Malware Analysis Report

2024-10-10 09:18

Sample ID 240625-3mwm9s1bje
Target 24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe
SHA256 24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1

Threat Level: Known bad

The file 24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

xmrig

KPOT Core Executable

Xmrig family

Kpot family

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 23:38

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 23:38

Reported

2024-06-25 23:40

Platform

win7-20240611-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ASAROsm.exe N/A
N/A N/A C:\Windows\System\GEbHppf.exe N/A
N/A N/A C:\Windows\System\ErnZfyi.exe N/A
N/A N/A C:\Windows\System\LAeGFHQ.exe N/A
N/A N/A C:\Windows\System\ogYLQop.exe N/A
N/A N/A C:\Windows\System\eijzzjT.exe N/A
N/A N/A C:\Windows\System\dpmWkYz.exe N/A
N/A N/A C:\Windows\System\qGZSaCT.exe N/A
N/A N/A C:\Windows\System\fQAhmkB.exe N/A
N/A N/A C:\Windows\System\Vwlvkjo.exe N/A
N/A N/A C:\Windows\System\gBzjWZc.exe N/A
N/A N/A C:\Windows\System\tIODCsn.exe N/A
N/A N/A C:\Windows\System\lWynXwB.exe N/A
N/A N/A C:\Windows\System\FiFdXhH.exe N/A
N/A N/A C:\Windows\System\aPNKjQV.exe N/A
N/A N/A C:\Windows\System\LHlXjiR.exe N/A
N/A N/A C:\Windows\System\uMdknbV.exe N/A
N/A N/A C:\Windows\System\HuIbqTB.exe N/A
N/A N/A C:\Windows\System\ZJpIruA.exe N/A
N/A N/A C:\Windows\System\OtWxasP.exe N/A
N/A N/A C:\Windows\System\gNUcbfx.exe N/A
N/A N/A C:\Windows\System\Ilwndzc.exe N/A
N/A N/A C:\Windows\System\hmctvSu.exe N/A
N/A N/A C:\Windows\System\qnQGqxg.exe N/A
N/A N/A C:\Windows\System\GNwVznQ.exe N/A
N/A N/A C:\Windows\System\WTKEPrq.exe N/A
N/A N/A C:\Windows\System\CGtxVSR.exe N/A
N/A N/A C:\Windows\System\LZNWvuQ.exe N/A
N/A N/A C:\Windows\System\DXnDUYn.exe N/A
N/A N/A C:\Windows\System\AqMPxVR.exe N/A
N/A N/A C:\Windows\System\wFeQodn.exe N/A
N/A N/A C:\Windows\System\rDYtype.exe N/A
N/A N/A C:\Windows\System\gJxTFsd.exe N/A
N/A N/A C:\Windows\System\ZkzQsTD.exe N/A
N/A N/A C:\Windows\System\aguUVfB.exe N/A
N/A N/A C:\Windows\System\kHjLbUf.exe N/A
N/A N/A C:\Windows\System\KuOAUCB.exe N/A
N/A N/A C:\Windows\System\NkHRSlw.exe N/A
N/A N/A C:\Windows\System\ZynwrQB.exe N/A
N/A N/A C:\Windows\System\CIPhZbu.exe N/A
N/A N/A C:\Windows\System\qVsUAJr.exe N/A
N/A N/A C:\Windows\System\uFAODuG.exe N/A
N/A N/A C:\Windows\System\DBwZygY.exe N/A
N/A N/A C:\Windows\System\nzBpZNm.exe N/A
N/A N/A C:\Windows\System\TpKvQhK.exe N/A
N/A N/A C:\Windows\System\gtyAOpU.exe N/A
N/A N/A C:\Windows\System\zEcsOYA.exe N/A
N/A N/A C:\Windows\System\nKGKUBa.exe N/A
N/A N/A C:\Windows\System\fDeiSME.exe N/A
N/A N/A C:\Windows\System\RUdnogZ.exe N/A
N/A N/A C:\Windows\System\sPksAXc.exe N/A
N/A N/A C:\Windows\System\VtIHsQk.exe N/A
N/A N/A C:\Windows\System\qMRobTu.exe N/A
N/A N/A C:\Windows\System\kKscTPU.exe N/A
N/A N/A C:\Windows\System\VbIwvYz.exe N/A
N/A N/A C:\Windows\System\JymlvFY.exe N/A
N/A N/A C:\Windows\System\ilJHFID.exe N/A
N/A N/A C:\Windows\System\taHIWdC.exe N/A
N/A N/A C:\Windows\System\zkKhgEV.exe N/A
N/A N/A C:\Windows\System\xehIfAR.exe N/A
N/A N/A C:\Windows\System\mldltbz.exe N/A
N/A N/A C:\Windows\System\DXNuCCH.exe N/A
N/A N/A C:\Windows\System\iCjKCuN.exe N/A
N/A N/A C:\Windows\System\RTLGaqt.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HiqTAdl.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\AEFwvhT.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZQfqMi.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiRwsVo.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsTcxcH.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCZJbEV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcIrXwY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKGKUBa.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeEVDLA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZQjVoXw.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\opBHVZC.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UuNKfNr.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWwFQGh.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCNeyCj.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OaAeXlz.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksaKoSe.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiQcGWP.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQVlljD.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\okfIdsR.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\aguUVfB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\PpQcFMY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\EFRkXZA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\bynHVrF.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJpIruA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkHRSlw.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBwZygY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\IXLFOUb.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\Drjamji.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGnboWK.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XygfIrX.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxokQeM.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LEpGopa.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xehIfAR.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEQfTdG.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WZSeYaC.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMhyvuc.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgRosyC.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\axFmXAy.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXeivML.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\exPbxMM.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OKsIOOU.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPkIawW.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sPksAXc.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKscTPU.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpGafWL.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\riZeYbG.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUIjcvN.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNiRAvL.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdEnELK.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgJFslB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPMUqRD.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELqRQIo.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJTTrNv.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KZzVaax.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\AqMPxVR.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaXzGou.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\TPseYjP.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ejijxAL.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgvgDll.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGZSaCT.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LblQAwg.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\jNAKnjV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\mrRNrmz.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\eoJrXPA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ASAROsm.exe
PID 2208 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ASAROsm.exe
PID 2208 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ASAROsm.exe
PID 2208 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GEbHppf.exe
PID 2208 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GEbHppf.exe
PID 2208 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GEbHppf.exe
PID 2208 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ErnZfyi.exe
PID 2208 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ErnZfyi.exe
PID 2208 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ErnZfyi.exe
PID 2208 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LAeGFHQ.exe
PID 2208 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LAeGFHQ.exe
PID 2208 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LAeGFHQ.exe
PID 2208 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ogYLQop.exe
PID 2208 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ogYLQop.exe
PID 2208 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ogYLQop.exe
PID 2208 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\eijzzjT.exe
PID 2208 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\eijzzjT.exe
PID 2208 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\eijzzjT.exe
PID 2208 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\dpmWkYz.exe
PID 2208 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\dpmWkYz.exe
PID 2208 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\dpmWkYz.exe
PID 2208 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qGZSaCT.exe
PID 2208 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qGZSaCT.exe
PID 2208 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qGZSaCT.exe
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\fQAhmkB.exe
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\fQAhmkB.exe
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\fQAhmkB.exe
PID 2208 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Vwlvkjo.exe
PID 2208 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Vwlvkjo.exe
PID 2208 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Vwlvkjo.exe
PID 2208 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gBzjWZc.exe
PID 2208 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gBzjWZc.exe
PID 2208 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gBzjWZc.exe
PID 2208 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\tIODCsn.exe
PID 2208 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\tIODCsn.exe
PID 2208 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\tIODCsn.exe
PID 2208 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\lWynXwB.exe
PID 2208 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\lWynXwB.exe
PID 2208 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\lWynXwB.exe
PID 2208 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\FiFdXhH.exe
PID 2208 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\FiFdXhH.exe
PID 2208 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\FiFdXhH.exe
PID 2208 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\aPNKjQV.exe
PID 2208 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\aPNKjQV.exe
PID 2208 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\aPNKjQV.exe
PID 2208 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LHlXjiR.exe
PID 2208 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LHlXjiR.exe
PID 2208 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LHlXjiR.exe
PID 2208 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\uMdknbV.exe
PID 2208 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\uMdknbV.exe
PID 2208 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\uMdknbV.exe
PID 2208 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\HuIbqTB.exe
PID 2208 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\HuIbqTB.exe
PID 2208 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\HuIbqTB.exe
PID 2208 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ZJpIruA.exe
PID 2208 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ZJpIruA.exe
PID 2208 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ZJpIruA.exe
PID 2208 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\OtWxasP.exe
PID 2208 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\OtWxasP.exe
PID 2208 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\OtWxasP.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gNUcbfx.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gNUcbfx.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gNUcbfx.exe
PID 2208 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Ilwndzc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe"

C:\Windows\System\ASAROsm.exe

C:\Windows\System\ASAROsm.exe

C:\Windows\System\GEbHppf.exe

C:\Windows\System\GEbHppf.exe

C:\Windows\System\ErnZfyi.exe

C:\Windows\System\ErnZfyi.exe

C:\Windows\System\LAeGFHQ.exe

C:\Windows\System\LAeGFHQ.exe

C:\Windows\System\ogYLQop.exe

C:\Windows\System\ogYLQop.exe

C:\Windows\System\eijzzjT.exe

C:\Windows\System\eijzzjT.exe

C:\Windows\System\dpmWkYz.exe

C:\Windows\System\dpmWkYz.exe

C:\Windows\System\qGZSaCT.exe

C:\Windows\System\qGZSaCT.exe

C:\Windows\System\fQAhmkB.exe

C:\Windows\System\fQAhmkB.exe

C:\Windows\System\Vwlvkjo.exe

C:\Windows\System\Vwlvkjo.exe

C:\Windows\System\gBzjWZc.exe

C:\Windows\System\gBzjWZc.exe

C:\Windows\System\tIODCsn.exe

C:\Windows\System\tIODCsn.exe

C:\Windows\System\lWynXwB.exe

C:\Windows\System\lWynXwB.exe

C:\Windows\System\FiFdXhH.exe

C:\Windows\System\FiFdXhH.exe

C:\Windows\System\aPNKjQV.exe

C:\Windows\System\aPNKjQV.exe

C:\Windows\System\LHlXjiR.exe

C:\Windows\System\LHlXjiR.exe

C:\Windows\System\uMdknbV.exe

C:\Windows\System\uMdknbV.exe

C:\Windows\System\HuIbqTB.exe

C:\Windows\System\HuIbqTB.exe

C:\Windows\System\ZJpIruA.exe

C:\Windows\System\ZJpIruA.exe

C:\Windows\System\OtWxasP.exe

C:\Windows\System\OtWxasP.exe

C:\Windows\System\gNUcbfx.exe

C:\Windows\System\gNUcbfx.exe

C:\Windows\System\Ilwndzc.exe

C:\Windows\System\Ilwndzc.exe

C:\Windows\System\hmctvSu.exe

C:\Windows\System\hmctvSu.exe

C:\Windows\System\qnQGqxg.exe

C:\Windows\System\qnQGqxg.exe

C:\Windows\System\GNwVznQ.exe

C:\Windows\System\GNwVznQ.exe

C:\Windows\System\WTKEPrq.exe

C:\Windows\System\WTKEPrq.exe

C:\Windows\System\CGtxVSR.exe

C:\Windows\System\CGtxVSR.exe

C:\Windows\System\LZNWvuQ.exe

C:\Windows\System\LZNWvuQ.exe

C:\Windows\System\DXnDUYn.exe

C:\Windows\System\DXnDUYn.exe

C:\Windows\System\AqMPxVR.exe

C:\Windows\System\AqMPxVR.exe

C:\Windows\System\wFeQodn.exe

C:\Windows\System\wFeQodn.exe

C:\Windows\System\rDYtype.exe

C:\Windows\System\rDYtype.exe

C:\Windows\System\gJxTFsd.exe

C:\Windows\System\gJxTFsd.exe

C:\Windows\System\ZkzQsTD.exe

C:\Windows\System\ZkzQsTD.exe

C:\Windows\System\aguUVfB.exe

C:\Windows\System\aguUVfB.exe

C:\Windows\System\kHjLbUf.exe

C:\Windows\System\kHjLbUf.exe

C:\Windows\System\KuOAUCB.exe

C:\Windows\System\KuOAUCB.exe

C:\Windows\System\NkHRSlw.exe

C:\Windows\System\NkHRSlw.exe

C:\Windows\System\ZynwrQB.exe

C:\Windows\System\ZynwrQB.exe

C:\Windows\System\CIPhZbu.exe

C:\Windows\System\CIPhZbu.exe

C:\Windows\System\qVsUAJr.exe

C:\Windows\System\qVsUAJr.exe

C:\Windows\System\uFAODuG.exe

C:\Windows\System\uFAODuG.exe

C:\Windows\System\DBwZygY.exe

C:\Windows\System\DBwZygY.exe

C:\Windows\System\TpKvQhK.exe

C:\Windows\System\TpKvQhK.exe

C:\Windows\System\nzBpZNm.exe

C:\Windows\System\nzBpZNm.exe

C:\Windows\System\gtyAOpU.exe

C:\Windows\System\gtyAOpU.exe

C:\Windows\System\zEcsOYA.exe

C:\Windows\System\zEcsOYA.exe

C:\Windows\System\nKGKUBa.exe

C:\Windows\System\nKGKUBa.exe

C:\Windows\System\fDeiSME.exe

C:\Windows\System\fDeiSME.exe

C:\Windows\System\RUdnogZ.exe

C:\Windows\System\RUdnogZ.exe

C:\Windows\System\sPksAXc.exe

C:\Windows\System\sPksAXc.exe

C:\Windows\System\VtIHsQk.exe

C:\Windows\System\VtIHsQk.exe

C:\Windows\System\qMRobTu.exe

C:\Windows\System\qMRobTu.exe

C:\Windows\System\kKscTPU.exe

C:\Windows\System\kKscTPU.exe

C:\Windows\System\VbIwvYz.exe

C:\Windows\System\VbIwvYz.exe

C:\Windows\System\JymlvFY.exe

C:\Windows\System\JymlvFY.exe

C:\Windows\System\ilJHFID.exe

C:\Windows\System\ilJHFID.exe

C:\Windows\System\zkKhgEV.exe

C:\Windows\System\zkKhgEV.exe

C:\Windows\System\taHIWdC.exe

C:\Windows\System\taHIWdC.exe

C:\Windows\System\mldltbz.exe

C:\Windows\System\mldltbz.exe

C:\Windows\System\xehIfAR.exe

C:\Windows\System\xehIfAR.exe

C:\Windows\System\iCjKCuN.exe

C:\Windows\System\iCjKCuN.exe

C:\Windows\System\DXNuCCH.exe

C:\Windows\System\DXNuCCH.exe

C:\Windows\System\RTLGaqt.exe

C:\Windows\System\RTLGaqt.exe

C:\Windows\System\zUThBvl.exe

C:\Windows\System\zUThBvl.exe

C:\Windows\System\HHpZEOR.exe

C:\Windows\System\HHpZEOR.exe

C:\Windows\System\lgRosyC.exe

C:\Windows\System\lgRosyC.exe

C:\Windows\System\ELZNgUc.exe

C:\Windows\System\ELZNgUc.exe

C:\Windows\System\qvJLYpN.exe

C:\Windows\System\qvJLYpN.exe

C:\Windows\System\GGkrJMi.exe

C:\Windows\System\GGkrJMi.exe

C:\Windows\System\giRbovb.exe

C:\Windows\System\giRbovb.exe

C:\Windows\System\UbEnzkF.exe

C:\Windows\System\UbEnzkF.exe

C:\Windows\System\hZGOTPI.exe

C:\Windows\System\hZGOTPI.exe

C:\Windows\System\AAWZLlC.exe

C:\Windows\System\AAWZLlC.exe

C:\Windows\System\dRGekPl.exe

C:\Windows\System\dRGekPl.exe

C:\Windows\System\HiqTAdl.exe

C:\Windows\System\HiqTAdl.exe

C:\Windows\System\JEQfTdG.exe

C:\Windows\System\JEQfTdG.exe

C:\Windows\System\LzNxaFk.exe

C:\Windows\System\LzNxaFk.exe

C:\Windows\System\OpGafWL.exe

C:\Windows\System\OpGafWL.exe

C:\Windows\System\dBzZHjG.exe

C:\Windows\System\dBzZHjG.exe

C:\Windows\System\WZSeYaC.exe

C:\Windows\System\WZSeYaC.exe

C:\Windows\System\izFqbUK.exe

C:\Windows\System\izFqbUK.exe

C:\Windows\System\msDCcIB.exe

C:\Windows\System\msDCcIB.exe

C:\Windows\System\mQcksEt.exe

C:\Windows\System\mQcksEt.exe

C:\Windows\System\qDDdoCv.exe

C:\Windows\System\qDDdoCv.exe

C:\Windows\System\FrcVcZI.exe

C:\Windows\System\FrcVcZI.exe

C:\Windows\System\tutpBnu.exe

C:\Windows\System\tutpBnu.exe

C:\Windows\System\NwFEQTF.exe

C:\Windows\System\NwFEQTF.exe

C:\Windows\System\WRGhqXe.exe

C:\Windows\System\WRGhqXe.exe

C:\Windows\System\XITAAqg.exe

C:\Windows\System\XITAAqg.exe

C:\Windows\System\IXLFOUb.exe

C:\Windows\System\IXLFOUb.exe

C:\Windows\System\iKDBIkW.exe

C:\Windows\System\iKDBIkW.exe

C:\Windows\System\QpDPtjC.exe

C:\Windows\System\QpDPtjC.exe

C:\Windows\System\Drjamji.exe

C:\Windows\System\Drjamji.exe

C:\Windows\System\QFVNtPz.exe

C:\Windows\System\QFVNtPz.exe

C:\Windows\System\mRfrWgJ.exe

C:\Windows\System\mRfrWgJ.exe

C:\Windows\System\ONVJReW.exe

C:\Windows\System\ONVJReW.exe

C:\Windows\System\izcqZIN.exe

C:\Windows\System\izcqZIN.exe

C:\Windows\System\gfOnQcl.exe

C:\Windows\System\gfOnQcl.exe

C:\Windows\System\hRYFmAf.exe

C:\Windows\System\hRYFmAf.exe

C:\Windows\System\OaAeXlz.exe

C:\Windows\System\OaAeXlz.exe

C:\Windows\System\wOqHZtZ.exe

C:\Windows\System\wOqHZtZ.exe

C:\Windows\System\BLumtlG.exe

C:\Windows\System\BLumtlG.exe

C:\Windows\System\IAMVHyQ.exe

C:\Windows\System\IAMVHyQ.exe

C:\Windows\System\WyHybZj.exe

C:\Windows\System\WyHybZj.exe

C:\Windows\System\bWbNpTV.exe

C:\Windows\System\bWbNpTV.exe

C:\Windows\System\WeEVDLA.exe

C:\Windows\System\WeEVDLA.exe

C:\Windows\System\mTWLsPx.exe

C:\Windows\System\mTWLsPx.exe

C:\Windows\System\XUFguer.exe

C:\Windows\System\XUFguer.exe

C:\Windows\System\TLOYmSa.exe

C:\Windows\System\TLOYmSa.exe

C:\Windows\System\KleqKtV.exe

C:\Windows\System\KleqKtV.exe

C:\Windows\System\pxBtbYl.exe

C:\Windows\System\pxBtbYl.exe

C:\Windows\System\SOYafKY.exe

C:\Windows\System\SOYafKY.exe

C:\Windows\System\svISyIC.exe

C:\Windows\System\svISyIC.exe

C:\Windows\System\FdxKmhZ.exe

C:\Windows\System\FdxKmhZ.exe

C:\Windows\System\BDUVHjV.exe

C:\Windows\System\BDUVHjV.exe

C:\Windows\System\XHoSbAe.exe

C:\Windows\System\XHoSbAe.exe

C:\Windows\System\fiVJPgY.exe

C:\Windows\System\fiVJPgY.exe

C:\Windows\System\CbVpoDz.exe

C:\Windows\System\CbVpoDz.exe

C:\Windows\System\BPduero.exe

C:\Windows\System\BPduero.exe

C:\Windows\System\sFbYqNd.exe

C:\Windows\System\sFbYqNd.exe

C:\Windows\System\unEatZM.exe

C:\Windows\System\unEatZM.exe

C:\Windows\System\JpKfrZm.exe

C:\Windows\System\JpKfrZm.exe

C:\Windows\System\PSQoUKi.exe

C:\Windows\System\PSQoUKi.exe

C:\Windows\System\mzwoOfo.exe

C:\Windows\System\mzwoOfo.exe

C:\Windows\System\bziGFZr.exe

C:\Windows\System\bziGFZr.exe

C:\Windows\System\axFmXAy.exe

C:\Windows\System\axFmXAy.exe

C:\Windows\System\GuXexUe.exe

C:\Windows\System\GuXexUe.exe

C:\Windows\System\ZHRqxkx.exe

C:\Windows\System\ZHRqxkx.exe

C:\Windows\System\JZYymAn.exe

C:\Windows\System\JZYymAn.exe

C:\Windows\System\riZeYbG.exe

C:\Windows\System\riZeYbG.exe

C:\Windows\System\kfLWAoL.exe

C:\Windows\System\kfLWAoL.exe

C:\Windows\System\tUEHimN.exe

C:\Windows\System\tUEHimN.exe

C:\Windows\System\drVksjO.exe

C:\Windows\System\drVksjO.exe

C:\Windows\System\RAzJFxN.exe

C:\Windows\System\RAzJFxN.exe

C:\Windows\System\fGEayjO.exe

C:\Windows\System\fGEayjO.exe

C:\Windows\System\yqxQMHw.exe

C:\Windows\System\yqxQMHw.exe

C:\Windows\System\HuaeJUg.exe

C:\Windows\System\HuaeJUg.exe

C:\Windows\System\OSfUJdr.exe

C:\Windows\System\OSfUJdr.exe

C:\Windows\System\QUOYHAJ.exe

C:\Windows\System\QUOYHAJ.exe

C:\Windows\System\xMjJSVe.exe

C:\Windows\System\xMjJSVe.exe

C:\Windows\System\bdAFFbn.exe

C:\Windows\System\bdAFFbn.exe

C:\Windows\System\kbNOjNa.exe

C:\Windows\System\kbNOjNa.exe

C:\Windows\System\tqqKVUf.exe

C:\Windows\System\tqqKVUf.exe

C:\Windows\System\oRallTR.exe

C:\Windows\System\oRallTR.exe

C:\Windows\System\UVvUTkS.exe

C:\Windows\System\UVvUTkS.exe

C:\Windows\System\XETbTSV.exe

C:\Windows\System\XETbTSV.exe

C:\Windows\System\ZQjVoXw.exe

C:\Windows\System\ZQjVoXw.exe

C:\Windows\System\VILgXpI.exe

C:\Windows\System\VILgXpI.exe

C:\Windows\System\IVacsJf.exe

C:\Windows\System\IVacsJf.exe

C:\Windows\System\AGnboWK.exe

C:\Windows\System\AGnboWK.exe

C:\Windows\System\RYvQVJV.exe

C:\Windows\System\RYvQVJV.exe

C:\Windows\System\Qmvamdm.exe

C:\Windows\System\Qmvamdm.exe

C:\Windows\System\Ewirtty.exe

C:\Windows\System\Ewirtty.exe

C:\Windows\System\TDwRBmk.exe

C:\Windows\System\TDwRBmk.exe

C:\Windows\System\hnqWVBB.exe

C:\Windows\System\hnqWVBB.exe

C:\Windows\System\ReQSWbK.exe

C:\Windows\System\ReQSWbK.exe

C:\Windows\System\RMhyvuc.exe

C:\Windows\System\RMhyvuc.exe

C:\Windows\System\rdzQyzd.exe

C:\Windows\System\rdzQyzd.exe

C:\Windows\System\dyQoYUE.exe

C:\Windows\System\dyQoYUE.exe

C:\Windows\System\fSGMBpR.exe

C:\Windows\System\fSGMBpR.exe

C:\Windows\System\ksaKoSe.exe

C:\Windows\System\ksaKoSe.exe

C:\Windows\System\qohFdhc.exe

C:\Windows\System\qohFdhc.exe

C:\Windows\System\ISYMSjo.exe

C:\Windows\System\ISYMSjo.exe

C:\Windows\System\PpQcFMY.exe

C:\Windows\System\PpQcFMY.exe

C:\Windows\System\xQdeoEk.exe

C:\Windows\System\xQdeoEk.exe

C:\Windows\System\DoYUtAk.exe

C:\Windows\System\DoYUtAk.exe

C:\Windows\System\fufJvpJ.exe

C:\Windows\System\fufJvpJ.exe

C:\Windows\System\AkdQeLY.exe

C:\Windows\System\AkdQeLY.exe

C:\Windows\System\UBLgqUV.exe

C:\Windows\System\UBLgqUV.exe

C:\Windows\System\hxGNfrf.exe

C:\Windows\System\hxGNfrf.exe

C:\Windows\System\YFVVhEG.exe

C:\Windows\System\YFVVhEG.exe

C:\Windows\System\bzTGmfT.exe

C:\Windows\System\bzTGmfT.exe

C:\Windows\System\tNdZgFe.exe

C:\Windows\System\tNdZgFe.exe

C:\Windows\System\nxcaTrf.exe

C:\Windows\System\nxcaTrf.exe

C:\Windows\System\LblQAwg.exe

C:\Windows\System\LblQAwg.exe

C:\Windows\System\goDYoyh.exe

C:\Windows\System\goDYoyh.exe

C:\Windows\System\rhxPHke.exe

C:\Windows\System\rhxPHke.exe

C:\Windows\System\jNAKnjV.exe

C:\Windows\System\jNAKnjV.exe

C:\Windows\System\rdMdGgW.exe

C:\Windows\System\rdMdGgW.exe

C:\Windows\System\opBHVZC.exe

C:\Windows\System\opBHVZC.exe

C:\Windows\System\GzSmbfB.exe

C:\Windows\System\GzSmbfB.exe

C:\Windows\System\eAizmXY.exe

C:\Windows\System\eAizmXY.exe

C:\Windows\System\lFuecxc.exe

C:\Windows\System\lFuecxc.exe

C:\Windows\System\kyYBAkG.exe

C:\Windows\System\kyYBAkG.exe

C:\Windows\System\CPsTwGs.exe

C:\Windows\System\CPsTwGs.exe

C:\Windows\System\nZDYBBF.exe

C:\Windows\System\nZDYBBF.exe

C:\Windows\System\LLipDMW.exe

C:\Windows\System\LLipDMW.exe

C:\Windows\System\XygfIrX.exe

C:\Windows\System\XygfIrX.exe

C:\Windows\System\GQYWIGy.exe

C:\Windows\System\GQYWIGy.exe

C:\Windows\System\YnNwVna.exe

C:\Windows\System\YnNwVna.exe

C:\Windows\System\AEFwvhT.exe

C:\Windows\System\AEFwvhT.exe

C:\Windows\System\eaLEZnn.exe

C:\Windows\System\eaLEZnn.exe

C:\Windows\System\UuNKfNr.exe

C:\Windows\System\UuNKfNr.exe

C:\Windows\System\aGGPjdR.exe

C:\Windows\System\aGGPjdR.exe

C:\Windows\System\DrpnJiX.exe

C:\Windows\System\DrpnJiX.exe

C:\Windows\System\gUIjcvN.exe

C:\Windows\System\gUIjcvN.exe

C:\Windows\System\yXeivML.exe

C:\Windows\System\yXeivML.exe

C:\Windows\System\EFRkXZA.exe

C:\Windows\System\EFRkXZA.exe

C:\Windows\System\mrRNrmz.exe

C:\Windows\System\mrRNrmz.exe

C:\Windows\System\qIGLiym.exe

C:\Windows\System\qIGLiym.exe

C:\Windows\System\bynHVrF.exe

C:\Windows\System\bynHVrF.exe

C:\Windows\System\nqmNNfw.exe

C:\Windows\System\nqmNNfw.exe

C:\Windows\System\jGBGbxb.exe

C:\Windows\System\jGBGbxb.exe

C:\Windows\System\Cusrbmm.exe

C:\Windows\System\Cusrbmm.exe

C:\Windows\System\vzXTEoT.exe

C:\Windows\System\vzXTEoT.exe

C:\Windows\System\ddlwsTv.exe

C:\Windows\System\ddlwsTv.exe

C:\Windows\System\tBjeJig.exe

C:\Windows\System\tBjeJig.exe

C:\Windows\System\uWGuKnt.exe

C:\Windows\System\uWGuKnt.exe

C:\Windows\System\QOWVJZa.exe

C:\Windows\System\QOWVJZa.exe

C:\Windows\System\NTkXxod.exe

C:\Windows\System\NTkXxod.exe

C:\Windows\System\eoJrXPA.exe

C:\Windows\System\eoJrXPA.exe

C:\Windows\System\MHhnNgS.exe

C:\Windows\System\MHhnNgS.exe

C:\Windows\System\azFAdqr.exe

C:\Windows\System\azFAdqr.exe

C:\Windows\System\hTrdEkR.exe

C:\Windows\System\hTrdEkR.exe

C:\Windows\System\BGXXkjZ.exe

C:\Windows\System\BGXXkjZ.exe

C:\Windows\System\CiQcGWP.exe

C:\Windows\System\CiQcGWP.exe

C:\Windows\System\qNiRAvL.exe

C:\Windows\System\qNiRAvL.exe

C:\Windows\System\fkKwTzN.exe

C:\Windows\System\fkKwTzN.exe

C:\Windows\System\pZQfqMi.exe

C:\Windows\System\pZQfqMi.exe

C:\Windows\System\LgIVxvJ.exe

C:\Windows\System\LgIVxvJ.exe

C:\Windows\System\exPbxMM.exe

C:\Windows\System\exPbxMM.exe

C:\Windows\System\lWwFQGh.exe

C:\Windows\System\lWwFQGh.exe

C:\Windows\System\GQjAqMP.exe

C:\Windows\System\GQjAqMP.exe

C:\Windows\System\DTqNSXy.exe

C:\Windows\System\DTqNSXy.exe

C:\Windows\System\LLyGSPb.exe

C:\Windows\System\LLyGSPb.exe

C:\Windows\System\RwcKhKn.exe

C:\Windows\System\RwcKhKn.exe

C:\Windows\System\KAQoHAb.exe

C:\Windows\System\KAQoHAb.exe

C:\Windows\System\cBZMazu.exe

C:\Windows\System\cBZMazu.exe

C:\Windows\System\KzPfbco.exe

C:\Windows\System\KzPfbco.exe

C:\Windows\System\EiRwsVo.exe

C:\Windows\System\EiRwsVo.exe

C:\Windows\System\jaXzGou.exe

C:\Windows\System\jaXzGou.exe

C:\Windows\System\FGiPmTb.exe

C:\Windows\System\FGiPmTb.exe

C:\Windows\System\jTVeylk.exe

C:\Windows\System\jTVeylk.exe

C:\Windows\System\FuxviDl.exe

C:\Windows\System\FuxviDl.exe

C:\Windows\System\QPcXzmA.exe

C:\Windows\System\QPcXzmA.exe

C:\Windows\System\tsTcxcH.exe

C:\Windows\System\tsTcxcH.exe

C:\Windows\System\ZgsMSGr.exe

C:\Windows\System\ZgsMSGr.exe

C:\Windows\System\DhNeEQj.exe

C:\Windows\System\DhNeEQj.exe

C:\Windows\System\BrruUPn.exe

C:\Windows\System\BrruUPn.exe

C:\Windows\System\tLBHvdE.exe

C:\Windows\System\tLBHvdE.exe

C:\Windows\System\vVfQvhN.exe

C:\Windows\System\vVfQvhN.exe

C:\Windows\System\JLEOWpB.exe

C:\Windows\System\JLEOWpB.exe

C:\Windows\System\zfARSnm.exe

C:\Windows\System\zfARSnm.exe

C:\Windows\System\NZIcuSp.exe

C:\Windows\System\NZIcuSp.exe

C:\Windows\System\jnCxscI.exe

C:\Windows\System\jnCxscI.exe

C:\Windows\System\lkTFItE.exe

C:\Windows\System\lkTFItE.exe

C:\Windows\System\ayxlsDc.exe

C:\Windows\System\ayxlsDc.exe

C:\Windows\System\OKsIOOU.exe

C:\Windows\System\OKsIOOU.exe

C:\Windows\System\qCNeyCj.exe

C:\Windows\System\qCNeyCj.exe

C:\Windows\System\tgWsfNv.exe

C:\Windows\System\tgWsfNv.exe

C:\Windows\System\hcIrXwY.exe

C:\Windows\System\hcIrXwY.exe

C:\Windows\System\CYeVMPa.exe

C:\Windows\System\CYeVMPa.exe

C:\Windows\System\gGKwQNS.exe

C:\Windows\System\gGKwQNS.exe

C:\Windows\System\NlADbgA.exe

C:\Windows\System\NlADbgA.exe

C:\Windows\System\TPseYjP.exe

C:\Windows\System\TPseYjP.exe

C:\Windows\System\pddbHMT.exe

C:\Windows\System\pddbHMT.exe

C:\Windows\System\DMoSaDs.exe

C:\Windows\System\DMoSaDs.exe

C:\Windows\System\NxokQeM.exe

C:\Windows\System\NxokQeM.exe

C:\Windows\System\YPXuSJZ.exe

C:\Windows\System\YPXuSJZ.exe

C:\Windows\System\fVutnwA.exe

C:\Windows\System\fVutnwA.exe

C:\Windows\System\xnOFTkq.exe

C:\Windows\System\xnOFTkq.exe

C:\Windows\System\fziQlTo.exe

C:\Windows\System\fziQlTo.exe

C:\Windows\System\qPtjHxE.exe

C:\Windows\System\qPtjHxE.exe

C:\Windows\System\IdEnELK.exe

C:\Windows\System\IdEnELK.exe

C:\Windows\System\LEpGopa.exe

C:\Windows\System\LEpGopa.exe

C:\Windows\System\BBCtzBk.exe

C:\Windows\System\BBCtzBk.exe

C:\Windows\System\AUQNTxi.exe

C:\Windows\System\AUQNTxi.exe

C:\Windows\System\HmfwfPa.exe

C:\Windows\System\HmfwfPa.exe

C:\Windows\System\oCiOVqh.exe

C:\Windows\System\oCiOVqh.exe

C:\Windows\System\ckgvqDm.exe

C:\Windows\System\ckgvqDm.exe

C:\Windows\System\uOqOJYg.exe

C:\Windows\System\uOqOJYg.exe

C:\Windows\System\ejijxAL.exe

C:\Windows\System\ejijxAL.exe

C:\Windows\System\QdfFyJV.exe

C:\Windows\System\QdfFyJV.exe

C:\Windows\System\nlzLuDZ.exe

C:\Windows\System\nlzLuDZ.exe

C:\Windows\System\mMOuoFf.exe

C:\Windows\System\mMOuoFf.exe

C:\Windows\System\cQVlljD.exe

C:\Windows\System\cQVlljD.exe

C:\Windows\System\CSjqiOs.exe

C:\Windows\System\CSjqiOs.exe

C:\Windows\System\loMowTl.exe

C:\Windows\System\loMowTl.exe

C:\Windows\System\XStuCBd.exe

C:\Windows\System\XStuCBd.exe

C:\Windows\System\iPkIawW.exe

C:\Windows\System\iPkIawW.exe

C:\Windows\System\FFgCliv.exe

C:\Windows\System\FFgCliv.exe

C:\Windows\System\vgJFslB.exe

C:\Windows\System\vgJFslB.exe

C:\Windows\System\hyOVspN.exe

C:\Windows\System\hyOVspN.exe

C:\Windows\System\upZjuXX.exe

C:\Windows\System\upZjuXX.exe

C:\Windows\System\ZCZJbEV.exe

C:\Windows\System\ZCZJbEV.exe

C:\Windows\System\tWlCfii.exe

C:\Windows\System\tWlCfii.exe

C:\Windows\System\bwTXujx.exe

C:\Windows\System\bwTXujx.exe

C:\Windows\System\OYprLDd.exe

C:\Windows\System\OYprLDd.exe

C:\Windows\System\aILFPdn.exe

C:\Windows\System\aILFPdn.exe

C:\Windows\System\FyyqzHC.exe

C:\Windows\System\FyyqzHC.exe

C:\Windows\System\WSjBhjU.exe

C:\Windows\System\WSjBhjU.exe

C:\Windows\System\KgIstiK.exe

C:\Windows\System\KgIstiK.exe

C:\Windows\System\VxpJAHi.exe

C:\Windows\System\VxpJAHi.exe

C:\Windows\System\okfIdsR.exe

C:\Windows\System\okfIdsR.exe

C:\Windows\System\nNBQfbe.exe

C:\Windows\System\nNBQfbe.exe

C:\Windows\System\UjMIbBT.exe

C:\Windows\System\UjMIbBT.exe

C:\Windows\System\xSsDExC.exe

C:\Windows\System\xSsDExC.exe

C:\Windows\System\VFedYjg.exe

C:\Windows\System\VFedYjg.exe

C:\Windows\System\LBXDhuJ.exe

C:\Windows\System\LBXDhuJ.exe

C:\Windows\System\aPMUqRD.exe

C:\Windows\System\aPMUqRD.exe

C:\Windows\System\oOrrtuu.exe

C:\Windows\System\oOrrtuu.exe

C:\Windows\System\OSukmfA.exe

C:\Windows\System\OSukmfA.exe

C:\Windows\System\AhvvvTJ.exe

C:\Windows\System\AhvvvTJ.exe

C:\Windows\System\kWmPxtB.exe

C:\Windows\System\kWmPxtB.exe

C:\Windows\System\kvXoRaR.exe

C:\Windows\System\kvXoRaR.exe

C:\Windows\System\ELqRQIo.exe

C:\Windows\System\ELqRQIo.exe

C:\Windows\System\OJTTrNv.exe

C:\Windows\System\OJTTrNv.exe

C:\Windows\System\nLErmAr.exe

C:\Windows\System\nLErmAr.exe

C:\Windows\System\zMCFqHw.exe

C:\Windows\System\zMCFqHw.exe

C:\Windows\System\KZzVaax.exe

C:\Windows\System\KZzVaax.exe

C:\Windows\System\PVqHIBX.exe

C:\Windows\System\PVqHIBX.exe

C:\Windows\System\zTwYFhw.exe

C:\Windows\System\zTwYFhw.exe

C:\Windows\System\XrAhPjV.exe

C:\Windows\System\XrAhPjV.exe

C:\Windows\System\vgvgDll.exe

C:\Windows\System\vgvgDll.exe

C:\Windows\System\BptiLuQ.exe

C:\Windows\System\BptiLuQ.exe

C:\Windows\System\xvquXft.exe

C:\Windows\System\xvquXft.exe

C:\Windows\System\VjgHdSN.exe

C:\Windows\System\VjgHdSN.exe

C:\Windows\System\gEjuSAk.exe

C:\Windows\System\gEjuSAk.exe

C:\Windows\System\WFNPvFn.exe

C:\Windows\System\WFNPvFn.exe

C:\Windows\System\zwXToDk.exe

C:\Windows\System\zwXToDk.exe

C:\Windows\System\aEcoQRY.exe

C:\Windows\System\aEcoQRY.exe

C:\Windows\System\dCFMnnq.exe

C:\Windows\System\dCFMnnq.exe

C:\Windows\System\sToiEXU.exe

C:\Windows\System\sToiEXU.exe

C:\Windows\System\gZCyuFO.exe

C:\Windows\System\gZCyuFO.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2208-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2208-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ASAROsm.exe

MD5 14a2c33372941c71bf8a4984a86c32d3
SHA1 687162416c9422275ed403c1c5480aead0afcfc9
SHA256 4ceb9072be4950b760a0a0b045a8af5184176fb4c525d6fb4010a87ffe1a796f
SHA512 3733a7e7bfda77b2a20b919a66277f79dbda57134a0fbdf178c6171d5122d44d02aa6d8e0e1324ee9d5e3e8ad5856a09f6f0e9206e6cd153948ba47b2c08d864

\Windows\system\GEbHppf.exe

MD5 12719cef42ba13e784ccb157eb9b7cd8
SHA1 9546402dd1c6e54901543988e1551d9cfa6fb82b
SHA256 96c6d48432818a478daba57202f43eaaa15b3028fb56f6e6717caebe07646992
SHA512 369e233b9824588f4d647f3e773127d4ea46fcbf7a7b9a350c05311f0d8607ecefc5b017f8a00171ef355ce25181b392ae3fa74807088d0ec218172ca9c60f9d

C:\Windows\system\ErnZfyi.exe

MD5 41e0fa419ce5657423b8d1cf44e41f8e
SHA1 e3f47feb24e631bc9967d4190cd41697eb4e7124
SHA256 6ce02b377cfee90a65e2fb0dca9287a71a0c2b9828b0a7d7a0f26a155ae05e15
SHA512 b1f2e7579a89e9c7419d74b4943ef5bdac64a20854a33db0de36aebb2afed6cd6c16b3b33b551ccaf77995e84ac3142e76a5fb13e7e408d8a2e154003699358e

\Windows\system\LAeGFHQ.exe

MD5 95bcce312b84b1c69047258c7b4a2513
SHA1 a9009947be0124c243f1d3c756148351271651c4
SHA256 d5df0cf8543c5f981ae5cdde7b011ef186bc8c57bd4783f86180f711457b6893
SHA512 881a2e3e1f64d3684ed0326e975d5911c6763a1bf1f2cdfc1a6d1a073c649dd083c053b405fed30985939def2ccf0076c6cd036902afbe3321c4390e84dd8189

C:\Windows\system\fQAhmkB.exe

MD5 1e0c1aeb97c2bc2f195e93167aa01d18
SHA1 9ec20c9ecf00b1c545306f378af7a6024be2fee3
SHA256 3055706cf91f5b7d72756cb93ac5c66bd89e347774dce42b050b857441bb9762
SHA512 7ad9aed0ce827d85bb1719caefbf9167b3c2c0310c99a4686dcc6c03eeec5303ebe828639e2b4ae20da386c4e66c5ddfebf42fcd48fa79879211f2c7d79667d6

C:\Windows\system\FiFdXhH.exe

MD5 cd369eff731f4fdc0782c695faaaee47
SHA1 a98833fa50986212a5f3899e3b0d0e049d230ddf
SHA256 02438743d642404f1c4c4c039524cd751ef660998b55085452e405a511ba4440
SHA512 c629d001fd4220cbd49c1fbfada9e463353b57830f1706e34ec3de46f87da36c1a9786f2ff51582d2594e74ac1c82c26573b58fa9f3e9d2aa7d2312b6688cd9e

C:\Windows\system\LHlXjiR.exe

MD5 ea098d7dd8e10bbfac5046ed813899da
SHA1 f591fa1afa9ed04e6a9ff48cd2dd4ab342bfb861
SHA256 bac384d94c70d39e6d3c1faee7be4c9ce55484adb383ca5419115f317be595d9
SHA512 1a031c936ad741d5a93a65e5800c6dc825da30d525b1d2f743c71b6ed1cfe6f027842e62b4dadd513c7140f7e6f2cab3f901c7704b60064bcc988e12e2f5a774

C:\Windows\system\HuIbqTB.exe

MD5 564c494b4ec6d29ba30cacaf4c31fb6b
SHA1 c4848795dc2a341471b5d54f87869aaa8835f56f
SHA256 3643299d66ebc0589cc9501186d2d0bdd155794644bf872155efea99f0529508
SHA512 95c86bef3d37a21e32a603ea7c5eec05e53da78d0dd6b66b74b2aef6c05502cf2fefb42cf7a43b774153023269189d4400848cbfa35dde224c872d2242ea14ca

C:\Windows\system\qnQGqxg.exe

MD5 71ebdbc0487d1d446b3af0fbbc0b6086
SHA1 f4778d3d7957128fdee47e77ab226d55e351d296
SHA256 a5179f562e35a3237908f2f513185b8ed23e065bc10340ab6dadb0e785f7dbcf
SHA512 38986fede37b9e9715a08b838bc90a4a240b4dc85d5f72cc19fca38d724e098f546ad8d886f5debe1467e65a730e4be55104ee3ee9a59540d57e4111e8923718

C:\Windows\system\rDYtype.exe

MD5 f07e8423d3164c7b4551c410fdb6fc37
SHA1 cb340d4d9ce934dd9538e84d1f99b08acd0d30ad
SHA256 34baed01bb4416743d882c265c95ba85c16f84e191a0a29a3ab029fec5b9b519
SHA512 e6d45edb09a1b8fb8642fe9f53173bc0d219cbcf949cbea1b970727990991486d9ce8637719494d7529d636bef8bc4efcdb74e6c8fe7c4c34e3c9965927ef8a9

memory/2208-903-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2632-911-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2208-910-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2984-909-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2208-908-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2392-907-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2208-906-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/1588-902-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2956-905-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2208-900-0x000000013F8E0000-0x000000013FC34000-memory.dmp

C:\Windows\system\wFeQodn.exe

MD5 3596ae38e3269f50c8d0a1656214fe4c
SHA1 8648ca259f04540a8ff2819ac928a3a269f8586f
SHA256 2beed42c524c49a998c9dbf14142856726a26abc5329d5d96c264e98510e0316
SHA512 30773907a9e6f7c1c095c8bb635fe1c2d4ffce954219216f53757ffa8a7fe6e8bcac290a859c266a0ac202d5b15463b25166ac5dfd13af86c7387d9dd01dc886

C:\Windows\system\AqMPxVR.exe

MD5 784bfd9d6abc6d10aa9f7e65eae91e9f
SHA1 60712cbfe2431e604e5f9ec0f9f4d160e6951026
SHA256 049936f283cfea5275253140078433e02c1040dbe91612fe644ed4f43d0a5739
SHA512 2fca02e214964c4c91fdd5841a5395fea1df244483d8e43973a5410ee693d2a7bbedb99b5878add19d081d87d600d196da23026f3484b1736916ef38963f20df

C:\Windows\system\LZNWvuQ.exe

MD5 0830ae3c181df4a16ca1eb46b10b9131
SHA1 50ea6babebf857222bc08e52c583728cdda97b61
SHA256 0b78d1d94919d3b776a9770d5986014eec4bbe96005a7d9c0085d10deb1b1690
SHA512 1c1da6299e021f617af101481b4a3176d885e26bc3d9ea258d374eddd9b4b3fb8ab765fec1cea4bbf428833da92279bb856c212e36e706286e189dcac1019c7a

C:\Windows\system\DXnDUYn.exe

MD5 381543c003fb560a54c744ac968f7f34
SHA1 bef1c7d497fc0123360349fa4c4329fd0b50bf94
SHA256 af254c7c7d95851b24b381534e053930d7e349458940ae13cd6090689c8ce50e
SHA512 91a0bd7e5aef8b631b67a0c0f94e399b948da44daf6feafc581de5495186133ef7706a39884062c65fe3ed1ad80ea1d0213224ebc6b6bce5f745321563685db4

C:\Windows\system\WTKEPrq.exe

MD5 d8fa928b71fc40e9f91112df09c3a490
SHA1 a0b5405a8f4401869f70d4bf54dc6a1e177f55a3
SHA256 b78ab0de89b0cc8ee38962a476cbc108b25f7f88e5f849773f8868afa263f4b3
SHA512 713f22e68bbf392110dad6d486049c216a22faf73256d814e78c0d95cac9f7192c07368053f50c2d6566770ad6968cfc947c879df25f17b85ce127e2728c12e4

C:\Windows\system\CGtxVSR.exe

MD5 735c2ffe2168ea41e35c46da448e03d6
SHA1 15f7872efb2c005eba323d2b39cf7577b17b4acc
SHA256 8c986ecc0c9dc09d4bb4100e6ca9e3ff96bd157a49a16b9884a3e4831320ea31
SHA512 87d33db5f6b48e1cf65f1fbd541fa2705890c46e8d067dacce9dd7844d90782ac1fd3be1e69f63e281787c689a163645875336242228cd070f6dd18352262d56

C:\Windows\system\Ilwndzc.exe

MD5 f84ce2070790c4f60625cb8f46d7b658
SHA1 ce8adc1c0e6f13a43e96c0b2e9f80d2cbb8f92e4
SHA256 dc6e13e4b0d0dcb07ac4033e295f452a255f05190f083a4e31da43a7e50b95a0
SHA512 8aa823c823a6990b24bd46650458d9a92e39748c8b529f0db08c838f65c684b7221a7069ff11db637e74b2dfb41fdb8834f683be82294df36c5540847340e380

C:\Windows\system\GNwVznQ.exe

MD5 7b2e1d05eeb9412cf3785c9d0e5c37bf
SHA1 1961440b03a6d116139061df400c529703705f6b
SHA256 b8970a5d5c8593464048424264424054bd80e460c12497b183774f5922ffa257
SHA512 e47f8b556ae52f051a18201b2becd2630edaaaba3673dc0f064fcfb506e85129e19c81760b2f10f89a555d2603bb47e53a0fe32279d514f1533c693aa0202e26

C:\Windows\system\hmctvSu.exe

MD5 0457a1d3d8b6978bbf15b3277d7e3f56
SHA1 f1977f02d1b45cf5d11b3d439c3db449be1b00ab
SHA256 cb70a4e6d6b835431e3a9b0f9103caa70f7cb2ac478232e7578af740186221c8
SHA512 1a15c268134d8431b55bbe60779b58952c069e98dbaf076b23d398e9a3d1bcf695a10b87fcbb102c970641bdfcd9a9da2def41955122f0d8c892557231ebce66

C:\Windows\system\gNUcbfx.exe

MD5 a06424feafcfe55bb0f6de8f19f3e691
SHA1 e971e25f727f85679e700b5433096e6faa03b3de
SHA256 b39f785b0664a755187b75b86f7fb38dc0f311a9910d37a08684059a62148f92
SHA512 7385cf5ccd3f7f8caa7c4670a21ee85294f80ecae6025f67f2c36000fdb75dfd5287f74107dde448841cb5e20caf02d3155c76e110187bba491c74f6a970e3ed

C:\Windows\system\OtWxasP.exe

MD5 87fb8395560ad603c1a89ea74993bf7f
SHA1 7c9d9eca2650cbe23ee71efbd8a3d45cfdbc871c
SHA256 b95c18c9f40b2712f524d7398a53b265bb47c43f14d3185a8bd0f065e248b9a7
SHA512 50fef3fc4a2515c788d6ec8825b296fd50a3bc0b9665cb4c0fa4a67b9b9089d837a492fb9493ef4e46f7c14bf9bfdef00fe096455e34b72bf0243843c117567a

memory/2208-914-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2696-913-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2208-912-0x00000000020F0000-0x0000000002444000-memory.dmp

C:\Windows\system\ZJpIruA.exe

MD5 ac1dc3772661cefcad164b60f202708b
SHA1 57fca8880254df7ea4c9d5b2ffaca579080d14e7
SHA256 eaef312c7f5011fb53430352093c9443d3db56d0ef648654c155a795af021bcb
SHA512 52975252e7a3bab6f8abc1da1588a3185f114a9b055618ce9ba2e8ea57c92dc4fbb7471e0bd75b34a8e63d4dd04304771b80a6d6fc5d21f95c6689ed81c3377b

C:\Windows\system\uMdknbV.exe

MD5 5ee705630221f722a04723cdfe258cc5
SHA1 be528e775bc58a2bf3c41bbfd6c2cfd35d61f073
SHA256 b09701980b74bf6e092c6582da90d3bf566bb838e908e66672cf9c884257acc4
SHA512 35313bded65b95e20ba8fac472ab2f02135ccd55fc99ce0de293313c19d8dad09fd73712fd1f4c57995906256607b4122f90dd29f8ec10e4803f9c3e05d705be

C:\Windows\system\aPNKjQV.exe

MD5 9b3d33111058e6ecc3421e3ff0dfa165
SHA1 117e684371db36858311f0bf6539a09d63da0af9
SHA256 a8414880e73849331a6cf482ea68aff6da4d849f6263e45361743ae5e9f0bb8a
SHA512 bf03d0ea7ad08834c081c25e2cba1935bb4f519149519fdd4a685e5eebb8d8311077715a1b4bd672668958cddd7862141ca334b5f37f1a5520884fc512515c7a

C:\Windows\system\lWynXwB.exe

MD5 ba4fcf236cff8124533df6d98fee8bdc
SHA1 733e8e02cefb0a4b81d4f46bc3778fa9a2bab8f2
SHA256 b9f4117bf45a8cca678a8bb7a138be80fc81a00bc2ed119b184a68487158caf6
SHA512 d0c15fb8b7be89c27a47be341039c07693f0caa81e73c895cb07359c1d25f5af33f50f14bddb172255182d8715cc00b8a49c86842f4f0ae9fd0367f0e8f9692f

C:\Windows\system\tIODCsn.exe

MD5 17630512f1950e393e9510cd75e780a6
SHA1 b12d1bbde0dbdd2f7c01865264a772a8f3a06bbd
SHA256 e99aa462c993acc7952d71a0f9a6ea6dd985516215d304edca9a19b96c0ebfd0
SHA512 d930074f9d8eb62b89256cf45a39e85f81053bfba0ec15c76642daf5172c8c217a6713307803976f45226f946b555906f5a8a7707285bb222281ca0e7915f19d

C:\Windows\system\gBzjWZc.exe

MD5 c3856a42934043048772328815e83403
SHA1 4342431affea61761e0429441d8997754fbd1cd7
SHA256 7959ad75bcb93391de63dd041101390fce53d223937732cc562421c731207685
SHA512 919f00d334a566ad2f79120238dcad7709d953de56302992dd90ad1d63b6f9d0d09c1402c91a27bf2ef9f4f0278dbf879fde48d0faea2bea87552f6c864a82da

C:\Windows\system\Vwlvkjo.exe

MD5 e63a9f040af8b79ea27810a2da5964ba
SHA1 d2394e204d8ee6b9e8476e6d4a9f949da78504fa
SHA256 b5cfe814cc495bfe7cdc7e2deb8467eb54328f7850e5cb8b29a6fe6ef35cc443
SHA512 5279cfd62228f6c3adedf1a88272021ec901195d6455c9b4a26620c5e15ca6b5e3ba085d3ee52de9dc3b1f1a3b17c2312fae207c9011f34a8df47e173aa87b7a

C:\Windows\system\qGZSaCT.exe

MD5 58e939f204312ed01017ff51a2dc2b94
SHA1 b776f64ca2910ca3d8e90e239e1cb5147b0e5d9f
SHA256 397cfde12202ba0844ce7ee5da98830725932f353939d46ae92f0ddff0c5ccbe
SHA512 8d301ee524b56685681caf219a1a3b8623c376a4a6f8d15b45b534927bc58a788261643b37c95886f68e0cb1a091be9b0a4a0f09910a390391051e7448e05106

C:\Windows\system\dpmWkYz.exe

MD5 13eb1c6af068ec41c49114c4bfeca9c4
SHA1 6988c791742bc6376fbb94a279ea8807ef9fd0e4
SHA256 c0ca34151e96b6fd697b7cc3d5cbbb20c5da8de3bb79e09566a2dd91d337b296
SHA512 260e3342240fa4abe3c915d6b5372d33124be0c00a896b96191a670a20cbcf6fef84c26d0ee5ed6c1f03db53ef7c62d6f816da986a735135bac76bc7ea3c4461

C:\Windows\system\eijzzjT.exe

MD5 82a35c4e2c99bca7aedc4c80714e5cae
SHA1 4ebfe617fb525660f25264d0eefa45da2c76a98c
SHA256 1fcf586bdc770f1b982dcc06e0b4f7f838aad9054b2503b6a7d275d11f5924fc
SHA512 20ee9df02c573208d5b681c2e2770424df488b5c01d9372a25188de7da827c02a99c442028e653937f7e77173cdf9e814e5fd214a98e503e2e9652e12e9e13d5

C:\Windows\system\ogYLQop.exe

MD5 7a1bd5d9649b0604473e3e8b263b6b6a
SHA1 ade9b6382ec1ebab9a6e669dee9078d2b2a572eb
SHA256 f413c2d13443ac10d6d0f1b4b3d6e2bf210236b42fac6d4ee6df060161c05307
SHA512 5ebfd089fb6e14cb6a2592361b893f64766b16f71eea85e4c58da6c8212390577e8c410545d9949a486dc76b2730ec7a6d38aaf8057cad95149fb1399a6b10cf

memory/2208-916-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2596-915-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2208-922-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2712-921-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2208-920-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2272-919-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2208-918-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2724-917-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2068-929-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2208-928-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2496-927-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2208-926-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2656-925-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2208-924-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2664-923-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2208-1069-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2208-1070-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1071-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2208-1072-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1073-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1074-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1075-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2208-1076-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1078-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1077-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2208-1083-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1084-0x000000013F190000-0x000000013F4E4000-memory.dmp

memory/2208-1082-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2208-1081-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2208-1080-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2208-1079-0x00000000020F0000-0x0000000002444000-memory.dmp

memory/2068-1087-0x000000013FB20000-0x000000013FE74000-memory.dmp

memory/2956-1085-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/1588-1086-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2392-1088-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2596-1092-0x000000013F540000-0x000000013F894000-memory.dmp

memory/2984-1091-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2632-1090-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2696-1089-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2724-1093-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2272-1094-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2712-1095-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2664-1096-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2496-1098-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2656-1097-0x000000013F580000-0x000000013F8D4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 23:38

Reported

2024-06-25 23:40

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ASAROsm.exe N/A
N/A N/A C:\Windows\System\GEbHppf.exe N/A
N/A N/A C:\Windows\System\ErnZfyi.exe N/A
N/A N/A C:\Windows\System\LAeGFHQ.exe N/A
N/A N/A C:\Windows\System\ogYLQop.exe N/A
N/A N/A C:\Windows\System\eijzzjT.exe N/A
N/A N/A C:\Windows\System\dpmWkYz.exe N/A
N/A N/A C:\Windows\System\qGZSaCT.exe N/A
N/A N/A C:\Windows\System\fQAhmkB.exe N/A
N/A N/A C:\Windows\System\Vwlvkjo.exe N/A
N/A N/A C:\Windows\System\gBzjWZc.exe N/A
N/A N/A C:\Windows\System\tIODCsn.exe N/A
N/A N/A C:\Windows\System\lWynXwB.exe N/A
N/A N/A C:\Windows\System\FiFdXhH.exe N/A
N/A N/A C:\Windows\System\aPNKjQV.exe N/A
N/A N/A C:\Windows\System\LHlXjiR.exe N/A
N/A N/A C:\Windows\System\uMdknbV.exe N/A
N/A N/A C:\Windows\System\ZJpIruA.exe N/A
N/A N/A C:\Windows\System\OtWxasP.exe N/A
N/A N/A C:\Windows\System\gNUcbfx.exe N/A
N/A N/A C:\Windows\System\Ilwndzc.exe N/A
N/A N/A C:\Windows\System\HuIbqTB.exe N/A
N/A N/A C:\Windows\System\hmctvSu.exe N/A
N/A N/A C:\Windows\System\qnQGqxg.exe N/A
N/A N/A C:\Windows\System\GNwVznQ.exe N/A
N/A N/A C:\Windows\System\WTKEPrq.exe N/A
N/A N/A C:\Windows\System\CGtxVSR.exe N/A
N/A N/A C:\Windows\System\LZNWvuQ.exe N/A
N/A N/A C:\Windows\System\DXnDUYn.exe N/A
N/A N/A C:\Windows\System\AqMPxVR.exe N/A
N/A N/A C:\Windows\System\wFeQodn.exe N/A
N/A N/A C:\Windows\System\rDYtype.exe N/A
N/A N/A C:\Windows\System\gJxTFsd.exe N/A
N/A N/A C:\Windows\System\ZkzQsTD.exe N/A
N/A N/A C:\Windows\System\aguUVfB.exe N/A
N/A N/A C:\Windows\System\kHjLbUf.exe N/A
N/A N/A C:\Windows\System\KuOAUCB.exe N/A
N/A N/A C:\Windows\System\NkHRSlw.exe N/A
N/A N/A C:\Windows\System\ZynwrQB.exe N/A
N/A N/A C:\Windows\System\CIPhZbu.exe N/A
N/A N/A C:\Windows\System\qVsUAJr.exe N/A
N/A N/A C:\Windows\System\uFAODuG.exe N/A
N/A N/A C:\Windows\System\DBwZygY.exe N/A
N/A N/A C:\Windows\System\TpKvQhK.exe N/A
N/A N/A C:\Windows\System\nzBpZNm.exe N/A
N/A N/A C:\Windows\System\gtyAOpU.exe N/A
N/A N/A C:\Windows\System\zEcsOYA.exe N/A
N/A N/A C:\Windows\System\nKGKUBa.exe N/A
N/A N/A C:\Windows\System\fDeiSME.exe N/A
N/A N/A C:\Windows\System\RUdnogZ.exe N/A
N/A N/A C:\Windows\System\sPksAXc.exe N/A
N/A N/A C:\Windows\System\VtIHsQk.exe N/A
N/A N/A C:\Windows\System\qMRobTu.exe N/A
N/A N/A C:\Windows\System\kKscTPU.exe N/A
N/A N/A C:\Windows\System\VbIwvYz.exe N/A
N/A N/A C:\Windows\System\JymlvFY.exe N/A
N/A N/A C:\Windows\System\ilJHFID.exe N/A
N/A N/A C:\Windows\System\zkKhgEV.exe N/A
N/A N/A C:\Windows\System\taHIWdC.exe N/A
N/A N/A C:\Windows\System\mldltbz.exe N/A
N/A N/A C:\Windows\System\xehIfAR.exe N/A
N/A N/A C:\Windows\System\iCjKCuN.exe N/A
N/A N/A C:\Windows\System\DXNuCCH.exe N/A
N/A N/A C:\Windows\System\RTLGaqt.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FiFdXhH.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDUVHjV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSukmfA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhvvvTJ.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWynXwB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JymlvFY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHoSbAe.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ISYMSjo.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\okfIdsR.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sToiEXU.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gEjuSAk.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qvJLYpN.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeEVDLA.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxcaTrf.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGXXkjZ.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qPtjHxE.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQVlljD.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XrAhPjV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGZSaCT.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtyAOpU.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSfUJdr.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzPfbco.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcIrXwY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWbNpTV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMjJSVe.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWGuKnt.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\NTkXxod.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ayxlsDc.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\aEcoQRY.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpDPtjC.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\mrRNrmz.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLEOWpB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHpZEOR.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHhnNgS.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkzQsTD.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\DhNeEQj.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyOVspN.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxBtbYl.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\pddbHMT.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZNWvuQ.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEQfTdG.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\drVksjO.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XETbTSV.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdzQyzd.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdMdGgW.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLBHvdE.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\rDYtype.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoYUtAk.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgsMSGr.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxokQeM.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xnOFTkq.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XUFguer.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RAzJFxN.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UuNKfNr.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWwFQGh.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\riZeYbG.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVvUTkS.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMhyvuc.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLipDMW.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSsDExC.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgIstiK.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZynwrQB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\msDCcIB.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A
File created C:\Windows\System\GuXexUe.exe C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1500 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ASAROsm.exe
PID 1500 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ASAROsm.exe
PID 1500 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GEbHppf.exe
PID 1500 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GEbHppf.exe
PID 1500 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ErnZfyi.exe
PID 1500 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ErnZfyi.exe
PID 1500 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LAeGFHQ.exe
PID 1500 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LAeGFHQ.exe
PID 1500 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ogYLQop.exe
PID 1500 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ogYLQop.exe
PID 1500 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\eijzzjT.exe
PID 1500 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\eijzzjT.exe
PID 1500 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\dpmWkYz.exe
PID 1500 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\dpmWkYz.exe
PID 1500 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qGZSaCT.exe
PID 1500 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qGZSaCT.exe
PID 1500 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\fQAhmkB.exe
PID 1500 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\fQAhmkB.exe
PID 1500 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Vwlvkjo.exe
PID 1500 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Vwlvkjo.exe
PID 1500 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gBzjWZc.exe
PID 1500 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gBzjWZc.exe
PID 1500 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\tIODCsn.exe
PID 1500 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\tIODCsn.exe
PID 1500 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\lWynXwB.exe
PID 1500 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\lWynXwB.exe
PID 1500 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\FiFdXhH.exe
PID 1500 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\FiFdXhH.exe
PID 1500 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\aPNKjQV.exe
PID 1500 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\aPNKjQV.exe
PID 1500 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LHlXjiR.exe
PID 1500 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LHlXjiR.exe
PID 1500 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\uMdknbV.exe
PID 1500 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\uMdknbV.exe
PID 1500 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\HuIbqTB.exe
PID 1500 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\HuIbqTB.exe
PID 1500 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ZJpIruA.exe
PID 1500 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\ZJpIruA.exe
PID 1500 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\OtWxasP.exe
PID 1500 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\OtWxasP.exe
PID 1500 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gNUcbfx.exe
PID 1500 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\gNUcbfx.exe
PID 1500 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Ilwndzc.exe
PID 1500 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\Ilwndzc.exe
PID 1500 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\hmctvSu.exe
PID 1500 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\hmctvSu.exe
PID 1500 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qnQGqxg.exe
PID 1500 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\qnQGqxg.exe
PID 1500 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GNwVznQ.exe
PID 1500 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\GNwVznQ.exe
PID 1500 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\WTKEPrq.exe
PID 1500 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\WTKEPrq.exe
PID 1500 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\CGtxVSR.exe
PID 1500 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\CGtxVSR.exe
PID 1500 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LZNWvuQ.exe
PID 1500 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\LZNWvuQ.exe
PID 1500 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\DXnDUYn.exe
PID 1500 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\DXnDUYn.exe
PID 1500 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\AqMPxVR.exe
PID 1500 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\AqMPxVR.exe
PID 1500 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\wFeQodn.exe
PID 1500 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\wFeQodn.exe
PID 1500 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\rDYtype.exe
PID 1500 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe C:\Windows\System\rDYtype.exe

Processes

C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\24d83f84e5edcb120fc06e778f54d976df33ea90b6dfde71fdb5c01e171022f1_NeikiAnalytics.exe"

C:\Windows\System\ASAROsm.exe

C:\Windows\System\ASAROsm.exe

C:\Windows\System\GEbHppf.exe

C:\Windows\System\GEbHppf.exe

C:\Windows\System\ErnZfyi.exe

C:\Windows\System\ErnZfyi.exe

C:\Windows\System\LAeGFHQ.exe

C:\Windows\System\LAeGFHQ.exe

C:\Windows\System\ogYLQop.exe

C:\Windows\System\ogYLQop.exe

C:\Windows\System\eijzzjT.exe

C:\Windows\System\eijzzjT.exe

C:\Windows\System\dpmWkYz.exe

C:\Windows\System\dpmWkYz.exe

C:\Windows\System\qGZSaCT.exe

C:\Windows\System\qGZSaCT.exe

C:\Windows\System\fQAhmkB.exe

C:\Windows\System\fQAhmkB.exe

C:\Windows\System\Vwlvkjo.exe

C:\Windows\System\Vwlvkjo.exe

C:\Windows\System\gBzjWZc.exe

C:\Windows\System\gBzjWZc.exe

C:\Windows\System\tIODCsn.exe

C:\Windows\System\tIODCsn.exe

C:\Windows\System\lWynXwB.exe

C:\Windows\System\lWynXwB.exe

C:\Windows\System\FiFdXhH.exe

C:\Windows\System\FiFdXhH.exe

C:\Windows\System\aPNKjQV.exe

C:\Windows\System\aPNKjQV.exe

C:\Windows\System\LHlXjiR.exe

C:\Windows\System\LHlXjiR.exe

C:\Windows\System\uMdknbV.exe

C:\Windows\System\uMdknbV.exe

C:\Windows\System\HuIbqTB.exe

C:\Windows\System\HuIbqTB.exe

C:\Windows\System\ZJpIruA.exe

C:\Windows\System\ZJpIruA.exe

C:\Windows\System\OtWxasP.exe

C:\Windows\System\OtWxasP.exe

C:\Windows\System\gNUcbfx.exe

C:\Windows\System\gNUcbfx.exe

C:\Windows\System\Ilwndzc.exe

C:\Windows\System\Ilwndzc.exe

C:\Windows\System\hmctvSu.exe

C:\Windows\System\hmctvSu.exe

C:\Windows\System\qnQGqxg.exe

C:\Windows\System\qnQGqxg.exe

C:\Windows\System\GNwVznQ.exe

C:\Windows\System\GNwVznQ.exe

C:\Windows\System\WTKEPrq.exe

C:\Windows\System\WTKEPrq.exe

C:\Windows\System\CGtxVSR.exe

C:\Windows\System\CGtxVSR.exe

C:\Windows\System\LZNWvuQ.exe

C:\Windows\System\LZNWvuQ.exe

C:\Windows\System\DXnDUYn.exe

C:\Windows\System\DXnDUYn.exe

C:\Windows\System\AqMPxVR.exe

C:\Windows\System\AqMPxVR.exe

C:\Windows\System\wFeQodn.exe

C:\Windows\System\wFeQodn.exe

C:\Windows\System\rDYtype.exe

C:\Windows\System\rDYtype.exe

C:\Windows\System\gJxTFsd.exe

C:\Windows\System\gJxTFsd.exe

C:\Windows\System\ZkzQsTD.exe

C:\Windows\System\ZkzQsTD.exe

C:\Windows\System\aguUVfB.exe

C:\Windows\System\aguUVfB.exe

C:\Windows\System\kHjLbUf.exe

C:\Windows\System\kHjLbUf.exe

C:\Windows\System\KuOAUCB.exe

C:\Windows\System\KuOAUCB.exe

C:\Windows\System\NkHRSlw.exe

C:\Windows\System\NkHRSlw.exe

C:\Windows\System\ZynwrQB.exe

C:\Windows\System\ZynwrQB.exe

C:\Windows\System\CIPhZbu.exe

C:\Windows\System\CIPhZbu.exe

C:\Windows\System\qVsUAJr.exe

C:\Windows\System\qVsUAJr.exe

C:\Windows\System\uFAODuG.exe

C:\Windows\System\uFAODuG.exe

C:\Windows\System\DBwZygY.exe

C:\Windows\System\DBwZygY.exe

C:\Windows\System\TpKvQhK.exe

C:\Windows\System\TpKvQhK.exe

C:\Windows\System\nzBpZNm.exe

C:\Windows\System\nzBpZNm.exe

C:\Windows\System\gtyAOpU.exe

C:\Windows\System\gtyAOpU.exe

C:\Windows\System\zEcsOYA.exe

C:\Windows\System\zEcsOYA.exe

C:\Windows\System\nKGKUBa.exe

C:\Windows\System\nKGKUBa.exe

C:\Windows\System\fDeiSME.exe

C:\Windows\System\fDeiSME.exe

C:\Windows\System\RUdnogZ.exe

C:\Windows\System\RUdnogZ.exe

C:\Windows\System\sPksAXc.exe

C:\Windows\System\sPksAXc.exe

C:\Windows\System\VtIHsQk.exe

C:\Windows\System\VtIHsQk.exe

C:\Windows\System\qMRobTu.exe

C:\Windows\System\qMRobTu.exe

C:\Windows\System\kKscTPU.exe

C:\Windows\System\kKscTPU.exe

C:\Windows\System\VbIwvYz.exe

C:\Windows\System\VbIwvYz.exe

C:\Windows\System\JymlvFY.exe

C:\Windows\System\JymlvFY.exe

C:\Windows\System\ilJHFID.exe

C:\Windows\System\ilJHFID.exe

C:\Windows\System\zkKhgEV.exe

C:\Windows\System\zkKhgEV.exe

C:\Windows\System\taHIWdC.exe

C:\Windows\System\taHIWdC.exe

C:\Windows\System\mldltbz.exe

C:\Windows\System\mldltbz.exe

C:\Windows\System\xehIfAR.exe

C:\Windows\System\xehIfAR.exe

C:\Windows\System\iCjKCuN.exe

C:\Windows\System\iCjKCuN.exe

C:\Windows\System\DXNuCCH.exe

C:\Windows\System\DXNuCCH.exe

C:\Windows\System\RTLGaqt.exe

C:\Windows\System\RTLGaqt.exe

C:\Windows\System\zUThBvl.exe

C:\Windows\System\zUThBvl.exe

C:\Windows\System\HHpZEOR.exe

C:\Windows\System\HHpZEOR.exe

C:\Windows\System\lgRosyC.exe

C:\Windows\System\lgRosyC.exe

C:\Windows\System\ELZNgUc.exe

C:\Windows\System\ELZNgUc.exe

C:\Windows\System\qvJLYpN.exe

C:\Windows\System\qvJLYpN.exe

C:\Windows\System\GGkrJMi.exe

C:\Windows\System\GGkrJMi.exe

C:\Windows\System\giRbovb.exe

C:\Windows\System\giRbovb.exe

C:\Windows\System\UbEnzkF.exe

C:\Windows\System\UbEnzkF.exe

C:\Windows\System\hZGOTPI.exe

C:\Windows\System\hZGOTPI.exe

C:\Windows\System\AAWZLlC.exe

C:\Windows\System\AAWZLlC.exe

C:\Windows\System\dRGekPl.exe

C:\Windows\System\dRGekPl.exe

C:\Windows\System\HiqTAdl.exe

C:\Windows\System\HiqTAdl.exe

C:\Windows\System\JEQfTdG.exe

C:\Windows\System\JEQfTdG.exe

C:\Windows\System\LzNxaFk.exe

C:\Windows\System\LzNxaFk.exe

C:\Windows\System\OpGafWL.exe

C:\Windows\System\OpGafWL.exe

C:\Windows\System\dBzZHjG.exe

C:\Windows\System\dBzZHjG.exe

C:\Windows\System\WZSeYaC.exe

C:\Windows\System\WZSeYaC.exe

C:\Windows\System\izFqbUK.exe

C:\Windows\System\izFqbUK.exe

C:\Windows\System\msDCcIB.exe

C:\Windows\System\msDCcIB.exe

C:\Windows\System\mQcksEt.exe

C:\Windows\System\mQcksEt.exe

C:\Windows\System\qDDdoCv.exe

C:\Windows\System\qDDdoCv.exe

C:\Windows\System\FrcVcZI.exe

C:\Windows\System\FrcVcZI.exe

C:\Windows\System\tutpBnu.exe

C:\Windows\System\tutpBnu.exe

C:\Windows\System\NwFEQTF.exe

C:\Windows\System\NwFEQTF.exe

C:\Windows\System\WRGhqXe.exe

C:\Windows\System\WRGhqXe.exe

C:\Windows\System\XITAAqg.exe

C:\Windows\System\XITAAqg.exe

C:\Windows\System\IXLFOUb.exe

C:\Windows\System\IXLFOUb.exe

C:\Windows\System\iKDBIkW.exe

C:\Windows\System\iKDBIkW.exe

C:\Windows\System\QpDPtjC.exe

C:\Windows\System\QpDPtjC.exe

C:\Windows\System\Drjamji.exe

C:\Windows\System\Drjamji.exe

C:\Windows\System\QFVNtPz.exe

C:\Windows\System\QFVNtPz.exe

C:\Windows\System\mRfrWgJ.exe

C:\Windows\System\mRfrWgJ.exe

C:\Windows\System\ONVJReW.exe

C:\Windows\System\ONVJReW.exe

C:\Windows\System\izcqZIN.exe

C:\Windows\System\izcqZIN.exe

C:\Windows\System\gfOnQcl.exe

C:\Windows\System\gfOnQcl.exe

C:\Windows\System\hRYFmAf.exe

C:\Windows\System\hRYFmAf.exe

C:\Windows\System\OaAeXlz.exe

C:\Windows\System\OaAeXlz.exe

C:\Windows\System\wOqHZtZ.exe

C:\Windows\System\wOqHZtZ.exe

C:\Windows\System\BLumtlG.exe

C:\Windows\System\BLumtlG.exe

C:\Windows\System\IAMVHyQ.exe

C:\Windows\System\IAMVHyQ.exe

C:\Windows\System\WyHybZj.exe

C:\Windows\System\WyHybZj.exe

C:\Windows\System\bWbNpTV.exe

C:\Windows\System\bWbNpTV.exe

C:\Windows\System\WeEVDLA.exe

C:\Windows\System\WeEVDLA.exe

C:\Windows\System\mTWLsPx.exe

C:\Windows\System\mTWLsPx.exe

C:\Windows\System\XUFguer.exe

C:\Windows\System\XUFguer.exe

C:\Windows\System\TLOYmSa.exe

C:\Windows\System\TLOYmSa.exe

C:\Windows\System\KleqKtV.exe

C:\Windows\System\KleqKtV.exe

C:\Windows\System\pxBtbYl.exe

C:\Windows\System\pxBtbYl.exe

C:\Windows\System\SOYafKY.exe

C:\Windows\System\SOYafKY.exe

C:\Windows\System\svISyIC.exe

C:\Windows\System\svISyIC.exe

C:\Windows\System\FdxKmhZ.exe

C:\Windows\System\FdxKmhZ.exe

C:\Windows\System\BDUVHjV.exe

C:\Windows\System\BDUVHjV.exe

C:\Windows\System\XHoSbAe.exe

C:\Windows\System\XHoSbAe.exe

C:\Windows\System\fiVJPgY.exe

C:\Windows\System\fiVJPgY.exe

C:\Windows\System\CbVpoDz.exe

C:\Windows\System\CbVpoDz.exe

C:\Windows\System\BPduero.exe

C:\Windows\System\BPduero.exe

C:\Windows\System\sFbYqNd.exe

C:\Windows\System\sFbYqNd.exe

C:\Windows\System\unEatZM.exe

C:\Windows\System\unEatZM.exe

C:\Windows\System\JpKfrZm.exe

C:\Windows\System\JpKfrZm.exe

C:\Windows\System\PSQoUKi.exe

C:\Windows\System\PSQoUKi.exe

C:\Windows\System\mzwoOfo.exe

C:\Windows\System\mzwoOfo.exe

C:\Windows\System\bziGFZr.exe

C:\Windows\System\bziGFZr.exe

C:\Windows\System\axFmXAy.exe

C:\Windows\System\axFmXAy.exe

C:\Windows\System\GuXexUe.exe

C:\Windows\System\GuXexUe.exe

C:\Windows\System\ZHRqxkx.exe

C:\Windows\System\ZHRqxkx.exe

C:\Windows\System\JZYymAn.exe

C:\Windows\System\JZYymAn.exe

C:\Windows\System\riZeYbG.exe

C:\Windows\System\riZeYbG.exe

C:\Windows\System\kfLWAoL.exe

C:\Windows\System\kfLWAoL.exe

C:\Windows\System\tUEHimN.exe

C:\Windows\System\tUEHimN.exe

C:\Windows\System\drVksjO.exe

C:\Windows\System\drVksjO.exe

C:\Windows\System\RAzJFxN.exe

C:\Windows\System\RAzJFxN.exe

C:\Windows\System\fGEayjO.exe

C:\Windows\System\fGEayjO.exe

C:\Windows\System\yqxQMHw.exe

C:\Windows\System\yqxQMHw.exe

C:\Windows\System\HuaeJUg.exe

C:\Windows\System\HuaeJUg.exe

C:\Windows\System\OSfUJdr.exe

C:\Windows\System\OSfUJdr.exe

C:\Windows\System\QUOYHAJ.exe

C:\Windows\System\QUOYHAJ.exe

C:\Windows\System\xMjJSVe.exe

C:\Windows\System\xMjJSVe.exe

C:\Windows\System\bdAFFbn.exe

C:\Windows\System\bdAFFbn.exe

C:\Windows\System\kbNOjNa.exe

C:\Windows\System\kbNOjNa.exe

C:\Windows\System\tqqKVUf.exe

C:\Windows\System\tqqKVUf.exe

C:\Windows\System\oRallTR.exe

C:\Windows\System\oRallTR.exe

C:\Windows\System\UVvUTkS.exe

C:\Windows\System\UVvUTkS.exe

C:\Windows\System\XETbTSV.exe

C:\Windows\System\XETbTSV.exe

C:\Windows\System\ZQjVoXw.exe

C:\Windows\System\ZQjVoXw.exe

C:\Windows\System\VILgXpI.exe

C:\Windows\System\VILgXpI.exe

C:\Windows\System\IVacsJf.exe

C:\Windows\System\IVacsJf.exe

C:\Windows\System\AGnboWK.exe

C:\Windows\System\AGnboWK.exe

C:\Windows\System\RYvQVJV.exe

C:\Windows\System\RYvQVJV.exe

C:\Windows\System\Qmvamdm.exe

C:\Windows\System\Qmvamdm.exe

C:\Windows\System\Ewirtty.exe

C:\Windows\System\Ewirtty.exe

C:\Windows\System\TDwRBmk.exe

C:\Windows\System\TDwRBmk.exe

C:\Windows\System\hnqWVBB.exe

C:\Windows\System\hnqWVBB.exe

C:\Windows\System\ReQSWbK.exe

C:\Windows\System\ReQSWbK.exe

C:\Windows\System\RMhyvuc.exe

C:\Windows\System\RMhyvuc.exe

C:\Windows\System\rdzQyzd.exe

C:\Windows\System\rdzQyzd.exe

C:\Windows\System\dyQoYUE.exe

C:\Windows\System\dyQoYUE.exe

C:\Windows\System\fSGMBpR.exe

C:\Windows\System\fSGMBpR.exe

C:\Windows\System\ksaKoSe.exe

C:\Windows\System\ksaKoSe.exe

C:\Windows\System\qohFdhc.exe

C:\Windows\System\qohFdhc.exe

C:\Windows\System\ISYMSjo.exe

C:\Windows\System\ISYMSjo.exe

C:\Windows\System\PpQcFMY.exe

C:\Windows\System\PpQcFMY.exe

C:\Windows\System\xQdeoEk.exe

C:\Windows\System\xQdeoEk.exe

C:\Windows\System\DoYUtAk.exe

C:\Windows\System\DoYUtAk.exe

C:\Windows\System\fufJvpJ.exe

C:\Windows\System\fufJvpJ.exe

C:\Windows\System\AkdQeLY.exe

C:\Windows\System\AkdQeLY.exe

C:\Windows\System\UBLgqUV.exe

C:\Windows\System\UBLgqUV.exe

C:\Windows\System\hxGNfrf.exe

C:\Windows\System\hxGNfrf.exe

C:\Windows\System\YFVVhEG.exe

C:\Windows\System\YFVVhEG.exe

C:\Windows\System\bzTGmfT.exe

C:\Windows\System\bzTGmfT.exe

C:\Windows\System\tNdZgFe.exe

C:\Windows\System\tNdZgFe.exe

C:\Windows\System\nxcaTrf.exe

C:\Windows\System\nxcaTrf.exe

C:\Windows\System\LblQAwg.exe

C:\Windows\System\LblQAwg.exe

C:\Windows\System\goDYoyh.exe

C:\Windows\System\goDYoyh.exe

C:\Windows\System\rhxPHke.exe

C:\Windows\System\rhxPHke.exe

C:\Windows\System\jNAKnjV.exe

C:\Windows\System\jNAKnjV.exe

C:\Windows\System\rdMdGgW.exe

C:\Windows\System\rdMdGgW.exe

C:\Windows\System\opBHVZC.exe

C:\Windows\System\opBHVZC.exe

C:\Windows\System\GzSmbfB.exe

C:\Windows\System\GzSmbfB.exe

C:\Windows\System\eAizmXY.exe

C:\Windows\System\eAizmXY.exe

C:\Windows\System\lFuecxc.exe

C:\Windows\System\lFuecxc.exe

C:\Windows\System\kyYBAkG.exe

C:\Windows\System\kyYBAkG.exe

C:\Windows\System\CPsTwGs.exe

C:\Windows\System\CPsTwGs.exe

C:\Windows\System\nZDYBBF.exe

C:\Windows\System\nZDYBBF.exe

C:\Windows\System\LLipDMW.exe

C:\Windows\System\LLipDMW.exe

C:\Windows\System\XygfIrX.exe

C:\Windows\System\XygfIrX.exe

C:\Windows\System\GQYWIGy.exe

C:\Windows\System\GQYWIGy.exe

C:\Windows\System\YnNwVna.exe

C:\Windows\System\YnNwVna.exe

C:\Windows\System\AEFwvhT.exe

C:\Windows\System\AEFwvhT.exe

C:\Windows\System\eaLEZnn.exe

C:\Windows\System\eaLEZnn.exe

C:\Windows\System\UuNKfNr.exe

C:\Windows\System\UuNKfNr.exe

C:\Windows\System\aGGPjdR.exe

C:\Windows\System\aGGPjdR.exe

C:\Windows\System\DrpnJiX.exe

C:\Windows\System\DrpnJiX.exe

C:\Windows\System\gUIjcvN.exe

C:\Windows\System\gUIjcvN.exe

C:\Windows\System\yXeivML.exe

C:\Windows\System\yXeivML.exe

C:\Windows\System\EFRkXZA.exe

C:\Windows\System\EFRkXZA.exe

C:\Windows\System\mrRNrmz.exe

C:\Windows\System\mrRNrmz.exe

C:\Windows\System\qIGLiym.exe

C:\Windows\System\qIGLiym.exe

C:\Windows\System\bynHVrF.exe

C:\Windows\System\bynHVrF.exe

C:\Windows\System\nqmNNfw.exe

C:\Windows\System\nqmNNfw.exe

C:\Windows\System\jGBGbxb.exe

C:\Windows\System\jGBGbxb.exe

C:\Windows\System\Cusrbmm.exe

C:\Windows\System\Cusrbmm.exe

C:\Windows\System\vzXTEoT.exe

C:\Windows\System\vzXTEoT.exe

C:\Windows\System\ddlwsTv.exe

C:\Windows\System\ddlwsTv.exe

C:\Windows\System\tBjeJig.exe

C:\Windows\System\tBjeJig.exe

C:\Windows\System\uWGuKnt.exe

C:\Windows\System\uWGuKnt.exe

C:\Windows\System\QOWVJZa.exe

C:\Windows\System\QOWVJZa.exe

C:\Windows\System\NTkXxod.exe

C:\Windows\System\NTkXxod.exe

C:\Windows\System\eoJrXPA.exe

C:\Windows\System\eoJrXPA.exe

C:\Windows\System\MHhnNgS.exe

C:\Windows\System\MHhnNgS.exe

C:\Windows\System\azFAdqr.exe

C:\Windows\System\azFAdqr.exe

C:\Windows\System\hTrdEkR.exe

C:\Windows\System\hTrdEkR.exe

C:\Windows\System\BGXXkjZ.exe

C:\Windows\System\BGXXkjZ.exe

C:\Windows\System\CiQcGWP.exe

C:\Windows\System\CiQcGWP.exe

C:\Windows\System\qNiRAvL.exe

C:\Windows\System\qNiRAvL.exe

C:\Windows\System\fkKwTzN.exe

C:\Windows\System\fkKwTzN.exe

C:\Windows\System\pZQfqMi.exe

C:\Windows\System\pZQfqMi.exe

C:\Windows\System\LgIVxvJ.exe

C:\Windows\System\LgIVxvJ.exe

C:\Windows\System\exPbxMM.exe

C:\Windows\System\exPbxMM.exe

C:\Windows\System\lWwFQGh.exe

C:\Windows\System\lWwFQGh.exe

C:\Windows\System\GQjAqMP.exe

C:\Windows\System\GQjAqMP.exe

C:\Windows\System\DTqNSXy.exe

C:\Windows\System\DTqNSXy.exe

C:\Windows\System\LLyGSPb.exe

C:\Windows\System\LLyGSPb.exe

C:\Windows\System\RwcKhKn.exe

C:\Windows\System\RwcKhKn.exe

C:\Windows\System\KAQoHAb.exe

C:\Windows\System\KAQoHAb.exe

C:\Windows\System\cBZMazu.exe

C:\Windows\System\cBZMazu.exe

C:\Windows\System\KzPfbco.exe

C:\Windows\System\KzPfbco.exe

C:\Windows\System\EiRwsVo.exe

C:\Windows\System\EiRwsVo.exe

C:\Windows\System\jaXzGou.exe

C:\Windows\System\jaXzGou.exe

C:\Windows\System\FGiPmTb.exe

C:\Windows\System\FGiPmTb.exe

C:\Windows\System\jTVeylk.exe

C:\Windows\System\jTVeylk.exe

C:\Windows\System\FuxviDl.exe

C:\Windows\System\FuxviDl.exe

C:\Windows\System\QPcXzmA.exe

C:\Windows\System\QPcXzmA.exe

C:\Windows\System\tsTcxcH.exe

C:\Windows\System\tsTcxcH.exe

C:\Windows\System\ZgsMSGr.exe

C:\Windows\System\ZgsMSGr.exe

C:\Windows\System\DhNeEQj.exe

C:\Windows\System\DhNeEQj.exe

C:\Windows\System\BrruUPn.exe

C:\Windows\System\BrruUPn.exe

C:\Windows\System\tLBHvdE.exe

C:\Windows\System\tLBHvdE.exe

C:\Windows\System\vVfQvhN.exe

C:\Windows\System\vVfQvhN.exe

C:\Windows\System\JLEOWpB.exe

C:\Windows\System\JLEOWpB.exe

C:\Windows\System\zfARSnm.exe

C:\Windows\System\zfARSnm.exe

C:\Windows\System\NZIcuSp.exe

C:\Windows\System\NZIcuSp.exe

C:\Windows\System\jnCxscI.exe

C:\Windows\System\jnCxscI.exe

C:\Windows\System\lkTFItE.exe

C:\Windows\System\lkTFItE.exe

C:\Windows\System\ayxlsDc.exe

C:\Windows\System\ayxlsDc.exe

C:\Windows\System\OKsIOOU.exe

C:\Windows\System\OKsIOOU.exe

C:\Windows\System\qCNeyCj.exe

C:\Windows\System\qCNeyCj.exe

C:\Windows\System\tgWsfNv.exe

C:\Windows\System\tgWsfNv.exe

C:\Windows\System\hcIrXwY.exe

C:\Windows\System\hcIrXwY.exe

C:\Windows\System\CYeVMPa.exe

C:\Windows\System\CYeVMPa.exe

C:\Windows\System\gGKwQNS.exe

C:\Windows\System\gGKwQNS.exe

C:\Windows\System\NlADbgA.exe

C:\Windows\System\NlADbgA.exe

C:\Windows\System\TPseYjP.exe

C:\Windows\System\TPseYjP.exe

C:\Windows\System\pddbHMT.exe

C:\Windows\System\pddbHMT.exe

C:\Windows\System\DMoSaDs.exe

C:\Windows\System\DMoSaDs.exe

C:\Windows\System\NxokQeM.exe

C:\Windows\System\NxokQeM.exe

C:\Windows\System\YPXuSJZ.exe

C:\Windows\System\YPXuSJZ.exe

C:\Windows\System\fVutnwA.exe

C:\Windows\System\fVutnwA.exe

C:\Windows\System\xnOFTkq.exe

C:\Windows\System\xnOFTkq.exe

C:\Windows\System\fziQlTo.exe

C:\Windows\System\fziQlTo.exe

C:\Windows\System\qPtjHxE.exe

C:\Windows\System\qPtjHxE.exe

C:\Windows\System\IdEnELK.exe

C:\Windows\System\IdEnELK.exe

C:\Windows\System\LEpGopa.exe

C:\Windows\System\LEpGopa.exe

C:\Windows\System\BBCtzBk.exe

C:\Windows\System\BBCtzBk.exe

C:\Windows\System\AUQNTxi.exe

C:\Windows\System\AUQNTxi.exe

C:\Windows\System\HmfwfPa.exe

C:\Windows\System\HmfwfPa.exe

C:\Windows\System\oCiOVqh.exe

C:\Windows\System\oCiOVqh.exe

C:\Windows\System\ckgvqDm.exe

C:\Windows\System\ckgvqDm.exe

C:\Windows\System\uOqOJYg.exe

C:\Windows\System\uOqOJYg.exe

C:\Windows\System\ejijxAL.exe

C:\Windows\System\ejijxAL.exe

C:\Windows\System\QdfFyJV.exe

C:\Windows\System\QdfFyJV.exe

C:\Windows\System\nlzLuDZ.exe

C:\Windows\System\nlzLuDZ.exe

C:\Windows\System\mMOuoFf.exe

C:\Windows\System\mMOuoFf.exe

C:\Windows\System\cQVlljD.exe

C:\Windows\System\cQVlljD.exe

C:\Windows\System\CSjqiOs.exe

C:\Windows\System\CSjqiOs.exe

C:\Windows\System\loMowTl.exe

C:\Windows\System\loMowTl.exe

C:\Windows\System\XStuCBd.exe

C:\Windows\System\XStuCBd.exe

C:\Windows\System\iPkIawW.exe

C:\Windows\System\iPkIawW.exe

C:\Windows\System\FFgCliv.exe

C:\Windows\System\FFgCliv.exe

C:\Windows\System\vgJFslB.exe

C:\Windows\System\vgJFslB.exe

C:\Windows\System\hyOVspN.exe

C:\Windows\System\hyOVspN.exe

C:\Windows\System\upZjuXX.exe

C:\Windows\System\upZjuXX.exe

C:\Windows\System\ZCZJbEV.exe

C:\Windows\System\ZCZJbEV.exe

C:\Windows\System\tWlCfii.exe

C:\Windows\System\tWlCfii.exe

C:\Windows\System\bwTXujx.exe

C:\Windows\System\bwTXujx.exe

C:\Windows\System\OYprLDd.exe

C:\Windows\System\OYprLDd.exe

C:\Windows\System\aILFPdn.exe

C:\Windows\System\aILFPdn.exe

C:\Windows\System\FyyqzHC.exe

C:\Windows\System\FyyqzHC.exe

C:\Windows\System\WSjBhjU.exe

C:\Windows\System\WSjBhjU.exe

C:\Windows\System\KgIstiK.exe

C:\Windows\System\KgIstiK.exe

C:\Windows\System\VxpJAHi.exe

C:\Windows\System\VxpJAHi.exe

C:\Windows\System\okfIdsR.exe

C:\Windows\System\okfIdsR.exe

C:\Windows\System\nNBQfbe.exe

C:\Windows\System\nNBQfbe.exe

C:\Windows\System\UjMIbBT.exe

C:\Windows\System\UjMIbBT.exe

C:\Windows\System\xSsDExC.exe

C:\Windows\System\xSsDExC.exe

C:\Windows\System\VFedYjg.exe

C:\Windows\System\VFedYjg.exe

C:\Windows\System\LBXDhuJ.exe

C:\Windows\System\LBXDhuJ.exe

C:\Windows\System\aPMUqRD.exe

C:\Windows\System\aPMUqRD.exe

C:\Windows\System\oOrrtuu.exe

C:\Windows\System\oOrrtuu.exe

C:\Windows\System\OSukmfA.exe

C:\Windows\System\OSukmfA.exe

C:\Windows\System\AhvvvTJ.exe

C:\Windows\System\AhvvvTJ.exe

C:\Windows\System\kWmPxtB.exe

C:\Windows\System\kWmPxtB.exe

C:\Windows\System\kvXoRaR.exe

C:\Windows\System\kvXoRaR.exe

C:\Windows\System\ELqRQIo.exe

C:\Windows\System\ELqRQIo.exe

C:\Windows\System\OJTTrNv.exe

C:\Windows\System\OJTTrNv.exe

C:\Windows\System\nLErmAr.exe

C:\Windows\System\nLErmAr.exe

C:\Windows\System\zMCFqHw.exe

C:\Windows\System\zMCFqHw.exe

C:\Windows\System\KZzVaax.exe

C:\Windows\System\KZzVaax.exe

C:\Windows\System\PVqHIBX.exe

C:\Windows\System\PVqHIBX.exe

C:\Windows\System\zTwYFhw.exe

C:\Windows\System\zTwYFhw.exe

C:\Windows\System\XrAhPjV.exe

C:\Windows\System\XrAhPjV.exe

C:\Windows\System\vgvgDll.exe

C:\Windows\System\vgvgDll.exe

C:\Windows\System\BptiLuQ.exe

C:\Windows\System\BptiLuQ.exe

C:\Windows\System\xvquXft.exe

C:\Windows\System\xvquXft.exe

C:\Windows\System\VjgHdSN.exe

C:\Windows\System\VjgHdSN.exe

C:\Windows\System\gEjuSAk.exe

C:\Windows\System\gEjuSAk.exe

C:\Windows\System\WFNPvFn.exe

C:\Windows\System\WFNPvFn.exe

C:\Windows\System\zwXToDk.exe

C:\Windows\System\zwXToDk.exe

C:\Windows\System\aEcoQRY.exe

C:\Windows\System\aEcoQRY.exe

C:\Windows\System\dCFMnnq.exe

C:\Windows\System\dCFMnnq.exe

C:\Windows\System\sToiEXU.exe

C:\Windows\System\sToiEXU.exe

C:\Windows\System\gZCyuFO.exe

C:\Windows\System\gZCyuFO.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1500-0-0x00007FF71C950000-0x00007FF71CCA4000-memory.dmp

memory/1500-1-0x0000024489920000-0x0000024489930000-memory.dmp

C:\Windows\System\ASAROsm.exe

MD5 14a2c33372941c71bf8a4984a86c32d3
SHA1 687162416c9422275ed403c1c5480aead0afcfc9
SHA256 4ceb9072be4950b760a0a0b045a8af5184176fb4c525d6fb4010a87ffe1a796f
SHA512 3733a7e7bfda77b2a20b919a66277f79dbda57134a0fbdf178c6171d5122d44d02aa6d8e0e1324ee9d5e3e8ad5856a09f6f0e9206e6cd153948ba47b2c08d864

memory/4940-9-0x00007FF6BF020000-0x00007FF6BF374000-memory.dmp

C:\Windows\System\ErnZfyi.exe

MD5 41e0fa419ce5657423b8d1cf44e41f8e
SHA1 e3f47feb24e631bc9967d4190cd41697eb4e7124
SHA256 6ce02b377cfee90a65e2fb0dca9287a71a0c2b9828b0a7d7a0f26a155ae05e15
SHA512 b1f2e7579a89e9c7419d74b4943ef5bdac64a20854a33db0de36aebb2afed6cd6c16b3b33b551ccaf77995e84ac3142e76a5fb13e7e408d8a2e154003699358e

C:\Windows\System\GEbHppf.exe

MD5 12719cef42ba13e784ccb157eb9b7cd8
SHA1 9546402dd1c6e54901543988e1551d9cfa6fb82b
SHA256 96c6d48432818a478daba57202f43eaaa15b3028fb56f6e6717caebe07646992
SHA512 369e233b9824588f4d647f3e773127d4ea46fcbf7a7b9a350c05311f0d8607ecefc5b017f8a00171ef355ce25181b392ae3fa74807088d0ec218172ca9c60f9d

memory/1012-16-0x00007FF6BF540000-0x00007FF6BF894000-memory.dmp

memory/3280-22-0x00007FF6C1A80000-0x00007FF6C1DD4000-memory.dmp

C:\Windows\System\LAeGFHQ.exe

MD5 95bcce312b84b1c69047258c7b4a2513
SHA1 a9009947be0124c243f1d3c756148351271651c4
SHA256 d5df0cf8543c5f981ae5cdde7b011ef186bc8c57bd4783f86180f711457b6893
SHA512 881a2e3e1f64d3684ed0326e975d5911c6763a1bf1f2cdfc1a6d1a073c649dd083c053b405fed30985939def2ccf0076c6cd036902afbe3321c4390e84dd8189

C:\Windows\System\eijzzjT.exe

MD5 82a35c4e2c99bca7aedc4c80714e5cae
SHA1 4ebfe617fb525660f25264d0eefa45da2c76a98c
SHA256 1fcf586bdc770f1b982dcc06e0b4f7f838aad9054b2503b6a7d275d11f5924fc
SHA512 20ee9df02c573208d5b681c2e2770424df488b5c01d9372a25188de7da827c02a99c442028e653937f7e77173cdf9e814e5fd214a98e503e2e9652e12e9e13d5

C:\Windows\System\fQAhmkB.exe

MD5 1e0c1aeb97c2bc2f195e93167aa01d18
SHA1 9ec20c9ecf00b1c545306f378af7a6024be2fee3
SHA256 3055706cf91f5b7d72756cb93ac5c66bd89e347774dce42b050b857441bb9762
SHA512 7ad9aed0ce827d85bb1719caefbf9167b3c2c0310c99a4686dcc6c03eeec5303ebe828639e2b4ae20da386c4e66c5ddfebf42fcd48fa79879211f2c7d79667d6

C:\Windows\System\Vwlvkjo.exe

MD5 e63a9f040af8b79ea27810a2da5964ba
SHA1 d2394e204d8ee6b9e8476e6d4a9f949da78504fa
SHA256 b5cfe814cc495bfe7cdc7e2deb8467eb54328f7850e5cb8b29a6fe6ef35cc443
SHA512 5279cfd62228f6c3adedf1a88272021ec901195d6455c9b4a26620c5e15ca6b5e3ba085d3ee52de9dc3b1f1a3b17c2312fae207c9011f34a8df47e173aa87b7a

C:\Windows\System\lWynXwB.exe

MD5 ba4fcf236cff8124533df6d98fee8bdc
SHA1 733e8e02cefb0a4b81d4f46bc3778fa9a2bab8f2
SHA256 b9f4117bf45a8cca678a8bb7a138be80fc81a00bc2ed119b184a68487158caf6
SHA512 d0c15fb8b7be89c27a47be341039c07693f0caa81e73c895cb07359c1d25f5af33f50f14bddb172255182d8715cc00b8a49c86842f4f0ae9fd0367f0e8f9692f

C:\Windows\System\uMdknbV.exe

MD5 5ee705630221f722a04723cdfe258cc5
SHA1 be528e775bc58a2bf3c41bbfd6c2cfd35d61f073
SHA256 b09701980b74bf6e092c6582da90d3bf566bb838e908e66672cf9c884257acc4
SHA512 35313bded65b95e20ba8fac472ab2f02135ccd55fc99ce0de293313c19d8dad09fd73712fd1f4c57995906256607b4122f90dd29f8ec10e4803f9c3e05d705be

C:\Windows\System\gNUcbfx.exe

MD5 a06424feafcfe55bb0f6de8f19f3e691
SHA1 e971e25f727f85679e700b5433096e6faa03b3de
SHA256 b39f785b0664a755187b75b86f7fb38dc0f311a9910d37a08684059a62148f92
SHA512 7385cf5ccd3f7f8caa7c4670a21ee85294f80ecae6025f67f2c36000fdb75dfd5287f74107dde448841cb5e20caf02d3155c76e110187bba491c74f6a970e3ed

C:\Windows\System\Ilwndzc.exe

MD5 f84ce2070790c4f60625cb8f46d7b658
SHA1 ce8adc1c0e6f13a43e96c0b2e9f80d2cbb8f92e4
SHA256 dc6e13e4b0d0dcb07ac4033e295f452a255f05190f083a4e31da43a7e50b95a0
SHA512 8aa823c823a6990b24bd46650458d9a92e39748c8b529f0db08c838f65c684b7221a7069ff11db637e74b2dfb41fdb8834f683be82294df36c5540847340e380

C:\Windows\System\LZNWvuQ.exe

MD5 0830ae3c181df4a16ca1eb46b10b9131
SHA1 50ea6babebf857222bc08e52c583728cdda97b61
SHA256 0b78d1d94919d3b776a9770d5986014eec4bbe96005a7d9c0085d10deb1b1690
SHA512 1c1da6299e021f617af101481b4a3176d885e26bc3d9ea258d374eddd9b4b3fb8ab765fec1cea4bbf428833da92279bb856c212e36e706286e189dcac1019c7a

memory/3632-181-0x00007FF6FCF10000-0x00007FF6FD264000-memory.dmp

memory/2344-187-0x00007FF60DB20000-0x00007FF60DE74000-memory.dmp

memory/1620-192-0x00007FF79D1A0000-0x00007FF79D4F4000-memory.dmp

memory/3808-194-0x00007FF63D750000-0x00007FF63DAA4000-memory.dmp

memory/3904-193-0x00007FF69D350000-0x00007FF69D6A4000-memory.dmp

memory/4008-191-0x00007FF73C0D0000-0x00007FF73C424000-memory.dmp

memory/556-190-0x00007FF636EB0000-0x00007FF637204000-memory.dmp

memory/4316-189-0x00007FF612180000-0x00007FF6124D4000-memory.dmp

memory/3744-188-0x00007FF6A4AE0000-0x00007FF6A4E34000-memory.dmp

memory/2636-186-0x00007FF71F9E0000-0x00007FF71FD34000-memory.dmp

memory/3584-185-0x00007FF786B60000-0x00007FF786EB4000-memory.dmp

memory/4500-184-0x00007FF601EF0000-0x00007FF602244000-memory.dmp

memory/2544-183-0x00007FF7316B0000-0x00007FF731A04000-memory.dmp

memory/3420-182-0x00007FF6B9940000-0x00007FF6B9C94000-memory.dmp

memory/3836-180-0x00007FF7720C0000-0x00007FF772414000-memory.dmp

memory/2004-177-0x00007FF6A6DC0000-0x00007FF6A7114000-memory.dmp

memory/1436-176-0x00007FF762240000-0x00007FF762594000-memory.dmp

C:\Windows\System\wFeQodn.exe

MD5 3596ae38e3269f50c8d0a1656214fe4c
SHA1 8648ca259f04540a8ff2819ac928a3a269f8586f
SHA256 2beed42c524c49a998c9dbf14142856726a26abc5329d5d96c264e98510e0316
SHA512 30773907a9e6f7c1c095c8bb635fe1c2d4ffce954219216f53757ffa8a7fe6e8bcac290a859c266a0ac202d5b15463b25166ac5dfd13af86c7387d9dd01dc886

C:\Windows\System\AqMPxVR.exe

MD5 784bfd9d6abc6d10aa9f7e65eae91e9f
SHA1 60712cbfe2431e604e5f9ec0f9f4d160e6951026
SHA256 049936f283cfea5275253140078433e02c1040dbe91612fe644ed4f43d0a5739
SHA512 2fca02e214964c4c91fdd5841a5395fea1df244483d8e43973a5410ee693d2a7bbedb99b5878add19d081d87d600d196da23026f3484b1736916ef38963f20df

C:\Windows\System\DXnDUYn.exe

MD5 381543c003fb560a54c744ac968f7f34
SHA1 bef1c7d497fc0123360349fa4c4329fd0b50bf94
SHA256 af254c7c7d95851b24b381534e053930d7e349458940ae13cd6090689c8ce50e
SHA512 91a0bd7e5aef8b631b67a0c0f94e399b948da44daf6feafc581de5495186133ef7706a39884062c65fe3ed1ad80ea1d0213224ebc6b6bce5f745321563685db4

C:\Windows\System\CGtxVSR.exe

MD5 735c2ffe2168ea41e35c46da448e03d6
SHA1 15f7872efb2c005eba323d2b39cf7577b17b4acc
SHA256 8c986ecc0c9dc09d4bb4100e6ca9e3ff96bd157a49a16b9884a3e4831320ea31
SHA512 87d33db5f6b48e1cf65f1fbd541fa2705890c46e8d067dacce9dd7844d90782ac1fd3be1e69f63e281787c689a163645875336242228cd070f6dd18352262d56

memory/2888-165-0x00007FF63FDB0000-0x00007FF640104000-memory.dmp

C:\Windows\System\gJxTFsd.exe

MD5 7eb6c98f02f9d156e189e24a50ccee12
SHA1 0d4cf1674bba23defa7b7b3ba191ca6335723481
SHA256 66512a533ae75a5791da6d024ba062db6b6a86b164abfeffb8002156a05157b5
SHA512 40856421c5f26bb0a70fc072dfecd70731f17a0a8d3e555088b541da978454201330d837526b8f156d003bd18d5ddcc823ac342e24c5a29c32f032678a7588c2

C:\Windows\System\WTKEPrq.exe

MD5 d8fa928b71fc40e9f91112df09c3a490
SHA1 a0b5405a8f4401869f70d4bf54dc6a1e177f55a3
SHA256 b78ab0de89b0cc8ee38962a476cbc108b25f7f88e5f849773f8868afa263f4b3
SHA512 713f22e68bbf392110dad6d486049c216a22faf73256d814e78c0d95cac9f7192c07368053f50c2d6566770ad6968cfc947c879df25f17b85ce127e2728c12e4

C:\Windows\System\rDYtype.exe

MD5 f07e8423d3164c7b4551c410fdb6fc37
SHA1 cb340d4d9ce934dd9538e84d1f99b08acd0d30ad
SHA256 34baed01bb4416743d882c265c95ba85c16f84e191a0a29a3ab029fec5b9b519
SHA512 e6d45edb09a1b8fb8642fe9f53173bc0d219cbcf949cbea1b970727990991486d9ce8637719494d7529d636bef8bc4efcdb74e6c8fe7c4c34e3c9965927ef8a9

memory/660-160-0x00007FF7549F0000-0x00007FF754D44000-memory.dmp

C:\Windows\System\GNwVznQ.exe

MD5 7b2e1d05eeb9412cf3785c9d0e5c37bf
SHA1 1961440b03a6d116139061df400c529703705f6b
SHA256 b8970a5d5c8593464048424264424054bd80e460c12497b183774f5922ffa257
SHA512 e47f8b556ae52f051a18201b2becd2630edaaaba3673dc0f064fcfb506e85129e19c81760b2f10f89a555d2603bb47e53a0fe32279d514f1533c693aa0202e26

C:\Windows\System\qnQGqxg.exe

MD5 71ebdbc0487d1d446b3af0fbbc0b6086
SHA1 f4778d3d7957128fdee47e77ab226d55e351d296
SHA256 a5179f562e35a3237908f2f513185b8ed23e065bc10340ab6dadb0e785f7dbcf
SHA512 38986fede37b9e9715a08b838bc90a4a240b4dc85d5f72cc19fca38d724e098f546ad8d886f5debe1467e65a730e4be55104ee3ee9a59540d57e4111e8923718

C:\Windows\System\hmctvSu.exe

MD5 0457a1d3d8b6978bbf15b3277d7e3f56
SHA1 f1977f02d1b45cf5d11b3d439c3db449be1b00ab
SHA256 cb70a4e6d6b835431e3a9b0f9103caa70f7cb2ac478232e7578af740186221c8
SHA512 1a15c268134d8431b55bbe60779b58952c069e98dbaf076b23d398e9a3d1bcf695a10b87fcbb102c970641bdfcd9a9da2def41955122f0d8c892557231ebce66

C:\Windows\System\HuIbqTB.exe

MD5 564c494b4ec6d29ba30cacaf4c31fb6b
SHA1 c4848795dc2a341471b5d54f87869aaa8835f56f
SHA256 3643299d66ebc0589cc9501186d2d0bdd155794644bf872155efea99f0529508
SHA512 95c86bef3d37a21e32a603ea7c5eec05e53da78d0dd6b66b74b2aef6c05502cf2fefb42cf7a43b774153023269189d4400848cbfa35dde224c872d2242ea14ca

memory/1300-138-0x00007FF760900000-0x00007FF760C54000-memory.dmp

C:\Windows\System\ZJpIruA.exe

MD5 ac1dc3772661cefcad164b60f202708b
SHA1 57fca8880254df7ea4c9d5b2ffaca579080d14e7
SHA256 eaef312c7f5011fb53430352093c9443d3db56d0ef648654c155a795af021bcb
SHA512 52975252e7a3bab6f8abc1da1588a3185f114a9b055618ce9ba2e8ea57c92dc4fbb7471e0bd75b34a8e63d4dd04304771b80a6d6fc5d21f95c6689ed81c3377b

memory/5016-122-0x00007FF6ECF10000-0x00007FF6ED264000-memory.dmp

C:\Windows\System\OtWxasP.exe

MD5 87fb8395560ad603c1a89ea74993bf7f
SHA1 7c9d9eca2650cbe23ee71efbd8a3d45cfdbc871c
SHA256 b95c18c9f40b2712f524d7398a53b265bb47c43f14d3185a8bd0f065e248b9a7
SHA512 50fef3fc4a2515c788d6ec8825b296fd50a3bc0b9665cb4c0fa4a67b9b9089d837a492fb9493ef4e46f7c14bf9bfdef00fe096455e34b72bf0243843c117567a

memory/1772-109-0x00007FF6921F0000-0x00007FF692544000-memory.dmp

memory/3980-106-0x00007FF7ED8F0000-0x00007FF7EDC44000-memory.dmp

C:\Windows\System\aPNKjQV.exe

MD5 9b3d33111058e6ecc3421e3ff0dfa165
SHA1 117e684371db36858311f0bf6539a09d63da0af9
SHA256 a8414880e73849331a6cf482ea68aff6da4d849f6263e45361743ae5e9f0bb8a
SHA512 bf03d0ea7ad08834c081c25e2cba1935bb4f519149519fdd4a685e5eebb8d8311077715a1b4bd672668958cddd7862141ca334b5f37f1a5520884fc512515c7a

memory/1504-90-0x00007FF6485E0000-0x00007FF648934000-memory.dmp

C:\Windows\System\FiFdXhH.exe

MD5 cd369eff731f4fdc0782c695faaaee47
SHA1 a98833fa50986212a5f3899e3b0d0e049d230ddf
SHA256 02438743d642404f1c4c4c039524cd751ef660998b55085452e405a511ba4440
SHA512 c629d001fd4220cbd49c1fbfada9e463353b57830f1706e34ec3de46f87da36c1a9786f2ff51582d2594e74ac1c82c26573b58fa9f3e9d2aa7d2312b6688cd9e

C:\Windows\System\LHlXjiR.exe

MD5 ea098d7dd8e10bbfac5046ed813899da
SHA1 f591fa1afa9ed04e6a9ff48cd2dd4ab342bfb861
SHA256 bac384d94c70d39e6d3c1faee7be4c9ce55484adb383ca5419115f317be595d9
SHA512 1a031c936ad741d5a93a65e5800c6dc825da30d525b1d2f743c71b6ed1cfe6f027842e62b4dadd513c7140f7e6f2cab3f901c7704b60064bcc988e12e2f5a774

C:\Windows\System\tIODCsn.exe

MD5 17630512f1950e393e9510cd75e780a6
SHA1 b12d1bbde0dbdd2f7c01865264a772a8f3a06bbd
SHA256 e99aa462c993acc7952d71a0f9a6ea6dd985516215d304edca9a19b96c0ebfd0
SHA512 d930074f9d8eb62b89256cf45a39e85f81053bfba0ec15c76642daf5172c8c217a6713307803976f45226f946b555906f5a8a7707285bb222281ca0e7915f19d

C:\Windows\System\gBzjWZc.exe

MD5 c3856a42934043048772328815e83403
SHA1 4342431affea61761e0429441d8997754fbd1cd7
SHA256 7959ad75bcb93391de63dd041101390fce53d223937732cc562421c731207685
SHA512 919f00d334a566ad2f79120238dcad7709d953de56302992dd90ad1d63b6f9d0d09c1402c91a27bf2ef9f4f0278dbf879fde48d0faea2bea87552f6c864a82da

C:\Windows\System\qGZSaCT.exe

MD5 58e939f204312ed01017ff51a2dc2b94
SHA1 b776f64ca2910ca3d8e90e239e1cb5147b0e5d9f
SHA256 397cfde12202ba0844ce7ee5da98830725932f353939d46ae92f0ddff0c5ccbe
SHA512 8d301ee524b56685681caf219a1a3b8623c376a4a6f8d15b45b534927bc58a788261643b37c95886f68e0cb1a091be9b0a4a0f09910a390391051e7448e05106

C:\Windows\System\dpmWkYz.exe

MD5 13eb1c6af068ec41c49114c4bfeca9c4
SHA1 6988c791742bc6376fbb94a279ea8807ef9fd0e4
SHA256 c0ca34151e96b6fd697b7cc3d5cbbb20c5da8de3bb79e09566a2dd91d337b296
SHA512 260e3342240fa4abe3c915d6b5372d33124be0c00a896b96191a670a20cbcf6fef84c26d0ee5ed6c1f03db53ef7c62d6f816da986a735135bac76bc7ea3c4461

memory/532-42-0x00007FF711EA0000-0x00007FF7121F4000-memory.dmp

memory/3432-34-0x00007FF607DA0000-0x00007FF6080F4000-memory.dmp

C:\Windows\System\ogYLQop.exe

MD5 7a1bd5d9649b0604473e3e8b263b6b6a
SHA1 ade9b6382ec1ebab9a6e669dee9078d2b2a572eb
SHA256 f413c2d13443ac10d6d0f1b4b3d6e2bf210236b42fac6d4ee6df060161c05307
SHA512 5ebfd089fb6e14cb6a2592361b893f64766b16f71eea85e4c58da6c8212390577e8c410545d9949a486dc76b2730ec7a6d38aaf8057cad95149fb1399a6b10cf

memory/1500-1069-0x00007FF71C950000-0x00007FF71CCA4000-memory.dmp

memory/4940-1070-0x00007FF6BF020000-0x00007FF6BF374000-memory.dmp

memory/4940-1071-0x00007FF6BF020000-0x00007FF6BF374000-memory.dmp

memory/1012-1072-0x00007FF6BF540000-0x00007FF6BF894000-memory.dmp

memory/3280-1073-0x00007FF6C1A80000-0x00007FF6C1DD4000-memory.dmp

memory/3432-1074-0x00007FF607DA0000-0x00007FF6080F4000-memory.dmp

memory/532-1075-0x00007FF711EA0000-0x00007FF7121F4000-memory.dmp

memory/1504-1076-0x00007FF6485E0000-0x00007FF648934000-memory.dmp

memory/1772-1077-0x00007FF6921F0000-0x00007FF692544000-memory.dmp

memory/3980-1079-0x00007FF7ED8F0000-0x00007FF7EDC44000-memory.dmp

memory/5016-1078-0x00007FF6ECF10000-0x00007FF6ED264000-memory.dmp

memory/4316-1081-0x00007FF612180000-0x00007FF6124D4000-memory.dmp

memory/556-1080-0x00007FF636EB0000-0x00007FF637204000-memory.dmp

memory/4500-1093-0x00007FF601EF0000-0x00007FF602244000-memory.dmp

memory/2004-1094-0x00007FF6A6DC0000-0x00007FF6A7114000-memory.dmp

memory/1620-1095-0x00007FF79D1A0000-0x00007FF79D4F4000-memory.dmp

memory/3836-1092-0x00007FF7720C0000-0x00007FF772414000-memory.dmp

memory/3420-1091-0x00007FF6B9940000-0x00007FF6B9C94000-memory.dmp

memory/2544-1090-0x00007FF7316B0000-0x00007FF731A04000-memory.dmp

memory/3584-1089-0x00007FF786B60000-0x00007FF786EB4000-memory.dmp

memory/2636-1088-0x00007FF71F9E0000-0x00007FF71FD34000-memory.dmp

memory/1300-1087-0x00007FF760900000-0x00007FF760C54000-memory.dmp

memory/660-1086-0x00007FF7549F0000-0x00007FF754D44000-memory.dmp

memory/2888-1085-0x00007FF63FDB0000-0x00007FF640104000-memory.dmp

memory/1436-1084-0x00007FF762240000-0x00007FF762594000-memory.dmp

memory/3632-1083-0x00007FF6FCF10000-0x00007FF6FD264000-memory.dmp

memory/4008-1082-0x00007FF73C0D0000-0x00007FF73C424000-memory.dmp

memory/3904-1096-0x00007FF69D350000-0x00007FF69D6A4000-memory.dmp

memory/3808-1099-0x00007FF63D750000-0x00007FF63DAA4000-memory.dmp

memory/2344-1098-0x00007FF60DB20000-0x00007FF60DE74000-memory.dmp

memory/3744-1097-0x00007FF6A4AE0000-0x00007FF6A4E34000-memory.dmp