Malware Analysis Report

2024-10-10 09:31

Sample ID 240626-1kmw8svhnb
Target 1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe
SHA256 1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b

Threat Level: Known bad

The file 1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

xmrig

Xmrig family

XMRig Miner payload

Kpot family

KPOT

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-26 21:42

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 21:42

Reported

2024-06-26 21:45

Platform

win7-20240508-en

Max time kernel

139s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\hQUdZki.exe N/A
N/A N/A C:\Windows\System\OxNDlUS.exe N/A
N/A N/A C:\Windows\System\NQGbZqG.exe N/A
N/A N/A C:\Windows\System\salFAMB.exe N/A
N/A N/A C:\Windows\System\EOaUECR.exe N/A
N/A N/A C:\Windows\System\tnPBEkh.exe N/A
N/A N/A C:\Windows\System\XOvKZiO.exe N/A
N/A N/A C:\Windows\System\csPfheU.exe N/A
N/A N/A C:\Windows\System\URiMJKA.exe N/A
N/A N/A C:\Windows\System\ZVRStXE.exe N/A
N/A N/A C:\Windows\System\zRbajMa.exe N/A
N/A N/A C:\Windows\System\YBEMcHc.exe N/A
N/A N/A C:\Windows\System\oRqcpkC.exe N/A
N/A N/A C:\Windows\System\wLFQdhA.exe N/A
N/A N/A C:\Windows\System\ZQsLTPG.exe N/A
N/A N/A C:\Windows\System\iAPKirT.exe N/A
N/A N/A C:\Windows\System\OXkLwbo.exe N/A
N/A N/A C:\Windows\System\OkydkMb.exe N/A
N/A N/A C:\Windows\System\iTBqKWG.exe N/A
N/A N/A C:\Windows\System\SSmvnUE.exe N/A
N/A N/A C:\Windows\System\rmRYCJj.exe N/A
N/A N/A C:\Windows\System\WpYHyXi.exe N/A
N/A N/A C:\Windows\System\qICnesg.exe N/A
N/A N/A C:\Windows\System\QGwcCJZ.exe N/A
N/A N/A C:\Windows\System\zLbgscQ.exe N/A
N/A N/A C:\Windows\System\PZqnEJc.exe N/A
N/A N/A C:\Windows\System\uhahVuP.exe N/A
N/A N/A C:\Windows\System\gNDUdOl.exe N/A
N/A N/A C:\Windows\System\ewZDXAT.exe N/A
N/A N/A C:\Windows\System\rHBBhMX.exe N/A
N/A N/A C:\Windows\System\zlHjPiN.exe N/A
N/A N/A C:\Windows\System\oZdLqze.exe N/A
N/A N/A C:\Windows\System\zCtZXOb.exe N/A
N/A N/A C:\Windows\System\jdpQeyS.exe N/A
N/A N/A C:\Windows\System\BWNiXic.exe N/A
N/A N/A C:\Windows\System\YvOKDEI.exe N/A
N/A N/A C:\Windows\System\mlJtbDj.exe N/A
N/A N/A C:\Windows\System\RcplJYU.exe N/A
N/A N/A C:\Windows\System\LQRFuCu.exe N/A
N/A N/A C:\Windows\System\LYxhLBz.exe N/A
N/A N/A C:\Windows\System\aJQfBxL.exe N/A
N/A N/A C:\Windows\System\MxRxiBi.exe N/A
N/A N/A C:\Windows\System\CofzWdg.exe N/A
N/A N/A C:\Windows\System\UyGJDBR.exe N/A
N/A N/A C:\Windows\System\sbldoHg.exe N/A
N/A N/A C:\Windows\System\yyHfMzY.exe N/A
N/A N/A C:\Windows\System\wBETsWP.exe N/A
N/A N/A C:\Windows\System\ReEcgnw.exe N/A
N/A N/A C:\Windows\System\CSXsOZn.exe N/A
N/A N/A C:\Windows\System\UEeDOBc.exe N/A
N/A N/A C:\Windows\System\ZiFMJgL.exe N/A
N/A N/A C:\Windows\System\pFHjkUd.exe N/A
N/A N/A C:\Windows\System\nAoNeCL.exe N/A
N/A N/A C:\Windows\System\iQygotd.exe N/A
N/A N/A C:\Windows\System\fBsfWxW.exe N/A
N/A N/A C:\Windows\System\ISbodlW.exe N/A
N/A N/A C:\Windows\System\lxfqMvG.exe N/A
N/A N/A C:\Windows\System\JMkkvtx.exe N/A
N/A N/A C:\Windows\System\SZabeYm.exe N/A
N/A N/A C:\Windows\System\TatEgmb.exe N/A
N/A N/A C:\Windows\System\orVQcXm.exe N/A
N/A N/A C:\Windows\System\KMBBrBE.exe N/A
N/A N/A C:\Windows\System\GYtcOfL.exe N/A
N/A N/A C:\Windows\System\EjabvGB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YvOKDEI.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsCvUzy.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rbeazMZ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIwyDBW.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\jJsasRD.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xDuuisY.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssReutg.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JIUAuma.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qALWiZN.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPGPpUZ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZANXjRo.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\WiLOGOR.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLFQdhA.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmRYCJj.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewZDXAT.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssBBKCK.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VurrmDL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUReyyr.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEhMsBE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AATPJin.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOQJVIH.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\NydMKKI.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AcbysHL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJaRDOI.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXkLwbo.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQRFuCu.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BAbwnLK.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UadSjtZ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJEjMrE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpeLWHI.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qICnesg.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFHjkUd.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDiZSCb.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmIQnhr.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyLZPOb.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLdMoGv.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\scIoxZY.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwZdtAt.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzTjTpt.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\QiaDprC.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXwrbLR.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOaUECR.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXOmRbd.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALTZYCP.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\EaYoAxT.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\zaWSqKE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CSOAxVp.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dPpZutz.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\elKAcZL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXuuDxd.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AadRmsN.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uhahVuP.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcplJYU.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\AoZbnYt.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\usmTSeW.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\STpcuRx.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CofzWdg.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\odhInFj.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDQhMeJ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjcOdkB.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\msOrkHS.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaMRZXb.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoaBKfv.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\liCOVVe.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\hQUdZki.exe
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\hQUdZki.exe
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\hQUdZki.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OxNDlUS.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OxNDlUS.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OxNDlUS.exe
PID 2132 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\NQGbZqG.exe
PID 2132 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\NQGbZqG.exe
PID 2132 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\NQGbZqG.exe
PID 2132 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\salFAMB.exe
PID 2132 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\salFAMB.exe
PID 2132 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\salFAMB.exe
PID 2132 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\EOaUECR.exe
PID 2132 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\EOaUECR.exe
PID 2132 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\EOaUECR.exe
PID 2132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\XOvKZiO.exe
PID 2132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\XOvKZiO.exe
PID 2132 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\XOvKZiO.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\tnPBEkh.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\tnPBEkh.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\tnPBEkh.exe
PID 2132 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\csPfheU.exe
PID 2132 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\csPfheU.exe
PID 2132 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\csPfheU.exe
PID 2132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\URiMJKA.exe
PID 2132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\URiMJKA.exe
PID 2132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\URiMJKA.exe
PID 2132 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZVRStXE.exe
PID 2132 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZVRStXE.exe
PID 2132 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZVRStXE.exe
PID 2132 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\zRbajMa.exe
PID 2132 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\zRbajMa.exe
PID 2132 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\zRbajMa.exe
PID 2132 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\YBEMcHc.exe
PID 2132 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\YBEMcHc.exe
PID 2132 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\YBEMcHc.exe
PID 2132 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\oRqcpkC.exe
PID 2132 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\oRqcpkC.exe
PID 2132 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\oRqcpkC.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iAPKirT.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iAPKirT.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iAPKirT.exe
PID 2132 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\wLFQdhA.exe
PID 2132 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\wLFQdhA.exe
PID 2132 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\wLFQdhA.exe
PID 2132 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OXkLwbo.exe
PID 2132 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OXkLwbo.exe
PID 2132 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OXkLwbo.exe
PID 2132 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZQsLTPG.exe
PID 2132 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZQsLTPG.exe
PID 2132 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZQsLTPG.exe
PID 2132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OkydkMb.exe
PID 2132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OkydkMb.exe
PID 2132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OkydkMb.exe
PID 2132 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iTBqKWG.exe
PID 2132 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iTBqKWG.exe
PID 2132 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iTBqKWG.exe
PID 2132 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\SSmvnUE.exe
PID 2132 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\SSmvnUE.exe
PID 2132 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\SSmvnUE.exe
PID 2132 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\rmRYCJj.exe
PID 2132 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\rmRYCJj.exe
PID 2132 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\rmRYCJj.exe
PID 2132 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\WpYHyXi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe"

C:\Windows\System\hQUdZki.exe

C:\Windows\System\hQUdZki.exe

C:\Windows\System\OxNDlUS.exe

C:\Windows\System\OxNDlUS.exe

C:\Windows\System\NQGbZqG.exe

C:\Windows\System\NQGbZqG.exe

C:\Windows\System\salFAMB.exe

C:\Windows\System\salFAMB.exe

C:\Windows\System\EOaUECR.exe

C:\Windows\System\EOaUECR.exe

C:\Windows\System\XOvKZiO.exe

C:\Windows\System\XOvKZiO.exe

C:\Windows\System\tnPBEkh.exe

C:\Windows\System\tnPBEkh.exe

C:\Windows\System\csPfheU.exe

C:\Windows\System\csPfheU.exe

C:\Windows\System\URiMJKA.exe

C:\Windows\System\URiMJKA.exe

C:\Windows\System\ZVRStXE.exe

C:\Windows\System\ZVRStXE.exe

C:\Windows\System\zRbajMa.exe

C:\Windows\System\zRbajMa.exe

C:\Windows\System\YBEMcHc.exe

C:\Windows\System\YBEMcHc.exe

C:\Windows\System\oRqcpkC.exe

C:\Windows\System\oRqcpkC.exe

C:\Windows\System\iAPKirT.exe

C:\Windows\System\iAPKirT.exe

C:\Windows\System\wLFQdhA.exe

C:\Windows\System\wLFQdhA.exe

C:\Windows\System\OXkLwbo.exe

C:\Windows\System\OXkLwbo.exe

C:\Windows\System\ZQsLTPG.exe

C:\Windows\System\ZQsLTPG.exe

C:\Windows\System\OkydkMb.exe

C:\Windows\System\OkydkMb.exe

C:\Windows\System\iTBqKWG.exe

C:\Windows\System\iTBqKWG.exe

C:\Windows\System\SSmvnUE.exe

C:\Windows\System\SSmvnUE.exe

C:\Windows\System\rmRYCJj.exe

C:\Windows\System\rmRYCJj.exe

C:\Windows\System\WpYHyXi.exe

C:\Windows\System\WpYHyXi.exe

C:\Windows\System\qICnesg.exe

C:\Windows\System\qICnesg.exe

C:\Windows\System\QGwcCJZ.exe

C:\Windows\System\QGwcCJZ.exe

C:\Windows\System\zLbgscQ.exe

C:\Windows\System\zLbgscQ.exe

C:\Windows\System\ewZDXAT.exe

C:\Windows\System\ewZDXAT.exe

C:\Windows\System\PZqnEJc.exe

C:\Windows\System\PZqnEJc.exe

C:\Windows\System\rHBBhMX.exe

C:\Windows\System\rHBBhMX.exe

C:\Windows\System\uhahVuP.exe

C:\Windows\System\uhahVuP.exe

C:\Windows\System\oZdLqze.exe

C:\Windows\System\oZdLqze.exe

C:\Windows\System\gNDUdOl.exe

C:\Windows\System\gNDUdOl.exe

C:\Windows\System\zCtZXOb.exe

C:\Windows\System\zCtZXOb.exe

C:\Windows\System\zlHjPiN.exe

C:\Windows\System\zlHjPiN.exe

C:\Windows\System\jdpQeyS.exe

C:\Windows\System\jdpQeyS.exe

C:\Windows\System\BWNiXic.exe

C:\Windows\System\BWNiXic.exe

C:\Windows\System\YvOKDEI.exe

C:\Windows\System\YvOKDEI.exe

C:\Windows\System\mlJtbDj.exe

C:\Windows\System\mlJtbDj.exe

C:\Windows\System\RcplJYU.exe

C:\Windows\System\RcplJYU.exe

C:\Windows\System\LQRFuCu.exe

C:\Windows\System\LQRFuCu.exe

C:\Windows\System\LYxhLBz.exe

C:\Windows\System\LYxhLBz.exe

C:\Windows\System\aJQfBxL.exe

C:\Windows\System\aJQfBxL.exe

C:\Windows\System\MxRxiBi.exe

C:\Windows\System\MxRxiBi.exe

C:\Windows\System\CofzWdg.exe

C:\Windows\System\CofzWdg.exe

C:\Windows\System\UyGJDBR.exe

C:\Windows\System\UyGJDBR.exe

C:\Windows\System\sbldoHg.exe

C:\Windows\System\sbldoHg.exe

C:\Windows\System\yyHfMzY.exe

C:\Windows\System\yyHfMzY.exe

C:\Windows\System\wBETsWP.exe

C:\Windows\System\wBETsWP.exe

C:\Windows\System\ReEcgnw.exe

C:\Windows\System\ReEcgnw.exe

C:\Windows\System\CSXsOZn.exe

C:\Windows\System\CSXsOZn.exe

C:\Windows\System\UEeDOBc.exe

C:\Windows\System\UEeDOBc.exe

C:\Windows\System\ZiFMJgL.exe

C:\Windows\System\ZiFMJgL.exe

C:\Windows\System\pFHjkUd.exe

C:\Windows\System\pFHjkUd.exe

C:\Windows\System\nAoNeCL.exe

C:\Windows\System\nAoNeCL.exe

C:\Windows\System\iQygotd.exe

C:\Windows\System\iQygotd.exe

C:\Windows\System\fBsfWxW.exe

C:\Windows\System\fBsfWxW.exe

C:\Windows\System\ISbodlW.exe

C:\Windows\System\ISbodlW.exe

C:\Windows\System\lxfqMvG.exe

C:\Windows\System\lxfqMvG.exe

C:\Windows\System\JMkkvtx.exe

C:\Windows\System\JMkkvtx.exe

C:\Windows\System\SZabeYm.exe

C:\Windows\System\SZabeYm.exe

C:\Windows\System\TatEgmb.exe

C:\Windows\System\TatEgmb.exe

C:\Windows\System\orVQcXm.exe

C:\Windows\System\orVQcXm.exe

C:\Windows\System\KMBBrBE.exe

C:\Windows\System\KMBBrBE.exe

C:\Windows\System\GYtcOfL.exe

C:\Windows\System\GYtcOfL.exe

C:\Windows\System\EjabvGB.exe

C:\Windows\System\EjabvGB.exe

C:\Windows\System\uWjrYRj.exe

C:\Windows\System\uWjrYRj.exe

C:\Windows\System\spfKqCO.exe

C:\Windows\System\spfKqCO.exe

C:\Windows\System\tpSLDja.exe

C:\Windows\System\tpSLDja.exe

C:\Windows\System\WvivCoe.exe

C:\Windows\System\WvivCoe.exe

C:\Windows\System\LZcIEJV.exe

C:\Windows\System\LZcIEJV.exe

C:\Windows\System\cyWlheY.exe

C:\Windows\System\cyWlheY.exe

C:\Windows\System\roOxXwU.exe

C:\Windows\System\roOxXwU.exe

C:\Windows\System\MLnnaGU.exe

C:\Windows\System\MLnnaGU.exe

C:\Windows\System\BSPYKNN.exe

C:\Windows\System\BSPYKNN.exe

C:\Windows\System\BzTjTpt.exe

C:\Windows\System\BzTjTpt.exe

C:\Windows\System\ssBBKCK.exe

C:\Windows\System\ssBBKCK.exe

C:\Windows\System\kqGxAOP.exe

C:\Windows\System\kqGxAOP.exe

C:\Windows\System\QiaDprC.exe

C:\Windows\System\QiaDprC.exe

C:\Windows\System\MWgDLEU.exe

C:\Windows\System\MWgDLEU.exe

C:\Windows\System\bFIYUxZ.exe

C:\Windows\System\bFIYUxZ.exe

C:\Windows\System\hXQkwqe.exe

C:\Windows\System\hXQkwqe.exe

C:\Windows\System\FjPLzhb.exe

C:\Windows\System\FjPLzhb.exe

C:\Windows\System\wafeFlY.exe

C:\Windows\System\wafeFlY.exe

C:\Windows\System\NnSLVKK.exe

C:\Windows\System\NnSLVKK.exe

C:\Windows\System\cuepzbC.exe

C:\Windows\System\cuepzbC.exe

C:\Windows\System\TyleURQ.exe

C:\Windows\System\TyleURQ.exe

C:\Windows\System\hOMJkJc.exe

C:\Windows\System\hOMJkJc.exe

C:\Windows\System\fnqqLgD.exe

C:\Windows\System\fnqqLgD.exe

C:\Windows\System\YarWmbf.exe

C:\Windows\System\YarWmbf.exe

C:\Windows\System\bOdITVZ.exe

C:\Windows\System\bOdITVZ.exe

C:\Windows\System\fYHzFFi.exe

C:\Windows\System\fYHzFFi.exe

C:\Windows\System\mfVikhG.exe

C:\Windows\System\mfVikhG.exe

C:\Windows\System\SjlevqL.exe

C:\Windows\System\SjlevqL.exe

C:\Windows\System\wYlfYTk.exe

C:\Windows\System\wYlfYTk.exe

C:\Windows\System\VurrmDL.exe

C:\Windows\System\VurrmDL.exe

C:\Windows\System\xjfSmAc.exe

C:\Windows\System\xjfSmAc.exe

C:\Windows\System\GTnBtGq.exe

C:\Windows\System\GTnBtGq.exe

C:\Windows\System\LPpQecb.exe

C:\Windows\System\LPpQecb.exe

C:\Windows\System\FuTisPX.exe

C:\Windows\System\FuTisPX.exe

C:\Windows\System\sQJdCIJ.exe

C:\Windows\System\sQJdCIJ.exe

C:\Windows\System\gcSWAth.exe

C:\Windows\System\gcSWAth.exe

C:\Windows\System\XcFreKH.exe

C:\Windows\System\XcFreKH.exe

C:\Windows\System\AATPJin.exe

C:\Windows\System\AATPJin.exe

C:\Windows\System\WTeCniX.exe

C:\Windows\System\WTeCniX.exe

C:\Windows\System\ucUpUzc.exe

C:\Windows\System\ucUpUzc.exe

C:\Windows\System\LsCvUzy.exe

C:\Windows\System\LsCvUzy.exe

C:\Windows\System\miNHXUB.exe

C:\Windows\System\miNHXUB.exe

C:\Windows\System\VfwMPDj.exe

C:\Windows\System\VfwMPDj.exe

C:\Windows\System\EmWjIji.exe

C:\Windows\System\EmWjIji.exe

C:\Windows\System\MCdnwIw.exe

C:\Windows\System\MCdnwIw.exe

C:\Windows\System\QHZwzbX.exe

C:\Windows\System\QHZwzbX.exe

C:\Windows\System\uramTrb.exe

C:\Windows\System\uramTrb.exe

C:\Windows\System\GuOreHZ.exe

C:\Windows\System\GuOreHZ.exe

C:\Windows\System\YOlXBhX.exe

C:\Windows\System\YOlXBhX.exe

C:\Windows\System\GDEgncn.exe

C:\Windows\System\GDEgncn.exe

C:\Windows\System\SDKtVXr.exe

C:\Windows\System\SDKtVXr.exe

C:\Windows\System\elKAcZL.exe

C:\Windows\System\elKAcZL.exe

C:\Windows\System\YTCViyr.exe

C:\Windows\System\YTCViyr.exe

C:\Windows\System\DOQJVIH.exe

C:\Windows\System\DOQJVIH.exe

C:\Windows\System\JmuAJkD.exe

C:\Windows\System\JmuAJkD.exe

C:\Windows\System\ssReutg.exe

C:\Windows\System\ssReutg.exe

C:\Windows\System\lXOmRbd.exe

C:\Windows\System\lXOmRbd.exe

C:\Windows\System\EYkWxaX.exe

C:\Windows\System\EYkWxaX.exe

C:\Windows\System\iabEgZA.exe

C:\Windows\System\iabEgZA.exe

C:\Windows\System\nUCCnHx.exe

C:\Windows\System\nUCCnHx.exe

C:\Windows\System\hAwZUSc.exe

C:\Windows\System\hAwZUSc.exe

C:\Windows\System\onnGbwH.exe

C:\Windows\System\onnGbwH.exe

C:\Windows\System\WzMypib.exe

C:\Windows\System\WzMypib.exe

C:\Windows\System\IniEHzq.exe

C:\Windows\System\IniEHzq.exe

C:\Windows\System\NMwKnxB.exe

C:\Windows\System\NMwKnxB.exe

C:\Windows\System\JgqToRl.exe

C:\Windows\System\JgqToRl.exe

C:\Windows\System\LsCezDE.exe

C:\Windows\System\LsCezDE.exe

C:\Windows\System\ctVPbiO.exe

C:\Windows\System\ctVPbiO.exe

C:\Windows\System\SvXYxMA.exe

C:\Windows\System\SvXYxMA.exe

C:\Windows\System\xDvXJBP.exe

C:\Windows\System\xDvXJBP.exe

C:\Windows\System\mhkvyfA.exe

C:\Windows\System\mhkvyfA.exe

C:\Windows\System\HIumvKa.exe

C:\Windows\System\HIumvKa.exe

C:\Windows\System\KEKdmyi.exe

C:\Windows\System\KEKdmyi.exe

C:\Windows\System\ErFTXAk.exe

C:\Windows\System\ErFTXAk.exe

C:\Windows\System\kmoYuQc.exe

C:\Windows\System\kmoYuQc.exe

C:\Windows\System\BAbwnLK.exe

C:\Windows\System\BAbwnLK.exe

C:\Windows\System\oDiZSCb.exe

C:\Windows\System\oDiZSCb.exe

C:\Windows\System\XhOlgbZ.exe

C:\Windows\System\XhOlgbZ.exe

C:\Windows\System\rbeazMZ.exe

C:\Windows\System\rbeazMZ.exe

C:\Windows\System\bCEFcii.exe

C:\Windows\System\bCEFcii.exe

C:\Windows\System\umFBKvs.exe

C:\Windows\System\umFBKvs.exe

C:\Windows\System\eLRaSqY.exe

C:\Windows\System\eLRaSqY.exe

C:\Windows\System\yuWbefD.exe

C:\Windows\System\yuWbefD.exe

C:\Windows\System\nropLlb.exe

C:\Windows\System\nropLlb.exe

C:\Windows\System\RVSQcZn.exe

C:\Windows\System\RVSQcZn.exe

C:\Windows\System\xYGJgWO.exe

C:\Windows\System\xYGJgWO.exe

C:\Windows\System\dGlcnxK.exe

C:\Windows\System\dGlcnxK.exe

C:\Windows\System\odhInFj.exe

C:\Windows\System\odhInFj.exe

C:\Windows\System\ESaENVa.exe

C:\Windows\System\ESaENVa.exe

C:\Windows\System\cLpnpLP.exe

C:\Windows\System\cLpnpLP.exe

C:\Windows\System\ALTZYCP.exe

C:\Windows\System\ALTZYCP.exe

C:\Windows\System\CPwkHCe.exe

C:\Windows\System\CPwkHCe.exe

C:\Windows\System\EaYoAxT.exe

C:\Windows\System\EaYoAxT.exe

C:\Windows\System\IvHlAhU.exe

C:\Windows\System\IvHlAhU.exe

C:\Windows\System\YnlnxEc.exe

C:\Windows\System\YnlnxEc.exe

C:\Windows\System\xeSoPbz.exe

C:\Windows\System\xeSoPbz.exe

C:\Windows\System\UadSjtZ.exe

C:\Windows\System\UadSjtZ.exe

C:\Windows\System\ZXSbyAL.exe

C:\Windows\System\ZXSbyAL.exe

C:\Windows\System\WIwoeHI.exe

C:\Windows\System\WIwoeHI.exe

C:\Windows\System\WZgtJQq.exe

C:\Windows\System\WZgtJQq.exe

C:\Windows\System\YGldtSU.exe

C:\Windows\System\YGldtSU.exe

C:\Windows\System\QlrnUuV.exe

C:\Windows\System\QlrnUuV.exe

C:\Windows\System\OecJLwp.exe

C:\Windows\System\OecJLwp.exe

C:\Windows\System\hXYYzBH.exe

C:\Windows\System\hXYYzBH.exe

C:\Windows\System\dUaiCHx.exe

C:\Windows\System\dUaiCHx.exe

C:\Windows\System\iaMRZXb.exe

C:\Windows\System\iaMRZXb.exe

C:\Windows\System\TAtZeFY.exe

C:\Windows\System\TAtZeFY.exe

C:\Windows\System\CeAmAQQ.exe

C:\Windows\System\CeAmAQQ.exe

C:\Windows\System\bUReyyr.exe

C:\Windows\System\bUReyyr.exe

C:\Windows\System\JIUAuma.exe

C:\Windows\System\JIUAuma.exe

C:\Windows\System\oqLmBfU.exe

C:\Windows\System\oqLmBfU.exe

C:\Windows\System\yjByiPt.exe

C:\Windows\System\yjByiPt.exe

C:\Windows\System\UBazkLc.exe

C:\Windows\System\UBazkLc.exe

C:\Windows\System\vduoFvc.exe

C:\Windows\System\vduoFvc.exe

C:\Windows\System\zPXIaWW.exe

C:\Windows\System\zPXIaWW.exe

C:\Windows\System\zGjWokM.exe

C:\Windows\System\zGjWokM.exe

C:\Windows\System\otAlMnp.exe

C:\Windows\System\otAlMnp.exe

C:\Windows\System\uUJohuV.exe

C:\Windows\System\uUJohuV.exe

C:\Windows\System\kXuuDxd.exe

C:\Windows\System\kXuuDxd.exe

C:\Windows\System\zQjMXOV.exe

C:\Windows\System\zQjMXOV.exe

C:\Windows\System\mJEjMrE.exe

C:\Windows\System\mJEjMrE.exe

C:\Windows\System\bmIQnhr.exe

C:\Windows\System\bmIQnhr.exe

C:\Windows\System\GyLZPOb.exe

C:\Windows\System\GyLZPOb.exe

C:\Windows\System\MbGNdOq.exe

C:\Windows\System\MbGNdOq.exe

C:\Windows\System\xDjXVGt.exe

C:\Windows\System\xDjXVGt.exe

C:\Windows\System\UuQFrKO.exe

C:\Windows\System\UuQFrKO.exe

C:\Windows\System\zbFpQcL.exe

C:\Windows\System\zbFpQcL.exe

C:\Windows\System\ktaERkG.exe

C:\Windows\System\ktaERkG.exe

C:\Windows\System\dYHLgHj.exe

C:\Windows\System\dYHLgHj.exe

C:\Windows\System\pOopLBt.exe

C:\Windows\System\pOopLBt.exe

C:\Windows\System\pRZVDhM.exe

C:\Windows\System\pRZVDhM.exe

C:\Windows\System\EnfcjbX.exe

C:\Windows\System\EnfcjbX.exe

C:\Windows\System\AoZbnYt.exe

C:\Windows\System\AoZbnYt.exe

C:\Windows\System\IEXOQnu.exe

C:\Windows\System\IEXOQnu.exe

C:\Windows\System\iCPPvFH.exe

C:\Windows\System\iCPPvFH.exe

C:\Windows\System\JoaBKfv.exe

C:\Windows\System\JoaBKfv.exe

C:\Windows\System\ZajEeSP.exe

C:\Windows\System\ZajEeSP.exe

C:\Windows\System\mrfSLQV.exe

C:\Windows\System\mrfSLQV.exe

C:\Windows\System\wSmCvHs.exe

C:\Windows\System\wSmCvHs.exe

C:\Windows\System\vHOBcXe.exe

C:\Windows\System\vHOBcXe.exe

C:\Windows\System\OVuEgrL.exe

C:\Windows\System\OVuEgrL.exe

C:\Windows\System\oFXBIaW.exe

C:\Windows\System\oFXBIaW.exe

C:\Windows\System\liCOVVe.exe

C:\Windows\System\liCOVVe.exe

C:\Windows\System\NPQiyyl.exe

C:\Windows\System\NPQiyyl.exe

C:\Windows\System\UDQhMeJ.exe

C:\Windows\System\UDQhMeJ.exe

C:\Windows\System\bavTdse.exe

C:\Windows\System\bavTdse.exe

C:\Windows\System\CTrWvtL.exe

C:\Windows\System\CTrWvtL.exe

C:\Windows\System\HkMniel.exe

C:\Windows\System\HkMniel.exe

C:\Windows\System\Xjqdwyl.exe

C:\Windows\System\Xjqdwyl.exe

C:\Windows\System\uKmmzho.exe

C:\Windows\System\uKmmzho.exe

C:\Windows\System\dWznzmy.exe

C:\Windows\System\dWznzmy.exe

C:\Windows\System\OHQexsR.exe

C:\Windows\System\OHQexsR.exe

C:\Windows\System\ybUbPQL.exe

C:\Windows\System\ybUbPQL.exe

C:\Windows\System\ghPWuuz.exe

C:\Windows\System\ghPWuuz.exe

C:\Windows\System\pLCvyYy.exe

C:\Windows\System\pLCvyYy.exe

C:\Windows\System\AQEUPBS.exe

C:\Windows\System\AQEUPBS.exe

C:\Windows\System\TPDpurF.exe

C:\Windows\System\TPDpurF.exe

C:\Windows\System\cxRIuaV.exe

C:\Windows\System\cxRIuaV.exe

C:\Windows\System\XvJFYrY.exe

C:\Windows\System\XvJFYrY.exe

C:\Windows\System\uIwyDBW.exe

C:\Windows\System\uIwyDBW.exe

C:\Windows\System\jJsasRD.exe

C:\Windows\System\jJsasRD.exe

C:\Windows\System\NydMKKI.exe

C:\Windows\System\NydMKKI.exe

C:\Windows\System\DXwrbLR.exe

C:\Windows\System\DXwrbLR.exe

C:\Windows\System\UsNZlWW.exe

C:\Windows\System\UsNZlWW.exe

C:\Windows\System\zaWSqKE.exe

C:\Windows\System\zaWSqKE.exe

C:\Windows\System\BvyFzVQ.exe

C:\Windows\System\BvyFzVQ.exe

C:\Windows\System\nGhluFG.exe

C:\Windows\System\nGhluFG.exe

C:\Windows\System\qALWiZN.exe

C:\Windows\System\qALWiZN.exe

C:\Windows\System\kBZhvuM.exe

C:\Windows\System\kBZhvuM.exe

C:\Windows\System\KJsigbD.exe

C:\Windows\System\KJsigbD.exe

C:\Windows\System\oUVZGAb.exe

C:\Windows\System\oUVZGAb.exe

C:\Windows\System\BjQAEbd.exe

C:\Windows\System\BjQAEbd.exe

C:\Windows\System\ZEhMsBE.exe

C:\Windows\System\ZEhMsBE.exe

C:\Windows\System\SOqYTHO.exe

C:\Windows\System\SOqYTHO.exe

C:\Windows\System\ohWlqqR.exe

C:\Windows\System\ohWlqqR.exe

C:\Windows\System\NUjEmvW.exe

C:\Windows\System\NUjEmvW.exe

C:\Windows\System\AadRmsN.exe

C:\Windows\System\AadRmsN.exe

C:\Windows\System\cKrtIXz.exe

C:\Windows\System\cKrtIXz.exe

C:\Windows\System\HCgAoGX.exe

C:\Windows\System\HCgAoGX.exe

C:\Windows\System\usmTSeW.exe

C:\Windows\System\usmTSeW.exe

C:\Windows\System\naDgLQi.exe

C:\Windows\System\naDgLQi.exe

C:\Windows\System\hLdMoGv.exe

C:\Windows\System\hLdMoGv.exe

C:\Windows\System\MpUyIwa.exe

C:\Windows\System\MpUyIwa.exe

C:\Windows\System\xDuuisY.exe

C:\Windows\System\xDuuisY.exe

C:\Windows\System\tQkjDUP.exe

C:\Windows\System\tQkjDUP.exe

C:\Windows\System\IwwZfsC.exe

C:\Windows\System\IwwZfsC.exe

C:\Windows\System\clohrtJ.exe

C:\Windows\System\clohrtJ.exe

C:\Windows\System\qufKWUg.exe

C:\Windows\System\qufKWUg.exe

C:\Windows\System\HRrTbbT.exe

C:\Windows\System\HRrTbbT.exe

C:\Windows\System\oiINzGB.exe

C:\Windows\System\oiINzGB.exe

C:\Windows\System\VvxiGQj.exe

C:\Windows\System\VvxiGQj.exe

C:\Windows\System\jqrJDOI.exe

C:\Windows\System\jqrJDOI.exe

C:\Windows\System\yjcOdkB.exe

C:\Windows\System\yjcOdkB.exe

C:\Windows\System\YWPukJw.exe

C:\Windows\System\YWPukJw.exe

C:\Windows\System\CpaLMzH.exe

C:\Windows\System\CpaLMzH.exe

C:\Windows\System\VpeLWHI.exe

C:\Windows\System\VpeLWHI.exe

C:\Windows\System\ZbreKZP.exe

C:\Windows\System\ZbreKZP.exe

C:\Windows\System\USJOVzZ.exe

C:\Windows\System\USJOVzZ.exe

C:\Windows\System\bgVAgBn.exe

C:\Windows\System\bgVAgBn.exe

C:\Windows\System\STpcuRx.exe

C:\Windows\System\STpcuRx.exe

C:\Windows\System\pxqJJQg.exe

C:\Windows\System\pxqJJQg.exe

C:\Windows\System\DQNCVws.exe

C:\Windows\System\DQNCVws.exe

C:\Windows\System\OGZoGOa.exe

C:\Windows\System\OGZoGOa.exe

C:\Windows\System\LvHXVmy.exe

C:\Windows\System\LvHXVmy.exe

C:\Windows\System\UDOZPYx.exe

C:\Windows\System\UDOZPYx.exe

C:\Windows\System\qZRSDSs.exe

C:\Windows\System\qZRSDSs.exe

C:\Windows\System\PePzCtP.exe

C:\Windows\System\PePzCtP.exe

C:\Windows\System\ByRmtnV.exe

C:\Windows\System\ByRmtnV.exe

C:\Windows\System\AYOmRBS.exe

C:\Windows\System\AYOmRBS.exe

C:\Windows\System\SwcHQyK.exe

C:\Windows\System\SwcHQyK.exe

C:\Windows\System\izNNiLN.exe

C:\Windows\System\izNNiLN.exe

C:\Windows\System\ciaWUBT.exe

C:\Windows\System\ciaWUBT.exe

C:\Windows\System\gXyCOAI.exe

C:\Windows\System\gXyCOAI.exe

C:\Windows\System\IFYpSDS.exe

C:\Windows\System\IFYpSDS.exe

C:\Windows\System\CSOAxVp.exe

C:\Windows\System\CSOAxVp.exe

C:\Windows\System\UPGPpUZ.exe

C:\Windows\System\UPGPpUZ.exe

C:\Windows\System\ZANXjRo.exe

C:\Windows\System\ZANXjRo.exe

C:\Windows\System\XWhdQRl.exe

C:\Windows\System\XWhdQRl.exe

C:\Windows\System\dVBFMru.exe

C:\Windows\System\dVBFMru.exe

C:\Windows\System\WiLOGOR.exe

C:\Windows\System\WiLOGOR.exe

C:\Windows\System\eSimUaQ.exe

C:\Windows\System\eSimUaQ.exe

C:\Windows\System\dPpZutz.exe

C:\Windows\System\dPpZutz.exe

C:\Windows\System\scIoxZY.exe

C:\Windows\System\scIoxZY.exe

C:\Windows\System\SUSYFrL.exe

C:\Windows\System\SUSYFrL.exe

C:\Windows\System\mNMbZDZ.exe

C:\Windows\System\mNMbZDZ.exe

C:\Windows\System\jvYBrZQ.exe

C:\Windows\System\jvYBrZQ.exe

C:\Windows\System\YwZdtAt.exe

C:\Windows\System\YwZdtAt.exe

C:\Windows\System\oXrqgDL.exe

C:\Windows\System\oXrqgDL.exe

C:\Windows\System\msOrkHS.exe

C:\Windows\System\msOrkHS.exe

C:\Windows\System\cNDBkKf.exe

C:\Windows\System\cNDBkKf.exe

C:\Windows\System\BuEnNlM.exe

C:\Windows\System\BuEnNlM.exe

C:\Windows\System\nQnhTJo.exe

C:\Windows\System\nQnhTJo.exe

C:\Windows\System\ozZHzsD.exe

C:\Windows\System\ozZHzsD.exe

C:\Windows\System\lCZDFvt.exe

C:\Windows\System\lCZDFvt.exe

C:\Windows\System\YHWxXgJ.exe

C:\Windows\System\YHWxXgJ.exe

C:\Windows\System\NFmHSVD.exe

C:\Windows\System\NFmHSVD.exe

C:\Windows\System\zSVdEQP.exe

C:\Windows\System\zSVdEQP.exe

C:\Windows\System\cRlDbjt.exe

C:\Windows\System\cRlDbjt.exe

C:\Windows\System\ZxXVbXa.exe

C:\Windows\System\ZxXVbXa.exe

C:\Windows\System\nrJzbZu.exe

C:\Windows\System\nrJzbZu.exe

C:\Windows\System\CjVlHMK.exe

C:\Windows\System\CjVlHMK.exe

C:\Windows\System\bdVgJIo.exe

C:\Windows\System\bdVgJIo.exe

C:\Windows\System\yrhPoHx.exe

C:\Windows\System\yrhPoHx.exe

C:\Windows\System\WSfNYfI.exe

C:\Windows\System\WSfNYfI.exe

C:\Windows\System\dFFnnqM.exe

C:\Windows\System\dFFnnqM.exe

C:\Windows\System\KeyWeWl.exe

C:\Windows\System\KeyWeWl.exe

C:\Windows\System\KQQnkqo.exe

C:\Windows\System\KQQnkqo.exe

C:\Windows\System\fwdPKea.exe

C:\Windows\System\fwdPKea.exe

C:\Windows\System\RPeXdxC.exe

C:\Windows\System\RPeXdxC.exe

C:\Windows\System\VHICvPX.exe

C:\Windows\System\VHICvPX.exe

C:\Windows\System\aWFUtvF.exe

C:\Windows\System\aWFUtvF.exe

C:\Windows\System\hCjUiBe.exe

C:\Windows\System\hCjUiBe.exe

C:\Windows\System\ixqkelX.exe

C:\Windows\System\ixqkelX.exe

C:\Windows\System\KbVuhRx.exe

C:\Windows\System\KbVuhRx.exe

C:\Windows\System\wwmssTj.exe

C:\Windows\System\wwmssTj.exe

C:\Windows\System\tqzNvUt.exe

C:\Windows\System\tqzNvUt.exe

C:\Windows\System\AcbysHL.exe

C:\Windows\System\AcbysHL.exe

C:\Windows\System\ahuSNyk.exe

C:\Windows\System\ahuSNyk.exe

C:\Windows\System\JMOpPuT.exe

C:\Windows\System\JMOpPuT.exe

C:\Windows\System\vIkblll.exe

C:\Windows\System\vIkblll.exe

C:\Windows\System\RJaRDOI.exe

C:\Windows\System\RJaRDOI.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2132-0-0x0000000001B20000-0x0000000001B30000-memory.dmp

memory/2132-2-0x000000013F0B0000-0x000000013F404000-memory.dmp

\Windows\system\hQUdZki.exe

MD5 29a7d0ec4c11e5f3b5ed0c45303b8aed
SHA1 55fe41facdbe9f4467af2322fe7fb0aba0647845
SHA256 e05323a0a3570be93744367defc61feb582e16d873b182b1f5a76cbc9b07d80e
SHA512 91e8900a571afd1dfbb07fead13bd8d89b55e224bd10cda04e1615f71b1c597a5b5b87f9655487b3ccd234e41e56a1b0b45020c66b5a87e5de694ca9bbc0f166

\Windows\system\OxNDlUS.exe

MD5 a712c9b3fffad0c793f3be0045bd8b38
SHA1 112ee84e0db1b537141305f866cc74ff13e7a196
SHA256 ade2c41c96ca7a61e3f8ed6213715e0fd2d9af76b2ac0601e3b85747557d2eea
SHA512 424179681a826027a659ce6bfa76ea4f31fb247d0051dca0e2c910aeff8bc1ccd80f92b5a7b51d26d16d6aaa3fa0c4fc455ac980857b8dc9001410887931e7c0

C:\Windows\system\salFAMB.exe

MD5 c4a961c742319bab2bda8962c393d133
SHA1 aad6f744452095735ce5861be278cd7c74cae2dd
SHA256 e5319a8c80003c043a1e8e7ff1be8e0728f71eddc8d19b47006f7e877fd81355
SHA512 c51c6afac29b862ee28899f095573f2a61a3211dd715b24a091a19d4e827775939faf23768a5448d8f91be9169187a97a13c649debeb4441c0e55abbaabcc9d7

C:\Windows\system\NQGbZqG.exe

MD5 3d26d702d68aff22b33799906660184c
SHA1 481f45cd8603cba779792fb7202e4bdbc0533776
SHA256 163e483d719206b8b2ca55025fbd1326ac09d3899bc6b994450ba8621f60ff93
SHA512 fcf5caba18709935c775398384bd9e80e07737b23c06f7c5c3ebbe6797947dd4aef0be007ab761b48564e17e4fab3ad57a4cc2a3879a3d8d7e77840292d2a4a8

memory/2092-25-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/2132-26-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/1700-29-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2616-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2956-78-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2132-84-0x000000013F0B0000-0x000000013F404000-memory.dmp

\Windows\system\iAPKirT.exe

MD5 410710255fe98b420d0431c3d15cba18
SHA1 9474a6b9bfc431c6fbe8537c92142065123377ef
SHA256 7bc6e0308ed55ac93a8302b93e1b2fba308431cd2ce06ecc1f04165edb4bbf12
SHA512 fb38ccf785cb34ee7f4edf9d4ae0b95d23c7237cdb1a17ce61b5c1c916956f18e8e53c7be282c19aad3993b663a3486b3e4aff5944529df702ea4f5a6db82183

C:\Windows\system\WpYHyXi.exe

MD5 a3643fa9121d3abf744617d1fee44c58
SHA1 203174264a233f4f963f4a3fb72fa88831d0f234
SHA256 bf82b67b53d82c8af41057c222b535283080a1c46d66d1a2998168b963186733
SHA512 0249139b5055b13e2a5841bf5c9aad0c289ec0ed165ff0e9c011f94533f2aad1c92dd33f0df43c96454432771f96b41c7583b9c1bdb7f8bb22511f33fcfe08b4

memory/2632-650-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2132-1069-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2616-1071-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2132-1070-0x0000000001E50000-0x00000000021A4000-memory.dmp

C:\Windows\system\rHBBhMX.exe

MD5 f471360c5b0d674e08da9cdf3b7912ca
SHA1 ab7ed4badb7913838f7a809f815ace78e8296667
SHA256 2d44930c20e19b5b1d3c477afac0c13082c5f74a682bb77debbbc296407e255e
SHA512 432a98fb7d80e0cebbbff5eb58de2ee5e8ac60b7c240d23c0da9f62516a09b9812dfb06e638d73fbee248b03ea4d6c83518d00d83c8ae776d6e4e7db9bb60383

C:\Windows\system\ewZDXAT.exe

MD5 1a1ecb3455866678353b3dd0bc89c20f
SHA1 f855d2474fb3bb37ab0e1e6f323d556ccde4fbc7
SHA256 2f40d3ba5b6d42ce9803df01e1253575072e50c27416a619987d58a26a2a5d27
SHA512 184dc7abf5e8707a84f3c7e80dd6519fd9105c27bd9c8acd25f6664cc1be9a390cbf0dc57f0ade9ef0bdcb02f87f66f89a53d197b04582da32d3c104ded43a8a

\Windows\system\zCtZXOb.exe

MD5 004fd6b4cafe71e5bdec959d6f934aa1
SHA1 089ad5dd7312967efed08418a0acdac889915395
SHA256 f73f00fe86d7ca5972b54fe392e0b4072355903cd3713bbb38c4548a067f9d37
SHA512 dc49e22c02acd669fac3d538e1e0b2c001c95c8660f2393097501d688885b3189b0f7cc4e5690ea4ab6ce41a33ade5a06b7800ab41fa165fca4c8ba3bbaaeb34

\Windows\system\oZdLqze.exe

MD5 5d6858d6cb5aac0506a173b3ef06bac0
SHA1 a001d1728c9bb3d705cd5f28d2cfae335d2362ed
SHA256 374a148497ff6b0ee44c9a3d53591748b8923ca137295013217f7d647bd8007f
SHA512 72dcd525a729549bbe3f2b2b086741945ef110e44b8fa88330a893cc79eebb846b8f697ee57c0a7fb12d505543d19fcd53f410cedfb8eb8c2c39742a35f17962

C:\Windows\system\zlHjPiN.exe

MD5 bd833c091a557673f9c91e17235f1552
SHA1 305b3eba166ae3d006bed6987da33e45251a76ac
SHA256 7e6a55478ef6803347b87be6a8ec68a470779b56405b623d79f71706c01f82f0
SHA512 e84a057ee2b12bda4af64ad66b68d9faecbde400a3780dc0f7dff06969fe0bb8834eef403700f1833f0a8a7cd060f66d241253016fddf2545dce1b890da5a8ac

C:\Windows\system\gNDUdOl.exe

MD5 61293d0fbf704b2ed7f2820ade82e935
SHA1 2251323dda55733ddce3778a9880fad77734f8f5
SHA256 f3c7355e0d31982f5f949159fdd9c8363b63c7e902cac1c61b9554740fa69dc9
SHA512 44d387bef4c00d4135f9ca2e2a29614a05b3d6f3301bd6186266f55265a2a17c07dbd646e93b10417fbc71e722f1b72955ce24a763bf1baece5fe4b3436606ad

C:\Windows\system\uhahVuP.exe

MD5 2156a74d8e119cb14f5f1eae168938cb
SHA1 4dafa5fd043fd3f8883bfdc029f28054f862b8d9
SHA256 359bbc93a78bed01146a7626c152314f2f17860839e9599e5ae2d8328301457f
SHA512 1aed19042e7d0ca199bc6a7c1dde032de2e14bd65c41d17b1fb6bc08204573424a4ddcc367a78125540b2254930c7a136ca1c8f579abd376c84d26ef7458fdec

C:\Windows\system\QGwcCJZ.exe

MD5 4357c032f0bf61ea5ba989e76967c4d8
SHA1 f233880a52d9b0abb6d50c286f903ba51bb9d11d
SHA256 5a9bc9db230e879734494c4d7f728a87b0664adaac81e9ae057eb51086d776b0
SHA512 87ab90d9d2e401bd773997843fb7a75e720596cb41cad9943d201fb5beb792f749db4c27b2fe93be93432958a8eaad391dc1140dc90bd4297d966e4e15b0b5f6

C:\Windows\system\PZqnEJc.exe

MD5 9e75de0321507af83c8ca3152869e015
SHA1 95c12a6ba10fc773b18f65ba15a1ace62894c69d
SHA256 05b7de96ccb3004b29a72e53306381c4f7877b20662ca3aefaf2bda65f47d6a6
SHA512 edbbde7bcb3bf876141a90c2a4fea066df4782c9f25eb4934fe891c85af41506e475bbb9868870648524d498eb8054ba94b22a0b9328e102025fe14608c42f8a

C:\Windows\system\zLbgscQ.exe

MD5 f172bb97cb159ce2bdfd6ffd7722b47d
SHA1 58c9970b35e7bc57d335f412f3b10774a77bd855
SHA256 38a7283ae709852fa56ba6b08a525e85c1d644f4fc98cec622a177209424ae13
SHA512 785c94fc4bd8077e60d0bf82bb80aaaaca5abb5ca7433f479553a7ea0d4838cc6856391cba9fb0245b9242732179db5bd0fb14b222976be50710012b29faf10f

C:\Windows\system\qICnesg.exe

MD5 8d91f707681760a530a3dab89f94c25c
SHA1 61bd132ac3cf6deaa531b847df92419f3388a0e5
SHA256 9bb29a38ee02447cbe1177c3d4949006bb929cb0c227e355ac9975619cdb58bb
SHA512 0cf90e3b70266540143ff76af34b49a9cb712355727e312d03de2cded72fa36591ea7c043e459e1f18458a4a1aadf7032f9a531c92ed6425a08c06764b8840c6

C:\Windows\system\rmRYCJj.exe

MD5 f8449e88135f71c8261bf2329006d696
SHA1 3a63f9090dc41d71ce7c4d156c55bd9ea6a2d1da
SHA256 0205e7ae1e066f6d49e9aae3d4778dc59e387fca48ea5fe32168a80fdbdd8e5c
SHA512 9c25cb0037c6efd6db3bf8413fc5896f9654c476ff6ae19be4c332f157ccca175019ea289e2c73c0c66374353a537569c2050e24dd079d2638bcc88d15738c3e

C:\Windows\system\SSmvnUE.exe

MD5 e876e6b37fca9ac6c88a3769b1abc742
SHA1 a4a6e08391ef7b8e276e34951139705d654dd516
SHA256 35a7ceb0a1995edeab91336a638dd942745acfad2e92be91205145b2ba47dd59
SHA512 edf63af9c67b83d684d0e041e573f3b8e9a934c6bf9f63b6dd9a6659a2ded47093eeac94a4555cb811c9e38903d1bf6c76738df0e72eba195b5f2f599eee64fb

C:\Windows\system\iTBqKWG.exe

MD5 ef2f1a603ddd51c90c2064967eb8b92c
SHA1 f3cf34196159dbdadcfcbe579324fc65892b93f1
SHA256 56ce2652cdf5e5ea646557c43bd9583da447c15f1176bd14db3bb72b7a6bf4e2
SHA512 9c6545d435a648191e1c88fe01e1624ae8eb0bd8e8f912cf353930fa6cb3d16e3aceb1243201b055df9410d10e2b8a4d96d492e21c7a9957732b303c1df508a5

C:\Windows\system\OkydkMb.exe

MD5 637b399700ed717d6f7e0dfb4e7bac0e
SHA1 0e6a70a7390a4501dc42f06f928e8333862aea3a
SHA256 39b43e9dbdfc1ea464b3daf5f03ce7daade939f81b938df77d56a2a944bce317
SHA512 97124dbe94e0c72aa6532dfc5d312de010c342af702e23d684334aafae54fd9a0cb6d8bb812bf4831e9914d65cce22de60189f7d882854749843cebfe9b2a670

\Windows\system\OXkLwbo.exe

MD5 5b0fd6debae476014f8ff9a2db3a30ff
SHA1 c0712e08ea93716c8163dfd2138c46aa23ee095d
SHA256 5ed0a48c0784c15d41fcdaeedadb20c87adb522c30c32bc9a5b8c5646a264489
SHA512 b6b0ab9e7e50b24385c9f509396de4ec141ba0dc415503261ce3006d57866c41930f3392b1874160ce39bf86a3ae179df5d21e81e5993958ccb463c968055991

memory/1640-109-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2960-85-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2132-108-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2132-107-0x000000013F520000-0x000000013F874000-memory.dmp

C:\Windows\system\ZQsLTPG.exe

MD5 290d5917ef18106440549b12595f2ea7
SHA1 5b870573526835f02b75baf829495ec09006bbaa
SHA256 9a93d70fc0bcde43b3e007ca3f4c2dbd7ed630971b7ec1f8402a216770f5cdc4
SHA512 02b638b7adb37d1821fab44c52d0a4dc26df6a3896d7ee3d4c2260dc5c9fdbc24699985338d6c74548a839ef2798ab440997e6b5714f5e48d7051a289dd71ceb

memory/316-99-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\wLFQdhA.exe

MD5 a59520cb53fea547b09d6a9069233745
SHA1 991f72b0bdf3e8df47de4370c6f98dd2bc0209d9
SHA256 c8c257ca9bd199f8b70dc9d1df3deaf9b48e365002ad6e940cc61164a147460b
SHA512 59603101f0b31c38633045fdde14d8c4e59db2f36dc537f9519507d0111d537acdf095f492f1003e4e2926ad4e2e4b734f2b9dd04828ddabaafde89451f3ae69

memory/2132-95-0x000000013FAB0000-0x000000013FE04000-memory.dmp

C:\Windows\system\oRqcpkC.exe

MD5 7f01fdce53c4eafbc7b09fa7efbb6300
SHA1 e8cc2a8752d92c3a0b6123b27811db098ea0eec3
SHA256 da7ca187ec7a8bada391e69d920e1d0aae21a7a707788f770fc472e43e167d1e
SHA512 4b71d4ecc904243223106eb70af95e10146033f4fca6b75bb173532556cf9216cdf1a7377d03e954b88691e1c454d37d8213ba3632d8a6dcd8e322633f8d1445

C:\Windows\system\YBEMcHc.exe

MD5 ab03393619f2efa2eb9a3e3ba3510672
SHA1 24a572a8483b3c8c30cb5bae57593da2f583940a
SHA256 bc306df95a8454febe59ef91b63a521d687a4e255667855ca519a53db2c80c01
SHA512 0b1da27a6d33a6944f77ed6df9b94385f52d1c252bfb84e690eea1ef58874b31a7453023c38fadd229c80b968e058f822cb1640ab32bdcc27d97f9b1d8e22520

memory/2132-77-0x000000013F770000-0x000000013FAC4000-memory.dmp

C:\Windows\system\zRbajMa.exe

MD5 689bb5a15902cbb5c4a6a53f2b1e326a
SHA1 ed34c0c0a1afd3ce50e151c475023439104ecc6c
SHA256 ee6eac9bced5c85cfdae21a030238381b3c76b9311017e62e8ae57bb1cd1250d
SHA512 d385f89926d7963f0f415fa217fcc5675c760ec0797b4ba444e4694742966a6bb99bf289862ed78a160759933cc5252047af44270239cebe991c579635a30052

memory/2532-71-0x000000013FF50000-0x00000001402A4000-memory.dmp

memory/2132-70-0x000000013FF50000-0x00000001402A4000-memory.dmp

C:\Windows\system\ZVRStXE.exe

MD5 604e6366696fa1d5dc7ffcefdea4903a
SHA1 1a5d27d17282903a6cef55cd5156fb755433c828
SHA256 458894816395a81cdd701c878610421291eae5a725e980988fac9719099c3556
SHA512 1e17c815c9a590103140abaf33cae1402376ba9f939437361a5f6a5f54d86e6d5a209a18aca9ac7a9b5f858815ab731b3ecc88a62e9df4b190251edc6ef9fb79

memory/2684-64-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2132-63-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2132-55-0x000000013F7C0000-0x000000013FB14000-memory.dmp

C:\Windows\system\URiMJKA.exe

MD5 2b1dcdabb9bb40e2a96cef76ad16a17c
SHA1 c39119f0a5b4a5005d1ca1ca2d43e7903a4c8377
SHA256 9d0eef84aa6157ebbd94e5988781656fcddfc31d9c5137cf164198846ecb746f
SHA512 5587ffa903827f38d5ad845590c3607ed6871bd809b69173f1fa61574b039db8140a72a62ba68351a2f11a3a8711da8334047fb36afc0cb9301c0d665add8bff

C:\Windows\system\csPfheU.exe

MD5 1963984214e7891cdfe89daee6f295d3
SHA1 d2728fa380510b75494a8fdc2c491900851cbde6
SHA256 ef580c1de7e99ba8254cfdd6009b7884e004a5baa14015c2d02ba83c193e068e
SHA512 e2ef2a1044678fd50b67df03ade971bdc620d1337e8cc0919ef2493f04e7b561558f1ae813298bb01911ffd0320375608be77497f1afbf4be0a1630463b12427

memory/2132-37-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2648-50-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2132-49-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/3024-28-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2632-47-0x000000013F300000-0x000000013F654000-memory.dmp

C:\Windows\system\XOvKZiO.exe

MD5 6e778442f2e87f9fe280190efb860d37
SHA1 2fb141d9923c3695dbc5e8833b56a38542d27adb
SHA256 fabb952811b7f6b44dcbecf3218bb00242a818becb9ffab2b31b267e0aa75781
SHA512 b9649a259e09d56e229303bbf0428295e0091689c46dce70ed7a145d6ebf4bf8aa03d4d55adf4841719315655776a3fb9499eb33ff16e6ce218be05cfddef647

memory/2132-44-0x000000013FED0000-0x0000000140224000-memory.dmp

C:\Windows\system\tnPBEkh.exe

MD5 496a50f96ca1757de29b61cd2119d344
SHA1 b9af1acc6f606ad85a2f023533d3769445b74b48
SHA256 ff381da43c8b2990f7b2f832f4876073ad9d7a703e4edad23f5654d878acea1d
SHA512 ebe04e030496896d1dfc310f3e64f555516e090a13e584283ccd9961c2fd23a8e472de4772b9ffaf4e09e72f2a1274ce64a7162e5d7c87a3af16f6cfa2bdba88

memory/2876-42-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/1080-27-0x000000013FF20000-0x0000000140274000-memory.dmp

C:\Windows\system\EOaUECR.exe

MD5 333665fbe78419455aa2bc6549c54972
SHA1 fe58916b991944a45520758a23a107c76524c616
SHA256 45030a568e00d9fd435aa046839b28ce31fd7e4d81415c8944a0853247c48e70
SHA512 982b2ae2242143c7bf52a56d0825d96347a740d55c12d5de88cd4a84eeb2ffb802a117374723752776983ee6b182027cf071f1a4fa23b22d5402b3a2ed8fc4c5

memory/2132-23-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2132-18-0x000000013FF20000-0x0000000140274000-memory.dmp

memory/2132-1072-0x000000013FF50000-0x00000001402A4000-memory.dmp

memory/2132-1073-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2132-1074-0x000000013F520000-0x000000013F874000-memory.dmp

memory/2132-1075-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/1640-1076-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/1080-1077-0x000000013FF20000-0x0000000140274000-memory.dmp

memory/3024-1079-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2092-1078-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/1700-1080-0x000000013F100000-0x000000013F454000-memory.dmp

memory/2876-1081-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2632-1082-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2648-1083-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2616-1085-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2684-1084-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2532-1086-0x000000013FF50000-0x00000001402A4000-memory.dmp

memory/2956-1087-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2960-1088-0x000000013F020000-0x000000013F374000-memory.dmp

memory/316-1089-0x000000013FAB0000-0x000000013FE04000-memory.dmp

memory/1640-1090-0x000000013F450000-0x000000013F7A4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 21:42

Reported

2024-06-26 21:45

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\rNkbVML.exe N/A
N/A N/A C:\Windows\System\QGtLrNl.exe N/A
N/A N/A C:\Windows\System\GssQQWQ.exe N/A
N/A N/A C:\Windows\System\iiWtCrS.exe N/A
N/A N/A C:\Windows\System\IzRFQrJ.exe N/A
N/A N/A C:\Windows\System\gWXbYBo.exe N/A
N/A N/A C:\Windows\System\myiZPfy.exe N/A
N/A N/A C:\Windows\System\WmGygxB.exe N/A
N/A N/A C:\Windows\System\bOROBUy.exe N/A
N/A N/A C:\Windows\System\OITgEhL.exe N/A
N/A N/A C:\Windows\System\ZxRAUkn.exe N/A
N/A N/A C:\Windows\System\Qbrbcyb.exe N/A
N/A N/A C:\Windows\System\HimTFAU.exe N/A
N/A N/A C:\Windows\System\OYgyAhb.exe N/A
N/A N/A C:\Windows\System\loMJWRw.exe N/A
N/A N/A C:\Windows\System\xytXado.exe N/A
N/A N/A C:\Windows\System\PaRcojE.exe N/A
N/A N/A C:\Windows\System\FaecJbA.exe N/A
N/A N/A C:\Windows\System\yIBcpiO.exe N/A
N/A N/A C:\Windows\System\MfkhUJL.exe N/A
N/A N/A C:\Windows\System\ZThZRqq.exe N/A
N/A N/A C:\Windows\System\sGaYtJD.exe N/A
N/A N/A C:\Windows\System\wQkRsnn.exe N/A
N/A N/A C:\Windows\System\tuStQiR.exe N/A
N/A N/A C:\Windows\System\brzzpqi.exe N/A
N/A N/A C:\Windows\System\ukEVDHW.exe N/A
N/A N/A C:\Windows\System\IiCMnbW.exe N/A
N/A N/A C:\Windows\System\pBvwkBa.exe N/A
N/A N/A C:\Windows\System\GQinjWB.exe N/A
N/A N/A C:\Windows\System\QAPaqpc.exe N/A
N/A N/A C:\Windows\System\sZStEJF.exe N/A
N/A N/A C:\Windows\System\YopdMgn.exe N/A
N/A N/A C:\Windows\System\UGSNDgu.exe N/A
N/A N/A C:\Windows\System\uYLTzLd.exe N/A
N/A N/A C:\Windows\System\MezixwB.exe N/A
N/A N/A C:\Windows\System\grsaIdT.exe N/A
N/A N/A C:\Windows\System\oNIwVDh.exe N/A
N/A N/A C:\Windows\System\tQpUFZM.exe N/A
N/A N/A C:\Windows\System\aLQwPdl.exe N/A
N/A N/A C:\Windows\System\xKYcEUE.exe N/A
N/A N/A C:\Windows\System\Weaeavq.exe N/A
N/A N/A C:\Windows\System\pbspRbk.exe N/A
N/A N/A C:\Windows\System\ZFjPUwR.exe N/A
N/A N/A C:\Windows\System\pCEkCqC.exe N/A
N/A N/A C:\Windows\System\gNrHOga.exe N/A
N/A N/A C:\Windows\System\FkngyiH.exe N/A
N/A N/A C:\Windows\System\NJOYSSs.exe N/A
N/A N/A C:\Windows\System\XqEWKKK.exe N/A
N/A N/A C:\Windows\System\krucQjD.exe N/A
N/A N/A C:\Windows\System\UpQJjPH.exe N/A
N/A N/A C:\Windows\System\BaFwOrE.exe N/A
N/A N/A C:\Windows\System\hqiVfhR.exe N/A
N/A N/A C:\Windows\System\kGhpWAs.exe N/A
N/A N/A C:\Windows\System\CYrpPtE.exe N/A
N/A N/A C:\Windows\System\lVHaSYm.exe N/A
N/A N/A C:\Windows\System\qEafLhV.exe N/A
N/A N/A C:\Windows\System\aOohMtS.exe N/A
N/A N/A C:\Windows\System\wuzekoX.exe N/A
N/A N/A C:\Windows\System\ozqLnMJ.exe N/A
N/A N/A C:\Windows\System\pzLdwtN.exe N/A
N/A N/A C:\Windows\System\MwewXRL.exe N/A
N/A N/A C:\Windows\System\QhnWwhn.exe N/A
N/A N/A C:\Windows\System\qTLXULk.exe N/A
N/A N/A C:\Windows\System\wgVFtAu.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ezQmONf.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xvCjUrs.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZStEJF.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhnWwhn.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\shPPSnE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\XolPIcd.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiWtCrS.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKYcEUE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZDonaC.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJBfLCE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftrHjcm.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoRxcRC.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAhdyns.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFjPUwR.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JCZJfta.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKWFUhq.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDrSGog.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFeZflh.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\phwcpUp.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFXYppM.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\JYZtYFM.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\OITgEhL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOdLAmn.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\Eaiurzw.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\IIOGjDo.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjwxcwT.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZdoijt.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\zweBybW.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\sVXWgyD.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\emBmTwS.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\foEbXfN.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzMPMJy.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\rUCWazT.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozqLnMJ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\njbDhpZ.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksvcQrU.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSLjQXm.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwiRxKn.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCQxGEe.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\dVerErb.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\YopdMgn.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaXysVF.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KlVyxIf.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\pkWNJuE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\BaFwOrE.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwewXRL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\GuZLENv.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxeEwIl.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\yorbgrV.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEhgOhN.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\biSjiar.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsuuTbR.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmGygxB.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgVFtAu.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCHemxX.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\UENkHYL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZsRajX.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcLQCbX.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPsoDsj.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\xytXado.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFhQTQX.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRipXDx.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\imnGmCL.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWVMKWe.exe C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2680 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\rNkbVML.exe
PID 2680 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\rNkbVML.exe
PID 2680 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\QGtLrNl.exe
PID 2680 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\QGtLrNl.exe
PID 2680 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\GssQQWQ.exe
PID 2680 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\GssQQWQ.exe
PID 2680 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iiWtCrS.exe
PID 2680 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\iiWtCrS.exe
PID 2680 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\IzRFQrJ.exe
PID 2680 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\IzRFQrJ.exe
PID 2680 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\myiZPfy.exe
PID 2680 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\myiZPfy.exe
PID 2680 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\WmGygxB.exe
PID 2680 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\WmGygxB.exe
PID 2680 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\gWXbYBo.exe
PID 2680 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\gWXbYBo.exe
PID 2680 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\bOROBUy.exe
PID 2680 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\bOROBUy.exe
PID 2680 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZxRAUkn.exe
PID 2680 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZxRAUkn.exe
PID 2680 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OITgEhL.exe
PID 2680 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OITgEhL.exe
PID 2680 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\Qbrbcyb.exe
PID 2680 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\Qbrbcyb.exe
PID 2680 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\HimTFAU.exe
PID 2680 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\HimTFAU.exe
PID 2680 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OYgyAhb.exe
PID 2680 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\OYgyAhb.exe
PID 2680 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\loMJWRw.exe
PID 2680 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\loMJWRw.exe
PID 2680 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\xytXado.exe
PID 2680 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\xytXado.exe
PID 2680 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\PaRcojE.exe
PID 2680 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\PaRcojE.exe
PID 2680 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\FaecJbA.exe
PID 2680 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\FaecJbA.exe
PID 2680 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\yIBcpiO.exe
PID 2680 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\yIBcpiO.exe
PID 2680 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\MfkhUJL.exe
PID 2680 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\MfkhUJL.exe
PID 2680 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZThZRqq.exe
PID 2680 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ZThZRqq.exe
PID 2680 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\sGaYtJD.exe
PID 2680 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\sGaYtJD.exe
PID 2680 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\wQkRsnn.exe
PID 2680 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\wQkRsnn.exe
PID 2680 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\tuStQiR.exe
PID 2680 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\tuStQiR.exe
PID 2680 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\brzzpqi.exe
PID 2680 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\brzzpqi.exe
PID 2680 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ukEVDHW.exe
PID 2680 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\ukEVDHW.exe
PID 2680 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\IiCMnbW.exe
PID 2680 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\IiCMnbW.exe
PID 2680 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\pBvwkBa.exe
PID 2680 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\pBvwkBa.exe
PID 2680 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\GQinjWB.exe
PID 2680 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\GQinjWB.exe
PID 2680 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\QAPaqpc.exe
PID 2680 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\QAPaqpc.exe
PID 2680 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\sZStEJF.exe
PID 2680 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\sZStEJF.exe
PID 2680 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\YopdMgn.exe
PID 2680 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe C:\Windows\System\YopdMgn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1544161eeba57aa4070b1b2c14f9c388b761bbda91527787e5380d5a7d62242b_NeikiAnalytics.exe"

C:\Windows\System\rNkbVML.exe

C:\Windows\System\rNkbVML.exe

C:\Windows\System\QGtLrNl.exe

C:\Windows\System\QGtLrNl.exe

C:\Windows\System\GssQQWQ.exe

C:\Windows\System\GssQQWQ.exe

C:\Windows\System\iiWtCrS.exe

C:\Windows\System\iiWtCrS.exe

C:\Windows\System\IzRFQrJ.exe

C:\Windows\System\IzRFQrJ.exe

C:\Windows\System\myiZPfy.exe

C:\Windows\System\myiZPfy.exe

C:\Windows\System\WmGygxB.exe

C:\Windows\System\WmGygxB.exe

C:\Windows\System\gWXbYBo.exe

C:\Windows\System\gWXbYBo.exe

C:\Windows\System\bOROBUy.exe

C:\Windows\System\bOROBUy.exe

C:\Windows\System\ZxRAUkn.exe

C:\Windows\System\ZxRAUkn.exe

C:\Windows\System\OITgEhL.exe

C:\Windows\System\OITgEhL.exe

C:\Windows\System\Qbrbcyb.exe

C:\Windows\System\Qbrbcyb.exe

C:\Windows\System\HimTFAU.exe

C:\Windows\System\HimTFAU.exe

C:\Windows\System\OYgyAhb.exe

C:\Windows\System\OYgyAhb.exe

C:\Windows\System\loMJWRw.exe

C:\Windows\System\loMJWRw.exe

C:\Windows\System\xytXado.exe

C:\Windows\System\xytXado.exe

C:\Windows\System\PaRcojE.exe

C:\Windows\System\PaRcojE.exe

C:\Windows\System\FaecJbA.exe

C:\Windows\System\FaecJbA.exe

C:\Windows\System\yIBcpiO.exe

C:\Windows\System\yIBcpiO.exe

C:\Windows\System\MfkhUJL.exe

C:\Windows\System\MfkhUJL.exe

C:\Windows\System\ZThZRqq.exe

C:\Windows\System\ZThZRqq.exe

C:\Windows\System\sGaYtJD.exe

C:\Windows\System\sGaYtJD.exe

C:\Windows\System\wQkRsnn.exe

C:\Windows\System\wQkRsnn.exe

C:\Windows\System\tuStQiR.exe

C:\Windows\System\tuStQiR.exe

C:\Windows\System\brzzpqi.exe

C:\Windows\System\brzzpqi.exe

C:\Windows\System\ukEVDHW.exe

C:\Windows\System\ukEVDHW.exe

C:\Windows\System\IiCMnbW.exe

C:\Windows\System\IiCMnbW.exe

C:\Windows\System\pBvwkBa.exe

C:\Windows\System\pBvwkBa.exe

C:\Windows\System\GQinjWB.exe

C:\Windows\System\GQinjWB.exe

C:\Windows\System\QAPaqpc.exe

C:\Windows\System\QAPaqpc.exe

C:\Windows\System\sZStEJF.exe

C:\Windows\System\sZStEJF.exe

C:\Windows\System\YopdMgn.exe

C:\Windows\System\YopdMgn.exe

C:\Windows\System\UGSNDgu.exe

C:\Windows\System\UGSNDgu.exe

C:\Windows\System\uYLTzLd.exe

C:\Windows\System\uYLTzLd.exe

C:\Windows\System\MezixwB.exe

C:\Windows\System\MezixwB.exe

C:\Windows\System\grsaIdT.exe

C:\Windows\System\grsaIdT.exe

C:\Windows\System\oNIwVDh.exe

C:\Windows\System\oNIwVDh.exe

C:\Windows\System\tQpUFZM.exe

C:\Windows\System\tQpUFZM.exe

C:\Windows\System\aLQwPdl.exe

C:\Windows\System\aLQwPdl.exe

C:\Windows\System\xKYcEUE.exe

C:\Windows\System\xKYcEUE.exe

C:\Windows\System\Weaeavq.exe

C:\Windows\System\Weaeavq.exe

C:\Windows\System\pbspRbk.exe

C:\Windows\System\pbspRbk.exe

C:\Windows\System\ZFjPUwR.exe

C:\Windows\System\ZFjPUwR.exe

C:\Windows\System\pCEkCqC.exe

C:\Windows\System\pCEkCqC.exe

C:\Windows\System\gNrHOga.exe

C:\Windows\System\gNrHOga.exe

C:\Windows\System\FkngyiH.exe

C:\Windows\System\FkngyiH.exe

C:\Windows\System\NJOYSSs.exe

C:\Windows\System\NJOYSSs.exe

C:\Windows\System\XqEWKKK.exe

C:\Windows\System\XqEWKKK.exe

C:\Windows\System\krucQjD.exe

C:\Windows\System\krucQjD.exe

C:\Windows\System\UpQJjPH.exe

C:\Windows\System\UpQJjPH.exe

C:\Windows\System\BaFwOrE.exe

C:\Windows\System\BaFwOrE.exe

C:\Windows\System\hqiVfhR.exe

C:\Windows\System\hqiVfhR.exe

C:\Windows\System\kGhpWAs.exe

C:\Windows\System\kGhpWAs.exe

C:\Windows\System\CYrpPtE.exe

C:\Windows\System\CYrpPtE.exe

C:\Windows\System\lVHaSYm.exe

C:\Windows\System\lVHaSYm.exe

C:\Windows\System\qEafLhV.exe

C:\Windows\System\qEafLhV.exe

C:\Windows\System\aOohMtS.exe

C:\Windows\System\aOohMtS.exe

C:\Windows\System\wuzekoX.exe

C:\Windows\System\wuzekoX.exe

C:\Windows\System\ozqLnMJ.exe

C:\Windows\System\ozqLnMJ.exe

C:\Windows\System\pzLdwtN.exe

C:\Windows\System\pzLdwtN.exe

C:\Windows\System\MwewXRL.exe

C:\Windows\System\MwewXRL.exe

C:\Windows\System\QhnWwhn.exe

C:\Windows\System\QhnWwhn.exe

C:\Windows\System\qTLXULk.exe

C:\Windows\System\qTLXULk.exe

C:\Windows\System\wgVFtAu.exe

C:\Windows\System\wgVFtAu.exe

C:\Windows\System\shggEvx.exe

C:\Windows\System\shggEvx.exe

C:\Windows\System\aehztvJ.exe

C:\Windows\System\aehztvJ.exe

C:\Windows\System\IdFYZAn.exe

C:\Windows\System\IdFYZAn.exe

C:\Windows\System\DPqpUDd.exe

C:\Windows\System\DPqpUDd.exe

C:\Windows\System\qaiHLRt.exe

C:\Windows\System\qaiHLRt.exe

C:\Windows\System\vYaZZAe.exe

C:\Windows\System\vYaZZAe.exe

C:\Windows\System\foEbXfN.exe

C:\Windows\System\foEbXfN.exe

C:\Windows\System\KZLiEYX.exe

C:\Windows\System\KZLiEYX.exe

C:\Windows\System\JEwejTT.exe

C:\Windows\System\JEwejTT.exe

C:\Windows\System\dSYiHbG.exe

C:\Windows\System\dSYiHbG.exe

C:\Windows\System\xihpTNz.exe

C:\Windows\System\xihpTNz.exe

C:\Windows\System\nCHemxX.exe

C:\Windows\System\nCHemxX.exe

C:\Windows\System\wcDbmOY.exe

C:\Windows\System\wcDbmOY.exe

C:\Windows\System\CEawEtM.exe

C:\Windows\System\CEawEtM.exe

C:\Windows\System\IKGjipB.exe

C:\Windows\System\IKGjipB.exe

C:\Windows\System\kzEyyfi.exe

C:\Windows\System\kzEyyfi.exe

C:\Windows\System\cEdUHOT.exe

C:\Windows\System\cEdUHOT.exe

C:\Windows\System\fvrBLcJ.exe

C:\Windows\System\fvrBLcJ.exe

C:\Windows\System\GJSHMKA.exe

C:\Windows\System\GJSHMKA.exe

C:\Windows\System\ikSJTgF.exe

C:\Windows\System\ikSJTgF.exe

C:\Windows\System\SOdLAmn.exe

C:\Windows\System\SOdLAmn.exe

C:\Windows\System\Eaiurzw.exe

C:\Windows\System\Eaiurzw.exe

C:\Windows\System\ddmmgnh.exe

C:\Windows\System\ddmmgnh.exe

C:\Windows\System\yaXysVF.exe

C:\Windows\System\yaXysVF.exe

C:\Windows\System\VlznkfZ.exe

C:\Windows\System\VlznkfZ.exe

C:\Windows\System\kXZmjXI.exe

C:\Windows\System\kXZmjXI.exe

C:\Windows\System\jZzTLXd.exe

C:\Windows\System\jZzTLXd.exe

C:\Windows\System\IjcyuKc.exe

C:\Windows\System\IjcyuKc.exe

C:\Windows\System\azrsIYf.exe

C:\Windows\System\azrsIYf.exe

C:\Windows\System\AfmXfLw.exe

C:\Windows\System\AfmXfLw.exe

C:\Windows\System\mqQawKv.exe

C:\Windows\System\mqQawKv.exe

C:\Windows\System\SkggTRN.exe

C:\Windows\System\SkggTRN.exe

C:\Windows\System\ehxVIOI.exe

C:\Windows\System\ehxVIOI.exe

C:\Windows\System\JZDonaC.exe

C:\Windows\System\JZDonaC.exe

C:\Windows\System\DssaIzB.exe

C:\Windows\System\DssaIzB.exe

C:\Windows\System\VXDuvwL.exe

C:\Windows\System\VXDuvwL.exe

C:\Windows\System\dWXVoUA.exe

C:\Windows\System\dWXVoUA.exe

C:\Windows\System\uRfzkqv.exe

C:\Windows\System\uRfzkqv.exe

C:\Windows\System\ROuyOtP.exe

C:\Windows\System\ROuyOtP.exe

C:\Windows\System\gxoXSlw.exe

C:\Windows\System\gxoXSlw.exe

C:\Windows\System\KxeEwIl.exe

C:\Windows\System\KxeEwIl.exe

C:\Windows\System\RmlRkaS.exe

C:\Windows\System\RmlRkaS.exe

C:\Windows\System\KxbbMvg.exe

C:\Windows\System\KxbbMvg.exe

C:\Windows\System\qqlxnDE.exe

C:\Windows\System\qqlxnDE.exe

C:\Windows\System\GnXHZTP.exe

C:\Windows\System\GnXHZTP.exe

C:\Windows\System\rZFXJYe.exe

C:\Windows\System\rZFXJYe.exe

C:\Windows\System\sjDezTB.exe

C:\Windows\System\sjDezTB.exe

C:\Windows\System\aFhQTQX.exe

C:\Windows\System\aFhQTQX.exe

C:\Windows\System\tolUMru.exe

C:\Windows\System\tolUMru.exe

C:\Windows\System\zzMPMJy.exe

C:\Windows\System\zzMPMJy.exe

C:\Windows\System\HmBTLUf.exe

C:\Windows\System\HmBTLUf.exe

C:\Windows\System\jSjKYkj.exe

C:\Windows\System\jSjKYkj.exe

C:\Windows\System\EfPXlML.exe

C:\Windows\System\EfPXlML.exe

C:\Windows\System\aIajTPF.exe

C:\Windows\System\aIajTPF.exe

C:\Windows\System\UPylRbx.exe

C:\Windows\System\UPylRbx.exe

C:\Windows\System\VgvspBu.exe

C:\Windows\System\VgvspBu.exe

C:\Windows\System\KlVyxIf.exe

C:\Windows\System\KlVyxIf.exe

C:\Windows\System\FDKFwbY.exe

C:\Windows\System\FDKFwbY.exe

C:\Windows\System\eEENfHb.exe

C:\Windows\System\eEENfHb.exe

C:\Windows\System\uuqBxwE.exe

C:\Windows\System\uuqBxwE.exe

C:\Windows\System\hTvNKrp.exe

C:\Windows\System\hTvNKrp.exe

C:\Windows\System\uVkRYVc.exe

C:\Windows\System\uVkRYVc.exe

C:\Windows\System\ZPNXZhm.exe

C:\Windows\System\ZPNXZhm.exe

C:\Windows\System\ufeXEkP.exe

C:\Windows\System\ufeXEkP.exe

C:\Windows\System\zvFcCSX.exe

C:\Windows\System\zvFcCSX.exe

C:\Windows\System\bjhQALn.exe

C:\Windows\System\bjhQALn.exe

C:\Windows\System\ZfTAjts.exe

C:\Windows\System\ZfTAjts.exe

C:\Windows\System\BtjEkyY.exe

C:\Windows\System\BtjEkyY.exe

C:\Windows\System\CxySjhz.exe

C:\Windows\System\CxySjhz.exe

C:\Windows\System\coUAOJU.exe

C:\Windows\System\coUAOJU.exe

C:\Windows\System\JgOTSOM.exe

C:\Windows\System\JgOTSOM.exe

C:\Windows\System\mQDfxyT.exe

C:\Windows\System\mQDfxyT.exe

C:\Windows\System\TJwFIaI.exe

C:\Windows\System\TJwFIaI.exe

C:\Windows\System\BDrSGog.exe

C:\Windows\System\BDrSGog.exe

C:\Windows\System\WjDcbWV.exe

C:\Windows\System\WjDcbWV.exe

C:\Windows\System\WvVkqVX.exe

C:\Windows\System\WvVkqVX.exe

C:\Windows\System\oSLjQXm.exe

C:\Windows\System\oSLjQXm.exe

C:\Windows\System\rClJSRl.exe

C:\Windows\System\rClJSRl.exe

C:\Windows\System\UHxkVeu.exe

C:\Windows\System\UHxkVeu.exe

C:\Windows\System\XUmDDsF.exe

C:\Windows\System\XUmDDsF.exe

C:\Windows\System\ysjLRey.exe

C:\Windows\System\ysjLRey.exe

C:\Windows\System\shPPSnE.exe

C:\Windows\System\shPPSnE.exe

C:\Windows\System\omOeYgN.exe

C:\Windows\System\omOeYgN.exe

C:\Windows\System\YwiRxKn.exe

C:\Windows\System\YwiRxKn.exe

C:\Windows\System\tKGHfVl.exe

C:\Windows\System\tKGHfVl.exe

C:\Windows\System\AdAojtX.exe

C:\Windows\System\AdAojtX.exe

C:\Windows\System\rUCWazT.exe

C:\Windows\System\rUCWazT.exe

C:\Windows\System\iOLntDn.exe

C:\Windows\System\iOLntDn.exe

C:\Windows\System\kWRyVAQ.exe

C:\Windows\System\kWRyVAQ.exe

C:\Windows\System\wCOckNP.exe

C:\Windows\System\wCOckNP.exe

C:\Windows\System\pdHAMJW.exe

C:\Windows\System\pdHAMJW.exe

C:\Windows\System\jkIQbEW.exe

C:\Windows\System\jkIQbEW.exe

C:\Windows\System\pCQxGEe.exe

C:\Windows\System\pCQxGEe.exe

C:\Windows\System\JcbcuKr.exe

C:\Windows\System\JcbcuKr.exe

C:\Windows\System\ZWsiOQZ.exe

C:\Windows\System\ZWsiOQZ.exe

C:\Windows\System\bFeZflh.exe

C:\Windows\System\bFeZflh.exe

C:\Windows\System\JCZJfta.exe

C:\Windows\System\JCZJfta.exe

C:\Windows\System\kNOBwPB.exe

C:\Windows\System\kNOBwPB.exe

C:\Windows\System\GuZLENv.exe

C:\Windows\System\GuZLENv.exe

C:\Windows\System\jlPIYoC.exe

C:\Windows\System\jlPIYoC.exe

C:\Windows\System\tjlXxDh.exe

C:\Windows\System\tjlXxDh.exe

C:\Windows\System\YkwyfPm.exe

C:\Windows\System\YkwyfPm.exe

C:\Windows\System\tThYvxg.exe

C:\Windows\System\tThYvxg.exe

C:\Windows\System\phwcpUp.exe

C:\Windows\System\phwcpUp.exe

C:\Windows\System\fHnZvyo.exe

C:\Windows\System\fHnZvyo.exe

C:\Windows\System\wFifMCe.exe

C:\Windows\System\wFifMCe.exe

C:\Windows\System\DYXgQDZ.exe

C:\Windows\System\DYXgQDZ.exe

C:\Windows\System\oVEAeBd.exe

C:\Windows\System\oVEAeBd.exe

C:\Windows\System\TxvIJJC.exe

C:\Windows\System\TxvIJJC.exe

C:\Windows\System\OsuGfOx.exe

C:\Windows\System\OsuGfOx.exe

C:\Windows\System\sLlbHXd.exe

C:\Windows\System\sLlbHXd.exe

C:\Windows\System\XolPIcd.exe

C:\Windows\System\XolPIcd.exe

C:\Windows\System\rAmyDro.exe

C:\Windows\System\rAmyDro.exe

C:\Windows\System\ZVsWVmy.exe

C:\Windows\System\ZVsWVmy.exe

C:\Windows\System\fTFsJLV.exe

C:\Windows\System\fTFsJLV.exe

C:\Windows\System\CRipXDx.exe

C:\Windows\System\CRipXDx.exe

C:\Windows\System\CpxBBus.exe

C:\Windows\System\CpxBBus.exe

C:\Windows\System\PFXYppM.exe

C:\Windows\System\PFXYppM.exe

C:\Windows\System\AgvCrll.exe

C:\Windows\System\AgvCrll.exe

C:\Windows\System\yorbgrV.exe

C:\Windows\System\yorbgrV.exe

C:\Windows\System\brUDiLY.exe

C:\Windows\System\brUDiLY.exe

C:\Windows\System\QgVplQm.exe

C:\Windows\System\QgVplQm.exe

C:\Windows\System\vOOMwAW.exe

C:\Windows\System\vOOMwAW.exe

C:\Windows\System\kwOthcA.exe

C:\Windows\System\kwOthcA.exe

C:\Windows\System\SzngasR.exe

C:\Windows\System\SzngasR.exe

C:\Windows\System\ZEhgOhN.exe

C:\Windows\System\ZEhgOhN.exe

C:\Windows\System\QyMnNOL.exe

C:\Windows\System\QyMnNOL.exe

C:\Windows\System\SfiaVPW.exe

C:\Windows\System\SfiaVPW.exe

C:\Windows\System\FmsMqpo.exe

C:\Windows\System\FmsMqpo.exe

C:\Windows\System\rEUGvxO.exe

C:\Windows\System\rEUGvxO.exe

C:\Windows\System\RdUJBfr.exe

C:\Windows\System\RdUJBfr.exe

C:\Windows\System\biSjiar.exe

C:\Windows\System\biSjiar.exe

C:\Windows\System\dVerErb.exe

C:\Windows\System\dVerErb.exe

C:\Windows\System\imnGmCL.exe

C:\Windows\System\imnGmCL.exe

C:\Windows\System\HSTKOYn.exe

C:\Windows\System\HSTKOYn.exe

C:\Windows\System\FXOsOCt.exe

C:\Windows\System\FXOsOCt.exe

C:\Windows\System\yISAviN.exe

C:\Windows\System\yISAviN.exe

C:\Windows\System\TgpCeIa.exe

C:\Windows\System\TgpCeIa.exe

C:\Windows\System\NRFXnSJ.exe

C:\Windows\System\NRFXnSJ.exe

C:\Windows\System\ujVNNgv.exe

C:\Windows\System\ujVNNgv.exe

C:\Windows\System\OIDMyRG.exe

C:\Windows\System\OIDMyRG.exe

C:\Windows\System\YKWFUhq.exe

C:\Windows\System\YKWFUhq.exe

C:\Windows\System\FaDRyne.exe

C:\Windows\System\FaDRyne.exe

C:\Windows\System\vtkAFvi.exe

C:\Windows\System\vtkAFvi.exe

C:\Windows\System\snHlxKo.exe

C:\Windows\System\snHlxKo.exe

C:\Windows\System\njbDhpZ.exe

C:\Windows\System\njbDhpZ.exe

C:\Windows\System\yzSzwkD.exe

C:\Windows\System\yzSzwkD.exe

C:\Windows\System\whnAxVJ.exe

C:\Windows\System\whnAxVJ.exe

C:\Windows\System\jBVkfWN.exe

C:\Windows\System\jBVkfWN.exe

C:\Windows\System\xZsRajX.exe

C:\Windows\System\xZsRajX.exe

C:\Windows\System\RuANkMA.exe

C:\Windows\System\RuANkMA.exe

C:\Windows\System\MHcCaSr.exe

C:\Windows\System\MHcCaSr.exe

C:\Windows\System\XYVMklm.exe

C:\Windows\System\XYVMklm.exe

C:\Windows\System\npWuRNB.exe

C:\Windows\System\npWuRNB.exe

C:\Windows\System\pkWNJuE.exe

C:\Windows\System\pkWNJuE.exe

C:\Windows\System\sjJQqNn.exe

C:\Windows\System\sjJQqNn.exe

C:\Windows\System\LxZkslr.exe

C:\Windows\System\LxZkslr.exe

C:\Windows\System\WUOYkUp.exe

C:\Windows\System\WUOYkUp.exe

C:\Windows\System\VPWdzhO.exe

C:\Windows\System\VPWdzhO.exe

C:\Windows\System\fTkOISW.exe

C:\Windows\System\fTkOISW.exe

C:\Windows\System\MxbUBEv.exe

C:\Windows\System\MxbUBEv.exe

C:\Windows\System\NuBkJal.exe

C:\Windows\System\NuBkJal.exe

C:\Windows\System\LIypUsP.exe

C:\Windows\System\LIypUsP.exe

C:\Windows\System\uVBSEgU.exe

C:\Windows\System\uVBSEgU.exe

C:\Windows\System\DRTOuZr.exe

C:\Windows\System\DRTOuZr.exe

C:\Windows\System\GqyPfYg.exe

C:\Windows\System\GqyPfYg.exe

C:\Windows\System\uaLxfal.exe

C:\Windows\System\uaLxfal.exe

C:\Windows\System\FYLmIZE.exe

C:\Windows\System\FYLmIZE.exe

C:\Windows\System\dbyZijX.exe

C:\Windows\System\dbyZijX.exe

C:\Windows\System\yAeaENs.exe

C:\Windows\System\yAeaENs.exe

C:\Windows\System\dwOSwGQ.exe

C:\Windows\System\dwOSwGQ.exe

C:\Windows\System\GNczASP.exe

C:\Windows\System\GNczASP.exe

C:\Windows\System\PYmaSou.exe

C:\Windows\System\PYmaSou.exe

C:\Windows\System\BOUXItk.exe

C:\Windows\System\BOUXItk.exe

C:\Windows\System\JxaXmYW.exe

C:\Windows\System\JxaXmYW.exe

C:\Windows\System\nYNOaad.exe

C:\Windows\System\nYNOaad.exe

C:\Windows\System\JZgoQfW.exe

C:\Windows\System\JZgoQfW.exe

C:\Windows\System\ezQmONf.exe

C:\Windows\System\ezQmONf.exe

C:\Windows\System\JYZtYFM.exe

C:\Windows\System\JYZtYFM.exe

C:\Windows\System\yZiwopu.exe

C:\Windows\System\yZiwopu.exe

C:\Windows\System\DrHYdmn.exe

C:\Windows\System\DrHYdmn.exe

C:\Windows\System\MNeZZHr.exe

C:\Windows\System\MNeZZHr.exe

C:\Windows\System\xvCjUrs.exe

C:\Windows\System\xvCjUrs.exe

C:\Windows\System\mJQmwvF.exe

C:\Windows\System\mJQmwvF.exe

C:\Windows\System\hGQTNzU.exe

C:\Windows\System\hGQTNzU.exe

C:\Windows\System\ftrHjcm.exe

C:\Windows\System\ftrHjcm.exe

C:\Windows\System\DcLQCbX.exe

C:\Windows\System\DcLQCbX.exe

C:\Windows\System\msIfMrP.exe

C:\Windows\System\msIfMrP.exe

C:\Windows\System\RuUzrDL.exe

C:\Windows\System\RuUzrDL.exe

C:\Windows\System\hxddXKp.exe

C:\Windows\System\hxddXKp.exe

C:\Windows\System\kucGXIh.exe

C:\Windows\System\kucGXIh.exe

C:\Windows\System\RmeCiDS.exe

C:\Windows\System\RmeCiDS.exe

C:\Windows\System\RIFeOsd.exe

C:\Windows\System\RIFeOsd.exe

C:\Windows\System\BdjWHRD.exe

C:\Windows\System\BdjWHRD.exe

C:\Windows\System\fPsoDsj.exe

C:\Windows\System\fPsoDsj.exe

C:\Windows\System\SpbAYRN.exe

C:\Windows\System\SpbAYRN.exe

C:\Windows\System\PEWxhQw.exe

C:\Windows\System\PEWxhQw.exe

C:\Windows\System\IegDcDF.exe

C:\Windows\System\IegDcDF.exe

C:\Windows\System\uWVMKWe.exe

C:\Windows\System\uWVMKWe.exe

C:\Windows\System\urZnAkN.exe

C:\Windows\System\urZnAkN.exe

C:\Windows\System\ydexMNN.exe

C:\Windows\System\ydexMNN.exe

C:\Windows\System\slrMfGf.exe

C:\Windows\System\slrMfGf.exe

C:\Windows\System\zGGIQgG.exe

C:\Windows\System\zGGIQgG.exe

C:\Windows\System\zweBybW.exe

C:\Windows\System\zweBybW.exe

C:\Windows\System\GfOLMZP.exe

C:\Windows\System\GfOLMZP.exe

C:\Windows\System\uopcnxm.exe

C:\Windows\System\uopcnxm.exe

C:\Windows\System\uAWEmnv.exe

C:\Windows\System\uAWEmnv.exe

C:\Windows\System\XTGKnkh.exe

C:\Windows\System\XTGKnkh.exe

C:\Windows\System\GzAugTO.exe

C:\Windows\System\GzAugTO.exe

C:\Windows\System\phjLJNM.exe

C:\Windows\System\phjLJNM.exe

C:\Windows\System\ZECNwin.exe

C:\Windows\System\ZECNwin.exe

C:\Windows\System\wIWjkwW.exe

C:\Windows\System\wIWjkwW.exe

C:\Windows\System\Ltlezdi.exe

C:\Windows\System\Ltlezdi.exe

C:\Windows\System\zoRxcRC.exe

C:\Windows\System\zoRxcRC.exe

C:\Windows\System\UCAbcwB.exe

C:\Windows\System\UCAbcwB.exe

C:\Windows\System\VbTacvk.exe

C:\Windows\System\VbTacvk.exe

C:\Windows\System\nsuuTbR.exe

C:\Windows\System\nsuuTbR.exe

C:\Windows\System\IIOGjDo.exe

C:\Windows\System\IIOGjDo.exe

C:\Windows\System\UENkHYL.exe

C:\Windows\System\UENkHYL.exe

C:\Windows\System\ksvcQrU.exe

C:\Windows\System\ksvcQrU.exe

C:\Windows\System\TltYDBx.exe

C:\Windows\System\TltYDBx.exe

C:\Windows\System\YKergqc.exe

C:\Windows\System\YKergqc.exe

C:\Windows\System\FbuMOzf.exe

C:\Windows\System\FbuMOzf.exe

C:\Windows\System\pkGNpFt.exe

C:\Windows\System\pkGNpFt.exe

C:\Windows\System\IajeRIQ.exe

C:\Windows\System\IajeRIQ.exe

C:\Windows\System\wDUUDjH.exe

C:\Windows\System\wDUUDjH.exe

C:\Windows\System\SyvgxKU.exe

C:\Windows\System\SyvgxKU.exe

C:\Windows\System\pvRrifa.exe

C:\Windows\System\pvRrifa.exe

C:\Windows\System\oTUDPUb.exe

C:\Windows\System\oTUDPUb.exe

C:\Windows\System\JtxYvVS.exe

C:\Windows\System\JtxYvVS.exe

C:\Windows\System\DnRdyqO.exe

C:\Windows\System\DnRdyqO.exe

C:\Windows\System\osOBxwo.exe

C:\Windows\System\osOBxwo.exe

C:\Windows\System\fxCEDIt.exe

C:\Windows\System\fxCEDIt.exe

C:\Windows\System\ynSzdar.exe

C:\Windows\System\ynSzdar.exe

C:\Windows\System\HAhdyns.exe

C:\Windows\System\HAhdyns.exe

C:\Windows\System\pIaodkr.exe

C:\Windows\System\pIaodkr.exe

C:\Windows\System\ZmNBDZQ.exe

C:\Windows\System\ZmNBDZQ.exe

C:\Windows\System\RBXQzfW.exe

C:\Windows\System\RBXQzfW.exe

C:\Windows\System\HmPOXZR.exe

C:\Windows\System\HmPOXZR.exe

C:\Windows\System\eHwHAqO.exe

C:\Windows\System\eHwHAqO.exe

C:\Windows\System\AZYlAso.exe

C:\Windows\System\AZYlAso.exe

C:\Windows\System\ptMvFhj.exe

C:\Windows\System\ptMvFhj.exe

C:\Windows\System\qlwATsQ.exe

C:\Windows\System\qlwATsQ.exe

C:\Windows\System\qjwxcwT.exe

C:\Windows\System\qjwxcwT.exe

C:\Windows\System\WcAhicv.exe

C:\Windows\System\WcAhicv.exe

C:\Windows\System\yvGAoJS.exe

C:\Windows\System\yvGAoJS.exe

C:\Windows\System\avuCnCK.exe

C:\Windows\System\avuCnCK.exe

C:\Windows\System\sVXWgyD.exe

C:\Windows\System\sVXWgyD.exe

C:\Windows\System\zTCuOuo.exe

C:\Windows\System\zTCuOuo.exe

C:\Windows\System\fmQVhVU.exe

C:\Windows\System\fmQVhVU.exe

C:\Windows\System\tRIlpcl.exe

C:\Windows\System\tRIlpcl.exe

C:\Windows\System\SaTodHy.exe

C:\Windows\System\SaTodHy.exe

C:\Windows\System\zNgrMsy.exe

C:\Windows\System\zNgrMsy.exe

C:\Windows\System\BIeqXGR.exe

C:\Windows\System\BIeqXGR.exe

C:\Windows\System\xRyQYeF.exe

C:\Windows\System\xRyQYeF.exe

C:\Windows\System\KJBfLCE.exe

C:\Windows\System\KJBfLCE.exe

C:\Windows\System\JczwTDa.exe

C:\Windows\System\JczwTDa.exe

C:\Windows\System\emBmTwS.exe

C:\Windows\System\emBmTwS.exe

C:\Windows\System\oZdoijt.exe

C:\Windows\System\oZdoijt.exe

C:\Windows\System\WKVkMVX.exe

C:\Windows\System\WKVkMVX.exe

C:\Windows\System\bodQbyO.exe

C:\Windows\System\bodQbyO.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2680-0-0x00007FF784C90000-0x00007FF784FE4000-memory.dmp

memory/2680-1-0x0000022D25810000-0x0000022D25820000-memory.dmp

C:\Windows\System\rNkbVML.exe

MD5 4454082392a2d87bf50d8079288ec139
SHA1 51101859f347b3e997002d48bbc8497291d43f4a
SHA256 8f39e4b8d2ef82b9de34a91b663edb735b3d92c4c3fb0d2fe13efbdf20e37dd7
SHA512 0cd258cb8f4253900d33ec8c3576d63913352968dc227540b3024505fa58c120aa84cd12b35f021d5db6d8d79128ce0917fa81bb76af149245f473034a75c202

C:\Windows\System\GssQQWQ.exe

MD5 c149084d0e33b934c9a53c2c5a01763e
SHA1 023528b27422a6aa0934c6416400d876c06894a7
SHA256 39ff260955146a52d1c5bad3d5ba68321d45964c81c8b9bfc6f18a184c0cca3a
SHA512 b3af37953d66b7b1e6e5cd21bd9aa284f01b42191bd3a7453d927f95e5015d9d01568b6465b10bcd5a1ad303a971c1d8073aa433905556c1ae7280b2d58e0d3f

C:\Windows\System\QGtLrNl.exe

MD5 34329ff68c804ff9bec618634ec792ed
SHA1 bbde1de45edd5b7e40286ee3eb0790fb9d4f0e2b
SHA256 e4717c9d7a2d83d58f5275c207420448aad8bb5b8c202b42faca6b0b078035f2
SHA512 cd2b5dcbbe7419e0fda21ba60fb0fd6ae9194dd3f19dd2059db777c36d07c9f5368c3d014e9e85fc8593e2ba56ac630c78918080f7209ee0df79595505c5e027

memory/780-31-0x00007FF788970000-0x00007FF788CC4000-memory.dmp

C:\Windows\System\bOROBUy.exe

MD5 eefef8f4ca1163c36152e0d83544e92a
SHA1 e495d18b48ec39dc7f1a1aefa22ddd0193e8ac97
SHA256 2c89c7b3501e3f4c6146d86900475073648bfeeecf60b792dcc2181dd93a0cf7
SHA512 c2733cf8296052c092f35a607475e2533c28ff82fd55d29b39edbe4c87bd9e6844217a003932a4ed4c1f396b2f42315c8566975a09022107b32f669d07fe673b

C:\Windows\System\HimTFAU.exe

MD5 1857e7226fc8e1863e9e30d95ba96e70
SHA1 c1c9168f409515d20995fe2b92d5dfbd442ac1c3
SHA256 8668680dc952c8b78da458561ee03f728c9107eb8e04ed2c589bf20b4ff15b01
SHA512 0b28da61083c37ac4c6bca173d3ef9dae41c03f990c953db301eec029652a0939d2c2a1f780867019426e221b3662e8de51d9efecbdfc477a4f36a6fe4f44164

C:\Windows\System\sGaYtJD.exe

MD5 7deb5ad4001cb75da86423fe5b2aa56a
SHA1 a81ec15f03096ad106135621c5da93f48031e686
SHA256 04e7a3d765b24ef0fa84741af06b0a9b63955658ef64acfad80f1e088fb2db7e
SHA512 846cfae08a027a82aec0b5093eccee24ffff1450453755e6ed8f7d93540b778e0382b5f2acfcf3ca01826ffeeb58fab77b0d28905a9c6d827e1734727e79124f

C:\Windows\System\wQkRsnn.exe

MD5 562920f9eae9f0f787fad86ff04ceeba
SHA1 cae0b8ca9ffa84c4cca60022828c00e55e1ba8bd
SHA256 975d1ba7f989c14a15c646e9edf275aac7e199e6186497f4c577870ee87bd296
SHA512 4e44d6ad32cf155dfade2ae46bef3c5d30ebfe3652d591b46c548c6939bffc538e8eafa5db937b371381858f5f4d532fc2371761a189454f98bd756f16345048

memory/2280-184-0x00007FF6AD910000-0x00007FF6ADC64000-memory.dmp

memory/4540-202-0x00007FF7A31F0000-0x00007FF7A3544000-memory.dmp

memory/4828-216-0x00007FF7BA460000-0x00007FF7BA7B4000-memory.dmp

memory/2152-227-0x00007FF7767D0000-0x00007FF776B24000-memory.dmp

memory/668-233-0x00007FF6653E0000-0x00007FF665734000-memory.dmp

memory/3748-236-0x00007FF641280000-0x00007FF6415D4000-memory.dmp

memory/1192-235-0x00007FF639220000-0x00007FF639574000-memory.dmp

memory/3312-234-0x00007FF645CA0000-0x00007FF645FF4000-memory.dmp

memory/1700-232-0x00007FF732D80000-0x00007FF7330D4000-memory.dmp

memory/2956-231-0x00007FF6A3620000-0x00007FF6A3974000-memory.dmp

memory/3176-230-0x00007FF667280000-0x00007FF6675D4000-memory.dmp

memory/4748-229-0x00007FF6F2EC0000-0x00007FF6F3214000-memory.dmp

memory/4916-228-0x00007FF6C3F20000-0x00007FF6C4274000-memory.dmp

memory/4888-226-0x00007FF788020000-0x00007FF788374000-memory.dmp

memory/368-225-0x00007FF615FF0000-0x00007FF616344000-memory.dmp

memory/1832-224-0x00007FF677AD0000-0x00007FF677E24000-memory.dmp

memory/5076-223-0x00007FF789D40000-0x00007FF78A094000-memory.dmp

memory/3468-222-0x00007FF7434F0000-0x00007FF743844000-memory.dmp

memory/4596-208-0x00007FF6460D0000-0x00007FF646424000-memory.dmp

memory/1300-207-0x00007FF7A3040000-0x00007FF7A3394000-memory.dmp

C:\Windows\System\grsaIdT.exe

MD5 ca285a4f72ab9f99574a128581fbd4bd
SHA1 b0f340c86d3f15d107de2882260d11f54dca4b4d
SHA256 fa641ec8587046945c1fb06f5ad45f6a2c4944969de963963baef9543068b3b8
SHA512 c27425400b29b20d839f140f332c97242e2f0d888ecf05b60811495a44d880d0178e21fb1b406a4f84bc401ee7a7bef6ed3492ba3924c5c4a3c6a2d8bbabd718

C:\Windows\System\MezixwB.exe

MD5 979345610d02b6c2fa15b8d2457415fd
SHA1 bba6457ec8907bdcf6cc2a131d308d3a32caafea
SHA256 d112a53bae67aa6c43dcfaa957c903a3829ec449e9636f0025f24ef8f04fd7dd
SHA512 3abd1b028bdc2ed0225013a503959cb07fb50b9f6b289bc8bb9e4b38faef11366dbe39139d47c2f6a986c02c5b17f4ed289afa774b85cccaf06ef559985590ab

C:\Windows\System\QAPaqpc.exe

MD5 4838b4a338dc7a7e9a9d24b4a2e1f8eb
SHA1 799f7268fb4b53e9327abe3dc78e180db43209ed
SHA256 2e77968f43c3a3ec424fec6fa43283b97eefc03ec054cb6cbef77f6d92f42b3c
SHA512 26d9932879cb0f7e2603472bf78e41726c55e17ef16c8b3ff709b1a3f2b5e7ffeaeaa95cb98045663bde75e1c1238fb3804ed95c8a66b93884cae8845c1a3621

C:\Windows\System\ukEVDHW.exe

MD5 a66d43791faeb6b0814342cf3ec5c946
SHA1 d4d1b31b41ae4d57558bf1c1f74a00c14b43504a
SHA256 238810eaca911df3a9019fc66a1eaafafec2c80ed62be5abb38291150b7f088e
SHA512 53813f32a8a9a656840db89b6ea2a33164835c47f3edbc2457d04fd7e4e945c578d44e0f39e3da0cb2396ca766ec796d0ccb19fa047e427f1bf8c7b094fa936c

C:\Windows\System\brzzpqi.exe

MD5 c13c67014a2489eb6080f5c3e748ddb2
SHA1 e74434aca8c909a4a965ca4ea7543e0910d3687c
SHA256 32a23488e223603d6423a2ffbd9db0cf809c29dc6c457699019d53c877c3a1e7
SHA512 0938571f58a63abcf7bb8e4d4efd1a921c21a44642dc9e7614eb696ad57e0de92e04f6d7dc8398b843864c36d0f4512b24aa6c28151244a5edc28175bbcd2034

C:\Windows\System\MfkhUJL.exe

MD5 da76262cdaf81760ac034ba7006e7b58
SHA1 35bb986c4bbc6b4a8e034ee74143e6e803c63c2e
SHA256 a4dca174c3744483cb4788e88a7b4647ee2b759841e2e9851970778f35224f40
SHA512 deccb340f2c3cafd634291e193a745564c3ac18bf3efee9a6984469bcf3dd242c8d63f91178a6a3d64f27e6f905f38851a996e317db916de4c718422ecc8c61c

C:\Windows\System\uYLTzLd.exe

MD5 949498d86e928ef80086ba1ab696e74f
SHA1 81adb119aff35531c9083acc5208d85192f1b66c
SHA256 ea38a23089fa7cd9e5d535429d2b54e0793a52ece9c344887793a602493076fa
SHA512 e43bd746d60f455a01ca2c2f507766c7cc1d366b210538e349858f5864f1f259c7b50c8455ba9fa09f30fd5d4a57d1b2fe97ea28a7cdd81af4448d02b4814482

C:\Windows\System\GQinjWB.exe

MD5 1735825f4be9da331c702199b185a1bc
SHA1 409923e0c33b5629a99fdd528abb8f95b2c7016f
SHA256 6b88d997f1621c0753ced56695e1a3294b7e7e98a87526a21ae8743f9220178d
SHA512 a8a037b2a4969dcffaf1d4262286c842bd84d56f3f941e6da0c8af797c712daf2b971d6fbf1ecff9abc3db5d637ea4293c16ec2c640ff3ad8d54499e2d31e9a1

C:\Windows\System\UGSNDgu.exe

MD5 83f28d05b6c33821fd49dae061062e3b
SHA1 62c6645db27ea0db05645a3a9e93e3e21db8e97c
SHA256 d99431b0e30dc978505097ab371bf3ca22d6fde1059b49deb2ebbf5a5be74968
SHA512 89cb149be135e69f5f032a994d2f0cdb73ed62a250fb2a72e2811ca7e943a4fdda060a2bd407090276d14850f541c23c2b12bff68d5f810bb61cb03ac4621168

C:\Windows\System\YopdMgn.exe

MD5 abd06728ade26cd46b6a0ebd2c49d0a3
SHA1 f1aa2e6cfee677a1d6a33982bcfe28d7d66f08ac
SHA256 eaa4fcc82d90fe5c077a72781a6584983f6911bdd6acb08d0f75356cf59d2292
SHA512 41d271a63e2935b2f1cf9d28743eea7307ea793c9190f5cf4e89d50f93a601733c746991261ce5bdda5fab0761f694f10093afce03de0bdb2b393238cc4de2d2

memory/3372-155-0x00007FF644700000-0x00007FF644A54000-memory.dmp

memory/3848-150-0x00007FF699960000-0x00007FF699CB4000-memory.dmp

C:\Windows\System\sZStEJF.exe

MD5 378f1caa5613f9199cb2fa8a7a71c7a2
SHA1 944b9a03695824eba8bd98df32ede4cea31dfae5
SHA256 f28c3bb326d06df6be40a3b1bf62c9bcee0d14ccfc88ff2b84f0682ed1c9da78
SHA512 ecb89b96520c5e06f929852bbcdff3d302359bd514dcfc7d37eda2c289ba273cad3355ee86fe5bc04765c444af6259a8844123c8acbf5269ee6020e2dfa9cd1a

C:\Windows\System\yIBcpiO.exe

MD5 94331fa75da27a36b95010de2b86c748
SHA1 89018496d8393fa6cf85fcc3f32f9b5b0a67d1fa
SHA256 247a9e6a4498b27d7939f850261c75e34638a24fc3d7b7aaf3a7e719e288458d
SHA512 9d97fb96a46166fc883709d5fe281dd128bfc9c785436d0d41745f3b3c83d8efada9f94fbf37c2f36ea098d27c51b46035cfa6ac3597253f68b02cd9691b6a87

C:\Windows\System\FaecJbA.exe

MD5 eebf976e99f6c3ba07febadabae38821
SHA1 bae8d485a331e6913d4266d53a01954ab291ceca
SHA256 7166bdc6a27c423077b18003cc302fdaeb6458060c03588418243d986adc68b5
SHA512 48c79f713ddaa7d8970fce87d31815dbe14fb97108350569a99ca20eb0e6eb614595d1bfc8c2a44c779f0c0dc70e3f6f56488879f73082185d1463c44b72a4be

C:\Windows\System\OYgyAhb.exe

MD5 86a17b0341d7222cb5664bcc3d4c9a11
SHA1 da737825af63d93c1da2269b02000bf0e68dd740
SHA256 95b0193eacc603e78e31bfdbbf969bdc559b5dcefd0fbd7a7f7bdf21c47780f4
SHA512 9341bcaf9aba215b1eea76126bd3d37adbe7279eb42f38b950a23fdcd9db76079e1f1fdd47672d3a9599b8e0064a3bac2038849da4c5ee87c22f4652a8bd9cee

C:\Windows\System\PaRcojE.exe

MD5 5ec3039e1889f65b6066c91622e32a22
SHA1 76b39f465f84ba5754a637504d1a0e12cd97e003
SHA256 24bf6b8a6957ea50ed48d240ac92052e57b367ad4b156410dbd5c0d841d66191
SHA512 be068181ac327ded233094430ca8289a53d861f502e879ebb8b08697120c4e89a75960bc09bbcc3f31e8ffd611179d4820c458bff707fe1fb71c8b60106b4281

C:\Windows\System\pBvwkBa.exe

MD5 4b24c3726a5e8f61b0857d20b0305aef
SHA1 73887e18cf0c92723edffd6681543d0022a7d6d6
SHA256 c3d87707af164ea29a6898014f01dedbd6a61b2be4a15f1567914b4574dceefc
SHA512 8dab87ab4f1be6ae5b5ae843b2b9b265423d26df113d71f00c85d5902642f71b1aa6e84eae4187acad4b41a0071cbdd704eaaa4fdea112f3e7460468c88823a3

C:\Windows\System\IiCMnbW.exe

MD5 34cbf4cf05cceee5052a25aba4ad2f8d
SHA1 2e836f1f5465bf9d7bfb0f3c8fc501279947c942
SHA256 a0c6007431692205b77374324afe317f7112b898fa154f82f84ca303df0b780f
SHA512 97675903d9ee1817254f3f45344cb9b01716f60cb2e29019c311b0b54f02f9a283fe753529336bd2b615c4c1a727226100ffd88a54c60c8db920b0546cfcd174

memory/4136-127-0x00007FF619DD0000-0x00007FF61A124000-memory.dmp

C:\Windows\System\tuStQiR.exe

MD5 de5d02345c5e387f4328fef17c65037d
SHA1 d1a601709016306a9695f425ffd18dead54c504d
SHA256 c1efb3521fde24c03c94015fb52e8482f17a78a6bd2e6f902e905a8a59ced7a6
SHA512 8d16c28b42379c78f289dd3f4b9328f58dc7f6fb22b1e7644909b9e5082f22916a5336edd478c209f639d2a2ceb2d2621ceda16427efe58db9d06e7be6debd0c

C:\Windows\System\loMJWRw.exe

MD5 cbe2eb6050b2ce1a78ef4c4c47b617fe
SHA1 b82d9c7704b33df2a30d13be065853dc148ba916
SHA256 52f36374f10935b7d74b3662ffa5a2730dc18e72c33b46f1b4a2ad996bb13fd5
SHA512 f947253fd7c48728b8dd666bc5c19a9bb8f8f486efab27627117db16de421392a99a41009032547641338922f9d32f1e4b18ba0232c0fa823b55a4defca9397c

memory/3356-109-0x00007FF790D80000-0x00007FF7910D4000-memory.dmp

C:\Windows\System\xytXado.exe

MD5 0ec95b9a9a27e8604607cce85c41b366
SHA1 6ddd129d2325297a917e8a8764ed55175e634ad9
SHA256 2e631380d0b4b9dd9a99056da2acbc8ddc35fbce050aa4cfca02329b5f5eb96e
SHA512 9dfee27dce8df3f7012511023e1e079712041cfa9ed10f886f887e7aa0614169407c3b2037a72584f971e4b3f03fcabe06d6820fd0a8c6aeea39079f0e21ba43

C:\Windows\System\ZThZRqq.exe

MD5 983a61a2005ece74cf23ef1f60a0c8d5
SHA1 d88fe615889b8fefa7a4045608190be039d0c84d
SHA256 392f5cabfb25de8a7496f0f1358e4f829ad6915ff937442762e4f7ea5a674522
SHA512 dfbf4ace3e1d65c34235f9364dbaf35ea55774c88be0910525103a1b1c3658c59416f71f96f86c0d0a2b6e387a2a0610f6a264e2f613830637cefebc50e58daf

C:\Windows\System\Qbrbcyb.exe

MD5 b7dbe2abb8f8fe6ef1633435266d2e13
SHA1 bef9f6ba49971f8c063ff2462497c71c3a7104fe
SHA256 4877286134b36b33848e20cfc8449e270b8adaf285ed174ac36f0963bd1ebfef
SHA512 00583cb0016d9d91773b6758b50e83b36c68e430edb208af9a65e84ff94b0c9ae7d468e0a3afbb4665ba1c264ad15bb61d0f3b349766ffdd130947899ef2009c

C:\Windows\System\ZxRAUkn.exe

MD5 f12ff693cf19bd75a6d00be687b60631
SHA1 c6be4945095c0d6b6bf06365e21de21ba16651fc
SHA256 4163bd84bab757785d3d1235739cb03819d09845183f5aff59ca312de567e509
SHA512 28a4ad02cba699032d2abccb09d392b4c15e9ae78e098782f83b6d4fa4578eb9133e86617c9b1e7ae8f95a9de7206156e7ff12a81120dac4f63aee00636b89ca

C:\Windows\System\gWXbYBo.exe

MD5 31e8304f42978a7291466fdd2e22248a
SHA1 620b2f8202f74127849c417b3d88370e99b990d9
SHA256 c46a7b65a1d3e9e2746b85cba25591af3741166b92787dccdca00ba0dea44b6b
SHA512 f08afd7440e2f644f281db9c4b6841dab45871d82411b1f290aa5606d649e3eac6421ed042215b7e9ced73889473bf64f635b32c9abea6a090899b15030b40bf

C:\Windows\System\myiZPfy.exe

MD5 ddf1d4d5354121634811ff14010aef54
SHA1 b3738bf9c690ed040c9c80f84c0bc1df4e77317e
SHA256 1ec9d92e7af2872ecb21f8038e40611e6e4a2aa3e115aa9287a0c1e09ed0b670
SHA512 a26475447290811c922395623648ef7e741c8ca085536371c5725a472a4f056fbef90ffa0e1467c6a29bc4880845f93f94ee8570d48fbda8fbf06adb2f54974e

memory/3180-74-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

C:\Windows\System\OITgEhL.exe

MD5 1d82451539c7c30fef868acb6f9db66b
SHA1 811981db1c81f3d2c26e8fe81d62744668f1351f
SHA256 903a8989d3b4104d1e4680574698b2e1106d055a98be7ec2ebc332607125cb15
SHA512 08464f41cacd536c1f8e0b6152dd6fbaa8ce5fb88dd2c8dd29012c6a512902c9b9c861a9d54c4936f95b3f216c2014042d25bdf53b802faa7bd460255d27db1d

C:\Windows\System\WmGygxB.exe

MD5 ba4a0b7d2cc410406a8dd364a118d69f
SHA1 eb64d6f01292fba815384b7822f90022e6fe7186
SHA256 5250df9c2330c09e0b52ea8c37b0fa12f79fb613e68752a182646d75891689ab
SHA512 65a02fb32897faef3aacda2c86a056a5a55c83c6d05c744695d543d6409fd605be70fc6eecbe181a7d9d21738b7d551e21cb1b16f9510b24128a949f60482164

memory/1672-57-0x00007FF7220C0000-0x00007FF722414000-memory.dmp

memory/3032-47-0x00007FF6A2AB0000-0x00007FF6A2E04000-memory.dmp

C:\Windows\System\IzRFQrJ.exe

MD5 9c927b3f242910a283eeedab0cf3f3c8
SHA1 4d117b8870e2977be847512b02833999b1054436
SHA256 34eecb11647908b095cabb72041a6c9780470cae7cd7ea98d9dcb9b0ffe5fee2
SHA512 cd14055aec6b40032cbfb05754178fa300b1e7a0c06c57f65598f08a15ec8f9b599a89ccc731964132d375497a9269470755796020719e191028d0c3b81579c8

C:\Windows\System\iiWtCrS.exe

MD5 724395a537abc07ab9d61365edc5bc3f
SHA1 dc6fa1b78c4ca6ffa7d286751b389fa452d2640c
SHA256 80c6a4e213039ec2994fac35ec2c54a6636fd6dce5ce28518d806e88ca7e4341
SHA512 4bf1833a0ab765d501c95c1d2aeab5301f98651fa2feb429ca3e5fcfc7e6b9ddd92e71f0ff1aa34bf9a064d6c71a7367a4538aaee5f9c4a04fe63d85df454efe

memory/4816-17-0x00007FF69DE40000-0x00007FF69E194000-memory.dmp

memory/2680-1070-0x00007FF784C90000-0x00007FF784FE4000-memory.dmp

memory/780-1071-0x00007FF788970000-0x00007FF788CC4000-memory.dmp

memory/3180-1073-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

memory/3032-1072-0x00007FF6A2AB0000-0x00007FF6A2E04000-memory.dmp

memory/1672-1074-0x00007FF7220C0000-0x00007FF722414000-memory.dmp

memory/4816-1075-0x00007FF69DE40000-0x00007FF69E194000-memory.dmp

memory/3176-1076-0x00007FF667280000-0x00007FF6675D4000-memory.dmp

memory/780-1077-0x00007FF788970000-0x00007FF788CC4000-memory.dmp

memory/3032-1078-0x00007FF6A2AB0000-0x00007FF6A2E04000-memory.dmp

memory/2956-1079-0x00007FF6A3620000-0x00007FF6A3974000-memory.dmp

memory/1672-1083-0x00007FF7220C0000-0x00007FF722414000-memory.dmp

memory/1700-1082-0x00007FF732D80000-0x00007FF7330D4000-memory.dmp

memory/3356-1084-0x00007FF790D80000-0x00007FF7910D4000-memory.dmp

memory/1300-1087-0x00007FF7A3040000-0x00007FF7A3394000-memory.dmp

memory/2280-1089-0x00007FF6AD910000-0x00007FF6ADC64000-memory.dmp

memory/3848-1088-0x00007FF699960000-0x00007FF699CB4000-memory.dmp

memory/3372-1086-0x00007FF644700000-0x00007FF644A54000-memory.dmp

memory/5076-1085-0x00007FF789D40000-0x00007FF78A094000-memory.dmp

memory/3180-1081-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

memory/4136-1080-0x00007FF619DD0000-0x00007FF61A124000-memory.dmp

memory/4540-1099-0x00007FF7A31F0000-0x00007FF7A3544000-memory.dmp

memory/668-1103-0x00007FF6653E0000-0x00007FF665734000-memory.dmp

memory/1192-1102-0x00007FF639220000-0x00007FF639574000-memory.dmp

memory/4748-1101-0x00007FF6F2EC0000-0x00007FF6F3214000-memory.dmp

memory/3312-1100-0x00007FF645CA0000-0x00007FF645FF4000-memory.dmp

memory/368-1097-0x00007FF615FF0000-0x00007FF616344000-memory.dmp

memory/3468-1096-0x00007FF7434F0000-0x00007FF743844000-memory.dmp

memory/4828-1095-0x00007FF7BA460000-0x00007FF7BA7B4000-memory.dmp

memory/4888-1094-0x00007FF788020000-0x00007FF788374000-memory.dmp

memory/3748-1093-0x00007FF641280000-0x00007FF6415D4000-memory.dmp

memory/1832-1092-0x00007FF677AD0000-0x00007FF677E24000-memory.dmp

memory/2152-1091-0x00007FF7767D0000-0x00007FF776B24000-memory.dmp

memory/4596-1098-0x00007FF6460D0000-0x00007FF646424000-memory.dmp

memory/4916-1090-0x00007FF6C3F20000-0x00007FF6C4274000-memory.dmp