Malware Analysis Report

2024-10-10 09:50

Sample ID 240620-p65hmasgkj
Target 64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe
SHA256 64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf

Threat Level: Known bad

The file 64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Xmrig family

XMRig Miner payload

Kpot family

xmrig

KPOT

KPOT Core Executable

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 12:57

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 12:57

Reported

2024-06-20 13:00

Platform

win7-20240419-en

Max time kernel

140s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iCqYXtY.exe N/A
N/A N/A C:\Windows\System\pQCDnBN.exe N/A
N/A N/A C:\Windows\System\Aqcdevu.exe N/A
N/A N/A C:\Windows\System\rOiVljj.exe N/A
N/A N/A C:\Windows\System\ArHGmkW.exe N/A
N/A N/A C:\Windows\System\qDLTHOe.exe N/A
N/A N/A C:\Windows\System\ruxCKQf.exe N/A
N/A N/A C:\Windows\System\NsZyoeo.exe N/A
N/A N/A C:\Windows\System\TVaumWM.exe N/A
N/A N/A C:\Windows\System\EbSYfrx.exe N/A
N/A N/A C:\Windows\System\RMCmWWN.exe N/A
N/A N/A C:\Windows\System\MKaCWJb.exe N/A
N/A N/A C:\Windows\System\FbTubBC.exe N/A
N/A N/A C:\Windows\System\kgRJPhL.exe N/A
N/A N/A C:\Windows\System\pFMMYvf.exe N/A
N/A N/A C:\Windows\System\mbjGCdY.exe N/A
N/A N/A C:\Windows\System\LgovWRp.exe N/A
N/A N/A C:\Windows\System\ALKLyds.exe N/A
N/A N/A C:\Windows\System\DBgYKjx.exe N/A
N/A N/A C:\Windows\System\ocAIYaD.exe N/A
N/A N/A C:\Windows\System\lQpPkmJ.exe N/A
N/A N/A C:\Windows\System\BMOCmpn.exe N/A
N/A N/A C:\Windows\System\ERSHHKm.exe N/A
N/A N/A C:\Windows\System\eeFmZuX.exe N/A
N/A N/A C:\Windows\System\QNRMFYV.exe N/A
N/A N/A C:\Windows\System\chFfvBd.exe N/A
N/A N/A C:\Windows\System\sqMClJQ.exe N/A
N/A N/A C:\Windows\System\LvKdSiO.exe N/A
N/A N/A C:\Windows\System\VaeiVHO.exe N/A
N/A N/A C:\Windows\System\GtPuNfY.exe N/A
N/A N/A C:\Windows\System\RZcQFON.exe N/A
N/A N/A C:\Windows\System\edPhIhw.exe N/A
N/A N/A C:\Windows\System\eUmCiQs.exe N/A
N/A N/A C:\Windows\System\DTPzPah.exe N/A
N/A N/A C:\Windows\System\DKPOwcB.exe N/A
N/A N/A C:\Windows\System\iFJKVFH.exe N/A
N/A N/A C:\Windows\System\fahqtRy.exe N/A
N/A N/A C:\Windows\System\SMuQnYz.exe N/A
N/A N/A C:\Windows\System\MBlCqtd.exe N/A
N/A N/A C:\Windows\System\tXVFqwW.exe N/A
N/A N/A C:\Windows\System\jWRnbfn.exe N/A
N/A N/A C:\Windows\System\INvCRcn.exe N/A
N/A N/A C:\Windows\System\LyfeGgc.exe N/A
N/A N/A C:\Windows\System\RwkLemS.exe N/A
N/A N/A C:\Windows\System\cRLamzA.exe N/A
N/A N/A C:\Windows\System\sXFoAlX.exe N/A
N/A N/A C:\Windows\System\QGPONQG.exe N/A
N/A N/A C:\Windows\System\BRDfdHU.exe N/A
N/A N/A C:\Windows\System\vWetkDO.exe N/A
N/A N/A C:\Windows\System\jHSEllk.exe N/A
N/A N/A C:\Windows\System\gGMQlZM.exe N/A
N/A N/A C:\Windows\System\dgKbTtw.exe N/A
N/A N/A C:\Windows\System\Iwzfzin.exe N/A
N/A N/A C:\Windows\System\HSxwkgS.exe N/A
N/A N/A C:\Windows\System\JCPkTRg.exe N/A
N/A N/A C:\Windows\System\nPTsUXb.exe N/A
N/A N/A C:\Windows\System\SHIzTrJ.exe N/A
N/A N/A C:\Windows\System\KpiAwKl.exe N/A
N/A N/A C:\Windows\System\MsWGITc.exe N/A
N/A N/A C:\Windows\System\abEVBhJ.exe N/A
N/A N/A C:\Windows\System\YPKlbJi.exe N/A
N/A N/A C:\Windows\System\LARKkUI.exe N/A
N/A N/A C:\Windows\System\sYLcSmc.exe N/A
N/A N/A C:\Windows\System\WZzGKlz.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QotMckk.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\iCqYXtY.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdtVTDy.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfrLAwD.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\sdIqijS.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSovLGn.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsKxGEG.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\fahqtRy.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNRQncW.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\Iwzfzin.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPbGbIG.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\djLZXUg.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkwcODz.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWGTkge.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFJKVFH.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\nPTsUXb.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpchwLo.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\Yohupru.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeAUQQc.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsZyoeo.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mabPxJN.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\IeCVpwM.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcyuARZ.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTtZAgj.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVXUnsf.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\QJxMZRQ.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VaeiVHO.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\abEVBhJ.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cphzqsH.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQMGVao.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdhLVKR.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylFlvCp.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMOCmpn.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\auHnxnR.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUrwbax.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cjvcMsH.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfLxjNK.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CneRpee.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\weqCoSg.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMInLfj.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZvRhIc.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyXmVxH.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmMujdt.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhySZdq.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\okOzbXE.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrafplz.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlbCzSH.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZRevdg.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVaumWM.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFMMYvf.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUUAmzo.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ATZQYhi.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mqkewmb.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\zhlXzbT.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhZfTpd.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\guLsbWq.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LARKkUI.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOJhFvj.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cedJZvu.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwumfKC.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPXaNMp.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlPKTVv.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnTldlt.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\wffpeXX.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\iCqYXtY.exe
PID 1648 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\iCqYXtY.exe
PID 1648 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\iCqYXtY.exe
PID 1648 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pQCDnBN.exe
PID 1648 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pQCDnBN.exe
PID 1648 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pQCDnBN.exe
PID 1648 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\rOiVljj.exe
PID 1648 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\rOiVljj.exe
PID 1648 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\rOiVljj.exe
PID 1648 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\Aqcdevu.exe
PID 1648 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\Aqcdevu.exe
PID 1648 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\Aqcdevu.exe
PID 1648 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ArHGmkW.exe
PID 1648 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ArHGmkW.exe
PID 1648 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ArHGmkW.exe
PID 1648 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\qDLTHOe.exe
PID 1648 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\qDLTHOe.exe
PID 1648 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\qDLTHOe.exe
PID 1648 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\TVaumWM.exe
PID 1648 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\TVaumWM.exe
PID 1648 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\TVaumWM.exe
PID 1648 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ruxCKQf.exe
PID 1648 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ruxCKQf.exe
PID 1648 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ruxCKQf.exe
PID 1648 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\EbSYfrx.exe
PID 1648 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\EbSYfrx.exe
PID 1648 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\EbSYfrx.exe
PID 1648 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\NsZyoeo.exe
PID 1648 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\NsZyoeo.exe
PID 1648 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\NsZyoeo.exe
PID 1648 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\FbTubBC.exe
PID 1648 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\FbTubBC.exe
PID 1648 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\FbTubBC.exe
PID 1648 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\RMCmWWN.exe
PID 1648 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\RMCmWWN.exe
PID 1648 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\RMCmWWN.exe
PID 1648 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\kgRJPhL.exe
PID 1648 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\kgRJPhL.exe
PID 1648 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\kgRJPhL.exe
PID 1648 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\MKaCWJb.exe
PID 1648 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\MKaCWJb.exe
PID 1648 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\MKaCWJb.exe
PID 1648 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\LgovWRp.exe
PID 1648 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\LgovWRp.exe
PID 1648 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\LgovWRp.exe
PID 1648 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pFMMYvf.exe
PID 1648 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pFMMYvf.exe
PID 1648 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pFMMYvf.exe
PID 1648 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ALKLyds.exe
PID 1648 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ALKLyds.exe
PID 1648 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ALKLyds.exe
PID 1648 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\mbjGCdY.exe
PID 1648 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\mbjGCdY.exe
PID 1648 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\mbjGCdY.exe
PID 1648 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\DBgYKjx.exe
PID 1648 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\DBgYKjx.exe
PID 1648 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\DBgYKjx.exe
PID 1648 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ocAIYaD.exe
PID 1648 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ocAIYaD.exe
PID 1648 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ocAIYaD.exe
PID 1648 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\lQpPkmJ.exe
PID 1648 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\lQpPkmJ.exe
PID 1648 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\lQpPkmJ.exe
PID 1648 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\BMOCmpn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe"

C:\Windows\System\iCqYXtY.exe

C:\Windows\System\iCqYXtY.exe

C:\Windows\System\pQCDnBN.exe

C:\Windows\System\pQCDnBN.exe

C:\Windows\System\rOiVljj.exe

C:\Windows\System\rOiVljj.exe

C:\Windows\System\Aqcdevu.exe

C:\Windows\System\Aqcdevu.exe

C:\Windows\System\ArHGmkW.exe

C:\Windows\System\ArHGmkW.exe

C:\Windows\System\qDLTHOe.exe

C:\Windows\System\qDLTHOe.exe

C:\Windows\System\TVaumWM.exe

C:\Windows\System\TVaumWM.exe

C:\Windows\System\ruxCKQf.exe

C:\Windows\System\ruxCKQf.exe

C:\Windows\System\EbSYfrx.exe

C:\Windows\System\EbSYfrx.exe

C:\Windows\System\NsZyoeo.exe

C:\Windows\System\NsZyoeo.exe

C:\Windows\System\FbTubBC.exe

C:\Windows\System\FbTubBC.exe

C:\Windows\System\RMCmWWN.exe

C:\Windows\System\RMCmWWN.exe

C:\Windows\System\kgRJPhL.exe

C:\Windows\System\kgRJPhL.exe

C:\Windows\System\MKaCWJb.exe

C:\Windows\System\MKaCWJb.exe

C:\Windows\System\LgovWRp.exe

C:\Windows\System\LgovWRp.exe

C:\Windows\System\pFMMYvf.exe

C:\Windows\System\pFMMYvf.exe

C:\Windows\System\ALKLyds.exe

C:\Windows\System\ALKLyds.exe

C:\Windows\System\mbjGCdY.exe

C:\Windows\System\mbjGCdY.exe

C:\Windows\System\DBgYKjx.exe

C:\Windows\System\DBgYKjx.exe

C:\Windows\System\ocAIYaD.exe

C:\Windows\System\ocAIYaD.exe

C:\Windows\System\lQpPkmJ.exe

C:\Windows\System\lQpPkmJ.exe

C:\Windows\System\BMOCmpn.exe

C:\Windows\System\BMOCmpn.exe

C:\Windows\System\ERSHHKm.exe

C:\Windows\System\ERSHHKm.exe

C:\Windows\System\eeFmZuX.exe

C:\Windows\System\eeFmZuX.exe

C:\Windows\System\QNRMFYV.exe

C:\Windows\System\QNRMFYV.exe

C:\Windows\System\chFfvBd.exe

C:\Windows\System\chFfvBd.exe

C:\Windows\System\sqMClJQ.exe

C:\Windows\System\sqMClJQ.exe

C:\Windows\System\LvKdSiO.exe

C:\Windows\System\LvKdSiO.exe

C:\Windows\System\VaeiVHO.exe

C:\Windows\System\VaeiVHO.exe

C:\Windows\System\GtPuNfY.exe

C:\Windows\System\GtPuNfY.exe

C:\Windows\System\RZcQFON.exe

C:\Windows\System\RZcQFON.exe

C:\Windows\System\edPhIhw.exe

C:\Windows\System\edPhIhw.exe

C:\Windows\System\eUmCiQs.exe

C:\Windows\System\eUmCiQs.exe

C:\Windows\System\DTPzPah.exe

C:\Windows\System\DTPzPah.exe

C:\Windows\System\DKPOwcB.exe

C:\Windows\System\DKPOwcB.exe

C:\Windows\System\iFJKVFH.exe

C:\Windows\System\iFJKVFH.exe

C:\Windows\System\fahqtRy.exe

C:\Windows\System\fahqtRy.exe

C:\Windows\System\SMuQnYz.exe

C:\Windows\System\SMuQnYz.exe

C:\Windows\System\MBlCqtd.exe

C:\Windows\System\MBlCqtd.exe

C:\Windows\System\tXVFqwW.exe

C:\Windows\System\tXVFqwW.exe

C:\Windows\System\jWRnbfn.exe

C:\Windows\System\jWRnbfn.exe

C:\Windows\System\INvCRcn.exe

C:\Windows\System\INvCRcn.exe

C:\Windows\System\LyfeGgc.exe

C:\Windows\System\LyfeGgc.exe

C:\Windows\System\RwkLemS.exe

C:\Windows\System\RwkLemS.exe

C:\Windows\System\cRLamzA.exe

C:\Windows\System\cRLamzA.exe

C:\Windows\System\sXFoAlX.exe

C:\Windows\System\sXFoAlX.exe

C:\Windows\System\QGPONQG.exe

C:\Windows\System\QGPONQG.exe

C:\Windows\System\BRDfdHU.exe

C:\Windows\System\BRDfdHU.exe

C:\Windows\System\vWetkDO.exe

C:\Windows\System\vWetkDO.exe

C:\Windows\System\jHSEllk.exe

C:\Windows\System\jHSEllk.exe

C:\Windows\System\gGMQlZM.exe

C:\Windows\System\gGMQlZM.exe

C:\Windows\System\dgKbTtw.exe

C:\Windows\System\dgKbTtw.exe

C:\Windows\System\Iwzfzin.exe

C:\Windows\System\Iwzfzin.exe

C:\Windows\System\HSxwkgS.exe

C:\Windows\System\HSxwkgS.exe

C:\Windows\System\JCPkTRg.exe

C:\Windows\System\JCPkTRg.exe

C:\Windows\System\nPTsUXb.exe

C:\Windows\System\nPTsUXb.exe

C:\Windows\System\SHIzTrJ.exe

C:\Windows\System\SHIzTrJ.exe

C:\Windows\System\KpiAwKl.exe

C:\Windows\System\KpiAwKl.exe

C:\Windows\System\MsWGITc.exe

C:\Windows\System\MsWGITc.exe

C:\Windows\System\abEVBhJ.exe

C:\Windows\System\abEVBhJ.exe

C:\Windows\System\YPKlbJi.exe

C:\Windows\System\YPKlbJi.exe

C:\Windows\System\LARKkUI.exe

C:\Windows\System\LARKkUI.exe

C:\Windows\System\sYLcSmc.exe

C:\Windows\System\sYLcSmc.exe

C:\Windows\System\WZzGKlz.exe

C:\Windows\System\WZzGKlz.exe

C:\Windows\System\UuiebYW.exe

C:\Windows\System\UuiebYW.exe

C:\Windows\System\ToZXqDD.exe

C:\Windows\System\ToZXqDD.exe

C:\Windows\System\KBmoqaZ.exe

C:\Windows\System\KBmoqaZ.exe

C:\Windows\System\lPbGbIG.exe

C:\Windows\System\lPbGbIG.exe

C:\Windows\System\DHfJIea.exe

C:\Windows\System\DHfJIea.exe

C:\Windows\System\MhicZAs.exe

C:\Windows\System\MhicZAs.exe

C:\Windows\System\VTfWnhy.exe

C:\Windows\System\VTfWnhy.exe

C:\Windows\System\fInUWzJ.exe

C:\Windows\System\fInUWzJ.exe

C:\Windows\System\VOJhFvj.exe

C:\Windows\System\VOJhFvj.exe

C:\Windows\System\NiUUVdR.exe

C:\Windows\System\NiUUVdR.exe

C:\Windows\System\djLZXUg.exe

C:\Windows\System\djLZXUg.exe

C:\Windows\System\GbVJrQj.exe

C:\Windows\System\GbVJrQj.exe

C:\Windows\System\qICvgeO.exe

C:\Windows\System\qICvgeO.exe

C:\Windows\System\nhiNlcU.exe

C:\Windows\System\nhiNlcU.exe

C:\Windows\System\BdtVTDy.exe

C:\Windows\System\BdtVTDy.exe

C:\Windows\System\cphzqsH.exe

C:\Windows\System\cphzqsH.exe

C:\Windows\System\ZIRkqfk.exe

C:\Windows\System\ZIRkqfk.exe

C:\Windows\System\jbcRpxN.exe

C:\Windows\System\jbcRpxN.exe

C:\Windows\System\woXysOf.exe

C:\Windows\System\woXysOf.exe

C:\Windows\System\lDvaywc.exe

C:\Windows\System\lDvaywc.exe

C:\Windows\System\OyXmVxH.exe

C:\Windows\System\OyXmVxH.exe

C:\Windows\System\ljXyKDU.exe

C:\Windows\System\ljXyKDU.exe

C:\Windows\System\mFOYXNQ.exe

C:\Windows\System\mFOYXNQ.exe

C:\Windows\System\mGJmckJ.exe

C:\Windows\System\mGJmckJ.exe

C:\Windows\System\YpSaXoy.exe

C:\Windows\System\YpSaXoy.exe

C:\Windows\System\dTfrxWp.exe

C:\Windows\System\dTfrxWp.exe

C:\Windows\System\LtjUyzC.exe

C:\Windows\System\LtjUyzC.exe

C:\Windows\System\fXMgSTz.exe

C:\Windows\System\fXMgSTz.exe

C:\Windows\System\ydlWiOr.exe

C:\Windows\System\ydlWiOr.exe

C:\Windows\System\weqCoSg.exe

C:\Windows\System\weqCoSg.exe

C:\Windows\System\uDmdxMg.exe

C:\Windows\System\uDmdxMg.exe

C:\Windows\System\SjKCJgK.exe

C:\Windows\System\SjKCJgK.exe

C:\Windows\System\AUUAmzo.exe

C:\Windows\System\AUUAmzo.exe

C:\Windows\System\hMZpLGn.exe

C:\Windows\System\hMZpLGn.exe

C:\Windows\System\mBxCOxa.exe

C:\Windows\System\mBxCOxa.exe

C:\Windows\System\mRSTWVO.exe

C:\Windows\System\mRSTWVO.exe

C:\Windows\System\gwOsZPz.exe

C:\Windows\System\gwOsZPz.exe

C:\Windows\System\fOLylff.exe

C:\Windows\System\fOLylff.exe

C:\Windows\System\vkdIUeM.exe

C:\Windows\System\vkdIUeM.exe

C:\Windows\System\ettUTVA.exe

C:\Windows\System\ettUTVA.exe

C:\Windows\System\Vieanyx.exe

C:\Windows\System\Vieanyx.exe

C:\Windows\System\auHnxnR.exe

C:\Windows\System\auHnxnR.exe

C:\Windows\System\rkwcODz.exe

C:\Windows\System\rkwcODz.exe

C:\Windows\System\WwucVSw.exe

C:\Windows\System\WwucVSw.exe

C:\Windows\System\CBCQciG.exe

C:\Windows\System\CBCQciG.exe

C:\Windows\System\EQMGVao.exe

C:\Windows\System\EQMGVao.exe

C:\Windows\System\tLpASml.exe

C:\Windows\System\tLpASml.exe

C:\Windows\System\xYFmSwO.exe

C:\Windows\System\xYFmSwO.exe

C:\Windows\System\TzeiLiB.exe

C:\Windows\System\TzeiLiB.exe

C:\Windows\System\wYOEFjV.exe

C:\Windows\System\wYOEFjV.exe

C:\Windows\System\ATZQYhi.exe

C:\Windows\System\ATZQYhi.exe

C:\Windows\System\tDbEpPD.exe

C:\Windows\System\tDbEpPD.exe

C:\Windows\System\nUVWKhO.exe

C:\Windows\System\nUVWKhO.exe

C:\Windows\System\ahHgcmZ.exe

C:\Windows\System\ahHgcmZ.exe

C:\Windows\System\oUOKKTK.exe

C:\Windows\System\oUOKKTK.exe

C:\Windows\System\CsBUAuU.exe

C:\Windows\System\CsBUAuU.exe

C:\Windows\System\mqkewmb.exe

C:\Windows\System\mqkewmb.exe

C:\Windows\System\EmNuUze.exe

C:\Windows\System\EmNuUze.exe

C:\Windows\System\MWGTkge.exe

C:\Windows\System\MWGTkge.exe

C:\Windows\System\GQFmHhr.exe

C:\Windows\System\GQFmHhr.exe

C:\Windows\System\omntAZn.exe

C:\Windows\System\omntAZn.exe

C:\Windows\System\mabPxJN.exe

C:\Windows\System\mabPxJN.exe

C:\Windows\System\IeCVpwM.exe

C:\Windows\System\IeCVpwM.exe

C:\Windows\System\cedJZvu.exe

C:\Windows\System\cedJZvu.exe

C:\Windows\System\FKeoHIg.exe

C:\Windows\System\FKeoHIg.exe

C:\Windows\System\hKKSTdM.exe

C:\Windows\System\hKKSTdM.exe

C:\Windows\System\ZElFkcB.exe

C:\Windows\System\ZElFkcB.exe

C:\Windows\System\wWuiUBT.exe

C:\Windows\System\wWuiUBT.exe

C:\Windows\System\lTwOYgs.exe

C:\Windows\System\lTwOYgs.exe

C:\Windows\System\DKgNOLg.exe

C:\Windows\System\DKgNOLg.exe

C:\Windows\System\FwLPDlZ.exe

C:\Windows\System\FwLPDlZ.exe

C:\Windows\System\gaucQub.exe

C:\Windows\System\gaucQub.exe

C:\Windows\System\bcyuARZ.exe

C:\Windows\System\bcyuARZ.exe

C:\Windows\System\uZAzBTQ.exe

C:\Windows\System\uZAzBTQ.exe

C:\Windows\System\rvIrdaw.exe

C:\Windows\System\rvIrdaw.exe

C:\Windows\System\oUrwbax.exe

C:\Windows\System\oUrwbax.exe

C:\Windows\System\rMInLfj.exe

C:\Windows\System\rMInLfj.exe

C:\Windows\System\HLxxEPq.exe

C:\Windows\System\HLxxEPq.exe

C:\Windows\System\VioTcKj.exe

C:\Windows\System\VioTcKj.exe

C:\Windows\System\eyvVphi.exe

C:\Windows\System\eyvVphi.exe

C:\Windows\System\oUapdGh.exe

C:\Windows\System\oUapdGh.exe

C:\Windows\System\IAnJxMx.exe

C:\Windows\System\IAnJxMx.exe

C:\Windows\System\MxTnAQR.exe

C:\Windows\System\MxTnAQR.exe

C:\Windows\System\cWhnMTd.exe

C:\Windows\System\cWhnMTd.exe

C:\Windows\System\zhlXzbT.exe

C:\Windows\System\zhlXzbT.exe

C:\Windows\System\vFGvmFZ.exe

C:\Windows\System\vFGvmFZ.exe

C:\Windows\System\xjcwXhS.exe

C:\Windows\System\xjcwXhS.exe

C:\Windows\System\NoaLVIx.exe

C:\Windows\System\NoaLVIx.exe

C:\Windows\System\tRyTySc.exe

C:\Windows\System\tRyTySc.exe

C:\Windows\System\dTXFxDI.exe

C:\Windows\System\dTXFxDI.exe

C:\Windows\System\RWbsdLO.exe

C:\Windows\System\RWbsdLO.exe

C:\Windows\System\EaADDWt.exe

C:\Windows\System\EaADDWt.exe

C:\Windows\System\OQITwkK.exe

C:\Windows\System\OQITwkK.exe

C:\Windows\System\ESLemmN.exe

C:\Windows\System\ESLemmN.exe

C:\Windows\System\gxPGMuf.exe

C:\Windows\System\gxPGMuf.exe

C:\Windows\System\OaFYbRy.exe

C:\Windows\System\OaFYbRy.exe

C:\Windows\System\zflqGkp.exe

C:\Windows\System\zflqGkp.exe

C:\Windows\System\LOPZlpA.exe

C:\Windows\System\LOPZlpA.exe

C:\Windows\System\xtPtNES.exe

C:\Windows\System\xtPtNES.exe

C:\Windows\System\noCrTXm.exe

C:\Windows\System\noCrTXm.exe

C:\Windows\System\cjvcMsH.exe

C:\Windows\System\cjvcMsH.exe

C:\Windows\System\JXGXCPN.exe

C:\Windows\System\JXGXCPN.exe

C:\Windows\System\HzFDakP.exe

C:\Windows\System\HzFDakP.exe

C:\Windows\System\GwyxVit.exe

C:\Windows\System\GwyxVit.exe

C:\Windows\System\gWnxneY.exe

C:\Windows\System\gWnxneY.exe

C:\Windows\System\UfLxjNK.exe

C:\Windows\System\UfLxjNK.exe

C:\Windows\System\MjdNXpl.exe

C:\Windows\System\MjdNXpl.exe

C:\Windows\System\NXrVvDf.exe

C:\Windows\System\NXrVvDf.exe

C:\Windows\System\TlSZUIi.exe

C:\Windows\System\TlSZUIi.exe

C:\Windows\System\ZoCTlQL.exe

C:\Windows\System\ZoCTlQL.exe

C:\Windows\System\UUyGiiU.exe

C:\Windows\System\UUyGiiU.exe

C:\Windows\System\tcrnYUS.exe

C:\Windows\System\tcrnYUS.exe

C:\Windows\System\EjIgqag.exe

C:\Windows\System\EjIgqag.exe

C:\Windows\System\UZvRhIc.exe

C:\Windows\System\UZvRhIc.exe

C:\Windows\System\rsLaQFX.exe

C:\Windows\System\rsLaQFX.exe

C:\Windows\System\nReKunb.exe

C:\Windows\System\nReKunb.exe

C:\Windows\System\WlbCzSH.exe

C:\Windows\System\WlbCzSH.exe

C:\Windows\System\rOQZMNY.exe

C:\Windows\System\rOQZMNY.exe

C:\Windows\System\kwQVMmI.exe

C:\Windows\System\kwQVMmI.exe

C:\Windows\System\iGAfysX.exe

C:\Windows\System\iGAfysX.exe

C:\Windows\System\RHTxMGN.exe

C:\Windows\System\RHTxMGN.exe

C:\Windows\System\WwwgXLz.exe

C:\Windows\System\WwwgXLz.exe

C:\Windows\System\heLKdFw.exe

C:\Windows\System\heLKdFw.exe

C:\Windows\System\FdhLVKR.exe

C:\Windows\System\FdhLVKR.exe

C:\Windows\System\wWRYPdK.exe

C:\Windows\System\wWRYPdK.exe

C:\Windows\System\PIrBNUa.exe

C:\Windows\System\PIrBNUa.exe

C:\Windows\System\VghKJXW.exe

C:\Windows\System\VghKJXW.exe

C:\Windows\System\iQFfOoI.exe

C:\Windows\System\iQFfOoI.exe

C:\Windows\System\nBgqztA.exe

C:\Windows\System\nBgqztA.exe

C:\Windows\System\fhafdVE.exe

C:\Windows\System\fhafdVE.exe

C:\Windows\System\AlOZAdB.exe

C:\Windows\System\AlOZAdB.exe

C:\Windows\System\IBfCYgR.exe

C:\Windows\System\IBfCYgR.exe

C:\Windows\System\cFiRdEW.exe

C:\Windows\System\cFiRdEW.exe

C:\Windows\System\kPhXHIb.exe

C:\Windows\System\kPhXHIb.exe

C:\Windows\System\KYeUfSR.exe

C:\Windows\System\KYeUfSR.exe

C:\Windows\System\sxhmHcD.exe

C:\Windows\System\sxhmHcD.exe

C:\Windows\System\zUREunQ.exe

C:\Windows\System\zUREunQ.exe

C:\Windows\System\RVJpFEy.exe

C:\Windows\System\RVJpFEy.exe

C:\Windows\System\lFGSVPn.exe

C:\Windows\System\lFGSVPn.exe

C:\Windows\System\jsPzvxo.exe

C:\Windows\System\jsPzvxo.exe

C:\Windows\System\gZuBHev.exe

C:\Windows\System\gZuBHev.exe

C:\Windows\System\lBGhCMF.exe

C:\Windows\System\lBGhCMF.exe

C:\Windows\System\OjbBgKs.exe

C:\Windows\System\OjbBgKs.exe

C:\Windows\System\bZRevdg.exe

C:\Windows\System\bZRevdg.exe

C:\Windows\System\QwumfKC.exe

C:\Windows\System\QwumfKC.exe

C:\Windows\System\IqSECOH.exe

C:\Windows\System\IqSECOH.exe

C:\Windows\System\fPXaNMp.exe

C:\Windows\System\fPXaNMp.exe

C:\Windows\System\ZLagZjj.exe

C:\Windows\System\ZLagZjj.exe

C:\Windows\System\bVMvDsm.exe

C:\Windows\System\bVMvDsm.exe

C:\Windows\System\OKFbmJj.exe

C:\Windows\System\OKFbmJj.exe

C:\Windows\System\ylFlvCp.exe

C:\Windows\System\ylFlvCp.exe

C:\Windows\System\AfrLAwD.exe

C:\Windows\System\AfrLAwD.exe

C:\Windows\System\xDUtnAu.exe

C:\Windows\System\xDUtnAu.exe

C:\Windows\System\EXOVOfe.exe

C:\Windows\System\EXOVOfe.exe

C:\Windows\System\PkkCtvY.exe

C:\Windows\System\PkkCtvY.exe

C:\Windows\System\vlPKTVv.exe

C:\Windows\System\vlPKTVv.exe

C:\Windows\System\mhZfTpd.exe

C:\Windows\System\mhZfTpd.exe

C:\Windows\System\ClnxsLv.exe

C:\Windows\System\ClnxsLv.exe

C:\Windows\System\guLsbWq.exe

C:\Windows\System\guLsbWq.exe

C:\Windows\System\yvUtaiC.exe

C:\Windows\System\yvUtaiC.exe

C:\Windows\System\kCAkqZP.exe

C:\Windows\System\kCAkqZP.exe

C:\Windows\System\kSzDAXf.exe

C:\Windows\System\kSzDAXf.exe

C:\Windows\System\YXpGtPJ.exe

C:\Windows\System\YXpGtPJ.exe

C:\Windows\System\GOgDPza.exe

C:\Windows\System\GOgDPza.exe

C:\Windows\System\QDBioUZ.exe

C:\Windows\System\QDBioUZ.exe

C:\Windows\System\VKYBmEr.exe

C:\Windows\System\VKYBmEr.exe

C:\Windows\System\eAvikIX.exe

C:\Windows\System\eAvikIX.exe

C:\Windows\System\aQjwRFU.exe

C:\Windows\System\aQjwRFU.exe

C:\Windows\System\ZoWBrnr.exe

C:\Windows\System\ZoWBrnr.exe

C:\Windows\System\FmMujdt.exe

C:\Windows\System\FmMujdt.exe

C:\Windows\System\kHDvZxR.exe

C:\Windows\System\kHDvZxR.exe

C:\Windows\System\GhySZdq.exe

C:\Windows\System\GhySZdq.exe

C:\Windows\System\UnTldlt.exe

C:\Windows\System\UnTldlt.exe

C:\Windows\System\EvrZtAJ.exe

C:\Windows\System\EvrZtAJ.exe

C:\Windows\System\sXWoCjw.exe

C:\Windows\System\sXWoCjw.exe

C:\Windows\System\Rdaecch.exe

C:\Windows\System\Rdaecch.exe

C:\Windows\System\TOBdZjw.exe

C:\Windows\System\TOBdZjw.exe

C:\Windows\System\AcIdYUy.exe

C:\Windows\System\AcIdYUy.exe

C:\Windows\System\zHSeObu.exe

C:\Windows\System\zHSeObu.exe

C:\Windows\System\GrYzjLz.exe

C:\Windows\System\GrYzjLz.exe

C:\Windows\System\wffpeXX.exe

C:\Windows\System\wffpeXX.exe

C:\Windows\System\dTUpYeg.exe

C:\Windows\System\dTUpYeg.exe

C:\Windows\System\CzBYZJv.exe

C:\Windows\System\CzBYZJv.exe

C:\Windows\System\MmQktFR.exe

C:\Windows\System\MmQktFR.exe

C:\Windows\System\NTtZAgj.exe

C:\Windows\System\NTtZAgj.exe

C:\Windows\System\zDYbDDh.exe

C:\Windows\System\zDYbDDh.exe

C:\Windows\System\BSwHgck.exe

C:\Windows\System\BSwHgck.exe

C:\Windows\System\cVXUnsf.exe

C:\Windows\System\cVXUnsf.exe

C:\Windows\System\QwQowUg.exe

C:\Windows\System\QwQowUg.exe

C:\Windows\System\hxurNIw.exe

C:\Windows\System\hxurNIw.exe

C:\Windows\System\okOzbXE.exe

C:\Windows\System\okOzbXE.exe

C:\Windows\System\nrVGkkE.exe

C:\Windows\System\nrVGkkE.exe

C:\Windows\System\aPJVrbU.exe

C:\Windows\System\aPJVrbU.exe

C:\Windows\System\gNsTplP.exe

C:\Windows\System\gNsTplP.exe

C:\Windows\System\yrafplz.exe

C:\Windows\System\yrafplz.exe

C:\Windows\System\ybPvgTY.exe

C:\Windows\System\ybPvgTY.exe

C:\Windows\System\SXJOIEx.exe

C:\Windows\System\SXJOIEx.exe

C:\Windows\System\bucowiE.exe

C:\Windows\System\bucowiE.exe

C:\Windows\System\RHbJicR.exe

C:\Windows\System\RHbJicR.exe

C:\Windows\System\nWlSMlp.exe

C:\Windows\System\nWlSMlp.exe

C:\Windows\System\BpchwLo.exe

C:\Windows\System\BpchwLo.exe

C:\Windows\System\hHucYBK.exe

C:\Windows\System\hHucYBK.exe

C:\Windows\System\vXUUnLA.exe

C:\Windows\System\vXUUnLA.exe

C:\Windows\System\ZwxfbyA.exe

C:\Windows\System\ZwxfbyA.exe

C:\Windows\System\Rwttxxp.exe

C:\Windows\System\Rwttxxp.exe

C:\Windows\System\pVuFQes.exe

C:\Windows\System\pVuFQes.exe

C:\Windows\System\tKXHnkq.exe

C:\Windows\System\tKXHnkq.exe

C:\Windows\System\ZMYctQc.exe

C:\Windows\System\ZMYctQc.exe

C:\Windows\System\WfwACcV.exe

C:\Windows\System\WfwACcV.exe

C:\Windows\System\oCptOIE.exe

C:\Windows\System\oCptOIE.exe

C:\Windows\System\CeAUQQc.exe

C:\Windows\System\CeAUQQc.exe

C:\Windows\System\HopGSAu.exe

C:\Windows\System\HopGSAu.exe

C:\Windows\System\fGrFAEz.exe

C:\Windows\System\fGrFAEz.exe

C:\Windows\System\nqKYKip.exe

C:\Windows\System\nqKYKip.exe

C:\Windows\System\AqViWQg.exe

C:\Windows\System\AqViWQg.exe

C:\Windows\System\ynBBAbV.exe

C:\Windows\System\ynBBAbV.exe

C:\Windows\System\eVZuNIx.exe

C:\Windows\System\eVZuNIx.exe

C:\Windows\System\YJPcVGS.exe

C:\Windows\System\YJPcVGS.exe

C:\Windows\System\FPhWLPZ.exe

C:\Windows\System\FPhWLPZ.exe

C:\Windows\System\cCsFuOy.exe

C:\Windows\System\cCsFuOy.exe

C:\Windows\System\CneRpee.exe

C:\Windows\System\CneRpee.exe

C:\Windows\System\djVZqCR.exe

C:\Windows\System\djVZqCR.exe

C:\Windows\System\xOFVCyT.exe

C:\Windows\System\xOFVCyT.exe

C:\Windows\System\ZRVcYuM.exe

C:\Windows\System\ZRVcYuM.exe

C:\Windows\System\abuzpsN.exe

C:\Windows\System\abuzpsN.exe

C:\Windows\System\hLezlkI.exe

C:\Windows\System\hLezlkI.exe

C:\Windows\System\iNRQncW.exe

C:\Windows\System\iNRQncW.exe

C:\Windows\System\fMhsrPT.exe

C:\Windows\System\fMhsrPT.exe

C:\Windows\System\sdIqijS.exe

C:\Windows\System\sdIqijS.exe

C:\Windows\System\uxVOrGa.exe

C:\Windows\System\uxVOrGa.exe

C:\Windows\System\qpTFhtY.exe

C:\Windows\System\qpTFhtY.exe

C:\Windows\System\ZBxibru.exe

C:\Windows\System\ZBxibru.exe

C:\Windows\System\ziHJrVb.exe

C:\Windows\System\ziHJrVb.exe

C:\Windows\System\LGqNAhX.exe

C:\Windows\System\LGqNAhX.exe

C:\Windows\System\QJxMZRQ.exe

C:\Windows\System\QJxMZRQ.exe

C:\Windows\System\MKocmMy.exe

C:\Windows\System\MKocmMy.exe

C:\Windows\System\UbMmkBD.exe

C:\Windows\System\UbMmkBD.exe

C:\Windows\System\QdivZsF.exe

C:\Windows\System\QdivZsF.exe

C:\Windows\System\GesKBds.exe

C:\Windows\System\GesKBds.exe

C:\Windows\System\wDNHiHi.exe

C:\Windows\System\wDNHiHi.exe

C:\Windows\System\EltOvdE.exe

C:\Windows\System\EltOvdE.exe

C:\Windows\System\sgqvMHa.exe

C:\Windows\System\sgqvMHa.exe

C:\Windows\System\OeRIOJY.exe

C:\Windows\System\OeRIOJY.exe

C:\Windows\System\zLJFUko.exe

C:\Windows\System\zLJFUko.exe

C:\Windows\System\hLLGKDy.exe

C:\Windows\System\hLLGKDy.exe

C:\Windows\System\BHqqXvB.exe

C:\Windows\System\BHqqXvB.exe

C:\Windows\System\lSovLGn.exe

C:\Windows\System\lSovLGn.exe

C:\Windows\System\HKwuKpy.exe

C:\Windows\System\HKwuKpy.exe

C:\Windows\System\LKthfii.exe

C:\Windows\System\LKthfii.exe

C:\Windows\System\ZUZYsiD.exe

C:\Windows\System\ZUZYsiD.exe

C:\Windows\System\Yohupru.exe

C:\Windows\System\Yohupru.exe

C:\Windows\System\eInKQIv.exe

C:\Windows\System\eInKQIv.exe

C:\Windows\System\EqPreOo.exe

C:\Windows\System\EqPreOo.exe

C:\Windows\System\Vtwlkpv.exe

C:\Windows\System\Vtwlkpv.exe

C:\Windows\System\EsKxGEG.exe

C:\Windows\System\EsKxGEG.exe

C:\Windows\System\QotMckk.exe

C:\Windows\System\QotMckk.exe

C:\Windows\System\HowzWng.exe

C:\Windows\System\HowzWng.exe

C:\Windows\System\AmOcngk.exe

C:\Windows\System\AmOcngk.exe

C:\Windows\System\MOIWUcP.exe

C:\Windows\System\MOIWUcP.exe

C:\Windows\System\hUVDLgT.exe

C:\Windows\System\hUVDLgT.exe

C:\Windows\System\PromNvI.exe

C:\Windows\System\PromNvI.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1648-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/1648-1-0x00000000002F0000-0x0000000000300000-memory.dmp

C:\Windows\system\iCqYXtY.exe

MD5 8ca09c298de25fbb56dfdac6040131d9
SHA1 0fbfba7b7fed2982a4e53e7e214c3e5194beef1a
SHA256 def47758a7a688bf8eee24c16436e71005f210d94a42e3affaee9a368f874a39
SHA512 d3310532ac15025e0a8055a37a72df3ab8afb2a3a6bf5cf782b9ee776d3c54dd6617d38afa92316f89e4eb213ff22d52f8e0af7f6fb3a5f8767552b886ce142c

C:\Windows\system\Aqcdevu.exe

MD5 37def1053ba3fa632bfe17b8e8f0c287
SHA1 e1fda678112dab2756062c95db87fabcf7ebe279
SHA256 37e50a80f0548aecc7f0d1f3811adf81907bc162ed7a791801a594d04db3b929
SHA512 aca2bf40cefe6c36da4bb512478baa2b6d43d5ac97bcc383ab704ce9657a4c7f8b4f0ed4866d59ae25448664d2b72e0a2b8246f0b81c45060d98de226eb0082e

C:\Windows\system\rOiVljj.exe

MD5 71464d4cb007ac3acb03812a93db1005
SHA1 0ba60a2bc8029bf7f022668f4abc8c1a1ed1b209
SHA256 78d0f7e541e3dad396d803f3dfba39377c0d800016b46812adc4fd5ea59c7961
SHA512 a8818c915ef03d717f7cbe2cf7ba8c1e837597474de64cea8dff995344767422b4a9dcfc637d13b9edad410e31623d3c938eca56f91b807feace0c15e7c788ef

memory/2632-29-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1648-13-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2692-30-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/1648-28-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2716-26-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/1648-24-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/1648-21-0x00000000020D0000-0x0000000002424000-memory.dmp

C:\Windows\system\pQCDnBN.exe

MD5 24bad1c3a5953acbd30f79b3142c948b
SHA1 2b0c6160eb4eaa6df442141c5a611c607ed9f1d1
SHA256 2734cfcb401c33e1daa1ea1c21f31f14143439c55e3218aecfc5c84357372c87
SHA512 fe66f66fbc89a197bdfb1a22df6f11401538835c687400c3aed7698f6d9c08dd25f0bf652288b1e82054471cc67cce8d3787bf127d9509fd69d3959b685acd14

memory/1724-18-0x000000013F750000-0x000000013FAA4000-memory.dmp

C:\Windows\system\ArHGmkW.exe

MD5 6fc11eef404a0fde27504b7a548e5f91
SHA1 1b33b1f547b6aeee79386887f43b192a8cf0633d
SHA256 972d11c1dca86772c7131a52693252306e38cd5d799a67887ad622bcf5b8f05f
SHA512 5ba6c72666cbf6c3599d46802cb4ff494964b106e348e4b2d48d407adcd748959145ed39da67c23f75a3b9afa660bd13e83b5e8641cc94b3266f18d206f86dd3

\Windows\system\qDLTHOe.exe

MD5 47490b77de4133c1a2baf33e5ecc4ce2
SHA1 20d4487e63e43e5d66981e656107e433f72ee36e
SHA256 8a94cd5167b329efc332ad5ebb9e744d030e5d9b00190957c466d4491d5ca6f7
SHA512 3805ade3f44db4f04af570c3df250ba859b8e8e01b4c56d25198bf91a78310d158394eac7d5652af11626bb6959d5e9903c9be4b4cf9f13399a4be3a6e8ab132

\Windows\system\kgRJPhL.exe

MD5 112a3dd763a563e6505d390a6704bfe3
SHA1 8c8d7f9dacb718400e1f007d131b56f8b333832c
SHA256 ba92df74343ccbf26b186862bd58f075c79d59b9d0c9c5b676fddc9c1d2bca88
SHA512 c2ae6922e2e95e239b6d65c3d91a96667b6b522aeed7cfb736ba61e000cf376a3c418e87d2a4a24aa18e2e94b444a9efd383f096e397b856ced7b2990416349f

memory/1648-91-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/1648-99-0x00000000020D0000-0x0000000002424000-memory.dmp

C:\Windows\system\lQpPkmJ.exe

MD5 6366b99c44259d0be416a50e18f7271d
SHA1 39a198f1dc054fcf326d1411b68badf2c4bec125
SHA256 bee4f63cf8fcba6c89cb11e177b6032ccb7074d544d672cf90d155d0a6c99f28
SHA512 af7e1243edd64cdffedb46300ef5a724b1f9a73952e2fd0456aed4fba85d76d16386444bbfb708701a45cef99fc514cf401335d7ba5bf5a69d00a890da116628

C:\Windows\system\LvKdSiO.exe

MD5 ca9440e1bef1c0d4eb4a0101f79d8d0f
SHA1 5426b784f48963a1a4d6da0c7f807bc120aee13c
SHA256 80874bc5e1875782b4aad11382b9444ccb8058a9709d1dda268787b98350a6cc
SHA512 d2277ab36de2441775bdf310c99af708dfcb6ac6c6b1e3eb545b1e37b18ee3f4c03a24503571d9494e6b64e3819d698a25267374fc40c33f5321e86ccefe772d

C:\Windows\system\GtPuNfY.exe

MD5 ca3cc879c71c2c4bdceb792c4d5c3ed7
SHA1 01bb5b27478ef04e04210c2c9f20d39d8687e8f5
SHA256 e5aeab131361e683c188dda13ba3d494f3ebc58f599ff55c8dac623fe4456eeb
SHA512 ce6d65994d3342b9e78c4458723fb05c8eaf2201f73683e88e17579c7578ad09e8e3f55f9e557fcf4f00f3bf5ccd26d3d9bd71ad5a86d59d680062f02ccb8dd7

memory/1648-1070-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/1724-1071-0x000000013F750000-0x000000013FAA4000-memory.dmp

C:\Windows\system\edPhIhw.exe

MD5 0e01902396109257a504158aaabefff3
SHA1 9b0936d42e13ece020a41d18bf8299c3a0641664
SHA256 c91e190cd575cbb183d4c4b9f9d19b41011f0d58e031903cd1a0d5ff70119466
SHA512 3fb129d8295a8a42854339d5483115f54e2cdb2b74ceed6b47c636f35aae6b4c15f724a1d0083cc57e328d65704f3ab9ebd8e671ef2ff7ec71034e493957e76c

C:\Windows\system\RZcQFON.exe

MD5 d8ff4dff753ad5351046616fe8be56bb
SHA1 47f53c9cbe4ae9fb06cbb424291ed0f888735c99
SHA256 b17433b3d6f1f4151ed734a35aacf9e7cf14bb85dc6a63ad064460b9b1930b3a
SHA512 dd9b5bfaa133b7403b0792950270875f6dc476373af0ac5ef21d8a7afd2ad5f41bffd5786b9b8b854e3346c525f0c9f3d51ed19817094d5c236fcb0a26956034

C:\Windows\system\VaeiVHO.exe

MD5 cd4a8303b7d7d9cedc716906ab54cf63
SHA1 283253d477b1476d736836381c45a3120709764b
SHA256 b8ee88c1f0bae7f7f728be9e50654ba01b844a2ca4e8ce3f7db73dbeef58948a
SHA512 c9355914b85313601aea505f21b62578a1ef665902a01f2cee18e1e487e9095dc6d460864ad395c9541f495b5d0c74c674c80fffe0caeae5fb4cae3a6bd4fc01

C:\Windows\system\sqMClJQ.exe

MD5 f1dc263b41b5fd89f3127021a55c959e
SHA1 9c2c22b7cd31bd7fcf0f1fc16de5c14e44a21e0d
SHA256 3601cc7afabbac988edbe9eaba92f8f7a5da11dcbdee7d6a1dc845d1aecfb7d8
SHA512 c6a1de10f7f36dab3dda784db100320eb860c93aa396260246aff483fbd92226bad50bffbad2bc6f3f400e898940c35f651424c1b2375a6bf1189f98b71a4d1f

C:\Windows\system\QNRMFYV.exe

MD5 a0e3db9f706015c4beacd91e973b92cf
SHA1 eed0f6631dba07de68c0a4cf23864e362d04b9af
SHA256 56810b31c9dde9e736696c3b7bd30ce66b86e98526d0b0f6d8690d13a3db880a
SHA512 7ce9b43948fac8b7db1a3d3693803540c73f96bab279fd65bc489fcc46dc890758a3fe38698082ea3d1ea2bb18be7c96ebae5c125311f49d780eeca03c7170c3

C:\Windows\system\chFfvBd.exe

MD5 3b6a5363c06787e9963a4c8a1ca7e824
SHA1 3681bd6bf62448960e439dbb009e0cd77fd50db2
SHA256 f76d27ea44c50ba531b7c3fbb31d5d446b081794fc4f2bf9bdb5e4d1e1df645d
SHA512 e965854686e842eb4ceb718265f7e19d385f77018ce133e6a9178792576e0f09e810aa76f92ee63960bc6d8e232e83ae5114c9bad55d7e840b73cfcdbb10a18f

C:\Windows\system\ERSHHKm.exe

MD5 15040b5242ff46f7398cf65921db9c89
SHA1 8e160cb41469983a9fc84b05240f84ccfada1f0b
SHA256 28776028bf4bf287dbbd7be160e046af1608ca4507434e50951088407f030904
SHA512 c85798ec8e6e6be60ddab03df3388af83c9842792ec9b206193c1abe215f9e8cf303ebc4f37f789e533a3354e9ce38c297a50247fd064b01c88406f7e2fb1308

C:\Windows\system\eeFmZuX.exe

MD5 c14e8da4de47cfa74cc9cf734e362e29
SHA1 926ad90b8014f2c5f14de5973a5fcf1e95a4cd5a
SHA256 92f568006e64007f2b329bbc710ec42841e9398ee36469431799bf36e29d9df4
SHA512 bc89b17d127b45d53698f8eb3c82b7e1687e82a050ec6bb977a43ac9787a4c4112d616b063ee6afc67fe1816ef6f15aa12e08d6a131366e70bb4a45a290d8436

C:\Windows\system\BMOCmpn.exe

MD5 57174ce40bb3466220594230f01b0b4b
SHA1 7f474fda90f376ce29ed715fde2f1a38c796b343
SHA256 ca5bdadd72ab9fde23e445a9e2cf1e4c3014d3697a5cdbddcb3db3143e466d23
SHA512 cfc60c63dbce1bd77a7edce828be6d56a366482a1d9b1baa41987ce028c54e7cf829eeb66fa15b05ad6ca78f046a1046c3379c0f721d6a352243153379c68005

C:\Windows\system\ocAIYaD.exe

MD5 d9fbcd47fb682eec4debecd7c9e6d5ec
SHA1 511f3612b85877f260aa7acfb81601ff2e91fdcb
SHA256 e50a51dd1aa8c99921236aaa3f24ab741abadd3ec74b9b89f7f92d0dc9301b5c
SHA512 8861e7935ee0d630a9392093e455da217024b3786f4493463975b8a81d680ac9da5ba03482574885104d9e2dc6f19cf090b1dd1359ba9d0242195c8ee190808b

C:\Windows\system\DBgYKjx.exe

MD5 9153c92f082e233bdc630de58da2da2a
SHA1 4052a7958583123df5435862c85603a5e6082568
SHA256 0852534b5eaf50331525b59f2ad317f73afd6249a7226c4b3ee6bcff52b841b5
SHA512 3a37b7d7d92eccee511b3cb77a78d85a9b0297b9b5c56abf50187acdf6663f45261f6250633513f0cb2a34509dfa531d30149b8823303ec9dbbad2a4494e12dc

C:\Windows\system\ALKLyds.exe

MD5 3ce08e98fd83255f5b1adcaeeb0477b5
SHA1 7a67dcaee1d3c1e4080b24745f3075328f3f16c6
SHA256 00b4b69ea35bcf869df2964b0979805f22bcaf7bca50ba0b82cfe3c4ddf173eb
SHA512 6c11f50f8e304d0af89424582c8e296e5bd343b86ff06f5bc9898edac95e141040c8d529b0e913740a5364349f71b70bc26496d1f227bb8c21be1e72e0385ee3

C:\Windows\system\LgovWRp.exe

MD5 9014fb19feffc502dbd6fdbcfcdf1344
SHA1 27d391c5eebd28819d2408464a18d59c835f17fa
SHA256 7e30680781b1eb2c438720c8ba5d60a2564a9b15f8c2046b1d0254fe7f504e85
SHA512 afc6ec77b8fde12c99d95cdb70c2c33b5e8060f322c3b0e67ee30b7657ebfae44f5474c766cff9e142c0e498522ffd5c95663b0686061ee5edbbd6adabca1158

memory/1648-110-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/1144-109-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2412-108-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2484-107-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2396-106-0x000000013F230000-0x000000013F584000-memory.dmp

memory/1648-105-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\pFMMYvf.exe

MD5 6596045e5a2259a4e4037c7e670080e7
SHA1 0eb96fe1250796239f49862a42daf624e914db0b
SHA256 56507e62051f796b2610aab61423b7901d56d02cb1cdee8fc8623ed2be25cc9c
SHA512 38a275121ed8ea4a9a6fb8057a8cd2200a5a440000ea033e7dc5738faa64e56f6e6d92ab218736e06d5957d6de58fcd4e5200632d4b893d23e0df091e2823f09

memory/2560-96-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2968-94-0x000000013F6F0000-0x000000013FA44000-memory.dmp

C:\Windows\system\mbjGCdY.exe

MD5 10285c6a0a7883f87e79b4fc58183c16
SHA1 d40bd621b77a0191c75e862b43a257368506d6a5
SHA256 20eb8cd696da0c65742f98f989a94b55ac3ce7ec6cf81d29ad52863c18cffa50
SHA512 e6001e7c90c197696c5e01b0f252c68da9474122c2f8fab54c3768443051bd3644837c9c3a54633fd1be2c3566b6ff614382baf5c2230e847f2041b7793202b8

memory/1648-90-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/1648-89-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2540-86-0x000000013F9B0000-0x000000013FD04000-memory.dmp

C:\Windows\system\FbTubBC.exe

MD5 2cfe9bc621a0043af3674d90166eee75
SHA1 c2a92f1e72804581f9d4caf7653da99676af1736
SHA256 ae7dfbd4da49d9c008c36e604c673c84aaf6269dc0bd63e4227de1f20fff7fb9
SHA512 dbc990facb7da6b10a600df62f28f22c755962b653b58270feff8caf9f7ccc75cf3ec17dfa4739009efa43848e73ad8b6b7cc0bbeea6f3fdfb00cb51198ec412

memory/2156-81-0x000000013F2F0000-0x000000013F644000-memory.dmp

C:\Windows\system\MKaCWJb.exe

MD5 56297068004197cb4271a35189b27508
SHA1 1c922969596753e07030faa5c48cc86513d45629
SHA256 4295736ca1fb01bb2bbb297cbb40af79ff79dff58274252ebaf2295b71829867
SHA512 996007cb718dda015fe2564311e525ff720a49fdb3369cfd1e2b8c53d19f77415b5980c997b088288d17edc2e1752fdd733f876f09b564605a2c0f19cd14c041

C:\Windows\system\RMCmWWN.exe

MD5 f78c5e7f1dbd84eb29fc0522ac90b29d
SHA1 214182123a0850b0101de640517f50c26c0fb5b5
SHA256 2092dab6f0b9a8b8cb1687cc81de914528e85edd1d591c704c650536f502f7b9
SHA512 cbdf981119fa3b291d628eea8eca547cace59d6426343c92346e8edd75f466209114de2573b0a7f9c55b04529a94a18ed564690efe82868d9de0ce610ab839c5

C:\Windows\system\EbSYfrx.exe

MD5 8a1c26822326b504d79f5377d0fc98f6
SHA1 c7b6dcae7f54f67d3677db12895f8b0470e5936d
SHA256 545a4365785112d95acdda54e015e76cab33ce1533532ab7a0d09d21247bed78
SHA512 0e637ef00f10358c4c221b45f74dff315de4c110b2032cf2db232d73676a5db1680391528aaa99e2c7eafb4ce60e34b93dd8e35b3169f09cb2384fc2209e8a5f

memory/1648-75-0x00000000020D0000-0x0000000002424000-memory.dmp

C:\Windows\system\TVaumWM.exe

MD5 38571dcab34800128091c98444c463bb
SHA1 7b219ba7c1cf521c97396024c17828f30f49fdd2
SHA256 c1fe93374ff8fa15c71341bc44342d581a7fb6ded12db43c77ae2882a4814346
SHA512 9b58308000e59bd860b02bc3e08d3712c2bf58809461417fd0806a384b6ff8d623183000ec62d135ec3fe54572a4d16466b736d9142948c97679fe00e855c2ea

memory/1648-61-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/1648-60-0x000000013F230000-0x000000013F584000-memory.dmp

C:\Windows\system\NsZyoeo.exe

MD5 6756b70626959a28972a8b4b8f2c349a
SHA1 985eea116cde959e226d4d2bd592271d74f98e4d
SHA256 38cd65f8149823a47dac9a7dd88c11424f8bb707d519a477dd00c711d057ef7d
SHA512 e035b102f1e0f87060ba4db4be312bd0f76e53aa2c61f41b22960884ae5d7f93ba171b64e8d1c63cb352cd2a9ace9213a2254362ade72d23d1ba91c9a15b1cbb

C:\Windows\system\ruxCKQf.exe

MD5 c378d274f8859e29b79e1792756f2b53
SHA1 b042ac136cbacdf53b15cb8f0706013a4783c344
SHA256 bdbb441892b2704fc94ca445f4054f18f9e3e0b5b7780bdff00ec34429121b5f
SHA512 73b8c68a795234c5eb9f9244558b60aca61ab35601b6004671dd1cc0572e3fa7c759fc3e8deb49884523d8677414378b298ef489d868c5a754056d700cfa10c8

memory/2524-52-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/1648-46-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/2876-43-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1648-39-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/1648-1072-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/1648-1073-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2524-1074-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/1648-1075-0x000000013F230000-0x000000013F584000-memory.dmp

memory/1648-1076-0x00000000020D0000-0x0000000002424000-memory.dmp

memory/1648-1077-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/1144-1078-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/1724-1079-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2632-1081-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2716-1080-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2692-1082-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2876-1083-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2524-1084-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2396-1086-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2540-1085-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2156-1087-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2484-1090-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2412-1091-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2560-1089-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2968-1088-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/1144-1092-0x000000013F830000-0x000000013FB84000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 12:57

Reported

2024-06-20 13:00

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lmKLpUQ.exe N/A
N/A N/A C:\Windows\System\BHvDpkK.exe N/A
N/A N/A C:\Windows\System\aGSACum.exe N/A
N/A N/A C:\Windows\System\ayFwzff.exe N/A
N/A N/A C:\Windows\System\QSEBIKR.exe N/A
N/A N/A C:\Windows\System\sVpGdvq.exe N/A
N/A N/A C:\Windows\System\dyXeeMV.exe N/A
N/A N/A C:\Windows\System\JKiyHaI.exe N/A
N/A N/A C:\Windows\System\yLKvLRz.exe N/A
N/A N/A C:\Windows\System\haqPpiR.exe N/A
N/A N/A C:\Windows\System\kvzTWox.exe N/A
N/A N/A C:\Windows\System\JnydCxv.exe N/A
N/A N/A C:\Windows\System\qhhVjux.exe N/A
N/A N/A C:\Windows\System\oPfhcop.exe N/A
N/A N/A C:\Windows\System\KMRsSfZ.exe N/A
N/A N/A C:\Windows\System\ydAYfei.exe N/A
N/A N/A C:\Windows\System\RTYCcyX.exe N/A
N/A N/A C:\Windows\System\jYNOKBd.exe N/A
N/A N/A C:\Windows\System\pigkJCO.exe N/A
N/A N/A C:\Windows\System\DMhmVXI.exe N/A
N/A N/A C:\Windows\System\pKxespa.exe N/A
N/A N/A C:\Windows\System\rydTEqX.exe N/A
N/A N/A C:\Windows\System\GCdRLCV.exe N/A
N/A N/A C:\Windows\System\CXeMSaL.exe N/A
N/A N/A C:\Windows\System\ZXUHmOJ.exe N/A
N/A N/A C:\Windows\System\zuvcVjN.exe N/A
N/A N/A C:\Windows\System\vHhbwPA.exe N/A
N/A N/A C:\Windows\System\eScYQgs.exe N/A
N/A N/A C:\Windows\System\UDjLBna.exe N/A
N/A N/A C:\Windows\System\huQfqwr.exe N/A
N/A N/A C:\Windows\System\piPKuUx.exe N/A
N/A N/A C:\Windows\System\PmTOKZg.exe N/A
N/A N/A C:\Windows\System\PeHgebI.exe N/A
N/A N/A C:\Windows\System\sAlglqq.exe N/A
N/A N/A C:\Windows\System\etLuUBP.exe N/A
N/A N/A C:\Windows\System\ZGFzoZu.exe N/A
N/A N/A C:\Windows\System\zBhuljW.exe N/A
N/A N/A C:\Windows\System\eLrLcTt.exe N/A
N/A N/A C:\Windows\System\zOnkxHa.exe N/A
N/A N/A C:\Windows\System\okYBfIV.exe N/A
N/A N/A C:\Windows\System\AdxQGaJ.exe N/A
N/A N/A C:\Windows\System\duCiLUF.exe N/A
N/A N/A C:\Windows\System\BYPVUnu.exe N/A
N/A N/A C:\Windows\System\pUIGhAN.exe N/A
N/A N/A C:\Windows\System\hJcBgom.exe N/A
N/A N/A C:\Windows\System\JBErhzi.exe N/A
N/A N/A C:\Windows\System\irBBEOe.exe N/A
N/A N/A C:\Windows\System\DVyXKdt.exe N/A
N/A N/A C:\Windows\System\kQafzCU.exe N/A
N/A N/A C:\Windows\System\AiDmqZx.exe N/A
N/A N/A C:\Windows\System\EEaqSMb.exe N/A
N/A N/A C:\Windows\System\XKzDmbY.exe N/A
N/A N/A C:\Windows\System\yviaxwP.exe N/A
N/A N/A C:\Windows\System\iBgwtbH.exe N/A
N/A N/A C:\Windows\System\uxXqBVi.exe N/A
N/A N/A C:\Windows\System\cKEaNps.exe N/A
N/A N/A C:\Windows\System\CyXhWUr.exe N/A
N/A N/A C:\Windows\System\oDqvdLr.exe N/A
N/A N/A C:\Windows\System\EmcANgX.exe N/A
N/A N/A C:\Windows\System\yyeuLGE.exe N/A
N/A N/A C:\Windows\System\lRmKZJq.exe N/A
N/A N/A C:\Windows\System\wHRlSyZ.exe N/A
N/A N/A C:\Windows\System\eWRfDxT.exe N/A
N/A N/A C:\Windows\System\WClysjO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OCXwJPs.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\InJaawP.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\huQfqwr.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjTMAXv.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EjpCUtb.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfZReNo.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryOOKFp.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDtxnpk.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZwuvoF.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSwCdZb.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHhbwPA.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\etLuUBP.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\traaCHT.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTVDHVE.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHAgkTW.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JKiyHaI.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTYCcyX.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMhmVXI.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgnGoRa.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\oztvsYw.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujSFvwW.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rbUMOly.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKhgPrv.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\weSfHmg.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\kvzTWox.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCdRLCV.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\zBhuljW.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKNtKlu.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwKVDzt.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\czqzKEY.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\kAfTmiC.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTlwAzz.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\WayLFyu.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\efzYGpL.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXpoMVx.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsVFNBL.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\agrJOzX.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwLdwkG.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtcqgmQ.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfxwNUR.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVPCjtR.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBJCHek.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXHhTUr.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BHvDpkK.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdQjzeu.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmLpaTX.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRwtopU.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\AzRrrYk.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\eScYQgs.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\PeHgebI.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJcBgom.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qtGGSfp.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoaIzaN.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgjJfzE.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrLKBNr.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\naXtoKp.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EEaqSMb.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VSKJRvS.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\RhJImLk.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\zfBoMLr.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsOcTzK.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFTKJPK.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\UJEdqMJ.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmaOUyW.exe C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3220 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\lmKLpUQ.exe
PID 3220 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\lmKLpUQ.exe
PID 3220 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\BHvDpkK.exe
PID 3220 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\BHvDpkK.exe
PID 3220 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\aGSACum.exe
PID 3220 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\aGSACum.exe
PID 3220 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ayFwzff.exe
PID 3220 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ayFwzff.exe
PID 3220 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\QSEBIKR.exe
PID 3220 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\QSEBIKR.exe
PID 3220 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\sVpGdvq.exe
PID 3220 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\sVpGdvq.exe
PID 3220 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\dyXeeMV.exe
PID 3220 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\dyXeeMV.exe
PID 3220 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\JKiyHaI.exe
PID 3220 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\JKiyHaI.exe
PID 3220 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\yLKvLRz.exe
PID 3220 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\yLKvLRz.exe
PID 3220 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\haqPpiR.exe
PID 3220 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\haqPpiR.exe
PID 3220 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\kvzTWox.exe
PID 3220 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\kvzTWox.exe
PID 3220 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\JnydCxv.exe
PID 3220 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\JnydCxv.exe
PID 3220 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\qhhVjux.exe
PID 3220 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\qhhVjux.exe
PID 3220 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\oPfhcop.exe
PID 3220 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\oPfhcop.exe
PID 3220 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\KMRsSfZ.exe
PID 3220 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\KMRsSfZ.exe
PID 3220 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ydAYfei.exe
PID 3220 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ydAYfei.exe
PID 3220 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\RTYCcyX.exe
PID 3220 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\RTYCcyX.exe
PID 3220 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\jYNOKBd.exe
PID 3220 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\jYNOKBd.exe
PID 3220 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pigkJCO.exe
PID 3220 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pigkJCO.exe
PID 3220 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\DMhmVXI.exe
PID 3220 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\DMhmVXI.exe
PID 3220 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pKxespa.exe
PID 3220 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\pKxespa.exe
PID 3220 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\rydTEqX.exe
PID 3220 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\rydTEqX.exe
PID 3220 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\GCdRLCV.exe
PID 3220 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\GCdRLCV.exe
PID 3220 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\CXeMSaL.exe
PID 3220 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\CXeMSaL.exe
PID 3220 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ZXUHmOJ.exe
PID 3220 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\ZXUHmOJ.exe
PID 3220 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\zuvcVjN.exe
PID 3220 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\zuvcVjN.exe
PID 3220 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\vHhbwPA.exe
PID 3220 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\vHhbwPA.exe
PID 3220 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\eScYQgs.exe
PID 3220 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\eScYQgs.exe
PID 3220 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\UDjLBna.exe
PID 3220 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\UDjLBna.exe
PID 3220 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\huQfqwr.exe
PID 3220 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\huQfqwr.exe
PID 3220 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\piPKuUx.exe
PID 3220 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\piPKuUx.exe
PID 3220 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\PmTOKZg.exe
PID 3220 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe C:\Windows\System\PmTOKZg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\64d2ace8e6daa9e97347b14e345f9610c9a0d0d450d06836731e508829e50fcf_NeikiAnalytics.exe"

C:\Windows\System\lmKLpUQ.exe

C:\Windows\System\lmKLpUQ.exe

C:\Windows\System\BHvDpkK.exe

C:\Windows\System\BHvDpkK.exe

C:\Windows\System\aGSACum.exe

C:\Windows\System\aGSACum.exe

C:\Windows\System\ayFwzff.exe

C:\Windows\System\ayFwzff.exe

C:\Windows\System\QSEBIKR.exe

C:\Windows\System\QSEBIKR.exe

C:\Windows\System\sVpGdvq.exe

C:\Windows\System\sVpGdvq.exe

C:\Windows\System\dyXeeMV.exe

C:\Windows\System\dyXeeMV.exe

C:\Windows\System\JKiyHaI.exe

C:\Windows\System\JKiyHaI.exe

C:\Windows\System\yLKvLRz.exe

C:\Windows\System\yLKvLRz.exe

C:\Windows\System\haqPpiR.exe

C:\Windows\System\haqPpiR.exe

C:\Windows\System\kvzTWox.exe

C:\Windows\System\kvzTWox.exe

C:\Windows\System\JnydCxv.exe

C:\Windows\System\JnydCxv.exe

C:\Windows\System\qhhVjux.exe

C:\Windows\System\qhhVjux.exe

C:\Windows\System\oPfhcop.exe

C:\Windows\System\oPfhcop.exe

C:\Windows\System\KMRsSfZ.exe

C:\Windows\System\KMRsSfZ.exe

C:\Windows\System\ydAYfei.exe

C:\Windows\System\ydAYfei.exe

C:\Windows\System\RTYCcyX.exe

C:\Windows\System\RTYCcyX.exe

C:\Windows\System\jYNOKBd.exe

C:\Windows\System\jYNOKBd.exe

C:\Windows\System\pigkJCO.exe

C:\Windows\System\pigkJCO.exe

C:\Windows\System\DMhmVXI.exe

C:\Windows\System\DMhmVXI.exe

C:\Windows\System\pKxespa.exe

C:\Windows\System\pKxespa.exe

C:\Windows\System\rydTEqX.exe

C:\Windows\System\rydTEqX.exe

C:\Windows\System\GCdRLCV.exe

C:\Windows\System\GCdRLCV.exe

C:\Windows\System\CXeMSaL.exe

C:\Windows\System\CXeMSaL.exe

C:\Windows\System\ZXUHmOJ.exe

C:\Windows\System\ZXUHmOJ.exe

C:\Windows\System\zuvcVjN.exe

C:\Windows\System\zuvcVjN.exe

C:\Windows\System\vHhbwPA.exe

C:\Windows\System\vHhbwPA.exe

C:\Windows\System\eScYQgs.exe

C:\Windows\System\eScYQgs.exe

C:\Windows\System\UDjLBna.exe

C:\Windows\System\UDjLBna.exe

C:\Windows\System\huQfqwr.exe

C:\Windows\System\huQfqwr.exe

C:\Windows\System\piPKuUx.exe

C:\Windows\System\piPKuUx.exe

C:\Windows\System\PmTOKZg.exe

C:\Windows\System\PmTOKZg.exe

C:\Windows\System\PeHgebI.exe

C:\Windows\System\PeHgebI.exe

C:\Windows\System\sAlglqq.exe

C:\Windows\System\sAlglqq.exe

C:\Windows\System\etLuUBP.exe

C:\Windows\System\etLuUBP.exe

C:\Windows\System\ZGFzoZu.exe

C:\Windows\System\ZGFzoZu.exe

C:\Windows\System\zBhuljW.exe

C:\Windows\System\zBhuljW.exe

C:\Windows\System\eLrLcTt.exe

C:\Windows\System\eLrLcTt.exe

C:\Windows\System\zOnkxHa.exe

C:\Windows\System\zOnkxHa.exe

C:\Windows\System\okYBfIV.exe

C:\Windows\System\okYBfIV.exe

C:\Windows\System\AdxQGaJ.exe

C:\Windows\System\AdxQGaJ.exe

C:\Windows\System\duCiLUF.exe

C:\Windows\System\duCiLUF.exe

C:\Windows\System\BYPVUnu.exe

C:\Windows\System\BYPVUnu.exe

C:\Windows\System\pUIGhAN.exe

C:\Windows\System\pUIGhAN.exe

C:\Windows\System\hJcBgom.exe

C:\Windows\System\hJcBgom.exe

C:\Windows\System\JBErhzi.exe

C:\Windows\System\JBErhzi.exe

C:\Windows\System\irBBEOe.exe

C:\Windows\System\irBBEOe.exe

C:\Windows\System\DVyXKdt.exe

C:\Windows\System\DVyXKdt.exe

C:\Windows\System\kQafzCU.exe

C:\Windows\System\kQafzCU.exe

C:\Windows\System\AiDmqZx.exe

C:\Windows\System\AiDmqZx.exe

C:\Windows\System\EEaqSMb.exe

C:\Windows\System\EEaqSMb.exe

C:\Windows\System\XKzDmbY.exe

C:\Windows\System\XKzDmbY.exe

C:\Windows\System\yviaxwP.exe

C:\Windows\System\yviaxwP.exe

C:\Windows\System\iBgwtbH.exe

C:\Windows\System\iBgwtbH.exe

C:\Windows\System\uxXqBVi.exe

C:\Windows\System\uxXqBVi.exe

C:\Windows\System\cKEaNps.exe

C:\Windows\System\cKEaNps.exe

C:\Windows\System\CyXhWUr.exe

C:\Windows\System\CyXhWUr.exe

C:\Windows\System\oDqvdLr.exe

C:\Windows\System\oDqvdLr.exe

C:\Windows\System\EmcANgX.exe

C:\Windows\System\EmcANgX.exe

C:\Windows\System\yyeuLGE.exe

C:\Windows\System\yyeuLGE.exe

C:\Windows\System\lRmKZJq.exe

C:\Windows\System\lRmKZJq.exe

C:\Windows\System\wHRlSyZ.exe

C:\Windows\System\wHRlSyZ.exe

C:\Windows\System\eWRfDxT.exe

C:\Windows\System\eWRfDxT.exe

C:\Windows\System\WClysjO.exe

C:\Windows\System\WClysjO.exe

C:\Windows\System\IgnGoRa.exe

C:\Windows\System\IgnGoRa.exe

C:\Windows\System\QlJUpEf.exe

C:\Windows\System\QlJUpEf.exe

C:\Windows\System\HstHJAM.exe

C:\Windows\System\HstHJAM.exe

C:\Windows\System\uVPDEqa.exe

C:\Windows\System\uVPDEqa.exe

C:\Windows\System\cKyYhKH.exe

C:\Windows\System\cKyYhKH.exe

C:\Windows\System\vZNpRKu.exe

C:\Windows\System\vZNpRKu.exe

C:\Windows\System\oztvsYw.exe

C:\Windows\System\oztvsYw.exe

C:\Windows\System\zvKBdoN.exe

C:\Windows\System\zvKBdoN.exe

C:\Windows\System\pulozbi.exe

C:\Windows\System\pulozbi.exe

C:\Windows\System\oZEFvHv.exe

C:\Windows\System\oZEFvHv.exe

C:\Windows\System\efzYGpL.exe

C:\Windows\System\efzYGpL.exe

C:\Windows\System\EQBIseD.exe

C:\Windows\System\EQBIseD.exe

C:\Windows\System\SFEAiBT.exe

C:\Windows\System\SFEAiBT.exe

C:\Windows\System\ebMdIGm.exe

C:\Windows\System\ebMdIGm.exe

C:\Windows\System\vTbpnDv.exe

C:\Windows\System\vTbpnDv.exe

C:\Windows\System\afiHZdd.exe

C:\Windows\System\afiHZdd.exe

C:\Windows\System\QepYynE.exe

C:\Windows\System\QepYynE.exe

C:\Windows\System\YOdbruI.exe

C:\Windows\System\YOdbruI.exe

C:\Windows\System\zSgxSfL.exe

C:\Windows\System\zSgxSfL.exe

C:\Windows\System\QRaDqgg.exe

C:\Windows\System\QRaDqgg.exe

C:\Windows\System\iJRCOJJ.exe

C:\Windows\System\iJRCOJJ.exe

C:\Windows\System\eKNtKlu.exe

C:\Windows\System\eKNtKlu.exe

C:\Windows\System\CwgKhAL.exe

C:\Windows\System\CwgKhAL.exe

C:\Windows\System\apUPNdR.exe

C:\Windows\System\apUPNdR.exe

C:\Windows\System\tfUkuRB.exe

C:\Windows\System\tfUkuRB.exe

C:\Windows\System\qzlnZih.exe

C:\Windows\System\qzlnZih.exe

C:\Windows\System\tptxnKs.exe

C:\Windows\System\tptxnKs.exe

C:\Windows\System\yJdsBLn.exe

C:\Windows\System\yJdsBLn.exe

C:\Windows\System\aUkGIyJ.exe

C:\Windows\System\aUkGIyJ.exe

C:\Windows\System\sWSjmXv.exe

C:\Windows\System\sWSjmXv.exe

C:\Windows\System\qmhjxsy.exe

C:\Windows\System\qmhjxsy.exe

C:\Windows\System\FjTMAXv.exe

C:\Windows\System\FjTMAXv.exe

C:\Windows\System\sGWnwuu.exe

C:\Windows\System\sGWnwuu.exe

C:\Windows\System\dRWrMds.exe

C:\Windows\System\dRWrMds.exe

C:\Windows\System\qtGGSfp.exe

C:\Windows\System\qtGGSfp.exe

C:\Windows\System\ObhuADE.exe

C:\Windows\System\ObhuADE.exe

C:\Windows\System\cJlHdBr.exe

C:\Windows\System\cJlHdBr.exe

C:\Windows\System\MZKyfwx.exe

C:\Windows\System\MZKyfwx.exe

C:\Windows\System\evRTAQm.exe

C:\Windows\System\evRTAQm.exe

C:\Windows\System\ZATdmun.exe

C:\Windows\System\ZATdmun.exe

C:\Windows\System\aEZgzkK.exe

C:\Windows\System\aEZgzkK.exe

C:\Windows\System\iJyvnaF.exe

C:\Windows\System\iJyvnaF.exe

C:\Windows\System\oNpBjSz.exe

C:\Windows\System\oNpBjSz.exe

C:\Windows\System\gdQjzeu.exe

C:\Windows\System\gdQjzeu.exe

C:\Windows\System\MNymjmg.exe

C:\Windows\System\MNymjmg.exe

C:\Windows\System\PldJWqo.exe

C:\Windows\System\PldJWqo.exe

C:\Windows\System\NoBOcNc.exe

C:\Windows\System\NoBOcNc.exe

C:\Windows\System\EQGuOOq.exe

C:\Windows\System\EQGuOOq.exe

C:\Windows\System\wweBAac.exe

C:\Windows\System\wweBAac.exe

C:\Windows\System\cHLhqxk.exe

C:\Windows\System\cHLhqxk.exe

C:\Windows\System\tyWNABh.exe

C:\Windows\System\tyWNABh.exe

C:\Windows\System\HxmoWHf.exe

C:\Windows\System\HxmoWHf.exe

C:\Windows\System\MbcCJjI.exe

C:\Windows\System\MbcCJjI.exe

C:\Windows\System\LrTuWoV.exe

C:\Windows\System\LrTuWoV.exe

C:\Windows\System\ujSFvwW.exe

C:\Windows\System\ujSFvwW.exe

C:\Windows\System\bDGCNQv.exe

C:\Windows\System\bDGCNQv.exe

C:\Windows\System\quElzAn.exe

C:\Windows\System\quElzAn.exe

C:\Windows\System\kwKVDzt.exe

C:\Windows\System\kwKVDzt.exe

C:\Windows\System\XghWepK.exe

C:\Windows\System\XghWepK.exe

C:\Windows\System\ackAZdt.exe

C:\Windows\System\ackAZdt.exe

C:\Windows\System\GNyndca.exe

C:\Windows\System\GNyndca.exe

C:\Windows\System\rjUnKjC.exe

C:\Windows\System\rjUnKjC.exe

C:\Windows\System\dElsBjz.exe

C:\Windows\System\dElsBjz.exe

C:\Windows\System\owKQEzz.exe

C:\Windows\System\owKQEzz.exe

C:\Windows\System\PbVuePU.exe

C:\Windows\System\PbVuePU.exe

C:\Windows\System\EcVooHV.exe

C:\Windows\System\EcVooHV.exe

C:\Windows\System\bPIZkqD.exe

C:\Windows\System\bPIZkqD.exe

C:\Windows\System\hUzwXbA.exe

C:\Windows\System\hUzwXbA.exe

C:\Windows\System\dCAYATn.exe

C:\Windows\System\dCAYATn.exe

C:\Windows\System\LoaIzaN.exe

C:\Windows\System\LoaIzaN.exe

C:\Windows\System\boYAMzx.exe

C:\Windows\System\boYAMzx.exe

C:\Windows\System\WuxqkCT.exe

C:\Windows\System\WuxqkCT.exe

C:\Windows\System\vdFmCuF.exe

C:\Windows\System\vdFmCuF.exe

C:\Windows\System\KiKOEPl.exe

C:\Windows\System\KiKOEPl.exe

C:\Windows\System\udLMXNi.exe

C:\Windows\System\udLMXNi.exe

C:\Windows\System\nhGYLxV.exe

C:\Windows\System\nhGYLxV.exe

C:\Windows\System\rgxqhXp.exe

C:\Windows\System\rgxqhXp.exe

C:\Windows\System\wGCFOaR.exe

C:\Windows\System\wGCFOaR.exe

C:\Windows\System\czqzKEY.exe

C:\Windows\System\czqzKEY.exe

C:\Windows\System\cqMBQfZ.exe

C:\Windows\System\cqMBQfZ.exe

C:\Windows\System\moEvOeg.exe

C:\Windows\System\moEvOeg.exe

C:\Windows\System\veJDzuT.exe

C:\Windows\System\veJDzuT.exe

C:\Windows\System\jsQVMEl.exe

C:\Windows\System\jsQVMEl.exe

C:\Windows\System\aGzwqHe.exe

C:\Windows\System\aGzwqHe.exe

C:\Windows\System\FxtGgtV.exe

C:\Windows\System\FxtGgtV.exe

C:\Windows\System\hJCcChI.exe

C:\Windows\System\hJCcChI.exe

C:\Windows\System\eNdMYwB.exe

C:\Windows\System\eNdMYwB.exe

C:\Windows\System\QABkpnp.exe

C:\Windows\System\QABkpnp.exe

C:\Windows\System\EjpCUtb.exe

C:\Windows\System\EjpCUtb.exe

C:\Windows\System\DhLQYka.exe

C:\Windows\System\DhLQYka.exe

C:\Windows\System\cIwSWcB.exe

C:\Windows\System\cIwSWcB.exe

C:\Windows\System\mzbQEUq.exe

C:\Windows\System\mzbQEUq.exe

C:\Windows\System\KXpoMVx.exe

C:\Windows\System\KXpoMVx.exe

C:\Windows\System\TGgsfZm.exe

C:\Windows\System\TGgsfZm.exe

C:\Windows\System\vpUUjyx.exe

C:\Windows\System\vpUUjyx.exe

C:\Windows\System\YmGZjaH.exe

C:\Windows\System\YmGZjaH.exe

C:\Windows\System\BGjHlkn.exe

C:\Windows\System\BGjHlkn.exe

C:\Windows\System\xrOccIz.exe

C:\Windows\System\xrOccIz.exe

C:\Windows\System\JLsyVol.exe

C:\Windows\System\JLsyVol.exe

C:\Windows\System\kAfTmiC.exe

C:\Windows\System\kAfTmiC.exe

C:\Windows\System\DeYXhzu.exe

C:\Windows\System\DeYXhzu.exe

C:\Windows\System\dCtJInQ.exe

C:\Windows\System\dCtJInQ.exe

C:\Windows\System\ejJrNHe.exe

C:\Windows\System\ejJrNHe.exe

C:\Windows\System\rWuwUcW.exe

C:\Windows\System\rWuwUcW.exe

C:\Windows\System\hXFMjsy.exe

C:\Windows\System\hXFMjsy.exe

C:\Windows\System\tzBTfcL.exe

C:\Windows\System\tzBTfcL.exe

C:\Windows\System\dXqhmoU.exe

C:\Windows\System\dXqhmoU.exe

C:\Windows\System\LCpaIme.exe

C:\Windows\System\LCpaIme.exe

C:\Windows\System\cmLpaTX.exe

C:\Windows\System\cmLpaTX.exe

C:\Windows\System\KMfEUfh.exe

C:\Windows\System\KMfEUfh.exe

C:\Windows\System\sJbkTxo.exe

C:\Windows\System\sJbkTxo.exe

C:\Windows\System\fsUvTqh.exe

C:\Windows\System\fsUvTqh.exe

C:\Windows\System\lgjJfzE.exe

C:\Windows\System\lgjJfzE.exe

C:\Windows\System\SOumnRA.exe

C:\Windows\System\SOumnRA.exe

C:\Windows\System\FfZReNo.exe

C:\Windows\System\FfZReNo.exe

C:\Windows\System\qEqBVhp.exe

C:\Windows\System\qEqBVhp.exe

C:\Windows\System\JsVFNBL.exe

C:\Windows\System\JsVFNBL.exe

C:\Windows\System\MYSZegz.exe

C:\Windows\System\MYSZegz.exe

C:\Windows\System\HwLdwkG.exe

C:\Windows\System\HwLdwkG.exe

C:\Windows\System\wJvBBzP.exe

C:\Windows\System\wJvBBzP.exe

C:\Windows\System\NSKpOZH.exe

C:\Windows\System\NSKpOZH.exe

C:\Windows\System\nLBltjd.exe

C:\Windows\System\nLBltjd.exe

C:\Windows\System\gUamDlO.exe

C:\Windows\System\gUamDlO.exe

C:\Windows\System\KNSnZud.exe

C:\Windows\System\KNSnZud.exe

C:\Windows\System\VSKJRvS.exe

C:\Windows\System\VSKJRvS.exe

C:\Windows\System\CrLKBNr.exe

C:\Windows\System\CrLKBNr.exe

C:\Windows\System\MFjpKkK.exe

C:\Windows\System\MFjpKkK.exe

C:\Windows\System\ZLHXgje.exe

C:\Windows\System\ZLHXgje.exe

C:\Windows\System\NcsWxHE.exe

C:\Windows\System\NcsWxHE.exe

C:\Windows\System\LKtjsmJ.exe

C:\Windows\System\LKtjsmJ.exe

C:\Windows\System\VMOpzLL.exe

C:\Windows\System\VMOpzLL.exe

C:\Windows\System\VCPYElp.exe

C:\Windows\System\VCPYElp.exe

C:\Windows\System\RhJImLk.exe

C:\Windows\System\RhJImLk.exe

C:\Windows\System\KXYoicQ.exe

C:\Windows\System\KXYoicQ.exe

C:\Windows\System\nYwyiGW.exe

C:\Windows\System\nYwyiGW.exe

C:\Windows\System\obujXvC.exe

C:\Windows\System\obujXvC.exe

C:\Windows\System\qAaxiPK.exe

C:\Windows\System\qAaxiPK.exe

C:\Windows\System\ugPpOHd.exe

C:\Windows\System\ugPpOHd.exe

C:\Windows\System\dQdLEBy.exe

C:\Windows\System\dQdLEBy.exe

C:\Windows\System\yifJZyr.exe

C:\Windows\System\yifJZyr.exe

C:\Windows\System\PEaScMZ.exe

C:\Windows\System\PEaScMZ.exe

C:\Windows\System\PZUiSgX.exe

C:\Windows\System\PZUiSgX.exe

C:\Windows\System\dpKCHnE.exe

C:\Windows\System\dpKCHnE.exe

C:\Windows\System\wXshGiu.exe

C:\Windows\System\wXshGiu.exe

C:\Windows\System\JtcqgmQ.exe

C:\Windows\System\JtcqgmQ.exe

C:\Windows\System\hwDhEtI.exe

C:\Windows\System\hwDhEtI.exe

C:\Windows\System\qfvfesp.exe

C:\Windows\System\qfvfesp.exe

C:\Windows\System\sWmObMo.exe

C:\Windows\System\sWmObMo.exe

C:\Windows\System\rbUMOly.exe

C:\Windows\System\rbUMOly.exe

C:\Windows\System\ZsYDBHx.exe

C:\Windows\System\ZsYDBHx.exe

C:\Windows\System\ryOOKFp.exe

C:\Windows\System\ryOOKFp.exe

C:\Windows\System\FhKkEWd.exe

C:\Windows\System\FhKkEWd.exe

C:\Windows\System\IOUFsUU.exe

C:\Windows\System\IOUFsUU.exe

C:\Windows\System\awTMEGI.exe

C:\Windows\System\awTMEGI.exe

C:\Windows\System\etftliY.exe

C:\Windows\System\etftliY.exe

C:\Windows\System\eIuJtuf.exe

C:\Windows\System\eIuJtuf.exe

C:\Windows\System\YHAgkTW.exe

C:\Windows\System\YHAgkTW.exe

C:\Windows\System\OWpFnsR.exe

C:\Windows\System\OWpFnsR.exe

C:\Windows\System\cDtxnpk.exe

C:\Windows\System\cDtxnpk.exe

C:\Windows\System\CfxwNUR.exe

C:\Windows\System\CfxwNUR.exe

C:\Windows\System\ORdAvmj.exe

C:\Windows\System\ORdAvmj.exe

C:\Windows\System\zfBoMLr.exe

C:\Windows\System\zfBoMLr.exe

C:\Windows\System\uDKToiZ.exe

C:\Windows\System\uDKToiZ.exe

C:\Windows\System\xsOcTzK.exe

C:\Windows\System\xsOcTzK.exe

C:\Windows\System\AyPeVZp.exe

C:\Windows\System\AyPeVZp.exe

C:\Windows\System\qLhhvIO.exe

C:\Windows\System\qLhhvIO.exe

C:\Windows\System\dbCXcsw.exe

C:\Windows\System\dbCXcsw.exe

C:\Windows\System\cVPCjtR.exe

C:\Windows\System\cVPCjtR.exe

C:\Windows\System\cxvVYmd.exe

C:\Windows\System\cxvVYmd.exe

C:\Windows\System\pSHmrWJ.exe

C:\Windows\System\pSHmrWJ.exe

C:\Windows\System\BTmWlCL.exe

C:\Windows\System\BTmWlCL.exe

C:\Windows\System\WXUBmsZ.exe

C:\Windows\System\WXUBmsZ.exe

C:\Windows\System\LRXTlhH.exe

C:\Windows\System\LRXTlhH.exe

C:\Windows\System\YuyoJex.exe

C:\Windows\System\YuyoJex.exe

C:\Windows\System\TaaPjag.exe

C:\Windows\System\TaaPjag.exe

C:\Windows\System\weSfHmg.exe

C:\Windows\System\weSfHmg.exe

C:\Windows\System\KTlwAzz.exe

C:\Windows\System\KTlwAzz.exe

C:\Windows\System\SnwJLwG.exe

C:\Windows\System\SnwJLwG.exe

C:\Windows\System\iRwtopU.exe

C:\Windows\System\iRwtopU.exe

C:\Windows\System\CCrXZUb.exe

C:\Windows\System\CCrXZUb.exe

C:\Windows\System\kCxaheq.exe

C:\Windows\System\kCxaheq.exe

C:\Windows\System\qlXoTZX.exe

C:\Windows\System\qlXoTZX.exe

C:\Windows\System\LBJCHek.exe

C:\Windows\System\LBJCHek.exe

C:\Windows\System\fZXyAdQ.exe

C:\Windows\System\fZXyAdQ.exe

C:\Windows\System\JhhCDEi.exe

C:\Windows\System\JhhCDEi.exe

C:\Windows\System\voDITjm.exe

C:\Windows\System\voDITjm.exe

C:\Windows\System\HySwXFX.exe

C:\Windows\System\HySwXFX.exe

C:\Windows\System\WDxSYRo.exe

C:\Windows\System\WDxSYRo.exe

C:\Windows\System\CNFfVdM.exe

C:\Windows\System\CNFfVdM.exe

C:\Windows\System\hzciVdP.exe

C:\Windows\System\hzciVdP.exe

C:\Windows\System\bBqnhGI.exe

C:\Windows\System\bBqnhGI.exe

C:\Windows\System\YFTKJPK.exe

C:\Windows\System\YFTKJPK.exe

C:\Windows\System\BGhXXNg.exe

C:\Windows\System\BGhXXNg.exe

C:\Windows\System\YNkQzwl.exe

C:\Windows\System\YNkQzwl.exe

C:\Windows\System\RibUaoc.exe

C:\Windows\System\RibUaoc.exe

C:\Windows\System\lZwuvoF.exe

C:\Windows\System\lZwuvoF.exe

C:\Windows\System\YhpawmZ.exe

C:\Windows\System\YhpawmZ.exe

C:\Windows\System\myTZpjl.exe

C:\Windows\System\myTZpjl.exe

C:\Windows\System\GEVhPgD.exe

C:\Windows\System\GEVhPgD.exe

C:\Windows\System\ghrVuoP.exe

C:\Windows\System\ghrVuoP.exe

C:\Windows\System\BCpsJWL.exe

C:\Windows\System\BCpsJWL.exe

C:\Windows\System\swfvMym.exe

C:\Windows\System\swfvMym.exe

C:\Windows\System\lpLYZRL.exe

C:\Windows\System\lpLYZRL.exe

C:\Windows\System\paKSQgI.exe

C:\Windows\System\paKSQgI.exe

C:\Windows\System\MlKtfJK.exe

C:\Windows\System\MlKtfJK.exe

C:\Windows\System\FsQcwjF.exe

C:\Windows\System\FsQcwjF.exe

C:\Windows\System\agrJOzX.exe

C:\Windows\System\agrJOzX.exe

C:\Windows\System\OCXwJPs.exe

C:\Windows\System\OCXwJPs.exe

C:\Windows\System\MCwXYwC.exe

C:\Windows\System\MCwXYwC.exe

C:\Windows\System\kLVuxhi.exe

C:\Windows\System\kLVuxhi.exe

C:\Windows\System\OURUpEq.exe

C:\Windows\System\OURUpEq.exe

C:\Windows\System\ZattDyd.exe

C:\Windows\System\ZattDyd.exe

C:\Windows\System\vKqxhlc.exe

C:\Windows\System\vKqxhlc.exe

C:\Windows\System\EHbutnp.exe

C:\Windows\System\EHbutnp.exe

C:\Windows\System\EzkxyUV.exe

C:\Windows\System\EzkxyUV.exe

C:\Windows\System\fcanwQb.exe

C:\Windows\System\fcanwQb.exe

C:\Windows\System\UJEdqMJ.exe

C:\Windows\System\UJEdqMJ.exe

C:\Windows\System\cKXrATH.exe

C:\Windows\System\cKXrATH.exe

C:\Windows\System\CHADLwn.exe

C:\Windows\System\CHADLwn.exe

C:\Windows\System\ytWKUVY.exe

C:\Windows\System\ytWKUVY.exe

C:\Windows\System\ctTbApY.exe

C:\Windows\System\ctTbApY.exe

C:\Windows\System\KamLUVW.exe

C:\Windows\System\KamLUVW.exe

C:\Windows\System\WayLFyu.exe

C:\Windows\System\WayLFyu.exe

C:\Windows\System\elCJkCD.exe

C:\Windows\System\elCJkCD.exe

C:\Windows\System\zxQRYzW.exe

C:\Windows\System\zxQRYzW.exe

C:\Windows\System\XZsCDFU.exe

C:\Windows\System\XZsCDFU.exe

C:\Windows\System\RwHokDf.exe

C:\Windows\System\RwHokDf.exe

C:\Windows\System\fUKKJVm.exe

C:\Windows\System\fUKKJVm.exe

C:\Windows\System\PXBLKWB.exe

C:\Windows\System\PXBLKWB.exe

C:\Windows\System\oQTKMen.exe

C:\Windows\System\oQTKMen.exe

C:\Windows\System\FSYkaGq.exe

C:\Windows\System\FSYkaGq.exe

C:\Windows\System\XKrSiWu.exe

C:\Windows\System\XKrSiWu.exe

C:\Windows\System\qfirgpE.exe

C:\Windows\System\qfirgpE.exe

C:\Windows\System\AzRrrYk.exe

C:\Windows\System\AzRrrYk.exe

C:\Windows\System\KphrMHL.exe

C:\Windows\System\KphrMHL.exe

C:\Windows\System\JfTsvjs.exe

C:\Windows\System\JfTsvjs.exe

C:\Windows\System\rhOXUCU.exe

C:\Windows\System\rhOXUCU.exe

C:\Windows\System\yJvIVGs.exe

C:\Windows\System\yJvIVGs.exe

C:\Windows\System\PaVqdpb.exe

C:\Windows\System\PaVqdpb.exe

C:\Windows\System\naXtoKp.exe

C:\Windows\System\naXtoKp.exe

C:\Windows\System\QyxdbTF.exe

C:\Windows\System\QyxdbTF.exe

C:\Windows\System\xlBUQjM.exe

C:\Windows\System\xlBUQjM.exe

C:\Windows\System\apRXbVh.exe

C:\Windows\System\apRXbVh.exe

C:\Windows\System\uzxOslD.exe

C:\Windows\System\uzxOslD.exe

C:\Windows\System\InJaawP.exe

C:\Windows\System\InJaawP.exe

C:\Windows\System\MKhgPrv.exe

C:\Windows\System\MKhgPrv.exe

C:\Windows\System\IZMvgeR.exe

C:\Windows\System\IZMvgeR.exe

C:\Windows\System\wmaOUyW.exe

C:\Windows\System\wmaOUyW.exe

C:\Windows\System\tMVUahs.exe

C:\Windows\System\tMVUahs.exe

C:\Windows\System\hKIelGn.exe

C:\Windows\System\hKIelGn.exe

C:\Windows\System\QBxllkt.exe

C:\Windows\System\QBxllkt.exe

C:\Windows\System\CwCisKT.exe

C:\Windows\System\CwCisKT.exe

C:\Windows\System\pyAfpfi.exe

C:\Windows\System\pyAfpfi.exe

C:\Windows\System\hSiSkXC.exe

C:\Windows\System\hSiSkXC.exe

C:\Windows\System\nhuqOZi.exe

C:\Windows\System\nhuqOZi.exe

C:\Windows\System\traaCHT.exe

C:\Windows\System\traaCHT.exe

C:\Windows\System\wXHhTUr.exe

C:\Windows\System\wXHhTUr.exe

C:\Windows\System\nFBADGb.exe

C:\Windows\System\nFBADGb.exe

C:\Windows\System\HSwCdZb.exe

C:\Windows\System\HSwCdZb.exe

C:\Windows\System\tmnEgqR.exe

C:\Windows\System\tmnEgqR.exe

C:\Windows\System\kTVDHVE.exe

C:\Windows\System\kTVDHVE.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3220-0-0x00007FF77F130000-0x00007FF77F484000-memory.dmp

memory/3220-1-0x000002ABF6720000-0x000002ABF6730000-memory.dmp

C:\Windows\System\lmKLpUQ.exe

MD5 ae19b35385ba3a291a545e9ca9d7b256
SHA1 e25d46e8dae547a117bba95234861c0af977cdfe
SHA256 78ce0530fdc8fe01bb2e024c8d3583188065cb9cedabba78f709ffc2a7ea2e34
SHA512 528211d8d812340fb65464ab55c3dfb346a96b22486321662e800b6fc92cd0ea464212e0d0729f455f18d6aac0efce7e3882e371be4d9f013837e4eb597e5158

C:\Windows\System\aGSACum.exe

MD5 fbf8a5968a86bc484f0f05026c6aa8a6
SHA1 80dca05df7f9d6db2ce453b8ff8d568314f77157
SHA256 61fd5f7e21fce70a4574eea27aa2e7c292f20efd7bc1b7029da9dee93b8febb0
SHA512 0a10ed73be7838860b0ac3a74d616a74e3cc9e252657230f7c59bb55361180c9064641a7ba3d7551775c2d6065aa49bd8a5ba8555939259b9cda8b05c8ec8978

C:\Windows\System\BHvDpkK.exe

MD5 52e34ba1241a2bf972e8b12fdf1bd451
SHA1 6578045278d76a9b34ea53051516f8b97b1dff5d
SHA256 c517527e74da951187c5284eade5e04ea60e860237602fa390b91c0cb0578ddd
SHA512 b2b26f40e6f3bd39e680c8d16c716eb89e9d428b3b43afb3de750d6e9543ddd5ff88791533ce958cf9b4699bb8a6a80e19697323223d9cf984fbd77f02b1e19b

memory/4684-17-0x00007FF70C640000-0x00007FF70C994000-memory.dmp

memory/2888-18-0x00007FF622960000-0x00007FF622CB4000-memory.dmp

memory/3088-10-0x00007FF6D5F40000-0x00007FF6D6294000-memory.dmp

C:\Windows\System\QSEBIKR.exe

MD5 169e55fea367414006f7881086ce69b5
SHA1 22867024d23dc13ad39dad4363ac3e852f2fe6ba
SHA256 8031e4ccffee53d31406d23d224cc3e4fa54eebe7f4e9be4b8821448771413e0
SHA512 1c818bbbd8b72ae217fb4338b6d4be4bbcc89c18bb70e623e1056339c40b99baa25c0c440b24e2b9a194593913ee650e7f37d5348521e256f074d9994c1b56c2

C:\Windows\System\ayFwzff.exe

MD5 4153a5a30c4684321a07891f668a12d1
SHA1 0599904815f19b668c92efa8f87b913c5e77c6f2
SHA256 5da55f8428c2086ef4a25c3deeec8b1118ad1468dc3c0c56b355601044044cda
SHA512 697a1d99086b031419d224d597b056672cf43ba8c923092c584c1b7ccd5e44238b287a21a7959c3e87b0da0845eb808af512a228f3c093fe6ff909efb4ac74cc

memory/1392-29-0x00007FF7DA960000-0x00007FF7DACB4000-memory.dmp

C:\Windows\System\yLKvLRz.exe

MD5 cf6aa91ddf455dfab8f31f6d4d05cd62
SHA1 cc126a6c318c7b5598bae37b7556fac412e438a3
SHA256 2ebbe740720a9a10ef86b0d4058ab40e6dec27a01879be524febde3c87ad7505
SHA512 8cf8d0108ade77083a54afa9165617bd8fcd1a153410d9d16585f79b62ac52af516d59a27aba86a900fff6065d1da4e441bc21d3a04709e6c904213a347690c3

memory/2256-56-0x00007FF6A0240000-0x00007FF6A0594000-memory.dmp

C:\Windows\System\haqPpiR.exe

MD5 8e5ec2a9621dae6c27d727ea3bfbd2d3
SHA1 969943cc2cb3172561e0785c5e4a55e4551b3aee
SHA256 45ec67ea1bf8d49db69100a81759d88e087132e0840cc4bbce726cb09df22464
SHA512 a32bf359275bb13f938f1b263d92c72bf6989cb965e1d78660bbea99d35c4df220254d937345563e5c810d9f7aaeee42e088c8ed728c4cfbcfe16c96f3d49ab6

C:\Windows\System\qhhVjux.exe

MD5 fd1e3d4b2dd77ddad88a7960c9c118fa
SHA1 47303626f5d0a476c2330b3d7836a6b239b6c464
SHA256 195aa21e493395b25eab632a4f3166bf38180b56dce6d4666f84ee1df9d55ef7
SHA512 64fec1c1f6598f2db6c31d23db78cb5eef13df5387a706348d0cc1ef42db875a2fbbc18d1207f24172dfc9ea5ba70776b4c05a2cec997c332b3933e34656fe70

C:\Windows\System\ydAYfei.exe

MD5 1c3a6244c3856454e9eb786d9dbbd545
SHA1 bfa6f121029185b8cdbced59a0fe772ee04172b2
SHA256 750a1574330d9265dae6bf54aed29f53ffdd4e3665b099631960362fcc41b1bb
SHA512 f15746e7ef6214cc78b914d9ee47ba186364a6342385462c2c8f5a850ef6f54eb3cf18049b65f93fd51a33bbc3093d7e58b8a7aa7e6b30cfb48f1d6ea8c8ea61

C:\Windows\System\rydTEqX.exe

MD5 b27a7e803191414c75f05e90eda4ce92
SHA1 0f27151fa99b027ca0e50964977f198c33b98729
SHA256 71fa05104e747cd0fc321107dc8f2fb1bd8295e4ac437a62d3e1a4aaf904513b
SHA512 594a1096940e42eb1a379e44e870fddfa74a5db60917a4dd224c37b1ae77da302bfd3aa3d803eb543fcb84a41f4cc2848315e9219870e13bdd7dc1ad2096951e

C:\Windows\System\CXeMSaL.exe

MD5 b17f8cdd724bdfbbdb304dfe16adb677
SHA1 db89079e9cf723c35a735911e56315a59f331bc3
SHA256 dfa5da994548602fb3eae2a476ecf9703667584260f11c265b3563d60af721e6
SHA512 06abece1fc03b89253b1d64ff089c5cb830e2a83fa030d27a7ca671c960d0df18f2e211dd3937cc1b057c37701b4930b765e4a4a05fc788a62d665115f0574ec

C:\Windows\System\eScYQgs.exe

MD5 36612acd7acd288dffb9d22a132b0d27
SHA1 1adc12f11a7a3a69ecff123341e60c13e618fd21
SHA256 befc63ae31d1e94d8ecde4bb9ec8a1e1d0f01561e15b4a7bff9aa3c2793e174e
SHA512 6f6f50606ee0525a5295aca6a61ce3a6d9195822ad75cf33281ceb4c22ce390b91f48acd9b0dce3b526953a6122accde1118166f1a3994b12b1d37bf3dbe95ba

C:\Windows\System\PmTOKZg.exe

MD5 d01be13d806e6671f1008c8398cd2960
SHA1 ce8886135941c6682d3be8fa5c432d3850b26bd6
SHA256 104ba34e271cddedc4c5554b1d0682599b52795cf92275aa244eeadab886fe50
SHA512 65be21b0e72b156ee4a3a1b4c51d6c653beb54a421670f1280c7743e4b499c2e9ac0b7b49ba2afc8c2059fb40cd52eb45f81a97248556e15c949737e481fcd95

memory/3220-633-0x00007FF77F130000-0x00007FF77F484000-memory.dmp

memory/2704-635-0x00007FF60ED70000-0x00007FF60F0C4000-memory.dmp

memory/2344-638-0x00007FF707EC0000-0x00007FF708214000-memory.dmp

memory/3652-639-0x00007FF7AD510000-0x00007FF7AD864000-memory.dmp

memory/3720-640-0x00007FF699A10000-0x00007FF699D64000-memory.dmp

memory/412-641-0x00007FF7195E0000-0x00007FF719934000-memory.dmp

memory/2656-642-0x00007FF7F2470000-0x00007FF7F27C4000-memory.dmp

memory/4152-637-0x00007FF788F40000-0x00007FF789294000-memory.dmp

memory/3184-636-0x00007FF6E0FB0000-0x00007FF6E1304000-memory.dmp

memory/2128-654-0x00007FF6D3A60000-0x00007FF6D3DB4000-memory.dmp

memory/4868-657-0x00007FF6495B0000-0x00007FF649904000-memory.dmp

memory/4100-660-0x00007FF7B4700000-0x00007FF7B4A54000-memory.dmp

memory/4856-672-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp

memory/1956-667-0x00007FF707BC0000-0x00007FF707F14000-memory.dmp

memory/3888-663-0x00007FF6ACDA0000-0x00007FF6AD0F4000-memory.dmp

memory/2312-647-0x00007FF7787E0000-0x00007FF778B34000-memory.dmp

memory/1448-634-0x00007FF6379E0000-0x00007FF637D34000-memory.dmp

C:\Windows\System\PeHgebI.exe

MD5 6e972691ee0b7a85a4cdad0a3598a566
SHA1 8524f60ce09e3759888133c92b9bbef81659bdbd
SHA256 2c9a1ad8144e8d0fac3156a019b363a29a43209ff064d77195b23963bfc686a0
SHA512 de27e5230f9e9a22bc009af3735b40110104220f4b7e1370400947a13fbf5f720a0d49dac6267571f0849caf311fb3f6f7457ceb37069318be3a212383059873

C:\Windows\System\piPKuUx.exe

MD5 197efcba5808b8d1189e4eb39ad9fe5a
SHA1 b78a6e68437dffc9c91c2b27a9434115317a76fb
SHA256 b1dfd72a535b0b925597484ef6594dc27c35be24fdd3091fc531ff6ffb10e0b0
SHA512 2f9ca476757ff8eec12936fb0a5b96044e9b3583c0860afab4f36d34439246178540fe94e842e7193dd6e83bfc289eafc47233a4cd7cc87b8f02302dd5a99db0

C:\Windows\System\huQfqwr.exe

MD5 58ac8e2247dde179dd47913384c1c9a2
SHA1 f0b4f4acab531377f7b0f492e9169f778ff6d35c
SHA256 bf7294e048e38c6952cd67fcb277861f60772cdead98fa9192f3a2f6b59163b2
SHA512 b6c9ae75b8ce89f38def6ac7867fc802458567661b16f209977dc2051c4e1de66212f1181d71cf94bf27e837839248a912351fac5b32b251ca0e1b657335dc34

C:\Windows\System\UDjLBna.exe

MD5 d6974db7bd0b5a4af713178a823605d3
SHA1 3cd73a3dde343f9e6e6c055c69f5de9a6bb8b38a
SHA256 2241557ce4e2815bc27a04c8a96373eb28eaaa85b9451253d612b6b9a122b337
SHA512 435b18056a5c36050d9f27d80ec771fceb92191de2d326e3b5e85c238b002f8a0a20c728d283f467a9af2cade6c61335c98ab27d8e1ea31f3e49f6a89d47c1f8

C:\Windows\System\vHhbwPA.exe

MD5 6074893d8bf79b1515ccb9215ef831c7
SHA1 b885d5461bad8b11ecd6706f904d789663724cff
SHA256 4ccc835a4848593b6e40f6394d10d228757f980bc5a7daaf123b81dc160d3db8
SHA512 bb6b8eef75037c473028a4badb586b0c23e6838f7dc9845b220831473984e7d351351727c7ce401239e9d01ff78e69c8ba2bc56d63992f3b5ad7050e68ccbd27

C:\Windows\System\zuvcVjN.exe

MD5 15ab7cecc3cd8bc3a620603fa2863afa
SHA1 2fd5ab9f94233065c53c53a7d89f7ccac588086d
SHA256 bd2a7d4770d9bf75e1cafb828503d2a82c33a90c3051f16dfefc7209a82e2511
SHA512 f96ae17c60577b4ee29a922274cd9fc640c1b2640ad5c19a5a4b5b697868b4780e36d8c7602bde4a777c948018a67bac3c1a303f2334cd9644a8d3659e8ec34a

C:\Windows\System\ZXUHmOJ.exe

MD5 425c799c2834163ce005c811c5bdc3c0
SHA1 a4d172dfa93fc82505b77091279b1700a4d6325f
SHA256 8eb00eee13ffc9f3690687e2204d9c62eaf92767d19ee2b5a6390a6a4dc434b0
SHA512 a86eb9a708c196f0f901f86c21df405f4d5bac3c0c8772033b72837e175bddcd7f67887b198ba4930da5cea1b1ae04aff7c926ac9f9c8327f0eed2e9859627af

C:\Windows\System\GCdRLCV.exe

MD5 bef5150dbe10d429106fc4206865eb67
SHA1 efe99f5fae3767480acb05d1c99ba13687847c73
SHA256 a58adb0eff77beadac238b28cf4309e93bd58eca5970bf03f24ead7c55bdf591
SHA512 82e0a0a1030c9061ffbe550b896df56384feb9acca27deef2b32547b9b36412bba58e1a0e87dabcc5f67b71de55008c608b10560cee6305a98aeb92e9ec13ee6

C:\Windows\System\pKxespa.exe

MD5 22641d4a89c9b986b8b4ec4d94f11755
SHA1 c1618f8d8cc098fc21c7af683b47371ab22ba03c
SHA256 6ebe1e667fa66f425da5e14791b9fc9de5d1e769a1f0455af4554ed2c892d078
SHA512 ce58fd78e34d7d612b0533445194eebc018c356df2f5c2ba00e7000d9bc9b773ab6b231e2c371c60a48360a9da0a6fdf21e00ce87fae92a575f538e92c2c2316

C:\Windows\System\DMhmVXI.exe

MD5 364d82f52196e1c55c5e61adee80e1a6
SHA1 94159576a6dd14b0fe5721ec95b22495651c695b
SHA256 5294ca05d7f112a0d05ff4678a3a49527fd9ce49f65206eaef50d5fb803ae636
SHA512 82b11e63095b2ef3f8a458682f9ff9910fe9c83bfb4d3f809e0f23d63df46e05a5b395449aa636f65e1efb3e6fbe70fd3d5f3b52ed687224affda1accb75733f

C:\Windows\System\pigkJCO.exe

MD5 e6c46066a8414a23183826c221588061
SHA1 66c2056498483fba38ff113cf59019e612e8a423
SHA256 41d2bf3fac4ab88e0b9f20522f57f045ca7236e9819dd62b5557c2b73433933e
SHA512 4e9f320bda43c92c939a34893fb13c82d296d5ccf6a5dc400e0f000ebad477078a1d3c3c6b6f86e91deb26f71651ebc6e62954cc598a47448c49fc499f5da89d

C:\Windows\System\jYNOKBd.exe

MD5 47163c2fd3ca19bf3b0dd7c5cefd556d
SHA1 db075e73b26d4fcc0203243c6cd1b7fcc1bbfab4
SHA256 49b71971663f830bb0777264c72f409c74c69ceeb033a87ebb573885b6521dc2
SHA512 25b874020046645f4165b2f64b5d0878b797169b495e6a86e4dd318bbddb2d253575fb7a2d7a58b41903a436404d3650e4a136a4b52b59983e66d839fbd622f4

C:\Windows\System\RTYCcyX.exe

MD5 7b88e82ced1a3066de649763c8fb71e1
SHA1 b4f1ccab6aa14eecbfdff7051b25634f1b7022c0
SHA256 5437e53092830fca45de5016e2fc85f1c1d4412e2177cb43511cb62abd4d667e
SHA512 9f101e5ebbf27701a65e3529ba762bb99083391d60a28c48adf2efb0cf6a59b49706032ccdfbe661f9c0bb17e281389a3d8af9f3320441c4a20db39894a49cf5

C:\Windows\System\KMRsSfZ.exe

MD5 d5f713031bd80e3d571890692cd117ad
SHA1 67799e729e3935ee5b199e423ac5f59df13d5a6e
SHA256 4af6dc1b669114fb89e522dc1139076fc9ab6b2785706b5f6386841e65b2cefc
SHA512 ebbc9b4e2d7847dd9469659b33bb58c438fce40d76032c3ff05dcbceae97eda5b3be151c41992c21de7dde7737512dca1429a3e393dd8d4954406f89db46fc63

C:\Windows\System\oPfhcop.exe

MD5 5d60167f09a22a16d7991e7ebc5ea408
SHA1 0338c8f661e721e3b329999ca0260eb2cdd47f64
SHA256 c2d936657a440f070057e299028c058d6970b3b8a73d3757cec7615ef91effc7
SHA512 d56531314dce7a125b00278f6d1953dc1709218cd1090c54bdea93a830f5ce71c604d7b30ccf48dbf2af6725f0effea76f6e9519e8035c05548763f21d2031a3

C:\Windows\System\JnydCxv.exe

MD5 eb1edb9cb3f90f7ad2477f3543019071
SHA1 970bd94f63f978e29fa948aa8a29dd35a307e619
SHA256 e3f260372fb38d8d70b9a24e6c9d4b9a38fa5850b81a284da8cb7c2f10e6f190
SHA512 5dcfd5dc5a180ef2fb2762bf69ba4d12baa50c38254c7e295fa406fbb2e2af096d9bfa770c142ab594af9d72a07318c5ab89a07c5691b89ea23e038d538877d1

memory/4584-76-0x00007FF641400000-0x00007FF641754000-memory.dmp

memory/3436-75-0x00007FF64A830000-0x00007FF64AB84000-memory.dmp

C:\Windows\System\kvzTWox.exe

MD5 3298d8deb2f43d0ae28d70737fde65d5
SHA1 7f2eccaf3cb098f77855a277e3a2e5d689073be4
SHA256 bc15e05c6bad4a41a2b7555893adab3a9a34f89a6e5254d5e91ba9d19bee4750
SHA512 f49a7d844e087b094739c5028436d42f6be6e178d810f0e646d898d286b04e63549b44ac2651759d8c84b4d17a0b096bd95cb1852c1986218a70658a9dd2ccfa

memory/4876-69-0x00007FF79F3B0000-0x00007FF79F704000-memory.dmp

memory/2416-63-0x00007FF701C60000-0x00007FF701FB4000-memory.dmp

C:\Windows\System\JKiyHaI.exe

MD5 eb21379f9e66e1d10d130a91fdf5d37d
SHA1 e320184e4dbf1f70d4f3b3d05fb2b06ccee3afe9
SHA256 ed590b205ab60c5c14ea02c38dffd5c949a4b87d3a59c96a378cde2a907356b2
SHA512 8a6ee2bad44b5aee480a78862e089d053dd19246c8a89f4db655ad31b1c46425658c07aef405e50a037b17b637b36a3e9f56d5fcc2f6f7fbaead542100f9b10e

memory/3048-58-0x00007FF78E920000-0x00007FF78EC74000-memory.dmp

C:\Windows\System\sVpGdvq.exe

MD5 e4925514afc8e6f5b6df2a30f30b0075
SHA1 a60afc43d5dc8c8241deb42349c6e64831ecd595
SHA256 6edf8ae6a94c33a64c1b8c87315312c57ad65cf0e5c1cdaf6ffcf43b4d312912
SHA512 775261efa3812add9f67c081ac5978b4879e46cbc332f545e74b45493a2d016cea267be57aff1ce41192d6095c6a31974c91b485fbfd1daf4d385766b08ec435

memory/4032-50-0x00007FF7FF900000-0x00007FF7FFC54000-memory.dmp

memory/3260-45-0x00007FF7C0CF0000-0x00007FF7C1044000-memory.dmp

C:\Windows\System\dyXeeMV.exe

MD5 a1bec0739fb5d54e297f4da69fb6b905
SHA1 8eb2b17a1835e9448014c86c40a084bf2e4332a7
SHA256 2f5e7fdb7c10fa36808da6d225a11211a38fbeca80bff6b15c05201a19e93426
SHA512 90b9f9950e9ed07b05f4b7ae61590c4ac03a6ab001d8ca8fa195b89697a3f3bd2170a071183ef046d7fd6bc613341ba9350328304f1e558bb18aa013eb0d0f16

memory/700-33-0x00007FF737DF0000-0x00007FF738144000-memory.dmp

memory/2888-1070-0x00007FF622960000-0x00007FF622CB4000-memory.dmp

memory/700-1071-0x00007FF737DF0000-0x00007FF738144000-memory.dmp

memory/4032-1072-0x00007FF7FF900000-0x00007FF7FFC54000-memory.dmp

memory/2256-1073-0x00007FF6A0240000-0x00007FF6A0594000-memory.dmp

memory/3048-1074-0x00007FF78E920000-0x00007FF78EC74000-memory.dmp

memory/4876-1075-0x00007FF79F3B0000-0x00007FF79F704000-memory.dmp

memory/3436-1076-0x00007FF64A830000-0x00007FF64AB84000-memory.dmp

memory/4584-1077-0x00007FF641400000-0x00007FF641754000-memory.dmp

memory/3088-1078-0x00007FF6D5F40000-0x00007FF6D6294000-memory.dmp

memory/4684-1079-0x00007FF70C640000-0x00007FF70C994000-memory.dmp

memory/2888-1080-0x00007FF622960000-0x00007FF622CB4000-memory.dmp

memory/1392-1081-0x00007FF7DA960000-0x00007FF7DACB4000-memory.dmp

memory/700-1083-0x00007FF737DF0000-0x00007FF738144000-memory.dmp

memory/3260-1082-0x00007FF7C0CF0000-0x00007FF7C1044000-memory.dmp

memory/4032-1084-0x00007FF7FF900000-0x00007FF7FFC54000-memory.dmp

memory/4876-1087-0x00007FF79F3B0000-0x00007FF79F704000-memory.dmp

memory/2416-1088-0x00007FF701C60000-0x00007FF701FB4000-memory.dmp

memory/4584-1090-0x00007FF641400000-0x00007FF641754000-memory.dmp

memory/2256-1089-0x00007FF6A0240000-0x00007FF6A0594000-memory.dmp

memory/1448-1091-0x00007FF6379E0000-0x00007FF637D34000-memory.dmp

memory/3436-1086-0x00007FF64A830000-0x00007FF64AB84000-memory.dmp

memory/3048-1085-0x00007FF78E920000-0x00007FF78EC74000-memory.dmp

memory/412-1097-0x00007FF7195E0000-0x00007FF719934000-memory.dmp

memory/4856-1105-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp

memory/3888-1104-0x00007FF6ACDA0000-0x00007FF6AD0F4000-memory.dmp

memory/4868-1103-0x00007FF6495B0000-0x00007FF649904000-memory.dmp

memory/4100-1102-0x00007FF7B4700000-0x00007FF7B4A54000-memory.dmp

memory/2344-1101-0x00007FF707EC0000-0x00007FF708214000-memory.dmp

memory/3652-1100-0x00007FF7AD510000-0x00007FF7AD864000-memory.dmp

memory/3720-1099-0x00007FF699A10000-0x00007FF699D64000-memory.dmp

memory/2704-1098-0x00007FF60ED70000-0x00007FF60F0C4000-memory.dmp

memory/2312-1096-0x00007FF7787E0000-0x00007FF778B34000-memory.dmp

memory/4152-1094-0x00007FF788F40000-0x00007FF789294000-memory.dmp

memory/3184-1093-0x00007FF6E0FB0000-0x00007FF6E1304000-memory.dmp

memory/2128-1095-0x00007FF6D3A60000-0x00007FF6D3DB4000-memory.dmp

memory/2656-1092-0x00007FF7F2470000-0x00007FF7F27C4000-memory.dmp

memory/1956-1106-0x00007FF707BC0000-0x00007FF707F14000-memory.dmp