Malware Analysis Report

2024-10-10 09:48

Sample ID 240625-n6r2vs1gll
Target 5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe
SHA256 5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9
Tags
kpot xmrig miner persistence privilege_escalation stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9

Threat Level: Known bad

The file 5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner persistence privilege_escalation stealer trojan upx

KPOT

Kpot family

Xmrig family

KPOT Core Executable

xmrig

XMRig Miner payload

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Event Triggered Execution: Accessibility Features

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-25 12:00

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 12:00

Reported

2024-06-25 12:03

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mXYkntY.exe N/A
N/A N/A C:\Windows\System\RyIvmKB.exe N/A
N/A N/A C:\Windows\System\BAGiHth.exe N/A
N/A N/A C:\Windows\System\gJcKJHr.exe N/A
N/A N/A C:\Windows\System\VLpZVEz.exe N/A
N/A N/A C:\Windows\System\qaxLOBG.exe N/A
N/A N/A C:\Windows\System\KTyXeGh.exe N/A
N/A N/A C:\Windows\System\YhsiIto.exe N/A
N/A N/A C:\Windows\System\omvqoEh.exe N/A
N/A N/A C:\Windows\System\NyJbMts.exe N/A
N/A N/A C:\Windows\System\cyfgrkO.exe N/A
N/A N/A C:\Windows\System\xGNVlji.exe N/A
N/A N/A C:\Windows\System\bHCvgKM.exe N/A
N/A N/A C:\Windows\System\ovrDQep.exe N/A
N/A N/A C:\Windows\System\DOBPbpq.exe N/A
N/A N/A C:\Windows\System\YawEvdc.exe N/A
N/A N/A C:\Windows\System\uIBEvdW.exe N/A
N/A N/A C:\Windows\System\AmvNrhL.exe N/A
N/A N/A C:\Windows\System\QcesnbL.exe N/A
N/A N/A C:\Windows\System\dSNBoJV.exe N/A
N/A N/A C:\Windows\System\fpwScJQ.exe N/A
N/A N/A C:\Windows\System\rJFUSUY.exe N/A
N/A N/A C:\Windows\System\HsOwuOV.exe N/A
N/A N/A C:\Windows\System\BUeAxYa.exe N/A
N/A N/A C:\Windows\System\aBijYmH.exe N/A
N/A N/A C:\Windows\System\krlksaN.exe N/A
N/A N/A C:\Windows\System\euMDvNP.exe N/A
N/A N/A C:\Windows\System\eLAcbnS.exe N/A
N/A N/A C:\Windows\System\LquRirP.exe N/A
N/A N/A C:\Windows\System\QzmPMxl.exe N/A
N/A N/A C:\Windows\System\pAaQstg.exe N/A
N/A N/A C:\Windows\System\DtFtMbf.exe N/A
N/A N/A C:\Windows\System\sSizWiu.exe N/A
N/A N/A C:\Windows\System\HGlcUcP.exe N/A
N/A N/A C:\Windows\System\ZurfsPq.exe N/A
N/A N/A C:\Windows\System\fddvtjZ.exe N/A
N/A N/A C:\Windows\System\GnquPQg.exe N/A
N/A N/A C:\Windows\System\rDvYMyD.exe N/A
N/A N/A C:\Windows\System\XMsGCXh.exe N/A
N/A N/A C:\Windows\System\lgtqxUn.exe N/A
N/A N/A C:\Windows\System\dmeDxmj.exe N/A
N/A N/A C:\Windows\System\FxvttLh.exe N/A
N/A N/A C:\Windows\System\TOhsYZa.exe N/A
N/A N/A C:\Windows\System\MHLhfeF.exe N/A
N/A N/A C:\Windows\System\MMAGXIh.exe N/A
N/A N/A C:\Windows\System\pdOyWik.exe N/A
N/A N/A C:\Windows\System\amJsWcW.exe N/A
N/A N/A C:\Windows\System\wxQOhMZ.exe N/A
N/A N/A C:\Windows\System\ovVLsYC.exe N/A
N/A N/A C:\Windows\System\lrINNCd.exe N/A
N/A N/A C:\Windows\System\GsjuxNY.exe N/A
N/A N/A C:\Windows\System\QoBPKAn.exe N/A
N/A N/A C:\Windows\System\HbxrInv.exe N/A
N/A N/A C:\Windows\System\QPwCufU.exe N/A
N/A N/A C:\Windows\System\SCJpyFB.exe N/A
N/A N/A C:\Windows\System\wBqQXOY.exe N/A
N/A N/A C:\Windows\System\vsUXaoI.exe N/A
N/A N/A C:\Windows\System\WjHEple.exe N/A
N/A N/A C:\Windows\System\nnWJBEG.exe N/A
N/A N/A C:\Windows\System\JmozYVk.exe N/A
N/A N/A C:\Windows\System\KRqsxMf.exe N/A
N/A N/A C:\Windows\System\LafHmIG.exe N/A
N/A N/A C:\Windows\System\uYRoJZg.exe N/A
N/A N/A C:\Windows\System\cpPwxdS.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RyIvmKB.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbTtQVH.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\FpQXFAL.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCUmuhu.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QQiFiXD.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzLbfGT.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\RvOeAtp.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZTPmnI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuWAPPG.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\EunzgQN.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZjNSpj.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCBPUwI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMGTPNf.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\jynCdQa.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqOQcWG.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcZeDEP.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORWjqoi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjvYAEV.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\tswpMIX.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnwNphm.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\NyJbMts.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIBEvdW.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEbGuEH.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\iBBOQDX.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\fddvtjZ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHfmITm.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\hurRDgV.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgabECl.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhsiIto.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\cyfgrkO.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzmPMxl.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\DIgZRxI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxHYnad.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\bRpnfdZ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNGLZBT.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\jImntav.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBgGnlU.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRIAKry.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmdDqjh.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCrnsFw.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YszhKEs.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSizWiu.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\XFGthCd.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmGTOZd.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZjAiqg.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjIKWMN.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\bngMhdt.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\hnPfGYw.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwEewIW.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrpoHpC.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JntdYNG.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpuBAPX.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzSNsDa.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSCTwID.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbEZYBD.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPdDEpH.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJFUSUY.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMAGXIh.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\wBqQXOY.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOamXno.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVSzduQ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\qIldDES.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\AeqvmIO.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArkZVMO.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\mXYkntY.exe
PID 1844 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\mXYkntY.exe
PID 1844 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\RyIvmKB.exe
PID 1844 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\RyIvmKB.exe
PID 1844 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\BAGiHth.exe
PID 1844 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\BAGiHth.exe
PID 1844 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\gJcKJHr.exe
PID 1844 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\gJcKJHr.exe
PID 1844 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VLpZVEz.exe
PID 1844 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VLpZVEz.exe
PID 1844 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\qaxLOBG.exe
PID 1844 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\qaxLOBG.exe
PID 1844 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\KTyXeGh.exe
PID 1844 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\KTyXeGh.exe
PID 1844 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\YhsiIto.exe
PID 1844 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\YhsiIto.exe
PID 1844 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\omvqoEh.exe
PID 1844 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\omvqoEh.exe
PID 1844 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\NyJbMts.exe
PID 1844 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\NyJbMts.exe
PID 1844 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\cyfgrkO.exe
PID 1844 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\cyfgrkO.exe
PID 1844 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\xGNVlji.exe
PID 1844 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\xGNVlji.exe
PID 1844 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\bHCvgKM.exe
PID 1844 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\bHCvgKM.exe
PID 1844 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\ovrDQep.exe
PID 1844 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\ovrDQep.exe
PID 1844 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\YawEvdc.exe
PID 1844 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\YawEvdc.exe
PID 1844 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\DOBPbpq.exe
PID 1844 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\DOBPbpq.exe
PID 1844 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\uIBEvdW.exe
PID 1844 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\uIBEvdW.exe
PID 1844 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\AmvNrhL.exe
PID 1844 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\AmvNrhL.exe
PID 1844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\QcesnbL.exe
PID 1844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\QcesnbL.exe
PID 1844 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\dSNBoJV.exe
PID 1844 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\dSNBoJV.exe
PID 1844 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\fpwScJQ.exe
PID 1844 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\fpwScJQ.exe
PID 1844 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\rJFUSUY.exe
PID 1844 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\rJFUSUY.exe
PID 1844 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\HsOwuOV.exe
PID 1844 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\HsOwuOV.exe
PID 1844 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\BUeAxYa.exe
PID 1844 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\BUeAxYa.exe
PID 1844 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\aBijYmH.exe
PID 1844 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\aBijYmH.exe
PID 1844 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\krlksaN.exe
PID 1844 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\krlksaN.exe
PID 1844 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\euMDvNP.exe
PID 1844 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\euMDvNP.exe
PID 1844 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\eLAcbnS.exe
PID 1844 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\eLAcbnS.exe
PID 1844 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\LquRirP.exe
PID 1844 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\LquRirP.exe
PID 1844 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\QzmPMxl.exe
PID 1844 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\QzmPMxl.exe
PID 1844 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\pAaQstg.exe
PID 1844 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\pAaQstg.exe
PID 1844 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\DtFtMbf.exe
PID 1844 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\DtFtMbf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe"

C:\Windows\System\mXYkntY.exe

C:\Windows\System\mXYkntY.exe

C:\Windows\System\RyIvmKB.exe

C:\Windows\System\RyIvmKB.exe

C:\Windows\System\BAGiHth.exe

C:\Windows\System\BAGiHth.exe

C:\Windows\System\gJcKJHr.exe

C:\Windows\System\gJcKJHr.exe

C:\Windows\System\VLpZVEz.exe

C:\Windows\System\VLpZVEz.exe

C:\Windows\System\qaxLOBG.exe

C:\Windows\System\qaxLOBG.exe

C:\Windows\System\KTyXeGh.exe

C:\Windows\System\KTyXeGh.exe

C:\Windows\System\YhsiIto.exe

C:\Windows\System\YhsiIto.exe

C:\Windows\System\omvqoEh.exe

C:\Windows\System\omvqoEh.exe

C:\Windows\System\NyJbMts.exe

C:\Windows\System\NyJbMts.exe

C:\Windows\System\cyfgrkO.exe

C:\Windows\System\cyfgrkO.exe

C:\Windows\System\xGNVlji.exe

C:\Windows\System\xGNVlji.exe

C:\Windows\System\bHCvgKM.exe

C:\Windows\System\bHCvgKM.exe

C:\Windows\System\ovrDQep.exe

C:\Windows\System\ovrDQep.exe

C:\Windows\System\YawEvdc.exe

C:\Windows\System\YawEvdc.exe

C:\Windows\System\DOBPbpq.exe

C:\Windows\System\DOBPbpq.exe

C:\Windows\System\uIBEvdW.exe

C:\Windows\System\uIBEvdW.exe

C:\Windows\System\AmvNrhL.exe

C:\Windows\System\AmvNrhL.exe

C:\Windows\System\QcesnbL.exe

C:\Windows\System\QcesnbL.exe

C:\Windows\System\dSNBoJV.exe

C:\Windows\System\dSNBoJV.exe

C:\Windows\System\fpwScJQ.exe

C:\Windows\System\fpwScJQ.exe

C:\Windows\System\rJFUSUY.exe

C:\Windows\System\rJFUSUY.exe

C:\Windows\System\HsOwuOV.exe

C:\Windows\System\HsOwuOV.exe

C:\Windows\System\BUeAxYa.exe

C:\Windows\System\BUeAxYa.exe

C:\Windows\System\aBijYmH.exe

C:\Windows\System\aBijYmH.exe

C:\Windows\System\krlksaN.exe

C:\Windows\System\krlksaN.exe

C:\Windows\System\euMDvNP.exe

C:\Windows\System\euMDvNP.exe

C:\Windows\System\eLAcbnS.exe

C:\Windows\System\eLAcbnS.exe

C:\Windows\System\LquRirP.exe

C:\Windows\System\LquRirP.exe

C:\Windows\System\QzmPMxl.exe

C:\Windows\System\QzmPMxl.exe

C:\Windows\System\pAaQstg.exe

C:\Windows\System\pAaQstg.exe

C:\Windows\System\DtFtMbf.exe

C:\Windows\System\DtFtMbf.exe

C:\Windows\System\sSizWiu.exe

C:\Windows\System\sSizWiu.exe

C:\Windows\System\HGlcUcP.exe

C:\Windows\System\HGlcUcP.exe

C:\Windows\System\ZurfsPq.exe

C:\Windows\System\ZurfsPq.exe

C:\Windows\System\fddvtjZ.exe

C:\Windows\System\fddvtjZ.exe

C:\Windows\System\GnquPQg.exe

C:\Windows\System\GnquPQg.exe

C:\Windows\System\rDvYMyD.exe

C:\Windows\System\rDvYMyD.exe

C:\Windows\System\XMsGCXh.exe

C:\Windows\System\XMsGCXh.exe

C:\Windows\System\lgtqxUn.exe

C:\Windows\System\lgtqxUn.exe

C:\Windows\System\dmeDxmj.exe

C:\Windows\System\dmeDxmj.exe

C:\Windows\System\FxvttLh.exe

C:\Windows\System\FxvttLh.exe

C:\Windows\System\TOhsYZa.exe

C:\Windows\System\TOhsYZa.exe

C:\Windows\System\MHLhfeF.exe

C:\Windows\System\MHLhfeF.exe

C:\Windows\System\MMAGXIh.exe

C:\Windows\System\MMAGXIh.exe

C:\Windows\System\pdOyWik.exe

C:\Windows\System\pdOyWik.exe

C:\Windows\System\amJsWcW.exe

C:\Windows\System\amJsWcW.exe

C:\Windows\System\wxQOhMZ.exe

C:\Windows\System\wxQOhMZ.exe

C:\Windows\System\ovVLsYC.exe

C:\Windows\System\ovVLsYC.exe

C:\Windows\System\lrINNCd.exe

C:\Windows\System\lrINNCd.exe

C:\Windows\System\GsjuxNY.exe

C:\Windows\System\GsjuxNY.exe

C:\Windows\System\QoBPKAn.exe

C:\Windows\System\QoBPKAn.exe

C:\Windows\System\HbxrInv.exe

C:\Windows\System\HbxrInv.exe

C:\Windows\System\QPwCufU.exe

C:\Windows\System\QPwCufU.exe

C:\Windows\System\SCJpyFB.exe

C:\Windows\System\SCJpyFB.exe

C:\Windows\System\wBqQXOY.exe

C:\Windows\System\wBqQXOY.exe

C:\Windows\System\vsUXaoI.exe

C:\Windows\System\vsUXaoI.exe

C:\Windows\System\WjHEple.exe

C:\Windows\System\WjHEple.exe

C:\Windows\System\nnWJBEG.exe

C:\Windows\System\nnWJBEG.exe

C:\Windows\System\JmozYVk.exe

C:\Windows\System\JmozYVk.exe

C:\Windows\System\KRqsxMf.exe

C:\Windows\System\KRqsxMf.exe

C:\Windows\System\LafHmIG.exe

C:\Windows\System\LafHmIG.exe

C:\Windows\System\uYRoJZg.exe

C:\Windows\System\uYRoJZg.exe

C:\Windows\System\cpPwxdS.exe

C:\Windows\System\cpPwxdS.exe

C:\Windows\System\MaOkLoh.exe

C:\Windows\System\MaOkLoh.exe

C:\Windows\System\HmmZvFZ.exe

C:\Windows\System\HmmZvFZ.exe

C:\Windows\System\tNPxfUW.exe

C:\Windows\System\tNPxfUW.exe

C:\Windows\System\fwkGVTG.exe

C:\Windows\System\fwkGVTG.exe

C:\Windows\System\fLQcWuA.exe

C:\Windows\System\fLQcWuA.exe

C:\Windows\System\kWGQHMf.exe

C:\Windows\System\kWGQHMf.exe

C:\Windows\System\oZoWyAm.exe

C:\Windows\System\oZoWyAm.exe

C:\Windows\System\xSvVirz.exe

C:\Windows\System\xSvVirz.exe

C:\Windows\System\HMfnPYc.exe

C:\Windows\System\HMfnPYc.exe

C:\Windows\System\DOFlwRz.exe

C:\Windows\System\DOFlwRz.exe

C:\Windows\System\xGEEiMn.exe

C:\Windows\System\xGEEiMn.exe

C:\Windows\System\jwNNqQd.exe

C:\Windows\System\jwNNqQd.exe

C:\Windows\System\lRIGMoB.exe

C:\Windows\System\lRIGMoB.exe

C:\Windows\System\fqhtdEH.exe

C:\Windows\System\fqhtdEH.exe

C:\Windows\System\WBOXQax.exe

C:\Windows\System\WBOXQax.exe

C:\Windows\System\DRyHCvz.exe

C:\Windows\System\DRyHCvz.exe

C:\Windows\System\JHmDoCy.exe

C:\Windows\System\JHmDoCy.exe

C:\Windows\System\pjtEnUQ.exe

C:\Windows\System\pjtEnUQ.exe

C:\Windows\System\ojBUjol.exe

C:\Windows\System\ojBUjol.exe

C:\Windows\System\HaWKvZC.exe

C:\Windows\System\HaWKvZC.exe

C:\Windows\System\xuySSOV.exe

C:\Windows\System\xuySSOV.exe

C:\Windows\System\DIgZRxI.exe

C:\Windows\System\DIgZRxI.exe

C:\Windows\System\ziLoVKt.exe

C:\Windows\System\ziLoVKt.exe

C:\Windows\System\gmgdiyt.exe

C:\Windows\System\gmgdiyt.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8

C:\Windows\System\cMSsWIS.exe

C:\Windows\System\cMSsWIS.exe

C:\Windows\System\VuWAPPG.exe

C:\Windows\System\VuWAPPG.exe

C:\Windows\System\XFGthCd.exe

C:\Windows\System\XFGthCd.exe

C:\Windows\System\qxHYnad.exe

C:\Windows\System\qxHYnad.exe

C:\Windows\System\PbTtQVH.exe

C:\Windows\System\PbTtQVH.exe

C:\Windows\System\WCUFjeY.exe

C:\Windows\System\WCUFjeY.exe

C:\Windows\System\BOamXno.exe

C:\Windows\System\BOamXno.exe

C:\Windows\System\FpQXFAL.exe

C:\Windows\System\FpQXFAL.exe

C:\Windows\System\zlbrUij.exe

C:\Windows\System\zlbrUij.exe

C:\Windows\System\cvQjcpW.exe

C:\Windows\System\cvQjcpW.exe

C:\Windows\System\jMKkfgM.exe

C:\Windows\System\jMKkfgM.exe

C:\Windows\System\bRpnfdZ.exe

C:\Windows\System\bRpnfdZ.exe

C:\Windows\System\YmkVxux.exe

C:\Windows\System\YmkVxux.exe

C:\Windows\System\ajriMLR.exe

C:\Windows\System\ajriMLR.exe

C:\Windows\System\AbckWRI.exe

C:\Windows\System\AbckWRI.exe

C:\Windows\System\IalymMM.exe

C:\Windows\System\IalymMM.exe

C:\Windows\System\EunzgQN.exe

C:\Windows\System\EunzgQN.exe

C:\Windows\System\fFTLiUt.exe

C:\Windows\System\fFTLiUt.exe

C:\Windows\System\Qulcwpf.exe

C:\Windows\System\Qulcwpf.exe

C:\Windows\System\lXwPpeq.exe

C:\Windows\System\lXwPpeq.exe

C:\Windows\System\QEbGuEH.exe

C:\Windows\System\QEbGuEH.exe

C:\Windows\System\Hhyeicx.exe

C:\Windows\System\Hhyeicx.exe

C:\Windows\System\JVSzduQ.exe

C:\Windows\System\JVSzduQ.exe

C:\Windows\System\xCUmuhu.exe

C:\Windows\System\xCUmuhu.exe

C:\Windows\System\RuWDsSr.exe

C:\Windows\System\RuWDsSr.exe

C:\Windows\System\omGSBrb.exe

C:\Windows\System\omGSBrb.exe

C:\Windows\System\NhvcscY.exe

C:\Windows\System\NhvcscY.exe

C:\Windows\System\ssegUxJ.exe

C:\Windows\System\ssegUxJ.exe

C:\Windows\System\qSCTwID.exe

C:\Windows\System\qSCTwID.exe

C:\Windows\System\JycTcZp.exe

C:\Windows\System\JycTcZp.exe

C:\Windows\System\yyczJht.exe

C:\Windows\System\yyczJht.exe

C:\Windows\System\tQReDuN.exe

C:\Windows\System\tQReDuN.exe

C:\Windows\System\dAdPJBS.exe

C:\Windows\System\dAdPJBS.exe

C:\Windows\System\QQiFiXD.exe

C:\Windows\System\QQiFiXD.exe

C:\Windows\System\cNGLZBT.exe

C:\Windows\System\cNGLZBT.exe

C:\Windows\System\xqqmAIG.exe

C:\Windows\System\xqqmAIG.exe

C:\Windows\System\sjIKWMN.exe

C:\Windows\System\sjIKWMN.exe

C:\Windows\System\ErPoBML.exe

C:\Windows\System\ErPoBML.exe

C:\Windows\System\beGPvdF.exe

C:\Windows\System\beGPvdF.exe

C:\Windows\System\OMGFHdG.exe

C:\Windows\System\OMGFHdG.exe

C:\Windows\System\cZjNSpj.exe

C:\Windows\System\cZjNSpj.exe

C:\Windows\System\qIldDES.exe

C:\Windows\System\qIldDES.exe

C:\Windows\System\OnSkEXe.exe

C:\Windows\System\OnSkEXe.exe

C:\Windows\System\kLrWxuW.exe

C:\Windows\System\kLrWxuW.exe

C:\Windows\System\dJFmRoN.exe

C:\Windows\System\dJFmRoN.exe

C:\Windows\System\JmGTOZd.exe

C:\Windows\System\JmGTOZd.exe

C:\Windows\System\VDVTKgP.exe

C:\Windows\System\VDVTKgP.exe

C:\Windows\System\GFgaWyB.exe

C:\Windows\System\GFgaWyB.exe

C:\Windows\System\pDOJLWd.exe

C:\Windows\System\pDOJLWd.exe

C:\Windows\System\WpQiWCe.exe

C:\Windows\System\WpQiWCe.exe

C:\Windows\System\bFQrzBA.exe

C:\Windows\System\bFQrzBA.exe

C:\Windows\System\bKEbrDV.exe

C:\Windows\System\bKEbrDV.exe

C:\Windows\System\oyQnizB.exe

C:\Windows\System\oyQnizB.exe

C:\Windows\System\lMGMShO.exe

C:\Windows\System\lMGMShO.exe

C:\Windows\System\vgznqcT.exe

C:\Windows\System\vgznqcT.exe

C:\Windows\System\wCBPUwI.exe

C:\Windows\System\wCBPUwI.exe

C:\Windows\System\LJanyJM.exe

C:\Windows\System\LJanyJM.exe

C:\Windows\System\ebEOaHU.exe

C:\Windows\System\ebEOaHU.exe

C:\Windows\System\tRFitJI.exe

C:\Windows\System\tRFitJI.exe

C:\Windows\System\cCafIMw.exe

C:\Windows\System\cCafIMw.exe

C:\Windows\System\FMJJYyg.exe

C:\Windows\System\FMJJYyg.exe

C:\Windows\System\qwLuSnS.exe

C:\Windows\System\qwLuSnS.exe

C:\Windows\System\bcgxchX.exe

C:\Windows\System\bcgxchX.exe

C:\Windows\System\EmMAlNU.exe

C:\Windows\System\EmMAlNU.exe

C:\Windows\System\VKlLQtE.exe

C:\Windows\System\VKlLQtE.exe

C:\Windows\System\bngMhdt.exe

C:\Windows\System\bngMhdt.exe

C:\Windows\System\AeqvmIO.exe

C:\Windows\System\AeqvmIO.exe

C:\Windows\System\FHfmITm.exe

C:\Windows\System\FHfmITm.exe

C:\Windows\System\MpuBAPX.exe

C:\Windows\System\MpuBAPX.exe

C:\Windows\System\iRCIUlQ.exe

C:\Windows\System\iRCIUlQ.exe

C:\Windows\System\LMDiPPZ.exe

C:\Windows\System\LMDiPPZ.exe

C:\Windows\System\TidXVYb.exe

C:\Windows\System\TidXVYb.exe

C:\Windows\System\dggJKli.exe

C:\Windows\System\dggJKli.exe

C:\Windows\System\CuFFQuc.exe

C:\Windows\System\CuFFQuc.exe

C:\Windows\System\SDGhslf.exe

C:\Windows\System\SDGhslf.exe

C:\Windows\System\CwQwFVS.exe

C:\Windows\System\CwQwFVS.exe

C:\Windows\System\mPLLqzu.exe

C:\Windows\System\mPLLqzu.exe

C:\Windows\System\tsLBAFI.exe

C:\Windows\System\tsLBAFI.exe

C:\Windows\System\hnPfGYw.exe

C:\Windows\System\hnPfGYw.exe

C:\Windows\System\ouCJKck.exe

C:\Windows\System\ouCJKck.exe

C:\Windows\System\hqYrYJA.exe

C:\Windows\System\hqYrYJA.exe

C:\Windows\System\PecfdVD.exe

C:\Windows\System\PecfdVD.exe

C:\Windows\System\jzLbfGT.exe

C:\Windows\System\jzLbfGT.exe

C:\Windows\System\RXCrGcm.exe

C:\Windows\System\RXCrGcm.exe

C:\Windows\System\hurRDgV.exe

C:\Windows\System\hurRDgV.exe

C:\Windows\System\geZUrED.exe

C:\Windows\System\geZUrED.exe

C:\Windows\System\LEwQSCv.exe

C:\Windows\System\LEwQSCv.exe

C:\Windows\System\yeFiJTa.exe

C:\Windows\System\yeFiJTa.exe

C:\Windows\System\QgabECl.exe

C:\Windows\System\QgabECl.exe

C:\Windows\System\LOONXgB.exe

C:\Windows\System\LOONXgB.exe

C:\Windows\System\UsEoKfA.exe

C:\Windows\System\UsEoKfA.exe

C:\Windows\System\rMGTPNf.exe

C:\Windows\System\rMGTPNf.exe

C:\Windows\System\KsQGuhC.exe

C:\Windows\System\KsQGuhC.exe

C:\Windows\System\dNzaewT.exe

C:\Windows\System\dNzaewT.exe

C:\Windows\System\xhvbpzZ.exe

C:\Windows\System\xhvbpzZ.exe

C:\Windows\System\nuGftSR.exe

C:\Windows\System\nuGftSR.exe

C:\Windows\System\lFCUQIm.exe

C:\Windows\System\lFCUQIm.exe

C:\Windows\System\TkAMxNK.exe

C:\Windows\System\TkAMxNK.exe

C:\Windows\System\eZpVDTp.exe

C:\Windows\System\eZpVDTp.exe

C:\Windows\System\jynCdQa.exe

C:\Windows\System\jynCdQa.exe

C:\Windows\System\LqImKAf.exe

C:\Windows\System\LqImKAf.exe

C:\Windows\System\YDeuWae.exe

C:\Windows\System\YDeuWae.exe

C:\Windows\System\jImntav.exe

C:\Windows\System\jImntav.exe

C:\Windows\System\Awphoii.exe

C:\Windows\System\Awphoii.exe

C:\Windows\System\nBUXXdD.exe

C:\Windows\System\nBUXXdD.exe

C:\Windows\System\mUXVuXq.exe

C:\Windows\System\mUXVuXq.exe

C:\Windows\System\rgfqJXK.exe

C:\Windows\System\rgfqJXK.exe

C:\Windows\System\wvfoqrZ.exe

C:\Windows\System\wvfoqrZ.exe

C:\Windows\System\IJDwURJ.exe

C:\Windows\System\IJDwURJ.exe

C:\Windows\System\RvOeAtp.exe

C:\Windows\System\RvOeAtp.exe

C:\Windows\System\AAqpjPf.exe

C:\Windows\System\AAqpjPf.exe

C:\Windows\System\hWGjhkc.exe

C:\Windows\System\hWGjhkc.exe

C:\Windows\System\SllhryT.exe

C:\Windows\System\SllhryT.exe

C:\Windows\System\iRfOXHZ.exe

C:\Windows\System\iRfOXHZ.exe

C:\Windows\System\KBgGnlU.exe

C:\Windows\System\KBgGnlU.exe

C:\Windows\System\qxXhKsA.exe

C:\Windows\System\qxXhKsA.exe

C:\Windows\System\DZlgKlV.exe

C:\Windows\System\DZlgKlV.exe

C:\Windows\System\JnzgzMI.exe

C:\Windows\System\JnzgzMI.exe

C:\Windows\System\CbEZYBD.exe

C:\Windows\System\CbEZYBD.exe

C:\Windows\System\yJhaBGV.exe

C:\Windows\System\yJhaBGV.exe

C:\Windows\System\QrlsheD.exe

C:\Windows\System\QrlsheD.exe

C:\Windows\System\IwNbYPg.exe

C:\Windows\System\IwNbYPg.exe

C:\Windows\System\iRIAKry.exe

C:\Windows\System\iRIAKry.exe

C:\Windows\System\ormWtwT.exe

C:\Windows\System\ormWtwT.exe

C:\Windows\System\ZtacLsk.exe

C:\Windows\System\ZtacLsk.exe

C:\Windows\System\bjmtrUV.exe

C:\Windows\System\bjmtrUV.exe

C:\Windows\System\xqNsMif.exe

C:\Windows\System\xqNsMif.exe

C:\Windows\System\AtizfTy.exe

C:\Windows\System\AtizfTy.exe

C:\Windows\System\YwEewIW.exe

C:\Windows\System\YwEewIW.exe

C:\Windows\System\mmdDqjh.exe

C:\Windows\System\mmdDqjh.exe

C:\Windows\System\mZjAiqg.exe

C:\Windows\System\mZjAiqg.exe

C:\Windows\System\DFWFlXF.exe

C:\Windows\System\DFWFlXF.exe

C:\Windows\System\lmfHEez.exe

C:\Windows\System\lmfHEez.exe

C:\Windows\System\VfjcQHd.exe

C:\Windows\System\VfjcQHd.exe

C:\Windows\System\bCrnsFw.exe

C:\Windows\System\bCrnsFw.exe

C:\Windows\System\xGbnfxa.exe

C:\Windows\System\xGbnfxa.exe

C:\Windows\System\CPdDEpH.exe

C:\Windows\System\CPdDEpH.exe

C:\Windows\System\ADnueLa.exe

C:\Windows\System\ADnueLa.exe

C:\Windows\System\aZnBbvN.exe

C:\Windows\System\aZnBbvN.exe

C:\Windows\System\DjvuknZ.exe

C:\Windows\System\DjvuknZ.exe

C:\Windows\System\dCoAaaG.exe

C:\Windows\System\dCoAaaG.exe

C:\Windows\System\OoLyRdw.exe

C:\Windows\System\OoLyRdw.exe

C:\Windows\System\wrpoHpC.exe

C:\Windows\System\wrpoHpC.exe

C:\Windows\System\MExocZE.exe

C:\Windows\System\MExocZE.exe

C:\Windows\System\JntdYNG.exe

C:\Windows\System\JntdYNG.exe

C:\Windows\System\fiOfHWa.exe

C:\Windows\System\fiOfHWa.exe

C:\Windows\System\qzzQwXI.exe

C:\Windows\System\qzzQwXI.exe

C:\Windows\System\TbmEFsD.exe

C:\Windows\System\TbmEFsD.exe

C:\Windows\System\yuWrDVn.exe

C:\Windows\System\yuWrDVn.exe

C:\Windows\System\MfQClBb.exe

C:\Windows\System\MfQClBb.exe

C:\Windows\System\bndGasb.exe

C:\Windows\System\bndGasb.exe

C:\Windows\System\nxUsbdL.exe

C:\Windows\System\nxUsbdL.exe

C:\Windows\System\WGxtlAV.exe

C:\Windows\System\WGxtlAV.exe

C:\Windows\System\sJcMkmb.exe

C:\Windows\System\sJcMkmb.exe

C:\Windows\System\gZTPmnI.exe

C:\Windows\System\gZTPmnI.exe

C:\Windows\System\ghaamiY.exe

C:\Windows\System\ghaamiY.exe

C:\Windows\System\iXjPHqh.exe

C:\Windows\System\iXjPHqh.exe

C:\Windows\System\shOpaKn.exe

C:\Windows\System\shOpaKn.exe

C:\Windows\System\vNyQJzk.exe

C:\Windows\System\vNyQJzk.exe

C:\Windows\System\epgPOXp.exe

C:\Windows\System\epgPOXp.exe

C:\Windows\System\vZrivac.exe

C:\Windows\System\vZrivac.exe

C:\Windows\System\CLXzPzS.exe

C:\Windows\System\CLXzPzS.exe

C:\Windows\System\UbFRwZK.exe

C:\Windows\System\UbFRwZK.exe

C:\Windows\System\ADTPvPz.exe

C:\Windows\System\ADTPvPz.exe

C:\Windows\System\bESChgk.exe

C:\Windows\System\bESChgk.exe

C:\Windows\System\qUVgLTS.exe

C:\Windows\System\qUVgLTS.exe

C:\Windows\System\hOmsoxX.exe

C:\Windows\System\hOmsoxX.exe

C:\Windows\System\njjwsKJ.exe

C:\Windows\System\njjwsKJ.exe

C:\Windows\System\NggCrXp.exe

C:\Windows\System\NggCrXp.exe

C:\Windows\System\Heqwbah.exe

C:\Windows\System\Heqwbah.exe

C:\Windows\System\VqOQcWG.exe

C:\Windows\System\VqOQcWG.exe

C:\Windows\System\vuamXzB.exe

C:\Windows\System\vuamXzB.exe

C:\Windows\System\PjvYAEV.exe

C:\Windows\System\PjvYAEV.exe

C:\Windows\System\PwWrAGG.exe

C:\Windows\System\PwWrAGG.exe

C:\Windows\System\OymkcbI.exe

C:\Windows\System\OymkcbI.exe

C:\Windows\System\rVmrPKW.exe

C:\Windows\System\rVmrPKW.exe

C:\Windows\System\tswpMIX.exe

C:\Windows\System\tswpMIX.exe

C:\Windows\System\OcZeDEP.exe

C:\Windows\System\OcZeDEP.exe

C:\Windows\System\FMrLeSo.exe

C:\Windows\System\FMrLeSo.exe

C:\Windows\System\kLelIkI.exe

C:\Windows\System\kLelIkI.exe

C:\Windows\System\LDwvePY.exe

C:\Windows\System\LDwvePY.exe

C:\Windows\System\cGoVOpK.exe

C:\Windows\System\cGoVOpK.exe

C:\Windows\System\DjxvYYw.exe

C:\Windows\System\DjxvYYw.exe

C:\Windows\System\sGXIQUZ.exe

C:\Windows\System\sGXIQUZ.exe

C:\Windows\System\DVhfYhk.exe

C:\Windows\System\DVhfYhk.exe

C:\Windows\System\HgToESL.exe

C:\Windows\System\HgToESL.exe

C:\Windows\System\YszhKEs.exe

C:\Windows\System\YszhKEs.exe

C:\Windows\System\OzuqSvZ.exe

C:\Windows\System\OzuqSvZ.exe

C:\Windows\System\xLAluFf.exe

C:\Windows\System\xLAluFf.exe

C:\Windows\System\DblhwnW.exe

C:\Windows\System\DblhwnW.exe

C:\Windows\System\GYWvIdU.exe

C:\Windows\System\GYWvIdU.exe

C:\Windows\System\VyNAjxY.exe

C:\Windows\System\VyNAjxY.exe

C:\Windows\System\WLrbXgz.exe

C:\Windows\System\WLrbXgz.exe

C:\Windows\System\CPilNpM.exe

C:\Windows\System\CPilNpM.exe

C:\Windows\System\EWukMcw.exe

C:\Windows\System\EWukMcw.exe

C:\Windows\System\fvEJXFt.exe

C:\Windows\System\fvEJXFt.exe

C:\Windows\System\TUFEKAi.exe

C:\Windows\System\TUFEKAi.exe

C:\Windows\System\iKjKGqE.exe

C:\Windows\System\iKjKGqE.exe

C:\Windows\System\nNuYZKV.exe

C:\Windows\System\nNuYZKV.exe

C:\Windows\System\RwIqsWJ.exe

C:\Windows\System\RwIqsWJ.exe

C:\Windows\System\lntHwsh.exe

C:\Windows\System\lntHwsh.exe

C:\Windows\System\bKnSHZL.exe

C:\Windows\System\bKnSHZL.exe

C:\Windows\System\ORWjqoi.exe

C:\Windows\System\ORWjqoi.exe

C:\Windows\System\PzSNsDa.exe

C:\Windows\System\PzSNsDa.exe

C:\Windows\System\hnLMQYi.exe

C:\Windows\System\hnLMQYi.exe

C:\Windows\System\JFzXDnm.exe

C:\Windows\System\JFzXDnm.exe

C:\Windows\System\pnwNphm.exe

C:\Windows\System\pnwNphm.exe

C:\Windows\System\GVOpNZY.exe

C:\Windows\System\GVOpNZY.exe

C:\Windows\System\wcyZZuw.exe

C:\Windows\System\wcyZZuw.exe

C:\Windows\System\nAqGQLQ.exe

C:\Windows\System\nAqGQLQ.exe

C:\Windows\System\VdERcoP.exe

C:\Windows\System\VdERcoP.exe

C:\Windows\System\YIzewOm.exe

C:\Windows\System\YIzewOm.exe

C:\Windows\System\gIBQato.exe

C:\Windows\System\gIBQato.exe

C:\Windows\System\KILucNF.exe

C:\Windows\System\KILucNF.exe

C:\Windows\System\aqFRosK.exe

C:\Windows\System\aqFRosK.exe

C:\Windows\System\iBBOQDX.exe

C:\Windows\System\iBBOQDX.exe

C:\Windows\System\DtYQuIr.exe

C:\Windows\System\DtYQuIr.exe

C:\Windows\System\NWnCPvA.exe

C:\Windows\System\NWnCPvA.exe

C:\Windows\System\ElcKhnM.exe

C:\Windows\System\ElcKhnM.exe

C:\Windows\System\vFGKuCG.exe

C:\Windows\System\vFGKuCG.exe

C:\Windows\System\rZcYPzo.exe

C:\Windows\System\rZcYPzo.exe

C:\Windows\System\JRYqCux.exe

C:\Windows\System\JRYqCux.exe

C:\Windows\System\LRUNilM.exe

C:\Windows\System\LRUNilM.exe

C:\Windows\System\JzoaODZ.exe

C:\Windows\System\JzoaODZ.exe

C:\Windows\System\ASreQOv.exe

C:\Windows\System\ASreQOv.exe

C:\Windows\System\eTPsPxB.exe

C:\Windows\System\eTPsPxB.exe

C:\Windows\System\STqlDKD.exe

C:\Windows\System\STqlDKD.exe

C:\Windows\System\ArkZVMO.exe

C:\Windows\System\ArkZVMO.exe

C:\Windows\System\bQdlutp.exe

C:\Windows\System\bQdlutp.exe

C:\Windows\System\jpLAhVU.exe

C:\Windows\System\jpLAhVU.exe

C:\Windows\System\iNBTUPR.exe

C:\Windows\System\iNBTUPR.exe

C:\Windows\System\XoSHSzE.exe

C:\Windows\System\XoSHSzE.exe

C:\Windows\System\tncbluw.exe

C:\Windows\System\tncbluw.exe

C:\Windows\System\ETyxcKw.exe

C:\Windows\System\ETyxcKw.exe

C:\Windows\System\QvicdGW.exe

C:\Windows\System\QvicdGW.exe

C:\Windows\System\MewqaYq.exe

C:\Windows\System\MewqaYq.exe

C:\Windows\System\nfpUUOZ.exe

C:\Windows\System\nfpUUOZ.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1844-0-0x00007FF7BAE80000-0x00007FF7BB1D4000-memory.dmp

memory/1844-1-0x000001E025D00000-0x000001E025D10000-memory.dmp

C:\Windows\System\mXYkntY.exe

MD5 b8c3f21e0b9f55e78fb39c87ec2292e6
SHA1 d81161e28e0fafb730af50316700319dfd36b850
SHA256 f9c913cac4fa63ff994cfc5c7c558caf1e99c08914e3d7805e304d8178cc4886
SHA512 f646682e1deb61db231f0f34f63bd8c60a1c393dfc9bafcf76b38282e419823f7e17b3725e064ba31f7685cb2e6a3780e2a2538b5d52a134f13ce32c022732c0

memory/4060-8-0x00007FF7713E0000-0x00007FF771734000-memory.dmp

C:\Windows\System\BAGiHth.exe

MD5 abbed5e696248f40abdbbf63300ff7db
SHA1 155f8e78cc18fb31843f47bbf22f878ab1a06224
SHA256 d972eec2cac7a1a0787cfb86ce3516d8954ecd36885681c3be2d93f291781dee
SHA512 76146b607ab6d84e49fe1fdb3496757b7bed8e7e4c1979bf327d7125d0eb4aedbe4d44439042cd786b0a48e80f2cbaefda2f810f040e5ee5165ae0961d13b971

C:\Windows\System\qaxLOBG.exe

MD5 a3e38a5ec3d84080379fb1fe90fc6504
SHA1 a3d950a8fce41795eb91d2082b327661426befa9
SHA256 5a448dfd9582ca1c7e66c121e20810dcf4e82376c4860c12e71d0a49802974bd
SHA512 90dd6d52bdc8cdf715476b0f18ad1c12232a0c7410a42c24d5bda4e67bace9d4add3fef45e51ed9336812eb347fd167ed27283a90b12748f6e7f9245ad24bcd1

C:\Windows\System\bHCvgKM.exe

MD5 033b79d1f3fb546eaaeefab05e85bdb7
SHA1 b2b23ad0eb065815e3d47b813b7a0d0dae58312b
SHA256 5e44713fca2f19e8ec10785de77f8501b4bfca35cfba830e9dda4c7ad116fc56
SHA512 678fcfba6aa6c962ac70bed353f5c165ae77d6a4036c845f3e9aaf770467fea5749b553c9b9f4881893513eca1c9e462bf6566b51764185142c93d7d098592ab

C:\Windows\System\uIBEvdW.exe

MD5 7acdff00979ebc2e60648f9939330d7e
SHA1 4caf2a5faf845b4bd7cf00d3c8152771d7b70cf0
SHA256 127a47232e1121106514b182f915c280ff4f19696c34c331a241b582ccebef96
SHA512 fdfe6ca76863b5dff67dff001140af357cc31438e352e6a5779604aaab9850bc038f9eaae250433391100e088af39e8608fca75b1aa69869af7b1a1c9236bb42

memory/4812-96-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp

C:\Windows\System\YawEvdc.exe

MD5 3d2f2f4b96931c294b9b1d02df3f07ea
SHA1 942a8038af8850205931b92c0487ff27a942ba47
SHA256 693e937500db9e2fc74fa29e0c6398de759f0cf66a9c2338691d71060f2d2a43
SHA512 51dd157808a7b77d0f3ef6a16868a4c8b4721a6b5e2229f3b4e3cd6ae77e152729a1adb71299a9c41a8cb94c19421a3f80b8bfa93f2f4e219a5d7b6d3156bbf1

memory/4176-113-0x00007FF796940000-0x00007FF796C94000-memory.dmp

memory/1852-117-0x00007FF79D750000-0x00007FF79DAA4000-memory.dmp

memory/3076-121-0x00007FF7D01A0000-0x00007FF7D04F4000-memory.dmp

memory/2612-122-0x00007FF7EF6D0000-0x00007FF7EFA24000-memory.dmp

memory/4880-120-0x00007FF629480000-0x00007FF6297D4000-memory.dmp

memory/2364-119-0x00007FF615080000-0x00007FF6153D4000-memory.dmp

memory/3724-118-0x00007FF647800000-0x00007FF647B54000-memory.dmp

memory/2052-116-0x00007FF66DB80000-0x00007FF66DED4000-memory.dmp

memory/2692-115-0x00007FF6A09D0000-0x00007FF6A0D24000-memory.dmp

memory/1264-114-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp

memory/4560-112-0x00007FF773420000-0x00007FF773774000-memory.dmp

memory/2128-111-0x00007FF7CD370000-0x00007FF7CD6C4000-memory.dmp

C:\Windows\System\dSNBoJV.exe

MD5 acd2273e33d6d70ba1abb9b77f953aec
SHA1 704a19b7bcf779149ba768769acf1fa50a249c82
SHA256 f600f8d8c3eeb576e0f3c7546759eb731e73ed58a4fdd7e46e0e72cdb79a4cb5
SHA512 a8a425c3e49cea42127668701a7d4530d9203cf0e7ee8dee0d389ba5b5fd4c94d3b5ce3678f2240db9072027ceb4c992dfed81b06bf83f8773f36acb16eedb12

memory/2352-106-0x00007FF72F0E0000-0x00007FF72F434000-memory.dmp

memory/2804-105-0x00007FF6AE220000-0x00007FF6AE574000-memory.dmp

C:\Windows\System\QcesnbL.exe

MD5 69fbee6da279f119b3f8da04f133d36f
SHA1 d9ff1d27b23c47b406639fb6de996a7524d3eabf
SHA256 a4723bc5180fb53eb5167583abe6f8dc889f7419a188daf7d460e8b0984eacb7
SHA512 be43ff686c20c86e311dcd7f8ee2af35a5ac11cb93ef0e173f47059cfc39e62186e49786935d0f4b2c0ba99df1eec76a99dbc308141f25611786cb0a46f18ad8

C:\Windows\System\AmvNrhL.exe

MD5 fc3f9b88c90905002c6275fcc5394040
SHA1 47152cfdee6adae4f8e6d61d8b9165fc98daa0a9
SHA256 46d43451e60aec742e1be47a9af8e054cb4eb787ddbd5cf77337ed04f7df41cf
SHA512 9c1b7770d48d878734153f58def2aa5a0e61d5d89cb87b4d49f2ab30b4d2f7f6e77a1bb48a4c6c02331917f5e03e12ccf42919a1910d10ae90a5e3c8e7ce29dc

C:\Windows\System\DOBPbpq.exe

MD5 1ecdccf0737cae1b374fe8d0837e2f52
SHA1 eb499283a2786a53e325ffdc05e66cd5fc663b41
SHA256 a4402924e688579f0c82f19746a0e7468e7e7b7cb87e147c190d117f3508f586
SHA512 2fe57a19959524551f2cf68bfed57a9196770ce057f13c98ade021fa337fe3e699d463a813ddad787ec4d5589a1fcbb291b4a66e43f05671f90976bcd3db7c95

C:\Windows\System\ovrDQep.exe

MD5 bf493b58b830ea09dd839d4b65865b76
SHA1 09afd0ed2ef996bf387cea3a3c59eee9c52b6d2a
SHA256 70b9d9bf0dab8ef682a9de09a8d46971759cccc6d7d839a294096c05c08df189
SHA512 ec08bf3bdf02038ce79c48306310c8c935ed94a79dd82a5e068f9d6b4cceaf2b54e38826994ebea868fbd3d74112628cf034aab393892be01c58257991cf53b2

memory/4256-90-0x00007FF626480000-0x00007FF6267D4000-memory.dmp

C:\Windows\System\YhsiIto.exe

MD5 f3f3f6a68f0cf763d8813d333eab920e
SHA1 9d58671e68e6224619ebb4313130233dd7de008d
SHA256 e81ea793503f6623e83ac7a43491f36de0736d7b2006f14233e4f6679c318e64
SHA512 7290e94b4e5ab02371a967a2baf3b2e16bb7570c4ff1e212a71db564795e22e5e8159589f47b1c0014e038c5f1949c108a6d92e153c99454a29ae2d8465edae9

C:\Windows\System\cyfgrkO.exe

MD5 1f713009581c6a34f34954f8797800a3
SHA1 336116deff38dd90d98431d46cf756bdbd508623
SHA256 09b1dc1e7be00d1e14392f87834167a3092a63a47ef08f9bb9575fa4c560bab2
SHA512 829a7618c7f5398c85d4e468c7547ae768d6204bdfefab2a28f042922303ee610ee09d673533061cd1f84b6a491e7a043febd1b1a45e7de4e3648b2334aa1198

C:\Windows\System\omvqoEh.exe

MD5 d76a065894b0daa5c3a5f851ab511bc0
SHA1 4949e7620779e86b2b3d59d206c00a2887b642c9
SHA256 e329a52539b2104c557715fde56aec09df28b7dea15ca3f164377920656ee754
SHA512 f22a12df0bf5f418866ff6273173e6e04959addf1004a83dea2b6940379789117ee1a270884c78d8b51bd7f63d60883585f18aef21088202a3ced03a8090b750

memory/4072-75-0x00007FF7896E0000-0x00007FF789A34000-memory.dmp

C:\Windows\System\KTyXeGh.exe

MD5 74228e4c96409c4dee8d76bc230a01a0
SHA1 c6fb7bb36098179b49660a8ed90fba3ed6f62de6
SHA256 c9f81b91d9b4ff5b6ad2fd36c56fe27bf1fb55446c9773a3f8b920d96e847c77
SHA512 3abd709e983beb2367b31fe95bd1d808599e98f7e447b6f9051ab527a65d02f75a756d2d780f62d9cf4ad64452a1fd33bf03da3709fe884b9dc3cdb53cc17274

C:\Windows\System\xGNVlji.exe

MD5 d8d2b3e00464f114646b73cfaea8ae2e
SHA1 451def383b75d5eb9b776015e449e8283f500990
SHA256 f510613acb65a3c5133e1f7e1f1d3a7bdaac808b5d905d78025aced676c27bc3
SHA512 c533a049bf0099e72cce28d0219c5ef7c01de66717aa6d25a83562e0bafa03f6610fdd2edc01cc44117905d097fde6777928bbfce86349068c2442151a07d7f3

C:\Windows\System\VLpZVEz.exe

MD5 d6f6eeee2de8833669142d6f8600fc11
SHA1 e6d187c9113a60eeefcc7318a2b94c4022692d12
SHA256 2085bea8bf8c9928b4143926d75ac4a354dabc103d23fa59f9b64a220e6dc10d
SHA512 20461e61575a42c098a37a69d85f50baf73d59260c76dabcb1ca09398ac909ae462c3aad6072b46d631666ca42af88c35b084d4541fdd05d7b7638ad965b8c92

C:\Windows\System\NyJbMts.exe

MD5 99c9bbdd05a8b48866631a721d57d019
SHA1 5594d42f8971de52b3985fb6f22e03952117c649
SHA256 d8245199e91ad14f47124d126ae5de1091ee98557c57f8835354828aa966d047
SHA512 6a6f9dea9037bd041baa7f3ba745bd3fa5f9f6431ce7cd945f4255ed2e4a0c9be98d65038e96beda4141a325e914e26f079b04447cc5490aff3d5ee4236e1f6e

memory/744-46-0x00007FF797860000-0x00007FF797BB4000-memory.dmp

memory/1420-24-0x00007FF791DC0000-0x00007FF792114000-memory.dmp

C:\Windows\System\gJcKJHr.exe

MD5 bf11364af762763ffa8ed9f7af8da213
SHA1 247d284207fa74fd99a7df76f35b7955121d8f58
SHA256 17eceb3f38782d3a6bacfc97cae7da75fa0e9fae7d2727ebaaccefd74d47c626
SHA512 53cc3b8d892286f8775d99749e1f4da713153974ae0d89c4ae939c5e30f8a4dd99113d92e156ce223a3ecf1fac0f3a997927c9b1be97d7da7a16f5352dcf3c46

C:\Windows\System\RyIvmKB.exe

MD5 21c1b194cdd0fc72f1d7ad3050ac5876
SHA1 5124957d14ad7043a9ed8648cd1934a3f6eb8f87
SHA256 775260f07cb5299787c60f422756ef3ad2517cd7758ec3dfffb14c94061a8c84
SHA512 4c21b2646254528095772c37588ebf82c6572693ddcdd600089ffa06419444fa5cc5353ee7e875c8af9f98ebc3eaebd34b3284f96b06a11b7fbec92e210af9c1

C:\Windows\System\fpwScJQ.exe

MD5 271d2020d3624efcbb818e7d886d791e
SHA1 934f2e072839691c68f467cdbee1b128f6f4d23d
SHA256 9d4acea6a261b72d07bd728fe5edf279c1e64fb251b05438fd9991f87507f5d8
SHA512 d75871e57debc0ffc724004cf6cd68e1d2174fdf94b8398ebc56695988ccfbec8744778ab01d17c4c34693a75d43636ef4b9f7f1e55b67d9d55078352cf133d4

C:\Windows\System\aBijYmH.exe

MD5 21cdc98e022e4dc59b6658f8036a0911
SHA1 b97c321b8b0bae065533f473c5d9cd9b006ff4a3
SHA256 44382abe6c83975f096e0b0e60104c821b89be563a88fae9fe66b18f2c226c4c
SHA512 5aee5d6f9e5c24e2a12babe42d10859e63dba4860d1a398c3cf000254a72432050e33819f9ea8f8ae0f58c80f448fc7287292e753aa5d93089a62213a1523446

C:\Windows\System\krlksaN.exe

MD5 cc784cd08b0c7ddc92e349be6bed056a
SHA1 6626427a027d5451acd8ac6b2789d51432d5f07c
SHA256 124ee3f8c0f92270d84bcce809ea21376c948041c9eb61e81397529957147b65
SHA512 174b91e189c0275e995af23f11d638b023f74298693f279483ee97ede9be88d330215bb94d91733e3ada1ece84bd8100e6b13a02c017245f214c219a9c09aa55

C:\Windows\System\LquRirP.exe

MD5 46d6548e92f9d903b8bc6cb6d3a2b0c5
SHA1 7b1df79cc3baf81b664dc6431fff554c8221d2d1
SHA256 a9177c996f2cb34f68ffad4b8e51021dfb49d0af065ebed6bdac6600f2835fa2
SHA512 c0d64a0aba956a542333113abb3765049b717561449283ba6951cfb091bb999f7bdeb3bf0f7da591bc9c4f92ab8c1ebab42c7b4331e0c55413049d9960a9398b

C:\Windows\System\pAaQstg.exe

MD5 e920ba3f8bba9c30335d4e3e2a935c2a
SHA1 35f29f1d8baf681530aedda7021aeb7862c99d98
SHA256 2d396316624d72f698de25d801866baf9787308e54e985667c14a75641d6d3a8
SHA512 d686cd163926a688ed937e15ac3990f238ebebd2b3f4a22cd1408bf7b493fb61744017b655cf52f999c3c0b862b1a655b8f24737a934e9f1f8249657fa9aef00

memory/1408-192-0x00007FF65FCC0000-0x00007FF660014000-memory.dmp

memory/1848-195-0x00007FF73BB90000-0x00007FF73BEE4000-memory.dmp

C:\Windows\System\HGlcUcP.exe

MD5 759afcaf530947703be99fe04d387a32
SHA1 3f17ff814866d3b30ab58763493c17c1445a6b65
SHA256 45564789d2130aeb470b0ffeccc5f19d143598161f89d784d1bbcad14a91940c
SHA512 677d5765627e332595e1f07d3f8216ed57de8d3c03c38ff1791f3928979fe659e8c982bd2df4cb856e030316dec5ed8299080ad0c1fa7952182278c2a686c996

C:\Windows\System\sSizWiu.exe

MD5 a93827d5ace0cf5a3299e1d1d2787ac5
SHA1 5d682f36b07355dd1b2a744ff1aaea3e7089b9e0
SHA256 01872e6804ee6966276967bcad09a56cba509ff3b700289c07b4ffe94b9e4d2f
SHA512 a47af2da0483ed9e556295499c42b8c54e89974bdd635a07216c939c810067516f9a4be8e2a0a1621590e82c1907220d35afcb782008a4833285a5d800a2637e

C:\Windows\System\QzmPMxl.exe

MD5 8dbb40c8b0187c9ec1b2f9d0c5168be3
SHA1 3caa077794b39497903952ea1b49f520abddd195
SHA256 a879300f843a3bafa453b66c7f9abd25c802917db0b1ad9af347e32e02f3d51c
SHA512 a6b5ebe05a56cf44fda4bd17993e5fe96185e698c6163638d2528004c478e777f2f862a95128adabd30215af4f2dcdd3ac35271b856ea42102895e27486e6c3d

C:\Windows\System\DtFtMbf.exe

MD5 931988c7d59931f0c448c6c908933b38
SHA1 9ed2ae1d1975cb81716779771b92ff86b88cb178
SHA256 40131b54e6e4ceb8dc8c8513403a08c0b20e0e2c2f7b250ae1ef9401b91e9e46
SHA512 499e71c421e5de89b9ab6da758a712f902ff25e5eb77a3e3fdb93e6c8f1aab9f9cc2f89d251bbf5b2d5cbbbec0db16a070ab79e30a2c4e47a45f21c17d37824a

memory/5056-183-0x00007FF7CC400000-0x00007FF7CC754000-memory.dmp

memory/3280-181-0x00007FF72DAE0000-0x00007FF72DE34000-memory.dmp

C:\Windows\System\eLAcbnS.exe

MD5 bbc71aa6db81054c395300a30636acef
SHA1 3b8950dd77aae7bb3b6f5fd397c56b772188e55e
SHA256 e7e275e32e91c8d9789f13473af5b2bafde0d73b3532ebb7132ecb99e87988eb
SHA512 9f252d6f3e82f9441f4aa6146cd89913b4e8a929df0b6f9fdd75b3152ae8ff171647fd77e8dcbfa6c3c99300e01d9684163e8fb2528ac6d5c3526af65948021c

C:\Windows\System\euMDvNP.exe

MD5 f743d36603ca43021e1e1028a6cae7cf
SHA1 30730ee032323839016a1b377c839c1af2550707
SHA256 a9da368460697c7ac37a32685d6522250435e7183057da2786bc21a079dacf7c
SHA512 d33832ce342c9b88a4ef53514291f6643a916197814f430ff98d37bcc3d8e7c909c92cd6acd03056b0ce7a97ffb399bf7514c0eb89d45b0b6dd9df1aa3e3e276

memory/4528-161-0x00007FF7678C0000-0x00007FF767C14000-memory.dmp

memory/1384-160-0x00007FF670B70000-0x00007FF670EC4000-memory.dmp

C:\Windows\System\BUeAxYa.exe

MD5 432ffc65982793e02a7d0a5873e31506
SHA1 4b7519a25fd4a22b46c0f58784d275aa6839b197
SHA256 e074d90a0b9587ff5aeed2a277b255ed30f237a4cea04cdcfa0891c6f30b12c0
SHA512 72f893a5235c0487c694f055f5b9a5561dd2030293a85a848b27c8c167f16a793583bbc41186873f6a878d74cae22701ca63844bc3d0f278a1146c8dc8e81637

memory/448-153-0x00007FF78AE20000-0x00007FF78B174000-memory.dmp

C:\Windows\System\HsOwuOV.exe

MD5 e7613d9ab4cddff6f26de92079e9e57e
SHA1 402a8224ac3334db69f1753aebf8590236fe45fb
SHA256 570c098b52909e630b6d87067d131981fe68f02a7d715042550ddd1a92ecc1d5
SHA512 92814798d7cd44f45fea6bd952ddb8c18fcdd96d564fc534d83e5b00251e7b75c150b5f015f5510a0a519cbc70b6c8bd0efc40fe613a0de0d13360644191d7ac

memory/4212-149-0x00007FF7A4020000-0x00007FF7A4374000-memory.dmp

C:\Windows\System\rJFUSUY.exe

MD5 562410039104e6e87d7b3d752816cc7d
SHA1 92cbf96c4e05c732acb1ae00df343a7f6f95fdf9
SHA256 36ecee7e25723388681bc0c3eba629e54f3ba08c11bd7ed7ca7586b1d9bad429
SHA512 555d323674e5a9bcbda39bbc88106faa3dfdb35146a2019caec2e489fca0826af24e77f3bdeab9a27262f4962dd32a59531d28327709104db74e82db754b285d

memory/3908-133-0x00007FF692EA0000-0x00007FF6931F4000-memory.dmp

memory/1844-1070-0x00007FF7BAE80000-0x00007FF7BB1D4000-memory.dmp

memory/4060-1071-0x00007FF7713E0000-0x00007FF771734000-memory.dmp

memory/4256-1072-0x00007FF626480000-0x00007FF6267D4000-memory.dmp

memory/4812-1073-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp

memory/3908-1074-0x00007FF692EA0000-0x00007FF6931F4000-memory.dmp

memory/1384-1075-0x00007FF670B70000-0x00007FF670EC4000-memory.dmp

memory/448-1076-0x00007FF78AE20000-0x00007FF78B174000-memory.dmp

memory/4528-1077-0x00007FF7678C0000-0x00007FF767C14000-memory.dmp

memory/3280-1078-0x00007FF72DAE0000-0x00007FF72DE34000-memory.dmp

memory/5056-1079-0x00007FF7CC400000-0x00007FF7CC754000-memory.dmp

memory/4060-1080-0x00007FF7713E0000-0x00007FF771734000-memory.dmp

memory/1420-1081-0x00007FF791DC0000-0x00007FF792114000-memory.dmp

memory/744-1082-0x00007FF797860000-0x00007FF797BB4000-memory.dmp

memory/1852-1083-0x00007FF79D750000-0x00007FF79DAA4000-memory.dmp

memory/3724-1084-0x00007FF647800000-0x00007FF647B54000-memory.dmp

memory/2364-1090-0x00007FF615080000-0x00007FF6153D4000-memory.dmp

memory/4072-1089-0x00007FF7896E0000-0x00007FF789A34000-memory.dmp

memory/2128-1088-0x00007FF7CD370000-0x00007FF7CD6C4000-memory.dmp

memory/4560-1087-0x00007FF773420000-0x00007FF773774000-memory.dmp

memory/2804-1086-0x00007FF6AE220000-0x00007FF6AE574000-memory.dmp

memory/4256-1085-0x00007FF626480000-0x00007FF6267D4000-memory.dmp

memory/4176-1092-0x00007FF796940000-0x00007FF796C94000-memory.dmp

memory/2612-1091-0x00007FF7EF6D0000-0x00007FF7EFA24000-memory.dmp

memory/2352-1093-0x00007FF72F0E0000-0x00007FF72F434000-memory.dmp

memory/4880-1098-0x00007FF629480000-0x00007FF6297D4000-memory.dmp

memory/2692-1099-0x00007FF6A09D0000-0x00007FF6A0D24000-memory.dmp

memory/1264-1097-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp

memory/3076-1096-0x00007FF7D01A0000-0x00007FF7D04F4000-memory.dmp

memory/2052-1095-0x00007FF66DB80000-0x00007FF66DED4000-memory.dmp

memory/4812-1094-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp

memory/4212-1100-0x00007FF7A4020000-0x00007FF7A4374000-memory.dmp

memory/3908-1101-0x00007FF692EA0000-0x00007FF6931F4000-memory.dmp

memory/1408-1102-0x00007FF65FCC0000-0x00007FF660014000-memory.dmp

memory/3280-1105-0x00007FF72DAE0000-0x00007FF72DE34000-memory.dmp

memory/4528-1107-0x00007FF7678C0000-0x00007FF767C14000-memory.dmp

memory/1848-1106-0x00007FF73BB90000-0x00007FF73BEE4000-memory.dmp

memory/448-1104-0x00007FF78AE20000-0x00007FF78B174000-memory.dmp

memory/1384-1103-0x00007FF670B70000-0x00007FF670EC4000-memory.dmp

memory/5056-1108-0x00007FF7CC400000-0x00007FF7CC754000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 12:00

Reported

2024-06-25 12:03

Platform

win7-20240221-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\caAmsYD.exe N/A
N/A N/A C:\Windows\System\PqbwfIi.exe N/A
N/A N/A C:\Windows\System\IZUtQFP.exe N/A
N/A N/A C:\Windows\System\yBiXzTa.exe N/A
N/A N/A C:\Windows\System\ZSyoJXH.exe N/A
N/A N/A C:\Windows\System\bqKvQEW.exe N/A
N/A N/A C:\Windows\System\gUGaCtO.exe N/A
N/A N/A C:\Windows\System\UEkmJXT.exe N/A
N/A N/A C:\Windows\System\qpMwwvj.exe N/A
N/A N/A C:\Windows\System\VORttgJ.exe N/A
N/A N/A C:\Windows\System\NGfSWPd.exe N/A
N/A N/A C:\Windows\System\FgaGlta.exe N/A
N/A N/A C:\Windows\System\IhyMQuv.exe N/A
N/A N/A C:\Windows\System\HXSPywq.exe N/A
N/A N/A C:\Windows\System\kqpTBlh.exe N/A
N/A N/A C:\Windows\System\cfsCxvq.exe N/A
N/A N/A C:\Windows\System\wycmZJg.exe N/A
N/A N/A C:\Windows\System\IxPFTTm.exe N/A
N/A N/A C:\Windows\System\AvdGHWD.exe N/A
N/A N/A C:\Windows\System\jFPPGUP.exe N/A
N/A N/A C:\Windows\System\wJhJNkS.exe N/A
N/A N/A C:\Windows\System\VsDDfaD.exe N/A
N/A N/A C:\Windows\System\AlgSgbN.exe N/A
N/A N/A C:\Windows\System\YgJiczi.exe N/A
N/A N/A C:\Windows\System\qVSQiYx.exe N/A
N/A N/A C:\Windows\System\TCGJDSK.exe N/A
N/A N/A C:\Windows\System\klBeNuc.exe N/A
N/A N/A C:\Windows\System\fRGhYyP.exe N/A
N/A N/A C:\Windows\System\AIeLbPd.exe N/A
N/A N/A C:\Windows\System\vhAJUzn.exe N/A
N/A N/A C:\Windows\System\dwDrRyM.exe N/A
N/A N/A C:\Windows\System\nIJqPJT.exe N/A
N/A N/A C:\Windows\System\XoXWitF.exe N/A
N/A N/A C:\Windows\System\xLXYzPE.exe N/A
N/A N/A C:\Windows\System\GmxfaBI.exe N/A
N/A N/A C:\Windows\System\XZqeoJO.exe N/A
N/A N/A C:\Windows\System\EMqkeYa.exe N/A
N/A N/A C:\Windows\System\GODxJFT.exe N/A
N/A N/A C:\Windows\System\QRuPhxq.exe N/A
N/A N/A C:\Windows\System\IuSvNsh.exe N/A
N/A N/A C:\Windows\System\YRULXnE.exe N/A
N/A N/A C:\Windows\System\UUUuKlf.exe N/A
N/A N/A C:\Windows\System\FxWcSGp.exe N/A
N/A N/A C:\Windows\System\rCFFYpT.exe N/A
N/A N/A C:\Windows\System\gimcxqn.exe N/A
N/A N/A C:\Windows\System\irrykHu.exe N/A
N/A N/A C:\Windows\System\RdHmngt.exe N/A
N/A N/A C:\Windows\System\ilQUDpS.exe N/A
N/A N/A C:\Windows\System\GXqSyNm.exe N/A
N/A N/A C:\Windows\System\tGXHtoq.exe N/A
N/A N/A C:\Windows\System\dBkKABe.exe N/A
N/A N/A C:\Windows\System\ZLacPnz.exe N/A
N/A N/A C:\Windows\System\KUxPPhO.exe N/A
N/A N/A C:\Windows\System\wODBTft.exe N/A
N/A N/A C:\Windows\System\NiCuKml.exe N/A
N/A N/A C:\Windows\System\OOqYpSZ.exe N/A
N/A N/A C:\Windows\System\OjSgbxw.exe N/A
N/A N/A C:\Windows\System\ktrKtqE.exe N/A
N/A N/A C:\Windows\System\JNGStIj.exe N/A
N/A N/A C:\Windows\System\nWWZIPz.exe N/A
N/A N/A C:\Windows\System\mUiLKSG.exe N/A
N/A N/A C:\Windows\System\GFsugcP.exe N/A
N/A N/A C:\Windows\System\KdHmCBI.exe N/A
N/A N/A C:\Windows\System\jsMazqZ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZedjvOi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\dYdSMDj.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\qULTexD.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZICTlnk.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOAPsov.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIVggQF.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\GoBlcjn.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzDowyX.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxPFTTm.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\rCFFYpT.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLKmKzZ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkfFUKC.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdeWZDY.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZFekjY.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JiQdepw.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvagEck.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmdXtLa.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyNhCBl.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\RECVQrZ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\yITdFny.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNDVzJI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXQoQyg.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZCTsKR.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdHmCBI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUlBLQY.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDnXTgi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\bopiptn.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCiVfPH.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlLRnOp.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\Rlgpovv.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YUhHPSm.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YRULXnE.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPRMYfi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhdJjOi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\hXUcWdX.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTAFaym.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUxPPhO.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\nWWZIPz.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZLdBGMG.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\LHpnNdN.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIGZzhI.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\IFGZbKw.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\Iktpftj.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjzCtCi.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmhkOXV.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVyRsxS.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzdnkjl.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\pnSpvZS.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhAJUzn.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXqSyNm.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXIDfCb.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGYDpnH.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVvmGwU.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYnsUtb.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\cREzAcA.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\wiuTzjw.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCGJDSK.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmbPwSn.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\tqNctOZ.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtmuQwG.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtqafyM.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFPPGUP.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDGdwSM.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A
File created C:\Windows\System\evaWvob.exe C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\caAmsYD.exe
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\caAmsYD.exe
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\caAmsYD.exe
PID 2008 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\PqbwfIi.exe
PID 2008 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\PqbwfIi.exe
PID 2008 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\PqbwfIi.exe
PID 2008 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IZUtQFP.exe
PID 2008 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IZUtQFP.exe
PID 2008 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IZUtQFP.exe
PID 2008 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\yBiXzTa.exe
PID 2008 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\yBiXzTa.exe
PID 2008 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\yBiXzTa.exe
PID 2008 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\ZSyoJXH.exe
PID 2008 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\ZSyoJXH.exe
PID 2008 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\ZSyoJXH.exe
PID 2008 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\bqKvQEW.exe
PID 2008 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\bqKvQEW.exe
PID 2008 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\bqKvQEW.exe
PID 2008 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\gUGaCtO.exe
PID 2008 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\gUGaCtO.exe
PID 2008 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\gUGaCtO.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\UEkmJXT.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\UEkmJXT.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\UEkmJXT.exe
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\qpMwwvj.exe
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\qpMwwvj.exe
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\qpMwwvj.exe
PID 2008 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VORttgJ.exe
PID 2008 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VORttgJ.exe
PID 2008 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VORttgJ.exe
PID 2008 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\NGfSWPd.exe
PID 2008 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\NGfSWPd.exe
PID 2008 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\NGfSWPd.exe
PID 2008 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\FgaGlta.exe
PID 2008 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\FgaGlta.exe
PID 2008 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\FgaGlta.exe
PID 2008 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IhyMQuv.exe
PID 2008 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IhyMQuv.exe
PID 2008 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IhyMQuv.exe
PID 2008 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\HXSPywq.exe
PID 2008 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\HXSPywq.exe
PID 2008 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\HXSPywq.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\kqpTBlh.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\kqpTBlh.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\kqpTBlh.exe
PID 2008 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\cfsCxvq.exe
PID 2008 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\cfsCxvq.exe
PID 2008 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\cfsCxvq.exe
PID 2008 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wycmZJg.exe
PID 2008 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wycmZJg.exe
PID 2008 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wycmZJg.exe
PID 2008 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IxPFTTm.exe
PID 2008 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IxPFTTm.exe
PID 2008 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\IxPFTTm.exe
PID 2008 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\AvdGHWD.exe
PID 2008 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\AvdGHWD.exe
PID 2008 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\AvdGHWD.exe
PID 2008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\jFPPGUP.exe
PID 2008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\jFPPGUP.exe
PID 2008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\jFPPGUP.exe
PID 2008 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wJhJNkS.exe
PID 2008 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wJhJNkS.exe
PID 2008 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\wJhJNkS.exe
PID 2008 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe C:\Windows\System\VsDDfaD.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d2587f6ef493c056333f4bb051a3998c11610760c6445ee8a35bb9a37c2cec9_NeikiAnalytics.exe"

C:\Windows\System\caAmsYD.exe

C:\Windows\System\caAmsYD.exe

C:\Windows\System\PqbwfIi.exe

C:\Windows\System\PqbwfIi.exe

C:\Windows\System\IZUtQFP.exe

C:\Windows\System\IZUtQFP.exe

C:\Windows\System\yBiXzTa.exe

C:\Windows\System\yBiXzTa.exe

C:\Windows\System\ZSyoJXH.exe

C:\Windows\System\ZSyoJXH.exe

C:\Windows\System\bqKvQEW.exe

C:\Windows\System\bqKvQEW.exe

C:\Windows\System\gUGaCtO.exe

C:\Windows\System\gUGaCtO.exe

C:\Windows\System\UEkmJXT.exe

C:\Windows\System\UEkmJXT.exe

C:\Windows\System\qpMwwvj.exe

C:\Windows\System\qpMwwvj.exe

C:\Windows\System\VORttgJ.exe

C:\Windows\System\VORttgJ.exe

C:\Windows\System\NGfSWPd.exe

C:\Windows\System\NGfSWPd.exe

C:\Windows\System\FgaGlta.exe

C:\Windows\System\FgaGlta.exe

C:\Windows\System\IhyMQuv.exe

C:\Windows\System\IhyMQuv.exe

C:\Windows\System\HXSPywq.exe

C:\Windows\System\HXSPywq.exe

C:\Windows\System\kqpTBlh.exe

C:\Windows\System\kqpTBlh.exe

C:\Windows\System\cfsCxvq.exe

C:\Windows\System\cfsCxvq.exe

C:\Windows\System\wycmZJg.exe

C:\Windows\System\wycmZJg.exe

C:\Windows\System\IxPFTTm.exe

C:\Windows\System\IxPFTTm.exe

C:\Windows\System\AvdGHWD.exe

C:\Windows\System\AvdGHWD.exe

C:\Windows\System\jFPPGUP.exe

C:\Windows\System\jFPPGUP.exe

C:\Windows\System\wJhJNkS.exe

C:\Windows\System\wJhJNkS.exe

C:\Windows\System\VsDDfaD.exe

C:\Windows\System\VsDDfaD.exe

C:\Windows\System\AlgSgbN.exe

C:\Windows\System\AlgSgbN.exe

C:\Windows\System\YgJiczi.exe

C:\Windows\System\YgJiczi.exe

C:\Windows\System\qVSQiYx.exe

C:\Windows\System\qVSQiYx.exe

C:\Windows\System\TCGJDSK.exe

C:\Windows\System\TCGJDSK.exe

C:\Windows\System\klBeNuc.exe

C:\Windows\System\klBeNuc.exe

C:\Windows\System\fRGhYyP.exe

C:\Windows\System\fRGhYyP.exe

C:\Windows\System\AIeLbPd.exe

C:\Windows\System\AIeLbPd.exe

C:\Windows\System\vhAJUzn.exe

C:\Windows\System\vhAJUzn.exe

C:\Windows\System\dwDrRyM.exe

C:\Windows\System\dwDrRyM.exe

C:\Windows\System\nIJqPJT.exe

C:\Windows\System\nIJqPJT.exe

C:\Windows\System\XoXWitF.exe

C:\Windows\System\XoXWitF.exe

C:\Windows\System\xLXYzPE.exe

C:\Windows\System\xLXYzPE.exe

C:\Windows\System\GmxfaBI.exe

C:\Windows\System\GmxfaBI.exe

C:\Windows\System\XZqeoJO.exe

C:\Windows\System\XZqeoJO.exe

C:\Windows\System\EMqkeYa.exe

C:\Windows\System\EMqkeYa.exe

C:\Windows\System\GODxJFT.exe

C:\Windows\System\GODxJFT.exe

C:\Windows\System\QRuPhxq.exe

C:\Windows\System\QRuPhxq.exe

C:\Windows\System\IuSvNsh.exe

C:\Windows\System\IuSvNsh.exe

C:\Windows\System\YRULXnE.exe

C:\Windows\System\YRULXnE.exe

C:\Windows\System\UUUuKlf.exe

C:\Windows\System\UUUuKlf.exe

C:\Windows\System\FxWcSGp.exe

C:\Windows\System\FxWcSGp.exe

C:\Windows\System\rCFFYpT.exe

C:\Windows\System\rCFFYpT.exe

C:\Windows\System\gimcxqn.exe

C:\Windows\System\gimcxqn.exe

C:\Windows\System\irrykHu.exe

C:\Windows\System\irrykHu.exe

C:\Windows\System\RdHmngt.exe

C:\Windows\System\RdHmngt.exe

C:\Windows\System\ilQUDpS.exe

C:\Windows\System\ilQUDpS.exe

C:\Windows\System\GXqSyNm.exe

C:\Windows\System\GXqSyNm.exe

C:\Windows\System\tGXHtoq.exe

C:\Windows\System\tGXHtoq.exe

C:\Windows\System\dBkKABe.exe

C:\Windows\System\dBkKABe.exe

C:\Windows\System\ZLacPnz.exe

C:\Windows\System\ZLacPnz.exe

C:\Windows\System\KUxPPhO.exe

C:\Windows\System\KUxPPhO.exe

C:\Windows\System\wODBTft.exe

C:\Windows\System\wODBTft.exe

C:\Windows\System\NiCuKml.exe

C:\Windows\System\NiCuKml.exe

C:\Windows\System\OOqYpSZ.exe

C:\Windows\System\OOqYpSZ.exe

C:\Windows\System\OjSgbxw.exe

C:\Windows\System\OjSgbxw.exe

C:\Windows\System\ktrKtqE.exe

C:\Windows\System\ktrKtqE.exe

C:\Windows\System\JNGStIj.exe

C:\Windows\System\JNGStIj.exe

C:\Windows\System\nWWZIPz.exe

C:\Windows\System\nWWZIPz.exe

C:\Windows\System\mUiLKSG.exe

C:\Windows\System\mUiLKSG.exe

C:\Windows\System\GFsugcP.exe

C:\Windows\System\GFsugcP.exe

C:\Windows\System\KdHmCBI.exe

C:\Windows\System\KdHmCBI.exe

C:\Windows\System\jsMazqZ.exe

C:\Windows\System\jsMazqZ.exe

C:\Windows\System\OXIDfCb.exe

C:\Windows\System\OXIDfCb.exe

C:\Windows\System\RpkjsEe.exe

C:\Windows\System\RpkjsEe.exe

C:\Windows\System\eQbdJCJ.exe

C:\Windows\System\eQbdJCJ.exe

C:\Windows\System\pdcMvFG.exe

C:\Windows\System\pdcMvFG.exe

C:\Windows\System\IKSlOeU.exe

C:\Windows\System\IKSlOeU.exe

C:\Windows\System\RECVQrZ.exe

C:\Windows\System\RECVQrZ.exe

C:\Windows\System\zhqtqRt.exe

C:\Windows\System\zhqtqRt.exe

C:\Windows\System\zweZDZw.exe

C:\Windows\System\zweZDZw.exe

C:\Windows\System\IiyhqaO.exe

C:\Windows\System\IiyhqaO.exe

C:\Windows\System\awAtIgl.exe

C:\Windows\System\awAtIgl.exe

C:\Windows\System\tRYQZty.exe

C:\Windows\System\tRYQZty.exe

C:\Windows\System\gkMhEpU.exe

C:\Windows\System\gkMhEpU.exe

C:\Windows\System\GYfiORe.exe

C:\Windows\System\GYfiORe.exe

C:\Windows\System\pIvzkIP.exe

C:\Windows\System\pIvzkIP.exe

C:\Windows\System\pvRNKid.exe

C:\Windows\System\pvRNKid.exe

C:\Windows\System\ApKlAFv.exe

C:\Windows\System\ApKlAFv.exe

C:\Windows\System\elgugdO.exe

C:\Windows\System\elgugdO.exe

C:\Windows\System\OPhgZdn.exe

C:\Windows\System\OPhgZdn.exe

C:\Windows\System\vOAPsov.exe

C:\Windows\System\vOAPsov.exe

C:\Windows\System\JkipcNq.exe

C:\Windows\System\JkipcNq.exe

C:\Windows\System\ymylnsy.exe

C:\Windows\System\ymylnsy.exe

C:\Windows\System\gwKoSzw.exe

C:\Windows\System\gwKoSzw.exe

C:\Windows\System\usQtADP.exe

C:\Windows\System\usQtADP.exe

C:\Windows\System\ymABcET.exe

C:\Windows\System\ymABcET.exe

C:\Windows\System\hooNFrS.exe

C:\Windows\System\hooNFrS.exe

C:\Windows\System\ZvMNmqg.exe

C:\Windows\System\ZvMNmqg.exe

C:\Windows\System\ZLdBGMG.exe

C:\Windows\System\ZLdBGMG.exe

C:\Windows\System\sEQEnFM.exe

C:\Windows\System\sEQEnFM.exe

C:\Windows\System\tIVggQF.exe

C:\Windows\System\tIVggQF.exe

C:\Windows\System\rJZRqOn.exe

C:\Windows\System\rJZRqOn.exe

C:\Windows\System\LHpnNdN.exe

C:\Windows\System\LHpnNdN.exe

C:\Windows\System\BXfrfpo.exe

C:\Windows\System\BXfrfpo.exe

C:\Windows\System\gTUmqoC.exe

C:\Windows\System\gTUmqoC.exe

C:\Windows\System\XRhdZWz.exe

C:\Windows\System\XRhdZWz.exe

C:\Windows\System\YragQpc.exe

C:\Windows\System\YragQpc.exe

C:\Windows\System\uVEPkZn.exe

C:\Windows\System\uVEPkZn.exe

C:\Windows\System\SAKrnkE.exe

C:\Windows\System\SAKrnkE.exe

C:\Windows\System\oafytuI.exe

C:\Windows\System\oafytuI.exe

C:\Windows\System\NoMovGY.exe

C:\Windows\System\NoMovGY.exe

C:\Windows\System\fxRPpis.exe

C:\Windows\System\fxRPpis.exe

C:\Windows\System\ExUiwHR.exe

C:\Windows\System\ExUiwHR.exe

C:\Windows\System\ICuBVOc.exe

C:\Windows\System\ICuBVOc.exe

C:\Windows\System\bcGNAyh.exe

C:\Windows\System\bcGNAyh.exe

C:\Windows\System\AaptSJN.exe

C:\Windows\System\AaptSJN.exe

C:\Windows\System\WTZmRtp.exe

C:\Windows\System\WTZmRtp.exe

C:\Windows\System\pPRMYfi.exe

C:\Windows\System\pPRMYfi.exe

C:\Windows\System\LUqHxSi.exe

C:\Windows\System\LUqHxSi.exe

C:\Windows\System\drCOyYE.exe

C:\Windows\System\drCOyYE.exe

C:\Windows\System\wTOFhHU.exe

C:\Windows\System\wTOFhHU.exe

C:\Windows\System\vqGilKR.exe

C:\Windows\System\vqGilKR.exe

C:\Windows\System\QqEBKWc.exe

C:\Windows\System\QqEBKWc.exe

C:\Windows\System\nTFWZmk.exe

C:\Windows\System\nTFWZmk.exe

C:\Windows\System\KGpKBur.exe

C:\Windows\System\KGpKBur.exe

C:\Windows\System\mEKteSr.exe

C:\Windows\System\mEKteSr.exe

C:\Windows\System\nUYOtqy.exe

C:\Windows\System\nUYOtqy.exe

C:\Windows\System\QjnYznA.exe

C:\Windows\System\QjnYznA.exe

C:\Windows\System\LmWucUQ.exe

C:\Windows\System\LmWucUQ.exe

C:\Windows\System\YuIeqWK.exe

C:\Windows\System\YuIeqWK.exe

C:\Windows\System\ojlDibt.exe

C:\Windows\System\ojlDibt.exe

C:\Windows\System\yICmqTy.exe

C:\Windows\System\yICmqTy.exe

C:\Windows\System\rPKNgnI.exe

C:\Windows\System\rPKNgnI.exe

C:\Windows\System\yITdFny.exe

C:\Windows\System\yITdFny.exe

C:\Windows\System\YGNySWm.exe

C:\Windows\System\YGNySWm.exe

C:\Windows\System\cLKmKzZ.exe

C:\Windows\System\cLKmKzZ.exe

C:\Windows\System\rjRvDUF.exe

C:\Windows\System\rjRvDUF.exe

C:\Windows\System\QNugsKH.exe

C:\Windows\System\QNugsKH.exe

C:\Windows\System\AABOUii.exe

C:\Windows\System\AABOUii.exe

C:\Windows\System\LTdgoeM.exe

C:\Windows\System\LTdgoeM.exe

C:\Windows\System\tHdrfTW.exe

C:\Windows\System\tHdrfTW.exe

C:\Windows\System\fBiiISf.exe

C:\Windows\System\fBiiISf.exe

C:\Windows\System\yLqwqyD.exe

C:\Windows\System\yLqwqyD.exe

C:\Windows\System\bpXiVSQ.exe

C:\Windows\System\bpXiVSQ.exe

C:\Windows\System\hxchqmD.exe

C:\Windows\System\hxchqmD.exe

C:\Windows\System\ZedjvOi.exe

C:\Windows\System\ZedjvOi.exe

C:\Windows\System\qQAwTvH.exe

C:\Windows\System\qQAwTvH.exe

C:\Windows\System\OQLfouJ.exe

C:\Windows\System\OQLfouJ.exe

C:\Windows\System\gjfdkWq.exe

C:\Windows\System\gjfdkWq.exe

C:\Windows\System\Ssrnfsu.exe

C:\Windows\System\Ssrnfsu.exe

C:\Windows\System\SsgecKz.exe

C:\Windows\System\SsgecKz.exe

C:\Windows\System\BbKStml.exe

C:\Windows\System\BbKStml.exe

C:\Windows\System\QvndrZN.exe

C:\Windows\System\QvndrZN.exe

C:\Windows\System\IFGZbKw.exe

C:\Windows\System\IFGZbKw.exe

C:\Windows\System\KaOmzIy.exe

C:\Windows\System\KaOmzIy.exe

C:\Windows\System\rxgDWnk.exe

C:\Windows\System\rxgDWnk.exe

C:\Windows\System\dYdSMDj.exe

C:\Windows\System\dYdSMDj.exe

C:\Windows\System\mjZPGQI.exe

C:\Windows\System\mjZPGQI.exe

C:\Windows\System\OGYDpnH.exe

C:\Windows\System\OGYDpnH.exe

C:\Windows\System\JCiVfPH.exe

C:\Windows\System\JCiVfPH.exe

C:\Windows\System\gHCRBON.exe

C:\Windows\System\gHCRBON.exe

C:\Windows\System\IwIYncl.exe

C:\Windows\System\IwIYncl.exe

C:\Windows\System\KNDVzJI.exe

C:\Windows\System\KNDVzJI.exe

C:\Windows\System\QmbPwSn.exe

C:\Windows\System\QmbPwSn.exe

C:\Windows\System\iNCrvJN.exe

C:\Windows\System\iNCrvJN.exe

C:\Windows\System\pjhZZRt.exe

C:\Windows\System\pjhZZRt.exe

C:\Windows\System\JVvmGwU.exe

C:\Windows\System\JVvmGwU.exe

C:\Windows\System\ozQmFHt.exe

C:\Windows\System\ozQmFHt.exe

C:\Windows\System\pElaOlh.exe

C:\Windows\System\pElaOlh.exe

C:\Windows\System\rDJfTge.exe

C:\Windows\System\rDJfTge.exe

C:\Windows\System\iJdLRor.exe

C:\Windows\System\iJdLRor.exe

C:\Windows\System\wkhYqxG.exe

C:\Windows\System\wkhYqxG.exe

C:\Windows\System\RlLRnOp.exe

C:\Windows\System\RlLRnOp.exe

C:\Windows\System\lBHrijr.exe

C:\Windows\System\lBHrijr.exe

C:\Windows\System\JGKQeXF.exe

C:\Windows\System\JGKQeXF.exe

C:\Windows\System\YkfFUKC.exe

C:\Windows\System\YkfFUKC.exe

C:\Windows\System\WEEAmTR.exe

C:\Windows\System\WEEAmTR.exe

C:\Windows\System\BIGZzhI.exe

C:\Windows\System\BIGZzhI.exe

C:\Windows\System\rbZTtIS.exe

C:\Windows\System\rbZTtIS.exe

C:\Windows\System\fZFekjY.exe

C:\Windows\System\fZFekjY.exe

C:\Windows\System\pQOnsWK.exe

C:\Windows\System\pQOnsWK.exe

C:\Windows\System\bCsOGbg.exe

C:\Windows\System\bCsOGbg.exe

C:\Windows\System\PaNcDCd.exe

C:\Windows\System\PaNcDCd.exe

C:\Windows\System\YhdJjOi.exe

C:\Windows\System\YhdJjOi.exe

C:\Windows\System\tqNctOZ.exe

C:\Windows\System\tqNctOZ.exe

C:\Windows\System\iXQoQyg.exe

C:\Windows\System\iXQoQyg.exe

C:\Windows\System\woWEjyt.exe

C:\Windows\System\woWEjyt.exe

C:\Windows\System\ouIAYmv.exe

C:\Windows\System\ouIAYmv.exe

C:\Windows\System\vwbpFiz.exe

C:\Windows\System\vwbpFiz.exe

C:\Windows\System\Iktpftj.exe

C:\Windows\System\Iktpftj.exe

C:\Windows\System\pZCTsKR.exe

C:\Windows\System\pZCTsKR.exe

C:\Windows\System\oVyRsxS.exe

C:\Windows\System\oVyRsxS.exe

C:\Windows\System\wXmAvoS.exe

C:\Windows\System\wXmAvoS.exe

C:\Windows\System\VzvvzeP.exe

C:\Windows\System\VzvvzeP.exe

C:\Windows\System\oBuiWhu.exe

C:\Windows\System\oBuiWhu.exe

C:\Windows\System\LdeWZDY.exe

C:\Windows\System\LdeWZDY.exe

C:\Windows\System\qvEdFOO.exe

C:\Windows\System\qvEdFOO.exe

C:\Windows\System\SuNSHLf.exe

C:\Windows\System\SuNSHLf.exe

C:\Windows\System\Rlgpovv.exe

C:\Windows\System\Rlgpovv.exe

C:\Windows\System\STiMkDS.exe

C:\Windows\System\STiMkDS.exe

C:\Windows\System\TmiXMvp.exe

C:\Windows\System\TmiXMvp.exe

C:\Windows\System\kejDKbc.exe

C:\Windows\System\kejDKbc.exe

C:\Windows\System\PUlBLQY.exe

C:\Windows\System\PUlBLQY.exe

C:\Windows\System\Zzrhqtx.exe

C:\Windows\System\Zzrhqtx.exe

C:\Windows\System\fUqgvyb.exe

C:\Windows\System\fUqgvyb.exe

C:\Windows\System\rFymeeX.exe

C:\Windows\System\rFymeeX.exe

C:\Windows\System\UtmuQwG.exe

C:\Windows\System\UtmuQwG.exe

C:\Windows\System\tnRAdNd.exe

C:\Windows\System\tnRAdNd.exe

C:\Windows\System\lECdaiV.exe

C:\Windows\System\lECdaiV.exe

C:\Windows\System\AkVfMHb.exe

C:\Windows\System\AkVfMHb.exe

C:\Windows\System\lDGdwSM.exe

C:\Windows\System\lDGdwSM.exe

C:\Windows\System\rVRdZsj.exe

C:\Windows\System\rVRdZsj.exe

C:\Windows\System\MmdXtLa.exe

C:\Windows\System\MmdXtLa.exe

C:\Windows\System\ZiAbwEw.exe

C:\Windows\System\ZiAbwEw.exe

C:\Windows\System\ijDOvcL.exe

C:\Windows\System\ijDOvcL.exe

C:\Windows\System\PmFIuBX.exe

C:\Windows\System\PmFIuBX.exe

C:\Windows\System\BzDowyX.exe

C:\Windows\System\BzDowyX.exe

C:\Windows\System\vogjTRl.exe

C:\Windows\System\vogjTRl.exe

C:\Windows\System\nuhPJzG.exe

C:\Windows\System\nuhPJzG.exe

C:\Windows\System\ztLIeFw.exe

C:\Windows\System\ztLIeFw.exe

C:\Windows\System\NamUdMQ.exe

C:\Windows\System\NamUdMQ.exe

C:\Windows\System\YUhHPSm.exe

C:\Windows\System\YUhHPSm.exe

C:\Windows\System\JaERTIl.exe

C:\Windows\System\JaERTIl.exe

C:\Windows\System\ClWbCBg.exe

C:\Windows\System\ClWbCBg.exe

C:\Windows\System\yzElimv.exe

C:\Windows\System\yzElimv.exe

C:\Windows\System\YedfTQX.exe

C:\Windows\System\YedfTQX.exe

C:\Windows\System\lzPiPVZ.exe

C:\Windows\System\lzPiPVZ.exe

C:\Windows\System\DmZJRTs.exe

C:\Windows\System\DmZJRTs.exe

C:\Windows\System\tDJEGbF.exe

C:\Windows\System\tDJEGbF.exe

C:\Windows\System\iQmNiNB.exe

C:\Windows\System\iQmNiNB.exe

C:\Windows\System\dieOZPG.exe

C:\Windows\System\dieOZPG.exe

C:\Windows\System\VDnXTgi.exe

C:\Windows\System\VDnXTgi.exe

C:\Windows\System\YcuJwCO.exe

C:\Windows\System\YcuJwCO.exe

C:\Windows\System\AGOefwp.exe

C:\Windows\System\AGOefwp.exe

C:\Windows\System\SoeDiOP.exe

C:\Windows\System\SoeDiOP.exe

C:\Windows\System\eOHAZec.exe

C:\Windows\System\eOHAZec.exe

C:\Windows\System\ZLrwWLT.exe

C:\Windows\System\ZLrwWLT.exe

C:\Windows\System\JmTnlag.exe

C:\Windows\System\JmTnlag.exe

C:\Windows\System\hXUcWdX.exe

C:\Windows\System\hXUcWdX.exe

C:\Windows\System\ygyYCZN.exe

C:\Windows\System\ygyYCZN.exe

C:\Windows\System\IFUedQv.exe

C:\Windows\System\IFUedQv.exe

C:\Windows\System\rzdnkjl.exe

C:\Windows\System\rzdnkjl.exe

C:\Windows\System\IfyfGRT.exe

C:\Windows\System\IfyfGRT.exe

C:\Windows\System\WyaGABR.exe

C:\Windows\System\WyaGABR.exe

C:\Windows\System\JiQdepw.exe

C:\Windows\System\JiQdepw.exe

C:\Windows\System\cYmLxYF.exe

C:\Windows\System\cYmLxYF.exe

C:\Windows\System\OOZUfJW.exe

C:\Windows\System\OOZUfJW.exe

C:\Windows\System\FtqafyM.exe

C:\Windows\System\FtqafyM.exe

C:\Windows\System\OztPGNM.exe

C:\Windows\System\OztPGNM.exe

C:\Windows\System\qULTexD.exe

C:\Windows\System\qULTexD.exe

C:\Windows\System\evaWvob.exe

C:\Windows\System\evaWvob.exe

C:\Windows\System\csWFQfI.exe

C:\Windows\System\csWFQfI.exe

C:\Windows\System\SGfXpcc.exe

C:\Windows\System\SGfXpcc.exe

C:\Windows\System\NXNkgKq.exe

C:\Windows\System\NXNkgKq.exe

C:\Windows\System\KIQXoDS.exe

C:\Windows\System\KIQXoDS.exe

C:\Windows\System\qjTfsbJ.exe

C:\Windows\System\qjTfsbJ.exe

C:\Windows\System\zjLymwX.exe

C:\Windows\System\zjLymwX.exe

C:\Windows\System\gNcJLXp.exe

C:\Windows\System\gNcJLXp.exe

C:\Windows\System\tkiadio.exe

C:\Windows\System\tkiadio.exe

C:\Windows\System\EFruFsQ.exe

C:\Windows\System\EFruFsQ.exe

C:\Windows\System\RbpfREA.exe

C:\Windows\System\RbpfREA.exe

C:\Windows\System\FyIQuXe.exe

C:\Windows\System\FyIQuXe.exe

C:\Windows\System\ZPGcPxS.exe

C:\Windows\System\ZPGcPxS.exe

C:\Windows\System\xnwDNVz.exe

C:\Windows\System\xnwDNVz.exe

C:\Windows\System\uHDmOWM.exe

C:\Windows\System\uHDmOWM.exe

C:\Windows\System\eYWUwKZ.exe

C:\Windows\System\eYWUwKZ.exe

C:\Windows\System\ARvmldl.exe

C:\Windows\System\ARvmldl.exe

C:\Windows\System\yudxWoD.exe

C:\Windows\System\yudxWoD.exe

C:\Windows\System\hGQGdUp.exe

C:\Windows\System\hGQGdUp.exe

C:\Windows\System\bjzCtCi.exe

C:\Windows\System\bjzCtCi.exe

C:\Windows\System\oJmYqGI.exe

C:\Windows\System\oJmYqGI.exe

C:\Windows\System\PxKYJAy.exe

C:\Windows\System\PxKYJAy.exe

C:\Windows\System\kMJJIMq.exe

C:\Windows\System\kMJJIMq.exe

C:\Windows\System\ZICTlnk.exe

C:\Windows\System\ZICTlnk.exe

C:\Windows\System\UTKsMBJ.exe

C:\Windows\System\UTKsMBJ.exe

C:\Windows\System\oCIHouk.exe

C:\Windows\System\oCIHouk.exe

C:\Windows\System\gSpKpVO.exe

C:\Windows\System\gSpKpVO.exe

C:\Windows\System\YjQDdKQ.exe

C:\Windows\System\YjQDdKQ.exe

C:\Windows\System\ZNzqneR.exe

C:\Windows\System\ZNzqneR.exe

C:\Windows\System\WmhkOXV.exe

C:\Windows\System\WmhkOXV.exe

C:\Windows\System\pmvWRQf.exe

C:\Windows\System\pmvWRQf.exe

C:\Windows\System\koNjLwK.exe

C:\Windows\System\koNjLwK.exe

C:\Windows\System\pnSpvZS.exe

C:\Windows\System\pnSpvZS.exe

C:\Windows\System\nYydDAW.exe

C:\Windows\System\nYydDAW.exe

C:\Windows\System\KxOBIcN.exe

C:\Windows\System\KxOBIcN.exe

C:\Windows\System\UAAaeYd.exe

C:\Windows\System\UAAaeYd.exe

C:\Windows\System\opkLeBJ.exe

C:\Windows\System\opkLeBJ.exe

C:\Windows\System\UmAqDWF.exe

C:\Windows\System\UmAqDWF.exe

C:\Windows\System\zLKMoWO.exe

C:\Windows\System\zLKMoWO.exe

C:\Windows\System\RdBJuDJ.exe

C:\Windows\System\RdBJuDJ.exe

C:\Windows\System\NvhFRvY.exe

C:\Windows\System\NvhFRvY.exe

C:\Windows\System\RlUCMkr.exe

C:\Windows\System\RlUCMkr.exe

C:\Windows\System\lCvabRB.exe

C:\Windows\System\lCvabRB.exe

C:\Windows\System\nYnsUtb.exe

C:\Windows\System\nYnsUtb.exe

C:\Windows\System\ZNIBIkG.exe

C:\Windows\System\ZNIBIkG.exe

C:\Windows\System\CgMBzHb.exe

C:\Windows\System\CgMBzHb.exe

C:\Windows\System\PaXFDwy.exe

C:\Windows\System\PaXFDwy.exe

C:\Windows\System\OurAvPU.exe

C:\Windows\System\OurAvPU.exe

C:\Windows\System\UPAglmH.exe

C:\Windows\System\UPAglmH.exe

C:\Windows\System\OTtMpjD.exe

C:\Windows\System\OTtMpjD.exe

C:\Windows\System\fVFtsDZ.exe

C:\Windows\System\fVFtsDZ.exe

C:\Windows\System\cREzAcA.exe

C:\Windows\System\cREzAcA.exe

C:\Windows\System\nvagEck.exe

C:\Windows\System\nvagEck.exe

C:\Windows\System\Flgdjmg.exe

C:\Windows\System\Flgdjmg.exe

C:\Windows\System\FVMjWdz.exe

C:\Windows\System\FVMjWdz.exe

C:\Windows\System\aXFDAgS.exe

C:\Windows\System\aXFDAgS.exe

C:\Windows\System\ukllBpo.exe

C:\Windows\System\ukllBpo.exe

C:\Windows\System\wFDFlsp.exe

C:\Windows\System\wFDFlsp.exe

C:\Windows\System\GoBlcjn.exe

C:\Windows\System\GoBlcjn.exe

C:\Windows\System\dQZhFJc.exe

C:\Windows\System\dQZhFJc.exe

C:\Windows\System\tBMYjqS.exe

C:\Windows\System\tBMYjqS.exe

C:\Windows\System\jtWFjmC.exe

C:\Windows\System\jtWFjmC.exe

C:\Windows\System\FLOJAdF.exe

C:\Windows\System\FLOJAdF.exe

C:\Windows\System\HGpgTOG.exe

C:\Windows\System\HGpgTOG.exe

C:\Windows\System\UyNhCBl.exe

C:\Windows\System\UyNhCBl.exe

C:\Windows\System\bopiptn.exe

C:\Windows\System\bopiptn.exe

C:\Windows\System\yuqmVOx.exe

C:\Windows\System\yuqmVOx.exe

C:\Windows\System\VAILrGP.exe

C:\Windows\System\VAILrGP.exe

C:\Windows\System\umjGehy.exe

C:\Windows\System\umjGehy.exe

C:\Windows\System\wiuTzjw.exe

C:\Windows\System\wiuTzjw.exe

C:\Windows\System\SOTHfQJ.exe

C:\Windows\System\SOTHfQJ.exe

C:\Windows\System\ToPZekv.exe

C:\Windows\System\ToPZekv.exe

C:\Windows\System\rYnMzWP.exe

C:\Windows\System\rYnMzWP.exe

C:\Windows\System\QTAFaym.exe

C:\Windows\System\QTAFaym.exe

C:\Windows\System\SzfeMlO.exe

C:\Windows\System\SzfeMlO.exe

C:\Windows\System\sJLxjfI.exe

C:\Windows\System\sJLxjfI.exe

C:\Windows\System\hshvnEu.exe

C:\Windows\System\hshvnEu.exe

C:\Windows\System\FUYgtSt.exe

C:\Windows\System\FUYgtSt.exe

C:\Windows\System\kvElCyg.exe

C:\Windows\System\kvElCyg.exe

C:\Windows\System\AGzmWMP.exe

C:\Windows\System\AGzmWMP.exe

C:\Windows\System\miTdKRv.exe

C:\Windows\System\miTdKRv.exe

C:\Windows\System\ecLgznE.exe

C:\Windows\System\ecLgznE.exe

C:\Windows\System\dAlVvdT.exe

C:\Windows\System\dAlVvdT.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2008-0-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2008-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\caAmsYD.exe

MD5 df38be5b990105941155a4f6b1dd78c4
SHA1 1d304d763fe54d5731c16f8ba2c6a07221cd6742
SHA256 078080751443d5d58829b83c20ae44cc18cdd79fe08cd9d2f5a7dec8aa67f291
SHA512 cf6b640c9da591a153ee050e6d5f7bd58c0d1ee86a6eeaeef526405720e5ede0859c3b991c4106e91d5b36f890fdcf28ba2fc637026dc327f91052223b09c315

memory/2948-9-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2008-7-0x000000013FF70000-0x00000001402C4000-memory.dmp

\Windows\system\PqbwfIi.exe

MD5 cde85cd90aa06e133a9f7a51d47ccdba
SHA1 c8d76a9edaf26360187db0204c756725edb26038
SHA256 11450b7f940b34c8aa48db6fef88d8f76a636a80b3399b4916e3f6f31e450e22
SHA512 1a4f2e2137d05f326e92f402b60bf41919bcfc43bf3b7d22a91ecee390b76c0f347c1281428ddb51d9b0d479e1a4065e4786803441f387b463a81df3fd843bf1

C:\Windows\system\IZUtQFP.exe

MD5 68e40452d728331e1907e7548153e78d
SHA1 700fc21943b8de97ddee2cc85f8b2445fbcdb915
SHA256 753df8c847b7cba3a562e8453ddbf26987199a5b4791d1777465423193679178
SHA512 2f37d85ba04f5adf92843a9013ffaa0b442b364cbe7926d2c1f84994ac0d565303ea05d36cb2b4442210264ade125eab61ee7a905a1bebe225bbe4546edc870a

memory/2484-15-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2008-14-0x0000000002060000-0x00000000023B4000-memory.dmp

C:\Windows\system\yBiXzTa.exe

MD5 4e7826d2e0812f9bba48c4b44779911e
SHA1 dfc8138d1bc5a8edf6110b058edbcb309c788720
SHA256 61830a5ceb67679e651e08c4440094cb13b2199b883dbdc7253e2634e78132a5
SHA512 1d37937f197a2b29d3c035d5177541aabc6de067c098f37a59a7d667a285d4dd17f49ed826bcebd39b8c6ae88c15b8c83d868f683f00dfbb9e1a3bd7a1b511b3

\Windows\system\ZSyoJXH.exe

MD5 4a9fb97d3aa7a38f3021ec5927cfbc86
SHA1 797a252965b17e467904169bdb5feda553d67c4c
SHA256 bf6c4d276c7e1ae13480d891e0b4745a91b739f7124d576fafeebd13a27790ee
SHA512 9c3f88b390e6ff61fac76d89b05ebd9ba045a5bc610a919664782ccea5478daa0181881a7da0fe3a1c58c4baede567930361a56d8180f8e76c86e9bde16bea23

\Windows\system\bqKvQEW.exe

MD5 b3842759e1935e0bddfbaf903f671942
SHA1 0408dd1a98a35908cc959378de40fc26f2a1fa6e
SHA256 6324d7b790a38e10fa3251407aa8beef3514481e18cf0e3397b58e791f890bc1
SHA512 7d959a2b2ce7bc8048c8b2bc8b5ed637885e0f4c4533c26394cfa8398d0daa22bd99b0c640f18f2f86b6b0d353eb3f84e2105e48d83d909628152c8de5dbe831

C:\Windows\system\gUGaCtO.exe

MD5 bb8576b9e0593f22303a127debef770a
SHA1 5af0770fc34eb55abbc073da882abbcc33aa334c
SHA256 c63def2dd98a06504336dca37b2816595083fddda4f229c9214d18d28851e489
SHA512 555ac3d9d95c02a3ab66cee443cd24747167506f17880ba39e81db03c20600b941881033467c99552c29924f4a9f84896167e72cdd94e606934302517420f5c6

C:\Windows\system\qpMwwvj.exe

MD5 dfba0a077eda70bd426e615e402d44e3
SHA1 dcb975da20e0437320915fc3ec66952d33322901
SHA256 47d53b04a42353ff1e796c1e136f0432d7e316723e8cade7856e44c96e9cbb96
SHA512 8c7460fcecef847941fe20cae53ee6692f5c1f72fb84f39e33e0f3e3e0dc94c9ef318cd099912c48e97c19f224d986e3debe3d70798ccc76ce4cc0bee90e031d

C:\Windows\system\NGfSWPd.exe

MD5 693fac6332cdc2863dc7210a882e6110
SHA1 eb7dc0a28aa09cb2c0bcf1d873784a5a38a09db0
SHA256 e836c9663734b86bfbea29e5ca9a87071cb0fe79d005afac972a4c5c44da4b74
SHA512 120272ab88b4d97b4305579494df5d5f465673c4df46d402839d1f39821c50504966ef0cf7b4909f91db7550fba858e360fcd2d3061bbad1c74a2ebc2253377c

C:\Windows\system\FgaGlta.exe

MD5 7dfc39e7d17997174b7c5fc20e3218e0
SHA1 0bb27e35fd32b439b90decb6bed4a87d87176b89
SHA256 dc1d6a69e20ee3d138b7a036e31db4aef48de7d37b5f3f410673213689e6f069
SHA512 818ec3beef6c01edf816ca4b179842395cbe5ad6015c16f0c454d79071f3dcd4a516881cda030b2f92e978ef1c09ed82ce839b4c3ef9f3693e8b24d69a7d7084

C:\Windows\system\wycmZJg.exe

MD5 530577953f93a59407317bbb8110cfb8
SHA1 ee58b6ebc6d7d2d2328510cd67996e683eb3c94c
SHA256 def27bea334aa779f4b4aa9ae69a8bbec683aa471a3ee0a76d85f4d3dfc06228
SHA512 21c06147d4e775e8c9944b42eee444303109bbeaeeea80b01649e162c2ef7e13d943901aec8441cd1d7137103fb6ef52b782c844738f11e0b3d095ec40b1213f

C:\Windows\system\VsDDfaD.exe

MD5 839a7ac56166d742ee4fa6a15f98aab8
SHA1 c21526aeb5e0cdebc03e81fbcaf6dcccc39f5c96
SHA256 379356f2a3c1d68b2be3e123ff87a0baf48be740b0cb977d450fbe6632e17685
SHA512 6a5893c7f2b39e8fe0522c45564185a4ba797ecd1514dac226a4323cd56b5d1d39f1c9fa8a730c0b1c8a686a5876b5380e9ade93aac2c6401e9c38bdd4c70a9f

C:\Windows\system\YgJiczi.exe

MD5 cbca049f690f3d99b21571fa903f10cf
SHA1 53311fea1b0415e38b331a80bc4ff37f97ea329a
SHA256 7b19fa5ceda4864fdabe3e299a5ef75bd8d3bacdd52e0e93f4a9d62fc71f11fe
SHA512 7acc62f4aba9669d43f306c9a85a3a94afba87db7e48605817c786411bf79d74d5f65e14a63a9b76a116912f8792db902d3cf301d66469a0279f8c43d6ad7215

\Windows\system\TCGJDSK.exe

MD5 54f6c20cee413a348ec23690ccd7647d
SHA1 d50a931c27437c85074472b8a2b03498dcc25971
SHA256 72fefee29672a9f120dc78e65960d2a6605bcebc841508e6b84e66eac0dfe582
SHA512 6f75b1787284d9c885adcabe2250eaceeeb9ca4664a1e7d16048dfe9df94d61290ab9fd603c0d477d2032fed8bf4b9edd2e11be97417951aedac5cea3d572c35

C:\Windows\system\nIJqPJT.exe

MD5 15c6531c7f7405a182d21d9ed7c5046f
SHA1 3d4d948e3764c8bc3ae7dcb5e507272abd241eda
SHA256 426f6d2167a2ee10869a075cdb7a2fb0054a1f81d1824ef1e89ddd3a2cb67ba6
SHA512 f61d486d1ec3c3676f45d2cc103fefbbf274fa3f038da08d5578660dcd6b6dfedd3a533f9b5103d5faeab52cb5a70cbab98cc27c36a0de4edafbe2e0f7442c7e

memory/2008-345-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2496-369-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2584-368-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2008-367-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/1964-366-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2008-365-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/1656-364-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2008-363-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2964-362-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2008-332-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2404-326-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2008-325-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2348-324-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2008-323-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/1652-322-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2008-321-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2752-338-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2500-302-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2008-281-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2528-271-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2008-270-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2604-269-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2008-268-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2008-267-0x000000013FFF0000-0x0000000140344000-memory.dmp

C:\Windows\system\dwDrRyM.exe

MD5 b2c3417feb46546687112fa153f50c11
SHA1 4f19e77911bc5ede5f25a617a5f26c22db379d18
SHA256 122b717219b5c7f1bff3fc778a536e722cabf1ece1a2fc2daeb1207931a5d4c6
SHA512 b063ea304886d1f0cc89b1745ef6afdad4cf2172808fb954b66708dbca112d01a018f53d13c8b75ecdd55333a620abdc06bf0594b8471af58b0b16f91a565c03

C:\Windows\system\vhAJUzn.exe

MD5 fa5c06720b5180366df3506b78c59993
SHA1 588ee24a29cb1a43b2501a71ad379710216b0548
SHA256 b4d1c7994e642f55d7787d26f712e606dd16ff0dd8280b0bce206545eaa076ec
SHA512 94519a7a046a1b574c1859b4aad233497f02081e12e5ceed9b81f48f0e4b3f079687cd25a7f5f15555c25a24807d8d417b42cb7bb4cb0ad8fc56552a70281059

C:\Windows\system\AIeLbPd.exe

MD5 d84463ca400ef67a45ece932e37ff125
SHA1 8be71000279568e9448eb64de67b4c79c5c15517
SHA256 ae59b2e19daf7205f1f2d2ffe1584290678d9d6c4b47fe1d0159fdb7eb040a4a
SHA512 dd0e3d35e55b6a948e780c6518bd096d86844ce668c6d24bc3357999bcafefb759fa206a956f9254de41a57c92b5f26e41cf172042f3c319ce180755250ef6ad

C:\Windows\system\fRGhYyP.exe

MD5 5ba9bc20213ea3942704435475233560
SHA1 b18188577cff90d4aab59d2e68852b46b6d41582
SHA256 a4ba570b0492729db71916cbec86f6b1cfa22d2994fbd78212409696ecf471e6
SHA512 3e32a269c673eadfbd9899a74f237bff9833528348443ac2ea5dd5888c5797d7172edf3ab2de1b44a471310656ab829ac02af0ee56015b2eb5b62fb2b3966687

C:\Windows\system\klBeNuc.exe

MD5 04fde5903da78cf9ed7c2cdac76d12c4
SHA1 eaa6c404d7fe1e5a294ee1b5b21b05df5d210af7
SHA256 a0ee2ae971778be95ff7786c08ad092935ad3d69d78d62ec1e4761f955243d05
SHA512 040e557182c1e5ed47b8974a5cc6ae69a510a61997fbb0b7fc96620ab524192ccf2a425520e0b14f5cc14cf282842f70f0f0061a2b2db74636306d30193fb6ec

C:\Windows\system\qVSQiYx.exe

MD5 784a7f1a4af8d55f6eee3f1f9f0d63a4
SHA1 629708707aefc88b0dd55c26f7e4a9f3e74a20f6
SHA256 76151c16430af61aafc317c1df13618f1c820d4d641079f73587377a1f8f5490
SHA512 b18178069c359da00067d8f73d31fc6ca350c84d348c7de273202ca325f949ab7609b08ce028261a65e4db375257930261e07d842d96843eaf10473082e7491d

C:\Windows\system\AlgSgbN.exe

MD5 d0819818b0a8e023cdbe30ad4b7ccc2b
SHA1 2441cf4a1caabc189ce9a8d13d77741f8feb05f4
SHA256 df04f9870fc30caea7f0e4efab25e1f27285bd30fc68219f2d81b4373d143341
SHA512 31df9e6f20a841e9f58c11f74a960511046b4556141426308b69435279850308a2075dc4edc30b03bb43336782a1a33e518193168678c602be259400aced63d4

C:\Windows\system\wJhJNkS.exe

MD5 7db70ceee9a89fde5136b00f2c0edc8f
SHA1 5bd143551493b9aca12b5e3dcba87b70c9d04057
SHA256 0d9b47dbef6e3dbc8496e3a678862f7039cfedbf28c6eef68c3f4c28155f30be
SHA512 6a4dbc5366a46d31b404728fc7ece581821d69609929d80d5a7c9238e8c440ccffad24b181ee062f3ae0213f32e0462a8ff27ccf7d9e54315dc28c9beeda9a56

C:\Windows\system\jFPPGUP.exe

MD5 fb2a8ea0a5572e0b4f2f209e6dcf701e
SHA1 67714ea4a4555efc628a5c0abcb9eb9ac1714666
SHA256 e8cdc569b5ffb9367aae65b82e1143709f8ff98b68255c8558f3c0decd202935
SHA512 a48f779b205a17e257ba6c323c93f9df9ca1de14540b0f21214f0ed076a0d3a2b6d2a4c9a536c49a467e10476c8f11238e20d87fc45cb0b3276089261aa9f312

C:\Windows\system\AvdGHWD.exe

MD5 9565bba4bbded6fabb581ae4f48ef6ea
SHA1 1d57689075fcb48b510c15c17ff553853906caf7
SHA256 7025f3ea58d49da7f929f36dc7e877c2fae61a3fb230581f3af0e647d0a61dc4
SHA512 e4c24030b4ff163b997e8d4c26ad787cf2b556b87b4ff2f1dc18b606c1667bc2f602225502a02eb34639a1d006137afe35e0137f0ee6a5e24aa4548b9ea14783

C:\Windows\system\IxPFTTm.exe

MD5 eed8fdcdbb2c3653595cd4fa675de32b
SHA1 788702811c4d18f89a3f3145a992a15cbdd16e3c
SHA256 22374a96c33748e9e88ab3bb1f6b145b60f42c0911585be0278b4c1a7789b45d
SHA512 fa856661abd55ea6e9a516a7ed1fdf4ea23eab1d1e3f950f469304500daed97854f05eed7d6098acfb829cc13537213fe5c83ff70b907a369d0e4ef0d885e1fb

C:\Windows\system\cfsCxvq.exe

MD5 0817dbb3bfb6e028e9f8549764f98b5e
SHA1 c85a55145680b84a4cbc49b1624231f08b13b2a6
SHA256 4c853200a0b40a43ebc11365ea39e909cf45f1edd63a5280332948563ffc784e
SHA512 09515d518016d4186356604b27f8a8f1167d53fb5e3b0102f4cc2cc74cece8bb9332dd6c96226ec4d2b402185d6669148e9a47927ad2c2e3d911c7adb7746fe9

C:\Windows\system\kqpTBlh.exe

MD5 4fb7df94dba0842a4f05268fe2fda3a8
SHA1 5920ba6cd01f3c07f983b7f652abca08abafa12b
SHA256 96f463cea18f627a3f35b8c36ba079fbfc89dccb544abfca48ac9f6c94d1d57d
SHA512 0c414ef78968deea9b6dd31dbf6c1824ae87d9a21373b759b308314c320d17bef4f1afe848c3cf0ad2965754f3f18bb752537086bd78585aeb71a3281167822a

C:\Windows\system\HXSPywq.exe

MD5 50e4c2db1f6b13b78f49af4c00b5cc15
SHA1 17f8cd0934d6293eecbd015eb8a70fde98dffe94
SHA256 1b4486c97fa774a326f810c8e3aecd7e6f4ab535b40a52911f9defb5a59d7de6
SHA512 6a13a71460ab7039c1c8d0b0513014e574ce92b081c85052873ffd40a9837f2dca529a050c0165e46909a450b2ab9c9f729f5e99e14d3fae4d67d8bb170fd542

C:\Windows\system\IhyMQuv.exe

MD5 9248f0f8688bee0b2913850041f59cda
SHA1 a05c646d91b11bda164cba95e686679d78c2a341
SHA256 8e40e0925a450180deb52b46f94e866bb1a6843f363ba08f3f2255895c5f6058
SHA512 391124263907f87f1542f7f3501637a16645b596bb0255bea683c7626dedbe3a949ab84b54d179ba0f2703d9acae999b7f070fdb3ccb3927aa3aa3dc9844ada8

C:\Windows\system\VORttgJ.exe

MD5 60338dc6dc98677c8aee0c8e4324c051
SHA1 9e7dbd78dd68ceab50ce15bfb789d4be8ca70cac
SHA256 d4a6e56983dbf1b5198ded2f4a24742bb583f0faec7196b1aeec06adb62a44dc
SHA512 d66030bbb90f44bc87bd48db61748cf396d058ef530daa227a6e2a866fed5c931776de64c84bf5a78476084f64bc9adc5e0cb9344fd158b4931e23fa591ce0fe

C:\Windows\system\UEkmJXT.exe

MD5 05428617af2a3a61933dd0e7a39c839f
SHA1 0bc5eaa661dd26e390a757bc4c5823bfb903d851
SHA256 ce7b81df3f3ca08501967870551b74105016b60c29f281658bfd21afc0605891
SHA512 6997678f179e3962e76156cce73b0bd3e8ca8fe3445512c4a3f6d393cc185bdb052575049134d40f50f1d561cff8f05bde6fe567e4af1da7db1caebee27e136b

memory/2008-1069-0x000000013F390000-0x000000013F6E4000-memory.dmp

memory/2484-1070-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2008-1071-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2008-1072-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2008-1073-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2604-1074-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2008-1075-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2528-1076-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2008-1077-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/2964-1081-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2008-1085-0x0000000002060000-0x00000000023B4000-memory.dmp

memory/1964-1084-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2008-1083-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2008-1082-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2404-1080-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/1652-1079-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2008-1078-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2496-1086-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2948-1087-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2584-1088-0x000000013F260000-0x000000013F5B4000-memory.dmp

memory/2500-1093-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/1656-1092-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/2604-1091-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2752-1089-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2348-1090-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2484-1094-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/1652-1096-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/1964-1097-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2964-1098-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2496-1095-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2528-1099-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2404-1100-0x000000013F6B0000-0x000000013FA04000-memory.dmp