Malware Analysis Report

2024-10-10 09:28

Sample ID 240625-rdeslsxbqj
Target 692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe
SHA256 692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf
Tags
miner upx kpot xmrig stealer trojan persistence privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf

Threat Level: Known bad

The file 692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan persistence privilege_escalation

Xmrig family

KPOT Core Executable

KPOT

xmrig

XMRig Miner payload

Kpot family

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Event Triggered Execution: Accessibility Features

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-25 14:04

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 14:04

Reported

2024-06-25 14:07

Platform

win7-20240611-en

Max time kernel

128s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zDnWCoP.exe N/A
N/A N/A C:\Windows\System\PYuYFKZ.exe N/A
N/A N/A C:\Windows\System\czuCiNz.exe N/A
N/A N/A C:\Windows\System\cVfVWBs.exe N/A
N/A N/A C:\Windows\System\ksOrByd.exe N/A
N/A N/A C:\Windows\System\ZEMbqMg.exe N/A
N/A N/A C:\Windows\System\jcZIGKf.exe N/A
N/A N/A C:\Windows\System\okqHVQq.exe N/A
N/A N/A C:\Windows\System\BbHvOjP.exe N/A
N/A N/A C:\Windows\System\PVwUEZR.exe N/A
N/A N/A C:\Windows\System\mZasXtD.exe N/A
N/A N/A C:\Windows\System\nNqAztj.exe N/A
N/A N/A C:\Windows\System\ejLdbVb.exe N/A
N/A N/A C:\Windows\System\SZgkLHk.exe N/A
N/A N/A C:\Windows\System\QoSSCZP.exe N/A
N/A N/A C:\Windows\System\fxzfCjD.exe N/A
N/A N/A C:\Windows\System\uHSZXMs.exe N/A
N/A N/A C:\Windows\System\zpWKAbg.exe N/A
N/A N/A C:\Windows\System\ZXKISgK.exe N/A
N/A N/A C:\Windows\System\aHjqyFB.exe N/A
N/A N/A C:\Windows\System\rinKchk.exe N/A
N/A N/A C:\Windows\System\lqZvCLp.exe N/A
N/A N/A C:\Windows\System\LOzauKV.exe N/A
N/A N/A C:\Windows\System\CiaFjbB.exe N/A
N/A N/A C:\Windows\System\JKodqGH.exe N/A
N/A N/A C:\Windows\System\eVfPNKx.exe N/A
N/A N/A C:\Windows\System\GKTmada.exe N/A
N/A N/A C:\Windows\System\CoZsvfn.exe N/A
N/A N/A C:\Windows\System\JyhfDvJ.exe N/A
N/A N/A C:\Windows\System\LaVPZuk.exe N/A
N/A N/A C:\Windows\System\royBMoj.exe N/A
N/A N/A C:\Windows\System\hNIqiwn.exe N/A
N/A N/A C:\Windows\System\xSbxNuY.exe N/A
N/A N/A C:\Windows\System\FENOWTI.exe N/A
N/A N/A C:\Windows\System\OczfhJf.exe N/A
N/A N/A C:\Windows\System\ifCtvmZ.exe N/A
N/A N/A C:\Windows\System\OuFhrvF.exe N/A
N/A N/A C:\Windows\System\YcpeOeG.exe N/A
N/A N/A C:\Windows\System\MFiqySw.exe N/A
N/A N/A C:\Windows\System\LOCBSyh.exe N/A
N/A N/A C:\Windows\System\WSyiEYR.exe N/A
N/A N/A C:\Windows\System\AfPurcZ.exe N/A
N/A N/A C:\Windows\System\VPfdYqi.exe N/A
N/A N/A C:\Windows\System\DtmFawL.exe N/A
N/A N/A C:\Windows\System\kIBIfrX.exe N/A
N/A N/A C:\Windows\System\AqsAKkR.exe N/A
N/A N/A C:\Windows\System\JTrjnGW.exe N/A
N/A N/A C:\Windows\System\VRgXsgb.exe N/A
N/A N/A C:\Windows\System\coTEFBu.exe N/A
N/A N/A C:\Windows\System\NLmTvOg.exe N/A
N/A N/A C:\Windows\System\PSIwxuO.exe N/A
N/A N/A C:\Windows\System\dqWywJp.exe N/A
N/A N/A C:\Windows\System\kIZPGEg.exe N/A
N/A N/A C:\Windows\System\DngdyHT.exe N/A
N/A N/A C:\Windows\System\aSXxCAg.exe N/A
N/A N/A C:\Windows\System\McVETTT.exe N/A
N/A N/A C:\Windows\System\TkKkOyM.exe N/A
N/A N/A C:\Windows\System\OCxXBNL.exe N/A
N/A N/A C:\Windows\System\pzPODNL.exe N/A
N/A N/A C:\Windows\System\HidONJN.exe N/A
N/A N/A C:\Windows\System\nenVZvd.exe N/A
N/A N/A C:\Windows\System\ccbQglO.exe N/A
N/A N/A C:\Windows\System\AxgKFbf.exe N/A
N/A N/A C:\Windows\System\XuiShGq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\mNZNfxb.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHPbyzl.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWRMOFb.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\DsKedOi.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\csKjBLB.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjSukqu.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\USGmEaM.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJGTYtw.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LRBBcIS.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAzpMpF.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDPSJDp.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\pYbQWsY.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\RerOrfQ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgNVfol.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\eXlhYub.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\okqHVQq.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VJxxxYU.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEEVnKG.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rinKchk.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiaFjbB.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifCtvmZ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ydKoUFz.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\tabZkUA.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUrRvop.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjyCAye.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZasXtD.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\xhkBlcX.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdeYgVT.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdjiRBo.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVwUEZR.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\coTEFBu.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeOWCYB.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qkbeSIr.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\PmlBOJh.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMvafUU.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOxCIOH.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOzauKV.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\PSIwxuO.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\McVETTT.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgVkfPc.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VPfdYqi.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSYutBs.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\tkcnYha.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyQfQOH.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzWqRml.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\uxcdzdY.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggPhwKt.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqZvCLp.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzPODNL.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ikfCtLY.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\cYghzmF.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\OczfhJf.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcpeOeG.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qnnZGIQ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\SWCtwPk.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NKIwvse.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxgKFbf.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUuuBvZ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNEqDCd.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\thEqoDc.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBDpHeA.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgsNvhm.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHSZXMs.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcikFSG.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zDnWCoP.exe
PID 2208 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zDnWCoP.exe
PID 2208 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zDnWCoP.exe
PID 2208 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PYuYFKZ.exe
PID 2208 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PYuYFKZ.exe
PID 2208 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PYuYFKZ.exe
PID 2208 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ksOrByd.exe
PID 2208 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ksOrByd.exe
PID 2208 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ksOrByd.exe
PID 2208 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\czuCiNz.exe
PID 2208 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\czuCiNz.exe
PID 2208 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\czuCiNz.exe
PID 2208 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZEMbqMg.exe
PID 2208 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZEMbqMg.exe
PID 2208 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZEMbqMg.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\cVfVWBs.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\cVfVWBs.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\cVfVWBs.exe
PID 2208 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jcZIGKf.exe
PID 2208 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jcZIGKf.exe
PID 2208 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jcZIGKf.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\okqHVQq.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\okqHVQq.exe
PID 2208 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\okqHVQq.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\BbHvOjP.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\BbHvOjP.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\BbHvOjP.exe
PID 2208 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PVwUEZR.exe
PID 2208 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PVwUEZR.exe
PID 2208 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PVwUEZR.exe
PID 2208 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mZasXtD.exe
PID 2208 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mZasXtD.exe
PID 2208 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mZasXtD.exe
PID 2208 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\nNqAztj.exe
PID 2208 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\nNqAztj.exe
PID 2208 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\nNqAztj.exe
PID 2208 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ejLdbVb.exe
PID 2208 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ejLdbVb.exe
PID 2208 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ejLdbVb.exe
PID 2208 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\SZgkLHk.exe
PID 2208 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\SZgkLHk.exe
PID 2208 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\SZgkLHk.exe
PID 2208 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\QoSSCZP.exe
PID 2208 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\QoSSCZP.exe
PID 2208 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\QoSSCZP.exe
PID 2208 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\fxzfCjD.exe
PID 2208 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\fxzfCjD.exe
PID 2208 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\fxzfCjD.exe
PID 2208 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\uHSZXMs.exe
PID 2208 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\uHSZXMs.exe
PID 2208 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\uHSZXMs.exe
PID 2208 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zpWKAbg.exe
PID 2208 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zpWKAbg.exe
PID 2208 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zpWKAbg.exe
PID 2208 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZXKISgK.exe
PID 2208 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZXKISgK.exe
PID 2208 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ZXKISgK.exe
PID 2208 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\aHjqyFB.exe
PID 2208 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\aHjqyFB.exe
PID 2208 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\aHjqyFB.exe
PID 2208 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\rinKchk.exe
PID 2208 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\rinKchk.exe
PID 2208 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\rinKchk.exe
PID 2208 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\lqZvCLp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe"

C:\Windows\System\zDnWCoP.exe

C:\Windows\System\zDnWCoP.exe

C:\Windows\System\PYuYFKZ.exe

C:\Windows\System\PYuYFKZ.exe

C:\Windows\System\ksOrByd.exe

C:\Windows\System\ksOrByd.exe

C:\Windows\System\czuCiNz.exe

C:\Windows\System\czuCiNz.exe

C:\Windows\System\ZEMbqMg.exe

C:\Windows\System\ZEMbqMg.exe

C:\Windows\System\cVfVWBs.exe

C:\Windows\System\cVfVWBs.exe

C:\Windows\System\jcZIGKf.exe

C:\Windows\System\jcZIGKf.exe

C:\Windows\System\okqHVQq.exe

C:\Windows\System\okqHVQq.exe

C:\Windows\System\BbHvOjP.exe

C:\Windows\System\BbHvOjP.exe

C:\Windows\System\PVwUEZR.exe

C:\Windows\System\PVwUEZR.exe

C:\Windows\System\mZasXtD.exe

C:\Windows\System\mZasXtD.exe

C:\Windows\System\nNqAztj.exe

C:\Windows\System\nNqAztj.exe

C:\Windows\System\ejLdbVb.exe

C:\Windows\System\ejLdbVb.exe

C:\Windows\System\SZgkLHk.exe

C:\Windows\System\SZgkLHk.exe

C:\Windows\System\QoSSCZP.exe

C:\Windows\System\QoSSCZP.exe

C:\Windows\System\fxzfCjD.exe

C:\Windows\System\fxzfCjD.exe

C:\Windows\System\uHSZXMs.exe

C:\Windows\System\uHSZXMs.exe

C:\Windows\System\zpWKAbg.exe

C:\Windows\System\zpWKAbg.exe

C:\Windows\System\ZXKISgK.exe

C:\Windows\System\ZXKISgK.exe

C:\Windows\System\aHjqyFB.exe

C:\Windows\System\aHjqyFB.exe

C:\Windows\System\rinKchk.exe

C:\Windows\System\rinKchk.exe

C:\Windows\System\lqZvCLp.exe

C:\Windows\System\lqZvCLp.exe

C:\Windows\System\LOzauKV.exe

C:\Windows\System\LOzauKV.exe

C:\Windows\System\CiaFjbB.exe

C:\Windows\System\CiaFjbB.exe

C:\Windows\System\JKodqGH.exe

C:\Windows\System\JKodqGH.exe

C:\Windows\System\eVfPNKx.exe

C:\Windows\System\eVfPNKx.exe

C:\Windows\System\GKTmada.exe

C:\Windows\System\GKTmada.exe

C:\Windows\System\CoZsvfn.exe

C:\Windows\System\CoZsvfn.exe

C:\Windows\System\JyhfDvJ.exe

C:\Windows\System\JyhfDvJ.exe

C:\Windows\System\LaVPZuk.exe

C:\Windows\System\LaVPZuk.exe

C:\Windows\System\royBMoj.exe

C:\Windows\System\royBMoj.exe

C:\Windows\System\hNIqiwn.exe

C:\Windows\System\hNIqiwn.exe

C:\Windows\System\xSbxNuY.exe

C:\Windows\System\xSbxNuY.exe

C:\Windows\System\FENOWTI.exe

C:\Windows\System\FENOWTI.exe

C:\Windows\System\OczfhJf.exe

C:\Windows\System\OczfhJf.exe

C:\Windows\System\ifCtvmZ.exe

C:\Windows\System\ifCtvmZ.exe

C:\Windows\System\OuFhrvF.exe

C:\Windows\System\OuFhrvF.exe

C:\Windows\System\YcpeOeG.exe

C:\Windows\System\YcpeOeG.exe

C:\Windows\System\MFiqySw.exe

C:\Windows\System\MFiqySw.exe

C:\Windows\System\LOCBSyh.exe

C:\Windows\System\LOCBSyh.exe

C:\Windows\System\WSyiEYR.exe

C:\Windows\System\WSyiEYR.exe

C:\Windows\System\AfPurcZ.exe

C:\Windows\System\AfPurcZ.exe

C:\Windows\System\VPfdYqi.exe

C:\Windows\System\VPfdYqi.exe

C:\Windows\System\DtmFawL.exe

C:\Windows\System\DtmFawL.exe

C:\Windows\System\kIBIfrX.exe

C:\Windows\System\kIBIfrX.exe

C:\Windows\System\AqsAKkR.exe

C:\Windows\System\AqsAKkR.exe

C:\Windows\System\JTrjnGW.exe

C:\Windows\System\JTrjnGW.exe

C:\Windows\System\VRgXsgb.exe

C:\Windows\System\VRgXsgb.exe

C:\Windows\System\coTEFBu.exe

C:\Windows\System\coTEFBu.exe

C:\Windows\System\NLmTvOg.exe

C:\Windows\System\NLmTvOg.exe

C:\Windows\System\PSIwxuO.exe

C:\Windows\System\PSIwxuO.exe

C:\Windows\System\dqWywJp.exe

C:\Windows\System\dqWywJp.exe

C:\Windows\System\kIZPGEg.exe

C:\Windows\System\kIZPGEg.exe

C:\Windows\System\DngdyHT.exe

C:\Windows\System\DngdyHT.exe

C:\Windows\System\McVETTT.exe

C:\Windows\System\McVETTT.exe

C:\Windows\System\aSXxCAg.exe

C:\Windows\System\aSXxCAg.exe

C:\Windows\System\TkKkOyM.exe

C:\Windows\System\TkKkOyM.exe

C:\Windows\System\OCxXBNL.exe

C:\Windows\System\OCxXBNL.exe

C:\Windows\System\pzPODNL.exe

C:\Windows\System\pzPODNL.exe

C:\Windows\System\HidONJN.exe

C:\Windows\System\HidONJN.exe

C:\Windows\System\nenVZvd.exe

C:\Windows\System\nenVZvd.exe

C:\Windows\System\ccbQglO.exe

C:\Windows\System\ccbQglO.exe

C:\Windows\System\AxgKFbf.exe

C:\Windows\System\AxgKFbf.exe

C:\Windows\System\XuiShGq.exe

C:\Windows\System\XuiShGq.exe

C:\Windows\System\reDkhuv.exe

C:\Windows\System\reDkhuv.exe

C:\Windows\System\USGmEaM.exe

C:\Windows\System\USGmEaM.exe

C:\Windows\System\VdGwGue.exe

C:\Windows\System\VdGwGue.exe

C:\Windows\System\IcXBmsO.exe

C:\Windows\System\IcXBmsO.exe

C:\Windows\System\MVMjkOt.exe

C:\Windows\System\MVMjkOt.exe

C:\Windows\System\qQiAsqK.exe

C:\Windows\System\qQiAsqK.exe

C:\Windows\System\zCKJWEb.exe

C:\Windows\System\zCKJWEb.exe

C:\Windows\System\DbaqJkG.exe

C:\Windows\System\DbaqJkG.exe

C:\Windows\System\PolmEkd.exe

C:\Windows\System\PolmEkd.exe

C:\Windows\System\sUiOYzm.exe

C:\Windows\System\sUiOYzm.exe

C:\Windows\System\xJGTYtw.exe

C:\Windows\System\xJGTYtw.exe

C:\Windows\System\xhkBlcX.exe

C:\Windows\System\xhkBlcX.exe

C:\Windows\System\bXQpMKc.exe

C:\Windows\System\bXQpMKc.exe

C:\Windows\System\aZdEPhi.exe

C:\Windows\System\aZdEPhi.exe

C:\Windows\System\wZKrcjV.exe

C:\Windows\System\wZKrcjV.exe

C:\Windows\System\eRxdjtV.exe

C:\Windows\System\eRxdjtV.exe

C:\Windows\System\jFLtEmI.exe

C:\Windows\System\jFLtEmI.exe

C:\Windows\System\vRKWlym.exe

C:\Windows\System\vRKWlym.exe

C:\Windows\System\GBSWyho.exe

C:\Windows\System\GBSWyho.exe

C:\Windows\System\FsTAWlx.exe

C:\Windows\System\FsTAWlx.exe

C:\Windows\System\MdKXWyi.exe

C:\Windows\System\MdKXWyi.exe

C:\Windows\System\wHpgeTq.exe

C:\Windows\System\wHpgeTq.exe

C:\Windows\System\trlmaEM.exe

C:\Windows\System\trlmaEM.exe

C:\Windows\System\vglSseP.exe

C:\Windows\System\vglSseP.exe

C:\Windows\System\UGgvzXh.exe

C:\Windows\System\UGgvzXh.exe

C:\Windows\System\TQlMgtJ.exe

C:\Windows\System\TQlMgtJ.exe

C:\Windows\System\WyrwepO.exe

C:\Windows\System\WyrwepO.exe

C:\Windows\System\Ffidalj.exe

C:\Windows\System\Ffidalj.exe

C:\Windows\System\VJxxxYU.exe

C:\Windows\System\VJxxxYU.exe

C:\Windows\System\XhopNIy.exe

C:\Windows\System\XhopNIy.exe

C:\Windows\System\QfToMUp.exe

C:\Windows\System\QfToMUp.exe

C:\Windows\System\vHBOfNG.exe

C:\Windows\System\vHBOfNG.exe

C:\Windows\System\QXfELZd.exe

C:\Windows\System\QXfELZd.exe

C:\Windows\System\WtBCmIR.exe

C:\Windows\System\WtBCmIR.exe

C:\Windows\System\uEGWvxy.exe

C:\Windows\System\uEGWvxy.exe

C:\Windows\System\qnnZGIQ.exe

C:\Windows\System\qnnZGIQ.exe

C:\Windows\System\LRBBcIS.exe

C:\Windows\System\LRBBcIS.exe

C:\Windows\System\thEqoDc.exe

C:\Windows\System\thEqoDc.exe

C:\Windows\System\Rzczgua.exe

C:\Windows\System\Rzczgua.exe

C:\Windows\System\GEumWLS.exe

C:\Windows\System\GEumWLS.exe

C:\Windows\System\hkKlUzh.exe

C:\Windows\System\hkKlUzh.exe

C:\Windows\System\PpbUihI.exe

C:\Windows\System\PpbUihI.exe

C:\Windows\System\ydKoUFz.exe

C:\Windows\System\ydKoUFz.exe

C:\Windows\System\CeOWCYB.exe

C:\Windows\System\CeOWCYB.exe

C:\Windows\System\BMmDdVS.exe

C:\Windows\System\BMmDdVS.exe

C:\Windows\System\IGGDMAO.exe

C:\Windows\System\IGGDMAO.exe

C:\Windows\System\xzXJZMl.exe

C:\Windows\System\xzXJZMl.exe

C:\Windows\System\qsZWExd.exe

C:\Windows\System\qsZWExd.exe

C:\Windows\System\rEEVnKG.exe

C:\Windows\System\rEEVnKG.exe

C:\Windows\System\mTiAVGv.exe

C:\Windows\System\mTiAVGv.exe

C:\Windows\System\VLxnacQ.exe

C:\Windows\System\VLxnacQ.exe

C:\Windows\System\CelGhAe.exe

C:\Windows\System\CelGhAe.exe

C:\Windows\System\rNnFjzm.exe

C:\Windows\System\rNnFjzm.exe

C:\Windows\System\pPwnzqV.exe

C:\Windows\System\pPwnzqV.exe

C:\Windows\System\HVVrJvJ.exe

C:\Windows\System\HVVrJvJ.exe

C:\Windows\System\brewLMX.exe

C:\Windows\System\brewLMX.exe

C:\Windows\System\gNYuORA.exe

C:\Windows\System\gNYuORA.exe

C:\Windows\System\FfBMyym.exe

C:\Windows\System\FfBMyym.exe

C:\Windows\System\alOoisr.exe

C:\Windows\System\alOoisr.exe

C:\Windows\System\bnfKJhU.exe

C:\Windows\System\bnfKJhU.exe

C:\Windows\System\vAzpMpF.exe

C:\Windows\System\vAzpMpF.exe

C:\Windows\System\qkbeSIr.exe

C:\Windows\System\qkbeSIr.exe

C:\Windows\System\cTpqqYO.exe

C:\Windows\System\cTpqqYO.exe

C:\Windows\System\PmlBOJh.exe

C:\Windows\System\PmlBOJh.exe

C:\Windows\System\JeaNoRJ.exe

C:\Windows\System\JeaNoRJ.exe

C:\Windows\System\eWvchwX.exe

C:\Windows\System\eWvchwX.exe

C:\Windows\System\qNySRPD.exe

C:\Windows\System\qNySRPD.exe

C:\Windows\System\PDPSJDp.exe

C:\Windows\System\PDPSJDp.exe

C:\Windows\System\bCfHvOG.exe

C:\Windows\System\bCfHvOG.exe

C:\Windows\System\fwxOymN.exe

C:\Windows\System\fwxOymN.exe

C:\Windows\System\mNZNfxb.exe

C:\Windows\System\mNZNfxb.exe

C:\Windows\System\JNaBSJp.exe

C:\Windows\System\JNaBSJp.exe

C:\Windows\System\nGTxqco.exe

C:\Windows\System\nGTxqco.exe

C:\Windows\System\BXIIZvJ.exe

C:\Windows\System\BXIIZvJ.exe

C:\Windows\System\VdDerWF.exe

C:\Windows\System\VdDerWF.exe

C:\Windows\System\ZPiaIKo.exe

C:\Windows\System\ZPiaIKo.exe

C:\Windows\System\IXitaJA.exe

C:\Windows\System\IXitaJA.exe

C:\Windows\System\DCkTTCJ.exe

C:\Windows\System\DCkTTCJ.exe

C:\Windows\System\jceTdMZ.exe

C:\Windows\System\jceTdMZ.exe

C:\Windows\System\ZRhkKkO.exe

C:\Windows\System\ZRhkKkO.exe

C:\Windows\System\NHPbyzl.exe

C:\Windows\System\NHPbyzl.exe

C:\Windows\System\MJeGfTP.exe

C:\Windows\System\MJeGfTP.exe

C:\Windows\System\suwYVwY.exe

C:\Windows\System\suwYVwY.exe

C:\Windows\System\izGRfsq.exe

C:\Windows\System\izGRfsq.exe

C:\Windows\System\pYbQWsY.exe

C:\Windows\System\pYbQWsY.exe

C:\Windows\System\seVMXWo.exe

C:\Windows\System\seVMXWo.exe

C:\Windows\System\BGmdnhh.exe

C:\Windows\System\BGmdnhh.exe

C:\Windows\System\FVFgvTA.exe

C:\Windows\System\FVFgvTA.exe

C:\Windows\System\iQHIBUJ.exe

C:\Windows\System\iQHIBUJ.exe

C:\Windows\System\IrAlAhr.exe

C:\Windows\System\IrAlAhr.exe

C:\Windows\System\CacSrDt.exe

C:\Windows\System\CacSrDt.exe

C:\Windows\System\WxJggMc.exe

C:\Windows\System\WxJggMc.exe

C:\Windows\System\RcikFSG.exe

C:\Windows\System\RcikFSG.exe

C:\Windows\System\uCxmdFe.exe

C:\Windows\System\uCxmdFe.exe

C:\Windows\System\vFrBhZV.exe

C:\Windows\System\vFrBhZV.exe

C:\Windows\System\UBDpHeA.exe

C:\Windows\System\UBDpHeA.exe

C:\Windows\System\RSKyOrP.exe

C:\Windows\System\RSKyOrP.exe

C:\Windows\System\UCTWhaS.exe

C:\Windows\System\UCTWhaS.exe

C:\Windows\System\XMvafUU.exe

C:\Windows\System\XMvafUU.exe

C:\Windows\System\jYqEGjt.exe

C:\Windows\System\jYqEGjt.exe

C:\Windows\System\sIJpeiW.exe

C:\Windows\System\sIJpeiW.exe

C:\Windows\System\sIWWyLg.exe

C:\Windows\System\sIWWyLg.exe

C:\Windows\System\Jnhnnlt.exe

C:\Windows\System\Jnhnnlt.exe

C:\Windows\System\winUUhX.exe

C:\Windows\System\winUUhX.exe

C:\Windows\System\qbFmkVO.exe

C:\Windows\System\qbFmkVO.exe

C:\Windows\System\mpECDIk.exe

C:\Windows\System\mpECDIk.exe

C:\Windows\System\AWRMOFb.exe

C:\Windows\System\AWRMOFb.exe

C:\Windows\System\PllZmUM.exe

C:\Windows\System\PllZmUM.exe

C:\Windows\System\SvBpYcX.exe

C:\Windows\System\SvBpYcX.exe

C:\Windows\System\yEnZOzM.exe

C:\Windows\System\yEnZOzM.exe

C:\Windows\System\edrWOFa.exe

C:\Windows\System\edrWOFa.exe

C:\Windows\System\jtsperO.exe

C:\Windows\System\jtsperO.exe

C:\Windows\System\VqoUxrA.exe

C:\Windows\System\VqoUxrA.exe

C:\Windows\System\qbDjZct.exe

C:\Windows\System\qbDjZct.exe

C:\Windows\System\zATvSEe.exe

C:\Windows\System\zATvSEe.exe

C:\Windows\System\ewYYJoj.exe

C:\Windows\System\ewYYJoj.exe

C:\Windows\System\nKeSCNg.exe

C:\Windows\System\nKeSCNg.exe

C:\Windows\System\RInwANr.exe

C:\Windows\System\RInwANr.exe

C:\Windows\System\McEpoKk.exe

C:\Windows\System\McEpoKk.exe

C:\Windows\System\RQrELNV.exe

C:\Windows\System\RQrELNV.exe

C:\Windows\System\PrtKufy.exe

C:\Windows\System\PrtKufy.exe

C:\Windows\System\wwDBSWk.exe

C:\Windows\System\wwDBSWk.exe

C:\Windows\System\kyqTypO.exe

C:\Windows\System\kyqTypO.exe

C:\Windows\System\CJAcqND.exe

C:\Windows\System\CJAcqND.exe

C:\Windows\System\XXtKhUZ.exe

C:\Windows\System\XXtKhUZ.exe

C:\Windows\System\Cdeytjh.exe

C:\Windows\System\Cdeytjh.exe

C:\Windows\System\GfxdyUC.exe

C:\Windows\System\GfxdyUC.exe

C:\Windows\System\ShByFpS.exe

C:\Windows\System\ShByFpS.exe

C:\Windows\System\BgVkfPc.exe

C:\Windows\System\BgVkfPc.exe

C:\Windows\System\gntqJHd.exe

C:\Windows\System\gntqJHd.exe

C:\Windows\System\LUjIKGu.exe

C:\Windows\System\LUjIKGu.exe

C:\Windows\System\LriyRxG.exe

C:\Windows\System\LriyRxG.exe

C:\Windows\System\zCuQpQm.exe

C:\Windows\System\zCuQpQm.exe

C:\Windows\System\pCiqMqx.exe

C:\Windows\System\pCiqMqx.exe

C:\Windows\System\rlcMzup.exe

C:\Windows\System\rlcMzup.exe

C:\Windows\System\MbsdhlQ.exe

C:\Windows\System\MbsdhlQ.exe

C:\Windows\System\tabZkUA.exe

C:\Windows\System\tabZkUA.exe

C:\Windows\System\mSYutBs.exe

C:\Windows\System\mSYutBs.exe

C:\Windows\System\gUhuklx.exe

C:\Windows\System\gUhuklx.exe

C:\Windows\System\TvjBuke.exe

C:\Windows\System\TvjBuke.exe

C:\Windows\System\NedfLyL.exe

C:\Windows\System\NedfLyL.exe

C:\Windows\System\KtbILfW.exe

C:\Windows\System\KtbILfW.exe

C:\Windows\System\nZtBPhW.exe

C:\Windows\System\nZtBPhW.exe

C:\Windows\System\pBaoQNf.exe

C:\Windows\System\pBaoQNf.exe

C:\Windows\System\CYOsIgX.exe

C:\Windows\System\CYOsIgX.exe

C:\Windows\System\tkcnYha.exe

C:\Windows\System\tkcnYha.exe

C:\Windows\System\KOXKOkD.exe

C:\Windows\System\KOXKOkD.exe

C:\Windows\System\xUAdobd.exe

C:\Windows\System\xUAdobd.exe

C:\Windows\System\rmYysgt.exe

C:\Windows\System\rmYysgt.exe

C:\Windows\System\rCLuMZf.exe

C:\Windows\System\rCLuMZf.exe

C:\Windows\System\HaqSTef.exe

C:\Windows\System\HaqSTef.exe

C:\Windows\System\SKKOomE.exe

C:\Windows\System\SKKOomE.exe

C:\Windows\System\ubVvYYF.exe

C:\Windows\System\ubVvYYF.exe

C:\Windows\System\RerOrfQ.exe

C:\Windows\System\RerOrfQ.exe

C:\Windows\System\FCLNvCg.exe

C:\Windows\System\FCLNvCg.exe

C:\Windows\System\GgsNvhm.exe

C:\Windows\System\GgsNvhm.exe

C:\Windows\System\WyQfQOH.exe

C:\Windows\System\WyQfQOH.exe

C:\Windows\System\DsKedOi.exe

C:\Windows\System\DsKedOi.exe

C:\Windows\System\MwXNSlx.exe

C:\Windows\System\MwXNSlx.exe

C:\Windows\System\lzWqRml.exe

C:\Windows\System\lzWqRml.exe

C:\Windows\System\knsPBhi.exe

C:\Windows\System\knsPBhi.exe

C:\Windows\System\GKaDxih.exe

C:\Windows\System\GKaDxih.exe

C:\Windows\System\oDpndvp.exe

C:\Windows\System\oDpndvp.exe

C:\Windows\System\XvFZyhC.exe

C:\Windows\System\XvFZyhC.exe

C:\Windows\System\OiPjXam.exe

C:\Windows\System\OiPjXam.exe

C:\Windows\System\KxPgnnc.exe

C:\Windows\System\KxPgnnc.exe

C:\Windows\System\PwFItAV.exe

C:\Windows\System\PwFItAV.exe

C:\Windows\System\nYaeBFr.exe

C:\Windows\System\nYaeBFr.exe

C:\Windows\System\VUfuwvV.exe

C:\Windows\System\VUfuwvV.exe

C:\Windows\System\VSqJGQO.exe

C:\Windows\System\VSqJGQO.exe

C:\Windows\System\CjCwOOn.exe

C:\Windows\System\CjCwOOn.exe

C:\Windows\System\WlrwnkA.exe

C:\Windows\System\WlrwnkA.exe

C:\Windows\System\fmctiNo.exe

C:\Windows\System\fmctiNo.exe

C:\Windows\System\TEkxoGH.exe

C:\Windows\System\TEkxoGH.exe

C:\Windows\System\KcVKYmb.exe

C:\Windows\System\KcVKYmb.exe

C:\Windows\System\NXHovjy.exe

C:\Windows\System\NXHovjy.exe

C:\Windows\System\dZeyLge.exe

C:\Windows\System\dZeyLge.exe

C:\Windows\System\TahKTzO.exe

C:\Windows\System\TahKTzO.exe

C:\Windows\System\pdeYgVT.exe

C:\Windows\System\pdeYgVT.exe

C:\Windows\System\QvRBCve.exe

C:\Windows\System\QvRBCve.exe

C:\Windows\System\SWCtwPk.exe

C:\Windows\System\SWCtwPk.exe

C:\Windows\System\zLNrUMP.exe

C:\Windows\System\zLNrUMP.exe

C:\Windows\System\vpSSOcZ.exe

C:\Windows\System\vpSSOcZ.exe

C:\Windows\System\SpMRVJT.exe

C:\Windows\System\SpMRVJT.exe

C:\Windows\System\vHZdStF.exe

C:\Windows\System\vHZdStF.exe

C:\Windows\System\nAFPDiF.exe

C:\Windows\System\nAFPDiF.exe

C:\Windows\System\ikfCtLY.exe

C:\Windows\System\ikfCtLY.exe

C:\Windows\System\uxcdzdY.exe

C:\Windows\System\uxcdzdY.exe

C:\Windows\System\swgEFpv.exe

C:\Windows\System\swgEFpv.exe

C:\Windows\System\cYghzmF.exe

C:\Windows\System\cYghzmF.exe

C:\Windows\System\KFUSPka.exe

C:\Windows\System\KFUSPka.exe

C:\Windows\System\BNDOSYj.exe

C:\Windows\System\BNDOSYj.exe

C:\Windows\System\fEaiaEP.exe

C:\Windows\System\fEaiaEP.exe

C:\Windows\System\evVSSEK.exe

C:\Windows\System\evVSSEK.exe

C:\Windows\System\csKjBLB.exe

C:\Windows\System\csKjBLB.exe

C:\Windows\System\iVgZdjI.exe

C:\Windows\System\iVgZdjI.exe

C:\Windows\System\WayhhPi.exe

C:\Windows\System\WayhhPi.exe

C:\Windows\System\ueTRmNa.exe

C:\Windows\System\ueTRmNa.exe

C:\Windows\System\VcxFcXf.exe

C:\Windows\System\VcxFcXf.exe

C:\Windows\System\OFLWnBl.exe

C:\Windows\System\OFLWnBl.exe

C:\Windows\System\lUrRvop.exe

C:\Windows\System\lUrRvop.exe

C:\Windows\System\bgNVfol.exe

C:\Windows\System\bgNVfol.exe

C:\Windows\System\YHUKXpk.exe

C:\Windows\System\YHUKXpk.exe

C:\Windows\System\bkbSZtc.exe

C:\Windows\System\bkbSZtc.exe

C:\Windows\System\edWNuQy.exe

C:\Windows\System\edWNuQy.exe

C:\Windows\System\AxpUIcz.exe

C:\Windows\System\AxpUIcz.exe

C:\Windows\System\OzHSpCA.exe

C:\Windows\System\OzHSpCA.exe

C:\Windows\System\YEnnboS.exe

C:\Windows\System\YEnnboS.exe

C:\Windows\System\tmUISUO.exe

C:\Windows\System\tmUISUO.exe

C:\Windows\System\mbqgAiB.exe

C:\Windows\System\mbqgAiB.exe

C:\Windows\System\sjyCAye.exe

C:\Windows\System\sjyCAye.exe

C:\Windows\System\iyxntqQ.exe

C:\Windows\System\iyxntqQ.exe

C:\Windows\System\ggPhwKt.exe

C:\Windows\System\ggPhwKt.exe

C:\Windows\System\tYxzVvw.exe

C:\Windows\System\tYxzVvw.exe

C:\Windows\System\jjSukqu.exe

C:\Windows\System\jjSukqu.exe

C:\Windows\System\AWoZDib.exe

C:\Windows\System\AWoZDib.exe

C:\Windows\System\wUTlefi.exe

C:\Windows\System\wUTlefi.exe

C:\Windows\System\KcBJbfN.exe

C:\Windows\System\KcBJbfN.exe

C:\Windows\System\NAulBbS.exe

C:\Windows\System\NAulBbS.exe

C:\Windows\System\bUuuBvZ.exe

C:\Windows\System\bUuuBvZ.exe

C:\Windows\System\qjUQILz.exe

C:\Windows\System\qjUQILz.exe

C:\Windows\System\jMBkpXA.exe

C:\Windows\System\jMBkpXA.exe

C:\Windows\System\oYCsTxu.exe

C:\Windows\System\oYCsTxu.exe

C:\Windows\System\nkKbVfR.exe

C:\Windows\System\nkKbVfR.exe

C:\Windows\System\eOxCIOH.exe

C:\Windows\System\eOxCIOH.exe

C:\Windows\System\gemtUoM.exe

C:\Windows\System\gemtUoM.exe

C:\Windows\System\luoZyZS.exe

C:\Windows\System\luoZyZS.exe

C:\Windows\System\kIftSWp.exe

C:\Windows\System\kIftSWp.exe

C:\Windows\System\jYSQeEx.exe

C:\Windows\System\jYSQeEx.exe

C:\Windows\System\mjHUKue.exe

C:\Windows\System\mjHUKue.exe

C:\Windows\System\eXlhYub.exe

C:\Windows\System\eXlhYub.exe

C:\Windows\System\itllMmK.exe

C:\Windows\System\itllMmK.exe

C:\Windows\System\GakNgUJ.exe

C:\Windows\System\GakNgUJ.exe

C:\Windows\System\AaGMvDT.exe

C:\Windows\System\AaGMvDT.exe

C:\Windows\System\kscsMCJ.exe

C:\Windows\System\kscsMCJ.exe

C:\Windows\System\bnppsfS.exe

C:\Windows\System\bnppsfS.exe

C:\Windows\System\cNVFmkA.exe

C:\Windows\System\cNVFmkA.exe

C:\Windows\System\SFjMmMH.exe

C:\Windows\System\SFjMmMH.exe

C:\Windows\System\MdqoCfC.exe

C:\Windows\System\MdqoCfC.exe

C:\Windows\System\WYbZlkJ.exe

C:\Windows\System\WYbZlkJ.exe

C:\Windows\System\HisLBYa.exe

C:\Windows\System\HisLBYa.exe

C:\Windows\System\kNwCfcX.exe

C:\Windows\System\kNwCfcX.exe

C:\Windows\System\nZPaMgM.exe

C:\Windows\System\nZPaMgM.exe

C:\Windows\System\RQiwfNC.exe

C:\Windows\System\RQiwfNC.exe

C:\Windows\System\mWPgHwc.exe

C:\Windows\System\mWPgHwc.exe

C:\Windows\System\QQaBeqA.exe

C:\Windows\System\QQaBeqA.exe

C:\Windows\System\okXZJHK.exe

C:\Windows\System\okXZJHK.exe

C:\Windows\System\wBrqauH.exe

C:\Windows\System\wBrqauH.exe

C:\Windows\System\aNEqDCd.exe

C:\Windows\System\aNEqDCd.exe

C:\Windows\System\CExKTBR.exe

C:\Windows\System\CExKTBR.exe

C:\Windows\System\AcxyibJ.exe

C:\Windows\System\AcxyibJ.exe

C:\Windows\System\NKIwvse.exe

C:\Windows\System\NKIwvse.exe

C:\Windows\System\EuEmOTN.exe

C:\Windows\System\EuEmOTN.exe

C:\Windows\System\QlpbpJt.exe

C:\Windows\System\QlpbpJt.exe

C:\Windows\System\hRnucTg.exe

C:\Windows\System\hRnucTg.exe

C:\Windows\System\FQSkhcD.exe

C:\Windows\System\FQSkhcD.exe

C:\Windows\System\QdjiRBo.exe

C:\Windows\System\QdjiRBo.exe

C:\Windows\System\HeBmaqu.exe

C:\Windows\System\HeBmaqu.exe

C:\Windows\System\tvxjzJX.exe

C:\Windows\System\tvxjzJX.exe

C:\Windows\System\mAyWtEs.exe

C:\Windows\System\mAyWtEs.exe

C:\Windows\System\KWfQefM.exe

C:\Windows\System\KWfQefM.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2208-0-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2208-1-0x00000000003F0000-0x0000000000400000-memory.dmp

\Windows\system\zDnWCoP.exe

MD5 dfc9a2f93e0352f0b946d613b44b6e0d
SHA1 3cb286a4b140fb2bdeacbc90283d73bf481d46b6
SHA256 628f2034854272ad27d485bc59fb3c60ecf0f866175bd3e0f2bc7c1aa54da279
SHA512 49d5224ebddb8841f107851b3f1384029cd488dc59f33eedb38cf55f136ca4a746f126ec357de02df9255428955ba4b89eed3ffb8c392e12cae39cdbf2d3739a

C:\Windows\system\ksOrByd.exe

MD5 61132f840f70027b85fd2adb3a0ff1e1
SHA1 2dec7f2d5314be4fd09061f4577bdb5d478bf4d2
SHA256 cec45a774fa2da38e7c1a547e026c4d8dc9b63543d3ea0db56bc617a254ae086
SHA512 a3846622287b2d2d381f11434004954b5ed65b85cddb35f8740cccaf2fc0a04ba1b1a1b27634f16e8c3e4ee60facb46b9f648ac78af0e7b2b1694932d004056a

C:\Windows\system\czuCiNz.exe

MD5 c8ef15cd50669b845551719f57dc7d5b
SHA1 36302bcb5c59be01c80726437a03bb654ba0f6f1
SHA256 6ed96613b776703381fac45a4c352a0868f0061c3b3beec9551a98c1d4a21de5
SHA512 595ec4842e102a99b24563001fbeb9b0847f203d3891072d340ba214313746535ebf7c794b5688bf2203fa4943ce8362f51209c88749426c72f6dd5ce4f2d709

\Windows\system\cVfVWBs.exe

MD5 8c38120342ebd5b3afa4e6bd54e6c8ba
SHA1 65401c977b6a7e268afe5cf21c7215691417d258
SHA256 430f6a76e128bd9f1e9656d4b6fae3175c3f4880f618812e8dfcc96acc76b3e6
SHA512 213a15d24299f8bf399ef42baaf74bcfa473f774d8f8bd80f5c36f19dd7f258e63ce4eafee15a0f6a1ea6ba5c6ac3e01d8b08d6120ca49da0400f9a27e3bfdf6

memory/2208-23-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2624-30-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2208-33-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2208-35-0x0000000001E70000-0x00000000021C4000-memory.dmp

C:\Windows\system\ZEMbqMg.exe

MD5 9cdacd1f34bb99c2ebe9d5c0920c1283
SHA1 e488d5803306e7f6ffce9e9b5443ba8a984c7305
SHA256 ee82c57ff6a9c4bd6efa840c21553578e4dfcebe2c651b2bc26923a2f9ecdd33
SHA512 2274e71b2ef1a78e1787d8ea2fb2e1d551e37f6d0058dfe815db93bb6bb3f91a893fedc1e2cad12159cdb48c5fc33824191ffe1567db0fe47f6c8c9051983805

memory/2748-42-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2668-28-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2616-52-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2416-54-0x000000013FBF0000-0x000000013FF44000-memory.dmp

C:\Windows\system\jcZIGKf.exe

MD5 10fa30baf8ecec215fdc63ddbcdeb42e
SHA1 9ee09572663b1d77f4bc3a24d7d4a0de5c4b996c
SHA256 ea3e2a0e7a35f14a5a228a3040c9e001bb3a0011936c1382281698ee8378608b
SHA512 3eadf004eb9df9f2e7d4e1b20dfdb239cf05ad6183db1736fba83783d7aee4cd995051967fe3c893239f951d6c9ae65baff9c1483f0fe9ae20010e1757638c68

C:\Windows\system\BbHvOjP.exe

MD5 cb2c6f67da20fc4e4fccc62e088d50fc
SHA1 8edcccf344416b74975769583499e62749af7cfe
SHA256 0fcdc8e54076387f10a394e4870506f15a700bc71b3dcedea4bdd5a01038969e
SHA512 2862d395399a12d47910b33226b166a525ed0ef9a0cd9840f9e37e00cf5d177988f5bf34a745f631156eeafa1a18e9a9fefbdb7b3bbe92f20a13054372991f6d

memory/3008-68-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2460-77-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/680-83-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/1964-97-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2208-448-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2508-497-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/3008-731-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2460-1078-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2208-1076-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2208-729-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/680-1080-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2208-1079-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2416-324-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2616-323-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/2208-1081-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2768-1082-0x000000013F810000-0x000000013FB64000-memory.dmp

C:\Windows\system\hNIqiwn.exe

MD5 0ddcfc6e4cddcab17a8af056fa6c43d6
SHA1 0f55d2c0972fd5b1d83731d614b1cf2592394aef
SHA256 9e3bde9704299cf15d3159821eae536bc0de42e9d2378ae05eeb8b53ccf33dd1
SHA512 86efa6a0a763edf8718fd43f5c25145569274a7d38495ca95a092ea48cb3fcb0a35212771cfa8e77a820643bdb0417c2b025908b73320fb49c059527e4cdebaa

C:\Windows\system\royBMoj.exe

MD5 361f2e32a3c1851084e5ee0d1eb8f864
SHA1 a243aa05f5e6434b605b3610503de65b7d7ed540
SHA256 33bba59b4ba81620a9e537f729f36a17680ca27efc7784aa39d08be03e1eb4f9
SHA512 5a8791e63f29aeba6d3167a725ad2d2f75423cab2217269508ab6de2e59e017544070f76e17905afc5e238aa0ced1b5b6c298936bd018538c3ceaa05d510c030

C:\Windows\system\JyhfDvJ.exe

MD5 085607bcf3976fca4430e2242cd59a09
SHA1 fff3c2e728a7af5b3a28212eda03fff63b9035cf
SHA256 9f30edd4bde6ec41d7820ccebbe712ed8e692e0b612aba2598b5bc2ca6f571ef
SHA512 fb04efb811f53a454b01a1eccfd9a0d2c382bedfea9b19d91718a6258817ed61f38181bcb7016842270a304a58ead0255137bc2e5394c17e20a34b6c9b6789af

C:\Windows\system\LaVPZuk.exe

MD5 b29f6b5d00239009f42fbcd5abb24410
SHA1 be0bda6ed171ed5e2e264d790f8b278870fe1775
SHA256 a9a37c357e90273a78da30dfc7e0bdffc17296691749ac78789cdb3e7c70ec1d
SHA512 5d839a0c13e69606140a778f92fd92234e4a7c3bba6731c5f3813fb37c908ce0dec5251228b2f58feaf5ec9a3d68baeafd02fb177419c16ae687e7a4d4dbc321

C:\Windows\system\GKTmada.exe

MD5 66845ce11a7e561b131658aed11ed56a
SHA1 d6f524c16c0cd8b78beffed11449f1226670ac66
SHA256 00ae0bf5cf775ceb4f3b7f1e077075f6f626f986e8c0eb5de0f8b0ff1e70768f
SHA512 d5d567542b19bd8d88bd3b70a1faf849a072d625353c9ae9ba90c28e627b01a2cd0f8807477a4cb847fc44b9eff65e84dd6741e68bc331ca6d5842625a73c9b0

C:\Windows\system\CoZsvfn.exe

MD5 5636ac5e874284e8d65a9f7be2ea9dd5
SHA1 3facca0a192cab9ee7276f50d6bd9b1d864cfc55
SHA256 d8ae7f9e861c46461fadbc0f63589a0b639057a207bc28542967b7e0a43f97eb
SHA512 f75df2f2a03354d8962a768b3642390a22e72b02fd442b803f591bfb4272fa2c340cd68f0b7090ec3cba848850eeecd2f2a8c7518642e1f93f107aecbd325645

C:\Windows\system\eVfPNKx.exe

MD5 abc5220c2f4a4a8b9a587c6234b3590c
SHA1 6ae90be5ac80e811075fe39716db3c341144f856
SHA256 99f463b46b2c29fcb94ac272290eec676aff49a33eacbd1d097ac75b5269a4d3
SHA512 198ca9fadad65acf43b39ace305aba2ed614620cee6256d400b0fff7cc49f5cdd7372648480d31e173436de1d0deeb67824595b501943b8b4a7131f760494238

C:\Windows\system\JKodqGH.exe

MD5 7930eca65437f02caadbcbfcdff58fd0
SHA1 fd610b5c6636651f028bebdd9f1de49a29a1b354
SHA256 0ed8ba2c419544ae3c5c35cfbca923c2d86f279f21c98eaa82d6b2a5c2398dfc
SHA512 ff956c3a8204135581e589da8f619764f0471d9968dd9389c49dead17b77793d1b9c732251382305270eeafd991c0be963452fd1c76f38f90586348aba420aff

C:\Windows\system\LOzauKV.exe

MD5 a0d8c094333410e9e600e6d3c92c8340
SHA1 a2a73c9873bdf867fa64cba653f97923d4327382
SHA256 a32c99fc842108a1148b5dd0c8eb364bc38344026c794390962419680c8170df
SHA512 92a2e469538b2ec0270c76f39e93954830319b14be3290ff1bf7e197abf48ef8b115e09925bb4509a4b02782c0862340c5d5a85b91619852f7afee1a75858362

C:\Windows\system\CiaFjbB.exe

MD5 664e119db08495f2228e650ac3f1e2b2
SHA1 bfd2411312929179bdfd39a8b64a41a561991931
SHA256 7a64a885c5c2775b08530156a49d6a03bc4c5fc7685caed1553071ab80e1e03d
SHA512 941936f1d43ab65807f020148e17d25f4b181b99cce85520054e598eabdf616ae2fa36b26d1b803f943e87a61bfc9808aa18a4fa81b4675c1beadedd91e916fc

C:\Windows\system\lqZvCLp.exe

MD5 8277f9c8f843d917fdb190c0f2b14e57
SHA1 0e9b455068dfc8b13fe5483815167038c643559d
SHA256 908d3988bb2dd95f088063ba7fe41539420995e273dcadd37d333c91b76de6a6
SHA512 4ed825726864f992f8001d6761ff8cd6a5b9b76ff8580237f1da72fd7e0d45769f2c95da3e0cf0ccca5d440cb8db7e71d8d28c6b6e75c878e2331dcf1a6ef2f5

C:\Windows\system\rinKchk.exe

MD5 c556ca406709a3f6138ff88d4a8bcc67
SHA1 657a6ffe9b07db8c2c6c4b5ca8a391582d368854
SHA256 28314053d5794c899ceed94a1759087ec1c110565ca2577cef3606371ac3cb35
SHA512 676ead9a895621639db6eb919562c75e5370ca5a8a5a4c97073a481269fe8780cc3b3d02bbd9355d97261e4b45aa5f44dc2dde0ccf854aa1de572078c0fa15b4

C:\Windows\system\ZXKISgK.exe

MD5 19ffa4cecc602977fbb1f393e5c535a3
SHA1 171970f426dc236af951e0f48495604798e2c0aa
SHA256 8155cc84b34b2c9ebcc0b9a155b41b76cafeb8a81d9652d431e9baf7f1f3140a
SHA512 8d23282692139fbd8d03f841681558bbd79985a62c4bf61081db7e54d9db5c8932322e68604f67b2bcb71e2d6431eedb565074b010be34618162493200e555e3

C:\Windows\system\aHjqyFB.exe

MD5 68c0b0cf1733b10c14388e287d5198c0
SHA1 7f04f0a85c74ce26ec04e769f62bae5970ccb333
SHA256 54b56c5cd3667915d6569ce656ca93b8cee2042a6e01c940ef408d744f3648c3
SHA512 937a3e2fb4b06e772b7a4935e976ca51799adea79ea08f7cb572c57fab79493a98cfe9bf67ca22fb71d294ab59202e2d5ef861f2a459ce5b93f774d37483b591

C:\Windows\system\zpWKAbg.exe

MD5 ce33040cc0b26977354cfd49ecbe3246
SHA1 2d23d67ccf95c1543d6fb6f72e3662dba4150e46
SHA256 fbf75665b5fe7bee539df97ae0419f878f4dd9ebf2a48d7218db6643dfbea251
SHA512 0b480e459b96aa9839280f5b64d245e0da903aee15e359ac2c1c45fdac89c6ec25bd7455c9ee757ca8d2e689496af925697bf781043f9603ddee7dbae02d0574

C:\Windows\system\uHSZXMs.exe

MD5 73f9b10e61519bacd18cb740a139caf7
SHA1 e55a30b89238b0987c1b5c23a1c34ce3dbe5728f
SHA256 7324cb20287fdc65be01452150bdca12c14586f359fbceeabc513b03e8278722
SHA512 51747161d1b9d9dce506dbf001b7beed359da8a3ce72150c2bbe058544644162656659c92d7b2931f8e0c4e3483ed2901fbc819d46ab6323bb9ef9c8cd014ee7

C:\Windows\system\fxzfCjD.exe

MD5 45735dda51a3c9391722a501675c64e0
SHA1 a2d60c02a696d3f4e782ce7e611a5391f6f4359a
SHA256 27d23450a1ee207178b3aa82ac18fa9d6390f728eea3aa696c7ef6ee09e98f51
SHA512 b1769c0864b87520a8763e106abcdecf179dd85f39429556fdbabb499cdb5fdb5b969e571a841baf159eea8b115758596dbb6b0044189fe35f0b0de6722fe8b8

memory/2208-107-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/2748-106-0x000000013F460000-0x000000013F7B4000-memory.dmp

C:\Windows\system\QoSSCZP.exe

MD5 9d73eb697672645dfae814fe246eb45e
SHA1 444b5f6db7fe4e40f72dd34a31daebd5d00ac8d4
SHA256 71ce94cd17660fdbb852c502c5f3bea20bf2742a75ecdd26d86d1cfbf0fd8509
SHA512 bc70cc5f009406a6aa87e3ceb41361f8815bf5ef269884c012a5aeedb787646e621b44a6f26b1eb93b831da3f3481510494ff282610aa6cff829c3c18a18c15a

memory/2768-92-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2856-99-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2208-98-0x0000000001E70000-0x00000000021C4000-memory.dmp

C:\Windows\system\SZgkLHk.exe

MD5 1365d82b97c5812131ff55974132102b
SHA1 cd3dd5fd6e2c4a47c830d3d5be7777de7873b847
SHA256 c63c20c3c76ecfc897f0075ca9ef90add64b771e71b0e1394517ef700a2a7de7
SHA512 662bc77e13226682d45e333495679b086de845bea250f036e4b2bd992fb7675b35530dbb67c97b9ff032ac119f3efce854c6a22984c84e0260aef2d1f960edd6

memory/2208-91-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2604-90-0x000000013F810000-0x000000013FB64000-memory.dmp

C:\Windows\system\ejLdbVb.exe

MD5 9989c1f741d22d30f1c6d0cb33c405c0
SHA1 3c924413990cddef259117479e5c9c0c3e144413
SHA256 e4fa9f7fdfbaf9d72bbff758f6bdeccf265199809a59656aa6a167c607f4bc93
SHA512 5191880451e239829a76c0df42cb7372d68b5d51dc6da43a02194fb7cf17aad2a4f2e52b6822ee0cda71011274605329410245673a33fe92c0f2df60a0224a2f

memory/2208-82-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2208-76-0x0000000001E70000-0x00000000021C4000-memory.dmp

C:\Windows\system\mZasXtD.exe

MD5 29c771b9191ff2e6df11571a7455c176
SHA1 2e05262a0eb6dd68deb30cfdbb753055915f0c94
SHA256 761b1ec676bfe93afb2e96a71f8bf0397b712739769d9ff4005fa42c1a8ce18c
SHA512 c6f24638ce96c30279c235f98881f0704d12430042c05c6e85d005141fa3dc74ff0b64badd5c0bb5e1427706ff0a7046b404f47f4f4024b99f77bba8702bc499

C:\Windows\system\nNqAztj.exe

MD5 16e701021b6c7c8227ede44f3f0d0a78
SHA1 9305cce0c0a0973747ca62d3743fc9710a1afd5e
SHA256 46f990ac34a8890dd13ea1be1d3bae220b87fdbe29d730b21b49a8c3e822982b
SHA512 d5cf059beb1170301517bb822e62df55a1a36193b7882ba7e45ca9d682245b8dcd6a08f12a130bb7a9bc42dec35f99bbdda43145a1a124081e13db37282eabbf

memory/2208-67-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2508-63-0x000000013F4D0000-0x000000013F824000-memory.dmp

C:\Windows\system\PVwUEZR.exe

MD5 211d5d7b1de9f5573d356e38f5db2878
SHA1 955f45fff14fc7ffc074b4d732372b06291d6f13
SHA256 206537b6ffef3437045aba002965462f5e297500e5da09445e9b30897e82f07f
SHA512 6cafe210e0e830f107bd5b1d6422c20e56661d64f79cbc201145769ba3385a708fc33650b565c93807b1d35e8db431274b82a1cb8af746be33e1aa36385c7ab4

memory/1708-59-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2208-58-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2208-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp

C:\Windows\system\okqHVQq.exe

MD5 9eabecfc4a8a4749bddd783f57b29e7c
SHA1 7edda785ced7637c75673356b7bd0df9f3a58096
SHA256 bca1893345fb7193e00e7997a4b49fcb90be3010432734e26eebe8b9af26eb4c
SHA512 8c0ef3e3ea8f33f49ad8f1e59c158731bf53b5b3ec5abff419e7ad6e6246a8a8762734f8f0b767b0dc95b7704164243bafdb011a158057d52d07efb6755c76ae

memory/2208-26-0x000000013FFD0000-0x0000000140324000-memory.dmp

C:\Windows\system\PYuYFKZ.exe

MD5 b49affe17c46a91bc6ce99a6151d7ce1
SHA1 d927f4bbeb736ee757d08a43ea840e384fc2a881
SHA256 dca7377b2da894e16ba3d40dfeb27230a38a3ed8a7ee5bbc255769e0cd0c3b54
SHA512 51da1508b167ef18ed194d3b837947ad6fd64006d2a8acffb62797f00ed32b46228df4addb761c2290cfedc170e16043cd2d7897dd0fa247228d224d046d4d3e

memory/1708-14-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/1964-38-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2604-36-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2208-19-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2208-1083-0x0000000001E70000-0x00000000021C4000-memory.dmp

memory/2856-1084-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2208-1085-0x000000013F250000-0x000000013F5A4000-memory.dmp

memory/1708-1086-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2668-1087-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2624-1088-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2604-1089-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/1964-1090-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2416-1091-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2748-1092-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2616-1093-0x000000013F840000-0x000000013FB94000-memory.dmp

memory/3008-1094-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2508-1095-0x000000013F4D0000-0x000000013F824000-memory.dmp

memory/680-1097-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2460-1096-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2856-1098-0x000000013F6B0000-0x000000013FA04000-memory.dmp

memory/2768-1099-0x000000013F810000-0x000000013FB64000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 14:04

Reported

2024-06-25 14:06

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jlaGeSJ.exe N/A
N/A N/A C:\Windows\System\gGaQuGc.exe N/A
N/A N/A C:\Windows\System\ahSsbqF.exe N/A
N/A N/A C:\Windows\System\mktuhXD.exe N/A
N/A N/A C:\Windows\System\oBaIvQq.exe N/A
N/A N/A C:\Windows\System\JCidwpb.exe N/A
N/A N/A C:\Windows\System\uYnqCSt.exe N/A
N/A N/A C:\Windows\System\zKhPBhN.exe N/A
N/A N/A C:\Windows\System\rsETchX.exe N/A
N/A N/A C:\Windows\System\skWOSEd.exe N/A
N/A N/A C:\Windows\System\WCOoUqc.exe N/A
N/A N/A C:\Windows\System\wuLDnlL.exe N/A
N/A N/A C:\Windows\System\GBbWPme.exe N/A
N/A N/A C:\Windows\System\hqFnhPA.exe N/A
N/A N/A C:\Windows\System\lHyuCMH.exe N/A
N/A N/A C:\Windows\System\mKVDBWx.exe N/A
N/A N/A C:\Windows\System\PoZqBBk.exe N/A
N/A N/A C:\Windows\System\FzgDDWw.exe N/A
N/A N/A C:\Windows\System\fbRFxrV.exe N/A
N/A N/A C:\Windows\System\KRWxfXl.exe N/A
N/A N/A C:\Windows\System\mOIPFmo.exe N/A
N/A N/A C:\Windows\System\iBlfngr.exe N/A
N/A N/A C:\Windows\System\JdmLXew.exe N/A
N/A N/A C:\Windows\System\ksIolHp.exe N/A
N/A N/A C:\Windows\System\GIKWlNc.exe N/A
N/A N/A C:\Windows\System\UGTKamT.exe N/A
N/A N/A C:\Windows\System\OKQXVqU.exe N/A
N/A N/A C:\Windows\System\RHEHoBU.exe N/A
N/A N/A C:\Windows\System\tKGDWXG.exe N/A
N/A N/A C:\Windows\System\gqifKXH.exe N/A
N/A N/A C:\Windows\System\jYAwPpn.exe N/A
N/A N/A C:\Windows\System\eBMhpvH.exe N/A
N/A N/A C:\Windows\System\rdiUgaD.exe N/A
N/A N/A C:\Windows\System\KmPLMqm.exe N/A
N/A N/A C:\Windows\System\KXYBEPp.exe N/A
N/A N/A C:\Windows\System\ZuGwCaf.exe N/A
N/A N/A C:\Windows\System\fSOXFVR.exe N/A
N/A N/A C:\Windows\System\WcfjPYL.exe N/A
N/A N/A C:\Windows\System\PquOEnR.exe N/A
N/A N/A C:\Windows\System\sCDPmGd.exe N/A
N/A N/A C:\Windows\System\lbTccll.exe N/A
N/A N/A C:\Windows\System\QxTjTbm.exe N/A
N/A N/A C:\Windows\System\bGAohCV.exe N/A
N/A N/A C:\Windows\System\usyoVXj.exe N/A
N/A N/A C:\Windows\System\VtGrRoV.exe N/A
N/A N/A C:\Windows\System\KwgBLoE.exe N/A
N/A N/A C:\Windows\System\CnaLWMo.exe N/A
N/A N/A C:\Windows\System\DGjkJQg.exe N/A
N/A N/A C:\Windows\System\AkEEhmb.exe N/A
N/A N/A C:\Windows\System\fQlwCZb.exe N/A
N/A N/A C:\Windows\System\qogKdKq.exe N/A
N/A N/A C:\Windows\System\hGZAQQp.exe N/A
N/A N/A C:\Windows\System\PvOGSVw.exe N/A
N/A N/A C:\Windows\System\qVcLEJF.exe N/A
N/A N/A C:\Windows\System\laHMRlq.exe N/A
N/A N/A C:\Windows\System\GpAwhTy.exe N/A
N/A N/A C:\Windows\System\atXlBvd.exe N/A
N/A N/A C:\Windows\System\KtSfpOI.exe N/A
N/A N/A C:\Windows\System\ZtoqArF.exe N/A
N/A N/A C:\Windows\System\wILhsMm.exe N/A
N/A N/A C:\Windows\System\GeqhiIo.exe N/A
N/A N/A C:\Windows\System\BAuBDwy.exe N/A
N/A N/A C:\Windows\System\JxCRkhR.exe N/A
N/A N/A C:\Windows\System\mjOScQS.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\gQZZpec.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGAohCV.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\gxFFHUa.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjcXiYO.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\TxtMshW.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\fVxkfnw.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwAaAKQ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqJhurL.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHkCosk.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRnVbQK.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrDeyEe.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpoKXPv.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GeqhiIo.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EyhtCaf.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\IFmtpiU.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFCsEqt.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\FALnNjw.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JjlLEnz.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\rngUZRK.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\DngnzHh.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANtwYUL.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGljokD.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvMijht.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mqTbzJO.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBMhpvH.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\laHMRlq.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpAwhTy.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEnLWxa.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpSDaiR.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCidwpb.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mjOScQS.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NDVSJiz.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQsNpcs.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiBTLDM.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTmiteg.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZHRVbS.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksIolHp.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmPLMqm.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvEHVJp.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGXappr.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGAnbtC.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZhRjig.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLdsmXN.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJYqgio.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\dubwdzg.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLiHGUx.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\IELAxkl.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHyuCMH.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvBZMZL.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\yGKlKlL.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQkTgvM.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFmmKpd.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\txSJILT.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbRFxrV.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qAsmtpW.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\BoWUMRZ.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqiHJwA.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpfspCV.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGTMQib.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlXfoHy.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzqFTNC.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZaxIGYy.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\qiihxsN.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPgyEiz.exe C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe N/A

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1828 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jlaGeSJ.exe
PID 1828 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jlaGeSJ.exe
PID 1828 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\gGaQuGc.exe
PID 1828 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\gGaQuGc.exe
PID 1828 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ahSsbqF.exe
PID 1828 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ahSsbqF.exe
PID 1828 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mktuhXD.exe
PID 1828 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mktuhXD.exe
PID 1828 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\oBaIvQq.exe
PID 1828 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\oBaIvQq.exe
PID 1828 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\JCidwpb.exe
PID 1828 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\JCidwpb.exe
PID 1828 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\uYnqCSt.exe
PID 1828 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\uYnqCSt.exe
PID 1828 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\rsETchX.exe
PID 1828 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\rsETchX.exe
PID 1828 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zKhPBhN.exe
PID 1828 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\zKhPBhN.exe
PID 1828 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\skWOSEd.exe
PID 1828 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\skWOSEd.exe
PID 1828 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\WCOoUqc.exe
PID 1828 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\WCOoUqc.exe
PID 1828 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\wuLDnlL.exe
PID 1828 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\wuLDnlL.exe
PID 1828 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\GBbWPme.exe
PID 1828 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\GBbWPme.exe
PID 1828 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\hqFnhPA.exe
PID 1828 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\hqFnhPA.exe
PID 1828 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\lHyuCMH.exe
PID 1828 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\lHyuCMH.exe
PID 1828 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mKVDBWx.exe
PID 1828 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mKVDBWx.exe
PID 1828 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PoZqBBk.exe
PID 1828 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\PoZqBBk.exe
PID 1828 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\FzgDDWw.exe
PID 1828 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\FzgDDWw.exe
PID 1828 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\fbRFxrV.exe
PID 1828 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\fbRFxrV.exe
PID 1828 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\KRWxfXl.exe
PID 1828 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\KRWxfXl.exe
PID 1828 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mOIPFmo.exe
PID 1828 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\mOIPFmo.exe
PID 1828 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\iBlfngr.exe
PID 1828 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\iBlfngr.exe
PID 1828 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\JdmLXew.exe
PID 1828 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\JdmLXew.exe
PID 1828 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ksIolHp.exe
PID 1828 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\ksIolHp.exe
PID 1828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\GIKWlNc.exe
PID 1828 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\GIKWlNc.exe
PID 1828 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\UGTKamT.exe
PID 1828 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\UGTKamT.exe
PID 1828 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\OKQXVqU.exe
PID 1828 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\OKQXVqU.exe
PID 1828 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\RHEHoBU.exe
PID 1828 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\RHEHoBU.exe
PID 1828 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\tKGDWXG.exe
PID 1828 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\tKGDWXG.exe
PID 1828 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\gqifKXH.exe
PID 1828 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\gqifKXH.exe
PID 1828 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jYAwPpn.exe
PID 1828 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\jYAwPpn.exe
PID 1828 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\eBMhpvH.exe
PID 1828 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe C:\Windows\System\eBMhpvH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\692bfd3a019070c61374e67a9cffdd52490871c781a6bcfaaac093c906d8bfdf_NeikiAnalytics.exe"

C:\Windows\System\jlaGeSJ.exe

C:\Windows\System\jlaGeSJ.exe

C:\Windows\System\gGaQuGc.exe

C:\Windows\System\gGaQuGc.exe

C:\Windows\System\ahSsbqF.exe

C:\Windows\System\ahSsbqF.exe

C:\Windows\System\mktuhXD.exe

C:\Windows\System\mktuhXD.exe

C:\Windows\System\oBaIvQq.exe

C:\Windows\System\oBaIvQq.exe

C:\Windows\System\JCidwpb.exe

C:\Windows\System\JCidwpb.exe

C:\Windows\System\uYnqCSt.exe

C:\Windows\System\uYnqCSt.exe

C:\Windows\System\rsETchX.exe

C:\Windows\System\rsETchX.exe

C:\Windows\System\zKhPBhN.exe

C:\Windows\System\zKhPBhN.exe

C:\Windows\System\skWOSEd.exe

C:\Windows\System\skWOSEd.exe

C:\Windows\System\WCOoUqc.exe

C:\Windows\System\WCOoUqc.exe

C:\Windows\System\wuLDnlL.exe

C:\Windows\System\wuLDnlL.exe

C:\Windows\System\GBbWPme.exe

C:\Windows\System\GBbWPme.exe

C:\Windows\System\hqFnhPA.exe

C:\Windows\System\hqFnhPA.exe

C:\Windows\System\lHyuCMH.exe

C:\Windows\System\lHyuCMH.exe

C:\Windows\System\mKVDBWx.exe

C:\Windows\System\mKVDBWx.exe

C:\Windows\System\PoZqBBk.exe

C:\Windows\System\PoZqBBk.exe

C:\Windows\System\FzgDDWw.exe

C:\Windows\System\FzgDDWw.exe

C:\Windows\System\fbRFxrV.exe

C:\Windows\System\fbRFxrV.exe

C:\Windows\System\KRWxfXl.exe

C:\Windows\System\KRWxfXl.exe

C:\Windows\System\mOIPFmo.exe

C:\Windows\System\mOIPFmo.exe

C:\Windows\System\iBlfngr.exe

C:\Windows\System\iBlfngr.exe

C:\Windows\System\JdmLXew.exe

C:\Windows\System\JdmLXew.exe

C:\Windows\System\ksIolHp.exe

C:\Windows\System\ksIolHp.exe

C:\Windows\System\GIKWlNc.exe

C:\Windows\System\GIKWlNc.exe

C:\Windows\System\UGTKamT.exe

C:\Windows\System\UGTKamT.exe

C:\Windows\System\OKQXVqU.exe

C:\Windows\System\OKQXVqU.exe

C:\Windows\System\RHEHoBU.exe

C:\Windows\System\RHEHoBU.exe

C:\Windows\System\tKGDWXG.exe

C:\Windows\System\tKGDWXG.exe

C:\Windows\System\gqifKXH.exe

C:\Windows\System\gqifKXH.exe

C:\Windows\System\jYAwPpn.exe

C:\Windows\System\jYAwPpn.exe

C:\Windows\System\eBMhpvH.exe

C:\Windows\System\eBMhpvH.exe

C:\Windows\System\rdiUgaD.exe

C:\Windows\System\rdiUgaD.exe

C:\Windows\System\ZuGwCaf.exe

C:\Windows\System\ZuGwCaf.exe

C:\Windows\System\KmPLMqm.exe

C:\Windows\System\KmPLMqm.exe

C:\Windows\System\KXYBEPp.exe

C:\Windows\System\KXYBEPp.exe

C:\Windows\System\fSOXFVR.exe

C:\Windows\System\fSOXFVR.exe

C:\Windows\System\PquOEnR.exe

C:\Windows\System\PquOEnR.exe

C:\Windows\System\WcfjPYL.exe

C:\Windows\System\WcfjPYL.exe

C:\Windows\System\sCDPmGd.exe

C:\Windows\System\sCDPmGd.exe

C:\Windows\System\lbTccll.exe

C:\Windows\System\lbTccll.exe

C:\Windows\System\QxTjTbm.exe

C:\Windows\System\QxTjTbm.exe

C:\Windows\System\bGAohCV.exe

C:\Windows\System\bGAohCV.exe

C:\Windows\System\usyoVXj.exe

C:\Windows\System\usyoVXj.exe

C:\Windows\System\VtGrRoV.exe

C:\Windows\System\VtGrRoV.exe

C:\Windows\System\KwgBLoE.exe

C:\Windows\System\KwgBLoE.exe

C:\Windows\System\CnaLWMo.exe

C:\Windows\System\CnaLWMo.exe

C:\Windows\System\DGjkJQg.exe

C:\Windows\System\DGjkJQg.exe

C:\Windows\System\AkEEhmb.exe

C:\Windows\System\AkEEhmb.exe

C:\Windows\System\fQlwCZb.exe

C:\Windows\System\fQlwCZb.exe

C:\Windows\System\qogKdKq.exe

C:\Windows\System\qogKdKq.exe

C:\Windows\System\hGZAQQp.exe

C:\Windows\System\hGZAQQp.exe

C:\Windows\System\PvOGSVw.exe

C:\Windows\System\PvOGSVw.exe

C:\Windows\System\qVcLEJF.exe

C:\Windows\System\qVcLEJF.exe

C:\Windows\System\laHMRlq.exe

C:\Windows\System\laHMRlq.exe

C:\Windows\System\GpAwhTy.exe

C:\Windows\System\GpAwhTy.exe

C:\Windows\System\atXlBvd.exe

C:\Windows\System\atXlBvd.exe

C:\Windows\System\KtSfpOI.exe

C:\Windows\System\KtSfpOI.exe

C:\Windows\System\ZtoqArF.exe

C:\Windows\System\ZtoqArF.exe

C:\Windows\System\wILhsMm.exe

C:\Windows\System\wILhsMm.exe

C:\Windows\System\GeqhiIo.exe

C:\Windows\System\GeqhiIo.exe

C:\Windows\System\BAuBDwy.exe

C:\Windows\System\BAuBDwy.exe

C:\Windows\System\JxCRkhR.exe

C:\Windows\System\JxCRkhR.exe

C:\Windows\System\mjOScQS.exe

C:\Windows\System\mjOScQS.exe

C:\Windows\System\aCxyjfg.exe

C:\Windows\System\aCxyjfg.exe

C:\Windows\System\lcdDDgG.exe

C:\Windows\System\lcdDDgG.exe

C:\Windows\System\DyuhpkH.exe

C:\Windows\System\DyuhpkH.exe

C:\Windows\System\BEnLWxa.exe

C:\Windows\System\BEnLWxa.exe

C:\Windows\System\kWczmeP.exe

C:\Windows\System\kWczmeP.exe

C:\Windows\System\EPMeAJB.exe

C:\Windows\System\EPMeAJB.exe

C:\Windows\System\ZptbTef.exe

C:\Windows\System\ZptbTef.exe

C:\Windows\System\amPgHgw.exe

C:\Windows\System\amPgHgw.exe

C:\Windows\System\TwAaAKQ.exe

C:\Windows\System\TwAaAKQ.exe

C:\Windows\System\VSIsdGg.exe

C:\Windows\System\VSIsdGg.exe

C:\Windows\System\qiihxsN.exe

C:\Windows\System\qiihxsN.exe

C:\Windows\System\yzXfyfa.exe

C:\Windows\System\yzXfyfa.exe

C:\Windows\System\sqczTuo.exe

C:\Windows\System\sqczTuo.exe

C:\Windows\System\sEaptiQ.exe

C:\Windows\System\sEaptiQ.exe

C:\Windows\System\cwqjbqO.exe

C:\Windows\System\cwqjbqO.exe

C:\Windows\System\WKGBFqj.exe

C:\Windows\System\WKGBFqj.exe

C:\Windows\System\XsPYnws.exe

C:\Windows\System\XsPYnws.exe

C:\Windows\System\iPoVaNT.exe

C:\Windows\System\iPoVaNT.exe

C:\Windows\System\Xojczrm.exe

C:\Windows\System\Xojczrm.exe

C:\Windows\System\paWiTMm.exe

C:\Windows\System\paWiTMm.exe

C:\Windows\System\aANYEDI.exe

C:\Windows\System\aANYEDI.exe

C:\Windows\System\mBnNgFl.exe

C:\Windows\System\mBnNgFl.exe

C:\Windows\System\GCEanVr.exe

C:\Windows\System\GCEanVr.exe

C:\Windows\System\kPksRiX.exe

C:\Windows\System\kPksRiX.exe

C:\Windows\System\AKqvpQc.exe

C:\Windows\System\AKqvpQc.exe

C:\Windows\System\wzOhzFA.exe

C:\Windows\System\wzOhzFA.exe

C:\Windows\System\ANtwYUL.exe

C:\Windows\System\ANtwYUL.exe

C:\Windows\System\cQRkZph.exe

C:\Windows\System\cQRkZph.exe

C:\Windows\System\wIAPwrp.exe

C:\Windows\System\wIAPwrp.exe

C:\Windows\System\JDYDYhk.exe

C:\Windows\System\JDYDYhk.exe

C:\Windows\System\qAsmtpW.exe

C:\Windows\System\qAsmtpW.exe

C:\Windows\System\ShhNNaw.exe

C:\Windows\System\ShhNNaw.exe

C:\Windows\System\NaKgFwc.exe

C:\Windows\System\NaKgFwc.exe

C:\Windows\System\JpfspCV.exe

C:\Windows\System\JpfspCV.exe

C:\Windows\System\brxSfyk.exe

C:\Windows\System\brxSfyk.exe

C:\Windows\System\EPgyEiz.exe

C:\Windows\System\EPgyEiz.exe

C:\Windows\System\EyhtCaf.exe

C:\Windows\System\EyhtCaf.exe

C:\Windows\System\lKmGgDd.exe

C:\Windows\System\lKmGgDd.exe

C:\Windows\System\LjkaCDh.exe

C:\Windows\System\LjkaCDh.exe

C:\Windows\System\nVZlmTZ.exe

C:\Windows\System\nVZlmTZ.exe

C:\Windows\System\mvBZMZL.exe

C:\Windows\System\mvBZMZL.exe

C:\Windows\System\UyNApIP.exe

C:\Windows\System\UyNApIP.exe

C:\Windows\System\QGljokD.exe

C:\Windows\System\QGljokD.exe

C:\Windows\System\xKGtWnr.exe

C:\Windows\System\xKGtWnr.exe

C:\Windows\System\WCtluuH.exe

C:\Windows\System\WCtluuH.exe

C:\Windows\System\TyBVAWA.exe

C:\Windows\System\TyBVAWA.exe

C:\Windows\System\LsXoerV.exe

C:\Windows\System\LsXoerV.exe

C:\Windows\System\RMyhPwT.exe

C:\Windows\System\RMyhPwT.exe

C:\Windows\System\XAElzgp.exe

C:\Windows\System\XAElzgp.exe

C:\Windows\System\gMfLZFx.exe

C:\Windows\System\gMfLZFx.exe

C:\Windows\System\mRUSntf.exe

C:\Windows\System\mRUSntf.exe

C:\Windows\System\OSqVXOJ.exe

C:\Windows\System\OSqVXOJ.exe

C:\Windows\System\NvMijht.exe

C:\Windows\System\NvMijht.exe

C:\Windows\System\wtftFfe.exe

C:\Windows\System\wtftFfe.exe

C:\Windows\System\rdQIWqp.exe

C:\Windows\System\rdQIWqp.exe

C:\Windows\System\uhqKiTH.exe

C:\Windows\System\uhqKiTH.exe

C:\Windows\System\BoWUMRZ.exe

C:\Windows\System\BoWUMRZ.exe

C:\Windows\System\soxdhxH.exe

C:\Windows\System\soxdhxH.exe

C:\Windows\System\InqSuBV.exe

C:\Windows\System\InqSuBV.exe

C:\Windows\System\hqbZHzH.exe

C:\Windows\System\hqbZHzH.exe

C:\Windows\System\MgWyQCb.exe

C:\Windows\System\MgWyQCb.exe

C:\Windows\System\jbkfvkA.exe

C:\Windows\System\jbkfvkA.exe

C:\Windows\System\jFfXqGX.exe

C:\Windows\System\jFfXqGX.exe

C:\Windows\System\ECbWzOh.exe

C:\Windows\System\ECbWzOh.exe

C:\Windows\System\oPijgxE.exe

C:\Windows\System\oPijgxE.exe

C:\Windows\System\JrhEnmD.exe

C:\Windows\System\JrhEnmD.exe

C:\Windows\System\IFmtpiU.exe

C:\Windows\System\IFmtpiU.exe

C:\Windows\System\LPrBuwK.exe

C:\Windows\System\LPrBuwK.exe

C:\Windows\System\HhnkFTK.exe

C:\Windows\System\HhnkFTK.exe

C:\Windows\System\dDtnYCA.exe

C:\Windows\System\dDtnYCA.exe

C:\Windows\System\WWdLAva.exe

C:\Windows\System\WWdLAva.exe

C:\Windows\System\pKEfkGE.exe

C:\Windows\System\pKEfkGE.exe

C:\Windows\System\yGKlKlL.exe

C:\Windows\System\yGKlKlL.exe

C:\Windows\System\PKugaHe.exe

C:\Windows\System\PKugaHe.exe

C:\Windows\System\mQizXpo.exe

C:\Windows\System\mQizXpo.exe

C:\Windows\System\yvKalPW.exe

C:\Windows\System\yvKalPW.exe

C:\Windows\System\BLKWtxl.exe

C:\Windows\System\BLKWtxl.exe

C:\Windows\System\FALnNjw.exe

C:\Windows\System\FALnNjw.exe

C:\Windows\System\kQAnjOa.exe

C:\Windows\System\kQAnjOa.exe

C:\Windows\System\hPRdbVL.exe

C:\Windows\System\hPRdbVL.exe

C:\Windows\System\NHcNNDg.exe

C:\Windows\System\NHcNNDg.exe

C:\Windows\System\PvvWbyp.exe

C:\Windows\System\PvvWbyp.exe

C:\Windows\System\zxKFtbh.exe

C:\Windows\System\zxKFtbh.exe

C:\Windows\System\BacfmrU.exe

C:\Windows\System\BacfmrU.exe

C:\Windows\System\BTXQwTf.exe

C:\Windows\System\BTXQwTf.exe

C:\Windows\System\YQkTgvM.exe

C:\Windows\System\YQkTgvM.exe

C:\Windows\System\IjVEGAr.exe

C:\Windows\System\IjVEGAr.exe

C:\Windows\System\UEgCDMT.exe

C:\Windows\System\UEgCDMT.exe

C:\Windows\System\gbgwBlc.exe

C:\Windows\System\gbgwBlc.exe

C:\Windows\System\nZyanTA.exe

C:\Windows\System\nZyanTA.exe

C:\Windows\System\ieHzBOU.exe

C:\Windows\System\ieHzBOU.exe

C:\Windows\System\ifMqKGq.exe

C:\Windows\System\ifMqKGq.exe

C:\Windows\System\yfmeLiW.exe

C:\Windows\System\yfmeLiW.exe

C:\Windows\System\PjmbiDB.exe

C:\Windows\System\PjmbiDB.exe

C:\Windows\System\Hfaoeym.exe

C:\Windows\System\Hfaoeym.exe

C:\Windows\System\VCnMjMs.exe

C:\Windows\System\VCnMjMs.exe

C:\Windows\System\pqJhurL.exe

C:\Windows\System\pqJhurL.exe

C:\Windows\System\lFZitZV.exe

C:\Windows\System\lFZitZV.exe

C:\Windows\System\YqTnnBM.exe

C:\Windows\System\YqTnnBM.exe

C:\Windows\System\VFCsEqt.exe

C:\Windows\System\VFCsEqt.exe

C:\Windows\System\dDDpsTA.exe

C:\Windows\System\dDDpsTA.exe

C:\Windows\System\xGAnbtC.exe

C:\Windows\System\xGAnbtC.exe

C:\Windows\System\dubwdzg.exe

C:\Windows\System\dubwdzg.exe

C:\Windows\System\RhfRnik.exe

C:\Windows\System\RhfRnik.exe

C:\Windows\System\evyRACW.exe

C:\Windows\System\evyRACW.exe

C:\Windows\System\jQvDhxn.exe

C:\Windows\System\jQvDhxn.exe

C:\Windows\System\iOWRyIQ.exe

C:\Windows\System\iOWRyIQ.exe

C:\Windows\System\qTsDzRs.exe

C:\Windows\System\qTsDzRs.exe

C:\Windows\System\zhexIDj.exe

C:\Windows\System\zhexIDj.exe

C:\Windows\System\hQRxSto.exe

C:\Windows\System\hQRxSto.exe

C:\Windows\System\ubLRebT.exe

C:\Windows\System\ubLRebT.exe

C:\Windows\System\eAAIQvs.exe

C:\Windows\System\eAAIQvs.exe

C:\Windows\System\sqiHJwA.exe

C:\Windows\System\sqiHJwA.exe

C:\Windows\System\gxFFHUa.exe

C:\Windows\System\gxFFHUa.exe

C:\Windows\System\BfJVPyp.exe

C:\Windows\System\BfJVPyp.exe

C:\Windows\System\VFmmKpd.exe

C:\Windows\System\VFmmKpd.exe

C:\Windows\System\yImxepW.exe

C:\Windows\System\yImxepW.exe

C:\Windows\System\NDVSJiz.exe

C:\Windows\System\NDVSJiz.exe

C:\Windows\System\KUERnYh.exe

C:\Windows\System\KUERnYh.exe

C:\Windows\System\hWlywfe.exe

C:\Windows\System\hWlywfe.exe

C:\Windows\System\ZvEHVJp.exe

C:\Windows\System\ZvEHVJp.exe

C:\Windows\System\ZZhRjig.exe

C:\Windows\System\ZZhRjig.exe

C:\Windows\System\ECQMKzj.exe

C:\Windows\System\ECQMKzj.exe

C:\Windows\System\TLdsmXN.exe

C:\Windows\System\TLdsmXN.exe

C:\Windows\System\FUuWQGr.exe

C:\Windows\System\FUuWQGr.exe

C:\Windows\System\WBJFDqt.exe

C:\Windows\System\WBJFDqt.exe

C:\Windows\System\GLnUzPh.exe

C:\Windows\System\GLnUzPh.exe

C:\Windows\System\tOhrPTK.exe

C:\Windows\System\tOhrPTK.exe

C:\Windows\System\feKHYNN.exe

C:\Windows\System\feKHYNN.exe

C:\Windows\System\JjlLEnz.exe

C:\Windows\System\JjlLEnz.exe

C:\Windows\System\kInnWjv.exe

C:\Windows\System\kInnWjv.exe

C:\Windows\System\eBqzywr.exe

C:\Windows\System\eBqzywr.exe

C:\Windows\System\iBubzks.exe

C:\Windows\System\iBubzks.exe

C:\Windows\System\QvtXnYD.exe

C:\Windows\System\QvtXnYD.exe

C:\Windows\System\NOnIJFp.exe

C:\Windows\System\NOnIJFp.exe

C:\Windows\System\YmcsyTS.exe

C:\Windows\System\YmcsyTS.exe

C:\Windows\System\mqTbzJO.exe

C:\Windows\System\mqTbzJO.exe

C:\Windows\System\APBaZDT.exe

C:\Windows\System\APBaZDT.exe

C:\Windows\System\ZzDojti.exe

C:\Windows\System\ZzDojti.exe

C:\Windows\System\khnmDbH.exe

C:\Windows\System\khnmDbH.exe

C:\Windows\System\xaAnEPJ.exe

C:\Windows\System\xaAnEPJ.exe

C:\Windows\System\MHqtUkR.exe

C:\Windows\System\MHqtUkR.exe

C:\Windows\System\GLawjLq.exe

C:\Windows\System\GLawjLq.exe

C:\Windows\System\ApEHeIy.exe

C:\Windows\System\ApEHeIy.exe

C:\Windows\System\AtQfewZ.exe

C:\Windows\System\AtQfewZ.exe

C:\Windows\System\kZQoRSl.exe

C:\Windows\System\kZQoRSl.exe

C:\Windows\System\eTtRWiT.exe

C:\Windows\System\eTtRWiT.exe

C:\Windows\System\esJrUen.exe

C:\Windows\System\esJrUen.exe

C:\Windows\System\AHNBeWB.exe

C:\Windows\System\AHNBeWB.exe

C:\Windows\System\LGTMQib.exe

C:\Windows\System\LGTMQib.exe

C:\Windows\System\hronEhk.exe

C:\Windows\System\hronEhk.exe

C:\Windows\System\bFNjCdm.exe

C:\Windows\System\bFNjCdm.exe

C:\Windows\System\FAVdAHc.exe

C:\Windows\System\FAVdAHc.exe

C:\Windows\System\SgiJvUr.exe

C:\Windows\System\SgiJvUr.exe

C:\Windows\System\TLJVIzT.exe

C:\Windows\System\TLJVIzT.exe

C:\Windows\System\xSeUapw.exe

C:\Windows\System\xSeUapw.exe

C:\Windows\System\XPsacwS.exe

C:\Windows\System\XPsacwS.exe

C:\Windows\System\rzRzrzQ.exe

C:\Windows\System\rzRzrzQ.exe

C:\Windows\System\VRnVbQK.exe

C:\Windows\System\VRnVbQK.exe

C:\Windows\System\kUVUnFH.exe

C:\Windows\System\kUVUnFH.exe

C:\Windows\System\HVKqiTK.exe

C:\Windows\System\HVKqiTK.exe

C:\Windows\System\cmoKLrg.exe

C:\Windows\System\cmoKLrg.exe

C:\Windows\System\oGGGlkK.exe

C:\Windows\System\oGGGlkK.exe

C:\Windows\System\PTKafXk.exe

C:\Windows\System\PTKafXk.exe

C:\Windows\System\qCjnFKb.exe

C:\Windows\System\qCjnFKb.exe

C:\Windows\System\WthAibT.exe

C:\Windows\System\WthAibT.exe

C:\Windows\System\sbNLQDs.exe

C:\Windows\System\sbNLQDs.exe

C:\Windows\System\UhHwqlF.exe

C:\Windows\System\UhHwqlF.exe

C:\Windows\System\WVyWnAm.exe

C:\Windows\System\WVyWnAm.exe

C:\Windows\System\NPHZStt.exe

C:\Windows\System\NPHZStt.exe

C:\Windows\System\vAjBBIL.exe

C:\Windows\System\vAjBBIL.exe

C:\Windows\System\kcohzIx.exe

C:\Windows\System\kcohzIx.exe

C:\Windows\System\zcOzkqe.exe

C:\Windows\System\zcOzkqe.exe

C:\Windows\System\EFjVTNK.exe

C:\Windows\System\EFjVTNK.exe

C:\Windows\System\vyJWGNC.exe

C:\Windows\System\vyJWGNC.exe

C:\Windows\System\bQsNpcs.exe

C:\Windows\System\bQsNpcs.exe

C:\Windows\System\CYHZeVX.exe

C:\Windows\System\CYHZeVX.exe

C:\Windows\System\ZHgMuGa.exe

C:\Windows\System\ZHgMuGa.exe

C:\Windows\System\VmWBgeX.exe

C:\Windows\System\VmWBgeX.exe

C:\Windows\System\NkkbAhS.exe

C:\Windows\System\NkkbAhS.exe

C:\Windows\System\SDUtPfB.exe

C:\Windows\System\SDUtPfB.exe

C:\Windows\System\DRWgtGc.exe

C:\Windows\System\DRWgtGc.exe

C:\Windows\System\rhLSXHm.exe

C:\Windows\System\rhLSXHm.exe

C:\Windows\System\BQsDtZx.exe

C:\Windows\System\BQsDtZx.exe

C:\Windows\System\HpIuvRm.exe

C:\Windows\System\HpIuvRm.exe

C:\Windows\System\hiBTLDM.exe

C:\Windows\System\hiBTLDM.exe

C:\Windows\System\naHZHXk.exe

C:\Windows\System\naHZHXk.exe

C:\Windows\System\DbHUoIP.exe

C:\Windows\System\DbHUoIP.exe

C:\Windows\System\DsXzyur.exe

C:\Windows\System\DsXzyur.exe

C:\Windows\System\rxwrKAw.exe

C:\Windows\System\rxwrKAw.exe

C:\Windows\System\bQlSfaj.exe

C:\Windows\System\bQlSfaj.exe

C:\Windows\System\GjcXiYO.exe

C:\Windows\System\GjcXiYO.exe

C:\Windows\System\TxtMshW.exe

C:\Windows\System\TxtMshW.exe

C:\Windows\System\YpSDaiR.exe

C:\Windows\System\YpSDaiR.exe

C:\Windows\System\EkZbxUh.exe

C:\Windows\System\EkZbxUh.exe

C:\Windows\System\TaUtxao.exe

C:\Windows\System\TaUtxao.exe

C:\Windows\System\NeOIaPp.exe

C:\Windows\System\NeOIaPp.exe

C:\Windows\System\kJPQJHv.exe

C:\Windows\System\kJPQJHv.exe

C:\Windows\System\SBJFtdZ.exe

C:\Windows\System\SBJFtdZ.exe

C:\Windows\System\CLOEBbX.exe

C:\Windows\System\CLOEBbX.exe

C:\Windows\System\TGeHINy.exe

C:\Windows\System\TGeHINy.exe

C:\Windows\System\QhFTlSv.exe

C:\Windows\System\QhFTlSv.exe

C:\Windows\System\AgFbhMj.exe

C:\Windows\System\AgFbhMj.exe

C:\Windows\System\HDvGawo.exe

C:\Windows\System\HDvGawo.exe

C:\Windows\System\JGXappr.exe

C:\Windows\System\JGXappr.exe

C:\Windows\System\QiYPTXX.exe

C:\Windows\System\QiYPTXX.exe

C:\Windows\System\dlOJvdP.exe

C:\Windows\System\dlOJvdP.exe

C:\Windows\System\XxsTDtb.exe

C:\Windows\System\XxsTDtb.exe

C:\Windows\System\NzqFTNC.exe

C:\Windows\System\NzqFTNC.exe

C:\Windows\System\gQZZpec.exe

C:\Windows\System\gQZZpec.exe

C:\Windows\System\lHkCosk.exe

C:\Windows\System\lHkCosk.exe

C:\Windows\System\NyAJHzC.exe

C:\Windows\System\NyAJHzC.exe

C:\Windows\System\WAoNOUV.exe

C:\Windows\System\WAoNOUV.exe

C:\Windows\System\kPdGkXL.exe

C:\Windows\System\kPdGkXL.exe

C:\Windows\System\LiCxDjF.exe

C:\Windows\System\LiCxDjF.exe

C:\Windows\System\mgXiYVD.exe

C:\Windows\System\mgXiYVD.exe

C:\Windows\System\AHlqoOi.exe

C:\Windows\System\AHlqoOi.exe

C:\Windows\System\IwvCGUw.exe

C:\Windows\System\IwvCGUw.exe

C:\Windows\System\bhgsEni.exe

C:\Windows\System\bhgsEni.exe

C:\Windows\System\VrDeyEe.exe

C:\Windows\System\VrDeyEe.exe

C:\Windows\System\AEnJuNd.exe

C:\Windows\System\AEnJuNd.exe

C:\Windows\System\ZVgfowG.exe

C:\Windows\System\ZVgfowG.exe

C:\Windows\System\tmOnnfz.exe

C:\Windows\System\tmOnnfz.exe

C:\Windows\System\HYIfEJs.exe

C:\Windows\System\HYIfEJs.exe

C:\Windows\System\LLiHGUx.exe

C:\Windows\System\LLiHGUx.exe

C:\Windows\System\vczUOoy.exe

C:\Windows\System\vczUOoy.exe

C:\Windows\System\YTmiteg.exe

C:\Windows\System\YTmiteg.exe

C:\Windows\System\iURIfhf.exe

C:\Windows\System\iURIfhf.exe

C:\Windows\System\uRrzvJV.exe

C:\Windows\System\uRrzvJV.exe

C:\Windows\System\SbINRnR.exe

C:\Windows\System\SbINRnR.exe

C:\Windows\System\yQOquGo.exe

C:\Windows\System\yQOquGo.exe

C:\Windows\System\drWoTzS.exe

C:\Windows\System\drWoTzS.exe

C:\Windows\System\ZaxIGYy.exe

C:\Windows\System\ZaxIGYy.exe

C:\Windows\System\IELAxkl.exe

C:\Windows\System\IELAxkl.exe

C:\Windows\System\TvhDFft.exe

C:\Windows\System\TvhDFft.exe

C:\Windows\System\MvjqXYi.exe

C:\Windows\System\MvjqXYi.exe

C:\Windows\System\zgYvSZP.exe

C:\Windows\System\zgYvSZP.exe

C:\Windows\System\NJYqgio.exe

C:\Windows\System\NJYqgio.exe

C:\Windows\System\Noqjlvt.exe

C:\Windows\System\Noqjlvt.exe

C:\Windows\System\YWUklFb.exe

C:\Windows\System\YWUklFb.exe

C:\Windows\System\WZqTuMK.exe

C:\Windows\System\WZqTuMK.exe

C:\Windows\System\VnbqjzM.exe

C:\Windows\System\VnbqjzM.exe

C:\Windows\System\fCscPWT.exe

C:\Windows\System\fCscPWT.exe

C:\Windows\System\fVxkfnw.exe

C:\Windows\System\fVxkfnw.exe

C:\Windows\System\rngUZRK.exe

C:\Windows\System\rngUZRK.exe

C:\Windows\System\GmlitLf.exe

C:\Windows\System\GmlitLf.exe

C:\Windows\System\mpoKXPv.exe

C:\Windows\System\mpoKXPv.exe

C:\Windows\System\DngnzHh.exe

C:\Windows\System\DngnzHh.exe

C:\Windows\System\rOjdcPP.exe

C:\Windows\System\rOjdcPP.exe

C:\Windows\System\qlXfoHy.exe

C:\Windows\System\qlXfoHy.exe

C:\Windows\System\FHOrezg.exe

C:\Windows\System\FHOrezg.exe

C:\Windows\System\YKugxaG.exe

C:\Windows\System\YKugxaG.exe

C:\Windows\System\QOtLRVp.exe

C:\Windows\System\QOtLRVp.exe

C:\Windows\System\txSJILT.exe

C:\Windows\System\txSJILT.exe

C:\Windows\System\WJqtgaG.exe

C:\Windows\System\WJqtgaG.exe

C:\Windows\System\qhDFRsY.exe

C:\Windows\System\qhDFRsY.exe

C:\Windows\System\mLqVEqE.exe

C:\Windows\System\mLqVEqE.exe

C:\Windows\System\ngbfedW.exe

C:\Windows\System\ngbfedW.exe

C:\Windows\System\gZHRVbS.exe

C:\Windows\System\gZHRVbS.exe

C:\Windows\System\pPdDUAR.exe

C:\Windows\System\pPdDUAR.exe

C:\Windows\System\LoOjblE.exe

C:\Windows\System\LoOjblE.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1828-0-0x00007FF788360000-0x00007FF7886B4000-memory.dmp

memory/1828-1-0x0000019FE82F0000-0x0000019FE8300000-memory.dmp

C:\Windows\System\jlaGeSJ.exe

MD5 a201275c62c61e50154c3f816cd3cbb8
SHA1 79ed749a874737c836767e013118c90b4b499bdd
SHA256 f29d5a1ca6e9294cf09dab3e538ade54bb623dbbc5bffebb1ba68dd8f30ec04e
SHA512 f912d727cd365fbb74d70a0d73f77a3e081cfaff94e049d6311f805db53eeb761c4cadae27c2edd480eb8949ebba1e90f83685967f41c111f4fa0c856744d15d

C:\Windows\System\ahSsbqF.exe

MD5 b0463143992e934cb07781ed00075373
SHA1 61cef27950bd5c4b07efb0a0105d6995fe53b1c2
SHA256 5be840abb66e0dd43039b8e94b31bdaa5b96bc2622f70cdd4c0178dc9f637913
SHA512 7691b1ace6f798c186b8e791ef2788e0893968028fd1824cd978d5b95dbf2fabb5a2c85eda5d1f5ddc5042a96034d074e4318eea16da9f706ef8b31e3e9b3009

C:\Windows\System\gGaQuGc.exe

MD5 68ff98ae43fc2028d503f48b1972b1ac
SHA1 b506bb8cd5f31d78e69a41d579d156969f1155e7
SHA256 9e55f45cb303dbe28b89687e43fd45983ef88e41fed06cc1e6ae153647b562d6
SHA512 b95874c1c599f1ba36381aaf19f83c24c89c9c0649d60cc8461ed39b96cafe62bd3dc5526d850b4ee9147d184c666a22f518ee61fadfce54786af65c18121bdf

memory/1412-18-0x00007FF6AB3B0000-0x00007FF6AB704000-memory.dmp

C:\Windows\System\mktuhXD.exe

MD5 8228babfc6beff64717579d0aa3ff807
SHA1 64774dabeb45d0c1e67efdb9e10854b824fdc704
SHA256 01e8ffee9e146027e499c03a62b8cab99a370ff2050135434d2b0a9343659638
SHA512 eadf0865b6ae60c6e2677a110ef0ae25192387cb097fb55e66df88417083c21fe4fca3e71a53669a0a7198da84f56a4ccb3daaa4d89ea16da26bc9caec55d2bb

memory/4524-28-0x00007FF623C80000-0x00007FF623FD4000-memory.dmp

C:\Windows\System\JCidwpb.exe

MD5 7ea7b1969a719c24415fcf9e6ff6a577
SHA1 e4362e5b50de35d79179041cba42393107dcd902
SHA256 3bd4adb143ff33ea16698a2c17d9e54c6fd52f309ab70326c60bb43172836056
SHA512 52496c3b485603221d406d56cb6064408aa65659e82d4f441b9e161eca61d1d2d5fc54c296a875e16d3a9075532da7b46745eb46cb61e1073d1f3a81d1a79080

C:\Windows\System\uYnqCSt.exe

MD5 749fd63233b5a5ec5ea6ce8508dfe9c3
SHA1 d051d72ebe1399325471d38533d0f68e654a6021
SHA256 a693e318673733ff76006de916490f5e504e18f10117ec347b2595e8729119fe
SHA512 1dbf478b3cc1ee4fca53a6ef104eaa21229c4d2c52909913a0ea6bb5b0c1e53092712031c552246ac50a1af4c37de3aab4a390bf6104c2f7e1545d0e2c4c3c39

C:\Windows\System\oBaIvQq.exe

MD5 87d0cb704f7e9789e2e929b11747d0b4
SHA1 6e1f3c62742507feddf6d6d5aec8232318d2438e
SHA256 2f4a539b585ecae18c6b76ff049fa3f1d9fbe7f38d9109b04a8233770d44790d
SHA512 908c2af4179430bf1a0ed8ba5e06ee2f8f3ddd62b796fa4a989c52aa835704fc8bb8ffd4977fe90d1ada53261f96d52cfc310300d5e1e3eca9e5a106cc13cb6e

memory/3184-36-0x00007FF6E7580000-0x00007FF6E78D4000-memory.dmp

memory/2024-31-0x00007FF67ED20000-0x00007FF67F074000-memory.dmp

memory/4532-17-0x00007FF6E5E00000-0x00007FF6E6154000-memory.dmp

memory/1160-8-0x00007FF6E6FA0000-0x00007FF6E72F4000-memory.dmp

C:\Windows\System\skWOSEd.exe

MD5 f5ab4ee5c3b8b7e4fcb7ef1ed421dba8
SHA1 c0f75fbe464ad5998a9fedf9582a117688f2f8ef
SHA256 6ab632a263af2f0c12bedda1295922265ef503d9a62573da04225914e736549b
SHA512 8110ea648939830a9670ecc21a6f3f9c470d3dfa2a2f3ace86691c090c09e646046becca16dcda20883d54c345b00dc447b8883b3ad2a535415f92228d919b59

memory/4028-61-0x00007FF720030000-0x00007FF720384000-memory.dmp

C:\Windows\System\WCOoUqc.exe

MD5 a87aea18859ed088bb32fc85bf17cd85
SHA1 c53da08608b1b262e6af339d173d9c6a68874873
SHA256 9f12f2b6b5bd1bb06563e565c8df989e9f9af427b108faea2c5fd947dd354d06
SHA512 33b8a1e1cea52fb2d8cb9aa01d847c756ef0ff62580e739560741517bea41f25814e4f34550f1d372e8bb98900e077a8e7144135189a48443b06499b70eda2e7

C:\Windows\System\wuLDnlL.exe

MD5 c6a3b928f297bd69b64d8d16a1229661
SHA1 74e2ce08d1e99042ddb98e9481de2bf6dcc02f45
SHA256 0138555d941fdad53ea280fc261affd8fc67f10e2f5bfa3b971901f129a59629
SHA512 a111f20b68db203ccdaeaf1fe6a071c9b65f54671290cecd7b471c433a4a607a5424584c5df18b353b1ac5157eee44ed5c25707fc8733186e91258cf3d633742

C:\Windows\System\rsETchX.exe

MD5 f0a658be3dbdf56a340be700b5750bb9
SHA1 602ead8f2806f997d248a28f2445d97ace295428
SHA256 894221ee68bc3c7335cb119bcde5c2895bee7065899a569535ec6b3c82cb1b85
SHA512 1ab6fb0280a2acd01dec7632272717e687e8a6f758e76685bcdd59dc3eab1584a28424114bf48eca7b33a0c006ea6319ad561c1e8aca9972c7001012af3d3695

C:\Windows\System\zKhPBhN.exe

MD5 26c47d3af99ce77cef6d7a8aba4eb872
SHA1 721b4b9571f5e903c3d4ce7e032fce3afee97133
SHA256 819673e7d48a4f3c996e8086cfe24661cc6d23bbf961f3fdd601d9d4ac7d6585
SHA512 3c7cf019d0603dcd0ef2080821c6674bfb3f9519901dd9c52dbd6f3cef4dd49ecf5cf7bf705d9a202bf89d811c44edbbc9cbf93d30833d7ad2e8b0b8a41773a5

memory/3664-48-0x00007FF67A510000-0x00007FF67A864000-memory.dmp

memory/924-71-0x00007FF6101B0000-0x00007FF610504000-memory.dmp

memory/1168-75-0x00007FF649B50000-0x00007FF649EA4000-memory.dmp

C:\Windows\System\hqFnhPA.exe

MD5 6e8ec7326cbaafa823414471ff038a8a
SHA1 9769638a51cc10008cc6b7e2642ca349fc8d9993
SHA256 6e1e840ee1583e010997f22c3efe8e077d37f58006002607b4863ab5815b33ea
SHA512 c34dc3fca33588e190fa2d91da3e06bb7c5b449b4c3d25402a2a2b867d562006c155f6054f710d4e6be9868f49fe266cfeb1f50d136fdcb5b8346bf71981f728

C:\Windows\System\mKVDBWx.exe

MD5 3356d68a60653acc12a68d0e113f4eff
SHA1 5fbdd27e5e9763d649c2d0feb7f2646bda20e632
SHA256 991918a65d0c21ba158db0dee87cd22be43ecbf149ecec326984358905a88bbb
SHA512 47173ae56265579ff5566bfeb69b12e3100004f08513c5dd3a833dfa9cbba7a6529e74deb2cec79504639f33e86530c436d2be02210468a3e65371cc3ace4962

C:\Windows\System\lHyuCMH.exe

MD5 87c8dd266f861419f6e315a3cb1237a2
SHA1 f3b239d57cf42742ac1760a33d4485c1046ed495
SHA256 0dd76678b96a77697ba7385d9995f38017e11907166fffcd4ad34ad8232a4dc0
SHA512 e4097fd31e70d64475438ec2680695defa76dd3f16e4fe3b3d7cc268d20861cfa2ad8f535d5f045adf1709d38491eb3c7b7f9e0e80f87460871f4f18042eaf94

C:\Windows\System\FzgDDWw.exe

MD5 3bc46fb41fd4e01aaf2313e04af4cb0e
SHA1 00eb85fd816ef69ab8d7a5c71a15ffb217ba89a2
SHA256 8126428a361f6967a33d59ca220d7a0ee03fcd6f1ecb0f45210d99488a25a7bc
SHA512 ed2115e5fe9cd011e0e610d202f91a34edfa4655b3bbb7bfa22827d7116653dcbe4d415f7fc3c827e9b120ddf9c881bdb5accb7cbdb478e6fa2006f08f10d51f

C:\Windows\System\fbRFxrV.exe

MD5 4e07433e135ec271a29855c246edce0f
SHA1 86f5bdb6313f07b36b84daeb790464cf6c6ad2ac
SHA256 5241225166a8c3ce1e0f1245a0860cf2cc2da6e64dfa12740c4fde6f0c80c99c
SHA512 542a3e91e4ce1b25a3bceac6f499096ec8445c38a627e98cdbcd8a05b158f3d7a8b2d2bc0d5bc86f0446a22916ff1c8c2c2332a5a578afa89c2d35fcc99d1872

memory/3160-111-0x00007FF716480000-0x00007FF7167D4000-memory.dmp

memory/4076-113-0x00007FF6EAF20000-0x00007FF6EB274000-memory.dmp

memory/3856-114-0x00007FF76A300000-0x00007FF76A654000-memory.dmp

memory/4532-117-0x00007FF6E5E00000-0x00007FF6E6154000-memory.dmp

memory/1160-116-0x00007FF6E6FA0000-0x00007FF6E72F4000-memory.dmp

memory/1716-115-0x00007FF645E50000-0x00007FF6461A4000-memory.dmp

memory/2264-112-0x00007FF6DE290000-0x00007FF6DE5E4000-memory.dmp

memory/1828-108-0x00007FF788360000-0x00007FF7886B4000-memory.dmp

memory/2836-104-0x00007FF6F72D0000-0x00007FF6F7624000-memory.dmp

C:\Windows\System\PoZqBBk.exe

MD5 776b1c90460af60be74f2ab744a3d5de
SHA1 e6a44e17eab4631df08b2ac99bc1ea75b67b96ab
SHA256 08861b3605ff7d65fdfcb640f0298eb58b1f7be0d3494ad24b9e69a955f51050
SHA512 5696009d1d10bb78dae6c3ad147fe3e952966ed6efdcff9e5f1e58ce99c6d9593f4349551bb8a44c95afa258a7af7e923403067ad1c7427aa513fc55cf03a81f

memory/1996-91-0x00007FF7A7AD0000-0x00007FF7A7E24000-memory.dmp

memory/4956-87-0x00007FF7B0BF0000-0x00007FF7B0F44000-memory.dmp

memory/4204-83-0x00007FF6630B0000-0x00007FF663404000-memory.dmp

C:\Windows\System\GBbWPme.exe

MD5 21158ea0a0138ae6e7e14d61373b57fc
SHA1 002f327d69dba28759dc0357320d744b4ac95dec
SHA256 b0cccf7d3b20e3ab07ded475b6d769cac4eaf32c4279382172ada8ababee3314
SHA512 3e055d788fe6d9496c0a24b2c03d87bfe96c3dc6f0450cea578b415f465608948c50567d53837f38a1dc5f63c5694e6ca5afe9a3e1fc7b5df668f3b98ceddf59

C:\Windows\System\KRWxfXl.exe

MD5 f1c9b95caf993b2c2bc314be5b5cb46d
SHA1 b907bcd805dd4eb81e62ca51a3bcb88a1067432b
SHA256 d0a3ed8ca9b6dfc372532512a30c6824a10745e8bd093af924e2933f6c2f68f2
SHA512 7191929ef8257e9e209d40a8078fd60e069f9d650c0854b272c0d6b5e2d09793e59a484f6489b584a33f4587228cbf869ae67d6107ebf8958e918fc5f633ff9f

C:\Windows\System\mOIPFmo.exe

MD5 13eabea178a16d2619085414dcfa02a6
SHA1 626c78c24d96e15c994beeb0c6646ff36a24c2d4
SHA256 c7ca638e52399ed3f55ee8693db47a731147d8235adc25d3e0805de687757731
SHA512 5f853399098f99af51cd3f47e8192440d2d605a5d12e92f3275c4525d788ba000e7b43ac738b0e7b30c2dfafcbc0005ecf743623d8dfa86ce49611280220f8ab

C:\Windows\System\JdmLXew.exe

MD5 52ca5c25ba8221e08e8a11a409372dc6
SHA1 0c3c63818f20996839adcc6d06955c80c9d9d28c
SHA256 28ca575443375cfec559a148f55a9811acfc64393c654f654fa777e0348a7f90
SHA512 e34dd6c8fae9dc69799c6cc9a6752fae478de4a92350b39e2f9d519c291dc3dd00cd61a6a26c9d67906a0313b5185efa42fa5e1aca11e5015bbec6df6d14971f

C:\Windows\System\ksIolHp.exe

MD5 cf7b1186a82788219c0ffdf4dd9b3e56
SHA1 663fded50cc4c17833aeb65ebac100a480eb34e8
SHA256 9292164605ed5b892f30efa8a9ea08590c093c44dc14c4f03a59c25588551598
SHA512 5817a9c2f9ee34c0f55fe94a09b6cdcc96caff8265d9a83d9fe71c16f75b424730b64bfdf840ee0d5bd56c3e529b0faaefc0352dda5a5313b5d89772126e8450

C:\Windows\System\iBlfngr.exe

MD5 ad748f99ee9a6aa9ec33cd8247dcd7e7
SHA1 9cc7e10f146a597b3d2f2b36be38283f44c844c9
SHA256 25ae36afecc88a7caffafac47a3928bc6e21106d9e263079ced5a51645e11b43
SHA512 bbc014bc0cbe3640c2ddf69c5f88450fac35736608f4cd28f07c97ce6d35574d43933c5b22d74c22943f88978dff16c92a4442f52511478b53e7626a30b408af

memory/4524-127-0x00007FF623C80000-0x00007FF623FD4000-memory.dmp

memory/4288-146-0x00007FF7C9710000-0x00007FF7C9A64000-memory.dmp

C:\Windows\System\UGTKamT.exe

MD5 d33d972bc8f3e13c75e419ca247937d8
SHA1 4b8c70c1856d5d84571ed4537d821e78feef30b2
SHA256 401d556e62f0dd05dd8ad47d692e713040b5014aad6d4ac7856bda29149bb11d
SHA512 4b8e50a9ff76b895c55f2c859ffed97ef4b2a2af529d24a9959e30e3853b9fe9ed0dc110200db94786e105f9bc99bb198080bc98d623f0aaf91baf33a3dde092

C:\Windows\System\OKQXVqU.exe

MD5 fc8407d8a2dfb832b66f256c86707e58
SHA1 3331f97d14c3f56994bd7e8fccbccdc4b849057a
SHA256 a6fdff6467460c4f87da14478cd5d5994ea5098fb33654c0db6d18cc3e33aad9
SHA512 551ec0e006f5c60bc0dafb99efb7d4791d1ef4733491dd8b8aaac59a0916d69ef27fdb16a43cc8a15bb11258897f3b386dc33c1b73b542b1c06097e5ba90f85e

C:\Windows\System\GIKWlNc.exe

MD5 908fa53474b81cb8ba8ccdb8609e3c7f
SHA1 8c43754bffe04ea70023745e37786c6c020fec14
SHA256 8fc5e10bc821634702781fbc02f84b1a1e9d796d2d1d077cfbf8e1355c0cd89d
SHA512 0596bc67c6cd230970b3adf9562713d1d26fd96f000292cde0dad3cb9807d0b98b47aafa7bb698f70255d196668f34a0c8d7de8834991433f5fb9b1229487211

memory/1412-153-0x00007FF6AB3B0000-0x00007FF6AB704000-memory.dmp

memory/4980-150-0x00007FF6B9810000-0x00007FF6B9B64000-memory.dmp

C:\Windows\System\RHEHoBU.exe

MD5 2e1094d2dcb900389131c9991be2436d
SHA1 86ef161577f6841bafab6aac176dbccf1994d8df
SHA256 1f88ed52b0805f287b7ebf5f0a815699a94e25dbc1e63d715b9189cc22bfbd86
SHA512 cc3b436ee31ce7d81adc094a96b4e9cbd0d140245038c80f0b9c327315ebe4b7b2135bf9b10d6e486f80f9f40e21643439dd2275fe1112316e7ae7aa1d00f42c

memory/900-175-0x00007FF702410000-0x00007FF702764000-memory.dmp

C:\Windows\System\jYAwPpn.exe

MD5 63e593494a5414204edb056e4b5c85f3
SHA1 64c87281e468641ddf2ba72f9c8a3a12404ad8a6
SHA256 34e80d73b180760f38747fd6fa82ca52a1e1bbb8550cc32f469dc56fe99e1664
SHA512 8fe1e5ba7436c1688c9ca902af405af510a1b85c911c96c1bdee0d99d99278fc3669a4b632f2f4d891c1b9c2ade2887e1b8c896e73d25936979ba14f511929ba

C:\Windows\System\gqifKXH.exe

MD5 bd4fbad2c323f4393a341f2a0fb8d274
SHA1 f235bb181e656fdc279b794d6ea1a075fd8ab80e
SHA256 94d08463a75f4055df57c294bee1c390d20c4fa4df5f5bc136373c10a9172b53
SHA512 abe743928222330f020f2851d5d4d138558211ad7f9ed666106894c7f22e281d2c5603a950e7521efba6248888aed5ba9dc94c6721d9382da13e1aaff4c1a55d

C:\Windows\System\tKGDWXG.exe

MD5 de7b4e4592c3a594099022c02c7a4746
SHA1 98f49c277fc1127afbdee1cb90766dfc11d0dee2
SHA256 889eef5a074f837c35de591edabdeefe93c23a4ed85df71bf0860541fb340675
SHA512 daacbd2cd69fb6698cd8fa00c161e3eff0d120028afe1883ea274a5a6d211443a3efd3c3cba517356354ef24acb9955727b6d9d23b4e71490a8ab3254f5a65cd

memory/2020-174-0x00007FF6406E0000-0x00007FF640A34000-memory.dmp

memory/2616-194-0x00007FF63BD60000-0x00007FF63C0B4000-memory.dmp

C:\Windows\System\rdiUgaD.exe

MD5 c666c26461e500855df02805cfea60f0
SHA1 e04843b49faccc1814dac6cf3d454ef1d3a9fea2
SHA256 42951edd6958dd00ef212e81073a1a4bd78fb6fc559fe20aebad8811a3fae392
SHA512 06555e152013845f75ee744aee0268c1ba7686638d2d78067598aa21e796be4d4b0c794d34873388fb48ed6b1a830de3ec0ed7e3095b437895ce86160835cce3

memory/4692-211-0x00007FF617350000-0x00007FF6176A4000-memory.dmp

memory/4868-221-0x00007FF7F2FF0000-0x00007FF7F3344000-memory.dmp

memory/4488-209-0x00007FF6196D0000-0x00007FF619A24000-memory.dmp

memory/4072-202-0x00007FF61B4E0000-0x00007FF61B834000-memory.dmp

memory/1324-189-0x00007FF69C760000-0x00007FF69CAB4000-memory.dmp

C:\Windows\System\eBMhpvH.exe

MD5 7b245e25be44ba424b7fc800fc442261
SHA1 eaf2cdca8b084712b76c8fe875f82cf9f3ad44f8
SHA256 2af05b0f3b5af1ccabfa4b8982ab386024b15b81ccb9f6cba78206becfd23153
SHA512 83efe3719a543722719577be89a3af5001bfd64da4a7bf3366662925175030a81e51e779f5e6a0a5a560e2cc8dcaccac302c904a4084255566fd45545d4c6e85

memory/2024-593-0x00007FF67ED20000-0x00007FF67F074000-memory.dmp

memory/924-945-0x00007FF6101B0000-0x00007FF610504000-memory.dmp

memory/3184-940-0x00007FF6E7580000-0x00007FF6E78D4000-memory.dmp

memory/4028-1077-0x00007FF720030000-0x00007FF720384000-memory.dmp

memory/1716-1078-0x00007FF645E50000-0x00007FF6461A4000-memory.dmp

memory/1160-1079-0x00007FF6E6FA0000-0x00007FF6E72F4000-memory.dmp

memory/4532-1080-0x00007FF6E5E00000-0x00007FF6E6154000-memory.dmp

memory/1412-1081-0x00007FF6AB3B0000-0x00007FF6AB704000-memory.dmp

memory/4524-1082-0x00007FF623C80000-0x00007FF623FD4000-memory.dmp

memory/2024-1083-0x00007FF67ED20000-0x00007FF67F074000-memory.dmp

memory/3184-1084-0x00007FF6E7580000-0x00007FF6E78D4000-memory.dmp

memory/3664-1085-0x00007FF67A510000-0x00007FF67A864000-memory.dmp

memory/4204-1086-0x00007FF6630B0000-0x00007FF663404000-memory.dmp

memory/4028-1087-0x00007FF720030000-0x00007FF720384000-memory.dmp

memory/4956-1089-0x00007FF7B0BF0000-0x00007FF7B0F44000-memory.dmp

memory/924-1088-0x00007FF6101B0000-0x00007FF610504000-memory.dmp

memory/1168-1090-0x00007FF649B50000-0x00007FF649EA4000-memory.dmp

memory/1996-1091-0x00007FF7A7AD0000-0x00007FF7A7E24000-memory.dmp

memory/3160-1092-0x00007FF716480000-0x00007FF7167D4000-memory.dmp

memory/2836-1093-0x00007FF6F72D0000-0x00007FF6F7624000-memory.dmp

memory/2264-1094-0x00007FF6DE290000-0x00007FF6DE5E4000-memory.dmp

memory/4076-1095-0x00007FF6EAF20000-0x00007FF6EB274000-memory.dmp

memory/3856-1096-0x00007FF76A300000-0x00007FF76A654000-memory.dmp

memory/1716-1097-0x00007FF645E50000-0x00007FF6461A4000-memory.dmp

memory/4288-1098-0x00007FF7C9710000-0x00007FF7C9A64000-memory.dmp

memory/900-1100-0x00007FF702410000-0x00007FF702764000-memory.dmp

memory/2020-1099-0x00007FF6406E0000-0x00007FF640A34000-memory.dmp

memory/1324-1102-0x00007FF69C760000-0x00007FF69CAB4000-memory.dmp

memory/4980-1101-0x00007FF6B9810000-0x00007FF6B9B64000-memory.dmp

memory/4072-1103-0x00007FF61B4E0000-0x00007FF61B834000-memory.dmp

memory/4868-1105-0x00007FF7F2FF0000-0x00007FF7F3344000-memory.dmp

memory/2616-1104-0x00007FF63BD60000-0x00007FF63C0B4000-memory.dmp

memory/4488-1106-0x00007FF6196D0000-0x00007FF619A24000-memory.dmp

memory/4692-1107-0x00007FF617350000-0x00007FF6176A4000-memory.dmp