Malware Analysis Report

2024-10-10 09:08

Sample ID 240620-zt2w3s1elp
Target 0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe
SHA256 0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c

Threat Level: Known bad

The file 0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Xmrig family

KPOT

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 21:01

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 21:01

Reported

2024-06-20 21:03

Platform

win7-20240611-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\hdwRxCv.exe N/A
N/A N/A C:\Windows\System\kFAyGmb.exe N/A
N/A N/A C:\Windows\System\blGbetz.exe N/A
N/A N/A C:\Windows\System\goYlsvG.exe N/A
N/A N/A C:\Windows\System\GMPbCmZ.exe N/A
N/A N/A C:\Windows\System\datmOal.exe N/A
N/A N/A C:\Windows\System\qAHEfEz.exe N/A
N/A N/A C:\Windows\System\pnZhMpu.exe N/A
N/A N/A C:\Windows\System\YVwDnEw.exe N/A
N/A N/A C:\Windows\System\atIzMSw.exe N/A
N/A N/A C:\Windows\System\AQEFgIe.exe N/A
N/A N/A C:\Windows\System\OrnqKlc.exe N/A
N/A N/A C:\Windows\System\DddLXZV.exe N/A
N/A N/A C:\Windows\System\hAHaoFH.exe N/A
N/A N/A C:\Windows\System\zhAoJZG.exe N/A
N/A N/A C:\Windows\System\GkGCZwK.exe N/A
N/A N/A C:\Windows\System\zXGYxzr.exe N/A
N/A N/A C:\Windows\System\faufDoX.exe N/A
N/A N/A C:\Windows\System\PvoumAx.exe N/A
N/A N/A C:\Windows\System\HKceawa.exe N/A
N/A N/A C:\Windows\System\fFLajDc.exe N/A
N/A N/A C:\Windows\System\SExWcSB.exe N/A
N/A N/A C:\Windows\System\ZuVetyX.exe N/A
N/A N/A C:\Windows\System\kxwDyBi.exe N/A
N/A N/A C:\Windows\System\mBueHNH.exe N/A
N/A N/A C:\Windows\System\epPtFKH.exe N/A
N/A N/A C:\Windows\System\JXyLemz.exe N/A
N/A N/A C:\Windows\System\NNToaRz.exe N/A
N/A N/A C:\Windows\System\RBdmDaZ.exe N/A
N/A N/A C:\Windows\System\VUItKuX.exe N/A
N/A N/A C:\Windows\System\hMIrqkV.exe N/A
N/A N/A C:\Windows\System\ymcjXQZ.exe N/A
N/A N/A C:\Windows\System\AhhyabH.exe N/A
N/A N/A C:\Windows\System\fllGlxU.exe N/A
N/A N/A C:\Windows\System\ZUgtbTy.exe N/A
N/A N/A C:\Windows\System\qzrXXoZ.exe N/A
N/A N/A C:\Windows\System\GobjNLi.exe N/A
N/A N/A C:\Windows\System\fsaaMXd.exe N/A
N/A N/A C:\Windows\System\lBlsXec.exe N/A
N/A N/A C:\Windows\System\FfMoZxA.exe N/A
N/A N/A C:\Windows\System\MCUAZoX.exe N/A
N/A N/A C:\Windows\System\LsVvEnd.exe N/A
N/A N/A C:\Windows\System\yfZKlam.exe N/A
N/A N/A C:\Windows\System\FTtJuFM.exe N/A
N/A N/A C:\Windows\System\FMSklJY.exe N/A
N/A N/A C:\Windows\System\uhxIhTP.exe N/A
N/A N/A C:\Windows\System\wLHRTgm.exe N/A
N/A N/A C:\Windows\System\jUPItri.exe N/A
N/A N/A C:\Windows\System\cUIHoen.exe N/A
N/A N/A C:\Windows\System\AUHIzEy.exe N/A
N/A N/A C:\Windows\System\uBVZKKM.exe N/A
N/A N/A C:\Windows\System\BsPuvCx.exe N/A
N/A N/A C:\Windows\System\TEuPhIB.exe N/A
N/A N/A C:\Windows\System\LhbiFQI.exe N/A
N/A N/A C:\Windows\System\gyXFpCu.exe N/A
N/A N/A C:\Windows\System\LqKHdHj.exe N/A
N/A N/A C:\Windows\System\gUIfcoY.exe N/A
N/A N/A C:\Windows\System\MEkIwxS.exe N/A
N/A N/A C:\Windows\System\DeVugKH.exe N/A
N/A N/A C:\Windows\System\zoOwuYn.exe N/A
N/A N/A C:\Windows\System\cmlcqXe.exe N/A
N/A N/A C:\Windows\System\nBiPYJW.exe N/A
N/A N/A C:\Windows\System\IQQznkw.exe N/A
N/A N/A C:\Windows\System\nvelPHt.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\bglnsAC.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BLsAfJA.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pIdYqvL.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAHaoFH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyXFpCu.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoOwuYn.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdgIClt.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuVetyX.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUgtbTy.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgoRIcl.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\atJwmkF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrAbZfV.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcNeYHk.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVoQaFs.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlJIxkR.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCEdeXR.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKtfhOx.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTfldFR.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkVdbls.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLTYOCI.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCUAZoX.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhbiFQI.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\wATCAfs.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\siJWhpE.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXtWlZN.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mebsnFU.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZvBGcI.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMzjdEH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBdmDaZ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymcjXQZ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAyukoB.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmEhVzD.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWmiiHG.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfPDDUy.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\vdmoOSd.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\agVrnqL.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\kjjOsrG.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEdNaZg.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfMoZxA.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DeVugKH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\Iuyxmgv.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\BaQCmjD.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCvtssF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEPfVTH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wcvcdmt.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlJIKDC.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUHIzEy.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUIfcoY.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\shrCCEq.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtdiuWe.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\jUopktx.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zTyYfUb.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rosuOrv.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\atIzMSw.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKceawa.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqKHdHj.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNMIlEB.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVJFcCO.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\qzrXXoZ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\avTxcbJ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRmxdJZ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnZhMpu.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVvczgi.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DnXBZmA.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1548 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hdwRxCv.exe
PID 1548 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hdwRxCv.exe
PID 1548 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hdwRxCv.exe
PID 1548 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\kFAyGmb.exe
PID 1548 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\kFAyGmb.exe
PID 1548 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\kFAyGmb.exe
PID 1548 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GMPbCmZ.exe
PID 1548 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GMPbCmZ.exe
PID 1548 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GMPbCmZ.exe
PID 1548 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\blGbetz.exe
PID 1548 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\blGbetz.exe
PID 1548 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\blGbetz.exe
PID 1548 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\datmOal.exe
PID 1548 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\datmOal.exe
PID 1548 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\datmOal.exe
PID 1548 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\goYlsvG.exe
PID 1548 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\goYlsvG.exe
PID 1548 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\goYlsvG.exe
PID 1548 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\qAHEfEz.exe
PID 1548 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\qAHEfEz.exe
PID 1548 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\qAHEfEz.exe
PID 1548 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\pnZhMpu.exe
PID 1548 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\pnZhMpu.exe
PID 1548 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\pnZhMpu.exe
PID 1548 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\AQEFgIe.exe
PID 1548 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\AQEFgIe.exe
PID 1548 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\AQEFgIe.exe
PID 1548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YVwDnEw.exe
PID 1548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YVwDnEw.exe
PID 1548 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YVwDnEw.exe
PID 1548 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\OrnqKlc.exe
PID 1548 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\OrnqKlc.exe
PID 1548 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\OrnqKlc.exe
PID 1548 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\atIzMSw.exe
PID 1548 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\atIzMSw.exe
PID 1548 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\atIzMSw.exe
PID 1548 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\DddLXZV.exe
PID 1548 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\DddLXZV.exe
PID 1548 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\DddLXZV.exe
PID 1548 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hAHaoFH.exe
PID 1548 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hAHaoFH.exe
PID 1548 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hAHaoFH.exe
PID 1548 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zhAoJZG.exe
PID 1548 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zhAoJZG.exe
PID 1548 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zhAoJZG.exe
PID 1548 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GkGCZwK.exe
PID 1548 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GkGCZwK.exe
PID 1548 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\GkGCZwK.exe
PID 1548 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zXGYxzr.exe
PID 1548 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zXGYxzr.exe
PID 1548 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\zXGYxzr.exe
PID 1548 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\faufDoX.exe
PID 1548 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\faufDoX.exe
PID 1548 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\faufDoX.exe
PID 1548 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\PvoumAx.exe
PID 1548 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\PvoumAx.exe
PID 1548 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\PvoumAx.exe
PID 1548 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HKceawa.exe
PID 1548 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HKceawa.exe
PID 1548 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HKceawa.exe
PID 1548 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\fFLajDc.exe
PID 1548 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\fFLajDc.exe
PID 1548 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\fFLajDc.exe
PID 1548 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\SExWcSB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe"

C:\Windows\System\hdwRxCv.exe

C:\Windows\System\hdwRxCv.exe

C:\Windows\System\kFAyGmb.exe

C:\Windows\System\kFAyGmb.exe

C:\Windows\System\GMPbCmZ.exe

C:\Windows\System\GMPbCmZ.exe

C:\Windows\System\blGbetz.exe

C:\Windows\System\blGbetz.exe

C:\Windows\System\datmOal.exe

C:\Windows\System\datmOal.exe

C:\Windows\System\goYlsvG.exe

C:\Windows\System\goYlsvG.exe

C:\Windows\System\qAHEfEz.exe

C:\Windows\System\qAHEfEz.exe

C:\Windows\System\pnZhMpu.exe

C:\Windows\System\pnZhMpu.exe

C:\Windows\System\AQEFgIe.exe

C:\Windows\System\AQEFgIe.exe

C:\Windows\System\YVwDnEw.exe

C:\Windows\System\YVwDnEw.exe

C:\Windows\System\OrnqKlc.exe

C:\Windows\System\OrnqKlc.exe

C:\Windows\System\atIzMSw.exe

C:\Windows\System\atIzMSw.exe

C:\Windows\System\DddLXZV.exe

C:\Windows\System\DddLXZV.exe

C:\Windows\System\hAHaoFH.exe

C:\Windows\System\hAHaoFH.exe

C:\Windows\System\zhAoJZG.exe

C:\Windows\System\zhAoJZG.exe

C:\Windows\System\GkGCZwK.exe

C:\Windows\System\GkGCZwK.exe

C:\Windows\System\zXGYxzr.exe

C:\Windows\System\zXGYxzr.exe

C:\Windows\System\faufDoX.exe

C:\Windows\System\faufDoX.exe

C:\Windows\System\PvoumAx.exe

C:\Windows\System\PvoumAx.exe

C:\Windows\System\HKceawa.exe

C:\Windows\System\HKceawa.exe

C:\Windows\System\fFLajDc.exe

C:\Windows\System\fFLajDc.exe

C:\Windows\System\SExWcSB.exe

C:\Windows\System\SExWcSB.exe

C:\Windows\System\ZuVetyX.exe

C:\Windows\System\ZuVetyX.exe

C:\Windows\System\kxwDyBi.exe

C:\Windows\System\kxwDyBi.exe

C:\Windows\System\mBueHNH.exe

C:\Windows\System\mBueHNH.exe

C:\Windows\System\epPtFKH.exe

C:\Windows\System\epPtFKH.exe

C:\Windows\System\JXyLemz.exe

C:\Windows\System\JXyLemz.exe

C:\Windows\System\NNToaRz.exe

C:\Windows\System\NNToaRz.exe

C:\Windows\System\RBdmDaZ.exe

C:\Windows\System\RBdmDaZ.exe

C:\Windows\System\VUItKuX.exe

C:\Windows\System\VUItKuX.exe

C:\Windows\System\hMIrqkV.exe

C:\Windows\System\hMIrqkV.exe

C:\Windows\System\ymcjXQZ.exe

C:\Windows\System\ymcjXQZ.exe

C:\Windows\System\AhhyabH.exe

C:\Windows\System\AhhyabH.exe

C:\Windows\System\fllGlxU.exe

C:\Windows\System\fllGlxU.exe

C:\Windows\System\ZUgtbTy.exe

C:\Windows\System\ZUgtbTy.exe

C:\Windows\System\qzrXXoZ.exe

C:\Windows\System\qzrXXoZ.exe

C:\Windows\System\GobjNLi.exe

C:\Windows\System\GobjNLi.exe

C:\Windows\System\fsaaMXd.exe

C:\Windows\System\fsaaMXd.exe

C:\Windows\System\lBlsXec.exe

C:\Windows\System\lBlsXec.exe

C:\Windows\System\FfMoZxA.exe

C:\Windows\System\FfMoZxA.exe

C:\Windows\System\MCUAZoX.exe

C:\Windows\System\MCUAZoX.exe

C:\Windows\System\LsVvEnd.exe

C:\Windows\System\LsVvEnd.exe

C:\Windows\System\yfZKlam.exe

C:\Windows\System\yfZKlam.exe

C:\Windows\System\FTtJuFM.exe

C:\Windows\System\FTtJuFM.exe

C:\Windows\System\FMSklJY.exe

C:\Windows\System\FMSklJY.exe

C:\Windows\System\uhxIhTP.exe

C:\Windows\System\uhxIhTP.exe

C:\Windows\System\wLHRTgm.exe

C:\Windows\System\wLHRTgm.exe

C:\Windows\System\jUPItri.exe

C:\Windows\System\jUPItri.exe

C:\Windows\System\cUIHoen.exe

C:\Windows\System\cUIHoen.exe

C:\Windows\System\AUHIzEy.exe

C:\Windows\System\AUHIzEy.exe

C:\Windows\System\uBVZKKM.exe

C:\Windows\System\uBVZKKM.exe

C:\Windows\System\BsPuvCx.exe

C:\Windows\System\BsPuvCx.exe

C:\Windows\System\TEuPhIB.exe

C:\Windows\System\TEuPhIB.exe

C:\Windows\System\LhbiFQI.exe

C:\Windows\System\LhbiFQI.exe

C:\Windows\System\gyXFpCu.exe

C:\Windows\System\gyXFpCu.exe

C:\Windows\System\LqKHdHj.exe

C:\Windows\System\LqKHdHj.exe

C:\Windows\System\gUIfcoY.exe

C:\Windows\System\gUIfcoY.exe

C:\Windows\System\MEkIwxS.exe

C:\Windows\System\MEkIwxS.exe

C:\Windows\System\DeVugKH.exe

C:\Windows\System\DeVugKH.exe

C:\Windows\System\zoOwuYn.exe

C:\Windows\System\zoOwuYn.exe

C:\Windows\System\cmlcqXe.exe

C:\Windows\System\cmlcqXe.exe

C:\Windows\System\nBiPYJW.exe

C:\Windows\System\nBiPYJW.exe

C:\Windows\System\IQQznkw.exe

C:\Windows\System\IQQznkw.exe

C:\Windows\System\nvelPHt.exe

C:\Windows\System\nvelPHt.exe

C:\Windows\System\QCOdJUc.exe

C:\Windows\System\QCOdJUc.exe

C:\Windows\System\gqCplyf.exe

C:\Windows\System\gqCplyf.exe

C:\Windows\System\qUtRBlX.exe

C:\Windows\System\qUtRBlX.exe

C:\Windows\System\uIXTecz.exe

C:\Windows\System\uIXTecz.exe

C:\Windows\System\fIwBYRk.exe

C:\Windows\System\fIwBYRk.exe

C:\Windows\System\wATCAfs.exe

C:\Windows\System\wATCAfs.exe

C:\Windows\System\IfuObMN.exe

C:\Windows\System\IfuObMN.exe

C:\Windows\System\JUcIyGy.exe

C:\Windows\System\JUcIyGy.exe

C:\Windows\System\JvRjdEZ.exe

C:\Windows\System\JvRjdEZ.exe

C:\Windows\System\NEoGcBd.exe

C:\Windows\System\NEoGcBd.exe

C:\Windows\System\aBIbpdf.exe

C:\Windows\System\aBIbpdf.exe

C:\Windows\System\YSSlQPP.exe

C:\Windows\System\YSSlQPP.exe

C:\Windows\System\gsKTYUw.exe

C:\Windows\System\gsKTYUw.exe

C:\Windows\System\lhQYZWq.exe

C:\Windows\System\lhQYZWq.exe

C:\Windows\System\QcACBhY.exe

C:\Windows\System\QcACBhY.exe

C:\Windows\System\zReetNF.exe

C:\Windows\System\zReetNF.exe

C:\Windows\System\nRkobuh.exe

C:\Windows\System\nRkobuh.exe

C:\Windows\System\NAyukoB.exe

C:\Windows\System\NAyukoB.exe

C:\Windows\System\Iuyxmgv.exe

C:\Windows\System\Iuyxmgv.exe

C:\Windows\System\WttBXuC.exe

C:\Windows\System\WttBXuC.exe

C:\Windows\System\izarbso.exe

C:\Windows\System\izarbso.exe

C:\Windows\System\QasDKbO.exe

C:\Windows\System\QasDKbO.exe

C:\Windows\System\tAhdskE.exe

C:\Windows\System\tAhdskE.exe

C:\Windows\System\CLRALeR.exe

C:\Windows\System\CLRALeR.exe

C:\Windows\System\tcNeYHk.exe

C:\Windows\System\tcNeYHk.exe

C:\Windows\System\XSmAtUK.exe

C:\Windows\System\XSmAtUK.exe

C:\Windows\System\QmOdVmF.exe

C:\Windows\System\QmOdVmF.exe

C:\Windows\System\CJDcxcI.exe

C:\Windows\System\CJDcxcI.exe

C:\Windows\System\shrCCEq.exe

C:\Windows\System\shrCCEq.exe

C:\Windows\System\dRLMSMh.exe

C:\Windows\System\dRLMSMh.exe

C:\Windows\System\siJWhpE.exe

C:\Windows\System\siJWhpE.exe

C:\Windows\System\hzZoBTW.exe

C:\Windows\System\hzZoBTW.exe

C:\Windows\System\RMbABNx.exe

C:\Windows\System\RMbABNx.exe

C:\Windows\System\OWNaXeP.exe

C:\Windows\System\OWNaXeP.exe

C:\Windows\System\wTrAuuy.exe

C:\Windows\System\wTrAuuy.exe

C:\Windows\System\GpsDCfm.exe

C:\Windows\System\GpsDCfm.exe

C:\Windows\System\dUdEpwd.exe

C:\Windows\System\dUdEpwd.exe

C:\Windows\System\FiItOmE.exe

C:\Windows\System\FiItOmE.exe

C:\Windows\System\bglnsAC.exe

C:\Windows\System\bglnsAC.exe

C:\Windows\System\QXcvDUb.exe

C:\Windows\System\QXcvDUb.exe

C:\Windows\System\QizDUhY.exe

C:\Windows\System\QizDUhY.exe

C:\Windows\System\hEcEfne.exe

C:\Windows\System\hEcEfne.exe

C:\Windows\System\meWtmJh.exe

C:\Windows\System\meWtmJh.exe

C:\Windows\System\vxqQmzS.exe

C:\Windows\System\vxqQmzS.exe

C:\Windows\System\IfIdhtt.exe

C:\Windows\System\IfIdhtt.exe

C:\Windows\System\WrUTraW.exe

C:\Windows\System\WrUTraW.exe

C:\Windows\System\HdbOqYZ.exe

C:\Windows\System\HdbOqYZ.exe

C:\Windows\System\VSKinuK.exe

C:\Windows\System\VSKinuK.exe

C:\Windows\System\OyfKBMS.exe

C:\Windows\System\OyfKBMS.exe

C:\Windows\System\RJQbEMk.exe

C:\Windows\System\RJQbEMk.exe

C:\Windows\System\VEgJebV.exe

C:\Windows\System\VEgJebV.exe

C:\Windows\System\ZCEdeXR.exe

C:\Windows\System\ZCEdeXR.exe

C:\Windows\System\QsNqzbR.exe

C:\Windows\System\QsNqzbR.exe

C:\Windows\System\TWfymYC.exe

C:\Windows\System\TWfymYC.exe

C:\Windows\System\VtdiuWe.exe

C:\Windows\System\VtdiuWe.exe

C:\Windows\System\UnoousT.exe

C:\Windows\System\UnoousT.exe

C:\Windows\System\rnizBYE.exe

C:\Windows\System\rnizBYE.exe

C:\Windows\System\GvPlXti.exe

C:\Windows\System\GvPlXti.exe

C:\Windows\System\rXtWlZN.exe

C:\Windows\System\rXtWlZN.exe

C:\Windows\System\sVoQaFs.exe

C:\Windows\System\sVoQaFs.exe

C:\Windows\System\KRFsihd.exe

C:\Windows\System\KRFsihd.exe

C:\Windows\System\LmrjZKM.exe

C:\Windows\System\LmrjZKM.exe

C:\Windows\System\VhJQoBV.exe

C:\Windows\System\VhJQoBV.exe

C:\Windows\System\DVvczgi.exe

C:\Windows\System\DVvczgi.exe

C:\Windows\System\yXovaVH.exe

C:\Windows\System\yXovaVH.exe

C:\Windows\System\FqEhbwp.exe

C:\Windows\System\FqEhbwp.exe

C:\Windows\System\sjCgsBG.exe

C:\Windows\System\sjCgsBG.exe

C:\Windows\System\EHFCQuK.exe

C:\Windows\System\EHFCQuK.exe

C:\Windows\System\TuawmtT.exe

C:\Windows\System\TuawmtT.exe

C:\Windows\System\vdmoOSd.exe

C:\Windows\System\vdmoOSd.exe

C:\Windows\System\KrcbJnW.exe

C:\Windows\System\KrcbJnW.exe

C:\Windows\System\akaOsND.exe

C:\Windows\System\akaOsND.exe

C:\Windows\System\VHrbUHa.exe

C:\Windows\System\VHrbUHa.exe

C:\Windows\System\cWjlcYy.exe

C:\Windows\System\cWjlcYy.exe

C:\Windows\System\XOEVbGf.exe

C:\Windows\System\XOEVbGf.exe

C:\Windows\System\moIdRfp.exe

C:\Windows\System\moIdRfp.exe

C:\Windows\System\SqOMEED.exe

C:\Windows\System\SqOMEED.exe

C:\Windows\System\agVrnqL.exe

C:\Windows\System\agVrnqL.exe

C:\Windows\System\JBUHOFI.exe

C:\Windows\System\JBUHOFI.exe

C:\Windows\System\tklBQnN.exe

C:\Windows\System\tklBQnN.exe

C:\Windows\System\sRoaKsa.exe

C:\Windows\System\sRoaKsa.exe

C:\Windows\System\cgxhlll.exe

C:\Windows\System\cgxhlll.exe

C:\Windows\System\GIedihi.exe

C:\Windows\System\GIedihi.exe

C:\Windows\System\YCtWZHY.exe

C:\Windows\System\YCtWZHY.exe

C:\Windows\System\TtVYWWI.exe

C:\Windows\System\TtVYWWI.exe

C:\Windows\System\FhEWqCs.exe

C:\Windows\System\FhEWqCs.exe

C:\Windows\System\ezaPpVb.exe

C:\Windows\System\ezaPpVb.exe

C:\Windows\System\iDYyvdf.exe

C:\Windows\System\iDYyvdf.exe

C:\Windows\System\ELJjLwA.exe

C:\Windows\System\ELJjLwA.exe

C:\Windows\System\mSXcZfj.exe

C:\Windows\System\mSXcZfj.exe

C:\Windows\System\AtNyTTg.exe

C:\Windows\System\AtNyTTg.exe

C:\Windows\System\DnXBZmA.exe

C:\Windows\System\DnXBZmA.exe

C:\Windows\System\IQxVBrY.exe

C:\Windows\System\IQxVBrY.exe

C:\Windows\System\IjXtwiO.exe

C:\Windows\System\IjXtwiO.exe

C:\Windows\System\fxWeBZy.exe

C:\Windows\System\fxWeBZy.exe

C:\Windows\System\BaQCmjD.exe

C:\Windows\System\BaQCmjD.exe

C:\Windows\System\dMNZlZa.exe

C:\Windows\System\dMNZlZa.exe

C:\Windows\System\GxPmJcT.exe

C:\Windows\System\GxPmJcT.exe

C:\Windows\System\peNSNnH.exe

C:\Windows\System\peNSNnH.exe

C:\Windows\System\LXSUjVK.exe

C:\Windows\System\LXSUjVK.exe

C:\Windows\System\xHWlwCU.exe

C:\Windows\System\xHWlwCU.exe

C:\Windows\System\ilnLXVn.exe

C:\Windows\System\ilnLXVn.exe

C:\Windows\System\oFScahK.exe

C:\Windows\System\oFScahK.exe

C:\Windows\System\kjjOsrG.exe

C:\Windows\System\kjjOsrG.exe

C:\Windows\System\YHHQzuk.exe

C:\Windows\System\YHHQzuk.exe

C:\Windows\System\xkvFNcc.exe

C:\Windows\System\xkvFNcc.exe

C:\Windows\System\khphiQd.exe

C:\Windows\System\khphiQd.exe

C:\Windows\System\hsOtMFX.exe

C:\Windows\System\hsOtMFX.exe

C:\Windows\System\JVpSJNb.exe

C:\Windows\System\JVpSJNb.exe

C:\Windows\System\zrYsqfT.exe

C:\Windows\System\zrYsqfT.exe

C:\Windows\System\aVfRiTT.exe

C:\Windows\System\aVfRiTT.exe

C:\Windows\System\cbUzAOW.exe

C:\Windows\System\cbUzAOW.exe

C:\Windows\System\EUXYPuB.exe

C:\Windows\System\EUXYPuB.exe

C:\Windows\System\behmthR.exe

C:\Windows\System\behmthR.exe

C:\Windows\System\SWmZuIW.exe

C:\Windows\System\SWmZuIW.exe

C:\Windows\System\KtRhfoN.exe

C:\Windows\System\KtRhfoN.exe

C:\Windows\System\CCvtssF.exe

C:\Windows\System\CCvtssF.exe

C:\Windows\System\SkoAtjq.exe

C:\Windows\System\SkoAtjq.exe

C:\Windows\System\BgoRIcl.exe

C:\Windows\System\BgoRIcl.exe

C:\Windows\System\qPhOSXV.exe

C:\Windows\System\qPhOSXV.exe

C:\Windows\System\avMhROf.exe

C:\Windows\System\avMhROf.exe

C:\Windows\System\dEPfVTH.exe

C:\Windows\System\dEPfVTH.exe

C:\Windows\System\UkOdVUB.exe

C:\Windows\System\UkOdVUB.exe

C:\Windows\System\EHzjHwT.exe

C:\Windows\System\EHzjHwT.exe

C:\Windows\System\BEYTpBp.exe

C:\Windows\System\BEYTpBp.exe

C:\Windows\System\SVpeHpn.exe

C:\Windows\System\SVpeHpn.exe

C:\Windows\System\mebsnFU.exe

C:\Windows\System\mebsnFU.exe

C:\Windows\System\Dipgerk.exe

C:\Windows\System\Dipgerk.exe

C:\Windows\System\UebHtRN.exe

C:\Windows\System\UebHtRN.exe

C:\Windows\System\oVAtRGm.exe

C:\Windows\System\oVAtRGm.exe

C:\Windows\System\LhdfDGZ.exe

C:\Windows\System\LhdfDGZ.exe

C:\Windows\System\KRLCPMP.exe

C:\Windows\System\KRLCPMP.exe

C:\Windows\System\sWmzvyC.exe

C:\Windows\System\sWmzvyC.exe

C:\Windows\System\SPRxRXF.exe

C:\Windows\System\SPRxRXF.exe

C:\Windows\System\jUopktx.exe

C:\Windows\System\jUopktx.exe

C:\Windows\System\xrKJNVA.exe

C:\Windows\System\xrKJNVA.exe

C:\Windows\System\BJJBVut.exe

C:\Windows\System\BJJBVut.exe

C:\Windows\System\NLEYQgQ.exe

C:\Windows\System\NLEYQgQ.exe

C:\Windows\System\GKOKtEA.exe

C:\Windows\System\GKOKtEA.exe

C:\Windows\System\TMvfwGx.exe

C:\Windows\System\TMvfwGx.exe

C:\Windows\System\OzpxQEr.exe

C:\Windows\System\OzpxQEr.exe

C:\Windows\System\tgPlcFw.exe

C:\Windows\System\tgPlcFw.exe

C:\Windows\System\uHcRezv.exe

C:\Windows\System\uHcRezv.exe

C:\Windows\System\uniZziC.exe

C:\Windows\System\uniZziC.exe

C:\Windows\System\MKEzURK.exe

C:\Windows\System\MKEzURK.exe

C:\Windows\System\Wcvcdmt.exe

C:\Windows\System\Wcvcdmt.exe

C:\Windows\System\WlJIxkR.exe

C:\Windows\System\WlJIxkR.exe

C:\Windows\System\avTxcbJ.exe

C:\Windows\System\avTxcbJ.exe

C:\Windows\System\KRmxdJZ.exe

C:\Windows\System\KRmxdJZ.exe

C:\Windows\System\ypFEDxC.exe

C:\Windows\System\ypFEDxC.exe

C:\Windows\System\OYMfYpd.exe

C:\Windows\System\OYMfYpd.exe

C:\Windows\System\zTyYfUb.exe

C:\Windows\System\zTyYfUb.exe

C:\Windows\System\HYiKToK.exe

C:\Windows\System\HYiKToK.exe

C:\Windows\System\yNbLpgs.exe

C:\Windows\System\yNbLpgs.exe

C:\Windows\System\DPirxVc.exe

C:\Windows\System\DPirxVc.exe

C:\Windows\System\jGMNgfz.exe

C:\Windows\System\jGMNgfz.exe

C:\Windows\System\mGpVcje.exe

C:\Windows\System\mGpVcje.exe

C:\Windows\System\LmHkHXB.exe

C:\Windows\System\LmHkHXB.exe

C:\Windows\System\qhgtWgf.exe

C:\Windows\System\qhgtWgf.exe

C:\Windows\System\isWTuYJ.exe

C:\Windows\System\isWTuYJ.exe

C:\Windows\System\NdgIClt.exe

C:\Windows\System\NdgIClt.exe

C:\Windows\System\rosuOrv.exe

C:\Windows\System\rosuOrv.exe

C:\Windows\System\nsulvgI.exe

C:\Windows\System\nsulvgI.exe

C:\Windows\System\fXZMNWg.exe

C:\Windows\System\fXZMNWg.exe

C:\Windows\System\gBymLCM.exe

C:\Windows\System\gBymLCM.exe

C:\Windows\System\DCPLpqs.exe

C:\Windows\System\DCPLpqs.exe

C:\Windows\System\BLsAfJA.exe

C:\Windows\System\BLsAfJA.exe

C:\Windows\System\RNMIlEB.exe

C:\Windows\System\RNMIlEB.exe

C:\Windows\System\bBIfVKb.exe

C:\Windows\System\bBIfVKb.exe

C:\Windows\System\vnLPGDG.exe

C:\Windows\System\vnLPGDG.exe

C:\Windows\System\syDESJW.exe

C:\Windows\System\syDESJW.exe

C:\Windows\System\uwkUwGv.exe

C:\Windows\System\uwkUwGv.exe

C:\Windows\System\cKtfhOx.exe

C:\Windows\System\cKtfhOx.exe

C:\Windows\System\CbYXbMm.exe

C:\Windows\System\CbYXbMm.exe

C:\Windows\System\RpIbpdT.exe

C:\Windows\System\RpIbpdT.exe

C:\Windows\System\RstJAcr.exe

C:\Windows\System\RstJAcr.exe

C:\Windows\System\WPPfLul.exe

C:\Windows\System\WPPfLul.exe

C:\Windows\System\fZvBGcI.exe

C:\Windows\System\fZvBGcI.exe

C:\Windows\System\ZmiwJvg.exe

C:\Windows\System\ZmiwJvg.exe

C:\Windows\System\qMzjdEH.exe

C:\Windows\System\qMzjdEH.exe

C:\Windows\System\RAvYROC.exe

C:\Windows\System\RAvYROC.exe

C:\Windows\System\dvZtVRQ.exe

C:\Windows\System\dvZtVRQ.exe

C:\Windows\System\NNoejWH.exe

C:\Windows\System\NNoejWH.exe

C:\Windows\System\uPYIKnG.exe

C:\Windows\System\uPYIKnG.exe

C:\Windows\System\MlWuCws.exe

C:\Windows\System\MlWuCws.exe

C:\Windows\System\OtjkCeQ.exe

C:\Windows\System\OtjkCeQ.exe

C:\Windows\System\rTfldFR.exe

C:\Windows\System\rTfldFR.exe

C:\Windows\System\wubgaGh.exe

C:\Windows\System\wubgaGh.exe

C:\Windows\System\mJRjDlO.exe

C:\Windows\System\mJRjDlO.exe

C:\Windows\System\EUYacXW.exe

C:\Windows\System\EUYacXW.exe

C:\Windows\System\vdpibYe.exe

C:\Windows\System\vdpibYe.exe

C:\Windows\System\qeiToXS.exe

C:\Windows\System\qeiToXS.exe

C:\Windows\System\SZuNVlu.exe

C:\Windows\System\SZuNVlu.exe

C:\Windows\System\APOpySR.exe

C:\Windows\System\APOpySR.exe

C:\Windows\System\IbTGdYx.exe

C:\Windows\System\IbTGdYx.exe

C:\Windows\System\czOlsUH.exe

C:\Windows\System\czOlsUH.exe

C:\Windows\System\vCaGgcz.exe

C:\Windows\System\vCaGgcz.exe

C:\Windows\System\BaWoSdg.exe

C:\Windows\System\BaWoSdg.exe

C:\Windows\System\UmEhVzD.exe

C:\Windows\System\UmEhVzD.exe

C:\Windows\System\hlJIKDC.exe

C:\Windows\System\hlJIKDC.exe

C:\Windows\System\QHoBrjX.exe

C:\Windows\System\QHoBrjX.exe

C:\Windows\System\XAgcgFC.exe

C:\Windows\System\XAgcgFC.exe

C:\Windows\System\yZvsnnR.exe

C:\Windows\System\yZvsnnR.exe

C:\Windows\System\kwTkkEg.exe

C:\Windows\System\kwTkkEg.exe

C:\Windows\System\PUOCwmQ.exe

C:\Windows\System\PUOCwmQ.exe

C:\Windows\System\ZZWNNzD.exe

C:\Windows\System\ZZWNNzD.exe

C:\Windows\System\nGaaThJ.exe

C:\Windows\System\nGaaThJ.exe

C:\Windows\System\MxOIROr.exe

C:\Windows\System\MxOIROr.exe

C:\Windows\System\zEdNaZg.exe

C:\Windows\System\zEdNaZg.exe

C:\Windows\System\MkHfylm.exe

C:\Windows\System\MkHfylm.exe

C:\Windows\System\TFuksnF.exe

C:\Windows\System\TFuksnF.exe

C:\Windows\System\kNVuKLI.exe

C:\Windows\System\kNVuKLI.exe

C:\Windows\System\mNWSkCa.exe

C:\Windows\System\mNWSkCa.exe

C:\Windows\System\rvunrzO.exe

C:\Windows\System\rvunrzO.exe

C:\Windows\System\ShGthse.exe

C:\Windows\System\ShGthse.exe

C:\Windows\System\SeHSboP.exe

C:\Windows\System\SeHSboP.exe

C:\Windows\System\JSHoRjX.exe

C:\Windows\System\JSHoRjX.exe

C:\Windows\System\HoCGcNB.exe

C:\Windows\System\HoCGcNB.exe

C:\Windows\System\jkVdbls.exe

C:\Windows\System\jkVdbls.exe

C:\Windows\System\bOGrXPN.exe

C:\Windows\System\bOGrXPN.exe

C:\Windows\System\CvUFCkV.exe

C:\Windows\System\CvUFCkV.exe

C:\Windows\System\VXrCNDC.exe

C:\Windows\System\VXrCNDC.exe

C:\Windows\System\MWmiiHG.exe

C:\Windows\System\MWmiiHG.exe

C:\Windows\System\OavJHeX.exe

C:\Windows\System\OavJHeX.exe

C:\Windows\System\gzgNBMH.exe

C:\Windows\System\gzgNBMH.exe

C:\Windows\System\SyYCDHI.exe

C:\Windows\System\SyYCDHI.exe

C:\Windows\System\PhFspzm.exe

C:\Windows\System\PhFspzm.exe

C:\Windows\System\qMAmFeN.exe

C:\Windows\System\qMAmFeN.exe

C:\Windows\System\bqNHuXV.exe

C:\Windows\System\bqNHuXV.exe

C:\Windows\System\ovspwrA.exe

C:\Windows\System\ovspwrA.exe

C:\Windows\System\yZCxcIO.exe

C:\Windows\System\yZCxcIO.exe

C:\Windows\System\wvNXiqR.exe

C:\Windows\System\wvNXiqR.exe

C:\Windows\System\SEZcghx.exe

C:\Windows\System\SEZcghx.exe

C:\Windows\System\itzMMOU.exe

C:\Windows\System\itzMMOU.exe

C:\Windows\System\dLTYOCI.exe

C:\Windows\System\dLTYOCI.exe

C:\Windows\System\qZCalFB.exe

C:\Windows\System\qZCalFB.exe

C:\Windows\System\EecQoho.exe

C:\Windows\System\EecQoho.exe

C:\Windows\System\atJwmkF.exe

C:\Windows\System\atJwmkF.exe

C:\Windows\System\vPWKUee.exe

C:\Windows\System\vPWKUee.exe

C:\Windows\System\QrAbZfV.exe

C:\Windows\System\QrAbZfV.exe

C:\Windows\System\PsUNFah.exe

C:\Windows\System\PsUNFah.exe

C:\Windows\System\pIdYqvL.exe

C:\Windows\System\pIdYqvL.exe

C:\Windows\System\RWBcAjq.exe

C:\Windows\System\RWBcAjq.exe

C:\Windows\System\NGVrKPM.exe

C:\Windows\System\NGVrKPM.exe

C:\Windows\System\qqCoOdM.exe

C:\Windows\System\qqCoOdM.exe

C:\Windows\System\oqqjHOK.exe

C:\Windows\System\oqqjHOK.exe

C:\Windows\System\cLhFoLD.exe

C:\Windows\System\cLhFoLD.exe

C:\Windows\System\AxCqWAx.exe

C:\Windows\System\AxCqWAx.exe

C:\Windows\System\uniFIdY.exe

C:\Windows\System\uniFIdY.exe

C:\Windows\System\tVJFcCO.exe

C:\Windows\System\tVJFcCO.exe

C:\Windows\System\sGlcoXN.exe

C:\Windows\System\sGlcoXN.exe

C:\Windows\System\cfPDDUy.exe

C:\Windows\System\cfPDDUy.exe

C:\Windows\System\tOxzyjD.exe

C:\Windows\System\tOxzyjD.exe

C:\Windows\System\uBTkuxf.exe

C:\Windows\System\uBTkuxf.exe

C:\Windows\System\bBAqaan.exe

C:\Windows\System\bBAqaan.exe

C:\Windows\System\GBGjGoc.exe

C:\Windows\System\GBGjGoc.exe

C:\Windows\System\TqeBrnR.exe

C:\Windows\System\TqeBrnR.exe

C:\Windows\System\GtjtLeE.exe

C:\Windows\System\GtjtLeE.exe

C:\Windows\System\TgoYfQJ.exe

C:\Windows\System\TgoYfQJ.exe

C:\Windows\System\NmKWHcJ.exe

C:\Windows\System\NmKWHcJ.exe

C:\Windows\System\QJbmgPU.exe

C:\Windows\System\QJbmgPU.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1548-0-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/1548-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\hdwRxCv.exe

MD5 0100b562d452d0506774e04df5166314
SHA1 74f4d8de332e5997a129366a09b65ff57e76e5d2
SHA256 4963d2deaa0932979b8147e89812ed12bc8d1c4da6d89d42b04e28698b6fe24e
SHA512 917cad8c9f4cd71fb61cd670341ff478edcf87eb80c5f289e4a9fa767f55fd9a23b2418fed527d4bfcea0693d645068acf575aba1e2c70aed78b1bd26024773d

memory/2312-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2324-37-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/2588-35-0x000000013F1F0000-0x000000013F544000-memory.dmp

C:\Windows\system\datmOal.exe

MD5 4ecd5c01f0d609ff6f322072789e5b14
SHA1 4e811859e7930b17bb90e2f8fc75674a35900deb
SHA256 58432b3fd3baf9886e02636485b1b214237fac13e694e5182a814b662d272234
SHA512 f8ccbb7e70bc1353aa97471c64cb68635908d2bffe0203f7b3c3a898486cc0b1d880d1e21327a5fcbe3ede4264d2784795521022f4196269a55f751e452fafe9

memory/2620-41-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2756-40-0x000000013F110000-0x000000013F464000-memory.dmp

C:\Windows\system\GMPbCmZ.exe

MD5 21994c3e490b5894dbf97f60cefe30f3
SHA1 074e458ef56ebaaaf8244783844a1a05fca74522
SHA256 a7b9f0deda12993c130a639f31e3e56faef987ca6a8fd8f1fa65efb8368389e5
SHA512 e48272535edd08ec3d897664f1982a13858672d2f099aa705d70c50494336bd294072b77b213ac7024a8c85ffc164308fe48ac13c2dc64cc97f029495fe1b0a8

memory/2316-33-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/1548-29-0x0000000001F80000-0x00000000022D4000-memory.dmp

C:\Windows\system\goYlsvG.exe

MD5 d916190a43f9dcfddfab5a5c15948f8a
SHA1 5fbc35aa9afe25f737d591797c04847645944b0a
SHA256 dd70a8ab31eedad6f0b67a616f93dc5e722a82201218d230ade59c4a416ed660
SHA512 5bb302aad05e6b722809456786164d75405bbe65684b74d8fe7e6005ad39f3d7fd4e92d471868ed810457926508a0932a19f2a26e744046d1a4379f9a0e4f872

C:\Windows\system\blGbetz.exe

MD5 18465327cfd697e902cda8962a79d98f
SHA1 7d524f88abb48e3c90fc0acb2b6a0babbdd6058a
SHA256 81e3b254c9f92e26a3367f4c1aa18db37d89e35a38eb9d21b62180814121efb4
SHA512 ec346ad1da00f2365f7ff9e225726efaa09bf0ef6279fd67fd878ec729965e54c2b3470ec85af1cb1799cbed300e320c672e10572e50822e274a33874c083323

C:\Windows\system\kFAyGmb.exe

MD5 25e917ed8b8dbffe55671566457f4a36
SHA1 d75c80b77d30614557d2c44dcdbea3f1c579a1d5
SHA256 162951ecc07f5e82107bb716aa2cc5f3ead79ad8392f33ea6c52f013de906292
SHA512 ac30a1f6c4d7b4623303f872d4e7b470a999cee7a67b4ae6375a587d31cfd641bb331ec2919dd500a5b5c31cd1c341f93c5950862300e9411422333a9376f23b

memory/1548-24-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/1548-17-0x0000000001F80000-0x00000000022D4000-memory.dmp

memory/1548-49-0x000000013FE90000-0x00000001401E4000-memory.dmp

\Windows\system\YVwDnEw.exe

MD5 bfd571196191815599e1f7d0453d120d
SHA1 f5e9ae07178308ee3bb75e67dc2eff3c5776db9c
SHA256 7df05b6ca64207593b523088cfc8a15629fe999bb465848b8093d5356f695625
SHA512 f1fbbe9f23d3fbb0fd772492aeda56286a08263ac322b68cfbc493821b90806797e111a9ee40122808b367f6f70b2a4ecdb314a0187a1c9ed47393d1e11d6d6c

C:\Windows\system\qAHEfEz.exe

MD5 cd0eadd6b507ca42390ba4e290e2ab54
SHA1 ad4050b071b66beb3d8682f2ca08da983d381662
SHA256 f98b57701a1a0a9d61710f1be9949e81fe248483df39ac712be278b0674f38bc
SHA512 057a20c491f9dec7465b7d62aa1058d7a68ad0681a7e4122fdd8b6bcb07a50295629fc7f3873bdb2313927bf3cd57bfaf228be84fd87eea248e98cc1275096e5

\Windows\system\atIzMSw.exe

MD5 19d6ea71ea5d711eb0c3f2fde6d28217
SHA1 7af7fcfb1af64a52969a8b468ce64137a32db4a0
SHA256 20afde9ee3691cb5b01d23d1a50e69ffa23a34896b9adee5b7bfeef1ca802da4
SHA512 5a5f8aa7ad6117d764b2cbade92a3e851016bdf70f1e14b6fb2b18bcdb169e53e46e26d865977052c3858a03259d954524a8897ec8456986bc8f86db98f1e00a

memory/2728-78-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2312-77-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/1548-57-0x000000013FAB0000-0x000000013FE04000-memory.dmp

\Windows\system\AQEFgIe.exe

MD5 64fbdd2526edf4e403b3a39e8ae5f2d3
SHA1 264eb52ba0e7cc84c4dd0dc58e504f9a397fe33a
SHA256 af6dff9d4aa026f4e66ef3a950fc1e0ac2117346ef20f0af0506a7fda257307d
SHA512 846a16faecd15a81f45a1f5cb3453904872b81c2f5e03efcf480921640566db14513f53592604c1ccfb1095d103428d6b02567bf52787ce7abf29f05fb2ea0c2

memory/1548-76-0x000000013F370000-0x000000013F6C4000-memory.dmp

C:\Windows\system\hAHaoFH.exe

MD5 eaef3e4649f7f59b946dfa44cddb807e
SHA1 e0f1f2ec02ece5a03062515c1136f93275b3c3a1
SHA256 4f78e1a36a88ec99346f82140badf3a11406ac61bec7a7192bdef4e5f4b5f670
SHA512 7c65ba4eef2d26e5dbaddc6f7177bdc3bfc40b7cb6ec7dc35f441e81246b8f55b41257e1e3de56ae69252255369854dcc4a80df08e4f04b971334ca7e320a6fe

memory/2776-100-0x000000013F9D0000-0x000000013FD24000-memory.dmp

C:\Windows\system\zXGYxzr.exe

MD5 5c248e2eaf7271006d2af1a9aa7adf5d
SHA1 4af8461ccb27aa0e3280ede0798b634266f954f9
SHA256 ad2c1d0ba295e7569479dc398558923a1febb233d197c7f7a38c5ead996ffd23
SHA512 f9e077330cd2a19352fec04463be549d4179ee4da992b721b9dc4745c560572fdc8105045e56a334067b8b7afac79db1f19bddaeaaa6411515103cfc7e8f73f9

\Windows\system\fFLajDc.exe

MD5 05e58e685fedd26c710e48454ce08913
SHA1 86b6dac7e6a7edd4bcf98ab95fa6c78f197754e2
SHA256 838baa1b5c6f3e5b114f7bd5a20580b6a0e62942495172b6e1888d2c774a184a
SHA512 3a56e59429e8bc0e6f9f4b85dda45c6133e2e630abd99b3943dbcd79e12439e44d8d97e17a2f56d59cba613e89307443d0128712cd8027f6850e296ba606d92a

\Windows\system\mBueHNH.exe

MD5 65061a6acf8ac859ac35f28169b1bf54
SHA1 af670ad5f84faa07bffbe38a7ff309acd58882ec
SHA256 ba2d6ea67c3e10d4d460b1756fbae9d352952dd1f84b44ff5d58abc0d8e9247b
SHA512 c0ff27392fa2ff4447d5b1b383b388a70d8188d7d555e9863ec64c8ddf6354edcafdcfb9d60c2f0a8d9aef8792a38a5aba1c5b5ddccd030378586b6392539a43

\Windows\system\RBdmDaZ.exe

MD5 4890d4cda433c55d02767a6008929725
SHA1 fac10539d6a1dcaf9bf5e27ac1be0549784e8c44
SHA256 2a771264837eb69748ae96da738ebd5e77ea7b4a00eb5f88754f0db2d657954d
SHA512 0e34a64519e745d9e22d8373b73b4ce9f053d047db97f82c3985baf755ae1744ed8c7c5b9f5c0c198e7fdbed982a9f8d1460d1817820552074cd676301120a37

memory/1548-531-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\ymcjXQZ.exe

MD5 c998c8d0feed3fa63d1476523b2f8542
SHA1 31109243bf33e95544b5584a7daef42f229e8f4c
SHA256 c1dfcfb4faa72c255d5b06276af3e914f0f0359c6f60e0a1c17f6d5307568e20
SHA512 3ce6d588a09a09953c20df13126d48172be915208ddb2ade2593a5fe35de62a572ecddd283f11cb885a41a1faaec28e732ab0542fc7e12be457bd4e3ae3fa4cd

C:\Windows\system\hMIrqkV.exe

MD5 63f0475f3fa3a91047e0589e65c0104a
SHA1 48bc5c1c6ea634c37779a1eaf9eee5a99413a278
SHA256 8040ed8d674d754c424224b9ae04a7fb1e0e416182b2cbf397d9261be99a0911
SHA512 a8739fd10163cfeb53be9c7264fd5b0a1373914698838301056edd894a384f8ac2c76c060bca69698f3f9f33c8573c0f8907fef66461f8e0489f876d1284eb07

C:\Windows\system\VUItKuX.exe

MD5 bbc099c686041e6ab983ca9ec7774b7e
SHA1 07f8315d7444bdbcb51f05a2752db919ca49fe79
SHA256 21e0fc2e6110a25228a60b6ff172c88ba483114558fceb699f04611be113aebe
SHA512 4786b7955bbcf3cfd3ba731b56d675292f68f0ade60403862972a52fb3d02efe51c1d93d913bd2424496e4f7880243f1a0100341acf6f25e0ddf0199af43f98d

C:\Windows\system\NNToaRz.exe

MD5 88010ef3f98c9ead94637d8859abdc2e
SHA1 a4049ccef9ad1e0683885c0eb8ec651fd057866c
SHA256 b9d678248c57cfa7eb4112c95ec9043121489cdf1060204d7ff69e4ccc100fba
SHA512 bb4f7d4bb4e14670ebd5e410819f219433209b5d4dcaa010626c9dc79e84a12d0c45407ed24856eb9174408f76a222745c51c92535d3ca91577d6504c784a3d9

C:\Windows\system\JXyLemz.exe

MD5 bd9f7d9a00c2d667a63773025d2ff184
SHA1 2a74a2bc8a7ab073d89d09b34f8d0348208ec04d
SHA256 7f5702007319e735656efcaef51dd3147a7206ea6d5db3f3a5846b301428600c
SHA512 fe8f1510385b1d9c5bc84d9e0069e4e552cd242212b90dfe0f02f380d580485d24047b3c31c08d29ef73c250b15c824acfd597c2325b4a60491fb9cb51d2f0f7

C:\Windows\system\epPtFKH.exe

MD5 82c160e83d2445bc98da9e53c51509ae
SHA1 15f0dd9bdf615c1c5da2d4bd49acf3c3847d7062
SHA256 deff8e673bc958203102da6d0cdcdfc1bc49fc64fdd4917616aab244881ff186
SHA512 ceeb249471f284e18b7b7d3b2deefea492e884e053e9e54d5251e48b4ebaf6a88cc357c8dc88eb24a8da103c8d17a91093493328152ee0cd856aba457f56630b

C:\Windows\system\kxwDyBi.exe

MD5 913d99e64e0fd23d02b14b650cdfa62a
SHA1 eff84131bb7248fb16ddea0e3460434d56a74802
SHA256 e143b126e510b54f1009dea3fd8b038540f9ee82863b8895e7fae211429b65fa
SHA512 474791181a2dd010909f6a25615d2979c19d0b4dffb66513c4a23fc88370bd33ec0f436e61b44351a3030e8a5a30808b7103d90ee48461cbbc594827904d7863

C:\Windows\system\ZuVetyX.exe

MD5 fd48c4213a0a132885e08368173274d8
SHA1 bda7644425c3b175f02c2385c45e12b3530bfcb1
SHA256 e48493e12e9238304ff9d23c5062bcc0b1ec4aaa565abc89cb67077b6e0f011a
SHA512 a3ce4726f4cc3c6efccdf09f60593c080ad90770191a793a4c4249270c3b181aefa2f49a56a770ef9c63b64a09fbd96794b9a2ba527a6d507059ad4ce2cf5379

C:\Windows\system\SExWcSB.exe

MD5 a78d71cf445eca57eebb3759269a6bee
SHA1 6a8bc3e861e0c0666b4153e40ceb43ef818b63ce
SHA256 7e0a13a2a8a0fa291b47fa6e69918b1de8788505bd1bd11ed215bbf9f2e4f108
SHA512 285f7575be5e35e10eecd3a60646116dacba24d243c7edebf978bf275666342ac4cd6e31857dfbc5188c0f64faf11df7c18d54dfde84dc966a5543934e403a91

C:\Windows\system\PvoumAx.exe

MD5 8aeaf24564c41c59ede2e952a554ab65
SHA1 a138be547d5534a3f97436ee2ae3e6d051bc466b
SHA256 72b652f7e04f1226d3cd7c65f1284ffc481232d2e35c4ba28ee81098b8f5f88d
SHA512 6b407bf55f7380ebd405db26cbb8238a6ed1136cfeaf76ee6f6bdd08a85c3c5beab76d64395fda2eb9bcceec928001b5b3846eb2b6d76c71e208aba33abca2ed

C:\Windows\system\HKceawa.exe

MD5 2e5fee4234ae2fcbc4407f2577aff944
SHA1 08c6cca1be508749a76753e3f896110c9893a857
SHA256 ef0d5d1a4415f1f9f21c21a86c0f5f61075ded39fc2b91c1ee73cb1cb4fbd959
SHA512 4fb016d6f0bc894abe202b97e78f2fce8f2ad13d9e813db6617d2eb9a837397a1f8d62611c1cb9af6b291a4c6c30449ae1ada688ef95b648b32073a688482af8

C:\Windows\system\faufDoX.exe

MD5 db8e422283bba147887612dcd49286d7
SHA1 8712fdad91a44019646b692905583a286a8895f1
SHA256 e0d29f4c67cd4d2180831a00868fb25ba96b1cee6732bddc5d231524e0fafe53
SHA512 4e5b5588ade9a92b649d351cddca0e37557f007a48cc829397ddf38bb62f8f9917b3caa5984bc81bda077831df9906fc6ac9b193591a83ff09175b664580e809

C:\Windows\system\GkGCZwK.exe

MD5 94a7157761c4b0aef9e4d3fb0a3c7185
SHA1 3fa50cbd139cfa7f5331091e761c506667868f24
SHA256 903853e48d27d908f56ba88621a9907975afa65174c18647926edd27876ab1ce
SHA512 15a74bace72c7c3d883bbb0419ac1378d62ed5b3145544713f648f1daac001aa6b18cdc271695733bb9fc9e4a949f4a8b130c625be2ca57d3349d36788be4b49

memory/1548-104-0x000000013FAD0000-0x000000013FE24000-memory.dmp

C:\Windows\system\zhAoJZG.exe

MD5 40a8c40b95ce8f0dc2a95393efc7a17b
SHA1 f04ade902dd96f4b0c02efeb06c7386be0cb9bc9
SHA256 37c488b3d1c3fe162fcb987ed9d8758591a21734337e7b8f4568a40b3ff3123d
SHA512 78ef823095708457fa2120c123da5bc3e184d510c74e7bdb0c6c3c6389482cd079d6a75345576259baa1800f38e8554e8e3f7eee7525ab3a1ae2a1b195724ea1

memory/1548-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1716-92-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2316-98-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\DddLXZV.exe

MD5 74da433c5e12040d7dc277326822e241
SHA1 1c2e5819c63a25e039e5e2e511c89f55bd843806
SHA256 631db1072f3ed15043da9de1b1bb987d9fd3c61d41a83d3aba1483a8f2ac611d
SHA512 cbb5140ef9a75c4a3210bb6ad39cbb90996d2bf0404a2b8801a6ff25fc336dc2f2c3295cfc5e06a3652134a032ce40e9bbd1384b8691259b1b2e009c70dbca63

memory/2552-88-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/3028-87-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/1548-85-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/1548-84-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\OrnqKlc.exe

MD5 1aae09dd2d67fb9bc7a7184c040df658
SHA1 48463ae307ec7c6d79b9acc6e2c5e2d54e8063e9
SHA256 65c1770ae761d48f712e5518fbd2d2774b9aaeaa3878cf44fd20db91fff58c05
SHA512 291a5ef7336e42d613e1b5aca42bc76fd2cafa615e09536a211541030bd20866c57c82fcc8de9f93455007f09e0bbf67e81ac817ce7ec603c82f45d266b121b0

memory/2520-66-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1548-65-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1548-74-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/1548-71-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1548-62-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2740-59-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2596-50-0x000000013FE90000-0x00000001401E4000-memory.dmp

C:\Windows\system\pnZhMpu.exe

MD5 d962a4be151adbebce7c9f5756bf3c59
SHA1 0e3354c9d976ad3fc69385cc140f24e0da284be6
SHA256 e35778df5a79bf6d4a2c72dbffaed0dc7087424b85bfd89a92d0cc5c5b7360c3
SHA512 7d6041185196dfdeaf2337d5a7afb3a88f97d84fcb5762b29c17a3eac6910cf800c33b1c6bf52a8d95d6e8ee9774cd14c3c5456808bf75b834a88a5dec91bd17

memory/1548-1047-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2596-1048-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/1548-1072-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2520-1073-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2728-1074-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/1548-1075-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2552-1076-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1716-1077-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/1548-1078-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1548-1079-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2312-1080-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2316-1082-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2588-1081-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/2620-1084-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2324-1083-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/2756-1085-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2740-1086-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2596-1087-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2520-1088-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2728-1089-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/3028-1090-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2552-1091-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/2776-1092-0x000000013F9D0000-0x000000013FD24000-memory.dmp

memory/1716-1093-0x000000013FDE0000-0x0000000140134000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 21:01

Reported

2024-06-20 21:03

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oqscaEY.exe N/A
N/A N/A C:\Windows\System\ZXnGLEF.exe N/A
N/A N/A C:\Windows\System\YvalcPg.exe N/A
N/A N/A C:\Windows\System\jsOEUwe.exe N/A
N/A N/A C:\Windows\System\KknUFhi.exe N/A
N/A N/A C:\Windows\System\sPiNUKe.exe N/A
N/A N/A C:\Windows\System\KWCZPbJ.exe N/A
N/A N/A C:\Windows\System\aKEhOBt.exe N/A
N/A N/A C:\Windows\System\wdoksAa.exe N/A
N/A N/A C:\Windows\System\DWecGUC.exe N/A
N/A N/A C:\Windows\System\HXzgsTS.exe N/A
N/A N/A C:\Windows\System\alAYgjW.exe N/A
N/A N/A C:\Windows\System\QlRiMkB.exe N/A
N/A N/A C:\Windows\System\lSTjAIr.exe N/A
N/A N/A C:\Windows\System\wlWbHuS.exe N/A
N/A N/A C:\Windows\System\YgbLwPH.exe N/A
N/A N/A C:\Windows\System\ggZyxqB.exe N/A
N/A N/A C:\Windows\System\hTEfbmq.exe N/A
N/A N/A C:\Windows\System\uCoTbtn.exe N/A
N/A N/A C:\Windows\System\lfslLpc.exe N/A
N/A N/A C:\Windows\System\CsaMyRS.exe N/A
N/A N/A C:\Windows\System\ykbVwEe.exe N/A
N/A N/A C:\Windows\System\dQsGCjw.exe N/A
N/A N/A C:\Windows\System\psBDjwu.exe N/A
N/A N/A C:\Windows\System\FXILXlk.exe N/A
N/A N/A C:\Windows\System\YQwXMba.exe N/A
N/A N/A C:\Windows\System\HOpCBGK.exe N/A
N/A N/A C:\Windows\System\AruneHP.exe N/A
N/A N/A C:\Windows\System\WGnIdWr.exe N/A
N/A N/A C:\Windows\System\XeCWYbC.exe N/A
N/A N/A C:\Windows\System\dOrXcgx.exe N/A
N/A N/A C:\Windows\System\dOUxTzB.exe N/A
N/A N/A C:\Windows\System\dtXFTFn.exe N/A
N/A N/A C:\Windows\System\JAldkle.exe N/A
N/A N/A C:\Windows\System\SBXNWQR.exe N/A
N/A N/A C:\Windows\System\HDazJly.exe N/A
N/A N/A C:\Windows\System\voaqGtQ.exe N/A
N/A N/A C:\Windows\System\EpUOaVa.exe N/A
N/A N/A C:\Windows\System\MjhIlyW.exe N/A
N/A N/A C:\Windows\System\vEbfUVH.exe N/A
N/A N/A C:\Windows\System\sQpOckf.exe N/A
N/A N/A C:\Windows\System\KxqHtOV.exe N/A
N/A N/A C:\Windows\System\eetsVnF.exe N/A
N/A N/A C:\Windows\System\uIbqrhC.exe N/A
N/A N/A C:\Windows\System\YxHfRmg.exe N/A
N/A N/A C:\Windows\System\cpeOvou.exe N/A
N/A N/A C:\Windows\System\nifjCWq.exe N/A
N/A N/A C:\Windows\System\nUMCzrY.exe N/A
N/A N/A C:\Windows\System\VAsOTix.exe N/A
N/A N/A C:\Windows\System\bWOhQfY.exe N/A
N/A N/A C:\Windows\System\ywGbZjr.exe N/A
N/A N/A C:\Windows\System\yzBGfhJ.exe N/A
N/A N/A C:\Windows\System\jDEwdsF.exe N/A
N/A N/A C:\Windows\System\NzmjXNu.exe N/A
N/A N/A C:\Windows\System\BXeKEKI.exe N/A
N/A N/A C:\Windows\System\whZYRsR.exe N/A
N/A N/A C:\Windows\System\smnnZCC.exe N/A
N/A N/A C:\Windows\System\dgAzMrn.exe N/A
N/A N/A C:\Windows\System\pKgrjlq.exe N/A
N/A N/A C:\Windows\System\wiOvzOd.exe N/A
N/A N/A C:\Windows\System\nhhjfQC.exe N/A
N/A N/A C:\Windows\System\IHUJvKw.exe N/A
N/A N/A C:\Windows\System\PNUyJye.exe N/A
N/A N/A C:\Windows\System\gQvWfDY.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ythvvWG.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVCryWJ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwKAEDc.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpavszW.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRnyOJz.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxFjjRB.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKtRUIM.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXnGLEF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEygFyd.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\whvIsOr.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\qElsWgH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVYCDgQ.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\GIAJkmI.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJNRnYL.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\YvalcPg.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZBPoij.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfbTEUC.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOgHQUF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFYrPCX.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAlfprx.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpUOaVa.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxqHtOV.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\snmwjTd.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DRUwFyw.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\alAYgjW.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDazJly.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDrtbMz.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxlDBQz.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHyaSgn.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXzgsTS.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\dObePtq.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjkkAqw.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbZYMKW.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNVYSJG.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXqGxxn.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\AtrNtWm.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBXNWQR.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\tRZLwdp.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\UueSKwy.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBdtjXw.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\AruneHP.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWfZUft.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\ikbtfiF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTTySPS.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUOWpQT.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\YxHfRmg.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbfpefN.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\yeKnIwp.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTtSvpY.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSTjAIr.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOUxTzB.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\eetsVnF.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdJDOhD.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\DghciIm.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRAbxlW.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjkoJGD.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfXrMPO.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgbLwPH.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzkOkQA.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\amUynmX.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\lyNddMP.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\psBDjwu.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDHbvAm.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A
File created C:\Windows\System\lhlisHl.exe C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1232 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\oqscaEY.exe
PID 1232 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\oqscaEY.exe
PID 1232 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ZXnGLEF.exe
PID 1232 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ZXnGLEF.exe
PID 1232 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YvalcPg.exe
PID 1232 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YvalcPg.exe
PID 1232 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\jsOEUwe.exe
PID 1232 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\jsOEUwe.exe
PID 1232 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\KknUFhi.exe
PID 1232 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\KknUFhi.exe
PID 1232 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\sPiNUKe.exe
PID 1232 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\sPiNUKe.exe
PID 1232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\KWCZPbJ.exe
PID 1232 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\KWCZPbJ.exe
PID 1232 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\aKEhOBt.exe
PID 1232 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\aKEhOBt.exe
PID 1232 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\wdoksAa.exe
PID 1232 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\wdoksAa.exe
PID 1232 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\DWecGUC.exe
PID 1232 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\DWecGUC.exe
PID 1232 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HXzgsTS.exe
PID 1232 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HXzgsTS.exe
PID 1232 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\alAYgjW.exe
PID 1232 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\alAYgjW.exe
PID 1232 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\QlRiMkB.exe
PID 1232 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\QlRiMkB.exe
PID 1232 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\lSTjAIr.exe
PID 1232 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\lSTjAIr.exe
PID 1232 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\wlWbHuS.exe
PID 1232 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\wlWbHuS.exe
PID 1232 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YgbLwPH.exe
PID 1232 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YgbLwPH.exe
PID 1232 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ggZyxqB.exe
PID 1232 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ggZyxqB.exe
PID 1232 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hTEfbmq.exe
PID 1232 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\hTEfbmq.exe
PID 1232 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\uCoTbtn.exe
PID 1232 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\uCoTbtn.exe
PID 1232 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\lfslLpc.exe
PID 1232 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\lfslLpc.exe
PID 1232 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\CsaMyRS.exe
PID 1232 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\CsaMyRS.exe
PID 1232 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ykbVwEe.exe
PID 1232 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\ykbVwEe.exe
PID 1232 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dQsGCjw.exe
PID 1232 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dQsGCjw.exe
PID 1232 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\psBDjwu.exe
PID 1232 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\psBDjwu.exe
PID 1232 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\FXILXlk.exe
PID 1232 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\FXILXlk.exe
PID 1232 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YQwXMba.exe
PID 1232 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\YQwXMba.exe
PID 1232 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HOpCBGK.exe
PID 1232 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\HOpCBGK.exe
PID 1232 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\AruneHP.exe
PID 1232 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\AruneHP.exe
PID 1232 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\WGnIdWr.exe
PID 1232 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\WGnIdWr.exe
PID 1232 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\XeCWYbC.exe
PID 1232 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\XeCWYbC.exe
PID 1232 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dOrXcgx.exe
PID 1232 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dOrXcgx.exe
PID 1232 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dOUxTzB.exe
PID 1232 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe C:\Windows\System\dOUxTzB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0dfd4bc134c918cfcc6c9a34658abc18ba89ff426e122ca8507c476e9c44fa3c_NeikiAnalytics.exe"

C:\Windows\System\oqscaEY.exe

C:\Windows\System\oqscaEY.exe

C:\Windows\System\ZXnGLEF.exe

C:\Windows\System\ZXnGLEF.exe

C:\Windows\System\YvalcPg.exe

C:\Windows\System\YvalcPg.exe

C:\Windows\System\jsOEUwe.exe

C:\Windows\System\jsOEUwe.exe

C:\Windows\System\KknUFhi.exe

C:\Windows\System\KknUFhi.exe

C:\Windows\System\sPiNUKe.exe

C:\Windows\System\sPiNUKe.exe

C:\Windows\System\KWCZPbJ.exe

C:\Windows\System\KWCZPbJ.exe

C:\Windows\System\aKEhOBt.exe

C:\Windows\System\aKEhOBt.exe

C:\Windows\System\wdoksAa.exe

C:\Windows\System\wdoksAa.exe

C:\Windows\System\DWecGUC.exe

C:\Windows\System\DWecGUC.exe

C:\Windows\System\HXzgsTS.exe

C:\Windows\System\HXzgsTS.exe

C:\Windows\System\alAYgjW.exe

C:\Windows\System\alAYgjW.exe

C:\Windows\System\QlRiMkB.exe

C:\Windows\System\QlRiMkB.exe

C:\Windows\System\lSTjAIr.exe

C:\Windows\System\lSTjAIr.exe

C:\Windows\System\wlWbHuS.exe

C:\Windows\System\wlWbHuS.exe

C:\Windows\System\YgbLwPH.exe

C:\Windows\System\YgbLwPH.exe

C:\Windows\System\ggZyxqB.exe

C:\Windows\System\ggZyxqB.exe

C:\Windows\System\hTEfbmq.exe

C:\Windows\System\hTEfbmq.exe

C:\Windows\System\uCoTbtn.exe

C:\Windows\System\uCoTbtn.exe

C:\Windows\System\lfslLpc.exe

C:\Windows\System\lfslLpc.exe

C:\Windows\System\CsaMyRS.exe

C:\Windows\System\CsaMyRS.exe

C:\Windows\System\ykbVwEe.exe

C:\Windows\System\ykbVwEe.exe

C:\Windows\System\dQsGCjw.exe

C:\Windows\System\dQsGCjw.exe

C:\Windows\System\psBDjwu.exe

C:\Windows\System\psBDjwu.exe

C:\Windows\System\FXILXlk.exe

C:\Windows\System\FXILXlk.exe

C:\Windows\System\YQwXMba.exe

C:\Windows\System\YQwXMba.exe

C:\Windows\System\HOpCBGK.exe

C:\Windows\System\HOpCBGK.exe

C:\Windows\System\AruneHP.exe

C:\Windows\System\AruneHP.exe

C:\Windows\System\WGnIdWr.exe

C:\Windows\System\WGnIdWr.exe

C:\Windows\System\XeCWYbC.exe

C:\Windows\System\XeCWYbC.exe

C:\Windows\System\dOrXcgx.exe

C:\Windows\System\dOrXcgx.exe

C:\Windows\System\dOUxTzB.exe

C:\Windows\System\dOUxTzB.exe

C:\Windows\System\dtXFTFn.exe

C:\Windows\System\dtXFTFn.exe

C:\Windows\System\JAldkle.exe

C:\Windows\System\JAldkle.exe

C:\Windows\System\SBXNWQR.exe

C:\Windows\System\SBXNWQR.exe

C:\Windows\System\HDazJly.exe

C:\Windows\System\HDazJly.exe

C:\Windows\System\voaqGtQ.exe

C:\Windows\System\voaqGtQ.exe

C:\Windows\System\EpUOaVa.exe

C:\Windows\System\EpUOaVa.exe

C:\Windows\System\MjhIlyW.exe

C:\Windows\System\MjhIlyW.exe

C:\Windows\System\vEbfUVH.exe

C:\Windows\System\vEbfUVH.exe

C:\Windows\System\sQpOckf.exe

C:\Windows\System\sQpOckf.exe

C:\Windows\System\KxqHtOV.exe

C:\Windows\System\KxqHtOV.exe

C:\Windows\System\eetsVnF.exe

C:\Windows\System\eetsVnF.exe

C:\Windows\System\uIbqrhC.exe

C:\Windows\System\uIbqrhC.exe

C:\Windows\System\YxHfRmg.exe

C:\Windows\System\YxHfRmg.exe

C:\Windows\System\cpeOvou.exe

C:\Windows\System\cpeOvou.exe

C:\Windows\System\nifjCWq.exe

C:\Windows\System\nifjCWq.exe

C:\Windows\System\nUMCzrY.exe

C:\Windows\System\nUMCzrY.exe

C:\Windows\System\VAsOTix.exe

C:\Windows\System\VAsOTix.exe

C:\Windows\System\bWOhQfY.exe

C:\Windows\System\bWOhQfY.exe

C:\Windows\System\ywGbZjr.exe

C:\Windows\System\ywGbZjr.exe

C:\Windows\System\yzBGfhJ.exe

C:\Windows\System\yzBGfhJ.exe

C:\Windows\System\jDEwdsF.exe

C:\Windows\System\jDEwdsF.exe

C:\Windows\System\NzmjXNu.exe

C:\Windows\System\NzmjXNu.exe

C:\Windows\System\BXeKEKI.exe

C:\Windows\System\BXeKEKI.exe

C:\Windows\System\whZYRsR.exe

C:\Windows\System\whZYRsR.exe

C:\Windows\System\smnnZCC.exe

C:\Windows\System\smnnZCC.exe

C:\Windows\System\dgAzMrn.exe

C:\Windows\System\dgAzMrn.exe

C:\Windows\System\pKgrjlq.exe

C:\Windows\System\pKgrjlq.exe

C:\Windows\System\wiOvzOd.exe

C:\Windows\System\wiOvzOd.exe

C:\Windows\System\nhhjfQC.exe

C:\Windows\System\nhhjfQC.exe

C:\Windows\System\IHUJvKw.exe

C:\Windows\System\IHUJvKw.exe

C:\Windows\System\PNUyJye.exe

C:\Windows\System\PNUyJye.exe

C:\Windows\System\gQvWfDY.exe

C:\Windows\System\gQvWfDY.exe

C:\Windows\System\iaPqbFl.exe

C:\Windows\System\iaPqbFl.exe

C:\Windows\System\ZiViqrz.exe

C:\Windows\System\ZiViqrz.exe

C:\Windows\System\tRZLwdp.exe

C:\Windows\System\tRZLwdp.exe

C:\Windows\System\TUrPbAf.exe

C:\Windows\System\TUrPbAf.exe

C:\Windows\System\dObePtq.exe

C:\Windows\System\dObePtq.exe

C:\Windows\System\XjkkAqw.exe

C:\Windows\System\XjkkAqw.exe

C:\Windows\System\mrVLeDI.exe

C:\Windows\System\mrVLeDI.exe

C:\Windows\System\nvWWVsx.exe

C:\Windows\System\nvWWVsx.exe

C:\Windows\System\xJWqJfg.exe

C:\Windows\System\xJWqJfg.exe

C:\Windows\System\HfJUiJc.exe

C:\Windows\System\HfJUiJc.exe

C:\Windows\System\dusRHTh.exe

C:\Windows\System\dusRHTh.exe

C:\Windows\System\VxmbJkE.exe

C:\Windows\System\VxmbJkE.exe

C:\Windows\System\kfemTNG.exe

C:\Windows\System\kfemTNG.exe

C:\Windows\System\kVYCDgQ.exe

C:\Windows\System\kVYCDgQ.exe

C:\Windows\System\EAPAniD.exe

C:\Windows\System\EAPAniD.exe

C:\Windows\System\EDZsMaw.exe

C:\Windows\System\EDZsMaw.exe

C:\Windows\System\cJaJbLF.exe

C:\Windows\System\cJaJbLF.exe

C:\Windows\System\zZBPoij.exe

C:\Windows\System\zZBPoij.exe

C:\Windows\System\ythvvWG.exe

C:\Windows\System\ythvvWG.exe

C:\Windows\System\oVCryWJ.exe

C:\Windows\System\oVCryWJ.exe

C:\Windows\System\ONYINJA.exe

C:\Windows\System\ONYINJA.exe

C:\Windows\System\CUYlJrH.exe

C:\Windows\System\CUYlJrH.exe

C:\Windows\System\jzKmDLu.exe

C:\Windows\System\jzKmDLu.exe

C:\Windows\System\ocmzYYi.exe

C:\Windows\System\ocmzYYi.exe

C:\Windows\System\bIazSwh.exe

C:\Windows\System\bIazSwh.exe

C:\Windows\System\ydyswjt.exe

C:\Windows\System\ydyswjt.exe

C:\Windows\System\gdikzRm.exe

C:\Windows\System\gdikzRm.exe

C:\Windows\System\hgdkOMl.exe

C:\Windows\System\hgdkOMl.exe

C:\Windows\System\nHqWLYb.exe

C:\Windows\System\nHqWLYb.exe

C:\Windows\System\MKXTNXL.exe

C:\Windows\System\MKXTNXL.exe

C:\Windows\System\dGzYqSx.exe

C:\Windows\System\dGzYqSx.exe

C:\Windows\System\GIAJkmI.exe

C:\Windows\System\GIAJkmI.exe

C:\Windows\System\AsgTVDQ.exe

C:\Windows\System\AsgTVDQ.exe

C:\Windows\System\WnzeZRh.exe

C:\Windows\System\WnzeZRh.exe

C:\Windows\System\EwKAEDc.exe

C:\Windows\System\EwKAEDc.exe

C:\Windows\System\LSWGKua.exe

C:\Windows\System\LSWGKua.exe

C:\Windows\System\eBgiwMW.exe

C:\Windows\System\eBgiwMW.exe

C:\Windows\System\SoOlvdv.exe

C:\Windows\System\SoOlvdv.exe

C:\Windows\System\nJNRnYL.exe

C:\Windows\System\nJNRnYL.exe

C:\Windows\System\ytdNhZA.exe

C:\Windows\System\ytdNhZA.exe

C:\Windows\System\SSgGjFz.exe

C:\Windows\System\SSgGjFz.exe

C:\Windows\System\xsKNKOH.exe

C:\Windows\System\xsKNKOH.exe

C:\Windows\System\fbIrVmf.exe

C:\Windows\System\fbIrVmf.exe

C:\Windows\System\PUiWnIG.exe

C:\Windows\System\PUiWnIG.exe

C:\Windows\System\kDHbvAm.exe

C:\Windows\System\kDHbvAm.exe

C:\Windows\System\lhlisHl.exe

C:\Windows\System\lhlisHl.exe

C:\Windows\System\mszzERP.exe

C:\Windows\System\mszzERP.exe

C:\Windows\System\amUynmX.exe

C:\Windows\System\amUynmX.exe

C:\Windows\System\NbfpefN.exe

C:\Windows\System\NbfpefN.exe

C:\Windows\System\edThjgf.exe

C:\Windows\System\edThjgf.exe

C:\Windows\System\QHTvkNS.exe

C:\Windows\System\QHTvkNS.exe

C:\Windows\System\RpavszW.exe

C:\Windows\System\RpavszW.exe

C:\Windows\System\WxbLEgy.exe

C:\Windows\System\WxbLEgy.exe

C:\Windows\System\pymSicD.exe

C:\Windows\System\pymSicD.exe

C:\Windows\System\ZHdgQkE.exe

C:\Windows\System\ZHdgQkE.exe

C:\Windows\System\YRGMcdO.exe

C:\Windows\System\YRGMcdO.exe

C:\Windows\System\FxVNPrl.exe

C:\Windows\System\FxVNPrl.exe

C:\Windows\System\SHAmouM.exe

C:\Windows\System\SHAmouM.exe

C:\Windows\System\UrnbhqR.exe

C:\Windows\System\UrnbhqR.exe

C:\Windows\System\XsxuSxx.exe

C:\Windows\System\XsxuSxx.exe

C:\Windows\System\tKkmnvv.exe

C:\Windows\System\tKkmnvv.exe

C:\Windows\System\MMmXIJj.exe

C:\Windows\System\MMmXIJj.exe

C:\Windows\System\DfbTEUC.exe

C:\Windows\System\DfbTEUC.exe

C:\Windows\System\cEJpRxB.exe

C:\Windows\System\cEJpRxB.exe

C:\Windows\System\axPHTbq.exe

C:\Windows\System\axPHTbq.exe

C:\Windows\System\AajIJLy.exe

C:\Windows\System\AajIJLy.exe

C:\Windows\System\EEwjcdA.exe

C:\Windows\System\EEwjcdA.exe

C:\Windows\System\jLOdWlf.exe

C:\Windows\System\jLOdWlf.exe

C:\Windows\System\LMqYpbP.exe

C:\Windows\System\LMqYpbP.exe

C:\Windows\System\SlZejCB.exe

C:\Windows\System\SlZejCB.exe

C:\Windows\System\CiuFTHK.exe

C:\Windows\System\CiuFTHK.exe

C:\Windows\System\PggsZlv.exe

C:\Windows\System\PggsZlv.exe

C:\Windows\System\BDOLgOd.exe

C:\Windows\System\BDOLgOd.exe

C:\Windows\System\RgDWAQY.exe

C:\Windows\System\RgDWAQY.exe

C:\Windows\System\NdJDOhD.exe

C:\Windows\System\NdJDOhD.exe

C:\Windows\System\AWnpcRm.exe

C:\Windows\System\AWnpcRm.exe

C:\Windows\System\SmCbooQ.exe

C:\Windows\System\SmCbooQ.exe

C:\Windows\System\EOgHQUF.exe

C:\Windows\System\EOgHQUF.exe

C:\Windows\System\XZmknln.exe

C:\Windows\System\XZmknln.exe

C:\Windows\System\qLKLQrm.exe

C:\Windows\System\qLKLQrm.exe

C:\Windows\System\xMwmoEZ.exe

C:\Windows\System\xMwmoEZ.exe

C:\Windows\System\DghciIm.exe

C:\Windows\System\DghciIm.exe

C:\Windows\System\JFYrPCX.exe

C:\Windows\System\JFYrPCX.exe

C:\Windows\System\UWdpgki.exe

C:\Windows\System\UWdpgki.exe

C:\Windows\System\hRthszD.exe

C:\Windows\System\hRthszD.exe

C:\Windows\System\WivddyL.exe

C:\Windows\System\WivddyL.exe

C:\Windows\System\BsbujHB.exe

C:\Windows\System\BsbujHB.exe

C:\Windows\System\hcTwinI.exe

C:\Windows\System\hcTwinI.exe

C:\Windows\System\awBBwzy.exe

C:\Windows\System\awBBwzy.exe

C:\Windows\System\fvIxkBR.exe

C:\Windows\System\fvIxkBR.exe

C:\Windows\System\fRnyOJz.exe

C:\Windows\System\fRnyOJz.exe

C:\Windows\System\KkQUcqD.exe

C:\Windows\System\KkQUcqD.exe

C:\Windows\System\ylJKqVE.exe

C:\Windows\System\ylJKqVE.exe

C:\Windows\System\mUOWpQT.exe

C:\Windows\System\mUOWpQT.exe

C:\Windows\System\SogFngc.exe

C:\Windows\System\SogFngc.exe

C:\Windows\System\VyTuusc.exe

C:\Windows\System\VyTuusc.exe

C:\Windows\System\YNLzCZd.exe

C:\Windows\System\YNLzCZd.exe

C:\Windows\System\eLNJHPS.exe

C:\Windows\System\eLNJHPS.exe

C:\Windows\System\NGNkmHc.exe

C:\Windows\System\NGNkmHc.exe

C:\Windows\System\MfYQWiy.exe

C:\Windows\System\MfYQWiy.exe

C:\Windows\System\zplkmZm.exe

C:\Windows\System\zplkmZm.exe

C:\Windows\System\WxFjjRB.exe

C:\Windows\System\WxFjjRB.exe

C:\Windows\System\pRTEITn.exe

C:\Windows\System\pRTEITn.exe

C:\Windows\System\GTTTjQL.exe

C:\Windows\System\GTTTjQL.exe

C:\Windows\System\ZBBtqet.exe

C:\Windows\System\ZBBtqet.exe

C:\Windows\System\mnipEAe.exe

C:\Windows\System\mnipEAe.exe

C:\Windows\System\LJGUMPv.exe

C:\Windows\System\LJGUMPv.exe

C:\Windows\System\UDMCePe.exe

C:\Windows\System\UDMCePe.exe

C:\Windows\System\kGbgOUF.exe

C:\Windows\System\kGbgOUF.exe

C:\Windows\System\TvdNBBL.exe

C:\Windows\System\TvdNBBL.exe

C:\Windows\System\GAkaExH.exe

C:\Windows\System\GAkaExH.exe

C:\Windows\System\IQTIoyA.exe

C:\Windows\System\IQTIoyA.exe

C:\Windows\System\CVImtAp.exe

C:\Windows\System\CVImtAp.exe

C:\Windows\System\HQgrvHO.exe

C:\Windows\System\HQgrvHO.exe

C:\Windows\System\knGQOZM.exe

C:\Windows\System\knGQOZM.exe

C:\Windows\System\RREInUj.exe

C:\Windows\System\RREInUj.exe

C:\Windows\System\cIqyTJM.exe

C:\Windows\System\cIqyTJM.exe

C:\Windows\System\KDrtbMz.exe

C:\Windows\System\KDrtbMz.exe

C:\Windows\System\upnZUao.exe

C:\Windows\System\upnZUao.exe

C:\Windows\System\admGQlU.exe

C:\Windows\System\admGQlU.exe

C:\Windows\System\SKtRUIM.exe

C:\Windows\System\SKtRUIM.exe

C:\Windows\System\DjYqFXQ.exe

C:\Windows\System\DjYqFXQ.exe

C:\Windows\System\TJtpcZd.exe

C:\Windows\System\TJtpcZd.exe

C:\Windows\System\XkOnHZI.exe

C:\Windows\System\XkOnHZI.exe

C:\Windows\System\GDarscy.exe

C:\Windows\System\GDarscy.exe

C:\Windows\System\snmwjTd.exe

C:\Windows\System\snmwjTd.exe

C:\Windows\System\NcfDqfp.exe

C:\Windows\System\NcfDqfp.exe

C:\Windows\System\uYCRPac.exe

C:\Windows\System\uYCRPac.exe

C:\Windows\System\WRAbxlW.exe

C:\Windows\System\WRAbxlW.exe

C:\Windows\System\JaVHmmD.exe

C:\Windows\System\JaVHmmD.exe

C:\Windows\System\KafLBft.exe

C:\Windows\System\KafLBft.exe

C:\Windows\System\ULPnbFL.exe

C:\Windows\System\ULPnbFL.exe

C:\Windows\System\YbZYMKW.exe

C:\Windows\System\YbZYMKW.exe

C:\Windows\System\SorYUTi.exe

C:\Windows\System\SorYUTi.exe

C:\Windows\System\nbZGAXQ.exe

C:\Windows\System\nbZGAXQ.exe

C:\Windows\System\pxlDBQz.exe

C:\Windows\System\pxlDBQz.exe

C:\Windows\System\jLbvypx.exe

C:\Windows\System\jLbvypx.exe

C:\Windows\System\ShIIadi.exe

C:\Windows\System\ShIIadi.exe

C:\Windows\System\ghJvDcG.exe

C:\Windows\System\ghJvDcG.exe

C:\Windows\System\EyliDGL.exe

C:\Windows\System\EyliDGL.exe

C:\Windows\System\fIRoNFI.exe

C:\Windows\System\fIRoNFI.exe

C:\Windows\System\AUBoHtp.exe

C:\Windows\System\AUBoHtp.exe

C:\Windows\System\Ilubgwb.exe

C:\Windows\System\Ilubgwb.exe

C:\Windows\System\zcjneil.exe

C:\Windows\System\zcjneil.exe

C:\Windows\System\qEUHMVc.exe

C:\Windows\System\qEUHMVc.exe

C:\Windows\System\KfaigEn.exe

C:\Windows\System\KfaigEn.exe

C:\Windows\System\zBMhgvJ.exe

C:\Windows\System\zBMhgvJ.exe

C:\Windows\System\wZiVhpT.exe

C:\Windows\System\wZiVhpT.exe

C:\Windows\System\yeKnIwp.exe

C:\Windows\System\yeKnIwp.exe

C:\Windows\System\jWrHQtX.exe

C:\Windows\System\jWrHQtX.exe

C:\Windows\System\AiNkCEW.exe

C:\Windows\System\AiNkCEW.exe

C:\Windows\System\BQjXwUT.exe

C:\Windows\System\BQjXwUT.exe

C:\Windows\System\VCijcqL.exe

C:\Windows\System\VCijcqL.exe

C:\Windows\System\qElsWgH.exe

C:\Windows\System\qElsWgH.exe

C:\Windows\System\hYPSZvi.exe

C:\Windows\System\hYPSZvi.exe

C:\Windows\System\ABeLZTc.exe

C:\Windows\System\ABeLZTc.exe

C:\Windows\System\tGkPKzY.exe

C:\Windows\System\tGkPKzY.exe

C:\Windows\System\lJKAwkz.exe

C:\Windows\System\lJKAwkz.exe

C:\Windows\System\jsDMuLT.exe

C:\Windows\System\jsDMuLT.exe

C:\Windows\System\zUihUwm.exe

C:\Windows\System\zUihUwm.exe

C:\Windows\System\UInnFLZ.exe

C:\Windows\System\UInnFLZ.exe

C:\Windows\System\VPOYBSM.exe

C:\Windows\System\VPOYBSM.exe

C:\Windows\System\gxbVtCp.exe

C:\Windows\System\gxbVtCp.exe

C:\Windows\System\NWfZUft.exe

C:\Windows\System\NWfZUft.exe

C:\Windows\System\zqZmaMk.exe

C:\Windows\System\zqZmaMk.exe

C:\Windows\System\mEygFyd.exe

C:\Windows\System\mEygFyd.exe

C:\Windows\System\JMHeXly.exe

C:\Windows\System\JMHeXly.exe

C:\Windows\System\WggbdYv.exe

C:\Windows\System\WggbdYv.exe

C:\Windows\System\ZSHKjIA.exe

C:\Windows\System\ZSHKjIA.exe

C:\Windows\System\GzKGWoe.exe

C:\Windows\System\GzKGWoe.exe

C:\Windows\System\RONOpSR.exe

C:\Windows\System\RONOpSR.exe

C:\Windows\System\ikbtfiF.exe

C:\Windows\System\ikbtfiF.exe

C:\Windows\System\SACLyGZ.exe

C:\Windows\System\SACLyGZ.exe

C:\Windows\System\abvzIUN.exe

C:\Windows\System\abvzIUN.exe

C:\Windows\System\LDIdDUn.exe

C:\Windows\System\LDIdDUn.exe

C:\Windows\System\UueSKwy.exe

C:\Windows\System\UueSKwy.exe

C:\Windows\System\wRjiORk.exe

C:\Windows\System\wRjiORk.exe

C:\Windows\System\XDYGYgY.exe

C:\Windows\System\XDYGYgY.exe

C:\Windows\System\rHyaSgn.exe

C:\Windows\System\rHyaSgn.exe

C:\Windows\System\pjkoJGD.exe

C:\Windows\System\pjkoJGD.exe

C:\Windows\System\tugfgUo.exe

C:\Windows\System\tugfgUo.exe

C:\Windows\System\vfXrMPO.exe

C:\Windows\System\vfXrMPO.exe

C:\Windows\System\oRNlOwk.exe

C:\Windows\System\oRNlOwk.exe

C:\Windows\System\PimdZbw.exe

C:\Windows\System\PimdZbw.exe

C:\Windows\System\ENHBICy.exe

C:\Windows\System\ENHBICy.exe

C:\Windows\System\xGssqih.exe

C:\Windows\System\xGssqih.exe

C:\Windows\System\MmfXwLr.exe

C:\Windows\System\MmfXwLr.exe

C:\Windows\System\rKcLnEz.exe

C:\Windows\System\rKcLnEz.exe

C:\Windows\System\KdFQuEa.exe

C:\Windows\System\KdFQuEa.exe

C:\Windows\System\whvIsOr.exe

C:\Windows\System\whvIsOr.exe

C:\Windows\System\OTtSvpY.exe

C:\Windows\System\OTtSvpY.exe

C:\Windows\System\vMfSmhd.exe

C:\Windows\System\vMfSmhd.exe

C:\Windows\System\LHrSaHS.exe

C:\Windows\System\LHrSaHS.exe

C:\Windows\System\lWycTXC.exe

C:\Windows\System\lWycTXC.exe

C:\Windows\System\LBdtjXw.exe

C:\Windows\System\LBdtjXw.exe

C:\Windows\System\uBdcWSe.exe

C:\Windows\System\uBdcWSe.exe

C:\Windows\System\XWfVPkL.exe

C:\Windows\System\XWfVPkL.exe

C:\Windows\System\XiCsnff.exe

C:\Windows\System\XiCsnff.exe

C:\Windows\System\FfBWaPS.exe

C:\Windows\System\FfBWaPS.exe

C:\Windows\System\RzePhKA.exe

C:\Windows\System\RzePhKA.exe

C:\Windows\System\RiOfiNh.exe

C:\Windows\System\RiOfiNh.exe

C:\Windows\System\BfKUBJF.exe

C:\Windows\System\BfKUBJF.exe

C:\Windows\System\mIdHLym.exe

C:\Windows\System\mIdHLym.exe

C:\Windows\System\IMdSPUw.exe

C:\Windows\System\IMdSPUw.exe

C:\Windows\System\GGxvLUF.exe

C:\Windows\System\GGxvLUF.exe

C:\Windows\System\FRPISRd.exe

C:\Windows\System\FRPISRd.exe

C:\Windows\System\lyNddMP.exe

C:\Windows\System\lyNddMP.exe

C:\Windows\System\rcMMEMf.exe

C:\Windows\System\rcMMEMf.exe

C:\Windows\System\YHVzLOD.exe

C:\Windows\System\YHVzLOD.exe

C:\Windows\System\vKaiHbJ.exe

C:\Windows\System\vKaiHbJ.exe

C:\Windows\System\zcTkiXZ.exe

C:\Windows\System\zcTkiXZ.exe

C:\Windows\System\duNMoHb.exe

C:\Windows\System\duNMoHb.exe

C:\Windows\System\KWKKpGY.exe

C:\Windows\System\KWKKpGY.exe

C:\Windows\System\RNVYSJG.exe

C:\Windows\System\RNVYSJG.exe

C:\Windows\System\gzkOkQA.exe

C:\Windows\System\gzkOkQA.exe

C:\Windows\System\fJvqTbb.exe

C:\Windows\System\fJvqTbb.exe

C:\Windows\System\qmQVXqv.exe

C:\Windows\System\qmQVXqv.exe

C:\Windows\System\YZbcXeP.exe

C:\Windows\System\YZbcXeP.exe

C:\Windows\System\VUPjVkD.exe

C:\Windows\System\VUPjVkD.exe

C:\Windows\System\TgFBIcF.exe

C:\Windows\System\TgFBIcF.exe

C:\Windows\System\KHyaaHJ.exe

C:\Windows\System\KHyaaHJ.exe

C:\Windows\System\kTQiVhb.exe

C:\Windows\System\kTQiVhb.exe

C:\Windows\System\CKfPoqC.exe

C:\Windows\System\CKfPoqC.exe

C:\Windows\System\XWJQouO.exe

C:\Windows\System\XWJQouO.exe

C:\Windows\System\dqZyLSh.exe

C:\Windows\System\dqZyLSh.exe

C:\Windows\System\qsHRpwf.exe

C:\Windows\System\qsHRpwf.exe

C:\Windows\System\iAlfprx.exe

C:\Windows\System\iAlfprx.exe

C:\Windows\System\rcxWpAJ.exe

C:\Windows\System\rcxWpAJ.exe

C:\Windows\System\OXqGxxn.exe

C:\Windows\System\OXqGxxn.exe

C:\Windows\System\bRoYema.exe

C:\Windows\System\bRoYema.exe

C:\Windows\System\loUINry.exe

C:\Windows\System\loUINry.exe

C:\Windows\System\sOtAwyR.exe

C:\Windows\System\sOtAwyR.exe

C:\Windows\System\JGbrDdK.exe

C:\Windows\System\JGbrDdK.exe

C:\Windows\System\FeBdtDE.exe

C:\Windows\System\FeBdtDE.exe

C:\Windows\System\SYuZCTw.exe

C:\Windows\System\SYuZCTw.exe

C:\Windows\System\dHLrnGw.exe

C:\Windows\System\dHLrnGw.exe

C:\Windows\System\HzZCKiY.exe

C:\Windows\System\HzZCKiY.exe

C:\Windows\System\hxiFVSv.exe

C:\Windows\System\hxiFVSv.exe

C:\Windows\System\UPdXhUv.exe

C:\Windows\System\UPdXhUv.exe

C:\Windows\System\IcVysti.exe

C:\Windows\System\IcVysti.exe

C:\Windows\System\CTTySPS.exe

C:\Windows\System\CTTySPS.exe

C:\Windows\System\yKIOpAb.exe

C:\Windows\System\yKIOpAb.exe

C:\Windows\System\pyRySII.exe

C:\Windows\System\pyRySII.exe

C:\Windows\System\ujxLyYH.exe

C:\Windows\System\ujxLyYH.exe

C:\Windows\System\AtrNtWm.exe

C:\Windows\System\AtrNtWm.exe

C:\Windows\System\JEQQaGy.exe

C:\Windows\System\JEQQaGy.exe

C:\Windows\System\WjmMXzv.exe

C:\Windows\System\WjmMXzv.exe

C:\Windows\System\XuSliTB.exe

C:\Windows\System\XuSliTB.exe

C:\Windows\System\uienybs.exe

C:\Windows\System\uienybs.exe

C:\Windows\System\vKjSNrj.exe

C:\Windows\System\vKjSNrj.exe

C:\Windows\System\bgRKoKD.exe

C:\Windows\System\bgRKoKD.exe

C:\Windows\System\gHszOYu.exe

C:\Windows\System\gHszOYu.exe

C:\Windows\System\QWLTUak.exe

C:\Windows\System\QWLTUak.exe

C:\Windows\System\SIiHkEs.exe

C:\Windows\System\SIiHkEs.exe

C:\Windows\System\locUqQi.exe

C:\Windows\System\locUqQi.exe

C:\Windows\System\DRUwFyw.exe

C:\Windows\System\DRUwFyw.exe

C:\Windows\System\oIsRdue.exe

C:\Windows\System\oIsRdue.exe

C:\Windows\System\ffCpsuv.exe

C:\Windows\System\ffCpsuv.exe

C:\Windows\System\CoPspJY.exe

C:\Windows\System\CoPspJY.exe

C:\Windows\System\kWlfEDx.exe

C:\Windows\System\kWlfEDx.exe

C:\Windows\System\FMpLLYV.exe

C:\Windows\System\FMpLLYV.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

memory/1232-0-0x00007FF7D1F50000-0x00007FF7D22A4000-memory.dmp

memory/1232-1-0x000001E1AA190000-0x000001E1AA1A0000-memory.dmp

C:\Windows\System\oqscaEY.exe

MD5 cf0a504f547f5f52e79b80f5087d18bd
SHA1 e4d127011b498ef45372a3c31b9da12bcbfe0834
SHA256 42fbd4cb409147f05dc314391c33924220c1752a8208790b98a15663d5bb7f30
SHA512 82b4a0c6368b513a14a0e160458b5261d3dbb1c606db896f11ad8601f86cabc6abf31faaf41d435dc346d2382bfbc355580c7cef2f03796acd0d15d04837f03c

C:\Windows\System\YvalcPg.exe

MD5 582986430148f1bcda666db38962c166
SHA1 b26ee591a632bd390b5ea9533c75deacc3c07391
SHA256 427921ce876ec8d706c878a5dce76b77fc072bde5409d424e1aa5d3213ae0503
SHA512 4420973bdc352f58d6c353f32780342b4bdc931ecd73027c6c9b82f6c92b301c3e70e230bc050edfd7d082fb1c2aa37a3ef9150c485f305a72577be07d03924f

C:\Windows\System\ZXnGLEF.exe

MD5 14d131075d265d59d85aac0f13e37c86
SHA1 bb2acd5af95083b0a0dfd9e709889344e7619cd5
SHA256 81708b8a4e51fa255366e80bfa047c747b068cff24f975d9254c22ddcf65957d
SHA512 9420aaa01b985b54139e4f160f13cf8fdd7e30bf2e6e004ccf909ebe47d179008d6eb83e4eeab0f57165d9783442ac5fad5eb901091f16602a17d3dee31bbc10

C:\Windows\System\jsOEUwe.exe

MD5 4a4a9aa7286d8c4cc038fdb1587429d1
SHA1 b1e337b6c4502b84366501c132153e28c2cb658a
SHA256 577d966be445fcb7c2a408074b38e4a5f5366c4efd8b48575829a416091384c9
SHA512 b06e290b0e33581c7983e50ddabc0c54fbf2b75b726c04ed5319f82f85b69ab7c308d8bbb578ff9c4a06200b5e5083e62fe13a752533e7a1a1294dd290bcc6f0

C:\Windows\System\sPiNUKe.exe

MD5 f9b6f2b7423657a9938a149d504e4248
SHA1 95a5a501be52f28f20c667c5e03dccc9a3bc22cc
SHA256 82d299d20a3497e74a9df6464d41a711f2b85da396ee25f0707ce675c926e9ac
SHA512 4b1db120cb50c24352058d066d40641974e2f3941640dd8d5cb4b52cb561df42ce11013d2627e6cfa4be4813eb4df9d1ceefe6f41e44901692665c6cb98fab4c

memory/2720-35-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

C:\Windows\System\DWecGUC.exe

MD5 5465cc35ec49c435629f6652fb5f457f
SHA1 b27bdb626a8db2ef91b01386199547f5eb7ed545
SHA256 63e7d594b4c71c3c282bbd37ae46e5d4f2df34c33f43c77ef7788db04830b824
SHA512 1c527c4b45a4bee19c601b3135fdf029eeef4480b3a7faeecd9c6d48feee687a5846baf0eefb78d3c32dec877d7cc0cae2d0431231fabf7d82a34f0bf712f389

memory/4504-52-0x00007FF67D760000-0x00007FF67DAB4000-memory.dmp

memory/2608-64-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp

memory/4664-82-0x00007FF79C110000-0x00007FF79C464000-memory.dmp

memory/2916-89-0x00007FF630220000-0x00007FF630574000-memory.dmp

C:\Windows\System\YgbLwPH.exe

MD5 ffbeac65eae374722b07d7ec131c97d0
SHA1 2b1dbffd34481df25fcdf580ba8dd1fabef55eae
SHA256 c8281dc0b3e49ac8badf1246f418939a0c059a3bd190b8fe4df97dadd9e9c61e
SHA512 2c7117dc8c5ee3630058dfc1dc5eb9d55a380874e253b1fb44f1d8bc82b3622517a0aa33b640c24d3c020a32cdb6d19106aed055aa48d8647c8c9fd90805fd53

C:\Windows\System\ykbVwEe.exe

MD5 f15846a168e2e7d4664dca72da1ff3db
SHA1 7d04c62362309e44de0dc162d27730bf18c2098e
SHA256 82cd7a8e1ee56248ad45cfacf8b234d68e3f51a6ecdcf9fbac65f8e73ee7ff88
SHA512 664ad697165351cc2996e4eb55e179eedd35ed7154f310beeb7671b72046ab48b57a3e301a4cf98eaa1260f9c7ab972a7a603f36059d7a5233050213c4e140ba

C:\Windows\System\HOpCBGK.exe

MD5 8608bcace0214dfa0ff3a7cf0bbf2dbc
SHA1 2be8b9a0ab4cb6b28159dd6c832f7b6c3d424145
SHA256 6e8595d89ac75dcda16e9a9a270c2e7fc274fac879b6e6352fbbca314b52c9e7
SHA512 eb97d11d6c2a2b1abc701ae079d1aaa7c06f75d884d0ab670eb4bb060163da7de7dd5e575d7fa216500900d6b4740dd00e6976901e3cec0b4f5386c823d68f0a

memory/4376-158-0x00007FF6DD330000-0x00007FF6DD684000-memory.dmp

memory/3996-164-0x00007FF6B3110000-0x00007FF6B3464000-memory.dmp

memory/412-163-0x00007FF6FBD20000-0x00007FF6FC074000-memory.dmp

memory/2648-162-0x00007FF733250000-0x00007FF7335A4000-memory.dmp

memory/2856-161-0x00007FF6ECA60000-0x00007FF6ECDB4000-memory.dmp

memory/1536-160-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp

memory/3940-159-0x00007FF616E80000-0x00007FF6171D4000-memory.dmp

memory/3764-157-0x00007FF603650000-0x00007FF6039A4000-memory.dmp

memory/2876-156-0x00007FF61ADE0000-0x00007FF61B134000-memory.dmp

memory/3972-155-0x00007FF7AC500000-0x00007FF7AC854000-memory.dmp

memory/464-154-0x00007FF68C9C0000-0x00007FF68CD14000-memory.dmp

C:\Windows\System\YQwXMba.exe

MD5 100ee571ab087bb502e904483d0aaafe
SHA1 495b9e01ef1947c4a8bc319db08ee40be25c8826
SHA256 18a3ae3768bf8fa966ba2465fe108f01981157ab397bd4d23c42f947cf55f8c0
SHA512 6939195f9da4323bead46c748d073272ed90a5e6e1c311b31e2c569c2423bfe6f2660282f90db6f25a7e97341b38aa5acccb58ca4e0c63c4adac9b2bede6bcc8

C:\Windows\System\FXILXlk.exe

MD5 a20fd17cbdebd8e55d2c9323a5f36554
SHA1 720ce076f6ab9443aef25d516edeb581306a6046
SHA256 4cd294e8049f964b0d056c2c31c66bcf250200c46f392ddea5edb633f3f57d8b
SHA512 6078c3b1a8912b939b0a08f8da2c7c8277dab318567eeb24e6835d6398fe72bfcb694c24490e05a1e6706f3db939e11c5d02c8d3f43cb0d3bfb69291baf7a8e9

C:\Windows\System\psBDjwu.exe

MD5 10413b0dfb261ba1e41b700b2308c170
SHA1 3544026b2c633381da2a1c8076065b2aaebe9363
SHA256 91eed46f729b1aa8f3a869b1f00cf2fabdf7ea2e1a93e82586fb93ad8a52a49a
SHA512 c8b28a642728baa4a2d43c5f74bcbcb2d99f63d2e141ccd96c00951236cc79dab7efab31803c4bf837575a511ace75519c95e590b763492502e40bf05ce40b81

memory/2472-145-0x00007FF6F8030000-0x00007FF6F8384000-memory.dmp

memory/3316-144-0x00007FF723060000-0x00007FF7233B4000-memory.dmp

memory/1540-143-0x00007FF6C4D60000-0x00007FF6C50B4000-memory.dmp

C:\Windows\System\dQsGCjw.exe

MD5 d36f2925dde1ac18749c5133792f9da3
SHA1 45747c2cc66efd0fd4db1b0a8f87761de06be78d
SHA256 83a9d17f9ff6456ccd1ba4936714f8b0f445fea9048dc749180c61628e1c130e
SHA512 569a20efd06a2569c08f6da3fa2c16a30ca86306d3e73d05717e2a093d8f6534aff154a305b1766a987cc7f3cb79c2292e890ef1fa752a2dbd76e247bd654871

C:\Windows\System\CsaMyRS.exe

MD5 c72cbb3bd1926e0e89e3029dab9f7b5f
SHA1 c55351b2079495afb7b54003fb42efac2d3c4e76
SHA256 b64df251e99802abef50506d4067ca019e83811ca0a27d144ad53e2269d7e4f6
SHA512 0b96b415558cd046337788448b7a212a0ed9615927ea1f87d094c14ee7548f994eb5797baa12b9266e516807ddaa8a18d6bd5334e1a5145c951221eb1a4066e0

C:\Windows\System\lfslLpc.exe

MD5 9ca5a08d614238d0107777c498be02a5
SHA1 f3e9c76f271801821b7a0b38ae73fbd0f610160c
SHA256 2dff1104f47798747706090a55bea6d90b511f0be93091b30d3e46121321eeb1
SHA512 eab52ff1a005c871c2bc366e3573a7425cac1565e70040b6152c7d2c6ea80324225b335517b74d3ffc68e67d5769f66931db006cf3a88ca07a4b51dd36282237

C:\Windows\System\uCoTbtn.exe

MD5 52b99b909deb8902478efe42292c9702
SHA1 34cca45cef268e67871668f26b20866c23f4f407
SHA256 d64b9fa2f595ef69313358455fb6864a13a9df90e77726c2c502a0e679484c77
SHA512 c30c75fb5b3154f46f6e42c6b1ca95522750d2dca071a492c85a3834d4c0fee7c93e2dd4a3acc9287e52129e679086773388102eeeaed0bfa902b3e0a57fefa1

memory/3568-132-0x00007FF697260000-0x00007FF6975B4000-memory.dmp

memory/384-127-0x00007FF66DB20000-0x00007FF66DE74000-memory.dmp

memory/3292-124-0x00007FF623660000-0x00007FF6239B4000-memory.dmp

C:\Windows\System\hTEfbmq.exe

MD5 01ab6de3f583b666d5024c7c656a595d
SHA1 7ed0ea0ada8eaf70945370573c53ccc2cc845fb1
SHA256 62ec680abc75df432ef5d68b42d43bc79d8a31409af3d6aad9252fc9d2f4ccf9
SHA512 616729b7092009b42fec2fdc88a55d796b629728dc444e43ef7ddbf102416b1b90eed03aa98547a0f0b1321f02e8a1c1e74413714b1eb6c3933eb4b17de10208

C:\Windows\System\ggZyxqB.exe

MD5 ddc5b4e550dba030ebad930b9dd9af90
SHA1 2baa7ba0c488d82dd161488d9e5ce42d4e24c996
SHA256 90145e6586240dbfe0c9a26c475935477a3a837237ab892913f5b9df70576aa3
SHA512 32b358b991f7863f722a1a46e45d9da3d018ff17729ca59a732faabd03243401fcc97469f0ffc8ccc91b80306aca994e3181b35ff3dbecae0c89515d8682e0dc

memory/1788-104-0x00007FF683920000-0x00007FF683C74000-memory.dmp

C:\Windows\System\wlWbHuS.exe

MD5 0540a67db5ee55f50bc5ded702a9a763
SHA1 928222c60bd9185c266b167da587ee5e95216b41
SHA256 d90d9e0ac59f92b76854b61a6748aaea3eaa4050366e4af91e24bc8849206fd3
SHA512 76c14f0d98b0e92480f5fd11c04cb4b7c85affd85b86607dec9a2801c71e29290bee0c33ac47c49c6cd3969d821fba85e3d724c04d486ac0cb6e8375362ef33a

memory/5116-90-0x00007FF652DD0000-0x00007FF653124000-memory.dmp

C:\Windows\System\lSTjAIr.exe

MD5 29165605e6cf7b0ae09e9be9a73b23fb
SHA1 4cc485b3301668fb997cdcdec541c446dd02ac6b
SHA256 a95cf643668852ca29ff8e4f3a0227798b9f95206a73d01efec74d2c75b3c58f
SHA512 7f14e6505942da1b2a1b63482c34b9c851b55d361fabf69c7978f7cb3e88485679a54d61283a1af8e97efb6366c18e3b425c0f5fb4a24f5555d7b00dc7909515

C:\Windows\System\QlRiMkB.exe

MD5 7b666b6065e41f0019b0afb4a1fd0c5b
SHA1 22a947553c2a915712b70592a620a9d6215e8245
SHA256 c52cf9d4c15831dd54763b0f17281c553d02e472dbcfdb44eb68cec6c2dc0253
SHA512 db7813d199eab7e4e0216298ca285c39570474307ce41824d58175052ea5ccbf254c2f261502efd9fb50a020db44a2639337ec1409a910c3a5d37eaebe40e270

memory/656-81-0x00007FF767B10000-0x00007FF767E64000-memory.dmp

C:\Windows\System\HXzgsTS.exe

MD5 4a0890e79eaf2187d48fb3397aa078e2
SHA1 4f4ad0d48e3bf01782df4dc86fc38fd0ee53e403
SHA256 815816cf9ce9c88009b0d62ed6ec913511c9052261c31ca81437c56a0e985837
SHA512 9d0229b4f2992433e9521a819b14753c690832c9b29094170da60b5387559c36f89df62995abe50d781f552955157912889c5f29d705627133c997046e77dfff

C:\Windows\System\wdoksAa.exe

MD5 474a49254ff69b6c5c260e51d712c769
SHA1 00d4ddefba39dc1bd6d3ec0b4f2540551a4506bb
SHA256 e6082d797a9db081e977e613e1c6f0b2870755e76fb211e76211459ac5e845d0
SHA512 cb60c2a9a27ce87a829a15e5f3b6913b77197085fc7d22e7c87198a379cc7de4c38c6d7e5e6bb2bf00716a10c278e7459117fdf04dff1f891329da3da8d5f8ad

memory/1328-69-0x00007FF60A340000-0x00007FF60A694000-memory.dmp

C:\Windows\System\alAYgjW.exe

MD5 f44e76f04b64315194ec71ebd913c64a
SHA1 3d804f801fe6269fbd51487888ce164387b2e288
SHA256 54a4fa58901d4aa080d525b586aae6500053f7210bfe4ad19b927e45ca561fb3
SHA512 1accadc31d765780bc7410ec567c171d15e548a2c8d7197f98f91266ae186237ece0a50d99d78364c5b2e91d6b927c1951c4422b02c590ea3cb727c962e66705

C:\Windows\System\aKEhOBt.exe

MD5 a50d5a6d3e160ff7b95f5d51a750dfc5
SHA1 52b07086837bfd63fadf86088b20208e57400410
SHA256 8412171e275312341477be1e76100ea3c3694dd11b7a159adead6879e4801b9c
SHA512 7489c667e364b3b7f79a5845b09bc1fc58195b82d62ac5441bbb95edbbdd1cf2305f62c0fc7da4f59358b5cfb00fc8bffe3e234f737365092bcf4f9bb28c8600

C:\Windows\System\KWCZPbJ.exe

MD5 fab8972df30e006d7695d8497bd98d18
SHA1 d9acc5c6f6e555185e4563ba51577e273ea1f3ad
SHA256 a7c3522f657a850876d8de6db09d0cfe57c9f2d4a0a155c4ddeb7da12bdcd6f0
SHA512 fe293c2ee8d20e938ccf6e34650b089fd999091db7d41115d7dd5fe250ac2534602a4c47eb4b56f2425bea2af802948bc91de8a5508258f9a1d3e6b6850b4a3c

C:\Windows\System\KknUFhi.exe

MD5 b343f9fe9f25b5b94caeb383ad3ffaa6
SHA1 f1b6cfa1f921a7a3256a921f55ee6ee52bd8ef73
SHA256 3f670ac9eaf1ba3e3ab646b76737b33b73713e88b01efda768e2b39e2a0cfbb8
SHA512 e9cc47c0ccff462fd80e1450a630d1ca45f17077c99b58032f11a0f30cd13e858bab9bbf66e7d29f78025c476afd4890c54a11bb502bc11077b0899dba7d2408

memory/4116-22-0x00007FF7C1B80000-0x00007FF7C1ED4000-memory.dmp

C:\Windows\System\AruneHP.exe

MD5 d63634e3052fc6f561bca6ddd8832c85
SHA1 5ef99ac8839fa9de3c7405d1cce9c8979c5dca30
SHA256 5747535cf07080bc3f651819f4f28d5727b4a71bdac2ec1873eb228f2b60798c
SHA512 418a67b0f05225dcbfa2d5d591a01307fe979291ca9753e08ca2d3bfcdf58d0eb89769f5b8de480cbf330e9cfd33b234f2d8e7c907e7a86c21763f2d42207aea

C:\Windows\System\XeCWYbC.exe

MD5 a9a62412a946a79af8f53c3e1c131ba7
SHA1 aeebb4254e1b8a5f265327896eedc631defc8473
SHA256 d1bc4a2c99f337c441c746591bf5b30399771d077912ef7895bfb94695c88e3f
SHA512 b1514f228c03089bddb68dc179f39891ebffcc6416ead239b1347a47d201ae11593bf85539d99de6e1e909e7700a73eebdd380531530a3188b65b37608e5d944

C:\Windows\System\dOUxTzB.exe

MD5 815a85a3b2ee395e89cc5639a106657d
SHA1 654fd5d796ae51e3a363f81084aaa1bdc58773f2
SHA256 6a740643ab5d1021e0868d379d43f8671bbba398c9a965891c1b60aca453b834
SHA512 ea5961ffe77ce8563ec4ee17fdc51eae92a9d5bdf1775381e1fe746668237c537392810ea9ddfec39c5e2681220649ec14e30c754f5506add79a32771efdace0

C:\Windows\System\dtXFTFn.exe

MD5 6a603054188aca00f601bb301b8ad4b3
SHA1 5f565a8582fe3b534ab1194f2c6d44d0e29107ef
SHA256 8e87d25e621a5d8a92dd8263a59879f41086293bd17be23f052f4ed580a98d49
SHA512 ca188dcbae13d399edf78ac141b11b434287356e5cbaf1633c5c6196a34d8625380e01492ac9d97421c03422aa13d599598af9a803ba28c25e7bb27abe85bcef

memory/3248-189-0x00007FF6087B0000-0x00007FF608B04000-memory.dmp

C:\Windows\System\dOrXcgx.exe

MD5 cf3caa863debda80c732a85869f2bd86
SHA1 ecc080f32cc5667bcc143267d39c9d3457ff35b7
SHA256 b07b39b45bc04956c2db5fb8004902674cec98d7f9040c4971a590ca97cdf692
SHA512 a3dd09e42919414eda2768839ba7231a9dff15a60bfeabf44497575db4ade4eef980ae802fe1f38957a166bf1f846e4db950b717c27bace20e1c767e3b078ad4

memory/2896-177-0x00007FF7E73B0000-0x00007FF7E7704000-memory.dmp

C:\Windows\System\WGnIdWr.exe

MD5 576578e73bbee0ea5b6f30e210feae81
SHA1 1344c4d8015dab1eeb884a5b67f9f1a137b1005e
SHA256 e58e7f0c4faeada7929ea52b3a7d6621231932a01db36d9025a364f1b453c8a4
SHA512 1684bfc5c3ec84cd3f5a96e66e792bda316fc6986e31f6ed8d9e94464e6e6862b33923bb9214968dc4c8b18e85cfdd674e794c0895adc0a7ef778fd1edb0df26

memory/1232-1070-0x00007FF7D1F50000-0x00007FF7D22A4000-memory.dmp

memory/2608-1071-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp

memory/3292-1072-0x00007FF623660000-0x00007FF6239B4000-memory.dmp

memory/2916-1073-0x00007FF630220000-0x00007FF630574000-memory.dmp

memory/3568-1074-0x00007FF697260000-0x00007FF6975B4000-memory.dmp

memory/1540-1075-0x00007FF6C4D60000-0x00007FF6C50B4000-memory.dmp

memory/2896-1076-0x00007FF7E73B0000-0x00007FF7E7704000-memory.dmp

memory/4116-1077-0x00007FF7C1B80000-0x00007FF7C1ED4000-memory.dmp

memory/2720-1078-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

memory/3764-1079-0x00007FF603650000-0x00007FF6039A4000-memory.dmp

memory/4504-1080-0x00007FF67D760000-0x00007FF67DAB4000-memory.dmp

memory/4376-1081-0x00007FF6DD330000-0x00007FF6DD684000-memory.dmp

memory/2608-1082-0x00007FF6D1320000-0x00007FF6D1674000-memory.dmp

memory/1328-1084-0x00007FF60A340000-0x00007FF60A694000-memory.dmp

memory/656-1083-0x00007FF767B10000-0x00007FF767E64000-memory.dmp

memory/1536-1091-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp

memory/1540-1099-0x00007FF6C4D60000-0x00007FF6C50B4000-memory.dmp

memory/464-1101-0x00007FF68C9C0000-0x00007FF68CD14000-memory.dmp

memory/2876-1102-0x00007FF61ADE0000-0x00007FF61B134000-memory.dmp

memory/3972-1100-0x00007FF7AC500000-0x00007FF7AC854000-memory.dmp

memory/3316-1098-0x00007FF723060000-0x00007FF7233B4000-memory.dmp

memory/2472-1097-0x00007FF6F8030000-0x00007FF6F8384000-memory.dmp

memory/412-1096-0x00007FF6FBD20000-0x00007FF6FC074000-memory.dmp

memory/4664-1095-0x00007FF79C110000-0x00007FF79C464000-memory.dmp

memory/3568-1094-0x00007FF697260000-0x00007FF6975B4000-memory.dmp

memory/5116-1093-0x00007FF652DD0000-0x00007FF653124000-memory.dmp

memory/3940-1092-0x00007FF616E80000-0x00007FF6171D4000-memory.dmp

memory/2916-1090-0x00007FF630220000-0x00007FF630574000-memory.dmp

memory/1788-1089-0x00007FF683920000-0x00007FF683C74000-memory.dmp

memory/2856-1088-0x00007FF6ECA60000-0x00007FF6ECDB4000-memory.dmp

memory/3292-1087-0x00007FF623660000-0x00007FF6239B4000-memory.dmp

memory/384-1086-0x00007FF66DB20000-0x00007FF66DE74000-memory.dmp

memory/2648-1085-0x00007FF733250000-0x00007FF7335A4000-memory.dmp

memory/3996-1103-0x00007FF6B3110000-0x00007FF6B3464000-memory.dmp

memory/3248-1104-0x00007FF6087B0000-0x00007FF608B04000-memory.dmp

memory/2896-1105-0x00007FF7E73B0000-0x00007FF7E7704000-memory.dmp