Malware Analysis Report

2024-10-10 09:41

Sample ID 240625-sypnzsxhqh
Target 718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe
SHA256 718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb

Threat Level: Known bad

The file 718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

KPOT Core Executable

xmrig

KPOT

Xmrig family

XMRig Miner payload

Kpot family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 15:32

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 15:32

Reported

2024-06-25 15:34

Platform

win7-20240221-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fnaUSGm.exe N/A
N/A N/A C:\Windows\System\VpIkJXe.exe N/A
N/A N/A C:\Windows\System\cQgBNWD.exe N/A
N/A N/A C:\Windows\System\OWftCSb.exe N/A
N/A N/A C:\Windows\System\YPyCXhQ.exe N/A
N/A N/A C:\Windows\System\hbydxIz.exe N/A
N/A N/A C:\Windows\System\QpiXPLs.exe N/A
N/A N/A C:\Windows\System\qUpOsrl.exe N/A
N/A N/A C:\Windows\System\eqjyEmV.exe N/A
N/A N/A C:\Windows\System\wAbZsox.exe N/A
N/A N/A C:\Windows\System\QsyLcnb.exe N/A
N/A N/A C:\Windows\System\NQjNXYP.exe N/A
N/A N/A C:\Windows\System\wMPdiLl.exe N/A
N/A N/A C:\Windows\System\xrwOOzm.exe N/A
N/A N/A C:\Windows\System\ZzpgSPK.exe N/A
N/A N/A C:\Windows\System\GVEXzRt.exe N/A
N/A N/A C:\Windows\System\aFNrUjQ.exe N/A
N/A N/A C:\Windows\System\AvBznUE.exe N/A
N/A N/A C:\Windows\System\ZYEzMai.exe N/A
N/A N/A C:\Windows\System\JPEOsPG.exe N/A
N/A N/A C:\Windows\System\AyOxRHm.exe N/A
N/A N/A C:\Windows\System\MBJPRvU.exe N/A
N/A N/A C:\Windows\System\iUERoQM.exe N/A
N/A N/A C:\Windows\System\lMpVPhW.exe N/A
N/A N/A C:\Windows\System\lkfJFnw.exe N/A
N/A N/A C:\Windows\System\pGpBRzY.exe N/A
N/A N/A C:\Windows\System\rObVwPa.exe N/A
N/A N/A C:\Windows\System\BvfKrrH.exe N/A
N/A N/A C:\Windows\System\ImPUChx.exe N/A
N/A N/A C:\Windows\System\irpyfPJ.exe N/A
N/A N/A C:\Windows\System\yHqoFdM.exe N/A
N/A N/A C:\Windows\System\DzwaujS.exe N/A
N/A N/A C:\Windows\System\XPepeVp.exe N/A
N/A N/A C:\Windows\System\MiRFoCv.exe N/A
N/A N/A C:\Windows\System\FAqiizW.exe N/A
N/A N/A C:\Windows\System\lwFcBPr.exe N/A
N/A N/A C:\Windows\System\lPLWqAf.exe N/A
N/A N/A C:\Windows\System\GKpqJav.exe N/A
N/A N/A C:\Windows\System\jwZEtWX.exe N/A
N/A N/A C:\Windows\System\dheRJzh.exe N/A
N/A N/A C:\Windows\System\CKoPLgg.exe N/A
N/A N/A C:\Windows\System\twtIVUj.exe N/A
N/A N/A C:\Windows\System\nDWaAqx.exe N/A
N/A N/A C:\Windows\System\TcMxUtJ.exe N/A
N/A N/A C:\Windows\System\CBTHvvE.exe N/A
N/A N/A C:\Windows\System\zvKNZzU.exe N/A
N/A N/A C:\Windows\System\WkbWkXz.exe N/A
N/A N/A C:\Windows\System\AasMfZG.exe N/A
N/A N/A C:\Windows\System\bSEqhbo.exe N/A
N/A N/A C:\Windows\System\AVnCPWj.exe N/A
N/A N/A C:\Windows\System\wuQgowp.exe N/A
N/A N/A C:\Windows\System\ykSyBbA.exe N/A
N/A N/A C:\Windows\System\TCRqjyN.exe N/A
N/A N/A C:\Windows\System\JWzQazo.exe N/A
N/A N/A C:\Windows\System\jpjnRlN.exe N/A
N/A N/A C:\Windows\System\SOOruGR.exe N/A
N/A N/A C:\Windows\System\qBItlIZ.exe N/A
N/A N/A C:\Windows\System\ohAsLWR.exe N/A
N/A N/A C:\Windows\System\OVhldpf.exe N/A
N/A N/A C:\Windows\System\JfEiFIv.exe N/A
N/A N/A C:\Windows\System\TszlRiP.exe N/A
N/A N/A C:\Windows\System\zJNjCBF.exe N/A
N/A N/A C:\Windows\System\rmLLISO.exe N/A
N/A N/A C:\Windows\System\UZeFdHA.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cknIbQl.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOVycCX.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKRHukb.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqvhOgY.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImPUChx.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAqiizW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMNAdBz.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzYyCJF.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZjqBPD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBTHvvE.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\AVnCPWj.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\OswuWDf.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHtvpSm.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\rOvhmpa.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHULVwp.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJdqUXm.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFNrUjQ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\huhNfqA.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FllsPYD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JaEDmvU.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FixVXaS.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuxqRef.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvKNZzU.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuQgowp.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\VSZvXGs.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgHmmnW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjwFxcY.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyHCTgF.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILRIkIz.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORFCHnu.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjYmTpO.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JIgyNxZ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVEXzRt.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkfJFnw.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JACusMT.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGscAmp.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\grwKzcP.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TttDmxn.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYYWdRH.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqWtWVD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\oacCTTK.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpQMSRw.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnkiZJS.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\Vqohcha.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\knHYrEl.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\QIiQWPv.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrXbJzE.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQUomWT.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzpgSPK.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\eIRyfeh.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWLqZgR.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuKpRvx.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySvIdJJ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWzQazo.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpiXPLs.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ohAsLWR.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnLpznv.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\njQBFhW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvStXHM.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDWaAqx.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPlnyBi.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPMkpCR.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWyMUVb.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKpqJav.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\fnaUSGm.exe
PID 2944 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\fnaUSGm.exe
PID 2944 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\fnaUSGm.exe
PID 2944 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\VpIkJXe.exe
PID 2944 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\VpIkJXe.exe
PID 2944 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\VpIkJXe.exe
PID 2944 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\cQgBNWD.exe
PID 2944 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\cQgBNWD.exe
PID 2944 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\cQgBNWD.exe
PID 2944 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\OWftCSb.exe
PID 2944 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\OWftCSb.exe
PID 2944 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\OWftCSb.exe
PID 2944 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\YPyCXhQ.exe
PID 2944 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\YPyCXhQ.exe
PID 2944 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\YPyCXhQ.exe
PID 2944 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\hbydxIz.exe
PID 2944 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\hbydxIz.exe
PID 2944 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\hbydxIz.exe
PID 2944 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QpiXPLs.exe
PID 2944 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QpiXPLs.exe
PID 2944 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QpiXPLs.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\qUpOsrl.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\qUpOsrl.exe
PID 2944 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\qUpOsrl.exe
PID 2944 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\eqjyEmV.exe
PID 2944 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\eqjyEmV.exe
PID 2944 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\eqjyEmV.exe
PID 2944 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wAbZsox.exe
PID 2944 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wAbZsox.exe
PID 2944 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wAbZsox.exe
PID 2944 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QsyLcnb.exe
PID 2944 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QsyLcnb.exe
PID 2944 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QsyLcnb.exe
PID 2944 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\NQjNXYP.exe
PID 2944 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\NQjNXYP.exe
PID 2944 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\NQjNXYP.exe
PID 2944 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wMPdiLl.exe
PID 2944 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wMPdiLl.exe
PID 2944 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wMPdiLl.exe
PID 2944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\xrwOOzm.exe
PID 2944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\xrwOOzm.exe
PID 2944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\xrwOOzm.exe
PID 2944 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZzpgSPK.exe
PID 2944 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZzpgSPK.exe
PID 2944 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZzpgSPK.exe
PID 2944 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\GVEXzRt.exe
PID 2944 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\GVEXzRt.exe
PID 2944 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\GVEXzRt.exe
PID 2944 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\aFNrUjQ.exe
PID 2944 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\aFNrUjQ.exe
PID 2944 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\aFNrUjQ.exe
PID 2944 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AvBznUE.exe
PID 2944 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AvBznUE.exe
PID 2944 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AvBznUE.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZYEzMai.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZYEzMai.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZYEzMai.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\JPEOsPG.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\JPEOsPG.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\JPEOsPG.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AyOxRHm.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AyOxRHm.exe
PID 2944 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AyOxRHm.exe
PID 2944 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\MBJPRvU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe"

C:\Windows\System\fnaUSGm.exe

C:\Windows\System\fnaUSGm.exe

C:\Windows\System\VpIkJXe.exe

C:\Windows\System\VpIkJXe.exe

C:\Windows\System\cQgBNWD.exe

C:\Windows\System\cQgBNWD.exe

C:\Windows\System\OWftCSb.exe

C:\Windows\System\OWftCSb.exe

C:\Windows\System\YPyCXhQ.exe

C:\Windows\System\YPyCXhQ.exe

C:\Windows\System\hbydxIz.exe

C:\Windows\System\hbydxIz.exe

C:\Windows\System\QpiXPLs.exe

C:\Windows\System\QpiXPLs.exe

C:\Windows\System\qUpOsrl.exe

C:\Windows\System\qUpOsrl.exe

C:\Windows\System\eqjyEmV.exe

C:\Windows\System\eqjyEmV.exe

C:\Windows\System\wAbZsox.exe

C:\Windows\System\wAbZsox.exe

C:\Windows\System\QsyLcnb.exe

C:\Windows\System\QsyLcnb.exe

C:\Windows\System\NQjNXYP.exe

C:\Windows\System\NQjNXYP.exe

C:\Windows\System\wMPdiLl.exe

C:\Windows\System\wMPdiLl.exe

C:\Windows\System\xrwOOzm.exe

C:\Windows\System\xrwOOzm.exe

C:\Windows\System\ZzpgSPK.exe

C:\Windows\System\ZzpgSPK.exe

C:\Windows\System\GVEXzRt.exe

C:\Windows\System\GVEXzRt.exe

C:\Windows\System\aFNrUjQ.exe

C:\Windows\System\aFNrUjQ.exe

C:\Windows\System\AvBznUE.exe

C:\Windows\System\AvBznUE.exe

C:\Windows\System\ZYEzMai.exe

C:\Windows\System\ZYEzMai.exe

C:\Windows\System\JPEOsPG.exe

C:\Windows\System\JPEOsPG.exe

C:\Windows\System\AyOxRHm.exe

C:\Windows\System\AyOxRHm.exe

C:\Windows\System\MBJPRvU.exe

C:\Windows\System\MBJPRvU.exe

C:\Windows\System\iUERoQM.exe

C:\Windows\System\iUERoQM.exe

C:\Windows\System\lMpVPhW.exe

C:\Windows\System\lMpVPhW.exe

C:\Windows\System\lkfJFnw.exe

C:\Windows\System\lkfJFnw.exe

C:\Windows\System\pGpBRzY.exe

C:\Windows\System\pGpBRzY.exe

C:\Windows\System\rObVwPa.exe

C:\Windows\System\rObVwPa.exe

C:\Windows\System\BvfKrrH.exe

C:\Windows\System\BvfKrrH.exe

C:\Windows\System\ImPUChx.exe

C:\Windows\System\ImPUChx.exe

C:\Windows\System\irpyfPJ.exe

C:\Windows\System\irpyfPJ.exe

C:\Windows\System\yHqoFdM.exe

C:\Windows\System\yHqoFdM.exe

C:\Windows\System\DzwaujS.exe

C:\Windows\System\DzwaujS.exe

C:\Windows\System\XPepeVp.exe

C:\Windows\System\XPepeVp.exe

C:\Windows\System\MiRFoCv.exe

C:\Windows\System\MiRFoCv.exe

C:\Windows\System\FAqiizW.exe

C:\Windows\System\FAqiizW.exe

C:\Windows\System\lwFcBPr.exe

C:\Windows\System\lwFcBPr.exe

C:\Windows\System\lPLWqAf.exe

C:\Windows\System\lPLWqAf.exe

C:\Windows\System\GKpqJav.exe

C:\Windows\System\GKpqJav.exe

C:\Windows\System\jwZEtWX.exe

C:\Windows\System\jwZEtWX.exe

C:\Windows\System\dheRJzh.exe

C:\Windows\System\dheRJzh.exe

C:\Windows\System\CKoPLgg.exe

C:\Windows\System\CKoPLgg.exe

C:\Windows\System\twtIVUj.exe

C:\Windows\System\twtIVUj.exe

C:\Windows\System\nDWaAqx.exe

C:\Windows\System\nDWaAqx.exe

C:\Windows\System\TcMxUtJ.exe

C:\Windows\System\TcMxUtJ.exe

C:\Windows\System\CBTHvvE.exe

C:\Windows\System\CBTHvvE.exe

C:\Windows\System\zvKNZzU.exe

C:\Windows\System\zvKNZzU.exe

C:\Windows\System\WkbWkXz.exe

C:\Windows\System\WkbWkXz.exe

C:\Windows\System\AasMfZG.exe

C:\Windows\System\AasMfZG.exe

C:\Windows\System\bSEqhbo.exe

C:\Windows\System\bSEqhbo.exe

C:\Windows\System\AVnCPWj.exe

C:\Windows\System\AVnCPWj.exe

C:\Windows\System\wuQgowp.exe

C:\Windows\System\wuQgowp.exe

C:\Windows\System\ykSyBbA.exe

C:\Windows\System\ykSyBbA.exe

C:\Windows\System\TCRqjyN.exe

C:\Windows\System\TCRqjyN.exe

C:\Windows\System\JWzQazo.exe

C:\Windows\System\JWzQazo.exe

C:\Windows\System\jpjnRlN.exe

C:\Windows\System\jpjnRlN.exe

C:\Windows\System\SOOruGR.exe

C:\Windows\System\SOOruGR.exe

C:\Windows\System\qBItlIZ.exe

C:\Windows\System\qBItlIZ.exe

C:\Windows\System\ohAsLWR.exe

C:\Windows\System\ohAsLWR.exe

C:\Windows\System\OVhldpf.exe

C:\Windows\System\OVhldpf.exe

C:\Windows\System\JfEiFIv.exe

C:\Windows\System\JfEiFIv.exe

C:\Windows\System\TszlRiP.exe

C:\Windows\System\TszlRiP.exe

C:\Windows\System\zJNjCBF.exe

C:\Windows\System\zJNjCBF.exe

C:\Windows\System\rmLLISO.exe

C:\Windows\System\rmLLISO.exe

C:\Windows\System\UZeFdHA.exe

C:\Windows\System\UZeFdHA.exe

C:\Windows\System\OswuWDf.exe

C:\Windows\System\OswuWDf.exe

C:\Windows\System\KqMbStO.exe

C:\Windows\System\KqMbStO.exe

C:\Windows\System\ZLyeQRk.exe

C:\Windows\System\ZLyeQRk.exe

C:\Windows\System\bHWtwsR.exe

C:\Windows\System\bHWtwsR.exe

C:\Windows\System\PUlNQUY.exe

C:\Windows\System\PUlNQUY.exe

C:\Windows\System\hTrZYUI.exe

C:\Windows\System\hTrZYUI.exe

C:\Windows\System\TmYGRUS.exe

C:\Windows\System\TmYGRUS.exe

C:\Windows\System\CcrooHa.exe

C:\Windows\System\CcrooHa.exe

C:\Windows\System\pMNAdBz.exe

C:\Windows\System\pMNAdBz.exe

C:\Windows\System\tHdViXh.exe

C:\Windows\System\tHdViXh.exe

C:\Windows\System\fIAdSDq.exe

C:\Windows\System\fIAdSDq.exe

C:\Windows\System\knHYrEl.exe

C:\Windows\System\knHYrEl.exe

C:\Windows\System\cudIsoS.exe

C:\Windows\System\cudIsoS.exe

C:\Windows\System\tAslUER.exe

C:\Windows\System\tAslUER.exe

C:\Windows\System\ODdUvIw.exe

C:\Windows\System\ODdUvIw.exe

C:\Windows\System\uMDrnUH.exe

C:\Windows\System\uMDrnUH.exe

C:\Windows\System\cPOiDgk.exe

C:\Windows\System\cPOiDgk.exe

C:\Windows\System\xModQMr.exe

C:\Windows\System\xModQMr.exe

C:\Windows\System\ntIcWeZ.exe

C:\Windows\System\ntIcWeZ.exe

C:\Windows\System\cknIbQl.exe

C:\Windows\System\cknIbQl.exe

C:\Windows\System\ZzfSVnM.exe

C:\Windows\System\ZzfSVnM.exe

C:\Windows\System\DHlrfUk.exe

C:\Windows\System\DHlrfUk.exe

C:\Windows\System\RXOJXrK.exe

C:\Windows\System\RXOJXrK.exe

C:\Windows\System\JACusMT.exe

C:\Windows\System\JACusMT.exe

C:\Windows\System\ttxEqLP.exe

C:\Windows\System\ttxEqLP.exe

C:\Windows\System\QGscAmp.exe

C:\Windows\System\QGscAmp.exe

C:\Windows\System\eIRyfeh.exe

C:\Windows\System\eIRyfeh.exe

C:\Windows\System\cNbecId.exe

C:\Windows\System\cNbecId.exe

C:\Windows\System\ggsNtiZ.exe

C:\Windows\System\ggsNtiZ.exe

C:\Windows\System\hfpxeaf.exe

C:\Windows\System\hfpxeaf.exe

C:\Windows\System\TiVEefK.exe

C:\Windows\System\TiVEefK.exe

C:\Windows\System\GFyAegP.exe

C:\Windows\System\GFyAegP.exe

C:\Windows\System\HVciYoS.exe

C:\Windows\System\HVciYoS.exe

C:\Windows\System\rVhHjfM.exe

C:\Windows\System\rVhHjfM.exe

C:\Windows\System\UFdvgNk.exe

C:\Windows\System\UFdvgNk.exe

C:\Windows\System\bWLqZgR.exe

C:\Windows\System\bWLqZgR.exe

C:\Windows\System\rcMGAEW.exe

C:\Windows\System\rcMGAEW.exe

C:\Windows\System\HcywVJI.exe

C:\Windows\System\HcywVJI.exe

C:\Windows\System\grwKzcP.exe

C:\Windows\System\grwKzcP.exe

C:\Windows\System\HYsSYKo.exe

C:\Windows\System\HYsSYKo.exe

C:\Windows\System\YQotbPK.exe

C:\Windows\System\YQotbPK.exe

C:\Windows\System\SyNNrxr.exe

C:\Windows\System\SyNNrxr.exe

C:\Windows\System\JrzxOAH.exe

C:\Windows\System\JrzxOAH.exe

C:\Windows\System\trOVoFi.exe

C:\Windows\System\trOVoFi.exe

C:\Windows\System\UBVtYgK.exe

C:\Windows\System\UBVtYgK.exe

C:\Windows\System\xUUsLhN.exe

C:\Windows\System\xUUsLhN.exe

C:\Windows\System\AKiEnXS.exe

C:\Windows\System\AKiEnXS.exe

C:\Windows\System\wOaRMNH.exe

C:\Windows\System\wOaRMNH.exe

C:\Windows\System\qCQOzSk.exe

C:\Windows\System\qCQOzSk.exe

C:\Windows\System\DEyHmGE.exe

C:\Windows\System\DEyHmGE.exe

C:\Windows\System\cissdXx.exe

C:\Windows\System\cissdXx.exe

C:\Windows\System\BSYyeej.exe

C:\Windows\System\BSYyeej.exe

C:\Windows\System\ILRIkIz.exe

C:\Windows\System\ILRIkIz.exe

C:\Windows\System\JiiqSGt.exe

C:\Windows\System\JiiqSGt.exe

C:\Windows\System\VzejBhS.exe

C:\Windows\System\VzejBhS.exe

C:\Windows\System\vpHudUI.exe

C:\Windows\System\vpHudUI.exe

C:\Windows\System\dKnomwG.exe

C:\Windows\System\dKnomwG.exe

C:\Windows\System\qNNJLPS.exe

C:\Windows\System\qNNJLPS.exe

C:\Windows\System\GHtvpSm.exe

C:\Windows\System\GHtvpSm.exe

C:\Windows\System\TttDmxn.exe

C:\Windows\System\TttDmxn.exe

C:\Windows\System\BRFZiOR.exe

C:\Windows\System\BRFZiOR.exe

C:\Windows\System\FNaWQsS.exe

C:\Windows\System\FNaWQsS.exe

C:\Windows\System\huhNfqA.exe

C:\Windows\System\huhNfqA.exe

C:\Windows\System\GsLIJVH.exe

C:\Windows\System\GsLIJVH.exe

C:\Windows\System\OfhQNMk.exe

C:\Windows\System\OfhQNMk.exe

C:\Windows\System\HHRdUOJ.exe

C:\Windows\System\HHRdUOJ.exe

C:\Windows\System\FiFVsjz.exe

C:\Windows\System\FiFVsjz.exe

C:\Windows\System\xHvRFQM.exe

C:\Windows\System\xHvRFQM.exe

C:\Windows\System\FPlnyBi.exe

C:\Windows\System\FPlnyBi.exe

C:\Windows\System\rOvhmpa.exe

C:\Windows\System\rOvhmpa.exe

C:\Windows\System\LpwRXqt.exe

C:\Windows\System\LpwRXqt.exe

C:\Windows\System\xNecJOG.exe

C:\Windows\System\xNecJOG.exe

C:\Windows\System\qmiqxdT.exe

C:\Windows\System\qmiqxdT.exe

C:\Windows\System\XmJkdtg.exe

C:\Windows\System\XmJkdtg.exe

C:\Windows\System\WBPhlKD.exe

C:\Windows\System\WBPhlKD.exe

C:\Windows\System\QmxfXZL.exe

C:\Windows\System\QmxfXZL.exe

C:\Windows\System\vAvgwdd.exe

C:\Windows\System\vAvgwdd.exe

C:\Windows\System\VtvriuU.exe

C:\Windows\System\VtvriuU.exe

C:\Windows\System\tnLpznv.exe

C:\Windows\System\tnLpznv.exe

C:\Windows\System\RYYWdRH.exe

C:\Windows\System\RYYWdRH.exe

C:\Windows\System\MUlQrWo.exe

C:\Windows\System\MUlQrWo.exe

C:\Windows\System\KegEWcp.exe

C:\Windows\System\KegEWcp.exe

C:\Windows\System\pLQAlVa.exe

C:\Windows\System\pLQAlVa.exe

C:\Windows\System\EAReCiF.exe

C:\Windows\System\EAReCiF.exe

C:\Windows\System\WIddTXN.exe

C:\Windows\System\WIddTXN.exe

C:\Windows\System\gsbXxhN.exe

C:\Windows\System\gsbXxhN.exe

C:\Windows\System\OlCBOjF.exe

C:\Windows\System\OlCBOjF.exe

C:\Windows\System\QZPMBiz.exe

C:\Windows\System\QZPMBiz.exe

C:\Windows\System\yqSDkwX.exe

C:\Windows\System\yqSDkwX.exe

C:\Windows\System\mvnCgkk.exe

C:\Windows\System\mvnCgkk.exe

C:\Windows\System\eyVWAtf.exe

C:\Windows\System\eyVWAtf.exe

C:\Windows\System\ZSVvMvA.exe

C:\Windows\System\ZSVvMvA.exe

C:\Windows\System\vjNFlyo.exe

C:\Windows\System\vjNFlyo.exe

C:\Windows\System\njQBFhW.exe

C:\Windows\System\njQBFhW.exe

C:\Windows\System\VLeljRo.exe

C:\Windows\System\VLeljRo.exe

C:\Windows\System\BNYYvrt.exe

C:\Windows\System\BNYYvrt.exe

C:\Windows\System\IWQWSYg.exe

C:\Windows\System\IWQWSYg.exe

C:\Windows\System\uZfPYEo.exe

C:\Windows\System\uZfPYEo.exe

C:\Windows\System\SHcBgHF.exe

C:\Windows\System\SHcBgHF.exe

C:\Windows\System\ikQscnk.exe

C:\Windows\System\ikQscnk.exe

C:\Windows\System\JnrAHTs.exe

C:\Windows\System\JnrAHTs.exe

C:\Windows\System\dpBxdRO.exe

C:\Windows\System\dpBxdRO.exe

C:\Windows\System\wuKpRvx.exe

C:\Windows\System\wuKpRvx.exe

C:\Windows\System\gjrNINl.exe

C:\Windows\System\gjrNINl.exe

C:\Windows\System\TaKnjjj.exe

C:\Windows\System\TaKnjjj.exe

C:\Windows\System\XynQfoB.exe

C:\Windows\System\XynQfoB.exe

C:\Windows\System\QxMFaUk.exe

C:\Windows\System\QxMFaUk.exe

C:\Windows\System\IBOczrS.exe

C:\Windows\System\IBOczrS.exe

C:\Windows\System\xXEJDJH.exe

C:\Windows\System\xXEJDJH.exe

C:\Windows\System\dgAehIy.exe

C:\Windows\System\dgAehIy.exe

C:\Windows\System\vHULVwp.exe

C:\Windows\System\vHULVwp.exe

C:\Windows\System\XfttnNb.exe

C:\Windows\System\XfttnNb.exe

C:\Windows\System\rBPvcvV.exe

C:\Windows\System\rBPvcvV.exe

C:\Windows\System\hJeuYWz.exe

C:\Windows\System\hJeuYWz.exe

C:\Windows\System\QmgjHmz.exe

C:\Windows\System\QmgjHmz.exe

C:\Windows\System\CEpSfmv.exe

C:\Windows\System\CEpSfmv.exe

C:\Windows\System\FllsPYD.exe

C:\Windows\System\FllsPYD.exe

C:\Windows\System\vMcQGOe.exe

C:\Windows\System\vMcQGOe.exe

C:\Windows\System\JJIzHBH.exe

C:\Windows\System\JJIzHBH.exe

C:\Windows\System\NRRASBp.exe

C:\Windows\System\NRRASBp.exe

C:\Windows\System\VSZvXGs.exe

C:\Windows\System\VSZvXGs.exe

C:\Windows\System\sumwEKZ.exe

C:\Windows\System\sumwEKZ.exe

C:\Windows\System\VSzrrnk.exe

C:\Windows\System\VSzrrnk.exe

C:\Windows\System\TRATWsw.exe

C:\Windows\System\TRATWsw.exe

C:\Windows\System\ySvIdJJ.exe

C:\Windows\System\ySvIdJJ.exe

C:\Windows\System\NsqarMM.exe

C:\Windows\System\NsqarMM.exe

C:\Windows\System\kBxQOEv.exe

C:\Windows\System\kBxQOEv.exe

C:\Windows\System\pMTBsud.exe

C:\Windows\System\pMTBsud.exe

C:\Windows\System\QpojlTG.exe

C:\Windows\System\QpojlTG.exe

C:\Windows\System\PaqoIWa.exe

C:\Windows\System\PaqoIWa.exe

C:\Windows\System\dzhmblt.exe

C:\Windows\System\dzhmblt.exe

C:\Windows\System\lqWtWVD.exe

C:\Windows\System\lqWtWVD.exe

C:\Windows\System\aideqFb.exe

C:\Windows\System\aideqFb.exe

C:\Windows\System\yMBZDHU.exe

C:\Windows\System\yMBZDHU.exe

C:\Windows\System\pPMkpCR.exe

C:\Windows\System\pPMkpCR.exe

C:\Windows\System\snpKZot.exe

C:\Windows\System\snpKZot.exe

C:\Windows\System\EfNslhj.exe

C:\Windows\System\EfNslhj.exe

C:\Windows\System\cnsISSW.exe

C:\Windows\System\cnsISSW.exe

C:\Windows\System\wnyjawr.exe

C:\Windows\System\wnyjawr.exe

C:\Windows\System\anfHCLD.exe

C:\Windows\System\anfHCLD.exe

C:\Windows\System\KMmjhyL.exe

C:\Windows\System\KMmjhyL.exe

C:\Windows\System\kRZeghA.exe

C:\Windows\System\kRZeghA.exe

C:\Windows\System\uOVycCX.exe

C:\Windows\System\uOVycCX.exe

C:\Windows\System\NCdipam.exe

C:\Windows\System\NCdipam.exe

C:\Windows\System\aAnqetZ.exe

C:\Windows\System\aAnqetZ.exe

C:\Windows\System\ORFCHnu.exe

C:\Windows\System\ORFCHnu.exe

C:\Windows\System\XuxGObV.exe

C:\Windows\System\XuxGObV.exe

C:\Windows\System\VLFgFxd.exe

C:\Windows\System\VLFgFxd.exe

C:\Windows\System\zzYyCJF.exe

C:\Windows\System\zzYyCJF.exe

C:\Windows\System\OMVWzUX.exe

C:\Windows\System\OMVWzUX.exe

C:\Windows\System\obJxZoh.exe

C:\Windows\System\obJxZoh.exe

C:\Windows\System\UoKVNXp.exe

C:\Windows\System\UoKVNXp.exe

C:\Windows\System\Fulagqf.exe

C:\Windows\System\Fulagqf.exe

C:\Windows\System\MkrWetT.exe

C:\Windows\System\MkrWetT.exe

C:\Windows\System\JaEDmvU.exe

C:\Windows\System\JaEDmvU.exe

C:\Windows\System\AOujsaP.exe

C:\Windows\System\AOujsaP.exe

C:\Windows\System\GjYmTpO.exe

C:\Windows\System\GjYmTpO.exe

C:\Windows\System\FixVXaS.exe

C:\Windows\System\FixVXaS.exe

C:\Windows\System\xAWGXxn.exe

C:\Windows\System\xAWGXxn.exe

C:\Windows\System\PioqmiD.exe

C:\Windows\System\PioqmiD.exe

C:\Windows\System\vmWWHuq.exe

C:\Windows\System\vmWWHuq.exe

C:\Windows\System\oacCTTK.exe

C:\Windows\System\oacCTTK.exe

C:\Windows\System\PjwFxcY.exe

C:\Windows\System\PjwFxcY.exe

C:\Windows\System\PljejiU.exe

C:\Windows\System\PljejiU.exe

C:\Windows\System\CLlBoFI.exe

C:\Windows\System\CLlBoFI.exe

C:\Windows\System\pBXzxuB.exe

C:\Windows\System\pBXzxuB.exe

C:\Windows\System\QIiQWPv.exe

C:\Windows\System\QIiQWPv.exe

C:\Windows\System\RgHmmnW.exe

C:\Windows\System\RgHmmnW.exe

C:\Windows\System\BSXhzca.exe

C:\Windows\System\BSXhzca.exe

C:\Windows\System\gkZWxjG.exe

C:\Windows\System\gkZWxjG.exe

C:\Windows\System\SkOQkUk.exe

C:\Windows\System\SkOQkUk.exe

C:\Windows\System\NpQMSRw.exe

C:\Windows\System\NpQMSRw.exe

C:\Windows\System\SlvjbMS.exe

C:\Windows\System\SlvjbMS.exe

C:\Windows\System\ucbFKXU.exe

C:\Windows\System\ucbFKXU.exe

C:\Windows\System\BAhCHeK.exe

C:\Windows\System\BAhCHeK.exe

C:\Windows\System\elQGbzR.exe

C:\Windows\System\elQGbzR.exe

C:\Windows\System\JyEzJNi.exe

C:\Windows\System\JyEzJNi.exe

C:\Windows\System\fyHCTgF.exe

C:\Windows\System\fyHCTgF.exe

C:\Windows\System\DYZAKkU.exe

C:\Windows\System\DYZAKkU.exe

C:\Windows\System\YEtzsYQ.exe

C:\Windows\System\YEtzsYQ.exe

C:\Windows\System\NZyWvYS.exe

C:\Windows\System\NZyWvYS.exe

C:\Windows\System\qSdCVHs.exe

C:\Windows\System\qSdCVHs.exe

C:\Windows\System\Oaknmnq.exe

C:\Windows\System\Oaknmnq.exe

C:\Windows\System\dSsHsSF.exe

C:\Windows\System\dSsHsSF.exe

C:\Windows\System\yBpbYdz.exe

C:\Windows\System\yBpbYdz.exe

C:\Windows\System\mZlUjpu.exe

C:\Windows\System\mZlUjpu.exe

C:\Windows\System\gipSeKY.exe

C:\Windows\System\gipSeKY.exe

C:\Windows\System\ENbcqMa.exe

C:\Windows\System\ENbcqMa.exe

C:\Windows\System\WdJoCEE.exe

C:\Windows\System\WdJoCEE.exe

C:\Windows\System\LnkiZJS.exe

C:\Windows\System\LnkiZJS.exe

C:\Windows\System\wUIzMeG.exe

C:\Windows\System\wUIzMeG.exe

C:\Windows\System\zSBgbHu.exe

C:\Windows\System\zSBgbHu.exe

C:\Windows\System\wvStXHM.exe

C:\Windows\System\wvStXHM.exe

C:\Windows\System\LqgppGu.exe

C:\Windows\System\LqgppGu.exe

C:\Windows\System\ZRdqfma.exe

C:\Windows\System\ZRdqfma.exe

C:\Windows\System\jpNKGGX.exe

C:\Windows\System\jpNKGGX.exe

C:\Windows\System\gWyMUVb.exe

C:\Windows\System\gWyMUVb.exe

C:\Windows\System\auiJpbr.exe

C:\Windows\System\auiJpbr.exe

C:\Windows\System\JphLSLd.exe

C:\Windows\System\JphLSLd.exe

C:\Windows\System\TuxqRef.exe

C:\Windows\System\TuxqRef.exe

C:\Windows\System\wrXbJzE.exe

C:\Windows\System\wrXbJzE.exe

C:\Windows\System\AJdqUXm.exe

C:\Windows\System\AJdqUXm.exe

C:\Windows\System\VbLjQdK.exe

C:\Windows\System\VbLjQdK.exe

C:\Windows\System\KsPypyu.exe

C:\Windows\System\KsPypyu.exe

C:\Windows\System\IVqBMNM.exe

C:\Windows\System\IVqBMNM.exe

C:\Windows\System\YoFFZaY.exe

C:\Windows\System\YoFFZaY.exe

C:\Windows\System\MJZmsTM.exe

C:\Windows\System\MJZmsTM.exe

C:\Windows\System\MtSdGqz.exe

C:\Windows\System\MtSdGqz.exe

C:\Windows\System\xXkZhCn.exe

C:\Windows\System\xXkZhCn.exe

C:\Windows\System\aFCisVl.exe

C:\Windows\System\aFCisVl.exe

C:\Windows\System\tjCqQlo.exe

C:\Windows\System\tjCqQlo.exe

C:\Windows\System\kJcuEZL.exe

C:\Windows\System\kJcuEZL.exe

C:\Windows\System\zzzhvmP.exe

C:\Windows\System\zzzhvmP.exe

C:\Windows\System\ujkjgIB.exe

C:\Windows\System\ujkjgIB.exe

C:\Windows\System\QfqNrCV.exe

C:\Windows\System\QfqNrCV.exe

C:\Windows\System\WPMIaDP.exe

C:\Windows\System\WPMIaDP.exe

C:\Windows\System\ZxyBxhI.exe

C:\Windows\System\ZxyBxhI.exe

C:\Windows\System\uPbwmhw.exe

C:\Windows\System\uPbwmhw.exe

C:\Windows\System\nKRHukb.exe

C:\Windows\System\nKRHukb.exe

C:\Windows\System\gVGUAfb.exe

C:\Windows\System\gVGUAfb.exe

C:\Windows\System\YgXeSzq.exe

C:\Windows\System\YgXeSzq.exe

C:\Windows\System\SfZlFPf.exe

C:\Windows\System\SfZlFPf.exe

C:\Windows\System\ygFbHSr.exe

C:\Windows\System\ygFbHSr.exe

C:\Windows\System\FIrTDIz.exe

C:\Windows\System\FIrTDIz.exe

C:\Windows\System\XtIvrUh.exe

C:\Windows\System\XtIvrUh.exe

C:\Windows\System\ZBXyDaT.exe

C:\Windows\System\ZBXyDaT.exe

C:\Windows\System\RzlsARa.exe

C:\Windows\System\RzlsARa.exe

C:\Windows\System\pJEQBus.exe

C:\Windows\System\pJEQBus.exe

C:\Windows\System\fQUomWT.exe

C:\Windows\System\fQUomWT.exe

C:\Windows\System\awPxkUM.exe

C:\Windows\System\awPxkUM.exe

C:\Windows\System\DtRHnxZ.exe

C:\Windows\System\DtRHnxZ.exe

C:\Windows\System\SqvhOgY.exe

C:\Windows\System\SqvhOgY.exe

C:\Windows\System\AeSQGrJ.exe

C:\Windows\System\AeSQGrJ.exe

C:\Windows\System\Vqohcha.exe

C:\Windows\System\Vqohcha.exe

C:\Windows\System\XosqLva.exe

C:\Windows\System\XosqLva.exe

C:\Windows\System\kuCLlNy.exe

C:\Windows\System\kuCLlNy.exe

C:\Windows\System\aoLrRnc.exe

C:\Windows\System\aoLrRnc.exe

C:\Windows\System\diZMDoz.exe

C:\Windows\System\diZMDoz.exe

C:\Windows\System\AMMAllW.exe

C:\Windows\System\AMMAllW.exe

C:\Windows\System\JIgyNxZ.exe

C:\Windows\System\JIgyNxZ.exe

C:\Windows\System\RPkYpQc.exe

C:\Windows\System\RPkYpQc.exe

C:\Windows\System\ldZJEGG.exe

C:\Windows\System\ldZJEGG.exe

C:\Windows\System\nDzDLpo.exe

C:\Windows\System\nDzDLpo.exe

C:\Windows\System\IkTnADx.exe

C:\Windows\System\IkTnADx.exe

C:\Windows\System\JZjqBPD.exe

C:\Windows\System\JZjqBPD.exe

C:\Windows\System\bvUQIla.exe

C:\Windows\System\bvUQIla.exe

C:\Windows\System\RKnjwFU.exe

C:\Windows\System\RKnjwFU.exe

C:\Windows\System\GkTtAyP.exe

C:\Windows\System\GkTtAyP.exe

C:\Windows\System\awcewMO.exe

C:\Windows\System\awcewMO.exe

C:\Windows\System\DQbDgDn.exe

C:\Windows\System\DQbDgDn.exe

C:\Windows\System\OvPOuZO.exe

C:\Windows\System\OvPOuZO.exe

C:\Windows\System\jAYURZo.exe

C:\Windows\System\jAYURZo.exe

C:\Windows\System\zJYbANa.exe

C:\Windows\System\zJYbANa.exe

C:\Windows\System\yIiSjsp.exe

C:\Windows\System\yIiSjsp.exe

C:\Windows\System\PhWudWm.exe

C:\Windows\System\PhWudWm.exe

C:\Windows\System\EgvNduy.exe

C:\Windows\System\EgvNduy.exe

C:\Windows\System\FLfgOgD.exe

C:\Windows\System\FLfgOgD.exe

C:\Windows\System\bbHdAsw.exe

C:\Windows\System\bbHdAsw.exe

C:\Windows\System\UxCYcdp.exe

C:\Windows\System\UxCYcdp.exe

C:\Windows\System\CqKePJs.exe

C:\Windows\System\CqKePJs.exe

C:\Windows\System\pIsYHIB.exe

C:\Windows\System\pIsYHIB.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2944-0-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/2944-1-0x00000000002F0000-0x0000000000300000-memory.dmp

\Windows\system\fnaUSGm.exe

MD5 515f52cdeda9412151b92f8e6e22bca8
SHA1 4d92d22392ab4bbe1e5ddd848c3a7e8903522d5a
SHA256 703b917f98512c8a44cfa5979b6e76afa94232d75244d75d1f234b28bd88beed
SHA512 61d410c0c4468f6239b7a730c46dc8f60ff4a4811e349eadf5c7cd9984e015819dad53a869bf2b2598c306462cff23acd4265370426dfdae409c443ed5a7e51f

memory/272-7-0x000000013F480000-0x000000013F7D1000-memory.dmp

\Windows\system\VpIkJXe.exe

MD5 b917f4aaebe3e8f2667935ba3d193aed
SHA1 6ad5774db6722abb91c449f9e2900ae3da295485
SHA256 b0a3f86194b4d79a5735ff5ef04bf61e09933f1b69a46881816aef63ebeca29d
SHA512 fe203761426f8a8209ec026d40f3d8e5ea4007fb92f778f3bb7ee5da6f9db5981a812111ad9b9ede9231a2f6a6eb5fdf65ab8b840921d7400a44e2c6b6c09e02

memory/2944-12-0x0000000002060000-0x00000000023B1000-memory.dmp

memory/2820-14-0x000000013F460000-0x000000013F7B1000-memory.dmp

C:\Windows\system\cQgBNWD.exe

MD5 5832c32fd6033cd1b22e0a405684d94f
SHA1 e9c62f8b4a5a8fa358fcd4265de2551b6703342d
SHA256 0e048d0ebb8e1470778588f507efccb2d0f4b537b0341bb12ff298e1e0f6b4c4
SHA512 826627d9d07a629ee9f53d5c616a62099ca4bf7e97b81807d4dccbad39f01318f7e35c1e2a9c8481e26a9512c9886a5005608add3ca9703a53d510fd098ac44f

memory/2540-21-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2944-20-0x000000013FB00000-0x000000013FE51000-memory.dmp

\Windows\system\OWftCSb.exe

MD5 3018627203564ccdb6aff7de5b0924e6
SHA1 b3b6380adedf3749d106815116bac39355ec3517
SHA256 7ccecdb1a0354bfa636fe21d2e14097b1e756501c32c198763f2582e722d55bb
SHA512 c2077ea9cba584bf30749879f3376fbf3754f0a658db2d05097b54539dd37f43393700e610ebb4e2335ac1f54c63f659cf58ed50c2ed9de6639b792030f8d641

\Windows\system\YPyCXhQ.exe

MD5 0bcd618916e3e8aa1decc9606afa8cd7
SHA1 20b106ef4ef79362c46727f541a6bc428c0bfed6
SHA256 b099706d213af48fecb40a7e32ccb08caf41b4eba8389c4996439b0885476a55
SHA512 3d5e62dae1b8fd6bcb7a93c1017a53cd6cba046bc650c6fa18c3b1c85bf6f0615be46d99b5e83627b057d0e2b9bf38ba78501b3e6058f43ca9042104b128567c

C:\Windows\system\hbydxIz.exe

MD5 1e109caf226d6a3bd2757e4c2a67b0fd
SHA1 85cdbc7f00555bbdd0cb2ec07bd7b9cb8ddbb076
SHA256 f9e61ceba6e734c98337e489e85b22e9b2949e1e6e4a456132cb4a3f6a811cde
SHA512 c17e2be6b082acaeeae9d53ed4d4213fe9bf38290c029baa50c33138c242e2d25a13517b210b94ceb7931b7cdc330e774498d454b17ba7f544b8b038a8036a07

\Windows\system\QpiXPLs.exe

MD5 fd688daeaa2e0ef6065917783103c4ee
SHA1 4f10470d10d7d5574229357919b284d1f428c3bb
SHA256 21ccd51a73c5ec2970f4f22e7429a0a19cee5cd5f02f1ad2dfa2999f8b3bb3eb
SHA512 757bc1609093d5476f276661e0aa369498e05e6f5e689188feffe9553de682c585fd6659307147d7deaf1c7eae23ec3a09efbc68d5db4c231458565c7aea642a

memory/2300-43-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/2660-44-0x000000013FF90000-0x00000001402E1000-memory.dmp

memory/2944-49-0x0000000002060000-0x00000000023B1000-memory.dmp

memory/2944-48-0x000000013FF90000-0x00000001402E1000-memory.dmp

memory/2724-47-0x000000013F530000-0x000000013F881000-memory.dmp

memory/2944-46-0x0000000002060000-0x00000000023B1000-memory.dmp

memory/2604-45-0x000000013F110000-0x000000013F461000-memory.dmp

C:\Windows\system\qUpOsrl.exe

MD5 5e1878488a4f9e9446f65d7cab1ca764
SHA1 9d3942d67d96ecd06f23346c458f77544f1d4e3e
SHA256 e709248ff99fb7efd392a6ec6e983a651b023ed05a9b4ff222709c53b5757a24
SHA512 908ba801673707e15b7855975e81829ed943a8bee4fbd1e04ac1f75c1d0b08bdec518009f6b583896eac4db52cc0da5025416b791eb74249d3d66b8e2ffac3f8

memory/2796-55-0x000000013FBB0000-0x000000013FF01000-memory.dmp

memory/2460-62-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/2944-60-0x000000013FCD0000-0x0000000140021000-memory.dmp

C:\Windows\system\eqjyEmV.exe

MD5 ea34a986a57d396a59c6dde20388be09
SHA1 db318c8e3a56b37aec3e541548818a556735b89b
SHA256 14e15a40e3f6520a8425c7d4f3c98bb3c0f0d9fe454aa81e4acb188b9fc94677
SHA512 dafac9d8cb1dddb2b1253bc3924fcfcf2d3a91176e9cf5be17728a7c32f11630b44d1f64863a514c47eaf094cf2308fb6120b08ff13f78751bf2094cea19bcc2

memory/2944-67-0x000000013F370000-0x000000013F6C1000-memory.dmp

C:\Windows\system\wAbZsox.exe

MD5 fe79d8097fe97dff392af05bbc20c9dc
SHA1 64b61a26fc600077b13d22586a0c0179149f2272
SHA256 ffad8c0cc71343ea6d95e2f50d8d0e33a485b72c707d8051d283042733a8d96b
SHA512 fd75f8ca450c00b5605f513ca44008cfd70aab8274dfce47522210b375a004bea215123cb8c8e73a265fadec67bb52f5eeaf748ca3f21570c33d25259e923f0e

memory/2616-70-0x000000013F2F0000-0x000000013F641000-memory.dmp

memory/2944-69-0x0000000002060000-0x00000000023B1000-memory.dmp

C:\Windows\system\QsyLcnb.exe

MD5 37f58a4f4468536f3375f181b0e51316
SHA1 1bd63d3febc10e38154a08d619ae50de95ab173b
SHA256 4afaecc3f4c2aecb5b1bdb9b2f78e3a2119bb1b4b4972604202def8dba81b6bd
SHA512 28db19456c5b8b554c8e4b7d949224efc08661fa42ff8424a1adced9fa17907120e646675fb6bf29475df16fca881488454768088e1636707e93634792bb8778

memory/2108-77-0x000000013FA10000-0x000000013FD61000-memory.dmp

memory/2944-76-0x000000013FA10000-0x000000013FD61000-memory.dmp

\Windows\system\NQjNXYP.exe

MD5 8a49034ccca4c9fda4e20c5705ab1382
SHA1 a6d176a3ec0baf4d141601441a07df9896eb90a8
SHA256 0f1393dbe50f2275fe4683d6d0f8f6ec499c07f651527d4aa0dae4184f16c0ed
SHA512 d753dea82b1851d5bb4e005396256ce69ba5b4c8ecbd9996f39bb2ff7cd8bef5a98493c2b8caccf352b0c4505cd4abf99b1108ba49a31811938f138c9db37a39

memory/2944-84-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/1432-85-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/272-82-0x000000013F480000-0x000000013F7D1000-memory.dmp

\Windows\system\wMPdiLl.exe

MD5 440752548cafd84038a4d1a75f276920
SHA1 ef856cfb3e0161df19f1179ec21ee126ed53e136
SHA256 ea64229297e9a89adf6e1947f6544cd8cb21f38107432e81772b8081e07c90f1
SHA512 34fe46f4aecda272c167ef354ad274d6b7a3be030122b1de49a20cb485406f469f18166ff000360186a90a68f0a38b5da9c2ffdd5e5e84c078bfb2a56feaaf74

\Windows\system\xrwOOzm.exe

MD5 71cfd2092e80c2c593de7a6324dc43af
SHA1 a14b9f6bfb9addd6ab763180268797a5f54630a4
SHA256 ab0e2ce365cced8dcfb7e16eff5564109c8e59d544e1f7d1cf9572943c06fd2f
SHA512 ce60318084803024811b3bb7dd6b28035b020710c88bcd7fb9e349d1d125049be24f209151fb712e727f2f2e1d31cf8b74022410464b60a314c3ea74bd31ff4b

memory/2944-101-0x000000013FD70000-0x00000001400C1000-memory.dmp

memory/2744-92-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2820-91-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2676-102-0x000000013FD70000-0x00000001400C1000-memory.dmp

memory/2944-100-0x0000000002060000-0x00000000023B1000-memory.dmp

memory/2540-97-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2944-87-0x0000000002060000-0x00000000023B1000-memory.dmp

C:\Windows\system\ZzpgSPK.exe

MD5 1b4f82b84b39bf40b02dcabfa3d3c150
SHA1 b256d03abad3d81db96efd3aa1b5a5c1fbfd647c
SHA256 26951cfbe28d86abe649e1bbe7cb0565687c8dd792d0168fbec3b3b0e48d60e3
SHA512 49d0871c95a412f743b6d67cb07aa0bb9afcdb9833331f35ca7bdaad915443be93d55d531a9fca909435265c56b31a3875b2b103ef59bae9004e45f22086401c

C:\Windows\system\aFNrUjQ.exe

MD5 06f90538fd0846f5f0490d73c41b8d6d
SHA1 c3905d8a6b1837a48304e82fa46f67de5bd89760
SHA256 2001c27f956bea9ff1a3a004e58da64c661589486396c3856bf34b801c2504c4
SHA512 7dc73a6a5d8d327461a24292959cfaf09a0c8ba4b6e6e1d9cac3ac87f6087cc349853fa8571e76eb4a48ba36e7bd110eb9725bb512fdc8329b9aa5b1a94f648c

C:\Windows\system\JPEOsPG.exe

MD5 3d53df86b3cf773fc643a58e69ef54dd
SHA1 c1dd9c38517139aaf13c5cc1f32ec1f16a7fc8b5
SHA256 77a1473a5b23498db72009b971b13e8edb66ce4ed5fe347340f07f802f4564bf
SHA512 a399b07764682db8aa92610f54e850efdd6b3af02e68cfde965090a08a07910f555c31fab5c98566cd42747b3d94ef4d7baca34766b129f40075cb982cf87949

C:\Windows\system\MBJPRvU.exe

MD5 faebbb9e914f0f80ee5df0a4fafa51ae
SHA1 495ce34661a417ad50bb77b10b4c975b4ed2424e
SHA256 0ff86b70a2897cef756a35345d60ef653ffb53aef34fdf53be065fcc1b6a14d5
SHA512 eed734c18dc90197959211dbaa6b9172e31b02e7b049d33f8b6f845f728304518648a0e21abb4d9b607dc6c4773186bb0b5c4af3886220342f71ea8a273b7a6f

C:\Windows\system\iUERoQM.exe

MD5 41530bffe40538e12c0402ea11171bfb
SHA1 1c08ea1fdd9011343b5ef0db8b966afa2332e881
SHA256 0c85634ed4cf32a55195a07b0d0db9cca1422f230fdb46cb37699a471e159365
SHA512 3ed15ff51a05d8a277cbfe79f2578db6a0cac62fbaacb75f26d3117bab2b7a5abd58e0dce9ffd34c458c1417b44166eaa1ce6316ec0776bc2043fed3629a5889

C:\Windows\system\BvfKrrH.exe

MD5 ffad5a54fb7dc48c87b8322a4aa12d67
SHA1 1ca9f513b5ac8125dd3f9c3136c756d3e008cffa
SHA256 9fe4dd816fa1358676bf64b5253d244eb92020f26ea3259cd086a8c97a69f920
SHA512 8a441e0c1105e1e693a253f411a9bbc2dc4b8c57f7a1f28ce58755b7a5b0444a3a55f6211fd88ab4ae6c2f3cba0e2bd8bb6ec40607afe76c2ebe8ea2a9f2979b

C:\Windows\system\ImPUChx.exe

MD5 851fc4e255ec1b519a9d1d075eef433b
SHA1 4108aad2be600211a09573fc47bd9c9901afb932
SHA256 1bc1e759044652b1ad2b6504ea0c2d8dccbbc9dcbf0f4c7aca3beb6a165fd139
SHA512 e97b2390998417d59001088471135ed6518b43fee7693bd3a2d38e85225ea4c539bb24403cfea4ec6fcb450ca86f955fd202fe660facbaa27ec2daeeeee11252

C:\Windows\system\DzwaujS.exe

MD5 b886f8d6c1917a787a01cfe11896399a
SHA1 2dd716738d5512787aa111fcb5ff68257631beff
SHA256 6ec1e566b08b93c273f44c70c321cff6b0bbd7c089e69f29fb9e42de0401efdd
SHA512 6772e0a6c1cd9490541f84de3fd38f7a6d0294b51d4c2faf5e6451305c28538d73f1616d1a4f9f77c5031fe88e1720da94085b97b60c0847f71d27df4927c8e3

memory/2796-373-0x000000013FBB0000-0x000000013FF01000-memory.dmp

C:\Windows\system\yHqoFdM.exe

MD5 bb19e0105edaafc1531b393d1723f469
SHA1 e68e5ec447ae8a2fc28ba80aa93cc7738146bf8c
SHA256 9ef751b29e21cb8bed29204013ad5e70c9e2c541735b4160a7b4b35afb1e9212
SHA512 984aa34b2468442c7d1db093bb3982a9c7982eec15127cae4836025b628deadc480fbbeed92908963ce9532f22c837eb90a8ba4abe8bbbc88de4c69f0e7b59ee

C:\Windows\system\irpyfPJ.exe

MD5 0c3e174e64399273c435d48a39514ae5
SHA1 8c415bed2ea3c6e42157f00659691a338c9b179e
SHA256 d610d840a6a1098df60faa01e68f02e4ca2800d4b02bd7f118cc4c2cae1744c4
SHA512 72279bcf093c7f6186d6367d29e65949b44b13ba0906b4e647f5c53dbf9fde341b9d4914339bce27f1ed83fe5f28caab8db95251abd2f518d3f225592d03d431

C:\Windows\system\rObVwPa.exe

MD5 6c516dcc3e395b7abf3e267aa78d4f7a
SHA1 7c67225af66340e778e944266c66b18e029c5fcd
SHA256 4d847877e07c5ca1627b6b33acca5f1f24a6ea9de379cc97ef920955cab89ac4
SHA512 0c3956166e2c4776d0be831cf9b3871ccc394397c751e20edc5e2dfb9e630dc0785119b652d114f96187e97aef653ada399a1ea3f43df0dc40b56829fc004ed8

C:\Windows\system\lkfJFnw.exe

MD5 881c46ef3a8fbdf0eaf72a4c74403e23
SHA1 a6966279fc725306e093e32c695bc962c8e43bad
SHA256 ea7e59a0e531e473b9f4f73217b1ebca54dca46bc34015b4a831c5a59292f91c
SHA512 fc9ffc60ec6c8e88863e79af990ea87316ef0a2c18ce6801a4ddbc9bd0e7e1690c28a1314aab46d074d3866e9a3a7a6a4ca24acb73dc09dd116a050d51552110

C:\Windows\system\pGpBRzY.exe

MD5 c84e6217385b54b79036485b7c8b0fe8
SHA1 c92c57533425cf16dd4d3670e644e880a60f53d3
SHA256 7a6fa2cc58a630ca369a129e557c8ac02d3986b5b6074b1f03a845959196a526
SHA512 669d1b753b1c1087d944dc65fec358f239468724c299a0789e4204a524f1c12e2444bcff9120fab9486834a823c674785d483785587c706e0321a1138acb3572

C:\Windows\system\lMpVPhW.exe

MD5 6eb9dbae7b962be573de70acbdca2a5c
SHA1 afa8bb735b4398e52c348427878f7d37a56b79f8
SHA256 444b8f8422fe5563607d03d661b5c769393ee8be37b3c86055abe78089151fe8
SHA512 5d62ddf914cadd12c1edab2db610c03dcdf8adb61a8fbbe4e96e0f8507bb16aa7bf937a903934d240d81929a21b1aaa6a07518f39499c878d8e4fbba89036434

C:\Windows\system\AyOxRHm.exe

MD5 4e0dadf2ccf0ad6e24d553815b5d9ad8
SHA1 c406c38735e42f1d3100b4a135baa076e9ec4bd0
SHA256 a113a5c5fe3e33524113d173551e57316ea41734c65a64d3fc546f64c32ecbf2
SHA512 71034e72886a827df5fadb4bd31d8dfbe9e3936fbc72a474bf466ccb2e7478e6fb27d4ea292f08108cb8aa5502a438a77ebc73b57a5f75291c822e7e4e2542ff

C:\Windows\system\ZYEzMai.exe

MD5 c2ffa3721af15f9a9b089dba05e4ea11
SHA1 7518280f6c155edbeaade96a8a04af3742462ba2
SHA256 4f98ecebadd3147dcbebab75b6ce86324b0be4458a029ba5401f87214dc3a585
SHA512 f6fbd1b600eb974c809b9bbfc4f894860a99cd238f1263c9017fde2cf8f0e756db8e80523d1b17a87700d6c47bbd2a01cd8e79bafc638428094d82f534271f54

C:\Windows\system\AvBznUE.exe

MD5 917fdc0428e9a43d34df5ed43a926cce
SHA1 fd59a28735507a2ed8411f31b7d791838c07052c
SHA256 766bac2a23f00dfa58575da7b52b6aad5c73f648ea26caedfa7cfc5fdacb30da
SHA512 205fc41f204dca827e1a46e9dfda1224438000bc50ff4eb37fde3c1400488f07237260c288bcce7097458989a3a460059d8fe4dd02c7fa118e925f625bfe3392

memory/2944-112-0x000000013FBF0000-0x000000013FF41000-memory.dmp

C:\Windows\system\GVEXzRt.exe

MD5 49b5085987a2ead9523b412de2a98fc4
SHA1 53f23fcf7b0c12b27daf8c3d1a1d3abb0c5e3c60
SHA256 28b5ebe865396d8e648460aca65e8a051f3a149d078a4de9acaae319eab7e8c0
SHA512 e0c44d7f2218cbc098ca08349c7825526992faf3fb9f2d2f4841f867d9e5e8f89c9df4af13d64c6156f3fd3488648024daabc19ad112863525812c91c428bca6

memory/2460-946-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/2944-1077-0x0000000002060000-0x00000000023B1000-memory.dmp

memory/2944-1088-0x000000013FA10000-0x000000013FD61000-memory.dmp

memory/2944-1107-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2944-1108-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2744-1112-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2944-1121-0x000000013FD70000-0x00000001400C1000-memory.dmp

memory/2944-1143-0x000000013FBF0000-0x000000013FF41000-memory.dmp

memory/272-1177-0x000000013F480000-0x000000013F7D1000-memory.dmp

memory/2820-1179-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2540-1191-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2300-1193-0x000000013F370000-0x000000013F6C1000-memory.dmp

memory/2660-1195-0x000000013FF90000-0x00000001402E1000-memory.dmp

memory/2604-1198-0x000000013F110000-0x000000013F461000-memory.dmp

memory/2724-1199-0x000000013F530000-0x000000013F881000-memory.dmp

memory/2796-1201-0x000000013FBB0000-0x000000013FF01000-memory.dmp

memory/2460-1203-0x000000013FCD0000-0x0000000140021000-memory.dmp

memory/2616-1205-0x000000013F2F0000-0x000000013F641000-memory.dmp

memory/2108-1207-0x000000013FA10000-0x000000013FD61000-memory.dmp

memory/1432-1240-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2744-1243-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2676-1244-0x000000013FD70000-0x00000001400C1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 15:32

Reported

2024-06-25 15:34

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fnaUSGm.exe N/A
N/A N/A C:\Windows\System\VpIkJXe.exe N/A
N/A N/A C:\Windows\System\cQgBNWD.exe N/A
N/A N/A C:\Windows\System\OWftCSb.exe N/A
N/A N/A C:\Windows\System\YPyCXhQ.exe N/A
N/A N/A C:\Windows\System\hbydxIz.exe N/A
N/A N/A C:\Windows\System\qUpOsrl.exe N/A
N/A N/A C:\Windows\System\eqjyEmV.exe N/A
N/A N/A C:\Windows\System\QpiXPLs.exe N/A
N/A N/A C:\Windows\System\wAbZsox.exe N/A
N/A N/A C:\Windows\System\NQjNXYP.exe N/A
N/A N/A C:\Windows\System\QsyLcnb.exe N/A
N/A N/A C:\Windows\System\wMPdiLl.exe N/A
N/A N/A C:\Windows\System\xrwOOzm.exe N/A
N/A N/A C:\Windows\System\ZzpgSPK.exe N/A
N/A N/A C:\Windows\System\GVEXzRt.exe N/A
N/A N/A C:\Windows\System\aFNrUjQ.exe N/A
N/A N/A C:\Windows\System\AvBznUE.exe N/A
N/A N/A C:\Windows\System\ZYEzMai.exe N/A
N/A N/A C:\Windows\System\JPEOsPG.exe N/A
N/A N/A C:\Windows\System\AyOxRHm.exe N/A
N/A N/A C:\Windows\System\MBJPRvU.exe N/A
N/A N/A C:\Windows\System\iUERoQM.exe N/A
N/A N/A C:\Windows\System\lMpVPhW.exe N/A
N/A N/A C:\Windows\System\lkfJFnw.exe N/A
N/A N/A C:\Windows\System\pGpBRzY.exe N/A
N/A N/A C:\Windows\System\rObVwPa.exe N/A
N/A N/A C:\Windows\System\BvfKrrH.exe N/A
N/A N/A C:\Windows\System\ImPUChx.exe N/A
N/A N/A C:\Windows\System\irpyfPJ.exe N/A
N/A N/A C:\Windows\System\yHqoFdM.exe N/A
N/A N/A C:\Windows\System\DzwaujS.exe N/A
N/A N/A C:\Windows\System\XPepeVp.exe N/A
N/A N/A C:\Windows\System\MiRFoCv.exe N/A
N/A N/A C:\Windows\System\FAqiizW.exe N/A
N/A N/A C:\Windows\System\lwFcBPr.exe N/A
N/A N/A C:\Windows\System\lPLWqAf.exe N/A
N/A N/A C:\Windows\System\GKpqJav.exe N/A
N/A N/A C:\Windows\System\jwZEtWX.exe N/A
N/A N/A C:\Windows\System\dheRJzh.exe N/A
N/A N/A C:\Windows\System\CKoPLgg.exe N/A
N/A N/A C:\Windows\System\twtIVUj.exe N/A
N/A N/A C:\Windows\System\nDWaAqx.exe N/A
N/A N/A C:\Windows\System\TcMxUtJ.exe N/A
N/A N/A C:\Windows\System\CBTHvvE.exe N/A
N/A N/A C:\Windows\System\zvKNZzU.exe N/A
N/A N/A C:\Windows\System\WkbWkXz.exe N/A
N/A N/A C:\Windows\System\AasMfZG.exe N/A
N/A N/A C:\Windows\System\bSEqhbo.exe N/A
N/A N/A C:\Windows\System\AVnCPWj.exe N/A
N/A N/A C:\Windows\System\wuQgowp.exe N/A
N/A N/A C:\Windows\System\ykSyBbA.exe N/A
N/A N/A C:\Windows\System\TCRqjyN.exe N/A
N/A N/A C:\Windows\System\JWzQazo.exe N/A
N/A N/A C:\Windows\System\jpjnRlN.exe N/A
N/A N/A C:\Windows\System\SOOruGR.exe N/A
N/A N/A C:\Windows\System\qBItlIZ.exe N/A
N/A N/A C:\Windows\System\ohAsLWR.exe N/A
N/A N/A C:\Windows\System\OVhldpf.exe N/A
N/A N/A C:\Windows\System\JfEiFIv.exe N/A
N/A N/A C:\Windows\System\TszlRiP.exe N/A
N/A N/A C:\Windows\System\zJNjCBF.exe N/A
N/A N/A C:\Windows\System\rmLLISO.exe N/A
N/A N/A C:\Windows\System\UZeFdHA.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HHRdUOJ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjYmTpO.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\elQGbzR.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzYyCJF.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyHCTgF.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSBgbHu.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAbZsox.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvKNZzU.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBItlIZ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXOJXrK.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsLIJVH.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzzhvmP.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLfgOgD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\aoLrRnc.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\EgvNduy.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\AasMfZG.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCRqjyN.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBPhlKD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzhmblt.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRdqfma.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\NQjNXYP.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcMGAEW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpojlTG.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuxqRef.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\YPyCXhQ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\OswuWDf.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\kBxQOEv.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKnjwFU.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWftCSb.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\bbHdAsw.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPlnyBi.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\uZfPYEo.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJIzHBH.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaqoIWa.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\FIrTDIz.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAvgwdd.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaKnjjj.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjwFxcY.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqjyEmV.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\yHqoFdM.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\huhNfqA.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNecJOG.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmJkdtg.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfZlFPf.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\DQbDgDn.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVEXzRt.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKnomwG.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\oacCTTK.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpNKGGX.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJNjCBF.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHlrfUk.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRATWsw.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZjqBPD.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\pIsYHIB.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWzQazo.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\TszlRiP.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLeljRo.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAnqetZ.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMMAllW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrzxOAH.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\vpHudUI.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujkjgIB.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFdvgNk.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgHmmnW.exe C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4256 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\fnaUSGm.exe
PID 4256 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\fnaUSGm.exe
PID 4256 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\VpIkJXe.exe
PID 4256 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\VpIkJXe.exe
PID 4256 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\cQgBNWD.exe
PID 4256 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\cQgBNWD.exe
PID 4256 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\OWftCSb.exe
PID 4256 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\OWftCSb.exe
PID 4256 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\YPyCXhQ.exe
PID 4256 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\YPyCXhQ.exe
PID 4256 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\hbydxIz.exe
PID 4256 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\hbydxIz.exe
PID 4256 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QpiXPLs.exe
PID 4256 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QpiXPLs.exe
PID 4256 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\qUpOsrl.exe
PID 4256 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\qUpOsrl.exe
PID 4256 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\eqjyEmV.exe
PID 4256 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\eqjyEmV.exe
PID 4256 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wAbZsox.exe
PID 4256 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wAbZsox.exe
PID 4256 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QsyLcnb.exe
PID 4256 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\QsyLcnb.exe
PID 4256 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\NQjNXYP.exe
PID 4256 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\NQjNXYP.exe
PID 4256 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wMPdiLl.exe
PID 4256 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\wMPdiLl.exe
PID 4256 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\xrwOOzm.exe
PID 4256 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\xrwOOzm.exe
PID 4256 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZzpgSPK.exe
PID 4256 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZzpgSPK.exe
PID 4256 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\GVEXzRt.exe
PID 4256 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\GVEXzRt.exe
PID 4256 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\aFNrUjQ.exe
PID 4256 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\aFNrUjQ.exe
PID 4256 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AvBznUE.exe
PID 4256 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AvBznUE.exe
PID 4256 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZYEzMai.exe
PID 4256 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ZYEzMai.exe
PID 4256 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\JPEOsPG.exe
PID 4256 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\JPEOsPG.exe
PID 4256 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AyOxRHm.exe
PID 4256 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\AyOxRHm.exe
PID 4256 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\MBJPRvU.exe
PID 4256 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\MBJPRvU.exe
PID 4256 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\iUERoQM.exe
PID 4256 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\iUERoQM.exe
PID 4256 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\lMpVPhW.exe
PID 4256 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\lMpVPhW.exe
PID 4256 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\lkfJFnw.exe
PID 4256 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\lkfJFnw.exe
PID 4256 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\pGpBRzY.exe
PID 4256 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\pGpBRzY.exe
PID 4256 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\rObVwPa.exe
PID 4256 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\rObVwPa.exe
PID 4256 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\BvfKrrH.exe
PID 4256 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\BvfKrrH.exe
PID 4256 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ImPUChx.exe
PID 4256 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\ImPUChx.exe
PID 4256 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\irpyfPJ.exe
PID 4256 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\irpyfPJ.exe
PID 4256 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\yHqoFdM.exe
PID 4256 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\yHqoFdM.exe
PID 4256 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\DzwaujS.exe
PID 4256 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe C:\Windows\System\DzwaujS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\718435e68b93e96495f14cbd5455d25792c356172ee1e42fa184af4dd6ac84fb_NeikiAnalytics.exe"

C:\Windows\System\fnaUSGm.exe

C:\Windows\System\fnaUSGm.exe

C:\Windows\System\VpIkJXe.exe

C:\Windows\System\VpIkJXe.exe

C:\Windows\System\cQgBNWD.exe

C:\Windows\System\cQgBNWD.exe

C:\Windows\System\OWftCSb.exe

C:\Windows\System\OWftCSb.exe

C:\Windows\System\YPyCXhQ.exe

C:\Windows\System\YPyCXhQ.exe

C:\Windows\System\hbydxIz.exe

C:\Windows\System\hbydxIz.exe

C:\Windows\System\QpiXPLs.exe

C:\Windows\System\QpiXPLs.exe

C:\Windows\System\qUpOsrl.exe

C:\Windows\System\qUpOsrl.exe

C:\Windows\System\eqjyEmV.exe

C:\Windows\System\eqjyEmV.exe

C:\Windows\System\wAbZsox.exe

C:\Windows\System\wAbZsox.exe

C:\Windows\System\QsyLcnb.exe

C:\Windows\System\QsyLcnb.exe

C:\Windows\System\NQjNXYP.exe

C:\Windows\System\NQjNXYP.exe

C:\Windows\System\wMPdiLl.exe

C:\Windows\System\wMPdiLl.exe

C:\Windows\System\xrwOOzm.exe

C:\Windows\System\xrwOOzm.exe

C:\Windows\System\ZzpgSPK.exe

C:\Windows\System\ZzpgSPK.exe

C:\Windows\System\GVEXzRt.exe

C:\Windows\System\GVEXzRt.exe

C:\Windows\System\aFNrUjQ.exe

C:\Windows\System\aFNrUjQ.exe

C:\Windows\System\AvBznUE.exe

C:\Windows\System\AvBznUE.exe

C:\Windows\System\ZYEzMai.exe

C:\Windows\System\ZYEzMai.exe

C:\Windows\System\JPEOsPG.exe

C:\Windows\System\JPEOsPG.exe

C:\Windows\System\AyOxRHm.exe

C:\Windows\System\AyOxRHm.exe

C:\Windows\System\MBJPRvU.exe

C:\Windows\System\MBJPRvU.exe

C:\Windows\System\iUERoQM.exe

C:\Windows\System\iUERoQM.exe

C:\Windows\System\lMpVPhW.exe

C:\Windows\System\lMpVPhW.exe

C:\Windows\System\lkfJFnw.exe

C:\Windows\System\lkfJFnw.exe

C:\Windows\System\pGpBRzY.exe

C:\Windows\System\pGpBRzY.exe

C:\Windows\System\rObVwPa.exe

C:\Windows\System\rObVwPa.exe

C:\Windows\System\BvfKrrH.exe

C:\Windows\System\BvfKrrH.exe

C:\Windows\System\ImPUChx.exe

C:\Windows\System\ImPUChx.exe

C:\Windows\System\irpyfPJ.exe

C:\Windows\System\irpyfPJ.exe

C:\Windows\System\yHqoFdM.exe

C:\Windows\System\yHqoFdM.exe

C:\Windows\System\DzwaujS.exe

C:\Windows\System\DzwaujS.exe

C:\Windows\System\XPepeVp.exe

C:\Windows\System\XPepeVp.exe

C:\Windows\System\MiRFoCv.exe

C:\Windows\System\MiRFoCv.exe

C:\Windows\System\FAqiizW.exe

C:\Windows\System\FAqiizW.exe

C:\Windows\System\lwFcBPr.exe

C:\Windows\System\lwFcBPr.exe

C:\Windows\System\lPLWqAf.exe

C:\Windows\System\lPLWqAf.exe

C:\Windows\System\GKpqJav.exe

C:\Windows\System\GKpqJav.exe

C:\Windows\System\jwZEtWX.exe

C:\Windows\System\jwZEtWX.exe

C:\Windows\System\dheRJzh.exe

C:\Windows\System\dheRJzh.exe

C:\Windows\System\CKoPLgg.exe

C:\Windows\System\CKoPLgg.exe

C:\Windows\System\twtIVUj.exe

C:\Windows\System\twtIVUj.exe

C:\Windows\System\nDWaAqx.exe

C:\Windows\System\nDWaAqx.exe

C:\Windows\System\TcMxUtJ.exe

C:\Windows\System\TcMxUtJ.exe

C:\Windows\System\CBTHvvE.exe

C:\Windows\System\CBTHvvE.exe

C:\Windows\System\zvKNZzU.exe

C:\Windows\System\zvKNZzU.exe

C:\Windows\System\WkbWkXz.exe

C:\Windows\System\WkbWkXz.exe

C:\Windows\System\AasMfZG.exe

C:\Windows\System\AasMfZG.exe

C:\Windows\System\bSEqhbo.exe

C:\Windows\System\bSEqhbo.exe

C:\Windows\System\AVnCPWj.exe

C:\Windows\System\AVnCPWj.exe

C:\Windows\System\wuQgowp.exe

C:\Windows\System\wuQgowp.exe

C:\Windows\System\ykSyBbA.exe

C:\Windows\System\ykSyBbA.exe

C:\Windows\System\TCRqjyN.exe

C:\Windows\System\TCRqjyN.exe

C:\Windows\System\JWzQazo.exe

C:\Windows\System\JWzQazo.exe

C:\Windows\System\jpjnRlN.exe

C:\Windows\System\jpjnRlN.exe

C:\Windows\System\SOOruGR.exe

C:\Windows\System\SOOruGR.exe

C:\Windows\System\qBItlIZ.exe

C:\Windows\System\qBItlIZ.exe

C:\Windows\System\ohAsLWR.exe

C:\Windows\System\ohAsLWR.exe

C:\Windows\System\OVhldpf.exe

C:\Windows\System\OVhldpf.exe

C:\Windows\System\JfEiFIv.exe

C:\Windows\System\JfEiFIv.exe

C:\Windows\System\TszlRiP.exe

C:\Windows\System\TszlRiP.exe

C:\Windows\System\zJNjCBF.exe

C:\Windows\System\zJNjCBF.exe

C:\Windows\System\rmLLISO.exe

C:\Windows\System\rmLLISO.exe

C:\Windows\System\UZeFdHA.exe

C:\Windows\System\UZeFdHA.exe

C:\Windows\System\OswuWDf.exe

C:\Windows\System\OswuWDf.exe

C:\Windows\System\KqMbStO.exe

C:\Windows\System\KqMbStO.exe

C:\Windows\System\ZLyeQRk.exe

C:\Windows\System\ZLyeQRk.exe

C:\Windows\System\bHWtwsR.exe

C:\Windows\System\bHWtwsR.exe

C:\Windows\System\PUlNQUY.exe

C:\Windows\System\PUlNQUY.exe

C:\Windows\System\hTrZYUI.exe

C:\Windows\System\hTrZYUI.exe

C:\Windows\System\TmYGRUS.exe

C:\Windows\System\TmYGRUS.exe

C:\Windows\System\CcrooHa.exe

C:\Windows\System\CcrooHa.exe

C:\Windows\System\pMNAdBz.exe

C:\Windows\System\pMNAdBz.exe

C:\Windows\System\tHdViXh.exe

C:\Windows\System\tHdViXh.exe

C:\Windows\System\fIAdSDq.exe

C:\Windows\System\fIAdSDq.exe

C:\Windows\System\knHYrEl.exe

C:\Windows\System\knHYrEl.exe

C:\Windows\System\cudIsoS.exe

C:\Windows\System\cudIsoS.exe

C:\Windows\System\tAslUER.exe

C:\Windows\System\tAslUER.exe

C:\Windows\System\ODdUvIw.exe

C:\Windows\System\ODdUvIw.exe

C:\Windows\System\uMDrnUH.exe

C:\Windows\System\uMDrnUH.exe

C:\Windows\System\cPOiDgk.exe

C:\Windows\System\cPOiDgk.exe

C:\Windows\System\xModQMr.exe

C:\Windows\System\xModQMr.exe

C:\Windows\System\ntIcWeZ.exe

C:\Windows\System\ntIcWeZ.exe

C:\Windows\System\cknIbQl.exe

C:\Windows\System\cknIbQl.exe

C:\Windows\System\ZzfSVnM.exe

C:\Windows\System\ZzfSVnM.exe

C:\Windows\System\DHlrfUk.exe

C:\Windows\System\DHlrfUk.exe

C:\Windows\System\RXOJXrK.exe

C:\Windows\System\RXOJXrK.exe

C:\Windows\System\JACusMT.exe

C:\Windows\System\JACusMT.exe

C:\Windows\System\ttxEqLP.exe

C:\Windows\System\ttxEqLP.exe

C:\Windows\System\QGscAmp.exe

C:\Windows\System\QGscAmp.exe

C:\Windows\System\eIRyfeh.exe

C:\Windows\System\eIRyfeh.exe

C:\Windows\System\cNbecId.exe

C:\Windows\System\cNbecId.exe

C:\Windows\System\ggsNtiZ.exe

C:\Windows\System\ggsNtiZ.exe

C:\Windows\System\hfpxeaf.exe

C:\Windows\System\hfpxeaf.exe

C:\Windows\System\TiVEefK.exe

C:\Windows\System\TiVEefK.exe

C:\Windows\System\GFyAegP.exe

C:\Windows\System\GFyAegP.exe

C:\Windows\System\HVciYoS.exe

C:\Windows\System\HVciYoS.exe

C:\Windows\System\rVhHjfM.exe

C:\Windows\System\rVhHjfM.exe

C:\Windows\System\UFdvgNk.exe

C:\Windows\System\UFdvgNk.exe

C:\Windows\System\bWLqZgR.exe

C:\Windows\System\bWLqZgR.exe

C:\Windows\System\rcMGAEW.exe

C:\Windows\System\rcMGAEW.exe

C:\Windows\System\HcywVJI.exe

C:\Windows\System\HcywVJI.exe

C:\Windows\System\grwKzcP.exe

C:\Windows\System\grwKzcP.exe

C:\Windows\System\HYsSYKo.exe

C:\Windows\System\HYsSYKo.exe

C:\Windows\System\YQotbPK.exe

C:\Windows\System\YQotbPK.exe

C:\Windows\System\SyNNrxr.exe

C:\Windows\System\SyNNrxr.exe

C:\Windows\System\JrzxOAH.exe

C:\Windows\System\JrzxOAH.exe

C:\Windows\System\trOVoFi.exe

C:\Windows\System\trOVoFi.exe

C:\Windows\System\UBVtYgK.exe

C:\Windows\System\UBVtYgK.exe

C:\Windows\System\xUUsLhN.exe

C:\Windows\System\xUUsLhN.exe

C:\Windows\System\AKiEnXS.exe

C:\Windows\System\AKiEnXS.exe

C:\Windows\System\wOaRMNH.exe

C:\Windows\System\wOaRMNH.exe

C:\Windows\System\qCQOzSk.exe

C:\Windows\System\qCQOzSk.exe

C:\Windows\System\DEyHmGE.exe

C:\Windows\System\DEyHmGE.exe

C:\Windows\System\cissdXx.exe

C:\Windows\System\cissdXx.exe

C:\Windows\System\BSYyeej.exe

C:\Windows\System\BSYyeej.exe

C:\Windows\System\ILRIkIz.exe

C:\Windows\System\ILRIkIz.exe

C:\Windows\System\JiiqSGt.exe

C:\Windows\System\JiiqSGt.exe

C:\Windows\System\VzejBhS.exe

C:\Windows\System\VzejBhS.exe

C:\Windows\System\vpHudUI.exe

C:\Windows\System\vpHudUI.exe

C:\Windows\System\dKnomwG.exe

C:\Windows\System\dKnomwG.exe

C:\Windows\System\qNNJLPS.exe

C:\Windows\System\qNNJLPS.exe

C:\Windows\System\GHtvpSm.exe

C:\Windows\System\GHtvpSm.exe

C:\Windows\System\TttDmxn.exe

C:\Windows\System\TttDmxn.exe

C:\Windows\System\BRFZiOR.exe

C:\Windows\System\BRFZiOR.exe

C:\Windows\System\FNaWQsS.exe

C:\Windows\System\FNaWQsS.exe

C:\Windows\System\huhNfqA.exe

C:\Windows\System\huhNfqA.exe

C:\Windows\System\GsLIJVH.exe

C:\Windows\System\GsLIJVH.exe

C:\Windows\System\OfhQNMk.exe

C:\Windows\System\OfhQNMk.exe

C:\Windows\System\HHRdUOJ.exe

C:\Windows\System\HHRdUOJ.exe

C:\Windows\System\FiFVsjz.exe

C:\Windows\System\FiFVsjz.exe

C:\Windows\System\xHvRFQM.exe

C:\Windows\System\xHvRFQM.exe

C:\Windows\System\FPlnyBi.exe

C:\Windows\System\FPlnyBi.exe

C:\Windows\System\rOvhmpa.exe

C:\Windows\System\rOvhmpa.exe

C:\Windows\System\LpwRXqt.exe

C:\Windows\System\LpwRXqt.exe

C:\Windows\System\xNecJOG.exe

C:\Windows\System\xNecJOG.exe

C:\Windows\System\qmiqxdT.exe

C:\Windows\System\qmiqxdT.exe

C:\Windows\System\XmJkdtg.exe

C:\Windows\System\XmJkdtg.exe

C:\Windows\System\WBPhlKD.exe

C:\Windows\System\WBPhlKD.exe

C:\Windows\System\QmxfXZL.exe

C:\Windows\System\QmxfXZL.exe

C:\Windows\System\vAvgwdd.exe

C:\Windows\System\vAvgwdd.exe

C:\Windows\System\VtvriuU.exe

C:\Windows\System\VtvriuU.exe

C:\Windows\System\tnLpznv.exe

C:\Windows\System\tnLpznv.exe

C:\Windows\System\RYYWdRH.exe

C:\Windows\System\RYYWdRH.exe

C:\Windows\System\MUlQrWo.exe

C:\Windows\System\MUlQrWo.exe

C:\Windows\System\KegEWcp.exe

C:\Windows\System\KegEWcp.exe

C:\Windows\System\pLQAlVa.exe

C:\Windows\System\pLQAlVa.exe

C:\Windows\System\EAReCiF.exe

C:\Windows\System\EAReCiF.exe

C:\Windows\System\WIddTXN.exe

C:\Windows\System\WIddTXN.exe

C:\Windows\System\gsbXxhN.exe

C:\Windows\System\gsbXxhN.exe

C:\Windows\System\OlCBOjF.exe

C:\Windows\System\OlCBOjF.exe

C:\Windows\System\QZPMBiz.exe

C:\Windows\System\QZPMBiz.exe

C:\Windows\System\yqSDkwX.exe

C:\Windows\System\yqSDkwX.exe

C:\Windows\System\mvnCgkk.exe

C:\Windows\System\mvnCgkk.exe

C:\Windows\System\eyVWAtf.exe

C:\Windows\System\eyVWAtf.exe

C:\Windows\System\ZSVvMvA.exe

C:\Windows\System\ZSVvMvA.exe

C:\Windows\System\vjNFlyo.exe

C:\Windows\System\vjNFlyo.exe

C:\Windows\System\njQBFhW.exe

C:\Windows\System\njQBFhW.exe

C:\Windows\System\VLeljRo.exe

C:\Windows\System\VLeljRo.exe

C:\Windows\System\BNYYvrt.exe

C:\Windows\System\BNYYvrt.exe

C:\Windows\System\IWQWSYg.exe

C:\Windows\System\IWQWSYg.exe

C:\Windows\System\uZfPYEo.exe

C:\Windows\System\uZfPYEo.exe

C:\Windows\System\SHcBgHF.exe

C:\Windows\System\SHcBgHF.exe

C:\Windows\System\ikQscnk.exe

C:\Windows\System\ikQscnk.exe

C:\Windows\System\JnrAHTs.exe

C:\Windows\System\JnrAHTs.exe

C:\Windows\System\dpBxdRO.exe

C:\Windows\System\dpBxdRO.exe

C:\Windows\System\wuKpRvx.exe

C:\Windows\System\wuKpRvx.exe

C:\Windows\System\gjrNINl.exe

C:\Windows\System\gjrNINl.exe

C:\Windows\System\TaKnjjj.exe

C:\Windows\System\TaKnjjj.exe

C:\Windows\System\XynQfoB.exe

C:\Windows\System\XynQfoB.exe

C:\Windows\System\QxMFaUk.exe

C:\Windows\System\QxMFaUk.exe

C:\Windows\System\IBOczrS.exe

C:\Windows\System\IBOczrS.exe

C:\Windows\System\xXEJDJH.exe

C:\Windows\System\xXEJDJH.exe

C:\Windows\System\dgAehIy.exe

C:\Windows\System\dgAehIy.exe

C:\Windows\System\vHULVwp.exe

C:\Windows\System\vHULVwp.exe

C:\Windows\System\XfttnNb.exe

C:\Windows\System\XfttnNb.exe

C:\Windows\System\rBPvcvV.exe

C:\Windows\System\rBPvcvV.exe

C:\Windows\System\hJeuYWz.exe

C:\Windows\System\hJeuYWz.exe

C:\Windows\System\QmgjHmz.exe

C:\Windows\System\QmgjHmz.exe

C:\Windows\System\CEpSfmv.exe

C:\Windows\System\CEpSfmv.exe

C:\Windows\System\FllsPYD.exe

C:\Windows\System\FllsPYD.exe

C:\Windows\System\vMcQGOe.exe

C:\Windows\System\vMcQGOe.exe

C:\Windows\System\JJIzHBH.exe

C:\Windows\System\JJIzHBH.exe

C:\Windows\System\NRRASBp.exe

C:\Windows\System\NRRASBp.exe

C:\Windows\System\VSZvXGs.exe

C:\Windows\System\VSZvXGs.exe

C:\Windows\System\sumwEKZ.exe

C:\Windows\System\sumwEKZ.exe

C:\Windows\System\VSzrrnk.exe

C:\Windows\System\VSzrrnk.exe

C:\Windows\System\TRATWsw.exe

C:\Windows\System\TRATWsw.exe

C:\Windows\System\ySvIdJJ.exe

C:\Windows\System\ySvIdJJ.exe

C:\Windows\System\NsqarMM.exe

C:\Windows\System\NsqarMM.exe

C:\Windows\System\kBxQOEv.exe

C:\Windows\System\kBxQOEv.exe

C:\Windows\System\pMTBsud.exe

C:\Windows\System\pMTBsud.exe

C:\Windows\System\QpojlTG.exe

C:\Windows\System\QpojlTG.exe

C:\Windows\System\PaqoIWa.exe

C:\Windows\System\PaqoIWa.exe

C:\Windows\System\dzhmblt.exe

C:\Windows\System\dzhmblt.exe

C:\Windows\System\lqWtWVD.exe

C:\Windows\System\lqWtWVD.exe

C:\Windows\System\aideqFb.exe

C:\Windows\System\aideqFb.exe

C:\Windows\System\yMBZDHU.exe

C:\Windows\System\yMBZDHU.exe

C:\Windows\System\pPMkpCR.exe

C:\Windows\System\pPMkpCR.exe

C:\Windows\System\snpKZot.exe

C:\Windows\System\snpKZot.exe

C:\Windows\System\EfNslhj.exe

C:\Windows\System\EfNslhj.exe

C:\Windows\System\cnsISSW.exe

C:\Windows\System\cnsISSW.exe

C:\Windows\System\wnyjawr.exe

C:\Windows\System\wnyjawr.exe

C:\Windows\System\anfHCLD.exe

C:\Windows\System\anfHCLD.exe

C:\Windows\System\KMmjhyL.exe

C:\Windows\System\KMmjhyL.exe

C:\Windows\System\kRZeghA.exe

C:\Windows\System\kRZeghA.exe

C:\Windows\System\uOVycCX.exe

C:\Windows\System\uOVycCX.exe

C:\Windows\System\NCdipam.exe

C:\Windows\System\NCdipam.exe

C:\Windows\System\aAnqetZ.exe

C:\Windows\System\aAnqetZ.exe

C:\Windows\System\ORFCHnu.exe

C:\Windows\System\ORFCHnu.exe

C:\Windows\System\XuxGObV.exe

C:\Windows\System\XuxGObV.exe

C:\Windows\System\VLFgFxd.exe

C:\Windows\System\VLFgFxd.exe

C:\Windows\System\zzYyCJF.exe

C:\Windows\System\zzYyCJF.exe

C:\Windows\System\OMVWzUX.exe

C:\Windows\System\OMVWzUX.exe

C:\Windows\System\obJxZoh.exe

C:\Windows\System\obJxZoh.exe

C:\Windows\System\UoKVNXp.exe

C:\Windows\System\UoKVNXp.exe

C:\Windows\System\Fulagqf.exe

C:\Windows\System\Fulagqf.exe

C:\Windows\System\MkrWetT.exe

C:\Windows\System\MkrWetT.exe

C:\Windows\System\JaEDmvU.exe

C:\Windows\System\JaEDmvU.exe

C:\Windows\System\AOujsaP.exe

C:\Windows\System\AOujsaP.exe

C:\Windows\System\GjYmTpO.exe

C:\Windows\System\GjYmTpO.exe

C:\Windows\System\FixVXaS.exe

C:\Windows\System\FixVXaS.exe

C:\Windows\System\xAWGXxn.exe

C:\Windows\System\xAWGXxn.exe

C:\Windows\System\PioqmiD.exe

C:\Windows\System\PioqmiD.exe

C:\Windows\System\vmWWHuq.exe

C:\Windows\System\vmWWHuq.exe

C:\Windows\System\oacCTTK.exe

C:\Windows\System\oacCTTK.exe

C:\Windows\System\PjwFxcY.exe

C:\Windows\System\PjwFxcY.exe

C:\Windows\System\PljejiU.exe

C:\Windows\System\PljejiU.exe

C:\Windows\System\CLlBoFI.exe

C:\Windows\System\CLlBoFI.exe

C:\Windows\System\pBXzxuB.exe

C:\Windows\System\pBXzxuB.exe

C:\Windows\System\QIiQWPv.exe

C:\Windows\System\QIiQWPv.exe

C:\Windows\System\RgHmmnW.exe

C:\Windows\System\RgHmmnW.exe

C:\Windows\System\BSXhzca.exe

C:\Windows\System\BSXhzca.exe

C:\Windows\System\gkZWxjG.exe

C:\Windows\System\gkZWxjG.exe

C:\Windows\System\SkOQkUk.exe

C:\Windows\System\SkOQkUk.exe

C:\Windows\System\NpQMSRw.exe

C:\Windows\System\NpQMSRw.exe

C:\Windows\System\SlvjbMS.exe

C:\Windows\System\SlvjbMS.exe

C:\Windows\System\ucbFKXU.exe

C:\Windows\System\ucbFKXU.exe

C:\Windows\System\BAhCHeK.exe

C:\Windows\System\BAhCHeK.exe

C:\Windows\System\elQGbzR.exe

C:\Windows\System\elQGbzR.exe

C:\Windows\System\JyEzJNi.exe

C:\Windows\System\JyEzJNi.exe

C:\Windows\System\fyHCTgF.exe

C:\Windows\System\fyHCTgF.exe

C:\Windows\System\DYZAKkU.exe

C:\Windows\System\DYZAKkU.exe

C:\Windows\System\YEtzsYQ.exe

C:\Windows\System\YEtzsYQ.exe

C:\Windows\System\NZyWvYS.exe

C:\Windows\System\NZyWvYS.exe

C:\Windows\System\qSdCVHs.exe

C:\Windows\System\qSdCVHs.exe

C:\Windows\System\Oaknmnq.exe

C:\Windows\System\Oaknmnq.exe

C:\Windows\System\dSsHsSF.exe

C:\Windows\System\dSsHsSF.exe

C:\Windows\System\yBpbYdz.exe

C:\Windows\System\yBpbYdz.exe

C:\Windows\System\mZlUjpu.exe

C:\Windows\System\mZlUjpu.exe

C:\Windows\System\gipSeKY.exe

C:\Windows\System\gipSeKY.exe

C:\Windows\System\ENbcqMa.exe

C:\Windows\System\ENbcqMa.exe

C:\Windows\System\WdJoCEE.exe

C:\Windows\System\WdJoCEE.exe

C:\Windows\System\LnkiZJS.exe

C:\Windows\System\LnkiZJS.exe

C:\Windows\System\wUIzMeG.exe

C:\Windows\System\wUIzMeG.exe

C:\Windows\System\zSBgbHu.exe

C:\Windows\System\zSBgbHu.exe

C:\Windows\System\wvStXHM.exe

C:\Windows\System\wvStXHM.exe

C:\Windows\System\LqgppGu.exe

C:\Windows\System\LqgppGu.exe

C:\Windows\System\ZRdqfma.exe

C:\Windows\System\ZRdqfma.exe

C:\Windows\System\jpNKGGX.exe

C:\Windows\System\jpNKGGX.exe

C:\Windows\System\gWyMUVb.exe

C:\Windows\System\gWyMUVb.exe

C:\Windows\System\auiJpbr.exe

C:\Windows\System\auiJpbr.exe

C:\Windows\System\JphLSLd.exe

C:\Windows\System\JphLSLd.exe

C:\Windows\System\TuxqRef.exe

C:\Windows\System\TuxqRef.exe

C:\Windows\System\wrXbJzE.exe

C:\Windows\System\wrXbJzE.exe

C:\Windows\System\AJdqUXm.exe

C:\Windows\System\AJdqUXm.exe

C:\Windows\System\VbLjQdK.exe

C:\Windows\System\VbLjQdK.exe

C:\Windows\System\KsPypyu.exe

C:\Windows\System\KsPypyu.exe

C:\Windows\System\IVqBMNM.exe

C:\Windows\System\IVqBMNM.exe

C:\Windows\System\YoFFZaY.exe

C:\Windows\System\YoFFZaY.exe

C:\Windows\System\MJZmsTM.exe

C:\Windows\System\MJZmsTM.exe

C:\Windows\System\MtSdGqz.exe

C:\Windows\System\MtSdGqz.exe

C:\Windows\System\xXkZhCn.exe

C:\Windows\System\xXkZhCn.exe

C:\Windows\System\aFCisVl.exe

C:\Windows\System\aFCisVl.exe

C:\Windows\System\tjCqQlo.exe

C:\Windows\System\tjCqQlo.exe

C:\Windows\System\kJcuEZL.exe

C:\Windows\System\kJcuEZL.exe

C:\Windows\System\zzzhvmP.exe

C:\Windows\System\zzzhvmP.exe

C:\Windows\System\ujkjgIB.exe

C:\Windows\System\ujkjgIB.exe

C:\Windows\System\QfqNrCV.exe

C:\Windows\System\QfqNrCV.exe

C:\Windows\System\WPMIaDP.exe

C:\Windows\System\WPMIaDP.exe

C:\Windows\System\ZxyBxhI.exe

C:\Windows\System\ZxyBxhI.exe

C:\Windows\System\uPbwmhw.exe

C:\Windows\System\uPbwmhw.exe

C:\Windows\System\nKRHukb.exe

C:\Windows\System\nKRHukb.exe

C:\Windows\System\gVGUAfb.exe

C:\Windows\System\gVGUAfb.exe

C:\Windows\System\YgXeSzq.exe

C:\Windows\System\YgXeSzq.exe

C:\Windows\System\SfZlFPf.exe

C:\Windows\System\SfZlFPf.exe

C:\Windows\System\ygFbHSr.exe

C:\Windows\System\ygFbHSr.exe

C:\Windows\System\FIrTDIz.exe

C:\Windows\System\FIrTDIz.exe

C:\Windows\System\XtIvrUh.exe

C:\Windows\System\XtIvrUh.exe

C:\Windows\System\ZBXyDaT.exe

C:\Windows\System\ZBXyDaT.exe

C:\Windows\System\RzlsARa.exe

C:\Windows\System\RzlsARa.exe

C:\Windows\System\pJEQBus.exe

C:\Windows\System\pJEQBus.exe

C:\Windows\System\fQUomWT.exe

C:\Windows\System\fQUomWT.exe

C:\Windows\System\awPxkUM.exe

C:\Windows\System\awPxkUM.exe

C:\Windows\System\DtRHnxZ.exe

C:\Windows\System\DtRHnxZ.exe

C:\Windows\System\SqvhOgY.exe

C:\Windows\System\SqvhOgY.exe

C:\Windows\System\AeSQGrJ.exe

C:\Windows\System\AeSQGrJ.exe

C:\Windows\System\Vqohcha.exe

C:\Windows\System\Vqohcha.exe

C:\Windows\System\XosqLva.exe

C:\Windows\System\XosqLva.exe

C:\Windows\System\kuCLlNy.exe

C:\Windows\System\kuCLlNy.exe

C:\Windows\System\aoLrRnc.exe

C:\Windows\System\aoLrRnc.exe

C:\Windows\System\diZMDoz.exe

C:\Windows\System\diZMDoz.exe

C:\Windows\System\AMMAllW.exe

C:\Windows\System\AMMAllW.exe

C:\Windows\System\JIgyNxZ.exe

C:\Windows\System\JIgyNxZ.exe

C:\Windows\System\RPkYpQc.exe

C:\Windows\System\RPkYpQc.exe

C:\Windows\System\ldZJEGG.exe

C:\Windows\System\ldZJEGG.exe

C:\Windows\System\nDzDLpo.exe

C:\Windows\System\nDzDLpo.exe

C:\Windows\System\IkTnADx.exe

C:\Windows\System\IkTnADx.exe

C:\Windows\System\JZjqBPD.exe

C:\Windows\System\JZjqBPD.exe

C:\Windows\System\bvUQIla.exe

C:\Windows\System\bvUQIla.exe

C:\Windows\System\RKnjwFU.exe

C:\Windows\System\RKnjwFU.exe

C:\Windows\System\GkTtAyP.exe

C:\Windows\System\GkTtAyP.exe

C:\Windows\System\awcewMO.exe

C:\Windows\System\awcewMO.exe

C:\Windows\System\DQbDgDn.exe

C:\Windows\System\DQbDgDn.exe

C:\Windows\System\OvPOuZO.exe

C:\Windows\System\OvPOuZO.exe

C:\Windows\System\jAYURZo.exe

C:\Windows\System\jAYURZo.exe

C:\Windows\System\zJYbANa.exe

C:\Windows\System\zJYbANa.exe

C:\Windows\System\yIiSjsp.exe

C:\Windows\System\yIiSjsp.exe

C:\Windows\System\PhWudWm.exe

C:\Windows\System\PhWudWm.exe

C:\Windows\System\EgvNduy.exe

C:\Windows\System\EgvNduy.exe

C:\Windows\System\FLfgOgD.exe

C:\Windows\System\FLfgOgD.exe

C:\Windows\System\bbHdAsw.exe

C:\Windows\System\bbHdAsw.exe

C:\Windows\System\UxCYcdp.exe

C:\Windows\System\UxCYcdp.exe

C:\Windows\System\CqKePJs.exe

C:\Windows\System\CqKePJs.exe

C:\Windows\System\pIsYHIB.exe

C:\Windows\System\pIsYHIB.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4256-0-0x00007FF6C0180000-0x00007FF6C04D1000-memory.dmp

memory/4256-1-0x00000254F86C0000-0x00000254F86D0000-memory.dmp

C:\Windows\System\fnaUSGm.exe

MD5 515f52cdeda9412151b92f8e6e22bca8
SHA1 4d92d22392ab4bbe1e5ddd848c3a7e8903522d5a
SHA256 703b917f98512c8a44cfa5979b6e76afa94232d75244d75d1f234b28bd88beed
SHA512 61d410c0c4468f6239b7a730c46dc8f60ff4a4811e349eadf5c7cd9984e015819dad53a869bf2b2598c306462cff23acd4265370426dfdae409c443ed5a7e51f

C:\Windows\System\cQgBNWD.exe

MD5 5832c32fd6033cd1b22e0a405684d94f
SHA1 e9c62f8b4a5a8fa358fcd4265de2551b6703342d
SHA256 0e048d0ebb8e1470778588f507efccb2d0f4b537b0341bb12ff298e1e0f6b4c4
SHA512 826627d9d07a629ee9f53d5c616a62099ca4bf7e97b81807d4dccbad39f01318f7e35c1e2a9c8481e26a9512c9886a5005608add3ca9703a53d510fd098ac44f

memory/2056-33-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp

C:\Windows\System\qUpOsrl.exe

MD5 5e1878488a4f9e9446f65d7cab1ca764
SHA1 9d3942d67d96ecd06f23346c458f77544f1d4e3e
SHA256 e709248ff99fb7efd392a6ec6e983a651b023ed05a9b4ff222709c53b5757a24
SHA512 908ba801673707e15b7855975e81829ed943a8bee4fbd1e04ac1f75c1d0b08bdec518009f6b583896eac4db52cc0da5025416b791eb74249d3d66b8e2ffac3f8

C:\Windows\System\wAbZsox.exe

MD5 fe79d8097fe97dff392af05bbc20c9dc
SHA1 64b61a26fc600077b13d22586a0c0179149f2272
SHA256 ffad8c0cc71343ea6d95e2f50d8d0e33a485b72c707d8051d283042733a8d96b
SHA512 fd75f8ca450c00b5605f513ca44008cfd70aab8274dfce47522210b375a004bea215123cb8c8e73a265fadec67bb52f5eeaf748ca3f21570c33d25259e923f0e

C:\Windows\System\QsyLcnb.exe

MD5 37f58a4f4468536f3375f181b0e51316
SHA1 1bd63d3febc10e38154a08d619ae50de95ab173b
SHA256 4afaecc3f4c2aecb5b1bdb9b2f78e3a2119bb1b4b4972604202def8dba81b6bd
SHA512 28db19456c5b8b554c8e4b7d949224efc08661fa42ff8424a1adced9fa17907120e646675fb6bf29475df16fca881488454768088e1636707e93634792bb8778

C:\Windows\System\ZzpgSPK.exe

MD5 1b4f82b84b39bf40b02dcabfa3d3c150
SHA1 b256d03abad3d81db96efd3aa1b5a5c1fbfd647c
SHA256 26951cfbe28d86abe649e1bbe7cb0565687c8dd792d0168fbec3b3b0e48d60e3
SHA512 49d0871c95a412f743b6d67cb07aa0bb9afcdb9833331f35ca7bdaad915443be93d55d531a9fca909435265c56b31a3875b2b103ef59bae9004e45f22086401c

C:\Windows\System\GVEXzRt.exe

MD5 49b5085987a2ead9523b412de2a98fc4
SHA1 53f23fcf7b0c12b27daf8c3d1a1d3abb0c5e3c60
SHA256 28b5ebe865396d8e648460aca65e8a051f3a149d078a4de9acaae319eab7e8c0
SHA512 e0c44d7f2218cbc098ca08349c7825526992faf3fb9f2d2f4841f867d9e5e8f89c9df4af13d64c6156f3fd3488648024daabc19ad112863525812c91c428bca6

C:\Windows\System\AyOxRHm.exe

MD5 4e0dadf2ccf0ad6e24d553815b5d9ad8
SHA1 c406c38735e42f1d3100b4a135baa076e9ec4bd0
SHA256 a113a5c5fe3e33524113d173551e57316ea41734c65a64d3fc546f64c32ecbf2
SHA512 71034e72886a827df5fadb4bd31d8dfbe9e3936fbc72a474bf466ccb2e7478e6fb27d4ea292f08108cb8aa5502a438a77ebc73b57a5f75291c822e7e4e2542ff

C:\Windows\System\iUERoQM.exe

MD5 41530bffe40538e12c0402ea11171bfb
SHA1 1c08ea1fdd9011343b5ef0db8b966afa2332e881
SHA256 0c85634ed4cf32a55195a07b0d0db9cca1422f230fdb46cb37699a471e159365
SHA512 3ed15ff51a05d8a277cbfe79f2578db6a0cac62fbaacb75f26d3117bab2b7a5abd58e0dce9ffd34c458c1417b44166eaa1ce6316ec0776bc2043fed3629a5889

C:\Windows\System\pGpBRzY.exe

MD5 c84e6217385b54b79036485b7c8b0fe8
SHA1 c92c57533425cf16dd4d3670e644e880a60f53d3
SHA256 7a6fa2cc58a630ca369a129e557c8ac02d3986b5b6074b1f03a845959196a526
SHA512 669d1b753b1c1087d944dc65fec358f239468724c299a0789e4204a524f1c12e2444bcff9120fab9486834a823c674785d483785587c706e0321a1138acb3572

C:\Windows\System\irpyfPJ.exe

MD5 0c3e174e64399273c435d48a39514ae5
SHA1 8c415bed2ea3c6e42157f00659691a338c9b179e
SHA256 d610d840a6a1098df60faa01e68f02e4ca2800d4b02bd7f118cc4c2cae1744c4
SHA512 72279bcf093c7f6186d6367d29e65949b44b13ba0906b4e647f5c53dbf9fde341b9d4914339bce27f1ed83fe5f28caab8db95251abd2f518d3f225592d03d431

C:\Windows\System\XPepeVp.exe

MD5 83c7aa9da92d2d24c482987c2e694863
SHA1 cb95fd3c3b3cb17bc6b3249188df1b5aa2266ada
SHA256 a10695bbcdeaf20d7912d1813b5d1861632f2411ddfa9f2cfc6a62daf19fc638
SHA512 4747a075d28c274540360a2608375fdfe561c3b349261f4960b091c017a6182d4425a1ebe40f67fec17b1d574344affa5ebcd9e11d88bf8eed7138d52bdee23e

memory/948-375-0x00007FF6C0AA0000-0x00007FF6C0DF1000-memory.dmp

memory/4416-389-0x00007FF740180000-0x00007FF7404D1000-memory.dmp

memory/3192-399-0x00007FF707AC0000-0x00007FF707E11000-memory.dmp

memory/2392-405-0x00007FF7A7130000-0x00007FF7A7481000-memory.dmp

memory/4908-420-0x00007FF7F8EA0000-0x00007FF7F91F1000-memory.dmp

memory/1000-391-0x00007FF6FAAA0000-0x00007FF6FADF1000-memory.dmp

memory/1940-451-0x00007FF68A250000-0x00007FF68A5A1000-memory.dmp

memory/3748-468-0x00007FF656960000-0x00007FF656CB1000-memory.dmp

memory/2196-513-0x00007FF6A91F0000-0x00007FF6A9541000-memory.dmp

memory/2520-528-0x00007FF7CA040000-0x00007FF7CA391000-memory.dmp

memory/4372-517-0x00007FF7A1090000-0x00007FF7A13E1000-memory.dmp

memory/3248-507-0x00007FF7ABD30000-0x00007FF7AC081000-memory.dmp

memory/2928-499-0x00007FF7E1C60000-0x00007FF7E1FB1000-memory.dmp

memory/2632-496-0x00007FF64F280000-0x00007FF64F5D1000-memory.dmp

memory/3000-493-0x00007FF76D880000-0x00007FF76DBD1000-memory.dmp

memory/3676-482-0x00007FF7C6E80000-0x00007FF7C71D1000-memory.dmp

memory/624-478-0x00007FF776D80000-0x00007FF7770D1000-memory.dmp

memory/1616-474-0x00007FF6307F0000-0x00007FF630B41000-memory.dmp

memory/1924-456-0x00007FF7EE230000-0x00007FF7EE581000-memory.dmp

memory/1152-441-0x00007FF7784A0000-0x00007FF7787F1000-memory.dmp

memory/4392-432-0x00007FF6196D0000-0x00007FF619A21000-memory.dmp

memory/2704-385-0x00007FF69D4F0000-0x00007FF69D841000-memory.dmp

memory/3724-374-0x00007FF637E70000-0x00007FF6381C1000-memory.dmp

C:\Windows\System\yHqoFdM.exe

MD5 bb19e0105edaafc1531b393d1723f469
SHA1 e68e5ec447ae8a2fc28ba80aa93cc7738146bf8c
SHA256 9ef751b29e21cb8bed29204013ad5e70c9e2c541735b4160a7b4b35afb1e9212
SHA512 984aa34b2468442c7d1db093bb3982a9c7982eec15127cae4836025b628deadc480fbbeed92908963ce9532f22c837eb90a8ba4abe8bbbc88de4c69f0e7b59ee

C:\Windows\System\DzwaujS.exe

MD5 b886f8d6c1917a787a01cfe11896399a
SHA1 2dd716738d5512787aa111fcb5ff68257631beff
SHA256 6ec1e566b08b93c273f44c70c321cff6b0bbd7c089e69f29fb9e42de0401efdd
SHA512 6772e0a6c1cd9490541f84de3fd38f7a6d0294b51d4c2faf5e6451305c28538d73f1616d1a4f9f77c5031fe88e1720da94085b97b60c0847f71d27df4927c8e3

C:\Windows\System\ImPUChx.exe

MD5 851fc4e255ec1b519a9d1d075eef433b
SHA1 4108aad2be600211a09573fc47bd9c9901afb932
SHA256 1bc1e759044652b1ad2b6504ea0c2d8dccbbc9dcbf0f4c7aca3beb6a165fd139
SHA512 e97b2390998417d59001088471135ed6518b43fee7693bd3a2d38e85225ea4c539bb24403cfea4ec6fcb450ca86f955fd202fe660facbaa27ec2daeeeee11252

C:\Windows\System\BvfKrrH.exe

MD5 ffad5a54fb7dc48c87b8322a4aa12d67
SHA1 1ca9f513b5ac8125dd3f9c3136c756d3e008cffa
SHA256 9fe4dd816fa1358676bf64b5253d244eb92020f26ea3259cd086a8c97a69f920
SHA512 8a441e0c1105e1e693a253f411a9bbc2dc4b8c57f7a1f28ce58755b7a5b0444a3a55f6211fd88ab4ae6c2f3cba0e2bd8bb6ec40607afe76c2ebe8ea2a9f2979b

C:\Windows\System\rObVwPa.exe

MD5 6c516dcc3e395b7abf3e267aa78d4f7a
SHA1 7c67225af66340e778e944266c66b18e029c5fcd
SHA256 4d847877e07c5ca1627b6b33acca5f1f24a6ea9de379cc97ef920955cab89ac4
SHA512 0c3956166e2c4776d0be831cf9b3871ccc394397c751e20edc5e2dfb9e630dc0785119b652d114f96187e97aef653ada399a1ea3f43df0dc40b56829fc004ed8

C:\Windows\System\lkfJFnw.exe

MD5 881c46ef3a8fbdf0eaf72a4c74403e23
SHA1 a6966279fc725306e093e32c695bc962c8e43bad
SHA256 ea7e59a0e531e473b9f4f73217b1ebca54dca46bc34015b4a831c5a59292f91c
SHA512 fc9ffc60ec6c8e88863e79af990ea87316ef0a2c18ce6801a4ddbc9bd0e7e1690c28a1314aab46d074d3866e9a3a7a6a4ca24acb73dc09dd116a050d51552110

C:\Windows\System\lMpVPhW.exe

MD5 6eb9dbae7b962be573de70acbdca2a5c
SHA1 afa8bb735b4398e52c348427878f7d37a56b79f8
SHA256 444b8f8422fe5563607d03d661b5c769393ee8be37b3c86055abe78089151fe8
SHA512 5d62ddf914cadd12c1edab2db610c03dcdf8adb61a8fbbe4e96e0f8507bb16aa7bf937a903934d240d81929a21b1aaa6a07518f39499c878d8e4fbba89036434

C:\Windows\System\MBJPRvU.exe

MD5 faebbb9e914f0f80ee5df0a4fafa51ae
SHA1 495ce34661a417ad50bb77b10b4c975b4ed2424e
SHA256 0ff86b70a2897cef756a35345d60ef653ffb53aef34fdf53be065fcc1b6a14d5
SHA512 eed734c18dc90197959211dbaa6b9172e31b02e7b049d33f8b6f845f728304518648a0e21abb4d9b607dc6c4773186bb0b5c4af3886220342f71ea8a273b7a6f

C:\Windows\System\JPEOsPG.exe

MD5 3d53df86b3cf773fc643a58e69ef54dd
SHA1 c1dd9c38517139aaf13c5cc1f32ec1f16a7fc8b5
SHA256 77a1473a5b23498db72009b971b13e8edb66ce4ed5fe347340f07f802f4564bf
SHA512 a399b07764682db8aa92610f54e850efdd6b3af02e68cfde965090a08a07910f555c31fab5c98566cd42747b3d94ef4d7baca34766b129f40075cb982cf87949

C:\Windows\System\ZYEzMai.exe

MD5 c2ffa3721af15f9a9b089dba05e4ea11
SHA1 7518280f6c155edbeaade96a8a04af3742462ba2
SHA256 4f98ecebadd3147dcbebab75b6ce86324b0be4458a029ba5401f87214dc3a585
SHA512 f6fbd1b600eb974c809b9bbfc4f894860a99cd238f1263c9017fde2cf8f0e756db8e80523d1b17a87700d6c47bbd2a01cd8e79bafc638428094d82f534271f54

C:\Windows\System\AvBznUE.exe

MD5 917fdc0428e9a43d34df5ed43a926cce
SHA1 fd59a28735507a2ed8411f31b7d791838c07052c
SHA256 766bac2a23f00dfa58575da7b52b6aad5c73f648ea26caedfa7cfc5fdacb30da
SHA512 205fc41f204dca827e1a46e9dfda1224438000bc50ff4eb37fde3c1400488f07237260c288bcce7097458989a3a460059d8fe4dd02c7fa118e925f625bfe3392

C:\Windows\System\aFNrUjQ.exe

MD5 06f90538fd0846f5f0490d73c41b8d6d
SHA1 c3905d8a6b1837a48304e82fa46f67de5bd89760
SHA256 2001c27f956bea9ff1a3a004e58da64c661589486396c3856bf34b801c2504c4
SHA512 7dc73a6a5d8d327461a24292959cfaf09a0c8ba4b6e6e1d9cac3ac87f6087cc349853fa8571e76eb4a48ba36e7bd110eb9725bb512fdc8329b9aa5b1a94f648c

C:\Windows\System\xrwOOzm.exe

MD5 71cfd2092e80c2c593de7a6324dc43af
SHA1 a14b9f6bfb9addd6ab763180268797a5f54630a4
SHA256 ab0e2ce365cced8dcfb7e16eff5564109c8e59d544e1f7d1cf9572943c06fd2f
SHA512 ce60318084803024811b3bb7dd6b28035b020710c88bcd7fb9e349d1d125049be24f209151fb712e727f2f2e1d31cf8b74022410464b60a314c3ea74bd31ff4b

C:\Windows\System\wMPdiLl.exe

MD5 440752548cafd84038a4d1a75f276920
SHA1 ef856cfb3e0161df19f1179ec21ee126ed53e136
SHA256 ea64229297e9a89adf6e1947f6544cd8cb21f38107432e81772b8081e07c90f1
SHA512 34fe46f4aecda272c167ef354ad274d6b7a3be030122b1de49a20cb485406f469f18166ff000360186a90a68f0a38b5da9c2ffdd5e5e84c078bfb2a56feaaf74

C:\Windows\System\NQjNXYP.exe

MD5 8a49034ccca4c9fda4e20c5705ab1382
SHA1 a6d176a3ec0baf4d141601441a07df9896eb90a8
SHA256 0f1393dbe50f2275fe4683d6d0f8f6ec499c07f651527d4aa0dae4184f16c0ed
SHA512 d753dea82b1851d5bb4e005396256ce69ba5b4c8ecbd9996f39bb2ff7cd8bef5a98493c2b8caccf352b0c4505cd4abf99b1108ba49a31811938f138c9db37a39

C:\Windows\System\OWftCSb.exe

MD5 3018627203564ccdb6aff7de5b0924e6
SHA1 b3b6380adedf3749d106815116bac39355ec3517
SHA256 7ccecdb1a0354bfa636fe21d2e14097b1e756501c32c198763f2582e722d55bb
SHA512 c2077ea9cba584bf30749879f3376fbf3754f0a658db2d05097b54539dd37f43393700e610ebb4e2335ac1f54c63f659cf58ed50c2ed9de6639b792030f8d641

memory/4568-49-0x00007FF6CBD10000-0x00007FF6CC061000-memory.dmp

memory/972-48-0x00007FF7BE0B0000-0x00007FF7BE401000-memory.dmp

memory/3012-47-0x00007FF683E30000-0x00007FF684181000-memory.dmp

C:\Windows\System\hbydxIz.exe

MD5 1e109caf226d6a3bd2757e4c2a67b0fd
SHA1 85cdbc7f00555bbdd0cb2ec07bd7b9cb8ddbb076
SHA256 f9e61ceba6e734c98337e489e85b22e9b2949e1e6e4a456132cb4a3f6a811cde
SHA512 c17e2be6b082acaeeae9d53ed4d4213fe9bf38290c029baa50c33138c242e2d25a13517b210b94ceb7931b7cdc330e774498d454b17ba7f544b8b038a8036a07

C:\Windows\System\YPyCXhQ.exe

MD5 0bcd618916e3e8aa1decc9606afa8cd7
SHA1 20b106ef4ef79362c46727f541a6bc428c0bfed6
SHA256 b099706d213af48fecb40a7e32ccb08caf41b4eba8389c4996439b0885476a55
SHA512 3d5e62dae1b8fd6bcb7a93c1017a53cd6cba046bc650c6fa18c3b1c85bf6f0615be46d99b5e83627b057d0e2b9bf38ba78501b3e6058f43ca9042104b128567c

memory/1564-36-0x00007FF662BF0000-0x00007FF662F41000-memory.dmp

C:\Windows\System\eqjyEmV.exe

MD5 ea34a986a57d396a59c6dde20388be09
SHA1 db318c8e3a56b37aec3e541548818a556735b89b
SHA256 14e15a40e3f6520a8425c7d4f3c98bb3c0f0d9fe454aa81e4acb188b9fc94677
SHA512 dafac9d8cb1dddb2b1253bc3924fcfcf2d3a91176e9cf5be17728a7c32f11630b44d1f64863a514c47eaf094cf2308fb6120b08ff13f78751bf2094cea19bcc2

C:\Windows\System\QpiXPLs.exe

MD5 fd688daeaa2e0ef6065917783103c4ee
SHA1 4f10470d10d7d5574229357919b284d1f428c3bb
SHA256 21ccd51a73c5ec2970f4f22e7429a0a19cee5cd5f02f1ad2dfa2999f8b3bb3eb
SHA512 757bc1609093d5476f276661e0aa369498e05e6f5e689188feffe9553de682c585fd6659307147d7deaf1c7eae23ec3a09efbc68d5db4c231458565c7aea642a

C:\Windows\System\VpIkJXe.exe

MD5 b917f4aaebe3e8f2667935ba3d193aed
SHA1 6ad5774db6722abb91c449f9e2900ae3da295485
SHA256 b0a3f86194b4d79a5735ff5ef04bf61e09933f1b69a46881816aef63ebeca29d
SHA512 fe203761426f8a8209ec026d40f3d8e5ea4007fb92f778f3bb7ee5da6f9db5981a812111ad9b9ede9231a2f6a6eb5fdf65ab8b840921d7400a44e2c6b6c09e02

memory/2916-17-0x00007FF7F8010000-0x00007FF7F8361000-memory.dmp

memory/4256-1133-0x00007FF6C0180000-0x00007FF6C04D1000-memory.dmp

memory/2056-1134-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp

memory/1564-1135-0x00007FF662BF0000-0x00007FF662F41000-memory.dmp

memory/3012-1136-0x00007FF683E30000-0x00007FF684181000-memory.dmp

memory/972-1137-0x00007FF7BE0B0000-0x00007FF7BE401000-memory.dmp

memory/4568-1138-0x00007FF6CBD10000-0x00007FF6CC061000-memory.dmp

memory/3724-1139-0x00007FF637E70000-0x00007FF6381C1000-memory.dmp

memory/2916-1181-0x00007FF7F8010000-0x00007FF7F8361000-memory.dmp

memory/2056-1183-0x00007FF6F88F0000-0x00007FF6F8C41000-memory.dmp

memory/948-1185-0x00007FF6C0AA0000-0x00007FF6C0DF1000-memory.dmp

memory/2704-1187-0x00007FF69D4F0000-0x00007FF69D841000-memory.dmp

memory/4568-1191-0x00007FF6CBD10000-0x00007FF6CC061000-memory.dmp

memory/3724-1193-0x00007FF637E70000-0x00007FF6381C1000-memory.dmp

memory/3012-1195-0x00007FF683E30000-0x00007FF684181000-memory.dmp

memory/972-1197-0x00007FF7BE0B0000-0x00007FF7BE401000-memory.dmp

memory/1564-1190-0x00007FF662BF0000-0x00007FF662F41000-memory.dmp

memory/4908-1202-0x00007FF7F8EA0000-0x00007FF7F91F1000-memory.dmp

memory/4392-1201-0x00007FF6196D0000-0x00007FF619A21000-memory.dmp

memory/2392-1213-0x00007FF7A7130000-0x00007FF7A7481000-memory.dmp

memory/3748-1217-0x00007FF656960000-0x00007FF656CB1000-memory.dmp

memory/1616-1220-0x00007FF6307F0000-0x00007FF630B41000-memory.dmp

memory/1924-1215-0x00007FF7EE230000-0x00007FF7EE581000-memory.dmp

memory/4416-1208-0x00007FF740180000-0x00007FF7404D1000-memory.dmp

memory/2520-1206-0x00007FF7CA040000-0x00007FF7CA391000-memory.dmp

memory/3192-1212-0x00007FF707AC0000-0x00007FF707E11000-memory.dmp

memory/1000-1210-0x00007FF6FAAA0000-0x00007FF6FADF1000-memory.dmp

memory/1152-1204-0x00007FF7784A0000-0x00007FF7787F1000-memory.dmp

memory/1940-1221-0x00007FF68A250000-0x00007FF68A5A1000-memory.dmp

memory/3000-1226-0x00007FF76D880000-0x00007FF76DBD1000-memory.dmp

memory/3248-1241-0x00007FF7ABD30000-0x00007FF7AC081000-memory.dmp

memory/4372-1237-0x00007FF7A1090000-0x00007FF7A13E1000-memory.dmp

memory/2632-1244-0x00007FF64F280000-0x00007FF64F5D1000-memory.dmp

memory/2928-1243-0x00007FF7E1C60000-0x00007FF7E1FB1000-memory.dmp

memory/2196-1239-0x00007FF6A91F0000-0x00007FF6A9541000-memory.dmp

memory/624-1232-0x00007FF776D80000-0x00007FF7770D1000-memory.dmp

memory/3676-1228-0x00007FF7C6E80000-0x00007FF7C71D1000-memory.dmp