Malware Analysis Report

2024-10-10 09:41

Sample ID 240625-kzeleatcpk
Target 4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
SHA256 4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5

Threat Level: Known bad

The file 4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

XMRig Miner payload

Xmrig family

xmrig

KPOT

KPOT Core Executable

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 09:02

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 09:02

Reported

2024-06-25 09:04

Platform

win7-20240221-en

Max time kernel

146s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\igfskJy.exe N/A
N/A N/A C:\Windows\System\YOhuIDh.exe N/A
N/A N/A C:\Windows\System\jElEEKQ.exe N/A
N/A N/A C:\Windows\System\OVwNoae.exe N/A
N/A N/A C:\Windows\System\WPGWjYy.exe N/A
N/A N/A C:\Windows\System\oCIGrsi.exe N/A
N/A N/A C:\Windows\System\NSxQJpM.exe N/A
N/A N/A C:\Windows\System\pJJvvcX.exe N/A
N/A N/A C:\Windows\System\CSqSbSS.exe N/A
N/A N/A C:\Windows\System\NZyBfUZ.exe N/A
N/A N/A C:\Windows\System\EPbFRSn.exe N/A
N/A N/A C:\Windows\System\ffpMpOr.exe N/A
N/A N/A C:\Windows\System\XBefTHQ.exe N/A
N/A N/A C:\Windows\System\NrVNSOI.exe N/A
N/A N/A C:\Windows\System\DyzYDhd.exe N/A
N/A N/A C:\Windows\System\bQfKYXG.exe N/A
N/A N/A C:\Windows\System\EafZoeq.exe N/A
N/A N/A C:\Windows\System\ROKxMWr.exe N/A
N/A N/A C:\Windows\System\JDLZkBY.exe N/A
N/A N/A C:\Windows\System\MCOPlAF.exe N/A
N/A N/A C:\Windows\System\SZReCAP.exe N/A
N/A N/A C:\Windows\System\aSDYgLr.exe N/A
N/A N/A C:\Windows\System\ZjTitwI.exe N/A
N/A N/A C:\Windows\System\zdwbCTt.exe N/A
N/A N/A C:\Windows\System\hIFpGHD.exe N/A
N/A N/A C:\Windows\System\SBsgdfY.exe N/A
N/A N/A C:\Windows\System\xxoHMej.exe N/A
N/A N/A C:\Windows\System\ACpiVnx.exe N/A
N/A N/A C:\Windows\System\msNMogz.exe N/A
N/A N/A C:\Windows\System\rAoOmEl.exe N/A
N/A N/A C:\Windows\System\hRTwgOO.exe N/A
N/A N/A C:\Windows\System\gIFOCvw.exe N/A
N/A N/A C:\Windows\System\uAYuBEK.exe N/A
N/A N/A C:\Windows\System\JcfieVb.exe N/A
N/A N/A C:\Windows\System\NtZMTeQ.exe N/A
N/A N/A C:\Windows\System\iWURzuc.exe N/A
N/A N/A C:\Windows\System\zozJAmd.exe N/A
N/A N/A C:\Windows\System\XsmCeyx.exe N/A
N/A N/A C:\Windows\System\neRUktO.exe N/A
N/A N/A C:\Windows\System\AxQQODd.exe N/A
N/A N/A C:\Windows\System\TgyfwWw.exe N/A
N/A N/A C:\Windows\System\TQnguDs.exe N/A
N/A N/A C:\Windows\System\gTCsDVk.exe N/A
N/A N/A C:\Windows\System\mdgeWuh.exe N/A
N/A N/A C:\Windows\System\cdhYUnx.exe N/A
N/A N/A C:\Windows\System\FkeTHoE.exe N/A
N/A N/A C:\Windows\System\nVYUwLM.exe N/A
N/A N/A C:\Windows\System\hoebOCe.exe N/A
N/A N/A C:\Windows\System\AkLIgcV.exe N/A
N/A N/A C:\Windows\System\qnXCXFx.exe N/A
N/A N/A C:\Windows\System\IEMjttV.exe N/A
N/A N/A C:\Windows\System\SZaRwUE.exe N/A
N/A N/A C:\Windows\System\VpyemSY.exe N/A
N/A N/A C:\Windows\System\AfnCSEa.exe N/A
N/A N/A C:\Windows\System\mZETlKQ.exe N/A
N/A N/A C:\Windows\System\isAhGeA.exe N/A
N/A N/A C:\Windows\System\KCIGiAd.exe N/A
N/A N/A C:\Windows\System\jRmmSRj.exe N/A
N/A N/A C:\Windows\System\ZuXZQcl.exe N/A
N/A N/A C:\Windows\System\BDcVhwD.exe N/A
N/A N/A C:\Windows\System\WivZilQ.exe N/A
N/A N/A C:\Windows\System\WErKVNf.exe N/A
N/A N/A C:\Windows\System\OCzRsGg.exe N/A
N/A N/A C:\Windows\System\Deiwbmq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ladUYyO.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFOxyxW.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEPkJPa.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwlblES.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCIGiAd.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\aSzYtxC.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\wbTNrGq.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nBAWFmv.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\lxFEYEm.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXOqRuh.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\zYaEXQq.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFXQrrc.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOhuIDh.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\TgyfwWw.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCzRsGg.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNccaGB.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWzgmLk.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\luBgKUr.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpyemSY.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHpCylv.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwRGzKH.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\EtUOPre.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcLwkJV.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\AmWnsCx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNJFHtN.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZROGKt.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIBaRTq.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZPeOTx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JKRcGWZ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXhSiOU.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ilgmwrz.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvMZCpZ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIYOBFW.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\chLmBLs.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JaxCAHH.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mdgeWuh.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwQohnf.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\MyoHXRL.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\swoFVAn.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNorwbt.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZZgqhM.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPGayBR.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTcQOBb.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\DyzYDhd.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACpiVnx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCyKvKn.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLqbzvh.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\neRUktO.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlfIYiS.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfQUbyR.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAoOmEl.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuXZQcl.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxrMfso.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ekUUmhx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FkeTHoE.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVYUwLM.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaFBWyl.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmTxCNm.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCsmPzo.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZReCAP.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQbyxPU.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOrjrYB.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTFIozg.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xLsqEHz.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2684 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\igfskJy.exe
PID 2684 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\igfskJy.exe
PID 2684 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\igfskJy.exe
PID 2684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YOhuIDh.exe
PID 2684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YOhuIDh.exe
PID 2684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YOhuIDh.exe
PID 2684 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\jElEEKQ.exe
PID 2684 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\jElEEKQ.exe
PID 2684 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\jElEEKQ.exe
PID 2684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\OVwNoae.exe
PID 2684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\OVwNoae.exe
PID 2684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\OVwNoae.exe
PID 2684 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\oCIGrsi.exe
PID 2684 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\oCIGrsi.exe
PID 2684 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\oCIGrsi.exe
PID 2684 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\WPGWjYy.exe
PID 2684 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\WPGWjYy.exe
PID 2684 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\WPGWjYy.exe
PID 2684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NSxQJpM.exe
PID 2684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NSxQJpM.exe
PID 2684 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NSxQJpM.exe
PID 2684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\pJJvvcX.exe
PID 2684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\pJJvvcX.exe
PID 2684 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\pJJvvcX.exe
PID 2684 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\CSqSbSS.exe
PID 2684 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\CSqSbSS.exe
PID 2684 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\CSqSbSS.exe
PID 2684 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NZyBfUZ.exe
PID 2684 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NZyBfUZ.exe
PID 2684 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NZyBfUZ.exe
PID 2684 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EPbFRSn.exe
PID 2684 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EPbFRSn.exe
PID 2684 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EPbFRSn.exe
PID 2684 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ffpMpOr.exe
PID 2684 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ffpMpOr.exe
PID 2684 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ffpMpOr.exe
PID 2684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XBefTHQ.exe
PID 2684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XBefTHQ.exe
PID 2684 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XBefTHQ.exe
PID 2684 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NrVNSOI.exe
PID 2684 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NrVNSOI.exe
PID 2684 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\NrVNSOI.exe
PID 2684 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\DyzYDhd.exe
PID 2684 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\DyzYDhd.exe
PID 2684 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\DyzYDhd.exe
PID 2684 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bQfKYXG.exe
PID 2684 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bQfKYXG.exe
PID 2684 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bQfKYXG.exe
PID 2684 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EafZoeq.exe
PID 2684 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EafZoeq.exe
PID 2684 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\EafZoeq.exe
PID 2684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ROKxMWr.exe
PID 2684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ROKxMWr.exe
PID 2684 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ROKxMWr.exe
PID 2684 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\JDLZkBY.exe
PID 2684 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\JDLZkBY.exe
PID 2684 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\JDLZkBY.exe
PID 2684 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\MCOPlAF.exe
PID 2684 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\MCOPlAF.exe
PID 2684 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\MCOPlAF.exe
PID 2684 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SZReCAP.exe
PID 2684 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SZReCAP.exe
PID 2684 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SZReCAP.exe
PID 2684 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\aSDYgLr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe"

C:\Windows\System\igfskJy.exe

C:\Windows\System\igfskJy.exe

C:\Windows\System\YOhuIDh.exe

C:\Windows\System\YOhuIDh.exe

C:\Windows\System\jElEEKQ.exe

C:\Windows\System\jElEEKQ.exe

C:\Windows\System\OVwNoae.exe

C:\Windows\System\OVwNoae.exe

C:\Windows\System\oCIGrsi.exe

C:\Windows\System\oCIGrsi.exe

C:\Windows\System\WPGWjYy.exe

C:\Windows\System\WPGWjYy.exe

C:\Windows\System\NSxQJpM.exe

C:\Windows\System\NSxQJpM.exe

C:\Windows\System\pJJvvcX.exe

C:\Windows\System\pJJvvcX.exe

C:\Windows\System\CSqSbSS.exe

C:\Windows\System\CSqSbSS.exe

C:\Windows\System\NZyBfUZ.exe

C:\Windows\System\NZyBfUZ.exe

C:\Windows\System\EPbFRSn.exe

C:\Windows\System\EPbFRSn.exe

C:\Windows\System\ffpMpOr.exe

C:\Windows\System\ffpMpOr.exe

C:\Windows\System\XBefTHQ.exe

C:\Windows\System\XBefTHQ.exe

C:\Windows\System\NrVNSOI.exe

C:\Windows\System\NrVNSOI.exe

C:\Windows\System\DyzYDhd.exe

C:\Windows\System\DyzYDhd.exe

C:\Windows\System\bQfKYXG.exe

C:\Windows\System\bQfKYXG.exe

C:\Windows\System\EafZoeq.exe

C:\Windows\System\EafZoeq.exe

C:\Windows\System\ROKxMWr.exe

C:\Windows\System\ROKxMWr.exe

C:\Windows\System\JDLZkBY.exe

C:\Windows\System\JDLZkBY.exe

C:\Windows\System\MCOPlAF.exe

C:\Windows\System\MCOPlAF.exe

C:\Windows\System\SZReCAP.exe

C:\Windows\System\SZReCAP.exe

C:\Windows\System\aSDYgLr.exe

C:\Windows\System\aSDYgLr.exe

C:\Windows\System\ZjTitwI.exe

C:\Windows\System\ZjTitwI.exe

C:\Windows\System\zdwbCTt.exe

C:\Windows\System\zdwbCTt.exe

C:\Windows\System\hIFpGHD.exe

C:\Windows\System\hIFpGHD.exe

C:\Windows\System\SBsgdfY.exe

C:\Windows\System\SBsgdfY.exe

C:\Windows\System\xxoHMej.exe

C:\Windows\System\xxoHMej.exe

C:\Windows\System\ACpiVnx.exe

C:\Windows\System\ACpiVnx.exe

C:\Windows\System\msNMogz.exe

C:\Windows\System\msNMogz.exe

C:\Windows\System\rAoOmEl.exe

C:\Windows\System\rAoOmEl.exe

C:\Windows\System\hRTwgOO.exe

C:\Windows\System\hRTwgOO.exe

C:\Windows\System\gIFOCvw.exe

C:\Windows\System\gIFOCvw.exe

C:\Windows\System\uAYuBEK.exe

C:\Windows\System\uAYuBEK.exe

C:\Windows\System\JcfieVb.exe

C:\Windows\System\JcfieVb.exe

C:\Windows\System\NtZMTeQ.exe

C:\Windows\System\NtZMTeQ.exe

C:\Windows\System\iWURzuc.exe

C:\Windows\System\iWURzuc.exe

C:\Windows\System\zozJAmd.exe

C:\Windows\System\zozJAmd.exe

C:\Windows\System\XsmCeyx.exe

C:\Windows\System\XsmCeyx.exe

C:\Windows\System\neRUktO.exe

C:\Windows\System\neRUktO.exe

C:\Windows\System\AxQQODd.exe

C:\Windows\System\AxQQODd.exe

C:\Windows\System\TgyfwWw.exe

C:\Windows\System\TgyfwWw.exe

C:\Windows\System\TQnguDs.exe

C:\Windows\System\TQnguDs.exe

C:\Windows\System\gTCsDVk.exe

C:\Windows\System\gTCsDVk.exe

C:\Windows\System\mdgeWuh.exe

C:\Windows\System\mdgeWuh.exe

C:\Windows\System\cdhYUnx.exe

C:\Windows\System\cdhYUnx.exe

C:\Windows\System\FkeTHoE.exe

C:\Windows\System\FkeTHoE.exe

C:\Windows\System\nVYUwLM.exe

C:\Windows\System\nVYUwLM.exe

C:\Windows\System\hoebOCe.exe

C:\Windows\System\hoebOCe.exe

C:\Windows\System\AkLIgcV.exe

C:\Windows\System\AkLIgcV.exe

C:\Windows\System\qnXCXFx.exe

C:\Windows\System\qnXCXFx.exe

C:\Windows\System\IEMjttV.exe

C:\Windows\System\IEMjttV.exe

C:\Windows\System\SZaRwUE.exe

C:\Windows\System\SZaRwUE.exe

C:\Windows\System\VpyemSY.exe

C:\Windows\System\VpyemSY.exe

C:\Windows\System\AfnCSEa.exe

C:\Windows\System\AfnCSEa.exe

C:\Windows\System\mZETlKQ.exe

C:\Windows\System\mZETlKQ.exe

C:\Windows\System\isAhGeA.exe

C:\Windows\System\isAhGeA.exe

C:\Windows\System\KCIGiAd.exe

C:\Windows\System\KCIGiAd.exe

C:\Windows\System\jRmmSRj.exe

C:\Windows\System\jRmmSRj.exe

C:\Windows\System\ZuXZQcl.exe

C:\Windows\System\ZuXZQcl.exe

C:\Windows\System\BDcVhwD.exe

C:\Windows\System\BDcVhwD.exe

C:\Windows\System\WivZilQ.exe

C:\Windows\System\WivZilQ.exe

C:\Windows\System\WErKVNf.exe

C:\Windows\System\WErKVNf.exe

C:\Windows\System\OCzRsGg.exe

C:\Windows\System\OCzRsGg.exe

C:\Windows\System\Deiwbmq.exe

C:\Windows\System\Deiwbmq.exe

C:\Windows\System\QBZwyaJ.exe

C:\Windows\System\QBZwyaJ.exe

C:\Windows\System\mNJFHtN.exe

C:\Windows\System\mNJFHtN.exe

C:\Windows\System\PZROGKt.exe

C:\Windows\System\PZROGKt.exe

C:\Windows\System\JXJkSVr.exe

C:\Windows\System\JXJkSVr.exe

C:\Windows\System\QkxmAQA.exe

C:\Windows\System\QkxmAQA.exe

C:\Windows\System\bQbyxPU.exe

C:\Windows\System\bQbyxPU.exe

C:\Windows\System\iBIWllg.exe

C:\Windows\System\iBIWllg.exe

C:\Windows\System\AFOxyxW.exe

C:\Windows\System\AFOxyxW.exe

C:\Windows\System\OXTVBdw.exe

C:\Windows\System\OXTVBdw.exe

C:\Windows\System\lmOGqlZ.exe

C:\Windows\System\lmOGqlZ.exe

C:\Windows\System\CJcInYK.exe

C:\Windows\System\CJcInYK.exe

C:\Windows\System\edmstOh.exe

C:\Windows\System\edmstOh.exe

C:\Windows\System\AnzfAEW.exe

C:\Windows\System\AnzfAEW.exe

C:\Windows\System\giASIRB.exe

C:\Windows\System\giASIRB.exe

C:\Windows\System\QXGeCNC.exe

C:\Windows\System\QXGeCNC.exe

C:\Windows\System\DHfPlQE.exe

C:\Windows\System\DHfPlQE.exe

C:\Windows\System\hIBaRTq.exe

C:\Windows\System\hIBaRTq.exe

C:\Windows\System\QlfIYiS.exe

C:\Windows\System\QlfIYiS.exe

C:\Windows\System\nRixsxV.exe

C:\Windows\System\nRixsxV.exe

C:\Windows\System\Rntlxhy.exe

C:\Windows\System\Rntlxhy.exe

C:\Windows\System\JJnVztq.exe

C:\Windows\System\JJnVztq.exe

C:\Windows\System\nHpCylv.exe

C:\Windows\System\nHpCylv.exe

C:\Windows\System\CUrqSgZ.exe

C:\Windows\System\CUrqSgZ.exe

C:\Windows\System\nBAWFmv.exe

C:\Windows\System\nBAWFmv.exe

C:\Windows\System\djfatKb.exe

C:\Windows\System\djfatKb.exe

C:\Windows\System\CXiuxnv.exe

C:\Windows\System\CXiuxnv.exe

C:\Windows\System\RTHOYjB.exe

C:\Windows\System\RTHOYjB.exe

C:\Windows\System\MNIROMZ.exe

C:\Windows\System\MNIROMZ.exe

C:\Windows\System\LdfwyEM.exe

C:\Windows\System\LdfwyEM.exe

C:\Windows\System\PWFJlEl.exe

C:\Windows\System\PWFJlEl.exe

C:\Windows\System\STfnLEA.exe

C:\Windows\System\STfnLEA.exe

C:\Windows\System\stGXDtA.exe

C:\Windows\System\stGXDtA.exe

C:\Windows\System\wZNrFWJ.exe

C:\Windows\System\wZNrFWJ.exe

C:\Windows\System\eEYjglN.exe

C:\Windows\System\eEYjglN.exe

C:\Windows\System\ngRjYwP.exe

C:\Windows\System\ngRjYwP.exe

C:\Windows\System\HgJofyS.exe

C:\Windows\System\HgJofyS.exe

C:\Windows\System\zJftDyr.exe

C:\Windows\System\zJftDyr.exe

C:\Windows\System\eIPjumI.exe

C:\Windows\System\eIPjumI.exe

C:\Windows\System\jTFIozg.exe

C:\Windows\System\jTFIozg.exe

C:\Windows\System\SOPUraO.exe

C:\Windows\System\SOPUraO.exe

C:\Windows\System\uCkUvoC.exe

C:\Windows\System\uCkUvoC.exe

C:\Windows\System\Lgqoagr.exe

C:\Windows\System\Lgqoagr.exe

C:\Windows\System\KIBimgv.exe

C:\Windows\System\KIBimgv.exe

C:\Windows\System\scPCKtB.exe

C:\Windows\System\scPCKtB.exe

C:\Windows\System\vIryAWt.exe

C:\Windows\System\vIryAWt.exe

C:\Windows\System\vFTDBqP.exe

C:\Windows\System\vFTDBqP.exe

C:\Windows\System\dezTKHu.exe

C:\Windows\System\dezTKHu.exe

C:\Windows\System\daiwELk.exe

C:\Windows\System\daiwELk.exe

C:\Windows\System\apZzPmO.exe

C:\Windows\System\apZzPmO.exe

C:\Windows\System\zvZLLeB.exe

C:\Windows\System\zvZLLeB.exe

C:\Windows\System\UTMogUc.exe

C:\Windows\System\UTMogUc.exe

C:\Windows\System\JKRcGWZ.exe

C:\Windows\System\JKRcGWZ.exe

C:\Windows\System\EBeZEXS.exe

C:\Windows\System\EBeZEXS.exe

C:\Windows\System\DlZgTnb.exe

C:\Windows\System\DlZgTnb.exe

C:\Windows\System\OsymfVs.exe

C:\Windows\System\OsymfVs.exe

C:\Windows\System\YgYBsXT.exe

C:\Windows\System\YgYBsXT.exe

C:\Windows\System\yaFBWyl.exe

C:\Windows\System\yaFBWyl.exe

C:\Windows\System\YOiXflq.exe

C:\Windows\System\YOiXflq.exe

C:\Windows\System\hkocllC.exe

C:\Windows\System\hkocllC.exe

C:\Windows\System\EtUOPre.exe

C:\Windows\System\EtUOPre.exe

C:\Windows\System\txabHOG.exe

C:\Windows\System\txabHOG.exe

C:\Windows\System\dzKEIoh.exe

C:\Windows\System\dzKEIoh.exe

C:\Windows\System\JZrOKyH.exe

C:\Windows\System\JZrOKyH.exe

C:\Windows\System\ziKIpYN.exe

C:\Windows\System\ziKIpYN.exe

C:\Windows\System\EhyGLFG.exe

C:\Windows\System\EhyGLFG.exe

C:\Windows\System\uKTstbB.exe

C:\Windows\System\uKTstbB.exe

C:\Windows\System\fcCPOLC.exe

C:\Windows\System\fcCPOLC.exe

C:\Windows\System\rlsQIaN.exe

C:\Windows\System\rlsQIaN.exe

C:\Windows\System\gjwGYda.exe

C:\Windows\System\gjwGYda.exe

C:\Windows\System\rcYvrfE.exe

C:\Windows\System\rcYvrfE.exe

C:\Windows\System\VABqSrg.exe

C:\Windows\System\VABqSrg.exe

C:\Windows\System\xTqXfyN.exe

C:\Windows\System\xTqXfyN.exe

C:\Windows\System\JbLlACw.exe

C:\Windows\System\JbLlACw.exe

C:\Windows\System\dRXOfVw.exe

C:\Windows\System\dRXOfVw.exe

C:\Windows\System\FZGSAXU.exe

C:\Windows\System\FZGSAXU.exe

C:\Windows\System\wPqSVQs.exe

C:\Windows\System\wPqSVQs.exe

C:\Windows\System\VvGjIiM.exe

C:\Windows\System\VvGjIiM.exe

C:\Windows\System\xirpCKD.exe

C:\Windows\System\xirpCKD.exe

C:\Windows\System\HsRWuuQ.exe

C:\Windows\System\HsRWuuQ.exe

C:\Windows\System\MsiwMFe.exe

C:\Windows\System\MsiwMFe.exe

C:\Windows\System\YpPJnRA.exe

C:\Windows\System\YpPJnRA.exe

C:\Windows\System\gCyKvKn.exe

C:\Windows\System\gCyKvKn.exe

C:\Windows\System\uCvomJm.exe

C:\Windows\System\uCvomJm.exe

C:\Windows\System\BwQohnf.exe

C:\Windows\System\BwQohnf.exe

C:\Windows\System\gMDcHGB.exe

C:\Windows\System\gMDcHGB.exe

C:\Windows\System\zcLwkJV.exe

C:\Windows\System\zcLwkJV.exe

C:\Windows\System\ipmUMSU.exe

C:\Windows\System\ipmUMSU.exe

C:\Windows\System\MyoHXRL.exe

C:\Windows\System\MyoHXRL.exe

C:\Windows\System\lxFEYEm.exe

C:\Windows\System\lxFEYEm.exe

C:\Windows\System\AmWnsCx.exe

C:\Windows\System\AmWnsCx.exe

C:\Windows\System\xIDJehC.exe

C:\Windows\System\xIDJehC.exe

C:\Windows\System\rBSNUPz.exe

C:\Windows\System\rBSNUPz.exe

C:\Windows\System\AFMvSPP.exe

C:\Windows\System\AFMvSPP.exe

C:\Windows\System\UPueAZC.exe

C:\Windows\System\UPueAZC.exe

C:\Windows\System\KSLUbJr.exe

C:\Windows\System\KSLUbJr.exe

C:\Windows\System\sZFSKrn.exe

C:\Windows\System\sZFSKrn.exe

C:\Windows\System\uNqpNDj.exe

C:\Windows\System\uNqpNDj.exe

C:\Windows\System\sDCvKpy.exe

C:\Windows\System\sDCvKpy.exe

C:\Windows\System\qsbtXDu.exe

C:\Windows\System\qsbtXDu.exe

C:\Windows\System\iKsgsAt.exe

C:\Windows\System\iKsgsAt.exe

C:\Windows\System\oYtoQXw.exe

C:\Windows\System\oYtoQXw.exe

C:\Windows\System\ToEMHXd.exe

C:\Windows\System\ToEMHXd.exe

C:\Windows\System\psxiRcQ.exe

C:\Windows\System\psxiRcQ.exe

C:\Windows\System\VtzbINT.exe

C:\Windows\System\VtzbINT.exe

C:\Windows\System\EhCPdAQ.exe

C:\Windows\System\EhCPdAQ.exe

C:\Windows\System\LSeYUVn.exe

C:\Windows\System\LSeYUVn.exe

C:\Windows\System\dbSMQjp.exe

C:\Windows\System\dbSMQjp.exe

C:\Windows\System\uwRGzKH.exe

C:\Windows\System\uwRGzKH.exe

C:\Windows\System\XBWHTyc.exe

C:\Windows\System\XBWHTyc.exe

C:\Windows\System\XfQUbyR.exe

C:\Windows\System\XfQUbyR.exe

C:\Windows\System\anFvIlN.exe

C:\Windows\System\anFvIlN.exe

C:\Windows\System\aSzYtxC.exe

C:\Windows\System\aSzYtxC.exe

C:\Windows\System\DjKygeF.exe

C:\Windows\System\DjKygeF.exe

C:\Windows\System\BlxboQk.exe

C:\Windows\System\BlxboQk.exe

C:\Windows\System\ttxESmT.exe

C:\Windows\System\ttxESmT.exe

C:\Windows\System\VnYvldg.exe

C:\Windows\System\VnYvldg.exe

C:\Windows\System\MOMeFQd.exe

C:\Windows\System\MOMeFQd.exe

C:\Windows\System\HOrjrYB.exe

C:\Windows\System\HOrjrYB.exe

C:\Windows\System\hHMaRfW.exe

C:\Windows\System\hHMaRfW.exe

C:\Windows\System\jntElEB.exe

C:\Windows\System\jntElEB.exe

C:\Windows\System\FbJCqvK.exe

C:\Windows\System\FbJCqvK.exe

C:\Windows\System\qcFELwQ.exe

C:\Windows\System\qcFELwQ.exe

C:\Windows\System\xLsqEHz.exe

C:\Windows\System\xLsqEHz.exe

C:\Windows\System\eWxVVBa.exe

C:\Windows\System\eWxVVBa.exe

C:\Windows\System\xxrMfso.exe

C:\Windows\System\xxrMfso.exe

C:\Windows\System\CzJHHkx.exe

C:\Windows\System\CzJHHkx.exe

C:\Windows\System\trHHQgc.exe

C:\Windows\System\trHHQgc.exe

C:\Windows\System\nBfvVWY.exe

C:\Windows\System\nBfvVWY.exe

C:\Windows\System\ueiBCfI.exe

C:\Windows\System\ueiBCfI.exe

C:\Windows\System\yOOJKpU.exe

C:\Windows\System\yOOJKpU.exe

C:\Windows\System\ECVjUjz.exe

C:\Windows\System\ECVjUjz.exe

C:\Windows\System\MvMZCpZ.exe

C:\Windows\System\MvMZCpZ.exe

C:\Windows\System\xFRJrtD.exe

C:\Windows\System\xFRJrtD.exe

C:\Windows\System\hgcVmKi.exe

C:\Windows\System\hgcVmKi.exe

C:\Windows\System\PfHyrrz.exe

C:\Windows\System\PfHyrrz.exe

C:\Windows\System\OXjEiHP.exe

C:\Windows\System\OXjEiHP.exe

C:\Windows\System\ykzGzRO.exe

C:\Windows\System\ykzGzRO.exe

C:\Windows\System\mqumOeL.exe

C:\Windows\System\mqumOeL.exe

C:\Windows\System\UzyPDeu.exe

C:\Windows\System\UzyPDeu.exe

C:\Windows\System\dcnRLEN.exe

C:\Windows\System\dcnRLEN.exe

C:\Windows\System\DtfOuDG.exe

C:\Windows\System\DtfOuDG.exe

C:\Windows\System\hNGsphP.exe

C:\Windows\System\hNGsphP.exe

C:\Windows\System\alkjOmQ.exe

C:\Windows\System\alkjOmQ.exe

C:\Windows\System\xzmoGSw.exe

C:\Windows\System\xzmoGSw.exe

C:\Windows\System\nPANdmA.exe

C:\Windows\System\nPANdmA.exe

C:\Windows\System\QNfgQmB.exe

C:\Windows\System\QNfgQmB.exe

C:\Windows\System\RtpVMaX.exe

C:\Windows\System\RtpVMaX.exe

C:\Windows\System\XheMqQj.exe

C:\Windows\System\XheMqQj.exe

C:\Windows\System\swoFVAn.exe

C:\Windows\System\swoFVAn.exe

C:\Windows\System\RaQHjjs.exe

C:\Windows\System\RaQHjjs.exe

C:\Windows\System\dGimrXl.exe

C:\Windows\System\dGimrXl.exe

C:\Windows\System\tiPXLYM.exe

C:\Windows\System\tiPXLYM.exe

C:\Windows\System\DEPkJPa.exe

C:\Windows\System\DEPkJPa.exe

C:\Windows\System\WXjLpej.exe

C:\Windows\System\WXjLpej.exe

C:\Windows\System\ZnyLrPD.exe

C:\Windows\System\ZnyLrPD.exe

C:\Windows\System\IlgeqPW.exe

C:\Windows\System\IlgeqPW.exe

C:\Windows\System\XeiWtPT.exe

C:\Windows\System\XeiWtPT.exe

C:\Windows\System\tJvoglc.exe

C:\Windows\System\tJvoglc.exe

C:\Windows\System\ocHmQQg.exe

C:\Windows\System\ocHmQQg.exe

C:\Windows\System\QndNsxt.exe

C:\Windows\System\QndNsxt.exe

C:\Windows\System\mmTxCNm.exe

C:\Windows\System\mmTxCNm.exe

C:\Windows\System\LDqathv.exe

C:\Windows\System\LDqathv.exe

C:\Windows\System\diPnppd.exe

C:\Windows\System\diPnppd.exe

C:\Windows\System\YIYOBFW.exe

C:\Windows\System\YIYOBFW.exe

C:\Windows\System\BNorwbt.exe

C:\Windows\System\BNorwbt.exe

C:\Windows\System\mwkLovH.exe

C:\Windows\System\mwkLovH.exe

C:\Windows\System\edQpXUZ.exe

C:\Windows\System\edQpXUZ.exe

C:\Windows\System\kWxJGsT.exe

C:\Windows\System\kWxJGsT.exe

C:\Windows\System\oIQLtOh.exe

C:\Windows\System\oIQLtOh.exe

C:\Windows\System\EyTblOa.exe

C:\Windows\System\EyTblOa.exe

C:\Windows\System\hBJxhKz.exe

C:\Windows\System\hBJxhKz.exe

C:\Windows\System\uknngtL.exe

C:\Windows\System\uknngtL.exe

C:\Windows\System\TYsnJes.exe

C:\Windows\System\TYsnJes.exe

C:\Windows\System\TBVKuYI.exe

C:\Windows\System\TBVKuYI.exe

C:\Windows\System\iNccaGB.exe

C:\Windows\System\iNccaGB.exe

C:\Windows\System\kkCvFKQ.exe

C:\Windows\System\kkCvFKQ.exe

C:\Windows\System\vhgfEIR.exe

C:\Windows\System\vhgfEIR.exe

C:\Windows\System\chLmBLs.exe

C:\Windows\System\chLmBLs.exe

C:\Windows\System\CFwvrFR.exe

C:\Windows\System\CFwvrFR.exe

C:\Windows\System\ZsqwkHE.exe

C:\Windows\System\ZsqwkHE.exe

C:\Windows\System\geYPVWH.exe

C:\Windows\System\geYPVWH.exe

C:\Windows\System\nHwDZPh.exe

C:\Windows\System\nHwDZPh.exe

C:\Windows\System\HeJXAbW.exe

C:\Windows\System\HeJXAbW.exe

C:\Windows\System\PkImYpQ.exe

C:\Windows\System\PkImYpQ.exe

C:\Windows\System\ekUUmhx.exe

C:\Windows\System\ekUUmhx.exe

C:\Windows\System\cwlblES.exe

C:\Windows\System\cwlblES.exe

C:\Windows\System\SZZgqhM.exe

C:\Windows\System\SZZgqhM.exe

C:\Windows\System\aExsHRs.exe

C:\Windows\System\aExsHRs.exe

C:\Windows\System\SgaQVFt.exe

C:\Windows\System\SgaQVFt.exe

C:\Windows\System\SmwUIDD.exe

C:\Windows\System\SmwUIDD.exe

C:\Windows\System\ZRqmbcW.exe

C:\Windows\System\ZRqmbcW.exe

C:\Windows\System\AWehZlD.exe

C:\Windows\System\AWehZlD.exe

C:\Windows\System\IzXhRyM.exe

C:\Windows\System\IzXhRyM.exe

C:\Windows\System\uDfypXf.exe

C:\Windows\System\uDfypXf.exe

C:\Windows\System\uRuCCcf.exe

C:\Windows\System\uRuCCcf.exe

C:\Windows\System\PRTfqvr.exe

C:\Windows\System\PRTfqvr.exe

C:\Windows\System\nVXCoeg.exe

C:\Windows\System\nVXCoeg.exe

C:\Windows\System\aNEdSjl.exe

C:\Windows\System\aNEdSjl.exe

C:\Windows\System\rCkvtJT.exe

C:\Windows\System\rCkvtJT.exe

C:\Windows\System\cppvssx.exe

C:\Windows\System\cppvssx.exe

C:\Windows\System\qxSwjCd.exe

C:\Windows\System\qxSwjCd.exe

C:\Windows\System\zJuwsLO.exe

C:\Windows\System\zJuwsLO.exe

C:\Windows\System\IYrIpRT.exe

C:\Windows\System\IYrIpRT.exe

C:\Windows\System\IuuxILA.exe

C:\Windows\System\IuuxILA.exe

C:\Windows\System\SVJgLBD.exe

C:\Windows\System\SVJgLBD.exe

C:\Windows\System\cJgZYjt.exe

C:\Windows\System\cJgZYjt.exe

C:\Windows\System\LrCAPnx.exe

C:\Windows\System\LrCAPnx.exe

C:\Windows\System\TZPPTst.exe

C:\Windows\System\TZPPTst.exe

C:\Windows\System\vVtShOp.exe

C:\Windows\System\vVtShOp.exe

C:\Windows\System\ladUYyO.exe

C:\Windows\System\ladUYyO.exe

C:\Windows\System\JaxCAHH.exe

C:\Windows\System\JaxCAHH.exe

C:\Windows\System\UCsmPzo.exe

C:\Windows\System\UCsmPzo.exe

C:\Windows\System\FPGayBR.exe

C:\Windows\System\FPGayBR.exe

C:\Windows\System\lvFIHQx.exe

C:\Windows\System\lvFIHQx.exe

C:\Windows\System\GXhSiOU.exe

C:\Windows\System\GXhSiOU.exe

C:\Windows\System\DgbvirM.exe

C:\Windows\System\DgbvirM.exe

C:\Windows\System\LTcQOBb.exe

C:\Windows\System\LTcQOBb.exe

C:\Windows\System\gXOqRuh.exe

C:\Windows\System\gXOqRuh.exe

C:\Windows\System\ijNQWhX.exe

C:\Windows\System\ijNQWhX.exe

C:\Windows\System\UleghuX.exe

C:\Windows\System\UleghuX.exe

C:\Windows\System\eCtYbDK.exe

C:\Windows\System\eCtYbDK.exe

C:\Windows\System\sHbrxaY.exe

C:\Windows\System\sHbrxaY.exe

C:\Windows\System\gyWSliL.exe

C:\Windows\System\gyWSliL.exe

C:\Windows\System\ZGjrgww.exe

C:\Windows\System\ZGjrgww.exe

C:\Windows\System\wbTNrGq.exe

C:\Windows\System\wbTNrGq.exe

C:\Windows\System\VuQhYNg.exe

C:\Windows\System\VuQhYNg.exe

C:\Windows\System\RWgEWQz.exe

C:\Windows\System\RWgEWQz.exe

C:\Windows\System\UWzgmLk.exe

C:\Windows\System\UWzgmLk.exe

C:\Windows\System\zYaEXQq.exe

C:\Windows\System\zYaEXQq.exe

C:\Windows\System\lFYrKNQ.exe

C:\Windows\System\lFYrKNQ.exe

C:\Windows\System\qubhOtc.exe

C:\Windows\System\qubhOtc.exe

C:\Windows\System\Ilgmwrz.exe

C:\Windows\System\Ilgmwrz.exe

C:\Windows\System\PjBLtSD.exe

C:\Windows\System\PjBLtSD.exe

C:\Windows\System\SkyRQuM.exe

C:\Windows\System\SkyRQuM.exe

C:\Windows\System\uMdcUps.exe

C:\Windows\System\uMdcUps.exe

C:\Windows\System\kEJaeyI.exe

C:\Windows\System\kEJaeyI.exe

C:\Windows\System\gJLbJin.exe

C:\Windows\System\gJLbJin.exe

C:\Windows\System\QuZRqFg.exe

C:\Windows\System\QuZRqFg.exe

C:\Windows\System\IeSHOln.exe

C:\Windows\System\IeSHOln.exe

C:\Windows\System\ShWWnHZ.exe

C:\Windows\System\ShWWnHZ.exe

C:\Windows\System\luBgKUr.exe

C:\Windows\System\luBgKUr.exe

C:\Windows\System\HrKAQRm.exe

C:\Windows\System\HrKAQRm.exe

C:\Windows\System\lTBGaYc.exe

C:\Windows\System\lTBGaYc.exe

C:\Windows\System\LFsSMbK.exe

C:\Windows\System\LFsSMbK.exe

C:\Windows\System\FLqbzvh.exe

C:\Windows\System\FLqbzvh.exe

C:\Windows\System\VtZcftr.exe

C:\Windows\System\VtZcftr.exe

C:\Windows\System\shNGYgD.exe

C:\Windows\System\shNGYgD.exe

C:\Windows\System\bflHyGJ.exe

C:\Windows\System\bflHyGJ.exe

C:\Windows\System\adjzPqx.exe

C:\Windows\System\adjzPqx.exe

C:\Windows\System\LTOyakH.exe

C:\Windows\System\LTOyakH.exe

C:\Windows\System\HFXQrrc.exe

C:\Windows\System\HFXQrrc.exe

C:\Windows\System\BSktijY.exe

C:\Windows\System\BSktijY.exe

C:\Windows\System\rADMKvm.exe

C:\Windows\System\rADMKvm.exe

C:\Windows\System\gmOxUkS.exe

C:\Windows\System\gmOxUkS.exe

C:\Windows\System\rAhuaWl.exe

C:\Windows\System\rAhuaWl.exe

C:\Windows\System\VZPeOTx.exe

C:\Windows\System\VZPeOTx.exe

C:\Windows\System\UfaGUcJ.exe

C:\Windows\System\UfaGUcJ.exe

C:\Windows\System\wzduLtq.exe

C:\Windows\System\wzduLtq.exe

C:\Windows\System\QqksCRv.exe

C:\Windows\System\QqksCRv.exe

C:\Windows\System\ZDeOKKi.exe

C:\Windows\System\ZDeOKKi.exe

C:\Windows\System\lMfjsqA.exe

C:\Windows\System\lMfjsqA.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2684-0-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2684-1-0x0000000000200000-0x0000000000210000-memory.dmp

\Windows\system\igfskJy.exe

MD5 bdf7d96d7c3129a0e6a3afcd5afb31b4
SHA1 70a9f8f7e44ffb553d9713c57cbd79cbdb5c0c0c
SHA256 82ed74b9a4c14331d7af52731952bca771380c9135654d4abedb665840b257e6
SHA512 2ae5b8aa3bffa68592266352241049f42f531cf0ceb9a341543fe4d3c21e6013f1d7a6a58dab59969d5185845c8debad22fc345b3d3a2c8dfdc38b45b15318b1

memory/2684-6-0x000000013F660000-0x000000013F9B4000-memory.dmp

\Windows\system\YOhuIDh.exe

MD5 6a57f2d182f78fce88c671849195da89
SHA1 09adb8ba4f6214ce0f26678d70dd094f42f039d1
SHA256 caa43357febc9095c25ebb7f54f0116821c87110974d7ff0ceca29a43e9c282a
SHA512 233a547b3dfe756f0053d43762f99165bd626844b414fd0febcdfdc17c829f93cc392e3c127e3e2709275d9fdeb5e8ae9368d12add751dc1e542bf60a1289f5b

memory/2788-15-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2684-14-0x0000000002000000-0x0000000002354000-memory.dmp

C:\Windows\system\jElEEKQ.exe

MD5 ee99aa03c40d2d6b4b822a25e99914b7
SHA1 40d2ea1b1e8892aeb08ab5851446d8e71e1b0f4f
SHA256 300d33e1bcfc283e9f32de42e98bd5ade1b7b61b643f44a21056dfa1d105f302
SHA512 573ab14652fb99056e7d4885e48a4d750531d4478c8daa3147d9ce593e5c18818d953828e9150c59c0156d09291330e666f422cea760d330042a57085332a68a

\Windows\system\WPGWjYy.exe

MD5 99605a19e08a80371240d24c62e32068
SHA1 4a603028b15dc172f117575f1bca674abceaec88
SHA256 0d9fcb63d8cb9eb658e706cbd7a0a550b4014b6eade72beb57251d0878e928da
SHA512 938d2c4173ca48c1efb7cbd614f3bef440dd434b712ff28c8708470aef30b4c194d514c03ec426c47cb4c480c955b145b13bdc156fc0f2465458cb381a9c58c1

memory/3056-22-0x000000013FB80000-0x000000013FED4000-memory.dmp

\Windows\system\OVwNoae.exe

MD5 bbaca49c13f5d704bfe011f719c4cf17
SHA1 862719d463f33b4db785e767ca1ca5c1d8fe068c
SHA256 8839298431bd19c488f86cead169b51577cbf54f2f4f531d45646b0a0f9bb10a
SHA512 a9b824cfc5d0d1dc023c8ccc36ee8556cdf4fd3d757b14f60991aeafd969ef2763bed28ecb84be5400682b338fb88c610fc37f65db286a5515b341289f2e4a10

\Windows\system\pJJvvcX.exe

MD5 795d5f95d7ada00bd630e01086db1c3f
SHA1 5b61361dd44797a16bf925806c476629a3670a21
SHA256 27b84028e023728b311dc89b017c9b6c3c58d121ee4bbe7c227fd8e701c57a9b
SHA512 abeade2971e048684ca8532e6d4926a8b228ea6f3a66b33117c2e793f3604dd8db8a4ce8d504420439602a0017c6693219e360ce0c55395e67d87e00e4448956

memory/2684-36-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2684-54-0x0000000002000000-0x0000000002354000-memory.dmp

C:\Windows\system\CSqSbSS.exe

MD5 7b4e95477cfa210c9f2ba1f811c2349a
SHA1 0d8191d0c76ff095779dc44bab4301c32960b0cf
SHA256 4692a525731ad255867e208268c0c04d071291855480514d99650af48cabb81f
SHA512 70e2fa205c81ab92070b6c920284ab3a5bf08aae183ae19e32e3be59e8d0ec0f584aa5700a18b91f001b88eb2c344bf85542a0273a840a9e7f130e0a27307610

C:\Windows\system\ffpMpOr.exe

MD5 3d2bda3fe64b4c53cff28f6866370d14
SHA1 33e432848fbeb277a1204f2061193feda90fbc55
SHA256 b9bf3299ab1149decfad8aa94d4c58ab18b21238a47e63751aeb5e84156bb98a
SHA512 a29b93cb1d357a1c6e28f5299e61aebf09f73d9460107ed8eda19f8f75957f4337fc4df054cfe3399f6c7ceb5c429916fd6a3f51a32f17f0d71a082bbb485546

memory/2564-100-0x000000013F950000-0x000000013FCA4000-memory.dmp

C:\Windows\system\SBsgdfY.exe

MD5 18c1d8f81515d9fdcbb2dad256e7b222
SHA1 b1549e1ecdce698019c40b8eeccb4795bc0bbdb7
SHA256 c49737b634fa3de5b809a19e1af9cdc0068a61bf6e2b92c25769d4ef5b324357
SHA512 7a45c8341e117bc630a09d125829045e4e8f85815f4a2dc9deec2d26270a7e2c5752ca43c7d35a4de99bc69071e06c09b4e580ff90638ba0e40c14f376ebc611

C:\Windows\system\gIFOCvw.exe

MD5 034c22384b70d93566e9d331a4e5c1ed
SHA1 5f6f63e370094ac4d3154f0e26df1fa36d6a1597
SHA256 f6ef8082d33369aefccb10733fcf8d71e129082d612fd6e317a7cc8ab40ac783
SHA512 590485bb93ad2155051e7cd4eb0864c3346df8170fc1411836330dcdffedb3effa4320540ab6839584ca61cb9e32c42002041d6be271a2e6774656d2e6b93346

memory/2416-1039-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2684-1038-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2488-1076-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2684-1075-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2648-677-0x000000013F7C0000-0x000000013FB14000-memory.dmp

C:\Windows\system\hRTwgOO.exe

MD5 11dc14177dacf43aa0c0280c00c7e452
SHA1 304278efa51a2841fbcc5772ffd28c87300d1afb
SHA256 42aa54da74d4171cedbd2c2c78420529e9f0334a0eff8caae4d5ea810d3e8a12
SHA512 c044abf08ad11b6d6f5b5d18c0359081d3b873e484bdb549638b4f068528da53e10db4dbb37e0235d77cec81d61bf4ee8425b999e3e5f7a5085d672aab178191

C:\Windows\system\rAoOmEl.exe

MD5 52a820f9915fdd805e24ff8e7d2cf2ac
SHA1 f62d62a2fa7eb8337bafbb78fae6afb28b998387
SHA256 81d734ac73d814478dbf38bc90570a67c7d75c7b30eecc3bdcda718bffd62199
SHA512 51f8d51a9f890d35b098447714b418b89ed7ae2fba644105e39bbf0ad86e215086825f722ade216d70ad997c656729610c4b24ba63b36aca133c5307c8cc1428

C:\Windows\system\msNMogz.exe

MD5 62a491d874b517c2b86995b3eccac0fd
SHA1 07bc4c5700084f220112df4799708579ebf775aa
SHA256 caa310ec994964b34bee082b751bdd9f188c1187aafa9490291d0c186d5c4e7e
SHA512 6d005f94a5ca670eadd3ed89697afcfd84e373135c23e0c1a9e63acc9b3e6178509d9c102b02b26b344257f0856d1b19a5c7abd0a0a5ff1b71faf376fc756081

C:\Windows\system\ACpiVnx.exe

MD5 324440a47b0e0da86f68b88075a24a58
SHA1 506383c0ebfab1e7adc941b45d125dd00f28a7f6
SHA256 f3e91d81e052c8eafd2485943008da6bb8f79de85086e5d59c339a9cbe33722c
SHA512 468dc272f03968c693705ebdb3fd268289fc6ef2073d416f630705d75780a3de3841fcb1eae32f30bc70e164ed5251604a8973d48b156e65f8034026070050a3

C:\Windows\system\xxoHMej.exe

MD5 6cfd0a79556730d5aa33397e4f9db6da
SHA1 b21d1551c152befbc746f0c7f7e2ca62ecd8e33a
SHA256 bafb78d3758ad5bb0e9e644e2758d3e79288037c0fc5d28e4cd4f17f9a1d02ca
SHA512 b934d242be01b6339c8656f4f8f067d5712fecb27d7b88c07827a681565a9411d15a739c223a4e437100d67b065b893837032353f634e33a85f6fe1db850bb29

C:\Windows\system\hIFpGHD.exe

MD5 db3763e16babb6e82d706dbee372b687
SHA1 94755b25a69080adeed73e7c3c3cd729194cf178
SHA256 5f735d514720427c97090950d6cfff8e015ed8230bac33a8b9b6b84c307d422f
SHA512 3a8310d3c42af004eb7785a61433fdb8cdfdf54b7fdcc5482e32ddc6ff56a5becfa597d172bb1f77678e9ae6ac995a1df5102cf56fdc25eff630d4a406ee6cc0

C:\Windows\system\zdwbCTt.exe

MD5 02e5690c3c57150475569c7c78283652
SHA1 3aab83f0c1eeb2b063b3e1fe3bc3cfda2a6d01df
SHA256 aea7c1861e84241ab366453ff00137732ff07e7f0502d6e0ad5309c4b6abe732
SHA512 a1b6fec8b588b73271ca41dcdab1bc642ad86c5acdc2db584a1a58be2beae815c1f224864971e0f48fb06b8a1157c00d3cc7ac83d0c98dc5249140756e4044d3

C:\Windows\system\ZjTitwI.exe

MD5 01c5086632370dec4e809c4ce22ee7f0
SHA1 b81d7e19f21251fe713549abb8d9d88940a3e40a
SHA256 225a733561bd73e64d765c99971a0ed0fad95ea98c562b9bde451108909689b1
SHA512 c9204e948d7069c01c695f363b2ac5a4cbe7c81956acefa2dcbb1e089593178fa5fa6515167f05848316853ea8f1073137924be0154c53f56ada2cedfc55f890

C:\Windows\system\aSDYgLr.exe

MD5 00e012912f47310b4c808353a3ae4868
SHA1 eb4d12330f8185c143747498afa081132d16a001
SHA256 37f305c14cf677b519b13393d3bd1636e17b08e71e5131c13574dde344c2d524
SHA512 27f0a4315aefcc4e722bc20ae5c5d6d27e41fd1e231c164ab66dd93f77d23f79b6049ffa6f353e6db71df4b1f74321a8c9d4d853b56e42921fbdffe92d766511

C:\Windows\system\SZReCAP.exe

MD5 b0c484c2bcbccf03da5f3e91a138eca9
SHA1 230d8fffc8a7e7b04f9603f124c34b679c264b1b
SHA256 b44cdcaf08970f6b420b40213c3a17e94992afef265e2f0bdb9a5811966ac972
SHA512 f6b9fd702746b3fb7bd5afff3ce57ad345c6778320f1a3494a9288f211cc89123227157360037fb9069921dec540614a2c600f4dcb3160c36fb7a817341d7f2a

C:\Windows\system\MCOPlAF.exe

MD5 3a346a99916732d95140c1002e02ce70
SHA1 4bf028f74fa36a9413b6473c19536c55b797ae79
SHA256 e2084cf2480f5a7176604270150a0d711474be711c7f743b9cae7bd3288b38fe
SHA512 fd27b192c23e08361698a8669e4565a14deb60838acdd3506fd0b18b785b96cbcfd203e140309d2ffdf2f4264b616e5b446f520236540a0180637c4fc2043f83

C:\Windows\system\JDLZkBY.exe

MD5 402d8655450edde76d76da2b6acab43c
SHA1 1a9b2424e69d4ea65a0d4104e69c7bcc9c48a2a3
SHA256 c9c2f645219a5970ff2c5a8b5b28173900096e564d5abeacc6380d14989e366c
SHA512 44d11cff230ecc805b91cd6b39953ab363aadab7f734dd79eb846a7741bd8b53744c91b2e0f4ffd8b6dad914007e47ae42e0399951400daee5eb9f77bf3492e4

C:\Windows\system\ROKxMWr.exe

MD5 3fca272918fa0b4997b2322956f6ec24
SHA1 230f2d156221c25b6f3e9f02d5cfb83732c07ea7
SHA256 a42bd036c92de07f8f6a2b829ada4a02342c1a6273292f677e6f5dfcf98b5b2b
SHA512 ded30f1a38a2a4c2e09df4f20fe482772f7e6c2821a67a35137cbb42422685495b5d5b3c4a5a4ecba6246234e7e3a96d03e7c595b43b3edd9771524220d45292

C:\Windows\system\EafZoeq.exe

MD5 a22e35d4723a0e97ee624becda01333f
SHA1 53a0706e04ef1ef3c731b811a2d482dc493d94e1
SHA256 2d594afd3514d91f59079237b77d143917c3a9724341dc22396f4683ae8d3adb
SHA512 72000f90b6267dc6332f9dec9b81315a7aaf00e55fc95bc30659f909966322185a81e46b1927b9c9b0b2b173fef3376b92bc39705ae562b527c8d5d38777ba14

C:\Windows\system\bQfKYXG.exe

MD5 8a59ba003f395334c8bc80f89ee69cfd
SHA1 0092c232448f6d240dd1ffd17fe23e38a86b4255
SHA256 0c86da3e1bc515d5cfc21d481246db9c30196d941c49330f41ed61e8bf9a3dea
SHA512 9dfaa2b341cc82c8c8c0d857f89a373805ac894290ed0dbcd3f58fff69d6cf0638c02f2c67e85f8bcb87088c989f0104437771cad181a8aefed56f2492752261

memory/2684-107-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2660-106-0x000000013FD40000-0x0000000140094000-memory.dmp

C:\Windows\system\DyzYDhd.exe

MD5 cb648fd14bebeb9b912eb76c94830258
SHA1 25ddd5e6dde6804f5cd2f07b9692353f8e7797e5
SHA256 93f102930a16d745295132ea26587e4cc03efa6f666e8c56423c7af95be5e1fe
SHA512 bbc242f8f1f9eb948c20b6ad5e5d24cdd6e39da6333d270a9f2db3a08c2fd83240fce78a3d84777169137814afcf87a074cb8b6465324439952e2409f004a82a

memory/2776-101-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2744-93-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2684-92-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2560-91-0x000000013FCB0000-0x0000000140004000-memory.dmp

C:\Windows\system\NrVNSOI.exe

MD5 f0588392ee53f0854d7e1d1ea3c8dc54
SHA1 99549357f6364881fc0ba9bf37a971894bb0e6d3
SHA256 2ea71befa0b4b2ee6b37e1216529e2b40d9344c57a9e1ba7caa70c1afda1c15a
SHA512 2d0ae934ef8780547e662ca72ef181fc9341cf1090963b66abac8a2e31a054b9dcaa8a63df27b9ce93d2ed0fc64502f44bf9e471e4643cc57b2b1c25b78e737e

C:\Windows\system\XBefTHQ.exe

MD5 536a4bb2b7634288fce6322c68b7510a
SHA1 8d34c30a2b14c46a95a0669a1615b717ade23006
SHA256 9a53cfc79650044f826315a526517cba15503cdff7ef319f61721311cb8d1768
SHA512 9d4c71d56397ee068f176482772d12045d226c04886ccb351cc801f0b88f03a902ee9d40ab1b88f48f39e814bf777e7f4364dfdc99738548774ed76fec2785c5

memory/2916-77-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2692-84-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2684-83-0x0000000002000000-0x0000000002354000-memory.dmp

C:\Windows\system\EPbFRSn.exe

MD5 66a52be6711ad27da27afde8ea93e909
SHA1 a7391649826d609c8b58d0bdc73805d02bb2a2dd
SHA256 877f5a01b0c3d3212fb6ee059880abf2592c934c59b1c433403f56986d870051
SHA512 75b179ae73d2603cb022fa73e3bbeb1c6d94cbb391ccb316d9072a14820193f29e3df7bf8a6e7ee580366090e47e337d1997b8ce7606b3d1040521249a78c342

memory/2684-74-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2416-63-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/2684-62-0x000000013FF90000-0x00000001402E4000-memory.dmp

memory/3056-61-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2488-71-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2684-70-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2684-69-0x000000013FCB0000-0x0000000140004000-memory.dmp

C:\Windows\system\NZyBfUZ.exe

MD5 29bd36edc06f44f6df8ec8158a747aa2
SHA1 9110be962b9be8d6e14343e093ebe3fd0f3196ab
SHA256 6441521aa4de0b35378d55998ef896bc47ddb4c6d0989c0d15b6283da4fe4365
SHA512 d1ca28b46057f7dd21dd265586fabb73a679758403052f677c59c649c73c0215e5affeaa573bab665b03e942d6dd6e2f84bf1a4966e35312a46240eda68cf332

memory/2648-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2864-53-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2660-47-0x000000013FD40000-0x0000000140094000-memory.dmp

C:\Windows\system\NSxQJpM.exe

MD5 bf6ff3014611a0e127d86f688ed5fdc6
SHA1 29a978d8f90402edc2eb01e47012d6c379ef80f5
SHA256 12fbeab4c1d4d1bc89d6656647cbc46db74ae85232d6ed30707a7575efa54aed
SHA512 dafc3fba61dcac9726ea6222c4f55a8a8b7b5ad49835e20b63aa5067f2097c27e7bbc595ae092cc8cfb810c22d5538f0a8a505723390c8a914ecc68f8a026c15

memory/2564-45-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2684-43-0x000000013F080000-0x000000013F3D4000-memory.dmp

C:\Windows\system\oCIGrsi.exe

MD5 c3b109532193311b837d3d8a61720685
SHA1 c5323380e07ab8cdaf867b58f3504b4591616753
SHA256 6ca5a5c1a53eda4170d8c04bf1306f4c9fc58adc8aacb3945ebbdcb1aba2a856
SHA512 0fae54c85c69053758fbe0d33e899ef3df45122ccf6738ce9532e0bbd7005ec71af6385b963c1d5356953d79b7e132de045d3dd88915e1451727b222fcc48a34

memory/2420-41-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2560-40-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2684-35-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2684-28-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2684-1077-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2916-1078-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2684-1079-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2692-1080-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2684-1081-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2744-1082-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2684-1083-0x0000000002000000-0x0000000002354000-memory.dmp

memory/2684-1084-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/2788-1085-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2864-1086-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/3056-1087-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2420-1088-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2560-1089-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2660-1090-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2564-1091-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2648-1092-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2488-1093-0x000000013FEF0000-0x0000000140244000-memory.dmp

memory/2916-1094-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2692-1095-0x000000013F3C0000-0x000000013F714000-memory.dmp

memory/2744-1096-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2776-1097-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2416-1098-0x000000013FF90000-0x00000001402E4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 09:02

Reported

2024-06-25 09:04

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mRAXDjr.exe N/A
N/A N/A C:\Windows\System\kFbuKmW.exe N/A
N/A N/A C:\Windows\System\SwVjVVT.exe N/A
N/A N/A C:\Windows\System\wdagJCQ.exe N/A
N/A N/A C:\Windows\System\FlFBMSl.exe N/A
N/A N/A C:\Windows\System\YZkKFGK.exe N/A
N/A N/A C:\Windows\System\XDnAtXO.exe N/A
N/A N/A C:\Windows\System\HQurtes.exe N/A
N/A N/A C:\Windows\System\ECihIsM.exe N/A
N/A N/A C:\Windows\System\ZAQKgYC.exe N/A
N/A N/A C:\Windows\System\abHWMNi.exe N/A
N/A N/A C:\Windows\System\fGlCVxa.exe N/A
N/A N/A C:\Windows\System\dCurnMC.exe N/A
N/A N/A C:\Windows\System\pwarYuW.exe N/A
N/A N/A C:\Windows\System\BekVHwN.exe N/A
N/A N/A C:\Windows\System\koLOfGA.exe N/A
N/A N/A C:\Windows\System\UbkIKzV.exe N/A
N/A N/A C:\Windows\System\XLoFUvx.exe N/A
N/A N/A C:\Windows\System\CkMmiTp.exe N/A
N/A N/A C:\Windows\System\bmvthxK.exe N/A
N/A N/A C:\Windows\System\dTRtJLg.exe N/A
N/A N/A C:\Windows\System\QDSyqEk.exe N/A
N/A N/A C:\Windows\System\bUesxoy.exe N/A
N/A N/A C:\Windows\System\YfVBnyZ.exe N/A
N/A N/A C:\Windows\System\qTHbnxj.exe N/A
N/A N/A C:\Windows\System\oPjVCOH.exe N/A
N/A N/A C:\Windows\System\tOJgYkT.exe N/A
N/A N/A C:\Windows\System\URzdTmk.exe N/A
N/A N/A C:\Windows\System\sVSpUMM.exe N/A
N/A N/A C:\Windows\System\SJpzQNF.exe N/A
N/A N/A C:\Windows\System\FTHqVUG.exe N/A
N/A N/A C:\Windows\System\SZBEEmg.exe N/A
N/A N/A C:\Windows\System\eKtYyPS.exe N/A
N/A N/A C:\Windows\System\qJBXzuk.exe N/A
N/A N/A C:\Windows\System\nccsrCW.exe N/A
N/A N/A C:\Windows\System\RYQFSXP.exe N/A
N/A N/A C:\Windows\System\UOzNtDu.exe N/A
N/A N/A C:\Windows\System\jqkxLur.exe N/A
N/A N/A C:\Windows\System\arTCrHL.exe N/A
N/A N/A C:\Windows\System\nJUTLPc.exe N/A
N/A N/A C:\Windows\System\jnmIcQb.exe N/A
N/A N/A C:\Windows\System\wxCUpvK.exe N/A
N/A N/A C:\Windows\System\WtmjZcu.exe N/A
N/A N/A C:\Windows\System\KtxZYHc.exe N/A
N/A N/A C:\Windows\System\pVFzObb.exe N/A
N/A N/A C:\Windows\System\WOVOovP.exe N/A
N/A N/A C:\Windows\System\EHCHoJl.exe N/A
N/A N/A C:\Windows\System\jshbnhD.exe N/A
N/A N/A C:\Windows\System\wdzmvia.exe N/A
N/A N/A C:\Windows\System\HXBsksK.exe N/A
N/A N/A C:\Windows\System\gBiJagk.exe N/A
N/A N/A C:\Windows\System\NDPtPKg.exe N/A
N/A N/A C:\Windows\System\DpYRkgA.exe N/A
N/A N/A C:\Windows\System\bOXCbzP.exe N/A
N/A N/A C:\Windows\System\WMMSSWa.exe N/A
N/A N/A C:\Windows\System\fnlIAwR.exe N/A
N/A N/A C:\Windows\System\ntXolkT.exe N/A
N/A N/A C:\Windows\System\VfthzKp.exe N/A
N/A N/A C:\Windows\System\SocTVpY.exe N/A
N/A N/A C:\Windows\System\RauukNy.exe N/A
N/A N/A C:\Windows\System\jkPHYdY.exe N/A
N/A N/A C:\Windows\System\HLklCko.exe N/A
N/A N/A C:\Windows\System\sBFVdJX.exe N/A
N/A N/A C:\Windows\System\DGMpJkF.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HxuFtEZ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqvjxcQ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKagtOX.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWGjjzR.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FnMAeZx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtQjXyp.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\emQGgPU.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTJdcUN.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\OqpMiEB.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ripvuhJ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYtbJic.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEXePEy.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQurtes.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYhhhkg.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\jJNlhBS.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtPORBR.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwinoKu.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HpLnNlW.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\hATjqOk.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozmTSOE.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\abHWMNi.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFwzWNr.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgwhJaJ.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\IcZDzta.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYXyNlN.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYLwgDk.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAQKgYC.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdzmvia.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\KynWhRq.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\VwxnaFH.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVCBGkr.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFsXsGs.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDvcnRE.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpYRkgA.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLWbhDa.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\VttyhCw.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\klwATca.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\pwarYuW.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZBEEmg.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrJlJnb.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUwxMVW.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFrlbtd.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RbvnqGO.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqkxLur.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKopYqm.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFOTaiI.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKdJoFr.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTAQAQc.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgdjNLd.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\GrBKZcu.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSQJRRC.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmuEjUP.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJUTLPc.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\rAOjbFx.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yakGBGX.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyatWdt.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\XItPYxz.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClGTKAD.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAqusto.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\arTCrHL.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMMSSWa.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\KiJVCHm.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SocTVpY.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RauukNy.exe C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\mRAXDjr.exe
PID 1624 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\mRAXDjr.exe
PID 1624 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\kFbuKmW.exe
PID 1624 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\kFbuKmW.exe
PID 1624 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SwVjVVT.exe
PID 1624 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SwVjVVT.exe
PID 1624 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\wdagJCQ.exe
PID 1624 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\wdagJCQ.exe
PID 1624 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\FlFBMSl.exe
PID 1624 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\FlFBMSl.exe
PID 1624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YZkKFGK.exe
PID 1624 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YZkKFGK.exe
PID 1624 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XDnAtXO.exe
PID 1624 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XDnAtXO.exe
PID 1624 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\HQurtes.exe
PID 1624 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\HQurtes.exe
PID 1624 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ECihIsM.exe
PID 1624 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ECihIsM.exe
PID 1624 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ZAQKgYC.exe
PID 1624 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\ZAQKgYC.exe
PID 1624 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\abHWMNi.exe
PID 1624 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\abHWMNi.exe
PID 1624 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\fGlCVxa.exe
PID 1624 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\fGlCVxa.exe
PID 1624 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\dCurnMC.exe
PID 1624 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\dCurnMC.exe
PID 1624 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\pwarYuW.exe
PID 1624 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\pwarYuW.exe
PID 1624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\BekVHwN.exe
PID 1624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\BekVHwN.exe
PID 1624 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\koLOfGA.exe
PID 1624 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\koLOfGA.exe
PID 1624 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\UbkIKzV.exe
PID 1624 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\UbkIKzV.exe
PID 1624 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XLoFUvx.exe
PID 1624 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\XLoFUvx.exe
PID 1624 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\CkMmiTp.exe
PID 1624 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\CkMmiTp.exe
PID 1624 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bmvthxK.exe
PID 1624 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bmvthxK.exe
PID 1624 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\dTRtJLg.exe
PID 1624 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\dTRtJLg.exe
PID 1624 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\QDSyqEk.exe
PID 1624 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\QDSyqEk.exe
PID 1624 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bUesxoy.exe
PID 1624 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\bUesxoy.exe
PID 1624 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YfVBnyZ.exe
PID 1624 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\YfVBnyZ.exe
PID 1624 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\qTHbnxj.exe
PID 1624 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\qTHbnxj.exe
PID 1624 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\oPjVCOH.exe
PID 1624 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\oPjVCOH.exe
PID 1624 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\tOJgYkT.exe
PID 1624 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\tOJgYkT.exe
PID 1624 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\URzdTmk.exe
PID 1624 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\URzdTmk.exe
PID 1624 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\sVSpUMM.exe
PID 1624 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\sVSpUMM.exe
PID 1624 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SJpzQNF.exe
PID 1624 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SJpzQNF.exe
PID 1624 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\FTHqVUG.exe
PID 1624 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\FTHqVUG.exe
PID 1624 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SZBEEmg.exe
PID 1624 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe C:\Windows\System\SZBEEmg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe"

C:\Windows\System\mRAXDjr.exe

C:\Windows\System\mRAXDjr.exe

C:\Windows\System\kFbuKmW.exe

C:\Windows\System\kFbuKmW.exe

C:\Windows\System\SwVjVVT.exe

C:\Windows\System\SwVjVVT.exe

C:\Windows\System\wdagJCQ.exe

C:\Windows\System\wdagJCQ.exe

C:\Windows\System\FlFBMSl.exe

C:\Windows\System\FlFBMSl.exe

C:\Windows\System\YZkKFGK.exe

C:\Windows\System\YZkKFGK.exe

C:\Windows\System\XDnAtXO.exe

C:\Windows\System\XDnAtXO.exe

C:\Windows\System\HQurtes.exe

C:\Windows\System\HQurtes.exe

C:\Windows\System\ECihIsM.exe

C:\Windows\System\ECihIsM.exe

C:\Windows\System\ZAQKgYC.exe

C:\Windows\System\ZAQKgYC.exe

C:\Windows\System\abHWMNi.exe

C:\Windows\System\abHWMNi.exe

C:\Windows\System\fGlCVxa.exe

C:\Windows\System\fGlCVxa.exe

C:\Windows\System\dCurnMC.exe

C:\Windows\System\dCurnMC.exe

C:\Windows\System\pwarYuW.exe

C:\Windows\System\pwarYuW.exe

C:\Windows\System\BekVHwN.exe

C:\Windows\System\BekVHwN.exe

C:\Windows\System\koLOfGA.exe

C:\Windows\System\koLOfGA.exe

C:\Windows\System\UbkIKzV.exe

C:\Windows\System\UbkIKzV.exe

C:\Windows\System\XLoFUvx.exe

C:\Windows\System\XLoFUvx.exe

C:\Windows\System\CkMmiTp.exe

C:\Windows\System\CkMmiTp.exe

C:\Windows\System\bmvthxK.exe

C:\Windows\System\bmvthxK.exe

C:\Windows\System\dTRtJLg.exe

C:\Windows\System\dTRtJLg.exe

C:\Windows\System\QDSyqEk.exe

C:\Windows\System\QDSyqEk.exe

C:\Windows\System\bUesxoy.exe

C:\Windows\System\bUesxoy.exe

C:\Windows\System\YfVBnyZ.exe

C:\Windows\System\YfVBnyZ.exe

C:\Windows\System\qTHbnxj.exe

C:\Windows\System\qTHbnxj.exe

C:\Windows\System\oPjVCOH.exe

C:\Windows\System\oPjVCOH.exe

C:\Windows\System\tOJgYkT.exe

C:\Windows\System\tOJgYkT.exe

C:\Windows\System\URzdTmk.exe

C:\Windows\System\URzdTmk.exe

C:\Windows\System\sVSpUMM.exe

C:\Windows\System\sVSpUMM.exe

C:\Windows\System\SJpzQNF.exe

C:\Windows\System\SJpzQNF.exe

C:\Windows\System\FTHqVUG.exe

C:\Windows\System\FTHqVUG.exe

C:\Windows\System\SZBEEmg.exe

C:\Windows\System\SZBEEmg.exe

C:\Windows\System\eKtYyPS.exe

C:\Windows\System\eKtYyPS.exe

C:\Windows\System\qJBXzuk.exe

C:\Windows\System\qJBXzuk.exe

C:\Windows\System\nccsrCW.exe

C:\Windows\System\nccsrCW.exe

C:\Windows\System\RYQFSXP.exe

C:\Windows\System\RYQFSXP.exe

C:\Windows\System\UOzNtDu.exe

C:\Windows\System\UOzNtDu.exe

C:\Windows\System\jqkxLur.exe

C:\Windows\System\jqkxLur.exe

C:\Windows\System\arTCrHL.exe

C:\Windows\System\arTCrHL.exe

C:\Windows\System\nJUTLPc.exe

C:\Windows\System\nJUTLPc.exe

C:\Windows\System\jnmIcQb.exe

C:\Windows\System\jnmIcQb.exe

C:\Windows\System\wxCUpvK.exe

C:\Windows\System\wxCUpvK.exe

C:\Windows\System\WtmjZcu.exe

C:\Windows\System\WtmjZcu.exe

C:\Windows\System\KtxZYHc.exe

C:\Windows\System\KtxZYHc.exe

C:\Windows\System\pVFzObb.exe

C:\Windows\System\pVFzObb.exe

C:\Windows\System\WOVOovP.exe

C:\Windows\System\WOVOovP.exe

C:\Windows\System\EHCHoJl.exe

C:\Windows\System\EHCHoJl.exe

C:\Windows\System\jshbnhD.exe

C:\Windows\System\jshbnhD.exe

C:\Windows\System\wdzmvia.exe

C:\Windows\System\wdzmvia.exe

C:\Windows\System\HXBsksK.exe

C:\Windows\System\HXBsksK.exe

C:\Windows\System\gBiJagk.exe

C:\Windows\System\gBiJagk.exe

C:\Windows\System\NDPtPKg.exe

C:\Windows\System\NDPtPKg.exe

C:\Windows\System\DpYRkgA.exe

C:\Windows\System\DpYRkgA.exe

C:\Windows\System\bOXCbzP.exe

C:\Windows\System\bOXCbzP.exe

C:\Windows\System\WMMSSWa.exe

C:\Windows\System\WMMSSWa.exe

C:\Windows\System\fnlIAwR.exe

C:\Windows\System\fnlIAwR.exe

C:\Windows\System\ntXolkT.exe

C:\Windows\System\ntXolkT.exe

C:\Windows\System\VfthzKp.exe

C:\Windows\System\VfthzKp.exe

C:\Windows\System\SocTVpY.exe

C:\Windows\System\SocTVpY.exe

C:\Windows\System\RauukNy.exe

C:\Windows\System\RauukNy.exe

C:\Windows\System\jkPHYdY.exe

C:\Windows\System\jkPHYdY.exe

C:\Windows\System\HLklCko.exe

C:\Windows\System\HLklCko.exe

C:\Windows\System\sBFVdJX.exe

C:\Windows\System\sBFVdJX.exe

C:\Windows\System\DGMpJkF.exe

C:\Windows\System\DGMpJkF.exe

C:\Windows\System\vndZDTO.exe

C:\Windows\System\vndZDTO.exe

C:\Windows\System\jRsCGtx.exe

C:\Windows\System\jRsCGtx.exe

C:\Windows\System\MYhhhkg.exe

C:\Windows\System\MYhhhkg.exe

C:\Windows\System\SeximDD.exe

C:\Windows\System\SeximDD.exe

C:\Windows\System\pnRBREh.exe

C:\Windows\System\pnRBREh.exe

C:\Windows\System\THGLpZW.exe

C:\Windows\System\THGLpZW.exe

C:\Windows\System\thVDqdl.exe

C:\Windows\System\thVDqdl.exe

C:\Windows\System\MsleNmZ.exe

C:\Windows\System\MsleNmZ.exe

C:\Windows\System\iDvcnRE.exe

C:\Windows\System\iDvcnRE.exe

C:\Windows\System\LeysPOu.exe

C:\Windows\System\LeysPOu.exe

C:\Windows\System\DFYHWth.exe

C:\Windows\System\DFYHWth.exe

C:\Windows\System\cKSjuVB.exe

C:\Windows\System\cKSjuVB.exe

C:\Windows\System\clBlujb.exe

C:\Windows\System\clBlujb.exe

C:\Windows\System\fcehXwS.exe

C:\Windows\System\fcehXwS.exe

C:\Windows\System\JFwzWNr.exe

C:\Windows\System\JFwzWNr.exe

C:\Windows\System\JwhXUsZ.exe

C:\Windows\System\JwhXUsZ.exe

C:\Windows\System\XdSHZbK.exe

C:\Windows\System\XdSHZbK.exe

C:\Windows\System\FYoLafN.exe

C:\Windows\System\FYoLafN.exe

C:\Windows\System\inAwSOB.exe

C:\Windows\System\inAwSOB.exe

C:\Windows\System\EBXHhRB.exe

C:\Windows\System\EBXHhRB.exe

C:\Windows\System\cMimsyA.exe

C:\Windows\System\cMimsyA.exe

C:\Windows\System\gifxyTW.exe

C:\Windows\System\gifxyTW.exe

C:\Windows\System\TTJdcUN.exe

C:\Windows\System\TTJdcUN.exe

C:\Windows\System\cjKzqnE.exe

C:\Windows\System\cjKzqnE.exe

C:\Windows\System\qZpkQfe.exe

C:\Windows\System\qZpkQfe.exe

C:\Windows\System\QKopYqm.exe

C:\Windows\System\QKopYqm.exe

C:\Windows\System\zXRANDr.exe

C:\Windows\System\zXRANDr.exe

C:\Windows\System\grRdpwO.exe

C:\Windows\System\grRdpwO.exe

C:\Windows\System\eVfgZoW.exe

C:\Windows\System\eVfgZoW.exe

C:\Windows\System\COprjJA.exe

C:\Windows\System\COprjJA.exe

C:\Windows\System\PCblUta.exe

C:\Windows\System\PCblUta.exe

C:\Windows\System\WCYhult.exe

C:\Windows\System\WCYhult.exe

C:\Windows\System\oTQePSP.exe

C:\Windows\System\oTQePSP.exe

C:\Windows\System\jJNlhBS.exe

C:\Windows\System\jJNlhBS.exe

C:\Windows\System\rQbfdWe.exe

C:\Windows\System\rQbfdWe.exe

C:\Windows\System\jqYQJoQ.exe

C:\Windows\System\jqYQJoQ.exe

C:\Windows\System\EVCBGkr.exe

C:\Windows\System\EVCBGkr.exe

C:\Windows\System\KLWbhDa.exe

C:\Windows\System\KLWbhDa.exe

C:\Windows\System\KmtbUmH.exe

C:\Windows\System\KmtbUmH.exe

C:\Windows\System\NVpdDzA.exe

C:\Windows\System\NVpdDzA.exe

C:\Windows\System\rYfazSP.exe

C:\Windows\System\rYfazSP.exe

C:\Windows\System\SDhxQLg.exe

C:\Windows\System\SDhxQLg.exe

C:\Windows\System\zluHAuu.exe

C:\Windows\System\zluHAuu.exe

C:\Windows\System\CKdJoFr.exe

C:\Windows\System\CKdJoFr.exe

C:\Windows\System\NUuTHaT.exe

C:\Windows\System\NUuTHaT.exe

C:\Windows\System\yakGBGX.exe

C:\Windows\System\yakGBGX.exe

C:\Windows\System\xILiNZt.exe

C:\Windows\System\xILiNZt.exe

C:\Windows\System\kKjEAlN.exe

C:\Windows\System\kKjEAlN.exe

C:\Windows\System\weZSEVp.exe

C:\Windows\System\weZSEVp.exe

C:\Windows\System\gffoEsZ.exe

C:\Windows\System\gffoEsZ.exe

C:\Windows\System\VrJlJnb.exe

C:\Windows\System\VrJlJnb.exe

C:\Windows\System\WwcTnNC.exe

C:\Windows\System\WwcTnNC.exe

C:\Windows\System\dIlNDZN.exe

C:\Windows\System\dIlNDZN.exe

C:\Windows\System\wCduUpX.exe

C:\Windows\System\wCduUpX.exe

C:\Windows\System\VzuhQyF.exe

C:\Windows\System\VzuhQyF.exe

C:\Windows\System\wrkrNtm.exe

C:\Windows\System\wrkrNtm.exe

C:\Windows\System\JfYIYMy.exe

C:\Windows\System\JfYIYMy.exe

C:\Windows\System\EYXyNlN.exe

C:\Windows\System\EYXyNlN.exe

C:\Windows\System\ruQfnCa.exe

C:\Windows\System\ruQfnCa.exe

C:\Windows\System\QEHlhog.exe

C:\Windows\System\QEHlhog.exe

C:\Windows\System\LXuVkZt.exe

C:\Windows\System\LXuVkZt.exe

C:\Windows\System\hIMUVNX.exe

C:\Windows\System\hIMUVNX.exe

C:\Windows\System\WyatWdt.exe

C:\Windows\System\WyatWdt.exe

C:\Windows\System\LAzOUdb.exe

C:\Windows\System\LAzOUdb.exe

C:\Windows\System\OqpMiEB.exe

C:\Windows\System\OqpMiEB.exe

C:\Windows\System\RceNONK.exe

C:\Windows\System\RceNONK.exe

C:\Windows\System\hnZqGhE.exe

C:\Windows\System\hnZqGhE.exe

C:\Windows\System\djxeLzu.exe

C:\Windows\System\djxeLzu.exe

C:\Windows\System\YTAQAQc.exe

C:\Windows\System\YTAQAQc.exe

C:\Windows\System\yGRqbum.exe

C:\Windows\System\yGRqbum.exe

C:\Windows\System\rAOjbFx.exe

C:\Windows\System\rAOjbFx.exe

C:\Windows\System\nnBmrGN.exe

C:\Windows\System\nnBmrGN.exe

C:\Windows\System\VdadKfU.exe

C:\Windows\System\VdadKfU.exe

C:\Windows\System\tShdqRJ.exe

C:\Windows\System\tShdqRJ.exe

C:\Windows\System\AHJnuLG.exe

C:\Windows\System\AHJnuLG.exe

C:\Windows\System\vcGCFfR.exe

C:\Windows\System\vcGCFfR.exe

C:\Windows\System\VXwmeaK.exe

C:\Windows\System\VXwmeaK.exe

C:\Windows\System\mUwxMVW.exe

C:\Windows\System\mUwxMVW.exe

C:\Windows\System\OASKcgF.exe

C:\Windows\System\OASKcgF.exe

C:\Windows\System\KkyjnLV.exe

C:\Windows\System\KkyjnLV.exe

C:\Windows\System\XItPYxz.exe

C:\Windows\System\XItPYxz.exe

C:\Windows\System\bYMMxAK.exe

C:\Windows\System\bYMMxAK.exe

C:\Windows\System\REsVHqH.exe

C:\Windows\System\REsVHqH.exe

C:\Windows\System\ygiyLkh.exe

C:\Windows\System\ygiyLkh.exe

C:\Windows\System\ucSKwRD.exe

C:\Windows\System\ucSKwRD.exe

C:\Windows\System\lYGVAdE.exe

C:\Windows\System\lYGVAdE.exe

C:\Windows\System\YLvbFiL.exe

C:\Windows\System\YLvbFiL.exe

C:\Windows\System\PLQoqEw.exe

C:\Windows\System\PLQoqEw.exe

C:\Windows\System\vQxnnfl.exe

C:\Windows\System\vQxnnfl.exe

C:\Windows\System\aASyTjW.exe

C:\Windows\System\aASyTjW.exe

C:\Windows\System\QtQjXyp.exe

C:\Windows\System\QtQjXyp.exe

C:\Windows\System\RhlSdMw.exe

C:\Windows\System\RhlSdMw.exe

C:\Windows\System\wLsQrAC.exe

C:\Windows\System\wLsQrAC.exe

C:\Windows\System\kEQltUa.exe

C:\Windows\System\kEQltUa.exe

C:\Windows\System\ZJIiqNK.exe

C:\Windows\System\ZJIiqNK.exe

C:\Windows\System\ClGTKAD.exe

C:\Windows\System\ClGTKAD.exe

C:\Windows\System\noxyzDg.exe

C:\Windows\System\noxyzDg.exe

C:\Windows\System\egByJJy.exe

C:\Windows\System\egByJJy.exe

C:\Windows\System\CKFygfF.exe

C:\Windows\System\CKFygfF.exe

C:\Windows\System\fOVILLR.exe

C:\Windows\System\fOVILLR.exe

C:\Windows\System\PLesdmj.exe

C:\Windows\System\PLesdmj.exe

C:\Windows\System\nUryNwo.exe

C:\Windows\System\nUryNwo.exe

C:\Windows\System\UUtWMre.exe

C:\Windows\System\UUtWMre.exe

C:\Windows\System\GTnazzv.exe

C:\Windows\System\GTnazzv.exe

C:\Windows\System\FideZOr.exe

C:\Windows\System\FideZOr.exe

C:\Windows\System\clTuQco.exe

C:\Windows\System\clTuQco.exe

C:\Windows\System\vPfggiY.exe

C:\Windows\System\vPfggiY.exe

C:\Windows\System\jbQKElG.exe

C:\Windows\System\jbQKElG.exe

C:\Windows\System\gtPORBR.exe

C:\Windows\System\gtPORBR.exe

C:\Windows\System\IDtECFn.exe

C:\Windows\System\IDtECFn.exe

C:\Windows\System\qdiaBAh.exe

C:\Windows\System\qdiaBAh.exe

C:\Windows\System\MqcgnSR.exe

C:\Windows\System\MqcgnSR.exe

C:\Windows\System\cgdjNLd.exe

C:\Windows\System\cgdjNLd.exe

C:\Windows\System\ripvuhJ.exe

C:\Windows\System\ripvuhJ.exe

C:\Windows\System\yYLwgDk.exe

C:\Windows\System\yYLwgDk.exe

C:\Windows\System\ZZrfLXn.exe

C:\Windows\System\ZZrfLXn.exe

C:\Windows\System\zNOhTHg.exe

C:\Windows\System\zNOhTHg.exe

C:\Windows\System\dYtbJic.exe

C:\Windows\System\dYtbJic.exe

C:\Windows\System\EPHauWc.exe

C:\Windows\System\EPHauWc.exe

C:\Windows\System\xywaoTB.exe

C:\Windows\System\xywaoTB.exe

C:\Windows\System\BnzuzVF.exe

C:\Windows\System\BnzuzVF.exe

C:\Windows\System\GrBKZcu.exe

C:\Windows\System\GrBKZcu.exe

C:\Windows\System\wCHaeoR.exe

C:\Windows\System\wCHaeoR.exe

C:\Windows\System\jHixZun.exe

C:\Windows\System\jHixZun.exe

C:\Windows\System\VttyhCw.exe

C:\Windows\System\VttyhCw.exe

C:\Windows\System\hilRvVO.exe

C:\Windows\System\hilRvVO.exe

C:\Windows\System\kQJnJtI.exe

C:\Windows\System\kQJnJtI.exe

C:\Windows\System\mwinoKu.exe

C:\Windows\System\mwinoKu.exe

C:\Windows\System\VxvpAlN.exe

C:\Windows\System\VxvpAlN.exe

C:\Windows\System\eqYVYFZ.exe

C:\Windows\System\eqYVYFZ.exe

C:\Windows\System\ZcOrUSJ.exe

C:\Windows\System\ZcOrUSJ.exe

C:\Windows\System\Zwovqux.exe

C:\Windows\System\Zwovqux.exe

C:\Windows\System\niszrzJ.exe

C:\Windows\System\niszrzJ.exe

C:\Windows\System\HpLnNlW.exe

C:\Windows\System\HpLnNlW.exe

C:\Windows\System\rfZcvgE.exe

C:\Windows\System\rfZcvgE.exe

C:\Windows\System\KAwByaP.exe

C:\Windows\System\KAwByaP.exe

C:\Windows\System\pHIHftI.exe

C:\Windows\System\pHIHftI.exe

C:\Windows\System\OJsePhz.exe

C:\Windows\System\OJsePhz.exe

C:\Windows\System\DLVImQx.exe

C:\Windows\System\DLVImQx.exe

C:\Windows\System\rRDSoFY.exe

C:\Windows\System\rRDSoFY.exe

C:\Windows\System\mXLnPlk.exe

C:\Windows\System\mXLnPlk.exe

C:\Windows\System\KeVuFBi.exe

C:\Windows\System\KeVuFBi.exe

C:\Windows\System\hATjqOk.exe

C:\Windows\System\hATjqOk.exe

C:\Windows\System\aqMrSOS.exe

C:\Windows\System\aqMrSOS.exe

C:\Windows\System\gMiSWOF.exe

C:\Windows\System\gMiSWOF.exe

C:\Windows\System\gSQJRRC.exe

C:\Windows\System\gSQJRRC.exe

C:\Windows\System\kANadGX.exe

C:\Windows\System\kANadGX.exe

C:\Windows\System\iAqusto.exe

C:\Windows\System\iAqusto.exe

C:\Windows\System\QCvehtz.exe

C:\Windows\System\QCvehtz.exe

C:\Windows\System\bQkjqhy.exe

C:\Windows\System\bQkjqhy.exe

C:\Windows\System\WLiPGae.exe

C:\Windows\System\WLiPGae.exe

C:\Windows\System\qlhxXym.exe

C:\Windows\System\qlhxXym.exe

C:\Windows\System\GPPwVqA.exe

C:\Windows\System\GPPwVqA.exe

C:\Windows\System\spgBfFV.exe

C:\Windows\System\spgBfFV.exe

C:\Windows\System\wvsCbCK.exe

C:\Windows\System\wvsCbCK.exe

C:\Windows\System\rILdQfH.exe

C:\Windows\System\rILdQfH.exe

C:\Windows\System\AEJXKBU.exe

C:\Windows\System\AEJXKBU.exe

C:\Windows\System\GuxoaRy.exe

C:\Windows\System\GuxoaRy.exe

C:\Windows\System\klwATca.exe

C:\Windows\System\klwATca.exe

C:\Windows\System\dWFYfjI.exe

C:\Windows\System\dWFYfjI.exe

C:\Windows\System\ICwMHay.exe

C:\Windows\System\ICwMHay.exe

C:\Windows\System\ZRtUNVI.exe

C:\Windows\System\ZRtUNVI.exe

C:\Windows\System\AOkJsAt.exe

C:\Windows\System\AOkJsAt.exe

C:\Windows\System\PmFuEFy.exe

C:\Windows\System\PmFuEFy.exe

C:\Windows\System\tHCmdgB.exe

C:\Windows\System\tHCmdgB.exe

C:\Windows\System\IxBAwre.exe

C:\Windows\System\IxBAwre.exe

C:\Windows\System\mEXePEy.exe

C:\Windows\System\mEXePEy.exe

C:\Windows\System\vblOggQ.exe

C:\Windows\System\vblOggQ.exe

C:\Windows\System\rRqXaNT.exe

C:\Windows\System\rRqXaNT.exe

C:\Windows\System\gdObtGq.exe

C:\Windows\System\gdObtGq.exe

C:\Windows\System\yFsXsGs.exe

C:\Windows\System\yFsXsGs.exe

C:\Windows\System\KiJVCHm.exe

C:\Windows\System\KiJVCHm.exe

C:\Windows\System\StoVRZG.exe

C:\Windows\System\StoVRZG.exe

C:\Windows\System\eAcYLCv.exe

C:\Windows\System\eAcYLCv.exe

C:\Windows\System\BYgEIyl.exe

C:\Windows\System\BYgEIyl.exe

C:\Windows\System\QmuEjUP.exe

C:\Windows\System\QmuEjUP.exe

C:\Windows\System\emQGgPU.exe

C:\Windows\System\emQGgPU.exe

C:\Windows\System\CszKonA.exe

C:\Windows\System\CszKonA.exe

C:\Windows\System\mPaKRbr.exe

C:\Windows\System\mPaKRbr.exe

C:\Windows\System\VDJUaQY.exe

C:\Windows\System\VDJUaQY.exe

C:\Windows\System\UBrtYda.exe

C:\Windows\System\UBrtYda.exe

C:\Windows\System\sZzCUSg.exe

C:\Windows\System\sZzCUSg.exe

C:\Windows\System\RgZBiwK.exe

C:\Windows\System\RgZBiwK.exe

C:\Windows\System\ZPQBgFG.exe

C:\Windows\System\ZPQBgFG.exe

C:\Windows\System\iyQxpOw.exe

C:\Windows\System\iyQxpOw.exe

C:\Windows\System\PZPBBce.exe

C:\Windows\System\PZPBBce.exe

C:\Windows\System\YNvVaKz.exe

C:\Windows\System\YNvVaKz.exe

C:\Windows\System\UuXikqB.exe

C:\Windows\System\UuXikqB.exe

C:\Windows\System\DpYHmPZ.exe

C:\Windows\System\DpYHmPZ.exe

C:\Windows\System\SplLQYV.exe

C:\Windows\System\SplLQYV.exe

C:\Windows\System\MiSigLa.exe

C:\Windows\System\MiSigLa.exe

C:\Windows\System\crVkFQI.exe

C:\Windows\System\crVkFQI.exe

C:\Windows\System\aqvjxcQ.exe

C:\Windows\System\aqvjxcQ.exe

C:\Windows\System\nDXvzhu.exe

C:\Windows\System\nDXvzhu.exe

C:\Windows\System\VIvsnfB.exe

C:\Windows\System\VIvsnfB.exe

C:\Windows\System\uOBWNQh.exe

C:\Windows\System\uOBWNQh.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8

C:\Windows\System\sfEOcMI.exe

C:\Windows\System\sfEOcMI.exe

C:\Windows\System\lRvFCsL.exe

C:\Windows\System\lRvFCsL.exe

C:\Windows\System\ozmTSOE.exe

C:\Windows\System\ozmTSOE.exe

C:\Windows\System\UswzaEX.exe

C:\Windows\System\UswzaEX.exe

C:\Windows\System\yKfPwVA.exe

C:\Windows\System\yKfPwVA.exe

C:\Windows\System\KynWhRq.exe

C:\Windows\System\KynWhRq.exe

C:\Windows\System\GpiLbXe.exe

C:\Windows\System\GpiLbXe.exe

C:\Windows\System\YgzsylI.exe

C:\Windows\System\YgzsylI.exe

C:\Windows\System\GKagtOX.exe

C:\Windows\System\GKagtOX.exe

C:\Windows\System\sfDwEoG.exe

C:\Windows\System\sfDwEoG.exe

C:\Windows\System\kVVCqDW.exe

C:\Windows\System\kVVCqDW.exe

C:\Windows\System\JWGjjzR.exe

C:\Windows\System\JWGjjzR.exe

C:\Windows\System\esupDqW.exe

C:\Windows\System\esupDqW.exe

C:\Windows\System\YrJWyXz.exe

C:\Windows\System\YrJWyXz.exe

C:\Windows\System\VPOCQvV.exe

C:\Windows\System\VPOCQvV.exe

C:\Windows\System\uooZJxX.exe

C:\Windows\System\uooZJxX.exe

C:\Windows\System\UcESfiu.exe

C:\Windows\System\UcESfiu.exe

C:\Windows\System\CEPfrUx.exe

C:\Windows\System\CEPfrUx.exe

C:\Windows\System\JgwhJaJ.exe

C:\Windows\System\JgwhJaJ.exe

C:\Windows\System\kNzhdgS.exe

C:\Windows\System\kNzhdgS.exe

C:\Windows\System\BzzyrEo.exe

C:\Windows\System\BzzyrEo.exe

C:\Windows\System\tQWFoHO.exe

C:\Windows\System\tQWFoHO.exe

C:\Windows\System\YbgxPHl.exe

C:\Windows\System\YbgxPHl.exe

C:\Windows\System\qUHlzBq.exe

C:\Windows\System\qUHlzBq.exe

C:\Windows\System\MIiimPE.exe

C:\Windows\System\MIiimPE.exe

C:\Windows\System\ZFrlbtd.exe

C:\Windows\System\ZFrlbtd.exe

C:\Windows\System\xKPIoZf.exe

C:\Windows\System\xKPIoZf.exe

C:\Windows\System\eiQYsEn.exe

C:\Windows\System\eiQYsEn.exe

C:\Windows\System\VwxnaFH.exe

C:\Windows\System\VwxnaFH.exe

C:\Windows\System\LQdkzis.exe

C:\Windows\System\LQdkzis.exe

C:\Windows\System\BFOTaiI.exe

C:\Windows\System\BFOTaiI.exe

C:\Windows\System\VeTyFSE.exe

C:\Windows\System\VeTyFSE.exe

C:\Windows\System\OKKhrDZ.exe

C:\Windows\System\OKKhrDZ.exe

C:\Windows\System\ePWfXcd.exe

C:\Windows\System\ePWfXcd.exe

C:\Windows\System\FYfMOPu.exe

C:\Windows\System\FYfMOPu.exe

C:\Windows\System\ODafDVz.exe

C:\Windows\System\ODafDVz.exe

C:\Windows\System\Hgktamn.exe

C:\Windows\System\Hgktamn.exe

C:\Windows\System\IcZDzta.exe

C:\Windows\System\IcZDzta.exe

C:\Windows\System\osNzGXm.exe

C:\Windows\System\osNzGXm.exe

C:\Windows\System\ZYoqfVK.exe

C:\Windows\System\ZYoqfVK.exe

C:\Windows\System\EPOUuiE.exe

C:\Windows\System\EPOUuiE.exe

C:\Windows\System\ySlWeSb.exe

C:\Windows\System\ySlWeSb.exe

C:\Windows\System\RbvnqGO.exe

C:\Windows\System\RbvnqGO.exe

C:\Windows\System\SDgIAKg.exe

C:\Windows\System\SDgIAKg.exe

C:\Windows\System\EIEvqKk.exe

C:\Windows\System\EIEvqKk.exe

C:\Windows\System\MwVRUtR.exe

C:\Windows\System\MwVRUtR.exe

C:\Windows\System\xlBNfkk.exe

C:\Windows\System\xlBNfkk.exe

C:\Windows\System\yugbcbi.exe

C:\Windows\System\yugbcbi.exe

C:\Windows\System\gnooPoy.exe

C:\Windows\System\gnooPoy.exe

C:\Windows\System\fwPSOol.exe

C:\Windows\System\fwPSOol.exe

C:\Windows\System\HxuFtEZ.exe

C:\Windows\System\HxuFtEZ.exe

C:\Windows\System\RzPbJPi.exe

C:\Windows\System\RzPbJPi.exe

C:\Windows\System\AfLnKpP.exe

C:\Windows\System\AfLnKpP.exe

C:\Windows\System\URxFTBk.exe

C:\Windows\System\URxFTBk.exe

C:\Windows\System\zSnHvlb.exe

C:\Windows\System\zSnHvlb.exe

C:\Windows\System\aGrRSlw.exe

C:\Windows\System\aGrRSlw.exe

C:\Windows\System\dInrVVg.exe

C:\Windows\System\dInrVVg.exe

C:\Windows\System\sMznURY.exe

C:\Windows\System\sMznURY.exe

C:\Windows\System\axSnirF.exe

C:\Windows\System\axSnirF.exe

C:\Windows\System\ydwkoqg.exe

C:\Windows\System\ydwkoqg.exe

C:\Windows\System\IOlnJJU.exe

C:\Windows\System\IOlnJJU.exe

C:\Windows\System\iSJSjbh.exe

C:\Windows\System\iSJSjbh.exe

C:\Windows\System\MvXYDFH.exe

C:\Windows\System\MvXYDFH.exe

C:\Windows\System\kVwWnUg.exe

C:\Windows\System\kVwWnUg.exe

C:\Windows\System\FnMAeZx.exe

C:\Windows\System\FnMAeZx.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1624-0-0x00007FF697EE0000-0x00007FF698234000-memory.dmp

memory/1624-1-0x000001ADA4360000-0x000001ADA4370000-memory.dmp

C:\Windows\System\mRAXDjr.exe

MD5 368e323f5dcf29c52f1eec16fdfd4237
SHA1 47294ad256c028bcc98bff87cdfe5045eb69444d
SHA256 61f2bf8253c9961ea5398c04009cf459d21c0509a25173968e65af2c2ad275f7
SHA512 c5cc9a2658058694e0b9496a493941983452cb6796ac2f9827be2f3debbb873f8054a9bf3ac0abe83905c041b45dca07606f2c3a5bae91a708d7deee79bae838

C:\Windows\System\SwVjVVT.exe

MD5 4ce5078ec1b46458b7ad1555e201efac
SHA1 aa00c9d3d44d45a57f9ae79182df3fe3ab4dc775
SHA256 ac20e238234b1bb336795919261ce78afc9d75db00f49fce59c69504847119bd
SHA512 780d3bb631a9ea8b942b6d6c0a2ad537cffc541311f2391c6ac4d67c9f9a4a9212907f08ecbd88c24b81f578331ca7ac584e4f423839242ce09148d8854d6b4a

C:\Windows\System\kFbuKmW.exe

MD5 1a6e6090c586f30618d099e5ab7f1cba
SHA1 bf1922ddf0e653837e952f8178aa13dd10d9c89d
SHA256 8d449d213b6fd4b6ce0ae3e9cfb4ecdf7eba7750d8f5aa89a59d8f6fbb45f3bb
SHA512 ce65adf61ee022a55a0e6c4be535e82227a21e5a5b7baec71eab8992bfb18fef93a3d32ab667d5c69ae5b6eec91b61fe9803643ae5c7d36a3b01c7639d15bbf8

C:\Windows\System\wdagJCQ.exe

MD5 6ff3daf3ee18340ea5714f99e4fd608a
SHA1 ca70322f52a4d9c809de322b8fdc7250907d1e46
SHA256 84c7e810c909d32d42b8a6a5b84b542a668004aa520646326e72de6ccc0cdb51
SHA512 9d83586edf54d82a120d5868ee43a86424c498d0baed3456b4c4a9f344eb6b9df12e88c0c76ddbef862cf61d586380bdc819f6ed987c3894bb4055daee44a400

C:\Windows\System\YZkKFGK.exe

MD5 8521e045c2892aa874823e2ad7505a09
SHA1 78930c7b43640a0a07561371f03d2c822edc748d
SHA256 a236ea21043443469df5dc7c9cade151f99bf5873a873396b0271bf923b1bc71
SHA512 2dfbe36b3eb7c88bc8fa36351eb29808c92e31e6bebe57787c85cc078a50e9af545f495cbc06919f19c47ca39e7b9df49136951bff5ed07d6571467444c0c157

memory/1020-34-0x00007FF7EEB40000-0x00007FF7EEE94000-memory.dmp

memory/2840-36-0x00007FF7193E0000-0x00007FF719734000-memory.dmp

C:\Windows\System\FlFBMSl.exe

MD5 e3a26a7e80a042536615c01a905885f1
SHA1 5862bf122358e20f7584b0429b3e1d8088a531cf
SHA256 7a55af0052ee9d803e5b357f5b568d56bab12d9da54a840398952232d22a45be
SHA512 ed0c27ca9cb3ff4866e9ea14a1d949030ae17161bd2bf6f265f5fe3033bd82d7dc8bb492f500fcf5433c19dcfb3dcad2206de76f7291295abfdc337ba760444e

memory/3656-24-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp

memory/1072-23-0x00007FF6E3BD0000-0x00007FF6E3F24000-memory.dmp

memory/4560-17-0x00007FF73D800000-0x00007FF73DB54000-memory.dmp

memory/2692-10-0x00007FF7F8F40000-0x00007FF7F9294000-memory.dmp

C:\Windows\System\XDnAtXO.exe

MD5 25c343bb6f72c49d993dd3ccd37b6a56
SHA1 c0dc448c75070118a4b5dbcf86e069db8c7d8efb
SHA256 5277d99185ab1cbe82615250a8af42ac3e2dd264655dd5bea06855a35cb65e45
SHA512 63bfb1af5e6d94758d6e4f5b0e13989d40b347d4bd539697e3286e7126e4152591ca296bca6c16acd3d438a752b3bc0850b126520bfea5981b1004f953cfc1c5

C:\Windows\System\HQurtes.exe

MD5 606ded404926bcd5836823345544fa5b
SHA1 c99c6f5e05bf5bd37a90e8d02f0a7a7563909323
SHA256 041be8600762f27adff1651244ab7d12a195a9a997baa092af177d6bc0c02e49
SHA512 2b73ac80dd75020e96e2261c41fde660f1d5ad6f685ebb4d7eca617f599467b46596bcad92cbf80d8a159b38a3adb83cc401314079fe8fa9a0b9118695fb06be

C:\Windows\System\ECihIsM.exe

MD5 dde282dd113098a35e7a130e2f5841b8
SHA1 017d0687fd170354f64a66d60a37fcd0c383d6a0
SHA256 01d51ebf3a1940fd8a5b687770c224e5e3e852acb456c7492e26dd5c1cf822f0
SHA512 5b6b61cdf6ebf84138e50d000942e1f3611df6780e6dd5af338b770e37a6d664bcb7e504eeb7480850f106b920b5e06fbb5017da8ba97b767f4fb056b758c38b

memory/3900-64-0x00007FF7095B0000-0x00007FF709904000-memory.dmp

C:\Windows\System\dCurnMC.exe

MD5 45a1ff095867076bc649858c58326d79
SHA1 f5a3fb6bcbb1b28877ef87e89f68181652956963
SHA256 ca12f5795cd3c11ded99bb3eaa41642e2efbb8b38af447cbf884ba46de875e95
SHA512 a8944410e9de47d740d66435f821a82c6654ed0d456b2e33473b8d8539fb574bb16f712f0f2d9967c13b812ad21a7b58e3d3fc8e00ab4a4391bb948da412b4d8

C:\Windows\System\koLOfGA.exe

MD5 a2b724d128225e14a21855c4919af077
SHA1 1b409efe1c0c254233c70ab089c692e7fa681470
SHA256 caccc9eb83a94cfc62fcd19535e9dceb6e45ef0956cd2d4d64c726e187c8cdaf
SHA512 8287467bb9aa8f13848ab0d827098e858ea1020b394b48ff6033ad2332c1458cadcfb539d406f2546dbdeaf0d2fd4f9de15acc45875b2abba913f4fa55d117b0

C:\Windows\System\UbkIKzV.exe

MD5 a16b8993f4b43a8c6b533d8ef5af4c50
SHA1 1c296eed83328570db2dbf30d1e119ae2dd3aa75
SHA256 e8420641b96d1666cc4d706828a404e1956325648593ad2ccf68452d02218f58
SHA512 98d25d086b3c4ae671723b49e3e43bc72618150b63edd252f7f8b18ed383cf206efa2eb10b7ea5ae598d206113a0fd5cd15365a8f42d53f2dd01bd8a9a9fd5bf

C:\Windows\System\bmvthxK.exe

MD5 132efa760c87307d1ea255555f85bbbb
SHA1 d12679f24237322751eca2ecb2d406e6d469236e
SHA256 7b6f5fd7fc9ad1cdca8cb0bc6c5c81bf5465c53ee744dd884d9b880d79ef4cc2
SHA512 3e322959c4302fd1e720593a9fda7b0841df5851353f9cb543a2d73694bedd55d4b8c02899e45fd4c7255f038465df6bf4a97132448ddbfac28fa0f114f7d554

memory/4592-117-0x00007FF73AFD0000-0x00007FF73B324000-memory.dmp

C:\Windows\System\YfVBnyZ.exe

MD5 3dcf6d7ca38546b43f4d103217c81a04
SHA1 7d26e9173518e09750123e9e41107a6a6be16634
SHA256 9f10579389fb5a94ca4335958bd5c0b507686103c7a38a5ae84fa75da539a062
SHA512 1f41c62514068efd601f64130b0cc616af7f5abb1ce35264d62847f75db773964b1a56085b9d4bc40060d268b461801a2ee73251ef8b7484f372f9bde96dac35

C:\Windows\System\tOJgYkT.exe

MD5 77c00b3152b27e473fabdddaa2569273
SHA1 8a93ed923b90e7c23a005cba6eacb6bb8172323d
SHA256 cb3eb70cc527af7aec3b316bc74ea953506e835141ac6db7d8f6f9b3a8166b59
SHA512 cfce001bab23e987e9f2bb415db535b47c298bd281de73a28bb3f925fee59278fdb8a2563e5257d563540e93669321e7827ca632e4c40b38b31d5217d6e8f1c5

C:\Windows\System\sVSpUMM.exe

MD5 1bcf8fc816aab56446033711d8f3fae5
SHA1 4548fea4adfaed346ff5654e871d3387d1a34068
SHA256 161a31f1a78fcb9f2be058c2595562b937877804df73c41815a61c246cff0522
SHA512 add38d65380e03af5325c235ffb6a7660e6ab869ba4e2b3a45f65d767d38859b66e4caa6a6027d32971d4becbd94609836be35f1a68b1706befcdbfffeb05800

C:\Windows\System\FTHqVUG.exe

MD5 029e846b5b41cf41fc9499ecd6d992b2
SHA1 6e19970bee484c6461f65ecc143d76a73051a617
SHA256 f1a632f87dac87abeb3209a42ac3a658ba626290ccbdd328d185a617d69c8c51
SHA512 49c13de29b84ea4c281b8d841fb26d5db1284ed4393c47f63c5ca083cfd4e6ee19f2a09febd0da93f87d9519a5d9ccf8c20e5663db45a03a54c7a0de067788e2

C:\Windows\System\eKtYyPS.exe

MD5 6f63724ffec636e9ffca6360b72a987a
SHA1 9097c8fb2ea1ed0d750c7ab36309f59807171f3f
SHA256 84fe4afd137f132b6920af783ec706fc2938d40e7f7577e88e5b46eece19649a
SHA512 2a748e855420d56fab80bcb79c30369b7487aa7d78c0346a7d45b182ae0600ee3d16aa67647ac5da1918c895fb1a402c919e6440d5b20ea053a24cb2d8b7c424

memory/2372-193-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp

memory/396-192-0x00007FF60BB70000-0x00007FF60BEC4000-memory.dmp

memory/3372-186-0x00007FF6B8A40000-0x00007FF6B8D94000-memory.dmp

C:\Windows\System\SZBEEmg.exe

MD5 765b9284aa6272f4275c436288e00728
SHA1 57a89557ad0b1738b9247b45f29bd3d54cf0b975
SHA256 6a10a51e11b0bd62bbb0a5bc9dbf3d810ebe925726fb5f4e92eef7138720ed38
SHA512 01548421ddb7f8bad71f2711b7a3eaca8c232155fe104b041c763c51ebfb104986ee38b2d254e3a3d4c742249041f4cc174ed0784b93c123ff0474be66dd9188

C:\Windows\System\SJpzQNF.exe

MD5 5759a0d068966f91ad66fb5ddea096ba
SHA1 105666cd7622b09aaef9b6bf3ca9ec73001d5121
SHA256 bc05475294bd566e12e1d88893c19c8a3d6bfc10c061a51ce1b2b5055c398892
SHA512 deb584d104fefc64972d726b4b4a92efe2e6c56e42430c3e14723df485e01a6f0e34954417592b44e8aa0582a46ce943b707a18bbd4b35a834b145c734bb4ab6

memory/3012-180-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp

memory/4812-174-0x00007FF6D6610000-0x00007FF6D6964000-memory.dmp

C:\Windows\System\URzdTmk.exe

MD5 0738f87f6f1b53f2ea2b8d9c8045df1f
SHA1 95ca1733bfdf663c85943121bb53cf243e900769
SHA256 d788130600151bf521846f48fcac1e9db7acb7643d325fa55a0f77d3e956e6a5
SHA512 322c1e29da442f98a44beed48ad0bf7e4dc057c8ebc89878b9a1365d00266b2a8a90c77c4fe32100af00c222e016525915af2d6a428e42a53ed142abb71e088f

memory/4720-168-0x00007FF77F550000-0x00007FF77F8A4000-memory.dmp

memory/5008-162-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp

memory/4456-161-0x00007FF70AE00000-0x00007FF70B154000-memory.dmp

C:\Windows\System\oPjVCOH.exe

MD5 a2d4c11966796983488a1471756e390f
SHA1 96c86d5abe7211f4f39b7145d55b468a820e1f65
SHA256 835ba9aef2f58e2363d870be5cb76b4c0b0c220747a461a189f0df7020c5be51
SHA512 fc91d617347e2a260141d21aee21b126eb2a3d5e0193f13a4a30139ee28286eb884de1ded53a9ac55c0817b94e0e9182314b281675cd02e05b1b337a48cf1505

memory/2084-155-0x00007FF798700000-0x00007FF798A54000-memory.dmp

C:\Windows\System\qTHbnxj.exe

MD5 0e208a7c7d3692a20822ec42124842df
SHA1 f89913a4f88325c0730b05e4b4f68fc7ae0f5d7a
SHA256 f819f0b382a739a09a9398275a307f44dd3336bc568d10ebc5ef444fca48dfa3
SHA512 240fdc5170cd82cec99edcd6523e2950be8cdf9fd8c861a1fee083054ce64b22ce22935be551dd913c7798f1acd61b5899436fd129484c760a48f08407eb6104

memory/2800-149-0x00007FF6650F0000-0x00007FF665444000-memory.dmp

memory/3588-148-0x00007FF6820F0000-0x00007FF682444000-memory.dmp

memory/4160-138-0x00007FF7B4DD0000-0x00007FF7B5124000-memory.dmp

memory/460-137-0x00007FF6CF720000-0x00007FF6CFA74000-memory.dmp

memory/3420-132-0x00007FF662FC0000-0x00007FF663314000-memory.dmp

C:\Windows\System\bUesxoy.exe

MD5 de060116606c84d76250378bb7eb1c1b
SHA1 f290300921c76ee1061be8341f69df27ea639688
SHA256 8306b6ba2e45653e6e41d73c18d76398b45275b39bc882781485e4aaa90e1638
SHA512 cbb1ca3b61fba6027b4f9b23ba44251b9dd07af1d34f18d05d0696d2ea284ef0d254da88f2779373e265426215d677a0534260dab6a6bbf64fdbe0de3096c33f

C:\Windows\System\QDSyqEk.exe

MD5 080ba4d9f52aa6913583e45cbafcff3d
SHA1 f1952ab30afcb63e9f0f96bdf30ceab9f827f71d
SHA256 7a80b69dd0f9c7fb4f12369e3150f9d74c3803560bb2eb10efb0a81ed79cffcc
SHA512 8568da66a6bcbe83088c32bd1b5411ad432fc8ed55ada5c87ca3e5dae6c59965d71e7b160bfcff91493e997a419788b77dbdbeb6e33ca02ba4d09beae464f13f

memory/2220-122-0x00007FF7667D0000-0x00007FF766B24000-memory.dmp

C:\Windows\System\dTRtJLg.exe

MD5 ad0a26805be371be11b756c4bb3b97ba
SHA1 cab41bb13ca097a6f917114de6d7fa5582512154
SHA256 b0fb80e0599686be258981446ef9ced42e79f19fc80270c055acebf3b49c36f8
SHA512 8b0033b3c8e483b387c2a48b918c9b3b8bbb346dbb5b119b676220cfe61a0332fade73b2aedf8bb66eada47e5e2b6e74b90a8d8065870e9b0018e1a7bc2704e7

C:\Windows\System\CkMmiTp.exe

MD5 e6a1b77e3c68e88a862cad9418fea65a
SHA1 6e55c76520725385b8894acc01d72543cc07700e
SHA256 5fdd18e7c5621b0e11affce6052aeffe126a1fbcf58e7526ccb7aa99cd70388d
SHA512 82099c20377fb487e1807d0ab187c7a5e5bfe582f0ea2286df3d5508313321a90dd832c6ea35652708cfb7f44fb4cc39c5648234ed42b2dfdb52f322737b8dc7

C:\Windows\System\XLoFUvx.exe

MD5 e142fcf40bad5f72d288b2033d7dc08f
SHA1 7d2cb8a8ad0a07764c854015f4a0800ab677b601
SHA256 8f5d98477cff9b5012686ffe98c324908e06093f1a39b25c01b09025220862f9
SHA512 c05be05e79eacdc7fe73e68c4dc10eec44e08ac19ad96fb1b24308bffb4aa34986c4eed458f8e0fb87bcdc891234b38a803d2cdf542a9b4bb3379152d76a3223

memory/3504-112-0x00007FF61C920000-0x00007FF61CC74000-memory.dmp

C:\Windows\System\BekVHwN.exe

MD5 9647a93a38222ebbac3da64fe4ac615b
SHA1 5730103038f68124cea5554f3ce111bc66af767c
SHA256 5f316de891246152b12475b3eaa7445a166765c1e265b22850a2853c8fce0ece
SHA512 66bfd4a982747478d0fd8e7ed2b0e7264a80a74a4071f5234b88874ba34d3feb78e4372049b6d808286591275d8b964580193f396592fcd3e1d4b85f81793543

memory/4688-98-0x00007FF69F720000-0x00007FF69FA74000-memory.dmp

C:\Windows\System\pwarYuW.exe

MD5 526f0a1c751d4d44725da00d2124ebb1
SHA1 c3d748db5a9c60b7f4ad5e335446038d914ec669
SHA256 98e4ba628ce6da83f16f42b3afc2c92ee6e91aae6023d50451e4c8b6496454ba
SHA512 01f123cd5a4803f294a1d6fa9d7894eb68e856f2778b388e7f83986c54c72568c4ac9cda332b7212edf7482d454da1503ab7d3fcef0ab74d3ec9a6ea879562e3

C:\Windows\System\fGlCVxa.exe

MD5 445b678ecc789b04b625e6df070539dd
SHA1 5ec33773dc9a9c470d1fb507f7e5b8f9d5eeb857
SHA256 775215dc7b4a08eb6494548d3b218d1357f835ab4ecc6639671e083964f2cf3e
SHA512 ba49c67feae95c80bc39b7902e1d28354402e8acf9ee47bd0cc13cbc5ff45f1c2dd9a1c72c574a44f9395c5e71c31b319be687228da975adb3b965a46bfabc3e

memory/384-82-0x00007FF6C8080000-0x00007FF6C83D4000-memory.dmp

C:\Windows\System\abHWMNi.exe

MD5 117ab439387b829be144a0ccd8f7d279
SHA1 c82b01727dd5c828aceff6c7102cbb3c35c8f51f
SHA256 6e19071ae9953b6f4973f1d5b3623cc5af3630754b9cd955481016311805a76f
SHA512 d84e79a2c214a69e40f8a07021b277289ab3814783d52bde1980acbcfc49788b5c00bf673a30275cdc24edde34b085f6e21e5afe5fd9c8250821a852b37eddcc

memory/4268-76-0x00007FF683340000-0x00007FF683694000-memory.dmp

memory/4700-67-0x00007FF7E78E0000-0x00007FF7E7C34000-memory.dmp

C:\Windows\System\ZAQKgYC.exe

MD5 889d197cf4c79c6f9aa29c71194a13e7
SHA1 50df5bfaeb27fea0a42bb3639baf115c13307294
SHA256 68a23858b2acbef4371ac048331342bcec64b4140234a02c41090036750b35f0
SHA512 3ebece1f1153c0fa2caeb8fbefe94c206b391befba350a414e52eba8a1a8b1b79b5b3ec95710a35ed03b7ec813b6df40355bc7069adaf27d5ee2588ef2982fb7

memory/3664-47-0x00007FF61A520000-0x00007FF61A874000-memory.dmp

memory/1624-1070-0x00007FF697EE0000-0x00007FF698234000-memory.dmp

memory/1072-1071-0x00007FF6E3BD0000-0x00007FF6E3F24000-memory.dmp

memory/3656-1072-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp

memory/1020-1073-0x00007FF7EEB40000-0x00007FF7EEE94000-memory.dmp

memory/2840-1074-0x00007FF7193E0000-0x00007FF719734000-memory.dmp

memory/4688-1075-0x00007FF69F720000-0x00007FF69FA74000-memory.dmp

memory/3664-1076-0x00007FF61A520000-0x00007FF61A874000-memory.dmp

memory/384-1077-0x00007FF6C8080000-0x00007FF6C83D4000-memory.dmp

memory/460-1078-0x00007FF6CF720000-0x00007FF6CFA74000-memory.dmp

memory/4160-1079-0x00007FF7B4DD0000-0x00007FF7B5124000-memory.dmp

memory/3900-1080-0x00007FF7095B0000-0x00007FF709904000-memory.dmp

memory/2220-1081-0x00007FF7667D0000-0x00007FF766B24000-memory.dmp

memory/3420-1082-0x00007FF662FC0000-0x00007FF663314000-memory.dmp

memory/2692-1083-0x00007FF7F8F40000-0x00007FF7F9294000-memory.dmp

memory/4560-1084-0x00007FF73D800000-0x00007FF73DB54000-memory.dmp

memory/1072-1085-0x00007FF6E3BD0000-0x00007FF6E3F24000-memory.dmp

memory/3656-1086-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp

memory/1020-1087-0x00007FF7EEB40000-0x00007FF7EEE94000-memory.dmp

memory/2840-1088-0x00007FF7193E0000-0x00007FF719734000-memory.dmp

memory/3664-1089-0x00007FF61A520000-0x00007FF61A874000-memory.dmp

memory/4700-1090-0x00007FF7E78E0000-0x00007FF7E7C34000-memory.dmp

memory/3900-1092-0x00007FF7095B0000-0x00007FF709904000-memory.dmp

memory/4268-1091-0x00007FF683340000-0x00007FF683694000-memory.dmp

memory/4688-1093-0x00007FF69F720000-0x00007FF69FA74000-memory.dmp

memory/4592-1097-0x00007FF73AFD0000-0x00007FF73B324000-memory.dmp

memory/5008-1099-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp

memory/2084-1100-0x00007FF798700000-0x00007FF798A54000-memory.dmp

memory/3420-1101-0x00007FF662FC0000-0x00007FF663314000-memory.dmp

memory/2800-1098-0x00007FF6650F0000-0x00007FF665444000-memory.dmp

memory/384-1096-0x00007FF6C8080000-0x00007FF6C83D4000-memory.dmp

memory/3504-1095-0x00007FF61C920000-0x00007FF61CC74000-memory.dmp

memory/3588-1094-0x00007FF6820F0000-0x00007FF682444000-memory.dmp

memory/2220-1103-0x00007FF7667D0000-0x00007FF766B24000-memory.dmp

memory/4160-1110-0x00007FF7B4DD0000-0x00007FF7B5124000-memory.dmp

memory/4720-1109-0x00007FF77F550000-0x00007FF77F8A4000-memory.dmp

memory/4812-1108-0x00007FF6D6610000-0x00007FF6D6964000-memory.dmp

memory/3012-1107-0x00007FF66A740000-0x00007FF66AA94000-memory.dmp

memory/396-1106-0x00007FF60BB70000-0x00007FF60BEC4000-memory.dmp

memory/3372-1105-0x00007FF6B8A40000-0x00007FF6B8D94000-memory.dmp

memory/2372-1104-0x00007FF6B6180000-0x00007FF6B64D4000-memory.dmp

memory/4456-1102-0x00007FF70AE00000-0x00007FF70B154000-memory.dmp

memory/460-1111-0x00007FF6CF720000-0x00007FF6CFA74000-memory.dmp