Malware Analysis Report

2024-10-10 09:32

Sample ID 240627-jxryaazena
Target 68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe
SHA256 68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1

Threat Level: Known bad

The file 68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

xmrig

KPOT

XMRig Miner payload

Kpot family

Xmrig family

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 08:03

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 08:03

Reported

2024-06-27 08:05

Platform

win7-20240419-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OirHZQl.exe N/A
N/A N/A C:\Windows\System\orkdaNz.exe N/A
N/A N/A C:\Windows\System\ijpLTtU.exe N/A
N/A N/A C:\Windows\System\qkHtTqI.exe N/A
N/A N/A C:\Windows\System\QmxgkQi.exe N/A
N/A N/A C:\Windows\System\dYypvnq.exe N/A
N/A N/A C:\Windows\System\imPEzQx.exe N/A
N/A N/A C:\Windows\System\jpORJfe.exe N/A
N/A N/A C:\Windows\System\mSTUiDE.exe N/A
N/A N/A C:\Windows\System\pPIoWXi.exe N/A
N/A N/A C:\Windows\System\cuakOmA.exe N/A
N/A N/A C:\Windows\System\CUauLeU.exe N/A
N/A N/A C:\Windows\System\XssdxLI.exe N/A
N/A N/A C:\Windows\System\lSKCuzk.exe N/A
N/A N/A C:\Windows\System\GByAoIh.exe N/A
N/A N/A C:\Windows\System\yThzxRm.exe N/A
N/A N/A C:\Windows\System\qABxuKy.exe N/A
N/A N/A C:\Windows\System\UOJThmI.exe N/A
N/A N/A C:\Windows\System\cAJlJCX.exe N/A
N/A N/A C:\Windows\System\WnlwAmw.exe N/A
N/A N/A C:\Windows\System\MacHSjc.exe N/A
N/A N/A C:\Windows\System\jXzCiha.exe N/A
N/A N/A C:\Windows\System\oPHgHsi.exe N/A
N/A N/A C:\Windows\System\CNIrqbS.exe N/A
N/A N/A C:\Windows\System\zPzBwAY.exe N/A
N/A N/A C:\Windows\System\sEggrjD.exe N/A
N/A N/A C:\Windows\System\KaSqKCk.exe N/A
N/A N/A C:\Windows\System\Fqqzwyb.exe N/A
N/A N/A C:\Windows\System\omEchon.exe N/A
N/A N/A C:\Windows\System\byRkYVq.exe N/A
N/A N/A C:\Windows\System\RgcRcNR.exe N/A
N/A N/A C:\Windows\System\NjrlRfI.exe N/A
N/A N/A C:\Windows\System\qsyKlOI.exe N/A
N/A N/A C:\Windows\System\MMYloOp.exe N/A
N/A N/A C:\Windows\System\klekAuv.exe N/A
N/A N/A C:\Windows\System\LnGVbYf.exe N/A
N/A N/A C:\Windows\System\MUQcIsG.exe N/A
N/A N/A C:\Windows\System\zYuvpzu.exe N/A
N/A N/A C:\Windows\System\LxESlfK.exe N/A
N/A N/A C:\Windows\System\sWnccEM.exe N/A
N/A N/A C:\Windows\System\UZYEZJT.exe N/A
N/A N/A C:\Windows\System\xVfKOzh.exe N/A
N/A N/A C:\Windows\System\otekloZ.exe N/A
N/A N/A C:\Windows\System\ClQeKCJ.exe N/A
N/A N/A C:\Windows\System\IsZfVVY.exe N/A
N/A N/A C:\Windows\System\BdrvUya.exe N/A
N/A N/A C:\Windows\System\dHQhHCr.exe N/A
N/A N/A C:\Windows\System\WvBbpuM.exe N/A
N/A N/A C:\Windows\System\oGZsVlV.exe N/A
N/A N/A C:\Windows\System\kgsQhVe.exe N/A
N/A N/A C:\Windows\System\iuaVUIB.exe N/A
N/A N/A C:\Windows\System\YPcLsFQ.exe N/A
N/A N/A C:\Windows\System\AIZQnGF.exe N/A
N/A N/A C:\Windows\System\UEYpgMz.exe N/A
N/A N/A C:\Windows\System\mbfLdau.exe N/A
N/A N/A C:\Windows\System\VzqHdvm.exe N/A
N/A N/A C:\Windows\System\NaLtnzN.exe N/A
N/A N/A C:\Windows\System\TxLXvxM.exe N/A
N/A N/A C:\Windows\System\UNagxRz.exe N/A
N/A N/A C:\Windows\System\ojwJpSu.exe N/A
N/A N/A C:\Windows\System\PrARXZA.exe N/A
N/A N/A C:\Windows\System\XgpHdnf.exe N/A
N/A N/A C:\Windows\System\PXLjMIR.exe N/A
N/A N/A C:\Windows\System\bNbzpSc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\yThzxRm.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEggrjD.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZhkjeU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSOBuCN.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMhwVlG.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPhBpnH.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEXAKQq.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qABxuKy.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RZLJEAU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNagxRz.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMToPek.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\eaYpYtG.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWOzETm.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEwqRUL.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWnccEM.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNbzpSc.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\Lnkctsm.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtPDxqp.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqJoyZZ.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmZGbdw.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGZsVlV.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxsQRZl.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\HyjQcKb.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHrWAYQ.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvOtZLc.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lSKCuzk.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGPNdlM.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGiZMqu.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXeRvbQ.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\znjcujg.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSnrhJp.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSTUiDE.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ypMolyl.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\mXqCiJf.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\Azhylnz.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxwvOla.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\uaSGCAf.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\efNhnao.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRpefMe.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnGVbYf.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\MoWYnfR.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFIXCqD.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNMvulP.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\USVTizF.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfvCVCN.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\AlQdFyk.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSdQOnj.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\kXqfaoW.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WvBbpuM.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkaloRk.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqJmWVn.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zCEKiyx.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbrBrCu.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqTZLvR.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\sbbRwSn.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zYuvpzu.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdrvUya.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\vpxeePL.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOoaBMT.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\xOsXZpU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gksbIsz.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qkHtTqI.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdtYUJC.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gRMZGiH.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\OirHZQl.exe
PID 1704 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\OirHZQl.exe
PID 1704 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\OirHZQl.exe
PID 1704 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qkHtTqI.exe
PID 1704 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qkHtTqI.exe
PID 1704 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qkHtTqI.exe
PID 1704 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\orkdaNz.exe
PID 1704 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\orkdaNz.exe
PID 1704 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\orkdaNz.exe
PID 1704 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\QmxgkQi.exe
PID 1704 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\QmxgkQi.exe
PID 1704 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\QmxgkQi.exe
PID 1704 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ijpLTtU.exe
PID 1704 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ijpLTtU.exe
PID 1704 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ijpLTtU.exe
PID 1704 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\dYypvnq.exe
PID 1704 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\dYypvnq.exe
PID 1704 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\dYypvnq.exe
PID 1704 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\pPIoWXi.exe
PID 1704 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\pPIoWXi.exe
PID 1704 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\pPIoWXi.exe
PID 1704 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\imPEzQx.exe
PID 1704 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\imPEzQx.exe
PID 1704 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\imPEzQx.exe
PID 1704 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cuakOmA.exe
PID 1704 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cuakOmA.exe
PID 1704 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cuakOmA.exe
PID 1704 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jpORJfe.exe
PID 1704 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jpORJfe.exe
PID 1704 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jpORJfe.exe
PID 1704 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\XssdxLI.exe
PID 1704 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\XssdxLI.exe
PID 1704 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\XssdxLI.exe
PID 1704 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mSTUiDE.exe
PID 1704 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mSTUiDE.exe
PID 1704 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mSTUiDE.exe
PID 1704 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\lSKCuzk.exe
PID 1704 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\lSKCuzk.exe
PID 1704 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\lSKCuzk.exe
PID 1704 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\CUauLeU.exe
PID 1704 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\CUauLeU.exe
PID 1704 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\CUauLeU.exe
PID 1704 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\GByAoIh.exe
PID 1704 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\GByAoIh.exe
PID 1704 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\GByAoIh.exe
PID 1704 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qABxuKy.exe
PID 1704 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qABxuKy.exe
PID 1704 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\qABxuKy.exe
PID 1704 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\yThzxRm.exe
PID 1704 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\yThzxRm.exe
PID 1704 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\yThzxRm.exe
PID 1704 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\UOJThmI.exe
PID 1704 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\UOJThmI.exe
PID 1704 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\UOJThmI.exe
PID 1704 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cAJlJCX.exe
PID 1704 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cAJlJCX.exe
PID 1704 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\cAJlJCX.exe
PID 1704 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\WnlwAmw.exe
PID 1704 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\WnlwAmw.exe
PID 1704 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\WnlwAmw.exe
PID 1704 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\MacHSjc.exe
PID 1704 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\MacHSjc.exe
PID 1704 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\MacHSjc.exe
PID 1704 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jXzCiha.exe

Processes

C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe"

C:\Windows\System\OirHZQl.exe

C:\Windows\System\OirHZQl.exe

C:\Windows\System\qkHtTqI.exe

C:\Windows\System\qkHtTqI.exe

C:\Windows\System\orkdaNz.exe

C:\Windows\System\orkdaNz.exe

C:\Windows\System\QmxgkQi.exe

C:\Windows\System\QmxgkQi.exe

C:\Windows\System\ijpLTtU.exe

C:\Windows\System\ijpLTtU.exe

C:\Windows\System\dYypvnq.exe

C:\Windows\System\dYypvnq.exe

C:\Windows\System\pPIoWXi.exe

C:\Windows\System\pPIoWXi.exe

C:\Windows\System\imPEzQx.exe

C:\Windows\System\imPEzQx.exe

C:\Windows\System\cuakOmA.exe

C:\Windows\System\cuakOmA.exe

C:\Windows\System\jpORJfe.exe

C:\Windows\System\jpORJfe.exe

C:\Windows\System\XssdxLI.exe

C:\Windows\System\XssdxLI.exe

C:\Windows\System\mSTUiDE.exe

C:\Windows\System\mSTUiDE.exe

C:\Windows\System\lSKCuzk.exe

C:\Windows\System\lSKCuzk.exe

C:\Windows\System\CUauLeU.exe

C:\Windows\System\CUauLeU.exe

C:\Windows\System\GByAoIh.exe

C:\Windows\System\GByAoIh.exe

C:\Windows\System\qABxuKy.exe

C:\Windows\System\qABxuKy.exe

C:\Windows\System\yThzxRm.exe

C:\Windows\System\yThzxRm.exe

C:\Windows\System\UOJThmI.exe

C:\Windows\System\UOJThmI.exe

C:\Windows\System\cAJlJCX.exe

C:\Windows\System\cAJlJCX.exe

C:\Windows\System\WnlwAmw.exe

C:\Windows\System\WnlwAmw.exe

C:\Windows\System\MacHSjc.exe

C:\Windows\System\MacHSjc.exe

C:\Windows\System\jXzCiha.exe

C:\Windows\System\jXzCiha.exe

C:\Windows\System\oPHgHsi.exe

C:\Windows\System\oPHgHsi.exe

C:\Windows\System\CNIrqbS.exe

C:\Windows\System\CNIrqbS.exe

C:\Windows\System\zPzBwAY.exe

C:\Windows\System\zPzBwAY.exe

C:\Windows\System\sEggrjD.exe

C:\Windows\System\sEggrjD.exe

C:\Windows\System\KaSqKCk.exe

C:\Windows\System\KaSqKCk.exe

C:\Windows\System\Fqqzwyb.exe

C:\Windows\System\Fqqzwyb.exe

C:\Windows\System\omEchon.exe

C:\Windows\System\omEchon.exe

C:\Windows\System\byRkYVq.exe

C:\Windows\System\byRkYVq.exe

C:\Windows\System\RgcRcNR.exe

C:\Windows\System\RgcRcNR.exe

C:\Windows\System\NjrlRfI.exe

C:\Windows\System\NjrlRfI.exe

C:\Windows\System\qsyKlOI.exe

C:\Windows\System\qsyKlOI.exe

C:\Windows\System\MMYloOp.exe

C:\Windows\System\MMYloOp.exe

C:\Windows\System\klekAuv.exe

C:\Windows\System\klekAuv.exe

C:\Windows\System\LnGVbYf.exe

C:\Windows\System\LnGVbYf.exe

C:\Windows\System\MUQcIsG.exe

C:\Windows\System\MUQcIsG.exe

C:\Windows\System\zYuvpzu.exe

C:\Windows\System\zYuvpzu.exe

C:\Windows\System\LxESlfK.exe

C:\Windows\System\LxESlfK.exe

C:\Windows\System\sWnccEM.exe

C:\Windows\System\sWnccEM.exe

C:\Windows\System\UZYEZJT.exe

C:\Windows\System\UZYEZJT.exe

C:\Windows\System\xVfKOzh.exe

C:\Windows\System\xVfKOzh.exe

C:\Windows\System\otekloZ.exe

C:\Windows\System\otekloZ.exe

C:\Windows\System\ClQeKCJ.exe

C:\Windows\System\ClQeKCJ.exe

C:\Windows\System\IsZfVVY.exe

C:\Windows\System\IsZfVVY.exe

C:\Windows\System\BdrvUya.exe

C:\Windows\System\BdrvUya.exe

C:\Windows\System\dHQhHCr.exe

C:\Windows\System\dHQhHCr.exe

C:\Windows\System\WvBbpuM.exe

C:\Windows\System\WvBbpuM.exe

C:\Windows\System\oGZsVlV.exe

C:\Windows\System\oGZsVlV.exe

C:\Windows\System\kgsQhVe.exe

C:\Windows\System\kgsQhVe.exe

C:\Windows\System\iuaVUIB.exe

C:\Windows\System\iuaVUIB.exe

C:\Windows\System\YPcLsFQ.exe

C:\Windows\System\YPcLsFQ.exe

C:\Windows\System\AIZQnGF.exe

C:\Windows\System\AIZQnGF.exe

C:\Windows\System\UEYpgMz.exe

C:\Windows\System\UEYpgMz.exe

C:\Windows\System\mbfLdau.exe

C:\Windows\System\mbfLdau.exe

C:\Windows\System\VzqHdvm.exe

C:\Windows\System\VzqHdvm.exe

C:\Windows\System\NaLtnzN.exe

C:\Windows\System\NaLtnzN.exe

C:\Windows\System\TxLXvxM.exe

C:\Windows\System\TxLXvxM.exe

C:\Windows\System\UNagxRz.exe

C:\Windows\System\UNagxRz.exe

C:\Windows\System\ojwJpSu.exe

C:\Windows\System\ojwJpSu.exe

C:\Windows\System\PrARXZA.exe

C:\Windows\System\PrARXZA.exe

C:\Windows\System\XgpHdnf.exe

C:\Windows\System\XgpHdnf.exe

C:\Windows\System\PXLjMIR.exe

C:\Windows\System\PXLjMIR.exe

C:\Windows\System\bNbzpSc.exe

C:\Windows\System\bNbzpSc.exe

C:\Windows\System\PKIRjKW.exe

C:\Windows\System\PKIRjKW.exe

C:\Windows\System\tdtYUJC.exe

C:\Windows\System\tdtYUJC.exe

C:\Windows\System\PuMcpDH.exe

C:\Windows\System\PuMcpDH.exe

C:\Windows\System\HsWpMeJ.exe

C:\Windows\System\HsWpMeJ.exe

C:\Windows\System\vpxeePL.exe

C:\Windows\System\vpxeePL.exe

C:\Windows\System\QIlkYBt.exe

C:\Windows\System\QIlkYBt.exe

C:\Windows\System\uamShvG.exe

C:\Windows\System\uamShvG.exe

C:\Windows\System\ypMolyl.exe

C:\Windows\System\ypMolyl.exe

C:\Windows\System\qZrkqFi.exe

C:\Windows\System\qZrkqFi.exe

C:\Windows\System\RHJtzlR.exe

C:\Windows\System\RHJtzlR.exe

C:\Windows\System\uQzAjoK.exe

C:\Windows\System\uQzAjoK.exe

C:\Windows\System\HNPCieJ.exe

C:\Windows\System\HNPCieJ.exe

C:\Windows\System\dMToPek.exe

C:\Windows\System\dMToPek.exe

C:\Windows\System\oOoaBMT.exe

C:\Windows\System\oOoaBMT.exe

C:\Windows\System\FiqOHzM.exe

C:\Windows\System\FiqOHzM.exe

C:\Windows\System\slKcckL.exe

C:\Windows\System\slKcckL.exe

C:\Windows\System\mXqCiJf.exe

C:\Windows\System\mXqCiJf.exe

C:\Windows\System\vNINCLb.exe

C:\Windows\System\vNINCLb.exe

C:\Windows\System\YMEkSzl.exe

C:\Windows\System\YMEkSzl.exe

C:\Windows\System\ikwLZVu.exe

C:\Windows\System\ikwLZVu.exe

C:\Windows\System\HyjQcKb.exe

C:\Windows\System\HyjQcKb.exe

C:\Windows\System\sieJOqy.exe

C:\Windows\System\sieJOqy.exe

C:\Windows\System\gDmfyfn.exe

C:\Windows\System\gDmfyfn.exe

C:\Windows\System\WOOujuL.exe

C:\Windows\System\WOOujuL.exe

C:\Windows\System\YLJLIzk.exe

C:\Windows\System\YLJLIzk.exe

C:\Windows\System\CiFsFLI.exe

C:\Windows\System\CiFsFLI.exe

C:\Windows\System\devssEr.exe

C:\Windows\System\devssEr.exe

C:\Windows\System\hJeeYYm.exe

C:\Windows\System\hJeeYYm.exe

C:\Windows\System\iPphxEM.exe

C:\Windows\System\iPphxEM.exe

C:\Windows\System\gRMZGiH.exe

C:\Windows\System\gRMZGiH.exe

C:\Windows\System\eZhkjeU.exe

C:\Windows\System\eZhkjeU.exe

C:\Windows\System\yeMmCYk.exe

C:\Windows\System\yeMmCYk.exe

C:\Windows\System\zqpcgnT.exe

C:\Windows\System\zqpcgnT.exe

C:\Windows\System\Qcagbdz.exe

C:\Windows\System\Qcagbdz.exe

C:\Windows\System\zEeahYm.exe

C:\Windows\System\zEeahYm.exe

C:\Windows\System\lglUkFt.exe

C:\Windows\System\lglUkFt.exe

C:\Windows\System\vXIAGNS.exe

C:\Windows\System\vXIAGNS.exe

C:\Windows\System\xGPNdlM.exe

C:\Windows\System\xGPNdlM.exe

C:\Windows\System\ZwexifD.exe

C:\Windows\System\ZwexifD.exe

C:\Windows\System\skDDHCc.exe

C:\Windows\System\skDDHCc.exe

C:\Windows\System\PRxVzgx.exe

C:\Windows\System\PRxVzgx.exe

C:\Windows\System\toIzYbq.exe

C:\Windows\System\toIzYbq.exe

C:\Windows\System\hSOBuCN.exe

C:\Windows\System\hSOBuCN.exe

C:\Windows\System\sbbRwSn.exe

C:\Windows\System\sbbRwSn.exe

C:\Windows\System\stwQjIw.exe

C:\Windows\System\stwQjIw.exe

C:\Windows\System\RMhwVlG.exe

C:\Windows\System\RMhwVlG.exe

C:\Windows\System\TeySLrd.exe

C:\Windows\System\TeySLrd.exe

C:\Windows\System\GFIXCqD.exe

C:\Windows\System\GFIXCqD.exe

C:\Windows\System\IwPubga.exe

C:\Windows\System\IwPubga.exe

C:\Windows\System\zGiZMqu.exe

C:\Windows\System\zGiZMqu.exe

C:\Windows\System\qNMvulP.exe

C:\Windows\System\qNMvulP.exe

C:\Windows\System\rmFEmHk.exe

C:\Windows\System\rmFEmHk.exe

C:\Windows\System\NltCtDp.exe

C:\Windows\System\NltCtDp.exe

C:\Windows\System\IeZygHq.exe

C:\Windows\System\IeZygHq.exe

C:\Windows\System\oXdMKOQ.exe

C:\Windows\System\oXdMKOQ.exe

C:\Windows\System\pDeKIeP.exe

C:\Windows\System\pDeKIeP.exe

C:\Windows\System\USVTizF.exe

C:\Windows\System\USVTizF.exe

C:\Windows\System\vPhBpnH.exe

C:\Windows\System\vPhBpnH.exe

C:\Windows\System\lFwwyRh.exe

C:\Windows\System\lFwwyRh.exe

C:\Windows\System\BCEwLBi.exe

C:\Windows\System\BCEwLBi.exe

C:\Windows\System\eaYpYtG.exe

C:\Windows\System\eaYpYtG.exe

C:\Windows\System\ugVJxWp.exe

C:\Windows\System\ugVJxWp.exe

C:\Windows\System\fWiMvRy.exe

C:\Windows\System\fWiMvRy.exe

C:\Windows\System\dokdNuH.exe

C:\Windows\System\dokdNuH.exe

C:\Windows\System\YdIBmmY.exe

C:\Windows\System\YdIBmmY.exe

C:\Windows\System\hsyCodQ.exe

C:\Windows\System\hsyCodQ.exe

C:\Windows\System\KbrBrCu.exe

C:\Windows\System\KbrBrCu.exe

C:\Windows\System\NfvCVCN.exe

C:\Windows\System\NfvCVCN.exe

C:\Windows\System\keefcel.exe

C:\Windows\System\keefcel.exe

C:\Windows\System\hnsYhlK.exe

C:\Windows\System\hnsYhlK.exe

C:\Windows\System\phUCBYH.exe

C:\Windows\System\phUCBYH.exe

C:\Windows\System\zGrzert.exe

C:\Windows\System\zGrzert.exe

C:\Windows\System\eEcmkCN.exe

C:\Windows\System\eEcmkCN.exe

C:\Windows\System\wLTsAbE.exe

C:\Windows\System\wLTsAbE.exe

C:\Windows\System\uBUuDwD.exe

C:\Windows\System\uBUuDwD.exe

C:\Windows\System\KXeRvbQ.exe

C:\Windows\System\KXeRvbQ.exe

C:\Windows\System\VMVmqmA.exe

C:\Windows\System\VMVmqmA.exe

C:\Windows\System\AhCzLMI.exe

C:\Windows\System\AhCzLMI.exe

C:\Windows\System\SHDKDnU.exe

C:\Windows\System\SHDKDnU.exe

C:\Windows\System\XkaloRk.exe

C:\Windows\System\XkaloRk.exe

C:\Windows\System\tWOzETm.exe

C:\Windows\System\tWOzETm.exe

C:\Windows\System\WzpRCki.exe

C:\Windows\System\WzpRCki.exe

C:\Windows\System\lqJmWVn.exe

C:\Windows\System\lqJmWVn.exe

C:\Windows\System\AJSCnFY.exe

C:\Windows\System\AJSCnFY.exe

C:\Windows\System\uITnBpp.exe

C:\Windows\System\uITnBpp.exe

C:\Windows\System\oCkVSFz.exe

C:\Windows\System\oCkVSFz.exe

C:\Windows\System\Lnkctsm.exe

C:\Windows\System\Lnkctsm.exe

C:\Windows\System\yuFLzRT.exe

C:\Windows\System\yuFLzRT.exe

C:\Windows\System\ADLWSrY.exe

C:\Windows\System\ADLWSrY.exe

C:\Windows\System\FZEqSrx.exe

C:\Windows\System\FZEqSrx.exe

C:\Windows\System\Azhylnz.exe

C:\Windows\System\Azhylnz.exe

C:\Windows\System\YgymlFy.exe

C:\Windows\System\YgymlFy.exe

C:\Windows\System\KpIdUYJ.exe

C:\Windows\System\KpIdUYJ.exe

C:\Windows\System\QtPDxqp.exe

C:\Windows\System\QtPDxqp.exe

C:\Windows\System\CqJoyZZ.exe

C:\Windows\System\CqJoyZZ.exe

C:\Windows\System\aPDxRWI.exe

C:\Windows\System\aPDxRWI.exe

C:\Windows\System\ePXynyR.exe

C:\Windows\System\ePXynyR.exe

C:\Windows\System\RmpFMVd.exe

C:\Windows\System\RmpFMVd.exe

C:\Windows\System\bgTHknV.exe

C:\Windows\System\bgTHknV.exe

C:\Windows\System\KdIgpVk.exe

C:\Windows\System\KdIgpVk.exe

C:\Windows\System\zBSLvmi.exe

C:\Windows\System\zBSLvmi.exe

C:\Windows\System\uIvrTYc.exe

C:\Windows\System\uIvrTYc.exe

C:\Windows\System\BHnBsOp.exe

C:\Windows\System\BHnBsOp.exe

C:\Windows\System\lEwqRUL.exe

C:\Windows\System\lEwqRUL.exe

C:\Windows\System\pUKvvrN.exe

C:\Windows\System\pUKvvrN.exe

C:\Windows\System\KBqYbov.exe

C:\Windows\System\KBqYbov.exe

C:\Windows\System\fxsQRZl.exe

C:\Windows\System\fxsQRZl.exe

C:\Windows\System\IdqcXcT.exe

C:\Windows\System\IdqcXcT.exe

C:\Windows\System\wZOhzYs.exe

C:\Windows\System\wZOhzYs.exe

C:\Windows\System\qWrBRCD.exe

C:\Windows\System\qWrBRCD.exe

C:\Windows\System\oFUEHvM.exe

C:\Windows\System\oFUEHvM.exe

C:\Windows\System\zCEKiyx.exe

C:\Windows\System\zCEKiyx.exe

C:\Windows\System\qhRZJCz.exe

C:\Windows\System\qhRZJCz.exe

C:\Windows\System\SvOtZLc.exe

C:\Windows\System\SvOtZLc.exe

C:\Windows\System\sqTZLvR.exe

C:\Windows\System\sqTZLvR.exe

C:\Windows\System\JBtWdHu.exe

C:\Windows\System\JBtWdHu.exe

C:\Windows\System\aQSvQcm.exe

C:\Windows\System\aQSvQcm.exe

C:\Windows\System\HvdNIla.exe

C:\Windows\System\HvdNIla.exe

C:\Windows\System\MDcNsUs.exe

C:\Windows\System\MDcNsUs.exe

C:\Windows\System\xOsXZpU.exe

C:\Windows\System\xOsXZpU.exe

C:\Windows\System\GWnfWAn.exe

C:\Windows\System\GWnfWAn.exe

C:\Windows\System\YUFBxaq.exe

C:\Windows\System\YUFBxaq.exe

C:\Windows\System\zgzIehu.exe

C:\Windows\System\zgzIehu.exe

C:\Windows\System\lyHxDHn.exe

C:\Windows\System\lyHxDHn.exe

C:\Windows\System\KkOsUyK.exe

C:\Windows\System\KkOsUyK.exe

C:\Windows\System\znjcujg.exe

C:\Windows\System\znjcujg.exe

C:\Windows\System\vRYrXfi.exe

C:\Windows\System\vRYrXfi.exe

C:\Windows\System\lKAavGt.exe

C:\Windows\System\lKAavGt.exe

C:\Windows\System\zZMGOEM.exe

C:\Windows\System\zZMGOEM.exe

C:\Windows\System\mxwvOla.exe

C:\Windows\System\mxwvOla.exe

C:\Windows\System\XHrWAYQ.exe

C:\Windows\System\XHrWAYQ.exe

C:\Windows\System\ZuHdrRj.exe

C:\Windows\System\ZuHdrRj.exe

C:\Windows\System\uhYUUxz.exe

C:\Windows\System\uhYUUxz.exe

C:\Windows\System\xfSeDUl.exe

C:\Windows\System\xfSeDUl.exe

C:\Windows\System\PglGxUW.exe

C:\Windows\System\PglGxUW.exe

C:\Windows\System\wxnthSw.exe

C:\Windows\System\wxnthSw.exe

C:\Windows\System\akohdFi.exe

C:\Windows\System\akohdFi.exe

C:\Windows\System\bFyGfBb.exe

C:\Windows\System\bFyGfBb.exe

C:\Windows\System\CdanxId.exe

C:\Windows\System\CdanxId.exe

C:\Windows\System\AlQdFyk.exe

C:\Windows\System\AlQdFyk.exe

C:\Windows\System\KmZGbdw.exe

C:\Windows\System\KmZGbdw.exe

C:\Windows\System\DnUVmOj.exe

C:\Windows\System\DnUVmOj.exe

C:\Windows\System\OcvnoGa.exe

C:\Windows\System\OcvnoGa.exe

C:\Windows\System\iuXqozo.exe

C:\Windows\System\iuXqozo.exe

C:\Windows\System\DehwjIG.exe

C:\Windows\System\DehwjIG.exe

C:\Windows\System\SmQpEFw.exe

C:\Windows\System\SmQpEFw.exe

C:\Windows\System\WabccTU.exe

C:\Windows\System\WabccTU.exe

C:\Windows\System\VKhTKhl.exe

C:\Windows\System\VKhTKhl.exe

C:\Windows\System\CkttQEn.exe

C:\Windows\System\CkttQEn.exe

C:\Windows\System\fWqrrVi.exe

C:\Windows\System\fWqrrVi.exe

C:\Windows\System\UDXiSbS.exe

C:\Windows\System\UDXiSbS.exe

C:\Windows\System\eXikeoo.exe

C:\Windows\System\eXikeoo.exe

C:\Windows\System\vMlywmj.exe

C:\Windows\System\vMlywmj.exe

C:\Windows\System\knIEGHi.exe

C:\Windows\System\knIEGHi.exe

C:\Windows\System\VrRDEFS.exe

C:\Windows\System\VrRDEFS.exe

C:\Windows\System\tXRUXTI.exe

C:\Windows\System\tXRUXTI.exe

C:\Windows\System\iCpMpFe.exe

C:\Windows\System\iCpMpFe.exe

C:\Windows\System\XQafYMR.exe

C:\Windows\System\XQafYMR.exe

C:\Windows\System\VLtZqyz.exe

C:\Windows\System\VLtZqyz.exe

C:\Windows\System\ACvYfQg.exe

C:\Windows\System\ACvYfQg.exe

C:\Windows\System\NZEWfvL.exe

C:\Windows\System\NZEWfvL.exe

C:\Windows\System\CyGiIpa.exe

C:\Windows\System\CyGiIpa.exe

C:\Windows\System\gDCzqyz.exe

C:\Windows\System\gDCzqyz.exe

C:\Windows\System\WHSVXKd.exe

C:\Windows\System\WHSVXKd.exe

C:\Windows\System\vNFpbPC.exe

C:\Windows\System\vNFpbPC.exe

C:\Windows\System\hSnrhJp.exe

C:\Windows\System\hSnrhJp.exe

C:\Windows\System\kDIqXXd.exe

C:\Windows\System\kDIqXXd.exe

C:\Windows\System\ruoLhiO.exe

C:\Windows\System\ruoLhiO.exe

C:\Windows\System\FvTDrfn.exe

C:\Windows\System\FvTDrfn.exe

C:\Windows\System\foSweIs.exe

C:\Windows\System\foSweIs.exe

C:\Windows\System\KuDnfrI.exe

C:\Windows\System\KuDnfrI.exe

C:\Windows\System\TPwZjAA.exe

C:\Windows\System\TPwZjAA.exe

C:\Windows\System\BydFCvs.exe

C:\Windows\System\BydFCvs.exe

C:\Windows\System\aZNUHdz.exe

C:\Windows\System\aZNUHdz.exe

C:\Windows\System\rcSPMtR.exe

C:\Windows\System\rcSPMtR.exe

C:\Windows\System\JRqpRGL.exe

C:\Windows\System\JRqpRGL.exe

C:\Windows\System\rrHwcuH.exe

C:\Windows\System\rrHwcuH.exe

C:\Windows\System\DdfRgEO.exe

C:\Windows\System\DdfRgEO.exe

C:\Windows\System\BxwiWYO.exe

C:\Windows\System\BxwiWYO.exe

C:\Windows\System\BYNScNV.exe

C:\Windows\System\BYNScNV.exe

C:\Windows\System\FuZjrcR.exe

C:\Windows\System\FuZjrcR.exe

C:\Windows\System\ZtRuBlE.exe

C:\Windows\System\ZtRuBlE.exe

C:\Windows\System\nnyEXdN.exe

C:\Windows\System\nnyEXdN.exe

C:\Windows\System\SekTlYc.exe

C:\Windows\System\SekTlYc.exe

C:\Windows\System\uLcMuca.exe

C:\Windows\System\uLcMuca.exe

C:\Windows\System\qWyZEEY.exe

C:\Windows\System\qWyZEEY.exe

C:\Windows\System\awnGhSL.exe

C:\Windows\System\awnGhSL.exe

C:\Windows\System\YxbDHaC.exe

C:\Windows\System\YxbDHaC.exe

C:\Windows\System\GkhfrmP.exe

C:\Windows\System\GkhfrmP.exe

C:\Windows\System\zTOIDSR.exe

C:\Windows\System\zTOIDSR.exe

C:\Windows\System\IARivzj.exe

C:\Windows\System\IARivzj.exe

C:\Windows\System\ofJGIiT.exe

C:\Windows\System\ofJGIiT.exe

C:\Windows\System\sEXAKQq.exe

C:\Windows\System\sEXAKQq.exe

C:\Windows\System\EtgLotv.exe

C:\Windows\System\EtgLotv.exe

C:\Windows\System\wksqLHe.exe

C:\Windows\System\wksqLHe.exe

C:\Windows\System\kurxNhf.exe

C:\Windows\System\kurxNhf.exe

C:\Windows\System\txBEAAd.exe

C:\Windows\System\txBEAAd.exe

C:\Windows\System\LvngdEh.exe

C:\Windows\System\LvngdEh.exe

C:\Windows\System\HTKwCWW.exe

C:\Windows\System\HTKwCWW.exe

C:\Windows\System\uaSGCAf.exe

C:\Windows\System\uaSGCAf.exe

C:\Windows\System\nDpZIfF.exe

C:\Windows\System\nDpZIfF.exe

C:\Windows\System\CiDYkIa.exe

C:\Windows\System\CiDYkIa.exe

C:\Windows\System\rcWUTNC.exe

C:\Windows\System\rcWUTNC.exe

C:\Windows\System\owOeTny.exe

C:\Windows\System\owOeTny.exe

C:\Windows\System\DjTZEtT.exe

C:\Windows\System\DjTZEtT.exe

C:\Windows\System\ZSdQOnj.exe

C:\Windows\System\ZSdQOnj.exe

C:\Windows\System\UtmcxTp.exe

C:\Windows\System\UtmcxTp.exe

C:\Windows\System\quRaBBj.exe

C:\Windows\System\quRaBBj.exe

C:\Windows\System\Xlhqujk.exe

C:\Windows\System\Xlhqujk.exe

C:\Windows\System\XIIcRia.exe

C:\Windows\System\XIIcRia.exe

C:\Windows\System\gATYtse.exe

C:\Windows\System\gATYtse.exe

C:\Windows\System\oLONuaH.exe

C:\Windows\System\oLONuaH.exe

C:\Windows\System\raBzayp.exe

C:\Windows\System\raBzayp.exe

C:\Windows\System\wKwhsMn.exe

C:\Windows\System\wKwhsMn.exe

C:\Windows\System\IXohXVw.exe

C:\Windows\System\IXohXVw.exe

C:\Windows\System\gDVkMHg.exe

C:\Windows\System\gDVkMHg.exe

C:\Windows\System\hUSIyvL.exe

C:\Windows\System\hUSIyvL.exe

C:\Windows\System\cTKVMke.exe

C:\Windows\System\cTKVMke.exe

C:\Windows\System\GYGwOkJ.exe

C:\Windows\System\GYGwOkJ.exe

C:\Windows\System\FnwWdoD.exe

C:\Windows\System\FnwWdoD.exe

C:\Windows\System\eVXuVim.exe

C:\Windows\System\eVXuVim.exe

C:\Windows\System\gksbIsz.exe

C:\Windows\System\gksbIsz.exe

C:\Windows\System\OscDSeP.exe

C:\Windows\System\OscDSeP.exe

C:\Windows\System\efNhnao.exe

C:\Windows\System\efNhnao.exe

C:\Windows\System\KjVGjvM.exe

C:\Windows\System\KjVGjvM.exe

C:\Windows\System\MElhiRn.exe

C:\Windows\System\MElhiRn.exe

C:\Windows\System\RUOajEN.exe

C:\Windows\System\RUOajEN.exe

C:\Windows\System\YgEDuGH.exe

C:\Windows\System\YgEDuGH.exe

C:\Windows\System\kXqfaoW.exe

C:\Windows\System\kXqfaoW.exe

C:\Windows\System\HkbgPpI.exe

C:\Windows\System\HkbgPpI.exe

C:\Windows\System\GGJJCaS.exe

C:\Windows\System\GGJJCaS.exe

C:\Windows\System\aOhQsMV.exe

C:\Windows\System\aOhQsMV.exe

C:\Windows\System\QTSQAtP.exe

C:\Windows\System\QTSQAtP.exe

C:\Windows\System\xyICjYs.exe

C:\Windows\System\xyICjYs.exe

C:\Windows\System\FmQlcKa.exe

C:\Windows\System\FmQlcKa.exe

C:\Windows\System\tqamsun.exe

C:\Windows\System\tqamsun.exe

C:\Windows\System\XBFAErj.exe

C:\Windows\System\XBFAErj.exe

C:\Windows\System\Zfewxrw.exe

C:\Windows\System\Zfewxrw.exe

C:\Windows\System\JjLvCdz.exe

C:\Windows\System\JjLvCdz.exe

C:\Windows\System\flpOOeY.exe

C:\Windows\System\flpOOeY.exe

C:\Windows\System\PFAtUsA.exe

C:\Windows\System\PFAtUsA.exe

C:\Windows\System\IeSXudc.exe

C:\Windows\System\IeSXudc.exe

C:\Windows\System\MCHShKL.exe

C:\Windows\System\MCHShKL.exe

C:\Windows\System\zXNeUea.exe

C:\Windows\System\zXNeUea.exe

C:\Windows\System\sllKAqF.exe

C:\Windows\System\sllKAqF.exe

C:\Windows\System\CPgLHHT.exe

C:\Windows\System\CPgLHHT.exe

C:\Windows\System\QsHXiHs.exe

C:\Windows\System\QsHXiHs.exe

C:\Windows\System\HZhbsTz.exe

C:\Windows\System\HZhbsTz.exe

C:\Windows\System\gTRaDyD.exe

C:\Windows\System\gTRaDyD.exe

C:\Windows\System\cXdvmCb.exe

C:\Windows\System\cXdvmCb.exe

C:\Windows\System\BbmMeyk.exe

C:\Windows\System\BbmMeyk.exe

C:\Windows\System\hRpefMe.exe

C:\Windows\System\hRpefMe.exe

C:\Windows\System\nSCBovr.exe

C:\Windows\System\nSCBovr.exe

C:\Windows\System\uHwtNHP.exe

C:\Windows\System\uHwtNHP.exe

C:\Windows\System\pvjHbeS.exe

C:\Windows\System\pvjHbeS.exe

C:\Windows\System\dBAZYyE.exe

C:\Windows\System\dBAZYyE.exe

C:\Windows\System\MoWYnfR.exe

C:\Windows\System\MoWYnfR.exe

C:\Windows\System\yKFCjeg.exe

C:\Windows\System\yKFCjeg.exe

C:\Windows\System\FMsgdGY.exe

C:\Windows\System\FMsgdGY.exe

C:\Windows\System\RZLJEAU.exe

C:\Windows\System\RZLJEAU.exe

C:\Windows\System\EkCnNjO.exe

C:\Windows\System\EkCnNjO.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1704-0-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1704-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\OirHZQl.exe

MD5 441a29df1b32d32c61e71c18cf6d865b
SHA1 f66b15ef322f5bc2ee37bdc5d2766c85e0da9125
SHA256 0812229625d54042f476c04eff2389dbaefb52db4b6550e7be7a091f55397bf2
SHA512 7ae2f3f3d4e5631d2642c8deff2116b4643254a5c37e7e0656c54f55f7c019c02579e0e06462de27e5594fca034c832e5289b0c1eb35fc271aa9435ca7c708f5

\Windows\system\cuakOmA.exe

MD5 58b9e31c508b9f6e1e48a753d430da29
SHA1 a304951a93f366fddf0c09ed3a3cf4189790253f
SHA256 a8885b8c7aad65daaf749320384d7171df49be05a17bccc6f9bfec243f6e1a3f
SHA512 cb539d222def471c3eeebefc440866d83a8535ba2d4109b6ede19345674be966e88fc11017fcdbd7f45c292ff73de47bf7cf1cd3b1c364437782c19de3f699a8

memory/2120-47-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2680-68-0x000000013FDE0000-0x0000000140134000-memory.dmp

C:\Windows\system\mSTUiDE.exe

MD5 557fae1f976bed7c0bca6a14663b7e7f
SHA1 da013ca47f59b30bafccff191e98e6c9ed3bed97
SHA256 56b44fe9a22f2287a1df0fe4acccca7a51f83f82dacffad5eb75531e2973a905
SHA512 e0326edb8029bc014235beb45b69eafcb27ec9203361a4036ff0aa83c4bd76c873bb28636132014729dd4cbc586bd23c235d694e1390a9bb95575d2f06a6e13c

memory/2628-82-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/1704-89-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1972-92-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2788-96-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2756-97-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2720-95-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2696-94-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/1704-93-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/1704-91-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1704-90-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1704-88-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2224-86-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\lSKCuzk.exe

MD5 419051f92a7a4553ed28dd5a140753e8
SHA1 db657e64d59e1c6fc8eb025092ca6928284604e5
SHA256 b86a94b99c448de69387b5ac6f97e59ba46972c57569b9bde82b51d7482b0fea
SHA512 ee499dd0e3a43e7d85a2b8c321de9356216f55d6bf1774808e8a456fb38d28e438161719026ec71c13aa8ad8c4852bb89df33cb711b5302ab7de1b43887e3096

memory/1704-83-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/2532-81-0x000000013FFA0000-0x00000001402F4000-memory.dmp

C:\Windows\system\jpORJfe.exe

MD5 dbcb0e101b5b995c4df65ef8a4d0c3c3
SHA1 4d21e161a46c61fb533024ded6df0ca98a1e5937
SHA256 98001294f9c57ebf9467b35b8d3e18879878ce3fff30348f415d8b7ad989c850
SHA512 f10c7d4ac2b808f9103e7031ed0d142f5c99f97ae097ab49e8ad45ad074c5b4eea519b756d2d67744e4fecf6967d1034348432e4041289fa0954fce20800255c

C:\Windows\system\imPEzQx.exe

MD5 3ba938f9433f4ee44766555e50f08588
SHA1 35a4b7004c2d02e92319513fe34f431d9cfe9cdb
SHA256 0b210d762d7c2622d0189b0e5231d11a1d9ac21b9e1c450da9b6a04bc8632493
SHA512 af06802c28e1c6dcc631d45073d4d0efa9f87016a7bb0384fe048687063112c063b4d293ba1dce1638bdd477b50344bf38f9f52a4be2cb69d0ae88628c685576

C:\Windows\system\dYypvnq.exe

MD5 00970e8b4ef6046d2c8cc1839b927b50
SHA1 24433fef97835f3257196670abfc97e8a628734d
SHA256 405e0497668a0b959b170af111b3f595a652fa7b2a5a5e6c5aed2e0790e5823a
SHA512 3e877f8fb4f5a542ae00ad4da63b70409976f30886b475df5c32682aeb1ca6acbb1261d7f5dd84321c69f374fb6d1da4d2a808687b730033ffae8daaa3550a1f

C:\Windows\system\QmxgkQi.exe

MD5 6ee1b927d88a91280a21291288e317ed
SHA1 1651c962ff599c3e2b6f58d2415074f12a0400cc
SHA256 0c82797f3b136bd92bbbcec1132defc1f53851d0cc27812bae23fd0a27e46b63
SHA512 0062807f25df1ce5fd1bfcea862d9e4e67dfc5b2ed61858a65e9097a1ad5bc135d7949cd4b572216cc4448e78c127e9b93f1f18b0aff08c7b37f43b95b56a656

C:\Windows\system\qkHtTqI.exe

MD5 2ce40670f582668d025ccebd3284f2ae
SHA1 61832506983b09becd101ad115b7df338d957f16
SHA256 b740016fdbb24a7ae48af3a77469cdadfbb24a4c563e5f10a150d077befd39cf
SHA512 93e73781e0d752e1c32128f1c500b0cb6f49ec090296a527dae17e6f65513accfcb944f577df22f19b41fe420f5590d9a85660731b32ce622bb44c0f4347ee60

memory/1704-52-0x0000000001EB0000-0x0000000002204000-memory.dmp

\Windows\system\XssdxLI.exe

MD5 351b7c7260045f2d4b42d1d46b392528
SHA1 35b6da4e6b1edc7aed42f0dd36b16223ac53c0a3
SHA256 6828e574c935ce176c733cec6f759bb2d231a11380cc7e69cbbcd65b65293340
SHA512 1d6d4ae6942ef91809c5cbda7c6f30764210f503ac64483368c65e616bb16c13916e7b136a347709a0cc6e1ebcf8f024dd5e57083c83c766937ed29f6dddc425

memory/2804-80-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2728-77-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2608-75-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

C:\Windows\system\CUauLeU.exe

MD5 63d7f6fa269fd9f94b5c2797134aec30
SHA1 4179b852dce863a017b2ad71e7d4aac197b8eaf3
SHA256 802b53e8d504f453ea0fd7ce22af170c9b2a0fd75d01b91913e6890e986d1f11
SHA512 cb66380f3b0390b061b05bc8ffce0d99a311b8e59e0ba50dcb0ca9276160a80018ebb9d780912e9eea508dc3a209ce1ebf4b810afb9117f6f91ef6b0fcb0f19b

C:\Windows\system\pPIoWXi.exe

MD5 537ecafef50b660b5ee9f6da7ab8dda6
SHA1 8c11046239a7da0e81693917a1e72c9e73a33854
SHA256 1b712282365f17825bd93a4e52e916806299759717e127d7828de8d5dc388713
SHA512 2e06714afc21040311397e84602912b07adde5050c3b5ef3ab1e30dd3e942bb07e2d9a48456ede3880bd4b729d6c2443bf194fa5ae2068e917491f0de10a47d8

memory/1704-63-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1704-41-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/2320-34-0x000000013F8B0000-0x000000013FC04000-memory.dmp

C:\Windows\system\ijpLTtU.exe

MD5 74e28965287811e3ee51c92f8cc9cfc4
SHA1 834e3df5d85440379ea8c38aabb38911f6e8dcf6
SHA256 d3f8bf3c2c74a8298e0f0602f2cadf3a73e528ed18084d110c2d5fcaad000703
SHA512 a828c1489511e57304ffe12e337d6b4c1ffb6cfbbb651ff7eaea019409479bfe0045acd5714d6557d9271510edfc8aa6215e9794ac20e36feabc4e6c527b2758

C:\Windows\system\orkdaNz.exe

MD5 50e7811b2480e5730a2f5cbdf8c04282
SHA1 477d9ea6ba01a403ae012cdc370ecb1ddeef7296
SHA256 4458da6af4a8be0b2b42b9b70648e18e6685c3936335a78b53a60db57de061ff
SHA512 26a19459c253f63594ba4cf0b91099a3ef1fbb40bb20cb0515b4962189880297f1c8600190ca0b84064f95b773c5106c9b96dc596cd30d1cc72f81ce72e9f2e8

memory/1704-22-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1704-9-0x0000000001EB0000-0x0000000002204000-memory.dmp

C:\Windows\system\yThzxRm.exe

MD5 757b28163029dc34b096a31011acdf50
SHA1 dd6667c277c9204bcbcb77b28713242238a4912c
SHA256 8b7b80839261b88f83f924529bb8a69ac34d5cb936c9d707f84406a36c7d8216
SHA512 8efde4ee16efbc5ad131fe4bb2bf0e612494e0b3bb9f8633a8af4f6c3e9a35b4e4251af3a965624d4d2e47ec3a7da0c5be69b3657201170ea53e25622cf7fd50

\Windows\system\qABxuKy.exe

MD5 c7fa31ea1eab44fab59878bd9ff53319
SHA1 f87e6719f91b10a2b03157621907c89d35db30b8
SHA256 b1312306c4b528325552b453906009f37a8c1f617261826a91508fbc0f5e5f59
SHA512 89c6902d10c396e4ecbb4cc5446a02d5d7fd9bac5db9b83d47a049cdbe6260d87938b3214d4c96a5bd7464a6293071016c4c0aabcedcc5f167d053f88419712f

C:\Windows\system\UOJThmI.exe

MD5 3e3d3c8fd4a2c180c62d9cc596b0f52c
SHA1 814f0de73774b7051a24653ae1ba1c6be471098a
SHA256 8aa696081aed99ff6a1b863a7ea719696f0eed60cef4c173b5da4ffeb20a514d
SHA512 25660524b26660d07c5aad3f96141278ae9f85ff2126b7b54a6bb26c595ec251bbbe6b29b70fe7368f0482064b61eb4f0b0c66ddad02fffaf1dd5e27330f4505

C:\Windows\system\cAJlJCX.exe

MD5 6069e1129c2ce474bd9e3e9457c9746d
SHA1 e783e8785789413b7d16321d472f972272f20c8d
SHA256 7b4e4a1e0257d9f52d131dddfbe03711d66213791120c13b9b872f897a0d9a2c
SHA512 b6ef40266b546832fa823a8f191c1b7019869aab416d8053db39edd679a037c4d4af716f65bc92794e99eed44257fd6b4f409fe28a10df15731e545ab2020c9a

\Windows\system\MacHSjc.exe

MD5 792e6c85240215fcd98045e4f4aa789c
SHA1 406cc8563e968d75ddf3fc59400cb283de253d6a
SHA256 71f74f6b4c721b120f2bd680ae1671b2b7d7dd8f644be50984395da118e0d714
SHA512 6071de75b042c1d881c0568e2f33de5b6437fed6dc75b036e97d0d23159fe7e21a59b2a2da9b949d43df9991573b526ac2d7927fe5f5286528570288176f6aa0

memory/1704-1067-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1704-1066-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1704-1069-0x0000000001EB0000-0x0000000002204000-memory.dmp

memory/1704-1068-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2680-1071-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2608-1072-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2120-1070-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

C:\Windows\system\NjrlRfI.exe

MD5 bc6e610b9a7199afe481d86b3419c7c8
SHA1 da4f636e3383a8effb3de35cac49a36442a6d14e
SHA256 49e52945fa0361690fe42a89d37e32033c9cd4b5acabccb5eafe27ade8df3f4e
SHA512 48deb2788cd6ea8e6666ae5d0bcae70c5ae41257333f230a163b51aec7cb608f851e7e03b48ede92e33c4f81b374e4b275d470c132245788afe155842d587adc

C:\Windows\system\RgcRcNR.exe

MD5 ed864716aa02fb0215ed51c9c49a7d42
SHA1 18d5bf1d63693f263045a1aba00e74bbb1600d1a
SHA256 70a0d0045cadc198876ae053e80f0bc5551fe23086486c2a71f27a8dba1828fa
SHA512 7ddd2d9d6cdb7928cb8270ba8f6c067dcdda99f0f003497992c4a27f65d51ee20ccbdb25fc668375e21c5be16937ede57b83139177a83df9211f0a1c0e31f0d9

C:\Windows\system\byRkYVq.exe

MD5 405bf15c99607ce9b7a22017ac627880
SHA1 af78484d9bcde900792051f443bd61685390e2a8
SHA256 b39f42502a41f883f570a63da4257a44a5e4daaa82ea9ebe9708b3f6f32502d4
SHA512 c32ab9caa527e55e691f262b2df481176cb1b883e401de264787b0c58513595166fe90be803d5e6fa4a4d32a272ae5c17e5d67e296bac090a8df28194076158a

C:\Windows\system\omEchon.exe

MD5 ad4eaec73e33ed5462774565a4629ba9
SHA1 528eeb1d1ba73c489b13dfd1dd7656e6b7e4c3b8
SHA256 3a8a3e815cb6f0d993fa87b3eff1701987bfe86f65514821c0c16eaf650f4533
SHA512 5b9de8ee306b3fea167f67daa8687974887d88cd70cd2fb82306d97204d147c08fec37cc9b1ac0ef7ef374ac2d908f3c37c9f2eab5fef1ca14472b46696c574b

C:\Windows\system\KaSqKCk.exe

MD5 0d14d7b20a2229c581193a83f8d814cd
SHA1 fa8942f9c483698c3d7c264c093aafae2fb55c2a
SHA256 86a489c11ba60ad84c00d1202190701caa8627765fc93e2394166c94530670c9
SHA512 c95428b380d81891967420a16f8e45740cb12ea35fca8633c55b110c9cb5b117ac5b911e1bea359455b09bc29cd7b90d3937b284b2928bcb7b0ff0e24cd6185a

C:\Windows\system\Fqqzwyb.exe

MD5 b59a6b275a24d749a219a2a28a925fc2
SHA1 9879ff1dd98e34e962bd5d9a75cbf5ae942619c4
SHA256 3827fd3a420669d572d83691bc7f374b9bf6f9f66bb45c3271a0e27c425bfa67
SHA512 1a0394bbde94e33c7728ee9a969590d8d0a1fd328d0f0205ec6754274b8072a2c843a75e5f3bc3642c64041a5aa3bf1e8fc4193fb88c130650858c1913563fc2

C:\Windows\system\zPzBwAY.exe

MD5 5413e14bac9c73f6b8f33ef9cd29154f
SHA1 ebe8b791656c4e8b13df609e828cd0bd9db1b9b5
SHA256 c1f5fb229b7a6216403a7b95323eb08da8fcb5adb44e858fe96ac4e953a10fc6
SHA512 3b08f9ef19ba825e9aa2cc2d46df926c2169deb1c71863bf65f87f685a59cc8641f104bf80b81ed71af90fe7a8654425186d82463ce9e3c2aa23e959aa370ec7

C:\Windows\system\oPHgHsi.exe

MD5 030eae2926ae25b715ae002544c12464
SHA1 d48d0e6652940187de1798a185ce3649463aeb83
SHA256 be5067daac45cce83d2b5638ba4c47075a499b933a1d52530b07ec8e455e71a1
SHA512 7f71034b35edd73e10a8da5c14e23e32a87aed33a0b46f5ca69c4c21f1ef52304fc70ecf50bb4d561eeb29bef4c4b26acb4570a50e046fecedf7ac7e970864df

C:\Windows\system\sEggrjD.exe

MD5 7bb3dce21c820d79b412c5ec11d0ca63
SHA1 a50145904a9569efa235de2c0d5c62391931e7ff
SHA256 9c0d6e0f465a8fd90e8d2d88d2bbc28b043ca2acb0d2b30fe2fa632d6325a02b
SHA512 4b4db313230a1277738ab1e46fa35a8eb842e74d9145f47193d4f8c987a50daa758ffcbb2710f42d1cba6d139b26033e5c19b7e4e741756c0d3c17c5f3ecfd8d

C:\Windows\system\CNIrqbS.exe

MD5 6b7f55f4ffe25a8c22124bccee8a3b96
SHA1 f9053463d9f82f11a869821154f700d2be2e3e7d
SHA256 44aca90a5a36c0223fe633155b37dda3998c5019189ab4bfffd06c7146bdeef9
SHA512 cc0bfa52f40e8e0ff8ad3356504f8c0ffd6901fbf889741a22cfa60af038b39c376e5c9ab9ecf9cb2d599f5c4eb9a26332225c8e0fe9accf0740063a61544465

C:\Windows\system\jXzCiha.exe

MD5 6fa78609735376d31c7772c7294806f1
SHA1 3b30691e0eab670123c273fac133eeb9874d8e12
SHA256 a8833387a8b9e6de2b236c9e377b4b73717d09412efaa13ff78a926a11b1b7fd
SHA512 24417a01683fb05b89f29c70ec2bb26db2eedd4c52ce2ad843182315a624e5ca58be277dea5398fb267df6c70ded32a548245bcee058cd1b094625d6f1e65b27

C:\Windows\system\WnlwAmw.exe

MD5 339d6ac39d6e6a36e1cba07fbee03181
SHA1 afad9febd21061ffd1668368f3022762c068dff4
SHA256 fd2de26882e4fb992e337d3425be3fb3428d7951d55e8d23e0f31670fe44b7c2
SHA512 640fbffa2a0ccb4690f5c4ac2694d70c1e63cfd8fc6934e582d4b9773dfd9f5e226c3b6c197dddbfea68ad2d1f2c339d02ff99d0a200da0c2f0fcf45fc815969

memory/1704-114-0x000000013F160000-0x000000013F4B4000-memory.dmp

C:\Windows\system\GByAoIh.exe

MD5 8ebf1f201a1ec8c422d237a2c7b9c397
SHA1 5c29279065aa7b595945934b56cb309b8a3c8532
SHA256 bb44912a9a2c5b0c6da72018f9ec0380be49b88001d1103fcf5be8772050feed
SHA512 3aa69cdffcc63887feefc992eebcaf83249293d55de6eb72787b613634ad3764767b73dc6996fb13d8a6673a7abf55e04a6f7bfb6b5665fdbef6618ccb2a5e66

memory/1704-1073-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/1704-1074-0x000000013F160000-0x000000013F4B4000-memory.dmp

memory/2320-1075-0x000000013F8B0000-0x000000013FC04000-memory.dmp

memory/2224-1076-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2120-1077-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2696-1079-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2628-1078-0x000000013F3F0000-0x000000013F744000-memory.dmp

memory/2728-1083-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2720-1086-0x000000013FC70000-0x000000013FFC4000-memory.dmp

memory/2532-1084-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2804-1082-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2680-1085-0x000000013FDE0000-0x0000000140134000-memory.dmp

memory/2608-1081-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/1972-1080-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2788-1087-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2756-1088-0x000000013F980000-0x000000013FCD4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 08:03

Reported

2024-06-27 08:05

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XgQFVsO.exe N/A
N/A N/A C:\Windows\System\rtnBZjb.exe N/A
N/A N/A C:\Windows\System\gKdSRAJ.exe N/A
N/A N/A C:\Windows\System\ztrMnvy.exe N/A
N/A N/A C:\Windows\System\mUYwXhM.exe N/A
N/A N/A C:\Windows\System\kImFtkj.exe N/A
N/A N/A C:\Windows\System\TOAkykB.exe N/A
N/A N/A C:\Windows\System\lQXsymR.exe N/A
N/A N/A C:\Windows\System\irJlPEG.exe N/A
N/A N/A C:\Windows\System\jZFrlrM.exe N/A
N/A N/A C:\Windows\System\mjkrSot.exe N/A
N/A N/A C:\Windows\System\elHkiuL.exe N/A
N/A N/A C:\Windows\System\ErOuLQC.exe N/A
N/A N/A C:\Windows\System\bsyidTb.exe N/A
N/A N/A C:\Windows\System\DewlpsU.exe N/A
N/A N/A C:\Windows\System\ZbKKYMz.exe N/A
N/A N/A C:\Windows\System\wdGJScb.exe N/A
N/A N/A C:\Windows\System\MLpbOIh.exe N/A
N/A N/A C:\Windows\System\jpJXpGe.exe N/A
N/A N/A C:\Windows\System\QAiihbD.exe N/A
N/A N/A C:\Windows\System\uGAQhQj.exe N/A
N/A N/A C:\Windows\System\FoASUcn.exe N/A
N/A N/A C:\Windows\System\ufpKUmq.exe N/A
N/A N/A C:\Windows\System\gBeJDBS.exe N/A
N/A N/A C:\Windows\System\jvQUlWi.exe N/A
N/A N/A C:\Windows\System\JlDHXqG.exe N/A
N/A N/A C:\Windows\System\LjeGsVe.exe N/A
N/A N/A C:\Windows\System\DrjuHne.exe N/A
N/A N/A C:\Windows\System\zNUbnQZ.exe N/A
N/A N/A C:\Windows\System\DYLqQTo.exe N/A
N/A N/A C:\Windows\System\dlrrDPl.exe N/A
N/A N/A C:\Windows\System\mUvpOFT.exe N/A
N/A N/A C:\Windows\System\LWJoaDw.exe N/A
N/A N/A C:\Windows\System\XHnpRaI.exe N/A
N/A N/A C:\Windows\System\vCYjaQU.exe N/A
N/A N/A C:\Windows\System\Lstlgxr.exe N/A
N/A N/A C:\Windows\System\OvHnBsE.exe N/A
N/A N/A C:\Windows\System\kNuWktm.exe N/A
N/A N/A C:\Windows\System\SsDIGFC.exe N/A
N/A N/A C:\Windows\System\VIOWMfS.exe N/A
N/A N/A C:\Windows\System\QuivyHq.exe N/A
N/A N/A C:\Windows\System\ZzHByaj.exe N/A
N/A N/A C:\Windows\System\KSqIsPL.exe N/A
N/A N/A C:\Windows\System\XxOORzu.exe N/A
N/A N/A C:\Windows\System\wWfJwuS.exe N/A
N/A N/A C:\Windows\System\JPOwGZI.exe N/A
N/A N/A C:\Windows\System\mQRmqyV.exe N/A
N/A N/A C:\Windows\System\kHtVTRa.exe N/A
N/A N/A C:\Windows\System\efFlPoe.exe N/A
N/A N/A C:\Windows\System\kRlWKjS.exe N/A
N/A N/A C:\Windows\System\LeZxQTu.exe N/A
N/A N/A C:\Windows\System\PAvxoTM.exe N/A
N/A N/A C:\Windows\System\xPSsgFl.exe N/A
N/A N/A C:\Windows\System\wESpHMb.exe N/A
N/A N/A C:\Windows\System\svtOYtK.exe N/A
N/A N/A C:\Windows\System\vdxzCym.exe N/A
N/A N/A C:\Windows\System\urNsnpZ.exe N/A
N/A N/A C:\Windows\System\GejRktu.exe N/A
N/A N/A C:\Windows\System\yfqPFEW.exe N/A
N/A N/A C:\Windows\System\JIOiwZf.exe N/A
N/A N/A C:\Windows\System\mwIxKTZ.exe N/A
N/A N/A C:\Windows\System\dCcUiTW.exe N/A
N/A N/A C:\Windows\System\zSVeTpx.exe N/A
N/A N/A C:\Windows\System\UKWemMW.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\SsDIGFC.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\EWuVpxl.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgNenPf.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPjYdOn.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpADIye.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBeJDBS.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcBQpTm.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNuWktm.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqbiHvc.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\snbrFOg.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTQVHUw.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RtIXorl.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPRUtvB.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVGfiFw.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\RajmrSU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLdjQYo.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNQJUom.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\Uvvgwxk.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UohYMRU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvkJcrD.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXEoyfz.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWpdifQ.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQXsymR.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwDyjVO.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvtDLTp.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCZiCRF.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\VGKmWoW.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmAlaJT.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJXdmVg.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImLaJMC.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\QAiihbD.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXRFrXn.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hwkQUPh.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XuCJucY.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPGlmTU.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcyDwOL.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufpKUmq.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWfJwuS.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\JswLrqP.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEFRlkH.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQURYtG.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMddhJs.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXGGRop.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZbKKYMz.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\zECtfdq.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\fuWlPSS.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\PpgwKYo.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZQKmlI.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJtWhmC.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbtyHLq.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\GFfokGr.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WozeEdn.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQYwvjw.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\tUnHBpO.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMerftI.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\WovbEjP.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiAIWDa.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\LWJoaDw.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvfxHFL.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgQFVsO.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\TigqZIk.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztiwSFD.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\DawdTkA.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A
File created C:\Windows\System\hzgbJLp.exe C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 224 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\XgQFVsO.exe
PID 224 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\XgQFVsO.exe
PID 224 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\rtnBZjb.exe
PID 224 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\rtnBZjb.exe
PID 224 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\gKdSRAJ.exe
PID 224 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\gKdSRAJ.exe
PID 224 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ztrMnvy.exe
PID 224 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ztrMnvy.exe
PID 224 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mUYwXhM.exe
PID 224 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mUYwXhM.exe
PID 224 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\kImFtkj.exe
PID 224 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\kImFtkj.exe
PID 224 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\TOAkykB.exe
PID 224 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\TOAkykB.exe
PID 224 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\lQXsymR.exe
PID 224 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\lQXsymR.exe
PID 224 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\irJlPEG.exe
PID 224 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\irJlPEG.exe
PID 224 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jZFrlrM.exe
PID 224 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jZFrlrM.exe
PID 224 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mjkrSot.exe
PID 224 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mjkrSot.exe
PID 224 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\elHkiuL.exe
PID 224 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\elHkiuL.exe
PID 224 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ErOuLQC.exe
PID 224 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ErOuLQC.exe
PID 224 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\bsyidTb.exe
PID 224 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\bsyidTb.exe
PID 224 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DewlpsU.exe
PID 224 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DewlpsU.exe
PID 224 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ZbKKYMz.exe
PID 224 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ZbKKYMz.exe
PID 224 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\wdGJScb.exe
PID 224 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\wdGJScb.exe
PID 224 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\MLpbOIh.exe
PID 224 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\MLpbOIh.exe
PID 224 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jpJXpGe.exe
PID 224 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jpJXpGe.exe
PID 224 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\QAiihbD.exe
PID 224 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\QAiihbD.exe
PID 224 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\uGAQhQj.exe
PID 224 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\uGAQhQj.exe
PID 224 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\FoASUcn.exe
PID 224 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\FoASUcn.exe
PID 224 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ufpKUmq.exe
PID 224 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\ufpKUmq.exe
PID 224 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\gBeJDBS.exe
PID 224 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\gBeJDBS.exe
PID 224 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jvQUlWi.exe
PID 224 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\jvQUlWi.exe
PID 224 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\JlDHXqG.exe
PID 224 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\JlDHXqG.exe
PID 224 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\LjeGsVe.exe
PID 224 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\LjeGsVe.exe
PID 224 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DrjuHne.exe
PID 224 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DrjuHne.exe
PID 224 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\zNUbnQZ.exe
PID 224 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\zNUbnQZ.exe
PID 224 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DYLqQTo.exe
PID 224 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\DYLqQTo.exe
PID 224 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\dlrrDPl.exe
PID 224 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\dlrrDPl.exe
PID 224 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mUvpOFT.exe
PID 224 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe C:\Windows\System\mUvpOFT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\68ccef9c5f2306f7083dde137a10fe5c4442443cb768b9202c41c2b30f245db1_NeikiAnalytics.exe"

C:\Windows\System\XgQFVsO.exe

C:\Windows\System\XgQFVsO.exe

C:\Windows\System\rtnBZjb.exe

C:\Windows\System\rtnBZjb.exe

C:\Windows\System\gKdSRAJ.exe

C:\Windows\System\gKdSRAJ.exe

C:\Windows\System\ztrMnvy.exe

C:\Windows\System\ztrMnvy.exe

C:\Windows\System\mUYwXhM.exe

C:\Windows\System\mUYwXhM.exe

C:\Windows\System\kImFtkj.exe

C:\Windows\System\kImFtkj.exe

C:\Windows\System\TOAkykB.exe

C:\Windows\System\TOAkykB.exe

C:\Windows\System\lQXsymR.exe

C:\Windows\System\lQXsymR.exe

C:\Windows\System\irJlPEG.exe

C:\Windows\System\irJlPEG.exe

C:\Windows\System\jZFrlrM.exe

C:\Windows\System\jZFrlrM.exe

C:\Windows\System\mjkrSot.exe

C:\Windows\System\mjkrSot.exe

C:\Windows\System\elHkiuL.exe

C:\Windows\System\elHkiuL.exe

C:\Windows\System\ErOuLQC.exe

C:\Windows\System\ErOuLQC.exe

C:\Windows\System\bsyidTb.exe

C:\Windows\System\bsyidTb.exe

C:\Windows\System\DewlpsU.exe

C:\Windows\System\DewlpsU.exe

C:\Windows\System\ZbKKYMz.exe

C:\Windows\System\ZbKKYMz.exe

C:\Windows\System\wdGJScb.exe

C:\Windows\System\wdGJScb.exe

C:\Windows\System\MLpbOIh.exe

C:\Windows\System\MLpbOIh.exe

C:\Windows\System\jpJXpGe.exe

C:\Windows\System\jpJXpGe.exe

C:\Windows\System\QAiihbD.exe

C:\Windows\System\QAiihbD.exe

C:\Windows\System\uGAQhQj.exe

C:\Windows\System\uGAQhQj.exe

C:\Windows\System\FoASUcn.exe

C:\Windows\System\FoASUcn.exe

C:\Windows\System\ufpKUmq.exe

C:\Windows\System\ufpKUmq.exe

C:\Windows\System\gBeJDBS.exe

C:\Windows\System\gBeJDBS.exe

C:\Windows\System\jvQUlWi.exe

C:\Windows\System\jvQUlWi.exe

C:\Windows\System\JlDHXqG.exe

C:\Windows\System\JlDHXqG.exe

C:\Windows\System\LjeGsVe.exe

C:\Windows\System\LjeGsVe.exe

C:\Windows\System\DrjuHne.exe

C:\Windows\System\DrjuHne.exe

C:\Windows\System\zNUbnQZ.exe

C:\Windows\System\zNUbnQZ.exe

C:\Windows\System\DYLqQTo.exe

C:\Windows\System\DYLqQTo.exe

C:\Windows\System\dlrrDPl.exe

C:\Windows\System\dlrrDPl.exe

C:\Windows\System\mUvpOFT.exe

C:\Windows\System\mUvpOFT.exe

C:\Windows\System\LWJoaDw.exe

C:\Windows\System\LWJoaDw.exe

C:\Windows\System\XHnpRaI.exe

C:\Windows\System\XHnpRaI.exe

C:\Windows\System\vCYjaQU.exe

C:\Windows\System\vCYjaQU.exe

C:\Windows\System\Lstlgxr.exe

C:\Windows\System\Lstlgxr.exe

C:\Windows\System\OvHnBsE.exe

C:\Windows\System\OvHnBsE.exe

C:\Windows\System\kNuWktm.exe

C:\Windows\System\kNuWktm.exe

C:\Windows\System\SsDIGFC.exe

C:\Windows\System\SsDIGFC.exe

C:\Windows\System\VIOWMfS.exe

C:\Windows\System\VIOWMfS.exe

C:\Windows\System\QuivyHq.exe

C:\Windows\System\QuivyHq.exe

C:\Windows\System\ZzHByaj.exe

C:\Windows\System\ZzHByaj.exe

C:\Windows\System\KSqIsPL.exe

C:\Windows\System\KSqIsPL.exe

C:\Windows\System\XxOORzu.exe

C:\Windows\System\XxOORzu.exe

C:\Windows\System\wWfJwuS.exe

C:\Windows\System\wWfJwuS.exe

C:\Windows\System\JPOwGZI.exe

C:\Windows\System\JPOwGZI.exe

C:\Windows\System\mQRmqyV.exe

C:\Windows\System\mQRmqyV.exe

C:\Windows\System\kHtVTRa.exe

C:\Windows\System\kHtVTRa.exe

C:\Windows\System\efFlPoe.exe

C:\Windows\System\efFlPoe.exe

C:\Windows\System\kRlWKjS.exe

C:\Windows\System\kRlWKjS.exe

C:\Windows\System\LeZxQTu.exe

C:\Windows\System\LeZxQTu.exe

C:\Windows\System\PAvxoTM.exe

C:\Windows\System\PAvxoTM.exe

C:\Windows\System\xPSsgFl.exe

C:\Windows\System\xPSsgFl.exe

C:\Windows\System\wESpHMb.exe

C:\Windows\System\wESpHMb.exe

C:\Windows\System\svtOYtK.exe

C:\Windows\System\svtOYtK.exe

C:\Windows\System\vdxzCym.exe

C:\Windows\System\vdxzCym.exe

C:\Windows\System\urNsnpZ.exe

C:\Windows\System\urNsnpZ.exe

C:\Windows\System\GejRktu.exe

C:\Windows\System\GejRktu.exe

C:\Windows\System\yfqPFEW.exe

C:\Windows\System\yfqPFEW.exe

C:\Windows\System\JIOiwZf.exe

C:\Windows\System\JIOiwZf.exe

C:\Windows\System\mwIxKTZ.exe

C:\Windows\System\mwIxKTZ.exe

C:\Windows\System\dCcUiTW.exe

C:\Windows\System\dCcUiTW.exe

C:\Windows\System\zSVeTpx.exe

C:\Windows\System\zSVeTpx.exe

C:\Windows\System\UKWemMW.exe

C:\Windows\System\UKWemMW.exe

C:\Windows\System\VNNzHoc.exe

C:\Windows\System\VNNzHoc.exe

C:\Windows\System\jawNXCx.exe

C:\Windows\System\jawNXCx.exe

C:\Windows\System\WiAwLNM.exe

C:\Windows\System\WiAwLNM.exe

C:\Windows\System\pMerftI.exe

C:\Windows\System\pMerftI.exe

C:\Windows\System\RqudmXi.exe

C:\Windows\System\RqudmXi.exe

C:\Windows\System\bapYQOz.exe

C:\Windows\System\bapYQOz.exe

C:\Windows\System\iSbvheG.exe

C:\Windows\System\iSbvheG.exe

C:\Windows\System\wLdjQYo.exe

C:\Windows\System\wLdjQYo.exe

C:\Windows\System\yLYqQEw.exe

C:\Windows\System\yLYqQEw.exe

C:\Windows\System\miHlnWf.exe

C:\Windows\System\miHlnWf.exe

C:\Windows\System\GFfokGr.exe

C:\Windows\System\GFfokGr.exe

C:\Windows\System\JYPjUFR.exe

C:\Windows\System\JYPjUFR.exe

C:\Windows\System\JywMMCH.exe

C:\Windows\System\JywMMCH.exe

C:\Windows\System\ewiTtAT.exe

C:\Windows\System\ewiTtAT.exe

C:\Windows\System\moohVzo.exe

C:\Windows\System\moohVzo.exe

C:\Windows\System\EFGyeZP.exe

C:\Windows\System\EFGyeZP.exe

C:\Windows\System\JswLrqP.exe

C:\Windows\System\JswLrqP.exe

C:\Windows\System\eiUsICE.exe

C:\Windows\System\eiUsICE.exe

C:\Windows\System\RhwgBHc.exe

C:\Windows\System\RhwgBHc.exe

C:\Windows\System\gakftZx.exe

C:\Windows\System\gakftZx.exe

C:\Windows\System\ONjxIox.exe

C:\Windows\System\ONjxIox.exe

C:\Windows\System\XvAmNoJ.exe

C:\Windows\System\XvAmNoJ.exe

C:\Windows\System\mtibSmS.exe

C:\Windows\System\mtibSmS.exe

C:\Windows\System\EWuVpxl.exe

C:\Windows\System\EWuVpxl.exe

C:\Windows\System\TigqZIk.exe

C:\Windows\System\TigqZIk.exe

C:\Windows\System\zgXfjki.exe

C:\Windows\System\zgXfjki.exe

C:\Windows\System\bYZlLuO.exe

C:\Windows\System\bYZlLuO.exe

C:\Windows\System\fBVHYtL.exe

C:\Windows\System\fBVHYtL.exe

C:\Windows\System\FpoupRH.exe

C:\Windows\System\FpoupRH.exe

C:\Windows\System\LCHFAzr.exe

C:\Windows\System\LCHFAzr.exe

C:\Windows\System\TgSktou.exe

C:\Windows\System\TgSktou.exe

C:\Windows\System\BEFRlkH.exe

C:\Windows\System\BEFRlkH.exe

C:\Windows\System\SIwhSZI.exe

C:\Windows\System\SIwhSZI.exe

C:\Windows\System\VGKmWoW.exe

C:\Windows\System\VGKmWoW.exe

C:\Windows\System\LgNenPf.exe

C:\Windows\System\LgNenPf.exe

C:\Windows\System\ScWzeJX.exe

C:\Windows\System\ScWzeJX.exe

C:\Windows\System\BRaeRPM.exe

C:\Windows\System\BRaeRPM.exe

C:\Windows\System\kPbFwBV.exe

C:\Windows\System\kPbFwBV.exe

C:\Windows\System\UrutJqn.exe

C:\Windows\System\UrutJqn.exe

C:\Windows\System\dNXmEgo.exe

C:\Windows\System\dNXmEgo.exe

C:\Windows\System\PWZebit.exe

C:\Windows\System\PWZebit.exe

C:\Windows\System\YrhJlqH.exe

C:\Windows\System\YrhJlqH.exe

C:\Windows\System\WkBPyuL.exe

C:\Windows\System\WkBPyuL.exe

C:\Windows\System\VXqebmJ.exe

C:\Windows\System\VXqebmJ.exe

C:\Windows\System\meykMTP.exe

C:\Windows\System\meykMTP.exe

C:\Windows\System\jeOOfaV.exe

C:\Windows\System\jeOOfaV.exe

C:\Windows\System\SWiKsTK.exe

C:\Windows\System\SWiKsTK.exe

C:\Windows\System\SRawzzA.exe

C:\Windows\System\SRawzzA.exe

C:\Windows\System\cXPzlrw.exe

C:\Windows\System\cXPzlrw.exe

C:\Windows\System\sKiIcYE.exe

C:\Windows\System\sKiIcYE.exe

C:\Windows\System\fwDekjL.exe

C:\Windows\System\fwDekjL.exe

C:\Windows\System\wLeOhSJ.exe

C:\Windows\System\wLeOhSJ.exe

C:\Windows\System\tyGLwRJ.exe

C:\Windows\System\tyGLwRJ.exe

C:\Windows\System\XPjYdOn.exe

C:\Windows\System\XPjYdOn.exe

C:\Windows\System\ztiwSFD.exe

C:\Windows\System\ztiwSFD.exe

C:\Windows\System\RsIYDld.exe

C:\Windows\System\RsIYDld.exe

C:\Windows\System\lhcgPfz.exe

C:\Windows\System\lhcgPfz.exe

C:\Windows\System\ouAjhoI.exe

C:\Windows\System\ouAjhoI.exe

C:\Windows\System\ZjZFxzA.exe

C:\Windows\System\ZjZFxzA.exe

C:\Windows\System\Ikzwerp.exe

C:\Windows\System\Ikzwerp.exe

C:\Windows\System\fuWlPSS.exe

C:\Windows\System\fuWlPSS.exe

C:\Windows\System\zPRUtvB.exe

C:\Windows\System\zPRUtvB.exe

C:\Windows\System\imieXYR.exe

C:\Windows\System\imieXYR.exe

C:\Windows\System\PpgwKYo.exe

C:\Windows\System\PpgwKYo.exe

C:\Windows\System\JTSTCzu.exe

C:\Windows\System\JTSTCzu.exe

C:\Windows\System\AvpyAXb.exe

C:\Windows\System\AvpyAXb.exe

C:\Windows\System\YPIXbri.exe

C:\Windows\System\YPIXbri.exe

C:\Windows\System\mYJsfSX.exe

C:\Windows\System\mYJsfSX.exe

C:\Windows\System\UgxaHzc.exe

C:\Windows\System\UgxaHzc.exe

C:\Windows\System\LZQKmlI.exe

C:\Windows\System\LZQKmlI.exe

C:\Windows\System\MYyhMHM.exe

C:\Windows\System\MYyhMHM.exe

C:\Windows\System\eWArffm.exe

C:\Windows\System\eWArffm.exe

C:\Windows\System\nBOOFfw.exe

C:\Windows\System\nBOOFfw.exe

C:\Windows\System\tOFrjPI.exe

C:\Windows\System\tOFrjPI.exe

C:\Windows\System\nrkyjCF.exe

C:\Windows\System\nrkyjCF.exe

C:\Windows\System\XSXFqcd.exe

C:\Windows\System\XSXFqcd.exe

C:\Windows\System\dcyDwOL.exe

C:\Windows\System\dcyDwOL.exe

C:\Windows\System\TBSXyBc.exe

C:\Windows\System\TBSXyBc.exe

C:\Windows\System\vvWUZGo.exe

C:\Windows\System\vvWUZGo.exe

C:\Windows\System\SDIjPcG.exe

C:\Windows\System\SDIjPcG.exe

C:\Windows\System\wkAJTDs.exe

C:\Windows\System\wkAJTDs.exe

C:\Windows\System\tUnHBpO.exe

C:\Windows\System\tUnHBpO.exe

C:\Windows\System\bhBiQWp.exe

C:\Windows\System\bhBiQWp.exe

C:\Windows\System\lOUXZek.exe

C:\Windows\System\lOUXZek.exe

C:\Windows\System\WozeEdn.exe

C:\Windows\System\WozeEdn.exe

C:\Windows\System\sHeIVcJ.exe

C:\Windows\System\sHeIVcJ.exe

C:\Windows\System\gJtWhmC.exe

C:\Windows\System\gJtWhmC.exe

C:\Windows\System\snbrFOg.exe

C:\Windows\System\snbrFOg.exe

C:\Windows\System\hHDQhWX.exe

C:\Windows\System\hHDQhWX.exe

C:\Windows\System\ZQVfNsx.exe

C:\Windows\System\ZQVfNsx.exe

C:\Windows\System\qQURYtG.exe

C:\Windows\System\qQURYtG.exe

C:\Windows\System\FBCKxHq.exe

C:\Windows\System\FBCKxHq.exe

C:\Windows\System\nRBuZnU.exe

C:\Windows\System\nRBuZnU.exe

C:\Windows\System\RajmrSU.exe

C:\Windows\System\RajmrSU.exe

C:\Windows\System\MZQjPkV.exe

C:\Windows\System\MZQjPkV.exe

C:\Windows\System\FzQqhor.exe

C:\Windows\System\FzQqhor.exe

C:\Windows\System\TzahqyS.exe

C:\Windows\System\TzahqyS.exe

C:\Windows\System\bdufBcT.exe

C:\Windows\System\bdufBcT.exe

C:\Windows\System\DawdTkA.exe

C:\Windows\System\DawdTkA.exe

C:\Windows\System\QprEEsw.exe

C:\Windows\System\QprEEsw.exe

C:\Windows\System\UXRFrXn.exe

C:\Windows\System\UXRFrXn.exe

C:\Windows\System\CzzClts.exe

C:\Windows\System\CzzClts.exe

C:\Windows\System\hwkQUPh.exe

C:\Windows\System\hwkQUPh.exe

C:\Windows\System\BOcmHmt.exe

C:\Windows\System\BOcmHmt.exe

C:\Windows\System\zHXnhhx.exe

C:\Windows\System\zHXnhhx.exe

C:\Windows\System\XgMeOby.exe

C:\Windows\System\XgMeOby.exe

C:\Windows\System\XVWXDWm.exe

C:\Windows\System\XVWXDWm.exe

C:\Windows\System\ubmpuNh.exe

C:\Windows\System\ubmpuNh.exe

C:\Windows\System\gKsLLqD.exe

C:\Windows\System\gKsLLqD.exe

C:\Windows\System\nGRIDna.exe

C:\Windows\System\nGRIDna.exe

C:\Windows\System\kavsOvd.exe

C:\Windows\System\kavsOvd.exe

C:\Windows\System\hzgbJLp.exe

C:\Windows\System\hzgbJLp.exe

C:\Windows\System\NfdQcqL.exe

C:\Windows\System\NfdQcqL.exe

C:\Windows\System\wmETguy.exe

C:\Windows\System\wmETguy.exe

C:\Windows\System\XuCJucY.exe

C:\Windows\System\XuCJucY.exe

C:\Windows\System\LLApUaX.exe

C:\Windows\System\LLApUaX.exe

C:\Windows\System\pUHLNjw.exe

C:\Windows\System\pUHLNjw.exe

C:\Windows\System\VhrGQgR.exe

C:\Windows\System\VhrGQgR.exe

C:\Windows\System\UMddhJs.exe

C:\Windows\System\UMddhJs.exe

C:\Windows\System\wmAlaJT.exe

C:\Windows\System\wmAlaJT.exe

C:\Windows\System\uwDyjVO.exe

C:\Windows\System\uwDyjVO.exe

C:\Windows\System\OFKawJl.exe

C:\Windows\System\OFKawJl.exe

C:\Windows\System\pvtDLTp.exe

C:\Windows\System\pvtDLTp.exe

C:\Windows\System\JTQVHUw.exe

C:\Windows\System\JTQVHUw.exe

C:\Windows\System\ffKCikb.exe

C:\Windows\System\ffKCikb.exe

C:\Windows\System\MpADIye.exe

C:\Windows\System\MpADIye.exe

C:\Windows\System\MoepbSj.exe

C:\Windows\System\MoepbSj.exe

C:\Windows\System\ToPwzkQ.exe

C:\Windows\System\ToPwzkQ.exe

C:\Windows\System\TfyPQmS.exe

C:\Windows\System\TfyPQmS.exe

C:\Windows\System\wnkMyav.exe

C:\Windows\System\wnkMyav.exe

C:\Windows\System\zatLxfv.exe

C:\Windows\System\zatLxfv.exe

C:\Windows\System\wqvkrPL.exe

C:\Windows\System\wqvkrPL.exe

C:\Windows\System\XNekmQZ.exe

C:\Windows\System\XNekmQZ.exe

C:\Windows\System\WNiWZiC.exe

C:\Windows\System\WNiWZiC.exe

C:\Windows\System\nwoBQnC.exe

C:\Windows\System\nwoBQnC.exe

C:\Windows\System\kgckkov.exe

C:\Windows\System\kgckkov.exe

C:\Windows\System\zJXdmVg.exe

C:\Windows\System\zJXdmVg.exe

C:\Windows\System\IuIiqBh.exe

C:\Windows\System\IuIiqBh.exe

C:\Windows\System\bcBQpTm.exe

C:\Windows\System\bcBQpTm.exe

C:\Windows\System\yNWhpyB.exe

C:\Windows\System\yNWhpyB.exe

C:\Windows\System\BhiHtMr.exe

C:\Windows\System\BhiHtMr.exe

C:\Windows\System\nkUhqWD.exe

C:\Windows\System\nkUhqWD.exe

C:\Windows\System\iUwpRgS.exe

C:\Windows\System\iUwpRgS.exe

C:\Windows\System\JZrImEl.exe

C:\Windows\System\JZrImEl.exe

C:\Windows\System\aNQJUom.exe

C:\Windows\System\aNQJUom.exe

C:\Windows\System\fvwZICr.exe

C:\Windows\System\fvwZICr.exe

C:\Windows\System\SFCFdKN.exe

C:\Windows\System\SFCFdKN.exe

C:\Windows\System\KHIhRYI.exe

C:\Windows\System\KHIhRYI.exe

C:\Windows\System\ODZAzbP.exe

C:\Windows\System\ODZAzbP.exe

C:\Windows\System\alwVSQJ.exe

C:\Windows\System\alwVSQJ.exe

C:\Windows\System\ITgJDCM.exe

C:\Windows\System\ITgJDCM.exe

C:\Windows\System\cXuIzGG.exe

C:\Windows\System\cXuIzGG.exe

C:\Windows\System\VJlsSIL.exe

C:\Windows\System\VJlsSIL.exe

C:\Windows\System\ruHddak.exe

C:\Windows\System\ruHddak.exe

C:\Windows\System\OQtVPiY.exe

C:\Windows\System\OQtVPiY.exe

C:\Windows\System\lqNQrYd.exe

C:\Windows\System\lqNQrYd.exe

C:\Windows\System\ZlSPozY.exe

C:\Windows\System\ZlSPozY.exe

C:\Windows\System\JgXuOOt.exe

C:\Windows\System\JgXuOOt.exe

C:\Windows\System\TXGGRop.exe

C:\Windows\System\TXGGRop.exe

C:\Windows\System\dFkokiZ.exe

C:\Windows\System\dFkokiZ.exe

C:\Windows\System\qMgQvjE.exe

C:\Windows\System\qMgQvjE.exe

C:\Windows\System\uvfxHFL.exe

C:\Windows\System\uvfxHFL.exe

C:\Windows\System\voExkfx.exe

C:\Windows\System\voExkfx.exe

C:\Windows\System\vbGHqTb.exe

C:\Windows\System\vbGHqTb.exe

C:\Windows\System\zECtfdq.exe

C:\Windows\System\zECtfdq.exe

C:\Windows\System\mMnBONF.exe

C:\Windows\System\mMnBONF.exe

C:\Windows\System\zeeKHrI.exe

C:\Windows\System\zeeKHrI.exe

C:\Windows\System\GSnbAiG.exe

C:\Windows\System\GSnbAiG.exe

C:\Windows\System\Gdsvmby.exe

C:\Windows\System\Gdsvmby.exe

C:\Windows\System\bfMoCuh.exe

C:\Windows\System\bfMoCuh.exe

C:\Windows\System\zOEYWxw.exe

C:\Windows\System\zOEYWxw.exe

C:\Windows\System\RtIXorl.exe

C:\Windows\System\RtIXorl.exe

C:\Windows\System\rKqTbbi.exe

C:\Windows\System\rKqTbbi.exe

C:\Windows\System\SgrTDHV.exe

C:\Windows\System\SgrTDHV.exe

C:\Windows\System\EseBIjW.exe

C:\Windows\System\EseBIjW.exe

C:\Windows\System\rUbHFkR.exe

C:\Windows\System\rUbHFkR.exe

C:\Windows\System\AqKTHhQ.exe

C:\Windows\System\AqKTHhQ.exe

C:\Windows\System\NSwCmln.exe

C:\Windows\System\NSwCmln.exe

C:\Windows\System\vTpbOfv.exe

C:\Windows\System\vTpbOfv.exe

C:\Windows\System\ENJvyYl.exe

C:\Windows\System\ENJvyYl.exe

C:\Windows\System\dLdTJyP.exe

C:\Windows\System\dLdTJyP.exe

C:\Windows\System\EDKynmB.exe

C:\Windows\System\EDKynmB.exe

C:\Windows\System\PsfxrYf.exe

C:\Windows\System\PsfxrYf.exe

C:\Windows\System\GkxLHbI.exe

C:\Windows\System\GkxLHbI.exe

C:\Windows\System\hBBwEGn.exe

C:\Windows\System\hBBwEGn.exe

C:\Windows\System\MUtOJgB.exe

C:\Windows\System\MUtOJgB.exe

C:\Windows\System\AnLxAAZ.exe

C:\Windows\System\AnLxAAZ.exe

C:\Windows\System\Uvvgwxk.exe

C:\Windows\System\Uvvgwxk.exe

C:\Windows\System\XNKDHOH.exe

C:\Windows\System\XNKDHOH.exe

C:\Windows\System\jibYUVE.exe

C:\Windows\System\jibYUVE.exe

C:\Windows\System\YzxGLAh.exe

C:\Windows\System\YzxGLAh.exe

C:\Windows\System\WawAnXc.exe

C:\Windows\System\WawAnXc.exe

C:\Windows\System\DdJRnZT.exe

C:\Windows\System\DdJRnZT.exe

C:\Windows\System\hzHmTBD.exe

C:\Windows\System\hzHmTBD.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3860,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:8

C:\Windows\System\ZKLTCAz.exe

C:\Windows\System\ZKLTCAz.exe

C:\Windows\System\htoePsk.exe

C:\Windows\System\htoePsk.exe

C:\Windows\System\abnWXrJ.exe

C:\Windows\System\abnWXrJ.exe

C:\Windows\System\AHLdjQG.exe

C:\Windows\System\AHLdjQG.exe

C:\Windows\System\ZBJJfzW.exe

C:\Windows\System\ZBJJfzW.exe

C:\Windows\System\XyuRQTD.exe

C:\Windows\System\XyuRQTD.exe

C:\Windows\System\wjcOUce.exe

C:\Windows\System\wjcOUce.exe

C:\Windows\System\jCZiCRF.exe

C:\Windows\System\jCZiCRF.exe

C:\Windows\System\ccEndeZ.exe

C:\Windows\System\ccEndeZ.exe

C:\Windows\System\cFkAvUW.exe

C:\Windows\System\cFkAvUW.exe

C:\Windows\System\hTbLtvd.exe

C:\Windows\System\hTbLtvd.exe

C:\Windows\System\chBarSe.exe

C:\Windows\System\chBarSe.exe

C:\Windows\System\zOlhhOd.exe

C:\Windows\System\zOlhhOd.exe

C:\Windows\System\MOOyEyn.exe

C:\Windows\System\MOOyEyn.exe

C:\Windows\System\eVSzAAh.exe

C:\Windows\System\eVSzAAh.exe

C:\Windows\System\utGhJwc.exe

C:\Windows\System\utGhJwc.exe

C:\Windows\System\YNIYIYE.exe

C:\Windows\System\YNIYIYE.exe

C:\Windows\System\ImLaJMC.exe

C:\Windows\System\ImLaJMC.exe

C:\Windows\System\WovbEjP.exe

C:\Windows\System\WovbEjP.exe

C:\Windows\System\fkgpLbf.exe

C:\Windows\System\fkgpLbf.exe

C:\Windows\System\SHaJBxI.exe

C:\Windows\System\SHaJBxI.exe

C:\Windows\System\hPqvzjy.exe

C:\Windows\System\hPqvzjy.exe

C:\Windows\System\DVGfiFw.exe

C:\Windows\System\DVGfiFw.exe

C:\Windows\System\NFryfNh.exe

C:\Windows\System\NFryfNh.exe

C:\Windows\System\xATaBQi.exe

C:\Windows\System\xATaBQi.exe

C:\Windows\System\LxgloRG.exe

C:\Windows\System\LxgloRG.exe

C:\Windows\System\UohYMRU.exe

C:\Windows\System\UohYMRU.exe

C:\Windows\System\Tfhtupc.exe

C:\Windows\System\Tfhtupc.exe

C:\Windows\System\brOajEW.exe

C:\Windows\System\brOajEW.exe

C:\Windows\System\svJWYpW.exe

C:\Windows\System\svJWYpW.exe

C:\Windows\System\fvkJcrD.exe

C:\Windows\System\fvkJcrD.exe

C:\Windows\System\YNpAuce.exe

C:\Windows\System\YNpAuce.exe

C:\Windows\System\MdkdnPp.exe

C:\Windows\System\MdkdnPp.exe

C:\Windows\System\ZEVxpiW.exe

C:\Windows\System\ZEVxpiW.exe

C:\Windows\System\epwyFJf.exe

C:\Windows\System\epwyFJf.exe

C:\Windows\System\gXVESIv.exe

C:\Windows\System\gXVESIv.exe

C:\Windows\System\IyXqvfV.exe

C:\Windows\System\IyXqvfV.exe

C:\Windows\System\aqPdOrN.exe

C:\Windows\System\aqPdOrN.exe

C:\Windows\System\HREFDJM.exe

C:\Windows\System\HREFDJM.exe

C:\Windows\System\KbtyHLq.exe

C:\Windows\System\KbtyHLq.exe

C:\Windows\System\gejZDIB.exe

C:\Windows\System\gejZDIB.exe

C:\Windows\System\VsOTCRb.exe

C:\Windows\System\VsOTCRb.exe

C:\Windows\System\xdFXKtk.exe

C:\Windows\System\xdFXKtk.exe

C:\Windows\System\PXQKcnZ.exe

C:\Windows\System\PXQKcnZ.exe

C:\Windows\System\jXEoyfz.exe

C:\Windows\System\jXEoyfz.exe

C:\Windows\System\eBcfvvt.exe

C:\Windows\System\eBcfvvt.exe

C:\Windows\System\MmDtNXm.exe

C:\Windows\System\MmDtNXm.exe

C:\Windows\System\VuImqCX.exe

C:\Windows\System\VuImqCX.exe

C:\Windows\System\wxWvMwm.exe

C:\Windows\System\wxWvMwm.exe

C:\Windows\System\MpdPgvt.exe

C:\Windows\System\MpdPgvt.exe

C:\Windows\System\lQYwvjw.exe

C:\Windows\System\lQYwvjw.exe

C:\Windows\System\igohRvB.exe

C:\Windows\System\igohRvB.exe

C:\Windows\System\hXtfmTH.exe

C:\Windows\System\hXtfmTH.exe

C:\Windows\System\VqbiHvc.exe

C:\Windows\System\VqbiHvc.exe

C:\Windows\System\HXpwovp.exe

C:\Windows\System\HXpwovp.exe

C:\Windows\System\mCmWYQY.exe

C:\Windows\System\mCmWYQY.exe

C:\Windows\System\UWpdifQ.exe

C:\Windows\System\UWpdifQ.exe

C:\Windows\System\SgZyaSy.exe

C:\Windows\System\SgZyaSy.exe

C:\Windows\System\EiAIWDa.exe

C:\Windows\System\EiAIWDa.exe

C:\Windows\System\lfxwDwk.exe

C:\Windows\System\lfxwDwk.exe

C:\Windows\System\iPDeAix.exe

C:\Windows\System\iPDeAix.exe

C:\Windows\System\uUuspfH.exe

C:\Windows\System\uUuspfH.exe

C:\Windows\System\epuVWTh.exe

C:\Windows\System\epuVWTh.exe

C:\Windows\System\BXEVpbW.exe

C:\Windows\System\BXEVpbW.exe

C:\Windows\System\jZHnwnG.exe

C:\Windows\System\jZHnwnG.exe

C:\Windows\System\sbETfly.exe

C:\Windows\System\sbETfly.exe

C:\Windows\System\OPGlmTU.exe

C:\Windows\System\OPGlmTU.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.209:443 www.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/224-0-0x00007FF76E580000-0x00007FF76E8D4000-memory.dmp

memory/224-1-0x000001B01F9B0000-0x000001B01F9C0000-memory.dmp

C:\Windows\System\XgQFVsO.exe

MD5 c816bfdebc254b9ac58e5dc48c0ab591
SHA1 e271b388565b22d631791336d74b94ae479430fb
SHA256 fe886ab836c0d8b2e28c27a93da3a4736ffe6e3d304f7ee4b034679b50b253ec
SHA512 4150f419ddbdb0f5aa049da044d0936a5868e4ce720fddcbdffb3575c42bfe9fed2114a03ca6479e63d69ee477052a6ed782bc1561a6fbc345f021e8d4042e38

C:\Windows\System\gKdSRAJ.exe

MD5 b9f9a6839729f95c62514e2b77197ba0
SHA1 560175974d7f7aab6dc9b833e2bf0386c49d2905
SHA256 d3f1109b666300692c80b0e3e6b761169304570330dc208e7f58a10ed18b1f12
SHA512 4ec0ca6c1d54bc9bf987acd2f299ac115b8df592c5d4314117ca655024b5f007a8b6492923a956242f8e6085931a7b845f79e1af01a3142694d0e7bb682ce7cc

C:\Windows\System\ztrMnvy.exe

MD5 af5ff526324d26897a427ed5b0960a5a
SHA1 9f22207cd722086972e8ca5f906dd9fefb0c1e8e
SHA256 3b9c27029c19a47d9b105d1f82d6d947a69989f374939b51ea747c32ff9901e5
SHA512 276e7240415cd9ef25ea7fee15e861f06797008d7016b2819f7f3f45b6c05c298dc896dd0b35690220bcb5e98eef274d0211ec0fc60d5b2876c24c98dc32a40b

C:\Windows\System\lQXsymR.exe

MD5 48696feadf11a03e954cc049cb73f9e7
SHA1 f285b294c27be799007359774aa512b08b10678d
SHA256 e6c4aee9a203a67aa0c075d935b684a3f1cffc6ecb2e2c23113f5cd849a9b02e
SHA512 e76d8857918ae8d8a131d9bed2521ac608626a3b37b377e55e51f2f53ba087b24dd8d472ac3f93cb19a4688ec2995f8f1cfcd415d9bd1a6741b5bbc69c6c4e9f

C:\Windows\System\irJlPEG.exe

MD5 be8d3622a1e292972674edd313f6ec06
SHA1 1efbd17d0d5195573a8bdb1036fb5f9a814bfbe5
SHA256 1f51f630f78b053ecc61eac8b6cb057c666c6c2e8331476df2f4057a51134aa8
SHA512 1301b4f5e0065da06885a09ba962edec1f0c777d9f09edddbcd94bf7f915644038467efa911d54c2c915746545c871270160a34fcc699af4b5bf5719b47a439d

C:\Windows\System\wdGJScb.exe

MD5 de6f1c86ba44eb17ffa290a95c2664d3
SHA1 1d0abb61a8cfc91c201a35c7c5e3016e1612b277
SHA256 c1344665acbda8466fcbce8aa226117a0c9d0558743ecd5888c5a89442d8076d
SHA512 fdc8eb5e42dc2dee65e8a959717f73c6a6d92424664755eece90acfcab65efba8d1339960a5d345022efaa961202aa92ea4daa08e8e75b911b2be6d9d6b35b44

C:\Windows\System\MLpbOIh.exe

MD5 cf79a46a524b3816ef93c281024ff7f1
SHA1 5c8bde221c2f24edbdc38c50535a55e532125d12
SHA256 5b3f85e1ca090b7f7f4a49473cbfb1d66c27cca05708ce5255780ed9639d0dd9
SHA512 e95a0be628a7b79685e9c45ef23bce79b184c21a2da9c70e7b11e280bfef3e810d5251b36ba2f8c019d1485ee8ce964c85b25b56243225cae05aae2420b54c49

C:\Windows\System\FoASUcn.exe

MD5 3972b07781e2f550c78a29315cea5274
SHA1 362dfa587145ccd6eb97eb8f48a1a033025521de
SHA256 d624b6726f63dbbb570c280da23e36067800f8b5d8860822ed95869e759785c1
SHA512 52d2a5205a9d886f9004bf1867ddd975262e2d66c5741987f8ba456e16b0966e8fa2ae873afe025a9a8a9015714cb4162781ff5b15e6cf9635585de6ca7a120a

C:\Windows\System\jvQUlWi.exe

MD5 8a36d3135dea0645d78a1afa253423be
SHA1 fb1943b3225eb564fdf116fc89c795cf13f587fd
SHA256 97a4134f8ecda86f686111ad8d10ff6cf8b9ab6b48ead85fe1bd1c8edd8a0c71
SHA512 da2fd82146d9dfcf1267a0bf48092c72a1172a366fe21a609542048cdc9f4467e415774fd63818bb188ea8ff846b776a4ef19e81b6edf6f8fcbab0bc3e2968d5

C:\Windows\System\DYLqQTo.exe

MD5 ff73af5b42a81ff048bf5083d3fd5025
SHA1 6ea165a1dcd199e9a8e525429a631f74782946d5
SHA256 a2e90e1911e47c1b1100dc5e722e953ea92a5248b6ef33d45ad7f4fb035cfee7
SHA512 80e1a596b62787f5f5b00b97b24f87872a170c5c066e3ea447574716600a798322f0bbd51bd1be049a42cfff60d70fd29ba71b14c2390c427aee3f44c2857fed

memory/2940-838-0x00007FF622C30000-0x00007FF622F84000-memory.dmp

memory/2592-840-0x00007FF648D50000-0x00007FF6490A4000-memory.dmp

memory/1448-839-0x00007FF774A80000-0x00007FF774DD4000-memory.dmp

memory/4268-842-0x00007FF77A730000-0x00007FF77AA84000-memory.dmp

memory/1684-841-0x00007FF60A830000-0x00007FF60AB84000-memory.dmp

memory/2384-844-0x00007FF6168D0000-0x00007FF616C24000-memory.dmp

memory/2332-846-0x00007FF7B9130000-0x00007FF7B9484000-memory.dmp

memory/4672-845-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp

memory/1036-843-0x00007FF6B06E0000-0x00007FF6B0A34000-memory.dmp

memory/3184-856-0x00007FF696040000-0x00007FF696394000-memory.dmp

memory/4260-857-0x00007FF653DE0000-0x00007FF654134000-memory.dmp

memory/2396-861-0x00007FF7BFDE0000-0x00007FF7C0134000-memory.dmp

memory/4724-864-0x00007FF690410000-0x00007FF690764000-memory.dmp

memory/3108-870-0x00007FF65AE30000-0x00007FF65B184000-memory.dmp

memory/916-875-0x00007FF6BCA30000-0x00007FF6BCD84000-memory.dmp

memory/2172-877-0x00007FF6B95A0000-0x00007FF6B98F4000-memory.dmp

memory/1640-880-0x00007FF64E6C0000-0x00007FF64EA14000-memory.dmp

memory/516-882-0x00007FF637960000-0x00007FF637CB4000-memory.dmp

memory/1892-876-0x00007FF79CFE0000-0x00007FF79D334000-memory.dmp

memory/1564-890-0x00007FF7158E0000-0x00007FF715C34000-memory.dmp

memory/1496-892-0x00007FF634BA0000-0x00007FF634EF4000-memory.dmp

memory/1184-895-0x00007FF6846E0000-0x00007FF684A34000-memory.dmp

memory/3940-894-0x00007FF7386B0000-0x00007FF738A04000-memory.dmp

memory/3044-893-0x00007FF6E0E10000-0x00007FF6E1164000-memory.dmp

memory/4732-891-0x00007FF7B8480000-0x00007FF7B87D4000-memory.dmp

memory/4188-889-0x00007FF7A3070000-0x00007FF7A33C4000-memory.dmp

C:\Windows\System\LWJoaDw.exe

MD5 5720f62c4bbc266a3a5117948a6a405b
SHA1 a212869dde79b60b57c3949430d86d5890576fac
SHA256 5bf270da7630dfc3360de6797d3ec8c4e782faa1c3cc1260e4983ed06e17eead
SHA512 4fb69ea6ef43b1fada00fa5eca8cc976c2d7bf29c8f036caf5775136d6cac1ddb69d69ff4a1d1930ed20a734b58d074f7fe78b48b57e0d806caff059ca3e2d05

C:\Windows\System\dlrrDPl.exe

MD5 504584436119cf008427fecf827b761d
SHA1 200f904b7688a59613220c8fa2c6d098d9b0ce44
SHA256 e0033c1823e779d19c40b311a19673eb331ddb892afd304b06b1a42adefeaff7
SHA512 edd737f656aa1d3f55442036a5649f36344661606fe5d6277a4f5bdb275ab4f4268361d4ab4bb082aa8f27294058ff630e82b0f25a99b495aec8e5482eb8ce32

C:\Windows\System\mUvpOFT.exe

MD5 03112119d4502304079f1578ccf58d03
SHA1 b6021ef8fdc8fada3de6af0a86173e7004f5a627
SHA256 429c75d4ff76a8fbca76ff0a396205c27de51ce309d70e19b4dc22c9b37fd0af
SHA512 42aabef5cf27580b269c6de94f6e999eed5a8eba96babf1e44d5e7f9a804e254f931ab0b3646654784c14c606fcf46b2deed4f01662314e280de364ad6c9264d

C:\Windows\System\zNUbnQZ.exe

MD5 a57a7441e4d26aa4a4c75742b211c24e
SHA1 0f9fa36f28c9d0fd5992386b547b6b9a4536f1c8
SHA256 88e3acc1c080f3c8032518b783182b764a71db64bde9e43a649d65455fd305d3
SHA512 4ddba59cd218215a017d979859c5133fa629677aa4aa44812330d48d41c26e16e9996fb73befbe27d435b6b323f0372c6f5a7c624a570c45ee3fb2219159d2ab

C:\Windows\System\DrjuHne.exe

MD5 e25e2555314cb4304b9c0f0a47833200
SHA1 2040add42a4388d1ae5ce03d96e637d50e0f1cfd
SHA256 f1de193f9003d3155fa700f815cf27f69caa3af66a455575f73dfb2d6e05eea7
SHA512 81be7d53806f823cfb719e1c1f83dbf954018c96980f685588d4626d4e9185cf2120f26bd5ee0b337a06ae3bbd3749d5ce4d48b557057a173339e325930d4bc8

C:\Windows\System\LjeGsVe.exe

MD5 ce95957fce3ae5f50d821ba20f7af8f8
SHA1 9256f81f041e337d205a09abf55dcaa503d43d14
SHA256 25ba3bd206ba67ca63dd805b92db5c2662fd82c4dd5063eeae9efc6dd662beb3
SHA512 4df2cc27e0c41864093d61a558fef23625983a3762a00e5eb281fb84316fbf1546d9fc978791f4531fba6625e93e8249ea920fab3b726a3697644c610482013d

C:\Windows\System\JlDHXqG.exe

MD5 cc4e1dcc70b689142c31d56b3b24616f
SHA1 4598fef80e2155e1980a864c09d1328dd2c83e5f
SHA256 181e9c89f5286f10011af76f16d4b4d1c0205129f118033e1efb4ff5c9a2e525
SHA512 ece30db7bbb17cd28acbf14e91ae411b005dacdd56dde257472a9443e5b03696f3a6ef0d2658d00af52761d96ddb2f995fdd0e47fcc5c85868189b684851e83a

C:\Windows\System\gBeJDBS.exe

MD5 db271e1bc1ad0f815e7deb8657373faf
SHA1 974504e5c16ed45bba0ff26e3c94bcef51edeba2
SHA256 3568e7042c6c05ca79e9e9960a38c19a394ced2837d3308fa89272fb41acadcf
SHA512 a84e3abdcade7faed3ed568622d2ed28e119550e703ae78725112dd6f307c20f6764ed2331ddeec6c7ca7a3e8d1335b316805139ef62e89268f21b4a689ac077

C:\Windows\System\ufpKUmq.exe

MD5 60a884eb268139f80a533edb7ea6b110
SHA1 7384d872319d9a5cfbb28d96e46c909d1c5903f5
SHA256 ed0f424005e7b048c263ba7f7b7ea949617f424db11d99403c1da37875e8b716
SHA512 501dfe821772ccdac56e0e4fe2c4c4bfef45a2e494c137aa0259fe5b39744d20d64a6824d27198bc71468c0567cd85f2a0a1dfaf8a48a83e4b3a7578bd786884

C:\Windows\System\uGAQhQj.exe

MD5 14baafec453dca144322b2c6629b8c1e
SHA1 73b4633253143446eef18c5cc3930affe2e3a807
SHA256 92e4523dc720cf0cdf738bd1f65fe3ed3bf5de0b86fab096023c431012b6cd93
SHA512 e4aadf2c3f6574a18e202ab1424de249ec22a1523e25aa80f68863cdf8a04fce93f34c0692f1bcf48595ae6b256677d9fb01364bc2c607db382c5efba155b455

C:\Windows\System\QAiihbD.exe

MD5 10dfc795d04b1acd71be872c4f552af4
SHA1 559af1562c010ca58b6a29ccef3e7c5af608a969
SHA256 03c8ec0b3728661b2bd655632e1c3d5a0e2d6ee3104029e826a6ce455191f217
SHA512 95c77052362a23c40a9cd5c559fdffc781871558e6d8adc193c3af8c9fa41d82e696aa54e1944820b4f794ca6ee2c99942618db9318a9d10b5186854d2cbac56

C:\Windows\System\jpJXpGe.exe

MD5 ca5355d51699d1e60c40313b264ce2f1
SHA1 979630bde07d8902c042db71e03eedfb584a75c7
SHA256 ec5d5edb704209e8880cac205f810ed8673886d63db530314a2c8d9f02096370
SHA512 0fc0173cdae40c4f80907dd5987e23e87f24b0ae38a1303db8cbad6b1b17b747674f037a8ebcb3e3f4a52e5668d7a31027600ae932f6b970813b2007ad4b23f4

C:\Windows\System\ZbKKYMz.exe

MD5 0e9da555622f8be87c0304c941eb6cb7
SHA1 5594c4db7fc7557e9e884cd2d25b7f654aa92177
SHA256 d8788faf2d26cf08a1e3220736dce3760abe036890645cea1ca5614b4ea3e6c5
SHA512 7cf65be1a58f765397210019f6bef3cafa84d726ed4eef2e69b8f9bd723df927c787d8ff13a1c510f82d7792055fd9bf2cf95402fb97f2ae06595636bf571541

C:\Windows\System\DewlpsU.exe

MD5 321ac92701e57d9a77b2fe3762dcba65
SHA1 51b0fbb89efd48f8d6e7042626db6bc893a0db0f
SHA256 b49f5e3b16c5a66867ec1f22aa694d19cf5e1efee70632dd78ec33aa633050fa
SHA512 84dbcab7235f74753b327f63f540bcd36f241f3c0cded4f70ce7d5dd8bae73a6033c0eaf05cd682e4b2c61fd8766979288fd300eae93172ca436ddb4b6511aba

C:\Windows\System\bsyidTb.exe

MD5 c148237d239493d88a7f4c03fd2b9b36
SHA1 3b0c465dc79b06543dd62c4f6149271c61f99912
SHA256 25ee4b9abd21521cc8fa1cde833db393f1bed1938ef301e0871c2f20d5e86f6a
SHA512 4e265804daa9787717bf543cbac6beedc6a0f67d917fdf31794416bb378010f38de2a6aa978e147393c3b9faaaef179c301df3b95ed0a850ec8128dcf6b2ac9a

C:\Windows\System\ErOuLQC.exe

MD5 b12acc62b196ecdab830b1d024d32ce4
SHA1 80c274c5688dad9bc398d8ccd6c59ecc54f67368
SHA256 b06ff627714e58f9d3a519f36953b395cbaffddff8db50a5fbcbd9333296cc2c
SHA512 f79a28ac2f26af1c96d108fa52c5e2765224fc94f91f974cf4b3d6827dee462546e13a7c91474cb9c8b1865d7204a177066e29a2196a2fddd90e863929dfe2d9

C:\Windows\System\elHkiuL.exe

MD5 c26b27401fc9006ff6c604d6a3dd56b1
SHA1 048abaad539f88da8292f231f2da96b015c8a4af
SHA256 c412c1c91f0392c6588f588cb6d2892a29cd38553528896b6c2a4a7a321831ca
SHA512 36ca68022f44ec2913c8d08d83090a95d7e291402608a2a90a72ec53f2b1e099e99f025e9179f9dc5f37f442bbd505f100f2ea26eb0c22f0046b7a4ab206ac7b

C:\Windows\System\mjkrSot.exe

MD5 5c4d9e7b92cdd42f3ad2078c4309c1d9
SHA1 12f07964d7a052434461c7ca48491e014acdb6ca
SHA256 652b1bba549a313e934b3b36f743687f951fa8d673de7cc3a47a9682dd0a482a
SHA512 61696ce5b067950f2d5298ee5734b1f2c1c5855f3f66723d418622726bea70051aa5f6383586109419eef09998fd222b2bd10c6f9ed928408a375647062528fd

C:\Windows\System\jZFrlrM.exe

MD5 68976129c71d4960aa82b62ffcaadefc
SHA1 53a061a841cb86d1c3e28e910768fdceda8b9766
SHA256 0aa751b5f69cfdbe06ad390a2393360d8ed121853469c9f035514853664f3776
SHA512 df62d131b6898d6191431317da197915fafaeae60b48a1c81e424bd4ba55147f02d0e600ebd3fc343ca42629b2fe0f0a559d5d3b81ca5548d7222afb847a12db

C:\Windows\System\TOAkykB.exe

MD5 72aed44fe82d9614936d5461cc48a2ff
SHA1 7f568327dc9d498be4c2a0697551702fa2a4bb69
SHA256 eb837854313a870a09b3546c85a8a578808934f35f9d916f00aac311f308085d
SHA512 2a9a6f58cb64155802344d3daeb32c6b80a0d054915e862d29bffe7693d5a53ce92f57e2a2af922c2c799bebaf345dca9a31e579a468ce8052c5818a2dde2937

C:\Windows\System\kImFtkj.exe

MD5 e99d5f161208b889c5ceeb3914e78658
SHA1 a1b20838fd3dcb5f93057dc54830447052728ef1
SHA256 9a067f03a9becee4dc6050659498d792bc7abdbb22e4269c06ce01c6dc3b4b2e
SHA512 dca7e26a1a30ee976a94aa710efd47430bfae12138c0423a811eed62fa57ecde66ed1a1428ffe3e692b2afa08d84ac5b0fdc89cf50bf7d7918eb4fe6ba5ad134

C:\Windows\System\mUYwXhM.exe

MD5 48012bcbfd34b61c535780cd28c106d7
SHA1 e46f625816953e6e16c597fd541b1790a433de4b
SHA256 3d1aef4da2c0141df081b3b7b50daabd9dfa5205065cb04a9af14d70c5e87dd4
SHA512 d9d0a0d9d0be57483ba568f5b98fb2f041c9c79828ba3ad5a584d00f3baa57ff3f8f78b00b22a31a0059fbe44ceb0b29de9e818a67a1ed243c030a7851fe2c34

memory/2028-22-0x00007FF723920000-0x00007FF723C74000-memory.dmp

C:\Windows\System\rtnBZjb.exe

MD5 6e4ccd384edc416892a598a20be04077
SHA1 f8afe8b36473f194ae0a42233987b0617a63b44b
SHA256 f2c3e84db0a4d7d18fed6a521e6530549d9b64db8298cc2092c959b08f827f0c
SHA512 4fa54dd169b4593287f92b07ac2de1b1187186a9b3ebf28bd32a748478efd80527942270ff27249016c3c667c9b580f8198d8dd55789ab2de1e736b4df1d1d5d

memory/2084-12-0x00007FF702140000-0x00007FF702494000-memory.dmp

memory/3688-8-0x00007FF7B3ED0000-0x00007FF7B4224000-memory.dmp

memory/224-1069-0x00007FF76E580000-0x00007FF76E8D4000-memory.dmp

memory/3688-1070-0x00007FF7B3ED0000-0x00007FF7B4224000-memory.dmp

memory/2084-1071-0x00007FF702140000-0x00007FF702494000-memory.dmp

memory/3688-1072-0x00007FF7B3ED0000-0x00007FF7B4224000-memory.dmp

memory/2084-1073-0x00007FF702140000-0x00007FF702494000-memory.dmp

memory/2028-1074-0x00007FF723920000-0x00007FF723C74000-memory.dmp

memory/2940-1077-0x00007FF622C30000-0x00007FF622F84000-memory.dmp

memory/1448-1076-0x00007FF774A80000-0x00007FF774DD4000-memory.dmp

memory/2592-1075-0x00007FF648D50000-0x00007FF6490A4000-memory.dmp

memory/2384-1078-0x00007FF6168D0000-0x00007FF616C24000-memory.dmp

memory/2332-1085-0x00007FF7B9130000-0x00007FF7B9484000-memory.dmp

memory/4672-1086-0x00007FF6A15F0000-0x00007FF6A1944000-memory.dmp

memory/3108-1087-0x00007FF65AE30000-0x00007FF65B184000-memory.dmp

memory/3184-1084-0x00007FF696040000-0x00007FF696394000-memory.dmp

memory/4260-1083-0x00007FF653DE0000-0x00007FF654134000-memory.dmp

memory/2396-1082-0x00007FF7BFDE0000-0x00007FF7C0134000-memory.dmp

memory/4268-1080-0x00007FF77A730000-0x00007FF77AA84000-memory.dmp

memory/1036-1079-0x00007FF6B06E0000-0x00007FF6B0A34000-memory.dmp

memory/1684-1081-0x00007FF60A830000-0x00007FF60AB84000-memory.dmp

memory/916-1100-0x00007FF6BCA30000-0x00007FF6BCD84000-memory.dmp

memory/1892-1099-0x00007FF79CFE0000-0x00007FF79D334000-memory.dmp

memory/2172-1098-0x00007FF6B95A0000-0x00007FF6B98F4000-memory.dmp

memory/1640-1097-0x00007FF64E6C0000-0x00007FF64EA14000-memory.dmp

memory/516-1096-0x00007FF637960000-0x00007FF637CB4000-memory.dmp

memory/1564-1095-0x00007FF7158E0000-0x00007FF715C34000-memory.dmp

memory/4188-1094-0x00007FF7A3070000-0x00007FF7A33C4000-memory.dmp

memory/4732-1093-0x00007FF7B8480000-0x00007FF7B87D4000-memory.dmp

memory/1496-1092-0x00007FF634BA0000-0x00007FF634EF4000-memory.dmp

memory/3044-1091-0x00007FF6E0E10000-0x00007FF6E1164000-memory.dmp

memory/3940-1090-0x00007FF7386B0000-0x00007FF738A04000-memory.dmp

memory/1184-1089-0x00007FF6846E0000-0x00007FF684A34000-memory.dmp

memory/4724-1088-0x00007FF690410000-0x00007FF690764000-memory.dmp