Malware Analysis Report

2024-10-10 09:31

Sample ID 240628-vsemyazgjm
Target a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe
SHA256 a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030

Threat Level: Known bad

The file a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

xmrig

Kpot family

KPOT Core Executable

KPOT

XMRig Miner payload

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-28 17:14

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 17:14

Reported

2024-06-28 17:17

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\IzmQoEp.exe N/A
N/A N/A C:\Windows\System\UMcxpFp.exe N/A
N/A N/A C:\Windows\System\oUclhzi.exe N/A
N/A N/A C:\Windows\System\AcqgcIl.exe N/A
N/A N/A C:\Windows\System\pnLuTLX.exe N/A
N/A N/A C:\Windows\System\AUukPVb.exe N/A
N/A N/A C:\Windows\System\DhvNWbH.exe N/A
N/A N/A C:\Windows\System\NjDJXIN.exe N/A
N/A N/A C:\Windows\System\OkTiFxO.exe N/A
N/A N/A C:\Windows\System\aNtQmhx.exe N/A
N/A N/A C:\Windows\System\XkqPWDf.exe N/A
N/A N/A C:\Windows\System\PiNBgGC.exe N/A
N/A N/A C:\Windows\System\agaBdSn.exe N/A
N/A N/A C:\Windows\System\OvgHNKe.exe N/A
N/A N/A C:\Windows\System\yTcfJiB.exe N/A
N/A N/A C:\Windows\System\hJZZkyX.exe N/A
N/A N/A C:\Windows\System\wcBwHEB.exe N/A
N/A N/A C:\Windows\System\GNAeiHn.exe N/A
N/A N/A C:\Windows\System\DomHYkG.exe N/A
N/A N/A C:\Windows\System\UbCstua.exe N/A
N/A N/A C:\Windows\System\vRxHLGZ.exe N/A
N/A N/A C:\Windows\System\hcPKMZw.exe N/A
N/A N/A C:\Windows\System\MPleKod.exe N/A
N/A N/A C:\Windows\System\XZYjBgB.exe N/A
N/A N/A C:\Windows\System\RsJOvWy.exe N/A
N/A N/A C:\Windows\System\uHdcOTq.exe N/A
N/A N/A C:\Windows\System\EDRSpHY.exe N/A
N/A N/A C:\Windows\System\jjraDGx.exe N/A
N/A N/A C:\Windows\System\GzteyfO.exe N/A
N/A N/A C:\Windows\System\WEMlXdR.exe N/A
N/A N/A C:\Windows\System\VEpSuLH.exe N/A
N/A N/A C:\Windows\System\xyvgvOw.exe N/A
N/A N/A C:\Windows\System\CLWGBMJ.exe N/A
N/A N/A C:\Windows\System\mTAsAdI.exe N/A
N/A N/A C:\Windows\System\MweRGwH.exe N/A
N/A N/A C:\Windows\System\BDklwLn.exe N/A
N/A N/A C:\Windows\System\GTEjEhu.exe N/A
N/A N/A C:\Windows\System\cYxgHoh.exe N/A
N/A N/A C:\Windows\System\KbspLHW.exe N/A
N/A N/A C:\Windows\System\BDmhOtZ.exe N/A
N/A N/A C:\Windows\System\HHsbMIV.exe N/A
N/A N/A C:\Windows\System\yzpQopG.exe N/A
N/A N/A C:\Windows\System\TjVJsUu.exe N/A
N/A N/A C:\Windows\System\ezZDwwt.exe N/A
N/A N/A C:\Windows\System\KbhNyRq.exe N/A
N/A N/A C:\Windows\System\dvWEBIj.exe N/A
N/A N/A C:\Windows\System\OVHgOCt.exe N/A
N/A N/A C:\Windows\System\bxmoyEX.exe N/A
N/A N/A C:\Windows\System\qCKMjDZ.exe N/A
N/A N/A C:\Windows\System\xbQNYJy.exe N/A
N/A N/A C:\Windows\System\qIochhy.exe N/A
N/A N/A C:\Windows\System\nSPAvdF.exe N/A
N/A N/A C:\Windows\System\UNtbrgG.exe N/A
N/A N/A C:\Windows\System\aOygFGb.exe N/A
N/A N/A C:\Windows\System\gCeCmdr.exe N/A
N/A N/A C:\Windows\System\ucfDTgN.exe N/A
N/A N/A C:\Windows\System\laNeSQM.exe N/A
N/A N/A C:\Windows\System\CxLBtSZ.exe N/A
N/A N/A C:\Windows\System\hVJRMQc.exe N/A
N/A N/A C:\Windows\System\KvGqfbG.exe N/A
N/A N/A C:\Windows\System\rFpzmpp.exe N/A
N/A N/A C:\Windows\System\ypvbyNn.exe N/A
N/A N/A C:\Windows\System\iVAhVvr.exe N/A
N/A N/A C:\Windows\System\BBLsPJr.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\SBHEIaT.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkylEIQ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\faPFDTm.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\YCYVdFm.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkaXdAs.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzteyfO.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mTAsAdI.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTptbIY.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCzeFrW.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUSwEJz.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWjHXiT.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\sRbtLjo.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzsGbGH.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxuDwwi.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmNxSzh.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkTiFxO.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\PiNBgGC.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWFqnxw.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mqqouSs.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDocWGq.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMpYdny.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZiavdu.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\FIpWkLC.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAEDWUB.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybzNuBQ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\hmrfsCI.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\AEpPoRJ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOMEWZN.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwKZAEG.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\FICeGIB.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mywAjrP.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofUeiiU.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKkvKkG.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNtQmhx.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCKMjDZ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYaoKYT.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\mGcaHod.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXFCiUS.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpFWqtW.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsmPNih.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGhqJkX.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOqvroQ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ioqMOlW.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSPAvdF.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFpzmpp.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwGmwAU.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySTexKD.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\cZIYwZA.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEURVTl.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfDWXJN.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbCstua.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\XsfVyuQ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\AEnYUBb.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYFTwTv.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHfTmtP.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKcwihZ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\TjVJsUu.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDXrLkB.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTtkkeJ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAkhHbZ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\YfyZOuv.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxVStXz.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzmQoEp.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzpQopG.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4412 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\IzmQoEp.exe
PID 4412 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\IzmQoEp.exe
PID 4412 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\UMcxpFp.exe
PID 4412 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\UMcxpFp.exe
PID 4412 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\oUclhzi.exe
PID 4412 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\oUclhzi.exe
PID 4412 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\AcqgcIl.exe
PID 4412 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\AcqgcIl.exe
PID 4412 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pnLuTLX.exe
PID 4412 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pnLuTLX.exe
PID 4412 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\AUukPVb.exe
PID 4412 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\AUukPVb.exe
PID 4412 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DhvNWbH.exe
PID 4412 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DhvNWbH.exe
PID 4412 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\NjDJXIN.exe
PID 4412 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\NjDJXIN.exe
PID 4412 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\OkTiFxO.exe
PID 4412 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\OkTiFxO.exe
PID 4412 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\aNtQmhx.exe
PID 4412 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\aNtQmhx.exe
PID 4412 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XkqPWDf.exe
PID 4412 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XkqPWDf.exe
PID 4412 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\PiNBgGC.exe
PID 4412 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\PiNBgGC.exe
PID 4412 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\agaBdSn.exe
PID 4412 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\agaBdSn.exe
PID 4412 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\OvgHNKe.exe
PID 4412 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\OvgHNKe.exe
PID 4412 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\yTcfJiB.exe
PID 4412 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\yTcfJiB.exe
PID 4412 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\hJZZkyX.exe
PID 4412 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\hJZZkyX.exe
PID 4412 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\wcBwHEB.exe
PID 4412 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\wcBwHEB.exe
PID 4412 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\GNAeiHn.exe
PID 4412 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\GNAeiHn.exe
PID 4412 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DomHYkG.exe
PID 4412 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DomHYkG.exe
PID 4412 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\UbCstua.exe
PID 4412 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\UbCstua.exe
PID 4412 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\vRxHLGZ.exe
PID 4412 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\vRxHLGZ.exe
PID 4412 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\hcPKMZw.exe
PID 4412 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\hcPKMZw.exe
PID 4412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\MPleKod.exe
PID 4412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\MPleKod.exe
PID 4412 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XZYjBgB.exe
PID 4412 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XZYjBgB.exe
PID 4412 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\RsJOvWy.exe
PID 4412 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\RsJOvWy.exe
PID 4412 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\uHdcOTq.exe
PID 4412 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\uHdcOTq.exe
PID 4412 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\EDRSpHY.exe
PID 4412 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\EDRSpHY.exe
PID 4412 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jjraDGx.exe
PID 4412 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jjraDGx.exe
PID 4412 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\GzteyfO.exe
PID 4412 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\GzteyfO.exe
PID 4412 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\WEMlXdR.exe
PID 4412 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\WEMlXdR.exe
PID 4412 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\VEpSuLH.exe
PID 4412 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\VEpSuLH.exe
PID 4412 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\xyvgvOw.exe
PID 4412 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\xyvgvOw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe"

C:\Windows\System\IzmQoEp.exe

C:\Windows\System\IzmQoEp.exe

C:\Windows\System\UMcxpFp.exe

C:\Windows\System\UMcxpFp.exe

C:\Windows\System\oUclhzi.exe

C:\Windows\System\oUclhzi.exe

C:\Windows\System\AcqgcIl.exe

C:\Windows\System\AcqgcIl.exe

C:\Windows\System\pnLuTLX.exe

C:\Windows\System\pnLuTLX.exe

C:\Windows\System\AUukPVb.exe

C:\Windows\System\AUukPVb.exe

C:\Windows\System\DhvNWbH.exe

C:\Windows\System\DhvNWbH.exe

C:\Windows\System\NjDJXIN.exe

C:\Windows\System\NjDJXIN.exe

C:\Windows\System\OkTiFxO.exe

C:\Windows\System\OkTiFxO.exe

C:\Windows\System\aNtQmhx.exe

C:\Windows\System\aNtQmhx.exe

C:\Windows\System\XkqPWDf.exe

C:\Windows\System\XkqPWDf.exe

C:\Windows\System\PiNBgGC.exe

C:\Windows\System\PiNBgGC.exe

C:\Windows\System\agaBdSn.exe

C:\Windows\System\agaBdSn.exe

C:\Windows\System\OvgHNKe.exe

C:\Windows\System\OvgHNKe.exe

C:\Windows\System\yTcfJiB.exe

C:\Windows\System\yTcfJiB.exe

C:\Windows\System\hJZZkyX.exe

C:\Windows\System\hJZZkyX.exe

C:\Windows\System\wcBwHEB.exe

C:\Windows\System\wcBwHEB.exe

C:\Windows\System\GNAeiHn.exe

C:\Windows\System\GNAeiHn.exe

C:\Windows\System\DomHYkG.exe

C:\Windows\System\DomHYkG.exe

C:\Windows\System\UbCstua.exe

C:\Windows\System\UbCstua.exe

C:\Windows\System\vRxHLGZ.exe

C:\Windows\System\vRxHLGZ.exe

C:\Windows\System\hcPKMZw.exe

C:\Windows\System\hcPKMZw.exe

C:\Windows\System\MPleKod.exe

C:\Windows\System\MPleKod.exe

C:\Windows\System\XZYjBgB.exe

C:\Windows\System\XZYjBgB.exe

C:\Windows\System\RsJOvWy.exe

C:\Windows\System\RsJOvWy.exe

C:\Windows\System\uHdcOTq.exe

C:\Windows\System\uHdcOTq.exe

C:\Windows\System\EDRSpHY.exe

C:\Windows\System\EDRSpHY.exe

C:\Windows\System\jjraDGx.exe

C:\Windows\System\jjraDGx.exe

C:\Windows\System\GzteyfO.exe

C:\Windows\System\GzteyfO.exe

C:\Windows\System\WEMlXdR.exe

C:\Windows\System\WEMlXdR.exe

C:\Windows\System\VEpSuLH.exe

C:\Windows\System\VEpSuLH.exe

C:\Windows\System\xyvgvOw.exe

C:\Windows\System\xyvgvOw.exe

C:\Windows\System\CLWGBMJ.exe

C:\Windows\System\CLWGBMJ.exe

C:\Windows\System\mTAsAdI.exe

C:\Windows\System\mTAsAdI.exe

C:\Windows\System\MweRGwH.exe

C:\Windows\System\MweRGwH.exe

C:\Windows\System\BDklwLn.exe

C:\Windows\System\BDklwLn.exe

C:\Windows\System\GTEjEhu.exe

C:\Windows\System\GTEjEhu.exe

C:\Windows\System\cYxgHoh.exe

C:\Windows\System\cYxgHoh.exe

C:\Windows\System\KbspLHW.exe

C:\Windows\System\KbspLHW.exe

C:\Windows\System\BDmhOtZ.exe

C:\Windows\System\BDmhOtZ.exe

C:\Windows\System\HHsbMIV.exe

C:\Windows\System\HHsbMIV.exe

C:\Windows\System\yzpQopG.exe

C:\Windows\System\yzpQopG.exe

C:\Windows\System\TjVJsUu.exe

C:\Windows\System\TjVJsUu.exe

C:\Windows\System\ezZDwwt.exe

C:\Windows\System\ezZDwwt.exe

C:\Windows\System\KbhNyRq.exe

C:\Windows\System\KbhNyRq.exe

C:\Windows\System\dvWEBIj.exe

C:\Windows\System\dvWEBIj.exe

C:\Windows\System\OVHgOCt.exe

C:\Windows\System\OVHgOCt.exe

C:\Windows\System\bxmoyEX.exe

C:\Windows\System\bxmoyEX.exe

C:\Windows\System\qCKMjDZ.exe

C:\Windows\System\qCKMjDZ.exe

C:\Windows\System\xbQNYJy.exe

C:\Windows\System\xbQNYJy.exe

C:\Windows\System\qIochhy.exe

C:\Windows\System\qIochhy.exe

C:\Windows\System\nSPAvdF.exe

C:\Windows\System\nSPAvdF.exe

C:\Windows\System\UNtbrgG.exe

C:\Windows\System\UNtbrgG.exe

C:\Windows\System\aOygFGb.exe

C:\Windows\System\aOygFGb.exe

C:\Windows\System\gCeCmdr.exe

C:\Windows\System\gCeCmdr.exe

C:\Windows\System\ucfDTgN.exe

C:\Windows\System\ucfDTgN.exe

C:\Windows\System\laNeSQM.exe

C:\Windows\System\laNeSQM.exe

C:\Windows\System\CxLBtSZ.exe

C:\Windows\System\CxLBtSZ.exe

C:\Windows\System\hVJRMQc.exe

C:\Windows\System\hVJRMQc.exe

C:\Windows\System\KvGqfbG.exe

C:\Windows\System\KvGqfbG.exe

C:\Windows\System\rFpzmpp.exe

C:\Windows\System\rFpzmpp.exe

C:\Windows\System\ypvbyNn.exe

C:\Windows\System\ypvbyNn.exe

C:\Windows\System\iVAhVvr.exe

C:\Windows\System\iVAhVvr.exe

C:\Windows\System\BBLsPJr.exe

C:\Windows\System\BBLsPJr.exe

C:\Windows\System\uwdMArB.exe

C:\Windows\System\uwdMArB.exe

C:\Windows\System\MFtkWrg.exe

C:\Windows\System\MFtkWrg.exe

C:\Windows\System\QqZOCTD.exe

C:\Windows\System\QqZOCTD.exe

C:\Windows\System\AEpPoRJ.exe

C:\Windows\System\AEpPoRJ.exe

C:\Windows\System\GwQSnZk.exe

C:\Windows\System\GwQSnZk.exe

C:\Windows\System\mWFqnxw.exe

C:\Windows\System\mWFqnxw.exe

C:\Windows\System\idRtkBA.exe

C:\Windows\System\idRtkBA.exe

C:\Windows\System\hHsMGyL.exe

C:\Windows\System\hHsMGyL.exe

C:\Windows\System\PgEyBWP.exe

C:\Windows\System\PgEyBWP.exe

C:\Windows\System\nAKCpxg.exe

C:\Windows\System\nAKCpxg.exe

C:\Windows\System\bTzwoHb.exe

C:\Windows\System\bTzwoHb.exe

C:\Windows\System\OJmdMrT.exe

C:\Windows\System\OJmdMrT.exe

C:\Windows\System\qlCwJLF.exe

C:\Windows\System\qlCwJLF.exe

C:\Windows\System\zWjHXiT.exe

C:\Windows\System\zWjHXiT.exe

C:\Windows\System\WUuNpbU.exe

C:\Windows\System\WUuNpbU.exe

C:\Windows\System\HQYJfLf.exe

C:\Windows\System\HQYJfLf.exe

C:\Windows\System\RQoSBmj.exe

C:\Windows\System\RQoSBmj.exe

C:\Windows\System\jmfwjMy.exe

C:\Windows\System\jmfwjMy.exe

C:\Windows\System\fQmBnqQ.exe

C:\Windows\System\fQmBnqQ.exe

C:\Windows\System\tMbzdZv.exe

C:\Windows\System\tMbzdZv.exe

C:\Windows\System\sRbtLjo.exe

C:\Windows\System\sRbtLjo.exe

C:\Windows\System\LIJehEU.exe

C:\Windows\System\LIJehEU.exe

C:\Windows\System\QgnlCCM.exe

C:\Windows\System\QgnlCCM.exe

C:\Windows\System\ZZjcJfI.exe

C:\Windows\System\ZZjcJfI.exe

C:\Windows\System\uYiRCcO.exe

C:\Windows\System\uYiRCcO.exe

C:\Windows\System\qXFCiUS.exe

C:\Windows\System\qXFCiUS.exe

C:\Windows\System\DyUTMQl.exe

C:\Windows\System\DyUTMQl.exe

C:\Windows\System\XSgJBcp.exe

C:\Windows\System\XSgJBcp.exe

C:\Windows\System\LDXrLkB.exe

C:\Windows\System\LDXrLkB.exe

C:\Windows\System\jOsscqF.exe

C:\Windows\System\jOsscqF.exe

C:\Windows\System\UUeWsAk.exe

C:\Windows\System\UUeWsAk.exe

C:\Windows\System\AbHCVqs.exe

C:\Windows\System\AbHCVqs.exe

C:\Windows\System\kYaoKYT.exe

C:\Windows\System\kYaoKYT.exe

C:\Windows\System\vlmHzsC.exe

C:\Windows\System\vlmHzsC.exe

C:\Windows\System\BPEFRKe.exe

C:\Windows\System\BPEFRKe.exe

C:\Windows\System\RbpZZNV.exe

C:\Windows\System\RbpZZNV.exe

C:\Windows\System\tPwpIif.exe

C:\Windows\System\tPwpIif.exe

C:\Windows\System\rGgYTcY.exe

C:\Windows\System\rGgYTcY.exe

C:\Windows\System\DlFpcTW.exe

C:\Windows\System\DlFpcTW.exe

C:\Windows\System\zoRzApn.exe

C:\Windows\System\zoRzApn.exe

C:\Windows\System\GdPnIge.exe

C:\Windows\System\GdPnIge.exe

C:\Windows\System\CZiavdu.exe

C:\Windows\System\CZiavdu.exe

C:\Windows\System\Dctnfoe.exe

C:\Windows\System\Dctnfoe.exe

C:\Windows\System\fkIfrzW.exe

C:\Windows\System\fkIfrzW.exe

C:\Windows\System\iQHXYkk.exe

C:\Windows\System\iQHXYkk.exe

C:\Windows\System\ATQoXwA.exe

C:\Windows\System\ATQoXwA.exe

C:\Windows\System\umpwXVW.exe

C:\Windows\System\umpwXVW.exe

C:\Windows\System\taoRZlH.exe

C:\Windows\System\taoRZlH.exe

C:\Windows\System\vqhsZKp.exe

C:\Windows\System\vqhsZKp.exe

C:\Windows\System\oscLvMr.exe

C:\Windows\System\oscLvMr.exe

C:\Windows\System\CpCZawf.exe

C:\Windows\System\CpCZawf.exe

C:\Windows\System\gmcdkwz.exe

C:\Windows\System\gmcdkwz.exe

C:\Windows\System\UPyCqxT.exe

C:\Windows\System\UPyCqxT.exe

C:\Windows\System\QzsGbGH.exe

C:\Windows\System\QzsGbGH.exe

C:\Windows\System\aJPBZlf.exe

C:\Windows\System\aJPBZlf.exe

C:\Windows\System\IpPnhVy.exe

C:\Windows\System\IpPnhVy.exe

C:\Windows\System\QgYZEZz.exe

C:\Windows\System\QgYZEZz.exe

C:\Windows\System\MLvnBLK.exe

C:\Windows\System\MLvnBLK.exe

C:\Windows\System\ayYvcBW.exe

C:\Windows\System\ayYvcBW.exe

C:\Windows\System\vFxRxvN.exe

C:\Windows\System\vFxRxvN.exe

C:\Windows\System\ZtUoFvf.exe

C:\Windows\System\ZtUoFvf.exe

C:\Windows\System\VpFWqtW.exe

C:\Windows\System\VpFWqtW.exe

C:\Windows\System\hxuDwwi.exe

C:\Windows\System\hxuDwwi.exe

C:\Windows\System\jRiLlxX.exe

C:\Windows\System\jRiLlxX.exe

C:\Windows\System\ryCFWzh.exe

C:\Windows\System\ryCFWzh.exe

C:\Windows\System\fHdejQP.exe

C:\Windows\System\fHdejQP.exe

C:\Windows\System\ujwynfo.exe

C:\Windows\System\ujwynfo.exe

C:\Windows\System\FICeGIB.exe

C:\Windows\System\FICeGIB.exe

C:\Windows\System\MbAIAGl.exe

C:\Windows\System\MbAIAGl.exe

C:\Windows\System\BTtkkeJ.exe

C:\Windows\System\BTtkkeJ.exe

C:\Windows\System\RiFtjXs.exe

C:\Windows\System\RiFtjXs.exe

C:\Windows\System\PuIReJL.exe

C:\Windows\System\PuIReJL.exe

C:\Windows\System\UYuvclD.exe

C:\Windows\System\UYuvclD.exe

C:\Windows\System\SVHKAFY.exe

C:\Windows\System\SVHKAFY.exe

C:\Windows\System\VDCbzfA.exe

C:\Windows\System\VDCbzfA.exe

C:\Windows\System\RkIVipP.exe

C:\Windows\System\RkIVipP.exe

C:\Windows\System\XmNxSzh.exe

C:\Windows\System\XmNxSzh.exe

C:\Windows\System\AEnYUBb.exe

C:\Windows\System\AEnYUBb.exe

C:\Windows\System\TYFTwTv.exe

C:\Windows\System\TYFTwTv.exe

C:\Windows\System\EoasObc.exe

C:\Windows\System\EoasObc.exe

C:\Windows\System\lVjJQep.exe

C:\Windows\System\lVjJQep.exe

C:\Windows\System\PIgdkZy.exe

C:\Windows\System\PIgdkZy.exe

C:\Windows\System\MORlCMM.exe

C:\Windows\System\MORlCMM.exe

C:\Windows\System\HICKKRC.exe

C:\Windows\System\HICKKRC.exe

C:\Windows\System\neYlGGx.exe

C:\Windows\System\neYlGGx.exe

C:\Windows\System\dVwCgwW.exe

C:\Windows\System\dVwCgwW.exe

C:\Windows\System\HsbcRJP.exe

C:\Windows\System\HsbcRJP.exe

C:\Windows\System\hPVUElI.exe

C:\Windows\System\hPVUElI.exe

C:\Windows\System\bAkhHbZ.exe

C:\Windows\System\bAkhHbZ.exe

C:\Windows\System\LZBpiVD.exe

C:\Windows\System\LZBpiVD.exe

C:\Windows\System\nXyWLND.exe

C:\Windows\System\nXyWLND.exe

C:\Windows\System\mqqouSs.exe

C:\Windows\System\mqqouSs.exe

C:\Windows\System\eYsDQIh.exe

C:\Windows\System\eYsDQIh.exe

C:\Windows\System\cZIYwZA.exe

C:\Windows\System\cZIYwZA.exe

C:\Windows\System\goAuYzR.exe

C:\Windows\System\goAuYzR.exe

C:\Windows\System\FmaivhY.exe

C:\Windows\System\FmaivhY.exe

C:\Windows\System\xNnDydU.exe

C:\Windows\System\xNnDydU.exe

C:\Windows\System\fkUIHLg.exe

C:\Windows\System\fkUIHLg.exe

C:\Windows\System\INdEIHS.exe

C:\Windows\System\INdEIHS.exe

C:\Windows\System\eaWbwMK.exe

C:\Windows\System\eaWbwMK.exe

C:\Windows\System\fEURVTl.exe

C:\Windows\System\fEURVTl.exe

C:\Windows\System\aDocWGq.exe

C:\Windows\System\aDocWGq.exe

C:\Windows\System\xTTuHli.exe

C:\Windows\System\xTTuHli.exe

C:\Windows\System\GsmPNih.exe

C:\Windows\System\GsmPNih.exe

C:\Windows\System\dOMEWZN.exe

C:\Windows\System\dOMEWZN.exe

C:\Windows\System\UpCIeFu.exe

C:\Windows\System\UpCIeFu.exe

C:\Windows\System\YXIIBYz.exe

C:\Windows\System\YXIIBYz.exe

C:\Windows\System\BFocxJJ.exe

C:\Windows\System\BFocxJJ.exe

C:\Windows\System\tfwgDGC.exe

C:\Windows\System\tfwgDGC.exe

C:\Windows\System\XoaxLxb.exe

C:\Windows\System\XoaxLxb.exe

C:\Windows\System\LSdYHxq.exe

C:\Windows\System\LSdYHxq.exe

C:\Windows\System\ARuZYuh.exe

C:\Windows\System\ARuZYuh.exe

C:\Windows\System\YfyZOuv.exe

C:\Windows\System\YfyZOuv.exe

C:\Windows\System\BnXjrzm.exe

C:\Windows\System\BnXjrzm.exe

C:\Windows\System\VYbdbgy.exe

C:\Windows\System\VYbdbgy.exe

C:\Windows\System\yfDWXJN.exe

C:\Windows\System\yfDWXJN.exe

C:\Windows\System\fvTLKgw.exe

C:\Windows\System\fvTLKgw.exe

C:\Windows\System\mywAjrP.exe

C:\Windows\System\mywAjrP.exe

C:\Windows\System\PPKlWIN.exe

C:\Windows\System\PPKlWIN.exe

C:\Windows\System\tobqvVx.exe

C:\Windows\System\tobqvVx.exe

C:\Windows\System\nxxBBLi.exe

C:\Windows\System\nxxBBLi.exe

C:\Windows\System\RUqsRUv.exe

C:\Windows\System\RUqsRUv.exe

C:\Windows\System\aOGXjpg.exe

C:\Windows\System\aOGXjpg.exe

C:\Windows\System\QqiRdBY.exe

C:\Windows\System\QqiRdBY.exe

C:\Windows\System\hbrTnlJ.exe

C:\Windows\System\hbrTnlJ.exe

C:\Windows\System\kRwPRid.exe

C:\Windows\System\kRwPRid.exe

C:\Windows\System\FotyZYI.exe

C:\Windows\System\FotyZYI.exe

C:\Windows\System\rTptbIY.exe

C:\Windows\System\rTptbIY.exe

C:\Windows\System\ZHfTmtP.exe

C:\Windows\System\ZHfTmtP.exe

C:\Windows\System\zDbzNpo.exe

C:\Windows\System\zDbzNpo.exe

C:\Windows\System\SBHEIaT.exe

C:\Windows\System\SBHEIaT.exe

C:\Windows\System\mbwhvwE.exe

C:\Windows\System\mbwhvwE.exe

C:\Windows\System\ZXrGEWs.exe

C:\Windows\System\ZXrGEWs.exe

C:\Windows\System\AwGmwAU.exe

C:\Windows\System\AwGmwAU.exe

C:\Windows\System\ZGhqJkX.exe

C:\Windows\System\ZGhqJkX.exe

C:\Windows\System\EaXdCbI.exe

C:\Windows\System\EaXdCbI.exe

C:\Windows\System\xjZYRVq.exe

C:\Windows\System\xjZYRVq.exe

C:\Windows\System\rkylEIQ.exe

C:\Windows\System\rkylEIQ.exe

C:\Windows\System\WFVZJze.exe

C:\Windows\System\WFVZJze.exe

C:\Windows\System\xTeefdf.exe

C:\Windows\System\xTeefdf.exe

C:\Windows\System\faPFDTm.exe

C:\Windows\System\faPFDTm.exe

C:\Windows\System\FGBxoNO.exe

C:\Windows\System\FGBxoNO.exe

C:\Windows\System\XxxhgAh.exe

C:\Windows\System\XxxhgAh.exe

C:\Windows\System\GSkFNQW.exe

C:\Windows\System\GSkFNQW.exe

C:\Windows\System\KkkhizZ.exe

C:\Windows\System\KkkhizZ.exe

C:\Windows\System\tPZYSCL.exe

C:\Windows\System\tPZYSCL.exe

C:\Windows\System\IlkERRt.exe

C:\Windows\System\IlkERRt.exe

C:\Windows\System\BRByiuV.exe

C:\Windows\System\BRByiuV.exe

C:\Windows\System\INsoKev.exe

C:\Windows\System\INsoKev.exe

C:\Windows\System\nYQCVyf.exe

C:\Windows\System\nYQCVyf.exe

C:\Windows\System\rkgQlul.exe

C:\Windows\System\rkgQlul.exe

C:\Windows\System\TemHQcN.exe

C:\Windows\System\TemHQcN.exe

C:\Windows\System\orbSuob.exe

C:\Windows\System\orbSuob.exe

C:\Windows\System\iALASBe.exe

C:\Windows\System\iALASBe.exe

C:\Windows\System\yBMPXCa.exe

C:\Windows\System\yBMPXCa.exe

C:\Windows\System\aMpYdny.exe

C:\Windows\System\aMpYdny.exe

C:\Windows\System\Hnkqkfb.exe

C:\Windows\System\Hnkqkfb.exe

C:\Windows\System\RDaxWFy.exe

C:\Windows\System\RDaxWFy.exe

C:\Windows\System\ADDjaDs.exe

C:\Windows\System\ADDjaDs.exe

C:\Windows\System\YCYVdFm.exe

C:\Windows\System\YCYVdFm.exe

C:\Windows\System\nOqvroQ.exe

C:\Windows\System\nOqvroQ.exe

C:\Windows\System\oVcEKKQ.exe

C:\Windows\System\oVcEKKQ.exe

C:\Windows\System\ZLNKTof.exe

C:\Windows\System\ZLNKTof.exe

C:\Windows\System\LBdNWBn.exe

C:\Windows\System\LBdNWBn.exe

C:\Windows\System\mkaXdAs.exe

C:\Windows\System\mkaXdAs.exe

C:\Windows\System\ZziJCND.exe

C:\Windows\System\ZziJCND.exe

C:\Windows\System\ChSTccA.exe

C:\Windows\System\ChSTccA.exe

C:\Windows\System\oxXGrSJ.exe

C:\Windows\System\oxXGrSJ.exe

C:\Windows\System\EzNKJJk.exe

C:\Windows\System\EzNKJJk.exe

C:\Windows\System\gWBsRYr.exe

C:\Windows\System\gWBsRYr.exe

C:\Windows\System\HAmPvLa.exe

C:\Windows\System\HAmPvLa.exe

C:\Windows\System\yKKVErE.exe

C:\Windows\System\yKKVErE.exe

C:\Windows\System\VTPTmnS.exe

C:\Windows\System\VTPTmnS.exe

C:\Windows\System\qbGvJkG.exe

C:\Windows\System\qbGvJkG.exe

C:\Windows\System\seZpEPS.exe

C:\Windows\System\seZpEPS.exe

C:\Windows\System\aSzULuc.exe

C:\Windows\System\aSzULuc.exe

C:\Windows\System\BSnblFp.exe

C:\Windows\System\BSnblFp.exe

C:\Windows\System\McGBKeu.exe

C:\Windows\System\McGBKeu.exe

C:\Windows\System\KojjgTZ.exe

C:\Windows\System\KojjgTZ.exe

C:\Windows\System\UaXoUnN.exe

C:\Windows\System\UaXoUnN.exe

C:\Windows\System\ztqAyku.exe

C:\Windows\System\ztqAyku.exe

C:\Windows\System\gKFASWm.exe

C:\Windows\System\gKFASWm.exe

C:\Windows\System\hchxmDy.exe

C:\Windows\System\hchxmDy.exe

C:\Windows\System\AchYlpR.exe

C:\Windows\System\AchYlpR.exe

C:\Windows\System\GmHOraz.exe

C:\Windows\System\GmHOraz.exe

C:\Windows\System\TxoYBIq.exe

C:\Windows\System\TxoYBIq.exe

C:\Windows\System\ofUeiiU.exe

C:\Windows\System\ofUeiiU.exe

C:\Windows\System\mGcaHod.exe

C:\Windows\System\mGcaHod.exe

C:\Windows\System\srYlCjJ.exe

C:\Windows\System\srYlCjJ.exe

C:\Windows\System\jVpEGSS.exe

C:\Windows\System\jVpEGSS.exe

C:\Windows\System\VDUpstd.exe

C:\Windows\System\VDUpstd.exe

C:\Windows\System\tCzeFrW.exe

C:\Windows\System\tCzeFrW.exe

C:\Windows\System\nDWFAll.exe

C:\Windows\System\nDWFAll.exe

C:\Windows\System\GZGGzpL.exe

C:\Windows\System\GZGGzpL.exe

C:\Windows\System\dcdiFNX.exe

C:\Windows\System\dcdiFNX.exe

C:\Windows\System\ySTexKD.exe

C:\Windows\System\ySTexKD.exe

C:\Windows\System\QxVStXz.exe

C:\Windows\System\QxVStXz.exe

C:\Windows\System\LpMqdNL.exe

C:\Windows\System\LpMqdNL.exe

C:\Windows\System\IJHgCWV.exe

C:\Windows\System\IJHgCWV.exe

C:\Windows\System\ioqMOlW.exe

C:\Windows\System\ioqMOlW.exe

C:\Windows\System\GihGzjE.exe

C:\Windows\System\GihGzjE.exe

C:\Windows\System\CAdCzQu.exe

C:\Windows\System\CAdCzQu.exe

C:\Windows\System\gMPCrWt.exe

C:\Windows\System\gMPCrWt.exe

C:\Windows\System\huOkRXN.exe

C:\Windows\System\huOkRXN.exe

C:\Windows\System\hDEfYaE.exe

C:\Windows\System\hDEfYaE.exe

C:\Windows\System\egnnljQ.exe

C:\Windows\System\egnnljQ.exe

C:\Windows\System\MMacvyh.exe

C:\Windows\System\MMacvyh.exe

C:\Windows\System\rWAWEwS.exe

C:\Windows\System\rWAWEwS.exe

C:\Windows\System\XsfVyuQ.exe

C:\Windows\System\XsfVyuQ.exe

C:\Windows\System\FIpWkLC.exe

C:\Windows\System\FIpWkLC.exe

C:\Windows\System\yaNWIGv.exe

C:\Windows\System\yaNWIGv.exe

C:\Windows\System\foFWdBn.exe

C:\Windows\System\foFWdBn.exe

C:\Windows\System\DxTKKlS.exe

C:\Windows\System\DxTKKlS.exe

C:\Windows\System\NYGUIqg.exe

C:\Windows\System\NYGUIqg.exe

C:\Windows\System\SwKZAEG.exe

C:\Windows\System\SwKZAEG.exe

C:\Windows\System\fUSwEJz.exe

C:\Windows\System\fUSwEJz.exe

C:\Windows\System\xtUvXaI.exe

C:\Windows\System\xtUvXaI.exe

C:\Windows\System\QAZpXhl.exe

C:\Windows\System\QAZpXhl.exe

C:\Windows\System\fhJguCH.exe

C:\Windows\System\fhJguCH.exe

C:\Windows\System\VvhlaFz.exe

C:\Windows\System\VvhlaFz.exe

C:\Windows\System\TLTPJbp.exe

C:\Windows\System\TLTPJbp.exe

C:\Windows\System\mwZOtTD.exe

C:\Windows\System\mwZOtTD.exe

C:\Windows\System\MxcYelf.exe

C:\Windows\System\MxcYelf.exe

C:\Windows\System\BkxvPwJ.exe

C:\Windows\System\BkxvPwJ.exe

C:\Windows\System\pmpLOgf.exe

C:\Windows\System\pmpLOgf.exe

C:\Windows\System\IAEDWUB.exe

C:\Windows\System\IAEDWUB.exe

C:\Windows\System\ZIJbvtd.exe

C:\Windows\System\ZIJbvtd.exe

C:\Windows\System\wkMvlcj.exe

C:\Windows\System\wkMvlcj.exe

C:\Windows\System\YZQBWwN.exe

C:\Windows\System\YZQBWwN.exe

C:\Windows\System\oYhDpuT.exe

C:\Windows\System\oYhDpuT.exe

C:\Windows\System\kzOJbtW.exe

C:\Windows\System\kzOJbtW.exe

C:\Windows\System\zDPshlV.exe

C:\Windows\System\zDPshlV.exe

C:\Windows\System\TLMYbtW.exe

C:\Windows\System\TLMYbtW.exe

C:\Windows\System\OlLTZvy.exe

C:\Windows\System\OlLTZvy.exe

C:\Windows\System\ceIdeCO.exe

C:\Windows\System\ceIdeCO.exe

C:\Windows\System\MKkvKkG.exe

C:\Windows\System\MKkvKkG.exe

C:\Windows\System\EhadhgG.exe

C:\Windows\System\EhadhgG.exe

C:\Windows\System\ybzNuBQ.exe

C:\Windows\System\ybzNuBQ.exe

C:\Windows\System\hmrfsCI.exe

C:\Windows\System\hmrfsCI.exe

C:\Windows\System\BFzCCaU.exe

C:\Windows\System\BFzCCaU.exe

C:\Windows\System\etiqGMC.exe

C:\Windows\System\etiqGMC.exe

C:\Windows\System\hejiSMv.exe

C:\Windows\System\hejiSMv.exe

C:\Windows\System\YGKwlxq.exe

C:\Windows\System\YGKwlxq.exe

C:\Windows\System\WaITHvk.exe

C:\Windows\System\WaITHvk.exe

C:\Windows\System\FxVDive.exe

C:\Windows\System\FxVDive.exe

C:\Windows\System\mlPjaWE.exe

C:\Windows\System\mlPjaWE.exe

C:\Windows\System\TOSiwdT.exe

C:\Windows\System\TOSiwdT.exe

C:\Windows\System\GKzFHlZ.exe

C:\Windows\System\GKzFHlZ.exe

C:\Windows\System\FWCMfcw.exe

C:\Windows\System\FWCMfcw.exe

C:\Windows\System\gFJeGAe.exe

C:\Windows\System\gFJeGAe.exe

C:\Windows\System\YKcwihZ.exe

C:\Windows\System\YKcwihZ.exe

C:\Windows\System\EqXTXBm.exe

C:\Windows\System\EqXTXBm.exe

C:\Windows\System\wIRZOUO.exe

C:\Windows\System\wIRZOUO.exe

C:\Windows\System\DASFZXv.exe

C:\Windows\System\DASFZXv.exe

C:\Windows\System\RSVgZAO.exe

C:\Windows\System\RSVgZAO.exe

C:\Windows\System\dfzhzaZ.exe

C:\Windows\System\dfzhzaZ.exe

C:\Windows\System\pfqrxWm.exe

C:\Windows\System\pfqrxWm.exe

C:\Windows\System\GhjUZdG.exe

C:\Windows\System\GhjUZdG.exe

C:\Windows\System\FtRhnMs.exe

C:\Windows\System\FtRhnMs.exe

C:\Windows\System\IgXWWdQ.exe

C:\Windows\System\IgXWWdQ.exe

C:\Windows\System\tFXwuvA.exe

C:\Windows\System\tFXwuvA.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3264 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.178.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/4412-0-0x00007FF7B2B90000-0x00007FF7B2EE4000-memory.dmp

memory/4412-1-0x0000018C7B050000-0x0000018C7B060000-memory.dmp

C:\Windows\System\IzmQoEp.exe

MD5 6ffb6c34691da190b4c9c1c5e70907dd
SHA1 e5a5beb16849e144aef88f6e3d52c341267a01d6
SHA256 34b5df3c88ec21ad19a487f9f506d81f1f097d03ea63e39ac9168afdefe0e28a
SHA512 30e7a813ee52ab68e204219911848f15da8fe19c49ff803925f12eb7f18ed844ea036865f988efd2bc14e609c8cb563e2637d2e1310172c7b9edfa4cad835aad

C:\Windows\System\oUclhzi.exe

MD5 b3bc13e0ead403a27a12314f56307aad
SHA1 820354e322af989924370773437508ae24f350a4
SHA256 e8914fdb8c6132f9fb5085a3b79857beba39b1a533e1b97c847fc187c7a39494
SHA512 b218facf621434c1fa22c45ad07713fd1e229fabf5a68349e74439f59da7d8dbd962846518d933914d1596955a7b9455ec1d04ae8c6c03b1d4c66b70145ef221

C:\Windows\System\UMcxpFp.exe

MD5 c44a106d218f1755fee78b19eca7cf34
SHA1 b2435fe92924720ee30a02fa79198dd689f684fa
SHA256 aab64caf4889779e56d65881b71999a0dbe368236c58d7fae25cff16498a210f
SHA512 0c884d2d6e13c21da8a9323169d0ec09712468b88574375ee11340d2df8129643e79c287efad335e3122afeaa3212723d0757207f672a935a4ba970b6f83202e

memory/100-14-0x00007FF642920000-0x00007FF642C74000-memory.dmp

memory/1464-10-0x00007FF605DD0000-0x00007FF606124000-memory.dmp

memory/1884-20-0x00007FF7D5BC0000-0x00007FF7D5F14000-memory.dmp

C:\Windows\System\AcqgcIl.exe

MD5 50aaa17ed126d32ca9407e3b29e5a3a0
SHA1 8cd6419482df73d509029391a45c3f49554def19
SHA256 142064a764dd5fea6ff673648f33ba955fcf9f67fafc4299aa1dec88c1b45bea
SHA512 d2dc232d18437450423a466ca3c7ae19dacc9f28bf2aaccd21325a2477659ef12988eea30d57696340a11000bc18bd1b4035a9bf0964233741c960f576c942b4

memory/1956-27-0x00007FF7AAFF0000-0x00007FF7AB344000-memory.dmp

C:\Windows\System\pnLuTLX.exe

MD5 b3fbe013ed9aeedfa9d7fcffb1712bc9
SHA1 e453b2d245bf0cfd42bda7eecaf7ae7f08621d59
SHA256 30d27493f97eb6b815dd6b4aabed4e42b5813ad53d8ad8e699f9e0058e7d8582
SHA512 452b18061414b0ea3b32b2568c2b6534b776c529c8df63cee318d603ba73b59ad77d89b3242dd942cb32f2ceb8d98c77941ce8e9e0ad1d94e9993e604947b88f

memory/4640-35-0x00007FF6FD7E0000-0x00007FF6FDB34000-memory.dmp

C:\Windows\System\AUukPVb.exe

MD5 6a69ec8ba979585531ba099422d0030b
SHA1 426e19703e4c46628955e036a636183cc5bb87e0
SHA256 6dfd770da16a157f857e03c012bb631b7284675d36eb909ef94cc687a67631aa
SHA512 6aba87fbfe82c794f232d66ec3d0aec43e6b40fd50da31ddcc156fe0f1b94f975a6e7b6cb3d3e4e34a076d1668d83f66c5e301bb0c9ec6805f3b218ef1df1b9b

C:\Windows\System\DhvNWbH.exe

MD5 fe680293e4d15ef5580681961262dbb9
SHA1 ecba8ad1cd3d13a29076ae454b6773e4470de3e6
SHA256 c3a6b8eabcd653296b20f048584cbc875fcee26441a0566abd78386a67b761b4
SHA512 7792e6bee51d426e32e35a79b96a358d6fc45bf7af0c12960f6d03fbba37a5425aae35181e709cf96cf437c17567363731105a594818116144726eb1e69325b5

C:\Windows\System\NjDJXIN.exe

MD5 230b963642b1048f8118059c89fcc158
SHA1 bddca2492ede9d9106d674fe26182192dbe54b87
SHA256 85d95997024e0dd4f56e2c1952b6dad4f7baa8ae26a0cd611f228a0e3443b345
SHA512 bc38c7bf183ebbaa5fadbd31e1d4512807561c484b543316c9893ef6afde56233c339e940368acb0b478d74458b32985512e7423941c165ef1d854118595299c

C:\Windows\System\OkTiFxO.exe

MD5 eab5b3f0bbf01cf8ba085397db0fe81f
SHA1 e51d0be802e388bd35b1fc4711e450e2a7c861f0
SHA256 1343f7ae1e1353b9d50dd88b1c29bee02d2cddef55f5941d3cc34843c2aa5ce6
SHA512 76b1fa977f0d46d86a147f17247ea33d7d7b6817f9686e675210d7e865c858dc760509cf77f7e1099fef3d260794b9cc85c0f83c09d8d8127f48d822d795c80e

C:\Windows\System\aNtQmhx.exe

MD5 446c106d9143a73b6e23e708f94c9188
SHA1 2766afdca553f99ed9c58b0482764a959dc95f41
SHA256 bd928bab3bef5b71ca054b9ca06428c85330ca9b851785cf5f696433ec484664
SHA512 6c889e8d9475bba4e7514ff51b006ded2e944ccdf5a214988192483ad1775caeecea425ba0abc9678d2787e5f766556cbac6c0a8996cc22d8c5bdb1bae6dc52e

C:\Windows\System\XkqPWDf.exe

MD5 3120fe8c1aaa78595c271b1f5303655e
SHA1 0fe6306b535c08fa6f721d0aa02603aa1987fb5b
SHA256 c8772bd8fe8f9a8f1460f89e1a37d8d3582098c7e02d1580f36dfa5d6b17f1d4
SHA512 e928cf51705868a7938ee783a4dec218a4637984a9f9b5c140537941e2b23bf2ae303f2f9dd0559fb47346df84f9870b6ff30d03df112fa87eb0ce405f84903b

C:\Windows\System\PiNBgGC.exe

MD5 71127f0f7ccba9572a247a1718e3ce96
SHA1 3f4fafaef4fb9ca8187e0639cc682333bc670945
SHA256 c2b69b4733da4a7f8e40f7e0843008b5d8e5b45b46af8fd99bc463207bf3c8ee
SHA512 30167ebc8c80030321c037b344b4cd8178c2c04c19169535fd9f1dd826b0509f2d0b2241e0cd0704fbc446abb2bed82e4cbbc872785704abe1c73af32a9b5f08

memory/4540-71-0x00007FF758FF0000-0x00007FF759344000-memory.dmp

C:\Windows\System\agaBdSn.exe

MD5 df18a08e3bc1c7bd26c01f5332c01d7d
SHA1 eedb934f3098c84283ce28c6f10299d235ed0d87
SHA256 f8e6344c140dcbc5718af18df8c52257ef355a7dcb0468cfcdfe6920b3d9af34
SHA512 308e769cb1432ba5fa01299f9865550dc15f10a88b6675f3624499780c1710417cd0147b7d72520b8f089882d3ea21844a99e9d6ae994154124cc93bd22e9147

memory/4440-73-0x00007FF6FBA40000-0x00007FF6FBD94000-memory.dmp

memory/4024-77-0x00007FF65C940000-0x00007FF65CC94000-memory.dmp

memory/564-78-0x00007FF775C10000-0x00007FF775F64000-memory.dmp

memory/2812-76-0x00007FF769860000-0x00007FF769BB4000-memory.dmp

memory/1792-79-0x00007FF6030D0000-0x00007FF603424000-memory.dmp

memory/1708-80-0x00007FF741830000-0x00007FF741B84000-memory.dmp

memory/880-72-0x00007FF6EA5C0000-0x00007FF6EA914000-memory.dmp

C:\Windows\System\yTcfJiB.exe

MD5 29d0c7e34f99c7c766bd9a835e0f9233
SHA1 0ba018149f2ab4da75e6beea61cf6fd6fc306e91
SHA256 ab48759406f52bd1c4466e064a718e12fcd65462dd3f82955a6ae3ff764c1f8c
SHA512 9940d31a1bcb80e1fb0dc1af6823d454712be339f280562567d9f5bb3a04d63e420d73936df2856864a3b5aeed0a35db7ccfdb75b20aea21db319526b45b1b60

C:\Windows\System\hJZZkyX.exe

MD5 97a67e0771ca4a86d1a64cdb3f335307
SHA1 842ed78ebc639f2b79978815a97d28705c9e8147
SHA256 2a1cd18c3acac44e264c09f49280da9e37acd256555952cfb23767917b2a32da
SHA512 04bf5b7546adbccc87fd9a0e52d6b8004e3578c4467919a5fb45edc25159027f0d918169438d3c68650f074fcced3f17a83f91f77c088c7fe7fcd085d8f8a5cf

memory/1852-93-0x00007FF658960000-0x00007FF658CB4000-memory.dmp

C:\Windows\System\OvgHNKe.exe

MD5 ea0b3631f8e31ef3861fb073243247a1
SHA1 8a29d3cb4e8df91026e60be8f6e7bfe21970518f
SHA256 54ff863632b98f236f9e29011e380e39093f3a84b3367ff9c0b22e35c27e1aaa
SHA512 68a6f3cae4195a72dee3122d9fec9abd5e98878e751550d1b18d098384e39adc7725b0afaa8ba7d74e07bef3f4deb3deb08302e0e846f319c490bedeb69cdd51

memory/2260-97-0x00007FF68F6D0000-0x00007FF68FA24000-memory.dmp

memory/2880-98-0x00007FF6F21F0000-0x00007FF6F2544000-memory.dmp

memory/4412-104-0x00007FF7B2B90000-0x00007FF7B2EE4000-memory.dmp

C:\Windows\System\GNAeiHn.exe

MD5 864e56d8531956315d4dde08ace1bac2
SHA1 370b1225aad864f135072da41a9cbfdab9c15020
SHA256 32fe1df5498ea6c4aa7555909adf8d4135a85118a70378e68bf89f4e44c52f8b
SHA512 a0c6651283a41f20883817556bd903a1bcbad21114ae8a6a90467bc3a42d995f5d5e545445a7dea73a883cdb78e5e5b291919c4b651e03325a39864f97203e26

memory/2700-114-0x00007FF64EFA0000-0x00007FF64F2F4000-memory.dmp

C:\Windows\System\DomHYkG.exe

MD5 57a6d8dc1e4c517bf0c37e96fda87df3
SHA1 cf31d2ae00c023d7a40b8f5f9f019bcf78c96d33
SHA256 188c4b5f454c86cce0a2c436edc0d27c1f27f016bef391deaebd66fcc3c62537
SHA512 f75e307ce63fa0264842152e8a4be378a45fd053aede39a3426c976b7f6e420948e4fae964010e96de511a7967a0dbf0aa0370a8c181e796c67199f6e0ea2cf6

memory/1464-115-0x00007FF605DD0000-0x00007FF606124000-memory.dmp

memory/3952-113-0x00007FF743950000-0x00007FF743CA4000-memory.dmp

C:\Windows\System\wcBwHEB.exe

MD5 97ad01afa4ac3bfd99e22863227c6a49
SHA1 437683152e49866e00b1376d0fa4d7384db6a045
SHA256 c0b0ff9f236cfad7d49d40e82f2cabef369b7e64b54ca01ceb882329a2939993
SHA512 4a78f338faa723859c568fb56484aee645b4e866593d816183f618484c6b59dd41fe953995ae1357b94ee0ab355153c0fb9cd0ca412478398c61aa9d34e298a8

C:\Windows\System\UbCstua.exe

MD5 7a192197b6b3d6fc82d396d924d8e3a8
SHA1 db782175c5387f919533b880fc5d5f0921478f3f
SHA256 ded054e1fbd7f9b18ec0fb45938e65addab910ed1bc42df65725dfdccbd7f20b
SHA512 141300a8a1e10aae8a2e9d363f26e405b558d9402def400b78987385d6fa62e868bf15c8eeacf1d9337b6162595b81a6f6cb36df192a6be252f60008b5e13d3c

C:\Windows\System\hcPKMZw.exe

MD5 17141d9b873d2ec9229de1eabf2d5f31
SHA1 9250c0d59ea2283a2df7f3c7d116d6d11e6a8bc4
SHA256 544f6cb055bfb0e133ebdcf61efb399526ef03d99c03e92c1c8ce1f8a94addd9
SHA512 ef5bf912f508749ff00731aee373a4c91c28ef58887529c64f6efff77b72449b1bbc6f9e49c001049f105e069c408e026e903e51a41cc2b609cb2d1b9ceb62ed

C:\Windows\System\MPleKod.exe

MD5 f43028fda66edd4a74ff41b0dbf6ddfc
SHA1 56ccef0a314f68f97b582fd3b55cb9096c38b7b8
SHA256 34f9a695b6444d01b10eea6a9011d4ecab99440afd90edfc8bffebfdb4012138
SHA512 3e1cff6fdbbc88045c5e570637f19236a7cbd9d0dbcc1cf71d0d050834594d2691f3dfbcee75d0473255ab645848aebbf0669e9af9cbf4fc9f4cdffb727fe364

C:\Windows\System\XZYjBgB.exe

MD5 b3deec968acd0ef7bb8d9d4bef86a1e9
SHA1 cb0c334463049d2787ba24928654335f36277b38
SHA256 22cbb87528862cc24dab6605f823d9be7a914169bd7143f9c3bffad92fcf9574
SHA512 56f5eda31b3822f43a811807ca986661609ec87fa5ebeb5b8f4047942618d789bdbb07182cfb4b7adc033a95feac2b0f8442e999c9aa283c6044ed8e79798af8

C:\Windows\System\vRxHLGZ.exe

MD5 d277a88c75fe3985cef98b1cc6ad9c09
SHA1 411cbadccaff1580e77837daa242c18333eeec74
SHA256 cf936b8d591b9627e7defd468aa2fb9fa2a30db7098da0dfc9cbc0bcaff1e861
SHA512 3b52275ce3f6230caee997bfcb0e4b3b1e1808e50dcf01454aa665d231da323a384148d5e2700e7d0a2f2a0d76587325ab3a831e31f002351c10d15f616b22ff

memory/4176-142-0x00007FF7AD780000-0x00007FF7ADAD4000-memory.dmp

memory/2648-144-0x00007FF747220000-0x00007FF747574000-memory.dmp

memory/4500-145-0x00007FF753270000-0x00007FF7535C4000-memory.dmp

C:\Windows\System\RsJOvWy.exe

MD5 27fb3355f8f5c055500c6e1225fe6d26
SHA1 8ca3f353efe5fa29d4d536fc91abf78522aa04f4
SHA256 5ddd7a7e71a299d4ef169dfdccedd39a79620d61cd91e517fbfb5256bdd477f5
SHA512 0650415c9bc4ece2e0b68ebbbf1c7a08c997ea1b88fb4ac5e96c9ba3732dc87a15b13adf84de84b051f9302116cd3b8294de9e19fb300152576709048aad8355

memory/2680-149-0x00007FF68C330000-0x00007FF68C684000-memory.dmp

memory/2916-151-0x00007FF790830000-0x00007FF790B84000-memory.dmp

C:\Windows\System\uHdcOTq.exe

MD5 df25c12b04c3073e24526bcb2f6a3ebf
SHA1 21f6dc08d1bf1a6985a5fa0cc65b700f5ad84326
SHA256 5836196d303cd6bed1f5248be222c61b63f7dd6f2df2546c96e11798762d6154
SHA512 af6564d20464df647d4b305053f036db21592a6f88eb5b6eec8770b907f6502ab2ffb53ea07384dfedc9d0485eb1ca4cc1954d5916c931db81cda9f1b3925e76

memory/1764-159-0x00007FF79D570000-0x00007FF79D8C4000-memory.dmp

memory/2148-160-0x00007FF6F4FC0000-0x00007FF6F5314000-memory.dmp

memory/100-156-0x00007FF642920000-0x00007FF642C74000-memory.dmp

C:\Windows\System\EDRSpHY.exe

MD5 3a12910e6d9b6d1fd345174f0b727e50
SHA1 9c73da2ddfb33788d00dbeef2aca03b466ebebd6
SHA256 52df1239600038cea62126c36a0bbdb91483321401cf955e4b2cf0efceb9e6a2
SHA512 ffb84379090ac8134a9f6fe31ed36c0d34289371911e9b9ed67f528c076d01f9658e69c9170a82f9e62714bc76462613cba6e6bc59ed0fc42c730e9f5ab600ab

C:\Windows\System\GzteyfO.exe

MD5 527a469a58abff4a9c72ffb8861af5d0
SHA1 afad61f5f6493fe2a40989e3ec6f784474a9d59f
SHA256 d6ed6c3afb95fca5c268164dd505fc7f336ece6b5bab670373cba3048ead7f61
SHA512 54c5cdd4bd3d839e61a693fe9bd21355babab7d22d4bc2fd38a965c11dff5a4ab517d78c6c7e58c7d3b942adbceebd13097c3ece730fe42dd155299473c993b1

C:\Windows\System\WEMlXdR.exe

MD5 fff35b4212641ccce8e6943865039043
SHA1 dff7fff8afdb105a98b3202cd3a5c70ee4c765ed
SHA256 ce498ec5fbaf2960af7a5fdd2560f0cc8217ba4b4a07127a78da36f143e419ba
SHA512 2a1e680ed5ba7652f70650cfd69a0770b60f0a9e79a498993ffbea1ebb5d4b8ed952911d2ee20422305afdd1204dfe46dbcd71e79216f25c3273260e3ddc5ca7

C:\Windows\System\VEpSuLH.exe

MD5 4f4305010f2620e2d4779b758fd01ab4
SHA1 c0e95891f0d7f60277e4fd84197b1764a6b6954f
SHA256 67c106d2a65bf4272cf01170815f1ca275a8a0ebcfb7e1fe0c06bae983400f9b
SHA512 75fc024829a2073ec0af0efe19fb084db8204f8944adeda3115f24ec39f85ade30cfa7ebc269c13a0f830f1cc5e0cf18c54d37d9610af98a10d0f4ed3cd699d8

C:\Windows\System\xyvgvOw.exe

MD5 24bb030fef5bcd07c5d8f24644797ed9
SHA1 533635da0ed428a2f708d9b9ff63d9bced784301
SHA256 a837952b0b034cde977264943dbaebd8864c4dfbe9aaf912afe49104fbcd2524
SHA512 8770ff47ac95f4f133f6b8a0f2196709c6f312caa9bd783c238d5f849bc9addafaa68c8252211f731a3e4d5147e37c259f4b337350a15e28575c48da9690856d

memory/2332-170-0x00007FF600D50000-0x00007FF6010A4000-memory.dmp

memory/1048-245-0x00007FF6CDC40000-0x00007FF6CDF94000-memory.dmp

memory/3648-250-0x00007FF6A2B40000-0x00007FF6A2E94000-memory.dmp

C:\Windows\System\jjraDGx.exe

MD5 bd525801f76316c985058d8f4a20fca5
SHA1 5dd32b9f7e3b2ccb4d41b06c53af98927ec4620e
SHA256 96d6060699d9c2055e9f815c223120c07207083006453751af646480d8c043ed
SHA512 bfebd4d21d5c4b5f0e79eb6137e04de95060888dfdc10af92ae0ea6a5f1767d5442f859d5a884d80c5d7a1798f8b8ab91ed62b7d82d76033213145c1a4d61aca

memory/5108-163-0x00007FF75A870000-0x00007FF75ABC4000-memory.dmp

memory/2700-1072-0x00007FF64EFA0000-0x00007FF64F2F4000-memory.dmp

memory/2332-1073-0x00007FF600D50000-0x00007FF6010A4000-memory.dmp

memory/1464-1074-0x00007FF605DD0000-0x00007FF606124000-memory.dmp

memory/100-1075-0x00007FF642920000-0x00007FF642C74000-memory.dmp

memory/1884-1076-0x00007FF7D5BC0000-0x00007FF7D5F14000-memory.dmp

memory/1956-1077-0x00007FF7AAFF0000-0x00007FF7AB344000-memory.dmp

memory/4640-1078-0x00007FF6FD7E0000-0x00007FF6FDB34000-memory.dmp

memory/4540-1079-0x00007FF758FF0000-0x00007FF759344000-memory.dmp

memory/1708-1081-0x00007FF741830000-0x00007FF741B84000-memory.dmp

memory/880-1080-0x00007FF6EA5C0000-0x00007FF6EA914000-memory.dmp

memory/4440-1082-0x00007FF6FBA40000-0x00007FF6FBD94000-memory.dmp

memory/2812-1083-0x00007FF769860000-0x00007FF769BB4000-memory.dmp

memory/4024-1084-0x00007FF65C940000-0x00007FF65CC94000-memory.dmp

memory/564-1085-0x00007FF775C10000-0x00007FF775F64000-memory.dmp

memory/1792-1086-0x00007FF6030D0000-0x00007FF603424000-memory.dmp

memory/1852-1087-0x00007FF658960000-0x00007FF658CB4000-memory.dmp

memory/2260-1088-0x00007FF68F6D0000-0x00007FF68FA24000-memory.dmp

memory/2880-1089-0x00007FF6F21F0000-0x00007FF6F2544000-memory.dmp

memory/3952-1090-0x00007FF743950000-0x00007FF743CA4000-memory.dmp

memory/4176-1091-0x00007FF7AD780000-0x00007FF7ADAD4000-memory.dmp

memory/1764-1092-0x00007FF79D570000-0x00007FF79D8C4000-memory.dmp

memory/2648-1093-0x00007FF747220000-0x00007FF747574000-memory.dmp

memory/4500-1094-0x00007FF753270000-0x00007FF7535C4000-memory.dmp

memory/2700-1095-0x00007FF64EFA0000-0x00007FF64F2F4000-memory.dmp

memory/2680-1096-0x00007FF68C330000-0x00007FF68C684000-memory.dmp

memory/2916-1097-0x00007FF790830000-0x00007FF790B84000-memory.dmp

memory/2148-1098-0x00007FF6F4FC0000-0x00007FF6F5314000-memory.dmp

memory/5108-1099-0x00007FF75A870000-0x00007FF75ABC4000-memory.dmp

memory/1048-1100-0x00007FF6CDC40000-0x00007FF6CDF94000-memory.dmp

memory/3648-1101-0x00007FF6A2B40000-0x00007FF6A2E94000-memory.dmp

memory/2332-1102-0x00007FF600D50000-0x00007FF6010A4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 17:14

Reported

2024-06-28 17:17

Platform

win7-20240419-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pwxUwIq.exe N/A
N/A N/A C:\Windows\System\RCPhcSD.exe N/A
N/A N/A C:\Windows\System\jNLFOqD.exe N/A
N/A N/A C:\Windows\System\esbFTkF.exe N/A
N/A N/A C:\Windows\System\FbgahWY.exe N/A
N/A N/A C:\Windows\System\jtBBjAg.exe N/A
N/A N/A C:\Windows\System\XxnXYYn.exe N/A
N/A N/A C:\Windows\System\DZxzrgH.exe N/A
N/A N/A C:\Windows\System\ArreUnX.exe N/A
N/A N/A C:\Windows\System\fzGsdCW.exe N/A
N/A N/A C:\Windows\System\pRlgvqn.exe N/A
N/A N/A C:\Windows\System\DrMURJU.exe N/A
N/A N/A C:\Windows\System\KqBfMdS.exe N/A
N/A N/A C:\Windows\System\mBGugFR.exe N/A
N/A N/A C:\Windows\System\wqRawdD.exe N/A
N/A N/A C:\Windows\System\MGYCWOR.exe N/A
N/A N/A C:\Windows\System\IHCeQYO.exe N/A
N/A N/A C:\Windows\System\ObnXdep.exe N/A
N/A N/A C:\Windows\System\YTtjNUz.exe N/A
N/A N/A C:\Windows\System\pBIdeIF.exe N/A
N/A N/A C:\Windows\System\eDCphIM.exe N/A
N/A N/A C:\Windows\System\puMkntO.exe N/A
N/A N/A C:\Windows\System\ABUNbPN.exe N/A
N/A N/A C:\Windows\System\gxirShJ.exe N/A
N/A N/A C:\Windows\System\MgUVAve.exe N/A
N/A N/A C:\Windows\System\WfTbAMd.exe N/A
N/A N/A C:\Windows\System\JltVZFr.exe N/A
N/A N/A C:\Windows\System\nnElpds.exe N/A
N/A N/A C:\Windows\System\kiOZeiy.exe N/A
N/A N/A C:\Windows\System\YLgYepV.exe N/A
N/A N/A C:\Windows\System\poETBPT.exe N/A
N/A N/A C:\Windows\System\AbDhBVh.exe N/A
N/A N/A C:\Windows\System\LMIzZZf.exe N/A
N/A N/A C:\Windows\System\RcPlDLe.exe N/A
N/A N/A C:\Windows\System\iXyROEA.exe N/A
N/A N/A C:\Windows\System\uBTElVI.exe N/A
N/A N/A C:\Windows\System\CQFORyq.exe N/A
N/A N/A C:\Windows\System\PvFeIBx.exe N/A
N/A N/A C:\Windows\System\glvIVzn.exe N/A
N/A N/A C:\Windows\System\nfcslpO.exe N/A
N/A N/A C:\Windows\System\OJYkFTL.exe N/A
N/A N/A C:\Windows\System\tjlZVEu.exe N/A
N/A N/A C:\Windows\System\jtGdniX.exe N/A
N/A N/A C:\Windows\System\waVzpJX.exe N/A
N/A N/A C:\Windows\System\qUOVxaC.exe N/A
N/A N/A C:\Windows\System\XXbKVyK.exe N/A
N/A N/A C:\Windows\System\pFvdFSf.exe N/A
N/A N/A C:\Windows\System\ApuzqKK.exe N/A
N/A N/A C:\Windows\System\SEzivhB.exe N/A
N/A N/A C:\Windows\System\xFmJaZg.exe N/A
N/A N/A C:\Windows\System\shxQfKM.exe N/A
N/A N/A C:\Windows\System\wEdbxDV.exe N/A
N/A N/A C:\Windows\System\SAIXFju.exe N/A
N/A N/A C:\Windows\System\eOCWvNY.exe N/A
N/A N/A C:\Windows\System\VOIMCrL.exe N/A
N/A N/A C:\Windows\System\lEYTNhO.exe N/A
N/A N/A C:\Windows\System\XAKwLUo.exe N/A
N/A N/A C:\Windows\System\VZYNzjI.exe N/A
N/A N/A C:\Windows\System\YVeqwgb.exe N/A
N/A N/A C:\Windows\System\aGVsIOk.exe N/A
N/A N/A C:\Windows\System\EDRmEBs.exe N/A
N/A N/A C:\Windows\System\nyWtnCG.exe N/A
N/A N/A C:\Windows\System\FgQkHyn.exe N/A
N/A N/A C:\Windows\System\XGFAccE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\jRMCrPK.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQgghch.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcfRMnC.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGYCWOR.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqTOlgy.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRKPLcp.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxDinVs.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXpUkmC.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGLuYSh.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\MokMziz.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBNBzyQ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\xudMKaP.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPcPBuv.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXilFCA.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYjGhpR.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCYiOkk.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\MOddXXE.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\pRlgvqn.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\tNxYSkl.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\eUTDJPs.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRoBEeq.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\XWyWEMa.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVeqwgb.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\AToZSgX.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\frwqwHS.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ubJpVbs.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\svMFFMq.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\IeEzvOl.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMicciv.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLhrwEv.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUKiWoT.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZxzrgH.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOirokh.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDlYvBZ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDGBBwl.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\edjrYbZ.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\cokblHW.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\YLgYepV.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFvdFSf.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\eOCWvNY.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\icDayAb.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtSgGwy.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ukMnSLL.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbgahWY.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMIzZZf.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aGVsIOk.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHqmDRC.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZyMSny.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\EsTfsGF.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\QjmvpKO.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\FphqFoE.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvJGsrO.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\kiOZeiy.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtGdniX.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgHwRLz.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\IqQrkcn.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\aESCTyt.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOdLyVH.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDwnSZn.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvxxFOD.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxZNlYj.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDQzEZw.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\esbFTkF.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrMURJU.exe C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2284 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pwxUwIq.exe
PID 2284 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pwxUwIq.exe
PID 2284 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pwxUwIq.exe
PID 2284 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\RCPhcSD.exe
PID 2284 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\RCPhcSD.exe
PID 2284 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\RCPhcSD.exe
PID 2284 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DZxzrgH.exe
PID 2284 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DZxzrgH.exe
PID 2284 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DZxzrgH.exe
PID 2284 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jNLFOqD.exe
PID 2284 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jNLFOqD.exe
PID 2284 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jNLFOqD.exe
PID 2284 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pRlgvqn.exe
PID 2284 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pRlgvqn.exe
PID 2284 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pRlgvqn.exe
PID 2284 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\esbFTkF.exe
PID 2284 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\esbFTkF.exe
PID 2284 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\esbFTkF.exe
PID 2284 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DrMURJU.exe
PID 2284 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DrMURJU.exe
PID 2284 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\DrMURJU.exe
PID 2284 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\FbgahWY.exe
PID 2284 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\FbgahWY.exe
PID 2284 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\FbgahWY.exe
PID 2284 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\KqBfMdS.exe
PID 2284 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\KqBfMdS.exe
PID 2284 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\KqBfMdS.exe
PID 2284 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jtBBjAg.exe
PID 2284 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jtBBjAg.exe
PID 2284 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\jtBBjAg.exe
PID 2284 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\mBGugFR.exe
PID 2284 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\mBGugFR.exe
PID 2284 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\mBGugFR.exe
PID 2284 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XxnXYYn.exe
PID 2284 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XxnXYYn.exe
PID 2284 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\XxnXYYn.exe
PID 2284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\wqRawdD.exe
PID 2284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\wqRawdD.exe
PID 2284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\wqRawdD.exe
PID 2284 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ArreUnX.exe
PID 2284 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ArreUnX.exe
PID 2284 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ArreUnX.exe
PID 2284 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\MGYCWOR.exe
PID 2284 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\MGYCWOR.exe
PID 2284 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\MGYCWOR.exe
PID 2284 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\fzGsdCW.exe
PID 2284 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\fzGsdCW.exe
PID 2284 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\fzGsdCW.exe
PID 2284 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\IHCeQYO.exe
PID 2284 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\IHCeQYO.exe
PID 2284 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\IHCeQYO.exe
PID 2284 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ObnXdep.exe
PID 2284 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ObnXdep.exe
PID 2284 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\ObnXdep.exe
PID 2284 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\YTtjNUz.exe
PID 2284 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\YTtjNUz.exe
PID 2284 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\YTtjNUz.exe
PID 2284 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pBIdeIF.exe
PID 2284 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pBIdeIF.exe
PID 2284 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\pBIdeIF.exe
PID 2284 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\eDCphIM.exe
PID 2284 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\eDCphIM.exe
PID 2284 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\eDCphIM.exe
PID 2284 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe C:\Windows\System\puMkntO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a29e81de4dcdfd17fcb16e41c3b33adcc45d62f16069323ff57ac44210e53030_NeikiAnalytics.exe"

C:\Windows\System\pwxUwIq.exe

C:\Windows\System\pwxUwIq.exe

C:\Windows\System\RCPhcSD.exe

C:\Windows\System\RCPhcSD.exe

C:\Windows\System\DZxzrgH.exe

C:\Windows\System\DZxzrgH.exe

C:\Windows\System\jNLFOqD.exe

C:\Windows\System\jNLFOqD.exe

C:\Windows\System\pRlgvqn.exe

C:\Windows\System\pRlgvqn.exe

C:\Windows\System\esbFTkF.exe

C:\Windows\System\esbFTkF.exe

C:\Windows\System\DrMURJU.exe

C:\Windows\System\DrMURJU.exe

C:\Windows\System\FbgahWY.exe

C:\Windows\System\FbgahWY.exe

C:\Windows\System\KqBfMdS.exe

C:\Windows\System\KqBfMdS.exe

C:\Windows\System\jtBBjAg.exe

C:\Windows\System\jtBBjAg.exe

C:\Windows\System\mBGugFR.exe

C:\Windows\System\mBGugFR.exe

C:\Windows\System\XxnXYYn.exe

C:\Windows\System\XxnXYYn.exe

C:\Windows\System\wqRawdD.exe

C:\Windows\System\wqRawdD.exe

C:\Windows\System\ArreUnX.exe

C:\Windows\System\ArreUnX.exe

C:\Windows\System\MGYCWOR.exe

C:\Windows\System\MGYCWOR.exe

C:\Windows\System\fzGsdCW.exe

C:\Windows\System\fzGsdCW.exe

C:\Windows\System\IHCeQYO.exe

C:\Windows\System\IHCeQYO.exe

C:\Windows\System\ObnXdep.exe

C:\Windows\System\ObnXdep.exe

C:\Windows\System\YTtjNUz.exe

C:\Windows\System\YTtjNUz.exe

C:\Windows\System\pBIdeIF.exe

C:\Windows\System\pBIdeIF.exe

C:\Windows\System\eDCphIM.exe

C:\Windows\System\eDCphIM.exe

C:\Windows\System\puMkntO.exe

C:\Windows\System\puMkntO.exe

C:\Windows\System\ABUNbPN.exe

C:\Windows\System\ABUNbPN.exe

C:\Windows\System\gxirShJ.exe

C:\Windows\System\gxirShJ.exe

C:\Windows\System\MgUVAve.exe

C:\Windows\System\MgUVAve.exe

C:\Windows\System\WfTbAMd.exe

C:\Windows\System\WfTbAMd.exe

C:\Windows\System\JltVZFr.exe

C:\Windows\System\JltVZFr.exe

C:\Windows\System\nnElpds.exe

C:\Windows\System\nnElpds.exe

C:\Windows\System\kiOZeiy.exe

C:\Windows\System\kiOZeiy.exe

C:\Windows\System\YLgYepV.exe

C:\Windows\System\YLgYepV.exe

C:\Windows\System\poETBPT.exe

C:\Windows\System\poETBPT.exe

C:\Windows\System\AbDhBVh.exe

C:\Windows\System\AbDhBVh.exe

C:\Windows\System\LMIzZZf.exe

C:\Windows\System\LMIzZZf.exe

C:\Windows\System\RcPlDLe.exe

C:\Windows\System\RcPlDLe.exe

C:\Windows\System\iXyROEA.exe

C:\Windows\System\iXyROEA.exe

C:\Windows\System\uBTElVI.exe

C:\Windows\System\uBTElVI.exe

C:\Windows\System\CQFORyq.exe

C:\Windows\System\CQFORyq.exe

C:\Windows\System\PvFeIBx.exe

C:\Windows\System\PvFeIBx.exe

C:\Windows\System\glvIVzn.exe

C:\Windows\System\glvIVzn.exe

C:\Windows\System\nfcslpO.exe

C:\Windows\System\nfcslpO.exe

C:\Windows\System\OJYkFTL.exe

C:\Windows\System\OJYkFTL.exe

C:\Windows\System\tjlZVEu.exe

C:\Windows\System\tjlZVEu.exe

C:\Windows\System\jtGdniX.exe

C:\Windows\System\jtGdniX.exe

C:\Windows\System\waVzpJX.exe

C:\Windows\System\waVzpJX.exe

C:\Windows\System\qUOVxaC.exe

C:\Windows\System\qUOVxaC.exe

C:\Windows\System\XXbKVyK.exe

C:\Windows\System\XXbKVyK.exe

C:\Windows\System\pFvdFSf.exe

C:\Windows\System\pFvdFSf.exe

C:\Windows\System\ApuzqKK.exe

C:\Windows\System\ApuzqKK.exe

C:\Windows\System\SEzivhB.exe

C:\Windows\System\SEzivhB.exe

C:\Windows\System\xFmJaZg.exe

C:\Windows\System\xFmJaZg.exe

C:\Windows\System\shxQfKM.exe

C:\Windows\System\shxQfKM.exe

C:\Windows\System\wEdbxDV.exe

C:\Windows\System\wEdbxDV.exe

C:\Windows\System\SAIXFju.exe

C:\Windows\System\SAIXFju.exe

C:\Windows\System\eOCWvNY.exe

C:\Windows\System\eOCWvNY.exe

C:\Windows\System\VOIMCrL.exe

C:\Windows\System\VOIMCrL.exe

C:\Windows\System\lEYTNhO.exe

C:\Windows\System\lEYTNhO.exe

C:\Windows\System\XAKwLUo.exe

C:\Windows\System\XAKwLUo.exe

C:\Windows\System\VZYNzjI.exe

C:\Windows\System\VZYNzjI.exe

C:\Windows\System\YVeqwgb.exe

C:\Windows\System\YVeqwgb.exe

C:\Windows\System\aGVsIOk.exe

C:\Windows\System\aGVsIOk.exe

C:\Windows\System\EDRmEBs.exe

C:\Windows\System\EDRmEBs.exe

C:\Windows\System\nyWtnCG.exe

C:\Windows\System\nyWtnCG.exe

C:\Windows\System\FgQkHyn.exe

C:\Windows\System\FgQkHyn.exe

C:\Windows\System\XGFAccE.exe

C:\Windows\System\XGFAccE.exe

C:\Windows\System\qjaywbq.exe

C:\Windows\System\qjaywbq.exe

C:\Windows\System\gThFPFq.exe

C:\Windows\System\gThFPFq.exe

C:\Windows\System\tNxYSkl.exe

C:\Windows\System\tNxYSkl.exe

C:\Windows\System\dZSbEfC.exe

C:\Windows\System\dZSbEfC.exe

C:\Windows\System\NmNcYBY.exe

C:\Windows\System\NmNcYBY.exe

C:\Windows\System\IeEzvOl.exe

C:\Windows\System\IeEzvOl.exe

C:\Windows\System\xlfvjjH.exe

C:\Windows\System\xlfvjjH.exe

C:\Windows\System\lgDVpOG.exe

C:\Windows\System\lgDVpOG.exe

C:\Windows\System\AHqmDRC.exe

C:\Windows\System\AHqmDRC.exe

C:\Windows\System\yGIDOaF.exe

C:\Windows\System\yGIDOaF.exe

C:\Windows\System\TnnLWmM.exe

C:\Windows\System\TnnLWmM.exe

C:\Windows\System\RltQggC.exe

C:\Windows\System\RltQggC.exe

C:\Windows\System\eFEAPQM.exe

C:\Windows\System\eFEAPQM.exe

C:\Windows\System\SHDcexb.exe

C:\Windows\System\SHDcexb.exe

C:\Windows\System\IJAjNjY.exe

C:\Windows\System\IJAjNjY.exe

C:\Windows\System\AToZSgX.exe

C:\Windows\System\AToZSgX.exe

C:\Windows\System\PiUJkgH.exe

C:\Windows\System\PiUJkgH.exe

C:\Windows\System\ZwztPek.exe

C:\Windows\System\ZwztPek.exe

C:\Windows\System\AhtIMjj.exe

C:\Windows\System\AhtIMjj.exe

C:\Windows\System\ygAKpQg.exe

C:\Windows\System\ygAKpQg.exe

C:\Windows\System\ttjeAjE.exe

C:\Windows\System\ttjeAjE.exe

C:\Windows\System\JcRXbQo.exe

C:\Windows\System\JcRXbQo.exe

C:\Windows\System\EswtNfw.exe

C:\Windows\System\EswtNfw.exe

C:\Windows\System\RaXhxiH.exe

C:\Windows\System\RaXhxiH.exe

C:\Windows\System\FmiHUIN.exe

C:\Windows\System\FmiHUIN.exe

C:\Windows\System\xadbaUT.exe

C:\Windows\System\xadbaUT.exe

C:\Windows\System\HRMpScr.exe

C:\Windows\System\HRMpScr.exe

C:\Windows\System\jZyMSny.exe

C:\Windows\System\jZyMSny.exe

C:\Windows\System\KKaZjKE.exe

C:\Windows\System\KKaZjKE.exe

C:\Windows\System\YsthqJb.exe

C:\Windows\System\YsthqJb.exe

C:\Windows\System\yHPWghj.exe

C:\Windows\System\yHPWghj.exe

C:\Windows\System\kkeqLTF.exe

C:\Windows\System\kkeqLTF.exe

C:\Windows\System\ppLduAx.exe

C:\Windows\System\ppLduAx.exe

C:\Windows\System\eUTDJPs.exe

C:\Windows\System\eUTDJPs.exe

C:\Windows\System\eTlFwct.exe

C:\Windows\System\eTlFwct.exe

C:\Windows\System\EsTfsGF.exe

C:\Windows\System\EsTfsGF.exe

C:\Windows\System\abNafXs.exe

C:\Windows\System\abNafXs.exe

C:\Windows\System\CgHwRLz.exe

C:\Windows\System\CgHwRLz.exe

C:\Windows\System\UDYFayv.exe

C:\Windows\System\UDYFayv.exe

C:\Windows\System\lyVhFZH.exe

C:\Windows\System\lyVhFZH.exe

C:\Windows\System\GaMNwUv.exe

C:\Windows\System\GaMNwUv.exe

C:\Windows\System\zKUyUJM.exe

C:\Windows\System\zKUyUJM.exe

C:\Windows\System\glbJeFj.exe

C:\Windows\System\glbJeFj.exe

C:\Windows\System\QjmvpKO.exe

C:\Windows\System\QjmvpKO.exe

C:\Windows\System\umTlaFq.exe

C:\Windows\System\umTlaFq.exe

C:\Windows\System\HjCvDJW.exe

C:\Windows\System\HjCvDJW.exe

C:\Windows\System\xudMKaP.exe

C:\Windows\System\xudMKaP.exe

C:\Windows\System\FLEUoSM.exe

C:\Windows\System\FLEUoSM.exe

C:\Windows\System\FphqFoE.exe

C:\Windows\System\FphqFoE.exe

C:\Windows\System\CBUkGxe.exe

C:\Windows\System\CBUkGxe.exe

C:\Windows\System\ZPcPBuv.exe

C:\Windows\System\ZPcPBuv.exe

C:\Windows\System\WhWRmaC.exe

C:\Windows\System\WhWRmaC.exe

C:\Windows\System\IqQrkcn.exe

C:\Windows\System\IqQrkcn.exe

C:\Windows\System\eTQygkM.exe

C:\Windows\System\eTQygkM.exe

C:\Windows\System\MKHYAvG.exe

C:\Windows\System\MKHYAvG.exe

C:\Windows\System\vMXLiGX.exe

C:\Windows\System\vMXLiGX.exe

C:\Windows\System\SCLtzTL.exe

C:\Windows\System\SCLtzTL.exe

C:\Windows\System\UKCmJBI.exe

C:\Windows\System\UKCmJBI.exe

C:\Windows\System\qqZemBc.exe

C:\Windows\System\qqZemBc.exe

C:\Windows\System\hwOSVRy.exe

C:\Windows\System\hwOSVRy.exe

C:\Windows\System\YHXvgFN.exe

C:\Windows\System\YHXvgFN.exe

C:\Windows\System\JYVAGvp.exe

C:\Windows\System\JYVAGvp.exe

C:\Windows\System\TJBMkzF.exe

C:\Windows\System\TJBMkzF.exe

C:\Windows\System\LQrZrhK.exe

C:\Windows\System\LQrZrhK.exe

C:\Windows\System\MaaVrZh.exe

C:\Windows\System\MaaVrZh.exe

C:\Windows\System\uKCtccC.exe

C:\Windows\System\uKCtccC.exe

C:\Windows\System\KQOyTsM.exe

C:\Windows\System\KQOyTsM.exe

C:\Windows\System\IOirokh.exe

C:\Windows\System\IOirokh.exe

C:\Windows\System\sXFbiYv.exe

C:\Windows\System\sXFbiYv.exe

C:\Windows\System\sxEOaXG.exe

C:\Windows\System\sxEOaXG.exe

C:\Windows\System\frwqwHS.exe

C:\Windows\System\frwqwHS.exe

C:\Windows\System\xWqYbqh.exe

C:\Windows\System\xWqYbqh.exe

C:\Windows\System\CdeqlQu.exe

C:\Windows\System\CdeqlQu.exe

C:\Windows\System\QHjMpdY.exe

C:\Windows\System\QHjMpdY.exe

C:\Windows\System\rRXUlTF.exe

C:\Windows\System\rRXUlTF.exe

C:\Windows\System\rDUmkni.exe

C:\Windows\System\rDUmkni.exe

C:\Windows\System\QHzePvU.exe

C:\Windows\System\QHzePvU.exe

C:\Windows\System\NPJjEOn.exe

C:\Windows\System\NPJjEOn.exe

C:\Windows\System\NESzLjG.exe

C:\Windows\System\NESzLjG.exe

C:\Windows\System\NvCxEOi.exe

C:\Windows\System\NvCxEOi.exe

C:\Windows\System\mBTpuCk.exe

C:\Windows\System\mBTpuCk.exe

C:\Windows\System\XQjreXu.exe

C:\Windows\System\XQjreXu.exe

C:\Windows\System\nXilFCA.exe

C:\Windows\System\nXilFCA.exe

C:\Windows\System\krGOnbP.exe

C:\Windows\System\krGOnbP.exe

C:\Windows\System\jRMCrPK.exe

C:\Windows\System\jRMCrPK.exe

C:\Windows\System\WDQrZCK.exe

C:\Windows\System\WDQrZCK.exe

C:\Windows\System\hIJozNq.exe

C:\Windows\System\hIJozNq.exe

C:\Windows\System\slUKtjr.exe

C:\Windows\System\slUKtjr.exe

C:\Windows\System\OBJukJs.exe

C:\Windows\System\OBJukJs.exe

C:\Windows\System\YsDUtRv.exe

C:\Windows\System\YsDUtRv.exe

C:\Windows\System\QoQUcHx.exe

C:\Windows\System\QoQUcHx.exe

C:\Windows\System\QAalPPI.exe

C:\Windows\System\QAalPPI.exe

C:\Windows\System\PNPVxuE.exe

C:\Windows\System\PNPVxuE.exe

C:\Windows\System\iRTyAcG.exe

C:\Windows\System\iRTyAcG.exe

C:\Windows\System\cOdLyVH.exe

C:\Windows\System\cOdLyVH.exe

C:\Windows\System\wbJMOGI.exe

C:\Windows\System\wbJMOGI.exe

C:\Windows\System\UKodzdS.exe

C:\Windows\System\UKodzdS.exe

C:\Windows\System\JDbIMqs.exe

C:\Windows\System\JDbIMqs.exe

C:\Windows\System\phXMzNr.exe

C:\Windows\System\phXMzNr.exe

C:\Windows\System\LDwnSZn.exe

C:\Windows\System\LDwnSZn.exe

C:\Windows\System\pxcVOwc.exe

C:\Windows\System\pxcVOwc.exe

C:\Windows\System\CVoItPB.exe

C:\Windows\System\CVoItPB.exe

C:\Windows\System\uqQQDbG.exe

C:\Windows\System\uqQQDbG.exe

C:\Windows\System\iYjGhpR.exe

C:\Windows\System\iYjGhpR.exe

C:\Windows\System\QonVqkn.exe

C:\Windows\System\QonVqkn.exe

C:\Windows\System\AoDnFmw.exe

C:\Windows\System\AoDnFmw.exe

C:\Windows\System\wbAmVcF.exe

C:\Windows\System\wbAmVcF.exe

C:\Windows\System\eRoBEeq.exe

C:\Windows\System\eRoBEeq.exe

C:\Windows\System\RQgghch.exe

C:\Windows\System\RQgghch.exe

C:\Windows\System\VjTtgki.exe

C:\Windows\System\VjTtgki.exe

C:\Windows\System\TbUwmNP.exe

C:\Windows\System\TbUwmNP.exe

C:\Windows\System\BHikPcx.exe

C:\Windows\System\BHikPcx.exe

C:\Windows\System\eqZblSX.exe

C:\Windows\System\eqZblSX.exe

C:\Windows\System\BMicciv.exe

C:\Windows\System\BMicciv.exe

C:\Windows\System\KQSKRRk.exe

C:\Windows\System\KQSKRRk.exe

C:\Windows\System\lCGtpRz.exe

C:\Windows\System\lCGtpRz.exe

C:\Windows\System\KwhfZai.exe

C:\Windows\System\KwhfZai.exe

C:\Windows\System\EkdXcBo.exe

C:\Windows\System\EkdXcBo.exe

C:\Windows\System\zyPFtXE.exe

C:\Windows\System\zyPFtXE.exe

C:\Windows\System\wqTOlgy.exe

C:\Windows\System\wqTOlgy.exe

C:\Windows\System\tqaOSVe.exe

C:\Windows\System\tqaOSVe.exe

C:\Windows\System\mpYCVBF.exe

C:\Windows\System\mpYCVBF.exe

C:\Windows\System\ubJpVbs.exe

C:\Windows\System\ubJpVbs.exe

C:\Windows\System\czaGdSN.exe

C:\Windows\System\czaGdSN.exe

C:\Windows\System\jUrBVOU.exe

C:\Windows\System\jUrBVOU.exe

C:\Windows\System\RGPMovY.exe

C:\Windows\System\RGPMovY.exe

C:\Windows\System\WvgCXGz.exe

C:\Windows\System\WvgCXGz.exe

C:\Windows\System\aESCTyt.exe

C:\Windows\System\aESCTyt.exe

C:\Windows\System\clIKZlw.exe

C:\Windows\System\clIKZlw.exe

C:\Windows\System\vYJQuwG.exe

C:\Windows\System\vYJQuwG.exe

C:\Windows\System\ONKbNNC.exe

C:\Windows\System\ONKbNNC.exe

C:\Windows\System\kcdUwGJ.exe

C:\Windows\System\kcdUwGJ.exe

C:\Windows\System\TCYiOkk.exe

C:\Windows\System\TCYiOkk.exe

C:\Windows\System\BgaCMPe.exe

C:\Windows\System\BgaCMPe.exe

C:\Windows\System\TjTIQyK.exe

C:\Windows\System\TjTIQyK.exe

C:\Windows\System\UIuvuqL.exe

C:\Windows\System\UIuvuqL.exe

C:\Windows\System\zcHZjqC.exe

C:\Windows\System\zcHZjqC.exe

C:\Windows\System\kOdZiQN.exe

C:\Windows\System\kOdZiQN.exe

C:\Windows\System\XQccaVE.exe

C:\Windows\System\XQccaVE.exe

C:\Windows\System\zRKPLcp.exe

C:\Windows\System\zRKPLcp.exe

C:\Windows\System\gsGncSx.exe

C:\Windows\System\gsGncSx.exe

C:\Windows\System\eEBYYyj.exe

C:\Windows\System\eEBYYyj.exe

C:\Windows\System\jUDURJo.exe

C:\Windows\System\jUDURJo.exe

C:\Windows\System\xJwVQOc.exe

C:\Windows\System\xJwVQOc.exe

C:\Windows\System\PJEPMoF.exe

C:\Windows\System\PJEPMoF.exe

C:\Windows\System\czbwCAV.exe

C:\Windows\System\czbwCAV.exe

C:\Windows\System\RbiyIjJ.exe

C:\Windows\System\RbiyIjJ.exe

C:\Windows\System\XWyWEMa.exe

C:\Windows\System\XWyWEMa.exe

C:\Windows\System\tbZSkbz.exe

C:\Windows\System\tbZSkbz.exe

C:\Windows\System\omFlTKV.exe

C:\Windows\System\omFlTKV.exe

C:\Windows\System\PwVQHtp.exe

C:\Windows\System\PwVQHtp.exe

C:\Windows\System\WXOKSsN.exe

C:\Windows\System\WXOKSsN.exe

C:\Windows\System\oxbeSwX.exe

C:\Windows\System\oxbeSwX.exe

C:\Windows\System\FcxDZPa.exe

C:\Windows\System\FcxDZPa.exe

C:\Windows\System\xKQfsDG.exe

C:\Windows\System\xKQfsDG.exe

C:\Windows\System\ibxYieP.exe

C:\Windows\System\ibxYieP.exe

C:\Windows\System\Yelkojm.exe

C:\Windows\System\Yelkojm.exe

C:\Windows\System\kYgSxJB.exe

C:\Windows\System\kYgSxJB.exe

C:\Windows\System\MOddXXE.exe

C:\Windows\System\MOddXXE.exe

C:\Windows\System\LowpTet.exe

C:\Windows\System\LowpTet.exe

C:\Windows\System\gofHaNX.exe

C:\Windows\System\gofHaNX.exe

C:\Windows\System\wcfRMnC.exe

C:\Windows\System\wcfRMnC.exe

C:\Windows\System\DiCOgSk.exe

C:\Windows\System\DiCOgSk.exe

C:\Windows\System\MvAhsjs.exe

C:\Windows\System\MvAhsjs.exe

C:\Windows\System\XBoYWXS.exe

C:\Windows\System\XBoYWXS.exe

C:\Windows\System\PCqxpGf.exe

C:\Windows\System\PCqxpGf.exe

C:\Windows\System\gtSgGwy.exe

C:\Windows\System\gtSgGwy.exe

C:\Windows\System\StYbyKa.exe

C:\Windows\System\StYbyKa.exe

C:\Windows\System\CzPSUXP.exe

C:\Windows\System\CzPSUXP.exe

C:\Windows\System\xoWIWAO.exe

C:\Windows\System\xoWIWAO.exe

C:\Windows\System\jEsmOIx.exe

C:\Windows\System\jEsmOIx.exe

C:\Windows\System\wDlYvBZ.exe

C:\Windows\System\wDlYvBZ.exe

C:\Windows\System\zfxjoUt.exe

C:\Windows\System\zfxjoUt.exe

C:\Windows\System\YVyxYVO.exe

C:\Windows\System\YVyxYVO.exe

C:\Windows\System\SyKSFqI.exe

C:\Windows\System\SyKSFqI.exe

C:\Windows\System\RCjsbdP.exe

C:\Windows\System\RCjsbdP.exe

C:\Windows\System\jMgacff.exe

C:\Windows\System\jMgacff.exe

C:\Windows\System\AyQXzIp.exe

C:\Windows\System\AyQXzIp.exe

C:\Windows\System\OvxxFOD.exe

C:\Windows\System\OvxxFOD.exe

C:\Windows\System\UEXqkRZ.exe

C:\Windows\System\UEXqkRZ.exe

C:\Windows\System\LLiPOAk.exe

C:\Windows\System\LLiPOAk.exe

C:\Windows\System\WxDinVs.exe

C:\Windows\System\WxDinVs.exe

C:\Windows\System\USSUFNP.exe

C:\Windows\System\USSUFNP.exe

C:\Windows\System\YQGwBqE.exe

C:\Windows\System\YQGwBqE.exe

C:\Windows\System\OGLuYSh.exe

C:\Windows\System\OGLuYSh.exe

C:\Windows\System\bDGBBwl.exe

C:\Windows\System\bDGBBwl.exe

C:\Windows\System\mqZEFJl.exe

C:\Windows\System\mqZEFJl.exe

C:\Windows\System\tCXbUvL.exe

C:\Windows\System\tCXbUvL.exe

C:\Windows\System\RdaqWfZ.exe

C:\Windows\System\RdaqWfZ.exe

C:\Windows\System\GcPXQKr.exe

C:\Windows\System\GcPXQKr.exe

C:\Windows\System\yxRtCAi.exe

C:\Windows\System\yxRtCAi.exe

C:\Windows\System\VLhrwEv.exe

C:\Windows\System\VLhrwEv.exe

C:\Windows\System\JFQgucg.exe

C:\Windows\System\JFQgucg.exe

C:\Windows\System\AMDDxRv.exe

C:\Windows\System\AMDDxRv.exe

C:\Windows\System\edjrYbZ.exe

C:\Windows\System\edjrYbZ.exe

C:\Windows\System\FaazCgA.exe

C:\Windows\System\FaazCgA.exe

C:\Windows\System\sjEhqwf.exe

C:\Windows\System\sjEhqwf.exe

C:\Windows\System\rYREJFy.exe

C:\Windows\System\rYREJFy.exe

C:\Windows\System\QeQHnYe.exe

C:\Windows\System\QeQHnYe.exe

C:\Windows\System\drequHb.exe

C:\Windows\System\drequHb.exe

C:\Windows\System\oHHlsqq.exe

C:\Windows\System\oHHlsqq.exe

C:\Windows\System\gLkhQwk.exe

C:\Windows\System\gLkhQwk.exe

C:\Windows\System\JTBHXnh.exe

C:\Windows\System\JTBHXnh.exe

C:\Windows\System\wbekdAZ.exe

C:\Windows\System\wbekdAZ.exe

C:\Windows\System\QjpAmfV.exe

C:\Windows\System\QjpAmfV.exe

C:\Windows\System\XCzTQZb.exe

C:\Windows\System\XCzTQZb.exe

C:\Windows\System\DdNaZJP.exe

C:\Windows\System\DdNaZJP.exe

C:\Windows\System\AZNZQCL.exe

C:\Windows\System\AZNZQCL.exe

C:\Windows\System\BZIDdLX.exe

C:\Windows\System\BZIDdLX.exe

C:\Windows\System\MokMziz.exe

C:\Windows\System\MokMziz.exe

C:\Windows\System\XJrffLn.exe

C:\Windows\System\XJrffLn.exe

C:\Windows\System\svMFFMq.exe

C:\Windows\System\svMFFMq.exe

C:\Windows\System\lEmGuPR.exe

C:\Windows\System\lEmGuPR.exe

C:\Windows\System\nGdNoND.exe

C:\Windows\System\nGdNoND.exe

C:\Windows\System\qdeNztk.exe

C:\Windows\System\qdeNztk.exe

C:\Windows\System\cokblHW.exe

C:\Windows\System\cokblHW.exe

C:\Windows\System\MtHJEGv.exe

C:\Windows\System\MtHJEGv.exe

C:\Windows\System\ucDbeRf.exe

C:\Windows\System\ucDbeRf.exe

C:\Windows\System\wecOEgJ.exe

C:\Windows\System\wecOEgJ.exe

C:\Windows\System\BaVQxAe.exe

C:\Windows\System\BaVQxAe.exe

C:\Windows\System\vaGykJS.exe

C:\Windows\System\vaGykJS.exe

C:\Windows\System\EHnXOhx.exe

C:\Windows\System\EHnXOhx.exe

C:\Windows\System\BrwdwdI.exe

C:\Windows\System\BrwdwdI.exe

C:\Windows\System\YwOJlSs.exe

C:\Windows\System\YwOJlSs.exe

C:\Windows\System\yWwydfF.exe

C:\Windows\System\yWwydfF.exe

C:\Windows\System\icDayAb.exe

C:\Windows\System\icDayAb.exe

C:\Windows\System\cxZNlYj.exe

C:\Windows\System\cxZNlYj.exe

C:\Windows\System\ugWtogx.exe

C:\Windows\System\ugWtogx.exe

C:\Windows\System\UgwWTFC.exe

C:\Windows\System\UgwWTFC.exe

C:\Windows\System\iFrIbIu.exe

C:\Windows\System\iFrIbIu.exe

C:\Windows\System\fGneFjK.exe

C:\Windows\System\fGneFjK.exe

C:\Windows\System\xsyDZTl.exe

C:\Windows\System\xsyDZTl.exe

C:\Windows\System\mOylMVj.exe

C:\Windows\System\mOylMVj.exe

C:\Windows\System\gXpUkmC.exe

C:\Windows\System\gXpUkmC.exe

C:\Windows\System\RAdRUxE.exe

C:\Windows\System\RAdRUxE.exe

C:\Windows\System\QGAgoyV.exe

C:\Windows\System\QGAgoyV.exe

C:\Windows\System\EuiSdVE.exe

C:\Windows\System\EuiSdVE.exe

C:\Windows\System\bzcmAJK.exe

C:\Windows\System\bzcmAJK.exe

C:\Windows\System\aBNBzyQ.exe

C:\Windows\System\aBNBzyQ.exe

C:\Windows\System\Dghkwsf.exe

C:\Windows\System\Dghkwsf.exe

C:\Windows\System\aXcjTKm.exe

C:\Windows\System\aXcjTKm.exe

C:\Windows\System\NzCxSyG.exe

C:\Windows\System\NzCxSyG.exe

C:\Windows\System\FZgjjbo.exe

C:\Windows\System\FZgjjbo.exe

C:\Windows\System\pjixiNy.exe

C:\Windows\System\pjixiNy.exe

C:\Windows\System\bmnWsXv.exe

C:\Windows\System\bmnWsXv.exe

C:\Windows\System\SEjaFDp.exe

C:\Windows\System\SEjaFDp.exe

C:\Windows\System\mECMpNq.exe

C:\Windows\System\mECMpNq.exe

C:\Windows\System\fUKiWoT.exe

C:\Windows\System\fUKiWoT.exe

C:\Windows\System\wWGLJhY.exe

C:\Windows\System\wWGLJhY.exe

C:\Windows\System\Lvstjhb.exe

C:\Windows\System\Lvstjhb.exe

C:\Windows\System\dbVyaMF.exe

C:\Windows\System\dbVyaMF.exe

C:\Windows\System\rKufihi.exe

C:\Windows\System\rKufihi.exe

C:\Windows\System\OcVKFEw.exe

C:\Windows\System\OcVKFEw.exe

C:\Windows\System\MvJGsrO.exe

C:\Windows\System\MvJGsrO.exe

C:\Windows\System\XMgmMdM.exe

C:\Windows\System\XMgmMdM.exe

C:\Windows\System\ukMnSLL.exe

C:\Windows\System\ukMnSLL.exe

C:\Windows\System\Pemwvmz.exe

C:\Windows\System\Pemwvmz.exe

C:\Windows\System\zPdpNjq.exe

C:\Windows\System\zPdpNjq.exe

C:\Windows\System\oUnbApj.exe

C:\Windows\System\oUnbApj.exe

C:\Windows\System\HdlDcIs.exe

C:\Windows\System\HdlDcIs.exe

C:\Windows\System\ZDQzEZw.exe

C:\Windows\System\ZDQzEZw.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2284-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\FbgahWY.exe

MD5 e47e2b64af3534544c26ccf925949540
SHA1 26e8f1cbe9d720bffe3adda680dd5e7a9c718c65
SHA256 5d2e883a682bd6eb382c93c610987f31fc524aeaf851d1ea80ad45ef0f47d8f8
SHA512 8eb5bd21997909fe38b5da9eb995ea45aa5846e81e8bd5f7d52bc36889b6ab96372047388ac658f5e1bd4f7f6b6c98995fa3fa37d7f7240035a997d1338f3bff

\Windows\system\ArreUnX.exe

MD5 7212dba0f3ff8d514fed8a113b4033d9
SHA1 f44720e6bc88349e3ff3d3647e2501509056e290
SHA256 7140e80c2d3c0909cfc0ea8f1732f1a8647c87180cd72181adcc55039fd24eeb
SHA512 bb3d6b0b46b8fd1909983fe122104d4f545f2ef85b665aa874a01975c5a4f4eb64bd6c57f5d0b6a1ddaea6c9d9aed93f4c13b90f514138b1d789390c3e56e909

memory/1740-77-0x000000013F170000-0x000000013F4C4000-memory.dmp

\Windows\system\fzGsdCW.exe

MD5 96478ce4d9e9e9a1536bebb422919cdd
SHA1 94b4f683557d4c8b1465875a4f7ac664ce805c50
SHA256 d54b15ed18533dc1aecbb95296e22c45d5a8e1ff51adab27bfd7ca27908e4318
SHA512 e4819d4e43b13c26306f6078895d1bfc1fb2600cdf36068b7433abc4e17d112e14a82b24941ff8e1b1a447aa5a2e818fdda26427fb090c0b71826c3b479d3182

memory/2284-53-0x000000013FA80000-0x000000013FDD4000-memory.dmp

C:\Windows\system\MGYCWOR.exe

MD5 2a449cd1edeb6a9e8e388ae1d354083b
SHA1 2f3711b732aec47f69a578da3563accfaaaed400
SHA256 35a082b37e85fb19c865eee9c988a86712bf73c928b301ba771e97b83913b168
SHA512 1aec5792788cf6f66d7f66e850e951411e67e280b0a204f4576152c4e9d4310a868ff87c1863d0320a1cbc4ce6fc6bd7ca6ef277c58fceb959bfe83f43a410b5

C:\Windows\system\wqRawdD.exe

MD5 1e4d8daf9cbdbbd606f588079bc1e4fa
SHA1 48d995d6bab4f68a51a8b6777a9b4d2dd602bdb1
SHA256 79f37467f4e84365f3ecb19f3c5583458a22d6e6ae31f4b94a7800a73e9578c7
SHA512 3ebcb66619c329647010e81a108922441456636af556538b0b73ea3066e012fbfb839ec186031319ae3c9b1afc95bac88eefffe163b52a7fb77cf66b631555d0

C:\Windows\system\mBGugFR.exe

MD5 8d02013d4e612e51d6ae62d489ed3dbc
SHA1 be9f4258244b1b301f0db42249dc590ca9db865e
SHA256 0579a8324edcc9b8eb8c6bf77fb7f42a886918fc550d01cf226fb247cba6386c
SHA512 864ae63d19719156aa35a5d02f373626a140be58d8c7b2c3e2bf2a519daea19a6cfb0abbdb288cd53e3adae42abbdb307568cafe0ba243c538599b143740c97a

C:\Windows\system\KqBfMdS.exe

MD5 c68b29bbf1bd831be6fe82e340a96a59
SHA1 3b309d009441f5d5c9772b35e5e5adb1441412cc
SHA256 20ab50381d80f58baf05ede3e84704d991b81cef7aad8694cdf59ed60a177123
SHA512 c7d3da25f73945c41bec751304e7cf7b0e082811c95863665b3bd251d39a06bfcd7e8ffe7eea427324b0bcacb50d1a4a6a2595a942fc43b364ed2909e18afd1f

C:\Windows\system\DrMURJU.exe

MD5 79497c7308fee0d144fc30e424ea69ee
SHA1 28eecd3c65f50099846cf7def741096a4bb4de94
SHA256 19297eb9bb85f5366b9690c46fca315a1f38ae67a753dbd51dfe84d1fada620c
SHA512 cbf4b5392f217b7260fb142e62aeee93ee9f366672b2b15155e0eba9540b94c5a63f8102ba27f947fb09bef3d72ce9bd9694edf9f43f53354caf808635991e61

C:\Windows\system\pRlgvqn.exe

MD5 354c56eead88e3f81fa4091be2af5ca6
SHA1 02c39fec2d590247731fda8f3233971d6fda0845
SHA256 502445ceb7d31707660430d30763132eff5795934b76b6a791dc4d621eb4bc16
SHA512 75e3c242b91a7a720ae978f1c7c9c14bdefac4fbbe36a62b9a78105ae379f322fb42af49b33dd34bc63cd3374b8a73ff61a2a50cd5894434f36c683c5ae80343

memory/3036-85-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2344-84-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2576-83-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2548-82-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2284-81-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2284-80-0x000000013F420000-0x000000013F774000-memory.dmp

\Windows\system\IHCeQYO.exe

MD5 5877e5b3972c9426b51928bd0c595683
SHA1 e58ab38127eaac90c46f26e20b4c1ad833ca0f37
SHA256 060fab8e61191f6aaf1d87494c7c5fb9f7330f8e02dbce061c11c7e953c4533f
SHA512 ab3a93d80906aa4400cb942a630404649f5164baba28ff6fffd7e73f9f3f095fdd4551d41f06d571e3fd533b8fd5a8e535006705ca4c38bc95b2901d5278cd98

memory/2748-73-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/2368-72-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2284-69-0x000000013F670000-0x000000013F9C4000-memory.dmp

C:\Windows\system\DZxzrgH.exe

MD5 e5fa2951e73df64a7a10d8818277756d
SHA1 14975303a9f395cd7ade5c61f0a797d4beb4ac98
SHA256 747e488de34cbd2709f47b011ddac1cab1e2664415a6075e0c79e40646247e6f
SHA512 fcf47a639b42cc09681d03b60ec69b5933d12cf3311381a8ab0f4bca00b3d058c1dbb69431da1671a49039d62cdeb12de4ab30de967bbc05b42ad8b5165cd927

memory/2284-58-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-46-0x000000013F590000-0x000000013F8E4000-memory.dmp

C:\Windows\system\RCPhcSD.exe

MD5 03c7310c8024c6172b4949252b6f9e3c
SHA1 cde8b209ea92bf579d8e2a6acd8a9a84e17c7b6d
SHA256 28bccca18aa33fd7f37f02ac7fa7bb527d5357d38c64bcd2aaa6574227da6bac
SHA512 c8f3f1e09835f44fa56d881dd7b424d0d26a613c3b8a68005a8612b23be7fce14e847e9fbb8599760fa96bf9b75b0908808d27a74537d49801d65129c5413249

C:\Windows\system\XxnXYYn.exe

MD5 1a1ab2962e95c86172f4782f29f5356c
SHA1 41b198761f8a4adf15cd7143c5621d4f7d58f569
SHA256 812d9adbb27aef47617f1380c1cc9ff3f27ed81ed75b84cdc72087d2ac12ef47
SHA512 7abb3de6fd283046d91919658b6409835aca0bf002fed7c46a1898b18b1af0323c1708ff8e6f9858f495103d4d04e9ae42d1f9cdc9b655bc997cae6526a62f2e

C:\Windows\system\jtBBjAg.exe

MD5 88e00aad360acddbd3d14b6e3c688ca9
SHA1 b9710a46e875bb083474ea85cdc99703de55e4ad
SHA256 0eeeb162873655d328d0e1f549d40033591b080579dbb747f677913f1b3c6213
SHA512 e197c75c4b1ecbf4d9e58509ec7d6988c42b82a4c7e70521318f2e45c61147938f3089744631f341b657b202db1635e1eae40fa95e131992e7fee49a4c94069c

memory/2284-35-0x000000013FA10000-0x000000013FD64000-memory.dmp

C:\Windows\system\ObnXdep.exe

MD5 245a8dc7862ba4e7abbea54e280025d2
SHA1 a1d2d14c393d38ac3235f85a31ab0a6eb3c66a0f
SHA256 77e51125b56f2cf9750e39fb7d3cff2262b24ea703fc94918773a88d8b657487
SHA512 6d8bfc18e29553a043964cf3ce38e1a32fbf4c28a70603670cc4557be3d1f9c78c8d13cead0fb02f3d37dcb6a8047a30e9fa4fb7bc4757f02b7bfef0c8c5ed0b

C:\Windows\system\puMkntO.exe

MD5 e5097f9b3b04fff4172673ad1108c029
SHA1 eac4a1a883cd301210f0da5b4de682addd3b8716
SHA256 b3f356670c1510565b2683a93db2fb373b66805cd74c5ff963c213f59d2f53cb
SHA512 e2671651b0e5d032d16db997a42a797f79bf40fcdd680b3bde7adc0e31163b2422d9d5aaa3092832d807c3a5800a951926dee77c7dc1961f60c67bd61178e35e

C:\Windows\system\eDCphIM.exe

MD5 b250a872586b5448a3916412fd0ef953
SHA1 ab7bbb1546041510224f2c01cc1b95f0328a0e6c
SHA256 5fe74eaec52878a8e6b49b99ddfb66abfae423d5b7c1ed6959b6cae658964a6e
SHA512 790ed1ed1a48a4a9738fcebe350cc89a5eb6c96ef3ad309fda2420679ec1f13cc42aa769ef45ec471695856a10630d134ad932e5e4bfcacef78acf586084dc66

C:\Windows\system\ABUNbPN.exe

MD5 2c1afe72619e3c4622334db0dc36299f
SHA1 4622c5756a8cf7aecea44e7e2d2d04556be50235
SHA256 76923d32dcfc428d83af5acd2f76fde5ad5b24b01eb71806e848f303b3aa185c
SHA512 4fbee6dd3299d1993913d04033b3ecbdd6a532567932617148654098080631387e0c9586310d56cde878fa57c3b640b7540e6ff8571005f94b6570fa16f42e49

C:\Windows\system\WfTbAMd.exe

MD5 9652cf5d7166384deb19f3398ed8db8e
SHA1 cbe920ee05a4fdaa14e838b3c934eda3470b1bd8
SHA256 57154f8d6e2dc48e0d951531c51f7993706cd45b26f7e4057ddf8b0aac108c2e
SHA512 053537e35308f32d7043aeec0d58b1b9e8ac2152c11ab84bc0c6cac6a8297f6119913d67276c4de45fb703fab967271224691f77d43eaa128c600cca6d7fe511

C:\Windows\system\JltVZFr.exe

MD5 8ec9f62e9b8bbdaf27270d2c4c2fccf5
SHA1 e287bcd8dd86f973907f1c6af30c88246bc86a53
SHA256 82e1487fa6f666da54ffaa64d94c736cbb31697455c219c677f6c2b47ca6cf2a
SHA512 ad6e81e865e60186f63c9a82f4fe796f12f886265d10fd64600cfe3da55b241af9a18bc03950ab6b45270577a7b7ab1430f240e23cfcb119be822fd525d50dae

memory/2852-522-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2284-540-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2284-541-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2284-539-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2112-538-0x000000013FA10000-0x000000013FD64000-memory.dmp

memory/2284-532-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-542-0x000000013FE30000-0x0000000140184000-memory.dmp

memory/2724-547-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2284-546-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-545-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2284-544-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-543-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2644-526-0x000000013F670000-0x000000013F9C4000-memory.dmp

C:\Windows\system\AbDhBVh.exe

MD5 d9a27a0de715f9a1a852e88ef28fe619
SHA1 8106e276ce4c6587a434c3c6658fe2d191dc1724
SHA256 6158b4ac4c6d744a48a6f6f242ee64f16fd51c8bc2151cd0e8c7c196498124d9
SHA512 f5c1aa37e08bad8266496c96b877e67caac62bbbf0a089fb1f50c14c0de27f351fd1bcc5af88a468a72a5786426d4401151c0ffbff6c8a887aaba4c4317ac721

C:\Windows\system\poETBPT.exe

MD5 ae867673db4fabe043a43eb1a855cfa7
SHA1 5a2ed59db97b439d7710fdfcfc1faca3fe987263
SHA256 784e7d294447f694c9ea892c70ac5c706a787f11000d15c0221ee8cefba2f040
SHA512 421f735f39ac6e18a41550fffe85294a16ec226b83b4b1ac34fe32a4b8fc51421b33db1f9b71a3c3cd215a500463d8350f87cb7d930e2d41475fe460c1c88a5d

C:\Windows\system\YLgYepV.exe

MD5 d711b277462c4a1fef94838eb804f512
SHA1 fecedca2dc63d236b6bc02e4176e01352018fbd2
SHA256 9375fb9f24f36ff241f9198b08883e788cad8cf87ea23cfb4e4e7ca5933971ef
SHA512 7ee3e2748ec83c96339fe970fe8eb51d1f14b08722c56fa4ec906b55567d6ca1193ccc6f1c28addd2a6aea979bbe648e3bdd4c97a7c80d03f16c6c882dea257f

C:\Windows\system\kiOZeiy.exe

MD5 2dc7cbde217d68b88c2a873341beb4a6
SHA1 7fda2ace751cad070ba317a52019a53a2a0ea034
SHA256 9510343e419cb4b7fea37b9cead9e07548ddb9c6fb891cd79f81c3ffbb023202
SHA512 73b864be397da1ff5eee94e6955a4b78d74bad9c96174a77874dd7af67c38bd5df6473c060a2ce54b1a6e437ddf6766d11d2aa81a83fa65049a86a8a8cac6d8d

C:\Windows\system\nnElpds.exe

MD5 ab2d1fabf817cd77ebcd7a09dc9a15d6
SHA1 952c25879b960f86a96237a0cefc7cd07cc942d1
SHA256 ca9b94da0aaa03ce813d8c3c19eaf16ddd49ff7e6b843c132cb65101a0ab3cea
SHA512 6716d037a8005bffbcc647c55eff086b97b7d53362c2d5df097126bcc90c4999c06474fafece5cfd3b4f55c36f09347a0e7d5c73dca4e8e1c21fe3041f29f7d6

C:\Windows\system\MgUVAve.exe

MD5 deee34ab479ecf930cc9987ea05860ae
SHA1 bc246be80b9683e0936733612354269bb837b8ff
SHA256 6240b794dc3cf25f6981bdba1c0744202e78c30bb340a19a2384e47f64a08c19
SHA512 a8de336d289b636159935eb671913f6a06a88cebcb76fd600442d7c3dd6aae7a875ab1204ba8ed2c97293140d0beb52023864a14b87a7e94b579236bedac9ac0

C:\Windows\system\gxirShJ.exe

MD5 b5816bd9444260c8397db095f50f4b24
SHA1 bad047b37b5dd61a63aa02d635170cbfce55d9bb
SHA256 4e37c6b872876223e9ddd3e11a530b78b8650bbbd82186d15108f7c0820b4b22
SHA512 6a405b237f88a857604635875af9aef09a45a5d19065ff8a6427fe18ba08c75edcc361b4fa221ba1ea431c44cacf252497901102eee03c69dd01e42ea0c4a4f0

C:\Windows\system\pBIdeIF.exe

MD5 dd8fd3e13b519736ea309917ea8f694c
SHA1 147292d00189af0cf697aa9bbe5023667d4dcdc4
SHA256 5cf272662b49ee55164f63bf1a81c0696a83b96bad5aa58b3c78c45092709b22
SHA512 9a4a18f6d4c83b1d3823da180cfa67aa005c7ae1aff311be85493c7f79d32043df82e098b0fedff07f6112fd1c362f11f1e4966c0a2e87c6e60a2895048b993b

C:\Windows\system\YTtjNUz.exe

MD5 017d1d2d0dec751f9a9942b4e235729d
SHA1 95423c10ae27cfd0462d0b2d61830790e702d839
SHA256 23926ab0ad2f845e2af21b68898139f48466d4acd71dffe075dc5ebdb443d04b
SHA512 9f12b754732122a3dd80924f0aed9a451b560e5b78a9e89c37acf2345c59b4dcc32ffc1addc685394abc6a473e5548140e488e186ff6a6d2d74cc15c1bd6e8f5

C:\Windows\system\esbFTkF.exe

MD5 91e1ad7811ae48607224ff5e030b6efc
SHA1 9e83eca0e8c2a770a1f795230ef7956c8ab402fb
SHA256 2d3e5dfa699e87320fd80316f1887366ae03bd3a098ab74ee8e9da53f71902eb
SHA512 0393106c3d907e6c357a65da10f64b796eef0ff88dcca3cff2b207529fd07bb9a1e490bbe37f981a6c35773bd9970efa8daca7e7bf4da29c497fd43fa47e6a84

C:\Windows\system\jNLFOqD.exe

MD5 4d8aa32cfae9c0cece4d00eb97f7e4a7
SHA1 afdc2fc50deb9dc5e9cb4e4a3f3a2f1dd049a0f3
SHA256 fc2eb79316f26c08152c5869c65e9f342195fce76e47db5448a25ffda983a9d1
SHA512 e83875a9a8abaae3889d7b75eba84035f3d44acfe61c01ccbafca7a459dd5c011f4bc566a7d9f640e27705ac7dc4f8ccd35115793b2b0d33e1847882abc029a5

C:\Windows\system\pwxUwIq.exe

MD5 6b197c1a0ed333d6ab9e9499fb5ba20e
SHA1 340be4da9f0273ade637093a947a89265e815ddd
SHA256 a448401081f3f2e82385f526b6d1d0f5ae0aee6e6d7ccf5f8439bb68d42c6916
SHA512 099689841020d520c790eb4a1b3a63a06d8845f830e68c97d3038dbc2139853c4ac2c6d343f006793f19fb28478896e9ca9716939bdc55a5bf663f60240066ab

memory/2920-25-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2284-8-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

memory/2284-1069-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

memory/2920-1070-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2284-1071-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-1072-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-1073-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-1075-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2284-1074-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2284-1076-0x000000013FE30000-0x0000000140184000-memory.dmp

memory/2284-1077-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2284-1078-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2284-1079-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2284-1080-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2112-1082-0x000000013FA10000-0x000000013FD64000-memory.dmp

memory/2920-1081-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2368-1084-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/1740-1083-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2748-1085-0x000000013F2B0000-0x000000013F604000-memory.dmp

memory/2548-1087-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2576-1086-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/3036-1088-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2344-1089-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2852-1090-0x000000013FC20000-0x000000013FF74000-memory.dmp

memory/2644-1092-0x000000013F670000-0x000000013F9C4000-memory.dmp

memory/2724-1091-0x000000013F350000-0x000000013F6A4000-memory.dmp