Malware Analysis Report

2024-10-10 09:17

Sample ID 240622-j9v6ga1hrc
Target 8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe
SHA256 8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b

Threat Level: Known bad

The file 8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

Xmrig family

Kpot family

XMRig Miner payload

xmrig

KPOT

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-22 08:22

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 08:22

Reported

2024-06-22 08:25

Platform

win7-20240611-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\qusLADe.exe N/A
N/A N/A C:\Windows\System\ZVLukmv.exe N/A
N/A N/A C:\Windows\System\iQLTSpR.exe N/A
N/A N/A C:\Windows\System\uwjQkyo.exe N/A
N/A N/A C:\Windows\System\QDEeiqu.exe N/A
N/A N/A C:\Windows\System\KaFtSvI.exe N/A
N/A N/A C:\Windows\System\liNoBUl.exe N/A
N/A N/A C:\Windows\System\rGimczR.exe N/A
N/A N/A C:\Windows\System\HNNvDUm.exe N/A
N/A N/A C:\Windows\System\VjoxVIU.exe N/A
N/A N/A C:\Windows\System\grLLzap.exe N/A
N/A N/A C:\Windows\System\gdXuKIG.exe N/A
N/A N/A C:\Windows\System\iNUFTNU.exe N/A
N/A N/A C:\Windows\System\UafzfNG.exe N/A
N/A N/A C:\Windows\System\RQeGaXv.exe N/A
N/A N/A C:\Windows\System\BbaPxUP.exe N/A
N/A N/A C:\Windows\System\kVENdvk.exe N/A
N/A N/A C:\Windows\System\lCWpqjJ.exe N/A
N/A N/A C:\Windows\System\vZNMTVm.exe N/A
N/A N/A C:\Windows\System\uaLnHSA.exe N/A
N/A N/A C:\Windows\System\yFAmGnH.exe N/A
N/A N/A C:\Windows\System\qWHcAMP.exe N/A
N/A N/A C:\Windows\System\XWiGXcN.exe N/A
N/A N/A C:\Windows\System\VAUSwsi.exe N/A
N/A N/A C:\Windows\System\fPDzcYK.exe N/A
N/A N/A C:\Windows\System\cgbPchm.exe N/A
N/A N/A C:\Windows\System\mgHOjWO.exe N/A
N/A N/A C:\Windows\System\UCFQgVS.exe N/A
N/A N/A C:\Windows\System\qHHpZtA.exe N/A
N/A N/A C:\Windows\System\diPxQEE.exe N/A
N/A N/A C:\Windows\System\XaeQELv.exe N/A
N/A N/A C:\Windows\System\vJwjXtg.exe N/A
N/A N/A C:\Windows\System\gEBrgiG.exe N/A
N/A N/A C:\Windows\System\zbrMSFJ.exe N/A
N/A N/A C:\Windows\System\ZfVemJW.exe N/A
N/A N/A C:\Windows\System\AUkbSgG.exe N/A
N/A N/A C:\Windows\System\ZhNlwvF.exe N/A
N/A N/A C:\Windows\System\abqEhIO.exe N/A
N/A N/A C:\Windows\System\AJUaoxs.exe N/A
N/A N/A C:\Windows\System\zGyFxIf.exe N/A
N/A N/A C:\Windows\System\muIpmDp.exe N/A
N/A N/A C:\Windows\System\JkXqQKC.exe N/A
N/A N/A C:\Windows\System\OPDkvoz.exe N/A
N/A N/A C:\Windows\System\jncubyN.exe N/A
N/A N/A C:\Windows\System\YWifEXs.exe N/A
N/A N/A C:\Windows\System\BRSYjLv.exe N/A
N/A N/A C:\Windows\System\hxHnwPW.exe N/A
N/A N/A C:\Windows\System\gCuZBWV.exe N/A
N/A N/A C:\Windows\System\eBLcnyp.exe N/A
N/A N/A C:\Windows\System\eEpyloP.exe N/A
N/A N/A C:\Windows\System\EtyOAec.exe N/A
N/A N/A C:\Windows\System\nDKIMHP.exe N/A
N/A N/A C:\Windows\System\hLLbyKh.exe N/A
N/A N/A C:\Windows\System\EVSuzdd.exe N/A
N/A N/A C:\Windows\System\lJqWZQk.exe N/A
N/A N/A C:\Windows\System\AvSWYTT.exe N/A
N/A N/A C:\Windows\System\qcQlcpR.exe N/A
N/A N/A C:\Windows\System\vzYDtgh.exe N/A
N/A N/A C:\Windows\System\ZyRRyll.exe N/A
N/A N/A C:\Windows\System\UAMobjN.exe N/A
N/A N/A C:\Windows\System\eqYRjfn.exe N/A
N/A N/A C:\Windows\System\gcIIpXA.exe N/A
N/A N/A C:\Windows\System\QyPwVgg.exe N/A
N/A N/A C:\Windows\System\ctVGaAo.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\BRSYjLv.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMakovg.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfQabEs.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRSBKNg.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KusESBH.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHYIFWP.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlyKabu.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkXqQKC.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJqWZQk.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxsZDwb.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ycudtsb.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\Fhsgqeb.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VJXtsVG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijLFPCU.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VdcsgCq.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhNlwvF.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMhVNmT.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OynMTrm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\NrkvIex.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BUiWtmT.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUGvBWJ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YXHPpCS.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\HrkKQRq.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHHpZtA.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFXiyLx.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IoAOWVh.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmLubgH.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXETAJg.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrPHOYb.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASqmFVT.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PWWKZnn.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePqTlhF.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCuZBWV.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qWHcAMP.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyzQIDD.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLFdoJr.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAayYRP.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qusLADe.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntDHOJF.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcXiyhw.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfpMMOW.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VAUSwsi.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdXuKIG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCMlTpB.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJRZeMx.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsrCEjr.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AeZyJqW.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaLnHSA.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBLcnyp.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyRRyll.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAZXtUV.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgHOjWO.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSNQynA.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\USVTeiH.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJoMguG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VcmncGs.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtOPnRG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJUaoxs.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\jHExDwG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYHdLkc.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwpgDbP.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MAmDeAe.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwjQkyo.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UafzfNG.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\qusLADe.exe
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\qusLADe.exe
PID 2912 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\qusLADe.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZVLukmv.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZVLukmv.exe
PID 2912 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZVLukmv.exe
PID 2912 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iQLTSpR.exe
PID 2912 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iQLTSpR.exe
PID 2912 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iQLTSpR.exe
PID 2912 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uwjQkyo.exe
PID 2912 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uwjQkyo.exe
PID 2912 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uwjQkyo.exe
PID 2912 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\QDEeiqu.exe
PID 2912 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\QDEeiqu.exe
PID 2912 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\QDEeiqu.exe
PID 2912 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\HNNvDUm.exe
PID 2912 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\HNNvDUm.exe
PID 2912 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\HNNvDUm.exe
PID 2912 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\KaFtSvI.exe
PID 2912 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\KaFtSvI.exe
PID 2912 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\KaFtSvI.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kVENdvk.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kVENdvk.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kVENdvk.exe
PID 2912 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\liNoBUl.exe
PID 2912 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\liNoBUl.exe
PID 2912 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\liNoBUl.exe
PID 2912 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\vZNMTVm.exe
PID 2912 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\vZNMTVm.exe
PID 2912 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\vZNMTVm.exe
PID 2912 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\rGimczR.exe
PID 2912 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\rGimczR.exe
PID 2912 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\rGimczR.exe
PID 2912 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uaLnHSA.exe
PID 2912 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uaLnHSA.exe
PID 2912 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uaLnHSA.exe
PID 2912 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VjoxVIU.exe
PID 2912 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VjoxVIU.exe
PID 2912 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VjoxVIU.exe
PID 2912 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\yFAmGnH.exe
PID 2912 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\yFAmGnH.exe
PID 2912 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\yFAmGnH.exe
PID 2912 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\grLLzap.exe
PID 2912 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\grLLzap.exe
PID 2912 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\grLLzap.exe
PID 2912 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VAUSwsi.exe
PID 2912 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VAUSwsi.exe
PID 2912 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\VAUSwsi.exe
PID 2912 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\gdXuKIG.exe
PID 2912 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\gdXuKIG.exe
PID 2912 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\gdXuKIG.exe
PID 2912 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\fPDzcYK.exe
PID 2912 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\fPDzcYK.exe
PID 2912 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\fPDzcYK.exe
PID 2912 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iNUFTNU.exe
PID 2912 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iNUFTNU.exe
PID 2912 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\iNUFTNU.exe
PID 2912 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\cgbPchm.exe
PID 2912 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\cgbPchm.exe
PID 2912 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\cgbPchm.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\UafzfNG.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\UafzfNG.exe
PID 2912 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\UafzfNG.exe
PID 2912 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\mgHOjWO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe"

C:\Windows\System\qusLADe.exe

C:\Windows\System\qusLADe.exe

C:\Windows\System\ZVLukmv.exe

C:\Windows\System\ZVLukmv.exe

C:\Windows\System\iQLTSpR.exe

C:\Windows\System\iQLTSpR.exe

C:\Windows\System\uwjQkyo.exe

C:\Windows\System\uwjQkyo.exe

C:\Windows\System\QDEeiqu.exe

C:\Windows\System\QDEeiqu.exe

C:\Windows\System\HNNvDUm.exe

C:\Windows\System\HNNvDUm.exe

C:\Windows\System\KaFtSvI.exe

C:\Windows\System\KaFtSvI.exe

C:\Windows\System\kVENdvk.exe

C:\Windows\System\kVENdvk.exe

C:\Windows\System\liNoBUl.exe

C:\Windows\System\liNoBUl.exe

C:\Windows\System\vZNMTVm.exe

C:\Windows\System\vZNMTVm.exe

C:\Windows\System\rGimczR.exe

C:\Windows\System\rGimczR.exe

C:\Windows\System\uaLnHSA.exe

C:\Windows\System\uaLnHSA.exe

C:\Windows\System\VjoxVIU.exe

C:\Windows\System\VjoxVIU.exe

C:\Windows\System\yFAmGnH.exe

C:\Windows\System\yFAmGnH.exe

C:\Windows\System\grLLzap.exe

C:\Windows\System\grLLzap.exe

C:\Windows\System\VAUSwsi.exe

C:\Windows\System\VAUSwsi.exe

C:\Windows\System\gdXuKIG.exe

C:\Windows\System\gdXuKIG.exe

C:\Windows\System\fPDzcYK.exe

C:\Windows\System\fPDzcYK.exe

C:\Windows\System\iNUFTNU.exe

C:\Windows\System\iNUFTNU.exe

C:\Windows\System\cgbPchm.exe

C:\Windows\System\cgbPchm.exe

C:\Windows\System\UafzfNG.exe

C:\Windows\System\UafzfNG.exe

C:\Windows\System\mgHOjWO.exe

C:\Windows\System\mgHOjWO.exe

C:\Windows\System\RQeGaXv.exe

C:\Windows\System\RQeGaXv.exe

C:\Windows\System\UCFQgVS.exe

C:\Windows\System\UCFQgVS.exe

C:\Windows\System\BbaPxUP.exe

C:\Windows\System\BbaPxUP.exe

C:\Windows\System\qHHpZtA.exe

C:\Windows\System\qHHpZtA.exe

C:\Windows\System\lCWpqjJ.exe

C:\Windows\System\lCWpqjJ.exe

C:\Windows\System\diPxQEE.exe

C:\Windows\System\diPxQEE.exe

C:\Windows\System\qWHcAMP.exe

C:\Windows\System\qWHcAMP.exe

C:\Windows\System\XaeQELv.exe

C:\Windows\System\XaeQELv.exe

C:\Windows\System\XWiGXcN.exe

C:\Windows\System\XWiGXcN.exe

C:\Windows\System\vJwjXtg.exe

C:\Windows\System\vJwjXtg.exe

C:\Windows\System\gEBrgiG.exe

C:\Windows\System\gEBrgiG.exe

C:\Windows\System\zbrMSFJ.exe

C:\Windows\System\zbrMSFJ.exe

C:\Windows\System\ZfVemJW.exe

C:\Windows\System\ZfVemJW.exe

C:\Windows\System\AUkbSgG.exe

C:\Windows\System\AUkbSgG.exe

C:\Windows\System\ZhNlwvF.exe

C:\Windows\System\ZhNlwvF.exe

C:\Windows\System\abqEhIO.exe

C:\Windows\System\abqEhIO.exe

C:\Windows\System\AJUaoxs.exe

C:\Windows\System\AJUaoxs.exe

C:\Windows\System\zGyFxIf.exe

C:\Windows\System\zGyFxIf.exe

C:\Windows\System\muIpmDp.exe

C:\Windows\System\muIpmDp.exe

C:\Windows\System\jncubyN.exe

C:\Windows\System\jncubyN.exe

C:\Windows\System\JkXqQKC.exe

C:\Windows\System\JkXqQKC.exe

C:\Windows\System\YWifEXs.exe

C:\Windows\System\YWifEXs.exe

C:\Windows\System\OPDkvoz.exe

C:\Windows\System\OPDkvoz.exe

C:\Windows\System\BRSYjLv.exe

C:\Windows\System\BRSYjLv.exe

C:\Windows\System\hxHnwPW.exe

C:\Windows\System\hxHnwPW.exe

C:\Windows\System\gCuZBWV.exe

C:\Windows\System\gCuZBWV.exe

C:\Windows\System\eBLcnyp.exe

C:\Windows\System\eBLcnyp.exe

C:\Windows\System\eEpyloP.exe

C:\Windows\System\eEpyloP.exe

C:\Windows\System\EtyOAec.exe

C:\Windows\System\EtyOAec.exe

C:\Windows\System\nDKIMHP.exe

C:\Windows\System\nDKIMHP.exe

C:\Windows\System\hLLbyKh.exe

C:\Windows\System\hLLbyKh.exe

C:\Windows\System\EVSuzdd.exe

C:\Windows\System\EVSuzdd.exe

C:\Windows\System\lJqWZQk.exe

C:\Windows\System\lJqWZQk.exe

C:\Windows\System\AvSWYTT.exe

C:\Windows\System\AvSWYTT.exe

C:\Windows\System\qcQlcpR.exe

C:\Windows\System\qcQlcpR.exe

C:\Windows\System\vzYDtgh.exe

C:\Windows\System\vzYDtgh.exe

C:\Windows\System\ZyRRyll.exe

C:\Windows\System\ZyRRyll.exe

C:\Windows\System\eqYRjfn.exe

C:\Windows\System\eqYRjfn.exe

C:\Windows\System\UAMobjN.exe

C:\Windows\System\UAMobjN.exe

C:\Windows\System\gcIIpXA.exe

C:\Windows\System\gcIIpXA.exe

C:\Windows\System\QyPwVgg.exe

C:\Windows\System\QyPwVgg.exe

C:\Windows\System\ctVGaAo.exe

C:\Windows\System\ctVGaAo.exe

C:\Windows\System\mcfkskx.exe

C:\Windows\System\mcfkskx.exe

C:\Windows\System\ioEikzd.exe

C:\Windows\System\ioEikzd.exe

C:\Windows\System\YGRlfKA.exe

C:\Windows\System\YGRlfKA.exe

C:\Windows\System\KstjvVN.exe

C:\Windows\System\KstjvVN.exe

C:\Windows\System\GBiPext.exe

C:\Windows\System\GBiPext.exe

C:\Windows\System\JnoDEoU.exe

C:\Windows\System\JnoDEoU.exe

C:\Windows\System\YXHPpCS.exe

C:\Windows\System\YXHPpCS.exe

C:\Windows\System\LxgfEex.exe

C:\Windows\System\LxgfEex.exe

C:\Windows\System\rRKgIbG.exe

C:\Windows\System\rRKgIbG.exe

C:\Windows\System\nWhpEpr.exe

C:\Windows\System\nWhpEpr.exe

C:\Windows\System\GFgZEfs.exe

C:\Windows\System\GFgZEfs.exe

C:\Windows\System\dScDjGZ.exe

C:\Windows\System\dScDjGZ.exe

C:\Windows\System\ntDHOJF.exe

C:\Windows\System\ntDHOJF.exe

C:\Windows\System\oLRIigG.exe

C:\Windows\System\oLRIigG.exe

C:\Windows\System\tjROrVL.exe

C:\Windows\System\tjROrVL.exe

C:\Windows\System\gMakovg.exe

C:\Windows\System\gMakovg.exe

C:\Windows\System\xxVdbmj.exe

C:\Windows\System\xxVdbmj.exe

C:\Windows\System\gLDfVAD.exe

C:\Windows\System\gLDfVAD.exe

C:\Windows\System\kNLpYLc.exe

C:\Windows\System\kNLpYLc.exe

C:\Windows\System\jwlVien.exe

C:\Windows\System\jwlVien.exe

C:\Windows\System\eYNbPSb.exe

C:\Windows\System\eYNbPSb.exe

C:\Windows\System\AMhVNmT.exe

C:\Windows\System\AMhVNmT.exe

C:\Windows\System\JkzkgvE.exe

C:\Windows\System\JkzkgvE.exe

C:\Windows\System\APoDtTx.exe

C:\Windows\System\APoDtTx.exe

C:\Windows\System\RhqeGVn.exe

C:\Windows\System\RhqeGVn.exe

C:\Windows\System\gJlkwVk.exe

C:\Windows\System\gJlkwVk.exe

C:\Windows\System\aXTylSU.exe

C:\Windows\System\aXTylSU.exe

C:\Windows\System\NBbsSqU.exe

C:\Windows\System\NBbsSqU.exe

C:\Windows\System\NVVCnDQ.exe

C:\Windows\System\NVVCnDQ.exe

C:\Windows\System\DqxBSCl.exe

C:\Windows\System\DqxBSCl.exe

C:\Windows\System\pklbQHl.exe

C:\Windows\System\pklbQHl.exe

C:\Windows\System\RkrYoDl.exe

C:\Windows\System\RkrYoDl.exe

C:\Windows\System\wgjWcuw.exe

C:\Windows\System\wgjWcuw.exe

C:\Windows\System\QpDDCyT.exe

C:\Windows\System\QpDDCyT.exe

C:\Windows\System\YYWjYmN.exe

C:\Windows\System\YYWjYmN.exe

C:\Windows\System\TSHoFie.exe

C:\Windows\System\TSHoFie.exe

C:\Windows\System\WQHTDge.exe

C:\Windows\System\WQHTDge.exe

C:\Windows\System\TTIvPjL.exe

C:\Windows\System\TTIvPjL.exe

C:\Windows\System\MCGJZJY.exe

C:\Windows\System\MCGJZJY.exe

C:\Windows\System\HqVLJff.exe

C:\Windows\System\HqVLJff.exe

C:\Windows\System\RFqlgUS.exe

C:\Windows\System\RFqlgUS.exe

C:\Windows\System\FxsZDwb.exe

C:\Windows\System\FxsZDwb.exe

C:\Windows\System\uMJvckX.exe

C:\Windows\System\uMJvckX.exe

C:\Windows\System\oeWEWQF.exe

C:\Windows\System\oeWEWQF.exe

C:\Windows\System\ZUddCIp.exe

C:\Windows\System\ZUddCIp.exe

C:\Windows\System\ASqmFVT.exe

C:\Windows\System\ASqmFVT.exe

C:\Windows\System\ycudtsb.exe

C:\Windows\System\ycudtsb.exe

C:\Windows\System\JDMcxcW.exe

C:\Windows\System\JDMcxcW.exe

C:\Windows\System\aLCBlvx.exe

C:\Windows\System\aLCBlvx.exe

C:\Windows\System\cfQabEs.exe

C:\Windows\System\cfQabEs.exe

C:\Windows\System\mcXiyhw.exe

C:\Windows\System\mcXiyhw.exe

C:\Windows\System\dlONuTX.exe

C:\Windows\System\dlONuTX.exe

C:\Windows\System\ZRSBKNg.exe

C:\Windows\System\ZRSBKNg.exe

C:\Windows\System\KPaTpMw.exe

C:\Windows\System\KPaTpMw.exe

C:\Windows\System\GCfUcuX.exe

C:\Windows\System\GCfUcuX.exe

C:\Windows\System\dHrwWBq.exe

C:\Windows\System\dHrwWBq.exe

C:\Windows\System\zWcgPXq.exe

C:\Windows\System\zWcgPXq.exe

C:\Windows\System\vyzQIDD.exe

C:\Windows\System\vyzQIDD.exe

C:\Windows\System\kUbAALO.exe

C:\Windows\System\kUbAALO.exe

C:\Windows\System\sSsqjWv.exe

C:\Windows\System\sSsqjWv.exe

C:\Windows\System\kCNaDCm.exe

C:\Windows\System\kCNaDCm.exe

C:\Windows\System\dRXOlvz.exe

C:\Windows\System\dRXOlvz.exe

C:\Windows\System\Jzoooig.exe

C:\Windows\System\Jzoooig.exe

C:\Windows\System\VlRpebm.exe

C:\Windows\System\VlRpebm.exe

C:\Windows\System\uKXKYYh.exe

C:\Windows\System\uKXKYYh.exe

C:\Windows\System\jJjUGkz.exe

C:\Windows\System\jJjUGkz.exe

C:\Windows\System\PZByzfH.exe

C:\Windows\System\PZByzfH.exe

C:\Windows\System\QgmmrmY.exe

C:\Windows\System\QgmmrmY.exe

C:\Windows\System\dhUzUQs.exe

C:\Windows\System\dhUzUQs.exe

C:\Windows\System\Fhsgqeb.exe

C:\Windows\System\Fhsgqeb.exe

C:\Windows\System\BVFblLe.exe

C:\Windows\System\BVFblLe.exe

C:\Windows\System\EsCtyFx.exe

C:\Windows\System\EsCtyFx.exe

C:\Windows\System\sUPdcBk.exe

C:\Windows\System\sUPdcBk.exe

C:\Windows\System\DJyWsmD.exe

C:\Windows\System\DJyWsmD.exe

C:\Windows\System\OynMTrm.exe

C:\Windows\System\OynMTrm.exe

C:\Windows\System\STlRDBL.exe

C:\Windows\System\STlRDBL.exe

C:\Windows\System\KusESBH.exe

C:\Windows\System\KusESBH.exe

C:\Windows\System\pUFLqjS.exe

C:\Windows\System\pUFLqjS.exe

C:\Windows\System\RTTvEGf.exe

C:\Windows\System\RTTvEGf.exe

C:\Windows\System\XOxpHLO.exe

C:\Windows\System\XOxpHLO.exe

C:\Windows\System\VJXtsVG.exe

C:\Windows\System\VJXtsVG.exe

C:\Windows\System\KMsikAk.exe

C:\Windows\System\KMsikAk.exe

C:\Windows\System\ijLFPCU.exe

C:\Windows\System\ijLFPCU.exe

C:\Windows\System\IwGlwaC.exe

C:\Windows\System\IwGlwaC.exe

C:\Windows\System\ZHGrOzP.exe

C:\Windows\System\ZHGrOzP.exe

C:\Windows\System\xoCAkBZ.exe

C:\Windows\System\xoCAkBZ.exe

C:\Windows\System\cVYTKNM.exe

C:\Windows\System\cVYTKNM.exe

C:\Windows\System\GWQlYdZ.exe

C:\Windows\System\GWQlYdZ.exe

C:\Windows\System\bzCDsMB.exe

C:\Windows\System\bzCDsMB.exe

C:\Windows\System\eiOrjaE.exe

C:\Windows\System\eiOrjaE.exe

C:\Windows\System\kFWaaGu.exe

C:\Windows\System\kFWaaGu.exe

C:\Windows\System\HgWRpqR.exe

C:\Windows\System\HgWRpqR.exe

C:\Windows\System\FtEgZyg.exe

C:\Windows\System\FtEgZyg.exe

C:\Windows\System\NrkvIex.exe

C:\Windows\System\NrkvIex.exe

C:\Windows\System\NCYqHcw.exe

C:\Windows\System\NCYqHcw.exe

C:\Windows\System\ZCMlTpB.exe

C:\Windows\System\ZCMlTpB.exe

C:\Windows\System\bFsPQpj.exe

C:\Windows\System\bFsPQpj.exe

C:\Windows\System\tJRZeMx.exe

C:\Windows\System\tJRZeMx.exe

C:\Windows\System\rSNQynA.exe

C:\Windows\System\rSNQynA.exe

C:\Windows\System\BUiWtmT.exe

C:\Windows\System\BUiWtmT.exe

C:\Windows\System\fRSpkUj.exe

C:\Windows\System\fRSpkUj.exe

C:\Windows\System\XMJnBst.exe

C:\Windows\System\XMJnBst.exe

C:\Windows\System\iYntXfs.exe

C:\Windows\System\iYntXfs.exe

C:\Windows\System\bTKEoij.exe

C:\Windows\System\bTKEoij.exe

C:\Windows\System\bkHvSKh.exe

C:\Windows\System\bkHvSKh.exe

C:\Windows\System\bNuXqDd.exe

C:\Windows\System\bNuXqDd.exe

C:\Windows\System\USVTeiH.exe

C:\Windows\System\USVTeiH.exe

C:\Windows\System\yPjOsko.exe

C:\Windows\System\yPjOsko.exe

C:\Windows\System\oHxibIq.exe

C:\Windows\System\oHxibIq.exe

C:\Windows\System\uEiioJM.exe

C:\Windows\System\uEiioJM.exe

C:\Windows\System\aOWImsi.exe

C:\Windows\System\aOWImsi.exe

C:\Windows\System\mONPLGi.exe

C:\Windows\System\mONPLGi.exe

C:\Windows\System\qWekGau.exe

C:\Windows\System\qWekGau.exe

C:\Windows\System\CrENcIQ.exe

C:\Windows\System\CrENcIQ.exe

C:\Windows\System\wdmSvjI.exe

C:\Windows\System\wdmSvjI.exe

C:\Windows\System\VvtExWV.exe

C:\Windows\System\VvtExWV.exe

C:\Windows\System\veneknC.exe

C:\Windows\System\veneknC.exe

C:\Windows\System\ylJpJWp.exe

C:\Windows\System\ylJpJWp.exe

C:\Windows\System\GWbnxlD.exe

C:\Windows\System\GWbnxlD.exe

C:\Windows\System\DFXiyLx.exe

C:\Windows\System\DFXiyLx.exe

C:\Windows\System\GUExPjs.exe

C:\Windows\System\GUExPjs.exe

C:\Windows\System\kgtYVdZ.exe

C:\Windows\System\kgtYVdZ.exe

C:\Windows\System\RbTylVe.exe

C:\Windows\System\RbTylVe.exe

C:\Windows\System\IhTLMPy.exe

C:\Windows\System\IhTLMPy.exe

C:\Windows\System\AerviaO.exe

C:\Windows\System\AerviaO.exe

C:\Windows\System\UGWpWZU.exe

C:\Windows\System\UGWpWZU.exe

C:\Windows\System\BrVVKGx.exe

C:\Windows\System\BrVVKGx.exe

C:\Windows\System\noHcAPw.exe

C:\Windows\System\noHcAPw.exe

C:\Windows\System\YtiJZFr.exe

C:\Windows\System\YtiJZFr.exe

C:\Windows\System\IoAOWVh.exe

C:\Windows\System\IoAOWVh.exe

C:\Windows\System\LbmOdJu.exe

C:\Windows\System\LbmOdJu.exe

C:\Windows\System\FtzWbVM.exe

C:\Windows\System\FtzWbVM.exe

C:\Windows\System\ITdqgSS.exe

C:\Windows\System\ITdqgSS.exe

C:\Windows\System\kDXqcKI.exe

C:\Windows\System\kDXqcKI.exe

C:\Windows\System\drKzBuf.exe

C:\Windows\System\drKzBuf.exe

C:\Windows\System\JsqpSEd.exe

C:\Windows\System\JsqpSEd.exe

C:\Windows\System\PTcXgwI.exe

C:\Windows\System\PTcXgwI.exe

C:\Windows\System\kiMOqnT.exe

C:\Windows\System\kiMOqnT.exe

C:\Windows\System\iZMBhnZ.exe

C:\Windows\System\iZMBhnZ.exe

C:\Windows\System\dfpMMOW.exe

C:\Windows\System\dfpMMOW.exe

C:\Windows\System\NsrrtGQ.exe

C:\Windows\System\NsrrtGQ.exe

C:\Windows\System\oeZrHUI.exe

C:\Windows\System\oeZrHUI.exe

C:\Windows\System\MIEgels.exe

C:\Windows\System\MIEgels.exe

C:\Windows\System\DCjJofM.exe

C:\Windows\System\DCjJofM.exe

C:\Windows\System\siEHTwa.exe

C:\Windows\System\siEHTwa.exe

C:\Windows\System\FcXlXkN.exe

C:\Windows\System\FcXlXkN.exe

C:\Windows\System\IIVoRor.exe

C:\Windows\System\IIVoRor.exe

C:\Windows\System\EsrCEjr.exe

C:\Windows\System\EsrCEjr.exe

C:\Windows\System\BRPKvLQ.exe

C:\Windows\System\BRPKvLQ.exe

C:\Windows\System\pFHFQts.exe

C:\Windows\System\pFHFQts.exe

C:\Windows\System\huYTMid.exe

C:\Windows\System\huYTMid.exe

C:\Windows\System\QvinGXY.exe

C:\Windows\System\QvinGXY.exe

C:\Windows\System\ctiYqVI.exe

C:\Windows\System\ctiYqVI.exe

C:\Windows\System\RUEsYGU.exe

C:\Windows\System\RUEsYGU.exe

C:\Windows\System\Ceaamjh.exe

C:\Windows\System\Ceaamjh.exe

C:\Windows\System\FcmsYks.exe

C:\Windows\System\FcmsYks.exe

C:\Windows\System\xdCtJmQ.exe

C:\Windows\System\xdCtJmQ.exe

C:\Windows\System\KEbHDZi.exe

C:\Windows\System\KEbHDZi.exe

C:\Windows\System\BdPOmEf.exe

C:\Windows\System\BdPOmEf.exe

C:\Windows\System\ltjVVvg.exe

C:\Windows\System\ltjVVvg.exe

C:\Windows\System\IpptuRc.exe

C:\Windows\System\IpptuRc.exe

C:\Windows\System\HrkKQRq.exe

C:\Windows\System\HrkKQRq.exe

C:\Windows\System\jbtYhIO.exe

C:\Windows\System\jbtYhIO.exe

C:\Windows\System\JmNNlku.exe

C:\Windows\System\JmNNlku.exe

C:\Windows\System\tsIaUFj.exe

C:\Windows\System\tsIaUFj.exe

C:\Windows\System\pUurMDt.exe

C:\Windows\System\pUurMDt.exe

C:\Windows\System\rugWSPz.exe

C:\Windows\System\rugWSPz.exe

C:\Windows\System\MjBYqFH.exe

C:\Windows\System\MjBYqFH.exe

C:\Windows\System\rYzNQXG.exe

C:\Windows\System\rYzNQXG.exe

C:\Windows\System\CLFdoJr.exe

C:\Windows\System\CLFdoJr.exe

C:\Windows\System\XmLubgH.exe

C:\Windows\System\XmLubgH.exe

C:\Windows\System\DHfiUml.exe

C:\Windows\System\DHfiUml.exe

C:\Windows\System\DZHJLBv.exe

C:\Windows\System\DZHJLBv.exe

C:\Windows\System\XGxbTDr.exe

C:\Windows\System\XGxbTDr.exe

C:\Windows\System\MJoMguG.exe

C:\Windows\System\MJoMguG.exe

C:\Windows\System\gffpXwx.exe

C:\Windows\System\gffpXwx.exe

C:\Windows\System\wgpcRza.exe

C:\Windows\System\wgpcRza.exe

C:\Windows\System\BWyPAoB.exe

C:\Windows\System\BWyPAoB.exe

C:\Windows\System\PkDQuJv.exe

C:\Windows\System\PkDQuJv.exe

C:\Windows\System\QxIzxyM.exe

C:\Windows\System\QxIzxyM.exe

C:\Windows\System\VcmncGs.exe

C:\Windows\System\VcmncGs.exe

C:\Windows\System\VHYIFWP.exe

C:\Windows\System\VHYIFWP.exe

C:\Windows\System\hjjIGDR.exe

C:\Windows\System\hjjIGDR.exe

C:\Windows\System\hhsvFpY.exe

C:\Windows\System\hhsvFpY.exe

C:\Windows\System\QXETAJg.exe

C:\Windows\System\QXETAJg.exe

C:\Windows\System\xrPHOYb.exe

C:\Windows\System\xrPHOYb.exe

C:\Windows\System\RJEnRfW.exe

C:\Windows\System\RJEnRfW.exe

C:\Windows\System\aJeONil.exe

C:\Windows\System\aJeONil.exe

C:\Windows\System\xkDEwim.exe

C:\Windows\System\xkDEwim.exe

C:\Windows\System\jHExDwG.exe

C:\Windows\System\jHExDwG.exe

C:\Windows\System\wMmQFRf.exe

C:\Windows\System\wMmQFRf.exe

C:\Windows\System\dVrlhvi.exe

C:\Windows\System\dVrlhvi.exe

C:\Windows\System\QzFGbBS.exe

C:\Windows\System\QzFGbBS.exe

C:\Windows\System\mlyKabu.exe

C:\Windows\System\mlyKabu.exe

C:\Windows\System\zntRmCQ.exe

C:\Windows\System\zntRmCQ.exe

C:\Windows\System\VdcsgCq.exe

C:\Windows\System\VdcsgCq.exe

C:\Windows\System\MDjlUBE.exe

C:\Windows\System\MDjlUBE.exe

C:\Windows\System\aNBKLsL.exe

C:\Windows\System\aNBKLsL.exe

C:\Windows\System\zFrRunK.exe

C:\Windows\System\zFrRunK.exe

C:\Windows\System\OPzZMPN.exe

C:\Windows\System\OPzZMPN.exe

C:\Windows\System\AeZyJqW.exe

C:\Windows\System\AeZyJqW.exe

C:\Windows\System\KhNUHzm.exe

C:\Windows\System\KhNUHzm.exe

C:\Windows\System\PWWKZnn.exe

C:\Windows\System\PWWKZnn.exe

C:\Windows\System\kjlgegE.exe

C:\Windows\System\kjlgegE.exe

C:\Windows\System\dpAzCqg.exe

C:\Windows\System\dpAzCqg.exe

C:\Windows\System\WMgUIns.exe

C:\Windows\System\WMgUIns.exe

C:\Windows\System\RIMPpaL.exe

C:\Windows\System\RIMPpaL.exe

C:\Windows\System\LQphkfd.exe

C:\Windows\System\LQphkfd.exe

C:\Windows\System\pywtJAs.exe

C:\Windows\System\pywtJAs.exe

C:\Windows\System\kZEKExp.exe

C:\Windows\System\kZEKExp.exe

C:\Windows\System\EuVimqf.exe

C:\Windows\System\EuVimqf.exe

C:\Windows\System\SJvfQbd.exe

C:\Windows\System\SJvfQbd.exe

C:\Windows\System\ZYHdLkc.exe

C:\Windows\System\ZYHdLkc.exe

C:\Windows\System\HFTjQgB.exe

C:\Windows\System\HFTjQgB.exe

C:\Windows\System\hPsUcEP.exe

C:\Windows\System\hPsUcEP.exe

C:\Windows\System\XTWDOdu.exe

C:\Windows\System\XTWDOdu.exe

C:\Windows\System\LAZXtUV.exe

C:\Windows\System\LAZXtUV.exe

C:\Windows\System\pdzJPTn.exe

C:\Windows\System\pdzJPTn.exe

C:\Windows\System\StoEZzX.exe

C:\Windows\System\StoEZzX.exe

C:\Windows\System\NHozkUd.exe

C:\Windows\System\NHozkUd.exe

C:\Windows\System\imdIAND.exe

C:\Windows\System\imdIAND.exe

C:\Windows\System\GJRzqWK.exe

C:\Windows\System\GJRzqWK.exe

C:\Windows\System\fUGvBWJ.exe

C:\Windows\System\fUGvBWJ.exe

C:\Windows\System\FHvgGxQ.exe

C:\Windows\System\FHvgGxQ.exe

C:\Windows\System\wiyYAYm.exe

C:\Windows\System\wiyYAYm.exe

C:\Windows\System\tDpyALj.exe

C:\Windows\System\tDpyALj.exe

C:\Windows\System\nyTSsag.exe

C:\Windows\System\nyTSsag.exe

C:\Windows\System\pVgRmkv.exe

C:\Windows\System\pVgRmkv.exe

C:\Windows\System\ftayLeH.exe

C:\Windows\System\ftayLeH.exe

C:\Windows\System\WsWRboC.exe

C:\Windows\System\WsWRboC.exe

C:\Windows\System\mMddidO.exe

C:\Windows\System\mMddidO.exe

C:\Windows\System\WhtTmVf.exe

C:\Windows\System\WhtTmVf.exe

C:\Windows\System\mvQNbNQ.exe

C:\Windows\System\mvQNbNQ.exe

C:\Windows\System\qPChEos.exe

C:\Windows\System\qPChEos.exe

C:\Windows\System\qdGVyGj.exe

C:\Windows\System\qdGVyGj.exe

C:\Windows\System\HAayYRP.exe

C:\Windows\System\HAayYRP.exe

C:\Windows\System\khiIyyU.exe

C:\Windows\System\khiIyyU.exe

C:\Windows\System\uwpgDbP.exe

C:\Windows\System\uwpgDbP.exe

C:\Windows\System\MHPhjzo.exe

C:\Windows\System\MHPhjzo.exe

C:\Windows\System\riOJSeY.exe

C:\Windows\System\riOJSeY.exe

C:\Windows\System\EnDNESu.exe

C:\Windows\System\EnDNESu.exe

C:\Windows\System\dmdwqVZ.exe

C:\Windows\System\dmdwqVZ.exe

C:\Windows\System\rJmOIYS.exe

C:\Windows\System\rJmOIYS.exe

C:\Windows\System\ePqTlhF.exe

C:\Windows\System\ePqTlhF.exe

C:\Windows\System\LtOPnRG.exe

C:\Windows\System\LtOPnRG.exe

C:\Windows\System\zeixBMD.exe

C:\Windows\System\zeixBMD.exe

C:\Windows\System\ugHSHuY.exe

C:\Windows\System\ugHSHuY.exe

C:\Windows\System\sjKbDvi.exe

C:\Windows\System\sjKbDvi.exe

C:\Windows\System\VRfWiKy.exe

C:\Windows\System\VRfWiKy.exe

C:\Windows\System\TtgBJjk.exe

C:\Windows\System\TtgBJjk.exe

C:\Windows\System\PdPPThe.exe

C:\Windows\System\PdPPThe.exe

C:\Windows\System\MkNaXLf.exe

C:\Windows\System\MkNaXLf.exe

C:\Windows\System\CZJrgVh.exe

C:\Windows\System\CZJrgVh.exe

C:\Windows\System\jseetua.exe

C:\Windows\System\jseetua.exe

C:\Windows\System\VFinZKo.exe

C:\Windows\System\VFinZKo.exe

C:\Windows\System\UUzydAL.exe

C:\Windows\System\UUzydAL.exe

C:\Windows\System\YWHHxbH.exe

C:\Windows\System\YWHHxbH.exe

C:\Windows\System\lwOGYAf.exe

C:\Windows\System\lwOGYAf.exe

C:\Windows\System\MAmDeAe.exe

C:\Windows\System\MAmDeAe.exe

C:\Windows\System\Atsvhap.exe

C:\Windows\System\Atsvhap.exe

C:\Windows\System\FmCiNoi.exe

C:\Windows\System\FmCiNoi.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2912-0-0x000000013F1C0000-0x000000013F511000-memory.dmp

memory/2912-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\qusLADe.exe

MD5 65c74530e8cbc9f772a3522bac35528a
SHA1 15b2a24c8f26c6e35d4802d84e86308a47c40833
SHA256 5488fc73747a0dddb43dc5ccd383e528bedf98cd3030701d0b29c8238919f122
SHA512 3608cd082dab75a02d321d6d0eab48a1fd044879d27e8ac1035eeec10bbf2547cedd9f8c0d77ea08317197975b7ef037fa17cbf11e037f9120c01bb31925b137

memory/2912-6-0x0000000001E30000-0x0000000002181000-memory.dmp

\Windows\system\ZVLukmv.exe

MD5 e5c2745b6543c7cde8ad606fba934276
SHA1 586b46bb3ea955ccaefa3e2dd96558e938fa8282
SHA256 818b6d9e9f4f7c29e5e08f956a15be7e67e35185ec362a93339c261fc955cb15
SHA512 bed661fbdcd8eb8ca15c726a351b4dc9db5bc6f28dccc03531f2464a4b4ce64cfc8795450e7a36e01516935640d25c8b6bf0a84dd422f8f40447f0c064b2b789

memory/1944-12-0x000000013F130000-0x000000013F481000-memory.dmp

memory/1920-16-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

memory/2912-14-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

C:\Windows\system\iQLTSpR.exe

MD5 d4758438f3abe6eaf445b7964218c6d6
SHA1 0f4c4488bf601ff7fc47a93e47ea6aea3786c30f
SHA256 78d8a66824aa135acfe37cc61c76d519209d99007f2003d76de8b2e5d744b7a2
SHA512 8385249318b77e6e52aa0ac123ae10641ce96776362e1435fdc1cf313573dfbc5e08f3f2eaaf1c925ad2e99961be004778a7558748462f675d3f671737e17110

memory/2960-23-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2912-22-0x000000013FA00000-0x000000013FD51000-memory.dmp

\Windows\system\uwjQkyo.exe

MD5 b88195b64844493f6aff677e714970ae
SHA1 602878cfee3f9e0bea0258c8300031cb8c661839
SHA256 91ea1234954232fb0863417549b963bea2ad800f0a6ff740b48ab4484b5fba42
SHA512 ac4555f29a6b28c09f7c6457b2b2afcbf6b0239ef7843eb8e1e9ba47b7ad353d357b36179c1dde8597a660f3403a244aab930c5e5aa459c3a7a14eb58a12178a

memory/2912-29-0x000000013FC10000-0x000000013FF61000-memory.dmp

memory/2912-32-0x000000013FEB0000-0x0000000140201000-memory.dmp

memory/2708-30-0x000000013FC10000-0x000000013FF61000-memory.dmp

\Windows\system\QDEeiqu.exe

MD5 3133a8297ba7cef516760f555416b302
SHA1 34293f3aa3748c8edec21e56ad7f1524e0fa6683
SHA256 cac1c0eba5ed5be10e36c0078a4a68af2229f949568079ef86f6988ff79a3dbd
SHA512 2da942b2cbaff64c5d9c80defda014dde34690f33134c691aa851cb8b2d46d53ee172006e0913270db06d2e41242976fd8b0a0b54b9bbb99f5a437c38cddd5ef

\Windows\system\yFAmGnH.exe

MD5 7ad40fe88146a4c44be79dcba2943133
SHA1 9b888b299b7c53452bff72f9dd3502e41bf76f66
SHA256 e72d53e891656eecc9bfd71c32818517c43950840b909ef1645b26dbd6b57817
SHA512 7f6b19c4e741befba83483f80069622e30abe25d51ad7876ce003f37da08c1b4854232cc9766e8755e531a1c60bec21928b9cb6a4ca8fad83ad8d90fec43d31d

C:\Windows\system\cgbPchm.exe

MD5 3a6daa5d7551f0aed9f8000f65ff6a8b
SHA1 7783b8fc511bde8b25780d6bc5bc9851e98ed664
SHA256 b3e09ff13e319cce9783c81a2430f4b1527df9d021198f95819b087bc4bd714c
SHA512 d08c6dee01ca8746ddc5f52743b0aa1e23c19f156ae84d3bd1b999aee0f8390bd54b83a59ddf16e3797c8d458963abb5155584fe1ccddf29ee3b3e34b82f4a67

memory/1920-702-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

C:\Windows\system\vJwjXtg.exe

MD5 0177b614be5629735806525bb969d546
SHA1 7de0b0d265ebfbc1bce4256637e4089d612d560b
SHA256 daebcb078e5552a754b0a72c4a99f43957d2c1c9eb6970a71c598e87796d0fa8
SHA512 a709da2b43a845552ad0dd286101b8ea469261b01fa8e4d025a06aa892dfbb718347095c3782a25fcecf3dc9e9775be8853c0469f5124a434b0ed604b3138ee1

C:\Windows\system\XaeQELv.exe

MD5 039ecfdc72ba8337eb170fd46f6fa619
SHA1 93f141d3b6f7a85e74fe273db61c843c18374371
SHA256 c6b08697e473087e0571991afd6ef0eab5001af8af7857d0c59e0dd6158c7d19
SHA512 7270fc979607b78d2fbabf0db9353ef1943271f65a8297931942314e0f3118d482d8acca2b9db2b624f8273cacc9b7e4952acffc27f1e04eba8b25d981705750

C:\Windows\system\diPxQEE.exe

MD5 4d5df2b7e29d6358e7a5b248a5915731
SHA1 e05baa1b7702050ec416b67e8a708274f982ca93
SHA256 7a6276f6aee7f3668000069904644d387578fec2c7a30f6221272f238d138520
SHA512 725f63b8ac7be9632a78fb39514e3b0c41f1048e35fc1af388c7f8fa81ab710554e6b887e60ae1e0a48ed4e46032e35e68a84272d3ee86a3cf65b998ae007edf

C:\Windows\system\qHHpZtA.exe

MD5 224413b05371267157a00d3bf68ebb67
SHA1 271c35015131b066b442d2575060bb022594eee3
SHA256 ef5f475fb4e33af9865791f3fbd6bf329e19c3056bd050fa590382914a8e953f
SHA512 5a3d486f1aee9a0bf63e7eaee7231401edede5597289ae4b1c9e86ad8300b5d3f93d77837af143ea303beea3888c73242bd10ae60b7217a4f25a7a7f3ac7ad5e

C:\Windows\system\UCFQgVS.exe

MD5 d0a90063edc5ac469466204c32c44a6f
SHA1 438f8305fdb729271aea8531a3a24172b723a853
SHA256 fac036f8ca7df64c5bec3613f65acbfdce0e0761a9798204976e34ae151cc6b3
SHA512 6e5c76e00139e466f52f11538c4ad054172e061eee43ba86d6fc713718b1a4fc5599bd5ef04653e146cfb7ac139afd5252af707b2f08e208505a5d02429b829a

C:\Windows\system\mgHOjWO.exe

MD5 45d1a2b353efac298a78002fa2969ac9
SHA1 2403c98f61fab9d953243bee9d3e71bc9ad334d0
SHA256 51eed93ac4867e84fe2d20d35b4cb4cf6ee3daac7aebd4e7b99831fcf146bc16
SHA512 55c2acca717e1a01b107ab78496ab87619927b0751d210fcde7edbed890819314205d5cff63f76825b9a6e9c3c0d3ef2a20141495095038d287fb2fb9012476a

C:\Windows\system\fPDzcYK.exe

MD5 596f7748678266568a3bdb131ddcae4b
SHA1 05fa65fd0aa98a6989a47f75705f1bdd85efa821
SHA256 7eb9eecb4c82b5d1b976b5bd9ee92249522a0f8159fa602063b47741faf435ed
SHA512 01a630f65f73886f6f0d42d9d7490122508b44606c022853ffa73af587573b95b0952ef5f56f25c1e91ca6e52f803a47d0ac06286f2999654fb522a77785cf58

C:\Windows\system\VAUSwsi.exe

MD5 09908a4070bd2a6612c273698d5d201f
SHA1 ceebb53f9728f09329ce8f5673a49857fda949d1
SHA256 0ce1e236da473fa02b98991cb20133807a2b112e37a63c9797892087bf42d063
SHA512 e19d435e10dd48bdfa15171ace94e6badf03ce9640f3b88cd913a81830dd5455c034db97a65c0cee9433c6759d291ba26f82412a7f93495b5286f9d7033f6f7e

C:\Windows\system\kVENdvk.exe

MD5 71b9536fb5e74e14c8ee676b2775aa8c
SHA1 14b94acd25e80d1beba2650f42e285f66bc63bac
SHA256 4e3a4e320b21c157e6b948a19b693b1a0ff0e11857598bacc78103046136d7d6
SHA512 0f6e55e16370dedf989f66f09217935d1df99d52f0c703f0a4fe63645972f6ef9bd910fab9faad7bc1b616da11b3b1fc7be6229a3effbc4696741595e2a7e789

memory/1864-117-0x000000013F740000-0x000000013FA91000-memory.dmp

C:\Windows\system\UafzfNG.exe

MD5 bc3838405f8488662ecb6334c928ead8
SHA1 128d7478830a729c1de81a0a7efb2ccaf21c648f
SHA256 999e6866f3a0d1f82983ddcdc0aa753f8b60b4cc46e2e2f9bc739b3137da27fc
SHA512 90d61a3b63a73c200f4c37212852dd75ed3c17b975ec166c4b30cf75c66b8e27262e57dbcee589d85e555ab43d5e4ee587a1786b2ed8585d93e64555338c1c0a

memory/2912-109-0x0000000001E30000-0x0000000002181000-memory.dmp

C:\Windows\system\iNUFTNU.exe

MD5 1ceefeb7b97442ca567376f15396e160
SHA1 4c1ffb4facd264edd2b989d0682c301b478247aa
SHA256 b6bb6cda5a25d515370fd22cc2471606fd29b98cd3422562b109b024ababb3a4
SHA512 09ab2064bd7b7a82b83fc842b10b9daeb173417f9e27f7128f486fa9138f7cf07376837ec3dbfc32cb163b16c8cf9cb828a3d33325874dbb63b8ab0e8c9af108

memory/2520-93-0x000000013F440000-0x000000013F791000-memory.dmp

memory/2112-92-0x000000013FB30000-0x000000013FE81000-memory.dmp

memory/2548-91-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/2912-90-0x000000013F5B0000-0x000000013F901000-memory.dmp

memory/2692-89-0x000000013FA90000-0x000000013FDE1000-memory.dmp

memory/2912-88-0x000000013FB30000-0x000000013FE81000-memory.dmp

memory/2912-87-0x0000000001E30000-0x0000000002181000-memory.dmp

C:\Windows\system\grLLzap.exe

MD5 ff74382999657a9946d2375217bb8660
SHA1 35d5238277739dbbfaee8114b16272b02eda2758
SHA256 1eab563ac7add2849639a7f896989056515cae6c74686f71f6e77089e336237e
SHA512 4a34b00335f8b96f574eba4e315e9c65ffc2150b755cc83e826831d3ddd59e80ca788b210866e24019d08410bf27b3d63228762d41ef95dcffa046ac118bee50

C:\Windows\system\VjoxVIU.exe

MD5 e1c0167368e1dc2b552de87573b72b01
SHA1 e21629ee090dda74ad59e0173b2109735648e21a
SHA256 c8d96c8db3e46bc0bf92af11d8c375632e2995d264986f78841dc85556058df7
SHA512 9d3739db920384a208e67daded3ca258dd42613e546e1769797ea8b6f90ba2815aac64e0925fe4a24f9096f5f353626afcd81997b706ac2356fa61b9c0c52897

\Windows\system\uaLnHSA.exe

MD5 fc4fd79f4c65274eb9781f8348ec31e6
SHA1 32ef8a805f6ba5432778e74a3ca0164a850ab059
SHA256 f069a359dad9da6832b5d24b98d73e3dc53a744c25532e59b4fd35d1fae929f0
SHA512 ecbb945198bb330c66690310b3b9373ebbe2ae516061fed46a5a0eb841079c912b3095b7d7df15c7f94a91a93e79851edebd4f7199aad2712e4f5c93ea12bd11

memory/2328-58-0x000000013FC90000-0x000000013FFE1000-memory.dmp

\Windows\system\vZNMTVm.exe

MD5 5913617ef65da043d1941e9083d126bb
SHA1 569349384cbd1dcf68652561b37b565f7129663d
SHA256 628d767de56b9b4f23ae18dfeae8f76bf3948172a562bacdb291992e7ac9b930
SHA512 b61c614dfa0784ee54ac8f03734309ac48150e1a4f67590124807c14034c496706cc15c57fe166fd62f6ca869345163914e024cef0f38a01ec47075fc84d78c9

memory/2912-49-0x000000013FC90000-0x000000013FFE1000-memory.dmp

C:\Windows\system\XWiGXcN.exe

MD5 3ad6b88a8ecfb2f063a1b955085dc369
SHA1 12bd6921806ab90b8a84744b876ee855dcbf95ea
SHA256 99369958cea5578966e52b4641b344aefce239c594f6bb195169356d4a8fdf3e
SHA512 e7772e03f38d21ce0f85a337539df059a0392b633c3f432a09fe680f8359f86fd58d3ee513c9a9afa67d7fa37f29e484b38c453c555064b09d20195a9e80df13

C:\Windows\system\qWHcAMP.exe

MD5 512b8af63701372986ed8d3da2c41239
SHA1 a0eb0f0fff92ae471316386edd9038e48a09aef1
SHA256 90e5050cd00817c75faa8a26b75c6da3380bd9aaf0f4e7325c335c7c1a2d2538
SHA512 dfc6cb8b4c486bd295f3f6178441429e63ec4b4df11cabba5af971db0bcd2c411ef5a822a6875329f93385db02dabc189d775aa0b7ad25a540d279268772cab6

C:\Windows\system\lCWpqjJ.exe

MD5 9a5b6200625c743532c35ebb0d468c95
SHA1 c7fceed60449d66b1426f40c38b4dcabdf4e9abd
SHA256 43eafff666f15f24a79fbef4fda28063cb6694dca2c9b5d98749f6908778693f
SHA512 48f2de66169163abe0edaca67f2d37f8e00bf60ca9cd2324b97441be8940f58857b8e6bb4ac613bc446472cdd8421eef437486b4bd3de6d19d91a10995515ec8

C:\Windows\system\BbaPxUP.exe

MD5 226aaa051949dbe0dd1918228982d2bf
SHA1 a9907caf257eaa926132329150bfc9b5f611b2ae
SHA256 0c280b1c848e5e9096edfda6d5958ce218903f714cc3442af7ea803024d0a5a2
SHA512 3b26a2cf51a1b66c5d29c24fa3113a1b7597d9e38ba4e379164c3723704570156e9c112244833f0e5626e3d8a2427158a5d136dae9dbceddda229aa9a15b8d7a

C:\Windows\system\RQeGaXv.exe

MD5 257ff4fc1fa8a7a0892ca8ca1f67f142
SHA1 939cc329536d416c8c7738d09c9645e383ce2734
SHA256 b99a3b462ecfdce0887ec26d818b82ee7358c1eefbf76b297b02f75d9e761521
SHA512 8894f09b60007d8ee7f4645f580ebc698312fac7f61014b236581e848c182acf9b70168d96f93f51eaae2b29edf24499b67800923a9b2c8779e83a446b849420

memory/1944-98-0x000000013F130000-0x000000013F481000-memory.dmp

C:\Windows\system\gdXuKIG.exe

MD5 cffb4bd616527f1b9fe5adf9554dbb7a
SHA1 44752bc2d859b9b699daf7c8877bb0990f9fb232
SHA256 53eeab7f8b2b90340ac049ff89fe327ed8b632320aa3c379f3ccde9e1f99f61f
SHA512 703b5d27fa3cd38a915b8343914f196e4300647071463970a89c9856fb20207848f7f7e267bf3bb9803ffbb4869e4d229ba1c6cec69fdc5cebec7d68e2819ce3

C:\Windows\system\HNNvDUm.exe

MD5 b12b55b26c5a0c7408f90ac56b23872c
SHA1 ae02e7f8fc9d0131a18e5ed4f267edc760ad75bb
SHA256 479cb464e4bb4fde6547736ac260d393a2eb04ed0d8a5c701ffd6c4b73e5f20d
SHA512 1583b56ed836ea1b04f09e4c591a2108bd3888b37319e9166f2916caab0e103f16bb3a2873a0864d92f5ed12b2f1e1b8d6251617ed3c9c5394c65b3097faf0f5

memory/2776-72-0x000000013F600000-0x000000013F951000-memory.dmp

memory/2912-65-0x000000013F1C0000-0x000000013F511000-memory.dmp

C:\Windows\system\rGimczR.exe

MD5 4a0a68dce604975a76b47767b12a6a15
SHA1 86f086087f0c7a892b26f5ab0b4d6ea6611ebe1d
SHA256 dc502803d9e187c370a59b2822130d704fba461c90f27d9eec674b069224bc53
SHA512 ec962d91475912b25c8d35b155cafc897e20a3e6f1ffa7b16131457a40a06bbca809df0383a1b19a27a8216869ab3f3fa41ee143d5ba6382b7b8947b75034eb1

memory/2912-63-0x000000013FDE0000-0x0000000140131000-memory.dmp

memory/2912-61-0x000000013F600000-0x000000013F951000-memory.dmp

C:\Windows\system\liNoBUl.exe

MD5 f2f066464104e27438c03e4b891248ec
SHA1 5d7f417a876b7efdf337944f419db012914ebd92
SHA256 9d230758e0499204033c50a7cd2b40dec578e5b5976c3e539853cc55f5ceac5c
SHA512 6410345b58666f97e331067f577f362c1b9e2e04066195f89f854027f61245f08547d9af74a0c1028939c04836738f18387899e9fa949083c15a1ad2de93a255

memory/2912-45-0x000000013FA90000-0x000000013FDE1000-memory.dmp

C:\Windows\system\KaFtSvI.exe

MD5 b6b9828474cce101ccc0fb6136381426
SHA1 0ba542caf8752529f62941f7dc883d07be93941d
SHA256 92f046cee2f327bd0f02012dca9fee4619d2ccbe03d44b4456931090d10a2af7
SHA512 37468afba5c3c83fea9afe6507584623d3db5605c9e3f2873bf534a611598e23722f08896db53f81710eb72420d9ea07f8e27adc5bc53cca2b59c863d93c9456

memory/2704-41-0x000000013FEB0000-0x0000000140201000-memory.dmp

memory/2912-1138-0x000000013FA90000-0x000000013FDE1000-memory.dmp

memory/2328-1166-0x000000013FC90000-0x000000013FFE1000-memory.dmp

memory/2912-1167-0x0000000001E30000-0x0000000002181000-memory.dmp

memory/2912-1169-0x0000000001E30000-0x0000000002181000-memory.dmp

memory/2776-1168-0x000000013F600000-0x000000013F951000-memory.dmp

memory/2692-1170-0x000000013FA90000-0x000000013FDE1000-memory.dmp

memory/2548-1171-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/2112-1172-0x000000013FB30000-0x000000013FE81000-memory.dmp

memory/1944-1174-0x000000013F130000-0x000000013F481000-memory.dmp

memory/2912-1183-0x0000000001E30000-0x0000000002181000-memory.dmp

memory/1920-1185-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

memory/2960-1187-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2708-1189-0x000000013FC10000-0x000000013FF61000-memory.dmp

memory/2704-1191-0x000000013FEB0000-0x0000000140201000-memory.dmp

memory/2328-1193-0x000000013FC90000-0x000000013FFE1000-memory.dmp

memory/2776-1196-0x000000013F600000-0x000000013F951000-memory.dmp

memory/2520-1197-0x000000013F440000-0x000000013F791000-memory.dmp

memory/2548-1206-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/1864-1221-0x000000013F740000-0x000000013FA91000-memory.dmp

memory/2112-1215-0x000000013FB30000-0x000000013FE81000-memory.dmp

memory/2692-1473-0x000000013FA90000-0x000000013FDE1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-22 08:22

Reported

2024-06-22 08:25

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cMzimAQ.exe N/A
N/A N/A C:\Windows\System\LdlmTJn.exe N/A
N/A N/A C:\Windows\System\GFqzJzE.exe N/A
N/A N/A C:\Windows\System\ehMSFjm.exe N/A
N/A N/A C:\Windows\System\vjYyBcI.exe N/A
N/A N/A C:\Windows\System\pLurrpp.exe N/A
N/A N/A C:\Windows\System\XyYMxAf.exe N/A
N/A N/A C:\Windows\System\NkDVhWm.exe N/A
N/A N/A C:\Windows\System\dImXUkm.exe N/A
N/A N/A C:\Windows\System\kPEVrEj.exe N/A
N/A N/A C:\Windows\System\xCKzUbl.exe N/A
N/A N/A C:\Windows\System\uZcpbtK.exe N/A
N/A N/A C:\Windows\System\ECTCleQ.exe N/A
N/A N/A C:\Windows\System\xTWTaSl.exe N/A
N/A N/A C:\Windows\System\sqcdCcR.exe N/A
N/A N/A C:\Windows\System\ltWuDOf.exe N/A
N/A N/A C:\Windows\System\ZSsuTTd.exe N/A
N/A N/A C:\Windows\System\qWssnkf.exe N/A
N/A N/A C:\Windows\System\ircGxjv.exe N/A
N/A N/A C:\Windows\System\UbwzGva.exe N/A
N/A N/A C:\Windows\System\aAHTIej.exe N/A
N/A N/A C:\Windows\System\ZdqgejJ.exe N/A
N/A N/A C:\Windows\System\JQlJAjE.exe N/A
N/A N/A C:\Windows\System\aNLYaQm.exe N/A
N/A N/A C:\Windows\System\QkyDSRQ.exe N/A
N/A N/A C:\Windows\System\DFdZLDF.exe N/A
N/A N/A C:\Windows\System\oUprwBf.exe N/A
N/A N/A C:\Windows\System\LRMzHQP.exe N/A
N/A N/A C:\Windows\System\YKukHLY.exe N/A
N/A N/A C:\Windows\System\czrRaFm.exe N/A
N/A N/A C:\Windows\System\fIXmHkJ.exe N/A
N/A N/A C:\Windows\System\kOwGZct.exe N/A
N/A N/A C:\Windows\System\aRVsvZC.exe N/A
N/A N/A C:\Windows\System\ArGbUcp.exe N/A
N/A N/A C:\Windows\System\ogoqwOj.exe N/A
N/A N/A C:\Windows\System\SNBOumJ.exe N/A
N/A N/A C:\Windows\System\DfOWKmj.exe N/A
N/A N/A C:\Windows\System\dotiwLb.exe N/A
N/A N/A C:\Windows\System\GBTBMJE.exe N/A
N/A N/A C:\Windows\System\SILPHcS.exe N/A
N/A N/A C:\Windows\System\ZKSUhLn.exe N/A
N/A N/A C:\Windows\System\cdmPyol.exe N/A
N/A N/A C:\Windows\System\xtcjwlH.exe N/A
N/A N/A C:\Windows\System\flLJCMM.exe N/A
N/A N/A C:\Windows\System\Nkgmbab.exe N/A
N/A N/A C:\Windows\System\lBEcRVt.exe N/A
N/A N/A C:\Windows\System\ADLCWcV.exe N/A
N/A N/A C:\Windows\System\QuzezVz.exe N/A
N/A N/A C:\Windows\System\zjrFXpU.exe N/A
N/A N/A C:\Windows\System\VsaKEmP.exe N/A
N/A N/A C:\Windows\System\DEkwOhU.exe N/A
N/A N/A C:\Windows\System\toDuqEr.exe N/A
N/A N/A C:\Windows\System\BxjMQxY.exe N/A
N/A N/A C:\Windows\System\JmxlOiE.exe N/A
N/A N/A C:\Windows\System\DvTcEmK.exe N/A
N/A N/A C:\Windows\System\dWhwxFC.exe N/A
N/A N/A C:\Windows\System\ZcrEaPX.exe N/A
N/A N/A C:\Windows\System\WvAOWrt.exe N/A
N/A N/A C:\Windows\System\CmwftkT.exe N/A
N/A N/A C:\Windows\System\kvgSQHG.exe N/A
N/A N/A C:\Windows\System\rCciixh.exe N/A
N/A N/A C:\Windows\System\qAUUCNt.exe N/A
N/A N/A C:\Windows\System\CFryexR.exe N/A
N/A N/A C:\Windows\System\jLorvIf.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tgsuWaM.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQocfFC.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfeaHGm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwNsMPI.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtwpYgY.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOFPRAR.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdlmTJn.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyyLAxZ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLWmmDP.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ysagWiY.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bofwbil.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MOrlWJX.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MSxrAQm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvAdLVg.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxolUfF.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hzmHpMh.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHNcHDv.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwDoHir.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\sxKZaUD.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YoYGADn.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lBEcRVt.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIqlcJM.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVWJxvm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICccHcb.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocMpTGY.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPgpatw.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaAWwHr.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\daBtlss.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ABThhwa.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUprwBf.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfOWKmj.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEkwOhU.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\aiwmfsZ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gukuEXy.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dImXUkm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LaNxqbQ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GiUbeFZ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwhKhEo.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkxFeSr.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CIFvgVm.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFXWZai.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPEVrEj.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ircGxjv.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXTMsdO.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNAbWLa.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\tykqOwO.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWFuMQF.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFLlqkD.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhfcUJH.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGBoajK.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmWfldq.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\cMzimAQ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwCdlAH.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\whtCobJ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsprewY.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\TGmsdlX.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbxEZyw.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgxBBgQ.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZifjxx.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmqrGts.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYOQMEi.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMyfdQw.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSsuTTd.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDCNgda.exe C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4352 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\cMzimAQ.exe
PID 4352 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\cMzimAQ.exe
PID 4352 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\LdlmTJn.exe
PID 4352 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\LdlmTJn.exe
PID 4352 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\GFqzJzE.exe
PID 4352 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\GFqzJzE.exe
PID 4352 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ehMSFjm.exe
PID 4352 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ehMSFjm.exe
PID 4352 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\vjYyBcI.exe
PID 4352 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\vjYyBcI.exe
PID 4352 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\pLurrpp.exe
PID 4352 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\pLurrpp.exe
PID 4352 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\XyYMxAf.exe
PID 4352 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\XyYMxAf.exe
PID 4352 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\NkDVhWm.exe
PID 4352 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\NkDVhWm.exe
PID 4352 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\dImXUkm.exe
PID 4352 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\dImXUkm.exe
PID 4352 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kPEVrEj.exe
PID 4352 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kPEVrEj.exe
PID 4352 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\xCKzUbl.exe
PID 4352 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\xCKzUbl.exe
PID 4352 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uZcpbtK.exe
PID 4352 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\uZcpbtK.exe
PID 4352 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ECTCleQ.exe
PID 4352 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ECTCleQ.exe
PID 4352 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\xTWTaSl.exe
PID 4352 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\xTWTaSl.exe
PID 4352 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\sqcdCcR.exe
PID 4352 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\sqcdCcR.exe
PID 4352 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ltWuDOf.exe
PID 4352 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ltWuDOf.exe
PID 4352 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZSsuTTd.exe
PID 4352 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZSsuTTd.exe
PID 4352 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\qWssnkf.exe
PID 4352 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\qWssnkf.exe
PID 4352 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ircGxjv.exe
PID 4352 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ircGxjv.exe
PID 4352 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\UbwzGva.exe
PID 4352 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\UbwzGva.exe
PID 4352 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\aAHTIej.exe
PID 4352 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\aAHTIej.exe
PID 4352 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZdqgejJ.exe
PID 4352 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\ZdqgejJ.exe
PID 4352 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\JQlJAjE.exe
PID 4352 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\JQlJAjE.exe
PID 4352 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\aNLYaQm.exe
PID 4352 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\aNLYaQm.exe
PID 4352 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\QkyDSRQ.exe
PID 4352 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\QkyDSRQ.exe
PID 4352 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\DFdZLDF.exe
PID 4352 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\DFdZLDF.exe
PID 4352 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\oUprwBf.exe
PID 4352 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\oUprwBf.exe
PID 4352 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\LRMzHQP.exe
PID 4352 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\LRMzHQP.exe
PID 4352 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\YKukHLY.exe
PID 4352 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\YKukHLY.exe
PID 4352 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\czrRaFm.exe
PID 4352 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\czrRaFm.exe
PID 4352 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\fIXmHkJ.exe
PID 4352 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\fIXmHkJ.exe
PID 4352 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kOwGZct.exe
PID 4352 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe C:\Windows\System\kOwGZct.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8aec6c9d16a90d3e07425496521d6b7462540770676aaf9097b8887c9131884b_NeikiAnalytics.exe"

C:\Windows\System\cMzimAQ.exe

C:\Windows\System\cMzimAQ.exe

C:\Windows\System\LdlmTJn.exe

C:\Windows\System\LdlmTJn.exe

C:\Windows\System\GFqzJzE.exe

C:\Windows\System\GFqzJzE.exe

C:\Windows\System\ehMSFjm.exe

C:\Windows\System\ehMSFjm.exe

C:\Windows\System\vjYyBcI.exe

C:\Windows\System\vjYyBcI.exe

C:\Windows\System\pLurrpp.exe

C:\Windows\System\pLurrpp.exe

C:\Windows\System\XyYMxAf.exe

C:\Windows\System\XyYMxAf.exe

C:\Windows\System\NkDVhWm.exe

C:\Windows\System\NkDVhWm.exe

C:\Windows\System\dImXUkm.exe

C:\Windows\System\dImXUkm.exe

C:\Windows\System\kPEVrEj.exe

C:\Windows\System\kPEVrEj.exe

C:\Windows\System\xCKzUbl.exe

C:\Windows\System\xCKzUbl.exe

C:\Windows\System\uZcpbtK.exe

C:\Windows\System\uZcpbtK.exe

C:\Windows\System\ECTCleQ.exe

C:\Windows\System\ECTCleQ.exe

C:\Windows\System\xTWTaSl.exe

C:\Windows\System\xTWTaSl.exe

C:\Windows\System\sqcdCcR.exe

C:\Windows\System\sqcdCcR.exe

C:\Windows\System\ltWuDOf.exe

C:\Windows\System\ltWuDOf.exe

C:\Windows\System\ZSsuTTd.exe

C:\Windows\System\ZSsuTTd.exe

C:\Windows\System\qWssnkf.exe

C:\Windows\System\qWssnkf.exe

C:\Windows\System\ircGxjv.exe

C:\Windows\System\ircGxjv.exe

C:\Windows\System\UbwzGva.exe

C:\Windows\System\UbwzGva.exe

C:\Windows\System\aAHTIej.exe

C:\Windows\System\aAHTIej.exe

C:\Windows\System\ZdqgejJ.exe

C:\Windows\System\ZdqgejJ.exe

C:\Windows\System\JQlJAjE.exe

C:\Windows\System\JQlJAjE.exe

C:\Windows\System\aNLYaQm.exe

C:\Windows\System\aNLYaQm.exe

C:\Windows\System\QkyDSRQ.exe

C:\Windows\System\QkyDSRQ.exe

C:\Windows\System\DFdZLDF.exe

C:\Windows\System\DFdZLDF.exe

C:\Windows\System\oUprwBf.exe

C:\Windows\System\oUprwBf.exe

C:\Windows\System\LRMzHQP.exe

C:\Windows\System\LRMzHQP.exe

C:\Windows\System\YKukHLY.exe

C:\Windows\System\YKukHLY.exe

C:\Windows\System\czrRaFm.exe

C:\Windows\System\czrRaFm.exe

C:\Windows\System\fIXmHkJ.exe

C:\Windows\System\fIXmHkJ.exe

C:\Windows\System\kOwGZct.exe

C:\Windows\System\kOwGZct.exe

C:\Windows\System\aRVsvZC.exe

C:\Windows\System\aRVsvZC.exe

C:\Windows\System\ArGbUcp.exe

C:\Windows\System\ArGbUcp.exe

C:\Windows\System\ogoqwOj.exe

C:\Windows\System\ogoqwOj.exe

C:\Windows\System\SNBOumJ.exe

C:\Windows\System\SNBOumJ.exe

C:\Windows\System\DfOWKmj.exe

C:\Windows\System\DfOWKmj.exe

C:\Windows\System\dotiwLb.exe

C:\Windows\System\dotiwLb.exe

C:\Windows\System\GBTBMJE.exe

C:\Windows\System\GBTBMJE.exe

C:\Windows\System\SILPHcS.exe

C:\Windows\System\SILPHcS.exe

C:\Windows\System\ZKSUhLn.exe

C:\Windows\System\ZKSUhLn.exe

C:\Windows\System\cdmPyol.exe

C:\Windows\System\cdmPyol.exe

C:\Windows\System\xtcjwlH.exe

C:\Windows\System\xtcjwlH.exe

C:\Windows\System\flLJCMM.exe

C:\Windows\System\flLJCMM.exe

C:\Windows\System\Nkgmbab.exe

C:\Windows\System\Nkgmbab.exe

C:\Windows\System\lBEcRVt.exe

C:\Windows\System\lBEcRVt.exe

C:\Windows\System\ADLCWcV.exe

C:\Windows\System\ADLCWcV.exe

C:\Windows\System\QuzezVz.exe

C:\Windows\System\QuzezVz.exe

C:\Windows\System\zjrFXpU.exe

C:\Windows\System\zjrFXpU.exe

C:\Windows\System\VsaKEmP.exe

C:\Windows\System\VsaKEmP.exe

C:\Windows\System\DEkwOhU.exe

C:\Windows\System\DEkwOhU.exe

C:\Windows\System\toDuqEr.exe

C:\Windows\System\toDuqEr.exe

C:\Windows\System\BxjMQxY.exe

C:\Windows\System\BxjMQxY.exe

C:\Windows\System\JmxlOiE.exe

C:\Windows\System\JmxlOiE.exe

C:\Windows\System\DvTcEmK.exe

C:\Windows\System\DvTcEmK.exe

C:\Windows\System\dWhwxFC.exe

C:\Windows\System\dWhwxFC.exe

C:\Windows\System\ZcrEaPX.exe

C:\Windows\System\ZcrEaPX.exe

C:\Windows\System\WvAOWrt.exe

C:\Windows\System\WvAOWrt.exe

C:\Windows\System\CmwftkT.exe

C:\Windows\System\CmwftkT.exe

C:\Windows\System\kvgSQHG.exe

C:\Windows\System\kvgSQHG.exe

C:\Windows\System\rCciixh.exe

C:\Windows\System\rCciixh.exe

C:\Windows\System\qAUUCNt.exe

C:\Windows\System\qAUUCNt.exe

C:\Windows\System\CFryexR.exe

C:\Windows\System\CFryexR.exe

C:\Windows\System\jLorvIf.exe

C:\Windows\System\jLorvIf.exe

C:\Windows\System\JfeaHGm.exe

C:\Windows\System\JfeaHGm.exe

C:\Windows\System\vvTvaFz.exe

C:\Windows\System\vvTvaFz.exe

C:\Windows\System\LaNxqbQ.exe

C:\Windows\System\LaNxqbQ.exe

C:\Windows\System\MSxrAQm.exe

C:\Windows\System\MSxrAQm.exe

C:\Windows\System\LyRBFBo.exe

C:\Windows\System\LyRBFBo.exe

C:\Windows\System\GWFuMQF.exe

C:\Windows\System\GWFuMQF.exe

C:\Windows\System\RrwOrbU.exe

C:\Windows\System\RrwOrbU.exe

C:\Windows\System\CotDSOq.exe

C:\Windows\System\CotDSOq.exe

C:\Windows\System\QxJSphs.exe

C:\Windows\System\QxJSphs.exe

C:\Windows\System\rLzEsaH.exe

C:\Windows\System\rLzEsaH.exe

C:\Windows\System\ASDmMrf.exe

C:\Windows\System\ASDmMrf.exe

C:\Windows\System\cRvgxRw.exe

C:\Windows\System\cRvgxRw.exe

C:\Windows\System\gCZWXOW.exe

C:\Windows\System\gCZWXOW.exe

C:\Windows\System\HjtHSMx.exe

C:\Windows\System\HjtHSMx.exe

C:\Windows\System\SvmbKcB.exe

C:\Windows\System\SvmbKcB.exe

C:\Windows\System\WulPCVH.exe

C:\Windows\System\WulPCVH.exe

C:\Windows\System\cGqoSwf.exe

C:\Windows\System\cGqoSwf.exe

C:\Windows\System\QDqpELY.exe

C:\Windows\System\QDqpELY.exe

C:\Windows\System\vWtmGnG.exe

C:\Windows\System\vWtmGnG.exe

C:\Windows\System\ysagWiY.exe

C:\Windows\System\ysagWiY.exe

C:\Windows\System\LFLlqkD.exe

C:\Windows\System\LFLlqkD.exe

C:\Windows\System\khVxOOo.exe

C:\Windows\System\khVxOOo.exe

C:\Windows\System\fvlCCAf.exe

C:\Windows\System\fvlCCAf.exe

C:\Windows\System\eZxGCXO.exe

C:\Windows\System\eZxGCXO.exe

C:\Windows\System\JbKpSjs.exe

C:\Windows\System\JbKpSjs.exe

C:\Windows\System\OXVCrkT.exe

C:\Windows\System\OXVCrkT.exe

C:\Windows\System\uhfcUJH.exe

C:\Windows\System\uhfcUJH.exe

C:\Windows\System\DXTMsdO.exe

C:\Windows\System\DXTMsdO.exe

C:\Windows\System\PLPFVGD.exe

C:\Windows\System\PLPFVGD.exe

C:\Windows\System\kNSoagm.exe

C:\Windows\System\kNSoagm.exe

C:\Windows\System\LnFWGRs.exe

C:\Windows\System\LnFWGRs.exe

C:\Windows\System\bKpiWAV.exe

C:\Windows\System\bKpiWAV.exe

C:\Windows\System\ldZmgNB.exe

C:\Windows\System\ldZmgNB.exe

C:\Windows\System\HyevGQk.exe

C:\Windows\System\HyevGQk.exe

C:\Windows\System\IDVbFVF.exe

C:\Windows\System\IDVbFVF.exe

C:\Windows\System\KMPohpC.exe

C:\Windows\System\KMPohpC.exe

C:\Windows\System\MKSbhks.exe

C:\Windows\System\MKSbhks.exe

C:\Windows\System\szoLBBd.exe

C:\Windows\System\szoLBBd.exe

C:\Windows\System\pxCubMF.exe

C:\Windows\System\pxCubMF.exe

C:\Windows\System\bGbTtUY.exe

C:\Windows\System\bGbTtUY.exe

C:\Windows\System\UmUXsgJ.exe

C:\Windows\System\UmUXsgJ.exe

C:\Windows\System\RWVGBDW.exe

C:\Windows\System\RWVGBDW.exe

C:\Windows\System\JZdHKea.exe

C:\Windows\System\JZdHKea.exe

C:\Windows\System\tAljUkm.exe

C:\Windows\System\tAljUkm.exe

C:\Windows\System\MPgpatw.exe

C:\Windows\System\MPgpatw.exe

C:\Windows\System\XfBIvHw.exe

C:\Windows\System\XfBIvHw.exe

C:\Windows\System\gyGWJyC.exe

C:\Windows\System\gyGWJyC.exe

C:\Windows\System\izlwEtw.exe

C:\Windows\System\izlwEtw.exe

C:\Windows\System\kwCdlAH.exe

C:\Windows\System\kwCdlAH.exe

C:\Windows\System\CzKGRIS.exe

C:\Windows\System\CzKGRIS.exe

C:\Windows\System\wNjLnQB.exe

C:\Windows\System\wNjLnQB.exe

C:\Windows\System\CKeUSRW.exe

C:\Windows\System\CKeUSRW.exe

C:\Windows\System\UyyLAxZ.exe

C:\Windows\System\UyyLAxZ.exe

C:\Windows\System\CLEfqDC.exe

C:\Windows\System\CLEfqDC.exe

C:\Windows\System\pReoaSY.exe

C:\Windows\System\pReoaSY.exe

C:\Windows\System\UHJAFfB.exe

C:\Windows\System\UHJAFfB.exe

C:\Windows\System\WDCNgda.exe

C:\Windows\System\WDCNgda.exe

C:\Windows\System\PRkPaCo.exe

C:\Windows\System\PRkPaCo.exe

C:\Windows\System\dgeoHcP.exe

C:\Windows\System\dgeoHcP.exe

C:\Windows\System\Rgaczsd.exe

C:\Windows\System\Rgaczsd.exe

C:\Windows\System\RIvdsam.exe

C:\Windows\System\RIvdsam.exe

C:\Windows\System\bZifjxx.exe

C:\Windows\System\bZifjxx.exe

C:\Windows\System\lJFrzwb.exe

C:\Windows\System\lJFrzwb.exe

C:\Windows\System\fbpICls.exe

C:\Windows\System\fbpICls.exe

C:\Windows\System\qLWmmDP.exe

C:\Windows\System\qLWmmDP.exe

C:\Windows\System\lwhKhEo.exe

C:\Windows\System\lwhKhEo.exe

C:\Windows\System\rjMAXUa.exe

C:\Windows\System\rjMAXUa.exe

C:\Windows\System\GiUbeFZ.exe

C:\Windows\System\GiUbeFZ.exe

C:\Windows\System\JwpmGIy.exe

C:\Windows\System\JwpmGIy.exe

C:\Windows\System\TSaAAIw.exe

C:\Windows\System\TSaAAIw.exe

C:\Windows\System\IeNKIPB.exe

C:\Windows\System\IeNKIPB.exe

C:\Windows\System\aIqlcJM.exe

C:\Windows\System\aIqlcJM.exe

C:\Windows\System\PVWJxvm.exe

C:\Windows\System\PVWJxvm.exe

C:\Windows\System\ixCJFCm.exe

C:\Windows\System\ixCJFCm.exe

C:\Windows\System\abVvtxz.exe

C:\Windows\System\abVvtxz.exe

C:\Windows\System\yLcuRdS.exe

C:\Windows\System\yLcuRdS.exe

C:\Windows\System\DCSrzhq.exe

C:\Windows\System\DCSrzhq.exe

C:\Windows\System\hFdnuag.exe

C:\Windows\System\hFdnuag.exe

C:\Windows\System\ZXqEAtV.exe

C:\Windows\System\ZXqEAtV.exe

C:\Windows\System\dEyNGvB.exe

C:\Windows\System\dEyNGvB.exe

C:\Windows\System\TcOlsyI.exe

C:\Windows\System\TcOlsyI.exe

C:\Windows\System\BMYAjNh.exe

C:\Windows\System\BMYAjNh.exe

C:\Windows\System\UpWUANy.exe

C:\Windows\System\UpWUANy.exe

C:\Windows\System\hzmHpMh.exe

C:\Windows\System\hzmHpMh.exe

C:\Windows\System\rSKZdsY.exe

C:\Windows\System\rSKZdsY.exe

C:\Windows\System\HfNoRBg.exe

C:\Windows\System\HfNoRBg.exe

C:\Windows\System\ZdPJewM.exe

C:\Windows\System\ZdPJewM.exe

C:\Windows\System\QRThzAc.exe

C:\Windows\System\QRThzAc.exe

C:\Windows\System\kdTaOFL.exe

C:\Windows\System\kdTaOFL.exe

C:\Windows\System\kdBrNkf.exe

C:\Windows\System\kdBrNkf.exe

C:\Windows\System\jCNZljA.exe

C:\Windows\System\jCNZljA.exe

C:\Windows\System\tnshcqU.exe

C:\Windows\System\tnshcqU.exe

C:\Windows\System\gDguvzb.exe

C:\Windows\System\gDguvzb.exe

C:\Windows\System\xVvyNPC.exe

C:\Windows\System\xVvyNPC.exe

C:\Windows\System\ocMpTGY.exe

C:\Windows\System\ocMpTGY.exe

C:\Windows\System\cOyADXK.exe

C:\Windows\System\cOyADXK.exe

C:\Windows\System\tDyPjpk.exe

C:\Windows\System\tDyPjpk.exe

C:\Windows\System\wpOwpeI.exe

C:\Windows\System\wpOwpeI.exe

C:\Windows\System\vGGpGFu.exe

C:\Windows\System\vGGpGFu.exe

C:\Windows\System\rFPeKMj.exe

C:\Windows\System\rFPeKMj.exe

C:\Windows\System\jApsMUr.exe

C:\Windows\System\jApsMUr.exe

C:\Windows\System\vhSqdya.exe

C:\Windows\System\vhSqdya.exe

C:\Windows\System\gHmqBPu.exe

C:\Windows\System\gHmqBPu.exe

C:\Windows\System\isyBHeZ.exe

C:\Windows\System\isyBHeZ.exe

C:\Windows\System\QFTpdyP.exe

C:\Windows\System\QFTpdyP.exe

C:\Windows\System\xHbvIHZ.exe

C:\Windows\System\xHbvIHZ.exe

C:\Windows\System\TGmsdlX.exe

C:\Windows\System\TGmsdlX.exe

C:\Windows\System\PlowRQb.exe

C:\Windows\System\PlowRQb.exe

C:\Windows\System\mdTwKmr.exe

C:\Windows\System\mdTwKmr.exe

C:\Windows\System\NwgrbRL.exe

C:\Windows\System\NwgrbRL.exe

C:\Windows\System\FDTpvdw.exe

C:\Windows\System\FDTpvdw.exe

C:\Windows\System\Tsziqfb.exe

C:\Windows\System\Tsziqfb.exe

C:\Windows\System\ubzAzMK.exe

C:\Windows\System\ubzAzMK.exe

C:\Windows\System\jCGLQRW.exe

C:\Windows\System\jCGLQRW.exe

C:\Windows\System\LmqrGts.exe

C:\Windows\System\LmqrGts.exe

C:\Windows\System\PybBgJd.exe

C:\Windows\System\PybBgJd.exe

C:\Windows\System\tbxEZyw.exe

C:\Windows\System\tbxEZyw.exe

C:\Windows\System\IqBEkJX.exe

C:\Windows\System\IqBEkJX.exe

C:\Windows\System\cOnXYyx.exe

C:\Windows\System\cOnXYyx.exe

C:\Windows\System\ieUxnjy.exe

C:\Windows\System\ieUxnjy.exe

C:\Windows\System\NjGmsoV.exe

C:\Windows\System\NjGmsoV.exe

C:\Windows\System\efbBBOA.exe

C:\Windows\System\efbBBOA.exe

C:\Windows\System\kNAbWLa.exe

C:\Windows\System\kNAbWLa.exe

C:\Windows\System\ebhELJc.exe

C:\Windows\System\ebhELJc.exe

C:\Windows\System\GfmBTWp.exe

C:\Windows\System\GfmBTWp.exe

C:\Windows\System\cNdFUQE.exe

C:\Windows\System\cNdFUQE.exe

C:\Windows\System\BwNsMPI.exe

C:\Windows\System\BwNsMPI.exe

C:\Windows\System\GPxGepK.exe

C:\Windows\System\GPxGepK.exe

C:\Windows\System\cKkVIRg.exe

C:\Windows\System\cKkVIRg.exe

C:\Windows\System\SVClYJH.exe

C:\Windows\System\SVClYJH.exe

C:\Windows\System\NprJgUF.exe

C:\Windows\System\NprJgUF.exe

C:\Windows\System\VEkunRU.exe

C:\Windows\System\VEkunRU.exe

C:\Windows\System\iCwsHte.exe

C:\Windows\System\iCwsHte.exe

C:\Windows\System\lEYhnbD.exe

C:\Windows\System\lEYhnbD.exe

C:\Windows\System\cToaXmt.exe

C:\Windows\System\cToaXmt.exe

C:\Windows\System\ZgnByOf.exe

C:\Windows\System\ZgnByOf.exe

C:\Windows\System\yOkabMQ.exe

C:\Windows\System\yOkabMQ.exe

C:\Windows\System\aiwmfsZ.exe

C:\Windows\System\aiwmfsZ.exe

C:\Windows\System\SPOgHhF.exe

C:\Windows\System\SPOgHhF.exe

C:\Windows\System\IOKzzND.exe

C:\Windows\System\IOKzzND.exe

C:\Windows\System\oTuRHFj.exe

C:\Windows\System\oTuRHFj.exe

C:\Windows\System\TJCdfBe.exe

C:\Windows\System\TJCdfBe.exe

C:\Windows\System\lBTdZrg.exe

C:\Windows\System\lBTdZrg.exe

C:\Windows\System\rhwoWWB.exe

C:\Windows\System\rhwoWWB.exe

C:\Windows\System\bBoqhoh.exe

C:\Windows\System\bBoqhoh.exe

C:\Windows\System\cOFPRAR.exe

C:\Windows\System\cOFPRAR.exe

C:\Windows\System\vcPzrRz.exe

C:\Windows\System\vcPzrRz.exe

C:\Windows\System\EcEGePG.exe

C:\Windows\System\EcEGePG.exe

C:\Windows\System\RsUetuj.exe

C:\Windows\System\RsUetuj.exe

C:\Windows\System\bziritC.exe

C:\Windows\System\bziritC.exe

C:\Windows\System\AYOQMEi.exe

C:\Windows\System\AYOQMEi.exe

C:\Windows\System\VtwpYgY.exe

C:\Windows\System\VtwpYgY.exe

C:\Windows\System\yliSYgG.exe

C:\Windows\System\yliSYgG.exe

C:\Windows\System\pvAdLVg.exe

C:\Windows\System\pvAdLVg.exe

C:\Windows\System\nwLQjST.exe

C:\Windows\System\nwLQjST.exe

C:\Windows\System\elKxeHn.exe

C:\Windows\System\elKxeHn.exe

C:\Windows\System\ccFouFV.exe

C:\Windows\System\ccFouFV.exe

C:\Windows\System\LwdrTrl.exe

C:\Windows\System\LwdrTrl.exe

C:\Windows\System\OHNcHDv.exe

C:\Windows\System\OHNcHDv.exe

C:\Windows\System\wzSCdAZ.exe

C:\Windows\System\wzSCdAZ.exe

C:\Windows\System\JmkjgRP.exe

C:\Windows\System\JmkjgRP.exe

C:\Windows\System\AYBCxWB.exe

C:\Windows\System\AYBCxWB.exe

C:\Windows\System\FKXMsQA.exe

C:\Windows\System\FKXMsQA.exe

C:\Windows\System\tgsuWaM.exe

C:\Windows\System\tgsuWaM.exe

C:\Windows\System\FGxaruo.exe

C:\Windows\System\FGxaruo.exe

C:\Windows\System\PQdBOwG.exe

C:\Windows\System\PQdBOwG.exe

C:\Windows\System\crwWpLu.exe

C:\Windows\System\crwWpLu.exe

C:\Windows\System\vyVDxST.exe

C:\Windows\System\vyVDxST.exe

C:\Windows\System\whtCobJ.exe

C:\Windows\System\whtCobJ.exe

C:\Windows\System\fwZtIem.exe

C:\Windows\System\fwZtIem.exe

C:\Windows\System\ZPjbZea.exe

C:\Windows\System\ZPjbZea.exe

C:\Windows\System\qgxBBgQ.exe

C:\Windows\System\qgxBBgQ.exe

C:\Windows\System\XkxFeSr.exe

C:\Windows\System\XkxFeSr.exe

C:\Windows\System\czENGwh.exe

C:\Windows\System\czENGwh.exe

C:\Windows\System\XhhzDNR.exe

C:\Windows\System\XhhzDNR.exe

C:\Windows\System\iaAWwHr.exe

C:\Windows\System\iaAWwHr.exe

C:\Windows\System\McBWLEV.exe

C:\Windows\System\McBWLEV.exe

C:\Windows\System\hWlxHXU.exe

C:\Windows\System\hWlxHXU.exe

C:\Windows\System\eEgIlpg.exe

C:\Windows\System\eEgIlpg.exe

C:\Windows\System\RxtxtmU.exe

C:\Windows\System\RxtxtmU.exe

C:\Windows\System\JoPRHlU.exe

C:\Windows\System\JoPRHlU.exe

C:\Windows\System\encwQSb.exe

C:\Windows\System\encwQSb.exe

C:\Windows\System\ndtmwuK.exe

C:\Windows\System\ndtmwuK.exe

C:\Windows\System\aoXwkVB.exe

C:\Windows\System\aoXwkVB.exe

C:\Windows\System\YSjGoGU.exe

C:\Windows\System\YSjGoGU.exe

C:\Windows\System\oJqsuQm.exe

C:\Windows\System\oJqsuQm.exe

C:\Windows\System\lfKGOMN.exe

C:\Windows\System\lfKGOMN.exe

C:\Windows\System\kVjvnmu.exe

C:\Windows\System\kVjvnmu.exe

C:\Windows\System\tykqOwO.exe

C:\Windows\System\tykqOwO.exe

C:\Windows\System\yiCyWfI.exe

C:\Windows\System\yiCyWfI.exe

C:\Windows\System\Bofwbil.exe

C:\Windows\System\Bofwbil.exe

C:\Windows\System\LENxWba.exe

C:\Windows\System\LENxWba.exe

C:\Windows\System\fjDnZPd.exe

C:\Windows\System\fjDnZPd.exe

C:\Windows\System\RfftkIP.exe

C:\Windows\System\RfftkIP.exe

C:\Windows\System\vWRGSOa.exe

C:\Windows\System\vWRGSOa.exe

C:\Windows\System\tgyMPOL.exe

C:\Windows\System\tgyMPOL.exe

C:\Windows\System\RIXPJkw.exe

C:\Windows\System\RIXPJkw.exe

C:\Windows\System\jxolUfF.exe

C:\Windows\System\jxolUfF.exe

C:\Windows\System\kTFhkFZ.exe

C:\Windows\System\kTFhkFZ.exe

C:\Windows\System\ugIKRtQ.exe

C:\Windows\System\ugIKRtQ.exe

C:\Windows\System\jeYzkaJ.exe

C:\Windows\System\jeYzkaJ.exe

C:\Windows\System\KXykBkf.exe

C:\Windows\System\KXykBkf.exe

C:\Windows\System\gMyfdQw.exe

C:\Windows\System\gMyfdQw.exe

C:\Windows\System\goKPMRY.exe

C:\Windows\System\goKPMRY.exe

C:\Windows\System\EIbMXcu.exe

C:\Windows\System\EIbMXcu.exe

C:\Windows\System\CbmnADk.exe

C:\Windows\System\CbmnADk.exe

C:\Windows\System\NRmIVQz.exe

C:\Windows\System\NRmIVQz.exe

C:\Windows\System\AGBoajK.exe

C:\Windows\System\AGBoajK.exe

C:\Windows\System\srSNhOO.exe

C:\Windows\System\srSNhOO.exe

C:\Windows\System\aXSEdJB.exe

C:\Windows\System\aXSEdJB.exe

C:\Windows\System\JIXqzYy.exe

C:\Windows\System\JIXqzYy.exe

C:\Windows\System\YwDoHir.exe

C:\Windows\System\YwDoHir.exe

C:\Windows\System\fxWJBTY.exe

C:\Windows\System\fxWJBTY.exe

C:\Windows\System\HFRFWNR.exe

C:\Windows\System\HFRFWNR.exe

C:\Windows\System\MOrlWJX.exe

C:\Windows\System\MOrlWJX.exe

C:\Windows\System\pRlGeNV.exe

C:\Windows\System\pRlGeNV.exe

C:\Windows\System\yTORoHY.exe

C:\Windows\System\yTORoHY.exe

C:\Windows\System\sxKZaUD.exe

C:\Windows\System\sxKZaUD.exe

C:\Windows\System\daBtlss.exe

C:\Windows\System\daBtlss.exe

C:\Windows\System\dGbnHlA.exe

C:\Windows\System\dGbnHlA.exe

C:\Windows\System\TNdMGbc.exe

C:\Windows\System\TNdMGbc.exe

C:\Windows\System\dYMobGU.exe

C:\Windows\System\dYMobGU.exe

C:\Windows\System\ABThhwa.exe

C:\Windows\System\ABThhwa.exe

C:\Windows\System\ePaKIjq.exe

C:\Windows\System\ePaKIjq.exe

C:\Windows\System\CIFvgVm.exe

C:\Windows\System\CIFvgVm.exe

C:\Windows\System\rYYdWgh.exe

C:\Windows\System\rYYdWgh.exe

C:\Windows\System\KFHAjxD.exe

C:\Windows\System\KFHAjxD.exe

C:\Windows\System\ngmyRJN.exe

C:\Windows\System\ngmyRJN.exe

C:\Windows\System\OhcKDWO.exe

C:\Windows\System\OhcKDWO.exe

C:\Windows\System\wCdyDyD.exe

C:\Windows\System\wCdyDyD.exe

C:\Windows\System\NhDIECu.exe

C:\Windows\System\NhDIECu.exe

C:\Windows\System\YoYGADn.exe

C:\Windows\System\YoYGADn.exe

C:\Windows\System\wsLqjlq.exe

C:\Windows\System\wsLqjlq.exe

C:\Windows\System\ouqIpLY.exe

C:\Windows\System\ouqIpLY.exe

C:\Windows\System\UDDKVSG.exe

C:\Windows\System\UDDKVSG.exe

C:\Windows\System\pdARMgZ.exe

C:\Windows\System\pdARMgZ.exe

C:\Windows\System\mznrPvs.exe

C:\Windows\System\mznrPvs.exe

C:\Windows\System\XgqOkSr.exe

C:\Windows\System\XgqOkSr.exe

C:\Windows\System\WOsICcO.exe

C:\Windows\System\WOsICcO.exe

C:\Windows\System\ADRPfCx.exe

C:\Windows\System\ADRPfCx.exe

C:\Windows\System\nsprewY.exe

C:\Windows\System\nsprewY.exe

C:\Windows\System\TScIqUA.exe

C:\Windows\System\TScIqUA.exe

C:\Windows\System\vFXWZai.exe

C:\Windows\System\vFXWZai.exe

C:\Windows\System\XJlZIPO.exe

C:\Windows\System\XJlZIPO.exe

C:\Windows\System\rmdIVnF.exe

C:\Windows\System\rmdIVnF.exe

C:\Windows\System\ICccHcb.exe

C:\Windows\System\ICccHcb.exe

C:\Windows\System\HuwDiTf.exe

C:\Windows\System\HuwDiTf.exe

C:\Windows\System\qqmAXSh.exe

C:\Windows\System\qqmAXSh.exe

C:\Windows\System\MMnECNu.exe

C:\Windows\System\MMnECNu.exe

C:\Windows\System\IQocfFC.exe

C:\Windows\System\IQocfFC.exe

C:\Windows\System\EUvzTzz.exe

C:\Windows\System\EUvzTzz.exe

C:\Windows\System\vgOiBDf.exe

C:\Windows\System\vgOiBDf.exe

C:\Windows\System\zAjwuwM.exe

C:\Windows\System\zAjwuwM.exe

C:\Windows\System\gukuEXy.exe

C:\Windows\System\gukuEXy.exe

C:\Windows\System\lmWfldq.exe

C:\Windows\System\lmWfldq.exe

C:\Windows\System\aoZRfnQ.exe

C:\Windows\System\aoZRfnQ.exe

C:\Windows\System\amYchxh.exe

C:\Windows\System\amYchxh.exe

C:\Windows\System\DQUPtVy.exe

C:\Windows\System\DQUPtVy.exe

C:\Windows\System\mjjRBOs.exe

C:\Windows\System\mjjRBOs.exe

C:\Windows\System\OapllfN.exe

C:\Windows\System\OapllfN.exe

C:\Windows\System\bfSTDdf.exe

C:\Windows\System\bfSTDdf.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4352-0-0x00007FF65C710000-0x00007FF65CA61000-memory.dmp

memory/4352-1-0x0000023221730000-0x0000023221740000-memory.dmp

C:\Windows\System\cMzimAQ.exe

MD5 9b8d26e3b0f90234d478673d37e0c0db
SHA1 154f908a133d5c761ef0d8c4fc8ef8fc744912e3
SHA256 baee00cd4602d09bd919542578b77f8aab043215d348b17c67a50c5692195f13
SHA512 41b7555b7433e1bd87f32013b8370f047f0c7d05ce95a219e6640b6131cd9e2bdaf9a29d549b38b4064cdc4052ac393f280ca14f3972268524227e8e4a333197

C:\Windows\System\GFqzJzE.exe

MD5 bdc946c6785e350c9342edcc33d29532
SHA1 fb56b5a069c5278bc721501d729e03f9e8596dd6
SHA256 f2b23275f2737211815d9c50da0495d1c7eee9321df60d8515673812142cd462
SHA512 b946f1a20e8940f8b2516363559127407c7b33905adbaf7fa6d42a2350c525ac7ed7421194546b741d48c009683acb2d1ca7d20831fe5e1da00df854216528a2

C:\Windows\System\LdlmTJn.exe

MD5 90395b75b338e51947eaace994c03697
SHA1 e34b4a15b2b014744fbdb94ba0db9ac80e7707bd
SHA256 a5ebc18e19f3292cecef440d0a4caa784bbc2ee3d12f4bd2bd2c55b9b58b3521
SHA512 49104927d0d787bac84a92246502298935f5efb590db09daf0fd07f0cf6a7f7c2275bd3fd23efa524bd1640a00fac91846dbb9b088cdabd13370dfec63077c3a

memory/1876-18-0x00007FF614F80000-0x00007FF6152D1000-memory.dmp

C:\Windows\System\pLurrpp.exe

MD5 89671c40dc5b1566a48d8d2243b8dfb8
SHA1 be58ee951072dac6430de332e67d5af1c27f6845
SHA256 395e55f7b9adfd6526247237107044502a1d5241cfe1f1b94e2b091a1500580e
SHA512 72f44d1fe340cbbbb85bbf2d1bb61bd82d50ce0ec4a4a36aa21140a5a406751b4aa1bd1bd447359c710520b4690dff292871275c3972ba5430c819eddef7501b

C:\Windows\System\kPEVrEj.exe

MD5 78c2decbc1cf5559005c781572a528ab
SHA1 38fd9f7df9b44ecdb7c9f9c83e6e4ad68de96533
SHA256 15ab2dc84df26dae982826ace57e107d1c515e47c209d94ab97795334946cc61
SHA512 75bd427f75951885b8119ea2abd7824824e887ac1850ed1f89941baf9f3ca78057aac5170e602080b4cdbd2d1792e9981f35b50438219b710647b3a134ec2fef

C:\Windows\System\xCKzUbl.exe

MD5 6243b8d923844be5ebe932ae0ef8e34d
SHA1 eaaedcac3bb9fa188fe31b9cc4c18f749ac6dc45
SHA256 a52f64d1ede2add96bc111ab82efa6581405e749a2ddcf129080553ed2c6c41e
SHA512 93d3d93a76f3f68ac1d898cbc13a15aa50712f62dc096d092459214e9d7720d8816124336b25c99d46cd130b315a3374d05fee6dc2b61c31436a1f5b3dc27375

memory/2356-74-0x00007FF7CA2A0000-0x00007FF7CA5F1000-memory.dmp

memory/1108-84-0x00007FF79DE50000-0x00007FF79E1A1000-memory.dmp

C:\Windows\System\xTWTaSl.exe

MD5 e7e94b53a251503b24892d8199f7eb31
SHA1 bcde1f9054a091218a37d3ce026d95ca8b77e93d
SHA256 1d2ea77b56907d85d9cfd343b542f47ff0aeb291c4ed4c601473a5400240ac65
SHA512 24a254b6d5a0f71c3904bc14789ea2aeeb507fde96c14d76765b9ec61cd78c279ece5f94140b921e7d2bb315fead6da92eab993a4bd3c0bbc907404819bb39d5

C:\Windows\System\sqcdCcR.exe

MD5 d186d1cedaf4d9d19e77164ae7a018f3
SHA1 3f6f87e3737fa12a114d35ccbbf81c40eac4a625
SHA256 8edebd7c9eb0f0530b1fdf4bf51db8e3ef6921134414f5a36fafc5564cf79c55
SHA512 2509ef0d812fc18139aac731f5a3c3461a4bd5760a806b946b2187f413ec75e8717d640b500862aba4a4b41895db7be6a31094423d164f4980837a12afea52a1

memory/552-125-0x00007FF6CA340000-0x00007FF6CA691000-memory.dmp

C:\Windows\System\JQlJAjE.exe

MD5 bbd05aa3a1b94ff2b4ee4758c2c25362
SHA1 f31e9cec60fe222f84f8ba9d34c96ebb7d24a2de
SHA256 4e10d4e5ac6ef62f524a1c4f1590045b848a25fabd5440db69e38c6eae5ad97e
SHA512 0125aa7bc9ca51d66a8d296c17a9d4cdab016e382657dc5dee544df999e2dbe1b433572bdd95aa4f812d29a3e92db6df41de080eabb9189fc50dda764a80b084

C:\Windows\System\oUprwBf.exe

MD5 134d7ccbcd3dca1c0f728e6ddb4e9ae3
SHA1 f2b965e83f08e0efb3ca5f7be68a0a157b433b45
SHA256 4bf1492a6b82299c1439a38f1deb1fe851a7577c11306da7095bb4b9175c49da
SHA512 3d1585de18aa58bd3ef63b04bbdce88afbf29a6fda26e49d05e8d9937c91912f4ce685e72ca4a41fc771ad15f2f39248566b5251633953ccc3592a28b05569d8

C:\Windows\System\YKukHLY.exe

MD5 cdb5e50d826352b34b35bca59734b960
SHA1 2f6adb752f9c6b768db970c22e75748ba1b13608
SHA256 f7ae085a9777283ee0550cf69567754ee1b30bb2be863a067f515738cf713a71
SHA512 b7b5e3f1dc51426afe34a57eb01201feafec9342ea628caf2a795ead057f36f26f85f10d52451d034ba4b7bdc21f077b491998d8f38efcfa5521ce0fcb53955c

C:\Windows\System\aRVsvZC.exe

MD5 7d114657eafdf97a7298f15bf1cb243e
SHA1 a5dc8d9eab418aa59d3c342e29db11885c456891
SHA256 5708eba2298915fd184908f192bca7390d47f332b7bd87dca9c0f895300b5be9
SHA512 2921273dabcb97e456e8c9fe787159d7e3db466ba77a1842aabe4f82af94a3672fec7fae91dcb2067bb1fde4fbda6d3aa81ae6e0738c1fd90ea338d0d2eaf9e8

C:\Windows\System\fIXmHkJ.exe

MD5 d22c224fbdbc0a48f09be991be1e7d1e
SHA1 974d01abab32694e15988951504d607cddc3796c
SHA256 ded7ad9efd68dcae3196b16eaf8c1aa8655fd852160e60356498f08fdc68579b
SHA512 b1039e7af82a3420fdc5afb3311572dd074a95aed207cb74df49cd949c072dfdb2ce4cf31ecfce94221eb42cbc54f501650391a547934feb922e59f8d958ccc0

C:\Windows\System\kOwGZct.exe

MD5 6376f732b817e7de362ebe10b0259075
SHA1 3e165ae3d64e1892c14a27ecd8c01d917e9500b7
SHA256 bf52b529fff31b7937b95f8d80b4927937dcdfe5ea1cd2e905807c13452ff5c4
SHA512 db693c476bbb6daed4b101e3c11ba437982760e2591cf1d45d72df0b5183ab79c93dc0bd7c8f236d6f4b5c65a6589982770d6a06369fcdc5d7fd6dd99f99b434

C:\Windows\System\czrRaFm.exe

MD5 3fb7d6e5310bd5809b7ed49f52fabf84
SHA1 d1559623a45c35dacb43f5c221b42278b77c7f24
SHA256 571e16faa2eeed9085ecbde36df26bc0110d7597b5a0cb6dc824f3295292bbda
SHA512 a4f0d272f724018db929cd526437dc84ad33bc5fe52162eba85089a149568e5b8bf8b8a0dfe9eae25930eb7ef4f63aeb9720837f60f2da301629a9b03e70e30c

memory/4072-192-0x00007FF60A810000-0x00007FF60AB61000-memory.dmp

memory/3284-186-0x00007FF6E6500000-0x00007FF6E6851000-memory.dmp

C:\Windows\System\LRMzHQP.exe

MD5 4732ffa4b4ed928a8cc75719de9033fe
SHA1 642d40cb91387fac102d53832358d0549eafaab5
SHA256 7ec18e4fedd5b97cda6eab461f6b968cad62f5c460b66c44aef95fdc9fa25ed7
SHA512 484ce25c5d9397dc275fe7799ec06fd50da06e84502179fbf2d1f652b8cb54c0c38d35a482353ccc09367815ff53964a440d6b90fad114d345a00ab28e4451fe

memory/3808-180-0x00007FF757250000-0x00007FF7575A1000-memory.dmp

memory/1016-179-0x00007FF76ED30000-0x00007FF76F081000-memory.dmp

memory/1748-173-0x00007FF7AC870000-0x00007FF7ACBC1000-memory.dmp

memory/3304-172-0x00007FF76EC70000-0x00007FF76EFC1000-memory.dmp

C:\Windows\System\DFdZLDF.exe

MD5 2ff5da47f10eca25bc355b7d2c3b19a4
SHA1 fdf9150544b437e1375d4b6ca4a132cbd87be550
SHA256 d7ea46672b08196fe39bd82892ef809916fad2f1787169322a682c953d600144
SHA512 a064047ca810d1a5f3e59aec2df4bb527d10ab21d9fe247520fdf0108f20c1a810d916ffd4aef1f60d7a3cabc5fbc9bc1b03c1c1d13f54afc17e9e220aa0963a

memory/940-166-0x00007FF624840000-0x00007FF624B91000-memory.dmp

memory/4460-165-0x00007FF668BF0000-0x00007FF668F41000-memory.dmp

C:\Windows\System\QkyDSRQ.exe

MD5 a087c93bf2ad69587ef26e74b2d6d53f
SHA1 7062e792e0c7bffd9a30b9544454ab64ce292983
SHA256 e63ee6fa23ff13b2c48831cb21246c30167957fa3fb956cfdecd61ffd1adc9a9
SHA512 9dcb65139e3badb17e2ad7be82220371f9c2fbf5ad0b8fc910624f9821b6cc9d89ba4889cf79545981f377970ca51c203cb19224f143868fc1194dce0901e467

memory/5036-159-0x00007FF7ECA00000-0x00007FF7ECD51000-memory.dmp

memory/4212-158-0x00007FF749DF0000-0x00007FF74A141000-memory.dmp

C:\Windows\System\aNLYaQm.exe

MD5 499feb4ee82c30e9fe9fe1a380f7adce
SHA1 c18bd4d1e96ba3e82dc93b9ad22de045635fbb98
SHA256 ea85ddf130690c4818eb54d71f32fcdf1100ca43058bb9b2db6a1b63005258d5
SHA512 1586d73b89c2513e5e4dc17ef72b83d73a20aa5dce8a869ee0af41859bfbfaf92222f027b92db58e16ae7d164e11e9ec6d605d4b04634fe680080e948d8945c5

memory/1876-152-0x00007FF614F80000-0x00007FF6152D1000-memory.dmp

memory/2672-151-0x00007FF6D4EA0000-0x00007FF6D51F1000-memory.dmp

memory/4296-145-0x00007FF6718D0000-0x00007FF671C21000-memory.dmp

memory/4944-144-0x00007FF70F820000-0x00007FF70FB71000-memory.dmp

C:\Windows\System\ZdqgejJ.exe

MD5 c3fcfe514047babf5a610401cbce9365
SHA1 4f99467943ccc46046a9cf13f44ecbda054e3600
SHA256 489ed4c8277dc241eed8772ce589dec3c91b0a33527e4ddb6ae2c121288c9273
SHA512 f91553455c1dbe1fb02bfc643cac176229654fa269d0c43e0b2f95979b49acbecb151af80fe84518c4a9e1e912cfc848d8770227ac0b262014ec9549475fbe93

memory/4220-138-0x00007FF74D8F0000-0x00007FF74DC41000-memory.dmp

memory/4352-137-0x00007FF65C710000-0x00007FF65CA61000-memory.dmp

C:\Windows\System\aAHTIej.exe

MD5 e530a7e13c1e550cf6d7d2341f9a45bf
SHA1 f8973f7549b12a23ece2f16945f4daf350517147
SHA256 0d038c4d218927ad01f8ed482fcdb3277aa1e917f142189974780b0e2a2b82fc
SHA512 9c9cdc43bcc72919e1e14f4769360cffd481b7535eb8945dda0d1ea97241eb59ec49ce9f4a597ba6e997013bef85cf09d4b3664d94e8e48d3090c68a3985a18c

memory/2564-131-0x00007FF647DB0000-0x00007FF648101000-memory.dmp

C:\Windows\System\UbwzGva.exe

MD5 ae522f0fc7b01e0e3fa737eeff747a90
SHA1 dd9c4e16ae0e7270eed4ba37be5ac414c6d279f9
SHA256 9c5876c52cab08a3291303432f02a4096f9f38b277943337fa4b82c645901981
SHA512 95484fe089c5dca32558a2a5a8c75f21c04c49b531fc8122cbcd7444c88c322446c5f1406cebd2b31956b21c593cbf1d5847940a1a7cbff86d99f28c5c7a0590

C:\Windows\System\ircGxjv.exe

MD5 43810f3f69132705646ec226a31433b4
SHA1 6ea1b446ed73aab298d28be21c612aee59004ba5
SHA256 e1a85886440d75ed1a3beef9935d0dc8453b6ec0c3ff5a37d93dbc69485ebc4f
SHA512 3c0ea64607be18e859a1dd4eaeb14dd562ccb4d1c163fbebe47e80230d052fcbde8709dbed352000abf38427209a5ebf3335b1e947c0de071b3b13ba20d6f299

memory/1080-119-0x00007FF712040000-0x00007FF712391000-memory.dmp

C:\Windows\System\qWssnkf.exe

MD5 1a53c5f070be8cdf49b1eab99bbc833b
SHA1 939907c4983449d5fb37ca59c6924f48e6fad07c
SHA256 1575921629475dfa25d51ac0444666c6bf5229ffd162155bc27a55551d910617
SHA512 5b004124da799d53c5fd3b9ed3c2cd90082518e53382980dffc2c0d77716a016a110489d44cbdbf86a6a6def948ebd079297ac031903b23944b2e73acefb7583

memory/2388-113-0x00007FF7F3110000-0x00007FF7F3461000-memory.dmp

C:\Windows\System\ZSsuTTd.exe

MD5 2140e4521c84f7af27d550a1f861f272
SHA1 93b14ad831f1b13d345877f27394878842c9c4a0
SHA256 29e22a04a22e51f274db353befd30d2d65fd1a9efc4e4ea3aa0abdeb189fe35c
SHA512 96ec1ca4250098a2c38f41b2d0b27588f90d11974dcb48de50aa00dbf56296da48603003e0db86a928aaeec53dca34bddeb0dd1a93ec569b3cb1cd8a7c145da7

memory/1496-107-0x00007FF7F2B90000-0x00007FF7F2EE1000-memory.dmp

C:\Windows\System\ltWuDOf.exe

MD5 7269ee00be8574f18542bb4eb425ccb0
SHA1 0447dedea86f928a3dc5f643c9f6bf91928ba1a6
SHA256 8acfaaa2d220d817c7a1cac47c4e0e2a5b63b2bec12d061ef6315f44d9bb9f36
SHA512 dfb25a93d4a9a86d829859e4d9598d47d3e77d4028e8a73c73a8be46cc33b88f6fa11b45feb7f80a2ba9e1a74b615f8e654ab6da69f063983120da9885d86c47

memory/2236-101-0x00007FF730B20000-0x00007FF730E71000-memory.dmp

memory/4592-95-0x00007FF60AAF0000-0x00007FF60AE41000-memory.dmp

memory/4072-94-0x00007FF60A810000-0x00007FF60AB61000-memory.dmp

memory/1896-88-0x00007FF7E84D0000-0x00007FF7E8821000-memory.dmp

C:\Windows\System\ECTCleQ.exe

MD5 49ae0c2543ffacf4c428caca09206538
SHA1 57d30a9b9647f7b13074c763b3c90dc3d253d811
SHA256 349c5993f71c14132c729ae54e07de9336211c1d35c7f4dc5513356a07e117d4
SHA512 c112c14d7853e505a04e011fae50eef0dc5654b13222fc70685b48bb9db2a28653bd68752f27a1e8bdd2dd0f5d66353cb87458d086954513084d6d27b7f4126c

C:\Windows\System\uZcpbtK.exe

MD5 5587b84178b4f71c473c1bd7b5f30b7e
SHA1 7f5911ac29fb8aada06a82af18fca267db529fc6
SHA256 1df9b183ee37f24e7787aed98e8ff729116a4a8e7c79988c277a1113b5ce9583
SHA512 9f8eaff580c98e238de70c008030bf1b59f5c44c2da6f3ffc21e1eac8b4c5244a03b35d1015a1a4e0ad96f66d86e9de961d4d3078ebc20341eba7fc8b1a1faf7

memory/1016-75-0x00007FF76ED30000-0x00007FF76F081000-memory.dmp

memory/3036-71-0x00007FF640460000-0x00007FF6407B1000-memory.dmp

memory/3804-70-0x00007FF6EFB40000-0x00007FF6EFE91000-memory.dmp

memory/4952-66-0x00007FF6B5F90000-0x00007FF6B62E1000-memory.dmp

C:\Windows\System\dImXUkm.exe

MD5 0aa46819f14be0f88fabf3302d928b06
SHA1 6f7fb031243312868d2bc807331a2f7b23cd5af7
SHA256 5a7d97c59bf46f327b8465a259573350ca40a77d76982a35b7b90f374f14aae5
SHA512 dfba52c893055f7fed1ef7befedc5291853016e8787773d675b4def1d7bd0f1525d6f9c0d01aca432574b5187c79629f165883ca3fac9a41ce3af505ab3216d9

C:\Windows\System\NkDVhWm.exe

MD5 ff9781ffcbe6a73d9b2b6a4a9a65311f
SHA1 f7bbfbcca15e95ad48f611cf1e79e133a5b1d257
SHA256 0ead2f126f20f12f38d82d638026fa2cb933f66a377b88eb037ace11604dc3d8
SHA512 c68d362748d78d516182d3b6d610838ff5703757b12cf0a76b4f2b6092d76b0826db64907d82d1c1d4a0d9dc44a7d4f62f943ce037d5c21313031e9e809f3574

C:\Windows\System\XyYMxAf.exe

MD5 60f4aceab37cdff8128be09c9d87e543
SHA1 4e767f1a983393782a251438ccf20d3a3e791678
SHA256 984744472b91e759de0a03c307b55a097f6330a8478a3aad8abd04318ac28b09
SHA512 13e51fec9835dd7edb655054d3e0bcaf7699b1a985d823214d151e30fc5cfde7f55c3829b8c282efd061b064f434e0780492f3304575fec0c7f164071f247d5b

C:\Windows\System\vjYyBcI.exe

MD5 ed80e135e51510de4b86855be41f01c1
SHA1 73d7957ac6eeb5a8d4eea3f64d5cb3a120ddc1ed
SHA256 c49123c85ef5e19985f0f0efd508d66f26e704a8b680e453e58443d6146f53cf
SHA512 f54acab04f03d9c7683ecc973409179bfcba482760fba796f8a9ea5ad132832e345ab2e561e9dff65846f83cb95cc35562fdc9b675029446920a82e71a7c12fd

memory/4892-37-0x00007FF797920000-0x00007FF797C71000-memory.dmp

C:\Windows\System\ehMSFjm.exe

MD5 04eed01571e69a7120adabedb91d0d5f
SHA1 b3130d191318873c4a6f07e4d4be801c583a75ae
SHA256 1e55b72986f9c43095398b1740b6527a20be6724377ef115986ac2dd908829eb
SHA512 bee80d5a80bd3940c15d1ffadd2e9ab329edea5bddaa6194c43dc97d906c6f5c90883c197b8a2c79015539665e341acea45bef771368eb3c208e7239644af375

memory/940-29-0x00007FF624840000-0x00007FF624B91000-memory.dmp

memory/4460-28-0x00007FF668BF0000-0x00007FF668F41000-memory.dmp

memory/5036-27-0x00007FF7ECA00000-0x00007FF7ECD51000-memory.dmp

memory/4944-13-0x00007FF70F820000-0x00007FF70FB71000-memory.dmp

memory/2236-1110-0x00007FF730B20000-0x00007FF730E71000-memory.dmp

memory/4592-1111-0x00007FF60AAF0000-0x00007FF60AE41000-memory.dmp

memory/1496-1112-0x00007FF7F2B90000-0x00007FF7F2EE1000-memory.dmp

memory/2388-1113-0x00007FF7F3110000-0x00007FF7F3461000-memory.dmp

memory/1080-1114-0x00007FF712040000-0x00007FF712391000-memory.dmp

memory/552-1134-0x00007FF6CA340000-0x00007FF6CA691000-memory.dmp

memory/2564-1148-0x00007FF647DB0000-0x00007FF648101000-memory.dmp

memory/4220-1149-0x00007FF74D8F0000-0x00007FF74DC41000-memory.dmp

memory/4296-1150-0x00007FF6718D0000-0x00007FF671C21000-memory.dmp

memory/2672-1151-0x00007FF6D4EA0000-0x00007FF6D51F1000-memory.dmp

memory/4212-1152-0x00007FF749DF0000-0x00007FF74A141000-memory.dmp

memory/3304-1169-0x00007FF76EC70000-0x00007FF76EFC1000-memory.dmp

memory/1748-1186-0x00007FF7AC870000-0x00007FF7ACBC1000-memory.dmp

memory/3808-1187-0x00007FF757250000-0x00007FF7575A1000-memory.dmp

memory/3284-1188-0x00007FF6E6500000-0x00007FF6E6851000-memory.dmp

memory/4944-1197-0x00007FF70F820000-0x00007FF70FB71000-memory.dmp

memory/1876-1199-0x00007FF614F80000-0x00007FF6152D1000-memory.dmp

memory/4892-1201-0x00007FF797920000-0x00007FF797C71000-memory.dmp

memory/4460-1203-0x00007FF668BF0000-0x00007FF668F41000-memory.dmp

memory/1016-1208-0x00007FF76ED30000-0x00007FF76F081000-memory.dmp

memory/5036-1221-0x00007FF7ECA00000-0x00007FF7ECD51000-memory.dmp

memory/4952-1220-0x00007FF6B5F90000-0x00007FF6B62E1000-memory.dmp

memory/3804-1218-0x00007FF6EFB40000-0x00007FF6EFE91000-memory.dmp

memory/940-1216-0x00007FF624840000-0x00007FF624B91000-memory.dmp

memory/3036-1214-0x00007FF640460000-0x00007FF6407B1000-memory.dmp

memory/2356-1212-0x00007FF7CA2A0000-0x00007FF7CA5F1000-memory.dmp

memory/1108-1206-0x00007FF79DE50000-0x00007FF79E1A1000-memory.dmp

memory/1896-1209-0x00007FF7E84D0000-0x00007FF7E8821000-memory.dmp

memory/1080-1240-0x00007FF712040000-0x00007FF712391000-memory.dmp

memory/1748-1249-0x00007FF7AC870000-0x00007FF7ACBC1000-memory.dmp

memory/3808-1251-0x00007FF757250000-0x00007FF7575A1000-memory.dmp

memory/3284-1253-0x00007FF6E6500000-0x00007FF6E6851000-memory.dmp

memory/552-1247-0x00007FF6CA340000-0x00007FF6CA691000-memory.dmp

memory/2564-1246-0x00007FF647DB0000-0x00007FF648101000-memory.dmp

memory/2388-1242-0x00007FF7F3110000-0x00007FF7F3461000-memory.dmp

memory/4220-1237-0x00007FF74D8F0000-0x00007FF74DC41000-memory.dmp

memory/4296-1236-0x00007FF6718D0000-0x00007FF671C21000-memory.dmp

memory/4212-1232-0x00007FF749DF0000-0x00007FF74A141000-memory.dmp

memory/3304-1230-0x00007FF76EC70000-0x00007FF76EFC1000-memory.dmp

memory/4072-1225-0x00007FF60A810000-0x00007FF60AB61000-memory.dmp

memory/1496-1224-0x00007FF7F2B90000-0x00007FF7F2EE1000-memory.dmp

memory/2236-1243-0x00007FF730B20000-0x00007FF730E71000-memory.dmp

memory/2672-1234-0x00007FF6D4EA0000-0x00007FF6D51F1000-memory.dmp

memory/4592-1228-0x00007FF60AAF0000-0x00007FF60AE41000-memory.dmp