Malware Analysis Report

2024-10-10 09:33

Sample ID 240627-pn69hatenp
Target 84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe
SHA256 84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5

Threat Level: Known bad

The file 84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

xmrig

XMRig Miner payload

Xmrig family

KPOT

Kpot family

KPOT Core Executable

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 12:29

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 12:29

Reported

2024-06-27 12:32

Platform

win7-20240221-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gdobOBB.exe N/A
N/A N/A C:\Windows\System\WAaMHuw.exe N/A
N/A N/A C:\Windows\System\gKpvSTS.exe N/A
N/A N/A C:\Windows\System\FkuhqiF.exe N/A
N/A N/A C:\Windows\System\YoAQGZZ.exe N/A
N/A N/A C:\Windows\System\ZWzbXIB.exe N/A
N/A N/A C:\Windows\System\bBEZbRq.exe N/A
N/A N/A C:\Windows\System\boPixVG.exe N/A
N/A N/A C:\Windows\System\yKskcjB.exe N/A
N/A N/A C:\Windows\System\wxeYsDb.exe N/A
N/A N/A C:\Windows\System\usPrCsJ.exe N/A
N/A N/A C:\Windows\System\LsfwDHg.exe N/A
N/A N/A C:\Windows\System\BFOYUIO.exe N/A
N/A N/A C:\Windows\System\TdbtYft.exe N/A
N/A N/A C:\Windows\System\oRFhQEW.exe N/A
N/A N/A C:\Windows\System\vYHnulf.exe N/A
N/A N/A C:\Windows\System\ywecNcl.exe N/A
N/A N/A C:\Windows\System\XHrYUkn.exe N/A
N/A N/A C:\Windows\System\uQqnmVp.exe N/A
N/A N/A C:\Windows\System\hXWLFMq.exe N/A
N/A N/A C:\Windows\System\RlygYku.exe N/A
N/A N/A C:\Windows\System\cQyDSCC.exe N/A
N/A N/A C:\Windows\System\BYdyCsk.exe N/A
N/A N/A C:\Windows\System\eGDvtPI.exe N/A
N/A N/A C:\Windows\System\PIuVMwA.exe N/A
N/A N/A C:\Windows\System\UIaGZjZ.exe N/A
N/A N/A C:\Windows\System\TRUVbGR.exe N/A
N/A N/A C:\Windows\System\ehPyNlF.exe N/A
N/A N/A C:\Windows\System\lrcBKSA.exe N/A
N/A N/A C:\Windows\System\JgEEiVk.exe N/A
N/A N/A C:\Windows\System\khxtjzT.exe N/A
N/A N/A C:\Windows\System\FHAAQCQ.exe N/A
N/A N/A C:\Windows\System\UxSCKRA.exe N/A
N/A N/A C:\Windows\System\xtOFsiL.exe N/A
N/A N/A C:\Windows\System\chwJonb.exe N/A
N/A N/A C:\Windows\System\ZCfGktE.exe N/A
N/A N/A C:\Windows\System\kFIDYSa.exe N/A
N/A N/A C:\Windows\System\dfbmhhR.exe N/A
N/A N/A C:\Windows\System\rxYNBNG.exe N/A
N/A N/A C:\Windows\System\ZTuVkbT.exe N/A
N/A N/A C:\Windows\System\bIlAdPL.exe N/A
N/A N/A C:\Windows\System\SDYNyCC.exe N/A
N/A N/A C:\Windows\System\COqINxO.exe N/A
N/A N/A C:\Windows\System\LmEXuiY.exe N/A
N/A N/A C:\Windows\System\GFGoEEe.exe N/A
N/A N/A C:\Windows\System\MMWBNIv.exe N/A
N/A N/A C:\Windows\System\GyAUVjs.exe N/A
N/A N/A C:\Windows\System\nVIkDkf.exe N/A
N/A N/A C:\Windows\System\hdmEdAM.exe N/A
N/A N/A C:\Windows\System\ytGjlYI.exe N/A
N/A N/A C:\Windows\System\aigZVvj.exe N/A
N/A N/A C:\Windows\System\XxPzUPR.exe N/A
N/A N/A C:\Windows\System\PuAIIPi.exe N/A
N/A N/A C:\Windows\System\oGkrkAO.exe N/A
N/A N/A C:\Windows\System\EiNrGtK.exe N/A
N/A N/A C:\Windows\System\bNJydAC.exe N/A
N/A N/A C:\Windows\System\iGLYiTo.exe N/A
N/A N/A C:\Windows\System\gsFDQNU.exe N/A
N/A N/A C:\Windows\System\ESsTTVV.exe N/A
N/A N/A C:\Windows\System\bPKfpmJ.exe N/A
N/A N/A C:\Windows\System\qfnfudO.exe N/A
N/A N/A C:\Windows\System\wInxduT.exe N/A
N/A N/A C:\Windows\System\tCBMsGc.exe N/A
N/A N/A C:\Windows\System\SMzWvXQ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\imAeZHv.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJLYWtT.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrcBKSA.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\utTeYgD.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTdluNG.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\OinCRSe.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMpVwSN.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFIDYSa.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNJydAC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqtdMtx.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WdFfjvC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYfrXEr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\txXzSxy.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZoQqcq.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\pUtjJrr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\rxYNBNG.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyAUVjs.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfnfudO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtWlmBm.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJKNDKT.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\argzPsQ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZTuVkbT.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbniPqg.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgxMUFr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTUcsME.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDOGDnz.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYgqIHz.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\XqLznUh.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkllYVM.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNFJcAq.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJanhGS.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMfpGQr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvLSnUQ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPiCLVF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdJfdoa.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBEZbRq.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsfwDHg.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFOYUIO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxLhCAB.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHaCTRL.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDYNyCC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\wglTAie.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\POajuZX.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\eQPKMsl.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeVyhMi.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\rbVxFIZ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBimqeC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTwCeMW.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZzuXBj.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLDRzFO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\JlSBFfC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGKTdhB.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzJmoJV.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYdyCsk.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\YLXiwDp.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\LdmRTrN.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWdrGfY.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXprTaG.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\UeUiZtI.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVcZLcF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPKfpmJ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SMzWvXQ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmqpXiF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgVSuAN.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gdobOBB.exe
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gdobOBB.exe
PID 1924 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gdobOBB.exe
PID 1924 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\WAaMHuw.exe
PID 1924 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\WAaMHuw.exe
PID 1924 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\WAaMHuw.exe
PID 1924 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FkuhqiF.exe
PID 1924 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FkuhqiF.exe
PID 1924 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FkuhqiF.exe
PID 1924 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gKpvSTS.exe
PID 1924 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gKpvSTS.exe
PID 1924 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gKpvSTS.exe
PID 1924 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\YoAQGZZ.exe
PID 1924 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\YoAQGZZ.exe
PID 1924 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\YoAQGZZ.exe
PID 1924 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ZWzbXIB.exe
PID 1924 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ZWzbXIB.exe
PID 1924 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ZWzbXIB.exe
PID 1924 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\bBEZbRq.exe
PID 1924 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\bBEZbRq.exe
PID 1924 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\bBEZbRq.exe
PID 1924 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\boPixVG.exe
PID 1924 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\boPixVG.exe
PID 1924 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\boPixVG.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\wxeYsDb.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\wxeYsDb.exe
PID 1924 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\wxeYsDb.exe
PID 1924 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\yKskcjB.exe
PID 1924 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\yKskcjB.exe
PID 1924 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\yKskcjB.exe
PID 1924 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\usPrCsJ.exe
PID 1924 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\usPrCsJ.exe
PID 1924 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\usPrCsJ.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\LsfwDHg.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\LsfwDHg.exe
PID 1924 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\LsfwDHg.exe
PID 1924 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BFOYUIO.exe
PID 1924 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BFOYUIO.exe
PID 1924 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BFOYUIO.exe
PID 1924 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TdbtYft.exe
PID 1924 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TdbtYft.exe
PID 1924 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TdbtYft.exe
PID 1924 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\oRFhQEW.exe
PID 1924 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\oRFhQEW.exe
PID 1924 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\oRFhQEW.exe
PID 1924 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\vYHnulf.exe
PID 1924 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\vYHnulf.exe
PID 1924 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\vYHnulf.exe
PID 1924 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ywecNcl.exe
PID 1924 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ywecNcl.exe
PID 1924 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ywecNcl.exe
PID 1924 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\XHrYUkn.exe
PID 1924 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\XHrYUkn.exe
PID 1924 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\XHrYUkn.exe
PID 1924 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\uQqnmVp.exe
PID 1924 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\uQqnmVp.exe
PID 1924 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\uQqnmVp.exe
PID 1924 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\hXWLFMq.exe
PID 1924 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\hXWLFMq.exe
PID 1924 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\hXWLFMq.exe
PID 1924 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\RlygYku.exe
PID 1924 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\RlygYku.exe
PID 1924 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\RlygYku.exe
PID 1924 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\cQyDSCC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe"

C:\Windows\System\gdobOBB.exe

C:\Windows\System\gdobOBB.exe

C:\Windows\System\WAaMHuw.exe

C:\Windows\System\WAaMHuw.exe

C:\Windows\System\FkuhqiF.exe

C:\Windows\System\FkuhqiF.exe

C:\Windows\System\gKpvSTS.exe

C:\Windows\System\gKpvSTS.exe

C:\Windows\System\YoAQGZZ.exe

C:\Windows\System\YoAQGZZ.exe

C:\Windows\System\ZWzbXIB.exe

C:\Windows\System\ZWzbXIB.exe

C:\Windows\System\bBEZbRq.exe

C:\Windows\System\bBEZbRq.exe

C:\Windows\System\boPixVG.exe

C:\Windows\System\boPixVG.exe

C:\Windows\System\wxeYsDb.exe

C:\Windows\System\wxeYsDb.exe

C:\Windows\System\yKskcjB.exe

C:\Windows\System\yKskcjB.exe

C:\Windows\System\usPrCsJ.exe

C:\Windows\System\usPrCsJ.exe

C:\Windows\System\LsfwDHg.exe

C:\Windows\System\LsfwDHg.exe

C:\Windows\System\BFOYUIO.exe

C:\Windows\System\BFOYUIO.exe

C:\Windows\System\TdbtYft.exe

C:\Windows\System\TdbtYft.exe

C:\Windows\System\oRFhQEW.exe

C:\Windows\System\oRFhQEW.exe

C:\Windows\System\vYHnulf.exe

C:\Windows\System\vYHnulf.exe

C:\Windows\System\ywecNcl.exe

C:\Windows\System\ywecNcl.exe

C:\Windows\System\XHrYUkn.exe

C:\Windows\System\XHrYUkn.exe

C:\Windows\System\uQqnmVp.exe

C:\Windows\System\uQqnmVp.exe

C:\Windows\System\hXWLFMq.exe

C:\Windows\System\hXWLFMq.exe

C:\Windows\System\RlygYku.exe

C:\Windows\System\RlygYku.exe

C:\Windows\System\cQyDSCC.exe

C:\Windows\System\cQyDSCC.exe

C:\Windows\System\BYdyCsk.exe

C:\Windows\System\BYdyCsk.exe

C:\Windows\System\eGDvtPI.exe

C:\Windows\System\eGDvtPI.exe

C:\Windows\System\PIuVMwA.exe

C:\Windows\System\PIuVMwA.exe

C:\Windows\System\UIaGZjZ.exe

C:\Windows\System\UIaGZjZ.exe

C:\Windows\System\TRUVbGR.exe

C:\Windows\System\TRUVbGR.exe

C:\Windows\System\ehPyNlF.exe

C:\Windows\System\ehPyNlF.exe

C:\Windows\System\lrcBKSA.exe

C:\Windows\System\lrcBKSA.exe

C:\Windows\System\JgEEiVk.exe

C:\Windows\System\JgEEiVk.exe

C:\Windows\System\khxtjzT.exe

C:\Windows\System\khxtjzT.exe

C:\Windows\System\FHAAQCQ.exe

C:\Windows\System\FHAAQCQ.exe

C:\Windows\System\UxSCKRA.exe

C:\Windows\System\UxSCKRA.exe

C:\Windows\System\xtOFsiL.exe

C:\Windows\System\xtOFsiL.exe

C:\Windows\System\chwJonb.exe

C:\Windows\System\chwJonb.exe

C:\Windows\System\ZCfGktE.exe

C:\Windows\System\ZCfGktE.exe

C:\Windows\System\kFIDYSa.exe

C:\Windows\System\kFIDYSa.exe

C:\Windows\System\dfbmhhR.exe

C:\Windows\System\dfbmhhR.exe

C:\Windows\System\rxYNBNG.exe

C:\Windows\System\rxYNBNG.exe

C:\Windows\System\ZTuVkbT.exe

C:\Windows\System\ZTuVkbT.exe

C:\Windows\System\bIlAdPL.exe

C:\Windows\System\bIlAdPL.exe

C:\Windows\System\SDYNyCC.exe

C:\Windows\System\SDYNyCC.exe

C:\Windows\System\COqINxO.exe

C:\Windows\System\COqINxO.exe

C:\Windows\System\LmEXuiY.exe

C:\Windows\System\LmEXuiY.exe

C:\Windows\System\GFGoEEe.exe

C:\Windows\System\GFGoEEe.exe

C:\Windows\System\MMWBNIv.exe

C:\Windows\System\MMWBNIv.exe

C:\Windows\System\GyAUVjs.exe

C:\Windows\System\GyAUVjs.exe

C:\Windows\System\nVIkDkf.exe

C:\Windows\System\nVIkDkf.exe

C:\Windows\System\hdmEdAM.exe

C:\Windows\System\hdmEdAM.exe

C:\Windows\System\ytGjlYI.exe

C:\Windows\System\ytGjlYI.exe

C:\Windows\System\aigZVvj.exe

C:\Windows\System\aigZVvj.exe

C:\Windows\System\XxPzUPR.exe

C:\Windows\System\XxPzUPR.exe

C:\Windows\System\PuAIIPi.exe

C:\Windows\System\PuAIIPi.exe

C:\Windows\System\oGkrkAO.exe

C:\Windows\System\oGkrkAO.exe

C:\Windows\System\EiNrGtK.exe

C:\Windows\System\EiNrGtK.exe

C:\Windows\System\bNJydAC.exe

C:\Windows\System\bNJydAC.exe

C:\Windows\System\iGLYiTo.exe

C:\Windows\System\iGLYiTo.exe

C:\Windows\System\gsFDQNU.exe

C:\Windows\System\gsFDQNU.exe

C:\Windows\System\ESsTTVV.exe

C:\Windows\System\ESsTTVV.exe

C:\Windows\System\bPKfpmJ.exe

C:\Windows\System\bPKfpmJ.exe

C:\Windows\System\qfnfudO.exe

C:\Windows\System\qfnfudO.exe

C:\Windows\System\wInxduT.exe

C:\Windows\System\wInxduT.exe

C:\Windows\System\tCBMsGc.exe

C:\Windows\System\tCBMsGc.exe

C:\Windows\System\SMzWvXQ.exe

C:\Windows\System\SMzWvXQ.exe

C:\Windows\System\opcavGP.exe

C:\Windows\System\opcavGP.exe

C:\Windows\System\dTqSyez.exe

C:\Windows\System\dTqSyez.exe

C:\Windows\System\QkNTzYq.exe

C:\Windows\System\QkNTzYq.exe

C:\Windows\System\ngVunVO.exe

C:\Windows\System\ngVunVO.exe

C:\Windows\System\LuZVfmq.exe

C:\Windows\System\LuZVfmq.exe

C:\Windows\System\KHKXDQJ.exe

C:\Windows\System\KHKXDQJ.exe

C:\Windows\System\HbniPqg.exe

C:\Windows\System\HbniPqg.exe

C:\Windows\System\RmqpXiF.exe

C:\Windows\System\RmqpXiF.exe

C:\Windows\System\YmRKQpL.exe

C:\Windows\System\YmRKQpL.exe

C:\Windows\System\RWdrGfY.exe

C:\Windows\System\RWdrGfY.exe

C:\Windows\System\mgxMUFr.exe

C:\Windows\System\mgxMUFr.exe

C:\Windows\System\DzQpttv.exe

C:\Windows\System\DzQpttv.exe

C:\Windows\System\JmJYqrD.exe

C:\Windows\System\JmJYqrD.exe

C:\Windows\System\OXprTaG.exe

C:\Windows\System\OXprTaG.exe

C:\Windows\System\GLUzRRn.exe

C:\Windows\System\GLUzRRn.exe

C:\Windows\System\UQjzHTJ.exe

C:\Windows\System\UQjzHTJ.exe

C:\Windows\System\YLXiwDp.exe

C:\Windows\System\YLXiwDp.exe

C:\Windows\System\YJHbhVw.exe

C:\Windows\System\YJHbhVw.exe

C:\Windows\System\RkRYXay.exe

C:\Windows\System\RkRYXay.exe

C:\Windows\System\vnROCyS.exe

C:\Windows\System\vnROCyS.exe

C:\Windows\System\yMfpGQr.exe

C:\Windows\System\yMfpGQr.exe

C:\Windows\System\utTeYgD.exe

C:\Windows\System\utTeYgD.exe

C:\Windows\System\UzVOtpl.exe

C:\Windows\System\UzVOtpl.exe

C:\Windows\System\WGnOeRl.exe

C:\Windows\System\WGnOeRl.exe

C:\Windows\System\pmriQqy.exe

C:\Windows\System\pmriQqy.exe

C:\Windows\System\twAKrZj.exe

C:\Windows\System\twAKrZj.exe

C:\Windows\System\qUUwVVa.exe

C:\Windows\System\qUUwVVa.exe

C:\Windows\System\dBimqeC.exe

C:\Windows\System\dBimqeC.exe

C:\Windows\System\XvUWmST.exe

C:\Windows\System\XvUWmST.exe

C:\Windows\System\LespAXO.exe

C:\Windows\System\LespAXO.exe

C:\Windows\System\TTdluNG.exe

C:\Windows\System\TTdluNG.exe

C:\Windows\System\npALPYz.exe

C:\Windows\System\npALPYz.exe

C:\Windows\System\xeyTEdD.exe

C:\Windows\System\xeyTEdD.exe

C:\Windows\System\lbRCuRM.exe

C:\Windows\System\lbRCuRM.exe

C:\Windows\System\QbvlAcm.exe

C:\Windows\System\QbvlAcm.exe

C:\Windows\System\NVrTWad.exe

C:\Windows\System\NVrTWad.exe

C:\Windows\System\vTwCeMW.exe

C:\Windows\System\vTwCeMW.exe

C:\Windows\System\LdmRTrN.exe

C:\Windows\System\LdmRTrN.exe

C:\Windows\System\TTUSwry.exe

C:\Windows\System\TTUSwry.exe

C:\Windows\System\QQRCdDj.exe

C:\Windows\System\QQRCdDj.exe

C:\Windows\System\SVCaipJ.exe

C:\Windows\System\SVCaipJ.exe

C:\Windows\System\dMjZtgU.exe

C:\Windows\System\dMjZtgU.exe

C:\Windows\System\maHvQEQ.exe

C:\Windows\System\maHvQEQ.exe

C:\Windows\System\qheMTpZ.exe

C:\Windows\System\qheMTpZ.exe

C:\Windows\System\UYxjJCE.exe

C:\Windows\System\UYxjJCE.exe

C:\Windows\System\WdFfjvC.exe

C:\Windows\System\WdFfjvC.exe

C:\Windows\System\FSmoEmW.exe

C:\Windows\System\FSmoEmW.exe

C:\Windows\System\EaelOAZ.exe

C:\Windows\System\EaelOAZ.exe

C:\Windows\System\sSynmyM.exe

C:\Windows\System\sSynmyM.exe

C:\Windows\System\QpGtlTO.exe

C:\Windows\System\QpGtlTO.exe

C:\Windows\System\DhXcFrp.exe

C:\Windows\System\DhXcFrp.exe

C:\Windows\System\ySFkWgR.exe

C:\Windows\System\ySFkWgR.exe

C:\Windows\System\zZzuXBj.exe

C:\Windows\System\zZzuXBj.exe

C:\Windows\System\bYfrXEr.exe

C:\Windows\System\bYfrXEr.exe

C:\Windows\System\WpuvlGl.exe

C:\Windows\System\WpuvlGl.exe

C:\Windows\System\dkWwkRo.exe

C:\Windows\System\dkWwkRo.exe

C:\Windows\System\jrVNFVQ.exe

C:\Windows\System\jrVNFVQ.exe

C:\Windows\System\uYWrXMJ.exe

C:\Windows\System\uYWrXMJ.exe

C:\Windows\System\bKqPiaW.exe

C:\Windows\System\bKqPiaW.exe

C:\Windows\System\MyGPRUN.exe

C:\Windows\System\MyGPRUN.exe

C:\Windows\System\exnjxUS.exe

C:\Windows\System\exnjxUS.exe

C:\Windows\System\xSQSnVs.exe

C:\Windows\System\xSQSnVs.exe

C:\Windows\System\imAeZHv.exe

C:\Windows\System\imAeZHv.exe

C:\Windows\System\oqVvvDG.exe

C:\Windows\System\oqVvvDG.exe

C:\Windows\System\aLDRzFO.exe

C:\Windows\System\aLDRzFO.exe

C:\Windows\System\bgVSuAN.exe

C:\Windows\System\bgVSuAN.exe

C:\Windows\System\yIiDiJi.exe

C:\Windows\System\yIiDiJi.exe

C:\Windows\System\otwxvkb.exe

C:\Windows\System\otwxvkb.exe

C:\Windows\System\jtWlmBm.exe

C:\Windows\System\jtWlmBm.exe

C:\Windows\System\xfRQrYy.exe

C:\Windows\System\xfRQrYy.exe

C:\Windows\System\ipwLCcX.exe

C:\Windows\System\ipwLCcX.exe

C:\Windows\System\WJKNDKT.exe

C:\Windows\System\WJKNDKT.exe

C:\Windows\System\NOEYJAv.exe

C:\Windows\System\NOEYJAv.exe

C:\Windows\System\HoWvmll.exe

C:\Windows\System\HoWvmll.exe

C:\Windows\System\CpIEcWw.exe

C:\Windows\System\CpIEcWw.exe

C:\Windows\System\txXzSxy.exe

C:\Windows\System\txXzSxy.exe

C:\Windows\System\wYJyVpu.exe

C:\Windows\System\wYJyVpu.exe

C:\Windows\System\bPRxyiD.exe

C:\Windows\System\bPRxyiD.exe

C:\Windows\System\eRuRCKG.exe

C:\Windows\System\eRuRCKG.exe

C:\Windows\System\ZCPJDtS.exe

C:\Windows\System\ZCPJDtS.exe

C:\Windows\System\XqLznUh.exe

C:\Windows\System\XqLznUh.exe

C:\Windows\System\cMssUcD.exe

C:\Windows\System\cMssUcD.exe

C:\Windows\System\cFsWKZa.exe

C:\Windows\System\cFsWKZa.exe

C:\Windows\System\oRGZqRu.exe

C:\Windows\System\oRGZqRu.exe

C:\Windows\System\OJpoTDA.exe

C:\Windows\System\OJpoTDA.exe

C:\Windows\System\ucWEumF.exe

C:\Windows\System\ucWEumF.exe

C:\Windows\System\dOUjnKS.exe

C:\Windows\System\dOUjnKS.exe

C:\Windows\System\xIITguQ.exe

C:\Windows\System\xIITguQ.exe

C:\Windows\System\ZjzHLkV.exe

C:\Windows\System\ZjzHLkV.exe

C:\Windows\System\WAjojBr.exe

C:\Windows\System\WAjojBr.exe

C:\Windows\System\JlSBFfC.exe

C:\Windows\System\JlSBFfC.exe

C:\Windows\System\dIPCKhA.exe

C:\Windows\System\dIPCKhA.exe

C:\Windows\System\cPpRoBU.exe

C:\Windows\System\cPpRoBU.exe

C:\Windows\System\CfKfhLl.exe

C:\Windows\System\CfKfhLl.exe

C:\Windows\System\IkYxFJJ.exe

C:\Windows\System\IkYxFJJ.exe

C:\Windows\System\dkllYVM.exe

C:\Windows\System\dkllYVM.exe

C:\Windows\System\oqQYnOi.exe

C:\Windows\System\oqQYnOi.exe

C:\Windows\System\WmdytfX.exe

C:\Windows\System\WmdytfX.exe

C:\Windows\System\ZvslVFj.exe

C:\Windows\System\ZvslVFj.exe

C:\Windows\System\bzFgYrm.exe

C:\Windows\System\bzFgYrm.exe

C:\Windows\System\WfATaZF.exe

C:\Windows\System\WfATaZF.exe

C:\Windows\System\vDLgkKO.exe

C:\Windows\System\vDLgkKO.exe

C:\Windows\System\ctWAQOo.exe

C:\Windows\System\ctWAQOo.exe

C:\Windows\System\EylCoiO.exe

C:\Windows\System\EylCoiO.exe

C:\Windows\System\OQeYOxH.exe

C:\Windows\System\OQeYOxH.exe

C:\Windows\System\eGOuKkx.exe

C:\Windows\System\eGOuKkx.exe

C:\Windows\System\eAUTJaQ.exe

C:\Windows\System\eAUTJaQ.exe

C:\Windows\System\PvPZcBr.exe

C:\Windows\System\PvPZcBr.exe

C:\Windows\System\FVcZLcF.exe

C:\Windows\System\FVcZLcF.exe

C:\Windows\System\StaZqkR.exe

C:\Windows\System\StaZqkR.exe

C:\Windows\System\BxgsHiI.exe

C:\Windows\System\BxgsHiI.exe

C:\Windows\System\ogFoWjt.exe

C:\Windows\System\ogFoWjt.exe

C:\Windows\System\UShqCSw.exe

C:\Windows\System\UShqCSw.exe

C:\Windows\System\imgNjWv.exe

C:\Windows\System\imgNjWv.exe

C:\Windows\System\nkPSfqe.exe

C:\Windows\System\nkPSfqe.exe

C:\Windows\System\TqtdMtx.exe

C:\Windows\System\TqtdMtx.exe

C:\Windows\System\LaXfUuy.exe

C:\Windows\System\LaXfUuy.exe

C:\Windows\System\wlOUXlJ.exe

C:\Windows\System\wlOUXlJ.exe

C:\Windows\System\xDvwDls.exe

C:\Windows\System\xDvwDls.exe

C:\Windows\System\yNjFteR.exe

C:\Windows\System\yNjFteR.exe

C:\Windows\System\eQPKMsl.exe

C:\Windows\System\eQPKMsl.exe

C:\Windows\System\ulMWbyZ.exe

C:\Windows\System\ulMWbyZ.exe

C:\Windows\System\drKRiOt.exe

C:\Windows\System\drKRiOt.exe

C:\Windows\System\LFIPdox.exe

C:\Windows\System\LFIPdox.exe

C:\Windows\System\hZUxezB.exe

C:\Windows\System\hZUxezB.exe

C:\Windows\System\nynssZW.exe

C:\Windows\System\nynssZW.exe

C:\Windows\System\EJLYWtT.exe

C:\Windows\System\EJLYWtT.exe

C:\Windows\System\heMNZOL.exe

C:\Windows\System\heMNZOL.exe

C:\Windows\System\CNFJcAq.exe

C:\Windows\System\CNFJcAq.exe

C:\Windows\System\xRKdQSO.exe

C:\Windows\System\xRKdQSO.exe

C:\Windows\System\EqehmFw.exe

C:\Windows\System\EqehmFw.exe

C:\Windows\System\WZFkXAZ.exe

C:\Windows\System\WZFkXAZ.exe

C:\Windows\System\dFknLoE.exe

C:\Windows\System\dFknLoE.exe

C:\Windows\System\JRGQaxz.exe

C:\Windows\System\JRGQaxz.exe

C:\Windows\System\BGIMdgb.exe

C:\Windows\System\BGIMdgb.exe

C:\Windows\System\vWSgwNM.exe

C:\Windows\System\vWSgwNM.exe

C:\Windows\System\UeUiZtI.exe

C:\Windows\System\UeUiZtI.exe

C:\Windows\System\EGbuYTu.exe

C:\Windows\System\EGbuYTu.exe

C:\Windows\System\tAMpedY.exe

C:\Windows\System\tAMpedY.exe

C:\Windows\System\UexkTBb.exe

C:\Windows\System\UexkTBb.exe

C:\Windows\System\bAhbSbp.exe

C:\Windows\System\bAhbSbp.exe

C:\Windows\System\yTUcsME.exe

C:\Windows\System\yTUcsME.exe

C:\Windows\System\vZzbnkt.exe

C:\Windows\System\vZzbnkt.exe

C:\Windows\System\ZNUBspl.exe

C:\Windows\System\ZNUBspl.exe

C:\Windows\System\MDZMJqa.exe

C:\Windows\System\MDZMJqa.exe

C:\Windows\System\wglTAie.exe

C:\Windows\System\wglTAie.exe

C:\Windows\System\argzPsQ.exe

C:\Windows\System\argzPsQ.exe

C:\Windows\System\mXKMmtO.exe

C:\Windows\System\mXKMmtO.exe

C:\Windows\System\OinCRSe.exe

C:\Windows\System\OinCRSe.exe

C:\Windows\System\EXjjbSg.exe

C:\Windows\System\EXjjbSg.exe

C:\Windows\System\vHerdVg.exe

C:\Windows\System\vHerdVg.exe

C:\Windows\System\QrWOAtC.exe

C:\Windows\System\QrWOAtC.exe

C:\Windows\System\KrhZqsM.exe

C:\Windows\System\KrhZqsM.exe

C:\Windows\System\Oqbsspy.exe

C:\Windows\System\Oqbsspy.exe

C:\Windows\System\fvnNmZF.exe

C:\Windows\System\fvnNmZF.exe

C:\Windows\System\POajuZX.exe

C:\Windows\System\POajuZX.exe

C:\Windows\System\tdiqHvU.exe

C:\Windows\System\tdiqHvU.exe

C:\Windows\System\TgPMqDB.exe

C:\Windows\System\TgPMqDB.exe

C:\Windows\System\fMpVwSN.exe

C:\Windows\System\fMpVwSN.exe

C:\Windows\System\KEigiaZ.exe

C:\Windows\System\KEigiaZ.exe

C:\Windows\System\xeVyhMi.exe

C:\Windows\System\xeVyhMi.exe

C:\Windows\System\FmyPVQZ.exe

C:\Windows\System\FmyPVQZ.exe

C:\Windows\System\hDFuowz.exe

C:\Windows\System\hDFuowz.exe

C:\Windows\System\WlGNCiX.exe

C:\Windows\System\WlGNCiX.exe

C:\Windows\System\VoMWLCn.exe

C:\Windows\System\VoMWLCn.exe

C:\Windows\System\QbEepaU.exe

C:\Windows\System\QbEepaU.exe

C:\Windows\System\iVAxWuC.exe

C:\Windows\System\iVAxWuC.exe

C:\Windows\System\yRhcsZw.exe

C:\Windows\System\yRhcsZw.exe

C:\Windows\System\IbMySGD.exe

C:\Windows\System\IbMySGD.exe

C:\Windows\System\kZOahbM.exe

C:\Windows\System\kZOahbM.exe

C:\Windows\System\RDOGDnz.exe

C:\Windows\System\RDOGDnz.exe

C:\Windows\System\ZDezNSG.exe

C:\Windows\System\ZDezNSG.exe

C:\Windows\System\WrZgPtx.exe

C:\Windows\System\WrZgPtx.exe

C:\Windows\System\zAzsQCp.exe

C:\Windows\System\zAzsQCp.exe

C:\Windows\System\XjoEBDA.exe

C:\Windows\System\XjoEBDA.exe

C:\Windows\System\cQtGUdw.exe

C:\Windows\System\cQtGUdw.exe

C:\Windows\System\WRfmCWJ.exe

C:\Windows\System\WRfmCWJ.exe

C:\Windows\System\sxdDSAT.exe

C:\Windows\System\sxdDSAT.exe

C:\Windows\System\nxLhCAB.exe

C:\Windows\System\nxLhCAB.exe

C:\Windows\System\WRNWmQC.exe

C:\Windows\System\WRNWmQC.exe

C:\Windows\System\mcUVPao.exe

C:\Windows\System\mcUVPao.exe

C:\Windows\System\elzBeHY.exe

C:\Windows\System\elzBeHY.exe

C:\Windows\System\mQdExsY.exe

C:\Windows\System\mQdExsY.exe

C:\Windows\System\fepHgFc.exe

C:\Windows\System\fepHgFc.exe

C:\Windows\System\OLmffki.exe

C:\Windows\System\OLmffki.exe

C:\Windows\System\HUOwBDH.exe

C:\Windows\System\HUOwBDH.exe

C:\Windows\System\DdmpkFu.exe

C:\Windows\System\DdmpkFu.exe

C:\Windows\System\omVIZMh.exe

C:\Windows\System\omVIZMh.exe

C:\Windows\System\QVOtAoi.exe

C:\Windows\System\QVOtAoi.exe

C:\Windows\System\nepBoms.exe

C:\Windows\System\nepBoms.exe

C:\Windows\System\nvLSnUQ.exe

C:\Windows\System\nvLSnUQ.exe

C:\Windows\System\OaPSgEO.exe

C:\Windows\System\OaPSgEO.exe

C:\Windows\System\HtdoYJm.exe

C:\Windows\System\HtdoYJm.exe

C:\Windows\System\DkrdMHd.exe

C:\Windows\System\DkrdMHd.exe

C:\Windows\System\uNoCsYa.exe

C:\Windows\System\uNoCsYa.exe

C:\Windows\System\mImTuFj.exe

C:\Windows\System\mImTuFj.exe

C:\Windows\System\QKnntON.exe

C:\Windows\System\QKnntON.exe

C:\Windows\System\rbVxFIZ.exe

C:\Windows\System\rbVxFIZ.exe

C:\Windows\System\HymJoNT.exe

C:\Windows\System\HymJoNT.exe

C:\Windows\System\YjnhrHD.exe

C:\Windows\System\YjnhrHD.exe

C:\Windows\System\hMccISy.exe

C:\Windows\System\hMccISy.exe

C:\Windows\System\hyiyYwQ.exe

C:\Windows\System\hyiyYwQ.exe

C:\Windows\System\kDwBZky.exe

C:\Windows\System\kDwBZky.exe

C:\Windows\System\pOCOoLM.exe

C:\Windows\System\pOCOoLM.exe

C:\Windows\System\GgpJpfy.exe

C:\Windows\System\GgpJpfy.exe

C:\Windows\System\epyWhyS.exe

C:\Windows\System\epyWhyS.exe

C:\Windows\System\CVHhTYB.exe

C:\Windows\System\CVHhTYB.exe

C:\Windows\System\RxCvudA.exe

C:\Windows\System\RxCvudA.exe

C:\Windows\System\HHaCTRL.exe

C:\Windows\System\HHaCTRL.exe

C:\Windows\System\fZoQqcq.exe

C:\Windows\System\fZoQqcq.exe

C:\Windows\System\kfUKNyh.exe

C:\Windows\System\kfUKNyh.exe

C:\Windows\System\pUtjJrr.exe

C:\Windows\System\pUtjJrr.exe

C:\Windows\System\NpOygnU.exe

C:\Windows\System\NpOygnU.exe

C:\Windows\System\PYgqIHz.exe

C:\Windows\System\PYgqIHz.exe

C:\Windows\System\rgiTylq.exe

C:\Windows\System\rgiTylq.exe

C:\Windows\System\aaUvqQT.exe

C:\Windows\System\aaUvqQT.exe

C:\Windows\System\aumSsJk.exe

C:\Windows\System\aumSsJk.exe

C:\Windows\System\rpMuXjn.exe

C:\Windows\System\rpMuXjn.exe

C:\Windows\System\ZVCGoBp.exe

C:\Windows\System\ZVCGoBp.exe

C:\Windows\System\qXFrmNW.exe

C:\Windows\System\qXFrmNW.exe

C:\Windows\System\RYQNYwb.exe

C:\Windows\System\RYQNYwb.exe

C:\Windows\System\mPiCLVF.exe

C:\Windows\System\mPiCLVF.exe

C:\Windows\System\TwhteAq.exe

C:\Windows\System\TwhteAq.exe

C:\Windows\System\bdYyKdL.exe

C:\Windows\System\bdYyKdL.exe

C:\Windows\System\vIVvXnb.exe

C:\Windows\System\vIVvXnb.exe

C:\Windows\System\ZYDzEVS.exe

C:\Windows\System\ZYDzEVS.exe

C:\Windows\System\RdLphHB.exe

C:\Windows\System\RdLphHB.exe

C:\Windows\System\rKtqXVe.exe

C:\Windows\System\rKtqXVe.exe

C:\Windows\System\HhZnmdn.exe

C:\Windows\System\HhZnmdn.exe

C:\Windows\System\yTmhOrC.exe

C:\Windows\System\yTmhOrC.exe

C:\Windows\System\XFvCtXw.exe

C:\Windows\System\XFvCtXw.exe

C:\Windows\System\BlHkarw.exe

C:\Windows\System\BlHkarw.exe

C:\Windows\System\LBckRNr.exe

C:\Windows\System\LBckRNr.exe

C:\Windows\System\tJanhGS.exe

C:\Windows\System\tJanhGS.exe

C:\Windows\System\ULJHnYt.exe

C:\Windows\System\ULJHnYt.exe

C:\Windows\System\JbkNmUl.exe

C:\Windows\System\JbkNmUl.exe

C:\Windows\System\CnCOwVf.exe

C:\Windows\System\CnCOwVf.exe

C:\Windows\System\SGKTdhB.exe

C:\Windows\System\SGKTdhB.exe

C:\Windows\System\DgzYTdg.exe

C:\Windows\System\DgzYTdg.exe

C:\Windows\System\MUdNTWJ.exe

C:\Windows\System\MUdNTWJ.exe

C:\Windows\System\qvPNCMb.exe

C:\Windows\System\qvPNCMb.exe

C:\Windows\System\BtYTXdF.exe

C:\Windows\System\BtYTXdF.exe

C:\Windows\System\XTYjDiI.exe

C:\Windows\System\XTYjDiI.exe

C:\Windows\System\OQPoLIL.exe

C:\Windows\System\OQPoLIL.exe

C:\Windows\System\WzJmoJV.exe

C:\Windows\System\WzJmoJV.exe

C:\Windows\System\OxaqhuX.exe

C:\Windows\System\OxaqhuX.exe

C:\Windows\System\JszkONp.exe

C:\Windows\System\JszkONp.exe

C:\Windows\System\nwzbwUa.exe

C:\Windows\System\nwzbwUa.exe

C:\Windows\System\oeVdxyg.exe

C:\Windows\System\oeVdxyg.exe

C:\Windows\System\bDRHBzr.exe

C:\Windows\System\bDRHBzr.exe

C:\Windows\System\hUXvrXS.exe

C:\Windows\System\hUXvrXS.exe

C:\Windows\System\WzhxpBz.exe

C:\Windows\System\WzhxpBz.exe

C:\Windows\System\SmUPEdu.exe

C:\Windows\System\SmUPEdu.exe

C:\Windows\System\YdJfdoa.exe

C:\Windows\System\YdJfdoa.exe

C:\Windows\System\QEXoLFl.exe

C:\Windows\System\QEXoLFl.exe

C:\Windows\System\vcIRpdE.exe

C:\Windows\System\vcIRpdE.exe

C:\Windows\System\GZsITTj.exe

C:\Windows\System\GZsITTj.exe

C:\Windows\System\IEAYdWL.exe

C:\Windows\System\IEAYdWL.exe

C:\Windows\System\MpmMDuS.exe

C:\Windows\System\MpmMDuS.exe

C:\Windows\System\UmsXZfd.exe

C:\Windows\System\UmsXZfd.exe

C:\Windows\System\WFCpJfs.exe

C:\Windows\System\WFCpJfs.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1924-0-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/1924-1-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\system\gKpvSTS.exe

MD5 aad3368adf038c8f8b380188bbddaa42
SHA1 418fcb6d12af8fefdcb6a37d11fcfbf55051c7ce
SHA256 e4e1cc1bfef7cdfa84c14f17d7677de8d16a7e019eb79cb100c6b70d32fcc0d0
SHA512 f255090c90b9707e5f972a5ba4c83a52726d8b179ac8e02de9503eb4694dd4b515bc0163ac9801b076ce3fe01ac10dc21070630c5ab3e4b8ad9077102cf0dc8e

\Windows\system\YoAQGZZ.exe

MD5 8b9e1b271ee2100d796ec64eeec0198f
SHA1 4474e0f131bd50459bae47d3ad581042533a57d2
SHA256 a6c7c505d543b5d8ebbe317d2337cd39dad22d1cc484c94ead31592cfe18d98f
SHA512 4fe449e74789f276d8f539b844a311ff8a39c86ccfdb7bdc9b888f58a0bb9ebc70033265575ecf25a87e08d7556f24d82e758357308f378ba4526cfc27b084d5

memory/2584-28-0x000000013F340000-0x000000013F694000-memory.dmp

memory/1912-41-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2536-44-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/1924-43-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2688-42-0x000000013F310000-0x000000013F664000-memory.dmp

memory/1924-39-0x000000013F2C0000-0x000000013F614000-memory.dmp

C:\Windows\system\ZWzbXIB.exe

MD5 8839c8b12b52f6a1e3ad0add284115bc
SHA1 35af8908e3ff91406847f393697a3dabbe34300a
SHA256 298d4d1eeb5b7947aa18166c6e879558935c5c15bcfefead70bfcb087c49aaf8
SHA512 054d4d30a49ce2660daf03e3b113c7495d837952e49c2c02e3e4a8ee2659e1710635dc922253ea28c8aef86848633bac81ad2b595e62335fd99e0a891e30e5aa

memory/1924-35-0x000000013F340000-0x000000013F694000-memory.dmp

memory/1924-33-0x0000000001EF0000-0x0000000002244000-memory.dmp

C:\Windows\system\FkuhqiF.exe

MD5 b6269967644386bdb056f3a12cbc19fb
SHA1 7ca31bee648a1bf88adfd95ca3a232e4f0317e5f
SHA256 90ea727fe20de873a3c05ece4c4924c78b5e033a6e3da9ed310bf4b09708a22f
SHA512 5b6a733975eca30bc3627e9e46893529ee3ee5643b9557e64ecaaeaac9eaf402ff38fed353027b2b0eceed836e7e2be7bd56553c6a1fb6a2782cf4a592dad970

memory/2484-24-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/1924-21-0x000000013F400000-0x000000013F754000-memory.dmp

C:\Windows\system\WAaMHuw.exe

MD5 1ac1274a697525e0b99c2c34102bd4b8
SHA1 94d457d3fde85f2af2ce8eb9d5421caca17cf23f
SHA256 9900b747122300d273d22a4d58a37d2e36ad94f85cb1b41c73e9b123eacc35fe
SHA512 ba0c81204a1363ee0c236848a8aeabeb8f42acc0c2fc89b1c3be6b492e2a921b8c737310891c8695874cfa6b7578daf27580274d4103715fe5b7a9c551040627

memory/2320-18-0x000000013F500000-0x000000013F854000-memory.dmp

C:\Windows\system\bBEZbRq.exe

MD5 91b98b723b2a66abfa74b78919b7c0a5
SHA1 13fb5260cd307cf7fe0a7ecbe6611a7a1ba63972
SHA256 8515c3dafcb7fcddde43575fab39aa94f3655e63bbad0feadc0ae6042e2c0c17
SHA512 978823ea8ffee471ba8a55586cc551d4ce911c2ced08f2f8341751a64b8f59fe8a13cd50560a4534b09df53bc4126e27c376cff108f8fc2e6e1a88d79ad94060

C:\Windows\system\boPixVG.exe

MD5 8e4f77bb6d01ac915737b4c83d971c82
SHA1 d694cdaa93fd3fedfa4ba6aab9b86b869e0ea48f
SHA256 0a04e66c5e08d6d9df2dd3824372478987658ecf902efe178fbd1ace1775bc9b
SHA512 1addbe5f688306fe4e894c7ee577944ca01e794535a942fdd6a1d73be79f187127edb70d931b6231d10dc468a8accec7fe2f9ca4d8797cb24b8465a05bc5a995

memory/2900-64-0x000000013F720000-0x000000013FA74000-memory.dmp

C:\Windows\system\wxeYsDb.exe

MD5 b180dea4ef0641271bbc16c5659f02d5
SHA1 455d67714e2a837d34155078e3840b030db734bf
SHA256 93928f3ad28aaff96673c9596974b16d0fc9ed595745d2fd0ef775a33c478ebc
SHA512 19d8b62bdee373b349a2a1bb3142706d0a9578d94c1800b4c3af0a5a81ed8d602b02871dc523684ce074ff45201730fa80974f4166e451642853af44cc5fc94b

memory/2412-67-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2460-76-0x000000013F230000-0x000000013F584000-memory.dmp

memory/1924-79-0x000000013F330000-0x000000013F684000-memory.dmp

memory/1924-75-0x000000013F230000-0x000000013F584000-memory.dmp

C:\Windows\system\LsfwDHg.exe

MD5 b1205f7e81d30475eb251628ac7853b4
SHA1 f134a34959c0ad1063244f453e1e8c283b7fae82
SHA256 696ac9ba83242de694369fba9d38e39b6da2ba8a289d9098174c6c8d18db132e
SHA512 48911a37ac1474111b5a1dd3d28df90cf9c1aca7aa28651d634a492796872d6c4adbc94779e01ed43693a9fc27e3114bead23010d5e1e351da1f3e7a4c412a3b

C:\Windows\system\TdbtYft.exe

MD5 9e1ba708ed35735d9d6e3ebb0683bd37
SHA1 dd9e3b458568a954effa63759e909ce3a5288efe
SHA256 4b9c5b2b129c89317d69ecfdc3f7fd989cee7b09498bc17175fd4158a963657c
SHA512 70a1acfe7705469fceed68b15ed0102274ccb51d490a567fbc1c927841851b0e96ea402244e4fecb43de3ab12ef46018ad13f3bd1e83c9b5126b94a01ef80f08

memory/1924-97-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2792-99-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/1924-98-0x000000013FF30000-0x0000000140284000-memory.dmp

C:\Windows\system\ywecNcl.exe

MD5 16808cee56e3404af4077f43c21d1326
SHA1 8c31d36fbbc1ef56993b6f303c2fb5921af051e9
SHA256 eb4e2711f2022bf032da2ec330a9a84ba21506eaa00d55b309882bd128609766
SHA512 8d7224a690420da453edfc7d439ea9657267528b3577ccc2672296341967bfa9341e2574e2a06c507b0bd5566f7180071d6582af0746fbcd5fc3a15be1dddb3f

C:\Windows\system\RlygYku.exe

MD5 627dfcc4aa714823049f6b12e829643f
SHA1 089b608a527fee98a49ac664882f3a41b6259025
SHA256 ee486684b8427e0d0ac67d04cab2ec828951b91134345eff547b77c2f8258d89
SHA512 94130fbc245a05da8befab838b49d59a7f657ecfe46ba7b448a2b9231b09fd0f03722a31f5e1c556701ba8c112bd92c8f6ac031ff0a13be1b92ade350dcf4ae5

\Windows\system\lrcBKSA.exe

MD5 b453d5f8d584740c749ac49c11ae7798
SHA1 67aa937996bf681cb5becd14a2964e3ab22b32a2
SHA256 c3544de12e1d102a18af6a1050c5c4bc5d2f7df11ec6fd82534cd16a872e50c3
SHA512 c9dc038c58ead855431dfbe1bf96d4e0e20aadf1065182001f4af0825c0ec5187dc102996a4678da7895d63d63bbd187e38b0bc1a3695ef88bf2367c48c0c360

C:\Windows\system\FHAAQCQ.exe

MD5 a39c6b9fb71f6b96af83448e0c6db4de
SHA1 c2d547596936cb353f680e9a9e6221338e6ad5fd
SHA256 6ccf92c9f504c46c606320614219795d163f12d3db28f6a2f3745552d6a41735
SHA512 b1a3fa77435790f9a25c740f34fb310f27923a551ce8718851123783bcf376352918e39b9635717003b5f9b897ded2f893f3a61a956132df68733316ac93507d

C:\Windows\system\khxtjzT.exe

MD5 2f91ab844928581fe2a8e7b8bc10d53a
SHA1 aeb07ad85bc90f145b816b2eef9e3592f9232c75
SHA256 6834f9c65d733b7bd73955a84ee0b4d9dce0a57cddde663783c52171ea5eedd3
SHA512 b607f1a40247b44aff651dd0a15138c7e1a3eae1b906c9297cb931cde6010237de17eb203a151d2d619ca0dbe7842e1f56aea07753b3beb286b99b49468cea74

C:\Windows\system\JgEEiVk.exe

MD5 34cad3f0695a472249de4462164419b3
SHA1 e0b86e369b246e5125f4f3d317cdc8e8552eec02
SHA256 213fc0eeaad9042be981643bcd77b33b234711d8813ebd7e8333967640887092
SHA512 b321357f1c16acaf3c599ca7daaf7a43cd20be12c9ddf41ccbfb9eb3daefe5c3830aa8f1ed1f8a6d5758f79662fc0bdbcd77587f640692340e1f0356173d3a01

C:\Windows\system\ehPyNlF.exe

MD5 43e6985817fe1db9b440efb3f986804e
SHA1 4e62cf9ea8a30c2bc10006c31bf9f18f38768a80
SHA256 c56fb21558cfc09c8f247301577f93280707dff025b9be6e022af61ac5a9d193
SHA512 7e3e8efe7eb060ee98b940801ea702064c3684ba091050933c9e2d1d4a95ce2454c57157d316f0cb6ae81e6a3b3780a6a81aa5fce65b6e8fb803133920ff48ac

C:\Windows\system\TRUVbGR.exe

MD5 9ce0e28ee6dbe7a539138e78f6b3423e
SHA1 9508cb46af8354355f0e567b3531d2db7f026f6d
SHA256 17680b2594b6322b74bba214b1ca64e1e69962ba703585198ad9171e1a3c5449
SHA512 00a23131b78b8be491e3263d8c551c5ca89787fd7e09a8df82901657f8c0b3cd68ace8bc781cad8b87adb821bc56b43a6d052ef927838deee742ee57fd7ad73a

C:\Windows\system\PIuVMwA.exe

MD5 4d8fbd1f1c491da68a9283325b9a1cf7
SHA1 47b5d3203d3116e2c26904fcfcc399579142ec4c
SHA256 f8f77f22376f07c7db74314e95ef3cf42139c637b0f74a044667ddda8bac864d
SHA512 142a4d143167d493487f1e0c5f31e8ce7271a4e17d3a991b9f5949cf860a9b35fc37e61eb8fb131fe4e873fd91ede0c3c25ccbe646e32ae09f529d4c3fecf61f

C:\Windows\system\UIaGZjZ.exe

MD5 d27d624c4fc42ef79069c683ed94530d
SHA1 20c7dacc8fd38f40acb7bc25c9c216a0e9b1c7db
SHA256 0132ff7811b910e0d41f4ef86efe187684f1d2009a15f2a92a51aa08e447d411
SHA512 e98c256c45254e3e83ab4430ed683a410150ed1e6994b7de77d4b35a349e5b7353368b8471593b0014cee284b2de488da74141b093268b22eafd4da0f29d8da6

C:\Windows\system\BYdyCsk.exe

MD5 04d4f43ffad3b856e9f758457b92827a
SHA1 dac7df5ba7db1d9e1506a72cbb53296e6801c7a6
SHA256 c84b8ab97a9dfc5fba2a4fa2ad6f33f797aa89684bb0150f1fffb891603d2d24
SHA512 22eda96ee154ee2e59d8a5e4b6df153feaf11335e2b837e285a0e556d3222791adf3ab82b92ac50ffacf383cbb57274ab4b7f53199123aa57ca5e61005126475

C:\Windows\system\eGDvtPI.exe

MD5 1b9308a5a977f58ee67f0660ef22a2dc
SHA1 9daf97cf9e71008661ccccd57230666fe1d93557
SHA256 f6ea3c07207eb5224e4f3cbc13c564ab62cdd55e418550d38837fc87ff641ec4
SHA512 ee3900174dce3392e2082e5245e4f1b938e1f0987f694c45c70e158fb6d9a6b4c9dbdde4b2f3e87fcd04ae91c96038a7c0efe4650c5b0d643fc6ef0edeb09e15

C:\Windows\system\cQyDSCC.exe

MD5 56c9898d48fbaf091f9c9b008612ccfa
SHA1 9b00ef6631cd53f8c63693db1c6ce11bff570ead
SHA256 1185b711b4b7e4745c0901547b61f41e40883be01679c4eae19e8bbe76f15564
SHA512 e61d17143fc6138da3937b71d078dad4eeec74270521086598ee46fe0ec29d484b32554ba63d64ee59b15ef86b852343bb00d901a7abd4c41c0e91b116526a59

C:\Windows\system\uQqnmVp.exe

MD5 db7029f48f74cac9f3cee566389b2fc4
SHA1 dbacfeccbb0f0acde4ad530ab209a9179f49a1e0
SHA256 dba7864059e0cb6ccda0c825e2a71c3693ccf8be0c33a28bcf4b78cbc7f0a6d7
SHA512 d79f020bab624fe33c8a3c0a56665d451a2a53bcc7e89051544f164fe1ae490e883d8277d0c8b7911ea140f402f03ed5c89449dd9e0cc853d2946b674ec16018

C:\Windows\system\hXWLFMq.exe

MD5 03ea3acd3dc1f49b886f993b702d31fc
SHA1 6bbbb197528cc58bff58be68ae5bf89e40718024
SHA256 fe74ae0b93088e341fa5fa88ed8f21c42b034d4e78d9dd5c81139c213b50a97c
SHA512 3383abf7b16d2b7814919915d1b9f34e9259a3171095f14f398b5ef78be33cd2c71fae4d079de303043240670c8fd87013fb220309cdd20fee46d81d61f6029b

C:\Windows\system\XHrYUkn.exe

MD5 22b97e53ac5b0bc0ddc7daebdfd26f62
SHA1 f39e38c00c1b55afd4e1ee9b065685d744653206
SHA256 d594b296b78777d1ecef5717380bc5257abdb2fa0acbd00b4862774f4524bf3e
SHA512 e6e36fc4a6042a0efc679813691cf8fff02de36aeb5770d3a37fcb545dcf5a9e8d9081f910faa0e8664d6346e1d5b6153901fac3f70bc581491ff9581d689e62

C:\Windows\system\vYHnulf.exe

MD5 c408d6f58fa6c75a5c12ea7c641286d3
SHA1 59618d06d795cfa7e23e6a76275dd97cf458a642
SHA256 6948d372bb16cada4dc2aa6265fa5d722f318eb2800803eb500cd565233570d4
SHA512 f0175b2ba65fcd20bd23d5ea5c0ea9c9a637e17b216b31d82c6876f713a545eeb7a99ce28b2314597abc58877e9e65603516df1f0548a0c6de7724714288e0b4

memory/1924-105-0x0000000001EF0000-0x0000000002244000-memory.dmp

C:\Windows\system\oRFhQEW.exe

MD5 feb3956273c2748251ea0022e1f4cd21
SHA1 91ba5d6e8393a2cf4f61a5686c43aac3b80f51ad
SHA256 030b994ed79e46c1c3552489b99093028a61c7847dd0d996b5180e2c23cc6e8b
SHA512 eb0b474f543ed709f91a973a641a4e950195ed37e10c3e489fe15f7520d72479d3ec0c156cfdefd3e0b9b81c44dc4aa7947f6749b89f792a691a0c95f6e2d23f

memory/2624-90-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2660-89-0x000000013F330000-0x000000013F684000-memory.dmp

memory/1924-88-0x000000013F8E0000-0x000000013FC34000-memory.dmp

C:\Windows\system\BFOYUIO.exe

MD5 c69499492a74c0e6701af51ec53bc78b
SHA1 3e28c5e960bd366a94f387617504323b27d8f240
SHA256 e254c4e472753af4bc573975b73bd359e6e74a8b3eeb4299e2ebc256d6159209
SHA512 c77a2ec10e4668f1cff1fa1713ce2df040ad59dc3ff5ae7b38a0d6405fb6959d0d30228e1293e7ddcf31bb56f42b86d1fca3cbd02cd554e3028a4bb4ff992380

memory/2152-74-0x000000013F4E0000-0x000000013F834000-memory.dmp

C:\Windows\system\usPrCsJ.exe

MD5 7a5469297ae5c2c5bf8c9e337c30b923
SHA1 2c917da7a729ef3f24f380ca4298e123c19aba32
SHA256 fb306359bd96ac39f0b3b391f5c37383af39580c8f54a0af127a573c905ab70a
SHA512 2d50e827b657982c886163b8160a5db90cad85f38d4bd66e142b52cbc3cb2494f039e23f8b614aa0a06e7893f89b7386a39cc316878a875245b5290a87e2863a

memory/2432-50-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/1924-48-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-63-0x0000000001EF0000-0x0000000002244000-memory.dmp

C:\Windows\system\yKskcjB.exe

MD5 270e17e38b53d7021d153f124d2f023f
SHA1 9f949ac8faff06906d71d1c214911a9f116e599f
SHA256 12bfa912cfb60888a710ec3a8217995e5e9454fc3fdfb5bafdddafa06593ff87
SHA512 3fe3f8cc815dc4fee7687978c9f45ed2abeefef010bfdb27635ff7c7c4048b517399a64805af44cc2b287bb3e305605cb5852b92bc210ce0b4c2500eadc09488

memory/1924-11-0x000000013F500000-0x000000013F854000-memory.dmp

C:\Windows\system\gdobOBB.exe

MD5 e6e1ca7a00648049397b805752ad21d0
SHA1 93c3071c24100dafe57f0b1baedbde0addf4174f
SHA256 bd591ffe27a820f7cfe56e0a71ce3e7b8fef7c959efb6df98d57645f0951ffc5
SHA512 4b3691e6c60924414d7611433f22eb92ad214a120a42a87e8a0e32318074e3af2e23b4c97b3d096ae25973ef0dfd72312da82796f5b17ba81a900328c327f4b0

memory/2432-825-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/1924-819-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/1924-1071-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2900-1072-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2460-1073-0x000000013F230000-0x000000013F584000-memory.dmp

memory/1924-1074-0x0000000001EF0000-0x0000000002244000-memory.dmp

memory/2624-1075-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/1924-1076-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2320-1077-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2484-1078-0x000000013FB80000-0x000000013FED4000-memory.dmp

memory/2584-1079-0x000000013F340000-0x000000013F694000-memory.dmp

memory/1912-1080-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2688-1081-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2536-1082-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2432-1083-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2412-1084-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2900-1085-0x000000013F720000-0x000000013FA74000-memory.dmp

memory/2152-1086-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2460-1087-0x000000013F230000-0x000000013F584000-memory.dmp

memory/2660-1088-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2792-1089-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2624-1090-0x000000013F770000-0x000000013FAC4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 12:29

Reported

2024-06-27 12:32

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gdobOBB.exe N/A
N/A N/A C:\Windows\System\WAaMHuw.exe N/A
N/A N/A C:\Windows\System\FkuhqiF.exe N/A
N/A N/A C:\Windows\System\gKpvSTS.exe N/A
N/A N/A C:\Windows\System\YoAQGZZ.exe N/A
N/A N/A C:\Windows\System\ZWzbXIB.exe N/A
N/A N/A C:\Windows\System\bBEZbRq.exe N/A
N/A N/A C:\Windows\System\boPixVG.exe N/A
N/A N/A C:\Windows\System\wxeYsDb.exe N/A
N/A N/A C:\Windows\System\yKskcjB.exe N/A
N/A N/A C:\Windows\System\usPrCsJ.exe N/A
N/A N/A C:\Windows\System\LsfwDHg.exe N/A
N/A N/A C:\Windows\System\BFOYUIO.exe N/A
N/A N/A C:\Windows\System\TdbtYft.exe N/A
N/A N/A C:\Windows\System\oRFhQEW.exe N/A
N/A N/A C:\Windows\System\vYHnulf.exe N/A
N/A N/A C:\Windows\System\ywecNcl.exe N/A
N/A N/A C:\Windows\System\XHrYUkn.exe N/A
N/A N/A C:\Windows\System\uQqnmVp.exe N/A
N/A N/A C:\Windows\System\hXWLFMq.exe N/A
N/A N/A C:\Windows\System\RlygYku.exe N/A
N/A N/A C:\Windows\System\cQyDSCC.exe N/A
N/A N/A C:\Windows\System\BYdyCsk.exe N/A
N/A N/A C:\Windows\System\eGDvtPI.exe N/A
N/A N/A C:\Windows\System\PIuVMwA.exe N/A
N/A N/A C:\Windows\System\UIaGZjZ.exe N/A
N/A N/A C:\Windows\System\TRUVbGR.exe N/A
N/A N/A C:\Windows\System\ehPyNlF.exe N/A
N/A N/A C:\Windows\System\lrcBKSA.exe N/A
N/A N/A C:\Windows\System\JgEEiVk.exe N/A
N/A N/A C:\Windows\System\khxtjzT.exe N/A
N/A N/A C:\Windows\System\FHAAQCQ.exe N/A
N/A N/A C:\Windows\System\UxSCKRA.exe N/A
N/A N/A C:\Windows\System\xtOFsiL.exe N/A
N/A N/A C:\Windows\System\chwJonb.exe N/A
N/A N/A C:\Windows\System\ZCfGktE.exe N/A
N/A N/A C:\Windows\System\kFIDYSa.exe N/A
N/A N/A C:\Windows\System\dfbmhhR.exe N/A
N/A N/A C:\Windows\System\rxYNBNG.exe N/A
N/A N/A C:\Windows\System\ZTuVkbT.exe N/A
N/A N/A C:\Windows\System\bIlAdPL.exe N/A
N/A N/A C:\Windows\System\SDYNyCC.exe N/A
N/A N/A C:\Windows\System\COqINxO.exe N/A
N/A N/A C:\Windows\System\LmEXuiY.exe N/A
N/A N/A C:\Windows\System\GFGoEEe.exe N/A
N/A N/A C:\Windows\System\MMWBNIv.exe N/A
N/A N/A C:\Windows\System\GyAUVjs.exe N/A
N/A N/A C:\Windows\System\nVIkDkf.exe N/A
N/A N/A C:\Windows\System\hdmEdAM.exe N/A
N/A N/A C:\Windows\System\ytGjlYI.exe N/A
N/A N/A C:\Windows\System\aigZVvj.exe N/A
N/A N/A C:\Windows\System\XxPzUPR.exe N/A
N/A N/A C:\Windows\System\PuAIIPi.exe N/A
N/A N/A C:\Windows\System\oGkrkAO.exe N/A
N/A N/A C:\Windows\System\EiNrGtK.exe N/A
N/A N/A C:\Windows\System\bNJydAC.exe N/A
N/A N/A C:\Windows\System\iGLYiTo.exe N/A
N/A N/A C:\Windows\System\gsFDQNU.exe N/A
N/A N/A C:\Windows\System\ESsTTVV.exe N/A
N/A N/A C:\Windows\System\bPKfpmJ.exe N/A
N/A N/A C:\Windows\System\qfnfudO.exe N/A
N/A N/A C:\Windows\System\wInxduT.exe N/A
N/A N/A C:\Windows\System\tCBMsGc.exe N/A
N/A N/A C:\Windows\System\SMzWvXQ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\oGkrkAO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsFDQNU.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESsTTVV.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\opcavGP.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGDvtPI.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\twAKrZj.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\argzPsQ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\dTqSyez.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNJydAC.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\nkPSfqe.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVHhTYB.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhZnmdn.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBckRNr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrcBKSA.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpGtlTO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WZFkXAZ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXFrmNW.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeyTEdD.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\KrhZqsM.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMpVwSN.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZoQqcq.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtYTXdF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfnfudO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkNTzYq.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMfpGQr.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUUwVVa.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfATaZF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVcZLcF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdYyKdL.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTYjDiI.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\XxPzUPR.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzJmoJV.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HoWvmll.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvnNmZF.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSQSnVs.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\yTUcsME.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdLphHB.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\SmUPEdu.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWdrGfY.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTdluNG.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcUVPao.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNoCsYa.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\DgzYTdg.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLUzRRn.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWSgwNM.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUOwBDH.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsfwDHg.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFsWKZa.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeVyhMi.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkrdMHd.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmsXZfd.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\otwxvkb.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPKfpmJ.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgVSuAN.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmdytfX.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtdoYJm.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\COqINxO.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQqnmVp.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySFkWgR.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqVvvDG.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\oRGZqRu.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJpoTDA.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqehmFw.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQtGUdw.exe C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1880 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gdobOBB.exe
PID 1880 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gdobOBB.exe
PID 1880 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\WAaMHuw.exe
PID 1880 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\WAaMHuw.exe
PID 1880 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FkuhqiF.exe
PID 1880 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FkuhqiF.exe
PID 1880 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gKpvSTS.exe
PID 1880 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\gKpvSTS.exe
PID 1880 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\YoAQGZZ.exe
PID 1880 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\YoAQGZZ.exe
PID 1880 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ZWzbXIB.exe
PID 1880 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ZWzbXIB.exe
PID 1880 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\bBEZbRq.exe
PID 1880 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\bBEZbRq.exe
PID 1880 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\boPixVG.exe
PID 1880 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\boPixVG.exe
PID 1880 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\wxeYsDb.exe
PID 1880 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\wxeYsDb.exe
PID 1880 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\yKskcjB.exe
PID 1880 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\yKskcjB.exe
PID 1880 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\usPrCsJ.exe
PID 1880 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\usPrCsJ.exe
PID 1880 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\LsfwDHg.exe
PID 1880 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\LsfwDHg.exe
PID 1880 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BFOYUIO.exe
PID 1880 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BFOYUIO.exe
PID 1880 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TdbtYft.exe
PID 1880 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TdbtYft.exe
PID 1880 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\oRFhQEW.exe
PID 1880 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\oRFhQEW.exe
PID 1880 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\vYHnulf.exe
PID 1880 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\vYHnulf.exe
PID 1880 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ywecNcl.exe
PID 1880 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ywecNcl.exe
PID 1880 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\XHrYUkn.exe
PID 1880 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\XHrYUkn.exe
PID 1880 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\uQqnmVp.exe
PID 1880 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\uQqnmVp.exe
PID 1880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\hXWLFMq.exe
PID 1880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\hXWLFMq.exe
PID 1880 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\RlygYku.exe
PID 1880 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\RlygYku.exe
PID 1880 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\cQyDSCC.exe
PID 1880 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\cQyDSCC.exe
PID 1880 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BYdyCsk.exe
PID 1880 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\BYdyCsk.exe
PID 1880 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\eGDvtPI.exe
PID 1880 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\eGDvtPI.exe
PID 1880 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\PIuVMwA.exe
PID 1880 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\PIuVMwA.exe
PID 1880 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\UIaGZjZ.exe
PID 1880 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\UIaGZjZ.exe
PID 1880 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TRUVbGR.exe
PID 1880 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\TRUVbGR.exe
PID 1880 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ehPyNlF.exe
PID 1880 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\ehPyNlF.exe
PID 1880 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\lrcBKSA.exe
PID 1880 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\lrcBKSA.exe
PID 1880 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\JgEEiVk.exe
PID 1880 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\JgEEiVk.exe
PID 1880 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\khxtjzT.exe
PID 1880 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\khxtjzT.exe
PID 1880 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FHAAQCQ.exe
PID 1880 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe C:\Windows\System\FHAAQCQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\84f0ad3860b3bad83603642165f826f8f599d132445f8fbcffc1f78706d4f6f5_NeikiAnalytics.exe"

C:\Windows\System\gdobOBB.exe

C:\Windows\System\gdobOBB.exe

C:\Windows\System\WAaMHuw.exe

C:\Windows\System\WAaMHuw.exe

C:\Windows\System\FkuhqiF.exe

C:\Windows\System\FkuhqiF.exe

C:\Windows\System\gKpvSTS.exe

C:\Windows\System\gKpvSTS.exe

C:\Windows\System\YoAQGZZ.exe

C:\Windows\System\YoAQGZZ.exe

C:\Windows\System\ZWzbXIB.exe

C:\Windows\System\ZWzbXIB.exe

C:\Windows\System\bBEZbRq.exe

C:\Windows\System\bBEZbRq.exe

C:\Windows\System\boPixVG.exe

C:\Windows\System\boPixVG.exe

C:\Windows\System\wxeYsDb.exe

C:\Windows\System\wxeYsDb.exe

C:\Windows\System\yKskcjB.exe

C:\Windows\System\yKskcjB.exe

C:\Windows\System\usPrCsJ.exe

C:\Windows\System\usPrCsJ.exe

C:\Windows\System\LsfwDHg.exe

C:\Windows\System\LsfwDHg.exe

C:\Windows\System\BFOYUIO.exe

C:\Windows\System\BFOYUIO.exe

C:\Windows\System\TdbtYft.exe

C:\Windows\System\TdbtYft.exe

C:\Windows\System\oRFhQEW.exe

C:\Windows\System\oRFhQEW.exe

C:\Windows\System\vYHnulf.exe

C:\Windows\System\vYHnulf.exe

C:\Windows\System\ywecNcl.exe

C:\Windows\System\ywecNcl.exe

C:\Windows\System\XHrYUkn.exe

C:\Windows\System\XHrYUkn.exe

C:\Windows\System\uQqnmVp.exe

C:\Windows\System\uQqnmVp.exe

C:\Windows\System\hXWLFMq.exe

C:\Windows\System\hXWLFMq.exe

C:\Windows\System\RlygYku.exe

C:\Windows\System\RlygYku.exe

C:\Windows\System\cQyDSCC.exe

C:\Windows\System\cQyDSCC.exe

C:\Windows\System\BYdyCsk.exe

C:\Windows\System\BYdyCsk.exe

C:\Windows\System\eGDvtPI.exe

C:\Windows\System\eGDvtPI.exe

C:\Windows\System\PIuVMwA.exe

C:\Windows\System\PIuVMwA.exe

C:\Windows\System\UIaGZjZ.exe

C:\Windows\System\UIaGZjZ.exe

C:\Windows\System\TRUVbGR.exe

C:\Windows\System\TRUVbGR.exe

C:\Windows\System\ehPyNlF.exe

C:\Windows\System\ehPyNlF.exe

C:\Windows\System\lrcBKSA.exe

C:\Windows\System\lrcBKSA.exe

C:\Windows\System\JgEEiVk.exe

C:\Windows\System\JgEEiVk.exe

C:\Windows\System\khxtjzT.exe

C:\Windows\System\khxtjzT.exe

C:\Windows\System\FHAAQCQ.exe

C:\Windows\System\FHAAQCQ.exe

C:\Windows\System\UxSCKRA.exe

C:\Windows\System\UxSCKRA.exe

C:\Windows\System\xtOFsiL.exe

C:\Windows\System\xtOFsiL.exe

C:\Windows\System\chwJonb.exe

C:\Windows\System\chwJonb.exe

C:\Windows\System\ZCfGktE.exe

C:\Windows\System\ZCfGktE.exe

C:\Windows\System\kFIDYSa.exe

C:\Windows\System\kFIDYSa.exe

C:\Windows\System\dfbmhhR.exe

C:\Windows\System\dfbmhhR.exe

C:\Windows\System\rxYNBNG.exe

C:\Windows\System\rxYNBNG.exe

C:\Windows\System\ZTuVkbT.exe

C:\Windows\System\ZTuVkbT.exe

C:\Windows\System\bIlAdPL.exe

C:\Windows\System\bIlAdPL.exe

C:\Windows\System\SDYNyCC.exe

C:\Windows\System\SDYNyCC.exe

C:\Windows\System\COqINxO.exe

C:\Windows\System\COqINxO.exe

C:\Windows\System\LmEXuiY.exe

C:\Windows\System\LmEXuiY.exe

C:\Windows\System\GFGoEEe.exe

C:\Windows\System\GFGoEEe.exe

C:\Windows\System\MMWBNIv.exe

C:\Windows\System\MMWBNIv.exe

C:\Windows\System\GyAUVjs.exe

C:\Windows\System\GyAUVjs.exe

C:\Windows\System\nVIkDkf.exe

C:\Windows\System\nVIkDkf.exe

C:\Windows\System\hdmEdAM.exe

C:\Windows\System\hdmEdAM.exe

C:\Windows\System\ytGjlYI.exe

C:\Windows\System\ytGjlYI.exe

C:\Windows\System\aigZVvj.exe

C:\Windows\System\aigZVvj.exe

C:\Windows\System\XxPzUPR.exe

C:\Windows\System\XxPzUPR.exe

C:\Windows\System\PuAIIPi.exe

C:\Windows\System\PuAIIPi.exe

C:\Windows\System\oGkrkAO.exe

C:\Windows\System\oGkrkAO.exe

C:\Windows\System\EiNrGtK.exe

C:\Windows\System\EiNrGtK.exe

C:\Windows\System\bNJydAC.exe

C:\Windows\System\bNJydAC.exe

C:\Windows\System\iGLYiTo.exe

C:\Windows\System\iGLYiTo.exe

C:\Windows\System\gsFDQNU.exe

C:\Windows\System\gsFDQNU.exe

C:\Windows\System\ESsTTVV.exe

C:\Windows\System\ESsTTVV.exe

C:\Windows\System\bPKfpmJ.exe

C:\Windows\System\bPKfpmJ.exe

C:\Windows\System\qfnfudO.exe

C:\Windows\System\qfnfudO.exe

C:\Windows\System\wInxduT.exe

C:\Windows\System\wInxduT.exe

C:\Windows\System\tCBMsGc.exe

C:\Windows\System\tCBMsGc.exe

C:\Windows\System\SMzWvXQ.exe

C:\Windows\System\SMzWvXQ.exe

C:\Windows\System\opcavGP.exe

C:\Windows\System\opcavGP.exe

C:\Windows\System\dTqSyez.exe

C:\Windows\System\dTqSyez.exe

C:\Windows\System\QkNTzYq.exe

C:\Windows\System\QkNTzYq.exe

C:\Windows\System\ngVunVO.exe

C:\Windows\System\ngVunVO.exe

C:\Windows\System\LuZVfmq.exe

C:\Windows\System\LuZVfmq.exe

C:\Windows\System\KHKXDQJ.exe

C:\Windows\System\KHKXDQJ.exe

C:\Windows\System\HbniPqg.exe

C:\Windows\System\HbniPqg.exe

C:\Windows\System\RmqpXiF.exe

C:\Windows\System\RmqpXiF.exe

C:\Windows\System\YmRKQpL.exe

C:\Windows\System\YmRKQpL.exe

C:\Windows\System\RWdrGfY.exe

C:\Windows\System\RWdrGfY.exe

C:\Windows\System\mgxMUFr.exe

C:\Windows\System\mgxMUFr.exe

C:\Windows\System\DzQpttv.exe

C:\Windows\System\DzQpttv.exe

C:\Windows\System\JmJYqrD.exe

C:\Windows\System\JmJYqrD.exe

C:\Windows\System\OXprTaG.exe

C:\Windows\System\OXprTaG.exe

C:\Windows\System\GLUzRRn.exe

C:\Windows\System\GLUzRRn.exe

C:\Windows\System\UQjzHTJ.exe

C:\Windows\System\UQjzHTJ.exe

C:\Windows\System\YLXiwDp.exe

C:\Windows\System\YLXiwDp.exe

C:\Windows\System\YJHbhVw.exe

C:\Windows\System\YJHbhVw.exe

C:\Windows\System\RkRYXay.exe

C:\Windows\System\RkRYXay.exe

C:\Windows\System\vnROCyS.exe

C:\Windows\System\vnROCyS.exe

C:\Windows\System\yMfpGQr.exe

C:\Windows\System\yMfpGQr.exe

C:\Windows\System\utTeYgD.exe

C:\Windows\System\utTeYgD.exe

C:\Windows\System\UzVOtpl.exe

C:\Windows\System\UzVOtpl.exe

C:\Windows\System\WGnOeRl.exe

C:\Windows\System\WGnOeRl.exe

C:\Windows\System\pmriQqy.exe

C:\Windows\System\pmriQqy.exe

C:\Windows\System\twAKrZj.exe

C:\Windows\System\twAKrZj.exe

C:\Windows\System\qUUwVVa.exe

C:\Windows\System\qUUwVVa.exe

C:\Windows\System\dBimqeC.exe

C:\Windows\System\dBimqeC.exe

C:\Windows\System\XvUWmST.exe

C:\Windows\System\XvUWmST.exe

C:\Windows\System\LespAXO.exe

C:\Windows\System\LespAXO.exe

C:\Windows\System\TTdluNG.exe

C:\Windows\System\TTdluNG.exe

C:\Windows\System\npALPYz.exe

C:\Windows\System\npALPYz.exe

C:\Windows\System\xeyTEdD.exe

C:\Windows\System\xeyTEdD.exe

C:\Windows\System\lbRCuRM.exe

C:\Windows\System\lbRCuRM.exe

C:\Windows\System\QbvlAcm.exe

C:\Windows\System\QbvlAcm.exe

C:\Windows\System\NVrTWad.exe

C:\Windows\System\NVrTWad.exe

C:\Windows\System\vTwCeMW.exe

C:\Windows\System\vTwCeMW.exe

C:\Windows\System\LdmRTrN.exe

C:\Windows\System\LdmRTrN.exe

C:\Windows\System\TTUSwry.exe

C:\Windows\System\TTUSwry.exe

C:\Windows\System\QQRCdDj.exe

C:\Windows\System\QQRCdDj.exe

C:\Windows\System\SVCaipJ.exe

C:\Windows\System\SVCaipJ.exe

C:\Windows\System\dMjZtgU.exe

C:\Windows\System\dMjZtgU.exe

C:\Windows\System\maHvQEQ.exe

C:\Windows\System\maHvQEQ.exe

C:\Windows\System\qheMTpZ.exe

C:\Windows\System\qheMTpZ.exe

C:\Windows\System\UYxjJCE.exe

C:\Windows\System\UYxjJCE.exe

C:\Windows\System\WdFfjvC.exe

C:\Windows\System\WdFfjvC.exe

C:\Windows\System\FSmoEmW.exe

C:\Windows\System\FSmoEmW.exe

C:\Windows\System\EaelOAZ.exe

C:\Windows\System\EaelOAZ.exe

C:\Windows\System\sSynmyM.exe

C:\Windows\System\sSynmyM.exe

C:\Windows\System\QpGtlTO.exe

C:\Windows\System\QpGtlTO.exe

C:\Windows\System\DhXcFrp.exe

C:\Windows\System\DhXcFrp.exe

C:\Windows\System\ySFkWgR.exe

C:\Windows\System\ySFkWgR.exe

C:\Windows\System\zZzuXBj.exe

C:\Windows\System\zZzuXBj.exe

C:\Windows\System\bYfrXEr.exe

C:\Windows\System\bYfrXEr.exe

C:\Windows\System\WpuvlGl.exe

C:\Windows\System\WpuvlGl.exe

C:\Windows\System\dkWwkRo.exe

C:\Windows\System\dkWwkRo.exe

C:\Windows\System\jrVNFVQ.exe

C:\Windows\System\jrVNFVQ.exe

C:\Windows\System\uYWrXMJ.exe

C:\Windows\System\uYWrXMJ.exe

C:\Windows\System\bKqPiaW.exe

C:\Windows\System\bKqPiaW.exe

C:\Windows\System\MyGPRUN.exe

C:\Windows\System\MyGPRUN.exe

C:\Windows\System\exnjxUS.exe

C:\Windows\System\exnjxUS.exe

C:\Windows\System\xSQSnVs.exe

C:\Windows\System\xSQSnVs.exe

C:\Windows\System\imAeZHv.exe

C:\Windows\System\imAeZHv.exe

C:\Windows\System\oqVvvDG.exe

C:\Windows\System\oqVvvDG.exe

C:\Windows\System\aLDRzFO.exe

C:\Windows\System\aLDRzFO.exe

C:\Windows\System\bgVSuAN.exe

C:\Windows\System\bgVSuAN.exe

C:\Windows\System\yIiDiJi.exe

C:\Windows\System\yIiDiJi.exe

C:\Windows\System\otwxvkb.exe

C:\Windows\System\otwxvkb.exe

C:\Windows\System\jtWlmBm.exe

C:\Windows\System\jtWlmBm.exe

C:\Windows\System\xfRQrYy.exe

C:\Windows\System\xfRQrYy.exe

C:\Windows\System\ipwLCcX.exe

C:\Windows\System\ipwLCcX.exe

C:\Windows\System\WJKNDKT.exe

C:\Windows\System\WJKNDKT.exe

C:\Windows\System\NOEYJAv.exe

C:\Windows\System\NOEYJAv.exe

C:\Windows\System\HoWvmll.exe

C:\Windows\System\HoWvmll.exe

C:\Windows\System\CpIEcWw.exe

C:\Windows\System\CpIEcWw.exe

C:\Windows\System\txXzSxy.exe

C:\Windows\System\txXzSxy.exe

C:\Windows\System\wYJyVpu.exe

C:\Windows\System\wYJyVpu.exe

C:\Windows\System\bPRxyiD.exe

C:\Windows\System\bPRxyiD.exe

C:\Windows\System\eRuRCKG.exe

C:\Windows\System\eRuRCKG.exe

C:\Windows\System\ZCPJDtS.exe

C:\Windows\System\ZCPJDtS.exe

C:\Windows\System\XqLznUh.exe

C:\Windows\System\XqLznUh.exe

C:\Windows\System\cMssUcD.exe

C:\Windows\System\cMssUcD.exe

C:\Windows\System\cFsWKZa.exe

C:\Windows\System\cFsWKZa.exe

C:\Windows\System\oRGZqRu.exe

C:\Windows\System\oRGZqRu.exe

C:\Windows\System\OJpoTDA.exe

C:\Windows\System\OJpoTDA.exe

C:\Windows\System\ucWEumF.exe

C:\Windows\System\ucWEumF.exe

C:\Windows\System\dOUjnKS.exe

C:\Windows\System\dOUjnKS.exe

C:\Windows\System\xIITguQ.exe

C:\Windows\System\xIITguQ.exe

C:\Windows\System\ZjzHLkV.exe

C:\Windows\System\ZjzHLkV.exe

C:\Windows\System\WAjojBr.exe

C:\Windows\System\WAjojBr.exe

C:\Windows\System\JlSBFfC.exe

C:\Windows\System\JlSBFfC.exe

C:\Windows\System\dIPCKhA.exe

C:\Windows\System\dIPCKhA.exe

C:\Windows\System\cPpRoBU.exe

C:\Windows\System\cPpRoBU.exe

C:\Windows\System\CfKfhLl.exe

C:\Windows\System\CfKfhLl.exe

C:\Windows\System\IkYxFJJ.exe

C:\Windows\System\IkYxFJJ.exe

C:\Windows\System\dkllYVM.exe

C:\Windows\System\dkllYVM.exe

C:\Windows\System\oqQYnOi.exe

C:\Windows\System\oqQYnOi.exe

C:\Windows\System\WmdytfX.exe

C:\Windows\System\WmdytfX.exe

C:\Windows\System\ZvslVFj.exe

C:\Windows\System\ZvslVFj.exe

C:\Windows\System\bzFgYrm.exe

C:\Windows\System\bzFgYrm.exe

C:\Windows\System\WfATaZF.exe

C:\Windows\System\WfATaZF.exe

C:\Windows\System\vDLgkKO.exe

C:\Windows\System\vDLgkKO.exe

C:\Windows\System\ctWAQOo.exe

C:\Windows\System\ctWAQOo.exe

C:\Windows\System\EylCoiO.exe

C:\Windows\System\EylCoiO.exe

C:\Windows\System\OQeYOxH.exe

C:\Windows\System\OQeYOxH.exe

C:\Windows\System\eGOuKkx.exe

C:\Windows\System\eGOuKkx.exe

C:\Windows\System\eAUTJaQ.exe

C:\Windows\System\eAUTJaQ.exe

C:\Windows\System\PvPZcBr.exe

C:\Windows\System\PvPZcBr.exe

C:\Windows\System\FVcZLcF.exe

C:\Windows\System\FVcZLcF.exe

C:\Windows\System\StaZqkR.exe

C:\Windows\System\StaZqkR.exe

C:\Windows\System\BxgsHiI.exe

C:\Windows\System\BxgsHiI.exe

C:\Windows\System\ogFoWjt.exe

C:\Windows\System\ogFoWjt.exe

C:\Windows\System\UShqCSw.exe

C:\Windows\System\UShqCSw.exe

C:\Windows\System\imgNjWv.exe

C:\Windows\System\imgNjWv.exe

C:\Windows\System\nkPSfqe.exe

C:\Windows\System\nkPSfqe.exe

C:\Windows\System\TqtdMtx.exe

C:\Windows\System\TqtdMtx.exe

C:\Windows\System\LaXfUuy.exe

C:\Windows\System\LaXfUuy.exe

C:\Windows\System\wlOUXlJ.exe

C:\Windows\System\wlOUXlJ.exe

C:\Windows\System\xDvwDls.exe

C:\Windows\System\xDvwDls.exe

C:\Windows\System\yNjFteR.exe

C:\Windows\System\yNjFteR.exe

C:\Windows\System\eQPKMsl.exe

C:\Windows\System\eQPKMsl.exe

C:\Windows\System\ulMWbyZ.exe

C:\Windows\System\ulMWbyZ.exe

C:\Windows\System\drKRiOt.exe

C:\Windows\System\drKRiOt.exe

C:\Windows\System\LFIPdox.exe

C:\Windows\System\LFIPdox.exe

C:\Windows\System\hZUxezB.exe

C:\Windows\System\hZUxezB.exe

C:\Windows\System\nynssZW.exe

C:\Windows\System\nynssZW.exe

C:\Windows\System\EJLYWtT.exe

C:\Windows\System\EJLYWtT.exe

C:\Windows\System\heMNZOL.exe

C:\Windows\System\heMNZOL.exe

C:\Windows\System\CNFJcAq.exe

C:\Windows\System\CNFJcAq.exe

C:\Windows\System\xRKdQSO.exe

C:\Windows\System\xRKdQSO.exe

C:\Windows\System\EqehmFw.exe

C:\Windows\System\EqehmFw.exe

C:\Windows\System\WZFkXAZ.exe

C:\Windows\System\WZFkXAZ.exe

C:\Windows\System\dFknLoE.exe

C:\Windows\System\dFknLoE.exe

C:\Windows\System\JRGQaxz.exe

C:\Windows\System\JRGQaxz.exe

C:\Windows\System\BGIMdgb.exe

C:\Windows\System\BGIMdgb.exe

C:\Windows\System\vWSgwNM.exe

C:\Windows\System\vWSgwNM.exe

C:\Windows\System\UeUiZtI.exe

C:\Windows\System\UeUiZtI.exe

C:\Windows\System\EGbuYTu.exe

C:\Windows\System\EGbuYTu.exe

C:\Windows\System\tAMpedY.exe

C:\Windows\System\tAMpedY.exe

C:\Windows\System\UexkTBb.exe

C:\Windows\System\UexkTBb.exe

C:\Windows\System\bAhbSbp.exe

C:\Windows\System\bAhbSbp.exe

C:\Windows\System\yTUcsME.exe

C:\Windows\System\yTUcsME.exe

C:\Windows\System\vZzbnkt.exe

C:\Windows\System\vZzbnkt.exe

C:\Windows\System\ZNUBspl.exe

C:\Windows\System\ZNUBspl.exe

C:\Windows\System\MDZMJqa.exe

C:\Windows\System\MDZMJqa.exe

C:\Windows\System\wglTAie.exe

C:\Windows\System\wglTAie.exe

C:\Windows\System\argzPsQ.exe

C:\Windows\System\argzPsQ.exe

C:\Windows\System\mXKMmtO.exe

C:\Windows\System\mXKMmtO.exe

C:\Windows\System\OinCRSe.exe

C:\Windows\System\OinCRSe.exe

C:\Windows\System\EXjjbSg.exe

C:\Windows\System\EXjjbSg.exe

C:\Windows\System\vHerdVg.exe

C:\Windows\System\vHerdVg.exe

C:\Windows\System\QrWOAtC.exe

C:\Windows\System\QrWOAtC.exe

C:\Windows\System\KrhZqsM.exe

C:\Windows\System\KrhZqsM.exe

C:\Windows\System\Oqbsspy.exe

C:\Windows\System\Oqbsspy.exe

C:\Windows\System\fvnNmZF.exe

C:\Windows\System\fvnNmZF.exe

C:\Windows\System\POajuZX.exe

C:\Windows\System\POajuZX.exe

C:\Windows\System\tdiqHvU.exe

C:\Windows\System\tdiqHvU.exe

C:\Windows\System\TgPMqDB.exe

C:\Windows\System\TgPMqDB.exe

C:\Windows\System\fMpVwSN.exe

C:\Windows\System\fMpVwSN.exe

C:\Windows\System\KEigiaZ.exe

C:\Windows\System\KEigiaZ.exe

C:\Windows\System\xeVyhMi.exe

C:\Windows\System\xeVyhMi.exe

C:\Windows\System\FmyPVQZ.exe

C:\Windows\System\FmyPVQZ.exe

C:\Windows\System\hDFuowz.exe

C:\Windows\System\hDFuowz.exe

C:\Windows\System\WlGNCiX.exe

C:\Windows\System\WlGNCiX.exe

C:\Windows\System\VoMWLCn.exe

C:\Windows\System\VoMWLCn.exe

C:\Windows\System\QbEepaU.exe

C:\Windows\System\QbEepaU.exe

C:\Windows\System\iVAxWuC.exe

C:\Windows\System\iVAxWuC.exe

C:\Windows\System\yRhcsZw.exe

C:\Windows\System\yRhcsZw.exe

C:\Windows\System\IbMySGD.exe

C:\Windows\System\IbMySGD.exe

C:\Windows\System\kZOahbM.exe

C:\Windows\System\kZOahbM.exe

C:\Windows\System\RDOGDnz.exe

C:\Windows\System\RDOGDnz.exe

C:\Windows\System\ZDezNSG.exe

C:\Windows\System\ZDezNSG.exe

C:\Windows\System\WrZgPtx.exe

C:\Windows\System\WrZgPtx.exe

C:\Windows\System\zAzsQCp.exe

C:\Windows\System\zAzsQCp.exe

C:\Windows\System\XjoEBDA.exe

C:\Windows\System\XjoEBDA.exe

C:\Windows\System\cQtGUdw.exe

C:\Windows\System\cQtGUdw.exe

C:\Windows\System\WRfmCWJ.exe

C:\Windows\System\WRfmCWJ.exe

C:\Windows\System\sxdDSAT.exe

C:\Windows\System\sxdDSAT.exe

C:\Windows\System\nxLhCAB.exe

C:\Windows\System\nxLhCAB.exe

C:\Windows\System\WRNWmQC.exe

C:\Windows\System\WRNWmQC.exe

C:\Windows\System\mcUVPao.exe

C:\Windows\System\mcUVPao.exe

C:\Windows\System\elzBeHY.exe

C:\Windows\System\elzBeHY.exe

C:\Windows\System\mQdExsY.exe

C:\Windows\System\mQdExsY.exe

C:\Windows\System\fepHgFc.exe

C:\Windows\System\fepHgFc.exe

C:\Windows\System\OLmffki.exe

C:\Windows\System\OLmffki.exe

C:\Windows\System\HUOwBDH.exe

C:\Windows\System\HUOwBDH.exe

C:\Windows\System\DdmpkFu.exe

C:\Windows\System\DdmpkFu.exe

C:\Windows\System\omVIZMh.exe

C:\Windows\System\omVIZMh.exe

C:\Windows\System\QVOtAoi.exe

C:\Windows\System\QVOtAoi.exe

C:\Windows\System\nepBoms.exe

C:\Windows\System\nepBoms.exe

C:\Windows\System\nvLSnUQ.exe

C:\Windows\System\nvLSnUQ.exe

C:\Windows\System\OaPSgEO.exe

C:\Windows\System\OaPSgEO.exe

C:\Windows\System\HtdoYJm.exe

C:\Windows\System\HtdoYJm.exe

C:\Windows\System\DkrdMHd.exe

C:\Windows\System\DkrdMHd.exe

C:\Windows\System\uNoCsYa.exe

C:\Windows\System\uNoCsYa.exe

C:\Windows\System\mImTuFj.exe

C:\Windows\System\mImTuFj.exe

C:\Windows\System\QKnntON.exe

C:\Windows\System\QKnntON.exe

C:\Windows\System\rbVxFIZ.exe

C:\Windows\System\rbVxFIZ.exe

C:\Windows\System\HymJoNT.exe

C:\Windows\System\HymJoNT.exe

C:\Windows\System\YjnhrHD.exe

C:\Windows\System\YjnhrHD.exe

C:\Windows\System\hMccISy.exe

C:\Windows\System\hMccISy.exe

C:\Windows\System\hyiyYwQ.exe

C:\Windows\System\hyiyYwQ.exe

C:\Windows\System\kDwBZky.exe

C:\Windows\System\kDwBZky.exe

C:\Windows\System\pOCOoLM.exe

C:\Windows\System\pOCOoLM.exe

C:\Windows\System\GgpJpfy.exe

C:\Windows\System\GgpJpfy.exe

C:\Windows\System\epyWhyS.exe

C:\Windows\System\epyWhyS.exe

C:\Windows\System\CVHhTYB.exe

C:\Windows\System\CVHhTYB.exe

C:\Windows\System\RxCvudA.exe

C:\Windows\System\RxCvudA.exe

C:\Windows\System\HHaCTRL.exe

C:\Windows\System\HHaCTRL.exe

C:\Windows\System\fZoQqcq.exe

C:\Windows\System\fZoQqcq.exe

C:\Windows\System\kfUKNyh.exe

C:\Windows\System\kfUKNyh.exe

C:\Windows\System\pUtjJrr.exe

C:\Windows\System\pUtjJrr.exe

C:\Windows\System\NpOygnU.exe

C:\Windows\System\NpOygnU.exe

C:\Windows\System\PYgqIHz.exe

C:\Windows\System\PYgqIHz.exe

C:\Windows\System\rgiTylq.exe

C:\Windows\System\rgiTylq.exe

C:\Windows\System\aaUvqQT.exe

C:\Windows\System\aaUvqQT.exe

C:\Windows\System\aumSsJk.exe

C:\Windows\System\aumSsJk.exe

C:\Windows\System\rpMuXjn.exe

C:\Windows\System\rpMuXjn.exe

C:\Windows\System\ZVCGoBp.exe

C:\Windows\System\ZVCGoBp.exe

C:\Windows\System\qXFrmNW.exe

C:\Windows\System\qXFrmNW.exe

C:\Windows\System\RYQNYwb.exe

C:\Windows\System\RYQNYwb.exe

C:\Windows\System\mPiCLVF.exe

C:\Windows\System\mPiCLVF.exe

C:\Windows\System\TwhteAq.exe

C:\Windows\System\TwhteAq.exe

C:\Windows\System\bdYyKdL.exe

C:\Windows\System\bdYyKdL.exe

C:\Windows\System\vIVvXnb.exe

C:\Windows\System\vIVvXnb.exe

C:\Windows\System\ZYDzEVS.exe

C:\Windows\System\ZYDzEVS.exe

C:\Windows\System\RdLphHB.exe

C:\Windows\System\RdLphHB.exe

C:\Windows\System\rKtqXVe.exe

C:\Windows\System\rKtqXVe.exe

C:\Windows\System\HhZnmdn.exe

C:\Windows\System\HhZnmdn.exe

C:\Windows\System\yTmhOrC.exe

C:\Windows\System\yTmhOrC.exe

C:\Windows\System\XFvCtXw.exe

C:\Windows\System\XFvCtXw.exe

C:\Windows\System\BlHkarw.exe

C:\Windows\System\BlHkarw.exe

C:\Windows\System\LBckRNr.exe

C:\Windows\System\LBckRNr.exe

C:\Windows\System\tJanhGS.exe

C:\Windows\System\tJanhGS.exe

C:\Windows\System\ULJHnYt.exe

C:\Windows\System\ULJHnYt.exe

C:\Windows\System\JbkNmUl.exe

C:\Windows\System\JbkNmUl.exe

C:\Windows\System\CnCOwVf.exe

C:\Windows\System\CnCOwVf.exe

C:\Windows\System\SGKTdhB.exe

C:\Windows\System\SGKTdhB.exe

C:\Windows\System\DgzYTdg.exe

C:\Windows\System\DgzYTdg.exe

C:\Windows\System\MUdNTWJ.exe

C:\Windows\System\MUdNTWJ.exe

C:\Windows\System\qvPNCMb.exe

C:\Windows\System\qvPNCMb.exe

C:\Windows\System\BtYTXdF.exe

C:\Windows\System\BtYTXdF.exe

C:\Windows\System\XTYjDiI.exe

C:\Windows\System\XTYjDiI.exe

C:\Windows\System\OQPoLIL.exe

C:\Windows\System\OQPoLIL.exe

C:\Windows\System\WzJmoJV.exe

C:\Windows\System\WzJmoJV.exe

C:\Windows\System\OxaqhuX.exe

C:\Windows\System\OxaqhuX.exe

C:\Windows\System\JszkONp.exe

C:\Windows\System\JszkONp.exe

C:\Windows\System\nwzbwUa.exe

C:\Windows\System\nwzbwUa.exe

C:\Windows\System\oeVdxyg.exe

C:\Windows\System\oeVdxyg.exe

C:\Windows\System\bDRHBzr.exe

C:\Windows\System\bDRHBzr.exe

C:\Windows\System\hUXvrXS.exe

C:\Windows\System\hUXvrXS.exe

C:\Windows\System\WzhxpBz.exe

C:\Windows\System\WzhxpBz.exe

C:\Windows\System\SmUPEdu.exe

C:\Windows\System\SmUPEdu.exe

C:\Windows\System\YdJfdoa.exe

C:\Windows\System\YdJfdoa.exe

C:\Windows\System\QEXoLFl.exe

C:\Windows\System\QEXoLFl.exe

C:\Windows\System\vcIRpdE.exe

C:\Windows\System\vcIRpdE.exe

C:\Windows\System\GZsITTj.exe

C:\Windows\System\GZsITTj.exe

C:\Windows\System\IEAYdWL.exe

C:\Windows\System\IEAYdWL.exe

C:\Windows\System\MpmMDuS.exe

C:\Windows\System\MpmMDuS.exe

C:\Windows\System\UmsXZfd.exe

C:\Windows\System\UmsXZfd.exe

C:\Windows\System\WFCpJfs.exe

C:\Windows\System\WFCpJfs.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1880-0-0x00007FF712DE0000-0x00007FF713134000-memory.dmp

memory/1880-1-0x000001F188910000-0x000001F188920000-memory.dmp

C:\Windows\System\gdobOBB.exe

MD5 e6e1ca7a00648049397b805752ad21d0
SHA1 93c3071c24100dafe57f0b1baedbde0addf4174f
SHA256 bd591ffe27a820f7cfe56e0a71ce3e7b8fef7c959efb6df98d57645f0951ffc5
SHA512 4b3691e6c60924414d7611433f22eb92ad214a120a42a87e8a0e32318074e3af2e23b4c97b3d096ae25973ef0dfd72312da82796f5b17ba81a900328c327f4b0

C:\Windows\System\FkuhqiF.exe

MD5 b6269967644386bdb056f3a12cbc19fb
SHA1 7ca31bee648a1bf88adfd95ca3a232e4f0317e5f
SHA256 90ea727fe20de873a3c05ece4c4924c78b5e033a6e3da9ed310bf4b09708a22f
SHA512 5b6a733975eca30bc3627e9e46893529ee3ee5643b9557e64ecaaeaac9eaf402ff38fed353027b2b0eceed836e7e2be7bd56553c6a1fb6a2782cf4a592dad970

memory/1628-15-0x00007FF681320000-0x00007FF681674000-memory.dmp

memory/1956-18-0x00007FF769500000-0x00007FF769854000-memory.dmp

C:\Windows\System\gKpvSTS.exe

MD5 aad3368adf038c8f8b380188bbddaa42
SHA1 418fcb6d12af8fefdcb6a37d11fcfbf55051c7ce
SHA256 e4e1cc1bfef7cdfa84c14f17d7677de8d16a7e019eb79cb100c6b70d32fcc0d0
SHA512 f255090c90b9707e5f972a5ba4c83a52726d8b179ac8e02de9503eb4694dd4b515bc0163ac9801b076ce3fe01ac10dc21070630c5ab3e4b8ad9077102cf0dc8e

C:\Windows\System\WAaMHuw.exe

MD5 1ac1274a697525e0b99c2c34102bd4b8
SHA1 94d457d3fde85f2af2ce8eb9d5421caca17cf23f
SHA256 9900b747122300d273d22a4d58a37d2e36ad94f85cb1b41c73e9b123eacc35fe
SHA512 ba0c81204a1363ee0c236848a8aeabeb8f42acc0c2fc89b1c3be6b492e2a921b8c737310891c8695874cfa6b7578daf27580274d4103715fe5b7a9c551040627

memory/3132-7-0x00007FF61D5F0000-0x00007FF61D944000-memory.dmp

C:\Windows\System\ZWzbXIB.exe

MD5 8839c8b12b52f6a1e3ad0add284115bc
SHA1 35af8908e3ff91406847f393697a3dabbe34300a
SHA256 298d4d1eeb5b7947aa18166c6e879558935c5c15bcfefead70bfcb087c49aaf8
SHA512 054d4d30a49ce2660daf03e3b113c7495d837952e49c2c02e3e4a8ee2659e1710635dc922253ea28c8aef86848633bac81ad2b595e62335fd99e0a891e30e5aa

C:\Windows\System\boPixVG.exe

MD5 8e4f77bb6d01ac915737b4c83d971c82
SHA1 d694cdaa93fd3fedfa4ba6aab9b86b869e0ea48f
SHA256 0a04e66c5e08d6d9df2dd3824372478987658ecf902efe178fbd1ace1775bc9b
SHA512 1addbe5f688306fe4e894c7ee577944ca01e794535a942fdd6a1d73be79f187127edb70d931b6231d10dc468a8accec7fe2f9ca4d8797cb24b8465a05bc5a995

C:\Windows\System\yKskcjB.exe

MD5 270e17e38b53d7021d153f124d2f023f
SHA1 9f949ac8faff06906d71d1c214911a9f116e599f
SHA256 12bfa912cfb60888a710ec3a8217995e5e9454fc3fdfb5bafdddafa06593ff87
SHA512 3fe3f8cc815dc4fee7687978c9f45ed2abeefef010bfdb27635ff7c7c4048b517399a64805af44cc2b287bb3e305605cb5852b92bc210ce0b4c2500eadc09488

C:\Windows\System\LsfwDHg.exe

MD5 b1205f7e81d30475eb251628ac7853b4
SHA1 f134a34959c0ad1063244f453e1e8c283b7fae82
SHA256 696ac9ba83242de694369fba9d38e39b6da2ba8a289d9098174c6c8d18db132e
SHA512 48911a37ac1474111b5a1dd3d28df90cf9c1aca7aa28651d634a492796872d6c4adbc94779e01ed43693a9fc27e3114bead23010d5e1e351da1f3e7a4c412a3b

C:\Windows\System\XHrYUkn.exe

MD5 22b97e53ac5b0bc0ddc7daebdfd26f62
SHA1 f39e38c00c1b55afd4e1ee9b065685d744653206
SHA256 d594b296b78777d1ecef5717380bc5257abdb2fa0acbd00b4862774f4524bf3e
SHA512 e6e36fc4a6042a0efc679813691cf8fff02de36aeb5770d3a37fcb545dcf5a9e8d9081f910faa0e8664d6346e1d5b6153901fac3f70bc581491ff9581d689e62

C:\Windows\System\eGDvtPI.exe

MD5 1b9308a5a977f58ee67f0660ef22a2dc
SHA1 9daf97cf9e71008661ccccd57230666fe1d93557
SHA256 f6ea3c07207eb5224e4f3cbc13c564ab62cdd55e418550d38837fc87ff641ec4
SHA512 ee3900174dce3392e2082e5245e4f1b938e1f0987f694c45c70e158fb6d9a6b4c9dbdde4b2f3e87fcd04ae91c96038a7c0efe4650c5b0d643fc6ef0edeb09e15

C:\Windows\System\TRUVbGR.exe

MD5 9ce0e28ee6dbe7a539138e78f6b3423e
SHA1 9508cb46af8354355f0e567b3531d2db7f026f6d
SHA256 17680b2594b6322b74bba214b1ca64e1e69962ba703585198ad9171e1a3c5449
SHA512 00a23131b78b8be491e3263d8c551c5ca89787fd7e09a8df82901657f8c0b3cd68ace8bc781cad8b87adb821bc56b43a6d052ef927838deee742ee57fd7ad73a

memory/3312-628-0x00007FF7F4E90000-0x00007FF7F51E4000-memory.dmp

memory/1328-629-0x00007FF648FF0000-0x00007FF649344000-memory.dmp

memory/4500-631-0x00007FF753A60000-0x00007FF753DB4000-memory.dmp

memory/1524-632-0x00007FF6D1060000-0x00007FF6D13B4000-memory.dmp

memory/924-630-0x00007FF7C56E0000-0x00007FF7C5A34000-memory.dmp

memory/4900-633-0x00007FF780F20000-0x00007FF781274000-memory.dmp

memory/3412-634-0x00007FF6D42B0000-0x00007FF6D4604000-memory.dmp

memory/3680-635-0x00007FF7C6A10000-0x00007FF7C6D64000-memory.dmp

memory/4124-636-0x00007FF6DB440000-0x00007FF6DB794000-memory.dmp

memory/1124-637-0x00007FF7AE160000-0x00007FF7AE4B4000-memory.dmp

memory/1996-646-0x00007FF7A2240000-0x00007FF7A2594000-memory.dmp

memory/3272-651-0x00007FF793610000-0x00007FF793964000-memory.dmp

memory/2544-655-0x00007FF6FA310000-0x00007FF6FA664000-memory.dmp

memory/208-702-0x00007FF705240000-0x00007FF705594000-memory.dmp

memory/1576-700-0x00007FF794650000-0x00007FF7949A4000-memory.dmp

memory/4472-697-0x00007FF754350000-0x00007FF7546A4000-memory.dmp

memory/1732-690-0x00007FF61AF60000-0x00007FF61B2B4000-memory.dmp

memory/4936-687-0x00007FF662A10000-0x00007FF662D64000-memory.dmp

memory/4704-681-0x00007FF647680000-0x00007FF6479D4000-memory.dmp

memory/5064-673-0x00007FF756500000-0x00007FF756854000-memory.dmp

memory/3760-666-0x00007FF6740C0000-0x00007FF674414000-memory.dmp

memory/4376-661-0x00007FF7E64D0000-0x00007FF7E6824000-memory.dmp

memory/2356-658-0x00007FF771A90000-0x00007FF771DE4000-memory.dmp

memory/3328-642-0x00007FF675340000-0x00007FF675694000-memory.dmp

C:\Windows\System\UxSCKRA.exe

MD5 4e0ae05c187d9fec3bbbdbac3bea064a
SHA1 2c2d37be8b243ba5ca5fbc0be54c2d780a38f61c
SHA256 91a77c52b2132bc49c41c8753f6b6714a23a779c026327f232a11e4e791ea883
SHA512 d484ba34ebc223419fe624b69d8ed21846ae81d8fb02a0889cb5ba9bf2fb235c621fb29e6c84dc629420f9d75b0ef82fc67f18a854d8dd20b253d18c591403c6

C:\Windows\System\khxtjzT.exe

MD5 2f91ab844928581fe2a8e7b8bc10d53a
SHA1 aeb07ad85bc90f145b816b2eef9e3592f9232c75
SHA256 6834f9c65d733b7bd73955a84ee0b4d9dce0a57cddde663783c52171ea5eedd3
SHA512 b607f1a40247b44aff651dd0a15138c7e1a3eae1b906c9297cb931cde6010237de17eb203a151d2d619ca0dbe7842e1f56aea07753b3beb286b99b49468cea74

C:\Windows\System\FHAAQCQ.exe

MD5 a39c6b9fb71f6b96af83448e0c6db4de
SHA1 c2d547596936cb353f680e9a9e6221338e6ad5fd
SHA256 6ccf92c9f504c46c606320614219795d163f12d3db28f6a2f3745552d6a41735
SHA512 b1a3fa77435790f9a25c740f34fb310f27923a551ce8718851123783bcf376352918e39b9635717003b5f9b897ded2f893f3a61a956132df68733316ac93507d

C:\Windows\System\JgEEiVk.exe

MD5 34cad3f0695a472249de4462164419b3
SHA1 e0b86e369b246e5125f4f3d317cdc8e8552eec02
SHA256 213fc0eeaad9042be981643bcd77b33b234711d8813ebd7e8333967640887092
SHA512 b321357f1c16acaf3c599ca7daaf7a43cd20be12c9ddf41ccbfb9eb3daefe5c3830aa8f1ed1f8a6d5758f79662fc0bdbcd77587f640692340e1f0356173d3a01

C:\Windows\System\lrcBKSA.exe

MD5 b453d5f8d584740c749ac49c11ae7798
SHA1 67aa937996bf681cb5becd14a2964e3ab22b32a2
SHA256 c3544de12e1d102a18af6a1050c5c4bc5d2f7df11ec6fd82534cd16a872e50c3
SHA512 c9dc038c58ead855431dfbe1bf96d4e0e20aadf1065182001f4af0825c0ec5187dc102996a4678da7895d63d63bbd187e38b0bc1a3695ef88bf2367c48c0c360

C:\Windows\System\ehPyNlF.exe

MD5 43e6985817fe1db9b440efb3f986804e
SHA1 4e62cf9ea8a30c2bc10006c31bf9f18f38768a80
SHA256 c56fb21558cfc09c8f247301577f93280707dff025b9be6e022af61ac5a9d193
SHA512 7e3e8efe7eb060ee98b940801ea702064c3684ba091050933c9e2d1d4a95ce2454c57157d316f0cb6ae81e6a3b3780a6a81aa5fce65b6e8fb803133920ff48ac

C:\Windows\System\UIaGZjZ.exe

MD5 d27d624c4fc42ef79069c683ed94530d
SHA1 20c7dacc8fd38f40acb7bc25c9c216a0e9b1c7db
SHA256 0132ff7811b910e0d41f4ef86efe187684f1d2009a15f2a92a51aa08e447d411
SHA512 e98c256c45254e3e83ab4430ed683a410150ed1e6994b7de77d4b35a349e5b7353368b8471593b0014cee284b2de488da74141b093268b22eafd4da0f29d8da6

C:\Windows\System\PIuVMwA.exe

MD5 4d8fbd1f1c491da68a9283325b9a1cf7
SHA1 47b5d3203d3116e2c26904fcfcc399579142ec4c
SHA256 f8f77f22376f07c7db74314e95ef3cf42139c637b0f74a044667ddda8bac864d
SHA512 142a4d143167d493487f1e0c5f31e8ce7271a4e17d3a991b9f5949cf860a9b35fc37e61eb8fb131fe4e873fd91ede0c3c25ccbe646e32ae09f529d4c3fecf61f

C:\Windows\System\BYdyCsk.exe

MD5 04d4f43ffad3b856e9f758457b92827a
SHA1 dac7df5ba7db1d9e1506a72cbb53296e6801c7a6
SHA256 c84b8ab97a9dfc5fba2a4fa2ad6f33f797aa89684bb0150f1fffb891603d2d24
SHA512 22eda96ee154ee2e59d8a5e4b6df153feaf11335e2b837e285a0e556d3222791adf3ab82b92ac50ffacf383cbb57274ab4b7f53199123aa57ca5e61005126475

C:\Windows\System\cQyDSCC.exe

MD5 56c9898d48fbaf091f9c9b008612ccfa
SHA1 9b00ef6631cd53f8c63693db1c6ce11bff570ead
SHA256 1185b711b4b7e4745c0901547b61f41e40883be01679c4eae19e8bbe76f15564
SHA512 e61d17143fc6138da3937b71d078dad4eeec74270521086598ee46fe0ec29d484b32554ba63d64ee59b15ef86b852343bb00d901a7abd4c41c0e91b116526a59

C:\Windows\System\RlygYku.exe

MD5 627dfcc4aa714823049f6b12e829643f
SHA1 089b608a527fee98a49ac664882f3a41b6259025
SHA256 ee486684b8427e0d0ac67d04cab2ec828951b91134345eff547b77c2f8258d89
SHA512 94130fbc245a05da8befab838b49d59a7f657ecfe46ba7b448a2b9231b09fd0f03722a31f5e1c556701ba8c112bd92c8f6ac031ff0a13be1b92ade350dcf4ae5

C:\Windows\System\hXWLFMq.exe

MD5 03ea3acd3dc1f49b886f993b702d31fc
SHA1 6bbbb197528cc58bff58be68ae5bf89e40718024
SHA256 fe74ae0b93088e341fa5fa88ed8f21c42b034d4e78d9dd5c81139c213b50a97c
SHA512 3383abf7b16d2b7814919915d1b9f34e9259a3171095f14f398b5ef78be33cd2c71fae4d079de303043240670c8fd87013fb220309cdd20fee46d81d61f6029b

C:\Windows\System\uQqnmVp.exe

MD5 db7029f48f74cac9f3cee566389b2fc4
SHA1 dbacfeccbb0f0acde4ad530ab209a9179f49a1e0
SHA256 dba7864059e0cb6ccda0c825e2a71c3693ccf8be0c33a28bcf4b78cbc7f0a6d7
SHA512 d79f020bab624fe33c8a3c0a56665d451a2a53bcc7e89051544f164fe1ae490e883d8277d0c8b7911ea140f402f03ed5c89449dd9e0cc853d2946b674ec16018

C:\Windows\System\ywecNcl.exe

MD5 16808cee56e3404af4077f43c21d1326
SHA1 8c31d36fbbc1ef56993b6f303c2fb5921af051e9
SHA256 eb4e2711f2022bf032da2ec330a9a84ba21506eaa00d55b309882bd128609766
SHA512 8d7224a690420da453edfc7d439ea9657267528b3577ccc2672296341967bfa9341e2574e2a06c507b0bd5566f7180071d6582af0746fbcd5fc3a15be1dddb3f

C:\Windows\System\vYHnulf.exe

MD5 c408d6f58fa6c75a5c12ea7c641286d3
SHA1 59618d06d795cfa7e23e6a76275dd97cf458a642
SHA256 6948d372bb16cada4dc2aa6265fa5d722f318eb2800803eb500cd565233570d4
SHA512 f0175b2ba65fcd20bd23d5ea5c0ea9c9a637e17b216b31d82c6876f713a545eeb7a99ce28b2314597abc58877e9e65603516df1f0548a0c6de7724714288e0b4

C:\Windows\System\oRFhQEW.exe

MD5 feb3956273c2748251ea0022e1f4cd21
SHA1 91ba5d6e8393a2cf4f61a5686c43aac3b80f51ad
SHA256 030b994ed79e46c1c3552489b99093028a61c7847dd0d996b5180e2c23cc6e8b
SHA512 eb0b474f543ed709f91a973a641a4e950195ed37e10c3e489fe15f7520d72479d3ec0c156cfdefd3e0b9b81c44dc4aa7947f6749b89f792a691a0c95f6e2d23f

C:\Windows\System\TdbtYft.exe

MD5 9e1ba708ed35735d9d6e3ebb0683bd37
SHA1 dd9e3b458568a954effa63759e909ce3a5288efe
SHA256 4b9c5b2b129c89317d69ecfdc3f7fd989cee7b09498bc17175fd4158a963657c
SHA512 70a1acfe7705469fceed68b15ed0102274ccb51d490a567fbc1c927841851b0e96ea402244e4fecb43de3ab12ef46018ad13f3bd1e83c9b5126b94a01ef80f08

C:\Windows\System\BFOYUIO.exe

MD5 c69499492a74c0e6701af51ec53bc78b
SHA1 3e28c5e960bd366a94f387617504323b27d8f240
SHA256 e254c4e472753af4bc573975b73bd359e6e74a8b3eeb4299e2ebc256d6159209
SHA512 c77a2ec10e4668f1cff1fa1713ce2df040ad59dc3ff5ae7b38a0d6405fb6959d0d30228e1293e7ddcf31bb56f42b86d1fca3cbd02cd554e3028a4bb4ff992380

C:\Windows\System\usPrCsJ.exe

MD5 7a5469297ae5c2c5bf8c9e337c30b923
SHA1 2c917da7a729ef3f24f380ca4298e123c19aba32
SHA256 fb306359bd96ac39f0b3b391f5c37383af39580c8f54a0af127a573c905ab70a
SHA512 2d50e827b657982c886163b8160a5db90cad85f38d4bd66e142b52cbc3cb2494f039e23f8b614aa0a06e7893f89b7386a39cc316878a875245b5290a87e2863a

C:\Windows\System\wxeYsDb.exe

MD5 b180dea4ef0641271bbc16c5659f02d5
SHA1 455d67714e2a837d34155078e3840b030db734bf
SHA256 93928f3ad28aaff96673c9596974b16d0fc9ed595745d2fd0ef775a33c478ebc
SHA512 19d8b62bdee373b349a2a1bb3142706d0a9578d94c1800b4c3af0a5a81ed8d602b02871dc523684ce074ff45201730fa80974f4166e451642853af44cc5fc94b

C:\Windows\System\bBEZbRq.exe

MD5 91b98b723b2a66abfa74b78919b7c0a5
SHA1 13fb5260cd307cf7fe0a7ecbe6611a7a1ba63972
SHA256 8515c3dafcb7fcddde43575fab39aa94f3655e63bbad0feadc0ae6042e2c0c17
SHA512 978823ea8ffee471ba8a55586cc551d4ce911c2ced08f2f8341751a64b8f59fe8a13cd50560a4534b09df53bc4126e27c376cff108f8fc2e6e1a88d79ad94060

memory/1476-34-0x00007FF70BB80000-0x00007FF70BED4000-memory.dmp

memory/3356-28-0x00007FF62A3D0000-0x00007FF62A724000-memory.dmp

C:\Windows\System\YoAQGZZ.exe

MD5 8b9e1b271ee2100d796ec64eeec0198f
SHA1 4474e0f131bd50459bae47d3ad581042533a57d2
SHA256 a6c7c505d543b5d8ebbe317d2337cd39dad22d1cc484c94ead31592cfe18d98f
SHA512 4fe449e74789f276d8f539b844a311ff8a39c86ccfdb7bdc9b888f58a0bb9ebc70033265575ecf25a87e08d7556f24d82e758357308f378ba4526cfc27b084d5

memory/1880-1070-0x00007FF712DE0000-0x00007FF713134000-memory.dmp

memory/3132-1071-0x00007FF61D5F0000-0x00007FF61D944000-memory.dmp

memory/1628-1072-0x00007FF681320000-0x00007FF681674000-memory.dmp

memory/1956-1073-0x00007FF769500000-0x00007FF769854000-memory.dmp

memory/3356-1074-0x00007FF62A3D0000-0x00007FF62A724000-memory.dmp

memory/1476-1075-0x00007FF70BB80000-0x00007FF70BED4000-memory.dmp

memory/3132-1076-0x00007FF61D5F0000-0x00007FF61D944000-memory.dmp

memory/1628-1077-0x00007FF681320000-0x00007FF681674000-memory.dmp

memory/1956-1078-0x00007FF769500000-0x00007FF769854000-memory.dmp

memory/3356-1079-0x00007FF62A3D0000-0x00007FF62A724000-memory.dmp

memory/1476-1080-0x00007FF70BB80000-0x00007FF70BED4000-memory.dmp

memory/3680-1082-0x00007FF7C6A10000-0x00007FF7C6D64000-memory.dmp

memory/4900-1087-0x00007FF780F20000-0x00007FF781274000-memory.dmp

memory/4124-1089-0x00007FF6DB440000-0x00007FF6DB794000-memory.dmp

memory/1124-1090-0x00007FF7AE160000-0x00007FF7AE4B4000-memory.dmp

memory/924-1088-0x00007FF7C56E0000-0x00007FF7C5A34000-memory.dmp

memory/4500-1086-0x00007FF753A60000-0x00007FF753DB4000-memory.dmp

memory/1524-1085-0x00007FF6D1060000-0x00007FF6D13B4000-memory.dmp

memory/3412-1084-0x00007FF6D42B0000-0x00007FF6D4604000-memory.dmp

memory/1328-1083-0x00007FF648FF0000-0x00007FF649344000-memory.dmp

memory/3312-1081-0x00007FF7F4E90000-0x00007FF7F51E4000-memory.dmp

memory/1576-1091-0x00007FF794650000-0x00007FF7949A4000-memory.dmp

memory/5064-1095-0x00007FF756500000-0x00007FF756854000-memory.dmp

memory/4704-1094-0x00007FF647680000-0x00007FF6479D4000-memory.dmp

memory/4936-1093-0x00007FF662A10000-0x00007FF662D64000-memory.dmp

memory/1732-1092-0x00007FF61AF60000-0x00007FF61B2B4000-memory.dmp

memory/208-1098-0x00007FF705240000-0x00007FF705594000-memory.dmp

memory/3328-1104-0x00007FF675340000-0x00007FF675694000-memory.dmp

memory/1996-1103-0x00007FF7A2240000-0x00007FF7A2594000-memory.dmp

memory/3272-1102-0x00007FF793610000-0x00007FF793964000-memory.dmp

memory/2544-1101-0x00007FF6FA310000-0x00007FF6FA664000-memory.dmp

memory/2356-1100-0x00007FF771A90000-0x00007FF771DE4000-memory.dmp

memory/4376-1099-0x00007FF7E64D0000-0x00007FF7E6824000-memory.dmp

memory/4472-1097-0x00007FF754350000-0x00007FF7546A4000-memory.dmp

memory/3760-1096-0x00007FF6740C0000-0x00007FF674414000-memory.dmp