Malware Analysis Report

2024-10-10 09:34

Sample ID 240625-kgwrzaygqb
Target 48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe
SHA256 48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b

Threat Level: Known bad

The file 48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

KPOT

Xmrig family

XMRig Miner payload

xmrig

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 08:34

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 08:34

Reported

2024-06-25 08:37

Platform

win7-20240220-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ZjghQrB.exe N/A
N/A N/A C:\Windows\System\fGOQkWZ.exe N/A
N/A N/A C:\Windows\System\vxQPkTT.exe N/A
N/A N/A C:\Windows\System\CYcFCst.exe N/A
N/A N/A C:\Windows\System\OkiGDyY.exe N/A
N/A N/A C:\Windows\System\opBGsFb.exe N/A
N/A N/A C:\Windows\System\rhbtKaM.exe N/A
N/A N/A C:\Windows\System\otNulbA.exe N/A
N/A N/A C:\Windows\System\ZwpOxtV.exe N/A
N/A N/A C:\Windows\System\WkMxaUg.exe N/A
N/A N/A C:\Windows\System\mJgdhyK.exe N/A
N/A N/A C:\Windows\System\xnrDDba.exe N/A
N/A N/A C:\Windows\System\bKAruIu.exe N/A
N/A N/A C:\Windows\System\midVXri.exe N/A
N/A N/A C:\Windows\System\PIGVdcC.exe N/A
N/A N/A C:\Windows\System\imKYdFS.exe N/A
N/A N/A C:\Windows\System\icUyBuV.exe N/A
N/A N/A C:\Windows\System\MEhnovX.exe N/A
N/A N/A C:\Windows\System\xrYVlSv.exe N/A
N/A N/A C:\Windows\System\FbeyFnb.exe N/A
N/A N/A C:\Windows\System\nFXisrA.exe N/A
N/A N/A C:\Windows\System\SOUzndQ.exe N/A
N/A N/A C:\Windows\System\AQiSree.exe N/A
N/A N/A C:\Windows\System\hbzRVbA.exe N/A
N/A N/A C:\Windows\System\hqIocEC.exe N/A
N/A N/A C:\Windows\System\WcPhozx.exe N/A
N/A N/A C:\Windows\System\tsVplxD.exe N/A
N/A N/A C:\Windows\System\ESCHnnd.exe N/A
N/A N/A C:\Windows\System\AuPjlVQ.exe N/A
N/A N/A C:\Windows\System\SRugyLL.exe N/A
N/A N/A C:\Windows\System\MOYKtDv.exe N/A
N/A N/A C:\Windows\System\DxFwEYr.exe N/A
N/A N/A C:\Windows\System\GxMdwyi.exe N/A
N/A N/A C:\Windows\System\khbpkaf.exe N/A
N/A N/A C:\Windows\System\AfXFNBh.exe N/A
N/A N/A C:\Windows\System\uTvnorJ.exe N/A
N/A N/A C:\Windows\System\JFExhOv.exe N/A
N/A N/A C:\Windows\System\TwpYQGQ.exe N/A
N/A N/A C:\Windows\System\bpnTOdy.exe N/A
N/A N/A C:\Windows\System\ADjuqAx.exe N/A
N/A N/A C:\Windows\System\XAIrpwh.exe N/A
N/A N/A C:\Windows\System\rYZLRVa.exe N/A
N/A N/A C:\Windows\System\MNaUuUn.exe N/A
N/A N/A C:\Windows\System\AMBmmTI.exe N/A
N/A N/A C:\Windows\System\HWILBBD.exe N/A
N/A N/A C:\Windows\System\dchtnhF.exe N/A
N/A N/A C:\Windows\System\TnFSnGJ.exe N/A
N/A N/A C:\Windows\System\TTAmARb.exe N/A
N/A N/A C:\Windows\System\EnjSdMn.exe N/A
N/A N/A C:\Windows\System\FrzEvoj.exe N/A
N/A N/A C:\Windows\System\PBpUDTo.exe N/A
N/A N/A C:\Windows\System\vwGdExF.exe N/A
N/A N/A C:\Windows\System\PTnWwIu.exe N/A
N/A N/A C:\Windows\System\nDglUgu.exe N/A
N/A N/A C:\Windows\System\OgzzNHB.exe N/A
N/A N/A C:\Windows\System\IpjgyZs.exe N/A
N/A N/A C:\Windows\System\bvKmrbu.exe N/A
N/A N/A C:\Windows\System\CQQAGKo.exe N/A
N/A N/A C:\Windows\System\SAWFowI.exe N/A
N/A N/A C:\Windows\System\CNTDJHL.exe N/A
N/A N/A C:\Windows\System\IJpYQLU.exe N/A
N/A N/A C:\Windows\System\LPrvPrf.exe N/A
N/A N/A C:\Windows\System\qXfXMFM.exe N/A
N/A N/A C:\Windows\System\DnrcaMu.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GCIMOGD.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\POuQxPE.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uObaIEO.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjorxaF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VTzXTSL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxjnFGQ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVDbcnH.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbeyFnb.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxMdwyi.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVDgcjA.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\moQBPvA.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZeqvDA.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAIrpwh.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxmgsAj.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\grgHImB.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUUtkOL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuBywTr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\midVXri.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkEShCK.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIIRkZz.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\izKXysq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsFeeMq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPXGAZJ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hdwbvoj.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uEUdKBx.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\otNulbA.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXqwSFs.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaIENoR.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIXcVFv.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uDjtHtF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpQGUFq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJcKfYv.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\imKYdFS.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzRPzUf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\srQrSPr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSjEZED.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxcrptq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFfkTIn.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRugyLL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\owUBOQM.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyKVqZd.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GQyWykB.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmtfqOc.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GIeWaWg.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\eekVdtL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJFwUby.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mCbaySN.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKeyrvM.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\domyuOj.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VnuaTGF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGlOSUv.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\vEPVcbk.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrYVlSv.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPrvPrf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qchQPlV.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrYhUqV.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZSayUl.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PyZSFbS.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwgVBtB.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\npSwpZr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgzzNHB.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvKmrbu.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\euyaIHj.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQzcjjK.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZjghQrB.exe
PID 2908 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZjghQrB.exe
PID 2908 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZjghQrB.exe
PID 2908 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\fGOQkWZ.exe
PID 2908 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\fGOQkWZ.exe
PID 2908 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\fGOQkWZ.exe
PID 2908 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\vxQPkTT.exe
PID 2908 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\vxQPkTT.exe
PID 2908 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\vxQPkTT.exe
PID 2908 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\CYcFCst.exe
PID 2908 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\CYcFCst.exe
PID 2908 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\CYcFCst.exe
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\opBGsFb.exe
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\opBGsFb.exe
PID 2908 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\opBGsFb.exe
PID 2908 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\OkiGDyY.exe
PID 2908 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\OkiGDyY.exe
PID 2908 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\OkiGDyY.exe
PID 2908 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\rhbtKaM.exe
PID 2908 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\rhbtKaM.exe
PID 2908 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\rhbtKaM.exe
PID 2908 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\otNulbA.exe
PID 2908 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\otNulbA.exe
PID 2908 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\otNulbA.exe
PID 2908 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZwpOxtV.exe
PID 2908 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZwpOxtV.exe
PID 2908 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\ZwpOxtV.exe
PID 2908 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\WkMxaUg.exe
PID 2908 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\WkMxaUg.exe
PID 2908 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\WkMxaUg.exe
PID 2908 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\mJgdhyK.exe
PID 2908 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\mJgdhyK.exe
PID 2908 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\mJgdhyK.exe
PID 2908 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xnrDDba.exe
PID 2908 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xnrDDba.exe
PID 2908 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xnrDDba.exe
PID 2908 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\bKAruIu.exe
PID 2908 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\bKAruIu.exe
PID 2908 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\bKAruIu.exe
PID 2908 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\midVXri.exe
PID 2908 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\midVXri.exe
PID 2908 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\midVXri.exe
PID 2908 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\PIGVdcC.exe
PID 2908 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\PIGVdcC.exe
PID 2908 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\PIGVdcC.exe
PID 2908 wrote to memory of 496 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\imKYdFS.exe
PID 2908 wrote to memory of 496 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\imKYdFS.exe
PID 2908 wrote to memory of 496 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\imKYdFS.exe
PID 2908 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\icUyBuV.exe
PID 2908 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\icUyBuV.exe
PID 2908 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\icUyBuV.exe
PID 2908 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\MEhnovX.exe
PID 2908 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\MEhnovX.exe
PID 2908 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\MEhnovX.exe
PID 2908 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xrYVlSv.exe
PID 2908 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xrYVlSv.exe
PID 2908 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xrYVlSv.exe
PID 2908 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\FbeyFnb.exe
PID 2908 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\FbeyFnb.exe
PID 2908 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\FbeyFnb.exe
PID 2908 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\nFXisrA.exe
PID 2908 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\nFXisrA.exe
PID 2908 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\nFXisrA.exe
PID 2908 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\SOUzndQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe"

C:\Windows\System\ZjghQrB.exe

C:\Windows\System\ZjghQrB.exe

C:\Windows\System\fGOQkWZ.exe

C:\Windows\System\fGOQkWZ.exe

C:\Windows\System\vxQPkTT.exe

C:\Windows\System\vxQPkTT.exe

C:\Windows\System\CYcFCst.exe

C:\Windows\System\CYcFCst.exe

C:\Windows\System\opBGsFb.exe

C:\Windows\System\opBGsFb.exe

C:\Windows\System\OkiGDyY.exe

C:\Windows\System\OkiGDyY.exe

C:\Windows\System\rhbtKaM.exe

C:\Windows\System\rhbtKaM.exe

C:\Windows\System\otNulbA.exe

C:\Windows\System\otNulbA.exe

C:\Windows\System\ZwpOxtV.exe

C:\Windows\System\ZwpOxtV.exe

C:\Windows\System\WkMxaUg.exe

C:\Windows\System\WkMxaUg.exe

C:\Windows\System\mJgdhyK.exe

C:\Windows\System\mJgdhyK.exe

C:\Windows\System\xnrDDba.exe

C:\Windows\System\xnrDDba.exe

C:\Windows\System\bKAruIu.exe

C:\Windows\System\bKAruIu.exe

C:\Windows\System\midVXri.exe

C:\Windows\System\midVXri.exe

C:\Windows\System\PIGVdcC.exe

C:\Windows\System\PIGVdcC.exe

C:\Windows\System\imKYdFS.exe

C:\Windows\System\imKYdFS.exe

C:\Windows\System\icUyBuV.exe

C:\Windows\System\icUyBuV.exe

C:\Windows\System\MEhnovX.exe

C:\Windows\System\MEhnovX.exe

C:\Windows\System\xrYVlSv.exe

C:\Windows\System\xrYVlSv.exe

C:\Windows\System\FbeyFnb.exe

C:\Windows\System\FbeyFnb.exe

C:\Windows\System\nFXisrA.exe

C:\Windows\System\nFXisrA.exe

C:\Windows\System\SOUzndQ.exe

C:\Windows\System\SOUzndQ.exe

C:\Windows\System\AQiSree.exe

C:\Windows\System\AQiSree.exe

C:\Windows\System\hbzRVbA.exe

C:\Windows\System\hbzRVbA.exe

C:\Windows\System\hqIocEC.exe

C:\Windows\System\hqIocEC.exe

C:\Windows\System\WcPhozx.exe

C:\Windows\System\WcPhozx.exe

C:\Windows\System\tsVplxD.exe

C:\Windows\System\tsVplxD.exe

C:\Windows\System\ESCHnnd.exe

C:\Windows\System\ESCHnnd.exe

C:\Windows\System\AuPjlVQ.exe

C:\Windows\System\AuPjlVQ.exe

C:\Windows\System\SRugyLL.exe

C:\Windows\System\SRugyLL.exe

C:\Windows\System\MOYKtDv.exe

C:\Windows\System\MOYKtDv.exe

C:\Windows\System\DxFwEYr.exe

C:\Windows\System\DxFwEYr.exe

C:\Windows\System\GxMdwyi.exe

C:\Windows\System\GxMdwyi.exe

C:\Windows\System\khbpkaf.exe

C:\Windows\System\khbpkaf.exe

C:\Windows\System\AfXFNBh.exe

C:\Windows\System\AfXFNBh.exe

C:\Windows\System\uTvnorJ.exe

C:\Windows\System\uTvnorJ.exe

C:\Windows\System\JFExhOv.exe

C:\Windows\System\JFExhOv.exe

C:\Windows\System\TwpYQGQ.exe

C:\Windows\System\TwpYQGQ.exe

C:\Windows\System\bpnTOdy.exe

C:\Windows\System\bpnTOdy.exe

C:\Windows\System\ADjuqAx.exe

C:\Windows\System\ADjuqAx.exe

C:\Windows\System\XAIrpwh.exe

C:\Windows\System\XAIrpwh.exe

C:\Windows\System\rYZLRVa.exe

C:\Windows\System\rYZLRVa.exe

C:\Windows\System\MNaUuUn.exe

C:\Windows\System\MNaUuUn.exe

C:\Windows\System\AMBmmTI.exe

C:\Windows\System\AMBmmTI.exe

C:\Windows\System\HWILBBD.exe

C:\Windows\System\HWILBBD.exe

C:\Windows\System\dchtnhF.exe

C:\Windows\System\dchtnhF.exe

C:\Windows\System\TnFSnGJ.exe

C:\Windows\System\TnFSnGJ.exe

C:\Windows\System\TTAmARb.exe

C:\Windows\System\TTAmARb.exe

C:\Windows\System\EnjSdMn.exe

C:\Windows\System\EnjSdMn.exe

C:\Windows\System\FrzEvoj.exe

C:\Windows\System\FrzEvoj.exe

C:\Windows\System\PBpUDTo.exe

C:\Windows\System\PBpUDTo.exe

C:\Windows\System\vwGdExF.exe

C:\Windows\System\vwGdExF.exe

C:\Windows\System\PTnWwIu.exe

C:\Windows\System\PTnWwIu.exe

C:\Windows\System\nDglUgu.exe

C:\Windows\System\nDglUgu.exe

C:\Windows\System\OgzzNHB.exe

C:\Windows\System\OgzzNHB.exe

C:\Windows\System\IpjgyZs.exe

C:\Windows\System\IpjgyZs.exe

C:\Windows\System\bvKmrbu.exe

C:\Windows\System\bvKmrbu.exe

C:\Windows\System\CQQAGKo.exe

C:\Windows\System\CQQAGKo.exe

C:\Windows\System\SAWFowI.exe

C:\Windows\System\SAWFowI.exe

C:\Windows\System\CNTDJHL.exe

C:\Windows\System\CNTDJHL.exe

C:\Windows\System\IJpYQLU.exe

C:\Windows\System\IJpYQLU.exe

C:\Windows\System\LPrvPrf.exe

C:\Windows\System\LPrvPrf.exe

C:\Windows\System\qXfXMFM.exe

C:\Windows\System\qXfXMFM.exe

C:\Windows\System\DnrcaMu.exe

C:\Windows\System\DnrcaMu.exe

C:\Windows\System\JkEShCK.exe

C:\Windows\System\JkEShCK.exe

C:\Windows\System\CVoTDqb.exe

C:\Windows\System\CVoTDqb.exe

C:\Windows\System\qBmsiYs.exe

C:\Windows\System\qBmsiYs.exe

C:\Windows\System\QNHCIdA.exe

C:\Windows\System\QNHCIdA.exe

C:\Windows\System\ehezMeA.exe

C:\Windows\System\ehezMeA.exe

C:\Windows\System\GIeWaWg.exe

C:\Windows\System\GIeWaWg.exe

C:\Windows\System\GfspTMi.exe

C:\Windows\System\GfspTMi.exe

C:\Windows\System\nEjcmmi.exe

C:\Windows\System\nEjcmmi.exe

C:\Windows\System\uQWeXsC.exe

C:\Windows\System\uQWeXsC.exe

C:\Windows\System\OxWACrD.exe

C:\Windows\System\OxWACrD.exe

C:\Windows\System\SXqwSFs.exe

C:\Windows\System\SXqwSFs.exe

C:\Windows\System\YUQkpSt.exe

C:\Windows\System\YUQkpSt.exe

C:\Windows\System\tZYRxGv.exe

C:\Windows\System\tZYRxGv.exe

C:\Windows\System\zHvrOzY.exe

C:\Windows\System\zHvrOzY.exe

C:\Windows\System\NkEaRiV.exe

C:\Windows\System\NkEaRiV.exe

C:\Windows\System\euyaIHj.exe

C:\Windows\System\euyaIHj.exe

C:\Windows\System\SdJtJNb.exe

C:\Windows\System\SdJtJNb.exe

C:\Windows\System\CgvAQEf.exe

C:\Windows\System\CgvAQEf.exe

C:\Windows\System\pWkOOvB.exe

C:\Windows\System\pWkOOvB.exe

C:\Windows\System\BaZfHOA.exe

C:\Windows\System\BaZfHOA.exe

C:\Windows\System\eekVdtL.exe

C:\Windows\System\eekVdtL.exe

C:\Windows\System\GqzxIeE.exe

C:\Windows\System\GqzxIeE.exe

C:\Windows\System\YIOdEyd.exe

C:\Windows\System\YIOdEyd.exe

C:\Windows\System\JPixLIh.exe

C:\Windows\System\JPixLIh.exe

C:\Windows\System\zLhviiJ.exe

C:\Windows\System\zLhviiJ.exe

C:\Windows\System\WuLryoo.exe

C:\Windows\System\WuLryoo.exe

C:\Windows\System\UpgLcqY.exe

C:\Windows\System\UpgLcqY.exe

C:\Windows\System\AgeoEsV.exe

C:\Windows\System\AgeoEsV.exe

C:\Windows\System\XaIENoR.exe

C:\Windows\System\XaIENoR.exe

C:\Windows\System\tZHmVCf.exe

C:\Windows\System\tZHmVCf.exe

C:\Windows\System\ODAqEqL.exe

C:\Windows\System\ODAqEqL.exe

C:\Windows\System\MBgUjbe.exe

C:\Windows\System\MBgUjbe.exe

C:\Windows\System\DhZrYtK.exe

C:\Windows\System\DhZrYtK.exe

C:\Windows\System\iYVWTah.exe

C:\Windows\System\iYVWTah.exe

C:\Windows\System\uDMEagl.exe

C:\Windows\System\uDMEagl.exe

C:\Windows\System\xmMRdjT.exe

C:\Windows\System\xmMRdjT.exe

C:\Windows\System\LBvjrKy.exe

C:\Windows\System\LBvjrKy.exe

C:\Windows\System\hDkKtWr.exe

C:\Windows\System\hDkKtWr.exe

C:\Windows\System\udYngOs.exe

C:\Windows\System\udYngOs.exe

C:\Windows\System\BzRPzUf.exe

C:\Windows\System\BzRPzUf.exe

C:\Windows\System\QhCEIGQ.exe

C:\Windows\System\QhCEIGQ.exe

C:\Windows\System\srQrSPr.exe

C:\Windows\System\srQrSPr.exe

C:\Windows\System\cxcrptq.exe

C:\Windows\System\cxcrptq.exe

C:\Windows\System\WavTxsA.exe

C:\Windows\System\WavTxsA.exe

C:\Windows\System\PVDgcjA.exe

C:\Windows\System\PVDgcjA.exe

C:\Windows\System\NfDITXU.exe

C:\Windows\System\NfDITXU.exe

C:\Windows\System\rWVVGEL.exe

C:\Windows\System\rWVVGEL.exe

C:\Windows\System\YJFwUby.exe

C:\Windows\System\YJFwUby.exe

C:\Windows\System\MIiDLQo.exe

C:\Windows\System\MIiDLQo.exe

C:\Windows\System\uIFYjuU.exe

C:\Windows\System\uIFYjuU.exe

C:\Windows\System\qchQPlV.exe

C:\Windows\System\qchQPlV.exe

C:\Windows\System\EqPfxBF.exe

C:\Windows\System\EqPfxBF.exe

C:\Windows\System\PyGKCxM.exe

C:\Windows\System\PyGKCxM.exe

C:\Windows\System\RrYhUqV.exe

C:\Windows\System\RrYhUqV.exe

C:\Windows\System\RFzNuyJ.exe

C:\Windows\System\RFzNuyJ.exe

C:\Windows\System\LCZELHZ.exe

C:\Windows\System\LCZELHZ.exe

C:\Windows\System\sWjVJfa.exe

C:\Windows\System\sWjVJfa.exe

C:\Windows\System\yUZageh.exe

C:\Windows\System\yUZageh.exe

C:\Windows\System\mreXdRc.exe

C:\Windows\System\mreXdRc.exe

C:\Windows\System\OogzTOc.exe

C:\Windows\System\OogzTOc.exe

C:\Windows\System\qtdXcHd.exe

C:\Windows\System\qtdXcHd.exe

C:\Windows\System\owUBOQM.exe

C:\Windows\System\owUBOQM.exe

C:\Windows\System\hWNhFEG.exe

C:\Windows\System\hWNhFEG.exe

C:\Windows\System\GCIMOGD.exe

C:\Windows\System\GCIMOGD.exe

C:\Windows\System\vPXGAZJ.exe

C:\Windows\System\vPXGAZJ.exe

C:\Windows\System\jkVPSvt.exe

C:\Windows\System\jkVPSvt.exe

C:\Windows\System\TZSayUl.exe

C:\Windows\System\TZSayUl.exe

C:\Windows\System\VnuaTGF.exe

C:\Windows\System\VnuaTGF.exe

C:\Windows\System\VjOOkKS.exe

C:\Windows\System\VjOOkKS.exe

C:\Windows\System\mCbaySN.exe

C:\Windows\System\mCbaySN.exe

C:\Windows\System\PZhQGzt.exe

C:\Windows\System\PZhQGzt.exe

C:\Windows\System\KksEKww.exe

C:\Windows\System\KksEKww.exe

C:\Windows\System\KKdvWVS.exe

C:\Windows\System\KKdvWVS.exe

C:\Windows\System\UuicoZa.exe

C:\Windows\System\UuicoZa.exe

C:\Windows\System\jipkXaB.exe

C:\Windows\System\jipkXaB.exe

C:\Windows\System\GHJitqd.exe

C:\Windows\System\GHJitqd.exe

C:\Windows\System\XUigfpg.exe

C:\Windows\System\XUigfpg.exe

C:\Windows\System\LoReScB.exe

C:\Windows\System\LoReScB.exe

C:\Windows\System\eGyneJj.exe

C:\Windows\System\eGyneJj.exe

C:\Windows\System\MqoxtYA.exe

C:\Windows\System\MqoxtYA.exe

C:\Windows\System\YIXcVFv.exe

C:\Windows\System\YIXcVFv.exe

C:\Windows\System\tdcLYwg.exe

C:\Windows\System\tdcLYwg.exe

C:\Windows\System\qdPhlSm.exe

C:\Windows\System\qdPhlSm.exe

C:\Windows\System\kEpjGaA.exe

C:\Windows\System\kEpjGaA.exe

C:\Windows\System\qIIRkZz.exe

C:\Windows\System\qIIRkZz.exe

C:\Windows\System\BdxrPAr.exe

C:\Windows\System\BdxrPAr.exe

C:\Windows\System\izKXysq.exe

C:\Windows\System\izKXysq.exe

C:\Windows\System\nQzcjjK.exe

C:\Windows\System\nQzcjjK.exe

C:\Windows\System\kbObwca.exe

C:\Windows\System\kbObwca.exe

C:\Windows\System\uGlOSUv.exe

C:\Windows\System\uGlOSUv.exe

C:\Windows\System\RSZSeVu.exe

C:\Windows\System\RSZSeVu.exe

C:\Windows\System\rlvsnaz.exe

C:\Windows\System\rlvsnaz.exe

C:\Windows\System\ELPNYZZ.exe

C:\Windows\System\ELPNYZZ.exe

C:\Windows\System\OfdfcVZ.exe

C:\Windows\System\OfdfcVZ.exe

C:\Windows\System\nxQkwWJ.exe

C:\Windows\System\nxQkwWJ.exe

C:\Windows\System\jaiookt.exe

C:\Windows\System\jaiookt.exe

C:\Windows\System\vouahkE.exe

C:\Windows\System\vouahkE.exe

C:\Windows\System\JIYZhNC.exe

C:\Windows\System\JIYZhNC.exe

C:\Windows\System\WrbmjRC.exe

C:\Windows\System\WrbmjRC.exe

C:\Windows\System\ckxruMb.exe

C:\Windows\System\ckxruMb.exe

C:\Windows\System\TpQGUFq.exe

C:\Windows\System\TpQGUFq.exe

C:\Windows\System\OJjHoTz.exe

C:\Windows\System\OJjHoTz.exe

C:\Windows\System\PHySHns.exe

C:\Windows\System\PHySHns.exe

C:\Windows\System\mbUhifN.exe

C:\Windows\System\mbUhifN.exe

C:\Windows\System\HIhYPtk.exe

C:\Windows\System\HIhYPtk.exe

C:\Windows\System\eWVQLMA.exe

C:\Windows\System\eWVQLMA.exe

C:\Windows\System\OPdczuR.exe

C:\Windows\System\OPdczuR.exe

C:\Windows\System\UjQQNSp.exe

C:\Windows\System\UjQQNSp.exe

C:\Windows\System\IsFeeMq.exe

C:\Windows\System\IsFeeMq.exe

C:\Windows\System\FpBmPHi.exe

C:\Windows\System\FpBmPHi.exe

C:\Windows\System\qMhYanz.exe

C:\Windows\System\qMhYanz.exe

C:\Windows\System\moQBPvA.exe

C:\Windows\System\moQBPvA.exe

C:\Windows\System\obGjfxf.exe

C:\Windows\System\obGjfxf.exe

C:\Windows\System\jRRNmDU.exe

C:\Windows\System\jRRNmDU.exe

C:\Windows\System\domyuOj.exe

C:\Windows\System\domyuOj.exe

C:\Windows\System\gDtBnFI.exe

C:\Windows\System\gDtBnFI.exe

C:\Windows\System\keqLHkZ.exe

C:\Windows\System\keqLHkZ.exe

C:\Windows\System\qJpUFYu.exe

C:\Windows\System\qJpUFYu.exe

C:\Windows\System\bhAvAyX.exe

C:\Windows\System\bhAvAyX.exe

C:\Windows\System\TrVBTYa.exe

C:\Windows\System\TrVBTYa.exe

C:\Windows\System\NPdkEEI.exe

C:\Windows\System\NPdkEEI.exe

C:\Windows\System\bScXCCO.exe

C:\Windows\System\bScXCCO.exe

C:\Windows\System\DmoARkf.exe

C:\Windows\System\DmoARkf.exe

C:\Windows\System\MPEDWOP.exe

C:\Windows\System\MPEDWOP.exe

C:\Windows\System\pmvnqaV.exe

C:\Windows\System\pmvnqaV.exe

C:\Windows\System\FAOqylQ.exe

C:\Windows\System\FAOqylQ.exe

C:\Windows\System\MQbtrAr.exe

C:\Windows\System\MQbtrAr.exe

C:\Windows\System\hVXNhHk.exe

C:\Windows\System\hVXNhHk.exe

C:\Windows\System\loCzPIn.exe

C:\Windows\System\loCzPIn.exe

C:\Windows\System\odPBsQK.exe

C:\Windows\System\odPBsQK.exe

C:\Windows\System\NSoSaXp.exe

C:\Windows\System\NSoSaXp.exe

C:\Windows\System\BZeqvDA.exe

C:\Windows\System\BZeqvDA.exe

C:\Windows\System\hdwbvoj.exe

C:\Windows\System\hdwbvoj.exe

C:\Windows\System\pPjGMER.exe

C:\Windows\System\pPjGMER.exe

C:\Windows\System\kwyTJLq.exe

C:\Windows\System\kwyTJLq.exe

C:\Windows\System\ewiaJNa.exe

C:\Windows\System\ewiaJNa.exe

C:\Windows\System\VTzXTSL.exe

C:\Windows\System\VTzXTSL.exe

C:\Windows\System\qnBqKlp.exe

C:\Windows\System\qnBqKlp.exe

C:\Windows\System\JmfxaBT.exe

C:\Windows\System\JmfxaBT.exe

C:\Windows\System\XxjnFGQ.exe

C:\Windows\System\XxjnFGQ.exe

C:\Windows\System\yYrlsMR.exe

C:\Windows\System\yYrlsMR.exe

C:\Windows\System\zXYMzek.exe

C:\Windows\System\zXYMzek.exe

C:\Windows\System\zrvwhgC.exe

C:\Windows\System\zrvwhgC.exe

C:\Windows\System\jvYmCbg.exe

C:\Windows\System\jvYmCbg.exe

C:\Windows\System\dHkenaV.exe

C:\Windows\System\dHkenaV.exe

C:\Windows\System\RDfveqJ.exe

C:\Windows\System\RDfveqJ.exe

C:\Windows\System\QZjykos.exe

C:\Windows\System\QZjykos.exe

C:\Windows\System\losSWXS.exe

C:\Windows\System\losSWXS.exe

C:\Windows\System\wKhfSUz.exe

C:\Windows\System\wKhfSUz.exe

C:\Windows\System\QDwcDeT.exe

C:\Windows\System\QDwcDeT.exe

C:\Windows\System\gUzthtF.exe

C:\Windows\System\gUzthtF.exe

C:\Windows\System\FCKLntg.exe

C:\Windows\System\FCKLntg.exe

C:\Windows\System\ouHWgcd.exe

C:\Windows\System\ouHWgcd.exe

C:\Windows\System\EBxkqbS.exe

C:\Windows\System\EBxkqbS.exe

C:\Windows\System\OwcnYUj.exe

C:\Windows\System\OwcnYUj.exe

C:\Windows\System\pFfkTIn.exe

C:\Windows\System\pFfkTIn.exe

C:\Windows\System\uEUdKBx.exe

C:\Windows\System\uEUdKBx.exe

C:\Windows\System\yPKoFJl.exe

C:\Windows\System\yPKoFJl.exe

C:\Windows\System\grgHImB.exe

C:\Windows\System\grgHImB.exe

C:\Windows\System\onKjIls.exe

C:\Windows\System\onKjIls.exe

C:\Windows\System\ORYADoZ.exe

C:\Windows\System\ORYADoZ.exe

C:\Windows\System\plCuSbg.exe

C:\Windows\System\plCuSbg.exe

C:\Windows\System\uoExGNz.exe

C:\Windows\System\uoExGNz.exe

C:\Windows\System\VFzZtmJ.exe

C:\Windows\System\VFzZtmJ.exe

C:\Windows\System\fdjscya.exe

C:\Windows\System\fdjscya.exe

C:\Windows\System\LRVhowG.exe

C:\Windows\System\LRVhowG.exe

C:\Windows\System\DwjIsNj.exe

C:\Windows\System\DwjIsNj.exe

C:\Windows\System\RHKaVdI.exe

C:\Windows\System\RHKaVdI.exe

C:\Windows\System\OSjEZED.exe

C:\Windows\System\OSjEZED.exe

C:\Windows\System\pyxjqXJ.exe

C:\Windows\System\pyxjqXJ.exe

C:\Windows\System\doDDIVN.exe

C:\Windows\System\doDDIVN.exe

C:\Windows\System\UyKVqZd.exe

C:\Windows\System\UyKVqZd.exe

C:\Windows\System\iJcKfYv.exe

C:\Windows\System\iJcKfYv.exe

C:\Windows\System\wlcQhiC.exe

C:\Windows\System\wlcQhiC.exe

C:\Windows\System\wsNzbKm.exe

C:\Windows\System\wsNzbKm.exe

C:\Windows\System\dQBKWao.exe

C:\Windows\System\dQBKWao.exe

C:\Windows\System\XsZPrSo.exe

C:\Windows\System\XsZPrSo.exe

C:\Windows\System\uzDMYfh.exe

C:\Windows\System\uzDMYfh.exe

C:\Windows\System\awWtkKl.exe

C:\Windows\System\awWtkKl.exe

C:\Windows\System\Lmantax.exe

C:\Windows\System\Lmantax.exe

C:\Windows\System\OTVqXaP.exe

C:\Windows\System\OTVqXaP.exe

C:\Windows\System\TyWDffJ.exe

C:\Windows\System\TyWDffJ.exe

C:\Windows\System\sUUtkOL.exe

C:\Windows\System\sUUtkOL.exe

C:\Windows\System\hBfQzrj.exe

C:\Windows\System\hBfQzrj.exe

C:\Windows\System\NHqjUyk.exe

C:\Windows\System\NHqjUyk.exe

C:\Windows\System\iUtVIcH.exe

C:\Windows\System\iUtVIcH.exe

C:\Windows\System\hKoJARn.exe

C:\Windows\System\hKoJARn.exe

C:\Windows\System\lcZfmPo.exe

C:\Windows\System\lcZfmPo.exe

C:\Windows\System\SUraQTG.exe

C:\Windows\System\SUraQTG.exe

C:\Windows\System\NSnvrbp.exe

C:\Windows\System\NSnvrbp.exe

C:\Windows\System\WlBybEG.exe

C:\Windows\System\WlBybEG.exe

C:\Windows\System\ScrYviB.exe

C:\Windows\System\ScrYviB.exe

C:\Windows\System\GdayIpW.exe

C:\Windows\System\GdayIpW.exe

C:\Windows\System\jOEBojU.exe

C:\Windows\System\jOEBojU.exe

C:\Windows\System\EzUkaQy.exe

C:\Windows\System\EzUkaQy.exe

C:\Windows\System\sJNhMxZ.exe

C:\Windows\System\sJNhMxZ.exe

C:\Windows\System\mwgVBtB.exe

C:\Windows\System\mwgVBtB.exe

C:\Windows\System\ffcVCxj.exe

C:\Windows\System\ffcVCxj.exe

C:\Windows\System\onXmGDG.exe

C:\Windows\System\onXmGDG.exe

C:\Windows\System\IpbdHUZ.exe

C:\Windows\System\IpbdHUZ.exe

C:\Windows\System\HuBywTr.exe

C:\Windows\System\HuBywTr.exe

C:\Windows\System\mKeyrvM.exe

C:\Windows\System\mKeyrvM.exe

C:\Windows\System\dqzddwU.exe

C:\Windows\System\dqzddwU.exe

C:\Windows\System\HuEsffx.exe

C:\Windows\System\HuEsffx.exe

C:\Windows\System\npSwpZr.exe

C:\Windows\System\npSwpZr.exe

C:\Windows\System\GQyWykB.exe

C:\Windows\System\GQyWykB.exe

C:\Windows\System\POuQxPE.exe

C:\Windows\System\POuQxPE.exe

C:\Windows\System\nxOdKKK.exe

C:\Windows\System\nxOdKKK.exe

C:\Windows\System\KMmsaQx.exe

C:\Windows\System\KMmsaQx.exe

C:\Windows\System\GVBdgzy.exe

C:\Windows\System\GVBdgzy.exe

C:\Windows\System\zOiweNe.exe

C:\Windows\System\zOiweNe.exe

C:\Windows\System\uObaIEO.exe

C:\Windows\System\uObaIEO.exe

C:\Windows\System\iRBrQCb.exe

C:\Windows\System\iRBrQCb.exe

C:\Windows\System\uDjtHtF.exe

C:\Windows\System\uDjtHtF.exe

C:\Windows\System\RULjlUC.exe

C:\Windows\System\RULjlUC.exe

C:\Windows\System\hsbpOKZ.exe

C:\Windows\System\hsbpOKZ.exe

C:\Windows\System\vLZcZbO.exe

C:\Windows\System\vLZcZbO.exe

C:\Windows\System\naLHsAJ.exe

C:\Windows\System\naLHsAJ.exe

C:\Windows\System\lCZKAVd.exe

C:\Windows\System\lCZKAVd.exe

C:\Windows\System\qbwYwLK.exe

C:\Windows\System\qbwYwLK.exe

C:\Windows\System\RWbWwMW.exe

C:\Windows\System\RWbWwMW.exe

C:\Windows\System\ZrwhOdL.exe

C:\Windows\System\ZrwhOdL.exe

C:\Windows\System\nfQtCLL.exe

C:\Windows\System\nfQtCLL.exe

C:\Windows\System\FVDbcnH.exe

C:\Windows\System\FVDbcnH.exe

C:\Windows\System\oQBKKFX.exe

C:\Windows\System\oQBKKFX.exe

C:\Windows\System\HaKAfQG.exe

C:\Windows\System\HaKAfQG.exe

C:\Windows\System\sOndFPQ.exe

C:\Windows\System\sOndFPQ.exe

C:\Windows\System\CoQeEQJ.exe

C:\Windows\System\CoQeEQJ.exe

C:\Windows\System\duMzcnq.exe

C:\Windows\System\duMzcnq.exe

C:\Windows\System\isQFxnv.exe

C:\Windows\System\isQFxnv.exe

C:\Windows\System\rowDhwj.exe

C:\Windows\System\rowDhwj.exe

C:\Windows\System\OBejydi.exe

C:\Windows\System\OBejydi.exe

C:\Windows\System\svRLfAr.exe

C:\Windows\System\svRLfAr.exe

C:\Windows\System\hXLLRJi.exe

C:\Windows\System\hXLLRJi.exe

C:\Windows\System\FjorxaF.exe

C:\Windows\System\FjorxaF.exe

C:\Windows\System\soDuMYn.exe

C:\Windows\System\soDuMYn.exe

C:\Windows\System\hqmIHCF.exe

C:\Windows\System\hqmIHCF.exe

C:\Windows\System\vEPVcbk.exe

C:\Windows\System\vEPVcbk.exe

C:\Windows\System\WvFlpOT.exe

C:\Windows\System\WvFlpOT.exe

C:\Windows\System\GYgSrzn.exe

C:\Windows\System\GYgSrzn.exe

C:\Windows\System\tZtrpkf.exe

C:\Windows\System\tZtrpkf.exe

C:\Windows\System\xxbdJFu.exe

C:\Windows\System\xxbdJFu.exe

C:\Windows\System\wpoGOQr.exe

C:\Windows\System\wpoGOQr.exe

C:\Windows\System\WgrElcg.exe

C:\Windows\System\WgrElcg.exe

C:\Windows\System\Vkteijd.exe

C:\Windows\System\Vkteijd.exe

C:\Windows\System\GOXGvGL.exe

C:\Windows\System\GOXGvGL.exe

C:\Windows\System\hdQmwjt.exe

C:\Windows\System\hdQmwjt.exe

C:\Windows\System\nHDgZph.exe

C:\Windows\System\nHDgZph.exe

C:\Windows\System\jBrNWUb.exe

C:\Windows\System\jBrNWUb.exe

C:\Windows\System\FHkhEpY.exe

C:\Windows\System\FHkhEpY.exe

C:\Windows\System\QbTFaGO.exe

C:\Windows\System\QbTFaGO.exe

C:\Windows\System\qPBHTQU.exe

C:\Windows\System\qPBHTQU.exe

C:\Windows\System\PyZSFbS.exe

C:\Windows\System\PyZSFbS.exe

C:\Windows\System\MmtfqOc.exe

C:\Windows\System\MmtfqOc.exe

C:\Windows\System\LtHqbBP.exe

C:\Windows\System\LtHqbBP.exe

C:\Windows\System\QJCRsge.exe

C:\Windows\System\QJCRsge.exe

C:\Windows\System\hkpWCGA.exe

C:\Windows\System\hkpWCGA.exe

C:\Windows\System\nDrSUxX.exe

C:\Windows\System\nDrSUxX.exe

C:\Windows\System\AxmgsAj.exe

C:\Windows\System\AxmgsAj.exe

C:\Windows\System\eMUMOEF.exe

C:\Windows\System\eMUMOEF.exe

C:\Windows\System\oDflqEL.exe

C:\Windows\System\oDflqEL.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2908-0-0x000000013FA20000-0x000000013FD74000-memory.dmp

memory/2908-1-0x0000000000090000-0x00000000000A0000-memory.dmp

\Windows\system\ZjghQrB.exe

MD5 b6e4616f065695172cf348899cc783a1
SHA1 9ffa9bd90c8f85ef36a2cf87bc564e1517a79f1b
SHA256 b9f723959514accf4e6298e8704cb21b9634e4d0a457bc62a74c1bd425a38dc4
SHA512 b42c1b9ee8934290939c897c2e1e567364a01a6756146f075c511770b83522f3fbb5b202085d326c28a8144c3a16fba5cbb90add178ee5b61d299829ffaf1f77

memory/2908-7-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\fGOQkWZ.exe

MD5 68d5e9692a672e630be762c80d847785
SHA1 1a60166ffa5ac13f1aa1f887f054a16d07a0b795
SHA256 9ef072d2e7fbd8242c3622b7563a2745a46452a03a532ed26939c964b8614863
SHA512 8bcf49f68d599674388e05af98364d828f7f0e1e8a4d1511a8b1798c3b219ae159605e8bbe3a3f883dac18ef7b89ab7bc9ebe4f6cb6394f993eb927d83e1889d

memory/2444-15-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2908-14-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2096-12-0x000000013F020000-0x000000013F374000-memory.dmp

C:\Windows\system\vxQPkTT.exe

MD5 1d4fa5536326d47ec641b4441f00b5d0
SHA1 2c1effb80254335fb68a1af32acad360f8b07d12
SHA256 d9e60a8b9d2bbef2984863b8fa099467d1c21853b511db40b34b3648ad88ea76
SHA512 98d856dea5963e82f91d983f29938f218470f7c027852cab28584f643c1fb9b9d4605b117decc2766140d658dfc445779e2a6895c13ce0cb60251d3647cbb9ca

C:\Windows\system\CYcFCst.exe

MD5 20db2bd43215e7b4fc601e11c0e18600
SHA1 15c7a01a700f50a24f79158a86f6585bf73f770e
SHA256 7f42bce69c637876a5542a0a713b5ea1d51acf06f2769b80d5358e05484f002f
SHA512 500fd66303eecb4bdf06f4d54a03734db6b343fd6e659f14b1710abd67a07f6d2951399a9c3c3e67f44674a185efd3d5bf7dc01cd157e3e389ae59971bb626f8

memory/2908-26-0x0000000001F30000-0x0000000002284000-memory.dmp

C:\Windows\system\OkiGDyY.exe

MD5 e4325805dbbc7a7a54d361f1d43311c8
SHA1 706dcaa6986e17711f5f4e6ce5241db368d9676e
SHA256 7d362b5b8353a7396196a2faef9dd05dc337d4fe688e832d7544315e4dbdcb6f
SHA512 5f72b73cfb7e9e9c6d818a216cb3ed4ad2a73aebb07a0672ca4197b23f21149fe81616f0844356419300fe59a61e9582d9e93d61a359bac018422e23fdd2fbd7

memory/2964-40-0x000000013FD90000-0x00000001400E4000-memory.dmp

C:\Windows\system\opBGsFb.exe

MD5 0f146a3c08bbe901b6f7da41ea4f846e
SHA1 b4921dc8459475c6c8d1616403b6d638ff482fa3
SHA256 1cfce3535a2953dce3eaae84cff5ca53639282534780558196d3e4ceb245d24d
SHA512 13c253128a80b13d715aa049c3346439b6a9c71c85d145c26ba474a636795819be3ba69b676562fbc2a3bf71de7a49a56816e189a649239f3da62c6d4f8ba60f

memory/2532-31-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2456-43-0x000000013F2D0000-0x000000013F624000-memory.dmp

C:\Windows\system\otNulbA.exe

MD5 aca62421d882d73a724dc12ffb9e042e
SHA1 7ecc3e0f3819f64facb3aec386c5b8d78d3366ce
SHA256 90ea8433ccc5de2152cc0de2097b2c2acf62cbcf1f6a07d865a7d6bc35a6490a
SHA512 279e05e276f1a5ada191dc210d38a6a31dc2ed257de5d0fbd2ccf1631712232f5d4262586fee40b2ef15a6692c21f67623995f3357ea4f9322a9aeaa8a0bcb8a

memory/2376-50-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2908-71-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2896-80-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/852-89-0x000000013F420000-0x000000013F774000-memory.dmp

C:\Windows\system\icUyBuV.exe

MD5 fef23b31111f9c7ce5b923b9c64532d6
SHA1 46e4d2f8218abfbc1e00283c880a88ff7fa77c4d
SHA256 af6eff4f7a81aea300890ea9bd3592c57c7578515548f967f6d7bec549c23b7d
SHA512 8ee6542d3455aa95809db4be6de1c640cf9cd6622f76b1a9d58312cc977cb3b6de3f9608e1b4e8067e0b6bc3a74619daabc83cefa87fcaeeee2b83494e129d62

C:\Windows\system\nFXisrA.exe

MD5 f6eb724719dc18e51dfa9b3f26870e20
SHA1 16e88add94c25f87446ceba333233024859903fa
SHA256 abdb1e8acae26c1ce36fb55b025eb3f96a755486c4a281a349c6e847c876e510
SHA512 b6e558f59f189ed36ae7cee67ddcecb9b4c890ff05423911250c6eae8217dfaad94dcdbbb609bd998817c814c6276fedab9a04c711a716b2a405e249ff8daec5

C:\Windows\system\DxFwEYr.exe

MD5 cf5e19369b85cfbd44f075228ec2ab31
SHA1 aa38851b949932897666ff71098acec0ac1d24ba
SHA256 4604a1e68fa8aa7445f6d7cfd821c17b73f980fbc036741a843c98fda8f8712b
SHA512 0f159fe01ea4d24051cb58a9a679237df5aed01fc3aab85261d9168f73a094d79cdf58e95024268ea499220dda59a75ef9353d91ca72ebfa1ec32f2811da86b5

memory/2908-1071-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2908-595-0x0000000001F30000-0x0000000002284000-memory.dmp

C:\Windows\system\MOYKtDv.exe

MD5 cb539854526ff7b1ae3bdbecb674fc6b
SHA1 e532495437f0de6a293bcc5850d838d71924b8f8
SHA256 54b1443bcd6cbcf07dfd47f839181d7102bf702029f53b653b4932c053dcf068
SHA512 aa392ec8ee65f198b485fecb3ddb2686571d4c88ea5a851e22cf67794adbe2b920ddd44dce1c9c77f44b97790be79a47336b9a9f4b2a598c6a080451b8bbeb21

C:\Windows\system\SRugyLL.exe

MD5 e8bbab5eb040e1249f4a3ba1186f969e
SHA1 3d6c2ef08103382f11d772f26a333dd85d217919
SHA256 963fb992c9f3cd8de95b46d84d5e55090ce3d5bdd6c072feae033773fd1f65f0
SHA512 f5f7d52eb986cbce5792aba27a5f5bf7ab37a095725452d5ce6c16f5726b139cdbb25391054a56c7ba29cec695c6c675c2e24f6b3bac337a722e7131f7711088

C:\Windows\system\AuPjlVQ.exe

MD5 37735237ba800eb87a008e95d4dd3749
SHA1 5a63a311c4113c1b63cc9f9353066f0ad8e6a3f0
SHA256 214a37b6f4804ed7519f7f6115968b9b13e508ed19fd32bea248b0e4b4c93045
SHA512 e9d9224d14d7f39c874e3d9c943aa9b37b7176c289ec6f60406f235215e1942c7b011f24f7e5848f09c9963a4ba1b87acc9466960924456cc7f39ad09a25d758

C:\Windows\system\ESCHnnd.exe

MD5 d49fc6af44600113ca85c9f4ae37a288
SHA1 cbb0f9baaf1d36ebc0067dfdcc20b7f4bb0f69da
SHA256 3f5bd16b216b069dc0b9694b26df55db6c0878b86ad4a526f8d4c483bbe616a5
SHA512 04fa0581998d955563aeb33ba2055aae10cd00807f9bff412b1423ed8303b672abfa752fd56b4596ecbcbeb9c535b13209376c57429ed3ff7a028d24442b5d61

C:\Windows\system\tsVplxD.exe

MD5 d318a28b8fa282d7c3fb152100536502
SHA1 f82245a3db202ceeb4ccdc16e6ff702e0b476a26
SHA256 882aece158d6de5876108d36a5de8a8abd7678d1462744bb85b6378fd21a438c
SHA512 653436a3f252ff02dffbe3d72a31269c39616d4acb6b826fb39de7cc2bd3c1e8cb5a3eaab39f9e6eb6e28e5453749ddac33912f3e568d6ed68d8e821a47ca36b

C:\Windows\system\WcPhozx.exe

MD5 9dde01cccc8ea29336360cc1aa84bda0
SHA1 a29ba2c048a1a7a472c21d3749b058cb4ba1bc3c
SHA256 baf84694ac9510fc63fd074de7a6992d5dc7f1058de484737d3625256f9916ce
SHA512 6f002d9cf6866921d64ad1a0c58181145dca8f8a9d42a5c06974f64b67f009a2ab8498ad841a9beeab16f1a788a412595f28d817691288d3ce7daa55e9739371

C:\Windows\system\hqIocEC.exe

MD5 5df64761e2f67bce5579d473604706eb
SHA1 76f22c0aebb84644a950c64f7b2f84daaddb0be5
SHA256 c2031c7f6cb62ce95a29c742cd310687c0060e7dec0ead363a5af7caa220e65d
SHA512 10e48da5bffc815525a63c4d52473f34394493724e77ae0013e4bf4125ef9dfc211c6c9eec8488fa6bcc75897aa936f7863d385dab35199c4612140a0f021138

C:\Windows\system\AQiSree.exe

MD5 e2ac2ba65dfddeeadf7f0ec062aef19b
SHA1 356aeceb8c54a3de82ab5c69f798842bfa89b331
SHA256 24491ded9f6246b115bc3c83b4fb612b772a9fcc8fbda25b26bc716a13e4b93b
SHA512 b6009fa8bfd4138f396c5e571f238c00c0fdb9177e3720123b8af0852df3647a9d6b6abfbbc88ee88c58874767e154eb9796ea7db1db51ed9dd4bd56988c9f73

C:\Windows\system\hbzRVbA.exe

MD5 837d9f8f458e9252e3305d19ee2989a8
SHA1 e650f927b68468587aeffd9b832b79f4d2ff592f
SHA256 ff5e42fff4374456132c7af6b039377d0d13291bde41d346db217d92bcf1c0f5
SHA512 43803ac2b72d7a43edefe4b9926c836f3df373699353cd409180dd44d4a04666efb1c37c7e8c743ee759d673bb95e7bfe5e5142040945d4c7a83385735ac01c6

C:\Windows\system\SOUzndQ.exe

MD5 58c2245dff97f2efabc81e211b39625b
SHA1 3a22039554228b24539c80ffa98debaaab7372f6
SHA256 06db3494d32cc5ac26f5bb4c4ddcf5dc531cd3ad27aa301c6bbabd8556590e26
SHA512 192bd73cc1a1181deec734b6fec29d8e8a59748ff6031bf8f9b8621aa17f059cfda9b46f2c0b25b891b290f4cca2c0308991e5f9820c293430a029f747cebc2d

C:\Windows\system\xrYVlSv.exe

MD5 0163e939758e3266e87f162e86bb4e83
SHA1 7fcf2698c2e2814535465ca081fe41a6b660b4e3
SHA256 fcb2fecacedce77741c5fee8bf43b335396adabb94140c38eeaf27e4aa66112d
SHA512 9eb9f74f910fffe324e0da7aa38e924ea04ebdbcd68017a98371d84b21ec263138ee11bab94bfa29b39a8cfc2d5fe71d0e5793eefda7f697dc287fc340d63ca2

C:\Windows\system\FbeyFnb.exe

MD5 5ec27817299b5739b2149e5956dcebeb
SHA1 0cb7ca8e543884898dbfd5d264aaa8608f866b26
SHA256 7b8519354e0a56e87162c768d3ae4abd4d9d6f8ccd04d54d5b29bb27525d6e77
SHA512 617e9a470a8a2f919cff8604afc76efc594b72f5e688ac3f85bfd122d881cadbbffa81359d8d9996bd4acf81cba3c51c8aad0fc288984909ea9eedc0ec35da70

C:\Windows\system\MEhnovX.exe

MD5 b6a135648e6a518bc5f6a41ded6286c8
SHA1 00a05b152f3c61852fadd2905d0e5b59764d5be6
SHA256 3e9ac6b98982732a468b6ff3585cfdcd415dc7d518194e1e7fce08019a0d0cfc
SHA512 1c19f9200ad1e1fca80ed4bb1b2a4c0ac02e1974c0bfff026dd59e145d1a23eec22fe7a345b76bdfdba1a2f8f2c8b9619c86b63bb98a6181a052807a2d44f6e9

C:\Windows\system\imKYdFS.exe

MD5 5564add64521991fa9c96568812eed4f
SHA1 d1e82300dffdcb84f13d13705ab57191649efe36
SHA256 84f6f346839bbed777f3b6d7b7cef394573ff03f7279bd65a414201d5046544c
SHA512 004dfb144c602337f60543a7d2b5bd0f0ab5c07f93adbbb1a41a0749274eb8ff981925828068de5809e9eaa0fbfeab772c9e9edec16426da2e175c5a3f771784

C:\Windows\system\PIGVdcC.exe

MD5 cba2cac86514dad14f93e9095b6c07e2
SHA1 fc6d1d38f013b86b1d07d55602f0d52f1cb81da1
SHA256 056dd4eb0ec9d7b9f716921af957efbf4c90afb641d23955433bafb72b9857a6
SHA512 2b8ae252fd2f246e0ac5452d759aadb3cd0b366a3c610fbb40f28d04733bd79108fcb8cdc5c95d44b5c4a8a2249ad8a89f95da6209a0f92b549a90697175c21c

memory/2908-106-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2964-105-0x000000013FD90000-0x00000001400E4000-memory.dmp

memory/2692-102-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2908-101-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2572-95-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2908-94-0x000000013FEA0000-0x00000001401F4000-memory.dmp

C:\Windows\system\bKAruIu.exe

MD5 dcda149b2f525d4674f56ce1bf8c5922
SHA1 372fcd739c651c9d5ddef4b5b03c9f1be50b273e
SHA256 1988756fe2e0f82caacfe7b671aeac2676c9ff3548f0bca0138d587575ccb674
SHA512 74f4e1eb8150d67190f422373c9e22cb2f4b8636df079eadd184303ae54612ceeb9a89c75b2defff741c7a483c9e7a93e51cd054bad0e58b962ef606cd4d14a9

C:\Windows\system\midVXri.exe

MD5 7a6e8e3e3bb30fc34103fc8ce2e02f58
SHA1 d5070b0ab986bbf33fde1e6738165a19fff2878d
SHA256 1ce53f9eb078c3f6fe50a5f7d1f8d7d242bef4cb4f25f83a6dae66c384439d2d
SHA512 3a0887990d9a67475a57c5faeb5aac8e2814489c7bda537eb33828a02f6a433b29a439cb47f282aa249e79b88c74e6d130bfd7b75fecc494d0f4679f99271b3e

memory/2908-88-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2532-87-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2908-79-0x000000013F0D0000-0x000000013F424000-memory.dmp

C:\Windows\system\mJgdhyK.exe

MD5 6b7b7ad0ac36c0a1126be4b97e803484
SHA1 4051d4888f690f3303427b3e77ddfb711f3de68d
SHA256 97f6f45a49b2c05a5927d73fb8107ef846d8d8e20f4322f35c7e773195b112f6
SHA512 4e812193f6d37c5ef5127273d6c93209611911d3b55cbb0fbe11755244e8d7a597548166577fb543031d254fe43b0417709d7a4fd67321770503831eb88474cf

memory/2444-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp

C:\Windows\system\xnrDDba.exe

MD5 a9bd784146a323f152f33476cbb27de1
SHA1 6cdf82beadf81f399c974b1decfbd802aee37c68
SHA256 25f5202026709474f73d51717695c15313f13b082994d17d15ca37406bac9d54
SHA512 cbf1b61c25847cb7044e547942cbec73e996b4d9628472086e2b601cd1bce7f23efdc92b07c15ac8526445c76da01258a7488e15a6c00bdc3d24e1a3cb2f0472

memory/2296-73-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2908-72-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2348-65-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2096-64-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2908-63-0x000000013FA20000-0x000000013FD74000-memory.dmp

C:\Windows\system\ZwpOxtV.exe

MD5 0679a4315738eba405a0a07398e2c740
SHA1 fcdde2863715271137496a8f43576df6b107d4a8
SHA256 3d01cb491430b2d1a12ad774fdc45c74435c7572aac6cf0f0e43fc7a313ddb64
SHA512 5aba74d410d45e010a48d44c14f3c9ebf74c461b6da9ac091a063274082a238bc087b062e43bc45d65442f8734ed542e95c98ed88c48fca3d9c293c9a04e569b

memory/2908-60-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2464-59-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2908-57-0x0000000001F30000-0x0000000002284000-memory.dmp

C:\Windows\system\WkMxaUg.exe

MD5 3c850320411f7adf13950f00965ac6b9
SHA1 5b9f702a9fe4abf19c48e39eb9b08aff187cdc44
SHA256 6dbdbe772ce1533b522035e72957a9468a3aff876c19de87245218e423311beb
SHA512 5ea35b1ce131a20cd30da58eb6042a086755c2404d0ffeeb0d1c2989c7addc85cf00d89ae9f0a749139c77d3cc0d2754474a68c8ee20c49a2570e1902d8946a7

memory/2908-49-0x0000000001F30000-0x0000000002284000-memory.dmp

C:\Windows\system\rhbtKaM.exe

MD5 16ec45e4d4492179b2e8dacc31c262c8
SHA1 60261b2e9f876fef0195a0e544965fefbc9833ff
SHA256 85ddde715a68cff5b7ca28204b41818267b610292d68bec355769b2682d4a686
SHA512 0a4f20e1a8883806ce166871392c1a64cb7f94d67caf76908b3b1a45978072fe60490a949cd8ed3bcbd4a5f7f33f4f6b780148327a6c083a1db20871415b273e

memory/2908-39-0x000000013FD90000-0x00000001400E4000-memory.dmp

memory/2908-38-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2648-36-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2908-35-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2348-1077-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2908-1078-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2296-1079-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2908-1080-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2908-1081-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2572-1082-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2908-1083-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2692-1084-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2908-1085-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2096-1086-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2444-1087-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2648-1088-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2964-1089-0x000000013FD90000-0x00000001400E4000-memory.dmp

memory/2376-1091-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2532-1090-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2464-1092-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2348-1093-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2896-1094-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/852-1095-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2572-1096-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2692-1097-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2456-1098-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2296-1099-0x000000013F3B0000-0x000000013F704000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 08:34

Reported

2024-06-25 08:37

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dMBMiSt.exe N/A
N/A N/A C:\Windows\System\zpIQmFO.exe N/A
N/A N/A C:\Windows\System\Wprutdf.exe N/A
N/A N/A C:\Windows\System\kYGYXUm.exe N/A
N/A N/A C:\Windows\System\EYyBNmd.exe N/A
N/A N/A C:\Windows\System\QuMuRfk.exe N/A
N/A N/A C:\Windows\System\BSYdCHO.exe N/A
N/A N/A C:\Windows\System\HAyqqld.exe N/A
N/A N/A C:\Windows\System\iLdGjYJ.exe N/A
N/A N/A C:\Windows\System\IVMCUlF.exe N/A
N/A N/A C:\Windows\System\bhodlLX.exe N/A
N/A N/A C:\Windows\System\xNmlrBJ.exe N/A
N/A N/A C:\Windows\System\iTQDOOf.exe N/A
N/A N/A C:\Windows\System\GnizdWw.exe N/A
N/A N/A C:\Windows\System\OgrKgre.exe N/A
N/A N/A C:\Windows\System\zcahXPA.exe N/A
N/A N/A C:\Windows\System\RALnwMc.exe N/A
N/A N/A C:\Windows\System\zRyctoV.exe N/A
N/A N/A C:\Windows\System\iZYhkkM.exe N/A
N/A N/A C:\Windows\System\UMMctjg.exe N/A
N/A N/A C:\Windows\System\yyfFsCR.exe N/A
N/A N/A C:\Windows\System\IAjRxeB.exe N/A
N/A N/A C:\Windows\System\CBudweN.exe N/A
N/A N/A C:\Windows\System\FVXrOyg.exe N/A
N/A N/A C:\Windows\System\rBLiKuj.exe N/A
N/A N/A C:\Windows\System\tpOWOhg.exe N/A
N/A N/A C:\Windows\System\oSqOwDf.exe N/A
N/A N/A C:\Windows\System\YhUDtdP.exe N/A
N/A N/A C:\Windows\System\yXVUZtd.exe N/A
N/A N/A C:\Windows\System\tanRcUe.exe N/A
N/A N/A C:\Windows\System\kQMEiBn.exe N/A
N/A N/A C:\Windows\System\oPJmGPb.exe N/A
N/A N/A C:\Windows\System\qzZysRy.exe N/A
N/A N/A C:\Windows\System\ZOyeNqo.exe N/A
N/A N/A C:\Windows\System\aNSkkav.exe N/A
N/A N/A C:\Windows\System\cUrbHTv.exe N/A
N/A N/A C:\Windows\System\dgEAhfM.exe N/A
N/A N/A C:\Windows\System\fnnSxJL.exe N/A
N/A N/A C:\Windows\System\PCqBVjv.exe N/A
N/A N/A C:\Windows\System\vQvpoDw.exe N/A
N/A N/A C:\Windows\System\nHpUUyE.exe N/A
N/A N/A C:\Windows\System\VxfrMMs.exe N/A
N/A N/A C:\Windows\System\CeJLQaw.exe N/A
N/A N/A C:\Windows\System\YkSgppD.exe N/A
N/A N/A C:\Windows\System\VOZnvpp.exe N/A
N/A N/A C:\Windows\System\uGXoMnQ.exe N/A
N/A N/A C:\Windows\System\tZrFfFh.exe N/A
N/A N/A C:\Windows\System\VXufhvr.exe N/A
N/A N/A C:\Windows\System\AhXwsSk.exe N/A
N/A N/A C:\Windows\System\XSluIcw.exe N/A
N/A N/A C:\Windows\System\ozEukFD.exe N/A
N/A N/A C:\Windows\System\xSvEXnh.exe N/A
N/A N/A C:\Windows\System\xSWRueW.exe N/A
N/A N/A C:\Windows\System\OmPldjj.exe N/A
N/A N/A C:\Windows\System\zazxuLE.exe N/A
N/A N/A C:\Windows\System\FlUPsrJ.exe N/A
N/A N/A C:\Windows\System\DeaMtEc.exe N/A
N/A N/A C:\Windows\System\gdYvnLC.exe N/A
N/A N/A C:\Windows\System\KubHuKw.exe N/A
N/A N/A C:\Windows\System\brtlTfG.exe N/A
N/A N/A C:\Windows\System\NLJxHEd.exe N/A
N/A N/A C:\Windows\System\vXkOFOw.exe N/A
N/A N/A C:\Windows\System\TVlTxPC.exe N/A
N/A N/A C:\Windows\System\EYWNICJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JGAISgT.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgJnUFF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\toxUEiZ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kvArAVn.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZwXhoa.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uktCpUd.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSnVFAd.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWcWZbz.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bxdtJiZ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgrKgre.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\yytbvJq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVqfvRF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpJrThr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AGFhobd.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AOHsICf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjizmWg.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\acaPeta.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYWNICJ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LSvsncK.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRuLAkn.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjTxnzI.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MzIkFCf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJwbihN.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbGudIy.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIJbbFq.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYGYXUm.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\oRrLSHl.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlSYUqu.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\akCBdIr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hoHskWB.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\truFuCH.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwKigCi.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZesbyYZ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTQDOOf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\fnnSxJL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVmMgXr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCnCNhh.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnmNXyK.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKrtLPp.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMAQrqF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KubHuKw.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAKOtKe.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IljmxEp.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWHcUvY.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJxqrtU.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rIeNrEU.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VYMOGyH.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\umofPXk.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZOyeNqo.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhXwsSk.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dnMxEAb.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ByKFItN.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PCqBVjv.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhndWyW.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GGfxIAW.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCdmonL.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRNweCE.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uizjrXr.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJpsIMf.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\fFPKDup.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkyOeSa.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMwYFSQ.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcSjlgY.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dbqAbzF.exe C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2432 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\dMBMiSt.exe
PID 2432 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\dMBMiSt.exe
PID 2432 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zpIQmFO.exe
PID 2432 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zpIQmFO.exe
PID 2432 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\Wprutdf.exe
PID 2432 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\Wprutdf.exe
PID 2432 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\kYGYXUm.exe
PID 2432 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\kYGYXUm.exe
PID 2432 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\EYyBNmd.exe
PID 2432 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\EYyBNmd.exe
PID 2432 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\QuMuRfk.exe
PID 2432 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\QuMuRfk.exe
PID 2432 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\BSYdCHO.exe
PID 2432 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\BSYdCHO.exe
PID 2432 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\HAyqqld.exe
PID 2432 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\HAyqqld.exe
PID 2432 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\bhodlLX.exe
PID 2432 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\bhodlLX.exe
PID 2432 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iLdGjYJ.exe
PID 2432 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iLdGjYJ.exe
PID 2432 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\IVMCUlF.exe
PID 2432 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\IVMCUlF.exe
PID 2432 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xNmlrBJ.exe
PID 2432 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\xNmlrBJ.exe
PID 2432 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iTQDOOf.exe
PID 2432 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iTQDOOf.exe
PID 2432 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\GnizdWw.exe
PID 2432 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\GnizdWw.exe
PID 2432 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\OgrKgre.exe
PID 2432 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\OgrKgre.exe
PID 2432 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zRyctoV.exe
PID 2432 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zRyctoV.exe
PID 2432 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zcahXPA.exe
PID 2432 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\zcahXPA.exe
PID 2432 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\RALnwMc.exe
PID 2432 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\RALnwMc.exe
PID 2432 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iZYhkkM.exe
PID 2432 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\iZYhkkM.exe
PID 2432 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\UMMctjg.exe
PID 2432 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\UMMctjg.exe
PID 2432 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\yyfFsCR.exe
PID 2432 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\yyfFsCR.exe
PID 2432 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\IAjRxeB.exe
PID 2432 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\IAjRxeB.exe
PID 2432 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\CBudweN.exe
PID 2432 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\CBudweN.exe
PID 2432 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\FVXrOyg.exe
PID 2432 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\FVXrOyg.exe
PID 2432 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\rBLiKuj.exe
PID 2432 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\rBLiKuj.exe
PID 2432 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\tpOWOhg.exe
PID 2432 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\tpOWOhg.exe
PID 2432 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\oSqOwDf.exe
PID 2432 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\oSqOwDf.exe
PID 2432 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\YhUDtdP.exe
PID 2432 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\YhUDtdP.exe
PID 2432 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\yXVUZtd.exe
PID 2432 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\yXVUZtd.exe
PID 2432 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\tanRcUe.exe
PID 2432 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\tanRcUe.exe
PID 2432 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\kQMEiBn.exe
PID 2432 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\kQMEiBn.exe
PID 2432 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\oPJmGPb.exe
PID 2432 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe C:\Windows\System\oPJmGPb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\48739cef7974ca9cd4f3f25fd60936d92d8f974da133ad4e246f224d95ddf09b_NeikiAnalytics.exe"

C:\Windows\System\dMBMiSt.exe

C:\Windows\System\dMBMiSt.exe

C:\Windows\System\zpIQmFO.exe

C:\Windows\System\zpIQmFO.exe

C:\Windows\System\Wprutdf.exe

C:\Windows\System\Wprutdf.exe

C:\Windows\System\kYGYXUm.exe

C:\Windows\System\kYGYXUm.exe

C:\Windows\System\EYyBNmd.exe

C:\Windows\System\EYyBNmd.exe

C:\Windows\System\QuMuRfk.exe

C:\Windows\System\QuMuRfk.exe

C:\Windows\System\BSYdCHO.exe

C:\Windows\System\BSYdCHO.exe

C:\Windows\System\HAyqqld.exe

C:\Windows\System\HAyqqld.exe

C:\Windows\System\bhodlLX.exe

C:\Windows\System\bhodlLX.exe

C:\Windows\System\iLdGjYJ.exe

C:\Windows\System\iLdGjYJ.exe

C:\Windows\System\IVMCUlF.exe

C:\Windows\System\IVMCUlF.exe

C:\Windows\System\xNmlrBJ.exe

C:\Windows\System\xNmlrBJ.exe

C:\Windows\System\iTQDOOf.exe

C:\Windows\System\iTQDOOf.exe

C:\Windows\System\GnizdWw.exe

C:\Windows\System\GnizdWw.exe

C:\Windows\System\OgrKgre.exe

C:\Windows\System\OgrKgre.exe

C:\Windows\System\zRyctoV.exe

C:\Windows\System\zRyctoV.exe

C:\Windows\System\zcahXPA.exe

C:\Windows\System\zcahXPA.exe

C:\Windows\System\RALnwMc.exe

C:\Windows\System\RALnwMc.exe

C:\Windows\System\iZYhkkM.exe

C:\Windows\System\iZYhkkM.exe

C:\Windows\System\UMMctjg.exe

C:\Windows\System\UMMctjg.exe

C:\Windows\System\yyfFsCR.exe

C:\Windows\System\yyfFsCR.exe

C:\Windows\System\IAjRxeB.exe

C:\Windows\System\IAjRxeB.exe

C:\Windows\System\CBudweN.exe

C:\Windows\System\CBudweN.exe

C:\Windows\System\FVXrOyg.exe

C:\Windows\System\FVXrOyg.exe

C:\Windows\System\rBLiKuj.exe

C:\Windows\System\rBLiKuj.exe

C:\Windows\System\tpOWOhg.exe

C:\Windows\System\tpOWOhg.exe

C:\Windows\System\oSqOwDf.exe

C:\Windows\System\oSqOwDf.exe

C:\Windows\System\YhUDtdP.exe

C:\Windows\System\YhUDtdP.exe

C:\Windows\System\yXVUZtd.exe

C:\Windows\System\yXVUZtd.exe

C:\Windows\System\tanRcUe.exe

C:\Windows\System\tanRcUe.exe

C:\Windows\System\kQMEiBn.exe

C:\Windows\System\kQMEiBn.exe

C:\Windows\System\oPJmGPb.exe

C:\Windows\System\oPJmGPb.exe

C:\Windows\System\qzZysRy.exe

C:\Windows\System\qzZysRy.exe

C:\Windows\System\ZOyeNqo.exe

C:\Windows\System\ZOyeNqo.exe

C:\Windows\System\aNSkkav.exe

C:\Windows\System\aNSkkav.exe

C:\Windows\System\cUrbHTv.exe

C:\Windows\System\cUrbHTv.exe

C:\Windows\System\dgEAhfM.exe

C:\Windows\System\dgEAhfM.exe

C:\Windows\System\fnnSxJL.exe

C:\Windows\System\fnnSxJL.exe

C:\Windows\System\PCqBVjv.exe

C:\Windows\System\PCqBVjv.exe

C:\Windows\System\vQvpoDw.exe

C:\Windows\System\vQvpoDw.exe

C:\Windows\System\nHpUUyE.exe

C:\Windows\System\nHpUUyE.exe

C:\Windows\System\VxfrMMs.exe

C:\Windows\System\VxfrMMs.exe

C:\Windows\System\CeJLQaw.exe

C:\Windows\System\CeJLQaw.exe

C:\Windows\System\YkSgppD.exe

C:\Windows\System\YkSgppD.exe

C:\Windows\System\VOZnvpp.exe

C:\Windows\System\VOZnvpp.exe

C:\Windows\System\uGXoMnQ.exe

C:\Windows\System\uGXoMnQ.exe

C:\Windows\System\tZrFfFh.exe

C:\Windows\System\tZrFfFh.exe

C:\Windows\System\VXufhvr.exe

C:\Windows\System\VXufhvr.exe

C:\Windows\System\AhXwsSk.exe

C:\Windows\System\AhXwsSk.exe

C:\Windows\System\XSluIcw.exe

C:\Windows\System\XSluIcw.exe

C:\Windows\System\ozEukFD.exe

C:\Windows\System\ozEukFD.exe

C:\Windows\System\xSvEXnh.exe

C:\Windows\System\xSvEXnh.exe

C:\Windows\System\xSWRueW.exe

C:\Windows\System\xSWRueW.exe

C:\Windows\System\OmPldjj.exe

C:\Windows\System\OmPldjj.exe

C:\Windows\System\zazxuLE.exe

C:\Windows\System\zazxuLE.exe

C:\Windows\System\FlUPsrJ.exe

C:\Windows\System\FlUPsrJ.exe

C:\Windows\System\DeaMtEc.exe

C:\Windows\System\DeaMtEc.exe

C:\Windows\System\gdYvnLC.exe

C:\Windows\System\gdYvnLC.exe

C:\Windows\System\KubHuKw.exe

C:\Windows\System\KubHuKw.exe

C:\Windows\System\brtlTfG.exe

C:\Windows\System\brtlTfG.exe

C:\Windows\System\NLJxHEd.exe

C:\Windows\System\NLJxHEd.exe

C:\Windows\System\vXkOFOw.exe

C:\Windows\System\vXkOFOw.exe

C:\Windows\System\TVlTxPC.exe

C:\Windows\System\TVlTxPC.exe

C:\Windows\System\EYWNICJ.exe

C:\Windows\System\EYWNICJ.exe

C:\Windows\System\oWAunuP.exe

C:\Windows\System\oWAunuP.exe

C:\Windows\System\zRYPCiC.exe

C:\Windows\System\zRYPCiC.exe

C:\Windows\System\orCTJyf.exe

C:\Windows\System\orCTJyf.exe

C:\Windows\System\hTvAdTU.exe

C:\Windows\System\hTvAdTU.exe

C:\Windows\System\DkyOeSa.exe

C:\Windows\System\DkyOeSa.exe

C:\Windows\System\qzJkafh.exe

C:\Windows\System\qzJkafh.exe

C:\Windows\System\QMGVZMn.exe

C:\Windows\System\QMGVZMn.exe

C:\Windows\System\yrGJBje.exe

C:\Windows\System\yrGJBje.exe

C:\Windows\System\NxzmRYC.exe

C:\Windows\System\NxzmRYC.exe

C:\Windows\System\poGdbVZ.exe

C:\Windows\System\poGdbVZ.exe

C:\Windows\System\TUmuJZX.exe

C:\Windows\System\TUmuJZX.exe

C:\Windows\System\WJwbihN.exe

C:\Windows\System\WJwbihN.exe

C:\Windows\System\UXiWzcI.exe

C:\Windows\System\UXiWzcI.exe

C:\Windows\System\zBZGceq.exe

C:\Windows\System\zBZGceq.exe

C:\Windows\System\HSlvkaT.exe

C:\Windows\System\HSlvkaT.exe

C:\Windows\System\djrhzkE.exe

C:\Windows\System\djrhzkE.exe

C:\Windows\System\QGiZRVn.exe

C:\Windows\System\QGiZRVn.exe

C:\Windows\System\zbxLTBa.exe

C:\Windows\System\zbxLTBa.exe

C:\Windows\System\ksCNoMg.exe

C:\Windows\System\ksCNoMg.exe

C:\Windows\System\ooEAzyE.exe

C:\Windows\System\ooEAzyE.exe

C:\Windows\System\yhndWyW.exe

C:\Windows\System\yhndWyW.exe

C:\Windows\System\rJpsIMf.exe

C:\Windows\System\rJpsIMf.exe

C:\Windows\System\oHZIGmY.exe

C:\Windows\System\oHZIGmY.exe

C:\Windows\System\yytbvJq.exe

C:\Windows\System\yytbvJq.exe

C:\Windows\System\MCrGFKM.exe

C:\Windows\System\MCrGFKM.exe

C:\Windows\System\raRnZzf.exe

C:\Windows\System\raRnZzf.exe

C:\Windows\System\CsqwZBP.exe

C:\Windows\System\CsqwZBP.exe

C:\Windows\System\LSvsncK.exe

C:\Windows\System\LSvsncK.exe

C:\Windows\System\rSIowgj.exe

C:\Windows\System\rSIowgj.exe

C:\Windows\System\oRrLSHl.exe

C:\Windows\System\oRrLSHl.exe

C:\Windows\System\DtvvNXl.exe

C:\Windows\System\DtvvNXl.exe

C:\Windows\System\zCyeaTX.exe

C:\Windows\System\zCyeaTX.exe

C:\Windows\System\uTbXqoY.exe

C:\Windows\System\uTbXqoY.exe

C:\Windows\System\mlSYUqu.exe

C:\Windows\System\mlSYUqu.exe

C:\Windows\System\yvVAfGs.exe

C:\Windows\System\yvVAfGs.exe

C:\Windows\System\ZFblHYI.exe

C:\Windows\System\ZFblHYI.exe

C:\Windows\System\QNSyuwz.exe

C:\Windows\System\QNSyuwz.exe

C:\Windows\System\OOrKonQ.exe

C:\Windows\System\OOrKonQ.exe

C:\Windows\System\dnMxEAb.exe

C:\Windows\System\dnMxEAb.exe

C:\Windows\System\wGrXStS.exe

C:\Windows\System\wGrXStS.exe

C:\Windows\System\VuxJLsd.exe

C:\Windows\System\VuxJLsd.exe

C:\Windows\System\AOHsICf.exe

C:\Windows\System\AOHsICf.exe

C:\Windows\System\ZSVQDIp.exe

C:\Windows\System\ZSVQDIp.exe

C:\Windows\System\gIJbbFq.exe

C:\Windows\System\gIJbbFq.exe

C:\Windows\System\ZhzBjnb.exe

C:\Windows\System\ZhzBjnb.exe

C:\Windows\System\RATLToc.exe

C:\Windows\System\RATLToc.exe

C:\Windows\System\LIhkJXK.exe

C:\Windows\System\LIhkJXK.exe

C:\Windows\System\ftNFQAi.exe

C:\Windows\System\ftNFQAi.exe

C:\Windows\System\ixjWAIH.exe

C:\Windows\System\ixjWAIH.exe

C:\Windows\System\akCBdIr.exe

C:\Windows\System\akCBdIr.exe

C:\Windows\System\rIeNrEU.exe

C:\Windows\System\rIeNrEU.exe

C:\Windows\System\acaPeta.exe

C:\Windows\System\acaPeta.exe

C:\Windows\System\pxNyAzG.exe

C:\Windows\System\pxNyAzG.exe

C:\Windows\System\CJcnWsZ.exe

C:\Windows\System\CJcnWsZ.exe

C:\Windows\System\PMwQfbW.exe

C:\Windows\System\PMwQfbW.exe

C:\Windows\System\rNlmYdA.exe

C:\Windows\System\rNlmYdA.exe

C:\Windows\System\EbDcUtv.exe

C:\Windows\System\EbDcUtv.exe

C:\Windows\System\efOBPfw.exe

C:\Windows\System\efOBPfw.exe

C:\Windows\System\EBxafZz.exe

C:\Windows\System\EBxafZz.exe

C:\Windows\System\hAKOtKe.exe

C:\Windows\System\hAKOtKe.exe

C:\Windows\System\IMwYFSQ.exe

C:\Windows\System\IMwYFSQ.exe

C:\Windows\System\tFVQcpC.exe

C:\Windows\System\tFVQcpC.exe

C:\Windows\System\CwwERrt.exe

C:\Windows\System\CwwERrt.exe

C:\Windows\System\STpStSQ.exe

C:\Windows\System\STpStSQ.exe

C:\Windows\System\NXOUWgF.exe

C:\Windows\System\NXOUWgF.exe

C:\Windows\System\GvgdnZt.exe

C:\Windows\System\GvgdnZt.exe

C:\Windows\System\drpuqqm.exe

C:\Windows\System\drpuqqm.exe

C:\Windows\System\OlzoWft.exe

C:\Windows\System\OlzoWft.exe

C:\Windows\System\VSahUwM.exe

C:\Windows\System\VSahUwM.exe

C:\Windows\System\ugMVjpD.exe

C:\Windows\System\ugMVjpD.exe

C:\Windows\System\mYmJHFR.exe

C:\Windows\System\mYmJHFR.exe

C:\Windows\System\AMvTWMw.exe

C:\Windows\System\AMvTWMw.exe

C:\Windows\System\WMsngyp.exe

C:\Windows\System\WMsngyp.exe

C:\Windows\System\kvArAVn.exe

C:\Windows\System\kvArAVn.exe

C:\Windows\System\eQsFQNf.exe

C:\Windows\System\eQsFQNf.exe

C:\Windows\System\NUYKcFB.exe

C:\Windows\System\NUYKcFB.exe

C:\Windows\System\foYkthe.exe

C:\Windows\System\foYkthe.exe

C:\Windows\System\BbWmcnU.exe

C:\Windows\System\BbWmcnU.exe

C:\Windows\System\lWHcUvY.exe

C:\Windows\System\lWHcUvY.exe

C:\Windows\System\KaFcUWq.exe

C:\Windows\System\KaFcUWq.exe

C:\Windows\System\WkBiGdu.exe

C:\Windows\System\WkBiGdu.exe

C:\Windows\System\ozyESdL.exe

C:\Windows\System\ozyESdL.exe

C:\Windows\System\VYMOGyH.exe

C:\Windows\System\VYMOGyH.exe

C:\Windows\System\hoHskWB.exe

C:\Windows\System\hoHskWB.exe

C:\Windows\System\FYQARst.exe

C:\Windows\System\FYQARst.exe

C:\Windows\System\oatQfca.exe

C:\Windows\System\oatQfca.exe

C:\Windows\System\YVLnrPY.exe

C:\Windows\System\YVLnrPY.exe

C:\Windows\System\idaBDOD.exe

C:\Windows\System\idaBDOD.exe

C:\Windows\System\vuOKTEZ.exe

C:\Windows\System\vuOKTEZ.exe

C:\Windows\System\VUZZCBM.exe

C:\Windows\System\VUZZCBM.exe

C:\Windows\System\cDusgmh.exe

C:\Windows\System\cDusgmh.exe

C:\Windows\System\RJOywXE.exe

C:\Windows\System\RJOywXE.exe

C:\Windows\System\zZvixKL.exe

C:\Windows\System\zZvixKL.exe

C:\Windows\System\lbGudIy.exe

C:\Windows\System\lbGudIy.exe

C:\Windows\System\LpNyTZc.exe

C:\Windows\System\LpNyTZc.exe

C:\Windows\System\uejhotC.exe

C:\Windows\System\uejhotC.exe

C:\Windows\System\oOtjTkC.exe

C:\Windows\System\oOtjTkC.exe

C:\Windows\System\vtXlghC.exe

C:\Windows\System\vtXlghC.exe

C:\Windows\System\hJxqrtU.exe

C:\Windows\System\hJxqrtU.exe

C:\Windows\System\goaTOPz.exe

C:\Windows\System\goaTOPz.exe

C:\Windows\System\uktCpUd.exe

C:\Windows\System\uktCpUd.exe

C:\Windows\System\ipVuurK.exe

C:\Windows\System\ipVuurK.exe

C:\Windows\System\truFuCH.exe

C:\Windows\System\truFuCH.exe

C:\Windows\System\gtQgiZq.exe

C:\Windows\System\gtQgiZq.exe

C:\Windows\System\IBzuLHL.exe

C:\Windows\System\IBzuLHL.exe

C:\Windows\System\vyLmGcB.exe

C:\Windows\System\vyLmGcB.exe

C:\Windows\System\XDpwOtA.exe

C:\Windows\System\XDpwOtA.exe

C:\Windows\System\SWPVStw.exe

C:\Windows\System\SWPVStw.exe

C:\Windows\System\RtymcYX.exe

C:\Windows\System\RtymcYX.exe

C:\Windows\System\qNeXrVE.exe

C:\Windows\System\qNeXrVE.exe

C:\Windows\System\GCKDLCc.exe

C:\Windows\System\GCKDLCc.exe

C:\Windows\System\gEtJBRH.exe

C:\Windows\System\gEtJBRH.exe

C:\Windows\System\NXhMUWD.exe

C:\Windows\System\NXhMUWD.exe

C:\Windows\System\ZORirMt.exe

C:\Windows\System\ZORirMt.exe

C:\Windows\System\rbspAeI.exe

C:\Windows\System\rbspAeI.exe

C:\Windows\System\kpMlNzX.exe

C:\Windows\System\kpMlNzX.exe

C:\Windows\System\XdkOUTV.exe

C:\Windows\System\XdkOUTV.exe

C:\Windows\System\MTrUWqc.exe

C:\Windows\System\MTrUWqc.exe

C:\Windows\System\yhDDcxU.exe

C:\Windows\System\yhDDcxU.exe

C:\Windows\System\hCXXWfa.exe

C:\Windows\System\hCXXWfa.exe

C:\Windows\System\JSLUGfv.exe

C:\Windows\System\JSLUGfv.exe

C:\Windows\System\khgdZis.exe

C:\Windows\System\khgdZis.exe

C:\Windows\System\uVEjqIp.exe

C:\Windows\System\uVEjqIp.exe

C:\Windows\System\RHifaHj.exe

C:\Windows\System\RHifaHj.exe

C:\Windows\System\OiwZskd.exe

C:\Windows\System\OiwZskd.exe

C:\Windows\System\sjizmWg.exe

C:\Windows\System\sjizmWg.exe

C:\Windows\System\DplZtNf.exe

C:\Windows\System\DplZtNf.exe

C:\Windows\System\ZIZGzCG.exe

C:\Windows\System\ZIZGzCG.exe

C:\Windows\System\MIPnOOr.exe

C:\Windows\System\MIPnOOr.exe

C:\Windows\System\VNaMygP.exe

C:\Windows\System\VNaMygP.exe

C:\Windows\System\ispbaFA.exe

C:\Windows\System\ispbaFA.exe

C:\Windows\System\GSFMbAY.exe

C:\Windows\System\GSFMbAY.exe

C:\Windows\System\fFPKDup.exe

C:\Windows\System\fFPKDup.exe

C:\Windows\System\PYaXnfF.exe

C:\Windows\System\PYaXnfF.exe

C:\Windows\System\NERxNAw.exe

C:\Windows\System\NERxNAw.exe

C:\Windows\System\aZwXhoa.exe

C:\Windows\System\aZwXhoa.exe

C:\Windows\System\MqIYHmN.exe

C:\Windows\System\MqIYHmN.exe

C:\Windows\System\LyHiTnU.exe

C:\Windows\System\LyHiTnU.exe

C:\Windows\System\BxCqJoW.exe

C:\Windows\System\BxCqJoW.exe

C:\Windows\System\tmIojOT.exe

C:\Windows\System\tmIojOT.exe

C:\Windows\System\hDfDNmw.exe

C:\Windows\System\hDfDNmw.exe

C:\Windows\System\cnmNXyK.exe

C:\Windows\System\cnmNXyK.exe

C:\Windows\System\GGfxIAW.exe

C:\Windows\System\GGfxIAW.exe

C:\Windows\System\MlrqWYC.exe

C:\Windows\System\MlrqWYC.exe

C:\Windows\System\OwKigCi.exe

C:\Windows\System\OwKigCi.exe

C:\Windows\System\hIZZgVC.exe

C:\Windows\System\hIZZgVC.exe

C:\Windows\System\jhHKCUs.exe

C:\Windows\System\jhHKCUs.exe

C:\Windows\System\wzwIZAf.exe

C:\Windows\System\wzwIZAf.exe

C:\Windows\System\MQpEeOL.exe

C:\Windows\System\MQpEeOL.exe

C:\Windows\System\jtPERcZ.exe

C:\Windows\System\jtPERcZ.exe

C:\Windows\System\hazOwFF.exe

C:\Windows\System\hazOwFF.exe

C:\Windows\System\CwllsLG.exe

C:\Windows\System\CwllsLG.exe

C:\Windows\System\zNHilvE.exe

C:\Windows\System\zNHilvE.exe

C:\Windows\System\aTubgBE.exe

C:\Windows\System\aTubgBE.exe

C:\Windows\System\dEPfIHj.exe

C:\Windows\System\dEPfIHj.exe

C:\Windows\System\PcSjlgY.exe

C:\Windows\System\PcSjlgY.exe

C:\Windows\System\Xevebfq.exe

C:\Windows\System\Xevebfq.exe

C:\Windows\System\LIEwzpG.exe

C:\Windows\System\LIEwzpG.exe

C:\Windows\System\csVNUxD.exe

C:\Windows\System\csVNUxD.exe

C:\Windows\System\AXmtvWH.exe

C:\Windows\System\AXmtvWH.exe

C:\Windows\System\sgBPBCl.exe

C:\Windows\System\sgBPBCl.exe

C:\Windows\System\EzNnePt.exe

C:\Windows\System\EzNnePt.exe

C:\Windows\System\QUZTBYP.exe

C:\Windows\System\QUZTBYP.exe

C:\Windows\System\MjgGwmt.exe

C:\Windows\System\MjgGwmt.exe

C:\Windows\System\PXxoKDi.exe

C:\Windows\System\PXxoKDi.exe

C:\Windows\System\gSnVFAd.exe

C:\Windows\System\gSnVFAd.exe

C:\Windows\System\LXqysxI.exe

C:\Windows\System\LXqysxI.exe

C:\Windows\System\UVqfvRF.exe

C:\Windows\System\UVqfvRF.exe

C:\Windows\System\RjJYFDp.exe

C:\Windows\System\RjJYFDp.exe

C:\Windows\System\ZesbyYZ.exe

C:\Windows\System\ZesbyYZ.exe

C:\Windows\System\usmeURO.exe

C:\Windows\System\usmeURO.exe

C:\Windows\System\lwfDLnM.exe

C:\Windows\System\lwfDLnM.exe

C:\Windows\System\ZehAnUJ.exe

C:\Windows\System\ZehAnUJ.exe

C:\Windows\System\IljmxEp.exe

C:\Windows\System\IljmxEp.exe

C:\Windows\System\PvRiIKW.exe

C:\Windows\System\PvRiIKW.exe

C:\Windows\System\JRuLAkn.exe

C:\Windows\System\JRuLAkn.exe

C:\Windows\System\OpJrThr.exe

C:\Windows\System\OpJrThr.exe

C:\Windows\System\MKrtLPp.exe

C:\Windows\System\MKrtLPp.exe

C:\Windows\System\JGAISgT.exe

C:\Windows\System\JGAISgT.exe

C:\Windows\System\HxtLjbR.exe

C:\Windows\System\HxtLjbR.exe

C:\Windows\System\CqnTaii.exe

C:\Windows\System\CqnTaii.exe

C:\Windows\System\YQZCaiI.exe

C:\Windows\System\YQZCaiI.exe

C:\Windows\System\KWcWZbz.exe

C:\Windows\System\KWcWZbz.exe

C:\Windows\System\romeGPa.exe

C:\Windows\System\romeGPa.exe

C:\Windows\System\JVmMgXr.exe

C:\Windows\System\JVmMgXr.exe

C:\Windows\System\dEXDgIT.exe

C:\Windows\System\dEXDgIT.exe

C:\Windows\System\nqLGjua.exe

C:\Windows\System\nqLGjua.exe

C:\Windows\System\fKzVPoF.exe

C:\Windows\System\fKzVPoF.exe

C:\Windows\System\DdhQpdm.exe

C:\Windows\System\DdhQpdm.exe

C:\Windows\System\NcdlAxz.exe

C:\Windows\System\NcdlAxz.exe

C:\Windows\System\KCdmonL.exe

C:\Windows\System\KCdmonL.exe

C:\Windows\System\vqqcUNH.exe

C:\Windows\System\vqqcUNH.exe

C:\Windows\System\gUyBgaj.exe

C:\Windows\System\gUyBgaj.exe

C:\Windows\System\cNwyzmj.exe

C:\Windows\System\cNwyzmj.exe

C:\Windows\System\XqdaCLU.exe

C:\Windows\System\XqdaCLU.exe

C:\Windows\System\XGvgjSH.exe

C:\Windows\System\XGvgjSH.exe

C:\Windows\System\AGFhobd.exe

C:\Windows\System\AGFhobd.exe

C:\Windows\System\qjTxnzI.exe

C:\Windows\System\qjTxnzI.exe

C:\Windows\System\djSKfPj.exe

C:\Windows\System\djSKfPj.exe

C:\Windows\System\AAqgpXy.exe

C:\Windows\System\AAqgpXy.exe

C:\Windows\System\IHOJKmW.exe

C:\Windows\System\IHOJKmW.exe

C:\Windows\System\xzOQfBo.exe

C:\Windows\System\xzOQfBo.exe

C:\Windows\System\bIqoPBf.exe

C:\Windows\System\bIqoPBf.exe

C:\Windows\System\YgJnUFF.exe

C:\Windows\System\YgJnUFF.exe

C:\Windows\System\iejxXlM.exe

C:\Windows\System\iejxXlM.exe

C:\Windows\System\endtexV.exe

C:\Windows\System\endtexV.exe

C:\Windows\System\wkNSffl.exe

C:\Windows\System\wkNSffl.exe

C:\Windows\System\cuNxZJZ.exe

C:\Windows\System\cuNxZJZ.exe

C:\Windows\System\AsePokm.exe

C:\Windows\System\AsePokm.exe

C:\Windows\System\umofPXk.exe

C:\Windows\System\umofPXk.exe

C:\Windows\System\LvywDJs.exe

C:\Windows\System\LvywDJs.exe

C:\Windows\System\VJXFtCx.exe

C:\Windows\System\VJXFtCx.exe

C:\Windows\System\qezjxaD.exe

C:\Windows\System\qezjxaD.exe

C:\Windows\System\LMAQrqF.exe

C:\Windows\System\LMAQrqF.exe

C:\Windows\System\UlSpMgr.exe

C:\Windows\System\UlSpMgr.exe

C:\Windows\System\NhAbKzf.exe

C:\Windows\System\NhAbKzf.exe

C:\Windows\System\lzDTCfa.exe

C:\Windows\System\lzDTCfa.exe

C:\Windows\System\AbcWQNy.exe

C:\Windows\System\AbcWQNy.exe

C:\Windows\System\iusrBuj.exe

C:\Windows\System\iusrBuj.exe

C:\Windows\System\MKZdOSc.exe

C:\Windows\System\MKZdOSc.exe

C:\Windows\System\rcIgHYQ.exe

C:\Windows\System\rcIgHYQ.exe

C:\Windows\System\GpEbswY.exe

C:\Windows\System\GpEbswY.exe

C:\Windows\System\MzIkFCf.exe

C:\Windows\System\MzIkFCf.exe

C:\Windows\System\KxlIonG.exe

C:\Windows\System\KxlIonG.exe

C:\Windows\System\NmXctEg.exe

C:\Windows\System\NmXctEg.exe

C:\Windows\System\oxXMFkS.exe

C:\Windows\System\oxXMFkS.exe

C:\Windows\System\bxdtJiZ.exe

C:\Windows\System\bxdtJiZ.exe

C:\Windows\System\CwlwXXl.exe

C:\Windows\System\CwlwXXl.exe

C:\Windows\System\toxUEiZ.exe

C:\Windows\System\toxUEiZ.exe

C:\Windows\System\cDOtSKI.exe

C:\Windows\System\cDOtSKI.exe

C:\Windows\System\ORBiZKC.exe

C:\Windows\System\ORBiZKC.exe

C:\Windows\System\LKYUGIi.exe

C:\Windows\System\LKYUGIi.exe

C:\Windows\System\sAstUUU.exe

C:\Windows\System\sAstUUU.exe

C:\Windows\System\XPmxHIE.exe

C:\Windows\System\XPmxHIE.exe

C:\Windows\System\zPgOrQz.exe

C:\Windows\System\zPgOrQz.exe

C:\Windows\System\iJiKNvo.exe

C:\Windows\System\iJiKNvo.exe

C:\Windows\System\FwhtkDX.exe

C:\Windows\System\FwhtkDX.exe

C:\Windows\System\UcbaQoX.exe

C:\Windows\System\UcbaQoX.exe

C:\Windows\System\ezjRZbt.exe

C:\Windows\System\ezjRZbt.exe

C:\Windows\System\GmzDxCt.exe

C:\Windows\System\GmzDxCt.exe

C:\Windows\System\MmpOViY.exe

C:\Windows\System\MmpOViY.exe

C:\Windows\System\CCnCNhh.exe

C:\Windows\System\CCnCNhh.exe

C:\Windows\System\QHnNacA.exe

C:\Windows\System\QHnNacA.exe

C:\Windows\System\JVYNCcD.exe

C:\Windows\System\JVYNCcD.exe

C:\Windows\System\EMkryku.exe

C:\Windows\System\EMkryku.exe

C:\Windows\System\RRNweCE.exe

C:\Windows\System\RRNweCE.exe

C:\Windows\System\ElpuRHP.exe

C:\Windows\System\ElpuRHP.exe

C:\Windows\System\dbqAbzF.exe

C:\Windows\System\dbqAbzF.exe

C:\Windows\System\JDTBRTk.exe

C:\Windows\System\JDTBRTk.exe

C:\Windows\System\GFTnwFJ.exe

C:\Windows\System\GFTnwFJ.exe

C:\Windows\System\IojwWzF.exe

C:\Windows\System\IojwWzF.exe

C:\Windows\System\WDQfDaA.exe

C:\Windows\System\WDQfDaA.exe

C:\Windows\System\ByKFItN.exe

C:\Windows\System\ByKFItN.exe

C:\Windows\System\fUeMhwj.exe

C:\Windows\System\fUeMhwj.exe

C:\Windows\System\uizjrXr.exe

C:\Windows\System\uizjrXr.exe

C:\Windows\System\sMjXRDO.exe

C:\Windows\System\sMjXRDO.exe

C:\Windows\System\WTAErnD.exe

C:\Windows\System\WTAErnD.exe

C:\Windows\System\SWeqlfO.exe

C:\Windows\System\SWeqlfO.exe

C:\Windows\System\oBaTBwv.exe

C:\Windows\System\oBaTBwv.exe

C:\Windows\System\qdmVjND.exe

C:\Windows\System\qdmVjND.exe

C:\Windows\System\JfMCjnI.exe

C:\Windows\System\JfMCjnI.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/2432-0-0x00007FF62B5E0000-0x00007FF62B934000-memory.dmp

memory/2432-1-0x0000023357410000-0x0000023357420000-memory.dmp

C:\Windows\System\dMBMiSt.exe

MD5 8e2fa9217a05ec5751063467269a26c8
SHA1 16e90c387a0015fd7f3e9278e1f5484bdf8b04d9
SHA256 3f5aa25105f2a704a27514b51cb5e2c80ef93f26df8857fb723f839e2dbb6545
SHA512 23e3feffff0b3ef0e364f2fcb3c1a813067824f7e1bcde2766bf293d8289540f68de0f07ff969dac52611ba51b2fc7b2f6b02e258ae950620ffa44bdf5cca8da

memory/3832-8-0x00007FF707E10000-0x00007FF708164000-memory.dmp

C:\Windows\System\zpIQmFO.exe

MD5 e5dbd02ed432aaa10b73789ef5fc82ba
SHA1 7e3b58fdc00fbc9d8f5f21b224a1ac844c8b908e
SHA256 a6173f2776ae92e7ca878e7867da6e439362e87c5b6e886f9d65aa9c69fdfc42
SHA512 8188784fe6e1ddcdbe27010164cfe47da770ffc18a92cf5298f2e7185fcd078833fd6948821f825436683b5b51a8fb9f875f20f54ec3d66d16a834dc06763804

C:\Windows\System\Wprutdf.exe

MD5 6765c9d7fefcbc4528cb276bc46f4041
SHA1 ba48ae5ce290007ee54ccbf641994cffcecd1b70
SHA256 4307821a2929b58ea0075387a8e0c2734c8b4f30f09692fede1227e72f9e02aa
SHA512 a6da3012275c29b76746bcef0e254f9f5349782f9ac37718eb9ad2af562a8612f905e09008ebfc0384e84c2b78b7ded620684f90aae041e9256924a7c30477d3

memory/2360-22-0x00007FF67CFA0000-0x00007FF67D2F4000-memory.dmp

C:\Windows\System\kYGYXUm.exe

MD5 bce6b3ecb22654d05a5b155de3403893
SHA1 052f931dab6eaf1699084fc96e77ca0e8470798c
SHA256 4f67cdae65cd3921d1a7f064c51d4238a9a7e47689dc8a7eb734b4dc612ae87b
SHA512 4b7ae4b3755b69cf33beaa1257ec7902814a490272914809289a090141f76e84816df9ce8799d5e3e74a8ec332316c9cf479d7f9210c667c58b0caaa1b9aace6

C:\Windows\System\QuMuRfk.exe

MD5 dfd360d01c57ffa689d74b82875093cd
SHA1 31a945f9dba028ca955742419b830b3bd4538f3d
SHA256 9801a21ff93afa7e8b64115bebc285c157d06d854d41d59a846ddafcf4b579d9
SHA512 bd1cef63f138b1fb4602840ffe3aed7ae9e0a8c9242a30082227794e6aaade625c9b8ac484cac1a5401d9ff70eff811e654b221b8a1a25ac75cda47b9ea18a0b

C:\Windows\System\EYyBNmd.exe

MD5 73af38ef4fb81fa92c189df4d8a7d252
SHA1 a5bd96d2adff23430116e11f94f4e3bf2a598a78
SHA256 4fe14375e1e2a3a3518eefe2479955de439453050475085904c91420414dfc5f
SHA512 e08ac0ab94388c8408e1f853cb13bf12733da8defe0224bfb65dc089983379cfafd4e9d898c63f24a40476e1640274e742e1b622b79d74cd85a5326ba1f67e4a

C:\Windows\System\IVMCUlF.exe

MD5 0798c68cc81d2ccbffa63659e0c70ac9
SHA1 4092b998e6f2f2da8263d7c9d7ff587ce9f27347
SHA256 27982d50d90c195d18464c4be528b34ddca07039b7fe11a5e53ce9930fc6fe31
SHA512 2d9154a9b8b8a656bc5bd34b14fa89ad3d80ab52837a0b047254649c22129f356fd5ef45d9ac31ac3d4f5d8843c2ba92723ea830f60b1c8231f014524da30196

C:\Windows\System\zcahXPA.exe

MD5 6d92032facf169417a24f6b99186160d
SHA1 13c910f8b0832c43534c764b8b8afc53298ccfae
SHA256 278fc16ded67a664d593a1325086344877df1f86f37dfbb60adb6c6904a97e10
SHA512 714c69df2eaccfec02c977acfe20d48f4b707955b30e289c5f32e272736feae1ae758a656bfda0f70b782e9f50356eefe8dc33a1902ef2b19634e194b7c32043

C:\Windows\System\iTQDOOf.exe

MD5 4cd844e4fb2033643ec7b3cb410d5303
SHA1 3d0acef925c1f9a962bb33253fc63f32a7cf0dcc
SHA256 91bfe6db8830fa457beaf3bff4c3a0e6e8348cc7682331148229fad3174de2e6
SHA512 9af66dc51b3ba9369ea0a9a26dd0fe3994206188cb674ef148e0eb1492e282641607f3504aafdff598b63d7c67f3d6977fe312324fc76dee340e15ed71470304

memory/3176-154-0x00007FF6BF740000-0x00007FF6BFA94000-memory.dmp

C:\Windows\System\FVXrOyg.exe

MD5 b7259731f1806e58d75507aa08b98129
SHA1 15024347d93aaea7826bc8227db7ac3478289078
SHA256 e6e9e6b647a1f9275051690950d63f3f2c84fe568a8dc9ec7970a3bbfba0037f
SHA512 3e64f75c3f9e70aae92be7931b576296d4e621144ce1dd20c7eefd0e55a8b961d912e16ca95728ec7dfe85da6b71ad1409075f031ade21bdb6bc6788c65e9b88

memory/4892-197-0x00007FF7F7F90000-0x00007FF7F82E4000-memory.dmp

memory/2388-213-0x00007FF7E81B0000-0x00007FF7E8504000-memory.dmp

memory/4652-212-0x00007FF7FB610000-0x00007FF7FB964000-memory.dmp

memory/388-211-0x00007FF6A73F0000-0x00007FF6A7744000-memory.dmp

memory/912-210-0x00007FF692D80000-0x00007FF6930D4000-memory.dmp

memory/1324-209-0x00007FF79CE90000-0x00007FF79D1E4000-memory.dmp

memory/1856-208-0x00007FF64E280000-0x00007FF64E5D4000-memory.dmp

memory/3132-207-0x00007FF782390000-0x00007FF7826E4000-memory.dmp

memory/4228-206-0x00007FF617320000-0x00007FF617674000-memory.dmp

memory/1808-203-0x00007FF7030E0000-0x00007FF703434000-memory.dmp

memory/3720-202-0x00007FF764190000-0x00007FF7644E4000-memory.dmp

memory/4940-198-0x00007FF6C9310000-0x00007FF6C9664000-memory.dmp

C:\Windows\System\ZOyeNqo.exe

MD5 b51875ab63b8de97aa279cfeec493bfb
SHA1 69063bdfa0e50a6ce04a06ef5fd3cdbbd1a4cf1f
SHA256 7d4e55771fc7bcea727ba96ca0c466bc0b2928c1af2aa229427ef11c61f88bb6
SHA512 4b83a0c6d0489d7ca2f90ae2b48e157721ecd388ebc555ca3b9b3753678d27409abc234c96ac6f53b9725e3725bf381cce15d957d8d821b8e0f41e465d395b83

C:\Windows\System\kQMEiBn.exe

MD5 752eb611944c235470c81dcdac0af7c1
SHA1 dc49a00d702d528b9571500cfa5cdeb10df24da4
SHA256 e92257b1826f3d8fffa5344709f326c4dc0ff5564dc054543090f45c7cdba444
SHA512 088b37d464ad48b9004dc6562ed8b8678e2c8a55520d0ba520a4a7d1e231d053b00328d634bc69fd57adabb8f088b09921a288e98bf43c303c5e939cdfe5a8e0

C:\Windows\System\iZYhkkM.exe

MD5 fe76d5ee99589d6a0bd66c45ea334a30
SHA1 65849161845286347a1f2d47bd6c775a3528c364
SHA256 67bac983be876e9cae3e4a0e5161aa7fcd1318986cf3f7858a3325a09b063b19
SHA512 e463d50f3dea719f9948d4458ed2cbf6ef805151160e19a8593c06daeff17a6606d24744dabb09ddc8a4576fa1f2eaef300d4a30b349c06980bf8dd0c169a9e4

C:\Windows\System\tanRcUe.exe

MD5 f694ba48c14173e307a3878c5facd72c
SHA1 2099d5894c6601fe130eb5bb15d6f1e9eab83251
SHA256 079782b04b0c19082edb1314f12fa7ba4c36d358aec2efc143f435359e3619e4
SHA512 bf50882faccddb28a74c5ed6ac7278d31d96b24ffd388a2730aec6ddfc9f077cc2266e60ee3711128675a0d00d8fcbb206250aba964eb036be8aec79e54ae74b

C:\Windows\System\YhUDtdP.exe

MD5 555737793b99c2bc753939c73c66d018
SHA1 71007fcacc237df5b67826ef809f4695ece4f930
SHA256 5db462da9ae3435b44dbd184353b986dc095d772ee17207ad954ac150c619535
SHA512 961261b5f9cca83b802f2678db3f3e79e9bae450f5932eb8a16d39b9f453026f9b36fb372782c087aa793539be588a9a88bf8525b7c4dfc729c478808b3bbd6e

C:\Windows\System\qzZysRy.exe

MD5 da302cf1e56250a667071cb49256fc79
SHA1 3843100f3c58cb70ae60269993213b0aaad6a2dc
SHA256 02e36d4624380980a16c60e77ee89c749c7c1b07d0244caaa68b680fefb6e152
SHA512 dc063f8100941f27f461deffc8eec69b4650d65c07677db16c8dbaea826dffb3ea06789a89aa53628a2f7580062189fd868b0fe33dab3089ce83f3f6e55d087b

C:\Windows\System\oSqOwDf.exe

MD5 9776ed8766eea2cd00337fd78ca8d6c1
SHA1 a235f4d57f68ea9ee8504709d9df5b389c998803
SHA256 bc2048078fe6e87c81b180187c661dbf45050c37587344483db5ca8a5642d621
SHA512 30ee1cb48aac9f894f0cc310dc441afc3a7710a186c0c4d8d3fb9de6070af5232d1c3ede9766c5c58844a20e122b9bde582ac08dc98c4a4ed1b2c16815705f63

memory/1020-175-0x00007FF7B90E0000-0x00007FF7B9434000-memory.dmp

C:\Windows\System\CBudweN.exe

MD5 90d3e897f0ae2f50400e759545919c08
SHA1 12c7e3ce55bc54db93c800649f147e10454dc063
SHA256 fcd8546b1c0eb257aa485bd48f4b0caed7d60c057d55daf5f9bdac6d909cf181
SHA512 e3f03ddfd50684a4973fb6cc888c8adf4ed78eff240afe8f6fc49c50f7cfb8c9ddeaeb49be8bb801be4abedafdae42c8e225cda18cb8c8d77a1281be55f7c2df

C:\Windows\System\IAjRxeB.exe

MD5 4aaf9d92938242790e42f3f016933073
SHA1 f14fc8c2ddc467c7b964dc4a45165ef32ab04108
SHA256 54193daabfa8fbf72ec9637259979108946bb96cfdab5d6baf6d93217af97dea
SHA512 e86561bef36c16455048c5d453f94d47ff8e5c4ed7be5f4dc7f93b9b8fe4cad77e786b9d23692a689c9e5a3b48c986d9249bf650948c19d06a4daf0744b8a61c

C:\Windows\System\oPJmGPb.exe

MD5 e39de233a16f60706212ff1ccd55a187
SHA1 891ebafd54d0d61425707f8519228c3550204363
SHA256 d0eb028a1e829e71ec58e91d9badb8268af5d85db26f03bafdf15caab0b7bc9b
SHA512 477f0dcc7c47d36451e9409bf0f14a77ba00c7e98f5dbd2d981d0b29b047868c4aa410ede90faf31b4114e2400110aed75d3a6fb411639e8e41f39c254290418

C:\Windows\System\tpOWOhg.exe

MD5 c09fc0d00eae3bd2831076dba86ca007
SHA1 7488aab062895ade1b0a31c5c8c044facaba341a
SHA256 d99616264aeb8a1a8f3bbbc7272cd376ccc61599387d1cfe910e95d14b2b12a6
SHA512 5e1d834520bbf602cfe5c9340b81df68707342ebe63a30bbd8870dc27d44ae0b89439f4cc182f1c25470f1094dd88f79d3cf41a3286b8cd641ad6c7188cccb2d

memory/3700-155-0x00007FF73A970000-0x00007FF73ACC4000-memory.dmp

C:\Windows\System\rBLiKuj.exe

MD5 c42aaf843de2868df700dbb7a85ba2fb
SHA1 d202c762a1d3fbdbb05228be4cea623f48ef7ff3
SHA256 d605e55a79dcb5fc805874cd94a9337b09f551f88cb6d3bce9f0b90e79587dc0
SHA512 92ff9206553537dd6b6db87dcd1c7828adff3ae14b3bf09de50ca064e0925e00a226592c4a786ed0a46f3e204e8ac63700723ff90fff48834f104e6e98809366

C:\Windows\System\UMMctjg.exe

MD5 0c2348a874122d554d90f6d056f6512e
SHA1 298f8a43bc27226a5f10dab29a245b4d63fdb7f6
SHA256 dbebd65a07f126a06cf1fa8a1647622e88bc99940228a5c09d38f9def89c3cd7
SHA512 6497406899841b1c5eac6a572936718e629a823f9e82411d5321de5baa5a302f85e2548a9e9953df3b76bb9613d2d0d314cec723543a798a1f21d2d3f33a87e1

C:\Windows\System\zRyctoV.exe

MD5 0ee3ad5c317528e3655c0151836b1c8a
SHA1 692831d5cd7cb9ab50f56e98446cb5f73f1b55d7
SHA256 6e944f1556ab25707b320ab828023a97e7afc06cc0a5f48686a696528beef4c5
SHA512 03596fb684258d59b78ea9340d2def020b9836fa97ee984ddf9498579f1006e3a076065dcb7ef5426ed4cbffa641192f4c62c6111a8f35ea07a8ae9f00b65b71

C:\Windows\System\yXVUZtd.exe

MD5 fbe0615e4b42e0061f309e47dd09811d
SHA1 6645410c6bf0fa0f2c7d55376fc92e679e92a1ee
SHA256 a9611f2ce8d0a51bb0c2539d8035ac3da45a7e1769046a2c066481ad3da16612
SHA512 4fb8bdf76ec4acf559c6c4a26417c7b085c68472fe4fb6865addab9535de7e78dc63bfeb0491af7f615570e7ccba4100901a76ef3e3723255fbbd99fc0fe13cf

C:\Windows\System\RALnwMc.exe

MD5 32cb33dd73061621696f56ff2988bd74
SHA1 33ddb9f1f23da95477b1b4b56dd5fc8786703138
SHA256 1e9cdfb70d90c2c0f63094dd405f3cd1736bb5dd271b542beff80db4fd16935b
SHA512 17cadcd390c1c75159cfe831a6d03de6de7dd35ec047071460230d1844d49863923d58cd8859f183e719b57c8543f1ab45c00f089e794689228828cb110075d1

C:\Windows\System\yyfFsCR.exe

MD5 d08295a7a7908f6fca74cbb78d0d32a0
SHA1 010acce83c6368293f0811dbecedee43a16966eb
SHA256 f4e4452086d26d4b34cceaf96884af56082e3412cf1808b97ced8724e2bda006
SHA512 0d2124f5946e8a6f51f09f49dd933964ce6cd8fe41aae450b76f6778af8c9d2b6600c62e64a46d96191efcba97ad14b5ede1b0a53bae258899b486c6ac88e72a

memory/2372-133-0x00007FF7A0AD0000-0x00007FF7A0E24000-memory.dmp

memory/4052-130-0x00007FF66ACE0000-0x00007FF66B034000-memory.dmp

C:\Windows\System\bhodlLX.exe

MD5 313b544d83a408a1300f3fb864fa5da2
SHA1 e83c7f42a95e14ab467c143eda16575e62cef619
SHA256 6bf8f73f2ea46c4d16aee3022483a2b220d8d726778068cbc6f499e3cd3b63c2
SHA512 878cadc0cdb507f941bc981c3f9eae965ed2f6aaddca528a0ea4a3cc1ef456c3681989bd7d251b0bf57badb12b4af90ac6c97ec34bd8684cf80a48160d223bed

memory/1444-112-0x00007FF7BB830000-0x00007FF7BBB84000-memory.dmp

memory/2968-109-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

C:\Windows\System\GnizdWw.exe

MD5 8ecf3edec662048e436efb8056f006ba
SHA1 a36c0bbca398fd0ce6d063ed1e5069a5caed21ae
SHA256 9beae676d9337ce36ce13ac0665daf6e87331cf4584faf166556efc622d20dc5
SHA512 7c5c966273a1a6b220246bf1bcc70c0b4849f7c4afa88db7cbbde47d6345dcf5a8eda208105e76230ab52b044d30fd4704b98bf8e064d9c80c5263cbd2ad28ab

C:\Windows\System\xNmlrBJ.exe

MD5 8f0fc7f42462c3453f3eabb58bda7bc9
SHA1 01af0d1cc0b139efc24584e8c95ddca24d925985
SHA256 a94fbe700e8155fd7a802d6e76e7f8cb0df501410eef7e125427a1e2f5b92218
SHA512 3e3bb3a734e7c2ad085fd0d70dad4ea0d6cf450fab2ab813bf9c1c170e0e0a3d4cbfe7f009277f0a8830decff2487720aa5619f1062a25c410cbe73bfdbf3967

C:\Windows\System\OgrKgre.exe

MD5 c7484ff62ade48671fa3ac0af0843ef0
SHA1 91441655a0cae1f6c31f370f159f4131fc5d5119
SHA256 22ab7f8fe806b89d63076382e4859a2b1c7dd84302ea986648b8debf54248558
SHA512 9c5eae7e340075cc131fa018b998c1a934a5e9e81df5de00a1cd88563a6a47c99690522a38b73ca8a8c197ed2e1706dd3321d59256ba189dde941ad991f41798

C:\Windows\System\iLdGjYJ.exe

MD5 76d1e7af7896cb60067ad20e1a7b98cf
SHA1 f2d60eb73f93595718f0bc0f6f22c7bbfe7b91e2
SHA256 877f0e33f3f89d096713880e9a15fc55fd1904b9fc5701b9158b8100690a646d
SHA512 2962981dad73d3a38900c8f2740353dbca912c60b6f139576ff3cb71bdb8a5f76418617234646027b05d807013dafff9c7efa262a35d8f2c6a85d5f6abce830e

memory/3664-83-0x00007FF6B2B00000-0x00007FF6B2E54000-memory.dmp

memory/4584-80-0x00007FF6CA810000-0x00007FF6CAB64000-memory.dmp

memory/4632-70-0x00007FF7ED130000-0x00007FF7ED484000-memory.dmp

C:\Windows\System\HAyqqld.exe

MD5 037c2e0a9a06f560ed86f65ecd88377d
SHA1 904407b92fb0f143054975e4e127ed0a564e29f6
SHA256 7a4789245dd00f332e214207b98ead3b7008f675e9dbdd63dacbbc3162b794f4
SHA512 1b103b54a32b62e149bd4b74267ec5debf987739339cdd493c3251793b100ccf2ff925e5a17380c0bb2bd749da99b5fabaf10f933a3895961397651fa724fc2f

memory/4832-59-0x00007FF6601A0000-0x00007FF6604F4000-memory.dmp

C:\Windows\System\BSYdCHO.exe

MD5 3d5c0b88f1896f918b335ca7619ce558
SHA1 8accfd186b06adb380c0a961a7f66b5a461925de
SHA256 0723def1b70a0949367d05308a9a0e3040a1e34de644649e032ebe92f2b81923
SHA512 bb30a20f2c8ecddecee292207ffce3ffe1c462699d9de41824f9453c3ac26dc379a9ca654a176b990bfada21c3caab0524adbad3eefc7852566056aa3312f6f9

memory/5000-55-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

memory/956-44-0x00007FF784AE0000-0x00007FF784E34000-memory.dmp

memory/2648-33-0x00007FF7366E0000-0x00007FF736A34000-memory.dmp

memory/888-12-0x00007FF665A50000-0x00007FF665DA4000-memory.dmp

memory/2432-1070-0x00007FF62B5E0000-0x00007FF62B934000-memory.dmp

memory/888-1071-0x00007FF665A50000-0x00007FF665DA4000-memory.dmp

memory/2360-1072-0x00007FF67CFA0000-0x00007FF67D2F4000-memory.dmp

memory/2648-1073-0x00007FF7366E0000-0x00007FF736A34000-memory.dmp

memory/5000-1074-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

memory/2968-1077-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

memory/4584-1076-0x00007FF6CA810000-0x00007FF6CAB64000-memory.dmp

memory/4832-1075-0x00007FF6601A0000-0x00007FF6604F4000-memory.dmp

memory/4052-1078-0x00007FF66ACE0000-0x00007FF66B034000-memory.dmp

memory/956-1079-0x00007FF784AE0000-0x00007FF784E34000-memory.dmp

memory/4632-1080-0x00007FF7ED130000-0x00007FF7ED484000-memory.dmp

memory/3664-1081-0x00007FF6B2B00000-0x00007FF6B2E54000-memory.dmp

memory/1444-1082-0x00007FF7BB830000-0x00007FF7BBB84000-memory.dmp

memory/3700-1084-0x00007FF73A970000-0x00007FF73ACC4000-memory.dmp

memory/1020-1085-0x00007FF7B90E0000-0x00007FF7B9434000-memory.dmp

memory/2372-1083-0x00007FF7A0AD0000-0x00007FF7A0E24000-memory.dmp

memory/3720-1086-0x00007FF764190000-0x00007FF7644E4000-memory.dmp

memory/3832-1087-0x00007FF707E10000-0x00007FF708164000-memory.dmp

memory/888-1088-0x00007FF665A50000-0x00007FF665DA4000-memory.dmp

memory/2360-1089-0x00007FF67CFA0000-0x00007FF67D2F4000-memory.dmp

memory/2648-1090-0x00007FF7366E0000-0x00007FF736A34000-memory.dmp

memory/3132-1091-0x00007FF782390000-0x00007FF7826E4000-memory.dmp

memory/5000-1092-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

memory/4832-1094-0x00007FF6601A0000-0x00007FF6604F4000-memory.dmp

memory/956-1093-0x00007FF784AE0000-0x00007FF784E34000-memory.dmp

memory/4584-1095-0x00007FF6CA810000-0x00007FF6CAB64000-memory.dmp

memory/1856-1097-0x00007FF64E280000-0x00007FF64E5D4000-memory.dmp

memory/2968-1099-0x00007FF661DE0000-0x00007FF662134000-memory.dmp

memory/912-1098-0x00007FF692D80000-0x00007FF6930D4000-memory.dmp

memory/4632-1096-0x00007FF7ED130000-0x00007FF7ED484000-memory.dmp

memory/3664-1100-0x00007FF6B2B00000-0x00007FF6B2E54000-memory.dmp

memory/3176-1103-0x00007FF6BF740000-0x00007FF6BFA94000-memory.dmp

memory/4652-1107-0x00007FF7FB610000-0x00007FF7FB964000-memory.dmp

memory/2388-1108-0x00007FF7E81B0000-0x00007FF7E8504000-memory.dmp

memory/1020-1109-0x00007FF7B90E0000-0x00007FF7B9434000-memory.dmp

memory/388-1106-0x00007FF6A73F0000-0x00007FF6A7744000-memory.dmp

memory/4052-1105-0x00007FF66ACE0000-0x00007FF66B034000-memory.dmp

memory/1444-1104-0x00007FF7BB830000-0x00007FF7BBB84000-memory.dmp

memory/4940-1102-0x00007FF6C9310000-0x00007FF6C9664000-memory.dmp

memory/1324-1101-0x00007FF79CE90000-0x00007FF79D1E4000-memory.dmp

memory/1808-1114-0x00007FF7030E0000-0x00007FF703434000-memory.dmp

memory/2372-1113-0x00007FF7A0AD0000-0x00007FF7A0E24000-memory.dmp

memory/3720-1112-0x00007FF764190000-0x00007FF7644E4000-memory.dmp

memory/4228-1111-0x00007FF617320000-0x00007FF617674000-memory.dmp

memory/3700-1110-0x00007FF73A970000-0x00007FF73ACC4000-memory.dmp

memory/4892-1115-0x00007FF7F7F90000-0x00007FF7F82E4000-memory.dmp