Malware Analysis Report

2024-10-10 09:49

Sample ID 240620-sb2d9sxfnr
Target 0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe
SHA256 0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f
Tags
miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f

Threat Level: Known bad

The file 0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner kpot xmrig stealer trojan

KPOT

KPOT Core Executable

Kpot family

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 14:57

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 14:57

Reported

2024-06-20 15:00

Platform

win7-20240611-en

Max time kernel

137s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XaVNdEn.exe N/A
N/A N/A C:\Windows\System\opkhfYO.exe N/A
N/A N/A C:\Windows\System\hNNjywh.exe N/A
N/A N/A C:\Windows\System\qgvRFyw.exe N/A
N/A N/A C:\Windows\System\HJHDaJZ.exe N/A
N/A N/A C:\Windows\System\nQVOEZt.exe N/A
N/A N/A C:\Windows\System\GoOPOvT.exe N/A
N/A N/A C:\Windows\System\DPkQmdB.exe N/A
N/A N/A C:\Windows\System\oWupYwT.exe N/A
N/A N/A C:\Windows\System\jiMGujl.exe N/A
N/A N/A C:\Windows\System\vnuaafd.exe N/A
N/A N/A C:\Windows\System\PDPforf.exe N/A
N/A N/A C:\Windows\System\PgLakYW.exe N/A
N/A N/A C:\Windows\System\Wmengkr.exe N/A
N/A N/A C:\Windows\System\tBcjANA.exe N/A
N/A N/A C:\Windows\System\oBEEGjD.exe N/A
N/A N/A C:\Windows\System\ueleRdG.exe N/A
N/A N/A C:\Windows\System\hKEDxXB.exe N/A
N/A N/A C:\Windows\System\CMMBqYZ.exe N/A
N/A N/A C:\Windows\System\VIPmYRc.exe N/A
N/A N/A C:\Windows\System\pcAHUsl.exe N/A
N/A N/A C:\Windows\System\SduIjkv.exe N/A
N/A N/A C:\Windows\System\CUTuaWC.exe N/A
N/A N/A C:\Windows\System\DDMjBWD.exe N/A
N/A N/A C:\Windows\System\lDMRFnU.exe N/A
N/A N/A C:\Windows\System\ONyeWXO.exe N/A
N/A N/A C:\Windows\System\iIAIDpX.exe N/A
N/A N/A C:\Windows\System\itYqyAR.exe N/A
N/A N/A C:\Windows\System\JheHBWL.exe N/A
N/A N/A C:\Windows\System\gHeVFgZ.exe N/A
N/A N/A C:\Windows\System\lEqSjAc.exe N/A
N/A N/A C:\Windows\System\KnrjSTr.exe N/A
N/A N/A C:\Windows\System\QsEWgky.exe N/A
N/A N/A C:\Windows\System\wdFFKTo.exe N/A
N/A N/A C:\Windows\System\yRqMcEN.exe N/A
N/A N/A C:\Windows\System\hABCKmX.exe N/A
N/A N/A C:\Windows\System\YMOWrWX.exe N/A
N/A N/A C:\Windows\System\wrEAFUa.exe N/A
N/A N/A C:\Windows\System\zLVFXUc.exe N/A
N/A N/A C:\Windows\System\IQJdnLi.exe N/A
N/A N/A C:\Windows\System\JLxhdiG.exe N/A
N/A N/A C:\Windows\System\FzYLoZF.exe N/A
N/A N/A C:\Windows\System\gEnSqHf.exe N/A
N/A N/A C:\Windows\System\vVkrODZ.exe N/A
N/A N/A C:\Windows\System\MuSKvFq.exe N/A
N/A N/A C:\Windows\System\UsCmIox.exe N/A
N/A N/A C:\Windows\System\SJVkpZD.exe N/A
N/A N/A C:\Windows\System\hDJstHV.exe N/A
N/A N/A C:\Windows\System\JfVOFZL.exe N/A
N/A N/A C:\Windows\System\JUJPvjV.exe N/A
N/A N/A C:\Windows\System\KdXYOzo.exe N/A
N/A N/A C:\Windows\System\YzvHnTz.exe N/A
N/A N/A C:\Windows\System\FsoiXIo.exe N/A
N/A N/A C:\Windows\System\zMBZtvZ.exe N/A
N/A N/A C:\Windows\System\XpVwIHM.exe N/A
N/A N/A C:\Windows\System\PDUklcq.exe N/A
N/A N/A C:\Windows\System\pOHSvRv.exe N/A
N/A N/A C:\Windows\System\kaTrbVg.exe N/A
N/A N/A C:\Windows\System\nJutJuu.exe N/A
N/A N/A C:\Windows\System\EtORAIo.exe N/A
N/A N/A C:\Windows\System\xZdyewo.exe N/A
N/A N/A C:\Windows\System\WBstveu.exe N/A
N/A N/A C:\Windows\System\okzPsiH.exe N/A
N/A N/A C:\Windows\System\seBCEVL.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uEuaYmD.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VAJTUjQ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\baWZesW.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrEAFUa.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\FsoiXIo.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqPcHHy.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pitipPM.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pcAHUsl.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\itYqyAR.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGKyvbB.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXZiHZd.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\SATXNoP.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rorDzpf.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzbGsPJ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\PDPforf.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqSLzmw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVurnHO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsRASzF.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqgiILG.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWxJmzy.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFZTolO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDHauDQ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBhNXNw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOkSlyZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqHFgEy.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsCmIox.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsklJFx.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uAhCTth.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ozyOQBU.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\LbwoICb.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ctFuKWh.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZTsfMJ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MzgtvFi.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTMZIUL.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNhwEHX.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\tWvkSns.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\lddzHdc.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMMBqYZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXNTKpS.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNyIqyr.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iwPQrOW.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGjjIlO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqdNOHn.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTEgKNg.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZXnIeY.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjwLTDw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jtAOnsA.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZWixXaH.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\RQDpPOl.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjHuHBZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\opkhfYO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFWhBhE.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\HoDzAts.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\titGYbl.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\eycoHwW.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdyFMjI.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCGMVbh.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcpMJoY.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHeVFgZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZjuINr.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\okcOEKm.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOpUrbX.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\hogdEOS.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJzqQXd.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1916 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\XaVNdEn.exe
PID 1916 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\XaVNdEn.exe
PID 1916 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\XaVNdEn.exe
PID 1916 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\opkhfYO.exe
PID 1916 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\opkhfYO.exe
PID 1916 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\opkhfYO.exe
PID 1916 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hNNjywh.exe
PID 1916 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hNNjywh.exe
PID 1916 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hNNjywh.exe
PID 1916 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\qgvRFyw.exe
PID 1916 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\qgvRFyw.exe
PID 1916 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\qgvRFyw.exe
PID 1916 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\HJHDaJZ.exe
PID 1916 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\HJHDaJZ.exe
PID 1916 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\HJHDaJZ.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\nQVOEZt.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\nQVOEZt.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\nQVOEZt.exe
PID 1916 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GoOPOvT.exe
PID 1916 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GoOPOvT.exe
PID 1916 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GoOPOvT.exe
PID 1916 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\DPkQmdB.exe
PID 1916 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\DPkQmdB.exe
PID 1916 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\DPkQmdB.exe
PID 1916 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oWupYwT.exe
PID 1916 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oWupYwT.exe
PID 1916 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oWupYwT.exe
PID 1916 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\jiMGujl.exe
PID 1916 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\jiMGujl.exe
PID 1916 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\jiMGujl.exe
PID 1916 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\vnuaafd.exe
PID 1916 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\vnuaafd.exe
PID 1916 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\vnuaafd.exe
PID 1916 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PDPforf.exe
PID 1916 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PDPforf.exe
PID 1916 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PDPforf.exe
PID 1916 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PgLakYW.exe
PID 1916 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PgLakYW.exe
PID 1916 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\PgLakYW.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\Wmengkr.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\Wmengkr.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\Wmengkr.exe
PID 1916 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\tBcjANA.exe
PID 1916 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\tBcjANA.exe
PID 1916 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\tBcjANA.exe
PID 1916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oBEEGjD.exe
PID 1916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oBEEGjD.exe
PID 1916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oBEEGjD.exe
PID 1916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\ueleRdG.exe
PID 1916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\ueleRdG.exe
PID 1916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\ueleRdG.exe
PID 1916 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hKEDxXB.exe
PID 1916 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hKEDxXB.exe
PID 1916 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hKEDxXB.exe
PID 1916 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\CMMBqYZ.exe
PID 1916 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\CMMBqYZ.exe
PID 1916 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\CMMBqYZ.exe
PID 1916 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\VIPmYRc.exe
PID 1916 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\VIPmYRc.exe
PID 1916 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\VIPmYRc.exe
PID 1916 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\pcAHUsl.exe
PID 1916 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\pcAHUsl.exe
PID 1916 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\pcAHUsl.exe
PID 1916 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\SduIjkv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe"

C:\Windows\System\XaVNdEn.exe

C:\Windows\System\XaVNdEn.exe

C:\Windows\System\opkhfYO.exe

C:\Windows\System\opkhfYO.exe

C:\Windows\System\hNNjywh.exe

C:\Windows\System\hNNjywh.exe

C:\Windows\System\qgvRFyw.exe

C:\Windows\System\qgvRFyw.exe

C:\Windows\System\HJHDaJZ.exe

C:\Windows\System\HJHDaJZ.exe

C:\Windows\System\nQVOEZt.exe

C:\Windows\System\nQVOEZt.exe

C:\Windows\System\GoOPOvT.exe

C:\Windows\System\GoOPOvT.exe

C:\Windows\System\DPkQmdB.exe

C:\Windows\System\DPkQmdB.exe

C:\Windows\System\oWupYwT.exe

C:\Windows\System\oWupYwT.exe

C:\Windows\System\jiMGujl.exe

C:\Windows\System\jiMGujl.exe

C:\Windows\System\vnuaafd.exe

C:\Windows\System\vnuaafd.exe

C:\Windows\System\PDPforf.exe

C:\Windows\System\PDPforf.exe

C:\Windows\System\PgLakYW.exe

C:\Windows\System\PgLakYW.exe

C:\Windows\System\Wmengkr.exe

C:\Windows\System\Wmengkr.exe

C:\Windows\System\tBcjANA.exe

C:\Windows\System\tBcjANA.exe

C:\Windows\System\oBEEGjD.exe

C:\Windows\System\oBEEGjD.exe

C:\Windows\System\ueleRdG.exe

C:\Windows\System\ueleRdG.exe

C:\Windows\System\hKEDxXB.exe

C:\Windows\System\hKEDxXB.exe

C:\Windows\System\CMMBqYZ.exe

C:\Windows\System\CMMBqYZ.exe

C:\Windows\System\VIPmYRc.exe

C:\Windows\System\VIPmYRc.exe

C:\Windows\System\pcAHUsl.exe

C:\Windows\System\pcAHUsl.exe

C:\Windows\System\SduIjkv.exe

C:\Windows\System\SduIjkv.exe

C:\Windows\System\CUTuaWC.exe

C:\Windows\System\CUTuaWC.exe

C:\Windows\System\DDMjBWD.exe

C:\Windows\System\DDMjBWD.exe

C:\Windows\System\lDMRFnU.exe

C:\Windows\System\lDMRFnU.exe

C:\Windows\System\ONyeWXO.exe

C:\Windows\System\ONyeWXO.exe

C:\Windows\System\iIAIDpX.exe

C:\Windows\System\iIAIDpX.exe

C:\Windows\System\itYqyAR.exe

C:\Windows\System\itYqyAR.exe

C:\Windows\System\JheHBWL.exe

C:\Windows\System\JheHBWL.exe

C:\Windows\System\gHeVFgZ.exe

C:\Windows\System\gHeVFgZ.exe

C:\Windows\System\lEqSjAc.exe

C:\Windows\System\lEqSjAc.exe

C:\Windows\System\KnrjSTr.exe

C:\Windows\System\KnrjSTr.exe

C:\Windows\System\QsEWgky.exe

C:\Windows\System\QsEWgky.exe

C:\Windows\System\wdFFKTo.exe

C:\Windows\System\wdFFKTo.exe

C:\Windows\System\yRqMcEN.exe

C:\Windows\System\yRqMcEN.exe

C:\Windows\System\hABCKmX.exe

C:\Windows\System\hABCKmX.exe

C:\Windows\System\YMOWrWX.exe

C:\Windows\System\YMOWrWX.exe

C:\Windows\System\wrEAFUa.exe

C:\Windows\System\wrEAFUa.exe

C:\Windows\System\zLVFXUc.exe

C:\Windows\System\zLVFXUc.exe

C:\Windows\System\IQJdnLi.exe

C:\Windows\System\IQJdnLi.exe

C:\Windows\System\JLxhdiG.exe

C:\Windows\System\JLxhdiG.exe

C:\Windows\System\FzYLoZF.exe

C:\Windows\System\FzYLoZF.exe

C:\Windows\System\gEnSqHf.exe

C:\Windows\System\gEnSqHf.exe

C:\Windows\System\vVkrODZ.exe

C:\Windows\System\vVkrODZ.exe

C:\Windows\System\MuSKvFq.exe

C:\Windows\System\MuSKvFq.exe

C:\Windows\System\UsCmIox.exe

C:\Windows\System\UsCmIox.exe

C:\Windows\System\SJVkpZD.exe

C:\Windows\System\SJVkpZD.exe

C:\Windows\System\hDJstHV.exe

C:\Windows\System\hDJstHV.exe

C:\Windows\System\JUJPvjV.exe

C:\Windows\System\JUJPvjV.exe

C:\Windows\System\JfVOFZL.exe

C:\Windows\System\JfVOFZL.exe

C:\Windows\System\YzvHnTz.exe

C:\Windows\System\YzvHnTz.exe

C:\Windows\System\KdXYOzo.exe

C:\Windows\System\KdXYOzo.exe

C:\Windows\System\zMBZtvZ.exe

C:\Windows\System\zMBZtvZ.exe

C:\Windows\System\FsoiXIo.exe

C:\Windows\System\FsoiXIo.exe

C:\Windows\System\PDUklcq.exe

C:\Windows\System\PDUklcq.exe

C:\Windows\System\XpVwIHM.exe

C:\Windows\System\XpVwIHM.exe

C:\Windows\System\kaTrbVg.exe

C:\Windows\System\kaTrbVg.exe

C:\Windows\System\pOHSvRv.exe

C:\Windows\System\pOHSvRv.exe

C:\Windows\System\nJutJuu.exe

C:\Windows\System\nJutJuu.exe

C:\Windows\System\EtORAIo.exe

C:\Windows\System\EtORAIo.exe

C:\Windows\System\xZdyewo.exe

C:\Windows\System\xZdyewo.exe

C:\Windows\System\WBstveu.exe

C:\Windows\System\WBstveu.exe

C:\Windows\System\okzPsiH.exe

C:\Windows\System\okzPsiH.exe

C:\Windows\System\seBCEVL.exe

C:\Windows\System\seBCEVL.exe

C:\Windows\System\NvpZcUj.exe

C:\Windows\System\NvpZcUj.exe

C:\Windows\System\oFWhBhE.exe

C:\Windows\System\oFWhBhE.exe

C:\Windows\System\UlexwVY.exe

C:\Windows\System\UlexwVY.exe

C:\Windows\System\oNRgRtI.exe

C:\Windows\System\oNRgRtI.exe

C:\Windows\System\xypAFMW.exe

C:\Windows\System\xypAFMW.exe

C:\Windows\System\tLTgduw.exe

C:\Windows\System\tLTgduw.exe

C:\Windows\System\KqgiILG.exe

C:\Windows\System\KqgiILG.exe

C:\Windows\System\OGBEjhy.exe

C:\Windows\System\OGBEjhy.exe

C:\Windows\System\mOSigdz.exe

C:\Windows\System\mOSigdz.exe

C:\Windows\System\MZjuINr.exe

C:\Windows\System\MZjuINr.exe

C:\Windows\System\dXNTKpS.exe

C:\Windows\System\dXNTKpS.exe

C:\Windows\System\iqSLzmw.exe

C:\Windows\System\iqSLzmw.exe

C:\Windows\System\BUKeHnI.exe

C:\Windows\System\BUKeHnI.exe

C:\Windows\System\WLjkNoJ.exe

C:\Windows\System\WLjkNoJ.exe

C:\Windows\System\KXcZlLV.exe

C:\Windows\System\KXcZlLV.exe

C:\Windows\System\DNsKCaP.exe

C:\Windows\System\DNsKCaP.exe

C:\Windows\System\hVvQoWM.exe

C:\Windows\System\hVvQoWM.exe

C:\Windows\System\uiVHoLy.exe

C:\Windows\System\uiVHoLy.exe

C:\Windows\System\cTdeUyN.exe

C:\Windows\System\cTdeUyN.exe

C:\Windows\System\JxxCPfA.exe

C:\Windows\System\JxxCPfA.exe

C:\Windows\System\ydoMsVB.exe

C:\Windows\System\ydoMsVB.exe

C:\Windows\System\hHSARNl.exe

C:\Windows\System\hHSARNl.exe

C:\Windows\System\gUoVmXw.exe

C:\Windows\System\gUoVmXw.exe

C:\Windows\System\LbwoICb.exe

C:\Windows\System\LbwoICb.exe

C:\Windows\System\daTyfqA.exe

C:\Windows\System\daTyfqA.exe

C:\Windows\System\SKoQfhR.exe

C:\Windows\System\SKoQfhR.exe

C:\Windows\System\iiSLxfY.exe

C:\Windows\System\iiSLxfY.exe

C:\Windows\System\XoqRTla.exe

C:\Windows\System\XoqRTla.exe

C:\Windows\System\hCPcurs.exe

C:\Windows\System\hCPcurs.exe

C:\Windows\System\uEuaYmD.exe

C:\Windows\System\uEuaYmD.exe

C:\Windows\System\ztIeJyE.exe

C:\Windows\System\ztIeJyE.exe

C:\Windows\System\aDFgHEB.exe

C:\Windows\System\aDFgHEB.exe

C:\Windows\System\ePCNLEZ.exe

C:\Windows\System\ePCNLEZ.exe

C:\Windows\System\AkelFUO.exe

C:\Windows\System\AkelFUO.exe

C:\Windows\System\FNGFIhI.exe

C:\Windows\System\FNGFIhI.exe

C:\Windows\System\HMREPIq.exe

C:\Windows\System\HMREPIq.exe

C:\Windows\System\krBkmfq.exe

C:\Windows\System\krBkmfq.exe

C:\Windows\System\yFAxqIj.exe

C:\Windows\System\yFAxqIj.exe

C:\Windows\System\wJrUXpU.exe

C:\Windows\System\wJrUXpU.exe

C:\Windows\System\jWxJmzy.exe

C:\Windows\System\jWxJmzy.exe

C:\Windows\System\YnUSkgP.exe

C:\Windows\System\YnUSkgP.exe

C:\Windows\System\wsklJFx.exe

C:\Windows\System\wsklJFx.exe

C:\Windows\System\IZPghvu.exe

C:\Windows\System\IZPghvu.exe

C:\Windows\System\LMXPUTn.exe

C:\Windows\System\LMXPUTn.exe

C:\Windows\System\LtQWoQc.exe

C:\Windows\System\LtQWoQc.exe

C:\Windows\System\qZykXVb.exe

C:\Windows\System\qZykXVb.exe

C:\Windows\System\uNyIqyr.exe

C:\Windows\System\uNyIqyr.exe

C:\Windows\System\bEOwdQf.exe

C:\Windows\System\bEOwdQf.exe

C:\Windows\System\HBEQfvy.exe

C:\Windows\System\HBEQfvy.exe

C:\Windows\System\KjAKyRM.exe

C:\Windows\System\KjAKyRM.exe

C:\Windows\System\aNLerNH.exe

C:\Windows\System\aNLerNH.exe

C:\Windows\System\SsuaakP.exe

C:\Windows\System\SsuaakP.exe

C:\Windows\System\mKZUESH.exe

C:\Windows\System\mKZUESH.exe

C:\Windows\System\MMadFkV.exe

C:\Windows\System\MMadFkV.exe

C:\Windows\System\xsJHsOh.exe

C:\Windows\System\xsJHsOh.exe

C:\Windows\System\wgQgQaX.exe

C:\Windows\System\wgQgQaX.exe

C:\Windows\System\QJWYXVs.exe

C:\Windows\System\QJWYXVs.exe

C:\Windows\System\WABBGyn.exe

C:\Windows\System\WABBGyn.exe

C:\Windows\System\xPlWfWB.exe

C:\Windows\System\xPlWfWB.exe

C:\Windows\System\iwPQrOW.exe

C:\Windows\System\iwPQrOW.exe

C:\Windows\System\icNWMeJ.exe

C:\Windows\System\icNWMeJ.exe

C:\Windows\System\xSIyYMI.exe

C:\Windows\System\xSIyYMI.exe

C:\Windows\System\xGKyvbB.exe

C:\Windows\System\xGKyvbB.exe

C:\Windows\System\LTMZIUL.exe

C:\Windows\System\LTMZIUL.exe

C:\Windows\System\nsImvTk.exe

C:\Windows\System\nsImvTk.exe

C:\Windows\System\cfPsmOi.exe

C:\Windows\System\cfPsmOi.exe

C:\Windows\System\jMApRKD.exe

C:\Windows\System\jMApRKD.exe

C:\Windows\System\hXyNhih.exe

C:\Windows\System\hXyNhih.exe

C:\Windows\System\uiRYvnX.exe

C:\Windows\System\uiRYvnX.exe

C:\Windows\System\GXZiHZd.exe

C:\Windows\System\GXZiHZd.exe

C:\Windows\System\AXWeepf.exe

C:\Windows\System\AXWeepf.exe

C:\Windows\System\qvMkrpC.exe

C:\Windows\System\qvMkrpC.exe

C:\Windows\System\GNhYwct.exe

C:\Windows\System\GNhYwct.exe

C:\Windows\System\OLDhocO.exe

C:\Windows\System\OLDhocO.exe

C:\Windows\System\HNhwEHX.exe

C:\Windows\System\HNhwEHX.exe

C:\Windows\System\zGUPbfX.exe

C:\Windows\System\zGUPbfX.exe

C:\Windows\System\pKjhJay.exe

C:\Windows\System\pKjhJay.exe

C:\Windows\System\mBXvXaU.exe

C:\Windows\System\mBXvXaU.exe

C:\Windows\System\tWvkSns.exe

C:\Windows\System\tWvkSns.exe

C:\Windows\System\gYCrFxn.exe

C:\Windows\System\gYCrFxn.exe

C:\Windows\System\zUZfZiY.exe

C:\Windows\System\zUZfZiY.exe

C:\Windows\System\UwvXXLv.exe

C:\Windows\System\UwvXXLv.exe

C:\Windows\System\iRsFNgl.exe

C:\Windows\System\iRsFNgl.exe

C:\Windows\System\hPuCrvB.exe

C:\Windows\System\hPuCrvB.exe

C:\Windows\System\cIloemj.exe

C:\Windows\System\cIloemj.exe

C:\Windows\System\XBhNXNw.exe

C:\Windows\System\XBhNXNw.exe

C:\Windows\System\gBMwCCR.exe

C:\Windows\System\gBMwCCR.exe

C:\Windows\System\QAFQlBq.exe

C:\Windows\System\QAFQlBq.exe

C:\Windows\System\nwdnCKB.exe

C:\Windows\System\nwdnCKB.exe

C:\Windows\System\mBDxWIb.exe

C:\Windows\System\mBDxWIb.exe

C:\Windows\System\GxyNyNE.exe

C:\Windows\System\GxyNyNE.exe

C:\Windows\System\KGjpJXM.exe

C:\Windows\System\KGjpJXM.exe

C:\Windows\System\FsqDuJd.exe

C:\Windows\System\FsqDuJd.exe

C:\Windows\System\rFZTolO.exe

C:\Windows\System\rFZTolO.exe

C:\Windows\System\ThhTobZ.exe

C:\Windows\System\ThhTobZ.exe

C:\Windows\System\SVEhOtC.exe

C:\Windows\System\SVEhOtC.exe

C:\Windows\System\LikQnWx.exe

C:\Windows\System\LikQnWx.exe

C:\Windows\System\lddzHdc.exe

C:\Windows\System\lddzHdc.exe

C:\Windows\System\tncJjuD.exe

C:\Windows\System\tncJjuD.exe

C:\Windows\System\rXkPAAS.exe

C:\Windows\System\rXkPAAS.exe

C:\Windows\System\MHeqndZ.exe

C:\Windows\System\MHeqndZ.exe

C:\Windows\System\XPHeAqH.exe

C:\Windows\System\XPHeAqH.exe

C:\Windows\System\DKkRAEK.exe

C:\Windows\System\DKkRAEK.exe

C:\Windows\System\zRCIrMK.exe

C:\Windows\System\zRCIrMK.exe

C:\Windows\System\FqcFqod.exe

C:\Windows\System\FqcFqod.exe

C:\Windows\System\JXFVZKB.exe

C:\Windows\System\JXFVZKB.exe

C:\Windows\System\YcAmjjw.exe

C:\Windows\System\YcAmjjw.exe

C:\Windows\System\uspwZhv.exe

C:\Windows\System\uspwZhv.exe

C:\Windows\System\jqPcHHy.exe

C:\Windows\System\jqPcHHy.exe

C:\Windows\System\WXSbcEQ.exe

C:\Windows\System\WXSbcEQ.exe

C:\Windows\System\FuzmQJE.exe

C:\Windows\System\FuzmQJE.exe

C:\Windows\System\uAhCTth.exe

C:\Windows\System\uAhCTth.exe

C:\Windows\System\EuEyQyZ.exe

C:\Windows\System\EuEyQyZ.exe

C:\Windows\System\wMyyuZZ.exe

C:\Windows\System\wMyyuZZ.exe

C:\Windows\System\hRddpjL.exe

C:\Windows\System\hRddpjL.exe

C:\Windows\System\dolZKbb.exe

C:\Windows\System\dolZKbb.exe

C:\Windows\System\XWIVmhz.exe

C:\Windows\System\XWIVmhz.exe

C:\Windows\System\lsfUEbq.exe

C:\Windows\System\lsfUEbq.exe

C:\Windows\System\bNVXyDe.exe

C:\Windows\System\bNVXyDe.exe

C:\Windows\System\tEwYDmm.exe

C:\Windows\System\tEwYDmm.exe

C:\Windows\System\okcOEKm.exe

C:\Windows\System\okcOEKm.exe

C:\Windows\System\NdWTNGr.exe

C:\Windows\System\NdWTNGr.exe

C:\Windows\System\UAtxjmn.exe

C:\Windows\System\UAtxjmn.exe

C:\Windows\System\azAsrJl.exe

C:\Windows\System\azAsrJl.exe

C:\Windows\System\Dmvytcl.exe

C:\Windows\System\Dmvytcl.exe

C:\Windows\System\LPfVPFE.exe

C:\Windows\System\LPfVPFE.exe

C:\Windows\System\ctFuKWh.exe

C:\Windows\System\ctFuKWh.exe

C:\Windows\System\tOpUrbX.exe

C:\Windows\System\tOpUrbX.exe

C:\Windows\System\CdgYnQn.exe

C:\Windows\System\CdgYnQn.exe

C:\Windows\System\pitipPM.exe

C:\Windows\System\pitipPM.exe

C:\Windows\System\rtddZYx.exe

C:\Windows\System\rtddZYx.exe

C:\Windows\System\YUeWniI.exe

C:\Windows\System\YUeWniI.exe

C:\Windows\System\pHzLfHg.exe

C:\Windows\System\pHzLfHg.exe

C:\Windows\System\OfCmpWj.exe

C:\Windows\System\OfCmpWj.exe

C:\Windows\System\JNTYFJB.exe

C:\Windows\System\JNTYFJB.exe

C:\Windows\System\SKMOpue.exe

C:\Windows\System\SKMOpue.exe

C:\Windows\System\FRcDppQ.exe

C:\Windows\System\FRcDppQ.exe

C:\Windows\System\UPJDbCk.exe

C:\Windows\System\UPJDbCk.exe

C:\Windows\System\txXDpdj.exe

C:\Windows\System\txXDpdj.exe

C:\Windows\System\rSKBTWf.exe

C:\Windows\System\rSKBTWf.exe

C:\Windows\System\hitTBJD.exe

C:\Windows\System\hitTBJD.exe

C:\Windows\System\DjDKFeq.exe

C:\Windows\System\DjDKFeq.exe

C:\Windows\System\DweMots.exe

C:\Windows\System\DweMots.exe

C:\Windows\System\NQavKpK.exe

C:\Windows\System\NQavKpK.exe

C:\Windows\System\DfWsSDK.exe

C:\Windows\System\DfWsSDK.exe

C:\Windows\System\yJkusTg.exe

C:\Windows\System\yJkusTg.exe

C:\Windows\System\VAJTUjQ.exe

C:\Windows\System\VAJTUjQ.exe

C:\Windows\System\DsmQTtx.exe

C:\Windows\System\DsmQTtx.exe

C:\Windows\System\GddjTTG.exe

C:\Windows\System\GddjTTG.exe

C:\Windows\System\AjwLTDw.exe

C:\Windows\System\AjwLTDw.exe

C:\Windows\System\eycoHwW.exe

C:\Windows\System\eycoHwW.exe

C:\Windows\System\pUkcdhE.exe

C:\Windows\System\pUkcdhE.exe

C:\Windows\System\PjTJVJX.exe

C:\Windows\System\PjTJVJX.exe

C:\Windows\System\HHMRPqR.exe

C:\Windows\System\HHMRPqR.exe

C:\Windows\System\LDHauDQ.exe

C:\Windows\System\LDHauDQ.exe

C:\Windows\System\jtAOnsA.exe

C:\Windows\System\jtAOnsA.exe

C:\Windows\System\mJzqQXd.exe

C:\Windows\System\mJzqQXd.exe

C:\Windows\System\fJgiljm.exe

C:\Windows\System\fJgiljm.exe

C:\Windows\System\ZWixXaH.exe

C:\Windows\System\ZWixXaH.exe

C:\Windows\System\gdyFMjI.exe

C:\Windows\System\gdyFMjI.exe

C:\Windows\System\eNJxfeX.exe

C:\Windows\System\eNJxfeX.exe

C:\Windows\System\WQSBAvy.exe

C:\Windows\System\WQSBAvy.exe

C:\Windows\System\dSfoYEp.exe

C:\Windows\System\dSfoYEp.exe

C:\Windows\System\lTafirr.exe

C:\Windows\System\lTafirr.exe

C:\Windows\System\wGRfHCn.exe

C:\Windows\System\wGRfHCn.exe

C:\Windows\System\OhaMeSI.exe

C:\Windows\System\OhaMeSI.exe

C:\Windows\System\FMhTNVl.exe

C:\Windows\System\FMhTNVl.exe

C:\Windows\System\HIhauwZ.exe

C:\Windows\System\HIhauwZ.exe

C:\Windows\System\lCzgWCR.exe

C:\Windows\System\lCzgWCR.exe

C:\Windows\System\RQDpPOl.exe

C:\Windows\System\RQDpPOl.exe

C:\Windows\System\eVurnHO.exe

C:\Windows\System\eVurnHO.exe

C:\Windows\System\HoDzAts.exe

C:\Windows\System\HoDzAts.exe

C:\Windows\System\blgOluf.exe

C:\Windows\System\blgOluf.exe

C:\Windows\System\dxWAwZG.exe

C:\Windows\System\dxWAwZG.exe

C:\Windows\System\eiUZjqP.exe

C:\Windows\System\eiUZjqP.exe

C:\Windows\System\ZhOkEbi.exe

C:\Windows\System\ZhOkEbi.exe

C:\Windows\System\UbDxNmu.exe

C:\Windows\System\UbDxNmu.exe

C:\Windows\System\vndAsOS.exe

C:\Windows\System\vndAsOS.exe

C:\Windows\System\cQUTWGq.exe

C:\Windows\System\cQUTWGq.exe

C:\Windows\System\CoXOzIi.exe

C:\Windows\System\CoXOzIi.exe

C:\Windows\System\nQUuONk.exe

C:\Windows\System\nQUuONk.exe

C:\Windows\System\UMcFDsS.exe

C:\Windows\System\UMcFDsS.exe

C:\Windows\System\epBYVmJ.exe

C:\Windows\System\epBYVmJ.exe

C:\Windows\System\WzNHsKw.exe

C:\Windows\System\WzNHsKw.exe

C:\Windows\System\SnShqiZ.exe

C:\Windows\System\SnShqiZ.exe

C:\Windows\System\AjIdSzT.exe

C:\Windows\System\AjIdSzT.exe

C:\Windows\System\PLHICGx.exe

C:\Windows\System\PLHICGx.exe

C:\Windows\System\titGYbl.exe

C:\Windows\System\titGYbl.exe

C:\Windows\System\QCGMVbh.exe

C:\Windows\System\QCGMVbh.exe

C:\Windows\System\wsRASzF.exe

C:\Windows\System\wsRASzF.exe

C:\Windows\System\SATXNoP.exe

C:\Windows\System\SATXNoP.exe

C:\Windows\System\RfHRNzu.exe

C:\Windows\System\RfHRNzu.exe

C:\Windows\System\hynknYY.exe

C:\Windows\System\hynknYY.exe

C:\Windows\System\fosXroa.exe

C:\Windows\System\fosXroa.exe

C:\Windows\System\rorDzpf.exe

C:\Windows\System\rorDzpf.exe

C:\Windows\System\aybcpEQ.exe

C:\Windows\System\aybcpEQ.exe

C:\Windows\System\LDGGyCg.exe

C:\Windows\System\LDGGyCg.exe

C:\Windows\System\dkfHPej.exe

C:\Windows\System\dkfHPej.exe

C:\Windows\System\ZzbGsPJ.exe

C:\Windows\System\ZzbGsPJ.exe

C:\Windows\System\brqIenR.exe

C:\Windows\System\brqIenR.exe

C:\Windows\System\OZTsfMJ.exe

C:\Windows\System\OZTsfMJ.exe

C:\Windows\System\oZcURZB.exe

C:\Windows\System\oZcURZB.exe

C:\Windows\System\VoOlILy.exe

C:\Windows\System\VoOlILy.exe

C:\Windows\System\CevMAjV.exe

C:\Windows\System\CevMAjV.exe

C:\Windows\System\mcpMJoY.exe

C:\Windows\System\mcpMJoY.exe

C:\Windows\System\AlbfxYM.exe

C:\Windows\System\AlbfxYM.exe

C:\Windows\System\MzgtvFi.exe

C:\Windows\System\MzgtvFi.exe

C:\Windows\System\aHEOqEJ.exe

C:\Windows\System\aHEOqEJ.exe

C:\Windows\System\jaPtXjJ.exe

C:\Windows\System\jaPtXjJ.exe

C:\Windows\System\JPVwwMo.exe

C:\Windows\System\JPVwwMo.exe

C:\Windows\System\BxTVupz.exe

C:\Windows\System\BxTVupz.exe

C:\Windows\System\vGjjIlO.exe

C:\Windows\System\vGjjIlO.exe

C:\Windows\System\JYNxjlA.exe

C:\Windows\System\JYNxjlA.exe

C:\Windows\System\HFjyHer.exe

C:\Windows\System\HFjyHer.exe

C:\Windows\System\jXsKdAy.exe

C:\Windows\System\jXsKdAy.exe

C:\Windows\System\HJECQFa.exe

C:\Windows\System\HJECQFa.exe

C:\Windows\System\iyFlhuz.exe

C:\Windows\System\iyFlhuz.exe

C:\Windows\System\ginMYFa.exe

C:\Windows\System\ginMYFa.exe

C:\Windows\System\ozyOQBU.exe

C:\Windows\System\ozyOQBU.exe

C:\Windows\System\XsMcSGh.exe

C:\Windows\System\XsMcSGh.exe

C:\Windows\System\cQREUuF.exe

C:\Windows\System\cQREUuF.exe

C:\Windows\System\xSLeuKw.exe

C:\Windows\System\xSLeuKw.exe

C:\Windows\System\uCmJPaQ.exe

C:\Windows\System\uCmJPaQ.exe

C:\Windows\System\ZzgIlcd.exe

C:\Windows\System\ZzgIlcd.exe

C:\Windows\System\UsmzgtH.exe

C:\Windows\System\UsmzgtH.exe

C:\Windows\System\UxAmjsH.exe

C:\Windows\System\UxAmjsH.exe

C:\Windows\System\CEQODBP.exe

C:\Windows\System\CEQODBP.exe

C:\Windows\System\fzkckMX.exe

C:\Windows\System\fzkckMX.exe

C:\Windows\System\mbxXRTl.exe

C:\Windows\System\mbxXRTl.exe

C:\Windows\System\PDFkJAf.exe

C:\Windows\System\PDFkJAf.exe

C:\Windows\System\SCiergC.exe

C:\Windows\System\SCiergC.exe

C:\Windows\System\gICXMhE.exe

C:\Windows\System\gICXMhE.exe

C:\Windows\System\MqdNOHn.exe

C:\Windows\System\MqdNOHn.exe

C:\Windows\System\znQUULI.exe

C:\Windows\System\znQUULI.exe

C:\Windows\System\HNvHJIM.exe

C:\Windows\System\HNvHJIM.exe

C:\Windows\System\PAwuPQj.exe

C:\Windows\System\PAwuPQj.exe

C:\Windows\System\ozTqJVY.exe

C:\Windows\System\ozTqJVY.exe

C:\Windows\System\HTxhaIx.exe

C:\Windows\System\HTxhaIx.exe

C:\Windows\System\OTEgKNg.exe

C:\Windows\System\OTEgKNg.exe

C:\Windows\System\RRINjMH.exe

C:\Windows\System\RRINjMH.exe

C:\Windows\System\nkCxbVw.exe

C:\Windows\System\nkCxbVw.exe

C:\Windows\System\GBRZdGy.exe

C:\Windows\System\GBRZdGy.exe

C:\Windows\System\gsNsBIY.exe

C:\Windows\System\gsNsBIY.exe

C:\Windows\System\anlTobB.exe

C:\Windows\System\anlTobB.exe

C:\Windows\System\hFhSVQA.exe

C:\Windows\System\hFhSVQA.exe

C:\Windows\System\flZeMGz.exe

C:\Windows\System\flZeMGz.exe

C:\Windows\System\JOkSlyZ.exe

C:\Windows\System\JOkSlyZ.exe

C:\Windows\System\hogdEOS.exe

C:\Windows\System\hogdEOS.exe

C:\Windows\System\aqHFgEy.exe

C:\Windows\System\aqHFgEy.exe

C:\Windows\System\rYPVxYq.exe

C:\Windows\System\rYPVxYq.exe

C:\Windows\System\HYvOzDK.exe

C:\Windows\System\HYvOzDK.exe

C:\Windows\System\OBBpZXD.exe

C:\Windows\System\OBBpZXD.exe

C:\Windows\System\jjHuHBZ.exe

C:\Windows\System\jjHuHBZ.exe

C:\Windows\System\EdMNdQM.exe

C:\Windows\System\EdMNdQM.exe

C:\Windows\System\baWZesW.exe

C:\Windows\System\baWZesW.exe

C:\Windows\System\VqCmoWY.exe

C:\Windows\System\VqCmoWY.exe

C:\Windows\System\WzeUwpj.exe

C:\Windows\System\WzeUwpj.exe

C:\Windows\System\KFlUomi.exe

C:\Windows\System\KFlUomi.exe

C:\Windows\System\lhidQHF.exe

C:\Windows\System\lhidQHF.exe

C:\Windows\System\XoPkjLr.exe

C:\Windows\System\XoPkjLr.exe

C:\Windows\System\nZXnIeY.exe

C:\Windows\System\nZXnIeY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1916-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\XaVNdEn.exe

MD5 93c7e355353b298cecc4b0dfc018169f
SHA1 2eb78d5770d256f18ef4a2d674e4367d73edb292
SHA256 4afeb2f894c9e159cda9a47a6a2a1b40c66dfd7bb49b92d28faeef276952dfb5
SHA512 47646bff0ce63feea5dd590b2d6e6e08fc2ea1a1e2ccdde221a9234e88f4cb78d101bf5cc2e1809cead412a33cfd28641dc8094cc198bcac4b2c36ad99b84dd7

\Windows\system\opkhfYO.exe

MD5 a5d0cf4998540bcee0aa92074d4cc622
SHA1 eb2ffe545e03e93ac4a8855d7c9d05a8793a5148
SHA256 bca3e743abe3a8aba3083fc9f1ae7cc304f5641636f53a79c1fb44e52fe3c881
SHA512 34ac3fdf90ce102c0286e95f8cced882d2995924a3c86dc381549546f311dd371b0bc687c3717592fabb9b6d4d2a79746c079a0a24fda326df658ec76a5d9a8b

C:\Windows\system\hNNjywh.exe

MD5 ca085302c986e48b5d40b31bc8e8b14a
SHA1 a2792dfaf39ed96bce0df111ed4cb261a1e6bb3e
SHA256 df08cabd9b93ea7741567112c546c6a5351c320ad31668f47d9954b7cf37756b
SHA512 0422694ef8df5c67e92fb3bca365a63fd240be35700dbecd96cc6feb234afb0f7a17729fa22caea1b5aa7b496a3beef5dfb2c00a6f074e8cfce6b0d96872b326

C:\Windows\system\qgvRFyw.exe

MD5 7a27303fe66194637c63c10153fab785
SHA1 ab0e17a0e35e41f4dc296f04019445b5518eb638
SHA256 acda63aab6ac7fef1417a1ece7081ee237b0687bbb3b8c65a84f26a6bfe9076d
SHA512 e11287fd851ceba5a622490fcf3ac1908aae45ea6a064d0e28d704500c941b72620e23b67199081f28d91cbc6111ae53a430217229ba60f3137ec0e2b782df8e

C:\Windows\system\HJHDaJZ.exe

MD5 73f3267c14ca6aa1c408831b95a2e4b3
SHA1 2606a3cab7b4943aef2fc57144db0c68cdaa0efa
SHA256 f7dfd31bd1433f65f6a3ca033090b9b9af3decd3b696dbe830e4d8b5da6c0db2
SHA512 636ac00075552ed509554bdf3832ab4c072917f4fb214b59ce9019f19257871429844c0ecd85ccbaaf00f59a36f933e74d7b59ee5eebc08970f892d657fa30c6

\Windows\system\nQVOEZt.exe

MD5 3b883adc0fb200241fd6996c2d9e0a35
SHA1 58c07e6c585e0222ea6858b6b88a4f434a2b9ea0
SHA256 0dd676546086d45d4cb3e8f2d79c5af4a7256f141e1bad1874a26553d1fa19af
SHA512 9818b3f1cee710e5b2a7d827ab80ccdae7acc9ac351113c6fe188d85f6138f90aa994348deeabc40161168acabc5138d45c84a239e643646308e5d6ec55363de

\Windows\system\DPkQmdB.exe

MD5 087ec7aaf03c674b53e9706df39e09b8
SHA1 17149bcfae35eac732ea81d56eee7b68e3335e59
SHA256 64cd06b5ace927abef8ea908be663cd33bd600e5cb2d2f91df618a4d6860bdb6
SHA512 44e9ff17d4e42e1b9a25c36d369d1f5fa05c5ef7f8aa95ff69766db05e7e0d9a786350431c9e9ddb801d7a37e997cc69e1196c76392ea65e6a0730750ee2961a

C:\Windows\system\GoOPOvT.exe

MD5 8d10c0e16aae0a9f543b2d17d47576db
SHA1 2fe3dda33c5f7918d4fd5758600134b4f02180d0
SHA256 dedd9adead2ccdb1c1c5afa9fb24d5109dee861bef6132fda5d2279d9ac653a3
SHA512 4f22b9b38b2734430d12ed0f8f42fe743e40809a2cbcfeef7f9bbe07ef34b733fb54b024e0162c10619537247ebd45493ea0b534330854be78fec4fe64c5f77d

C:\Windows\system\DDMjBWD.exe

MD5 c9189efa659333b9c5909423adb47f38
SHA1 eb38686a09015363542c86cbbcef7075255e1de5
SHA256 20136e132bc1eedfeef62d738d2d8a645b6335316fdfcbc0475dd8df692c3383
SHA512 d655f3c210a74d2539c790655cb17da80cc718e2de2f8906d465984aa9d4e2bef1133d17988ae09315c1afa04a0878a79e496bfae06732cc7c37a5b3d5ca35f8

C:\Windows\system\CUTuaWC.exe

MD5 dc32b52a9db9acdee07cce69ef400067
SHA1 6fbec4294d06d533dba25c85bd4099bac69fb421
SHA256 fbe52472f883f02d90d38fa39ed64a59c1d6d22d2eeb398248ce2109306b7d29
SHA512 8ff606f4d41d47a308eb0bb9fab82ea1b5a563d989d5b1b54079b52aa0e3ea535bf21f1bcce86856b01dfbbfa198849c529c744a478e89445910a3a02cad36a6

C:\Windows\system\SduIjkv.exe

MD5 4a0e846b06b70501e0beab784f792cfd
SHA1 ca18fab2ab982d0cde933a1aa5b538f0bfa48ecf
SHA256 96b785a3ed6c9382d59dbb01e868da88c482fb7faee8faa6ecb310bad72494fc
SHA512 fdcca136b66a21eedd110985d67211b825a1e101a3cebc14902b242bd23afea81d1c875ebc7003e28020f4c72db663440c3ba036ca52882797a46ced5496be89

C:\Windows\system\pcAHUsl.exe

MD5 5e882a224b4c8565bf0dfd42bd78eed1
SHA1 2029c89b7172aee783f5a502017b00146d3bbce1
SHA256 09f98acf012b41138a15f370ba3bfa0fdde1190aa54ee7a221350060b8537bb6
SHA512 f4fe8f9d70fbbfa48f9e06920700a8eb64a3aca1b624f6aece650bf0de98bb8fe3ef910c035dabe8e8abaf0b7f0c66ba9096c2ab19c22285ed58d1dc407f8fd2

C:\Windows\system\VIPmYRc.exe

MD5 1d78fa3c3743ea17a7ba78919b1b5295
SHA1 5b1ee1d2e628e77b858c9b954b60da05eb05d0c4
SHA256 fe57e7be26c6ad69001d07677de974865dfd0211c2e647a4de0c8ebc9b74b537
SHA512 b070d9aa2c911c3e90fbd627db0cf4ce5af4a9a2cf97ebca1c23185180f765f7fc1776c0faa64e3943fef402bebf9f81e322a10142380381a7b9fe06bd453a5c

C:\Windows\system\CMMBqYZ.exe

MD5 65606449aa07bab5e6c26ace9ec46094
SHA1 56c7743703fbd86580a8844df15f706f2d89ff70
SHA256 37a07842003dbec7fdf532872c9860cbfc471a6ea154f89345a3f2e108f0dcac
SHA512 dd54cdbf69429c9551d6743d2364043b51773d429fbfb38cc82abda7778b6f0f70c4a1b0c1fc6cd33b64035d325c34bba0cfb5f06849b7a12f6c5b366d4179e1

C:\Windows\system\hKEDxXB.exe

MD5 20b33dfbbbbc28ff5cb78df2e545942e
SHA1 d2cd759dd0de356cb9bc243f905c5753b2f9f998
SHA256 043640e33e4417882b88aded4dfd912d6fb176257d15c156ace128d95ac4cc14
SHA512 a54dbd9c7880b737155440c2bece4ccc39b4dce59d05bb893c230c65e39efcd35d11b5bf9f05ca2ea9dd95680b351c33e8f62640888296e82907ddd7f41d64a3

C:\Windows\system\ueleRdG.exe

MD5 4aa976cbd22b98ac6cf276ab1519357a
SHA1 fa93d7761af09965fe8c5e5c7f2e6e7f5fbe38bd
SHA256 624afbdf2429a4762ae2e24fa8e7bd4633a817036484af70740f2d223f348c39
SHA512 118a1eea67225cd5e17d1fa735ac9a65fc00ba436abe50c10fc4b129c0ee7ebd59c2fbb73e6470dab3e1fff0e2dd36206faff5920c4218e5eac114ce1ba83e84

C:\Windows\system\oBEEGjD.exe

MD5 2c740660ae86f5960c072bb667b496f9
SHA1 627160e8fd3f0466b9d2f5bb4bdd157e3cef9342
SHA256 43b19f9626366c2540350662500e014ba07067bf43cb1a22073c30f1fcdc5cea
SHA512 d2f1fb9bb57ff4ff52053b38396c9661f8b3226103a6ae0034cc4f1f1aa149fcd2f690954bfc587d82a98fb614ab4b7d3a2a4b4cbe42492f180202e43fefbf7c

C:\Windows\system\tBcjANA.exe

MD5 983db4e44a5dbd09f04142df623f403a
SHA1 06588240d9d309741264256ad6f15562dfc2a510
SHA256 214fe1e16ec0d92a227a30cccbf5e6443c62d8874979ecc58572b734a375e7b5
SHA512 19fa3cfe8aa423fca121475dafae8759645ce8fc06affcbab5d6140f5892825953f938af57717342af85d22a933f6b8efb75a65a5fcfd8202120ae37242ad7f5

C:\Windows\system\Wmengkr.exe

MD5 f2f151d9bb160b4bfe453bc4a2e492c2
SHA1 195b897d233d137a6bb11a728a3920b8d95686dc
SHA256 5dbae801453ff6bd198c0d2874289b70658591231f915f2271fb57a0b02ab6d8
SHA512 7d8345de8095489fc9b7c217fa8269aa84b712519c11c24e87bf1852234f31b036d0ec7b6186020acc1aa7839d2d670db65da3b977be9d8af74b4ab4a795152c

C:\Windows\system\PgLakYW.exe

MD5 2079c6e1c2f2bae1ffed67f9d1a9cda7
SHA1 6888d8c6ebe4adef217276a686e7eb7984f900ae
SHA256 fa370e15ea9a56f35bf568b355cf2868a2b270b6d00136e168a0a073ca5bc0eb
SHA512 af788ecf744241d6acb2f8ddf2118b7a869c9df082c51e9f46e003fd1d4a5f5ad7ffa7f8ae78b73e77a688a516cc2be7316351afa7f3209f809b627a5e7eea18

C:\Windows\system\PDPforf.exe

MD5 98f3668d03491fc8702eaf3efad451c5
SHA1 1a54b3a60dbe612959e0c5fdb298f506e5bf2c91
SHA256 acc85d5e3614db5f5e54be5519297260b0f19d2e380c1f7ee251ee82253897bd
SHA512 04024c5f809d1ea69a8fb8c6b80bb389ebdb3ed74edc7424547f6c87eaec941e61642cde0b0f660ffb0994716b4591dbff79994f18dfb98c1473eba09b7ea5f5

C:\Windows\system\vnuaafd.exe

MD5 122070372c28edd64f0911eff06498ce
SHA1 0458b1f9bd128c084c889e1b2df47164b6945556
SHA256 4cdf3577c7a44c8de18d62e91995ff1845a149e33857c4c599db3563d6220fde
SHA512 45d4ea26fc1e15eb93c58854cc44f7a3f3dbec317e109e4e9153edcc6f30d9ee3d7deb63c20aa2e85b1ad7e46a0a0a6ec2168a45b412d6d5d12c2af08430b464

C:\Windows\system\ONyeWXO.exe

MD5 330d8e4b22ffd16a29199bf62853dc34
SHA1 207edc5462a9e84701976516fec24e5bb5b97a35
SHA256 d897544c9d1846e92ae07edbef60ee477e4b53b52adbcd1385759a44ce8f3ff5
SHA512 f0cc0db9fa7aaecb6f9e0ac80beafc1ffdc8a0f2ed2dc338453ccc408ec5ae67d5d3b1b51249671ab104384d43b0cd0add478d51b369e31cc55ff78113671bdb

C:\Windows\system\KnrjSTr.exe

MD5 b6fb4ebc159cfd497c47f7264fb7391f
SHA1 247e06d4ce25cd92663ccd343bd8dfbda093b0d6
SHA256 220fe5b8e1e20df66edaceda5a67f694789b521e0f40f8988434257953e5ac71
SHA512 2bcdb31cc3b6311d5153e8628d9114b9a376eb8548c5dd50bac2fb7e499997bea96af7620c4ec3b64f96140401052683b778a126d2d4429d1150f4b8072531be

C:\Windows\system\lEqSjAc.exe

MD5 2f8e411ab8609dedcc5cc2eb46624e67
SHA1 5860ad09b5073a2c19d16f2751f078d43f8a6ce6
SHA256 959a0abf719ba5bc824276a3b84ae7485a084662be02f7d33a616553eac6d6ad
SHA512 20f1085ac43106baf6f12214a7f15bf7b72721f7d778f52cf4ad61a7e84c18406a2766fc65700930abb3ccf113db3f27b8c5ebb2eb452295e1dacbd4936dbf77

C:\Windows\system\JheHBWL.exe

MD5 41b6d8c50163eac9e8e4624fd6ff5a5d
SHA1 a3ac0bc085c364186b024c963b69098d53e4eae5
SHA256 37f6d515ccb8aa5acf13b5f4e8e7f6768061f24f32924e381c4b0f19562b317c
SHA512 80d2fa2a8d21c3c0d6f2c8a1ad218059ead10fb00a7fcefd630cedd33a94bd1bceac35561ffced8165d168c34d532316cb05fcbd776ff81d49d5a574a0f710c7

C:\Windows\system\gHeVFgZ.exe

MD5 aafa859bbd0e902f7d6236b696f2fc45
SHA1 fc1f09b5805197410a36ffe5edc362c1e0a70624
SHA256 6aeb5ce1ee342441cc3c4cbb7e7b8babc0cd2d383d46f638bd64c7d12e616759
SHA512 987b9f7a23ddf34c9bee230ac4c4e5f836a809dc82598ee145185dfdc59acf964f6156d519dd6350e9f1df3fd631603c50deb915364f455a25be12ce87b5fa34

C:\Windows\system\itYqyAR.exe

MD5 fa90a3bbc369c769e00a0970ae0e8eb4
SHA1 b4bae8fa1ff33b34422f2fc20ef0a16c9927828d
SHA256 12bbf4130ec41878af54da32fa8e3da8180392864e667ac061e7691c10d97ae4
SHA512 86cc1b12e2f9109fc3485ca807a5eacd7b7dae6a7ce114f324d262d35be4b4d635b96f5e30c2309b7c3d11eb33b35d240286cef952b6e6d7fb873a517178785c

C:\Windows\system\iIAIDpX.exe

MD5 432336dd3aff867828e924619eac3657
SHA1 2d558e28084b1e7fc3ed8010dda4f68070400f1a
SHA256 92b0ee74e496768046b9e365ad0d97078ab6e90ddfea6ba8714774c8791f7235
SHA512 b0b5764c3716595febd9097edf9f3429292ba7bd41b84a96de042eb55ff955d3adf69ff8a31cf4f0faee6e0eed6066e2da4f9fffd94cae70289c5e80274ce430

C:\Windows\system\lDMRFnU.exe

MD5 3947aa53bf095a44e25bcc418c0d2c09
SHA1 ad8577ffff372dcf90eae66ba5f60f0f2c1f9629
SHA256 3db7e317e22ba4048eef93685c09e7131a910708dbe53c502804ed1f46bbbcc0
SHA512 eda5d6d0a9a137f02f9483f248a083b315fe95659d5a664f152e97d889c16c8ae51d088bd80a0858d7212744a19de5e7abe2fc732437c10aaf3fd2ce09d28a18

C:\Windows\system\jiMGujl.exe

MD5 20f9ec76f17f3459dcd9c2ab9359aab2
SHA1 f9c4db71ca7686cbcaa9f47addcba59468c2117e
SHA256 459b8f8d6227e3e4b70c3045d676c22d3807adaf6fe67506ca6707bf7c5c8645
SHA512 65778da5bfc6e99ffaf9a3581f823feb22ccaf05e65b9e82779e9762e8c168a7a9e01a21eedf33c1b7cdc3a15d4a897cde3d2576c22553cf2ec5ebbbe0bf2f0f

C:\Windows\system\oWupYwT.exe

MD5 fd8e903f081e5720f8a24d15f4407ce4
SHA1 25838461ef0114a686181b1959a8217af0e30a9e
SHA256 8462cb25a493a0770d06680be5070c01c4aefb54076aa574bfb014f458a6805c
SHA512 8fa9a90a275c6ec27ae66b9a118ad80346659ffd4033689d922ef2cabb2464031767b9304d9b1389e40a79e907d90c0fd26399c901644e2afe0fe6d5ee6caeb4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 14:57

Reported

2024-06-20 15:00

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dnRgOxX.exe N/A
N/A N/A C:\Windows\System\VHXpjis.exe N/A
N/A N/A C:\Windows\System\zwXtYZv.exe N/A
N/A N/A C:\Windows\System\yoDumBT.exe N/A
N/A N/A C:\Windows\System\oTtsIQO.exe N/A
N/A N/A C:\Windows\System\zqfqopR.exe N/A
N/A N/A C:\Windows\System\aCJkyTe.exe N/A
N/A N/A C:\Windows\System\plGQopA.exe N/A
N/A N/A C:\Windows\System\kjdUkoP.exe N/A
N/A N/A C:\Windows\System\OrvXEsq.exe N/A
N/A N/A C:\Windows\System\oTHQINT.exe N/A
N/A N/A C:\Windows\System\HDGEIIw.exe N/A
N/A N/A C:\Windows\System\bpsyYju.exe N/A
N/A N/A C:\Windows\System\awpwsuc.exe N/A
N/A N/A C:\Windows\System\jFyWyqM.exe N/A
N/A N/A C:\Windows\System\GwhMduA.exe N/A
N/A N/A C:\Windows\System\boEwQTQ.exe N/A
N/A N/A C:\Windows\System\cDFCNNU.exe N/A
N/A N/A C:\Windows\System\gUMbfRP.exe N/A
N/A N/A C:\Windows\System\rcfuRKd.exe N/A
N/A N/A C:\Windows\System\MPQtjOb.exe N/A
N/A N/A C:\Windows\System\yIYzLeg.exe N/A
N/A N/A C:\Windows\System\GqqPjPT.exe N/A
N/A N/A C:\Windows\System\AyJjeRX.exe N/A
N/A N/A C:\Windows\System\MZZyVTp.exe N/A
N/A N/A C:\Windows\System\AomQdwp.exe N/A
N/A N/A C:\Windows\System\gzrHaBi.exe N/A
N/A N/A C:\Windows\System\NYIpuqq.exe N/A
N/A N/A C:\Windows\System\NngdcSl.exe N/A
N/A N/A C:\Windows\System\iRYqbOM.exe N/A
N/A N/A C:\Windows\System\hPSxNwE.exe N/A
N/A N/A C:\Windows\System\pPrxNCK.exe N/A
N/A N/A C:\Windows\System\BMuWZOe.exe N/A
N/A N/A C:\Windows\System\RrxUJIy.exe N/A
N/A N/A C:\Windows\System\rrpYXBh.exe N/A
N/A N/A C:\Windows\System\zDsexiE.exe N/A
N/A N/A C:\Windows\System\GNNdkFE.exe N/A
N/A N/A C:\Windows\System\NpzhTSX.exe N/A
N/A N/A C:\Windows\System\atSNloW.exe N/A
N/A N/A C:\Windows\System\qpYUibo.exe N/A
N/A N/A C:\Windows\System\phSvgfH.exe N/A
N/A N/A C:\Windows\System\MEtXdAp.exe N/A
N/A N/A C:\Windows\System\MvPrbcH.exe N/A
N/A N/A C:\Windows\System\sJagLnP.exe N/A
N/A N/A C:\Windows\System\nfHFjqH.exe N/A
N/A N/A C:\Windows\System\KAjsVJc.exe N/A
N/A N/A C:\Windows\System\JglCgPz.exe N/A
N/A N/A C:\Windows\System\lDGmrAL.exe N/A
N/A N/A C:\Windows\System\CHseang.exe N/A
N/A N/A C:\Windows\System\rhcmWAl.exe N/A
N/A N/A C:\Windows\System\ctYIDsd.exe N/A
N/A N/A C:\Windows\System\HcAjzXA.exe N/A
N/A N/A C:\Windows\System\OLLHofe.exe N/A
N/A N/A C:\Windows\System\yKHrpGb.exe N/A
N/A N/A C:\Windows\System\kcchArD.exe N/A
N/A N/A C:\Windows\System\JgsFwsu.exe N/A
N/A N/A C:\Windows\System\osxAgjC.exe N/A
N/A N/A C:\Windows\System\xqWQKUP.exe N/A
N/A N/A C:\Windows\System\ZpFiMdd.exe N/A
N/A N/A C:\Windows\System\BnOYNye.exe N/A
N/A N/A C:\Windows\System\IcRFTqE.exe N/A
N/A N/A C:\Windows\System\rQmnSfT.exe N/A
N/A N/A C:\Windows\System\vhLOOvp.exe N/A
N/A N/A C:\Windows\System\lrSoMRh.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GAUVWrN.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sGyDCiZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTHQINT.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rcfuRKd.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\qpYUibo.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\DogSUjw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmuKVCx.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\LPrKCoN.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nUPJvma.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYIpuqq.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\osxAgjC.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\gQfctFo.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsRndEs.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXPzhCr.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqYwpTL.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ctYIDsd.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uiXGhGQ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySkNIhD.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\xTDjVGz.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHWfpKA.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQoNlSj.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKFJVbO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\hXKjhoj.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwtkVZp.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKOJoAY.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIYzLeg.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZxQwzF.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mREQIjw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzcBGCT.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjpqEWA.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\SchuJlH.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYBTzwF.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGQGfZs.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\aCJkyTe.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sJagLnP.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMZZFiO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\UShspAE.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\EUVOThq.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nMLtevx.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMpiqNL.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTtsIQO.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORjyoiT.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgybuRT.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pYJxsPf.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\RObbAPY.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrJMNwC.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCInDCB.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJEIOVj.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntHaWCc.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\phSvgfH.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GwhMduA.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJQpHPg.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\TovHXed.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYYMVIs.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGxuwzW.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\bqEPdCZ.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDGEIIw.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uEUcngc.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGfSZnF.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQnpJeg.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZFvmmB.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlNnlAC.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\atSNloW.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnHfnvs.exe C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3896 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\dnRgOxX.exe
PID 3896 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\dnRgOxX.exe
PID 3896 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\VHXpjis.exe
PID 3896 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\VHXpjis.exe
PID 3896 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\zwXtYZv.exe
PID 3896 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\zwXtYZv.exe
PID 3896 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\yoDumBT.exe
PID 3896 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\yoDumBT.exe
PID 3896 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oTtsIQO.exe
PID 3896 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oTtsIQO.exe
PID 3896 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\zqfqopR.exe
PID 3896 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\zqfqopR.exe
PID 3896 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\aCJkyTe.exe
PID 3896 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\aCJkyTe.exe
PID 3896 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\plGQopA.exe
PID 3896 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\plGQopA.exe
PID 3896 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\kjdUkoP.exe
PID 3896 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\kjdUkoP.exe
PID 3896 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\OrvXEsq.exe
PID 3896 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\OrvXEsq.exe
PID 3896 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oTHQINT.exe
PID 3896 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\oTHQINT.exe
PID 3896 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\HDGEIIw.exe
PID 3896 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\HDGEIIw.exe
PID 3896 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\bpsyYju.exe
PID 3896 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\bpsyYju.exe
PID 3896 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\awpwsuc.exe
PID 3896 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\awpwsuc.exe
PID 3896 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\jFyWyqM.exe
PID 3896 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\jFyWyqM.exe
PID 3896 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GwhMduA.exe
PID 3896 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GwhMduA.exe
PID 3896 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\boEwQTQ.exe
PID 3896 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\boEwQTQ.exe
PID 3896 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\cDFCNNU.exe
PID 3896 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\cDFCNNU.exe
PID 3896 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\gUMbfRP.exe
PID 3896 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\gUMbfRP.exe
PID 3896 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\rcfuRKd.exe
PID 3896 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\rcfuRKd.exe
PID 3896 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\MPQtjOb.exe
PID 3896 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\MPQtjOb.exe
PID 3896 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\yIYzLeg.exe
PID 3896 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\yIYzLeg.exe
PID 3896 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GqqPjPT.exe
PID 3896 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\GqqPjPT.exe
PID 3896 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\AyJjeRX.exe
PID 3896 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\AyJjeRX.exe
PID 3896 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\MZZyVTp.exe
PID 3896 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\MZZyVTp.exe
PID 3896 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\AomQdwp.exe
PID 3896 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\AomQdwp.exe
PID 3896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\gzrHaBi.exe
PID 3896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\gzrHaBi.exe
PID 3896 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\NYIpuqq.exe
PID 3896 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\NYIpuqq.exe
PID 3896 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\NngdcSl.exe
PID 3896 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\NngdcSl.exe
PID 3896 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\iRYqbOM.exe
PID 3896 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\iRYqbOM.exe
PID 3896 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hPSxNwE.exe
PID 3896 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\hPSxNwE.exe
PID 3896 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\pPrxNCK.exe
PID 3896 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe C:\Windows\System\pPrxNCK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0096fae001237daf9b8d26548b1b6fcda5dd60ff3cab5a0198c026141549440f_NeikiAnalytics.exe"

C:\Windows\System\dnRgOxX.exe

C:\Windows\System\dnRgOxX.exe

C:\Windows\System\VHXpjis.exe

C:\Windows\System\VHXpjis.exe

C:\Windows\System\zwXtYZv.exe

C:\Windows\System\zwXtYZv.exe

C:\Windows\System\yoDumBT.exe

C:\Windows\System\yoDumBT.exe

C:\Windows\System\oTtsIQO.exe

C:\Windows\System\oTtsIQO.exe

C:\Windows\System\zqfqopR.exe

C:\Windows\System\zqfqopR.exe

C:\Windows\System\aCJkyTe.exe

C:\Windows\System\aCJkyTe.exe

C:\Windows\System\plGQopA.exe

C:\Windows\System\plGQopA.exe

C:\Windows\System\kjdUkoP.exe

C:\Windows\System\kjdUkoP.exe

C:\Windows\System\OrvXEsq.exe

C:\Windows\System\OrvXEsq.exe

C:\Windows\System\oTHQINT.exe

C:\Windows\System\oTHQINT.exe

C:\Windows\System\HDGEIIw.exe

C:\Windows\System\HDGEIIw.exe

C:\Windows\System\bpsyYju.exe

C:\Windows\System\bpsyYju.exe

C:\Windows\System\awpwsuc.exe

C:\Windows\System\awpwsuc.exe

C:\Windows\System\jFyWyqM.exe

C:\Windows\System\jFyWyqM.exe

C:\Windows\System\GwhMduA.exe

C:\Windows\System\GwhMduA.exe

C:\Windows\System\boEwQTQ.exe

C:\Windows\System\boEwQTQ.exe

C:\Windows\System\cDFCNNU.exe

C:\Windows\System\cDFCNNU.exe

C:\Windows\System\gUMbfRP.exe

C:\Windows\System\gUMbfRP.exe

C:\Windows\System\rcfuRKd.exe

C:\Windows\System\rcfuRKd.exe

C:\Windows\System\MPQtjOb.exe

C:\Windows\System\MPQtjOb.exe

C:\Windows\System\yIYzLeg.exe

C:\Windows\System\yIYzLeg.exe

C:\Windows\System\GqqPjPT.exe

C:\Windows\System\GqqPjPT.exe

C:\Windows\System\AyJjeRX.exe

C:\Windows\System\AyJjeRX.exe

C:\Windows\System\MZZyVTp.exe

C:\Windows\System\MZZyVTp.exe

C:\Windows\System\AomQdwp.exe

C:\Windows\System\AomQdwp.exe

C:\Windows\System\gzrHaBi.exe

C:\Windows\System\gzrHaBi.exe

C:\Windows\System\NYIpuqq.exe

C:\Windows\System\NYIpuqq.exe

C:\Windows\System\NngdcSl.exe

C:\Windows\System\NngdcSl.exe

C:\Windows\System\iRYqbOM.exe

C:\Windows\System\iRYqbOM.exe

C:\Windows\System\hPSxNwE.exe

C:\Windows\System\hPSxNwE.exe

C:\Windows\System\pPrxNCK.exe

C:\Windows\System\pPrxNCK.exe

C:\Windows\System\BMuWZOe.exe

C:\Windows\System\BMuWZOe.exe

C:\Windows\System\RrxUJIy.exe

C:\Windows\System\RrxUJIy.exe

C:\Windows\System\rrpYXBh.exe

C:\Windows\System\rrpYXBh.exe

C:\Windows\System\zDsexiE.exe

C:\Windows\System\zDsexiE.exe

C:\Windows\System\GNNdkFE.exe

C:\Windows\System\GNNdkFE.exe

C:\Windows\System\NpzhTSX.exe

C:\Windows\System\NpzhTSX.exe

C:\Windows\System\atSNloW.exe

C:\Windows\System\atSNloW.exe

C:\Windows\System\qpYUibo.exe

C:\Windows\System\qpYUibo.exe

C:\Windows\System\phSvgfH.exe

C:\Windows\System\phSvgfH.exe

C:\Windows\System\MEtXdAp.exe

C:\Windows\System\MEtXdAp.exe

C:\Windows\System\MvPrbcH.exe

C:\Windows\System\MvPrbcH.exe

C:\Windows\System\sJagLnP.exe

C:\Windows\System\sJagLnP.exe

C:\Windows\System\nfHFjqH.exe

C:\Windows\System\nfHFjqH.exe

C:\Windows\System\KAjsVJc.exe

C:\Windows\System\KAjsVJc.exe

C:\Windows\System\JglCgPz.exe

C:\Windows\System\JglCgPz.exe

C:\Windows\System\lDGmrAL.exe

C:\Windows\System\lDGmrAL.exe

C:\Windows\System\CHseang.exe

C:\Windows\System\CHseang.exe

C:\Windows\System\rhcmWAl.exe

C:\Windows\System\rhcmWAl.exe

C:\Windows\System\ctYIDsd.exe

C:\Windows\System\ctYIDsd.exe

C:\Windows\System\HcAjzXA.exe

C:\Windows\System\HcAjzXA.exe

C:\Windows\System\OLLHofe.exe

C:\Windows\System\OLLHofe.exe

C:\Windows\System\yKHrpGb.exe

C:\Windows\System\yKHrpGb.exe

C:\Windows\System\kcchArD.exe

C:\Windows\System\kcchArD.exe

C:\Windows\System\JgsFwsu.exe

C:\Windows\System\JgsFwsu.exe

C:\Windows\System\osxAgjC.exe

C:\Windows\System\osxAgjC.exe

C:\Windows\System\xqWQKUP.exe

C:\Windows\System\xqWQKUP.exe

C:\Windows\System\ZpFiMdd.exe

C:\Windows\System\ZpFiMdd.exe

C:\Windows\System\BnOYNye.exe

C:\Windows\System\BnOYNye.exe

C:\Windows\System\IcRFTqE.exe

C:\Windows\System\IcRFTqE.exe

C:\Windows\System\rQmnSfT.exe

C:\Windows\System\rQmnSfT.exe

C:\Windows\System\vhLOOvp.exe

C:\Windows\System\vhLOOvp.exe

C:\Windows\System\lrSoMRh.exe

C:\Windows\System\lrSoMRh.exe

C:\Windows\System\gUqeuGs.exe

C:\Windows\System\gUqeuGs.exe

C:\Windows\System\hGpaGhQ.exe

C:\Windows\System\hGpaGhQ.exe

C:\Windows\System\ejCrzNy.exe

C:\Windows\System\ejCrzNy.exe

C:\Windows\System\NascOSv.exe

C:\Windows\System\NascOSv.exe

C:\Windows\System\uEUcngc.exe

C:\Windows\System\uEUcngc.exe

C:\Windows\System\VulGdGz.exe

C:\Windows\System\VulGdGz.exe

C:\Windows\System\oCInDCB.exe

C:\Windows\System\oCInDCB.exe

C:\Windows\System\tgvTGKx.exe

C:\Windows\System\tgvTGKx.exe

C:\Windows\System\ZbWpLwG.exe

C:\Windows\System\ZbWpLwG.exe

C:\Windows\System\GJEIOVj.exe

C:\Windows\System\GJEIOVj.exe

C:\Windows\System\fQFRcnc.exe

C:\Windows\System\fQFRcnc.exe

C:\Windows\System\fVettHk.exe

C:\Windows\System\fVettHk.exe

C:\Windows\System\FQewLga.exe

C:\Windows\System\FQewLga.exe

C:\Windows\System\NzrGryj.exe

C:\Windows\System\NzrGryj.exe

C:\Windows\System\xvzOXLA.exe

C:\Windows\System\xvzOXLA.exe

C:\Windows\System\IAnYVnG.exe

C:\Windows\System\IAnYVnG.exe

C:\Windows\System\OMkkxnk.exe

C:\Windows\System\OMkkxnk.exe

C:\Windows\System\gQfctFo.exe

C:\Windows\System\gQfctFo.exe

C:\Windows\System\STMbdgY.exe

C:\Windows\System\STMbdgY.exe

C:\Windows\System\UZGArzH.exe

C:\Windows\System\UZGArzH.exe

C:\Windows\System\mqllemV.exe

C:\Windows\System\mqllemV.exe

C:\Windows\System\UAyqQde.exe

C:\Windows\System\UAyqQde.exe

C:\Windows\System\VTRmFrn.exe

C:\Windows\System\VTRmFrn.exe

C:\Windows\System\xsRndEs.exe

C:\Windows\System\xsRndEs.exe

C:\Windows\System\DGfSZnF.exe

C:\Windows\System\DGfSZnF.exe

C:\Windows\System\BVAHhEz.exe

C:\Windows\System\BVAHhEz.exe

C:\Windows\System\yZmSbBF.exe

C:\Windows\System\yZmSbBF.exe

C:\Windows\System\BDYhcND.exe

C:\Windows\System\BDYhcND.exe

C:\Windows\System\kdOEDMd.exe

C:\Windows\System\kdOEDMd.exe

C:\Windows\System\exGgUxY.exe

C:\Windows\System\exGgUxY.exe

C:\Windows\System\rRygTUE.exe

C:\Windows\System\rRygTUE.exe

C:\Windows\System\zMgBqff.exe

C:\Windows\System\zMgBqff.exe

C:\Windows\System\GnHfnvs.exe

C:\Windows\System\GnHfnvs.exe

C:\Windows\System\IJQpHPg.exe

C:\Windows\System\IJQpHPg.exe

C:\Windows\System\FxZFSxm.exe

C:\Windows\System\FxZFSxm.exe

C:\Windows\System\TovHXed.exe

C:\Windows\System\TovHXed.exe

C:\Windows\System\lQwPBvj.exe

C:\Windows\System\lQwPBvj.exe

C:\Windows\System\MTFpeza.exe

C:\Windows\System\MTFpeza.exe

C:\Windows\System\HlTGSVd.exe

C:\Windows\System\HlTGSVd.exe

C:\Windows\System\ZkqjQFf.exe

C:\Windows\System\ZkqjQFf.exe

C:\Windows\System\SWBVzEp.exe

C:\Windows\System\SWBVzEp.exe

C:\Windows\System\MgSuhYa.exe

C:\Windows\System\MgSuhYa.exe

C:\Windows\System\BWJWQYs.exe

C:\Windows\System\BWJWQYs.exe

C:\Windows\System\nbQWUkb.exe

C:\Windows\System\nbQWUkb.exe

C:\Windows\System\nSPUKXd.exe

C:\Windows\System\nSPUKXd.exe

C:\Windows\System\EXPzhCr.exe

C:\Windows\System\EXPzhCr.exe

C:\Windows\System\ZcWmMzZ.exe

C:\Windows\System\ZcWmMzZ.exe

C:\Windows\System\oYYMVIs.exe

C:\Windows\System\oYYMVIs.exe

C:\Windows\System\GnFCBOt.exe

C:\Windows\System\GnFCBOt.exe

C:\Windows\System\XCDYdlA.exe

C:\Windows\System\XCDYdlA.exe

C:\Windows\System\VZxQwzF.exe

C:\Windows\System\VZxQwzF.exe

C:\Windows\System\CYQBoLL.exe

C:\Windows\System\CYQBoLL.exe

C:\Windows\System\lQnpJeg.exe

C:\Windows\System\lQnpJeg.exe

C:\Windows\System\pohxJpO.exe

C:\Windows\System\pohxJpO.exe

C:\Windows\System\CGRxWcH.exe

C:\Windows\System\CGRxWcH.exe

C:\Windows\System\ABhNyLR.exe

C:\Windows\System\ABhNyLR.exe

C:\Windows\System\eTJmtoZ.exe

C:\Windows\System\eTJmtoZ.exe

C:\Windows\System\jNfBXyZ.exe

C:\Windows\System\jNfBXyZ.exe

C:\Windows\System\Tjnjbnw.exe

C:\Windows\System\Tjnjbnw.exe

C:\Windows\System\VLYtjHb.exe

C:\Windows\System\VLYtjHb.exe

C:\Windows\System\RVAZSsj.exe

C:\Windows\System\RVAZSsj.exe

C:\Windows\System\ykCmzLn.exe

C:\Windows\System\ykCmzLn.exe

C:\Windows\System\nxUATua.exe

C:\Windows\System\nxUATua.exe

C:\Windows\System\kCbmSle.exe

C:\Windows\System\kCbmSle.exe

C:\Windows\System\ORjyoiT.exe

C:\Windows\System\ORjyoiT.exe

C:\Windows\System\XPmTdes.exe

C:\Windows\System\XPmTdes.exe

C:\Windows\System\vhvsJux.exe

C:\Windows\System\vhvsJux.exe

C:\Windows\System\USHonZC.exe

C:\Windows\System\USHonZC.exe

C:\Windows\System\eApAGNU.exe

C:\Windows\System\eApAGNU.exe

C:\Windows\System\efEZbKs.exe

C:\Windows\System\efEZbKs.exe

C:\Windows\System\BXvJpJT.exe

C:\Windows\System\BXvJpJT.exe

C:\Windows\System\ejaVYNu.exe

C:\Windows\System\ejaVYNu.exe

C:\Windows\System\mREQIjw.exe

C:\Windows\System\mREQIjw.exe

C:\Windows\System\vVfJEUw.exe

C:\Windows\System\vVfJEUw.exe

C:\Windows\System\Fcmeram.exe

C:\Windows\System\Fcmeram.exe

C:\Windows\System\NgybuRT.exe

C:\Windows\System\NgybuRT.exe

C:\Windows\System\xGWvtKD.exe

C:\Windows\System\xGWvtKD.exe

C:\Windows\System\QbhLzEO.exe

C:\Windows\System\QbhLzEO.exe

C:\Windows\System\PuFNqTX.exe

C:\Windows\System\PuFNqTX.exe

C:\Windows\System\dzcBGCT.exe

C:\Windows\System\dzcBGCT.exe

C:\Windows\System\wGhjDtX.exe

C:\Windows\System\wGhjDtX.exe

C:\Windows\System\DogSUjw.exe

C:\Windows\System\DogSUjw.exe

C:\Windows\System\tOnTuBa.exe

C:\Windows\System\tOnTuBa.exe

C:\Windows\System\cjeVrfM.exe

C:\Windows\System\cjeVrfM.exe

C:\Windows\System\pYJxsPf.exe

C:\Windows\System\pYJxsPf.exe

C:\Windows\System\wJYTLIW.exe

C:\Windows\System\wJYTLIW.exe

C:\Windows\System\LtVbohq.exe

C:\Windows\System\LtVbohq.exe

C:\Windows\System\HhIOYTS.exe

C:\Windows\System\HhIOYTS.exe

C:\Windows\System\IhUFnOr.exe

C:\Windows\System\IhUFnOr.exe

C:\Windows\System\nVobpdR.exe

C:\Windows\System\nVobpdR.exe

C:\Windows\System\kdYOsDY.exe

C:\Windows\System\kdYOsDY.exe

C:\Windows\System\RDUHTbG.exe

C:\Windows\System\RDUHTbG.exe

C:\Windows\System\oOCsinB.exe

C:\Windows\System\oOCsinB.exe

C:\Windows\System\VqYwpTL.exe

C:\Windows\System\VqYwpTL.exe

C:\Windows\System\FYjtaqK.exe

C:\Windows\System\FYjtaqK.exe

C:\Windows\System\ntHaWCc.exe

C:\Windows\System\ntHaWCc.exe

C:\Windows\System\yjpqEWA.exe

C:\Windows\System\yjpqEWA.exe

C:\Windows\System\JraOGQT.exe

C:\Windows\System\JraOGQT.exe

C:\Windows\System\RObbAPY.exe

C:\Windows\System\RObbAPY.exe

C:\Windows\System\AfpLvOG.exe

C:\Windows\System\AfpLvOG.exe

C:\Windows\System\GqshdHr.exe

C:\Windows\System\GqshdHr.exe

C:\Windows\System\KaZCMnV.exe

C:\Windows\System\KaZCMnV.exe

C:\Windows\System\MPlshqn.exe

C:\Windows\System\MPlshqn.exe

C:\Windows\System\VJmGpsP.exe

C:\Windows\System\VJmGpsP.exe

C:\Windows\System\HcVihQm.exe

C:\Windows\System\HcVihQm.exe

C:\Windows\System\ySkNIhD.exe

C:\Windows\System\ySkNIhD.exe

C:\Windows\System\zMZZFiO.exe

C:\Windows\System\zMZZFiO.exe

C:\Windows\System\iLmFrrB.exe

C:\Windows\System\iLmFrrB.exe

C:\Windows\System\KjArMWU.exe

C:\Windows\System\KjArMWU.exe

C:\Windows\System\rTXxmaQ.exe

C:\Windows\System\rTXxmaQ.exe

C:\Windows\System\tZFvmmB.exe

C:\Windows\System\tZFvmmB.exe

C:\Windows\System\hgoTzdK.exe

C:\Windows\System\hgoTzdK.exe

C:\Windows\System\KnxMuEN.exe

C:\Windows\System\KnxMuEN.exe

C:\Windows\System\cGxuwzW.exe

C:\Windows\System\cGxuwzW.exe

C:\Windows\System\zjxVRIB.exe

C:\Windows\System\zjxVRIB.exe

C:\Windows\System\kUYBTHx.exe

C:\Windows\System\kUYBTHx.exe

C:\Windows\System\xTDjVGz.exe

C:\Windows\System\xTDjVGz.exe

C:\Windows\System\kUjNuMz.exe

C:\Windows\System\kUjNuMz.exe

C:\Windows\System\MVTfDth.exe

C:\Windows\System\MVTfDth.exe

C:\Windows\System\dSBQJAl.exe

C:\Windows\System\dSBQJAl.exe

C:\Windows\System\oGBqQMb.exe

C:\Windows\System\oGBqQMb.exe

C:\Windows\System\uHWfpKA.exe

C:\Windows\System\uHWfpKA.exe

C:\Windows\System\SZYJqrX.exe

C:\Windows\System\SZYJqrX.exe

C:\Windows\System\lcPwzeS.exe

C:\Windows\System\lcPwzeS.exe

C:\Windows\System\ImxVFEC.exe

C:\Windows\System\ImxVFEC.exe

C:\Windows\System\mhbnqjt.exe

C:\Windows\System\mhbnqjt.exe

C:\Windows\System\CrJMNwC.exe

C:\Windows\System\CrJMNwC.exe

C:\Windows\System\cEuxcLP.exe

C:\Windows\System\cEuxcLP.exe

C:\Windows\System\EYFsrlw.exe

C:\Windows\System\EYFsrlw.exe

C:\Windows\System\LwOxLnV.exe

C:\Windows\System\LwOxLnV.exe

C:\Windows\System\queBXwR.exe

C:\Windows\System\queBXwR.exe

C:\Windows\System\qPqOGcE.exe

C:\Windows\System\qPqOGcE.exe

C:\Windows\System\cMtlwUA.exe

C:\Windows\System\cMtlwUA.exe

C:\Windows\System\OFcNjRM.exe

C:\Windows\System\OFcNjRM.exe

C:\Windows\System\GVEgUnU.exe

C:\Windows\System\GVEgUnU.exe

C:\Windows\System\KQnIVxd.exe

C:\Windows\System\KQnIVxd.exe

C:\Windows\System\nUCGKdM.exe

C:\Windows\System\nUCGKdM.exe

C:\Windows\System\RlNnlAC.exe

C:\Windows\System\RlNnlAC.exe

C:\Windows\System\ccanyKo.exe

C:\Windows\System\ccanyKo.exe

C:\Windows\System\cEzMaWt.exe

C:\Windows\System\cEzMaWt.exe

C:\Windows\System\qrVKrJU.exe

C:\Windows\System\qrVKrJU.exe

C:\Windows\System\KQoNlSj.exe

C:\Windows\System\KQoNlSj.exe

C:\Windows\System\QawNrqY.exe

C:\Windows\System\QawNrqY.exe

C:\Windows\System\SFUBypu.exe

C:\Windows\System\SFUBypu.exe

C:\Windows\System\iaeAKHc.exe

C:\Windows\System\iaeAKHc.exe

C:\Windows\System\nUPJvma.exe

C:\Windows\System\nUPJvma.exe

C:\Windows\System\yXMkDuI.exe

C:\Windows\System\yXMkDuI.exe

C:\Windows\System\gWCogzH.exe

C:\Windows\System\gWCogzH.exe

C:\Windows\System\upAZyGW.exe

C:\Windows\System\upAZyGW.exe

C:\Windows\System\lIjOnzR.exe

C:\Windows\System\lIjOnzR.exe

C:\Windows\System\ZJdulTY.exe

C:\Windows\System\ZJdulTY.exe

C:\Windows\System\rZdauZE.exe

C:\Windows\System\rZdauZE.exe

C:\Windows\System\mNTieLY.exe

C:\Windows\System\mNTieLY.exe

C:\Windows\System\rxPywro.exe

C:\Windows\System\rxPywro.exe

C:\Windows\System\xMoBVdX.exe

C:\Windows\System\xMoBVdX.exe

C:\Windows\System\AhRMogd.exe

C:\Windows\System\AhRMogd.exe

C:\Windows\System\BJtsxoX.exe

C:\Windows\System\BJtsxoX.exe

C:\Windows\System\MobqhEl.exe

C:\Windows\System\MobqhEl.exe

C:\Windows\System\bhFRnwE.exe

C:\Windows\System\bhFRnwE.exe

C:\Windows\System\EEKSmOl.exe

C:\Windows\System\EEKSmOl.exe

C:\Windows\System\ekPcqFD.exe

C:\Windows\System\ekPcqFD.exe

C:\Windows\System\HzffnWW.exe

C:\Windows\System\HzffnWW.exe

C:\Windows\System\WfMYOiW.exe

C:\Windows\System\WfMYOiW.exe

C:\Windows\System\UShspAE.exe

C:\Windows\System\UShspAE.exe

C:\Windows\System\QvAfVMT.exe

C:\Windows\System\QvAfVMT.exe

C:\Windows\System\FjJqDSt.exe

C:\Windows\System\FjJqDSt.exe

C:\Windows\System\NFwpFFr.exe

C:\Windows\System\NFwpFFr.exe

C:\Windows\System\MaBsmQT.exe

C:\Windows\System\MaBsmQT.exe

C:\Windows\System\rTGMksq.exe

C:\Windows\System\rTGMksq.exe

C:\Windows\System\dbuhfAR.exe

C:\Windows\System\dbuhfAR.exe

C:\Windows\System\DdMASIJ.exe

C:\Windows\System\DdMASIJ.exe

C:\Windows\System\wcuPjWK.exe

C:\Windows\System\wcuPjWK.exe

C:\Windows\System\SchuJlH.exe

C:\Windows\System\SchuJlH.exe

C:\Windows\System\BwtkVZp.exe

C:\Windows\System\BwtkVZp.exe

C:\Windows\System\YwUbFhk.exe

C:\Windows\System\YwUbFhk.exe

C:\Windows\System\ckztNvp.exe

C:\Windows\System\ckztNvp.exe

C:\Windows\System\mdXAQSA.exe

C:\Windows\System\mdXAQSA.exe

C:\Windows\System\fRNNLSi.exe

C:\Windows\System\fRNNLSi.exe

C:\Windows\System\vkkxeqx.exe

C:\Windows\System\vkkxeqx.exe

C:\Windows\System\CSISXKe.exe

C:\Windows\System\CSISXKe.exe

C:\Windows\System\PKFJVbO.exe

C:\Windows\System\PKFJVbO.exe

C:\Windows\System\mxaDupQ.exe

C:\Windows\System\mxaDupQ.exe

C:\Windows\System\FtafsMm.exe

C:\Windows\System\FtafsMm.exe

C:\Windows\System\ASUkHye.exe

C:\Windows\System\ASUkHye.exe

C:\Windows\System\RPCoEgf.exe

C:\Windows\System\RPCoEgf.exe

C:\Windows\System\jwYkGDj.exe

C:\Windows\System\jwYkGDj.exe

C:\Windows\System\bWACVMf.exe

C:\Windows\System\bWACVMf.exe

C:\Windows\System\oyultZD.exe

C:\Windows\System\oyultZD.exe

C:\Windows\System\oVttTtt.exe

C:\Windows\System\oVttTtt.exe

C:\Windows\System\pExiaia.exe

C:\Windows\System\pExiaia.exe

C:\Windows\System\uiXGhGQ.exe

C:\Windows\System\uiXGhGQ.exe

C:\Windows\System\WNvHSJF.exe

C:\Windows\System\WNvHSJF.exe

C:\Windows\System\agspsvp.exe

C:\Windows\System\agspsvp.exe

C:\Windows\System\QoUKMCL.exe

C:\Windows\System\QoUKMCL.exe

C:\Windows\System\uOJjNne.exe

C:\Windows\System\uOJjNne.exe

C:\Windows\System\ktqbbCo.exe

C:\Windows\System\ktqbbCo.exe

C:\Windows\System\nWMViLk.exe

C:\Windows\System\nWMViLk.exe

C:\Windows\System\ysMUtgi.exe

C:\Windows\System\ysMUtgi.exe

C:\Windows\System\CsZuxgg.exe

C:\Windows\System\CsZuxgg.exe

C:\Windows\System\LEMPCCH.exe

C:\Windows\System\LEMPCCH.exe

C:\Windows\System\XztVOyL.exe

C:\Windows\System\XztVOyL.exe

C:\Windows\System\REOMudF.exe

C:\Windows\System\REOMudF.exe

C:\Windows\System\QPEBgXM.exe

C:\Windows\System\QPEBgXM.exe

C:\Windows\System\iCNvfrl.exe

C:\Windows\System\iCNvfrl.exe

C:\Windows\System\dPfFYWO.exe

C:\Windows\System\dPfFYWO.exe

C:\Windows\System\geUSByu.exe

C:\Windows\System\geUSByu.exe

C:\Windows\System\SrToFko.exe

C:\Windows\System\SrToFko.exe

C:\Windows\System\GmuKVCx.exe

C:\Windows\System\GmuKVCx.exe

C:\Windows\System\HeAfHgg.exe

C:\Windows\System\HeAfHgg.exe

C:\Windows\System\tqozFBL.exe

C:\Windows\System\tqozFBL.exe

C:\Windows\System\hUsVkZT.exe

C:\Windows\System\hUsVkZT.exe

C:\Windows\System\omjAnhh.exe

C:\Windows\System\omjAnhh.exe

C:\Windows\System\hiCioqG.exe

C:\Windows\System\hiCioqG.exe

C:\Windows\System\hXKjhoj.exe

C:\Windows\System\hXKjhoj.exe

C:\Windows\System\qxOfgYU.exe

C:\Windows\System\qxOfgYU.exe

C:\Windows\System\coBaIrn.exe

C:\Windows\System\coBaIrn.exe

C:\Windows\System\PKOJoAY.exe

C:\Windows\System\PKOJoAY.exe

C:\Windows\System\xcMabew.exe

C:\Windows\System\xcMabew.exe

C:\Windows\System\jjrUSIf.exe

C:\Windows\System\jjrUSIf.exe

C:\Windows\System\PTTeKUZ.exe

C:\Windows\System\PTTeKUZ.exe

C:\Windows\System\ccvYsRt.exe

C:\Windows\System\ccvYsRt.exe

C:\Windows\System\LPrKCoN.exe

C:\Windows\System\LPrKCoN.exe

C:\Windows\System\kifqVJD.exe

C:\Windows\System\kifqVJD.exe

C:\Windows\System\jnvPJjT.exe

C:\Windows\System\jnvPJjT.exe

C:\Windows\System\Rjmspyh.exe

C:\Windows\System\Rjmspyh.exe

C:\Windows\System\sqjBdim.exe

C:\Windows\System\sqjBdim.exe

C:\Windows\System\VXwCEtZ.exe

C:\Windows\System\VXwCEtZ.exe

C:\Windows\System\fPhLUhK.exe

C:\Windows\System\fPhLUhK.exe

C:\Windows\System\YHSVNBD.exe

C:\Windows\System\YHSVNBD.exe

C:\Windows\System\DYBTzwF.exe

C:\Windows\System\DYBTzwF.exe

C:\Windows\System\FRzojYm.exe

C:\Windows\System\FRzojYm.exe

C:\Windows\System\bajHjqE.exe

C:\Windows\System\bajHjqE.exe

C:\Windows\System\LsnVcDA.exe

C:\Windows\System\LsnVcDA.exe

C:\Windows\System\Wgaluzs.exe

C:\Windows\System\Wgaluzs.exe

C:\Windows\System\wRWQyYs.exe

C:\Windows\System\wRWQyYs.exe

C:\Windows\System\CiFTZIe.exe

C:\Windows\System\CiFTZIe.exe

C:\Windows\System\jMQVfWH.exe

C:\Windows\System\jMQVfWH.exe

C:\Windows\System\PXXqJro.exe

C:\Windows\System\PXXqJro.exe

C:\Windows\System\nMLtevx.exe

C:\Windows\System\nMLtevx.exe

C:\Windows\System\QDdkCaV.exe

C:\Windows\System\QDdkCaV.exe

C:\Windows\System\ZEJioCh.exe

C:\Windows\System\ZEJioCh.exe

C:\Windows\System\PLwXVLO.exe

C:\Windows\System\PLwXVLO.exe

C:\Windows\System\EUVOThq.exe

C:\Windows\System\EUVOThq.exe

C:\Windows\System\HQOudkp.exe

C:\Windows\System\HQOudkp.exe

C:\Windows\System\rIerAJa.exe

C:\Windows\System\rIerAJa.exe

C:\Windows\System\AzyTnyn.exe

C:\Windows\System\AzyTnyn.exe

C:\Windows\System\DmqacmZ.exe

C:\Windows\System\DmqacmZ.exe

C:\Windows\System\MkxQQgX.exe

C:\Windows\System\MkxQQgX.exe

C:\Windows\System\asLoWCa.exe

C:\Windows\System\asLoWCa.exe

C:\Windows\System\BMpiqNL.exe

C:\Windows\System\BMpiqNL.exe

C:\Windows\System\qyivzqA.exe

C:\Windows\System\qyivzqA.exe

C:\Windows\System\Tlelkiz.exe

C:\Windows\System\Tlelkiz.exe

C:\Windows\System\GAUVWrN.exe

C:\Windows\System\GAUVWrN.exe

C:\Windows\System\jkjjUYa.exe

C:\Windows\System\jkjjUYa.exe

C:\Windows\System\sGyDCiZ.exe

C:\Windows\System\sGyDCiZ.exe

C:\Windows\System\SGQGfZs.exe

C:\Windows\System\SGQGfZs.exe

C:\Windows\System\rRzkiww.exe

C:\Windows\System\rRzkiww.exe

C:\Windows\System\bqEPdCZ.exe

C:\Windows\System\bqEPdCZ.exe

C:\Windows\System\TpJxaAc.exe

C:\Windows\System\TpJxaAc.exe

C:\Windows\System\mYqthef.exe

C:\Windows\System\mYqthef.exe

C:\Windows\System\cUlVnnZ.exe

C:\Windows\System\cUlVnnZ.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 3.17.178.52.in-addr.arpa udp

Files

memory/3896-0-0x0000000000440000-0x0000000000450000-memory.dmp

C:\Windows\System\dnRgOxX.exe

MD5 be13cbbf90cb2c78e8bdb717e00e0b90
SHA1 7a0bd80425f8a5a8d9bd485c4a5d468268fbc26d
SHA256 9f3233d0d15152aada3f90c9ccf9623540ab1eb9e3e2d41d94ee66ba82b5e6e9
SHA512 3b789af31068dce96756a6ea447f2859c2f69c129c7afdd4a7369836a541420781c1828499e7978c174ef3ca571b4c3a0a86d478f0944a3473be88cc3b0db4fc

C:\Windows\System\VHXpjis.exe

MD5 6b3f4883c01002d4b72f5ffa9b8b732d
SHA1 e3589941d058e23198cf48e97b8b8df46a02bcf5
SHA256 e853a64e9412401d793542ffa08bf08c4a18afb3d0108a804ec611f7ffd9f3b1
SHA512 bd083a1f87af58f9b9617dd0bbb423a3d1593968009a7b678327aeda2797c9296f8ee24945aa0ca6ea2d1320b51d91b013abe765ab246fca68094d6eb9d097fc

C:\Windows\System\zwXtYZv.exe

MD5 035f3d8ecbfe1a3c5a303a49c3ae512f
SHA1 7d52a475751d0dcb88da396f044dccc1bbdca2b1
SHA256 15953a5ba17bc755f87eeab17bb1c0f19f0a0daef5657510947f8b5935db86c1
SHA512 b4e8365a48389fd5c247f8c548c79ad32d02f39f6d2fd2bdeea6b2ef901ef042f519644c57768a3e16477200e3759f4432179a5fdd8b4665bd8a51ecf3ad90a4

C:\Windows\System\yoDumBT.exe

MD5 ec1a343da487f28fefd7a5028834aebd
SHA1 83286c324c121b8e57b728a2b98e1ee08a79c7d0
SHA256 a7c38a3429bc62f7f11af30a6f420a07ac4f707ff153949ea632de4b57f735b5
SHA512 80f58fda0da090871c8a75a33c7f0e4013bf200ae1a817ba2befec2283fb993dad54f0f8f680bdcc829ad030ec36b58b09c38151e5ae0990a9ead4865be22553

C:\Windows\System\oTtsIQO.exe

MD5 aed82a6d8f22d8edd4aeabdf838bd04d
SHA1 c69416bbf68933040fccea2b825733cb3183a8ac
SHA256 d15fd7eda15d9f541c924988dc7125cc96b740cea48bc27004eddb59e5538ad5
SHA512 ad04edcc09c6affcc5508f72edc7cbc3c35f4b8d6a364cbeadcfce8a3cc8b5fa0afe0503b8853412405a24784c1dfc10edebb8ae0ae676aabba5d7dcce54c9a2

C:\Windows\System\zqfqopR.exe

MD5 44b3fdbc85044521ed78f456364580ac
SHA1 d4b671153f735247de5f95223f2f01ecebbf64b3
SHA256 83855be26d47458a6abdd8fd7ea78c070ee5f830aac0fc2fb6b67382da1071fd
SHA512 5a662eeb95d09ffd0678c062f5070b13250f05fa3f7ce23c74fda945f351a7bc57e5b0b78ac1be88e57ef63b1ea54d0c82458877eb2e813fdeec672596a20c05

C:\Windows\System\aCJkyTe.exe

MD5 6f702d3c3627821bc043a71123f6345b
SHA1 342323635f045e281c83f77c43868266ea4b8d0f
SHA256 e8d73531fead7976780232fb98928188704b779a359383a7015e6bcc87c28c02
SHA512 841f50b2b5299eb812259cc66cec114b2bf6cf382dc04e033e7e60767fa19c0d8e4fbac0a360491a5d23f6bf78d2485279fa7b790902b8c00f75a85111b4d817

C:\Windows\System\kjdUkoP.exe

MD5 b5092c47e712165088e417cd4fd009ee
SHA1 69908930d071e8c6a320c586479581a722850745
SHA256 13d2727bb57db07ba077b82bc4fbd9fe1ed360734884d881fe2b14ec16505529
SHA512 ea0dbbb4066493cb49924db1789de930ff709d637d94e229286bc5472fb23812712beab781c55dc0d1a0821dc533a5649342e79dd97e9ac97a157b9f47432906

C:\Windows\System\HDGEIIw.exe

MD5 4f058c687af7cff9fd1dd51446469751
SHA1 0d175001180b8cc7a38a5af83c3a3fb3484783bc
SHA256 92af9075d63c00d32ff2ab87509dd33328e0d262d53db8da23daa354f5ba9dcb
SHA512 a47ad464f93e6c138d6c8025d5765cbc7da979507f6f438ca02b04965cb4ece06ad519326b3136f25e9db6b1ba25fab653d16bf29080989437c975ba7d039b76

C:\Windows\System\oTHQINT.exe

MD5 e66575cf63e0c637d9ed95a4701a472c
SHA1 139f01f5d10d45afddd6fc939100b5a1feb56a28
SHA256 846dfb9f0cf6e8b39312627dbe6b6d64f36f4cfb71a3e3721336c25f756ad3ab
SHA512 8a50c3068fb85c6c2b38dc800a3b5a7a8a3cd02e261fa7b54e00ff995c11876283b8050cb4b6609a3e539fd6782af284be1426d09001031a212ba98d55935747

C:\Windows\System\boEwQTQ.exe

MD5 9e157de302f935f2b36fd6ff90025f52
SHA1 e5fe7d4fce937e358cfb058fce93cb6c59e2fd11
SHA256 8e55b373834752886a5db06124d01cbff2aca661bac4480b3f69bec5cf81cd95
SHA512 a1795c39c9ddd9228f0c1c0ae1700ddf07307d691bc91f02e0ae83b1d0ad646e74cd72da2554d9cd3d5ef8e9806e201589321cb7a2d48b67863ef2e197d6111d

C:\Windows\System\cDFCNNU.exe

MD5 5e8264bfbf1e075c2125cf332e3abd50
SHA1 dac5b9d81d9cb8dc26397051224f8ea077faa8a3
SHA256 d8a13ae4d8ed60fca206db3a29796ddb824e1bcc58d05051b438af99f2aa9fb4
SHA512 3f999221dda28dd80760bfe6e92340ab64d77f7f0bffb57a6b0bf6eff6e04b39463a75d82587b7e04e76555ec6a6d2b49140d318801ad2a73ecf8e789f1dc330

C:\Windows\System\rcfuRKd.exe

MD5 7f0e04514832258b826d407217a29284
SHA1 91a74fc6c62c109485ad5b59f444f392c225d826
SHA256 d52d9f5c3666969b0c7de29fb9ef75d2d950eb7652afee098664bb6bd0b7d463
SHA512 20c979dbf5fecd1a712d4e22837a8257046a34b98e7b133b70d32864ffd69fd06a4111188f1eb913f10865fb988b34fded0f469882ae0a174c86fc4c73d86451

C:\Windows\System\gUMbfRP.exe

MD5 95e274cbb7416794640e1f8831b4516c
SHA1 c64aea9d7212dbf9d36ce1ed9c3c0441871513fc
SHA256 02076d6b7bb6277852443ef016eef4137f066dcd8f268b0ab7cdfc46cadaed2b
SHA512 1a71bffb49190aa358c1e327b8737f89acafa69743760797e2e293dbe14a0a2b9a37f15142d0d8176c4c8779afbccf5d46d90f8752613d0c100a292513bd7d46

C:\Windows\System\GwhMduA.exe

MD5 14d8ad8cf44ac12b1bcd4754a30d1ad5
SHA1 b715ae8b91a24c2c0d1845d400db6dc15667df9a
SHA256 826a7eaf6bf9a662f12e9a54427cf6a641ef77524697b20afd058dcb0b67b0b7
SHA512 e7b082e1f52769860a92aa88e10aace99b469ae657f77711755ee0941d064767d944e91e1dfe40b8eb74a6cdcd13e51b28b42c03fbbf50d588123d73cccf8327

C:\Windows\System\jFyWyqM.exe

MD5 cb1f3c8699a68353a1a60260eeec6f3a
SHA1 1997fa8db3afa515f456ae3b4e64a613cbadd997
SHA256 9591a5d42bc028d5cb6befa37e0bdd8705f847d9601bba1915af16c4b2b58814
SHA512 63f795e4440427e2ec27f2f4e6bdd6b1969b07c307765388a6703a364afe0d2ba7d8185d9a27d9b3a776d1ae59a0e94731788ae357eed01b0c87c947706379ea

C:\Windows\System\awpwsuc.exe

MD5 eb5affdd74bac47a9f6135955b7a7172
SHA1 b053d1a3fffcf2c6d1e93fd5f5723059d3f9c696
SHA256 84b34c416a5b07dc391f03e26db3f8a21e32b340dd8b275ed6034b80c205a1bd
SHA512 576cf6d364c7a13541a9c94c6b9237b34ccd0a71906c856d4932d0c31a3057567612bcd9dc3726e094ce5887ae6e9780094699cd7fd2044df67498f56579a6ee

C:\Windows\System\bpsyYju.exe

MD5 3904694127d9605e25488094dcd7b2aa
SHA1 04d54228a07f632110da3f3cc4f3a89836135607
SHA256 de58afc73b970e7009f902ba862e2de30e1a280eceac9d22eb408a0f12fcf4cf
SHA512 f9cad6578a6c4872f18bff4ed6d88edf8a5fa4e3b916b9bd9d2a1775cc20988f55857cb2f2294cb3d39948b1e0347a76fed5549c5dae73aa9233c60482662432

C:\Windows\System\OrvXEsq.exe

MD5 b1f64475a6dba9454d81f11f99b1d3f7
SHA1 e8a01ea06d6f98c8059253e285961db939be810a
SHA256 b425d2ddec753635a097f326cc353e0fd5809f48e1753fe5f427c9781b7e22a4
SHA512 bc08f569532b406882fae29b48735e285c187e03f7710fd57559875a501425e1582673624c715b3fcee3ff27e3f49da58fc92bb820fd0c0f9d71da95e7fec35c

C:\Windows\System\plGQopA.exe

MD5 84968f255a38f38846d8e98d9ddb291f
SHA1 34844f21f9443de808267f53e07227f6b91b0ed4
SHA256 7ef7643551c5bb08c091505d1698566ecafbe3e2fa42743600c8ac5ec8d9f368
SHA512 39842d050bb0027bcc27c586c8d94320d6dd84d6e2d20d1c078db92cba9d9280dce74a0af8111574695aa500a077bf1aad3cf3e0542467118912fb3ae4f6d76c

C:\Windows\System\MPQtjOb.exe

MD5 e7e80b55d705839c868af064f32adcca
SHA1 22fe627e027dd90b8bc7e453dcbcbf55b49b8b4f
SHA256 5e770b4adfa9c8863985c0c4c632d9a333d37eb4e8c99d5cda43aae9b512a17e
SHA512 4be575e0b5934b6989913f68937fbeac4fad406cf51692bbce71cf152c13ca498ee6415d17e3e3e552cc111e27483eabf11799961b7c5b56bbaae2a692a09b59

C:\Windows\System\yIYzLeg.exe

MD5 16aec72e207e77ccacd23f01c0a783c7
SHA1 15678f3f4a9b62d6eaa09a28681aab70d1662f0a
SHA256 0bba996de0248cf7517469847722c468d3d1a2af46795082bc2db20297062d81
SHA512 a3bb65e78b233f1bbf356669be49ab9d78e570f3b575bc9f915a38d55ada1b51ef7c4172006800a80331a4c4fd36cd5997423c7d3f875199f0ef3f8828778b47

C:\Windows\System\AomQdwp.exe

MD5 e6379a8e3aa079de59d6caf6d618b677
SHA1 2a537c94d9fdb1580442e66c0a89a8271a76fcf0
SHA256 96f01e4de43c080865ec270407198414cf829215d81c115d88784a0065851f16
SHA512 639ff09952efd0f328b346b9eba0adc4468f5547b8c30431a57edb1ec2f38b9fb5320582ce48852c603a09df5c7daf62d5bc7a53e7e56c46f60ddba8a32bea2c

C:\Windows\System\MZZyVTp.exe

MD5 59a1a20b14cef22f9152c6c34edac61f
SHA1 e89aefe91bb2845453c8347d5f957db446f9cd25
SHA256 3e769fdbc73516a2a433040360439bd15e74061de1cd24fb8726e3e78a539a9d
SHA512 7990da629d76901d08b6093ee3df35b319ca95082dbe2d62cf62b4eeed060014948026705efe2e2f99d84ce3fb7b65ec42ab35addef9440b7b4ce051f993d19a

C:\Windows\System\gzrHaBi.exe

MD5 f2d2eec129ead6b142c87dec7c04a729
SHA1 041e84cd07f3761f7b008e08fa529ab454ee1bd1
SHA256 a7a3614cbbf319cb42b977e02a68ca89b3292feb34c6c686e0cb20b0da697cb9
SHA512 9faf3b97d4277437cabec75fe9be5869396f9b525b8684d86602a18559d825bc3254747702132df9b48aaedbe489435f06e0eda41a31fc012271b1ab064a50af

C:\Windows\System\AyJjeRX.exe

MD5 c59b8962e067d68e0b676979ff4358ca
SHA1 58744bc21de69b6a25ec57bb787af5821468e00a
SHA256 770942633889c7df0d37121aedae1322fa1227c5e2bd04cafab42c9df397aaa3
SHA512 a5cd00047e72927ce60334273860a975b3cf982d165dd05214dffb293a5dee8105476adf983423f73e788dc12a8f414c7bb24512d773d8d589fd58e3df13fe14

C:\Windows\System\GqqPjPT.exe

MD5 b9e4b6274eddf027383f2ef80fc6b099
SHA1 1575ed3c37a71a5e40bb79c7ce2760210d7c9196
SHA256 ce5e822eedd90989836af6c5fd533a4502f17a066cda4f400e5888c99b809680
SHA512 d6d056354dc8b21af5214941a8b1ab153e80f36c7e8641fd4444013e7e1aba69344ee01643a3babd226aff6d58afe3cd6f325698528f5188e38494deb8782e7d

C:\Windows\System\NngdcSl.exe

MD5 60fb73bcc54a7d09f87591b1de4f7e13
SHA1 64c7df30a1c095a7966fdfd434990f47d3cb5411
SHA256 6b3c831ede17d8d8c19adebe9bcfee338b72495a52ac384c9ac2fb4d2a5de52f
SHA512 5306cd64383faf5dba117e68ae05c186b919d1ce6e1e1785e4cdbe91f40ae4fbeb0cf435ef40f585014635718969baac8a8d80b0035f069001b3fa8ece6ee9f6

C:\Windows\System\hPSxNwE.exe

MD5 20cf0b3e4f9f1c0876eeab91fa85cb1b
SHA1 9be1751dde2462b606f37f2b69d20b0c4a1f8661
SHA256 093e87ae66c7693061704f25010ad2e32130b8500bc95d5f1627123fa77aa7f7
SHA512 7f431714704d677c67fd7b4f87403528f53a547c941279dbee4651f353d740d63889975dd9880a1081c16bf332ef0e31c9d6d37d8dfb33f130bea85f98f431a2

C:\Windows\System\BMuWZOe.exe

MD5 67a64b58d5d331a4a09e1cb887427586
SHA1 400ce94eb4f9f3a5fdcb44b722d0dfd1ae592749
SHA256 89f1d95e248a727dd40f1624ad04b357b5ef9f21996af28cd266b3d81c1e60e5
SHA512 8a18659d573f4e823b8bb975a1ed227bc6aaf56e23317eb465ab775e7506ea4aec106dabd83f86ca2e0f5e7267f73793505f9d8554ba2556c942f8546de7eb7e

C:\Windows\System\pPrxNCK.exe

MD5 e364423243f6eb25f981f1c841bd5185
SHA1 e3f11162634833a727ff7f71d827275302784dd4
SHA256 0d07bad60547ab0ea16f7db2a5c6168c7bd9a2c7c06db5b203fb2385a9d5342c
SHA512 e0c44efc84fcd3b78a9ee6096e6691158b518b01d54c684a5a1365a6d9824bc491475e59b0752175b860a27c64cb0fe9ddf153c917dba9ac3203d4ceb2143a33

C:\Windows\System\iRYqbOM.exe

MD5 bd567f57262936e8d7f3f0817be09903
SHA1 037e6cdc2531e98b65d0cbd86626c652004ff44d
SHA256 674f0c235c96bcc9269527b36df5cd124d23167ecab694c3989d7a478624538f
SHA512 5090176a1071ea7fcb52556d4a14bd0a69135955c5dc30ab33848704e5fb97d7a59b00d8ba607648b0a465c315bbf74883299e9c9308c38f49098f6c4d1ce5d6

C:\Windows\System\NYIpuqq.exe

MD5 62b8933dcabc3e0545f0b65709f413f8
SHA1 835e1d3ecd8e1264c25f9e556beab315a4734fc0
SHA256 291f48a40b3550d6b606025dfff305e49ad19068187a0b4c48f2c4a837c5ca78
SHA512 2ec49e4d50e22ed093b0cce635c9ebe66ea202d33736919cc8b58b2e042ed8a899db5194615d7ea8552d9fcff4bf402f197e82954fb178634333325ee847d1c7