Malware Analysis Report

2024-10-16 08:05

Sample ID 240701-myewwsxdje
Target 4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe
SHA256 4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d

Threat Level: Known bad

The file 4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Xmrig family

Kpot family

xmrig

KPOT

KPOT Core Executable

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-01 10:52

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 10:52

Reported

2024-07-01 10:55

Platform

win7-20240508-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xrJHmzf.exe N/A
N/A N/A C:\Windows\System\ZZIdWTb.exe N/A
N/A N/A C:\Windows\System\bpRVGEj.exe N/A
N/A N/A C:\Windows\System\dPjvgDz.exe N/A
N/A N/A C:\Windows\System\SeYUcXQ.exe N/A
N/A N/A C:\Windows\System\OnxvAnO.exe N/A
N/A N/A C:\Windows\System\EqexQMg.exe N/A
N/A N/A C:\Windows\System\IAUAHoD.exe N/A
N/A N/A C:\Windows\System\avaBUtm.exe N/A
N/A N/A C:\Windows\System\gLvYWMf.exe N/A
N/A N/A C:\Windows\System\AvEZbFG.exe N/A
N/A N/A C:\Windows\System\oKjIvNF.exe N/A
N/A N/A C:\Windows\System\yjsVWND.exe N/A
N/A N/A C:\Windows\System\vzXWINW.exe N/A
N/A N/A C:\Windows\System\uYBdZDi.exe N/A
N/A N/A C:\Windows\System\rwrlozW.exe N/A
N/A N/A C:\Windows\System\dpDHvna.exe N/A
N/A N/A C:\Windows\System\gmvnEGR.exe N/A
N/A N/A C:\Windows\System\kdmJIaq.exe N/A
N/A N/A C:\Windows\System\mYWLLYk.exe N/A
N/A N/A C:\Windows\System\qYVtYbR.exe N/A
N/A N/A C:\Windows\System\HLkLafV.exe N/A
N/A N/A C:\Windows\System\JDgrLrZ.exe N/A
N/A N/A C:\Windows\System\tIgTOkI.exe N/A
N/A N/A C:\Windows\System\yLucoUX.exe N/A
N/A N/A C:\Windows\System\BPJQAzY.exe N/A
N/A N/A C:\Windows\System\KgoggEt.exe N/A
N/A N/A C:\Windows\System\OsLrvCQ.exe N/A
N/A N/A C:\Windows\System\NCadzfZ.exe N/A
N/A N/A C:\Windows\System\MOTVwKe.exe N/A
N/A N/A C:\Windows\System\ZQZCHHl.exe N/A
N/A N/A C:\Windows\System\tsZZWFD.exe N/A
N/A N/A C:\Windows\System\wSgyrow.exe N/A
N/A N/A C:\Windows\System\MpguGGT.exe N/A
N/A N/A C:\Windows\System\hQplkKg.exe N/A
N/A N/A C:\Windows\System\yOkbVvn.exe N/A
N/A N/A C:\Windows\System\ueOCyLi.exe N/A
N/A N/A C:\Windows\System\unuFAgy.exe N/A
N/A N/A C:\Windows\System\JxdyCiN.exe N/A
N/A N/A C:\Windows\System\DJGQCZV.exe N/A
N/A N/A C:\Windows\System\jxvEXWq.exe N/A
N/A N/A C:\Windows\System\ZTdlbKA.exe N/A
N/A N/A C:\Windows\System\zqYLjYV.exe N/A
N/A N/A C:\Windows\System\BdOcVtJ.exe N/A
N/A N/A C:\Windows\System\axPuvlE.exe N/A
N/A N/A C:\Windows\System\dnasCRW.exe N/A
N/A N/A C:\Windows\System\BlfNVNY.exe N/A
N/A N/A C:\Windows\System\wCSOrrA.exe N/A
N/A N/A C:\Windows\System\lnQjBpW.exe N/A
N/A N/A C:\Windows\System\ROPSGRU.exe N/A
N/A N/A C:\Windows\System\JgKNxjh.exe N/A
N/A N/A C:\Windows\System\WoBlecY.exe N/A
N/A N/A C:\Windows\System\BnsFmVS.exe N/A
N/A N/A C:\Windows\System\orSuLHk.exe N/A
N/A N/A C:\Windows\System\mLyRZsE.exe N/A
N/A N/A C:\Windows\System\aEWdbjc.exe N/A
N/A N/A C:\Windows\System\jkcYeIF.exe N/A
N/A N/A C:\Windows\System\qNQwqZU.exe N/A
N/A N/A C:\Windows\System\OBYPqoI.exe N/A
N/A N/A C:\Windows\System\bMzFeYK.exe N/A
N/A N/A C:\Windows\System\fUZAmKU.exe N/A
N/A N/A C:\Windows\System\qWmBiBD.exe N/A
N/A N/A C:\Windows\System\BtFMcmQ.exe N/A
N/A N/A C:\Windows\System\hNgaREK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EXLBCOq.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKbWBNP.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\VONjyVD.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHzEilp.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\LczQFer.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMiApYn.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggdoapN.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\fgglhzz.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\rgEtsoY.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\UqMDWlU.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\sNBJFJz.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\qImGlws.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRUwcPF.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMUgjVw.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\tIclMzr.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wCSOrrA.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmoReVD.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbMQhjd.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrrfljc.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJXbmgP.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wvaCGkD.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrJHmzf.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpRVGEj.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XndttXt.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOvlVZC.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIpmrlj.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\AErTjJx.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\vllawod.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpguGGT.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOkbVvn.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDKIqUs.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\AkgnIHP.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiKTFlw.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJnXpWy.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMNZRwb.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\mYWLLYk.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBTffGC.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErkIIqP.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\zHIiwJp.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWSAEDX.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\tMSTxXP.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYykfJZ.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFTBeAC.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDGWLCV.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\tTEUDPb.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvaJFvB.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOzyoCq.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwWtljI.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\bwmYhZJ.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMSVzfV.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\oURfKUu.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\odAxUEB.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnxvAnO.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYVtYbR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdddMPp.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\fWlQmbL.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcsXsOc.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjsVWND.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnQjBpW.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\quEgyhi.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\EEarhKN.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozUcHUw.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLvYWMf.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTkmvIR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3008 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\xrJHmzf.exe
PID 3008 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\xrJHmzf.exe
PID 3008 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\xrJHmzf.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\ZZIdWTb.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\ZZIdWTb.exe
PID 3008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\ZZIdWTb.exe
PID 3008 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\bpRVGEj.exe
PID 3008 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\bpRVGEj.exe
PID 3008 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\bpRVGEj.exe
PID 3008 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dPjvgDz.exe
PID 3008 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dPjvgDz.exe
PID 3008 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dPjvgDz.exe
PID 3008 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\SeYUcXQ.exe
PID 3008 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\SeYUcXQ.exe
PID 3008 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\SeYUcXQ.exe
PID 3008 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\OnxvAnO.exe
PID 3008 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\OnxvAnO.exe
PID 3008 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\OnxvAnO.exe
PID 3008 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\EqexQMg.exe
PID 3008 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\EqexQMg.exe
PID 3008 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\EqexQMg.exe
PID 3008 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\IAUAHoD.exe
PID 3008 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\IAUAHoD.exe
PID 3008 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\IAUAHoD.exe
PID 3008 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gLvYWMf.exe
PID 3008 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gLvYWMf.exe
PID 3008 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gLvYWMf.exe
PID 3008 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\avaBUtm.exe
PID 3008 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\avaBUtm.exe
PID 3008 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\avaBUtm.exe
PID 3008 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\AvEZbFG.exe
PID 3008 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\AvEZbFG.exe
PID 3008 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\AvEZbFG.exe
PID 3008 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\oKjIvNF.exe
PID 3008 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\oKjIvNF.exe
PID 3008 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\oKjIvNF.exe
PID 3008 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\yjsVWND.exe
PID 3008 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\yjsVWND.exe
PID 3008 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\yjsVWND.exe
PID 3008 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\vzXWINW.exe
PID 3008 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\vzXWINW.exe
PID 3008 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\vzXWINW.exe
PID 3008 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\uYBdZDi.exe
PID 3008 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\uYBdZDi.exe
PID 3008 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\uYBdZDi.exe
PID 3008 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\rwrlozW.exe
PID 3008 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\rwrlozW.exe
PID 3008 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\rwrlozW.exe
PID 3008 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dpDHvna.exe
PID 3008 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dpDHvna.exe
PID 3008 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dpDHvna.exe
PID 3008 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gmvnEGR.exe
PID 3008 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gmvnEGR.exe
PID 3008 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\gmvnEGR.exe
PID 3008 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\kdmJIaq.exe
PID 3008 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\kdmJIaq.exe
PID 3008 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\kdmJIaq.exe
PID 3008 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\mYWLLYk.exe
PID 3008 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\mYWLLYk.exe
PID 3008 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\mYWLLYk.exe
PID 3008 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\qYVtYbR.exe
PID 3008 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\qYVtYbR.exe
PID 3008 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\qYVtYbR.exe
PID 3008 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\HLkLafV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe"

C:\Windows\System\xrJHmzf.exe

C:\Windows\System\xrJHmzf.exe

C:\Windows\System\ZZIdWTb.exe

C:\Windows\System\ZZIdWTb.exe

C:\Windows\System\bpRVGEj.exe

C:\Windows\System\bpRVGEj.exe

C:\Windows\System\dPjvgDz.exe

C:\Windows\System\dPjvgDz.exe

C:\Windows\System\SeYUcXQ.exe

C:\Windows\System\SeYUcXQ.exe

C:\Windows\System\OnxvAnO.exe

C:\Windows\System\OnxvAnO.exe

C:\Windows\System\EqexQMg.exe

C:\Windows\System\EqexQMg.exe

C:\Windows\System\IAUAHoD.exe

C:\Windows\System\IAUAHoD.exe

C:\Windows\System\gLvYWMf.exe

C:\Windows\System\gLvYWMf.exe

C:\Windows\System\avaBUtm.exe

C:\Windows\System\avaBUtm.exe

C:\Windows\System\AvEZbFG.exe

C:\Windows\System\AvEZbFG.exe

C:\Windows\System\oKjIvNF.exe

C:\Windows\System\oKjIvNF.exe

C:\Windows\System\yjsVWND.exe

C:\Windows\System\yjsVWND.exe

C:\Windows\System\vzXWINW.exe

C:\Windows\System\vzXWINW.exe

C:\Windows\System\uYBdZDi.exe

C:\Windows\System\uYBdZDi.exe

C:\Windows\System\rwrlozW.exe

C:\Windows\System\rwrlozW.exe

C:\Windows\System\dpDHvna.exe

C:\Windows\System\dpDHvna.exe

C:\Windows\System\gmvnEGR.exe

C:\Windows\System\gmvnEGR.exe

C:\Windows\System\kdmJIaq.exe

C:\Windows\System\kdmJIaq.exe

C:\Windows\System\mYWLLYk.exe

C:\Windows\System\mYWLLYk.exe

C:\Windows\System\qYVtYbR.exe

C:\Windows\System\qYVtYbR.exe

C:\Windows\System\HLkLafV.exe

C:\Windows\System\HLkLafV.exe

C:\Windows\System\JDgrLrZ.exe

C:\Windows\System\JDgrLrZ.exe

C:\Windows\System\tIgTOkI.exe

C:\Windows\System\tIgTOkI.exe

C:\Windows\System\yLucoUX.exe

C:\Windows\System\yLucoUX.exe

C:\Windows\System\BPJQAzY.exe

C:\Windows\System\BPJQAzY.exe

C:\Windows\System\KgoggEt.exe

C:\Windows\System\KgoggEt.exe

C:\Windows\System\OsLrvCQ.exe

C:\Windows\System\OsLrvCQ.exe

C:\Windows\System\NCadzfZ.exe

C:\Windows\System\NCadzfZ.exe

C:\Windows\System\MOTVwKe.exe

C:\Windows\System\MOTVwKe.exe

C:\Windows\System\ZQZCHHl.exe

C:\Windows\System\ZQZCHHl.exe

C:\Windows\System\tsZZWFD.exe

C:\Windows\System\tsZZWFD.exe

C:\Windows\System\MpguGGT.exe

C:\Windows\System\MpguGGT.exe

C:\Windows\System\wSgyrow.exe

C:\Windows\System\wSgyrow.exe

C:\Windows\System\hQplkKg.exe

C:\Windows\System\hQplkKg.exe

C:\Windows\System\yOkbVvn.exe

C:\Windows\System\yOkbVvn.exe

C:\Windows\System\ueOCyLi.exe

C:\Windows\System\ueOCyLi.exe

C:\Windows\System\unuFAgy.exe

C:\Windows\System\unuFAgy.exe

C:\Windows\System\JxdyCiN.exe

C:\Windows\System\JxdyCiN.exe

C:\Windows\System\DJGQCZV.exe

C:\Windows\System\DJGQCZV.exe

C:\Windows\System\jxvEXWq.exe

C:\Windows\System\jxvEXWq.exe

C:\Windows\System\ZTdlbKA.exe

C:\Windows\System\ZTdlbKA.exe

C:\Windows\System\zqYLjYV.exe

C:\Windows\System\zqYLjYV.exe

C:\Windows\System\BdOcVtJ.exe

C:\Windows\System\BdOcVtJ.exe

C:\Windows\System\axPuvlE.exe

C:\Windows\System\axPuvlE.exe

C:\Windows\System\dnasCRW.exe

C:\Windows\System\dnasCRW.exe

C:\Windows\System\BlfNVNY.exe

C:\Windows\System\BlfNVNY.exe

C:\Windows\System\wCSOrrA.exe

C:\Windows\System\wCSOrrA.exe

C:\Windows\System\lnQjBpW.exe

C:\Windows\System\lnQjBpW.exe

C:\Windows\System\ROPSGRU.exe

C:\Windows\System\ROPSGRU.exe

C:\Windows\System\JgKNxjh.exe

C:\Windows\System\JgKNxjh.exe

C:\Windows\System\WoBlecY.exe

C:\Windows\System\WoBlecY.exe

C:\Windows\System\BnsFmVS.exe

C:\Windows\System\BnsFmVS.exe

C:\Windows\System\orSuLHk.exe

C:\Windows\System\orSuLHk.exe

C:\Windows\System\mLyRZsE.exe

C:\Windows\System\mLyRZsE.exe

C:\Windows\System\aEWdbjc.exe

C:\Windows\System\aEWdbjc.exe

C:\Windows\System\jkcYeIF.exe

C:\Windows\System\jkcYeIF.exe

C:\Windows\System\qNQwqZU.exe

C:\Windows\System\qNQwqZU.exe

C:\Windows\System\bMzFeYK.exe

C:\Windows\System\bMzFeYK.exe

C:\Windows\System\OBYPqoI.exe

C:\Windows\System\OBYPqoI.exe

C:\Windows\System\fUZAmKU.exe

C:\Windows\System\fUZAmKU.exe

C:\Windows\System\qWmBiBD.exe

C:\Windows\System\qWmBiBD.exe

C:\Windows\System\hNgaREK.exe

C:\Windows\System\hNgaREK.exe

C:\Windows\System\BtFMcmQ.exe

C:\Windows\System\BtFMcmQ.exe

C:\Windows\System\HMvXPxA.exe

C:\Windows\System\HMvXPxA.exe

C:\Windows\System\YudlUyk.exe

C:\Windows\System\YudlUyk.exe

C:\Windows\System\UqMDWlU.exe

C:\Windows\System\UqMDWlU.exe

C:\Windows\System\IBTffGC.exe

C:\Windows\System\IBTffGC.exe

C:\Windows\System\OQsQZUb.exe

C:\Windows\System\OQsQZUb.exe

C:\Windows\System\CsOhFoV.exe

C:\Windows\System\CsOhFoV.exe

C:\Windows\System\IYykfJZ.exe

C:\Windows\System\IYykfJZ.exe

C:\Windows\System\dnqztNe.exe

C:\Windows\System\dnqztNe.exe

C:\Windows\System\ogcoNZS.exe

C:\Windows\System\ogcoNZS.exe

C:\Windows\System\iCoiHqL.exe

C:\Windows\System\iCoiHqL.exe

C:\Windows\System\YDKIqUs.exe

C:\Windows\System\YDKIqUs.exe

C:\Windows\System\xAzipzP.exe

C:\Windows\System\xAzipzP.exe

C:\Windows\System\XvaJFvB.exe

C:\Windows\System\XvaJFvB.exe

C:\Windows\System\ckhmelB.exe

C:\Windows\System\ckhmelB.exe

C:\Windows\System\JJthXFL.exe

C:\Windows\System\JJthXFL.exe

C:\Windows\System\OrdxcEP.exe

C:\Windows\System\OrdxcEP.exe

C:\Windows\System\EMyrNls.exe

C:\Windows\System\EMyrNls.exe

C:\Windows\System\EqppvbA.exe

C:\Windows\System\EqppvbA.exe

C:\Windows\System\AkgnIHP.exe

C:\Windows\System\AkgnIHP.exe

C:\Windows\System\sVIsJFO.exe

C:\Windows\System\sVIsJFO.exe

C:\Windows\System\FFNbOuQ.exe

C:\Windows\System\FFNbOuQ.exe

C:\Windows\System\UdddMPp.exe

C:\Windows\System\UdddMPp.exe

C:\Windows\System\cYwTEVP.exe

C:\Windows\System\cYwTEVP.exe

C:\Windows\System\gfHoODx.exe

C:\Windows\System\gfHoODx.exe

C:\Windows\System\jPNJlav.exe

C:\Windows\System\jPNJlav.exe

C:\Windows\System\LsBYzvH.exe

C:\Windows\System\LsBYzvH.exe

C:\Windows\System\ptvBCDd.exe

C:\Windows\System\ptvBCDd.exe

C:\Windows\System\yIBGfeQ.exe

C:\Windows\System\yIBGfeQ.exe

C:\Windows\System\vqFSIQh.exe

C:\Windows\System\vqFSIQh.exe

C:\Windows\System\jOzyoCq.exe

C:\Windows\System\jOzyoCq.exe

C:\Windows\System\BiOGLhy.exe

C:\Windows\System\BiOGLhy.exe

C:\Windows\System\EfjnifJ.exe

C:\Windows\System\EfjnifJ.exe

C:\Windows\System\GHRXkCM.exe

C:\Windows\System\GHRXkCM.exe

C:\Windows\System\ggdoapN.exe

C:\Windows\System\ggdoapN.exe

C:\Windows\System\PLwiVlh.exe

C:\Windows\System\PLwiVlh.exe

C:\Windows\System\xsCoZcV.exe

C:\Windows\System\xsCoZcV.exe

C:\Windows\System\YMoGTJs.exe

C:\Windows\System\YMoGTJs.exe

C:\Windows\System\uxJjSLA.exe

C:\Windows\System\uxJjSLA.exe

C:\Windows\System\HOYffSj.exe

C:\Windows\System\HOYffSj.exe

C:\Windows\System\aRHBSIk.exe

C:\Windows\System\aRHBSIk.exe

C:\Windows\System\RNxrMrO.exe

C:\Windows\System\RNxrMrO.exe

C:\Windows\System\QmoReVD.exe

C:\Windows\System\QmoReVD.exe

C:\Windows\System\qFTBeAC.exe

C:\Windows\System\qFTBeAC.exe

C:\Windows\System\FOuudTQ.exe

C:\Windows\System\FOuudTQ.exe

C:\Windows\System\ErkIIqP.exe

C:\Windows\System\ErkIIqP.exe

C:\Windows\System\UmNrGQW.exe

C:\Windows\System\UmNrGQW.exe

C:\Windows\System\kHJqopP.exe

C:\Windows\System\kHJqopP.exe

C:\Windows\System\lplfWkM.exe

C:\Windows\System\lplfWkM.exe

C:\Windows\System\gChgYtc.exe

C:\Windows\System\gChgYtc.exe

C:\Windows\System\FnAyzEf.exe

C:\Windows\System\FnAyzEf.exe

C:\Windows\System\CxYxvuO.exe

C:\Windows\System\CxYxvuO.exe

C:\Windows\System\YpZzpPp.exe

C:\Windows\System\YpZzpPp.exe

C:\Windows\System\vjhWUMv.exe

C:\Windows\System\vjhWUMv.exe

C:\Windows\System\iuFMXRD.exe

C:\Windows\System\iuFMXRD.exe

C:\Windows\System\eiKTFlw.exe

C:\Windows\System\eiKTFlw.exe

C:\Windows\System\KgfjlZd.exe

C:\Windows\System\KgfjlZd.exe

C:\Windows\System\aaLneub.exe

C:\Windows\System\aaLneub.exe

C:\Windows\System\DVNYQip.exe

C:\Windows\System\DVNYQip.exe

C:\Windows\System\YhAnYnM.exe

C:\Windows\System\YhAnYnM.exe

C:\Windows\System\TwWtljI.exe

C:\Windows\System\TwWtljI.exe

C:\Windows\System\OVKgNFY.exe

C:\Windows\System\OVKgNFY.exe

C:\Windows\System\bwmYhZJ.exe

C:\Windows\System\bwmYhZJ.exe

C:\Windows\System\OIPzBAy.exe

C:\Windows\System\OIPzBAy.exe

C:\Windows\System\zHIiwJp.exe

C:\Windows\System\zHIiwJp.exe

C:\Windows\System\VOXOBtY.exe

C:\Windows\System\VOXOBtY.exe

C:\Windows\System\sNBJFJz.exe

C:\Windows\System\sNBJFJz.exe

C:\Windows\System\neKJOSS.exe

C:\Windows\System\neKJOSS.exe

C:\Windows\System\zMUgjVw.exe

C:\Windows\System\zMUgjVw.exe

C:\Windows\System\bhORKaL.exe

C:\Windows\System\bhORKaL.exe

C:\Windows\System\PbbFDQv.exe

C:\Windows\System\PbbFDQv.exe

C:\Windows\System\xoaIrQU.exe

C:\Windows\System\xoaIrQU.exe

C:\Windows\System\RMSVzfV.exe

C:\Windows\System\RMSVzfV.exe

C:\Windows\System\XDqGpxz.exe

C:\Windows\System\XDqGpxz.exe

C:\Windows\System\DxhnOZU.exe

C:\Windows\System\DxhnOZU.exe

C:\Windows\System\yaTyRcG.exe

C:\Windows\System\yaTyRcG.exe

C:\Windows\System\DHwjINb.exe

C:\Windows\System\DHwjINb.exe

C:\Windows\System\eCCAELl.exe

C:\Windows\System\eCCAELl.exe

C:\Windows\System\cSsQtXn.exe

C:\Windows\System\cSsQtXn.exe

C:\Windows\System\dLOXfyF.exe

C:\Windows\System\dLOXfyF.exe

C:\Windows\System\OOSKnni.exe

C:\Windows\System\OOSKnni.exe

C:\Windows\System\bPBVRxl.exe

C:\Windows\System\bPBVRxl.exe

C:\Windows\System\hBxTetb.exe

C:\Windows\System\hBxTetb.exe

C:\Windows\System\KCJGEFj.exe

C:\Windows\System\KCJGEFj.exe

C:\Windows\System\KQrnMey.exe

C:\Windows\System\KQrnMey.exe

C:\Windows\System\nVngYpI.exe

C:\Windows\System\nVngYpI.exe

C:\Windows\System\VWSAEDX.exe

C:\Windows\System\VWSAEDX.exe

C:\Windows\System\idRITxd.exe

C:\Windows\System\idRITxd.exe

C:\Windows\System\JUUwCYZ.exe

C:\Windows\System\JUUwCYZ.exe

C:\Windows\System\RQsDnLa.exe

C:\Windows\System\RQsDnLa.exe

C:\Windows\System\rwbDYRX.exe

C:\Windows\System\rwbDYRX.exe

C:\Windows\System\JZWbfuN.exe

C:\Windows\System\JZWbfuN.exe

C:\Windows\System\ddrEAoK.exe

C:\Windows\System\ddrEAoK.exe

C:\Windows\System\ghZAtGq.exe

C:\Windows\System\ghZAtGq.exe

C:\Windows\System\NOvlVZC.exe

C:\Windows\System\NOvlVZC.exe

C:\Windows\System\GlfbUCR.exe

C:\Windows\System\GlfbUCR.exe

C:\Windows\System\hBMdGLT.exe

C:\Windows\System\hBMdGLT.exe

C:\Windows\System\ESbTDsA.exe

C:\Windows\System\ESbTDsA.exe

C:\Windows\System\odEKxTU.exe

C:\Windows\System\odEKxTU.exe

C:\Windows\System\HIpmrlj.exe

C:\Windows\System\HIpmrlj.exe

C:\Windows\System\oURfKUu.exe

C:\Windows\System\oURfKUu.exe

C:\Windows\System\UNsbQQe.exe

C:\Windows\System\UNsbQQe.exe

C:\Windows\System\XdscBkJ.exe

C:\Windows\System\XdscBkJ.exe

C:\Windows\System\tgVLSdg.exe

C:\Windows\System\tgVLSdg.exe

C:\Windows\System\yFTJGFE.exe

C:\Windows\System\yFTJGFE.exe

C:\Windows\System\uqrcvrF.exe

C:\Windows\System\uqrcvrF.exe

C:\Windows\System\gcyKNEr.exe

C:\Windows\System\gcyKNEr.exe

C:\Windows\System\aoNksoy.exe

C:\Windows\System\aoNksoy.exe

C:\Windows\System\kTkmvIR.exe

C:\Windows\System\kTkmvIR.exe

C:\Windows\System\YAguNtb.exe

C:\Windows\System\YAguNtb.exe

C:\Windows\System\ivEUsmJ.exe

C:\Windows\System\ivEUsmJ.exe

C:\Windows\System\odAxUEB.exe

C:\Windows\System\odAxUEB.exe

C:\Windows\System\MbMQhjd.exe

C:\Windows\System\MbMQhjd.exe

C:\Windows\System\nrrfljc.exe

C:\Windows\System\nrrfljc.exe

C:\Windows\System\YskXURy.exe

C:\Windows\System\YskXURy.exe

C:\Windows\System\tIclMzr.exe

C:\Windows\System\tIclMzr.exe

C:\Windows\System\asmnKxJ.exe

C:\Windows\System\asmnKxJ.exe

C:\Windows\System\kvRcWch.exe

C:\Windows\System\kvRcWch.exe

C:\Windows\System\fzRsbyZ.exe

C:\Windows\System\fzRsbyZ.exe

C:\Windows\System\quEgyhi.exe

C:\Windows\System\quEgyhi.exe

C:\Windows\System\oPAGjcC.exe

C:\Windows\System\oPAGjcC.exe

C:\Windows\System\xKvhbCf.exe

C:\Windows\System\xKvhbCf.exe

C:\Windows\System\SgdHdFD.exe

C:\Windows\System\SgdHdFD.exe

C:\Windows\System\fgglhzz.exe

C:\Windows\System\fgglhzz.exe

C:\Windows\System\JkgCFZY.exe

C:\Windows\System\JkgCFZY.exe

C:\Windows\System\oyCIgqx.exe

C:\Windows\System\oyCIgqx.exe

C:\Windows\System\HTbGZEC.exe

C:\Windows\System\HTbGZEC.exe

C:\Windows\System\yDGWLCV.exe

C:\Windows\System\yDGWLCV.exe

C:\Windows\System\ikaMEBZ.exe

C:\Windows\System\ikaMEBZ.exe

C:\Windows\System\vKbWBNP.exe

C:\Windows\System\vKbWBNP.exe

C:\Windows\System\ezDtmWl.exe

C:\Windows\System\ezDtmWl.exe

C:\Windows\System\XlvgNRU.exe

C:\Windows\System\XlvgNRU.exe

C:\Windows\System\tElEpjM.exe

C:\Windows\System\tElEpjM.exe

C:\Windows\System\daIGCuz.exe

C:\Windows\System\daIGCuz.exe

C:\Windows\System\KLFKfnf.exe

C:\Windows\System\KLFKfnf.exe

C:\Windows\System\tMSTxXP.exe

C:\Windows\System\tMSTxXP.exe

C:\Windows\System\WpVAwWK.exe

C:\Windows\System\WpVAwWK.exe

C:\Windows\System\yXpqWlP.exe

C:\Windows\System\yXpqWlP.exe

C:\Windows\System\XfwgBNu.exe

C:\Windows\System\XfwgBNu.exe

C:\Windows\System\KwWJnFu.exe

C:\Windows\System\KwWJnFu.exe

C:\Windows\System\UHWWViK.exe

C:\Windows\System\UHWWViK.exe

C:\Windows\System\vNRYrUl.exe

C:\Windows\System\vNRYrUl.exe

C:\Windows\System\gNYoZdo.exe

C:\Windows\System\gNYoZdo.exe

C:\Windows\System\oOPwwKj.exe

C:\Windows\System\oOPwwKj.exe

C:\Windows\System\EEarhKN.exe

C:\Windows\System\EEarhKN.exe

C:\Windows\System\tsZlnxk.exe

C:\Windows\System\tsZlnxk.exe

C:\Windows\System\gDIxBMn.exe

C:\Windows\System\gDIxBMn.exe

C:\Windows\System\OnUULgF.exe

C:\Windows\System\OnUULgF.exe

C:\Windows\System\bHzEilp.exe

C:\Windows\System\bHzEilp.exe

C:\Windows\System\uMwehOk.exe

C:\Windows\System\uMwehOk.exe

C:\Windows\System\qzkppSs.exe

C:\Windows\System\qzkppSs.exe

C:\Windows\System\AErTjJx.exe

C:\Windows\System\AErTjJx.exe

C:\Windows\System\nZfBppD.exe

C:\Windows\System\nZfBppD.exe

C:\Windows\System\tTEUDPb.exe

C:\Windows\System\tTEUDPb.exe

C:\Windows\System\VONjyVD.exe

C:\Windows\System\VONjyVD.exe

C:\Windows\System\LczQFer.exe

C:\Windows\System\LczQFer.exe

C:\Windows\System\ZvuHkye.exe

C:\Windows\System\ZvuHkye.exe

C:\Windows\System\aYNimVj.exe

C:\Windows\System\aYNimVj.exe

C:\Windows\System\rgEtsoY.exe

C:\Windows\System\rgEtsoY.exe

C:\Windows\System\muoTfWD.exe

C:\Windows\System\muoTfWD.exe

C:\Windows\System\XJXbmgP.exe

C:\Windows\System\XJXbmgP.exe

C:\Windows\System\BaVNAOa.exe

C:\Windows\System\BaVNAOa.exe

C:\Windows\System\ncqdojz.exe

C:\Windows\System\ncqdojz.exe

C:\Windows\System\MhRuAem.exe

C:\Windows\System\MhRuAem.exe

C:\Windows\System\KhsQJYK.exe

C:\Windows\System\KhsQJYK.exe

C:\Windows\System\WpGIsIw.exe

C:\Windows\System\WpGIsIw.exe

C:\Windows\System\mdsHqth.exe

C:\Windows\System\mdsHqth.exe

C:\Windows\System\DMGNjnc.exe

C:\Windows\System\DMGNjnc.exe

C:\Windows\System\cLhaNed.exe

C:\Windows\System\cLhaNed.exe

C:\Windows\System\LZCIrym.exe

C:\Windows\System\LZCIrym.exe

C:\Windows\System\OeHXXoH.exe

C:\Windows\System\OeHXXoH.exe

C:\Windows\System\MWOmPSw.exe

C:\Windows\System\MWOmPSw.exe

C:\Windows\System\rayYzJy.exe

C:\Windows\System\rayYzJy.exe

C:\Windows\System\qMiApYn.exe

C:\Windows\System\qMiApYn.exe

C:\Windows\System\QpcYAzD.exe

C:\Windows\System\QpcYAzD.exe

C:\Windows\System\ztcOaCm.exe

C:\Windows\System\ztcOaCm.exe

C:\Windows\System\BxAlkXi.exe

C:\Windows\System\BxAlkXi.exe

C:\Windows\System\KgVsnoO.exe

C:\Windows\System\KgVsnoO.exe

C:\Windows\System\gvmftvr.exe

C:\Windows\System\gvmftvr.exe

C:\Windows\System\KrjidEl.exe

C:\Windows\System\KrjidEl.exe

C:\Windows\System\fooeAuz.exe

C:\Windows\System\fooeAuz.exe

C:\Windows\System\iGzejqI.exe

C:\Windows\System\iGzejqI.exe

C:\Windows\System\bxJjmul.exe

C:\Windows\System\bxJjmul.exe

C:\Windows\System\qImGlws.exe

C:\Windows\System\qImGlws.exe

C:\Windows\System\LZfRosM.exe

C:\Windows\System\LZfRosM.exe

C:\Windows\System\EXLBCOq.exe

C:\Windows\System\EXLBCOq.exe

C:\Windows\System\SmfADQq.exe

C:\Windows\System\SmfADQq.exe

C:\Windows\System\wvaCGkD.exe

C:\Windows\System\wvaCGkD.exe

C:\Windows\System\dpbAESh.exe

C:\Windows\System\dpbAESh.exe

C:\Windows\System\fWlQmbL.exe

C:\Windows\System\fWlQmbL.exe

C:\Windows\System\PHIqbCN.exe

C:\Windows\System\PHIqbCN.exe

C:\Windows\System\uMGXnMK.exe

C:\Windows\System\uMGXnMK.exe

C:\Windows\System\HIGSHPj.exe

C:\Windows\System\HIGSHPj.exe

C:\Windows\System\gnLVncc.exe

C:\Windows\System\gnLVncc.exe

C:\Windows\System\ZBEpTgZ.exe

C:\Windows\System\ZBEpTgZ.exe

C:\Windows\System\FErigFL.exe

C:\Windows\System\FErigFL.exe

C:\Windows\System\vRXiVAT.exe

C:\Windows\System\vRXiVAT.exe

C:\Windows\System\CtTGCqM.exe

C:\Windows\System\CtTGCqM.exe

C:\Windows\System\CEnyxxq.exe

C:\Windows\System\CEnyxxq.exe

C:\Windows\System\kaPwBts.exe

C:\Windows\System\kaPwBts.exe

C:\Windows\System\IJnXpWy.exe

C:\Windows\System\IJnXpWy.exe

C:\Windows\System\IkIxKAu.exe

C:\Windows\System\IkIxKAu.exe

C:\Windows\System\ncblrih.exe

C:\Windows\System\ncblrih.exe

C:\Windows\System\DecoOXl.exe

C:\Windows\System\DecoOXl.exe

C:\Windows\System\RcsXsOc.exe

C:\Windows\System\RcsXsOc.exe

C:\Windows\System\xnHZheW.exe

C:\Windows\System\xnHZheW.exe

C:\Windows\System\ouQrbCb.exe

C:\Windows\System\ouQrbCb.exe

C:\Windows\System\fKxuHGn.exe

C:\Windows\System\fKxuHGn.exe

C:\Windows\System\TRUwcPF.exe

C:\Windows\System\TRUwcPF.exe

C:\Windows\System\AGSkaIe.exe

C:\Windows\System\AGSkaIe.exe

C:\Windows\System\xImQoUs.exe

C:\Windows\System\xImQoUs.exe

C:\Windows\System\AvOfaov.exe

C:\Windows\System\AvOfaov.exe

C:\Windows\System\cwLwJcf.exe

C:\Windows\System\cwLwJcf.exe

C:\Windows\System\zzbAmMZ.exe

C:\Windows\System\zzbAmMZ.exe

C:\Windows\System\blnVkEc.exe

C:\Windows\System\blnVkEc.exe

C:\Windows\System\ZoJJpbr.exe

C:\Windows\System\ZoJJpbr.exe

C:\Windows\System\vllawod.exe

C:\Windows\System\vllawod.exe

C:\Windows\System\OCYLdDP.exe

C:\Windows\System\OCYLdDP.exe

C:\Windows\System\gEUYPRk.exe

C:\Windows\System\gEUYPRk.exe

C:\Windows\System\auqyukF.exe

C:\Windows\System\auqyukF.exe

C:\Windows\System\XndttXt.exe

C:\Windows\System\XndttXt.exe

C:\Windows\System\aFHcGZR.exe

C:\Windows\System\aFHcGZR.exe

C:\Windows\System\xCKMdxF.exe

C:\Windows\System\xCKMdxF.exe

C:\Windows\System\CrCpDtY.exe

C:\Windows\System\CrCpDtY.exe

C:\Windows\System\vFYpdWm.exe

C:\Windows\System\vFYpdWm.exe

C:\Windows\System\XLMVrSP.exe

C:\Windows\System\XLMVrSP.exe

C:\Windows\System\nvufSTP.exe

C:\Windows\System\nvufSTP.exe

C:\Windows\System\fJYjRNh.exe

C:\Windows\System\fJYjRNh.exe

C:\Windows\System\wmlPdCo.exe

C:\Windows\System\wmlPdCo.exe

C:\Windows\System\JETNoZL.exe

C:\Windows\System\JETNoZL.exe

C:\Windows\System\CvJQtRX.exe

C:\Windows\System\CvJQtRX.exe

C:\Windows\System\EYjNiAi.exe

C:\Windows\System\EYjNiAi.exe

C:\Windows\System\nUqTkNS.exe

C:\Windows\System\nUqTkNS.exe

C:\Windows\System\rNSRGtW.exe

C:\Windows\System\rNSRGtW.exe

C:\Windows\System\uzrstGc.exe

C:\Windows\System\uzrstGc.exe

C:\Windows\System\cLNRURW.exe

C:\Windows\System\cLNRURW.exe

C:\Windows\System\WxIMsIs.exe

C:\Windows\System\WxIMsIs.exe

C:\Windows\System\RwDudJU.exe

C:\Windows\System\RwDudJU.exe

C:\Windows\System\xMNZRwb.exe

C:\Windows\System\xMNZRwb.exe

C:\Windows\System\FRIamTV.exe

C:\Windows\System\FRIamTV.exe

C:\Windows\System\vKAOSBA.exe

C:\Windows\System\vKAOSBA.exe

C:\Windows\System\ozUcHUw.exe

C:\Windows\System\ozUcHUw.exe

C:\Windows\System\JmjHdCz.exe

C:\Windows\System\JmjHdCz.exe

C:\Windows\System\IBQOenH.exe

C:\Windows\System\IBQOenH.exe

C:\Windows\System\kdCKUeY.exe

C:\Windows\System\kdCKUeY.exe

C:\Windows\System\FXUUPEn.exe

C:\Windows\System\FXUUPEn.exe

C:\Windows\System\oLCrWyY.exe

C:\Windows\System\oLCrWyY.exe

C:\Windows\System\VGNjyKE.exe

C:\Windows\System\VGNjyKE.exe

C:\Windows\System\IboIlhe.exe

C:\Windows\System\IboIlhe.exe

C:\Windows\System\yxEzzBn.exe

C:\Windows\System\yxEzzBn.exe

C:\Windows\System\MkwQbdR.exe

C:\Windows\System\MkwQbdR.exe

C:\Windows\System\iFvgjWT.exe

C:\Windows\System\iFvgjWT.exe

C:\Windows\System\SinFHnW.exe

C:\Windows\System\SinFHnW.exe

C:\Windows\System\nhDgAiB.exe

C:\Windows\System\nhDgAiB.exe

C:\Windows\System\mNOEnnL.exe

C:\Windows\System\mNOEnnL.exe

C:\Windows\System\BauCYBG.exe

C:\Windows\System\BauCYBG.exe

C:\Windows\System\GEdMOJx.exe

C:\Windows\System\GEdMOJx.exe

C:\Windows\System\ZAMeTDA.exe

C:\Windows\System\ZAMeTDA.exe

C:\Windows\System\uZgirox.exe

C:\Windows\System\uZgirox.exe

C:\Windows\System\VJIpauj.exe

C:\Windows\System\VJIpauj.exe

C:\Windows\System\tIROKPd.exe

C:\Windows\System\tIROKPd.exe

C:\Windows\System\AEiDiEC.exe

C:\Windows\System\AEiDiEC.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3008-0-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/3008-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\xrJHmzf.exe

MD5 cd8f2319fe609f1de2310edacefd20ea
SHA1 480f3d155ad44dec37dd02b3e5e606406e96e15f
SHA256 550c5337574c219b679477045c94e57d32f0b488013e2f03dc10d3bb403032e1
SHA512 dd227c5eb6bf58d6591069ade02ef5d8297e1f7650fd2a848630a988a176faebbe0287b5c86ad461fd198eb30ff25dcbbaedfc29572ad7f6aa4a1b4b2c08cb1c

memory/3008-10-0x000000013F980000-0x000000013FCD4000-memory.dmp

\Windows\system\ZZIdWTb.exe

MD5 3226e1521dd5bcabc4140508a1f0de8d
SHA1 ff12f5ebe3cbc9f9741c4680ed4481f3e8e5e177
SHA256 2ffb3b4e673fcff8d0eff0fde99736ade7efc4e9d1afd90cfba94a55612a441e
SHA512 024cd179254afe86dc5e6199e7b5b1ff48ffb9eda748518e5206e7037ddbddc6378b930ae558335aa2fe4d1b1d15a439911c356f49ac7529aaccd00e869d688e

C:\Windows\system\bpRVGEj.exe

MD5 fdcad931a757fd4a64abaf9d603e80ea
SHA1 e707f81179de6e9d4b5743a95725da4558000213
SHA256 e93ecd9fc3fc052c94b53bf00c83364bc5f494282d59e2c821b285475660cc8b
SHA512 6117052bd8e5ccfabaf7b64add4f3c2cc12182853757e276272cb1d1f40d39a568ce6c35c2cd46ac75bda7a058c2c22bca15d33a74c28fb11bbb9f4dfec59dcd

memory/2788-15-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/1700-14-0x000000013F980000-0x000000013FCD4000-memory.dmp

\Windows\system\dPjvgDz.exe

MD5 b462248360a24851a8abdb68d1e4a0a0
SHA1 7d2923464ab2bb85beb34bfbc0625367d823ec3a
SHA256 f57bdfb81ccb05ed6bdd91111f2e5af2066b9893fe7c791ede38323f1e090e9f
SHA512 1ff226f63e345a11d0d4fd5a5ae7af18bdb838308f15ddebfb2073634b03fbf88edde5cfe6fab7aa89d41f7d230810588b0b39e5f979245aef18a4e72c87610f

C:\Windows\system\OnxvAnO.exe

MD5 a0c98dec80601c9e527c4e2b969c8e3a
SHA1 b475167ec2f496b44ec0e6c94ef824c6be3e4d79
SHA256 fb8ad1fff8e87385d78f7921691ea3cdc0f14111cba1978291fc1c3d9a7c3b24
SHA512 30222d1908a944604a87cbd7f2147f372c2fb4f22bf565e3ec02c12326b2ffabed4de4431cd348e5ec0ecfe4283ab62337aca0b58185dcae1bdfacdda0689363

C:\Windows\system\SeYUcXQ.exe

MD5 02ae33d477f0d54525791dee82bb5e06
SHA1 de7c8bf30788958280fa483dc1d10cbf07883f87
SHA256 0fc394e010c0b393d48c099d1df741e5cabedcce02ec48f0b379995d754d578d
SHA512 e2e6124df86e59efa565235d38913a4dea73bf507911841603b075a3401f8c7ea9a3301ce21837e4c9bb118848ae8265b2303f22a65cdedbcef487fc35fd22a1

memory/3008-34-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2716-37-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/3008-39-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2628-40-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2644-41-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/3008-42-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2708-38-0x000000013F440000-0x000000013F794000-memory.dmp

C:\Windows\system\EqexQMg.exe

MD5 36970f4594d1bbdb90b388ac89036332
SHA1 f7ba2f0611621e07e29da8b96d945a6968723b91
SHA256 fe60c2f46ffb033273a08ede7cbe30b6a29c51e979432ec0f1e650d3b9355424
SHA512 50f3f7c532d1d51168fd4ff92222bca406476cfd268d9f18e926fdb0b4da0776a6b34a4550994533c567909898f08c8b078d428f87f10071d350475bb877f876

C:\Windows\system\avaBUtm.exe

MD5 1371e2dab53088ad548a13bf476f0623
SHA1 92f39a27556b2e230c4c0d3f49ae9f971d3a9313
SHA256 a94b296402560b9c1681c51e77eeb133814ab0e40bc09b77b7ddef19d7bb14b6
SHA512 a4974f83b5d95b4b53cc80dcc486c239bcb166b0390d1ac6db6a2143c6f8d779a68f26b00509062d5652330918eda6ee5519c4f770784aa19cee29d41e0eaa9f

\Windows\system\IAUAHoD.exe

MD5 95aae7c903c77868301448361ce45091
SHA1 b1ca659dfa7aa8221e04f2e16cd46eb02b5ea189
SHA256 169042499b9f3323e03633d1b8430740931de8ca052af3f22c8d72ad9d9ff6d1
SHA512 29932caf176df131eb22d0b55bf6b6cfb0f3d245b66a5b12c9a80caac7bba44b25d1351bf1cf3cad9fc9f1651461d8bb48f0904ec002c49e4f16c0f161cc9679

memory/2176-64-0x000000013F040000-0x000000013F394000-memory.dmp

\Windows\system\AvEZbFG.exe

MD5 b69dc73947abb726ecf7af44193d82dc
SHA1 d7173e18c509303601429be7017b7122f5354c25
SHA256 7aeaced9195a83cc7acc46b71347e5c258b53a87f312ed83d63acbd99ebe3498
SHA512 934ed9e723bae051c37653d81e35432b5c18c563ba64bbf212714552f875a1a8197a66c8308ba34275a140316d7982517623a59323b4dbb7f92ce97a9497c5ea

\Windows\system\oKjIvNF.exe

MD5 0a0c4374218787e9b0e7194805fb3b6b
SHA1 0b3b69ed39e001d1acc616bc96b08ac4c38180e0
SHA256 e7d7d06cda666cacab69ea349557d8f2f71427046333d852325e18fddebb117a
SHA512 54d3ded53a2c32aee9323952e3253814424c15712e89bb35e1062c85bc2b089b552c16bcbce531844b9e1b76b411b96853796f26f3b1a5cfde8ac62dfd1951fd

memory/3008-69-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/3008-78-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2424-81-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2368-82-0x000000013F500000-0x000000013F854000-memory.dmp

memory/3008-77-0x00000000020A0000-0x00000000023F4000-memory.dmp

C:\Windows\system\yjsVWND.exe

MD5 b455c55e0f3c9e5cd9cf0ae408e35b1e
SHA1 bf78d6ffd5d42c80f843ab26b04f1daac743c7ee
SHA256 d68c82ddf54a32ab38373498cb4f692bec1a7b047be3d47cc1f444781b185dc6
SHA512 0e026f8e66c48aaeec952891cca940c4f157734d5354e6afa969456bd69461be80c83cc86cfd96ae636055511503648474b82c84eb49d310515ed4f14351b055

memory/3008-85-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2956-89-0x000000013F220000-0x000000013F574000-memory.dmp

memory/3008-88-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2668-74-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2812-71-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2780-65-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

C:\Windows\system\gLvYWMf.exe

MD5 d4cb7570e9d83b6604f44e73eac5ea37
SHA1 05322e9f3e3db4c1b111d469aa252397f15301ed
SHA256 af26b2bdd1de362bcd0a7c698659da35f6c8347f5db2d27dc3731c1f679fe58b
SHA512 16670521e3fd823284d094831b9fd79519fec7eb9f474fce81e18dc04f349f4cbef3005e0f8389ffab23cd81a174c3484710f16433992870b7629c3dbd6b0b47

memory/3008-56-0x000000013F9C0000-0x000000013FD14000-memory.dmp

\Windows\system\vzXWINW.exe

MD5 79aefac7cfbdfbd4d4baf5ceff04f360
SHA1 a508eb98146656e0cd033bea8fadf816b3eb7347
SHA256 03f8adde98685b44d3a66486f4f9864ceaf5241891594e626407e50c200e00e0
SHA512 f6aa28028fc91ee5d6ac37516b90aa0274e4d35a38f8de404604a20235cbb4a2f80c466e579fbe63d2e0ea488961a76961a750e48522b1ad88325bb37de4d13b

memory/1732-96-0x000000013FE20000-0x0000000140174000-memory.dmp

\Windows\system\uYBdZDi.exe

MD5 fa31e9375170cb6e0fc4afcedfda27d9
SHA1 8e8939dcd4898816d669bf94ecb15f5738d1a945
SHA256 459cfc8d7c8011c41a8cf4c44e7e799773a651cc7e65a470abb14c8b25210bba
SHA512 5b63da85d7e3925b7c38f7c0ebc96cc3923f67fac4bb004529af97cc839aaa8edc65fdac6c0ca63b417cf36567e4bd2f6bbc0618ef19a529d1d159a23bbb1c5e

C:\Windows\system\dpDHvna.exe

MD5 ef511c9e4767b878230349b24f72b8ce
SHA1 42d58721ddc4a576eaffa8823c76362b571cf73b
SHA256 4e8444fb82f7ec3168b7c7fdcdb3949b12bf0b95f4344f1c44495a4732168b0c
SHA512 68c4df36a0ed2665d2b24212c8c6b99daea210b6e9c56608f4676f0099f400b129b114e1e5545242257ee2d4f69f51eb1d5cb0671ac825e8bdf40d8659e1a498

memory/3008-112-0x000000013F790000-0x000000013FAE4000-memory.dmp

\Windows\system\rwrlozW.exe

MD5 3fb1743edc123bea95d2556ec65a565c
SHA1 7020a8914bd58eac4fae78262b0e30ab27fd509c
SHA256 b3ad6fe9fb66865e62e9d139e29a90f17216a79cac7a9e2a5902400c8422f0a5
SHA512 e249ca5c0edf4c591caf4544750e828b6b8497f64a4e8715d6c23fcf8b0fda5d207dfb308449392de5a275aef81c02f8acbb344b8d8d9e569441f30f0fc7c221

C:\Windows\system\gmvnEGR.exe

MD5 d33bfcac007dbcc0e6d0797140daabc9
SHA1 69c8fa52c5e6ea682d8a7e7e5d903ebdf03ad255
SHA256 696531c3acb4dbb05afb81f0e1afc8bddafed19f29ffe24858937f807e7603e3
SHA512 067dd0163d022c55c139eda0b90e3d1cd626b5ac17b67f15033ce66eca9c8096767eb41d2de1ff4d60a954e14f7b337ca82bf947706b66c370aaa0eebe264417

C:\Windows\system\kdmJIaq.exe

MD5 d405b452a2b52c3113fd77332551fdee
SHA1 d9621eff905175a318f8df7191f6ef84dc45a38b
SHA256 f4ebd4bf36827bd7d2214023240c1f1ddf54dc564ed6323d7d5c6c784a774ea0
SHA512 527ce6b386dadc8ab8682db8be4f6d143d0aaa72bf4c3bc19cd820d451ac90b749d58faf1cec037cb1237676abb0940c78b658eca588523c420e70f27076745e

C:\Windows\system\qYVtYbR.exe

MD5 f7f45101f442cdf098f4ea66e81df2ed
SHA1 f4e2a879159f077ecda44b58a71b9c4b390ca1bc
SHA256 ff3c3998dedcc17e630052454e4acfe68cf66d772638c38d88225925036fbccd
SHA512 3f3e2e9928edc11de2cd067180e420fabc072e7a0b4e775c7702ff5e2af572304c4dfeb073c4d04a0e338e59fb4bb639bee1ea9ba5902c19067eb7dacea2c105

\Windows\system\JDgrLrZ.exe

MD5 7f778540e9fd6802d798736df85e0be9
SHA1 41ede22510bdca65c4d4c0f7590eb08ecf6aa62d
SHA256 7fae5dd9310198a13cbc8095027cacccba4b5f78b17048b98187743eda8deac1
SHA512 076ecbfa1e33128a4e86e32d9973b01607a7ab06913c48da66c543201e898b626609858aa8bd19a1822b0c1e8c1f0ff5f10a50d7ef64bb75db9610556e18d98d

C:\Windows\system\HLkLafV.exe

MD5 564d28ef2295fbc1053027819a94a231
SHA1 3ac2c39f4e23de6148b38648c38c51514dbdd08a
SHA256 5ae4c686b9f506fa72af260a08ca82eafe9eb92a62367ea7a93c587edf9ed1f7
SHA512 40e55374abebbb61e5f3686ca83ff056e33cddd8b761cd607c0a0ea0623f7582cabf28e54198dd840f304fc722a9d339b0d8e9083808e9b77308eb06ac9ab7f8

C:\Windows\system\mYWLLYk.exe

MD5 097446b757db85adc8b9fac7a272ea23
SHA1 a6ae6586572d17472b684abad09e93c8a9ca5563
SHA256 292c40f5a9997a47d9791dfb61a301ca307d136c5adda3e3d624ff821fe9e2f1
SHA512 2dd8eb654491fdf6136e7bc9d932031866479a22763e543b3bcc91d5eccbdc90db1be49648305de771eee881780fb5856b5c9975af15fe8a80fde9a993a53afd

C:\Windows\system\tIgTOkI.exe

MD5 32064e3128262c2787ab3ad16d95e522
SHA1 f43407156d5e551df764b135a6f4f0bfda590eea
SHA256 e11d9d550866798a44485c8971edaf69afc1a9cebb89015a8fddc125d034d35a
SHA512 c0faec7eb7d885fed285ee3b6fcc3fff414d16286bfec440da7a1ee2d2b90a0d2aff24d1af2e7b32b1f271059e3b483d5932502442b00687a36c5a04ee96f630

C:\Windows\system\BPJQAzY.exe

MD5 e30e7b41289e412eefd8304a75fcc634
SHA1 17fb686af39aadbef375621afc0b5b7d3277affb
SHA256 5098da7262e73a300741a271fc5d28f3383467563a2bf2064a8923eeba838717
SHA512 a2c3c47feb2a5f21637ef52111734c5f06705b0c1a01fa575ad49b7d43bdafee6f4fa0dbf1940fdf6a96bfb15dac724d5596ce790989d2ab36a8695c39f1b76f

C:\Windows\system\yLucoUX.exe

MD5 4820c836555799bd20bf77086b14645f
SHA1 41f7d807ab92410d0b355853abae92c91d9d3763
SHA256 3699f7852dc0f4903164dfddd3b3f4e355534e8043cc8e47df35e47c19faecbe
SHA512 93a1bd9f0afba50889fe8c074acb1e87938f41f7edfe512975fd2faa4a93ef1afcceafe558eaa0c3690e1f140c0bbc744296b6ea342032a6fefafee3a2af79cd

\Windows\system\NCadzfZ.exe

MD5 00f7aad8ca239ea929578d2a34809c35
SHA1 ad1efc83be2f7dbf13245c9285818dcfb1da2a53
SHA256 3e63705e63228f978c8bd6cf513566d0a35216505c2cc2ff3b38f34a72e4d215
SHA512 7ce2b8403dfb159f442f50f3ef354f4640349f3bd23d1c779ed6ee504e49b7aaa9a47dc4a08764239b58f303c01b5bf293286d146f7f635288656baba0dde117

C:\Windows\system\ZQZCHHl.exe

MD5 cee28fa4240cf1a48e38f5c92ca78ad2
SHA1 4ef9ad5675387c93486233f347949c99e025dcf8
SHA256 e633d64e057d53b570922a791cf9460802bbf8c30d24772327d47d730daf3e0b
SHA512 d4d87a4e01965d5d414d0eb67036b1138a16e265431dc8aba7ad15297b5381d5f0309388e0219df2be3ae61ba752b8d5d80fdebb2525de244a2332f794bf492d

C:\Windows\system\MOTVwKe.exe

MD5 009d98d26fb354e144b558f6fee4e8ad
SHA1 53cbff7e319bebd03e18cae00f0b94b70a891747
SHA256 4b24a65a779b8b1dfc5dda2eeb9a55338f7cb3e1c6dca5228b4bb405c20e6176
SHA512 1341779e8495366becb89a60b39df91c16d38c3948448778bea717e489b9ce6fdf44b1930b2c01fd0aa20b2a712f9167db734e673c4e3f27ad45c13bcbf4ff81

memory/3008-183-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2176-192-0x000000013F040000-0x000000013F394000-memory.dmp

\Windows\system\MpguGGT.exe

MD5 c0bdac724c6f63db3e53cf3f4fdd07ec
SHA1 3203a3fb2ce73bea7c3ca4d135fa1fc69257a9fa
SHA256 e276c7e8754c508b15568dd438aea3c45c4731eab62b5e8be0f1ad34a2783a22
SHA512 3229b9044d569300da4a2b06cd8ee1ba92c06e013638dc1bd06aa341a88db0e5a0b085800a693f5d5d264cc391239ff78d6e4d20d371a7e869b607ee7a1998ae

\Windows\system\tsZZWFD.exe

MD5 65a3e4cdfc52b86c381af1b4cb72d84d
SHA1 eed8d38fed4f2e323b0a790d9f224077761304d6
SHA256 151a035688cc7f28fb0cc6cac356041b2652e0c953c6f05b73476a7bb9296ee5
SHA512 75e7ebcf40cebf5b449cb71e229c088cdab4f8d387a917c8c43153a3abd9a1a817c7f5a88c36cbaa20b3974978991e5f685f0736d559e0592ca4b53ff5650128

C:\Windows\system\OsLrvCQ.exe

MD5 a36b651ffff18e8555f1b3ade77ca3d8
SHA1 8ddf0a8094b3c2ba52f2425e2f8a5d9f0b8eb2d6
SHA256 0f5a05c231775193547bfe1525ab8cc27042eb311f26861fa3afcb0274b1ebc3
SHA512 aadccd564c8209d293ff22e573cf46ec40767430cdfdf7690e9282b708045dbfcc427be34183a404d554fb09760c48645a13757d3244446664342ef11f0d2100

memory/3008-1068-0x00000000020A0000-0x00000000023F4000-memory.dmp

C:\Windows\system\KgoggEt.exe

MD5 5551cd18f350c2f70614d0ffba700ba5
SHA1 0f4a58b0dedf619877acd50fa551313089042ef0
SHA256 98ec45817ab542b5eb2b308c501ec58901a362407c1d97ed91d2035ef3ab98d3
SHA512 35088f97fcb4efa089709dadad1133e1e0c41b8773487a2e9baaccd23bfdebc1855fb525771059a4861b682b7c06dc25c9874a3a809c5dc8e0b943fbfca29977

memory/3008-1069-0x00000000020A0000-0x00000000023F4000-memory.dmp

memory/2956-1070-0x000000013F220000-0x000000013F574000-memory.dmp

memory/1732-1071-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/3008-1072-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1700-1073-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2788-1074-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2644-1075-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2628-1077-0x000000013F680000-0x000000013F9D4000-memory.dmp

memory/2716-1076-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2708-1078-0x000000013F440000-0x000000013F794000-memory.dmp

memory/2780-1079-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2812-1080-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2176-1082-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2668-1081-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2368-1083-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2424-1084-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2956-1086-0x000000013F220000-0x000000013F574000-memory.dmp

memory/1732-1085-0x000000013FE20000-0x0000000140174000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-01 10:52

Reported

2024-07-01 10:54

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\NQspQdy.exe N/A
N/A N/A C:\Windows\System\LlaKIQE.exe N/A
N/A N/A C:\Windows\System\oUSIZAW.exe N/A
N/A N/A C:\Windows\System\QHYLEDF.exe N/A
N/A N/A C:\Windows\System\LloRntk.exe N/A
N/A N/A C:\Windows\System\PsEMiwg.exe N/A
N/A N/A C:\Windows\System\NgaLnGL.exe N/A
N/A N/A C:\Windows\System\BnOKmRM.exe N/A
N/A N/A C:\Windows\System\RmAiEKa.exe N/A
N/A N/A C:\Windows\System\RrXaOku.exe N/A
N/A N/A C:\Windows\System\iKHQKcm.exe N/A
N/A N/A C:\Windows\System\dUCawjw.exe N/A
N/A N/A C:\Windows\System\NpVznvr.exe N/A
N/A N/A C:\Windows\System\siGZcky.exe N/A
N/A N/A C:\Windows\System\bnruzlu.exe N/A
N/A N/A C:\Windows\System\joDpZlb.exe N/A
N/A N/A C:\Windows\System\LSjNYEa.exe N/A
N/A N/A C:\Windows\System\HIAgMPI.exe N/A
N/A N/A C:\Windows\System\RqWvUKj.exe N/A
N/A N/A C:\Windows\System\aDltFBw.exe N/A
N/A N/A C:\Windows\System\RiqZsfS.exe N/A
N/A N/A C:\Windows\System\XMnQcbD.exe N/A
N/A N/A C:\Windows\System\PKdfUnY.exe N/A
N/A N/A C:\Windows\System\typrzXp.exe N/A
N/A N/A C:\Windows\System\YgWWkUe.exe N/A
N/A N/A C:\Windows\System\aYyHLJS.exe N/A
N/A N/A C:\Windows\System\sEksUmG.exe N/A
N/A N/A C:\Windows\System\OQRppAs.exe N/A
N/A N/A C:\Windows\System\XULuPIb.exe N/A
N/A N/A C:\Windows\System\thBtaIS.exe N/A
N/A N/A C:\Windows\System\pqSYYUU.exe N/A
N/A N/A C:\Windows\System\wXviMQi.exe N/A
N/A N/A C:\Windows\System\ThZhHaR.exe N/A
N/A N/A C:\Windows\System\zsiaqKM.exe N/A
N/A N/A C:\Windows\System\AGRoxso.exe N/A
N/A N/A C:\Windows\System\OuYbcIa.exe N/A
N/A N/A C:\Windows\System\llUiODc.exe N/A
N/A N/A C:\Windows\System\tPZTYYZ.exe N/A
N/A N/A C:\Windows\System\FbiNXpZ.exe N/A
N/A N/A C:\Windows\System\LnFmHrO.exe N/A
N/A N/A C:\Windows\System\HkSMdYd.exe N/A
N/A N/A C:\Windows\System\LvhVPVY.exe N/A
N/A N/A C:\Windows\System\ItkFHrj.exe N/A
N/A N/A C:\Windows\System\ulsWCFu.exe N/A
N/A N/A C:\Windows\System\mazmCwU.exe N/A
N/A N/A C:\Windows\System\xszvtza.exe N/A
N/A N/A C:\Windows\System\NeqvvbP.exe N/A
N/A N/A C:\Windows\System\rukzsrZ.exe N/A
N/A N/A C:\Windows\System\LWOUyVV.exe N/A
N/A N/A C:\Windows\System\pqGmulE.exe N/A
N/A N/A C:\Windows\System\hdvRtXy.exe N/A
N/A N/A C:\Windows\System\DrYmpyv.exe N/A
N/A N/A C:\Windows\System\tfhFPSm.exe N/A
N/A N/A C:\Windows\System\riOqJbh.exe N/A
N/A N/A C:\Windows\System\wfrCIMH.exe N/A
N/A N/A C:\Windows\System\aytILsr.exe N/A
N/A N/A C:\Windows\System\baQfvqQ.exe N/A
N/A N/A C:\Windows\System\RoHsrLC.exe N/A
N/A N/A C:\Windows\System\WLMTgqF.exe N/A
N/A N/A C:\Windows\System\zxHosWm.exe N/A
N/A N/A C:\Windows\System\HBfSOVk.exe N/A
N/A N/A C:\Windows\System\kMltudB.exe N/A
N/A N/A C:\Windows\System\MkqsPma.exe N/A
N/A N/A C:\Windows\System\mGAwmDf.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\hzlNRfl.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\mtwecTd.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\MjAjSIM.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCriktw.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAqtrma.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ghylcQq.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\stqgsyO.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdvNTcd.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxDMoGd.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\awYjqRd.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUSIZAW.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDITvTn.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDxPdMt.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\WPnXzvx.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\mjBvKJT.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPfVUDi.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoMUiRR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDTlVVs.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSvIqoq.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\qEUyYNr.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMnQcbD.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrYmpyv.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdTlWAe.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpgJAmT.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\LloRntk.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBfSOVk.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XrFbqCF.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPyrLOR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyaWuaM.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\pgOgjQb.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\cAEqaTn.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKaMYwl.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCvYaCe.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSLJxdu.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnruzlu.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\aytILsr.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\biytuAR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdueWGj.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCwJbJV.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\rjzsizR.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqSYYUU.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\riOqJbh.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wfrCIMH.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWhqRUs.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEUlPRq.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVzwgPH.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpCYlPF.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQdoFtA.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\Klgylcs.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\thBtaIS.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\OuYbcIa.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCDgfRZ.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIvuSff.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\QmgRifV.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARkbaLn.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqFNCge.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbFYgzA.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\ihgbEXb.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQmMHah.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLFdGFg.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnazaxx.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKdfUnY.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XULuPIb.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A
File created C:\Windows\System\XAhddKo.exe C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4472 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NQspQdy.exe
PID 4472 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NQspQdy.exe
PID 4472 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LlaKIQE.exe
PID 4472 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LlaKIQE.exe
PID 4472 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\oUSIZAW.exe
PID 4472 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\oUSIZAW.exe
PID 4472 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\QHYLEDF.exe
PID 4472 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\QHYLEDF.exe
PID 4472 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LloRntk.exe
PID 4472 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LloRntk.exe
PID 4472 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\PsEMiwg.exe
PID 4472 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\PsEMiwg.exe
PID 4472 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NgaLnGL.exe
PID 4472 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NgaLnGL.exe
PID 4472 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\BnOKmRM.exe
PID 4472 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\BnOKmRM.exe
PID 4472 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RmAiEKa.exe
PID 4472 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RmAiEKa.exe
PID 4472 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RrXaOku.exe
PID 4472 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RrXaOku.exe
PID 4472 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\iKHQKcm.exe
PID 4472 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\iKHQKcm.exe
PID 4472 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dUCawjw.exe
PID 4472 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\dUCawjw.exe
PID 4472 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NpVznvr.exe
PID 4472 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\NpVznvr.exe
PID 4472 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\siGZcky.exe
PID 4472 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\siGZcky.exe
PID 4472 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\bnruzlu.exe
PID 4472 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\bnruzlu.exe
PID 4472 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\joDpZlb.exe
PID 4472 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\joDpZlb.exe
PID 4472 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LSjNYEa.exe
PID 4472 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\LSjNYEa.exe
PID 4472 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\HIAgMPI.exe
PID 4472 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\HIAgMPI.exe
PID 4472 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RqWvUKj.exe
PID 4472 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RqWvUKj.exe
PID 4472 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\aDltFBw.exe
PID 4472 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\aDltFBw.exe
PID 4472 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RiqZsfS.exe
PID 4472 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\RiqZsfS.exe
PID 4472 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\XMnQcbD.exe
PID 4472 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\XMnQcbD.exe
PID 4472 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\PKdfUnY.exe
PID 4472 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\PKdfUnY.exe
PID 4472 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\typrzXp.exe
PID 4472 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\typrzXp.exe
PID 4472 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\YgWWkUe.exe
PID 4472 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\YgWWkUe.exe
PID 4472 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\aYyHLJS.exe
PID 4472 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\aYyHLJS.exe
PID 4472 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\sEksUmG.exe
PID 4472 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\sEksUmG.exe
PID 4472 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\OQRppAs.exe
PID 4472 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\OQRppAs.exe
PID 4472 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\XULuPIb.exe
PID 4472 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\XULuPIb.exe
PID 4472 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\thBtaIS.exe
PID 4472 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\thBtaIS.exe
PID 4472 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\pqSYYUU.exe
PID 4472 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\pqSYYUU.exe
PID 4472 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\wXviMQi.exe
PID 4472 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe C:\Windows\System\wXviMQi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4c46df55cc99cfff444ea16949745b15310ff35b6b9ee377c9b89f6e2f63c92d_NeikiAnalytics.exe"

C:\Windows\System\NQspQdy.exe

C:\Windows\System\NQspQdy.exe

C:\Windows\System\LlaKIQE.exe

C:\Windows\System\LlaKIQE.exe

C:\Windows\System\oUSIZAW.exe

C:\Windows\System\oUSIZAW.exe

C:\Windows\System\QHYLEDF.exe

C:\Windows\System\QHYLEDF.exe

C:\Windows\System\LloRntk.exe

C:\Windows\System\LloRntk.exe

C:\Windows\System\PsEMiwg.exe

C:\Windows\System\PsEMiwg.exe

C:\Windows\System\NgaLnGL.exe

C:\Windows\System\NgaLnGL.exe

C:\Windows\System\BnOKmRM.exe

C:\Windows\System\BnOKmRM.exe

C:\Windows\System\RmAiEKa.exe

C:\Windows\System\RmAiEKa.exe

C:\Windows\System\RrXaOku.exe

C:\Windows\System\RrXaOku.exe

C:\Windows\System\iKHQKcm.exe

C:\Windows\System\iKHQKcm.exe

C:\Windows\System\dUCawjw.exe

C:\Windows\System\dUCawjw.exe

C:\Windows\System\NpVznvr.exe

C:\Windows\System\NpVznvr.exe

C:\Windows\System\siGZcky.exe

C:\Windows\System\siGZcky.exe

C:\Windows\System\bnruzlu.exe

C:\Windows\System\bnruzlu.exe

C:\Windows\System\joDpZlb.exe

C:\Windows\System\joDpZlb.exe

C:\Windows\System\LSjNYEa.exe

C:\Windows\System\LSjNYEa.exe

C:\Windows\System\HIAgMPI.exe

C:\Windows\System\HIAgMPI.exe

C:\Windows\System\RqWvUKj.exe

C:\Windows\System\RqWvUKj.exe

C:\Windows\System\aDltFBw.exe

C:\Windows\System\aDltFBw.exe

C:\Windows\System\RiqZsfS.exe

C:\Windows\System\RiqZsfS.exe

C:\Windows\System\XMnQcbD.exe

C:\Windows\System\XMnQcbD.exe

C:\Windows\System\PKdfUnY.exe

C:\Windows\System\PKdfUnY.exe

C:\Windows\System\typrzXp.exe

C:\Windows\System\typrzXp.exe

C:\Windows\System\YgWWkUe.exe

C:\Windows\System\YgWWkUe.exe

C:\Windows\System\aYyHLJS.exe

C:\Windows\System\aYyHLJS.exe

C:\Windows\System\sEksUmG.exe

C:\Windows\System\sEksUmG.exe

C:\Windows\System\OQRppAs.exe

C:\Windows\System\OQRppAs.exe

C:\Windows\System\XULuPIb.exe

C:\Windows\System\XULuPIb.exe

C:\Windows\System\thBtaIS.exe

C:\Windows\System\thBtaIS.exe

C:\Windows\System\pqSYYUU.exe

C:\Windows\System\pqSYYUU.exe

C:\Windows\System\wXviMQi.exe

C:\Windows\System\wXviMQi.exe

C:\Windows\System\ThZhHaR.exe

C:\Windows\System\ThZhHaR.exe

C:\Windows\System\zsiaqKM.exe

C:\Windows\System\zsiaqKM.exe

C:\Windows\System\AGRoxso.exe

C:\Windows\System\AGRoxso.exe

C:\Windows\System\OuYbcIa.exe

C:\Windows\System\OuYbcIa.exe

C:\Windows\System\llUiODc.exe

C:\Windows\System\llUiODc.exe

C:\Windows\System\tPZTYYZ.exe

C:\Windows\System\tPZTYYZ.exe

C:\Windows\System\FbiNXpZ.exe

C:\Windows\System\FbiNXpZ.exe

C:\Windows\System\LnFmHrO.exe

C:\Windows\System\LnFmHrO.exe

C:\Windows\System\HkSMdYd.exe

C:\Windows\System\HkSMdYd.exe

C:\Windows\System\LvhVPVY.exe

C:\Windows\System\LvhVPVY.exe

C:\Windows\System\ItkFHrj.exe

C:\Windows\System\ItkFHrj.exe

C:\Windows\System\ulsWCFu.exe

C:\Windows\System\ulsWCFu.exe

C:\Windows\System\mazmCwU.exe

C:\Windows\System\mazmCwU.exe

C:\Windows\System\xszvtza.exe

C:\Windows\System\xszvtza.exe

C:\Windows\System\NeqvvbP.exe

C:\Windows\System\NeqvvbP.exe

C:\Windows\System\rukzsrZ.exe

C:\Windows\System\rukzsrZ.exe

C:\Windows\System\LWOUyVV.exe

C:\Windows\System\LWOUyVV.exe

C:\Windows\System\pqGmulE.exe

C:\Windows\System\pqGmulE.exe

C:\Windows\System\hdvRtXy.exe

C:\Windows\System\hdvRtXy.exe

C:\Windows\System\DrYmpyv.exe

C:\Windows\System\DrYmpyv.exe

C:\Windows\System\tfhFPSm.exe

C:\Windows\System\tfhFPSm.exe

C:\Windows\System\riOqJbh.exe

C:\Windows\System\riOqJbh.exe

C:\Windows\System\wfrCIMH.exe

C:\Windows\System\wfrCIMH.exe

C:\Windows\System\aytILsr.exe

C:\Windows\System\aytILsr.exe

C:\Windows\System\baQfvqQ.exe

C:\Windows\System\baQfvqQ.exe

C:\Windows\System\RoHsrLC.exe

C:\Windows\System\RoHsrLC.exe

C:\Windows\System\WLMTgqF.exe

C:\Windows\System\WLMTgqF.exe

C:\Windows\System\zxHosWm.exe

C:\Windows\System\zxHosWm.exe

C:\Windows\System\HBfSOVk.exe

C:\Windows\System\HBfSOVk.exe

C:\Windows\System\kMltudB.exe

C:\Windows\System\kMltudB.exe

C:\Windows\System\MkqsPma.exe

C:\Windows\System\MkqsPma.exe

C:\Windows\System\mGAwmDf.exe

C:\Windows\System\mGAwmDf.exe

C:\Windows\System\KqXUMXS.exe

C:\Windows\System\KqXUMXS.exe

C:\Windows\System\YAmipsl.exe

C:\Windows\System\YAmipsl.exe

C:\Windows\System\XhvoNxT.exe

C:\Windows\System\XhvoNxT.exe

C:\Windows\System\cOUarNi.exe

C:\Windows\System\cOUarNi.exe

C:\Windows\System\MtZyJkZ.exe

C:\Windows\System\MtZyJkZ.exe

C:\Windows\System\biytuAR.exe

C:\Windows\System\biytuAR.exe

C:\Windows\System\MaiwUzJ.exe

C:\Windows\System\MaiwUzJ.exe

C:\Windows\System\FuhoOfo.exe

C:\Windows\System\FuhoOfo.exe

C:\Windows\System\nPJWujg.exe

C:\Windows\System\nPJWujg.exe

C:\Windows\System\YBRteQd.exe

C:\Windows\System\YBRteQd.exe

C:\Windows\System\XAhddKo.exe

C:\Windows\System\XAhddKo.exe

C:\Windows\System\GhJIRia.exe

C:\Windows\System\GhJIRia.exe

C:\Windows\System\GoxwmGH.exe

C:\Windows\System\GoxwmGH.exe

C:\Windows\System\DuGSlMH.exe

C:\Windows\System\DuGSlMH.exe

C:\Windows\System\YKDCgAU.exe

C:\Windows\System\YKDCgAU.exe

C:\Windows\System\TWlmgvh.exe

C:\Windows\System\TWlmgvh.exe

C:\Windows\System\RBPEwnp.exe

C:\Windows\System\RBPEwnp.exe

C:\Windows\System\oDQZUKE.exe

C:\Windows\System\oDQZUKE.exe

C:\Windows\System\hzlNRfl.exe

C:\Windows\System\hzlNRfl.exe

C:\Windows\System\yFVbuKn.exe

C:\Windows\System\yFVbuKn.exe

C:\Windows\System\padBPiw.exe

C:\Windows\System\padBPiw.exe

C:\Windows\System\wGvtEFQ.exe

C:\Windows\System\wGvtEFQ.exe

C:\Windows\System\jubpDqf.exe

C:\Windows\System\jubpDqf.exe

C:\Windows\System\KSXmNja.exe

C:\Windows\System\KSXmNja.exe

C:\Windows\System\onymrLd.exe

C:\Windows\System\onymrLd.exe

C:\Windows\System\lEZsrgs.exe

C:\Windows\System\lEZsrgs.exe

C:\Windows\System\kIvuSff.exe

C:\Windows\System\kIvuSff.exe

C:\Windows\System\FaeAnKj.exe

C:\Windows\System\FaeAnKj.exe

C:\Windows\System\UBEcAdp.exe

C:\Windows\System\UBEcAdp.exe

C:\Windows\System\magHnaB.exe

C:\Windows\System\magHnaB.exe

C:\Windows\System\jJybhEi.exe

C:\Windows\System\jJybhEi.exe

C:\Windows\System\yVfPcqR.exe

C:\Windows\System\yVfPcqR.exe

C:\Windows\System\ZDsiAAK.exe

C:\Windows\System\ZDsiAAK.exe

C:\Windows\System\RwcCKgM.exe

C:\Windows\System\RwcCKgM.exe

C:\Windows\System\woYLjHU.exe

C:\Windows\System\woYLjHU.exe

C:\Windows\System\HOhVFnp.exe

C:\Windows\System\HOhVFnp.exe

C:\Windows\System\RoUEnFF.exe

C:\Windows\System\RoUEnFF.exe

C:\Windows\System\BYsrONo.exe

C:\Windows\System\BYsrONo.exe

C:\Windows\System\WLkeABn.exe

C:\Windows\System\WLkeABn.exe

C:\Windows\System\tbFYgzA.exe

C:\Windows\System\tbFYgzA.exe

C:\Windows\System\bjSAqwK.exe

C:\Windows\System\bjSAqwK.exe

C:\Windows\System\ZUeyIBH.exe

C:\Windows\System\ZUeyIBH.exe

C:\Windows\System\zWNXuVZ.exe

C:\Windows\System\zWNXuVZ.exe

C:\Windows\System\MDdBabo.exe

C:\Windows\System\MDdBabo.exe

C:\Windows\System\wHeqnNe.exe

C:\Windows\System\wHeqnNe.exe

C:\Windows\System\WdeQUdQ.exe

C:\Windows\System\WdeQUdQ.exe

C:\Windows\System\qtGBmiq.exe

C:\Windows\System\qtGBmiq.exe

C:\Windows\System\evlarps.exe

C:\Windows\System\evlarps.exe

C:\Windows\System\mVHhjAO.exe

C:\Windows\System\mVHhjAO.exe

C:\Windows\System\fDjecNv.exe

C:\Windows\System\fDjecNv.exe

C:\Windows\System\nXXbUtb.exe

C:\Windows\System\nXXbUtb.exe

C:\Windows\System\mtkWYNc.exe

C:\Windows\System\mtkWYNc.exe

C:\Windows\System\crEPBFE.exe

C:\Windows\System\crEPBFE.exe

C:\Windows\System\ocDOyyn.exe

C:\Windows\System\ocDOyyn.exe

C:\Windows\System\AZXVtqi.exe

C:\Windows\System\AZXVtqi.exe

C:\Windows\System\wDITvTn.exe

C:\Windows\System\wDITvTn.exe

C:\Windows\System\hzusccS.exe

C:\Windows\System\hzusccS.exe

C:\Windows\System\XrFbqCF.exe

C:\Windows\System\XrFbqCF.exe

C:\Windows\System\CXqqVHD.exe

C:\Windows\System\CXqqVHD.exe

C:\Windows\System\YhGwtrk.exe

C:\Windows\System\YhGwtrk.exe

C:\Windows\System\RDxPdMt.exe

C:\Windows\System\RDxPdMt.exe

C:\Windows\System\jwmbuKb.exe

C:\Windows\System\jwmbuKb.exe

C:\Windows\System\eTbCtuZ.exe

C:\Windows\System\eTbCtuZ.exe

C:\Windows\System\fXoKPuP.exe

C:\Windows\System\fXoKPuP.exe

C:\Windows\System\IPyrLOR.exe

C:\Windows\System\IPyrLOR.exe

C:\Windows\System\bMBBzxY.exe

C:\Windows\System\bMBBzxY.exe

C:\Windows\System\kMnmayN.exe

C:\Windows\System\kMnmayN.exe

C:\Windows\System\BCGrxpL.exe

C:\Windows\System\BCGrxpL.exe

C:\Windows\System\nHxVyKO.exe

C:\Windows\System\nHxVyKO.exe

C:\Windows\System\jTWrIHt.exe

C:\Windows\System\jTWrIHt.exe

C:\Windows\System\fjKyVdS.exe

C:\Windows\System\fjKyVdS.exe

C:\Windows\System\YyaWuaM.exe

C:\Windows\System\YyaWuaM.exe

C:\Windows\System\NEbOOGN.exe

C:\Windows\System\NEbOOGN.exe

C:\Windows\System\FZSwnUp.exe

C:\Windows\System\FZSwnUp.exe

C:\Windows\System\pgOgjQb.exe

C:\Windows\System\pgOgjQb.exe

C:\Windows\System\ihgbEXb.exe

C:\Windows\System\ihgbEXb.exe

C:\Windows\System\lCNvshA.exe

C:\Windows\System\lCNvshA.exe

C:\Windows\System\LpvfUAY.exe

C:\Windows\System\LpvfUAY.exe

C:\Windows\System\mtwecTd.exe

C:\Windows\System\mtwecTd.exe

C:\Windows\System\wWhqRUs.exe

C:\Windows\System\wWhqRUs.exe

C:\Windows\System\MjAjSIM.exe

C:\Windows\System\MjAjSIM.exe

C:\Windows\System\HdvNTcd.exe

C:\Windows\System\HdvNTcd.exe

C:\Windows\System\YteLRbo.exe

C:\Windows\System\YteLRbo.exe

C:\Windows\System\dAGKKlJ.exe

C:\Windows\System\dAGKKlJ.exe

C:\Windows\System\OYnVVqD.exe

C:\Windows\System\OYnVVqD.exe

C:\Windows\System\pwJzRtw.exe

C:\Windows\System\pwJzRtw.exe

C:\Windows\System\NlhYnDJ.exe

C:\Windows\System\NlhYnDJ.exe

C:\Windows\System\YMocCvp.exe

C:\Windows\System\YMocCvp.exe

C:\Windows\System\cCOsjkK.exe

C:\Windows\System\cCOsjkK.exe

C:\Windows\System\eubgWDb.exe

C:\Windows\System\eubgWDb.exe

C:\Windows\System\HitDzQN.exe

C:\Windows\System\HitDzQN.exe

C:\Windows\System\DoMUiRR.exe

C:\Windows\System\DoMUiRR.exe

C:\Windows\System\uMHfgZg.exe

C:\Windows\System\uMHfgZg.exe

C:\Windows\System\rEUlPRq.exe

C:\Windows\System\rEUlPRq.exe

C:\Windows\System\RVAEERz.exe

C:\Windows\System\RVAEERz.exe

C:\Windows\System\SpizixZ.exe

C:\Windows\System\SpizixZ.exe

C:\Windows\System\LUZUwAr.exe

C:\Windows\System\LUZUwAr.exe

C:\Windows\System\pgdsuaa.exe

C:\Windows\System\pgdsuaa.exe

C:\Windows\System\XcpBqeB.exe

C:\Windows\System\XcpBqeB.exe

C:\Windows\System\TVzwgPH.exe

C:\Windows\System\TVzwgPH.exe

C:\Windows\System\ncjFtTg.exe

C:\Windows\System\ncjFtTg.exe

C:\Windows\System\xxFfRJJ.exe

C:\Windows\System\xxFfRJJ.exe

C:\Windows\System\nmzoTOc.exe

C:\Windows\System\nmzoTOc.exe

C:\Windows\System\pkotGvM.exe

C:\Windows\System\pkotGvM.exe

C:\Windows\System\rxKspBT.exe

C:\Windows\System\rxKspBT.exe

C:\Windows\System\sCriktw.exe

C:\Windows\System\sCriktw.exe

C:\Windows\System\cpCYlPF.exe

C:\Windows\System\cpCYlPF.exe

C:\Windows\System\LxDMoGd.exe

C:\Windows\System\LxDMoGd.exe

C:\Windows\System\INHAvxi.exe

C:\Windows\System\INHAvxi.exe

C:\Windows\System\UfSiKlM.exe

C:\Windows\System\UfSiKlM.exe

C:\Windows\System\rjzsizR.exe

C:\Windows\System\rjzsizR.exe

C:\Windows\System\jGlrwCD.exe

C:\Windows\System\jGlrwCD.exe

C:\Windows\System\YXsLqCH.exe

C:\Windows\System\YXsLqCH.exe

C:\Windows\System\fxMmiBL.exe

C:\Windows\System\fxMmiBL.exe

C:\Windows\System\eKmgaME.exe

C:\Windows\System\eKmgaME.exe

C:\Windows\System\efizURn.exe

C:\Windows\System\efizURn.exe

C:\Windows\System\UzafXMc.exe

C:\Windows\System\UzafXMc.exe

C:\Windows\System\tOlKhbd.exe

C:\Windows\System\tOlKhbd.exe

C:\Windows\System\zmgQpBI.exe

C:\Windows\System\zmgQpBI.exe

C:\Windows\System\jCDgfRZ.exe

C:\Windows\System\jCDgfRZ.exe

C:\Windows\System\rsZVoYD.exe

C:\Windows\System\rsZVoYD.exe

C:\Windows\System\jMekmEV.exe

C:\Windows\System\jMekmEV.exe

C:\Windows\System\MYwsfHp.exe

C:\Windows\System\MYwsfHp.exe

C:\Windows\System\QQqkrdW.exe

C:\Windows\System\QQqkrdW.exe

C:\Windows\System\gziOnWP.exe

C:\Windows\System\gziOnWP.exe

C:\Windows\System\fHAOxoc.exe

C:\Windows\System\fHAOxoc.exe

C:\Windows\System\xPupRUk.exe

C:\Windows\System\xPupRUk.exe

C:\Windows\System\XOfLcUs.exe

C:\Windows\System\XOfLcUs.exe

C:\Windows\System\BxrnbrI.exe

C:\Windows\System\BxrnbrI.exe

C:\Windows\System\FlcjlcY.exe

C:\Windows\System\FlcjlcY.exe

C:\Windows\System\nQmMHah.exe

C:\Windows\System\nQmMHah.exe

C:\Windows\System\msRYluS.exe

C:\Windows\System\msRYluS.exe

C:\Windows\System\UCfIQkB.exe

C:\Windows\System\UCfIQkB.exe

C:\Windows\System\nAPdxng.exe

C:\Windows\System\nAPdxng.exe

C:\Windows\System\GIPcvJr.exe

C:\Windows\System\GIPcvJr.exe

C:\Windows\System\tdTlWAe.exe

C:\Windows\System\tdTlWAe.exe

C:\Windows\System\PEnGAyF.exe

C:\Windows\System\PEnGAyF.exe

C:\Windows\System\HezRsjS.exe

C:\Windows\System\HezRsjS.exe

C:\Windows\System\FJHiKev.exe

C:\Windows\System\FJHiKev.exe

C:\Windows\System\XcBrJFI.exe

C:\Windows\System\XcBrJFI.exe

C:\Windows\System\adAFTbi.exe

C:\Windows\System\adAFTbi.exe

C:\Windows\System\yAiFtnI.exe

C:\Windows\System\yAiFtnI.exe

C:\Windows\System\HnVzZNV.exe

C:\Windows\System\HnVzZNV.exe

C:\Windows\System\NLldVqk.exe

C:\Windows\System\NLldVqk.exe

C:\Windows\System\zCqHaem.exe

C:\Windows\System\zCqHaem.exe

C:\Windows\System\fYOwzOg.exe

C:\Windows\System\fYOwzOg.exe

C:\Windows\System\xpPLiPf.exe

C:\Windows\System\xpPLiPf.exe

C:\Windows\System\RhUJLOe.exe

C:\Windows\System\RhUJLOe.exe

C:\Windows\System\SYdvAVP.exe

C:\Windows\System\SYdvAVP.exe

C:\Windows\System\jCnKNDD.exe

C:\Windows\System\jCnKNDD.exe

C:\Windows\System\GsxrqZS.exe

C:\Windows\System\GsxrqZS.exe

C:\Windows\System\VElscft.exe

C:\Windows\System\VElscft.exe

C:\Windows\System\cAEqaTn.exe

C:\Windows\System\cAEqaTn.exe

C:\Windows\System\SSQTKpP.exe

C:\Windows\System\SSQTKpP.exe

C:\Windows\System\UemKhgI.exe

C:\Windows\System\UemKhgI.exe

C:\Windows\System\OyLZUmq.exe

C:\Windows\System\OyLZUmq.exe

C:\Windows\System\TFCWthF.exe

C:\Windows\System\TFCWthF.exe

C:\Windows\System\VpgJAmT.exe

C:\Windows\System\VpgJAmT.exe

C:\Windows\System\cAkRBIX.exe

C:\Windows\System\cAkRBIX.exe

C:\Windows\System\RvZlXbX.exe

C:\Windows\System\RvZlXbX.exe

C:\Windows\System\wdueWGj.exe

C:\Windows\System\wdueWGj.exe

C:\Windows\System\THdWxQM.exe

C:\Windows\System\THdWxQM.exe

C:\Windows\System\TxuGFUX.exe

C:\Windows\System\TxuGFUX.exe

C:\Windows\System\owKrpuo.exe

C:\Windows\System\owKrpuo.exe

C:\Windows\System\XXFVixX.exe

C:\Windows\System\XXFVixX.exe

C:\Windows\System\FmSbHOK.exe

C:\Windows\System\FmSbHOK.exe

C:\Windows\System\MJvaAsw.exe

C:\Windows\System\MJvaAsw.exe

C:\Windows\System\HfuIgHM.exe

C:\Windows\System\HfuIgHM.exe

C:\Windows\System\LUcVCAu.exe

C:\Windows\System\LUcVCAu.exe

C:\Windows\System\iemIJAx.exe

C:\Windows\System\iemIJAx.exe

C:\Windows\System\YldnUkF.exe

C:\Windows\System\YldnUkF.exe

C:\Windows\System\WKaMYwl.exe

C:\Windows\System\WKaMYwl.exe

C:\Windows\System\WGzFIFD.exe

C:\Windows\System\WGzFIFD.exe

C:\Windows\System\tPLxKGb.exe

C:\Windows\System\tPLxKGb.exe

C:\Windows\System\NdWLZRC.exe

C:\Windows\System\NdWLZRC.exe

C:\Windows\System\qOETAns.exe

C:\Windows\System\qOETAns.exe

C:\Windows\System\PJvRTRy.exe

C:\Windows\System\PJvRTRy.exe

C:\Windows\System\hlELcFY.exe

C:\Windows\System\hlELcFY.exe

C:\Windows\System\ArtzBWK.exe

C:\Windows\System\ArtzBWK.exe

C:\Windows\System\mVcBbOm.exe

C:\Windows\System\mVcBbOm.exe

C:\Windows\System\XCXLeTc.exe

C:\Windows\System\XCXLeTc.exe

C:\Windows\System\awYjqRd.exe

C:\Windows\System\awYjqRd.exe

C:\Windows\System\WPnXzvx.exe

C:\Windows\System\WPnXzvx.exe

C:\Windows\System\NWFIvaf.exe

C:\Windows\System\NWFIvaf.exe

C:\Windows\System\VQdoFtA.exe

C:\Windows\System\VQdoFtA.exe

C:\Windows\System\KCvYaCe.exe

C:\Windows\System\KCvYaCe.exe

C:\Windows\System\QmgRifV.exe

C:\Windows\System\QmgRifV.exe

C:\Windows\System\RMMlwkf.exe

C:\Windows\System\RMMlwkf.exe

C:\Windows\System\SxyMykm.exe

C:\Windows\System\SxyMykm.exe

C:\Windows\System\Klgylcs.exe

C:\Windows\System\Klgylcs.exe

C:\Windows\System\riOQfYV.exe

C:\Windows\System\riOQfYV.exe

C:\Windows\System\hvdKtqu.exe

C:\Windows\System\hvdKtqu.exe

C:\Windows\System\vNBEmll.exe

C:\Windows\System\vNBEmll.exe

C:\Windows\System\gJqkXYO.exe

C:\Windows\System\gJqkXYO.exe

C:\Windows\System\ZiEcjWK.exe

C:\Windows\System\ZiEcjWK.exe

C:\Windows\System\XrkivRx.exe

C:\Windows\System\XrkivRx.exe

C:\Windows\System\PjRFBqt.exe

C:\Windows\System\PjRFBqt.exe

C:\Windows\System\sMuYLtr.exe

C:\Windows\System\sMuYLtr.exe

C:\Windows\System\pheyHXK.exe

C:\Windows\System\pheyHXK.exe

C:\Windows\System\NBWUCxZ.exe

C:\Windows\System\NBWUCxZ.exe

C:\Windows\System\VATUMcQ.exe

C:\Windows\System\VATUMcQ.exe

C:\Windows\System\Isaowjw.exe

C:\Windows\System\Isaowjw.exe

C:\Windows\System\gEGzKXU.exe

C:\Windows\System\gEGzKXU.exe

C:\Windows\System\YTXfAdU.exe

C:\Windows\System\YTXfAdU.exe

C:\Windows\System\NqyauBp.exe

C:\Windows\System\NqyauBp.exe

C:\Windows\System\WzRwUrX.exe

C:\Windows\System\WzRwUrX.exe

C:\Windows\System\FBsQpcU.exe

C:\Windows\System\FBsQpcU.exe

C:\Windows\System\rCYmNSK.exe

C:\Windows\System\rCYmNSK.exe

C:\Windows\System\KXuIgOr.exe

C:\Windows\System\KXuIgOr.exe

C:\Windows\System\uNThDfP.exe

C:\Windows\System\uNThDfP.exe

C:\Windows\System\MqfFrPE.exe

C:\Windows\System\MqfFrPE.exe

C:\Windows\System\lDHpfpv.exe

C:\Windows\System\lDHpfpv.exe

C:\Windows\System\rNdTqHU.exe

C:\Windows\System\rNdTqHU.exe

C:\Windows\System\AraVYmh.exe

C:\Windows\System\AraVYmh.exe

C:\Windows\System\rqSnjxv.exe

C:\Windows\System\rqSnjxv.exe

C:\Windows\System\ARkbaLn.exe

C:\Windows\System\ARkbaLn.exe

C:\Windows\System\gOmAjPW.exe

C:\Windows\System\gOmAjPW.exe

C:\Windows\System\bXUISDY.exe

C:\Windows\System\bXUISDY.exe

C:\Windows\System\HkuBEcE.exe

C:\Windows\System\HkuBEcE.exe

C:\Windows\System\RrXqAob.exe

C:\Windows\System\RrXqAob.exe

C:\Windows\System\SHQjqtS.exe

C:\Windows\System\SHQjqtS.exe

C:\Windows\System\vVqNcpD.exe

C:\Windows\System\vVqNcpD.exe

C:\Windows\System\mTAvEAW.exe

C:\Windows\System\mTAvEAW.exe

C:\Windows\System\yCKeUkp.exe

C:\Windows\System\yCKeUkp.exe

C:\Windows\System\aexJNRm.exe

C:\Windows\System\aexJNRm.exe

C:\Windows\System\cLFdGFg.exe

C:\Windows\System\cLFdGFg.exe

C:\Windows\System\NAqtrma.exe

C:\Windows\System\NAqtrma.exe

C:\Windows\System\VqzMUxo.exe

C:\Windows\System\VqzMUxo.exe

C:\Windows\System\NGvLgHD.exe

C:\Windows\System\NGvLgHD.exe

C:\Windows\System\iqFNCge.exe

C:\Windows\System\iqFNCge.exe

C:\Windows\System\lPAdDxz.exe

C:\Windows\System\lPAdDxz.exe

C:\Windows\System\fIHGyOW.exe

C:\Windows\System\fIHGyOW.exe

C:\Windows\System\XBjjBpR.exe

C:\Windows\System\XBjjBpR.exe

C:\Windows\System\aQFlGjo.exe

C:\Windows\System\aQFlGjo.exe

C:\Windows\System\ZncZXZr.exe

C:\Windows\System\ZncZXZr.exe

C:\Windows\System\kbXEGGw.exe

C:\Windows\System\kbXEGGw.exe

C:\Windows\System\yDTlVVs.exe

C:\Windows\System\yDTlVVs.exe

C:\Windows\System\HUtklJC.exe

C:\Windows\System\HUtklJC.exe

C:\Windows\System\mjBvKJT.exe

C:\Windows\System\mjBvKJT.exe

C:\Windows\System\bPfVUDi.exe

C:\Windows\System\bPfVUDi.exe

C:\Windows\System\qnXsWFF.exe

C:\Windows\System\qnXsWFF.exe

C:\Windows\System\dSvIqoq.exe

C:\Windows\System\dSvIqoq.exe

C:\Windows\System\ghylcQq.exe

C:\Windows\System\ghylcQq.exe

C:\Windows\System\yKoPjBg.exe

C:\Windows\System\yKoPjBg.exe

C:\Windows\System\wSLJxdu.exe

C:\Windows\System\wSLJxdu.exe

C:\Windows\System\gBgAZVh.exe

C:\Windows\System\gBgAZVh.exe

C:\Windows\System\lnazaxx.exe

C:\Windows\System\lnazaxx.exe

C:\Windows\System\VFuWPkj.exe

C:\Windows\System\VFuWPkj.exe

C:\Windows\System\XsmbdYD.exe

C:\Windows\System\XsmbdYD.exe

C:\Windows\System\emnuCsP.exe

C:\Windows\System\emnuCsP.exe

C:\Windows\System\CbopYPC.exe

C:\Windows\System\CbopYPC.exe

C:\Windows\System\aXnfbFn.exe

C:\Windows\System\aXnfbFn.exe

C:\Windows\System\GseIlJW.exe

C:\Windows\System\GseIlJW.exe

C:\Windows\System\qEUyYNr.exe

C:\Windows\System\qEUyYNr.exe

C:\Windows\System\SIiYIRe.exe

C:\Windows\System\SIiYIRe.exe

C:\Windows\System\wNKMrbp.exe

C:\Windows\System\wNKMrbp.exe

C:\Windows\System\dCwJbJV.exe

C:\Windows\System\dCwJbJV.exe

C:\Windows\System\OmuXpTo.exe

C:\Windows\System\OmuXpTo.exe

C:\Windows\System\BOWqIuT.exe

C:\Windows\System\BOWqIuT.exe

C:\Windows\System\stqgsyO.exe

C:\Windows\System\stqgsyO.exe

C:\Windows\System\RJOYTnO.exe

C:\Windows\System\RJOYTnO.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 83.177.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4472-0-0x00007FF7056A0000-0x00007FF7059F4000-memory.dmp

memory/4472-1-0x000001E702FF0000-0x000001E703000000-memory.dmp

C:\Windows\System\NQspQdy.exe

MD5 c9c9955f2aec199c8ceb1ff8a264f29d
SHA1 5b7b1749637735a909bd3053f7e0b1908d80be73
SHA256 bcbe259f79ce9acf1970693ccf7804027d874914f424dad56b91a55ff840a373
SHA512 d143135bbfc0fb99d98ebc4f535f8760e77a829be7a19ff0e4f536647b7966c1f76940696cdcc04d4f05f7ce3fa6ddcd9fb2f6817e70021f317438666362f61e

memory/3604-8-0x00007FF67E5B0000-0x00007FF67E904000-memory.dmp

C:\Windows\System\oUSIZAW.exe

MD5 37d4aadca27ac5efa6d0fcff9c6177a4
SHA1 028e96b491e137ae0581e3ff327bbb01774c18c5
SHA256 685dc73e799ed0f14c281c928cbb7e9acb93cee55fb0289b02df0e90622351d2
SHA512 cfe57ae3dc53d92219a40ff1189150732629874748004485c7605e56ee724a96b70dc99052e0fd0231cfa1fe11ae005d5549aa54ac66f7b05012a22e173a9e3d

C:\Windows\System\LloRntk.exe

MD5 9d23f589d052da479c2064620f4106dc
SHA1 e7f697d8802561adb5ac50fe31f36ff88efd49b7
SHA256 df2b1e0a03d1e488aad39e7020fe746bc4906ee7f07337a2b77911414a4dda8f
SHA512 576fc34b2169226dac862eb3a2f2b416caca07f332806b7e091cecf55674e9bc86df56a333842c131a5ac9d628f5af32418233ce399c9d5e0534014610603afd

memory/848-39-0x00007FF7B7980000-0x00007FF7B7CD4000-memory.dmp

C:\Windows\System\NgaLnGL.exe

MD5 5711d95fd071bb29890b4f25093e4e27
SHA1 26574592fbf7e74d3db7d1000ea66374425efdd3
SHA256 33d09b07533fcb35e83e2d8c5a5a53a9a3bfc2e42c826cf1040810bde598bdd4
SHA512 f7fc2b69a3c95d39157e9d7d4f87098fa7417efa88d900015117885f98d6fed98ad0c8d5d74bfe373bfb6f72d80b1439044a0e74d173b79943095a559dfa8bbe

C:\Windows\System\PsEMiwg.exe

MD5 a48cfecdd257927c943aa434f447fb48
SHA1 593184144766216c3ee5315c30c8265ed2dc130a
SHA256 dc5a497c323030346c67e2f320dc7b3b8407aa0605ca23dfb7f9d31015f3b47f
SHA512 9e07d1d79c3cf47a1138b0ddd10fd0e51950e1cbf98113221bdd2f42bc00f635540edb7acfa4adc6d630419082a5e640e8fb44a7d52904c13760fcadd13365d4

C:\Windows\System\QHYLEDF.exe

MD5 68fbfa09d35d7ece4fddbeb49e9df4ae
SHA1 d9082b92d1478a3a24d55238a64cbe7487f13e47
SHA256 9c4a7dc9ccf933c2dfdd77a8fc4c9cd7d05e1588d9bdc141f597c78442989ec1
SHA512 7ef737409fdf8c89007c46852b9bfd99b1ddb33ea233bf35a43fe257aa6bb312743390b2603de37b2d2f0675c0f04682499440f4e2d875a09b26f73e90e455c1

C:\Windows\System\LlaKIQE.exe

MD5 c5d1e8d98a405e11541ed3d12d7d3a7c
SHA1 34c86ebe12eba654d38db72897787b07c6a2af0a
SHA256 9fdea8353050a6121b87f7c7fde82d00bcdf1c0be2ecf9805dbee2e03504608f
SHA512 c9f0fea78fde6454165f6ef1fb5b8a43931483fd66e9853cc1ead7b0112cf5bf9efca6dffcc3afe2f48078f5c3067610232a9e62ac3f759ace4d8ab9956d1cb1

memory/900-28-0x00007FF74AA70000-0x00007FF74ADC4000-memory.dmp

memory/3040-19-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp

memory/3548-43-0x00007FF6DD6F0000-0x00007FF6DDA44000-memory.dmp

C:\Windows\System\BnOKmRM.exe

MD5 69d5125a05244ff2ff2e67004ece72b5
SHA1 c5e3e1d88b29ad9ff34b49d2b0148519c69aede1
SHA256 61172dc26705832c5fd941789241d0bc90401709c950d2ef36c843d2ee3a9116
SHA512 0a2ca100ecb3cae8f70b4ddfa54f51614899dedd233c5c12a7d95328f025bb884f1b1844cbae985fbb06e9ad9bebc0c2c1819cf3c2e87f9f39e3ad767027d9ad

C:\Windows\System\RmAiEKa.exe

MD5 07950837010b7211be674186dae08e62
SHA1 9c29788ae6dc9a090ea94e278c0fa201033bcb1e
SHA256 598c16965679316ff66bbdd6207465b1150524aa464221fdbd5c8e16e83494ed
SHA512 c4b753fe849e8e5413803f013d027660e4843bec007e1e3458e568b927014580f1f477c7815f214c4ce9ff2b80f99712f63594a23bd9a8860628be0b92afb2b3

C:\Windows\System\RrXaOku.exe

MD5 2d77c7f8baed3ef7a8e68c41e2d0507f
SHA1 8f7cd2751b29ef5cf70d3d20592927b3d7287891
SHA256 6a31e3d4457ee58a6b334e79ef0a536f2e3ee8cb561c2b6fc346a4378c57066e
SHA512 93ad39271e528e33f9df370322d6bf9c12c0b312f43216edd9660bc41e841bd99d19ef9fdb99b3d348b8307c419b4e531725c5d16e019a3d8219eabef971a9a8

C:\Windows\System\dUCawjw.exe

MD5 141d336f2005c62a845d29c4d76e0aee
SHA1 26941760789fa02b4dca40faf1ae68a60ab1cb56
SHA256 48b2c116b8724bbad94e4345021982f02b9a634e4535482a813a61dec1cb11c8
SHA512 3f54bf491f1ca4105891db12487d876267a8c71fba913def48264ffc966d7234e4f7f1208979e715089b445be0f1a396225ac46592ef7b6abfdc5ab9c698b64f

C:\Windows\System\bnruzlu.exe

MD5 437e57c910bed0d9b3742144433b5355
SHA1 7d29c70db4296a98a7d946fa7ab618e840d8ad32
SHA256 67d4c79bd8685dd61734a5591b3ce4933932172ce2ad628c0f97404ba1cc52e3
SHA512 cba715f503c29fbdf26542e2ff4aceda6b420c4b545018886caba7f8fdeea09d150c935ab184452a603b02089aa8c67dfae191490eec41bc9bcb399a8b5b1fee

C:\Windows\System\RqWvUKj.exe

MD5 39155cf1a71ffcbbbe0b1a74cbdd9502
SHA1 bbe5aea1a5c92ed599a0179ce81fa09443d1032b
SHA256 fd6ff94c8615d5e7a1d28d970968984c3be674a0c046363b2c76e3280c44949d
SHA512 c9e5c33465328a1212d761898d4449b4b6c2a7c9dea8da9545f100bf14daadb94d987684544881787b27322f125d5dfae4c72a3c1fbd55efd52ef31bf215e0ad

C:\Windows\System\sEksUmG.exe

MD5 764f479974b5341389ac624dc8467c45
SHA1 824a6c36646fb31659c732d90ba1fc5b86899ec1
SHA256 ac4f15d6aa57f5e30bcf29ddd9da065324545da62a69d07815a5500450d6d876
SHA512 922bbee88eb3817f91e047d2c276d406a467087ffd547f75efdb346ac564bcaacd53fa70e557bb1067fe49aed6c52cbae9e7b12e3a03327e383bea169f0f8fe3

memory/4824-655-0x00007FF6AA6A0000-0x00007FF6AA9F4000-memory.dmp

memory/1168-656-0x00007FF7CCFE0000-0x00007FF7CD334000-memory.dmp

memory/1728-657-0x00007FF7E7000000-0x00007FF7E7354000-memory.dmp

memory/1620-658-0x00007FF79BAE0000-0x00007FF79BE34000-memory.dmp

memory/5056-659-0x00007FF625760000-0x00007FF625AB4000-memory.dmp

memory/2300-661-0x00007FF69DFC0000-0x00007FF69E314000-memory.dmp

memory/3172-662-0x00007FF7C03D0000-0x00007FF7C0724000-memory.dmp

memory/4996-660-0x00007FF6EFD80000-0x00007FF6F00D4000-memory.dmp

memory/2528-663-0x00007FF63D850000-0x00007FF63DBA4000-memory.dmp

memory/3000-673-0x00007FF7A6CB0000-0x00007FF7A7004000-memory.dmp

memory/4084-677-0x00007FF7060B0000-0x00007FF706404000-memory.dmp

memory/2712-683-0x00007FF7A1C00000-0x00007FF7A1F54000-memory.dmp

memory/1368-700-0x00007FF62AC00000-0x00007FF62AF54000-memory.dmp

memory/4604-712-0x00007FF7867E0000-0x00007FF786B34000-memory.dmp

memory/860-717-0x00007FF6470C0000-0x00007FF647414000-memory.dmp

memory/4924-714-0x00007FF74E0C0000-0x00007FF74E414000-memory.dmp

memory/2344-733-0x00007FF793CA0000-0x00007FF793FF4000-memory.dmp

memory/1184-736-0x00007FF6633D0000-0x00007FF663724000-memory.dmp

memory/32-707-0x00007FF7E7EE0000-0x00007FF7E8234000-memory.dmp

memory/2072-695-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp

memory/1584-688-0x00007FF7D22D0000-0x00007FF7D2624000-memory.dmp

memory/60-664-0x00007FF684960000-0x00007FF684CB4000-memory.dmp

C:\Windows\System\ThZhHaR.exe

MD5 bdd7bb2271191d07aa8cefd47d9efb25
SHA1 a86268cca9486db94e9182e732a14676fd7296a5
SHA256 e8d7c10e2bd51b00616bc16a6e3f02c6615f8a19152a286fd66afc0859bcd1f3
SHA512 8526bf9291a075abec6f750e39ee0ca1d85424ba6092810f5015f9bf70e2a41af8c0154bfc049e80ec105afa4532d0871d6c943d98ec528574cdf4b5840d23ab

C:\Windows\System\pqSYYUU.exe

MD5 f8b0af216273e690ffa5c3f43602eb2c
SHA1 1935c41121558704eaf601db516686cfe58e4d46
SHA256 9065e5285c1c6d5d48ee9294ebaf8884ce7947a5e41ca041f3d1359f5c0e1da5
SHA512 bcef9833de9b75a1f495189c89a4e81f5c2b09f94d7361bc1eb6459ae4e76e267c73fcf966b528ae7421049536c14f79a8588379ecda96dc408828918663a03b

C:\Windows\System\wXviMQi.exe

MD5 0384d789c3b15c273f61ebcc4bb6f094
SHA1 c686e2bf688246ebd91ffd08bc17bbe4605c4a24
SHA256 88b0d8cdbb2b8b22f75acd35d6fc57986ca0bd815e21ed404cbf9b1470abd93e
SHA512 339bcbb61b5c945fd875641bb619435806dfe79962b626c271197bd264e69fbb601fdb06c2b9aa9c318fb09a07715eab0fef6af0c211487a8af607b38d826f61

C:\Windows\System\thBtaIS.exe

MD5 9a29ef7affe24e99c6a160a22e34a8fd
SHA1 6e1e55cefe9cc55a517cec07c3568140414e5ecc
SHA256 c5020e74934db393b5db698582baf85e94b71498ebed6caa7297e0b844e24a49
SHA512 facced2cb3efb2ff54636cb3e5ce08f4d8b09deb21b90056cbbef36b3fcd322317a2419008afa960ae2438d779648fc6aa9409bed550c0c6ca567f356937d21b

C:\Windows\System\XULuPIb.exe

MD5 8f006da7852f2512bd1bfc04ca5d9824
SHA1 52429734f6b5993fa82e526e8f2e185454b7c86d
SHA256 e880b3fdb49709542bc1404c7c1ffaeed335ad1e0fd9aa59e1c239a5d7a04a0a
SHA512 f83b62f34a49fd552498d7083d3b000834272e14b9c36c5f32bb03bb1464ceb967a3822225f197f31d53c7875c9baf6ff69eb1d2420c2f5f76a3334dd0a452a6

C:\Windows\System\OQRppAs.exe

MD5 54f4d21413b1b13d929e0442f79fafaf
SHA1 10a89ce0fd0b2182ec8d1ff1fb141a5c6cbc0e76
SHA256 991ff8e38aac2c1288b7bb7441e9aece87083421bd636a1fb0fd9f75e1e13a81
SHA512 bf9d270bd7da5dc33a9c7d2cc0ef865e1cd85e03dd3ea60385373316408989624d192b1acc52b47eafaa57d37679d7da7aa2ad6c69d9da802af3559217f2917c

C:\Windows\System\aYyHLJS.exe

MD5 044a798d26b1f15239f1f1bce0962b36
SHA1 2ef72aefb9518c4267109cf615c5fb7632c11586
SHA256 ded29a1cc3d5189d4572e8d9687395828e64a146d63b5c5cce9b1979502fa2af
SHA512 4fb7c42332672af18e43c8e708b677bed0958c14c54b6a68f5014065356db8959f58953c418cffa8000b04454e14343de0406b55abfd6c694066ce689870c51d

C:\Windows\System\YgWWkUe.exe

MD5 5b8c5e06082f6f2391797dd13a004368
SHA1 84a5a50542b19252298b6ec102a8615aeaed4ecb
SHA256 def4ee1fe9d11ce26e1b1497c73116615ec1fca9576b12eac41a1a645b8c762d
SHA512 bb52b78a2eca29559a3599f96393e2b27d18ea104e1e697ba7fa18bffda66b7cbc4a587ec9fdfc875a013027a0348b060afeb4c6914a0a2875cb52472e7937a0

C:\Windows\System\typrzXp.exe

MD5 66a04e210fbb08e9504b1ca7f369c5f8
SHA1 eabaddfc937358dac615c3b0c9917306cfc17b1a
SHA256 f7709628ad0c6fb77ab9a5809b32de3fa9bd70931f6c211b3135988e5f75bb13
SHA512 d0d9f485bff1dfd8c8f8f92fff0260d0b2c001a91c0703ed27404a874070791b57fe58ed55dd21e54d4f9d146b31ed94acc7d214d53292dad31b6253410edcfb

C:\Windows\System\PKdfUnY.exe

MD5 1ff9347318db6f0d763ccee52b835c54
SHA1 9591ab7ecef03d5505507ab13e2e52c944a71e28
SHA256 2ac30ccf4ce67c5e675238ab1d17bb830f8f2ec0c1191172c75a9d2923719ef3
SHA512 fdd547b06e49703c365c7b7e86c256ad677868e60a716106d52bb1930a9afa6d97270e775e60f36deb7fc617cbe1a4a03bac0e5f662e2693799c27a0b6080e6e

C:\Windows\System\XMnQcbD.exe

MD5 f4b015ca4852cbdb1bbe6ec937d70130
SHA1 57a1cbc5768c3947659efd9be371d3defa4272fd
SHA256 f1b33fcc6cca9c0ec8fc31eea060d882b75ba33de1df4a09e8bcf43de8791239
SHA512 1b80de7c6ac3bdcf1e3c97822a0d48aea83ad86456bc5d492c5868f0c9bb84acc3d422dc52e0989a52732df9752b4a974c89045d08d06d73fb9183b85dc09af8

C:\Windows\System\RiqZsfS.exe

MD5 69323dd71a4cb4e41ec71ff3d60e7bba
SHA1 b0f0d4715fcf7762a4d38ac6617803800a190147
SHA256 abfeedeefb0aab68270fb9b1bd052c0ea502de8d494da8f4e540c99b1c10a0a0
SHA512 5f7e0ab94302e4328b85b67937247039a321a5e8be54d363e90af89d157d283dfacde20cb6d0baa0d69e794ba651d757ae658518ca7f739f01fb821c2011a1dd

C:\Windows\System\aDltFBw.exe

MD5 86d702bbea47e74db8c1c6181402646d
SHA1 28a9eac4b814cc43c1912124c05b0c6614e938b1
SHA256 4268394f74f8ce51ad8dc2c5bbe2d1aa204a247c7268c5be1e4dc3a49f88e3a9
SHA512 76428bc8698d7f6ed38e6230db5dc6341e1e0c32a74b3cf7a2ed7165eb2205507a47a1e55a42ad2d2df9a527ba0706c7bc2c6871c559ee2e0cea43f878c00355

C:\Windows\System\HIAgMPI.exe

MD5 b61b03869510db936b3d172016b2f4ed
SHA1 019e995ccf1416fbde3cc23b5c07d8d182508b28
SHA256 f20677049de922e93b7a803b57a7e0bd10f9ddcac79d8a271d3222f3038b9523
SHA512 8246df1d844035c7be11921c7055240dd4ea832b99e02b27de88a32ffea3a31dc22cee00736128c937245ad79127550da8cd609364619a5b89e4062b4f71150e

C:\Windows\System\LSjNYEa.exe

MD5 eb02fd27eca3e55d8c7b5bb60df823a2
SHA1 3f147e96ba4db612d4259563d8a23e1e210270b3
SHA256 2d7701271fbb243066d072143416b71a6778d8f599c25420ade6825dc396befe
SHA512 8ec919c7cf12b8dc9e5becee31229e5d7123cf0cdf7ef7a97b82ba4f117353d9014e35be190a3eeb490e506ff58fb1419687bf8912c3c011bb753c62538ba559

C:\Windows\System\joDpZlb.exe

MD5 d4bbd9111097c165b81cc4b92633a25a
SHA1 b66a6d3ad20da28058f8571182298dac9048cf1e
SHA256 6f89d16080585813e4b042fc60ea595fd05b9ab20ef4d69970c8c8c979e4bbf6
SHA512 edf61a6084d30207cd0b125f7595f1777335b2212ff101ff41aa55ba151695d240a3be5e412ffffdbe1eb9979aa111da2c06b3cf2fde37f830d75c83c49fc64b

C:\Windows\System\siGZcky.exe

MD5 43d17f1958981d2ee1c3f0caab24dbb3
SHA1 7f3dacece717e3cf02f5289f866cfe088b7fb512
SHA256 a43505904f191c2261165895c38d56cafd43d975723802c8ecb3e6462ce5d4c4
SHA512 e7af4694fae088e343ee9a707329e6d8d774df236c8d8d45d479fe22d279c10f32844b8dbc5cff524a353d45b8cc8ce06b6cb2cdca485df96a43b701faa84c9f

C:\Windows\System\NpVznvr.exe

MD5 d0ba64401b65a29a65515f5f4f7be76a
SHA1 6642a267357af769fe801a8d42beacc215c97613
SHA256 f53e46e6e0903d8eb7c5c0999f123c62b95ab7e7db52911e8257b99b8ee9a279
SHA512 12d66ab8fad178817743e7bcf46561c610903ba4f063d836ef670666dd929ae7f977f7b37c0e83238fcb1d5548264fdc2294d2b25f20a85a4ad00c2e68e993c1

C:\Windows\System\iKHQKcm.exe

MD5 6d27968f3d8813670b4c74dda95a3127
SHA1 26830acaadddba397bddb5296ec1b706fe7169e8
SHA256 ae9c5e483d037e192f3fa0d1f71f6e471401145a9a1723583e9e153283f1937e
SHA512 f915b5b59241ca1ae8198e7a0a62ffcd259ef05fc6638912c75c8ca63ceacdf1f414d91702063c8c73377cd63ecbde3d8507d68083ee226ac36158999f9ae26a

memory/4784-45-0x00007FF623C30000-0x00007FF623F84000-memory.dmp

memory/4200-44-0x00007FF71C950000-0x00007FF71CCA4000-memory.dmp

memory/4472-1070-0x00007FF7056A0000-0x00007FF7059F4000-memory.dmp

memory/3604-1071-0x00007FF67E5B0000-0x00007FF67E904000-memory.dmp

memory/900-1073-0x00007FF74AA70000-0x00007FF74ADC4000-memory.dmp

memory/3040-1072-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp

memory/3548-1074-0x00007FF6DD6F0000-0x00007FF6DDA44000-memory.dmp

memory/3604-1075-0x00007FF67E5B0000-0x00007FF67E904000-memory.dmp

memory/4200-1076-0x00007FF71C950000-0x00007FF71CCA4000-memory.dmp

memory/3040-1077-0x00007FF6FD610000-0x00007FF6FD964000-memory.dmp

memory/848-1079-0x00007FF7B7980000-0x00007FF7B7CD4000-memory.dmp

memory/900-1078-0x00007FF74AA70000-0x00007FF74ADC4000-memory.dmp

memory/4784-1080-0x00007FF623C30000-0x00007FF623F84000-memory.dmp

memory/3548-1081-0x00007FF6DD6F0000-0x00007FF6DDA44000-memory.dmp

memory/4824-1082-0x00007FF6AA6A0000-0x00007FF6AA9F4000-memory.dmp

memory/1184-1083-0x00007FF6633D0000-0x00007FF663724000-memory.dmp

memory/1620-1084-0x00007FF79BAE0000-0x00007FF79BE34000-memory.dmp

memory/1728-1085-0x00007FF7E7000000-0x00007FF7E7354000-memory.dmp

memory/4996-1087-0x00007FF6EFD80000-0x00007FF6F00D4000-memory.dmp

memory/1168-1086-0x00007FF7CCFE0000-0x00007FF7CD334000-memory.dmp

memory/5056-1088-0x00007FF625760000-0x00007FF625AB4000-memory.dmp

memory/2300-1089-0x00007FF69DFC0000-0x00007FF69E314000-memory.dmp

memory/2072-1101-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp

memory/2712-1103-0x00007FF7A1C00000-0x00007FF7A1F54000-memory.dmp

memory/60-1102-0x00007FF684960000-0x00007FF684CB4000-memory.dmp

memory/1584-1100-0x00007FF7D22D0000-0x00007FF7D2624000-memory.dmp

memory/2344-1099-0x00007FF793CA0000-0x00007FF793FF4000-memory.dmp

memory/4084-1098-0x00007FF7060B0000-0x00007FF706404000-memory.dmp

memory/3000-1097-0x00007FF7A6CB0000-0x00007FF7A7004000-memory.dmp

memory/2528-1096-0x00007FF63D850000-0x00007FF63DBA4000-memory.dmp

memory/860-1095-0x00007FF6470C0000-0x00007FF647414000-memory.dmp

memory/4924-1094-0x00007FF74E0C0000-0x00007FF74E414000-memory.dmp

memory/3172-1093-0x00007FF7C03D0000-0x00007FF7C0724000-memory.dmp

memory/1368-1092-0x00007FF62AC00000-0x00007FF62AF54000-memory.dmp

memory/32-1090-0x00007FF7E7EE0000-0x00007FF7E8234000-memory.dmp

memory/4604-1091-0x00007FF7867E0000-0x00007FF786B34000-memory.dmp