Malware Analysis Report

2024-10-10 09:50

Sample ID 240622-fjxptsygkg
Target 80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe
SHA256 80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247

Threat Level: Known bad

The file 80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Kpot family

KPOT Core Executable

xmrig

KPOT

XMRig Miner payload

Xmrig family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-22 04:54

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 04:54

Reported

2024-06-22 04:57

Platform

win7-20240508-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\SXMGIwS.exe N/A
N/A N/A C:\Windows\System\kIerUen.exe N/A
N/A N/A C:\Windows\System\iGhkjPp.exe N/A
N/A N/A C:\Windows\System\EsaPNOz.exe N/A
N/A N/A C:\Windows\System\HSDIJWw.exe N/A
N/A N/A C:\Windows\System\GMBaObT.exe N/A
N/A N/A C:\Windows\System\aZCzKja.exe N/A
N/A N/A C:\Windows\System\FQcPSIY.exe N/A
N/A N/A C:\Windows\System\XRcTyJP.exe N/A
N/A N/A C:\Windows\System\TbOEpLc.exe N/A
N/A N/A C:\Windows\System\RtDyIAC.exe N/A
N/A N/A C:\Windows\System\yklNYYh.exe N/A
N/A N/A C:\Windows\System\BMEIPWs.exe N/A
N/A N/A C:\Windows\System\CcbQpCt.exe N/A
N/A N/A C:\Windows\System\AVBBqKx.exe N/A
N/A N/A C:\Windows\System\ATaRJIN.exe N/A
N/A N/A C:\Windows\System\wCgKrQt.exe N/A
N/A N/A C:\Windows\System\YgRHkVX.exe N/A
N/A N/A C:\Windows\System\lhZbDQp.exe N/A
N/A N/A C:\Windows\System\XFetKvO.exe N/A
N/A N/A C:\Windows\System\zGyEWKB.exe N/A
N/A N/A C:\Windows\System\AfiNOqM.exe N/A
N/A N/A C:\Windows\System\TzmxlDa.exe N/A
N/A N/A C:\Windows\System\WquFMSs.exe N/A
N/A N/A C:\Windows\System\FQZzDMY.exe N/A
N/A N/A C:\Windows\System\OcuTBCL.exe N/A
N/A N/A C:\Windows\System\eQoBQoT.exe N/A
N/A N/A C:\Windows\System\FOIqTUu.exe N/A
N/A N/A C:\Windows\System\AjsfRgv.exe N/A
N/A N/A C:\Windows\System\rrBBcPE.exe N/A
N/A N/A C:\Windows\System\TQMqEvS.exe N/A
N/A N/A C:\Windows\System\EqUznhE.exe N/A
N/A N/A C:\Windows\System\XuLlBKX.exe N/A
N/A N/A C:\Windows\System\zXpYMhz.exe N/A
N/A N/A C:\Windows\System\UFHbHpE.exe N/A
N/A N/A C:\Windows\System\cQCgvbk.exe N/A
N/A N/A C:\Windows\System\LPXCRTM.exe N/A
N/A N/A C:\Windows\System\gQQoOjv.exe N/A
N/A N/A C:\Windows\System\vqmgLKi.exe N/A
N/A N/A C:\Windows\System\pkWZqkv.exe N/A
N/A N/A C:\Windows\System\XfboYNF.exe N/A
N/A N/A C:\Windows\System\glDwBNM.exe N/A
N/A N/A C:\Windows\System\cfbyVjd.exe N/A
N/A N/A C:\Windows\System\VRMxuQI.exe N/A
N/A N/A C:\Windows\System\osPYylz.exe N/A
N/A N/A C:\Windows\System\CigGKpz.exe N/A
N/A N/A C:\Windows\System\JDzqPNm.exe N/A
N/A N/A C:\Windows\System\WrUBqwj.exe N/A
N/A N/A C:\Windows\System\nmjTdet.exe N/A
N/A N/A C:\Windows\System\ABvUNLQ.exe N/A
N/A N/A C:\Windows\System\ERhDyDg.exe N/A
N/A N/A C:\Windows\System\HZswwEd.exe N/A
N/A N/A C:\Windows\System\SpwGkNU.exe N/A
N/A N/A C:\Windows\System\NctoZva.exe N/A
N/A N/A C:\Windows\System\kzdcGnI.exe N/A
N/A N/A C:\Windows\System\HreimVs.exe N/A
N/A N/A C:\Windows\System\aBVFEki.exe N/A
N/A N/A C:\Windows\System\BRnlDmJ.exe N/A
N/A N/A C:\Windows\System\bdvAvxQ.exe N/A
N/A N/A C:\Windows\System\umcfuCw.exe N/A
N/A N/A C:\Windows\System\UklJpfM.exe N/A
N/A N/A C:\Windows\System\ifoqczU.exe N/A
N/A N/A C:\Windows\System\JnbxSSt.exe N/A
N/A N/A C:\Windows\System\KFeuHUl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kzdcGnI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlMwwJl.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubNuxek.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\uZdzRXP.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrqXVlC.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\VBwTkBE.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhVfoCw.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ATaRJIN.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkvpVbL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggaOspD.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBMXNcg.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPSWYYk.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuNiCwi.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQAvnml.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\XXsmcAv.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHjsJIG.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgpaJQQ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmGHZyj.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMEIPWs.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcvecLG.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\cUwixDq.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcWHKED.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZRaNnU.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\Sfkbsvl.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfboYNF.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpwGkNU.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\pwTuSOs.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJRaqgr.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgRHkVX.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXpYMhz.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqbxBHD.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVYGvCF.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPpmuJW.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\UobnlUj.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\pUqpRwB.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVYYimL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHiqfuF.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVPjdcx.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFeuHUl.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\TWvSVjg.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyhcNjF.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\oupRXyZ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZyvohh.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\qbqEJAL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\sOHSzuQ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsoYnPn.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZBDoiU.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSwynAr.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\PCkuwuF.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQCgvbk.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\JDzqPNm.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\dsNItqK.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\AANYbcl.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUbOERR.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMIRPKy.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\YHcCqmb.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJAWtuc.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTvYUJS.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRMxuQI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\umcfuCw.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYPMgEn.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\CANMDMX.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKYsdjp.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\YqgnbzE.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SXMGIwS.exe
PID 2108 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SXMGIwS.exe
PID 2108 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SXMGIwS.exe
PID 2108 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\kIerUen.exe
PID 2108 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\kIerUen.exe
PID 2108 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\kIerUen.exe
PID 2108 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\HSDIJWw.exe
PID 2108 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\HSDIJWw.exe
PID 2108 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\HSDIJWw.exe
PID 2108 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\iGhkjPp.exe
PID 2108 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\iGhkjPp.exe
PID 2108 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\iGhkjPp.exe
PID 2108 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\GMBaObT.exe
PID 2108 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\GMBaObT.exe
PID 2108 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\GMBaObT.exe
PID 2108 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\EsaPNOz.exe
PID 2108 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\EsaPNOz.exe
PID 2108 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\EsaPNOz.exe
PID 2108 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\aZCzKja.exe
PID 2108 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\aZCzKja.exe
PID 2108 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\aZCzKja.exe
PID 2108 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\FQcPSIY.exe
PID 2108 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\FQcPSIY.exe
PID 2108 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\FQcPSIY.exe
PID 2108 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XRcTyJP.exe
PID 2108 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XRcTyJP.exe
PID 2108 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XRcTyJP.exe
PID 2108 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\TbOEpLc.exe
PID 2108 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\TbOEpLc.exe
PID 2108 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\TbOEpLc.exe
PID 2108 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\RtDyIAC.exe
PID 2108 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\RtDyIAC.exe
PID 2108 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\RtDyIAC.exe
PID 2108 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\yklNYYh.exe
PID 2108 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\yklNYYh.exe
PID 2108 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\yklNYYh.exe
PID 2108 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\BMEIPWs.exe
PID 2108 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\BMEIPWs.exe
PID 2108 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\BMEIPWs.exe
PID 2108 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\CcbQpCt.exe
PID 2108 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\CcbQpCt.exe
PID 2108 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\CcbQpCt.exe
PID 2108 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\AVBBqKx.exe
PID 2108 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\AVBBqKx.exe
PID 2108 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\AVBBqKx.exe
PID 2108 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\ATaRJIN.exe
PID 2108 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\ATaRJIN.exe
PID 2108 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\ATaRJIN.exe
PID 2108 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\wCgKrQt.exe
PID 2108 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\wCgKrQt.exe
PID 2108 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\wCgKrQt.exe
PID 2108 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YgRHkVX.exe
PID 2108 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YgRHkVX.exe
PID 2108 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YgRHkVX.exe
PID 2108 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\lhZbDQp.exe
PID 2108 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\lhZbDQp.exe
PID 2108 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\lhZbDQp.exe
PID 2108 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XFetKvO.exe
PID 2108 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XFetKvO.exe
PID 2108 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\XFetKvO.exe
PID 2108 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zGyEWKB.exe
PID 2108 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zGyEWKB.exe
PID 2108 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zGyEWKB.exe
PID 2108 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\AfiNOqM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe"

C:\Windows\System\SXMGIwS.exe

C:\Windows\System\SXMGIwS.exe

C:\Windows\System\kIerUen.exe

C:\Windows\System\kIerUen.exe

C:\Windows\System\HSDIJWw.exe

C:\Windows\System\HSDIJWw.exe

C:\Windows\System\iGhkjPp.exe

C:\Windows\System\iGhkjPp.exe

C:\Windows\System\GMBaObT.exe

C:\Windows\System\GMBaObT.exe

C:\Windows\System\EsaPNOz.exe

C:\Windows\System\EsaPNOz.exe

C:\Windows\System\aZCzKja.exe

C:\Windows\System\aZCzKja.exe

C:\Windows\System\FQcPSIY.exe

C:\Windows\System\FQcPSIY.exe

C:\Windows\System\XRcTyJP.exe

C:\Windows\System\XRcTyJP.exe

C:\Windows\System\TbOEpLc.exe

C:\Windows\System\TbOEpLc.exe

C:\Windows\System\RtDyIAC.exe

C:\Windows\System\RtDyIAC.exe

C:\Windows\System\yklNYYh.exe

C:\Windows\System\yklNYYh.exe

C:\Windows\System\BMEIPWs.exe

C:\Windows\System\BMEIPWs.exe

C:\Windows\System\CcbQpCt.exe

C:\Windows\System\CcbQpCt.exe

C:\Windows\System\AVBBqKx.exe

C:\Windows\System\AVBBqKx.exe

C:\Windows\System\ATaRJIN.exe

C:\Windows\System\ATaRJIN.exe

C:\Windows\System\wCgKrQt.exe

C:\Windows\System\wCgKrQt.exe

C:\Windows\System\YgRHkVX.exe

C:\Windows\System\YgRHkVX.exe

C:\Windows\System\lhZbDQp.exe

C:\Windows\System\lhZbDQp.exe

C:\Windows\System\XFetKvO.exe

C:\Windows\System\XFetKvO.exe

C:\Windows\System\zGyEWKB.exe

C:\Windows\System\zGyEWKB.exe

C:\Windows\System\AfiNOqM.exe

C:\Windows\System\AfiNOqM.exe

C:\Windows\System\TzmxlDa.exe

C:\Windows\System\TzmxlDa.exe

C:\Windows\System\WquFMSs.exe

C:\Windows\System\WquFMSs.exe

C:\Windows\System\FQZzDMY.exe

C:\Windows\System\FQZzDMY.exe

C:\Windows\System\OcuTBCL.exe

C:\Windows\System\OcuTBCL.exe

C:\Windows\System\eQoBQoT.exe

C:\Windows\System\eQoBQoT.exe

C:\Windows\System\FOIqTUu.exe

C:\Windows\System\FOIqTUu.exe

C:\Windows\System\AjsfRgv.exe

C:\Windows\System\AjsfRgv.exe

C:\Windows\System\rrBBcPE.exe

C:\Windows\System\rrBBcPE.exe

C:\Windows\System\TQMqEvS.exe

C:\Windows\System\TQMqEvS.exe

C:\Windows\System\EqUznhE.exe

C:\Windows\System\EqUznhE.exe

C:\Windows\System\XuLlBKX.exe

C:\Windows\System\XuLlBKX.exe

C:\Windows\System\zXpYMhz.exe

C:\Windows\System\zXpYMhz.exe

C:\Windows\System\UFHbHpE.exe

C:\Windows\System\UFHbHpE.exe

C:\Windows\System\cQCgvbk.exe

C:\Windows\System\cQCgvbk.exe

C:\Windows\System\LPXCRTM.exe

C:\Windows\System\LPXCRTM.exe

C:\Windows\System\gQQoOjv.exe

C:\Windows\System\gQQoOjv.exe

C:\Windows\System\vqmgLKi.exe

C:\Windows\System\vqmgLKi.exe

C:\Windows\System\pkWZqkv.exe

C:\Windows\System\pkWZqkv.exe

C:\Windows\System\XfboYNF.exe

C:\Windows\System\XfboYNF.exe

C:\Windows\System\glDwBNM.exe

C:\Windows\System\glDwBNM.exe

C:\Windows\System\cfbyVjd.exe

C:\Windows\System\cfbyVjd.exe

C:\Windows\System\VRMxuQI.exe

C:\Windows\System\VRMxuQI.exe

C:\Windows\System\osPYylz.exe

C:\Windows\System\osPYylz.exe

C:\Windows\System\CigGKpz.exe

C:\Windows\System\CigGKpz.exe

C:\Windows\System\JDzqPNm.exe

C:\Windows\System\JDzqPNm.exe

C:\Windows\System\WrUBqwj.exe

C:\Windows\System\WrUBqwj.exe

C:\Windows\System\nmjTdet.exe

C:\Windows\System\nmjTdet.exe

C:\Windows\System\ABvUNLQ.exe

C:\Windows\System\ABvUNLQ.exe

C:\Windows\System\ERhDyDg.exe

C:\Windows\System\ERhDyDg.exe

C:\Windows\System\HZswwEd.exe

C:\Windows\System\HZswwEd.exe

C:\Windows\System\SpwGkNU.exe

C:\Windows\System\SpwGkNU.exe

C:\Windows\System\NctoZva.exe

C:\Windows\System\NctoZva.exe

C:\Windows\System\kzdcGnI.exe

C:\Windows\System\kzdcGnI.exe

C:\Windows\System\HreimVs.exe

C:\Windows\System\HreimVs.exe

C:\Windows\System\aBVFEki.exe

C:\Windows\System\aBVFEki.exe

C:\Windows\System\BRnlDmJ.exe

C:\Windows\System\BRnlDmJ.exe

C:\Windows\System\bdvAvxQ.exe

C:\Windows\System\bdvAvxQ.exe

C:\Windows\System\umcfuCw.exe

C:\Windows\System\umcfuCw.exe

C:\Windows\System\UklJpfM.exe

C:\Windows\System\UklJpfM.exe

C:\Windows\System\ifoqczU.exe

C:\Windows\System\ifoqczU.exe

C:\Windows\System\JnbxSSt.exe

C:\Windows\System\JnbxSSt.exe

C:\Windows\System\KFeuHUl.exe

C:\Windows\System\KFeuHUl.exe

C:\Windows\System\UArGpim.exe

C:\Windows\System\UArGpim.exe

C:\Windows\System\SNUiUUt.exe

C:\Windows\System\SNUiUUt.exe

C:\Windows\System\NimewMc.exe

C:\Windows\System\NimewMc.exe

C:\Windows\System\RAItqOO.exe

C:\Windows\System\RAItqOO.exe

C:\Windows\System\RXLYvyO.exe

C:\Windows\System\RXLYvyO.exe

C:\Windows\System\MQAvnml.exe

C:\Windows\System\MQAvnml.exe

C:\Windows\System\zmrhyaw.exe

C:\Windows\System\zmrhyaw.exe

C:\Windows\System\SgfaYVL.exe

C:\Windows\System\SgfaYVL.exe

C:\Windows\System\XUaLfsX.exe

C:\Windows\System\XUaLfsX.exe

C:\Windows\System\CGgGqVB.exe

C:\Windows\System\CGgGqVB.exe

C:\Windows\System\JKoWJCn.exe

C:\Windows\System\JKoWJCn.exe

C:\Windows\System\DMUeaMw.exe

C:\Windows\System\DMUeaMw.exe

C:\Windows\System\OHITucW.exe

C:\Windows\System\OHITucW.exe

C:\Windows\System\yQPQXHB.exe

C:\Windows\System\yQPQXHB.exe

C:\Windows\System\jnKyJIa.exe

C:\Windows\System\jnKyJIa.exe

C:\Windows\System\NOhLAeG.exe

C:\Windows\System\NOhLAeG.exe

C:\Windows\System\WDicMld.exe

C:\Windows\System\WDicMld.exe

C:\Windows\System\ORuTlXa.exe

C:\Windows\System\ORuTlXa.exe

C:\Windows\System\hBCtAlQ.exe

C:\Windows\System\hBCtAlQ.exe

C:\Windows\System\sOHSzuQ.exe

C:\Windows\System\sOHSzuQ.exe

C:\Windows\System\mqTKfRv.exe

C:\Windows\System\mqTKfRv.exe

C:\Windows\System\QHwHRAl.exe

C:\Windows\System\QHwHRAl.exe

C:\Windows\System\NzbKbyl.exe

C:\Windows\System\NzbKbyl.exe

C:\Windows\System\LhpkktT.exe

C:\Windows\System\LhpkktT.exe

C:\Windows\System\NFvzmsN.exe

C:\Windows\System\NFvzmsN.exe

C:\Windows\System\aetigiB.exe

C:\Windows\System\aetigiB.exe

C:\Windows\System\kpCwPIp.exe

C:\Windows\System\kpCwPIp.exe

C:\Windows\System\PqLbqsy.exe

C:\Windows\System\PqLbqsy.exe

C:\Windows\System\BcvecLG.exe

C:\Windows\System\BcvecLG.exe

C:\Windows\System\oFVosnZ.exe

C:\Windows\System\oFVosnZ.exe

C:\Windows\System\HashczO.exe

C:\Windows\System\HashczO.exe

C:\Windows\System\hKxJmIw.exe

C:\Windows\System\hKxJmIw.exe

C:\Windows\System\cZyItYo.exe

C:\Windows\System\cZyItYo.exe

C:\Windows\System\IsoYnPn.exe

C:\Windows\System\IsoYnPn.exe

C:\Windows\System\VgMOhIz.exe

C:\Windows\System\VgMOhIz.exe

C:\Windows\System\dsNItqK.exe

C:\Windows\System\dsNItqK.exe

C:\Windows\System\XXsmcAv.exe

C:\Windows\System\XXsmcAv.exe

C:\Windows\System\CHrnsyp.exe

C:\Windows\System\CHrnsyp.exe

C:\Windows\System\IZBDoiU.exe

C:\Windows\System\IZBDoiU.exe

C:\Windows\System\NDmAcVk.exe

C:\Windows\System\NDmAcVk.exe

C:\Windows\System\WuvtjCJ.exe

C:\Windows\System\WuvtjCJ.exe

C:\Windows\System\YlMwwJl.exe

C:\Windows\System\YlMwwJl.exe

C:\Windows\System\JRPNEIP.exe

C:\Windows\System\JRPNEIP.exe

C:\Windows\System\XJCIkhS.exe

C:\Windows\System\XJCIkhS.exe

C:\Windows\System\TWvSVjg.exe

C:\Windows\System\TWvSVjg.exe

C:\Windows\System\ljGPBHn.exe

C:\Windows\System\ljGPBHn.exe

C:\Windows\System\ubNuxek.exe

C:\Windows\System\ubNuxek.exe

C:\Windows\System\VHiqfuF.exe

C:\Windows\System\VHiqfuF.exe

C:\Windows\System\vyhcNjF.exe

C:\Windows\System\vyhcNjF.exe

C:\Windows\System\GcVgCqk.exe

C:\Windows\System\GcVgCqk.exe

C:\Windows\System\zJjZPBJ.exe

C:\Windows\System\zJjZPBJ.exe

C:\Windows\System\WstwoYJ.exe

C:\Windows\System\WstwoYJ.exe

C:\Windows\System\VfwmWmy.exe

C:\Windows\System\VfwmWmy.exe

C:\Windows\System\bObJbqR.exe

C:\Windows\System\bObJbqR.exe

C:\Windows\System\dLwfJbq.exe

C:\Windows\System\dLwfJbq.exe

C:\Windows\System\DBWypEh.exe

C:\Windows\System\DBWypEh.exe

C:\Windows\System\miJazIy.exe

C:\Windows\System\miJazIy.exe

C:\Windows\System\mkVzsRD.exe

C:\Windows\System\mkVzsRD.exe

C:\Windows\System\drdpUcS.exe

C:\Windows\System\drdpUcS.exe

C:\Windows\System\snSJCPj.exe

C:\Windows\System\snSJCPj.exe

C:\Windows\System\ggJtQeB.exe

C:\Windows\System\ggJtQeB.exe

C:\Windows\System\nVPjdcx.exe

C:\Windows\System\nVPjdcx.exe

C:\Windows\System\fYroluX.exe

C:\Windows\System\fYroluX.exe

C:\Windows\System\UfvLsiu.exe

C:\Windows\System\UfvLsiu.exe

C:\Windows\System\CWzLzvI.exe

C:\Windows\System\CWzLzvI.exe

C:\Windows\System\qJAebKc.exe

C:\Windows\System\qJAebKc.exe

C:\Windows\System\QUchFHK.exe

C:\Windows\System\QUchFHK.exe

C:\Windows\System\AANYbcl.exe

C:\Windows\System\AANYbcl.exe

C:\Windows\System\OYESHOK.exe

C:\Windows\System\OYESHOK.exe

C:\Windows\System\vZMVrRU.exe

C:\Windows\System\vZMVrRU.exe

C:\Windows\System\bqMlNbR.exe

C:\Windows\System\bqMlNbR.exe

C:\Windows\System\NqZguXG.exe

C:\Windows\System\NqZguXG.exe

C:\Windows\System\Bwkhbre.exe

C:\Windows\System\Bwkhbre.exe

C:\Windows\System\PENPGXW.exe

C:\Windows\System\PENPGXW.exe

C:\Windows\System\jVMXyBF.exe

C:\Windows\System\jVMXyBF.exe

C:\Windows\System\cUwixDq.exe

C:\Windows\System\cUwixDq.exe

C:\Windows\System\wARaEOR.exe

C:\Windows\System\wARaEOR.exe

C:\Windows\System\lusxjmh.exe

C:\Windows\System\lusxjmh.exe

C:\Windows\System\PFPNqFq.exe

C:\Windows\System\PFPNqFq.exe

C:\Windows\System\NnnVTqT.exe

C:\Windows\System\NnnVTqT.exe

C:\Windows\System\UqVMDBb.exe

C:\Windows\System\UqVMDBb.exe

C:\Windows\System\qsZUZvs.exe

C:\Windows\System\qsZUZvs.exe

C:\Windows\System\uZdzRXP.exe

C:\Windows\System\uZdzRXP.exe

C:\Windows\System\UrUuaFu.exe

C:\Windows\System\UrUuaFu.exe

C:\Windows\System\qSWYThi.exe

C:\Windows\System\qSWYThi.exe

C:\Windows\System\zUSvyuh.exe

C:\Windows\System\zUSvyuh.exe

C:\Windows\System\ufYCrkD.exe

C:\Windows\System\ufYCrkD.exe

C:\Windows\System\PGGAeIa.exe

C:\Windows\System\PGGAeIa.exe

C:\Windows\System\oupRXyZ.exe

C:\Windows\System\oupRXyZ.exe

C:\Windows\System\csyGubY.exe

C:\Windows\System\csyGubY.exe

C:\Windows\System\DobnKZI.exe

C:\Windows\System\DobnKZI.exe

C:\Windows\System\pwTuSOs.exe

C:\Windows\System\pwTuSOs.exe

C:\Windows\System\IIomXbp.exe

C:\Windows\System\IIomXbp.exe

C:\Windows\System\QUCiBSd.exe

C:\Windows\System\QUCiBSd.exe

C:\Windows\System\KtdHtfp.exe

C:\Windows\System\KtdHtfp.exe

C:\Windows\System\ktmXMUR.exe

C:\Windows\System\ktmXMUR.exe

C:\Windows\System\UqqIaNP.exe

C:\Windows\System\UqqIaNP.exe

C:\Windows\System\vMZXmqY.exe

C:\Windows\System\vMZXmqY.exe

C:\Windows\System\HjHZSTT.exe

C:\Windows\System\HjHZSTT.exe

C:\Windows\System\heCSMTn.exe

C:\Windows\System\heCSMTn.exe

C:\Windows\System\YHcCqmb.exe

C:\Windows\System\YHcCqmb.exe

C:\Windows\System\TuqMCNC.exe

C:\Windows\System\TuqMCNC.exe

C:\Windows\System\sIpIDNw.exe

C:\Windows\System\sIpIDNw.exe

C:\Windows\System\LlZOaMa.exe

C:\Windows\System\LlZOaMa.exe

C:\Windows\System\tDnwDGj.exe

C:\Windows\System\tDnwDGj.exe

C:\Windows\System\CdcYKrL.exe

C:\Windows\System\CdcYKrL.exe

C:\Windows\System\nGzkKNl.exe

C:\Windows\System\nGzkKNl.exe

C:\Windows\System\LGEAYdL.exe

C:\Windows\System\LGEAYdL.exe

C:\Windows\System\gkyxySl.exe

C:\Windows\System\gkyxySl.exe

C:\Windows\System\ctlqSoW.exe

C:\Windows\System\ctlqSoW.exe

C:\Windows\System\TVjgtDJ.exe

C:\Windows\System\TVjgtDJ.exe

C:\Windows\System\VGXqjQK.exe

C:\Windows\System\VGXqjQK.exe

C:\Windows\System\frRXajx.exe

C:\Windows\System\frRXajx.exe

C:\Windows\System\VzKBZeJ.exe

C:\Windows\System\VzKBZeJ.exe

C:\Windows\System\rtYvkgb.exe

C:\Windows\System\rtYvkgb.exe

C:\Windows\System\cYPbCmD.exe

C:\Windows\System\cYPbCmD.exe

C:\Windows\System\fUbOERR.exe

C:\Windows\System\fUbOERR.exe

C:\Windows\System\EKxJirW.exe

C:\Windows\System\EKxJirW.exe

C:\Windows\System\WHIotDb.exe

C:\Windows\System\WHIotDb.exe

C:\Windows\System\yShGXsD.exe

C:\Windows\System\yShGXsD.exe

C:\Windows\System\pUqpRwB.exe

C:\Windows\System\pUqpRwB.exe

C:\Windows\System\FLxpsIK.exe

C:\Windows\System\FLxpsIK.exe

C:\Windows\System\BcRywEp.exe

C:\Windows\System\BcRywEp.exe

C:\Windows\System\exgZXPR.exe

C:\Windows\System\exgZXPR.exe

C:\Windows\System\eMIRPKy.exe

C:\Windows\System\eMIRPKy.exe

C:\Windows\System\vZKhzBU.exe

C:\Windows\System\vZKhzBU.exe

C:\Windows\System\ASlotdL.exe

C:\Windows\System\ASlotdL.exe

C:\Windows\System\bLGvEVD.exe

C:\Windows\System\bLGvEVD.exe

C:\Windows\System\IWDvXcJ.exe

C:\Windows\System\IWDvXcJ.exe

C:\Windows\System\XtSxhlf.exe

C:\Windows\System\XtSxhlf.exe

C:\Windows\System\diFcLIL.exe

C:\Windows\System\diFcLIL.exe

C:\Windows\System\iMBpNpk.exe

C:\Windows\System\iMBpNpk.exe

C:\Windows\System\JRTsbKC.exe

C:\Windows\System\JRTsbKC.exe

C:\Windows\System\eqbxBHD.exe

C:\Windows\System\eqbxBHD.exe

C:\Windows\System\PaartkZ.exe

C:\Windows\System\PaartkZ.exe

C:\Windows\System\SoZfLbK.exe

C:\Windows\System\SoZfLbK.exe

C:\Windows\System\kOGiARA.exe

C:\Windows\System\kOGiARA.exe

C:\Windows\System\tsAlOPQ.exe

C:\Windows\System\tsAlOPQ.exe

C:\Windows\System\iYrAiZr.exe

C:\Windows\System\iYrAiZr.exe

C:\Windows\System\JelDNgu.exe

C:\Windows\System\JelDNgu.exe

C:\Windows\System\EVSFxKg.exe

C:\Windows\System\EVSFxKg.exe

C:\Windows\System\chNlBcX.exe

C:\Windows\System\chNlBcX.exe

C:\Windows\System\dCGKRxU.exe

C:\Windows\System\dCGKRxU.exe

C:\Windows\System\CHjsJIG.exe

C:\Windows\System\CHjsJIG.exe

C:\Windows\System\mSwynAr.exe

C:\Windows\System\mSwynAr.exe

C:\Windows\System\EiMckcE.exe

C:\Windows\System\EiMckcE.exe

C:\Windows\System\hkvpVbL.exe

C:\Windows\System\hkvpVbL.exe

C:\Windows\System\xGyIzLq.exe

C:\Windows\System\xGyIzLq.exe

C:\Windows\System\EVYGvCF.exe

C:\Windows\System\EVYGvCF.exe

C:\Windows\System\iChyUsz.exe

C:\Windows\System\iChyUsz.exe

C:\Windows\System\TYPMgEn.exe

C:\Windows\System\TYPMgEn.exe

C:\Windows\System\IrqXVlC.exe

C:\Windows\System\IrqXVlC.exe

C:\Windows\System\QZcpZzv.exe

C:\Windows\System\QZcpZzv.exe

C:\Windows\System\ggaOspD.exe

C:\Windows\System\ggaOspD.exe

C:\Windows\System\HCmFQsD.exe

C:\Windows\System\HCmFQsD.exe

C:\Windows\System\yTwPgzh.exe

C:\Windows\System\yTwPgzh.exe

C:\Windows\System\QgpaJQQ.exe

C:\Windows\System\QgpaJQQ.exe

C:\Windows\System\gIfxwkM.exe

C:\Windows\System\gIfxwkM.exe

C:\Windows\System\wmGHZyj.exe

C:\Windows\System\wmGHZyj.exe

C:\Windows\System\FPpmuJW.exe

C:\Windows\System\FPpmuJW.exe

C:\Windows\System\vcHvpxi.exe

C:\Windows\System\vcHvpxi.exe

C:\Windows\System\PMZvhiy.exe

C:\Windows\System\PMZvhiy.exe

C:\Windows\System\CANMDMX.exe

C:\Windows\System\CANMDMX.exe

C:\Windows\System\uZbmBkr.exe

C:\Windows\System\uZbmBkr.exe

C:\Windows\System\AVjGvGf.exe

C:\Windows\System\AVjGvGf.exe

C:\Windows\System\giDDLzO.exe

C:\Windows\System\giDDLzO.exe

C:\Windows\System\EhlPwMn.exe

C:\Windows\System\EhlPwMn.exe

C:\Windows\System\WHKVfEY.exe

C:\Windows\System\WHKVfEY.exe

C:\Windows\System\DJAWtuc.exe

C:\Windows\System\DJAWtuc.exe

C:\Windows\System\lHrgnFB.exe

C:\Windows\System\lHrgnFB.exe

C:\Windows\System\PiwPYkr.exe

C:\Windows\System\PiwPYkr.exe

C:\Windows\System\UobnlUj.exe

C:\Windows\System\UobnlUj.exe

C:\Windows\System\jgYQoST.exe

C:\Windows\System\jgYQoST.exe

C:\Windows\System\HBMXNcg.exe

C:\Windows\System\HBMXNcg.exe

C:\Windows\System\MTFsLic.exe

C:\Windows\System\MTFsLic.exe

C:\Windows\System\Hgrnfkt.exe

C:\Windows\System\Hgrnfkt.exe

C:\Windows\System\qVYYimL.exe

C:\Windows\System\qVYYimL.exe

C:\Windows\System\VhGCRvP.exe

C:\Windows\System\VhGCRvP.exe

C:\Windows\System\ZvfRkgZ.exe

C:\Windows\System\ZvfRkgZ.exe

C:\Windows\System\yZBMpLk.exe

C:\Windows\System\yZBMpLk.exe

C:\Windows\System\RVNLeEZ.exe

C:\Windows\System\RVNLeEZ.exe

C:\Windows\System\drxGTYd.exe

C:\Windows\System\drxGTYd.exe

C:\Windows\System\XhdWLBf.exe

C:\Windows\System\XhdWLBf.exe

C:\Windows\System\FOulSlN.exe

C:\Windows\System\FOulSlN.exe

C:\Windows\System\QTnmIbu.exe

C:\Windows\System\QTnmIbu.exe

C:\Windows\System\OiNbfVu.exe

C:\Windows\System\OiNbfVu.exe

C:\Windows\System\iovOkZh.exe

C:\Windows\System\iovOkZh.exe

C:\Windows\System\jtnDKKx.exe

C:\Windows\System\jtnDKKx.exe

C:\Windows\System\lLKRtwg.exe

C:\Windows\System\lLKRtwg.exe

C:\Windows\System\apyajtS.exe

C:\Windows\System\apyajtS.exe

C:\Windows\System\gBeTjAm.exe

C:\Windows\System\gBeTjAm.exe

C:\Windows\System\gzlAsFk.exe

C:\Windows\System\gzlAsFk.exe

C:\Windows\System\VKYsdjp.exe

C:\Windows\System\VKYsdjp.exe

C:\Windows\System\uoLZkin.exe

C:\Windows\System\uoLZkin.exe

C:\Windows\System\joIvopa.exe

C:\Windows\System\joIvopa.exe

C:\Windows\System\kdjQVNA.exe

C:\Windows\System\kdjQVNA.exe

C:\Windows\System\BSNDDwH.exe

C:\Windows\System\BSNDDwH.exe

C:\Windows\System\VBwTkBE.exe

C:\Windows\System\VBwTkBE.exe

C:\Windows\System\XrZXCkD.exe

C:\Windows\System\XrZXCkD.exe

C:\Windows\System\IdIaIvy.exe

C:\Windows\System\IdIaIvy.exe

C:\Windows\System\WEyBuNg.exe

C:\Windows\System\WEyBuNg.exe

C:\Windows\System\JcWHKED.exe

C:\Windows\System\JcWHKED.exe

C:\Windows\System\XaodJiK.exe

C:\Windows\System\XaodJiK.exe

C:\Windows\System\xZyvohh.exe

C:\Windows\System\xZyvohh.exe

C:\Windows\System\qZNomnM.exe

C:\Windows\System\qZNomnM.exe

C:\Windows\System\GtrHkeY.exe

C:\Windows\System\GtrHkeY.exe

C:\Windows\System\IrJRywx.exe

C:\Windows\System\IrJRywx.exe

C:\Windows\System\RDKeDqw.exe

C:\Windows\System\RDKeDqw.exe

C:\Windows\System\fWsatvX.exe

C:\Windows\System\fWsatvX.exe

C:\Windows\System\kQddrhc.exe

C:\Windows\System\kQddrhc.exe

C:\Windows\System\qOgjVzo.exe

C:\Windows\System\qOgjVzo.exe

C:\Windows\System\ddpbhYw.exe

C:\Windows\System\ddpbhYw.exe

C:\Windows\System\zDBkCER.exe

C:\Windows\System\zDBkCER.exe

C:\Windows\System\VxFCYks.exe

C:\Windows\System\VxFCYks.exe

C:\Windows\System\ozeYDAi.exe

C:\Windows\System\ozeYDAi.exe

C:\Windows\System\iKhTDCb.exe

C:\Windows\System\iKhTDCb.exe

C:\Windows\System\XwTDNoE.exe

C:\Windows\System\XwTDNoE.exe

C:\Windows\System\JAhqFsL.exe

C:\Windows\System\JAhqFsL.exe

C:\Windows\System\KocEtjf.exe

C:\Windows\System\KocEtjf.exe

C:\Windows\System\PPSWYYk.exe

C:\Windows\System\PPSWYYk.exe

C:\Windows\System\umnSrOx.exe

C:\Windows\System\umnSrOx.exe

C:\Windows\System\XRJDVGy.exe

C:\Windows\System\XRJDVGy.exe

C:\Windows\System\XrNlpIY.exe

C:\Windows\System\XrNlpIY.exe

C:\Windows\System\PcOMwQg.exe

C:\Windows\System\PcOMwQg.exe

C:\Windows\System\OnozpQC.exe

C:\Windows\System\OnozpQC.exe

C:\Windows\System\YqgnbzE.exe

C:\Windows\System\YqgnbzE.exe

C:\Windows\System\MhVfoCw.exe

C:\Windows\System\MhVfoCw.exe

C:\Windows\System\OVRQIUh.exe

C:\Windows\System\OVRQIUh.exe

C:\Windows\System\tPdWNeo.exe

C:\Windows\System\tPdWNeo.exe

C:\Windows\System\NsLgxoJ.exe

C:\Windows\System\NsLgxoJ.exe

C:\Windows\System\wHGMuOF.exe

C:\Windows\System\wHGMuOF.exe

C:\Windows\System\rTvYUJS.exe

C:\Windows\System\rTvYUJS.exe

C:\Windows\System\dsSOMMb.exe

C:\Windows\System\dsSOMMb.exe

C:\Windows\System\BYggxdo.exe

C:\Windows\System\BYggxdo.exe

C:\Windows\System\BuNiCwi.exe

C:\Windows\System\BuNiCwi.exe

C:\Windows\System\gYPEETR.exe

C:\Windows\System\gYPEETR.exe

C:\Windows\System\sjVTBsl.exe

C:\Windows\System\sjVTBsl.exe

C:\Windows\System\hZRaNnU.exe

C:\Windows\System\hZRaNnU.exe

C:\Windows\System\UvZGaJG.exe

C:\Windows\System\UvZGaJG.exe

C:\Windows\System\OxlfblY.exe

C:\Windows\System\OxlfblY.exe

C:\Windows\System\RhZgnsT.exe

C:\Windows\System\RhZgnsT.exe

C:\Windows\System\PCkuwuF.exe

C:\Windows\System\PCkuwuF.exe

C:\Windows\System\FQdLMlM.exe

C:\Windows\System\FQdLMlM.exe

C:\Windows\System\sLAbyUY.exe

C:\Windows\System\sLAbyUY.exe

C:\Windows\System\yoZrPRV.exe

C:\Windows\System\yoZrPRV.exe

C:\Windows\System\eJRaqgr.exe

C:\Windows\System\eJRaqgr.exe

C:\Windows\System\gJCbDeN.exe

C:\Windows\System\gJCbDeN.exe

C:\Windows\System\nNOxjgg.exe

C:\Windows\System\nNOxjgg.exe

C:\Windows\System\PHZZZZW.exe

C:\Windows\System\PHZZZZW.exe

C:\Windows\System\szeJGzW.exe

C:\Windows\System\szeJGzW.exe

C:\Windows\System\Sfkbsvl.exe

C:\Windows\System\Sfkbsvl.exe

C:\Windows\System\QufUCRw.exe

C:\Windows\System\QufUCRw.exe

C:\Windows\System\CtmtXbm.exe

C:\Windows\System\CtmtXbm.exe

C:\Windows\System\qbqEJAL.exe

C:\Windows\System\qbqEJAL.exe

C:\Windows\System\UVVQzRs.exe

C:\Windows\System\UVVQzRs.exe

C:\Windows\System\HKyQHyG.exe

C:\Windows\System\HKyQHyG.exe

C:\Windows\System\egCcMKn.exe

C:\Windows\System\egCcMKn.exe

C:\Windows\System\amLRaYA.exe

C:\Windows\System\amLRaYA.exe

C:\Windows\System\PkCDFzV.exe

C:\Windows\System\PkCDFzV.exe

C:\Windows\System\ukxCCQk.exe

C:\Windows\System\ukxCCQk.exe

C:\Windows\System\rBWJKDA.exe

C:\Windows\System\rBWJKDA.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2108-0-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2108-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\SXMGIwS.exe

MD5 889a2fa73ac60a0857a0e575cbf321b8
SHA1 5076dd9fb87b58c21fbebe57ca05f751e33b66d2
SHA256 bd51deb129b447f6cf4943766450ee2c027e276762301d440defd88059284dac
SHA512 896ae1d78cedb7dc49289de4961256812dfb9cbef84b99562e2da33423d581317bdb7c3938f68fbce973d7d369f375f9177ee105c9513aaba5eaf5a5932cfd1c

\Windows\system\kIerUen.exe

MD5 7188f5ed67b4a7a7d4cdae9a1d776652
SHA1 cafea92f3731aaa6b23ecb795d7713aa89514d8a
SHA256 fbecf9f95d6dd57131393ebbe2e3330c412e43d08c4eb3619b6b2c8630edfdbb
SHA512 db615dfeae7e59ace8eff31519895c2bc663c0ec17e80c5dce3be33b87b68b96eace51f4c3e2e0b492673535529c14cf1c3c05e89d44f20c60f834fe86b7965a

\Windows\system\HSDIJWw.exe

MD5 746d6a677878b437c1d4e85acdc47fc0
SHA1 21156e318a938319d92f6bc8c6055b1347244b1c
SHA256 345989e862848f7c3ef4d78e68796c04329ef1c9d76fe2d67bf58980d6f12990
SHA512 735082c53f756dc84bac944d2a03728f8f63b7a0e763f9b8f17c6311e3976f063804250d8442a51833731bb2f5ea3ab206671f8b9d157be7cf72f2d284c4365e

C:\Windows\system\EsaPNOz.exe

MD5 b69d02012bc103bc68585500c490864b
SHA1 f791559c338c21205b70cae754baf67954d86b93
SHA256 6e5be74f464ed5c15ff08202d87aa5c1e58df7828c9505068f788d819dcc21b2
SHA512 4cafa3bcb3ca9b6416922d00ea51f005bad4d8e0c25bf9484deb553e60b79935531617a07904c41e6aa0623f339caefb5e21ecef35b28823fdbffa5f601af18c

memory/1700-21-0x000000013FDF0000-0x0000000140144000-memory.dmp

memory/1708-37-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2716-38-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2396-36-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

C:\Windows\system\GMBaObT.exe

MD5 d9a45eb05c9730f0bd5a061d61e099a5
SHA1 7290946b2452e39c490b10da6fbd395345e97ea7
SHA256 b2f95d732f9bb153038dec4457ae453c35034ebd991f53238abdd091f2583df9
SHA512 ed6b8dc26341de71dc6380500274f962d1852539178ec441451bbe66bbcaa803699ea20b885de65254759c2ba0f6869df6a3056813f3ed39bdb08b602fb0022c

memory/2108-34-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2744-33-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2108-32-0x0000000002100000-0x0000000002454000-memory.dmp

memory/2108-30-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2108-29-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

C:\Windows\system\iGhkjPp.exe

MD5 85a5edb0f0e667898ae9c038f0a92bc3
SHA1 ed6030d77bbbc5d575d207bd13c4e9fd69835553
SHA256 02cd41cb215b308826d17b23025285d3bf4fc7465158fb80c05d43bd6ddae4ca
SHA512 33259f8549d1a07b24449e907104d2c27e0267fee6782a55a18dc29cb705e66555ddc76b586c51c9c1efd1264b46111b30f46a100ce8c8de368a2e04a68d43fb

memory/2140-25-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2108-24-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2564-56-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

\Windows\system\XRcTyJP.exe

MD5 383733143045c27b99637582790169a0
SHA1 b9773fa043de0725161abde09e14ebd17acb1a58
SHA256 93ed7b615e7b9a73a6ff443000ba0ae4d4faa9bba721564bc9fb231924d52193
SHA512 bc475a65744e78b07526b49148324419b75da8f99b57897a065688fb6d81a8435b86580e183ad81da36b2688fc0e00efa777f6aef78dfaafd7909b679ef03844

C:\Windows\system\yklNYYh.exe

MD5 b91c844eef1bf782a776222cce34e737
SHA1 3f02727ac5678b8c6121f64b69ab4762857764f4
SHA256 3c0dc40f45240389cc8c5f647620789af8617263a8e42cba2571a87b5c2e9a73
SHA512 6dd9ddbf2d5f52df1883395c7fd08612bc6c2be1e18c88b226169499d9fd4f048ebd3db2f9d656069d6650389f8ddd750627e324d8b73e3c6471d902bfeaec81

memory/2108-86-0x000000013F5D0000-0x000000013F924000-memory.dmp

C:\Windows\system\BMEIPWs.exe

MD5 13be5c0e088363418c49a48054fe42ea
SHA1 585d90dabbdb48e50b9de45196b39aaa6af9ceb9
SHA256 179280a2f4208e08c7c4130d36b0e262d48c528ceab8da54e3d827c39358a9b0
SHA512 71eb6c694e3166fedba0ef1ca7fdbe1d31f74eadf08219eb17569059cad069a4743d304fcfcea9d8d57d6c0dc7a65f1a4c7ae6a507c4288178739141c5e04e8e

memory/1236-94-0x000000013F080000-0x000000013F3D4000-memory.dmp

C:\Windows\system\CcbQpCt.exe

MD5 a34484d460799105cbe9d58bdfbd6990
SHA1 84a00edf5678d4ee0352ef3d2620b857cde61651
SHA256 4be4e4ec97062f95e2e001c15eef30c16beebd2fc6b9f39780a9acefbe1d1e02
SHA512 c73e6c46a35431b6d6fd6bd704b29efba40938bd4c667d793db1793f8c28d9adb8e437f0019b74f1b5b3f7b7406fba6199cd28ad924f4e5670f1b8548b8e47fe

C:\Windows\system\wCgKrQt.exe

MD5 2e98e3d101ab576fc5e3718641a315bd
SHA1 7e214efc840aecc6d7d4456a4219e42259d7c02c
SHA256 3be5549848bd72bbf79ca3d6032d8ae6c31921bbbd92ffdf6d43dfb6766ca065
SHA512 ccbceb5d8f6b420560f3f2a33cc5cd6bab39178d033831e7be7106e370d1cdbe4f8ad9b934f2877f5373a963c5274b15928874fd83c04911644c91eeecac70bc

C:\Windows\system\WquFMSs.exe

MD5 248e6771a34dd3dd974c46306d8da9f3
SHA1 411d062d5765e6658a7bbce94b953ade5f6d23b4
SHA256 08d000a6f66a8ec1fa13e14f2aa2195a12787c5f735e98fa4451d3f5450cd955
SHA512 927f82632bc088c06e7f420d6042bc12826cb7849bf750945d3f5ef8496ed2fa1cfc9276ff1e9ecfcbe274b14e88c73a90e1919281731d92542761f7a6688e72

memory/2552-1076-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2564-358-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

C:\Windows\system\EqUznhE.exe

MD5 a289c6e89faa751cae1ba76558bd0968
SHA1 49d94b77f26f232b2f6cfefca6729c984219bcff
SHA256 500b04092bdf3720a9b18e49f1ee4525f213d772b3655846a7c6fb7447f16248
SHA512 a0710ccb84335409a8ff5c24063e44d0f9c7c550a04931c97e6af9207cad73af4cf93ae2d61fc21213978f17ad2a0753cbf8ffe4e3babcf4133b852470f6a952

C:\Windows\system\TQMqEvS.exe

MD5 3c7719580ced18f28205e679a728f02e
SHA1 197c7ad8399c66f16e2076ad88f2785558f44d4f
SHA256 9785ba50c40c80fbb5c7bb5046bfcc4f5b9caaff62db1b3e151facf2c1557aa3
SHA512 e6d90de34d51bc4e85b45d0958d77407aead7bf8d76fb645b4703a667ef92a2024c1ac1277d08bb99b0208686089d69674310e6dfc4af85fa00466581954b188

C:\Windows\system\rrBBcPE.exe

MD5 be7aa8d4302e4e4164a17b5c590a6839
SHA1 351c4c1ea46e00d138bde14b38aad108b112149d
SHA256 0ec978d8dc5aece5e11604c800c6cd280e83ddd8987f99fb12073601347dcec9
SHA512 6c8a0cd11065cdd93a521d1723d5b08b79cc1e2754e4264dc397a1c1eba944bbe8e9d346f6b7f3e60a318cc2e3c49d1c23676df95a6433aa8111fe691c3d9011

C:\Windows\system\AjsfRgv.exe

MD5 de4dbf5a0a716be3e5c2c79d5ffc86b9
SHA1 c1f148d4678317478d78ca72503ef7688d157151
SHA256 d986bc722889ca37c8a6ed4feb4fcb0b98776003efcbe36e6287adf34b95fef1
SHA512 c60963b2d10eaf80d1dcd9d011a14936562ac643e500b81a682096f58c11b73f3673e2f0f8648277e06ffda3c9ddad660c57c39c9447ba1db6468fcfd2cdb5f8

C:\Windows\system\FOIqTUu.exe

MD5 3526c04758fe67deadb7db2ea292e033
SHA1 a219012a4926eccad85c0f620b1cfe6576fd4931
SHA256 7016757167224cd879a847a6526a6238637e3731569192b041f8a08414082415
SHA512 ca979e84a849ab6d84cfe2ee0890f6128c347029257aeb427fab88544be99bb988dc0dcf32ac4aac13f888eb094efc48497aad93456f3f2d9e3512b57c1033b8

C:\Windows\system\eQoBQoT.exe

MD5 c9c9a0dab380595f01aa52644702f87c
SHA1 032631391b68e72d1c922b3b10355a75767468eb
SHA256 85843f49977cfeab6d4d2ef8f88f8bd654d9d6daf3ac2d7abb9184fb8371e499
SHA512 969cc503983d42cdc83e398297395e55a25c7d1f554900a56c4454cfd1bf78e946dbc183987bee858138f98a55126c7fe63fd56d17d9939c6b19a0fe936251e0

C:\Windows\system\OcuTBCL.exe

MD5 7537a2f447fa485fe3d0384cf5396108
SHA1 275bbed9f0f27929b5ac8c7a4a064e52e0112339
SHA256 2db74421bee1ffdc9f09982ab190ca2d0c3bbc6be033b1ed22377542cdc30f29
SHA512 53903363a2e3c86fb2f729731e9aa44d135d38779cdbaa965f0f70e61790c16ae8a11c57dbe7d8e4c6e2a5a714a2191393b1ecc4cfdfe9903acd8e7235757c95

C:\Windows\system\FQZzDMY.exe

MD5 74b0cd131e257b7f12f907e3c67d97e0
SHA1 3c82007f11b3f29661dc994a42f78b72d95d0e09
SHA256 3a91ec35f6b80f602bbbaaef58d0bccf3e5e12c39f212414effa38d03237822b
SHA512 069f9c4db5a2a2f8afc3837247607b585ff6049c0a6cf5b5a76415321a9eb6b9db0c3b82d5b35a3b74ed47f632a7d3ff5d8703ada89af10174b6c396a591f361

C:\Windows\system\TzmxlDa.exe

MD5 ca8e0be8e974dd3135f4ecd47f28defa
SHA1 53d76a88ed916b2d2d83e4ee66ca4bad17280165
SHA256 bad685461ff7f46e316f57a772731089167ef805016090a29ffa5c04aa64dcbd
SHA512 7eb7c5b848358f3f8ab9d375befcf2b33ec4f1cd3e3901e68e30e2b472df47a63ee08d4918772dc26fac027ac3f827be681d6779bbfd6ecddb6d4d37d1a8041c

C:\Windows\system\AfiNOqM.exe

MD5 91934832583ae75b775d64984aaa3dbb
SHA1 c09c63b1b924390fd891607051ca50bb4b505e8a
SHA256 1acb53f2c1bfea101a1a96ad26aa2a9a19cac1009365fa8f177dcff264e751b0
SHA512 948c79bf0719578552e571e436b4f19d1279f3aea5b7f8e2e74737d360dbbb2e81b6aab71f5930f9903edcbeb426be1942e54d662e4ea1bc280f95290dccb7f9

C:\Windows\system\zGyEWKB.exe

MD5 ddb14761cb5efc428d8a736f1bd9c47b
SHA1 9b901bb1ef3c96d6ac4e081a2903b525cc551ad0
SHA256 429b127d26ae52e6e896e421c4bd6225733ea9c1f8a195ce3b3043fd15cbb765
SHA512 a57df56a8fc49e1b0b63b3b393d428382f2bf313c730989918ac24aaed73ad732c3c049f9ce661fc1f6549eb8c90d0721d9712a68183e8acda94899aacea41dc

C:\Windows\system\XFetKvO.exe

MD5 a3e7123a1db8d0db0ad0de5373374164
SHA1 4b45579173911a40db203fa36d1de682bee60de4
SHA256 d79cfab236d54bbd1c9fa2dcb8ed3b1d6094824d81ad6f58d2b2e1cca3e839c0
SHA512 1ab97f4e45e6511e0aed7dc01ba0b1ff4becc5a3050d20dec0e7b6debfa33fc0ffe35144e92d46173d8506a14cfcd5338e76221984f542a638b28c419a49f832

C:\Windows\system\lhZbDQp.exe

MD5 49047ee64aa7e24c1952acdca1927a4c
SHA1 18103d04766523038a25650a74b847a8dd90f5a7
SHA256 3cc085876d3b2e5109c27cca3fb9519afa604e94a2995af0e49c30bc90ea718a
SHA512 ede69a2edb4f83045e004a2b12e366abe995d33b5363b60a06b8e064cdf5fff3023147ae1e51c10b74236b1021bf17d7fd13dfe4de84529b14b6727fcb590852

C:\Windows\system\YgRHkVX.exe

MD5 d6aa2a6708b7629b3f38882d7ad246cd
SHA1 ca077c3fe8bab5143c73b6184395f5e0761fe0dc
SHA256 a575a150e461eb12ccb71cfacf810e2a60f08036400061ddfeeec75865362b23
SHA512 a1341d8da90929e849e188018053f2d1b1e46e944a09c1022c88fca5b58becbbbd37aa8b41c2fc8b0cb0dcb604725b0faf02cfc4c7467923e847bcf90a44ad9f

C:\Windows\system\ATaRJIN.exe

MD5 7e8d4c4554a21c0e55efa1e3e0530a45
SHA1 fc93131f8e74f3de2006e27d1b229b71929a418b
SHA256 5adca9d379aa8755a9850f20f8e050f4cff4e71264138a6848ec66cd93b7dfdd
SHA512 c05068da743174868c9675c3dce45d43aaccc6a3fb545b8f6469a9b8581b4fa5c15228ed2e7d64594659ccb1bde9e594f69ff38b8f3e4fa7483df7b1732e5bd8

C:\Windows\system\AVBBqKx.exe

MD5 1098fb6b23ad2c22c6cb63c8944b1e65
SHA1 5c5e2cd8b31a0afca2702404efaafc957d31475c
SHA256 1887b69523143150a626aa985525eb68011aac2f3187e0784a017615f0528ce9
SHA512 840757f5fb4737977957825a8a03fc574ab831a43e30caaf9d5bb41006a9bae5e563acf098199cbe0c62179242c417804ddf5c77a139a93f04744bea61e487fc

memory/2108-109-0x0000000002100000-0x0000000002454000-memory.dmp

memory/1724-106-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2716-105-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2108-100-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/1708-99-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2396-98-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

memory/2108-93-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2744-92-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2140-91-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/1944-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2108-85-0x0000000002100000-0x0000000002454000-memory.dmp

memory/2976-77-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2108-76-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/1700-84-0x000000013FDF0000-0x0000000140144000-memory.dmp

C:\Windows\system\RtDyIAC.exe

MD5 d4a49cfb616bccd05fc40ba1f172f7b5
SHA1 3ad66c45be727c8f7f896bf11165ec7b80aee5b8
SHA256 4a244d2c5ef7ae44ed99b0f20cbc42666dafa1ecfb54da5bf01a9b1c5b35277a
SHA512 f34fa89e19e2a993669e182ea5d7462536ce2c79d4c0eb8abf63f6d208216b520b202c63099f9f18bd586c1699b441467e291fd361fde94f1a23444daafc1c8b

memory/2964-71-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2108-70-0x000000013F810000-0x000000013FB64000-memory.dmp

C:\Windows\system\TbOEpLc.exe

MD5 7640084e986a68cf57dc908828070a7a
SHA1 eae11340c8e59fff6914db4bdb9fd02e5ceec0a7
SHA256 e0ff49b981981233aa1d7216e4193bfbb60177de0f3a09425c427ae80d9669d9
SHA512 c4804599ac6644aa3307410b7b079e0fad767d86190660f45ba55bc433e2af85152ff05dc4cb94ac12819672d5bc8ee4fd6cd71dec201524e7cc6c0f20057f57

memory/2552-63-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2108-60-0x000000013F970000-0x000000013FCC4000-memory.dmp

C:\Windows\system\aZCzKja.exe

MD5 02d3604834bea799e9206a35dd3977aa
SHA1 75e4867b2823bc869351d886db5bbb219e73aba6
SHA256 5ecf42e21ab1c3a852ac85cdb69dda9b8b0a8dc5869a89201f718270c1ca86ef
SHA512 23be3935e84dcc5785e8298575466c5b3e0f7234d9b5c3b72db8f12995fad72f597d914ba2a46a996c3eebb5106bbdcabaaed4209c075b741278cfa636e1945b

memory/2108-47-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2108-55-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/3000-54-0x000000013F190000-0x000000013F4E4000-memory.dmp

C:\Windows\system\FQcPSIY.exe

MD5 06f46f94191be2e633e4f48233b56c57
SHA1 57b4274a8438721ed6e1072aa9551365b9933608
SHA256 4e3c53a255f749c135160bcd0153ca0fa4bd7d3759b11e074e4c1327a7dbd1ce
SHA512 09eeeaf41ddeacc921c1853f4271b63f1427103fddc4838e048d50c987445e81c965085f0b216a075be8adbb98e10a2c5ab63464d16dd4ff93d8e20acaf8e626

memory/2976-1077-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2108-1078-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2108-1079-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/1236-1080-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2108-1081-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2108-1082-0x0000000002100000-0x0000000002454000-memory.dmp

memory/1700-1083-0x000000013FDF0000-0x0000000140144000-memory.dmp

memory/2140-1084-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2744-1086-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2716-1085-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/1708-1087-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/3000-1089-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2396-1088-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

memory/2564-1090-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2552-1091-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2964-1092-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/1944-1093-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2976-1094-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/1236-1095-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/1724-1096-0x000000013F590000-0x000000013F8E4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-22 04:54

Reported

2024-06-22 04:57

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\VzombWL.exe N/A
N/A N/A C:\Windows\System\xrYrWOc.exe N/A
N/A N/A C:\Windows\System\qKmnThz.exe N/A
N/A N/A C:\Windows\System\IOLvEqi.exe N/A
N/A N/A C:\Windows\System\WnyVkJO.exe N/A
N/A N/A C:\Windows\System\GCEDbvL.exe N/A
N/A N/A C:\Windows\System\kKzjCRb.exe N/A
N/A N/A C:\Windows\System\YfOLPKu.exe N/A
N/A N/A C:\Windows\System\SCUiejR.exe N/A
N/A N/A C:\Windows\System\nCfNyPx.exe N/A
N/A N/A C:\Windows\System\nFjWDvx.exe N/A
N/A N/A C:\Windows\System\yLZDMzY.exe N/A
N/A N/A C:\Windows\System\IUUUjkd.exe N/A
N/A N/A C:\Windows\System\WphvvhP.exe N/A
N/A N/A C:\Windows\System\zBlylYh.exe N/A
N/A N/A C:\Windows\System\JrGVRjQ.exe N/A
N/A N/A C:\Windows\System\NDmtNlZ.exe N/A
N/A N/A C:\Windows\System\VdvHsmd.exe N/A
N/A N/A C:\Windows\System\eOZoBiO.exe N/A
N/A N/A C:\Windows\System\eyMXzrT.exe N/A
N/A N/A C:\Windows\System\KAGbeVS.exe N/A
N/A N/A C:\Windows\System\qYxmgiF.exe N/A
N/A N/A C:\Windows\System\VlxHywJ.exe N/A
N/A N/A C:\Windows\System\usTfFqY.exe N/A
N/A N/A C:\Windows\System\ObktlCN.exe N/A
N/A N/A C:\Windows\System\lplIbkv.exe N/A
N/A N/A C:\Windows\System\hiKbcCC.exe N/A
N/A N/A C:\Windows\System\YlalZLY.exe N/A
N/A N/A C:\Windows\System\zMxHEFI.exe N/A
N/A N/A C:\Windows\System\SsumNgX.exe N/A
N/A N/A C:\Windows\System\rRHkttK.exe N/A
N/A N/A C:\Windows\System\qHXgpQo.exe N/A
N/A N/A C:\Windows\System\QvgPxVf.exe N/A
N/A N/A C:\Windows\System\oEMGpxA.exe N/A
N/A N/A C:\Windows\System\nwDHeOK.exe N/A
N/A N/A C:\Windows\System\SRxUOEW.exe N/A
N/A N/A C:\Windows\System\XpXFKkc.exe N/A
N/A N/A C:\Windows\System\sPNjvex.exe N/A
N/A N/A C:\Windows\System\jLoGSQf.exe N/A
N/A N/A C:\Windows\System\cxhVnwC.exe N/A
N/A N/A C:\Windows\System\nmQRvPk.exe N/A
N/A N/A C:\Windows\System\KKKkwFe.exe N/A
N/A N/A C:\Windows\System\SFKhjqv.exe N/A
N/A N/A C:\Windows\System\uhdsomD.exe N/A
N/A N/A C:\Windows\System\Blfztad.exe N/A
N/A N/A C:\Windows\System\TMWBrvL.exe N/A
N/A N/A C:\Windows\System\jpdVOMS.exe N/A
N/A N/A C:\Windows\System\gvOuPTI.exe N/A
N/A N/A C:\Windows\System\jgXFsly.exe N/A
N/A N/A C:\Windows\System\SkZCSyd.exe N/A
N/A N/A C:\Windows\System\kOvegpv.exe N/A
N/A N/A C:\Windows\System\JDhXOmN.exe N/A
N/A N/A C:\Windows\System\AofBabw.exe N/A
N/A N/A C:\Windows\System\oLUoiqQ.exe N/A
N/A N/A C:\Windows\System\UmkbnrL.exe N/A
N/A N/A C:\Windows\System\wmPRggJ.exe N/A
N/A N/A C:\Windows\System\CkkfGUX.exe N/A
N/A N/A C:\Windows\System\nfvglnX.exe N/A
N/A N/A C:\Windows\System\UPBvBLL.exe N/A
N/A N/A C:\Windows\System\SJuFxTr.exe N/A
N/A N/A C:\Windows\System\ZlFjffU.exe N/A
N/A N/A C:\Windows\System\TmhRKVk.exe N/A
N/A N/A C:\Windows\System\nmhADdj.exe N/A
N/A N/A C:\Windows\System\KqInpSB.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\yRaiasO.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFKhjqv.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\TMWBrvL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\qERYnGj.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\shgWsUI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvSZaRa.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\McjcSzD.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\btPjokC.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\NLDidPp.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\WtpxdFs.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBDFlpa.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFdLBmI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\spVPHPG.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFdfAAP.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUUUjkd.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\VlxHywJ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvOuPTI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\HmoiCbr.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\acagdLk.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmfxkgt.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvDWulK.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZMqiFkV.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIrcbkm.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\wiusmbU.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRHkttK.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrOsQLu.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssTBmGD.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdliaaA.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYlOSWg.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eyMXzrT.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHnInvm.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKghekH.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTCFrgx.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbgfGvR.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrbOHYZ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRLTPgL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOLvEqi.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcrTlIQ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZHKobC.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\lplIbkv.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMxHEFI.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\dytplmZ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDcjfXA.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgePdsN.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMhAtaQ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\zumbjRQ.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCEDbvL.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\XcmwreU.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\cbOtujG.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\USGHpbj.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLZDMzY.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEOTKPn.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBdlbwd.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnUoipo.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOvegpv.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhbPLAB.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvcCTiM.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObktlCN.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJuFxTr.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTKHgKP.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyRxhvl.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzGWSsS.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\Blfztad.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpdVOMS.exe C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 564 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VzombWL.exe
PID 564 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VzombWL.exe
PID 564 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\xrYrWOc.exe
PID 564 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\xrYrWOc.exe
PID 564 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qKmnThz.exe
PID 564 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qKmnThz.exe
PID 564 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\IOLvEqi.exe
PID 564 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\IOLvEqi.exe
PID 564 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\WnyVkJO.exe
PID 564 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\WnyVkJO.exe
PID 564 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\GCEDbvL.exe
PID 564 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\GCEDbvL.exe
PID 564 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\kKzjCRb.exe
PID 564 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\kKzjCRb.exe
PID 564 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YfOLPKu.exe
PID 564 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YfOLPKu.exe
PID 564 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SCUiejR.exe
PID 564 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SCUiejR.exe
PID 564 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\nCfNyPx.exe
PID 564 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\nCfNyPx.exe
PID 564 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\nFjWDvx.exe
PID 564 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\nFjWDvx.exe
PID 564 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\yLZDMzY.exe
PID 564 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\yLZDMzY.exe
PID 564 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\IUUUjkd.exe
PID 564 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\IUUUjkd.exe
PID 564 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\WphvvhP.exe
PID 564 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\WphvvhP.exe
PID 564 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zBlylYh.exe
PID 564 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zBlylYh.exe
PID 564 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\JrGVRjQ.exe
PID 564 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\JrGVRjQ.exe
PID 564 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\NDmtNlZ.exe
PID 564 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\NDmtNlZ.exe
PID 564 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VdvHsmd.exe
PID 564 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VdvHsmd.exe
PID 564 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\eOZoBiO.exe
PID 564 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\eOZoBiO.exe
PID 564 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\eyMXzrT.exe
PID 564 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\eyMXzrT.exe
PID 564 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\KAGbeVS.exe
PID 564 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\KAGbeVS.exe
PID 564 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qYxmgiF.exe
PID 564 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qYxmgiF.exe
PID 564 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VlxHywJ.exe
PID 564 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\VlxHywJ.exe
PID 564 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\usTfFqY.exe
PID 564 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\usTfFqY.exe
PID 564 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\ObktlCN.exe
PID 564 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\ObktlCN.exe
PID 564 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\lplIbkv.exe
PID 564 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\lplIbkv.exe
PID 564 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\hiKbcCC.exe
PID 564 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\hiKbcCC.exe
PID 564 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YlalZLY.exe
PID 564 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\YlalZLY.exe
PID 564 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zMxHEFI.exe
PID 564 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\zMxHEFI.exe
PID 564 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SsumNgX.exe
PID 564 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\SsumNgX.exe
PID 564 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\rRHkttK.exe
PID 564 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\rRHkttK.exe
PID 564 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qHXgpQo.exe
PID 564 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe C:\Windows\System\qHXgpQo.exe

Processes

C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80a0a37dc5df635a4d1921f471e3d8880e857e3747a68731e51dd68015fa8247_NeikiAnalytics.exe"

C:\Windows\System\VzombWL.exe

C:\Windows\System\VzombWL.exe

C:\Windows\System\xrYrWOc.exe

C:\Windows\System\xrYrWOc.exe

C:\Windows\System\qKmnThz.exe

C:\Windows\System\qKmnThz.exe

C:\Windows\System\IOLvEqi.exe

C:\Windows\System\IOLvEqi.exe

C:\Windows\System\WnyVkJO.exe

C:\Windows\System\WnyVkJO.exe

C:\Windows\System\GCEDbvL.exe

C:\Windows\System\GCEDbvL.exe

C:\Windows\System\kKzjCRb.exe

C:\Windows\System\kKzjCRb.exe

C:\Windows\System\YfOLPKu.exe

C:\Windows\System\YfOLPKu.exe

C:\Windows\System\SCUiejR.exe

C:\Windows\System\SCUiejR.exe

C:\Windows\System\nCfNyPx.exe

C:\Windows\System\nCfNyPx.exe

C:\Windows\System\nFjWDvx.exe

C:\Windows\System\nFjWDvx.exe

C:\Windows\System\yLZDMzY.exe

C:\Windows\System\yLZDMzY.exe

C:\Windows\System\IUUUjkd.exe

C:\Windows\System\IUUUjkd.exe

C:\Windows\System\WphvvhP.exe

C:\Windows\System\WphvvhP.exe

C:\Windows\System\zBlylYh.exe

C:\Windows\System\zBlylYh.exe

C:\Windows\System\JrGVRjQ.exe

C:\Windows\System\JrGVRjQ.exe

C:\Windows\System\NDmtNlZ.exe

C:\Windows\System\NDmtNlZ.exe

C:\Windows\System\VdvHsmd.exe

C:\Windows\System\VdvHsmd.exe

C:\Windows\System\eOZoBiO.exe

C:\Windows\System\eOZoBiO.exe

C:\Windows\System\eyMXzrT.exe

C:\Windows\System\eyMXzrT.exe

C:\Windows\System\KAGbeVS.exe

C:\Windows\System\KAGbeVS.exe

C:\Windows\System\qYxmgiF.exe

C:\Windows\System\qYxmgiF.exe

C:\Windows\System\VlxHywJ.exe

C:\Windows\System\VlxHywJ.exe

C:\Windows\System\usTfFqY.exe

C:\Windows\System\usTfFqY.exe

C:\Windows\System\ObktlCN.exe

C:\Windows\System\ObktlCN.exe

C:\Windows\System\lplIbkv.exe

C:\Windows\System\lplIbkv.exe

C:\Windows\System\hiKbcCC.exe

C:\Windows\System\hiKbcCC.exe

C:\Windows\System\YlalZLY.exe

C:\Windows\System\YlalZLY.exe

C:\Windows\System\zMxHEFI.exe

C:\Windows\System\zMxHEFI.exe

C:\Windows\System\SsumNgX.exe

C:\Windows\System\SsumNgX.exe

C:\Windows\System\rRHkttK.exe

C:\Windows\System\rRHkttK.exe

C:\Windows\System\qHXgpQo.exe

C:\Windows\System\qHXgpQo.exe

C:\Windows\System\QvgPxVf.exe

C:\Windows\System\QvgPxVf.exe

C:\Windows\System\oEMGpxA.exe

C:\Windows\System\oEMGpxA.exe

C:\Windows\System\nwDHeOK.exe

C:\Windows\System\nwDHeOK.exe

C:\Windows\System\SRxUOEW.exe

C:\Windows\System\SRxUOEW.exe

C:\Windows\System\XpXFKkc.exe

C:\Windows\System\XpXFKkc.exe

C:\Windows\System\sPNjvex.exe

C:\Windows\System\sPNjvex.exe

C:\Windows\System\jLoGSQf.exe

C:\Windows\System\jLoGSQf.exe

C:\Windows\System\cxhVnwC.exe

C:\Windows\System\cxhVnwC.exe

C:\Windows\System\nmQRvPk.exe

C:\Windows\System\nmQRvPk.exe

C:\Windows\System\KKKkwFe.exe

C:\Windows\System\KKKkwFe.exe

C:\Windows\System\SFKhjqv.exe

C:\Windows\System\SFKhjqv.exe

C:\Windows\System\uhdsomD.exe

C:\Windows\System\uhdsomD.exe

C:\Windows\System\Blfztad.exe

C:\Windows\System\Blfztad.exe

C:\Windows\System\TMWBrvL.exe

C:\Windows\System\TMWBrvL.exe

C:\Windows\System\jpdVOMS.exe

C:\Windows\System\jpdVOMS.exe

C:\Windows\System\gvOuPTI.exe

C:\Windows\System\gvOuPTI.exe

C:\Windows\System\jgXFsly.exe

C:\Windows\System\jgXFsly.exe

C:\Windows\System\SkZCSyd.exe

C:\Windows\System\SkZCSyd.exe

C:\Windows\System\kOvegpv.exe

C:\Windows\System\kOvegpv.exe

C:\Windows\System\JDhXOmN.exe

C:\Windows\System\JDhXOmN.exe

C:\Windows\System\AofBabw.exe

C:\Windows\System\AofBabw.exe

C:\Windows\System\oLUoiqQ.exe

C:\Windows\System\oLUoiqQ.exe

C:\Windows\System\UmkbnrL.exe

C:\Windows\System\UmkbnrL.exe

C:\Windows\System\wmPRggJ.exe

C:\Windows\System\wmPRggJ.exe

C:\Windows\System\CkkfGUX.exe

C:\Windows\System\CkkfGUX.exe

C:\Windows\System\nfvglnX.exe

C:\Windows\System\nfvglnX.exe

C:\Windows\System\UPBvBLL.exe

C:\Windows\System\UPBvBLL.exe

C:\Windows\System\SJuFxTr.exe

C:\Windows\System\SJuFxTr.exe

C:\Windows\System\ZlFjffU.exe

C:\Windows\System\ZlFjffU.exe

C:\Windows\System\TmhRKVk.exe

C:\Windows\System\TmhRKVk.exe

C:\Windows\System\nmhADdj.exe

C:\Windows\System\nmhADdj.exe

C:\Windows\System\KqInpSB.exe

C:\Windows\System\KqInpSB.exe

C:\Windows\System\HmoiCbr.exe

C:\Windows\System\HmoiCbr.exe

C:\Windows\System\PJDfSUd.exe

C:\Windows\System\PJDfSUd.exe

C:\Windows\System\KgCFXmP.exe

C:\Windows\System\KgCFXmP.exe

C:\Windows\System\ZHwrLwa.exe

C:\Windows\System\ZHwrLwa.exe

C:\Windows\System\qRemUmn.exe

C:\Windows\System\qRemUmn.exe

C:\Windows\System\vHnInvm.exe

C:\Windows\System\vHnInvm.exe

C:\Windows\System\KTEFwRu.exe

C:\Windows\System\KTEFwRu.exe

C:\Windows\System\eTKHgKP.exe

C:\Windows\System\eTKHgKP.exe

C:\Windows\System\rtCKRgX.exe

C:\Windows\System\rtCKRgX.exe

C:\Windows\System\dqQjXzX.exe

C:\Windows\System\dqQjXzX.exe

C:\Windows\System\KGkVsXS.exe

C:\Windows\System\KGkVsXS.exe

C:\Windows\System\BBBVaaQ.exe

C:\Windows\System\BBBVaaQ.exe

C:\Windows\System\qERYnGj.exe

C:\Windows\System\qERYnGj.exe

C:\Windows\System\xKtXmlT.exe

C:\Windows\System\xKtXmlT.exe

C:\Windows\System\dcrTlIQ.exe

C:\Windows\System\dcrTlIQ.exe

C:\Windows\System\MDaSkHb.exe

C:\Windows\System\MDaSkHb.exe

C:\Windows\System\NZzQMtp.exe

C:\Windows\System\NZzQMtp.exe

C:\Windows\System\DEDenUV.exe

C:\Windows\System\DEDenUV.exe

C:\Windows\System\kXTsiCv.exe

C:\Windows\System\kXTsiCv.exe

C:\Windows\System\XcmwreU.exe

C:\Windows\System\XcmwreU.exe

C:\Windows\System\FBNSQVx.exe

C:\Windows\System\FBNSQVx.exe

C:\Windows\System\JZmCRjE.exe

C:\Windows\System\JZmCRjE.exe

C:\Windows\System\dytplmZ.exe

C:\Windows\System\dytplmZ.exe

C:\Windows\System\APzNUuc.exe

C:\Windows\System\APzNUuc.exe

C:\Windows\System\hvxJJUQ.exe

C:\Windows\System\hvxJJUQ.exe

C:\Windows\System\oKzeHts.exe

C:\Windows\System\oKzeHts.exe

C:\Windows\System\SkMaMUf.exe

C:\Windows\System\SkMaMUf.exe

C:\Windows\System\accfYcm.exe

C:\Windows\System\accfYcm.exe

C:\Windows\System\VTuPLvY.exe

C:\Windows\System\VTuPLvY.exe

C:\Windows\System\jFFOpto.exe

C:\Windows\System\jFFOpto.exe

C:\Windows\System\DQnfcoo.exe

C:\Windows\System\DQnfcoo.exe

C:\Windows\System\UKHTdzh.exe

C:\Windows\System\UKHTdzh.exe

C:\Windows\System\TLAvDTB.exe

C:\Windows\System\TLAvDTB.exe

C:\Windows\System\MFlaoms.exe

C:\Windows\System\MFlaoms.exe

C:\Windows\System\ZYdSliO.exe

C:\Windows\System\ZYdSliO.exe

C:\Windows\System\FDcjfXA.exe

C:\Windows\System\FDcjfXA.exe

C:\Windows\System\bkQBfmv.exe

C:\Windows\System\bkQBfmv.exe

C:\Windows\System\jKyfeYP.exe

C:\Windows\System\jKyfeYP.exe

C:\Windows\System\krpNMUu.exe

C:\Windows\System\krpNMUu.exe

C:\Windows\System\AKEJvCX.exe

C:\Windows\System\AKEJvCX.exe

C:\Windows\System\bIpznoW.exe

C:\Windows\System\bIpznoW.exe

C:\Windows\System\gBDFlpa.exe

C:\Windows\System\gBDFlpa.exe

C:\Windows\System\FmImRWO.exe

C:\Windows\System\FmImRWO.exe

C:\Windows\System\grYHGlI.exe

C:\Windows\System\grYHGlI.exe

C:\Windows\System\ljzvcnG.exe

C:\Windows\System\ljzvcnG.exe

C:\Windows\System\pEOTKPn.exe

C:\Windows\System\pEOTKPn.exe

C:\Windows\System\GNZIIFj.exe

C:\Windows\System\GNZIIFj.exe

C:\Windows\System\UrryjUh.exe

C:\Windows\System\UrryjUh.exe

C:\Windows\System\QnhvuTh.exe

C:\Windows\System\QnhvuTh.exe

C:\Windows\System\eETJvEA.exe

C:\Windows\System\eETJvEA.exe

C:\Windows\System\shgWsUI.exe

C:\Windows\System\shgWsUI.exe

C:\Windows\System\rlEoVHl.exe

C:\Windows\System\rlEoVHl.exe

C:\Windows\System\vmDTVot.exe

C:\Windows\System\vmDTVot.exe

C:\Windows\System\MgePdsN.exe

C:\Windows\System\MgePdsN.exe

C:\Windows\System\cSAaCEL.exe

C:\Windows\System\cSAaCEL.exe

C:\Windows\System\kLjoCTA.exe

C:\Windows\System\kLjoCTA.exe

C:\Windows\System\xndgKWL.exe

C:\Windows\System\xndgKWL.exe

C:\Windows\System\SvSZaRa.exe

C:\Windows\System\SvSZaRa.exe

C:\Windows\System\oBEAOlq.exe

C:\Windows\System\oBEAOlq.exe

C:\Windows\System\MywgcMl.exe

C:\Windows\System\MywgcMl.exe

C:\Windows\System\yHVvthn.exe

C:\Windows\System\yHVvthn.exe

C:\Windows\System\reIHyCm.exe

C:\Windows\System\reIHyCm.exe

C:\Windows\System\ApaLxaJ.exe

C:\Windows\System\ApaLxaJ.exe

C:\Windows\System\gwcRXvH.exe

C:\Windows\System\gwcRXvH.exe

C:\Windows\System\MnqRWCw.exe

C:\Windows\System\MnqRWCw.exe

C:\Windows\System\NcTrwod.exe

C:\Windows\System\NcTrwod.exe

C:\Windows\System\anzBxVD.exe

C:\Windows\System\anzBxVD.exe

C:\Windows\System\lxRueBS.exe

C:\Windows\System\lxRueBS.exe

C:\Windows\System\GIPkjAE.exe

C:\Windows\System\GIPkjAE.exe

C:\Windows\System\DuFQcfC.exe

C:\Windows\System\DuFQcfC.exe

C:\Windows\System\ypZWWpp.exe

C:\Windows\System\ypZWWpp.exe

C:\Windows\System\EKcvGfz.exe

C:\Windows\System\EKcvGfz.exe

C:\Windows\System\WyzZcUC.exe

C:\Windows\System\WyzZcUC.exe

C:\Windows\System\fNXmSUj.exe

C:\Windows\System\fNXmSUj.exe

C:\Windows\System\eDPkroi.exe

C:\Windows\System\eDPkroi.exe

C:\Windows\System\jhMSgSO.exe

C:\Windows\System\jhMSgSO.exe

C:\Windows\System\EUPdZHX.exe

C:\Windows\System\EUPdZHX.exe

C:\Windows\System\ahxFuFA.exe

C:\Windows\System\ahxFuFA.exe

C:\Windows\System\VOZCYzf.exe

C:\Windows\System\VOZCYzf.exe

C:\Windows\System\LeEABpK.exe

C:\Windows\System\LeEABpK.exe

C:\Windows\System\TJzSwha.exe

C:\Windows\System\TJzSwha.exe

C:\Windows\System\mOwNbdX.exe

C:\Windows\System\mOwNbdX.exe

C:\Windows\System\acagdLk.exe

C:\Windows\System\acagdLk.exe

C:\Windows\System\KbmDEBD.exe

C:\Windows\System\KbmDEBD.exe

C:\Windows\System\EaeyIzj.exe

C:\Windows\System\EaeyIzj.exe

C:\Windows\System\mYNUOWQ.exe

C:\Windows\System\mYNUOWQ.exe

C:\Windows\System\kBZRkHu.exe

C:\Windows\System\kBZRkHu.exe

C:\Windows\System\KShZxvL.exe

C:\Windows\System\KShZxvL.exe

C:\Windows\System\zMhAtaQ.exe

C:\Windows\System\zMhAtaQ.exe

C:\Windows\System\vGvReHp.exe

C:\Windows\System\vGvReHp.exe

C:\Windows\System\WaoNLqn.exe

C:\Windows\System\WaoNLqn.exe

C:\Windows\System\WUmHbMp.exe

C:\Windows\System\WUmHbMp.exe

C:\Windows\System\vPUHnMb.exe

C:\Windows\System\vPUHnMb.exe

C:\Windows\System\fIXwCNC.exe

C:\Windows\System\fIXwCNC.exe

C:\Windows\System\htiUQrI.exe

C:\Windows\System\htiUQrI.exe

C:\Windows\System\uwnQMca.exe

C:\Windows\System\uwnQMca.exe

C:\Windows\System\NRpZMNN.exe

C:\Windows\System\NRpZMNN.exe

C:\Windows\System\hpYjlJP.exe

C:\Windows\System\hpYjlJP.exe

C:\Windows\System\TBdlbwd.exe

C:\Windows\System\TBdlbwd.exe

C:\Windows\System\mifuoWD.exe

C:\Windows\System\mifuoWD.exe

C:\Windows\System\zCGxLBN.exe

C:\Windows\System\zCGxLBN.exe

C:\Windows\System\nadyBlF.exe

C:\Windows\System\nadyBlF.exe

C:\Windows\System\PtlvycL.exe

C:\Windows\System\PtlvycL.exe

C:\Windows\System\wLVNZGC.exe

C:\Windows\System\wLVNZGC.exe

C:\Windows\System\uEGLGcS.exe

C:\Windows\System\uEGLGcS.exe

C:\Windows\System\aESuFHM.exe

C:\Windows\System\aESuFHM.exe

C:\Windows\System\wuLDZNU.exe

C:\Windows\System\wuLDZNU.exe

C:\Windows\System\JlDFdMS.exe

C:\Windows\System\JlDFdMS.exe

C:\Windows\System\ykrNxWa.exe

C:\Windows\System\ykrNxWa.exe

C:\Windows\System\NRNbtvB.exe

C:\Windows\System\NRNbtvB.exe

C:\Windows\System\kLLKeRd.exe

C:\Windows\System\kLLKeRd.exe

C:\Windows\System\PWsqeeZ.exe

C:\Windows\System\PWsqeeZ.exe

C:\Windows\System\MojAPQV.exe

C:\Windows\System\MojAPQV.exe

C:\Windows\System\LwKVXni.exe

C:\Windows\System\LwKVXni.exe

C:\Windows\System\Efmmqws.exe

C:\Windows\System\Efmmqws.exe

C:\Windows\System\gKjTcgK.exe

C:\Windows\System\gKjTcgK.exe

C:\Windows\System\STVRSzN.exe

C:\Windows\System\STVRSzN.exe

C:\Windows\System\aUzJzJE.exe

C:\Windows\System\aUzJzJE.exe

C:\Windows\System\tIDwetZ.exe

C:\Windows\System\tIDwetZ.exe

C:\Windows\System\McjcSzD.exe

C:\Windows\System\McjcSzD.exe

C:\Windows\System\lfgYbXn.exe

C:\Windows\System\lfgYbXn.exe

C:\Windows\System\WbCuGop.exe

C:\Windows\System\WbCuGop.exe

C:\Windows\System\AKghekH.exe

C:\Windows\System\AKghekH.exe

C:\Windows\System\jiSBTIl.exe

C:\Windows\System\jiSBTIl.exe

C:\Windows\System\KQJDRcG.exe

C:\Windows\System\KQJDRcG.exe

C:\Windows\System\iIeqnul.exe

C:\Windows\System\iIeqnul.exe

C:\Windows\System\rrnUvqz.exe

C:\Windows\System\rrnUvqz.exe

C:\Windows\System\bHJoWRZ.exe

C:\Windows\System\bHJoWRZ.exe

C:\Windows\System\bpQjWqG.exe

C:\Windows\System\bpQjWqG.exe

C:\Windows\System\EWlIwBk.exe

C:\Windows\System\EWlIwBk.exe

C:\Windows\System\yJGtKqe.exe

C:\Windows\System\yJGtKqe.exe

C:\Windows\System\nFdLBmI.exe

C:\Windows\System\nFdLBmI.exe

C:\Windows\System\zumbjRQ.exe

C:\Windows\System\zumbjRQ.exe

C:\Windows\System\EHSOcjr.exe

C:\Windows\System\EHSOcjr.exe

C:\Windows\System\satdwZm.exe

C:\Windows\System\satdwZm.exe

C:\Windows\System\ORncjCK.exe

C:\Windows\System\ORncjCK.exe

C:\Windows\System\btPjokC.exe

C:\Windows\System\btPjokC.exe

C:\Windows\System\VDydXKv.exe

C:\Windows\System\VDydXKv.exe

C:\Windows\System\RrOsQLu.exe

C:\Windows\System\RrOsQLu.exe

C:\Windows\System\XTCFrgx.exe

C:\Windows\System\XTCFrgx.exe

C:\Windows\System\nzGWSsS.exe

C:\Windows\System\nzGWSsS.exe

C:\Windows\System\FFknRwq.exe

C:\Windows\System\FFknRwq.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1748,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8

C:\Windows\System\kQpLsRg.exe

C:\Windows\System\kQpLsRg.exe

C:\Windows\System\fyCvdMT.exe

C:\Windows\System\fyCvdMT.exe

C:\Windows\System\fHWCgcF.exe

C:\Windows\System\fHWCgcF.exe

C:\Windows\System\cgFGmHF.exe

C:\Windows\System\cgFGmHF.exe

C:\Windows\System\ssTBmGD.exe

C:\Windows\System\ssTBmGD.exe

C:\Windows\System\IZKxJwD.exe

C:\Windows\System\IZKxJwD.exe

C:\Windows\System\cbgfGvR.exe

C:\Windows\System\cbgfGvR.exe

C:\Windows\System\BsAZiyO.exe

C:\Windows\System\BsAZiyO.exe

C:\Windows\System\MmPovQo.exe

C:\Windows\System\MmPovQo.exe

C:\Windows\System\EtJxhKc.exe

C:\Windows\System\EtJxhKc.exe

C:\Windows\System\bscJebV.exe

C:\Windows\System\bscJebV.exe

C:\Windows\System\CxfFiHh.exe

C:\Windows\System\CxfFiHh.exe

C:\Windows\System\WLZxInC.exe

C:\Windows\System\WLZxInC.exe

C:\Windows\System\hrbOHYZ.exe

C:\Windows\System\hrbOHYZ.exe

C:\Windows\System\uGIbaCR.exe

C:\Windows\System\uGIbaCR.exe

C:\Windows\System\AthFqRq.exe

C:\Windows\System\AthFqRq.exe

C:\Windows\System\tnoUcJd.exe

C:\Windows\System\tnoUcJd.exe

C:\Windows\System\RyRxhvl.exe

C:\Windows\System\RyRxhvl.exe

C:\Windows\System\ZkkKuKu.exe

C:\Windows\System\ZkkKuKu.exe

C:\Windows\System\dZkosVK.exe

C:\Windows\System\dZkosVK.exe

C:\Windows\System\ZYiazXo.exe

C:\Windows\System\ZYiazXo.exe

C:\Windows\System\lCILFsb.exe

C:\Windows\System\lCILFsb.exe

C:\Windows\System\kQxKlKn.exe

C:\Windows\System\kQxKlKn.exe

C:\Windows\System\CjUsTDl.exe

C:\Windows\System\CjUsTDl.exe

C:\Windows\System\MIswwEM.exe

C:\Windows\System\MIswwEM.exe

C:\Windows\System\ZMqiFkV.exe

C:\Windows\System\ZMqiFkV.exe

C:\Windows\System\yRaiasO.exe

C:\Windows\System\yRaiasO.exe

C:\Windows\System\NnmgDyS.exe

C:\Windows\System\NnmgDyS.exe

C:\Windows\System\gmfxkgt.exe

C:\Windows\System\gmfxkgt.exe

C:\Windows\System\kexVzjS.exe

C:\Windows\System\kexVzjS.exe

C:\Windows\System\aBdGwOh.exe

C:\Windows\System\aBdGwOh.exe

C:\Windows\System\TIcldGT.exe

C:\Windows\System\TIcldGT.exe

C:\Windows\System\nWJbsiM.exe

C:\Windows\System\nWJbsiM.exe

C:\Windows\System\fhjnKuA.exe

C:\Windows\System\fhjnKuA.exe

C:\Windows\System\ZSIsJBO.exe

C:\Windows\System\ZSIsJBO.exe

C:\Windows\System\nAuiEYX.exe

C:\Windows\System\nAuiEYX.exe

C:\Windows\System\IxJgKuH.exe

C:\Windows\System\IxJgKuH.exe

C:\Windows\System\CkUkfUM.exe

C:\Windows\System\CkUkfUM.exe

C:\Windows\System\FrfopLs.exe

C:\Windows\System\FrfopLs.exe

C:\Windows\System\iJsNObc.exe

C:\Windows\System\iJsNObc.exe

C:\Windows\System\hjlIBOU.exe

C:\Windows\System\hjlIBOU.exe

C:\Windows\System\QttAZJE.exe

C:\Windows\System\QttAZJE.exe

C:\Windows\System\MhbPLAB.exe

C:\Windows\System\MhbPLAB.exe

C:\Windows\System\JSzIvty.exe

C:\Windows\System\JSzIvty.exe

C:\Windows\System\xTSDUKU.exe

C:\Windows\System\xTSDUKU.exe

C:\Windows\System\cbOtujG.exe

C:\Windows\System\cbOtujG.exe

C:\Windows\System\XVHITFM.exe

C:\Windows\System\XVHITFM.exe

C:\Windows\System\bsfJrOd.exe

C:\Windows\System\bsfJrOd.exe

C:\Windows\System\USGHpbj.exe

C:\Windows\System\USGHpbj.exe

C:\Windows\System\RMjvQkq.exe

C:\Windows\System\RMjvQkq.exe

C:\Windows\System\oBFDJVB.exe

C:\Windows\System\oBFDJVB.exe

C:\Windows\System\mvDWulK.exe

C:\Windows\System\mvDWulK.exe

C:\Windows\System\KfJlRkE.exe

C:\Windows\System\KfJlRkE.exe

C:\Windows\System\PaQPkii.exe

C:\Windows\System\PaQPkii.exe

C:\Windows\System\PbmGqXj.exe

C:\Windows\System\PbmGqXj.exe

C:\Windows\System\gGmvVKe.exe

C:\Windows\System\gGmvVKe.exe

C:\Windows\System\UnUoipo.exe

C:\Windows\System\UnUoipo.exe

C:\Windows\System\AoPdqzQ.exe

C:\Windows\System\AoPdqzQ.exe

C:\Windows\System\eRLTPgL.exe

C:\Windows\System\eRLTPgL.exe

C:\Windows\System\USOZyCf.exe

C:\Windows\System\USOZyCf.exe

C:\Windows\System\NrfgvoM.exe

C:\Windows\System\NrfgvoM.exe

C:\Windows\System\NLDidPp.exe

C:\Windows\System\NLDidPp.exe

C:\Windows\System\lWegMIp.exe

C:\Windows\System\lWegMIp.exe

C:\Windows\System\WPWXJrl.exe

C:\Windows\System\WPWXJrl.exe

C:\Windows\System\hNcTZDW.exe

C:\Windows\System\hNcTZDW.exe

C:\Windows\System\GAJySpM.exe

C:\Windows\System\GAJySpM.exe

C:\Windows\System\VCtxQPE.exe

C:\Windows\System\VCtxQPE.exe

C:\Windows\System\fhIfaGO.exe

C:\Windows\System\fhIfaGO.exe

C:\Windows\System\Kvwjmvu.exe

C:\Windows\System\Kvwjmvu.exe

C:\Windows\System\DYlOSWg.exe

C:\Windows\System\DYlOSWg.exe

C:\Windows\System\PIrcbkm.exe

C:\Windows\System\PIrcbkm.exe

C:\Windows\System\eGOZPpk.exe

C:\Windows\System\eGOZPpk.exe

C:\Windows\System\rItmfMX.exe

C:\Windows\System\rItmfMX.exe

C:\Windows\System\PAxFyrh.exe

C:\Windows\System\PAxFyrh.exe

C:\Windows\System\NcytrrI.exe

C:\Windows\System\NcytrrI.exe

C:\Windows\System\WtpxdFs.exe

C:\Windows\System\WtpxdFs.exe

C:\Windows\System\HgDluJl.exe

C:\Windows\System\HgDluJl.exe

C:\Windows\System\lGvbqfD.exe

C:\Windows\System\lGvbqfD.exe

C:\Windows\System\ctUcDaq.exe

C:\Windows\System\ctUcDaq.exe

C:\Windows\System\EPRxzRC.exe

C:\Windows\System\EPRxzRC.exe

C:\Windows\System\nDFbszs.exe

C:\Windows\System\nDFbszs.exe

C:\Windows\System\TEvuIXY.exe

C:\Windows\System\TEvuIXY.exe

C:\Windows\System\nJKZYPU.exe

C:\Windows\System\nJKZYPU.exe

C:\Windows\System\GNtyBTP.exe

C:\Windows\System\GNtyBTP.exe

C:\Windows\System\vQLvlUF.exe

C:\Windows\System\vQLvlUF.exe

C:\Windows\System\OdliaaA.exe

C:\Windows\System\OdliaaA.exe

C:\Windows\System\QJNzpRf.exe

C:\Windows\System\QJNzpRf.exe

C:\Windows\System\HCKcSMW.exe

C:\Windows\System\HCKcSMW.exe

C:\Windows\System\LkLsnbX.exe

C:\Windows\System\LkLsnbX.exe

C:\Windows\System\pcpIbnS.exe

C:\Windows\System\pcpIbnS.exe

C:\Windows\System\cptwBgM.exe

C:\Windows\System\cptwBgM.exe

C:\Windows\System\rZHKobC.exe

C:\Windows\System\rZHKobC.exe

C:\Windows\System\vaFMwed.exe

C:\Windows\System\vaFMwed.exe

C:\Windows\System\VkBMFpS.exe

C:\Windows\System\VkBMFpS.exe

C:\Windows\System\PqXNmsL.exe

C:\Windows\System\PqXNmsL.exe

C:\Windows\System\HFdfAAP.exe

C:\Windows\System\HFdfAAP.exe

C:\Windows\System\drCnKep.exe

C:\Windows\System\drCnKep.exe

C:\Windows\System\OTDRhof.exe

C:\Windows\System\OTDRhof.exe

C:\Windows\System\cvcCTiM.exe

C:\Windows\System\cvcCTiM.exe

C:\Windows\System\UHDTAWk.exe

C:\Windows\System\UHDTAWk.exe

C:\Windows\System\RidSRxV.exe

C:\Windows\System\RidSRxV.exe

C:\Windows\System\fAgkOUw.exe

C:\Windows\System\fAgkOUw.exe

C:\Windows\System\ZQXEfKe.exe

C:\Windows\System\ZQXEfKe.exe

C:\Windows\System\wMHQZbl.exe

C:\Windows\System\wMHQZbl.exe

C:\Windows\System\DQibYCr.exe

C:\Windows\System\DQibYCr.exe

C:\Windows\System\UpARmpE.exe

C:\Windows\System\UpARmpE.exe

C:\Windows\System\xJBMUZg.exe

C:\Windows\System\xJBMUZg.exe

C:\Windows\System\spVPHPG.exe

C:\Windows\System\spVPHPG.exe

C:\Windows\System\JsISwpk.exe

C:\Windows\System\JsISwpk.exe

C:\Windows\System\wiusmbU.exe

C:\Windows\System\wiusmbU.exe

C:\Windows\System\vtWZjsh.exe

C:\Windows\System\vtWZjsh.exe

C:\Windows\System\BBbtIZS.exe

C:\Windows\System\BBbtIZS.exe

C:\Windows\System\DKFBHnU.exe

C:\Windows\System\DKFBHnU.exe

C:\Windows\System\kWeWhdq.exe

C:\Windows\System\kWeWhdq.exe

C:\Windows\System\LHMKBsx.exe

C:\Windows\System\LHMKBsx.exe

C:\Windows\System\NFrpqFr.exe

C:\Windows\System\NFrpqFr.exe

C:\Windows\System\LopqOwh.exe

C:\Windows\System\LopqOwh.exe

C:\Windows\System\xCPCXai.exe

C:\Windows\System\xCPCXai.exe

C:\Windows\System\LdDavex.exe

C:\Windows\System\LdDavex.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/564-0-0x00007FF74F3D0000-0x00007FF74F724000-memory.dmp

memory/564-1-0x00000242C30C0000-0x00000242C30D0000-memory.dmp

C:\Windows\System\VzombWL.exe

MD5 afed59989fd25077119fe02b27791c34
SHA1 af08375d02bdfe2e1c0cfa9caa5a6acf2892559d
SHA256 156a690ad73d3af8b892e83e8cd641dc78694b28abcda4de9c8a3e376287faf1
SHA512 eea5bee79908f95bc4167419a3ef47e5d86e260ba66d3cc912591f0f5c87f261393292faac909c328b8702a89fba45fd04f8d2896f4376fc105c5b96803fcca8

memory/3068-6-0x00007FF6D03E0000-0x00007FF6D0734000-memory.dmp

C:\Windows\System\qKmnThz.exe

MD5 33cdf0821ba7a70e54281a9c87461d23
SHA1 901187c1b83993868fec395ad248cf1484b4dbc1
SHA256 e1117cd9aba3bf7b5a2a3898045af3babd8186bcb70b252887ab77a734854894
SHA512 39937e0b7509965538124e14ba5967ae5b032794e7807a24a5468441ed0e0cb87ae7e774dcffb16ef2c10d39e17559bf3cc6d1e62f96e7fd94a8d7a6bcbe3873

C:\Windows\System\xrYrWOc.exe

MD5 83b020b951bb1b3b6434ac511724a672
SHA1 533bff7613730ecdfa4b7bb41e1575db7d074b3e
SHA256 9cdc848f02cbdb001d7cf472d67a9fa106a32aa7f7d989ee02281ed9c73145d4
SHA512 d1f6e13e012327d4421937448dca612b74dd7a973fab8ddf6ed6229b5e6cfd96c1c962e26e7a7f314960d3b1fe4476bf5811a36aba4e93936dae6ab2ff2145e9

memory/4916-24-0x00007FF6C98B0000-0x00007FF6C9C04000-memory.dmp

C:\Windows\System\GCEDbvL.exe

MD5 07034bb370b6b4581c9f14954f6ae983
SHA1 2f6f6fd00e1d6d0112d361e1357346eb30c84023
SHA256 b77c3710adc3bcf30394c53ed5615a02a4c192fc5f5c6263d731e7426af46f7c
SHA512 32ae5a5d413b3b5fe451b984c6a8974152a4ff29f4039df532621283710ffb772a40cd885106680b6793a1035c423973d816f260e6f5b1794769bdbd6ddb734f

C:\Windows\System\kKzjCRb.exe

MD5 b7ac4a6835fc31cc49c5b2a02b66bc5b
SHA1 9821e5d59ef070aa7423a21727aa7274469a043b
SHA256 8106077d194b0daa5389e6e3a921478b0b4e9edb5b315721327687eb3b980910
SHA512 10b02e9159e0aec6f9862941a1a5cd82c18eea2fa39fecab00a28157484f943ff14f0344f8929554189deab0dd8fa253e53d310b1b0748fcae6acc2fed10813d

C:\Windows\System\YfOLPKu.exe

MD5 bbb94646db8c270a394473cba4f79712
SHA1 45f1e0fb578ac0c5f82b5b371840237bb5284506
SHA256 1e7d08209ef56e148cad94361ce055351f4153f182e535895fd0afed630808dd
SHA512 a42965e572208f992c570503278443b0eea58fbf29742834e784954eb6896d0cae2559e0853d413423f1eaf9223b7856c39fc2903ef9caf990bad6b8e7d170b9

C:\Windows\System\nFjWDvx.exe

MD5 e840f9fb94ac363febebef8b0ac4afce
SHA1 8eaaa539039e48033bea0300ac598fbe3d3f3fd8
SHA256 ade5dd120f3d070c87e11e153282ca04fb9726e573a27a010c17b232654b4361
SHA512 84e13fffcbaa324b15b6fd0a78393d99cf82bec7710de0367700d36fb74bd2a0991f0fa0d3cf86faf561c136da9bfa724b5035d2cc5966f57fabe677fdf571eb

C:\Windows\System\zBlylYh.exe

MD5 7b8f3404d6f6c8fb85a71b3adb80e822
SHA1 e774fa91ad5d886ee4f43994eaa1c326747dee64
SHA256 fe911cb8ea2c4cc7fe06dbc640afb625fe0b60ffebe844217faa0dcbe9966458
SHA512 cc8cb53f51972d9de0c8abe88f2d3add71620d08143f86f12688d3fca86c7c326d2693f5a3da960d6b11b25d6f62fdd9e073577270593469a06a47f6afaec96c

C:\Windows\System\JrGVRjQ.exe

MD5 9974616a3713dd38264156ba2608dd82
SHA1 61517d1b49e669c1b6d3a8de4047d9c72505a4c4
SHA256 96a531445437cf67e15eb5d3c9484ca6ee86d9dd3b3ba87061a6fb5e3b030ea4
SHA512 8cd5edb93e2c5bf8ce48b66353a888a92e939a606f70879916ec8bf299e52956a716e96d810031a92a42ce49fa6f6ed99ee27bdcd0e44f898436662d8de707e6

C:\Windows\System\VlxHywJ.exe

MD5 5a070d1e4740da87ddc41db60a7833b1
SHA1 88922b69a3dcea2c370b00dc7e94fa2cb4887afe
SHA256 ce25a93f406d897ebae3e61d6274b118e9c9d95f373ffb3e829190a32fddd885
SHA512 fa5abf0d1847ff1f6bb6aabc16892c80ad84dbf2b409293479c6f6a23c1509940233c0fed6b42762c07059ee1352aa6566d5303c47122f6308613257b4dafaa8

C:\Windows\System\lplIbkv.exe

MD5 59a8241dabad6ebdcb8b4a80455c3afc
SHA1 df1093a64bcef8e058dc8e9809da0e46ff6ae93f
SHA256 d36ed869ffd19c41777affd645f9d058496939a06c9e2ae650602e20c4a87885
SHA512 fd95323cbb67acf2c7f98ef30e52bb252e9e51ee26688a3ccf78d4e913c5f81293d8f36f71e999f48268472ca923b3382e5b4c491354ae6881b6ede9fe82acdd

C:\Windows\System\SsumNgX.exe

MD5 da7b5ff671e275a6760b0ac5c2710256
SHA1 d1205485256f7a5d71736c2d30fa89b061eff903
SHA256 1416ee3533f80f62ff503d61aeea65865d9a6a6c15f736311c0a7c8f744652b5
SHA512 75be9fe02425e28214f47bbe90c849d41f309deec4739e2833df2673c8de94b849b0125cb97331c996e653e5cb4bb36a66cb12b12dab4975528c8bb413334673

memory/1808-685-0x00007FF677020000-0x00007FF677374000-memory.dmp

C:\Windows\System\QvgPxVf.exe

MD5 b68789947dbb3f9eb3eb7d8e56b025b7
SHA1 b93f56dcd3685ac0caa5062813effbcd32933458
SHA256 9d0b06e2e4e3acbb5ed09e30718c130368bc490adda4dd797eadac8c3664fd4a
SHA512 1678fb417f8047c2c45cb292ca056648e9d34fc0d018c8e460969c8cad42afa1d6d9ada450e6f88a6be1880b7e96ff829be645343e0608b942b39546ee16eb17

C:\Windows\System\rRHkttK.exe

MD5 1462ae779e6856865801f3db99895c76
SHA1 71b70561fd473493a96181a05e989cd44e96a1e7
SHA256 d3c2dd5e7d953adb8b07ab6385d76fa329b82f9c1164037f29257b37ee4a9d69
SHA512 6924821a97765f7ae191b3d86cffbe698921f5bf0287152e24b98d5e8d2ffa2ab978ae21c01ca44b16fcbd3e529d5c9d74add0967f548d34eff696a5b57158b7

C:\Windows\System\qHXgpQo.exe

MD5 3bf3530b6b4d9383b34277d2c68e9b11
SHA1 bfe5d8792614908e0713d02deef659d43e48a6bf
SHA256 59485c3d6119585c2b542ac4b13b9f5cf8b6894d4c1f1c5a41a2e144b6c0e59e
SHA512 879784db3c7f715b49455af66b42ce4117e18237c2978f5612389c6b15fd11c96d743ff626fadfabf299b16f764e3010b59221498ccee1a3d4d9f7f7cca4c1ea

C:\Windows\System\zMxHEFI.exe

MD5 b34f678793d7761750e83c413bb3451b
SHA1 89784e3d625c42f7da1c94ce58c575f80a3aaf1f
SHA256 5bffd3f1cdb98c4923105945e303a7eac4193b3774bb04f5aa46acc7bc480464
SHA512 85729d331314c9b67d7adc506566af0670f7334d006d104da5225cbe35d90a898d420a7c7bac38fee3e16c9dd654b05b042e13fe178eb955c0867cb939f6b80b

C:\Windows\System\YlalZLY.exe

MD5 f0a78555e0678b0e02b13a552b815965
SHA1 dbaa7058fe54f51221707c42c3b427bf82a7b2ce
SHA256 c7e7214240150ed2ffd58e286657f1fd7db644cdbcacc03f83ca2c5b666a7297
SHA512 a8971ec64220202c9f8ea277de89dc01e5a51a778e6f40f167bd59bc5b6848179db945c940d309093d4e16bb2e318b64df5e385b2d1039f0c5c3dd13e2fbb681

C:\Windows\System\hiKbcCC.exe

MD5 5d21b250d407d8ec7c9f8147fb2e4932
SHA1 2f8c54ab2e66dbfa9897e2052d76cde83ffaeb29
SHA256 9f66b03f5bde9c309368c0628a987959635d2115aa3c84a6d3ad0da2ab6548ac
SHA512 5a28182450bc3b236b09882ad350419d4ec0070424f25a3f87e9e1589105298f1947719e9868639c2dc4bd0c6394c9fe7b3ed55f17e832636248e42479136461

C:\Windows\System\ObktlCN.exe

MD5 9ff2792eef46a87a943732f0753552cf
SHA1 a4f3a30f3ae9526800bc5eb3e5652e2cc3ef3c3f
SHA256 00980588c0cad8da5065ec8b9e284aa3a51b2ffae30640cc1b19decfbceecf3b
SHA512 e6585e1a45df7c7160bd0fa4a2db8e4d21b04b6ae9eeb7570d5b4945e816e8202bff948796f5290c9848f93dbccf8d452f51d2d6816f55f2a8ea961b8814cd13

C:\Windows\System\usTfFqY.exe

MD5 c2d7fb778606c4116c8062c54fc5a6a0
SHA1 b27e3dc940b350f1d60fd048d09f08a4d5a8e66b
SHA256 6db7f188b89e5479df9e28bd08576c98eb6ad063219ed034921eccda1acbbdf0
SHA512 61fc32ed3efa372523783897c2850dcf6809e894a79bc6c65b8e4cb4cd317832d6c6fef2882b7a3aac5f3f89471ae031ce73e2b616227fac9fbdc8000fb1d226

C:\Windows\System\qYxmgiF.exe

MD5 04e05c7d504b9bda8a54ba4e4073d5b0
SHA1 3a1b81da27bfbe7d833d82df64a4f485fbd13e26
SHA256 70ec1c8ebd269ad80af5f12b26f8416b983cb47d5e37ff1e4a3c9242ce452971
SHA512 f2067caad02d2b232a63ae1415a9b52b5839fb49911de51c285db65fb1f54ee2bd0c06942f9d605ee5f046dec6bb2d69892dae80c2126c87f2fcefe07fd89037

C:\Windows\System\KAGbeVS.exe

MD5 cd17116595ecca69093e76fb50af9742
SHA1 574db99e71a246c2b341013f0db2ad2cd02548a5
SHA256 ca0e6daeffa4c87beff6206730f60ca44460abfe15b76840988bc7b904392b69
SHA512 e481526286b588a057ff2eae00726aa7de0e58a9a97597507a806fa194f4b174d48372be61b71e30794fd604ff304cf0599f138c84568746e820a7393894e2ce

C:\Windows\System\eyMXzrT.exe

MD5 8d65c5f1823bc88c89a3becdee93aa48
SHA1 597f3519f974fb03bf801801292651e27516e979
SHA256 5c4459620ef87b4feb84bdeb74e42243633f30a971830f302dd0a3989d89c14d
SHA512 e61508c258c2b02a5d4ca2327223600af79af6b93fb14f28529ca03fb8089f1c5645c383f0b6f0901deae279b95f0fc530c02926ddc78ac54a69287865448cf9

C:\Windows\System\eOZoBiO.exe

MD5 f13322f7c907f0f9e7df92f0629bb946
SHA1 194fe17da1ebad333cc12607d922d4a89bd3b793
SHA256 7bfcf5322a624c81b0bf95f83ea6ea1171f231a40b50272762e731de3bb6dede
SHA512 2a23e6c3d15af2151136b748f82b803dae1637ccc907e3e69c3168a9baf49557a7bfc1da8562aaade066cfef472f57a7a03d702bf4ce9f931ee773deab948789

C:\Windows\System\VdvHsmd.exe

MD5 03650092112f597e454f5f1fc14326db
SHA1 a8b7a4fda51060d669ac7d923c32c96d631b59f9
SHA256 caad5f6331eba576f1cfa10def5e46c88e107aec8915598077d3f56d019f700e
SHA512 5486459f7533d7036d5cf668fbfe5219d6939ad547d58271030808d5c6d6e7b158b67f27d4fc52bd19c99ef8fb49d035d046aed53ccca7fae99b28c481917601

C:\Windows\System\NDmtNlZ.exe

MD5 52a46c866c830418b95f669d5bb5b747
SHA1 b936b529c10f174b3d17cf816ab6dfbf273a6425
SHA256 eba793821df9275906859642b2f69fb156567cb7777b60353251cd0956d2aa73
SHA512 9077b296d9c872803d525ea67d9a261c7a9231f92f79b79d0522f4e071bde7569b236a2f2882e25296e0155ec94b639358e6301f1e0665572ebb85456ab56766

C:\Windows\System\WphvvhP.exe

MD5 761d16f10f47f8f91bf4a13a6cf5b8be
SHA1 74e3a0035b0ff3e2dbecfbf0ba8bb189b5be6862
SHA256 1632b03cae432f885a191908f8eb6dc67750d25ab566a5ce6e48382832c30263
SHA512 140d697a67e4f2bd32e91a8f7a0b9f7a22510b1bf00250eb389776fb7712d026d9994245729ee019b9801fa3cad253e9556b7d3cbb0515b57dc33fe1f3413aad

C:\Windows\System\IUUUjkd.exe

MD5 a8cef213ed6adb4e3537ae6472226dc9
SHA1 1206993d874e19713eb00c886c8e06b5317aeee7
SHA256 e6c300f95c40d64eb6c329616fd4ba8e527c7c01eaa13a71f65addb34c112c97
SHA512 550d6ad5523b2333470dcc6f6d966e7be0466b7f83049014e49e9eef41b6d35810e5af882d3cb288a4ca157131d5f166cef643cb304e0bc8ebf890eaa64c3a86

C:\Windows\System\yLZDMzY.exe

MD5 4c3f011b6b181598a7c67f51a2d83011
SHA1 55559848f732031240e7833f47844ca326833618
SHA256 d5cc0a0d214d942e1284237dd8817ae600293cd635604d4bb668ecfcba009983
SHA512 d3403272af2328b6bb3d4869a7db33561f9484f1c7687ad70b83659fd22163cd5c06b1a19ff612d17f4f6d918e330bc8e1d3721bbe5d618d84f7419b9c0a7c25

C:\Windows\System\nCfNyPx.exe

MD5 285da58bcf135b830380a1e3a987bd0b
SHA1 bdf0b6775a21a21c4766194508beea08dd52bc05
SHA256 78bf3a4e97840a5d666a9b4bb6219538c22e4e36cf1e989f0c57f4fe6ac1abe6
SHA512 5eaf8c0e04d8f3c42a1d9ed8a1476fe47a7c859a02740bbb9b5933627e9fc714c6b3652f42d75c63c6e1dd99a2e1159d7b785387f9dad07d33bcec0b53242b54

memory/1812-54-0x00007FF60A5F0000-0x00007FF60A944000-memory.dmp

C:\Windows\System\SCUiejR.exe

MD5 51f8cc4c0d223b154c5f2e6b44509ab5
SHA1 08e80fddce68916a32a1c66b108a11ba106adee0
SHA256 25937031aa4c6b878e9b24ce1caf5425506fe73afd50192334b92c47f2a698aa
SHA512 7883f0f5594a97d53f608e7ef69f8b0e239c3e93c70705f3c37b822bfcc3aa5f4c11adcd483624b869fb9a1dbc8ea3806f9216ddaad878ce88e24d3dcd8c8bd6

memory/4688-49-0x00007FF6F16C0000-0x00007FF6F1A14000-memory.dmp

C:\Windows\System\WnyVkJO.exe

MD5 983688d58beb705b8a808c52159b4fe4
SHA1 1c09952e50ea6a429f4d562453a8304ce0283a8e
SHA256 24f7f4805afac3c17f9f0f1064bfada6954e905ca006f4a5e3e0951bbf71e898
SHA512 638b5cec5adde4b818d2fed702a795544518b480da223676e017b20c4babc6d33cc607095feb999ae5be42310f3d260ffd287ce048ec0330299a4aae895c0cc1

C:\Windows\System\IOLvEqi.exe

MD5 82d8eed0fafde7d730a46c7c1bcce455
SHA1 a65747af828f3ad202c2458f3af501443d6aa287
SHA256 cb9872c6f578614f1e2f3b8535944ab21e2a8c448b3d132a7d3a2ac5d388171a
SHA512 9e1419dad9f2650abbc0bf7cca6765211a33ca5f15ba73a9005b0dd54c590f11c7b0f3b54929cd9132a95bfb0c24786c2c7b7722c053ad6e9b46f8219d9a33c0

memory/1676-18-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

memory/512-17-0x00007FF612DF0000-0x00007FF613144000-memory.dmp

memory/452-686-0x00007FF7BDDB0000-0x00007FF7BE104000-memory.dmp

memory/2384-688-0x00007FF7DAFF0000-0x00007FF7DB344000-memory.dmp

memory/876-687-0x00007FF688720000-0x00007FF688A74000-memory.dmp

memory/2868-689-0x00007FF7DF9C0000-0x00007FF7DFD14000-memory.dmp

memory/4440-690-0x00007FF667660000-0x00007FF6679B4000-memory.dmp

memory/436-691-0x00007FF627E60000-0x00007FF6281B4000-memory.dmp

memory/2600-700-0x00007FF653DF0000-0x00007FF654144000-memory.dmp

memory/3444-692-0x00007FF77EE80000-0x00007FF77F1D4000-memory.dmp

memory/4736-720-0x00007FF747630000-0x00007FF747984000-memory.dmp

memory/660-711-0x00007FF718820000-0x00007FF718B74000-memory.dmp

memory/3088-729-0x00007FF686E80000-0x00007FF6871D4000-memory.dmp

memory/1108-741-0x00007FF651260000-0x00007FF6515B4000-memory.dmp

memory/1724-768-0x00007FF7C7FD0000-0x00007FF7C8324000-memory.dmp

memory/4880-761-0x00007FF7B2E00000-0x00007FF7B3154000-memory.dmp

memory/1244-758-0x00007FF7EC390000-0x00007FF7EC6E4000-memory.dmp

memory/5004-781-0x00007FF7ABFE0000-0x00007FF7AC334000-memory.dmp

memory/5020-793-0x00007FF760320000-0x00007FF760674000-memory.dmp

memory/4252-796-0x00007FF72B300000-0x00007FF72B654000-memory.dmp

memory/4176-790-0x00007FF777780000-0x00007FF777AD4000-memory.dmp

memory/4924-782-0x00007FF7FB090000-0x00007FF7FB3E4000-memory.dmp

memory/3632-773-0x00007FF6B0C50000-0x00007FF6B0FA4000-memory.dmp

memory/4792-749-0x00007FF7E87A0000-0x00007FF7E8AF4000-memory.dmp

memory/564-1069-0x00007FF74F3D0000-0x00007FF74F724000-memory.dmp

memory/3068-1070-0x00007FF6D03E0000-0x00007FF6D0734000-memory.dmp

memory/1676-1071-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

memory/4916-1072-0x00007FF6C98B0000-0x00007FF6C9C04000-memory.dmp

memory/3068-1073-0x00007FF6D03E0000-0x00007FF6D0734000-memory.dmp

memory/512-1074-0x00007FF612DF0000-0x00007FF613144000-memory.dmp

memory/1676-1075-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

memory/4688-1076-0x00007FF6F16C0000-0x00007FF6F1A14000-memory.dmp

memory/1808-1078-0x00007FF677020000-0x00007FF677374000-memory.dmp

memory/1812-1077-0x00007FF60A5F0000-0x00007FF60A944000-memory.dmp

memory/452-1080-0x00007FF7BDDB0000-0x00007FF7BE104000-memory.dmp

memory/4916-1079-0x00007FF6C98B0000-0x00007FF6C9C04000-memory.dmp

memory/876-1081-0x00007FF688720000-0x00007FF688A74000-memory.dmp

memory/4252-1082-0x00007FF72B300000-0x00007FF72B654000-memory.dmp

memory/2384-1083-0x00007FF7DAFF0000-0x00007FF7DB344000-memory.dmp

memory/2868-1084-0x00007FF7DF9C0000-0x00007FF7DFD14000-memory.dmp

memory/1108-1088-0x00007FF651260000-0x00007FF6515B4000-memory.dmp

memory/436-1093-0x00007FF627E60000-0x00007FF6281B4000-memory.dmp

memory/1724-1096-0x00007FF7C7FD0000-0x00007FF7C8324000-memory.dmp

memory/5004-1097-0x00007FF7ABFE0000-0x00007FF7AC334000-memory.dmp

memory/4880-1095-0x00007FF7B2E00000-0x00007FF7B3154000-memory.dmp

memory/1244-1094-0x00007FF7EC390000-0x00007FF7EC6E4000-memory.dmp

memory/3444-1092-0x00007FF77EE80000-0x00007FF77F1D4000-memory.dmp

memory/2600-1091-0x00007FF653DF0000-0x00007FF654144000-memory.dmp

memory/660-1090-0x00007FF718820000-0x00007FF718B74000-memory.dmp

memory/4736-1089-0x00007FF747630000-0x00007FF747984000-memory.dmp

memory/4792-1087-0x00007FF7E87A0000-0x00007FF7E8AF4000-memory.dmp

memory/4440-1086-0x00007FF667660000-0x00007FF6679B4000-memory.dmp

memory/3088-1085-0x00007FF686E80000-0x00007FF6871D4000-memory.dmp

memory/5020-1101-0x00007FF760320000-0x00007FF760674000-memory.dmp

memory/4924-1100-0x00007FF7FB090000-0x00007FF7FB3E4000-memory.dmp

memory/4176-1099-0x00007FF777780000-0x00007FF777AD4000-memory.dmp

memory/3632-1098-0x00007FF6B0C50000-0x00007FF6B0FA4000-memory.dmp