Malware Analysis Report

2024-10-10 09:49

Sample ID 240620-z7g4ts1gpn
Target 0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe
SHA256 0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305

Threat Level: Known bad

The file 0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Kpot family

Xmrig family

XMRig Miner payload

KPOT Core Executable

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 21:21

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 21:21

Reported

2024-06-20 21:23

Platform

win7-20240508-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\idlSNFp.exe N/A
N/A N/A C:\Windows\System\iXUflqs.exe N/A
N/A N/A C:\Windows\System\GaSNInl.exe N/A
N/A N/A C:\Windows\System\IPvGmaL.exe N/A
N/A N/A C:\Windows\System\YfkBAPd.exe N/A
N/A N/A C:\Windows\System\IEmMwlJ.exe N/A
N/A N/A C:\Windows\System\wzzFfIj.exe N/A
N/A N/A C:\Windows\System\tfCcrIC.exe N/A
N/A N/A C:\Windows\System\QPxRPWA.exe N/A
N/A N/A C:\Windows\System\QydYtQN.exe N/A
N/A N/A C:\Windows\System\WldBVBo.exe N/A
N/A N/A C:\Windows\System\DrrgMDB.exe N/A
N/A N/A C:\Windows\System\aJBHLha.exe N/A
N/A N/A C:\Windows\System\kaaIvxS.exe N/A
N/A N/A C:\Windows\System\TthVnSh.exe N/A
N/A N/A C:\Windows\System\KmzwwsL.exe N/A
N/A N/A C:\Windows\System\xIbFmPX.exe N/A
N/A N/A C:\Windows\System\rFzRGTp.exe N/A
N/A N/A C:\Windows\System\AunEDJA.exe N/A
N/A N/A C:\Windows\System\lrJDlHt.exe N/A
N/A N/A C:\Windows\System\slkUHnC.exe N/A
N/A N/A C:\Windows\System\GAvFhsI.exe N/A
N/A N/A C:\Windows\System\mEeuvtv.exe N/A
N/A N/A C:\Windows\System\UeAbpUa.exe N/A
N/A N/A C:\Windows\System\uyouVJo.exe N/A
N/A N/A C:\Windows\System\NOWYsAC.exe N/A
N/A N/A C:\Windows\System\QJzOMyN.exe N/A
N/A N/A C:\Windows\System\xcrYeIQ.exe N/A
N/A N/A C:\Windows\System\voJqbgP.exe N/A
N/A N/A C:\Windows\System\GWDCBSO.exe N/A
N/A N/A C:\Windows\System\DxhypNU.exe N/A
N/A N/A C:\Windows\System\zdveLqe.exe N/A
N/A N/A C:\Windows\System\hFBNLBh.exe N/A
N/A N/A C:\Windows\System\LgGbsBY.exe N/A
N/A N/A C:\Windows\System\uomObuW.exe N/A
N/A N/A C:\Windows\System\Duqxuyl.exe N/A
N/A N/A C:\Windows\System\ocPjVBa.exe N/A
N/A N/A C:\Windows\System\XbXwFte.exe N/A
N/A N/A C:\Windows\System\FKdhqHo.exe N/A
N/A N/A C:\Windows\System\tRiiedB.exe N/A
N/A N/A C:\Windows\System\rSLwxgF.exe N/A
N/A N/A C:\Windows\System\AiEeOBK.exe N/A
N/A N/A C:\Windows\System\pUKuyjb.exe N/A
N/A N/A C:\Windows\System\XAHCFEI.exe N/A
N/A N/A C:\Windows\System\gvyxoXw.exe N/A
N/A N/A C:\Windows\System\ScgvMwG.exe N/A
N/A N/A C:\Windows\System\PloGYKB.exe N/A
N/A N/A C:\Windows\System\svOkfDZ.exe N/A
N/A N/A C:\Windows\System\VvIMYZI.exe N/A
N/A N/A C:\Windows\System\ysNwBCy.exe N/A
N/A N/A C:\Windows\System\UmbegpG.exe N/A
N/A N/A C:\Windows\System\qnfBntf.exe N/A
N/A N/A C:\Windows\System\HwAgHhp.exe N/A
N/A N/A C:\Windows\System\uOsndgs.exe N/A
N/A N/A C:\Windows\System\UgCxJxG.exe N/A
N/A N/A C:\Windows\System\ACsOnYK.exe N/A
N/A N/A C:\Windows\System\tjtqInp.exe N/A
N/A N/A C:\Windows\System\bNxqNvf.exe N/A
N/A N/A C:\Windows\System\ldHvNtp.exe N/A
N/A N/A C:\Windows\System\tzTAZaC.exe N/A
N/A N/A C:\Windows\System\JbdaHRN.exe N/A
N/A N/A C:\Windows\System\NNjoGjA.exe N/A
N/A N/A C:\Windows\System\tZEGuWc.exe N/A
N/A N/A C:\Windows\System\DUnoILZ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UiUKQry.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpBkLnT.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMjEqoL.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwtMBUK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzzFfIj.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocPjVBa.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPPbPZy.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJRUjBg.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDyfhiO.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKImezW.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WldBVBo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdveLqe.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZrFjNIg.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\PppyUWt.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\COSmbXp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrJDlHt.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\GAvFhsI.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJsHszn.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXUDjRu.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\nchFjIN.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\PuyRGDk.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXlIRzj.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofGhDJI.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKRLfUM.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\THwBkPD.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtHmQrp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESiskLu.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVTpPIj.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyouVJo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJBFGeH.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmZgmpT.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWDCBSO.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBOUNgi.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwAgHhp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\dIgUOnK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCUPfVE.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhEmEQk.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\pJMWAjZ.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkPhxwY.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\idlSNFp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrrgMDB.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeOjmYz.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQQJNyA.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbaiVQL.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\oysDhzw.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxlolQD.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\PloGYKB.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHJMeLU.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQYyerH.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVbWeuk.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHWfglC.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcTUuGc.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGzOyJW.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKdhqHo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhZmFMb.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJcslCe.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWcXiNX.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCqCNWb.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\GaSNInl.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJBHLha.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\UuOUsaE.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkgUvsw.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\sAVvQpC.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEeuvtv.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1748 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GaSNInl.exe
PID 1748 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GaSNInl.exe
PID 1748 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GaSNInl.exe
PID 1748 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\idlSNFp.exe
PID 1748 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\idlSNFp.exe
PID 1748 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\idlSNFp.exe
PID 1748 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IPvGmaL.exe
PID 1748 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IPvGmaL.exe
PID 1748 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IPvGmaL.exe
PID 1748 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\iXUflqs.exe
PID 1748 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\iXUflqs.exe
PID 1748 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\iXUflqs.exe
PID 1748 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\YfkBAPd.exe
PID 1748 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\YfkBAPd.exe
PID 1748 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\YfkBAPd.exe
PID 1748 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IEmMwlJ.exe
PID 1748 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IEmMwlJ.exe
PID 1748 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IEmMwlJ.exe
PID 1748 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\wzzFfIj.exe
PID 1748 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\wzzFfIj.exe
PID 1748 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\wzzFfIj.exe
PID 1748 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\tfCcrIC.exe
PID 1748 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\tfCcrIC.exe
PID 1748 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\tfCcrIC.exe
PID 1748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QPxRPWA.exe
PID 1748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QPxRPWA.exe
PID 1748 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QPxRPWA.exe
PID 1748 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QydYtQN.exe
PID 1748 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QydYtQN.exe
PID 1748 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QydYtQN.exe
PID 1748 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\WldBVBo.exe
PID 1748 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\WldBVBo.exe
PID 1748 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\WldBVBo.exe
PID 1748 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DrrgMDB.exe
PID 1748 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DrrgMDB.exe
PID 1748 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DrrgMDB.exe
PID 1748 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\aJBHLha.exe
PID 1748 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\aJBHLha.exe
PID 1748 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\aJBHLha.exe
PID 1748 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\kaaIvxS.exe
PID 1748 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\kaaIvxS.exe
PID 1748 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\kaaIvxS.exe
PID 1748 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\TthVnSh.exe
PID 1748 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\TthVnSh.exe
PID 1748 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\TthVnSh.exe
PID 1748 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\KmzwwsL.exe
PID 1748 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\KmzwwsL.exe
PID 1748 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\KmzwwsL.exe
PID 1748 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xIbFmPX.exe
PID 1748 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xIbFmPX.exe
PID 1748 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xIbFmPX.exe
PID 1748 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\rFzRGTp.exe
PID 1748 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\rFzRGTp.exe
PID 1748 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\rFzRGTp.exe
PID 1748 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\AunEDJA.exe
PID 1748 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\AunEDJA.exe
PID 1748 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\AunEDJA.exe
PID 1748 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\lrJDlHt.exe
PID 1748 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\lrJDlHt.exe
PID 1748 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\lrJDlHt.exe
PID 1748 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\slkUHnC.exe
PID 1748 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\slkUHnC.exe
PID 1748 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\slkUHnC.exe
PID 1748 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GAvFhsI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe"

C:\Windows\System\GaSNInl.exe

C:\Windows\System\GaSNInl.exe

C:\Windows\System\idlSNFp.exe

C:\Windows\System\idlSNFp.exe

C:\Windows\System\IPvGmaL.exe

C:\Windows\System\IPvGmaL.exe

C:\Windows\System\iXUflqs.exe

C:\Windows\System\iXUflqs.exe

C:\Windows\System\YfkBAPd.exe

C:\Windows\System\YfkBAPd.exe

C:\Windows\System\IEmMwlJ.exe

C:\Windows\System\IEmMwlJ.exe

C:\Windows\System\wzzFfIj.exe

C:\Windows\System\wzzFfIj.exe

C:\Windows\System\tfCcrIC.exe

C:\Windows\System\tfCcrIC.exe

C:\Windows\System\QPxRPWA.exe

C:\Windows\System\QPxRPWA.exe

C:\Windows\System\QydYtQN.exe

C:\Windows\System\QydYtQN.exe

C:\Windows\System\WldBVBo.exe

C:\Windows\System\WldBVBo.exe

C:\Windows\System\DrrgMDB.exe

C:\Windows\System\DrrgMDB.exe

C:\Windows\System\aJBHLha.exe

C:\Windows\System\aJBHLha.exe

C:\Windows\System\kaaIvxS.exe

C:\Windows\System\kaaIvxS.exe

C:\Windows\System\TthVnSh.exe

C:\Windows\System\TthVnSh.exe

C:\Windows\System\KmzwwsL.exe

C:\Windows\System\KmzwwsL.exe

C:\Windows\System\xIbFmPX.exe

C:\Windows\System\xIbFmPX.exe

C:\Windows\System\rFzRGTp.exe

C:\Windows\System\rFzRGTp.exe

C:\Windows\System\AunEDJA.exe

C:\Windows\System\AunEDJA.exe

C:\Windows\System\lrJDlHt.exe

C:\Windows\System\lrJDlHt.exe

C:\Windows\System\slkUHnC.exe

C:\Windows\System\slkUHnC.exe

C:\Windows\System\GAvFhsI.exe

C:\Windows\System\GAvFhsI.exe

C:\Windows\System\mEeuvtv.exe

C:\Windows\System\mEeuvtv.exe

C:\Windows\System\UeAbpUa.exe

C:\Windows\System\UeAbpUa.exe

C:\Windows\System\uyouVJo.exe

C:\Windows\System\uyouVJo.exe

C:\Windows\System\NOWYsAC.exe

C:\Windows\System\NOWYsAC.exe

C:\Windows\System\QJzOMyN.exe

C:\Windows\System\QJzOMyN.exe

C:\Windows\System\xcrYeIQ.exe

C:\Windows\System\xcrYeIQ.exe

C:\Windows\System\voJqbgP.exe

C:\Windows\System\voJqbgP.exe

C:\Windows\System\GWDCBSO.exe

C:\Windows\System\GWDCBSO.exe

C:\Windows\System\DxhypNU.exe

C:\Windows\System\DxhypNU.exe

C:\Windows\System\zdveLqe.exe

C:\Windows\System\zdveLqe.exe

C:\Windows\System\hFBNLBh.exe

C:\Windows\System\hFBNLBh.exe

C:\Windows\System\LgGbsBY.exe

C:\Windows\System\LgGbsBY.exe

C:\Windows\System\uomObuW.exe

C:\Windows\System\uomObuW.exe

C:\Windows\System\Duqxuyl.exe

C:\Windows\System\Duqxuyl.exe

C:\Windows\System\ocPjVBa.exe

C:\Windows\System\ocPjVBa.exe

C:\Windows\System\XbXwFte.exe

C:\Windows\System\XbXwFte.exe

C:\Windows\System\FKdhqHo.exe

C:\Windows\System\FKdhqHo.exe

C:\Windows\System\tRiiedB.exe

C:\Windows\System\tRiiedB.exe

C:\Windows\System\rSLwxgF.exe

C:\Windows\System\rSLwxgF.exe

C:\Windows\System\AiEeOBK.exe

C:\Windows\System\AiEeOBK.exe

C:\Windows\System\pUKuyjb.exe

C:\Windows\System\pUKuyjb.exe

C:\Windows\System\XAHCFEI.exe

C:\Windows\System\XAHCFEI.exe

C:\Windows\System\gvyxoXw.exe

C:\Windows\System\gvyxoXw.exe

C:\Windows\System\ScgvMwG.exe

C:\Windows\System\ScgvMwG.exe

C:\Windows\System\PloGYKB.exe

C:\Windows\System\PloGYKB.exe

C:\Windows\System\svOkfDZ.exe

C:\Windows\System\svOkfDZ.exe

C:\Windows\System\ysNwBCy.exe

C:\Windows\System\ysNwBCy.exe

C:\Windows\System\VvIMYZI.exe

C:\Windows\System\VvIMYZI.exe

C:\Windows\System\UmbegpG.exe

C:\Windows\System\UmbegpG.exe

C:\Windows\System\qnfBntf.exe

C:\Windows\System\qnfBntf.exe

C:\Windows\System\uOsndgs.exe

C:\Windows\System\uOsndgs.exe

C:\Windows\System\HwAgHhp.exe

C:\Windows\System\HwAgHhp.exe

C:\Windows\System\UgCxJxG.exe

C:\Windows\System\UgCxJxG.exe

C:\Windows\System\ACsOnYK.exe

C:\Windows\System\ACsOnYK.exe

C:\Windows\System\tjtqInp.exe

C:\Windows\System\tjtqInp.exe

C:\Windows\System\bNxqNvf.exe

C:\Windows\System\bNxqNvf.exe

C:\Windows\System\ldHvNtp.exe

C:\Windows\System\ldHvNtp.exe

C:\Windows\System\tzTAZaC.exe

C:\Windows\System\tzTAZaC.exe

C:\Windows\System\JbdaHRN.exe

C:\Windows\System\JbdaHRN.exe

C:\Windows\System\NNjoGjA.exe

C:\Windows\System\NNjoGjA.exe

C:\Windows\System\tZEGuWc.exe

C:\Windows\System\tZEGuWc.exe

C:\Windows\System\DUnoILZ.exe

C:\Windows\System\DUnoILZ.exe

C:\Windows\System\hqXHIXU.exe

C:\Windows\System\hqXHIXU.exe

C:\Windows\System\bcTUuGc.exe

C:\Windows\System\bcTUuGc.exe

C:\Windows\System\vZeTIVI.exe

C:\Windows\System\vZeTIVI.exe

C:\Windows\System\SGzOyJW.exe

C:\Windows\System\SGzOyJW.exe

C:\Windows\System\yjuAAeS.exe

C:\Windows\System\yjuAAeS.exe

C:\Windows\System\QhZmFMb.exe

C:\Windows\System\QhZmFMb.exe

C:\Windows\System\WKRLfUM.exe

C:\Windows\System\WKRLfUM.exe

C:\Windows\System\OJlySzX.exe

C:\Windows\System\OJlySzX.exe

C:\Windows\System\yzNeGmb.exe

C:\Windows\System\yzNeGmb.exe

C:\Windows\System\sWjtrOY.exe

C:\Windows\System\sWjtrOY.exe

C:\Windows\System\hHtHdlB.exe

C:\Windows\System\hHtHdlB.exe

C:\Windows\System\YJKlNdB.exe

C:\Windows\System\YJKlNdB.exe

C:\Windows\System\kAfLwUP.exe

C:\Windows\System\kAfLwUP.exe

C:\Windows\System\zRzpaIX.exe

C:\Windows\System\zRzpaIX.exe

C:\Windows\System\EccEwPP.exe

C:\Windows\System\EccEwPP.exe

C:\Windows\System\tuFCHBM.exe

C:\Windows\System\tuFCHBM.exe

C:\Windows\System\vrFeJEX.exe

C:\Windows\System\vrFeJEX.exe

C:\Windows\System\YSvpbQm.exe

C:\Windows\System\YSvpbQm.exe

C:\Windows\System\lIhfvSE.exe

C:\Windows\System\lIhfvSE.exe

C:\Windows\System\uPPbPZy.exe

C:\Windows\System\uPPbPZy.exe

C:\Windows\System\RJRUjBg.exe

C:\Windows\System\RJRUjBg.exe

C:\Windows\System\pcuqOJH.exe

C:\Windows\System\pcuqOJH.exe

C:\Windows\System\QSankvK.exe

C:\Windows\System\QSankvK.exe

C:\Windows\System\UiUKQry.exe

C:\Windows\System\UiUKQry.exe

C:\Windows\System\ddxLhnx.exe

C:\Windows\System\ddxLhnx.exe

C:\Windows\System\SMuHrHT.exe

C:\Windows\System\SMuHrHT.exe

C:\Windows\System\oqcaOLZ.exe

C:\Windows\System\oqcaOLZ.exe

C:\Windows\System\XNjurlB.exe

C:\Windows\System\XNjurlB.exe

C:\Windows\System\MwPYFDO.exe

C:\Windows\System\MwPYFDO.exe

C:\Windows\System\VdJvgbk.exe

C:\Windows\System\VdJvgbk.exe

C:\Windows\System\uHFEijP.exe

C:\Windows\System\uHFEijP.exe

C:\Windows\System\xJBFGeH.exe

C:\Windows\System\xJBFGeH.exe

C:\Windows\System\gRpacNw.exe

C:\Windows\System\gRpacNw.exe

C:\Windows\System\ykxaPys.exe

C:\Windows\System\ykxaPys.exe

C:\Windows\System\HGRXXrf.exe

C:\Windows\System\HGRXXrf.exe

C:\Windows\System\bMAYMED.exe

C:\Windows\System\bMAYMED.exe

C:\Windows\System\eyDdawq.exe

C:\Windows\System\eyDdawq.exe

C:\Windows\System\rPxWcEI.exe

C:\Windows\System\rPxWcEI.exe

C:\Windows\System\lOkxmou.exe

C:\Windows\System\lOkxmou.exe

C:\Windows\System\fgloXBk.exe

C:\Windows\System\fgloXBk.exe

C:\Windows\System\tCXbLeN.exe

C:\Windows\System\tCXbLeN.exe

C:\Windows\System\THwBkPD.exe

C:\Windows\System\THwBkPD.exe

C:\Windows\System\INnXDOb.exe

C:\Windows\System\INnXDOb.exe

C:\Windows\System\LXzJdho.exe

C:\Windows\System\LXzJdho.exe

C:\Windows\System\TGHOMLG.exe

C:\Windows\System\TGHOMLG.exe

C:\Windows\System\jsSdbxw.exe

C:\Windows\System\jsSdbxw.exe

C:\Windows\System\EkuRWjn.exe

C:\Windows\System\EkuRWjn.exe

C:\Windows\System\SlmJLfN.exe

C:\Windows\System\SlmJLfN.exe

C:\Windows\System\sCpUSXO.exe

C:\Windows\System\sCpUSXO.exe

C:\Windows\System\XHURHXu.exe

C:\Windows\System\XHURHXu.exe

C:\Windows\System\SQYyerH.exe

C:\Windows\System\SQYyerH.exe

C:\Windows\System\Xyfcbmo.exe

C:\Windows\System\Xyfcbmo.exe

C:\Windows\System\PlLptJV.exe

C:\Windows\System\PlLptJV.exe

C:\Windows\System\qzytymo.exe

C:\Windows\System\qzytymo.exe

C:\Windows\System\EHSomFn.exe

C:\Windows\System\EHSomFn.exe

C:\Windows\System\KhkagvC.exe

C:\Windows\System\KhkagvC.exe

C:\Windows\System\HzjMzff.exe

C:\Windows\System\HzjMzff.exe

C:\Windows\System\DVnMwRH.exe

C:\Windows\System\DVnMwRH.exe

C:\Windows\System\AsCuaNf.exe

C:\Windows\System\AsCuaNf.exe

C:\Windows\System\ReYjVIV.exe

C:\Windows\System\ReYjVIV.exe

C:\Windows\System\ofjQjJJ.exe

C:\Windows\System\ofjQjJJ.exe

C:\Windows\System\CVOOdyM.exe

C:\Windows\System\CVOOdyM.exe

C:\Windows\System\trasssr.exe

C:\Windows\System\trasssr.exe

C:\Windows\System\ECiJmmF.exe

C:\Windows\System\ECiJmmF.exe

C:\Windows\System\wpBkLnT.exe

C:\Windows\System\wpBkLnT.exe

C:\Windows\System\jAiczZl.exe

C:\Windows\System\jAiczZl.exe

C:\Windows\System\dIgUOnK.exe

C:\Windows\System\dIgUOnK.exe

C:\Windows\System\XMjIpTE.exe

C:\Windows\System\XMjIpTE.exe

C:\Windows\System\IILQVzR.exe

C:\Windows\System\IILQVzR.exe

C:\Windows\System\wYtghsJ.exe

C:\Windows\System\wYtghsJ.exe

C:\Windows\System\ZHJMeLU.exe

C:\Windows\System\ZHJMeLU.exe

C:\Windows\System\JwDxWXb.exe

C:\Windows\System\JwDxWXb.exe

C:\Windows\System\mwyPEKR.exe

C:\Windows\System\mwyPEKR.exe

C:\Windows\System\vmFjhvg.exe

C:\Windows\System\vmFjhvg.exe

C:\Windows\System\vmYiWYA.exe

C:\Windows\System\vmYiWYA.exe

C:\Windows\System\XpfKMHv.exe

C:\Windows\System\XpfKMHv.exe

C:\Windows\System\cLcBHBm.exe

C:\Windows\System\cLcBHBm.exe

C:\Windows\System\bKFFPHT.exe

C:\Windows\System\bKFFPHT.exe

C:\Windows\System\RONCQhR.exe

C:\Windows\System\RONCQhR.exe

C:\Windows\System\aOnZfpb.exe

C:\Windows\System\aOnZfpb.exe

C:\Windows\System\qETqAxL.exe

C:\Windows\System\qETqAxL.exe

C:\Windows\System\bHSiZig.exe

C:\Windows\System\bHSiZig.exe

C:\Windows\System\YCWgrJt.exe

C:\Windows\System\YCWgrJt.exe

C:\Windows\System\cVtSHuX.exe

C:\Windows\System\cVtSHuX.exe

C:\Windows\System\RJagLUD.exe

C:\Windows\System\RJagLUD.exe

C:\Windows\System\wFnvSpe.exe

C:\Windows\System\wFnvSpe.exe

C:\Windows\System\nLzQfcN.exe

C:\Windows\System\nLzQfcN.exe

C:\Windows\System\XJsHszn.exe

C:\Windows\System\XJsHszn.exe

C:\Windows\System\xCUPfVE.exe

C:\Windows\System\xCUPfVE.exe

C:\Windows\System\FquYnEC.exe

C:\Windows\System\FquYnEC.exe

C:\Windows\System\HKVIfiH.exe

C:\Windows\System\HKVIfiH.exe

C:\Windows\System\iZSirZS.exe

C:\Windows\System\iZSirZS.exe

C:\Windows\System\JkRuPzm.exe

C:\Windows\System\JkRuPzm.exe

C:\Windows\System\hxtLyka.exe

C:\Windows\System\hxtLyka.exe

C:\Windows\System\ewCVpSK.exe

C:\Windows\System\ewCVpSK.exe

C:\Windows\System\MBOUNgi.exe

C:\Windows\System\MBOUNgi.exe

C:\Windows\System\rvOTsNG.exe

C:\Windows\System\rvOTsNG.exe

C:\Windows\System\bcrvjWC.exe

C:\Windows\System\bcrvjWC.exe

C:\Windows\System\SVvBQpy.exe

C:\Windows\System\SVvBQpy.exe

C:\Windows\System\QtHmQrp.exe

C:\Windows\System\QtHmQrp.exe

C:\Windows\System\zMiIvgH.exe

C:\Windows\System\zMiIvgH.exe

C:\Windows\System\nlcABQG.exe

C:\Windows\System\nlcABQG.exe

C:\Windows\System\agEIcxF.exe

C:\Windows\System\agEIcxF.exe

C:\Windows\System\bCEchvo.exe

C:\Windows\System\bCEchvo.exe

C:\Windows\System\vdGNEwR.exe

C:\Windows\System\vdGNEwR.exe

C:\Windows\System\FZvGLaL.exe

C:\Windows\System\FZvGLaL.exe

C:\Windows\System\lFMtMjd.exe

C:\Windows\System\lFMtMjd.exe

C:\Windows\System\EohIMhl.exe

C:\Windows\System\EohIMhl.exe

C:\Windows\System\RJcslCe.exe

C:\Windows\System\RJcslCe.exe

C:\Windows\System\FmhXrqe.exe

C:\Windows\System\FmhXrqe.exe

C:\Windows\System\BNlzfZJ.exe

C:\Windows\System\BNlzfZJ.exe

C:\Windows\System\mfpjTae.exe

C:\Windows\System\mfpjTae.exe

C:\Windows\System\PCLMGEF.exe

C:\Windows\System\PCLMGEF.exe

C:\Windows\System\EcvmnyB.exe

C:\Windows\System\EcvmnyB.exe

C:\Windows\System\LSRcBDh.exe

C:\Windows\System\LSRcBDh.exe

C:\Windows\System\ZrFjNIg.exe

C:\Windows\System\ZrFjNIg.exe

C:\Windows\System\WTilykv.exe

C:\Windows\System\WTilykv.exe

C:\Windows\System\ujeprHS.exe

C:\Windows\System\ujeprHS.exe

C:\Windows\System\FpwzpMs.exe

C:\Windows\System\FpwzpMs.exe

C:\Windows\System\ysfjyhM.exe

C:\Windows\System\ysfjyhM.exe

C:\Windows\System\ReDuBrR.exe

C:\Windows\System\ReDuBrR.exe

C:\Windows\System\ttczQFk.exe

C:\Windows\System\ttczQFk.exe

C:\Windows\System\GmxCBzc.exe

C:\Windows\System\GmxCBzc.exe

C:\Windows\System\uHnNsLn.exe

C:\Windows\System\uHnNsLn.exe

C:\Windows\System\SvhfwXW.exe

C:\Windows\System\SvhfwXW.exe

C:\Windows\System\QSXYSaU.exe

C:\Windows\System\QSXYSaU.exe

C:\Windows\System\taqsNbx.exe

C:\Windows\System\taqsNbx.exe

C:\Windows\System\jIZHOgu.exe

C:\Windows\System\jIZHOgu.exe

C:\Windows\System\ESiskLu.exe

C:\Windows\System\ESiskLu.exe

C:\Windows\System\tMMmVWz.exe

C:\Windows\System\tMMmVWz.exe

C:\Windows\System\RDyfhiO.exe

C:\Windows\System\RDyfhiO.exe

C:\Windows\System\oIyBuKe.exe

C:\Windows\System\oIyBuKe.exe

C:\Windows\System\sckmvuZ.exe

C:\Windows\System\sckmvuZ.exe

C:\Windows\System\tVTpPIj.exe

C:\Windows\System\tVTpPIj.exe

C:\Windows\System\UuOUsaE.exe

C:\Windows\System\UuOUsaE.exe

C:\Windows\System\WmOdWeM.exe

C:\Windows\System\WmOdWeM.exe

C:\Windows\System\GodmQDa.exe

C:\Windows\System\GodmQDa.exe

C:\Windows\System\smCHsRm.exe

C:\Windows\System\smCHsRm.exe

C:\Windows\System\YkibLNx.exe

C:\Windows\System\YkibLNx.exe

C:\Windows\System\iMOWZOO.exe

C:\Windows\System\iMOWZOO.exe

C:\Windows\System\kWcXiNX.exe

C:\Windows\System\kWcXiNX.exe

C:\Windows\System\PNBQzij.exe

C:\Windows\System\PNBQzij.exe

C:\Windows\System\qqnTSfj.exe

C:\Windows\System\qqnTSfj.exe

C:\Windows\System\CGgCovn.exe

C:\Windows\System\CGgCovn.exe

C:\Windows\System\FrcphKq.exe

C:\Windows\System\FrcphKq.exe

C:\Windows\System\qPBhnfM.exe

C:\Windows\System\qPBhnfM.exe

C:\Windows\System\WkrKYeg.exe

C:\Windows\System\WkrKYeg.exe

C:\Windows\System\WNqQHIA.exe

C:\Windows\System\WNqQHIA.exe

C:\Windows\System\Eyjmwaw.exe

C:\Windows\System\Eyjmwaw.exe

C:\Windows\System\AxyPwXo.exe

C:\Windows\System\AxyPwXo.exe

C:\Windows\System\yVWEyBH.exe

C:\Windows\System\yVWEyBH.exe

C:\Windows\System\AoTMMhx.exe

C:\Windows\System\AoTMMhx.exe

C:\Windows\System\OhEmEQk.exe

C:\Windows\System\OhEmEQk.exe

C:\Windows\System\bQxSPju.exe

C:\Windows\System\bQxSPju.exe

C:\Windows\System\MTaSqXG.exe

C:\Windows\System\MTaSqXG.exe

C:\Windows\System\lTtiZNK.exe

C:\Windows\System\lTtiZNK.exe

C:\Windows\System\fVbWeuk.exe

C:\Windows\System\fVbWeuk.exe

C:\Windows\System\NAninKc.exe

C:\Windows\System\NAninKc.exe

C:\Windows\System\zWhZvMs.exe

C:\Windows\System\zWhZvMs.exe

C:\Windows\System\bSjpVNC.exe

C:\Windows\System\bSjpVNC.exe

C:\Windows\System\TftTnRh.exe

C:\Windows\System\TftTnRh.exe

C:\Windows\System\nchFjIN.exe

C:\Windows\System\nchFjIN.exe

C:\Windows\System\MEJsxOG.exe

C:\Windows\System\MEJsxOG.exe

C:\Windows\System\uMMXndn.exe

C:\Windows\System\uMMXndn.exe

C:\Windows\System\SbhcFKz.exe

C:\Windows\System\SbhcFKz.exe

C:\Windows\System\gipwFkr.exe

C:\Windows\System\gipwFkr.exe

C:\Windows\System\DgqphDv.exe

C:\Windows\System\DgqphDv.exe

C:\Windows\System\yACBMHi.exe

C:\Windows\System\yACBMHi.exe

C:\Windows\System\tOxyrmE.exe

C:\Windows\System\tOxyrmE.exe

C:\Windows\System\WMjEqoL.exe

C:\Windows\System\WMjEqoL.exe

C:\Windows\System\BigEpXY.exe

C:\Windows\System\BigEpXY.exe

C:\Windows\System\pQwZtpt.exe

C:\Windows\System\pQwZtpt.exe

C:\Windows\System\dcBfCSP.exe

C:\Windows\System\dcBfCSP.exe

C:\Windows\System\EiyMnrk.exe

C:\Windows\System\EiyMnrk.exe

C:\Windows\System\DUScnWS.exe

C:\Windows\System\DUScnWS.exe

C:\Windows\System\pJMWAjZ.exe

C:\Windows\System\pJMWAjZ.exe

C:\Windows\System\DkSKlVI.exe

C:\Windows\System\DkSKlVI.exe

C:\Windows\System\AZexcMt.exe

C:\Windows\System\AZexcMt.exe

C:\Windows\System\vwqeFVN.exe

C:\Windows\System\vwqeFVN.exe

C:\Windows\System\sXYxlCZ.exe

C:\Windows\System\sXYxlCZ.exe

C:\Windows\System\weddDpK.exe

C:\Windows\System\weddDpK.exe

C:\Windows\System\uybUiYB.exe

C:\Windows\System\uybUiYB.exe

C:\Windows\System\rUItCsU.exe

C:\Windows\System\rUItCsU.exe

C:\Windows\System\VgWyRgn.exe

C:\Windows\System\VgWyRgn.exe

C:\Windows\System\gegDJby.exe

C:\Windows\System\gegDJby.exe

C:\Windows\System\ipVccXf.exe

C:\Windows\System\ipVccXf.exe

C:\Windows\System\DVjMLvW.exe

C:\Windows\System\DVjMLvW.exe

C:\Windows\System\DdoGaRl.exe

C:\Windows\System\DdoGaRl.exe

C:\Windows\System\moGTarF.exe

C:\Windows\System\moGTarF.exe

C:\Windows\System\XmZgmpT.exe

C:\Windows\System\XmZgmpT.exe

C:\Windows\System\WwvgcmT.exe

C:\Windows\System\WwvgcmT.exe

C:\Windows\System\BKImezW.exe

C:\Windows\System\BKImezW.exe

C:\Windows\System\JFLUQnE.exe

C:\Windows\System\JFLUQnE.exe

C:\Windows\System\fkuEUlr.exe

C:\Windows\System\fkuEUlr.exe

C:\Windows\System\JuYuMET.exe

C:\Windows\System\JuYuMET.exe

C:\Windows\System\WehaPpj.exe

C:\Windows\System\WehaPpj.exe

C:\Windows\System\qhVpFUP.exe

C:\Windows\System\qhVpFUP.exe

C:\Windows\System\CkPhxwY.exe

C:\Windows\System\CkPhxwY.exe

C:\Windows\System\UvVLICM.exe

C:\Windows\System\UvVLICM.exe

C:\Windows\System\rJofzLL.exe

C:\Windows\System\rJofzLL.exe

C:\Windows\System\PuyRGDk.exe

C:\Windows\System\PuyRGDk.exe

C:\Windows\System\DqzPkeu.exe

C:\Windows\System\DqzPkeu.exe

C:\Windows\System\HXlIRzj.exe

C:\Windows\System\HXlIRzj.exe

C:\Windows\System\yMKRWkk.exe

C:\Windows\System\yMKRWkk.exe

C:\Windows\System\hWZzKmF.exe

C:\Windows\System\hWZzKmF.exe

C:\Windows\System\EuvOKtu.exe

C:\Windows\System\EuvOKtu.exe

C:\Windows\System\QsTgzYM.exe

C:\Windows\System\QsTgzYM.exe

C:\Windows\System\oysDhzw.exe

C:\Windows\System\oysDhzw.exe

C:\Windows\System\kZyvJvV.exe

C:\Windows\System\kZyvJvV.exe

C:\Windows\System\mgMYuBV.exe

C:\Windows\System\mgMYuBV.exe

C:\Windows\System\HmPFyxR.exe

C:\Windows\System\HmPFyxR.exe

C:\Windows\System\pQQJNyA.exe

C:\Windows\System\pQQJNyA.exe

C:\Windows\System\VXoFqGK.exe

C:\Windows\System\VXoFqGK.exe

C:\Windows\System\xbaiVQL.exe

C:\Windows\System\xbaiVQL.exe

C:\Windows\System\yWusHjZ.exe

C:\Windows\System\yWusHjZ.exe

C:\Windows\System\oEyDVmV.exe

C:\Windows\System\oEyDVmV.exe

C:\Windows\System\XrGkPmX.exe

C:\Windows\System\XrGkPmX.exe

C:\Windows\System\XCANUlU.exe

C:\Windows\System\XCANUlU.exe

C:\Windows\System\MYuGpjf.exe

C:\Windows\System\MYuGpjf.exe

C:\Windows\System\lXPFaOW.exe

C:\Windows\System\lXPFaOW.exe

C:\Windows\System\ZJUXyTo.exe

C:\Windows\System\ZJUXyTo.exe

C:\Windows\System\yFOsDDJ.exe

C:\Windows\System\yFOsDDJ.exe

C:\Windows\System\QnttEfe.exe

C:\Windows\System\QnttEfe.exe

C:\Windows\System\AaUKZPs.exe

C:\Windows\System\AaUKZPs.exe

C:\Windows\System\oxRKBNj.exe

C:\Windows\System\oxRKBNj.exe

C:\Windows\System\lMfzctK.exe

C:\Windows\System\lMfzctK.exe

C:\Windows\System\ofGhDJI.exe

C:\Windows\System\ofGhDJI.exe

C:\Windows\System\AtyXxok.exe

C:\Windows\System\AtyXxok.exe

C:\Windows\System\QyHtovo.exe

C:\Windows\System\QyHtovo.exe

C:\Windows\System\mkgUvsw.exe

C:\Windows\System\mkgUvsw.exe

C:\Windows\System\NjSmRAJ.exe

C:\Windows\System\NjSmRAJ.exe

C:\Windows\System\oXUDjRu.exe

C:\Windows\System\oXUDjRu.exe

C:\Windows\System\ItzSNBk.exe

C:\Windows\System\ItzSNBk.exe

C:\Windows\System\lKRUqgh.exe

C:\Windows\System\lKRUqgh.exe

C:\Windows\System\fXcwoFl.exe

C:\Windows\System\fXcwoFl.exe

C:\Windows\System\PppyUWt.exe

C:\Windows\System\PppyUWt.exe

C:\Windows\System\sAVvQpC.exe

C:\Windows\System\sAVvQpC.exe

C:\Windows\System\zoBnxtl.exe

C:\Windows\System\zoBnxtl.exe

C:\Windows\System\hxlolQD.exe

C:\Windows\System\hxlolQD.exe

C:\Windows\System\TQmyemx.exe

C:\Windows\System\TQmyemx.exe

C:\Windows\System\DFHEmXb.exe

C:\Windows\System\DFHEmXb.exe

C:\Windows\System\WiQhVgk.exe

C:\Windows\System\WiQhVgk.exe

C:\Windows\System\BCqCNWb.exe

C:\Windows\System\BCqCNWb.exe

C:\Windows\System\vYpJRcZ.exe

C:\Windows\System\vYpJRcZ.exe

C:\Windows\System\hQLDhUw.exe

C:\Windows\System\hQLDhUw.exe

C:\Windows\System\XHWfglC.exe

C:\Windows\System\XHWfglC.exe

C:\Windows\System\dmNlPLv.exe

C:\Windows\System\dmNlPLv.exe

C:\Windows\System\GUhNQek.exe

C:\Windows\System\GUhNQek.exe

C:\Windows\System\XRLnbAD.exe

C:\Windows\System\XRLnbAD.exe

C:\Windows\System\WqalhLE.exe

C:\Windows\System\WqalhLE.exe

C:\Windows\System\iQJqzmN.exe

C:\Windows\System\iQJqzmN.exe

C:\Windows\System\CeOjmYz.exe

C:\Windows\System\CeOjmYz.exe

C:\Windows\System\QIbVglB.exe

C:\Windows\System\QIbVglB.exe

C:\Windows\System\OwtMBUK.exe

C:\Windows\System\OwtMBUK.exe

C:\Windows\System\kALDOhd.exe

C:\Windows\System\kALDOhd.exe

C:\Windows\System\RRTSCJS.exe

C:\Windows\System\RRTSCJS.exe

C:\Windows\System\COSmbXp.exe

C:\Windows\System\COSmbXp.exe

C:\Windows\System\GAzrnTZ.exe

C:\Windows\System\GAzrnTZ.exe

C:\Windows\System\aJVHhwO.exe

C:\Windows\System\aJVHhwO.exe

C:\Windows\System\QmjBWgM.exe

C:\Windows\System\QmjBWgM.exe

C:\Windows\System\UaVVYTj.exe

C:\Windows\System\UaVVYTj.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1748-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

memory/1748-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\GaSNInl.exe

MD5 0c76fe4e8612faad84a744ed8afb2069
SHA1 645accf35de9a67f59d263aee0e99a750a0b8d97
SHA256 ffe427ce5290c0f2381e9a91110b80553fdee634f90240d573335744939dfd1b
SHA512 a60562d4e280de7c8533209529889e75f973d22d085699e73b4e520e0c02212bcf74e651308b684b35adc7f929710a1f98f8acba69b9eeaa2c082e719b15fece

\Windows\system\IPvGmaL.exe

MD5 8c99494d0bef2664adfb999849615bac
SHA1 3c21b1f5cb246ae5e482724e18f8076ac1623976
SHA256 e475e3163aef84113cddef984c749d11f2b9efc0a39acf002894d48412cf0f57
SHA512 fc8d643da83a7bb23ff1c21f43c8f813360844be7a90ff6bdfd48ab5e0dd34e8e223a110b1837e9a82556266d1a8ef3535acc3b67ad4ee07805fa714ed1f9fb0

C:\Windows\system\idlSNFp.exe

MD5 56cba9abfe64e49d59596b2395385d7c
SHA1 1aea930a278a96dbe6a6e787e7e16db19475fb88
SHA256 960e75813817ec724009c1ce4cf2fd254398ff0c3923d20d0bfa9b548c9228cc
SHA512 e9b86c0d7a9c706f93d52a664bb3a550e8ee228604b67eddaf1d9d0f79d8afd3bbdb6adcc66b70e93848e2b25238a00a93fe560129bbf9426bbaa1b713f43b9d

\Windows\system\YfkBAPd.exe

MD5 0ec428051f14fedaca4b2c9efbae0dc6
SHA1 a485d4ce29088a865d6d217702dceed41a5730e0
SHA256 5ae02cef81a296d5f65d57f9f91068e6631003cdebd31f4080d62578c586349c
SHA512 82945194ecb06fa6f58dcec76fedf91c87e5218313c6a18783eb635685ff6f89b42bc7a61b85cda46853ac5b79b0ee64e858a4cb59d310a0252dcf520103691d

memory/1748-28-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2568-37-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2388-40-0x000000013F040000-0x000000013F394000-memory.dmp

memory/1748-39-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2676-36-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/1748-38-0x0000000001F90000-0x00000000022E4000-memory.dmp

C:\Windows\system\IEmMwlJ.exe

MD5 50c707f8c8afb90d785ad6c61221fe94
SHA1 e4fbef50214692e79cce34e31e87761d5181a6d8
SHA256 d7956d73ee1902373d3cca23b24dbe83c67c6bd7f32a520930cd5e8a44699d6e
SHA512 4a1e8b03085a01a49b2bfeaf84d54f92f043677d8c817f9969606f91292efd82942ca40caa92f38ddc1722d5ae035dd296baeb10a67b1be47624c1436229fbf7

memory/1272-33-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/1748-32-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2700-24-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2560-20-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2444-56-0x000000013F810000-0x000000013FB64000-memory.dmp

C:\Windows\system\QydYtQN.exe

MD5 20a8ac2788084a93edec3caa48e5a40d
SHA1 e0294e7c509f6e906d357b9a9d476c6ded06ec77
SHA256 b37771c741b36c399bfe347bc2a3c077c62356fcef6b3eca1bd20e716ce4b9b4
SHA512 c8d9ddf654ea84a2dec140e44a52239d10777e7fceada2f4d50acee1c38cd2b5dfc9bdff4a9089759bdd423d9b4d4ba83d24b9ba322b261bbf01a56a60e1c1ef

memory/1748-69-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/2060-70-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/2572-63-0x000000013FCB0000-0x0000000140004000-memory.dmp

C:\Windows\system\DrrgMDB.exe

MD5 ce43320563cea978aecb505107eecc29
SHA1 219464054c22107dc5baeca57b3c0a10646c46f6
SHA256 385a732dafe03b8070376437bfb6e4e6f314cb5450cfebcd585b8421e3896120
SHA512 b066c90c88accc187f6a666d3e789060f7030bb4c4456580325aacce30c99ebc3c6b4fe6b59b0fb017caf2f20d661a8c8eb1c59cf4431f567314a4b20afdc85f

memory/2560-83-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/1584-85-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2700-84-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/756-77-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1748-76-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

C:\Windows\system\WldBVBo.exe

MD5 28f93337b47db16bd5da306f2acb7ace
SHA1 cbb1ecbbe9dd415edc5b5ad6cb03b2b7b1273c7e
SHA256 e345a1732800cf60074ced27482c1f4ae4ca6631bbc043f34c34d57c7d9b7f7b
SHA512 160a2932a0ffef7e1f442b92ae9be287704285584df75846058c0e7e678cdc0405ce5c84792895d0d0675be0f4fdff5eca8ea03a75ed7f52e301028e6e536cf8

memory/1748-62-0x000000013FCB0000-0x0000000140004000-memory.dmp

C:\Windows\system\QPxRPWA.exe

MD5 29fbb51777e3732e396687f8c17bdc8d
SHA1 d802f78807e1aec33d34c47497e6558ae9aab19c
SHA256 8c7078e7b3210c7b1453ae45fc5b16ff9ed9250b826d68341323195161e60f5e
SHA512 53e3c3973eac9ba93abe7face02d54bfd3d2b05883bf48da846c52f732bda2ef9d328b224c0cb260dcbafb2cbb373c434e501528bfb5b7cce435073815e1c80d

memory/1748-55-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2620-49-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/1748-48-0x000000013F850000-0x000000013FBA4000-memory.dmp

C:\Windows\system\wzzFfIj.exe

MD5 61924e89ea5287154498b909cfd9c028
SHA1 e05495ab1dfc06bfa3ba8dbe18d069898d478d10
SHA256 57e66b08f5b0dfb7941616e10fdd177f07146a0e48d483f7bd6c84ea8dfd1adf
SHA512 a4ef8c79f4349bdb5c6ec16ad0084a3a3958fee0589a531f62ce923eb4311100334eb3f97927dc39c3aed1577d89807e7fb146ff217cb3abca1c798b11b4496a

C:\Windows\system\tfCcrIC.exe

MD5 99aee6c9ad1218d60c4ef7a3bba8d728
SHA1 0c8f0f3c75eb3394c4ed6fd43a811d15c3631a74
SHA256 6cd0b44cbe408dac3cf411bab3d558daf8f867f95179dfad0f3b78c791a26405
SHA512 1a169333c7550fdb92e56e2621921472d0712c08abf806a3411929a584ff524253ad464e7b5e3cd0f9ae38adbcfef446cd17eb36697d9d865cbfeab105a10f1c

C:\Windows\system\iXUflqs.exe

MD5 2a18c68593cd435fe7be1b9315f885a8
SHA1 5f75e4edc557eb89b4e3fc51ab2b0151016e685a
SHA256 cb59b2f3066e6adf1511839b670c654e5da23a278dfe229ceaa08cc558311b98
SHA512 4a33c7f94a2e51fe13a78ee6365ee0cbe08bc80eaa84394a097607fa51183c46c55a70da9970de4b7fe31354ce33737508beb1af9465ec8e08028b6c42958039

memory/1748-9-0x000000013FE20000-0x0000000140174000-memory.dmp

\Windows\system\TthVnSh.exe

MD5 772320d23d68ac968826ad5b256aee4c
SHA1 f0505fd37500fbc8f47635b855c908aa5d6f3e90
SHA256 1af56a8e01736daba12a44721d658e16c76e224389916880b46e2c702881ff06
SHA512 5521c98e7157b93cc53d72d939243c8387957112463fb81b9c25f679f634355802cbf5c7eff14990b6beaa5f64fa74a5c3147619483d693c08d4bebb752a32f6

C:\Windows\system\kaaIvxS.exe

MD5 f629243d8a2e0fd58701462ea74c9b6f
SHA1 242080cfc905a0560d24ceb84981b234e1ff5d1a
SHA256 c94a32acf9586f519a0262eee034c441ac62afc50d280580ba6fdc678e943d4d
SHA512 158bc3cd30c5a245ea7b1dbe263bfdbd0290129a04cd6bea00637992f9749913b378de721f8a5fd61d9e333219bd12789f493034860cf9f77bb202b4bbe665cd

C:\Windows\system\KmzwwsL.exe

MD5 2cfbc8607ec5d19f435e4e2193b9087a
SHA1 334411f25998de915ce1dc71ae365d0ca5191bff
SHA256 3d06219b84ada7eb98623476f42e964bfecb1fefa1845548d94304eacca5835f
SHA512 eaaafc7fbe3b3fd44407f15177ce28a71cc874406c38f6067f7174f2a74f71153d1428eafd866bf5d3c5c36ecd7a615dd8bbc554cd58beff5578b3df4b7ff4fe

memory/2540-110-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2568-113-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/1748-112-0x000000013FB60000-0x000000013FEB4000-memory.dmp

memory/1748-111-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1876-108-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/1748-105-0x0000000001F90000-0x00000000022E4000-memory.dmp

memory/1748-94-0x000000013F670000-0x000000013F9C4000-memory.dmp

C:\Windows\system\lrJDlHt.exe

MD5 16b7f3024fce4ffbf1c7ed7a385738c3
SHA1 7f1e425bd1bfaa5cfb75db2d1585f9feca456997
SHA256 9fca7606e438f54fd8b2b4da7a3014a83f711046838e53e25fae2f38bee8524f
SHA512 3bb066e754da9a4dfeb081332874c1965c5a55a96d25a0ca39cf1138f81fbb4e635bb1eb5d6418b9b18d9b2b6e99e4facead7280390280854946d6966f9ae4c7

\Windows\system\mEeuvtv.exe

MD5 e137fa314d082da87015d69714d3f5ee
SHA1 3fc647ab44951ff150c0170c40c239bf95075ee7
SHA256 e166e859f170d6a3fc3b8506ae7ece4953dd362ce76854d4039a9ee7d3d13843
SHA512 f5f924d3459804ee39d15311971c2f7ae255f204034afc4964f137d972ffba5a5827cd7f81d0d98b0fbcc6ba69093695713bd73d4fc72dabf5814c815b4e6476

C:\Windows\system\GWDCBSO.exe

MD5 5b79d988a9488d5e08eda162b1dc055a
SHA1 027a0a775e2f16fdb167921ef4a49aaab261ac6b
SHA256 c295adadf0226b93f9f91cfa742f72a8fc1a1f149b3a053f0c59c0e440b93674
SHA512 9479a9a2e0214612c5ea639f1839bc8852e962309b839234cc75e62f780372f0bf5dd9e254758f2f5cdc5084e2853c556c64562f145dadad7b59765d79b709d0

C:\Windows\system\DxhypNU.exe

MD5 082e0b18c57f871f9650fdae8e7ee4df
SHA1 303d00fafcc853451195d759f15e1f44587e622e
SHA256 2dc46449192f0437aedcf0157e3af4a9f3c70f12c6e85f604de00c341ed30d5b
SHA512 3e043f7fec9e7ebec03c70b5cb9b036a14cec8794de3e16a9786915d1057f6a9961f4e5adbc6f356e0eb11c2b9ef4f3b568cf7acceaca1ebe5cbb367c423187f

memory/2620-1050-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2388-347-0x000000013F040000-0x000000013F394000-memory.dmp

C:\Windows\system\zdveLqe.exe

MD5 a63c32d5fbf5cf022c2d02508b5807e5
SHA1 5cefe0415d3089a4511fb299569a13964ce89005
SHA256 09a669075e1c2ec0566f38588766d7508715bf9dba17db83fef8323ea88a4c4d
SHA512 910c2cb890b07a704c2d1bdb5ab6e5b7d9e5c63ab62686ab7c5057b55c767ca90e65345989affb220884e45f9f2cee5c237a6be2d199445da874e460721aaccb

C:\Windows\system\voJqbgP.exe

MD5 be56ac270ee0442382b80ee325b78e75
SHA1 235d212ae1a98590c9ade9fdd7519f05fdcf05c9
SHA256 d889ec0f0f03245ba2f08973093c7a468404ef534c5c5e1ea5555ca8d606c3e1
SHA512 6c7638ac62ca3bebdde684762cc636d74d32957ae597c6b90dfb6415b23a7271eb0f4c8f231b74e5fb19d28f6382888771cd6146201b983e1e5ae5811552a7e6

C:\Windows\system\xcrYeIQ.exe

MD5 774a4974f80d8e6a8e6b32b62e45e992
SHA1 d0d51bb46e39bf72b701f7b63898737f2ff5da54
SHA256 c36d7c6e0f18fb2212dd6631ab483e9b4b4d04fd0710160e25e2946fd6845f0e
SHA512 d0a79aede08552477ddd486a4afa55eb70d9d10704c01b78283582a2c8a2a0292416bf2e6e378f413f4ea4a1de9016bbcf443d293ed856d0071855d21410c316

C:\Windows\system\QJzOMyN.exe

MD5 cdd26336167494c81a375cc7960522ca
SHA1 488db15e200c4d76ce166c1f24b82bfad1a69157
SHA256 b823140d6cdcbf17a3a963d01c1be42dc40afa79f957b3a9a6c43a4c68c2a68e
SHA512 d6469ad1b677205d436aa1895e3b35d5c2a7c43076d5323e37b29a11d675f4d70cec6fc37f5cdb865d517d8f59d45e5e49eca48d0a27e651e6e34bcef23aed9b

C:\Windows\system\NOWYsAC.exe

MD5 9f245badd2a2c637905da29c287285ab
SHA1 8df57e54bd74e12037f634fc237dce44589d849a
SHA256 1c9209b1020cd48d250147736bab860effd00881a0b4be93079caa1fc7bcf7dd
SHA512 d220f26eb3698e7f76ae98b2fc961584767e832b04e48817984860f29d6daa51afee24725bb8a4496b33252cf18278a86a2ecc00ab6fbd560c660d5e94a9b82e

C:\Windows\system\uyouVJo.exe

MD5 f8fbb321343e797a864b680a656d206d
SHA1 310b3866577dd497727483c469bb7ce0dbf25e9b
SHA256 cae6fe59f365ae49cfb5c0436e2a26d095157e4bbeb6ab06d9780439224d23a5
SHA512 489994a662ed4cecae6524e019177014acc4d67112adcbfbd38d5ace7e9c7e9e6e39c1dd61cd88252099371c93451bb5108e4f4245f0cbabd8ca8740df6b20c6

C:\Windows\system\UeAbpUa.exe

MD5 cf2b8382d12ed6fef7f03c8b0c82ab12
SHA1 89f9888bae63e84c7ed46a0b115c4a93305b5c28
SHA256 2fc415b625170a6f11d8c7dce9714ed6e06cbf7631f6c445e9ee6a5474776aa4
SHA512 9b5b25204676e8ddfe11afc0c69b3f5da6356f1580abb73b0fd7097284d7bade93a890889e8658f960475bcd030790634d1bc7c6b821fc50ae4a6fe144f4ef5d

C:\Windows\system\GAvFhsI.exe

MD5 a36125448042169b598fb511da15d058
SHA1 b0131684e01cc2c8a8767f885fb0a3e7a6c59118
SHA256 06c7723f2392e488d0c240d30e9680f3f263328c758d2991e83353939efb362b
SHA512 5c933ead761838af9aaea2b430b9b60ff97d7dc23d70eb49e50826e0f75e739dfbd805d8af43652f4f2aa72376d4f35cfac2e8b45fb57f6e992aef9969294e95

C:\Windows\system\slkUHnC.exe

MD5 30636a7b72ed3f065f0a6c4463959e44
SHA1 8a8ebccb360dec3f065d5098695e13012fad7a1a
SHA256 5b5883be4cbb21243a79c3c724d51e672eb3d534196de4320639d9fefe2ac4f2
SHA512 919b62a14880e73d6a993dbf901dc36b7c1fd5f5996ba20b0212249a7f19cec21ba331df50752692c82838d26324385c1bef26bb47b6757118c0d7cd64aba71d

C:\Windows\system\AunEDJA.exe

MD5 a7b11df204e25420af175e7de1c3d914
SHA1 b8121bba5950cf6c1a13000cccfec419c7788ee3
SHA256 ed758dad12b3e42c03b3e4126a7f08a09d9c4cd31221bb10251acaf25f7d47ef
SHA512 c9a58df85ea4b05f0213c736c1e83bf41e5dc6bcc97af1f9d2c994a4a02e35b6f63b04577a066e10504b798dbb8e1ba99ac8a7f537403b6adcadc928e0fd832a

C:\Windows\system\rFzRGTp.exe

MD5 38a4fe82415a1905625a2c6262ae658f
SHA1 f69f921f44a037b45ee0d6d9154ded1fc84a8a5c
SHA256 4a3da0749ddd56ead58784d61a17276da8d6fc8dea4adf7135be658504768d6d
SHA512 f774ae5b8c0d640e3488ab76c3fdd17f02fa395dd382e831902b750795d606ed5f09d4ec9bdc34f55e721bf9705194d54f5fcc33109164d130d4c3a5705347e7

C:\Windows\system\xIbFmPX.exe

MD5 8727b84a008fae855c3cd1ba6e7eae82
SHA1 7f88e94720de003bd86971940acc2b288f6de1ee
SHA256 43b70e08ab65ce3270c3a03964f55ae717e0b0aebc9910de1adccb5a9ec5ec5b
SHA512 c76bd1f88a3cb0b3393ca4b1b8ac2893116312fd8f85d653b128c71ba244a382e7c5667eacf057105767e89ec088c5a9568c37ee5b7b4af54213d58abed25bf9

C:\Windows\system\aJBHLha.exe

MD5 c4e0f903cccec789ad87ee6eb79906c6
SHA1 35a9a9aa869f14ebd89bc798f8be5790929b5884
SHA256 83881a0b061c39c21287666ae50cbb115d68847a9611e76476112a0045f05f6c
SHA512 05ed698832b5d74286deb60b4405954d15fe6a9473d3b9016a7e36cabee8425238bb4dcc85be5d633ccf32092d3425175781f3d270ce0c0eaa4bb94b800c76f2

memory/2444-1073-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2572-1074-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2060-1075-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/756-1076-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1748-1077-0x0000000001F90000-0x00000000022E4000-memory.dmp

memory/1584-1078-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/1748-1079-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2700-1081-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/1272-1080-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/2560-1082-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2676-1083-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2568-1085-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2388-1084-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2620-1086-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2444-1087-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2572-1088-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2060-1089-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/756-1090-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1584-1091-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/1876-1092-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2540-1093-0x000000013F790000-0x000000013FAE4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 21:21

Reported

2024-06-20 21:23

Platform

win10v2004-20240611-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GaSNInl.exe N/A
N/A N/A C:\Windows\System\idlSNFp.exe N/A
N/A N/A C:\Windows\System\IPvGmaL.exe N/A
N/A N/A C:\Windows\System\iXUflqs.exe N/A
N/A N/A C:\Windows\System\YfkBAPd.exe N/A
N/A N/A C:\Windows\System\IEmMwlJ.exe N/A
N/A N/A C:\Windows\System\wzzFfIj.exe N/A
N/A N/A C:\Windows\System\tfCcrIC.exe N/A
N/A N/A C:\Windows\System\QPxRPWA.exe N/A
N/A N/A C:\Windows\System\QydYtQN.exe N/A
N/A N/A C:\Windows\System\WldBVBo.exe N/A
N/A N/A C:\Windows\System\DrrgMDB.exe N/A
N/A N/A C:\Windows\System\kaaIvxS.exe N/A
N/A N/A C:\Windows\System\aJBHLha.exe N/A
N/A N/A C:\Windows\System\TthVnSh.exe N/A
N/A N/A C:\Windows\System\KmzwwsL.exe N/A
N/A N/A C:\Windows\System\xIbFmPX.exe N/A
N/A N/A C:\Windows\System\rFzRGTp.exe N/A
N/A N/A C:\Windows\System\AunEDJA.exe N/A
N/A N/A C:\Windows\System\slkUHnC.exe N/A
N/A N/A C:\Windows\System\GAvFhsI.exe N/A
N/A N/A C:\Windows\System\lrJDlHt.exe N/A
N/A N/A C:\Windows\System\mEeuvtv.exe N/A
N/A N/A C:\Windows\System\UeAbpUa.exe N/A
N/A N/A C:\Windows\System\uyouVJo.exe N/A
N/A N/A C:\Windows\System\NOWYsAC.exe N/A
N/A N/A C:\Windows\System\QJzOMyN.exe N/A
N/A N/A C:\Windows\System\xcrYeIQ.exe N/A
N/A N/A C:\Windows\System\voJqbgP.exe N/A
N/A N/A C:\Windows\System\GWDCBSO.exe N/A
N/A N/A C:\Windows\System\DxhypNU.exe N/A
N/A N/A C:\Windows\System\zdveLqe.exe N/A
N/A N/A C:\Windows\System\hFBNLBh.exe N/A
N/A N/A C:\Windows\System\LgGbsBY.exe N/A
N/A N/A C:\Windows\System\uomObuW.exe N/A
N/A N/A C:\Windows\System\Duqxuyl.exe N/A
N/A N/A C:\Windows\System\ocPjVBa.exe N/A
N/A N/A C:\Windows\System\XbXwFte.exe N/A
N/A N/A C:\Windows\System\FKdhqHo.exe N/A
N/A N/A C:\Windows\System\tRiiedB.exe N/A
N/A N/A C:\Windows\System\rSLwxgF.exe N/A
N/A N/A C:\Windows\System\AiEeOBK.exe N/A
N/A N/A C:\Windows\System\pUKuyjb.exe N/A
N/A N/A C:\Windows\System\XAHCFEI.exe N/A
N/A N/A C:\Windows\System\gvyxoXw.exe N/A
N/A N/A C:\Windows\System\ScgvMwG.exe N/A
N/A N/A C:\Windows\System\PloGYKB.exe N/A
N/A N/A C:\Windows\System\svOkfDZ.exe N/A
N/A N/A C:\Windows\System\ysNwBCy.exe N/A
N/A N/A C:\Windows\System\VvIMYZI.exe N/A
N/A N/A C:\Windows\System\UmbegpG.exe N/A
N/A N/A C:\Windows\System\qnfBntf.exe N/A
N/A N/A C:\Windows\System\uOsndgs.exe N/A
N/A N/A C:\Windows\System\HwAgHhp.exe N/A
N/A N/A C:\Windows\System\UgCxJxG.exe N/A
N/A N/A C:\Windows\System\ACsOnYK.exe N/A
N/A N/A C:\Windows\System\tjtqInp.exe N/A
N/A N/A C:\Windows\System\bNxqNvf.exe N/A
N/A N/A C:\Windows\System\ldHvNtp.exe N/A
N/A N/A C:\Windows\System\tzTAZaC.exe N/A
N/A N/A C:\Windows\System\JbdaHRN.exe N/A
N/A N/A C:\Windows\System\NNjoGjA.exe N/A
N/A N/A C:\Windows\System\tZEGuWc.exe N/A
N/A N/A C:\Windows\System\DUnoILZ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ocPjVBa.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHURHXu.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\Duqxuyl.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ldHvNtp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\MBOUNgi.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGgCovn.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVjMLvW.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZyvJvV.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWhZvMs.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXUflqs.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaaIvxS.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJRUjBg.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewCVpSK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCEchvo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvhfwXW.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTtiZNK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhVpFUP.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqcaOLZ.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNqQHIA.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMMXndn.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\sAVvQpC.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMKRWkk.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\AunEDJA.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCpUSXO.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlcABQG.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJcslCe.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ReDuBrR.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkrKYeg.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\yACBMHi.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbaiVQL.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJUXyTo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofjQjJJ.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmOdWeM.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiyMnrk.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmjBWgM.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmNlPLv.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEeuvtv.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKdhqHo.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIhfvSE.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\RONCQhR.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\TftTnRh.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHWfglC.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHnNsLn.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAninKc.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgWyRgn.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMfzctK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtHmQrp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmhXrqe.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQQJNyA.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFzRGTp.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHSiZig.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\FpwzpMs.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRLnbAD.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvyxoXw.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOsndgs.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZSirZS.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXUDjRu.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJVHhwO.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\uomObuW.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUnoILZ.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzjMzff.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQxSPju.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwtMBUK.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A
File created C:\Windows\System\GaSNInl.exe C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2740 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GaSNInl.exe
PID 2740 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GaSNInl.exe
PID 2740 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\idlSNFp.exe
PID 2740 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\idlSNFp.exe
PID 2740 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IPvGmaL.exe
PID 2740 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IPvGmaL.exe
PID 2740 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\iXUflqs.exe
PID 2740 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\iXUflqs.exe
PID 2740 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\YfkBAPd.exe
PID 2740 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\YfkBAPd.exe
PID 2740 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IEmMwlJ.exe
PID 2740 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\IEmMwlJ.exe
PID 2740 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\wzzFfIj.exe
PID 2740 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\wzzFfIj.exe
PID 2740 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\tfCcrIC.exe
PID 2740 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\tfCcrIC.exe
PID 2740 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QPxRPWA.exe
PID 2740 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QPxRPWA.exe
PID 2740 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QydYtQN.exe
PID 2740 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QydYtQN.exe
PID 2740 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\WldBVBo.exe
PID 2740 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\WldBVBo.exe
PID 2740 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DrrgMDB.exe
PID 2740 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DrrgMDB.exe
PID 2740 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\aJBHLha.exe
PID 2740 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\aJBHLha.exe
PID 2740 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\kaaIvxS.exe
PID 2740 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\kaaIvxS.exe
PID 2740 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\TthVnSh.exe
PID 2740 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\TthVnSh.exe
PID 2740 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\KmzwwsL.exe
PID 2740 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\KmzwwsL.exe
PID 2740 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xIbFmPX.exe
PID 2740 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xIbFmPX.exe
PID 2740 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\rFzRGTp.exe
PID 2740 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\rFzRGTp.exe
PID 2740 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\AunEDJA.exe
PID 2740 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\AunEDJA.exe
PID 2740 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\lrJDlHt.exe
PID 2740 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\lrJDlHt.exe
PID 2740 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\slkUHnC.exe
PID 2740 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\slkUHnC.exe
PID 2740 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GAvFhsI.exe
PID 2740 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GAvFhsI.exe
PID 2740 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\mEeuvtv.exe
PID 2740 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\mEeuvtv.exe
PID 2740 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\UeAbpUa.exe
PID 2740 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\UeAbpUa.exe
PID 2740 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\uyouVJo.exe
PID 2740 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\uyouVJo.exe
PID 2740 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\NOWYsAC.exe
PID 2740 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\NOWYsAC.exe
PID 2740 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QJzOMyN.exe
PID 2740 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\QJzOMyN.exe
PID 2740 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xcrYeIQ.exe
PID 2740 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\xcrYeIQ.exe
PID 2740 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\voJqbgP.exe
PID 2740 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\voJqbgP.exe
PID 2740 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GWDCBSO.exe
PID 2740 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\GWDCBSO.exe
PID 2740 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DxhypNU.exe
PID 2740 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\DxhypNU.exe
PID 2740 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\zdveLqe.exe
PID 2740 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe C:\Windows\System\zdveLqe.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0fa2ef98b8fd8ef32332fa523cb34c7da451940583d7966228447de950e2f305_NeikiAnalytics.exe"

C:\Windows\System\GaSNInl.exe

C:\Windows\System\GaSNInl.exe

C:\Windows\System\idlSNFp.exe

C:\Windows\System\idlSNFp.exe

C:\Windows\System\IPvGmaL.exe

C:\Windows\System\IPvGmaL.exe

C:\Windows\System\iXUflqs.exe

C:\Windows\System\iXUflqs.exe

C:\Windows\System\YfkBAPd.exe

C:\Windows\System\YfkBAPd.exe

C:\Windows\System\IEmMwlJ.exe

C:\Windows\System\IEmMwlJ.exe

C:\Windows\System\wzzFfIj.exe

C:\Windows\System\wzzFfIj.exe

C:\Windows\System\tfCcrIC.exe

C:\Windows\System\tfCcrIC.exe

C:\Windows\System\QPxRPWA.exe

C:\Windows\System\QPxRPWA.exe

C:\Windows\System\QydYtQN.exe

C:\Windows\System\QydYtQN.exe

C:\Windows\System\WldBVBo.exe

C:\Windows\System\WldBVBo.exe

C:\Windows\System\DrrgMDB.exe

C:\Windows\System\DrrgMDB.exe

C:\Windows\System\aJBHLha.exe

C:\Windows\System\aJBHLha.exe

C:\Windows\System\kaaIvxS.exe

C:\Windows\System\kaaIvxS.exe

C:\Windows\System\TthVnSh.exe

C:\Windows\System\TthVnSh.exe

C:\Windows\System\KmzwwsL.exe

C:\Windows\System\KmzwwsL.exe

C:\Windows\System\xIbFmPX.exe

C:\Windows\System\xIbFmPX.exe

C:\Windows\System\rFzRGTp.exe

C:\Windows\System\rFzRGTp.exe

C:\Windows\System\AunEDJA.exe

C:\Windows\System\AunEDJA.exe

C:\Windows\System\lrJDlHt.exe

C:\Windows\System\lrJDlHt.exe

C:\Windows\System\slkUHnC.exe

C:\Windows\System\slkUHnC.exe

C:\Windows\System\GAvFhsI.exe

C:\Windows\System\GAvFhsI.exe

C:\Windows\System\mEeuvtv.exe

C:\Windows\System\mEeuvtv.exe

C:\Windows\System\UeAbpUa.exe

C:\Windows\System\UeAbpUa.exe

C:\Windows\System\uyouVJo.exe

C:\Windows\System\uyouVJo.exe

C:\Windows\System\NOWYsAC.exe

C:\Windows\System\NOWYsAC.exe

C:\Windows\System\QJzOMyN.exe

C:\Windows\System\QJzOMyN.exe

C:\Windows\System\xcrYeIQ.exe

C:\Windows\System\xcrYeIQ.exe

C:\Windows\System\voJqbgP.exe

C:\Windows\System\voJqbgP.exe

C:\Windows\System\GWDCBSO.exe

C:\Windows\System\GWDCBSO.exe

C:\Windows\System\DxhypNU.exe

C:\Windows\System\DxhypNU.exe

C:\Windows\System\zdveLqe.exe

C:\Windows\System\zdveLqe.exe

C:\Windows\System\hFBNLBh.exe

C:\Windows\System\hFBNLBh.exe

C:\Windows\System\LgGbsBY.exe

C:\Windows\System\LgGbsBY.exe

C:\Windows\System\uomObuW.exe

C:\Windows\System\uomObuW.exe

C:\Windows\System\Duqxuyl.exe

C:\Windows\System\Duqxuyl.exe

C:\Windows\System\ocPjVBa.exe

C:\Windows\System\ocPjVBa.exe

C:\Windows\System\XbXwFte.exe

C:\Windows\System\XbXwFte.exe

C:\Windows\System\FKdhqHo.exe

C:\Windows\System\FKdhqHo.exe

C:\Windows\System\tRiiedB.exe

C:\Windows\System\tRiiedB.exe

C:\Windows\System\rSLwxgF.exe

C:\Windows\System\rSLwxgF.exe

C:\Windows\System\AiEeOBK.exe

C:\Windows\System\AiEeOBK.exe

C:\Windows\System\pUKuyjb.exe

C:\Windows\System\pUKuyjb.exe

C:\Windows\System\XAHCFEI.exe

C:\Windows\System\XAHCFEI.exe

C:\Windows\System\gvyxoXw.exe

C:\Windows\System\gvyxoXw.exe

C:\Windows\System\ScgvMwG.exe

C:\Windows\System\ScgvMwG.exe

C:\Windows\System\PloGYKB.exe

C:\Windows\System\PloGYKB.exe

C:\Windows\System\svOkfDZ.exe

C:\Windows\System\svOkfDZ.exe

C:\Windows\System\ysNwBCy.exe

C:\Windows\System\ysNwBCy.exe

C:\Windows\System\VvIMYZI.exe

C:\Windows\System\VvIMYZI.exe

C:\Windows\System\UmbegpG.exe

C:\Windows\System\UmbegpG.exe

C:\Windows\System\qnfBntf.exe

C:\Windows\System\qnfBntf.exe

C:\Windows\System\uOsndgs.exe

C:\Windows\System\uOsndgs.exe

C:\Windows\System\HwAgHhp.exe

C:\Windows\System\HwAgHhp.exe

C:\Windows\System\UgCxJxG.exe

C:\Windows\System\UgCxJxG.exe

C:\Windows\System\ACsOnYK.exe

C:\Windows\System\ACsOnYK.exe

C:\Windows\System\tjtqInp.exe

C:\Windows\System\tjtqInp.exe

C:\Windows\System\bNxqNvf.exe

C:\Windows\System\bNxqNvf.exe

C:\Windows\System\ldHvNtp.exe

C:\Windows\System\ldHvNtp.exe

C:\Windows\System\tzTAZaC.exe

C:\Windows\System\tzTAZaC.exe

C:\Windows\System\JbdaHRN.exe

C:\Windows\System\JbdaHRN.exe

C:\Windows\System\NNjoGjA.exe

C:\Windows\System\NNjoGjA.exe

C:\Windows\System\tZEGuWc.exe

C:\Windows\System\tZEGuWc.exe

C:\Windows\System\DUnoILZ.exe

C:\Windows\System\DUnoILZ.exe

C:\Windows\System\hqXHIXU.exe

C:\Windows\System\hqXHIXU.exe

C:\Windows\System\bcTUuGc.exe

C:\Windows\System\bcTUuGc.exe

C:\Windows\System\vZeTIVI.exe

C:\Windows\System\vZeTIVI.exe

C:\Windows\System\SGzOyJW.exe

C:\Windows\System\SGzOyJW.exe

C:\Windows\System\yjuAAeS.exe

C:\Windows\System\yjuAAeS.exe

C:\Windows\System\QhZmFMb.exe

C:\Windows\System\QhZmFMb.exe

C:\Windows\System\WKRLfUM.exe

C:\Windows\System\WKRLfUM.exe

C:\Windows\System\OJlySzX.exe

C:\Windows\System\OJlySzX.exe

C:\Windows\System\yzNeGmb.exe

C:\Windows\System\yzNeGmb.exe

C:\Windows\System\sWjtrOY.exe

C:\Windows\System\sWjtrOY.exe

C:\Windows\System\hHtHdlB.exe

C:\Windows\System\hHtHdlB.exe

C:\Windows\System\YJKlNdB.exe

C:\Windows\System\YJKlNdB.exe

C:\Windows\System\kAfLwUP.exe

C:\Windows\System\kAfLwUP.exe

C:\Windows\System\zRzpaIX.exe

C:\Windows\System\zRzpaIX.exe

C:\Windows\System\EccEwPP.exe

C:\Windows\System\EccEwPP.exe

C:\Windows\System\tuFCHBM.exe

C:\Windows\System\tuFCHBM.exe

C:\Windows\System\vrFeJEX.exe

C:\Windows\System\vrFeJEX.exe

C:\Windows\System\YSvpbQm.exe

C:\Windows\System\YSvpbQm.exe

C:\Windows\System\lIhfvSE.exe

C:\Windows\System\lIhfvSE.exe

C:\Windows\System\uPPbPZy.exe

C:\Windows\System\uPPbPZy.exe

C:\Windows\System\RJRUjBg.exe

C:\Windows\System\RJRUjBg.exe

C:\Windows\System\pcuqOJH.exe

C:\Windows\System\pcuqOJH.exe

C:\Windows\System\QSankvK.exe

C:\Windows\System\QSankvK.exe

C:\Windows\System\UiUKQry.exe

C:\Windows\System\UiUKQry.exe

C:\Windows\System\ddxLhnx.exe

C:\Windows\System\ddxLhnx.exe

C:\Windows\System\SMuHrHT.exe

C:\Windows\System\SMuHrHT.exe

C:\Windows\System\oqcaOLZ.exe

C:\Windows\System\oqcaOLZ.exe

C:\Windows\System\XNjurlB.exe

C:\Windows\System\XNjurlB.exe

C:\Windows\System\MwPYFDO.exe

C:\Windows\System\MwPYFDO.exe

C:\Windows\System\VdJvgbk.exe

C:\Windows\System\VdJvgbk.exe

C:\Windows\System\uHFEijP.exe

C:\Windows\System\uHFEijP.exe

C:\Windows\System\xJBFGeH.exe

C:\Windows\System\xJBFGeH.exe

C:\Windows\System\gRpacNw.exe

C:\Windows\System\gRpacNw.exe

C:\Windows\System\ykxaPys.exe

C:\Windows\System\ykxaPys.exe

C:\Windows\System\HGRXXrf.exe

C:\Windows\System\HGRXXrf.exe

C:\Windows\System\bMAYMED.exe

C:\Windows\System\bMAYMED.exe

C:\Windows\System\eyDdawq.exe

C:\Windows\System\eyDdawq.exe

C:\Windows\System\rPxWcEI.exe

C:\Windows\System\rPxWcEI.exe

C:\Windows\System\lOkxmou.exe

C:\Windows\System\lOkxmou.exe

C:\Windows\System\fgloXBk.exe

C:\Windows\System\fgloXBk.exe

C:\Windows\System\tCXbLeN.exe

C:\Windows\System\tCXbLeN.exe

C:\Windows\System\THwBkPD.exe

C:\Windows\System\THwBkPD.exe

C:\Windows\System\INnXDOb.exe

C:\Windows\System\INnXDOb.exe

C:\Windows\System\LXzJdho.exe

C:\Windows\System\LXzJdho.exe

C:\Windows\System\TGHOMLG.exe

C:\Windows\System\TGHOMLG.exe

C:\Windows\System\jsSdbxw.exe

C:\Windows\System\jsSdbxw.exe

C:\Windows\System\EkuRWjn.exe

C:\Windows\System\EkuRWjn.exe

C:\Windows\System\SlmJLfN.exe

C:\Windows\System\SlmJLfN.exe

C:\Windows\System\sCpUSXO.exe

C:\Windows\System\sCpUSXO.exe

C:\Windows\System\XHURHXu.exe

C:\Windows\System\XHURHXu.exe

C:\Windows\System\SQYyerH.exe

C:\Windows\System\SQYyerH.exe

C:\Windows\System\Xyfcbmo.exe

C:\Windows\System\Xyfcbmo.exe

C:\Windows\System\PlLptJV.exe

C:\Windows\System\PlLptJV.exe

C:\Windows\System\qzytymo.exe

C:\Windows\System\qzytymo.exe

C:\Windows\System\EHSomFn.exe

C:\Windows\System\EHSomFn.exe

C:\Windows\System\KhkagvC.exe

C:\Windows\System\KhkagvC.exe

C:\Windows\System\HzjMzff.exe

C:\Windows\System\HzjMzff.exe

C:\Windows\System\DVnMwRH.exe

C:\Windows\System\DVnMwRH.exe

C:\Windows\System\AsCuaNf.exe

C:\Windows\System\AsCuaNf.exe

C:\Windows\System\ReYjVIV.exe

C:\Windows\System\ReYjVIV.exe

C:\Windows\System\ofjQjJJ.exe

C:\Windows\System\ofjQjJJ.exe

C:\Windows\System\CVOOdyM.exe

C:\Windows\System\CVOOdyM.exe

C:\Windows\System\trasssr.exe

C:\Windows\System\trasssr.exe

C:\Windows\System\ECiJmmF.exe

C:\Windows\System\ECiJmmF.exe

C:\Windows\System\wpBkLnT.exe

C:\Windows\System\wpBkLnT.exe

C:\Windows\System\jAiczZl.exe

C:\Windows\System\jAiczZl.exe

C:\Windows\System\dIgUOnK.exe

C:\Windows\System\dIgUOnK.exe

C:\Windows\System\XMjIpTE.exe

C:\Windows\System\XMjIpTE.exe

C:\Windows\System\IILQVzR.exe

C:\Windows\System\IILQVzR.exe

C:\Windows\System\wYtghsJ.exe

C:\Windows\System\wYtghsJ.exe

C:\Windows\System\ZHJMeLU.exe

C:\Windows\System\ZHJMeLU.exe

C:\Windows\System\JwDxWXb.exe

C:\Windows\System\JwDxWXb.exe

C:\Windows\System\mwyPEKR.exe

C:\Windows\System\mwyPEKR.exe

C:\Windows\System\vmFjhvg.exe

C:\Windows\System\vmFjhvg.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2736,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8

C:\Windows\System\vmYiWYA.exe

C:\Windows\System\vmYiWYA.exe

C:\Windows\System\XpfKMHv.exe

C:\Windows\System\XpfKMHv.exe

C:\Windows\System\cLcBHBm.exe

C:\Windows\System\cLcBHBm.exe

C:\Windows\System\bKFFPHT.exe

C:\Windows\System\bKFFPHT.exe

C:\Windows\System\RONCQhR.exe

C:\Windows\System\RONCQhR.exe

C:\Windows\System\aOnZfpb.exe

C:\Windows\System\aOnZfpb.exe

C:\Windows\System\qETqAxL.exe

C:\Windows\System\qETqAxL.exe

C:\Windows\System\bHSiZig.exe

C:\Windows\System\bHSiZig.exe

C:\Windows\System\YCWgrJt.exe

C:\Windows\System\YCWgrJt.exe

C:\Windows\System\cVtSHuX.exe

C:\Windows\System\cVtSHuX.exe

C:\Windows\System\RJagLUD.exe

C:\Windows\System\RJagLUD.exe

C:\Windows\System\wFnvSpe.exe

C:\Windows\System\wFnvSpe.exe

C:\Windows\System\nLzQfcN.exe

C:\Windows\System\nLzQfcN.exe

C:\Windows\System\XJsHszn.exe

C:\Windows\System\XJsHszn.exe

C:\Windows\System\xCUPfVE.exe

C:\Windows\System\xCUPfVE.exe

C:\Windows\System\FquYnEC.exe

C:\Windows\System\FquYnEC.exe

C:\Windows\System\HKVIfiH.exe

C:\Windows\System\HKVIfiH.exe

C:\Windows\System\iZSirZS.exe

C:\Windows\System\iZSirZS.exe

C:\Windows\System\JkRuPzm.exe

C:\Windows\System\JkRuPzm.exe

C:\Windows\System\hxtLyka.exe

C:\Windows\System\hxtLyka.exe

C:\Windows\System\ewCVpSK.exe

C:\Windows\System\ewCVpSK.exe

C:\Windows\System\MBOUNgi.exe

C:\Windows\System\MBOUNgi.exe

C:\Windows\System\rvOTsNG.exe

C:\Windows\System\rvOTsNG.exe

C:\Windows\System\bcrvjWC.exe

C:\Windows\System\bcrvjWC.exe

C:\Windows\System\SVvBQpy.exe

C:\Windows\System\SVvBQpy.exe

C:\Windows\System\QtHmQrp.exe

C:\Windows\System\QtHmQrp.exe

C:\Windows\System\zMiIvgH.exe

C:\Windows\System\zMiIvgH.exe

C:\Windows\System\nlcABQG.exe

C:\Windows\System\nlcABQG.exe

C:\Windows\System\agEIcxF.exe

C:\Windows\System\agEIcxF.exe

C:\Windows\System\bCEchvo.exe

C:\Windows\System\bCEchvo.exe

C:\Windows\System\vdGNEwR.exe

C:\Windows\System\vdGNEwR.exe

C:\Windows\System\FZvGLaL.exe

C:\Windows\System\FZvGLaL.exe

C:\Windows\System\lFMtMjd.exe

C:\Windows\System\lFMtMjd.exe

C:\Windows\System\EohIMhl.exe

C:\Windows\System\EohIMhl.exe

C:\Windows\System\RJcslCe.exe

C:\Windows\System\RJcslCe.exe

C:\Windows\System\FmhXrqe.exe

C:\Windows\System\FmhXrqe.exe

C:\Windows\System\BNlzfZJ.exe

C:\Windows\System\BNlzfZJ.exe

C:\Windows\System\mfpjTae.exe

C:\Windows\System\mfpjTae.exe

C:\Windows\System\PCLMGEF.exe

C:\Windows\System\PCLMGEF.exe

C:\Windows\System\EcvmnyB.exe

C:\Windows\System\EcvmnyB.exe

C:\Windows\System\LSRcBDh.exe

C:\Windows\System\LSRcBDh.exe

C:\Windows\System\ZrFjNIg.exe

C:\Windows\System\ZrFjNIg.exe

C:\Windows\System\WTilykv.exe

C:\Windows\System\WTilykv.exe

C:\Windows\System\ujeprHS.exe

C:\Windows\System\ujeprHS.exe

C:\Windows\System\FpwzpMs.exe

C:\Windows\System\FpwzpMs.exe

C:\Windows\System\ysfjyhM.exe

C:\Windows\System\ysfjyhM.exe

C:\Windows\System\ReDuBrR.exe

C:\Windows\System\ReDuBrR.exe

C:\Windows\System\ttczQFk.exe

C:\Windows\System\ttczQFk.exe

C:\Windows\System\GmxCBzc.exe

C:\Windows\System\GmxCBzc.exe

C:\Windows\System\uHnNsLn.exe

C:\Windows\System\uHnNsLn.exe

C:\Windows\System\SvhfwXW.exe

C:\Windows\System\SvhfwXW.exe

C:\Windows\System\QSXYSaU.exe

C:\Windows\System\QSXYSaU.exe

C:\Windows\System\taqsNbx.exe

C:\Windows\System\taqsNbx.exe

C:\Windows\System\jIZHOgu.exe

C:\Windows\System\jIZHOgu.exe

C:\Windows\System\ESiskLu.exe

C:\Windows\System\ESiskLu.exe

C:\Windows\System\tMMmVWz.exe

C:\Windows\System\tMMmVWz.exe

C:\Windows\System\RDyfhiO.exe

C:\Windows\System\RDyfhiO.exe

C:\Windows\System\oIyBuKe.exe

C:\Windows\System\oIyBuKe.exe

C:\Windows\System\sckmvuZ.exe

C:\Windows\System\sckmvuZ.exe

C:\Windows\System\tVTpPIj.exe

C:\Windows\System\tVTpPIj.exe

C:\Windows\System\UuOUsaE.exe

C:\Windows\System\UuOUsaE.exe

C:\Windows\System\WmOdWeM.exe

C:\Windows\System\WmOdWeM.exe

C:\Windows\System\GodmQDa.exe

C:\Windows\System\GodmQDa.exe

C:\Windows\System\smCHsRm.exe

C:\Windows\System\smCHsRm.exe

C:\Windows\System\YkibLNx.exe

C:\Windows\System\YkibLNx.exe

C:\Windows\System\iMOWZOO.exe

C:\Windows\System\iMOWZOO.exe

C:\Windows\System\kWcXiNX.exe

C:\Windows\System\kWcXiNX.exe

C:\Windows\System\PNBQzij.exe

C:\Windows\System\PNBQzij.exe

C:\Windows\System\qqnTSfj.exe

C:\Windows\System\qqnTSfj.exe

C:\Windows\System\CGgCovn.exe

C:\Windows\System\CGgCovn.exe

C:\Windows\System\FrcphKq.exe

C:\Windows\System\FrcphKq.exe

C:\Windows\System\qPBhnfM.exe

C:\Windows\System\qPBhnfM.exe

C:\Windows\System\WkrKYeg.exe

C:\Windows\System\WkrKYeg.exe

C:\Windows\System\WNqQHIA.exe

C:\Windows\System\WNqQHIA.exe

C:\Windows\System\Eyjmwaw.exe

C:\Windows\System\Eyjmwaw.exe

C:\Windows\System\AxyPwXo.exe

C:\Windows\System\AxyPwXo.exe

C:\Windows\System\yVWEyBH.exe

C:\Windows\System\yVWEyBH.exe

C:\Windows\System\AoTMMhx.exe

C:\Windows\System\AoTMMhx.exe

C:\Windows\System\OhEmEQk.exe

C:\Windows\System\OhEmEQk.exe

C:\Windows\System\bQxSPju.exe

C:\Windows\System\bQxSPju.exe

C:\Windows\System\MTaSqXG.exe

C:\Windows\System\MTaSqXG.exe

C:\Windows\System\lTtiZNK.exe

C:\Windows\System\lTtiZNK.exe

C:\Windows\System\fVbWeuk.exe

C:\Windows\System\fVbWeuk.exe

C:\Windows\System\NAninKc.exe

C:\Windows\System\NAninKc.exe

C:\Windows\System\zWhZvMs.exe

C:\Windows\System\zWhZvMs.exe

C:\Windows\System\bSjpVNC.exe

C:\Windows\System\bSjpVNC.exe

C:\Windows\System\TftTnRh.exe

C:\Windows\System\TftTnRh.exe

C:\Windows\System\nchFjIN.exe

C:\Windows\System\nchFjIN.exe

C:\Windows\System\MEJsxOG.exe

C:\Windows\System\MEJsxOG.exe

C:\Windows\System\uMMXndn.exe

C:\Windows\System\uMMXndn.exe

C:\Windows\System\SbhcFKz.exe

C:\Windows\System\SbhcFKz.exe

C:\Windows\System\gipwFkr.exe

C:\Windows\System\gipwFkr.exe

C:\Windows\System\DgqphDv.exe

C:\Windows\System\DgqphDv.exe

C:\Windows\System\yACBMHi.exe

C:\Windows\System\yACBMHi.exe

C:\Windows\System\tOxyrmE.exe

C:\Windows\System\tOxyrmE.exe

C:\Windows\System\WMjEqoL.exe

C:\Windows\System\WMjEqoL.exe

C:\Windows\System\BigEpXY.exe

C:\Windows\System\BigEpXY.exe

C:\Windows\System\pQwZtpt.exe

C:\Windows\System\pQwZtpt.exe

C:\Windows\System\dcBfCSP.exe

C:\Windows\System\dcBfCSP.exe

C:\Windows\System\EiyMnrk.exe

C:\Windows\System\EiyMnrk.exe

C:\Windows\System\DUScnWS.exe

C:\Windows\System\DUScnWS.exe

C:\Windows\System\pJMWAjZ.exe

C:\Windows\System\pJMWAjZ.exe

C:\Windows\System\DkSKlVI.exe

C:\Windows\System\DkSKlVI.exe

C:\Windows\System\AZexcMt.exe

C:\Windows\System\AZexcMt.exe

C:\Windows\System\vwqeFVN.exe

C:\Windows\System\vwqeFVN.exe

C:\Windows\System\sXYxlCZ.exe

C:\Windows\System\sXYxlCZ.exe

C:\Windows\System\weddDpK.exe

C:\Windows\System\weddDpK.exe

C:\Windows\System\uybUiYB.exe

C:\Windows\System\uybUiYB.exe

C:\Windows\System\rUItCsU.exe

C:\Windows\System\rUItCsU.exe

C:\Windows\System\VgWyRgn.exe

C:\Windows\System\VgWyRgn.exe

C:\Windows\System\gegDJby.exe

C:\Windows\System\gegDJby.exe

C:\Windows\System\ipVccXf.exe

C:\Windows\System\ipVccXf.exe

C:\Windows\System\DVjMLvW.exe

C:\Windows\System\DVjMLvW.exe

C:\Windows\System\DdoGaRl.exe

C:\Windows\System\DdoGaRl.exe

C:\Windows\System\moGTarF.exe

C:\Windows\System\moGTarF.exe

C:\Windows\System\XmZgmpT.exe

C:\Windows\System\XmZgmpT.exe

C:\Windows\System\WwvgcmT.exe

C:\Windows\System\WwvgcmT.exe

C:\Windows\System\BKImezW.exe

C:\Windows\System\BKImezW.exe

C:\Windows\System\JFLUQnE.exe

C:\Windows\System\JFLUQnE.exe

C:\Windows\System\fkuEUlr.exe

C:\Windows\System\fkuEUlr.exe

C:\Windows\System\JuYuMET.exe

C:\Windows\System\JuYuMET.exe

C:\Windows\System\WehaPpj.exe

C:\Windows\System\WehaPpj.exe

C:\Windows\System\qhVpFUP.exe

C:\Windows\System\qhVpFUP.exe

C:\Windows\System\CkPhxwY.exe

C:\Windows\System\CkPhxwY.exe

C:\Windows\System\UvVLICM.exe

C:\Windows\System\UvVLICM.exe

C:\Windows\System\rJofzLL.exe

C:\Windows\System\rJofzLL.exe

C:\Windows\System\PuyRGDk.exe

C:\Windows\System\PuyRGDk.exe

C:\Windows\System\DqzPkeu.exe

C:\Windows\System\DqzPkeu.exe

C:\Windows\System\HXlIRzj.exe

C:\Windows\System\HXlIRzj.exe

C:\Windows\System\yMKRWkk.exe

C:\Windows\System\yMKRWkk.exe

C:\Windows\System\hWZzKmF.exe

C:\Windows\System\hWZzKmF.exe

C:\Windows\System\EuvOKtu.exe

C:\Windows\System\EuvOKtu.exe

C:\Windows\System\QsTgzYM.exe

C:\Windows\System\QsTgzYM.exe

C:\Windows\System\oysDhzw.exe

C:\Windows\System\oysDhzw.exe

C:\Windows\System\kZyvJvV.exe

C:\Windows\System\kZyvJvV.exe

C:\Windows\System\mgMYuBV.exe

C:\Windows\System\mgMYuBV.exe

C:\Windows\System\HmPFyxR.exe

C:\Windows\System\HmPFyxR.exe

C:\Windows\System\pQQJNyA.exe

C:\Windows\System\pQQJNyA.exe

C:\Windows\System\VXoFqGK.exe

C:\Windows\System\VXoFqGK.exe

C:\Windows\System\xbaiVQL.exe

C:\Windows\System\xbaiVQL.exe

C:\Windows\System\yWusHjZ.exe

C:\Windows\System\yWusHjZ.exe

C:\Windows\System\oEyDVmV.exe

C:\Windows\System\oEyDVmV.exe

C:\Windows\System\XrGkPmX.exe

C:\Windows\System\XrGkPmX.exe

C:\Windows\System\XCANUlU.exe

C:\Windows\System\XCANUlU.exe

C:\Windows\System\MYuGpjf.exe

C:\Windows\System\MYuGpjf.exe

C:\Windows\System\lXPFaOW.exe

C:\Windows\System\lXPFaOW.exe

C:\Windows\System\ZJUXyTo.exe

C:\Windows\System\ZJUXyTo.exe

C:\Windows\System\yFOsDDJ.exe

C:\Windows\System\yFOsDDJ.exe

C:\Windows\System\QnttEfe.exe

C:\Windows\System\QnttEfe.exe

C:\Windows\System\AaUKZPs.exe

C:\Windows\System\AaUKZPs.exe

C:\Windows\System\oxRKBNj.exe

C:\Windows\System\oxRKBNj.exe

C:\Windows\System\lMfzctK.exe

C:\Windows\System\lMfzctK.exe

C:\Windows\System\ofGhDJI.exe

C:\Windows\System\ofGhDJI.exe

C:\Windows\System\AtyXxok.exe

C:\Windows\System\AtyXxok.exe

C:\Windows\System\QyHtovo.exe

C:\Windows\System\QyHtovo.exe

C:\Windows\System\mkgUvsw.exe

C:\Windows\System\mkgUvsw.exe

C:\Windows\System\NjSmRAJ.exe

C:\Windows\System\NjSmRAJ.exe

C:\Windows\System\oXUDjRu.exe

C:\Windows\System\oXUDjRu.exe

C:\Windows\System\ItzSNBk.exe

C:\Windows\System\ItzSNBk.exe

C:\Windows\System\lKRUqgh.exe

C:\Windows\System\lKRUqgh.exe

C:\Windows\System\fXcwoFl.exe

C:\Windows\System\fXcwoFl.exe

C:\Windows\System\PppyUWt.exe

C:\Windows\System\PppyUWt.exe

C:\Windows\System\sAVvQpC.exe

C:\Windows\System\sAVvQpC.exe

C:\Windows\System\zoBnxtl.exe

C:\Windows\System\zoBnxtl.exe

C:\Windows\System\hxlolQD.exe

C:\Windows\System\hxlolQD.exe

C:\Windows\System\TQmyemx.exe

C:\Windows\System\TQmyemx.exe

C:\Windows\System\DFHEmXb.exe

C:\Windows\System\DFHEmXb.exe

C:\Windows\System\WiQhVgk.exe

C:\Windows\System\WiQhVgk.exe

C:\Windows\System\BCqCNWb.exe

C:\Windows\System\BCqCNWb.exe

C:\Windows\System\vYpJRcZ.exe

C:\Windows\System\vYpJRcZ.exe

C:\Windows\System\hQLDhUw.exe

C:\Windows\System\hQLDhUw.exe

C:\Windows\System\XHWfglC.exe

C:\Windows\System\XHWfglC.exe

C:\Windows\System\dmNlPLv.exe

C:\Windows\System\dmNlPLv.exe

C:\Windows\System\GUhNQek.exe

C:\Windows\System\GUhNQek.exe

C:\Windows\System\XRLnbAD.exe

C:\Windows\System\XRLnbAD.exe

C:\Windows\System\WqalhLE.exe

C:\Windows\System\WqalhLE.exe

C:\Windows\System\iQJqzmN.exe

C:\Windows\System\iQJqzmN.exe

C:\Windows\System\CeOjmYz.exe

C:\Windows\System\CeOjmYz.exe

C:\Windows\System\QIbVglB.exe

C:\Windows\System\QIbVglB.exe

C:\Windows\System\OwtMBUK.exe

C:\Windows\System\OwtMBUK.exe

C:\Windows\System\kALDOhd.exe

C:\Windows\System\kALDOhd.exe

C:\Windows\System\RRTSCJS.exe

C:\Windows\System\RRTSCJS.exe

C:\Windows\System\COSmbXp.exe

C:\Windows\System\COSmbXp.exe

C:\Windows\System\GAzrnTZ.exe

C:\Windows\System\GAzrnTZ.exe

C:\Windows\System\aJVHhwO.exe

C:\Windows\System\aJVHhwO.exe

C:\Windows\System\QmjBWgM.exe

C:\Windows\System\QmjBWgM.exe

C:\Windows\System\UaVVYTj.exe

C:\Windows\System\UaVVYTj.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2740-0-0x00007FF6DCA30000-0x00007FF6DCD84000-memory.dmp

memory/2740-1-0x0000020883170000-0x0000020883180000-memory.dmp

memory/1156-8-0x00007FF74F6F0000-0x00007FF74FA44000-memory.dmp

C:\Windows\System\idlSNFp.exe

MD5 56cba9abfe64e49d59596b2395385d7c
SHA1 1aea930a278a96dbe6a6e787e7e16db19475fb88
SHA256 960e75813817ec724009c1ce4cf2fd254398ff0c3923d20d0bfa9b548c9228cc
SHA512 e9b86c0d7a9c706f93d52a664bb3a550e8ee228604b67eddaf1d9d0f79d8afd3bbdb6adcc66b70e93848e2b25238a00a93fe560129bbf9426bbaa1b713f43b9d

C:\Windows\System\GaSNInl.exe

MD5 0c76fe4e8612faad84a744ed8afb2069
SHA1 645accf35de9a67f59d263aee0e99a750a0b8d97
SHA256 ffe427ce5290c0f2381e9a91110b80553fdee634f90240d573335744939dfd1b
SHA512 a60562d4e280de7c8533209529889e75f973d22d085699e73b4e520e0c02212bcf74e651308b684b35adc7f929710a1f98f8acba69b9eeaa2c082e719b15fece

C:\Windows\System\IPvGmaL.exe

MD5 8c99494d0bef2664adfb999849615bac
SHA1 3c21b1f5cb246ae5e482724e18f8076ac1623976
SHA256 e475e3163aef84113cddef984c749d11f2b9efc0a39acf002894d48412cf0f57
SHA512 fc8d643da83a7bb23ff1c21f43c8f813360844be7a90ff6bdfd48ab5e0dd34e8e223a110b1837e9a82556266d1a8ef3535acc3b67ad4ee07805fa714ed1f9fb0

C:\Windows\System\iXUflqs.exe

MD5 2a18c68593cd435fe7be1b9315f885a8
SHA1 5f75e4edc557eb89b4e3fc51ab2b0151016e685a
SHA256 cb59b2f3066e6adf1511839b670c654e5da23a278dfe229ceaa08cc558311b98
SHA512 4a33c7f94a2e51fe13a78ee6365ee0cbe08bc80eaa84394a097607fa51183c46c55a70da9970de4b7fe31354ce33737508beb1af9465ec8e08028b6c42958039

C:\Windows\System\YfkBAPd.exe

MD5 0ec428051f14fedaca4b2c9efbae0dc6
SHA1 a485d4ce29088a865d6d217702dceed41a5730e0
SHA256 5ae02cef81a296d5f65d57f9f91068e6631003cdebd31f4080d62578c586349c
SHA512 82945194ecb06fa6f58dcec76fedf91c87e5218313c6a18783eb635685ff6f89b42bc7a61b85cda46853ac5b79b0ee64e858a4cb59d310a0252dcf520103691d

memory/3632-31-0x00007FF6C16B0000-0x00007FF6C1A04000-memory.dmp

memory/4676-32-0x00007FF6FDC00000-0x00007FF6FDF54000-memory.dmp

memory/3688-30-0x00007FF6E91D0000-0x00007FF6E9524000-memory.dmp

memory/1976-17-0x00007FF72F6D0000-0x00007FF72FA24000-memory.dmp

C:\Windows\System\IEmMwlJ.exe

MD5 50c707f8c8afb90d785ad6c61221fe94
SHA1 e4fbef50214692e79cce34e31e87761d5181a6d8
SHA256 d7956d73ee1902373d3cca23b24dbe83c67c6bd7f32a520930cd5e8a44699d6e
SHA512 4a1e8b03085a01a49b2bfeaf84d54f92f043677d8c817f9969606f91292efd82942ca40caa92f38ddc1722d5ae035dd296baeb10a67b1be47624c1436229fbf7

memory/1980-54-0x00007FF781540000-0x00007FF781894000-memory.dmp

memory/2704-65-0x00007FF678E60000-0x00007FF6791B4000-memory.dmp

C:\Windows\System\DrrgMDB.exe

MD5 ce43320563cea978aecb505107eecc29
SHA1 219464054c22107dc5baeca57b3c0a10646c46f6
SHA256 385a732dafe03b8070376437bfb6e4e6f314cb5450cfebcd585b8421e3896120
SHA512 b066c90c88accc187f6a666d3e789060f7030bb4c4456580325aacce30c99ebc3c6b4fe6b59b0fb017caf2f20d661a8c8eb1c59cf4431f567314a4b20afdc85f

C:\Windows\System\WldBVBo.exe

MD5 28f93337b47db16bd5da306f2acb7ace
SHA1 cbb1ecbbe9dd415edc5b5ad6cb03b2b7b1273c7e
SHA256 e345a1732800cf60074ced27482c1f4ae4ca6631bbc043f34c34d57c7d9b7f7b
SHA512 160a2932a0ffef7e1f442b92ae9be287704285584df75846058c0e7e678cdc0405ce5c84792895d0d0675be0f4fdff5eca8ea03a75ed7f52e301028e6e536cf8

memory/4748-61-0x00007FF6E7430000-0x00007FF6E7784000-memory.dmp

C:\Windows\System\tfCcrIC.exe

MD5 99aee6c9ad1218d60c4ef7a3bba8d728
SHA1 0c8f0f3c75eb3394c4ed6fd43a811d15c3631a74
SHA256 6cd0b44cbe408dac3cf411bab3d558daf8f867f95179dfad0f3b78c791a26405
SHA512 1a169333c7550fdb92e56e2621921472d0712c08abf806a3411929a584ff524253ad464e7b5e3cd0f9ae38adbcfef446cd17eb36697d9d865cbfeab105a10f1c

C:\Windows\System\QPxRPWA.exe

MD5 29fbb51777e3732e396687f8c17bdc8d
SHA1 d802f78807e1aec33d34c47497e6558ae9aab19c
SHA256 8c7078e7b3210c7b1453ae45fc5b16ff9ed9250b826d68341323195161e60f5e
SHA512 53e3c3973eac9ba93abe7face02d54bfd3d2b05883bf48da846c52f732bda2ef9d328b224c0cb260dcbafb2cbb373c434e501528bfb5b7cce435073815e1c80d

C:\Windows\System\QydYtQN.exe

MD5 20a8ac2788084a93edec3caa48e5a40d
SHA1 e0294e7c509f6e906d357b9a9d476c6ded06ec77
SHA256 b37771c741b36c399bfe347bc2a3c077c62356fcef6b3eca1bd20e716ce4b9b4
SHA512 c8d9ddf654ea84a2dec140e44a52239d10777e7fceada2f4d50acee1c38cd2b5dfc9bdff4a9089759bdd423d9b4d4ba83d24b9ba322b261bbf01a56a60e1c1ef

C:\Windows\System\wzzFfIj.exe

MD5 61924e89ea5287154498b909cfd9c028
SHA1 e05495ab1dfc06bfa3ba8dbe18d069898d478d10
SHA256 57e66b08f5b0dfb7941616e10fdd177f07146a0e48d483f7bd6c84ea8dfd1adf
SHA512 a4ef8c79f4349bdb5c6ec16ad0084a3a3958fee0589a531f62ce923eb4311100334eb3f97927dc39c3aed1577d89807e7fb146ff217cb3abca1c798b11b4496a

memory/1076-46-0x00007FF6DBD10000-0x00007FF6DC064000-memory.dmp

memory/4800-42-0x00007FF637BD0000-0x00007FF637F24000-memory.dmp

memory/3712-77-0x00007FF6CDC60000-0x00007FF6CDFB4000-memory.dmp

memory/3816-89-0x00007FF688F50000-0x00007FF6892A4000-memory.dmp

C:\Windows\System\TthVnSh.exe

MD5 772320d23d68ac968826ad5b256aee4c
SHA1 f0505fd37500fbc8f47635b855c908aa5d6f3e90
SHA256 1af56a8e01736daba12a44721d658e16c76e224389916880b46e2c702881ff06
SHA512 5521c98e7157b93cc53d72d939243c8387957112463fb81b9c25f679f634355802cbf5c7eff14990b6beaa5f64fa74a5c3147619483d693c08d4bebb752a32f6

C:\Windows\System\aJBHLha.exe

MD5 c4e0f903cccec789ad87ee6eb79906c6
SHA1 35a9a9aa869f14ebd89bc798f8be5790929b5884
SHA256 83881a0b061c39c21287666ae50cbb115d68847a9611e76476112a0045f05f6c
SHA512 05ed698832b5d74286deb60b4405954d15fe6a9473d3b9016a7e36cabee8425238bb4dcc85be5d633ccf32092d3425175781f3d270ce0c0eaa4bb94b800c76f2

C:\Windows\System\kaaIvxS.exe

MD5 f629243d8a2e0fd58701462ea74c9b6f
SHA1 242080cfc905a0560d24ceb84981b234e1ff5d1a
SHA256 c94a32acf9586f519a0262eee034c441ac62afc50d280580ba6fdc678e943d4d
SHA512 158bc3cd30c5a245ea7b1dbe263bfdbd0290129a04cd6bea00637992f9749913b378de721f8a5fd61d9e333219bd12789f493034860cf9f77bb202b4bbe665cd

memory/4564-86-0x00007FF7FF110000-0x00007FF7FF464000-memory.dmp

C:\Windows\System\xIbFmPX.exe

MD5 8727b84a008fae855c3cd1ba6e7eae82
SHA1 7f88e94720de003bd86971940acc2b288f6de1ee
SHA256 43b70e08ab65ce3270c3a03964f55ae717e0b0aebc9910de1adccb5a9ec5ec5b
SHA512 c76bd1f88a3cb0b3393ca4b1b8ac2893116312fd8f85d653b128c71ba244a382e7c5667eacf057105767e89ec088c5a9568c37ee5b7b4af54213d58abed25bf9

C:\Windows\System\rFzRGTp.exe

MD5 38a4fe82415a1905625a2c6262ae658f
SHA1 f69f921f44a037b45ee0d6d9154ded1fc84a8a5c
SHA256 4a3da0749ddd56ead58784d61a17276da8d6fc8dea4adf7135be658504768d6d
SHA512 f774ae5b8c0d640e3488ab76c3fdd17f02fa395dd382e831902b750795d606ed5f09d4ec9bdc34f55e721bf9705194d54f5fcc33109164d130d4c3a5705347e7

C:\Windows\System\slkUHnC.exe

MD5 30636a7b72ed3f065f0a6c4463959e44
SHA1 8a8ebccb360dec3f065d5098695e13012fad7a1a
SHA256 5b5883be4cbb21243a79c3c724d51e672eb3d534196de4320639d9fefe2ac4f2
SHA512 919b62a14880e73d6a993dbf901dc36b7c1fd5f5996ba20b0212249a7f19cec21ba331df50752692c82838d26324385c1bef26bb47b6757118c0d7cd64aba71d

C:\Windows\System\lrJDlHt.exe

MD5 16b7f3024fce4ffbf1c7ed7a385738c3
SHA1 7f1e425bd1bfaa5cfb75db2d1585f9feca456997
SHA256 9fca7606e438f54fd8b2b4da7a3014a83f711046838e53e25fae2f38bee8524f
SHA512 3bb066e754da9a4dfeb081332874c1965c5a55a96d25a0ca39cf1138f81fbb4e635bb1eb5d6418b9b18d9b2b6e99e4facead7280390280854946d6966f9ae4c7

C:\Windows\System\AunEDJA.exe

MD5 a7b11df204e25420af175e7de1c3d914
SHA1 b8121bba5950cf6c1a13000cccfec419c7788ee3
SHA256 ed758dad12b3e42c03b3e4126a7f08a09d9c4cd31221bb10251acaf25f7d47ef
SHA512 c9a58df85ea4b05f0213c736c1e83bf41e5dc6bcc97af1f9d2c994a4a02e35b6f63b04577a066e10504b798dbb8e1ba99ac8a7f537403b6adcadc928e0fd832a

C:\Windows\System\NOWYsAC.exe

MD5 9f245badd2a2c637905da29c287285ab
SHA1 8df57e54bd74e12037f634fc237dce44589d849a
SHA256 1c9209b1020cd48d250147736bab860effd00881a0b4be93079caa1fc7bcf7dd
SHA512 d220f26eb3698e7f76ae98b2fc961584767e832b04e48817984860f29d6daa51afee24725bb8a4496b33252cf18278a86a2ecc00ab6fbd560c660d5e94a9b82e

C:\Windows\System\QJzOMyN.exe

MD5 cdd26336167494c81a375cc7960522ca
SHA1 488db15e200c4d76ce166c1f24b82bfad1a69157
SHA256 b823140d6cdcbf17a3a963d01c1be42dc40afa79f957b3a9a6c43a4c68c2a68e
SHA512 d6469ad1b677205d436aa1895e3b35d5c2a7c43076d5323e37b29a11d675f4d70cec6fc37f5cdb865d517d8f59d45e5e49eca48d0a27e651e6e34bcef23aed9b

memory/2460-492-0x00007FF7E5200000-0x00007FF7E5554000-memory.dmp

memory/628-499-0x00007FF6F8ED0000-0x00007FF6F9224000-memory.dmp

memory/3056-500-0x00007FF7562F0000-0x00007FF756644000-memory.dmp

memory/1336-509-0x00007FF6B87A0000-0x00007FF6B8AF4000-memory.dmp

memory/3464-543-0x00007FF703F90000-0x00007FF7042E4000-memory.dmp

memory/112-551-0x00007FF677B50000-0x00007FF677EA4000-memory.dmp

memory/2096-558-0x00007FF7F4B60000-0x00007FF7F4EB4000-memory.dmp

memory/2896-560-0x00007FF74A5D0000-0x00007FF74A924000-memory.dmp

memory/1244-559-0x00007FF629620000-0x00007FF629974000-memory.dmp

memory/2128-541-0x00007FF78B6B0000-0x00007FF78BA04000-memory.dmp

memory/4464-534-0x00007FF736E10000-0x00007FF737164000-memory.dmp

memory/3160-528-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp

memory/3956-522-0x00007FF677620000-0x00007FF677974000-memory.dmp

memory/1248-517-0x00007FF6C46D0000-0x00007FF6C4A24000-memory.dmp

memory/2256-514-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp

C:\Windows\System\hFBNLBh.exe

MD5 f78beb34f672238bea87c6218faa28f9
SHA1 32704261c5263820736cca6bbbbc8f7a474d880c
SHA256 ccf517c2c6f66448bf8316ff864722b8f5fb9e1368f8051485ec628f02f774d7
SHA512 0d74a5b1aa413ae260558cf7745f74cef4f03899026ffcf2461c36077fe1e90e68a9cd4f29c3b9f39f30304710d71b4de596d34ac55de5c6f66638226a421a3a

C:\Windows\System\DxhypNU.exe

MD5 082e0b18c57f871f9650fdae8e7ee4df
SHA1 303d00fafcc853451195d759f15e1f44587e622e
SHA256 2dc46449192f0437aedcf0157e3af4a9f3c70f12c6e85f604de00c341ed30d5b
SHA512 3e043f7fec9e7ebec03c70b5cb9b036a14cec8794de3e16a9786915d1057f6a9961f4e5adbc6f356e0eb11c2b9ef4f3b568cf7acceaca1ebe5cbb367c423187f

C:\Windows\System\zdveLqe.exe

MD5 a63c32d5fbf5cf022c2d02508b5807e5
SHA1 5cefe0415d3089a4511fb299569a13964ce89005
SHA256 09a669075e1c2ec0566f38588766d7508715bf9dba17db83fef8323ea88a4c4d
SHA512 910c2cb890b07a704c2d1bdb5ab6e5b7d9e5c63ab62686ab7c5057b55c767ca90e65345989affb220884e45f9f2cee5c237a6be2d199445da874e460721aaccb

C:\Windows\System\GWDCBSO.exe

MD5 5b79d988a9488d5e08eda162b1dc055a
SHA1 027a0a775e2f16fdb167921ef4a49aaab261ac6b
SHA256 c295adadf0226b93f9f91cfa742f72a8fc1a1f149b3a053f0c59c0e440b93674
SHA512 9479a9a2e0214612c5ea639f1839bc8852e962309b839234cc75e62f780372f0bf5dd9e254758f2f5cdc5084e2853c556c64562f145dadad7b59765d79b709d0

C:\Windows\System\voJqbgP.exe

MD5 be56ac270ee0442382b80ee325b78e75
SHA1 235d212ae1a98590c9ade9fdd7519f05fdcf05c9
SHA256 d889ec0f0f03245ba2f08973093c7a468404ef534c5c5e1ea5555ca8d606c3e1
SHA512 6c7638ac62ca3bebdde684762cc636d74d32957ae597c6b90dfb6415b23a7271eb0f4c8f231b74e5fb19d28f6382888771cd6146201b983e1e5ae5811552a7e6

C:\Windows\System\xcrYeIQ.exe

MD5 774a4974f80d8e6a8e6b32b62e45e992
SHA1 d0d51bb46e39bf72b701f7b63898737f2ff5da54
SHA256 c36d7c6e0f18fb2212dd6631ab483e9b4b4d04fd0710160e25e2946fd6845f0e
SHA512 d0a79aede08552477ddd486a4afa55eb70d9d10704c01b78283582a2c8a2a0292416bf2e6e378f413f4ea4a1de9016bbcf443d293ed856d0071855d21410c316

C:\Windows\System\uyouVJo.exe

MD5 f8fbb321343e797a864b680a656d206d
SHA1 310b3866577dd497727483c469bb7ce0dbf25e9b
SHA256 cae6fe59f365ae49cfb5c0436e2a26d095157e4bbeb6ab06d9780439224d23a5
SHA512 489994a662ed4cecae6524e019177014acc4d67112adcbfbd38d5ace7e9c7e9e6e39c1dd61cd88252099371c93451bb5108e4f4245f0cbabd8ca8740df6b20c6

C:\Windows\System\UeAbpUa.exe

MD5 cf2b8382d12ed6fef7f03c8b0c82ab12
SHA1 89f9888bae63e84c7ed46a0b115c4a93305b5c28
SHA256 2fc415b625170a6f11d8c7dce9714ed6e06cbf7631f6c445e9ee6a5474776aa4
SHA512 9b5b25204676e8ddfe11afc0c69b3f5da6356f1580abb73b0fd7097284d7bade93a890889e8658f960475bcd030790634d1bc7c6b821fc50ae4a6fe144f4ef5d

C:\Windows\System\mEeuvtv.exe

MD5 e137fa314d082da87015d69714d3f5ee
SHA1 3fc647ab44951ff150c0170c40c239bf95075ee7
SHA256 e166e859f170d6a3fc3b8506ae7ece4953dd362ce76854d4039a9ee7d3d13843
SHA512 f5f924d3459804ee39d15311971c2f7ae255f204034afc4964f137d972ffba5a5827cd7f81d0d98b0fbcc6ba69093695713bd73d4fc72dabf5814c815b4e6476

C:\Windows\System\GAvFhsI.exe

MD5 a36125448042169b598fb511da15d058
SHA1 b0131684e01cc2c8a8767f885fb0a3e7a6c59118
SHA256 06c7723f2392e488d0c240d30e9680f3f263328c758d2991e83353939efb362b
SHA512 5c933ead761838af9aaea2b430b9b60ff97d7dc23d70eb49e50826e0f75e739dfbd805d8af43652f4f2aa72376d4f35cfac2e8b45fb57f6e992aef9969294e95

memory/2680-121-0x00007FF736EF0000-0x00007FF737244000-memory.dmp

C:\Windows\System\KmzwwsL.exe

MD5 2cfbc8607ec5d19f435e4e2193b9087a
SHA1 334411f25998de915ce1dc71ae365d0ca5191bff
SHA256 3d06219b84ada7eb98623476f42e964bfecb1fefa1845548d94304eacca5835f
SHA512 eaaafc7fbe3b3fd44407f15177ce28a71cc874406c38f6067f7174f2a74f71153d1428eafd866bf5d3c5c36ecd7a615dd8bbc554cd58beff5578b3df4b7ff4fe

memory/2740-1070-0x00007FF6DCA30000-0x00007FF6DCD84000-memory.dmp

memory/1156-1071-0x00007FF74F6F0000-0x00007FF74FA44000-memory.dmp

memory/4800-1072-0x00007FF637BD0000-0x00007FF637F24000-memory.dmp

memory/1076-1073-0x00007FF6DBD10000-0x00007FF6DC064000-memory.dmp

memory/1980-1074-0x00007FF781540000-0x00007FF781894000-memory.dmp

memory/4748-1075-0x00007FF6E7430000-0x00007FF6E7784000-memory.dmp

memory/2704-1076-0x00007FF678E60000-0x00007FF6791B4000-memory.dmp

memory/2680-1077-0x00007FF736EF0000-0x00007FF737244000-memory.dmp

memory/3816-1078-0x00007FF688F50000-0x00007FF6892A4000-memory.dmp

memory/1976-1079-0x00007FF72F6D0000-0x00007FF72FA24000-memory.dmp

memory/1156-1080-0x00007FF74F6F0000-0x00007FF74FA44000-memory.dmp

memory/3632-1081-0x00007FF6C16B0000-0x00007FF6C1A04000-memory.dmp

memory/4676-1083-0x00007FF6FDC00000-0x00007FF6FDF54000-memory.dmp

memory/3688-1082-0x00007FF6E91D0000-0x00007FF6E9524000-memory.dmp

memory/4800-1084-0x00007FF637BD0000-0x00007FF637F24000-memory.dmp

memory/4748-1086-0x00007FF6E7430000-0x00007FF6E7784000-memory.dmp

memory/1980-1085-0x00007FF781540000-0x00007FF781894000-memory.dmp

memory/1076-1089-0x00007FF6DBD10000-0x00007FF6DC064000-memory.dmp

memory/4564-1088-0x00007FF7FF110000-0x00007FF7FF464000-memory.dmp

memory/3712-1087-0x00007FF6CDC60000-0x00007FF6CDFB4000-memory.dmp

memory/2704-1090-0x00007FF678E60000-0x00007FF6791B4000-memory.dmp

memory/2460-1091-0x00007FF7E5200000-0x00007FF7E5554000-memory.dmp

memory/3816-1093-0x00007FF688F50000-0x00007FF6892A4000-memory.dmp

memory/2096-1092-0x00007FF7F4B60000-0x00007FF7F4EB4000-memory.dmp

memory/2680-1094-0x00007FF736EF0000-0x00007FF737244000-memory.dmp

memory/4464-1095-0x00007FF736E10000-0x00007FF737164000-memory.dmp

memory/1244-1103-0x00007FF629620000-0x00007FF629974000-memory.dmp

memory/1336-1105-0x00007FF6B87A0000-0x00007FF6B8AF4000-memory.dmp

memory/3464-1107-0x00007FF703F90000-0x00007FF7042E4000-memory.dmp

memory/112-1106-0x00007FF677B50000-0x00007FF677EA4000-memory.dmp

memory/2128-1104-0x00007FF78B6B0000-0x00007FF78BA04000-memory.dmp

memory/628-1102-0x00007FF6F8ED0000-0x00007FF6F9224000-memory.dmp

memory/3056-1101-0x00007FF7562F0000-0x00007FF756644000-memory.dmp

memory/2256-1100-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp

memory/1248-1099-0x00007FF6C46D0000-0x00007FF6C4A24000-memory.dmp

memory/2896-1098-0x00007FF74A5D0000-0x00007FF74A924000-memory.dmp

memory/3956-1097-0x00007FF677620000-0x00007FF677974000-memory.dmp

memory/3160-1096-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp