZMwk.exe N/A
N/A N/A C:\Windows\System\aseknVZ.exe N/A
N/A N/A C:\Windows\System\VPtABgf.exe N/A
N/A N/A C:\Windows\System\nascrjS.exe N/A
N/A N/A C:\Windows\System\RoQhHUU.exe N/A
N/A N/A C:\Windows\System\KXCCsuQ.exe N/A
N/A N/A C:\Windows\System\bMeFdEH.exe N/A
N/A N/A C:\Windows\System\INKdEFf.exe N/A
N/A N/A C:\Windows\System\aqHtejv.exe N/A
N/A N/A C:\Windows\System\EXVBjCd.exe N/A
N/A N/A C:\Windows\System\mwTlBAg.exe N/A
N/A N/A C:\Windows\System\UOxDPVD.exe N/A
N/A N/A C:\Windows\System\dSnNpkP.exe N/A
N/A N/A C:\Windows\System\VrznPHt.exe N/A
N/A N/A C:\Windows\System\CMQnfhv.exe N/A
N/A N/A C:\Windows\System\kZHksHr.exe N/A
N/A N/A C:\Windows\System\rjrOnIz.exe N/A
N/A N/A C:\Windows\System\HPFQajq.exe N/A
N/A N/A C:\Windows\System\soPbtvO.exe N/A
N/A N/A C:\Windows\System\xwecRSs.exe N/A
N/A N/A C:\Windows\System\moRZrfh.exe N/A
N/A N/A C:\Windows\System\AxvfUoj.exe N/A
N/A N/A C:\Windows\System\gYtNjUi.exe N/A
N/A N/A C:\Windows\System\IqCdnDF.exe N/A
N/A N/A C:\Windows\System\bOrhtkX.exe N/A
N/A N/A C:\Windows\System\WHlmuQS.exe N/A
N/A N/A C:\Windows\System\dRpDhOi.exe N/A
N/A N/A C:\Windows\System\FSAYUVb.exe N/A
N/A N/A C:\Windows\System\nHcRhJN.exe N/A
N/A N/A C:\Windows\System\LvxJRtL.exe N/A
N/A N/A C:\Windows\System\HfLdmlO.exe N/A
N/A N/A C:\Windows\System\XfJCfiK.exe N/A
N/A N/A C:\Windows\System\oAnownm.exe N/A
N/A N/A C:\Windows\System\GjEGpKi.exe N/A
N/A N/A C:\Windows\System\LTLPUtE.exe N/A
N/A N/A C:\Windows\System\yFxdbfQ.exe N/A
N/A N/A C:\Windows\System\mDUoZRt.exe N/A
N/A N/A C:\Windows\System\UeyvDAJ.exe N/A
N/A N/A C:\Windows\System\AufcZJW.exe N/A
N/A N/A C:\Windows\System\gCmnVBm.exe N/A
N/A N/A C:\Windows\System\yvVVQSB.exe N/A
N/A N/A C:\Windows\System\ktRARgW.exe N/A
N/A N/A C:\Windows\System\uzxgGaH.exe N/A
N/A N/A C:\Windows\System\nYvYONa.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OCUoqLQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGanpYO.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BxxUvKQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjEjreW.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFxdbfQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwDMstn.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLOAkTy.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZlLNNj.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYuaRqe.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\uxbusOL.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RoQhHUU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OiSATsK.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\sERPyAS.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DiplqVg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKfNOTt.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwAEXut.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBerATU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhAtBgf.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRMUEfZ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\PTVGBtN.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQsOmpT.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\TxuXfgS.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWccMOc.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsffAiO.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXCtGpV.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\clxHTdB.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mGwfitx.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEzDpqy.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbeGCnE.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\azYPukF.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSroliU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyxkfDs.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXKXVRq.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrDhJgS.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\Hjqgwcp.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCKqFTR.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\jSpMYeZ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpOTwOC.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MoaqZpi.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\JQFKkOa.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHFAyjB.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIPjmia.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOYMgaQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\diaDWKm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\FgGndTI.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQpgcNU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzDoZvV.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\oAnownm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFJchCb.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEoQueh.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhBdDIo.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUhhvyU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\KiFQOZF.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwTlBAg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEpbbof.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltMnLBr.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckAZuPY.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTISZTH.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmcBFWM.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDnitNI.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\suCKNnR.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFojTUX.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUWPPTj.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfJCfiK.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ablNeAp.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ablNeAp.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ablNeAp.exe
PID 2844 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\bRGywIO.exe
PID 2844 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\bRGywIO.exe
PID 2844 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\bRGywIO.exe
PID 2844 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ywvqJiB.exe
PID 2844 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ywvqJiB.exe
PID 2844 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ywvqJiB.exe
PID 2844 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zjpTChH.exe
PID 2844 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zjpTChH.exe
PID 2844 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zjpTChH.exe
PID 2844 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\VQwgzyc.exe
PID 2844 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\VQwgzyc.exe
PID 2844 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\VQwgzyc.exe
PID 2844 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FYxwEXZ.exe
PID 2844 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FYxwEXZ.exe
PID 2844 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FYxwEXZ.exe
PID 2844 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FeGgWQl.exe
PID 2844 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FeGgWQl.exe
PID 2844 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\FeGgWQl.exe
PID 2844 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\mpVTbON.exe
PID 2844 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\mpVTbON.exe
PID 2844 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\mpVTbON.exe
PID 2844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zBIZXSX.exe
PID 2844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zBIZXSX.exe
PID 2844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\zBIZXSX.exe
PID 2844 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\peHSSbv.exe
PID 2844 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\peHSSbv.exe
PID 2844 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\peHSSbv.exe
PID 2844 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xinvXwo.exe
PID 2844 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xinvXwo.exe
PID 2844 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xinvXwo.exe
PID 2844 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\wxeFBEl.exe
PID 2844 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\wxeFBEl.exe
PID 2844 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\wxeFBEl.exe
PID 2844 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\yRhpdhR.exe
PID 2844 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\yRhpdhR.exe
PID 2844 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\yRhpdhR.exe
PID 2844 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YQLPlpC.exe
PID 2844 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YQLPlpC.exe
PID 2844 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YQLPlpC.exe
PID 2844 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\oGEZgUH.exe
PID 2844 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\oGEZgUH.exe
PID 2844 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\oGEZgUH.exe
PID 2844 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xWdMOen.exe
PID 2844 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xWdMOen.exe
PID 2844 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xWdMOen.exe
PID 2844 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\NgZkGqX.exe
PID 2844 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\NgZkGqX.exe
PID 2844 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\NgZkGqX.exe
PID 2844 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\kmcBFWM.exe
PID 2844 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\kmcBFWM.exe
PID 2844 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\kmcBFWM.exe
PID 2844 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\KiFQOZF.exe
PID 2844 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\KiFQOZF.exe
PID 2844 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\KiFQOZF.exe
PID 2844 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\PcmjsWB.exe
PID 2844 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\PcmjsWB.exe
PID 2844 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\PcmjsWB.exe
PID 2844 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\vTsZMwk.exe
PID 2844 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\vTsZMwk.exe
PID 2844 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\vTsZMwk.exe
PID 2844 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\aseknVZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe"

C:\Windows\System\ablNeAp.exe

C:\Windows\System\ablNeAp.exe

C:\Windows\System\bRGywIO.exe

C:\Windows\System\bRGywIO.exe

C:\Windows\System\ywvqJiB.exe

C:\Windows\System\ywvqJiB.exe

C:\Windows\System\zjpTChH.exe

C:\Windows\System\zjpTChH.exe

C:\Windows\System\VQwgzyc.exe

C:\Windows\System\VQwgzyc.exe

C:\Windows\System\FYxwEXZ.exe

C:\Windows\System\FYxwEXZ.exe

C:\Windows\System\FeGgWQl.exe

C:\Windows\System\FeGgWQl.exe

C:\Windows\System\mpVTbON.exe

C:\Windows\System\mpVTbON.exe

C:\Windows\System\zBIZXSX.exe

C:\Windows\System\zBIZXSX.exe

C:\Windows\System\peHSSbv.exe

C:\Windows\System\peHSSbv.exe

C:\Windows\System\xinvXwo.exe

C:\Windows\System\xinvXwo.exe

C:\Windows\System\wxeFBEl.exe

C:\Windows\System\wxeFBEl.exe

C:\Windows\System\yRhpdhR.exe

C:\Windows\System\yRhpdhR.exe

C:\Windows\System\YQLPlpC.exe

C:\Windows\System\YQLPlpC.exe

C:\Windows\System\oGEZgUH.exe

C:\Windows\System\oGEZgUH.exe

C:\Windows\System\xWdMOen.exe

C:\Windows\System\xWdMOen.exe

C:\Windows\System\NgZkGqX.exe

C:\Windows\System\NgZkGqX.exe

C:\Windows\System\kmcBFWM.exe

C:\Windows\System\kmcBFWM.exe

C:\Windows\System\KiFQOZF.exe

C:\Windows\System\KiFQOZF.exe

C:\Windows\System\PcmjsWB.exe

C:\Windows\System\PcmjsWB.exe

C:\Windows\System\vTsZMwk.exe

C:\Windows\System\vTsZMwk.exe

C:\Windows\System\aseknVZ.exe

C:\Windows\System\aseknVZ.exe

C:\Windows\System\VPtABgf.exe

C:\Windows\System\VPtABgf.exe

C:\Windows\System\nascrjS.exe

C:\Windows\System\nascrjS.exe

C:\Windows\System\RoQhHUU.exe

C:\Windows\System\RoQhHUU.exe

C:\Windows\System\KXCCsuQ.exe

C:\Windows\System\KXCCsuQ.exe

C:\Windows\System\bMeFdEH.exe

C:\Windows\System\bMeFdEH.exe

C:\Windows\System\INKdEFf.exe

C:\Windows\System\INKdEFf.exe

C:\Windows\System\aqHtejv.exe

C:\Windows\System\aqHtejv.exe

C:\Windows\System\EXVBjCd.exe

C:\Windows\System\EXVBjCd.exe

C:\Windows\System\mwTlBAg.exe

C:\Windows\System\mwTlBAg.exe

C:\Windows\System\UOxDPVD.exe

C:\Windows\System\UOxDPVD.exe

C:\Windows\System\dSnNpkP.exe

C:\Windows\System\dSnNpkP.exe

C:\Windows\System\VrznPHt.exe

C:\Windows\System\VrznPHt.exe

C:\Windows\System\CMQnfhv.exe

C:\Windows\System\CMQnfhv.exe

C:\Windows\System\kZHksHr.exe

C:\Windows\System\kZHksHr.exe

C:\Windows\System\rjrOnIz.exe

C:\Windows\System\rjrOnIz.exe

C:\Windows\System\HPFQajq.exe

C:\Windows\System\HPFQajq.exe

C:\Windows\System\soPbtvO.exe

C:\Windows\System\soPbtvO.exe

C:\Windows\System\xwecRSs.exe

C:\Windows\System\xwecRSs.exe

C:\Windows\System\moRZrfh.exe

C:\Windows\System\moRZrfh.exe

C:\Windows\System\AxvfUoj.exe

C:\Windows\System\AxvfUoj.exe

C:\Windows\System\gYtNjUi.exe

C:\Windows\System\gYtNjUi.exe

C:\Windows\System\IqCdnDF.exe

C:\Windows\System\IqCdnDF.exe

C:\Windows\System\bOrhtkX.exe

C:\Windows\System\bOrhtkX.exe

C:\Windows\System\WHlmuQS.exe

C:\Windows\System\WHlmuQS.exe

C:\Windows\System\dRpDhOi.exe

C:\Windows\System\dRpDhOi.exe

C:\Windows\System\FSAYUVb.exe

C:\Windows\System\FSAYUVb.exe

C:\Windows\System\nHcRhJN.exe

C:\Windows\System\nHcRhJN.exe

C:\Windows\System\LvxJRtL.exe

C:\Windows\System\LvxJRtL.exe

C:\Windows\System\HfLdmlO.exe

C:\Windows\System\HfLdmlO.exe

C:\Windows\System\XfJCfiK.exe

C:\Windows\System\XfJCfiK.exe

C:\Windows\System\oAnownm.exe

C:\Windows\System\oAnownm.exe

C:\Windows\System\GjEGpKi.exe

C:\Windows\System\GjEGpKi.exe

C:\Windows\System\LTLPUtE.exe

C:\Windows\System\LTLPUtE.exe

C:\Windows\System\yFxdbfQ.exe

C:\Windows\System\yFxdbfQ.exe

C:\Windows\System\mDUoZRt.exe

C:\Windows\System\mDUoZRt.exe

C:\Windows\System\UeyvDAJ.exe

C:\Windows\System\UeyvDAJ.exe

C:\Windows\System\AufcZJW.exe

C:\Windows\System\AufcZJW.exe

C:\Windows\System\gCmnVBm.exe

C:\Windows\System\gCmnVBm.exe

C:\Windows\System\yvVVQSB.exe

C:\Windows\System\yvVVQSB.exe

C:\Windows\System\ktRARgW.exe

C:\Windows\System\ktRARgW.exe

C:\Windows\System\uzxgGaH.exe

C:\Windows\System\uzxgGaH.exe

C:\Windows\System\nYvYONa.exe

C:\Windows\System\nYvYONa.exe

C:\Windows\System\rSIcakD.exe

C:\Windows\System\rSIcakD.exe

C:\Windows\System\FtZfNkZ.exe

C:\Windows\System\FtZfNkZ.exe

C:\Windows\System\SNzgMiU.exe

C:\Windows\System\SNzgMiU.exe

C:\Windows\System\urnIMbE.exe

C:\Windows\System\urnIMbE.exe

C:\Windows\System\BifLKmp.exe

C:\Windows\System\BifLKmp.exe

C:\Windows\System\jPNBQoM.exe

C:\Windows\System\jPNBQoM.exe

C:\Windows\System\tlxVjyL.exe

C:\Windows\System\tlxVjyL.exe

C:\Windows\System\ThvvhSN.exe

C:\Windows\System\ThvvhSN.exe

C:\Windows\System\JUGDFhG.exe

C:\Windows\System\JUGDFhG.exe

C:\Windows\System\OiSATsK.exe

C:\Windows\System\OiSATsK.exe

C:\Windows\System\DdvPBJC.exe

C:\Windows\System\DdvPBJC.exe

C:\Windows\System\gLgvCzu.exe

C:\Windows\System\gLgvCzu.exe

C:\Windows\System\wDnitNI.exe

C:\Windows\System\wDnitNI.exe

C:\Windows\System\LYXKeNE.exe

C:\Windows\System\LYXKeNE.exe

C:\Windows\System\TCqDmQo.exe

C:\Windows\System\TCqDmQo.exe

C:\Windows\System\iwlGCeF.exe

C:\Windows\System\iwlGCeF.exe

C:\Windows\System\atMUbTf.exe

C:\Windows\System\atMUbTf.exe

C:\Windows\System\oEpbbof.exe

C:\Windows\System\oEpbbof.exe

C:\Windows\System\PXZJLde.exe

C:\Windows\System\PXZJLde.exe

C:\Windows\System\sERPyAS.exe

C:\Windows\System\sERPyAS.exe

C:\Windows\System\wmQwGdV.exe

C:\Windows\System\wmQwGdV.exe

C:\Windows\System\MoaqZpi.exe

C:\Windows\System\MoaqZpi.exe

C:\Windows\System\hhpvthg.exe

C:\Windows\System\hhpvthg.exe

C:\Windows\System\NQsOmpT.exe

C:\Windows\System\NQsOmpT.exe

C:\Windows\System\wNyhweO.exe

C:\Windows\System\wNyhweO.exe

C:\Windows\System\aqCOMSE.exe

C:\Windows\System\aqCOMSE.exe

C:\Windows\System\oumYlNq.exe

C:\Windows\System\oumYlNq.exe

C:\Windows\System\shJxMno.exe

C:\Windows\System\shJxMno.exe

C:\Windows\System\tWnEHZg.exe

C:\Windows\System\tWnEHZg.exe

C:\Windows\System\XGzuwpH.exe

C:\Windows\System\XGzuwpH.exe

C:\Windows\System\temLNOH.exe

C:\Windows\System\temLNOH.exe

C:\Windows\System\amGsiWE.exe

C:\Windows\System\amGsiWE.exe

C:\Windows\System\AmBLrpT.exe

C:\Windows\System\AmBLrpT.exe

C:\Windows\System\ZBJUoyI.exe

C:\Windows\System\ZBJUoyI.exe

C:\Windows\System\gzLpIQk.exe

C:\Windows\System\gzLpIQk.exe

C:\Windows\System\AGyhRDX.exe

C:\Windows\System\AGyhRDX.exe

C:\Windows\System\TxuXfgS.exe

C:\Windows\System\TxuXfgS.exe

C:\Windows\System\mjjlQvn.exe

C:\Windows\System\mjjlQvn.exe

C:\Windows\System\DiplqVg.exe

C:\Windows\System\DiplqVg.exe

C:\Windows\System\gJvReFE.exe

C:\Windows\System\gJvReFE.exe

C:\Windows\System\INWVWaF.exe

C:\Windows\System\INWVWaF.exe

C:\Windows\System\ltMnLBr.exe

C:\Windows\System\ltMnLBr.exe

C:\Windows\System\ryKNyCl.exe

C:\Windows\System\ryKNyCl.exe

C:\Windows\System\vWccMOc.exe

C:\Windows\System\vWccMOc.exe

C:\Windows\System\SqoLpfu.exe

C:\Windows\System\SqoLpfu.exe

C:\Windows\System\UfGrMQN.exe

C:\Windows\System\UfGrMQN.exe

C:\Windows\System\dahFhIl.exe

C:\Windows\System\dahFhIl.exe

C:\Windows\System\OcUMoNn.exe

C:\Windows\System\OcUMoNn.exe

C:\Windows\System\ZstsFAM.exe

C:\Windows\System\ZstsFAM.exe

C:\Windows\System\kbhbDrG.exe

C:\Windows\System\kbhbDrG.exe

C:\Windows\System\yOmnugv.exe

C:\Windows\System\yOmnugv.exe

C:\Windows\System\JQFKkOa.exe

C:\Windows\System\JQFKkOa.exe

C:\Windows\System\KmPmDxo.exe

C:\Windows\System\KmPmDxo.exe

C:\Windows\System\FQVnBbN.exe

C:\Windows\System\FQVnBbN.exe

C:\Windows\System\vsffAiO.exe

C:\Windows\System\vsffAiO.exe

C:\Windows\System\Gwgfsgx.exe

C:\Windows\System\Gwgfsgx.exe

C:\Windows\System\Qyedbjf.exe

C:\Windows\System\Qyedbjf.exe

C:\Windows\System\EhStjED.exe

C:\Windows\System\EhStjED.exe

C:\Windows\System\SbjudiH.exe

C:\Windows\System\SbjudiH.exe

C:\Windows\System\sRsIhjk.exe

C:\Windows\System\sRsIhjk.exe

C:\Windows\System\gFAUAsZ.exe

C:\Windows\System\gFAUAsZ.exe

C:\Windows\System\bbeGCnE.exe

C:\Windows\System\bbeGCnE.exe

C:\Windows\System\OSFqxiE.exe

C:\Windows\System\OSFqxiE.exe

C:\Windows\System\hHFAyjB.exe

C:\Windows\System\hHFAyjB.exe

C:\Windows\System\WeziBjG.exe

C:\Windows\System\WeziBjG.exe

C:\Windows\System\zFJchCb.exe

C:\Windows\System\zFJchCb.exe

C:\Windows\System\nuQPUjB.exe

C:\Windows\System\nuQPUjB.exe

C:\Windows\System\XurNPJn.exe

C:\Windows\System\XurNPJn.exe

C:\Windows\System\dsyfyHd.exe

C:\Windows\System\dsyfyHd.exe

C:\Windows\System\ovcJQSk.exe

C:\Windows\System\ovcJQSk.exe

C:\Windows\System\HCLpRgy.exe

C:\Windows\System\HCLpRgy.exe

C:\Windows\System\osukpvI.exe

C:\Windows\System\osukpvI.exe

C:\Windows\System\qUfbskq.exe

C:\Windows\System\qUfbskq.exe

C:\Windows\System\GlLTPNd.exe

C:\Windows\System\GlLTPNd.exe

C:\Windows\System\KDRVlvj.exe

C:\Windows\System\KDRVlvj.exe

C:\Windows\System\SeKULWV.exe

C:\Windows\System\SeKULWV.exe

C:\Windows\System\ZJqUwrX.exe

C:\Windows\System\ZJqUwrX.exe

C:\Windows\System\wbXQsFo.exe

C:\Windows\System\wbXQsFo.exe

C:\Windows\System\IhogIzK.exe

C:\Windows\System\IhogIzK.exe

C:\Windows\System\giKsniK.exe

C:\Windows\System\giKsniK.exe

C:\Windows\System\NizeZYk.exe

C:\Windows\System\NizeZYk.exe

C:\Windows\System\QtTNwdu.exe

C:\Windows\System\QtTNwdu.exe

C:\Windows\System\zIPjmia.exe

C:\Windows\System\zIPjmia.exe

C:\Windows\System\miHShml.exe

C:\Windows\System\miHShml.exe

C:\Windows\System\ZZlgtIE.exe

C:\Windows\System\ZZlgtIE.exe

C:\Windows\System\whRyYgY.exe

C:\Windows\System\whRyYgY.exe

C:\Windows\System\EUgwWKe.exe

C:\Windows\System\EUgwWKe.exe

C:\Windows\System\QohkSpz.exe

C:\Windows\System\QohkSpz.exe

C:\Windows\System\azYPukF.exe

C:\Windows\System\azYPukF.exe

C:\Windows\System\FgGndTI.exe

C:\Windows\System\FgGndTI.exe

C:\Windows\System\uvfUGjR.exe

C:\Windows\System\uvfUGjR.exe

C:\Windows\System\HrvPcte.exe

C:\Windows\System\HrvPcte.exe

C:\Windows\System\JmoPjib.exe

C:\Windows\System\JmoPjib.exe

C:\Windows\System\MrDhJgS.exe

C:\Windows\System\MrDhJgS.exe

C:\Windows\System\eCsFhDf.exe

C:\Windows\System\eCsFhDf.exe

C:\Windows\System\glZnnkl.exe

C:\Windows\System\glZnnkl.exe

C:\Windows\System\sHFEJWh.exe

C:\Windows\System\sHFEJWh.exe

C:\Windows\System\pKfNOTt.exe

C:\Windows\System\pKfNOTt.exe

C:\Windows\System\HmfkMnV.exe

C:\Windows\System\HmfkMnV.exe

C:\Windows\System\OCUoqLQ.exe

C:\Windows\System\OCUoqLQ.exe

C:\Windows\System\IWqKMHY.exe

C:\Windows\System\IWqKMHY.exe

C:\Windows\System\QEoQueh.exe

C:\Windows\System\QEoQueh.exe

C:\Windows\System\cWraMfo.exe

C:\Windows\System\cWraMfo.exe

C:\Windows\System\nZAaiZL.exe

C:\Windows\System\nZAaiZL.exe

C:\Windows\System\gYSTwVh.exe

C:\Windows\System\gYSTwVh.exe

C:\Windows\System\yMdEMIP.exe

C:\Windows\System\yMdEMIP.exe

C:\Windows\System\CssUfFY.exe

C:\Windows\System\CssUfFY.exe

C:\Windows\System\AZlLNNj.exe

C:\Windows\System\AZlLNNj.exe

C:\Windows\System\uhBdDIo.exe

C:\Windows\System\uhBdDIo.exe

C:\Windows\System\QUhaSoh.exe

C:\Windows\System\QUhaSoh.exe

C:\Windows\System\MppNedK.exe

C:\Windows\System\MppNedK.exe

C:\Windows\System\HySwrnB.exe

C:\Windows\System\HySwrnB.exe

C:\Windows\System\BLKaBfs.exe

C:\Windows\System\BLKaBfs.exe

C:\Windows\System\eXOimuA.exe

C:\Windows\System\eXOimuA.exe

C:\Windows\System\oJTZYUT.exe

C:\Windows\System\oJTZYUT.exe

C:\Windows\System\QOxgVtD.exe

C:\Windows\System\QOxgVtD.exe

C:\Windows\System\bJdoINe.exe

C:\Windows\System\bJdoINe.exe

C:\Windows\System\OGanpYO.exe

C:\Windows\System\OGanpYO.exe

C:\Windows\System\suCKNnR.exe

C:\Windows\System\suCKNnR.exe

C:\Windows\System\LmEmQPZ.exe

C:\Windows\System\LmEmQPZ.exe

C:\Windows\System\BwDMstn.exe

C:\Windows\System\BwDMstn.exe

C:\Windows\System\ffSQRGB.exe

C:\Windows\System\ffSQRGB.exe

C:\Windows\System\wQpgcNU.exe

C:\Windows\System\wQpgcNU.exe

C:\Windows\System\ZeaoVUn.exe

C:\Windows\System\ZeaoVUn.exe

C:\Windows\System\VrETfHQ.exe

C:\Windows\System\VrETfHQ.exe

C:\Windows\System\wzqbrxQ.exe

C:\Windows\System\wzqbrxQ.exe

C:\Windows\System\gOFLHBf.exe

C:\Windows\System\gOFLHBf.exe

C:\Windows\System\nOYMgaQ.exe

C:\Windows\System\nOYMgaQ.exe

C:\Windows\System\MYuaRqe.exe

C:\Windows\System\MYuaRqe.exe

C:\Windows\System\RhPiTVk.exe

C:\Windows\System\RhPiTVk.exe

C:\Windows\System\frWiPxp.exe

C:\Windows\System\frWiPxp.exe

C:\Windows\System\KeXwauK.exe

C:\Windows\System\KeXwauK.exe

C:\Windows\System\SZnIceF.exe

C:\Windows\System\SZnIceF.exe

C:\Windows\System\WFazIPQ.exe

C:\Windows\System\WFazIPQ.exe

C:\Windows\System\PMNfXCu.exe

C:\Windows\System\PMNfXCu.exe

C:\Windows\System\RyyqLqL.exe

C:\Windows\System\RyyqLqL.exe

C:\Windows\System\VdKbLDb.exe

C:\Windows\System\VdKbLDb.exe

C:\Windows\System\nQiqBJO.exe

C:\Windows\System\nQiqBJO.exe

C:\Windows\System\ZFojTUX.exe

C:\Windows\System\ZFojTUX.exe

C:\Windows\System\Hjqgwcp.exe

C:\Windows\System\Hjqgwcp.exe

C:\Windows\System\LCKqFTR.exe

C:\Windows\System\LCKqFTR.exe

C:\Windows\System\TXCtGpV.exe

C:\Windows\System\TXCtGpV.exe

C:\Windows\System\IgZTfDV.exe

C:\Windows\System\IgZTfDV.exe

C:\Windows\System\JogqzxS.exe

C:\Windows\System\JogqzxS.exe

C:\Windows\System\OqVvbVD.exe

C:\Windows\System\OqVvbVD.exe

C:\Windows\System\ALPUKfo.exe

C:\Windows\System\ALPUKfo.exe

C:\Windows\System\wpZlnVJ.exe

C:\Windows\System\wpZlnVJ.exe

C:\Windows\System\LRMUEfZ.exe

C:\Windows\System\LRMUEfZ.exe

C:\Windows\System\zXvxbsH.exe

C:\Windows\System\zXvxbsH.exe

C:\Windows\System\GBHBmzz.exe

C:\Windows\System\GBHBmzz.exe

C:\Windows\System\kxDAKOi.exe

C:\Windows\System\kxDAKOi.exe

C:\Windows\System\vprHxyG.exe

C:\Windows\System\vprHxyG.exe

C:\Windows\System\VzogvVN.exe

C:\Windows\System\VzogvVN.exe

C:\Windows\System\FSroliU.exe

C:\Windows\System\FSroliU.exe

C:\Windows\System\kgpcSSP.exe

C:\Windows\System\kgpcSSP.exe

C:\Windows\System\jSpMYeZ.exe

C:\Windows\System\jSpMYeZ.exe

C:\Windows\System\VumWcYK.exe

C:\Windows\System\VumWcYK.exe

C:\Windows\System\AOffaCW.exe

C:\Windows\System\AOffaCW.exe

C:\Windows\System\ZPYZuQE.exe

C:\Windows\System\ZPYZuQE.exe

C:\Windows\System\uPMxXwB.exe

C:\Windows\System\uPMxXwB.exe

C:\Windows\System\OyxkfDs.exe

C:\Windows\System\OyxkfDs.exe

C:\Windows\System\lAbLYxC.exe

C:\Windows\System\lAbLYxC.exe

C:\Windows\System\VNXIlpV.exe

C:\Windows\System\VNXIlpV.exe

C:\Windows\System\uiJbKaK.exe

C:\Windows\System\uiJbKaK.exe

C:\Windows\System\kPfREDE.exe

C:\Windows\System\kPfREDE.exe

C:\Windows\System\nCQiwsF.exe

C:\Windows\System\nCQiwsF.exe

C:\Windows\System\nTcGuQB.exe

C:\Windows\System\nTcGuQB.exe

C:\Windows\System\CWCszvx.exe

C:\Windows\System\CWCszvx.exe

C:\Windows\System\GUWPPTj.exe

C:\Windows\System\GUWPPTj.exe

C:\Windows\System\GHsVHsG.exe

C:\Windows\System\GHsVHsG.exe

C:\Windows\System\sesNqOG.exe

C:\Windows\System\sesNqOG.exe

C:\Windows\System\fIVfejH.exe

C:\Windows\System\fIVfejH.exe

C:\Windows\System\phUwbPl.exe

C:\Windows\System\phUwbPl.exe

C:\Windows\System\ujsEcDv.exe

C:\Windows\System\ujsEcDv.exe

C:\Windows\System\tSrvCOD.exe

C:\Windows\System\tSrvCOD.exe

C:\Windows\System\lsFlMyT.exe

C:\Windows\System\lsFlMyT.exe

C:\Windows\System\PTVGBtN.exe

C:\Windows\System\PTVGBtN.exe

C:\Windows\System\hSUBIji.exe

C:\Windows\System\hSUBIji.exe

C:\Windows\System\nwQsMCa.exe

C:\Windows\System\nwQsMCa.exe

C:\Windows\System\mPcVWMx.exe

C:\Windows\System\mPcVWMx.exe

C:\Windows\System\MrPDDqK.exe

C:\Windows\System\MrPDDqK.exe

C:\Windows\System\mWKFxoc.exe

C:\Windows\System\mWKFxoc.exe

C:\Windows\System\cBjTCvZ.exe

C:\Windows\System\cBjTCvZ.exe

C:\Windows\System\ckAZuPY.exe

C:\Windows\System\ckAZuPY.exe

C:\Windows\System\birnaGI.exe

C:\Windows\System\birnaGI.exe

C:\Windows\System\LZoQeOp.exe

C:\Windows\System\LZoQeOp.exe

C:\Windows\System\uxbusOL.exe

C:\Windows\System\uxbusOL.exe

C:\Windows\System\NwfSdaO.exe

C:\Windows\System\NwfSdaO.exe

C:\Windows\System\vcczLQq.exe

C:\Windows\System\vcczLQq.exe

C:\Windows\System\uwWnIsd.exe

C:\Windows\System\uwWnIsd.exe

C:\Windows\System\UUneuUf.exe

C:\Windows\System\UUneuUf.exe

C:\Windows\System\RQABkuh.exe

C:\Windows\System\RQABkuh.exe

C:\Windows\System\nwbtBIL.exe

C:\Windows\System\nwbtBIL.exe

C:\Windows\System\LUhhvyU.exe

C:\Windows\System\LUhhvyU.exe

C:\Windows\System\IzGGYyF.exe

C:\Windows\System\IzGGYyF.exe

C:\Windows\System\gnlFkLD.exe

C:\Windows\System\gnlFkLD.exe

C:\Windows\System\iywxhTb.exe

C:\Windows\System\iywxhTb.exe

C:\Windows\System\zYQYRLC.exe

C:\Windows\System\zYQYRLC.exe

C:\Windows\System\xQJQYPb.exe

C:\Windows\System\xQJQYPb.exe

C:\Windows\System\mUTVIzV.exe

C:\Windows\System\mUTVIzV.exe

C:\Windows\System\WMFFZBN.exe

C:\Windows\System\WMFFZBN.exe

C:\Windows\System\ALxyium.exe

C:\Windows\System\ALxyium.exe

C:\Windows\System\kzEmwlb.exe

C:\Windows\System\kzEmwlb.exe

C:\Windows\System\NpKqZuO.exe

C:\Windows\System\NpKqZuO.exe

C:\Windows\System\RcTmQsu.exe

C:\Windows\System\RcTmQsu.exe

C:\Windows\System\UFwkMof.exe

C:\Windows\System\UFwkMof.exe

C:\Windows\System\aiqhFNB.exe

C:\Windows\System\aiqhFNB.exe

C:\Windows\System\GJAxFFN.exe

C:\Windows\System\GJAxFFN.exe

C:\Windows\System\lXKXVRq.exe

C:\Windows\System\lXKXVRq.exe

C:\Windows\System\cwAEXut.exe

C:\Windows\System\cwAEXut.exe

C:\Windows\System\BxxUvKQ.exe

C:\Windows\System\BxxUvKQ.exe

C:\Windows\System\yuEUWYe.exe

C:\Windows\System\yuEUWYe.exe

C:\Windows\System\gpOTwOC.exe

C:\Windows\System\gpOTwOC.exe

C:\Windows\System\OtBPwpw.exe

C:\Windows\System\OtBPwpw.exe

C:\Windows\System\TjEjreW.exe

C:\Windows\System\TjEjreW.exe

C:\Windows\System\vZjzWxp.exe

C:\Windows\System\vZjzWxp.exe

C:\Windows\System\zpYsVqT.exe

C:\Windows\System\zpYsVqT.exe

C:\Windows\System\tIquWOW.exe

C:\Windows\System\tIquWOW.exe

C:\Windows\System\aUoRTnk.exe

C:\Windows\System\aUoRTnk.exe

C:\Windows\System\qHtUULq.exe

C:\Windows\System\qHtUULq.exe

C:\Windows\System\dBerATU.exe

C:\Windows\System\dBerATU.exe

C:\Windows\System\aqWInpL.exe

C:\Windows\System\aqWInpL.exe

C:\Windows\System\mmcQCNj.exe

C:\Windows\System\mmcQCNj.exe

C:\Windows\System\RiBNANU.exe

C:\Windows\System\RiBNANU.exe

C:\Windows\System\bTISZTH.exe

C:\Windows\System\bTISZTH.exe

C:\Windows\System\lNkyDVu.exe

C:\Windows\System\lNkyDVu.exe

C:\Windows\System\oDKUJwx.exe

C:\Windows\System\oDKUJwx.exe

C:\Windows\System\clxHTdB.exe

C:\Windows\System\clxHTdB.exe

C:\Windows\System\FAucZkw.exe

C:\Windows\System\FAucZkw.exe

C:\Windows\System\NOjmiDJ.exe

C:\Windows\System\NOjmiDJ.exe

C:\Windows\System\gtscvdG.exe

C:\Windows\System\gtscvdG.exe

C:\Windows\System\diaDWKm.exe

C:\Windows\System\diaDWKm.exe

C:\Windows\System\mGwfitx.exe

C:\Windows\System\mGwfitx.exe

C:\Windows\System\bdwnkeo.exe

C:\Windows\System\bdwnkeo.exe

C:\Windows\System\wbsKgBm.exe

C:\Windows\System\wbsKgBm.exe

C:\Windows\System\wOJPnFN.exe

C:\Windows\System\wOJPnFN.exe

C:\Windows\System\JEzDpqy.exe

C:\Windows\System\JEzDpqy.exe

C:\Windows\System\mIJMCet.exe

C:\Windows\System\mIJMCet.exe

C:\Windows\System\zUtRnnW.exe

C:\Windows\System\zUtRnnW.exe

C:\Windows\System\yJpHTDc.exe

C:\Windows\System\yJpHTDc.exe

C:\Windows\System\bhAtBgf.exe

C:\Windows\System\bhAtBgf.exe

C:\Windows\System\DdXhsJG.exe

C:\Windows\System\DdXhsJG.exe

C:\Windows\System\uWuvHhr.exe

C:\Windows\System\uWuvHhr.exe

C:\Windows\System\OYeZCzV.exe

C:\Windows\System\OYeZCzV.exe

C:\Windows\System\KoDzgVa.exe

C:\Windows\System\KoDzgVa.exe

C:\Windows\System\vPpCmVP.exe

C:\Windows\System\vPpCmVP.exe

C:\Windows\System\eTcDjDO.exe

C:\Windows\System\eTcDjDO.exe

C:\Windows\System\aGaduZK.exe

C:\Windows\System\aGaduZK.exe

C:\Windows\System\gLOAkTy.exe

C:\Windows\System\gLOAkTy.exe

C:\Windows\System\XzDoZvV.exe

C:\Windows\System\XzDoZvV.exe

C:\Windows\System\cRnJnwe.exe

C:\Windows\System\cRnJnwe.exe

C:\Windows\System\LDTjJbj.exe

C:\Windows\System\LDTjJbj.exe

C:\Windows\System\FleUKKv.exe

C:\Windows\System\FleUKKv.exe

C:\Windows\System\HnMlBte.exe

C:\Windows\System\HnMlBte.exe

C:\Windows\System\HQVIIrY.exe

C:\Windows\System\HQVIIrY.exe

C:\Windows\System\YLinuBy.exe

C:\Windows\System\YLinuBy.exe

C:\Windows\System\xyfGVKR.exe

C:\Windows\System\xyfGVKR.exe

C:\Windows\System\BygQahb.exe

C:\Windows\System\BygQahb.exe

C:\Windows\System\ZjbKOYk.exe

C:\Windows\System\ZjbKOYk.exe

C:\Windows\System\jHvBvbF.exe

C:\Windows\System\jHvBvbF.exe

C:\Windows\System\bqDPQZE.exe

C:\Windows\System\bqDPQZE.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2844-0-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2844-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ablNeAp.exe

MD5 035452c77a4c26c513d6e1a3fb9c9094
SHA1 1e4bc4a9fb50671e66fc720e814edfd08f5fd9ec
SHA256 e3bf21a3e722019ac59028a19ef7a11d8410b06719eaaf75c8b777fe803246f8
SHA512 8eb536e99e8f1977b6ba66b5dcfe2f5feb524e263c58fa13f7e2a5f59e345e5bf2c2fba4f42c251ad1019938e0de8500becab1d242ef44faf1973970b2603e3e

memory/2844-8-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2184-9-0x000000013F950000-0x000000013FCA4000-memory.dmp

\Windows\system\bRGywIO.exe

MD5 bf560c006579f41041284a0232ee9443
SHA1 6b1b06aaf422d81d9aeffd65cb9d387fb18ef704
SHA256 a17e465fa474481152417d91d5e323cf7c7416bfc382a2576459e0f26948ca86
SHA512 35287c4f75fefa7030ba4471987e507e6468bd848ef52306d46771b3d4ccfed7edf072854e15ddaa09091ddbeac94ea5a38ddfe6dd9e319c9a22ccf415902edf

\Windows\system\ywvqJiB.exe

MD5 1dd49b9f9b75c00508cc762dc5c9f9e6
SHA1 d32187fb79b5b4180f6b1ff1a840687a58bdb733
SHA256 8bcc7445f63a074f98ddc9ebe721461eef0d545da440916b739f24afa9971ef0
SHA512 6ec3be255e6fec8b05598f371a85685625746ec628958a7025e6858a61497b331647f39fc889b92bf56f145f42a62a310b018e835842c649cc6d2f047f374569

memory/1972-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2844-21-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2676-20-0x000000013F2D0000-0x000000013F624000-memory.dmp

\Windows\system\zjpTChH.exe

MD5 2ba95b60fb617c789bed35c279d57fb2
SHA1 5a0c99a87aeb11bd26185bcf02e5c32d0c28666f
SHA256 a36adae964a4a3b2209a7c932bae23872f48959e876a9d46ce222cb106325505
SHA512 ce47a6a7dd09fe4572d95ad7939567ac365f5ffe99630465bf0e638668cfa0e0e47ee9054ba27a58e86df444ca8da2c882502c36d45df45af6fa1c65d2fd3b7f

memory/2692-27-0x000000013F8D0000-0x000000013FC24000-memory.dmp

\Windows\system\VQwgzyc.exe

MD5 f9f5e120606916afa931ab84649fc27a
SHA1 ffededb6ca98d0f0c4fa93c0276be39ca3909843
SHA256 dd446beb92614f5f40b8a36ac3300fb4674db500521ac36a96c4ebc49903c474
SHA512 91da81d9f4f6b12f6edcc725ff8083e342a746618e2034d5e7006f3183a9e1381b25f83df2816969eb2d61af9977a07e52f85e897563161a69a9a7bb39a8ff71

C:\Windows\system\FYxwEXZ.exe

MD5 472f7c129518ace0870d7c95dc56614e
SHA1 aae357ea3230ad355c216d110edd0d6dcd2d672c
SHA256 935e52b49a33ed6b11854ace0ab817ef6de49968a933e10c1135264d907e935f
SHA512 f6603f05c450136b4d8b768f2c6413ae483636fe5d7b77ec630682323e65a5c13e77289ec2389c811a48a427cbd98e94f41e2339e51cbb528a7e39c6085fb39f

memory/2856-39-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2844-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp

C:\Windows\system\FeGgWQl.exe

MD5 d8b8591a910d93bc4a9cb6f0ae2be938
SHA1 4b7b1ee7095701901b2b41cbba09938a4974e93c
SHA256 2e04ee1e7ea653b2ef46324dd5c48b800b9b08a0c17fbbf6783994a4dedda8c8
SHA512 4b91a999a1116fa82c1da9a483795cb10bfffdf10600f388f63f783205b1da90e28243a7723be21e5ce161be5076fa44ab10f92c3712694fb155bc2109ff944a

\Windows\system\mpVTbON.exe

MD5 875fd2a1c2fe88fd13ceeeb4f2160e57
SHA1 89134c1e7cae6ed609ebb7cd09d0c4faa00fab23
SHA256 4949926e175e3ba181ed090b6aae68f2b20307ed65ed33f2348a15882896c08e
SHA512 27cf15ec8aa5229b282ae6273ba8e936200307ee1a8cdde1d44e1a69b38781073280e3df60d3cda5df076cbd79368ffb1497622027099d1c7b5489647ea01496

C:\Windows\system\peHSSbv.exe

MD5 c97e6e2f9b72ac86062ce256ddff1d40
SHA1 9835dd05740041902a8248138f886f4f9ca76be2
SHA256 0b2eb8021746296c6d3eab68d711c83c0a7c1190c6b91a4fffcb075bfb9b625a
SHA512 afa1983b33ded00755883c1650d9661dadc620b9f00f30d5d4e67fe0bf965c74ea31336d377e29518db4a5ef0eb561df08d70bed246a1b43f231580fec2e4990

memory/2200-64-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2720-69-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2844-68-0x00000000020B0000-0x0000000002404000-memory.dmp

memory/2844-63-0x000000013F950000-0x000000013FCA4000-memory.dmp

C:\Windows\system\zBIZXSX.exe

MD5 4f9352bf6e96fd35e91555cc66d0cc8a
SHA1 9c835dc06aad460f6afab265764f79b4b717f0f0
SHA256 d11c0eb69e0f15b3bb43ead3ee6676ad6f6fb5f66a30bb1a712c5a80e7af798b
SHA512 aa329e3b48d12fe2023ee88eb515216adb1e0615721505ad5ad01fb8b1a09a0d673ecea053b00ad38066ebc3653a7450b9f95f682e625fed764d410152bbf6ef

memory/2656-60-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2844-59-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2844-58-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2844-57-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2576-56-0x000000013F3E0000-0x000000013F734000-memory.dmp

memory/2844-54-0x000000013F3E0000-0x000000013F734000-memory.dmp

memory/2760-41-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2844-33-0x000000013F9F0000-0x000000013FD44000-memory.dmp

C:\Windows\system\xinvXwo.exe

MD5 80b29fee779379de6e324a7b8603ebe6
SHA1 7957500b6c55d102ce02fe3a246ea0531587f5a7
SHA256 dd7bf32ec6376de10fb2912bb388bf6c3f0601aba831286bbefea1cbaa5df35d
SHA512 e29f18f47223579b98ce85da8ea94de40f8bed935d7307d13d044b943c227bef796ff215f5e4d88e5d9d710dbf291df439d85d56c36a74c8bb26b44f8ebc7288

\Windows\system\wxeFBEl.exe

MD5 bb29391e48826b65f6f4bfd35dcad965
SHA1 e34db4b6859793f7d8a16080e1d895d60daf7e82
SHA256 3da6d1291a2c70320c12486494a4647d2db6a06ec39d43fbebe2ec4a50be5718
SHA512 556ace6fa78fad87322477e11f68354cd231d9c66df91c8c67ce37fc0165ba16ee56b0596fc4cd026beb56a4c7dfdad3073f01ef119265b24a937cd0fc1ecc70

memory/2844-83-0x00000000020B0000-0x0000000002404000-memory.dmp

memory/2692-86-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2784-87-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/288-84-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2844-81-0x000000013FCD0000-0x0000000140024000-memory.dmp

C:\Windows\system\yRhpdhR.exe

MD5 3449ee472d8f74264e828f2ad125fad4
SHA1 2617ef00066fe56ea3addc6ab9cba7fadd30673c
SHA256 da75e9be9558d84ce7f6e622335ad74833d04f3df1da29f2afa3e021d64eb0be
SHA512 7591b51b56c9ef685c8b966b3e85eb3fa561ef87afad49718fb7f9afc9d774aaa580cd1a871621f2946434b776cd44eadab7879c0357d027ce85a67fbd6a3d33

memory/2828-94-0x000000013F840000-0x000000013FB94000-memory.dmp

\Windows\system\YQLPlpC.exe

MD5 34f395f8191ca464d4786c7a8b3e584e
SHA1 451c4d036d7aa739519c763493af0644595b939a
SHA256 d74918d77a6e369788c53476a106fa77ec71d7dc80ef5914510aeb82bb2236cd
SHA512 fe1c91dfc6c92a5d934068978495f4d6d4b99e56dbdb1a6f551cecf25e29ef4d69352e1ac34ac5145ac2b05dfae9e79a37f759f0edd6b12e6d3be6136da4611c

memory/2844-93-0x000000013F840000-0x000000013FB94000-memory.dmp

C:\Windows\system\NgZkGqX.exe

MD5 68000de1fcfeb7ccd8220983575d4cef
SHA1 46dfacfcf76a32826abb249dfed6344bf1a6ab35
SHA256 4a0a65cae017c5130eb0a176a4db28e3d132b91233964d249bd3086fcb120e27
SHA512 6f3c3c4a52fac1339b807d96a5785c4f164dd0995500e017e187b3ec06ecc1d0de4c0294a0544b4957e1c2754e2f1a95a8e9dd3855834b1397aa73f585aa0818

C:\Windows\system\KiFQOZF.exe

MD5 86110eb4f19b18fada293affe95e1fcb
SHA1 c9b54f7d2d28447481842460bb91c9014270afae
SHA256 290903304a138d1c6f471b30fc85d18baf8defa8c6a25cf12a5d5818848d04bd
SHA512 fc6ba1819e403576401a5859d9e24fe41cb63e46314676ed9b8f63c914eae7267b33b86cc6a34c20eb374f09fc34b463b1e81181e37fa6e2346992c12ea99a9e

C:\Windows\system\PcmjsWB.exe

MD5 3a0088283bc741894dd8b4b86b2ed97d
SHA1 80c79bd369f77adde80d63fa6fb3023f0e3ebfb0
SHA256 b049590eeebd0fb0dbf4a27bee86887733345ed2bfb467c24f4692e919de5ff6
SHA512 634c877f33683d7c325c36e0d69aeaeb20f50d4397ffeef4ba01277f6587f79a6d7fba5ca4cfb7faacff67d5238985c00d80f2172999746e6ddef1da2e7cfecb

C:\Windows\system\aseknVZ.exe

MD5 1537840c3a7d00b95b8c6bacc4f96ad4
SHA1 2635aa418e08caa2b7282944f1795fed71455bd1
SHA256 e86436f3a500c88a12d51b24d7c5a0b1774713f90066e3c68f773102cd6b641a
SHA512 e6ea4569a9ba14ca739fac67a35a9a12f0cb2905834b1012752d109a153efa382853869529d6d9c611fbebf4a645b59c5efe13435385d5281c2f830950ffb899

C:\Windows\system\VPtABgf.exe

MD5 1cf2782322ba062527ae60127ad6a765
SHA1 7ae5d0f44fb2d4e011b103fed4f4e599c6a480ae
SHA256 7f8d26a0c806d17d28114be367576dd62798c1f171c4666b87d3a9b444bf6f5c
SHA512 619f0cb45dc458ebfeffedf97c8ca09f8b42d528b12fbe346d763ff52ad86f91cb03e2ab3a4ccd54237732066e587122ce908f9fde29c59c2c1c79b4712cede6

C:\Windows\system\RoQhHUU.exe

MD5 00ab6804e3733f9071f73683f1d5e86a
SHA1 16b90f011d499acfede5b39926f946c66bb076c4
SHA256 96c94b33e0ae9256b083fdecb48de73ba32f3b97f483f1ee6d26a7a45226584a
SHA512 3827a1a6242a56b1a371f89fc38048c09a71f446725334cf0957ff3cb69d9a63f1b76af5d905b6c5d8f1e91134cde706bd36fe48b21e9e8aa5350fc0ad22786d

\Windows\system\bMeFdEH.exe

MD5 2425472809705a44b0558ec3d171b698
SHA1 7d59b752553df5cc7daedb987481cb05c9ec8445
SHA256 24c2def933547478674f7a41b54de931eac96639a8ced9754043ff4548a9dfed
SHA512 9c81aca1ec6e713e8ee7e79065428438363e3d3b959b674cc3f6d77d6a2e90a20c4fb982a2ea522e78cb9dc2d96e3192994225869d5d0d75e56fe95690162f20

C:\Windows\system\aqHtejv.exe

MD5 8f52a2755117a64051d3c9177a170b86
SHA1 29b02a2d45be87b17241f79be7e2fb577e7442d9
SHA256 e3ba5a9a6d78ab559e277bef84c828c44241dbd2b4dd71915e5f8c9ea00aa623
SHA512 f513cb0521480363b8abd63d1df14cfb992c2f048bcfd57c896b9a3a922e254085c5f1b60bd09fc6c836dcfbd6dcb8a1e63627fcaa36fffae40bf06b0ee3d005

memory/2760-343-0x000000013F9F0000-0x000000013FD44000-memory.dmp

C:\Windows\system\UOxDPVD.exe

MD5 cc493b61ec82a75407ffd91086b04932
SHA1 6e18c0ed2ddaeaea362c2b38c7b5d8ce329d0f84
SHA256 f8a4b2926d2538b0567a1953520189b5061d325583f91e25102fc84cf9fce2b2
SHA512 eb63eb1e672921723546c8e21727edce229cd662173f148d8424720d6815f5faa4850708dff90e34db993aac64f7e14013fe1d65da9fb24cfb38b861d70dd723

C:\Windows\system\mwTlBAg.exe

MD5 367d6556b6b6a03e96df630d67d3fef2
SHA1 ec72f14759556c9826b9926531c9f26b7c81da3b
SHA256 1f1dddaf31da5f0c963e5ba4801d012e6080c32a81f9429541a9b1d009c3a4e8
SHA512 2dde66c91b551f4195acfd8633f030a53ec518a8ffb3890ce9ceca11f363c1fc58d01b88615ce550bede060d2b8e04284791f8836eb4d1a901b7fe8e9d5b4572

C:\Windows\system\EXVBjCd.exe

MD5 c1514e02e035df73db78b7a586abc23c
SHA1 977f927360b72f29ab6b3428c526bf3353d69ac5
SHA256 ebdd1f8e4d6a0d3c000398b7f7a3feef9be532cc4c9dabf8b1181ae420aa6c80
SHA512 de694b5b06d193c785a4782d536c27f386c4dc9b2134baeb330e6768a1282ecd7b819e55c2b12bd30e4879e029bcaab929a3bc5c977c5b151bd5686c0c560364

C:\Windows\system\INKdEFf.exe

MD5 ceb4e4e7989ff6bc8f5637270e708136
SHA1 221b4f9d541028f77cfc69a8936b0f72d72526f2
SHA256 330800288db5e4c241296edebcb27f2c10e5dfcd7c85506acbcd74e86dcf6d42
SHA512 7658c7bde25d2eb6f2487a02f98999b523c08a991c879ded518be7ab2b431cce870fa836c58f11c68ee661a0aeb375b6eb0073448e9d4568c7649d8621920ced

C:\Windows\system\KXCCsuQ.exe

MD5 c53989d1a8564ef5b667919c76210e60
SHA1 4ae25a372328470e4b51bf1567e8f25a422349cd
SHA256 5c131f98d91e73db4a97696c02121ba69724ba27656238387156990e75fd2135
SHA512 1074419e92f38d885012f2ce5d4f241831275590d6ccac76006634e65f48d0393409b90692fb2076f138cd2824ee5a386bc2a0414b177a99f472dfd4b617063b

C:\Windows\system\nascrjS.exe

MD5 360b6cd667c71304db5c9d8fb7adeb6a
SHA1 ed3061d3302fe341fb3037b257713cbcd7348d93
SHA256 030d79ea294e5aff23b8fbdac3d73fff4ca8cad93876c6f6e3f42d2f8a1c16cf
SHA512 25ceeb14d492fe902931cab0bd2bddb1d955ef2377fec9fbafc27e3d9d3f0f0bc98befc534d3d3c38a57816ab8858a0888b34cc52960f64e225ef7b15eb4fcff

C:\Windows\system\vTsZMwk.exe

MD5 0da877ed4f6951e7e11fc1a3d37a438e
SHA1 b76f2da6c308e53838f2bc973b548804d691622e
SHA256 8fcd06e6c3f9d270349d7300c247382d0e87faedd4c886058c9bba98c0f63c41
SHA512 a9a2ef0db48ac5fb4a8758cd66d79af0bab9c7c600ac62a56885ac2f36366ac2d04d0d8ad057b13e39fd062d925dff1343179a8f321d5debb58e5d3b2bfb5161

C:\Windows\system\kmcBFWM.exe

MD5 4afe57791fe416cffe9a9bd8c11ebeaf
SHA1 7688af4f08528c11cb6c07212b02e48fc7005361
SHA256 0c7bda5046b06b7c317087d21a32f2aabe87c992b14ca9d7acc9039303126d43
SHA512 99ce0be0f7b6f8f7de77da7a93e5989effdf8ada1106a0618d3857b4f4ffda91fdb99029814ae4144e534eca5ba5ff5be97cb97110f29a5a63feb8fccf3d8f53

C:\Windows\system\oGEZgUH.exe

MD5 0015643cc58273a45e801b1c986b4d8b
SHA1 37ec7027d4517440db35cffcb0d8fb8dfb716825
SHA256 2a617e358b50888aaddb82898b6f9be39024c3789033ae8c150902e1fe285452
SHA512 c6878d39f74be92da193b9e883a4e98ac1aaa691dcdda7a6308b9c98fc1e54d6be07d4582bb93dd566746929ef96aa3447269786e23b10f7b179b3738ee9d89b

memory/2844-105-0x00000000020B0000-0x0000000002404000-memory.dmp

memory/2856-104-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/1812-102-0x000000013F590000-0x000000013F8E4000-memory.dmp

C:\Windows\system\xWdMOen.exe

MD5 677764ead2f6efff2f0aa519345ae5a8
SHA1 92b2a1df5e2e664676d0e71164e47db52002fe64
SHA256 82aea72517e9613a28f68e90edc26faea847364d8cb125b765be576beef1b382
SHA512 249eff84985065fbc95e6efd429610a0b43f762c77b482bf600a5d3f837b5067daf4b4577943c1cc9e73a0113fea4b22d27388d3ba1abc7787d867a242ee62e7

memory/2656-1072-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2200-1073-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2720-1074-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2844-1075-0x00000000020B0000-0x0000000002404000-memory.dmp

memory/2844-1076-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2844-1077-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/1812-1078-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2844-1079-0x00000000020B0000-0x0000000002404000-memory.dmp

memory/2184-1080-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2676-1082-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/1972-1081-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2692-1083-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2856-1084-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2760-1085-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2576-1086-0x000000013F3E0000-0x000000013F734000-memory.dmp

memory/2656-1087-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2720-1088-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2200-1089-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/288-1090-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2784-1091-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/2828-1092-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/1812-1093-0x000000013F590000-0x000000013F8E4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 08:59

Reported

2024-06-20 09:02

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nJdrsDL.exe N/A
N/A N/A C:\Windows\System\xJhGEkW.exe N/A
N/A N/A C:\Windows\System\aHPKSgO.exe N/A
N/A N/A C:\Windows\System\IqFRhoR.exe N/A
N/A N/A C:\Windows\System\hkcLhMP.exe N/A
N/A N/A C:\Windows\System\WaPzQtW.exe N/A
N/A N/A C:\Windows\System\kGvNqTO.exe N/A
N/A N/A C:\Windows\System\IaWLXnC.exe N/A
N/A N/A C:\Windows\System\HjjhECX.exe N/A
N/A N/A C:\Windows\System\tpQJuAH.exe N/A
N/A N/A C:\Windows\System\quLafUM.exe N/A
N/A N/A C:\Windows\System\opNLhdb.exe N/A
N/A N/A C:\Windows\System\QqCkNDU.exe N/A
N/A N/A C:\Windows\System\hBhiRBX.exe N/A
N/A N/A C:\Windows\System\bOnHcSf.exe N/A
N/A N/A C:\Windows\System\qUblzIi.exe N/A
N/A N/A C:\Windows\System\crMlxfA.exe N/A
N/A N/A C:\Windows\System\ZfnJuJq.exe N/A
N/A N/A C:\Windows\System\LExGsEd.exe N/A
N/A N/A C:\Windows\System\YhRyWQM.exe N/A
N/A N/A C:\Windows\System\otYwbnH.exe N/A
N/A N/A C:\Windows\System\evvasAm.exe N/A
N/A N/A C:\Windows\System\dQnxTLV.exe N/A
N/A N/A C:\Windows\System\gImUyoq.exe N/A
N/A N/A C:\Windows\System\LfrueYS.exe N/A
N/A N/A C:\Windows\System\xZYKykK.exe N/A
N/A N/A C:\Windows\System\YnLDfml.exe N/A
N/A N/A C:\Windows\System\ZeNTOsM.exe N/A
N/A N/A C:\Windows\System\sucdYju.exe N/A
N/A N/A C:\Windows\System\HyIsNJv.exe N/A
N/A N/A C:\Windows\System\WCeEIAs.exe N/A
N/A N/A C:\Windows\System\mJwfOfy.exe N/A
N/A N/A C:\Windows\System\rxTUasM.exe N/A
N/A N/A C:\Windows\System\MTsXNkN.exe N/A
N/A N/A C:\Windows\System\nLxSUci.exe N/A
N/A N/A C:\Windows\System\aXpwYBx.exe N/A
N/A N/A C:\Windows\System\OsqcZQO.exe N/A
N/A N/A C:\Windows\System\EDvmCgc.exe N/A
N/A N/A C:\Windows\System\uwPAckK.exe N/A
N/A N/A C:\Windows\System\VmRKHyx.exe N/A
N/A N/A C:\Windows\System\zYQCwXr.exe N/A
N/A N/A C:\Windows\System\HHlKyyL.exe N/A
N/A N/A C:\Windows\System\sOoUECl.exe N/A
N/A N/A C:\Windows\System\BTZzpOm.exe N/A
N/A N/A C:\Windows\System\csOfOyv.exe N/A
N/A N/A C:\Windows\System\ufHiVGU.exe N/A
N/A N/A C:\Windows\System\LDdoHJj.exe N/A
N/A N/A C:\Windows\System\VaCTWWG.exe N/A
N/A N/A C:\Windows\System\SawoySb.exe N/A
N/A N/A C:\Windows\System\UIUpzvD.exe N/A
N/A N/A C:\Windows\System\IMRoZjP.exe N/A
N/A N/A C:\Windows\System\RtQQtli.exe N/A
N/A N/A C:\Windows\System\bOPKfIu.exe N/A
N/A N/A C:\Windows\System\BShPhFG.exe N/A
N/A N/A C:\Windows\System\BaaJpQX.exe N/A
N/A N/A C:\Windows\System\VeivutZ.exe N/A
N/A N/A C:\Windows\System\vDlVbAm.exe N/A
N/A N/A C:\Windows\System\tiVkZpx.exe N/A
N/A N/A C:\Windows\System\YGAGeTg.exe N/A
N/A N/A C:\Windows\System\aFelohT.exe N/A
N/A N/A C:\Windows\System\bBFkJNh.exe N/A
N/A N/A C:\Windows\System\bVFwEqV.exe N/A
N/A N/A C:\Windows\System\IsNeyKW.exe N/A
N/A N/A C:\Windows\System\YydntFb.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\sZVjFku.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaWLXnC.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDvmCgc.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTZzpOm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMRoZjP.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrSSTUQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyIoLyu.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDgdwhw.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzNLKZK.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ldRnMmm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hBhiRBX.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTKRsVD.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\yajmLpO.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqlTvVT.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\VyGRmsQ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnLDfml.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXJEGoZ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\scGPbCK.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaJmqfT.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVHsgru.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\eXlEEdE.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkQutzq.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\uymKyhg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\sOibwEW.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\GunxrZw.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rafMSXB.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\saVnuGv.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFHiUCw.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBFkJNh.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvPkJCm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlzIfEs.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYImVvR.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMyGCbd.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnKXjFh.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQyvGYx.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\UKBCTVX.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTsXNkN.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\csOfOyv.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsNeyKW.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkaApsT.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OlDtqAg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZfnJuJq.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LExGsEd.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOPKfIu.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHhnlVJ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVZGmOw.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\evvasAm.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKAXhhJ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAQpQLg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiAwpNj.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKcQWzI.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDVTrOg.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEcFyuJ.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\FGpCIsc.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbVbvhU.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\caUwGWG.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\VAAvAWI.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\otYwbnH.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMygpwz.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHenNmo.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hsKYbyl.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmLsymO.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJAgdsv.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcHRjTq.exe C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\nJdrsDL.exe
PID 2388 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\nJdrsDL.exe
PID 2388 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xJhGEkW.exe
PID 2388 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xJhGEkW.exe
PID 2388 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\aHPKSgO.exe
PID 2388 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\aHPKSgO.exe
PID 2388 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\IqFRhoR.exe
PID 2388 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\IqFRhoR.exe
PID 2388 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\hkcLhMP.exe
PID 2388 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\hkcLhMP.exe
PID 2388 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\WaPzQtW.exe
PID 2388 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\WaPzQtW.exe
PID 2388 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\kGvNqTO.exe
PID 2388 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\kGvNqTO.exe
PID 2388 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\IaWLXnC.exe
PID 2388 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\IaWLXnC.exe
PID 2388 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\HjjhECX.exe
PID 2388 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\HjjhECX.exe
PID 2388 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\tpQJuAH.exe
PID 2388 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\tpQJuAH.exe
PID 2388 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\quLafUM.exe
PID 2388 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\quLafUM.exe
PID 2388 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\opNLhdb.exe
PID 2388 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\opNLhdb.exe
PID 2388 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\QqCkNDU.exe
PID 2388 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\QqCkNDU.exe
PID 2388 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\hBhiRBX.exe
PID 2388 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\hBhiRBX.exe
PID 2388 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\bOnHcSf.exe
PID 2388 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\bOnHcSf.exe
PID 2388 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\qUblzIi.exe
PID 2388 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\qUblzIi.exe
PID 2388 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\crMlxfA.exe
PID 2388 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\crMlxfA.exe
PID 2388 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ZfnJuJq.exe
PID 2388 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ZfnJuJq.exe
PID 2388 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\LExGsEd.exe
PID 2388 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\LExGsEd.exe
PID 2388 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YhRyWQM.exe
PID 2388 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YhRyWQM.exe
PID 2388 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\otYwbnH.exe
PID 2388 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\otYwbnH.exe
PID 2388 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\evvasAm.exe
PID 2388 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\evvasAm.exe
PID 2388 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\dQnxTLV.exe
PID 2388 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\dQnxTLV.exe
PID 2388 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\gImUyoq.exe
PID 2388 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\gImUyoq.exe
PID 2388 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\LfrueYS.exe
PID 2388 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\LfrueYS.exe
PID 2388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xZYKykK.exe
PID 2388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\xZYKykK.exe
PID 2388 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YnLDfml.exe
PID 2388 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\YnLDfml.exe
PID 2388 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ZeNTOsM.exe
PID 2388 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\ZeNTOsM.exe
PID 2388 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\sucdYju.exe
PID 2388 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\sucdYju.exe
PID 2388 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\HyIsNJv.exe
PID 2388 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\HyIsNJv.exe
PID 2388 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\WCeEIAs.exe
PID 2388 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\WCeEIAs.exe
PID 2388 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\mJwfOfy.exe
PID 2388 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe C:\Windows\System\mJwfOfy.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4db33961fb9ecf31d9bfa4075be0d55483b3d0b2f523b339cc8c912e79de843c_NeikiAnalytics.exe"

C:\Windows\System\nJdrsDL.exe

C:\Windows\System\nJdrsDL.exe

C:\Windows\System\xJhGEkW.exe

C:\Windows\System\xJhGEkW.exe

C:\Windows\System\aHPKSgO.exe

C:\Windows\System\aHPKSgO.exe

C:\Windows\System\IqFRhoR.exe

C:\Windows\System\IqFRhoR.exe

C:\Windows\System\hkcLhMP.exe

C:\Windows\System\hkcLhMP.exe

C:\Windows\System\WaPzQtW.exe

C:\Windows\System\WaPzQtW.exe

C:\Windows\System\kGvNqTO.exe

C:\Windows\System\kGvNqTO.exe

C:\Windows\System\IaWLXnC.exe

C:\Windows\System\IaWLXnC.exe

C:\Windows\System\HjjhECX.exe

C:\Windows\System\HjjhECX.exe

C:\Windows\System\tpQJuAH.exe

C:\Windows\System\tpQJuAH.exe

C:\Windows\System\quLafUM.exe

C:\Windows\System\quLafUM.exe

C:\Windows\System\opNLhdb.exe

C:\Windows\System\opNLhdb.exe

C:\Windows\System\QqCkNDU.exe

C:\Windows\System\QqCkNDU.exe

C:\Windows\System\hBhiRBX.exe

C:\Windows\System\hBhiRBX.exe

C:\Windows\System\bOnHcSf.exe

C:\Windows\System\bOnHcSf.exe

C:\Windows\System\qUblzIi.exe

C:\Windows\System\qUblzIi.exe

C:\Windows\System\crMlxfA.exe

C:\Windows\System\crMlxfA.exe

C:\Windows\System\ZfnJuJq.exe

C:\Windows\System\ZfnJuJq.exe

C:\Windows\System\LExGsEd.exe

C:\Windows\System\LExGsEd.exe

C:\Windows\System\YhRyWQM.exe

C:\Windows\System\YhRyWQM.exe

C:\Windows\System\otYwbnH.exe

C:\Windows\System\otYwbnH.exe

C:\Windows\System\evvasAm.exe

C:\Windows\System\evvasAm.exe

C:\Windows\System\dQnxTLV.exe

C:\Windows\System\dQnxTLV.exe

C:\Windows\System\gImUyoq.exe

C:\Windows\System\gImUyoq.exe

C:\Windows\System\LfrueYS.exe

C:\Windows\System\LfrueYS.exe

C:\Windows\System\xZYKykK.exe

C:\Windows\System\xZYKykK.exe

C:\Windows\System\YnLDfml.exe

C:\Windows\System\YnLDfml.exe

C:\Windows\System\ZeNTOsM.exe

C:\Windows\System\ZeNTOsM.exe

C:\Windows\System\sucdYju.exe

C:\Windows\System\sucdYju.exe

C:\Windows\System\HyIsNJv.exe

C:\Windows\System\HyIsNJv.exe

C:\Windows\System\WCeEIAs.exe

C:\Windows\System\WCeEIAs.exe

C:\Windows\System\mJwfOfy.exe

C:\Windows\System\mJwfOfy.exe

C:\Windows\System\rxTUasM.exe

C:\Windows\System\rxTUasM.exe

C:\Windows\System\MTsXNkN.exe

C:\Windows\System\MTsXNkN.exe

C:\Windows\System\nLxSUci.exe

C:\Windows\System\nLxSUci.exe

C:\Windows\System\aXpwYBx.exe

C:\Windows\System\aXpwYBx.exe

C:\Windows\System\OsqcZQO.exe

C:\Windows\System\OsqcZQO.exe

C:\Windows\System\EDvmCgc.exe

C:\Windows\System\EDvmCgc.exe

C:\Windows\System\uwPAckK.exe

C:\Windows\System\uwPAckK.exe

C:\Windows\System\VmRKHyx.exe

C:\Windows\System\VmRKHyx.exe

C:\Windows\System\zYQCwXr.exe

C:\Windows\System\zYQCwXr.exe

C:\Windows\System\HHlKyyL.exe

C:\Windows\System\HHlKyyL.exe

C:\Windows\System\sOoUECl.exe

C:\Windows\System\sOoUECl.exe

C:\Windows\System\BTZzpOm.exe

C:\Windows\System\BTZzpOm.exe

C:\Windows\System\csOfOyv.exe

C:\Windows\System\csOfOyv.exe

C:\Windows\System\ufHiVGU.exe

C:\Windows\System\ufHiVGU.exe

C:\Windows\System\LDdoHJj.exe

C:\Windows\System\LDdoHJj.exe

C:\Windows\System\VaCTWWG.exe

C:\Windows\System\VaCTWWG.exe

C:\Windows\System\SawoySb.exe

C:\Windows\System\SawoySb.exe

C:\Windows\System\UIUpzvD.exe

C:\Windows\System\UIUpzvD.exe

C:\Windows\System\IMRoZjP.exe

C:\Windows\System\IMRoZjP.exe

C:\Windows\System\RtQQtli.exe

C:\Windows\System\RtQQtli.exe

C:\Windows\System\bOPKfIu.exe

C:\Windows\System\bOPKfIu.exe

C:\Windows\System\BShPhFG.exe

C:\Windows\System\BShPhFG.exe

C:\Windows\System\BaaJpQX.exe

C:\Windows\System\BaaJpQX.exe

C:\Windows\System\VeivutZ.exe

C:\Windows\System\VeivutZ.exe

C:\Windows\System\vDlVbAm.exe

C:\Windows\System\vDlVbAm.exe

C:\Windows\System\tiVkZpx.exe

C:\Windows\System\tiVkZpx.exe

C:\Windows\System\YGAGeTg.exe

C:\Windows\System\YGAGeTg.exe

C:\Windows\System\aFelohT.exe

C:\Windows\System\aFelohT.exe

C:\Windows\System\bBFkJNh.exe

C:\Windows\System\bBFkJNh.exe

C:\Windows\System\bVFwEqV.exe

C:\Windows\System\bVFwEqV.exe

C:\Windows\System\IsNeyKW.exe

C:\Windows\System\IsNeyKW.exe

C:\Windows\System\YydntFb.exe

C:\Windows\System\YydntFb.exe

C:\Windows\System\UPKmTOV.exe

C:\Windows\System\UPKmTOV.exe

C:\Windows\System\snLRPdD.exe

C:\Windows\System\snLRPdD.exe

C:\Windows\System\fBCcBZM.exe

C:\Windows\System\fBCcBZM.exe

C:\Windows\System\tRrAHgY.exe

C:\Windows\System\tRrAHgY.exe

C:\Windows\System\wmvYqiu.exe

C:\Windows\System\wmvYqiu.exe

C:\Windows\System\mYwJQMT.exe

C:\Windows\System\mYwJQMT.exe

C:\Windows\System\AKAXhhJ.exe

C:\Windows\System\AKAXhhJ.exe

C:\Windows\System\kiiYbhT.exe

C:\Windows\System\kiiYbhT.exe

C:\Windows\System\lfPQYTU.exe

C:\Windows\System\lfPQYTU.exe

C:\Windows\System\RsIdozC.exe

C:\Windows\System\RsIdozC.exe

C:\Windows\System\RPPDtpP.exe

C:\Windows\System\RPPDtpP.exe

C:\Windows\System\hMNTooX.exe

C:\Windows\System\hMNTooX.exe

C:\Windows\System\DvSLsHk.exe

C:\Windows\System\DvSLsHk.exe

C:\Windows\System\tAwTmpN.exe

C:\Windows\System\tAwTmpN.exe

C:\Windows\System\uyVrTIG.exe

C:\Windows\System\uyVrTIG.exe

C:\Windows\System\sOibwEW.exe

C:\Windows\System\sOibwEW.exe

C:\Windows\System\vjrJsIk.exe

C:\Windows\System\vjrJsIk.exe

C:\Windows\System\MTKRsVD.exe

C:\Windows\System\MTKRsVD.exe

C:\Windows\System\DPrEVBA.exe

C:\Windows\System\DPrEVBA.exe

C:\Windows\System\VAjFKph.exe

C:\Windows\System\VAjFKph.exe

C:\Windows\System\PNTmWLt.exe

C:\Windows\System\PNTmWLt.exe

C:\Windows\System\cbmOYNU.exe

C:\Windows\System\cbmOYNU.exe

C:\Windows\System\EWEdXcG.exe

C:\Windows\System\EWEdXcG.exe

C:\Windows\System\kyjLclC.exe

C:\Windows\System\kyjLclC.exe

C:\Windows\System\EafXkIR.exe

C:\Windows\System\EafXkIR.exe

C:\Windows\System\jcSxRDV.exe

C:\Windows\System\jcSxRDV.exe

C:\Windows\System\UravBOD.exe

C:\Windows\System\UravBOD.exe

C:\Windows\System\tLJdmzu.exe

C:\Windows\System\tLJdmzu.exe

C:\Windows\System\soltiWB.exe

C:\Windows\System\soltiWB.exe

C:\Windows\System\qkeHnDH.exe

C:\Windows\System\qkeHnDH.exe

C:\Windows\System\eTSRYEA.exe

C:\Windows\System\eTSRYEA.exe

C:\Windows\System\QMQiJRM.exe

C:\Windows\System\QMQiJRM.exe

C:\Windows\System\LqLwfWO.exe

C:\Windows\System\LqLwfWO.exe

C:\Windows\System\isqckgz.exe

C:\Windows\System\isqckgz.exe

C:\Windows\System\nMLycps.exe

C:\Windows\System\nMLycps.exe

C:\Windows\System\JMygpwz.exe

C:\Windows\System\JMygpwz.exe

C:\Windows\System\eDrYBcM.exe

C:\Windows\System\eDrYBcM.exe

C:\Windows\System\NDCVddV.exe

C:\Windows\System\NDCVddV.exe

C:\Windows\System\aftsoSz.exe

C:\Windows\System\aftsoSz.exe

C:\Windows\System\ElpIvQK.exe

C:\Windows\System\ElpIvQK.exe

C:\Windows\System\FgkjRNN.exe

C:\Windows\System\FgkjRNN.exe

C:\Windows\System\YUjGOvw.exe

C:\Windows\System\YUjGOvw.exe

C:\Windows\System\csqAQIi.exe

C:\Windows\System\csqAQIi.exe

C:\Windows\System\qJGyOvn.exe

C:\Windows\System\qJGyOvn.exe

C:\Windows\System\WndzZCn.exe

C:\Windows\System\WndzZCn.exe

C:\Windows\System\xavVXec.exe

C:\Windows\System\xavVXec.exe

C:\Windows\System\nwWTRCK.exe

C:\Windows\System\nwWTRCK.exe

C:\Windows\System\pgvtZwN.exe

C:\Windows\System\pgvtZwN.exe

C:\Windows\System\PIuJwCC.exe

C:\Windows\System\PIuJwCC.exe

C:\Windows\System\CHenNmo.exe

C:\Windows\System\CHenNmo.exe

C:\Windows\System\fdTKFwq.exe

C:\Windows\System\fdTKFwq.exe

C:\Windows\System\kipDUIb.exe

C:\Windows\System\kipDUIb.exe

C:\Windows\System\XyjbFNv.exe

C:\Windows\System\XyjbFNv.exe

C:\Windows\System\NUrbtsI.exe

C:\Windows\System\NUrbtsI.exe

C:\Windows\System\MUfTCKV.exe

C:\Windows\System\MUfTCKV.exe

C:\Windows\System\PvPkJCm.exe

C:\Windows\System\PvPkJCm.exe

C:\Windows\System\sSFwSVu.exe

C:\Windows\System\sSFwSVu.exe

C:\Windows\System\kOhuJOT.exe

C:\Windows\System\kOhuJOT.exe

C:\Windows\System\ZPgNWRG.exe

C:\Windows\System\ZPgNWRG.exe

C:\Windows\System\SLKWRVu.exe

C:\Windows\System\SLKWRVu.exe

C:\Windows\System\yrSSTUQ.exe

C:\Windows\System\yrSSTUQ.exe

C:\Windows\System\dbUpMlH.exe

C:\Windows\System\dbUpMlH.exe

C:\Windows\System\mHhnlVJ.exe

C:\Windows\System\mHhnlVJ.exe

C:\Windows\System\faihaZn.exe

C:\Windows\System\faihaZn.exe

C:\Windows\System\adBOnDX.exe

C:\Windows\System\adBOnDX.exe

C:\Windows\System\oaMnGZm.exe

C:\Windows\System\oaMnGZm.exe

C:\Windows\System\LsMUwuq.exe

C:\Windows\System\LsMUwuq.exe

C:\Windows\System\hsKYbyl.exe

C:\Windows\System\hsKYbyl.exe

C:\Windows\System\FdmkMPX.exe

C:\Windows\System\FdmkMPX.exe

C:\Windows\System\iKmpGfP.exe

C:\Windows\System\iKmpGfP.exe

C:\Windows\System\AtDFmUb.exe

C:\Windows\System\AtDFmUb.exe

C:\Windows\System\RbOsDru.exe

C:\Windows\System\RbOsDru.exe

C:\Windows\System\TTgvXyo.exe

C:\Windows\System\TTgvXyo.exe

C:\Windows\System\cyIoLyu.exe

C:\Windows\System\cyIoLyu.exe

C:\Windows\System\yajmLpO.exe

C:\Windows\System\yajmLpO.exe

C:\Windows\System\mmLsymO.exe

C:\Windows\System\mmLsymO.exe

C:\Windows\System\hAQpQLg.exe

C:\Windows\System\hAQpQLg.exe

C:\Windows\System\EiAwpNj.exe

C:\Windows\System\EiAwpNj.exe

C:\Windows\System\sdRWMDU.exe

C:\Windows\System\sdRWMDU.exe

C:\Windows\System\ZsJUxzP.exe

C:\Windows\System\ZsJUxzP.exe

C:\Windows\System\PHImRoq.exe

C:\Windows\System\PHImRoq.exe

C:\Windows\System\hlgwyQx.exe

C:\Windows\System\hlgwyQx.exe

C:\Windows\System\NDEMBXw.exe

C:\Windows\System\NDEMBXw.exe

C:\Windows\System\WXbwwrG.exe

C:\Windows\System\WXbwwrG.exe

C:\Windows\System\PVZGmOw.exe

C:\Windows\System\PVZGmOw.exe

C:\Windows\System\mrHKrfR.exe

C:\Windows\System\mrHKrfR.exe

C:\Windows\System\zMyGCbd.exe

C:\Windows\System\zMyGCbd.exe

C:\Windows\System\GunxrZw.exe

C:\Windows\System\GunxrZw.exe

C:\Windows\System\RVHsgru.exe

C:\Windows\System\RVHsgru.exe

C:\Windows\System\sdTnzBi.exe

C:\Windows\System\sdTnzBi.exe

C:\Windows\System\vGnVvGL.exe

C:\Windows\System\vGnVvGL.exe

C:\Windows\System\WkaApsT.exe

C:\Windows\System\WkaApsT.exe

C:\Windows\System\idEtNhY.exe

C:\Windows\System\idEtNhY.exe

C:\Windows\System\dNtnDvO.exe

C:\Windows\System\dNtnDvO.exe

C:\Windows\System\DkEFNSD.exe

C:\Windows\System\DkEFNSD.exe

C:\Windows\System\VYfQDCk.exe

C:\Windows\System\VYfQDCk.exe

C:\Windows\System\aSIErWo.exe

C:\Windows\System\aSIErWo.exe

C:\Windows\System\meayLsr.exe

C:\Windows\System\meayLsr.exe

C:\Windows\System\CqlTvVT.exe

C:\Windows\System\CqlTvVT.exe

C:\Windows\System\fRfgYts.exe

C:\Windows\System\fRfgYts.exe

C:\Windows\System\EnTzlHP.exe

C:\Windows\System\EnTzlHP.exe

C:\Windows\System\rafMSXB.exe

C:\Windows\System\rafMSXB.exe

C:\Windows\System\mutdivm.exe

C:\Windows\System\mutdivm.exe

C:\Windows\System\oBUeXmV.exe

C:\Windows\System\oBUeXmV.exe

C:\Windows\System\jLyZlhz.exe

C:\Windows\System\jLyZlhz.exe

C:\Windows\System\cKwguDL.exe

C:\Windows\System\cKwguDL.exe

C:\Windows\System\DEjvgDA.exe

C:\Windows\System\DEjvgDA.exe

C:\Windows\System\jDgdwhw.exe

C:\Windows\System\jDgdwhw.exe

C:\Windows\System\vLYONeo.exe

C:\Windows\System\vLYONeo.exe

C:\Windows\System\FcjRnfi.exe

C:\Windows\System\FcjRnfi.exe

C:\Windows\System\gJAgdsv.exe

C:\Windows\System\gJAgdsv.exe

C:\Windows\System\SUYdMNI.exe

C:\Windows\System\SUYdMNI.exe

C:\Windows\System\FGpCIsc.exe

C:\Windows\System\FGpCIsc.exe

C:\Windows\System\qDMkzlv.exe

C:\Windows\System\qDMkzlv.exe

C:\Windows\System\hAPANKr.exe

C:\Windows\System\hAPANKr.exe

C:\Windows\System\XLPruxn.exe

C:\Windows\System\XLPruxn.exe

C:\Windows\System\cLTPSuk.exe

C:\Windows\System\cLTPSuk.exe

C:\Windows\System\xtiQOlo.exe

C:\Windows\System\xtiQOlo.exe

C:\Windows\System\XCyaeaX.exe

C:\Windows\System\XCyaeaX.exe

C:\Windows\System\gWGWUzY.exe

C:\Windows\System\gWGWUzY.exe

C:\Windows\System\mgBYQgB.exe

C:\Windows\System\mgBYQgB.exe

C:\Windows\System\mgcvmOa.exe

C:\Windows\System\mgcvmOa.exe

C:\Windows\System\lXzCiXY.exe

C:\Windows\System\lXzCiXY.exe

C:\Windows\System\DjMvVaJ.exe

C:\Windows\System\DjMvVaJ.exe

C:\Windows\System\PqBOuDp.exe

C:\Windows\System\PqBOuDp.exe

C:\Windows\System\osjLtGn.exe

C:\Windows\System\osjLtGn.exe

C:\Windows\System\pKNoFtU.exe

C:\Windows\System\pKNoFtU.exe

C:\Windows\System\VnqaCAB.exe

C:\Windows\System\VnqaCAB.exe

C:\Windows\System\HHsPaeo.exe

C:\Windows\System\HHsPaeo.exe

C:\Windows\System\zzNLKZK.exe

C:\Windows\System\zzNLKZK.exe

C:\Windows\System\ldRnMmm.exe

C:\Windows\System\ldRnMmm.exe

C:\Windows\System\namYNqC.exe

C:\Windows\System\namYNqC.exe

C:\Windows\System\kqLGKEl.exe

C:\Windows\System\kqLGKEl.exe

C:\Windows\System\WEhIyFW.exe

C:\Windows\System\WEhIyFW.exe

C:\Windows\System\QcjEBJg.exe

C:\Windows\System\QcjEBJg.exe

C:\Windows\System\JKAWfgJ.exe

C:\Windows\System\JKAWfgJ.exe

C:\Windows\System\liCXInT.exe

C:\Windows\System\liCXInT.exe

C:\Windows\System\xRyKVEz.exe

C:\Windows\System\xRyKVEz.exe

C:\Windows\System\qPmEuZj.exe

C:\Windows\System\qPmEuZj.exe

C:\Windows\System\UHNtJdJ.exe

C:\Windows\System\UHNtJdJ.exe

C:\Windows\System\lcHRjTq.exe

C:\Windows\System\lcHRjTq.exe

C:\Windows\System\gkRGaIH.exe

C:\Windows\System\gkRGaIH.exe

C:\Windows\System\rnKXjFh.exe

C:\Windows\System\rnKXjFh.exe

C:\Windows\System\MJbMRGl.exe

C:\Windows\System\MJbMRGl.exe

C:\Windows\System\eXlEEdE.exe

C:\Windows\System\eXlEEdE.exe

C:\Windows\System\dRpiQPc.exe

C:\Windows\System\dRpiQPc.exe

C:\Windows\System\CUgaFst.exe

C:\Windows\System\CUgaFst.exe

C:\Windows\System\LhzPVHB.exe

C:\Windows\System\LhzPVHB.exe

C:\Windows\System\ioqVWJo.exe

C:\Windows\System\ioqVWJo.exe

C:\Windows\System\UGoHTzx.exe

C:\Windows\System\UGoHTzx.exe

C:\Windows\System\ZaNvKAk.exe

C:\Windows\System\ZaNvKAk.exe

C:\Windows\System\qzWFeqG.exe

C:\Windows\System\qzWFeqG.exe

C:\Windows\System\GPomOSP.exe

C:\Windows\System\GPomOSP.exe

C:\Windows\System\izDDxbP.exe

C:\Windows\System\izDDxbP.exe

C:\Windows\System\AOEmVac.exe

C:\Windows\System\AOEmVac.exe

C:\Windows\System\KAYHSHX.exe

C:\Windows\System\KAYHSHX.exe

C:\Windows\System\qCjTzEx.exe

C:\Windows\System\qCjTzEx.exe

C:\Windows\System\zOeDClU.exe

C:\Windows\System\zOeDClU.exe

C:\Windows\System\UlbLhax.exe

C:\Windows\System\UlbLhax.exe

C:\Windows\System\jKcQWzI.exe

C:\Windows\System\jKcQWzI.exe

C:\Windows\System\OBBtsDw.exe

C:\Windows\System\OBBtsDw.exe

C:\Windows\System\AKCUqAz.exe

C:\Windows\System\AKCUqAz.exe

C:\Windows\System\HemUahk.exe

C:\Windows\System\HemUahk.exe

C:\Windows\System\LhWBZrs.exe

C:\Windows\System\LhWBZrs.exe

C:\Windows\System\YBqRpWH.exe

C:\Windows\System\YBqRpWH.exe

C:\Windows\System\NyhZlsr.exe

C:\Windows\System\NyhZlsr.exe

C:\Windows\System\uNFPfVF.exe

C:\Windows\System\uNFPfVF.exe

C:\Windows\System\THiNrjl.exe

C:\Windows\System\THiNrjl.exe

C:\Windows\System\KDVTrOg.exe

C:\Windows\System\KDVTrOg.exe

C:\Windows\System\eehFnXL.exe

C:\Windows\System\eehFnXL.exe

C:\Windows\System\rCThsQn.exe

C:\Windows\System\rCThsQn.exe

C:\Windows\System\AcDMxxc.exe

C:\Windows\System\AcDMxxc.exe

C:\Windows\System\WelIQyq.exe

C:\Windows\System\WelIQyq.exe

C:\Windows\System\pilRhLM.exe

C:\Windows\System\pilRhLM.exe

C:\Windows\System\hlzIfEs.exe

C:\Windows\System\hlzIfEs.exe

C:\Windows\System\rxbEmuZ.exe

C:\Windows\System\rxbEmuZ.exe

C:\Windows\System\HXJEGoZ.exe

C:\Windows\System\HXJEGoZ.exe

C:\Windows\System\BRhbBAW.exe

C:\Windows\System\BRhbBAW.exe

C:\Windows\System\YUvAWfo.exe

C:\Windows\System\YUvAWfo.exe

C:\Windows\System\mPzXhYi.exe

C:\Windows\System\mPzXhYi.exe

C:\Windows\System\QfmZgTj.exe

C:\Windows\System\QfmZgTj.exe

C:\Windows\System\VyGRmsQ.exe

C:\Windows\System\VyGRmsQ.exe

C:\Windows\System\WIaiDDX.exe

C:\Windows\System\WIaiDDX.exe

C:\Windows\System\beVgPjv.exe

C:\Windows\System\beVgPjv.exe

C:\Windows\System\TmEAvRc.exe

C:\Windows\System\TmEAvRc.exe

C:\Windows\System\dHOfyOe.exe

C:\Windows\System\dHOfyOe.exe

C:\Windows\System\bbVbvhU.exe

C:\Windows\System\bbVbvhU.exe

C:\Windows\System\LkidLWG.exe

C:\Windows\System\LkidLWG.exe

C:\Windows\System\yOvWBBO.exe

C:\Windows\System\yOvWBBO.exe

C:\Windows\System\fVYupRT.exe

C:\Windows\System\fVYupRT.exe

C:\Windows\System\PkuqYEh.exe

C:\Windows\System\PkuqYEh.exe

C:\Windows\System\kZlynPw.exe

C:\Windows\System\kZlynPw.exe

C:\Windows\System\ZMkMLus.exe

C:\Windows\System\ZMkMLus.exe

C:\Windows\System\gisFlJz.exe

C:\Windows\System\gisFlJz.exe

C:\Windows\System\FQiRrmD.exe

C:\Windows\System\FQiRrmD.exe

C:\Windows\System\QkQutzq.exe

C:\Windows\System\QkQutzq.exe

C:\Windows\System\elIbAlr.exe

C:\Windows\System\elIbAlr.exe

C:\Windows\System\ypWxQQI.exe

C:\Windows\System\ypWxQQI.exe

C:\Windows\System\MCEsiwE.exe

C:\Windows\System\MCEsiwE.exe

C:\Windows\System\GDBjDNR.exe

C:\Windows\System\GDBjDNR.exe

C:\Windows\System\gNFEyRR.exe

C:\Windows\System\gNFEyRR.exe

C:\Windows\System\AVMaoJt.exe

C:\Windows\System\AVMaoJt.exe

C:\Windows\System\TRcRsJR.exe

C:\Windows\System\TRcRsJR.exe

C:\Windows\System\ZllPjSu.exe

C:\Windows\System\ZllPjSu.exe

C:\Windows\System\qJsYvGg.exe

C:\Windows\System\qJsYvGg.exe

C:\Windows\System\oyrRVYm.exe

C:\Windows\System\oyrRVYm.exe

C:\Windows\System\maPgZPN.exe

C:\Windows\System\maPgZPN.exe

C:\Windows\System\RToyOBo.exe

C:\Windows\System\RToyOBo.exe

C:\Windows\System\ieoCyLd.exe

C:\Windows\System\ieoCyLd.exe

C:\Windows\System\uymKyhg.exe

C:\Windows\System\uymKyhg.exe

C:\Windows\System\ErvUadE.exe

C:\Windows\System\ErvUadE.exe

C:\Windows\System\sHxMXRI.exe

C:\Windows\System\sHxMXRI.exe

C:\Windows\System\bQyvGYx.exe

C:\Windows\System\bQyvGYx.exe

C:\Windows\System\OlDtqAg.exe

C:\Windows\System\OlDtqAg.exe

C:\Windows\System\ocFZpSW.exe

C:\Windows\System\ocFZpSW.exe

C:\Windows\System\caUwGWG.exe

C:\Windows\System\caUwGWG.exe

C:\Windows\System\MVjxaEH.exe

C:\Windows\System\MVjxaEH.exe

C:\Windows\System\qnnmMFG.exe

C:\Windows\System\qnnmMFG.exe

C:\Windows\System\PnbdHCP.exe

C:\Windows\System\PnbdHCP.exe

C:\Windows\System\SBHgFvS.exe

C:\Windows\System\SBHgFvS.exe

C:\Windows\System\saVnuGv.exe

C:\Windows\System\saVnuGv.exe

C:\Windows\System\CbbUDwt.exe

C:\Windows\System\CbbUDwt.exe

C:\Windows\System\IFPdXnK.exe

C:\Windows\System\IFPdXnK.exe

C:\Windows\System\sZVjFku.exe

C:\Windows\System\sZVjFku.exe

C:\Windows\System\VAAvAWI.exe

C:\Windows\System\VAAvAWI.exe

C:\Windows\System\grCUqzo.exe

C:\Windows\System\grCUqzo.exe

C:\Windows\System\SvWnKZZ.exe

C:\Windows\System\SvWnKZZ.exe

C:\Windows\System\mZqagDj.exe

C:\Windows\System\mZqagDj.exe

C:\Windows\System\WNsRhAp.exe

C:\Windows\System\WNsRhAp.exe

C:\Windows\System\oEcFyuJ.exe

C:\Windows\System\oEcFyuJ.exe

C:\Windows\System\GYLxZwb.exe

C:\Windows\System\GYLxZwb.exe

C:\Windows\System\jTvIHUe.exe

C:\Windows\System\jTvIHUe.exe

C:\Windows\System\UKBCTVX.exe

C:\Windows\System\UKBCTVX.exe

C:\Windows\System\eHINAzz.exe

C:\Windows\System\eHINAzz.exe

C:\Windows\System\RBvVBqQ.exe

C:\Windows\System\RBvVBqQ.exe

C:\Windows\System\OlcxzrD.exe

C:\Windows\System\OlcxzrD.exe

C:\Windows\System\HeucYtZ.exe

C:\Windows\System\HeucYtZ.exe

C:\Windows\System\BYImVvR.exe

C:\Windows\System\BYImVvR.exe

C:\Windows\System\pFHiUCw.exe

C:\Windows\System\pFHiUCw.exe

C:\Windows\System\xomBFXD.exe

C:\Windows\System\xomBFXD.exe

C:\Windows\System\scGPbCK.exe

C:\Windows\System\scGPbCK.exe

C:\Windows\System\NxhUrKf.exe

C:\Windows\System\NxhUrKf.exe

C:\Windows\System\qaJmqfT.exe

C:\Windows\System\qaJmqfT.exe

C:\Windows\System\NfbTnZE.exe

C:\Windows\System\NfbTnZE.exe

C:\Windows\System\mvoGqHa.exe

C:\Windows\System\mvoGqHa.exe

C:\Windows\System\ujnXgwq.exe

C:\Windows\System\ujnXgwq.exe

C:\Windows\System\RNmSHez.exe

C:\Windows\System\RNmSHez.exe

C:\Windows\System\dszESDL.exe

C:\Windows\System\dszESDL.exe

C:\Windows\System\pQPRQPt.exe

C:\Windows\System\pQPRQPt.exe

C:\Windows\System\rcvNLZD.exe

C:\Windows\System\rcvNLZD.exe

C:\Windows\System\naGRnWJ.exe

C:\Windows\System\naGRnWJ.exe

C:\Windows\System\UHabgqj.exe

C:\Windows\System\UHabgqj.exe

C:\Windows\System\IJNPEjZ.exe

C:\Windows\System\IJNPEjZ.exe

C:\Windows\System\StyVrRG.exe

C:\Windows\System\StyVrRG.exe

C:\Windows\System\qaZRxXW.exe

C:\Windows\System\qaZRxXW.exe

C:\Windows\System\KqIMkNt.exe

C:\Windows\System\KqIMkNt.exe

C:\Windows\System\vhOmlgr.exe

C:\Windows\System\vhOmlgr.exe

C:\Windows\System\jeTzwMJ.exe

C:\Windows\System\jeTzwMJ.exe

C:\Windows\System\zAdxrBV.exe

C:\Windows\System\zAdxrBV.exe

C:\Windows\System\VaGTrWh.exe

C:\Windows\System\VaGTrWh.exe

C:\Windows\System\FxneilH.exe

C:\Windows\System\FxneilH.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3524 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/2388-0-0x00007FF6FC490000-0x00007FF6FC7E4000-memory.dmp

memory/2388-1-0x0000021D76500000-0x0000021D76510000-memory.dmp

C:\Windows\System\nJdrsDL.exe

MD5 01cbcb9610fbac063f4c61e36eeb3ccc
SHA1 9cb27ff1c4331c942a91847c618a24b4d277f6a0
SHA256 ce0c35530e0497889c01d983915c405beb39887a59c2ad77e922f8e5fa80e808
SHA512 ed902c4d3a7a5e38d927c3270a838e544fc5e6a53aee749a05d2041ad515f7fc77a0e95f942936d34f803b86e23f401d7925e060d90545510884523accee6978

C:\Windows\System\xJhGEkW.exe

MD5 2fb1f9f0b48d80e916ad94fad58e4e1a
SHA1 ed44162beba2c67deea57e9f52ba5267bfca69cd
SHA256 74e8cee7aaa27ebf3c1d5e386918079c0226657880e469e4b67859ab96724b7f
SHA512 d589332360f60be1a12f7eacb263cf7fb6bac6178492cc36d5610dd8012fe8da7915c489e2c53cc54ee9e6dc88f47a6198742675567a547f0996a912580e7a21

C:\Windows\System\aHPKSgO.exe

MD5 06d5172c30971ee684dd4832766fbd24
SHA1 dfed2ec721cb8558ed11c0652a5d2717522b9301
SHA256 d6e88c327af7943c91f6a063d79f17862f04417aa0e3f760750d7629a05ddf61
SHA512 e1f8fdcbfc7a804f7e2cebc568f6549625153a1594fb7e9796d0f6ae9f691ef4ade8d5fa4cca588a08ed6a7b046ab742617324f336463de82bec8b02474a9939

memory/408-10-0x00007FF60FDE0000-0x00007FF610134000-memory.dmp

memory/2360-23-0x00007FF6CECA0000-0x00007FF6CEFF4000-memory.dmp

C:\Windows\System\IqFRhoR.exe

MD5 d67c2a32a3fd0084a1683976331b9aeb
SHA1 40e6499fa5cd84b4447b7828b12a075b8c56d9ee
SHA256 93fae27947cb9ed8250bf63afc4e40f64180724522705934f5fd6c1229aea101
SHA512 c0e16cb9e6a38d7891f7e6ecaeed9e0f352fa2557065e8e6746fad9bd5b24a2c6a66935043b907b36b94bc1cd09101b87b6cc5ea67b0a2ab1b2ada24ff9cb993

memory/3204-27-0x00007FF7FAC20000-0x00007FF7FAF74000-memory.dmp

C:\Windows\System\hkcLhMP.exe

MD5 a3bec47319d75e909840e6da107acd29
SHA1 ec56bfb33b7fd2b397cea92003db6eb59299e101
SHA256 d13b02bcfe8d80546332e58724c0beea7a23e6e0bfd361f2b1592b72b2bacc32
SHA512 c03bb4954cc204788f9307697bcc9f8a0db34df418f2ba4aa82eb76a170c81a348735540ef4fabe50a7401ad4e5212d6a6e41362dd8379bdb50ba542023b8ff1

memory/2476-32-0x00007FF62C3B0000-0x00007FF62C704000-memory.dmp

memory/1928-19-0x00007FF76EB40000-0x00007FF76EE94000-memory.dmp

C:\Windows\System\WaPzQtW.exe

MD5 226a6afa3f70410c071e4ab0c98f039c
SHA1 51508825ebdbfe090ea7a985245bbd739919d4cc
SHA256 c8fa5b8a434cbcf815a6ea75d17a359f7e203b935c40e738d25089923304ece7
SHA512 ec089a35bcac2bb846e78a3ca9bc3224f0d920421a64ac951fd0a25b6f4e1e15a91c7a38cc013ca5e91bed98b42ef0db5e07eb05c0e273821819d02e0dc8867f

C:\Windows\System\kGvNqTO.exe

MD5 871b013725a0352cb2dc4d9a7a4f80fd
SHA1 f86917d4400b88ad51b0630f12d8c386c81a0b7f
SHA256 62130fd03528fbba0e09c12e94e87217c89476412aff1ad07925b47f25be90be
SHA512 22b3ab8f002caecd61c1072c919902b33d92325510b7aaa93458f2fc0b88b8f2175f6d085383c016345ab489a0dec69193420e4f282584a088961a070de5ca1e

memory/2644-43-0x00007FF7CFDA0000-0x00007FF7D00F4000-memory.dmp

memory/2172-39-0x00007FF70F0C0000-0x00007FF70F414000-memory.dmp

C:\Windows\System\IaWLXnC.exe

MD5 a9543fda611c892c1e6b8437ccc1c19c
SHA1 a4707388ec353724003d7a639820f0055919ac8d
SHA256 34d26c05c62a9d811ad83388a4ac00eae1e1a3fcf953d4c31f00980b32840eb4
SHA512 49849699251133aeed667cb5d72739af930938ce3eac69004e2b01b0a5c959a2364bd67e95a8d5a804e92b4b5599593c399f0886322806f921ef6c2a5e97390f

C:\Windows\System\tpQJuAH.exe

MD5 a56d2e2606164932b7518bf67d035b34
SHA1 e9b9929f041f189eea69a4a5c1a37c41caa8f70d
SHA256 abee19387df8a08faef55889c4afcf412ba10c8d4b0f318e0df01973aa2a8f57
SHA512 922527e127cc27f5ca23ddf208b9a7cb815af60215ff8e009e665971c92e4c7fd6b6e6454134fa43eddefe98d13d8b75df971adc5ea765ddcce6b38acf470f2f

memory/1740-59-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp

C:\Windows\System\HjjhECX.exe

MD5 7febe01427a871df52670d628302852a
SHA1 32d5fe1ca90e34d0d5e086aebdcae7e2a9e51cc4
SHA256 6a4ea071ff7338cfc5f3c51e1a290246f31c8fce46892303a7bce837553051cf
SHA512 7cebf1a8c9bd458f528c2831702abb26193a7e8b673619daa48fa05c163eec05c0c14397d4004b08738f67ccd9becae3f749c57d711f45abc4825deefaa6c49b

C:\Windows\System\quLafUM.exe

MD5 d959b4f72e73e725782299597300c5b6
SHA1 08c22aa5f820673f7889140c4fca90e705905a0e
SHA256 47ee797dea5052723188c04af04fd4ea666027e3670040b3c2fe942c9643b58a
SHA512 b7f8a0a570379c5899273143c02b9ac0da5e0f647445b0d6ddf6578253157f3bf96150f424d72bbc4d54e37ff2ca27e1b239e94f3fd049455cb0c2ba6cd4d4ee

memory/4772-64-0x00007FF7BB2D0000-0x00007FF7BB624000-memory.dmp

memory/4916-65-0x00007FF61E2D0000-0x00007FF61E624000-memory.dmp

memory/2388-63-0x00007FF6FC490000-0x00007FF6FC7E4000-memory.dmp

memory/3092-53-0x00007FF615E20000-0x00007FF616174000-memory.dmp

memory/408-66-0x00007FF60FDE0000-0x00007FF610134000-memory.dmp

C:\Windows\System\opNLhdb.exe

MD5 e7ac1a4afdff85815a65626c3da225cb
SHA1 ba13b554459d23d9cdd75af3a419996575e4cd57
SHA256 53ee84191039bc58543126895e16bf867e44bbbb8eedfbe8809b910023d805a1
SHA512 64eab7861318a78ba48795c8c9a995f7007b418a58958268740e9081c56b7471ffdba83baa2a58b9aa58231bf1375505319ad1a7e180682b70cff92d8cca1e89

C:\Windows\System\bOnHcSf.exe

MD5 390de35a88a7cc6f2ad179307c132cf0
SHA1 a8f3d8e3215f4b955119459af5934d77168c7f7e
SHA256 ba921a68bae34b1955dce66d6b3437dab853a122e8d8f293fe2a94e708ad475a
SHA512 3881ed4125bb5530b31d04021f2e291b4ed6120a1fe121d39bc6a11907ba563bfb605ff8627fa6fa3aa612da12c4bd5e413c50a44ecf2d94483fc1b43f7a5eff

memory/1676-88-0x00007FF6C9770000-0x00007FF6C9AC4000-memory.dmp

memory/2268-101-0x00007FF692B10000-0x00007FF692E64000-memory.dmp

C:\Windows\System\ZfnJuJq.exe

MD5 7dd3623a145bc84bee3251f286671223
SHA1 e253d81c2a91341517341d21d4652c13323e050c
SHA256 6ace60c711e797130b49560f735058c44b7ae411a4227b1fd8537b09b5f83560
SHA512 9249f69080ab6c070236857f17fcb3d11b9a83154a45015571d4e1623da6ca5293c4d45e02b8b910063a7f1ba6d4d975cfe1c845ae161dab6055bc33dd346391

C:\Windows\System\LExGsEd.exe

MD5 466deafe8ffc71c35cb521e0a848c52e
SHA1 bf7e9b775f9e8c2f5173f47ac924312f7c187f9f
SHA256 b3fa436a9598d7d193cee0b4352f1ae0952b9bee3bcfd7f485b1ad7eca4816f1
SHA512 f2a95de9a23850172464b2e6d0e8a8345f65cc89b52099eb7bb7901ee6b00be9ee1f59f8354e9447085a7cc6998e492996c08758a21d4736544aaa52f012e22f

C:\Windows\System\YhRyWQM.exe

MD5 315573e46c122a18fcd464d620797a7e
SHA1 e82339516cc5aff54176be0c684a8a4b59c1af3b
SHA256 5ab97542bbc06ed9e6a0d476684199e6a18a2df7386bbadaec66c64337399150
SHA512 76bad2a789dce69fdb9aa1a4788583c664562b6920797802115455ccd6c272180ecc21fa1061e7f4b744e076f13b66cb3e3ca35b1b7c6f1141693826b5a6b1a8

memory/3580-116-0x00007FF616810000-0x00007FF616B64000-memory.dmp

C:\Windows\System\dQnxTLV.exe

MD5 2fafaad47d142ed1574443535c9b7e96
SHA1 56d8e97f0cd91f686e82772aa4b51267fbdef500
SHA256 d42d35731bf4dad5ee23b6760863dcad7fc3445307133983ce9cf72df2d1edbb
SHA512 5981ada22fd4d582e31b123166163c47d0a2e05003238aa9d714f9d9872f2d88717fc735fd6641aa7a80e8ddfd2eac291c4fb07eb138f16588b25d95f38ab720

C:\Windows\System\LfrueYS.exe

MD5 dd95abb78ffb59adc511552dbff45828
SHA1 2566e0f8f0f862d8af35840ec6656d6ef10d9318
SHA256 aac3f090944f52e0c7650ede445d3bd34c6f0c4b405e7d4d422119b0df6d8c38
SHA512 d044267b590ae340182fc264929b269c22d304fa47329e647d8b52ebe5b2a38d2e7cab4c2cfe925bda883e6854f74acdda289c6febd45247e28bbce886dae012

memory/232-159-0x00007FF6F6DE0000-0x00007FF6F7134000-memory.dmp

memory/4612-162-0x00007FF747430000-0x00007FF747784000-memory.dmp

memory/1616-168-0x00007FF78AAB0000-0x00007FF78AE04000-memory.dmp

memory/892-169-0x00007FF600D40000-0x00007FF601094000-memory.dmp

C:\Windows\System\YnLDfml.exe

MD5 f18f347fd9ca9a688a3039b89d5fd3e1
SHA1 d38f177e9be3a2ee4b5e7e302682e054495fe427
SHA256 05d20badd0c9c39bdf607650b50399beceb8791aae9ce9ee5cb0e97976758dfa
SHA512 f9110ff6ebc20a3b666606fd3de1da71feb64663723d5fcb4049756fb2fbaf2df6936966e605cb40bf517cb7fe0cb67a0fef6992cd46cfcb39e3865158d5eb86

C:\Windows\System\xZYKykK.exe

MD5 caa1e5e158d6286127b92987efc22f61
SHA1 f47814aee8294421a1ed4f33558fcb017bcd6673
SHA256 ccbbca67b495c4a18621a10db20895b18501410e2605c87b265398bf75248add
SHA512 1e09db09a671d5ac1a851f8df1e2313c0b2673e2b3bcc80097d2a8701f63bc2d9e05dfb657c21ed65613c90b1ac98ffa80928b672dcdc34b9f4f5b6f366527f3

memory/1760-163-0x00007FF72E930000-0x00007FF72EC84000-memory.dmp

memory/2172-161-0x00007FF70F0C0000-0x00007FF70F414000-memory.dmp

memory/3856-160-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp

C:\Windows\System\evvasAm.exe

MD5 fb8e0d5e14e5b38fe6a022df76c85b80
SHA1 c1b66b2c4afcf93461d50dba372d40efc8315d7d
SHA256 70c8c3c979b27a998999770bbee6a45e27794bb161f0f44d4ef3d5765147d6ee
SHA512 08c1cc16c8396c07d5bcafeae4963b3f4341e25f06425daaf759df3366a226f007dad4405165cb91581e1ac31050bb6b42bf8050892601d6e0923be5707b3c8a

C:\Windows\System\gImUyoq.exe

MD5 3ca73099d6b3da10f228a74ba37f36a3
SHA1 460e78477d9d7ec418f13bb5c0c85aa734488234
SHA256 a7a182b3db8a2a72a007a257c467eb7366b533525a5599e236692527790f2956
SHA512 7051d0621993a61545078e5aca7f511be9b28ef3ba664a03084867e7bcf3e9114e3a51dc5a925db61e69889e7bf8e662b8b6076427168022ffa873a1dd795575

memory/3648-150-0x00007FF74B190000-0x00007FF74B4E4000-memory.dmp

C:\Windows\System\otYwbnH.exe

MD5 9ce37b300f0bd032ff7bf5716f0c05df
SHA1 97e749f4b4aa3f1878f56d6e5034f124284cd357
SHA256 a08df344c26451ca5083909f51c31b79d31cfbbe11a61818b86e20f73afcdb34
SHA512 304b771134ebd0c135a4834e40a24f5404876ae163d10ec3f429c72a784db3dbed09fcf990c5ed9f2e37fa06f85a777628525222a4a50c13f506cfeb6a9319d5

memory/3196-133-0x00007FF7F1E50000-0x00007FF7F21A4000-memory.dmp

memory/3192-138-0x00007FF7F8050000-0x00007FF7F83A4000-memory.dmp

memory/2476-123-0x00007FF62C3B0000-0x00007FF62C704000-memory.dmp

memory/1108-112-0x00007FF6A2C40000-0x00007FF6A2F94000-memory.dmp

C:\Windows\System\qUblzIi.exe

MD5 0af003767e4260e534efe3866813c267
SHA1 7c6f00d6a584510d5f11a2fb5c3190c684c0d9cc
SHA256 abb18ed591a8abbb75e6fffd64050688b642f127190d6f3c6b6aad7ae345e1aa
SHA512 4b4c244476d0fa568ae18419a0b3854089e27626bed1b2d1b20500c837637b402237592af46990efc17af159ded2afe68ce5f52fca42303e89049d7c607a7379

memory/2244-107-0x00007FF67D440000-0x00007FF67D794000-memory.dmp

memory/3484-105-0x00007FF748F30000-0x00007FF749284000-memory.dmp

C:\Windows\System\crMlxfA.exe

MD5 c7e76cc4ecc5daf270a9c022fe35c3bf
SHA1 d2071d3d6354883dc95f918f911589a21a435621
SHA256 6400c3465e52e191212cbb0007e478124d51d62a9b8c384352535aa56ec42e98
SHA512 4f090bb5ecdb3d03f242a2d021c365c5615206c4c7471d34bd59010ada525a1a188e6f992ba6b018ef3931833828676abdf9963def899f31beec5c076b78b631

memory/3204-93-0x00007FF7FAC20000-0x00007FF7FAF74000-memory.dmp

C:\Windows\System\hBhiRBX.exe

MD5 c415e1b9e9b104757609ba72b7d270fa
SHA1 50aa1a435cce6bcede3a8cc80baaaa7e971575fb
SHA256 34dd0badfcb0d72bbe7b1a975f2c28a56bac02d3a11bd677e53b8b56b4a8d12f
SHA512 4e5feb53c6931488ec2641c678ab33f120d82bc26f4dbacda88f9a00ace9daa0039da1877bb254294b2adc34b186e3ead46f8e542c153e04922309603ddd52ce

memory/2132-84-0x00007FF73E980000-0x00007FF73ECD4000-memory.dmp

C:\Windows\System\QqCkNDU.exe

MD5 416344e3bc8c523099251be2a5caa8f1
SHA1 0c31268b1673b76be5ffe95a2e82a6c234f2ebe5
SHA256 78885e2269fe80beed0091b2c95c5b5b7bdb566343d0f664211af4f3e9ce7ee6
SHA512 7ec083e6a2fe24cee1a1baf3ddf1cef16cd0bacc02cbb244a9a6caa7d4c5476eaac618b6cc6bcf8e7aec794310f6d7e56a4d9a01b854343238d4524775d40171

C:\Windows\System\ZeNTOsM.exe

MD5 6ebc7954c28935009bcb83c0ea7e79b7
SHA1 145afd049467fd8ffcc84bd256caaa698b63c871
SHA256 5bd8909bfd31c98e6332aaeac5cf6d4c9eda7d9f47f1fb054519778b2e8740d7
SHA512 1e2ad1bbc71e6437066f5f1a2ba96795ff89513acc4b6075a7ea686fa3bf5bad1de3dce926af68b367403d05efdf91fbbba3d4ccc50a12667a821bb772c9ac9a

C:\Windows\System\sucdYju.exe

MD5 54fa09b173dc6c2400408985dacd1e5e
SHA1 edeee0fdf9374d0c5265ffafdbcb3eeb09895a09
SHA256 da237c0e0770f22a8c42511a0dae8218ce19c88b55a6460cc8ffecb237ca74d4
SHA512 b2b45f29163d4154b27d7999ebf0607106d47e18ebf326e3be9eab43317f4a6fc7227f21c530d0489f957cb61feb7c95c7814f03f803db5b776752211d4eb9b9

memory/2644-178-0x00007FF7CFDA0000-0x00007FF7D00F4000-memory.dmp

memory/3096-185-0x00007FF600980000-0x00007FF600CD4000-memory.dmp

C:\Windows\System\HyIsNJv.exe

MD5 fb4989e2c7c179ed09cc1bdcfd2a40cc
SHA1 4b39f81c52509be712b21255edf9685654616ff8
SHA256 96afcda5355383db03441e8d27366bff7709e499870053e78871979d02f6960c
SHA512 8b8932ff434400ba9e462b0f2ab743cd72c61098a2121a1c0e3b4189dff8b00fdaf6ba9414c5788a4e0f6522a44d29353bfe08ff3fa641791c86d8ac8e30ceea

C:\Windows\System\mJwfOfy.exe

MD5 b3c0def2483877f32eb5ad0037ca1901
SHA1 c65083599e0fd4dcc3a61f0d0374847ec1fe7609
SHA256 ac7fa98a78c78497d07115785cd8a372726f62f0d595bb54177236d6018d830a
SHA512 016e6a4539f1155841e22caca00b5d0c06477e07efb3da9cbfc7cedbc158fe183ba9ed1896cbb5f6ae0bfb6b8d6221a604b371a18bd43902fe73ce8f5b53b9a0

C:\Windows\System\rxTUasM.exe

MD5 1848c133342e5245a7014aff554687ba
SHA1 142c1d401a1443122eab7597b47c7348096f5e94
SHA256 2b27753ce52b71a99a15be8fd18cdea63cdf5fc302af1623fc430171b927ee59
SHA512 5306e854403aa9ca1f3c87bae0f7b355161005ba7bf58a31761d25dd00c3865c4c078e374f46d1d977f4379c6df77095dab22cbaae01da02e0d105355377c237

memory/1740-195-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp

C:\Windows\System\WCeEIAs.exe

MD5 22b2699f6f3161434eaf6f097b9ff9f9
SHA1 f06233b1de40b1a61b0c7de5e3df0e325bb4ea53
SHA256 e5d65aba989fe36e485d492a109d925c22d158e8bbbb21635b88dafeea882147
SHA512 11b921633f4bd223282ba934ae79965c8606f07fa8478d4e5b9906d959817bcbdae1c2ac08e5f1a68019751ee516adc007b8b5dbab331506c6c15b90c0c135ab

memory/4420-190-0x00007FF633D70000-0x00007FF6340C4000-memory.dmp

memory/4772-679-0x00007FF7BB2D0000-0x00007FF7BB624000-memory.dmp

memory/4916-1078-0x00007FF61E2D0000-0x00007FF61E624000-memory.dmp

memory/1676-1079-0x00007FF6C9770000-0x00007FF6C9AC4000-memory.dmp

memory/408-1080-0x00007FF60FDE0000-0x00007FF610134000-memory.dmp

memory/1928-1081-0x00007FF76EB40000-0x00007FF76EE94000-memory.dmp

memory/2360-1082-0x00007FF6CECA0000-0x00007FF6CEFF4000-memory.dmp

memory/3204-1084-0x00007FF7FAC20000-0x00007FF7FAF74000-memory.dmp

memory/2476-1083-0x00007FF62C3B0000-0x00007FF62C704000-memory.dmp

memory/1108-1085-0x00007FF6A2C40000-0x00007FF6A2F94000-memory.dmp

memory/3580-1086-0x00007FF616810000-0x00007FF616B64000-memory.dmp

memory/2172-1087-0x00007FF70F0C0000-0x00007FF70F414000-memory.dmp

memory/2644-1088-0x00007FF7CFDA0000-0x00007FF7D00F4000-memory.dmp

memory/3092-1089-0x00007FF615E20000-0x00007FF616174000-memory.dmp

memory/1740-1090-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp

memory/3196-1091-0x00007FF7F1E50000-0x00007FF7F21A4000-memory.dmp

memory/3648-1093-0x00007FF74B190000-0x00007FF74B4E4000-memory.dmp

memory/3192-1092-0x00007FF7F8050000-0x00007FF7F83A4000-memory.dmp

memory/232-1094-0x00007FF6F6DE0000-0x00007FF6F7134000-memory.dmp

memory/4772-1095-0x00007FF7BB2D0000-0x00007FF7BB624000-memory.dmp

memory/2132-1096-0x00007FF73E980000-0x00007FF73ECD4000-memory.dmp

memory/4916-1099-0x00007FF61E2D0000-0x00007FF61E624000-memory.dmp

memory/1676-1102-0x00007FF6C9770000-0x00007FF6C9AC4000-memory.dmp

memory/3196-1103-0x00007FF7F1E50000-0x00007FF7F21A4000-memory.dmp

memory/2244-1101-0x00007FF67D440000-0x00007FF67D794000-memory.dmp

memory/2268-1098-0x00007FF692B10000-0x00007FF692E64000-memory.dmp

memory/3580-1097-0x00007FF616810000-0x00007FF616B64000-memory.dmp

memory/3484-1100-0x00007FF748F30000-0x00007FF749284000-memory.dmp

memory/4612-1108-0x00007FF747430000-0x00007FF747784000-memory.dmp

memory/3192-1112-0x00007FF7F8050000-0x00007FF7F83A4000-memory.dmp

memory/892-1111-0x00007FF600D40000-0x00007FF601094000-memory.dmp

memory/232-1110-0x00007FF6F6DE0000-0x00007FF6F7134000-memory.dmp

memory/3856-1109-0x00007FF6C70B0000-0x00007FF6C7404000-memory.dmp

memory/1616-1107-0x00007FF78AAB0000-0x00007FF78AE04000-memory.dmp

memory/3648-1106-0x00007FF74B190000-0x00007FF74B4E4000-memory.dmp

memory/1760-1105-0x00007FF72E930000-0x00007FF72EC84000-memory.dmp

memory/1108-1104-0x00007FF6A2C40000-0x00007FF6A2F94000-memory.dmp

memory/3096-1113-0x00007FF600980000-0x00007FF600CD4000-memory.dmp

memory/4420-1114-0x00007FF633D70000-0x00007FF6340C4000-memory.dmp