Malware Analysis Report

2024-10-10 09:17

Sample ID 240625-hzl95sygnp
Target 3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe
SHA256 3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371

Threat Level: Known bad

The file 3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

KPOT Core Executable

Kpot family

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 07:10

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 07:10

Reported

2024-06-25 07:13

Platform

win7-20240508-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fClWUJm.exe N/A
N/A N/A C:\Windows\System\WBopybn.exe N/A
N/A N/A C:\Windows\System\GtdMeOS.exe N/A
N/A N/A C:\Windows\System\dpliaGx.exe N/A
N/A N/A C:\Windows\System\LlxowuO.exe N/A
N/A N/A C:\Windows\System\ZOZcDEh.exe N/A
N/A N/A C:\Windows\System\mKdtquH.exe N/A
N/A N/A C:\Windows\System\PrWJovK.exe N/A
N/A N/A C:\Windows\System\afidhOb.exe N/A
N/A N/A C:\Windows\System\cvaiZTc.exe N/A
N/A N/A C:\Windows\System\lvAFnUL.exe N/A
N/A N/A C:\Windows\System\jfQoCqp.exe N/A
N/A N/A C:\Windows\System\iGLzoRW.exe N/A
N/A N/A C:\Windows\System\pZdenbz.exe N/A
N/A N/A C:\Windows\System\VhtwbVE.exe N/A
N/A N/A C:\Windows\System\hbzIKTQ.exe N/A
N/A N/A C:\Windows\System\XMeUXnf.exe N/A
N/A N/A C:\Windows\System\yGLzuqq.exe N/A
N/A N/A C:\Windows\System\CCRTVXO.exe N/A
N/A N/A C:\Windows\System\VgRDIfI.exe N/A
N/A N/A C:\Windows\System\kxMaOHC.exe N/A
N/A N/A C:\Windows\System\jqDhRcd.exe N/A
N/A N/A C:\Windows\System\YHYmhnj.exe N/A
N/A N/A C:\Windows\System\KFCcmEG.exe N/A
N/A N/A C:\Windows\System\WyzRFKr.exe N/A
N/A N/A C:\Windows\System\GqZvaQP.exe N/A
N/A N/A C:\Windows\System\HXwJwOd.exe N/A
N/A N/A C:\Windows\System\pzqDaaP.exe N/A
N/A N/A C:\Windows\System\hLGUETu.exe N/A
N/A N/A C:\Windows\System\DuXtqkv.exe N/A
N/A N/A C:\Windows\System\TDgBzHI.exe N/A
N/A N/A C:\Windows\System\mKkjqhu.exe N/A
N/A N/A C:\Windows\System\scPqoOp.exe N/A
N/A N/A C:\Windows\System\VlINIti.exe N/A
N/A N/A C:\Windows\System\wTBVjvy.exe N/A
N/A N/A C:\Windows\System\yRQrTLO.exe N/A
N/A N/A C:\Windows\System\lOdSQqN.exe N/A
N/A N/A C:\Windows\System\HwEWREh.exe N/A
N/A N/A C:\Windows\System\utyJQfw.exe N/A
N/A N/A C:\Windows\System\laOSjxc.exe N/A
N/A N/A C:\Windows\System\eAbbSvM.exe N/A
N/A N/A C:\Windows\System\jQHLpqj.exe N/A
N/A N/A C:\Windows\System\UnQhNDD.exe N/A
N/A N/A C:\Windows\System\FmCtbKF.exe N/A
N/A N/A C:\Windows\System\TTQiTbD.exe N/A
N/A N/A C:\Windows\System\dJdUBBE.exe N/A
N/A N/A C:\Windows\System\eFGkpUx.exe N/A
N/A N/A C:\Windows\System\IpfLirf.exe N/A
N/A N/A C:\Windows\System\cdNDMlC.exe N/A
N/A N/A C:\Windows\System\fDjKrUA.exe N/A
N/A N/A C:\Windows\System\GmaDNJx.exe N/A
N/A N/A C:\Windows\System\XNOpHpd.exe N/A
N/A N/A C:\Windows\System\rkLzMKD.exe N/A
N/A N/A C:\Windows\System\OAuHsRw.exe N/A
N/A N/A C:\Windows\System\ZwdURTU.exe N/A
N/A N/A C:\Windows\System\NfyjMuG.exe N/A
N/A N/A C:\Windows\System\VwuaLsq.exe N/A
N/A N/A C:\Windows\System\KLBlnhz.exe N/A
N/A N/A C:\Windows\System\dxUhyhG.exe N/A
N/A N/A C:\Windows\System\iWXEeOZ.exe N/A
N/A N/A C:\Windows\System\cFHCieG.exe N/A
N/A N/A C:\Windows\System\wDABSUY.exe N/A
N/A N/A C:\Windows\System\YcUwied.exe N/A
N/A N/A C:\Windows\System\enDhAld.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OGKpLSe.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohuBEfb.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\LyLbgrX.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpMxuvm.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtznZVy.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\jQsGwoY.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECQouat.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKPVUNn.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\eoUlHRU.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoxlAlt.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwcVFvl.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxOENtA.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\AowlSKE.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\HJvqEEs.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulQOPNR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsKbPVX.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSrlcCB.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwEWREh.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\quYpkmf.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkIpxbt.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxaAYvR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnMVkAH.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\laOSjxc.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUXTNVE.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXZzwrr.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSdCxnO.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\azxtTXV.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCvSUmb.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwdURTU.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIJZXTg.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTGMxcy.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRJlyrf.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\zNRhXaI.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCRTVXO.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXwJwOd.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHVetKy.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwDOLkg.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCpKhxe.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\MyoYZdV.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\wBfTesT.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYxeBZA.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\xabviqI.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZyObkc.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\chZxWMP.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnHHphs.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\DignCpU.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhMCRNi.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkJbyvx.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxMaOHC.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyIMTUQ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpDklBc.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCyRyaF.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwFxROu.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\jylFEeS.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\fClWUJm.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLfIWqZ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeNULPk.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\fiSDDQB.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmCtbKF.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBaLPCh.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgujqKK.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJUELfR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajUTgWp.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZZqFBR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\fClWUJm.exe
PID 2236 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\fClWUJm.exe
PID 2236 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\fClWUJm.exe
PID 2236 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\WBopybn.exe
PID 2236 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\WBopybn.exe
PID 2236 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\WBopybn.exe
PID 2236 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\GtdMeOS.exe
PID 2236 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\GtdMeOS.exe
PID 2236 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\GtdMeOS.exe
PID 2236 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\dpliaGx.exe
PID 2236 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\dpliaGx.exe
PID 2236 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\dpliaGx.exe
PID 2236 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LlxowuO.exe
PID 2236 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LlxowuO.exe
PID 2236 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LlxowuO.exe
PID 2236 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\ZOZcDEh.exe
PID 2236 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\ZOZcDEh.exe
PID 2236 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\ZOZcDEh.exe
PID 2236 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\mKdtquH.exe
PID 2236 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\mKdtquH.exe
PID 2236 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\mKdtquH.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\PrWJovK.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\PrWJovK.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\PrWJovK.exe
PID 2236 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\afidhOb.exe
PID 2236 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\afidhOb.exe
PID 2236 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\afidhOb.exe
PID 2236 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\cvaiZTc.exe
PID 2236 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\cvaiZTc.exe
PID 2236 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\cvaiZTc.exe
PID 2236 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\lvAFnUL.exe
PID 2236 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\lvAFnUL.exe
PID 2236 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\lvAFnUL.exe
PID 2236 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jfQoCqp.exe
PID 2236 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jfQoCqp.exe
PID 2236 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jfQoCqp.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\iGLzoRW.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\iGLzoRW.exe
PID 2236 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\iGLzoRW.exe
PID 2236 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\pZdenbz.exe
PID 2236 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\pZdenbz.exe
PID 2236 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\pZdenbz.exe
PID 2236 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VhtwbVE.exe
PID 2236 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VhtwbVE.exe
PID 2236 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VhtwbVE.exe
PID 2236 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\hbzIKTQ.exe
PID 2236 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\hbzIKTQ.exe
PID 2236 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\hbzIKTQ.exe
PID 2236 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\XMeUXnf.exe
PID 2236 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\XMeUXnf.exe
PID 2236 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\XMeUXnf.exe
PID 2236 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\yGLzuqq.exe
PID 2236 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\yGLzuqq.exe
PID 2236 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\yGLzuqq.exe
PID 2236 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\CCRTVXO.exe
PID 2236 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\CCRTVXO.exe
PID 2236 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\CCRTVXO.exe
PID 2236 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VgRDIfI.exe
PID 2236 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VgRDIfI.exe
PID 2236 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VgRDIfI.exe
PID 2236 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\kxMaOHC.exe
PID 2236 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\kxMaOHC.exe
PID 2236 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\kxMaOHC.exe
PID 2236 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jqDhRcd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe"

C:\Windows\System\fClWUJm.exe

C:\Windows\System\fClWUJm.exe

C:\Windows\System\WBopybn.exe

C:\Windows\System\WBopybn.exe

C:\Windows\System\GtdMeOS.exe

C:\Windows\System\GtdMeOS.exe

C:\Windows\System\dpliaGx.exe

C:\Windows\System\dpliaGx.exe

C:\Windows\System\LlxowuO.exe

C:\Windows\System\LlxowuO.exe

C:\Windows\System\ZOZcDEh.exe

C:\Windows\System\ZOZcDEh.exe

C:\Windows\System\mKdtquH.exe

C:\Windows\System\mKdtquH.exe

C:\Windows\System\PrWJovK.exe

C:\Windows\System\PrWJovK.exe

C:\Windows\System\afidhOb.exe

C:\Windows\System\afidhOb.exe

C:\Windows\System\cvaiZTc.exe

C:\Windows\System\cvaiZTc.exe

C:\Windows\System\lvAFnUL.exe

C:\Windows\System\lvAFnUL.exe

C:\Windows\System\jfQoCqp.exe

C:\Windows\System\jfQoCqp.exe

C:\Windows\System\iGLzoRW.exe

C:\Windows\System\iGLzoRW.exe

C:\Windows\System\pZdenbz.exe

C:\Windows\System\pZdenbz.exe

C:\Windows\System\VhtwbVE.exe

C:\Windows\System\VhtwbVE.exe

C:\Windows\System\hbzIKTQ.exe

C:\Windows\System\hbzIKTQ.exe

C:\Windows\System\XMeUXnf.exe

C:\Windows\System\XMeUXnf.exe

C:\Windows\System\yGLzuqq.exe

C:\Windows\System\yGLzuqq.exe

C:\Windows\System\CCRTVXO.exe

C:\Windows\System\CCRTVXO.exe

C:\Windows\System\VgRDIfI.exe

C:\Windows\System\VgRDIfI.exe

C:\Windows\System\kxMaOHC.exe

C:\Windows\System\kxMaOHC.exe

C:\Windows\System\jqDhRcd.exe

C:\Windows\System\jqDhRcd.exe

C:\Windows\System\YHYmhnj.exe

C:\Windows\System\YHYmhnj.exe

C:\Windows\System\KFCcmEG.exe

C:\Windows\System\KFCcmEG.exe

C:\Windows\System\WyzRFKr.exe

C:\Windows\System\WyzRFKr.exe

C:\Windows\System\GqZvaQP.exe

C:\Windows\System\GqZvaQP.exe

C:\Windows\System\HXwJwOd.exe

C:\Windows\System\HXwJwOd.exe

C:\Windows\System\pzqDaaP.exe

C:\Windows\System\pzqDaaP.exe

C:\Windows\System\hLGUETu.exe

C:\Windows\System\hLGUETu.exe

C:\Windows\System\DuXtqkv.exe

C:\Windows\System\DuXtqkv.exe

C:\Windows\System\TDgBzHI.exe

C:\Windows\System\TDgBzHI.exe

C:\Windows\System\mKkjqhu.exe

C:\Windows\System\mKkjqhu.exe

C:\Windows\System\scPqoOp.exe

C:\Windows\System\scPqoOp.exe

C:\Windows\System\VlINIti.exe

C:\Windows\System\VlINIti.exe

C:\Windows\System\wTBVjvy.exe

C:\Windows\System\wTBVjvy.exe

C:\Windows\System\yRQrTLO.exe

C:\Windows\System\yRQrTLO.exe

C:\Windows\System\lOdSQqN.exe

C:\Windows\System\lOdSQqN.exe

C:\Windows\System\HwEWREh.exe

C:\Windows\System\HwEWREh.exe

C:\Windows\System\utyJQfw.exe

C:\Windows\System\utyJQfw.exe

C:\Windows\System\laOSjxc.exe

C:\Windows\System\laOSjxc.exe

C:\Windows\System\eAbbSvM.exe

C:\Windows\System\eAbbSvM.exe

C:\Windows\System\UnQhNDD.exe

C:\Windows\System\UnQhNDD.exe

C:\Windows\System\jQHLpqj.exe

C:\Windows\System\jQHLpqj.exe

C:\Windows\System\FmCtbKF.exe

C:\Windows\System\FmCtbKF.exe

C:\Windows\System\TTQiTbD.exe

C:\Windows\System\TTQiTbD.exe

C:\Windows\System\dJdUBBE.exe

C:\Windows\System\dJdUBBE.exe

C:\Windows\System\eFGkpUx.exe

C:\Windows\System\eFGkpUx.exe

C:\Windows\System\IpfLirf.exe

C:\Windows\System\IpfLirf.exe

C:\Windows\System\cdNDMlC.exe

C:\Windows\System\cdNDMlC.exe

C:\Windows\System\fDjKrUA.exe

C:\Windows\System\fDjKrUA.exe

C:\Windows\System\GmaDNJx.exe

C:\Windows\System\GmaDNJx.exe

C:\Windows\System\XNOpHpd.exe

C:\Windows\System\XNOpHpd.exe

C:\Windows\System\rkLzMKD.exe

C:\Windows\System\rkLzMKD.exe

C:\Windows\System\OAuHsRw.exe

C:\Windows\System\OAuHsRw.exe

C:\Windows\System\ZwdURTU.exe

C:\Windows\System\ZwdURTU.exe

C:\Windows\System\NfyjMuG.exe

C:\Windows\System\NfyjMuG.exe

C:\Windows\System\VwuaLsq.exe

C:\Windows\System\VwuaLsq.exe

C:\Windows\System\KLBlnhz.exe

C:\Windows\System\KLBlnhz.exe

C:\Windows\System\dxUhyhG.exe

C:\Windows\System\dxUhyhG.exe

C:\Windows\System\iWXEeOZ.exe

C:\Windows\System\iWXEeOZ.exe

C:\Windows\System\cFHCieG.exe

C:\Windows\System\cFHCieG.exe

C:\Windows\System\wDABSUY.exe

C:\Windows\System\wDABSUY.exe

C:\Windows\System\YcUwied.exe

C:\Windows\System\YcUwied.exe

C:\Windows\System\RXemFkn.exe

C:\Windows\System\RXemFkn.exe

C:\Windows\System\enDhAld.exe

C:\Windows\System\enDhAld.exe

C:\Windows\System\rXBHEZs.exe

C:\Windows\System\rXBHEZs.exe

C:\Windows\System\RfZyiSI.exe

C:\Windows\System\RfZyiSI.exe

C:\Windows\System\Yitxrpv.exe

C:\Windows\System\Yitxrpv.exe

C:\Windows\System\zUorpjl.exe

C:\Windows\System\zUorpjl.exe

C:\Windows\System\CnoMmeB.exe

C:\Windows\System\CnoMmeB.exe

C:\Windows\System\KUXTNVE.exe

C:\Windows\System\KUXTNVE.exe

C:\Windows\System\csgBiTG.exe

C:\Windows\System\csgBiTG.exe

C:\Windows\System\cnWWoui.exe

C:\Windows\System\cnWWoui.exe

C:\Windows\System\xhPzJxN.exe

C:\Windows\System\xhPzJxN.exe

C:\Windows\System\kOQtERn.exe

C:\Windows\System\kOQtERn.exe

C:\Windows\System\UptOGnH.exe

C:\Windows\System\UptOGnH.exe

C:\Windows\System\AhhvNTb.exe

C:\Windows\System\AhhvNTb.exe

C:\Windows\System\kSsSUJe.exe

C:\Windows\System\kSsSUJe.exe

C:\Windows\System\yhyeoWI.exe

C:\Windows\System\yhyeoWI.exe

C:\Windows\System\vLfIWqZ.exe

C:\Windows\System\vLfIWqZ.exe

C:\Windows\System\kCrUbuv.exe

C:\Windows\System\kCrUbuv.exe

C:\Windows\System\EXZzwrr.exe

C:\Windows\System\EXZzwrr.exe

C:\Windows\System\wwcVFvl.exe

C:\Windows\System\wwcVFvl.exe

C:\Windows\System\YdqlvWs.exe

C:\Windows\System\YdqlvWs.exe

C:\Windows\System\nCzONPk.exe

C:\Windows\System\nCzONPk.exe

C:\Windows\System\PihKgVB.exe

C:\Windows\System\PihKgVB.exe

C:\Windows\System\PUgPley.exe

C:\Windows\System\PUgPley.exe

C:\Windows\System\DAxunSR.exe

C:\Windows\System\DAxunSR.exe

C:\Windows\System\PhqLCqw.exe

C:\Windows\System\PhqLCqw.exe

C:\Windows\System\BEEemKQ.exe

C:\Windows\System\BEEemKQ.exe

C:\Windows\System\rlxLQnq.exe

C:\Windows\System\rlxLQnq.exe

C:\Windows\System\mUODfCz.exe

C:\Windows\System\mUODfCz.exe

C:\Windows\System\kJRalhy.exe

C:\Windows\System\kJRalhy.exe

C:\Windows\System\CxOENtA.exe

C:\Windows\System\CxOENtA.exe

C:\Windows\System\WxaAYvR.exe

C:\Windows\System\WxaAYvR.exe

C:\Windows\System\ncjERnl.exe

C:\Windows\System\ncjERnl.exe

C:\Windows\System\BCENfxM.exe

C:\Windows\System\BCENfxM.exe

C:\Windows\System\ZeNULPk.exe

C:\Windows\System\ZeNULPk.exe

C:\Windows\System\OIJZXTg.exe

C:\Windows\System\OIJZXTg.exe

C:\Windows\System\HzYrvxI.exe

C:\Windows\System\HzYrvxI.exe

C:\Windows\System\OGKpLSe.exe

C:\Windows\System\OGKpLSe.exe

C:\Windows\System\qLGeylo.exe

C:\Windows\System\qLGeylo.exe

C:\Windows\System\GnMVkAH.exe

C:\Windows\System\GnMVkAH.exe

C:\Windows\System\YpDklBc.exe

C:\Windows\System\YpDklBc.exe

C:\Windows\System\IAnRqwF.exe

C:\Windows\System\IAnRqwF.exe

C:\Windows\System\qOzqDfC.exe

C:\Windows\System\qOzqDfC.exe

C:\Windows\System\HsgiLJy.exe

C:\Windows\System\HsgiLJy.exe

C:\Windows\System\jQsGwoY.exe

C:\Windows\System\jQsGwoY.exe

C:\Windows\System\JxijVud.exe

C:\Windows\System\JxijVud.exe

C:\Windows\System\gdYrTDk.exe

C:\Windows\System\gdYrTDk.exe

C:\Windows\System\FXtaAcV.exe

C:\Windows\System\FXtaAcV.exe

C:\Windows\System\LqPqJRS.exe

C:\Windows\System\LqPqJRS.exe

C:\Windows\System\bKEfXid.exe

C:\Windows\System\bKEfXid.exe

C:\Windows\System\TCpKhxe.exe

C:\Windows\System\TCpKhxe.exe

C:\Windows\System\DignCpU.exe

C:\Windows\System\DignCpU.exe

C:\Windows\System\wDGQNvq.exe

C:\Windows\System\wDGQNvq.exe

C:\Windows\System\rhwLCoH.exe

C:\Windows\System\rhwLCoH.exe

C:\Windows\System\HeSkeEU.exe

C:\Windows\System\HeSkeEU.exe

C:\Windows\System\MdGqWzN.exe

C:\Windows\System\MdGqWzN.exe

C:\Windows\System\JhMCRNi.exe

C:\Windows\System\JhMCRNi.exe

C:\Windows\System\WLFTtoB.exe

C:\Windows\System\WLFTtoB.exe

C:\Windows\System\aFispVv.exe

C:\Windows\System\aFispVv.exe

C:\Windows\System\CkDDBQh.exe

C:\Windows\System\CkDDBQh.exe

C:\Windows\System\nLsbFHG.exe

C:\Windows\System\nLsbFHG.exe

C:\Windows\System\iBtUjrW.exe

C:\Windows\System\iBtUjrW.exe

C:\Windows\System\zuPKCKi.exe

C:\Windows\System\zuPKCKi.exe

C:\Windows\System\pzKjqlx.exe

C:\Windows\System\pzKjqlx.exe

C:\Windows\System\QxaZpDt.exe

C:\Windows\System\QxaZpDt.exe

C:\Windows\System\ynjlFzP.exe

C:\Windows\System\ynjlFzP.exe

C:\Windows\System\reRvLPn.exe

C:\Windows\System\reRvLPn.exe

C:\Windows\System\OCsImNu.exe

C:\Windows\System\OCsImNu.exe

C:\Windows\System\nuPpmKY.exe

C:\Windows\System\nuPpmKY.exe

C:\Windows\System\ZoPirlJ.exe

C:\Windows\System\ZoPirlJ.exe

C:\Windows\System\AowlSKE.exe

C:\Windows\System\AowlSKE.exe

C:\Windows\System\WuxepjB.exe

C:\Windows\System\WuxepjB.exe

C:\Windows\System\quYpkmf.exe

C:\Windows\System\quYpkmf.exe

C:\Windows\System\OrKHpAk.exe

C:\Windows\System\OrKHpAk.exe

C:\Windows\System\wtwfFjD.exe

C:\Windows\System\wtwfFjD.exe

C:\Windows\System\gjWUMmh.exe

C:\Windows\System\gjWUMmh.exe

C:\Windows\System\hjPxZls.exe

C:\Windows\System\hjPxZls.exe

C:\Windows\System\tCyRyaF.exe

C:\Windows\System\tCyRyaF.exe

C:\Windows\System\XyIMTUQ.exe

C:\Windows\System\XyIMTUQ.exe

C:\Windows\System\PtLYypz.exe

C:\Windows\System\PtLYypz.exe

C:\Windows\System\XoZGfGH.exe

C:\Windows\System\XoZGfGH.exe

C:\Windows\System\ZwFxROu.exe

C:\Windows\System\ZwFxROu.exe

C:\Windows\System\UNaROXR.exe

C:\Windows\System\UNaROXR.exe

C:\Windows\System\nkJbyvx.exe

C:\Windows\System\nkJbyvx.exe

C:\Windows\System\bdcRBDQ.exe

C:\Windows\System\bdcRBDQ.exe

C:\Windows\System\wkuFNbu.exe

C:\Windows\System\wkuFNbu.exe

C:\Windows\System\ixzpRLx.exe

C:\Windows\System\ixzpRLx.exe

C:\Windows\System\KBaLPCh.exe

C:\Windows\System\KBaLPCh.exe

C:\Windows\System\qIGHkdh.exe

C:\Windows\System\qIGHkdh.exe

C:\Windows\System\NIFqVfk.exe

C:\Windows\System\NIFqVfk.exe

C:\Windows\System\lfyNCwD.exe

C:\Windows\System\lfyNCwD.exe

C:\Windows\System\xlmdBYM.exe

C:\Windows\System\xlmdBYM.exe

C:\Windows\System\mJUELfR.exe

C:\Windows\System\mJUELfR.exe

C:\Windows\System\hRzKNqH.exe

C:\Windows\System\hRzKNqH.exe

C:\Windows\System\ALJQang.exe

C:\Windows\System\ALJQang.exe

C:\Windows\System\JPKrLJx.exe

C:\Windows\System\JPKrLJx.exe

C:\Windows\System\DbxPjwZ.exe

C:\Windows\System\DbxPjwZ.exe

C:\Windows\System\LwGRHWO.exe

C:\Windows\System\LwGRHWO.exe

C:\Windows\System\MYxeBZA.exe

C:\Windows\System\MYxeBZA.exe

C:\Windows\System\ymfcjqb.exe

C:\Windows\System\ymfcjqb.exe

C:\Windows\System\MyoYZdV.exe

C:\Windows\System\MyoYZdV.exe

C:\Windows\System\prfiHVx.exe

C:\Windows\System\prfiHVx.exe

C:\Windows\System\OKEsSUL.exe

C:\Windows\System\OKEsSUL.exe

C:\Windows\System\alPWdGO.exe

C:\Windows\System\alPWdGO.exe

C:\Windows\System\ZabELUe.exe

C:\Windows\System\ZabELUe.exe

C:\Windows\System\CkIpxbt.exe

C:\Windows\System\CkIpxbt.exe

C:\Windows\System\eWplhyL.exe

C:\Windows\System\eWplhyL.exe

C:\Windows\System\JSQgmce.exe

C:\Windows\System\JSQgmce.exe

C:\Windows\System\MGOPMHG.exe

C:\Windows\System\MGOPMHG.exe

C:\Windows\System\wBfTesT.exe

C:\Windows\System\wBfTesT.exe

C:\Windows\System\gkFaEfY.exe

C:\Windows\System\gkFaEfY.exe

C:\Windows\System\gtdAOeM.exe

C:\Windows\System\gtdAOeM.exe

C:\Windows\System\UhnPQSe.exe

C:\Windows\System\UhnPQSe.exe

C:\Windows\System\DiMdoiM.exe

C:\Windows\System\DiMdoiM.exe

C:\Windows\System\yXCuDVg.exe

C:\Windows\System\yXCuDVg.exe

C:\Windows\System\BxhtepV.exe

C:\Windows\System\BxhtepV.exe

C:\Windows\System\dGSYeLt.exe

C:\Windows\System\dGSYeLt.exe

C:\Windows\System\eoUlHRU.exe

C:\Windows\System\eoUlHRU.exe

C:\Windows\System\xabviqI.exe

C:\Windows\System\xabviqI.exe

C:\Windows\System\HWhaxES.exe

C:\Windows\System\HWhaxES.exe

C:\Windows\System\bNdMKji.exe

C:\Windows\System\bNdMKji.exe

C:\Windows\System\PxmFRLe.exe

C:\Windows\System\PxmFRLe.exe

C:\Windows\System\wZyObkc.exe

C:\Windows\System\wZyObkc.exe

C:\Windows\System\ZJVwMXm.exe

C:\Windows\System\ZJVwMXm.exe

C:\Windows\System\bgujqKK.exe

C:\Windows\System\bgujqKK.exe

C:\Windows\System\OwDOLkg.exe

C:\Windows\System\OwDOLkg.exe

C:\Windows\System\pVPgwZA.exe

C:\Windows\System\pVPgwZA.exe

C:\Windows\System\ajUTgWp.exe

C:\Windows\System\ajUTgWp.exe

C:\Windows\System\MpuEqib.exe

C:\Windows\System\MpuEqib.exe

C:\Windows\System\FHjRtLk.exe

C:\Windows\System\FHjRtLk.exe

C:\Windows\System\UEVuWAb.exe

C:\Windows\System\UEVuWAb.exe

C:\Windows\System\RTGMxcy.exe

C:\Windows\System\RTGMxcy.exe

C:\Windows\System\iWaSjcd.exe

C:\Windows\System\iWaSjcd.exe

C:\Windows\System\pHVetKy.exe

C:\Windows\System\pHVetKy.exe

C:\Windows\System\hRGHFIW.exe

C:\Windows\System\hRGHFIW.exe

C:\Windows\System\qoxlAlt.exe

C:\Windows\System\qoxlAlt.exe

C:\Windows\System\ymUuuCl.exe

C:\Windows\System\ymUuuCl.exe

C:\Windows\System\gfUgZMm.exe

C:\Windows\System\gfUgZMm.exe

C:\Windows\System\hCEFZEe.exe

C:\Windows\System\hCEFZEe.exe

C:\Windows\System\fhYxhfk.exe

C:\Windows\System\fhYxhfk.exe

C:\Windows\System\PAmFZRw.exe

C:\Windows\System\PAmFZRw.exe

C:\Windows\System\HJvqEEs.exe

C:\Windows\System\HJvqEEs.exe

C:\Windows\System\mZZqFBR.exe

C:\Windows\System\mZZqFBR.exe

C:\Windows\System\kEGOzmW.exe

C:\Windows\System\kEGOzmW.exe

C:\Windows\System\NwfHYRR.exe

C:\Windows\System\NwfHYRR.exe

C:\Windows\System\DCwqNYM.exe

C:\Windows\System\DCwqNYM.exe

C:\Windows\System\CRvxzPk.exe

C:\Windows\System\CRvxzPk.exe

C:\Windows\System\xluKbXK.exe

C:\Windows\System\xluKbXK.exe

C:\Windows\System\GNDZoaP.exe

C:\Windows\System\GNDZoaP.exe

C:\Windows\System\YnrDFKp.exe

C:\Windows\System\YnrDFKp.exe

C:\Windows\System\OPnLQog.exe

C:\Windows\System\OPnLQog.exe

C:\Windows\System\KJllXBL.exe

C:\Windows\System\KJllXBL.exe

C:\Windows\System\HSHaFrq.exe

C:\Windows\System\HSHaFrq.exe

C:\Windows\System\mnKeOmj.exe

C:\Windows\System\mnKeOmj.exe

C:\Windows\System\EDkWWRK.exe

C:\Windows\System\EDkWWRK.exe

C:\Windows\System\SfRZJlT.exe

C:\Windows\System\SfRZJlT.exe

C:\Windows\System\mlaKxjH.exe

C:\Windows\System\mlaKxjH.exe

C:\Windows\System\ECQouat.exe

C:\Windows\System\ECQouat.exe

C:\Windows\System\WapEhrD.exe

C:\Windows\System\WapEhrD.exe

C:\Windows\System\EYvbMYk.exe

C:\Windows\System\EYvbMYk.exe

C:\Windows\System\EYugGdW.exe

C:\Windows\System\EYugGdW.exe

C:\Windows\System\NmueOZX.exe

C:\Windows\System\NmueOZX.exe

C:\Windows\System\YsYqgyo.exe

C:\Windows\System\YsYqgyo.exe

C:\Windows\System\chZxWMP.exe

C:\Windows\System\chZxWMP.exe

C:\Windows\System\hgZdxyB.exe

C:\Windows\System\hgZdxyB.exe

C:\Windows\System\vaKKTYE.exe

C:\Windows\System\vaKKTYE.exe

C:\Windows\System\ulQOPNR.exe

C:\Windows\System\ulQOPNR.exe

C:\Windows\System\GKnMtJU.exe

C:\Windows\System\GKnMtJU.exe

C:\Windows\System\dxznJjo.exe

C:\Windows\System\dxznJjo.exe

C:\Windows\System\ljuJqwY.exe

C:\Windows\System\ljuJqwY.exe

C:\Windows\System\NYnzbuV.exe

C:\Windows\System\NYnzbuV.exe

C:\Windows\System\wxLFlWT.exe

C:\Windows\System\wxLFlWT.exe

C:\Windows\System\JHOheUU.exe

C:\Windows\System\JHOheUU.exe

C:\Windows\System\SKPVUNn.exe

C:\Windows\System\SKPVUNn.exe

C:\Windows\System\vULrHhb.exe

C:\Windows\System\vULrHhb.exe

C:\Windows\System\nWqfNiZ.exe

C:\Windows\System\nWqfNiZ.exe

C:\Windows\System\HxfYDKc.exe

C:\Windows\System\HxfYDKc.exe

C:\Windows\System\yBWqPvy.exe

C:\Windows\System\yBWqPvy.exe

C:\Windows\System\buKEEBQ.exe

C:\Windows\System\buKEEBQ.exe

C:\Windows\System\OtBSLxX.exe

C:\Windows\System\OtBSLxX.exe

C:\Windows\System\aosAENo.exe

C:\Windows\System\aosAENo.exe

C:\Windows\System\fNDqlaq.exe

C:\Windows\System\fNDqlaq.exe

C:\Windows\System\ezBOYpm.exe

C:\Windows\System\ezBOYpm.exe

C:\Windows\System\muYJuTJ.exe

C:\Windows\System\muYJuTJ.exe

C:\Windows\System\DOhVDJQ.exe

C:\Windows\System\DOhVDJQ.exe

C:\Windows\System\tEPvPSn.exe

C:\Windows\System\tEPvPSn.exe

C:\Windows\System\oSdCxnO.exe

C:\Windows\System\oSdCxnO.exe

C:\Windows\System\zIOzCBP.exe

C:\Windows\System\zIOzCBP.exe

C:\Windows\System\fUVrpaZ.exe

C:\Windows\System\fUVrpaZ.exe

C:\Windows\System\EjUmsdH.exe

C:\Windows\System\EjUmsdH.exe

C:\Windows\System\bnkPsex.exe

C:\Windows\System\bnkPsex.exe

C:\Windows\System\LyLbgrX.exe

C:\Windows\System\LyLbgrX.exe

C:\Windows\System\nPhozFr.exe

C:\Windows\System\nPhozFr.exe

C:\Windows\System\haVmakV.exe

C:\Windows\System\haVmakV.exe

C:\Windows\System\cnHHphs.exe

C:\Windows\System\cnHHphs.exe

C:\Windows\System\LJHjxbX.exe

C:\Windows\System\LJHjxbX.exe

C:\Windows\System\BmmguAE.exe

C:\Windows\System\BmmguAE.exe

C:\Windows\System\jyyeGrA.exe

C:\Windows\System\jyyeGrA.exe

C:\Windows\System\HWgFpbb.exe

C:\Windows\System\HWgFpbb.exe

C:\Windows\System\fdyNMat.exe

C:\Windows\System\fdyNMat.exe

C:\Windows\System\lYPbEIw.exe

C:\Windows\System\lYPbEIw.exe

C:\Windows\System\nKimLFK.exe

C:\Windows\System\nKimLFK.exe

C:\Windows\System\BJieJGa.exe

C:\Windows\System\BJieJGa.exe

C:\Windows\System\cRJlyrf.exe

C:\Windows\System\cRJlyrf.exe

C:\Windows\System\ohuBEfb.exe

C:\Windows\System\ohuBEfb.exe

C:\Windows\System\gduhuxM.exe

C:\Windows\System\gduhuxM.exe

C:\Windows\System\ywjMJLq.exe

C:\Windows\System\ywjMJLq.exe

C:\Windows\System\BbtyZhf.exe

C:\Windows\System\BbtyZhf.exe

C:\Windows\System\ZpfaNjN.exe

C:\Windows\System\ZpfaNjN.exe

C:\Windows\System\loAEvMh.exe

C:\Windows\System\loAEvMh.exe

C:\Windows\System\iaWEZTs.exe

C:\Windows\System\iaWEZTs.exe

C:\Windows\System\VsGJInU.exe

C:\Windows\System\VsGJInU.exe

C:\Windows\System\tpMxuvm.exe

C:\Windows\System\tpMxuvm.exe

C:\Windows\System\uwsPBQu.exe

C:\Windows\System\uwsPBQu.exe

C:\Windows\System\GtznZVy.exe

C:\Windows\System\GtznZVy.exe

C:\Windows\System\ZhJjVck.exe

C:\Windows\System\ZhJjVck.exe

C:\Windows\System\myPMuRo.exe

C:\Windows\System\myPMuRo.exe

C:\Windows\System\rtsGqDi.exe

C:\Windows\System\rtsGqDi.exe

C:\Windows\System\hiIKKaz.exe

C:\Windows\System\hiIKKaz.exe

C:\Windows\System\ImUvylr.exe

C:\Windows\System\ImUvylr.exe

C:\Windows\System\nBGxKDs.exe

C:\Windows\System\nBGxKDs.exe

C:\Windows\System\xRhyqfJ.exe

C:\Windows\System\xRhyqfJ.exe

C:\Windows\System\BkTJWVx.exe

C:\Windows\System\BkTJWVx.exe

C:\Windows\System\jBJHztK.exe

C:\Windows\System\jBJHztK.exe

C:\Windows\System\QyboNlw.exe

C:\Windows\System\QyboNlw.exe

C:\Windows\System\SsKbPVX.exe

C:\Windows\System\SsKbPVX.exe

C:\Windows\System\biWFXSp.exe

C:\Windows\System\biWFXSp.exe

C:\Windows\System\BDKWWXJ.exe

C:\Windows\System\BDKWWXJ.exe

C:\Windows\System\yBkvnBT.exe

C:\Windows\System\yBkvnBT.exe

C:\Windows\System\azxtTXV.exe

C:\Windows\System\azxtTXV.exe

C:\Windows\System\VfFQLHy.exe

C:\Windows\System\VfFQLHy.exe

C:\Windows\System\fbtGrrA.exe

C:\Windows\System\fbtGrrA.exe

C:\Windows\System\zNRhXaI.exe

C:\Windows\System\zNRhXaI.exe

C:\Windows\System\jylFEeS.exe

C:\Windows\System\jylFEeS.exe

C:\Windows\System\xUrbtQP.exe

C:\Windows\System\xUrbtQP.exe

C:\Windows\System\uVWMIIN.exe

C:\Windows\System\uVWMIIN.exe

C:\Windows\System\bcnAJGM.exe

C:\Windows\System\bcnAJGM.exe

C:\Windows\System\yeiSpzj.exe

C:\Windows\System\yeiSpzj.exe

C:\Windows\System\fiSDDQB.exe

C:\Windows\System\fiSDDQB.exe

C:\Windows\System\GLIeLve.exe

C:\Windows\System\GLIeLve.exe

C:\Windows\System\IDteOTG.exe

C:\Windows\System\IDteOTG.exe

C:\Windows\System\mJBxltK.exe

C:\Windows\System\mJBxltK.exe

C:\Windows\System\OWNoaxJ.exe

C:\Windows\System\OWNoaxJ.exe

C:\Windows\System\RHhSlgd.exe

C:\Windows\System\RHhSlgd.exe

C:\Windows\System\rxXtdsB.exe

C:\Windows\System\rxXtdsB.exe

C:\Windows\System\GLShTKx.exe

C:\Windows\System\GLShTKx.exe

C:\Windows\System\sXEGoBY.exe

C:\Windows\System\sXEGoBY.exe

C:\Windows\System\GSFWFov.exe

C:\Windows\System\GSFWFov.exe

C:\Windows\System\NAVMsCD.exe

C:\Windows\System\NAVMsCD.exe

C:\Windows\System\muShbUn.exe

C:\Windows\System\muShbUn.exe

C:\Windows\System\WSrlcCB.exe

C:\Windows\System\WSrlcCB.exe

C:\Windows\System\CImlpDy.exe

C:\Windows\System\CImlpDy.exe

C:\Windows\System\EkFofcY.exe

C:\Windows\System\EkFofcY.exe

C:\Windows\System\oNgwNxL.exe

C:\Windows\System\oNgwNxL.exe

C:\Windows\System\WxGODEU.exe

C:\Windows\System\WxGODEU.exe

C:\Windows\System\UMcnGPJ.exe

C:\Windows\System\UMcnGPJ.exe

C:\Windows\System\ISHAIrE.exe

C:\Windows\System\ISHAIrE.exe

C:\Windows\System\xukMCHt.exe

C:\Windows\System\xukMCHt.exe

C:\Windows\System\tDRYIFG.exe

C:\Windows\System\tDRYIFG.exe

C:\Windows\System\CBIFadR.exe

C:\Windows\System\CBIFadR.exe

C:\Windows\System\oCvSUmb.exe

C:\Windows\System\oCvSUmb.exe

C:\Windows\System\DsOoIfY.exe

C:\Windows\System\DsOoIfY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2236-0-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2236-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\fClWUJm.exe

MD5 84efca054ca10f0a34db1e0903949819
SHA1 8545bc6c3dd0c6a7419b8509a8a7dd36c98dc14b
SHA256 cf895c5c35de666b70e2c1d10c221e9833e181b1a7a23d916c7e34675e9aec4f
SHA512 76d55c522ea84201ba1a9d8bd4d7f12d2cae807d5d614454916f0c9e7b3f6d24df987fde719a6f923bb6c9b55b00f0a973c695519df80da2e51d0a53f7a048c6

C:\Windows\system\WBopybn.exe

MD5 18b23c3685e47ef0923b3919a36a91e8
SHA1 49ce9ebdba83c9495684403a1caa7c9b5bb97bd6
SHA256 f3f1f00b67eb4f2ec144374f6bacec659ef2782f2707f859b4d10cdf912c64d2
SHA512 6178dbc93a9f0ce47057a3260e6fd488f99fedcf270f0c90ffd019e5ac7775625f3fa520020232d0ab2b9b2af2af3146e0b9bcb27fd1b63b2abf93814f3cfeb2

C:\Windows\system\GtdMeOS.exe

MD5 ed8f456f856cc8e09165ae5a10feb9f8
SHA1 3836de01b4105943e55b55d5b9e304f9c6c90443
SHA256 8c2dc154da4a03b6aa88ea31c73ce719b1ee4d28c23a346ca68c291a7fc95d91
SHA512 63c07d749209f760ad98416bdd8088c02a780f976b6e2ce22536cb99160df8cdd719a97f19e332b3d13262402f8ec13ef592e627e289e69b387d15a74e7594ca

C:\Windows\system\dpliaGx.exe

MD5 32526cc2510c803159eac0b25ff82c2f
SHA1 b09c5ce80470a8ea961e3d226d7ea42cb9edb6d6
SHA256 ea2fc9a9b69fecb4faa0eec1c3788bf38c8cc9a9adf51e31872fadf319b0e276
SHA512 408bea68e549c6f906948f2533fc34ca73894a0c60431eaf00b8d6227b33d0380a21850061cb67ba82eb5fe587bb358d01fa6b87f7653e2cf1afe33abbcb2300

C:\Windows\system\LlxowuO.exe

MD5 11551a1092a7fdb551069eb7833c13f8
SHA1 9668380bcde78f1f72f68a1b4963b01c9a845f52
SHA256 2e26527c0f5c0393099989f2d3b87714b9a883588f61bc6ef6df29904bd08ed5
SHA512 511b8bff3fa6842ebe6cb10f52c86da8ec07c4cbb3cda8066912377fc85d53736e3a082ef19270aa178e2d9269831744508589a650468619cf35cfd6a7c2a11d

C:\Windows\system\ZOZcDEh.exe

MD5 acf41879d3faf2dd21424de72a1bb159
SHA1 eac413ed641cd3facd5ae9f5cdd4fa0850ebb90c
SHA256 8d3d16acc95fec2966cfca5df566beced8e3adb1dc0e7d0f4dd848dbc4733658
SHA512 239b5dade106ccf419b840e59f867ee33815ef96f3d0a4129bb6d8342126dd83b99fa441c5469e50214f980375d1e54602ac21930ec41852a6120d2857fd5863

C:\Windows\system\mKdtquH.exe

MD5 ddd6895b01ae5846f177b05240502a53
SHA1 158028b4c83e6ab8596705e9b2f96c8f8977c20c
SHA256 0828b7c028806e3f52b967ed0fafb450e656de67b34b3133f459c2c43cf85525
SHA512 f7729383f9e8edf40765872971581071de26494b299651dfd2f50c609135747047cb7324e590fb06958e64321617d75b8c1ed2e2e864cda11909f6f3e148671f

C:\Windows\system\PrWJovK.exe

MD5 2d8c8f2bc0a24a6c6f0d1420789e0353
SHA1 9696d1e8a8683768711a8159f3074357bf44c792
SHA256 2a258079dbd7d530691204eeb0e32b21c885a52d5d7f6ec9611f210e08fba12f
SHA512 93c685cac43ee54412a9e3becc5732eeb42dbf82ae9082eb7bc1fb229c77052c92e45e9e35603a96ef1ab3111503fa5a4a2422ee704a92f2bcacb78bda6428ce

C:\Windows\system\afidhOb.exe

MD5 05a17bdaaabe685675734ef68d0d0551
SHA1 8db7616df7113a7b9b410a46cd19798950be3a7a
SHA256 582cb02774a59eb10fa3ea8e9e2b9a8bcb8b56981c250f170fca1a281d63de31
SHA512 e97f67056809d9881535cade6ae950a1498b8f881dd598460f8b0ce006cdc48c3780bc6e924f046fc7507b707457f64e941ff9dfac1399d295284bf0101daedf

C:\Windows\system\cvaiZTc.exe

MD5 8a9841f09e8342c75a6403419f28e830
SHA1 813b40d6c869c21788ee31e4f04825699eb0c180
SHA256 198c7d611443ac351e81267ce356e5c1dd60cb1186ecfe8c652ae686d093aff0
SHA512 88f8ef6d397c590686f5879029a95cea709c851777dad2d0cc61f0a592c849aa11550e7f4c86f75391382e0ca1f947566dfbb81ed037b14e004ce4d43abd2ae9

memory/2384-53-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2304-56-0x000000013F380000-0x000000013F6D4000-memory.dmp

C:\Windows\system\lvAFnUL.exe

MD5 432c76f26a7d20c2db7af74d84d259de
SHA1 ae78546a07c6e1652ea15f255cba2f9952a34719
SHA256 97b345f41d08d786cee107c14676f062453a518f73d1606ce94c739d8bd6aee4
SHA512 733440ced4630551f1e505a1ad559bb483ab2adaa53ac1385c9e3227d1a5b98d46345c4836c245b8baa17931ce72b8d315f50a3e7a57c929efa1daeaa3b43a67

memory/2236-71-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2936-70-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2236-69-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2592-68-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2236-67-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2984-66-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2236-65-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2876-64-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2236-63-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2712-62-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2236-61-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2780-60-0x000000013FF50000-0x00000001402A4000-memory.dmp

memory/2236-59-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2368-58-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2236-57-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2236-55-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2500-54-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/1756-78-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2236-77-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2236-83-0x000000013F560000-0x000000013F8B4000-memory.dmp

\Windows\system\VhtwbVE.exe

MD5 1905750e408ec3528ab31ab25c464c9b
SHA1 0b4b5952d2c3f2889d111930e576c509f78a8452
SHA256 f6e0e5a58e421906d4d2a5f5ecd95e47a7acdce708fbf7cc8bdba342d49361e1
SHA512 07326a030ee96edfe33d4493c36f04939e40df900e053f2fdb1dfa6f207d324b6b82aa1cf5845054b5776e115adbd4b9604f996450d5f1bcdc594340716fdffa

C:\Windows\system\pZdenbz.exe

MD5 fac06e946ab253443235c2be87100393
SHA1 1da1cec46d4bd5f5ed464b0ec7cd451ab84fd459
SHA256 72365f7618ab1e73e5839252d8aa51227d47b39e70b54d663bd3d84d9fdfac42
SHA512 40e64fc54b183d4e30f6fd46b0cd75c4625fb41b75d21138d6ce96c4b7dd7ffc6b1707fb5f606e29f292bf29779b8254761b4b5b468b6b9ae77b253fdf9b11f1

C:\Windows\system\hbzIKTQ.exe

MD5 bcc9c1f78afd7f58cff9bc6276f27b1b
SHA1 d4c534a7557c9c876904703f42c8fc5f80107b1c
SHA256 b32b9e126ba189a017fd059f8d8437d9455a95987f34832d21805f8299e1d856
SHA512 2a1cea54ff5a3017a673db303e0d64fa8085422698c7d61e09c6cbe03098896af490d46c8b5eb46f642d14e368aa13075a19a3639533dc59b75ed05171ac6007

C:\Windows\system\CCRTVXO.exe

MD5 0340053a3b35283e6d37b4ecb62cf3bf
SHA1 09351e84117cf78f40959cdb3d4424c059467ef5
SHA256 f0e100cbed51d940142354bd83699d280557b4f87a1bfdad2bc9b9406cfa05e3
SHA512 8fe4c8c99a9016ee10b8e701f8a3f0ada00d3bbb0174d052c37d51de65cc27e2ea58c6d04e61ad702125ad014b18040d4b22849f5a245284c3ff222aed7c1462

C:\Windows\system\VgRDIfI.exe

MD5 12c3c427afb660c178d0e84752110640
SHA1 f1e5ce12eb19d20c6a9cb847b221cc812b651b9f
SHA256 f9e96d6aa30722b4b058979e5d3cb441d38b8694f226f6341d06b4945e1a7929
SHA512 f147017373f104d50a75fe4537e80de1e2032e08cf7b5085a6e0aeb963de56aca4ea2e7511fa84df25baf38c1b2875a8917d38cbf75d23455c02b1feee161724

C:\Windows\system\jqDhRcd.exe

MD5 30c8dc400e25297d418128e631666fb2
SHA1 3d8ecec4c777b29496923669f9f281df9f151565
SHA256 e0cfa2e808ed6497fc4067a2be2ce3a9da6013c546895927c48d1301724370a2
SHA512 c571aa9fb5c8d92f4c0b546f1161827348138d02ca1ea1d05e29c23781b036533a87108bdab46165c0f640df707cf42b991a42aee1687c4ee481ec8490f407aa

C:\Windows\system\WyzRFKr.exe

MD5 7fa2e98f514d77150cb3fd12da415aa2
SHA1 cf3bc3c69b622be1179417a75f164a30bc531d05
SHA256 c9647abf8a3a45f45bf805d573a7e47a33a426cf651012a7b686575df6696d24
SHA512 aa76e8741fcd3b0dff63c0fdf64e98068124a1508f8407199d65ac2f4cfba125def75e03620f64d80159577015a9d48f0da2f197bdffb43600a9afbd5eecb679

C:\Windows\system\TDgBzHI.exe

MD5 b34237311f95df0b49d985c02f965517
SHA1 7b0bed5e6e8d06ce899dc6d031d87b0f94149244
SHA256 d5b3ae371ce8e9a5fe4645507c45a9f0f4756bd89b8bdc7137a2bb6b8e3dfe14
SHA512 154e5022c55531ac9a98a049c6b580b5641fa39d48d136f82673d2b7d95a013ef6a2f333cedeb821cd98f02cd6e4fc3396076aae021ea514651b02c6e8c7dd7d

memory/2236-1068-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2236-1069-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2236-1070-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2236-1071-0x000000013F6D0000-0x000000013FA24000-memory.dmp

C:\Windows\system\mKkjqhu.exe

MD5 982b7d9216847312f7e410783892cb77
SHA1 b762fe25d351f4652da527cbef9ca76e18e7581c
SHA256 32742e5d1c6cbe87f74b868b0342e837b57745b6b5bbfe867baade36cae1018c
SHA512 28c0cba25a10d09646c93bfc401b80b0d9959416bfec0f9a61495eca86229f385f9b8d597a55c95c94c19cad8d446123a72a13c4f5a98f864548adba3d45d7dc

C:\Windows\system\DuXtqkv.exe

MD5 40ee7b94cfddc333579b2232e7903c86
SHA1 200a37b7663f5bab155d6dea18a1b13f6f0ef306
SHA256 12ad1afc4f511472419462bba764d12955f671d8b28163da9eb42e211aa73c48
SHA512 44cd88bb03ef16e5810585cef994136047aab2800ec71693f6ce949a48d5d23cf0e6ac2b00b9bc0688d558a679d5251383acca2ed4b71e4f5c7ce7a6d098c5da

C:\Windows\system\hLGUETu.exe

MD5 5b437f7cf940c4b0f51b7441eb7113f9
SHA1 12024ba7b20d7f5690a5a771113d8a82dee40366
SHA256 e0240222ddb6da71f265c5792d5976b273adb1bdaf817823de5bc7818b683d62
SHA512 fbe1bf9ca92e15e9d501c81c9d5854077f10cd2d8c899fae35598c293bd57e3be6eb8f33e421148f82f3869ee5cdbafee3c88c998f04201d5fd67bc5a968ecde

C:\Windows\system\pzqDaaP.exe

MD5 d863cedb00793e8072b85454c4f5cd12
SHA1 5ed1031c20682de20aa12478a580a16ce14e5093
SHA256 20175ff4c5d9bee2a58e61eaf0e371a6022769168bfdc6a192aa2c19ec72b571
SHA512 3da7522fcce210ea3ea63cdfb8cfa59a37ae0af63870fcaa125157b36845ff7c2700e39a763ecd884494a8ed3580002d6cb87c0ce6ea72e845e6b98985ad63dc

C:\Windows\system\HXwJwOd.exe

MD5 162a37a7f310ddf05933a74d198f3b88
SHA1 8e8e6fb971ad1404510b507d9434a99c53665be9
SHA256 a8b2e3f15340712998955dfca9ba3b55c3b7fdb26747692de9c9b518010897e8
SHA512 1a25ad3b165c5c13e9290b0d0999a26d338440121d073cac50d70befa1b5fdff9a90d888c141f60e194aebab0d9192e5b0853c6d7c9c4b50e3df4a8e7f028a75

C:\Windows\system\GqZvaQP.exe

MD5 cfa2924d6179f35319b2e84d2c53eaf7
SHA1 fcbd807ac7ad7f8bfa702e304d8723248c42c157
SHA256 235b46d4b59ab639df4159fa0c819335d1ab61cf9f77cab42dd8dfae5da076cc
SHA512 3618d24e2f832cf71118c4a40b67338cd4e279fed9374f9429e4d4821ac8ccb6a7c45154268273ddeb3b40aec7797bf042df6a29d5c319e39c88498ad8ee3a6c

C:\Windows\system\KFCcmEG.exe

MD5 b39789dc1ee0f626774ddb10c26adea6
SHA1 d0de7ccd2989c7db6b726c7f5bc0fd67977d16f1
SHA256 577bb7a467b3855c745807cad6a9dda651711fb74838c6c230cc1fb69f479e9d
SHA512 ae0392abe69b7b96faf804e38ad849f771f8f3be12a05f0880c392cbfc0a75190aace489b58b3d2ce5c1e3ec16b376633095a782d2febcbf7426e135fc22edcd

C:\Windows\system\YHYmhnj.exe

MD5 148c7c18a2af5cc5fceb0b3dfcb36231
SHA1 e1589c2c23a8abc1e51724ff990b2aafe232cb61
SHA256 6933205f4063743ea0149a947c6faeccbc402b7082e0b51c85b7a81da6742142
SHA512 73fe9e7399291b4b537b6e2f8310feb87e2fb8f743256039860b336229ea77a7ac8bceb3931f67ad0cb91a402cf2fa70b331bab7287e27ea1316b752ac02e12e

C:\Windows\system\kxMaOHC.exe

MD5 a3fa34980f1b2f609f67d15f26421a01
SHA1 f626203785469ba3bf770760e4d5c89817697432
SHA256 727e61f09c6a05b41ad542eb4308e636fe2b8af0d67cea89fd8be61038ac3c17
SHA512 0d0f6609cf17f3ded81964c447b03f1714edbb1b60f0c87159b8583d50cc422208eec9c5a7e09843f101d94223c4b81be2b46a41bd0bed081b22d389a60f604e

C:\Windows\system\yGLzuqq.exe

MD5 c815fb2e7a1f156b0ed0170433708f46
SHA1 0ffb642753b510eb6637932b7c492b65522846cd
SHA256 7c34d278931b86ee2c61194874a4cb1bb032c5750d555e8f5ff3305e524efe15
SHA512 3f11804f3365196255eba7110a41aa2eaa95006dc5cfeff30f6763f3436397360fa88df127a8632b0da0f554599ee9111ee104c7911232830591c299cddecadf

C:\Windows\system\XMeUXnf.exe

MD5 a87f6d914f7af59424a9124c9f0efd4c
SHA1 425eef8599cfec8fe28c4b6479619ba6c2f98020
SHA256 e189a9bffbf061bbc62a2083ef694a9c6f676724f9059d162a7564aa502afc26
SHA512 3b8b7ff0e1f2ca4ae66ed4b8e8d9b9772947db58f9f15b08e6ee384b1c6befbabd2ee64f4d1778feb617114ea78c5961b0c9c325d66afc577fb7a31f552f3213

memory/2236-107-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1916-104-0x000000013F920000-0x000000013FC74000-memory.dmp

memory/2236-103-0x000000013F920000-0x000000013FC74000-memory.dmp

memory/2932-92-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2824-84-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2236-91-0x000000013F4F0000-0x000000013F844000-memory.dmp

C:\Windows\system\iGLzoRW.exe

MD5 bbe87140e1af4144369d2ce41802caab
SHA1 fc98c2b0d6740a022b1501ffde6ee5c8e1b02ce4
SHA256 92b85db451fcde8127a3f76e473ab65d6a39886ec1856e93e4ec44bd86ae153b
SHA512 aab20cc072de49cfe9029de2a3664317e85537b77ce8424b88edb2ef64d96e214fafa3c95f8743413e3def58911120942487358e7135f965f89825d1d26a9ba9

C:\Windows\system\jfQoCqp.exe

MD5 2b85fe6dce4c78ad42f4add2c67fadee
SHA1 789a231b6db067dba22144e86149e5ef3e1ad7d3
SHA256 426f92fac50d6d17118e0657dfdb23c5a4bfc0d184ef0a696ec98d55882eeab5
SHA512 8fe504e3ff8af53bb420d6456e76dd66968eb7b2b24def8759cae3e7d3f9d6c059f7130e269b0a35682e785d10541509c4a97ef5c15da878ea09fa01b20caa3b

memory/2824-1072-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/1916-1073-0x000000013F920000-0x000000013FC74000-memory.dmp

memory/2384-1074-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2304-1076-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2500-1075-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2780-1077-0x000000013FF50000-0x00000001402A4000-memory.dmp

memory/2712-1079-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2876-1080-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2368-1078-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2984-1081-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2592-1082-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2936-1083-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/1756-1084-0x000000013F370000-0x000000013F6C4000-memory.dmp

memory/2932-1085-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2824-1086-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/1916-1087-0x000000013F920000-0x000000013FC74000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 07:10

Reported

2024-06-25 07:13

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pzJUQdP.exe N/A
N/A N/A C:\Windows\System\YBUxEVO.exe N/A
N/A N/A C:\Windows\System\zVPBVuj.exe N/A
N/A N/A C:\Windows\System\LweVllO.exe N/A
N/A N/A C:\Windows\System\PWoQIaG.exe N/A
N/A N/A C:\Windows\System\gGNrtsS.exe N/A
N/A N/A C:\Windows\System\HBVqLHS.exe N/A
N/A N/A C:\Windows\System\TdeFfRn.exe N/A
N/A N/A C:\Windows\System\YcRfZYY.exe N/A
N/A N/A C:\Windows\System\TfSPAgK.exe N/A
N/A N/A C:\Windows\System\InsTIxw.exe N/A
N/A N/A C:\Windows\System\jxvDChx.exe N/A
N/A N/A C:\Windows\System\BfPiEio.exe N/A
N/A N/A C:\Windows\System\VyBSFRG.exe N/A
N/A N/A C:\Windows\System\KRspVEs.exe N/A
N/A N/A C:\Windows\System\RCJUnVR.exe N/A
N/A N/A C:\Windows\System\VWDdtHV.exe N/A
N/A N/A C:\Windows\System\qwrHTEP.exe N/A
N/A N/A C:\Windows\System\KrKFIbV.exe N/A
N/A N/A C:\Windows\System\GtPoyUO.exe N/A
N/A N/A C:\Windows\System\SejjdoJ.exe N/A
N/A N/A C:\Windows\System\yHxyEOy.exe N/A
N/A N/A C:\Windows\System\eOGRvZq.exe N/A
N/A N/A C:\Windows\System\fsYuIdG.exe N/A
N/A N/A C:\Windows\System\zePrDYB.exe N/A
N/A N/A C:\Windows\System\WfEVPYa.exe N/A
N/A N/A C:\Windows\System\BgIhmpQ.exe N/A
N/A N/A C:\Windows\System\oBkxcOK.exe N/A
N/A N/A C:\Windows\System\kuWbTnY.exe N/A
N/A N/A C:\Windows\System\gMRAqil.exe N/A
N/A N/A C:\Windows\System\nPubSJc.exe N/A
N/A N/A C:\Windows\System\LwffnAG.exe N/A
N/A N/A C:\Windows\System\WxSbcEe.exe N/A
N/A N/A C:\Windows\System\foXRlGt.exe N/A
N/A N/A C:\Windows\System\PknUBJf.exe N/A
N/A N/A C:\Windows\System\xVDIYci.exe N/A
N/A N/A C:\Windows\System\npccBiL.exe N/A
N/A N/A C:\Windows\System\rlwFMyZ.exe N/A
N/A N/A C:\Windows\System\IowztGn.exe N/A
N/A N/A C:\Windows\System\OMxMbZi.exe N/A
N/A N/A C:\Windows\System\adlSrlr.exe N/A
N/A N/A C:\Windows\System\xQsZwdN.exe N/A
N/A N/A C:\Windows\System\FhSboRU.exe N/A
N/A N/A C:\Windows\System\SzAdjAq.exe N/A
N/A N/A C:\Windows\System\zxWFuBy.exe N/A
N/A N/A C:\Windows\System\cvIUnku.exe N/A
N/A N/A C:\Windows\System\mOQhXIa.exe N/A
N/A N/A C:\Windows\System\WteFMOt.exe N/A
N/A N/A C:\Windows\System\KCkwGvS.exe N/A
N/A N/A C:\Windows\System\WocQMjn.exe N/A
N/A N/A C:\Windows\System\jVZnKUq.exe N/A
N/A N/A C:\Windows\System\WqpcKCR.exe N/A
N/A N/A C:\Windows\System\orEbxJk.exe N/A
N/A N/A C:\Windows\System\iAoPTRg.exe N/A
N/A N/A C:\Windows\System\eQkPFmk.exe N/A
N/A N/A C:\Windows\System\vJFalpx.exe N/A
N/A N/A C:\Windows\System\KFvRKqC.exe N/A
N/A N/A C:\Windows\System\xBZecdZ.exe N/A
N/A N/A C:\Windows\System\HPkRHdd.exe N/A
N/A N/A C:\Windows\System\wvpeuVK.exe N/A
N/A N/A C:\Windows\System\rJXiVYe.exe N/A
N/A N/A C:\Windows\System\CYvWYzO.exe N/A
N/A N/A C:\Windows\System\IWmzpLB.exe N/A
N/A N/A C:\Windows\System\KVhQueh.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JZAkXJx.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\axjzxsV.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\Zccweip.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSiEIIL.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxqdJAS.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfPiEio.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\IowztGn.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvpeuVK.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ueIsUuF.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBJCkqc.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwHRcMO.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ResqriQ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmJXeer.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlwFMyZ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCkwGvS.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYkScLS.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\OlZdaNS.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\RCJUnVR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqpcKCR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\FXUgiak.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvIUnku.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\MSdBSit.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\pAxIZhz.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJxfJik.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\viDuwfA.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOhsiHw.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYvWYzO.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\yUMxNEx.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRXOsvJ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\pcsuskr.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\clDDeWD.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKjHYGs.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\CegHLoG.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkKYcIL.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxWFuBy.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROExMtJ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNxJIFz.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhSboRU.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZYrBIg.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdHiDnv.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\AzyDDly.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUxnkEC.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLgnvka.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcRfZYY.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgIhmpQ.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgbErdN.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\orEbxJk.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\jabvIBF.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\oztXQxe.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\kpJeWKi.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\Lndnvai.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMfgqQv.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWqQUUv.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOhMsqI.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVsQRQb.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNecLOB.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\zBCGufL.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\zePrDYB.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwffnAG.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\mRzwllG.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQICKpo.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\pAveRTR.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\liixKqo.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A
File created C:\Windows\System\HPkRHdd.exe C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3200 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\pzJUQdP.exe
PID 3200 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\pzJUQdP.exe
PID 3200 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\YBUxEVO.exe
PID 3200 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\YBUxEVO.exe
PID 3200 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\zVPBVuj.exe
PID 3200 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\zVPBVuj.exe
PID 3200 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LweVllO.exe
PID 3200 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LweVllO.exe
PID 3200 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\PWoQIaG.exe
PID 3200 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\PWoQIaG.exe
PID 3200 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\gGNrtsS.exe
PID 3200 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\gGNrtsS.exe
PID 3200 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\HBVqLHS.exe
PID 3200 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\HBVqLHS.exe
PID 3200 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\TdeFfRn.exe
PID 3200 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\TdeFfRn.exe
PID 3200 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\YcRfZYY.exe
PID 3200 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\YcRfZYY.exe
PID 3200 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\TfSPAgK.exe
PID 3200 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\TfSPAgK.exe
PID 3200 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\InsTIxw.exe
PID 3200 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\InsTIxw.exe
PID 3200 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jxvDChx.exe
PID 3200 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\jxvDChx.exe
PID 3200 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\BfPiEio.exe
PID 3200 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\BfPiEio.exe
PID 3200 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VyBSFRG.exe
PID 3200 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VyBSFRG.exe
PID 3200 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\KRspVEs.exe
PID 3200 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\KRspVEs.exe
PID 3200 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\RCJUnVR.exe
PID 3200 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\RCJUnVR.exe
PID 3200 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VWDdtHV.exe
PID 3200 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\VWDdtHV.exe
PID 3200 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\qwrHTEP.exe
PID 3200 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\qwrHTEP.exe
PID 3200 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\KrKFIbV.exe
PID 3200 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\KrKFIbV.exe
PID 3200 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\GtPoyUO.exe
PID 3200 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\GtPoyUO.exe
PID 3200 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\SejjdoJ.exe
PID 3200 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\SejjdoJ.exe
PID 3200 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\yHxyEOy.exe
PID 3200 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\yHxyEOy.exe
PID 3200 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\eOGRvZq.exe
PID 3200 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\eOGRvZq.exe
PID 3200 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\fsYuIdG.exe
PID 3200 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\fsYuIdG.exe
PID 3200 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\zePrDYB.exe
PID 3200 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\zePrDYB.exe
PID 3200 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\WfEVPYa.exe
PID 3200 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\WfEVPYa.exe
PID 3200 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\BgIhmpQ.exe
PID 3200 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\BgIhmpQ.exe
PID 3200 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\oBkxcOK.exe
PID 3200 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\oBkxcOK.exe
PID 3200 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\kuWbTnY.exe
PID 3200 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\kuWbTnY.exe
PID 3200 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\gMRAqil.exe
PID 3200 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\gMRAqil.exe
PID 3200 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\nPubSJc.exe
PID 3200 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\nPubSJc.exe
PID 3200 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LwffnAG.exe
PID 3200 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe C:\Windows\System\LwffnAG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f2eaf0159636cc7bd762ab3b252eb98ebc0835f89347ff950b2827d97d9e371_NeikiAnalytics.exe"

C:\Windows\System\pzJUQdP.exe

C:\Windows\System\pzJUQdP.exe

C:\Windows\System\YBUxEVO.exe

C:\Windows\System\YBUxEVO.exe

C:\Windows\System\zVPBVuj.exe

C:\Windows\System\zVPBVuj.exe

C:\Windows\System\LweVllO.exe

C:\Windows\System\LweVllO.exe

C:\Windows\System\PWoQIaG.exe

C:\Windows\System\PWoQIaG.exe

C:\Windows\System\gGNrtsS.exe

C:\Windows\System\gGNrtsS.exe

C:\Windows\System\HBVqLHS.exe

C:\Windows\System\HBVqLHS.exe

C:\Windows\System\TdeFfRn.exe

C:\Windows\System\TdeFfRn.exe

C:\Windows\System\YcRfZYY.exe

C:\Windows\System\YcRfZYY.exe

C:\Windows\System\TfSPAgK.exe

C:\Windows\System\TfSPAgK.exe

C:\Windows\System\InsTIxw.exe

C:\Windows\System\InsTIxw.exe

C:\Windows\System\jxvDChx.exe

C:\Windows\System\jxvDChx.exe

C:\Windows\System\BfPiEio.exe

C:\Windows\System\BfPiEio.exe

C:\Windows\System\VyBSFRG.exe

C:\Windows\System\VyBSFRG.exe

C:\Windows\System\KRspVEs.exe

C:\Windows\System\KRspVEs.exe

C:\Windows\System\RCJUnVR.exe

C:\Windows\System\RCJUnVR.exe

C:\Windows\System\VWDdtHV.exe

C:\Windows\System\VWDdtHV.exe

C:\Windows\System\qwrHTEP.exe

C:\Windows\System\qwrHTEP.exe

C:\Windows\System\KrKFIbV.exe

C:\Windows\System\KrKFIbV.exe

C:\Windows\System\GtPoyUO.exe

C:\Windows\System\GtPoyUO.exe

C:\Windows\System\SejjdoJ.exe

C:\Windows\System\SejjdoJ.exe

C:\Windows\System\yHxyEOy.exe

C:\Windows\System\yHxyEOy.exe

C:\Windows\System\eOGRvZq.exe

C:\Windows\System\eOGRvZq.exe

C:\Windows\System\fsYuIdG.exe

C:\Windows\System\fsYuIdG.exe

C:\Windows\System\zePrDYB.exe

C:\Windows\System\zePrDYB.exe

C:\Windows\System\WfEVPYa.exe

C:\Windows\System\WfEVPYa.exe

C:\Windows\System\BgIhmpQ.exe

C:\Windows\System\BgIhmpQ.exe

C:\Windows\System\oBkxcOK.exe

C:\Windows\System\oBkxcOK.exe

C:\Windows\System\kuWbTnY.exe

C:\Windows\System\kuWbTnY.exe

C:\Windows\System\gMRAqil.exe

C:\Windows\System\gMRAqil.exe

C:\Windows\System\nPubSJc.exe

C:\Windows\System\nPubSJc.exe

C:\Windows\System\LwffnAG.exe

C:\Windows\System\LwffnAG.exe

C:\Windows\System\WxSbcEe.exe

C:\Windows\System\WxSbcEe.exe

C:\Windows\System\foXRlGt.exe

C:\Windows\System\foXRlGt.exe

C:\Windows\System\PknUBJf.exe

C:\Windows\System\PknUBJf.exe

C:\Windows\System\xVDIYci.exe

C:\Windows\System\xVDIYci.exe

C:\Windows\System\npccBiL.exe

C:\Windows\System\npccBiL.exe

C:\Windows\System\rlwFMyZ.exe

C:\Windows\System\rlwFMyZ.exe

C:\Windows\System\IowztGn.exe

C:\Windows\System\IowztGn.exe

C:\Windows\System\OMxMbZi.exe

C:\Windows\System\OMxMbZi.exe

C:\Windows\System\adlSrlr.exe

C:\Windows\System\adlSrlr.exe

C:\Windows\System\xQsZwdN.exe

C:\Windows\System\xQsZwdN.exe

C:\Windows\System\FhSboRU.exe

C:\Windows\System\FhSboRU.exe

C:\Windows\System\SzAdjAq.exe

C:\Windows\System\SzAdjAq.exe

C:\Windows\System\zxWFuBy.exe

C:\Windows\System\zxWFuBy.exe

C:\Windows\System\cvIUnku.exe

C:\Windows\System\cvIUnku.exe

C:\Windows\System\mOQhXIa.exe

C:\Windows\System\mOQhXIa.exe

C:\Windows\System\WteFMOt.exe

C:\Windows\System\WteFMOt.exe

C:\Windows\System\KCkwGvS.exe

C:\Windows\System\KCkwGvS.exe

C:\Windows\System\WocQMjn.exe

C:\Windows\System\WocQMjn.exe

C:\Windows\System\jVZnKUq.exe

C:\Windows\System\jVZnKUq.exe

C:\Windows\System\WqpcKCR.exe

C:\Windows\System\WqpcKCR.exe

C:\Windows\System\orEbxJk.exe

C:\Windows\System\orEbxJk.exe

C:\Windows\System\iAoPTRg.exe

C:\Windows\System\iAoPTRg.exe

C:\Windows\System\eQkPFmk.exe

C:\Windows\System\eQkPFmk.exe

C:\Windows\System\vJFalpx.exe

C:\Windows\System\vJFalpx.exe

C:\Windows\System\KFvRKqC.exe

C:\Windows\System\KFvRKqC.exe

C:\Windows\System\xBZecdZ.exe

C:\Windows\System\xBZecdZ.exe

C:\Windows\System\HPkRHdd.exe

C:\Windows\System\HPkRHdd.exe

C:\Windows\System\wvpeuVK.exe

C:\Windows\System\wvpeuVK.exe

C:\Windows\System\rJXiVYe.exe

C:\Windows\System\rJXiVYe.exe

C:\Windows\System\CYvWYzO.exe

C:\Windows\System\CYvWYzO.exe

C:\Windows\System\IWmzpLB.exe

C:\Windows\System\IWmzpLB.exe

C:\Windows\System\KVhQueh.exe

C:\Windows\System\KVhQueh.exe

C:\Windows\System\kyIPfPj.exe

C:\Windows\System\kyIPfPj.exe

C:\Windows\System\aMDwISn.exe

C:\Windows\System\aMDwISn.exe

C:\Windows\System\hTNTEcN.exe

C:\Windows\System\hTNTEcN.exe

C:\Windows\System\FtBrJEv.exe

C:\Windows\System\FtBrJEv.exe

C:\Windows\System\VVuqxrR.exe

C:\Windows\System\VVuqxrR.exe

C:\Windows\System\VFlzdrG.exe

C:\Windows\System\VFlzdrG.exe

C:\Windows\System\yUMxNEx.exe

C:\Windows\System\yUMxNEx.exe

C:\Windows\System\ROExMtJ.exe

C:\Windows\System\ROExMtJ.exe

C:\Windows\System\caCcFto.exe

C:\Windows\System\caCcFto.exe

C:\Windows\System\ZIUywja.exe

C:\Windows\System\ZIUywja.exe

C:\Windows\System\oEwhNcV.exe

C:\Windows\System\oEwhNcV.exe

C:\Windows\System\XBtvAOQ.exe

C:\Windows\System\XBtvAOQ.exe

C:\Windows\System\YTCSKrx.exe

C:\Windows\System\YTCSKrx.exe

C:\Windows\System\azmMNFV.exe

C:\Windows\System\azmMNFV.exe

C:\Windows\System\fnvwCOd.exe

C:\Windows\System\fnvwCOd.exe

C:\Windows\System\znbehgd.exe

C:\Windows\System\znbehgd.exe

C:\Windows\System\PPFdjbf.exe

C:\Windows\System\PPFdjbf.exe

C:\Windows\System\nAleKic.exe

C:\Windows\System\nAleKic.exe

C:\Windows\System\hScSoDb.exe

C:\Windows\System\hScSoDb.exe

C:\Windows\System\VTeGPaE.exe

C:\Windows\System\VTeGPaE.exe

C:\Windows\System\mRzwllG.exe

C:\Windows\System\mRzwllG.exe

C:\Windows\System\uuCwfTN.exe

C:\Windows\System\uuCwfTN.exe

C:\Windows\System\VKcKOld.exe

C:\Windows\System\VKcKOld.exe

C:\Windows\System\dzdWtNr.exe

C:\Windows\System\dzdWtNr.exe

C:\Windows\System\KEMqTzw.exe

C:\Windows\System\KEMqTzw.exe

C:\Windows\System\xCORQkq.exe

C:\Windows\System\xCORQkq.exe

C:\Windows\System\xgbErdN.exe

C:\Windows\System\xgbErdN.exe

C:\Windows\System\bMFfXWQ.exe

C:\Windows\System\bMFfXWQ.exe

C:\Windows\System\GkPfVtA.exe

C:\Windows\System\GkPfVtA.exe

C:\Windows\System\ZqRkGJs.exe

C:\Windows\System\ZqRkGJs.exe

C:\Windows\System\DEMHaFs.exe

C:\Windows\System\DEMHaFs.exe

C:\Windows\System\rtTjryI.exe

C:\Windows\System\rtTjryI.exe

C:\Windows\System\VUMTJjt.exe

C:\Windows\System\VUMTJjt.exe

C:\Windows\System\mIxSGaP.exe

C:\Windows\System\mIxSGaP.exe

C:\Windows\System\ZksdlJQ.exe

C:\Windows\System\ZksdlJQ.exe

C:\Windows\System\nvJPpBu.exe

C:\Windows\System\nvJPpBu.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=1320 /prefetch:8

C:\Windows\System\UAcaecY.exe

C:\Windows\System\UAcaecY.exe

C:\Windows\System\dcSWZuF.exe

C:\Windows\System\dcSWZuF.exe

C:\Windows\System\BicRKLr.exe

C:\Windows\System\BicRKLr.exe

C:\Windows\System\BLXSifw.exe

C:\Windows\System\BLXSifw.exe

C:\Windows\System\IxOaSyA.exe

C:\Windows\System\IxOaSyA.exe

C:\Windows\System\ORgAQlT.exe

C:\Windows\System\ORgAQlT.exe

C:\Windows\System\oKTxIBv.exe

C:\Windows\System\oKTxIBv.exe

C:\Windows\System\MVzUbIC.exe

C:\Windows\System\MVzUbIC.exe

C:\Windows\System\DicDqNv.exe

C:\Windows\System\DicDqNv.exe

C:\Windows\System\HvFJdAr.exe

C:\Windows\System\HvFJdAr.exe

C:\Windows\System\LQVShEC.exe

C:\Windows\System\LQVShEC.exe

C:\Windows\System\XCiGxaP.exe

C:\Windows\System\XCiGxaP.exe

C:\Windows\System\wlElhts.exe

C:\Windows\System\wlElhts.exe

C:\Windows\System\MyxtFno.exe

C:\Windows\System\MyxtFno.exe

C:\Windows\System\rRXOsvJ.exe

C:\Windows\System\rRXOsvJ.exe

C:\Windows\System\BcfaJOO.exe

C:\Windows\System\BcfaJOO.exe

C:\Windows\System\XuJMFub.exe

C:\Windows\System\XuJMFub.exe

C:\Windows\System\WYkScLS.exe

C:\Windows\System\WYkScLS.exe

C:\Windows\System\XzKbmqA.exe

C:\Windows\System\XzKbmqA.exe

C:\Windows\System\lWqQUUv.exe

C:\Windows\System\lWqQUUv.exe

C:\Windows\System\vZMnRNv.exe

C:\Windows\System\vZMnRNv.exe

C:\Windows\System\akATpew.exe

C:\Windows\System\akATpew.exe

C:\Windows\System\qOhMsqI.exe

C:\Windows\System\qOhMsqI.exe

C:\Windows\System\utnbXxN.exe

C:\Windows\System\utnbXxN.exe

C:\Windows\System\iVsQRQb.exe

C:\Windows\System\iVsQRQb.exe

C:\Windows\System\EdLWqiD.exe

C:\Windows\System\EdLWqiD.exe

C:\Windows\System\sPKJSsI.exe

C:\Windows\System\sPKJSsI.exe

C:\Windows\System\ByWsmhZ.exe

C:\Windows\System\ByWsmhZ.exe

C:\Windows\System\jdsLUUl.exe

C:\Windows\System\jdsLUUl.exe

C:\Windows\System\JZAkXJx.exe

C:\Windows\System\JZAkXJx.exe

C:\Windows\System\kpJeWKi.exe

C:\Windows\System\kpJeWKi.exe

C:\Windows\System\Lndnvai.exe

C:\Windows\System\Lndnvai.exe

C:\Windows\System\JqrcdyI.exe

C:\Windows\System\JqrcdyI.exe

C:\Windows\System\eaVWXJJ.exe

C:\Windows\System\eaVWXJJ.exe

C:\Windows\System\llcBBRG.exe

C:\Windows\System\llcBBRG.exe

C:\Windows\System\VKhhlSQ.exe

C:\Windows\System\VKhhlSQ.exe

C:\Windows\System\PwwjLlL.exe

C:\Windows\System\PwwjLlL.exe

C:\Windows\System\twiegXz.exe

C:\Windows\System\twiegXz.exe

C:\Windows\System\ZgmXtsa.exe

C:\Windows\System\ZgmXtsa.exe

C:\Windows\System\ueIsUuF.exe

C:\Windows\System\ueIsUuF.exe

C:\Windows\System\sabiwCQ.exe

C:\Windows\System\sabiwCQ.exe

C:\Windows\System\qafcGJk.exe

C:\Windows\System\qafcGJk.exe

C:\Windows\System\sZeiMIU.exe

C:\Windows\System\sZeiMIU.exe

C:\Windows\System\SPPDGId.exe

C:\Windows\System\SPPDGId.exe

C:\Windows\System\dKjHYGs.exe

C:\Windows\System\dKjHYGs.exe

C:\Windows\System\qjZGVVx.exe

C:\Windows\System\qjZGVVx.exe

C:\Windows\System\ekBXAwy.exe

C:\Windows\System\ekBXAwy.exe

C:\Windows\System\MiWteUk.exe

C:\Windows\System\MiWteUk.exe

C:\Windows\System\QYaxYPr.exe

C:\Windows\System\QYaxYPr.exe

C:\Windows\System\mKlUUjH.exe

C:\Windows\System\mKlUUjH.exe

C:\Windows\System\XXjyCEx.exe

C:\Windows\System\XXjyCEx.exe

C:\Windows\System\ktlmyat.exe

C:\Windows\System\ktlmyat.exe

C:\Windows\System\BLpkdKi.exe

C:\Windows\System\BLpkdKi.exe

C:\Windows\System\FVXCwyL.exe

C:\Windows\System\FVXCwyL.exe

C:\Windows\System\nDhDwfT.exe

C:\Windows\System\nDhDwfT.exe

C:\Windows\System\TegcXhJ.exe

C:\Windows\System\TegcXhJ.exe

C:\Windows\System\KsrbbwS.exe

C:\Windows\System\KsrbbwS.exe

C:\Windows\System\tldzUQC.exe

C:\Windows\System\tldzUQC.exe

C:\Windows\System\Sxaeccu.exe

C:\Windows\System\Sxaeccu.exe

C:\Windows\System\hLKAzOH.exe

C:\Windows\System\hLKAzOH.exe

C:\Windows\System\sYKILWP.exe

C:\Windows\System\sYKILWP.exe

C:\Windows\System\WPtEzfy.exe

C:\Windows\System\WPtEzfy.exe

C:\Windows\System\agIqJvO.exe

C:\Windows\System\agIqJvO.exe

C:\Windows\System\RJXooAh.exe

C:\Windows\System\RJXooAh.exe

C:\Windows\System\KNecLOB.exe

C:\Windows\System\KNecLOB.exe

C:\Windows\System\WBJCkqc.exe

C:\Windows\System\WBJCkqc.exe

C:\Windows\System\GaMlNPy.exe

C:\Windows\System\GaMlNPy.exe

C:\Windows\System\ikzJBmL.exe

C:\Windows\System\ikzJBmL.exe

C:\Windows\System\FXUgiak.exe

C:\Windows\System\FXUgiak.exe

C:\Windows\System\ksLrMmG.exe

C:\Windows\System\ksLrMmG.exe

C:\Windows\System\squnYSf.exe

C:\Windows\System\squnYSf.exe

C:\Windows\System\xwKdisU.exe

C:\Windows\System\xwKdisU.exe

C:\Windows\System\ofIppKe.exe

C:\Windows\System\ofIppKe.exe

C:\Windows\System\dMfgqQv.exe

C:\Windows\System\dMfgqQv.exe

C:\Windows\System\cODoUWd.exe

C:\Windows\System\cODoUWd.exe

C:\Windows\System\BmYgqfO.exe

C:\Windows\System\BmYgqfO.exe

C:\Windows\System\igZcHWY.exe

C:\Windows\System\igZcHWY.exe

C:\Windows\System\UOATKMC.exe

C:\Windows\System\UOATKMC.exe

C:\Windows\System\hBPdNXc.exe

C:\Windows\System\hBPdNXc.exe

C:\Windows\System\nQRqVdW.exe

C:\Windows\System\nQRqVdW.exe

C:\Windows\System\ssRBwQX.exe

C:\Windows\System\ssRBwQX.exe

C:\Windows\System\KMpgqlr.exe

C:\Windows\System\KMpgqlr.exe

C:\Windows\System\PfaqlBS.exe

C:\Windows\System\PfaqlBS.exe

C:\Windows\System\ZllbTMi.exe

C:\Windows\System\ZllbTMi.exe

C:\Windows\System\MfBYefG.exe

C:\Windows\System\MfBYefG.exe

C:\Windows\System\lSLfZUX.exe

C:\Windows\System\lSLfZUX.exe

C:\Windows\System\PZYrBIg.exe

C:\Windows\System\PZYrBIg.exe

C:\Windows\System\zBCGufL.exe

C:\Windows\System\zBCGufL.exe

C:\Windows\System\jzHfRWF.exe

C:\Windows\System\jzHfRWF.exe

C:\Windows\System\CegHLoG.exe

C:\Windows\System\CegHLoG.exe

C:\Windows\System\rFaQcAx.exe

C:\Windows\System\rFaQcAx.exe

C:\Windows\System\uTCZuVq.exe

C:\Windows\System\uTCZuVq.exe

C:\Windows\System\aOVSvtq.exe

C:\Windows\System\aOVSvtq.exe

C:\Windows\System\WuALFwo.exe

C:\Windows\System\WuALFwo.exe

C:\Windows\System\tnBBvjl.exe

C:\Windows\System\tnBBvjl.exe

C:\Windows\System\FSOZjbF.exe

C:\Windows\System\FSOZjbF.exe

C:\Windows\System\SviuKdY.exe

C:\Windows\System\SviuKdY.exe

C:\Windows\System\HHWzbXn.exe

C:\Windows\System\HHWzbXn.exe

C:\Windows\System\XDAgbES.exe

C:\Windows\System\XDAgbES.exe

C:\Windows\System\mVJlyYj.exe

C:\Windows\System\mVJlyYj.exe

C:\Windows\System\GMDkqcc.exe

C:\Windows\System\GMDkqcc.exe

C:\Windows\System\PrOpjxk.exe

C:\Windows\System\PrOpjxk.exe

C:\Windows\System\FXzaZyA.exe

C:\Windows\System\FXzaZyA.exe

C:\Windows\System\NcsRJaM.exe

C:\Windows\System\NcsRJaM.exe

C:\Windows\System\HEDzWmm.exe

C:\Windows\System\HEDzWmm.exe

C:\Windows\System\WeZCJIl.exe

C:\Windows\System\WeZCJIl.exe

C:\Windows\System\EwHRcMO.exe

C:\Windows\System\EwHRcMO.exe

C:\Windows\System\wazZfOP.exe

C:\Windows\System\wazZfOP.exe

C:\Windows\System\amevyEs.exe

C:\Windows\System\amevyEs.exe

C:\Windows\System\OZbpENf.exe

C:\Windows\System\OZbpENf.exe

C:\Windows\System\sRdobOC.exe

C:\Windows\System\sRdobOC.exe

C:\Windows\System\vKfmDRv.exe

C:\Windows\System\vKfmDRv.exe

C:\Windows\System\kGXKwpJ.exe

C:\Windows\System\kGXKwpJ.exe

C:\Windows\System\ResqriQ.exe

C:\Windows\System\ResqriQ.exe

C:\Windows\System\xhnLQbN.exe

C:\Windows\System\xhnLQbN.exe

C:\Windows\System\FSTyaRQ.exe

C:\Windows\System\FSTyaRQ.exe

C:\Windows\System\MkKYcIL.exe

C:\Windows\System\MkKYcIL.exe

C:\Windows\System\LLrutkU.exe

C:\Windows\System\LLrutkU.exe

C:\Windows\System\SFtzVOh.exe

C:\Windows\System\SFtzVOh.exe

C:\Windows\System\mEXGZnU.exe

C:\Windows\System\mEXGZnU.exe

C:\Windows\System\wkursdo.exe

C:\Windows\System\wkursdo.exe

C:\Windows\System\JpmTXtX.exe

C:\Windows\System\JpmTXtX.exe

C:\Windows\System\CkIHnOa.exe

C:\Windows\System\CkIHnOa.exe

C:\Windows\System\hjiwLmP.exe

C:\Windows\System\hjiwLmP.exe

C:\Windows\System\qZdQWUP.exe

C:\Windows\System\qZdQWUP.exe

C:\Windows\System\YpxOfNZ.exe

C:\Windows\System\YpxOfNZ.exe

C:\Windows\System\jabvIBF.exe

C:\Windows\System\jabvIBF.exe

C:\Windows\System\GJOXIHy.exe

C:\Windows\System\GJOXIHy.exe

C:\Windows\System\ySHGXnk.exe

C:\Windows\System\ySHGXnk.exe

C:\Windows\System\yfIYwIZ.exe

C:\Windows\System\yfIYwIZ.exe

C:\Windows\System\OmJXeer.exe

C:\Windows\System\OmJXeer.exe

C:\Windows\System\kVyLjjf.exe

C:\Windows\System\kVyLjjf.exe

C:\Windows\System\lRTBcsi.exe

C:\Windows\System\lRTBcsi.exe

C:\Windows\System\IPYrzgJ.exe

C:\Windows\System\IPYrzgJ.exe

C:\Windows\System\mREqbUz.exe

C:\Windows\System\mREqbUz.exe

C:\Windows\System\OtaoiLN.exe

C:\Windows\System\OtaoiLN.exe

C:\Windows\System\zecjBBd.exe

C:\Windows\System\zecjBBd.exe

C:\Windows\System\eTpqDSx.exe

C:\Windows\System\eTpqDSx.exe

C:\Windows\System\IuuRJYe.exe

C:\Windows\System\IuuRJYe.exe

C:\Windows\System\iBIqzpi.exe

C:\Windows\System\iBIqzpi.exe

C:\Windows\System\HAaVuiH.exe

C:\Windows\System\HAaVuiH.exe

C:\Windows\System\liixKqo.exe

C:\Windows\System\liixKqo.exe

C:\Windows\System\QPvMvDE.exe

C:\Windows\System\QPvMvDE.exe

C:\Windows\System\eVwdSYE.exe

C:\Windows\System\eVwdSYE.exe

C:\Windows\System\DdHiDnv.exe

C:\Windows\System\DdHiDnv.exe

C:\Windows\System\JJCTRxj.exe

C:\Windows\System\JJCTRxj.exe

C:\Windows\System\XzGCOHb.exe

C:\Windows\System\XzGCOHb.exe

C:\Windows\System\rUvNRNx.exe

C:\Windows\System\rUvNRNx.exe

C:\Windows\System\puvfYxA.exe

C:\Windows\System\puvfYxA.exe

C:\Windows\System\KQYrCPq.exe

C:\Windows\System\KQYrCPq.exe

C:\Windows\System\ZylqNkl.exe

C:\Windows\System\ZylqNkl.exe

C:\Windows\System\caxMfxI.exe

C:\Windows\System\caxMfxI.exe

C:\Windows\System\NNxJIFz.exe

C:\Windows\System\NNxJIFz.exe

C:\Windows\System\MJxfJik.exe

C:\Windows\System\MJxfJik.exe

C:\Windows\System\axjzxsV.exe

C:\Windows\System\axjzxsV.exe

C:\Windows\System\VKUieuA.exe

C:\Windows\System\VKUieuA.exe

C:\Windows\System\AzyDDly.exe

C:\Windows\System\AzyDDly.exe

C:\Windows\System\FtjjUxr.exe

C:\Windows\System\FtjjUxr.exe

C:\Windows\System\ojaMoUs.exe

C:\Windows\System\ojaMoUs.exe

C:\Windows\System\GejVoTJ.exe

C:\Windows\System\GejVoTJ.exe

C:\Windows\System\Zccweip.exe

C:\Windows\System\Zccweip.exe

C:\Windows\System\viDuwfA.exe

C:\Windows\System\viDuwfA.exe

C:\Windows\System\xSxZqDs.exe

C:\Windows\System\xSxZqDs.exe

C:\Windows\System\OEruKbL.exe

C:\Windows\System\OEruKbL.exe

C:\Windows\System\wyWbOCr.exe

C:\Windows\System\wyWbOCr.exe

C:\Windows\System\qdFpaPO.exe

C:\Windows\System\qdFpaPO.exe

C:\Windows\System\NSiEIIL.exe

C:\Windows\System\NSiEIIL.exe

C:\Windows\System\krRfhUz.exe

C:\Windows\System\krRfhUz.exe

C:\Windows\System\SNCTjzW.exe

C:\Windows\System\SNCTjzW.exe

C:\Windows\System\CLHWtqk.exe

C:\Windows\System\CLHWtqk.exe

C:\Windows\System\gxADKbS.exe

C:\Windows\System\gxADKbS.exe

C:\Windows\System\vJdyPgR.exe

C:\Windows\System\vJdyPgR.exe

C:\Windows\System\sXlNKWe.exe

C:\Windows\System\sXlNKWe.exe

C:\Windows\System\MSdBSit.exe

C:\Windows\System\MSdBSit.exe

C:\Windows\System\ExoJXKu.exe

C:\Windows\System\ExoJXKu.exe

C:\Windows\System\NQICKpo.exe

C:\Windows\System\NQICKpo.exe

C:\Windows\System\hTfrnBU.exe

C:\Windows\System\hTfrnBU.exe

C:\Windows\System\pcsuskr.exe

C:\Windows\System\pcsuskr.exe

C:\Windows\System\rRvTAMv.exe

C:\Windows\System\rRvTAMv.exe

C:\Windows\System\nKkXisH.exe

C:\Windows\System\nKkXisH.exe

C:\Windows\System\OlZdaNS.exe

C:\Windows\System\OlZdaNS.exe

C:\Windows\System\SUxnkEC.exe

C:\Windows\System\SUxnkEC.exe

C:\Windows\System\AWgitSQ.exe

C:\Windows\System\AWgitSQ.exe

C:\Windows\System\BLqLUYC.exe

C:\Windows\System\BLqLUYC.exe

C:\Windows\System\fjrcZGq.exe

C:\Windows\System\fjrcZGq.exe

C:\Windows\System\wfQaISa.exe

C:\Windows\System\wfQaISa.exe

C:\Windows\System\pAveRTR.exe

C:\Windows\System\pAveRTR.exe

C:\Windows\System\eWWlyAf.exe

C:\Windows\System\eWWlyAf.exe

C:\Windows\System\oEhmHaO.exe

C:\Windows\System\oEhmHaO.exe

C:\Windows\System\nqbYjUY.exe

C:\Windows\System\nqbYjUY.exe

C:\Windows\System\vEgYbhc.exe

C:\Windows\System\vEgYbhc.exe

C:\Windows\System\zZBwiVi.exe

C:\Windows\System\zZBwiVi.exe

C:\Windows\System\cZCNysX.exe

C:\Windows\System\cZCNysX.exe

C:\Windows\System\CLAoOal.exe

C:\Windows\System\CLAoOal.exe

C:\Windows\System\hcGvcwC.exe

C:\Windows\System\hcGvcwC.exe

C:\Windows\System\ApACBNA.exe

C:\Windows\System\ApACBNA.exe

C:\Windows\System\axODImH.exe

C:\Windows\System\axODImH.exe

C:\Windows\System\KFcWSvN.exe

C:\Windows\System\KFcWSvN.exe

C:\Windows\System\WOhsiHw.exe

C:\Windows\System\WOhsiHw.exe

C:\Windows\System\DebhUVJ.exe

C:\Windows\System\DebhUVJ.exe

C:\Windows\System\YFiyoAl.exe

C:\Windows\System\YFiyoAl.exe

C:\Windows\System\USDZbMe.exe

C:\Windows\System\USDZbMe.exe

C:\Windows\System\oztXQxe.exe

C:\Windows\System\oztXQxe.exe

C:\Windows\System\zLgnvka.exe

C:\Windows\System\zLgnvka.exe

C:\Windows\System\kyEwWZp.exe

C:\Windows\System\kyEwWZp.exe

C:\Windows\System\clDDeWD.exe

C:\Windows\System\clDDeWD.exe

C:\Windows\System\BtwvPRw.exe

C:\Windows\System\BtwvPRw.exe

C:\Windows\System\LPfeiBU.exe

C:\Windows\System\LPfeiBU.exe

C:\Windows\System\rqEcWwg.exe

C:\Windows\System\rqEcWwg.exe

C:\Windows\System\goUkzpG.exe

C:\Windows\System\goUkzpG.exe

C:\Windows\System\WxqdJAS.exe

C:\Windows\System\WxqdJAS.exe

C:\Windows\System\aSPUPXg.exe

C:\Windows\System\aSPUPXg.exe

C:\Windows\System\VqqMMRZ.exe

C:\Windows\System\VqqMMRZ.exe

C:\Windows\System\gwzENQz.exe

C:\Windows\System\gwzENQz.exe

C:\Windows\System\dDiClsm.exe

C:\Windows\System\dDiClsm.exe

C:\Windows\System\pAxIZhz.exe

C:\Windows\System\pAxIZhz.exe

C:\Windows\System\xdeEnFm.exe

C:\Windows\System\xdeEnFm.exe

C:\Windows\System\NVHJtup.exe

C:\Windows\System\NVHJtup.exe

C:\Windows\System\VpwLnbf.exe

C:\Windows\System\VpwLnbf.exe

C:\Windows\System\ZlBTZYP.exe

C:\Windows\System\ZlBTZYP.exe

C:\Windows\System\GuIBdDQ.exe

C:\Windows\System\GuIBdDQ.exe

C:\Windows\System\xQQrODo.exe

C:\Windows\System\xQQrODo.exe

C:\Windows\System\gOXEtSr.exe

C:\Windows\System\gOXEtSr.exe

C:\Windows\System\XDpbuXN.exe

C:\Windows\System\XDpbuXN.exe

C:\Windows\System\NXRnhQW.exe

C:\Windows\System\NXRnhQW.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3200-0-0x00007FF6C71E0000-0x00007FF6C7534000-memory.dmp

memory/3200-1-0x000001A867150000-0x000001A867160000-memory.dmp

C:\Windows\System\pzJUQdP.exe

MD5 e27e6a6e85b1574859b0f33195845275
SHA1 66c56bcc53af033b22c294fe3df1b6bb4fc156cd
SHA256 60b83235b4e5dcceb649ed8f8f2ee3087e0c764d0eb2a7828765cc150210e238
SHA512 9c8aa63a3235f33a451f1d1fc9da61b8db7801ceca250d783ec6d77e10e8c048a1502c815aed9f9a6f1079e268051f5288c0a8a98f8d23acb4e71c70ed45600c

C:\Windows\System\zVPBVuj.exe

MD5 0fd033c49297a2946e855a024529c2fe
SHA1 3ffaf06c57479bb5a051d6745e59497ce37ec34d
SHA256 d5d815b1f43d7bada5dd36d63c0d46fb6bb02b5f330c3fbc29eb8b600730d25f
SHA512 e0a54070a649af7670d5133fbb2e943e4e9b13774746b12ec3dd3d7968e0b8a607943604e20536daa94b9e278d2b4103c61aa830b1631bdce12815a89a2fbd44

C:\Windows\System\LweVllO.exe

MD5 d7371d38077560afd720c93229cc2d76
SHA1 e0fd3dc69d59e406323e81cd589d2318060e55ef
SHA256 eade6e289cf4dd9ade54c5725e52aef99051f8d79a3cedf24e76ecf01c1b899e
SHA512 dedc39c6f44445860f9fbbb7e6f7a180c3d6b3e7c898636b59642d59a9a425e7847682097c552cf59ec8288ebd21a86a65427ba31f0e5ea2a8d530af4cda072d

C:\Windows\System\PWoQIaG.exe

MD5 7a97ecb8f586af5e815cc8825ca827d3
SHA1 c56c2a43d955c1796414f59410fdd93a5f03138a
SHA256 0ed85c15b0ec821e1e2ba3fa705ae8b3ee3e5650dab91dfa955f8d6344411367
SHA512 f186bf746b209f36bf4fe561f7182d5047ac7f52a23ccbf7a6ac805cb0ebfc9f78dfb8871fba9cfef2b53f5071848289cc174076dd5635a13f76d17dde1b96cc

memory/3096-31-0x00007FF699E40000-0x00007FF69A194000-memory.dmp

memory/5012-34-0x00007FF71B000000-0x00007FF71B354000-memory.dmp

memory/3020-36-0x00007FF6BE3A0000-0x00007FF6BE6F4000-memory.dmp

C:\Windows\System\gGNrtsS.exe

MD5 7719683b3edfe74527444bcdad231cd1
SHA1 f8f1578351775b5fa47150af1bc44ca8ec3df4e0
SHA256 8372f0f3eaeb3a62108f8eb5dba29b314a8e3cd321e32d79b9ecc2c43d4b6557
SHA512 c706b84d8e8b22423f9c6efff1e45a737b7dc8012e3888c229f6be227d17889256816a33ee1ee9751afb91ecf27707c9d283a92d2e55b2c8703be38e0a6142f2

memory/1296-35-0x00007FF764D20000-0x00007FF765074000-memory.dmp

C:\Windows\System\YBUxEVO.exe

MD5 d1a63d50a19dcdf0bf5b7ecbbcb9c256
SHA1 f0703aeeb338cedc3dd4813165fd0237591ab4af
SHA256 19ff80593e9693fd498b6544b12c090b67901a4ae710cb356460764c85da5402
SHA512 88ee3883c397b25f163e3f6dfa2efbd053e4e93181c3a7161ca506e0d3af46d08e3655b5c4cd611145c863124615b3a2ae0c0e994b8caa3953b2ab4ea79cfe80

memory/3056-16-0x00007FF67D5A0000-0x00007FF67D8F4000-memory.dmp

memory/4464-10-0x00007FF722AC0000-0x00007FF722E14000-memory.dmp

C:\Windows\System\HBVqLHS.exe

MD5 13c8157e79262841033e941eef19381d
SHA1 c54cff7ecc75caded7d8533116696aad17e51b22
SHA256 797780dd12e77fb8104b6bc4b904f2dbde8195b095931591770b53be19f89261
SHA512 548d0d8048893af4d1738068587260e44ef4cbae992e029eaa371001a76d806ea6f72237d1ce8830b2e0c6f9c1c4efacea20b6f0a36a80c25af5a2e3994a2e5a

C:\Windows\System\TfSPAgK.exe

MD5 14afa9f0083f845f7bb701e4b66e927d
SHA1 1d3fca813a7f8c2dee920f9b9947ee13b86b5ca3
SHA256 c35aecf8a72a86237793fac7d4989909f4a6021d9aa992796b96e0d91dbf8ea2
SHA512 9284f0fdfadd3f1a338512c3ca0f5e5cbc653b86974d867b5335f2c8df6b633c6f00d0f2bef9538d4e67375e82b5016361fee326bdbd6bf37d9227ffabfbc693

C:\Windows\System\YcRfZYY.exe

MD5 b1f6e454cb4b693358cff294540de26d
SHA1 da4b65373479c4a37695e3c5a205f8f4798803e4
SHA256 ae22abd07d29e01c9e7399ddf7ff2cd07af53ac2d6c529036eafa42a5f9df93d
SHA512 59dc28264ff2ca98b11e478bac13a85e22821ae55f60d3023a4bcce72d87b10466426079ad7928b5f40ffa67c69a5e0210fce1c3046c0b3d2082e02b9e6e19d6

C:\Windows\System\InsTIxw.exe

MD5 12ec7f87b2e62f998adc1fecdfd0b708
SHA1 628c533aa669767d26710ca087f6bd2bf71a1206
SHA256 a1bbfee6723d467b1bda094aeb580c7a64f94fcac5895e903c374e71a30a4cfc
SHA512 9eaf0164a4cd875e3be3c1bc957aa26f14caf0036be48b54623c189ad0dd2b2d02a85ffa4c73c3437037f8b42c4565c0c592c8d282ae2c23dc947c2dc5f16d01

memory/1952-68-0x00007FF7147A0000-0x00007FF714AF4000-memory.dmp

C:\Windows\System\jxvDChx.exe

MD5 8435aefef0bcc9801235f85c851a3a46
SHA1 d0b21b0568e64405f08957921b501aa69cc23eb3
SHA256 5681aee2d591b675ea837a04fe5960efa98133bd5d3479e500187ae148462a08
SHA512 be97119170adbca1b9a3b89aa4096098d7b56b3a7f43852903d2c4e019245778792387a8f86265876445f8cb859eb607535ccc4d666a081125865493caca0d64

C:\Windows\System\VyBSFRG.exe

MD5 e28f3cbd55e0bbd00e5f8483be228543
SHA1 e8d9fa0744074d73e306b902d7dec175039e95d2
SHA256 64de6af26c7392f5ad333deefbdbf16d09410afda2c5cc7e91df1f7add2fa79c
SHA512 15287e935353ef2f8f0d864cdff255bbc0a85a89f41f62af44f9f4b9deaf7f28e43c2387111a6f1a7b8cb01627ee38863f27115d685d8a395a9c4a3ce7e2067d

C:\Windows\System\SejjdoJ.exe

MD5 ea31558f7642171c49fb515fef03b4b4
SHA1 5065325f32c7a16eec1e4865c7151300123fcbae
SHA256 db49f0aa6daf70566fd6bc9bbeeacdb767f0fb5a11e4676cca0c6ffd89c274f5
SHA512 cc215ea93782f17c13799430a9d97f5939da504bd0f96086d45a607ffdf62254404b90cbd5b993c58b455bc5200e7d58fc8f4ca70cd860c425ad098bbf358a3e

C:\Windows\System\fsYuIdG.exe

MD5 17370ecc90ba9f3c3429871e0805160b
SHA1 08c5a0c4d14d9dd90dedafd8fb3c4a1533f3c1a6
SHA256 3dd1fa9f6f00306f9fffaed5aa7fa2818ef4982b1b2ab54e4ff2f317d7e37596
SHA512 630812a38b31c122c456aa69750486b2525f458622eb54f0e96f3b43574e363f88d1cfd5a062236e80c7830189af87daa001eef37b547af65657693302df2cc9

C:\Windows\System\WfEVPYa.exe

MD5 474d04140d334e3b0d7441447e330ba5
SHA1 b8b1a57ed5fb6f03a96ac3301bfd4579d143089d
SHA256 d04b31f045747e1a9f987de1c97c39c5dbc436c18e114fd2e6babc2074c40944
SHA512 bba1b9de0f7dff62dae1051ad466d5d0e936fa560b5418f2d3d664bd079dbfa060ab6ca9396ef8cfc992a1e30cf4b316c460f5395f181ec28e5463a64900797c

C:\Windows\System\nPubSJc.exe

MD5 5a752eaaf661210ce9affa55e582bdd5
SHA1 55f759e9e987076258633730d47461d6249194b4
SHA256 7bf1378f58d09f1af159ce3d1cdb29d1bcec1da0cc9c2fd0d842c0cc1d008b35
SHA512 bc0a1e6e439fae4f8c7cadca83114cd016ad442f9ff46b057578da599c45e32a7e4d8ea7fd209bb3c5ec63fcc7e35b81be79a85d10482e6637fe7da5e025ff9b

memory/1404-374-0x00007FF72F020000-0x00007FF72F374000-memory.dmp

memory/4220-377-0x00007FF610080000-0x00007FF6103D4000-memory.dmp

memory/3124-378-0x00007FF745B40000-0x00007FF745E94000-memory.dmp

memory/1948-381-0x00007FF642F40000-0x00007FF643294000-memory.dmp

memory/4892-385-0x00007FF6672D0000-0x00007FF667624000-memory.dmp

memory/388-388-0x00007FF601110000-0x00007FF601464000-memory.dmp

memory/3200-390-0x00007FF6C71E0000-0x00007FF6C7534000-memory.dmp

memory/4128-389-0x00007FF717020000-0x00007FF717374000-memory.dmp

memory/3100-387-0x00007FF7C0FF0000-0x00007FF7C1344000-memory.dmp

memory/3164-386-0x00007FF6425D0000-0x00007FF642924000-memory.dmp

memory/2992-384-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp

memory/5076-383-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

memory/4820-382-0x00007FF63D630000-0x00007FF63D984000-memory.dmp

memory/3936-380-0x00007FF611F20000-0x00007FF612274000-memory.dmp

memory/936-379-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp

memory/2304-376-0x00007FF6278A0000-0x00007FF627BF4000-memory.dmp

memory/1280-375-0x00007FF6FC690000-0x00007FF6FC9E4000-memory.dmp

memory/1644-373-0x00007FF602530000-0x00007FF602884000-memory.dmp

C:\Windows\System\WxSbcEe.exe

MD5 df099495e705544354a110d13c6a44b0
SHA1 7bbe209c048415845f5d7410d51d4fa51de60f93
SHA256 7ee3647c71994bc73743fba57229184beefaec4a459bc58d414d8d64cdb56365
SHA512 afefc4a01fa8799101914d9826c046b9b249e8e6d36260f7ee401828409ab831add6dfe5ab6f6f8c58ab57e172818daf2963a87b7883d05a7395dd345aa43d12

C:\Windows\System\LwffnAG.exe

MD5 53dad4616f833bae3542e026d2573cb5
SHA1 f730058a470fd65ef1ece46b0dfdecafde0500b6
SHA256 abbe3d96b958a50e4394dddbb3c7edf041782b326adb051e1e9717ec0a42cd8b
SHA512 ae66fe5bb7a805457c237c183e08cf8de96f3664b6e7dd036c5cb911c892f8973a3fe1f90d6c0c500251273cc6316af25e70279af87dce4ba741d26b9352b755

C:\Windows\System\gMRAqil.exe

MD5 1ba9ce1964bab7334b0d1633b2265492
SHA1 6e10930517d0f802a9d04c4e89039ba486a97d8f
SHA256 ddd859474bd32e546a3f67a95daf8df9cd6f9b0906a5ddb5509bd81b548e4ef0
SHA512 316716a592fe90851e7202d251bd8029f27d428cdb041d2483f1813f3776775191e0cfb2441b9707667b68ad10e3fdeb1bac404087dd129703057e84d11a1644

C:\Windows\System\kuWbTnY.exe

MD5 f3eb14c507f0fdbdb700e16cb4637678
SHA1 b13b7f26c3cf50cb50a7b0f0a79a311a0987adad
SHA256 5ac49310c827359aeef86b2ef0dacebb89bec6b87de282cae2071b999d23e034
SHA512 159bafce1f4baad608ecbdcf7fa1436d17b3f56fad1c7c2afae455996a2954eae53662e86eed64900ab6ef8658f23dabec4d7a29bc18aabb2f4ae4d421b92aed

C:\Windows\System\oBkxcOK.exe

MD5 9b32eb4e939b2cad14b9239d0568e63e
SHA1 fbf6a9cb08353a15c8df90efc13f2f8a6c107608
SHA256 b79ba374e35413226c9ae5f1528f5067a4f09a7d854772af6077a853a3a34848
SHA512 d8199e4f40f0501f7c4d1155787f82aa7d5db23759efb2de74befaf54368e12aba7d5d923964d9348fa0797b1440c84cb250445abc5592466f2596255481e054

C:\Windows\System\BgIhmpQ.exe

MD5 2c42db6fcabab45c1f1e5b430a314764
SHA1 2f6e2df4ccd8c4ce5f2ab1c16f5552775fdb396f
SHA256 4743081fd4e5903c82bf13d994620c6dbeaf4ef12065fab24a3091ba4059d514
SHA512 6a3a2caa70b1d3476eb884278f4a1d104fecfad85a9c378dd4c4a387ce006322ff56650f37f3f1cd8d2e2eb74d1256bb88aa70b66f2024d3d7b3811dc1bca5ab

C:\Windows\System\zePrDYB.exe

MD5 63368927b69b513a1648a28ad6648af9
SHA1 bc7efb69af6c33375a84f86d3738fccf75305bb4
SHA256 c82a5072ae956ca6d9afe7323f75feef21f2a8f6dc6fa2a99f39f83fe370d49b
SHA512 229cec967fecb8d4772c80d5a133b2d749172c338b837fafb934f1186625432f9395d714560f9a879d47bb7c8b77e126e4947e409bc36a6c60ebd908d46a33c3

C:\Windows\System\eOGRvZq.exe

MD5 32b6f3434ec30d4b35b07e4ae09f5502
SHA1 bf9f9c3519e5f051f3c9b0c34547256f69f90de5
SHA256 dcf72747652fe8129474ad785d64e6800f5062941d6687950256789745e2d95b
SHA512 80bf5b882344e3ed576c31ee127a84e5bfeef75e21832b43eb0c58dd5f1f78e013b215ecad06bab7c0eb17fba439d256454dbd9be4322124771fd3b30891d1bb

C:\Windows\System\yHxyEOy.exe

MD5 e961532e2cac18ea2c851417ebe8d0bc
SHA1 decc743465ba7fdd1ebec5f2ecac1ac8a8472c97
SHA256 1a272e3289635ea8f8e74f66ef8717c9ed37424ac4bbce11fd5b0ff0a401e0fe
SHA512 22c5f8177c04ccdc9726ea3e44224da27ca2278707e63782a71094e7871009b5cfeb37fc882e97b6991c2b43dd8e2efbb7c78b83f3f9efb475369f4bcfdad971

C:\Windows\System\GtPoyUO.exe

MD5 06959fbbbec9564cb6337f8e510c0584
SHA1 f83b659ef3639e3339caa95b80274d685b8a9c6d
SHA256 17d78ff899e9e19c87ea6eb6d212c6de51ea7c799f29edc9de0bd45c052c7366
SHA512 070adca510efa60d9282fff6ff217f7355f09dbada820ffc5ee9ff8a5a73eb4098c4fd0822d9dbe3229fadf65bf332b47cef38716bad6b52754db024de96e7b9

C:\Windows\System\KrKFIbV.exe

MD5 96631b3d2cf030aa1f569f63a8a07076
SHA1 e12dbe29e550f3a834d8322c7dabf11f25671b16
SHA256 59274595a4adb88b3724bec0b42b91866f8ab101855f893db7c7da43674eff51
SHA512 d1ea8b8c691da00274b33162e94e78c6731de15065492906327beaac91fabdb2a697910168eaa7aa248712c25ba9592bd77ad2a330256f4aeefcdfd111f36af6

C:\Windows\System\qwrHTEP.exe

MD5 942098aef51b0075b9f902c09f233965
SHA1 88c59e8e274fb0f9fc0bac768b1d2c3342900c5f
SHA256 19fc3afc158e390475c3d5190ae2abe7f39a0d2cfd4ce44c324c7d84230b9d79
SHA512 ac1f3b36293425be65a49aa25eb3e0e13fb27f10f6d647aab5f6232f8028bb9c22f52b7d845714ec5d7f34d51fc44550ce9c866e71d246ed5aefc3e66a79f6f4

C:\Windows\System\VWDdtHV.exe

MD5 0e35d4e1232986d47e772e1a70919711
SHA1 c78431b3b0682e187f4af131aefc27b5bc77d245
SHA256 527656a548a57ba6e26dad00aab67ef0923835e4195f7394d75f851e0adf4863
SHA512 4c0fa24157677ef9a586a966ac3eed0c80bff9b603c49787dd37a6bdb96cb85514acb1ff49e69c518042e494e04e1feae72ce9ddc079218e5c36579db79c7bdc

C:\Windows\System\RCJUnVR.exe

MD5 2ddeb73aaca77104adbb5b520978792e
SHA1 e088bca646c4bf543d23501d97948746395dc0ec
SHA256 9c8e5022dfc3d8dcf7c260ca9d13c545fe16eca570f300deabe9188ed7c73a33
SHA512 e8b7179622e1c0d53778dc21dd8b0444e2ac80561e3b7fbc1480d129cc609b9ec4341c8c16c993247848f07fdf6113e204f36ac7a6146344d7aa22dbd868dece

C:\Windows\System\KRspVEs.exe

MD5 81c6a16f4d7c13f3ec4da671dbc3ec72
SHA1 ec76477daca39b638fcdf2949251f6a37523c7db
SHA256 8f4f7890a6549b7deb55e7e7c3cc10befec422b2bc267b5052e896dc4a268228
SHA512 5ee46af4dcebfa63d90fe2d4e161de69b969f27a6d5980b1a62184a9883ab63fd0c9fc20addb0fcb6773f6abaa26490b1e393de249f93cff8595f83e348acd9a

C:\Windows\System\BfPiEio.exe

MD5 d7d95268c6cec40c24bd023b4e410dae
SHA1 2acd02f7f175ddd965584a38470f0d46af10c75e
SHA256 e3d1dbcf466b3db2f1957de9419aa9eb4261d15a54db0bde61120ea43208f3bb
SHA512 a130026ea51676b9e727c25b8bc716450f84cb42345b4c117d2de37f9ea7f58f3338c64cced46aad5436b870b43c34241959e6e068f8648c4b0f23df0096c32d

memory/4884-79-0x00007FF7DC1D0000-0x00007FF7DC524000-memory.dmp

memory/5028-71-0x00007FF78E530000-0x00007FF78E884000-memory.dmp

memory/700-63-0x00007FF7FBD60000-0x00007FF7FC0B4000-memory.dmp

C:\Windows\System\TdeFfRn.exe

MD5 ccc7928857faceb5e22e15e33ccea004
SHA1 de13d50baaf5c98175889101aa2429e2bb6a1501
SHA256 cf3a2db60e07dca698ce6d282c3668e73b62df67770ea0bf4152256fab0457a7
SHA512 1a5bfbc27817299d01c538989c98f487bf39e7fb16b2157154eba27eab1561c680364b4ed27e7cd512dca65f319b54afc84fe6c8a2e294b9ed8d2d20861d81aa

memory/3396-50-0x00007FF75C170000-0x00007FF75C4C4000-memory.dmp

memory/1188-46-0x00007FF729330000-0x00007FF729684000-memory.dmp

memory/3056-1070-0x00007FF67D5A0000-0x00007FF67D8F4000-memory.dmp

memory/3020-1071-0x00007FF6BE3A0000-0x00007FF6BE6F4000-memory.dmp

memory/1188-1072-0x00007FF729330000-0x00007FF729684000-memory.dmp

memory/3396-1073-0x00007FF75C170000-0x00007FF75C4C4000-memory.dmp

memory/1952-1074-0x00007FF7147A0000-0x00007FF714AF4000-memory.dmp

memory/4884-1075-0x00007FF7DC1D0000-0x00007FF7DC524000-memory.dmp

memory/4464-1076-0x00007FF722AC0000-0x00007FF722E14000-memory.dmp

memory/3056-1077-0x00007FF67D5A0000-0x00007FF67D8F4000-memory.dmp

memory/3096-1078-0x00007FF699E40000-0x00007FF69A194000-memory.dmp

memory/5012-1079-0x00007FF71B000000-0x00007FF71B354000-memory.dmp

memory/1296-1080-0x00007FF764D20000-0x00007FF765074000-memory.dmp

memory/3020-1081-0x00007FF6BE3A0000-0x00007FF6BE6F4000-memory.dmp

memory/1188-1082-0x00007FF729330000-0x00007FF729684000-memory.dmp

memory/700-1083-0x00007FF7FBD60000-0x00007FF7FC0B4000-memory.dmp

memory/3396-1084-0x00007FF75C170000-0x00007FF75C4C4000-memory.dmp

memory/1644-1085-0x00007FF602530000-0x00007FF602884000-memory.dmp

memory/5028-1089-0x00007FF78E530000-0x00007FF78E884000-memory.dmp

memory/4884-1088-0x00007FF7DC1D0000-0x00007FF7DC524000-memory.dmp

memory/1952-1087-0x00007FF7147A0000-0x00007FF714AF4000-memory.dmp

memory/4128-1086-0x00007FF717020000-0x00007FF717374000-memory.dmp

memory/1280-1095-0x00007FF6FC690000-0x00007FF6FC9E4000-memory.dmp

memory/1404-1097-0x00007FF72F020000-0x00007FF72F374000-memory.dmp

memory/4820-1098-0x00007FF63D630000-0x00007FF63D984000-memory.dmp

memory/1948-1096-0x00007FF642F40000-0x00007FF643294000-memory.dmp

memory/2304-1094-0x00007FF6278A0000-0x00007FF627BF4000-memory.dmp

memory/4220-1093-0x00007FF610080000-0x00007FF6103D4000-memory.dmp

memory/3124-1092-0x00007FF745B40000-0x00007FF745E94000-memory.dmp

memory/936-1091-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp

memory/3936-1090-0x00007FF611F20000-0x00007FF612274000-memory.dmp

memory/2992-1100-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp

memory/4892-1104-0x00007FF6672D0000-0x00007FF667624000-memory.dmp

memory/3164-1103-0x00007FF6425D0000-0x00007FF642924000-memory.dmp

memory/388-1102-0x00007FF601110000-0x00007FF601464000-memory.dmp

memory/5076-1101-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

memory/3100-1099-0x00007FF7C0FF0000-0x00007FF7C1344000-memory.dmp