Malware Analysis Report

2024-10-10 09:14

Sample ID 240623-abr7gs1dld
Target 1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
SHA256 1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69

Threat Level: Known bad

The file 1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

XMRig Miner payload

Xmrig family

xmrig

Kpot family

KPOT

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-23 00:02

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 00:02

Reported

2024-06-23 00:05

Platform

win7-20240508-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\elOcxYF.exe N/A
N/A N/A C:\Windows\System\XBlAqPq.exe N/A
N/A N/A C:\Windows\System\iXYBGlQ.exe N/A
N/A N/A C:\Windows\System\cQVCsYa.exe N/A
N/A N/A C:\Windows\System\CkFNpKV.exe N/A
N/A N/A C:\Windows\System\RzeojNp.exe N/A
N/A N/A C:\Windows\System\QjZUKAf.exe N/A
N/A N/A C:\Windows\System\aXgRZqA.exe N/A
N/A N/A C:\Windows\System\imNzZtx.exe N/A
N/A N/A C:\Windows\System\sDYWDcy.exe N/A
N/A N/A C:\Windows\System\dBhxCAv.exe N/A
N/A N/A C:\Windows\System\BsmLDxX.exe N/A
N/A N/A C:\Windows\System\dvmhjml.exe N/A
N/A N/A C:\Windows\System\MyOoSSJ.exe N/A
N/A N/A C:\Windows\System\EDkjzPB.exe N/A
N/A N/A C:\Windows\System\ETWEooA.exe N/A
N/A N/A C:\Windows\System\MUzXCPe.exe N/A
N/A N/A C:\Windows\System\encoZXa.exe N/A
N/A N/A C:\Windows\System\ntaYHDt.exe N/A
N/A N/A C:\Windows\System\OOdcvKv.exe N/A
N/A N/A C:\Windows\System\oQcCdRs.exe N/A
N/A N/A C:\Windows\System\lGsdjKf.exe N/A
N/A N/A C:\Windows\System\FfMtrFI.exe N/A
N/A N/A C:\Windows\System\VBGZKir.exe N/A
N/A N/A C:\Windows\System\HhleFPe.exe N/A
N/A N/A C:\Windows\System\Wcmllzp.exe N/A
N/A N/A C:\Windows\System\ZhCvRYl.exe N/A
N/A N/A C:\Windows\System\yQslZoe.exe N/A
N/A N/A C:\Windows\System\eKJTdZP.exe N/A
N/A N/A C:\Windows\System\EfbmJhl.exe N/A
N/A N/A C:\Windows\System\BAVMgYJ.exe N/A
N/A N/A C:\Windows\System\IwwlNtP.exe N/A
N/A N/A C:\Windows\System\ptPGyRx.exe N/A
N/A N/A C:\Windows\System\cQcJZxy.exe N/A
N/A N/A C:\Windows\System\UEsmPGL.exe N/A
N/A N/A C:\Windows\System\NVTCaUj.exe N/A
N/A N/A C:\Windows\System\PpgrIrV.exe N/A
N/A N/A C:\Windows\System\WgGIEAd.exe N/A
N/A N/A C:\Windows\System\JhyaEMo.exe N/A
N/A N/A C:\Windows\System\IlHimuN.exe N/A
N/A N/A C:\Windows\System\crwqfel.exe N/A
N/A N/A C:\Windows\System\ySgYcqc.exe N/A
N/A N/A C:\Windows\System\aelZrVU.exe N/A
N/A N/A C:\Windows\System\RgSZVBu.exe N/A
N/A N/A C:\Windows\System\ILnEgbz.exe N/A
N/A N/A C:\Windows\System\XTqJyEZ.exe N/A
N/A N/A C:\Windows\System\OMyDJwa.exe N/A
N/A N/A C:\Windows\System\JfWKcAG.exe N/A
N/A N/A C:\Windows\System\qJHNCPS.exe N/A
N/A N/A C:\Windows\System\atHALhA.exe N/A
N/A N/A C:\Windows\System\aBzXCfY.exe N/A
N/A N/A C:\Windows\System\nRExGAn.exe N/A
N/A N/A C:\Windows\System\MnOqPFg.exe N/A
N/A N/A C:\Windows\System\tysvhOa.exe N/A
N/A N/A C:\Windows\System\fkJElBe.exe N/A
N/A N/A C:\Windows\System\WGttKzu.exe N/A
N/A N/A C:\Windows\System\gviZwXF.exe N/A
N/A N/A C:\Windows\System\uCVPnWr.exe N/A
N/A N/A C:\Windows\System\jSljfzu.exe N/A
N/A N/A C:\Windows\System\dOuHRDX.exe N/A
N/A N/A C:\Windows\System\stmaIov.exe N/A
N/A N/A C:\Windows\System\nnGOBwq.exe N/A
N/A N/A C:\Windows\System\stuTpfC.exe N/A
N/A N/A C:\Windows\System\whYQjvG.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xmLcgpL.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\sAfPoog.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqXGoON.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFUvawe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELgmqjF.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmOqlNA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\Wcmllzp.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoKxYBD.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\YqdVQCe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDsPcPg.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzBQMDG.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExreYSN.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhleFPe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeYaCnF.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\HkdPQvH.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\FOHmXPu.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\CraZDrg.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIvimJo.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqJkYlE.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgGIEAd.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMyDJwa.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRoPQeY.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\OureuBM.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfxjQRg.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\aXgRZqA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxcFawn.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkWAOJs.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\jHYdwQT.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXARTIP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzeojNp.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhCvRYl.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvmhjml.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TPdJnvy.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVubvsl.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwOFlrp.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahCYMjc.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\PNEyJPX.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\xdejYCC.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECmGpbl.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjZUKAf.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\KjdQJcU.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\NVTCaUj.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBzXCfY.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnmNIpD.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUKpkTA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsmLDxX.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMjdkth.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\stmaIov.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAJiKtW.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\lIuGzPD.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMGkxWp.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\awhGAlb.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhTWlvK.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBhxCAv.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\vwqtKPw.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlNzGmk.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpBqEbc.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPqOwYW.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKyCyHe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHQFXxE.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TByPnhD.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIZNiIK.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeKcFUj.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOuHRDX.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2216 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\elOcxYF.exe
PID 2216 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\elOcxYF.exe
PID 2216 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\elOcxYF.exe
PID 2216 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\XBlAqPq.exe
PID 2216 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\XBlAqPq.exe
PID 2216 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\XBlAqPq.exe
PID 2216 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cQVCsYa.exe
PID 2216 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cQVCsYa.exe
PID 2216 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cQVCsYa.exe
PID 2216 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iXYBGlQ.exe
PID 2216 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iXYBGlQ.exe
PID 2216 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iXYBGlQ.exe
PID 2216 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\RzeojNp.exe
PID 2216 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\RzeojNp.exe
PID 2216 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\RzeojNp.exe
PID 2216 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\CkFNpKV.exe
PID 2216 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\CkFNpKV.exe
PID 2216 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\CkFNpKV.exe
PID 2216 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\QjZUKAf.exe
PID 2216 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\QjZUKAf.exe
PID 2216 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\QjZUKAf.exe
PID 2216 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\aXgRZqA.exe
PID 2216 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\aXgRZqA.exe
PID 2216 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\aXgRZqA.exe
PID 2216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\imNzZtx.exe
PID 2216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\imNzZtx.exe
PID 2216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\imNzZtx.exe
PID 2216 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\sDYWDcy.exe
PID 2216 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\sDYWDcy.exe
PID 2216 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\sDYWDcy.exe
PID 2216 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dBhxCAv.exe
PID 2216 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dBhxCAv.exe
PID 2216 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dBhxCAv.exe
PID 2216 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\BsmLDxX.exe
PID 2216 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\BsmLDxX.exe
PID 2216 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\BsmLDxX.exe
PID 2216 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dvmhjml.exe
PID 2216 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dvmhjml.exe
PID 2216 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dvmhjml.exe
PID 2216 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MyOoSSJ.exe
PID 2216 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MyOoSSJ.exe
PID 2216 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MyOoSSJ.exe
PID 2216 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\EDkjzPB.exe
PID 2216 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\EDkjzPB.exe
PID 2216 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\EDkjzPB.exe
PID 2216 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ETWEooA.exe
PID 2216 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ETWEooA.exe
PID 2216 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ETWEooA.exe
PID 2216 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MUzXCPe.exe
PID 2216 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MUzXCPe.exe
PID 2216 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\MUzXCPe.exe
PID 2216 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\encoZXa.exe
PID 2216 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\encoZXa.exe
PID 2216 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\encoZXa.exe
PID 2216 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ntaYHDt.exe
PID 2216 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ntaYHDt.exe
PID 2216 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ntaYHDt.exe
PID 2216 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\OOdcvKv.exe
PID 2216 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\OOdcvKv.exe
PID 2216 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\OOdcvKv.exe
PID 2216 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\oQcCdRs.exe
PID 2216 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\oQcCdRs.exe
PID 2216 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\oQcCdRs.exe
PID 2216 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\lGsdjKf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe"

C:\Windows\System\elOcxYF.exe

C:\Windows\System\elOcxYF.exe

C:\Windows\System\XBlAqPq.exe

C:\Windows\System\XBlAqPq.exe

C:\Windows\System\cQVCsYa.exe

C:\Windows\System\cQVCsYa.exe

C:\Windows\System\iXYBGlQ.exe

C:\Windows\System\iXYBGlQ.exe

C:\Windows\System\RzeojNp.exe

C:\Windows\System\RzeojNp.exe

C:\Windows\System\CkFNpKV.exe

C:\Windows\System\CkFNpKV.exe

C:\Windows\System\QjZUKAf.exe

C:\Windows\System\QjZUKAf.exe

C:\Windows\System\aXgRZqA.exe

C:\Windows\System\aXgRZqA.exe

C:\Windows\System\imNzZtx.exe

C:\Windows\System\imNzZtx.exe

C:\Windows\System\sDYWDcy.exe

C:\Windows\System\sDYWDcy.exe

C:\Windows\System\dBhxCAv.exe

C:\Windows\System\dBhxCAv.exe

C:\Windows\System\BsmLDxX.exe

C:\Windows\System\BsmLDxX.exe

C:\Windows\System\dvmhjml.exe

C:\Windows\System\dvmhjml.exe

C:\Windows\System\MyOoSSJ.exe

C:\Windows\System\MyOoSSJ.exe

C:\Windows\System\EDkjzPB.exe

C:\Windows\System\EDkjzPB.exe

C:\Windows\System\ETWEooA.exe

C:\Windows\System\ETWEooA.exe

C:\Windows\System\MUzXCPe.exe

C:\Windows\System\MUzXCPe.exe

C:\Windows\System\encoZXa.exe

C:\Windows\System\encoZXa.exe

C:\Windows\System\ntaYHDt.exe

C:\Windows\System\ntaYHDt.exe

C:\Windows\System\OOdcvKv.exe

C:\Windows\System\OOdcvKv.exe

C:\Windows\System\oQcCdRs.exe

C:\Windows\System\oQcCdRs.exe

C:\Windows\System\lGsdjKf.exe

C:\Windows\System\lGsdjKf.exe

C:\Windows\System\FfMtrFI.exe

C:\Windows\System\FfMtrFI.exe

C:\Windows\System\VBGZKir.exe

C:\Windows\System\VBGZKir.exe

C:\Windows\System\HhleFPe.exe

C:\Windows\System\HhleFPe.exe

C:\Windows\System\Wcmllzp.exe

C:\Windows\System\Wcmllzp.exe

C:\Windows\System\ZhCvRYl.exe

C:\Windows\System\ZhCvRYl.exe

C:\Windows\System\yQslZoe.exe

C:\Windows\System\yQslZoe.exe

C:\Windows\System\eKJTdZP.exe

C:\Windows\System\eKJTdZP.exe

C:\Windows\System\EfbmJhl.exe

C:\Windows\System\EfbmJhl.exe

C:\Windows\System\BAVMgYJ.exe

C:\Windows\System\BAVMgYJ.exe

C:\Windows\System\IwwlNtP.exe

C:\Windows\System\IwwlNtP.exe

C:\Windows\System\ptPGyRx.exe

C:\Windows\System\ptPGyRx.exe

C:\Windows\System\cQcJZxy.exe

C:\Windows\System\cQcJZxy.exe

C:\Windows\System\UEsmPGL.exe

C:\Windows\System\UEsmPGL.exe

C:\Windows\System\NVTCaUj.exe

C:\Windows\System\NVTCaUj.exe

C:\Windows\System\PpgrIrV.exe

C:\Windows\System\PpgrIrV.exe

C:\Windows\System\WgGIEAd.exe

C:\Windows\System\WgGIEAd.exe

C:\Windows\System\JhyaEMo.exe

C:\Windows\System\JhyaEMo.exe

C:\Windows\System\IlHimuN.exe

C:\Windows\System\IlHimuN.exe

C:\Windows\System\crwqfel.exe

C:\Windows\System\crwqfel.exe

C:\Windows\System\ySgYcqc.exe

C:\Windows\System\ySgYcqc.exe

C:\Windows\System\aelZrVU.exe

C:\Windows\System\aelZrVU.exe

C:\Windows\System\RgSZVBu.exe

C:\Windows\System\RgSZVBu.exe

C:\Windows\System\ILnEgbz.exe

C:\Windows\System\ILnEgbz.exe

C:\Windows\System\XTqJyEZ.exe

C:\Windows\System\XTqJyEZ.exe

C:\Windows\System\OMyDJwa.exe

C:\Windows\System\OMyDJwa.exe

C:\Windows\System\JfWKcAG.exe

C:\Windows\System\JfWKcAG.exe

C:\Windows\System\qJHNCPS.exe

C:\Windows\System\qJHNCPS.exe

C:\Windows\System\atHALhA.exe

C:\Windows\System\atHALhA.exe

C:\Windows\System\aBzXCfY.exe

C:\Windows\System\aBzXCfY.exe

C:\Windows\System\nRExGAn.exe

C:\Windows\System\nRExGAn.exe

C:\Windows\System\MnOqPFg.exe

C:\Windows\System\MnOqPFg.exe

C:\Windows\System\tysvhOa.exe

C:\Windows\System\tysvhOa.exe

C:\Windows\System\fkJElBe.exe

C:\Windows\System\fkJElBe.exe

C:\Windows\System\WGttKzu.exe

C:\Windows\System\WGttKzu.exe

C:\Windows\System\gviZwXF.exe

C:\Windows\System\gviZwXF.exe

C:\Windows\System\uCVPnWr.exe

C:\Windows\System\uCVPnWr.exe

C:\Windows\System\jSljfzu.exe

C:\Windows\System\jSljfzu.exe

C:\Windows\System\dOuHRDX.exe

C:\Windows\System\dOuHRDX.exe

C:\Windows\System\stmaIov.exe

C:\Windows\System\stmaIov.exe

C:\Windows\System\nnGOBwq.exe

C:\Windows\System\nnGOBwq.exe

C:\Windows\System\stuTpfC.exe

C:\Windows\System\stuTpfC.exe

C:\Windows\System\whYQjvG.exe

C:\Windows\System\whYQjvG.exe

C:\Windows\System\gLaUiUW.exe

C:\Windows\System\gLaUiUW.exe

C:\Windows\System\FxcFawn.exe

C:\Windows\System\FxcFawn.exe

C:\Windows\System\qmSxFDD.exe

C:\Windows\System\qmSxFDD.exe

C:\Windows\System\SZtXIIM.exe

C:\Windows\System\SZtXIIM.exe

C:\Windows\System\PJPApvM.exe

C:\Windows\System\PJPApvM.exe

C:\Windows\System\bxrrWnh.exe

C:\Windows\System\bxrrWnh.exe

C:\Windows\System\OoKxYBD.exe

C:\Windows\System\OoKxYBD.exe

C:\Windows\System\MLKAELM.exe

C:\Windows\System\MLKAELM.exe

C:\Windows\System\UPANtqg.exe

C:\Windows\System\UPANtqg.exe

C:\Windows\System\lIuGzPD.exe

C:\Windows\System\lIuGzPD.exe

C:\Windows\System\VNtsJXo.exe

C:\Windows\System\VNtsJXo.exe

C:\Windows\System\dCNVNdt.exe

C:\Windows\System\dCNVNdt.exe

C:\Windows\System\xKBMDry.exe

C:\Windows\System\xKBMDry.exe

C:\Windows\System\ETFPziX.exe

C:\Windows\System\ETFPziX.exe

C:\Windows\System\EIiAzZm.exe

C:\Windows\System\EIiAzZm.exe

C:\Windows\System\TPdJnvy.exe

C:\Windows\System\TPdJnvy.exe

C:\Windows\System\vOUfPOd.exe

C:\Windows\System\vOUfPOd.exe

C:\Windows\System\UTtZUEI.exe

C:\Windows\System\UTtZUEI.exe

C:\Windows\System\uxoppEV.exe

C:\Windows\System\uxoppEV.exe

C:\Windows\System\mYNQraD.exe

C:\Windows\System\mYNQraD.exe

C:\Windows\System\VBrmImO.exe

C:\Windows\System\VBrmImO.exe

C:\Windows\System\bBKfNvx.exe

C:\Windows\System\bBKfNvx.exe

C:\Windows\System\WvTvuNn.exe

C:\Windows\System\WvTvuNn.exe

C:\Windows\System\bwvkYet.exe

C:\Windows\System\bwvkYet.exe

C:\Windows\System\cRxajUJ.exe

C:\Windows\System\cRxajUJ.exe

C:\Windows\System\plIzxfo.exe

C:\Windows\System\plIzxfo.exe

C:\Windows\System\rqJkYlE.exe

C:\Windows\System\rqJkYlE.exe

C:\Windows\System\xmLcgpL.exe

C:\Windows\System\xmLcgpL.exe

C:\Windows\System\SgyGLSx.exe

C:\Windows\System\SgyGLSx.exe

C:\Windows\System\vYnjnBP.exe

C:\Windows\System\vYnjnBP.exe

C:\Windows\System\EQqWxdI.exe

C:\Windows\System\EQqWxdI.exe

C:\Windows\System\KeYaCnF.exe

C:\Windows\System\KeYaCnF.exe

C:\Windows\System\IzpwWNg.exe

C:\Windows\System\IzpwWNg.exe

C:\Windows\System\cgmtVnr.exe

C:\Windows\System\cgmtVnr.exe

C:\Windows\System\DblHkrY.exe

C:\Windows\System\DblHkrY.exe

C:\Windows\System\nKyCyHe.exe

C:\Windows\System\nKyCyHe.exe

C:\Windows\System\huWznBB.exe

C:\Windows\System\huWznBB.exe

C:\Windows\System\ofXUAxA.exe

C:\Windows\System\ofXUAxA.exe

C:\Windows\System\LPQmmCx.exe

C:\Windows\System\LPQmmCx.exe

C:\Windows\System\xBgURlR.exe

C:\Windows\System\xBgURlR.exe

C:\Windows\System\xdjJIgK.exe

C:\Windows\System\xdjJIgK.exe

C:\Windows\System\ERDsBEz.exe

C:\Windows\System\ERDsBEz.exe

C:\Windows\System\rxqBscP.exe

C:\Windows\System\rxqBscP.exe

C:\Windows\System\tTxefjt.exe

C:\Windows\System\tTxefjt.exe

C:\Windows\System\ezsuDGo.exe

C:\Windows\System\ezsuDGo.exe

C:\Windows\System\KOlJDHE.exe

C:\Windows\System\KOlJDHE.exe

C:\Windows\System\hkuWfDu.exe

C:\Windows\System\hkuWfDu.exe

C:\Windows\System\JCmtlWy.exe

C:\Windows\System\JCmtlWy.exe

C:\Windows\System\LyWyuaQ.exe

C:\Windows\System\LyWyuaQ.exe

C:\Windows\System\zBLkCrO.exe

C:\Windows\System\zBLkCrO.exe

C:\Windows\System\MRoPQeY.exe

C:\Windows\System\MRoPQeY.exe

C:\Windows\System\obeLVgT.exe

C:\Windows\System\obeLVgT.exe

C:\Windows\System\FiGuwic.exe

C:\Windows\System\FiGuwic.exe

C:\Windows\System\AMVHBXM.exe

C:\Windows\System\AMVHBXM.exe

C:\Windows\System\LeseEki.exe

C:\Windows\System\LeseEki.exe

C:\Windows\System\jxZrfdz.exe

C:\Windows\System\jxZrfdz.exe

C:\Windows\System\MYqwXGR.exe

C:\Windows\System\MYqwXGR.exe

C:\Windows\System\FJXJXSU.exe

C:\Windows\System\FJXJXSU.exe

C:\Windows\System\GRFgoyg.exe

C:\Windows\System\GRFgoyg.exe

C:\Windows\System\vIZpgSO.exe

C:\Windows\System\vIZpgSO.exe

C:\Windows\System\eMGkxWp.exe

C:\Windows\System\eMGkxWp.exe

C:\Windows\System\OKOSHzk.exe

C:\Windows\System\OKOSHzk.exe

C:\Windows\System\wEGDEek.exe

C:\Windows\System\wEGDEek.exe

C:\Windows\System\PVBWqRD.exe

C:\Windows\System\PVBWqRD.exe

C:\Windows\System\sAfPoog.exe

C:\Windows\System\sAfPoog.exe

C:\Windows\System\XqRkGEQ.exe

C:\Windows\System\XqRkGEQ.exe

C:\Windows\System\cdBZNtJ.exe

C:\Windows\System\cdBZNtJ.exe

C:\Windows\System\dlLkUPJ.exe

C:\Windows\System\dlLkUPJ.exe

C:\Windows\System\ZsOlJoi.exe

C:\Windows\System\ZsOlJoi.exe

C:\Windows\System\qAuIJRw.exe

C:\Windows\System\qAuIJRw.exe

C:\Windows\System\HHQFXxE.exe

C:\Windows\System\HHQFXxE.exe

C:\Windows\System\vwqtKPw.exe

C:\Windows\System\vwqtKPw.exe

C:\Windows\System\dSGUbvS.exe

C:\Windows\System\dSGUbvS.exe

C:\Windows\System\IFOXdRc.exe

C:\Windows\System\IFOXdRc.exe

C:\Windows\System\XqTIkKF.exe

C:\Windows\System\XqTIkKF.exe

C:\Windows\System\QqXGoON.exe

C:\Windows\System\QqXGoON.exe

C:\Windows\System\iOZQBnP.exe

C:\Windows\System\iOZQBnP.exe

C:\Windows\System\HkdPQvH.exe

C:\Windows\System\HkdPQvH.exe

C:\Windows\System\YMjdkth.exe

C:\Windows\System\YMjdkth.exe

C:\Windows\System\jkWAOJs.exe

C:\Windows\System\jkWAOJs.exe

C:\Windows\System\NlVmVeu.exe

C:\Windows\System\NlVmVeu.exe

C:\Windows\System\vfkwCLW.exe

C:\Windows\System\vfkwCLW.exe

C:\Windows\System\jFUvawe.exe

C:\Windows\System\jFUvawe.exe

C:\Windows\System\sCsDNKF.exe

C:\Windows\System\sCsDNKF.exe

C:\Windows\System\OureuBM.exe

C:\Windows\System\OureuBM.exe

C:\Windows\System\QPhIEEq.exe

C:\Windows\System\QPhIEEq.exe

C:\Windows\System\iTiUvWA.exe

C:\Windows\System\iTiUvWA.exe

C:\Windows\System\iZFBxSu.exe

C:\Windows\System\iZFBxSu.exe

C:\Windows\System\YEJlGte.exe

C:\Windows\System\YEJlGte.exe

C:\Windows\System\xWLmHWD.exe

C:\Windows\System\xWLmHWD.exe

C:\Windows\System\ynbCfIU.exe

C:\Windows\System\ynbCfIU.exe

C:\Windows\System\bCzfwGn.exe

C:\Windows\System\bCzfwGn.exe

C:\Windows\System\vTdfcmj.exe

C:\Windows\System\vTdfcmj.exe

C:\Windows\System\Ycjblrz.exe

C:\Windows\System\Ycjblrz.exe

C:\Windows\System\ZawzGsS.exe

C:\Windows\System\ZawzGsS.exe

C:\Windows\System\OqOUDAz.exe

C:\Windows\System\OqOUDAz.exe

C:\Windows\System\iPoJmKa.exe

C:\Windows\System\iPoJmKa.exe

C:\Windows\System\OWmLsAw.exe

C:\Windows\System\OWmLsAw.exe

C:\Windows\System\FOHmXPu.exe

C:\Windows\System\FOHmXPu.exe

C:\Windows\System\bWCBwev.exe

C:\Windows\System\bWCBwev.exe

C:\Windows\System\kISdVJJ.exe

C:\Windows\System\kISdVJJ.exe

C:\Windows\System\ppkzhfN.exe

C:\Windows\System\ppkzhfN.exe

C:\Windows\System\LojKKOk.exe

C:\Windows\System\LojKKOk.exe

C:\Windows\System\OrEbaWS.exe

C:\Windows\System\OrEbaWS.exe

C:\Windows\System\WVubvsl.exe

C:\Windows\System\WVubvsl.exe

C:\Windows\System\skoDRmr.exe

C:\Windows\System\skoDRmr.exe

C:\Windows\System\awhGAlb.exe

C:\Windows\System\awhGAlb.exe

C:\Windows\System\ThQwKfG.exe

C:\Windows\System\ThQwKfG.exe

C:\Windows\System\ZrkuhTZ.exe

C:\Windows\System\ZrkuhTZ.exe

C:\Windows\System\JAlklOl.exe

C:\Windows\System\JAlklOl.exe

C:\Windows\System\CraZDrg.exe

C:\Windows\System\CraZDrg.exe

C:\Windows\System\RBgAVva.exe

C:\Windows\System\RBgAVva.exe

C:\Windows\System\qlNzGmk.exe

C:\Windows\System\qlNzGmk.exe

C:\Windows\System\URxqfoE.exe

C:\Windows\System\URxqfoE.exe

C:\Windows\System\YxzYgzZ.exe

C:\Windows\System\YxzYgzZ.exe

C:\Windows\System\EYbMWJs.exe

C:\Windows\System\EYbMWJs.exe

C:\Windows\System\ceYnMQF.exe

C:\Windows\System\ceYnMQF.exe

C:\Windows\System\nJKaLAP.exe

C:\Windows\System\nJKaLAP.exe

C:\Windows\System\WKUHabt.exe

C:\Windows\System\WKUHabt.exe

C:\Windows\System\AGrjARJ.exe

C:\Windows\System\AGrjARJ.exe

C:\Windows\System\TByPnhD.exe

C:\Windows\System\TByPnhD.exe

C:\Windows\System\yVYlXQx.exe

C:\Windows\System\yVYlXQx.exe

C:\Windows\System\GUAzsRp.exe

C:\Windows\System\GUAzsRp.exe

C:\Windows\System\JuhkBFX.exe

C:\Windows\System\JuhkBFX.exe

C:\Windows\System\ubksSPv.exe

C:\Windows\System\ubksSPv.exe

C:\Windows\System\rbTeSXZ.exe

C:\Windows\System\rbTeSXZ.exe

C:\Windows\System\jGSFYsx.exe

C:\Windows\System\jGSFYsx.exe

C:\Windows\System\jHYdwQT.exe

C:\Windows\System\jHYdwQT.exe

C:\Windows\System\YUxeDud.exe

C:\Windows\System\YUxeDud.exe

C:\Windows\System\frYwoGM.exe

C:\Windows\System\frYwoGM.exe

C:\Windows\System\khzPIiP.exe

C:\Windows\System\khzPIiP.exe

C:\Windows\System\PNsxcHh.exe

C:\Windows\System\PNsxcHh.exe

C:\Windows\System\VcPUJbY.exe

C:\Windows\System\VcPUJbY.exe

C:\Windows\System\NpBqEbc.exe

C:\Windows\System\NpBqEbc.exe

C:\Windows\System\TNPZjjA.exe

C:\Windows\System\TNPZjjA.exe

C:\Windows\System\HOdDLFd.exe

C:\Windows\System\HOdDLFd.exe

C:\Windows\System\VIZNiIK.exe

C:\Windows\System\VIZNiIK.exe

C:\Windows\System\APcDbiW.exe

C:\Windows\System\APcDbiW.exe

C:\Windows\System\mjfOOzj.exe

C:\Windows\System\mjfOOzj.exe

C:\Windows\System\CpeHDIc.exe

C:\Windows\System\CpeHDIc.exe

C:\Windows\System\gnknyVM.exe

C:\Windows\System\gnknyVM.exe

C:\Windows\System\ZSkaDVl.exe

C:\Windows\System\ZSkaDVl.exe

C:\Windows\System\GShCypu.exe

C:\Windows\System\GShCypu.exe

C:\Windows\System\YqdVQCe.exe

C:\Windows\System\YqdVQCe.exe

C:\Windows\System\WwOFlrp.exe

C:\Windows\System\WwOFlrp.exe

C:\Windows\System\nnmNIpD.exe

C:\Windows\System\nnmNIpD.exe

C:\Windows\System\FuujOHu.exe

C:\Windows\System\FuujOHu.exe

C:\Windows\System\eGcaUXy.exe

C:\Windows\System\eGcaUXy.exe

C:\Windows\System\RQGJMfO.exe

C:\Windows\System\RQGJMfO.exe

C:\Windows\System\JnvlQRl.exe

C:\Windows\System\JnvlQRl.exe

C:\Windows\System\EgJBQUM.exe

C:\Windows\System\EgJBQUM.exe

C:\Windows\System\WmaYRwE.exe

C:\Windows\System\WmaYRwE.exe

C:\Windows\System\ryJQuXZ.exe

C:\Windows\System\ryJQuXZ.exe

C:\Windows\System\CQVLkvO.exe

C:\Windows\System\CQVLkvO.exe

C:\Windows\System\ecXxwpP.exe

C:\Windows\System\ecXxwpP.exe

C:\Windows\System\AUXxqoR.exe

C:\Windows\System\AUXxqoR.exe

C:\Windows\System\aPqOwYW.exe

C:\Windows\System\aPqOwYW.exe

C:\Windows\System\mKcHtNo.exe

C:\Windows\System\mKcHtNo.exe

C:\Windows\System\qnmnRHF.exe

C:\Windows\System\qnmnRHF.exe

C:\Windows\System\OhjIWfB.exe

C:\Windows\System\OhjIWfB.exe

C:\Windows\System\DDgyUrZ.exe

C:\Windows\System\DDgyUrZ.exe

C:\Windows\System\ELgmqjF.exe

C:\Windows\System\ELgmqjF.exe

C:\Windows\System\fSATGJk.exe

C:\Windows\System\fSATGJk.exe

C:\Windows\System\TNVoIWi.exe

C:\Windows\System\TNVoIWi.exe

C:\Windows\System\MuYBaIS.exe

C:\Windows\System\MuYBaIS.exe

C:\Windows\System\BeVrDaQ.exe

C:\Windows\System\BeVrDaQ.exe

C:\Windows\System\znRmDCF.exe

C:\Windows\System\znRmDCF.exe

C:\Windows\System\RJtgPBa.exe

C:\Windows\System\RJtgPBa.exe

C:\Windows\System\SxhQGwh.exe

C:\Windows\System\SxhQGwh.exe

C:\Windows\System\wonPgeK.exe

C:\Windows\System\wonPgeK.exe

C:\Windows\System\dQepgKq.exe

C:\Windows\System\dQepgKq.exe

C:\Windows\System\hlTZfvS.exe

C:\Windows\System\hlTZfvS.exe

C:\Windows\System\KEKPZrD.exe

C:\Windows\System\KEKPZrD.exe

C:\Windows\System\fDsPcPg.exe

C:\Windows\System\fDsPcPg.exe

C:\Windows\System\ahCYMjc.exe

C:\Windows\System\ahCYMjc.exe

C:\Windows\System\PNEyJPX.exe

C:\Windows\System\PNEyJPX.exe

C:\Windows\System\FzBQMDG.exe

C:\Windows\System\FzBQMDG.exe

C:\Windows\System\ryqtIfW.exe

C:\Windows\System\ryqtIfW.exe

C:\Windows\System\weQLAzW.exe

C:\Windows\System\weQLAzW.exe

C:\Windows\System\bvVJLGb.exe

C:\Windows\System\bvVJLGb.exe

C:\Windows\System\vyjyfat.exe

C:\Windows\System\vyjyfat.exe

C:\Windows\System\BEWRBOF.exe

C:\Windows\System\BEWRBOF.exe

C:\Windows\System\VZvcYfN.exe

C:\Windows\System\VZvcYfN.exe

C:\Windows\System\nLHoLpm.exe

C:\Windows\System\nLHoLpm.exe

C:\Windows\System\ynWaEpf.exe

C:\Windows\System\ynWaEpf.exe

C:\Windows\System\QNyfuhO.exe

C:\Windows\System\QNyfuhO.exe

C:\Windows\System\LUAczGP.exe

C:\Windows\System\LUAczGP.exe

C:\Windows\System\BdRereG.exe

C:\Windows\System\BdRereG.exe

C:\Windows\System\jXwiaGm.exe

C:\Windows\System\jXwiaGm.exe

C:\Windows\System\syfmbPE.exe

C:\Windows\System\syfmbPE.exe

C:\Windows\System\ZeKcFUj.exe

C:\Windows\System\ZeKcFUj.exe

C:\Windows\System\IZOadHv.exe

C:\Windows\System\IZOadHv.exe

C:\Windows\System\GzSxPbI.exe

C:\Windows\System\GzSxPbI.exe

C:\Windows\System\dehOKrS.exe

C:\Windows\System\dehOKrS.exe

C:\Windows\System\ZpbuKeR.exe

C:\Windows\System\ZpbuKeR.exe

C:\Windows\System\EHyyOcX.exe

C:\Windows\System\EHyyOcX.exe

C:\Windows\System\hReVUtT.exe

C:\Windows\System\hReVUtT.exe

C:\Windows\System\fhTWlvK.exe

C:\Windows\System\fhTWlvK.exe

C:\Windows\System\nipJBpq.exe

C:\Windows\System\nipJBpq.exe

C:\Windows\System\wQVDfqt.exe

C:\Windows\System\wQVDfqt.exe

C:\Windows\System\YccLiSQ.exe

C:\Windows\System\YccLiSQ.exe

C:\Windows\System\xNMwPOH.exe

C:\Windows\System\xNMwPOH.exe

C:\Windows\System\SetqzCU.exe

C:\Windows\System\SetqzCU.exe

C:\Windows\System\EWZQZWA.exe

C:\Windows\System\EWZQZWA.exe

C:\Windows\System\rgxPryl.exe

C:\Windows\System\rgxPryl.exe

C:\Windows\System\iXAUijK.exe

C:\Windows\System\iXAUijK.exe

C:\Windows\System\QjTjiVt.exe

C:\Windows\System\QjTjiVt.exe

C:\Windows\System\rcOrgBw.exe

C:\Windows\System\rcOrgBw.exe

C:\Windows\System\rpUIZcz.exe

C:\Windows\System\rpUIZcz.exe

C:\Windows\System\xdejYCC.exe

C:\Windows\System\xdejYCC.exe

C:\Windows\System\srqthob.exe

C:\Windows\System\srqthob.exe

C:\Windows\System\TsTcIJJ.exe

C:\Windows\System\TsTcIJJ.exe

C:\Windows\System\NLvtEcF.exe

C:\Windows\System\NLvtEcF.exe

C:\Windows\System\ECmGpbl.exe

C:\Windows\System\ECmGpbl.exe

C:\Windows\System\CRgaDaF.exe

C:\Windows\System\CRgaDaF.exe

C:\Windows\System\AHVwocl.exe

C:\Windows\System\AHVwocl.exe

C:\Windows\System\lShurhq.exe

C:\Windows\System\lShurhq.exe

C:\Windows\System\MztBFLJ.exe

C:\Windows\System\MztBFLJ.exe

C:\Windows\System\gzYidmD.exe

C:\Windows\System\gzYidmD.exe

C:\Windows\System\ExreYSN.exe

C:\Windows\System\ExreYSN.exe

C:\Windows\System\dLeXjpg.exe

C:\Windows\System\dLeXjpg.exe

C:\Windows\System\uDVDefk.exe

C:\Windows\System\uDVDefk.exe

C:\Windows\System\pygwQeL.exe

C:\Windows\System\pygwQeL.exe

C:\Windows\System\EdFmFgs.exe

C:\Windows\System\EdFmFgs.exe

C:\Windows\System\HUDvWuL.exe

C:\Windows\System\HUDvWuL.exe

C:\Windows\System\wWkPrxS.exe

C:\Windows\System\wWkPrxS.exe

C:\Windows\System\iWfVgeS.exe

C:\Windows\System\iWfVgeS.exe

C:\Windows\System\eytGMPD.exe

C:\Windows\System\eytGMPD.exe

C:\Windows\System\ZhlDTRG.exe

C:\Windows\System\ZhlDTRG.exe

C:\Windows\System\ZmZFGte.exe

C:\Windows\System\ZmZFGte.exe

C:\Windows\System\WJjuFWw.exe

C:\Windows\System\WJjuFWw.exe

C:\Windows\System\APVLfPH.exe

C:\Windows\System\APVLfPH.exe

C:\Windows\System\FyEmrkg.exe

C:\Windows\System\FyEmrkg.exe

C:\Windows\System\mRoBOZd.exe

C:\Windows\System\mRoBOZd.exe

C:\Windows\System\SAJiKtW.exe

C:\Windows\System\SAJiKtW.exe

C:\Windows\System\qUKpkTA.exe

C:\Windows\System\qUKpkTA.exe

C:\Windows\System\TmOqlNA.exe

C:\Windows\System\TmOqlNA.exe

C:\Windows\System\QWIpNHG.exe

C:\Windows\System\QWIpNHG.exe

C:\Windows\System\adSedXe.exe

C:\Windows\System\adSedXe.exe

C:\Windows\System\meiRHGX.exe

C:\Windows\System\meiRHGX.exe

C:\Windows\System\zXARTIP.exe

C:\Windows\System\zXARTIP.exe

C:\Windows\System\TfxjQRg.exe

C:\Windows\System\TfxjQRg.exe

C:\Windows\System\qQoAaBb.exe

C:\Windows\System\qQoAaBb.exe

C:\Windows\System\atvlmcp.exe

C:\Windows\System\atvlmcp.exe

C:\Windows\System\UDJbhSS.exe

C:\Windows\System\UDJbhSS.exe

C:\Windows\System\WvDYxRV.exe

C:\Windows\System\WvDYxRV.exe

C:\Windows\System\mneUzwQ.exe

C:\Windows\System\mneUzwQ.exe

C:\Windows\System\HlxruDk.exe

C:\Windows\System\HlxruDk.exe

C:\Windows\System\wVWkZSS.exe

C:\Windows\System\wVWkZSS.exe

C:\Windows\System\rObCsYX.exe

C:\Windows\System\rObCsYX.exe

C:\Windows\System\BIvimJo.exe

C:\Windows\System\BIvimJo.exe

C:\Windows\System\ZsRPSWj.exe

C:\Windows\System\ZsRPSWj.exe

C:\Windows\System\ZwnpAQs.exe

C:\Windows\System\ZwnpAQs.exe

C:\Windows\System\TNQFUkx.exe

C:\Windows\System\TNQFUkx.exe

C:\Windows\System\ClGCvsU.exe

C:\Windows\System\ClGCvsU.exe

C:\Windows\System\KjdQJcU.exe

C:\Windows\System\KjdQJcU.exe

C:\Windows\System\csnYFux.exe

C:\Windows\System\csnYFux.exe

C:\Windows\System\zMBeWOz.exe

C:\Windows\System\zMBeWOz.exe

C:\Windows\System\XKwvkEb.exe

C:\Windows\System\XKwvkEb.exe

C:\Windows\System\QDnaBFn.exe

C:\Windows\System\QDnaBFn.exe

C:\Windows\System\Liozaet.exe

C:\Windows\System\Liozaet.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2216-0-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2216-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\elOcxYF.exe

MD5 b6d03c0be5c8cdfd12a3b1f804454cac
SHA1 fba0382e0ba5225ca7cbd00e843a6333bb4516f8
SHA256 a4b0c7a72d22c06df47ccb4a08eb588f4de94af7874bed73140eabea6cd75b44
SHA512 f82d21634f2af558ffe1b10dc563394d3a41459f5c03d95abe13224f7da51ae7add9512aba8a471696f70ca6d5634d2ab19420ed10bb6cd32f2cb5a2e77632d4

memory/2200-8-0x000000013F2F0000-0x000000013F644000-memory.dmp

C:\Windows\system\XBlAqPq.exe

MD5 5f0484ae57db303c29efc336d4812725
SHA1 04c151ca86b35873eba2d857232f446c359f86df
SHA256 8160ff0ea0bd194051b247c5c4f9fbd52cd19d962ffc41c0b1508025c820abed
SHA512 66b9aaaf0da13bc854a1c4a89731afcaf8134c12c2a2ad0e89d2a38460214f3695f23ca08dcf7159cd3bb706229f569d90a44cb6f48c8238965735118ceabaae

memory/492-24-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2216-33-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2216-31-0x000000013F090000-0x000000013F3E4000-memory.dmp

C:\Windows\system\cQVCsYa.exe

MD5 13212d39f580796b01dfef023dc4ec4e
SHA1 bca00d55a02e5cebe5d8dece042f80eb57d532e9
SHA256 0d8eda73a4d7a881802b4f7a4d38fac14cdf1793df02d0ba50d6e76caaeed509
SHA512 8047bee53227e801775009bc14fd6494c667bb95b87b6795a1148b0dba6fbc25a7c28a0f67db7c4026b3651b4f21f2753be069fa8c499866abb608d03276dee3

\Windows\system\QjZUKAf.exe

MD5 fe14705bc1150cfb66534d122e08e763
SHA1 f5395c87c66895301e66b2a44e29983caa1b502f
SHA256 18876ec093adf067aac5de7a1ead8c4a9f0fc58275f06c1f09f3576bf74c6efa
SHA512 ed9f8161445b5c8facaa1ce73b92082151a957050ed3d9f16873f9ba993b5c5646c2de3b0c264f7b8e83405c607a26cbea7b46c63ce4d19fbb89d466d2881849

memory/2668-49-0x000000013F530000-0x000000013F884000-memory.dmp

C:\Windows\system\aXgRZqA.exe

MD5 08e349a960c6ac9801b99847183fba4f
SHA1 aabc519ec4eaa5a410590f32514d3a8a775eb1d6
SHA256 bc4b6442f8e63fdcdec113c52844868f70fde0e5708ae72139c419feaba26daf
SHA512 3f93601d198fcc5e10c77cda7e9dbf1054445ec0613b247626e468fe1deba06b2b2d44d88455069eb346a64babe31576985168d971a84346a16c1aee32f6a6d8

memory/2216-54-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2792-55-0x000000013FCD0000-0x0000000140024000-memory.dmp

C:\Windows\system\sDYWDcy.exe

MD5 25460c2c3f9d22a5a607f9fc1e44b1a9
SHA1 27b3cd9d860cc2f3ddbbe6e70b304a1b26986d16
SHA256 566e67807b25b3bdb4f087264be60c99ec2ad55a9afe5629989dcfa30f0cda62
SHA512 402f6718646bda4bec9ba7b4ce66a54c70f3a1d40de30c13187913bdb0cadb916b8dad41e7996e4e57a4c2a2df1488074e1431e601d66c0bd22935faa219eeeb

memory/2872-60-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2560-65-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\dBhxCAv.exe

MD5 501f800da5657e1c1c7d8655cdc1897b
SHA1 de13224b0979d23b393e63d022dbc436adf003ff
SHA256 3d4c70af8fdd98e6c229d1ef148f2d40518a0173261209c2b3730b79d284e290
SHA512 fc250467e2e016f51bf9b8579981960a69ae6322f90deb672378a5b90d33370c0165ea888daf6b54e23bf94deb4ef760886e6e656f4ab9ba8275d18ae6f178d7

memory/2516-71-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2592-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2216-77-0x0000000001FA0000-0x00000000022F4000-memory.dmp

\Windows\system\MyOoSSJ.exe

MD5 8ed2f1ae694124159073bc7ae9db208e
SHA1 691bf4df3c1e1af76d5c19651b863f6826a3f2c2
SHA256 069933d22ba6e21052c842f43b60287f5c1df4e3c7afe07430c0cc4e34365d9a
SHA512 d927421f9f78c653ca3fd796e2b42c4f7df1841c4021442bfe51d8a2274c4d7527aa99e9bd100031efaecb08aff0bfe1717f0e4a134fa9abd1a1a7ef1dcfacb1

C:\Windows\system\EDkjzPB.exe

MD5 52ec2d6af61e426c8c247f1e1181d537
SHA1 30ef4e76835d2eb1b681337b356dff8ac546124d
SHA256 60f12199fe915d0c893eaa6cf9e7aa711eecf1260b9726a801337dbcb5b68131
SHA512 6517361c3d8af74ada25360ef55dbe0382616f8c00b9fa39b821ae81973266873b7ce0ad8dbba640ab7488cdc4099d21780bf246c3948c454da174ef47ef7416

C:\Windows\system\lGsdjKf.exe

MD5 b5951bc84ddd6a337c9a7f454f3206e5
SHA1 c16abd048888e9c0445e8fe656d951c9e84dfeee
SHA256 190d050ac1b824d5ea73f0fd5a78faf15679b3c9aff7088947d2efa28e8a3bd5
SHA512 e364a19eea29b6bb6200d7cd718a6a243a4ebe2b0888b9405069177c4c4aedd6877f0ccf567af06d727044beb10bb687ae87a870403f52e5afa6d4a75df47559

memory/2792-501-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2872-1048-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2216-1071-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2560-1072-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2668-356-0x000000013F530000-0x000000013F884000-memory.dmp

C:\Windows\system\IwwlNtP.exe

MD5 b58c9f2ad5473611a971349d953bf978
SHA1 0dd968e8e395e03d5622b74f65624ceed807f09b
SHA256 f4c13ea88e9fa2c107dcb717f7b131d3d8c0d311e0a649cd14705657f38ae4a2
SHA512 e652d53d0fa2cc659da37350c432c169eda7018c8529a40179395937d00af11a5c8cdc7f97ff10965ba469f27ba738a66fb976a4278feca5ceb44ec2043b6953

C:\Windows\system\BAVMgYJ.exe

MD5 37dc7b40989ba77bf2b39c4f67b806eb
SHA1 5776d977c311bab490b0c0afd6087daa0bb8faf3
SHA256 c693933396780e67568e033e293abc26300ddd8dfa8440a50fe85ac903e87fcc
SHA512 e070ca80f8866b0e849bdf3a8073aa4b3145cb9634b1376cfdbbbcf13eae0f86bce349c7d0509d571837820233d240e0bfe7c69324f47f6ea3827bf0622422b2

C:\Windows\system\EfbmJhl.exe

MD5 91775c56fe0de79e60bb9ace81bb3fb1
SHA1 6fdfb266829ccdd4fb4b3ab54e4cedb47e675e9d
SHA256 2cb527a1daffc2dda92dee48d70bec143cc71e15f1205aaf1ce3e99ac7edafe4
SHA512 6952d414404844fe7c676efc58f19f6d37d8f719e73353e37ab5b4c816e6f9acde79cca84974dcdb206e9839fb8b44f6e842f5393d19c6cfd4f4384830406c68

C:\Windows\system\eKJTdZP.exe

MD5 7fd2fdd3a68994ff74c9ec0cdf07dc40
SHA1 856c7c8d8d207177436203acd3e131c48af3a8b9
SHA256 62709f04766d038787c4dda610ebc0685e6473484e2f3395fc2fd15299847410
SHA512 78aa7f2dbd93bac65970a88c5ad13b94806476e58007e1d0e353ccd85e0526b7062053ccd0c868265bc01859455883467aaddfb07b0ce9b05024a85814aae385

C:\Windows\system\yQslZoe.exe

MD5 918a840ceed5db61f6c86b327c384648
SHA1 7e6a6b3b6128c7f363a3d4eea9b5be2b0801fd00
SHA256 e0e2a8b0fe5611400a9d07318f80a06cf63662c02bbfea1c7a0f1a7a3c086be2
SHA512 fe02d0ea96fd9c324351d78e1d3b52a3fb114c505cfa692d324177052a19046472a92a26520fe679fc43206bd89884cecd1b2fd4e5a13778e77c36ba9db226ec

C:\Windows\system\ZhCvRYl.exe

MD5 618b476c5a6865d88a537a447968ae23
SHA1 6a1e346e374c88b04d22e28bda0e7d152620f358
SHA256 8b60b3552e1e3c3070d45d1695f57978926e64f47fd71970e9568a2649e62e7f
SHA512 4f273912dd5ec7fe78beccf4d91ef1714af876847aee1c78e51054dd1da960faa65171025fd6e4e2c965081ab205e9872084576fc1efc7c63a5f72309c531258

C:\Windows\system\Wcmllzp.exe

MD5 8a0ea4c7b8e15d2edf193fd94c51a009
SHA1 0baace3401ede3996dd1cb5f01d7dc873909922d
SHA256 bc433a85fdec88d0eea2b2c121899dd51703e04037246ff17d677e3e634fa63c
SHA512 0548fafe7c78ea13006f68c1260276e5a8772fb5329fcf52d276fb75e6e5598521af8707664a060fd1888e2960abf4926ed3b3e2609f3610c94e15a1e5d51a48

C:\Windows\system\HhleFPe.exe

MD5 1405401fa2210d7cc31c84bd95c14921
SHA1 69789dee9e0f0528ea096257bfca32b2a3e2b28d
SHA256 af4475b1d41ce5d1add8dd8a7144dcb2efa2e82e39673df1625e4be57e29547c
SHA512 5ae14726345babdebd0e2438ae3e2383fd4848bc4506b785f1a41629c057180bd6c8106d3d4fb7de2b35df2ff59f7b7907549c79ec70e8522d7b405597cb645e

C:\Windows\system\VBGZKir.exe

MD5 b9903f1aabba9a8e8f3215ecfecb8ac6
SHA1 7db684ee43208c6d5f25eb42293047568a6de45b
SHA256 b9cf12405228d51857448caac84f76be3b2af304cb518d3fa1a88c5555ab3b2a
SHA512 7dc7f99faa9bd313bb049b3bf2395546cc8d5309711c6766f81ecbf72b299d25528b2f057d9994b39fa3260ffe4381de19374b2bd7eb080efe11d324a42d1dd2

C:\Windows\system\FfMtrFI.exe

MD5 41ab7eceb88a7fdc6021c021f892f2d4
SHA1 412457a03734a11e81bbda19ce5b2b55371a22a5
SHA256 e9d601d3d95221e95e4587cc756b5cf09c3d141ed3a5b5d5a5ce2ec95e884e2e
SHA512 445ad42d0b9eb246251edddf3584fca442dac7d62ab19f8c6fb775c437be170efcca2c8b74c3e57d0665999a6e265ba4306cd15155145dda3a218eba6ce3cea6

C:\Windows\system\oQcCdRs.exe

MD5 de10c45df372e3489700b0a4cce90837
SHA1 e296bd0f70ada86d28263e77c88f785339df108b
SHA256 fa136f8bcef08f711421fbfb9a6385fa4c23936e29866f6ef87cac164a9bad90
SHA512 3765519c188125c22e1b308eae2eb102547bef59a5542132c5b48d545a186a4a76375a9d8b4536ae3a34b43f1aa9f6fd79ae3a5b5bdb8b6ba6b3f722ccaa906a

C:\Windows\system\OOdcvKv.exe

MD5 3fd4faecb222d6c255315a92e5ee9e57
SHA1 669b5f66a847b1aa9507e9d938817cb228844e91
SHA256 34f7f5e709c237dcd06480b5cdee94a219777cff4d7847c674a9ea05af9920b6
SHA512 0a01c10bca0d6f45690d0438c78459342225fad7ae7e8e0dbd41ecc57ff2049ba3f6dc9c962d1b4a8006542f983417232d5fce86254609b7f88336758866aec2

C:\Windows\system\ntaYHDt.exe

MD5 a9c423501100454dab2bd066514a030a
SHA1 543c48ec461265f5be49a05b8e467f099e017cf8
SHA256 fb737ca2c142c2132c342d96ed7041a0124b4443815df99036a8d3e34c82e386
SHA512 1dbac44a72f5734cdcc29183af84c57340e95e4c0257aa0944a6419441f4fedaa31bfa18c7b15085ea1a6f7545e155986d700735169edd81514401c8ee6547c2

memory/2516-1073-0x000000013FF00000-0x0000000140254000-memory.dmp

C:\Windows\system\encoZXa.exe

MD5 89aa70fa82a3f8743450c587b145a15c
SHA1 a8e15a1673708c673a847e9f392a7cd53e3507fc
SHA256 bdd273ceccdb12f8f53495f34f4b4c08cc4ac25d00b3464c75e14ed546af6022
SHA512 2c34febf6a8c939fe01a32d29419bec2f6375935a31d8a7ce9f5d272974b22d8826be9d4695f44cbaa5daa6e92c392f421a2f39da98cb635a12fbdc609aa20a9

C:\Windows\system\MUzXCPe.exe

MD5 d99ea8b0f749f874011c4f72815db896
SHA1 178ad73e3510fc2844a4e3d8d2870f0f007e3710
SHA256 1ac881b305f53bcc05bbce4d8f550979649fe011ea6d80409c798790d16ee927
SHA512 1a0abaa7ccd3dfd2e278ed4bfbb97892200fc46ddcf90c0b8776c2e3ca9d1b272459963c2a5b22cc29786cb6cdcee8ad744d5c26e4b48f7f935027724ce84d55

C:\Windows\system\ETWEooA.exe

MD5 eb9b1ec39d49dab699c2e59e6ff948bf
SHA1 1ae820a5dac6d65e30b9b4530d683fcc84963021
SHA256 5b13cfe9e8022c521108eb772e88610edcd4461e53e18e8031a62611f8ec1d3e
SHA512 abe9d13a7be22fb365f074b68a1e4b6fcf108a2de68385306d3a6c7438a3e038797da657671bc704e8151aed4e6273f15448951b31407f793308be3abb5ab4b4

memory/2216-97-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2332-87-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2216-85-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2216-84-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2200-83-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2216-89-0x000000013FF00000-0x0000000140254000-memory.dmp

C:\Windows\system\dvmhjml.exe

MD5 a0e7503e8fbe699940abe75533199071
SHA1 e1d260b17420190cda4105855ace565b5953e412
SHA256 f94792992678c700bf1205233749b6a50f4fb37e6f888f0dca91a534a4d2b529
SHA512 26e79e5cd369e259148a20ed348dc8ecd40f25653be74dad1c66da71e95c4e6052e53bd148638ebe51950382a08f9628e34e7f03e758532e580c714163740a37

memory/2216-76-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2216-70-0x000000013FF00000-0x0000000140254000-memory.dmp

C:\Windows\system\BsmLDxX.exe

MD5 fd2c70154b935937d037ba0080706ac3
SHA1 c8a7a33b616d8b1f93fdd5f97bc1caafc594b016
SHA256 563b73e868f3ddc9dab7349d527dc0f9bd471e7191bf452598f11ef6ec3a9e9b
SHA512 e0956e2c630e31aad45e0b5f2ff2cb77bf147fb8eea46774760edef792b716ebae0a77b5713e02b785633e9e9862b50d89e2669e81384990da62df8f5bde2a0d

C:\Windows\system\imNzZtx.exe

MD5 af8fbb6b219ebfc89fd135471725b2af
SHA1 51532be093a11707f869d244bb3bc001017b5043
SHA256 06a077277ebff5d07143b0a2cd5e07138248e8fb0b579994897d07ebe5f8b8df
SHA512 9714ca73e052d5efb70455e1b0a8eb2eff2765c6abecfd794fb67af745dbf10681f1f8c4ad7bad18fd8dd67d7b6b346f062f5f22d2f400896caea5bedb0ece65

memory/2720-47-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2656-46-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2216-45-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2340-44-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2216-43-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2216-41-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

C:\Windows\system\RzeojNp.exe

MD5 a8814a17f3a01cc0347032fc50a14fe8
SHA1 7889d7fb9bdde4d1bd8372d996661238d6f9cf0e
SHA256 3371d49df427a85ae1d6ae6d8056cbef215e6bc73663cb5b4e8aa1a96931424d
SHA512 6a3ba2d701ac56bdd567da0ff71902e8baf090fb0c1123f298c65d21b3d1e21263ffa161542edd50982e7aac46fb4056fc2f33e05d757ceb8e887118e2c046ec

C:\Windows\system\CkFNpKV.exe

MD5 0b8390346921de8c851679080ba060aa
SHA1 106137efb2d016fa49be044ede0accde51d547b9
SHA256 32597c08bb2acb750c1a76524e55038a2b1460e9c4bd97f42dbc3f6f8037b252
SHA512 afe33453e5a2ca157064c3d5b3b4f55cecf585bdd2f042727d6ad9e30d08e3e71b7a5e7015a278b08dd996fba848012677a22147b3ffbadb7573e0c4d0429bdf

memory/1852-37-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

C:\Windows\system\iXYBGlQ.exe

MD5 b8ca30eca19da30b75c3fc63faf1495a
SHA1 2bba8700e97acad87f88a07e2e8d21165f67d288
SHA256 bb0263f4f230d10042b562c0ecfa4e3c9c5569f9bd96e6da1417786d12b5d679
SHA512 c7f6b19c1448de57e9ef5623a392d7bd83298949019a9115dde23e2205b8a9744b0f32fa20a8e1ab5399194267c88ba97ca4e1628a7c6866469f6beaaf14b366

memory/2216-17-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2216-1074-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2592-1075-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2216-1076-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2332-1077-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2216-1078-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2300-1079-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2216-1080-0x0000000001FA0000-0x00000000022F4000-memory.dmp

memory/2200-1081-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/492-1082-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2340-1084-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/1852-1083-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2720-1085-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2656-1086-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2792-1087-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2332-1088-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2668-1089-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2592-1090-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2560-1091-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2872-1092-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2300-1093-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2516-1094-0x000000013FF00000-0x0000000140254000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 00:02

Reported

2024-06-23 00:05

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iNiPIqy.exe N/A
N/A N/A C:\Windows\System\rkfAszf.exe N/A
N/A N/A C:\Windows\System\LzEhBid.exe N/A
N/A N/A C:\Windows\System\IeCMbNB.exe N/A
N/A N/A C:\Windows\System\iibjFvs.exe N/A
N/A N/A C:\Windows\System\NCjADsi.exe N/A
N/A N/A C:\Windows\System\aMWECqg.exe N/A
N/A N/A C:\Windows\System\teRVWsV.exe N/A
N/A N/A C:\Windows\System\kONONLz.exe N/A
N/A N/A C:\Windows\System\LeheNgb.exe N/A
N/A N/A C:\Windows\System\zVNVpvq.exe N/A
N/A N/A C:\Windows\System\tSiBrfF.exe N/A
N/A N/A C:\Windows\System\cDCsErX.exe N/A
N/A N/A C:\Windows\System\oLcSgxX.exe N/A
N/A N/A C:\Windows\System\CbVgCVd.exe N/A
N/A N/A C:\Windows\System\NzLIvPu.exe N/A
N/A N/A C:\Windows\System\cdFGYkJ.exe N/A
N/A N/A C:\Windows\System\bkyniwg.exe N/A
N/A N/A C:\Windows\System\YTakyVK.exe N/A
N/A N/A C:\Windows\System\dyLGrGA.exe N/A
N/A N/A C:\Windows\System\AKkZkcI.exe N/A
N/A N/A C:\Windows\System\bAHCBDP.exe N/A
N/A N/A C:\Windows\System\HQXEwxq.exe N/A
N/A N/A C:\Windows\System\tCezDFX.exe N/A
N/A N/A C:\Windows\System\RswYmFK.exe N/A
N/A N/A C:\Windows\System\sqlaLpY.exe N/A
N/A N/A C:\Windows\System\UzXVcmV.exe N/A
N/A N/A C:\Windows\System\SoKhgfI.exe N/A
N/A N/A C:\Windows\System\lmOwQyc.exe N/A
N/A N/A C:\Windows\System\fobfuxx.exe N/A
N/A N/A C:\Windows\System\ZCIGdeB.exe N/A
N/A N/A C:\Windows\System\BGsSPlz.exe N/A
N/A N/A C:\Windows\System\hvkcukF.exe N/A
N/A N/A C:\Windows\System\JxyyvVz.exe N/A
N/A N/A C:\Windows\System\mnoanfQ.exe N/A
N/A N/A C:\Windows\System\wWPrtwV.exe N/A
N/A N/A C:\Windows\System\kQguAJm.exe N/A
N/A N/A C:\Windows\System\ieEDtvX.exe N/A
N/A N/A C:\Windows\System\xuBIKam.exe N/A
N/A N/A C:\Windows\System\wxTekyU.exe N/A
N/A N/A C:\Windows\System\AydTKYQ.exe N/A
N/A N/A C:\Windows\System\cqmDWhu.exe N/A
N/A N/A C:\Windows\System\QEUIFbe.exe N/A
N/A N/A C:\Windows\System\pxjLPWp.exe N/A
N/A N/A C:\Windows\System\VEDgaQl.exe N/A
N/A N/A C:\Windows\System\wxoMfLk.exe N/A
N/A N/A C:\Windows\System\oxciIvy.exe N/A
N/A N/A C:\Windows\System\LjZLBWf.exe N/A
N/A N/A C:\Windows\System\fvvqRNX.exe N/A
N/A N/A C:\Windows\System\jcsiPVN.exe N/A
N/A N/A C:\Windows\System\GyOykRn.exe N/A
N/A N/A C:\Windows\System\pvthZqP.exe N/A
N/A N/A C:\Windows\System\unxkNcI.exe N/A
N/A N/A C:\Windows\System\TgbEqJX.exe N/A
N/A N/A C:\Windows\System\PWJDSNh.exe N/A
N/A N/A C:\Windows\System\TBXTERL.exe N/A
N/A N/A C:\Windows\System\IexzzIu.exe N/A
N/A N/A C:\Windows\System\YQdKUPF.exe N/A
N/A N/A C:\Windows\System\cMqedMq.exe N/A
N/A N/A C:\Windows\System\BtUgTUS.exe N/A
N/A N/A C:\Windows\System\xmGzGoD.exe N/A
N/A N/A C:\Windows\System\YuzhrbH.exe N/A
N/A N/A C:\Windows\System\WsAPait.exe N/A
N/A N/A C:\Windows\System\wRKJRtW.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aMWECqg.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmOwQyc.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgDYjyA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgocghH.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRNTwIM.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzLIvPu.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuzhrbH.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvcNfdo.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlsbgIu.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\Xpqkour.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYNVMdP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmEVCmB.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\teRVWsV.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxoMfLk.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\RFeRXYT.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKPjSpH.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\xmGzGoD.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkdJfWG.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymKeffM.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\esFSKSe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLniXde.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\berhZCc.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBQMDII.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtgyJcx.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\xboHsJt.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHXZjqC.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNiPIqy.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyLGrGA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgbEqJX.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\leYNvZQ.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxXEvMa.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTQqcZa.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\DydMKES.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtLCZxO.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYyrtDP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTCLgRn.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXBUcVd.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\qmCMryP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\JaOFimR.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBXTERL.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUYVVsA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPcgPZA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcINvFd.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVFaeWe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJdQUNy.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZXIkHe.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\IKnwEvz.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjzbTpM.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\UIeLOEI.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLoXKRP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVPNWPr.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBKDHOm.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqZNFtU.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWPrtwV.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTFnXVB.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlTNVwv.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHtPqfC.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTcpbXZ.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWLZiDf.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\PigkvMA.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\JxmLRgj.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWyfURc.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\daqnDNv.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAHCBDP.exe C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4384 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iNiPIqy.exe
PID 4384 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iNiPIqy.exe
PID 4384 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\rkfAszf.exe
PID 4384 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\rkfAszf.exe
PID 4384 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\LzEhBid.exe
PID 4384 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\LzEhBid.exe
PID 4384 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\IeCMbNB.exe
PID 4384 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\IeCMbNB.exe
PID 4384 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iibjFvs.exe
PID 4384 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\iibjFvs.exe
PID 4384 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\NCjADsi.exe
PID 4384 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\NCjADsi.exe
PID 4384 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\aMWECqg.exe
PID 4384 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\aMWECqg.exe
PID 4384 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\teRVWsV.exe
PID 4384 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\teRVWsV.exe
PID 4384 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\kONONLz.exe
PID 4384 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\kONONLz.exe
PID 4384 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\LeheNgb.exe
PID 4384 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\LeheNgb.exe
PID 4384 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\zVNVpvq.exe
PID 4384 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\zVNVpvq.exe
PID 4384 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\tSiBrfF.exe
PID 4384 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\tSiBrfF.exe
PID 4384 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cDCsErX.exe
PID 4384 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cDCsErX.exe
PID 4384 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\oLcSgxX.exe
PID 4384 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\oLcSgxX.exe
PID 4384 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\CbVgCVd.exe
PID 4384 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\CbVgCVd.exe
PID 4384 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\NzLIvPu.exe
PID 4384 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\NzLIvPu.exe
PID 4384 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cdFGYkJ.exe
PID 4384 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\cdFGYkJ.exe
PID 4384 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\bkyniwg.exe
PID 4384 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\bkyniwg.exe
PID 4384 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\YTakyVK.exe
PID 4384 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\YTakyVK.exe
PID 4384 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dyLGrGA.exe
PID 4384 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\dyLGrGA.exe
PID 4384 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\AKkZkcI.exe
PID 4384 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\AKkZkcI.exe
PID 4384 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\bAHCBDP.exe
PID 4384 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\bAHCBDP.exe
PID 4384 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\HQXEwxq.exe
PID 4384 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\HQXEwxq.exe
PID 4384 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\tCezDFX.exe
PID 4384 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\tCezDFX.exe
PID 4384 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\RswYmFK.exe
PID 4384 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\RswYmFK.exe
PID 4384 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\sqlaLpY.exe
PID 4384 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\sqlaLpY.exe
PID 4384 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\UzXVcmV.exe
PID 4384 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\UzXVcmV.exe
PID 4384 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\SoKhgfI.exe
PID 4384 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\SoKhgfI.exe
PID 4384 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\lmOwQyc.exe
PID 4384 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\lmOwQyc.exe
PID 4384 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\fobfuxx.exe
PID 4384 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\fobfuxx.exe
PID 4384 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ZCIGdeB.exe
PID 4384 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\ZCIGdeB.exe
PID 4384 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\BGsSPlz.exe
PID 4384 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe C:\Windows\System\BGsSPlz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe"

C:\Windows\System\iNiPIqy.exe

C:\Windows\System\iNiPIqy.exe

C:\Windows\System\rkfAszf.exe

C:\Windows\System\rkfAszf.exe

C:\Windows\System\LzEhBid.exe

C:\Windows\System\LzEhBid.exe

C:\Windows\System\IeCMbNB.exe

C:\Windows\System\IeCMbNB.exe

C:\Windows\System\iibjFvs.exe

C:\Windows\System\iibjFvs.exe

C:\Windows\System\NCjADsi.exe

C:\Windows\System\NCjADsi.exe

C:\Windows\System\aMWECqg.exe

C:\Windows\System\aMWECqg.exe

C:\Windows\System\teRVWsV.exe

C:\Windows\System\teRVWsV.exe

C:\Windows\System\kONONLz.exe

C:\Windows\System\kONONLz.exe

C:\Windows\System\LeheNgb.exe

C:\Windows\System\LeheNgb.exe

C:\Windows\System\zVNVpvq.exe

C:\Windows\System\zVNVpvq.exe

C:\Windows\System\tSiBrfF.exe

C:\Windows\System\tSiBrfF.exe

C:\Windows\System\cDCsErX.exe

C:\Windows\System\cDCsErX.exe

C:\Windows\System\oLcSgxX.exe

C:\Windows\System\oLcSgxX.exe

C:\Windows\System\CbVgCVd.exe

C:\Windows\System\CbVgCVd.exe

C:\Windows\System\NzLIvPu.exe

C:\Windows\System\NzLIvPu.exe

C:\Windows\System\cdFGYkJ.exe

C:\Windows\System\cdFGYkJ.exe

C:\Windows\System\bkyniwg.exe

C:\Windows\System\bkyniwg.exe

C:\Windows\System\YTakyVK.exe

C:\Windows\System\YTakyVK.exe

C:\Windows\System\dyLGrGA.exe

C:\Windows\System\dyLGrGA.exe

C:\Windows\System\AKkZkcI.exe

C:\Windows\System\AKkZkcI.exe

C:\Windows\System\bAHCBDP.exe

C:\Windows\System\bAHCBDP.exe

C:\Windows\System\HQXEwxq.exe

C:\Windows\System\HQXEwxq.exe

C:\Windows\System\tCezDFX.exe

C:\Windows\System\tCezDFX.exe

C:\Windows\System\RswYmFK.exe

C:\Windows\System\RswYmFK.exe

C:\Windows\System\sqlaLpY.exe

C:\Windows\System\sqlaLpY.exe

C:\Windows\System\UzXVcmV.exe

C:\Windows\System\UzXVcmV.exe

C:\Windows\System\SoKhgfI.exe

C:\Windows\System\SoKhgfI.exe

C:\Windows\System\lmOwQyc.exe

C:\Windows\System\lmOwQyc.exe

C:\Windows\System\fobfuxx.exe

C:\Windows\System\fobfuxx.exe

C:\Windows\System\ZCIGdeB.exe

C:\Windows\System\ZCIGdeB.exe

C:\Windows\System\BGsSPlz.exe

C:\Windows\System\BGsSPlz.exe

C:\Windows\System\hvkcukF.exe

C:\Windows\System\hvkcukF.exe

C:\Windows\System\JxyyvVz.exe

C:\Windows\System\JxyyvVz.exe

C:\Windows\System\mnoanfQ.exe

C:\Windows\System\mnoanfQ.exe

C:\Windows\System\wWPrtwV.exe

C:\Windows\System\wWPrtwV.exe

C:\Windows\System\kQguAJm.exe

C:\Windows\System\kQguAJm.exe

C:\Windows\System\ieEDtvX.exe

C:\Windows\System\ieEDtvX.exe

C:\Windows\System\xuBIKam.exe

C:\Windows\System\xuBIKam.exe

C:\Windows\System\wxTekyU.exe

C:\Windows\System\wxTekyU.exe

C:\Windows\System\AydTKYQ.exe

C:\Windows\System\AydTKYQ.exe

C:\Windows\System\cqmDWhu.exe

C:\Windows\System\cqmDWhu.exe

C:\Windows\System\QEUIFbe.exe

C:\Windows\System\QEUIFbe.exe

C:\Windows\System\pxjLPWp.exe

C:\Windows\System\pxjLPWp.exe

C:\Windows\System\VEDgaQl.exe

C:\Windows\System\VEDgaQl.exe

C:\Windows\System\wxoMfLk.exe

C:\Windows\System\wxoMfLk.exe

C:\Windows\System\oxciIvy.exe

C:\Windows\System\oxciIvy.exe

C:\Windows\System\LjZLBWf.exe

C:\Windows\System\LjZLBWf.exe

C:\Windows\System\fvvqRNX.exe

C:\Windows\System\fvvqRNX.exe

C:\Windows\System\jcsiPVN.exe

C:\Windows\System\jcsiPVN.exe

C:\Windows\System\GyOykRn.exe

C:\Windows\System\GyOykRn.exe

C:\Windows\System\pvthZqP.exe

C:\Windows\System\pvthZqP.exe

C:\Windows\System\unxkNcI.exe

C:\Windows\System\unxkNcI.exe

C:\Windows\System\TgbEqJX.exe

C:\Windows\System\TgbEqJX.exe

C:\Windows\System\PWJDSNh.exe

C:\Windows\System\PWJDSNh.exe

C:\Windows\System\TBXTERL.exe

C:\Windows\System\TBXTERL.exe

C:\Windows\System\IexzzIu.exe

C:\Windows\System\IexzzIu.exe

C:\Windows\System\YQdKUPF.exe

C:\Windows\System\YQdKUPF.exe

C:\Windows\System\cMqedMq.exe

C:\Windows\System\cMqedMq.exe

C:\Windows\System\BtUgTUS.exe

C:\Windows\System\BtUgTUS.exe

C:\Windows\System\xmGzGoD.exe

C:\Windows\System\xmGzGoD.exe

C:\Windows\System\YuzhrbH.exe

C:\Windows\System\YuzhrbH.exe

C:\Windows\System\WsAPait.exe

C:\Windows\System\WsAPait.exe

C:\Windows\System\wRKJRtW.exe

C:\Windows\System\wRKJRtW.exe

C:\Windows\System\LxXEvMa.exe

C:\Windows\System\LxXEvMa.exe

C:\Windows\System\BtLCZxO.exe

C:\Windows\System\BtLCZxO.exe

C:\Windows\System\vliYYVq.exe

C:\Windows\System\vliYYVq.exe

C:\Windows\System\afhVlyf.exe

C:\Windows\System\afhVlyf.exe

C:\Windows\System\oMiOGjt.exe

C:\Windows\System\oMiOGjt.exe

C:\Windows\System\SoeEWpj.exe

C:\Windows\System\SoeEWpj.exe

C:\Windows\System\hUYVVsA.exe

C:\Windows\System\hUYVVsA.exe

C:\Windows\System\XyhhTAQ.exe

C:\Windows\System\XyhhTAQ.exe

C:\Windows\System\nvcNfdo.exe

C:\Windows\System\nvcNfdo.exe

C:\Windows\System\MzerYtZ.exe

C:\Windows\System\MzerYtZ.exe

C:\Windows\System\XKhqssT.exe

C:\Windows\System\XKhqssT.exe

C:\Windows\System\brtMFkN.exe

C:\Windows\System\brtMFkN.exe

C:\Windows\System\ZIKZEOD.exe

C:\Windows\System\ZIKZEOD.exe

C:\Windows\System\DNkeONg.exe

C:\Windows\System\DNkeONg.exe

C:\Windows\System\yyPVTZc.exe

C:\Windows\System\yyPVTZc.exe

C:\Windows\System\RFeRXYT.exe

C:\Windows\System\RFeRXYT.exe

C:\Windows\System\ljlTPfp.exe

C:\Windows\System\ljlTPfp.exe

C:\Windows\System\JGukWBD.exe

C:\Windows\System\JGukWBD.exe

C:\Windows\System\qTFnXVB.exe

C:\Windows\System\qTFnXVB.exe

C:\Windows\System\RnrlbKH.exe

C:\Windows\System\RnrlbKH.exe

C:\Windows\System\oMuuBqY.exe

C:\Windows\System\oMuuBqY.exe

C:\Windows\System\UUASMdY.exe

C:\Windows\System\UUASMdY.exe

C:\Windows\System\mvdiEBi.exe

C:\Windows\System\mvdiEBi.exe

C:\Windows\System\YnFNBfB.exe

C:\Windows\System\YnFNBfB.exe

C:\Windows\System\pIHkFoL.exe

C:\Windows\System\pIHkFoL.exe

C:\Windows\System\CZOuYqf.exe

C:\Windows\System\CZOuYqf.exe

C:\Windows\System\ZlTNVwv.exe

C:\Windows\System\ZlTNVwv.exe

C:\Windows\System\IPcgPZA.exe

C:\Windows\System\IPcgPZA.exe

C:\Windows\System\uYyrtDP.exe

C:\Windows\System\uYyrtDP.exe

C:\Windows\System\qZXIkHe.exe

C:\Windows\System\qZXIkHe.exe

C:\Windows\System\AylTxKi.exe

C:\Windows\System\AylTxKi.exe

C:\Windows\System\xnpkuXq.exe

C:\Windows\System\xnpkuXq.exe

C:\Windows\System\zlsbgIu.exe

C:\Windows\System\zlsbgIu.exe

C:\Windows\System\hljvOKE.exe

C:\Windows\System\hljvOKE.exe

C:\Windows\System\HTCLgRn.exe

C:\Windows\System\HTCLgRn.exe

C:\Windows\System\PdNWdwU.exe

C:\Windows\System\PdNWdwU.exe

C:\Windows\System\dHtPqfC.exe

C:\Windows\System\dHtPqfC.exe

C:\Windows\System\VieMuXZ.exe

C:\Windows\System\VieMuXZ.exe

C:\Windows\System\nhExSxg.exe

C:\Windows\System\nhExSxg.exe

C:\Windows\System\sIHdkJE.exe

C:\Windows\System\sIHdkJE.exe

C:\Windows\System\CzWOUKX.exe

C:\Windows\System\CzWOUKX.exe

C:\Windows\System\MpCtqso.exe

C:\Windows\System\MpCtqso.exe

C:\Windows\System\najaOqO.exe

C:\Windows\System\najaOqO.exe

C:\Windows\System\CBLmJnj.exe

C:\Windows\System\CBLmJnj.exe

C:\Windows\System\wLoXKRP.exe

C:\Windows\System\wLoXKRP.exe

C:\Windows\System\WjtMMXM.exe

C:\Windows\System\WjtMMXM.exe

C:\Windows\System\AOylqdt.exe

C:\Windows\System\AOylqdt.exe

C:\Windows\System\PuvBhwj.exe

C:\Windows\System\PuvBhwj.exe

C:\Windows\System\onWJaKj.exe

C:\Windows\System\onWJaKj.exe

C:\Windows\System\fcINvFd.exe

C:\Windows\System\fcINvFd.exe

C:\Windows\System\GwlEsxX.exe

C:\Windows\System\GwlEsxX.exe

C:\Windows\System\BVpuDQn.exe

C:\Windows\System\BVpuDQn.exe

C:\Windows\System\fhNaCkP.exe

C:\Windows\System\fhNaCkP.exe

C:\Windows\System\leYNvZQ.exe

C:\Windows\System\leYNvZQ.exe

C:\Windows\System\RlxZyNv.exe

C:\Windows\System\RlxZyNv.exe

C:\Windows\System\PQmZBzS.exe

C:\Windows\System\PQmZBzS.exe

C:\Windows\System\PdKDiLe.exe

C:\Windows\System\PdKDiLe.exe

C:\Windows\System\uTMjySj.exe

C:\Windows\System\uTMjySj.exe

C:\Windows\System\RbYjjHD.exe

C:\Windows\System\RbYjjHD.exe

C:\Windows\System\PMEEyGQ.exe

C:\Windows\System\PMEEyGQ.exe

C:\Windows\System\weZeaZc.exe

C:\Windows\System\weZeaZc.exe

C:\Windows\System\KTQqcZa.exe

C:\Windows\System\KTQqcZa.exe

C:\Windows\System\JWhaQRW.exe

C:\Windows\System\JWhaQRW.exe

C:\Windows\System\bnicVdQ.exe

C:\Windows\System\bnicVdQ.exe

C:\Windows\System\KJXVTnU.exe

C:\Windows\System\KJXVTnU.exe

C:\Windows\System\vAdyTqQ.exe

C:\Windows\System\vAdyTqQ.exe

C:\Windows\System\eoYBFHK.exe

C:\Windows\System\eoYBFHK.exe

C:\Windows\System\WjPGXpy.exe

C:\Windows\System\WjPGXpy.exe

C:\Windows\System\ZcSvlbc.exe

C:\Windows\System\ZcSvlbc.exe

C:\Windows\System\GVnDtnd.exe

C:\Windows\System\GVnDtnd.exe

C:\Windows\System\dHdrgEd.exe

C:\Windows\System\dHdrgEd.exe

C:\Windows\System\lQtIWfp.exe

C:\Windows\System\lQtIWfp.exe

C:\Windows\System\xUWMdYy.exe

C:\Windows\System\xUWMdYy.exe

C:\Windows\System\YGYmpNq.exe

C:\Windows\System\YGYmpNq.exe

C:\Windows\System\SYVVdpr.exe

C:\Windows\System\SYVVdpr.exe

C:\Windows\System\XLniXde.exe

C:\Windows\System\XLniXde.exe

C:\Windows\System\iiPUPfV.exe

C:\Windows\System\iiPUPfV.exe

C:\Windows\System\weiXaGa.exe

C:\Windows\System\weiXaGa.exe

C:\Windows\System\fckSanW.exe

C:\Windows\System\fckSanW.exe

C:\Windows\System\hcffoPi.exe

C:\Windows\System\hcffoPi.exe

C:\Windows\System\MFzsGKt.exe

C:\Windows\System\MFzsGKt.exe

C:\Windows\System\iJzqFtA.exe

C:\Windows\System\iJzqFtA.exe

C:\Windows\System\PARcnky.exe

C:\Windows\System\PARcnky.exe

C:\Windows\System\qmCMryP.exe

C:\Windows\System\qmCMryP.exe

C:\Windows\System\VKHNbMO.exe

C:\Windows\System\VKHNbMO.exe

C:\Windows\System\vTcpbXZ.exe

C:\Windows\System\vTcpbXZ.exe

C:\Windows\System\Xpqkour.exe

C:\Windows\System\Xpqkour.exe

C:\Windows\System\dlhaQFe.exe

C:\Windows\System\dlhaQFe.exe

C:\Windows\System\jXBUcVd.exe

C:\Windows\System\jXBUcVd.exe

C:\Windows\System\PlIxqCU.exe

C:\Windows\System\PlIxqCU.exe

C:\Windows\System\RgocghH.exe

C:\Windows\System\RgocghH.exe

C:\Windows\System\JaSsyEk.exe

C:\Windows\System\JaSsyEk.exe

C:\Windows\System\jaJAsXW.exe

C:\Windows\System\jaJAsXW.exe

C:\Windows\System\oYFpedX.exe

C:\Windows\System\oYFpedX.exe

C:\Windows\System\oatMVwk.exe

C:\Windows\System\oatMVwk.exe

C:\Windows\System\YBQMDII.exe

C:\Windows\System\YBQMDII.exe

C:\Windows\System\bqnSRKX.exe

C:\Windows\System\bqnSRKX.exe

C:\Windows\System\AylWrTv.exe

C:\Windows\System\AylWrTv.exe

C:\Windows\System\QglrgzE.exe

C:\Windows\System\QglrgzE.exe

C:\Windows\System\gafdYhK.exe

C:\Windows\System\gafdYhK.exe

C:\Windows\System\LDvZiQo.exe

C:\Windows\System\LDvZiQo.exe

C:\Windows\System\JVXmnEQ.exe

C:\Windows\System\JVXmnEQ.exe

C:\Windows\System\qQnyFdz.exe

C:\Windows\System\qQnyFdz.exe

C:\Windows\System\zJsaSQu.exe

C:\Windows\System\zJsaSQu.exe

C:\Windows\System\XONpyGL.exe

C:\Windows\System\XONpyGL.exe

C:\Windows\System\IMdRMuk.exe

C:\Windows\System\IMdRMuk.exe

C:\Windows\System\rktaQlC.exe

C:\Windows\System\rktaQlC.exe

C:\Windows\System\RMOAXGG.exe

C:\Windows\System\RMOAXGG.exe

C:\Windows\System\jkdJfWG.exe

C:\Windows\System\jkdJfWG.exe

C:\Windows\System\lYNVMdP.exe

C:\Windows\System\lYNVMdP.exe

C:\Windows\System\ShDEoFI.exe

C:\Windows\System\ShDEoFI.exe

C:\Windows\System\LSJJPRp.exe

C:\Windows\System\LSJJPRp.exe

C:\Windows\System\PigkvMA.exe

C:\Windows\System\PigkvMA.exe

C:\Windows\System\KOxKkFc.exe

C:\Windows\System\KOxKkFc.exe

C:\Windows\System\dkNQuHq.exe

C:\Windows\System\dkNQuHq.exe

C:\Windows\System\IKnwEvz.exe

C:\Windows\System\IKnwEvz.exe

C:\Windows\System\PcRqZzI.exe

C:\Windows\System\PcRqZzI.exe

C:\Windows\System\RTLbcTy.exe

C:\Windows\System\RTLbcTy.exe

C:\Windows\System\tKPPKay.exe

C:\Windows\System\tKPPKay.exe

C:\Windows\System\PRuFDYI.exe

C:\Windows\System\PRuFDYI.exe

C:\Windows\System\QMgzwIy.exe

C:\Windows\System\QMgzwIy.exe

C:\Windows\System\Hkcrlwb.exe

C:\Windows\System\Hkcrlwb.exe

C:\Windows\System\xKPjSpH.exe

C:\Windows\System\xKPjSpH.exe

C:\Windows\System\OeSMFqr.exe

C:\Windows\System\OeSMFqr.exe

C:\Windows\System\SXleUgE.exe

C:\Windows\System\SXleUgE.exe

C:\Windows\System\eKvnGQq.exe

C:\Windows\System\eKvnGQq.exe

C:\Windows\System\afUlZFd.exe

C:\Windows\System\afUlZFd.exe

C:\Windows\System\aubVPMp.exe

C:\Windows\System\aubVPMp.exe

C:\Windows\System\zoJLJIh.exe

C:\Windows\System\zoJLJIh.exe

C:\Windows\System\MUjAvWR.exe

C:\Windows\System\MUjAvWR.exe

C:\Windows\System\NzAfHRZ.exe

C:\Windows\System\NzAfHRZ.exe

C:\Windows\System\cOUTQEF.exe

C:\Windows\System\cOUTQEF.exe

C:\Windows\System\KFiLSie.exe

C:\Windows\System\KFiLSie.exe

C:\Windows\System\nGrHYDQ.exe

C:\Windows\System\nGrHYDQ.exe

C:\Windows\System\wVhMvYO.exe

C:\Windows\System\wVhMvYO.exe

C:\Windows\System\LrqAbZc.exe

C:\Windows\System\LrqAbZc.exe

C:\Windows\System\MniPXcM.exe

C:\Windows\System\MniPXcM.exe

C:\Windows\System\caivclJ.exe

C:\Windows\System\caivclJ.exe

C:\Windows\System\dvDHwlm.exe

C:\Windows\System\dvDHwlm.exe

C:\Windows\System\ZevJhIf.exe

C:\Windows\System\ZevJhIf.exe

C:\Windows\System\ORYEbwq.exe

C:\Windows\System\ORYEbwq.exe

C:\Windows\System\CjzbTpM.exe

C:\Windows\System\CjzbTpM.exe

C:\Windows\System\NhQDaRO.exe

C:\Windows\System\NhQDaRO.exe

C:\Windows\System\BgDYjyA.exe

C:\Windows\System\BgDYjyA.exe

C:\Windows\System\ItpCdSu.exe

C:\Windows\System\ItpCdSu.exe

C:\Windows\System\DtgyJcx.exe

C:\Windows\System\DtgyJcx.exe

C:\Windows\System\YCawfmv.exe

C:\Windows\System\YCawfmv.exe

C:\Windows\System\pRfQWAD.exe

C:\Windows\System\pRfQWAD.exe

C:\Windows\System\pWOaXYa.exe

C:\Windows\System\pWOaXYa.exe

C:\Windows\System\bVPNWPr.exe

C:\Windows\System\bVPNWPr.exe

C:\Windows\System\ymKeffM.exe

C:\Windows\System\ymKeffM.exe

C:\Windows\System\botxdWd.exe

C:\Windows\System\botxdWd.exe

C:\Windows\System\CRJczyA.exe

C:\Windows\System\CRJczyA.exe

C:\Windows\System\YqSBaOA.exe

C:\Windows\System\YqSBaOA.exe

C:\Windows\System\tlRpocP.exe

C:\Windows\System\tlRpocP.exe

C:\Windows\System\jsCvQMC.exe

C:\Windows\System\jsCvQMC.exe

C:\Windows\System\DxSPNKW.exe

C:\Windows\System\DxSPNKW.exe

C:\Windows\System\GDeHntS.exe

C:\Windows\System\GDeHntS.exe

C:\Windows\System\mwUBcSH.exe

C:\Windows\System\mwUBcSH.exe

C:\Windows\System\bRTLJQQ.exe

C:\Windows\System\bRTLJQQ.exe

C:\Windows\System\hSJOZFu.exe

C:\Windows\System\hSJOZFu.exe

C:\Windows\System\TZrXKXR.exe

C:\Windows\System\TZrXKXR.exe

C:\Windows\System\tyVpBUA.exe

C:\Windows\System\tyVpBUA.exe

C:\Windows\System\KiDVLfS.exe

C:\Windows\System\KiDVLfS.exe

C:\Windows\System\womFHMi.exe

C:\Windows\System\womFHMi.exe

C:\Windows\System\XfmfLen.exe

C:\Windows\System\XfmfLen.exe

C:\Windows\System\zOYTvme.exe

C:\Windows\System\zOYTvme.exe

C:\Windows\System\TWZlhhX.exe

C:\Windows\System\TWZlhhX.exe

C:\Windows\System\VFHcnvU.exe

C:\Windows\System\VFHcnvU.exe

C:\Windows\System\gUqPoXS.exe

C:\Windows\System\gUqPoXS.exe

C:\Windows\System\ucNQrOk.exe

C:\Windows\System\ucNQrOk.exe

C:\Windows\System\xboHsJt.exe

C:\Windows\System\xboHsJt.exe

C:\Windows\System\JaOFimR.exe

C:\Windows\System\JaOFimR.exe

C:\Windows\System\rDzltsU.exe

C:\Windows\System\rDzltsU.exe

C:\Windows\System\tjyzBiM.exe

C:\Windows\System\tjyzBiM.exe

C:\Windows\System\vOxynZW.exe

C:\Windows\System\vOxynZW.exe

C:\Windows\System\owlsoTJ.exe

C:\Windows\System\owlsoTJ.exe

C:\Windows\System\RJeavPe.exe

C:\Windows\System\RJeavPe.exe

C:\Windows\System\XhCbaVE.exe

C:\Windows\System\XhCbaVE.exe

C:\Windows\System\XGohBHw.exe

C:\Windows\System\XGohBHw.exe

C:\Windows\System\jVukihM.exe

C:\Windows\System\jVukihM.exe

C:\Windows\System\GWZYxRE.exe

C:\Windows\System\GWZYxRE.exe

C:\Windows\System\ebLFNBC.exe

C:\Windows\System\ebLFNBC.exe

C:\Windows\System\yzODSFd.exe

C:\Windows\System\yzODSFd.exe

C:\Windows\System\CBKDHOm.exe

C:\Windows\System\CBKDHOm.exe

C:\Windows\System\DydMKES.exe

C:\Windows\System\DydMKES.exe

C:\Windows\System\RHXZjqC.exe

C:\Windows\System\RHXZjqC.exe

C:\Windows\System\vLsTbDX.exe

C:\Windows\System\vLsTbDX.exe

C:\Windows\System\VhmYzHS.exe

C:\Windows\System\VhmYzHS.exe

C:\Windows\System\kBVVjdP.exe

C:\Windows\System\kBVVjdP.exe

C:\Windows\System\NvmQSCg.exe

C:\Windows\System\NvmQSCg.exe

C:\Windows\System\lmEVCmB.exe

C:\Windows\System\lmEVCmB.exe

C:\Windows\System\hqqAoNM.exe

C:\Windows\System\hqqAoNM.exe

C:\Windows\System\VdZEUuo.exe

C:\Windows\System\VdZEUuo.exe

C:\Windows\System\sgcknhu.exe

C:\Windows\System\sgcknhu.exe

C:\Windows\System\jEfxdxF.exe

C:\Windows\System\jEfxdxF.exe

C:\Windows\System\vaDYIcv.exe

C:\Windows\System\vaDYIcv.exe

C:\Windows\System\plKzWwk.exe

C:\Windows\System\plKzWwk.exe

C:\Windows\System\berhZCc.exe

C:\Windows\System\berhZCc.exe

C:\Windows\System\oTkGVuT.exe

C:\Windows\System\oTkGVuT.exe

C:\Windows\System\ZppWEdn.exe

C:\Windows\System\ZppWEdn.exe

C:\Windows\System\IDxOETj.exe

C:\Windows\System\IDxOETj.exe

C:\Windows\System\QvkClIf.exe

C:\Windows\System\QvkClIf.exe

C:\Windows\System\UIeLOEI.exe

C:\Windows\System\UIeLOEI.exe

C:\Windows\System\eVOHYLG.exe

C:\Windows\System\eVOHYLG.exe

C:\Windows\System\GuXsPoX.exe

C:\Windows\System\GuXsPoX.exe

C:\Windows\System\pFncJka.exe

C:\Windows\System\pFncJka.exe

C:\Windows\System\gRNTwIM.exe

C:\Windows\System\gRNTwIM.exe

C:\Windows\System\hVMXnEg.exe

C:\Windows\System\hVMXnEg.exe

C:\Windows\System\kmJlHaf.exe

C:\Windows\System\kmJlHaf.exe

C:\Windows\System\EZHtGkp.exe

C:\Windows\System\EZHtGkp.exe

C:\Windows\System\ufPPBHs.exe

C:\Windows\System\ufPPBHs.exe

C:\Windows\System\dPtllIi.exe

C:\Windows\System\dPtllIi.exe

C:\Windows\System\NLEVYgm.exe

C:\Windows\System\NLEVYgm.exe

C:\Windows\System\Gawpfmu.exe

C:\Windows\System\Gawpfmu.exe

C:\Windows\System\oouijRr.exe

C:\Windows\System\oouijRr.exe

C:\Windows\System\TyMkVlD.exe

C:\Windows\System\TyMkVlD.exe

C:\Windows\System\YsJQcYy.exe

C:\Windows\System\YsJQcYy.exe

C:\Windows\System\dqzPWLJ.exe

C:\Windows\System\dqzPWLJ.exe

C:\Windows\System\SpUjqZn.exe

C:\Windows\System\SpUjqZn.exe

C:\Windows\System\DKThvAa.exe

C:\Windows\System\DKThvAa.exe

C:\Windows\System\bBloIyp.exe

C:\Windows\System\bBloIyp.exe

C:\Windows\System\GSZmTWe.exe

C:\Windows\System\GSZmTWe.exe

C:\Windows\System\JxmLRgj.exe

C:\Windows\System\JxmLRgj.exe

C:\Windows\System\gqZNFtU.exe

C:\Windows\System\gqZNFtU.exe

C:\Windows\System\esFSKSe.exe

C:\Windows\System\esFSKSe.exe

C:\Windows\System\ROVlkwb.exe

C:\Windows\System\ROVlkwb.exe

C:\Windows\System\eGVQeWe.exe

C:\Windows\System\eGVQeWe.exe

C:\Windows\System\pTdYuEy.exe

C:\Windows\System\pTdYuEy.exe

C:\Windows\System\SwYBbRr.exe

C:\Windows\System\SwYBbRr.exe

C:\Windows\System\tnoZxkO.exe

C:\Windows\System\tnoZxkO.exe

C:\Windows\System\GZPDmuz.exe

C:\Windows\System\GZPDmuz.exe

C:\Windows\System\EDfLYER.exe

C:\Windows\System\EDfLYER.exe

C:\Windows\System\TKXfxPz.exe

C:\Windows\System\TKXfxPz.exe

C:\Windows\System\MhBNFbQ.exe

C:\Windows\System\MhBNFbQ.exe

C:\Windows\System\fpwGtqt.exe

C:\Windows\System\fpwGtqt.exe

C:\Windows\System\rsIjWOS.exe

C:\Windows\System\rsIjWOS.exe

C:\Windows\System\quUuIUt.exe

C:\Windows\System\quUuIUt.exe

C:\Windows\System\qZvKOkM.exe

C:\Windows\System\qZvKOkM.exe

C:\Windows\System\mAsDNJe.exe

C:\Windows\System\mAsDNJe.exe

C:\Windows\System\LlEnAHH.exe

C:\Windows\System\LlEnAHH.exe

C:\Windows\System\YlQzMlK.exe

C:\Windows\System\YlQzMlK.exe

C:\Windows\System\CanPnOk.exe

C:\Windows\System\CanPnOk.exe

C:\Windows\System\NijDKcN.exe

C:\Windows\System\NijDKcN.exe

C:\Windows\System\veIwwSb.exe

C:\Windows\System\veIwwSb.exe

C:\Windows\System\hFuOgNP.exe

C:\Windows\System\hFuOgNP.exe

C:\Windows\System\JvDUUMm.exe

C:\Windows\System\JvDUUMm.exe

C:\Windows\System\pFbTEEI.exe

C:\Windows\System\pFbTEEI.exe

C:\Windows\System\WWyfURc.exe

C:\Windows\System\WWyfURc.exe

C:\Windows\System\rMSItwI.exe

C:\Windows\System\rMSItwI.exe

C:\Windows\System\sWLZiDf.exe

C:\Windows\System\sWLZiDf.exe

C:\Windows\System\xgfntYP.exe

C:\Windows\System\xgfntYP.exe

C:\Windows\System\KEXVEhe.exe

C:\Windows\System\KEXVEhe.exe

C:\Windows\System\fmumUSE.exe

C:\Windows\System\fmumUSE.exe

C:\Windows\System\daqnDNv.exe

C:\Windows\System\daqnDNv.exe

C:\Windows\System\fvKWbHD.exe

C:\Windows\System\fvKWbHD.exe

C:\Windows\System\RbyFubH.exe

C:\Windows\System\RbyFubH.exe

C:\Windows\System\dngCvoy.exe

C:\Windows\System\dngCvoy.exe

C:\Windows\System\SGsjlBm.exe

C:\Windows\System\SGsjlBm.exe

C:\Windows\System\UVFaeWe.exe

C:\Windows\System\UVFaeWe.exe

C:\Windows\System\gJdQUNy.exe

C:\Windows\System\gJdQUNy.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4384-0-0x00007FF715750000-0x00007FF715AA4000-memory.dmp

memory/4384-1-0x0000017815FD0000-0x0000017815FE0000-memory.dmp

C:\Windows\System\iNiPIqy.exe

MD5 35138423311ad30d2c7fc3e2533bc1c4
SHA1 5f5104c0ae8bfdbd36e35002623bb95a59295544
SHA256 3e63d2c615dc9c072fce57dfef9f272280cfd708d1ba6e150edb51029c9336ea
SHA512 d6ca6c7b3c89a8c1e05db9565d495614fe7c64b47f8ab7b172887a2d28abbccd24a7283bc024274847365b49270df6ad8efc8e21efd0bca480f774b25571ae10

C:\Windows\System\rkfAszf.exe

MD5 1ea1ecd32bddca325f19cf74761c89da
SHA1 1bf711805ee2ffe8663b6d9c88a284959264e432
SHA256 fa8591f4fcffc6d6960921fbadc781668d3141bd6348017352e9e5bb399597d7
SHA512 f0e71a6bee3297c4ea478ab31fc457151ece29e5c027f9d473394627cc4b0c4ace5f71d3e27e83f604d82b0dffd8ac6a54a4862c44deb1beec91a7a0a82c8a2b

memory/5104-19-0x00007FF6C7A80000-0x00007FF6C7DD4000-memory.dmp

C:\Windows\System\aMWECqg.exe

MD5 0b6b69de84507263fe6a9d847f15e2a9
SHA1 66cd8323e3fa4b9d728763d932149964bf350487
SHA256 42bc75eaf3073efdb274d5c14844146231520386ac71fcae8e3b4f8acfcbb235
SHA512 fb13de1db0d20946021d8ab0022e90db713b67c830c08dc16c11850cc328d3b42cce52d4a459210483e53b9f9ddc4dc343709c1e14370a137f6b1c52c509ac93

C:\Windows\System\zVNVpvq.exe

MD5 014f59829dcdb58c110d1fa58bcaeca4
SHA1 80807245bf5a69ca883782ca94e24cdafaa0ab31
SHA256 ad6baa61cfeb8f3e4353e8856732bd4404cce0ccaf86b891894edb1155ea5c94
SHA512 6c7ac8dad969e014a4513eb071dd3a64d4d26c36e62ae84ddd16926ea1db184ded1af9a5cb3e91464ac7e65a0d6715857bc86a262c46110bc42bd4ea7aecd1f9

C:\Windows\System\oLcSgxX.exe

MD5 20fa2b0ce61c51d7a3a3101c40152fc2
SHA1 6423f88db8d9e5074c7aee9cdf542ae27fa1a3ae
SHA256 95ed5a6594d2d451ff79d916b53bedc71707b39f369a8b9094e2f31751df8302
SHA512 c4fc5fae08161ab1c70c756435862abb31be5d1594e91a0d2af3e6b592916c20416b716a799ac137a7c996b861969cc456918657afeeaaf217b1529c7879d6fc

C:\Windows\System\NzLIvPu.exe

MD5 4f71acdb941e7b9f94853cc345b7fc28
SHA1 a6efb300b070846c53efcc264703a0f17873e3c0
SHA256 24e2882b5da0e47a66dec852485f98e6c54100344661d338abdf1972eb2369aa
SHA512 696e16c4179b31d2d3acf681b1bd230b82be51c7bf25644e03b288162edc12af1fdb660a24873ba4e5f5a4d9a90f6bb0762b4334b40de8045d573eb2afb7694b

C:\Windows\System\YTakyVK.exe

MD5 8f8a3b49152c7fd5ee889c019866bfef
SHA1 4bc12519143ca8e99ace048011c6319261a2bb00
SHA256 e1a1d8131a98e9eb28ba8d2ed2557c437562652a152764bffa92afaef596edda
SHA512 488b20f0b4a271868743c9ec2c0d810a5b65f88275588c0e05587b2301671b41936876d220418cd9a3b239e51a453bf7453794ee5bdb6e4f6bfbe881458b83b0

C:\Windows\System\HQXEwxq.exe

MD5 c27902a3e6ab6d3c7cfcda183bc4fac7
SHA1 593a9e12c46ada82ad56cc562b9f2f3ac794d8e7
SHA256 8301154c65d9f45cc118f54aca1fece22c345df89b40a8f6391a1c5b5ad2f230
SHA512 dbbe261501e8685c0f3a8bc1f30727f4e60ae34466d962ed760191e4acea6e904f68c77faba7cb2dae60b68c9f175b95071c90863a3da03b59196af513ee5d77

C:\Windows\System\UzXVcmV.exe

MD5 e9fc77938eb853fd3d042c210b1a41ff
SHA1 e11dc5ce652055f3becc48c9ffdd4df1bd8689c0
SHA256 dc318397433348b21cbab4b4be0ae3e0374b46eab341c50e8b6d3d8f166ac899
SHA512 4668f7d0e9ea8c3d0f4ab2581b738946327969290a9551292341ed22b69ff01884b14cbe91f2f0753e9df9c63b2c1b0cd8f8581fcafa59455849bc02ff4f163d

C:\Windows\System\ZCIGdeB.exe

MD5 fd57c0cc162131a35dfcf7da6ef4c131
SHA1 947234e55aaa65dd1e0ed089a2198c709a9829ba
SHA256 d3d022f288b45457dbfce445700087ced8847bd5e98f562dbc80c875a4130322
SHA512 9c35a653ebb3840edd2fbe7dd93a00f49476760d9b6484e89ec21ff92665de629cb207c4bfff1336fe12410734adc80e0ae67396fe00e68984c4ea1d8005e984

memory/824-586-0x00007FF6A6FF0000-0x00007FF6A7344000-memory.dmp

memory/1540-587-0x00007FF65C630000-0x00007FF65C984000-memory.dmp

memory/3160-588-0x00007FF7B3300000-0x00007FF7B3654000-memory.dmp

memory/2344-589-0x00007FF6680B0000-0x00007FF668404000-memory.dmp

memory/2092-590-0x00007FF60CC10000-0x00007FF60CF64000-memory.dmp

memory/2008-591-0x00007FF7613B0000-0x00007FF761704000-memory.dmp

memory/2484-597-0x00007FF73BCA0000-0x00007FF73BFF4000-memory.dmp

memory/1332-612-0x00007FF7236C0000-0x00007FF723A14000-memory.dmp

memory/3824-625-0x00007FF7230A0000-0x00007FF7233F4000-memory.dmp

memory/4196-648-0x00007FF7BA1E0000-0x00007FF7BA534000-memory.dmp

memory/1256-654-0x00007FF6C1930000-0x00007FF6C1C84000-memory.dmp

memory/664-657-0x00007FF70C0F0000-0x00007FF70C444000-memory.dmp

memory/4024-668-0x00007FF7C8F60000-0x00007FF7C92B4000-memory.dmp

memory/3828-675-0x00007FF7334F0000-0x00007FF733844000-memory.dmp

memory/2668-662-0x00007FF63B020000-0x00007FF63B374000-memory.dmp

memory/1988-650-0x00007FF782270000-0x00007FF7825C4000-memory.dmp

memory/4808-643-0x00007FF7BC0E0000-0x00007FF7BC434000-memory.dmp

memory/1356-638-0x00007FF6D3580000-0x00007FF6D38D4000-memory.dmp

memory/3380-636-0x00007FF7B9A40000-0x00007FF7B9D94000-memory.dmp

memory/748-632-0x00007FF7B49D0000-0x00007FF7B4D24000-memory.dmp

memory/3804-621-0x00007FF73D030000-0x00007FF73D384000-memory.dmp

memory/2044-616-0x00007FF74B270000-0x00007FF74B5C4000-memory.dmp

memory/1444-606-0x00007FF6C01E0000-0x00007FF6C0534000-memory.dmp

memory/2652-600-0x00007FF7AFD70000-0x00007FF7B00C4000-memory.dmp

memory/1900-592-0x00007FF6EF5E0000-0x00007FF6EF934000-memory.dmp

C:\Windows\System\hvkcukF.exe

MD5 554105acd2dc696bbb063149a5029d4e
SHA1 23c3ed2de5a142904e1729b6f639d9ca5238fd7f
SHA256 69e9ae106ac47599d220d0ab33edd71d60cf657242b3a345c6fffb4b7471a5a6
SHA512 b841fdae2ea7ec1316008c4ee23846a1e94422e0e38d6cc0e2347bc81a91c404470b1fac3848907a99129177435f3bec5ff85fb0eba195ce86985a7f89bae2aa

C:\Windows\System\BGsSPlz.exe

MD5 b73a1c77471aa7a1fe4f561369ec259d
SHA1 d311cc98593926b4315899c4eacfeddf0ef52019
SHA256 17d9ce1ff2c947f841458a9c349ed791d1eb580f651cb461e71864c1480962cc
SHA512 979c0662f19c2ffe3cbeeed7e8c3dcfb8ad50fd1f370e4ab245c555ea0075cfca29b504b7afcca358ef8788c4ae4c612f6844261e43b6594bc97f73b4f8eb7cd

C:\Windows\System\fobfuxx.exe

MD5 c552cd2d0cd4b9f55995c0a125c26858
SHA1 c8f48de93b8618594f649c443b970ca2595bd91d
SHA256 8e02012008b63083ad764e38987df6778da75e53493f863643e0319966d1d7e8
SHA512 60873338ed94398101a35c09820f0d139940afb92969a295e24d8aef5b7303be6105c76ef0b684b60240bdb2aacff33522bce3308a28b8fbf542070ed0649402

C:\Windows\System\lmOwQyc.exe

MD5 d41ed81ea9c675d9a0a03585f4a40e1c
SHA1 8391a75a21595765573c6dd774c09f36df9bd227
SHA256 e16e37bdd705b1a9d8b4ba881195a6f05cc15e2ea72b388f1c05ae4382f47e89
SHA512 d4c0f13e9b21a0b4de8df19c02f52ba35dad5a09a72d979c9d664bd975b49fa4c75a3c20fd9c5cab24832b1f5ace8732b33d6474a39060378a6a076677bc13ca

C:\Windows\System\SoKhgfI.exe

MD5 f3e0dadb86d6d7c1868c46f2acc36770
SHA1 cd2e45d483ff63ca8999fa836eb5a7993e6644f6
SHA256 33bfc66cc3202de6df5ef1b448b48944c1acfe87e449f67c45c6af81706323c7
SHA512 29617488f3a2143900d12b8c3b512554335c99bdbcf458476d94652c200ec21b50ef5fa192478b5890f63009c3221431cd610a023668634d22c76ef04c6ed850

C:\Windows\System\sqlaLpY.exe

MD5 d48fd4c426b5b4cb420aa99b3bf945d5
SHA1 531617fb63b26225f8e67e174eb3d82636371fcf
SHA256 af2597a05fd9dabd9069443cf0f2e44821fe486e9047b749f1c3f26385c25dd9
SHA512 0ce0634a8d1b4e46970f70fe98ced57a3419140cb0f20c3c8ac3b02ab0e33a237395f2a78f4ceb676f49dd14789b2477846926a1bd5dffc46dd8d783dc0e923d

C:\Windows\System\RswYmFK.exe

MD5 c493c9ce709c756691643e8b5049b177
SHA1 1b44d6d20fc92b3fb24d4f7e3c67727aeac153f0
SHA256 cd70c747f18ba0a13223685f6492340de096e78b76498e4360a20066c283e02c
SHA512 a57fca5223ded8dfbfc058d10766b32b6e8617f278312ce72cc3e9dd89bb7a4c2d8679adf07877f2aed1206e7f6639b30622a7968fba61b520cf614e5b25495a

C:\Windows\System\tCezDFX.exe

MD5 d724363b6bd0c11b672b129efc916d7f
SHA1 63a0b7d1d4fc618afec19ffe5c44e6dba998001a
SHA256 5c0692015fc72a853c34e728100242a19ca6738eff1f0e6ad4c6d987ff4b169f
SHA512 e5db0d2e16b55f0412e26382a15a3957edd802fa2d8137c216523013e14029e9d351e84833083255ac7d634187aea8b0a194ec4bbc01fd3cd797d8fa541c0085

C:\Windows\System\bAHCBDP.exe

MD5 ba080f7762d16ae330aa3bfc731cfa37
SHA1 89e9ade7931f170d6b9f81031d15041217fe13e5
SHA256 1d461ab14cdc45e35286abf541024ecf305ba35e1b14cd86dd02e8aae5e431e5
SHA512 eef0e392cfa229ff60cd4bbdd9f8a142f0a3fb04bf3a7bbacb39ee3ebb0cc29709108938f0cc7ff02426a3d5fa7879cedaa50a5fa033b392a1373cd5ad99aab1

C:\Windows\System\AKkZkcI.exe

MD5 91c502a3e24d642e34c17d6e1b3d91c4
SHA1 c500ce328ecb546073d89c28fa12380e3ce2432b
SHA256 5ca3d232176e14a6184917922a594a90d227ac44068867b49961430582590713
SHA512 1b2997939f51afab5895dfe3cf52e90778f9a7f40177c0101f93a5638ea151d3afbe72e362062c0339ae3adff007170430a68810643b5dc6aaa48af399a01f10

C:\Windows\System\dyLGrGA.exe

MD5 ac9cc518916f0285a0f265fb90206429
SHA1 65a7d76ebe30680ad3a999a5e77e31bcc53bafe3
SHA256 d48eeeb6eebf41d2fa9d9958218710bd8e00da86a0f92e14f006ae108695ae49
SHA512 6a15e64f2dafcf5a7a194f56578955b3c84643e691d05373c5ba633a0a04941b79c391860f599f443e7e43ac2dc1d70cf3acc85e01c29942f730edbee80d8c01

C:\Windows\System\bkyniwg.exe

MD5 b8b9f86517562c72ead545b71eb080c2
SHA1 1ad8e1f15a002a79be30ee90a8a446e1d3fd2c38
SHA256 45b55590b0c378ca6a7c8b1300a2eee79ae6bbb6342f45fe25bd8bd295f76315
SHA512 a0bb12c072a10d6bb152a3b5bef45ef1e400e18bfdaf7c61038a3cb613ebd5522690383b4e7d5cc6dde6e8c0c212476075de82eba37c6741184afd7669d82254

C:\Windows\System\cdFGYkJ.exe

MD5 ea878bad98922943c703376c75c9afea
SHA1 c6269154a2d485ce5a04657808ffcb761078602d
SHA256 672f24012c3195939765ac6386f283eb6bebbb6581d2319b1905ad5c1eb8491f
SHA512 902c5b8b0e76adfa1991948f47155c3ccc1356f6b7cadd4b63b85ba51a605cb09b9aab1ba17873091defd6b7f49e4a5875c8d79d4cdc6fc9d80bc265fffe6af8

C:\Windows\System\CbVgCVd.exe

MD5 330083e2bb61e2cdcb4d7a465ce610b3
SHA1 87e2ef5fdf44911d4c3cb9dbf529c9bec0652670
SHA256 4f8fcb3e58461603c769c92483d31f0bba21309fb15833cc1b0a9dc218a082ba
SHA512 879020171343bf4a92d0115d434915432396f039e698b0a607c557f6913a43310364051920c5a19a4413baa35a6224b3e104b724b4cb9e2711ea99cc16e1bac2

C:\Windows\System\cDCsErX.exe

MD5 d6334050663f480586f8b22450d967fd
SHA1 2782ef9b2342f8e5d6e76142e499d41c40f55031
SHA256 7d94c1ff6a5e3759a01799493257765a84c6684e6429cb48e0b861dd7a941ee9
SHA512 59593666b005eee219ef37fe1c7c2a7d0df49b4264adb4e2bec6c34fac78d11d14039e40f253f124080f613eea485a36efc3829b762525446487eee456f43217

C:\Windows\System\tSiBrfF.exe

MD5 b1ddc1b198994850941ee4397defd9eb
SHA1 e8e8d6ef934c7d8f50c005f5ba396637d116b4b2
SHA256 1c2b387fbe9427c267e2e4d68dd1f64bb3b1d9b85921f887857214797b9fd6a2
SHA512 4a5e4370b5521eea5ed486ed00cd2e0903b530fd108cf9fac1acadaae2e41803496b860344853a64e50a17efb8e337859ca0377bb06035d82d194fc62bc91669

C:\Windows\System\LeheNgb.exe

MD5 1c1882a135ec0abbce81df8e577156f1
SHA1 0e57111c953835db91637fe482f56ecc06dcc7ff
SHA256 d7b5540228a325f7020e837174d2ac15e39ec7cd90baf321f3e5c338114c5e46
SHA512 08960d45742f913c624106cb445bf7802ac202ff66bc2f606b21b02b82e13ec5898d36a74ec749a9bf1907b19717b0fc84781c75e9b9bd72716b2c2418a8e7d7

C:\Windows\System\kONONLz.exe

MD5 07ce00ef2f96aeda3434c6b5bb22638c
SHA1 aa6819ffde385dab915438889401244390e79604
SHA256 cfd293c3975de122b62307e295db9948b843401375c6f4706ef275d925a6679f
SHA512 dab54033ddbf116016e4d803e0b18d566d0fb30bd813e040444b6eb6d1adcb264721894f2f5268bdf5c0682fca3c4efb587b642454afeaa2359ec40526959586

C:\Windows\System\teRVWsV.exe

MD5 115d1addc49ce29719d818d81c49f19b
SHA1 dc212d1206eb96aacdf3272c69f5abcb16c248b2
SHA256 a6ddffa6226149c1754052f0396a60ce19ec7d2664307a8a75ab64504ed3dc75
SHA512 05306d32435d53a6bb67cf772b3d318a1ea91dc4d2e0c9a0e66e3380d6b0337fb13997bab18a838a0fc7713625d919bd009d852f0f4e24400666603591b2b35d

C:\Windows\System\NCjADsi.exe

MD5 7c0d3ec66b9b053875436b30cc876b42
SHA1 2d5d48e5e0a41a2a2cbcb462abd4ee42eba59401
SHA256 fe8189cea6e372a3569faf55e176e74c8a18061d6d1a8c6c74664279424e997e
SHA512 8636deda9f7ac5647d4360fea150bf7b55a20dec83346c9850262b61325710c4b9d6405858c62b6598c7725b17bc2aad3c601e18deaf8d3c87de4ace0183ee69

C:\Windows\System\iibjFvs.exe

MD5 bf71efa5fe3e3dc5fba0aa208f2754f3
SHA1 8d3286ea57b07656c50d633a56f2e8516b7f6f23
SHA256 6ff82fbedd12ee0247fefdc41078bf789ec0f544659b6215ed27706c608ff31a
SHA512 5e41c7052c3f7db9b1472384c498da55f1190e7dd4114f6d9498ecadbcd9c718c7dfb39817134326262e0e29aa73228ce34b5c7125ea997f121cbeb02aed9f74

memory/820-26-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp

C:\Windows\System\IeCMbNB.exe

MD5 00cb9f9672a58c20af8db3a9efc4c8b9
SHA1 daf8118591cf4adefec72da374cea2b297ef354f
SHA256 02a09630790709f91f89a76d1aec343bf4005a6b12690239f37845fa2557259c
SHA512 0bd0501c25a48d22181b2922400d39de28add6e7673e41d4a2f8d6c86da93acd50fbbeb1e111a2c337898944db19bab17dcb8ec1e23e649df05b572f5f490517

C:\Windows\System\LzEhBid.exe

MD5 48200dbb43693e6e8e1151c01bae94d7
SHA1 714cb1f23811119e6906bd9f9bdcfddab35ad871
SHA256 f51c0d3449ed74b27f3026026d21b703bcdab2f3634a48bc2d10b341c1d1f20f
SHA512 0c43e5f8785b0bfba182756745bcc2cc346daa969ea05d174dce0f7d23261c8afb64a55f56e97c1ffe21db795d155d748b963afc3f08cbfdeb70d8b3cb9e732a

memory/4032-20-0x00007FF6CFCE0000-0x00007FF6D0034000-memory.dmp

memory/1048-9-0x00007FF7934B0000-0x00007FF793804000-memory.dmp

memory/4384-1070-0x00007FF715750000-0x00007FF715AA4000-memory.dmp

memory/1048-1071-0x00007FF7934B0000-0x00007FF793804000-memory.dmp

memory/4032-1072-0x00007FF6CFCE0000-0x00007FF6D0034000-memory.dmp

memory/820-1073-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp

memory/1048-1074-0x00007FF7934B0000-0x00007FF793804000-memory.dmp

memory/5104-1075-0x00007FF6C7A80000-0x00007FF6C7DD4000-memory.dmp

memory/820-1076-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp

memory/4032-1077-0x00007FF6CFCE0000-0x00007FF6D0034000-memory.dmp

memory/1540-1080-0x00007FF65C630000-0x00007FF65C984000-memory.dmp

memory/824-1081-0x00007FF6A6FF0000-0x00007FF6A7344000-memory.dmp

memory/3160-1079-0x00007FF7B3300000-0x00007FF7B3654000-memory.dmp

memory/2344-1078-0x00007FF6680B0000-0x00007FF668404000-memory.dmp

memory/2668-1091-0x00007FF63B020000-0x00007FF63B374000-memory.dmp

memory/3828-1101-0x00007FF7334F0000-0x00007FF733844000-memory.dmp

memory/4024-1102-0x00007FF7C8F60000-0x00007FF7C92B4000-memory.dmp

memory/1256-1100-0x00007FF6C1930000-0x00007FF6C1C84000-memory.dmp

memory/664-1099-0x00007FF70C0F0000-0x00007FF70C444000-memory.dmp

memory/2092-1098-0x00007FF60CC10000-0x00007FF60CF64000-memory.dmp

memory/2652-1097-0x00007FF7AFD70000-0x00007FF7B00C4000-memory.dmp

memory/2044-1096-0x00007FF74B270000-0x00007FF74B5C4000-memory.dmp

memory/3804-1095-0x00007FF73D030000-0x00007FF73D384000-memory.dmp

memory/748-1094-0x00007FF7B49D0000-0x00007FF7B4D24000-memory.dmp

memory/3380-1093-0x00007FF7B9A40000-0x00007FF7B9D94000-memory.dmp

memory/1356-1092-0x00007FF6D3580000-0x00007FF6D38D4000-memory.dmp

memory/1900-1089-0x00007FF6EF5E0000-0x00007FF6EF934000-memory.dmp

memory/1444-1087-0x00007FF6C01E0000-0x00007FF6C0534000-memory.dmp

memory/1332-1086-0x00007FF7236C0000-0x00007FF723A14000-memory.dmp

memory/4196-1085-0x00007FF7BA1E0000-0x00007FF7BA534000-memory.dmp

memory/1988-1084-0x00007FF782270000-0x00007FF7825C4000-memory.dmp

memory/2008-1090-0x00007FF7613B0000-0x00007FF761704000-memory.dmp

memory/2484-1088-0x00007FF73BCA0000-0x00007FF73BFF4000-memory.dmp

memory/3824-1083-0x00007FF7230A0000-0x00007FF7233F4000-memory.dmp

memory/4808-1082-0x00007FF7BC0E0000-0x00007FF7BC434000-memory.dmp