Malware Analysis Report

2024-10-10 09:31

Sample ID 240628-ylhb2atbrl
Target a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe
SHA256 a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73

Threat Level: Known bad

The file a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

xmrig

Xmrig family

KPOT Core Executable

XMRig Miner payload

Kpot family

KPOT

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-28 19:52

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 19:52

Reported

2024-06-28 19:54

Platform

win7-20240221-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\uTgVtxL.exe N/A
N/A N/A C:\Windows\System\kZtSBAo.exe N/A
N/A N/A C:\Windows\System\NVKgYxn.exe N/A
N/A N/A C:\Windows\System\qhPJgXR.exe N/A
N/A N/A C:\Windows\System\dTrpGIk.exe N/A
N/A N/A C:\Windows\System\DbGYwCk.exe N/A
N/A N/A C:\Windows\System\VQqgWlW.exe N/A
N/A N/A C:\Windows\System\HMqCjRV.exe N/A
N/A N/A C:\Windows\System\HuNLcdJ.exe N/A
N/A N/A C:\Windows\System\hSnUqDo.exe N/A
N/A N/A C:\Windows\System\HIAHxSU.exe N/A
N/A N/A C:\Windows\System\iLJQOrF.exe N/A
N/A N/A C:\Windows\System\sqgzFcj.exe N/A
N/A N/A C:\Windows\System\JrGjiFY.exe N/A
N/A N/A C:\Windows\System\QLNQNax.exe N/A
N/A N/A C:\Windows\System\bOJAyeF.exe N/A
N/A N/A C:\Windows\System\CbiaKLp.exe N/A
N/A N/A C:\Windows\System\gJPagJW.exe N/A
N/A N/A C:\Windows\System\TJXMPnz.exe N/A
N/A N/A C:\Windows\System\MFmKhRR.exe N/A
N/A N/A C:\Windows\System\lowQMCm.exe N/A
N/A N/A C:\Windows\System\XSnetkE.exe N/A
N/A N/A C:\Windows\System\QrrSrsz.exe N/A
N/A N/A C:\Windows\System\tynbmHG.exe N/A
N/A N/A C:\Windows\System\MTUnzeM.exe N/A
N/A N/A C:\Windows\System\gsPfXRx.exe N/A
N/A N/A C:\Windows\System\rGAKhmy.exe N/A
N/A N/A C:\Windows\System\BOtOluc.exe N/A
N/A N/A C:\Windows\System\hNqerRG.exe N/A
N/A N/A C:\Windows\System\QqKGORs.exe N/A
N/A N/A C:\Windows\System\IBcmSCc.exe N/A
N/A N/A C:\Windows\System\gepsGGc.exe N/A
N/A N/A C:\Windows\System\AZOEshd.exe N/A
N/A N/A C:\Windows\System\lEtHCva.exe N/A
N/A N/A C:\Windows\System\lKUYpOk.exe N/A
N/A N/A C:\Windows\System\RqTRCot.exe N/A
N/A N/A C:\Windows\System\nChmEkZ.exe N/A
N/A N/A C:\Windows\System\ihNDaLF.exe N/A
N/A N/A C:\Windows\System\gEFIhPE.exe N/A
N/A N/A C:\Windows\System\zRVOQHr.exe N/A
N/A N/A C:\Windows\System\LGaztia.exe N/A
N/A N/A C:\Windows\System\lCLbScT.exe N/A
N/A N/A C:\Windows\System\madFMwi.exe N/A
N/A N/A C:\Windows\System\meNWcAV.exe N/A
N/A N/A C:\Windows\System\WodAJQG.exe N/A
N/A N/A C:\Windows\System\lMpbEcx.exe N/A
N/A N/A C:\Windows\System\MImksDA.exe N/A
N/A N/A C:\Windows\System\YlkfRzS.exe N/A
N/A N/A C:\Windows\System\BoMZRZv.exe N/A
N/A N/A C:\Windows\System\KtPCCyR.exe N/A
N/A N/A C:\Windows\System\PteAHHx.exe N/A
N/A N/A C:\Windows\System\ZbjLYLn.exe N/A
N/A N/A C:\Windows\System\ncrAqZU.exe N/A
N/A N/A C:\Windows\System\IsZxvWR.exe N/A
N/A N/A C:\Windows\System\jnBzUDQ.exe N/A
N/A N/A C:\Windows\System\tByCJsN.exe N/A
N/A N/A C:\Windows\System\zpqrdba.exe N/A
N/A N/A C:\Windows\System\YwLrZex.exe N/A
N/A N/A C:\Windows\System\SMOvGhy.exe N/A
N/A N/A C:\Windows\System\GbBbnPJ.exe N/A
N/A N/A C:\Windows\System\iAXvcbY.exe N/A
N/A N/A C:\Windows\System\EnYvCJQ.exe N/A
N/A N/A C:\Windows\System\NCoDFYH.exe N/A
N/A N/A C:\Windows\System\ueJGYpW.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NpHoPND.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\DbGYwCk.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\iGkjnou.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\IkUkCMV.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyBZPMd.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\unUfhEh.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvYusMe.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCLbScT.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuqObih.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\EczXIch.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\KorHHWi.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZIFKZvA.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsPfXRx.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\PteAHHx.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\HMqCjRV.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBcmSCc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\zyvpRdf.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\foUcUOe.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgvjSbB.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZohukU.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ncrAqZU.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\EnYvCJQ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmSnWwY.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAOsYEZ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxrAceI.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKRTEsc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\AadUYJF.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARAZGDe.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlMBRNu.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\FDfUvrv.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsqRkaI.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJPkszv.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkSozbc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\YusEPtr.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmtPEKm.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\iLJQOrF.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\CSdjZRz.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\EStjUIj.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\xgbFJwJ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXqHiFp.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElwNoDl.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoSKTSC.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\EluzfHT.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWvXfEY.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwCtdoc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lowQMCm.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqTRCot.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILHrbig.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\mXFUlGK.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdRgjKx.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNqerRG.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfCNdUl.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\urdHzKo.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXipFIb.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\YtasbcP.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLYygoI.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbiaKLp.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\NCoDFYH.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqtXtvZ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKfKHre.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpBDuvP.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYuOjoS.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\gepsGGc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQBQyZm.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\uTgVtxL.exe
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\uTgVtxL.exe
PID 2008 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\uTgVtxL.exe
PID 2008 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\kZtSBAo.exe
PID 2008 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\kZtSBAo.exe
PID 2008 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\kZtSBAo.exe
PID 2008 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\NVKgYxn.exe
PID 2008 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\NVKgYxn.exe
PID 2008 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\NVKgYxn.exe
PID 2008 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\qhPJgXR.exe
PID 2008 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\qhPJgXR.exe
PID 2008 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\qhPJgXR.exe
PID 2008 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\dTrpGIk.exe
PID 2008 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\dTrpGIk.exe
PID 2008 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\dTrpGIk.exe
PID 2008 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\DbGYwCk.exe
PID 2008 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\DbGYwCk.exe
PID 2008 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\DbGYwCk.exe
PID 2008 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\VQqgWlW.exe
PID 2008 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\VQqgWlW.exe
PID 2008 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\VQqgWlW.exe
PID 2008 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HMqCjRV.exe
PID 2008 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HMqCjRV.exe
PID 2008 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HMqCjRV.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HuNLcdJ.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HuNLcdJ.exe
PID 2008 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HuNLcdJ.exe
PID 2008 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\hSnUqDo.exe
PID 2008 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\hSnUqDo.exe
PID 2008 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\hSnUqDo.exe
PID 2008 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HIAHxSU.exe
PID 2008 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HIAHxSU.exe
PID 2008 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HIAHxSU.exe
PID 2008 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\iLJQOrF.exe
PID 2008 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\iLJQOrF.exe
PID 2008 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\iLJQOrF.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\sqgzFcj.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\sqgzFcj.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\sqgzFcj.exe
PID 2008 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\JrGjiFY.exe
PID 2008 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\JrGjiFY.exe
PID 2008 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\JrGjiFY.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\QLNQNax.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\QLNQNax.exe
PID 2008 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\QLNQNax.exe
PID 2008 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\bOJAyeF.exe
PID 2008 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\bOJAyeF.exe
PID 2008 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\bOJAyeF.exe
PID 2008 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\CbiaKLp.exe
PID 2008 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\CbiaKLp.exe
PID 2008 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\CbiaKLp.exe
PID 2008 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\gJPagJW.exe
PID 2008 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\gJPagJW.exe
PID 2008 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\gJPagJW.exe
PID 2008 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\TJXMPnz.exe
PID 2008 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\TJXMPnz.exe
PID 2008 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\TJXMPnz.exe
PID 2008 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\MFmKhRR.exe
PID 2008 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\MFmKhRR.exe
PID 2008 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\MFmKhRR.exe
PID 2008 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lowQMCm.exe
PID 2008 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lowQMCm.exe
PID 2008 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lowQMCm.exe
PID 2008 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\XSnetkE.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe"

C:\Windows\System\uTgVtxL.exe

C:\Windows\System\uTgVtxL.exe

C:\Windows\System\kZtSBAo.exe

C:\Windows\System\kZtSBAo.exe

C:\Windows\System\NVKgYxn.exe

C:\Windows\System\NVKgYxn.exe

C:\Windows\System\qhPJgXR.exe

C:\Windows\System\qhPJgXR.exe

C:\Windows\System\dTrpGIk.exe

C:\Windows\System\dTrpGIk.exe

C:\Windows\System\DbGYwCk.exe

C:\Windows\System\DbGYwCk.exe

C:\Windows\System\VQqgWlW.exe

C:\Windows\System\VQqgWlW.exe

C:\Windows\System\HMqCjRV.exe

C:\Windows\System\HMqCjRV.exe

C:\Windows\System\HuNLcdJ.exe

C:\Windows\System\HuNLcdJ.exe

C:\Windows\System\hSnUqDo.exe

C:\Windows\System\hSnUqDo.exe

C:\Windows\System\HIAHxSU.exe

C:\Windows\System\HIAHxSU.exe

C:\Windows\System\iLJQOrF.exe

C:\Windows\System\iLJQOrF.exe

C:\Windows\System\sqgzFcj.exe

C:\Windows\System\sqgzFcj.exe

C:\Windows\System\JrGjiFY.exe

C:\Windows\System\JrGjiFY.exe

C:\Windows\System\QLNQNax.exe

C:\Windows\System\QLNQNax.exe

C:\Windows\System\bOJAyeF.exe

C:\Windows\System\bOJAyeF.exe

C:\Windows\System\CbiaKLp.exe

C:\Windows\System\CbiaKLp.exe

C:\Windows\System\gJPagJW.exe

C:\Windows\System\gJPagJW.exe

C:\Windows\System\TJXMPnz.exe

C:\Windows\System\TJXMPnz.exe

C:\Windows\System\MFmKhRR.exe

C:\Windows\System\MFmKhRR.exe

C:\Windows\System\lowQMCm.exe

C:\Windows\System\lowQMCm.exe

C:\Windows\System\XSnetkE.exe

C:\Windows\System\XSnetkE.exe

C:\Windows\System\QrrSrsz.exe

C:\Windows\System\QrrSrsz.exe

C:\Windows\System\tynbmHG.exe

C:\Windows\System\tynbmHG.exe

C:\Windows\System\MTUnzeM.exe

C:\Windows\System\MTUnzeM.exe

C:\Windows\System\gsPfXRx.exe

C:\Windows\System\gsPfXRx.exe

C:\Windows\System\rGAKhmy.exe

C:\Windows\System\rGAKhmy.exe

C:\Windows\System\BOtOluc.exe

C:\Windows\System\BOtOluc.exe

C:\Windows\System\hNqerRG.exe

C:\Windows\System\hNqerRG.exe

C:\Windows\System\QqKGORs.exe

C:\Windows\System\QqKGORs.exe

C:\Windows\System\IBcmSCc.exe

C:\Windows\System\IBcmSCc.exe

C:\Windows\System\gepsGGc.exe

C:\Windows\System\gepsGGc.exe

C:\Windows\System\AZOEshd.exe

C:\Windows\System\AZOEshd.exe

C:\Windows\System\lEtHCva.exe

C:\Windows\System\lEtHCva.exe

C:\Windows\System\lKUYpOk.exe

C:\Windows\System\lKUYpOk.exe

C:\Windows\System\RqTRCot.exe

C:\Windows\System\RqTRCot.exe

C:\Windows\System\nChmEkZ.exe

C:\Windows\System\nChmEkZ.exe

C:\Windows\System\ihNDaLF.exe

C:\Windows\System\ihNDaLF.exe

C:\Windows\System\gEFIhPE.exe

C:\Windows\System\gEFIhPE.exe

C:\Windows\System\zRVOQHr.exe

C:\Windows\System\zRVOQHr.exe

C:\Windows\System\LGaztia.exe

C:\Windows\System\LGaztia.exe

C:\Windows\System\lCLbScT.exe

C:\Windows\System\lCLbScT.exe

C:\Windows\System\madFMwi.exe

C:\Windows\System\madFMwi.exe

C:\Windows\System\meNWcAV.exe

C:\Windows\System\meNWcAV.exe

C:\Windows\System\WodAJQG.exe

C:\Windows\System\WodAJQG.exe

C:\Windows\System\lMpbEcx.exe

C:\Windows\System\lMpbEcx.exe

C:\Windows\System\MImksDA.exe

C:\Windows\System\MImksDA.exe

C:\Windows\System\YlkfRzS.exe

C:\Windows\System\YlkfRzS.exe

C:\Windows\System\BoMZRZv.exe

C:\Windows\System\BoMZRZv.exe

C:\Windows\System\KtPCCyR.exe

C:\Windows\System\KtPCCyR.exe

C:\Windows\System\PteAHHx.exe

C:\Windows\System\PteAHHx.exe

C:\Windows\System\ZbjLYLn.exe

C:\Windows\System\ZbjLYLn.exe

C:\Windows\System\ncrAqZU.exe

C:\Windows\System\ncrAqZU.exe

C:\Windows\System\IsZxvWR.exe

C:\Windows\System\IsZxvWR.exe

C:\Windows\System\jnBzUDQ.exe

C:\Windows\System\jnBzUDQ.exe

C:\Windows\System\tByCJsN.exe

C:\Windows\System\tByCJsN.exe

C:\Windows\System\zpqrdba.exe

C:\Windows\System\zpqrdba.exe

C:\Windows\System\YwLrZex.exe

C:\Windows\System\YwLrZex.exe

C:\Windows\System\SMOvGhy.exe

C:\Windows\System\SMOvGhy.exe

C:\Windows\System\GbBbnPJ.exe

C:\Windows\System\GbBbnPJ.exe

C:\Windows\System\iAXvcbY.exe

C:\Windows\System\iAXvcbY.exe

C:\Windows\System\EnYvCJQ.exe

C:\Windows\System\EnYvCJQ.exe

C:\Windows\System\NCoDFYH.exe

C:\Windows\System\NCoDFYH.exe

C:\Windows\System\ueJGYpW.exe

C:\Windows\System\ueJGYpW.exe

C:\Windows\System\qrhkAwE.exe

C:\Windows\System\qrhkAwE.exe

C:\Windows\System\jmPPHzS.exe

C:\Windows\System\jmPPHzS.exe

C:\Windows\System\EjrwbMO.exe

C:\Windows\System\EjrwbMO.exe

C:\Windows\System\bsoSwYg.exe

C:\Windows\System\bsoSwYg.exe

C:\Windows\System\vTitiym.exe

C:\Windows\System\vTitiym.exe

C:\Windows\System\hxcbkIr.exe

C:\Windows\System\hxcbkIr.exe

C:\Windows\System\NgxlovK.exe

C:\Windows\System\NgxlovK.exe

C:\Windows\System\dgTYIih.exe

C:\Windows\System\dgTYIih.exe

C:\Windows\System\JsiWIMt.exe

C:\Windows\System\JsiWIMt.exe

C:\Windows\System\KLdWvvu.exe

C:\Windows\System\KLdWvvu.exe

C:\Windows\System\laTCtSe.exe

C:\Windows\System\laTCtSe.exe

C:\Windows\System\ElwNoDl.exe

C:\Windows\System\ElwNoDl.exe

C:\Windows\System\QlMBRNu.exe

C:\Windows\System\QlMBRNu.exe

C:\Windows\System\JuqObih.exe

C:\Windows\System\JuqObih.exe

C:\Windows\System\xwxQeGH.exe

C:\Windows\System\xwxQeGH.exe

C:\Windows\System\PARTOfF.exe

C:\Windows\System\PARTOfF.exe

C:\Windows\System\lIZXrHw.exe

C:\Windows\System\lIZXrHw.exe

C:\Windows\System\FDfUvrv.exe

C:\Windows\System\FDfUvrv.exe

C:\Windows\System\huxWKQg.exe

C:\Windows\System\huxWKQg.exe

C:\Windows\System\EczXIch.exe

C:\Windows\System\EczXIch.exe

C:\Windows\System\CrAEBmi.exe

C:\Windows\System\CrAEBmi.exe

C:\Windows\System\mdSrTLV.exe

C:\Windows\System\mdSrTLV.exe

C:\Windows\System\iGkjnou.exe

C:\Windows\System\iGkjnou.exe

C:\Windows\System\lfCNdUl.exe

C:\Windows\System\lfCNdUl.exe

C:\Windows\System\AwAiSzg.exe

C:\Windows\System\AwAiSzg.exe

C:\Windows\System\DjIKXYD.exe

C:\Windows\System\DjIKXYD.exe

C:\Windows\System\fGqgkXU.exe

C:\Windows\System\fGqgkXU.exe

C:\Windows\System\ZmSnWwY.exe

C:\Windows\System\ZmSnWwY.exe

C:\Windows\System\VosBoxL.exe

C:\Windows\System\VosBoxL.exe

C:\Windows\System\mcFANHN.exe

C:\Windows\System\mcFANHN.exe

C:\Windows\System\xsqRkaI.exe

C:\Windows\System\xsqRkaI.exe

C:\Windows\System\zAODiJB.exe

C:\Windows\System\zAODiJB.exe

C:\Windows\System\nipRoLE.exe

C:\Windows\System\nipRoLE.exe

C:\Windows\System\xkGgRJE.exe

C:\Windows\System\xkGgRJE.exe

C:\Windows\System\gIYTlpH.exe

C:\Windows\System\gIYTlpH.exe

C:\Windows\System\arSAejv.exe

C:\Windows\System\arSAejv.exe

C:\Windows\System\OTIHTEg.exe

C:\Windows\System\OTIHTEg.exe

C:\Windows\System\PdIcXtu.exe

C:\Windows\System\PdIcXtu.exe

C:\Windows\System\tcQaOyM.exe

C:\Windows\System\tcQaOyM.exe

C:\Windows\System\KookiBD.exe

C:\Windows\System\KookiBD.exe

C:\Windows\System\bIzLALH.exe

C:\Windows\System\bIzLALH.exe

C:\Windows\System\wRKqiur.exe

C:\Windows\System\wRKqiur.exe

C:\Windows\System\OlRmTWi.exe

C:\Windows\System\OlRmTWi.exe

C:\Windows\System\lXvAIFC.exe

C:\Windows\System\lXvAIFC.exe

C:\Windows\System\ixoSuFA.exe

C:\Windows\System\ixoSuFA.exe

C:\Windows\System\urdHzKo.exe

C:\Windows\System\urdHzKo.exe

C:\Windows\System\sTInmLB.exe

C:\Windows\System\sTInmLB.exe

C:\Windows\System\aftQoqv.exe

C:\Windows\System\aftQoqv.exe

C:\Windows\System\IkUkCMV.exe

C:\Windows\System\IkUkCMV.exe

C:\Windows\System\OqjHDvu.exe

C:\Windows\System\OqjHDvu.exe

C:\Windows\System\GBjqLYG.exe

C:\Windows\System\GBjqLYG.exe

C:\Windows\System\xoSKTSC.exe

C:\Windows\System\xoSKTSC.exe

C:\Windows\System\LEINdaO.exe

C:\Windows\System\LEINdaO.exe

C:\Windows\System\umShxop.exe

C:\Windows\System\umShxop.exe

C:\Windows\System\uSqVnUT.exe

C:\Windows\System\uSqVnUT.exe

C:\Windows\System\lNEkVlf.exe

C:\Windows\System\lNEkVlf.exe

C:\Windows\System\ICdieBn.exe

C:\Windows\System\ICdieBn.exe

C:\Windows\System\dAOsYEZ.exe

C:\Windows\System\dAOsYEZ.exe

C:\Windows\System\BVFZETF.exe

C:\Windows\System\BVFZETF.exe

C:\Windows\System\HjegOGy.exe

C:\Windows\System\HjegOGy.exe

C:\Windows\System\zykWPDy.exe

C:\Windows\System\zykWPDy.exe

C:\Windows\System\PFTqbxm.exe

C:\Windows\System\PFTqbxm.exe

C:\Windows\System\yrIwgAi.exe

C:\Windows\System\yrIwgAi.exe

C:\Windows\System\vQcjoee.exe

C:\Windows\System\vQcjoee.exe

C:\Windows\System\rmtPEKm.exe

C:\Windows\System\rmtPEKm.exe

C:\Windows\System\PpbMftj.exe

C:\Windows\System\PpbMftj.exe

C:\Windows\System\QhPXpYe.exe

C:\Windows\System\QhPXpYe.exe

C:\Windows\System\QjtkAHt.exe

C:\Windows\System\QjtkAHt.exe

C:\Windows\System\ZJPkszv.exe

C:\Windows\System\ZJPkszv.exe

C:\Windows\System\CSdjZRz.exe

C:\Windows\System\CSdjZRz.exe

C:\Windows\System\cYHseYv.exe

C:\Windows\System\cYHseYv.exe

C:\Windows\System\kyBZPMd.exe

C:\Windows\System\kyBZPMd.exe

C:\Windows\System\mfCfduH.exe

C:\Windows\System\mfCfduH.exe

C:\Windows\System\jWhKDvE.exe

C:\Windows\System\jWhKDvE.exe

C:\Windows\System\HvbtgHP.exe

C:\Windows\System\HvbtgHP.exe

C:\Windows\System\BqVHbZQ.exe

C:\Windows\System\BqVHbZQ.exe

C:\Windows\System\UJxvzPE.exe

C:\Windows\System\UJxvzPE.exe

C:\Windows\System\kdSyMaJ.exe

C:\Windows\System\kdSyMaJ.exe

C:\Windows\System\FRxWwZe.exe

C:\Windows\System\FRxWwZe.exe

C:\Windows\System\zwXiofs.exe

C:\Windows\System\zwXiofs.exe

C:\Windows\System\sGfZDBV.exe

C:\Windows\System\sGfZDBV.exe

C:\Windows\System\uCJppkw.exe

C:\Windows\System\uCJppkw.exe

C:\Windows\System\AaUITNk.exe

C:\Windows\System\AaUITNk.exe

C:\Windows\System\jfctjBi.exe

C:\Windows\System\jfctjBi.exe

C:\Windows\System\Vxmuwat.exe

C:\Windows\System\Vxmuwat.exe

C:\Windows\System\XRZxpMY.exe

C:\Windows\System\XRZxpMY.exe

C:\Windows\System\edthIqb.exe

C:\Windows\System\edthIqb.exe

C:\Windows\System\BKbTthX.exe

C:\Windows\System\BKbTthX.exe

C:\Windows\System\uhTGheW.exe

C:\Windows\System\uhTGheW.exe

C:\Windows\System\qkbBZgF.exe

C:\Windows\System\qkbBZgF.exe

C:\Windows\System\cQOkpbF.exe

C:\Windows\System\cQOkpbF.exe

C:\Windows\System\vKfELcS.exe

C:\Windows\System\vKfELcS.exe

C:\Windows\System\SxrAceI.exe

C:\Windows\System\SxrAceI.exe

C:\Windows\System\eSsDQAQ.exe

C:\Windows\System\eSsDQAQ.exe

C:\Windows\System\KffhrZZ.exe

C:\Windows\System\KffhrZZ.exe

C:\Windows\System\vXipFIb.exe

C:\Windows\System\vXipFIb.exe

C:\Windows\System\MvPDMgR.exe

C:\Windows\System\MvPDMgR.exe

C:\Windows\System\euhYnIR.exe

C:\Windows\System\euhYnIR.exe

C:\Windows\System\wUeaUda.exe

C:\Windows\System\wUeaUda.exe

C:\Windows\System\FsUoqVn.exe

C:\Windows\System\FsUoqVn.exe

C:\Windows\System\HeiLJUU.exe

C:\Windows\System\HeiLJUU.exe

C:\Windows\System\rIjDMIh.exe

C:\Windows\System\rIjDMIh.exe

C:\Windows\System\FFhVXUK.exe

C:\Windows\System\FFhVXUK.exe

C:\Windows\System\RWhkzfi.exe

C:\Windows\System\RWhkzfi.exe

C:\Windows\System\JXaUrZW.exe

C:\Windows\System\JXaUrZW.exe

C:\Windows\System\EtnIiET.exe

C:\Windows\System\EtnIiET.exe

C:\Windows\System\fnGixxk.exe

C:\Windows\System\fnGixxk.exe

C:\Windows\System\TUcPqAd.exe

C:\Windows\System\TUcPqAd.exe

C:\Windows\System\KlbbKHe.exe

C:\Windows\System\KlbbKHe.exe

C:\Windows\System\WOBcTPQ.exe

C:\Windows\System\WOBcTPQ.exe

C:\Windows\System\EStjUIj.exe

C:\Windows\System\EStjUIj.exe

C:\Windows\System\YsfsKQE.exe

C:\Windows\System\YsfsKQE.exe

C:\Windows\System\tDYJDJs.exe

C:\Windows\System\tDYJDJs.exe

C:\Windows\System\EhUQiNO.exe

C:\Windows\System\EhUQiNO.exe

C:\Windows\System\FQBQyZm.exe

C:\Windows\System\FQBQyZm.exe

C:\Windows\System\PFQjqeO.exe

C:\Windows\System\PFQjqeO.exe

C:\Windows\System\IXvBkgL.exe

C:\Windows\System\IXvBkgL.exe

C:\Windows\System\yPbybkW.exe

C:\Windows\System\yPbybkW.exe

C:\Windows\System\ERnbWvJ.exe

C:\Windows\System\ERnbWvJ.exe

C:\Windows\System\ZzbRLOy.exe

C:\Windows\System\ZzbRLOy.exe

C:\Windows\System\AEsyLVl.exe

C:\Windows\System\AEsyLVl.exe

C:\Windows\System\DytgqKZ.exe

C:\Windows\System\DytgqKZ.exe

C:\Windows\System\UYerUan.exe

C:\Windows\System\UYerUan.exe

C:\Windows\System\jgqGlLs.exe

C:\Windows\System\jgqGlLs.exe

C:\Windows\System\MayXoMH.exe

C:\Windows\System\MayXoMH.exe

C:\Windows\System\FHBJJrl.exe

C:\Windows\System\FHBJJrl.exe

C:\Windows\System\KorHHWi.exe

C:\Windows\System\KorHHWi.exe

C:\Windows\System\SxIvGnB.exe

C:\Windows\System\SxIvGnB.exe

C:\Windows\System\AadUYJF.exe

C:\Windows\System\AadUYJF.exe

C:\Windows\System\wTIHSoJ.exe

C:\Windows\System\wTIHSoJ.exe

C:\Windows\System\xgbFJwJ.exe

C:\Windows\System\xgbFJwJ.exe

C:\Windows\System\aCJvdwz.exe

C:\Windows\System\aCJvdwz.exe

C:\Windows\System\wlxBFxh.exe

C:\Windows\System\wlxBFxh.exe

C:\Windows\System\dkSozbc.exe

C:\Windows\System\dkSozbc.exe

C:\Windows\System\llwLWeK.exe

C:\Windows\System\llwLWeK.exe

C:\Windows\System\wPdhBug.exe

C:\Windows\System\wPdhBug.exe

C:\Windows\System\FttMrNX.exe

C:\Windows\System\FttMrNX.exe

C:\Windows\System\mguWKXB.exe

C:\Windows\System\mguWKXB.exe

C:\Windows\System\jOKbRDT.exe

C:\Windows\System\jOKbRDT.exe

C:\Windows\System\ILHrbig.exe

C:\Windows\System\ILHrbig.exe

C:\Windows\System\QIIXgoi.exe

C:\Windows\System\QIIXgoi.exe

C:\Windows\System\JtlfCAR.exe

C:\Windows\System\JtlfCAR.exe

C:\Windows\System\YusEPtr.exe

C:\Windows\System\YusEPtr.exe

C:\Windows\System\PSCLFUf.exe

C:\Windows\System\PSCLFUf.exe

C:\Windows\System\dDlAdxf.exe

C:\Windows\System\dDlAdxf.exe

C:\Windows\System\AYxxCuM.exe

C:\Windows\System\AYxxCuM.exe

C:\Windows\System\AUKtLhM.exe

C:\Windows\System\AUKtLhM.exe

C:\Windows\System\tWkIbVl.exe

C:\Windows\System\tWkIbVl.exe

C:\Windows\System\MhisBBg.exe

C:\Windows\System\MhisBBg.exe

C:\Windows\System\bUYVQXY.exe

C:\Windows\System\bUYVQXY.exe

C:\Windows\System\hAqABqV.exe

C:\Windows\System\hAqABqV.exe

C:\Windows\System\mXFUlGK.exe

C:\Windows\System\mXFUlGK.exe

C:\Windows\System\wqtXtvZ.exe

C:\Windows\System\wqtXtvZ.exe

C:\Windows\System\Ozgezwm.exe

C:\Windows\System\Ozgezwm.exe

C:\Windows\System\ZskklAV.exe

C:\Windows\System\ZskklAV.exe

C:\Windows\System\UvTLBKp.exe

C:\Windows\System\UvTLBKp.exe

C:\Windows\System\osQlHKl.exe

C:\Windows\System\osQlHKl.exe

C:\Windows\System\tdqoAsg.exe

C:\Windows\System\tdqoAsg.exe

C:\Windows\System\ZOImnTg.exe

C:\Windows\System\ZOImnTg.exe

C:\Windows\System\EluzfHT.exe

C:\Windows\System\EluzfHT.exe

C:\Windows\System\rFxOoSL.exe

C:\Windows\System\rFxOoSL.exe

C:\Windows\System\zbdLPzy.exe

C:\Windows\System\zbdLPzy.exe

C:\Windows\System\pXqHiFp.exe

C:\Windows\System\pXqHiFp.exe

C:\Windows\System\PNKuXFQ.exe

C:\Windows\System\PNKuXFQ.exe

C:\Windows\System\IXBXVDL.exe

C:\Windows\System\IXBXVDL.exe

C:\Windows\System\uApfWGZ.exe

C:\Windows\System\uApfWGZ.exe

C:\Windows\System\kxXqQzu.exe

C:\Windows\System\kxXqQzu.exe

C:\Windows\System\hCIvqeF.exe

C:\Windows\System\hCIvqeF.exe

C:\Windows\System\ydOGTWW.exe

C:\Windows\System\ydOGTWW.exe

C:\Windows\System\sbNlDqK.exe

C:\Windows\System\sbNlDqK.exe

C:\Windows\System\lXxeFzT.exe

C:\Windows\System\lXxeFzT.exe

C:\Windows\System\cipLkuu.exe

C:\Windows\System\cipLkuu.exe

C:\Windows\System\jKRTEsc.exe

C:\Windows\System\jKRTEsc.exe

C:\Windows\System\hGMhPhV.exe

C:\Windows\System\hGMhPhV.exe

C:\Windows\System\ZJiMDwW.exe

C:\Windows\System\ZJiMDwW.exe

C:\Windows\System\HgvjSbB.exe

C:\Windows\System\HgvjSbB.exe

C:\Windows\System\unUfhEh.exe

C:\Windows\System\unUfhEh.exe

C:\Windows\System\maCYAXm.exe

C:\Windows\System\maCYAXm.exe

C:\Windows\System\NxNEraV.exe

C:\Windows\System\NxNEraV.exe

C:\Windows\System\ojyYfFP.exe

C:\Windows\System\ojyYfFP.exe

C:\Windows\System\NrvMYes.exe

C:\Windows\System\NrvMYes.exe

C:\Windows\System\yxPkTPN.exe

C:\Windows\System\yxPkTPN.exe

C:\Windows\System\IxTDCNw.exe

C:\Windows\System\IxTDCNw.exe

C:\Windows\System\qzQyMnP.exe

C:\Windows\System\qzQyMnP.exe

C:\Windows\System\atWQBLJ.exe

C:\Windows\System\atWQBLJ.exe

C:\Windows\System\NWvXfEY.exe

C:\Windows\System\NWvXfEY.exe

C:\Windows\System\chgZkJi.exe

C:\Windows\System\chgZkJi.exe

C:\Windows\System\pgSRFaw.exe

C:\Windows\System\pgSRFaw.exe

C:\Windows\System\eICkgVT.exe

C:\Windows\System\eICkgVT.exe

C:\Windows\System\lKfKHre.exe

C:\Windows\System\lKfKHre.exe

C:\Windows\System\QxCCLqg.exe

C:\Windows\System\QxCCLqg.exe

C:\Windows\System\hLRWTAL.exe

C:\Windows\System\hLRWTAL.exe

C:\Windows\System\mdRGtHr.exe

C:\Windows\System\mdRGtHr.exe

C:\Windows\System\xeviQDZ.exe

C:\Windows\System\xeviQDZ.exe

C:\Windows\System\OZKOAEb.exe

C:\Windows\System\OZKOAEb.exe

C:\Windows\System\MpBDuvP.exe

C:\Windows\System\MpBDuvP.exe

C:\Windows\System\rnBeYLV.exe

C:\Windows\System\rnBeYLV.exe

C:\Windows\System\fxWPFoY.exe

C:\Windows\System\fxWPFoY.exe

C:\Windows\System\lFlkmjO.exe

C:\Windows\System\lFlkmjO.exe

C:\Windows\System\AGukJZX.exe

C:\Windows\System\AGukJZX.exe

C:\Windows\System\vzhvpfg.exe

C:\Windows\System\vzhvpfg.exe

C:\Windows\System\gTtJTTa.exe

C:\Windows\System\gTtJTTa.exe

C:\Windows\System\CjhoBAn.exe

C:\Windows\System\CjhoBAn.exe

C:\Windows\System\CdcXbZR.exe

C:\Windows\System\CdcXbZR.exe

C:\Windows\System\ONkzsmf.exe

C:\Windows\System\ONkzsmf.exe

C:\Windows\System\ZIFKZvA.exe

C:\Windows\System\ZIFKZvA.exe

C:\Windows\System\pPDkecp.exe

C:\Windows\System\pPDkecp.exe

C:\Windows\System\YGPotBe.exe

C:\Windows\System\YGPotBe.exe

C:\Windows\System\YtasbcP.exe

C:\Windows\System\YtasbcP.exe

C:\Windows\System\OwCtdoc.exe

C:\Windows\System\OwCtdoc.exe

C:\Windows\System\QntBFSf.exe

C:\Windows\System\QntBFSf.exe

C:\Windows\System\NafAoDZ.exe

C:\Windows\System\NafAoDZ.exe

C:\Windows\System\zyvpRdf.exe

C:\Windows\System\zyvpRdf.exe

C:\Windows\System\OYuOjoS.exe

C:\Windows\System\OYuOjoS.exe

C:\Windows\System\rkikfUx.exe

C:\Windows\System\rkikfUx.exe

C:\Windows\System\rDBXbDD.exe

C:\Windows\System\rDBXbDD.exe

C:\Windows\System\LczNxqh.exe

C:\Windows\System\LczNxqh.exe

C:\Windows\System\HkCzGlD.exe

C:\Windows\System\HkCzGlD.exe

C:\Windows\System\PnXCEBN.exe

C:\Windows\System\PnXCEBN.exe

C:\Windows\System\QbzuTOa.exe

C:\Windows\System\QbzuTOa.exe

C:\Windows\System\SGfZELd.exe

C:\Windows\System\SGfZELd.exe

C:\Windows\System\LrgRpFZ.exe

C:\Windows\System\LrgRpFZ.exe

C:\Windows\System\bdRgjKx.exe

C:\Windows\System\bdRgjKx.exe

C:\Windows\System\BNhvrus.exe

C:\Windows\System\BNhvrus.exe

C:\Windows\System\NHyHOLv.exe

C:\Windows\System\NHyHOLv.exe

C:\Windows\System\MBzZqOX.exe

C:\Windows\System\MBzZqOX.exe

C:\Windows\System\KXfkupn.exe

C:\Windows\System\KXfkupn.exe

C:\Windows\System\kbkdVMf.exe

C:\Windows\System\kbkdVMf.exe

C:\Windows\System\OuNtAXt.exe

C:\Windows\System\OuNtAXt.exe

C:\Windows\System\fkEwJxY.exe

C:\Windows\System\fkEwJxY.exe

C:\Windows\System\NdIvaRT.exe

C:\Windows\System\NdIvaRT.exe

C:\Windows\System\WLYygoI.exe

C:\Windows\System\WLYygoI.exe

C:\Windows\System\pwFmktg.exe

C:\Windows\System\pwFmktg.exe

C:\Windows\System\RAkZkoh.exe

C:\Windows\System\RAkZkoh.exe

C:\Windows\System\XNustep.exe

C:\Windows\System\XNustep.exe

C:\Windows\System\DLKcaGo.exe

C:\Windows\System\DLKcaGo.exe

C:\Windows\System\VyUqhyl.exe

C:\Windows\System\VyUqhyl.exe

C:\Windows\System\WVrcEyo.exe

C:\Windows\System\WVrcEyo.exe

C:\Windows\System\uBfrLmP.exe

C:\Windows\System\uBfrLmP.exe

C:\Windows\System\adxBNyJ.exe

C:\Windows\System\adxBNyJ.exe

C:\Windows\System\BTHZrxE.exe

C:\Windows\System\BTHZrxE.exe

C:\Windows\System\hZCfhxV.exe

C:\Windows\System\hZCfhxV.exe

C:\Windows\System\qIfIPXl.exe

C:\Windows\System\qIfIPXl.exe

C:\Windows\System\DkEHvaq.exe

C:\Windows\System\DkEHvaq.exe

C:\Windows\System\XqRywUF.exe

C:\Windows\System\XqRywUF.exe

C:\Windows\System\YHzvmPO.exe

C:\Windows\System\YHzvmPO.exe

C:\Windows\System\jEvXGYt.exe

C:\Windows\System\jEvXGYt.exe

C:\Windows\System\cdvJrVF.exe

C:\Windows\System\cdvJrVF.exe

C:\Windows\System\zvYusMe.exe

C:\Windows\System\zvYusMe.exe

C:\Windows\System\ggGJuCf.exe

C:\Windows\System\ggGJuCf.exe

C:\Windows\System\UZohukU.exe

C:\Windows\System\UZohukU.exe

C:\Windows\System\CNSiSjq.exe

C:\Windows\System\CNSiSjq.exe

C:\Windows\System\NpHoPND.exe

C:\Windows\System\NpHoPND.exe

C:\Windows\System\YQpJSJp.exe

C:\Windows\System\YQpJSJp.exe

C:\Windows\System\tTZbIxU.exe

C:\Windows\System\tTZbIxU.exe

C:\Windows\System\YQIoKJp.exe

C:\Windows\System\YQIoKJp.exe

C:\Windows\System\ARAZGDe.exe

C:\Windows\System\ARAZGDe.exe

C:\Windows\System\foUcUOe.exe

C:\Windows\System\foUcUOe.exe

C:\Windows\System\HVyadst.exe

C:\Windows\System\HVyadst.exe

C:\Windows\System\QBEMoEh.exe

C:\Windows\System\QBEMoEh.exe

C:\Windows\System\DUKHzJW.exe

C:\Windows\System\DUKHzJW.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2008-0-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2008-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\uTgVtxL.exe

MD5 8fd23f1eb941e4adc98a64b0973ae176
SHA1 79a6266995f53bef73e0df9c8323b9197217d13a
SHA256 e109975785191df67f94a175124c19fa3c736c84f64551b95f2f6449f003871b
SHA512 ba37ff042c1706aa2229d9c7f2b35e36cf51ec846983fd5c87e22cfc29341c5ca5abaeb461d903424fefbbbb1977c3dc0c64af4f0930151e2e1fd09200ec213f

\Windows\system\kZtSBAo.exe

MD5 bbebe73bedd4d130fbe68a5e3e11365c
SHA1 0b284c53578c7797cdc7aeafec89c18c474d9116
SHA256 b6491439dcb49795362c995eedd2ca67c9e47466a58c6f2f515cc8e962d08b2c
SHA512 5863e4cdc3b59376564d466425364977619791ebddafecf2b6d3f8cce61160016faab25eaaa3d1f0cc4e641240509d0e278dec2a8a05e3b3b316793dbe0730a3

\Windows\system\dTrpGIk.exe

MD5 dec0e32dd627be2caa54da27f6247c72
SHA1 1a4575078fc31fc878301b9c797192c83f1c070e
SHA256 db8248aa9303d1b8301f92d5fc8df2ce8e001c5902ca0508accc3d7d8e65066a
SHA512 efd6ebd764fb48f2ec3e91599c7966c569dacd622a212cdfe600d8ea3b14f176d89d692dd8a7a8c3945056f5ffb41ab5cad43071b6b23419b5e9ba43f252b03c

C:\Windows\system\qhPJgXR.exe

MD5 1ddd161726931e54b58d54e546bf28d0
SHA1 9cc0d22fac3d2a47d80e44ebbb4a0278f3c2abd1
SHA256 8a8d538408cf2924962c58d7dfc857028fb183f23577b1e2419652ec9a6fac53
SHA512 5959fa0af7714efd6998b47081dad643409b1adb3d5aa475ca35a34671890613f856a67921574c03d0bd484c037c4c4b8155e4feffa0f547b4c9d021327dd30a

C:\Windows\system\DbGYwCk.exe

MD5 7dbdbda1f0699b8f13e88bd5ea5eaab5
SHA1 e93d4c248f2d74f5aaf6d708271d6363b16035d3
SHA256 22e3f51445c0c188bbec1266dd7c2f344c4b10fb6f4bb83ce442122a5891bc22
SHA512 86acfc3d3925be18007f2b4ac7e4691bbaf2a2e0e6b12ab24526e6182f77b86f468394271cb6624ec660eb44284392b5e921e5c9a62c8e7a4205bff0969a8628

\Windows\system\HMqCjRV.exe

MD5 c4b12bb3e7a44ef52f30b6aed5e9f267
SHA1 f4b159796ec0b228ee5004c89ca1ad33923cd753
SHA256 4155dd94eb29af103274b5c33fbce2b5d1e84db1b4011b08ed567618f5cf6cc5
SHA512 90af9cc095868da9686c5437759c9a7f2bd3e371702283516a12ac37ce590a84810711ea6ac5c0af883e9f47fd4d23cfda4af840e656c1a7313736616e0425e7

C:\Windows\system\iLJQOrF.exe

MD5 1079070943e1b4df37a7adcb7294ddda
SHA1 6110bed57b51a2ee08e6dbcf56b85d119f0575ea
SHA256 44e4f01825484c64cc8b2861adb836bef1a875f883c675830dd23f851bb87b0b
SHA512 cb43d9746765f52afc1d10028df66a94561f81c00bd958a97e883e6a6f116574365837de740ead9d3338671533d2d404128da542dafb94ed1dfd20c64e0b9c56

C:\Windows\system\CbiaKLp.exe

MD5 24db81d7388c91c8ee586df88bd3d1b1
SHA1 012bd2a2c6f0e7b6aa45bb71eff210128efd03af
SHA256 53ec2e27604517af142e4a1105b0d8df5b00f4c7d4537214a1b43651f6ec825c
SHA512 082a37b079c38bf0146bf12d4dc302195fc022c1e49557c41fc0b6a6cd20a71e40148676577d032de30619a41160754184c511505b6ae3caa1dbe1b5ef2b7403

C:\Windows\system\MFmKhRR.exe

MD5 bb0e8b0e83ece1e41fa471e051601b80
SHA1 b8ffa24efd920b940a972c218d8320c5d785727e
SHA256 44b5629d40b7289104a748ba779b2815e8b641e9f918ec1a97f3b111b9199dc0
SHA512 06869bb06f453240cc2d050c69f670215a71c0003225103d73e5185a6af385a0f950acb49c0b6670099c1dd445671b172d520e2de54ceb9eceb01ff03586eab7

C:\Windows\system\XSnetkE.exe

MD5 908e244bc53924c6b52f5efef620151d
SHA1 a2a8cb7bb0b5eebf5fcf1d5e890c797ea1b222dc
SHA256 d9b0e5c57181de682f3bc53ebba9d11aeba29f1ad56076e4c37a200e0da135e6
SHA512 25791d64230ca4bcbbd93b8536147b9e4e4ce6db31d2027fcc2df6521601c4aa792c1e86f29157317c46deead5137a3464a76d1e962a1b273109e86fbc7dc829

C:\Windows\system\MTUnzeM.exe

MD5 1605c5278c65ef96f7235ebee12607e5
SHA1 b6ddb95520af7dc210824c725a3330756756ba55
SHA256 85594103e53d42b99bb1d62d4f20bbb5c3714aa1ddcfd993bef197c0312f2e22
SHA512 57f6f2e4926b0c3f5a0edbe11aca5dc294581f7ad907207f31b8f3b96ac31c347f0c545b608e1f3abef460d98835c084b9e2af9f03a9c5c7d56ec1570ded1e8f

memory/2008-951-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-992-0x00000000020E0000-0x0000000002434000-memory.dmp

C:\Windows\system\gepsGGc.exe

MD5 2ff6583c74c459208e0a00ae1d3ffda2
SHA1 e069cfdec7241f2c26965fffa804718e1b63ac90
SHA256 152695b71910341b9f03f5ee7cfc694a133e390f1df48ade8361a38a4abcc009
SHA512 b730d42ed03e33d692d3fa87334ce7d8341bb57da3427469e1955020572b28b35a78c98bef94550af6385fc8fc115fc7381200ee59eb2b3ee27e74c56edda755

C:\Windows\system\IBcmSCc.exe

MD5 a905b3b820a5f4dd9e06cc253720a67d
SHA1 8179b7a645cd1c839049d160c8a07b9bd59cd52d
SHA256 3ee45b0515f6ac86c27d0d3219c0d1d51cdeba9f9fca73b596b61fab75aed04f
SHA512 43bf46b97dea1f3225181aa4fd8329782a6743f490f5292501d31036bde411c3413417c88ba6e896293bd47bf74277d83749a356d8fa538bab6c4bf4815f5c7d

C:\Windows\system\QqKGORs.exe

MD5 6bd587d45af033220e1415a943540683
SHA1 7be9c80b8484adaaab0b649072da96433da49094
SHA256 4759655e112772aa9590db4bc33a71d80725020d9ec4cb2c68cf8975a92160bf
SHA512 b9151acd54aae16dad6b194a11b170b28303513198c6873888c4719605bd8df0099d1cddec16f8e7c22bf1a14ca3ffd37ba794d3067ecfb612cc08f7fc33a0ac

C:\Windows\system\hNqerRG.exe

MD5 bd5237681ddba646a17ba0589fb0b2bf
SHA1 376d9982288d3f83b9c8ec180e56cf989d98dac1
SHA256 0505b483f9e02319db88f1b490c9053be26b4ac6fbacb4c9a41456791bbebb13
SHA512 142db25050ca9f7cd9f73e597074b09699d0b8add10c849c3a29eca73e71efbadd18b45d9749bdf416063fdba880718ff90e60f060d9de881be2005ed7c2d2fb

C:\Windows\system\BOtOluc.exe

MD5 8cbcf7e198a8494bf503954058b8100c
SHA1 2569bde372a9d8371149864b3506510e72fe1478
SHA256 f84389cc19a36f8586081eec9cce9101dd798dcbef51834ea5925bae9ffc4caa
SHA512 1fad0109c2cbdfd268a8b8d1c80f46b1740a8ac2c01504b5d19dfeefaab5920ba89ec1c22e9e773f5a79e5c5fd80d1756cf53eb4c55c75271948ebe3ae52e74a

C:\Windows\system\rGAKhmy.exe

MD5 05c39cdcb389b051acc3e12432bbf40c
SHA1 4bff8c7b5400295906baec3693bb6c9298cb2ed9
SHA256 e26f341453290f64031d95ae25636fd732179796d0227aa178b052bfe6cbe7b8
SHA512 3d1524be3dc3a755bcf90600e0e677fb5cb3002b77a83d5de5762c35bf4627b22436258df52ee78e850e743b6fa666ba99179e15abf59a9b6b58e9c90d470d0e

C:\Windows\system\gsPfXRx.exe

MD5 074255e03f9ac2d5d9aaff3ed7da9cf3
SHA1 592189487591846d9d1be5eb6b32336bd01d0b5e
SHA256 5eed340d7ffc5b156ea15467f66aa778731974658ad31ae77f488fe71ea5a9d6
SHA512 b289a34544fa1b5a281a07970da9592db92fb7a91722a99b948289d8957de8ec88445363dd325e5fe17a8b21815b3abc6336d50d97f8ccb21d09b185ed7e2359

C:\Windows\system\tynbmHG.exe

MD5 f8724b8ea3b60dfa7e272bfa6b51ce2a
SHA1 cd06460eb1172c5ad43573760d9c205f0805d6a1
SHA256 86b308a5f74e68d63ed8ce0409163643097435aeb294d9f8f7a179202911681a
SHA512 7201145bb36dc91429b56e83885b2da51df1f03e067b1f6de7f7bbb96f1350d3e11c6f043953909a3602463b17921fd1f8f6c5fa042a6dd205d3e1b2d82c7e9d

C:\Windows\system\QrrSrsz.exe

MD5 ed8f46060667cfc2ac40ac7987a0f4c3
SHA1 2711ed2d5e9f800dd6822962e69266825fc1938e
SHA256 9aa5f0e6716ed6fe8fe02ff4afecb0c8c7172c625c893d35d2054531af33291e
SHA512 2615f9fc77aa49f73be5d3bcfcc6b48107a8a9cafa5f6b2f42541f93c59bd2071d7c64855b9014aef557529c07d040fd8d4b72842d45ffe13f20844ba4e23d81

C:\Windows\system\lowQMCm.exe

MD5 65bf308f6254a1a260bb9c354475ceda
SHA1 1013dd950402c1858e44a851088d2f813f757eec
SHA256 52246d2a381e6bbba0f83d9abd6d626bb621d3392d7fc62e9071f220fa4763b7
SHA512 30d7f06d0d9036c46aee39d68b1b348fbfe9d4a56c8445e8ac22e751be89f784bb90c032cc5782b7eecdc8c596644934f896920c1fe94ed592a9ec6b1a86ea9d

C:\Windows\system\TJXMPnz.exe

MD5 93c8347cf004d2a116e307155eec0f89
SHA1 dfef93e819c32a9b16100a8c0c470cbd8da1d13c
SHA256 7faa756fb8cd6a802d12d77ad9eb66d1811d2e8622f481a9f2e17e7c626cb767
SHA512 34d64bd0efe4564721fe38079b56bc96e2038f7a60327d4b4cff6978255a783ff67a969d9e5924d5989c7b48995878036f05588560a9ccf97d22e1acd6e301b5

C:\Windows\system\gJPagJW.exe

MD5 f9dc870023674df0c382e141824685b9
SHA1 9ef9b1e4b9fc59153f647825539d54e92612335e
SHA256 57df774ebc503a61cfaa6f12a50134699bba22b123cd030830f26a37c5bd63d6
SHA512 a4be5e1080e196b202f2d7bc61fed24435617e6cfd73f9f8fe28d1fd93123bac855dfb0a4edad9ae6a1272ae056c639561cd0356df94dc3cd5fdbc610846cb73

C:\Windows\system\bOJAyeF.exe

MD5 6d38780b179974b0ba34b6fa50f3cc9a
SHA1 1598047cd9f0837ddd92a1c8f9561923c4c387fd
SHA256 9aabdfa0de88bc5421d72e4f271cf83e0faf2a2a65f90d21a53a10c7a74e56d7
SHA512 385ef8252f5febaef114dcd0eee64b6b555853490fc453c0f39aa4506a7b022bfd93a43e7545137670867fef05cb78416f61e73b6e4efe22571792b3e7d12c3a

C:\Windows\system\QLNQNax.exe

MD5 48ffe485d3569bed872a7196b8f313ac
SHA1 b0deb1c4d8611b7390a653436f90fcb497971441
SHA256 63dd3614ebd1e66959f71292d261aa0727c38a278652d0461bb7d837f6b64db7
SHA512 53d053429c371a0d87c5e3f8e4b925312680b3999ee2017511f95679d56f2a4ba0ad5f4e9f61e68cb4d11a06b6566a7fb289d3293ee4eee8ff9bb4fdd1580ee3

C:\Windows\system\JrGjiFY.exe

MD5 e071040bf27bf42f0796af3ce556c87a
SHA1 227e30fba4fc128c010c76f23a87100aa2e1abbc
SHA256 024eeded088b211297e9e6b06752f3cb237785fee3e534809d45704e38806588
SHA512 bc57704cacf9c1247cb135b49d498523e0552f7c531624019e892c56aeb7389f9856cda2a11d7c0117eca27d28c009491ca1386e4af9f41bb63219250ed4672a

C:\Windows\system\sqgzFcj.exe

MD5 10d0b2edbf780d6bc7d1cc9d425cd16a
SHA1 041a1799d051f2c368a3ec1fde8f3e9decb60a57
SHA256 7cb43d9c3f4a41349fa9f48efbd72aeb646ae89624fc8fe34144e943ee9bdc16
SHA512 0eb8b5b30a3e5de53bf24e8fd556e0b0696bf92373f3dae67a7382592b6f63abb53618e3f96c6a443c7a0e67c08b61b44a923a82d53296714ac22feb756c3969

C:\Windows\system\HIAHxSU.exe

MD5 413d588e2e46fdacc0952e4b2f250972
SHA1 35aaf8bfc681f7d78f138ed89fce9183b9ec1a28
SHA256 92d3288d3847e3e2722fd64330b3700e52f760ef847c83ded7488283b97e5fc2
SHA512 edfaf21f95699a278e4a3859fadf3d2ff0f7a444a02edd5e5139df33d4c5b90bb2f111f1ea634b74b4357e311d6aea449738de58d3382e5dc4ce3e0ea8da0ea5

C:\Windows\system\hSnUqDo.exe

MD5 1497f56f840db5a09cb76a187a9521fe
SHA1 1d96dc60c697ed34f34cb6cb6186dd22d98c5d12
SHA256 219c54eada9005aced4928965c59810978f91d6c031c8b49d1966a938be7dc84
SHA512 5097b3b0a8b12291b4c4606b8b0dd280f63c2dc689c968a358c02f759879df8c314f826fc419dbfde4b367060ae576b525c5a06a884cf2557dfa3b7150c860e2

C:\Windows\system\HuNLcdJ.exe

MD5 38a0e9727fbdf462ac521008e9fee2c7
SHA1 1fc43eac44315dde65dd96bab89c2bd4dea06fe6
SHA256 63599e36ea42c0f8098df46f445d83c3685e34c3b97fd6f18c11215a80b81181
SHA512 86094b5cef86d35a06c2e84c0499604907521592ce8b0917ed84168496c738e26d09c2870fe678bd700c20aed29649558a8ecff7bcb8b083a77b20398eca7017

C:\Windows\system\VQqgWlW.exe

MD5 d2b88bd7cadc0eeb8a8159f6598b07f0
SHA1 52e0cdd7fa12b6999b3ecb827eefd2712b327bb6
SHA256 7adaba71c467943fc5703d05641a188f1d8c7d06935ba3625e1b81b86772e1c7
SHA512 049bf5f2765a071d98c501cdadfbedc0c72ed16bce9977b374071ba4dd8f483e1c334e00932065fa183a434072966f208d3334c877437d51c79a2a9ec5faee28

C:\Windows\system\NVKgYxn.exe

MD5 acaa1642930384010c97d897c5600890
SHA1 a491c1f18315c3f7e02e7364c13fb6c33ef25743
SHA256 cb02866453d14dfa1a978ffc9a3a592aa132aad35b3a05fc44dc725c576d00cf
SHA512 87b14a53fbcf1bf58aaf699c2aafe7e858f406d23ded7a17e153209cf825f321522f1e5f7b4fa59a98530c197b1fa757f3307fe8fdf671f7dcb20c6d5b917994

memory/2288-997-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2008-996-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2860-995-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2008-994-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2536-993-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2544-989-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2760-1012-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2948-1041-0x000000013F430000-0x000000013F784000-memory.dmp

memory/2008-1015-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/1900-1014-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2008-1013-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1011-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/1364-1010-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2008-1009-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2456-1008-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2008-1007-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2352-1006-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2008-1005-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/1652-1004-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2008-1003-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2472-1002-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2008-1001-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2432-1000-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2008-985-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2476-982-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2008-980-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-999-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1070-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2008-1071-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1072-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1073-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2008-1074-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1075-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2008-1076-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2008-1084-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1085-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2008-1083-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2008-1082-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1081-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1080-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2008-1079-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2008-1078-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2008-1077-0x00000000020E0000-0x0000000002434000-memory.dmp

memory/2476-1086-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2544-1087-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2536-1088-0x000000013F7B0000-0x000000013FB04000-memory.dmp

memory/2860-1089-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2288-1090-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2432-1091-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2472-1092-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2352-1094-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2456-1095-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/1364-1096-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/1900-1098-0x000000013F600000-0x000000013F954000-memory.dmp

memory/2760-1097-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/1652-1093-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2948-1099-0x000000013F430000-0x000000013F784000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 19:52

Reported

2024-06-28 19:54

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ywBALXE.exe N/A
N/A N/A C:\Windows\System\wInSEkd.exe N/A
N/A N/A C:\Windows\System\wElLpHy.exe N/A
N/A N/A C:\Windows\System\QhBcBHC.exe N/A
N/A N/A C:\Windows\System\tugkbqf.exe N/A
N/A N/A C:\Windows\System\FtlLKjw.exe N/A
N/A N/A C:\Windows\System\fBnIOTg.exe N/A
N/A N/A C:\Windows\System\abbyobz.exe N/A
N/A N/A C:\Windows\System\JfFiIvK.exe N/A
N/A N/A C:\Windows\System\BBFdzIQ.exe N/A
N/A N/A C:\Windows\System\lcgYsNP.exe N/A
N/A N/A C:\Windows\System\imFGCRn.exe N/A
N/A N/A C:\Windows\System\zzxTZiV.exe N/A
N/A N/A C:\Windows\System\lwMOoku.exe N/A
N/A N/A C:\Windows\System\HsyNQoZ.exe N/A
N/A N/A C:\Windows\System\kmqEGNI.exe N/A
N/A N/A C:\Windows\System\ScoJghd.exe N/A
N/A N/A C:\Windows\System\eFuhoik.exe N/A
N/A N/A C:\Windows\System\EqXYGGQ.exe N/A
N/A N/A C:\Windows\System\byUoeNO.exe N/A
N/A N/A C:\Windows\System\wiEnMFD.exe N/A
N/A N/A C:\Windows\System\NMCDEcx.exe N/A
N/A N/A C:\Windows\System\ScCcvti.exe N/A
N/A N/A C:\Windows\System\RsLtfem.exe N/A
N/A N/A C:\Windows\System\WeXahUt.exe N/A
N/A N/A C:\Windows\System\DGFcFHg.exe N/A
N/A N/A C:\Windows\System\mfVcBta.exe N/A
N/A N/A C:\Windows\System\MdDKrtO.exe N/A
N/A N/A C:\Windows\System\nqvPepS.exe N/A
N/A N/A C:\Windows\System\rzLrrZM.exe N/A
N/A N/A C:\Windows\System\gDPgGAU.exe N/A
N/A N/A C:\Windows\System\ZolZAyU.exe N/A
N/A N/A C:\Windows\System\lijZoAt.exe N/A
N/A N/A C:\Windows\System\alQoXLb.exe N/A
N/A N/A C:\Windows\System\LBPENmx.exe N/A
N/A N/A C:\Windows\System\zsPFVQg.exe N/A
N/A N/A C:\Windows\System\zcgpFBp.exe N/A
N/A N/A C:\Windows\System\ugSxHGz.exe N/A
N/A N/A C:\Windows\System\TRIqodB.exe N/A
N/A N/A C:\Windows\System\uegKGTz.exe N/A
N/A N/A C:\Windows\System\cNHcQdE.exe N/A
N/A N/A C:\Windows\System\PbSHMTl.exe N/A
N/A N/A C:\Windows\System\crNwiCs.exe N/A
N/A N/A C:\Windows\System\KCdJeNQ.exe N/A
N/A N/A C:\Windows\System\jgCcvEk.exe N/A
N/A N/A C:\Windows\System\CqgWliJ.exe N/A
N/A N/A C:\Windows\System\duQXsCh.exe N/A
N/A N/A C:\Windows\System\ipmYqdq.exe N/A
N/A N/A C:\Windows\System\xiILhXB.exe N/A
N/A N/A C:\Windows\System\bUtkPle.exe N/A
N/A N/A C:\Windows\System\wqtjpuN.exe N/A
N/A N/A C:\Windows\System\UFYuqtX.exe N/A
N/A N/A C:\Windows\System\Vjaufnx.exe N/A
N/A N/A C:\Windows\System\ibAxEZG.exe N/A
N/A N/A C:\Windows\System\TaIyuPS.exe N/A
N/A N/A C:\Windows\System\pwjdDLe.exe N/A
N/A N/A C:\Windows\System\bgFZXEI.exe N/A
N/A N/A C:\Windows\System\KKTvHfE.exe N/A
N/A N/A C:\Windows\System\LFTpLul.exe N/A
N/A N/A C:\Windows\System\fyTBpgE.exe N/A
N/A N/A C:\Windows\System\nCrVaUh.exe N/A
N/A N/A C:\Windows\System\ouRWjnZ.exe N/A
N/A N/A C:\Windows\System\qIuyqjy.exe N/A
N/A N/A C:\Windows\System\uOwzGnl.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\nHnhtfs.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmoSAVI.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZPZAfR.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmqEGNI.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFYuqtX.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDPHEhD.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbhFdNM.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\RsLtfem.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgPUJSL.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\yUbXbwP.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXOGycu.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\MfYcycc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrtOTag.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfXMTDG.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwVvzrl.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\cIWOFXD.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ScoJghd.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\CeTtnWm.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwxQKgL.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQTEdzF.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOhKRyZ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\SteXnMj.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaIyuPS.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\xngVPei.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\QUWJSsi.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\FASpvFN.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNtmJjW.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSWSKIa.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIWDauu.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lijZoAt.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\WCDUuqs.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNHcQdE.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\VeCtoTj.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\kLPtkcB.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYyzzea.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOOpklL.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcUZoKF.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwMOoku.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsPFVQg.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\ouRWjnZ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvIvoCA.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhokxlA.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMMjYXX.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhxyDgh.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZdqBDx.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVUXNfH.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\dhyOcSc.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFTpLul.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\TIrTsoU.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\wfCANMQ.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\srMunSH.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZlGmoF.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqeAAMk.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYTdgeL.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaYtpYj.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLdztVs.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBhGutO.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDPgGAU.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\YWtJMxU.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzcQYOA.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\yUtSIav.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\MxUCxls.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGVAqPw.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A
File created C:\Windows\System\MYLwYow.exe C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1716 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ywBALXE.exe
PID 1716 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ywBALXE.exe
PID 1716 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wInSEkd.exe
PID 1716 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wInSEkd.exe
PID 1716 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wElLpHy.exe
PID 1716 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wElLpHy.exe
PID 1716 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\QhBcBHC.exe
PID 1716 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\QhBcBHC.exe
PID 1716 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\tugkbqf.exe
PID 1716 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\tugkbqf.exe
PID 1716 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\FtlLKjw.exe
PID 1716 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\FtlLKjw.exe
PID 1716 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\fBnIOTg.exe
PID 1716 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\fBnIOTg.exe
PID 1716 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\abbyobz.exe
PID 1716 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\abbyobz.exe
PID 1716 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\JfFiIvK.exe
PID 1716 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\JfFiIvK.exe
PID 1716 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\BBFdzIQ.exe
PID 1716 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\BBFdzIQ.exe
PID 1716 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lcgYsNP.exe
PID 1716 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lcgYsNP.exe
PID 1716 wrote to memory of 4988 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\imFGCRn.exe
PID 1716 wrote to memory of 4988 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\imFGCRn.exe
PID 1716 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\zzxTZiV.exe
PID 1716 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\zzxTZiV.exe
PID 1716 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lwMOoku.exe
PID 1716 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\lwMOoku.exe
PID 1716 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HsyNQoZ.exe
PID 1716 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\HsyNQoZ.exe
PID 1716 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\kmqEGNI.exe
PID 1716 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\kmqEGNI.exe
PID 1716 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ScoJghd.exe
PID 1716 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ScoJghd.exe
PID 1716 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\eFuhoik.exe
PID 1716 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\eFuhoik.exe
PID 1716 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\EqXYGGQ.exe
PID 1716 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\EqXYGGQ.exe
PID 1716 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\byUoeNO.exe
PID 1716 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\byUoeNO.exe
PID 1716 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wiEnMFD.exe
PID 1716 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\wiEnMFD.exe
PID 1716 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\NMCDEcx.exe
PID 1716 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\NMCDEcx.exe
PID 1716 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ScCcvti.exe
PID 1716 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ScCcvti.exe
PID 1716 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\RsLtfem.exe
PID 1716 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\RsLtfem.exe
PID 1716 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\WeXahUt.exe
PID 1716 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\WeXahUt.exe
PID 1716 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\DGFcFHg.exe
PID 1716 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\DGFcFHg.exe
PID 1716 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\mfVcBta.exe
PID 1716 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\mfVcBta.exe
PID 1716 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\MdDKrtO.exe
PID 1716 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\MdDKrtO.exe
PID 1716 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\nqvPepS.exe
PID 1716 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\nqvPepS.exe
PID 1716 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\rzLrrZM.exe
PID 1716 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\rzLrrZM.exe
PID 1716 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\gDPgGAU.exe
PID 1716 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\gDPgGAU.exe
PID 1716 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ZolZAyU.exe
PID 1716 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe C:\Windows\System\ZolZAyU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a8b3e3ed3fe31d946fd09937c5218367245ff26aa524ea2bf9ea50dd58764c73_NeikiAnalytics.exe"

C:\Windows\System\ywBALXE.exe

C:\Windows\System\ywBALXE.exe

C:\Windows\System\wInSEkd.exe

C:\Windows\System\wInSEkd.exe

C:\Windows\System\wElLpHy.exe

C:\Windows\System\wElLpHy.exe

C:\Windows\System\QhBcBHC.exe

C:\Windows\System\QhBcBHC.exe

C:\Windows\System\tugkbqf.exe

C:\Windows\System\tugkbqf.exe

C:\Windows\System\FtlLKjw.exe

C:\Windows\System\FtlLKjw.exe

C:\Windows\System\fBnIOTg.exe

C:\Windows\System\fBnIOTg.exe

C:\Windows\System\abbyobz.exe

C:\Windows\System\abbyobz.exe

C:\Windows\System\JfFiIvK.exe

C:\Windows\System\JfFiIvK.exe

C:\Windows\System\BBFdzIQ.exe

C:\Windows\System\BBFdzIQ.exe

C:\Windows\System\lcgYsNP.exe

C:\Windows\System\lcgYsNP.exe

C:\Windows\System\imFGCRn.exe

C:\Windows\System\imFGCRn.exe

C:\Windows\System\zzxTZiV.exe

C:\Windows\System\zzxTZiV.exe

C:\Windows\System\lwMOoku.exe

C:\Windows\System\lwMOoku.exe

C:\Windows\System\HsyNQoZ.exe

C:\Windows\System\HsyNQoZ.exe

C:\Windows\System\kmqEGNI.exe

C:\Windows\System\kmqEGNI.exe

C:\Windows\System\ScoJghd.exe

C:\Windows\System\ScoJghd.exe

C:\Windows\System\eFuhoik.exe

C:\Windows\System\eFuhoik.exe

C:\Windows\System\EqXYGGQ.exe

C:\Windows\System\EqXYGGQ.exe

C:\Windows\System\byUoeNO.exe

C:\Windows\System\byUoeNO.exe

C:\Windows\System\wiEnMFD.exe

C:\Windows\System\wiEnMFD.exe

C:\Windows\System\NMCDEcx.exe

C:\Windows\System\NMCDEcx.exe

C:\Windows\System\ScCcvti.exe

C:\Windows\System\ScCcvti.exe

C:\Windows\System\RsLtfem.exe

C:\Windows\System\RsLtfem.exe

C:\Windows\System\WeXahUt.exe

C:\Windows\System\WeXahUt.exe

C:\Windows\System\DGFcFHg.exe

C:\Windows\System\DGFcFHg.exe

C:\Windows\System\mfVcBta.exe

C:\Windows\System\mfVcBta.exe

C:\Windows\System\MdDKrtO.exe

C:\Windows\System\MdDKrtO.exe

C:\Windows\System\nqvPepS.exe

C:\Windows\System\nqvPepS.exe

C:\Windows\System\rzLrrZM.exe

C:\Windows\System\rzLrrZM.exe

C:\Windows\System\gDPgGAU.exe

C:\Windows\System\gDPgGAU.exe

C:\Windows\System\ZolZAyU.exe

C:\Windows\System\ZolZAyU.exe

C:\Windows\System\lijZoAt.exe

C:\Windows\System\lijZoAt.exe

C:\Windows\System\alQoXLb.exe

C:\Windows\System\alQoXLb.exe

C:\Windows\System\LBPENmx.exe

C:\Windows\System\LBPENmx.exe

C:\Windows\System\zsPFVQg.exe

C:\Windows\System\zsPFVQg.exe

C:\Windows\System\zcgpFBp.exe

C:\Windows\System\zcgpFBp.exe

C:\Windows\System\ugSxHGz.exe

C:\Windows\System\ugSxHGz.exe

C:\Windows\System\TRIqodB.exe

C:\Windows\System\TRIqodB.exe

C:\Windows\System\uegKGTz.exe

C:\Windows\System\uegKGTz.exe

C:\Windows\System\cNHcQdE.exe

C:\Windows\System\cNHcQdE.exe

C:\Windows\System\PbSHMTl.exe

C:\Windows\System\PbSHMTl.exe

C:\Windows\System\crNwiCs.exe

C:\Windows\System\crNwiCs.exe

C:\Windows\System\KCdJeNQ.exe

C:\Windows\System\KCdJeNQ.exe

C:\Windows\System\jgCcvEk.exe

C:\Windows\System\jgCcvEk.exe

C:\Windows\System\CqgWliJ.exe

C:\Windows\System\CqgWliJ.exe

C:\Windows\System\duQXsCh.exe

C:\Windows\System\duQXsCh.exe

C:\Windows\System\ipmYqdq.exe

C:\Windows\System\ipmYqdq.exe

C:\Windows\System\xiILhXB.exe

C:\Windows\System\xiILhXB.exe

C:\Windows\System\bUtkPle.exe

C:\Windows\System\bUtkPle.exe

C:\Windows\System\wqtjpuN.exe

C:\Windows\System\wqtjpuN.exe

C:\Windows\System\UFYuqtX.exe

C:\Windows\System\UFYuqtX.exe

C:\Windows\System\Vjaufnx.exe

C:\Windows\System\Vjaufnx.exe

C:\Windows\System\ibAxEZG.exe

C:\Windows\System\ibAxEZG.exe

C:\Windows\System\TaIyuPS.exe

C:\Windows\System\TaIyuPS.exe

C:\Windows\System\pwjdDLe.exe

C:\Windows\System\pwjdDLe.exe

C:\Windows\System\bgFZXEI.exe

C:\Windows\System\bgFZXEI.exe

C:\Windows\System\KKTvHfE.exe

C:\Windows\System\KKTvHfE.exe

C:\Windows\System\LFTpLul.exe

C:\Windows\System\LFTpLul.exe

C:\Windows\System\fyTBpgE.exe

C:\Windows\System\fyTBpgE.exe

C:\Windows\System\nCrVaUh.exe

C:\Windows\System\nCrVaUh.exe

C:\Windows\System\ouRWjnZ.exe

C:\Windows\System\ouRWjnZ.exe

C:\Windows\System\qIuyqjy.exe

C:\Windows\System\qIuyqjy.exe

C:\Windows\System\uOwzGnl.exe

C:\Windows\System\uOwzGnl.exe

C:\Windows\System\ddmUFpI.exe

C:\Windows\System\ddmUFpI.exe

C:\Windows\System\gqHMGzt.exe

C:\Windows\System\gqHMGzt.exe

C:\Windows\System\KazPuet.exe

C:\Windows\System\KazPuet.exe

C:\Windows\System\kzcQYOA.exe

C:\Windows\System\kzcQYOA.exe

C:\Windows\System\UWCHHmL.exe

C:\Windows\System\UWCHHmL.exe

C:\Windows\System\ZoPokSs.exe

C:\Windows\System\ZoPokSs.exe

C:\Windows\System\YMKRlvP.exe

C:\Windows\System\YMKRlvP.exe

C:\Windows\System\pTxFPXl.exe

C:\Windows\System\pTxFPXl.exe

C:\Windows\System\dZKdusA.exe

C:\Windows\System\dZKdusA.exe

C:\Windows\System\lDOHVZQ.exe

C:\Windows\System\lDOHVZQ.exe

C:\Windows\System\mXHBcnJ.exe

C:\Windows\System\mXHBcnJ.exe

C:\Windows\System\CacEhRG.exe

C:\Windows\System\CacEhRG.exe

C:\Windows\System\sjVHLkz.exe

C:\Windows\System\sjVHLkz.exe

C:\Windows\System\JoUdqNr.exe

C:\Windows\System\JoUdqNr.exe

C:\Windows\System\renlyGw.exe

C:\Windows\System\renlyGw.exe

C:\Windows\System\VpLTyPS.exe

C:\Windows\System\VpLTyPS.exe

C:\Windows\System\cexLrYQ.exe

C:\Windows\System\cexLrYQ.exe

C:\Windows\System\uyhexoq.exe

C:\Windows\System\uyhexoq.exe

C:\Windows\System\lQOVshL.exe

C:\Windows\System\lQOVshL.exe

C:\Windows\System\sqeAAMk.exe

C:\Windows\System\sqeAAMk.exe

C:\Windows\System\WCDUuqs.exe

C:\Windows\System\WCDUuqs.exe

C:\Windows\System\fwImTlo.exe

C:\Windows\System\fwImTlo.exe

C:\Windows\System\HxDNxbi.exe

C:\Windows\System\HxDNxbi.exe

C:\Windows\System\ZONrFVu.exe

C:\Windows\System\ZONrFVu.exe

C:\Windows\System\VeCtoTj.exe

C:\Windows\System\VeCtoTj.exe

C:\Windows\System\QXOGycu.exe

C:\Windows\System\QXOGycu.exe

C:\Windows\System\NBAJZiK.exe

C:\Windows\System\NBAJZiK.exe

C:\Windows\System\kQjrEoN.exe

C:\Windows\System\kQjrEoN.exe

C:\Windows\System\xgruPhd.exe

C:\Windows\System\xgruPhd.exe

C:\Windows\System\aUhhKNc.exe

C:\Windows\System\aUhhKNc.exe

C:\Windows\System\ualWlPi.exe

C:\Windows\System\ualWlPi.exe

C:\Windows\System\eAgOatm.exe

C:\Windows\System\eAgOatm.exe

C:\Windows\System\WcrEyGS.exe

C:\Windows\System\WcrEyGS.exe

C:\Windows\System\BxEaShJ.exe

C:\Windows\System\BxEaShJ.exe

C:\Windows\System\kAhXiPW.exe

C:\Windows\System\kAhXiPW.exe

C:\Windows\System\CKZcIRl.exe

C:\Windows\System\CKZcIRl.exe

C:\Windows\System\LngOXqh.exe

C:\Windows\System\LngOXqh.exe

C:\Windows\System\wgPUJSL.exe

C:\Windows\System\wgPUJSL.exe

C:\Windows\System\dvEllkn.exe

C:\Windows\System\dvEllkn.exe

C:\Windows\System\FwPtBiq.exe

C:\Windows\System\FwPtBiq.exe

C:\Windows\System\YWtJMxU.exe

C:\Windows\System\YWtJMxU.exe

C:\Windows\System\EgByQhf.exe

C:\Windows\System\EgByQhf.exe

C:\Windows\System\LOKLolh.exe

C:\Windows\System\LOKLolh.exe

C:\Windows\System\vFRHnJA.exe

C:\Windows\System\vFRHnJA.exe

C:\Windows\System\AKrvBJa.exe

C:\Windows\System\AKrvBJa.exe

C:\Windows\System\yUtSIav.exe

C:\Windows\System\yUtSIav.exe

C:\Windows\System\MxUCxls.exe

C:\Windows\System\MxUCxls.exe

C:\Windows\System\hPuYkPg.exe

C:\Windows\System\hPuYkPg.exe

C:\Windows\System\dZUErvo.exe

C:\Windows\System\dZUErvo.exe

C:\Windows\System\vagkoBR.exe

C:\Windows\System\vagkoBR.exe

C:\Windows\System\zhgforF.exe

C:\Windows\System\zhgforF.exe

C:\Windows\System\LidtABe.exe

C:\Windows\System\LidtABe.exe

C:\Windows\System\kLPtkcB.exe

C:\Windows\System\kLPtkcB.exe

C:\Windows\System\nwVvzrl.exe

C:\Windows\System\nwVvzrl.exe

C:\Windows\System\AZmQYxg.exe

C:\Windows\System\AZmQYxg.exe

C:\Windows\System\JYIaiIy.exe

C:\Windows\System\JYIaiIy.exe

C:\Windows\System\THxpgHA.exe

C:\Windows\System\THxpgHA.exe

C:\Windows\System\RKCSHEw.exe

C:\Windows\System\RKCSHEw.exe

C:\Windows\System\MfYcycc.exe

C:\Windows\System\MfYcycc.exe

C:\Windows\System\bvIvoCA.exe

C:\Windows\System\bvIvoCA.exe

C:\Windows\System\QZvXsGl.exe

C:\Windows\System\QZvXsGl.exe

C:\Windows\System\LOMFoWc.exe

C:\Windows\System\LOMFoWc.exe

C:\Windows\System\TIrTsoU.exe

C:\Windows\System\TIrTsoU.exe

C:\Windows\System\IiJpTqj.exe

C:\Windows\System\IiJpTqj.exe

C:\Windows\System\BDlVaRZ.exe

C:\Windows\System\BDlVaRZ.exe

C:\Windows\System\nHnhtfs.exe

C:\Windows\System\nHnhtfs.exe

C:\Windows\System\SrmypmX.exe

C:\Windows\System\SrmypmX.exe

C:\Windows\System\JhxyDgh.exe

C:\Windows\System\JhxyDgh.exe

C:\Windows\System\RtbuUuy.exe

C:\Windows\System\RtbuUuy.exe

C:\Windows\System\RwWeKfh.exe

C:\Windows\System\RwWeKfh.exe

C:\Windows\System\GYTdgeL.exe

C:\Windows\System\GYTdgeL.exe

C:\Windows\System\bSEokcd.exe

C:\Windows\System\bSEokcd.exe

C:\Windows\System\GYJXfXm.exe

C:\Windows\System\GYJXfXm.exe

C:\Windows\System\AYrZPrR.exe

C:\Windows\System\AYrZPrR.exe

C:\Windows\System\KdeGams.exe

C:\Windows\System\KdeGams.exe

C:\Windows\System\IDljLoo.exe

C:\Windows\System\IDljLoo.exe

C:\Windows\System\cdvyVHK.exe

C:\Windows\System\cdvyVHK.exe

C:\Windows\System\ZQXGelj.exe

C:\Windows\System\ZQXGelj.exe

C:\Windows\System\MZyCeTT.exe

C:\Windows\System\MZyCeTT.exe

C:\Windows\System\xngVPei.exe

C:\Windows\System\xngVPei.exe

C:\Windows\System\qhBXoZU.exe

C:\Windows\System\qhBXoZU.exe

C:\Windows\System\qYYrsST.exe

C:\Windows\System\qYYrsST.exe

C:\Windows\System\gcSpgtw.exe

C:\Windows\System\gcSpgtw.exe

C:\Windows\System\hYmCNyr.exe

C:\Windows\System\hYmCNyr.exe

C:\Windows\System\bNudlkv.exe

C:\Windows\System\bNudlkv.exe

C:\Windows\System\CVUXNfH.exe

C:\Windows\System\CVUXNfH.exe

C:\Windows\System\UzuwBNK.exe

C:\Windows\System\UzuwBNK.exe

C:\Windows\System\wfCANMQ.exe

C:\Windows\System\wfCANMQ.exe

C:\Windows\System\FASpvFN.exe

C:\Windows\System\FASpvFN.exe

C:\Windows\System\RyQMJNW.exe

C:\Windows\System\RyQMJNW.exe

C:\Windows\System\nCbKqss.exe

C:\Windows\System\nCbKqss.exe

C:\Windows\System\djyJMaP.exe

C:\Windows\System\djyJMaP.exe

C:\Windows\System\FMXctXu.exe

C:\Windows\System\FMXctXu.exe

C:\Windows\System\tHNKJno.exe

C:\Windows\System\tHNKJno.exe

C:\Windows\System\hXkuOdk.exe

C:\Windows\System\hXkuOdk.exe

C:\Windows\System\FjjiFIj.exe

C:\Windows\System\FjjiFIj.exe

C:\Windows\System\FWOMygO.exe

C:\Windows\System\FWOMygO.exe

C:\Windows\System\QXgbmbQ.exe

C:\Windows\System\QXgbmbQ.exe

C:\Windows\System\IeAndNl.exe

C:\Windows\System\IeAndNl.exe

C:\Windows\System\KwxQKgL.exe

C:\Windows\System\KwxQKgL.exe

C:\Windows\System\iZLGWjG.exe

C:\Windows\System\iZLGWjG.exe

C:\Windows\System\LoWpSgk.exe

C:\Windows\System\LoWpSgk.exe

C:\Windows\System\khmJRjZ.exe

C:\Windows\System\khmJRjZ.exe

C:\Windows\System\DodrySL.exe

C:\Windows\System\DodrySL.exe

C:\Windows\System\KQtjmoE.exe

C:\Windows\System\KQtjmoE.exe

C:\Windows\System\dUkeVTM.exe

C:\Windows\System\dUkeVTM.exe

C:\Windows\System\xbLCMwT.exe

C:\Windows\System\xbLCMwT.exe

C:\Windows\System\RIbTCbd.exe

C:\Windows\System\RIbTCbd.exe

C:\Windows\System\TdUiQST.exe

C:\Windows\System\TdUiQST.exe

C:\Windows\System\HudMuVm.exe

C:\Windows\System\HudMuVm.exe

C:\Windows\System\cIWOFXD.exe

C:\Windows\System\cIWOFXD.exe

C:\Windows\System\SRJAwmT.exe

C:\Windows\System\SRJAwmT.exe

C:\Windows\System\SArmsiQ.exe

C:\Windows\System\SArmsiQ.exe

C:\Windows\System\CeTtnWm.exe

C:\Windows\System\CeTtnWm.exe

C:\Windows\System\SDPHEhD.exe

C:\Windows\System\SDPHEhD.exe

C:\Windows\System\LrkSRQU.exe

C:\Windows\System\LrkSRQU.exe

C:\Windows\System\vVwLxWP.exe

C:\Windows\System\vVwLxWP.exe

C:\Windows\System\UZdqBDx.exe

C:\Windows\System\UZdqBDx.exe

C:\Windows\System\aSibyuG.exe

C:\Windows\System\aSibyuG.exe

C:\Windows\System\vKeoOVx.exe

C:\Windows\System\vKeoOVx.exe

C:\Windows\System\wPaqVoY.exe

C:\Windows\System\wPaqVoY.exe

C:\Windows\System\TNymEqL.exe

C:\Windows\System\TNymEqL.exe

C:\Windows\System\TOtTuGG.exe

C:\Windows\System\TOtTuGG.exe

C:\Windows\System\oQcihDN.exe

C:\Windows\System\oQcihDN.exe

C:\Windows\System\kWzJqWP.exe

C:\Windows\System\kWzJqWP.exe

C:\Windows\System\krdSwkC.exe

C:\Windows\System\krdSwkC.exe

C:\Windows\System\BNtmJjW.exe

C:\Windows\System\BNtmJjW.exe

C:\Windows\System\RsKnZiX.exe

C:\Windows\System\RsKnZiX.exe

C:\Windows\System\StqIeXK.exe

C:\Windows\System\StqIeXK.exe

C:\Windows\System\lvbKZEN.exe

C:\Windows\System\lvbKZEN.exe

C:\Windows\System\aGUNIeT.exe

C:\Windows\System\aGUNIeT.exe

C:\Windows\System\fvlRJtX.exe

C:\Windows\System\fvlRJtX.exe

C:\Windows\System\mOYkNDn.exe

C:\Windows\System\mOYkNDn.exe

C:\Windows\System\DAAySDR.exe

C:\Windows\System\DAAySDR.exe

C:\Windows\System\NtPqhTX.exe

C:\Windows\System\NtPqhTX.exe

C:\Windows\System\ssqeRWg.exe

C:\Windows\System\ssqeRWg.exe

C:\Windows\System\wYKNfhZ.exe

C:\Windows\System\wYKNfhZ.exe

C:\Windows\System\OrtOTag.exe

C:\Windows\System\OrtOTag.exe

C:\Windows\System\aZhTsqW.exe

C:\Windows\System\aZhTsqW.exe

C:\Windows\System\WAgAEii.exe

C:\Windows\System\WAgAEii.exe

C:\Windows\System\zmopBOU.exe

C:\Windows\System\zmopBOU.exe

C:\Windows\System\nJIhSTs.exe

C:\Windows\System\nJIhSTs.exe

C:\Windows\System\eJbFqOD.exe

C:\Windows\System\eJbFqOD.exe

C:\Windows\System\sIdWZRt.exe

C:\Windows\System\sIdWZRt.exe

C:\Windows\System\OBTEVZs.exe

C:\Windows\System\OBTEVZs.exe

C:\Windows\System\YWrbDZF.exe

C:\Windows\System\YWrbDZF.exe

C:\Windows\System\SbhFdNM.exe

C:\Windows\System\SbhFdNM.exe

C:\Windows\System\Dpnqmyy.exe

C:\Windows\System\Dpnqmyy.exe

C:\Windows\System\knxJNnk.exe

C:\Windows\System\knxJNnk.exe

C:\Windows\System\uDrxWVe.exe

C:\Windows\System\uDrxWVe.exe

C:\Windows\System\bFqcQBW.exe

C:\Windows\System\bFqcQBW.exe

C:\Windows\System\iaYtpYj.exe

C:\Windows\System\iaYtpYj.exe

C:\Windows\System\HBtjxOz.exe

C:\Windows\System\HBtjxOz.exe

C:\Windows\System\lYlVpXY.exe

C:\Windows\System\lYlVpXY.exe

C:\Windows\System\oBebdnU.exe

C:\Windows\System\oBebdnU.exe

C:\Windows\System\DSyKTaZ.exe

C:\Windows\System\DSyKTaZ.exe

C:\Windows\System\RTsmYwm.exe

C:\Windows\System\RTsmYwm.exe

C:\Windows\System\GOkouYB.exe

C:\Windows\System\GOkouYB.exe

C:\Windows\System\eYyzzea.exe

C:\Windows\System\eYyzzea.exe

C:\Windows\System\QUWJSsi.exe

C:\Windows\System\QUWJSsi.exe

C:\Windows\System\NNaeufX.exe

C:\Windows\System\NNaeufX.exe

C:\Windows\System\NwowinK.exe

C:\Windows\System\NwowinK.exe

C:\Windows\System\LDKVlQF.exe

C:\Windows\System\LDKVlQF.exe

C:\Windows\System\GrkbjGB.exe

C:\Windows\System\GrkbjGB.exe

C:\Windows\System\sSWSKIa.exe

C:\Windows\System\sSWSKIa.exe

C:\Windows\System\PtzLeKw.exe

C:\Windows\System\PtzLeKw.exe

C:\Windows\System\sYmfIjT.exe

C:\Windows\System\sYmfIjT.exe

C:\Windows\System\jHnBQKD.exe

C:\Windows\System\jHnBQKD.exe

C:\Windows\System\BmoSAVI.exe

C:\Windows\System\BmoSAVI.exe

C:\Windows\System\UHIlLja.exe

C:\Windows\System\UHIlLja.exe

C:\Windows\System\CbgFREM.exe

C:\Windows\System\CbgFREM.exe

C:\Windows\System\sYLtFIV.exe

C:\Windows\System\sYLtFIV.exe

C:\Windows\System\igVJMgq.exe

C:\Windows\System\igVJMgq.exe

C:\Windows\System\tFTwXLJ.exe

C:\Windows\System\tFTwXLJ.exe

C:\Windows\System\sMmwlnG.exe

C:\Windows\System\sMmwlnG.exe

C:\Windows\System\mhokxlA.exe

C:\Windows\System\mhokxlA.exe

C:\Windows\System\lkEGIMk.exe

C:\Windows\System\lkEGIMk.exe

C:\Windows\System\ElyEfzu.exe

C:\Windows\System\ElyEfzu.exe

C:\Windows\System\wzrTZwD.exe

C:\Windows\System\wzrTZwD.exe

C:\Windows\System\kuRxUGr.exe

C:\Windows\System\kuRxUGr.exe

C:\Windows\System\BOOpklL.exe

C:\Windows\System\BOOpklL.exe

C:\Windows\System\LPKjORM.exe

C:\Windows\System\LPKjORM.exe

C:\Windows\System\Rzbgrak.exe

C:\Windows\System\Rzbgrak.exe

C:\Windows\System\JfXMTDG.exe

C:\Windows\System\JfXMTDG.exe

C:\Windows\System\WHKtMsI.exe

C:\Windows\System\WHKtMsI.exe

C:\Windows\System\JHZFvcc.exe

C:\Windows\System\JHZFvcc.exe

C:\Windows\System\qVCWbmV.exe

C:\Windows\System\qVCWbmV.exe

C:\Windows\System\jOtHizF.exe

C:\Windows\System\jOtHizF.exe

C:\Windows\System\QSsbFez.exe

C:\Windows\System\QSsbFez.exe

C:\Windows\System\lMVBPMx.exe

C:\Windows\System\lMVBPMx.exe

C:\Windows\System\wOeqRZd.exe

C:\Windows\System\wOeqRZd.exe

C:\Windows\System\JZPZAfR.exe

C:\Windows\System\JZPZAfR.exe

C:\Windows\System\FUpIZsD.exe

C:\Windows\System\FUpIZsD.exe

C:\Windows\System\qenfaGo.exe

C:\Windows\System\qenfaGo.exe

C:\Windows\System\pQTEdzF.exe

C:\Windows\System\pQTEdzF.exe

C:\Windows\System\zviuJQx.exe

C:\Windows\System\zviuJQx.exe

C:\Windows\System\FFiqMtF.exe

C:\Windows\System\FFiqMtF.exe

C:\Windows\System\yCMrqpx.exe

C:\Windows\System\yCMrqpx.exe

C:\Windows\System\aCgIKvA.exe

C:\Windows\System\aCgIKvA.exe

C:\Windows\System\sQJnzcw.exe

C:\Windows\System\sQJnzcw.exe

C:\Windows\System\vMuOKqL.exe

C:\Windows\System\vMuOKqL.exe

C:\Windows\System\zJebHZC.exe

C:\Windows\System\zJebHZC.exe

C:\Windows\System\AAgrvGy.exe

C:\Windows\System\AAgrvGy.exe

C:\Windows\System\SOhKRyZ.exe

C:\Windows\System\SOhKRyZ.exe

C:\Windows\System\JKBzSzA.exe

C:\Windows\System\JKBzSzA.exe

C:\Windows\System\pfbZFIM.exe

C:\Windows\System\pfbZFIM.exe

C:\Windows\System\OlXmNrW.exe

C:\Windows\System\OlXmNrW.exe

C:\Windows\System\OvOQIAt.exe

C:\Windows\System\OvOQIAt.exe

C:\Windows\System\PZbPxEw.exe

C:\Windows\System\PZbPxEw.exe

C:\Windows\System\CGquENN.exe

C:\Windows\System\CGquENN.exe

C:\Windows\System\cVJBWGt.exe

C:\Windows\System\cVJBWGt.exe

C:\Windows\System\nMknhBJ.exe

C:\Windows\System\nMknhBJ.exe

C:\Windows\System\PLthqCI.exe

C:\Windows\System\PLthqCI.exe

C:\Windows\System\fhDkTtS.exe

C:\Windows\System\fhDkTtS.exe

C:\Windows\System\utxqHgm.exe

C:\Windows\System\utxqHgm.exe

C:\Windows\System\fkZKXsK.exe

C:\Windows\System\fkZKXsK.exe

C:\Windows\System\BIWDauu.exe

C:\Windows\System\BIWDauu.exe

C:\Windows\System\UdLGexs.exe

C:\Windows\System\UdLGexs.exe

C:\Windows\System\Mmqjxib.exe

C:\Windows\System\Mmqjxib.exe

C:\Windows\System\mLdztVs.exe

C:\Windows\System\mLdztVs.exe

C:\Windows\System\AMMjYXX.exe

C:\Windows\System\AMMjYXX.exe

C:\Windows\System\spxLTYe.exe

C:\Windows\System\spxLTYe.exe

C:\Windows\System\rxKWvBR.exe

C:\Windows\System\rxKWvBR.exe

C:\Windows\System\GgGdLtj.exe

C:\Windows\System\GgGdLtj.exe

C:\Windows\System\mcUZoKF.exe

C:\Windows\System\mcUZoKF.exe

C:\Windows\System\CYUcIii.exe

C:\Windows\System\CYUcIii.exe

C:\Windows\System\uGVAqPw.exe

C:\Windows\System\uGVAqPw.exe

C:\Windows\System\srMunSH.exe

C:\Windows\System\srMunSH.exe

C:\Windows\System\dhyOcSc.exe

C:\Windows\System\dhyOcSc.exe

C:\Windows\System\ZuCkeVl.exe

C:\Windows\System\ZuCkeVl.exe

C:\Windows\System\dPMaTnl.exe

C:\Windows\System\dPMaTnl.exe

C:\Windows\System\TUSinSI.exe

C:\Windows\System\TUSinSI.exe

C:\Windows\System\pAoUZNR.exe

C:\Windows\System\pAoUZNR.exe

C:\Windows\System\HsLETev.exe

C:\Windows\System\HsLETev.exe

C:\Windows\System\SteXnMj.exe

C:\Windows\System\SteXnMj.exe

C:\Windows\System\tgpkjcq.exe

C:\Windows\System\tgpkjcq.exe

C:\Windows\System\sFXkSyD.exe

C:\Windows\System\sFXkSyD.exe

C:\Windows\System\wBDhsLj.exe

C:\Windows\System\wBDhsLj.exe

C:\Windows\System\KFRXnGy.exe

C:\Windows\System\KFRXnGy.exe

C:\Windows\System\aAPnbBQ.exe

C:\Windows\System\aAPnbBQ.exe

C:\Windows\System\MYLwYow.exe

C:\Windows\System\MYLwYow.exe

C:\Windows\System\meWwcZI.exe

C:\Windows\System\meWwcZI.exe

C:\Windows\System\CafWcju.exe

C:\Windows\System\CafWcju.exe

C:\Windows\System\qYsRMiO.exe

C:\Windows\System\qYsRMiO.exe

C:\Windows\System\ySPLLUO.exe

C:\Windows\System\ySPLLUO.exe

C:\Windows\System\iKilWLI.exe

C:\Windows\System\iKilWLI.exe

C:\Windows\System\yUbXbwP.exe

C:\Windows\System\yUbXbwP.exe

C:\Windows\System\SyhdBWd.exe

C:\Windows\System\SyhdBWd.exe

C:\Windows\System\ZwAinLo.exe

C:\Windows\System\ZwAinLo.exe

C:\Windows\System\hWpPubH.exe

C:\Windows\System\hWpPubH.exe

C:\Windows\System\MmEYqdK.exe

C:\Windows\System\MmEYqdK.exe

C:\Windows\System\bBhGutO.exe

C:\Windows\System\bBhGutO.exe

C:\Windows\System\zpkUafq.exe

C:\Windows\System\zpkUafq.exe

C:\Windows\System\sybqRrw.exe

C:\Windows\System\sybqRrw.exe

C:\Windows\System\cQJMQSv.exe

C:\Windows\System\cQJMQSv.exe

C:\Windows\System\BUpukgZ.exe

C:\Windows\System\BUpukgZ.exe

C:\Windows\System\oALHDco.exe

C:\Windows\System\oALHDco.exe

C:\Windows\System\KHzzlwV.exe

C:\Windows\System\KHzzlwV.exe

C:\Windows\System\DZlGmoF.exe

C:\Windows\System\DZlGmoF.exe

C:\Windows\System\bTOUJOX.exe

C:\Windows\System\bTOUJOX.exe

C:\Windows\System\YvrXska.exe

C:\Windows\System\YvrXska.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 52.111.229.43:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1716-0-0x00007FF6C2770000-0x00007FF6C2AC4000-memory.dmp

memory/1716-1-0x0000029902F00000-0x0000029902F10000-memory.dmp

C:\Windows\System\ywBALXE.exe

MD5 542ab8f76570766a2489ae7ae708e28a
SHA1 82937790d9e53375a4520065e9298105003b3439
SHA256 386c70ef9ec886c94ec6b8393547c23f63be9c0d3bbaaf7686457d61e1b6133d
SHA512 76f6a19db3d880566f2bfcd9095fe70f395a3d6b767ee967f076e3a7c78026f654c823e9bcb87fb468946558ece3fb8d2e756fa960d84cea552d7bcf83f70c01

C:\Windows\System\wElLpHy.exe

MD5 a6912cde9a1e751ae1b409752e12ec66
SHA1 98d1f1ad6af24229ae749e9db55c0639c6a0cc47
SHA256 f7d87e2166d9b2e24f5c41c8d229b04ea271045726c77c06543c29510160f699
SHA512 ec93672cfe60a8d221e76a5fe18b94ae3872ed9e8f5b3904df8b803aa2ce667a28337f2b4ae787e2ad9693974fac7bc59993976fe0c6aa04754c8a606b97e8c4

C:\Windows\System\QhBcBHC.exe

MD5 6e5188b07ad46074c927812baed7aa90
SHA1 9d3088b9c2f766434deac98d7ed954bcf3c3fe55
SHA256 2ff9ccb81f504fee5798ca522553c942822bc35fbbbb8c8edd00ccba45d203cb
SHA512 69c36525fa45028fe016c5a6890aa973e197ddf29bbcbbe25ab5b3a257ad9a7c5826748550e2c79e6f87fb641b8f76f1700556a70115e08260889221528de4b8

C:\Windows\System\BBFdzIQ.exe

MD5 f90ebc8f9b1463ac6b0b5b52ed60c7bd
SHA1 da8af2d85d8e84613c63b0416091570f771ada07
SHA256 eabae2402a45718f40b7c070fef711036609b62057b87757e5f6783f1cd0c0a3
SHA512 3493970af6ddbffed2bf7532c36d655e5d06e2b39954e13c46582538140ef026c19436490cbeaa1deedc3f7776d0911dd2f0478edc5b90549e0cbac729fd055a

C:\Windows\System\lcgYsNP.exe

MD5 85c602b0b0f5f01f7d39b2794d685902
SHA1 c556ba2e16497244ae76498647141812897535a1
SHA256 854f4687e2b08efb62b438752a1757bd3a51f93aaf0aaac82caf880decb48120
SHA512 893c992164d993b50c0e741c96e422a6a59df9c2f9b29f2f1f2f3332a53020993091ab0c86f98316184eb23427b901b95851d4b2f8055ec7a2cbfea3efe6b29b

C:\Windows\System\lwMOoku.exe

MD5 d1321b590efea573bd3da4a9d7f661d4
SHA1 a58db51948deb710571aba4ba95da30f973f3358
SHA256 c9d47407eb3e379e2eed1e4c6b9f0a5cabd98a32b5a7cef5449fd3320b762e8c
SHA512 bb63751e9972a19b7525fd1d738940745e12612f562c1270f3856172f34072709d5d526935ee58ef9f30b0703cc8cb0f4293170adf719c28438b835c37c547d8

C:\Windows\System\byUoeNO.exe

MD5 f5a14c7c77a47e15a80f17605209e902
SHA1 7bcc0adf1173ce83ed2a1c43a0a897532677cb0e
SHA256 57e4ba4e8344cb615f72f1fedf7e467b891a4a10cb7fab8faf0e92ca4f180db1
SHA512 e556f557236ccdd4c3e8f49953f0fa62478c225e8800aba402d3ccc790149ba814e4a6c2fd5f83e27ffd61bdf330fe4ab5b87d5dce843a65501f4b5908e7c469

C:\Windows\System\RsLtfem.exe

MD5 8e3ac6ab8f47dad5e3d31f493579ae87
SHA1 9a6afa41b6dc200c84f01c6a9172c8dc38f75275
SHA256 375e1770ee854b6f36ae90b0a14f95d05cb01c3423f66787b68c577f3045617f
SHA512 299e8a58b0a5abdcc8849be8ae4407e72c6c3b4d550f1514d1d4995ebf39a4660b427d6d49648d91cbf4a30d19b1eb80d46a91e327806c57580c89051f1d21a1

C:\Windows\System\DGFcFHg.exe

MD5 b163405b3065bdc579624246035daa7a
SHA1 efbae3afc7aacec7e1a48de837cd269a80c685b6
SHA256 8687419d232e0dd597544cb69988a473dc8d31c041f3575b6f4b732d115ac032
SHA512 492eced77095d36f13cb5bd1261ce91fffe770b3fffabcf7d8d105319be11bc6ed4d3434ab9b783dd8c86eb0183303c30049b18e181b9c0bfaae53a9461ce44b

C:\Windows\System\rzLrrZM.exe

MD5 fc4e54d6c0e92a1d98205f025d3de222
SHA1 19ec9c84d7adfe35d371c7dbd9883857430b4473
SHA256 6205ff086606f069fda735ec3baf013aa9b6007c3045821e71c4690db6c42af4
SHA512 c90a5d9213f4026026938076d8029440a5eea0c1f0097bd40f2417d5fa1027b083d77b74cef855b98d1282e62501719fabc777611968009ba00e29973baf0caa

memory/2400-560-0x00007FF602C30000-0x00007FF602F84000-memory.dmp

memory/2568-561-0x00007FF7191B0000-0x00007FF719504000-memory.dmp

memory/4508-562-0x00007FF6B4E50000-0x00007FF6B51A4000-memory.dmp

memory/3256-564-0x00007FF71AE20000-0x00007FF71B174000-memory.dmp

memory/1696-577-0x00007FF69EFE0000-0x00007FF69F334000-memory.dmp

memory/2344-596-0x00007FF731900000-0x00007FF731C54000-memory.dmp

memory/1792-651-0x00007FF76C2E0000-0x00007FF76C634000-memory.dmp

memory/4356-666-0x00007FF639CF0000-0x00007FF63A044000-memory.dmp

memory/4608-681-0x00007FF7661B0000-0x00007FF766504000-memory.dmp

memory/404-700-0x00007FF7425E0000-0x00007FF742934000-memory.dmp

memory/4016-711-0x00007FF619490000-0x00007FF6197E4000-memory.dmp

memory/1800-708-0x00007FF729F10000-0x00007FF72A264000-memory.dmp

memory/3292-691-0x00007FF799500000-0x00007FF799854000-memory.dmp

memory/4464-674-0x00007FF7D2980000-0x00007FF7D2CD4000-memory.dmp

memory/4396-661-0x00007FF692880000-0x00007FF692BD4000-memory.dmp

memory/3620-657-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp

memory/2976-638-0x00007FF7C7CD0000-0x00007FF7C8024000-memory.dmp

memory/1788-631-0x00007FF7C11A0000-0x00007FF7C14F4000-memory.dmp

memory/2348-620-0x00007FF7320D0000-0x00007FF732424000-memory.dmp

memory/772-611-0x00007FF6F7D70000-0x00007FF6F80C4000-memory.dmp

memory/2504-603-0x00007FF778810000-0x00007FF778B64000-memory.dmp

memory/1028-587-0x00007FF701C20000-0x00007FF701F74000-memory.dmp

memory/4252-583-0x00007FF6FBB50000-0x00007FF6FBEA4000-memory.dmp

memory/4432-572-0x00007FF6C9EB0000-0x00007FF6CA204000-memory.dmp

memory/4988-565-0x00007FF795B40000-0x00007FF795E94000-memory.dmp

memory/556-563-0x00007FF76E690000-0x00007FF76E9E4000-memory.dmp

C:\Windows\System\lijZoAt.exe

MD5 cdd53edb8dbce53c14d8130a08757c5b
SHA1 ce66d59adf5a3634a9f45b7dced17bf883211874
SHA256 879b8fe02e09ebb717359ca8e9346ab026e5d4cd2313d3ac019e214b35fb64f3
SHA512 78b354234b4024e55fc82efeaee2adfe7f564ca45ce5c2276d04d0d5bb5194d95764752088ab32c14b2548ac3ac95200fce1878f47068004c87dcc324113f453

C:\Windows\System\gDPgGAU.exe

MD5 fa84b60a785051533c0dd2aac0d6888c
SHA1 8f6874cf33d4c6220791529bdec66c6542108c55
SHA256 a03d1a00e15d1edb0c882b8b1c9707c3495cb049efde661bdff9a27015ce5593
SHA512 69ca21bcc168841bcc542f1191c86cce850eff1faad044456805571cf94d1edb063f0dfbd68052829b0f3ebc272d0e1ab16911e057183f90c7d8d141b0f0e250

C:\Windows\System\ZolZAyU.exe

MD5 56471585b1b28292931e7d7a6af30815
SHA1 c9b9288f830fdd45f79d95ca1fd121f3cc43e5aa
SHA256 fa1321d8d8dad975779cdcff123f8e08c85a83023f80b9eeb6faf46bd02eddf3
SHA512 e73818f0e22c8f14b39c05adfbb579e7ad2a79d89a476b4eeda9316337b5093d4bad55c3fa3a94b9b2dcf48d33e9649a65855aa23daf4ab9767225e54f33d2e1

C:\Windows\System\nqvPepS.exe

MD5 76203f0c7f1294f794aafd692418891c
SHA1 c28374d7be42e54621bbc0b24b9a8d4807f9e911
SHA256 037e5db2358b3a175db6b65f74bbb6da43c962c16207fa6cf99a8e037418cc1c
SHA512 8643d20109921cf18046372638a0f218634aeea72c96ce1fade428f8b72bbadccd4adaad2534226afd545007649ac968d2a27d8b8ece49fd0b683476323e7e49

C:\Windows\System\MdDKrtO.exe

MD5 73c64fc367e97cd59eb7a9520f1274cd
SHA1 a3c5922fc1dca047bdc2369fe8faed246d341098
SHA256 ac2fc41d2f4139952666b317057db33cd60fe8172c1300b534565032519fbaa2
SHA512 ad1d863a158a80c47266372c48648f28303407fc9e6d6af48ce6cec2f871356592a813a5feaabf8c0858b524ea581a22d9b67fb989b86cf12e7702e635ed4fa0

C:\Windows\System\mfVcBta.exe

MD5 a242a324b509c9d5540d21bc2768a23e
SHA1 9e094628c89cbf91bc02e9e14148c21910cb9633
SHA256 ee78579eb8f7fbd1d48cf7b536756f60d491404c93f85c5608230d11dbaeaa35
SHA512 fd2b1b2b0e649bc9d2aeae463735c9c520b058cc3e94f79b238de7bc69737192c1d8285e83615864f155a767dee8906588e0092b6c6b01f9b962ebb0f447954f

C:\Windows\System\WeXahUt.exe

MD5 3069cb48aad05237b0c65267cb1949d4
SHA1 d5e4424202710d8745008413fa5534bc78f7845c
SHA256 583ffd8380a4a72368eb4aae7caede48af0ad0a8c51febf3e100223f8af625f4
SHA512 3be3ebb546a18595210e7e9875a97aaa662ef486bd6433e4fe07ef9978936c7797195dc84b1e216895401056db134f37027a62694f473a1b37a17bf6380300b8

C:\Windows\System\ScCcvti.exe

MD5 831d338058e5922b37a601dda29b97cd
SHA1 5e5299f59219a8a5766413c560e081483dc0d6eb
SHA256 71ff2a6faee066148e73133699eb7e29fef415dc6c345c20fc3faf74f3364924
SHA512 a61c81b5d4b97b6f689a54a663e7b94a710af16350f1faed4d437a4e6f25b17ede1171f4f05352d7a5d935914be1fecacb3f5714c750216165548b9904c3f5c8

C:\Windows\System\NMCDEcx.exe

MD5 bd542b70b6e5e7f3f80a6c5b225e42c0
SHA1 371b07dc4310dda37d834865104409c1ca13ed49
SHA256 a3d23d466eadaba4917a44bdfb4a703bcd14023e6ea6f86191a2f99c3a2eca53
SHA512 d13dc3572ba2a2ba0985b83959a9febf9e9950acf370812b9b4b83096fa9f2fe2409a80a298e93f985c479221468740285043598aafe5ed67fa55b99c4ac9a68

C:\Windows\System\wiEnMFD.exe

MD5 5f36f7762f1d739863e71e3c51628c75
SHA1 6b86f762ba7c332666012abc9dc258f4630ad09c
SHA256 f9a6a4e97ff8cb30f8d4d5d32866534e94c2c0d207b47426d7d8daf7da62f908
SHA512 24c360a5133260b215c7bc8651ee63b256348fb913371cda8d39b933c9011c7f8bbecc279d4194797df34bcc8a37f40adc1a6ef3bdf956d01a3cd8449113bf2a

C:\Windows\System\EqXYGGQ.exe

MD5 abf6baed5ee3c11293e8497b68fbc62b
SHA1 703691745b9398f8aeffc90d2545dfc963a364de
SHA256 7aacf064b9e91ce4b67eb4f6ff53193d6c4953d781c5767885d7e355ed0bf48f
SHA512 a1383740a088bbdbe1ec733bd5922dca21d2324cdb05d8693029b4d2747edb748e11e3a48da40cd3505e6810bc95185b64681770b72bdfc5a6dc6606f9b00af3

C:\Windows\System\eFuhoik.exe

MD5 f39a1a8dcfd4408bdcd7597c2fbb3f31
SHA1 e92685f5dad3fed8cba5cfb379d7b5824fa377e7
SHA256 997064cad9ea84c248b81c8bd44853af508da32112e8e6905572ba797a3be0a8
SHA512 53cf381706d198f7a1a3e31329726efd034216c7489d37b5aea6f490f3a844923464dbbf34708e41fed0d7959f11e42435426c7e8fcc3efc769606dcd3ac4c12

C:\Windows\System\ScoJghd.exe

MD5 65351d18cbb124dd13fa08a61e9827da
SHA1 ecb70f7d2c2f150fccdada931a4b497667d80f77
SHA256 4857d09c555a71580a683085b2559e08a3a56fcdae4bd2cbd98162cbf9106474
SHA512 5410515780fd78fb25ce361e7e6dcb848e993321d56599c9a77bcba404c298a110df17c5971cdb4a2fdba0b54106efdd476513833916e8a0b2d563cd5499147f

C:\Windows\System\kmqEGNI.exe

MD5 0165ab30f9d959b15cea8b0d024fe932
SHA1 8d3cf2edf2d9dc55e81a24d798bb8488862fee92
SHA256 d20831b77b92feb28138985d331c5f8b119832e464f8d1398db485b26d1b81a5
SHA512 de1af764b71f3a384cffcf3e475152285885369de32f5713cc5496d7b527ba47cbe2897ddb223f10a0afe7e77141a038c75517da565b7a0cf601efa66d8cdc0f

C:\Windows\System\HsyNQoZ.exe

MD5 45d38096078736bb5671d5b326557992
SHA1 48ee6877ebec5ca60d53ac68db3d25451669a32d
SHA256 61e77a2a37d850cf310a6374e7e14b70b031fa727b72add61926c0db19b6e6ae
SHA512 f01c10e403db54248553df5befcc7be23eae6c39302c79af67fc6568a87a12821d035d44decd07a45013da69443b5be5fb5011fcd4407950cada001ea2fd6e31

C:\Windows\System\zzxTZiV.exe

MD5 ca6a3cb79051e5e5ace378ab4b135f0f
SHA1 28d66f727dbf450da49ce9d8461249ee82b6bc37
SHA256 aa67fd36aff6058b7b18478e0de7fbd757f0b982d9a867e55b87c1407b5ee9b4
SHA512 5d013cf776a4b4c40be62bf17369f5bf3333ad8d34d41716e2c437a3d70d334f0efc663c3dd9323fed84dc2f4b93012f94de9b48d16153562289580349407bc1

C:\Windows\System\imFGCRn.exe

MD5 f048fe5f399e517b6720b82ded490bd0
SHA1 e070a8e4eac0e397ed0c0099a2145217a116225e
SHA256 91aecbf227870d52e687c6a2651a80e4859fa32a38a3dd22479412ead68e1332
SHA512 dfe84321ed39e358747d3bc54d07b9942a99718c14b569d1f9c4b8699e021a9be875e1678ae89cd29016b082d964b774d8988500a41a46d5bd56b8eddc466259

C:\Windows\System\JfFiIvK.exe

MD5 ad50609cbb39d3872393d4e8dea83336
SHA1 509122beb13d6c6fd54f611dd33741c59919488e
SHA256 855637e746d7082caa80665d35337696ba913c4c4b08934cce48863174946a53
SHA512 38f8e46c117fa51dd902c31b6064d8fe81d72de3fee767d3537573c705339d59a178fe796b81de191997acdcce092f6c172a6d928fe8d00f4145b247e8aa5393

C:\Windows\System\abbyobz.exe

MD5 0bc31f375f63c1875729ed97a9c2b805
SHA1 62f224b57c85b4bc401a4b8d23e7ef02cd39b34b
SHA256 20066c89da6de7ca8a2e4a1f284987be9b002c687dca6df8c336501aedc3b424
SHA512 5d12685dcc4440f47914752cae1fe76a902d4c05d8121fb641d1779cdfeccd3768e714059ffd68555e716392d0812bf0f383e9edee69235af8b96c3d5206d655

C:\Windows\System\fBnIOTg.exe

MD5 1a49b7ed21657abd18a778b26311f954
SHA1 40560f5cd276cb1dca380457cd8fcf12ce364d35
SHA256 7deba85d4984866d61c59c74bf5999e8a57693d1ae5f17969f30a7167e2ea87f
SHA512 6bd8e286d361da09174bc8508fb6d6e9c5783aecca03d97267e296bd9757b2a9be781f12ddf332cab2e324ee96175a4271360788fbb6f7634fd0c1eaa9890cae

C:\Windows\System\FtlLKjw.exe

MD5 48e67467d9fe0176818f661748e9f672
SHA1 b0140e9e97d910149d9c12d3efa910500f78aacf
SHA256 f546ea82a8cc3dd779e281201317265b2f536bb8130ce5b518ac66eaddd21c48
SHA512 0df5999b83c4fac4ff803d59d85e3d52a3fef521bded8a49d9f7b8af54bae536d78016a426a8e326dc1bf9dc74b5db0453e48bb38ef36d1ae8968c3f7dd5fd1e

memory/5036-33-0x00007FF70DDB0000-0x00007FF70E104000-memory.dmp

C:\Windows\System\tugkbqf.exe

MD5 07f648e55b41a955647768bc405aea45
SHA1 46801d7e3ec52316ee6dfbbb365f8bda9e4a9487
SHA256 56f5d3be68694483a04f10d7557c0d29e345aba193492049be11c5f185d86f8e
SHA512 c5accb2018eac755d4ca9e1b94dc1e141aa7e105c727430d4c871cf19692cabf8ced48bae83d3204a8fed11ad58b9bb1123f822466075a21935b5e9bae1cf212

memory/4044-29-0x00007FF6C3CD0000-0x00007FF6C4024000-memory.dmp

C:\Windows\System\wInSEkd.exe

MD5 572b80d2323a0e00781fddfecdfb5be3
SHA1 b05d3c1dbff309fb4bd288427c1ceee57438583a
SHA256 f56e42609e8aef7a4c4319ef4584e39fcff4c4f3be119e06f98e3c42f69d9a32
SHA512 8d0146f21c95cb6c34bdfa97358c09894c8ffbb8a1cdddf9ba5d06b80f549b9e9898e13539e8ac899f0176873c135379fd79b0a932c67d662fa11a5add9d0477

memory/4560-12-0x00007FF610C20000-0x00007FF610F74000-memory.dmp

memory/1716-1070-0x00007FF6C2770000-0x00007FF6C2AC4000-memory.dmp

memory/4044-1071-0x00007FF6C3CD0000-0x00007FF6C4024000-memory.dmp

memory/4560-1072-0x00007FF610C20000-0x00007FF610F74000-memory.dmp

memory/4044-1073-0x00007FF6C3CD0000-0x00007FF6C4024000-memory.dmp

memory/404-1074-0x00007FF7425E0000-0x00007FF742934000-memory.dmp

memory/5036-1075-0x00007FF70DDB0000-0x00007FF70E104000-memory.dmp

memory/2400-1076-0x00007FF602C30000-0x00007FF602F84000-memory.dmp

memory/1800-1077-0x00007FF729F10000-0x00007FF72A264000-memory.dmp

memory/4016-1078-0x00007FF619490000-0x00007FF6197E4000-memory.dmp

memory/2568-1079-0x00007FF7191B0000-0x00007FF719504000-memory.dmp

memory/4988-1081-0x00007FF795B40000-0x00007FF795E94000-memory.dmp

memory/556-1083-0x00007FF76E690000-0x00007FF76E9E4000-memory.dmp

memory/4432-1085-0x00007FF6C9EB0000-0x00007FF6CA204000-memory.dmp

memory/1696-1084-0x00007FF69EFE0000-0x00007FF69F334000-memory.dmp

memory/3256-1082-0x00007FF71AE20000-0x00007FF71B174000-memory.dmp

memory/4508-1080-0x00007FF6B4E50000-0x00007FF6B51A4000-memory.dmp

memory/2348-1090-0x00007FF7320D0000-0x00007FF732424000-memory.dmp

memory/1028-1094-0x00007FF701C20000-0x00007FF701F74000-memory.dmp

memory/4396-1095-0x00007FF692880000-0x00007FF692BD4000-memory.dmp

memory/4356-1096-0x00007FF639CF0000-0x00007FF63A044000-memory.dmp

memory/2344-1093-0x00007FF731900000-0x00007FF731C54000-memory.dmp

memory/772-1092-0x00007FF6F7D70000-0x00007FF6F80C4000-memory.dmp

memory/2504-1091-0x00007FF778810000-0x00007FF778B64000-memory.dmp

memory/1788-1089-0x00007FF7C11A0000-0x00007FF7C14F4000-memory.dmp

memory/2976-1088-0x00007FF7C7CD0000-0x00007FF7C8024000-memory.dmp

memory/3620-1087-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp

memory/1792-1086-0x00007FF76C2E0000-0x00007FF76C634000-memory.dmp

memory/4464-1100-0x00007FF7D2980000-0x00007FF7D2CD4000-memory.dmp

memory/4608-1099-0x00007FF7661B0000-0x00007FF766504000-memory.dmp

memory/3292-1098-0x00007FF799500000-0x00007FF799854000-memory.dmp

memory/4252-1097-0x00007FF6FBB50000-0x00007FF6FBEA4000-memory.dmp