Malware Analysis Report

2024-10-10 09:46

Sample ID 240624-3qqw7aycpe
Target 12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
SHA256 12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f
Tags
miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f

Threat Level: Known bad

The file 12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner kpot xmrig stealer trojan

xmrig

KPOT

Xmrig family

Kpot family

KPOT Core Executable

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-24 23:43

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 23:43

Reported

2024-06-24 23:46

Platform

win7-20240221-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YxBXdgA.exe N/A
N/A N/A C:\Windows\System\VXGUruP.exe N/A
N/A N/A C:\Windows\System\GffZrpN.exe N/A
N/A N/A C:\Windows\System\mCFkpOL.exe N/A
N/A N/A C:\Windows\System\BpKjuNW.exe N/A
N/A N/A C:\Windows\System\IVupqED.exe N/A
N/A N/A C:\Windows\System\FMWzBCH.exe N/A
N/A N/A C:\Windows\System\cflRSBz.exe N/A
N/A N/A C:\Windows\System\ffoGcoa.exe N/A
N/A N/A C:\Windows\System\yfsrvuC.exe N/A
N/A N/A C:\Windows\System\BoqpXwT.exe N/A
N/A N/A C:\Windows\System\vtuHwWs.exe N/A
N/A N/A C:\Windows\System\lnqjLUu.exe N/A
N/A N/A C:\Windows\System\NbvfICc.exe N/A
N/A N/A C:\Windows\System\eCfhLSC.exe N/A
N/A N/A C:\Windows\System\UGAjvhB.exe N/A
N/A N/A C:\Windows\System\dcSaRqd.exe N/A
N/A N/A C:\Windows\System\YTibJrL.exe N/A
N/A N/A C:\Windows\System\HCFhiqy.exe N/A
N/A N/A C:\Windows\System\NGVGZvr.exe N/A
N/A N/A C:\Windows\System\bmyHuoq.exe N/A
N/A N/A C:\Windows\System\eMvcPbs.exe N/A
N/A N/A C:\Windows\System\BCoDqDX.exe N/A
N/A N/A C:\Windows\System\rohHIPw.exe N/A
N/A N/A C:\Windows\System\gCDGbRV.exe N/A
N/A N/A C:\Windows\System\YlelltM.exe N/A
N/A N/A C:\Windows\System\pAevcDl.exe N/A
N/A N/A C:\Windows\System\PFTULfS.exe N/A
N/A N/A C:\Windows\System\Hoztied.exe N/A
N/A N/A C:\Windows\System\FPaiHBE.exe N/A
N/A N/A C:\Windows\System\tcFajyu.exe N/A
N/A N/A C:\Windows\System\BcyIuwG.exe N/A
N/A N/A C:\Windows\System\ViVZDur.exe N/A
N/A N/A C:\Windows\System\AIyVpKl.exe N/A
N/A N/A C:\Windows\System\bSDLJAu.exe N/A
N/A N/A C:\Windows\System\YHzHvcj.exe N/A
N/A N/A C:\Windows\System\bFfpDeK.exe N/A
N/A N/A C:\Windows\System\ZApkZbN.exe N/A
N/A N/A C:\Windows\System\RxaJwCc.exe N/A
N/A N/A C:\Windows\System\rFmDOQj.exe N/A
N/A N/A C:\Windows\System\cuTHBKL.exe N/A
N/A N/A C:\Windows\System\kPuLEZw.exe N/A
N/A N/A C:\Windows\System\hnRYJXJ.exe N/A
N/A N/A C:\Windows\System\KJRNVMq.exe N/A
N/A N/A C:\Windows\System\JkUkvEn.exe N/A
N/A N/A C:\Windows\System\kXuWwAp.exe N/A
N/A N/A C:\Windows\System\EqIWLPb.exe N/A
N/A N/A C:\Windows\System\bhRIbIn.exe N/A
N/A N/A C:\Windows\System\xRmSOsg.exe N/A
N/A N/A C:\Windows\System\qXkoHJm.exe N/A
N/A N/A C:\Windows\System\YuIYRQJ.exe N/A
N/A N/A C:\Windows\System\vABNrpu.exe N/A
N/A N/A C:\Windows\System\lcjgsnI.exe N/A
N/A N/A C:\Windows\System\GzWiqRB.exe N/A
N/A N/A C:\Windows\System\JmXCrTl.exe N/A
N/A N/A C:\Windows\System\hOlxcQx.exe N/A
N/A N/A C:\Windows\System\tvvpntS.exe N/A
N/A N/A C:\Windows\System\ZbuMqBr.exe N/A
N/A N/A C:\Windows\System\phYxUfU.exe N/A
N/A N/A C:\Windows\System\pTGMrLY.exe N/A
N/A N/A C:\Windows\System\TVTfOcz.exe N/A
N/A N/A C:\Windows\System\afDBdPC.exe N/A
N/A N/A C:\Windows\System\mDySWvV.exe N/A
N/A N/A C:\Windows\System\sbUJjCK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vxPcAHs.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nQodagS.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhNJTHo.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOfhezK.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yooEddW.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yWTsoVK.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAUyeWJ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZMGWTou.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\oSOsONu.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\eMvcPbs.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\AIyVpKl.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRYyrNl.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJInacF.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\JehTRvz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUQVyWf.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbtNHTp.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJpskBf.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulcmhkA.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZjWDVP.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjBnAXV.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPVOZhB.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cflRSBz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGVGZvr.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPaiHBE.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pTGMrLY.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmYuCJN.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rohHIPw.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\hwTNLlM.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sExtxtZ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\agmckyW.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\qADonfM.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyqNqHP.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yfsrvuC.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGAjvhB.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\OkGmMXA.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGoqxbu.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MEWZhFU.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxhZelc.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTibJrL.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVTfOcz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUKmJPx.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\uLcMNjz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehgEvuf.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\tViAwjU.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpaawbY.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jJamkxC.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCbvQNq.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORtEzSy.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPuLEZw.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yINlNFO.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\kybgIjI.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNLPEsU.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nZwFilH.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\wcfKWGg.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtlMonD.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXmKLig.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\BBMLmlB.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVupqED.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXkoHJm.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\mDySWvV.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsHKttI.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\HEXVKAc.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MNIRfki.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\szDtGzW.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YxBXdgA.exe
PID 1996 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YxBXdgA.exe
PID 1996 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YxBXdgA.exe
PID 1996 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\VXGUruP.exe
PID 1996 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\VXGUruP.exe
PID 1996 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\VXGUruP.exe
PID 1996 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\GffZrpN.exe
PID 1996 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\GffZrpN.exe
PID 1996 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\GffZrpN.exe
PID 1996 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\mCFkpOL.exe
PID 1996 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\mCFkpOL.exe
PID 1996 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\mCFkpOL.exe
PID 1996 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BpKjuNW.exe
PID 1996 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BpKjuNW.exe
PID 1996 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BpKjuNW.exe
PID 1996 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IVupqED.exe
PID 1996 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IVupqED.exe
PID 1996 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IVupqED.exe
PID 1996 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\FMWzBCH.exe
PID 1996 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\FMWzBCH.exe
PID 1996 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\FMWzBCH.exe
PID 1996 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\cflRSBz.exe
PID 1996 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\cflRSBz.exe
PID 1996 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\cflRSBz.exe
PID 1996 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ffoGcoa.exe
PID 1996 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ffoGcoa.exe
PID 1996 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ffoGcoa.exe
PID 1996 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\yfsrvuC.exe
PID 1996 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\yfsrvuC.exe
PID 1996 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\yfsrvuC.exe
PID 1996 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BoqpXwT.exe
PID 1996 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BoqpXwT.exe
PID 1996 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\BoqpXwT.exe
PID 1996 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\vtuHwWs.exe
PID 1996 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\vtuHwWs.exe
PID 1996 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\vtuHwWs.exe
PID 1996 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\lnqjLUu.exe
PID 1996 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\lnqjLUu.exe
PID 1996 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\lnqjLUu.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NbvfICc.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NbvfICc.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NbvfICc.exe
PID 1996 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\eCfhLSC.exe
PID 1996 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\eCfhLSC.exe
PID 1996 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\eCfhLSC.exe
PID 1996 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\UGAjvhB.exe
PID 1996 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\UGAjvhB.exe
PID 1996 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\UGAjvhB.exe
PID 1996 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\dcSaRqd.exe
PID 1996 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\dcSaRqd.exe
PID 1996 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\dcSaRqd.exe
PID 1996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YTibJrL.exe
PID 1996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YTibJrL.exe
PID 1996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YTibJrL.exe
PID 1996 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\HCFhiqy.exe
PID 1996 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\HCFhiqy.exe
PID 1996 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\HCFhiqy.exe
PID 1996 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NGVGZvr.exe
PID 1996 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NGVGZvr.exe
PID 1996 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NGVGZvr.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\bmyHuoq.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\bmyHuoq.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\bmyHuoq.exe
PID 1996 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\eMvcPbs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe"

C:\Windows\System\YxBXdgA.exe

C:\Windows\System\YxBXdgA.exe

C:\Windows\System\VXGUruP.exe

C:\Windows\System\VXGUruP.exe

C:\Windows\System\GffZrpN.exe

C:\Windows\System\GffZrpN.exe

C:\Windows\System\mCFkpOL.exe

C:\Windows\System\mCFkpOL.exe

C:\Windows\System\BpKjuNW.exe

C:\Windows\System\BpKjuNW.exe

C:\Windows\System\IVupqED.exe

C:\Windows\System\IVupqED.exe

C:\Windows\System\FMWzBCH.exe

C:\Windows\System\FMWzBCH.exe

C:\Windows\System\cflRSBz.exe

C:\Windows\System\cflRSBz.exe

C:\Windows\System\ffoGcoa.exe

C:\Windows\System\ffoGcoa.exe

C:\Windows\System\yfsrvuC.exe

C:\Windows\System\yfsrvuC.exe

C:\Windows\System\BoqpXwT.exe

C:\Windows\System\BoqpXwT.exe

C:\Windows\System\vtuHwWs.exe

C:\Windows\System\vtuHwWs.exe

C:\Windows\System\lnqjLUu.exe

C:\Windows\System\lnqjLUu.exe

C:\Windows\System\NbvfICc.exe

C:\Windows\System\NbvfICc.exe

C:\Windows\System\eCfhLSC.exe

C:\Windows\System\eCfhLSC.exe

C:\Windows\System\UGAjvhB.exe

C:\Windows\System\UGAjvhB.exe

C:\Windows\System\dcSaRqd.exe

C:\Windows\System\dcSaRqd.exe

C:\Windows\System\YTibJrL.exe

C:\Windows\System\YTibJrL.exe

C:\Windows\System\HCFhiqy.exe

C:\Windows\System\HCFhiqy.exe

C:\Windows\System\NGVGZvr.exe

C:\Windows\System\NGVGZvr.exe

C:\Windows\System\bmyHuoq.exe

C:\Windows\System\bmyHuoq.exe

C:\Windows\System\eMvcPbs.exe

C:\Windows\System\eMvcPbs.exe

C:\Windows\System\BCoDqDX.exe

C:\Windows\System\BCoDqDX.exe

C:\Windows\System\rohHIPw.exe

C:\Windows\System\rohHIPw.exe

C:\Windows\System\gCDGbRV.exe

C:\Windows\System\gCDGbRV.exe

C:\Windows\System\YlelltM.exe

C:\Windows\System\YlelltM.exe

C:\Windows\System\pAevcDl.exe

C:\Windows\System\pAevcDl.exe

C:\Windows\System\PFTULfS.exe

C:\Windows\System\PFTULfS.exe

C:\Windows\System\Hoztied.exe

C:\Windows\System\Hoztied.exe

C:\Windows\System\FPaiHBE.exe

C:\Windows\System\FPaiHBE.exe

C:\Windows\System\tcFajyu.exe

C:\Windows\System\tcFajyu.exe

C:\Windows\System\BcyIuwG.exe

C:\Windows\System\BcyIuwG.exe

C:\Windows\System\ViVZDur.exe

C:\Windows\System\ViVZDur.exe

C:\Windows\System\AIyVpKl.exe

C:\Windows\System\AIyVpKl.exe

C:\Windows\System\bSDLJAu.exe

C:\Windows\System\bSDLJAu.exe

C:\Windows\System\YHzHvcj.exe

C:\Windows\System\YHzHvcj.exe

C:\Windows\System\bFfpDeK.exe

C:\Windows\System\bFfpDeK.exe

C:\Windows\System\ZApkZbN.exe

C:\Windows\System\ZApkZbN.exe

C:\Windows\System\RxaJwCc.exe

C:\Windows\System\RxaJwCc.exe

C:\Windows\System\rFmDOQj.exe

C:\Windows\System\rFmDOQj.exe

C:\Windows\System\cuTHBKL.exe

C:\Windows\System\cuTHBKL.exe

C:\Windows\System\kPuLEZw.exe

C:\Windows\System\kPuLEZw.exe

C:\Windows\System\hnRYJXJ.exe

C:\Windows\System\hnRYJXJ.exe

C:\Windows\System\KJRNVMq.exe

C:\Windows\System\KJRNVMq.exe

C:\Windows\System\JkUkvEn.exe

C:\Windows\System\JkUkvEn.exe

C:\Windows\System\kXuWwAp.exe

C:\Windows\System\kXuWwAp.exe

C:\Windows\System\EqIWLPb.exe

C:\Windows\System\EqIWLPb.exe

C:\Windows\System\bhRIbIn.exe

C:\Windows\System\bhRIbIn.exe

C:\Windows\System\xRmSOsg.exe

C:\Windows\System\xRmSOsg.exe

C:\Windows\System\qXkoHJm.exe

C:\Windows\System\qXkoHJm.exe

C:\Windows\System\YuIYRQJ.exe

C:\Windows\System\YuIYRQJ.exe

C:\Windows\System\vABNrpu.exe

C:\Windows\System\vABNrpu.exe

C:\Windows\System\lcjgsnI.exe

C:\Windows\System\lcjgsnI.exe

C:\Windows\System\GzWiqRB.exe

C:\Windows\System\GzWiqRB.exe

C:\Windows\System\JmXCrTl.exe

C:\Windows\System\JmXCrTl.exe

C:\Windows\System\hOlxcQx.exe

C:\Windows\System\hOlxcQx.exe

C:\Windows\System\tvvpntS.exe

C:\Windows\System\tvvpntS.exe

C:\Windows\System\ZbuMqBr.exe

C:\Windows\System\ZbuMqBr.exe

C:\Windows\System\phYxUfU.exe

C:\Windows\System\phYxUfU.exe

C:\Windows\System\pTGMrLY.exe

C:\Windows\System\pTGMrLY.exe

C:\Windows\System\TVTfOcz.exe

C:\Windows\System\TVTfOcz.exe

C:\Windows\System\afDBdPC.exe

C:\Windows\System\afDBdPC.exe

C:\Windows\System\mDySWvV.exe

C:\Windows\System\mDySWvV.exe

C:\Windows\System\sbUJjCK.exe

C:\Windows\System\sbUJjCK.exe

C:\Windows\System\QbbtgUt.exe

C:\Windows\System\QbbtgUt.exe

C:\Windows\System\ClMYaYH.exe

C:\Windows\System\ClMYaYH.exe

C:\Windows\System\CRYyrNl.exe

C:\Windows\System\CRYyrNl.exe

C:\Windows\System\hwTNLlM.exe

C:\Windows\System\hwTNLlM.exe

C:\Windows\System\WmGXykk.exe

C:\Windows\System\WmGXykk.exe

C:\Windows\System\lzqCwBN.exe

C:\Windows\System\lzqCwBN.exe

C:\Windows\System\FRbOCYC.exe

C:\Windows\System\FRbOCYC.exe

C:\Windows\System\vxPcAHs.exe

C:\Windows\System\vxPcAHs.exe

C:\Windows\System\qHhllss.exe

C:\Windows\System\qHhllss.exe

C:\Windows\System\aUKmJPx.exe

C:\Windows\System\aUKmJPx.exe

C:\Windows\System\qdJQUSk.exe

C:\Windows\System\qdJQUSk.exe

C:\Windows\System\GAcxXwu.exe

C:\Windows\System\GAcxXwu.exe

C:\Windows\System\JCgzLdL.exe

C:\Windows\System\JCgzLdL.exe

C:\Windows\System\XlrlAaa.exe

C:\Windows\System\XlrlAaa.exe

C:\Windows\System\jdgQEWo.exe

C:\Windows\System\jdgQEWo.exe

C:\Windows\System\tViAwjU.exe

C:\Windows\System\tViAwjU.exe

C:\Windows\System\VZPIgju.exe

C:\Windows\System\VZPIgju.exe

C:\Windows\System\MBqFNLq.exe

C:\Windows\System\MBqFNLq.exe

C:\Windows\System\arYSpCY.exe

C:\Windows\System\arYSpCY.exe

C:\Windows\System\xMwZqER.exe

C:\Windows\System\xMwZqER.exe

C:\Windows\System\TeIMKZO.exe

C:\Windows\System\TeIMKZO.exe

C:\Windows\System\yINlNFO.exe

C:\Windows\System\yINlNFO.exe

C:\Windows\System\BddcQve.exe

C:\Windows\System\BddcQve.exe

C:\Windows\System\uzXZLzt.exe

C:\Windows\System\uzXZLzt.exe

C:\Windows\System\wcfKWGg.exe

C:\Windows\System\wcfKWGg.exe

C:\Windows\System\MDUfldv.exe

C:\Windows\System\MDUfldv.exe

C:\Windows\System\DWJCCZe.exe

C:\Windows\System\DWJCCZe.exe

C:\Windows\System\XHgbnjc.exe

C:\Windows\System\XHgbnjc.exe

C:\Windows\System\MQvsylB.exe

C:\Windows\System\MQvsylB.exe

C:\Windows\System\QTWRsqt.exe

C:\Windows\System\QTWRsqt.exe

C:\Windows\System\JwVFtHq.exe

C:\Windows\System\JwVFtHq.exe

C:\Windows\System\ZjfyOIU.exe

C:\Windows\System\ZjfyOIU.exe

C:\Windows\System\yWTsoVK.exe

C:\Windows\System\yWTsoVK.exe

C:\Windows\System\ToPojUr.exe

C:\Windows\System\ToPojUr.exe

C:\Windows\System\RLgfxrE.exe

C:\Windows\System\RLgfxrE.exe

C:\Windows\System\ArVqDeI.exe

C:\Windows\System\ArVqDeI.exe

C:\Windows\System\YmWBQLQ.exe

C:\Windows\System\YmWBQLQ.exe

C:\Windows\System\uLcMNjz.exe

C:\Windows\System\uLcMNjz.exe

C:\Windows\System\sExtxtZ.exe

C:\Windows\System\sExtxtZ.exe

C:\Windows\System\UytOzRO.exe

C:\Windows\System\UytOzRO.exe

C:\Windows\System\aBNGafo.exe

C:\Windows\System\aBNGafo.exe

C:\Windows\System\bNOfnsC.exe

C:\Windows\System\bNOfnsC.exe

C:\Windows\System\WpeZyed.exe

C:\Windows\System\WpeZyed.exe

C:\Windows\System\YHEnEnf.exe

C:\Windows\System\YHEnEnf.exe

C:\Windows\System\gKpIqIq.exe

C:\Windows\System\gKpIqIq.exe

C:\Windows\System\BcMoMJh.exe

C:\Windows\System\BcMoMJh.exe

C:\Windows\System\mzlnySZ.exe

C:\Windows\System\mzlnySZ.exe

C:\Windows\System\YieCBUS.exe

C:\Windows\System\YieCBUS.exe

C:\Windows\System\GvzGrHF.exe

C:\Windows\System\GvzGrHF.exe

C:\Windows\System\kIBJlhj.exe

C:\Windows\System\kIBJlhj.exe

C:\Windows\System\NInQDcx.exe

C:\Windows\System\NInQDcx.exe

C:\Windows\System\gsHKttI.exe

C:\Windows\System\gsHKttI.exe

C:\Windows\System\BwgyxNI.exe

C:\Windows\System\BwgyxNI.exe

C:\Windows\System\PkEJNtb.exe

C:\Windows\System\PkEJNtb.exe

C:\Windows\System\gNWCRzC.exe

C:\Windows\System\gNWCRzC.exe

C:\Windows\System\RXPPdkP.exe

C:\Windows\System\RXPPdkP.exe

C:\Windows\System\MxItmCf.exe

C:\Windows\System\MxItmCf.exe

C:\Windows\System\Fyurybq.exe

C:\Windows\System\Fyurybq.exe

C:\Windows\System\GYeJgSU.exe

C:\Windows\System\GYeJgSU.exe

C:\Windows\System\LMFTrrl.exe

C:\Windows\System\LMFTrrl.exe

C:\Windows\System\RrzdhLt.exe

C:\Windows\System\RrzdhLt.exe

C:\Windows\System\HzhsRMK.exe

C:\Windows\System\HzhsRMK.exe

C:\Windows\System\faqrqau.exe

C:\Windows\System\faqrqau.exe

C:\Windows\System\kybgIjI.exe

C:\Windows\System\kybgIjI.exe

C:\Windows\System\LhtSDRQ.exe

C:\Windows\System\LhtSDRQ.exe

C:\Windows\System\CzOlzJG.exe

C:\Windows\System\CzOlzJG.exe

C:\Windows\System\bQqRlnp.exe

C:\Windows\System\bQqRlnp.exe

C:\Windows\System\mmYuCJN.exe

C:\Windows\System\mmYuCJN.exe

C:\Windows\System\TozElCV.exe

C:\Windows\System\TozElCV.exe

C:\Windows\System\LsYIaHM.exe

C:\Windows\System\LsYIaHM.exe

C:\Windows\System\nQodagS.exe

C:\Windows\System\nQodagS.exe

C:\Windows\System\OkGmMXA.exe

C:\Windows\System\OkGmMXA.exe

C:\Windows\System\ehgEvuf.exe

C:\Windows\System\ehgEvuf.exe

C:\Windows\System\pGoqxbu.exe

C:\Windows\System\pGoqxbu.exe

C:\Windows\System\zLRmvHr.exe

C:\Windows\System\zLRmvHr.exe

C:\Windows\System\nagTqna.exe

C:\Windows\System\nagTqna.exe

C:\Windows\System\JGJScIb.exe

C:\Windows\System\JGJScIb.exe

C:\Windows\System\mNLPEsU.exe

C:\Windows\System\mNLPEsU.exe

C:\Windows\System\FjhHJUi.exe

C:\Windows\System\FjhHJUi.exe

C:\Windows\System\qiZayQq.exe

C:\Windows\System\qiZayQq.exe

C:\Windows\System\HEXVKAc.exe

C:\Windows\System\HEXVKAc.exe

C:\Windows\System\JwIBSHZ.exe

C:\Windows\System\JwIBSHZ.exe

C:\Windows\System\pgvFqhF.exe

C:\Windows\System\pgvFqhF.exe

C:\Windows\System\TmJYSDQ.exe

C:\Windows\System\TmJYSDQ.exe

C:\Windows\System\zrUfQgu.exe

C:\Windows\System\zrUfQgu.exe

C:\Windows\System\ITWeLXQ.exe

C:\Windows\System\ITWeLXQ.exe

C:\Windows\System\PLmwdQe.exe

C:\Windows\System\PLmwdQe.exe

C:\Windows\System\EXmKLig.exe

C:\Windows\System\EXmKLig.exe

C:\Windows\System\tlGCsFD.exe

C:\Windows\System\tlGCsFD.exe

C:\Windows\System\EDWLOll.exe

C:\Windows\System\EDWLOll.exe

C:\Windows\System\FmtPmGS.exe

C:\Windows\System\FmtPmGS.exe

C:\Windows\System\kHgHeIc.exe

C:\Windows\System\kHgHeIc.exe

C:\Windows\System\EYwisYp.exe

C:\Windows\System\EYwisYp.exe

C:\Windows\System\vfdUoFs.exe

C:\Windows\System\vfdUoFs.exe

C:\Windows\System\bgMkxAU.exe

C:\Windows\System\bgMkxAU.exe

C:\Windows\System\FfoOgbV.exe

C:\Windows\System\FfoOgbV.exe

C:\Windows\System\BlMzUxE.exe

C:\Windows\System\BlMzUxE.exe

C:\Windows\System\tJuMqUz.exe

C:\Windows\System\tJuMqUz.exe

C:\Windows\System\MEWZhFU.exe

C:\Windows\System\MEWZhFU.exe

C:\Windows\System\uidtgkR.exe

C:\Windows\System\uidtgkR.exe

C:\Windows\System\QMyILSQ.exe

C:\Windows\System\QMyILSQ.exe

C:\Windows\System\JehTRvz.exe

C:\Windows\System\JehTRvz.exe

C:\Windows\System\oDbIxJv.exe

C:\Windows\System\oDbIxJv.exe

C:\Windows\System\UcUvWZr.exe

C:\Windows\System\UcUvWZr.exe

C:\Windows\System\OHJJHpR.exe

C:\Windows\System\OHJJHpR.exe

C:\Windows\System\agmckyW.exe

C:\Windows\System\agmckyW.exe

C:\Windows\System\ugofChT.exe

C:\Windows\System\ugofChT.exe

C:\Windows\System\DAtliHF.exe

C:\Windows\System\DAtliHF.exe

C:\Windows\System\yFcqGbv.exe

C:\Windows\System\yFcqGbv.exe

C:\Windows\System\TJsavCy.exe

C:\Windows\System\TJsavCy.exe

C:\Windows\System\VyBstOb.exe

C:\Windows\System\VyBstOb.exe

C:\Windows\System\pPzhMDT.exe

C:\Windows\System\pPzhMDT.exe

C:\Windows\System\kYGZXrL.exe

C:\Windows\System\kYGZXrL.exe

C:\Windows\System\GlKYRlL.exe

C:\Windows\System\GlKYRlL.exe

C:\Windows\System\twjuCCz.exe

C:\Windows\System\twjuCCz.exe

C:\Windows\System\bOMvYmX.exe

C:\Windows\System\bOMvYmX.exe

C:\Windows\System\RSGqrmn.exe

C:\Windows\System\RSGqrmn.exe

C:\Windows\System\xFEsdux.exe

C:\Windows\System\xFEsdux.exe

C:\Windows\System\BzsCyFJ.exe

C:\Windows\System\BzsCyFJ.exe

C:\Windows\System\SpaawbY.exe

C:\Windows\System\SpaawbY.exe

C:\Windows\System\ECgyHOk.exe

C:\Windows\System\ECgyHOk.exe

C:\Windows\System\VOzkAIn.exe

C:\Windows\System\VOzkAIn.exe

C:\Windows\System\EswfkQs.exe

C:\Windows\System\EswfkQs.exe

C:\Windows\System\vIeCice.exe

C:\Windows\System\vIeCice.exe

C:\Windows\System\XyNCutx.exe

C:\Windows\System\XyNCutx.exe

C:\Windows\System\SGhvpTn.exe

C:\Windows\System\SGhvpTn.exe

C:\Windows\System\FjtYcuY.exe

C:\Windows\System\FjtYcuY.exe

C:\Windows\System\gfSBGwc.exe

C:\Windows\System\gfSBGwc.exe

C:\Windows\System\nmwghsX.exe

C:\Windows\System\nmwghsX.exe

C:\Windows\System\OLUJlhf.exe

C:\Windows\System\OLUJlhf.exe

C:\Windows\System\vQJqhlm.exe

C:\Windows\System\vQJqhlm.exe

C:\Windows\System\kbrbYzj.exe

C:\Windows\System\kbrbYzj.exe

C:\Windows\System\QrpAsPQ.exe

C:\Windows\System\QrpAsPQ.exe

C:\Windows\System\qhNJTHo.exe

C:\Windows\System\qhNJTHo.exe

C:\Windows\System\eKzBCVW.exe

C:\Windows\System\eKzBCVW.exe

C:\Windows\System\URWStLv.exe

C:\Windows\System\URWStLv.exe

C:\Windows\System\RzuTfUq.exe

C:\Windows\System\RzuTfUq.exe

C:\Windows\System\cOfhezK.exe

C:\Windows\System\cOfhezK.exe

C:\Windows\System\PjpBfjN.exe

C:\Windows\System\PjpBfjN.exe

C:\Windows\System\FaPesgN.exe

C:\Windows\System\FaPesgN.exe

C:\Windows\System\tjgLzTJ.exe

C:\Windows\System\tjgLzTJ.exe

C:\Windows\System\vlglXKH.exe

C:\Windows\System\vlglXKH.exe

C:\Windows\System\xAUyeWJ.exe

C:\Windows\System\xAUyeWJ.exe

C:\Windows\System\rcdXewP.exe

C:\Windows\System\rcdXewP.exe

C:\Windows\System\mjlbEXS.exe

C:\Windows\System\mjlbEXS.exe

C:\Windows\System\lIFfNmm.exe

C:\Windows\System\lIFfNmm.exe

C:\Windows\System\nqjjMQp.exe

C:\Windows\System\nqjjMQp.exe

C:\Windows\System\TmmfSeX.exe

C:\Windows\System\TmmfSeX.exe

C:\Windows\System\ednkDHo.exe

C:\Windows\System\ednkDHo.exe

C:\Windows\System\LtlMonD.exe

C:\Windows\System\LtlMonD.exe

C:\Windows\System\fUQVyWf.exe

C:\Windows\System\fUQVyWf.exe

C:\Windows\System\yooEddW.exe

C:\Windows\System\yooEddW.exe

C:\Windows\System\oOHDZsm.exe

C:\Windows\System\oOHDZsm.exe

C:\Windows\System\UwpJNIW.exe

C:\Windows\System\UwpJNIW.exe

C:\Windows\System\uHOmfCx.exe

C:\Windows\System\uHOmfCx.exe

C:\Windows\System\ernuuxk.exe

C:\Windows\System\ernuuxk.exe

C:\Windows\System\XGStwxP.exe

C:\Windows\System\XGStwxP.exe

C:\Windows\System\xRuzMEj.exe

C:\Windows\System\xRuzMEj.exe

C:\Windows\System\uHOkCXa.exe

C:\Windows\System\uHOkCXa.exe

C:\Windows\System\VZOEvdc.exe

C:\Windows\System\VZOEvdc.exe

C:\Windows\System\uoyLoec.exe

C:\Windows\System\uoyLoec.exe

C:\Windows\System\bMVrwAx.exe

C:\Windows\System\bMVrwAx.exe

C:\Windows\System\mbtNIef.exe

C:\Windows\System\mbtNIef.exe

C:\Windows\System\JwIsTUY.exe

C:\Windows\System\JwIsTUY.exe

C:\Windows\System\hkNAsta.exe

C:\Windows\System\hkNAsta.exe

C:\Windows\System\eUxGsxj.exe

C:\Windows\System\eUxGsxj.exe

C:\Windows\System\aJngJya.exe

C:\Windows\System\aJngJya.exe

C:\Windows\System\ZjMCSZD.exe

C:\Windows\System\ZjMCSZD.exe

C:\Windows\System\TEgtPkD.exe

C:\Windows\System\TEgtPkD.exe

C:\Windows\System\tUUAeWl.exe

C:\Windows\System\tUUAeWl.exe

C:\Windows\System\qADonfM.exe

C:\Windows\System\qADonfM.exe

C:\Windows\System\cheAsIj.exe

C:\Windows\System\cheAsIj.exe

C:\Windows\System\jJamkxC.exe

C:\Windows\System\jJamkxC.exe

C:\Windows\System\TQLsWtz.exe

C:\Windows\System\TQLsWtz.exe

C:\Windows\System\VpPaIXy.exe

C:\Windows\System\VpPaIXy.exe

C:\Windows\System\Zmxjswj.exe

C:\Windows\System\Zmxjswj.exe

C:\Windows\System\MNIRfki.exe

C:\Windows\System\MNIRfki.exe

C:\Windows\System\AbtNHTp.exe

C:\Windows\System\AbtNHTp.exe

C:\Windows\System\dZjfDcH.exe

C:\Windows\System\dZjfDcH.exe

C:\Windows\System\HcnUlkX.exe

C:\Windows\System\HcnUlkX.exe

C:\Windows\System\cRgITTo.exe

C:\Windows\System\cRgITTo.exe

C:\Windows\System\dwKUQcw.exe

C:\Windows\System\dwKUQcw.exe

C:\Windows\System\YnPDCnc.exe

C:\Windows\System\YnPDCnc.exe

C:\Windows\System\CJpskBf.exe

C:\Windows\System\CJpskBf.exe

C:\Windows\System\ZeHOdam.exe

C:\Windows\System\ZeHOdam.exe

C:\Windows\System\JwJrcNn.exe

C:\Windows\System\JwJrcNn.exe

C:\Windows\System\BlnbzCi.exe

C:\Windows\System\BlnbzCi.exe

C:\Windows\System\BTyahLk.exe

C:\Windows\System\BTyahLk.exe

C:\Windows\System\ZDfFIGZ.exe

C:\Windows\System\ZDfFIGZ.exe

C:\Windows\System\GcQeBfs.exe

C:\Windows\System\GcQeBfs.exe

C:\Windows\System\ZMGWTou.exe

C:\Windows\System\ZMGWTou.exe

C:\Windows\System\jZWcmrW.exe

C:\Windows\System\jZWcmrW.exe

C:\Windows\System\wyqNqHP.exe

C:\Windows\System\wyqNqHP.exe

C:\Windows\System\uIXrFAP.exe

C:\Windows\System\uIXrFAP.exe

C:\Windows\System\nZwFilH.exe

C:\Windows\System\nZwFilH.exe

C:\Windows\System\oSOsONu.exe

C:\Windows\System\oSOsONu.exe

C:\Windows\System\szDtGzW.exe

C:\Windows\System\szDtGzW.exe

C:\Windows\System\Isovszk.exe

C:\Windows\System\Isovszk.exe

C:\Windows\System\jQEcquX.exe

C:\Windows\System\jQEcquX.exe

C:\Windows\System\CnrFgGU.exe

C:\Windows\System\CnrFgGU.exe

C:\Windows\System\hXmqgDW.exe

C:\Windows\System\hXmqgDW.exe

C:\Windows\System\azzKeJY.exe

C:\Windows\System\azzKeJY.exe

C:\Windows\System\nDiDhXe.exe

C:\Windows\System\nDiDhXe.exe

C:\Windows\System\RmNcOay.exe

C:\Windows\System\RmNcOay.exe

C:\Windows\System\cCbvQNq.exe

C:\Windows\System\cCbvQNq.exe

C:\Windows\System\mUxLKRm.exe

C:\Windows\System\mUxLKRm.exe

C:\Windows\System\WAeuCqY.exe

C:\Windows\System\WAeuCqY.exe

C:\Windows\System\HbtZXsu.exe

C:\Windows\System\HbtZXsu.exe

C:\Windows\System\PVaESDl.exe

C:\Windows\System\PVaESDl.exe

C:\Windows\System\gJInacF.exe

C:\Windows\System\gJInacF.exe

C:\Windows\System\MZjWDVP.exe

C:\Windows\System\MZjWDVP.exe

C:\Windows\System\QOcaOHL.exe

C:\Windows\System\QOcaOHL.exe

C:\Windows\System\RFkDods.exe

C:\Windows\System\RFkDods.exe

C:\Windows\System\jqTNVnq.exe

C:\Windows\System\jqTNVnq.exe

C:\Windows\System\cxhZelc.exe

C:\Windows\System\cxhZelc.exe

C:\Windows\System\oKwJkCT.exe

C:\Windows\System\oKwJkCT.exe

C:\Windows\System\AdrbWBq.exe

C:\Windows\System\AdrbWBq.exe

C:\Windows\System\jqdVBix.exe

C:\Windows\System\jqdVBix.exe

C:\Windows\System\zMjPydW.exe

C:\Windows\System\zMjPydW.exe

C:\Windows\System\ulcmhkA.exe

C:\Windows\System\ulcmhkA.exe

C:\Windows\System\PtIbFyD.exe

C:\Windows\System\PtIbFyD.exe

C:\Windows\System\kHSTMxG.exe

C:\Windows\System\kHSTMxG.exe

C:\Windows\System\HJrHqfI.exe

C:\Windows\System\HJrHqfI.exe

C:\Windows\System\srMUnuW.exe

C:\Windows\System\srMUnuW.exe

C:\Windows\System\wxEWrcI.exe

C:\Windows\System\wxEWrcI.exe

C:\Windows\System\MXkAmuD.exe

C:\Windows\System\MXkAmuD.exe

C:\Windows\System\HOhnwDh.exe

C:\Windows\System\HOhnwDh.exe

C:\Windows\System\haBfnZb.exe

C:\Windows\System\haBfnZb.exe

C:\Windows\System\VEKzKbf.exe

C:\Windows\System\VEKzKbf.exe

C:\Windows\System\YxkCjEX.exe

C:\Windows\System\YxkCjEX.exe

C:\Windows\System\ynyHIdB.exe

C:\Windows\System\ynyHIdB.exe

C:\Windows\System\sjBnAXV.exe

C:\Windows\System\sjBnAXV.exe

C:\Windows\System\asmgYwN.exe

C:\Windows\System\asmgYwN.exe

C:\Windows\System\vlFuKOv.exe

C:\Windows\System\vlFuKOv.exe

C:\Windows\System\OheKVUg.exe

C:\Windows\System\OheKVUg.exe

C:\Windows\System\TQRqmuS.exe

C:\Windows\System\TQRqmuS.exe

C:\Windows\System\MeCZczp.exe

C:\Windows\System\MeCZczp.exe

C:\Windows\System\hPVOZhB.exe

C:\Windows\System\hPVOZhB.exe

C:\Windows\System\fHsvWWm.exe

C:\Windows\System\fHsvWWm.exe

C:\Windows\System\BBMLmlB.exe

C:\Windows\System\BBMLmlB.exe

C:\Windows\System\qgcVyTV.exe

C:\Windows\System\qgcVyTV.exe

C:\Windows\System\tHHpKsC.exe

C:\Windows\System\tHHpKsC.exe

C:\Windows\System\JjziFhX.exe

C:\Windows\System\JjziFhX.exe

C:\Windows\System\lmhufjn.exe

C:\Windows\System\lmhufjn.exe

C:\Windows\System\fhXsBKA.exe

C:\Windows\System\fhXsBKA.exe

C:\Windows\System\OvIHjoA.exe

C:\Windows\System\OvIHjoA.exe

C:\Windows\System\UfqQmTj.exe

C:\Windows\System\UfqQmTj.exe

C:\Windows\System\ORtEzSy.exe

C:\Windows\System\ORtEzSy.exe

C:\Windows\System\oFkCezE.exe

C:\Windows\System\oFkCezE.exe

C:\Windows\System\gCXExZV.exe

C:\Windows\System\gCXExZV.exe

C:\Windows\System\mMOxamu.exe

C:\Windows\System\mMOxamu.exe

C:\Windows\System\EWNuIaP.exe

C:\Windows\System\EWNuIaP.exe

C:\Windows\System\qMVFYuX.exe

C:\Windows\System\qMVFYuX.exe

C:\Windows\System\gGFxNlm.exe

C:\Windows\System\gGFxNlm.exe

C:\Windows\System\bLZDJWV.exe

C:\Windows\System\bLZDJWV.exe

C:\Windows\System\OILlnOz.exe

C:\Windows\System\OILlnOz.exe

C:\Windows\System\rZDjAYX.exe

C:\Windows\System\rZDjAYX.exe

C:\Windows\System\NFPXHyd.exe

C:\Windows\System\NFPXHyd.exe

C:\Windows\System\OjgCpFG.exe

C:\Windows\System\OjgCpFG.exe

C:\Windows\System\xRqpHsB.exe

C:\Windows\System\xRqpHsB.exe

C:\Windows\System\MAuxhPG.exe

C:\Windows\System\MAuxhPG.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1996-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\YxBXdgA.exe

MD5 a3fa497a509e35073e1ffa6537f53940
SHA1 e83dea7052dfdca5c8c1e3fd89417772fe91c18f
SHA256 b2368a6cd5a6d1ce66e06108d0234aa453e46bdd13509e49eeffd9217ffd3abe
SHA512 99d9fe091974d54ec29a4473dc46659d1d240ba1fe5de989590775a71f563240ae4a92e81e8b56c57ad6e2c593e8e98a06f165ed985549ab4906d7bdcb27f9c9

C:\Windows\system\VXGUruP.exe

MD5 57e605ad1c35a647f57ddf95a2f28a55
SHA1 819872c99b19ee9ac96f969fe89be7299b41b75c
SHA256 2913ab26ba17a152feb9109cd7359062c0b1d8d492b4b945ce3e1d16defca744
SHA512 b7988f58854f8c87f3e872a29861ab130cfcfb8c80de21e380833eb9ed80d92a52fbf8f057145b2faaf3a2aa387e86bdd5f8af572723be2c46dd87c70e13788a

\Windows\system\GffZrpN.exe

MD5 a07afde4e0e47f20285b54542af91163
SHA1 e70d2dbc82dff795689b6db09d72a7d1b2981365
SHA256 0d56d123374db2a8e2713b4870309487f7c4199beabe81b89dd2bb09217060b6
SHA512 96a587db0c1a9bf1b75b3c365609cfa277a800452573284bffd575bb22d3013dbc2499312e89e8ae5c4933f02cef1288f917895a901832b904bb5875bbc3270b

\Windows\system\mCFkpOL.exe

MD5 144a7bcc0098ef097775f40fb1a7d988
SHA1 57d807e05a968c841ee555376351d6bfda37d0b9
SHA256 7433661645e61816a568dc1c8414361b54d78001beae5b978e4b8c8d36d01b2e
SHA512 0237667c11d4373056eff470a05cd7e1b6fa6d10e03ef36cc557db70f9487d0bce42cb369a76717d164d46baa2bc2783fcff1ce318a121b1ad83b77a9639efdc

C:\Windows\system\BpKjuNW.exe

MD5 22e559aa9a39f1d439eca163b579519f
SHA1 badc606dbbc3cbedc347f098d02901e644e1f5c9
SHA256 4d13182ac64b23e3d410945b8bf8fa546618d984e2e0fb482d6eb608793f2a9d
SHA512 3290b136c67b49830cdbcfb463c23dc24541353c8647ec36c1c93bc089125b52fa4593f7a842f83c812b0494b958a5e1b32b4b32c96b915c9c75205fa441cc8c

C:\Windows\system\IVupqED.exe

MD5 4813197da1a85223893989ac29bac39d
SHA1 791a6491f04620b3353b0e67601592360348ba4e
SHA256 4ac91e1ab41caed874e5aebe0ddef3ba5a6b7c847db45790b1909839d620df9f
SHA512 5e765b54767709812d451b170ef287dafe85c9dfa29e7827c69762f8832016a5c96f1051e2490c2544c3ff85fd89c6a9c703be618f07ac354b39ffbc17e7b2c8

C:\Windows\system\FMWzBCH.exe

MD5 de2b0bbc1687f9d525ff29274836e319
SHA1 29ee5831f36c73a5d8c6051006e33185e92eec32
SHA256 70c58926ce42565b9446d7215dcec7824bb707a1d3d962e125cac661ffb104f1
SHA512 646cbddeab56a7bd562f1f2df6a0037117834876bb86e0986fa33c63ec09a8ce59f70a0a931fd4b57ddac4f88fe12717c78d89de32c7ca3e61b871f06bc9c7ef

C:\Windows\system\cflRSBz.exe

MD5 bc2719429134ad764ed1e6a606706701
SHA1 e72914d9f79bf340b9f896a07a7e3ef7d5b769c0
SHA256 422814a844dbe20bd6843b3ac4ecf297d4a82bece25cbbb83bc27fbf3ca6582d
SHA512 00207733e365960946820b7df014073c2b3feda6bbf9582ac627b2653c6b829e2f9af680f66c59265a9855d6d8bb9d4e62807d59681d856565dea3e75c7c89bd

C:\Windows\system\ffoGcoa.exe

MD5 8256de2dde579df103790029f3b493e1
SHA1 25e05afc84f3d56384cdd4be7c9253a5c82dcc02
SHA256 514b95e3561a07b403f1476e1d1744a890703db864a3eb85574e4093086f18a4
SHA512 ac05f7867da2737ef15e31a3b54abf648ad93419ac038ce3254fc83484f89ff75f52e3b8c1446a8fad03f39ac7bbdbd80df4378950336d6ed900c373d14e6e32

C:\Windows\system\BoqpXwT.exe

MD5 318c405be59949e48563d1ae8e351dfc
SHA1 32a3849405f8dcd4f5376d35347b588f975e3ac7
SHA256 c0db559266d80791892fc1db65b9bbcd68ee873acd4a0bab961408244186c261
SHA512 4aad183a359205162f743878058413c6e2ddc9dc69092896bb809e56afced4447ca2cb764b13e9e3ff0933b14a3f08dde2409291efd8b3a3036c7820f056c332

C:\Windows\system\NbvfICc.exe

MD5 aa75c0bffcd98e82f9da1b3b12c6d2f1
SHA1 42fe04848445520de9949bd84a0641609d1b05a7
SHA256 d6420d2d77c1d0b46464df01839e80c2679f24fc9743629815e53958928eac7c
SHA512 62cfc891a4d2f6a0fa85069790ae234ef5c7e52e6736dd7179c0d7aed8007f38ce06597468c05c3ace8c4e13a3caefc501acc0a5682996637c805dd62391528f

C:\Windows\system\UGAjvhB.exe

MD5 d3f72bd292d7fff74d14c1c63293646d
SHA1 8aa932227c9e94a490e23ea1e5611fdda853264d
SHA256 1c49b9ebf497d056e8f364e1c491e6a0d08ad7e2bac983491c71f50a4240161d
SHA512 eb6e8df6a894c1e99b63221fac06ff6929b22dcb3b3b5813dfe7ca9d53e46828c3a8582d336010334b16603678540acb56c834ce4669e1f680df6390858243a6

C:\Windows\system\bmyHuoq.exe

MD5 1575e32dfcaa79e92e2b2e5098c8e8bb
SHA1 3eab55029b76770793016cb433dd9ee5d71bc47b
SHA256 7186b9da0916b616548c94a9da04a59c8673089df219c893f8dbe28cd063f581
SHA512 b602b024a3a73c29349a72460840d890121ccec249ac6c13b26ed12e9f2b5d88efa36114bcfeef1282151eb7fd3e30c54f45bc95944ee3a4117fc335e79d0baa

C:\Windows\system\gCDGbRV.exe

MD5 7e07a7a235fffd1973ee7b5b339cdf06
SHA1 6a733d8537cd5e3018ea6f721376d4a4ced52e6b
SHA256 2bbe98526d16caafb4555ea3f64ce03a77599cf868583fa14a05532f4c9fc214
SHA512 e62d687f8f01852505ddc32796e3ae84d1a1677e00e54629ef2b5fb8e971fd0f7da0c7580bbd685c480532756d16799d39b3e33ed17284b4cfb12ec02afdc750

C:\Windows\system\PFTULfS.exe

MD5 a5732862bdad60093101fe256f02a886
SHA1 c3213668e2b4a421f3aafce84fc3858245c2b332
SHA256 196a0964be13f26e24abffd2a77ee8969b274fcdc68b635a626e3a553092d6f4
SHA512 fafd62c00de1757cf031fba4e1b9d6503449cd65d565ee864d8c83ceaf0d29dc0b2db7c0588fa859d8cfe199a17a533f38998259d140fd1a366640dc41a217e3

C:\Windows\system\BcyIuwG.exe

MD5 6b0c73c57f36cbadc699e83e996e26fa
SHA1 8e2beccbe6881dda79e43e080cc5a438844580e9
SHA256 95f3e57a81503308f5b228d7cfcc14cd99e60191607b7d69add05aa6713e86a6
SHA512 401ace35d5b3101cd774f3f9b14c0dbd31d28c7005a90bfc47c4b032cdbc8b8494959af9093232bd1a0fdaee7bf4339c4403290736449065317dd7bca452da96

C:\Windows\system\tcFajyu.exe

MD5 31a7373f10ae1867c0b525f81867d04a
SHA1 924ad714479c329914c4f43f21bf579310ac1753
SHA256 fc4aa5842cf68781721e93757ceddf6b36233e47daa4f7594d94ef1f1d9b68bb
SHA512 a67e04bea07e2ad5e8cb511923bc2c5918d64a72128ec2d923b14df53c16cb654db097ca47d6b0a18ed3611f7c2ef852e7836691bab20024e92b6457b7756d67

C:\Windows\system\FPaiHBE.exe

MD5 a688eb2b82e2e9b09cb57a1ba207f3ec
SHA1 a905288d4a3e506bae204f2e7572601e0f38ae0f
SHA256 2ce4146e72dbe7b563c2036c2aa122ac66c75c615b6aa1c54b222647ec927bca
SHA512 b67ac4f29053440243914905d5e5ecf968f604fc5bcf81118e1222b369971ea29a57a6aff643141457783de811a3f42f881fca4fd3b29d402c8589b4fb220b1e

C:\Windows\system\Hoztied.exe

MD5 c12d688bbbbbad916b66760f8b5a6d87
SHA1 cc6015bd90bc3dc3e5dfa82757a765007218df76
SHA256 bfc08a1a8366c789c7a83c9da256a4582ae82ea02ed97f8ae960aab3e6324dc7
SHA512 72a34152da9facb3e38adeff918e71314b50d7f9b7ad3f7a812548e79380b5e5a7c03d791480bc4f95abcefbc3e36407473473a795127b469c9daa93e85819f0

C:\Windows\system\pAevcDl.exe

MD5 ef38e8610c00f55630330616b47e94a1
SHA1 79e1a0be5eaf1e6a4827fc4e10c93aba1c10f158
SHA256 6caa5aa49a72ab6eaebea7d3956b725fc4295c764cff85a59fa5f3ee3dd8d38b
SHA512 cf2fdcd305e68e741d8cb5baf0c64afad61572d68e73b28c34045ba65861ee4b0791b89ca5ce52326102d6c33d682b528e8746d02fe37be0fbe7550717b8df8a

C:\Windows\system\YlelltM.exe

MD5 3462beb9afdfb6a26deff548f25c10bb
SHA1 e6bfe7918ab24b0dc479c354808ba97a41e53166
SHA256 1b1742d04bfe4d46f55de73c99442f3f7785f05b3cf36dc1ebe089d7dc9b305b
SHA512 8bad9e7e07d1d94a8a2d0c05fd7c1fed5702e8db2705fb7394f9a042d6fa3bc10bacc96011e907a0f0796052bfecde74c68dee3e5844e78007b5ea2865d586df

C:\Windows\system\rohHIPw.exe

MD5 00d1055021f354ea6f41021925d5b603
SHA1 7ddf0c98a61a5234a5f5e721bb8d4d9819bc20a3
SHA256 522b2ea962fc1a075329ed35daeb235367cacb8960288c652bdc30fba89dba93
SHA512 7a7e03acfef11c22fc6b812f47afcc5326054a18424beebb5a88413b6b0366a5d43de1ec69760da36c226ca515ca41e763e32bcf48d5774266eda05e23aac87b

C:\Windows\system\BCoDqDX.exe

MD5 83167e632a3ea41e72ae59ed1efb0163
SHA1 60e3c00618a50010f8a2cdc476715df26c2def5a
SHA256 e9a14e777e8ec217d44367539aea7b973fe2bfd4c23fa20af38f73d45be0ba74
SHA512 8100b72ff5e7dd083c042b900c903be2c459a3ecfe13653c95dc24f93e3a27c602b60a9fc0a04850ed9ed7a748e27864f347a95589800fcb942fa26e1aa2968f

C:\Windows\system\eMvcPbs.exe

MD5 74bf44dca4fe0d8a004c37d7f7ca938b
SHA1 5e2f5f00c8439e3f797d4ffa79925041deeddac1
SHA256 56f1cca2eaacbdb2c44a00347ec83bb32841a50d0a00b86e8f22a86d6d453c09
SHA512 5b8dcb5a6b4a74735d8537ddb56fd94dbf7884a948992d7d2cbb24a2ca4e5f8099b6e6fd6facfd4f1f6a2e6e7e2c1f594b8495e9293858b0eb5ba80474b4e8ed

C:\Windows\system\NGVGZvr.exe

MD5 87eb7afc15ad73db121b1c96b3fa607b
SHA1 48bd9fe2f00e101b6838b15900812f2e4deb4f1e
SHA256 d6ae875a13c5632c2f7689ad3a8f8db1592a89f76b5d46ce9696349ffa3beba9
SHA512 bc3f3f3ae3cc384da5961086a8131c87fd366471c27d4d303679c4c55f7aac555b08d674126fcf5413cb58d7cbeb4cae6fbf41afffc69a0e7435674657770729

C:\Windows\system\HCFhiqy.exe

MD5 c5ab5634668ec50ea43d1a26dc01694a
SHA1 cfd2b12a81f6572b08ca9e0adb6783a2c34c0042
SHA256 cf5d6a2c6e734c63853124e4f57478fc3561c6ed06fcf9adacc1b21a2ab550b0
SHA512 fd80b418fd8e51fde4ee2f2f9a8fbad34daf38bf91918ef3952030004ba945aa6eb446172a6350ecb5d41ca4868e26285ef3151a89c6c4125e7f3560fd86004e

C:\Windows\system\YTibJrL.exe

MD5 f07469c30dacf6057fc132de58448843
SHA1 b5952db0f9817ef63c218938fbcd42355b1e16cf
SHA256 9a2d94b1184eb60bfce085962f58534dd6b9568a2edc386c6ba8734e0e8fbdc4
SHA512 064fdc338ed44713a4e9c3e5fc286f8f190e30c5904dcda11bf569b342185199d8d127215b254c789c67df935c64c66e56e140cecea36a14bb6562e852dc94df

C:\Windows\system\dcSaRqd.exe

MD5 a4a9783d3bd26f9b855c53424a2293f6
SHA1 a6c870832e7ea1eac046d2490edf7c9b96604d81
SHA256 354d6a612a21ea399a30fac61c37f4b9083641c002332a49d86b31cffc726b49
SHA512 e6d1be7ec8ea6ce531b04d874cd13ee3c93e5a4ad8f98d7b0b03957fe9e26285adbd506142300feb0545071fdec0ec0068b1760aea53321b61730dac44d1eb6d

C:\Windows\system\eCfhLSC.exe

MD5 623fe067d4c997d5896041864103c5df
SHA1 8f17aca6f0b0d376ac822c62a0efd5f7334b1024
SHA256 b2af365e0602ef04ddde0e474bfac4f164fce1b0c283fbbfcfdaa6b24efed391
SHA512 601f2c53068b3b8c744d04f3fe628ab46b7539d27e9ea405fad94a80f244ce4fb82239d8c1cfc1b41b0cb66385f3fa71b37a06f32cf856ae54e11d8068778bd1

C:\Windows\system\lnqjLUu.exe

MD5 444c33bf641e41a3623540a25f2fb6ca
SHA1 a46f394362f4c7f3205c22340e2987c72dc799cc
SHA256 9aee93af52c364a60e2078dd4c383ffe22bac258b2b0f624731a676aac4c6d53
SHA512 362a33320ad9e610474bda90c0313b9b1b3af97f3de3c3730c0188652c75326d7cd049cf5065a67a064a379976bc584ecc94be6fa4db79a63f9903d1a3ee8da8

C:\Windows\system\vtuHwWs.exe

MD5 184d5b359fd7c534d4a0d597b828fb90
SHA1 d43144a85a6dfde45bac0304c843470130e627c1
SHA256 9047cc4da6417eeb7c8a60ee3ad491998ff334318bbdb56f5a7b13cab6ec1f5c
SHA512 4e5d1e500921cf76c7268eb9aefa348287d17eac8e7ae4c30cf7a30f0e997e77c771232f0e8433d896b4926e03a81a5d962075ca4da2a97530941a1fcb9afc26

C:\Windows\system\yfsrvuC.exe

MD5 f74ab18f7119a262b0875f7dae46c0c3
SHA1 121cf4aa5fb35a55bdaca06148963cf5f8c31990
SHA256 6ab49c9c4c97800b3d57764d30a541e7275dd9456271a8a738505ead92190b94
SHA512 86ad1e6c9f2ae4d457b26d818b7695d8bbf9262a3fb76296404e46c2dfd8d2823e4248d78eb468bffd6c4441dd081d72ac21463258d0e1e65b21b0b2e2a85151

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 23:43

Reported

2024-06-24 23:45

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\OzdZiEe.exe N/A
N/A N/A C:\Windows\System\UOaMkAw.exe N/A
N/A N/A C:\Windows\System\NMlkAKD.exe N/A
N/A N/A C:\Windows\System\EuMwejv.exe N/A
N/A N/A C:\Windows\System\xETziZe.exe N/A
N/A N/A C:\Windows\System\tlHaAPK.exe N/A
N/A N/A C:\Windows\System\cVeuhpn.exe N/A
N/A N/A C:\Windows\System\YBVVTfX.exe N/A
N/A N/A C:\Windows\System\ZiFEbWc.exe N/A
N/A N/A C:\Windows\System\HDBKciT.exe N/A
N/A N/A C:\Windows\System\ewyjKbi.exe N/A
N/A N/A C:\Windows\System\DbHrwfk.exe N/A
N/A N/A C:\Windows\System\ZNmzuEc.exe N/A
N/A N/A C:\Windows\System\gDerqNd.exe N/A
N/A N/A C:\Windows\System\qagwJaH.exe N/A
N/A N/A C:\Windows\System\tfqXKnB.exe N/A
N/A N/A C:\Windows\System\nSkJweo.exe N/A
N/A N/A C:\Windows\System\geCTlcl.exe N/A
N/A N/A C:\Windows\System\sONvvmr.exe N/A
N/A N/A C:\Windows\System\blYVrGd.exe N/A
N/A N/A C:\Windows\System\tFayfHj.exe N/A
N/A N/A C:\Windows\System\IvBLVpX.exe N/A
N/A N/A C:\Windows\System\umGZdRP.exe N/A
N/A N/A C:\Windows\System\VtMhnpE.exe N/A
N/A N/A C:\Windows\System\EWnoevD.exe N/A
N/A N/A C:\Windows\System\IwzKFlB.exe N/A
N/A N/A C:\Windows\System\wrSXtkr.exe N/A
N/A N/A C:\Windows\System\RMZaArP.exe N/A
N/A N/A C:\Windows\System\wGjvUKz.exe N/A
N/A N/A C:\Windows\System\kwocPDF.exe N/A
N/A N/A C:\Windows\System\ZPqAREa.exe N/A
N/A N/A C:\Windows\System\druNFev.exe N/A
N/A N/A C:\Windows\System\sESvPFD.exe N/A
N/A N/A C:\Windows\System\qNbaUFS.exe N/A
N/A N/A C:\Windows\System\QCJLreU.exe N/A
N/A N/A C:\Windows\System\RKVqqDX.exe N/A
N/A N/A C:\Windows\System\ZdgmKnM.exe N/A
N/A N/A C:\Windows\System\pLpJeiV.exe N/A
N/A N/A C:\Windows\System\CucKcUk.exe N/A
N/A N/A C:\Windows\System\GTDIepe.exe N/A
N/A N/A C:\Windows\System\YZJQbMg.exe N/A
N/A N/A C:\Windows\System\HmKUNHl.exe N/A
N/A N/A C:\Windows\System\LWGIKvY.exe N/A
N/A N/A C:\Windows\System\pwLdNWF.exe N/A
N/A N/A C:\Windows\System\VHOOVet.exe N/A
N/A N/A C:\Windows\System\llWVCZz.exe N/A
N/A N/A C:\Windows\System\wiyQdTy.exe N/A
N/A N/A C:\Windows\System\VdROylh.exe N/A
N/A N/A C:\Windows\System\PsHaVhY.exe N/A
N/A N/A C:\Windows\System\ymzimnz.exe N/A
N/A N/A C:\Windows\System\wKJwUxQ.exe N/A
N/A N/A C:\Windows\System\EXiaocy.exe N/A
N/A N/A C:\Windows\System\gVrEzoc.exe N/A
N/A N/A C:\Windows\System\mzUZGRR.exe N/A
N/A N/A C:\Windows\System\ESJHvAV.exe N/A
N/A N/A C:\Windows\System\GkmOvUy.exe N/A
N/A N/A C:\Windows\System\MmtqgDO.exe N/A
N/A N/A C:\Windows\System\mtfKtNJ.exe N/A
N/A N/A C:\Windows\System\KHIOUjx.exe N/A
N/A N/A C:\Windows\System\Uvgnbwm.exe N/A
N/A N/A C:\Windows\System\wRLybia.exe N/A
N/A N/A C:\Windows\System\UKRgXrT.exe N/A
N/A N/A C:\Windows\System\CJgQQXx.exe N/A
N/A N/A C:\Windows\System\AdZntQZ.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JqYJWgQ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sWZoqUk.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rITSWsd.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VXOmMTQ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSkJweo.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUzBgwr.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOBiGBy.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxxnOZz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwlxqVs.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\niBZFWk.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTxmtOJ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\NauaEDz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtMhnpE.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CucKcUk.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtFmWmj.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzDWTrf.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdjjHCN.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ledAMzt.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMBaNAY.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZIwgmw.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeHfFlU.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaTJbLg.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iiFgcLq.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\pwLdNWF.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCcsTwq.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvnGjCp.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqsPOxi.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\JYBjhNE.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\iAUzlkx.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvBLVpX.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\QCJLreU.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GixbiAT.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOIefvs.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFKsHEW.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\PeghNtT.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZxFxhhP.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddLMnrG.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHOOVet.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgfhzUF.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\viGOIhD.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqjzwbA.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlKwttD.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpdCqOO.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cuMrCCp.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\XkzCcHp.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDNxnBN.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\QENcpMn.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\Yihbppw.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdDTtPN.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUxSVyh.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\haFpXPW.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXjBClQ.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpkxawE.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwzKFlB.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESJHvAV.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\GkmOvUy.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiPJkaM.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\upVYDSM.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzdZiEe.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\umGZdRP.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHrdXNT.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzjAnEu.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\yuJPfUz.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLBkOFy.exe C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3256 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\OzdZiEe.exe
PID 3256 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\OzdZiEe.exe
PID 3256 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\UOaMkAw.exe
PID 3256 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\UOaMkAw.exe
PID 3256 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NMlkAKD.exe
PID 3256 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\NMlkAKD.exe
PID 3256 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\EuMwejv.exe
PID 3256 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\EuMwejv.exe
PID 3256 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\xETziZe.exe
PID 3256 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\xETziZe.exe
PID 3256 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tlHaAPK.exe
PID 3256 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tlHaAPK.exe
PID 3256 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\cVeuhpn.exe
PID 3256 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\cVeuhpn.exe
PID 3256 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YBVVTfX.exe
PID 3256 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\YBVVTfX.exe
PID 3256 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZiFEbWc.exe
PID 3256 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZiFEbWc.exe
PID 3256 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\HDBKciT.exe
PID 3256 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\HDBKciT.exe
PID 3256 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ewyjKbi.exe
PID 3256 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ewyjKbi.exe
PID 3256 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\DbHrwfk.exe
PID 3256 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\DbHrwfk.exe
PID 3256 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZNmzuEc.exe
PID 3256 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZNmzuEc.exe
PID 3256 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\gDerqNd.exe
PID 3256 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\gDerqNd.exe
PID 3256 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\qagwJaH.exe
PID 3256 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\qagwJaH.exe
PID 3256 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tfqXKnB.exe
PID 3256 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tfqXKnB.exe
PID 3256 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\nSkJweo.exe
PID 3256 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\nSkJweo.exe
PID 3256 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\geCTlcl.exe
PID 3256 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\geCTlcl.exe
PID 3256 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\sONvvmr.exe
PID 3256 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\sONvvmr.exe
PID 3256 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\blYVrGd.exe
PID 3256 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\blYVrGd.exe
PID 3256 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tFayfHj.exe
PID 3256 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\tFayfHj.exe
PID 3256 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IvBLVpX.exe
PID 3256 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IvBLVpX.exe
PID 3256 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\umGZdRP.exe
PID 3256 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\umGZdRP.exe
PID 3256 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\VtMhnpE.exe
PID 3256 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\VtMhnpE.exe
PID 3256 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\EWnoevD.exe
PID 3256 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\EWnoevD.exe
PID 3256 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IwzKFlB.exe
PID 3256 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\IwzKFlB.exe
PID 3256 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\wrSXtkr.exe
PID 3256 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\wrSXtkr.exe
PID 3256 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\RMZaArP.exe
PID 3256 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\RMZaArP.exe
PID 3256 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\wGjvUKz.exe
PID 3256 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\wGjvUKz.exe
PID 3256 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\kwocPDF.exe
PID 3256 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\kwocPDF.exe
PID 3256 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZPqAREa.exe
PID 3256 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\ZPqAREa.exe
PID 3256 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\druNFev.exe
PID 3256 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe C:\Windows\System\druNFev.exe

Processes

C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe"

C:\Windows\System\OzdZiEe.exe

C:\Windows\System\OzdZiEe.exe

C:\Windows\System\UOaMkAw.exe

C:\Windows\System\UOaMkAw.exe

C:\Windows\System\NMlkAKD.exe

C:\Windows\System\NMlkAKD.exe

C:\Windows\System\EuMwejv.exe

C:\Windows\System\EuMwejv.exe

C:\Windows\System\xETziZe.exe

C:\Windows\System\xETziZe.exe

C:\Windows\System\tlHaAPK.exe

C:\Windows\System\tlHaAPK.exe

C:\Windows\System\cVeuhpn.exe

C:\Windows\System\cVeuhpn.exe

C:\Windows\System\YBVVTfX.exe

C:\Windows\System\YBVVTfX.exe

C:\Windows\System\ZiFEbWc.exe

C:\Windows\System\ZiFEbWc.exe

C:\Windows\System\HDBKciT.exe

C:\Windows\System\HDBKciT.exe

C:\Windows\System\ewyjKbi.exe

C:\Windows\System\ewyjKbi.exe

C:\Windows\System\DbHrwfk.exe

C:\Windows\System\DbHrwfk.exe

C:\Windows\System\ZNmzuEc.exe

C:\Windows\System\ZNmzuEc.exe

C:\Windows\System\gDerqNd.exe

C:\Windows\System\gDerqNd.exe

C:\Windows\System\qagwJaH.exe

C:\Windows\System\qagwJaH.exe

C:\Windows\System\tfqXKnB.exe

C:\Windows\System\tfqXKnB.exe

C:\Windows\System\nSkJweo.exe

C:\Windows\System\nSkJweo.exe

C:\Windows\System\geCTlcl.exe

C:\Windows\System\geCTlcl.exe

C:\Windows\System\sONvvmr.exe

C:\Windows\System\sONvvmr.exe

C:\Windows\System\blYVrGd.exe

C:\Windows\System\blYVrGd.exe

C:\Windows\System\tFayfHj.exe

C:\Windows\System\tFayfHj.exe

C:\Windows\System\IvBLVpX.exe

C:\Windows\System\IvBLVpX.exe

C:\Windows\System\umGZdRP.exe

C:\Windows\System\umGZdRP.exe

C:\Windows\System\VtMhnpE.exe

C:\Windows\System\VtMhnpE.exe

C:\Windows\System\EWnoevD.exe

C:\Windows\System\EWnoevD.exe

C:\Windows\System\IwzKFlB.exe

C:\Windows\System\IwzKFlB.exe

C:\Windows\System\wrSXtkr.exe

C:\Windows\System\wrSXtkr.exe

C:\Windows\System\RMZaArP.exe

C:\Windows\System\RMZaArP.exe

C:\Windows\System\wGjvUKz.exe

C:\Windows\System\wGjvUKz.exe

C:\Windows\System\kwocPDF.exe

C:\Windows\System\kwocPDF.exe

C:\Windows\System\ZPqAREa.exe

C:\Windows\System\ZPqAREa.exe

C:\Windows\System\druNFev.exe

C:\Windows\System\druNFev.exe

C:\Windows\System\sESvPFD.exe

C:\Windows\System\sESvPFD.exe

C:\Windows\System\qNbaUFS.exe

C:\Windows\System\qNbaUFS.exe

C:\Windows\System\QCJLreU.exe

C:\Windows\System\QCJLreU.exe

C:\Windows\System\RKVqqDX.exe

C:\Windows\System\RKVqqDX.exe

C:\Windows\System\ZdgmKnM.exe

C:\Windows\System\ZdgmKnM.exe

C:\Windows\System\pLpJeiV.exe

C:\Windows\System\pLpJeiV.exe

C:\Windows\System\CucKcUk.exe

C:\Windows\System\CucKcUk.exe

C:\Windows\System\GTDIepe.exe

C:\Windows\System\GTDIepe.exe

C:\Windows\System\YZJQbMg.exe

C:\Windows\System\YZJQbMg.exe

C:\Windows\System\HmKUNHl.exe

C:\Windows\System\HmKUNHl.exe

C:\Windows\System\LWGIKvY.exe

C:\Windows\System\LWGIKvY.exe

C:\Windows\System\pwLdNWF.exe

C:\Windows\System\pwLdNWF.exe

C:\Windows\System\VHOOVet.exe

C:\Windows\System\VHOOVet.exe

C:\Windows\System\llWVCZz.exe

C:\Windows\System\llWVCZz.exe

C:\Windows\System\wiyQdTy.exe

C:\Windows\System\wiyQdTy.exe

C:\Windows\System\VdROylh.exe

C:\Windows\System\VdROylh.exe

C:\Windows\System\PsHaVhY.exe

C:\Windows\System\PsHaVhY.exe

C:\Windows\System\ymzimnz.exe

C:\Windows\System\ymzimnz.exe

C:\Windows\System\wKJwUxQ.exe

C:\Windows\System\wKJwUxQ.exe

C:\Windows\System\EXiaocy.exe

C:\Windows\System\EXiaocy.exe

C:\Windows\System\gVrEzoc.exe

C:\Windows\System\gVrEzoc.exe

C:\Windows\System\mzUZGRR.exe

C:\Windows\System\mzUZGRR.exe

C:\Windows\System\ESJHvAV.exe

C:\Windows\System\ESJHvAV.exe

C:\Windows\System\GkmOvUy.exe

C:\Windows\System\GkmOvUy.exe

C:\Windows\System\MmtqgDO.exe

C:\Windows\System\MmtqgDO.exe

C:\Windows\System\mtfKtNJ.exe

C:\Windows\System\mtfKtNJ.exe

C:\Windows\System\KHIOUjx.exe

C:\Windows\System\KHIOUjx.exe

C:\Windows\System\Uvgnbwm.exe

C:\Windows\System\Uvgnbwm.exe

C:\Windows\System\wRLybia.exe

C:\Windows\System\wRLybia.exe

C:\Windows\System\UKRgXrT.exe

C:\Windows\System\UKRgXrT.exe

C:\Windows\System\CJgQQXx.exe

C:\Windows\System\CJgQQXx.exe

C:\Windows\System\AdZntQZ.exe

C:\Windows\System\AdZntQZ.exe

C:\Windows\System\LYWLAqn.exe

C:\Windows\System\LYWLAqn.exe

C:\Windows\System\MwBiWfM.exe

C:\Windows\System\MwBiWfM.exe

C:\Windows\System\nclldvY.exe

C:\Windows\System\nclldvY.exe

C:\Windows\System\rdDTtPN.exe

C:\Windows\System\rdDTtPN.exe

C:\Windows\System\AlBYrcE.exe

C:\Windows\System\AlBYrcE.exe

C:\Windows\System\ahlPEgI.exe

C:\Windows\System\ahlPEgI.exe

C:\Windows\System\JYmlBpB.exe

C:\Windows\System\JYmlBpB.exe

C:\Windows\System\xbzhWpp.exe

C:\Windows\System\xbzhWpp.exe

C:\Windows\System\iUAfMmd.exe

C:\Windows\System\iUAfMmd.exe

C:\Windows\System\FtFmWmj.exe

C:\Windows\System\FtFmWmj.exe

C:\Windows\System\mndUTzD.exe

C:\Windows\System\mndUTzD.exe

C:\Windows\System\MobYlVm.exe

C:\Windows\System\MobYlVm.exe

C:\Windows\System\lILcNFp.exe

C:\Windows\System\lILcNFp.exe

C:\Windows\System\gDFzImi.exe

C:\Windows\System\gDFzImi.exe

C:\Windows\System\CXjxqWT.exe

C:\Windows\System\CXjxqWT.exe

C:\Windows\System\qtmmttR.exe

C:\Windows\System\qtmmttR.exe

C:\Windows\System\qMBzXKC.exe

C:\Windows\System\qMBzXKC.exe

C:\Windows\System\lgfhzUF.exe

C:\Windows\System\lgfhzUF.exe

C:\Windows\System\hVXWyui.exe

C:\Windows\System\hVXWyui.exe

C:\Windows\System\zWIFWAG.exe

C:\Windows\System\zWIFWAG.exe

C:\Windows\System\UOIefvs.exe

C:\Windows\System\UOIefvs.exe

C:\Windows\System\bwrAOPC.exe

C:\Windows\System\bwrAOPC.exe

C:\Windows\System\vnigvgs.exe

C:\Windows\System\vnigvgs.exe

C:\Windows\System\MrrGFwS.exe

C:\Windows\System\MrrGFwS.exe

C:\Windows\System\BFBfFxf.exe

C:\Windows\System\BFBfFxf.exe

C:\Windows\System\QFKsHEW.exe

C:\Windows\System\QFKsHEW.exe

C:\Windows\System\GcfJbbH.exe

C:\Windows\System\GcfJbbH.exe

C:\Windows\System\ZGpzvOL.exe

C:\Windows\System\ZGpzvOL.exe

C:\Windows\System\pxxnOZz.exe

C:\Windows\System\pxxnOZz.exe

C:\Windows\System\sialraB.exe

C:\Windows\System\sialraB.exe

C:\Windows\System\cpkFixQ.exe

C:\Windows\System\cpkFixQ.exe

C:\Windows\System\WSmTnxx.exe

C:\Windows\System\WSmTnxx.exe

C:\Windows\System\fELmCjd.exe

C:\Windows\System\fELmCjd.exe

C:\Windows\System\GKgqnBM.exe

C:\Windows\System\GKgqnBM.exe

C:\Windows\System\GixbiAT.exe

C:\Windows\System\GixbiAT.exe

C:\Windows\System\TDkSRSe.exe

C:\Windows\System\TDkSRSe.exe

C:\Windows\System\SsEQGJW.exe

C:\Windows\System\SsEQGJW.exe

C:\Windows\System\AuQUmaj.exe

C:\Windows\System\AuQUmaj.exe

C:\Windows\System\wRhwWih.exe

C:\Windows\System\wRhwWih.exe

C:\Windows\System\rdRfCnu.exe

C:\Windows\System\rdRfCnu.exe

C:\Windows\System\jwlxqVs.exe

C:\Windows\System\jwlxqVs.exe

C:\Windows\System\wKhNael.exe

C:\Windows\System\wKhNael.exe

C:\Windows\System\gPzKCmf.exe

C:\Windows\System\gPzKCmf.exe

C:\Windows\System\mCoZZKK.exe

C:\Windows\System\mCoZZKK.exe

C:\Windows\System\lZvpVoX.exe

C:\Windows\System\lZvpVoX.exe

C:\Windows\System\iKfVCUa.exe

C:\Windows\System\iKfVCUa.exe

C:\Windows\System\nyIvSzz.exe

C:\Windows\System\nyIvSzz.exe

C:\Windows\System\EWMdMLU.exe

C:\Windows\System\EWMdMLU.exe

C:\Windows\System\lUzBgwr.exe

C:\Windows\System\lUzBgwr.exe

C:\Windows\System\rMBaNAY.exe

C:\Windows\System\rMBaNAY.exe

C:\Windows\System\ZawhVWA.exe

C:\Windows\System\ZawhVWA.exe

C:\Windows\System\bTiAqik.exe

C:\Windows\System\bTiAqik.exe

C:\Windows\System\VkTpuzo.exe

C:\Windows\System\VkTpuzo.exe

C:\Windows\System\symjQmd.exe

C:\Windows\System\symjQmd.exe

C:\Windows\System\VrSRAII.exe

C:\Windows\System\VrSRAII.exe

C:\Windows\System\pjtBacC.exe

C:\Windows\System\pjtBacC.exe

C:\Windows\System\niBZFWk.exe

C:\Windows\System\niBZFWk.exe

C:\Windows\System\FbcQzap.exe

C:\Windows\System\FbcQzap.exe

C:\Windows\System\SuIshsu.exe

C:\Windows\System\SuIshsu.exe

C:\Windows\System\EmRTYCd.exe

C:\Windows\System\EmRTYCd.exe

C:\Windows\System\ZYBpqmg.exe

C:\Windows\System\ZYBpqmg.exe

C:\Windows\System\BQtgVox.exe

C:\Windows\System\BQtgVox.exe

C:\Windows\System\UKqaNbb.exe

C:\Windows\System\UKqaNbb.exe

C:\Windows\System\zFfNLGb.exe

C:\Windows\System\zFfNLGb.exe

C:\Windows\System\RzjAnEu.exe

C:\Windows\System\RzjAnEu.exe

C:\Windows\System\kweovHv.exe

C:\Windows\System\kweovHv.exe

C:\Windows\System\NcZvBqA.exe

C:\Windows\System\NcZvBqA.exe

C:\Windows\System\NlKwttD.exe

C:\Windows\System\NlKwttD.exe

C:\Windows\System\rmYKyhe.exe

C:\Windows\System\rmYKyhe.exe

C:\Windows\System\YHzXVAG.exe

C:\Windows\System\YHzXVAG.exe

C:\Windows\System\YZJGOyF.exe

C:\Windows\System\YZJGOyF.exe

C:\Windows\System\jUxuKsP.exe

C:\Windows\System\jUxuKsP.exe

C:\Windows\System\ekucZJE.exe

C:\Windows\System\ekucZJE.exe

C:\Windows\System\svCrOnq.exe

C:\Windows\System\svCrOnq.exe

C:\Windows\System\GOBiGBy.exe

C:\Windows\System\GOBiGBy.exe

C:\Windows\System\SnvYneN.exe

C:\Windows\System\SnvYneN.exe

C:\Windows\System\JqYJWgQ.exe

C:\Windows\System\JqYJWgQ.exe

C:\Windows\System\TtvrRCA.exe

C:\Windows\System\TtvrRCA.exe

C:\Windows\System\cDNxnBN.exe

C:\Windows\System\cDNxnBN.exe

C:\Windows\System\vHrdXNT.exe

C:\Windows\System\vHrdXNT.exe

C:\Windows\System\EzsLDJe.exe

C:\Windows\System\EzsLDJe.exe

C:\Windows\System\vaJMTKA.exe

C:\Windows\System\vaJMTKA.exe

C:\Windows\System\ygDBwZD.exe

C:\Windows\System\ygDBwZD.exe

C:\Windows\System\iZIwgmw.exe

C:\Windows\System\iZIwgmw.exe

C:\Windows\System\XDovMsE.exe

C:\Windows\System\XDovMsE.exe

C:\Windows\System\EOcrHAG.exe

C:\Windows\System\EOcrHAG.exe

C:\Windows\System\CpdCqOO.exe

C:\Windows\System\CpdCqOO.exe

C:\Windows\System\KeHfFlU.exe

C:\Windows\System\KeHfFlU.exe

C:\Windows\System\MiPJkaM.exe

C:\Windows\System\MiPJkaM.exe

C:\Windows\System\lNxWUkd.exe

C:\Windows\System\lNxWUkd.exe

C:\Windows\System\QVGoyzM.exe

C:\Windows\System\QVGoyzM.exe

C:\Windows\System\umUbTGk.exe

C:\Windows\System\umUbTGk.exe

C:\Windows\System\awEYnRe.exe

C:\Windows\System\awEYnRe.exe

C:\Windows\System\uxIlmcV.exe

C:\Windows\System\uxIlmcV.exe

C:\Windows\System\ZxFxhhP.exe

C:\Windows\System\ZxFxhhP.exe

C:\Windows\System\bEjdPKn.exe

C:\Windows\System\bEjdPKn.exe

C:\Windows\System\NJIQRxD.exe

C:\Windows\System\NJIQRxD.exe

C:\Windows\System\iTxmtOJ.exe

C:\Windows\System\iTxmtOJ.exe

C:\Windows\System\cKuCHAh.exe

C:\Windows\System\cKuCHAh.exe

C:\Windows\System\gWudRNF.exe

C:\Windows\System\gWudRNF.exe

C:\Windows\System\viGOIhD.exe

C:\Windows\System\viGOIhD.exe

C:\Windows\System\CndJzai.exe

C:\Windows\System\CndJzai.exe

C:\Windows\System\JPetVIE.exe

C:\Windows\System\JPetVIE.exe

C:\Windows\System\MSwqoHJ.exe

C:\Windows\System\MSwqoHJ.exe

C:\Windows\System\DUxSVyh.exe

C:\Windows\System\DUxSVyh.exe

C:\Windows\System\MCJWxKb.exe

C:\Windows\System\MCJWxKb.exe

C:\Windows\System\CIKYIjS.exe

C:\Windows\System\CIKYIjS.exe

C:\Windows\System\SCxYMNr.exe

C:\Windows\System\SCxYMNr.exe

C:\Windows\System\GTyMDIk.exe

C:\Windows\System\GTyMDIk.exe

C:\Windows\System\OgTUKSb.exe

C:\Windows\System\OgTUKSb.exe

C:\Windows\System\ZdaEnWS.exe

C:\Windows\System\ZdaEnWS.exe

C:\Windows\System\PKPRlqb.exe

C:\Windows\System\PKPRlqb.exe

C:\Windows\System\NauaEDz.exe

C:\Windows\System\NauaEDz.exe

C:\Windows\System\cuMrCCp.exe

C:\Windows\System\cuMrCCp.exe

C:\Windows\System\OsATTVs.exe

C:\Windows\System\OsATTVs.exe

C:\Windows\System\QENcpMn.exe

C:\Windows\System\QENcpMn.exe

C:\Windows\System\COJavfk.exe

C:\Windows\System\COJavfk.exe

C:\Windows\System\kbqIdrG.exe

C:\Windows\System\kbqIdrG.exe

C:\Windows\System\tyquBQA.exe

C:\Windows\System\tyquBQA.exe

C:\Windows\System\TRaMvyZ.exe

C:\Windows\System\TRaMvyZ.exe

C:\Windows\System\HURmutI.exe

C:\Windows\System\HURmutI.exe

C:\Windows\System\gVmSCZs.exe

C:\Windows\System\gVmSCZs.exe

C:\Windows\System\GVtkDnx.exe

C:\Windows\System\GVtkDnx.exe

C:\Windows\System\XneXmPV.exe

C:\Windows\System\XneXmPV.exe

C:\Windows\System\CDJtoHh.exe

C:\Windows\System\CDJtoHh.exe

C:\Windows\System\MwITbEg.exe

C:\Windows\System\MwITbEg.exe

C:\Windows\System\oMmbgPX.exe

C:\Windows\System\oMmbgPX.exe

C:\Windows\System\yBLfCRM.exe

C:\Windows\System\yBLfCRM.exe

C:\Windows\System\SXKXWKR.exe

C:\Windows\System\SXKXWKR.exe

C:\Windows\System\NVhjJlJ.exe

C:\Windows\System\NVhjJlJ.exe

C:\Windows\System\TwOBjeA.exe

C:\Windows\System\TwOBjeA.exe

C:\Windows\System\NXEUYAI.exe

C:\Windows\System\NXEUYAI.exe

C:\Windows\System\nCcsTwq.exe

C:\Windows\System\nCcsTwq.exe

C:\Windows\System\RzwRxkW.exe

C:\Windows\System\RzwRxkW.exe

C:\Windows\System\GvnGjCp.exe

C:\Windows\System\GvnGjCp.exe

C:\Windows\System\Yihbppw.exe

C:\Windows\System\Yihbppw.exe

C:\Windows\System\rZLYXEs.exe

C:\Windows\System\rZLYXEs.exe

C:\Windows\System\ChVFUGE.exe

C:\Windows\System\ChVFUGE.exe

C:\Windows\System\qsOYnYE.exe

C:\Windows\System\qsOYnYE.exe

C:\Windows\System\GzBaIgx.exe

C:\Windows\System\GzBaIgx.exe

C:\Windows\System\uoXDitP.exe

C:\Windows\System\uoXDitP.exe

C:\Windows\System\MohhTCv.exe

C:\Windows\System\MohhTCv.exe

C:\Windows\System\dITwAxQ.exe

C:\Windows\System\dITwAxQ.exe

C:\Windows\System\IxAFXzR.exe

C:\Windows\System\IxAFXzR.exe

C:\Windows\System\PzDWTrf.exe

C:\Windows\System\PzDWTrf.exe

C:\Windows\System\YzhnJpr.exe

C:\Windows\System\YzhnJpr.exe

C:\Windows\System\sLIGDgx.exe

C:\Windows\System\sLIGDgx.exe

C:\Windows\System\epKRDnA.exe

C:\Windows\System\epKRDnA.exe

C:\Windows\System\TLIVUkL.exe

C:\Windows\System\TLIVUkL.exe

C:\Windows\System\PeghNtT.exe

C:\Windows\System\PeghNtT.exe

C:\Windows\System\rwPuFwk.exe

C:\Windows\System\rwPuFwk.exe

C:\Windows\System\AgdgIDE.exe

C:\Windows\System\AgdgIDE.exe

C:\Windows\System\ORHJLXL.exe

C:\Windows\System\ORHJLXL.exe

C:\Windows\System\FgilyhM.exe

C:\Windows\System\FgilyhM.exe

C:\Windows\System\ChuUMhr.exe

C:\Windows\System\ChuUMhr.exe

C:\Windows\System\egiyatW.exe

C:\Windows\System\egiyatW.exe

C:\Windows\System\gfwqyvU.exe

C:\Windows\System\gfwqyvU.exe

C:\Windows\System\LuxkWKP.exe

C:\Windows\System\LuxkWKP.exe

C:\Windows\System\wnBLjhj.exe

C:\Windows\System\wnBLjhj.exe

C:\Windows\System\sWZoqUk.exe

C:\Windows\System\sWZoqUk.exe

C:\Windows\System\RAXRgqk.exe

C:\Windows\System\RAXRgqk.exe

C:\Windows\System\bPwcxkN.exe

C:\Windows\System\bPwcxkN.exe

C:\Windows\System\WqsPOxi.exe

C:\Windows\System\WqsPOxi.exe

C:\Windows\System\jTTyILa.exe

C:\Windows\System\jTTyILa.exe

C:\Windows\System\VsREwen.exe

C:\Windows\System\VsREwen.exe

C:\Windows\System\hZGwLub.exe

C:\Windows\System\hZGwLub.exe

C:\Windows\System\LhSMYev.exe

C:\Windows\System\LhSMYev.exe

C:\Windows\System\KDVmzRM.exe

C:\Windows\System\KDVmzRM.exe

C:\Windows\System\SeHBVvs.exe

C:\Windows\System\SeHBVvs.exe

C:\Windows\System\FlaIGkx.exe

C:\Windows\System\FlaIGkx.exe

C:\Windows\System\BYCDwZY.exe

C:\Windows\System\BYCDwZY.exe

C:\Windows\System\XDJBvQq.exe

C:\Windows\System\XDJBvQq.exe

C:\Windows\System\upVYDSM.exe

C:\Windows\System\upVYDSM.exe

C:\Windows\System\kJhtaId.exe

C:\Windows\System\kJhtaId.exe

C:\Windows\System\IRLoEpt.exe

C:\Windows\System\IRLoEpt.exe

C:\Windows\System\yiLRwKc.exe

C:\Windows\System\yiLRwKc.exe

C:\Windows\System\EOEuAxh.exe

C:\Windows\System\EOEuAxh.exe

C:\Windows\System\ynUUBmR.exe

C:\Windows\System\ynUUBmR.exe

C:\Windows\System\bDqmUea.exe

C:\Windows\System\bDqmUea.exe

C:\Windows\System\MvjzQhH.exe

C:\Windows\System\MvjzQhH.exe

C:\Windows\System\MAcQBxj.exe

C:\Windows\System\MAcQBxj.exe

C:\Windows\System\yuJPfUz.exe

C:\Windows\System\yuJPfUz.exe

C:\Windows\System\viiSisK.exe

C:\Windows\System\viiSisK.exe

C:\Windows\System\ODcAXxz.exe

C:\Windows\System\ODcAXxz.exe

C:\Windows\System\lojeLvZ.exe

C:\Windows\System\lojeLvZ.exe

C:\Windows\System\myNCYdC.exe

C:\Windows\System\myNCYdC.exe

C:\Windows\System\anPkoUU.exe

C:\Windows\System\anPkoUU.exe

C:\Windows\System\EVWxrwB.exe

C:\Windows\System\EVWxrwB.exe

C:\Windows\System\PaBhseh.exe

C:\Windows\System\PaBhseh.exe

C:\Windows\System\WGDNlcE.exe

C:\Windows\System\WGDNlcE.exe

C:\Windows\System\KFiyunw.exe

C:\Windows\System\KFiyunw.exe

C:\Windows\System\BdjjHCN.exe

C:\Windows\System\BdjjHCN.exe

C:\Windows\System\dZNxNzm.exe

C:\Windows\System\dZNxNzm.exe

C:\Windows\System\RBEPakH.exe

C:\Windows\System\RBEPakH.exe

C:\Windows\System\SzdcrAm.exe

C:\Windows\System\SzdcrAm.exe

C:\Windows\System\rTRLMup.exe

C:\Windows\System\rTRLMup.exe

C:\Windows\System\CWZbjIq.exe

C:\Windows\System\CWZbjIq.exe

C:\Windows\System\UgRGevL.exe

C:\Windows\System\UgRGevL.exe

C:\Windows\System\RbNQMZf.exe

C:\Windows\System\RbNQMZf.exe

C:\Windows\System\aOPuavw.exe

C:\Windows\System\aOPuavw.exe

C:\Windows\System\XkzCcHp.exe

C:\Windows\System\XkzCcHp.exe

C:\Windows\System\ledAMzt.exe

C:\Windows\System\ledAMzt.exe

C:\Windows\System\CLBkOFy.exe

C:\Windows\System\CLBkOFy.exe

C:\Windows\System\dlzymka.exe

C:\Windows\System\dlzymka.exe

C:\Windows\System\qaTJbLg.exe

C:\Windows\System\qaTJbLg.exe

C:\Windows\System\ixZBZms.exe

C:\Windows\System\ixZBZms.exe

C:\Windows\System\jfXpSvl.exe

C:\Windows\System\jfXpSvl.exe

C:\Windows\System\mHvBVnr.exe

C:\Windows\System\mHvBVnr.exe

C:\Windows\System\AlovDlp.exe

C:\Windows\System\AlovDlp.exe

C:\Windows\System\JYBjhNE.exe

C:\Windows\System\JYBjhNE.exe

C:\Windows\System\VNuXpyp.exe

C:\Windows\System\VNuXpyp.exe

C:\Windows\System\pvoWyMI.exe

C:\Windows\System\pvoWyMI.exe

C:\Windows\System\eixTKsS.exe

C:\Windows\System\eixTKsS.exe

C:\Windows\System\BHbGLZy.exe

C:\Windows\System\BHbGLZy.exe

C:\Windows\System\KNoqABR.exe

C:\Windows\System\KNoqABR.exe

C:\Windows\System\nqjzwbA.exe

C:\Windows\System\nqjzwbA.exe

C:\Windows\System\ddLMnrG.exe

C:\Windows\System\ddLMnrG.exe

C:\Windows\System\yDotbwu.exe

C:\Windows\System\yDotbwu.exe

C:\Windows\System\IlOkDwF.exe

C:\Windows\System\IlOkDwF.exe

C:\Windows\System\obAXWIq.exe

C:\Windows\System\obAXWIq.exe

C:\Windows\System\haFpXPW.exe

C:\Windows\System\haFpXPW.exe

C:\Windows\System\pMVtaAd.exe

C:\Windows\System\pMVtaAd.exe

C:\Windows\System\BKxkZFB.exe

C:\Windows\System\BKxkZFB.exe

C:\Windows\System\VbZgugn.exe

C:\Windows\System\VbZgugn.exe

C:\Windows\System\blpMzfR.exe

C:\Windows\System\blpMzfR.exe

C:\Windows\System\zPohasM.exe

C:\Windows\System\zPohasM.exe

C:\Windows\System\FNLczsF.exe

C:\Windows\System\FNLczsF.exe

C:\Windows\System\gCcesxM.exe

C:\Windows\System\gCcesxM.exe

C:\Windows\System\TmEgfGW.exe

C:\Windows\System\TmEgfGW.exe

C:\Windows\System\rRpeglk.exe

C:\Windows\System\rRpeglk.exe

C:\Windows\System\wmlSXXr.exe

C:\Windows\System\wmlSXXr.exe

C:\Windows\System\rITSWsd.exe

C:\Windows\System\rITSWsd.exe

C:\Windows\System\juJrMfQ.exe

C:\Windows\System\juJrMfQ.exe

C:\Windows\System\iAUzlkx.exe

C:\Windows\System\iAUzlkx.exe

C:\Windows\System\nwTemNx.exe

C:\Windows\System\nwTemNx.exe

C:\Windows\System\rOdJbXd.exe

C:\Windows\System\rOdJbXd.exe

C:\Windows\System\mKCtWxf.exe

C:\Windows\System\mKCtWxf.exe

C:\Windows\System\sXjBClQ.exe

C:\Windows\System\sXjBClQ.exe

C:\Windows\System\GKzCRUu.exe

C:\Windows\System\GKzCRUu.exe

C:\Windows\System\CtZCNUp.exe

C:\Windows\System\CtZCNUp.exe

C:\Windows\System\kzZVMnr.exe

C:\Windows\System\kzZVMnr.exe

C:\Windows\System\nsJSGLI.exe

C:\Windows\System\nsJSGLI.exe

C:\Windows\System\ZpkxawE.exe

C:\Windows\System\ZpkxawE.exe

C:\Windows\System\ZUYJSSU.exe

C:\Windows\System\ZUYJSSU.exe

C:\Windows\System\mBcyGZR.exe

C:\Windows\System\mBcyGZR.exe

C:\Windows\System\iesdZAS.exe

C:\Windows\System\iesdZAS.exe

C:\Windows\System\EAEBjPM.exe

C:\Windows\System\EAEBjPM.exe

C:\Windows\System\AAzxkyU.exe

C:\Windows\System\AAzxkyU.exe

C:\Windows\System\GBMgtCT.exe

C:\Windows\System\GBMgtCT.exe

C:\Windows\System\VXOmMTQ.exe

C:\Windows\System\VXOmMTQ.exe

C:\Windows\System\SYLgfGG.exe

C:\Windows\System\SYLgfGG.exe

C:\Windows\System\TGVZNUn.exe

C:\Windows\System\TGVZNUn.exe

C:\Windows\System\Zwfyymw.exe

C:\Windows\System\Zwfyymw.exe

C:\Windows\System\phFuXvS.exe

C:\Windows\System\phFuXvS.exe

C:\Windows\System\iiFgcLq.exe

C:\Windows\System\iiFgcLq.exe

C:\Windows\System\xgRTPhw.exe

C:\Windows\System\xgRTPhw.exe

C:\Windows\System\iZflYcA.exe

C:\Windows\System\iZflYcA.exe

C:\Windows\System\KtQDBBw.exe

C:\Windows\System\KtQDBBw.exe

C:\Windows\System\kWRDWYY.exe

C:\Windows\System\kWRDWYY.exe

C:\Windows\System\XQxgoIP.exe

C:\Windows\System\XQxgoIP.exe

C:\Windows\System\CVrzIeA.exe

C:\Windows\System\CVrzIeA.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3256-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\OzdZiEe.exe

MD5 e1941745e130a8de19b92de69643f8c1
SHA1 9f380add64e4da5e3460024f7f2899a5b80b7a36
SHA256 cb4881c674d8c9d3df3ba6b17c8d80e24efe02a57a720a5f1a5c2c33562e0dae
SHA512 9476abf2bbbc7754bf80dfb9b0531b2e7d1038b0c4b1081a42c67df8e5b49f33da9ef40855ebeb1448dbbed29796e38b0cf281f0fe914763815127f4ae894284

C:\Windows\System\UOaMkAw.exe

MD5 b3735298c3371caf4782558dd8e4fc08
SHA1 b33335294f9dbc52c01519659078d34270faf078
SHA256 c0a2d2ac935d2882604cc153bcfc1aa1b53c72f9eebde733b296f383362637b9
SHA512 aa6c5e91b3c1c573bb3044718c837c642ae46c1d80ea0d39446f819469800a6f1aba650626a1d16f1cde311968d7d890164b7b93f703f3582b1f43fda303d236

C:\Windows\System\NMlkAKD.exe

MD5 cba6fd8e896ebfde095db8e4a387f71b
SHA1 f84fd00908a6dca390259f41558ef6a9e987c5a9
SHA256 da77701f1dba21f522a8b5e575fb6c7b7b1929e9667db34fb526a6e5ec59238f
SHA512 3acc5cb9ce9dcecb8a2c9c98a872e325ba77fb295daf7de3848abd94413a2548ba67b0ad9e8ec49f58083ee5655b3cbcebbd054ebc8e749e01696c4b6c617d7c

C:\Windows\System\EuMwejv.exe

MD5 f080e97c93e0e565a70744b2334aa7db
SHA1 5489965ba9909c1c228e4687faf557f6ba5e1905
SHA256 db18e9ca71802ac723af7df571ad51b93679b76e30f271040ac1702989e1c8fa
SHA512 09396976a6b0e476d5b4636fbf50783c56c072bb1db0904015d2c9249c16fdad1dacd18e1376de56521829bfc185262f7fd3302872507708e5870895f5ead057

C:\Windows\System\tlHaAPK.exe

MD5 d9ea8201086976e79a56884e6b24f052
SHA1 7298e01d857a1635e8f0bd2e5d64e96b9c9f9eed
SHA256 7f7ee689baec0b2aa61b18018a59db33344a4c188c69798fb8896d69d687356d
SHA512 22ac16768891288267af1ee95460a6e74025c39c1b8a0bd303747f949ee9b5ff018a408e6f3c064c4d846a17e1d9d46d64a79e436fe8fc24bb8dd4c7213bbb93

C:\Windows\System\cVeuhpn.exe

MD5 d8fa971b89245400618c1f346dbead76
SHA1 2ef0edf108de6acaa3b22b6c420ef1034bce1922
SHA256 d521296a3d214ba152d5bd53a9a711b3f74dcc258004b4e57ecf06ec60d868bb
SHA512 9be11867ae3261d974a82c11ef19cec6327d0ae2bbe4278fb6efbc48f8364de9d2300040af5bcd61d59b71ecab1821810b0bba61914b6244fa7e7ece17f62cf6

C:\Windows\System\YBVVTfX.exe

MD5 d57616ba5db6e6f8328e6556a3be7693
SHA1 62e2adbda5fedc14b2780d2f3197e838b59dd760
SHA256 146088c9087529035adfba096c2a8538aaa0ea2687dc8880f5533a5db8b38dd6
SHA512 95dcd2123bfe9e72b58febc73fda41b209a453669753ea4dedf647c5ea460e76c3205d67fe964cb46b4a42e0a4c083ed7e5f6a09e9839e662b1a5822cedddc63

C:\Windows\System\ewyjKbi.exe

MD5 affba069c53fffdeede101deb48b0f3c
SHA1 47fffff3292cdcfd17603beaf969aeb9b75a7e72
SHA256 16df4543ad104468429b62622c3ef7115d77e1aedb0022505f10854f1141d01b
SHA512 32528595d1b706131dc4bde3bf14defc333f4af222f769bef684d1e2aeaa0267d17569d7fb3b1236392e23cec84752594345737883ac540c6230d523a717082a

C:\Windows\System\ZNmzuEc.exe

MD5 99ddf827bf965d29c55eb581ed08ad7d
SHA1 1c82318da2bbdacbb8c87910d9042863fd843b3d
SHA256 48f67651c5a4f710a6ebff23a1f292534998db3b70714c4cdcf6085107e2ce63
SHA512 87298d94320d5adf4f31d61d0ea8a1efbc7f6e4fb9de366615e246f2f3638c4a2ddfcfcbe8ab80b9bd774e33e0ca50749f991577e86465deb05e4a21c6fe6899

C:\Windows\System\EWnoevD.exe

MD5 4762c10660b7b6d4b615837d0e5ad7fd
SHA1 f9cd057ee45c3fceda818803d0091effe4a53bd4
SHA256 2fa200dc46b820f9c30187fd5460ff0508feabde787aff74145af49dc634902f
SHA512 c0df9b20c10cececf517cae1b893bc954e380cc6f1b430b548cf41b818509a86bbf186ca011ad965134caed73a12e68a7a364a5f1148e4b5d8ff9ef016214cb4

C:\Windows\System\wGjvUKz.exe

MD5 b722267b62946ecc3c9c1318e15c3f67
SHA1 37574379400b93727e3dadf62f486a5631a83b55
SHA256 50de4f7183d226c4c9fd45825ce07f3ec5af47cc92b61ef49e44994dbbe1a347
SHA512 b527325c027dc9a53303d7a5ca38b0542fd2fcb01382229648be7a4f0b7bbd9e7bbeb9c9fb6b231435730597ae1bddcc90a0511755ae59afe0b8bc86756d9711

C:\Windows\System\druNFev.exe

MD5 f4e7ae1eb224d6be269339d778ec5dee
SHA1 026bf7ba82ab8f302696d691fcc6556861bb7a90
SHA256 b10def7066e5d8b1c4584cbd4ecca21cc9ac156979e9dfd542c5c8b7d6bc738a
SHA512 82d3a1951d1e4706e5b6986dc9337113373507fe10821b31012514b94d8140f2e922196afe754750574833773624b01dd28d64265dee04f66301d35eb84c899f

C:\Windows\System\sESvPFD.exe

MD5 038179bf9cf259e7b36700f18a427505
SHA1 48690905e41a5bdc7916fdbc361ad4fa51d8b739
SHA256 35e95363f6a84a31d6ee377dfe2447e8e8987cd832bd1079df60a75494311841
SHA512 4f9b96934bb90307a77f7f1cea7daa6ee9fbc354adc5a95910e7984cbde78a817702df6aa17f6bc42d61552ffe547282200947a917823b592cdb7864e92f701c

C:\Windows\System\ZPqAREa.exe

MD5 cef042e2a898852a915367623344750d
SHA1 9bbe7442cb781f97b5b8314290f297cd8715ed94
SHA256 9d73ed00310c276f29db619f51f33ea3ad9b5ea62debe38c4dcd9932895eb521
SHA512 929753146c9faac443cab92b6903da1229e5be72f42cb8506e5ef722a6fae3f20a2e965d9ba191c682e400d181a8f71be133ed31bcc1eff021d1032bf7670560

C:\Windows\System\kwocPDF.exe

MD5 cafba438e9e4e7991713061c4874610f
SHA1 11baeabff0912c78eebec5b08c120b158c22482f
SHA256 e5052a2a8c0672ef6eeab7c17cada680d7ab116d5f41adaaabbd4ab6e8f3079d
SHA512 e51faa728ac9fc222820ea0401f10d0c09739200642738ff7282349e4bd008e3d569827236b9c5e5a2aa3b55668bd2bf63fb77574a2f7d18ac46277116555a19

C:\Windows\System\RMZaArP.exe

MD5 17aa36b1a23831450592654fed39f2cd
SHA1 867634fee2b21a484a35c64803c3543078c9d52d
SHA256 299095edfca29f3f6cc0fa68c63aef18fe4efeb2a1487e0742ac938c824e8da4
SHA512 f1b6777e4b7537be9f48a6cd4ac4eada6e0f9dad310bff5751d8f097cbeb4395f50c5fcabbdb168d464f03df15c8e4c0ab0fb95735090e8351d7ffc6bb73cbdf

C:\Windows\System\wrSXtkr.exe

MD5 33ff20a5a52b0ccebe5b36e15ad64b19
SHA1 2aadf980c92ef8f901dfb135d45c587e9edb778f
SHA256 a26945b4b946e9734fc88c6231a64fb82f67274c9f4c8fc9a444172ee36e214f
SHA512 aa92cd92e62cc2f021d5d465564ce61afe35846eb66df9c60f5aa8849e679172a939f9e67ddad94080b43f2f2b586e19eaaa25bdd1d82eccec20bd4dfd42f335

C:\Windows\System\IwzKFlB.exe

MD5 e370820db18d4ba83e5894a85f215ac8
SHA1 b0684a3ccfdbb661425f3b069bcf20080eba6f10
SHA256 d5959922fd69cd1427fd54f7096f92342e097908f5008c8ac51819f11f87ec92
SHA512 cbda1ee56f2d39fc7c94144384da9d88d4421c1988b963cdc6f43aff78aae7a62e6cbaf37a58f33d2e323c2317444c562f8442ce86eafcbcde86eae79fe7b2dc

C:\Windows\System\VtMhnpE.exe

MD5 b2820173ae2b13c94c9a08ef38b49913
SHA1 4480d6d861ba873a7def6aaa33b9b9eecc0e308b
SHA256 65d09105d31a37c2bb5150d0487451707718964dfd62ed020249bff8875dda03
SHA512 9ac7f65002835d7218f3484b8674ba7f8a125f334b68081df5960b501b433d9dfee97d64dd71c1976852dde63121b85a851d756a7c20c9498bb043df00689fba

C:\Windows\System\umGZdRP.exe

MD5 3d63a836c377b44058db65551e90a88c
SHA1 257e5d1f25db98a18795ad5e3037ba646f66d7e0
SHA256 5c82a8ad407f3cd4392c787d744834a3753f04a0471207336309909fb674a2fb
SHA512 972a4b532e428ef6c20ee3a4e768c26185b8483ce160c8afe1ab30f7a8367a1bc511b30e3a06078d56f203b7afa4ddecea870fc57a4ede4155443dfad5d67419

C:\Windows\System\IvBLVpX.exe

MD5 b0c32fade67a5a64babccb52c46cf567
SHA1 aa132a5b626a12ea970fb347b297b70edeae2d80
SHA256 fdf7ac161776b8e0b51c0294affc8e35de9f6133ce7d333f7b1203d4d622c60c
SHA512 847610dfad585373c83d1ce8625adf4ee2973176795ec709f64ce3a7a9ccb2f55e15b4fca1fcf58cfdf62caa7709659545217e70f674fdc00dd702051529f815

C:\Windows\System\tFayfHj.exe

MD5 277f2fe3f2d580700de977890d839dd3
SHA1 94570c18989b82c5cc84bab3dec845a928f507f7
SHA256 534d2c037f91b31a851397405d22fb916b2c3626cef97601924894537c8f16df
SHA512 49e5f99c2008eeeb8a6130896dba836e4444b859962d3caeeca4a475a59e851866f7d846d6bdb0eb7f21b96fb781caaa9f63f338338f47ea3d45ca42fae3919f

C:\Windows\System\blYVrGd.exe

MD5 3885c39f2b4514956625e69f82b69ed4
SHA1 43b06492a04ad59961b224c31aa2f62bb41d21a3
SHA256 0607a536a2425694fbb8945aa5f88661e4c2dbe88e21fe98ff268b8e6d658909
SHA512 1fe1c505509d1646f8d0881792ca4af04d2624090c7893d57878b40aa007c55e13963ded832f6d14164c5dc5deb5c802c2bc1889b6db63b46b23c7321e88e883

C:\Windows\System\sONvvmr.exe

MD5 772d5bff5698c380ea8708934700c4b0
SHA1 509bc912dabd7ca4cbb786d83880e3d024dc3c4d
SHA256 bfa430230b56ee590a09e91f96afa7130f5e8d235131f4c6cc7aee9a8c248482
SHA512 05cd5d52ca32e927990bcf1ec503273e84a9c098ec8c8f054ae0a271a2f272992ee5cae875901a8fc8e383f3e957b2adde63433d702df9c353ec6682a415fe47

C:\Windows\System\geCTlcl.exe

MD5 6cb9d3763bb7c56261a0e27d4e3f32f5
SHA1 e32ab78318c61212f1a040d7a68082394a1687a5
SHA256 fc786f6463541f369ed66118572846ec39d66d4e5beea2e7fdbf86f9165de575
SHA512 f1f689f8646784345334a3e54f351ea940ef8c9310c31ef4ffb301c13d8b12182ce9b4659b5b86d900ca52369df658cc9d5fe908c22f1cc9370825b2d9ba7ec3

C:\Windows\System\nSkJweo.exe

MD5 aa46e352ef8c51c8c85bd603e614d801
SHA1 516a266a1887db0afc0303c06b88c7fdfd64419e
SHA256 d02ed5b2b14364f203439eae0d21a7fb3fb14928f5b5a4afb4df48a4a00246dc
SHA512 66baab6128780a6f8f89a6769ef9dee9ca4b31c4c37418fbd7f7f262b5276261aadaba2907e5aac4ceaa34b3ca4bc4a9c194819e7f14a7d69e7e8e5c9f7b2185

C:\Windows\System\tfqXKnB.exe

MD5 8dc604736ec17de4ad2b7ac919990cb9
SHA1 f52fd82204cdb5c7f59f04a8426836b59a80e87d
SHA256 0b4539e3a7534d6036405a72711f99f6913b6e1107d6c64b7ebefc6984ee99d0
SHA512 b9ce2ed2bd17cd0d681e263259f633dc15fa7277c50d4a0cc46360dce95dcb40f3129571e9424fea6f6a8d4d3fc8fcd88955a2c89b0f1f0bf6f2c74075bdfc30

C:\Windows\System\qagwJaH.exe

MD5 395f62c451d44363b87242f952a1b063
SHA1 dd9d4c877e5a7257d77df0403c98e6f50ce7c7cc
SHA256 b2311a7a567f6f0df1b91f79e01616d85daff4efe7c47d7258d4f75ff17c091f
SHA512 f5da38df7bba4e07c9bff62558eeac05d33d0646c96cfb1e03b2ddb2494b8b6f0888abe39c948c329073606219835ef0c805e5fd18370d9a1fa3fafc14bac205

C:\Windows\System\gDerqNd.exe

MD5 0103712dc6a2b59ce08d9ffacdac6466
SHA1 435096e33c259694f5c3f14f4e8f6abfa56c1d33
SHA256 1de98482516784997d1b15a4d31dd8f8b417cb9ff64209b38ac2d371cfded1f7
SHA512 fe0b27df4e896a3782400151e527dbc1c44c8454e8f8e755c9e92c24426aca8d8d86bd5bbbce9a804918bec8f226e8192b4933eda74ea131e37e9a7e192a7ba4

C:\Windows\System\DbHrwfk.exe

MD5 1b0e74a1e63ae1fba7565a11761fdeeb
SHA1 aa340ac617c153fc769363750f03c5d748812469
SHA256 2d48def704775e00abc17242200742730dffbc742e93c3581d75999871356351
SHA512 5306dba107f0baa9a52f39a27cd5e967ce19f05eec9bf50d24c0da5b9d22d5c6667dedd9ddf63e56d7c544bfd8707fb02abde97c390ee3478720cdbfca2cbc63

C:\Windows\System\HDBKciT.exe

MD5 4c7db8190e3a45111a85985d07043d87
SHA1 665ed521dd995af618429e714b71adabbebe4499
SHA256 d603581ec7e2f7e28cbc3fe4ab8f0232b2be657a4863363bf8086f5ca162a805
SHA512 5768cf4999d385cecaab1a153dab584048e04d72f0af4a46278c28f8fc03e7abebc4c863a51b09a55b750bb684f77a1c7426ad19d2877894950a328dae907437

C:\Windows\System\ZiFEbWc.exe

MD5 91b222242da641ee284b2492e42ba091
SHA1 2dc638c751fa367131fd7b01119a04eb886b9168
SHA256 91ab29a65c133f7d4c667bb7ad978f26df7633e154a41d9e38ddd59dc2fb19ec
SHA512 780ebae1e4d3a4712add47c87b68ddc433f9b3367194737a9338cf5b3508cb73f1f960b15d280d73fac05e30536473e253f40092db2087fa5845a6d3d8b5f965

C:\Windows\System\xETziZe.exe

MD5 0b368d393ba0871c8f1d40ed37859503
SHA1 a9c6df23fbe2b6f92936f203e888d0a5186c608d
SHA256 51a10d5802d44904bc839c78b20ef7a77b70224a61ba5ec23909070521dc833e
SHA512 31100342ae39d36639b77d78596b52e68be00e64bdfe272a316b5b2b8f359a1cdf5336d7500ea376c63703c030215c2ed8f8c837c8a70aca820b5b9f56f6acf4