Malware Analysis Report

2024-10-10 09:15

Sample ID 240625-ys9d4azdqb
Target 06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe
SHA256 06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e

Threat Level: Known bad

The file 06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT

Xmrig family

KPOT Core Executable

xmrig

Kpot family

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 20:04

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 20:04

Reported

2024-06-25 20:06

Platform

win7-20240508-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kkfbXWi.exe N/A
N/A N/A C:\Windows\System\vFDkwcy.exe N/A
N/A N/A C:\Windows\System\cKMstHf.exe N/A
N/A N/A C:\Windows\System\FBOGZWq.exe N/A
N/A N/A C:\Windows\System\tlbEsQm.exe N/A
N/A N/A C:\Windows\System\EzAiDlo.exe N/A
N/A N/A C:\Windows\System\GbzLcCa.exe N/A
N/A N/A C:\Windows\System\YGgQwJS.exe N/A
N/A N/A C:\Windows\System\SXDfqnI.exe N/A
N/A N/A C:\Windows\System\xgTsuRh.exe N/A
N/A N/A C:\Windows\System\njxfaUf.exe N/A
N/A N/A C:\Windows\System\dshxcGe.exe N/A
N/A N/A C:\Windows\System\DNTYEuq.exe N/A
N/A N/A C:\Windows\System\IQXROzl.exe N/A
N/A N/A C:\Windows\System\EbtukOH.exe N/A
N/A N/A C:\Windows\System\OgmDECR.exe N/A
N/A N/A C:\Windows\System\wnAvbyQ.exe N/A
N/A N/A C:\Windows\System\DWmnNxp.exe N/A
N/A N/A C:\Windows\System\VZzlyiM.exe N/A
N/A N/A C:\Windows\System\CrVKtee.exe N/A
N/A N/A C:\Windows\System\cLCPsDz.exe N/A
N/A N/A C:\Windows\System\auxnlGt.exe N/A
N/A N/A C:\Windows\System\yGkciZT.exe N/A
N/A N/A C:\Windows\System\zBdDcmq.exe N/A
N/A N/A C:\Windows\System\JkNhGDk.exe N/A
N/A N/A C:\Windows\System\BlkZcDA.exe N/A
N/A N/A C:\Windows\System\FpRRxHF.exe N/A
N/A N/A C:\Windows\System\tUPgCoT.exe N/A
N/A N/A C:\Windows\System\yBmRYFv.exe N/A
N/A N/A C:\Windows\System\yMkdRwv.exe N/A
N/A N/A C:\Windows\System\ZDchDle.exe N/A
N/A N/A C:\Windows\System\aisMtYh.exe N/A
N/A N/A C:\Windows\System\TFVkuLp.exe N/A
N/A N/A C:\Windows\System\RYEKkAN.exe N/A
N/A N/A C:\Windows\System\CQAPpyJ.exe N/A
N/A N/A C:\Windows\System\SZBURrt.exe N/A
N/A N/A C:\Windows\System\RnMnKiw.exe N/A
N/A N/A C:\Windows\System\WflFZcV.exe N/A
N/A N/A C:\Windows\System\SRIIGYu.exe N/A
N/A N/A C:\Windows\System\jElGaAW.exe N/A
N/A N/A C:\Windows\System\miDPHWL.exe N/A
N/A N/A C:\Windows\System\lpgGjbY.exe N/A
N/A N/A C:\Windows\System\YjdLFrh.exe N/A
N/A N/A C:\Windows\System\LSZOIPk.exe N/A
N/A N/A C:\Windows\System\wcmkkfK.exe N/A
N/A N/A C:\Windows\System\ldAiXAU.exe N/A
N/A N/A C:\Windows\System\vlbHuxy.exe N/A
N/A N/A C:\Windows\System\xsMTyrG.exe N/A
N/A N/A C:\Windows\System\ICIYNWw.exe N/A
N/A N/A C:\Windows\System\AgIICuW.exe N/A
N/A N/A C:\Windows\System\OIFRYDs.exe N/A
N/A N/A C:\Windows\System\IcuZVzK.exe N/A
N/A N/A C:\Windows\System\pZQXgDJ.exe N/A
N/A N/A C:\Windows\System\NEzrGwH.exe N/A
N/A N/A C:\Windows\System\NiiOVYD.exe N/A
N/A N/A C:\Windows\System\UfrRHXA.exe N/A
N/A N/A C:\Windows\System\GUrHewR.exe N/A
N/A N/A C:\Windows\System\IZXtmnu.exe N/A
N/A N/A C:\Windows\System\OPiztFN.exe N/A
N/A N/A C:\Windows\System\hvIPdsj.exe N/A
N/A N/A C:\Windows\System\qMDgpbM.exe N/A
N/A N/A C:\Windows\System\ChMeHVp.exe N/A
N/A N/A C:\Windows\System\oHSjnkm.exe N/A
N/A N/A C:\Windows\System\lhkutde.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\zBdDcmq.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGCsUjg.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\SnHdZJA.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgKeigs.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\zHYxRJF.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtdKvCc.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\iauGbqp.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\SseuNOP.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaFgrnm.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPokvAw.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\byOQRyC.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\YjdLFrh.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZQXgDJ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\pTHQFkQ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\beAEKJh.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKwrTXw.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\kolCUeB.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmwHANl.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHUDkCh.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\GbzLcCa.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\auxnlGt.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZBURrt.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrguIgb.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdmxQkI.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpPOtGo.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\NEzrGwH.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\iCwXsnc.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWZFQsO.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\OSUxiUN.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZRGUmn.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZXtmnu.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRILmWL.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIDrYtu.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\ojaoGzW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\xcHZGAh.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlnWaQp.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJtLkQj.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\urPUOmT.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\OMXSfXQ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\DWmnNxp.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogjWIJU.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\OonGdSP.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\uraKTuk.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzKKUmu.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzxRyIW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMkdRwv.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHSjnkm.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jvaLvrL.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjbihLz.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNUdrNW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\VcaMcpp.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\yGkciZT.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWrPHYP.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\siKzHhH.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKBRtJc.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\imIhbTV.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtutrtO.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocCjkhv.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcEjhjL.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\bKvDmNG.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVzkRxo.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\srIpdna.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrMOHSe.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\TGHLgKo.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1684 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\kkfbXWi.exe
PID 1684 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\kkfbXWi.exe
PID 1684 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\kkfbXWi.exe
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\vFDkwcy.exe
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\vFDkwcy.exe
PID 1684 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\vFDkwcy.exe
PID 1684 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cKMstHf.exe
PID 1684 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cKMstHf.exe
PID 1684 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cKMstHf.exe
PID 1684 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\FBOGZWq.exe
PID 1684 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\FBOGZWq.exe
PID 1684 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\FBOGZWq.exe
PID 1684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\tlbEsQm.exe
PID 1684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\tlbEsQm.exe
PID 1684 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\tlbEsQm.exe
PID 1684 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EzAiDlo.exe
PID 1684 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EzAiDlo.exe
PID 1684 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EzAiDlo.exe
PID 1684 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\GbzLcCa.exe
PID 1684 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\GbzLcCa.exe
PID 1684 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\GbzLcCa.exe
PID 1684 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\YGgQwJS.exe
PID 1684 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\YGgQwJS.exe
PID 1684 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\YGgQwJS.exe
PID 1684 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\SXDfqnI.exe
PID 1684 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\SXDfqnI.exe
PID 1684 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\SXDfqnI.exe
PID 1684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xgTsuRh.exe
PID 1684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xgTsuRh.exe
PID 1684 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xgTsuRh.exe
PID 1684 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\njxfaUf.exe
PID 1684 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\njxfaUf.exe
PID 1684 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\njxfaUf.exe
PID 1684 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\dshxcGe.exe
PID 1684 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\dshxcGe.exe
PID 1684 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\dshxcGe.exe
PID 1684 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DNTYEuq.exe
PID 1684 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DNTYEuq.exe
PID 1684 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DNTYEuq.exe
PID 1684 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\IQXROzl.exe
PID 1684 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\IQXROzl.exe
PID 1684 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\IQXROzl.exe
PID 1684 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EbtukOH.exe
PID 1684 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EbtukOH.exe
PID 1684 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EbtukOH.exe
PID 1684 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\OgmDECR.exe
PID 1684 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\OgmDECR.exe
PID 1684 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\OgmDECR.exe
PID 1684 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\wnAvbyQ.exe
PID 1684 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\wnAvbyQ.exe
PID 1684 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\wnAvbyQ.exe
PID 1684 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DWmnNxp.exe
PID 1684 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DWmnNxp.exe
PID 1684 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DWmnNxp.exe
PID 1684 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\VZzlyiM.exe
PID 1684 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\VZzlyiM.exe
PID 1684 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\VZzlyiM.exe
PID 1684 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\CrVKtee.exe
PID 1684 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\CrVKtee.exe
PID 1684 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\CrVKtee.exe
PID 1684 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cLCPsDz.exe
PID 1684 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cLCPsDz.exe
PID 1684 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\cLCPsDz.exe
PID 1684 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\auxnlGt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe"

C:\Windows\System\kkfbXWi.exe

C:\Windows\System\kkfbXWi.exe

C:\Windows\System\vFDkwcy.exe

C:\Windows\System\vFDkwcy.exe

C:\Windows\System\cKMstHf.exe

C:\Windows\System\cKMstHf.exe

C:\Windows\System\FBOGZWq.exe

C:\Windows\System\FBOGZWq.exe

C:\Windows\System\tlbEsQm.exe

C:\Windows\System\tlbEsQm.exe

C:\Windows\System\EzAiDlo.exe

C:\Windows\System\EzAiDlo.exe

C:\Windows\System\GbzLcCa.exe

C:\Windows\System\GbzLcCa.exe

C:\Windows\System\YGgQwJS.exe

C:\Windows\System\YGgQwJS.exe

C:\Windows\System\SXDfqnI.exe

C:\Windows\System\SXDfqnI.exe

C:\Windows\System\xgTsuRh.exe

C:\Windows\System\xgTsuRh.exe

C:\Windows\System\njxfaUf.exe

C:\Windows\System\njxfaUf.exe

C:\Windows\System\dshxcGe.exe

C:\Windows\System\dshxcGe.exe

C:\Windows\System\DNTYEuq.exe

C:\Windows\System\DNTYEuq.exe

C:\Windows\System\IQXROzl.exe

C:\Windows\System\IQXROzl.exe

C:\Windows\System\EbtukOH.exe

C:\Windows\System\EbtukOH.exe

C:\Windows\System\OgmDECR.exe

C:\Windows\System\OgmDECR.exe

C:\Windows\System\wnAvbyQ.exe

C:\Windows\System\wnAvbyQ.exe

C:\Windows\System\DWmnNxp.exe

C:\Windows\System\DWmnNxp.exe

C:\Windows\System\VZzlyiM.exe

C:\Windows\System\VZzlyiM.exe

C:\Windows\System\CrVKtee.exe

C:\Windows\System\CrVKtee.exe

C:\Windows\System\cLCPsDz.exe

C:\Windows\System\cLCPsDz.exe

C:\Windows\System\auxnlGt.exe

C:\Windows\System\auxnlGt.exe

C:\Windows\System\yGkciZT.exe

C:\Windows\System\yGkciZT.exe

C:\Windows\System\zBdDcmq.exe

C:\Windows\System\zBdDcmq.exe

C:\Windows\System\JkNhGDk.exe

C:\Windows\System\JkNhGDk.exe

C:\Windows\System\BlkZcDA.exe

C:\Windows\System\BlkZcDA.exe

C:\Windows\System\FpRRxHF.exe

C:\Windows\System\FpRRxHF.exe

C:\Windows\System\tUPgCoT.exe

C:\Windows\System\tUPgCoT.exe

C:\Windows\System\yBmRYFv.exe

C:\Windows\System\yBmRYFv.exe

C:\Windows\System\yMkdRwv.exe

C:\Windows\System\yMkdRwv.exe

C:\Windows\System\ZDchDle.exe

C:\Windows\System\ZDchDle.exe

C:\Windows\System\aisMtYh.exe

C:\Windows\System\aisMtYh.exe

C:\Windows\System\TFVkuLp.exe

C:\Windows\System\TFVkuLp.exe

C:\Windows\System\RYEKkAN.exe

C:\Windows\System\RYEKkAN.exe

C:\Windows\System\CQAPpyJ.exe

C:\Windows\System\CQAPpyJ.exe

C:\Windows\System\RnMnKiw.exe

C:\Windows\System\RnMnKiw.exe

C:\Windows\System\SZBURrt.exe

C:\Windows\System\SZBURrt.exe

C:\Windows\System\WflFZcV.exe

C:\Windows\System\WflFZcV.exe

C:\Windows\System\SRIIGYu.exe

C:\Windows\System\SRIIGYu.exe

C:\Windows\System\jElGaAW.exe

C:\Windows\System\jElGaAW.exe

C:\Windows\System\miDPHWL.exe

C:\Windows\System\miDPHWL.exe

C:\Windows\System\lpgGjbY.exe

C:\Windows\System\lpgGjbY.exe

C:\Windows\System\YjdLFrh.exe

C:\Windows\System\YjdLFrh.exe

C:\Windows\System\LSZOIPk.exe

C:\Windows\System\LSZOIPk.exe

C:\Windows\System\wcmkkfK.exe

C:\Windows\System\wcmkkfK.exe

C:\Windows\System\ldAiXAU.exe

C:\Windows\System\ldAiXAU.exe

C:\Windows\System\vlbHuxy.exe

C:\Windows\System\vlbHuxy.exe

C:\Windows\System\xsMTyrG.exe

C:\Windows\System\xsMTyrG.exe

C:\Windows\System\ICIYNWw.exe

C:\Windows\System\ICIYNWw.exe

C:\Windows\System\AgIICuW.exe

C:\Windows\System\AgIICuW.exe

C:\Windows\System\OIFRYDs.exe

C:\Windows\System\OIFRYDs.exe

C:\Windows\System\IcuZVzK.exe

C:\Windows\System\IcuZVzK.exe

C:\Windows\System\pZQXgDJ.exe

C:\Windows\System\pZQXgDJ.exe

C:\Windows\System\NEzrGwH.exe

C:\Windows\System\NEzrGwH.exe

C:\Windows\System\NiiOVYD.exe

C:\Windows\System\NiiOVYD.exe

C:\Windows\System\UfrRHXA.exe

C:\Windows\System\UfrRHXA.exe

C:\Windows\System\GUrHewR.exe

C:\Windows\System\GUrHewR.exe

C:\Windows\System\IZXtmnu.exe

C:\Windows\System\IZXtmnu.exe

C:\Windows\System\OPiztFN.exe

C:\Windows\System\OPiztFN.exe

C:\Windows\System\hvIPdsj.exe

C:\Windows\System\hvIPdsj.exe

C:\Windows\System\qMDgpbM.exe

C:\Windows\System\qMDgpbM.exe

C:\Windows\System\ChMeHVp.exe

C:\Windows\System\ChMeHVp.exe

C:\Windows\System\oHSjnkm.exe

C:\Windows\System\oHSjnkm.exe

C:\Windows\System\lhkutde.exe

C:\Windows\System\lhkutde.exe

C:\Windows\System\RTzzssA.exe

C:\Windows\System\RTzzssA.exe

C:\Windows\System\tmBJvTt.exe

C:\Windows\System\tmBJvTt.exe

C:\Windows\System\DrguIgb.exe

C:\Windows\System\DrguIgb.exe

C:\Windows\System\PmxHxfK.exe

C:\Windows\System\PmxHxfK.exe

C:\Windows\System\pTHQFkQ.exe

C:\Windows\System\pTHQFkQ.exe

C:\Windows\System\vcNGNih.exe

C:\Windows\System\vcNGNih.exe

C:\Windows\System\SPsuClF.exe

C:\Windows\System\SPsuClF.exe

C:\Windows\System\aUHeRcV.exe

C:\Windows\System\aUHeRcV.exe

C:\Windows\System\ZsIJHXP.exe

C:\Windows\System\ZsIJHXP.exe

C:\Windows\System\gTqmQMW.exe

C:\Windows\System\gTqmQMW.exe

C:\Windows\System\AqzhrYu.exe

C:\Windows\System\AqzhrYu.exe

C:\Windows\System\XhXLGkF.exe

C:\Windows\System\XhXLGkF.exe

C:\Windows\System\MURILgm.exe

C:\Windows\System\MURILgm.exe

C:\Windows\System\VRBRIWX.exe

C:\Windows\System\VRBRIWX.exe

C:\Windows\System\dOigkme.exe

C:\Windows\System\dOigkme.exe

C:\Windows\System\zGCsUjg.exe

C:\Windows\System\zGCsUjg.exe

C:\Windows\System\IlJiAda.exe

C:\Windows\System\IlJiAda.exe

C:\Windows\System\FQxdAMi.exe

C:\Windows\System\FQxdAMi.exe

C:\Windows\System\lJtLkQj.exe

C:\Windows\System\lJtLkQj.exe

C:\Windows\System\qQMkWqp.exe

C:\Windows\System\qQMkWqp.exe

C:\Windows\System\qJagcmy.exe

C:\Windows\System\qJagcmy.exe

C:\Windows\System\peXaHok.exe

C:\Windows\System\peXaHok.exe

C:\Windows\System\iCwXsnc.exe

C:\Windows\System\iCwXsnc.exe

C:\Windows\System\UQpThuC.exe

C:\Windows\System\UQpThuC.exe

C:\Windows\System\ogjWIJU.exe

C:\Windows\System\ogjWIJU.exe

C:\Windows\System\IHJJLif.exe

C:\Windows\System\IHJJLif.exe

C:\Windows\System\eJtaujm.exe

C:\Windows\System\eJtaujm.exe

C:\Windows\System\PdmxQkI.exe

C:\Windows\System\PdmxQkI.exe

C:\Windows\System\GtdKvCc.exe

C:\Windows\System\GtdKvCc.exe

C:\Windows\System\DtutrtO.exe

C:\Windows\System\DtutrtO.exe

C:\Windows\System\dQhmbmS.exe

C:\Windows\System\dQhmbmS.exe

C:\Windows\System\OUAhwXh.exe

C:\Windows\System\OUAhwXh.exe

C:\Windows\System\oDQQoRK.exe

C:\Windows\System\oDQQoRK.exe

C:\Windows\System\FBOApQy.exe

C:\Windows\System\FBOApQy.exe

C:\Windows\System\Oijyzwu.exe

C:\Windows\System\Oijyzwu.exe

C:\Windows\System\kXCfvPA.exe

C:\Windows\System\kXCfvPA.exe

C:\Windows\System\ZBDAefi.exe

C:\Windows\System\ZBDAefi.exe

C:\Windows\System\Kfhdcpq.exe

C:\Windows\System\Kfhdcpq.exe

C:\Windows\System\AqDEbig.exe

C:\Windows\System\AqDEbig.exe

C:\Windows\System\mOLdCZy.exe

C:\Windows\System\mOLdCZy.exe

C:\Windows\System\LwBKPUQ.exe

C:\Windows\System\LwBKPUQ.exe

C:\Windows\System\HDpSxtM.exe

C:\Windows\System\HDpSxtM.exe

C:\Windows\System\AEZHuOv.exe

C:\Windows\System\AEZHuOv.exe

C:\Windows\System\gNosBYJ.exe

C:\Windows\System\gNosBYJ.exe

C:\Windows\System\urPUOmT.exe

C:\Windows\System\urPUOmT.exe

C:\Windows\System\ocCjkhv.exe

C:\Windows\System\ocCjkhv.exe

C:\Windows\System\XLCcvVd.exe

C:\Windows\System\XLCcvVd.exe

C:\Windows\System\mgROqPM.exe

C:\Windows\System\mgROqPM.exe

C:\Windows\System\UXXbPZS.exe

C:\Windows\System\UXXbPZS.exe

C:\Windows\System\nCbrDuI.exe

C:\Windows\System\nCbrDuI.exe

C:\Windows\System\wcjnUOV.exe

C:\Windows\System\wcjnUOV.exe

C:\Windows\System\UMTKQeJ.exe

C:\Windows\System\UMTKQeJ.exe

C:\Windows\System\jOOqEBD.exe

C:\Windows\System\jOOqEBD.exe

C:\Windows\System\srIpdna.exe

C:\Windows\System\srIpdna.exe

C:\Windows\System\jvaLvrL.exe

C:\Windows\System\jvaLvrL.exe

C:\Windows\System\vqKCHnQ.exe

C:\Windows\System\vqKCHnQ.exe

C:\Windows\System\rRGiQQT.exe

C:\Windows\System\rRGiQQT.exe

C:\Windows\System\GUODtGY.exe

C:\Windows\System\GUODtGY.exe

C:\Windows\System\HJQuTYd.exe

C:\Windows\System\HJQuTYd.exe

C:\Windows\System\FRdVbKa.exe

C:\Windows\System\FRdVbKa.exe

C:\Windows\System\UYhazeL.exe

C:\Windows\System\UYhazeL.exe

C:\Windows\System\FTXkhoT.exe

C:\Windows\System\FTXkhoT.exe

C:\Windows\System\ccuPZNu.exe

C:\Windows\System\ccuPZNu.exe

C:\Windows\System\ZdaOVrs.exe

C:\Windows\System\ZdaOVrs.exe

C:\Windows\System\qVQLjKx.exe

C:\Windows\System\qVQLjKx.exe

C:\Windows\System\SjXPOsO.exe

C:\Windows\System\SjXPOsO.exe

C:\Windows\System\MAnahLt.exe

C:\Windows\System\MAnahLt.exe

C:\Windows\System\CdCyDHa.exe

C:\Windows\System\CdCyDHa.exe

C:\Windows\System\vuuahKc.exe

C:\Windows\System\vuuahKc.exe

C:\Windows\System\HEAhaMj.exe

C:\Windows\System\HEAhaMj.exe

C:\Windows\System\beAEKJh.exe

C:\Windows\System\beAEKJh.exe

C:\Windows\System\iauGbqp.exe

C:\Windows\System\iauGbqp.exe

C:\Windows\System\gmuCLzx.exe

C:\Windows\System\gmuCLzx.exe

C:\Windows\System\BDlkWZA.exe

C:\Windows\System\BDlkWZA.exe

C:\Windows\System\jVZtveT.exe

C:\Windows\System\jVZtveT.exe

C:\Windows\System\RNHTOmw.exe

C:\Windows\System\RNHTOmw.exe

C:\Windows\System\bPydHEU.exe

C:\Windows\System\bPydHEU.exe

C:\Windows\System\WJfYkBl.exe

C:\Windows\System\WJfYkBl.exe

C:\Windows\System\ykwRzOl.exe

C:\Windows\System\ykwRzOl.exe

C:\Windows\System\kolCUeB.exe

C:\Windows\System\kolCUeB.exe

C:\Windows\System\ANDcLzM.exe

C:\Windows\System\ANDcLzM.exe

C:\Windows\System\huIErRY.exe

C:\Windows\System\huIErRY.exe

C:\Windows\System\wBjpWlB.exe

C:\Windows\System\wBjpWlB.exe

C:\Windows\System\aUTMWNs.exe

C:\Windows\System\aUTMWNs.exe

C:\Windows\System\PzOGEfy.exe

C:\Windows\System\PzOGEfy.exe

C:\Windows\System\osWgvDu.exe

C:\Windows\System\osWgvDu.exe

C:\Windows\System\zzVdBla.exe

C:\Windows\System\zzVdBla.exe

C:\Windows\System\kQsIXXA.exe

C:\Windows\System\kQsIXXA.exe

C:\Windows\System\AjPztfV.exe

C:\Windows\System\AjPztfV.exe

C:\Windows\System\qQWBCfU.exe

C:\Windows\System\qQWBCfU.exe

C:\Windows\System\KmwHANl.exe

C:\Windows\System\KmwHANl.exe

C:\Windows\System\SnHdZJA.exe

C:\Windows\System\SnHdZJA.exe

C:\Windows\System\xJjozmw.exe

C:\Windows\System\xJjozmw.exe

C:\Windows\System\wMHHEGm.exe

C:\Windows\System\wMHHEGm.exe

C:\Windows\System\toQmFnJ.exe

C:\Windows\System\toQmFnJ.exe

C:\Windows\System\eWrPHYP.exe

C:\Windows\System\eWrPHYP.exe

C:\Windows\System\FcEjhjL.exe

C:\Windows\System\FcEjhjL.exe

C:\Windows\System\bKwrTXw.exe

C:\Windows\System\bKwrTXw.exe

C:\Windows\System\JHSeGQd.exe

C:\Windows\System\JHSeGQd.exe

C:\Windows\System\DwOvqMg.exe

C:\Windows\System\DwOvqMg.exe

C:\Windows\System\qRMYfwN.exe

C:\Windows\System\qRMYfwN.exe

C:\Windows\System\imiXWiX.exe

C:\Windows\System\imiXWiX.exe

C:\Windows\System\DivgLAR.exe

C:\Windows\System\DivgLAR.exe

C:\Windows\System\fwiCyoT.exe

C:\Windows\System\fwiCyoT.exe

C:\Windows\System\gXEgLiY.exe

C:\Windows\System\gXEgLiY.exe

C:\Windows\System\bsuLjpm.exe

C:\Windows\System\bsuLjpm.exe

C:\Windows\System\ntsdzXS.exe

C:\Windows\System\ntsdzXS.exe

C:\Windows\System\BhMqBEV.exe

C:\Windows\System\BhMqBEV.exe

C:\Windows\System\jKZWQgy.exe

C:\Windows\System\jKZWQgy.exe

C:\Windows\System\YEVgwmD.exe

C:\Windows\System\YEVgwmD.exe

C:\Windows\System\ZIktHNH.exe

C:\Windows\System\ZIktHNH.exe

C:\Windows\System\awmeWQQ.exe

C:\Windows\System\awmeWQQ.exe

C:\Windows\System\gaIVYcg.exe

C:\Windows\System\gaIVYcg.exe

C:\Windows\System\oECbhAH.exe

C:\Windows\System\oECbhAH.exe

C:\Windows\System\cgJCpQn.exe

C:\Windows\System\cgJCpQn.exe

C:\Windows\System\sjhyteg.exe

C:\Windows\System\sjhyteg.exe

C:\Windows\System\vKvrkYS.exe

C:\Windows\System\vKvrkYS.exe

C:\Windows\System\IceymFc.exe

C:\Windows\System\IceymFc.exe

C:\Windows\System\CKUenXu.exe

C:\Windows\System\CKUenXu.exe

C:\Windows\System\siKzHhH.exe

C:\Windows\System\siKzHhH.exe

C:\Windows\System\pJjUcxx.exe

C:\Windows\System\pJjUcxx.exe

C:\Windows\System\ocxzJnb.exe

C:\Windows\System\ocxzJnb.exe

C:\Windows\System\SseuNOP.exe

C:\Windows\System\SseuNOP.exe

C:\Windows\System\uZaLfAA.exe

C:\Windows\System\uZaLfAA.exe

C:\Windows\System\AZrVRzz.exe

C:\Windows\System\AZrVRzz.exe

C:\Windows\System\pLgohLE.exe

C:\Windows\System\pLgohLE.exe

C:\Windows\System\gHUDkCh.exe

C:\Windows\System\gHUDkCh.exe

C:\Windows\System\gdXWAvZ.exe

C:\Windows\System\gdXWAvZ.exe

C:\Windows\System\PpcWtQx.exe

C:\Windows\System\PpcWtQx.exe

C:\Windows\System\CNUyywx.exe

C:\Windows\System\CNUyywx.exe

C:\Windows\System\whJumgZ.exe

C:\Windows\System\whJumgZ.exe

C:\Windows\System\eWZFQsO.exe

C:\Windows\System\eWZFQsO.exe

C:\Windows\System\MkNpLfC.exe

C:\Windows\System\MkNpLfC.exe

C:\Windows\System\wqAbttw.exe

C:\Windows\System\wqAbttw.exe

C:\Windows\System\pKBRtJc.exe

C:\Windows\System\pKBRtJc.exe

C:\Windows\System\RRILmWL.exe

C:\Windows\System\RRILmWL.exe

C:\Windows\System\ADjCyDn.exe

C:\Windows\System\ADjCyDn.exe

C:\Windows\System\xTsYtUo.exe

C:\Windows\System\xTsYtUo.exe

C:\Windows\System\FUKBhuB.exe

C:\Windows\System\FUKBhuB.exe

C:\Windows\System\lSkaFNu.exe

C:\Windows\System\lSkaFNu.exe

C:\Windows\System\tOPPISA.exe

C:\Windows\System\tOPPISA.exe

C:\Windows\System\UmcqLQS.exe

C:\Windows\System\UmcqLQS.exe

C:\Windows\System\AzUJkeP.exe

C:\Windows\System\AzUJkeP.exe

C:\Windows\System\PmYkVXg.exe

C:\Windows\System\PmYkVXg.exe

C:\Windows\System\RzCOBmi.exe

C:\Windows\System\RzCOBmi.exe

C:\Windows\System\cgyRTsk.exe

C:\Windows\System\cgyRTsk.exe

C:\Windows\System\pBBVGXD.exe

C:\Windows\System\pBBVGXD.exe

C:\Windows\System\yFQQhlS.exe

C:\Windows\System\yFQQhlS.exe

C:\Windows\System\KippEZk.exe

C:\Windows\System\KippEZk.exe

C:\Windows\System\vIvdGRT.exe

C:\Windows\System\vIvdGRT.exe

C:\Windows\System\tjbihLz.exe

C:\Windows\System\tjbihLz.exe

C:\Windows\System\DbXriGv.exe

C:\Windows\System\DbXriGv.exe

C:\Windows\System\kbRSwBM.exe

C:\Windows\System\kbRSwBM.exe

C:\Windows\System\vOTzibW.exe

C:\Windows\System\vOTzibW.exe

C:\Windows\System\lrMOHSe.exe

C:\Windows\System\lrMOHSe.exe

C:\Windows\System\WICAVZQ.exe

C:\Windows\System\WICAVZQ.exe

C:\Windows\System\raZfYsh.exe

C:\Windows\System\raZfYsh.exe

C:\Windows\System\imIhbTV.exe

C:\Windows\System\imIhbTV.exe

C:\Windows\System\OSUxiUN.exe

C:\Windows\System\OSUxiUN.exe

C:\Windows\System\TwCWnwi.exe

C:\Windows\System\TwCWnwi.exe

C:\Windows\System\jfaqYVv.exe

C:\Windows\System\jfaqYVv.exe

C:\Windows\System\LbVKRQn.exe

C:\Windows\System\LbVKRQn.exe

C:\Windows\System\ioBHZOV.exe

C:\Windows\System\ioBHZOV.exe

C:\Windows\System\rUstZUT.exe

C:\Windows\System\rUstZUT.exe

C:\Windows\System\KqVWdHW.exe

C:\Windows\System\KqVWdHW.exe

C:\Windows\System\bvKJHMc.exe

C:\Windows\System\bvKJHMc.exe

C:\Windows\System\zzRLNiW.exe

C:\Windows\System\zzRLNiW.exe

C:\Windows\System\svALLlu.exe

C:\Windows\System\svALLlu.exe

C:\Windows\System\HhVCFhb.exe

C:\Windows\System\HhVCFhb.exe

C:\Windows\System\zKTxPzE.exe

C:\Windows\System\zKTxPzE.exe

C:\Windows\System\sGXEhWP.exe

C:\Windows\System\sGXEhWP.exe

C:\Windows\System\ibKDbtN.exe

C:\Windows\System\ibKDbtN.exe

C:\Windows\System\iaFgrnm.exe

C:\Windows\System\iaFgrnm.exe

C:\Windows\System\kLXwiym.exe

C:\Windows\System\kLXwiym.exe

C:\Windows\System\DOTBShh.exe

C:\Windows\System\DOTBShh.exe

C:\Windows\System\UtbIXYC.exe

C:\Windows\System\UtbIXYC.exe

C:\Windows\System\tMKuHjp.exe

C:\Windows\System\tMKuHjp.exe

C:\Windows\System\lPokvAw.exe

C:\Windows\System\lPokvAw.exe

C:\Windows\System\zpqCvEX.exe

C:\Windows\System\zpqCvEX.exe

C:\Windows\System\VXdJhuu.exe

C:\Windows\System\VXdJhuu.exe

C:\Windows\System\NjMhdWD.exe

C:\Windows\System\NjMhdWD.exe

C:\Windows\System\sMhDLAJ.exe

C:\Windows\System\sMhDLAJ.exe

C:\Windows\System\WzLRarg.exe

C:\Windows\System\WzLRarg.exe

C:\Windows\System\sZRGUmn.exe

C:\Windows\System\sZRGUmn.exe

C:\Windows\System\LuJFPRf.exe

C:\Windows\System\LuJFPRf.exe

C:\Windows\System\ATnTRBh.exe

C:\Windows\System\ATnTRBh.exe

C:\Windows\System\zIDrYtu.exe

C:\Windows\System\zIDrYtu.exe

C:\Windows\System\ojaoGzW.exe

C:\Windows\System\ojaoGzW.exe

C:\Windows\System\yhBkBax.exe

C:\Windows\System\yhBkBax.exe

C:\Windows\System\pBbEsyV.exe

C:\Windows\System\pBbEsyV.exe

C:\Windows\System\OMXSfXQ.exe

C:\Windows\System\OMXSfXQ.exe

C:\Windows\System\FuXgVmL.exe

C:\Windows\System\FuXgVmL.exe

C:\Windows\System\NqwkSym.exe

C:\Windows\System\NqwkSym.exe

C:\Windows\System\wCdbDGV.exe

C:\Windows\System\wCdbDGV.exe

C:\Windows\System\abckwXy.exe

C:\Windows\System\abckwXy.exe

C:\Windows\System\OJCzYVJ.exe

C:\Windows\System\OJCzYVJ.exe

C:\Windows\System\zHYxRJF.exe

C:\Windows\System\zHYxRJF.exe

C:\Windows\System\hJWUbHo.exe

C:\Windows\System\hJWUbHo.exe

C:\Windows\System\CNUdrNW.exe

C:\Windows\System\CNUdrNW.exe

C:\Windows\System\zzyxVIP.exe

C:\Windows\System\zzyxVIP.exe

C:\Windows\System\saEhUnN.exe

C:\Windows\System\saEhUnN.exe

C:\Windows\System\IOCEEWC.exe

C:\Windows\System\IOCEEWC.exe

C:\Windows\System\lHfyzcx.exe

C:\Windows\System\lHfyzcx.exe

C:\Windows\System\txvNfzc.exe

C:\Windows\System\txvNfzc.exe

C:\Windows\System\xBPmpKN.exe

C:\Windows\System\xBPmpKN.exe

C:\Windows\System\byOQRyC.exe

C:\Windows\System\byOQRyC.exe

C:\Windows\System\GpKZouF.exe

C:\Windows\System\GpKZouF.exe

C:\Windows\System\RIGQqaN.exe

C:\Windows\System\RIGQqaN.exe

C:\Windows\System\OonGdSP.exe

C:\Windows\System\OonGdSP.exe

C:\Windows\System\aHwSotG.exe

C:\Windows\System\aHwSotG.exe

C:\Windows\System\xayiyYo.exe

C:\Windows\System\xayiyYo.exe

C:\Windows\System\EgDSiFQ.exe

C:\Windows\System\EgDSiFQ.exe

C:\Windows\System\IpPOtGo.exe

C:\Windows\System\IpPOtGo.exe

C:\Windows\System\oSpwgoZ.exe

C:\Windows\System\oSpwgoZ.exe

C:\Windows\System\rmDaXRf.exe

C:\Windows\System\rmDaXRf.exe

C:\Windows\System\IbGqBQI.exe

C:\Windows\System\IbGqBQI.exe

C:\Windows\System\YhMtysI.exe

C:\Windows\System\YhMtysI.exe

C:\Windows\System\qEjiTlX.exe

C:\Windows\System\qEjiTlX.exe

C:\Windows\System\mhfWOFM.exe

C:\Windows\System\mhfWOFM.exe

C:\Windows\System\uraKTuk.exe

C:\Windows\System\uraKTuk.exe

C:\Windows\System\bKigKMI.exe

C:\Windows\System\bKigKMI.exe

C:\Windows\System\FZwmyEr.exe

C:\Windows\System\FZwmyEr.exe

C:\Windows\System\Tvucqqj.exe

C:\Windows\System\Tvucqqj.exe

C:\Windows\System\wuYeEdz.exe

C:\Windows\System\wuYeEdz.exe

C:\Windows\System\GMebnDo.exe

C:\Windows\System\GMebnDo.exe

C:\Windows\System\HtCDYeU.exe

C:\Windows\System\HtCDYeU.exe

C:\Windows\System\Jmntuen.exe

C:\Windows\System\Jmntuen.exe

C:\Windows\System\bKvDmNG.exe

C:\Windows\System\bKvDmNG.exe

C:\Windows\System\NrmEXto.exe

C:\Windows\System\NrmEXto.exe

C:\Windows\System\VOneqiI.exe

C:\Windows\System\VOneqiI.exe

C:\Windows\System\PzxRyIW.exe

C:\Windows\System\PzxRyIW.exe

C:\Windows\System\HCduwku.exe

C:\Windows\System\HCduwku.exe

C:\Windows\System\JpMWOXD.exe

C:\Windows\System\JpMWOXD.exe

C:\Windows\System\xcHZGAh.exe

C:\Windows\System\xcHZGAh.exe

C:\Windows\System\gTaMXDG.exe

C:\Windows\System\gTaMXDG.exe

C:\Windows\System\VcaMcpp.exe

C:\Windows\System\VcaMcpp.exe

C:\Windows\System\fdpoLAR.exe

C:\Windows\System\fdpoLAR.exe

C:\Windows\System\BIOyvXk.exe

C:\Windows\System\BIOyvXk.exe

C:\Windows\System\tDzkfeb.exe

C:\Windows\System\tDzkfeb.exe

C:\Windows\System\NZfOJGN.exe

C:\Windows\System\NZfOJGN.exe

C:\Windows\System\PzKKUmu.exe

C:\Windows\System\PzKKUmu.exe

C:\Windows\System\QpuSSOy.exe

C:\Windows\System\QpuSSOy.exe

C:\Windows\System\gVzkRxo.exe

C:\Windows\System\gVzkRxo.exe

C:\Windows\System\TGHLgKo.exe

C:\Windows\System\TGHLgKo.exe

C:\Windows\System\TncQemi.exe

C:\Windows\System\TncQemi.exe

C:\Windows\System\AdDuGau.exe

C:\Windows\System\AdDuGau.exe

C:\Windows\System\PqEaXfz.exe

C:\Windows\System\PqEaXfz.exe

C:\Windows\System\TlnWaQp.exe

C:\Windows\System\TlnWaQp.exe

C:\Windows\System\qdmOQFE.exe

C:\Windows\System\qdmOQFE.exe

C:\Windows\System\uzNcmGE.exe

C:\Windows\System\uzNcmGE.exe

C:\Windows\System\ULXhorI.exe

C:\Windows\System\ULXhorI.exe

C:\Windows\System\TfnQkVL.exe

C:\Windows\System\TfnQkVL.exe

C:\Windows\System\khKVAnF.exe

C:\Windows\System\khKVAnF.exe

C:\Windows\System\GuDmlZF.exe

C:\Windows\System\GuDmlZF.exe

C:\Windows\System\XrArMou.exe

C:\Windows\System\XrArMou.exe

C:\Windows\System\kGnPqCm.exe

C:\Windows\System\kGnPqCm.exe

C:\Windows\System\gCThisR.exe

C:\Windows\System\gCThisR.exe

C:\Windows\System\UQCgAOX.exe

C:\Windows\System\UQCgAOX.exe

C:\Windows\System\jgKeigs.exe

C:\Windows\System\jgKeigs.exe

C:\Windows\System\jWMwmOT.exe

C:\Windows\System\jWMwmOT.exe

C:\Windows\System\pRnzIOO.exe

C:\Windows\System\pRnzIOO.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1684-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/1684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\kkfbXWi.exe

MD5 a4380329cc1d241f917f2f336b9c60d1
SHA1 380ed23d35c0ae81f47ee96673900000cf309b56
SHA256 f3efec94f5c6b8d558a24a167af1058f9b255c8f0d2a224c3ba7d36e81c3feb4
SHA512 f433ce37f48ed21bfd56c69f4da8debc873c709c2afc7a9aad634ed861fd11673842976dd612e22f45376046444f173159f7beb8af97b993328af7f387e4d6e7

memory/1144-8-0x000000013FD50000-0x00000001400A4000-memory.dmp

C:\Windows\system\cKMstHf.exe

MD5 213b292e33e589e5c8fca66200d36e40
SHA1 4a6f2a0049ab8a7fbadbf437e64c70287ebabefe
SHA256 a8a86b641fe3964b22884567483182a84abe8608a213613b907a7abc3423be41
SHA512 170ae73a865c02dbd354b48e5350d9c0712255d0dfcec9387b2f36d565176fd9ca049a2809ee613bd56043355fe43ac6af225828fb4652e21890a111c0de4bb1

C:\Windows\system\vFDkwcy.exe

MD5 6f6d287f6a3d366c05549972dce92915
SHA1 9e83117c8184b7259e3a22e44a7fe13c34b261bf
SHA256 a639aa15dfc8769b8c9479211d25abc9f8e0f74140e0d89d23c1e9c216c0311e
SHA512 cf71626044599003f051b1d01f7528c03eaa501d48a6b3dddd27c4a31b016eb21e404fcceba26ffac910877af87e98f2cc97b76f0ba35139e6cca9ada78671c3

memory/1684-26-0x000000013F0B0000-0x000000013F404000-memory.dmp

\Windows\system\tlbEsQm.exe

MD5 d604c53ebe1451f15121ed1e40a03b43
SHA1 69a9329e04d10adf16b01a4604c4b97375247bb4
SHA256 32056f4d0b823a081d74998d0309508af42c4ba08598f13875816b5c4724b63e
SHA512 8efad7b9b59d83628f34cc2b910e64bc9ade0b456bf46e503b443a5d455ba24425968c29db7b530c22814d6918013fa23a105b95e3a0162056b8008ccdcdc8a5

memory/1684-31-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1272-28-0x000000013F0B0000-0x000000013F404000-memory.dmp

\Windows\system\YGgQwJS.exe

MD5 ed763302545ff9113f04703c36e5f5f5
SHA1 afa2d840a167bc748be556f28a3def6aad9471fd
SHA256 5cf8e3e78bef3f462bbc16cab73479718ea4e7345cca179eb8ec894dd7f67736
SHA512 edd1589e7d78bbc6ebb8d7fee86672db7f1159f9656cb4a89b4ccf04f46660f192ed3bc3553e87de19686f58a7039de6adb237f5ee6fdeba3555ab3926bf6c59

memory/2632-43-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/1684-55-0x0000000001EE0000-0x0000000002234000-memory.dmp

C:\Windows\system\dshxcGe.exe

MD5 34b9f10b3a36129b42942495b73ac965
SHA1 56f0bd8e44a3c71e3d744f87ee7a7dace76ef9a0
SHA256 368ec6a65c099b06ad9201e35da3fdc0f673490af8834fd411fd168fb4a54d38
SHA512 ca211485c213ff748ea1c4f00d319170070cabb9100730532f46d4ea77fbba5f8b74a8bee903928415884d3cc741e64c8b44d5e4380a87a1d1d52dc51824aed0

C:\Windows\system\DNTYEuq.exe

MD5 b69376228ad8c23ebe612b7c22ab050c
SHA1 f0d89a956913905f49e28b055f967b541bcef320
SHA256 de7581c159713d088ca104a3a26192b8724be243f463abdde5a29d4b1eec56b2
SHA512 7372ff357cc4e20b6ddc423d6a16e1ca618bbf8756223388d82c19fb6ca1d08bbbe4b9b56c726e207dfe685c796c2d7c906678cf11ff25ca3fbcf0760551484c

C:\Windows\system\VZzlyiM.exe

MD5 f7ef5b7aad084b284c5c6dedff38b85b
SHA1 f881ab0f95eb6344c3b34ea656c2de7d226894fa
SHA256 b9bef6b72d4f9f9adf6a93773aeda984b10f31d06c27236aa053cf9f9d5a7ece
SHA512 d3f7c1cc2dbb117399cdae1fe38fd5c12c1d2e5631582a34da788cf9212aff8cd551db471c650c3857e83481495b55aa2253f8f3ab262f0bae795720b754c5df

C:\Windows\system\JkNhGDk.exe

MD5 0c6f79c2a44cf1c924a2746a79f0f306
SHA1 00d193319eb7dcf055e3575e6c8ab22ca0d34076
SHA256 badbe810739ecdb5452447917574bc4e546a1b340a1ce7daead30d4b174724b6
SHA512 e405ac041fa779b7ee510da35871703fcc1057b75eecb3c2ff68bf889d0d2b3910908fb430355fc3cae57250792dfe016d13bc2bd1d90d613aec3e3086288593

C:\Windows\system\ZDchDle.exe

MD5 14959c69c32e65a8df2fba9aa919eba7
SHA1 72efdfe437e1273521c16dc9cf21aee2dd6d3f5a
SHA256 a34d48899143ad68657f7d5ba287735ed82998a26bb8170d01e5680764aeb253
SHA512 5da7fbedec70ea3ca37079178bffb3e6367b5ec865693952e75bbdaea16ca7eb30ff005c92068c4afe12c198f5ff3803cb3cfe4263ca1e866644f368e1e6f0eb

C:\Windows\system\aisMtYh.exe

MD5 72ae05782fad4794f1d76e4abf5b2cd8
SHA1 84c01cb810aa88842682e70e663e6338bcc12902
SHA256 74dce94848569ba02b744671a2f43902070ae101ab1063c053ac4a3b766559c4
SHA512 4151c4cfa8e22cfc8c12b1bd2f059424fda0e2110ed32df43735f7c6cd40b2373b083da66e8ef8dc842c6787d5896e7e767a993fa48cbf6e4abbb31d8f46d7f0

memory/1684-1046-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2572-1044-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/1684-1032-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1018-0x000000013F200000-0x000000013F554000-memory.dmp

memory/1684-1003-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2500-1025-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2560-1011-0x000000013F200000-0x000000013F554000-memory.dmp

memory/2644-996-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2724-987-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/3008-1053-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2384-1065-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/1684-1066-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1067-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/1684-1068-0x000000013F100000-0x000000013F454000-memory.dmp

C:\Windows\system\yMkdRwv.exe

MD5 0326e084e0a4804d878ef7ff73a3f1dc
SHA1 16127244d088d2fbe248beec787601ec0865f81f
SHA256 9f1272653688c6a5845050b5ad06283c2cce6eb0d926d6ca2ea5840b3d3ab94b
SHA512 f43963f8263376b0c238d939274c81da786f84a3f8bb1ed4221a0dbc038f1610058ee9471661e9bbf01e26d31fecd09f086ae849883297ff85d51b7adadc09b6

C:\Windows\system\yBmRYFv.exe

MD5 21fd271030cdaa58975324b9cbcbeb04
SHA1 98c3372df701ebd2d9077040d9e9d1a82c2a3bd0
SHA256 644f6982b9a1a79086b35681f8d06bafc2b3bd0b9762b39d9ee1c37e20711d12
SHA512 9eea5aad8104b1e76d20c4a7363d87aca1f73ae8bbdf69dedd40fdf7101c35a9f6cc1bb370d147eab9d532460524671e7630a9a3a0f71a10129284a45646e2e6

C:\Windows\system\tUPgCoT.exe

MD5 dd3662b98f919d43c22b8a198a4c137c
SHA1 4008a552315001b2c13819a3fc09dca3d30e7a44
SHA256 becc9ca16b20d7fdac7c3cbf55f1d86f45a1046f7f4d2730d57fbe276a2e192e
SHA512 7e0bde006ccb2768efeeb4326ee8abc0477355dd6d333e9f9ff47ed8cbd2131e89f61d0563e1c86e5031ee77bb129a41417cce3f89db48ac02c6955d1a00c9a0

C:\Windows\system\FpRRxHF.exe

MD5 155aea6578c26712c30a03f826b00fd6
SHA1 d5fa8aab36a3f9990a1603206b3a46abe5ea8208
SHA256 a2934b35b82f645a2258f58c62cfd4376cd9dce95a178fdff8d9739f6d8edd0a
SHA512 99b9d496a6bc9d4cb8574df5d00c93e8925041c48958dc85252c18340cfd6d12df44178e5e5a7b891d9f1d35ca091ba81e68e4b2913e43837707528dd5ad53b2

C:\Windows\system\BlkZcDA.exe

MD5 25e09eb8bc9ab2cbc1b9a8c0a056e34a
SHA1 8549b327ef61767e72c2c4dd80d1ba109f52afbc
SHA256 4d1ae651381031a1707aff6dfeb9cd6256f4537bf3abfacfdf6bca3d372f82c4
SHA512 5e97a34e0687aa3d3bf31137c5af4145af2b5eda9e0d67fd56ca42ee3d09cc6dc811b7798f865bc819738596a20fa9c34a61487c3a7b4d997468afb5df0a495d

C:\Windows\system\zBdDcmq.exe

MD5 b2c9d4dca8fc08d82b2b7e09e1a012af
SHA1 65966fb60d41a230b131fcce2beddc98f53971b2
SHA256 51b4b379a30dd51b81edfdd2fb45a1a6866aeb955cbdb6a8db630208c94a8178
SHA512 4e352a9f0d936ac2560fc2693597d5f5a3af9adce98e5bdf5f04f254ca6874fb826fa19cd31fdc82057995c69cb765457686e0ea3a5127d1bf9a878d40fe43a9

C:\Windows\system\yGkciZT.exe

MD5 10784209153dff2e9d457c4ae20d9b57
SHA1 040c148ae08d24cbae1e4637d7d64ff17a44d5fb
SHA256 ab507acc20e2db2e388fc39e5e07ff08397b741f23d63de330e98a76fa97df8b
SHA512 2220fa081a3deae5a8c4f96f2df570d05881d1e859cf2f94bf83787c21de6d0519d70dc2433eb80612de2c54310ca41efb242a73fbaa93536cfc1bedbee69ea4

C:\Windows\system\auxnlGt.exe

MD5 5ed6165a41a97c7766ae4259cd355efb
SHA1 f65ed88942177b91a07a6067b2aebdc62d6753c4
SHA256 5fdb5f54518a67ba6faa59d2302ed5adcda0857d24595772b335405854a601c0
SHA512 4ad8301e6190c96bbb652be21c00082916218530b62d6b1b7f982ba2abf27b60d75f76c92a6e7ce0c496ce4bc5706f177caccbc4785a4024f3ea580367414190

C:\Windows\system\cLCPsDz.exe

MD5 da683ab315f82e62f6368c41c43f3062
SHA1 62c721f22fe43c78dfd3649471b9557a27fbd591
SHA256 e680ff0a1305a3bb16a6e4f34451041c1443eee01ab02a8f9e77978356268800
SHA512 01a9779cc6ffd213dd484f1f33a77b85a8f2bed58acbf8bf137c2c3c53574528ad5daa7ac8f94b9085433ddfaa3e5bd392475d5600bf501d2a49cc8c4d914a54

C:\Windows\system\CrVKtee.exe

MD5 a244cc18d0cf75dcc39e0ca7795adae4
SHA1 8fa1e9728539f42f9ac23ab97d9ab5a9b35c8e4d
SHA256 bc9ba409effb4785ddbdc259ee18d71cb1ce356cca843364a66043fc7060fcd9
SHA512 79293bdc083839ded41b5feabf1744bab6d6ead0a0866f9f8c473cdf820b449aae18be70bf8bf019b7bff9e26cecbfa550bb814236fa8101424d5831dc6ebcf7

C:\Windows\system\DWmnNxp.exe

MD5 ca740a574927cdff9d4e35044cebb2d0
SHA1 e9eefa800b48d97966576f169255c3ff1323978f
SHA256 6de3ea422289a3b8a641cb39e14bc871fca21673be08f957cd3fd239c6300f30
SHA512 0334c2741d7eb397c4072e2ce3032d99b0b4592d5ec477e22ba0b6dae8da0f87940d211dc2730e9be11e57872ae853c8b5d446b2a683219fc20dc32180fe7924

C:\Windows\system\wnAvbyQ.exe

MD5 a6604cb74213572e758b46f76cd974a7
SHA1 291153c07e1f2a9d1f578543dd70224972643586
SHA256 3d5895dc4d5c810815be8b4f3ff841f3ba86deab56868fd1e491c3e8cc1f212a
SHA512 55e52a512406aaddfee7c889b1fe359933411944e40641d20b4f98d41fb8aaffc53082e92607c6302a995ff9494d0b75587eb8e7900633078419166a111ad361

C:\Windows\system\OgmDECR.exe

MD5 d7b62691ca3d36a26ba629d7000f4628
SHA1 5a690d5931efb228f06828358937fb97de111b64
SHA256 84bd5790a3ed92093229551381c4fd54fec19dec3d41dd926b6530295b48c658
SHA512 8033ec0c9e42fa3ac6ecaa9b978bd633cda3d23facbf95a4f797f14de2bdab993a03455af635c143f935ad3766379737c66038bd7d4974adaaadfc6b40320396

C:\Windows\system\EbtukOH.exe

MD5 b886c8cff40099b9dc2bed299a82fadb
SHA1 e87ea285cc83ea62e2a92021b1902e6e452e5607
SHA256 58ec25c2f7b256537017ec5caa39d5b0cc694068481adacd053c47835c81f1c5
SHA512 fb61b8b7b81b50f26ede204c4adee1dc27d11f08f9195ccb66a854bad60b5cfdacab4c6786b0cd6a99e90345caf78a6532113722c3b9030687670e9da1175798

C:\Windows\system\IQXROzl.exe

MD5 5d30aea8880b33968ed6a26d29e48af6
SHA1 a81e7f37802bef13035710c92749ac8238f94e39
SHA256 a27b2c0a52d6ca473e395ff369f54034d040c9226c5e1fd3068f9098ec5b0306
SHA512 e13e6f1582e5990b95cd43aea7ae014367703d079bb285e9b33e77006886ece9d2f25ad584795cea36554a8a0e4c9ed1b259b9e58e962ce4da174a85bc3b0453

C:\Windows\system\njxfaUf.exe

MD5 b612139ce314d8c25f5bc01e852cff85
SHA1 9a37685cc09fd0b266d8e1c290005061b87c992c
SHA256 36119074e7d86c165a6263682984d199754fb405fa3a0f5de224f0a13802db32
SHA512 aaf86f129a272637a59a7ffcd25d147ca758028a4c69700a1647cdf62ac100195b1c707c864b4ae990afae4bf9e13c0bd27f5eb3860a2df7af412d1a8270c20c

C:\Windows\system\xgTsuRh.exe

MD5 f49aa20cd262e8e52ba422ac90d7d6b7
SHA1 1b273b95766dcf5da62820de77584f57f76023e4
SHA256 715dad3a6e04d95bd7e2c46da473f102e895b5b074097fc38abb589a8951e729
SHA512 5037d1a3a95985c330e146676d3d3aa90b38e936f8e3a24eb6c1b3da4872bf7a935d5915f72f34ac4b52b88fe00a1f949e1547d699e71c12125f19c180270a95

C:\Windows\system\SXDfqnI.exe

MD5 439d8283887d1fd4e652bc4b03f9eeb0
SHA1 5ce2772934826eacd5e6796aea67173312332ecd
SHA256 9399bac314aa42726529cb435cf4320737738870845e61bc082a0bb96e59b4ed
SHA512 9d0c62239293f9db877dcd5789f9a70e03311efaf4da0d47a08bcd24100879146a5789d9eb91dfed0ee1b7a3bee28f5361399a328504483945c9aef8d9960efa

memory/2936-53-0x000000013F310000-0x000000013F664000-memory.dmp

memory/1684-52-0x000000013F310000-0x000000013F664000-memory.dmp

C:\Windows\system\GbzLcCa.exe

MD5 603fca11a74dd1a3fc6a2b9bee8026d3
SHA1 54ef3ea88736cbff8c9ca932923d6205a92f7795
SHA256 13dbfc59ce20073ad5c396cb09e01d2305fd6bbd0777c0591ee1f6797ecf01fd
SHA512 534bd17d0d7d24ea4830df859d2b2a85c86961d93bc25c97d4034ed2b9bc97b1c39278c60fb179819444e0689a16bb68854734e691fcba03ab96a7a76f914a20

C:\Windows\system\EzAiDlo.exe

MD5 abe2f80da6bd6f7d77615f70799632a2
SHA1 3a03671a7e996c7f79c5ac5075efe0d0ac314ef4
SHA256 ba5d3b47f0502effb7dd9e7cda43760da2b30bcbf5e1b3e7e205d94de30e8889
SHA512 310209083380a92a80148f1f38f2326062131a40489ca40f8a7507a35d40ed4faba7ff3bc9f254a9ae17de6db9cfb0757f63f5cc85d08d4e5b2611ef596d941f

memory/1684-40-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/2788-39-0x000000013F790000-0x000000013FAE4000-memory.dmp

C:\Windows\system\FBOGZWq.exe

MD5 3ce0c54c76a43d69db3543d794408d67
SHA1 ee5abe78be52b8618c1cf42bdc568ae8ea2c777d
SHA256 6daf254e75de5e12559daf2a94f804139f0fe4f4fa3d1edc4656a34a811f2294
SHA512 90f837286ac260476ff82019a6628560c35dc4b1a80e4cbf6000bcd7744a76c8a71097c483bdd00036cbd6f7960222a4fbd73f41cfd131627626535e76062679

memory/3068-25-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/1684-24-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2332-23-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/1684-20-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/1684-1069-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1070-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/2332-1071-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/1272-1072-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/2724-1073-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/1684-1074-0x000000013F200000-0x000000013F554000-memory.dmp

memory/1684-1075-0x000000013F200000-0x000000013F554000-memory.dmp

memory/1684-1076-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1077-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1078-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/1684-1079-0x0000000001EE0000-0x0000000002234000-memory.dmp

memory/1684-1080-0x000000013F100000-0x000000013F454000-memory.dmp

memory/1144-1081-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/3068-1082-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2332-1083-0x000000013F730000-0x000000013FA84000-memory.dmp

memory/1272-1084-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/2788-1085-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2632-1086-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2936-1087-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2500-1088-0x000000013F200000-0x000000013F554000-memory.dmp

memory/3008-1090-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2644-1089-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2724-1091-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2384-1094-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2572-1093-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2560-1092-0x000000013F200000-0x000000013F554000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 20:04

Reported

2024-06-25 20:06

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oUHOpxb.exe N/A
N/A N/A C:\Windows\System\QowkzLn.exe N/A
N/A N/A C:\Windows\System\DCvXKSi.exe N/A
N/A N/A C:\Windows\System\nBrQuyk.exe N/A
N/A N/A C:\Windows\System\KUYyOyg.exe N/A
N/A N/A C:\Windows\System\GIeWRTA.exe N/A
N/A N/A C:\Windows\System\QEwnUsb.exe N/A
N/A N/A C:\Windows\System\rNZMBTo.exe N/A
N/A N/A C:\Windows\System\UHCvWNK.exe N/A
N/A N/A C:\Windows\System\JPkBEWK.exe N/A
N/A N/A C:\Windows\System\JvdwNPa.exe N/A
N/A N/A C:\Windows\System\dSdgIoN.exe N/A
N/A N/A C:\Windows\System\KVjkgzc.exe N/A
N/A N/A C:\Windows\System\kVdwUXA.exe N/A
N/A N/A C:\Windows\System\DzerfVj.exe N/A
N/A N/A C:\Windows\System\XEbHTmT.exe N/A
N/A N/A C:\Windows\System\NnGexTv.exe N/A
N/A N/A C:\Windows\System\ASRudWC.exe N/A
N/A N/A C:\Windows\System\OHzyoBd.exe N/A
N/A N/A C:\Windows\System\RjDopbj.exe N/A
N/A N/A C:\Windows\System\nEKeAGQ.exe N/A
N/A N/A C:\Windows\System\QgMNvHl.exe N/A
N/A N/A C:\Windows\System\ArwnmaJ.exe N/A
N/A N/A C:\Windows\System\XCBdUSe.exe N/A
N/A N/A C:\Windows\System\TvYbotZ.exe N/A
N/A N/A C:\Windows\System\YzaOKtj.exe N/A
N/A N/A C:\Windows\System\IOmrINg.exe N/A
N/A N/A C:\Windows\System\EjhjAnF.exe N/A
N/A N/A C:\Windows\System\xesCLlz.exe N/A
N/A N/A C:\Windows\System\ZVkOuNO.exe N/A
N/A N/A C:\Windows\System\xEPbsjW.exe N/A
N/A N/A C:\Windows\System\LrotvPR.exe N/A
N/A N/A C:\Windows\System\MOqGqWF.exe N/A
N/A N/A C:\Windows\System\GFasOQW.exe N/A
N/A N/A C:\Windows\System\VHvvUXP.exe N/A
N/A N/A C:\Windows\System\IozbdLr.exe N/A
N/A N/A C:\Windows\System\fzBQKJK.exe N/A
N/A N/A C:\Windows\System\jWisGXX.exe N/A
N/A N/A C:\Windows\System\FeKqNer.exe N/A
N/A N/A C:\Windows\System\WQwBYMW.exe N/A
N/A N/A C:\Windows\System\CpsAmYi.exe N/A
N/A N/A C:\Windows\System\OWvmeTq.exe N/A
N/A N/A C:\Windows\System\OJMBcxq.exe N/A
N/A N/A C:\Windows\System\jjxILdf.exe N/A
N/A N/A C:\Windows\System\KVLMeUo.exe N/A
N/A N/A C:\Windows\System\CHqdEPf.exe N/A
N/A N/A C:\Windows\System\UWNmlwe.exe N/A
N/A N/A C:\Windows\System\zwOMWNW.exe N/A
N/A N/A C:\Windows\System\FwECccB.exe N/A
N/A N/A C:\Windows\System\RHmrGhj.exe N/A
N/A N/A C:\Windows\System\nFUAGpI.exe N/A
N/A N/A C:\Windows\System\CGjAopu.exe N/A
N/A N/A C:\Windows\System\XZrReZm.exe N/A
N/A N/A C:\Windows\System\onazPzE.exe N/A
N/A N/A C:\Windows\System\xVpNCbG.exe N/A
N/A N/A C:\Windows\System\JacABpR.exe N/A
N/A N/A C:\Windows\System\iDOphhG.exe N/A
N/A N/A C:\Windows\System\mmfoUpI.exe N/A
N/A N/A C:\Windows\System\HAotraA.exe N/A
N/A N/A C:\Windows\System\FSiooIe.exe N/A
N/A N/A C:\Windows\System\vOXOncU.exe N/A
N/A N/A C:\Windows\System\moNFpAy.exe N/A
N/A N/A C:\Windows\System\RFYmYmd.exe N/A
N/A N/A C:\Windows\System\mSPnbbt.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FekKGDI.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnRspys.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvYbotZ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWisGXX.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWKMeUt.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\VYKZtmR.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUSMeQk.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgWqmPN.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\DksZvBi.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPadufz.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\JlUQBwT.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUATNkj.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\zBGCubY.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZBerYf.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLeKqch.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWapbWg.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\qpfBNMC.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXJbEpt.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\aeyQuPc.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqOpXsV.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUHOpxb.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQPJYXi.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\NopAXRU.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANZqcaV.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\jRWCliA.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\kVdwUXA.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHqdEPf.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWNmlwe.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUdoVyI.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGDJzUE.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqvWmfO.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\EhFxOWB.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\Rjtenuh.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNZMBTo.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvdwNPa.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVkOuNO.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDOphhG.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAotraA.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYkQBKO.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBTuPEV.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnvgatZ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\FeNpTXF.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDRuATf.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\nEKeAGQ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGeKgdW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\JPOiOMC.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\QowkzLn.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\rioVOGQ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\rwKvtxD.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmZUwAX.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\aoRNLfl.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CzdQQyJ.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdzOlGN.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\clXazoX.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\XEbHTmT.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\WQwBYMW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxPrGwU.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAFGpIa.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDysbjs.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\CAfYlQr.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\FuvVESM.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\euHEmtW.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\waHMGZH.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHzyoBd.exe C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\oUHOpxb.exe
PID 1900 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\oUHOpxb.exe
PID 1900 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QowkzLn.exe
PID 1900 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QowkzLn.exe
PID 1900 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DCvXKSi.exe
PID 1900 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DCvXKSi.exe
PID 1900 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\nBrQuyk.exe
PID 1900 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\nBrQuyk.exe
PID 1900 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\KUYyOyg.exe
PID 1900 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\KUYyOyg.exe
PID 1900 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\GIeWRTA.exe
PID 1900 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\GIeWRTA.exe
PID 1900 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QEwnUsb.exe
PID 1900 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QEwnUsb.exe
PID 1900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\rNZMBTo.exe
PID 1900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\rNZMBTo.exe
PID 1900 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\UHCvWNK.exe
PID 1900 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\UHCvWNK.exe
PID 1900 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\JPkBEWK.exe
PID 1900 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\JPkBEWK.exe
PID 1900 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\JvdwNPa.exe
PID 1900 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\JvdwNPa.exe
PID 1900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\dSdgIoN.exe
PID 1900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\dSdgIoN.exe
PID 1900 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\KVjkgzc.exe
PID 1900 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\KVjkgzc.exe
PID 1900 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\kVdwUXA.exe
PID 1900 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\kVdwUXA.exe
PID 1900 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DzerfVj.exe
PID 1900 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\DzerfVj.exe
PID 1900 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\XEbHTmT.exe
PID 1900 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\XEbHTmT.exe
PID 1900 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\NnGexTv.exe
PID 1900 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\NnGexTv.exe
PID 1900 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ASRudWC.exe
PID 1900 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ASRudWC.exe
PID 1900 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\OHzyoBd.exe
PID 1900 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\OHzyoBd.exe
PID 1900 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\RjDopbj.exe
PID 1900 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\RjDopbj.exe
PID 1900 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\nEKeAGQ.exe
PID 1900 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\nEKeAGQ.exe
PID 1900 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QgMNvHl.exe
PID 1900 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\QgMNvHl.exe
PID 1900 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ArwnmaJ.exe
PID 1900 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ArwnmaJ.exe
PID 1900 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\XCBdUSe.exe
PID 1900 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\XCBdUSe.exe
PID 1900 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\TvYbotZ.exe
PID 1900 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\TvYbotZ.exe
PID 1900 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\YzaOKtj.exe
PID 1900 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\YzaOKtj.exe
PID 1900 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\IOmrINg.exe
PID 1900 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\IOmrINg.exe
PID 1900 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EjhjAnF.exe
PID 1900 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\EjhjAnF.exe
PID 1900 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xesCLlz.exe
PID 1900 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xesCLlz.exe
PID 1900 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ZVkOuNO.exe
PID 1900 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\ZVkOuNO.exe
PID 1900 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xEPbsjW.exe
PID 1900 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\xEPbsjW.exe
PID 1900 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\LrotvPR.exe
PID 1900 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe C:\Windows\System\LrotvPR.exe

Processes

C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\06121c3edcf30c1a88521bdd0df6ef2ea10a9c434a1ad9750f366f3f92f7035e_NeikiAnalytics.exe"

C:\Windows\System\oUHOpxb.exe

C:\Windows\System\oUHOpxb.exe

C:\Windows\System\QowkzLn.exe

C:\Windows\System\QowkzLn.exe

C:\Windows\System\DCvXKSi.exe

C:\Windows\System\DCvXKSi.exe

C:\Windows\System\nBrQuyk.exe

C:\Windows\System\nBrQuyk.exe

C:\Windows\System\KUYyOyg.exe

C:\Windows\System\KUYyOyg.exe

C:\Windows\System\GIeWRTA.exe

C:\Windows\System\GIeWRTA.exe

C:\Windows\System\QEwnUsb.exe

C:\Windows\System\QEwnUsb.exe

C:\Windows\System\rNZMBTo.exe

C:\Windows\System\rNZMBTo.exe

C:\Windows\System\UHCvWNK.exe

C:\Windows\System\UHCvWNK.exe

C:\Windows\System\JPkBEWK.exe

C:\Windows\System\JPkBEWK.exe

C:\Windows\System\JvdwNPa.exe

C:\Windows\System\JvdwNPa.exe

C:\Windows\System\dSdgIoN.exe

C:\Windows\System\dSdgIoN.exe

C:\Windows\System\KVjkgzc.exe

C:\Windows\System\KVjkgzc.exe

C:\Windows\System\kVdwUXA.exe

C:\Windows\System\kVdwUXA.exe

C:\Windows\System\DzerfVj.exe

C:\Windows\System\DzerfVj.exe

C:\Windows\System\XEbHTmT.exe

C:\Windows\System\XEbHTmT.exe

C:\Windows\System\NnGexTv.exe

C:\Windows\System\NnGexTv.exe

C:\Windows\System\ASRudWC.exe

C:\Windows\System\ASRudWC.exe

C:\Windows\System\OHzyoBd.exe

C:\Windows\System\OHzyoBd.exe

C:\Windows\System\RjDopbj.exe

C:\Windows\System\RjDopbj.exe

C:\Windows\System\nEKeAGQ.exe

C:\Windows\System\nEKeAGQ.exe

C:\Windows\System\QgMNvHl.exe

C:\Windows\System\QgMNvHl.exe

C:\Windows\System\ArwnmaJ.exe

C:\Windows\System\ArwnmaJ.exe

C:\Windows\System\XCBdUSe.exe

C:\Windows\System\XCBdUSe.exe

C:\Windows\System\TvYbotZ.exe

C:\Windows\System\TvYbotZ.exe

C:\Windows\System\YzaOKtj.exe

C:\Windows\System\YzaOKtj.exe

C:\Windows\System\IOmrINg.exe

C:\Windows\System\IOmrINg.exe

C:\Windows\System\EjhjAnF.exe

C:\Windows\System\EjhjAnF.exe

C:\Windows\System\xesCLlz.exe

C:\Windows\System\xesCLlz.exe

C:\Windows\System\ZVkOuNO.exe

C:\Windows\System\ZVkOuNO.exe

C:\Windows\System\xEPbsjW.exe

C:\Windows\System\xEPbsjW.exe

C:\Windows\System\LrotvPR.exe

C:\Windows\System\LrotvPR.exe

C:\Windows\System\MOqGqWF.exe

C:\Windows\System\MOqGqWF.exe

C:\Windows\System\GFasOQW.exe

C:\Windows\System\GFasOQW.exe

C:\Windows\System\VHvvUXP.exe

C:\Windows\System\VHvvUXP.exe

C:\Windows\System\IozbdLr.exe

C:\Windows\System\IozbdLr.exe

C:\Windows\System\fzBQKJK.exe

C:\Windows\System\fzBQKJK.exe

C:\Windows\System\jWisGXX.exe

C:\Windows\System\jWisGXX.exe

C:\Windows\System\FeKqNer.exe

C:\Windows\System\FeKqNer.exe

C:\Windows\System\WQwBYMW.exe

C:\Windows\System\WQwBYMW.exe

C:\Windows\System\CpsAmYi.exe

C:\Windows\System\CpsAmYi.exe

C:\Windows\System\OWvmeTq.exe

C:\Windows\System\OWvmeTq.exe

C:\Windows\System\OJMBcxq.exe

C:\Windows\System\OJMBcxq.exe

C:\Windows\System\jjxILdf.exe

C:\Windows\System\jjxILdf.exe

C:\Windows\System\KVLMeUo.exe

C:\Windows\System\KVLMeUo.exe

C:\Windows\System\CHqdEPf.exe

C:\Windows\System\CHqdEPf.exe

C:\Windows\System\UWNmlwe.exe

C:\Windows\System\UWNmlwe.exe

C:\Windows\System\zwOMWNW.exe

C:\Windows\System\zwOMWNW.exe

C:\Windows\System\FwECccB.exe

C:\Windows\System\FwECccB.exe

C:\Windows\System\RHmrGhj.exe

C:\Windows\System\RHmrGhj.exe

C:\Windows\System\nFUAGpI.exe

C:\Windows\System\nFUAGpI.exe

C:\Windows\System\CGjAopu.exe

C:\Windows\System\CGjAopu.exe

C:\Windows\System\XZrReZm.exe

C:\Windows\System\XZrReZm.exe

C:\Windows\System\onazPzE.exe

C:\Windows\System\onazPzE.exe

C:\Windows\System\xVpNCbG.exe

C:\Windows\System\xVpNCbG.exe

C:\Windows\System\JacABpR.exe

C:\Windows\System\JacABpR.exe

C:\Windows\System\iDOphhG.exe

C:\Windows\System\iDOphhG.exe

C:\Windows\System\mmfoUpI.exe

C:\Windows\System\mmfoUpI.exe

C:\Windows\System\HAotraA.exe

C:\Windows\System\HAotraA.exe

C:\Windows\System\FSiooIe.exe

C:\Windows\System\FSiooIe.exe

C:\Windows\System\vOXOncU.exe

C:\Windows\System\vOXOncU.exe

C:\Windows\System\moNFpAy.exe

C:\Windows\System\moNFpAy.exe

C:\Windows\System\RFYmYmd.exe

C:\Windows\System\RFYmYmd.exe

C:\Windows\System\mSPnbbt.exe

C:\Windows\System\mSPnbbt.exe

C:\Windows\System\wxDcxlE.exe

C:\Windows\System\wxDcxlE.exe

C:\Windows\System\qjkGuTd.exe

C:\Windows\System\qjkGuTd.exe

C:\Windows\System\IqwNkGG.exe

C:\Windows\System\IqwNkGG.exe

C:\Windows\System\YslESNe.exe

C:\Windows\System\YslESNe.exe

C:\Windows\System\OWafWYp.exe

C:\Windows\System\OWafWYp.exe

C:\Windows\System\fUATNkj.exe

C:\Windows\System\fUATNkj.exe

C:\Windows\System\lwGaHdL.exe

C:\Windows\System\lwGaHdL.exe

C:\Windows\System\tHeMZRZ.exe

C:\Windows\System\tHeMZRZ.exe

C:\Windows\System\tYkQBKO.exe

C:\Windows\System\tYkQBKO.exe

C:\Windows\System\zLTXpqr.exe

C:\Windows\System\zLTXpqr.exe

C:\Windows\System\BnvgatZ.exe

C:\Windows\System\BnvgatZ.exe

C:\Windows\System\VXDBHyZ.exe

C:\Windows\System\VXDBHyZ.exe

C:\Windows\System\oKaNNCr.exe

C:\Windows\System\oKaNNCr.exe

C:\Windows\System\ULfYXJo.exe

C:\Windows\System\ULfYXJo.exe

C:\Windows\System\XEYBDmU.exe

C:\Windows\System\XEYBDmU.exe

C:\Windows\System\yvvzDLB.exe

C:\Windows\System\yvvzDLB.exe

C:\Windows\System\yOZWAlm.exe

C:\Windows\System\yOZWAlm.exe

C:\Windows\System\CDGnCJV.exe

C:\Windows\System\CDGnCJV.exe

C:\Windows\System\ofLJKiP.exe

C:\Windows\System\ofLJKiP.exe

C:\Windows\System\VeqFGat.exe

C:\Windows\System\VeqFGat.exe

C:\Windows\System\KUdoVyI.exe

C:\Windows\System\KUdoVyI.exe

C:\Windows\System\ixNVHOK.exe

C:\Windows\System\ixNVHOK.exe

C:\Windows\System\zBGCubY.exe

C:\Windows\System\zBGCubY.exe

C:\Windows\System\RzzxSvL.exe

C:\Windows\System\RzzxSvL.exe

C:\Windows\System\JXugflX.exe

C:\Windows\System\JXugflX.exe

C:\Windows\System\euHEmtW.exe

C:\Windows\System\euHEmtW.exe

C:\Windows\System\MFDDjuc.exe

C:\Windows\System\MFDDjuc.exe

C:\Windows\System\bGDJzUE.exe

C:\Windows\System\bGDJzUE.exe

C:\Windows\System\ilcuevn.exe

C:\Windows\System\ilcuevn.exe

C:\Windows\System\ymeapzd.exe

C:\Windows\System\ymeapzd.exe

C:\Windows\System\ZzckbTs.exe

C:\Windows\System\ZzckbTs.exe

C:\Windows\System\BcRroHS.exe

C:\Windows\System\BcRroHS.exe

C:\Windows\System\gpSDyMQ.exe

C:\Windows\System\gpSDyMQ.exe

C:\Windows\System\JOLCqoD.exe

C:\Windows\System\JOLCqoD.exe

C:\Windows\System\KasuEeJ.exe

C:\Windows\System\KasuEeJ.exe

C:\Windows\System\MpRHhwq.exe

C:\Windows\System\MpRHhwq.exe

C:\Windows\System\WOaHqQj.exe

C:\Windows\System\WOaHqQj.exe

C:\Windows\System\rioVOGQ.exe

C:\Windows\System\rioVOGQ.exe

C:\Windows\System\kJrPzUO.exe

C:\Windows\System\kJrPzUO.exe

C:\Windows\System\hVmmNyl.exe

C:\Windows\System\hVmmNyl.exe

C:\Windows\System\QJvIbGl.exe

C:\Windows\System\QJvIbGl.exe

C:\Windows\System\PSgbngA.exe

C:\Windows\System\PSgbngA.exe

C:\Windows\System\xhSYHdu.exe

C:\Windows\System\xhSYHdu.exe

C:\Windows\System\puKAgcz.exe

C:\Windows\System\puKAgcz.exe

C:\Windows\System\MELyVql.exe

C:\Windows\System\MELyVql.exe

C:\Windows\System\rwKvtxD.exe

C:\Windows\System\rwKvtxD.exe

C:\Windows\System\rxPrGwU.exe

C:\Windows\System\rxPrGwU.exe

C:\Windows\System\sQSWmgp.exe

C:\Windows\System\sQSWmgp.exe

C:\Windows\System\pUXuwRm.exe

C:\Windows\System\pUXuwRm.exe

C:\Windows\System\TmZUwAX.exe

C:\Windows\System\TmZUwAX.exe

C:\Windows\System\pAYcxiM.exe

C:\Windows\System\pAYcxiM.exe

C:\Windows\System\hGetxOm.exe

C:\Windows\System\hGetxOm.exe

C:\Windows\System\IVVfCDq.exe

C:\Windows\System\IVVfCDq.exe

C:\Windows\System\lJLDfpW.exe

C:\Windows\System\lJLDfpW.exe

C:\Windows\System\qCeGgUf.exe

C:\Windows\System\qCeGgUf.exe

C:\Windows\System\bBPkUJk.exe

C:\Windows\System\bBPkUJk.exe

C:\Windows\System\CWapbWg.exe

C:\Windows\System\CWapbWg.exe

C:\Windows\System\neDeUGv.exe

C:\Windows\System\neDeUGv.exe

C:\Windows\System\RTrxNhB.exe

C:\Windows\System\RTrxNhB.exe

C:\Windows\System\ZcHstGc.exe

C:\Windows\System\ZcHstGc.exe

C:\Windows\System\lrATjhy.exe

C:\Windows\System\lrATjhy.exe

C:\Windows\System\JcZHuNI.exe

C:\Windows\System\JcZHuNI.exe

C:\Windows\System\pBdnlsg.exe

C:\Windows\System\pBdnlsg.exe

C:\Windows\System\evHUIEG.exe

C:\Windows\System\evHUIEG.exe

C:\Windows\System\zlIRGRs.exe

C:\Windows\System\zlIRGRs.exe

C:\Windows\System\qCjdcWP.exe

C:\Windows\System\qCjdcWP.exe

C:\Windows\System\WTKBZZn.exe

C:\Windows\System\WTKBZZn.exe

C:\Windows\System\waHMGZH.exe

C:\Windows\System\waHMGZH.exe

C:\Windows\System\ndysJFf.exe

C:\Windows\System\ndysJFf.exe

C:\Windows\System\PitcKiR.exe

C:\Windows\System\PitcKiR.exe

C:\Windows\System\FeNpTXF.exe

C:\Windows\System\FeNpTXF.exe

C:\Windows\System\huFVwyi.exe

C:\Windows\System\huFVwyi.exe

C:\Windows\System\AoKuNcV.exe

C:\Windows\System\AoKuNcV.exe

C:\Windows\System\SEvyaVN.exe

C:\Windows\System\SEvyaVN.exe

C:\Windows\System\eDbOpRw.exe

C:\Windows\System\eDbOpRw.exe

C:\Windows\System\YiWDyBM.exe

C:\Windows\System\YiWDyBM.exe

C:\Windows\System\jrwgdwb.exe

C:\Windows\System\jrwgdwb.exe

C:\Windows\System\LwkgCML.exe

C:\Windows\System\LwkgCML.exe

C:\Windows\System\FAFGpIa.exe

C:\Windows\System\FAFGpIa.exe

C:\Windows\System\ifuhucs.exe

C:\Windows\System\ifuhucs.exe

C:\Windows\System\yghawfL.exe

C:\Windows\System\yghawfL.exe

C:\Windows\System\VQeGuyD.exe

C:\Windows\System\VQeGuyD.exe

C:\Windows\System\bEgXjRV.exe

C:\Windows\System\bEgXjRV.exe

C:\Windows\System\XElVAJt.exe

C:\Windows\System\XElVAJt.exe

C:\Windows\System\dIWplxs.exe

C:\Windows\System\dIWplxs.exe

C:\Windows\System\aoRNLfl.exe

C:\Windows\System\aoRNLfl.exe

C:\Windows\System\pedsCAR.exe

C:\Windows\System\pedsCAR.exe

C:\Windows\System\fcUirCk.exe

C:\Windows\System\fcUirCk.exe

C:\Windows\System\KBHiHHU.exe

C:\Windows\System\KBHiHHU.exe

C:\Windows\System\JWKMeUt.exe

C:\Windows\System\JWKMeUt.exe

C:\Windows\System\VYKZtmR.exe

C:\Windows\System\VYKZtmR.exe

C:\Windows\System\AMaqbGy.exe

C:\Windows\System\AMaqbGy.exe

C:\Windows\System\sQPJYXi.exe

C:\Windows\System\sQPJYXi.exe

C:\Windows\System\LJcWFBL.exe

C:\Windows\System\LJcWFBL.exe

C:\Windows\System\QoNHcrc.exe

C:\Windows\System\QoNHcrc.exe

C:\Windows\System\oiAPPhX.exe

C:\Windows\System\oiAPPhX.exe

C:\Windows\System\zCDALjJ.exe

C:\Windows\System\zCDALjJ.exe

C:\Windows\System\NnuCSqv.exe

C:\Windows\System\NnuCSqv.exe

C:\Windows\System\UZwqPsn.exe

C:\Windows\System\UZwqPsn.exe

C:\Windows\System\zArPSOE.exe

C:\Windows\System\zArPSOE.exe

C:\Windows\System\SFyTsLA.exe

C:\Windows\System\SFyTsLA.exe

C:\Windows\System\CSNJcHa.exe

C:\Windows\System\CSNJcHa.exe

C:\Windows\System\iKsUxPX.exe

C:\Windows\System\iKsUxPX.exe

C:\Windows\System\ROWBxiw.exe

C:\Windows\System\ROWBxiw.exe

C:\Windows\System\hQfvGwy.exe

C:\Windows\System\hQfvGwy.exe

C:\Windows\System\AMkZfFn.exe

C:\Windows\System\AMkZfFn.exe

C:\Windows\System\EhFxOWB.exe

C:\Windows\System\EhFxOWB.exe

C:\Windows\System\qULvGnd.exe

C:\Windows\System\qULvGnd.exe

C:\Windows\System\ADRdOjn.exe

C:\Windows\System\ADRdOjn.exe

C:\Windows\System\IkyQfsh.exe

C:\Windows\System\IkyQfsh.exe

C:\Windows\System\xxMYAcj.exe

C:\Windows\System\xxMYAcj.exe

C:\Windows\System\TNQnImf.exe

C:\Windows\System\TNQnImf.exe

C:\Windows\System\FXayMJE.exe

C:\Windows\System\FXayMJE.exe

C:\Windows\System\eBBwmJg.exe

C:\Windows\System\eBBwmJg.exe

C:\Windows\System\pTXuEYE.exe

C:\Windows\System\pTXuEYE.exe

C:\Windows\System\vVticQv.exe

C:\Windows\System\vVticQv.exe

C:\Windows\System\iRwCyHO.exe

C:\Windows\System\iRwCyHO.exe

C:\Windows\System\dmgyMXK.exe

C:\Windows\System\dmgyMXK.exe

C:\Windows\System\RKXePWz.exe

C:\Windows\System\RKXePWz.exe

C:\Windows\System\GsEWKoH.exe

C:\Windows\System\GsEWKoH.exe

C:\Windows\System\lUSMeQk.exe

C:\Windows\System\lUSMeQk.exe

C:\Windows\System\ErtEfKO.exe

C:\Windows\System\ErtEfKO.exe

C:\Windows\System\Rjtenuh.exe

C:\Windows\System\Rjtenuh.exe

C:\Windows\System\IRMnjtU.exe

C:\Windows\System\IRMnjtU.exe

C:\Windows\System\gUsGTJH.exe

C:\Windows\System\gUsGTJH.exe

C:\Windows\System\cuBxUwV.exe

C:\Windows\System\cuBxUwV.exe

C:\Windows\System\QgWqmPN.exe

C:\Windows\System\QgWqmPN.exe

C:\Windows\System\XZZPTrv.exe

C:\Windows\System\XZZPTrv.exe

C:\Windows\System\qIoKreC.exe

C:\Windows\System\qIoKreC.exe

C:\Windows\System\qpfBNMC.exe

C:\Windows\System\qpfBNMC.exe

C:\Windows\System\RAKKlOj.exe

C:\Windows\System\RAKKlOj.exe

C:\Windows\System\jXJbEpt.exe

C:\Windows\System\jXJbEpt.exe

C:\Windows\System\JMhYTlI.exe

C:\Windows\System\JMhYTlI.exe

C:\Windows\System\WGjtMVk.exe

C:\Windows\System\WGjtMVk.exe

C:\Windows\System\RKTDFyp.exe

C:\Windows\System\RKTDFyp.exe

C:\Windows\System\NuVICxL.exe

C:\Windows\System\NuVICxL.exe

C:\Windows\System\rarDmfh.exe

C:\Windows\System\rarDmfh.exe

C:\Windows\System\aeyQuPc.exe

C:\Windows\System\aeyQuPc.exe

C:\Windows\System\wfqtPgE.exe

C:\Windows\System\wfqtPgE.exe

C:\Windows\System\zHBcjNx.exe

C:\Windows\System\zHBcjNx.exe

C:\Windows\System\bsDgcsm.exe

C:\Windows\System\bsDgcsm.exe

C:\Windows\System\xDysbjs.exe

C:\Windows\System\xDysbjs.exe

C:\Windows\System\GODKMHb.exe

C:\Windows\System\GODKMHb.exe

C:\Windows\System\kcrwoTu.exe

C:\Windows\System\kcrwoTu.exe

C:\Windows\System\KwcStOv.exe

C:\Windows\System\KwcStOv.exe

C:\Windows\System\BeruVXl.exe

C:\Windows\System\BeruVXl.exe

C:\Windows\System\HRYhXDE.exe

C:\Windows\System\HRYhXDE.exe

C:\Windows\System\RYcGjOX.exe

C:\Windows\System\RYcGjOX.exe

C:\Windows\System\ioxOQLw.exe

C:\Windows\System\ioxOQLw.exe

C:\Windows\System\OrWENPa.exe

C:\Windows\System\OrWENPa.exe

C:\Windows\System\mpcDwOz.exe

C:\Windows\System\mpcDwOz.exe

C:\Windows\System\HeqQuYV.exe

C:\Windows\System\HeqQuYV.exe

C:\Windows\System\vuRfBdn.exe

C:\Windows\System\vuRfBdn.exe

C:\Windows\System\RnQqQtI.exe

C:\Windows\System\RnQqQtI.exe

C:\Windows\System\AAyxzFl.exe

C:\Windows\System\AAyxzFl.exe

C:\Windows\System\EgpzwpB.exe

C:\Windows\System\EgpzwpB.exe

C:\Windows\System\UAsgpWa.exe

C:\Windows\System\UAsgpWa.exe

C:\Windows\System\vXChWzy.exe

C:\Windows\System\vXChWzy.exe

C:\Windows\System\LUKDmgH.exe

C:\Windows\System\LUKDmgH.exe

C:\Windows\System\ggeYaqx.exe

C:\Windows\System\ggeYaqx.exe

C:\Windows\System\NmDFeqI.exe

C:\Windows\System\NmDFeqI.exe

C:\Windows\System\apgvlDz.exe

C:\Windows\System\apgvlDz.exe

C:\Windows\System\EUVdVZm.exe

C:\Windows\System\EUVdVZm.exe

C:\Windows\System\iqZacdE.exe

C:\Windows\System\iqZacdE.exe

C:\Windows\System\ukjSKMe.exe

C:\Windows\System\ukjSKMe.exe

C:\Windows\System\xwbyPQy.exe

C:\Windows\System\xwbyPQy.exe

C:\Windows\System\HaYANSv.exe

C:\Windows\System\HaYANSv.exe

C:\Windows\System\CAfYlQr.exe

C:\Windows\System\CAfYlQr.exe

C:\Windows\System\CqvWmfO.exe

C:\Windows\System\CqvWmfO.exe

C:\Windows\System\jqOpXsV.exe

C:\Windows\System\jqOpXsV.exe

C:\Windows\System\JSyfsaJ.exe

C:\Windows\System\JSyfsaJ.exe

C:\Windows\System\zZgmxHo.exe

C:\Windows\System\zZgmxHo.exe

C:\Windows\System\hvKOzjB.exe

C:\Windows\System\hvKOzjB.exe

C:\Windows\System\wLeKqch.exe

C:\Windows\System\wLeKqch.exe

C:\Windows\System\WRWczhR.exe

C:\Windows\System\WRWczhR.exe

C:\Windows\System\AuTICiB.exe

C:\Windows\System\AuTICiB.exe

C:\Windows\System\cJuWirs.exe

C:\Windows\System\cJuWirs.exe

C:\Windows\System\DicRidE.exe

C:\Windows\System\DicRidE.exe

C:\Windows\System\izUJVaw.exe

C:\Windows\System\izUJVaw.exe

C:\Windows\System\ZiwiXvW.exe

C:\Windows\System\ZiwiXvW.exe

C:\Windows\System\BGeKgdW.exe

C:\Windows\System\BGeKgdW.exe

C:\Windows\System\FekKGDI.exe

C:\Windows\System\FekKGDI.exe

C:\Windows\System\oBTuPEV.exe

C:\Windows\System\oBTuPEV.exe

C:\Windows\System\DMYVbCe.exe

C:\Windows\System\DMYVbCe.exe

C:\Windows\System\HIyjSqe.exe

C:\Windows\System\HIyjSqe.exe

C:\Windows\System\nESBpht.exe

C:\Windows\System\nESBpht.exe

C:\Windows\System\GnZoIWi.exe

C:\Windows\System\GnZoIWi.exe

C:\Windows\System\iZBerYf.exe

C:\Windows\System\iZBerYf.exe

C:\Windows\System\kzqbajd.exe

C:\Windows\System\kzqbajd.exe

C:\Windows\System\hDRuATf.exe

C:\Windows\System\hDRuATf.exe

C:\Windows\System\BdzOlGN.exe

C:\Windows\System\BdzOlGN.exe

C:\Windows\System\hHWjBRR.exe

C:\Windows\System\hHWjBRR.exe

C:\Windows\System\ohdmqjy.exe

C:\Windows\System\ohdmqjy.exe

C:\Windows\System\oCVQNQk.exe

C:\Windows\System\oCVQNQk.exe

C:\Windows\System\BSlZZaT.exe

C:\Windows\System\BSlZZaT.exe

C:\Windows\System\tGjyvqq.exe

C:\Windows\System\tGjyvqq.exe

C:\Windows\System\NQxBFrp.exe

C:\Windows\System\NQxBFrp.exe

C:\Windows\System\ANFxMQO.exe

C:\Windows\System\ANFxMQO.exe

C:\Windows\System\zJOtPRI.exe

C:\Windows\System\zJOtPRI.exe

C:\Windows\System\rKEBDLo.exe

C:\Windows\System\rKEBDLo.exe

C:\Windows\System\BnRspys.exe

C:\Windows\System\BnRspys.exe

C:\Windows\System\bEvetbe.exe

C:\Windows\System\bEvetbe.exe

C:\Windows\System\jRWCliA.exe

C:\Windows\System\jRWCliA.exe

C:\Windows\System\JjAIVZk.exe

C:\Windows\System\JjAIVZk.exe

C:\Windows\System\tzpeXXq.exe

C:\Windows\System\tzpeXXq.exe

C:\Windows\System\zVtfpLX.exe

C:\Windows\System\zVtfpLX.exe

C:\Windows\System\nTeSPKe.exe

C:\Windows\System\nTeSPKe.exe

C:\Windows\System\GyGlGZc.exe

C:\Windows\System\GyGlGZc.exe

C:\Windows\System\wTgdrmw.exe

C:\Windows\System\wTgdrmw.exe

C:\Windows\System\OQjUXSk.exe

C:\Windows\System\OQjUXSk.exe

C:\Windows\System\JPOiOMC.exe

C:\Windows\System\JPOiOMC.exe

C:\Windows\System\ebIFbDA.exe

C:\Windows\System\ebIFbDA.exe

C:\Windows\System\QBGGSnJ.exe

C:\Windows\System\QBGGSnJ.exe

C:\Windows\System\xbHTPtZ.exe

C:\Windows\System\xbHTPtZ.exe

C:\Windows\System\uvSpydU.exe

C:\Windows\System\uvSpydU.exe

C:\Windows\System\oQWcxFO.exe

C:\Windows\System\oQWcxFO.exe

C:\Windows\System\PWrjcvU.exe

C:\Windows\System\PWrjcvU.exe

C:\Windows\System\CwzxyyE.exe

C:\Windows\System\CwzxyyE.exe

C:\Windows\System\jYFuPmS.exe

C:\Windows\System\jYFuPmS.exe

C:\Windows\System\QbEPuBK.exe

C:\Windows\System\QbEPuBK.exe

C:\Windows\System\BQXqVQB.exe

C:\Windows\System\BQXqVQB.exe

C:\Windows\System\mXMgcXE.exe

C:\Windows\System\mXMgcXE.exe

C:\Windows\System\sOvSthL.exe

C:\Windows\System\sOvSthL.exe

C:\Windows\System\AOFMQlq.exe

C:\Windows\System\AOFMQlq.exe

C:\Windows\System\ehAtNCx.exe

C:\Windows\System\ehAtNCx.exe

C:\Windows\System\wQPHrzg.exe

C:\Windows\System\wQPHrzg.exe

C:\Windows\System\tddIqxo.exe

C:\Windows\System\tddIqxo.exe

C:\Windows\System\cSYUEUa.exe

C:\Windows\System\cSYUEUa.exe

C:\Windows\System\clXazoX.exe

C:\Windows\System\clXazoX.exe

C:\Windows\System\OYlRLFV.exe

C:\Windows\System\OYlRLFV.exe

C:\Windows\System\fkBwydo.exe

C:\Windows\System\fkBwydo.exe

C:\Windows\System\MLXeEOm.exe

C:\Windows\System\MLXeEOm.exe

C:\Windows\System\JmnEDrn.exe

C:\Windows\System\JmnEDrn.exe

C:\Windows\System\eUiDxqD.exe

C:\Windows\System\eUiDxqD.exe

C:\Windows\System\aAKrStA.exe

C:\Windows\System\aAKrStA.exe

C:\Windows\System\SxFUlLq.exe

C:\Windows\System\SxFUlLq.exe

C:\Windows\System\DksZvBi.exe

C:\Windows\System\DksZvBi.exe

C:\Windows\System\ioaDjtf.exe

C:\Windows\System\ioaDjtf.exe

C:\Windows\System\CzdQQyJ.exe

C:\Windows\System\CzdQQyJ.exe

C:\Windows\System\NopAXRU.exe

C:\Windows\System\NopAXRU.exe

C:\Windows\System\iNOZBdv.exe

C:\Windows\System\iNOZBdv.exe

C:\Windows\System\UmFrOrl.exe

C:\Windows\System\UmFrOrl.exe

C:\Windows\System\snHreKx.exe

C:\Windows\System\snHreKx.exe

C:\Windows\System\FuvVESM.exe

C:\Windows\System\FuvVESM.exe

C:\Windows\System\uPadufz.exe

C:\Windows\System\uPadufz.exe

C:\Windows\System\LglkxWo.exe

C:\Windows\System\LglkxWo.exe

C:\Windows\System\mycisDV.exe

C:\Windows\System\mycisDV.exe

C:\Windows\System\ANZqcaV.exe

C:\Windows\System\ANZqcaV.exe

C:\Windows\System\RfOBTFO.exe

C:\Windows\System\RfOBTFO.exe

C:\Windows\System\Dxwjffo.exe

C:\Windows\System\Dxwjffo.exe

C:\Windows\System\EYnYklG.exe

C:\Windows\System\EYnYklG.exe

C:\Windows\System\rTCoLXj.exe

C:\Windows\System\rTCoLXj.exe

C:\Windows\System\VhmJMMz.exe

C:\Windows\System\VhmJMMz.exe

C:\Windows\System\aTpbdGM.exe

C:\Windows\System\aTpbdGM.exe

C:\Windows\System\GgsdUJW.exe

C:\Windows\System\GgsdUJW.exe

C:\Windows\System\FSUVPiW.exe

C:\Windows\System\FSUVPiW.exe

C:\Windows\System\VleGXZU.exe

C:\Windows\System\VleGXZU.exe

C:\Windows\System\HjqEZvP.exe

C:\Windows\System\HjqEZvP.exe

C:\Windows\System\elxKrdE.exe

C:\Windows\System\elxKrdE.exe

C:\Windows\System\uoeFPXR.exe

C:\Windows\System\uoeFPXR.exe

C:\Windows\System\JlUQBwT.exe

C:\Windows\System\JlUQBwT.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1900-0-0x00007FF6F3510000-0x00007FF6F3864000-memory.dmp

memory/1900-1-0x000002A3F1E30000-0x000002A3F1E40000-memory.dmp

C:\Windows\System\oUHOpxb.exe

MD5 5dc1380d231387219830a03ff217eac6
SHA1 298ada8fed422ed9434b56bc681c183381aea943
SHA256 7f9ad782db1e8a070f7f5f4ba626c774f21aa0dfc7c42fa0de4669d008197b30
SHA512 3e70b67d736f02735b30427a9a5d13d6727d63e363f43a4d71bf4f2f28511d9cafb52620ca3169b75b8e6d475a18fae8fc1645b2fde3fdeb4b60d88f1ce053e3

C:\Windows\System\DCvXKSi.exe

MD5 2a24e571725eda05b1612bed72e242f6
SHA1 7e4dae629b2fd0d8e51e27cbb1112ac54a258949
SHA256 894b2a987c1574977d04d15a6082dc8039809947994cb843b3f0f83d582b74c6
SHA512 2143824e450fcea6c3df6a971b19643a3ef1149d52f126768abf9e88ca9cf0ff1a090ef3f39cabdb3f2ac6ccf6a3f3574a093aebd4a627725a05aa5361fc7c5d

memory/3272-18-0x00007FF79D6D0000-0x00007FF79DA24000-memory.dmp

C:\Windows\System\nBrQuyk.exe

MD5 ac60ee43aaf986e79c33a570d1eb5f3c
SHA1 ea8bfd7f7216082cef37fe4a7ac2147b20b07e1b
SHA256 f467756eb4d61f6621aef5901cb841d9644c9d5b5aa0aee50aea8097845566d9
SHA512 a38e74f5e501bd849b987f5ad09e01ecb881efe3d15d6a83381017c091a81fdc932dc5747e0cd8063baeab04f4eb7df5fb4bfcd036d08a0896bb911ac8fc75c4

C:\Windows\System\rNZMBTo.exe

MD5 30b59013b29f1788442fddb7259eefa6
SHA1 3f15866626c7658b3b996d8a1628b7d0d4010b9f
SHA256 da7f659f22c5b0fee1713589b3611095c3469030f7326045fd92bf3b96f09975
SHA512 7f5cd1e64f93231f7a8e7815c3aad91d56f62fa8737425e82f5e319690cf5c3e1958457bb95e55068a705f6a8e5292fa93a010b0551a98d2981b82775214997e

C:\Windows\System\JPkBEWK.exe

MD5 14ab5d22d7e6cc42a314500bfecdf17d
SHA1 b0966fd7bcd6344de8a31ebecb8004ccad902097
SHA256 17f803ee695b1f531f7ad8dab718d27e53ca5ecb948a618d2e4020c4c1bb40c2
SHA512 0c85a2e046a2fd91ceff52ca568f147495cee31329db2b08e62609971b592a002fabb0d50e01977010b7362dcb2aab90ce2f2d7b0c92dec826e5aad7d204eb76

C:\Windows\System\dSdgIoN.exe

MD5 9f2703dcb61e00f18eb425bce3c55084
SHA1 cca6d058388b5996003cf251cca8b23e7a28fd42
SHA256 f5bd4f3e142372ab0bb69e7fb531b9af552a545212ad01b47cb1134982fd867d
SHA512 0a867f72562e18da377789449928774c095b6da41646ba8baf90a8f3cd4e985d8cbce6632d625c2c82539b4442ea5c9852fa2e28cb60f092584788a656eb996c

C:\Windows\System\kVdwUXA.exe

MD5 6ba1a25802470805897ba9704c1cda59
SHA1 ae2b03ea040fe56b5450afa8de85a442e8bdd4b7
SHA256 a576160f1939bf85172489745d3f4043f87e7c25373d9998babec258201d3612
SHA512 1466cf9351ad5ff418e728444cc66e84206252f03dd36bfab854e130b3bb41c9b5b1390819990cc64c47e2d8569038b4950d0a9e7342e22e7178b090eeabef47

C:\Windows\System\DzerfVj.exe

MD5 06c3cfd237887e39ca0c35aa981c788c
SHA1 9dd65eebdc85b03af2ebc728d74c71aaa0e439b0
SHA256 f5a394b531d2835362164d3ea7b237a6d10f9c6d4ec317d334a2ff08a09e4e6b
SHA512 5fcbbcba0ced7aad3a41d6a4e9577fb025a0194d3accd7dbf4642dc2e4c9bd8dce8444db6269252ce45139fd7d68eb2ccd0ac06c70b0b4594a48dbb920a589f7

C:\Windows\System\ASRudWC.exe

MD5 1cbee37db52d74a61d08ece6733a8b79
SHA1 43d17df91a8e4d9cd7646eeaaeed1018ba5746cf
SHA256 d2187d1e869ab2b61818e1da51c08ca44fa87938416235cc25c8fcca988fcff9
SHA512 f9461f8ed86e1d0ce0832d5a0b07ae13d7937c5c7730667bb6c8ac3724511ad17d6879a2e941f3fcc8c618b4add84c2b0a6d5883ba92d7303b4f0a249d93b044

C:\Windows\System\ArwnmaJ.exe

MD5 e5c8862f6b3d8974e050482d89989d8a
SHA1 6d9ec0359a6af00b549760d2ac42cd8f826188f1
SHA256 47583ebdd8485137f7376dd27d088a5996bca9249c1edf1dc13a6778f57d825b
SHA512 2bcf29da51105112b4f83b59e90e3eb4ae82f5424e0b6bfc8b60396dd9b20df526db5176c1d181c4e25fa82700232b129a0982506fe1305ae0164375c87cbaea

C:\Windows\System\YzaOKtj.exe

MD5 a50bd5f026b327430eb1a92a1b258222
SHA1 8eb32f31ed5d607b4cc500b72b250366a95a5154
SHA256 0236f412d90bd3d4d03cecef3cc45904f06514856c592646e918a1e16df73e49
SHA512 034c76b952cd92ae8ee459b7c0c0702608260862c5606bc476f3a88d3da371a537d7f9d95cc87e6e2eefa37dff74ed8ee2b2ef61a3d37ab0a4e519e2ed51675f

memory/3464-597-0x00007FF61FE60000-0x00007FF6201B4000-memory.dmp

memory/5072-596-0x00007FF7B7130000-0x00007FF7B7484000-memory.dmp

memory/2832-598-0x00007FF712530000-0x00007FF712884000-memory.dmp

memory/2108-599-0x00007FF602B40000-0x00007FF602E94000-memory.dmp

memory/1788-600-0x00007FF632570000-0x00007FF6328C4000-memory.dmp

memory/1012-601-0x00007FF6879E0000-0x00007FF687D34000-memory.dmp

memory/2248-630-0x00007FF6AEE60000-0x00007FF6AF1B4000-memory.dmp

memory/2080-649-0x00007FF7255A0000-0x00007FF7258F4000-memory.dmp

memory/2932-677-0x00007FF757AE0000-0x00007FF757E34000-memory.dmp

memory/4928-684-0x00007FF7082C0000-0x00007FF708614000-memory.dmp

memory/2368-691-0x00007FF640A30000-0x00007FF640D84000-memory.dmp

memory/3408-699-0x00007FF6CB3D0000-0x00007FF6CB724000-memory.dmp

memory/556-696-0x00007FF7547A0000-0x00007FF754AF4000-memory.dmp

memory/4700-687-0x00007FF67F880000-0x00007FF67FBD4000-memory.dmp

memory/3676-672-0x00007FF69EB80000-0x00007FF69EED4000-memory.dmp

memory/3828-665-0x00007FF6B0580000-0x00007FF6B08D4000-memory.dmp

memory/8-660-0x00007FF697FD0000-0x00007FF698324000-memory.dmp

memory/3848-655-0x00007FF622590000-0x00007FF6228E4000-memory.dmp

memory/2756-644-0x00007FF71C530000-0x00007FF71C884000-memory.dmp

memory/4876-635-0x00007FF7A5AB0000-0x00007FF7A5E04000-memory.dmp

memory/2744-627-0x00007FF669250000-0x00007FF6695A4000-memory.dmp

memory/4476-620-0x00007FF6D86A0000-0x00007FF6D89F4000-memory.dmp

memory/1436-618-0x00007FF7D6CC0000-0x00007FF7D7014000-memory.dmp

memory/2216-612-0x00007FF641760000-0x00007FF641AB4000-memory.dmp

memory/3640-603-0x00007FF68D230000-0x00007FF68D584000-memory.dmp

memory/2708-602-0x00007FF6F54E0000-0x00007FF6F5834000-memory.dmp

C:\Windows\System\MOqGqWF.exe

MD5 0446c068ae331e0bad266049816536b6
SHA1 b11c1f99c2f3ca9aca29d18a8fe16f4755b16e3d
SHA256 fbaa955bc82e67dd6972c30e7f4e04eea44a1101fa4236b4822a086ee8741889
SHA512 6d0cd555b496a7d96b87aca27619b287498b200f95ea10c030f40b1e32dcbb5f842d97b41a7b68f15341a53e08d3b5c227b0155d711b2726559282f95c816005

C:\Windows\System\xEPbsjW.exe

MD5 e8471e0f8bf08cf41208cc7e44c07402
SHA1 4e8916f5243967c61c0b697436fa0d0338136a48
SHA256 be8b597ff4632f43b376c4a1b4c9f094c0a9121247962d69bdc5016d55b5667a
SHA512 8f2185b190d23e5ce6a36d3e29d27c87bdabab7d750b06111086ad5edb80427a087c46196086b70733c454ec75e0c52c8e714b694d02d5b172f99990e9ad1203

C:\Windows\System\LrotvPR.exe

MD5 d535a5c1f5ee2dc0882484e3dbd1a195
SHA1 1146f35a26bfa2afdf532e2f201896222d4acd15
SHA256 d997bdff990958c442f2a7603e22462a3295a4a60123f752755485c09e008de1
SHA512 afaea991c6d1bb333dd43245f21d733a59860995f76b6a37ee92fb6a9981d48d1af6a6f66470c175df354e3cc2f808860f9215ddc9ec346130392582fc35bc5f

C:\Windows\System\ZVkOuNO.exe

MD5 ca5de7d143f3b77d8738858a6e90ad8e
SHA1 e95373665e713a5d5cf4ddf8d645dd7d5a6dc6d8
SHA256 05a61b2299080a797ff41a5f8516769e10b271ad58f9f6a2875b511b4daf0b22
SHA512 b089f1630b01f0bfdf0c549a6196f346fb957e5e04997e32d6e4c576990f46f29dc7cac227f242812810b7de0b5003fbd7a8247b8cc74f2e36cf11743e2db24d

C:\Windows\System\xesCLlz.exe

MD5 49a0c75f10352f69f4740a7de05d3b65
SHA1 a7af77e9db042ac3b8594137858f072752e8a317
SHA256 7e8a35b15d44c0dab216f5fef1238471c067599fb70d00a2b11bfc59e4553772
SHA512 104759566f93528914bc763a19a7dfd7df8696b70ad81e7f9b29c18bf2c18e2767b0208e09da09bfda2287cc90dd6772b53ae96f1059ca1349394c60b4f4d92f

C:\Windows\System\EjhjAnF.exe

MD5 2fe2c83450ca772e60c91c1982dc83ea
SHA1 e0abfb64ccc459a16105190fcf762ac9ba7ee01e
SHA256 d8ca7f9bc41b0d01c2ed055b0f41d15364ba68bf6e483899d3d0c6eba191360d
SHA512 dcd3212f1f46ae429267e0a40af60e06ead89c04f7894950701c68ff41494e6f148dbd0050cf9557f7030cb9335b50b37045e309cf8d17b2a6d3efae6e613249

C:\Windows\System\IOmrINg.exe

MD5 7c5d37fd9a519108dc08172414f6c422
SHA1 fe9480847a2cc526773412c65882cb44647f5736
SHA256 a00c0e86b0aeb00e81b202bf5d530ed015c37d3f6250682928e29a3c56107ca5
SHA512 df4bb4f40c9e2819b93e8b45ccf452fe349d01e36c8f8d077c7bac9e685d809d97c59778914d27198d5355dfb285f53af0b5ec88a80b774b26db0b9758dc32db

C:\Windows\System\TvYbotZ.exe

MD5 01809e20549ccfdf7e68e4e660eb5d0f
SHA1 2f7305b97bed4a2f612f5cc5898f55be26b31314
SHA256 4b4056400112ba4fe9203bca84bd998d366dc399814e27614d89076ef01e2a93
SHA512 18a810118b97221026e8fa25620c800b78814911bc6195ca4efc54950b42d33ba7346991143733e5f333aaeb1cc33de0e43953a06fca9758ce20718ad021006f

C:\Windows\System\XCBdUSe.exe

MD5 ebc13310580d2416e9f9a7b11692144a
SHA1 8b376b1c92f511294e3ca6d938d0b5abe0638849
SHA256 8781cb023b9a745c4b45079e225ff70b95b4b3fe6a6d23f03ce0c28d9ef42586
SHA512 fac2793a882a01854418f3cdda9a7cb81b0ef8543724f1f8a7aebbae190bb0dbc17d29ccc305c6974460dd18632798f3875462a11e86c95d9dd4c97d957e2032

C:\Windows\System\QgMNvHl.exe

MD5 25322afe4ee7209607d8f3048fe1afa7
SHA1 6f5acf4e6fab48584692db92ba855f332ce9d442
SHA256 1327805c07485c145d9430cc25653365245b90de60dd3f5c6651ab1249cbc7fb
SHA512 de78e3943eb6a0a6a8071c2401e21d056a41a8f78c1dcd5856a5177af9f21c09bc40ff9ab4e4a64c02f0ed0e50300ed9f91a473977543eb2f187130b51fe8380

C:\Windows\System\nEKeAGQ.exe

MD5 30121d8d06a4ad738d74df54514d9cb3
SHA1 2a30e2f854b00da269d68b285649e9b91a65f946
SHA256 30a9995612e6dbe3432a1cd156dce4f0d86efa1a9b84c3b203e53d43b0982910
SHA512 99c383548b8747a816cb6ed6ece0b78fb18a764d3507745f74245e45f112fd2faf0527a5310ea81d600d2988c063364ce7d728f6fe41b2cb1cb8b5f84179daf1

C:\Windows\System\RjDopbj.exe

MD5 7cbe3bbfca737d197409b37b815813c3
SHA1 c1e522f0dffacf41b7d371200414c7b7b1cbb13e
SHA256 bc1de36f16302ab8db517ffb46e2156d7d9b0e71d24d3f0270409a0551ccbb1c
SHA512 becc93d3d06a80b35c217f0cd0acc4dfef4732672d3e557ea7e27d9e64d465d72e9342b870a9623148f2dc8127ab2a40f961897c18571fa3b16e694b4e3a25c9

C:\Windows\System\OHzyoBd.exe

MD5 d0f184e24bd7fdcd5fe864aac2a15983
SHA1 edfa9a27d2c0e70f98925ec24f486247a15a77a1
SHA256 6be77030dd3c84f70b6c48827bd49c3f6ab81332140cbf7882f6af78cda1a297
SHA512 67d4eefdf7aca386bd32692268d0fe46410d562347cde56dd9a56afada4c6d7d52cc3b69a8376da50505dd170e7b9a59c15d372ccee6e809ea57897be6171b70

C:\Windows\System\NnGexTv.exe

MD5 bfc8d6d677622e9116cec1dcf3687323
SHA1 245341f3e6c53ffdf27b06dde65939462e0816af
SHA256 054b6dbb2106e8c8b27d513ae2f908d1f43ab13f3bdc01792f3445fdb356a983
SHA512 06cd93a015a041300f2341e98fe6ed899d14014abcb824734e0ac09eb6370953a66eda07afb9024f7658f2386b48ebf7f0ee34f46c7d86ff68fbf0e98cf89a5d

C:\Windows\System\XEbHTmT.exe

MD5 fc32f3729da226c0b9e84a2a0fd6c40f
SHA1 8c170dd64d7ec8ff50ea8f861aff88e8200348a5
SHA256 fd1d827eed470ca1900cdaa8c1ec6091418a1660c8c943227da1149562706632
SHA512 fa4849bfe1c3541dac62a5a6383273cf65ba252478ebd6a3e12c7be93f056787f12425543e93d9ccc114d2cb1bbbf1d969b20156b817df9c734e79523facb735

C:\Windows\System\KVjkgzc.exe

MD5 66844d6c6726f0783f30ab2528cb16c8
SHA1 100bcc34ff6b8cd57687e4f0438d27409a8fb78f
SHA256 41e2f72550885b98e3eedf49d7c107d7dfd740d7b1e17d13cf4d7e0abf25d64d
SHA512 9d859e4bdaaa7a199a3f1773c452daaf678041827f45a661bfbc832fc41b095641dd928f9d4818a426cc4d22c518d6f4162f32af769123d6a28927c98606f7db

C:\Windows\System\JvdwNPa.exe

MD5 877ed7299ffdac847f635acfbb078d3d
SHA1 7872c17a272c6b53440d65b6be7007fd460133ea
SHA256 926ca3addf0a79a54eb20d5db1a1a8e8be73bc6d0b3b6d0371d8fc97cb39ff23
SHA512 ec0bcb39346313f856c262227f4d7ffd7ff52dacfe7cac6562eca405c00057624cf4a2d30dbadcf53e5c7c7f8e3a1e7187e963563185f2fb3d3492634433084d

C:\Windows\System\UHCvWNK.exe

MD5 4435d95888a5ea5aadd3d1c3d795f5fa
SHA1 c4ea6d8ce8d1bd9a85af9165698de935c7ec0522
SHA256 fb14da2f7a4b8ab0271a8b65368ceebc51617be369b26968c7c0159f749af98b
SHA512 b61be10d783c1c175a0b3604009538b70cb660b3b1f008ad99f401c06ffa9e655c6b5e350faeb220a3b98701df7a74c428472fd592e9073c133afc7724d9ac5d

C:\Windows\System\QEwnUsb.exe

MD5 9bf19da29f6432f5596e28154845bd5a
SHA1 ebea4b046264fd66611349605667160a6962503a
SHA256 ba251abc1582a792915954efe844740a3ba867d6dfef71b65585c2556219cbcb
SHA512 432d4531c9e2a1bbfcb3d58f98b0c937ce3b3393d1d394034d42b6b38d89fc227462379512a861e620819ec57c96b364f77637adced896510b12197e3485f843

C:\Windows\System\GIeWRTA.exe

MD5 8d65d1ffa1f6bd4f2ef5b0681759bd2c
SHA1 b785d92fe76fd88e71d1f8feb6a1361b0a7fb869
SHA256 8ed4fcf2a2bd34f7bdcbcbdd0a0780a7c5824b941b3ce65247cd08c92005acda
SHA512 0188e9aff7046b6d4aa23764fc2b7cd4b140cc8d0fa271bec52d20d2d8259f598cec6c0c64a88b5d9e45b2ffb72cc1bd6e700b7c5c4e53eb66a12a4448ff0de5

C:\Windows\System\KUYyOyg.exe

MD5 f3b8741a259113e1453f42158e93f5e3
SHA1 54736da346a975ad4027310e0a3387b9c445464d
SHA256 6535669ae9fff5b509385157e197cd1e3b65025d3275c66e553ed8112c45157d
SHA512 129f96681be6c8841e39e53ad15c00aa97f582eb46bebf54728e2ec06ca55233fbe93bc7c100732fb759f472216a5d06cdd824992ed82ff35989b3f43bfa117f

memory/2712-15-0x00007FF7F3F40000-0x00007FF7F4294000-memory.dmp

C:\Windows\System\QowkzLn.exe

MD5 99f14f17e1eb7dd0b021bfc059ec5981
SHA1 816988b6e2155b7fa76fe8a4b2caae03712172b8
SHA256 55cc8ec4e2dceac5ede40a0c879cece229e85972c5d61e9e3b762803c7aec89b
SHA512 f6725230e76d3f0e759a2031a9a2e0db0092cdfe9b5f0b7b243013782a70a5f6bc1686763ae52e36b8fbb0dfd9cbf54f91e92cda006f0b28f2dfc8c5e528b7ba

memory/2800-8-0x00007FF6D3C60000-0x00007FF6D3FB4000-memory.dmp

memory/1900-1069-0x00007FF6F3510000-0x00007FF6F3864000-memory.dmp

memory/2800-1070-0x00007FF6D3C60000-0x00007FF6D3FB4000-memory.dmp

memory/2712-1071-0x00007FF7F3F40000-0x00007FF7F4294000-memory.dmp

memory/3272-1072-0x00007FF79D6D0000-0x00007FF79DA24000-memory.dmp

memory/2800-1073-0x00007FF6D3C60000-0x00007FF6D3FB4000-memory.dmp

memory/2712-1074-0x00007FF7F3F40000-0x00007FF7F4294000-memory.dmp

memory/3272-1075-0x00007FF79D6D0000-0x00007FF79DA24000-memory.dmp

memory/3464-1076-0x00007FF61FE60000-0x00007FF6201B4000-memory.dmp

memory/5072-1077-0x00007FF7B7130000-0x00007FF7B7484000-memory.dmp

memory/2108-1080-0x00007FF602B40000-0x00007FF602E94000-memory.dmp

memory/2708-1081-0x00007FF6F54E0000-0x00007FF6F5834000-memory.dmp

memory/3640-1083-0x00007FF68D230000-0x00007FF68D584000-memory.dmp

memory/1788-1082-0x00007FF632570000-0x00007FF6328C4000-memory.dmp

memory/1012-1079-0x00007FF6879E0000-0x00007FF687D34000-memory.dmp

memory/2832-1078-0x00007FF712530000-0x00007FF712884000-memory.dmp

memory/4476-1085-0x00007FF6D86A0000-0x00007FF6D89F4000-memory.dmp

memory/1436-1087-0x00007FF7D6CC0000-0x00007FF7D7014000-memory.dmp

memory/2248-1086-0x00007FF6AEE60000-0x00007FF6AF1B4000-memory.dmp

memory/2216-1089-0x00007FF641760000-0x00007FF641AB4000-memory.dmp

memory/4876-1088-0x00007FF7A5AB0000-0x00007FF7A5E04000-memory.dmp

memory/2744-1084-0x00007FF669250000-0x00007FF6695A4000-memory.dmp

memory/2756-1094-0x00007FF71C530000-0x00007FF71C884000-memory.dmp

memory/2932-1092-0x00007FF757AE0000-0x00007FF757E34000-memory.dmp

memory/2080-1096-0x00007FF7255A0000-0x00007FF7258F4000-memory.dmp

memory/4700-1097-0x00007FF67F880000-0x00007FF67FBD4000-memory.dmp

memory/4928-1098-0x00007FF7082C0000-0x00007FF708614000-memory.dmp

memory/556-1099-0x00007FF7547A0000-0x00007FF754AF4000-memory.dmp

memory/3848-1095-0x00007FF622590000-0x00007FF6228E4000-memory.dmp

memory/3828-1091-0x00007FF6B0580000-0x00007FF6B08D4000-memory.dmp

memory/3676-1090-0x00007FF69EB80000-0x00007FF69EED4000-memory.dmp

memory/8-1093-0x00007FF697FD0000-0x00007FF698324000-memory.dmp

memory/3408-1101-0x00007FF6CB3D0000-0x00007FF6CB724000-memory.dmp

memory/2368-1100-0x00007FF640A30000-0x00007FF640D84000-memory.dmp