Malware Analysis Report

2024-10-10 09:33

Sample ID 240628-21qhqsvbjd
Target 2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe
SHA256 2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996

Threat Level: Known bad

The file 2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

XMRig Miner payload

KPOT

Kpot family

Xmrig family

xmrig

KPOT Core Executable

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-28 23:03

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 23:03

Reported

2024-06-28 23:05

Platform

win7-20240221-en

Max time kernel

140s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CeIBghB.exe N/A
N/A N/A C:\Windows\System\UemkXDd.exe N/A
N/A N/A C:\Windows\System\SPKOerp.exe N/A
N/A N/A C:\Windows\System\CHuUhjC.exe N/A
N/A N/A C:\Windows\System\QcwUlPT.exe N/A
N/A N/A C:\Windows\System\nepQkfB.exe N/A
N/A N/A C:\Windows\System\cqRTpHO.exe N/A
N/A N/A C:\Windows\System\DtklOGn.exe N/A
N/A N/A C:\Windows\System\UjoynxX.exe N/A
N/A N/A C:\Windows\System\vhEewyY.exe N/A
N/A N/A C:\Windows\System\lvrOJnk.exe N/A
N/A N/A C:\Windows\System\DAmaNYF.exe N/A
N/A N/A C:\Windows\System\lLiWGXx.exe N/A
N/A N/A C:\Windows\System\pfDNXyd.exe N/A
N/A N/A C:\Windows\System\AckAfPf.exe N/A
N/A N/A C:\Windows\System\KyADcJK.exe N/A
N/A N/A C:\Windows\System\FbqWdWU.exe N/A
N/A N/A C:\Windows\System\qqKjVun.exe N/A
N/A N/A C:\Windows\System\TOjxESL.exe N/A
N/A N/A C:\Windows\System\azgRnWE.exe N/A
N/A N/A C:\Windows\System\avpcUHX.exe N/A
N/A N/A C:\Windows\System\eUkLwVi.exe N/A
N/A N/A C:\Windows\System\BtbSPSx.exe N/A
N/A N/A C:\Windows\System\VhdFxvu.exe N/A
N/A N/A C:\Windows\System\sUfrMVH.exe N/A
N/A N/A C:\Windows\System\VTNCBxx.exe N/A
N/A N/A C:\Windows\System\iUqXkKD.exe N/A
N/A N/A C:\Windows\System\TDAeBNg.exe N/A
N/A N/A C:\Windows\System\tHUVzrb.exe N/A
N/A N/A C:\Windows\System\agcEHsD.exe N/A
N/A N/A C:\Windows\System\sionigj.exe N/A
N/A N/A C:\Windows\System\ckXEisd.exe N/A
N/A N/A C:\Windows\System\wekvGYa.exe N/A
N/A N/A C:\Windows\System\jbZUNHJ.exe N/A
N/A N/A C:\Windows\System\BUMaigf.exe N/A
N/A N/A C:\Windows\System\JhaLhvN.exe N/A
N/A N/A C:\Windows\System\yvPQluX.exe N/A
N/A N/A C:\Windows\System\OjjcUAE.exe N/A
N/A N/A C:\Windows\System\KuunIng.exe N/A
N/A N/A C:\Windows\System\NlxdSRH.exe N/A
N/A N/A C:\Windows\System\XNZEQQy.exe N/A
N/A N/A C:\Windows\System\bkYvxEj.exe N/A
N/A N/A C:\Windows\System\MnDyrCP.exe N/A
N/A N/A C:\Windows\System\swIXBVu.exe N/A
N/A N/A C:\Windows\System\ScDBGxo.exe N/A
N/A N/A C:\Windows\System\cASeljS.exe N/A
N/A N/A C:\Windows\System\drMslqs.exe N/A
N/A N/A C:\Windows\System\xGUrFrp.exe N/A
N/A N/A C:\Windows\System\RRNRbrU.exe N/A
N/A N/A C:\Windows\System\FeaDwqz.exe N/A
N/A N/A C:\Windows\System\ebSpqIr.exe N/A
N/A N/A C:\Windows\System\gagOavJ.exe N/A
N/A N/A C:\Windows\System\oskZNQl.exe N/A
N/A N/A C:\Windows\System\EMkeFVD.exe N/A
N/A N/A C:\Windows\System\DYLBUSh.exe N/A
N/A N/A C:\Windows\System\lmwLQrI.exe N/A
N/A N/A C:\Windows\System\tZiCcIb.exe N/A
N/A N/A C:\Windows\System\FfPnABJ.exe N/A
N/A N/A C:\Windows\System\PziPWPj.exe N/A
N/A N/A C:\Windows\System\VTrwatm.exe N/A
N/A N/A C:\Windows\System\RWNFFWC.exe N/A
N/A N/A C:\Windows\System\uikwYll.exe N/A
N/A N/A C:\Windows\System\CVSdYrn.exe N/A
N/A N/A C:\Windows\System\jNfDUOT.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fsdnQbJ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzqgTLs.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\kijPYkj.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqWPIow.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLcCATz.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\dpKxjqv.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPKOerp.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRNRbrU.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\teUFKOw.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXFwfGy.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmAIorh.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehXITEn.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\gbTclfY.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVFHcXT.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VvXXQbK.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlPYhTL.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDeXauf.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\tORXMib.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHBUNbw.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtroaNJ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfXLHkP.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\avpcUHX.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\iUqXkKD.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvummAk.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtvGdqO.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWxUUZj.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWWBslM.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\GhdFwxU.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoamted.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhdFxvu.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcZsUAK.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\viifNpL.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\CwfafFG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNnnPYn.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZRIcpO.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqXZCQL.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMnxMmQ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilunPBy.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqTnlyd.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFmsIeQ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeWpJbS.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\RAbiErR.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkYZaTt.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\mQjVlLi.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkLOvTD.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOktGLV.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\kgqvBIO.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMTIUex.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\wJmThuo.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFHbxNl.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\NqeyLNN.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWNCAjp.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\drMslqs.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VDuWQyv.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\kouTdHB.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\hRtUYrg.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gcbhbns.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\QcwUlPT.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\WogMHSc.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGUrFrp.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZiCcIb.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhPdwuC.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\mADluPa.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\iLHXXRp.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CeIBghB.exe
PID 1040 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CeIBghB.exe
PID 1040 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CeIBghB.exe
PID 1040 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UemkXDd.exe
PID 1040 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UemkXDd.exe
PID 1040 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UemkXDd.exe
PID 1040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\SPKOerp.exe
PID 1040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\SPKOerp.exe
PID 1040 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\SPKOerp.exe
PID 1040 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CHuUhjC.exe
PID 1040 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CHuUhjC.exe
PID 1040 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CHuUhjC.exe
PID 1040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QcwUlPT.exe
PID 1040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QcwUlPT.exe
PID 1040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QcwUlPT.exe
PID 1040 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\nepQkfB.exe
PID 1040 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\nepQkfB.exe
PID 1040 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\nepQkfB.exe
PID 1040 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\cqRTpHO.exe
PID 1040 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\cqRTpHO.exe
PID 1040 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\cqRTpHO.exe
PID 1040 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DtklOGn.exe
PID 1040 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DtklOGn.exe
PID 1040 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DtklOGn.exe
PID 1040 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UjoynxX.exe
PID 1040 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UjoynxX.exe
PID 1040 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UjoynxX.exe
PID 1040 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\vhEewyY.exe
PID 1040 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\vhEewyY.exe
PID 1040 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\vhEewyY.exe
PID 1040 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lvrOJnk.exe
PID 1040 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lvrOJnk.exe
PID 1040 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lvrOJnk.exe
PID 1040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DAmaNYF.exe
PID 1040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DAmaNYF.exe
PID 1040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DAmaNYF.exe
PID 1040 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lLiWGXx.exe
PID 1040 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lLiWGXx.exe
PID 1040 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\lLiWGXx.exe
PID 1040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\pfDNXyd.exe
PID 1040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\pfDNXyd.exe
PID 1040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\pfDNXyd.exe
PID 1040 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\AckAfPf.exe
PID 1040 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\AckAfPf.exe
PID 1040 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\AckAfPf.exe
PID 1040 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\KyADcJK.exe
PID 1040 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\KyADcJK.exe
PID 1040 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\KyADcJK.exe
PID 1040 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\FbqWdWU.exe
PID 1040 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\FbqWdWU.exe
PID 1040 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\FbqWdWU.exe
PID 1040 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\qqKjVun.exe
PID 1040 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\qqKjVun.exe
PID 1040 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\qqKjVun.exe
PID 1040 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TOjxESL.exe
PID 1040 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TOjxESL.exe
PID 1040 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TOjxESL.exe
PID 1040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\azgRnWE.exe
PID 1040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\azgRnWE.exe
PID 1040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\azgRnWE.exe
PID 1040 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\avpcUHX.exe
PID 1040 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\avpcUHX.exe
PID 1040 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\avpcUHX.exe
PID 1040 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\eUkLwVi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe"

C:\Windows\System\CeIBghB.exe

C:\Windows\System\CeIBghB.exe

C:\Windows\System\UemkXDd.exe

C:\Windows\System\UemkXDd.exe

C:\Windows\System\SPKOerp.exe

C:\Windows\System\SPKOerp.exe

C:\Windows\System\CHuUhjC.exe

C:\Windows\System\CHuUhjC.exe

C:\Windows\System\QcwUlPT.exe

C:\Windows\System\QcwUlPT.exe

C:\Windows\System\nepQkfB.exe

C:\Windows\System\nepQkfB.exe

C:\Windows\System\cqRTpHO.exe

C:\Windows\System\cqRTpHO.exe

C:\Windows\System\DtklOGn.exe

C:\Windows\System\DtklOGn.exe

C:\Windows\System\UjoynxX.exe

C:\Windows\System\UjoynxX.exe

C:\Windows\System\vhEewyY.exe

C:\Windows\System\vhEewyY.exe

C:\Windows\System\lvrOJnk.exe

C:\Windows\System\lvrOJnk.exe

C:\Windows\System\DAmaNYF.exe

C:\Windows\System\DAmaNYF.exe

C:\Windows\System\lLiWGXx.exe

C:\Windows\System\lLiWGXx.exe

C:\Windows\System\pfDNXyd.exe

C:\Windows\System\pfDNXyd.exe

C:\Windows\System\AckAfPf.exe

C:\Windows\System\AckAfPf.exe

C:\Windows\System\KyADcJK.exe

C:\Windows\System\KyADcJK.exe

C:\Windows\System\FbqWdWU.exe

C:\Windows\System\FbqWdWU.exe

C:\Windows\System\qqKjVun.exe

C:\Windows\System\qqKjVun.exe

C:\Windows\System\TOjxESL.exe

C:\Windows\System\TOjxESL.exe

C:\Windows\System\azgRnWE.exe

C:\Windows\System\azgRnWE.exe

C:\Windows\System\avpcUHX.exe

C:\Windows\System\avpcUHX.exe

C:\Windows\System\eUkLwVi.exe

C:\Windows\System\eUkLwVi.exe

C:\Windows\System\BtbSPSx.exe

C:\Windows\System\BtbSPSx.exe

C:\Windows\System\VhdFxvu.exe

C:\Windows\System\VhdFxvu.exe

C:\Windows\System\sUfrMVH.exe

C:\Windows\System\sUfrMVH.exe

C:\Windows\System\tHUVzrb.exe

C:\Windows\System\tHUVzrb.exe

C:\Windows\System\VTNCBxx.exe

C:\Windows\System\VTNCBxx.exe

C:\Windows\System\agcEHsD.exe

C:\Windows\System\agcEHsD.exe

C:\Windows\System\iUqXkKD.exe

C:\Windows\System\iUqXkKD.exe

C:\Windows\System\sionigj.exe

C:\Windows\System\sionigj.exe

C:\Windows\System\TDAeBNg.exe

C:\Windows\System\TDAeBNg.exe

C:\Windows\System\ckXEisd.exe

C:\Windows\System\ckXEisd.exe

C:\Windows\System\wekvGYa.exe

C:\Windows\System\wekvGYa.exe

C:\Windows\System\BUMaigf.exe

C:\Windows\System\BUMaigf.exe

C:\Windows\System\jbZUNHJ.exe

C:\Windows\System\jbZUNHJ.exe

C:\Windows\System\yvPQluX.exe

C:\Windows\System\yvPQluX.exe

C:\Windows\System\JhaLhvN.exe

C:\Windows\System\JhaLhvN.exe

C:\Windows\System\OjjcUAE.exe

C:\Windows\System\OjjcUAE.exe

C:\Windows\System\KuunIng.exe

C:\Windows\System\KuunIng.exe

C:\Windows\System\XNZEQQy.exe

C:\Windows\System\XNZEQQy.exe

C:\Windows\System\NlxdSRH.exe

C:\Windows\System\NlxdSRH.exe

C:\Windows\System\FeaDwqz.exe

C:\Windows\System\FeaDwqz.exe

C:\Windows\System\bkYvxEj.exe

C:\Windows\System\bkYvxEj.exe

C:\Windows\System\ebSpqIr.exe

C:\Windows\System\ebSpqIr.exe

C:\Windows\System\MnDyrCP.exe

C:\Windows\System\MnDyrCP.exe

C:\Windows\System\gagOavJ.exe

C:\Windows\System\gagOavJ.exe

C:\Windows\System\swIXBVu.exe

C:\Windows\System\swIXBVu.exe

C:\Windows\System\oskZNQl.exe

C:\Windows\System\oskZNQl.exe

C:\Windows\System\ScDBGxo.exe

C:\Windows\System\ScDBGxo.exe

C:\Windows\System\EMkeFVD.exe

C:\Windows\System\EMkeFVD.exe

C:\Windows\System\cASeljS.exe

C:\Windows\System\cASeljS.exe

C:\Windows\System\DYLBUSh.exe

C:\Windows\System\DYLBUSh.exe

C:\Windows\System\drMslqs.exe

C:\Windows\System\drMslqs.exe

C:\Windows\System\lmwLQrI.exe

C:\Windows\System\lmwLQrI.exe

C:\Windows\System\xGUrFrp.exe

C:\Windows\System\xGUrFrp.exe

C:\Windows\System\tZiCcIb.exe

C:\Windows\System\tZiCcIb.exe

C:\Windows\System\RRNRbrU.exe

C:\Windows\System\RRNRbrU.exe

C:\Windows\System\FfPnABJ.exe

C:\Windows\System\FfPnABJ.exe

C:\Windows\System\PziPWPj.exe

C:\Windows\System\PziPWPj.exe

C:\Windows\System\RWNFFWC.exe

C:\Windows\System\RWNFFWC.exe

C:\Windows\System\VTrwatm.exe

C:\Windows\System\VTrwatm.exe

C:\Windows\System\uikwYll.exe

C:\Windows\System\uikwYll.exe

C:\Windows\System\CVSdYrn.exe

C:\Windows\System\CVSdYrn.exe

C:\Windows\System\jNfDUOT.exe

C:\Windows\System\jNfDUOT.exe

C:\Windows\System\CZoHAFy.exe

C:\Windows\System\CZoHAFy.exe

C:\Windows\System\cHKLzUJ.exe

C:\Windows\System\cHKLzUJ.exe

C:\Windows\System\IxkaGEW.exe

C:\Windows\System\IxkaGEW.exe

C:\Windows\System\iijwuKn.exe

C:\Windows\System\iijwuKn.exe

C:\Windows\System\mlPYhTL.exe

C:\Windows\System\mlPYhTL.exe

C:\Windows\System\VDOhdTq.exe

C:\Windows\System\VDOhdTq.exe

C:\Windows\System\zTKLnXg.exe

C:\Windows\System\zTKLnXg.exe

C:\Windows\System\qoQsJkv.exe

C:\Windows\System\qoQsJkv.exe

C:\Windows\System\nPmiejp.exe

C:\Windows\System\nPmiejp.exe

C:\Windows\System\ieBljHD.exe

C:\Windows\System\ieBljHD.exe

C:\Windows\System\QuIKKrq.exe

C:\Windows\System\QuIKKrq.exe

C:\Windows\System\MQUUAHZ.exe

C:\Windows\System\MQUUAHZ.exe

C:\Windows\System\kgnhypd.exe

C:\Windows\System\kgnhypd.exe

C:\Windows\System\ZBmsvWi.exe

C:\Windows\System\ZBmsvWi.exe

C:\Windows\System\tVGxHuX.exe

C:\Windows\System\tVGxHuX.exe

C:\Windows\System\YElwLQS.exe

C:\Windows\System\YElwLQS.exe

C:\Windows\System\eBCCXcH.exe

C:\Windows\System\eBCCXcH.exe

C:\Windows\System\IVjqXTJ.exe

C:\Windows\System\IVjqXTJ.exe

C:\Windows\System\VRQZNij.exe

C:\Windows\System\VRQZNij.exe

C:\Windows\System\OLExdZM.exe

C:\Windows\System\OLExdZM.exe

C:\Windows\System\SdxAFev.exe

C:\Windows\System\SdxAFev.exe

C:\Windows\System\GJxGbwc.exe

C:\Windows\System\GJxGbwc.exe

C:\Windows\System\XfGNkGp.exe

C:\Windows\System\XfGNkGp.exe

C:\Windows\System\tbulHxk.exe

C:\Windows\System\tbulHxk.exe

C:\Windows\System\WEXzuFE.exe

C:\Windows\System\WEXzuFE.exe

C:\Windows\System\IgYeyZe.exe

C:\Windows\System\IgYeyZe.exe

C:\Windows\System\fGdgSXB.exe

C:\Windows\System\fGdgSXB.exe

C:\Windows\System\ZgzxhHB.exe

C:\Windows\System\ZgzxhHB.exe

C:\Windows\System\PqprAxB.exe

C:\Windows\System\PqprAxB.exe

C:\Windows\System\PlINZnq.exe

C:\Windows\System\PlINZnq.exe

C:\Windows\System\VBApXje.exe

C:\Windows\System\VBApXje.exe

C:\Windows\System\HOktGLV.exe

C:\Windows\System\HOktGLV.exe

C:\Windows\System\sGXHgzn.exe

C:\Windows\System\sGXHgzn.exe

C:\Windows\System\bHBUNbw.exe

C:\Windows\System\bHBUNbw.exe

C:\Windows\System\rwMoowz.exe

C:\Windows\System\rwMoowz.exe

C:\Windows\System\zTLqxrI.exe

C:\Windows\System\zTLqxrI.exe

C:\Windows\System\XaURelB.exe

C:\Windows\System\XaURelB.exe

C:\Windows\System\YmbEHjV.exe

C:\Windows\System\YmbEHjV.exe

C:\Windows\System\kXxPnoP.exe

C:\Windows\System\kXxPnoP.exe

C:\Windows\System\fXFiyCf.exe

C:\Windows\System\fXFiyCf.exe

C:\Windows\System\fNFKhzh.exe

C:\Windows\System\fNFKhzh.exe

C:\Windows\System\kgqvBIO.exe

C:\Windows\System\kgqvBIO.exe

C:\Windows\System\WogMHSc.exe

C:\Windows\System\WogMHSc.exe

C:\Windows\System\iblvlrN.exe

C:\Windows\System\iblvlrN.exe

C:\Windows\System\xmVcPEQ.exe

C:\Windows\System\xmVcPEQ.exe

C:\Windows\System\YkYZaTt.exe

C:\Windows\System\YkYZaTt.exe

C:\Windows\System\VDuWQyv.exe

C:\Windows\System\VDuWQyv.exe

C:\Windows\System\uSzvsxE.exe

C:\Windows\System\uSzvsxE.exe

C:\Windows\System\kDeXauf.exe

C:\Windows\System\kDeXauf.exe

C:\Windows\System\vxBlZCq.exe

C:\Windows\System\vxBlZCq.exe

C:\Windows\System\ACIJImz.exe

C:\Windows\System\ACIJImz.exe

C:\Windows\System\LjibYTd.exe

C:\Windows\System\LjibYTd.exe

C:\Windows\System\geWhMDQ.exe

C:\Windows\System\geWhMDQ.exe

C:\Windows\System\dFcEpIi.exe

C:\Windows\System\dFcEpIi.exe

C:\Windows\System\SoUiGvy.exe

C:\Windows\System\SoUiGvy.exe

C:\Windows\System\PhPdwuC.exe

C:\Windows\System\PhPdwuC.exe

C:\Windows\System\lqXZCQL.exe

C:\Windows\System\lqXZCQL.exe

C:\Windows\System\fcZsUAK.exe

C:\Windows\System\fcZsUAK.exe

C:\Windows\System\RioCQPa.exe

C:\Windows\System\RioCQPa.exe

C:\Windows\System\vKmLWZq.exe

C:\Windows\System\vKmLWZq.exe

C:\Windows\System\PNKnkXV.exe

C:\Windows\System\PNKnkXV.exe

C:\Windows\System\otyuWpv.exe

C:\Windows\System\otyuWpv.exe

C:\Windows\System\ZPxpwjh.exe

C:\Windows\System\ZPxpwjh.exe

C:\Windows\System\mQjVlLi.exe

C:\Windows\System\mQjVlLi.exe

C:\Windows\System\fqydgLg.exe

C:\Windows\System\fqydgLg.exe

C:\Windows\System\zIzgMPg.exe

C:\Windows\System\zIzgMPg.exe

C:\Windows\System\mtUdnMh.exe

C:\Windows\System\mtUdnMh.exe

C:\Windows\System\gMTIUex.exe

C:\Windows\System\gMTIUex.exe

C:\Windows\System\tnsHTtK.exe

C:\Windows\System\tnsHTtK.exe

C:\Windows\System\MkRTJoc.exe

C:\Windows\System\MkRTJoc.exe

C:\Windows\System\AgjneRa.exe

C:\Windows\System\AgjneRa.exe

C:\Windows\System\MsAOCZm.exe

C:\Windows\System\MsAOCZm.exe

C:\Windows\System\AaAreFp.exe

C:\Windows\System\AaAreFp.exe

C:\Windows\System\xtvGdqO.exe

C:\Windows\System\xtvGdqO.exe

C:\Windows\System\TeWpJbS.exe

C:\Windows\System\TeWpJbS.exe

C:\Windows\System\DLkWWQJ.exe

C:\Windows\System\DLkWWQJ.exe

C:\Windows\System\fBqSpWk.exe

C:\Windows\System\fBqSpWk.exe

C:\Windows\System\zyHUzTw.exe

C:\Windows\System\zyHUzTw.exe

C:\Windows\System\wGjOfiN.exe

C:\Windows\System\wGjOfiN.exe

C:\Windows\System\WGGDnvs.exe

C:\Windows\System\WGGDnvs.exe

C:\Windows\System\gGEOkIu.exe

C:\Windows\System\gGEOkIu.exe

C:\Windows\System\FdpArLx.exe

C:\Windows\System\FdpArLx.exe

C:\Windows\System\mFvuzwu.exe

C:\Windows\System\mFvuzwu.exe

C:\Windows\System\HbKVeJZ.exe

C:\Windows\System\HbKVeJZ.exe

C:\Windows\System\xtxuhZT.exe

C:\Windows\System\xtxuhZT.exe

C:\Windows\System\LeZmpbb.exe

C:\Windows\System\LeZmpbb.exe

C:\Windows\System\XFQYGft.exe

C:\Windows\System\XFQYGft.exe

C:\Windows\System\itMfGLA.exe

C:\Windows\System\itMfGLA.exe

C:\Windows\System\kouTdHB.exe

C:\Windows\System\kouTdHB.exe

C:\Windows\System\idMhWXX.exe

C:\Windows\System\idMhWXX.exe

C:\Windows\System\ZJNMsIU.exe

C:\Windows\System\ZJNMsIU.exe

C:\Windows\System\OUtmuqQ.exe

C:\Windows\System\OUtmuqQ.exe

C:\Windows\System\jydRYPt.exe

C:\Windows\System\jydRYPt.exe

C:\Windows\System\TfbzfgS.exe

C:\Windows\System\TfbzfgS.exe

C:\Windows\System\VhGjJRt.exe

C:\Windows\System\VhGjJRt.exe

C:\Windows\System\tORXMib.exe

C:\Windows\System\tORXMib.exe

C:\Windows\System\ShwoRfe.exe

C:\Windows\System\ShwoRfe.exe

C:\Windows\System\cvGwNvp.exe

C:\Windows\System\cvGwNvp.exe

C:\Windows\System\qXvOEHj.exe

C:\Windows\System\qXvOEHj.exe

C:\Windows\System\ifCEEFm.exe

C:\Windows\System\ifCEEFm.exe

C:\Windows\System\JZHBpdD.exe

C:\Windows\System\JZHBpdD.exe

C:\Windows\System\lcSvxHr.exe

C:\Windows\System\lcSvxHr.exe

C:\Windows\System\sjjLpqg.exe

C:\Windows\System\sjjLpqg.exe

C:\Windows\System\wJmThuo.exe

C:\Windows\System\wJmThuo.exe

C:\Windows\System\iYnLcam.exe

C:\Windows\System\iYnLcam.exe

C:\Windows\System\TfGOnhk.exe

C:\Windows\System\TfGOnhk.exe

C:\Windows\System\YMUcPPT.exe

C:\Windows\System\YMUcPPT.exe

C:\Windows\System\fpyiPoc.exe

C:\Windows\System\fpyiPoc.exe

C:\Windows\System\dCrsQYQ.exe

C:\Windows\System\dCrsQYQ.exe

C:\Windows\System\YlTwNFZ.exe

C:\Windows\System\YlTwNFZ.exe

C:\Windows\System\BtroaNJ.exe

C:\Windows\System\BtroaNJ.exe

C:\Windows\System\YFHbxNl.exe

C:\Windows\System\YFHbxNl.exe

C:\Windows\System\XOQhlxL.exe

C:\Windows\System\XOQhlxL.exe

C:\Windows\System\WMnxMmQ.exe

C:\Windows\System\WMnxMmQ.exe

C:\Windows\System\rsLVNwj.exe

C:\Windows\System\rsLVNwj.exe

C:\Windows\System\ZcslrCn.exe

C:\Windows\System\ZcslrCn.exe

C:\Windows\System\HydkYnr.exe

C:\Windows\System\HydkYnr.exe

C:\Windows\System\PjsuBeB.exe

C:\Windows\System\PjsuBeB.exe

C:\Windows\System\ddDZzUF.exe

C:\Windows\System\ddDZzUF.exe

C:\Windows\System\dSxyyTA.exe

C:\Windows\System\dSxyyTA.exe

C:\Windows\System\jFrxUSX.exe

C:\Windows\System\jFrxUSX.exe

C:\Windows\System\AHjIlHn.exe

C:\Windows\System\AHjIlHn.exe

C:\Windows\System\DCuvHOc.exe

C:\Windows\System\DCuvHOc.exe

C:\Windows\System\bWxUUZj.exe

C:\Windows\System\bWxUUZj.exe

C:\Windows\System\BzOcIlL.exe

C:\Windows\System\BzOcIlL.exe

C:\Windows\System\zPbpZeB.exe

C:\Windows\System\zPbpZeB.exe

C:\Windows\System\uRmSQAw.exe

C:\Windows\System\uRmSQAw.exe

C:\Windows\System\wlblnzM.exe

C:\Windows\System\wlblnzM.exe

C:\Windows\System\VXTfrlj.exe

C:\Windows\System\VXTfrlj.exe

C:\Windows\System\SXFwfGy.exe

C:\Windows\System\SXFwfGy.exe

C:\Windows\System\bWfCmPW.exe

C:\Windows\System\bWfCmPW.exe

C:\Windows\System\UdVVknk.exe

C:\Windows\System\UdVVknk.exe

C:\Windows\System\WSxgfLf.exe

C:\Windows\System\WSxgfLf.exe

C:\Windows\System\mADluPa.exe

C:\Windows\System\mADluPa.exe

C:\Windows\System\fsdnQbJ.exe

C:\Windows\System\fsdnQbJ.exe

C:\Windows\System\mWWBslM.exe

C:\Windows\System\mWWBslM.exe

C:\Windows\System\ShHJNMx.exe

C:\Windows\System\ShHJNMx.exe

C:\Windows\System\YUSeoZH.exe

C:\Windows\System\YUSeoZH.exe

C:\Windows\System\xPNRCNI.exe

C:\Windows\System\xPNRCNI.exe

C:\Windows\System\PlfJUhC.exe

C:\Windows\System\PlfJUhC.exe

C:\Windows\System\pkhidTB.exe

C:\Windows\System\pkhidTB.exe

C:\Windows\System\fPTfWxv.exe

C:\Windows\System\fPTfWxv.exe

C:\Windows\System\MBnqngb.exe

C:\Windows\System\MBnqngb.exe

C:\Windows\System\LCoIVEY.exe

C:\Windows\System\LCoIVEY.exe

C:\Windows\System\sTWzNde.exe

C:\Windows\System\sTWzNde.exe

C:\Windows\System\mmAIorh.exe

C:\Windows\System\mmAIorh.exe

C:\Windows\System\DvqyuSn.exe

C:\Windows\System\DvqyuSn.exe

C:\Windows\System\uijpGWj.exe

C:\Windows\System\uijpGWj.exe

C:\Windows\System\HpbvGSB.exe

C:\Windows\System\HpbvGSB.exe

C:\Windows\System\tZIxsYC.exe

C:\Windows\System\tZIxsYC.exe

C:\Windows\System\UtsUSpC.exe

C:\Windows\System\UtsUSpC.exe

C:\Windows\System\ehXITEn.exe

C:\Windows\System\ehXITEn.exe

C:\Windows\System\tnDfneD.exe

C:\Windows\System\tnDfneD.exe

C:\Windows\System\PMledrP.exe

C:\Windows\System\PMledrP.exe

C:\Windows\System\aSJyMAt.exe

C:\Windows\System\aSJyMAt.exe

C:\Windows\System\dzqgTLs.exe

C:\Windows\System\dzqgTLs.exe

C:\Windows\System\zrlJHoE.exe

C:\Windows\System\zrlJHoE.exe

C:\Windows\System\aUBeFlP.exe

C:\Windows\System\aUBeFlP.exe

C:\Windows\System\bASWHtI.exe

C:\Windows\System\bASWHtI.exe

C:\Windows\System\Yvfcbfg.exe

C:\Windows\System\Yvfcbfg.exe

C:\Windows\System\RvsEmEp.exe

C:\Windows\System\RvsEmEp.exe

C:\Windows\System\tMLvnVn.exe

C:\Windows\System\tMLvnVn.exe

C:\Windows\System\NaDqGqS.exe

C:\Windows\System\NaDqGqS.exe

C:\Windows\System\GSQCCRB.exe

C:\Windows\System\GSQCCRB.exe

C:\Windows\System\LUmrxoT.exe

C:\Windows\System\LUmrxoT.exe

C:\Windows\System\zmbDzIR.exe

C:\Windows\System\zmbDzIR.exe

C:\Windows\System\iLHXXRp.exe

C:\Windows\System\iLHXXRp.exe

C:\Windows\System\DBzSDmS.exe

C:\Windows\System\DBzSDmS.exe

C:\Windows\System\fhAcryN.exe

C:\Windows\System\fhAcryN.exe

C:\Windows\System\uzPGrCo.exe

C:\Windows\System\uzPGrCo.exe

C:\Windows\System\WWJRxPl.exe

C:\Windows\System\WWJRxPl.exe

C:\Windows\System\rnngVyY.exe

C:\Windows\System\rnngVyY.exe

C:\Windows\System\NfXLHkP.exe

C:\Windows\System\NfXLHkP.exe

C:\Windows\System\HdgoIQe.exe

C:\Windows\System\HdgoIQe.exe

C:\Windows\System\aGqsDVn.exe

C:\Windows\System\aGqsDVn.exe

C:\Windows\System\tSHmoEp.exe

C:\Windows\System\tSHmoEp.exe

C:\Windows\System\wwVEsUH.exe

C:\Windows\System\wwVEsUH.exe

C:\Windows\System\BXSFclA.exe

C:\Windows\System\BXSFclA.exe

C:\Windows\System\iUewjFN.exe

C:\Windows\System\iUewjFN.exe

C:\Windows\System\hgMgNep.exe

C:\Windows\System\hgMgNep.exe

C:\Windows\System\uXpuCig.exe

C:\Windows\System\uXpuCig.exe

C:\Windows\System\iYqYphV.exe

C:\Windows\System\iYqYphV.exe

C:\Windows\System\hRtUYrg.exe

C:\Windows\System\hRtUYrg.exe

C:\Windows\System\bpYFSIw.exe

C:\Windows\System\bpYFSIw.exe

C:\Windows\System\GwulxFv.exe

C:\Windows\System\GwulxFv.exe

C:\Windows\System\aWifgSS.exe

C:\Windows\System\aWifgSS.exe

C:\Windows\System\AwiqEgx.exe

C:\Windows\System\AwiqEgx.exe

C:\Windows\System\RAbiErR.exe

C:\Windows\System\RAbiErR.exe

C:\Windows\System\viifNpL.exe

C:\Windows\System\viifNpL.exe

C:\Windows\System\MfCTKkc.exe

C:\Windows\System\MfCTKkc.exe

C:\Windows\System\tCCDTnk.exe

C:\Windows\System\tCCDTnk.exe

C:\Windows\System\CePObmZ.exe

C:\Windows\System\CePObmZ.exe

C:\Windows\System\yuKuCNW.exe

C:\Windows\System\yuKuCNW.exe

C:\Windows\System\ArCmMUm.exe

C:\Windows\System\ArCmMUm.exe

C:\Windows\System\QcMKTpr.exe

C:\Windows\System\QcMKTpr.exe

C:\Windows\System\xZmRVJz.exe

C:\Windows\System\xZmRVJz.exe

C:\Windows\System\kijPYkj.exe

C:\Windows\System\kijPYkj.exe

C:\Windows\System\wPzGGyx.exe

C:\Windows\System\wPzGGyx.exe

C:\Windows\System\gbTclfY.exe

C:\Windows\System\gbTclfY.exe

C:\Windows\System\kkIbUUM.exe

C:\Windows\System\kkIbUUM.exe

C:\Windows\System\NqeyLNN.exe

C:\Windows\System\NqeyLNN.exe

C:\Windows\System\SZdfYbL.exe

C:\Windows\System\SZdfYbL.exe

C:\Windows\System\LBMoEbi.exe

C:\Windows\System\LBMoEbi.exe

C:\Windows\System\xShgeMg.exe

C:\Windows\System\xShgeMg.exe

C:\Windows\System\WLAvWqx.exe

C:\Windows\System\WLAvWqx.exe

C:\Windows\System\ArWDchm.exe

C:\Windows\System\ArWDchm.exe

C:\Windows\System\eIaACid.exe

C:\Windows\System\eIaACid.exe

C:\Windows\System\obPoddn.exe

C:\Windows\System\obPoddn.exe

C:\Windows\System\WmWnynC.exe

C:\Windows\System\WmWnynC.exe

C:\Windows\System\CwfafFG.exe

C:\Windows\System\CwfafFG.exe

C:\Windows\System\QVFHcXT.exe

C:\Windows\System\QVFHcXT.exe

C:\Windows\System\HvTWnpN.exe

C:\Windows\System\HvTWnpN.exe

C:\Windows\System\OWNCAjp.exe

C:\Windows\System\OWNCAjp.exe

C:\Windows\System\iAdNWGi.exe

C:\Windows\System\iAdNWGi.exe

C:\Windows\System\TNnnPYn.exe

C:\Windows\System\TNnnPYn.exe

C:\Windows\System\pCSOiEV.exe

C:\Windows\System\pCSOiEV.exe

C:\Windows\System\PWDTURO.exe

C:\Windows\System\PWDTURO.exe

C:\Windows\System\gUulNvZ.exe

C:\Windows\System\gUulNvZ.exe

C:\Windows\System\vwXrOsx.exe

C:\Windows\System\vwXrOsx.exe

C:\Windows\System\GhdFwxU.exe

C:\Windows\System\GhdFwxU.exe

C:\Windows\System\ilunPBy.exe

C:\Windows\System\ilunPBy.exe

C:\Windows\System\ZpBRjos.exe

C:\Windows\System\ZpBRjos.exe

C:\Windows\System\HvxhUSE.exe

C:\Windows\System\HvxhUSE.exe

C:\Windows\System\dqWPIow.exe

C:\Windows\System\dqWPIow.exe

C:\Windows\System\Gcbhbns.exe

C:\Windows\System\Gcbhbns.exe

C:\Windows\System\ZvSoyOJ.exe

C:\Windows\System\ZvSoyOJ.exe

C:\Windows\System\kbMxObw.exe

C:\Windows\System\kbMxObw.exe

C:\Windows\System\cDQlYWk.exe

C:\Windows\System\cDQlYWk.exe

C:\Windows\System\AJvzDaf.exe

C:\Windows\System\AJvzDaf.exe

C:\Windows\System\qqTnlyd.exe

C:\Windows\System\qqTnlyd.exe

C:\Windows\System\hZRIcpO.exe

C:\Windows\System\hZRIcpO.exe

C:\Windows\System\fvummAk.exe

C:\Windows\System\fvummAk.exe

C:\Windows\System\ROMSyXM.exe

C:\Windows\System\ROMSyXM.exe

C:\Windows\System\UxZpkhP.exe

C:\Windows\System\UxZpkhP.exe

C:\Windows\System\klbpMWG.exe

C:\Windows\System\klbpMWG.exe

C:\Windows\System\LwuTHBM.exe

C:\Windows\System\LwuTHBM.exe

C:\Windows\System\kFzoHHc.exe

C:\Windows\System\kFzoHHc.exe

C:\Windows\System\HEwrvAM.exe

C:\Windows\System\HEwrvAM.exe

C:\Windows\System\VvXXQbK.exe

C:\Windows\System\VvXXQbK.exe

C:\Windows\System\VLcCATz.exe

C:\Windows\System\VLcCATz.exe

C:\Windows\System\GZsyjFb.exe

C:\Windows\System\GZsyjFb.exe

C:\Windows\System\HMqqGfD.exe

C:\Windows\System\HMqqGfD.exe

C:\Windows\System\dpKxjqv.exe

C:\Windows\System\dpKxjqv.exe

C:\Windows\System\qgTaDLz.exe

C:\Windows\System\qgTaDLz.exe

C:\Windows\System\klhCVxI.exe

C:\Windows\System\klhCVxI.exe

C:\Windows\System\zoamted.exe

C:\Windows\System\zoamted.exe

C:\Windows\System\OFmsIeQ.exe

C:\Windows\System\OFmsIeQ.exe

C:\Windows\System\gkLOvTD.exe

C:\Windows\System\gkLOvTD.exe

C:\Windows\System\DpjBLOw.exe

C:\Windows\System\DpjBLOw.exe

C:\Windows\System\PnarRXs.exe

C:\Windows\System\PnarRXs.exe

C:\Windows\System\EqJUSFs.exe

C:\Windows\System\EqJUSFs.exe

C:\Windows\System\ACcnFdD.exe

C:\Windows\System\ACcnFdD.exe

C:\Windows\System\VXLEUxS.exe

C:\Windows\System\VXLEUxS.exe

C:\Windows\System\uLPSoos.exe

C:\Windows\System\uLPSoos.exe

C:\Windows\System\teUFKOw.exe

C:\Windows\System\teUFKOw.exe

C:\Windows\System\AdVyZkQ.exe

C:\Windows\System\AdVyZkQ.exe

C:\Windows\System\UlcVdWS.exe

C:\Windows\System\UlcVdWS.exe

C:\Windows\System\qAtFCsR.exe

C:\Windows\System\qAtFCsR.exe

C:\Windows\System\EThzeSx.exe

C:\Windows\System\EThzeSx.exe

C:\Windows\System\AceFdoy.exe

C:\Windows\System\AceFdoy.exe

C:\Windows\System\RMRVrUC.exe

C:\Windows\System\RMRVrUC.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1040-1-0x000000013FFA0000-0x00000001402F1000-memory.dmp

memory/1040-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\CeIBghB.exe

MD5 9181b5373fb84d6297b780ef6f7238fc
SHA1 a2cbca2f27d2406aa21d8f4c6a9e21a97ddd78af
SHA256 98927f1bf525759808d751499b36604887c8d498b5d355f66a7fc1bbabf5d9a7
SHA512 04c14d817495219b7dfbfb251d8609ce38fdb7b441dfa175474f52145a966d7deff4462b08ca7d59d8a4d52677da75feb2ed764a55214634a9163af57ce2a328

\Windows\system\UemkXDd.exe

MD5 ed035b34b1d885c3212cc61fb1403575
SHA1 00f624cb5b5a529bb8ef86e2eacee0a2fddd808e
SHA256 a87d51b8cca17dee19ccf5df2b39912b96c8f64003b00768325c8e87aed2b7ed
SHA512 653ddfdeb6d2410455e9b332e1fbee7bdeb2b15ab28237586acf3bdae765acdd62ed4f6f0289216b3f3996f8e6e587c99178f2916f0511ddbc5eeeaa5c363cfc

C:\Windows\system\SPKOerp.exe

MD5 82a0d6ff3156872d4c59f4cabc64a721
SHA1 64e466e1b3ae1e1d81b69a9f872b8d5487c0087d
SHA256 ccedc348e782f74e911d95340e6bda3c73ecec09d875a321e314a7134d934e45
SHA512 a848d5060fc682ffd18465fc2c783643f2c11fcd259e67512145ba240fde4c931e1ab1f612679c1135832ef1a6d3ea7ee8e75abdd1e215031d177434001d5b25

C:\Windows\system\CHuUhjC.exe

MD5 048ce34df06f927286ac0a0305268ee0
SHA1 f0f38c9e13dbd79cbd466a80947be2ffb6a21387
SHA256 15c78324856fa9c580941a836094a5a21be264f8c1d2662287135615edc2fd5f
SHA512 2324dafdb6d5cec3da0cd6c07cc2e324e73d4144a441f17040014a8273f250e96f7040c8bc611e5798d16363e3f9d559522433835cd1509385b40c6db438f599

C:\Windows\system\QcwUlPT.exe

MD5 41f54f0f8fe54f75172a6f80d0fe6b13
SHA1 ac9667fee786250183dc62a98081dfecdb99e4fd
SHA256 6ed64bf927ab08d7243fbd7d61629bdb423c401d53352e8fb27b9de5d63d1520
SHA512 5c35d849123dfbf63e9ed67fc5ab7bb5afa34e51f26204546c45d6aaf1a5982078fdc9af4d6660d715fa7d7282ff764e92be6225a1fd4032e6e97edb5914404e

C:\Windows\system\nepQkfB.exe

MD5 5507c1197d836c97d87a092f1794dee3
SHA1 e12d844776d01d29a25d8696bd4b283a2d3f3c9d
SHA256 9c3ab10d80254806b69918c34c8f1b7ef5e6ac258536f8da8aee4b7f7ad1f96d
SHA512 753833b7e520b4c47ab6affc88a6180e6642cd8fba8bfb24267aa562b6a1d820bf41309b2d8590adff7e8f9892f5d3b80188730bee7777cb9bab6c4fa94cac4f

C:\Windows\system\cqRTpHO.exe

MD5 26b91986f5fe3bb21eb20428eceff78e
SHA1 e46e1f8c8056bdb6a85641f422458964d4ab4e2c
SHA256 8a23534b23be728cb54d35a6a136adde43ddc2aa612acdfcb65d6e3bb2d968e8
SHA512 420d8d5892de2511058d46c10bd63e93a2dce370473dc1bf52a9dbe9a6af232092e88acd2744132c0a76482e949d18029918f73340f41a43679e7c57efbbd185

C:\Windows\system\DtklOGn.exe

MD5 2e3ef2edbaa3a6afadb5cfb3d95c3316
SHA1 01e23816f81b584ab57f49a1a4b75fc1443d837a
SHA256 1ba06b3620e05ab547b57329242362972691dbfd819c07445da907e8110724d0
SHA512 40d99bab52c0bf92e80a56c29db52c2a9da96608216972d96d962eb6e046af4682ff10b3a20c69110e8b043e9bdbc1276d53e92fc96b3327c42d8efd8255c331

C:\Windows\system\UjoynxX.exe

MD5 db9e7e963ee9f3ce7deb5bb66ed86a0c
SHA1 9de23d6b925170b3778b956fed241e2cec7136e2
SHA256 fb4f134d45df41015636f1cfd3b08cbfa76571f102938c7c649f827db770471e
SHA512 00198413090b430035e97e493821c715d9bc78c709402cf9417eb8b136fcb05b358b8a5bc79fd68ee8624db8b1d208dac61647e6b03c0a300ccb21bedebafad1

C:\Windows\system\lvrOJnk.exe

MD5 c9d9fb9dba196d73050012118c575ac8
SHA1 d73ec3f1ee42d52aa0ee165c253fe6c3423bbae9
SHA256 17aba4a1d34f9932f63f19f576fba6fdb67e5ac1af12d919dac7de808b70fe6c
SHA512 927015687736cfa0b07cc2a660f7dcfb6fbec8fa2ac13ed40693ddcf63507967c62331448b03241d49cb7104e877cbd113ee5e6c1e3b69af39292bfa141e227d

C:\Windows\system\DAmaNYF.exe

MD5 03132897ec101132fc5edbe33f120d5d
SHA1 a0036d2509d21c056aa515391426d3b6845de449
SHA256 c396827b4b3b5a85224d56d30d30330551f5953284ef9561782a6caa27f8172f
SHA512 9a193543300bdda3bdf71be777da112bfabe56b93dcb7f702c58a7aacd93c62bc7a72294b0f34f71e3141a6dec284511fcaace2751a131df65164bad380b7bcc

\Windows\system\qqKjVun.exe

MD5 c2a21eea51126a5dc5e41d107b219c82
SHA1 36e5616b4154ad58c0ced9e8d9ab218b5579211f
SHA256 30f7806d54d22900da8b459ab6dca94092cdb62fb2fa2c742b715237523f3f55
SHA512 9aaf2c4148b750ee3b2bb74a2a7dac890d1dc8b5da03567100fb5ea9c54c4e12a898f601ee8b1f943792dd71e16a6449b10b08f3da59620d52a251edd0a8a7cb

C:\Windows\system\VhdFxvu.exe

MD5 464866e678175e663edb3fcddabfa049
SHA1 4c65b9f082f6cf9ad299e01e08671370ce3b32ca
SHA256 9a892efe4eabd4d59b14619d1019b0fc49ba209ed3ec727163d7d2a18faa423c
SHA512 e67e8a1e749797604afb74a41f72db44823832ace063ad31ecceb9268600c8248b2694ceb8c0b7847aa65f2c717d2b296cae44e0d19260fe543b20f374ddfa48

C:\Windows\system\ckXEisd.exe

MD5 d55cebbedd1d98f6de769217502a7b02
SHA1 8660bff38f4fa63c596f64d37b656c5ba26e0c91
SHA256 5452fc768e81251d899184d64be811e2e12525a135b9e06370fefe4d5dd3f24e
SHA512 837f80041c42eb4bb4df560c9884da5417869674398d7ce2f72e42c4cae933e60f91b563f210750bb57fde03bbe5f87fc0a9469cc6e639478900dec93edb83b9

C:\Windows\system\sionigj.exe

MD5 e79d5abe8ddeb6be9654570940a735e6
SHA1 0774c87718c75ab4573c03eaf2425ff0b2e434ff
SHA256 8898afebe2a87cc419fc6369ec28a7d81797b8aa1e061dd42fa6670f6b177884
SHA512 d985975704ffc75ee8c7e6c152809a6afa75c65e6da819bebd96e19bc80cf3138c770e551ba290261b0c36d5f6daadf44892e59a7f31331f159ebafd520115f4

C:\Windows\system\agcEHsD.exe

MD5 053bf73392bfd9db8c49d6985282d21f
SHA1 2eab7c7de159681140fd7f024903e7c19e86fa72
SHA256 a3f92b2f28c868e17214559b4130d764347c5bd28b793a8faeefc4e997736a57
SHA512 4a37e1aa08b557135ab7094033c7b083d48cb454aad20b3a87b9a1217169cd8687952e9ea23e9c059f3e36c732e50181fde994d7b12a72499c707734d065cf82

C:\Windows\system\tHUVzrb.exe

MD5 17f32a873c7d406307bc644b00355998
SHA1 fc4d1a2075228ea350613a018a1790133756cd96
SHA256 bf601cc42ff43fb117297279f11298d38ceb6af086799b07e6c953ccf668b149
SHA512 01595ffe1587461a4c235468c1a368a5a89fff1b99befd67e0ff6abcb1c106df364ad18d1901d0778f235b63e65c1ab5153640f4bde5f6c1677efe4b4abf1856

memory/1040-165-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/1040-164-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2800-163-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/1040-162-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/2420-161-0x000000013FA80000-0x000000013FDD1000-memory.dmp

memory/1040-160-0x000000013FA80000-0x000000013FDD1000-memory.dmp

memory/2356-159-0x000000013F7F0000-0x000000013FB41000-memory.dmp

memory/1040-158-0x000000013F7F0000-0x000000013FB41000-memory.dmp

memory/2480-157-0x000000013F910000-0x000000013FC61000-memory.dmp

C:\Windows\system\VTNCBxx.exe

MD5 f66513bfc7ad35c06cdc29ba5392441b
SHA1 b85d12c51e73b722a74ae99af22519a5b6d85f73
SHA256 3a52aa3435272564b0f7b5d751beef00d95935929642411cc5aea5960cddb878
SHA512 a84a517a446abcf19c9d5848feb6b854378016eea74d93603f514005954eadc1eac54f8dc6d2db86b1ff1103086e0a7a7f5096c75a199162796ddb6984d16f89

memory/1040-120-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2944-117-0x000000013FDB0000-0x0000000140101000-memory.dmp

memory/2176-116-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/1040-115-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/1040-155-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/1356-154-0x000000013F290000-0x000000013F5E1000-memory.dmp

memory/1040-153-0x000000013F290000-0x000000013F5E1000-memory.dmp

memory/2468-152-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/1040-151-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/2484-150-0x000000013F2E0000-0x000000013F631000-memory.dmp

memory/1040-149-0x000000013F2E0000-0x000000013F631000-memory.dmp

memory/2368-148-0x000000013F5D0000-0x000000013F921000-memory.dmp

memory/1040-147-0x000000013F5D0000-0x000000013F921000-memory.dmp

memory/2568-146-0x000000013FE20000-0x0000000140171000-memory.dmp

memory/1040-145-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2728-144-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/1040-143-0x000000013F900000-0x000000013FC51000-memory.dmp

C:\Windows\system\TDAeBNg.exe

MD5 e23d288f90663d8ec8f344036d58fd24
SHA1 9c6746276df4798da3ecc8485e6df0845a4bc797
SHA256 c6520bbcc1ea170f16ed3171c89f38a5ee19aaa01e3fabdcfc0da3c54927e0eb
SHA512 e60374aefc7531bac7e2c6dc94dbb3d71a572759ee1f20c6e1dbb1c600d9832fec34e99395f4cf3c2b410b9b5d1b322684f1a262df21660adf0c00462a8d4e23

C:\Windows\system\iUqXkKD.exe

MD5 e4069e27618f7e43b83a609889547574
SHA1 cef6d3cf33617eaeb13d07f6dd2af160a9e99e3c
SHA256 611efd767d8a82637b60bfa7d543031c54cb7d20ab48b6f612b7e733431ae17c
SHA512 227d40605271b4e2ba6d43cfd588b392fe06bb04e4adfccbd24d162636a5c2ebd89d0d186896f8dbb9f8c2647753a9621492a7eabdcfb1b88cecff5b9ba43664

memory/2576-140-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/1040-133-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/2512-124-0x000000013FFB0000-0x0000000140301000-memory.dmp

C:\Windows\system\sUfrMVH.exe

MD5 4035a696281c7ce1602771ba336e3a08
SHA1 3efce5e5deda411bacadd4eeede4aaa87e46d5f4
SHA256 a91acd98cc1b5f042ff9975accf70f394f0454cc532236069877bd9a72ee25f8
SHA512 ec673e86d06be0bba31c37eb87732cb450a3621f6d422ed1122a1588ea4595ec76113414148582da552120cd5000cebd2a43b51fe38cbd41009e4804e5e14833

C:\Windows\system\BtbSPSx.exe

MD5 a5b02a4729cfe646e0649325ce42fd17
SHA1 cb71f69df7667eaf02ea73395b11674492855c5d
SHA256 d8f6b810dabd3b41849479d8473cbeaabe1ea1d12c1a25e51dc67364a28ab29d
SHA512 09f4e959ec5bda009b714d359ee5b45dcbfe43edabde6946b67f5c659b920700a8b0adf3fb0cf8e5ecd43a56ce99e61eb93c44463d94060ec774d56063b957b5

C:\Windows\system\eUkLwVi.exe

MD5 41391c0a70006e479aea44b234c7b340
SHA1 840529547a0e9236bef9a77203cb6dcbf07fb25f
SHA256 1905b3241bed1759348b653b3e2df187a6b0e7cef298f404a2754f43b3d1b799
SHA512 6d1cd2e8681499b025b55d585b8ffe80517cb7151979d888834d6e1e3395e1d390871ad11cc68abc57515316ed4f56546224fab8005c3c5cd6637fd8d8c19012

C:\Windows\system\avpcUHX.exe

MD5 34328f985897d168d000f5513333548d
SHA1 becc8c0e73f261f5a9133efcef32ac36b8e6be1a
SHA256 c5c8264966125b2c114cd8f1f8688a66189b0d3831abd2c5e71444d81a6c2ed3
SHA512 32c1871306b437365ac766da83bafb977c2871c6957d16f3e3a89f7193934d3dc81571fb86871a04bebc0809c4dfdbf023f1d9a009b2b28408b49769b0354eb9

C:\Windows\system\azgRnWE.exe

MD5 adb0bce3111c354638d1fd422075ea73
SHA1 908abac162d6ae79473adf710c8f9bfcbccb381c
SHA256 5a0686d27c4b1e8d51fecc22bdf69d05d28157c274a44a64123e8f0558a25432
SHA512 8425bebb4c03862302c1d7955b8ca1ecab77f3ef8e27a7248852a6016ba804204e1ba8926b8bc0ed245fb4789a1fa63938de44fdc9693a683d9605c9ca7b62c0

C:\Windows\system\TOjxESL.exe

MD5 b625bb146bfc2d3f9a2dffb5b2525c24
SHA1 593a3161976fe8f7a4a32ad5a875d00d1190bb03
SHA256 6417c62664d6280c3e37f35fdbc06315baf303607d9ada8c05b31fc30ccbf827
SHA512 0dc0e23eb447862ce4d0fd724a7d0d05ebebfadc6a6c50824116b16d3033c712dbd1f77ea7b3b82e2452ba7fd2b2ddfaff2d249c9182cb043041f6b0470f6dac

C:\Windows\system\FbqWdWU.exe

MD5 89c5be1ccd1e184822e51a111396885d
SHA1 89568607d11d9812af07c6c11ef3d9b5b0bbf003
SHA256 6b369028b83d635184b75693f04d40a28e264e68addbb7f312522f07840dfb56
SHA512 df2cf2fabb95f81beb0ead982666c8ab1ad35b0e50599561edf971b859a20b5f958b677c4e982edc8d61f2fc58968eebd90dda23ca9e2bcb032efda927ebcd50

C:\Windows\system\KyADcJK.exe

MD5 f22ac61de4739e5e9c7f947ae41051c1
SHA1 127b15df62238963be46899842d9e35cd5cb4733
SHA256 b2b38ecccf52398bb06c9d7e54dfc8c5a58f1eed661e83150e985d6c6f7ec011
SHA512 1a1421dddb2b1c2f036b8290532a7f10c8ced2a82b0207b92d04c95671dad070e9f02dfbb98a298330cbeccd1d86839e33be67a963ceda53423ccc1849012bdd

C:\Windows\system\AckAfPf.exe

MD5 6a50f3510ae734045ab1be6dbf7b365e
SHA1 467091f36c4124c2af205d89dd52aa27edab8b8a
SHA256 7eafab815c9def7fd4d93f84ccdf7eb0f1ca96b05c0966c61695568449f749ed
SHA512 4c9cbc1809962e32686de3029f077ff45ac861078b2bcc13b3486b74777566007e94580d2e496a5d6366d762050e8cbd22b0b6c8841f4ecf5e13bf2be4f8a638

C:\Windows\system\pfDNXyd.exe

MD5 5ba848da2b112b29dbd186a010aabb44
SHA1 08d4d24025fa0c7412624875b6e49729f63e3e88
SHA256 a653b341a02c74062182a3eebb689ccf0cb7b2bb6601553a003af062a4a4766e
SHA512 0fa3eb6b2759fba5aa502294ee225a180bff02a040ee302751b7b5daf0acf95ba8f13f03b6b967268239d7953069b4e0b3db290ed1bbf70eff1649768ffcd642

C:\Windows\system\lLiWGXx.exe

MD5 f293a3f07d8d9344c4198d7524425221
SHA1 ed8e2ecdf363242900a7decc5d930231a4eefe1d
SHA256 dd0c0442f8971d88f92d3e3d7be5e97c322e9732b25ebc28c0bfd69bc5728457
SHA512 c7a1c5811edc55418c76ba794c62fb0fec6bbb6ea957ccd8efda3fc8ec90a97558654c98fc4e44d65d2772fd5ba29bafc790ead12913248081d4166e2c1b2fb1

C:\Windows\system\vhEewyY.exe

MD5 0b6f7317dc38d64032983059e7c93858
SHA1 f9fa8f95b13ec3828597d5a833cb430633c840b2
SHA256 ba438da6ab5b4def8476f873aae19ad82fb3fe8509ffa5ec0faeaa398a91e1b5
SHA512 9a592fc7a3f053ca04d14ba95bd4a4e389a247ab5b872e2ef37e2878baf8035eb9887ead691f2148e0e866c565180311e5239d9601b353d0c02eac0a5fd26e6b

memory/1040-1133-0x000000013FFA0000-0x00000001402F1000-memory.dmp

memory/1040-1134-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2420-1135-0x000000013FA80000-0x000000013FDD1000-memory.dmp

memory/2800-1136-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/1040-1137-0x0000000001E60000-0x00000000021B1000-memory.dmp

memory/2176-1200-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/2944-1199-0x000000013FDB0000-0x0000000140101000-memory.dmp

memory/2512-1204-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2576-1203-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/2728-1209-0x000000013F900000-0x000000013FC51000-memory.dmp

memory/2480-1218-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/2368-1214-0x000000013F5D0000-0x000000013F921000-memory.dmp

memory/1356-1213-0x000000013F290000-0x000000013F5E1000-memory.dmp

memory/2484-1210-0x000000013F2E0000-0x000000013F631000-memory.dmp

memory/2568-1207-0x000000013FE20000-0x0000000140171000-memory.dmp

memory/2356-1220-0x000000013F7F0000-0x000000013FB41000-memory.dmp

memory/2468-1216-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/2420-1222-0x000000013FA80000-0x000000013FDD1000-memory.dmp

memory/2800-1225-0x000000013FB90000-0x000000013FEE1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 23:03

Reported

2024-06-28 23:05

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GHlgrHt.exe N/A
N/A N/A C:\Windows\System\gNgkhmS.exe N/A
N/A N/A C:\Windows\System\tGltvKB.exe N/A
N/A N/A C:\Windows\System\cPYfCLo.exe N/A
N/A N/A C:\Windows\System\xnUEyNN.exe N/A
N/A N/A C:\Windows\System\gDtPGxO.exe N/A
N/A N/A C:\Windows\System\mbOvhxQ.exe N/A
N/A N/A C:\Windows\System\WAVpLIR.exe N/A
N/A N/A C:\Windows\System\WMgNTXZ.exe N/A
N/A N/A C:\Windows\System\GPVmxCA.exe N/A
N/A N/A C:\Windows\System\sMGhacj.exe N/A
N/A N/A C:\Windows\System\RsQsedz.exe N/A
N/A N/A C:\Windows\System\zIUyiVG.exe N/A
N/A N/A C:\Windows\System\HOfnEaf.exe N/A
N/A N/A C:\Windows\System\DaiQtyn.exe N/A
N/A N/A C:\Windows\System\TWoHksN.exe N/A
N/A N/A C:\Windows\System\VkDNHrz.exe N/A
N/A N/A C:\Windows\System\nnhidKt.exe N/A
N/A N/A C:\Windows\System\EojKvlc.exe N/A
N/A N/A C:\Windows\System\pjOvkSJ.exe N/A
N/A N/A C:\Windows\System\mpwzbSv.exe N/A
N/A N/A C:\Windows\System\UFzkGOS.exe N/A
N/A N/A C:\Windows\System\DemdTTg.exe N/A
N/A N/A C:\Windows\System\tbCfqSa.exe N/A
N/A N/A C:\Windows\System\QULKgZL.exe N/A
N/A N/A C:\Windows\System\QticMLh.exe N/A
N/A N/A C:\Windows\System\tvmzNrp.exe N/A
N/A N/A C:\Windows\System\gxwIYiP.exe N/A
N/A N/A C:\Windows\System\TqgYMwC.exe N/A
N/A N/A C:\Windows\System\rFwYqLY.exe N/A
N/A N/A C:\Windows\System\WtamckN.exe N/A
N/A N/A C:\Windows\System\ooFZCrq.exe N/A
N/A N/A C:\Windows\System\qBrHMEo.exe N/A
N/A N/A C:\Windows\System\JSUAsgP.exe N/A
N/A N/A C:\Windows\System\WHaOZNe.exe N/A
N/A N/A C:\Windows\System\aahPBwG.exe N/A
N/A N/A C:\Windows\System\CehdtKv.exe N/A
N/A N/A C:\Windows\System\SakzFcx.exe N/A
N/A N/A C:\Windows\System\dsmGpTm.exe N/A
N/A N/A C:\Windows\System\jDgjriR.exe N/A
N/A N/A C:\Windows\System\RCIlTKt.exe N/A
N/A N/A C:\Windows\System\CziktVm.exe N/A
N/A N/A C:\Windows\System\agTZlqt.exe N/A
N/A N/A C:\Windows\System\xEWQHJd.exe N/A
N/A N/A C:\Windows\System\JiuCtTS.exe N/A
N/A N/A C:\Windows\System\qwealvC.exe N/A
N/A N/A C:\Windows\System\PVzeVvu.exe N/A
N/A N/A C:\Windows\System\VnNMJJQ.exe N/A
N/A N/A C:\Windows\System\hxKEEOR.exe N/A
N/A N/A C:\Windows\System\BxhFTVh.exe N/A
N/A N/A C:\Windows\System\xCIdnzR.exe N/A
N/A N/A C:\Windows\System\TrvejFU.exe N/A
N/A N/A C:\Windows\System\MVXTZmF.exe N/A
N/A N/A C:\Windows\System\itTpevr.exe N/A
N/A N/A C:\Windows\System\hVTkVbk.exe N/A
N/A N/A C:\Windows\System\uAczeTJ.exe N/A
N/A N/A C:\Windows\System\pHwVPBd.exe N/A
N/A N/A C:\Windows\System\jtXqhuP.exe N/A
N/A N/A C:\Windows\System\ItnJcde.exe N/A
N/A N/A C:\Windows\System\ptffInx.exe N/A
N/A N/A C:\Windows\System\aVTeZtu.exe N/A
N/A N/A C:\Windows\System\epdXGIC.exe N/A
N/A N/A C:\Windows\System\fTYgJCe.exe N/A
N/A N/A C:\Windows\System\kxSwCMi.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vHlCzqB.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJnaRvo.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTezhWg.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFzkGOS.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvYHKBA.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxKEEOR.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoXuXAH.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLrSaeb.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLWUsSB.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRHKOEu.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\dUIkULP.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooFZCrq.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBrHMEo.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrjxbMr.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\iSDpUvo.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDZKWzj.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAwSTQW.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftFfUkK.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgDxgVE.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\akphgWN.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMgOlxR.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrvejFU.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhGkbZm.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\bFocbkA.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpRTNsC.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VhBEzPz.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEWQHJd.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUyWGzJ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRgjIYG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHwVPBd.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwABhWJ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMkwKkq.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQbZyWQ.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTVHwsU.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\SakzFcx.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLoSauN.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\GPfXdSP.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\VinoOeG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\UntsIMo.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ayawYxz.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDrRZYs.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZeFrQkI.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\LQmuViO.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdIOjNz.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\EAbtPgd.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUnCaDV.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\DemdTTg.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\pawqEwB.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\vpVstWO.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\xiVTNDS.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOfMayk.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvQPnRt.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\DetBlyD.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\tNDskIG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\aahPBwG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\JjnZYZz.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\HwPiYWx.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpAbbXl.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\PWQZxWB.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfZNTFA.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIUyiVG.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\lorQzjF.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\najMdot.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTxOYar.exe C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2328 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\GHlgrHt.exe
PID 2328 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\GHlgrHt.exe
PID 2328 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gNgkhmS.exe
PID 2328 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gNgkhmS.exe
PID 2328 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tGltvKB.exe
PID 2328 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tGltvKB.exe
PID 2328 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\cPYfCLo.exe
PID 2328 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\cPYfCLo.exe
PID 2328 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gDtPGxO.exe
PID 2328 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gDtPGxO.exe
PID 2328 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\xnUEyNN.exe
PID 2328 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\xnUEyNN.exe
PID 2328 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\mbOvhxQ.exe
PID 2328 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\mbOvhxQ.exe
PID 2328 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WAVpLIR.exe
PID 2328 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WAVpLIR.exe
PID 2328 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WMgNTXZ.exe
PID 2328 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WMgNTXZ.exe
PID 2328 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\GPVmxCA.exe
PID 2328 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\GPVmxCA.exe
PID 2328 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\HOfnEaf.exe
PID 2328 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\HOfnEaf.exe
PID 2328 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DaiQtyn.exe
PID 2328 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DaiQtyn.exe
PID 2328 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\sMGhacj.exe
PID 2328 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\sMGhacj.exe
PID 2328 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\RsQsedz.exe
PID 2328 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\RsQsedz.exe
PID 2328 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\zIUyiVG.exe
PID 2328 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\zIUyiVG.exe
PID 2328 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TWoHksN.exe
PID 2328 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TWoHksN.exe
PID 2328 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\VkDNHrz.exe
PID 2328 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\VkDNHrz.exe
PID 2328 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\nnhidKt.exe
PID 2328 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\nnhidKt.exe
PID 2328 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\EojKvlc.exe
PID 2328 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\EojKvlc.exe
PID 2328 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\pjOvkSJ.exe
PID 2328 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\pjOvkSJ.exe
PID 2328 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\mpwzbSv.exe
PID 2328 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\mpwzbSv.exe
PID 2328 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UFzkGOS.exe
PID 2328 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\UFzkGOS.exe
PID 2328 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DemdTTg.exe
PID 2328 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\DemdTTg.exe
PID 2328 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tbCfqSa.exe
PID 2328 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tbCfqSa.exe
PID 2328 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CehdtKv.exe
PID 2328 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\CehdtKv.exe
PID 2328 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QULKgZL.exe
PID 2328 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QULKgZL.exe
PID 2328 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QticMLh.exe
PID 2328 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\QticMLh.exe
PID 2328 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tvmzNrp.exe
PID 2328 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\tvmzNrp.exe
PID 2328 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gxwIYiP.exe
PID 2328 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\gxwIYiP.exe
PID 2328 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TqgYMwC.exe
PID 2328 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\TqgYMwC.exe
PID 2328 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\rFwYqLY.exe
PID 2328 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\rFwYqLY.exe
PID 2328 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WtamckN.exe
PID 2328 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe C:\Windows\System\WtamckN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2ca96aab6b85334d6fdad60ff8c76c6b56fd856a8e632898d826cd7f85f06996_NeikiAnalytics.exe"

C:\Windows\System\GHlgrHt.exe

C:\Windows\System\GHlgrHt.exe

C:\Windows\System\gNgkhmS.exe

C:\Windows\System\gNgkhmS.exe

C:\Windows\System\tGltvKB.exe

C:\Windows\System\tGltvKB.exe

C:\Windows\System\cPYfCLo.exe

C:\Windows\System\cPYfCLo.exe

C:\Windows\System\gDtPGxO.exe

C:\Windows\System\gDtPGxO.exe

C:\Windows\System\xnUEyNN.exe

C:\Windows\System\xnUEyNN.exe

C:\Windows\System\mbOvhxQ.exe

C:\Windows\System\mbOvhxQ.exe

C:\Windows\System\WAVpLIR.exe

C:\Windows\System\WAVpLIR.exe

C:\Windows\System\WMgNTXZ.exe

C:\Windows\System\WMgNTXZ.exe

C:\Windows\System\GPVmxCA.exe

C:\Windows\System\GPVmxCA.exe

C:\Windows\System\HOfnEaf.exe

C:\Windows\System\HOfnEaf.exe

C:\Windows\System\DaiQtyn.exe

C:\Windows\System\DaiQtyn.exe

C:\Windows\System\sMGhacj.exe

C:\Windows\System\sMGhacj.exe

C:\Windows\System\RsQsedz.exe

C:\Windows\System\RsQsedz.exe

C:\Windows\System\zIUyiVG.exe

C:\Windows\System\zIUyiVG.exe

C:\Windows\System\TWoHksN.exe

C:\Windows\System\TWoHksN.exe

C:\Windows\System\VkDNHrz.exe

C:\Windows\System\VkDNHrz.exe

C:\Windows\System\nnhidKt.exe

C:\Windows\System\nnhidKt.exe

C:\Windows\System\EojKvlc.exe

C:\Windows\System\EojKvlc.exe

C:\Windows\System\pjOvkSJ.exe

C:\Windows\System\pjOvkSJ.exe

C:\Windows\System\mpwzbSv.exe

C:\Windows\System\mpwzbSv.exe

C:\Windows\System\UFzkGOS.exe

C:\Windows\System\UFzkGOS.exe

C:\Windows\System\DemdTTg.exe

C:\Windows\System\DemdTTg.exe

C:\Windows\System\tbCfqSa.exe

C:\Windows\System\tbCfqSa.exe

C:\Windows\System\CehdtKv.exe

C:\Windows\System\CehdtKv.exe

C:\Windows\System\QULKgZL.exe

C:\Windows\System\QULKgZL.exe

C:\Windows\System\QticMLh.exe

C:\Windows\System\QticMLh.exe

C:\Windows\System\tvmzNrp.exe

C:\Windows\System\tvmzNrp.exe

C:\Windows\System\gxwIYiP.exe

C:\Windows\System\gxwIYiP.exe

C:\Windows\System\TqgYMwC.exe

C:\Windows\System\TqgYMwC.exe

C:\Windows\System\rFwYqLY.exe

C:\Windows\System\rFwYqLY.exe

C:\Windows\System\WtamckN.exe

C:\Windows\System\WtamckN.exe

C:\Windows\System\ooFZCrq.exe

C:\Windows\System\ooFZCrq.exe

C:\Windows\System\qBrHMEo.exe

C:\Windows\System\qBrHMEo.exe

C:\Windows\System\JSUAsgP.exe

C:\Windows\System\JSUAsgP.exe

C:\Windows\System\hxKEEOR.exe

C:\Windows\System\hxKEEOR.exe

C:\Windows\System\WHaOZNe.exe

C:\Windows\System\WHaOZNe.exe

C:\Windows\System\aahPBwG.exe

C:\Windows\System\aahPBwG.exe

C:\Windows\System\pHwVPBd.exe

C:\Windows\System\pHwVPBd.exe

C:\Windows\System\SakzFcx.exe

C:\Windows\System\SakzFcx.exe

C:\Windows\System\dsmGpTm.exe

C:\Windows\System\dsmGpTm.exe

C:\Windows\System\jDgjriR.exe

C:\Windows\System\jDgjriR.exe

C:\Windows\System\RCIlTKt.exe

C:\Windows\System\RCIlTKt.exe

C:\Windows\System\CziktVm.exe

C:\Windows\System\CziktVm.exe

C:\Windows\System\agTZlqt.exe

C:\Windows\System\agTZlqt.exe

C:\Windows\System\xEWQHJd.exe

C:\Windows\System\xEWQHJd.exe

C:\Windows\System\JiuCtTS.exe

C:\Windows\System\JiuCtTS.exe

C:\Windows\System\qwealvC.exe

C:\Windows\System\qwealvC.exe

C:\Windows\System\PVzeVvu.exe

C:\Windows\System\PVzeVvu.exe

C:\Windows\System\VnNMJJQ.exe

C:\Windows\System\VnNMJJQ.exe

C:\Windows\System\BxhFTVh.exe

C:\Windows\System\BxhFTVh.exe

C:\Windows\System\xCIdnzR.exe

C:\Windows\System\xCIdnzR.exe

C:\Windows\System\TrvejFU.exe

C:\Windows\System\TrvejFU.exe

C:\Windows\System\MVXTZmF.exe

C:\Windows\System\MVXTZmF.exe

C:\Windows\System\itTpevr.exe

C:\Windows\System\itTpevr.exe

C:\Windows\System\hVTkVbk.exe

C:\Windows\System\hVTkVbk.exe

C:\Windows\System\uAczeTJ.exe

C:\Windows\System\uAczeTJ.exe

C:\Windows\System\jtXqhuP.exe

C:\Windows\System\jtXqhuP.exe

C:\Windows\System\ItnJcde.exe

C:\Windows\System\ItnJcde.exe

C:\Windows\System\ptffInx.exe

C:\Windows\System\ptffInx.exe

C:\Windows\System\aVTeZtu.exe

C:\Windows\System\aVTeZtu.exe

C:\Windows\System\epdXGIC.exe

C:\Windows\System\epdXGIC.exe

C:\Windows\System\fTYgJCe.exe

C:\Windows\System\fTYgJCe.exe

C:\Windows\System\kxSwCMi.exe

C:\Windows\System\kxSwCMi.exe

C:\Windows\System\hLkjOyD.exe

C:\Windows\System\hLkjOyD.exe

C:\Windows\System\QDuIxUt.exe

C:\Windows\System\QDuIxUt.exe

C:\Windows\System\OwABhWJ.exe

C:\Windows\System\OwABhWJ.exe

C:\Windows\System\zoXuXAH.exe

C:\Windows\System\zoXuXAH.exe

C:\Windows\System\LojvzHl.exe

C:\Windows\System\LojvzHl.exe

C:\Windows\System\MuAudVA.exe

C:\Windows\System\MuAudVA.exe

C:\Windows\System\SzYrtXd.exe

C:\Windows\System\SzYrtXd.exe

C:\Windows\System\JjnZYZz.exe

C:\Windows\System\JjnZYZz.exe

C:\Windows\System\HwPiYWx.exe

C:\Windows\System\HwPiYWx.exe

C:\Windows\System\JWmOJlh.exe

C:\Windows\System\JWmOJlh.exe

C:\Windows\System\SqwBtMV.exe

C:\Windows\System\SqwBtMV.exe

C:\Windows\System\KxALAOt.exe

C:\Windows\System\KxALAOt.exe

C:\Windows\System\MexusLi.exe

C:\Windows\System\MexusLi.exe

C:\Windows\System\ZvYHKBA.exe

C:\Windows\System\ZvYHKBA.exe

C:\Windows\System\nLoSauN.exe

C:\Windows\System\nLoSauN.exe

C:\Windows\System\ftmDvBf.exe

C:\Windows\System\ftmDvBf.exe

C:\Windows\System\cXaiXlb.exe

C:\Windows\System\cXaiXlb.exe

C:\Windows\System\FQlBhQE.exe

C:\Windows\System\FQlBhQE.exe

C:\Windows\System\QnaXnzP.exe

C:\Windows\System\QnaXnzP.exe

C:\Windows\System\BZiaVJQ.exe

C:\Windows\System\BZiaVJQ.exe

C:\Windows\System\lorQzjF.exe

C:\Windows\System\lorQzjF.exe

C:\Windows\System\rcnBaeC.exe

C:\Windows\System\rcnBaeC.exe

C:\Windows\System\weQsuuc.exe

C:\Windows\System\weQsuuc.exe

C:\Windows\System\iJFPsqt.exe

C:\Windows\System\iJFPsqt.exe

C:\Windows\System\inhJRiy.exe

C:\Windows\System\inhJRiy.exe

C:\Windows\System\dLeaRcV.exe

C:\Windows\System\dLeaRcV.exe

C:\Windows\System\NBmSHis.exe

C:\Windows\System\NBmSHis.exe

C:\Windows\System\kSQJPzq.exe

C:\Windows\System\kSQJPzq.exe

C:\Windows\System\iipbihT.exe

C:\Windows\System\iipbihT.exe

C:\Windows\System\LlsuftF.exe

C:\Windows\System\LlsuftF.exe

C:\Windows\System\SjvmgXE.exe

C:\Windows\System\SjvmgXE.exe

C:\Windows\System\tXtDyDO.exe

C:\Windows\System\tXtDyDO.exe

C:\Windows\System\ksauquB.exe

C:\Windows\System\ksauquB.exe

C:\Windows\System\fUyWGzJ.exe

C:\Windows\System\fUyWGzJ.exe

C:\Windows\System\vpVstWO.exe

C:\Windows\System\vpVstWO.exe

C:\Windows\System\bmaSbYy.exe

C:\Windows\System\bmaSbYy.exe

C:\Windows\System\cnrYiWt.exe

C:\Windows\System\cnrYiWt.exe

C:\Windows\System\FpiwBBm.exe

C:\Windows\System\FpiwBBm.exe

C:\Windows\System\UhlaKaq.exe

C:\Windows\System\UhlaKaq.exe

C:\Windows\System\aegrJaS.exe

C:\Windows\System\aegrJaS.exe

C:\Windows\System\cjzItdC.exe

C:\Windows\System\cjzItdC.exe

C:\Windows\System\AwhErwC.exe

C:\Windows\System\AwhErwC.exe

C:\Windows\System\SIZddgb.exe

C:\Windows\System\SIZddgb.exe

C:\Windows\System\zQHDPED.exe

C:\Windows\System\zQHDPED.exe

C:\Windows\System\HyYxWHr.exe

C:\Windows\System\HyYxWHr.exe

C:\Windows\System\bFocbkA.exe

C:\Windows\System\bFocbkA.exe

C:\Windows\System\hhGkbZm.exe

C:\Windows\System\hhGkbZm.exe

C:\Windows\System\BCADwPg.exe

C:\Windows\System\BCADwPg.exe

C:\Windows\System\FseiPez.exe

C:\Windows\System\FseiPez.exe

C:\Windows\System\bhzOLIN.exe

C:\Windows\System\bhzOLIN.exe

C:\Windows\System\thFylFy.exe

C:\Windows\System\thFylFy.exe

C:\Windows\System\hctLFDy.exe

C:\Windows\System\hctLFDy.exe

C:\Windows\System\OlVNKFD.exe

C:\Windows\System\OlVNKFD.exe

C:\Windows\System\WPgSrKf.exe

C:\Windows\System\WPgSrKf.exe

C:\Windows\System\YDYdzYL.exe

C:\Windows\System\YDYdzYL.exe

C:\Windows\System\vAcTJJd.exe

C:\Windows\System\vAcTJJd.exe

C:\Windows\System\ouqfMdg.exe

C:\Windows\System\ouqfMdg.exe

C:\Windows\System\TnNbCBZ.exe

C:\Windows\System\TnNbCBZ.exe

C:\Windows\System\ksPFSYy.exe

C:\Windows\System\ksPFSYy.exe

C:\Windows\System\PWQZxWB.exe

C:\Windows\System\PWQZxWB.exe

C:\Windows\System\hndoNaI.exe

C:\Windows\System\hndoNaI.exe

C:\Windows\System\kCAKkPk.exe

C:\Windows\System\kCAKkPk.exe

C:\Windows\System\upgVIXU.exe

C:\Windows\System\upgVIXU.exe

C:\Windows\System\ziQbQQw.exe

C:\Windows\System\ziQbQQw.exe

C:\Windows\System\xHhjCSU.exe

C:\Windows\System\xHhjCSU.exe

C:\Windows\System\WbLuhBh.exe

C:\Windows\System\WbLuhBh.exe

C:\Windows\System\wDrxfZa.exe

C:\Windows\System\wDrxfZa.exe

C:\Windows\System\SJXWXDe.exe

C:\Windows\System\SJXWXDe.exe

C:\Windows\System\lWwSvgM.exe

C:\Windows\System\lWwSvgM.exe

C:\Windows\System\UOKOuDK.exe

C:\Windows\System\UOKOuDK.exe

C:\Windows\System\fgvgnfy.exe

C:\Windows\System\fgvgnfy.exe

C:\Windows\System\KUDdWhf.exe

C:\Windows\System\KUDdWhf.exe

C:\Windows\System\UcHjoiM.exe

C:\Windows\System\UcHjoiM.exe

C:\Windows\System\VCFVpmb.exe

C:\Windows\System\VCFVpmb.exe

C:\Windows\System\OLZCDGD.exe

C:\Windows\System\OLZCDGD.exe

C:\Windows\System\KYzGGnh.exe

C:\Windows\System\KYzGGnh.exe

C:\Windows\System\eVoVDGi.exe

C:\Windows\System\eVoVDGi.exe

C:\Windows\System\otMcJeX.exe

C:\Windows\System\otMcJeX.exe

C:\Windows\System\LOtuVUC.exe

C:\Windows\System\LOtuVUC.exe

C:\Windows\System\UyXqWti.exe

C:\Windows\System\UyXqWti.exe

C:\Windows\System\najMdot.exe

C:\Windows\System\najMdot.exe

C:\Windows\System\szLuttc.exe

C:\Windows\System\szLuttc.exe

C:\Windows\System\SIsjTcO.exe

C:\Windows\System\SIsjTcO.exe

C:\Windows\System\xTceIxa.exe

C:\Windows\System\xTceIxa.exe

C:\Windows\System\LBNdWkM.exe

C:\Windows\System\LBNdWkM.exe

C:\Windows\System\xiVTNDS.exe

C:\Windows\System\xiVTNDS.exe

C:\Windows\System\MbQozuc.exe

C:\Windows\System\MbQozuc.exe

C:\Windows\System\dOfMayk.exe

C:\Windows\System\dOfMayk.exe

C:\Windows\System\vHlCzqB.exe

C:\Windows\System\vHlCzqB.exe

C:\Windows\System\IkBsyDo.exe

C:\Windows\System\IkBsyDo.exe

C:\Windows\System\kvimlhA.exe

C:\Windows\System\kvimlhA.exe

C:\Windows\System\wsUrvoN.exe

C:\Windows\System\wsUrvoN.exe

C:\Windows\System\eNJlxAf.exe

C:\Windows\System\eNJlxAf.exe

C:\Windows\System\iTxOYar.exe

C:\Windows\System\iTxOYar.exe

C:\Windows\System\tgDxgVE.exe

C:\Windows\System\tgDxgVE.exe

C:\Windows\System\EaTQUik.exe

C:\Windows\System\EaTQUik.exe

C:\Windows\System\LIvxEfb.exe

C:\Windows\System\LIvxEfb.exe

C:\Windows\System\OYFIMOo.exe

C:\Windows\System\OYFIMOo.exe

C:\Windows\System\CpRTNsC.exe

C:\Windows\System\CpRTNsC.exe

C:\Windows\System\ejfgXQK.exe

C:\Windows\System\ejfgXQK.exe

C:\Windows\System\kMkwKkq.exe

C:\Windows\System\kMkwKkq.exe

C:\Windows\System\FIFhvfu.exe

C:\Windows\System\FIFhvfu.exe

C:\Windows\System\XTfzkNu.exe

C:\Windows\System\XTfzkNu.exe

C:\Windows\System\pbaShoQ.exe

C:\Windows\System\pbaShoQ.exe

C:\Windows\System\jROaYoN.exe

C:\Windows\System\jROaYoN.exe

C:\Windows\System\kzwkjpl.exe

C:\Windows\System\kzwkjpl.exe

C:\Windows\System\pAZveOC.exe

C:\Windows\System\pAZveOC.exe

C:\Windows\System\dVxmUPc.exe

C:\Windows\System\dVxmUPc.exe

C:\Windows\System\uukAWcx.exe

C:\Windows\System\uukAWcx.exe

C:\Windows\System\JRnhoMv.exe

C:\Windows\System\JRnhoMv.exe

C:\Windows\System\RjTTKcd.exe

C:\Windows\System\RjTTKcd.exe

C:\Windows\System\KWckrbA.exe

C:\Windows\System\KWckrbA.exe

C:\Windows\System\wLrSaeb.exe

C:\Windows\System\wLrSaeb.exe

C:\Windows\System\MJnaRvo.exe

C:\Windows\System\MJnaRvo.exe

C:\Windows\System\EfZNTFA.exe

C:\Windows\System\EfZNTFA.exe

C:\Windows\System\dOEdRwC.exe

C:\Windows\System\dOEdRwC.exe

C:\Windows\System\nwfnmWu.exe

C:\Windows\System\nwfnmWu.exe

C:\Windows\System\ltuuSwk.exe

C:\Windows\System\ltuuSwk.exe

C:\Windows\System\rlGZbTK.exe

C:\Windows\System\rlGZbTK.exe

C:\Windows\System\zdAUBaz.exe

C:\Windows\System\zdAUBaz.exe

C:\Windows\System\nQipdtR.exe

C:\Windows\System\nQipdtR.exe

C:\Windows\System\RWnOHnR.exe

C:\Windows\System\RWnOHnR.exe

C:\Windows\System\utKfhuu.exe

C:\Windows\System\utKfhuu.exe

C:\Windows\System\gOjwYSE.exe

C:\Windows\System\gOjwYSE.exe

C:\Windows\System\aDPOSvT.exe

C:\Windows\System\aDPOSvT.exe

C:\Windows\System\myDyMXS.exe

C:\Windows\System\myDyMXS.exe

C:\Windows\System\lqoyRNc.exe

C:\Windows\System\lqoyRNc.exe

C:\Windows\System\ogddGni.exe

C:\Windows\System\ogddGni.exe

C:\Windows\System\wqfMxro.exe

C:\Windows\System\wqfMxro.exe

C:\Windows\System\GAPzmWC.exe

C:\Windows\System\GAPzmWC.exe

C:\Windows\System\xwgLmFh.exe

C:\Windows\System\xwgLmFh.exe

C:\Windows\System\ZeFrQkI.exe

C:\Windows\System\ZeFrQkI.exe

C:\Windows\System\MvQPnRt.exe

C:\Windows\System\MvQPnRt.exe

C:\Windows\System\LQmuViO.exe

C:\Windows\System\LQmuViO.exe

C:\Windows\System\IAwSTQW.exe

C:\Windows\System\IAwSTQW.exe

C:\Windows\System\izjyQEL.exe

C:\Windows\System\izjyQEL.exe

C:\Windows\System\JEQKBor.exe

C:\Windows\System\JEQKBor.exe

C:\Windows\System\sfYWpUu.exe

C:\Windows\System\sfYWpUu.exe

C:\Windows\System\oalKkIL.exe

C:\Windows\System\oalKkIL.exe

C:\Windows\System\daEKyhF.exe

C:\Windows\System\daEKyhF.exe

C:\Windows\System\XOVzxto.exe

C:\Windows\System\XOVzxto.exe

C:\Windows\System\IfigmJW.exe

C:\Windows\System\IfigmJW.exe

C:\Windows\System\TQWzOIv.exe

C:\Windows\System\TQWzOIv.exe

C:\Windows\System\otHUpJm.exe

C:\Windows\System\otHUpJm.exe

C:\Windows\System\lQEvOFr.exe

C:\Windows\System\lQEvOFr.exe

C:\Windows\System\CrtmqWa.exe

C:\Windows\System\CrtmqWa.exe

C:\Windows\System\WCVCUyn.exe

C:\Windows\System\WCVCUyn.exe

C:\Windows\System\FtvXRHo.exe

C:\Windows\System\FtvXRHo.exe

C:\Windows\System\fvqURMN.exe

C:\Windows\System\fvqURMN.exe

C:\Windows\System\MQbZyWQ.exe

C:\Windows\System\MQbZyWQ.exe

C:\Windows\System\NzswZAD.exe

C:\Windows\System\NzswZAD.exe

C:\Windows\System\akphgWN.exe

C:\Windows\System\akphgWN.exe

C:\Windows\System\EyLrrFe.exe

C:\Windows\System\EyLrrFe.exe

C:\Windows\System\leqVTJt.exe

C:\Windows\System\leqVTJt.exe

C:\Windows\System\pawqEwB.exe

C:\Windows\System\pawqEwB.exe

C:\Windows\System\EXdfljc.exe

C:\Windows\System\EXdfljc.exe

C:\Windows\System\cRMKYSF.exe

C:\Windows\System\cRMKYSF.exe

C:\Windows\System\uFumAas.exe

C:\Windows\System\uFumAas.exe

C:\Windows\System\YJIcTEC.exe

C:\Windows\System\YJIcTEC.exe

C:\Windows\System\kfQfORv.exe

C:\Windows\System\kfQfORv.exe

C:\Windows\System\nLWUsSB.exe

C:\Windows\System\nLWUsSB.exe

C:\Windows\System\PiWgyBA.exe

C:\Windows\System\PiWgyBA.exe

C:\Windows\System\kHQMBBj.exe

C:\Windows\System\kHQMBBj.exe

C:\Windows\System\xnxjGZe.exe

C:\Windows\System\xnxjGZe.exe

C:\Windows\System\vPAnftb.exe

C:\Windows\System\vPAnftb.exe

C:\Windows\System\UntsIMo.exe

C:\Windows\System\UntsIMo.exe

C:\Windows\System\ilONXJO.exe

C:\Windows\System\ilONXJO.exe

C:\Windows\System\GPfXdSP.exe

C:\Windows\System\GPfXdSP.exe

C:\Windows\System\ayawYxz.exe

C:\Windows\System\ayawYxz.exe

C:\Windows\System\efKyzvw.exe

C:\Windows\System\efKyzvw.exe

C:\Windows\System\nasAITf.exe

C:\Windows\System\nasAITf.exe

C:\Windows\System\PdIOjNz.exe

C:\Windows\System\PdIOjNz.exe

C:\Windows\System\EAbtPgd.exe

C:\Windows\System\EAbtPgd.exe

C:\Windows\System\TdnKYuZ.exe

C:\Windows\System\TdnKYuZ.exe

C:\Windows\System\tJmTkVX.exe

C:\Windows\System\tJmTkVX.exe

C:\Windows\System\YTAuTPo.exe

C:\Windows\System\YTAuTPo.exe

C:\Windows\System\ftFfUkK.exe

C:\Windows\System\ftFfUkK.exe

C:\Windows\System\TqGlPNI.exe

C:\Windows\System\TqGlPNI.exe

C:\Windows\System\SeILScv.exe

C:\Windows\System\SeILScv.exe

C:\Windows\System\lrfEDfJ.exe

C:\Windows\System\lrfEDfJ.exe

C:\Windows\System\itIXFqz.exe

C:\Windows\System\itIXFqz.exe

C:\Windows\System\nqtXkcM.exe

C:\Windows\System\nqtXkcM.exe

C:\Windows\System\yTCyFEV.exe

C:\Windows\System\yTCyFEV.exe

C:\Windows\System\mcfURYv.exe

C:\Windows\System\mcfURYv.exe

C:\Windows\System\CKqOAeu.exe

C:\Windows\System\CKqOAeu.exe

C:\Windows\System\NzNEEqe.exe

C:\Windows\System\NzNEEqe.exe

C:\Windows\System\GbEfwRk.exe

C:\Windows\System\GbEfwRk.exe

C:\Windows\System\SiCXhQi.exe

C:\Windows\System\SiCXhQi.exe

C:\Windows\System\hsYVnzr.exe

C:\Windows\System\hsYVnzr.exe

C:\Windows\System\MirCTyn.exe

C:\Windows\System\MirCTyn.exe

C:\Windows\System\YTezhWg.exe

C:\Windows\System\YTezhWg.exe

C:\Windows\System\fsORIRW.exe

C:\Windows\System\fsORIRW.exe

C:\Windows\System\Qlixbyj.exe

C:\Windows\System\Qlixbyj.exe

C:\Windows\System\trubOWI.exe

C:\Windows\System\trubOWI.exe

C:\Windows\System\rTVHwsU.exe

C:\Windows\System\rTVHwsU.exe

C:\Windows\System\kWUQkeg.exe

C:\Windows\System\kWUQkeg.exe

C:\Windows\System\ysQTMSL.exe

C:\Windows\System\ysQTMSL.exe

C:\Windows\System\HTqrrAW.exe

C:\Windows\System\HTqrrAW.exe

C:\Windows\System\dYNAKsB.exe

C:\Windows\System\dYNAKsB.exe

C:\Windows\System\cnWfKgl.exe

C:\Windows\System\cnWfKgl.exe

C:\Windows\System\WDrRZYs.exe

C:\Windows\System\WDrRZYs.exe

C:\Windows\System\dOWyNhn.exe

C:\Windows\System\dOWyNhn.exe

C:\Windows\System\JTDsqhs.exe

C:\Windows\System\JTDsqhs.exe

C:\Windows\System\NEmTTto.exe

C:\Windows\System\NEmTTto.exe

C:\Windows\System\SBSoELa.exe

C:\Windows\System\SBSoELa.exe

C:\Windows\System\QNsaJmH.exe

C:\Windows\System\QNsaJmH.exe

C:\Windows\System\DetBlyD.exe

C:\Windows\System\DetBlyD.exe

C:\Windows\System\eROIscL.exe

C:\Windows\System\eROIscL.exe

C:\Windows\System\MKOKUHs.exe

C:\Windows\System\MKOKUHs.exe

C:\Windows\System\qFScOes.exe

C:\Windows\System\qFScOes.exe

C:\Windows\System\cCOHATh.exe

C:\Windows\System\cCOHATh.exe

C:\Windows\System\hqPAgnw.exe

C:\Windows\System\hqPAgnw.exe

C:\Windows\System\dbDuhPS.exe

C:\Windows\System\dbDuhPS.exe

C:\Windows\System\zRnkFLa.exe

C:\Windows\System\zRnkFLa.exe

C:\Windows\System\eWCtqjd.exe

C:\Windows\System\eWCtqjd.exe

C:\Windows\System\erqAWtb.exe

C:\Windows\System\erqAWtb.exe

C:\Windows\System\FKiKxVa.exe

C:\Windows\System\FKiKxVa.exe

C:\Windows\System\tNDskIG.exe

C:\Windows\System\tNDskIG.exe

C:\Windows\System\snyQPaD.exe

C:\Windows\System\snyQPaD.exe

C:\Windows\System\cRHKOEu.exe

C:\Windows\System\cRHKOEu.exe

C:\Windows\System\QrjxbMr.exe

C:\Windows\System\QrjxbMr.exe

C:\Windows\System\GnJCVzF.exe

C:\Windows\System\GnJCVzF.exe

C:\Windows\System\fOqYXJX.exe

C:\Windows\System\fOqYXJX.exe

C:\Windows\System\iSDpUvo.exe

C:\Windows\System\iSDpUvo.exe

C:\Windows\System\nyxzKmJ.exe

C:\Windows\System\nyxzKmJ.exe

C:\Windows\System\PSfrRjU.exe

C:\Windows\System\PSfrRjU.exe

C:\Windows\System\LKCUSCF.exe

C:\Windows\System\LKCUSCF.exe

C:\Windows\System\cLlCjcE.exe

C:\Windows\System\cLlCjcE.exe

C:\Windows\System\QDfUfOO.exe

C:\Windows\System\QDfUfOO.exe

C:\Windows\System\kBRbGWq.exe

C:\Windows\System\kBRbGWq.exe

C:\Windows\System\xDWnUDg.exe

C:\Windows\System\xDWnUDg.exe

C:\Windows\System\dEgXBfk.exe

C:\Windows\System\dEgXBfk.exe

C:\Windows\System\RLnznzw.exe

C:\Windows\System\RLnznzw.exe

C:\Windows\System\JpAbbXl.exe

C:\Windows\System\JpAbbXl.exe

C:\Windows\System\XRSMGEs.exe

C:\Windows\System\XRSMGEs.exe

C:\Windows\System\BRgjIYG.exe

C:\Windows\System\BRgjIYG.exe

C:\Windows\System\ILthsIu.exe

C:\Windows\System\ILthsIu.exe

C:\Windows\System\pkJwqNH.exe

C:\Windows\System\pkJwqNH.exe

C:\Windows\System\drBDAvt.exe

C:\Windows\System\drBDAvt.exe

C:\Windows\System\VinoOeG.exe

C:\Windows\System\VinoOeG.exe

C:\Windows\System\RnwNPvU.exe

C:\Windows\System\RnwNPvU.exe

C:\Windows\System\LRBHCHq.exe

C:\Windows\System\LRBHCHq.exe

C:\Windows\System\pHKEoCE.exe

C:\Windows\System\pHKEoCE.exe

C:\Windows\System\dUIkULP.exe

C:\Windows\System\dUIkULP.exe

C:\Windows\System\LMgOlxR.exe

C:\Windows\System\LMgOlxR.exe

C:\Windows\System\KzRckaX.exe

C:\Windows\System\KzRckaX.exe

C:\Windows\System\lMSrVum.exe

C:\Windows\System\lMSrVum.exe

C:\Windows\System\OEpixdb.exe

C:\Windows\System\OEpixdb.exe

C:\Windows\System\drLpGNG.exe

C:\Windows\System\drLpGNG.exe

C:\Windows\System\QdJxSnc.exe

C:\Windows\System\QdJxSnc.exe

C:\Windows\System\oDZKWzj.exe

C:\Windows\System\oDZKWzj.exe

C:\Windows\System\gqiLgfb.exe

C:\Windows\System\gqiLgfb.exe

C:\Windows\System\GfosfXN.exe

C:\Windows\System\GfosfXN.exe

C:\Windows\System\OlBznWr.exe

C:\Windows\System\OlBznWr.exe

C:\Windows\System\cUMySjP.exe

C:\Windows\System\cUMySjP.exe

C:\Windows\System\VhBEzPz.exe

C:\Windows\System\VhBEzPz.exe

C:\Windows\System\IUnCaDV.exe

C:\Windows\System\IUnCaDV.exe

C:\Windows\System\dTZdSaQ.exe

C:\Windows\System\dTZdSaQ.exe

C:\Windows\System\AXUfnOB.exe

C:\Windows\System\AXUfnOB.exe

C:\Windows\System\LuwGGyo.exe

C:\Windows\System\LuwGGyo.exe

C:\Windows\System\lfyllvG.exe

C:\Windows\System\lfyllvG.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
IE 52.111.236.23:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2328-0-0x00007FF7AEFE0000-0x00007FF7AF331000-memory.dmp

memory/2328-1-0x000001BF6FF00000-0x000001BF6FF10000-memory.dmp

C:\Windows\System\GHlgrHt.exe

MD5 8351d22c61926d5a4e3f6c74ee471a5c
SHA1 a5491d8febb78d8b3a98932af731ab8d1b3e22d6
SHA256 850f52535006baf6cce7c74920c704cc4c6f1d4020c2c67d0c31be4144e34aa4
SHA512 dc31e9f8b3ad028b5fac56fe8ffc79300ba6c4f89e95eb08ce70a7954bf7e9c5baa7a3fd571295271cf254fdf831b271bdc01604833f7f0b7201c028947e0f71

C:\Windows\System\tGltvKB.exe

MD5 6a0106d55e32378f5b47d6df0f4fca43
SHA1 5708681e1b24d2be4c923a3063648b4395a7fa72
SHA256 e677f11dbc28b08997128e9161d824fbbcde05cf5e6011ccaf2d81eca4708a22
SHA512 53b8c5ad39d5fa4157e891bca72fa084cf35d3453384df9cd3c1035d83c482a74de64ba9c2e1fc3cb0c238462fa3792db95cf9ae6e461cdc28da4a68d6c6b539

C:\Windows\System\cPYfCLo.exe

MD5 f5a24b4a9c27bedae110f8d4d66db46e
SHA1 ad774ef1ad0024f4b7f2171ecf29864bdbb7fb55
SHA256 a6b09c0f7cc88e2a0fbc1ddd89c62740626f175b91ec71b90a846131cfaa3a3f
SHA512 b3927baa8787bb2ac6d327e3011f8814f8c0287313a230e798e67011669fe7da003428b0964f531d787ec139cc1b3d88f7f58288c6ff6a532b701c418aea2255

C:\Windows\System\WAVpLIR.exe

MD5 b7a8caa7b1542821c5721b5c7aa7ddbb
SHA1 a0fa16bc4d2021a1f41675f0b9f27aeb70e71364
SHA256 206e8a70550f8ea7efed801be596b501d52d1b0c3d63fac78d76e2341781672c
SHA512 abd7fc95387a193a17fe0b487c4b0d807a604488cd33a83a936e4f5fc0fbaad6bd8deff1daffc797bf9a83cf7fab22fd14b16fb6c5a72df167ac8caf84fbab22

C:\Windows\System\GPVmxCA.exe

MD5 e19a8fe51bcab9cf7f6a4eb3ade3f49e
SHA1 f8af3ff788bd6f9cfdb240e5532ce64da9cf2562
SHA256 6d8bab23bca93ce5f5622c375a5adfb751387ee1a7205bda5e1981fa9028adc4
SHA512 9297c31e1e3f5c300f52398ce3eb9e662b0b4270c73d238f1eaa1a644cfbaf214e83febbc3b7721cf4312497154759cf39564828b8ed328a99aa8c8e8d40528d

C:\Windows\System\zIUyiVG.exe

MD5 c53b95c6d8bda12cde281f3c87776d8f
SHA1 1e572ff3017a76b5e9a18dc6ccb8d5da02c64121
SHA256 b77ab4d962560d5e38f6395ef9e485effa6b66fae885c640e98d05522263ee97
SHA512 aa69b7bb99caa56061a776b88fc85afd7c8b83fd57922cb57bfa7ad445d77846c8c0d4787969c728e4a1bce083d882556d727f8d9de48cdb69b04637571506c8

C:\Windows\System\WMgNTXZ.exe

MD5 873078fba218d8e60ecd8ebdfbca02f3
SHA1 45127fdbec95a7888d5a7591385709989fb93200
SHA256 1d7cfec1e06ae0533a6900665659ad1f39f33d13a7babcc9896473f17afdd5cc
SHA512 c3aa0f213c4fd7f658cbdfadedbe116a9d24b287dd1fa0892ebae27050bbc70b3d916f6beff5e271646bdc39a19e059d0c97c19f92eab88761ac90dce651a5b8

C:\Windows\System\JSUAsgP.exe

MD5 421a89ae428575421e95b8ad4daee134
SHA1 1ac0ef11bf59e8dd9a7f23ac9f80360ec43a1339
SHA256 96c61119c19d8af4883a9ea9932f031b994a1334e7ea9d5840d4eac44cd417c4
SHA512 93a1b4542afd33f254e45c811e76698ee60a0fd4a9e84cc1ac32d808e38a969ccf4c333a35f158e23469bc6f9d439263aede9e3a8dee7869d350c3de92c14b5c

C:\Windows\System\tvmzNrp.exe

MD5 b3a0773f91302eee1ecbe9daea7a9cbd
SHA1 f13856284836e2ec48ea601bda019ef502594b99
SHA256 3393fc40669f394ca0268b887e0e154fe51e6b206105ec3360a16636bde03b90
SHA512 5aa63099570e28d2689b76b15c1d35475ae171e493fe7f709e19195cdea84e5142bd64b9ac268badd6de86c3b885626c594ded1646a91342d2a841767518f5ab

memory/3628-431-0x00007FF69D130000-0x00007FF69D481000-memory.dmp

memory/3952-512-0x00007FF79C010000-0x00007FF79C361000-memory.dmp

memory/4028-600-0x00007FF7521E0000-0x00007FF752531000-memory.dmp

memory/3980-602-0x00007FF6C8E20000-0x00007FF6C9171000-memory.dmp

memory/408-601-0x00007FF75BA70000-0x00007FF75BDC1000-memory.dmp

memory/1008-599-0x00007FF78B020000-0x00007FF78B371000-memory.dmp

memory/1132-598-0x00007FF753940000-0x00007FF753C91000-memory.dmp

memory/564-511-0x00007FF715FA0000-0x00007FF7162F1000-memory.dmp

memory/2392-409-0x00007FF6BD5B0000-0x00007FF6BD901000-memory.dmp

memory/2096-408-0x00007FF757820000-0x00007FF757B71000-memory.dmp

memory/224-377-0x00007FF7AB0E0000-0x00007FF7AB431000-memory.dmp

memory/3968-302-0x00007FF6986B0000-0x00007FF698A01000-memory.dmp

memory/1556-276-0x00007FF6E41F0000-0x00007FF6E4541000-memory.dmp

memory/800-273-0x00007FF767D60000-0x00007FF7680B1000-memory.dmp

memory/1976-238-0x00007FF641060000-0x00007FF6413B1000-memory.dmp

C:\Windows\System\SakzFcx.exe

MD5 c2c22cad116ec536b91feba82093be08
SHA1 e4a7bf310af0a3e13ecbafbe8e62a58dcd74cff7
SHA256 71fef8824d76c6070bf4cb8ca04afe245f34293e5834961696e1390dc67943c3
SHA512 f36bc89e8bdb11b44ac876b0bb48bb6246c2cd8b3749c8f132038421123f483db3ea0f64c3dce7c3d9f45f631fc4526796b17f1d30b282bea960cfb447b2bc00

C:\Windows\System\CehdtKv.exe

MD5 d62a25b8abfd14142ad7b523db668018
SHA1 c580a7b7bf9f5f380c33ce1ec1b92089a7d222ad
SHA256 1827186ed2048c70da61e1b35b92855219e5e4fb5e6ac9f2454419b665d64892
SHA512 c19f70b4e5dd3505f0dd090b2c930a14ac87e736b4ad7cc890eb267a877a63de7dbfa280d75d19fd2de9a649b9225146b9d4e239ff3320fbd2cf88e2cdf2cf87

memory/4200-205-0x00007FF6351D0000-0x00007FF635521000-memory.dmp

memory/2676-200-0x00007FF645640000-0x00007FF645991000-memory.dmp

C:\Windows\System\WHaOZNe.exe

MD5 7073854c6196cc2c4249bb6d4cb95ab3
SHA1 ef59a8ae6162ee5411318efa24710e3e8f09b286
SHA256 1eadfec92b2f700eac76879774ce916c7a7b4336a647846d9bc36c4634543726
SHA512 c275ca7e264de794a8fd135c2539886d7c8c8cf7043337e3ff83c6dfcafcdd5e2a2bc4d6ad1fe9d6ba303666a0e137ec91d4075f55e03988afc9471afc2611f2

C:\Windows\System\qBrHMEo.exe

MD5 558e717b68a5810db217c62a8ad76789
SHA1 09b181294c557f974f76dff67c13d5989d55a6a8
SHA256 1b1861ad97adb0188fdfb2806d18942b978d87e342b03f6358a1b63f788ae0fc
SHA512 63c4ffeb8786a4a4b37be8f9e0a25c7e30fa037dd4496fb8cb94cea3283646f1628ab6225ed83536c5faad74ee447ee8285763108d4afa50898c0a224d3e877f

C:\Windows\System\mpwzbSv.exe

MD5 629febefd83a6deae022388bb36b3719
SHA1 6381d22586567d8e7e25165b309e7bd70d14ccd8
SHA256 ef944240784ae2e34785587cf13cd0aaf82fe01b82b728ec3f79f78869be4280
SHA512 d67bdaf50807ed5f6090241247381da5533b85f9217e97387a9d308c7669fad178bbcfb69ffb813e28fcf8776ccbfd3a7e0d8313e17cf1af3cbb643f341a2540

C:\Windows\System\ooFZCrq.exe

MD5 389043702dd402c22726fc09133b0ff5
SHA1 0534191e0b81262ae3789e2fce9621fc67294f0f
SHA256 b68b6b549e5015d506851acfdf972779437c865da464567608d486d1e2bbe9cf
SHA512 cf4e811553452a06b554002494f8dab3be7f0312be801c40189fb24f817ff1d7318f00414100ec8bce563b46355846222ee51f44d28df73b703cb197a3ec8ba2

C:\Windows\System\EojKvlc.exe

MD5 0aa7f4c394e19af4cbfc2b0110a3f43c
SHA1 a0e2c88c6b9128c369b7df297fd85c8f73c226a4
SHA256 ae2bea9d37fc261180e069ca5e318b0c5e4a09afab7055254de381f2bc6a84cb
SHA512 a8809625a7f126d995e7a41a07f58ceebcd2908cc89a1d5deb85c01522f1552a1c6b8806e039dd32f31987b0fbf6280746685dde7e4e928bdae561139d846f33

C:\Windows\System\WtamckN.exe

MD5 030bf550ac690872551b6d23745d3d35
SHA1 b6213c6876baf6509ea37cf5ca367653ff5f715f
SHA256 f19a7d1203a2c14e9146c601e5b6fe5439a7bd54be488f4b18ef5e36418af5e3
SHA512 c8c1334cf5ccbf9243bc1ac34cbeab9701ebe49481a9fd47aba2a8312f279db232471924b302d8ee34c4c92bfbf09b2ead44bda9b5c0922e62accd0a2f5d8c4b

C:\Windows\System\rFwYqLY.exe

MD5 0572be89a8b87e68b01e3780a812e5f3
SHA1 5dc8e64dde2698b8c237a8d7753ddc0ada6575ac
SHA256 2c71c996b7b49b2f0a0b1600d5c5920d83b81d480f9a8264526715e2db6a71e8
SHA512 bac793ca7177d1e05c91dfaecfcabe188c98874e89aae2516ed72f70d8500a10d61bacf7841f4469141313ff1371f2df40659eba5cc3db18dafefa875ab99fbb

C:\Windows\System\nnhidKt.exe

MD5 9e21086a0df65f351bfbcaba8e84e0ff
SHA1 b6a38fc20c4d4015ac52c4722f476233fedfd123
SHA256 11314519e70bee9acbfb497204a503d09231dab6659b4f52533793c57907a3cf
SHA512 c52fff1f5bc82fbefd8a13b42e11dc549ec09f09c0a0f9553c61890a2a943b7cf687bf6a404b5e6de2eaeab4791cae0ddd08de4b78bbcd6a3bb874e82096e33e

C:\Windows\System\dsmGpTm.exe

MD5 4eabe24c2bc943272a7ccfc35fb858a6
SHA1 41e02306ea87a7f4f31df1db8435eaea5525d721
SHA256 2672a902f9355b969c6d4d23db29e7cf0f07ab05206cfef9a0505d7a7fd93959
SHA512 f60984f1612c882023e678f19f3bb5786b08bfb30dfbf5160ef8b8159928b1e0213be81545ac7625734fd6e386ac17c38ebe1e3a5585aa053e91c8f29f97f213

C:\Windows\System\TqgYMwC.exe

MD5 64988dcb13cc8675c3a1238f30eb0fcb
SHA1 2f6a76380ccf6aeded5085b9d6a624a6f8f8bf1b
SHA256 04ac5dd7d1e730a44c0e4da5e0a8a8bcbf34d3642f630df5ecc33f21ac0f2cab
SHA512 4b72aa582ed6bbbaa7b50ff4d4018c6beb8a352931c1c5b62fee85f6b76122ed632726bb4b3128b75dd8efd5f5df144e5a031ab206ff4f6269dbf75cd1c7a078

C:\Windows\System\gxwIYiP.exe

MD5 73c0302449d93e3550cea4131f1c6da6
SHA1 fc868213cbd457380428d5321ea0a73985d525de
SHA256 eaf2c3e111d226453d42b40a0e5c5afea9a96d980bcb6fd9e28992fd5f59cb29
SHA512 284a1d92a4d84dd6c0a332d518eabfddc00043b4c3491f0d7d862b33f5926517bade6f02829b8f7dc85ff30f0bee22953718b4967e910fc0229bbec0c3372ef8

C:\Windows\System\QticMLh.exe

MD5 52885dec1368e03959cafc20c533dc5f
SHA1 4e038157fa65e2f7b535944d5892cd4dcd101642
SHA256 ae6bd55c7de08d8f93499dcdd6249c6c7981176edbc66113c69605ca63f01407
SHA512 cf3a2a351002d0a7f350f1bde2ae39cdc1de8ff233be6ac3fc6d9bd4c3f6975ed5bae026cf78548e0f1423427cc62edb6bf700b1b3237aff6be94fb59da83cc2

C:\Windows\System\aahPBwG.exe

MD5 d487c983b56a3ecc9a2e3267557a68f9
SHA1 6cdf11fcb43d20eff60cf06b5790a9ee04c4ae56
SHA256 ec025b4eb31681f4f48a12e079561df0ff59790caff86cdf828efffff589b731
SHA512 dbeb015d030ee01625be91372f68cad4976311c9642d20d962fcbcbb15cba85af0fd3b7a43357b5d7f63f4b2f08924d084aa39fb13b532653778953cbaf7c87a

memory/4456-141-0x00007FF7398D0000-0x00007FF739C21000-memory.dmp

C:\Windows\System\tbCfqSa.exe

MD5 fc94b9b965eca03dedbb1ea0afea9fc4
SHA1 e9c17ffb6b422e06d767c778a20f2ef21046d12d
SHA256 629908bc57853057ca4503ef1e1b5ebaa11995313640a5f79f5fce8c31f3ace6
SHA512 f22f346c44e1dfc460c0446a1107f0927f1a5661c89f1f19249746f26bc7ecf3f29da5ae4aed6fcefcb4fea52882b9a16a947185fac1ccc76655f4a71cc615de

C:\Windows\System\DemdTTg.exe

MD5 5b1289955eaa393133b5623c6fe765c8
SHA1 208487c115e6f4d26f77bfc0d3114bd950000caa
SHA256 93b97d98c753760f7cf65e2cb8d20706c1adae14d0d8e5e21ed7af092cffc619
SHA512 9c22f0023416d30d8d8fa41985a0d9ae8636c150ea45948d9f1476b6c986cb828c65185c1ad5baea6aed2c0da8b0d1d5ea396ca70fc4684db7b8133fb690b810

C:\Windows\System\UFzkGOS.exe

MD5 33b249705810514daaefbe803a1afb7b
SHA1 4caede255cb980969db28a3428c6ab5d2afae6d5
SHA256 ebcff5d973085f137e4caaccf45dfd7f0214421fd8b4775b43fd35ee2daaee18
SHA512 19d4193a69be482f0e3b0456c68f2e4f45fde4f88b7dd27d5644fda65bbc0f2f12c39acc713068bbf2e425b50e1c4120b4b75e79a50ae1a076c05f2e1506bbcd

C:\Windows\System\VkDNHrz.exe

MD5 75bcd46725cae88e84f86540d8c0c139
SHA1 17ebce86eaf63f78294fa8abd6e8bc28020ba37a
SHA256 6b4416a9d0f3cdbec832c94ce1c0ddeb977da1895a054e6d4f9926f2933f49e5
SHA512 ce2f633a5ce8e425c1722720f0cd44c263b4eeb0954d8ad85592de69ac3730b9669c4693a18885e1336dfddab577188ec14e0303d6cad54de726dc633bec23bc

C:\Windows\System\HOfnEaf.exe

MD5 cfef82958bad1c71303cc13e9b8c2789
SHA1 37ae900d21feff72b4ea7b6c9a046305572c72d4
SHA256 8dc02d174e5056711d5c7929931509695c44e0cb6368bfa50483d7b09e03d55b
SHA512 f50c63cb8b3f942d79bb6045e37863f39a6d54428baacffc7ee126a12c9ccb42dc5c27d9563f15f48dc65368c04f7e00b96b38ee462a19a45493d191874a6101

C:\Windows\System\TWoHksN.exe

MD5 c961ed31b072e42e5c0dd84d476e6973
SHA1 a9d3a6bacb9f3962b57a0526c091deccd8c7085b
SHA256 fd8e0c42f03df74cb92270081c32c58e832e31e5a5183fc955ea62ea0ec1fdca
SHA512 a0f02408e5382e6d5e8c7eadad5d8088391d1014877b84fd10d4f44c87885008d89de30cdaa9de5e8419ec2204b556c0c09399e5a85b290cc163b210ea505a27

C:\Windows\System\DaiQtyn.exe

MD5 c7c0175eab6f36d7164bb7b9006ceaa0
SHA1 93985493e791956c00ec8365b1ad2f54927dc857
SHA256 7b8396e001d9bfec97786d4fbc8e445a016842325dceaa45ccc90f161ca43d97
SHA512 9ee261d1be456fe1864577d5ec5a9487090aa602c29295d6e99773f9535eacdb247278f0e1567dbef5ba6bac88585ea764a154124c13350e8a9ad94114c1204d

C:\Windows\System\RsQsedz.exe

MD5 1bae4c0365a297a0004f880e124a775b
SHA1 191843ddea78a737ca48289d432bd528f8eb72c4
SHA256 896cb435fde191cb6224249439888d66f0757c6a8691842f51bf9831c6ca3e9d
SHA512 db4720672357a7790e7727c550f6e8ae4121798a1cbe06d145a03d6faf82fa464af398075b6bb9bb48b237a767b11a3fd8d2d3100f99aa24f5585f31a41cc9bb

C:\Windows\System\QULKgZL.exe

MD5 2dc91721349300a25c64f08d38478dd5
SHA1 af3c15c4a8da5064c08a222e5d51873306490524
SHA256 f036afddc8eaebb15876e31bfc142d76a76846f8babffe42fe03e15053b6c604
SHA512 70546c5e2cbaeb9d4a9e70518c322e1f295fd1ee43ed92d203b28dcae8d87f26abe2c0231a584ddd83e0d5c11b3d30b6838d04eb39b8251a134b6643d725c860

memory/3272-94-0x00007FF7D6C30000-0x00007FF7D6F81000-memory.dmp

C:\Windows\System\pjOvkSJ.exe

MD5 984ac5161c8dafc18fc6231e8718c9cd
SHA1 089fd5eb064749906b8e51947cd08ac4b213c747
SHA256 628600b4009b920ee2a43d9095cccbd1624cc3621aa6c1b634626cf232b50d36
SHA512 d9d80128b78647a009a8a3f810a96a233f171a9f8a9d8192154d9346bb2a45426a6824f9fdd2d9ab2e9030831313279f5058826a98eaf8215505ed515b12393a

memory/3324-87-0x00007FF6F1280000-0x00007FF6F15D1000-memory.dmp

C:\Windows\System\sMGhacj.exe

MD5 ebdd62f37dc1c915b33ccf239c678b81
SHA1 ebc7135502153473e0fa2147a9a1b56da80ea61c
SHA256 96efda812cd49108c043a2de8b7d924500b1d4a95b3acd98a2e506b87a303a72
SHA512 3c2e1e0a32691331e4104ae1736295ff8c07b72a2aa76f6f7a38977bd324fa54e8b70e502f796e935397334dadb1510c6fcbf37f1fa4b33bb5166ba1c22af8ca

C:\Windows\System\mbOvhxQ.exe

MD5 604ddcf8fbc5e1a51a2f753ea18491b8
SHA1 5ab5ad885eb2f4ad97846d71cb5c2e715c6b4fca
SHA256 70d80cf62eeaf536be02be296353c42392111cc344694fe117444fb36f980663
SHA512 4c49cf5dc79616d46de506e00b953a05347d8cede3afcb8d2d309567d7716e1c2d177a54581856c9ae0b80d21c71bd37bd2d6689a5109ad67e9e4f2c7c2a5ffd

C:\Windows\System\gDtPGxO.exe

MD5 a21d3c8ab49d17a09ad854f400f3fa12
SHA1 d0caf89652d4189fb80909235d5adad9f878915a
SHA256 17c93de2410e28e225c623cf77a16ee3676f658be68bbf82944873a9c2cfbb4d
SHA512 3cc22449391d95a059db9bdda3adab1993fc1336ef3a7f91f0772816a052f9fa099b05d60950fc6da15b7ab04e7ac512a793983e3c7911c8f46de066c838bb2e

memory/968-66-0x00007FF7FC110000-0x00007FF7FC461000-memory.dmp

memory/4824-73-0x00007FF6A4D50000-0x00007FF6A50A1000-memory.dmp

memory/2272-58-0x00007FF7B39B0000-0x00007FF7B3D01000-memory.dmp

memory/1028-42-0x00007FF76F580000-0x00007FF76F8D1000-memory.dmp

memory/3448-41-0x00007FF665E00000-0x00007FF666151000-memory.dmp

C:\Windows\System\xnUEyNN.exe

MD5 9bbb43fce42623ce4c2ca084e5fcebd4
SHA1 60006c7ae258d1eb85e6e4f5d90824863e845a96
SHA256 4c5a9a851adb49160c5c3bbc0880576c5989d8dbdc02715d9dc8380c001c8510
SHA512 eabc53956555686f0c73b964a41d80b2079749644abadc0d74008b48ed3c0b37211bcdfba2002bba77240eaa248c600aac3e5f813b723b42f400c3eb18911bd6

memory/4908-32-0x00007FF7EFE80000-0x00007FF7F01D1000-memory.dmp

memory/112-27-0x00007FF650900000-0x00007FF650C51000-memory.dmp

memory/3192-20-0x00007FF7184D0000-0x00007FF718821000-memory.dmp

C:\Windows\System\gNgkhmS.exe

MD5 8fe79218095a8280e3412b944e487342
SHA1 1e6f1e5115b70218561ca7479620a0e1f4d4493f
SHA256 d1ae6dd77f6597dee0de9f6fa3eb1241f1a017ab61b09d51fac9e8a566a015f9
SHA512 80fd2147042ff99ebe73819209afbc9711ca8c6cd93360f953271dd71fe6c5da75835d9253396e04b1d49f8c243e6407631aa1edb36c4a4361cd6f805b82e583

memory/4932-12-0x00007FF72C390000-0x00007FF72C6E1000-memory.dmp

memory/2328-1133-0x00007FF7AEFE0000-0x00007FF7AF331000-memory.dmp

memory/4908-1152-0x00007FF7EFE80000-0x00007FF7F01D1000-memory.dmp

memory/4932-1150-0x00007FF72C390000-0x00007FF72C6E1000-memory.dmp

memory/1028-1153-0x00007FF76F580000-0x00007FF76F8D1000-memory.dmp

memory/968-1155-0x00007FF7FC110000-0x00007FF7FC461000-memory.dmp

memory/4824-1159-0x00007FF6A4D50000-0x00007FF6A50A1000-memory.dmp

memory/3272-1160-0x00007FF7D6C30000-0x00007FF7D6F81000-memory.dmp

memory/4456-1161-0x00007FF7398D0000-0x00007FF739C21000-memory.dmp

memory/3192-1173-0x00007FF7184D0000-0x00007FF718821000-memory.dmp

memory/112-1174-0x00007FF650900000-0x00007FF650C51000-memory.dmp

memory/3448-1175-0x00007FF665E00000-0x00007FF666151000-memory.dmp

memory/3324-1177-0x00007FF6F1280000-0x00007FF6F15D1000-memory.dmp

memory/2272-1176-0x00007FF7B39B0000-0x00007FF7B3D01000-memory.dmp

memory/4932-1195-0x00007FF72C390000-0x00007FF72C6E1000-memory.dmp

memory/3192-1197-0x00007FF7184D0000-0x00007FF718821000-memory.dmp

memory/4908-1199-0x00007FF7EFE80000-0x00007FF7F01D1000-memory.dmp

memory/564-1203-0x00007FF715FA0000-0x00007FF7162F1000-memory.dmp

memory/112-1201-0x00007FF650900000-0x00007FF650C51000-memory.dmp

memory/968-1205-0x00007FF7FC110000-0x00007FF7FC461000-memory.dmp

memory/2272-1213-0x00007FF7B39B0000-0x00007FF7B3D01000-memory.dmp

memory/1028-1211-0x00007FF76F580000-0x00007FF76F8D1000-memory.dmp

memory/3448-1208-0x00007FF665E00000-0x00007FF666151000-memory.dmp

memory/1132-1217-0x00007FF753940000-0x00007FF753C91000-memory.dmp

memory/2676-1223-0x00007FF645640000-0x00007FF645991000-memory.dmp

memory/1008-1221-0x00007FF78B020000-0x00007FF78B371000-memory.dmp

memory/4456-1219-0x00007FF7398D0000-0x00007FF739C21000-memory.dmp

memory/3272-1229-0x00007FF7D6C30000-0x00007FF7D6F81000-memory.dmp

memory/408-1234-0x00007FF75BA70000-0x00007FF75BDC1000-memory.dmp

memory/4200-1231-0x00007FF6351D0000-0x00007FF635521000-memory.dmp

memory/3324-1227-0x00007FF6F1280000-0x00007FF6F15D1000-memory.dmp

memory/1556-1242-0x00007FF6E41F0000-0x00007FF6E4541000-memory.dmp

memory/3968-1246-0x00007FF6986B0000-0x00007FF698A01000-memory.dmp

memory/800-1244-0x00007FF767D60000-0x00007FF7680B1000-memory.dmp

memory/2096-1255-0x00007FF757820000-0x00007FF757B71000-memory.dmp

memory/224-1254-0x00007FF7AB0E0000-0x00007FF7AB431000-memory.dmp

memory/2392-1251-0x00007FF6BD5B0000-0x00007FF6BD901000-memory.dmp

memory/3980-1249-0x00007FF6C8E20000-0x00007FF6C9171000-memory.dmp

memory/3628-1299-0x00007FF69D130000-0x00007FF69D481000-memory.dmp

memory/1976-1237-0x00007FF641060000-0x00007FF6413B1000-memory.dmp

memory/4028-1225-0x00007FF7521E0000-0x00007FF752531000-memory.dmp

memory/4824-1216-0x00007FF6A4D50000-0x00007FF6A50A1000-memory.dmp

memory/3952-1209-0x00007FF79C010000-0x00007FF79C361000-memory.dmp