Malware Analysis Report

2024-10-10 09:20

Sample ID 240622-zx4j3sydjq
Target 0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
SHA256 0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16
Tags
miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16

Threat Level: Known bad

The file 0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner kpot xmrig stealer trojan

KPOT

Kpot family

XMRig Miner payload

KPOT Core Executable

Xmrig family

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-22 21:06

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 21:06

Reported

2024-06-22 21:09

Platform

win7-20240611-en

Max time kernel

137s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\BoIWSPW.exe N/A
N/A N/A C:\Windows\System\wHkgjkX.exe N/A
N/A N/A C:\Windows\System\tddSnFs.exe N/A
N/A N/A C:\Windows\System\OckotGe.exe N/A
N/A N/A C:\Windows\System\lPZuEWO.exe N/A
N/A N/A C:\Windows\System\UaTStGM.exe N/A
N/A N/A C:\Windows\System\mSRJLra.exe N/A
N/A N/A C:\Windows\System\JTeFDXQ.exe N/A
N/A N/A C:\Windows\System\NrJcYpp.exe N/A
N/A N/A C:\Windows\System\BKWJhVL.exe N/A
N/A N/A C:\Windows\System\gBlLaXz.exe N/A
N/A N/A C:\Windows\System\cxeGjAr.exe N/A
N/A N/A C:\Windows\System\sCpJJiN.exe N/A
N/A N/A C:\Windows\System\tdadluP.exe N/A
N/A N/A C:\Windows\System\KWzhoxa.exe N/A
N/A N/A C:\Windows\System\eNcHrIH.exe N/A
N/A N/A C:\Windows\System\DYzdMAg.exe N/A
N/A N/A C:\Windows\System\wbmhlWg.exe N/A
N/A N/A C:\Windows\System\NpPaWAn.exe N/A
N/A N/A C:\Windows\System\AfNmKGl.exe N/A
N/A N/A C:\Windows\System\NmFUExk.exe N/A
N/A N/A C:\Windows\System\gzALIEV.exe N/A
N/A N/A C:\Windows\System\qLmlNWW.exe N/A
N/A N/A C:\Windows\System\yFRIwKl.exe N/A
N/A N/A C:\Windows\System\JsplhJp.exe N/A
N/A N/A C:\Windows\System\iSGkKKP.exe N/A
N/A N/A C:\Windows\System\PzwdIFr.exe N/A
N/A N/A C:\Windows\System\jAJvDZu.exe N/A
N/A N/A C:\Windows\System\TOEZyQe.exe N/A
N/A N/A C:\Windows\System\qbvpiLE.exe N/A
N/A N/A C:\Windows\System\gOwwpGM.exe N/A
N/A N/A C:\Windows\System\osZwjNZ.exe N/A
N/A N/A C:\Windows\System\IkFXdAF.exe N/A
N/A N/A C:\Windows\System\FvPplPd.exe N/A
N/A N/A C:\Windows\System\RoQBErC.exe N/A
N/A N/A C:\Windows\System\ERBDPMi.exe N/A
N/A N/A C:\Windows\System\iLYONGj.exe N/A
N/A N/A C:\Windows\System\hZnaIVl.exe N/A
N/A N/A C:\Windows\System\ABgFmpk.exe N/A
N/A N/A C:\Windows\System\lYjEfdn.exe N/A
N/A N/A C:\Windows\System\NzcppBM.exe N/A
N/A N/A C:\Windows\System\DbtyXkl.exe N/A
N/A N/A C:\Windows\System\nnUwAuI.exe N/A
N/A N/A C:\Windows\System\PTgaYpm.exe N/A
N/A N/A C:\Windows\System\dLgJoyG.exe N/A
N/A N/A C:\Windows\System\wDGkDgU.exe N/A
N/A N/A C:\Windows\System\KCaipJG.exe N/A
N/A N/A C:\Windows\System\jOGRGRX.exe N/A
N/A N/A C:\Windows\System\aFYSVLT.exe N/A
N/A N/A C:\Windows\System\rjxUKpe.exe N/A
N/A N/A C:\Windows\System\wHpdQbD.exe N/A
N/A N/A C:\Windows\System\PBIarsu.exe N/A
N/A N/A C:\Windows\System\yMehCME.exe N/A
N/A N/A C:\Windows\System\hDJSxiP.exe N/A
N/A N/A C:\Windows\System\ZzERMmn.exe N/A
N/A N/A C:\Windows\System\YGDeEgR.exe N/A
N/A N/A C:\Windows\System\wDYMXDl.exe N/A
N/A N/A C:\Windows\System\LEKrUTq.exe N/A
N/A N/A C:\Windows\System\RxwbAXl.exe N/A
N/A N/A C:\Windows\System\rGNpLzq.exe N/A
N/A N/A C:\Windows\System\GCgQOPJ.exe N/A
N/A N/A C:\Windows\System\bLtwwEN.exe N/A
N/A N/A C:\Windows\System\HgjhYwY.exe N/A
N/A N/A C:\Windows\System\LAoMwmU.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\XgfGlHY.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\qeEfSaD.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\PTgaYpm.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfNMmUg.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\XOwQxyr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhioqdV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwDXuNr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGYBPzm.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNcHrIH.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzwdIFr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\flYKINf.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBoEQSh.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ceGLFbV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsKCHin.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCikZTx.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyZpVTh.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahnCVOV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOCnpDw.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpJPAfI.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoTndSk.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSGljdj.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQJYibv.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\KHyJfAz.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\lPZuEWO.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\fIzFNto.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLFQmTj.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFPZBdP.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\DXFNgvy.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFYSVLT.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRhBXGS.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDOnryy.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxeGjAr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOwwpGM.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\yMehCME.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzERMmn.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzqWUdN.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBlLaXz.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\MlDukOF.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\yHWcXnk.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFGoUrW.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnwAxSd.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmFUExk.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZAoKvq.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\agbJDQX.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHUyLnX.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWWgRIA.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiDLXAd.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzALIEV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRkVENG.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxHXJty.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNQrOsU.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYVgnGJ.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPHrRHa.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClqMcxF.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwWDXQI.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\BoIWSPW.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\urNBJbc.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktfzVXa.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvijSik.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgGHfQZ.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLgJoyG.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\wHpdQbD.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFJROAH.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSwoWJo.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2972 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BoIWSPW.exe
PID 2972 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BoIWSPW.exe
PID 2972 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BoIWSPW.exe
PID 2972 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wHkgjkX.exe
PID 2972 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wHkgjkX.exe
PID 2972 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wHkgjkX.exe
PID 2972 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tddSnFs.exe
PID 2972 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tddSnFs.exe
PID 2972 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tddSnFs.exe
PID 2972 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\OckotGe.exe
PID 2972 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\OckotGe.exe
PID 2972 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\OckotGe.exe
PID 2972 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\lPZuEWO.exe
PID 2972 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\lPZuEWO.exe
PID 2972 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\lPZuEWO.exe
PID 2972 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\UaTStGM.exe
PID 2972 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\UaTStGM.exe
PID 2972 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\UaTStGM.exe
PID 2972 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\mSRJLra.exe
PID 2972 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\mSRJLra.exe
PID 2972 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\mSRJLra.exe
PID 2972 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JTeFDXQ.exe
PID 2972 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JTeFDXQ.exe
PID 2972 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JTeFDXQ.exe
PID 2972 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NrJcYpp.exe
PID 2972 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NrJcYpp.exe
PID 2972 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NrJcYpp.exe
PID 2972 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BKWJhVL.exe
PID 2972 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BKWJhVL.exe
PID 2972 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BKWJhVL.exe
PID 2972 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gBlLaXz.exe
PID 2972 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gBlLaXz.exe
PID 2972 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gBlLaXz.exe
PID 2972 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\cxeGjAr.exe
PID 2972 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\cxeGjAr.exe
PID 2972 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\cxeGjAr.exe
PID 2972 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\sCpJJiN.exe
PID 2972 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\sCpJJiN.exe
PID 2972 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\sCpJJiN.exe
PID 2972 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tdadluP.exe
PID 2972 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tdadluP.exe
PID 2972 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tdadluP.exe
PID 2972 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\KWzhoxa.exe
PID 2972 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\KWzhoxa.exe
PID 2972 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\KWzhoxa.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\eNcHrIH.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\eNcHrIH.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\eNcHrIH.exe
PID 2972 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\DYzdMAg.exe
PID 2972 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\DYzdMAg.exe
PID 2972 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\DYzdMAg.exe
PID 2972 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wbmhlWg.exe
PID 2972 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wbmhlWg.exe
PID 2972 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wbmhlWg.exe
PID 2972 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NpPaWAn.exe
PID 2972 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NpPaWAn.exe
PID 2972 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NpPaWAn.exe
PID 2972 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\AfNmKGl.exe
PID 2972 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\AfNmKGl.exe
PID 2972 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\AfNmKGl.exe
PID 2972 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NmFUExk.exe
PID 2972 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NmFUExk.exe
PID 2972 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NmFUExk.exe
PID 2972 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gzALIEV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe"

C:\Windows\System\BoIWSPW.exe

C:\Windows\System\BoIWSPW.exe

C:\Windows\System\wHkgjkX.exe

C:\Windows\System\wHkgjkX.exe

C:\Windows\System\tddSnFs.exe

C:\Windows\System\tddSnFs.exe

C:\Windows\System\OckotGe.exe

C:\Windows\System\OckotGe.exe

C:\Windows\System\lPZuEWO.exe

C:\Windows\System\lPZuEWO.exe

C:\Windows\System\UaTStGM.exe

C:\Windows\System\UaTStGM.exe

C:\Windows\System\mSRJLra.exe

C:\Windows\System\mSRJLra.exe

C:\Windows\System\JTeFDXQ.exe

C:\Windows\System\JTeFDXQ.exe

C:\Windows\System\NrJcYpp.exe

C:\Windows\System\NrJcYpp.exe

C:\Windows\System\BKWJhVL.exe

C:\Windows\System\BKWJhVL.exe

C:\Windows\System\gBlLaXz.exe

C:\Windows\System\gBlLaXz.exe

C:\Windows\System\cxeGjAr.exe

C:\Windows\System\cxeGjAr.exe

C:\Windows\System\sCpJJiN.exe

C:\Windows\System\sCpJJiN.exe

C:\Windows\System\tdadluP.exe

C:\Windows\System\tdadluP.exe

C:\Windows\System\KWzhoxa.exe

C:\Windows\System\KWzhoxa.exe

C:\Windows\System\eNcHrIH.exe

C:\Windows\System\eNcHrIH.exe

C:\Windows\System\DYzdMAg.exe

C:\Windows\System\DYzdMAg.exe

C:\Windows\System\wbmhlWg.exe

C:\Windows\System\wbmhlWg.exe

C:\Windows\System\NpPaWAn.exe

C:\Windows\System\NpPaWAn.exe

C:\Windows\System\AfNmKGl.exe

C:\Windows\System\AfNmKGl.exe

C:\Windows\System\NmFUExk.exe

C:\Windows\System\NmFUExk.exe

C:\Windows\System\gzALIEV.exe

C:\Windows\System\gzALIEV.exe

C:\Windows\System\qLmlNWW.exe

C:\Windows\System\qLmlNWW.exe

C:\Windows\System\yFRIwKl.exe

C:\Windows\System\yFRIwKl.exe

C:\Windows\System\JsplhJp.exe

C:\Windows\System\JsplhJp.exe

C:\Windows\System\iSGkKKP.exe

C:\Windows\System\iSGkKKP.exe

C:\Windows\System\PzwdIFr.exe

C:\Windows\System\PzwdIFr.exe

C:\Windows\System\jAJvDZu.exe

C:\Windows\System\jAJvDZu.exe

C:\Windows\System\TOEZyQe.exe

C:\Windows\System\TOEZyQe.exe

C:\Windows\System\qbvpiLE.exe

C:\Windows\System\qbvpiLE.exe

C:\Windows\System\gOwwpGM.exe

C:\Windows\System\gOwwpGM.exe

C:\Windows\System\osZwjNZ.exe

C:\Windows\System\osZwjNZ.exe

C:\Windows\System\IkFXdAF.exe

C:\Windows\System\IkFXdAF.exe

C:\Windows\System\FvPplPd.exe

C:\Windows\System\FvPplPd.exe

C:\Windows\System\RoQBErC.exe

C:\Windows\System\RoQBErC.exe

C:\Windows\System\ERBDPMi.exe

C:\Windows\System\ERBDPMi.exe

C:\Windows\System\iLYONGj.exe

C:\Windows\System\iLYONGj.exe

C:\Windows\System\hZnaIVl.exe

C:\Windows\System\hZnaIVl.exe

C:\Windows\System\ABgFmpk.exe

C:\Windows\System\ABgFmpk.exe

C:\Windows\System\lYjEfdn.exe

C:\Windows\System\lYjEfdn.exe

C:\Windows\System\NzcppBM.exe

C:\Windows\System\NzcppBM.exe

C:\Windows\System\DbtyXkl.exe

C:\Windows\System\DbtyXkl.exe

C:\Windows\System\nnUwAuI.exe

C:\Windows\System\nnUwAuI.exe

C:\Windows\System\PTgaYpm.exe

C:\Windows\System\PTgaYpm.exe

C:\Windows\System\dLgJoyG.exe

C:\Windows\System\dLgJoyG.exe

C:\Windows\System\wDGkDgU.exe

C:\Windows\System\wDGkDgU.exe

C:\Windows\System\KCaipJG.exe

C:\Windows\System\KCaipJG.exe

C:\Windows\System\jOGRGRX.exe

C:\Windows\System\jOGRGRX.exe

C:\Windows\System\aFYSVLT.exe

C:\Windows\System\aFYSVLT.exe

C:\Windows\System\rjxUKpe.exe

C:\Windows\System\rjxUKpe.exe

C:\Windows\System\wHpdQbD.exe

C:\Windows\System\wHpdQbD.exe

C:\Windows\System\PBIarsu.exe

C:\Windows\System\PBIarsu.exe

C:\Windows\System\yMehCME.exe

C:\Windows\System\yMehCME.exe

C:\Windows\System\hDJSxiP.exe

C:\Windows\System\hDJSxiP.exe

C:\Windows\System\ZzERMmn.exe

C:\Windows\System\ZzERMmn.exe

C:\Windows\System\YGDeEgR.exe

C:\Windows\System\YGDeEgR.exe

C:\Windows\System\wDYMXDl.exe

C:\Windows\System\wDYMXDl.exe

C:\Windows\System\LEKrUTq.exe

C:\Windows\System\LEKrUTq.exe

C:\Windows\System\RxwbAXl.exe

C:\Windows\System\RxwbAXl.exe

C:\Windows\System\rGNpLzq.exe

C:\Windows\System\rGNpLzq.exe

C:\Windows\System\GCgQOPJ.exe

C:\Windows\System\GCgQOPJ.exe

C:\Windows\System\bLtwwEN.exe

C:\Windows\System\bLtwwEN.exe

C:\Windows\System\HgjhYwY.exe

C:\Windows\System\HgjhYwY.exe

C:\Windows\System\LAoMwmU.exe

C:\Windows\System\LAoMwmU.exe

C:\Windows\System\EATphnq.exe

C:\Windows\System\EATphnq.exe

C:\Windows\System\zuEofkt.exe

C:\Windows\System\zuEofkt.exe

C:\Windows\System\TouCyha.exe

C:\Windows\System\TouCyha.exe

C:\Windows\System\yVwSqJP.exe

C:\Windows\System\yVwSqJP.exe

C:\Windows\System\ivEiClS.exe

C:\Windows\System\ivEiClS.exe

C:\Windows\System\XPdWjND.exe

C:\Windows\System\XPdWjND.exe

C:\Windows\System\BKgTbUr.exe

C:\Windows\System\BKgTbUr.exe

C:\Windows\System\QitzKyv.exe

C:\Windows\System\QitzKyv.exe

C:\Windows\System\evgnHxm.exe

C:\Windows\System\evgnHxm.exe

C:\Windows\System\XDvPboF.exe

C:\Windows\System\XDvPboF.exe

C:\Windows\System\flYKINf.exe

C:\Windows\System\flYKINf.exe

C:\Windows\System\OZAoKvq.exe

C:\Windows\System\OZAoKvq.exe

C:\Windows\System\umYTNia.exe

C:\Windows\System\umYTNia.exe

C:\Windows\System\YdMHLJd.exe

C:\Windows\System\YdMHLJd.exe

C:\Windows\System\kkYZdNF.exe

C:\Windows\System\kkYZdNF.exe

C:\Windows\System\MvLeHUq.exe

C:\Windows\System\MvLeHUq.exe

C:\Windows\System\DQhIJHf.exe

C:\Windows\System\DQhIJHf.exe

C:\Windows\System\FGtUPfF.exe

C:\Windows\System\FGtUPfF.exe

C:\Windows\System\qRiHdYG.exe

C:\Windows\System\qRiHdYG.exe

C:\Windows\System\DiWITyX.exe

C:\Windows\System\DiWITyX.exe

C:\Windows\System\YIWCjEz.exe

C:\Windows\System\YIWCjEz.exe

C:\Windows\System\UpJPAfI.exe

C:\Windows\System\UpJPAfI.exe

C:\Windows\System\bkFhQqP.exe

C:\Windows\System\bkFhQqP.exe

C:\Windows\System\nUTaxfo.exe

C:\Windows\System\nUTaxfo.exe

C:\Windows\System\zhUSiuh.exe

C:\Windows\System\zhUSiuh.exe

C:\Windows\System\vrOvLze.exe

C:\Windows\System\vrOvLze.exe

C:\Windows\System\pSjJhuL.exe

C:\Windows\System\pSjJhuL.exe

C:\Windows\System\UxaXllt.exe

C:\Windows\System\UxaXllt.exe

C:\Windows\System\jJTepqc.exe

C:\Windows\System\jJTepqc.exe

C:\Windows\System\QNcJmiD.exe

C:\Windows\System\QNcJmiD.exe

C:\Windows\System\nRkVENG.exe

C:\Windows\System\nRkVENG.exe

C:\Windows\System\yhVJkBL.exe

C:\Windows\System\yhVJkBL.exe

C:\Windows\System\HzzdxDx.exe

C:\Windows\System\HzzdxDx.exe

C:\Windows\System\yanNvAU.exe

C:\Windows\System\yanNvAU.exe

C:\Windows\System\BjOppgJ.exe

C:\Windows\System\BjOppgJ.exe

C:\Windows\System\sQotazH.exe

C:\Windows\System\sQotazH.exe

C:\Windows\System\qVBYfof.exe

C:\Windows\System\qVBYfof.exe

C:\Windows\System\VxFdQEA.exe

C:\Windows\System\VxFdQEA.exe

C:\Windows\System\pexkZXP.exe

C:\Windows\System\pexkZXP.exe

C:\Windows\System\RsWPAGv.exe

C:\Windows\System\RsWPAGv.exe

C:\Windows\System\boYdroi.exe

C:\Windows\System\boYdroi.exe

C:\Windows\System\hxHXJty.exe

C:\Windows\System\hxHXJty.exe

C:\Windows\System\CRRavMH.exe

C:\Windows\System\CRRavMH.exe

C:\Windows\System\IsvuObr.exe

C:\Windows\System\IsvuObr.exe

C:\Windows\System\suHgSrV.exe

C:\Windows\System\suHgSrV.exe

C:\Windows\System\yMMMwSt.exe

C:\Windows\System\yMMMwSt.exe

C:\Windows\System\QzqWUdN.exe

C:\Windows\System\QzqWUdN.exe

C:\Windows\System\AXnLDMl.exe

C:\Windows\System\AXnLDMl.exe

C:\Windows\System\PRhBXGS.exe

C:\Windows\System\PRhBXGS.exe

C:\Windows\System\hNQrOsU.exe

C:\Windows\System\hNQrOsU.exe

C:\Windows\System\PjbmOEH.exe

C:\Windows\System\PjbmOEH.exe

C:\Windows\System\yDkrVUg.exe

C:\Windows\System\yDkrVUg.exe

C:\Windows\System\XYtbmyK.exe

C:\Windows\System\XYtbmyK.exe

C:\Windows\System\SQVWiAx.exe

C:\Windows\System\SQVWiAx.exe

C:\Windows\System\dJwWWVK.exe

C:\Windows\System\dJwWWVK.exe

C:\Windows\System\qYVgnGJ.exe

C:\Windows\System\qYVgnGJ.exe

C:\Windows\System\tinGsRb.exe

C:\Windows\System\tinGsRb.exe

C:\Windows\System\PngVZPv.exe

C:\Windows\System\PngVZPv.exe

C:\Windows\System\urNBJbc.exe

C:\Windows\System\urNBJbc.exe

C:\Windows\System\KNbbUBX.exe

C:\Windows\System\KNbbUBX.exe

C:\Windows\System\OsKCHin.exe

C:\Windows\System\OsKCHin.exe

C:\Windows\System\MlDukOF.exe

C:\Windows\System\MlDukOF.exe

C:\Windows\System\jVKxlLi.exe

C:\Windows\System\jVKxlLi.exe

C:\Windows\System\BunsdJI.exe

C:\Windows\System\BunsdJI.exe

C:\Windows\System\jyoymGq.exe

C:\Windows\System\jyoymGq.exe

C:\Windows\System\ZBoEQSh.exe

C:\Windows\System\ZBoEQSh.exe

C:\Windows\System\bPHrRHa.exe

C:\Windows\System\bPHrRHa.exe

C:\Windows\System\yHWcXnk.exe

C:\Windows\System\yHWcXnk.exe

C:\Windows\System\qfmoMWF.exe

C:\Windows\System\qfmoMWF.exe

C:\Windows\System\TeeVRtn.exe

C:\Windows\System\TeeVRtn.exe

C:\Windows\System\lwhcWAn.exe

C:\Windows\System\lwhcWAn.exe

C:\Windows\System\ZKXXNIU.exe

C:\Windows\System\ZKXXNIU.exe

C:\Windows\System\aNtMoGa.exe

C:\Windows\System\aNtMoGa.exe

C:\Windows\System\sbbLdcl.exe

C:\Windows\System\sbbLdcl.exe

C:\Windows\System\gBbiGKo.exe

C:\Windows\System\gBbiGKo.exe

C:\Windows\System\BnfaXrZ.exe

C:\Windows\System\BnfaXrZ.exe

C:\Windows\System\WhLCtBG.exe

C:\Windows\System\WhLCtBG.exe

C:\Windows\System\dnztGxM.exe

C:\Windows\System\dnztGxM.exe

C:\Windows\System\fIzFNto.exe

C:\Windows\System\fIzFNto.exe

C:\Windows\System\lxBWYlj.exe

C:\Windows\System\lxBWYlj.exe

C:\Windows\System\MfAvchS.exe

C:\Windows\System\MfAvchS.exe

C:\Windows\System\sADTFDk.exe

C:\Windows\System\sADTFDk.exe

C:\Windows\System\mCgCtyf.exe

C:\Windows\System\mCgCtyf.exe

C:\Windows\System\eXQYfOt.exe

C:\Windows\System\eXQYfOt.exe

C:\Windows\System\seeeiGM.exe

C:\Windows\System\seeeiGM.exe

C:\Windows\System\ihYDDFS.exe

C:\Windows\System\ihYDDFS.exe

C:\Windows\System\sztsRPr.exe

C:\Windows\System\sztsRPr.exe

C:\Windows\System\GaBkqaE.exe

C:\Windows\System\GaBkqaE.exe

C:\Windows\System\mZUpKiJ.exe

C:\Windows\System\mZUpKiJ.exe

C:\Windows\System\zXKPkiK.exe

C:\Windows\System\zXKPkiK.exe

C:\Windows\System\lGeZDll.exe

C:\Windows\System\lGeZDll.exe

C:\Windows\System\hZpvJYs.exe

C:\Windows\System\hZpvJYs.exe

C:\Windows\System\IQxdEeK.exe

C:\Windows\System\IQxdEeK.exe

C:\Windows\System\ypKBJKt.exe

C:\Windows\System\ypKBJKt.exe

C:\Windows\System\TFJROAH.exe

C:\Windows\System\TFJROAH.exe

C:\Windows\System\PpWgiDy.exe

C:\Windows\System\PpWgiDy.exe

C:\Windows\System\nYPXgDh.exe

C:\Windows\System\nYPXgDh.exe

C:\Windows\System\YKeWizo.exe

C:\Windows\System\YKeWizo.exe

C:\Windows\System\WqHDvDt.exe

C:\Windows\System\WqHDvDt.exe

C:\Windows\System\cWRrISU.exe

C:\Windows\System\cWRrISU.exe

C:\Windows\System\GLJQRsE.exe

C:\Windows\System\GLJQRsE.exe

C:\Windows\System\OrMAagz.exe

C:\Windows\System\OrMAagz.exe

C:\Windows\System\jVCfnSl.exe

C:\Windows\System\jVCfnSl.exe

C:\Windows\System\wYxvOQR.exe

C:\Windows\System\wYxvOQR.exe

C:\Windows\System\bidBLHs.exe

C:\Windows\System\bidBLHs.exe

C:\Windows\System\pgtuIFE.exe

C:\Windows\System\pgtuIFE.exe

C:\Windows\System\HLFQmTj.exe

C:\Windows\System\HLFQmTj.exe

C:\Windows\System\agbJDQX.exe

C:\Windows\System\agbJDQX.exe

C:\Windows\System\BCikZTx.exe

C:\Windows\System\BCikZTx.exe

C:\Windows\System\BfkLrnJ.exe

C:\Windows\System\BfkLrnJ.exe

C:\Windows\System\DCoNmZD.exe

C:\Windows\System\DCoNmZD.exe

C:\Windows\System\rjPSAgp.exe

C:\Windows\System\rjPSAgp.exe

C:\Windows\System\UmfjIYl.exe

C:\Windows\System\UmfjIYl.exe

C:\Windows\System\hTLfjkk.exe

C:\Windows\System\hTLfjkk.exe

C:\Windows\System\NQVtnbA.exe

C:\Windows\System\NQVtnbA.exe

C:\Windows\System\ZgJDPoS.exe

C:\Windows\System\ZgJDPoS.exe

C:\Windows\System\XkHlBrS.exe

C:\Windows\System\XkHlBrS.exe

C:\Windows\System\UzORDDn.exe

C:\Windows\System\UzORDDn.exe

C:\Windows\System\tGhDKEk.exe

C:\Windows\System\tGhDKEk.exe

C:\Windows\System\eDOnryy.exe

C:\Windows\System\eDOnryy.exe

C:\Windows\System\uKVnvsZ.exe

C:\Windows\System\uKVnvsZ.exe

C:\Windows\System\aFyLfBb.exe

C:\Windows\System\aFyLfBb.exe

C:\Windows\System\ClqMcxF.exe

C:\Windows\System\ClqMcxF.exe

C:\Windows\System\hWerbLs.exe

C:\Windows\System\hWerbLs.exe

C:\Windows\System\pjQtUzy.exe

C:\Windows\System\pjQtUzy.exe

C:\Windows\System\ceGLFbV.exe

C:\Windows\System\ceGLFbV.exe

C:\Windows\System\bIOVESD.exe

C:\Windows\System\bIOVESD.exe

C:\Windows\System\tJdhnam.exe

C:\Windows\System\tJdhnam.exe

C:\Windows\System\jOnLGqR.exe

C:\Windows\System\jOnLGqR.exe

C:\Windows\System\FhzhdyO.exe

C:\Windows\System\FhzhdyO.exe

C:\Windows\System\SikpxMf.exe

C:\Windows\System\SikpxMf.exe

C:\Windows\System\boZhpOl.exe

C:\Windows\System\boZhpOl.exe

C:\Windows\System\BLQqbeZ.exe

C:\Windows\System\BLQqbeZ.exe

C:\Windows\System\YrwKRYl.exe

C:\Windows\System\YrwKRYl.exe

C:\Windows\System\lYAtTdT.exe

C:\Windows\System\lYAtTdT.exe

C:\Windows\System\BCuvxIX.exe

C:\Windows\System\BCuvxIX.exe

C:\Windows\System\wxsdUPp.exe

C:\Windows\System\wxsdUPp.exe

C:\Windows\System\IQWIILP.exe

C:\Windows\System\IQWIILP.exe

C:\Windows\System\kdVzGEb.exe

C:\Windows\System\kdVzGEb.exe

C:\Windows\System\ZHUyLnX.exe

C:\Windows\System\ZHUyLnX.exe

C:\Windows\System\ZduLHVX.exe

C:\Windows\System\ZduLHVX.exe

C:\Windows\System\SAcaVNe.exe

C:\Windows\System\SAcaVNe.exe

C:\Windows\System\Waojchm.exe

C:\Windows\System\Waojchm.exe

C:\Windows\System\QsfQpBK.exe

C:\Windows\System\QsfQpBK.exe

C:\Windows\System\xfNMmUg.exe

C:\Windows\System\xfNMmUg.exe

C:\Windows\System\BWWgRIA.exe

C:\Windows\System\BWWgRIA.exe

C:\Windows\System\xSuFVCO.exe

C:\Windows\System\xSuFVCO.exe

C:\Windows\System\XOwQxyr.exe

C:\Windows\System\XOwQxyr.exe

C:\Windows\System\ssOfzeq.exe

C:\Windows\System\ssOfzeq.exe

C:\Windows\System\siMedMj.exe

C:\Windows\System\siMedMj.exe

C:\Windows\System\bJrONoj.exe

C:\Windows\System\bJrONoj.exe

C:\Windows\System\zFGoUrW.exe

C:\Windows\System\zFGoUrW.exe

C:\Windows\System\Kaewsrx.exe

C:\Windows\System\Kaewsrx.exe

C:\Windows\System\dcaAKjw.exe

C:\Windows\System\dcaAKjw.exe

C:\Windows\System\MqJWyeg.exe

C:\Windows\System\MqJWyeg.exe

C:\Windows\System\DfCVjoa.exe

C:\Windows\System\DfCVjoa.exe

C:\Windows\System\pzSpTwL.exe

C:\Windows\System\pzSpTwL.exe

C:\Windows\System\iqrUayL.exe

C:\Windows\System\iqrUayL.exe

C:\Windows\System\AjhpuXU.exe

C:\Windows\System\AjhpuXU.exe

C:\Windows\System\PqqMJwn.exe

C:\Windows\System\PqqMJwn.exe

C:\Windows\System\kPcLOTs.exe

C:\Windows\System\kPcLOTs.exe

C:\Windows\System\ydhAtlq.exe

C:\Windows\System\ydhAtlq.exe

C:\Windows\System\rFPZBdP.exe

C:\Windows\System\rFPZBdP.exe

C:\Windows\System\mtPzMZc.exe

C:\Windows\System\mtPzMZc.exe

C:\Windows\System\MtBlNbr.exe

C:\Windows\System\MtBlNbr.exe

C:\Windows\System\DXFNgvy.exe

C:\Windows\System\DXFNgvy.exe

C:\Windows\System\SSGljdj.exe

C:\Windows\System\SSGljdj.exe

C:\Windows\System\djnwwxV.exe

C:\Windows\System\djnwwxV.exe

C:\Windows\System\GUNTOaa.exe

C:\Windows\System\GUNTOaa.exe

C:\Windows\System\greJLmR.exe

C:\Windows\System\greJLmR.exe

C:\Windows\System\WhioqdV.exe

C:\Windows\System\WhioqdV.exe

C:\Windows\System\MRVDmmv.exe

C:\Windows\System\MRVDmmv.exe

C:\Windows\System\VeQEVkL.exe

C:\Windows\System\VeQEVkL.exe

C:\Windows\System\wFGGVBN.exe

C:\Windows\System\wFGGVBN.exe

C:\Windows\System\bfvvGtx.exe

C:\Windows\System\bfvvGtx.exe

C:\Windows\System\iMzhVTy.exe

C:\Windows\System\iMzhVTy.exe

C:\Windows\System\ZmDkPHP.exe

C:\Windows\System\ZmDkPHP.exe

C:\Windows\System\YyZpVTh.exe

C:\Windows\System\YyZpVTh.exe

C:\Windows\System\hsmhacX.exe

C:\Windows\System\hsmhacX.exe

C:\Windows\System\CKHmWsj.exe

C:\Windows\System\CKHmWsj.exe

C:\Windows\System\uQJYibv.exe

C:\Windows\System\uQJYibv.exe

C:\Windows\System\unNUiJs.exe

C:\Windows\System\unNUiJs.exe

C:\Windows\System\eQsnCrF.exe

C:\Windows\System\eQsnCrF.exe

C:\Windows\System\RiDLXAd.exe

C:\Windows\System\RiDLXAd.exe

C:\Windows\System\ktfzVXa.exe

C:\Windows\System\ktfzVXa.exe

C:\Windows\System\kwDXuNr.exe

C:\Windows\System\kwDXuNr.exe

C:\Windows\System\oXaoChz.exe

C:\Windows\System\oXaoChz.exe

C:\Windows\System\KwvvBEk.exe

C:\Windows\System\KwvvBEk.exe

C:\Windows\System\LSptNGc.exe

C:\Windows\System\LSptNGc.exe

C:\Windows\System\qFHzylF.exe

C:\Windows\System\qFHzylF.exe

C:\Windows\System\oSwoWJo.exe

C:\Windows\System\oSwoWJo.exe

C:\Windows\System\ITDTCNO.exe

C:\Windows\System\ITDTCNO.exe

C:\Windows\System\UoTndSk.exe

C:\Windows\System\UoTndSk.exe

C:\Windows\System\LAaMrQx.exe

C:\Windows\System\LAaMrQx.exe

C:\Windows\System\AuEEmeF.exe

C:\Windows\System\AuEEmeF.exe

C:\Windows\System\ZnPFHZx.exe

C:\Windows\System\ZnPFHZx.exe

C:\Windows\System\bwGKHYu.exe

C:\Windows\System\bwGKHYu.exe

C:\Windows\System\yaXDrYg.exe

C:\Windows\System\yaXDrYg.exe

C:\Windows\System\meIMDGb.exe

C:\Windows\System\meIMDGb.exe

C:\Windows\System\fdYFixb.exe

C:\Windows\System\fdYFixb.exe

C:\Windows\System\qrkFOMJ.exe

C:\Windows\System\qrkFOMJ.exe

C:\Windows\System\CtBWEci.exe

C:\Windows\System\CtBWEci.exe

C:\Windows\System\TtnNCVc.exe

C:\Windows\System\TtnNCVc.exe

C:\Windows\System\ahnCVOV.exe

C:\Windows\System\ahnCVOV.exe

C:\Windows\System\zFwENEJ.exe

C:\Windows\System\zFwENEJ.exe

C:\Windows\System\QSTKKpP.exe

C:\Windows\System\QSTKKpP.exe

C:\Windows\System\KaeNaNs.exe

C:\Windows\System\KaeNaNs.exe

C:\Windows\System\JKlujHq.exe

C:\Windows\System\JKlujHq.exe

C:\Windows\System\vGYBPzm.exe

C:\Windows\System\vGYBPzm.exe

C:\Windows\System\udUSoMf.exe

C:\Windows\System\udUSoMf.exe

C:\Windows\System\TSviuku.exe

C:\Windows\System\TSviuku.exe

C:\Windows\System\DvijSik.exe

C:\Windows\System\DvijSik.exe

C:\Windows\System\KHyJfAz.exe

C:\Windows\System\KHyJfAz.exe

C:\Windows\System\aeSvBPB.exe

C:\Windows\System\aeSvBPB.exe

C:\Windows\System\qcvIwBz.exe

C:\Windows\System\qcvIwBz.exe

C:\Windows\System\kwDZrqK.exe

C:\Windows\System\kwDZrqK.exe

C:\Windows\System\OCNONIk.exe

C:\Windows\System\OCNONIk.exe

C:\Windows\System\aBtfRqI.exe

C:\Windows\System\aBtfRqI.exe

C:\Windows\System\ZPTRVpB.exe

C:\Windows\System\ZPTRVpB.exe

C:\Windows\System\tLYGokE.exe

C:\Windows\System\tLYGokE.exe

C:\Windows\System\cKgdvQJ.exe

C:\Windows\System\cKgdvQJ.exe

C:\Windows\System\eOQSeKE.exe

C:\Windows\System\eOQSeKE.exe

C:\Windows\System\FMhvlex.exe

C:\Windows\System\FMhvlex.exe

C:\Windows\System\RGZckaW.exe

C:\Windows\System\RGZckaW.exe

C:\Windows\System\NkDuefb.exe

C:\Windows\System\NkDuefb.exe

C:\Windows\System\mBILdwK.exe

C:\Windows\System\mBILdwK.exe

C:\Windows\System\OpTBMZO.exe

C:\Windows\System\OpTBMZO.exe

C:\Windows\System\UbDvLQk.exe

C:\Windows\System\UbDvLQk.exe

C:\Windows\System\NPwcBgr.exe

C:\Windows\System\NPwcBgr.exe

C:\Windows\System\cprSEbU.exe

C:\Windows\System\cprSEbU.exe

C:\Windows\System\xRnyDYM.exe

C:\Windows\System\xRnyDYM.exe

C:\Windows\System\dfYeLEK.exe

C:\Windows\System\dfYeLEK.exe

C:\Windows\System\XDWtYJb.exe

C:\Windows\System\XDWtYJb.exe

C:\Windows\System\aBTCjiH.exe

C:\Windows\System\aBTCjiH.exe

C:\Windows\System\YrqIOsI.exe

C:\Windows\System\YrqIOsI.exe

C:\Windows\System\WgkMkgX.exe

C:\Windows\System\WgkMkgX.exe

C:\Windows\System\sqfHtYO.exe

C:\Windows\System\sqfHtYO.exe

C:\Windows\System\YMxstzs.exe

C:\Windows\System\YMxstzs.exe

C:\Windows\System\UGFIoln.exe

C:\Windows\System\UGFIoln.exe

C:\Windows\System\jgGHfQZ.exe

C:\Windows\System\jgGHfQZ.exe

C:\Windows\System\HnwAxSd.exe

C:\Windows\System\HnwAxSd.exe

C:\Windows\System\OwWDXQI.exe

C:\Windows\System\OwWDXQI.exe

C:\Windows\System\XgfGlHY.exe

C:\Windows\System\XgfGlHY.exe

C:\Windows\System\LyUhZwg.exe

C:\Windows\System\LyUhZwg.exe

C:\Windows\System\TwqJDMW.exe

C:\Windows\System\TwqJDMW.exe

C:\Windows\System\heylnAh.exe

C:\Windows\System\heylnAh.exe

C:\Windows\System\fBgdziT.exe

C:\Windows\System\fBgdziT.exe

C:\Windows\System\PlwRkFd.exe

C:\Windows\System\PlwRkFd.exe

C:\Windows\System\nuILVfD.exe

C:\Windows\System\nuILVfD.exe

C:\Windows\System\cPsAJru.exe

C:\Windows\System\cPsAJru.exe

C:\Windows\System\NBiZCPX.exe

C:\Windows\System\NBiZCPX.exe

C:\Windows\System\yRqmmGv.exe

C:\Windows\System\yRqmmGv.exe

C:\Windows\System\QJiesIe.exe

C:\Windows\System\QJiesIe.exe

C:\Windows\System\cOCnpDw.exe

C:\Windows\System\cOCnpDw.exe

C:\Windows\System\WGcqGZk.exe

C:\Windows\System\WGcqGZk.exe

C:\Windows\System\qeEfSaD.exe

C:\Windows\System\qeEfSaD.exe

C:\Windows\System\yoFSHif.exe

C:\Windows\System\yoFSHif.exe

C:\Windows\System\NAcUVAt.exe

C:\Windows\System\NAcUVAt.exe

C:\Windows\System\AdUlPnp.exe

C:\Windows\System\AdUlPnp.exe

C:\Windows\System\zfBwjZV.exe

C:\Windows\System\zfBwjZV.exe

C:\Windows\System\TUXjjnq.exe

C:\Windows\System\TUXjjnq.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2972-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\BoIWSPW.exe

MD5 099d9afa102f8c7ad7642f3510a65f65
SHA1 ea5b75fe8ed7f8777f863fa341aedd8d5930455c
SHA256 5f1c7630c1d96535c44853b46a63a55fee4809382e40e268cecd735698d4e64a
SHA512 ef48993d842f29a5e9e3e2b2833d18846ebef87a883f94e86c78b63b0b0744e8a41e12e9716a41fe948b32800680bcbad69795d4bd6829793014d90ae16d68fb

\Windows\system\wHkgjkX.exe

MD5 767798bad90acf9e795f56c4565baa1a
SHA1 8293561f3fe9c826ca8b44dd92dd820df1170bfe
SHA256 be4e559ce99002147cadc2055b939d6b8ef4a65c954e445b775e0d0a9b27af2b
SHA512 45f8d8bedcfb96f057ee5c98268362ff9fab0a89ee1f7976d83b604add0a55cd24e14de7a1a4bc8bb8f4662660d576515dd448029afd0fc3d12162cd45dade2f

C:\Windows\system\tddSnFs.exe

MD5 dc0cbd48e4724837efc552470d4f1132
SHA1 665dd4c278d2fa0ebec66f21219cce1733a09a45
SHA256 289130c2e8e05d342e90f31c73aa15f7f71d7d2dc614387c4675f95bc00db3c1
SHA512 e1ee91b8dd4d5f11e43c98abc1fc3f44c686dbee77346a9dfc8a9816a410722191780e48114c73fbdea3385273cd4ef3be04a6170e14d833f7a8fb1eed9ad2ff

C:\Windows\system\OckotGe.exe

MD5 cb28d3f9419f2d23ae945861ae01fd6e
SHA1 30b22e9b0b3a7064daff5bfe32c57f54ed557fda
SHA256 4ba854476c25fba2ab8dd8d71f36d5cf33733f6ec0f68937d8556468735783ce
SHA512 d4d855c6e352a6c7ff55c454a3242c96eaf803ff4544e704d3290cbf8182364839759c0777ac3149b180620e934b4d7ec09bd16daf2342d43256e859c80da013

C:\Windows\system\lPZuEWO.exe

MD5 7663f7e70e957f966572ef4df464f809
SHA1 5fe7ec71d4b443b8bc964c3122504ca7be08661e
SHA256 01943b5d01604544536edf33b54d4e2bd60f9992a35817bf4afabf151e8125cc
SHA512 195203a70698706c4539004451fefe6d412f547753cdae5b3c4fdaa2159c35056063caca4e14b94cf8246e5a019913166a75ddf85b2d35bdaa87d2269f8029fd

C:\Windows\system\JTeFDXQ.exe

MD5 8f8eaa433208bca8904efcb9948d214b
SHA1 9ec9cae9a7aa0505e05c740247e6b1ad800bedb4
SHA256 0c832588f0d05273be620e376594bf2bc0fbc02c41ab1feaae5c4d6076139748
SHA512 0a4d707a50b8e4e3bcfbf76165ccb07b314caa9d72579bd23d0d32b6f88aa808173daf25b9c0864570cf7de8a537de09af542b92fdb6bb7a7f4ab419721a2bcf

C:\Windows\system\mSRJLra.exe

MD5 36be616b0dec1691f7875a63b47c4e03
SHA1 4ccecc1dfa31a64cb69717db84a94a9e9a914ef5
SHA256 3b8241eadf911c05720f27dce0586c207e04d11246b3b6799832eaedd928f324
SHA512 7b6ce0a2f3dff712f87fccf2d4a35b3a6c87e5f0e7d9b287df551350803b70d9809cbb5bdadde314fc12348365ac0a62e1c4c4a285c514cc57260a0031950806

C:\Windows\system\NrJcYpp.exe

MD5 0c95aaab1a344145981a2a503df261c1
SHA1 3c9a38e589629e0ca3e14dc5f6683a8a149b687f
SHA256 9be66a2f5b097fa96104d39c9f2ae2ef8fe1ff0cd9d908edfac92aa6bed8f702
SHA512 26c0ff79c29eeaa94efd199d42907384b1206f7a1d3ec443c2ca276d73fea5850635f6f830757b25af3c0e6e35569cae1449a93a0fef03c07182eaacaba5afbb

C:\Windows\system\cxeGjAr.exe

MD5 cecc8e63d806ca8d82891967add57382
SHA1 074405f7fac29324c45ae1269e6a992e31039cd4
SHA256 47e6728d8106b93ef49a1fa8ea42f3f84113f268b102656d2173ff0ca79ada9d
SHA512 4cbd1250bcbed3121da5cd5e38433122c47ed1ea9b7ecf92a5c53c941fdbdf0d1a5dadb1a5060756755dd1c835513b90d9925bfe88dfb587471995e0c3790a54

C:\Windows\system\eNcHrIH.exe

MD5 f450416e670509ef7278eea237bd52f4
SHA1 ebfe58cdd0a4b3ce4329347432f1fc374b0b5005
SHA256 71afe1094c03c814887e0953150691340f50275b237452748efa8e4dcede8f92
SHA512 dce4098431a126405ed617844a6f95f5ee518d28a1bfe4fbf194d66a743ed7bacb225e4399ee8c26016edc9c8b4a42e79df0b37857023d1d8e3a6ec648700e00

\Windows\system\NpPaWAn.exe

MD5 d49760e7041f09e8f7935c8ab5ad7bd4
SHA1 f3a8f6c16b95d3b70c7e8e279f4704bec79cd22c
SHA256 3f30f74e336ea4a161bfbaff475e317db0956dc66302bb1a47bf6e55079e6235
SHA512 f0fde53dbc0080904710b8a6cdaadb84a12491bcbe5f62e3fc9f2f946ce96c552fea9f093fa0496a9c9867ae0cfa83e3e3a1974ed5c4023caaf269274c210cd7

C:\Windows\system\AfNmKGl.exe

MD5 9b544a412dfdfaf265d99099e01db4b7
SHA1 8251354b743d591b08aeeb94d82b971a51448c72
SHA256 09fab611e484d8312ebf96e209dd5b6448da45ffc567ff4cabd91bb4b2cbdf11
SHA512 29608acdb927a8ecabb56f7e438055205c5058ada3c81c85cf43c76aa119b53b6a49a0b30ec1d029c5a7f0526d11683de539215087fe4c65375ed2c865f4d12b

C:\Windows\system\gzALIEV.exe

MD5 6b0bf13eacf39f1b3e380e9d58ccd819
SHA1 07387c24d325bade5c20ba858b2fa7d24dfb6508
SHA256 2c356774c8a934273d8a52f5997982815709daecc263396709ffa3b016e7b02f
SHA512 3747a535a1a6f3c8ad9e655036a93aa0aeb53a5e41a79577b27d0db236ef7dd886c0cf4fcd39b3991ed2ce24134b29fdbd0097ec71eeaf71854abfd5fd03bfd5

\Windows\system\JsplhJp.exe

MD5 3e4a5ae6b497e8c907f71474f68f6989
SHA1 7eab713ffce31a8fc6c26136559af363bccc6da1
SHA256 4e28338fb356843ddb7a905c51374c276bf9358e24f833904b140f2587c6036f
SHA512 bc33aaa91e7bf7df2899a5c2e60b9a283950e5faf5deb55f36699a87d66eee5405d78e23d9d1e0ad8d7065f33f73e813626c023a6ff06fb6dcf4f5f4da4006c7

C:\Windows\system\qbvpiLE.exe

MD5 2f008bb4e54717e6eb0a85b605596e3c
SHA1 36acb15e867b45850e96be48b17f42e17078570e
SHA256 0265570ff4778cbb46335390c7d294cba1899d2e90016d6730e7526d4ee856bd
SHA512 f451d0168c713288518ae5d3b394a9a24c007ac7732e281e95f10ebd524d0a66eca517b5ff45c01b20f0f85ccbb7ef1e0b85813899c2f123021be8054f829fe8

C:\Windows\system\gOwwpGM.exe

MD5 9b8e7fd93a448f572f604ede42a7b382
SHA1 fb5d137bf965c4144447065a52b4cab826c38e5b
SHA256 aa44d359e0bc240e0646926a20669a7d39a437b2ff090fb4184c716428435d8b
SHA512 698cc162a3275d49e52fb0cb5cbc043a68eeeb5e1133a6da11d68b6fa4e7ba9e961fd77a4e2150a7dd1c1fd9774207795c096e24396ba276a90ef824cd14ccb3

C:\Windows\system\osZwjNZ.exe

MD5 5e3a0d35ad4652ea0f5b4799d15f2362
SHA1 f07c3101a6f5f5a93577bd485331094617e95d0e
SHA256 a0bf718ac84176d6ef63e12ba0558de563a339a6d126cee734d45b2d47651a39
SHA512 ea34143f8d0d123ade25a816827aff4ca56104e4e55660fd99f8a97a44095bab8311826f80ebe009b3338a6e2cc1432d03257f9d7b17a7393031939c02934cc5

C:\Windows\system\TOEZyQe.exe

MD5 7e9c9fce59f320c2ef42ea018c4c9479
SHA1 52ac7e4eb74a10bf6ac8e3b843dfba11db8759a6
SHA256 2a83529f82dcee275cdbe6858d3a9afe668fcfcdf35697fa7ad09a3f938c8118
SHA512 faf24d88ad85f71790410f6841d765d9765f70595fa7c8022291a91d8633ddb6dc6e0739e88432986d783efbeea9a3fd542f1633988ede72e555becc705fa006

C:\Windows\system\PzwdIFr.exe

MD5 293444e6377c93a7c7b49b1b8f298bb9
SHA1 12cefc0951806229c1957186c7e8ba857e88c52b
SHA256 64606c169731fba5b737810c245d7c90e3ecc0a14b6dfe1052abcf5ae3b9720b
SHA512 a14512d102d839b237aa1c46145f323eba60e022617193594f1ede5f264fba4c3a374d305cf50f96c066992ebac69591b3272c690d0e1a928983a03b2e254169

C:\Windows\system\jAJvDZu.exe

MD5 e837ab03fc98bae79af4b3ab059b7c3e
SHA1 1030eb79fde775d4afef7392de8f3336c46120e5
SHA256 badf7782f3c34fd739b9a697791450476ebb892f2d43778a96b117920f2518d7
SHA512 dd4afe4d04c6bc822243198d4a62ee772964b52f7f6702adee1a6c2952b9e02a1bb1ebcc7d2c1572a800de82ddd046b96d0e43f73df74fb254f2ca8a8265e286

C:\Windows\system\iSGkKKP.exe

MD5 407b2d9479e7eb395c7d458d1bc2827d
SHA1 bd073c3939afc20c2237b5b1c94053f958d78b5c
SHA256 597c9d8d6cc255e989ae3b4ba2060aa0421b05f0321e75ef71c449f4aec1ef3e
SHA512 f9c38b703a709a83513f46d603064be28c09ec7ddfbc7d9c73456272ef3c098ac81519f11b504be116eec423afe7b80da7debea07d21a0e2526202a10d48d530

C:\Windows\system\qLmlNWW.exe

MD5 9537a8a0b0599ca80b9417f9381b9a2d
SHA1 74be7677333ae590ab9c42286739c30581963b08
SHA256 f3004d142c6bb1d6ba480bb9262c67b8c89adafade41992e67ce024574e22251
SHA512 381495651ca0e7240ce688ccb5fa9b28392b057dfc294a5e29df25951c45953abcd66f048f15d145fafff75fd78e76ae945ee3e28f13ce5ec03f7f014ebb8f51

C:\Windows\system\yFRIwKl.exe

MD5 40abbcc790dda7f7173a3593ac64437b
SHA1 f08b83bae0c7c4bcb589e5294ebf3901874901ff
SHA256 0ab21ecd7755ee73d9e4d5d29aaa0214887f3627ef17741fe7e8fb83e9a8f86d
SHA512 654f86509e59cf3442a61db06cf596300805d035f970bd0d264db1a3bb15cc7c67996dfacc30ebc1f85653f2804c480e38aac42340daf89d2dc5f46faf619b46

C:\Windows\system\NmFUExk.exe

MD5 0334a0f2aa18941fe78f6a535b7c4658
SHA1 833f3fcc13e48e2c211ea98bcd19c0fdf944585b
SHA256 164b6dcf2a0741960ca85c755446b456422ad417cf62813cd46e1f67883f54d2
SHA512 97cc7ae4a1e1c062babad94462099d3679d7476ab10f46fbbd3d794dcc0087161b2b2caeafad7710b77eb0411f33e1d78c78e25303257ff86424bd10d427fdd3

C:\Windows\system\wbmhlWg.exe

MD5 d5111fd3a35119371f882b8582ac81a4
SHA1 e3f79d954dd5ed1d1b5f825a1a5b4ff86f37c713
SHA256 9f3a68f2ff1c299ccbf49e79e4cf5fed9234478edc52b8b19a96e1dd05039c19
SHA512 2df46052a4e9c1d31f3f3d741d24d994125917673a55ac3fd346456535e697cc187514dd61b55fd13398e14c4cbd31d926eaec6d26754a9c62bbe37bc3d465fb

C:\Windows\system\DYzdMAg.exe

MD5 ef9e614e58fc99f30f0570e98ebf27cc
SHA1 faa7c6f81f7591f5794da4fe5e14ea901bae73a1
SHA256 a209f9bb2baa6a558c1feb38be939aed3db78766ab8425ac0b2386ec4f6e4112
SHA512 68e81dbd33d341ad59f6ca66b266313e61dea2bb8a7d432bccd861bec0a70f154a9b6279d647f8588d529915b40012f959b5dcf2fe7583cd58485141b180d7f6

C:\Windows\system\KWzhoxa.exe

MD5 bfd8c3b6a944162522ea0dad76b5d0fd
SHA1 e6f43dd597129a6cdfa960638feeb072b803a96b
SHA256 ffc660b3d202e15c2bf1a661ffd99f4446a65618460807130350ed20a6c65a28
SHA512 8f7592864a828b720215d7e8bc6cb152dcaa56b9ee29f9b8c6875f0894a9a209fa875d1a4fd1927a87385710531894d0cacd6dc5d6e873fa677b347899ff9b73

C:\Windows\system\tdadluP.exe

MD5 ecc81e23b679c96f310cee61c58aef49
SHA1 31c4c37900fbd3031f89958456e23bd5b06bd37a
SHA256 ad3683333b9a812736315a538e04b3c88b91ab85fc2c223a44f4fcab9f8d7f2f
SHA512 54aaf4c6b6be0d1fbfa0f18da8a437d86de817ea685bdde39be52a380d29220135214801fdb9aa0cb98a5ba7afd62cd764524974d7fc2c0c6ab80ebcc114d885

C:\Windows\system\sCpJJiN.exe

MD5 71409c1d2a5d2f3284ab31698cb30e52
SHA1 d9c25cd130b8c761412379f198662d1ca97f4a4c
SHA256 48e73616cc43576f2c385fbdb73f24ea5593973d8eec44b2b83803362cde626a
SHA512 e5c612969664cf6a50b55dad1948d2f5d70326098d3d805a2bc901005edbbd4e9fedf4792fe783c52f9d66af523bb3a36e82a3e09e7b45ab987d9f5ba67d87b0

C:\Windows\system\gBlLaXz.exe

MD5 c3d1f4aedaecce916dd8d161803347b0
SHA1 de63012af8e39acc1133acab9cb5dbcb74240a01
SHA256 ccfed72ad4e088d20397e02d1ef0db6a30c671dc0a61151fad918dc02e7ef70a
SHA512 bd79579e12cb04c062d1a5e2c27d68fc9107a186509e3ce1dc9a5020981fed62b0f204a548ef35c7b1a2d82faf4c4d2c9b599fb085f1b63f4424da3240484fa5

C:\Windows\system\BKWJhVL.exe

MD5 f25a26f4114fdcfedec1a6924f63e6b3
SHA1 8f0e576b2d83918219b5f82f318e9d6a2dbec21c
SHA256 929792b7775caffeda00bfc26829dfe23d10d3ecb01cf123ad632f5f91e94823
SHA512 95cf3b5d7ef436e6115af42f79e6d7ed64b7f02470a7687b361f5f81e6b44cddf0ae6154469c94909ccadbbc5c40293b778fe324f1ea1fde10b9f369c33a1803

C:\Windows\system\UaTStGM.exe

MD5 626a23d96288e963114f353373f065cf
SHA1 54bf62f3fdd845cabcc4192cdbb111274ec9e81d
SHA256 316faa1ea54c2ae959716c7ac2ab84ae97fa045f9b7215f0cc4d34413b277cf7
SHA512 8e23447f5b3e2d3a955f3d202622e6183d0813bca067b31d0e3a65f1ed33afcad9a0345bde8ac90610600a4b525bff7b2c9736df6c573028bd14aa11bfc67f78

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-22 21:06

Reported

2024-06-22 21:09

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\BoIWSPW.exe N/A
N/A N/A C:\Windows\System\wHkgjkX.exe N/A
N/A N/A C:\Windows\System\tddSnFs.exe N/A
N/A N/A C:\Windows\System\OckotGe.exe N/A
N/A N/A C:\Windows\System\lPZuEWO.exe N/A
N/A N/A C:\Windows\System\UaTStGM.exe N/A
N/A N/A C:\Windows\System\mSRJLra.exe N/A
N/A N/A C:\Windows\System\JTeFDXQ.exe N/A
N/A N/A C:\Windows\System\NrJcYpp.exe N/A
N/A N/A C:\Windows\System\BKWJhVL.exe N/A
N/A N/A C:\Windows\System\gBlLaXz.exe N/A
N/A N/A C:\Windows\System\cxeGjAr.exe N/A
N/A N/A C:\Windows\System\sCpJJiN.exe N/A
N/A N/A C:\Windows\System\tdadluP.exe N/A
N/A N/A C:\Windows\System\KWzhoxa.exe N/A
N/A N/A C:\Windows\System\eNcHrIH.exe N/A
N/A N/A C:\Windows\System\DYzdMAg.exe N/A
N/A N/A C:\Windows\System\wbmhlWg.exe N/A
N/A N/A C:\Windows\System\NpPaWAn.exe N/A
N/A N/A C:\Windows\System\AfNmKGl.exe N/A
N/A N/A C:\Windows\System\NmFUExk.exe N/A
N/A N/A C:\Windows\System\gzALIEV.exe N/A
N/A N/A C:\Windows\System\qLmlNWW.exe N/A
N/A N/A C:\Windows\System\yFRIwKl.exe N/A
N/A N/A C:\Windows\System\JsplhJp.exe N/A
N/A N/A C:\Windows\System\iSGkKKP.exe N/A
N/A N/A C:\Windows\System\PzwdIFr.exe N/A
N/A N/A C:\Windows\System\jAJvDZu.exe N/A
N/A N/A C:\Windows\System\TOEZyQe.exe N/A
N/A N/A C:\Windows\System\qbvpiLE.exe N/A
N/A N/A C:\Windows\System\gOwwpGM.exe N/A
N/A N/A C:\Windows\System\osZwjNZ.exe N/A
N/A N/A C:\Windows\System\IkFXdAF.exe N/A
N/A N/A C:\Windows\System\FvPplPd.exe N/A
N/A N/A C:\Windows\System\RoQBErC.exe N/A
N/A N/A C:\Windows\System\ERBDPMi.exe N/A
N/A N/A C:\Windows\System\iLYONGj.exe N/A
N/A N/A C:\Windows\System\hZnaIVl.exe N/A
N/A N/A C:\Windows\System\ABgFmpk.exe N/A
N/A N/A C:\Windows\System\lYjEfdn.exe N/A
N/A N/A C:\Windows\System\NzcppBM.exe N/A
N/A N/A C:\Windows\System\DbtyXkl.exe N/A
N/A N/A C:\Windows\System\nnUwAuI.exe N/A
N/A N/A C:\Windows\System\PTgaYpm.exe N/A
N/A N/A C:\Windows\System\dLgJoyG.exe N/A
N/A N/A C:\Windows\System\wDGkDgU.exe N/A
N/A N/A C:\Windows\System\KCaipJG.exe N/A
N/A N/A C:\Windows\System\jOGRGRX.exe N/A
N/A N/A C:\Windows\System\aFYSVLT.exe N/A
N/A N/A C:\Windows\System\rjxUKpe.exe N/A
N/A N/A C:\Windows\System\wHpdQbD.exe N/A
N/A N/A C:\Windows\System\PBIarsu.exe N/A
N/A N/A C:\Windows\System\yMehCME.exe N/A
N/A N/A C:\Windows\System\hDJSxiP.exe N/A
N/A N/A C:\Windows\System\ZzERMmn.exe N/A
N/A N/A C:\Windows\System\YGDeEgR.exe N/A
N/A N/A C:\Windows\System\wDYMXDl.exe N/A
N/A N/A C:\Windows\System\LEKrUTq.exe N/A
N/A N/A C:\Windows\System\RxwbAXl.exe N/A
N/A N/A C:\Windows\System\rGNpLzq.exe N/A
N/A N/A C:\Windows\System\GCgQOPJ.exe N/A
N/A N/A C:\Windows\System\bLtwwEN.exe N/A
N/A N/A C:\Windows\System\HgjhYwY.exe N/A
N/A N/A C:\Windows\System\LAoMwmU.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DCoNmZD.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\VeQEVkL.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\bfvvGtx.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCaipJG.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGDeEgR.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkFhQqP.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\sztsRPr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\pgtuIFE.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUXjjnq.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\bLtwwEN.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\jVCfnSl.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDOnryy.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\Waojchm.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyZpVTh.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZnPFHZx.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBgdziT.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\iSGkKKP.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\mCgCtyf.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSuFVCO.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdYFixb.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNcHrIH.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGNpLzq.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\EATphnq.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\urNBJbc.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAcaVNe.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\yoFSHif.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\zfBwjZV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\RoQBErC.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpJPAfI.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNbbUBX.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\fIzFNto.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUNTOaa.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhioqdV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\LyUhZwg.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ahnCVOV.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\tddSnFs.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLmlNWW.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\yVwSqJP.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\GaBkqaE.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTLfjkk.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrwKRYl.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\XOwQxyr.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKgdvQJ.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfYeLEK.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdMHLJd.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeeVRtn.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAcUVAt.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnwAxSd.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ERBDPMi.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\QNcJmiD.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\hxHXJty.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrMAagz.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfNMmUg.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfCVjoa.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMzhVTy.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgjhYwY.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkYZdNF.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZHUyLnX.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPsAJru.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZnaIVl.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCgQOPJ.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\DiWITyX.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\BnfaXrZ.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFJROAH.exe C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4060 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BoIWSPW.exe
PID 4060 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BoIWSPW.exe
PID 4060 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wHkgjkX.exe
PID 4060 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wHkgjkX.exe
PID 4060 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tddSnFs.exe
PID 4060 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tddSnFs.exe
PID 4060 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\OckotGe.exe
PID 4060 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\OckotGe.exe
PID 4060 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\lPZuEWO.exe
PID 4060 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\lPZuEWO.exe
PID 4060 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\UaTStGM.exe
PID 4060 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\UaTStGM.exe
PID 4060 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\mSRJLra.exe
PID 4060 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\mSRJLra.exe
PID 4060 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JTeFDXQ.exe
PID 4060 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JTeFDXQ.exe
PID 4060 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NrJcYpp.exe
PID 4060 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NrJcYpp.exe
PID 4060 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BKWJhVL.exe
PID 4060 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\BKWJhVL.exe
PID 4060 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gBlLaXz.exe
PID 4060 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gBlLaXz.exe
PID 4060 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\cxeGjAr.exe
PID 4060 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\cxeGjAr.exe
PID 4060 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\sCpJJiN.exe
PID 4060 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\sCpJJiN.exe
PID 4060 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tdadluP.exe
PID 4060 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\tdadluP.exe
PID 4060 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\KWzhoxa.exe
PID 4060 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\KWzhoxa.exe
PID 4060 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\eNcHrIH.exe
PID 4060 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\eNcHrIH.exe
PID 4060 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\DYzdMAg.exe
PID 4060 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\DYzdMAg.exe
PID 4060 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wbmhlWg.exe
PID 4060 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\wbmhlWg.exe
PID 4060 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NpPaWAn.exe
PID 4060 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NpPaWAn.exe
PID 4060 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\AfNmKGl.exe
PID 4060 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\AfNmKGl.exe
PID 4060 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NmFUExk.exe
PID 4060 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\NmFUExk.exe
PID 4060 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gzALIEV.exe
PID 4060 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gzALIEV.exe
PID 4060 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\qLmlNWW.exe
PID 4060 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\qLmlNWW.exe
PID 4060 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\yFRIwKl.exe
PID 4060 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\yFRIwKl.exe
PID 4060 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JsplhJp.exe
PID 4060 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\JsplhJp.exe
PID 4060 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\iSGkKKP.exe
PID 4060 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\iSGkKKP.exe
PID 4060 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\PzwdIFr.exe
PID 4060 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\PzwdIFr.exe
PID 4060 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\jAJvDZu.exe
PID 4060 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\jAJvDZu.exe
PID 4060 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\TOEZyQe.exe
PID 4060 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\TOEZyQe.exe
PID 4060 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\qbvpiLE.exe
PID 4060 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\qbvpiLE.exe
PID 4060 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gOwwpGM.exe
PID 4060 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\gOwwpGM.exe
PID 4060 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\osZwjNZ.exe
PID 4060 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe C:\Windows\System\osZwjNZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe"

C:\Windows\System\BoIWSPW.exe

C:\Windows\System\BoIWSPW.exe

C:\Windows\System\wHkgjkX.exe

C:\Windows\System\wHkgjkX.exe

C:\Windows\System\tddSnFs.exe

C:\Windows\System\tddSnFs.exe

C:\Windows\System\OckotGe.exe

C:\Windows\System\OckotGe.exe

C:\Windows\System\lPZuEWO.exe

C:\Windows\System\lPZuEWO.exe

C:\Windows\System\UaTStGM.exe

C:\Windows\System\UaTStGM.exe

C:\Windows\System\mSRJLra.exe

C:\Windows\System\mSRJLra.exe

C:\Windows\System\JTeFDXQ.exe

C:\Windows\System\JTeFDXQ.exe

C:\Windows\System\NrJcYpp.exe

C:\Windows\System\NrJcYpp.exe

C:\Windows\System\BKWJhVL.exe

C:\Windows\System\BKWJhVL.exe

C:\Windows\System\gBlLaXz.exe

C:\Windows\System\gBlLaXz.exe

C:\Windows\System\cxeGjAr.exe

C:\Windows\System\cxeGjAr.exe

C:\Windows\System\sCpJJiN.exe

C:\Windows\System\sCpJJiN.exe

C:\Windows\System\tdadluP.exe

C:\Windows\System\tdadluP.exe

C:\Windows\System\KWzhoxa.exe

C:\Windows\System\KWzhoxa.exe

C:\Windows\System\eNcHrIH.exe

C:\Windows\System\eNcHrIH.exe

C:\Windows\System\DYzdMAg.exe

C:\Windows\System\DYzdMAg.exe

C:\Windows\System\wbmhlWg.exe

C:\Windows\System\wbmhlWg.exe

C:\Windows\System\NpPaWAn.exe

C:\Windows\System\NpPaWAn.exe

C:\Windows\System\AfNmKGl.exe

C:\Windows\System\AfNmKGl.exe

C:\Windows\System\NmFUExk.exe

C:\Windows\System\NmFUExk.exe

C:\Windows\System\gzALIEV.exe

C:\Windows\System\gzALIEV.exe

C:\Windows\System\qLmlNWW.exe

C:\Windows\System\qLmlNWW.exe

C:\Windows\System\yFRIwKl.exe

C:\Windows\System\yFRIwKl.exe

C:\Windows\System\JsplhJp.exe

C:\Windows\System\JsplhJp.exe

C:\Windows\System\iSGkKKP.exe

C:\Windows\System\iSGkKKP.exe

C:\Windows\System\PzwdIFr.exe

C:\Windows\System\PzwdIFr.exe

C:\Windows\System\jAJvDZu.exe

C:\Windows\System\jAJvDZu.exe

C:\Windows\System\TOEZyQe.exe

C:\Windows\System\TOEZyQe.exe

C:\Windows\System\qbvpiLE.exe

C:\Windows\System\qbvpiLE.exe

C:\Windows\System\gOwwpGM.exe

C:\Windows\System\gOwwpGM.exe

C:\Windows\System\osZwjNZ.exe

C:\Windows\System\osZwjNZ.exe

C:\Windows\System\IkFXdAF.exe

C:\Windows\System\IkFXdAF.exe

C:\Windows\System\FvPplPd.exe

C:\Windows\System\FvPplPd.exe

C:\Windows\System\RoQBErC.exe

C:\Windows\System\RoQBErC.exe

C:\Windows\System\ERBDPMi.exe

C:\Windows\System\ERBDPMi.exe

C:\Windows\System\iLYONGj.exe

C:\Windows\System\iLYONGj.exe

C:\Windows\System\hZnaIVl.exe

C:\Windows\System\hZnaIVl.exe

C:\Windows\System\ABgFmpk.exe

C:\Windows\System\ABgFmpk.exe

C:\Windows\System\lYjEfdn.exe

C:\Windows\System\lYjEfdn.exe

C:\Windows\System\NzcppBM.exe

C:\Windows\System\NzcppBM.exe

C:\Windows\System\DbtyXkl.exe

C:\Windows\System\DbtyXkl.exe

C:\Windows\System\nnUwAuI.exe

C:\Windows\System\nnUwAuI.exe

C:\Windows\System\PTgaYpm.exe

C:\Windows\System\PTgaYpm.exe

C:\Windows\System\dLgJoyG.exe

C:\Windows\System\dLgJoyG.exe

C:\Windows\System\wDGkDgU.exe

C:\Windows\System\wDGkDgU.exe

C:\Windows\System\KCaipJG.exe

C:\Windows\System\KCaipJG.exe

C:\Windows\System\jOGRGRX.exe

C:\Windows\System\jOGRGRX.exe

C:\Windows\System\aFYSVLT.exe

C:\Windows\System\aFYSVLT.exe

C:\Windows\System\rjxUKpe.exe

C:\Windows\System\rjxUKpe.exe

C:\Windows\System\wHpdQbD.exe

C:\Windows\System\wHpdQbD.exe

C:\Windows\System\PBIarsu.exe

C:\Windows\System\PBIarsu.exe

C:\Windows\System\yMehCME.exe

C:\Windows\System\yMehCME.exe

C:\Windows\System\hDJSxiP.exe

C:\Windows\System\hDJSxiP.exe

C:\Windows\System\ZzERMmn.exe

C:\Windows\System\ZzERMmn.exe

C:\Windows\System\YGDeEgR.exe

C:\Windows\System\YGDeEgR.exe

C:\Windows\System\wDYMXDl.exe

C:\Windows\System\wDYMXDl.exe

C:\Windows\System\LEKrUTq.exe

C:\Windows\System\LEKrUTq.exe

C:\Windows\System\RxwbAXl.exe

C:\Windows\System\RxwbAXl.exe

C:\Windows\System\rGNpLzq.exe

C:\Windows\System\rGNpLzq.exe

C:\Windows\System\GCgQOPJ.exe

C:\Windows\System\GCgQOPJ.exe

C:\Windows\System\bLtwwEN.exe

C:\Windows\System\bLtwwEN.exe

C:\Windows\System\HgjhYwY.exe

C:\Windows\System\HgjhYwY.exe

C:\Windows\System\LAoMwmU.exe

C:\Windows\System\LAoMwmU.exe

C:\Windows\System\EATphnq.exe

C:\Windows\System\EATphnq.exe

C:\Windows\System\zuEofkt.exe

C:\Windows\System\zuEofkt.exe

C:\Windows\System\TouCyha.exe

C:\Windows\System\TouCyha.exe

C:\Windows\System\yVwSqJP.exe

C:\Windows\System\yVwSqJP.exe

C:\Windows\System\ivEiClS.exe

C:\Windows\System\ivEiClS.exe

C:\Windows\System\XPdWjND.exe

C:\Windows\System\XPdWjND.exe

C:\Windows\System\BKgTbUr.exe

C:\Windows\System\BKgTbUr.exe

C:\Windows\System\QitzKyv.exe

C:\Windows\System\QitzKyv.exe

C:\Windows\System\evgnHxm.exe

C:\Windows\System\evgnHxm.exe

C:\Windows\System\XDvPboF.exe

C:\Windows\System\XDvPboF.exe

C:\Windows\System\flYKINf.exe

C:\Windows\System\flYKINf.exe

C:\Windows\System\OZAoKvq.exe

C:\Windows\System\OZAoKvq.exe

C:\Windows\System\umYTNia.exe

C:\Windows\System\umYTNia.exe

C:\Windows\System\YdMHLJd.exe

C:\Windows\System\YdMHLJd.exe

C:\Windows\System\kkYZdNF.exe

C:\Windows\System\kkYZdNF.exe

C:\Windows\System\MvLeHUq.exe

C:\Windows\System\MvLeHUq.exe

C:\Windows\System\DQhIJHf.exe

C:\Windows\System\DQhIJHf.exe

C:\Windows\System\FGtUPfF.exe

C:\Windows\System\FGtUPfF.exe

C:\Windows\System\qRiHdYG.exe

C:\Windows\System\qRiHdYG.exe

C:\Windows\System\DiWITyX.exe

C:\Windows\System\DiWITyX.exe

C:\Windows\System\YIWCjEz.exe

C:\Windows\System\YIWCjEz.exe

C:\Windows\System\UpJPAfI.exe

C:\Windows\System\UpJPAfI.exe

C:\Windows\System\bkFhQqP.exe

C:\Windows\System\bkFhQqP.exe

C:\Windows\System\nUTaxfo.exe

C:\Windows\System\nUTaxfo.exe

C:\Windows\System\zhUSiuh.exe

C:\Windows\System\zhUSiuh.exe

C:\Windows\System\vrOvLze.exe

C:\Windows\System\vrOvLze.exe

C:\Windows\System\pSjJhuL.exe

C:\Windows\System\pSjJhuL.exe

C:\Windows\System\UxaXllt.exe

C:\Windows\System\UxaXllt.exe

C:\Windows\System\jJTepqc.exe

C:\Windows\System\jJTepqc.exe

C:\Windows\System\QNcJmiD.exe

C:\Windows\System\QNcJmiD.exe

C:\Windows\System\nRkVENG.exe

C:\Windows\System\nRkVENG.exe

C:\Windows\System\yhVJkBL.exe

C:\Windows\System\yhVJkBL.exe

C:\Windows\System\HzzdxDx.exe

C:\Windows\System\HzzdxDx.exe

C:\Windows\System\yanNvAU.exe

C:\Windows\System\yanNvAU.exe

C:\Windows\System\BjOppgJ.exe

C:\Windows\System\BjOppgJ.exe

C:\Windows\System\sQotazH.exe

C:\Windows\System\sQotazH.exe

C:\Windows\System\qVBYfof.exe

C:\Windows\System\qVBYfof.exe

C:\Windows\System\VxFdQEA.exe

C:\Windows\System\VxFdQEA.exe

C:\Windows\System\pexkZXP.exe

C:\Windows\System\pexkZXP.exe

C:\Windows\System\RsWPAGv.exe

C:\Windows\System\RsWPAGv.exe

C:\Windows\System\boYdroi.exe

C:\Windows\System\boYdroi.exe

C:\Windows\System\hxHXJty.exe

C:\Windows\System\hxHXJty.exe

C:\Windows\System\CRRavMH.exe

C:\Windows\System\CRRavMH.exe

C:\Windows\System\IsvuObr.exe

C:\Windows\System\IsvuObr.exe

C:\Windows\System\suHgSrV.exe

C:\Windows\System\suHgSrV.exe

C:\Windows\System\yMMMwSt.exe

C:\Windows\System\yMMMwSt.exe

C:\Windows\System\QzqWUdN.exe

C:\Windows\System\QzqWUdN.exe

C:\Windows\System\AXnLDMl.exe

C:\Windows\System\AXnLDMl.exe

C:\Windows\System\PRhBXGS.exe

C:\Windows\System\PRhBXGS.exe

C:\Windows\System\hNQrOsU.exe

C:\Windows\System\hNQrOsU.exe

C:\Windows\System\PjbmOEH.exe

C:\Windows\System\PjbmOEH.exe

C:\Windows\System\yDkrVUg.exe

C:\Windows\System\yDkrVUg.exe

C:\Windows\System\XYtbmyK.exe

C:\Windows\System\XYtbmyK.exe

C:\Windows\System\SQVWiAx.exe

C:\Windows\System\SQVWiAx.exe

C:\Windows\System\dJwWWVK.exe

C:\Windows\System\dJwWWVK.exe

C:\Windows\System\qYVgnGJ.exe

C:\Windows\System\qYVgnGJ.exe

C:\Windows\System\tinGsRb.exe

C:\Windows\System\tinGsRb.exe

C:\Windows\System\PngVZPv.exe

C:\Windows\System\PngVZPv.exe

C:\Windows\System\urNBJbc.exe

C:\Windows\System\urNBJbc.exe

C:\Windows\System\KNbbUBX.exe

C:\Windows\System\KNbbUBX.exe

C:\Windows\System\OsKCHin.exe

C:\Windows\System\OsKCHin.exe

C:\Windows\System\MlDukOF.exe

C:\Windows\System\MlDukOF.exe

C:\Windows\System\jVKxlLi.exe

C:\Windows\System\jVKxlLi.exe

C:\Windows\System\BunsdJI.exe

C:\Windows\System\BunsdJI.exe

C:\Windows\System\jyoymGq.exe

C:\Windows\System\jyoymGq.exe

C:\Windows\System\ZBoEQSh.exe

C:\Windows\System\ZBoEQSh.exe

C:\Windows\System\bPHrRHa.exe

C:\Windows\System\bPHrRHa.exe

C:\Windows\System\yHWcXnk.exe

C:\Windows\System\yHWcXnk.exe

C:\Windows\System\qfmoMWF.exe

C:\Windows\System\qfmoMWF.exe

C:\Windows\System\TeeVRtn.exe

C:\Windows\System\TeeVRtn.exe

C:\Windows\System\lwhcWAn.exe

C:\Windows\System\lwhcWAn.exe

C:\Windows\System\ZKXXNIU.exe

C:\Windows\System\ZKXXNIU.exe

C:\Windows\System\aNtMoGa.exe

C:\Windows\System\aNtMoGa.exe

C:\Windows\System\sbbLdcl.exe

C:\Windows\System\sbbLdcl.exe

C:\Windows\System\gBbiGKo.exe

C:\Windows\System\gBbiGKo.exe

C:\Windows\System\BnfaXrZ.exe

C:\Windows\System\BnfaXrZ.exe

C:\Windows\System\WhLCtBG.exe

C:\Windows\System\WhLCtBG.exe

C:\Windows\System\dnztGxM.exe

C:\Windows\System\dnztGxM.exe

C:\Windows\System\fIzFNto.exe

C:\Windows\System\fIzFNto.exe

C:\Windows\System\lxBWYlj.exe

C:\Windows\System\lxBWYlj.exe

C:\Windows\System\MfAvchS.exe

C:\Windows\System\MfAvchS.exe

C:\Windows\System\sADTFDk.exe

C:\Windows\System\sADTFDk.exe

C:\Windows\System\mCgCtyf.exe

C:\Windows\System\mCgCtyf.exe

C:\Windows\System\eXQYfOt.exe

C:\Windows\System\eXQYfOt.exe

C:\Windows\System\seeeiGM.exe

C:\Windows\System\seeeiGM.exe

C:\Windows\System\ihYDDFS.exe

C:\Windows\System\ihYDDFS.exe

C:\Windows\System\sztsRPr.exe

C:\Windows\System\sztsRPr.exe

C:\Windows\System\GaBkqaE.exe

C:\Windows\System\GaBkqaE.exe

C:\Windows\System\mZUpKiJ.exe

C:\Windows\System\mZUpKiJ.exe

C:\Windows\System\zXKPkiK.exe

C:\Windows\System\zXKPkiK.exe

C:\Windows\System\lGeZDll.exe

C:\Windows\System\lGeZDll.exe

C:\Windows\System\hZpvJYs.exe

C:\Windows\System\hZpvJYs.exe

C:\Windows\System\IQxdEeK.exe

C:\Windows\System\IQxdEeK.exe

C:\Windows\System\ypKBJKt.exe

C:\Windows\System\ypKBJKt.exe

C:\Windows\System\TFJROAH.exe

C:\Windows\System\TFJROAH.exe

C:\Windows\System\PpWgiDy.exe

C:\Windows\System\PpWgiDy.exe

C:\Windows\System\nYPXgDh.exe

C:\Windows\System\nYPXgDh.exe

C:\Windows\System\YKeWizo.exe

C:\Windows\System\YKeWizo.exe

C:\Windows\System\WqHDvDt.exe

C:\Windows\System\WqHDvDt.exe

C:\Windows\System\cWRrISU.exe

C:\Windows\System\cWRrISU.exe

C:\Windows\System\GLJQRsE.exe

C:\Windows\System\GLJQRsE.exe

C:\Windows\System\OrMAagz.exe

C:\Windows\System\OrMAagz.exe

C:\Windows\System\jVCfnSl.exe

C:\Windows\System\jVCfnSl.exe

C:\Windows\System\wYxvOQR.exe

C:\Windows\System\wYxvOQR.exe

C:\Windows\System\bidBLHs.exe

C:\Windows\System\bidBLHs.exe

C:\Windows\System\pgtuIFE.exe

C:\Windows\System\pgtuIFE.exe

C:\Windows\System\HLFQmTj.exe

C:\Windows\System\HLFQmTj.exe

C:\Windows\System\agbJDQX.exe

C:\Windows\System\agbJDQX.exe

C:\Windows\System\BCikZTx.exe

C:\Windows\System\BCikZTx.exe

C:\Windows\System\BfkLrnJ.exe

C:\Windows\System\BfkLrnJ.exe

C:\Windows\System\DCoNmZD.exe

C:\Windows\System\DCoNmZD.exe

C:\Windows\System\rjPSAgp.exe

C:\Windows\System\rjPSAgp.exe

C:\Windows\System\UmfjIYl.exe

C:\Windows\System\UmfjIYl.exe

C:\Windows\System\hTLfjkk.exe

C:\Windows\System\hTLfjkk.exe

C:\Windows\System\NQVtnbA.exe

C:\Windows\System\NQVtnbA.exe

C:\Windows\System\ZgJDPoS.exe

C:\Windows\System\ZgJDPoS.exe

C:\Windows\System\XkHlBrS.exe

C:\Windows\System\XkHlBrS.exe

C:\Windows\System\UzORDDn.exe

C:\Windows\System\UzORDDn.exe

C:\Windows\System\tGhDKEk.exe

C:\Windows\System\tGhDKEk.exe

C:\Windows\System\eDOnryy.exe

C:\Windows\System\eDOnryy.exe

C:\Windows\System\uKVnvsZ.exe

C:\Windows\System\uKVnvsZ.exe

C:\Windows\System\aFyLfBb.exe

C:\Windows\System\aFyLfBb.exe

C:\Windows\System\ClqMcxF.exe

C:\Windows\System\ClqMcxF.exe

C:\Windows\System\hWerbLs.exe

C:\Windows\System\hWerbLs.exe

C:\Windows\System\pjQtUzy.exe

C:\Windows\System\pjQtUzy.exe

C:\Windows\System\ceGLFbV.exe

C:\Windows\System\ceGLFbV.exe

C:\Windows\System\bIOVESD.exe

C:\Windows\System\bIOVESD.exe

C:\Windows\System\tJdhnam.exe

C:\Windows\System\tJdhnam.exe

C:\Windows\System\jOnLGqR.exe

C:\Windows\System\jOnLGqR.exe

C:\Windows\System\FhzhdyO.exe

C:\Windows\System\FhzhdyO.exe

C:\Windows\System\SikpxMf.exe

C:\Windows\System\SikpxMf.exe

C:\Windows\System\boZhpOl.exe

C:\Windows\System\boZhpOl.exe

C:\Windows\System\BLQqbeZ.exe

C:\Windows\System\BLQqbeZ.exe

C:\Windows\System\YrwKRYl.exe

C:\Windows\System\YrwKRYl.exe

C:\Windows\System\lYAtTdT.exe

C:\Windows\System\lYAtTdT.exe

C:\Windows\System\BCuvxIX.exe

C:\Windows\System\BCuvxIX.exe

C:\Windows\System\wxsdUPp.exe

C:\Windows\System\wxsdUPp.exe

C:\Windows\System\IQWIILP.exe

C:\Windows\System\IQWIILP.exe

C:\Windows\System\kdVzGEb.exe

C:\Windows\System\kdVzGEb.exe

C:\Windows\System\ZHUyLnX.exe

C:\Windows\System\ZHUyLnX.exe

C:\Windows\System\ZduLHVX.exe

C:\Windows\System\ZduLHVX.exe

C:\Windows\System\SAcaVNe.exe

C:\Windows\System\SAcaVNe.exe

C:\Windows\System\Waojchm.exe

C:\Windows\System\Waojchm.exe

C:\Windows\System\QsfQpBK.exe

C:\Windows\System\QsfQpBK.exe

C:\Windows\System\xfNMmUg.exe

C:\Windows\System\xfNMmUg.exe

C:\Windows\System\BWWgRIA.exe

C:\Windows\System\BWWgRIA.exe

C:\Windows\System\xSuFVCO.exe

C:\Windows\System\xSuFVCO.exe

C:\Windows\System\XOwQxyr.exe

C:\Windows\System\XOwQxyr.exe

C:\Windows\System\ssOfzeq.exe

C:\Windows\System\ssOfzeq.exe

C:\Windows\System\siMedMj.exe

C:\Windows\System\siMedMj.exe

C:\Windows\System\bJrONoj.exe

C:\Windows\System\bJrONoj.exe

C:\Windows\System\zFGoUrW.exe

C:\Windows\System\zFGoUrW.exe

C:\Windows\System\Kaewsrx.exe

C:\Windows\System\Kaewsrx.exe

C:\Windows\System\dcaAKjw.exe

C:\Windows\System\dcaAKjw.exe

C:\Windows\System\MqJWyeg.exe

C:\Windows\System\MqJWyeg.exe

C:\Windows\System\DfCVjoa.exe

C:\Windows\System\DfCVjoa.exe

C:\Windows\System\pzSpTwL.exe

C:\Windows\System\pzSpTwL.exe

C:\Windows\System\iqrUayL.exe

C:\Windows\System\iqrUayL.exe

C:\Windows\System\AjhpuXU.exe

C:\Windows\System\AjhpuXU.exe

C:\Windows\System\PqqMJwn.exe

C:\Windows\System\PqqMJwn.exe

C:\Windows\System\kPcLOTs.exe

C:\Windows\System\kPcLOTs.exe

C:\Windows\System\ydhAtlq.exe

C:\Windows\System\ydhAtlq.exe

C:\Windows\System\rFPZBdP.exe

C:\Windows\System\rFPZBdP.exe

C:\Windows\System\mtPzMZc.exe

C:\Windows\System\mtPzMZc.exe

C:\Windows\System\MtBlNbr.exe

C:\Windows\System\MtBlNbr.exe

C:\Windows\System\DXFNgvy.exe

C:\Windows\System\DXFNgvy.exe

C:\Windows\System\SSGljdj.exe

C:\Windows\System\SSGljdj.exe

C:\Windows\System\djnwwxV.exe

C:\Windows\System\djnwwxV.exe

C:\Windows\System\GUNTOaa.exe

C:\Windows\System\GUNTOaa.exe

C:\Windows\System\greJLmR.exe

C:\Windows\System\greJLmR.exe

C:\Windows\System\WhioqdV.exe

C:\Windows\System\WhioqdV.exe

C:\Windows\System\MRVDmmv.exe

C:\Windows\System\MRVDmmv.exe

C:\Windows\System\VeQEVkL.exe

C:\Windows\System\VeQEVkL.exe

C:\Windows\System\wFGGVBN.exe

C:\Windows\System\wFGGVBN.exe

C:\Windows\System\bfvvGtx.exe

C:\Windows\System\bfvvGtx.exe

C:\Windows\System\iMzhVTy.exe

C:\Windows\System\iMzhVTy.exe

C:\Windows\System\ZmDkPHP.exe

C:\Windows\System\ZmDkPHP.exe

C:\Windows\System\YyZpVTh.exe

C:\Windows\System\YyZpVTh.exe

C:\Windows\System\hsmhacX.exe

C:\Windows\System\hsmhacX.exe

C:\Windows\System\CKHmWsj.exe

C:\Windows\System\CKHmWsj.exe

C:\Windows\System\uQJYibv.exe

C:\Windows\System\uQJYibv.exe

C:\Windows\System\unNUiJs.exe

C:\Windows\System\unNUiJs.exe

C:\Windows\System\eQsnCrF.exe

C:\Windows\System\eQsnCrF.exe

C:\Windows\System\RiDLXAd.exe

C:\Windows\System\RiDLXAd.exe

C:\Windows\System\ktfzVXa.exe

C:\Windows\System\ktfzVXa.exe

C:\Windows\System\kwDXuNr.exe

C:\Windows\System\kwDXuNr.exe

C:\Windows\System\oXaoChz.exe

C:\Windows\System\oXaoChz.exe

C:\Windows\System\KwvvBEk.exe

C:\Windows\System\KwvvBEk.exe

C:\Windows\System\LSptNGc.exe

C:\Windows\System\LSptNGc.exe

C:\Windows\System\qFHzylF.exe

C:\Windows\System\qFHzylF.exe

C:\Windows\System\oSwoWJo.exe

C:\Windows\System\oSwoWJo.exe

C:\Windows\System\ITDTCNO.exe

C:\Windows\System\ITDTCNO.exe

C:\Windows\System\UoTndSk.exe

C:\Windows\System\UoTndSk.exe

C:\Windows\System\LAaMrQx.exe

C:\Windows\System\LAaMrQx.exe

C:\Windows\System\AuEEmeF.exe

C:\Windows\System\AuEEmeF.exe

C:\Windows\System\ZnPFHZx.exe

C:\Windows\System\ZnPFHZx.exe

C:\Windows\System\bwGKHYu.exe

C:\Windows\System\bwGKHYu.exe

C:\Windows\System\yaXDrYg.exe

C:\Windows\System\yaXDrYg.exe

C:\Windows\System\meIMDGb.exe

C:\Windows\System\meIMDGb.exe

C:\Windows\System\fdYFixb.exe

C:\Windows\System\fdYFixb.exe

C:\Windows\System\qrkFOMJ.exe

C:\Windows\System\qrkFOMJ.exe

C:\Windows\System\CtBWEci.exe

C:\Windows\System\CtBWEci.exe

C:\Windows\System\TtnNCVc.exe

C:\Windows\System\TtnNCVc.exe

C:\Windows\System\ahnCVOV.exe

C:\Windows\System\ahnCVOV.exe

C:\Windows\System\zFwENEJ.exe

C:\Windows\System\zFwENEJ.exe

C:\Windows\System\QSTKKpP.exe

C:\Windows\System\QSTKKpP.exe

C:\Windows\System\KaeNaNs.exe

C:\Windows\System\KaeNaNs.exe

C:\Windows\System\JKlujHq.exe

C:\Windows\System\JKlujHq.exe

C:\Windows\System\vGYBPzm.exe

C:\Windows\System\vGYBPzm.exe

C:\Windows\System\udUSoMf.exe

C:\Windows\System\udUSoMf.exe

C:\Windows\System\TSviuku.exe

C:\Windows\System\TSviuku.exe

C:\Windows\System\DvijSik.exe

C:\Windows\System\DvijSik.exe

C:\Windows\System\KHyJfAz.exe

C:\Windows\System\KHyJfAz.exe

C:\Windows\System\aeSvBPB.exe

C:\Windows\System\aeSvBPB.exe

C:\Windows\System\qcvIwBz.exe

C:\Windows\System\qcvIwBz.exe

C:\Windows\System\kwDZrqK.exe

C:\Windows\System\kwDZrqK.exe

C:\Windows\System\OCNONIk.exe

C:\Windows\System\OCNONIk.exe

C:\Windows\System\aBtfRqI.exe

C:\Windows\System\aBtfRqI.exe

C:\Windows\System\ZPTRVpB.exe

C:\Windows\System\ZPTRVpB.exe

C:\Windows\System\tLYGokE.exe

C:\Windows\System\tLYGokE.exe

C:\Windows\System\cKgdvQJ.exe

C:\Windows\System\cKgdvQJ.exe

C:\Windows\System\eOQSeKE.exe

C:\Windows\System\eOQSeKE.exe

C:\Windows\System\FMhvlex.exe

C:\Windows\System\FMhvlex.exe

C:\Windows\System\RGZckaW.exe

C:\Windows\System\RGZckaW.exe

C:\Windows\System\NkDuefb.exe

C:\Windows\System\NkDuefb.exe

C:\Windows\System\mBILdwK.exe

C:\Windows\System\mBILdwK.exe

C:\Windows\System\OpTBMZO.exe

C:\Windows\System\OpTBMZO.exe

C:\Windows\System\UbDvLQk.exe

C:\Windows\System\UbDvLQk.exe

C:\Windows\System\NPwcBgr.exe

C:\Windows\System\NPwcBgr.exe

C:\Windows\System\cprSEbU.exe

C:\Windows\System\cprSEbU.exe

C:\Windows\System\xRnyDYM.exe

C:\Windows\System\xRnyDYM.exe

C:\Windows\System\dfYeLEK.exe

C:\Windows\System\dfYeLEK.exe

C:\Windows\System\XDWtYJb.exe

C:\Windows\System\XDWtYJb.exe

C:\Windows\System\aBTCjiH.exe

C:\Windows\System\aBTCjiH.exe

C:\Windows\System\YrqIOsI.exe

C:\Windows\System\YrqIOsI.exe

C:\Windows\System\WgkMkgX.exe

C:\Windows\System\WgkMkgX.exe

C:\Windows\System\sqfHtYO.exe

C:\Windows\System\sqfHtYO.exe

C:\Windows\System\YMxstzs.exe

C:\Windows\System\YMxstzs.exe

C:\Windows\System\UGFIoln.exe

C:\Windows\System\UGFIoln.exe

C:\Windows\System\jgGHfQZ.exe

C:\Windows\System\jgGHfQZ.exe

C:\Windows\System\HnwAxSd.exe

C:\Windows\System\HnwAxSd.exe

C:\Windows\System\OwWDXQI.exe

C:\Windows\System\OwWDXQI.exe

C:\Windows\System\XgfGlHY.exe

C:\Windows\System\XgfGlHY.exe

C:\Windows\System\LyUhZwg.exe

C:\Windows\System\LyUhZwg.exe

C:\Windows\System\TwqJDMW.exe

C:\Windows\System\TwqJDMW.exe

C:\Windows\System\heylnAh.exe

C:\Windows\System\heylnAh.exe

C:\Windows\System\fBgdziT.exe

C:\Windows\System\fBgdziT.exe

C:\Windows\System\PlwRkFd.exe

C:\Windows\System\PlwRkFd.exe

C:\Windows\System\nuILVfD.exe

C:\Windows\System\nuILVfD.exe

C:\Windows\System\cPsAJru.exe

C:\Windows\System\cPsAJru.exe

C:\Windows\System\NBiZCPX.exe

C:\Windows\System\NBiZCPX.exe

C:\Windows\System\yRqmmGv.exe

C:\Windows\System\yRqmmGv.exe

C:\Windows\System\QJiesIe.exe

C:\Windows\System\QJiesIe.exe

C:\Windows\System\cOCnpDw.exe

C:\Windows\System\cOCnpDw.exe

C:\Windows\System\WGcqGZk.exe

C:\Windows\System\WGcqGZk.exe

C:\Windows\System\qeEfSaD.exe

C:\Windows\System\qeEfSaD.exe

C:\Windows\System\yoFSHif.exe

C:\Windows\System\yoFSHif.exe

C:\Windows\System\NAcUVAt.exe

C:\Windows\System\NAcUVAt.exe

C:\Windows\System\AdUlPnp.exe

C:\Windows\System\AdUlPnp.exe

C:\Windows\System\zfBwjZV.exe

C:\Windows\System\zfBwjZV.exe

C:\Windows\System\TUXjjnq.exe

C:\Windows\System\TUXjjnq.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 52.111.229.48:443 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4060-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\BoIWSPW.exe

MD5 099d9afa102f8c7ad7642f3510a65f65
SHA1 ea5b75fe8ed7f8777f863fa341aedd8d5930455c
SHA256 5f1c7630c1d96535c44853b46a63a55fee4809382e40e268cecd735698d4e64a
SHA512 ef48993d842f29a5e9e3e2b2833d18846ebef87a883f94e86c78b63b0b0744e8a41e12e9716a41fe948b32800680bcbad69795d4bd6829793014d90ae16d68fb

C:\Windows\System\wHkgjkX.exe

MD5 767798bad90acf9e795f56c4565baa1a
SHA1 8293561f3fe9c826ca8b44dd92dd820df1170bfe
SHA256 be4e559ce99002147cadc2055b939d6b8ef4a65c954e445b775e0d0a9b27af2b
SHA512 45f8d8bedcfb96f057ee5c98268362ff9fab0a89ee1f7976d83b604add0a55cd24e14de7a1a4bc8bb8f4662660d576515dd448029afd0fc3d12162cd45dade2f

C:\Windows\System\tddSnFs.exe

MD5 dc0cbd48e4724837efc552470d4f1132
SHA1 665dd4c278d2fa0ebec66f21219cce1733a09a45
SHA256 289130c2e8e05d342e90f31c73aa15f7f71d7d2dc614387c4675f95bc00db3c1
SHA512 e1ee91b8dd4d5f11e43c98abc1fc3f44c686dbee77346a9dfc8a9816a410722191780e48114c73fbdea3385273cd4ef3be04a6170e14d833f7a8fb1eed9ad2ff

C:\Windows\System\OckotGe.exe

MD5 cb28d3f9419f2d23ae945861ae01fd6e
SHA1 30b22e9b0b3a7064daff5bfe32c57f54ed557fda
SHA256 4ba854476c25fba2ab8dd8d71f36d5cf33733f6ec0f68937d8556468735783ce
SHA512 d4d855c6e352a6c7ff55c454a3242c96eaf803ff4544e704d3290cbf8182364839759c0777ac3149b180620e934b4d7ec09bd16daf2342d43256e859c80da013

C:\Windows\System\lPZuEWO.exe

MD5 7663f7e70e957f966572ef4df464f809
SHA1 5fe7ec71d4b443b8bc964c3122504ca7be08661e
SHA256 01943b5d01604544536edf33b54d4e2bd60f9992a35817bf4afabf151e8125cc
SHA512 195203a70698706c4539004451fefe6d412f547753cdae5b3c4fdaa2159c35056063caca4e14b94cf8246e5a019913166a75ddf85b2d35bdaa87d2269f8029fd

C:\Windows\System\UaTStGM.exe

MD5 626a23d96288e963114f353373f065cf
SHA1 54bf62f3fdd845cabcc4192cdbb111274ec9e81d
SHA256 316faa1ea54c2ae959716c7ac2ab84ae97fa045f9b7215f0cc4d34413b277cf7
SHA512 8e23447f5b3e2d3a955f3d202622e6183d0813bca067b31d0e3a65f1ed33afcad9a0345bde8ac90610600a4b525bff7b2c9736df6c573028bd14aa11bfc67f78

C:\Windows\System\mSRJLra.exe

MD5 36be616b0dec1691f7875a63b47c4e03
SHA1 4ccecc1dfa31a64cb69717db84a94a9e9a914ef5
SHA256 3b8241eadf911c05720f27dce0586c207e04d11246b3b6799832eaedd928f324
SHA512 7b6ce0a2f3dff712f87fccf2d4a35b3a6c87e5f0e7d9b287df551350803b70d9809cbb5bdadde314fc12348365ac0a62e1c4c4a285c514cc57260a0031950806

C:\Windows\System\JTeFDXQ.exe

MD5 8f8eaa433208bca8904efcb9948d214b
SHA1 9ec9cae9a7aa0505e05c740247e6b1ad800bedb4
SHA256 0c832588f0d05273be620e376594bf2bc0fbc02c41ab1feaae5c4d6076139748
SHA512 0a4d707a50b8e4e3bcfbf76165ccb07b314caa9d72579bd23d0d32b6f88aa808173daf25b9c0864570cf7de8a537de09af542b92fdb6bb7a7f4ab419721a2bcf

C:\Windows\System\NrJcYpp.exe

MD5 0c95aaab1a344145981a2a503df261c1
SHA1 3c9a38e589629e0ca3e14dc5f6683a8a149b687f
SHA256 9be66a2f5b097fa96104d39c9f2ae2ef8fe1ff0cd9d908edfac92aa6bed8f702
SHA512 26c0ff79c29eeaa94efd199d42907384b1206f7a1d3ec443c2ca276d73fea5850635f6f830757b25af3c0e6e35569cae1449a93a0fef03c07182eaacaba5afbb

C:\Windows\System\BKWJhVL.exe

MD5 f25a26f4114fdcfedec1a6924f63e6b3
SHA1 8f0e576b2d83918219b5f82f318e9d6a2dbec21c
SHA256 929792b7775caffeda00bfc26829dfe23d10d3ecb01cf123ad632f5f91e94823
SHA512 95cf3b5d7ef436e6115af42f79e6d7ed64b7f02470a7687b361f5f81e6b44cddf0ae6154469c94909ccadbbc5c40293b778fe324f1ea1fde10b9f369c33a1803

C:\Windows\System\gBlLaXz.exe

MD5 c3d1f4aedaecce916dd8d161803347b0
SHA1 de63012af8e39acc1133acab9cb5dbcb74240a01
SHA256 ccfed72ad4e088d20397e02d1ef0db6a30c671dc0a61151fad918dc02e7ef70a
SHA512 bd79579e12cb04c062d1a5e2c27d68fc9107a186509e3ce1dc9a5020981fed62b0f204a548ef35c7b1a2d82faf4c4d2c9b599fb085f1b63f4424da3240484fa5

C:\Windows\System\cxeGjAr.exe

MD5 cecc8e63d806ca8d82891967add57382
SHA1 074405f7fac29324c45ae1269e6a992e31039cd4
SHA256 47e6728d8106b93ef49a1fa8ea42f3f84113f268b102656d2173ff0ca79ada9d
SHA512 4cbd1250bcbed3121da5cd5e38433122c47ed1ea9b7ecf92a5c53c941fdbdf0d1a5dadb1a5060756755dd1c835513b90d9925bfe88dfb587471995e0c3790a54

C:\Windows\System\sCpJJiN.exe

MD5 71409c1d2a5d2f3284ab31698cb30e52
SHA1 d9c25cd130b8c761412379f198662d1ca97f4a4c
SHA256 48e73616cc43576f2c385fbdb73f24ea5593973d8eec44b2b83803362cde626a
SHA512 e5c612969664cf6a50b55dad1948d2f5d70326098d3d805a2bc901005edbbd4e9fedf4792fe783c52f9d66af523bb3a36e82a3e09e7b45ab987d9f5ba67d87b0

C:\Windows\System\tdadluP.exe

MD5 ecc81e23b679c96f310cee61c58aef49
SHA1 31c4c37900fbd3031f89958456e23bd5b06bd37a
SHA256 ad3683333b9a812736315a538e04b3c88b91ab85fc2c223a44f4fcab9f8d7f2f
SHA512 54aaf4c6b6be0d1fbfa0f18da8a437d86de817ea685bdde39be52a380d29220135214801fdb9aa0cb98a5ba7afd62cd764524974d7fc2c0c6ab80ebcc114d885

C:\Windows\System\KWzhoxa.exe

MD5 bfd8c3b6a944162522ea0dad76b5d0fd
SHA1 e6f43dd597129a6cdfa960638feeb072b803a96b
SHA256 ffc660b3d202e15c2bf1a661ffd99f4446a65618460807130350ed20a6c65a28
SHA512 8f7592864a828b720215d7e8bc6cb152dcaa56b9ee29f9b8c6875f0894a9a209fa875d1a4fd1927a87385710531894d0cacd6dc5d6e873fa677b347899ff9b73

C:\Windows\System\eNcHrIH.exe

MD5 f450416e670509ef7278eea237bd52f4
SHA1 ebfe58cdd0a4b3ce4329347432f1fc374b0b5005
SHA256 71afe1094c03c814887e0953150691340f50275b237452748efa8e4dcede8f92
SHA512 dce4098431a126405ed617844a6f95f5ee518d28a1bfe4fbf194d66a743ed7bacb225e4399ee8c26016edc9c8b4a42e79df0b37857023d1d8e3a6ec648700e00

C:\Windows\System\DYzdMAg.exe

MD5 ef9e614e58fc99f30f0570e98ebf27cc
SHA1 faa7c6f81f7591f5794da4fe5e14ea901bae73a1
SHA256 a209f9bb2baa6a558c1feb38be939aed3db78766ab8425ac0b2386ec4f6e4112
SHA512 68e81dbd33d341ad59f6ca66b266313e61dea2bb8a7d432bccd861bec0a70f154a9b6279d647f8588d529915b40012f959b5dcf2fe7583cd58485141b180d7f6

C:\Windows\System\wbmhlWg.exe

MD5 d5111fd3a35119371f882b8582ac81a4
SHA1 e3f79d954dd5ed1d1b5f825a1a5b4ff86f37c713
SHA256 9f3a68f2ff1c299ccbf49e79e4cf5fed9234478edc52b8b19a96e1dd05039c19
SHA512 2df46052a4e9c1d31f3f3d741d24d994125917673a55ac3fd346456535e697cc187514dd61b55fd13398e14c4cbd31d926eaec6d26754a9c62bbe37bc3d465fb

C:\Windows\System\NpPaWAn.exe

MD5 d49760e7041f09e8f7935c8ab5ad7bd4
SHA1 f3a8f6c16b95d3b70c7e8e279f4704bec79cd22c
SHA256 3f30f74e336ea4a161bfbaff475e317db0956dc66302bb1a47bf6e55079e6235
SHA512 f0fde53dbc0080904710b8a6cdaadb84a12491bcbe5f62e3fc9f2f946ce96c552fea9f093fa0496a9c9867ae0cfa83e3e3a1974ed5c4023caaf269274c210cd7

C:\Windows\System\AfNmKGl.exe

MD5 9b544a412dfdfaf265d99099e01db4b7
SHA1 8251354b743d591b08aeeb94d82b971a51448c72
SHA256 09fab611e484d8312ebf96e209dd5b6448da45ffc567ff4cabd91bb4b2cbdf11
SHA512 29608acdb927a8ecabb56f7e438055205c5058ada3c81c85cf43c76aa119b53b6a49a0b30ec1d029c5a7f0526d11683de539215087fe4c65375ed2c865f4d12b

C:\Windows\System\NmFUExk.exe

MD5 0334a0f2aa18941fe78f6a535b7c4658
SHA1 833f3fcc13e48e2c211ea98bcd19c0fdf944585b
SHA256 164b6dcf2a0741960ca85c755446b456422ad417cf62813cd46e1f67883f54d2
SHA512 97cc7ae4a1e1c062babad94462099d3679d7476ab10f46fbbd3d794dcc0087161b2b2caeafad7710b77eb0411f33e1d78c78e25303257ff86424bd10d427fdd3

C:\Windows\System\gzALIEV.exe

MD5 6b0bf13eacf39f1b3e380e9d58ccd819
SHA1 07387c24d325bade5c20ba858b2fa7d24dfb6508
SHA256 2c356774c8a934273d8a52f5997982815709daecc263396709ffa3b016e7b02f
SHA512 3747a535a1a6f3c8ad9e655036a93aa0aeb53a5e41a79577b27d0db236ef7dd886c0cf4fcd39b3991ed2ce24134b29fdbd0097ec71eeaf71854abfd5fd03bfd5

C:\Windows\System\qLmlNWW.exe

MD5 9537a8a0b0599ca80b9417f9381b9a2d
SHA1 74be7677333ae590ab9c42286739c30581963b08
SHA256 f3004d142c6bb1d6ba480bb9262c67b8c89adafade41992e67ce024574e22251
SHA512 381495651ca0e7240ce688ccb5fa9b28392b057dfc294a5e29df25951c45953abcd66f048f15d145fafff75fd78e76ae945ee3e28f13ce5ec03f7f014ebb8f51

C:\Windows\System\JsplhJp.exe

MD5 3e4a5ae6b497e8c907f71474f68f6989
SHA1 7eab713ffce31a8fc6c26136559af363bccc6da1
SHA256 4e28338fb356843ddb7a905c51374c276bf9358e24f833904b140f2587c6036f
SHA512 bc33aaa91e7bf7df2899a5c2e60b9a283950e5faf5deb55f36699a87d66eee5405d78e23d9d1e0ad8d7065f33f73e813626c023a6ff06fb6dcf4f5f4da4006c7

C:\Windows\System\yFRIwKl.exe

MD5 40abbcc790dda7f7173a3593ac64437b
SHA1 f08b83bae0c7c4bcb589e5294ebf3901874901ff
SHA256 0ab21ecd7755ee73d9e4d5d29aaa0214887f3627ef17741fe7e8fb83e9a8f86d
SHA512 654f86509e59cf3442a61db06cf596300805d035f970bd0d264db1a3bb15cc7c67996dfacc30ebc1f85653f2804c480e38aac42340daf89d2dc5f46faf619b46

C:\Windows\System\iSGkKKP.exe

MD5 407b2d9479e7eb395c7d458d1bc2827d
SHA1 bd073c3939afc20c2237b5b1c94053f958d78b5c
SHA256 597c9d8d6cc255e989ae3b4ba2060aa0421b05f0321e75ef71c449f4aec1ef3e
SHA512 f9c38b703a709a83513f46d603064be28c09ec7ddfbc7d9c73456272ef3c098ac81519f11b504be116eec423afe7b80da7debea07d21a0e2526202a10d48d530

C:\Windows\System\jAJvDZu.exe

MD5 e837ab03fc98bae79af4b3ab059b7c3e
SHA1 1030eb79fde775d4afef7392de8f3336c46120e5
SHA256 badf7782f3c34fd739b9a697791450476ebb892f2d43778a96b117920f2518d7
SHA512 dd4afe4d04c6bc822243198d4a62ee772964b52f7f6702adee1a6c2952b9e02a1bb1ebcc7d2c1572a800de82ddd046b96d0e43f73df74fb254f2ca8a8265e286

C:\Windows\System\PzwdIFr.exe

MD5 293444e6377c93a7c7b49b1b8f298bb9
SHA1 12cefc0951806229c1957186c7e8ba857e88c52b
SHA256 64606c169731fba5b737810c245d7c90e3ecc0a14b6dfe1052abcf5ae3b9720b
SHA512 a14512d102d839b237aa1c46145f323eba60e022617193594f1ede5f264fba4c3a374d305cf50f96c066992ebac69591b3272c690d0e1a928983a03b2e254169

C:\Windows\System\qbvpiLE.exe

MD5 2f008bb4e54717e6eb0a85b605596e3c
SHA1 36acb15e867b45850e96be48b17f42e17078570e
SHA256 0265570ff4778cbb46335390c7d294cba1899d2e90016d6730e7526d4ee856bd
SHA512 f451d0168c713288518ae5d3b394a9a24c007ac7732e281e95f10ebd524d0a66eca517b5ff45c01b20f0f85ccbb7ef1e0b85813899c2f123021be8054f829fe8

C:\Windows\System\TOEZyQe.exe

MD5 7e9c9fce59f320c2ef42ea018c4c9479
SHA1 52ac7e4eb74a10bf6ac8e3b843dfba11db8759a6
SHA256 2a83529f82dcee275cdbe6858d3a9afe668fcfcdf35697fa7ad09a3f938c8118
SHA512 faf24d88ad85f71790410f6841d765d9765f70595fa7c8022291a91d8633ddb6dc6e0739e88432986d783efbeea9a3fd542f1633988ede72e555becc705fa006

C:\Windows\System\gOwwpGM.exe

MD5 9b8e7fd93a448f572f604ede42a7b382
SHA1 fb5d137bf965c4144447065a52b4cab826c38e5b
SHA256 aa44d359e0bc240e0646926a20669a7d39a437b2ff090fb4184c716428435d8b
SHA512 698cc162a3275d49e52fb0cb5cbc043a68eeeb5e1133a6da11d68b6fa4e7ba9e961fd77a4e2150a7dd1c1fd9774207795c096e24396ba276a90ef824cd14ccb3

C:\Windows\System\osZwjNZ.exe

MD5 5e3a0d35ad4652ea0f5b4799d15f2362
SHA1 f07c3101a6f5f5a93577bd485331094617e95d0e
SHA256 a0bf718ac84176d6ef63e12ba0558de563a339a6d126cee734d45b2d47651a39
SHA512 ea34143f8d0d123ade25a816827aff4ca56104e4e55660fd99f8a97a44095bab8311826f80ebe009b3338a6e2cc1432d03257f9d7b17a7393031939c02934cc5