Malware Analysis Report

2024-10-10 09:19

Sample ID 240623-p266na1brc
Target 003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
SHA256 003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc
Tags
kpot xmrig miner stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc

Threat Level: Known bad

The file 003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan

xmrig

XMRig Miner payload

Xmrig family

Kpot family

KPOT

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-23 12:50

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 12:50

Reported

2024-06-23 12:53

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\QhSUeHB.exe N/A
N/A N/A C:\Windows\System\lDmjVAc.exe N/A
N/A N/A C:\Windows\System\MZHTNkT.exe N/A
N/A N/A C:\Windows\System\LSxizzV.exe N/A
N/A N/A C:\Windows\System\BFIJPUm.exe N/A
N/A N/A C:\Windows\System\zsbWAya.exe N/A
N/A N/A C:\Windows\System\cRcSKbh.exe N/A
N/A N/A C:\Windows\System\liKBepY.exe N/A
N/A N/A C:\Windows\System\QBbZoZx.exe N/A
N/A N/A C:\Windows\System\BZhwQWP.exe N/A
N/A N/A C:\Windows\System\gzDjKDW.exe N/A
N/A N/A C:\Windows\System\zLtRxdK.exe N/A
N/A N/A C:\Windows\System\DYZKmVq.exe N/A
N/A N/A C:\Windows\System\WrXcyzu.exe N/A
N/A N/A C:\Windows\System\RPGnZgp.exe N/A
N/A N/A C:\Windows\System\ecYTdoN.exe N/A
N/A N/A C:\Windows\System\NUCNgCy.exe N/A
N/A N/A C:\Windows\System\uqcWLbq.exe N/A
N/A N/A C:\Windows\System\FfIjmeA.exe N/A
N/A N/A C:\Windows\System\iCjXrwG.exe N/A
N/A N/A C:\Windows\System\IpaIATI.exe N/A
N/A N/A C:\Windows\System\JZlEpfD.exe N/A
N/A N/A C:\Windows\System\QeFlsPh.exe N/A
N/A N/A C:\Windows\System\okDuCwZ.exe N/A
N/A N/A C:\Windows\System\oAwdDBB.exe N/A
N/A N/A C:\Windows\System\NZaAbmT.exe N/A
N/A N/A C:\Windows\System\ZXmBRCE.exe N/A
N/A N/A C:\Windows\System\WsQwlcF.exe N/A
N/A N/A C:\Windows\System\eVpnpUa.exe N/A
N/A N/A C:\Windows\System\PqOAmSn.exe N/A
N/A N/A C:\Windows\System\caEQtkW.exe N/A
N/A N/A C:\Windows\System\SjaOfIc.exe N/A
N/A N/A C:\Windows\System\tPTbImH.exe N/A
N/A N/A C:\Windows\System\kKxcGfb.exe N/A
N/A N/A C:\Windows\System\GAeuMQe.exe N/A
N/A N/A C:\Windows\System\SGhmjJI.exe N/A
N/A N/A C:\Windows\System\TPIuabo.exe N/A
N/A N/A C:\Windows\System\qkjvUUr.exe N/A
N/A N/A C:\Windows\System\PdEKfwo.exe N/A
N/A N/A C:\Windows\System\nLhwLkI.exe N/A
N/A N/A C:\Windows\System\BKEOYnm.exe N/A
N/A N/A C:\Windows\System\ZjInHHx.exe N/A
N/A N/A C:\Windows\System\nFvRvCy.exe N/A
N/A N/A C:\Windows\System\NXyfhZS.exe N/A
N/A N/A C:\Windows\System\UUhpWRt.exe N/A
N/A N/A C:\Windows\System\ZAlEQMr.exe N/A
N/A N/A C:\Windows\System\keEhiBU.exe N/A
N/A N/A C:\Windows\System\abMeebB.exe N/A
N/A N/A C:\Windows\System\gNgDqpJ.exe N/A
N/A N/A C:\Windows\System\BpXKHPu.exe N/A
N/A N/A C:\Windows\System\BqriHdD.exe N/A
N/A N/A C:\Windows\System\lClzQau.exe N/A
N/A N/A C:\Windows\System\VPaymdx.exe N/A
N/A N/A C:\Windows\System\ZnkxYoN.exe N/A
N/A N/A C:\Windows\System\GoONLeg.exe N/A
N/A N/A C:\Windows\System\COdiSLO.exe N/A
N/A N/A C:\Windows\System\rGMIQsp.exe N/A
N/A N/A C:\Windows\System\nIvRXuU.exe N/A
N/A N/A C:\Windows\System\ZrNVKSe.exe N/A
N/A N/A C:\Windows\System\NSLtCXF.exe N/A
N/A N/A C:\Windows\System\vNJEvVh.exe N/A
N/A N/A C:\Windows\System\FCCPvXf.exe N/A
N/A N/A C:\Windows\System\JsSQqVe.exe N/A
N/A N/A C:\Windows\System\TEQqwAL.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UiAClLx.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaEryet.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\DaeQYaU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpkJZCS.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFcngRn.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlKgvnk.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQXbblE.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZjInHHx.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzuadAJ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBSihQY.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bimbrge.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcPWgKW.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIiveNz.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXwpIpC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\xkWTwfa.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\layGslW.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvEutRq.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUaeAoi.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\idmGmoe.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BFIJPUm.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfCGDtv.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\fKpCLND.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDZdqwl.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJZTeKk.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZIlZPc.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGBKPKJ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfxIjiE.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmbaQZs.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLqEHOC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZhwQWP.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\uqcWLbq.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkbRbnv.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhSUeHB.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYZKmVq.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHnVqTV.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\DpURDZh.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIsboRX.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\tsabrPw.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\wJTUseL.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcFZAvM.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\VoGiAWj.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRqcQzI.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\thrKuzV.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\COdiSLO.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\USjzEun.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYIbyDY.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\NqksZwC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBhsSwN.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHVcrdy.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzDvQqN.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\oAwdDBB.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\nhAkITd.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykeOsns.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYSKiQB.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\COrkuFo.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGMIQsp.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PrNrXEN.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuRtoCy.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMqotJO.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsSQqVe.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpKkXbf.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUCUZnE.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCHqQQH.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFDurmP.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2864 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QhSUeHB.exe
PID 2864 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QhSUeHB.exe
PID 2864 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\lDmjVAc.exe
PID 2864 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\lDmjVAc.exe
PID 2864 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\LSxizzV.exe
PID 2864 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\LSxizzV.exe
PID 2864 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BFIJPUm.exe
PID 2864 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BFIJPUm.exe
PID 2864 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zsbWAya.exe
PID 2864 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zsbWAya.exe
PID 2864 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\cRcSKbh.exe
PID 2864 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\cRcSKbh.exe
PID 2864 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\liKBepY.exe
PID 2864 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\liKBepY.exe
PID 2864 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QBbZoZx.exe
PID 2864 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QBbZoZx.exe
PID 2864 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BZhwQWP.exe
PID 2864 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BZhwQWP.exe
PID 2864 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\gzDjKDW.exe
PID 2864 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\gzDjKDW.exe
PID 2864 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zLtRxdK.exe
PID 2864 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zLtRxdK.exe
PID 2864 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\MZHTNkT.exe
PID 2864 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\MZHTNkT.exe
PID 2864 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\DYZKmVq.exe
PID 2864 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\DYZKmVq.exe
PID 2864 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WrXcyzu.exe
PID 2864 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WrXcyzu.exe
PID 2864 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\RPGnZgp.exe
PID 2864 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\RPGnZgp.exe
PID 2864 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ecYTdoN.exe
PID 2864 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ecYTdoN.exe
PID 2864 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NUCNgCy.exe
PID 2864 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NUCNgCy.exe
PID 2864 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\uqcWLbq.exe
PID 2864 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\uqcWLbq.exe
PID 2864 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\FfIjmeA.exe
PID 2864 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\FfIjmeA.exe
PID 2864 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\iCjXrwG.exe
PID 2864 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\iCjXrwG.exe
PID 2864 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\IpaIATI.exe
PID 2864 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\IpaIATI.exe
PID 2864 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\JZlEpfD.exe
PID 2864 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\JZlEpfD.exe
PID 2864 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QeFlsPh.exe
PID 2864 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QeFlsPh.exe
PID 2864 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\okDuCwZ.exe
PID 2864 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\okDuCwZ.exe
PID 2864 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\oAwdDBB.exe
PID 2864 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\oAwdDBB.exe
PID 2864 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NZaAbmT.exe
PID 2864 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NZaAbmT.exe
PID 2864 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ZXmBRCE.exe
PID 2864 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ZXmBRCE.exe
PID 2864 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WsQwlcF.exe
PID 2864 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WsQwlcF.exe
PID 2864 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\eVpnpUa.exe
PID 2864 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\eVpnpUa.exe
PID 2864 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\PqOAmSn.exe
PID 2864 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\PqOAmSn.exe
PID 2864 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\caEQtkW.exe
PID 2864 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\caEQtkW.exe
PID 2864 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\SjaOfIc.exe
PID 2864 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\SjaOfIc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe"

C:\Windows\System\QhSUeHB.exe

C:\Windows\System\QhSUeHB.exe

C:\Windows\System\lDmjVAc.exe

C:\Windows\System\lDmjVAc.exe

C:\Windows\System\LSxizzV.exe

C:\Windows\System\LSxizzV.exe

C:\Windows\System\BFIJPUm.exe

C:\Windows\System\BFIJPUm.exe

C:\Windows\System\zsbWAya.exe

C:\Windows\System\zsbWAya.exe

C:\Windows\System\cRcSKbh.exe

C:\Windows\System\cRcSKbh.exe

C:\Windows\System\liKBepY.exe

C:\Windows\System\liKBepY.exe

C:\Windows\System\QBbZoZx.exe

C:\Windows\System\QBbZoZx.exe

C:\Windows\System\BZhwQWP.exe

C:\Windows\System\BZhwQWP.exe

C:\Windows\System\gzDjKDW.exe

C:\Windows\System\gzDjKDW.exe

C:\Windows\System\zLtRxdK.exe

C:\Windows\System\zLtRxdK.exe

C:\Windows\System\MZHTNkT.exe

C:\Windows\System\MZHTNkT.exe

C:\Windows\System\DYZKmVq.exe

C:\Windows\System\DYZKmVq.exe

C:\Windows\System\WrXcyzu.exe

C:\Windows\System\WrXcyzu.exe

C:\Windows\System\RPGnZgp.exe

C:\Windows\System\RPGnZgp.exe

C:\Windows\System\ecYTdoN.exe

C:\Windows\System\ecYTdoN.exe

C:\Windows\System\NUCNgCy.exe

C:\Windows\System\NUCNgCy.exe

C:\Windows\System\uqcWLbq.exe

C:\Windows\System\uqcWLbq.exe

C:\Windows\System\FfIjmeA.exe

C:\Windows\System\FfIjmeA.exe

C:\Windows\System\iCjXrwG.exe

C:\Windows\System\iCjXrwG.exe

C:\Windows\System\IpaIATI.exe

C:\Windows\System\IpaIATI.exe

C:\Windows\System\JZlEpfD.exe

C:\Windows\System\JZlEpfD.exe

C:\Windows\System\QeFlsPh.exe

C:\Windows\System\QeFlsPh.exe

C:\Windows\System\okDuCwZ.exe

C:\Windows\System\okDuCwZ.exe

C:\Windows\System\oAwdDBB.exe

C:\Windows\System\oAwdDBB.exe

C:\Windows\System\NZaAbmT.exe

C:\Windows\System\NZaAbmT.exe

C:\Windows\System\ZXmBRCE.exe

C:\Windows\System\ZXmBRCE.exe

C:\Windows\System\WsQwlcF.exe

C:\Windows\System\WsQwlcF.exe

C:\Windows\System\eVpnpUa.exe

C:\Windows\System\eVpnpUa.exe

C:\Windows\System\PqOAmSn.exe

C:\Windows\System\PqOAmSn.exe

C:\Windows\System\caEQtkW.exe

C:\Windows\System\caEQtkW.exe

C:\Windows\System\SjaOfIc.exe

C:\Windows\System\SjaOfIc.exe

C:\Windows\System\tPTbImH.exe

C:\Windows\System\tPTbImH.exe

C:\Windows\System\kKxcGfb.exe

C:\Windows\System\kKxcGfb.exe

C:\Windows\System\GAeuMQe.exe

C:\Windows\System\GAeuMQe.exe

C:\Windows\System\SGhmjJI.exe

C:\Windows\System\SGhmjJI.exe

C:\Windows\System\TPIuabo.exe

C:\Windows\System\TPIuabo.exe

C:\Windows\System\qkjvUUr.exe

C:\Windows\System\qkjvUUr.exe

C:\Windows\System\PdEKfwo.exe

C:\Windows\System\PdEKfwo.exe

C:\Windows\System\nLhwLkI.exe

C:\Windows\System\nLhwLkI.exe

C:\Windows\System\BKEOYnm.exe

C:\Windows\System\BKEOYnm.exe

C:\Windows\System\ZjInHHx.exe

C:\Windows\System\ZjInHHx.exe

C:\Windows\System\nFvRvCy.exe

C:\Windows\System\nFvRvCy.exe

C:\Windows\System\NXyfhZS.exe

C:\Windows\System\NXyfhZS.exe

C:\Windows\System\UUhpWRt.exe

C:\Windows\System\UUhpWRt.exe

C:\Windows\System\ZAlEQMr.exe

C:\Windows\System\ZAlEQMr.exe

C:\Windows\System\keEhiBU.exe

C:\Windows\System\keEhiBU.exe

C:\Windows\System\abMeebB.exe

C:\Windows\System\abMeebB.exe

C:\Windows\System\gNgDqpJ.exe

C:\Windows\System\gNgDqpJ.exe

C:\Windows\System\BpXKHPu.exe

C:\Windows\System\BpXKHPu.exe

C:\Windows\System\BqriHdD.exe

C:\Windows\System\BqriHdD.exe

C:\Windows\System\lClzQau.exe

C:\Windows\System\lClzQau.exe

C:\Windows\System\VPaymdx.exe

C:\Windows\System\VPaymdx.exe

C:\Windows\System\ZnkxYoN.exe

C:\Windows\System\ZnkxYoN.exe

C:\Windows\System\GoONLeg.exe

C:\Windows\System\GoONLeg.exe

C:\Windows\System\COdiSLO.exe

C:\Windows\System\COdiSLO.exe

C:\Windows\System\rGMIQsp.exe

C:\Windows\System\rGMIQsp.exe

C:\Windows\System\nIvRXuU.exe

C:\Windows\System\nIvRXuU.exe

C:\Windows\System\ZrNVKSe.exe

C:\Windows\System\ZrNVKSe.exe

C:\Windows\System\NSLtCXF.exe

C:\Windows\System\NSLtCXF.exe

C:\Windows\System\vNJEvVh.exe

C:\Windows\System\vNJEvVh.exe

C:\Windows\System\FCCPvXf.exe

C:\Windows\System\FCCPvXf.exe

C:\Windows\System\JsSQqVe.exe

C:\Windows\System\JsSQqVe.exe

C:\Windows\System\TEQqwAL.exe

C:\Windows\System\TEQqwAL.exe

C:\Windows\System\zkbRbnv.exe

C:\Windows\System\zkbRbnv.exe

C:\Windows\System\oauvJxl.exe

C:\Windows\System\oauvJxl.exe

C:\Windows\System\PrNrXEN.exe

C:\Windows\System\PrNrXEN.exe

C:\Windows\System\nhAkITd.exe

C:\Windows\System\nhAkITd.exe

C:\Windows\System\zRTKVyd.exe

C:\Windows\System\zRTKVyd.exe

C:\Windows\System\USjzEun.exe

C:\Windows\System\USjzEun.exe

C:\Windows\System\tpnjDuJ.exe

C:\Windows\System\tpnjDuJ.exe

C:\Windows\System\BzXUBjw.exe

C:\Windows\System\BzXUBjw.exe

C:\Windows\System\nZvszpt.exe

C:\Windows\System\nZvszpt.exe

C:\Windows\System\wljyroc.exe

C:\Windows\System\wljyroc.exe

C:\Windows\System\mGnYHRp.exe

C:\Windows\System\mGnYHRp.exe

C:\Windows\System\jFlhiKP.exe

C:\Windows\System\jFlhiKP.exe

C:\Windows\System\BpKkXbf.exe

C:\Windows\System\BpKkXbf.exe

C:\Windows\System\ZUCUZnE.exe

C:\Windows\System\ZUCUZnE.exe

C:\Windows\System\qBRLGtE.exe

C:\Windows\System\qBRLGtE.exe

C:\Windows\System\UiAClLx.exe

C:\Windows\System\UiAClLx.exe

C:\Windows\System\KyaZgID.exe

C:\Windows\System\KyaZgID.exe

C:\Windows\System\HzPYrNj.exe

C:\Windows\System\HzPYrNj.exe

C:\Windows\System\NbWwjha.exe

C:\Windows\System\NbWwjha.exe

C:\Windows\System\PqkLIry.exe

C:\Windows\System\PqkLIry.exe

C:\Windows\System\ZPRKSiy.exe

C:\Windows\System\ZPRKSiy.exe

C:\Windows\System\HZIlZPc.exe

C:\Windows\System\HZIlZPc.exe

C:\Windows\System\mRezASG.exe

C:\Windows\System\mRezASG.exe

C:\Windows\System\uzWLVKd.exe

C:\Windows\System\uzWLVKd.exe

C:\Windows\System\ZMOxBan.exe

C:\Windows\System\ZMOxBan.exe

C:\Windows\System\layGslW.exe

C:\Windows\System\layGslW.exe

C:\Windows\System\IYIbyDY.exe

C:\Windows\System\IYIbyDY.exe

C:\Windows\System\nzuadAJ.exe

C:\Windows\System\nzuadAJ.exe

C:\Windows\System\DgJTNKO.exe

C:\Windows\System\DgJTNKO.exe

C:\Windows\System\bLYUbMZ.exe

C:\Windows\System\bLYUbMZ.exe

C:\Windows\System\ykeOsns.exe

C:\Windows\System\ykeOsns.exe

C:\Windows\System\NJwutOv.exe

C:\Windows\System\NJwutOv.exe

C:\Windows\System\OLxEjwN.exe

C:\Windows\System\OLxEjwN.exe

C:\Windows\System\pPxqSum.exe

C:\Windows\System\pPxqSum.exe

C:\Windows\System\weKoYbA.exe

C:\Windows\System\weKoYbA.exe

C:\Windows\System\MZNpKSf.exe

C:\Windows\System\MZNpKSf.exe

C:\Windows\System\fTnKAff.exe

C:\Windows\System\fTnKAff.exe

C:\Windows\System\KZuVEUG.exe

C:\Windows\System\KZuVEUG.exe

C:\Windows\System\SCHqQQH.exe

C:\Windows\System\SCHqQQH.exe

C:\Windows\System\SpCsOMx.exe

C:\Windows\System\SpCsOMx.exe

C:\Windows\System\bUQJcJb.exe

C:\Windows\System\bUQJcJb.exe

C:\Windows\System\SkPuhVX.exe

C:\Windows\System\SkPuhVX.exe

C:\Windows\System\iaEryet.exe

C:\Windows\System\iaEryet.exe

C:\Windows\System\rVGkiCV.exe

C:\Windows\System\rVGkiCV.exe

C:\Windows\System\QHmwGtr.exe

C:\Windows\System\QHmwGtr.exe

C:\Windows\System\KzCWfDs.exe

C:\Windows\System\KzCWfDs.exe

C:\Windows\System\yxPhODE.exe

C:\Windows\System\yxPhODE.exe

C:\Windows\System\kbPMXjo.exe

C:\Windows\System\kbPMXjo.exe

C:\Windows\System\mnIzEMi.exe

C:\Windows\System\mnIzEMi.exe

C:\Windows\System\oHnVqTV.exe

C:\Windows\System\oHnVqTV.exe

C:\Windows\System\fvpMLGD.exe

C:\Windows\System\fvpMLGD.exe

C:\Windows\System\QyGMEXK.exe

C:\Windows\System\QyGMEXK.exe

C:\Windows\System\rIfbBIb.exe

C:\Windows\System\rIfbBIb.exe

C:\Windows\System\jaDKupE.exe

C:\Windows\System\jaDKupE.exe

C:\Windows\System\fyRxsAb.exe

C:\Windows\System\fyRxsAb.exe

C:\Windows\System\DSexFob.exe

C:\Windows\System\DSexFob.exe

C:\Windows\System\HAkDyke.exe

C:\Windows\System\HAkDyke.exe

C:\Windows\System\vjjGBZj.exe

C:\Windows\System\vjjGBZj.exe

C:\Windows\System\IDuGdbZ.exe

C:\Windows\System\IDuGdbZ.exe

C:\Windows\System\GcTeqKJ.exe

C:\Windows\System\GcTeqKJ.exe

C:\Windows\System\eSatWtn.exe

C:\Windows\System\eSatWtn.exe

C:\Windows\System\BxniRdg.exe

C:\Windows\System\BxniRdg.exe

C:\Windows\System\ECMLfhJ.exe

C:\Windows\System\ECMLfhJ.exe

C:\Windows\System\DGBKPKJ.exe

C:\Windows\System\DGBKPKJ.exe

C:\Windows\System\dvEutRq.exe

C:\Windows\System\dvEutRq.exe

C:\Windows\System\HoLmhHC.exe

C:\Windows\System\HoLmhHC.exe

C:\Windows\System\zSazGhB.exe

C:\Windows\System\zSazGhB.exe

C:\Windows\System\PkwQipA.exe

C:\Windows\System\PkwQipA.exe

C:\Windows\System\IkBCveY.exe

C:\Windows\System\IkBCveY.exe

C:\Windows\System\uXKtuOX.exe

C:\Windows\System\uXKtuOX.exe

C:\Windows\System\KlzixxT.exe

C:\Windows\System\KlzixxT.exe

C:\Windows\System\mDlDcub.exe

C:\Windows\System\mDlDcub.exe

C:\Windows\System\BWoJfuU.exe

C:\Windows\System\BWoJfuU.exe

C:\Windows\System\esJMqhV.exe

C:\Windows\System\esJMqhV.exe

C:\Windows\System\CfCGDtv.exe

C:\Windows\System\CfCGDtv.exe

C:\Windows\System\odDYPqx.exe

C:\Windows\System\odDYPqx.exe

C:\Windows\System\otNxGeD.exe

C:\Windows\System\otNxGeD.exe

C:\Windows\System\tJYgwFP.exe

C:\Windows\System\tJYgwFP.exe

C:\Windows\System\ZIUrwYY.exe

C:\Windows\System\ZIUrwYY.exe

C:\Windows\System\DaeQYaU.exe

C:\Windows\System\DaeQYaU.exe

C:\Windows\System\VUaeAoi.exe

C:\Windows\System\VUaeAoi.exe

C:\Windows\System\pikpdaI.exe

C:\Windows\System\pikpdaI.exe

C:\Windows\System\pKlbqsU.exe

C:\Windows\System\pKlbqsU.exe

C:\Windows\System\LiFxmFP.exe

C:\Windows\System\LiFxmFP.exe

C:\Windows\System\fKpCLND.exe

C:\Windows\System\fKpCLND.exe

C:\Windows\System\PIiveNz.exe

C:\Windows\System\PIiveNz.exe

C:\Windows\System\SBSihQY.exe

C:\Windows\System\SBSihQY.exe

C:\Windows\System\eVTzDUn.exe

C:\Windows\System\eVTzDUn.exe

C:\Windows\System\FpHKEuj.exe

C:\Windows\System\FpHKEuj.exe

C:\Windows\System\hkdvzjx.exe

C:\Windows\System\hkdvzjx.exe

C:\Windows\System\HsEEaAj.exe

C:\Windows\System\HsEEaAj.exe

C:\Windows\System\rvXFVus.exe

C:\Windows\System\rvXFVus.exe

C:\Windows\System\gKXCXJC.exe

C:\Windows\System\gKXCXJC.exe

C:\Windows\System\nJGJSlh.exe

C:\Windows\System\nJGJSlh.exe

C:\Windows\System\zZwKQjk.exe

C:\Windows\System\zZwKQjk.exe

C:\Windows\System\QykJZtJ.exe

C:\Windows\System\QykJZtJ.exe

C:\Windows\System\lCpGIjB.exe

C:\Windows\System\lCpGIjB.exe

C:\Windows\System\jVLLVuB.exe

C:\Windows\System\jVLLVuB.exe

C:\Windows\System\XGROGON.exe

C:\Windows\System\XGROGON.exe

C:\Windows\System\uAxpOhE.exe

C:\Windows\System\uAxpOhE.exe

C:\Windows\System\ERkKcPS.exe

C:\Windows\System\ERkKcPS.exe

C:\Windows\System\OCxcBdu.exe

C:\Windows\System\OCxcBdu.exe

C:\Windows\System\vgRnuek.exe

C:\Windows\System\vgRnuek.exe

C:\Windows\System\NqksZwC.exe

C:\Windows\System\NqksZwC.exe

C:\Windows\System\oCvMoNd.exe

C:\Windows\System\oCvMoNd.exe

C:\Windows\System\ITzHGCo.exe

C:\Windows\System\ITzHGCo.exe

C:\Windows\System\CfGtAva.exe

C:\Windows\System\CfGtAva.exe

C:\Windows\System\YbJFcpC.exe

C:\Windows\System\YbJFcpC.exe

C:\Windows\System\FQurkZF.exe

C:\Windows\System\FQurkZF.exe

C:\Windows\System\qyOKDMm.exe

C:\Windows\System\qyOKDMm.exe

C:\Windows\System\SDZdqwl.exe

C:\Windows\System\SDZdqwl.exe

C:\Windows\System\jGMuTab.exe

C:\Windows\System\jGMuTab.exe

C:\Windows\System\DpURDZh.exe

C:\Windows\System\DpURDZh.exe

C:\Windows\System\AfxIjiE.exe

C:\Windows\System\AfxIjiE.exe

C:\Windows\System\Wjhxdfe.exe

C:\Windows\System\Wjhxdfe.exe

C:\Windows\System\dmbaQZs.exe

C:\Windows\System\dmbaQZs.exe

C:\Windows\System\JaKnbDo.exe

C:\Windows\System\JaKnbDo.exe

C:\Windows\System\JaUwJMc.exe

C:\Windows\System\JaUwJMc.exe

C:\Windows\System\HXPbtQd.exe

C:\Windows\System\HXPbtQd.exe

C:\Windows\System\VcEqGAP.exe

C:\Windows\System\VcEqGAP.exe

C:\Windows\System\bHjnmjp.exe

C:\Windows\System\bHjnmjp.exe

C:\Windows\System\XNcbVnN.exe

C:\Windows\System\XNcbVnN.exe

C:\Windows\System\Luhryhs.exe

C:\Windows\System\Luhryhs.exe

C:\Windows\System\Bimbrge.exe

C:\Windows\System\Bimbrge.exe

C:\Windows\System\JoleDVt.exe

C:\Windows\System\JoleDVt.exe

C:\Windows\System\sFXBfVz.exe

C:\Windows\System\sFXBfVz.exe

C:\Windows\System\TbFLFfy.exe

C:\Windows\System\TbFLFfy.exe

C:\Windows\System\DJUAotX.exe

C:\Windows\System\DJUAotX.exe

C:\Windows\System\BuRtoCy.exe

C:\Windows\System\BuRtoCy.exe

C:\Windows\System\rjiNLMz.exe

C:\Windows\System\rjiNLMz.exe

C:\Windows\System\cPWSvel.exe

C:\Windows\System\cPWSvel.exe

C:\Windows\System\tXwpIpC.exe

C:\Windows\System\tXwpIpC.exe

C:\Windows\System\JpkJZCS.exe

C:\Windows\System\JpkJZCS.exe

C:\Windows\System\zIFRllA.exe

C:\Windows\System\zIFRllA.exe

C:\Windows\System\zcPWgKW.exe

C:\Windows\System\zcPWgKW.exe

C:\Windows\System\gBwkVwG.exe

C:\Windows\System\gBwkVwG.exe

C:\Windows\System\ZqhnTtt.exe

C:\Windows\System\ZqhnTtt.exe

C:\Windows\System\AfJFYbj.exe

C:\Windows\System\AfJFYbj.exe

C:\Windows\System\vWrslKs.exe

C:\Windows\System\vWrslKs.exe

C:\Windows\System\YBEoFoY.exe

C:\Windows\System\YBEoFoY.exe

C:\Windows\System\cwlREwC.exe

C:\Windows\System\cwlREwC.exe

C:\Windows\System\dSOiIJY.exe

C:\Windows\System\dSOiIJY.exe

C:\Windows\System\jrXIPyK.exe

C:\Windows\System\jrXIPyK.exe

C:\Windows\System\ukxuNyi.exe

C:\Windows\System\ukxuNyi.exe

C:\Windows\System\jKKoVaK.exe

C:\Windows\System\jKKoVaK.exe

C:\Windows\System\bDuypMB.exe

C:\Windows\System\bDuypMB.exe

C:\Windows\System\nelGUfi.exe

C:\Windows\System\nelGUfi.exe

C:\Windows\System\hGZDREC.exe

C:\Windows\System\hGZDREC.exe

C:\Windows\System\FYSKiQB.exe

C:\Windows\System\FYSKiQB.exe

C:\Windows\System\NsnRrGQ.exe

C:\Windows\System\NsnRrGQ.exe

C:\Windows\System\tsabrPw.exe

C:\Windows\System\tsabrPw.exe

C:\Windows\System\eQOufzi.exe

C:\Windows\System\eQOufzi.exe

C:\Windows\System\whgtEkA.exe

C:\Windows\System\whgtEkA.exe

C:\Windows\System\qFcngRn.exe

C:\Windows\System\qFcngRn.exe

C:\Windows\System\OCNsYFV.exe

C:\Windows\System\OCNsYFV.exe

C:\Windows\System\RUYxKHz.exe

C:\Windows\System\RUYxKHz.exe

C:\Windows\System\pNvoczF.exe

C:\Windows\System\pNvoczF.exe

C:\Windows\System\lCgDlAC.exe

C:\Windows\System\lCgDlAC.exe

C:\Windows\System\LXhPASy.exe

C:\Windows\System\LXhPASy.exe

C:\Windows\System\xkWTwfa.exe

C:\Windows\System\xkWTwfa.exe

C:\Windows\System\PlCWdla.exe

C:\Windows\System\PlCWdla.exe

C:\Windows\System\RmDjiyQ.exe

C:\Windows\System\RmDjiyQ.exe

C:\Windows\System\TYtOCBz.exe

C:\Windows\System\TYtOCBz.exe

C:\Windows\System\mAkjfCa.exe

C:\Windows\System\mAkjfCa.exe

C:\Windows\System\qlKgvnk.exe

C:\Windows\System\qlKgvnk.exe

C:\Windows\System\wLrEiRU.exe

C:\Windows\System\wLrEiRU.exe

C:\Windows\System\eFjCZuy.exe

C:\Windows\System\eFjCZuy.exe

C:\Windows\System\aZRnKBS.exe

C:\Windows\System\aZRnKBS.exe

C:\Windows\System\fFGphfh.exe

C:\Windows\System\fFGphfh.exe

C:\Windows\System\OoJodTh.exe

C:\Windows\System\OoJodTh.exe

C:\Windows\System\bBOekro.exe

C:\Windows\System\bBOekro.exe

C:\Windows\System\bZgrWOA.exe

C:\Windows\System\bZgrWOA.exe

C:\Windows\System\bvDYymS.exe

C:\Windows\System\bvDYymS.exe

C:\Windows\System\hZtqzHN.exe

C:\Windows\System\hZtqzHN.exe

C:\Windows\System\qKsHSio.exe

C:\Windows\System\qKsHSio.exe

C:\Windows\System\rfGnaWe.exe

C:\Windows\System\rfGnaWe.exe

C:\Windows\System\uDbPSlO.exe

C:\Windows\System\uDbPSlO.exe

C:\Windows\System\plkiDSu.exe

C:\Windows\System\plkiDSu.exe

C:\Windows\System\idmGmoe.exe

C:\Windows\System\idmGmoe.exe

C:\Windows\System\wjzMNuE.exe

C:\Windows\System\wjzMNuE.exe

C:\Windows\System\TPuLAKR.exe

C:\Windows\System\TPuLAKR.exe

C:\Windows\System\QaqzQip.exe

C:\Windows\System\QaqzQip.exe

C:\Windows\System\xRZGHPP.exe

C:\Windows\System\xRZGHPP.exe

C:\Windows\System\rZTnqMr.exe

C:\Windows\System\rZTnqMr.exe

C:\Windows\System\xBhsSwN.exe

C:\Windows\System\xBhsSwN.exe

C:\Windows\System\VoGiAWj.exe

C:\Windows\System\VoGiAWj.exe

C:\Windows\System\XPdWFaO.exe

C:\Windows\System\XPdWFaO.exe

C:\Windows\System\zcZCEMk.exe

C:\Windows\System\zcZCEMk.exe

C:\Windows\System\pBthfmm.exe

C:\Windows\System\pBthfmm.exe

C:\Windows\System\BsWKejj.exe

C:\Windows\System\BsWKejj.exe

C:\Windows\System\PRqcQzI.exe

C:\Windows\System\PRqcQzI.exe

C:\Windows\System\LPluJQM.exe

C:\Windows\System\LPluJQM.exe

C:\Windows\System\UuFtLxJ.exe

C:\Windows\System\UuFtLxJ.exe

C:\Windows\System\kFDurmP.exe

C:\Windows\System\kFDurmP.exe

C:\Windows\System\iSWEffk.exe

C:\Windows\System\iSWEffk.exe

C:\Windows\System\TrnvDnx.exe

C:\Windows\System\TrnvDnx.exe

C:\Windows\System\bIhXVms.exe

C:\Windows\System\bIhXVms.exe

C:\Windows\System\KxDiBWP.exe

C:\Windows\System\KxDiBWP.exe

C:\Windows\System\KQXbblE.exe

C:\Windows\System\KQXbblE.exe

C:\Windows\System\qJdIaTY.exe

C:\Windows\System\qJdIaTY.exe

C:\Windows\System\rHditis.exe

C:\Windows\System\rHditis.exe

C:\Windows\System\GnmdZck.exe

C:\Windows\System\GnmdZck.exe

C:\Windows\System\sLqEHOC.exe

C:\Windows\System\sLqEHOC.exe

C:\Windows\System\etNZPUF.exe

C:\Windows\System\etNZPUF.exe

C:\Windows\System\YcbAlyB.exe

C:\Windows\System\YcbAlyB.exe

C:\Windows\System\vQIRwHe.exe

C:\Windows\System\vQIRwHe.exe

C:\Windows\System\nRpLpNy.exe

C:\Windows\System\nRpLpNy.exe

C:\Windows\System\CUKaNuR.exe

C:\Windows\System\CUKaNuR.exe

C:\Windows\System\cNFzmez.exe

C:\Windows\System\cNFzmez.exe

C:\Windows\System\muylNqN.exe

C:\Windows\System\muylNqN.exe

C:\Windows\System\wJTUseL.exe

C:\Windows\System\wJTUseL.exe

C:\Windows\System\WPduAey.exe

C:\Windows\System\WPduAey.exe

C:\Windows\System\cIFdgHJ.exe

C:\Windows\System\cIFdgHJ.exe

C:\Windows\System\mwkRYUn.exe

C:\Windows\System\mwkRYUn.exe

C:\Windows\System\fMqotJO.exe

C:\Windows\System\fMqotJO.exe

C:\Windows\System\COrkuFo.exe

C:\Windows\System\COrkuFo.exe

C:\Windows\System\FWcIUrn.exe

C:\Windows\System\FWcIUrn.exe

C:\Windows\System\czCWRMZ.exe

C:\Windows\System\czCWRMZ.exe

C:\Windows\System\OpxbNTr.exe

C:\Windows\System\OpxbNTr.exe

C:\Windows\System\WgZiQeZ.exe

C:\Windows\System\WgZiQeZ.exe

C:\Windows\System\MTsRnSU.exe

C:\Windows\System\MTsRnSU.exe

C:\Windows\System\GDZCMBd.exe

C:\Windows\System\GDZCMBd.exe

C:\Windows\System\NRWwhsV.exe

C:\Windows\System\NRWwhsV.exe

C:\Windows\System\mNVZqOT.exe

C:\Windows\System\mNVZqOT.exe

C:\Windows\System\TxOWipB.exe

C:\Windows\System\TxOWipB.exe

C:\Windows\System\gMlSiRG.exe

C:\Windows\System\gMlSiRG.exe

C:\Windows\System\fhyaxks.exe

C:\Windows\System\fhyaxks.exe

C:\Windows\System\crTCtBe.exe

C:\Windows\System\crTCtBe.exe

C:\Windows\System\gDpmwza.exe

C:\Windows\System\gDpmwza.exe

C:\Windows\System\hcFZAvM.exe

C:\Windows\System\hcFZAvM.exe

C:\Windows\System\pDAyloa.exe

C:\Windows\System\pDAyloa.exe

C:\Windows\System\mbelRRW.exe

C:\Windows\System\mbelRRW.exe

C:\Windows\System\tMcOCPu.exe

C:\Windows\System\tMcOCPu.exe

C:\Windows\System\cHVcrdy.exe

C:\Windows\System\cHVcrdy.exe

C:\Windows\System\thrKuzV.exe

C:\Windows\System\thrKuzV.exe

C:\Windows\System\tvfnZVI.exe

C:\Windows\System\tvfnZVI.exe

C:\Windows\System\lFlBSaL.exe

C:\Windows\System\lFlBSaL.exe

C:\Windows\System\OxRUfNX.exe

C:\Windows\System\OxRUfNX.exe

C:\Windows\System\QFJaonk.exe

C:\Windows\System\QFJaonk.exe

C:\Windows\System\fPuPLaU.exe

C:\Windows\System\fPuPLaU.exe

C:\Windows\System\kCmjKaN.exe

C:\Windows\System\kCmjKaN.exe

C:\Windows\System\yJZTeKk.exe

C:\Windows\System\yJZTeKk.exe

C:\Windows\System\ysdxeNE.exe

C:\Windows\System\ysdxeNE.exe

C:\Windows\System\TjPgzZB.exe

C:\Windows\System\TjPgzZB.exe

C:\Windows\System\vWghvpG.exe

C:\Windows\System\vWghvpG.exe

C:\Windows\System\zrjsUlk.exe

C:\Windows\System\zrjsUlk.exe

C:\Windows\System\WaeKxcI.exe

C:\Windows\System\WaeKxcI.exe

C:\Windows\System\uIsboRX.exe

C:\Windows\System\uIsboRX.exe

C:\Windows\System\RknamTv.exe

C:\Windows\System\RknamTv.exe

C:\Windows\System\zyHFKQx.exe

C:\Windows\System\zyHFKQx.exe

C:\Windows\System\oyrxEHo.exe

C:\Windows\System\oyrxEHo.exe

C:\Windows\System\PzAaChR.exe

C:\Windows\System\PzAaChR.exe

C:\Windows\System\mQbYCSX.exe

C:\Windows\System\mQbYCSX.exe

C:\Windows\System\ajBECuU.exe

C:\Windows\System\ajBECuU.exe

C:\Windows\System\nHnnIdQ.exe

C:\Windows\System\nHnnIdQ.exe

C:\Windows\System\EzDvQqN.exe

C:\Windows\System\EzDvQqN.exe

C:\Windows\System\ORZJPCM.exe

C:\Windows\System\ORZJPCM.exe

C:\Windows\System\lhtjaMP.exe

C:\Windows\System\lhtjaMP.exe

C:\Windows\System\UsxJpky.exe

C:\Windows\System\UsxJpky.exe

C:\Windows\System\fiCObAO.exe

C:\Windows\System\fiCObAO.exe

C:\Windows\System\hKjhMXu.exe

C:\Windows\System\hKjhMXu.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/2864-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\QhSUeHB.exe

MD5 3c905afef8e55ee8c721689884f16286
SHA1 6bc9cd69cca066853692c862a407fb5101f8d553
SHA256 a8cb290efc9c47aa70ae5fb8e05007f495dfbbd8bac6f67aee3bdd0c1ce8e4a5
SHA512 1973b8db528c4e3b6de41d094d02ae8dffc0b5c88b93a018ec981e549521204d0bd38a5f74ba5d0c110f5a854de9591a7379adf15a95fbe41f44f8bcbbb1169c

C:\Windows\System\lDmjVAc.exe

MD5 2e67cb3574cd4c1f76430d9929271e92
SHA1 f7d317acd374c4d9d88dafd831ac040c8c15e79e
SHA256 2075a98c9aaa906f2ceecc7980c1d12db5e3a2de9e857e18935c995dd8050bc3
SHA512 68f019b1d64bada6eab0d354c966ba9d5b0d47a7f9b303060fe857d94c339091f30534f63b672f8eec2ce3e5eb029dc254b4ced9490dce8b3147ed1190fe41ff

C:\Windows\System\LSxizzV.exe

MD5 ba2a2004565ba2256360cc04784f1f19
SHA1 ae0f27474b55356311ff4e9bde97ccc529a69f07
SHA256 dcaea40ff268432925754c8f711c8b05b54e123229fe706607f0886ae8938ae9
SHA512 28d38218b8ec5e163d3bd544225283ed8cd3a54afb442d19cde9c62ac5d0be29d729b4505021b506ea6f06ac131bbc43926f6163242f22df0535a3f8a34ce432

C:\Windows\System\MZHTNkT.exe

MD5 9d9754d3b370a4b1fc7a136ef6fa2210
SHA1 869ae4134e12464d82e3e1e440ec14d042474ce6
SHA256 8e4ff467f35e9b0f86fe29333c60d1e14f432c714e705b772120f561939df118
SHA512 0fa5cc9fd1824dc456b0612f43fc6017b693efada9256b3cb60ac514f3338276621d2c2eb92bbb65eb6921d59abe5b36180cff2f9c454d2ca5ebd5aea5f17b68

C:\Windows\System\DYZKmVq.exe

MD5 b108c9eb457ea5b26880129057495de0
SHA1 cc9b6a4170c998c2cb9c91ec5e8fd256fe1ab23c
SHA256 09c0259cc0ff26d28acefd3a7ef607d1d19498d9a0ba26f59e1f5336991c1258
SHA512 641737aafbcbbaf3c6f8bad78087b73ec53faba851b066e282f161eacf4421d85dae4b819945dd6779b549c294e1308c79601fe52a472ecf77331106830c1564

C:\Windows\System\NUCNgCy.exe

MD5 a86c593c3364fb0490462701a20ed670
SHA1 0c6cfdc316f3d46680a847281c127e953efb825a
SHA256 19517b917f45f9b5d82afb58c5acd2362af71fa719d635b4aac2f3e5bcbf36d7
SHA512 29fa25efb74b8217a0d089a6522b84dc6d86bd3edf213d20d0f01cbb29c351147b136005f1ac9bb3d9e46376b48f924afb5207f278ffd515c47b28d92b551f66

C:\Windows\System\FfIjmeA.exe

MD5 2df42db5fdf5a22bab354e818c5f534c
SHA1 9e8f7de1d1462bd80bff860d88aa0e042a8ba022
SHA256 a048510f83f89726d8bf8c6f1b548672bf280ad64003733feb5fe2e305f8a815
SHA512 e1399d978eb29a6fe8e56d0620ddb21ecc1386916f3297aa2c42c4245307db28dbc430157e7a988897ff9407b4dbc0476125d0f69bcb490d16f5b199cbae7c44

C:\Windows\System\iCjXrwG.exe

MD5 dabdc25125ceb867c0d93e9259f57710
SHA1 3846beca4e9bb2a3335111e4e0f4bba29517d55c
SHA256 811421e927c58e84fe7b6a9e2caef9a06820d2141bb1134a4abfb6f438fac9c7
SHA512 a65c2e5f5788aa81b62dde4d4045e535ab1adf335b37da90e125e28663a29b24a483e71ea0960dafc290b1cddb8cdf3c4d709fefcdca8981803ce32b377fe95a

C:\Windows\System\okDuCwZ.exe

MD5 c9399b8ff494793b39426a831742e70d
SHA1 e222c8573ba8a189e10f09ed6c416b2473a5d100
SHA256 39dbdf5a421c61a6d659654aea34faff5b2481812b682dc0a87dda7e758eec82
SHA512 96b4c4c14fc893f62a2faba7d3a05b6e134fe0caca8e3430c8019f0cc96f44aeacb03ba9be948e125ea585eb9d69787065a2bb483cfce4274c21c7845fed7b33

C:\Windows\System\ZXmBRCE.exe

MD5 90e69003bb97ce18f3e9abd662c6248f
SHA1 3170d1b179164cf6da04a616ea06b38a4ca16d80
SHA256 40d4da1fd68facfac9bee472167495080924dc9f8cb2bb380ba407c6c819efd2
SHA512 eabe981ef8367920bedfb21e8392f7b70afa285263a18c7eb9ba7f07c64fc4d119497b96f23c142c7ab02c870fca11f9220451269f331f2ede443bc48ae3ef20

C:\Windows\System\eVpnpUa.exe

MD5 9955106daf34118e37ee92130765719a
SHA1 39d248c4cd0309898c547831e3155dcefacddeb1
SHA256 7793d7c7e5b858383ec433aa3df8697365b842f2ff787607efda2d847a30f28d
SHA512 0023bb2ee675f3728b0bd57b062b6bde2e6762531bac54d46cdd10fa79053aa61ad273c03d998d72060ef6bd59205d1e4d05838905f3333e88b2372427ac4067

C:\Windows\System\tPTbImH.exe

MD5 7ba60f6c7a80e3a619da1fb7e8a9e8db
SHA1 996f0e1aa495367d26ea11c423b63ec724b6400f
SHA256 e9fdd62ef0d8536e8c2e3d5a4c13f1fcab8d4403e4d8b492be454a4fc8b5f472
SHA512 a536e2e98c09fb4dff8b227f9e3f7c4fea0dec781745eceaaefe582296ff1b1c1ccc9367175c3cc0d876274411f6334b38783b74a644d08748c54f257cc72632

C:\Windows\System\caEQtkW.exe

MD5 81b45aca692b699418a56cbf534ebc02
SHA1 c460d7e8adfa4637ea66bf121e5cbd82d001ef8e
SHA256 0bb12050562c348f32382ab4721250dbbbde3260f77e88f7a461ecc5240700f8
SHA512 47d64c9eef98a4007f9b7fcb7dd8c9efdd633780fa9cef8b8d6cc54d98d51b4fdac3b3d6c6272abeea1772661fc741ed2786460f4c368225f6050f4444336515

C:\Windows\System\SjaOfIc.exe

MD5 683fe56aad6bfa14d5b93d347fed868b
SHA1 6881516d76cf539a759309af6a9082c3a9badea6
SHA256 5a9ac48099feb07c4290d528813674962490af9b9cfca983b224340e83d29088
SHA512 5df19707a02bccf8b612eb284b193dd73e0458359a871f63e76a343221812b68159882a939d6537335f7c836edfa3d6d28ac3ff774aa516fd11855f806b440c6

C:\Windows\System\PqOAmSn.exe

MD5 e223f2f7282f80a0955904dcaf69eb3f
SHA1 a50c53f31290c0f72af25bafddb731f9ece63cf7
SHA256 5a04ed8d38c6bc10fd9695aff9d760e9e7b255d5bdc5dd0752aa9e216655270f
SHA512 b17dc5bfca2fd7317fb7cd88194fdb7b76affd140846f5fb9597f5bb129c5aa0439a96cf2424e89cf7b1a811997816c5dc3c8bfe8aaab623ee7904e16463388d

C:\Windows\System\WsQwlcF.exe

MD5 6ce1780c7e3435d7321d51c84516fce1
SHA1 b1aa39b1c4a028c5f96067080ac1a201caae9c05
SHA256 6789e89178cfaa6e69dcec21a83d72d760fff51dde58a4feb20c1150dc3114bc
SHA512 b7208f19a627a3d6ee0363e05851b2c62b18873c28ba514e9d63dd5ac1eea88956beb014c81058858bce22b8f50f038b891d6650dfefffabcf1cba35a0523c3c

C:\Windows\System\NZaAbmT.exe

MD5 93c5f2a0b05bfa66f7f53c58d35fad9d
SHA1 17404ccd1fce3a677fead6d5a5a03f868933efe7
SHA256 a8cf89b09f28c54985285e23fd47dc2b72a7c3a2d928a0f80ae5ea8df035f2b2
SHA512 b581569c8ac8ab7e9f12892af901e6184dc7f25ec8b620df4b3ab967f02a8e1327e086335858f7192dd444252cb1fdf11a424d071ce19480dbfe8a1cfd04c1a1

C:\Windows\System\oAwdDBB.exe

MD5 bba5db13cb641234f4398fa8d5d38afb
SHA1 d4822ce48583ac22b6d78d922a18271c11540805
SHA256 4f45b5f5d8a0f4f5cbdb4aaf8b57611ba4327ed2b1bc3f6721cdd0e33d948aca
SHA512 1d930112e55e4cb43cd0f4bfb2d646b05a00d78737f5799c166071adf79e35e9730195ab12d7f9fc4a70c599b2838afacc1237d04f3ad25b91f68ea5d7bae711

C:\Windows\System\QeFlsPh.exe

MD5 20894b1872e4911824687d8eeec42f5e
SHA1 313724f0951cb0d2813c93f002575741ff5ad7da
SHA256 38b1f968805ef292d1d6d2eb1d0d2ebe8b028f7b2c3486fef4a1a6e8fbf0848e
SHA512 67e774d5b9391879d1e52462476ef3f3cd12ef80d0adb1dcd88e06d9360913eaa0f0a79c46cef6d053cf60be03e5610e64c9dfdb98546e133a66f26c01129a4e

C:\Windows\System\JZlEpfD.exe

MD5 6edbf7054a298152550e92c49ead2b18
SHA1 8f15794045ef6007495eaca102163eba1efd57a5
SHA256 3e3dfb0e23df9180cb240663ea1ef2ad7a4a60d2a9d3a58828915af22deed589
SHA512 4a7d5a6c6827d360f2ede83f01468e6b55a35a15a2cd6133a785276659e2a9fd38332c03fdc01c3c12268ad0f30d463943dd61f9aadc8f32e6dc0c1709a5ebfd

C:\Windows\System\IpaIATI.exe

MD5 208adff32c7c54cf8715b4397441ca37
SHA1 e6f5c72ffef3906931ce4e334a2d3133f54a5e1e
SHA256 c8848e03c748326c38046ec5604fa19e22fa7742072bf3c78c1c66605bf313ae
SHA512 20d016cfb150b1df821db9752850802592d365166f9416352617e7fd98a11db39be5bf257988f8385773626f76892854ac6b7adf894f923dfa568b72cfd0bd52

C:\Windows\System\uqcWLbq.exe

MD5 4385521a1f7a3ab06c9f880a7e2a32b0
SHA1 5f4a41d2bea8f4ebe38a6b58e5e91b95dd32796d
SHA256 9da169e19ccafac820b4ed3650b88aa5d5e7a227c66d35fe07466ac406e9b4b9
SHA512 fa6ad815a6e8210949192226e036242696be82aa82443a445243a3d71ea5f3a66ce3aa31cf4d3a962a21b2c86895cb2d001d13413197bdca966af3968b35e3be

C:\Windows\System\ecYTdoN.exe

MD5 1d090390df85bbedcb21b4a14b5b2e34
SHA1 215cbe1bb34395237f780a8b155df26acce6d527
SHA256 0e2e407b3a13a9ae3d0890e2c5e8dd403e8a87cee63adce3d17c552b5507797d
SHA512 7c54d529af91dd29ab347646ca065acf5416a842e8ec07e37648ca8e43f74f7587a12c9d5e48e9cd29ee8df0e5a0a07959532a067f4d00940d89b976b39ceaa1

C:\Windows\System\RPGnZgp.exe

MD5 6a789abc870e023dc4c42d9b427ae607
SHA1 8bcee1c10450222d3cefbfce1a77a9d0eacace27
SHA256 ab0cd39f37332286d8a6116c56707e0c6fe4a410d269a2c415cf71f1f1b1b72a
SHA512 cf6927212cb442d1b395af4fe4126e874ebcfcd40aae9e6acb11261808619959168c41c389d469b0bc635d585e54482dc76ae2bbb91128ae5cc57670070ac32d

C:\Windows\System\WrXcyzu.exe

MD5 46132a484d0336d21468c6ccc5a5dc50
SHA1 08c62574aebb2d1c078e99752a4e9c5f09fada1a
SHA256 c0add8b199857c5df755063a07a08a12ca70e80ab49ec4d0e61fb2493f7e552c
SHA512 63796ba5b90a448dee792791446f0a37ce4a263b6672121b51cb955db3616a93cc0d638458aecd586b93459843e5a7c8d59cf0f9086e58f2c87a32de5ea6d128

C:\Windows\System\cRcSKbh.exe

MD5 be37cb9027e6d0517c5725871bb5443f
SHA1 83869d391b9234e37afefc06a7a1ba5f77179d3b
SHA256 d8fb80f17fc519ac67fab01d149275ba3cf3824aaf7ea091406c070b2dd17467
SHA512 241cd2b2f0fdae6e8f452e536502169c110e827896e51ed1f53beee61e7b1649c98a3a5a67b45b06287260a169b892c9bc8cfc400d0949db251a22c03a8a4efd

C:\Windows\System\zLtRxdK.exe

MD5 2d64b97f65594742d8a6145c1132ae02
SHA1 4cc3b5908996c7960045d4b4a93ebfbc4dde99ba
SHA256 bf73cac494b3e5d405fca04725d38247da4666e3cfc7abf3a25f8e49f1503cb1
SHA512 ec24bd9e78d9c6e0c156e9b2fbb3797801b23d28bc3b8d63cecdf61e9e61bf68aab23f156a0c18d042211cdc55ae9bf9b3d3c532c3a31d6559aee70d5fa57afd

C:\Windows\System\QBbZoZx.exe

MD5 9cf66644ba1236a7dfdb6ce8db7706eb
SHA1 fe94a92527b7a48a4289f8907045170dd9548ac1
SHA256 d87de4253698b457e235383121cedc468683f72590f8aad15c8fd9a849020b30
SHA512 b61982c5dba5f7f5c2ec3c9d2eb56d8495173cd4d04352a754063a29e4acbd052f5610eff3a2c136db4d78c75a434fef90ea4a3c8571996c4c969c9d2adcb3d6

C:\Windows\System\liKBepY.exe

MD5 2a2424c6a9746d811ec050ee801dd465
SHA1 41aa67dadceca70d40048b9f94bacf8f154b1f35
SHA256 80e860070e7c9ab6fdcca67e079a0ddf5c1e1847b3ac28664ba8ea4e695e8be9
SHA512 ab788d449769ac4c3d30afbbd281eaeeb55969f57bea6dbdb7a1950b3f6e921adf5e3086cec9c6faa11b73f0d98efc15f51e10e116c951b8bbc0f88c4f55b25f

C:\Windows\System\zsbWAya.exe

MD5 1665dcc7f71dfb71724205c69f42d602
SHA1 c28388246ee5ad53265c56765e5c78d27e47094e
SHA256 4e53f7f85f87e46eca6376a5d58d7d6fa31ffb209d00accce155705fef350eba
SHA512 b5bb9078847c511c8985b138615f7e3f6b5776a36370e620cd44467aab25a4ef2af024044cdff2e0a58d257c82315cf951bcb238065df2b2e4bbb6763590f3da

C:\Windows\System\BFIJPUm.exe

MD5 1047edfa67ddaf026c59a9e5ff232961
SHA1 a7eb6cb73bd7f5e7eb0c8206927fc6a007f8f60b
SHA256 c3b17b93d6d864c4954f60f6481f609e35c3d4457961ea827745eb44968b01ac
SHA512 686011c5220357b46fa3902c53439e77685e30c8fa965337ea5741757691c477ae53e5b7a0651989ad6db8889d6d9a18d1a4cd1c4af11291ceab4059e4964397

C:\Windows\System\gzDjKDW.exe

MD5 c60b236d0078a65a120b77bc46ddec28
SHA1 d88f9ddb157b09e1d49b860a35b6baf01c9b5e27
SHA256 4cde239c6a169ce6d811c820d5b4966c320ae8230252a1970f25cfc74e357290
SHA512 8e174c926caa73ab7f84b9e113d8075e318ed797d50d39686d1e8855a2479c9299074f2a4d045eb5851ac16ee49919d20c5bb30fb3869c54bf92570b74dadf72

C:\Windows\System\BZhwQWP.exe

MD5 2c23c2a1a649710aede113f592c595a7
SHA1 26e0b861747d7e6d7834125d32f35489140520e8
SHA256 5be5033bd9e2563008eaddd3713fc3f8e7608c1eb0d38825efe84ee275ebca5c
SHA512 3afa9348b27f5161af4e49c40a8e82105a4e9322c94f91dbb50294e63f0bf3c5d84f6996aa0b3ef3945586e2b9e5b30f862ac8be0b98b927ed98d4f7be4d49cc

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 12:50

Reported

2024-06-23 12:53

Platform

win7-20240220-en

Max time kernel

137s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\QhSUeHB.exe N/A
N/A N/A C:\Windows\System\lDmjVAc.exe N/A
N/A N/A C:\Windows\System\LSxizzV.exe N/A
N/A N/A C:\Windows\System\BFIJPUm.exe N/A
N/A N/A C:\Windows\System\zsbWAya.exe N/A
N/A N/A C:\Windows\System\cRcSKbh.exe N/A
N/A N/A C:\Windows\System\liKBepY.exe N/A
N/A N/A C:\Windows\System\QBbZoZx.exe N/A
N/A N/A C:\Windows\System\BZhwQWP.exe N/A
N/A N/A C:\Windows\System\gzDjKDW.exe N/A
N/A N/A C:\Windows\System\zLtRxdK.exe N/A
N/A N/A C:\Windows\System\MZHTNkT.exe N/A
N/A N/A C:\Windows\System\DYZKmVq.exe N/A
N/A N/A C:\Windows\System\WrXcyzu.exe N/A
N/A N/A C:\Windows\System\RPGnZgp.exe N/A
N/A N/A C:\Windows\System\ecYTdoN.exe N/A
N/A N/A C:\Windows\System\NUCNgCy.exe N/A
N/A N/A C:\Windows\System\uqcWLbq.exe N/A
N/A N/A C:\Windows\System\FfIjmeA.exe N/A
N/A N/A C:\Windows\System\iCjXrwG.exe N/A
N/A N/A C:\Windows\System\IpaIATI.exe N/A
N/A N/A C:\Windows\System\JZlEpfD.exe N/A
N/A N/A C:\Windows\System\QeFlsPh.exe N/A
N/A N/A C:\Windows\System\okDuCwZ.exe N/A
N/A N/A C:\Windows\System\oAwdDBB.exe N/A
N/A N/A C:\Windows\System\NZaAbmT.exe N/A
N/A N/A C:\Windows\System\ZXmBRCE.exe N/A
N/A N/A C:\Windows\System\WsQwlcF.exe N/A
N/A N/A C:\Windows\System\eVpnpUa.exe N/A
N/A N/A C:\Windows\System\PqOAmSn.exe N/A
N/A N/A C:\Windows\System\caEQtkW.exe N/A
N/A N/A C:\Windows\System\SjaOfIc.exe N/A
N/A N/A C:\Windows\System\tPTbImH.exe N/A
N/A N/A C:\Windows\System\kKxcGfb.exe N/A
N/A N/A C:\Windows\System\GAeuMQe.exe N/A
N/A N/A C:\Windows\System\SGhmjJI.exe N/A
N/A N/A C:\Windows\System\TPIuabo.exe N/A
N/A N/A C:\Windows\System\qkjvUUr.exe N/A
N/A N/A C:\Windows\System\PdEKfwo.exe N/A
N/A N/A C:\Windows\System\nLhwLkI.exe N/A
N/A N/A C:\Windows\System\BKEOYnm.exe N/A
N/A N/A C:\Windows\System\ZjInHHx.exe N/A
N/A N/A C:\Windows\System\nFvRvCy.exe N/A
N/A N/A C:\Windows\System\NXyfhZS.exe N/A
N/A N/A C:\Windows\System\UUhpWRt.exe N/A
N/A N/A C:\Windows\System\ZAlEQMr.exe N/A
N/A N/A C:\Windows\System\keEhiBU.exe N/A
N/A N/A C:\Windows\System\abMeebB.exe N/A
N/A N/A C:\Windows\System\gNgDqpJ.exe N/A
N/A N/A C:\Windows\System\BpXKHPu.exe N/A
N/A N/A C:\Windows\System\BqriHdD.exe N/A
N/A N/A C:\Windows\System\lClzQau.exe N/A
N/A N/A C:\Windows\System\VPaymdx.exe N/A
N/A N/A C:\Windows\System\ZnkxYoN.exe N/A
N/A N/A C:\Windows\System\GoONLeg.exe N/A
N/A N/A C:\Windows\System\COdiSLO.exe N/A
N/A N/A C:\Windows\System\rGMIQsp.exe N/A
N/A N/A C:\Windows\System\nIvRXuU.exe N/A
N/A N/A C:\Windows\System\ZrNVKSe.exe N/A
N/A N/A C:\Windows\System\NSLtCXF.exe N/A
N/A N/A C:\Windows\System\vNJEvVh.exe N/A
N/A N/A C:\Windows\System\FCCPvXf.exe N/A
N/A N/A C:\Windows\System\JsSQqVe.exe N/A
N/A N/A C:\Windows\System\TEQqwAL.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iaEryet.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBwkVwG.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWoJfuU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDZdqwl.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZqhnTtt.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWrslKs.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCgDlAC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRZGHPP.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\keEhiBU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\BzXUBjw.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDZCMBd.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxDiBWP.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\czCWRMZ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bimbrge.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfJFYbj.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrnvDnx.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsxJpky.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpCsOMx.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\XGROGON.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ERkKcPS.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\sFXBfVz.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeFlsPh.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIvRXuU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\VPaymdx.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ukxuNyi.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPTbImH.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAlEQMr.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFcngRn.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLhwLkI.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZnkxYoN.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPWSvel.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PRqcQzI.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKjhMXu.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\JsSQqVe.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\nJGJSlh.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKlbqsU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCCPvXf.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPxqSum.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGhmjJI.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZrNVKSe.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUaeAoi.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIiveNz.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\QykJZtJ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\hGZDREC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLrEiRU.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsbWAya.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\liKBepY.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\COrkuFo.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPRKSiy.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykeOsns.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHnVqTV.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmbaQZs.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\wjzMNuE.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZHTNkT.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsQwlcF.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECMLfhJ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVTzDUn.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsnRrGQ.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCHqQQH.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaDKupE.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXwpIpC.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\PlCWdla.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlKgvnk.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A
File created C:\Windows\System\QaqzQip.exe C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QhSUeHB.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QhSUeHB.exe
PID 2912 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QhSUeHB.exe
PID 2912 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\lDmjVAc.exe
PID 2912 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\lDmjVAc.exe
PID 2912 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\lDmjVAc.exe
PID 2912 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\LSxizzV.exe
PID 2912 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\LSxizzV.exe
PID 2912 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\LSxizzV.exe
PID 2912 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BFIJPUm.exe
PID 2912 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BFIJPUm.exe
PID 2912 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BFIJPUm.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zsbWAya.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zsbWAya.exe
PID 2912 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zsbWAya.exe
PID 2912 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\cRcSKbh.exe
PID 2912 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\cRcSKbh.exe
PID 2912 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\cRcSKbh.exe
PID 2912 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\liKBepY.exe
PID 2912 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\liKBepY.exe
PID 2912 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\liKBepY.exe
PID 2912 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QBbZoZx.exe
PID 2912 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QBbZoZx.exe
PID 2912 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\QBbZoZx.exe
PID 2912 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BZhwQWP.exe
PID 2912 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BZhwQWP.exe
PID 2912 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\BZhwQWP.exe
PID 2912 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\gzDjKDW.exe
PID 2912 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\gzDjKDW.exe
PID 2912 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\gzDjKDW.exe
PID 2912 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zLtRxdK.exe
PID 2912 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zLtRxdK.exe
PID 2912 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\zLtRxdK.exe
PID 2912 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\MZHTNkT.exe
PID 2912 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\MZHTNkT.exe
PID 2912 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\MZHTNkT.exe
PID 2912 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\DYZKmVq.exe
PID 2912 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\DYZKmVq.exe
PID 2912 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\DYZKmVq.exe
PID 2912 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WrXcyzu.exe
PID 2912 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WrXcyzu.exe
PID 2912 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\WrXcyzu.exe
PID 2912 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\RPGnZgp.exe
PID 2912 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\RPGnZgp.exe
PID 2912 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\RPGnZgp.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ecYTdoN.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ecYTdoN.exe
PID 2912 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\ecYTdoN.exe
PID 2912 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NUCNgCy.exe
PID 2912 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NUCNgCy.exe
PID 2912 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\NUCNgCy.exe
PID 2912 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\uqcWLbq.exe
PID 2912 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\uqcWLbq.exe
PID 2912 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\uqcWLbq.exe
PID 2912 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\FfIjmeA.exe
PID 2912 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\FfIjmeA.exe
PID 2912 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\FfIjmeA.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\iCjXrwG.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\iCjXrwG.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\iCjXrwG.exe
PID 2912 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\IpaIATI.exe
PID 2912 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\IpaIATI.exe
PID 2912 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\IpaIATI.exe
PID 2912 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe C:\Windows\System\JZlEpfD.exe

Processes

C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe"

C:\Windows\System\QhSUeHB.exe

C:\Windows\System\QhSUeHB.exe

C:\Windows\System\lDmjVAc.exe

C:\Windows\System\lDmjVAc.exe

C:\Windows\System\LSxizzV.exe

C:\Windows\System\LSxizzV.exe

C:\Windows\System\BFIJPUm.exe

C:\Windows\System\BFIJPUm.exe

C:\Windows\System\zsbWAya.exe

C:\Windows\System\zsbWAya.exe

C:\Windows\System\cRcSKbh.exe

C:\Windows\System\cRcSKbh.exe

C:\Windows\System\liKBepY.exe

C:\Windows\System\liKBepY.exe

C:\Windows\System\QBbZoZx.exe

C:\Windows\System\QBbZoZx.exe

C:\Windows\System\BZhwQWP.exe

C:\Windows\System\BZhwQWP.exe

C:\Windows\System\gzDjKDW.exe

C:\Windows\System\gzDjKDW.exe

C:\Windows\System\zLtRxdK.exe

C:\Windows\System\zLtRxdK.exe

C:\Windows\System\MZHTNkT.exe

C:\Windows\System\MZHTNkT.exe

C:\Windows\System\DYZKmVq.exe

C:\Windows\System\DYZKmVq.exe

C:\Windows\System\WrXcyzu.exe

C:\Windows\System\WrXcyzu.exe

C:\Windows\System\RPGnZgp.exe

C:\Windows\System\RPGnZgp.exe

C:\Windows\System\ecYTdoN.exe

C:\Windows\System\ecYTdoN.exe

C:\Windows\System\NUCNgCy.exe

C:\Windows\System\NUCNgCy.exe

C:\Windows\System\uqcWLbq.exe

C:\Windows\System\uqcWLbq.exe

C:\Windows\System\FfIjmeA.exe

C:\Windows\System\FfIjmeA.exe

C:\Windows\System\iCjXrwG.exe

C:\Windows\System\iCjXrwG.exe

C:\Windows\System\IpaIATI.exe

C:\Windows\System\IpaIATI.exe

C:\Windows\System\JZlEpfD.exe

C:\Windows\System\JZlEpfD.exe

C:\Windows\System\QeFlsPh.exe

C:\Windows\System\QeFlsPh.exe

C:\Windows\System\okDuCwZ.exe

C:\Windows\System\okDuCwZ.exe

C:\Windows\System\oAwdDBB.exe

C:\Windows\System\oAwdDBB.exe

C:\Windows\System\NZaAbmT.exe

C:\Windows\System\NZaAbmT.exe

C:\Windows\System\ZXmBRCE.exe

C:\Windows\System\ZXmBRCE.exe

C:\Windows\System\WsQwlcF.exe

C:\Windows\System\WsQwlcF.exe

C:\Windows\System\eVpnpUa.exe

C:\Windows\System\eVpnpUa.exe

C:\Windows\System\PqOAmSn.exe

C:\Windows\System\PqOAmSn.exe

C:\Windows\System\caEQtkW.exe

C:\Windows\System\caEQtkW.exe

C:\Windows\System\SjaOfIc.exe

C:\Windows\System\SjaOfIc.exe

C:\Windows\System\tPTbImH.exe

C:\Windows\System\tPTbImH.exe

C:\Windows\System\kKxcGfb.exe

C:\Windows\System\kKxcGfb.exe

C:\Windows\System\GAeuMQe.exe

C:\Windows\System\GAeuMQe.exe

C:\Windows\System\SGhmjJI.exe

C:\Windows\System\SGhmjJI.exe

C:\Windows\System\TPIuabo.exe

C:\Windows\System\TPIuabo.exe

C:\Windows\System\qkjvUUr.exe

C:\Windows\System\qkjvUUr.exe

C:\Windows\System\PdEKfwo.exe

C:\Windows\System\PdEKfwo.exe

C:\Windows\System\nLhwLkI.exe

C:\Windows\System\nLhwLkI.exe

C:\Windows\System\BKEOYnm.exe

C:\Windows\System\BKEOYnm.exe

C:\Windows\System\ZjInHHx.exe

C:\Windows\System\ZjInHHx.exe

C:\Windows\System\nFvRvCy.exe

C:\Windows\System\nFvRvCy.exe

C:\Windows\System\NXyfhZS.exe

C:\Windows\System\NXyfhZS.exe

C:\Windows\System\UUhpWRt.exe

C:\Windows\System\UUhpWRt.exe

C:\Windows\System\ZAlEQMr.exe

C:\Windows\System\ZAlEQMr.exe

C:\Windows\System\keEhiBU.exe

C:\Windows\System\keEhiBU.exe

C:\Windows\System\abMeebB.exe

C:\Windows\System\abMeebB.exe

C:\Windows\System\gNgDqpJ.exe

C:\Windows\System\gNgDqpJ.exe

C:\Windows\System\BpXKHPu.exe

C:\Windows\System\BpXKHPu.exe

C:\Windows\System\BqriHdD.exe

C:\Windows\System\BqriHdD.exe

C:\Windows\System\lClzQau.exe

C:\Windows\System\lClzQau.exe

C:\Windows\System\VPaymdx.exe

C:\Windows\System\VPaymdx.exe

C:\Windows\System\ZnkxYoN.exe

C:\Windows\System\ZnkxYoN.exe

C:\Windows\System\GoONLeg.exe

C:\Windows\System\GoONLeg.exe

C:\Windows\System\COdiSLO.exe

C:\Windows\System\COdiSLO.exe

C:\Windows\System\rGMIQsp.exe

C:\Windows\System\rGMIQsp.exe

C:\Windows\System\nIvRXuU.exe

C:\Windows\System\nIvRXuU.exe

C:\Windows\System\ZrNVKSe.exe

C:\Windows\System\ZrNVKSe.exe

C:\Windows\System\NSLtCXF.exe

C:\Windows\System\NSLtCXF.exe

C:\Windows\System\vNJEvVh.exe

C:\Windows\System\vNJEvVh.exe

C:\Windows\System\FCCPvXf.exe

C:\Windows\System\FCCPvXf.exe

C:\Windows\System\JsSQqVe.exe

C:\Windows\System\JsSQqVe.exe

C:\Windows\System\TEQqwAL.exe

C:\Windows\System\TEQqwAL.exe

C:\Windows\System\zkbRbnv.exe

C:\Windows\System\zkbRbnv.exe

C:\Windows\System\oauvJxl.exe

C:\Windows\System\oauvJxl.exe

C:\Windows\System\PrNrXEN.exe

C:\Windows\System\PrNrXEN.exe

C:\Windows\System\nhAkITd.exe

C:\Windows\System\nhAkITd.exe

C:\Windows\System\zRTKVyd.exe

C:\Windows\System\zRTKVyd.exe

C:\Windows\System\USjzEun.exe

C:\Windows\System\USjzEun.exe

C:\Windows\System\tpnjDuJ.exe

C:\Windows\System\tpnjDuJ.exe

C:\Windows\System\BzXUBjw.exe

C:\Windows\System\BzXUBjw.exe

C:\Windows\System\nZvszpt.exe

C:\Windows\System\nZvszpt.exe

C:\Windows\System\wljyroc.exe

C:\Windows\System\wljyroc.exe

C:\Windows\System\mGnYHRp.exe

C:\Windows\System\mGnYHRp.exe

C:\Windows\System\jFlhiKP.exe

C:\Windows\System\jFlhiKP.exe

C:\Windows\System\BpKkXbf.exe

C:\Windows\System\BpKkXbf.exe

C:\Windows\System\ZUCUZnE.exe

C:\Windows\System\ZUCUZnE.exe

C:\Windows\System\qBRLGtE.exe

C:\Windows\System\qBRLGtE.exe

C:\Windows\System\UiAClLx.exe

C:\Windows\System\UiAClLx.exe

C:\Windows\System\KyaZgID.exe

C:\Windows\System\KyaZgID.exe

C:\Windows\System\HzPYrNj.exe

C:\Windows\System\HzPYrNj.exe

C:\Windows\System\NbWwjha.exe

C:\Windows\System\NbWwjha.exe

C:\Windows\System\PqkLIry.exe

C:\Windows\System\PqkLIry.exe

C:\Windows\System\ZPRKSiy.exe

C:\Windows\System\ZPRKSiy.exe

C:\Windows\System\HZIlZPc.exe

C:\Windows\System\HZIlZPc.exe

C:\Windows\System\mRezASG.exe

C:\Windows\System\mRezASG.exe

C:\Windows\System\uzWLVKd.exe

C:\Windows\System\uzWLVKd.exe

C:\Windows\System\ZMOxBan.exe

C:\Windows\System\ZMOxBan.exe

C:\Windows\System\layGslW.exe

C:\Windows\System\layGslW.exe

C:\Windows\System\IYIbyDY.exe

C:\Windows\System\IYIbyDY.exe

C:\Windows\System\nzuadAJ.exe

C:\Windows\System\nzuadAJ.exe

C:\Windows\System\DgJTNKO.exe

C:\Windows\System\DgJTNKO.exe

C:\Windows\System\bLYUbMZ.exe

C:\Windows\System\bLYUbMZ.exe

C:\Windows\System\ykeOsns.exe

C:\Windows\System\ykeOsns.exe

C:\Windows\System\NJwutOv.exe

C:\Windows\System\NJwutOv.exe

C:\Windows\System\OLxEjwN.exe

C:\Windows\System\OLxEjwN.exe

C:\Windows\System\pPxqSum.exe

C:\Windows\System\pPxqSum.exe

C:\Windows\System\weKoYbA.exe

C:\Windows\System\weKoYbA.exe

C:\Windows\System\MZNpKSf.exe

C:\Windows\System\MZNpKSf.exe

C:\Windows\System\fTnKAff.exe

C:\Windows\System\fTnKAff.exe

C:\Windows\System\KZuVEUG.exe

C:\Windows\System\KZuVEUG.exe

C:\Windows\System\SCHqQQH.exe

C:\Windows\System\SCHqQQH.exe

C:\Windows\System\SpCsOMx.exe

C:\Windows\System\SpCsOMx.exe

C:\Windows\System\bUQJcJb.exe

C:\Windows\System\bUQJcJb.exe

C:\Windows\System\SkPuhVX.exe

C:\Windows\System\SkPuhVX.exe

C:\Windows\System\iaEryet.exe

C:\Windows\System\iaEryet.exe

C:\Windows\System\rVGkiCV.exe

C:\Windows\System\rVGkiCV.exe

C:\Windows\System\QHmwGtr.exe

C:\Windows\System\QHmwGtr.exe

C:\Windows\System\KzCWfDs.exe

C:\Windows\System\KzCWfDs.exe

C:\Windows\System\yxPhODE.exe

C:\Windows\System\yxPhODE.exe

C:\Windows\System\kbPMXjo.exe

C:\Windows\System\kbPMXjo.exe

C:\Windows\System\mnIzEMi.exe

C:\Windows\System\mnIzEMi.exe

C:\Windows\System\oHnVqTV.exe

C:\Windows\System\oHnVqTV.exe

C:\Windows\System\fvpMLGD.exe

C:\Windows\System\fvpMLGD.exe

C:\Windows\System\QyGMEXK.exe

C:\Windows\System\QyGMEXK.exe

C:\Windows\System\rIfbBIb.exe

C:\Windows\System\rIfbBIb.exe

C:\Windows\System\jaDKupE.exe

C:\Windows\System\jaDKupE.exe

C:\Windows\System\fyRxsAb.exe

C:\Windows\System\fyRxsAb.exe

C:\Windows\System\DSexFob.exe

C:\Windows\System\DSexFob.exe

C:\Windows\System\HAkDyke.exe

C:\Windows\System\HAkDyke.exe

C:\Windows\System\vjjGBZj.exe

C:\Windows\System\vjjGBZj.exe

C:\Windows\System\IDuGdbZ.exe

C:\Windows\System\IDuGdbZ.exe

C:\Windows\System\GcTeqKJ.exe

C:\Windows\System\GcTeqKJ.exe

C:\Windows\System\eSatWtn.exe

C:\Windows\System\eSatWtn.exe

C:\Windows\System\BxniRdg.exe

C:\Windows\System\BxniRdg.exe

C:\Windows\System\ECMLfhJ.exe

C:\Windows\System\ECMLfhJ.exe

C:\Windows\System\DGBKPKJ.exe

C:\Windows\System\DGBKPKJ.exe

C:\Windows\System\dvEutRq.exe

C:\Windows\System\dvEutRq.exe

C:\Windows\System\HoLmhHC.exe

C:\Windows\System\HoLmhHC.exe

C:\Windows\System\zSazGhB.exe

C:\Windows\System\zSazGhB.exe

C:\Windows\System\PkwQipA.exe

C:\Windows\System\PkwQipA.exe

C:\Windows\System\IkBCveY.exe

C:\Windows\System\IkBCveY.exe

C:\Windows\System\uXKtuOX.exe

C:\Windows\System\uXKtuOX.exe

C:\Windows\System\KlzixxT.exe

C:\Windows\System\KlzixxT.exe

C:\Windows\System\mDlDcub.exe

C:\Windows\System\mDlDcub.exe

C:\Windows\System\BWoJfuU.exe

C:\Windows\System\BWoJfuU.exe

C:\Windows\System\esJMqhV.exe

C:\Windows\System\esJMqhV.exe

C:\Windows\System\CfCGDtv.exe

C:\Windows\System\CfCGDtv.exe

C:\Windows\System\odDYPqx.exe

C:\Windows\System\odDYPqx.exe

C:\Windows\System\otNxGeD.exe

C:\Windows\System\otNxGeD.exe

C:\Windows\System\tJYgwFP.exe

C:\Windows\System\tJYgwFP.exe

C:\Windows\System\ZIUrwYY.exe

C:\Windows\System\ZIUrwYY.exe

C:\Windows\System\DaeQYaU.exe

C:\Windows\System\DaeQYaU.exe

C:\Windows\System\VUaeAoi.exe

C:\Windows\System\VUaeAoi.exe

C:\Windows\System\pikpdaI.exe

C:\Windows\System\pikpdaI.exe

C:\Windows\System\pKlbqsU.exe

C:\Windows\System\pKlbqsU.exe

C:\Windows\System\LiFxmFP.exe

C:\Windows\System\LiFxmFP.exe

C:\Windows\System\fKpCLND.exe

C:\Windows\System\fKpCLND.exe

C:\Windows\System\PIiveNz.exe

C:\Windows\System\PIiveNz.exe

C:\Windows\System\SBSihQY.exe

C:\Windows\System\SBSihQY.exe

C:\Windows\System\eVTzDUn.exe

C:\Windows\System\eVTzDUn.exe

C:\Windows\System\FpHKEuj.exe

C:\Windows\System\FpHKEuj.exe

C:\Windows\System\hkdvzjx.exe

C:\Windows\System\hkdvzjx.exe

C:\Windows\System\HsEEaAj.exe

C:\Windows\System\HsEEaAj.exe

C:\Windows\System\rvXFVus.exe

C:\Windows\System\rvXFVus.exe

C:\Windows\System\gKXCXJC.exe

C:\Windows\System\gKXCXJC.exe

C:\Windows\System\nJGJSlh.exe

C:\Windows\System\nJGJSlh.exe

C:\Windows\System\zZwKQjk.exe

C:\Windows\System\zZwKQjk.exe

C:\Windows\System\QykJZtJ.exe

C:\Windows\System\QykJZtJ.exe

C:\Windows\System\lCpGIjB.exe

C:\Windows\System\lCpGIjB.exe

C:\Windows\System\jVLLVuB.exe

C:\Windows\System\jVLLVuB.exe

C:\Windows\System\XGROGON.exe

C:\Windows\System\XGROGON.exe

C:\Windows\System\uAxpOhE.exe

C:\Windows\System\uAxpOhE.exe

C:\Windows\System\ERkKcPS.exe

C:\Windows\System\ERkKcPS.exe

C:\Windows\System\OCxcBdu.exe

C:\Windows\System\OCxcBdu.exe

C:\Windows\System\vgRnuek.exe

C:\Windows\System\vgRnuek.exe

C:\Windows\System\NqksZwC.exe

C:\Windows\System\NqksZwC.exe

C:\Windows\System\oCvMoNd.exe

C:\Windows\System\oCvMoNd.exe

C:\Windows\System\ITzHGCo.exe

C:\Windows\System\ITzHGCo.exe

C:\Windows\System\CfGtAva.exe

C:\Windows\System\CfGtAva.exe

C:\Windows\System\YbJFcpC.exe

C:\Windows\System\YbJFcpC.exe

C:\Windows\System\FQurkZF.exe

C:\Windows\System\FQurkZF.exe

C:\Windows\System\qyOKDMm.exe

C:\Windows\System\qyOKDMm.exe

C:\Windows\System\SDZdqwl.exe

C:\Windows\System\SDZdqwl.exe

C:\Windows\System\jGMuTab.exe

C:\Windows\System\jGMuTab.exe

C:\Windows\System\DpURDZh.exe

C:\Windows\System\DpURDZh.exe

C:\Windows\System\AfxIjiE.exe

C:\Windows\System\AfxIjiE.exe

C:\Windows\System\Wjhxdfe.exe

C:\Windows\System\Wjhxdfe.exe

C:\Windows\System\dmbaQZs.exe

C:\Windows\System\dmbaQZs.exe

C:\Windows\System\JaKnbDo.exe

C:\Windows\System\JaKnbDo.exe

C:\Windows\System\JaUwJMc.exe

C:\Windows\System\JaUwJMc.exe

C:\Windows\System\HXPbtQd.exe

C:\Windows\System\HXPbtQd.exe

C:\Windows\System\VcEqGAP.exe

C:\Windows\System\VcEqGAP.exe

C:\Windows\System\bHjnmjp.exe

C:\Windows\System\bHjnmjp.exe

C:\Windows\System\XNcbVnN.exe

C:\Windows\System\XNcbVnN.exe

C:\Windows\System\Luhryhs.exe

C:\Windows\System\Luhryhs.exe

C:\Windows\System\Bimbrge.exe

C:\Windows\System\Bimbrge.exe

C:\Windows\System\JoleDVt.exe

C:\Windows\System\JoleDVt.exe

C:\Windows\System\sFXBfVz.exe

C:\Windows\System\sFXBfVz.exe

C:\Windows\System\TbFLFfy.exe

C:\Windows\System\TbFLFfy.exe

C:\Windows\System\DJUAotX.exe

C:\Windows\System\DJUAotX.exe

C:\Windows\System\BuRtoCy.exe

C:\Windows\System\BuRtoCy.exe

C:\Windows\System\rjiNLMz.exe

C:\Windows\System\rjiNLMz.exe

C:\Windows\System\cPWSvel.exe

C:\Windows\System\cPWSvel.exe

C:\Windows\System\tXwpIpC.exe

C:\Windows\System\tXwpIpC.exe

C:\Windows\System\JpkJZCS.exe

C:\Windows\System\JpkJZCS.exe

C:\Windows\System\zIFRllA.exe

C:\Windows\System\zIFRllA.exe

C:\Windows\System\zcPWgKW.exe

C:\Windows\System\zcPWgKW.exe

C:\Windows\System\gBwkVwG.exe

C:\Windows\System\gBwkVwG.exe

C:\Windows\System\ZqhnTtt.exe

C:\Windows\System\ZqhnTtt.exe

C:\Windows\System\AfJFYbj.exe

C:\Windows\System\AfJFYbj.exe

C:\Windows\System\vWrslKs.exe

C:\Windows\System\vWrslKs.exe

C:\Windows\System\YBEoFoY.exe

C:\Windows\System\YBEoFoY.exe

C:\Windows\System\cwlREwC.exe

C:\Windows\System\cwlREwC.exe

C:\Windows\System\dSOiIJY.exe

C:\Windows\System\dSOiIJY.exe

C:\Windows\System\jrXIPyK.exe

C:\Windows\System\jrXIPyK.exe

C:\Windows\System\ukxuNyi.exe

C:\Windows\System\ukxuNyi.exe

C:\Windows\System\jKKoVaK.exe

C:\Windows\System\jKKoVaK.exe

C:\Windows\System\bDuypMB.exe

C:\Windows\System\bDuypMB.exe

C:\Windows\System\nelGUfi.exe

C:\Windows\System\nelGUfi.exe

C:\Windows\System\hGZDREC.exe

C:\Windows\System\hGZDREC.exe

C:\Windows\System\FYSKiQB.exe

C:\Windows\System\FYSKiQB.exe

C:\Windows\System\NsnRrGQ.exe

C:\Windows\System\NsnRrGQ.exe

C:\Windows\System\tsabrPw.exe

C:\Windows\System\tsabrPw.exe

C:\Windows\System\eQOufzi.exe

C:\Windows\System\eQOufzi.exe

C:\Windows\System\whgtEkA.exe

C:\Windows\System\whgtEkA.exe

C:\Windows\System\qFcngRn.exe

C:\Windows\System\qFcngRn.exe

C:\Windows\System\OCNsYFV.exe

C:\Windows\System\OCNsYFV.exe

C:\Windows\System\RUYxKHz.exe

C:\Windows\System\RUYxKHz.exe

C:\Windows\System\pNvoczF.exe

C:\Windows\System\pNvoczF.exe

C:\Windows\System\lCgDlAC.exe

C:\Windows\System\lCgDlAC.exe

C:\Windows\System\LXhPASy.exe

C:\Windows\System\LXhPASy.exe

C:\Windows\System\xkWTwfa.exe

C:\Windows\System\xkWTwfa.exe

C:\Windows\System\PlCWdla.exe

C:\Windows\System\PlCWdla.exe

C:\Windows\System\RmDjiyQ.exe

C:\Windows\System\RmDjiyQ.exe

C:\Windows\System\TYtOCBz.exe

C:\Windows\System\TYtOCBz.exe

C:\Windows\System\mAkjfCa.exe

C:\Windows\System\mAkjfCa.exe

C:\Windows\System\qlKgvnk.exe

C:\Windows\System\qlKgvnk.exe

C:\Windows\System\wLrEiRU.exe

C:\Windows\System\wLrEiRU.exe

C:\Windows\System\eFjCZuy.exe

C:\Windows\System\eFjCZuy.exe

C:\Windows\System\aZRnKBS.exe

C:\Windows\System\aZRnKBS.exe

C:\Windows\System\fFGphfh.exe

C:\Windows\System\fFGphfh.exe

C:\Windows\System\OoJodTh.exe

C:\Windows\System\OoJodTh.exe

C:\Windows\System\bBOekro.exe

C:\Windows\System\bBOekro.exe

C:\Windows\System\bZgrWOA.exe

C:\Windows\System\bZgrWOA.exe

C:\Windows\System\bvDYymS.exe

C:\Windows\System\bvDYymS.exe

C:\Windows\System\hZtqzHN.exe

C:\Windows\System\hZtqzHN.exe

C:\Windows\System\qKsHSio.exe

C:\Windows\System\qKsHSio.exe

C:\Windows\System\rfGnaWe.exe

C:\Windows\System\rfGnaWe.exe

C:\Windows\System\uDbPSlO.exe

C:\Windows\System\uDbPSlO.exe

C:\Windows\System\plkiDSu.exe

C:\Windows\System\plkiDSu.exe

C:\Windows\System\idmGmoe.exe

C:\Windows\System\idmGmoe.exe

C:\Windows\System\wjzMNuE.exe

C:\Windows\System\wjzMNuE.exe

C:\Windows\System\TPuLAKR.exe

C:\Windows\System\TPuLAKR.exe

C:\Windows\System\QaqzQip.exe

C:\Windows\System\QaqzQip.exe

C:\Windows\System\xRZGHPP.exe

C:\Windows\System\xRZGHPP.exe

C:\Windows\System\rZTnqMr.exe

C:\Windows\System\rZTnqMr.exe

C:\Windows\System\xBhsSwN.exe

C:\Windows\System\xBhsSwN.exe

C:\Windows\System\VoGiAWj.exe

C:\Windows\System\VoGiAWj.exe

C:\Windows\System\XPdWFaO.exe

C:\Windows\System\XPdWFaO.exe

C:\Windows\System\zcZCEMk.exe

C:\Windows\System\zcZCEMk.exe

C:\Windows\System\pBthfmm.exe

C:\Windows\System\pBthfmm.exe

C:\Windows\System\BsWKejj.exe

C:\Windows\System\BsWKejj.exe

C:\Windows\System\PRqcQzI.exe

C:\Windows\System\PRqcQzI.exe

C:\Windows\System\LPluJQM.exe

C:\Windows\System\LPluJQM.exe

C:\Windows\System\UuFtLxJ.exe

C:\Windows\System\UuFtLxJ.exe

C:\Windows\System\kFDurmP.exe

C:\Windows\System\kFDurmP.exe

C:\Windows\System\iSWEffk.exe

C:\Windows\System\iSWEffk.exe

C:\Windows\System\TrnvDnx.exe

C:\Windows\System\TrnvDnx.exe

C:\Windows\System\bIhXVms.exe

C:\Windows\System\bIhXVms.exe

C:\Windows\System\KxDiBWP.exe

C:\Windows\System\KxDiBWP.exe

C:\Windows\System\KQXbblE.exe

C:\Windows\System\KQXbblE.exe

C:\Windows\System\qJdIaTY.exe

C:\Windows\System\qJdIaTY.exe

C:\Windows\System\rHditis.exe

C:\Windows\System\rHditis.exe

C:\Windows\System\GnmdZck.exe

C:\Windows\System\GnmdZck.exe

C:\Windows\System\sLqEHOC.exe

C:\Windows\System\sLqEHOC.exe

C:\Windows\System\etNZPUF.exe

C:\Windows\System\etNZPUF.exe

C:\Windows\System\YcbAlyB.exe

C:\Windows\System\YcbAlyB.exe

C:\Windows\System\vQIRwHe.exe

C:\Windows\System\vQIRwHe.exe

C:\Windows\System\nRpLpNy.exe

C:\Windows\System\nRpLpNy.exe

C:\Windows\System\CUKaNuR.exe

C:\Windows\System\CUKaNuR.exe

C:\Windows\System\cNFzmez.exe

C:\Windows\System\cNFzmez.exe

C:\Windows\System\muylNqN.exe

C:\Windows\System\muylNqN.exe

C:\Windows\System\wJTUseL.exe

C:\Windows\System\wJTUseL.exe

C:\Windows\System\WPduAey.exe

C:\Windows\System\WPduAey.exe

C:\Windows\System\cIFdgHJ.exe

C:\Windows\System\cIFdgHJ.exe

C:\Windows\System\mwkRYUn.exe

C:\Windows\System\mwkRYUn.exe

C:\Windows\System\fMqotJO.exe

C:\Windows\System\fMqotJO.exe

C:\Windows\System\COrkuFo.exe

C:\Windows\System\COrkuFo.exe

C:\Windows\System\FWcIUrn.exe

C:\Windows\System\FWcIUrn.exe

C:\Windows\System\czCWRMZ.exe

C:\Windows\System\czCWRMZ.exe

C:\Windows\System\OpxbNTr.exe

C:\Windows\System\OpxbNTr.exe

C:\Windows\System\WgZiQeZ.exe

C:\Windows\System\WgZiQeZ.exe

C:\Windows\System\MTsRnSU.exe

C:\Windows\System\MTsRnSU.exe

C:\Windows\System\GDZCMBd.exe

C:\Windows\System\GDZCMBd.exe

C:\Windows\System\NRWwhsV.exe

C:\Windows\System\NRWwhsV.exe

C:\Windows\System\mNVZqOT.exe

C:\Windows\System\mNVZqOT.exe

C:\Windows\System\TxOWipB.exe

C:\Windows\System\TxOWipB.exe

C:\Windows\System\gMlSiRG.exe

C:\Windows\System\gMlSiRG.exe

C:\Windows\System\fhyaxks.exe

C:\Windows\System\fhyaxks.exe

C:\Windows\System\crTCtBe.exe

C:\Windows\System\crTCtBe.exe

C:\Windows\System\gDpmwza.exe

C:\Windows\System\gDpmwza.exe

C:\Windows\System\hcFZAvM.exe

C:\Windows\System\hcFZAvM.exe

C:\Windows\System\pDAyloa.exe

C:\Windows\System\pDAyloa.exe

C:\Windows\System\mbelRRW.exe

C:\Windows\System\mbelRRW.exe

C:\Windows\System\tMcOCPu.exe

C:\Windows\System\tMcOCPu.exe

C:\Windows\System\cHVcrdy.exe

C:\Windows\System\cHVcrdy.exe

C:\Windows\System\thrKuzV.exe

C:\Windows\System\thrKuzV.exe

C:\Windows\System\tvfnZVI.exe

C:\Windows\System\tvfnZVI.exe

C:\Windows\System\lFlBSaL.exe

C:\Windows\System\lFlBSaL.exe

C:\Windows\System\OxRUfNX.exe

C:\Windows\System\OxRUfNX.exe

C:\Windows\System\QFJaonk.exe

C:\Windows\System\QFJaonk.exe

C:\Windows\System\fPuPLaU.exe

C:\Windows\System\fPuPLaU.exe

C:\Windows\System\kCmjKaN.exe

C:\Windows\System\kCmjKaN.exe

C:\Windows\System\yJZTeKk.exe

C:\Windows\System\yJZTeKk.exe

C:\Windows\System\ysdxeNE.exe

C:\Windows\System\ysdxeNE.exe

C:\Windows\System\TjPgzZB.exe

C:\Windows\System\TjPgzZB.exe

C:\Windows\System\vWghvpG.exe

C:\Windows\System\vWghvpG.exe

C:\Windows\System\zrjsUlk.exe

C:\Windows\System\zrjsUlk.exe

C:\Windows\System\WaeKxcI.exe

C:\Windows\System\WaeKxcI.exe

C:\Windows\System\uIsboRX.exe

C:\Windows\System\uIsboRX.exe

C:\Windows\System\RknamTv.exe

C:\Windows\System\RknamTv.exe

C:\Windows\System\zyHFKQx.exe

C:\Windows\System\zyHFKQx.exe

C:\Windows\System\oyrxEHo.exe

C:\Windows\System\oyrxEHo.exe

C:\Windows\System\PzAaChR.exe

C:\Windows\System\PzAaChR.exe

C:\Windows\System\mQbYCSX.exe

C:\Windows\System\mQbYCSX.exe

C:\Windows\System\ajBECuU.exe

C:\Windows\System\ajBECuU.exe

C:\Windows\System\nHnnIdQ.exe

C:\Windows\System\nHnnIdQ.exe

C:\Windows\System\EzDvQqN.exe

C:\Windows\System\EzDvQqN.exe

C:\Windows\System\ORZJPCM.exe

C:\Windows\System\ORZJPCM.exe

C:\Windows\System\lhtjaMP.exe

C:\Windows\System\lhtjaMP.exe

C:\Windows\System\UsxJpky.exe

C:\Windows\System\UsxJpky.exe

C:\Windows\System\fiCObAO.exe

C:\Windows\System\fiCObAO.exe

C:\Windows\System\hKjhMXu.exe

C:\Windows\System\hKjhMXu.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2912-0-0x0000000001B20000-0x0000000001B30000-memory.dmp

\Windows\system\QhSUeHB.exe

MD5 3c905afef8e55ee8c721689884f16286
SHA1 6bc9cd69cca066853692c862a407fb5101f8d553
SHA256 a8cb290efc9c47aa70ae5fb8e05007f495dfbbd8bac6f67aee3bdd0c1ce8e4a5
SHA512 1973b8db528c4e3b6de41d094d02ae8dffc0b5c88b93a018ec981e549521204d0bd38a5f74ba5d0c110f5a854de9591a7379adf15a95fbe41f44f8bcbbb1169c

\Windows\system\lDmjVAc.exe

MD5 2e67cb3574cd4c1f76430d9929271e92
SHA1 f7d317acd374c4d9d88dafd831ac040c8c15e79e
SHA256 2075a98c9aaa906f2ceecc7980c1d12db5e3a2de9e857e18935c995dd8050bc3
SHA512 68f019b1d64bada6eab0d354c966ba9d5b0d47a7f9b303060fe857d94c339091f30534f63b672f8eec2ce3e5eb029dc254b4ced9490dce8b3147ed1190fe41ff

C:\Windows\system\LSxizzV.exe

MD5 ba2a2004565ba2256360cc04784f1f19
SHA1 ae0f27474b55356311ff4e9bde97ccc529a69f07
SHA256 dcaea40ff268432925754c8f711c8b05b54e123229fe706607f0886ae8938ae9
SHA512 28d38218b8ec5e163d3bd544225283ed8cd3a54afb442d19cde9c62ac5d0be29d729b4505021b506ea6f06ac131bbc43926f6163242f22df0535a3f8a34ce432

\Windows\system\BFIJPUm.exe

MD5 1047edfa67ddaf026c59a9e5ff232961
SHA1 a7eb6cb73bd7f5e7eb0c8206927fc6a007f8f60b
SHA256 c3b17b93d6d864c4954f60f6481f609e35c3d4457961ea827745eb44968b01ac
SHA512 686011c5220357b46fa3902c53439e77685e30c8fa965337ea5741757691c477ae53e5b7a0651989ad6db8889d6d9a18d1a4cd1c4af11291ceab4059e4964397

\Windows\system\zsbWAya.exe

MD5 1665dcc7f71dfb71724205c69f42d602
SHA1 c28388246ee5ad53265c56765e5c78d27e47094e
SHA256 4e53f7f85f87e46eca6376a5d58d7d6fa31ffb209d00accce155705fef350eba
SHA512 b5bb9078847c511c8985b138615f7e3f6b5776a36370e620cd44467aab25a4ef2af024044cdff2e0a58d257c82315cf951bcb238065df2b2e4bbb6763590f3da

\Windows\system\cRcSKbh.exe

MD5 be37cb9027e6d0517c5725871bb5443f
SHA1 83869d391b9234e37afefc06a7a1ba5f77179d3b
SHA256 d8fb80f17fc519ac67fab01d149275ba3cf3824aaf7ea091406c070b2dd17467
SHA512 241cd2b2f0fdae6e8f452e536502169c110e827896e51ed1f53beee61e7b1649c98a3a5a67b45b06287260a169b892c9bc8cfc400d0949db251a22c03a8a4efd

C:\Windows\system\liKBepY.exe

MD5 2a2424c6a9746d811ec050ee801dd465
SHA1 41aa67dadceca70d40048b9f94bacf8f154b1f35
SHA256 80e860070e7c9ab6fdcca67e079a0ddf5c1e1847b3ac28664ba8ea4e695e8be9
SHA512 ab788d449769ac4c3d30afbbd281eaeeb55969f57bea6dbdb7a1950b3f6e921adf5e3086cec9c6faa11b73f0d98efc15f51e10e116c951b8bbc0f88c4f55b25f

\Windows\system\QBbZoZx.exe

MD5 9cf66644ba1236a7dfdb6ce8db7706eb
SHA1 fe94a92527b7a48a4289f8907045170dd9548ac1
SHA256 d87de4253698b457e235383121cedc468683f72590f8aad15c8fd9a849020b30
SHA512 b61982c5dba5f7f5c2ec3c9d2eb56d8495173cd4d04352a754063a29e4acbd052f5610eff3a2c136db4d78c75a434fef90ea4a3c8571996c4c969c9d2adcb3d6

C:\Windows\system\BZhwQWP.exe

MD5 2c23c2a1a649710aede113f592c595a7
SHA1 26e0b861747d7e6d7834125d32f35489140520e8
SHA256 5be5033bd9e2563008eaddd3713fc3f8e7608c1eb0d38825efe84ee275ebca5c
SHA512 3afa9348b27f5161af4e49c40a8e82105a4e9322c94f91dbb50294e63f0bf3c5d84f6996aa0b3ef3945586e2b9e5b30f862ac8be0b98b927ed98d4f7be4d49cc

C:\Windows\system\gzDjKDW.exe

MD5 c60b236d0078a65a120b77bc46ddec28
SHA1 d88f9ddb157b09e1d49b860a35b6baf01c9b5e27
SHA256 4cde239c6a169ce6d811c820d5b4966c320ae8230252a1970f25cfc74e357290
SHA512 8e174c926caa73ab7f84b9e113d8075e318ed797d50d39686d1e8855a2479c9299074f2a4d045eb5851ac16ee49919d20c5bb30fb3869c54bf92570b74dadf72

\Windows\system\MZHTNkT.exe

MD5 9d9754d3b370a4b1fc7a136ef6fa2210
SHA1 869ae4134e12464d82e3e1e440ec14d042474ce6
SHA256 8e4ff467f35e9b0f86fe29333c60d1e14f432c714e705b772120f561939df118
SHA512 0fa5cc9fd1824dc456b0612f43fc6017b693efada9256b3cb60ac514f3338276621d2c2eb92bbb65eb6921d59abe5b36180cff2f9c454d2ca5ebd5aea5f17b68

C:\Windows\system\WrXcyzu.exe

MD5 46132a484d0336d21468c6ccc5a5dc50
SHA1 08c62574aebb2d1c078e99752a4e9c5f09fada1a
SHA256 c0add8b199857c5df755063a07a08a12ca70e80ab49ec4d0e61fb2493f7e552c
SHA512 63796ba5b90a448dee792791446f0a37ce4a263b6672121b51cb955db3616a93cc0d638458aecd586b93459843e5a7c8d59cf0f9086e58f2c87a32de5ea6d128

C:\Windows\system\ecYTdoN.exe

MD5 1d090390df85bbedcb21b4a14b5b2e34
SHA1 215cbe1bb34395237f780a8b155df26acce6d527
SHA256 0e2e407b3a13a9ae3d0890e2c5e8dd403e8a87cee63adce3d17c552b5507797d
SHA512 7c54d529af91dd29ab347646ca065acf5416a842e8ec07e37648ca8e43f74f7587a12c9d5e48e9cd29ee8df0e5a0a07959532a067f4d00940d89b976b39ceaa1

C:\Windows\system\NUCNgCy.exe

MD5 a86c593c3364fb0490462701a20ed670
SHA1 0c6cfdc316f3d46680a847281c127e953efb825a
SHA256 19517b917f45f9b5d82afb58c5acd2362af71fa719d635b4aac2f3e5bcbf36d7
SHA512 29fa25efb74b8217a0d089a6522b84dc6d86bd3edf213d20d0f01cbb29c351147b136005f1ac9bb3d9e46376b48f924afb5207f278ffd515c47b28d92b551f66

C:\Windows\system\NZaAbmT.exe

MD5 93c5f2a0b05bfa66f7f53c58d35fad9d
SHA1 17404ccd1fce3a677fead6d5a5a03f868933efe7
SHA256 a8cf89b09f28c54985285e23fd47dc2b72a7c3a2d928a0f80ae5ea8df035f2b2
SHA512 b581569c8ac8ab7e9f12892af901e6184dc7f25ec8b620df4b3ab967f02a8e1327e086335858f7192dd444252cb1fdf11a424d071ce19480dbfe8a1cfd04c1a1

C:\Windows\system\oAwdDBB.exe

MD5 bba5db13cb641234f4398fa8d5d38afb
SHA1 d4822ce48583ac22b6d78d922a18271c11540805
SHA256 4f45b5f5d8a0f4f5cbdb4aaf8b57611ba4327ed2b1bc3f6721cdd0e33d948aca
SHA512 1d930112e55e4cb43cd0f4bfb2d646b05a00d78737f5799c166071adf79e35e9730195ab12d7f9fc4a70c599b2838afacc1237d04f3ad25b91f68ea5d7bae711

\Windows\system\ZXmBRCE.exe

MD5 90e69003bb97ce18f3e9abd662c6248f
SHA1 3170d1b179164cf6da04a616ea06b38a4ca16d80
SHA256 40d4da1fd68facfac9bee472167495080924dc9f8cb2bb380ba407c6c819efd2
SHA512 eabe981ef8367920bedfb21e8392f7b70afa285263a18c7eb9ba7f07c64fc4d119497b96f23c142c7ab02c870fca11f9220451269f331f2ede443bc48ae3ef20

C:\Windows\system\SjaOfIc.exe

MD5 683fe56aad6bfa14d5b93d347fed868b
SHA1 6881516d76cf539a759309af6a9082c3a9badea6
SHA256 5a9ac48099feb07c4290d528813674962490af9b9cfca983b224340e83d29088
SHA512 5df19707a02bccf8b612eb284b193dd73e0458359a871f63e76a343221812b68159882a939d6537335f7c836edfa3d6d28ac3ff774aa516fd11855f806b440c6

C:\Windows\system\caEQtkW.exe

MD5 81b45aca692b699418a56cbf534ebc02
SHA1 c460d7e8adfa4637ea66bf121e5cbd82d001ef8e
SHA256 0bb12050562c348f32382ab4721250dbbbde3260f77e88f7a461ecc5240700f8
SHA512 47d64c9eef98a4007f9b7fcb7dd8c9efdd633780fa9cef8b8d6cc54d98d51b4fdac3b3d6c6272abeea1772661fc741ed2786460f4c368225f6050f4444336515

C:\Windows\system\eVpnpUa.exe

MD5 9955106daf34118e37ee92130765719a
SHA1 39d248c4cd0309898c547831e3155dcefacddeb1
SHA256 7793d7c7e5b858383ec433aa3df8697365b842f2ff787607efda2d847a30f28d
SHA512 0023bb2ee675f3728b0bd57b062b6bde2e6762531bac54d46cdd10fa79053aa61ad273c03d998d72060ef6bd59205d1e4d05838905f3333e88b2372427ac4067

C:\Windows\system\PqOAmSn.exe

MD5 e223f2f7282f80a0955904dcaf69eb3f
SHA1 a50c53f31290c0f72af25bafddb731f9ece63cf7
SHA256 5a04ed8d38c6bc10fd9695aff9d760e9e7b255d5bdc5dd0752aa9e216655270f
SHA512 b17dc5bfca2fd7317fb7cd88194fdb7b76affd140846f5fb9597f5bb129c5aa0439a96cf2424e89cf7b1a811997816c5dc3c8bfe8aaab623ee7904e16463388d

C:\Windows\system\WsQwlcF.exe

MD5 6ce1780c7e3435d7321d51c84516fce1
SHA1 b1aa39b1c4a028c5f96067080ac1a201caae9c05
SHA256 6789e89178cfaa6e69dcec21a83d72d760fff51dde58a4feb20c1150dc3114bc
SHA512 b7208f19a627a3d6ee0363e05851b2c62b18873c28ba514e9d63dd5ac1eea88956beb014c81058858bce22b8f50f038b891d6650dfefffabcf1cba35a0523c3c

C:\Windows\system\QeFlsPh.exe

MD5 20894b1872e4911824687d8eeec42f5e
SHA1 313724f0951cb0d2813c93f002575741ff5ad7da
SHA256 38b1f968805ef292d1d6d2eb1d0d2ebe8b028f7b2c3486fef4a1a6e8fbf0848e
SHA512 67e774d5b9391879d1e52462476ef3f3cd12ef80d0adb1dcd88e06d9360913eaa0f0a79c46cef6d053cf60be03e5610e64c9dfdb98546e133a66f26c01129a4e

C:\Windows\system\okDuCwZ.exe

MD5 c9399b8ff494793b39426a831742e70d
SHA1 e222c8573ba8a189e10f09ed6c416b2473a5d100
SHA256 39dbdf5a421c61a6d659654aea34faff5b2481812b682dc0a87dda7e758eec82
SHA512 96b4c4c14fc893f62a2faba7d3a05b6e134fe0caca8e3430c8019f0cc96f44aeacb03ba9be948e125ea585eb9d69787065a2bb483cfce4274c21c7845fed7b33

C:\Windows\system\JZlEpfD.exe

MD5 6edbf7054a298152550e92c49ead2b18
SHA1 8f15794045ef6007495eaca102163eba1efd57a5
SHA256 3e3dfb0e23df9180cb240663ea1ef2ad7a4a60d2a9d3a58828915af22deed589
SHA512 4a7d5a6c6827d360f2ede83f01468e6b55a35a15a2cd6133a785276659e2a9fd38332c03fdc01c3c12268ad0f30d463943dd61f9aadc8f32e6dc0c1709a5ebfd

C:\Windows\system\IpaIATI.exe

MD5 208adff32c7c54cf8715b4397441ca37
SHA1 e6f5c72ffef3906931ce4e334a2d3133f54a5e1e
SHA256 c8848e03c748326c38046ec5604fa19e22fa7742072bf3c78c1c66605bf313ae
SHA512 20d016cfb150b1df821db9752850802592d365166f9416352617e7fd98a11db39be5bf257988f8385773626f76892854ac6b7adf894f923dfa568b72cfd0bd52

C:\Windows\system\iCjXrwG.exe

MD5 dabdc25125ceb867c0d93e9259f57710
SHA1 3846beca4e9bb2a3335111e4e0f4bba29517d55c
SHA256 811421e927c58e84fe7b6a9e2caef9a06820d2141bb1134a4abfb6f438fac9c7
SHA512 a65c2e5f5788aa81b62dde4d4045e535ab1adf335b37da90e125e28663a29b24a483e71ea0960dafc290b1cddb8cdf3c4d709fefcdca8981803ce32b377fe95a

C:\Windows\system\FfIjmeA.exe

MD5 2df42db5fdf5a22bab354e818c5f534c
SHA1 9e8f7de1d1462bd80bff860d88aa0e042a8ba022
SHA256 a048510f83f89726d8bf8c6f1b548672bf280ad64003733feb5fe2e305f8a815
SHA512 e1399d978eb29a6fe8e56d0620ddb21ecc1386916f3297aa2c42c4245307db28dbc430157e7a988897ff9407b4dbc0476125d0f69bcb490d16f5b199cbae7c44

C:\Windows\system\uqcWLbq.exe

MD5 4385521a1f7a3ab06c9f880a7e2a32b0
SHA1 5f4a41d2bea8f4ebe38a6b58e5e91b95dd32796d
SHA256 9da169e19ccafac820b4ed3650b88aa5d5e7a227c66d35fe07466ac406e9b4b9
SHA512 fa6ad815a6e8210949192226e036242696be82aa82443a445243a3d71ea5f3a66ce3aa31cf4d3a962a21b2c86895cb2d001d13413197bdca966af3968b35e3be

C:\Windows\system\RPGnZgp.exe

MD5 6a789abc870e023dc4c42d9b427ae607
SHA1 8bcee1c10450222d3cefbfce1a77a9d0eacace27
SHA256 ab0cd39f37332286d8a6116c56707e0c6fe4a410d269a2c415cf71f1f1b1b72a
SHA512 cf6927212cb442d1b395af4fe4126e874ebcfcd40aae9e6acb11261808619959168c41c389d469b0bc635d585e54482dc76ae2bbb91128ae5cc57670070ac32d

C:\Windows\system\DYZKmVq.exe

MD5 b108c9eb457ea5b26880129057495de0
SHA1 cc9b6a4170c998c2cb9c91ec5e8fd256fe1ab23c
SHA256 09c0259cc0ff26d28acefd3a7ef607d1d19498d9a0ba26f59e1f5336991c1258
SHA512 641737aafbcbbaf3c6f8bad78087b73ec53faba851b066e282f161eacf4421d85dae4b819945dd6779b549c294e1308c79601fe52a472ecf77331106830c1564

C:\Windows\system\zLtRxdK.exe

MD5 2d64b97f65594742d8a6145c1132ae02
SHA1 4cc3b5908996c7960045d4b4a93ebfbc4dde99ba
SHA256 bf73cac494b3e5d405fca04725d38247da4666e3cfc7abf3a25f8e49f1503cb1
SHA512 ec24bd9e78d9c6e0c156e9b2fbb3797801b23d28bc3b8d63cecdf61e9e61bf68aab23f156a0c18d042211cdc55ae9bf9b3d3c532c3a31d6559aee70d5fa57afd