Malware Analysis Report

2024-10-10 09:31

Sample ID 240627-y41lbs1dmq
Target 11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe
SHA256 11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af

Threat Level: Known bad

The file 11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

XMRig Miner payload

Xmrig family

KPOT

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 20:21

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 20:21

Reported

2024-06-27 20:23

Platform

win7-20240508-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\unPvBeV.exe N/A
N/A N/A C:\Windows\System\dyXBggH.exe N/A
N/A N/A C:\Windows\System\pHJgWPy.exe N/A
N/A N/A C:\Windows\System\hBuEXMy.exe N/A
N/A N/A C:\Windows\System\unHeofr.exe N/A
N/A N/A C:\Windows\System\NFUTWgc.exe N/A
N/A N/A C:\Windows\System\HpFBtcC.exe N/A
N/A N/A C:\Windows\System\ZRUYSII.exe N/A
N/A N/A C:\Windows\System\CdsQIuP.exe N/A
N/A N/A C:\Windows\System\BnePNze.exe N/A
N/A N/A C:\Windows\System\GUhvNad.exe N/A
N/A N/A C:\Windows\System\GnoJeDv.exe N/A
N/A N/A C:\Windows\System\IhOThBy.exe N/A
N/A N/A C:\Windows\System\uPpJiqo.exe N/A
N/A N/A C:\Windows\System\mSSWEJs.exe N/A
N/A N/A C:\Windows\System\OhZETvh.exe N/A
N/A N/A C:\Windows\System\WWlxjFB.exe N/A
N/A N/A C:\Windows\System\FHIfnZI.exe N/A
N/A N/A C:\Windows\System\iMbGkag.exe N/A
N/A N/A C:\Windows\System\nYxhWrj.exe N/A
N/A N/A C:\Windows\System\JBEREsv.exe N/A
N/A N/A C:\Windows\System\OnieQbv.exe N/A
N/A N/A C:\Windows\System\iAtyfUZ.exe N/A
N/A N/A C:\Windows\System\rPbDYpY.exe N/A
N/A N/A C:\Windows\System\iFeKGIB.exe N/A
N/A N/A C:\Windows\System\OFKNGGH.exe N/A
N/A N/A C:\Windows\System\XfsNzDN.exe N/A
N/A N/A C:\Windows\System\NdYPOTF.exe N/A
N/A N/A C:\Windows\System\VoGUCvl.exe N/A
N/A N/A C:\Windows\System\kyBnzUt.exe N/A
N/A N/A C:\Windows\System\kbiMCzz.exe N/A
N/A N/A C:\Windows\System\FloKwpy.exe N/A
N/A N/A C:\Windows\System\sQPUHtQ.exe N/A
N/A N/A C:\Windows\System\HowFzxA.exe N/A
N/A N/A C:\Windows\System\wPxBwUu.exe N/A
N/A N/A C:\Windows\System\uZJtOsX.exe N/A
N/A N/A C:\Windows\System\yUNrTuc.exe N/A
N/A N/A C:\Windows\System\pvctzmZ.exe N/A
N/A N/A C:\Windows\System\HoSIBSF.exe N/A
N/A N/A C:\Windows\System\BpUyONI.exe N/A
N/A N/A C:\Windows\System\AJKAhsY.exe N/A
N/A N/A C:\Windows\System\vpCIgAs.exe N/A
N/A N/A C:\Windows\System\nIYlWEk.exe N/A
N/A N/A C:\Windows\System\qXakoLB.exe N/A
N/A N/A C:\Windows\System\KNHmQwI.exe N/A
N/A N/A C:\Windows\System\fkPUROZ.exe N/A
N/A N/A C:\Windows\System\eCEWJMT.exe N/A
N/A N/A C:\Windows\System\aGiCQjT.exe N/A
N/A N/A C:\Windows\System\PdeHJbU.exe N/A
N/A N/A C:\Windows\System\GuoPfYG.exe N/A
N/A N/A C:\Windows\System\WwYvGFx.exe N/A
N/A N/A C:\Windows\System\OOfSFZG.exe N/A
N/A N/A C:\Windows\System\gQxAiDj.exe N/A
N/A N/A C:\Windows\System\HcQMTNu.exe N/A
N/A N/A C:\Windows\System\XCISVZr.exe N/A
N/A N/A C:\Windows\System\CGPDHgs.exe N/A
N/A N/A C:\Windows\System\rPDkDOg.exe N/A
N/A N/A C:\Windows\System\ufRaxtz.exe N/A
N/A N/A C:\Windows\System\ttnnLdT.exe N/A
N/A N/A C:\Windows\System\IilFDvs.exe N/A
N/A N/A C:\Windows\System\NAJfsEk.exe N/A
N/A N/A C:\Windows\System\JZXJNRv.exe N/A
N/A N/A C:\Windows\System\QaCtupn.exe N/A
N/A N/A C:\Windows\System\pQYZDiU.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GUhvNad.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmxaQWj.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\GAJdDjG.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\boPiKyv.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHUqunK.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlYzTSi.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBEAYHm.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMbGkag.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\gQxAiDj.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZXJNRv.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\EkbDCai.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhmQPOX.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVMXoxD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWEKzlB.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfsNzDN.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YIFEXoQ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbLIeSD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiNvDHP.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMGMLFf.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZgiUQv.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\impczAt.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\inaPysa.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\eGlDwbL.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFUTWgc.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\JeFBdcM.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhUagBV.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFhvKiH.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHMpFkt.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVYKxPu.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\tabEJRK.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\COipcPa.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJBcXBD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPNBIbs.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkjWOQS.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPpJiqo.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXZGiKi.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSGTtBj.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKoiueG.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhrknvJ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBxWECz.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLNHmcD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\dyXBggH.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhZETvh.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOxPOBo.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\euKlWvc.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnePNze.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqkDLxW.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSPtBit.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\lhepaLp.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDSxLiV.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrlAsfV.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\QBxRdCy.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMvDAHh.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZRUYSII.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYxhWrj.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\HowFzxA.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZEpWdz.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\PllTWnV.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUwCNwF.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylCaIiX.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIHhPxW.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\VoGUCvl.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKhNPgn.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXdkaYt.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unPvBeV.exe
PID 2232 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unPvBeV.exe
PID 2232 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unPvBeV.exe
PID 2232 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\pHJgWPy.exe
PID 2232 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\pHJgWPy.exe
PID 2232 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\pHJgWPy.exe
PID 2232 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\dyXBggH.exe
PID 2232 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\dyXBggH.exe
PID 2232 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\dyXBggH.exe
PID 2232 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\hBuEXMy.exe
PID 2232 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\hBuEXMy.exe
PID 2232 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\hBuEXMy.exe
PID 2232 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\NFUTWgc.exe
PID 2232 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\NFUTWgc.exe
PID 2232 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\NFUTWgc.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unHeofr.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unHeofr.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\unHeofr.exe
PID 2232 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HpFBtcC.exe
PID 2232 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HpFBtcC.exe
PID 2232 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HpFBtcC.exe
PID 2232 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\ZRUYSII.exe
PID 2232 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\ZRUYSII.exe
PID 2232 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\ZRUYSII.exe
PID 2232 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\CdsQIuP.exe
PID 2232 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\CdsQIuP.exe
PID 2232 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\CdsQIuP.exe
PID 2232 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GUhvNad.exe
PID 2232 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GUhvNad.exe
PID 2232 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GUhvNad.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\BnePNze.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\BnePNze.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\BnePNze.exe
PID 2232 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GnoJeDv.exe
PID 2232 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GnoJeDv.exe
PID 2232 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GnoJeDv.exe
PID 2232 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\uPpJiqo.exe
PID 2232 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\uPpJiqo.exe
PID 2232 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\uPpJiqo.exe
PID 2232 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\IhOThBy.exe
PID 2232 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\IhOThBy.exe
PID 2232 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\IhOThBy.exe
PID 2232 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mSSWEJs.exe
PID 2232 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mSSWEJs.exe
PID 2232 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mSSWEJs.exe
PID 2232 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OhZETvh.exe
PID 2232 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OhZETvh.exe
PID 2232 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OhZETvh.exe
PID 2232 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\iMbGkag.exe
PID 2232 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\iMbGkag.exe
PID 2232 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\iMbGkag.exe
PID 2232 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\WWlxjFB.exe
PID 2232 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\WWlxjFB.exe
PID 2232 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\WWlxjFB.exe
PID 2232 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\nYxhWrj.exe
PID 2232 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\nYxhWrj.exe
PID 2232 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\nYxhWrj.exe
PID 2232 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\FHIfnZI.exe
PID 2232 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\FHIfnZI.exe
PID 2232 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\FHIfnZI.exe
PID 2232 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OnieQbv.exe
PID 2232 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OnieQbv.exe
PID 2232 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\OnieQbv.exe
PID 2232 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\JBEREsv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe"

C:\Windows\System\unPvBeV.exe

C:\Windows\System\unPvBeV.exe

C:\Windows\System\pHJgWPy.exe

C:\Windows\System\pHJgWPy.exe

C:\Windows\System\dyXBggH.exe

C:\Windows\System\dyXBggH.exe

C:\Windows\System\hBuEXMy.exe

C:\Windows\System\hBuEXMy.exe

C:\Windows\System\NFUTWgc.exe

C:\Windows\System\NFUTWgc.exe

C:\Windows\System\unHeofr.exe

C:\Windows\System\unHeofr.exe

C:\Windows\System\HpFBtcC.exe

C:\Windows\System\HpFBtcC.exe

C:\Windows\System\ZRUYSII.exe

C:\Windows\System\ZRUYSII.exe

C:\Windows\System\CdsQIuP.exe

C:\Windows\System\CdsQIuP.exe

C:\Windows\System\GUhvNad.exe

C:\Windows\System\GUhvNad.exe

C:\Windows\System\BnePNze.exe

C:\Windows\System\BnePNze.exe

C:\Windows\System\GnoJeDv.exe

C:\Windows\System\GnoJeDv.exe

C:\Windows\System\uPpJiqo.exe

C:\Windows\System\uPpJiqo.exe

C:\Windows\System\IhOThBy.exe

C:\Windows\System\IhOThBy.exe

C:\Windows\System\mSSWEJs.exe

C:\Windows\System\mSSWEJs.exe

C:\Windows\System\OhZETvh.exe

C:\Windows\System\OhZETvh.exe

C:\Windows\System\iMbGkag.exe

C:\Windows\System\iMbGkag.exe

C:\Windows\System\WWlxjFB.exe

C:\Windows\System\WWlxjFB.exe

C:\Windows\System\nYxhWrj.exe

C:\Windows\System\nYxhWrj.exe

C:\Windows\System\FHIfnZI.exe

C:\Windows\System\FHIfnZI.exe

C:\Windows\System\OnieQbv.exe

C:\Windows\System\OnieQbv.exe

C:\Windows\System\JBEREsv.exe

C:\Windows\System\JBEREsv.exe

C:\Windows\System\iAtyfUZ.exe

C:\Windows\System\iAtyfUZ.exe

C:\Windows\System\rPbDYpY.exe

C:\Windows\System\rPbDYpY.exe

C:\Windows\System\iFeKGIB.exe

C:\Windows\System\iFeKGIB.exe

C:\Windows\System\OFKNGGH.exe

C:\Windows\System\OFKNGGH.exe

C:\Windows\System\XfsNzDN.exe

C:\Windows\System\XfsNzDN.exe

C:\Windows\System\NdYPOTF.exe

C:\Windows\System\NdYPOTF.exe

C:\Windows\System\VoGUCvl.exe

C:\Windows\System\VoGUCvl.exe

C:\Windows\System\kyBnzUt.exe

C:\Windows\System\kyBnzUt.exe

C:\Windows\System\kbiMCzz.exe

C:\Windows\System\kbiMCzz.exe

C:\Windows\System\FloKwpy.exe

C:\Windows\System\FloKwpy.exe

C:\Windows\System\sQPUHtQ.exe

C:\Windows\System\sQPUHtQ.exe

C:\Windows\System\HowFzxA.exe

C:\Windows\System\HowFzxA.exe

C:\Windows\System\wPxBwUu.exe

C:\Windows\System\wPxBwUu.exe

C:\Windows\System\uZJtOsX.exe

C:\Windows\System\uZJtOsX.exe

C:\Windows\System\yUNrTuc.exe

C:\Windows\System\yUNrTuc.exe

C:\Windows\System\pvctzmZ.exe

C:\Windows\System\pvctzmZ.exe

C:\Windows\System\HoSIBSF.exe

C:\Windows\System\HoSIBSF.exe

C:\Windows\System\BpUyONI.exe

C:\Windows\System\BpUyONI.exe

C:\Windows\System\AJKAhsY.exe

C:\Windows\System\AJKAhsY.exe

C:\Windows\System\vpCIgAs.exe

C:\Windows\System\vpCIgAs.exe

C:\Windows\System\nIYlWEk.exe

C:\Windows\System\nIYlWEk.exe

C:\Windows\System\qXakoLB.exe

C:\Windows\System\qXakoLB.exe

C:\Windows\System\KNHmQwI.exe

C:\Windows\System\KNHmQwI.exe

C:\Windows\System\fkPUROZ.exe

C:\Windows\System\fkPUROZ.exe

C:\Windows\System\eCEWJMT.exe

C:\Windows\System\eCEWJMT.exe

C:\Windows\System\aGiCQjT.exe

C:\Windows\System\aGiCQjT.exe

C:\Windows\System\PdeHJbU.exe

C:\Windows\System\PdeHJbU.exe

C:\Windows\System\GuoPfYG.exe

C:\Windows\System\GuoPfYG.exe

C:\Windows\System\WwYvGFx.exe

C:\Windows\System\WwYvGFx.exe

C:\Windows\System\OOfSFZG.exe

C:\Windows\System\OOfSFZG.exe

C:\Windows\System\gQxAiDj.exe

C:\Windows\System\gQxAiDj.exe

C:\Windows\System\HcQMTNu.exe

C:\Windows\System\HcQMTNu.exe

C:\Windows\System\XCISVZr.exe

C:\Windows\System\XCISVZr.exe

C:\Windows\System\CGPDHgs.exe

C:\Windows\System\CGPDHgs.exe

C:\Windows\System\rPDkDOg.exe

C:\Windows\System\rPDkDOg.exe

C:\Windows\System\ufRaxtz.exe

C:\Windows\System\ufRaxtz.exe

C:\Windows\System\ttnnLdT.exe

C:\Windows\System\ttnnLdT.exe

C:\Windows\System\IilFDvs.exe

C:\Windows\System\IilFDvs.exe

C:\Windows\System\NAJfsEk.exe

C:\Windows\System\NAJfsEk.exe

C:\Windows\System\JZXJNRv.exe

C:\Windows\System\JZXJNRv.exe

C:\Windows\System\QaCtupn.exe

C:\Windows\System\QaCtupn.exe

C:\Windows\System\pQYZDiU.exe

C:\Windows\System\pQYZDiU.exe

C:\Windows\System\KUOfkad.exe

C:\Windows\System\KUOfkad.exe

C:\Windows\System\HbAuRvZ.exe

C:\Windows\System\HbAuRvZ.exe

C:\Windows\System\nKhNPgn.exe

C:\Windows\System\nKhNPgn.exe

C:\Windows\System\vTescyO.exe

C:\Windows\System\vTescyO.exe

C:\Windows\System\ikbKKkx.exe

C:\Windows\System\ikbKKkx.exe

C:\Windows\System\XHUqunK.exe

C:\Windows\System\XHUqunK.exe

C:\Windows\System\cpRlnxN.exe

C:\Windows\System\cpRlnxN.exe

C:\Windows\System\aqkDLxW.exe

C:\Windows\System\aqkDLxW.exe

C:\Windows\System\BKjzGUy.exe

C:\Windows\System\BKjzGUy.exe

C:\Windows\System\UkWhbUo.exe

C:\Windows\System\UkWhbUo.exe

C:\Windows\System\zOsWtgc.exe

C:\Windows\System\zOsWtgc.exe

C:\Windows\System\YIFEXoQ.exe

C:\Windows\System\YIFEXoQ.exe

C:\Windows\System\jpwcuPq.exe

C:\Windows\System\jpwcuPq.exe

C:\Windows\System\fbLIeSD.exe

C:\Windows\System\fbLIeSD.exe

C:\Windows\System\ozRrLXz.exe

C:\Windows\System\ozRrLXz.exe

C:\Windows\System\uaXYbIU.exe

C:\Windows\System\uaXYbIU.exe

C:\Windows\System\impczAt.exe

C:\Windows\System\impczAt.exe

C:\Windows\System\EOQoqCM.exe

C:\Windows\System\EOQoqCM.exe

C:\Windows\System\TVcPMOl.exe

C:\Windows\System\TVcPMOl.exe

C:\Windows\System\pXdkaYt.exe

C:\Windows\System\pXdkaYt.exe

C:\Windows\System\ukQOMof.exe

C:\Windows\System\ukQOMof.exe

C:\Windows\System\ytIvbux.exe

C:\Windows\System\ytIvbux.exe

C:\Windows\System\ZxlZbZR.exe

C:\Windows\System\ZxlZbZR.exe

C:\Windows\System\wWTfubP.exe

C:\Windows\System\wWTfubP.exe

C:\Windows\System\Fzpcmqp.exe

C:\Windows\System\Fzpcmqp.exe

C:\Windows\System\pNRGGmQ.exe

C:\Windows\System\pNRGGmQ.exe

C:\Windows\System\vKWygXR.exe

C:\Windows\System\vKWygXR.exe

C:\Windows\System\wgtNZPC.exe

C:\Windows\System\wgtNZPC.exe

C:\Windows\System\jwQLnWH.exe

C:\Windows\System\jwQLnWH.exe

C:\Windows\System\EuiQFiy.exe

C:\Windows\System\EuiQFiy.exe

C:\Windows\System\GJQoZlG.exe

C:\Windows\System\GJQoZlG.exe

C:\Windows\System\fcRCYuE.exe

C:\Windows\System\fcRCYuE.exe

C:\Windows\System\OzOLRIN.exe

C:\Windows\System\OzOLRIN.exe

C:\Windows\System\cpsHipJ.exe

C:\Windows\System\cpsHipJ.exe

C:\Windows\System\hHoxvAQ.exe

C:\Windows\System\hHoxvAQ.exe

C:\Windows\System\WpxUtyw.exe

C:\Windows\System\WpxUtyw.exe

C:\Windows\System\xSPtBit.exe

C:\Windows\System\xSPtBit.exe

C:\Windows\System\UuiANBh.exe

C:\Windows\System\UuiANBh.exe

C:\Windows\System\YsZtMBr.exe

C:\Windows\System\YsZtMBr.exe

C:\Windows\System\lhepaLp.exe

C:\Windows\System\lhepaLp.exe

C:\Windows\System\arboAEf.exe

C:\Windows\System\arboAEf.exe

C:\Windows\System\ZmrobZE.exe

C:\Windows\System\ZmrobZE.exe

C:\Windows\System\mppTnAu.exe

C:\Windows\System\mppTnAu.exe

C:\Windows\System\MEWQFhw.exe

C:\Windows\System\MEWQFhw.exe

C:\Windows\System\qmvFgWY.exe

C:\Windows\System\qmvFgWY.exe

C:\Windows\System\uzWvbtN.exe

C:\Windows\System\uzWvbtN.exe

C:\Windows\System\nOOaTyM.exe

C:\Windows\System\nOOaTyM.exe

C:\Windows\System\SAYweqC.exe

C:\Windows\System\SAYweqC.exe

C:\Windows\System\lJMsPRu.exe

C:\Windows\System\lJMsPRu.exe

C:\Windows\System\sZELjRL.exe

C:\Windows\System\sZELjRL.exe

C:\Windows\System\JdlCcpq.exe

C:\Windows\System\JdlCcpq.exe

C:\Windows\System\sJsujvR.exe

C:\Windows\System\sJsujvR.exe

C:\Windows\System\yneVQrP.exe

C:\Windows\System\yneVQrP.exe

C:\Windows\System\iHphVrW.exe

C:\Windows\System\iHphVrW.exe

C:\Windows\System\inaPysa.exe

C:\Windows\System\inaPysa.exe

C:\Windows\System\CtZjcup.exe

C:\Windows\System\CtZjcup.exe

C:\Windows\System\OqBQbqH.exe

C:\Windows\System\OqBQbqH.exe

C:\Windows\System\moutyPT.exe

C:\Windows\System\moutyPT.exe

C:\Windows\System\hiNvDHP.exe

C:\Windows\System\hiNvDHP.exe

C:\Windows\System\jOREDdU.exe

C:\Windows\System\jOREDdU.exe

C:\Windows\System\uIEiQXs.exe

C:\Windows\System\uIEiQXs.exe

C:\Windows\System\dyyrfTL.exe

C:\Windows\System\dyyrfTL.exe

C:\Windows\System\QzcIgaY.exe

C:\Windows\System\QzcIgaY.exe

C:\Windows\System\gkoHwRG.exe

C:\Windows\System\gkoHwRG.exe

C:\Windows\System\JeFBdcM.exe

C:\Windows\System\JeFBdcM.exe

C:\Windows\System\THeEvrs.exe

C:\Windows\System\THeEvrs.exe

C:\Windows\System\eeRNWIA.exe

C:\Windows\System\eeRNWIA.exe

C:\Windows\System\cOXemLh.exe

C:\Windows\System\cOXemLh.exe

C:\Windows\System\yXZGiKi.exe

C:\Windows\System\yXZGiKi.exe

C:\Windows\System\gMGMLFf.exe

C:\Windows\System\gMGMLFf.exe

C:\Windows\System\SZmfXmm.exe

C:\Windows\System\SZmfXmm.exe

C:\Windows\System\FZrmrja.exe

C:\Windows\System\FZrmrja.exe

C:\Windows\System\jUvIGmf.exe

C:\Windows\System\jUvIGmf.exe

C:\Windows\System\eHekZTg.exe

C:\Windows\System\eHekZTg.exe

C:\Windows\System\msIOInH.exe

C:\Windows\System\msIOInH.exe

C:\Windows\System\OngtyXq.exe

C:\Windows\System\OngtyXq.exe

C:\Windows\System\lpoKJmB.exe

C:\Windows\System\lpoKJmB.exe

C:\Windows\System\pogIMbG.exe

C:\Windows\System\pogIMbG.exe

C:\Windows\System\WhUagBV.exe

C:\Windows\System\WhUagBV.exe

C:\Windows\System\rWwxyGU.exe

C:\Windows\System\rWwxyGU.exe

C:\Windows\System\Jtgskiv.exe

C:\Windows\System\Jtgskiv.exe

C:\Windows\System\xopEVwv.exe

C:\Windows\System\xopEVwv.exe

C:\Windows\System\stGGKSU.exe

C:\Windows\System\stGGKSU.exe

C:\Windows\System\EkbDCai.exe

C:\Windows\System\EkbDCai.exe

C:\Windows\System\xlcmICj.exe

C:\Windows\System\xlcmICj.exe

C:\Windows\System\zryHIzb.exe

C:\Windows\System\zryHIzb.exe

C:\Windows\System\nSGTtBj.exe

C:\Windows\System\nSGTtBj.exe

C:\Windows\System\nhprbae.exe

C:\Windows\System\nhprbae.exe

C:\Windows\System\svtofTz.exe

C:\Windows\System\svtofTz.exe

C:\Windows\System\NUqjtoB.exe

C:\Windows\System\NUqjtoB.exe

C:\Windows\System\IYTUWUF.exe

C:\Windows\System\IYTUWUF.exe

C:\Windows\System\eAYedeB.exe

C:\Windows\System\eAYedeB.exe

C:\Windows\System\SsoPjqq.exe

C:\Windows\System\SsoPjqq.exe

C:\Windows\System\fPvzwSK.exe

C:\Windows\System\fPvzwSK.exe

C:\Windows\System\YEWVXNs.exe

C:\Windows\System\YEWVXNs.exe

C:\Windows\System\gCJHPYb.exe

C:\Windows\System\gCJHPYb.exe

C:\Windows\System\LoyQgmK.exe

C:\Windows\System\LoyQgmK.exe

C:\Windows\System\OsnpsSC.exe

C:\Windows\System\OsnpsSC.exe

C:\Windows\System\aSZlVVT.exe

C:\Windows\System\aSZlVVT.exe

C:\Windows\System\ZfWuemM.exe

C:\Windows\System\ZfWuemM.exe

C:\Windows\System\hKoiueG.exe

C:\Windows\System\hKoiueG.exe

C:\Windows\System\nBIFcnU.exe

C:\Windows\System\nBIFcnU.exe

C:\Windows\System\dxkphrD.exe

C:\Windows\System\dxkphrD.exe

C:\Windows\System\yhmQPOX.exe

C:\Windows\System\yhmQPOX.exe

C:\Windows\System\ISmWYLs.exe

C:\Windows\System\ISmWYLs.exe

C:\Windows\System\YDSxLiV.exe

C:\Windows\System\YDSxLiV.exe

C:\Windows\System\asEIQhe.exe

C:\Windows\System\asEIQhe.exe

C:\Windows\System\KfauZGi.exe

C:\Windows\System\KfauZGi.exe

C:\Windows\System\weZfDOB.exe

C:\Windows\System\weZfDOB.exe

C:\Windows\System\ModkKcj.exe

C:\Windows\System\ModkKcj.exe

C:\Windows\System\WbitDnz.exe

C:\Windows\System\WbitDnz.exe

C:\Windows\System\MqILjrm.exe

C:\Windows\System\MqILjrm.exe

C:\Windows\System\OSfwbGa.exe

C:\Windows\System\OSfwbGa.exe

C:\Windows\System\njruKok.exe

C:\Windows\System\njruKok.exe

C:\Windows\System\BZEpWdz.exe

C:\Windows\System\BZEpWdz.exe

C:\Windows\System\RtCQTwn.exe

C:\Windows\System\RtCQTwn.exe

C:\Windows\System\VpWrdvw.exe

C:\Windows\System\VpWrdvw.exe

C:\Windows\System\FLyAEQI.exe

C:\Windows\System\FLyAEQI.exe

C:\Windows\System\kmKmExj.exe

C:\Windows\System\kmKmExj.exe

C:\Windows\System\YyMnaOr.exe

C:\Windows\System\YyMnaOr.exe

C:\Windows\System\pSPtxxx.exe

C:\Windows\System\pSPtxxx.exe

C:\Windows\System\HhrknvJ.exe

C:\Windows\System\HhrknvJ.exe

C:\Windows\System\DFhvKiH.exe

C:\Windows\System\DFhvKiH.exe

C:\Windows\System\mmxaQWj.exe

C:\Windows\System\mmxaQWj.exe

C:\Windows\System\jfRGYvB.exe

C:\Windows\System\jfRGYvB.exe

C:\Windows\System\Ugisoiy.exe

C:\Windows\System\Ugisoiy.exe

C:\Windows\System\IQfhlOi.exe

C:\Windows\System\IQfhlOi.exe

C:\Windows\System\aUDmJmh.exe

C:\Windows\System\aUDmJmh.exe

C:\Windows\System\YeZpLeC.exe

C:\Windows\System\YeZpLeC.exe

C:\Windows\System\pemHpZc.exe

C:\Windows\System\pemHpZc.exe

C:\Windows\System\igktsup.exe

C:\Windows\System\igktsup.exe

C:\Windows\System\NvkHOzy.exe

C:\Windows\System\NvkHOzy.exe

C:\Windows\System\SqJGJxA.exe

C:\Windows\System\SqJGJxA.exe

C:\Windows\System\VOlgxrc.exe

C:\Windows\System\VOlgxrc.exe

C:\Windows\System\rTbrxJe.exe

C:\Windows\System\rTbrxJe.exe

C:\Windows\System\xYlpAyS.exe

C:\Windows\System\xYlpAyS.exe

C:\Windows\System\lArbvHY.exe

C:\Windows\System\lArbvHY.exe

C:\Windows\System\PllTWnV.exe

C:\Windows\System\PllTWnV.exe

C:\Windows\System\clPyrTa.exe

C:\Windows\System\clPyrTa.exe

C:\Windows\System\jKmsyeA.exe

C:\Windows\System\jKmsyeA.exe

C:\Windows\System\xZodAWQ.exe

C:\Windows\System\xZodAWQ.exe

C:\Windows\System\HxemsHE.exe

C:\Windows\System\HxemsHE.exe

C:\Windows\System\YlYzTSi.exe

C:\Windows\System\YlYzTSi.exe

C:\Windows\System\pxoiZZY.exe

C:\Windows\System\pxoiZZY.exe

C:\Windows\System\MkjnnCB.exe

C:\Windows\System\MkjnnCB.exe

C:\Windows\System\eGlDwbL.exe

C:\Windows\System\eGlDwbL.exe

C:\Windows\System\fcfSDLL.exe

C:\Windows\System\fcfSDLL.exe

C:\Windows\System\DrlAsfV.exe

C:\Windows\System\DrlAsfV.exe

C:\Windows\System\NdLFPBc.exe

C:\Windows\System\NdLFPBc.exe

C:\Windows\System\rtjRuQH.exe

C:\Windows\System\rtjRuQH.exe

C:\Windows\System\tVMXoxD.exe

C:\Windows\System\tVMXoxD.exe

C:\Windows\System\IyKXIXr.exe

C:\Windows\System\IyKXIXr.exe

C:\Windows\System\XHiLpUg.exe

C:\Windows\System\XHiLpUg.exe

C:\Windows\System\rKlzAuf.exe

C:\Windows\System\rKlzAuf.exe

C:\Windows\System\upfGTWd.exe

C:\Windows\System\upfGTWd.exe

C:\Windows\System\dQnQvtM.exe

C:\Windows\System\dQnQvtM.exe

C:\Windows\System\KajizXy.exe

C:\Windows\System\KajizXy.exe

C:\Windows\System\WOpVmOo.exe

C:\Windows\System\WOpVmOo.exe

C:\Windows\System\WoVFiwM.exe

C:\Windows\System\WoVFiwM.exe

C:\Windows\System\GnTYSYe.exe

C:\Windows\System\GnTYSYe.exe

C:\Windows\System\wCTLZbh.exe

C:\Windows\System\wCTLZbh.exe

C:\Windows\System\vXNUiNF.exe

C:\Windows\System\vXNUiNF.exe

C:\Windows\System\GAJdDjG.exe

C:\Windows\System\GAJdDjG.exe

C:\Windows\System\EKzKpyD.exe

C:\Windows\System\EKzKpyD.exe

C:\Windows\System\mGsgPrV.exe

C:\Windows\System\mGsgPrV.exe

C:\Windows\System\tabEJRK.exe

C:\Windows\System\tabEJRK.exe

C:\Windows\System\qTsaLwO.exe

C:\Windows\System\qTsaLwO.exe

C:\Windows\System\dXMjyxp.exe

C:\Windows\System\dXMjyxp.exe

C:\Windows\System\tKgquJX.exe

C:\Windows\System\tKgquJX.exe

C:\Windows\System\CTwGqJC.exe

C:\Windows\System\CTwGqJC.exe

C:\Windows\System\YLjWtTF.exe

C:\Windows\System\YLjWtTF.exe

C:\Windows\System\boPiKyv.exe

C:\Windows\System\boPiKyv.exe

C:\Windows\System\DeBqdye.exe

C:\Windows\System\DeBqdye.exe

C:\Windows\System\GOxPOBo.exe

C:\Windows\System\GOxPOBo.exe

C:\Windows\System\WRaVdQh.exe

C:\Windows\System\WRaVdQh.exe

C:\Windows\System\zPXGnsX.exe

C:\Windows\System\zPXGnsX.exe

C:\Windows\System\nATWQCA.exe

C:\Windows\System\nATWQCA.exe

C:\Windows\System\rZgiUQv.exe

C:\Windows\System\rZgiUQv.exe

C:\Windows\System\DUeIyLA.exe

C:\Windows\System\DUeIyLA.exe

C:\Windows\System\WOIgghT.exe

C:\Windows\System\WOIgghT.exe

C:\Windows\System\OnARSJl.exe

C:\Windows\System\OnARSJl.exe

C:\Windows\System\LUwCNwF.exe

C:\Windows\System\LUwCNwF.exe

C:\Windows\System\CBxWECz.exe

C:\Windows\System\CBxWECz.exe

C:\Windows\System\EHnHuPd.exe

C:\Windows\System\EHnHuPd.exe

C:\Windows\System\DXOJALB.exe

C:\Windows\System\DXOJALB.exe

C:\Windows\System\WYJaQcn.exe

C:\Windows\System\WYJaQcn.exe

C:\Windows\System\GwkycLI.exe

C:\Windows\System\GwkycLI.exe

C:\Windows\System\ovjteqk.exe

C:\Windows\System\ovjteqk.exe

C:\Windows\System\LRmJodP.exe

C:\Windows\System\LRmJodP.exe

C:\Windows\System\vLieWTY.exe

C:\Windows\System\vLieWTY.exe

C:\Windows\System\LaKoqpo.exe

C:\Windows\System\LaKoqpo.exe

C:\Windows\System\dHMpFkt.exe

C:\Windows\System\dHMpFkt.exe

C:\Windows\System\jmuzjee.exe

C:\Windows\System\jmuzjee.exe

C:\Windows\System\gBtliMQ.exe

C:\Windows\System\gBtliMQ.exe

C:\Windows\System\hqdlSZL.exe

C:\Windows\System\hqdlSZL.exe

C:\Windows\System\SEtuDqK.exe

C:\Windows\System\SEtuDqK.exe

C:\Windows\System\VHQSYVH.exe

C:\Windows\System\VHQSYVH.exe

C:\Windows\System\xmAOQMW.exe

C:\Windows\System\xmAOQMW.exe

C:\Windows\System\PGtqwEh.exe

C:\Windows\System\PGtqwEh.exe

C:\Windows\System\DutcLTq.exe

C:\Windows\System\DutcLTq.exe

C:\Windows\System\ecBUqLD.exe

C:\Windows\System\ecBUqLD.exe

C:\Windows\System\hTzemtW.exe

C:\Windows\System\hTzemtW.exe

C:\Windows\System\uSUqCjr.exe

C:\Windows\System\uSUqCjr.exe

C:\Windows\System\wTetsss.exe

C:\Windows\System\wTetsss.exe

C:\Windows\System\zwqnPeQ.exe

C:\Windows\System\zwqnPeQ.exe

C:\Windows\System\ljwChqY.exe

C:\Windows\System\ljwChqY.exe

C:\Windows\System\xWEKzlB.exe

C:\Windows\System\xWEKzlB.exe

C:\Windows\System\iMCvXdF.exe

C:\Windows\System\iMCvXdF.exe

C:\Windows\System\mlbcnpR.exe

C:\Windows\System\mlbcnpR.exe

C:\Windows\System\ebgHujI.exe

C:\Windows\System\ebgHujI.exe

C:\Windows\System\wbmRUdP.exe

C:\Windows\System\wbmRUdP.exe

C:\Windows\System\COgfMHC.exe

C:\Windows\System\COgfMHC.exe

C:\Windows\System\rodVqCO.exe

C:\Windows\System\rodVqCO.exe

C:\Windows\System\HFauOQd.exe

C:\Windows\System\HFauOQd.exe

C:\Windows\System\COipcPa.exe

C:\Windows\System\COipcPa.exe

C:\Windows\System\GzaPBEP.exe

C:\Windows\System\GzaPBEP.exe

C:\Windows\System\NpXEKDc.exe

C:\Windows\System\NpXEKDc.exe

C:\Windows\System\WnrYvSK.exe

C:\Windows\System\WnrYvSK.exe

C:\Windows\System\mJBcXBD.exe

C:\Windows\System\mJBcXBD.exe

C:\Windows\System\baupKWM.exe

C:\Windows\System\baupKWM.exe

C:\Windows\System\RctmHpi.exe

C:\Windows\System\RctmHpi.exe

C:\Windows\System\digsRFO.exe

C:\Windows\System\digsRFO.exe

C:\Windows\System\DMFzjbH.exe

C:\Windows\System\DMFzjbH.exe

C:\Windows\System\mPkhAQq.exe

C:\Windows\System\mPkhAQq.exe

C:\Windows\System\YBEAYHm.exe

C:\Windows\System\YBEAYHm.exe

C:\Windows\System\YUhjDIv.exe

C:\Windows\System\YUhjDIv.exe

C:\Windows\System\vVYKxPu.exe

C:\Windows\System\vVYKxPu.exe

C:\Windows\System\fVhfxdk.exe

C:\Windows\System\fVhfxdk.exe

C:\Windows\System\ylCaIiX.exe

C:\Windows\System\ylCaIiX.exe

C:\Windows\System\XIHhPxW.exe

C:\Windows\System\XIHhPxW.exe

C:\Windows\System\OXUSkdk.exe

C:\Windows\System\OXUSkdk.exe

C:\Windows\System\ucuTOaU.exe

C:\Windows\System\ucuTOaU.exe

C:\Windows\System\PzctCnG.exe

C:\Windows\System\PzctCnG.exe

C:\Windows\System\xatbEVL.exe

C:\Windows\System\xatbEVL.exe

C:\Windows\System\nNHENPO.exe

C:\Windows\System\nNHENPO.exe

C:\Windows\System\QBxRdCy.exe

C:\Windows\System\QBxRdCy.exe

C:\Windows\System\jEoVMPJ.exe

C:\Windows\System\jEoVMPJ.exe

C:\Windows\System\MhKoJGo.exe

C:\Windows\System\MhKoJGo.exe

C:\Windows\System\pMvDAHh.exe

C:\Windows\System\pMvDAHh.exe

C:\Windows\System\pPNBIbs.exe

C:\Windows\System\pPNBIbs.exe

C:\Windows\System\jwbJIRa.exe

C:\Windows\System\jwbJIRa.exe

C:\Windows\System\CFoOiNq.exe

C:\Windows\System\CFoOiNq.exe

C:\Windows\System\ruuvnBr.exe

C:\Windows\System\ruuvnBr.exe

C:\Windows\System\bkjWOQS.exe

C:\Windows\System\bkjWOQS.exe

C:\Windows\System\dLNHmcD.exe

C:\Windows\System\dLNHmcD.exe

C:\Windows\System\QXLFMLZ.exe

C:\Windows\System\QXLFMLZ.exe

C:\Windows\System\bSuFFaO.exe

C:\Windows\System\bSuFFaO.exe

C:\Windows\System\NEcUHik.exe

C:\Windows\System\NEcUHik.exe

C:\Windows\System\lpRvhsk.exe

C:\Windows\System\lpRvhsk.exe

C:\Windows\System\yzXtlzK.exe

C:\Windows\System\yzXtlzK.exe

C:\Windows\System\nJZLHoO.exe

C:\Windows\System\nJZLHoO.exe

C:\Windows\System\tadHWRc.exe

C:\Windows\System\tadHWRc.exe

C:\Windows\System\oulxrMO.exe

C:\Windows\System\oulxrMO.exe

C:\Windows\System\BTnzGTF.exe

C:\Windows\System\BTnzGTF.exe

C:\Windows\System\euKlWvc.exe

C:\Windows\System\euKlWvc.exe

C:\Windows\System\dEYMCrG.exe

C:\Windows\System\dEYMCrG.exe

C:\Windows\System\BIfnpqF.exe

C:\Windows\System\BIfnpqF.exe

C:\Windows\System\RGTczUi.exe

C:\Windows\System\RGTczUi.exe

C:\Windows\System\xPZOYJd.exe

C:\Windows\System\xPZOYJd.exe

C:\Windows\System\GGHiGNl.exe

C:\Windows\System\GGHiGNl.exe

C:\Windows\System\xfOqqOO.exe

C:\Windows\System\xfOqqOO.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2232-0-0x000000013FC40000-0x000000013FF94000-memory.dmp

memory/2232-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\unPvBeV.exe

MD5 9a0288ff16dd79ac9ec0b7c08fec0304
SHA1 4902add3fe0ea7fe10d2cd7bd6981f21e8fcd304
SHA256 11294df76fb5e21cee7617310b47a32c8990352869eaee2fd77e2150adb61403
SHA512 a8de8426964a20a6c4992fdde78be6088f37d765aae6c93d9415a0afc96cb221fd6e9dd27ab44700fdca512d85edba7e4aadfd62a9cf7f1f4392e3b7b06f3cdd

\Windows\system\dyXBggH.exe

MD5 98caadbba078276678cb750f70246e8d
SHA1 deefa26c3cd9e9bd0a87c5b9d2977ef24f20457c
SHA256 c11791cf5834a1977da32115d8fcc66bd74038145a1a4a76c0138425519a6fd9
SHA512 72aac210575fd6d860c4b302f47a3e9ea1b6ccb90e83ce5bf66f9e0ce0dfc0769ab0689a302fad45468af3ff64fc8c4ed8f6d50ad1cfcbf19ce020b56e2c01a6

memory/2232-26-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2928-31-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2368-36-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2992-41-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/3000-42-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2868-39-0x000000013F890000-0x000000013FBE4000-memory.dmp

C:\Windows\system\NFUTWgc.exe

MD5 db7db75ecd1e49a235fe7e3d1d98a62c
SHA1 310686db4189125e86271f28d43607d3e9be7dba
SHA256 60e9db252f94b23815b86649edca9ed1af338616cb99b76cc582c39facd30069
SHA512 74fea65c9f85dc7fb5458543f5ff766b4d2b0675e0bb331eb3ee7c782a4e76c5e1c7014bfea7ee8bbbbac17ed2e8445f41fd9ea327d0bc8742c5c5bb5275297e

memory/1576-37-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2232-32-0x000000013F0F0000-0x000000013F444000-memory.dmp

C:\Windows\system\unHeofr.exe

MD5 5b6495741e68b6aa31d913439845b045
SHA1 4afae87fd513c8261eef7565bfb09296d4248d65
SHA256 e78dc2067610871c5f8ace204398b1af80fa05f8284cc53827fa9337d38e6369
SHA512 b18c21bc10ca50d1bc733979da9d5f14ff9791a9ea716033db682fab882f58e9250ebe5524e24a74af8829a5defed87c690b5514803a7a7bfe526e8fbd918f89

C:\Windows\system\hBuEXMy.exe

MD5 a3282566dbb176ff39d9b108fa282fb0
SHA1 ef71366415adf23d847a0222173f7788edd9af86
SHA256 2fc4d91afafe6e7235d3223f63a46afc5c05f46789e2b67408863068bbca116d
SHA512 5aef71cc454e3f633f2605ccae3d33043e14da731279a998f99b5b167d6b058c5cb9461ae6af496ae68dc4934432ed10cfb196d2999f2b0ec39c6640a71d4ff2

C:\Windows\system\pHJgWPy.exe

MD5 f47bd41af9d351fe41100504d72a7928
SHA1 ae5d94c329460b39131b18ea90793f1d65d477ad
SHA256 c81c6f84b84e7ce5403330e144b258877ef93ca46736fcac4cdb59ee89a63f83
SHA512 dd52d3b432095b95d2ea24c4c2c96d86bf51a957f1f7840980e53a5665bdb301e18a81ba26c6a884f4e0924307040a8be3258e3af44d45f57130f215909e223a

memory/2232-18-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2232-13-0x000000013F130000-0x000000013F484000-memory.dmp

C:\Windows\system\HpFBtcC.exe

MD5 0eaaa9939974fc6fc0de26564eaf5570
SHA1 641e83e804d3eaefa1c2007f86733fcbba24b74a
SHA256 304080a9767d5a52c3b28f607e3a8bc43f6ed70a364257540b763b8a87e2f489
SHA512 11c05708009d0177b417417580a00d4feb927aa7f9e75ad647c4ccaed2cab1938126e0058c5c96f7dd158c9df4cea063badc6fecee016f0dfb696adfaf17dd57

memory/2672-49-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2232-47-0x000000013F430000-0x000000013F784000-memory.dmp

C:\Windows\system\ZRUYSII.exe

MD5 e2c776f97c03d278451cae2c9a6d125a
SHA1 64953e8f639602c50e3dcc79fef69db1b45b34f4
SHA256 48336f841385df250fc6a5f4fc081101bb10164d52a93fbceaec4d0a3d8d68a2
SHA512 de525b5ba4bd97a99a21011b916e46e9e0c884416c0fc713caab6e7a79a3f3053180ba1b227617a7b6704c771cacf5d8a6ed0bb9d7f75ae21e252dac73d783a0

memory/2232-55-0x0000000002080000-0x00000000023D4000-memory.dmp

\Windows\system\GUhvNad.exe

MD5 ed34c2271f7cadf000bdbf5dde2daada
SHA1 c8badb4973797bf0faa3f2a763bc6210f1cc8ae8
SHA256 4cb18bfe4c0ffc808a177d5605a8553bf7e773f9e5b73b3c295e3e56bb2eb5f4
SHA512 9ea027c4561c27db68923d79746739f633ee5a03cd441ad7cea8713402143c585421f63bdb44979cbba57c3be523835c33b6c4746d4d50d329592d8c12737639

C:\Windows\system\CdsQIuP.exe

MD5 a1466bbdcf46e0f0c6fb6ef966aa00e5
SHA1 c0bf2bac63bfe4221f2fa054f4ca4e501e525ccc
SHA256 02c55be77c3646dde952b4b78401633bf48e18050f8338f5cd629a71b53289e5
SHA512 c7482586cda1fdfc087fe10c836d087391ffd1e998853e9a90c3c17842281aa372e5ee172c58db80f5939a1d74e8d80bfd4834d9c447f16c7484e7706e657b83

memory/2600-56-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/2520-71-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/2488-68-0x000000013FA60000-0x000000013FDB4000-memory.dmp

C:\Windows\system\BnePNze.exe

MD5 8221e9742e6af578bddaafb7e8869916
SHA1 2449e697818d3805870903a915bfc69917a4f526
SHA256 9a4c215d55879ba27d7bf51f2ed4c9ec6edffe79526336a839d1e2fdc616ef72
SHA512 5bf98b266118cabab854b08bab0c65d3d91c07e00452902ff5d8fc9cbcd57dcb8033e25ca1d68f1c35a8f216e885017c64ddefe896e485c3d970f2344fd324c6

memory/2640-76-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2232-74-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2232-73-0x0000000002080000-0x00000000023D4000-memory.dmp

\Windows\system\IhOThBy.exe

MD5 5d17534e4cbf70310cb65bf1a37eee49
SHA1 978e8f0f97a9f7d2a6f54384dfcc98003d3ce302
SHA256 f53b9ecd9b0eeb9f98d50ff50e0969aefa5787438d6a3601cb666120d3ed4fc6
SHA512 08bbcc6861581c58ba74b8cabc9e662227fafbeb62d372e60973591f439f6942e0b218e1b5126c2594da526eea86429592ad8d7eeda7d0b299389b71989ce4e4

C:\Windows\system\FHIfnZI.exe

MD5 65b236404d9b38e604ce8c1ee1b0675e
SHA1 dcfec22f91a22318771da1a6bc43c173331206e3
SHA256 533e5f702986a21f5f787b7f5571be22a21a0f5f77d7f16a7d000e222fe91578
SHA512 a84cc03993bc2e90cd359df46a967ef767109a7810b0a10ea30295a3bdb92f786174a8222f81b3afedf9268dde428e91b11bbfb6462628a7f4574255be71c921

memory/2232-98-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2232-100-0x000000013F2B0000-0x000000013F604000-memory.dmp

C:\Windows\system\OnieQbv.exe

MD5 19c7640cf9fe20855abaeada1840afc9
SHA1 d72005d75e406496f459e7d30ae226762e6053b1
SHA256 73ecc3c032d098d6d7147f2027860c7841f016d09c9ccc7e93d4950198959a6e
SHA512 731c9940261a00ad3b0f65522c63d9fd29a7cdcb6e08c01bff9001d00b8cd535a8f4bcbc0dc594aa250b9d6ac8c607b6c0e4de66acb72af4b7a58b4ffcadfcc8

C:\Windows\system\nYxhWrj.exe

MD5 3276d98c362a7c34694365d43ccb8faa
SHA1 4a986a5fe5b6e463fde006b393147d8ebc4973c9
SHA256 86add2e148fd5b656e480a442f6abe289b977ad735b5efcc99bc4fef74cba0fb
SHA512 fdfc0f6a1fbfe0d1232afdf3ee2e55b7cc5798babe4ae5a209b1b4b251836bd570710d7a0fbc680b7d11244746f1eecf1553579190f96990fa2b382fdac1c4ec

C:\Windows\system\rPbDYpY.exe

MD5 1c72e83ff480ba827e2d1ca1757fcef3
SHA1 772465b5f18f66c07279aac2ef12bb15b8a4ebd4
SHA256 577282eaee5d8b658a05af99d56ec14a7818b16831e627e64a56e31bb0350879
SHA512 e91c015f5ca1c5368e7e8c4f54b21a6d67960ebba6cb04fdc67c7ff9a0057cd556a59154ff90a6cf6d1d50045829507a5fc37c03ee8d7cc2bdf80ef958af5b2b

C:\Windows\system\XfsNzDN.exe

MD5 f31e833dbb461ce6506c1660134df56e
SHA1 119d915c84eca52786001a4187fe7adfcd17c973
SHA256 6d78a384b1a765443a0da6c7f98e1a0e454b518703ccf7f8d659bf7fa21efd3c
SHA512 b83c7b55bd1afafc20c7bbc8ebce02a50abc80b633a79f699cb01eb8cf67892b3b51f5a6ed4e32266955302fea7679109b046f5bb81467c24040954290a9db3a

C:\Windows\system\kbiMCzz.exe

MD5 58bba7e1a6ce9192042c3ac8781771b2
SHA1 12c49f731e86a8f8261925993231232b2cca5b02
SHA256 61059f80cbf4dae5186cb84da8574d3652b5c4479ace9d37974e58b439ccfc9b
SHA512 19afeadc587ec3d8f38236ab74d731835dfc44e169cfc7e420bbf6191ab33c59fe480ee88130b5975e16037478462a4d831e3231c19372dbed0fdfaf7ab2cddd

memory/2672-1068-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2232-1069-0x0000000002080000-0x00000000023D4000-memory.dmp

C:\Windows\system\FloKwpy.exe

MD5 aa9f080a466921ef251a54e897fdbc69
SHA1 5c6fd33b4ec6d40bfbb6228aae7a3e9d403536b9
SHA256 8855b17ae7c2e6823d8850be7f437071ed517ad1ea3d2d4a67d4d7014095ad57
SHA512 1d9c2d260b504d0a4f21090df8cedee1af929161d2ccd73008ab20f63840d0afd2e713697ecb6fd1a8fdc53fd83d13bedbb2702e89f27e2b44b297fc255fcb0a

C:\Windows\system\kyBnzUt.exe

MD5 147888f878d6b16b255eb9305b7ff5d4
SHA1 2de0e2bcf814e11deff49ed435578758ab9e58c3
SHA256 4d09478083a2610894b011c815f19d1df47f7fa50549326308a2200f775a179b
SHA512 3782be3651c5178db3b1a6d2f7eb978903d867565c40ed092eb0dc30266945013b534da3c88eb166867053d5beed34390260356a8860e47322483ad2c62fc047

C:\Windows\system\VoGUCvl.exe

MD5 df4b1e0351276aee10ecd73092c5a8db
SHA1 7794d9b80dd0adaf71b2b59d855a368f3d7c3655
SHA256 3facdd5145d111af978becd3163c1b137363db2591c169c5897b8f587fb3df94
SHA512 054a6fe44b3998b604677198081d514177006068954b3ed75c2c980c335f6e2cd7048549e53dbd220bb88f6897dff7803d3e60648cbc75635477aa552da6ef8d

C:\Windows\system\NdYPOTF.exe

MD5 7281d95d3ddb6f95b8bea3411576d909
SHA1 13d191509a0734610dcf9aceea5089eb07f42ff7
SHA256 82d884b6f165158d183a8239ecf42c90c89c367b33214e9cfece5ddba6d57306
SHA512 f979109469af2e019957dba474df6ff4b8ff2f3f34d5cddc014e2732c0339ab846d9e9836dde3966e6b15a95f7a729c92e6fd739d971abd4ec02d929b021b15f

C:\Windows\system\iFeKGIB.exe

MD5 c870c3ea644c9d210bb20468764d646c
SHA1 285c2dc11601b29ee0db331041cad1933839e153
SHA256 a6d247af15b1a0f6953e712f6097e78635415fb38d2af8c18974a578358879b0
SHA512 bdb2121909a4543bad3232180652fe1145f54982851930e27447622f63557bb8ff277fd424589d9c7dbb2e864844db75bd8b6e83a09e73e921a86efe97a3e5fa

C:\Windows\system\OFKNGGH.exe

MD5 b2d897e60d427c500f9c4c77389c8393
SHA1 4c59f090b84a97a65b95fac2c3bc95e97b8c74c0
SHA256 64e7fde51847a31d324352ba6159bb27fcee844799afe816f3c6a6d84faed61a
SHA512 97da57a879dc7dc20f25372685012db40dca52d2430de6dafd3de4a9ac7bcd83767fe37932ab1b547d7ccb4241aa7e0edc44c4bf61497c8837099f6d2b5d4996

C:\Windows\system\iAtyfUZ.exe

MD5 fd656bdcb95e75de488429ca58c0a619
SHA1 eb3395062b714b73beb7f208340a4aa563692964
SHA256 07315b580334bb7c74e0d83040e50a281fc0a443ee800ba89998e7dcc76711c5
SHA512 405f9eaf13704dd6e471716207a762e3a1372b19c33198f35c1d00ed99889ee60b9a080300a8474f019f72ba34c1a03560aaccc2935620a577159694afcfa9e3

C:\Windows\system\JBEREsv.exe

MD5 83657987f1e504e28a72365dd1a323fb
SHA1 8341c969f9f563f93081ee4525f6fc8d13881fa6
SHA256 b751219280effd43d9034fe761f9919be348948c7cbe5cbdcdb9a95b79a11cd8
SHA512 4722d503e9ccd466507a0c5b4d4eb4971704baadf963a72e9e6f195f4d9e4a8d5079cba83f0ffc90329405e9fcbb52da7fda6ff1eefdf912304196d5f7b54ced

memory/2516-115-0x000000013F8F0000-0x000000013FC44000-memory.dmp

memory/2972-109-0x000000013F4F0000-0x000000013F844000-memory.dmp

\Windows\system\iMbGkag.exe

MD5 11ad229fdcdba8aac709a6d651c194e6
SHA1 9c1cff4c4cd3e2a6e0b1b3b993a4d3dd74909db4
SHA256 09cf867cd55d7533981bf26b8d4e70237ecc3ca0f526f5f71966833f2a36d683
SHA512 024e1aa51f547b064f81b35da2a52a78dc7bf248396fde7bf29d9b5063ccac0eb18fd3bfef388db721e6d04ea1b080e76480def30855bec1863264804b820a23

C:\Windows\system\mSSWEJs.exe

MD5 8271901f98a10417a1f22c0a537bfabd
SHA1 ead60c1423d0fa592eff460b3f4380629dc6b2a5
SHA256 8d74d2d142142e07c901f95270de651e639fa78ce1f7fc1aa02b54c36ea3a595
SHA512 5ba65ca6b6cd6c623ac82c93f0532388cfef168fadf6e8f0bfb7bd875cffb6db04ed0b06131cada41d4ba59870c1c0195101f87f9e15a7e0ae4eb799ada2b42a

memory/2232-99-0x000000013F4F0000-0x000000013F844000-memory.dmp

C:\Windows\system\WWlxjFB.exe

MD5 c145de16ec19fd0c34b636702861ba0c
SHA1 860c5356081218659ff059a2c6d676391819b790
SHA256 7364b3ad1cec65f78e4dd54939a6089a83e0dff09433c9f737d7a0e0f3d09174
SHA512 530175948f82a96f32507bfc9114e45074ce541fcb58e1f8bf5f78925615a1fcbea926dc3e61fcc8d686e9588b545ab3986eb6f948e0dde160039c6e4da67302

C:\Windows\system\OhZETvh.exe

MD5 ee265587f0e8fd6b29136d21320e4ded
SHA1 6b6c3e6aa789ec8811e12c94592f8880ff4c7102
SHA256 a8a2e7f60e0c0559ab0194065349a662839e0fe56a16773a9bb38c19c1ac297d
SHA512 284be7bf3294c39bf3373f8a8b3e7bdcd6d73dd92a5860e6e6277956b989f449eb2312806d6b3ba2bda24dfe7c63499009ca876c3bd14e1691c8e2b7992e0639

memory/2392-97-0x000000013F060000-0x000000013F3B4000-memory.dmp

C:\Windows\system\uPpJiqo.exe

MD5 3d96812b6692e30fab8a3f2e9df0e385
SHA1 ebc544cbb9ccbf4dab79617c0cfb57c78bc31a39
SHA256 143fad8252b69fe1a39438cda21293fb8b9f4e863fdce67f8607d078507597c6
SHA512 73b29d6d561073febebbc148a80fdde309eb94f0c46eb3d69b4ed3aefb7c7ce5ebcc3efce82ef2dfdff00cd910cb93f57c7103526f0d57143d7eb936ef93ef5f

memory/2232-93-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2232-82-0x000000013FC40000-0x000000013FF94000-memory.dmp

C:\Windows\system\GnoJeDv.exe

MD5 1a31ac26663bb914d0dba572c0b0bacb
SHA1 0b2e1cfdd5fb23cba6ee8de5a771fd029082310d
SHA256 c096faa7d8a77be630ab7d3b7cd1f82fe60393f80f07ac346dcd9fcc48971dfa
SHA512 56d951a42022a5f390a5661324b094e82ddd6ae78b36daacd5add2db325ae98fa384149bf34b8a14b4cc746457ff0b88f359c064a94363e0c53c5efd2f91414c

memory/2232-1070-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2488-1071-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2520-1072-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/2232-1073-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2232-1074-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2232-1075-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2928-1076-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2368-1077-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/2868-1080-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1576-1079-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2992-1078-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/3000-1081-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2672-1082-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2600-1083-0x000000013F9E0000-0x000000013FD34000-memory.dmp

memory/2488-1084-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2520-1085-0x000000013FD60000-0x00000001400B4000-memory.dmp

memory/2640-1086-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2392-1087-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2972-1089-0x000000013F4F0000-0x000000013F844000-memory.dmp

memory/2516-1088-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 20:21

Reported

2024-06-27 20:23

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\AzLGmgx.exe N/A
N/A N/A C:\Windows\System\eZEnaac.exe N/A
N/A N/A C:\Windows\System\vhiLHJW.exe N/A
N/A N/A C:\Windows\System\pBChNYV.exe N/A
N/A N/A C:\Windows\System\tPGJNna.exe N/A
N/A N/A C:\Windows\System\HOQGYuP.exe N/A
N/A N/A C:\Windows\System\aDrVdAU.exe N/A
N/A N/A C:\Windows\System\KnrQMUG.exe N/A
N/A N/A C:\Windows\System\HybCVmL.exe N/A
N/A N/A C:\Windows\System\mVHMgqi.exe N/A
N/A N/A C:\Windows\System\uTqEvpT.exe N/A
N/A N/A C:\Windows\System\ynfiyMV.exe N/A
N/A N/A C:\Windows\System\GYeheBU.exe N/A
N/A N/A C:\Windows\System\EzhctLj.exe N/A
N/A N/A C:\Windows\System\bWoRDeM.exe N/A
N/A N/A C:\Windows\System\gkCMqGn.exe N/A
N/A N/A C:\Windows\System\PWmgjRr.exe N/A
N/A N/A C:\Windows\System\QPmEzuM.exe N/A
N/A N/A C:\Windows\System\jkYnYSJ.exe N/A
N/A N/A C:\Windows\System\kayQYxl.exe N/A
N/A N/A C:\Windows\System\hYiQYlX.exe N/A
N/A N/A C:\Windows\System\mWQSoOq.exe N/A
N/A N/A C:\Windows\System\JfpyMcZ.exe N/A
N/A N/A C:\Windows\System\wKYvBjk.exe N/A
N/A N/A C:\Windows\System\BarqOoW.exe N/A
N/A N/A C:\Windows\System\IgzrNXb.exe N/A
N/A N/A C:\Windows\System\WXjMWQY.exe N/A
N/A N/A C:\Windows\System\sIzOLIW.exe N/A
N/A N/A C:\Windows\System\auJqdsL.exe N/A
N/A N/A C:\Windows\System\eIvIOBY.exe N/A
N/A N/A C:\Windows\System\YeRsfwj.exe N/A
N/A N/A C:\Windows\System\kMogsQS.exe N/A
N/A N/A C:\Windows\System\djxczXw.exe N/A
N/A N/A C:\Windows\System\cCoTqlK.exe N/A
N/A N/A C:\Windows\System\ppnVzRN.exe N/A
N/A N/A C:\Windows\System\LcAVApw.exe N/A
N/A N/A C:\Windows\System\oVNyMVJ.exe N/A
N/A N/A C:\Windows\System\OtXaOkW.exe N/A
N/A N/A C:\Windows\System\iWXZPnz.exe N/A
N/A N/A C:\Windows\System\rPkxJdP.exe N/A
N/A N/A C:\Windows\System\gXfHjoZ.exe N/A
N/A N/A C:\Windows\System\CuXTUjc.exe N/A
N/A N/A C:\Windows\System\TAzSGRL.exe N/A
N/A N/A C:\Windows\System\nLPRlmr.exe N/A
N/A N/A C:\Windows\System\lywpwhY.exe N/A
N/A N/A C:\Windows\System\NAwSWjE.exe N/A
N/A N/A C:\Windows\System\VZUpAKY.exe N/A
N/A N/A C:\Windows\System\mOgvWjI.exe N/A
N/A N/A C:\Windows\System\JIOWnof.exe N/A
N/A N/A C:\Windows\System\pEvowzg.exe N/A
N/A N/A C:\Windows\System\brBEWeb.exe N/A
N/A N/A C:\Windows\System\LWJViES.exe N/A
N/A N/A C:\Windows\System\vXHpdon.exe N/A
N/A N/A C:\Windows\System\JCjMlLg.exe N/A
N/A N/A C:\Windows\System\sjPPbhx.exe N/A
N/A N/A C:\Windows\System\nwmMuRa.exe N/A
N/A N/A C:\Windows\System\vpptIcL.exe N/A
N/A N/A C:\Windows\System\DHgZMnT.exe N/A
N/A N/A C:\Windows\System\eZycODC.exe N/A
N/A N/A C:\Windows\System\GkdERli.exe N/A
N/A N/A C:\Windows\System\YExmoxA.exe N/A
N/A N/A C:\Windows\System\efRDkaU.exe N/A
N/A N/A C:\Windows\System\XXOsQLV.exe N/A
N/A N/A C:\Windows\System\hdoKSey.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\emjRWdt.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqrsEoZ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\ynfiyMV.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLPRlmr.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YgdxIJy.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\sAsPTAp.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSKNwbS.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhiLHJW.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\QPmEzuM.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\djxczXw.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\boOMxOW.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtsqMDo.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOjrgoD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCIvnUL.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXFMmJB.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfpyMcZ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\auJqdsL.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUmhBuZ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\lsNeXrM.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsFsPbD.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUCUGjZ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwJofiw.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\yugDnqw.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmMGRnj.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\PysYFbI.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YExmoxA.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\hdoKSey.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHLQOsm.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\caWUPUb.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMogsQS.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrKPQFu.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\jAnhZnv.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\haBlBvT.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCbyYoF.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjgYWMN.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnMftsp.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJgtPQx.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\ScfEhru.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\lywpwhY.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUPfGpc.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfrogGb.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcCOCqz.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpzNoOG.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZmPulX.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPgoyQe.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\YroNnDB.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyayNod.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpMOYmo.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\OtXaOkW.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXfHjoZ.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEvowzg.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\zpmYuyN.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwaFEJk.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLyROuu.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTqEvpT.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPkxJdP.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUSfYcq.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\rbgOAzw.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBCFavM.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\kUBfHiA.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\imcqZzA.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVidoka.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqIUpWh.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A
File created C:\Windows\System\vzyQHRH.exe C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2584 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\AzLGmgx.exe
PID 2584 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\AzLGmgx.exe
PID 2584 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\eZEnaac.exe
PID 2584 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\eZEnaac.exe
PID 2584 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\vhiLHJW.exe
PID 2584 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\vhiLHJW.exe
PID 2584 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\pBChNYV.exe
PID 2584 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\pBChNYV.exe
PID 2584 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\tPGJNna.exe
PID 2584 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\tPGJNna.exe
PID 2584 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HOQGYuP.exe
PID 2584 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HOQGYuP.exe
PID 2584 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\aDrVdAU.exe
PID 2584 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\aDrVdAU.exe
PID 2584 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\KnrQMUG.exe
PID 2584 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\KnrQMUG.exe
PID 2584 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HybCVmL.exe
PID 2584 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\HybCVmL.exe
PID 2584 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mVHMgqi.exe
PID 2584 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mVHMgqi.exe
PID 2584 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\uTqEvpT.exe
PID 2584 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\uTqEvpT.exe
PID 2584 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\ynfiyMV.exe
PID 2584 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\ynfiyMV.exe
PID 2584 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GYeheBU.exe
PID 2584 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\GYeheBU.exe
PID 2584 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\EzhctLj.exe
PID 2584 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\EzhctLj.exe
PID 2584 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\bWoRDeM.exe
PID 2584 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\bWoRDeM.exe
PID 2584 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\gkCMqGn.exe
PID 2584 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\gkCMqGn.exe
PID 2584 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\PWmgjRr.exe
PID 2584 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\PWmgjRr.exe
PID 2584 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\QPmEzuM.exe
PID 2584 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\QPmEzuM.exe
PID 2584 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\JfpyMcZ.exe
PID 2584 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\JfpyMcZ.exe
PID 2584 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\jkYnYSJ.exe
PID 2584 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\jkYnYSJ.exe
PID 2584 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\kayQYxl.exe
PID 2584 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\kayQYxl.exe
PID 2584 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\hYiQYlX.exe
PID 2584 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\hYiQYlX.exe
PID 2584 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mWQSoOq.exe
PID 2584 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\mWQSoOq.exe
PID 2584 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\wKYvBjk.exe
PID 2584 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\wKYvBjk.exe
PID 2584 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\BarqOoW.exe
PID 2584 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\BarqOoW.exe
PID 2584 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\IgzrNXb.exe
PID 2584 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\IgzrNXb.exe
PID 2584 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\WXjMWQY.exe
PID 2584 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\WXjMWQY.exe
PID 2584 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\sIzOLIW.exe
PID 2584 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\sIzOLIW.exe
PID 2584 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\auJqdsL.exe
PID 2584 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\auJqdsL.exe
PID 2584 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\eIvIOBY.exe
PID 2584 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\eIvIOBY.exe
PID 2584 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\YeRsfwj.exe
PID 2584 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\YeRsfwj.exe
PID 2584 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\kMogsQS.exe
PID 2584 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe C:\Windows\System\kMogsQS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\11334f2586883efb08581fed44d37e4036e25a2ba72438d527ee9d8d137fa1af_NeikiAnalytics.exe"

C:\Windows\System\AzLGmgx.exe

C:\Windows\System\AzLGmgx.exe

C:\Windows\System\eZEnaac.exe

C:\Windows\System\eZEnaac.exe

C:\Windows\System\vhiLHJW.exe

C:\Windows\System\vhiLHJW.exe

C:\Windows\System\pBChNYV.exe

C:\Windows\System\pBChNYV.exe

C:\Windows\System\tPGJNna.exe

C:\Windows\System\tPGJNna.exe

C:\Windows\System\HOQGYuP.exe

C:\Windows\System\HOQGYuP.exe

C:\Windows\System\aDrVdAU.exe

C:\Windows\System\aDrVdAU.exe

C:\Windows\System\KnrQMUG.exe

C:\Windows\System\KnrQMUG.exe

C:\Windows\System\HybCVmL.exe

C:\Windows\System\HybCVmL.exe

C:\Windows\System\mVHMgqi.exe

C:\Windows\System\mVHMgqi.exe

C:\Windows\System\uTqEvpT.exe

C:\Windows\System\uTqEvpT.exe

C:\Windows\System\ynfiyMV.exe

C:\Windows\System\ynfiyMV.exe

C:\Windows\System\GYeheBU.exe

C:\Windows\System\GYeheBU.exe

C:\Windows\System\EzhctLj.exe

C:\Windows\System\EzhctLj.exe

C:\Windows\System\bWoRDeM.exe

C:\Windows\System\bWoRDeM.exe

C:\Windows\System\gkCMqGn.exe

C:\Windows\System\gkCMqGn.exe

C:\Windows\System\PWmgjRr.exe

C:\Windows\System\PWmgjRr.exe

C:\Windows\System\QPmEzuM.exe

C:\Windows\System\QPmEzuM.exe

C:\Windows\System\JfpyMcZ.exe

C:\Windows\System\JfpyMcZ.exe

C:\Windows\System\jkYnYSJ.exe

C:\Windows\System\jkYnYSJ.exe

C:\Windows\System\kayQYxl.exe

C:\Windows\System\kayQYxl.exe

C:\Windows\System\hYiQYlX.exe

C:\Windows\System\hYiQYlX.exe

C:\Windows\System\mWQSoOq.exe

C:\Windows\System\mWQSoOq.exe

C:\Windows\System\wKYvBjk.exe

C:\Windows\System\wKYvBjk.exe

C:\Windows\System\BarqOoW.exe

C:\Windows\System\BarqOoW.exe

C:\Windows\System\IgzrNXb.exe

C:\Windows\System\IgzrNXb.exe

C:\Windows\System\WXjMWQY.exe

C:\Windows\System\WXjMWQY.exe

C:\Windows\System\sIzOLIW.exe

C:\Windows\System\sIzOLIW.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4296,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:8

C:\Windows\System\auJqdsL.exe

C:\Windows\System\auJqdsL.exe

C:\Windows\System\eIvIOBY.exe

C:\Windows\System\eIvIOBY.exe

C:\Windows\System\YeRsfwj.exe

C:\Windows\System\YeRsfwj.exe

C:\Windows\System\kMogsQS.exe

C:\Windows\System\kMogsQS.exe

C:\Windows\System\djxczXw.exe

C:\Windows\System\djxczXw.exe

C:\Windows\System\cCoTqlK.exe

C:\Windows\System\cCoTqlK.exe

C:\Windows\System\ppnVzRN.exe

C:\Windows\System\ppnVzRN.exe

C:\Windows\System\LcAVApw.exe

C:\Windows\System\LcAVApw.exe

C:\Windows\System\oVNyMVJ.exe

C:\Windows\System\oVNyMVJ.exe

C:\Windows\System\OtXaOkW.exe

C:\Windows\System\OtXaOkW.exe

C:\Windows\System\iWXZPnz.exe

C:\Windows\System\iWXZPnz.exe

C:\Windows\System\rPkxJdP.exe

C:\Windows\System\rPkxJdP.exe

C:\Windows\System\gXfHjoZ.exe

C:\Windows\System\gXfHjoZ.exe

C:\Windows\System\CuXTUjc.exe

C:\Windows\System\CuXTUjc.exe

C:\Windows\System\TAzSGRL.exe

C:\Windows\System\TAzSGRL.exe

C:\Windows\System\nLPRlmr.exe

C:\Windows\System\nLPRlmr.exe

C:\Windows\System\lywpwhY.exe

C:\Windows\System\lywpwhY.exe

C:\Windows\System\NAwSWjE.exe

C:\Windows\System\NAwSWjE.exe

C:\Windows\System\VZUpAKY.exe

C:\Windows\System\VZUpAKY.exe

C:\Windows\System\mOgvWjI.exe

C:\Windows\System\mOgvWjI.exe

C:\Windows\System\JIOWnof.exe

C:\Windows\System\JIOWnof.exe

C:\Windows\System\pEvowzg.exe

C:\Windows\System\pEvowzg.exe

C:\Windows\System\brBEWeb.exe

C:\Windows\System\brBEWeb.exe

C:\Windows\System\LWJViES.exe

C:\Windows\System\LWJViES.exe

C:\Windows\System\vXHpdon.exe

C:\Windows\System\vXHpdon.exe

C:\Windows\System\JCjMlLg.exe

C:\Windows\System\JCjMlLg.exe

C:\Windows\System\sjPPbhx.exe

C:\Windows\System\sjPPbhx.exe

C:\Windows\System\nwmMuRa.exe

C:\Windows\System\nwmMuRa.exe

C:\Windows\System\vpptIcL.exe

C:\Windows\System\vpptIcL.exe

C:\Windows\System\DHgZMnT.exe

C:\Windows\System\DHgZMnT.exe

C:\Windows\System\eZycODC.exe

C:\Windows\System\eZycODC.exe

C:\Windows\System\GkdERli.exe

C:\Windows\System\GkdERli.exe

C:\Windows\System\YExmoxA.exe

C:\Windows\System\YExmoxA.exe

C:\Windows\System\efRDkaU.exe

C:\Windows\System\efRDkaU.exe

C:\Windows\System\XXOsQLV.exe

C:\Windows\System\XXOsQLV.exe

C:\Windows\System\hdoKSey.exe

C:\Windows\System\hdoKSey.exe

C:\Windows\System\csPkDLm.exe

C:\Windows\System\csPkDLm.exe

C:\Windows\System\BcTnWvs.exe

C:\Windows\System\BcTnWvs.exe

C:\Windows\System\xAFPKXF.exe

C:\Windows\System\xAFPKXF.exe

C:\Windows\System\MgGoZXu.exe

C:\Windows\System\MgGoZXu.exe

C:\Windows\System\giGvBME.exe

C:\Windows\System\giGvBME.exe

C:\Windows\System\zpmYuyN.exe

C:\Windows\System\zpmYuyN.exe

C:\Windows\System\GJsiqhQ.exe

C:\Windows\System\GJsiqhQ.exe

C:\Windows\System\EQeRibe.exe

C:\Windows\System\EQeRibe.exe

C:\Windows\System\pQoGunF.exe

C:\Windows\System\pQoGunF.exe

C:\Windows\System\NTrwqbg.exe

C:\Windows\System\NTrwqbg.exe

C:\Windows\System\CHkULWe.exe

C:\Windows\System\CHkULWe.exe

C:\Windows\System\VnSuRIM.exe

C:\Windows\System\VnSuRIM.exe

C:\Windows\System\mkHupII.exe

C:\Windows\System\mkHupII.exe

C:\Windows\System\WPbfHcd.exe

C:\Windows\System\WPbfHcd.exe

C:\Windows\System\bPgoyQe.exe

C:\Windows\System\bPgoyQe.exe

C:\Windows\System\rEanuVD.exe

C:\Windows\System\rEanuVD.exe

C:\Windows\System\OdexIRZ.exe

C:\Windows\System\OdexIRZ.exe

C:\Windows\System\qvaJuwC.exe

C:\Windows\System\qvaJuwC.exe

C:\Windows\System\JMLNVEw.exe

C:\Windows\System\JMLNVEw.exe

C:\Windows\System\HzniJsB.exe

C:\Windows\System\HzniJsB.exe

C:\Windows\System\ipVnzFr.exe

C:\Windows\System\ipVnzFr.exe

C:\Windows\System\cnolaKq.exe

C:\Windows\System\cnolaKq.exe

C:\Windows\System\GnXquBA.exe

C:\Windows\System\GnXquBA.exe

C:\Windows\System\inodPVh.exe

C:\Windows\System\inodPVh.exe

C:\Windows\System\ngJxfnm.exe

C:\Windows\System\ngJxfnm.exe

C:\Windows\System\YgdxIJy.exe

C:\Windows\System\YgdxIJy.exe

C:\Windows\System\LBqOLux.exe

C:\Windows\System\LBqOLux.exe

C:\Windows\System\avTdqzf.exe

C:\Windows\System\avTdqzf.exe

C:\Windows\System\mfPgwzs.exe

C:\Windows\System\mfPgwzs.exe

C:\Windows\System\onuXItU.exe

C:\Windows\System\onuXItU.exe

C:\Windows\System\rhyqjGH.exe

C:\Windows\System\rhyqjGH.exe

C:\Windows\System\FlsXHVi.exe

C:\Windows\System\FlsXHVi.exe

C:\Windows\System\xXTltzp.exe

C:\Windows\System\xXTltzp.exe

C:\Windows\System\kGeLkcb.exe

C:\Windows\System\kGeLkcb.exe

C:\Windows\System\orOxwQu.exe

C:\Windows\System\orOxwQu.exe

C:\Windows\System\bSTQBMk.exe

C:\Windows\System\bSTQBMk.exe

C:\Windows\System\yrKPQFu.exe

C:\Windows\System\yrKPQFu.exe

C:\Windows\System\iAwsusY.exe

C:\Windows\System\iAwsusY.exe

C:\Windows\System\kUBfHiA.exe

C:\Windows\System\kUBfHiA.exe

C:\Windows\System\TwXHNYX.exe

C:\Windows\System\TwXHNYX.exe

C:\Windows\System\daIzYUF.exe

C:\Windows\System\daIzYUF.exe

C:\Windows\System\oagyzrh.exe

C:\Windows\System\oagyzrh.exe

C:\Windows\System\emjRWdt.exe

C:\Windows\System\emjRWdt.exe

C:\Windows\System\gUPfGpc.exe

C:\Windows\System\gUPfGpc.exe

C:\Windows\System\aLtDumY.exe

C:\Windows\System\aLtDumY.exe

C:\Windows\System\JxuCkaU.exe

C:\Windows\System\JxuCkaU.exe

C:\Windows\System\ScfEhru.exe

C:\Windows\System\ScfEhru.exe

C:\Windows\System\fUiNWiP.exe

C:\Windows\System\fUiNWiP.exe

C:\Windows\System\cnMftsp.exe

C:\Windows\System\cnMftsp.exe

C:\Windows\System\ElHROly.exe

C:\Windows\System\ElHROly.exe

C:\Windows\System\EgXoibn.exe

C:\Windows\System\EgXoibn.exe

C:\Windows\System\boOMxOW.exe

C:\Windows\System\boOMxOW.exe

C:\Windows\System\wtsqMDo.exe

C:\Windows\System\wtsqMDo.exe

C:\Windows\System\MjwBYvX.exe

C:\Windows\System\MjwBYvX.exe

C:\Windows\System\mKbFdyz.exe

C:\Windows\System\mKbFdyz.exe

C:\Windows\System\HOqHLfj.exe

C:\Windows\System\HOqHLfj.exe

C:\Windows\System\czodxJo.exe

C:\Windows\System\czodxJo.exe

C:\Windows\System\GJgtPQx.exe

C:\Windows\System\GJgtPQx.exe

C:\Windows\System\KCPAzYK.exe

C:\Windows\System\KCPAzYK.exe

C:\Windows\System\XkapvWZ.exe

C:\Windows\System\XkapvWZ.exe

C:\Windows\System\dJrlWlS.exe

C:\Windows\System\dJrlWlS.exe

C:\Windows\System\eYBnOTi.exe

C:\Windows\System\eYBnOTi.exe

C:\Windows\System\GpuCEtw.exe

C:\Windows\System\GpuCEtw.exe

C:\Windows\System\GUCUGjZ.exe

C:\Windows\System\GUCUGjZ.exe

C:\Windows\System\lEgNWiv.exe

C:\Windows\System\lEgNWiv.exe

C:\Windows\System\OsBfdzu.exe

C:\Windows\System\OsBfdzu.exe

C:\Windows\System\qHLQOsm.exe

C:\Windows\System\qHLQOsm.exe

C:\Windows\System\PKgGsCK.exe

C:\Windows\System\PKgGsCK.exe

C:\Windows\System\hqpitsf.exe

C:\Windows\System\hqpitsf.exe

C:\Windows\System\DMtCfqD.exe

C:\Windows\System\DMtCfqD.exe

C:\Windows\System\SRLRqGb.exe

C:\Windows\System\SRLRqGb.exe

C:\Windows\System\tNxPYHS.exe

C:\Windows\System\tNxPYHS.exe

C:\Windows\System\XQSsRti.exe

C:\Windows\System\XQSsRti.exe

C:\Windows\System\LRHVoLH.exe

C:\Windows\System\LRHVoLH.exe

C:\Windows\System\kIVxvGW.exe

C:\Windows\System\kIVxvGW.exe

C:\Windows\System\cNKFRJn.exe

C:\Windows\System\cNKFRJn.exe

C:\Windows\System\tlcQtWF.exe

C:\Windows\System\tlcQtWF.exe

C:\Windows\System\TVqYgFz.exe

C:\Windows\System\TVqYgFz.exe

C:\Windows\System\sGevFhA.exe

C:\Windows\System\sGevFhA.exe

C:\Windows\System\oFWPzSB.exe

C:\Windows\System\oFWPzSB.exe

C:\Windows\System\OnoEGlu.exe

C:\Windows\System\OnoEGlu.exe

C:\Windows\System\foZzaLx.exe

C:\Windows\System\foZzaLx.exe

C:\Windows\System\DiBVrmJ.exe

C:\Windows\System\DiBVrmJ.exe

C:\Windows\System\sFDWCKs.exe

C:\Windows\System\sFDWCKs.exe

C:\Windows\System\SJADWof.exe

C:\Windows\System\SJADWof.exe

C:\Windows\System\YroNnDB.exe

C:\Windows\System\YroNnDB.exe

C:\Windows\System\KTPyfgI.exe

C:\Windows\System\KTPyfgI.exe

C:\Windows\System\mNkxNtH.exe

C:\Windows\System\mNkxNtH.exe

C:\Windows\System\OYlHYfy.exe

C:\Windows\System\OYlHYfy.exe

C:\Windows\System\OwaFEJk.exe

C:\Windows\System\OwaFEJk.exe

C:\Windows\System\mDtVQKY.exe

C:\Windows\System\mDtVQKY.exe

C:\Windows\System\mwJofiw.exe

C:\Windows\System\mwJofiw.exe

C:\Windows\System\INsEYMP.exe

C:\Windows\System\INsEYMP.exe

C:\Windows\System\KBucqAI.exe

C:\Windows\System\KBucqAI.exe

C:\Windows\System\LvgwJUd.exe

C:\Windows\System\LvgwJUd.exe

C:\Windows\System\ASMsfhs.exe

C:\Windows\System\ASMsfhs.exe

C:\Windows\System\ypvqxmN.exe

C:\Windows\System\ypvqxmN.exe

C:\Windows\System\nykEqFt.exe

C:\Windows\System\nykEqFt.exe

C:\Windows\System\yugDnqw.exe

C:\Windows\System\yugDnqw.exe

C:\Windows\System\imcqZzA.exe

C:\Windows\System\imcqZzA.exe

C:\Windows\System\jtDhcAg.exe

C:\Windows\System\jtDhcAg.exe

C:\Windows\System\bVidoka.exe

C:\Windows\System\bVidoka.exe

C:\Windows\System\eJtQOVg.exe

C:\Windows\System\eJtQOVg.exe

C:\Windows\System\VYWONmc.exe

C:\Windows\System\VYWONmc.exe

C:\Windows\System\KEfzXnB.exe

C:\Windows\System\KEfzXnB.exe

C:\Windows\System\OGypCGX.exe

C:\Windows\System\OGypCGX.exe

C:\Windows\System\AcWwvgw.exe

C:\Windows\System\AcWwvgw.exe

C:\Windows\System\FyYDiQp.exe

C:\Windows\System\FyYDiQp.exe

C:\Windows\System\WPKuIVX.exe

C:\Windows\System\WPKuIVX.exe

C:\Windows\System\hkaxMxc.exe

C:\Windows\System\hkaxMxc.exe

C:\Windows\System\CGnCZRo.exe

C:\Windows\System\CGnCZRo.exe

C:\Windows\System\rXPTXiQ.exe

C:\Windows\System\rXPTXiQ.exe

C:\Windows\System\MTRKFVW.exe

C:\Windows\System\MTRKFVW.exe

C:\Windows\System\beqzUOi.exe

C:\Windows\System\beqzUOi.exe

C:\Windows\System\TyYZqCp.exe

C:\Windows\System\TyYZqCp.exe

C:\Windows\System\QRhrbcJ.exe

C:\Windows\System\QRhrbcJ.exe

C:\Windows\System\wvRwEMD.exe

C:\Windows\System\wvRwEMD.exe

C:\Windows\System\EnKtnAR.exe

C:\Windows\System\EnKtnAR.exe

C:\Windows\System\duIuQvm.exe

C:\Windows\System\duIuQvm.exe

C:\Windows\System\JUSfYcq.exe

C:\Windows\System\JUSfYcq.exe

C:\Windows\System\powdIze.exe

C:\Windows\System\powdIze.exe

C:\Windows\System\gDzvXHa.exe

C:\Windows\System\gDzvXHa.exe

C:\Windows\System\tmMGRnj.exe

C:\Windows\System\tmMGRnj.exe

C:\Windows\System\EXUeQzQ.exe

C:\Windows\System\EXUeQzQ.exe

C:\Windows\System\gfUdcXS.exe

C:\Windows\System\gfUdcXS.exe

C:\Windows\System\uGeKXMg.exe

C:\Windows\System\uGeKXMg.exe

C:\Windows\System\qOjrgoD.exe

C:\Windows\System\qOjrgoD.exe

C:\Windows\System\RCQXuVa.exe

C:\Windows\System\RCQXuVa.exe

C:\Windows\System\aRyJPyD.exe

C:\Windows\System\aRyJPyD.exe

C:\Windows\System\CkHVKFt.exe

C:\Windows\System\CkHVKFt.exe

C:\Windows\System\hZdarSJ.exe

C:\Windows\System\hZdarSJ.exe

C:\Windows\System\fpnzhtC.exe

C:\Windows\System\fpnzhtC.exe

C:\Windows\System\GuwfaKU.exe

C:\Windows\System\GuwfaKU.exe

C:\Windows\System\UoSOrmE.exe

C:\Windows\System\UoSOrmE.exe

C:\Windows\System\vbMIMnx.exe

C:\Windows\System\vbMIMnx.exe

C:\Windows\System\peMjftR.exe

C:\Windows\System\peMjftR.exe

C:\Windows\System\TCRVQvU.exe

C:\Windows\System\TCRVQvU.exe

C:\Windows\System\UHqDYlo.exe

C:\Windows\System\UHqDYlo.exe

C:\Windows\System\KQKaIrg.exe

C:\Windows\System\KQKaIrg.exe

C:\Windows\System\UxcDFeO.exe

C:\Windows\System\UxcDFeO.exe

C:\Windows\System\GqIUpWh.exe

C:\Windows\System\GqIUpWh.exe

C:\Windows\System\WdHxgux.exe

C:\Windows\System\WdHxgux.exe

C:\Windows\System\tHiBePO.exe

C:\Windows\System\tHiBePO.exe

C:\Windows\System\vmhxMZI.exe

C:\Windows\System\vmhxMZI.exe

C:\Windows\System\yfrogGb.exe

C:\Windows\System\yfrogGb.exe

C:\Windows\System\TJYKHtF.exe

C:\Windows\System\TJYKHtF.exe

C:\Windows\System\IsiimWD.exe

C:\Windows\System\IsiimWD.exe

C:\Windows\System\ZdIYxtn.exe

C:\Windows\System\ZdIYxtn.exe

C:\Windows\System\BpjvmoB.exe

C:\Windows\System\BpjvmoB.exe

C:\Windows\System\caWUPUb.exe

C:\Windows\System\caWUPUb.exe

C:\Windows\System\ngNUKLx.exe

C:\Windows\System\ngNUKLx.exe

C:\Windows\System\JDvWZWr.exe

C:\Windows\System\JDvWZWr.exe

C:\Windows\System\ltiszWh.exe

C:\Windows\System\ltiszWh.exe

C:\Windows\System\jAnhZnv.exe

C:\Windows\System\jAnhZnv.exe

C:\Windows\System\gGMpmEk.exe

C:\Windows\System\gGMpmEk.exe

C:\Windows\System\mMEOwho.exe

C:\Windows\System\mMEOwho.exe

C:\Windows\System\Zbmlhnr.exe

C:\Windows\System\Zbmlhnr.exe

C:\Windows\System\wsllijn.exe

C:\Windows\System\wsllijn.exe

C:\Windows\System\PysYFbI.exe

C:\Windows\System\PysYFbI.exe

C:\Windows\System\fGfmsDI.exe

C:\Windows\System\fGfmsDI.exe

C:\Windows\System\waZqcCN.exe

C:\Windows\System\waZqcCN.exe

C:\Windows\System\gyayNod.exe

C:\Windows\System\gyayNod.exe

C:\Windows\System\zFqNCFf.exe

C:\Windows\System\zFqNCFf.exe

C:\Windows\System\nJGPEHY.exe

C:\Windows\System\nJGPEHY.exe

C:\Windows\System\OvTgdBA.exe

C:\Windows\System\OvTgdBA.exe

C:\Windows\System\cUKZhQD.exe

C:\Windows\System\cUKZhQD.exe

C:\Windows\System\xMGEEZN.exe

C:\Windows\System\xMGEEZN.exe

C:\Windows\System\qpgCzRj.exe

C:\Windows\System\qpgCzRj.exe

C:\Windows\System\rbgOAzw.exe

C:\Windows\System\rbgOAzw.exe

C:\Windows\System\NenyFDa.exe

C:\Windows\System\NenyFDa.exe

C:\Windows\System\xbBgYUs.exe

C:\Windows\System\xbBgYUs.exe

C:\Windows\System\QTGzBbF.exe

C:\Windows\System\QTGzBbF.exe

C:\Windows\System\tcCOCqz.exe

C:\Windows\System\tcCOCqz.exe

C:\Windows\System\eNUrvBX.exe

C:\Windows\System\eNUrvBX.exe

C:\Windows\System\QeifzHB.exe

C:\Windows\System\QeifzHB.exe

C:\Windows\System\CSQPxMe.exe

C:\Windows\System\CSQPxMe.exe

C:\Windows\System\ECnZTZH.exe

C:\Windows\System\ECnZTZH.exe

C:\Windows\System\cCIvnUL.exe

C:\Windows\System\cCIvnUL.exe

C:\Windows\System\WotmzvI.exe

C:\Windows\System\WotmzvI.exe

C:\Windows\System\WktcMjP.exe

C:\Windows\System\WktcMjP.exe

C:\Windows\System\qhlggXX.exe

C:\Windows\System\qhlggXX.exe

C:\Windows\System\lFuIDuD.exe

C:\Windows\System\lFuIDuD.exe

C:\Windows\System\UNXejlc.exe

C:\Windows\System\UNXejlc.exe

C:\Windows\System\haBlBvT.exe

C:\Windows\System\haBlBvT.exe

C:\Windows\System\vzyQHRH.exe

C:\Windows\System\vzyQHRH.exe

C:\Windows\System\wlSiEgE.exe

C:\Windows\System\wlSiEgE.exe

C:\Windows\System\SPltEQi.exe

C:\Windows\System\SPltEQi.exe

C:\Windows\System\jTkhroK.exe

C:\Windows\System\jTkhroK.exe

C:\Windows\System\itZqfwb.exe

C:\Windows\System\itZqfwb.exe

C:\Windows\System\nXFMmJB.exe

C:\Windows\System\nXFMmJB.exe

C:\Windows\System\nQNXKGp.exe

C:\Windows\System\nQNXKGp.exe

C:\Windows\System\qpBnLux.exe

C:\Windows\System\qpBnLux.exe

C:\Windows\System\bUrEotv.exe

C:\Windows\System\bUrEotv.exe

C:\Windows\System\QIdYDSK.exe

C:\Windows\System\QIdYDSK.exe

C:\Windows\System\jYnRYXK.exe

C:\Windows\System\jYnRYXK.exe

C:\Windows\System\kGIkhga.exe

C:\Windows\System\kGIkhga.exe

C:\Windows\System\oaWhHeL.exe

C:\Windows\System\oaWhHeL.exe

C:\Windows\System\SuhamOV.exe

C:\Windows\System\SuhamOV.exe

C:\Windows\System\BzqmBVv.exe

C:\Windows\System\BzqmBVv.exe

C:\Windows\System\nPOjjap.exe

C:\Windows\System\nPOjjap.exe

C:\Windows\System\nCbyYoF.exe

C:\Windows\System\nCbyYoF.exe

C:\Windows\System\LykWHwa.exe

C:\Windows\System\LykWHwa.exe

C:\Windows\System\qBCFavM.exe

C:\Windows\System\qBCFavM.exe

C:\Windows\System\crncXzI.exe

C:\Windows\System\crncXzI.exe

C:\Windows\System\qjgYWMN.exe

C:\Windows\System\qjgYWMN.exe

C:\Windows\System\ZcqpmQy.exe

C:\Windows\System\ZcqpmQy.exe

C:\Windows\System\DOrOBQH.exe

C:\Windows\System\DOrOBQH.exe

C:\Windows\System\NzAzCbt.exe

C:\Windows\System\NzAzCbt.exe

C:\Windows\System\LpMOYmo.exe

C:\Windows\System\LpMOYmo.exe

C:\Windows\System\NCzCEhX.exe

C:\Windows\System\NCzCEhX.exe

C:\Windows\System\cqKRKMj.exe

C:\Windows\System\cqKRKMj.exe

C:\Windows\System\vvgxjDW.exe

C:\Windows\System\vvgxjDW.exe

C:\Windows\System\WFRNvGM.exe

C:\Windows\System\WFRNvGM.exe

C:\Windows\System\ZXBfpZV.exe

C:\Windows\System\ZXBfpZV.exe

C:\Windows\System\JgFKfnF.exe

C:\Windows\System\JgFKfnF.exe

C:\Windows\System\bdPotqc.exe

C:\Windows\System\bdPotqc.exe

C:\Windows\System\uBZcQKA.exe

C:\Windows\System\uBZcQKA.exe

C:\Windows\System\vhQuyrY.exe

C:\Windows\System\vhQuyrY.exe

C:\Windows\System\htviZIW.exe

C:\Windows\System\htviZIW.exe

C:\Windows\System\TBBzukx.exe

C:\Windows\System\TBBzukx.exe

C:\Windows\System\ZpPOeNV.exe

C:\Windows\System\ZpPOeNV.exe

C:\Windows\System\reNgZjm.exe

C:\Windows\System\reNgZjm.exe

C:\Windows\System\sAqgpKu.exe

C:\Windows\System\sAqgpKu.exe

C:\Windows\System\vLyoZXZ.exe

C:\Windows\System\vLyoZXZ.exe

C:\Windows\System\WswliNN.exe

C:\Windows\System\WswliNN.exe

C:\Windows\System\wGQywyb.exe

C:\Windows\System\wGQywyb.exe

C:\Windows\System\OoEpFzN.exe

C:\Windows\System\OoEpFzN.exe

C:\Windows\System\glePZqg.exe

C:\Windows\System\glePZqg.exe

C:\Windows\System\kRfYLQy.exe

C:\Windows\System\kRfYLQy.exe

C:\Windows\System\KlDRFtw.exe

C:\Windows\System\KlDRFtw.exe

C:\Windows\System\tmdUcMU.exe

C:\Windows\System\tmdUcMU.exe

C:\Windows\System\xvivdjU.exe

C:\Windows\System\xvivdjU.exe

C:\Windows\System\GAmIYbT.exe

C:\Windows\System\GAmIYbT.exe

C:\Windows\System\UKvkmBn.exe

C:\Windows\System\UKvkmBn.exe

C:\Windows\System\carOufv.exe

C:\Windows\System\carOufv.exe

C:\Windows\System\uiPhnut.exe

C:\Windows\System\uiPhnut.exe

C:\Windows\System\mZuHhRA.exe

C:\Windows\System\mZuHhRA.exe

C:\Windows\System\TlbFsoe.exe

C:\Windows\System\TlbFsoe.exe

C:\Windows\System\GFCQUwy.exe

C:\Windows\System\GFCQUwy.exe

C:\Windows\System\gIpYbpF.exe

C:\Windows\System\gIpYbpF.exe

C:\Windows\System\WPiuVGL.exe

C:\Windows\System\WPiuVGL.exe

C:\Windows\System\LQTMiRG.exe

C:\Windows\System\LQTMiRG.exe

C:\Windows\System\PWCRFaJ.exe

C:\Windows\System\PWCRFaJ.exe

C:\Windows\System\ANMpDZO.exe

C:\Windows\System\ANMpDZO.exe

C:\Windows\System\nPBgZNd.exe

C:\Windows\System\nPBgZNd.exe

C:\Windows\System\mkkunDN.exe

C:\Windows\System\mkkunDN.exe

C:\Windows\System\UpzNoOG.exe

C:\Windows\System\UpzNoOG.exe

C:\Windows\System\sAsPTAp.exe

C:\Windows\System\sAsPTAp.exe

C:\Windows\System\lsNeXrM.exe

C:\Windows\System\lsNeXrM.exe

C:\Windows\System\HnxGWoX.exe

C:\Windows\System\HnxGWoX.exe

C:\Windows\System\WsFsPbD.exe

C:\Windows\System\WsFsPbD.exe

C:\Windows\System\yCyDpdg.exe

C:\Windows\System\yCyDpdg.exe

C:\Windows\System\TLyROuu.exe

C:\Windows\System\TLyROuu.exe

C:\Windows\System\hSKNwbS.exe

C:\Windows\System\hSKNwbS.exe

C:\Windows\System\wZmPulX.exe

C:\Windows\System\wZmPulX.exe

C:\Windows\System\aUmhBuZ.exe

C:\Windows\System\aUmhBuZ.exe

C:\Windows\System\WaBDbFS.exe

C:\Windows\System\WaBDbFS.exe

C:\Windows\System\isuYpkY.exe

C:\Windows\System\isuYpkY.exe

C:\Windows\System\fPBhiCA.exe

C:\Windows\System\fPBhiCA.exe

C:\Windows\System\VqrsEoZ.exe

C:\Windows\System\VqrsEoZ.exe

C:\Windows\System\mikXVYY.exe

C:\Windows\System\mikXVYY.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2584-0-0x00007FF6FD310000-0x00007FF6FD664000-memory.dmp

memory/2456-8-0x00007FF7C8760000-0x00007FF7C8AB4000-memory.dmp

C:\Windows\System\AzLGmgx.exe

MD5 f2d53e7baa9f49cde0c02c7bbe1e6e26
SHA1 3e3253c7bb8ac36f4d93d6e7f1a957b5d7bb0107
SHA256 c54b59348deec515b70d696c2d0ae9216f6747e65b118fb415ac6651c974e794
SHA512 2dc790ef3ce3c6560635b53f79f7dc8ea6a5f46ff63a2e3aeba1e4d52a671ad26e1e13dfaa9ec2451adcad66783656f96c195515f8e6602598017b39f2fc7c9a

memory/2584-1-0x0000028A81CD0000-0x0000028A81CE0000-memory.dmp

C:\Windows\System\vhiLHJW.exe

MD5 a805d286dced0f95c511b76824179c7d
SHA1 2c7c42d6a2d801782e42ebb9638f8f6d5c04800e
SHA256 8e32355d2b6054b59963016662cc7712c8c597bd684932af2609e46f0c3ee0e3
SHA512 3d68c036bd7d84bd393bb2206f8884773145c3b4e7c28213786682e1f05d2ccc4773d116a9d7dbb4fb810ad0a1c476cb1b8eca5b072676c008943e9eaccf61c3

memory/5024-20-0x00007FF71E9A0000-0x00007FF71ECF4000-memory.dmp

C:\Windows\System\pBChNYV.exe

MD5 2dfb8ce8d20ed8f7835c891b84db01d0
SHA1 15848c60fa5d9f6478608f5f18b28f85a9ffedd2
SHA256 19aca029d7cfb2c2fc5157f57f2c514600d582de7a31dcd24cfa58eb929d6fd5
SHA512 4bdb896a55a9ac188d4941ec4def0408dc5a4de0e45c16908d4423c83af40c1c1a5b755c3711aefff99d3a85019e6775a1e75e6f8e72b0bbc8af114d594e8e3e

C:\Windows\System\tPGJNna.exe

MD5 c625359b1fe5399d98d095197c62f418
SHA1 3cd57a01b8a7066b568113d3b071e1b1c28d2191
SHA256 1cbf42c027151a9bf22f2fdd79b88f889fb77bcd692358fb87296dfc92f27281
SHA512 afef5e9ada956efa258196eb45090a31b2b47852cfce9d28561b7ac2caa4472c86115fd119cdf435990a8a72436e733d0787cbef084993545615f46be5639702

memory/4072-26-0x00007FF724EF0000-0x00007FF725244000-memory.dmp

C:\Windows\System\HOQGYuP.exe

MD5 b30b303eb6ab9207969f0b0006d83846
SHA1 043bcb018c4346389f507ea56919dc4a81ad495f
SHA256 b8e1b1c03579cfea1e5d31b97e38575fcd4d5ba10de60146e3680977478d99bf
SHA512 397c7a8ecc648e1ee6c3100e157c2e29b6cc9d7e2c6329ed2968773a0599e998a681855d2a2ee72189e6335f0ea6e3a33e745addfdbe101a6b0b97778f93db1e

C:\Windows\System\KnrQMUG.exe

MD5 5cab429a0fbef38eb8431fe65244eb61
SHA1 f35c53600223295d9678e9760cde8c334110b790
SHA256 7567f3485f11713c1b09b4c5044bc22bc2f85744d815749d908d4874f3dc0856
SHA512 9a4a3962746b7cc7dd9985a2a8cace015ffc0c8a061135450593354cdb1c0043cc7ae47d4173093d55871379b43ac46ef5f4032f310418b3faabf207da4a82c6

C:\Windows\System\bWoRDeM.exe

MD5 ca0d49f4b50b784c00670042ee6c51e8
SHA1 400e342db746c2a3ee87a6a5290c89416d898356
SHA256 c82cab83c0bfca8aaa07bad06874796e461f0db1df5a37fddae989530ae1fa49
SHA512 f80a720f2b9dc22ee6cc0cedfa6467b85e9fd85027025686945734a6dd693d07968462d3474d03cf44f533d6fb29d10bb7e0a1fc78992b68ccb20519ca95353f

C:\Windows\System\jkYnYSJ.exe

MD5 d42365abe2a47f7d74020f9b8a43dfa5
SHA1 f60b2209973f3f256f330c011f6620e20dbb1b2e
SHA256 043c400c76ccb9b2a825af535830ef8e98af2ddc0540d62f9047b21abb7784bd
SHA512 1687611e3a44fa5d9bda7728b57e0694f57dfca44f5908ad75c0ff60af214ffca687d966cc9707a0c88982caa4008659fc6942d410784a05302a97c7b0a506f1

C:\Windows\System\BarqOoW.exe

MD5 d0c39f1eb86554e2f5a2f9569fc8aabe
SHA1 704d324b3164b993e8f1c2f5ead319689c1f75fe
SHA256 de9389371dfad2120c2642d662ead30b744792b7d4723a9d0c82517e3f92662b
SHA512 ef15d88ff1a81c177c72928a4cc8ca51f4a5b7070a9335e7005a2c3060c9a4944924ac037df637c55009f749bf7a9331559af40aeab7c68273f865bfee25480e

memory/1652-129-0x00007FF7D6370000-0x00007FF7D66C4000-memory.dmp

memory/912-136-0x00007FF7B1DA0000-0x00007FF7B20F4000-memory.dmp

memory/4980-149-0x00007FF7DDC40000-0x00007FF7DDF94000-memory.dmp

memory/2672-154-0x00007FF788A40000-0x00007FF788D94000-memory.dmp

memory/4944-158-0x00007FF7D54D0000-0x00007FF7D5824000-memory.dmp

memory/3204-163-0x00007FF6D3CB0000-0x00007FF6D4004000-memory.dmp

memory/4928-164-0x00007FF61BC40000-0x00007FF61BF94000-memory.dmp

memory/2728-162-0x00007FF731D00000-0x00007FF732054000-memory.dmp

memory/3140-161-0x00007FF7E3250000-0x00007FF7E35A4000-memory.dmp

memory/2552-160-0x00007FF79C1E0000-0x00007FF79C534000-memory.dmp

memory/1548-159-0x00007FF74BAE0000-0x00007FF74BE34000-memory.dmp

memory/2224-157-0x00007FF78D4B0000-0x00007FF78D804000-memory.dmp

memory/4424-156-0x00007FF6C28A0000-0x00007FF6C2BF4000-memory.dmp

memory/3660-155-0x00007FF6031D0000-0x00007FF603524000-memory.dmp

memory/400-153-0x00007FF60A250000-0x00007FF60A5A4000-memory.dmp

memory/1316-152-0x00007FF70BBB0000-0x00007FF70BF04000-memory.dmp

C:\Windows\System\IgzrNXb.exe

MD5 f9ba66dfc8dc5702fa09149f65fede88
SHA1 6c4ef9f768988ba80e4340bd884ee96862e7216d
SHA256 7aff309a0a0eca303f70e05f5935d809d8492a1da670542276b494b10f7fe6a6
SHA512 fb3a8799be4a80eb6051cff3436918278a7ecec759a2625f8b3044a8a7e7f873e0678aa2c0709c8f94d46806aef482da0601f1cba19c2a11f8ddad803ea1c1f0

C:\Windows\System\WXjMWQY.exe

MD5 f9a95d0e698582d27843d8317c29c3ef
SHA1 cb2ebde7322cca8112c260ff3f6fd84b703c4315
SHA256 fd37e009b05d68e8325fd3fcd23eebeca9a6c4105aaaf27d235916eca055550e
SHA512 b18f47bd31b8960f0025511104d3b810d522f1607898586fbc852b8734b4a315443ed5db433f325f1d2207e0f331aef092faabc582d767f17629e8a1cb76faa8

memory/2124-146-0x00007FF6BABC0000-0x00007FF6BAF14000-memory.dmp

C:\Windows\System\wKYvBjk.exe

MD5 28992b4b9e96d58adcf3c777ec4021ab
SHA1 892ff81208695fc0eb910c85609db63c89b45e8c
SHA256 6408acd21190d19b6a1b107848484f215d6c61eb3a24e707de610bfdff89218d
SHA512 82cf0a12e35ff2ae4ac895dfa8c8a3941115330caac90b8536d10c1bd3b10ff0a1966c2f0d64744ea36de8b60b7e830302d872aaf0304c7558418c43c85fef29

memory/2268-137-0x00007FF7CDFF0000-0x00007FF7CE344000-memory.dmp

C:\Windows\System\JfpyMcZ.exe

MD5 670638a8eed5aa0925cc255ef93f4631
SHA1 5255b2e14aab08811ce06dd9fb5aceefd9d7a8a4
SHA256 d5668910a45df12d5890566be831fd3ebb8423ca4fa0fe8401269c7e9b47dc2d
SHA512 fc85c871cb3f9a3194586dcd2d7c6d0d143839581bc6cbb0e56955b01c3baf1b95a003faac819f5ae594829cc2bc8e1e1fa09be0c1db31c4e4345356935ff75b

C:\Windows\System\mWQSoOq.exe

MD5 6a901fa2333c76d2afbc77a2530fe1ff
SHA1 2373fae9de274d46e6514696e86f9395ed4a4a73
SHA256 6ea44bb71e853905cdf7a1c4ed683fa454da0b4d48c299b5e4ccad1603f34970
SHA512 a0b7ff8b28b9009bbfcf899c5b434460c363570fbf5ef592c8b131d1c89e19a3f55fe1c8d95c8459d05ec3413aa230cbbd6c2b8edf09f17aa7becd69e5e45533

C:\Windows\System\hYiQYlX.exe

MD5 c02a21b78cdc33cea6eb0a9e15421a77
SHA1 0370aabb2e84969ed9438ec8a4b6144ece401554
SHA256 306a186b62b0cec779369c8f0b6892855cee08f22cc5cbe3598995d2dd72ead9
SHA512 7ebbf0a07cee1a9686171d255f1724777525c1524a62db64b3acbf04f157d1329568e34f393d86a3b1a8f02e0b3ec86695208ba9a6bc6f56e5dddfd882198ccd

C:\Windows\System\kayQYxl.exe

MD5 b36add3578de2a09ac9aa213b8b34096
SHA1 0999064b2bf4ddfb13bcb1ab8e4f3697beecaf57
SHA256 b23f3ea891acac3055e425ffc593a71bfe8a73026669b7f1592ca8243316a02d
SHA512 b08b54162a4b42441282c9a98a9079d747582e820ed133f809864e1af5c2ed0f149e3c0118f9cd0e5129cf24be7e672436049c9302d912e891c1eec91f765487

C:\Windows\System\QPmEzuM.exe

MD5 0527fdd7e5960d88a4978667d3cca76b
SHA1 2bc986a27f6f2a412370552fc0ad988423cddbf8
SHA256 a24bc8849be063dfa9384342e52e978fa31432b05d4d74b593991f14e98c43a3
SHA512 71eb4a4743b1dc2897dc6ba648d4e3af0e5e9aa82d9b93b53a00ffd45b16a79be7212762d328c8e2952c960cb866309bd522c02b69f1ad71a2eb7c9f53cc0c9b

memory/3612-118-0x00007FF778B70000-0x00007FF778EC4000-memory.dmp

C:\Windows\System\gkCMqGn.exe

MD5 eb4a498b6eee0c8113aeca0a187b729d
SHA1 b773437f2e03037cd1ecaa5011aaca8e3b3a0afb
SHA256 aefd1270efe916e3d1b663e5ae3c38a0ced44298d2d5197b738573f0664c33c5
SHA512 6ef15ac95b0939ae181d1047808ecc53e764f5a53460ff18b3976c92a0ca85374282a7d9609cd982a0413dcd9030a9bd37947ac82759285998db16e329ec4502

memory/3552-109-0x00007FF768990000-0x00007FF768CE4000-memory.dmp

C:\Windows\System\EzhctLj.exe

MD5 fb0ed49769fcedb918bde49affc42d45
SHA1 9a106131a675de948361773e2d76d30fa03be99d
SHA256 6df6a143af575374f80d39dec55c3a8d9f5c3b6b8aa3520178b850938e9481e0
SHA512 7b48568ddc4518f6c79db6f64b3d31c08c069cb6cb0486cd2aad81b0cdab5e54b8a2ba5644fa088e5d07502f415c07d2e74bfbb0b9a1d9dec3640842fb6a129d

C:\Windows\System\ynfiyMV.exe

MD5 1cbe98150d27ad7de885af0dd157215e
SHA1 89dfabacecf9f685d16cf5a12f2cee942571d608
SHA256 f791db56d8106a9d87405877cd90347bd5d5cb8ab92320f739c1836370e24409
SHA512 e06946d891786628bd7401c5964fa0971d921fc44939137103234c3f7ad35c14081b8403790793a5fdd1c1a2a03cbb88b4430fa249cc4756b36f8361b753020e

C:\Windows\System\uTqEvpT.exe

MD5 0c8a57fbfdfc1ad74c373b8fe3e4ae28
SHA1 f273bb291d0b83f8326ea8ef4d1b2f71c14f4554
SHA256 53feb4fdfd0e9577c7a7e2a23dd0fd93495522a77782e5cf1fb489293f78bdf9
SHA512 c15387d701fe14c2f8f979ce767453006a24920869acfd4da5dbbda037138fc05e7d82ee4a09351f455442e653d35cc7876460493ea62660e536f29ad1cb9b32

C:\Windows\System\mVHMgqi.exe

MD5 5ab7002c81e1c7276f03169313c76b86
SHA1 755437fce045df9ba822684956de57e59abfe456
SHA256 a5f440be662b76a7890f19fd5b12663f60cf2ed9674b9f5e9442e478b10202e2
SHA512 4c30dfe1005bf747210a950bb10416e7acb8f29c7e1e255ce18ce0410e4a37bd01e5fe8927d0715c7665cd7b7991f42ea920115d4260169ca4e2ee404c4fc1dc

C:\Windows\System\GYeheBU.exe

MD5 17690fcfc53352f0b363cce329056c60
SHA1 2abe9c59d1886b11e4014571f401b1f4c0bd399c
SHA256 938d7d620d21a45fcc75186fe4ba66fda59b4af6ab39ae24193d90c63f394a80
SHA512 4606b76151c8d5d8b4aa7d1c1c25b8e6ebb21c3789d64eeea73cbf6502eefe55d52ba0e19afbe78ec0eb2d6fe25be5d7784142e943bf1ba126eb8056e6e6493d

C:\Windows\System\PWmgjRr.exe

MD5 7edcf8b531a84db4a2f83676dcfc44c3
SHA1 1ff90f94512f9192d8ad7732acbfb9b9b4d666ee
SHA256 5ff2037ff4a3730d2f2513cc1210ca1766b79fba4962f116f039c43ec0a4230e
SHA512 7debb1168ae35e66a2719b8fc138b45437c9862012a4aa56dc0640bdd0d76384669efc9d6f70afad8881a2f7b273d09fb2650dc2112afd7c8c988799d59b6fc3

memory/4200-85-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp

memory/2064-57-0x00007FF7AD2A0000-0x00007FF7AD5F4000-memory.dmp

C:\Windows\System\sIzOLIW.exe

MD5 8b4c2c901f6d8277187c965ee1cdb5d3
SHA1 6b2240cc79fa0ecdc016c1d72644312eed01c04f
SHA256 ef0005b1297549a162b8eac6ef74caca11bd000cdb3e239f06ba187a1a8252b5
SHA512 861b9d40021ac761b858bc95549dcb56660768d49f4dc84044451d4ae5497df0865419e001602e5ede60aa2020cfcad7ec92177c203e5ea58e6701257168819e

memory/3148-180-0x00007FF6511D0000-0x00007FF651524000-memory.dmp

C:\Windows\System\YeRsfwj.exe

MD5 399260170ec842b643a4bfc94b72fbc3
SHA1 8a89a56b35a97344e92d7d9bd42ea675131ecfaf
SHA256 55407ba7eb29a3a7439abb3b35378540ec0678e9f444c57c96c7380e2e569715
SHA512 a19f6bca01db42b7e7346662ff8ec130a4b3b9c109108dabe94e1e4292538272127a22bf08146cf2e337310f68d5384b240147db2023444743b68d4416a288b3

C:\Windows\System\cCoTqlK.exe

MD5 095a943006b483b5520351140a4c3ddb
SHA1 0802169fc3bd227a370a25d6994487b0c8582f17
SHA256 800883a061506304b6d9e2dc9c10b27a46daff130abef605f81d78e2fad12802
SHA512 9a34315f1a5c6ad9411110325c09149aed2491800cb8767af22702a0b220d10e8850dc614e68efa0d416cca4f5e24a4910495e2f0a368b9f1a5c2d8c152b4cda

C:\Windows\System\auJqdsL.exe

MD5 6b7deed6bcce97bfa52ca995fa2a948d
SHA1 c78fcd565fb02115ed21eb57ff6fbd536c9b3abd
SHA256 2309b6428ba8ad5b8137227e16104a205ddf0312c1d7599fb9a01e96926b6da0
SHA512 0802b21f830d7e38434130aa2332f8760d945aad62cfd7777cf5ca5e51c6967ec6295231fd1fd11a09751f1c2cbabe2203dbd4e716a265d1960e9f3dc577ca83

memory/2488-192-0x00007FF67BAD0000-0x00007FF67BE24000-memory.dmp

C:\Windows\System\djxczXw.exe

MD5 32db01e76d94e63fb55c204caf354626
SHA1 8018a6c18b930cd2f8a6ff6d4b41148315b6836b
SHA256 d7621dc7c63e1ffafea8a5314d0a296893bbc8f02fda441d8a48e2afa5784bcb
SHA512 502b246986990f9b662fe017b4cffe80d336c469b29aa23a6514569c7911e621f5c26c784afcbda18d59876bc8be1b30ff7a1cd30a45683b221bc67b341b1a80

C:\Windows\System\kMogsQS.exe

MD5 a8dbabb7866407aa2463974df24d7ab6
SHA1 8731a881d07faa14936ee84f525a0541ac228221
SHA256 1f4a3ac780491cee32296bd9e9535f3ff86337c28e7306c82b43487f8925fe1f
SHA512 084b278f410b41bb0e11b3f809f487d9b6016cc006645f74a184d5dd7a79355808a6aaf50bad4dc44d3e385c7717b1ea1c9cb216981e66252aa340605b90e3a6

C:\Windows\System\eIvIOBY.exe

MD5 820d71b65f2523326a382ee2119b7ca1
SHA1 28b0203dd9882d95d69aebfed52b370058dde209
SHA256 86b9c81b37d4c4b626691021be3bdbe71c42ccd0ae08ecd77239b782838eefce
SHA512 8a48f84fde76923f2b60b5ca0b728482970b4611100ab4e657d2800f593c3056bfc29dde04b4537525c1dd092c8198ebb282ed57257d3638dd0cd1290e9d8a0d

C:\Windows\System\HybCVmL.exe

MD5 7f2d610a2e86c73955ad26508844efc8
SHA1 8154d23a9c3fff97b74c68d6bb01a96a59b1080a
SHA256 faf835b7a061e7b3a4e72add1f201fa6c018958e9e208f917bc090b0f5dfb318
SHA512 f32eb2b0699b6a2cd78d73f9f25e6109ffffc26e9587ab1ffb6b5f31175009898fbe65e157070f8b14fa5937a8cbb868419622aeaadf5b90cdcd737a77eb35cf

C:\Windows\System\aDrVdAU.exe

MD5 deb2e983b25ec3883efa4171a11ed290
SHA1 71d703750d62dbc7b6eed287f4ec01a34cbb9bc8
SHA256 30763294cdc6ea71042bdad4add57712f9165035a381c7255114a1e2f2ea6c14
SHA512 b13d95f60b829455009cf52c3ce20787e60eb76883d9555347206f1173e18eb25b8334f4bfb7c8d958c8d354ddb2426d073609ac19604dfcdf19398303487276

memory/3412-39-0x00007FF65D360000-0x00007FF65D6B4000-memory.dmp

memory/524-23-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

C:\Windows\System\eZEnaac.exe

MD5 bc824fd147bb1c4c461781ad46db7c07
SHA1 f1c35d318d5513fdcfb662583745acf718a1b9c6
SHA256 e0f3a34b9e54579b43e5645de0781f0b3de5c0c5ab5f1389b876ea04c83e60e3
SHA512 a57f292edf2e998b5e7d657ddf2faae7badee768b4618dd947a37d9a1482c640095f080fbe34003cabbd65e2ab9ac582764d2d60a2ef2423758765c3f34a068a

memory/2584-1070-0x00007FF6FD310000-0x00007FF6FD664000-memory.dmp

memory/2456-1071-0x00007FF7C8760000-0x00007FF7C8AB4000-memory.dmp

memory/524-1072-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

memory/4072-1073-0x00007FF724EF0000-0x00007FF725244000-memory.dmp

memory/2488-1074-0x00007FF67BAD0000-0x00007FF67BE24000-memory.dmp

memory/2456-1075-0x00007FF7C8760000-0x00007FF7C8AB4000-memory.dmp

memory/5024-1076-0x00007FF71E9A0000-0x00007FF71ECF4000-memory.dmp

memory/524-1077-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

memory/4072-1078-0x00007FF724EF0000-0x00007FF725244000-memory.dmp

memory/3412-1079-0x00007FF65D360000-0x00007FF65D6B4000-memory.dmp

memory/2552-1080-0x00007FF79C1E0000-0x00007FF79C534000-memory.dmp

memory/2064-1081-0x00007FF7AD2A0000-0x00007FF7AD5F4000-memory.dmp

memory/4200-1082-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp

memory/3552-1083-0x00007FF768990000-0x00007FF768CE4000-memory.dmp

memory/2728-1085-0x00007FF731D00000-0x00007FF732054000-memory.dmp

memory/912-1084-0x00007FF7B1DA0000-0x00007FF7B20F4000-memory.dmp

memory/3612-1087-0x00007FF778B70000-0x00007FF778EC4000-memory.dmp

memory/3140-1088-0x00007FF7E3250000-0x00007FF7E35A4000-memory.dmp

memory/1652-1086-0x00007FF7D6370000-0x00007FF7D66C4000-memory.dmp

memory/2268-1091-0x00007FF7CDFF0000-0x00007FF7CE344000-memory.dmp

memory/3660-1094-0x00007FF6031D0000-0x00007FF603524000-memory.dmp

memory/3204-1096-0x00007FF6D3CB0000-0x00007FF6D4004000-memory.dmp

memory/1316-1095-0x00007FF70BBB0000-0x00007FF70BF04000-memory.dmp

memory/4980-1092-0x00007FF7DDC40000-0x00007FF7DDF94000-memory.dmp

memory/2124-1093-0x00007FF6BABC0000-0x00007FF6BAF14000-memory.dmp

memory/400-1090-0x00007FF60A250000-0x00007FF60A5A4000-memory.dmp

memory/2672-1089-0x00007FF788A40000-0x00007FF788D94000-memory.dmp

memory/2224-1100-0x00007FF78D4B0000-0x00007FF78D804000-memory.dmp

memory/4944-1099-0x00007FF7D54D0000-0x00007FF7D5824000-memory.dmp

memory/1548-1098-0x00007FF74BAE0000-0x00007FF74BE34000-memory.dmp

memory/4928-1097-0x00007FF61BC40000-0x00007FF61BF94000-memory.dmp

memory/4424-1101-0x00007FF6C28A0000-0x00007FF6C2BF4000-memory.dmp

memory/3148-1102-0x00007FF6511D0000-0x00007FF651524000-memory.dmp

memory/2488-1103-0x00007FF67BAD0000-0x00007FF67BE24000-memory.dmp